Isaac Connor
49e3f0a68e
eslint fixes
2019-03-28 09:43:31 -04:00
Isaac Connor
ee4b452e42
Update monitor edit to not use inline js
2019-03-25 16:25:09 -04:00
Isaac Connor
c7e09e03d3
add cache busting to base.js
2019-03-25 16:24:46 -04:00
Isaac Connor
052a2ef1fd
fix eventserver => eventnotification
2019-03-25 12:20:21 -04:00
Isaac Connor
7565e171b4
spacing
2019-03-25 12:18:15 -04:00
Isaac Connor
4eafc52955
spacing
2019-03-25 12:18:01 -04:00
Isaac Connor
7e62ccca3c
Handle div by zero when TotalMem is not known for Server
2019-03-25 12:08:56 -04:00
Isaac Connor
8d07a4a08f
Log useful error messages when can't mkdir the monitor events dir or the symlink to it. symlink is a warning because the symlink is just a user aid
2019-03-25 11:58:04 -04:00
santos995
accf826ae9
New translations
2019-03-25 11:44:01 +03:00
santos995
42196ed5aa
Update translation ru 2
2019-03-25 10:20:27 +03:00
Isaac Connor
677b9cfbed
Make controlcap popup wider
2019-03-24 09:59:04 -04:00
Isaac Connor
bd5c9b5b20
add Control to ZM namespace
2019-03-24 09:58:50 -04:00
santos995
01056fc0f4
Перевод некоторых слов
2019-03-24 04:14:06 +03:00
Isaac Connor
f311fcc9e0
change to a button
2019-03-22 17:28:23 -04:00
Isaac Connor
8f28ba0be3
beter debug and less often when no terms in parseFilter
2019-03-22 17:28:12 -04:00
Isaac Connor
6d4d353209
fix namespace on MontageLayout
2019-03-22 17:27:58 -04:00
Isaac Connor
16467595d4
Fix clicking in montage
2019-03-21 17:00:51 -04:00
Isaac Connor
65fab1b032
add px to width and height of event img
2019-03-21 14:14:45 -04:00
Isaac Connor
7f7acc18ee
spacing and code doc
2019-03-21 14:14:30 -04:00
Isaac Connor
f434042c52
fix spacing
2019-03-21 14:14:15 -04:00
Isaac Connor
f5dfa0d740
Spacing and fix clone monitor by setting the Id to 0 instead of nextId, so that when we go to save it, we use an insert instead of an update
2019-03-20 15:03:20 -04:00
Isaac Connor
10a972f2a0
fixes to download video
2019-03-20 14:51:59 -04:00
Isaac Connor
d4353af8af
Fix eslint errors
2019-03-20 14:51:39 -04:00
Isaac Connor
a5366d522d
Fixup exporting
2019-03-20 14:29:05 -04:00
Isaac Connor
ae7391689b
Add some code doc
2019-03-20 14:28:19 -04:00
Isaac Connor
ad059f985e
spacing
2019-03-20 14:27:23 -04:00
Isaac Connor
09b42f8b55
remove nonce from js because it is the exported html not part of the zm web ui
2019-03-20 14:27:10 -04:00
Isaac Connor
6efeab5f8d
improve readability of parseFilter
2019-03-20 14:26:48 -04:00
Isaac Connor
b988ce0573
more parentheses to make logic more clear
2019-03-20 14:26:35 -04:00
Isaac Connor
c3324ada18
Put back mkdir ZM_PATH_SOCKS
2019-03-20 14:26:03 -04:00
Isaac Connor
84a200395e
spacing and turn off errors because ajax should only return json
2019-03-20 14:25:34 -04:00
Isaac Connor
52e66adc99
Fix namespace
2019-03-20 14:25:12 -04:00
Isaac Connor
a634d8b774
use id instead of this->data when loading Event to delete in API
2019-03-19 17:26:20 -04:00
Isaac Connor
0623afb0ae
add language entry for Monitor DefaultCodec
2019-03-19 12:19:58 -04:00
Isaac Connor
71cd024fda
spacing updates. Use MP4 instead of H264/H265 in viewing codec dropdown
2019-03-19 12:16:31 -04:00
Isaac Connor
6b6e787e4e
fix ajax stream code
2019-03-19 12:05:45 -04:00
Isaac Connor
418276ff1c
cleanup/debug
2019-03-19 12:02:42 -04:00
Isaac Connor
3f9564c10a
Merge branch 'master' into storageareas
2019-03-19 10:37:35 -04:00
Isaac Connor
428f7e8e8f
create setup_onclick and disable_onclick in the monitor object. Use it to setup and disable the click event when editing/cancelling layout editing
2019-03-19 10:24:30 -04:00
Isaac Connor
72b87a7c00
Add code to be a bit more careful about not deleting all events when an incomplete event object is used.
