ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,442 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

12442 Commits

Author SHA1 Message Date
Isaac Connor ae703c45ee Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it. 2019-01-22 09:14:33 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Matt N e7e45b2d95 Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j (#2433) 2019-01-22 08:00:39 -05:00
Isaac Connor a81428f701 add a test for a 0 fps passed in to updateFrameRate which would cause an infinite loop. Fixes #2427 2019-01-21 13:30:00 -05:00
Isaac Connor 189e78b42d add comments and a test for zm_terminate in the checkCommandQueue while loop 2019-01-21 13:29:20 -05:00
Isaac Connor 83a652aade add comments and a test for zm_terminate in the checkCommandQueue while loop 2019-01-21 13:29:14 -05:00
Isaac Connor 9f588d5758 prevent returning infinity from GetFPS 2019-01-21 13:00:10 -05:00
Isaac Connor 785c208ecf Fixes #2426. Ca should have been endTime 2019-01-21 12:01:46 -05:00
Isaac Connor 326ac60ae4 add missing braces to fix logic 2019-01-21 11:20:56 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor e663397816 spacing 2019-01-21 11:17:21 -05:00
Isaac Connor c6311b7079 When logging in, stay on the login view 2019-01-21 11:17:09 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Isaac Connor b24b930f65 After login go to postlogin, not console. the login view is in a popup so we want to close 2019-01-21 11:15:36 -05:00
Matt N 19c272061a Replace MooTools usage for adding window event listeners (#2429) 2019-01-21 11:14:32 -05:00
Matt N 27bcf3f994 Upgrade jQuery version (#2430) 
* Upgrade jQuery to 1.12.4

* Upgrade jQuery to 2.2.4; Stop support for IE8

* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
 2019-01-21 11:13:40 -05:00
Matt N f0b33145f5 Log CSP violations in ZM logs in supported browsers (#2431) 2019-01-21 11:12:17 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432) 
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
 2019-01-21 11:11:40 -05:00
Andrew Bauer d575403900
Update support.yml 2019-01-20 18:15:15 -06:00
Isaac Connor f69b77e38f fix eslint complaints 2019-01-19 12:40:17 -05:00
Matt N a1a42345e3 More eslint fixes; eslint in php; add eslint to travis (#2419) 
* Add eslint to travis.yml

* Update eslint package versions and apply new indent rules

* Enable the brace-style and block-style eslint rules

* Enable the 'curly' eslint rule

* Enable the 'keyword-spacing' eslint rule

* Enable the 'key-spacing' eslint rule

* Enable the 'object-curly-spacing' eslint rule

* Enable the 'no-new-object' eslint rule

* Only disable the no-caller eslint rule in the one affected file

* Enable the 'no-unused-vars' eslint rule for local variables

* Add linting of JS in .php files
 2019-01-19 10:32:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N c0a6e54d60 skins/classic/views/control.php second order sqli (#2422) 2019-01-19 09:46:21 -05:00
Matt N 02fd1e79b3 Fix ajax/status.php orderby sql injection (#2421) 
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
 2019-01-19 09:46:08 -05:00
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425) 
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
 2019-01-19 09:41:53 -05:00
Isaac Connor 4e6c1d42b1 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-18 10:30:15 -05:00
Isaac Connor 358cfc7f49 Don't let issues with bounties or labelling as valid bug go stale 2019-01-18 10:30:02 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416) 
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
 2019-01-18 10:00:55 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415) 
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
 2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Isaac Connor 2b21fe3640 increase sql var size to MED to hold the largest possible sql string. 2019-01-16 11:48:31 -05:00
Isaac Connor 3560d6247f whitespace and comments. 2019-01-16 11:20:10 -05:00
Isaac Connor 5f5f28378d Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 11:19:22 -05:00
Isaac Connor c2b1b43cde fix typo 2019-01-16 11:19:14 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413) 
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
 2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00