Commit Graph

12899 Commits

Author SHA1 Message Date
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor a40cd144fa Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-05 12:35:15 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor d08a6fcc7c Don't redirect to login if we are already viewing login. Put auth before including skin includes 2019-02-05 12:32:24 -05:00
Isaac Connor 78bc2c1dc2 add autocomplete tags to username and password inputs 2019-02-05 11:53:57 -05:00
Isaac Connor b6b4a21dbe Move auth code to includes/auth.php 2019-02-05 11:45:58 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor 5b288d3b67 split description into description and help text for COOKIE_LIFETIME 2019-02-05 11:39:50 -05:00
Isaac Connor a176c9bbd2 improve debug line when there is a problem updating config entry 2019-02-05 11:39:21 -05:00
Steve Gilvarry cab77d7c17
Merge pull request #2488 from connortechnology/update_version_view
Update version view
2019-02-02 15:46:59 +11:00
Isaac Connor a2e04c307d update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update. 2019-01-31 09:40:19 -05:00
Isaac Connor 86b7fe5d29 fix spacing 2019-01-30 16:08:41 -05:00
Isaac Connor 4bacd26c98 log redirections 2019-01-30 16:08:24 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 2d560a176e Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-01-30 15:19:01 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor e90f49deb9 Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-01-30 15:17:32 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 0eba430932 remove duplicate line 2019-01-30 11:05:43 -05:00
Isaac Connor 4e9ce3c5b7 Move session code to includes/session.php 2019-01-30 11:05:36 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor 1e56e750cf Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini 2019-01-30 11:04:38 -05:00
Isaac Connor d310fd0d88 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-25 09:22:14 -05:00
Isaac Connor 7ea8be3fa8 spacing, remove non html5 elements 2019-01-25 09:22:08 -05:00
Steve Gilvarry 9956eae70a
Merge pull request #2483 from connortechnology/fix_user_auth_memleak
Now that we are dynamically allocating safer_username and safer_passw…
2019-01-26 01:14:18 +11:00
Isaac Connor 6d7660cdbd Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency 2019-01-25 08:46:40 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Steve Gilvarry a81e7c5221 Safer_username and safer_login should be based on the username and login (#2482)
(lengths * 2)+1. Control input lengths at user input
2019-01-25 08:33:30 -05:00
Andrew Bauer 99a6db3994
Merge pull request #2481 from mnoorenberghe/2444
Fix zones.php self-xss. Fixes #2444
2019-01-25 07:15:08 -06:00
Matthew Noorenberghe a3e8fd4fd5 Fix zones.php self-xss. Fixes #2444 2019-01-24 23:40:41 -08:00
Andrew Bauer 03590226ac
Merge pull request #2439 from mnoorenberghe/plugin_xss
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
2019-01-24 07:32:57 -06:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe 59cc65411f plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor e53678f869 Can't use a normal subsitution on the Order by field. So parse the sort param instead 2019-01-23 12:22:00 -05:00
Isaac Connor 8d92375d41 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-23 11:31:10 -05:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor b1cc7bf837 fix code style 2019-01-23 11:20:31 -05:00
Isaac Connor b9584bb5d2 Increase width of user popup 2019-01-23 11:18:46 -05:00
Isaac Connor 58d3583722 clean up and reduce depth of some logic 2019-01-23 11:18:30 -05:00