2019-03-19 09:36:58 -04:00
Isaac Connor
2c1c9fe6cd
fix missing ZM namespaces
2019-03-19 09:23:35 -04:00
Isaac Connor
1d3af44d02
Fix namespace Warning
2019-03-19 09:13:56 -04:00
Chris
ad5f6a8729
Camera reboot function ( #2554 )
...
* Adding a button for camera reboot function
This series of commits will add a camera reboot function to the
control interface if supported by the camera configuration.
* Adding reboot function option to contorl configuration
This patch adds a reboot option to the camera control configuration
view.
* Adding Reboot field to Controls table
This patch adds a Reboot field to the Controls table to support
a camera reboot control option.
* Correcting button value to match reset
* Updating language files
I'm not sure of the proper procedure to trigger updating of
non-english language files so I'm updating them all with English
hoping that that will draw attention to the changes and others
will translate accordingly.
* Add missing forward slash
2019-03-18 14:49:05 -04:00
Isaac Connor
520c41da23
Merge ../ZoneMinder.connortechnology.bad into storageareas
2019-03-18 14:40:03 -04:00
Isaac Connor
06eb38f802
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-03-18 11:24:33 -04:00
Isaac Connor
9482207f5c
revert namespace stuff in index.php
2019-03-18 11:24:28 -04:00
Matthew Noorenberghe
3c31dd63ce
Use zm_session_start() for API auth. Fixes #2547
2019-03-11 00:27:46 -07:00
Matthew Noorenberghe
abb6ef1688
API: Escape 'named' params for SQLi in two more Event endpoints.
...
Fixes #2099
2019-03-11 00:21:51 -07:00
Matthew Noorenberghe
056b96f7fc
API: Monitor and Event 'index' SQLi. Fixes #2099
2019-03-11 00:21:51 -07:00
Matthew Noorenberghe
ac547e0d5d
Don't scroll to the top of the page when force/cancel alarm is clicked
2019-03-10 20:58:24 -07:00
Matthew Noorenberghe
e6220e9d07
Fix eslint issues in cycle.js
2019-03-10 20:56:08 -07:00
Isaac Connor
6c8eac1ac8
Merge branch 'storageareas' into h265
2019-03-06 11:10:01 -05:00
Isaac Connor
24665264a2
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-03-05 20:16:05 -05:00
Isaac Connor
fa124eb29a
Merge branch 'master' of github.com:zoneminder/ZoneMinder
2019-03-05 14:35:15 -05:00
Isaac Connor
f0f2b6a17c
implement click_automove and submitToMontrageReview for onclick handlers
2019-03-05 14:35:02 -05:00
Isaac Connor
5a66969fd1
change buttons from inputs to buttons. Add submit to montagereview. get rid of onclick handlers
2019-03-05 14:34:34 -05:00
Isaac Connor
7b7a58b2f1
remove old xhtml-isms
2019-03-05 14:33:03 -05:00
Isaac Connor
0022dbfb76
add a newline to improve readability
2019-03-05 14:31:39 -05:00
Isaac Connor
e59eb510e3
update and fix the donate popup
2019-03-05 13:10:04 -05:00
Isaac Connor
73ae3f49ed
Merge branch 'master' into storageareas
2019-03-05 11:35:55 -05:00
Isaac Connor
36b00d09e3
fix destination view on the monitors view
2019-03-05 11:02:58 -05:00
Isaac Connor
7779edb485
Fix saving multiple monitors at once by moving the relevant code to includes/actions/monitors.php
