Isaac Connor
d121ecab75
Merge branch 'improve_session' into storageareas
2019-02-05 15:48:42 -05:00
Isaac Connor
141f2afc8c
Merge branch 'master' into storageareas
2019-02-05 15:46:58 -05:00
Isaac Connor
21702dcc68
Merge branch 'master' into improve_session
2019-02-05 12:35:29 -05:00
Isaac Connor
a40cd144fa
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-05 12:35:15 -05:00
Isaac Connor
c54fe7e89a
fix state actions
2019-02-05 12:35:06 -05:00
Isaac Connor
d08a6fcc7c
Don't redirect to login if we are already viewing login. Put auth before including skin includes
2019-02-05 12:32:24 -05:00
Isaac Connor
78bc2c1dc2
add autocomplete tags to username and password inputs
2019-02-05 11:53:57 -05:00
Isaac Connor
b6b4a21dbe
Move auth code to includes/auth.php
2019-02-05 11:45:58 -05:00
Isaac Connor
cb0d9325e6
Use session_regenerate_id instead of our broken code to do the same
2019-02-05 11:45:09 -05:00
Isaac Connor
2466d765bf
If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
2019-02-05 11:44:45 -05:00
Isaac Connor
5a9083fe86
Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
2019-02-05 11:40:58 -05:00
Isaac Connor
5b288d3b67
split description into description and help text for COOKIE_LIFETIME
2019-02-05 11:39:50 -05:00
Isaac Connor
a176c9bbd2
improve debug line when there is a problem updating config entry
2019-02-05 11:39:21 -05:00
Steve Gilvarry
cab77d7c17
Merge pull request #2488 from connortechnology/update_version_view
...
Update version view
2019-02-02 15:46:59 +11:00
Isaac Connor
a2e04c307d
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
2019-01-31 09:40:19 -05:00
Isaac Connor
86b7fe5d29
fix spacing
2019-01-30 16:08:41 -05:00
Isaac Connor
4bacd26c98
log redirections
2019-01-30 16:08:24 -05:00
Isaac Connor
97e3a8178a
use session_regenerate_id instead of other strange code
2019-01-30 16:08:09 -05:00
Isaac Connor
b09a71d0e2
code style
2019-01-30 16:06:16 -05:00
Isaac Connor
71f961d012
remove redirect to console on login, as it is done in javascript after Logging in message is displayed
2019-01-30 16:05:51 -05:00
Isaac Connor
4e10e6f0ae
Merge branch 'improve_session' into storageareas
2019-01-30 15:26:37 -05:00
Isaac Connor
2d560a176e
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-01-30 15:19:01 -05:00
Isaac Connor
9a3aa49bae
Merge branch 'fix_bandwidth' into storageareas
2019-01-30 15:18:16 -05:00
Isaac Connor
e90f49deb9
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-01-30 15:17:32 -05:00
Isaac Connor
533d021dea
Merge branch 'master' into storageareas
2019-01-30 15:17:27 -05:00
Isaac Connor
604dbf8776
fix state changing/etc
2019-01-30 14:36:46 -05:00
Isaac Connor
2e2404643f
Fix bandwidth due to new actions code. Update buttons on bandwidth popup
2019-01-30 13:20:24 -05:00
Isaac Connor
cc0b5e0f1f
Move is_session_open to session.php. Move code to clear a session into session.php
2019-01-30 12:52:01 -05:00
Isaac Connor
0eba430932
remove duplicate line
2019-01-30 11:05:43 -05:00
Isaac Connor
4e9ce3c5b7
Move session code to includes/session.php
2019-01-30 11:05:36 -05:00
Isaac Connor
85bb70df68
Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
2019-01-30 11:05:19 -05:00
Isaac Connor
1e56e750cf
Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini
2019-01-30 11:04:38 -05:00
Isaac Connor
d310fd0d88
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-25 09:22:14 -05:00
Isaac Connor
7ea8be3fa8
spacing, remove non html5 elements
2019-01-25 09:22:08 -05:00
Steve Gilvarry
9956eae70a
Merge pull request #2483 from connortechnology/fix_user_auth_memleak
...
Now that we are dynamically allocating safer_username and safer_passw…
2019-01-26 01:14:18 +11:00
Isaac Connor
6d7660cdbd
Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency
2019-01-25 08:46:40 -05:00
Matt N
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
Matt N
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Steve Gilvarry
a81e7c5221
Safer_username and safer_login should be based on the username and login ( #2482 )
...
(lengths * 2)+1. Control input lengths at user input
2019-01-25 08:33:30 -05:00
Andrew Bauer
99a6db3994
Merge pull request #2481 from mnoorenberghe/2444
...
Fix zones.php self-xss. Fixes #2444
2019-01-25 07:15:08 -06:00
Matthew Noorenberghe
a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
Andrew Bauer
03590226ac
Merge pull request #2439 from mnoorenberghe/plugin_xss
...
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
2019-01-24 07:32:57 -06:00
Matthew Noorenberghe
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor
e53678f869
Can't use a normal subsitution on the Order by field. So parse the sort param instead
2019-01-23 12:22:00 -05:00
Isaac Connor
8d92375d41
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-23 11:31:10 -05:00
Isaac Connor
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor
b1cc7bf837
fix code style
2019-01-23 11:20:31 -05:00
Isaac Connor
b9584bb5d2
Increase width of user popup
2019-01-23 11:18:46 -05:00
Isaac Connor
58d3583722
clean up and reduce depth of some logic
2019-01-23 11:18:30 -05:00