Matt N
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Andrew Bauer
07d8ac1d49
implement timezone check function ( #2387 )
...
* implement timezone check function
* remove comment
* also check if the timezone is valid
* whitespace
2019-01-15 09:05:11 -05:00
Isaac Connor
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
Andrew Bauer
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
Andrew Bauer
8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
...
Cleanup auth
2018-12-12 20:53:24 -06:00
Isaac Connor
702143e51b
Create a function called getBodyTopHTML that outputs the body tag and anything else that should go at the top.
...
Things like the we require javascript message, and any other messages like error messages.
Use this on the monitor and console view to stick an error message at the top when saving a monitor fails.
This is a pretty quick, crude implementation.
2018-11-07 12:33:54 -05:00
Isaac Connor
a3d0cb42ea
Move GOOGLE RECAPCHA to includes/auth.php, clean login actions.
2018-10-09 10:05:50 -04:00
Pliable Pixels
4d626dfb4e
allow username&password even if AUTH_HASH is enabled ( #2231 )
2018-10-08 17:28:03 -04:00
Isaac Connor
efda26121b
allow login by username&password in request
2018-10-02 16:59:05 -04:00
Isaac Connor
623d31edae
Don't do csrf for view=image
2018-08-31 11:58:17 -04:00
Isaac Connor
0823b28712
whitespace changes. Make Privacy test an else so that PRIVACY checks don't happen if not logged in
2018-08-31 10:37:11 -04:00
Andrew Bauer
8f0fb0843a
Add Privacy Statement ( #2194 )
...
* initial implementation of privacy popup
* split the privacy text and run it through translate
* change style of toggle button, validate the form
* fix copy/paste error
* fix typos
* display privacy view inline rather than popup
* display privacy inline if show_privacy flag set
* redirect to console after selection is made
* typo
* css formatting
* update privacy verbiage
* create and load default.php
* fix typos
* fix erroneous copy/paste
2018-08-30 13:25:02 -04:00
Isaac Connor
15a6eb7e78
Revert "Add Privacy Statement ( #2176 )" ( #2179 )
...
This reverts commit 56f4d768c2
.
2018-08-13 15:33:43 -04:00
Andrew Bauer
56f4d768c2
Add Privacy Statement ( #2176 )
...
* initial implementation of privacy popup
* split the privacy text and run it through translate
* change style of toggle button, validate the form
* fix copy/paste error
* fix typos
* display privacy view inline rather than popup
* display privacy inline if show_privacy flag set
* redirect to console after selection is made
* typo
* css formatting
* update privacy verbiage
* push privacy text to all language files
2018-08-13 15:23:44 -04:00
Isaac Connor
43827953cd
test for existence of HTTP_X_FORWARDED_PROTO
2018-07-12 15:04:54 -04:00
Isaac Connor
eb610cd3a1
rewrite the HTTP_X_FORWARDED_PROTO test to just make it part of the if instead of modifying SERVER['HTTPS']
2018-07-12 11:38:58 -04:00
Mike Brown
6a5ff83848
Adding support for HTTP_X_FORWARDED_PROTO
2018-07-11 21:01:37 -05:00
Isaac Connor
3109536dda
Alternate fix for video generation under csrf. Now we just turn off output buffering (discarding contents before sending the avi
2018-06-06 11:55:51 -04:00
Isaac
cc27ce7ee9
Turn off csrf for archive downloading, which prevents out of memeory
2018-05-18 15:50:45 +02:00
Isaac Connor
dcfd9a60bc
close the session earlier
2018-04-14 22:26:47 -04:00
Isaac Connor
53ce8c008a
move auth functions into it's own file
2018-04-06 14:36:23 -04:00
Isaac Connor
a9f4b7899a
move session closing higher up before actions.php.
2018-03-20 12:18:29 -07:00
Isaac Connor
b390633f70
Fix authHash generation
2018-01-31 14:58:01 -05:00
Isaac Connor
c59751713b
fix redirect
2018-01-28 17:31:00 -05:00
Isaac Connor
8a4b17fb50
turn into a url instead of boolean. Use it to refresh the options page on change so that changes are instantly noticable
2018-01-28 15:13:57 -05:00
Isaac Connor
bb9d640c01
use instead of ['request'] to fix behaviour when request has been emptied due to failed auth
2018-01-26 12:56:38 -05:00
Isaac
5865bbfb12
turn off debugging
2018-01-24 23:07:21 +01:00
Isaac
06c9266c62
use snapshot.jpg more
2018-01-22 03:27:01 +01:00
Isaac Connor
cb70a3627f
Fixes to montagereview and only load event data when in History mode
2017-11-28 14:50:21 -05:00
Isaac Connor
c0e49b65ef
stop writing env to /tmp/env
2017-11-24 15:38:07 -05:00
Isaac Connor
4b92a788f7
fix filter execute
2017-11-24 15:37:50 -05:00
Isaac Connor
b5491102ef
Fix saving MontageLayouts
2017-10-30 20:21:16 -04:00
Isaac Connor
a6c790b374
use a shared include for the filters bar
2017-10-30 07:37:08 -07:00
Isaac Connor
bc150574c7
wip import
2017-10-26 18:56:10 -07:00
Isaac Connor
4be133ed09
remove btn styles from buttons. make groups, cycle, montage, montage review non-popups. Add datetime filters to montagereview. Fix dark skin
2017-09-30 14:19:32 -04:00
Isaac Connor
160a553fb9
Don't do csrf for frames view either. If there are a lot of frames, we run out of mem.
2017-09-27 17:33:06 -04:00
Isaac Connor
27fe468868
Don't do csrf for view=video because the output buffering will make it run out of ram
2017-08-09 11:15:00 -04:00
Isaac Connor
b030fee429
don't do csrf checks for control commands
2017-07-14 12:29:24 -04:00
Isaac Connor
d7950bd732
Merge branch 'master' into knnniggett-configfiles
2017-07-03 21:53:47 -04:00
Isaac Connor
f782aeccd9
fix view is view_video, not action=niew_video
2017-06-26 21:09:54 -04:00
Isaac Connor
3a113899ed
whitespace and braces fixing
2017-06-26 14:29:45 -04:00
Isaac Connor
c1b8105c0e
only include csrf if it's going to be used. This fixes view_video using up all ram sending a video file
2017-06-26 14:23:54 -04:00
Isaac Connor
d97d156efb
Don't do csrf for view_video
2017-06-26 11:48:26 -04:00
Isaac Connor
c7026a1b65
requests should be csrf'd. view_video does not need to be
2017-06-20 10:56:59 -04:00
Isaac Connor
1932fa7f81
don't do CSRF for requests, and when not auth, clear the request so that we don't do it.
2017-06-20 10:52:16 -04:00
Isaac Connor
0e643f0f93
Merge branch 'master' into storageareas
2017-05-30 11:58:38 -04:00
Isaac Connor
3062fe43f3
revert csrf on login page. csrf needs to be off in order for zmNinja to work
2017-05-30 11:25:25 -04:00
Isaac Connor
f851daca68
merge code to load video.js etc on Event view
2017-05-18 15:10:13 -04:00
Isaac Connor
3ccf7e102e
fix Debug to Logger::Debug
2017-05-18 14:50:17 -04:00
Isaac Connor
f4224bb88e
Merge branch 'master' into storageareas
2017-05-17 17:47:39 -04:00