Commit Graph

1111 Commits

Author SHA1 Message Date
Pliable Pixels a55a11dad1 first attempt to fix cast error 2019-05-05 11:24:55 -04:00
Pliable Pixels 8d62c61b7a fixed module path 2019-05-05 07:50:52 -04:00
Pliable Pixels 725c3c50ed use php-jwt, use proper way to add PHP modules, via composer 2019-05-05 07:08:25 -04:00
Pliable Pixels 887912e7ad bcrypt auth migration in PHP land 2019-05-01 13:22:24 -04:00
Isaac Connor b3fb934fb5 add namespace to Logging calls 2019-04-29 14:16:55 -04:00
Isaac Connor 1a1c2db15f add the shutdown view and actions 2019-04-12 14:55:56 -04:00
Isaac Connor 780f4f9b9a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-04-06 09:27:44 -04:00
Isaac Connor 381f526d66 spacing 2019-04-05 15:18:20 -04:00
Isaac Connor 8f3d1f8653 fix a missing = and use csrf_get_tokens instead of csrf_get_secret which is the wrong function 2019-04-02 15:25:14 -04:00
Isaac Connor 9e96c29620 Log a failed csrf check 2019-04-02 15:24:47 -04:00
Isaac Connor 8a90176a2c Add CanReboot to Controls 2019-04-02 09:25:50 -04:00
Isaac Connor 15fb546e15 spacing 2019-04-01 11:13:35 -04:00
Isaac Connor 49e3f0a68e eslint fixes 2019-03-28 09:43:31 -04:00
Isaac Connor 4eafc52955 spacing 2019-03-25 12:18:01 -04:00
Isaac Connor 8d07a4a08f Log useful error messages when can't mkdir the monitor events dir or the symlink to it. symlink is a warning because the symlink is just a user aid 2019-03-25 11:58:04 -04:00
Isaac Connor bd5c9b5b20 add Control to ZM namespace 2019-03-24 09:58:50 -04:00
Isaac Connor 8f28ba0be3 beter debug and less often when no terms in parseFilter 2019-03-22 17:28:12 -04:00
Isaac Connor 6d4d353209 fix namespace on MontageLayout 2019-03-22 17:27:58 -04:00
Isaac Connor 7f7acc18ee spacing and code doc 2019-03-21 14:14:30 -04:00
Isaac Connor f434042c52 fix spacing 2019-03-21 14:14:15 -04:00
Isaac Connor 6efeab5f8d improve readability of parseFilter 2019-03-20 14:26:48 -04:00
Isaac Connor 3f9564c10a Merge branch 'master' into storageareas 2019-03-19 10:37:35 -04:00
Isaac Connor 72b87a7c00 Add code to be a bit more careful about not deleting all events when an incomplete event object is used. 2019-03-19 09:36:58 -04:00
Isaac Connor 520c41da23 Merge ../ZoneMinder.connortechnology.bad into storageareas 2019-03-18 14:40:03 -04:00
Matthew Noorenberghe 3c31dd63ce Use zm_session_start() for API auth. Fixes #2547 2019-03-11 00:27:46 -07:00
Isaac Connor 6c8eac1ac8 Merge branch 'storageareas' into h265 2019-03-06 11:10:01 -05:00
Isaac Connor fa124eb29a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-03-05 14:35:15 -05:00
Isaac Connor 0022dbfb76 add a newline to improve readability 2019-03-05 14:31:39 -05:00
Isaac Connor e59eb510e3 update and fix the donate popup 2019-03-05 13:10:04 -05:00
Isaac Connor 73ae3f49ed Merge branch 'master' into storageareas 2019-03-05 11:35:55 -05:00
Isaac Connor 7779edb485 Fix saving multiple monitors at once by moving the relevant code to includes/actions/monitors.php 2019-03-05 11:02:37 -05:00
Isaac Connor 49a1954f96 fix typo and remove deprecated DefaultView 2019-03-05 11:01:39 -05:00
Isaac Connor 8b29c5f54c Fix typo: Ineterval to Interval 2019-03-05 10:58:23 -05:00
Isaac Connor f446e73ff7 Typo: AnalysisUpdateDelete to AnalysisUpdateDelay 2019-03-05 10:55:27 -05:00
Isaac Connor 778707c8df Merge branch 'master' into storageareas 2019-03-04 14:33:28 -05:00
Isaac Connor 96e29c0299 fix up remaining issues with cycle updates 2019-03-04 13:35:40 -05:00
Isaac Connor 190142b24c Merge branch 'master' into storageareas 2019-03-01 17:47:07 -05:00
Isaac Connor 7703661cb1 Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port 2019-03-01 17:25:17 -05:00
Isaac Connor 466c379e94 Merge branch 'master' into storageareas 2019-03-01 14:03:49 -05:00
Isaac Connor 675b4975b0 Fix control presets 2019-03-01 13:37:34 -05:00
Isaac Connor 20fe502ca4 Add ZM to ErrorHandler. Spacing and quotes 2019-02-27 12:02:40 -05:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 6e4444099b Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542 2019-02-27 09:57:50 -05:00
Isaac Connor c0ae7820bb add zmeventnotification to Server object 2019-02-27 09:28:36 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor a00e2381b7 Merge branch 'master' into storageareas 2019-02-26 11:33:29 -05:00
Isaac Connor 92dc7878de
Fix 2340 (#2368)
* include includes/functions.php so that we have access to all it's contents