2019-03-05 11:02:37 -05:00
Isaac Connor
8053f61a08
fix eslint missing {}
2019-03-05 11:02:09 -05:00
Isaac Connor
76ee31bf68
fix eslint missing {}
2019-03-05 11:01:58 -05:00
Isaac Connor
49a1954f96
fix typo and remove deprecated DefaultView
2019-03-05 11:01:39 -05:00
Isaac Connor
8b29c5f54c
Fix typo: Ineterval to Interval
2019-03-05 10:58:23 -05:00
Isaac Connor
f446e73ff7
Typo: AnalysisUpdateDelete to AnalysisUpdateDelay
2019-03-05 10:55:27 -05:00
Isaac Connor
778707c8df
Merge branch 'master' into storageareas
2019-03-04 14:33:28 -05:00
Isaac Connor
7cee8356bd
Fix setting frame width when changing from fixed width to scaled
2019-03-04 13:43:03 -05:00
Isaac Connor
96e29c0299
fix up remaining issues with cycle updates
2019-03-04 13:35:40 -05:00
Isaac Connor
e9a6eee2bb
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-03-01 17:47:50 -05:00
Isaac Connor
190142b24c
Merge branch 'master' into storageareas
2019-03-01 17:47:07 -05:00
Isaac Connor
ff8c5c5db8
remove debug
2019-03-01 17:28:00 -05:00
Isaac Connor
78513e22fd
When doing an OPTIONS just do CORS and exit. if xmlHttpRequest don't do a redirect login. Do a failed auth header and quit
2019-03-01 17:27:08 -05:00
Isaac Connor
7703661cb1
Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port
2019-03-01 17:25:17 -05:00
Isaac Connor
520bd4e7a7
Add ZM namespace to Logger
2019-03-01 14:42:05 -05:00
Isaac Connor
05bc57e245
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-03-01 14:27:30 -05:00
Isaac Connor
466c379e94
Merge branch 'master' into storageareas
2019-03-01 14:03:49 -05:00
Isaac Connor
675b4975b0
Fix control presets
2019-03-01 13:37:34 -05:00
Isaac Connor
2d75ab50af
Implement deleting from Logs based on line count instead of interval
2019-02-28 16:12:34 -05:00
Isaac Connor
20fe502ca4
Add ZM to ErrorHandler. Spacing and quotes
2019-02-27 12:02:40 -05:00
Isaac Connor
2db030265b
Merge branch 'master' into storageareas
2019-02-27 11:08:04 -05:00
Isaac Connor
a1f1c19c0f
fix missing ZM namepsace
2019-02-27 11:07:52 -05:00
Isaac Connor
af9c87a112
Merge branch 'master' into storageareas
2019-02-27 10:53:19 -05:00
Isaac Connor
6e4444099b
Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542
2019-02-27 09:57:50 -05:00
Isaac Connor
804c384b4c
add Event Notification support to server
2019-02-27 09:29:11 -05:00
Isaac Connor
a7ca75758b
add Event Notification label
2019-02-27 09:29:00 -05:00
Isaac Connor
c0ae7820bb
add zmeventnotification to Server object
2019-02-27 09:28:36 -05:00
Isaac Connor
4c35f2910c
fix ZM namespace
2019-02-26 18:09:18 -05:00
Isaac Connor
df3e11d83c
Fix authentication in api because we no longer store the user object in the session
2019-02-26 17:01:45 -05:00
Isaac Connor
95567e07a4
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-02-26 11:43:07 -05:00
Isaac Connor
a00e2381b7
Merge branch 'master' into storageareas
2019-02-26 11:33:29 -05:00
Isaac Connor
92dc7878de
Fix 2340 ( #2368 )
...
