a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
4da95369f9
Fix zone area calculation ( #2437 )
...
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650http://mathworld.wolfram.com/PolygonArea.html
It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
cc8de69eba
Merge branch 'master' into storageareas
2019-01-22 11:44:42 -05:00
2914fb1d58
Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js
2019-01-22 09:15:25 -05:00
e712cedbde
spacing and quotes
2019-01-22 09:14:44 -05:00
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
e7e45b2d95
Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j ( #2433 )
2019-01-22 08:00:39 -05:00
7260f823cb
Merge branch 'master' into storageareas
2019-01-21 13:52:38 -05:00
785c208ecf
Fixes #2426 . Ca should have been endTime
2019-01-21 12:01:46 -05:00
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
e663397816
spacing
2019-01-21 11:17:21 -05:00
c6311b7079
When logging in, stay on the login view
2019-01-21 11:17:09 -05:00
19c272061a
Replace MooTools usage for adding window event listeners ( #2429 )
2019-01-21 11:14:32 -05:00
27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00
a1a42345e3
More eslint fixes; eslint in php; add eslint to travis ( #2419 )
...
* Add eslint to travis.yml
* Update eslint package versions and apply new indent rules
* Enable the brace-style and block-style eslint rules
* Enable the 'curly' eslint rule
* Enable the 'keyword-spacing' eslint rule
* Enable the 'key-spacing' eslint rule
* Enable the 'object-curly-spacing' eslint rule
* Enable the 'no-new-object' eslint rule
* Only disable the no-caller eslint rule in the one affected file
* Enable the 'no-unused-vars' eslint rule for local variables
* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
c0a6e54d60
skins/classic/views/control.php second order sqli ( #2422 )
2019-01-19 09:46:21 -05:00
34e2e47993
controlcap.php: Reflected xss fix with validHtmlStr ( #2423 )
2019-01-19 09:43:28 -05:00
d3f8037e58
Replace onclick='submitTab(...' with a click listener ( #2424 )
2019-01-19 09:42:12 -05:00
4e48939660
Add a validateForm event listener and enforce CSP on some views ( #2425 )
...
* Add a validateForm event listener and enforce CSP on the controlcap view
* filter.php: Use .validateFormOnSubmit
* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check
* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
552e14a971
Merge branch 'master' into storageareas
2019-01-18 10:36:59 -05:00
43a1725060
Fix duplicate 'class' attribute in options ( #2418 )
2019-01-18 10:05:44 -05:00
eef113b6a7
Convert some characters to HTML entities ( #2417 )
2019-01-18 10:02:48 -05:00
deaf651aad
Fix eslint violations ( #2416 )
...
* Add more JS libraries to eslintignore
* eslint . --fix
Automatic fixes only
* frame.js: eslint fixes
* events.js: manual eslint fixes
* skin.js: manual eslint fixes
* watch.js: manual eslint fixes
* Remove some tabs used for indentation in JS
* state.js: Fix new-cap eslint violation
* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
6bb5aa1b87
More inline JS / nonce conversions ( #2415 )
...
* monitor.php: Add nonce and move <script> inside </body>
* export_functions.php: Untested: Add @nonce to <script>
* blank.php: Add @nonce to <script> and add to CSP enforced views
* Enforce CSP on login and privacy views
* group.php: Add nonce and move <script> inside </body>
* filter.php: Add @nonce to <script>
* Fix updateButtons argument on the filter page upon change and page load
* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
599769b701
rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none
2019-01-17 08:50:33 -05:00
f49dd93b6a
Merge branch 'master' into storageareas
2019-01-16 14:39:56 -05:00
a7db6f08f5
single vs double quotes
2019-01-16 13:47:50 -05:00
42076ad09b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-16 13:46:01 -05:00
a2c23d3263
Need nonce in inline script setting display css
2019-01-16 13:45:26 -05:00
e156a6cda0
logout view should go to logout view
2019-01-16 12:23:18 -05:00
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
fd696bc066
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-15 11:38:56 -05:00
ac27005944
remove debug
2019-01-15 11:38:43 -05:00
07c7c271a6
prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411
2019-01-15 11:38:19 -05:00
083f284599
Replace onclick inline event handlers for createPopup ( #2410 )
...
* Move <script> before </body>
* Change makePopupLink to not use onclick
* Change makePopupButton to not use onclick
* Use .popup-link in control_functions.php
* Use makePopupButton in controlcaps.php
* Prevent double-encoding in makePopup*
* Use makePopupButton in devices.php
* Use makePopupButton in logout.php
* Use makePopupLink in monitor.php
* Use makePopupLink and .popup-link in montage.php
* Use makePopupButton in options.php
* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
fc7403fe3d
Merge branch 'master' into storageareas
2019-01-13 14:53:34 -05:00
a282b487d1
load Help from Config as it is not longer always loaded into ram.
2019-01-11 13:55:03 -05:00
b373577589
fix function view after actions cleanup
2019-01-10 12:08:25 -05:00
1d54216e80
spacing
2019-01-09 16:23:58 -05:00
c1e4fbac6a
extend input path and options to the full width of the popup
2019-01-09 12:37:42 -05:00
2d03583b78
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-08 13:12:42 -05:00
ffa37d8c10
Fix margins on replayControl
2019-01-08 13:12:35 -05:00
3f5a2a2aa6
disable delete button when event is archived.
