Commit Graph

5436 Commits

Author SHA1 Message Date
Isaac Connor 78513e22fd When doing an OPTIONS just do CORS and exit. if xmlHttpRequest don't do a redirect login. Do a failed auth header and quit 2019-03-01 17:27:08 -05:00
Isaac Connor 7703661cb1 Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port 2019-03-01 17:25:17 -05:00
Isaac Connor 520bd4e7a7 Add ZM namespace to Logger 2019-03-01 14:42:05 -05:00
Isaac Connor 05bc57e245 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-03-01 14:27:30 -05:00
Isaac Connor 466c379e94 Merge branch 'master' into storageareas 2019-03-01 14:03:49 -05:00
Isaac Connor 675b4975b0 Fix control presets 2019-03-01 13:37:34 -05:00
Isaac Connor 2d75ab50af Implement deleting from Logs based on line count instead of interval 2019-02-28 16:12:34 -05:00
Isaac Connor 20fe502ca4 Add ZM to ErrorHandler. Spacing and quotes 2019-02-27 12:02:40 -05:00
Isaac Connor 2db030265b Merge branch 'master' into storageareas 2019-02-27 11:08:04 -05:00
Isaac Connor a1f1c19c0f fix missing ZM namepsace 2019-02-27 11:07:52 -05:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 6e4444099b Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542 2019-02-27 09:57:50 -05:00
Isaac Connor 804c384b4c add Event Notification support to server 2019-02-27 09:29:11 -05:00
Isaac Connor a7ca75758b add Event Notification label 2019-02-27 09:29:00 -05:00
Isaac Connor c0ae7820bb add zmeventnotification to Server object 2019-02-27 09:28:36 -05:00
Isaac Connor 4c35f2910c fix ZM namespace 2019-02-26 18:09:18 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor 95567e07a4 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-26 11:43:07 -05:00
Isaac Connor a00e2381b7 Merge branch 'master' into storageareas 2019-02-26 11:33:29 -05:00
Isaac Connor 92dc7878de
Fix 2340 (#2368)
* include includes/functions.php so that we have access to all it's contents

* add a beforeDelete function which deletes the files.  Add other needed functions like Path() LinkPath() etc.

* add require_once for Storage and functions because we use them in Event

* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete

* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor 5da51d51bc Merge branch 'master' into storageareas 2019-02-26 10:55:51 -05:00
Isaac Connor 53c0fae688 Merge fix from storageareas for archive/delete in events list 2019-02-26 10:22:58 -05:00
Isaac Connor 627e9f74cf fix spacing 2019-02-25 15:24:25 -05:00
Isaac Connor 2187dea2aa add namespace to Warnings 2019-02-25 15:11:08 -05:00
Isaac Connor cbd8ee80f8 add namespace for Monitor 2019-02-24 12:40:40 -05:00
Isaac Connor 3b06f3015a redirect to console of successfullogin takes us to login 2019-02-24 10:07:42 -05:00
Isaac Connor dd590aa729 remove warning when QUERY_STRING is not set 2019-02-24 10:05:45 -05:00
Isaac Connor 46c6735311 Missing namespace on filter. Fixes #2541 2019-02-24 10:02:49 -05:00
Isaac Connor fd310c0f0a Merge branch 'master' into storageareas 2019-02-22 11:33:47 -05:00
Isaac Connor 45778384a6 Merge branch 'release-1.32' 2019-02-22 11:24:23 -05:00
Isaac Connor 9a2dd06e1d Fix use of empty which isn't supported in old php. Remove the code entirely as I think it was just cutnpasted from somewhere else. We don't care if it is a new server or not in the validate code.
Fixes #2540
2019-02-22 11:22:44 -05:00
Isaac Connor 5098329d94
remove ob_clean stuff which logs errors when output buffering is turned off (#2395)
* remove ob_clean stuff which logs errors when output buffering is turned off.

* Don't ob_clean because if buffering is off php will output an error
2019-02-22 09:58:16 -05:00
Isaac Connor 2b90bf15a6
Improve session (#2487)
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini

* Use zm specific session functions, which are now located in includes/session.php.  Be more agressive about clearing session on logout.

* Move session code to includes/session.php

* remove duplicate line

* Move is_session_open to session.php.  Move code to clear a session into session.php

* improve debug line when there is a problem updating config entry

* split description into description and help text for COOKIE_LIFETIME

* Remove redirect on line.  We do it in javascript on postlogin view so that we can say logging in before switching to console

* If there is a username in the session, then we are logged in, but we need to load the user object from the db.  We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.