* include includes/functions.php so that we have access to all it's contents
* add a beforeDelete function which deletes the files. Add other needed functions like Path() LinkPath() etc.
* add require_once for Storage and functions because we use them in Event
* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete
* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor
5da51d51bc
Merge branch 'master' into storageareas
2019-02-26 10:55:51 -05:00
Isaac Connor
53c0fae688
Merge fix from storageareas for archive/delete in events list
2019-02-26 10:22:58 -05:00
Isaac Connor
627e9f74cf
fix spacing
2019-02-25 15:24:25 -05:00
Isaac Connor
2187dea2aa
add namespace to Warnings
2019-02-25 15:11:08 -05:00
Isaac Connor
cbd8ee80f8
add namespace for Monitor
2019-02-24 12:40:40 -05:00
Isaac Connor
3b06f3015a
redirect to console of successfullogin takes us to login
2019-02-24 10:07:42 -05:00
Isaac Connor
dd590aa729
remove warning when QUERY_STRING is not set
2019-02-24 10:05:45 -05:00
Isaac Connor
46c6735311
Missing namespace on filter. Fixes #2541
2019-02-24 10:02:49 -05:00
Isaac Connor
fd310c0f0a
Merge branch 'master' into storageareas
2019-02-22 11:33:47 -05:00
Isaac Connor
45778384a6
Merge branch 'release-1.32'
2019-02-22 11:24:23 -05:00
Isaac Connor
9a2dd06e1d
Fix use of empty which isn't supported in old php. Remove the code entirely as I think it was just cutnpasted from somewhere else. We don't care if it is a new server or not in the validate code.
...
Fixes #2540
2019-02-22 11:22:44 -05:00
Isaac Connor
5098329d94
remove ob_clean stuff which logs errors when output buffering is turned off ( #2395 )
...
* remove ob_clean stuff which logs errors when output buffering is turned off.
* Don't ob_clean because if buffering is off php will output an error
2019-02-22 09:58:16 -05:00
Isaac Connor
2b90bf15a6
Improve session ( #2487 )
...
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini
* Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
* Move session code to includes/session.php
* remove duplicate line
* Move is_session_open to session.php. Move code to clear a session into session.php
* improve debug line when there is a problem updating config entry
* split description into description and help text for COOKIE_LIFETIME
* Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
* If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
* Use session_regenerate_id instead of our broken code to do the same
* Move auth code to includes/auth.php
* add autocomplete tags to username and password inputs
* Don't redirect to login if we are already viewing login. Put auth before including skin includes
* need to include session.php in auth.php
* update to php namespace
2019-02-22 09:43:38 -05:00
Isaac Connor
0a7667f2d0
Use buttons instead of divs and inputs ( #2522 )
2019-02-22 09:23:06 -05:00
Isaac Connor
410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. ( #2534 )
2019-02-22 09:20:54 -05:00
Isaac Connor
8dd8888975
Php namespace ( #2537 )
...
* experiment with namespaces on the Server class
* experiment with namespaces on the Server class
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor
e087522203
remove debug
2019-02-21 14:15:10 -05:00
Isaac Connor
d93924bd89
increase width of controls popup.
2019-02-20 15:39:26 -05:00
Isaac Connor
8837015239
remove bogus test for Filter Id
2019-02-19 13:54:25 -05:00
Isaac Connor
6d1541a4d2
Merge branch 'fix_privacy_view' into storageareas
2019-02-19 12:57:01 -05:00
Isaac Connor
97a888c0db
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again.