2019-01-07 15:56:23 -05:00
cf0d55d3db
Merge branch 'master' into storageareas
2019-01-05 10:59:01 -05:00
e6ba8e58ef
Fix #2391 by defining monitor variable ( #2392 )
2019-01-05 10:20:34 -05:00
8eb61b1c11
Merge branch 'master' into storageareas
2019-01-05 10:16:38 -05:00
5b5905c83a
We always use markEids[] now
2019-01-04 16:29:16 -05:00
de0ef6ce43
Merge branch 'master' into split_actions
2019-01-04 15:55:54 -05:00
e72e4e7ce4
Spacing, remove some html4 stuff, clean up duplicated hidden form elements.
2019-01-04 15:52:36 -05:00
52466c398b
Merge branch 'split_actions' into storageareas
2019-01-04 15:28:55 -05:00
b8d065275b
Merge branch 'master' into storageareas
2019-01-04 15:22:18 -05:00
5b9bf48945
Merge branch 'master' into split_actions
2019-01-04 09:35:54 -05:00
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
...
Improve config efficiency
2019-01-02 19:34:34 -06:00
874930d8fc
Merge branch 'master' into improve_config_efficiency
2019-01-02 13:07:53 -05:00
99471836b7
Use monitor's serverId when loading server object so that images load from recording server.
2019-01-02 11:28:12 -05:00
8a1707a615
Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server.
2019-01-02 11:27:46 -05:00
79113a6869
Add a default Server object to handle non-multi-server case
2019-01-02 10:56:40 -05:00
1a1231fdaa
Merge branch 'master' into storageareas
2018-12-28 10:47:27 -05:00
101f24feb5
Update area when editing x and y coords ( #2366 )
2018-12-27 14:28:14 -05:00
3e06bbcef8
Merge branch 'master' into storageareas
2018-12-27 13:50:29 -05:00
27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
...
Small groups fixes
2018-12-24 11:30:57 -06:00
e0a9c4a21e
fix event popup detection
2018-12-24 11:23:58 -05:00
2b8fa653ed
Merge branch 'small_groups_fixes' into storageareas
2018-12-24 09:48:36 -05:00
27826b4aca
Merge branch 'master' into storageareas
2018-12-24 09:48:29 -05:00
68adc289fe
Fix colspan count now that depth is zero-based
2018-12-24 09:40:23 -05:00
0cce0a642b
Update chosen library to 1.8.7
2018-12-24 09:37:49 -05:00
1130d6650a
Fix spacing and pass popup to previous/next event so that popups stay as popups
2018-12-21 10:50:19 -05:00
0bfe1007c8
Merge branch 'master' into storageareas
2018-12-14 10:16:08 -05:00
21a98f3653
Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view
2018-12-11 09:44:13 -06:00
278abbc201
Merge branch 'master' into remove_default_view
2018-12-11 10:37:26 -05:00
3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
...
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
...
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
...
Introduce get body top html
2018-12-11 09:35:54 -06:00
c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
...
Fix ios9
2018-12-11 09:29:50 -06:00
c8c34d3f95
Merge branch 'master' into storageareas
2018-12-11 10:21:22 -05:00
1e8c4276bb
fix #2319 some more. This is fixing rate sticking across gapless events and reload
2018-12-10 17:32:17 -05:00
50017057de
Merge branch 'master' into storageareas
2018-12-05 09:05:27 -05:00
9ffd77428a
fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui
2018-12-05 09:05:10 -05:00
a9290759a5
Merge branch 'fix_ios9' into storageareas
2018-12-03 16:25:34 -05:00
18ce7c9ea0
Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead.
2018-12-03 15:17:16 -05:00
7d90a56561
Merge branch 'master' into storageareas
2018-11-30 14:46:42 -05:00
af2bb992e9
Merge branch 'server_path_prefix' into storageareas
2018-11-29 14:33:46 -05:00
17551eacee
Merge branch 'server_path_prefix'
2018-11-29 14:27:32 -05:00
1c17f334d3
fix missing bits. Implement UrlToIndex in Monitor and fix use of Url(). Implement PathToApi as well
2018-11-29 14:26:30 -05:00
d83fb2e985
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2018-11-29 14:08:03 -05:00
5e0d742e26
Use history.go(-1) which works on safari
2018-11-29 14:04:35 -05:00
5a88cbcddb
Merge pull request #2329 from connortechnology/fix_2319
...
Fix rate resetting
2018-11-29 09:57:13 -06:00
be07e4413f
Merge pull request #2152 from connortechnology/server_path_prefix
...
Server path prefix
2018-11-29 09:56:25 -06:00
df0b600431
Merge branch 'master' into storageareas
2018-11-29 10:49:06 -05:00
c0a9fae01f
Merge branch 'fix_2319' into storageareas
2018-11-29 09:57:41 -05:00
605397b565
Fix rate resetting by storing it in a cookie and using that on initial event load. Fixes #2319
2018-11-29 09:43:21 -05:00
1e915e9567
Merge branch 'master' into server_path_prefix
2018-11-28 10:45:36 -05:00
57acb2aac6
Merge branch 'server_path_prefix' into storageareas
2018-11-28 10:41:11 -05:00
a89dd83565
Update to use object instead of db row
2018-11-28 09:55:34 -05:00
Matthew Noorenberghe
Isaac Connor
montagdude
Isaac Connor
David Beitey
Andrew Bauer
Andrew Bauer