* Use session_regenerate_id instead of our broken code to do the same

* Move auth code to includes/auth.php

* add autocomplete tags to username and password inputs

* Don't redirect to login if we are already viewing login.  Put auth before including skin includes

* need to include session.php in auth.php

* update to php namespace
2019-02-22 09:43:38 -05:00
Isaac Connor 0a7667f2d0
Use buttons instead of divs and inputs (#2522) 2019-02-22 09:23:06 -05:00
Isaac Connor 410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. (#2534) 2019-02-22 09:20:54 -05:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor e087522203 remove debug 2019-02-21 14:15:10 -05:00
Isaac Connor d93924bd89 increase width of controls popup. 2019-02-20 15:39:26 -05:00
Isaac Connor 8837015239 remove bogus test for Filter Id 2019-02-19 13:54:25 -05:00
Isaac Connor 6d1541a4d2 Merge branch 'fix_privacy_view' into storageareas 2019-02-19 12:57:01 -05:00
Isaac Connor 97a888c0db get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. 2019-02-19 12:54:12 -05:00
Isaac Connor fbdb5bcb62 Merge branch 'master' into storageareas 2019-02-19 12:06:32 -05:00
Isaac Connor eaa7341935 Add missing / in path to auth.php 2019-02-19 10:07:36 -05:00
Isaac Connor 87988185e5 remove data-on-click-this from markEids[] because we have an onclick bind in initPage 2019-02-19 09:58:03 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Isaac Connor 4cd3a93e96 add missing / 2019-02-18 16:30:03 -05:00
Mitch Capper b646284da3 don't quote dbEscape values it will quote it already (#2529) 2019-02-17 11:31:28 -05:00
Mitch Capper 04c17283ec need to prefix with _dir_ otherwise relative to initial script (#2531) 2019-02-17 11:31:10 -05:00
Isaac Connor b7a6aed1cd Merge branch 'master' into storageareas 2019-02-16 11:51:23 -05:00
Isaac Connor 34873d5636 We must leave ZM_HOME_CONTENT unescaped so that we can insert actual html like image tags 2019-02-16 11:50:09 -05:00
Isaac Connor 6156aa2af9 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-15 10:49:06 -05:00
Isaac Connor b25770a2f0 Merge branch 'master' into storageareas 2019-02-13 11:52:31 -05:00
Isaac Connor d0745da11c fix path to Control.php 2019-02-13 11:52:16 -05:00
Isaac Connor a41e8a8834 Merge branch 'master' into storageareas 2019-02-13 11:38:38 -05:00
Isaac Connor 400d4dc27e encode the label on the preset so that weird characters and quotes don't break the button 2019-02-13 11:24:09 -05:00
Isaac Connor dd641793a2 Merge branch 'improve_session' into storageareas 2019-02-13 11:17:30 -05:00
Isaac Connor 91a280e56e need to include session.php in auth.php 2019-02-13 11:17:15 -05:00
Isaac Connor 3d6efe2253 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-13 11:10:07 -05:00
Isaac Connor d1b3b23c09 Merge branch 'master' into storageareas 2019-02-13 09:42:03 -05:00
Isaac Connor b6a0e704d2 whitespace, remove xhtml cruft 2019-02-12 16:41:08 -05:00
Isaac Connor 7a8668ea99 whitespace 2019-02-12 16:40:48 -05:00
Isaac Connor 9a0f3801de fix + instead of . 2019-02-12 16:25:31 -05:00
Isaac Connor 2f301cf5fe Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-12 13:18:08 -05:00
Isaac Connor 5b9bb93703 fix navbar auth 2019-02-12 13:17:55 -05:00
Andrew Bauer 28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
rough in a control function in Filter object.  Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld f95e9c0363 Fix comment about hiding navbar (#2521)
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor 5ce681b463 instantiate a false Frame object with id = objectect 2019-02-11 16:37:22 -05:00
Isaac Connor 5a924ab176 cleanup redundant code and spacing 2019-02-11 16:29:19 -05:00
Isaac Connor 3871c28089 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-11 14:15:35 -05:00
Isaac Connor 40e0019267 fix all the nav missing when a users Monitors Permission is None 2019-02-11 14:15:24 -05:00
Isaac Connor a3374aa26c Merge branch 'reload_zmfilter_on_filter_save' into storageareas 2019-02-11 13:26:53 -05:00
Isaac Connor 5695be9f32 rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved. 2019-02-11 13:21:00 -05:00
Pliable Pixels 5a333e153c show object detected file, if object detection in place (#2514) 2019-02-11 10:58:34 -05:00
Matt N 9675367e03 event.js: Wait for delete request to succeed before navigating. Fixes #2384 (#2515) 2019-02-11 09:34:51 -05:00
Matthew Noorenberghe cdbd59f054 bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493 2019-02-10 13:22:08 -08:00
Matthew Noorenberghe cda4a28fec Fix accidental use of 'let' in 255806bd54 2019-02-10 11:14:55 -08:00
Isaac Connor 555cb4780d Merge branch 'master' into storageareas 2019-02-10 12:37:45 -05:00
Isaac Connor c9032d3cb4 add autocomplete tags to username and password inputs 2019-02-10 00:27:33 -08:00
Matthew Noorenberghe c8e41bfee7 log.php: Ensure 'line' is an integer. Helps with #2466 2019-02-10 00:10:39 -08:00
Matthew Noorenberghe a6ee79f428 Fix typo in dbc1c7b72f comment 2019-02-09 22:40:39 -08:00
Matthew Noorenberghe dbc1c7b72f Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469 2019-02-09 22:39:54 -08:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe 99f1e23c5b Replace usage of PHP_SELF in views/. Fixes #2450 2019-02-09 21:39:19 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe d7ede4643d _monitor_filters.php: Escape MonitorName and Source. Fixes #2457 2019-02-09 19:14:31 -08:00