2019-02-19 12:54:12 -05:00
Isaac Connor
fbdb5bcb62
Merge branch 'master' into storageareas
2019-02-19 12:06:32 -05:00
Isaac Connor
eaa7341935
Add missing / in path to auth.php
2019-02-19 10:07:36 -05:00
Isaac Connor
87988185e5
remove data-on-click-this from markEids[] because we have an onclick bind in initPage
2019-02-19 09:58:03 -05:00
Isaac Connor
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
Isaac Connor
4cd3a93e96
add missing /
2019-02-18 16:30:03 -05:00
Mitch Capper
b646284da3
don't quote dbEscape values it will quote it already ( #2529 )
2019-02-17 11:31:28 -05:00
Mitch Capper
04c17283ec
need to prefix with _dir_ otherwise relative to initial script ( #2531 )
2019-02-17 11:31:10 -05:00
Isaac Connor
b7a6aed1cd
Merge branch 'master' into storageareas
2019-02-16 11:51:23 -05:00
Isaac Connor
34873d5636
We must leave ZM_HOME_CONTENT unescaped so that we can insert actual html like image tags
2019-02-16 11:50:09 -05:00
Isaac Connor
6156aa2af9
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-02-15 10:49:06 -05:00
Isaac Connor
b25770a2f0
Merge branch 'master' into storageareas
2019-02-13 11:52:31 -05:00
Isaac Connor
d0745da11c
fix path to Control.php
2019-02-13 11:52:16 -05:00
Isaac Connor
a41e8a8834
Merge branch 'master' into storageareas
2019-02-13 11:38:38 -05:00
Isaac Connor
400d4dc27e
encode the label on the preset so that weird characters and quotes don't break the button
2019-02-13 11:24:09 -05:00
Isaac Connor
dd641793a2
Merge branch 'improve_session' into storageareas
2019-02-13 11:17:30 -05:00
Isaac Connor
91a280e56e
need to include session.php in auth.php
2019-02-13 11:17:15 -05:00
Isaac Connor
3d6efe2253
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-02-13 11:10:07 -05:00
Isaac Connor
d1b3b23c09
Merge branch 'master' into storageareas
2019-02-13 09:42:03 -05:00
Isaac Connor
b6a0e704d2
whitespace, remove xhtml cruft
2019-02-12 16:41:08 -05:00
Isaac Connor
7a8668ea99
whitespace
2019-02-12 16:40:48 -05:00
Isaac Connor
9a0f3801de
fix + instead of .
2019-02-12 16:25:31 -05:00
Isaac Connor
2f301cf5fe
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-12 13:18:08 -05:00
Isaac Connor
5b9bb93703
fix navbar auth
2019-02-12 13:17:55 -05:00
Andrew Bauer
28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
...
rough in a control function in Filter object. Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld
f95e9c0363
Fix comment about hiding navbar ( #2521 )
...
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor
5ce681b463
instantiate a false Frame object with id = objectect
2019-02-11 16:37:22 -05:00
Isaac Connor
5a924ab176
cleanup redundant code and spacing
2019-02-11 16:29:19 -05:00
Isaac Connor
3871c28089
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 14:15:35 -05:00
Isaac Connor
40e0019267
fix all the nav missing when a users Monitors Permission is None
2019-02-11 14:15:24 -05:00
Isaac Connor
a3374aa26c
Merge branch 'reload_zmfilter_on_filter_save' into storageareas
2019-02-11 13:26:53 -05:00
Isaac Connor
5695be9f32
rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved.
