Isaac Connor
e79d7ec736
change let to var
2019-02-11 09:55:45 -05:00
Matt N
9675367e03
event.js: Wait for delete request to succeed before navigating. Fixes #2384 ( #2515 )
2019-02-11 09:34:51 -05:00
Matthew Noorenberghe
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
Matthew Noorenberghe
ef1112801f
Request browser name and version for web issues (part 2)
2019-02-10 12:38:18 -08:00
Matthew Noorenberghe
28a8af34d5
Request browser name and version for web issues
2019-02-10 12:22:44 -08:00
Matthew Noorenberghe
cda4a28fec
Fix accidental use of 'let' in 255806bd54
2019-02-10 11:14:55 -08:00
Steve Gilvarry
2975225918
Cleanup old files ( #2509 )
...
* Remove Doc-Pak folder
Duplicates and out of date
* Delete umutils dir, looks like some old build script.
* Remove NEWS file as it is not being used.
* Remove TODO
* Remove description-pak, hanging around since NextTime days
* Delete ChangeLog file leaving CHANGELOG.MD as main file, which needs updating..
* Remove INSTALL file as it was not up to date, happy to consider an update instead.
* Remove Authors, not really adding much value and pretty sure the history is documented elsewhere.
* Deleted BUGS. Should be covered in the readme, let me know if you want me to add a link..
2019-02-10 13:09:40 -05:00
Steve Gilvarry
87413d447d
Set CSRF on as the default for new installs. Fixes #2507 ( #2508 )
...
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.
* Fix the spelling mistake that I noticed after editing this.
2019-02-10 13:08:58 -05:00
Isaac Connor
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
Isaac Connor
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
Matthew Noorenberghe
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
Matthew Noorenberghe
a6ee79f428
Fix typo in dbc1c7b72f
comment
2019-02-09 22:40:39 -08:00
Matthew Noorenberghe
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
Matthew Noorenberghe
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
Matthew Noorenberghe
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
Matthew Noorenberghe
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
Matthew Noorenberghe
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
Matthew Noorenberghe
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
Matthew Noorenberghe
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
Matthew Noorenberghe
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
Matthew Noorenberghe
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
Matthew Noorenberghe
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
Matthew Noorenberghe
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
Matthew Noorenberghe
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
Matthew Noorenberghe
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
Matthew Noorenberghe
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
Matthew Noorenberghe
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
Matthew Noorenberghe
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
Matthew Noorenberghe
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
Matthew Noorenberghe
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
Matthew Noorenberghe
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
Matthew Noorenberghe
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
Matthew Noorenberghe
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
Matthew Noorenberghe
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
Matthew Noorenberghe
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
Matthew Noorenberghe
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
Matthew Noorenberghe
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
Matthew Noorenberghe
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
Matthew Noorenberghe
e36ac1b872
Add a polyfill for NodeList.prototype.forEach
2019-02-08 21:54:23 -08:00
Pliable Pixels
2dc935b488
added object detection frame rendering ( #2505 )
2019-02-08 13:49:00 -05:00
Isaac Connor
0eb1efff8b
fix eslint errors
2019-02-08 13:48:38 -05:00
Isaac Connor
e2fc0ea25d
Increase navbar refresh times. 5 seconds is way too fast
2019-02-08 10:22:42 -05:00
Isaac Connor
ee3a0c1fd1
fix validateForm running on monitor cancel due to lack of type=button on cancel button
2019-02-08 09:55:32 -05:00
Isaac Connor
4f9a32e7a7
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-02-07 12:01:52 -05:00
Isaac Connor
ca781523a8
Merge branch 'master' into storageareas
2019-02-07 08:57:50 -05:00
Isaac Connor
1039149866
fix buttons on events page. data-onclick-this to data-on-click-this
2019-02-07 08:56:48 -05:00
Isaac Connor
d33e094526
Merge branch 'master' into storageareas
2019-02-06 17:03:41 -05:00
Isaac Connor
7e84a5914c
fix CSP policy violations on filters view
2019-02-06 13:55:19 -05:00
Isaac Connor
0783802d0c
fix CSP violations on events
2019-02-06 13:31:34 -05:00