Matthew Noorenberghe c9d597dced logger.php: Don't output Panic messages unless debugging is on. Fixes #2460 2019-02-09 18:51:30 -08:00
Matthew Noorenberghe 255806bd54 log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453 2019-02-09 18:43:55 -08:00
Matthew Noorenberghe 6af2c4ad0e Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468 2019-02-09 18:06:21 -08:00
Matthew Noorenberghe 9ce05a9a09 user.php: Escape the Username upon display. Fixes #2467 2019-02-09 17:45:52 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe ef0e5f453a monitor.php: Fix XSS from LinkedMonitors. Fixes #2463 2019-02-09 17:11:53 -08:00
Matthew Noorenberghe 9705edfe24 monitor.php: Escape monitor method. Fixes #2464 2019-02-09 17:01:45 -08:00
Matthew Noorenberghe cef54feaf9 monitor.php: Escape a bug of output variables. Fixes #2465 2019-02-09 16:54:06 -08:00
Matthew Noorenberghe 254b7286b4 monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451 2019-02-09 16:41:54 -08:00
Matthew Noorenberghe bb75dad091 filter.php: Escape filter query term value to avoid XSS. Fixes #2462 2019-02-09 15:35:55 -08:00
Matthew Noorenberghe dd37808ef7 filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461 2019-02-09 15:24:13 -08:00
Matthew Noorenberghe 70e59ed546 filter.php: Escape the filter name on output. Fixes #2455 2019-02-09 15:19:15 -08:00
Matthew Noorenberghe b2a97ee190 frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 7b0ee8a6a2 group: Escape group name in heading. Fixes #2454 2019-02-09 14:05:50 -08:00
Matthew Noorenberghe fa6716a64b console: Escape source column output to prevent XSS. Fixes #2452 2019-02-09 02:28:40 -08:00
Matthew Noorenberghe 98e0a0d2c5 Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459 2019-02-09 02:18:57 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 61f6a92cc0 view=download: Validate the eid parameter to avoid XSS. Fixes #2442 2019-02-09 01:37:32 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Matthew Noorenberghe e36ac1b872 Add a polyfill for NodeList.prototype.forEach 2019-02-08 21:54:23 -08:00
Pliable Pixels 2dc935b488 added object detection frame rendering (#2505) 2019-02-08 13:49:00 -05:00
Isaac Connor 0eb1efff8b fix eslint errors 2019-02-08 13:48:38 -05:00
Isaac Connor ee3a0c1fd1 fix validateForm running on monitor cancel due to lack of type=button on cancel button 2019-02-08 09:55:32 -05:00
Isaac Connor ca781523a8 Merge branch 'master' into storageareas 2019-02-07 08:57:50 -05:00
Isaac Connor 1039149866 fix buttons on events page. data-onclick-this to data-on-click-this 2019-02-07 08:56:48 -05:00
Isaac Connor d33e094526 Merge branch 'master' into storageareas 2019-02-06 17:03:41 -05:00
Isaac Connor 7e84a5914c fix CSP policy violations on filters view 2019-02-06 13:55:19 -05:00
Isaac Connor 0783802d0c fix CSP violations on events 2019-02-06 13:31:34 -05:00
Isaac Connor b04b67c39d Fix CSP violation in the onclick of the monitor view in montagereview 2019-02-06 12:17:10 -05:00
Isaac Connor 6744a9a116 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:55 -05:00
Isaac Connor edaf582eb4 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:48 -05:00
Isaac Connor 8e62c93f5f add to_json function to Storage. 2019-02-06 11:44:36 -05:00
Isaac Connor a9f0463223 Merge branch 'master' into storageareas 2019-02-05 16:46:47 -05:00
Isaac Connor dca9a81cfd implement data-on-click-true 2019-02-05 16:45:05 -05:00
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor a40cd144fa Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-05 12:35:15 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor d08a6fcc7c Don't redirect to login if we are already viewing login. Put auth before including skin includes 2019-02-05 12:32:24 -05:00
Isaac Connor 78bc2c1dc2 add autocomplete tags to username and password inputs 2019-02-05 11:53:57 -05:00
Isaac Connor b6b4a21dbe Move auth code to includes/auth.php 2019-02-05 11:45:58 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor a2e04c307d update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update. 2019-01-31 09:40:19 -05:00
Isaac Connor 86b7fe5d29 fix spacing 2019-01-30 16:08:41 -05:00
Isaac Connor 4bacd26c98 log redirections 2019-01-30 16:08:24 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 0eba430932 remove duplicate line 2019-01-30 11:05:43 -05:00
Isaac Connor 4e9ce3c5b7 Move session code to includes/session.php 2019-01-30 11:05:36 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor 7ea8be3fa8 spacing, remove non html5 elements 2019-01-25 09:22:08 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe a3e8fd4fd5 Fix zones.php self-xss. Fixes #2444 2019-01-24 23:40:41 -08:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe 59cc65411f plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor e53678f869 Can't use a normal subsitution on the Order by field. So parse the sort param instead 2019-01-23 12:22:00 -05:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
montagdude 4da95369f9 Fix zone area calculation (#2437)
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650. This
change implements the method here:

