Commit Graph

123 Commits

Author SHA1 Message Date
Isaac Connor 01af58018b close the session before requiring the page contents to fix the concurrency issue that exists due to using the file-backed session. 2015-04-20 13:06:34 -04:00
Isaac Connor 0af7d0cc0b check defined(ZM_DEFAULT_SKIN) otherwise php will turn it into a string 2015-02-19 16:04:06 -05:00
Isaac Connor b159f6ce9e Fatal->Error since Fatal is fatal 2015-02-19 15:57:37 -05:00
Isaac Connor 8eb8cacd56 Check to make sure that skin and css are valid. 2015-02-19 14:17:33 -05:00
Isaac Connor 1cfec7e3e7 Move require of config.php and logger up higher 2015-01-04 11:50:24 -05:00
Isaac Connor 50e6784779 this adds two config options to System tab to set the default skin and css 2014-12-17 16:45:41 -05:00
Isaac Connor 45feac3d36 Merge pull request #640 from jrd288/offer_login
Offer login prompt instead of throwing error
2014-12-16 09:35:08 -05:00
jrd288 10dba9b4c2 Offer login instead of error
When a user accesses a view but receives an error, and is not logged
on, he is offered a login prompt instead.  The login prompt saves the
original query URL in a hidden field, and postlogin redirects back to
the original URL once the user has logged on.

If the user is logged in and there is an error, no login prompt is
shown.

This allows the user to click an event link in an e-mail and then log
in before being shown the event, instead of requiring going back
through the front ZM page to log in.
2014-12-15 17:17:03 -05:00
Isaac Connor 3c8153c9b4 better fix for the view=console security flaw.
This does it in index.php,so it guards all pages, and also just changes the view to login, so instead of giving an error, it presents you with the login, which I think is better.
2014-12-12 09:38:54 -05:00
Isaac Connor 5bf34de07b Add lines to parse url ?css= commands and set a global variable to be used to determine which set of css files to use. 2014-11-26 11:26:29 -05:00
m-bene b197f985e0 make expiry date relative (~10years) 2014-05-01 09:53:45 +02:00
m-bene ed7ca66045 make skin selection cookie persistent 2014-05-01 09:37:39 +02:00
Isaac Connor 6e5d9272e0 supposed to fix #296 2014-01-03 18:33:01 -05:00
stan 6035ed211a Detaint some user inputs to avoid malicious file inclusion
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3483 e3e1d417-86f3-4887-817a-d78f3d33393f
2011-07-22 08:37:01 +00:00
stan 6ff385e407 git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3459 e3e1d417-86f3-4887-817a-d78f3d33393f 2011-06-21 09:19:10 +00:00
stan 160c0d4fa2 Log missing view or request files.
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2990 e3e1d417-86f3-4887-817a-d78f3d33393f
2009-11-19 08:13:07 +00:00
stan ef8f7b85fd Continuing development and bugfixes
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2632 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-09-26 09:47:20 +00:00
stan d6fc2d0cd5 Fixed display or error page.
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2614 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-08-03 15:05:33 +00:00
stan 106882c161 Updated copyright notices
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2612 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-25 09:48:16 +00:00
stan 0f0a8c004f Changed skinSeq to skinBase
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2596 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-23 09:57:11 +00:00
stan 9e90f0971a Added ZM_BASE_PATH, may not be necessary though.
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2560 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-16 13:23:32 +00:00
stan decaf0ef31 Fixed broken default user reference
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2542 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-16 08:42:28 +00:00
stan 2824cb7355 git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2508 e3e1d417-86f3-4887-817a-d78f3d33393f 2008-07-14 13:54:50 +00:00