Commit Graph

65 Commits

Author SHA1 Message Date
Isaac Connor 35067211e0 more the csrf to before actions.php 2017-03-29 10:19:00 -04:00
Isaac Connor 3cd9e46df9 Merge branch 'knnniggett-csrf' into storageareas 2017-03-28 20:44:38 -04:00
Andy Bauer eb55a6bb9b set action,view, and/or request to NULL if there are not defined 2017-03-28 17:52:31 -05:00
Andy Bauer 4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Andrew Bauer d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor 30674919c4 always include Storage object, because in the end we will be using it everywhere 2017-01-02 10:34:45 -05:00
Isaac Connor 5ae34a7561 Merge branch 'master' into storageareas 2017-01-02 09:39:10 -05:00
Andy Bauer 2dda2d9e1e remove unneeded, empty files 2016-12-26 09:49:14 -06:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 69c39f8a23 set http_only flag in cookie settings 2016-12-14 14:39:44 -05:00
Isaac Connor acbc5bc9e3 Merge branch 'cookie_http_only' into storageareas 2016-12-08 15:20:54 -05:00
Isaac Connor 772792a1b9 remove extra , 2016-12-08 15:20:43 -05:00
Isaac Connor 7f2bf04c2f Merge branch 'cookie_http_only' into storageareas 2016-12-08 14:26:13 -05:00
Isaac Connor 20793ee822 set httpOnly to true on cookie creation. This will override whatever is in php.ini 2016-12-08 14:25:29 -05:00
Isaac Connor c2d6b3d809 fix auth 2016-11-29 15:25:10 -05:00
Isaac Connor f9af1e7129 put authorized check back after including actions.php where it needs to go 2016-11-28 11:34:46 -05:00
Isaac Connor f153e9b8fb MontageReview should only be visisble to people who can view events. Fix running state 2016-10-20 13:38:12 -04:00
Isaac Connor 67e14bd12f move States loading code into state view where it belongs. Move runnign check into specific places where it is needed. These changes reduce events list load time by about 4 seconds for me. 2016-10-20 13:16:50 -04:00
Isaac Connor fc540786a5 Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php 2016-10-20 11:51:42 -04:00
Isaac Connor 01397b6695 Merge branch 'iconnor-updated-console' into storageareas 2016-05-06 14:31:27 -04:00
Isaac Connor 83795805f2 Move state getting into index.php 2016-05-06 14:30:50 -04:00
Isaac Connor 44e5b566b8 Merge branch 'iconnor-updated-console' into storageareas 2016-05-06 11:56:24 -04:00
Isaac Connor 8405db4750 Move running=daemonCheck from header to index.php so that it is defined early and can be used everywhere 2016-05-06 11:56:03 -04:00
Isaac Connor 851a81eff7 Merge pull request #1406 from ZoneMinder/svg_zones
replace the static zone image with a stream, and use SVG to draw the zones
2016-04-11 11:14:11 -04:00
Isaac Connor 56c2679afd Merge branch 'icon_video' into storageareas 2016-04-11 10:30:01 -04:00
Andrew Bauer 5542788a45 make cannot write to content dir an error, rather than fatal 2016-04-10 18:45:38 -05:00
Isaac Connor bbd33cc159 add monitor class so we don't have to everywhere else 2016-04-08 13:56:49 -04:00
Isaac Connor 1b69299c2d Include Monitor object so it can be used elsewhere 2016-03-29 14:36:42 -04:00
Isaac Connor c309cdaad4 include Event object so it can be used elsewhere 2016-03-29 12:06:51 -04:00
Isaac Connor 41d92bbf94 need to include Server class 2015-12-02 10:26:11 -05:00
Isaac Connor 644080fd41 call CORSHeaders 2015-12-02 10:05:27 -05:00
Andy Bauer cb7acb36ab Use relative URL's instead of absolute 2015-10-24 13:04:54 -05:00
Andrew Bauer 13aab8a1be Merge pull request #1113 from baffo32/1112-detect-missing-content
Fatal if content dirs are unwritable
2015-10-14 06:49:33 -05:00
baffo32 da8e9dd81b Remove reference to php.ini from timezone error 2015-10-13 16:55:38 -04:00
baffo32 250c3c31e1 Revised source-install specific recommendation. 2015-10-13 16:45:31 -04:00
baffo32 362b190641 Fatal if content dirs are unwritable 2015-10-12 16:16:22 -04:00
baffo32 4a280a73d1 Use Fatal function to report bad timezone 2015-10-12 15:43:24 -04:00
baffo32 d20478a15f Detect invalid timezones 2015-10-12 13:22:30 -04:00
baffo32 7190b532dd Fatal error if date.timezone is unset 2015-10-12 13:07:07 -04:00
Isaac Connor c0139e87ad define ZM_BASE_PROTOCOL 2015-09-17 15:14:43 -04:00
Isaac Connor 82f5ab5175 Fix use of DEFINED. It takes a string not a constant. When COOKIE is not set or has changed, set it 2015-05-11 16:22:14 -04:00
Isaac Connor 01af58018b close the session before requiring the page contents to fix the concurrency issue that exists due to using the file-backed session. 2015-04-20 13:06:34 -04:00
Isaac Connor 0af7d0cc0b check defined(ZM_DEFAULT_SKIN) otherwise php will turn it into a string 2015-02-19 16:04:06 -05:00
Isaac Connor b159f6ce9e Fatal->Error since Fatal is fatal 2015-02-19 15:57:37 -05:00
Isaac Connor 8eb8cacd56 Check to make sure that skin and css are valid. 2015-02-19 14:17:33 -05:00
Isaac Connor 1cfec7e3e7 Move require of config.php and logger up higher 2015-01-04 11:50:24 -05:00
Isaac Connor 50e6784779 this adds two config options to System tab to set the default skin and css 2014-12-17 16:45:41 -05:00
Isaac Connor 45feac3d36 Merge pull request #640 from jrd288/offer_login
Offer login prompt instead of throwing error
2014-12-16 09:35:08 -05:00
jrd288 10dba9b4c2 Offer login instead of error
When a user accesses a view but receives an error, and is not logged
on, he is offered a login prompt instead.  The login prompt saves the
original query URL in a hidden field, and postlogin redirects back to
the original URL once the user has logged on.

If the user is logged in and there is an error, no login prompt is
shown.

This allows the user to click an event link in an e-mail and then log
in before being shown the event, instead of requiring going back
through the front ZM page to log in.
2014-12-15 17:17:03 -05:00