http://mathworld.wolfram.com/PolygonArea.html

It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor 7026ebafac Make ajax/stream wait longer for zms. On pi can take up to 3 seconds. Also for php < 5.6, we need to fake 64bit unpack support 2019-01-22 16:45:38 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Isaac Connor 2914fb1d58 Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js 2019-01-22 09:15:25 -05:00
Isaac Connor e712cedbde spacing and quotes 2019-01-22 09:14:44 -05:00
Isaac Connor ae703c45ee Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it. 2019-01-22 09:14:33 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Matt N e7e45b2d95 Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j (#2433) 2019-01-22 08:00:39 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor 785c208ecf Fixes #2426. Ca should have been endTime 2019-01-21 12:01:46 -05:00
Isaac Connor 326ac60ae4 add missing braces to fix logic 2019-01-21 11:20:56 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor e663397816 spacing 2019-01-21 11:17:21 -05:00
Isaac Connor c6311b7079 When logging in, stay on the login view 2019-01-21 11:17:09 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Isaac Connor b24b930f65 After login go to postlogin, not console. the login view is in a popup so we want to close 2019-01-21 11:15:36 -05:00
Matt N 19c272061a Replace MooTools usage for adding window event listeners (#2429) 2019-01-21 11:14:32 -05:00
Matt N 27bcf3f994 Upgrade jQuery version (#2430)
* Upgrade jQuery to 1.12.4

* Upgrade jQuery to 2.2.4; Stop support for IE8

* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N f0b33145f5 Log CSP violations in ZM logs in supported browsers (#2431) 2019-01-21 11:12:17 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432)
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Isaac Connor f69b77e38f fix eslint complaints 2019-01-19 12:40:17 -05:00
Matt N a1a42345e3 More eslint fixes; eslint in php; add eslint to travis (#2419)
* Add eslint to travis.yml