2019-02-11 13:21:00 -05:00
Pliable Pixels
5a333e153c
show object detected file, if object detection in place ( #2514 )
2019-02-11 10:58:34 -05:00
Matt N
9675367e03
event.js: Wait for delete request to succeed before navigating. Fixes #2384 ( #2515 )
2019-02-11 09:34:51 -05:00
Matthew Noorenberghe
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
Matthew Noorenberghe
cda4a28fec
Fix accidental use of 'let' in 255806bd54
2019-02-10 11:14:55 -08:00
Isaac Connor
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
Isaac Connor
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
Matthew Noorenberghe
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
Matthew Noorenberghe
a6ee79f428
Fix typo in dbc1c7b72f
comment
2019-02-09 22:40:39 -08:00
Matthew Noorenberghe
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
Matthew Noorenberghe
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
Matthew Noorenberghe
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
Matthew Noorenberghe
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
Matthew Noorenberghe
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
Matthew Noorenberghe
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
Matthew Noorenberghe
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
Matthew Noorenberghe
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
Matthew Noorenberghe
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
Matthew Noorenberghe
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
Matthew Noorenberghe
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
Matthew Noorenberghe
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
Matthew Noorenberghe
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
Matthew Noorenberghe
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
Matthew Noorenberghe
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
Matthew Noorenberghe
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
Matthew Noorenberghe
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
Matthew Noorenberghe
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
Matthew Noorenberghe
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
Matthew Noorenberghe
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
Matthew Noorenberghe
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
Matthew Noorenberghe
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
Matthew Noorenberghe
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
Matthew Noorenberghe
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
Matthew Noorenberghe
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
Matthew Noorenberghe
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
Matthew Noorenberghe
e36ac1b872
Add a polyfill for NodeList.prototype.forEach
2019-02-08 21:54:23 -08:00
Pliable Pixels
2dc935b488
added object detection frame rendering ( #2505 )
2019-02-08 13:49:00 -05:00
Isaac Connor
0eb1efff8b
fix eslint errors
2019-02-08 13:48:38 -05:00
Isaac Connor
ee3a0c1fd1
fix validateForm running on monitor cancel due to lack of type=button on cancel button
2019-02-08 09:55:32 -05:00
Isaac Connor
ca781523a8
Merge branch 'master' into storageareas
2019-02-07 08:57:50 -05:00
Isaac Connor
1039149866
fix buttons on events page. data-onclick-this to data-on-click-this
2019-02-07 08:56:48 -05:00
Isaac Connor
d33e094526
Merge branch 'master' into storageareas
2019-02-06 17:03:41 -05:00
Isaac Connor
7e84a5914c
fix CSP policy violations on filters view
2019-02-06 13:55:19 -05:00
Isaac Connor
0783802d0c
fix CSP violations on events
2019-02-06 13:31:34 -05:00
Isaac Connor
b04b67c39d
Fix CSP violation in the onclick of the monitor view in montagereview
2019-02-06 12:17:10 -05:00
Isaac Connor
6744a9a116
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:55 -05:00
Isaac Connor
edaf582eb4
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:48 -05:00
Isaac Connor
8e62c93f5f
add to_json function to Storage.
2019-02-06 11:44:36 -05:00
Isaac Connor
a9f0463223
Merge branch 'master' into storageareas
2019-02-05 16:46:47 -05:00
Isaac Connor
dca9a81cfd
implement data-on-click-true
2019-02-05 16:45:05 -05:00
Isaac Connor
d121ecab75
Merge branch 'improve_session' into storageareas
2019-02-05 15:48:42 -05:00
Isaac Connor
141f2afc8c
Merge branch 'master' into storageareas
2019-02-05 15:46:58 -05:00
Isaac Connor
21702dcc68
Merge branch 'master' into improve_session
2019-02-05 12:35:29 -05:00
Isaac Connor
a40cd144fa
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-05 12:35:15 -05:00
Isaac Connor
c54fe7e89a
fix state actions
2019-02-05 12:35:06 -05:00
Isaac Connor
d08a6fcc7c
Don't redirect to login if we are already viewing login. Put auth before including skin includes