* add a beforeDelete function which deletes the files.  Add other needed functions like Path() LinkPath() etc.

* add require_once for Storage and functions because we use them in Event

* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete

* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor 5da51d51bc Merge branch 'master' into storageareas 2019-02-26 10:55:51 -05:00
Isaac Connor 53c0fae688 Merge fix from storageareas for archive/delete in events list 2019-02-26 10:22:58 -05:00
Isaac Connor 2187dea2aa add namespace to Warnings 2019-02-25 15:11:08 -05:00
Isaac Connor 46c6735311 Missing namespace on filter. Fixes #2541 2019-02-24 10:02:49 -05:00
Isaac Connor fd310c0f0a Merge branch 'master' into storageareas 2019-02-22 11:33:47 -05:00
Isaac Connor 2b90bf15a6
Improve session (#2487)
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini

* Use zm specific session functions, which are now located in includes/session.php.  Be more agressive about clearing session on logout.

* Move session code to includes/session.php

* remove duplicate line

* Move is_session_open to session.php.  Move code to clear a session into session.php

* improve debug line when there is a problem updating config entry

* split description into description and help text for COOKIE_LIFETIME

* Remove redirect on line.  We do it in javascript on postlogin view so that we can say logging in before switching to console

* If there is a username in the session, then we are logged in, but we need to load the user object from the db.  We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.

* Use session_regenerate_id instead of our broken code to do the same

* Move auth code to includes/auth.php

* add autocomplete tags to username and password inputs

* Don't redirect to login if we are already viewing login.  Put auth before including skin includes

* need to include session.php in auth.php

* update to php namespace
2019-02-22 09:43:38 -05:00
Isaac Connor 410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. (#2534) 2019-02-22 09:20:54 -05:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor 8837015239 remove bogus test for Filter Id 2019-02-19 13:54:25 -05:00
Isaac Connor 6d1541a4d2 Merge branch 'fix_privacy_view' into storageareas 2019-02-19 12:57:01 -05:00
Isaac Connor 97a888c0db get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. 2019-02-19 12:54:12 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Mitch Capper b646284da3 don't quote dbEscape values it will quote it already (#2529) 2019-02-17 11:31:28 -05:00
Isaac Connor b25770a2f0 Merge branch 'master' into storageareas 2019-02-13 11:52:31 -05:00
Isaac Connor d0745da11c fix path to Control.php 2019-02-13 11:52:16 -05:00
Isaac Connor dd641793a2 Merge branch 'improve_session' into storageareas 2019-02-13 11:17:30 -05:00
Isaac Connor 91a280e56e need to include session.php in auth.php 2019-02-13 11:17:15 -05:00
Isaac Connor a3374aa26c Merge branch 'reload_zmfilter_on_filter_save' into storageareas 2019-02-11 13:26:53 -05:00
Isaac Connor 5695be9f32 rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved. 2019-02-11 13:21:00 -05:00
Matthew Noorenberghe cdbd59f054 bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493 2019-02-10 13:22:08 -08:00
Isaac Connor 555cb4780d Merge branch 'master' into storageareas 2019-02-10 12:37:45 -05:00
Matthew Noorenberghe a6ee79f428 Fix typo in dbc1c7b72f comment 2019-02-09 22:40:39 -08:00
Matthew Noorenberghe dbc1c7b72f Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469 2019-02-09 22:39:54 -08:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe c9d597dced logger.php: Don't output Panic messages unless debugging is on. Fixes #2460 2019-02-09 18:51:30 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe 254b7286b4 monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451 2019-02-09 16:41:54 -08:00
Matthew Noorenberghe b2a97ee190 frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 98e0a0d2c5 Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459 2019-02-09 02:18:57 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Isaac Connor d33e094526 Merge branch 'master' into storageareas 2019-02-06 17:03:41 -05:00
Isaac Connor 8e62c93f5f add to_json function to Storage. 2019-02-06 11:44:36 -05:00
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00