2019-02-05 12:32:24 -05:00
Isaac Connor
78bc2c1dc2
add autocomplete tags to username and password inputs
2019-02-05 11:53:57 -05:00
Isaac Connor
b6b4a21dbe
Move auth code to includes/auth.php
2019-02-05 11:45:58 -05:00
Isaac Connor
cb0d9325e6
Use session_regenerate_id instead of our broken code to do the same
2019-02-05 11:45:09 -05:00
Isaac Connor
2466d765bf
If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
2019-02-05 11:44:45 -05:00
Isaac Connor
5a9083fe86
Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
2019-02-05 11:40:58 -05:00
Isaac Connor
a2e04c307d
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
2019-01-31 09:40:19 -05:00
Isaac Connor
86b7fe5d29
fix spacing
2019-01-30 16:08:41 -05:00
Isaac Connor
4bacd26c98
log redirections
2019-01-30 16:08:24 -05:00
Isaac Connor
97e3a8178a
use session_regenerate_id instead of other strange code
2019-01-30 16:08:09 -05:00
Isaac Connor
b09a71d0e2
code style
2019-01-30 16:06:16 -05:00
Isaac Connor
71f961d012
remove redirect to console on login, as it is done in javascript after Logging in message is displayed
2019-01-30 16:05:51 -05:00
Isaac Connor
4e10e6f0ae
Merge branch 'improve_session' into storageareas
2019-01-30 15:26:37 -05:00
Isaac Connor
9a3aa49bae
Merge branch 'fix_bandwidth' into storageareas
2019-01-30 15:18:16 -05:00
Isaac Connor
533d021dea
Merge branch 'master' into storageareas
2019-01-30 15:17:27 -05:00
Isaac Connor
604dbf8776
fix state changing/etc
2019-01-30 14:36:46 -05:00
Isaac Connor
2e2404643f
Fix bandwidth due to new actions code. Update buttons on bandwidth popup
2019-01-30 13:20:24 -05:00
Isaac Connor
cc0b5e0f1f
Move is_session_open to session.php. Move code to clear a session into session.php
2019-01-30 12:52:01 -05:00
Isaac Connor
0eba430932
remove duplicate line
2019-01-30 11:05:43 -05:00
Isaac Connor
4e9ce3c5b7
Move session code to includes/session.php
2019-01-30 11:05:36 -05:00
Isaac Connor
85bb70df68
Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
2019-01-30 11:05:19 -05:00
Isaac Connor
7ea8be3fa8
spacing, remove non html5 elements
2019-01-25 09:22:08 -05:00
Matt N
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
Matt N
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Matthew Noorenberghe
a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
Matthew Noorenberghe
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor
e53678f869
Can't use a normal subsitution on the Order by field. So parse the sort param instead
2019-01-23 12:22:00 -05:00
Isaac Connor
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
montagdude
4da95369f9
Fix zone area calculation ( #2437 )
...
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650
. This
change implements the method here:
http://mathworld.wolfram.com/PolygonArea.html
It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor
7026ebafac
Make ajax/stream wait longer for zms. On pi can take up to 3 seconds. Also for php < 5.6, we need to fake 64bit unpack support
2019-01-22 16:45:38 -05:00
Isaac Connor
cc8de69eba
Merge branch 'master' into storageareas
2019-01-22 11:44:42 -05:00
Isaac Connor
2914fb1d58
Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js
2019-01-22 09:15:25 -05:00
Isaac Connor
e712cedbde
spacing and quotes
2019-01-22 09:14:44 -05:00
Isaac Connor
ae703c45ee
Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it.
2019-01-22 09:14:33 -05:00
Matt N
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
Matt N
e7e45b2d95
Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j ( #2433 )
2019-01-22 08:00:39 -05:00
Isaac Connor
7260f823cb
Merge branch 'master' into storageareas
2019-01-21 13:52:38 -05:00
Isaac Connor
785c208ecf
Fixes #2426 . Ca should have been endTime
2019-01-21 12:01:46 -05:00
Isaac Connor
326ac60ae4
add missing braces to fix logic
2019-01-21 11:20:56 -05:00
Isaac Connor
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
Isaac Connor
e663397816
spacing
2019-01-21 11:17:21 -05:00
Isaac Connor
c6311b7079
When logging in, stay on the login view
2019-01-21 11:17:09 -05:00
Isaac Connor
fbc236128e
add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00
2019-01-21 11:16:14 -05:00
Isaac Connor
b24b930f65
After login go to postlogin, not console. the login view is in a popup so we want to close
2019-01-21 11:15:36 -05:00
Matt N
19c272061a
Replace MooTools usage for adding window event listeners ( #2429 )
2019-01-21 11:14:32 -05:00
Matt N
27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N
f0b33145f5
Log CSP violations in ZM logs in supported browsers ( #2431 )
2019-01-21 11:12:17 -05:00
Matt N
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Isaac Connor
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00