* Update eslint package versions and apply new indent rules

* Enable the brace-style and block-style eslint rules

* Enable the 'curly' eslint rule

* Enable the 'keyword-spacing' eslint rule

* Enable the 'key-spacing' eslint rule

* Enable the 'object-curly-spacing' eslint rule

* Enable the 'no-new-object' eslint rule

* Only disable the no-caller eslint rule in the one affected file

* Enable the 'no-unused-vars' eslint rule for local variables

* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N c0a6e54d60 skins/classic/views/control.php second order sqli (#2422) 2019-01-19 09:46:21 -05:00
Matt N 02fd1e79b3 Fix ajax/status.php orderby sql injection (#2421)
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor 552e14a971 Merge branch 'master' into storageareas 2019-01-18 10:36:59 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416)
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 87d1390fed Merge branch 'storageareas' into h265 2019-01-16 15:20:17 -05:00
Isaac Connor f49dd93b6a Merge branch 'master' into storageareas 2019-01-16 14:39:56 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00
Isaac Connor 07c7c271a6 prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411 2019-01-15 11:38:19 -05:00
Isaac Connor 3182d8bab7 implement to_json method so that defaults get included 2019-01-15 11:36:56 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor f726666f54 Merge branch 'master' into h265 2019-01-14 12:36:11 -05:00
Isaac Connor fc7403fe3d Merge branch 'master' into storageareas 2019-01-13 14:53:34 -05:00
Isaac Connor c834fbe462 the filter action should singular filter, not filters 2019-01-13 14:52:39 -05:00
Isaac Connor a282b487d1 load Help from Config as it is not longer always loaded into ram. 2019-01-11 13:55:03 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor 1d54216e80 spacing 2019-01-09 16:23:58 -05:00
Isaac Connor c1e4fbac6a extend input path and options to the full width of the popup 2019-01-09 12:37:42 -05:00
Isaac Connor 2d03583b78 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-08 13:12:42 -05:00
Isaac Connor ffa37d8c10 Fix margins on replayControl 2019-01-08 13:12:35 -05:00
Isaac Connor 3f5a2a2aa6 disable delete button when event is archived. 2019-01-07 15:56:23 -05:00
Isaac Connor f3a807f1f8 Merge branch 'master' into storageareas 2019-01-07 09:21:25 -05:00
Isaac Connor b4f8500cb5 Merge branch 'split_actions' 2019-01-05 18:33:04 -05:00
Isaac Connor 3f10553464 Fix include path to Monitors.php 2019-01-05 18:32:53 -05:00
Isaac Connor 1a75cf333e Merge branch 'master' into storageareas 2019-01-05 11:12:38 -05:00
Isaac Connor e34a5e972a fix missing } 2019-01-05 11:12:26 -05:00
Isaac Connor cf0d55d3db Merge branch 'master' into storageareas 2019-01-05 10:59:01 -05:00
David Beitey e6ba8e58ef Fix #2391 by defining monitor variable (#2392) 2019-01-05 10:20:34 -05:00
Isaac Connor 8eb61b1c11 Merge branch 'master' into storageareas 2019-01-05 10:16:38 -05:00
Isaac Connor 5b5905c83a We always use markEids[] now 2019-01-04 16:29:16 -05:00
Isaac Connor de0ef6ce43 Merge branch 'master' into split_actions 2019-01-04 15:55:54 -05:00
Isaac Connor e72e4e7ce4 Spacing, remove some html4 stuff, clean up duplicated hidden form elements. 2019-01-04 15:52:36 -05:00
Isaac Connor dea64320f0 Fix a + that should be a . 2019-01-04 15:52:14 -05:00
Isaac Connor 0e20666992 fix eventdetail actions being in events 2019-01-04 15:43:31 -05:00
Isaac Connor ab198bfd75 remove master version of actions.php 2019-01-04 15:29:21 -05:00
Isaac Connor 52466c398b Merge branch 'split_actions' into storageareas 2019-01-04 15:28:55 -05:00
Isaac Connor b8d065275b Merge branch 'master' into storageareas 2019-01-04 15:22:18 -05:00
Isaac Connor e2f32ab091 Upgrade config saving 2019-01-04 09:43:36 -05:00
Isaac Connor 7ec96655c3 fix missing ! when testing for permission on editing config 2019-01-04 09:37:26 -05:00
Isaac Connor 5b9bf48945 Merge branch 'master' into split_actions 2019-01-04 09:35:54 -05:00
Isaac Connor 46adcbb66b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-04 09:34:51 -05:00
Isaac Connor edeaa07c12 Fix no quotes around Id 2019-01-04 09:34:42 -05:00
Isaac Connor 6cad852e11 fix path to MontageLayout 2019-01-04 09:34:18 -05:00
Isaac Connor dbe9817bc8 Split actions.php into individual files per view 2019-01-04 09:26:34 -05:00
Andrew Bauer 225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
Improve config efficiency
2019-01-02 19:34:34 -06:00
Isaac Connor 874930d8fc Merge branch 'master' into improve_config_efficiency 2019-01-02 13:07:53 -05:00
Isaac Connor 99471836b7 Use monitor's serverId when loading server object so that images load from recording server. 2019-01-02 11:28:12 -05:00
Isaac Connor 8a1707a615 Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server. 2019-01-02 11:27:46 -05:00
Isaac Connor 79113a6869 Add a default Server object to handle non-multi-server case 2019-01-02 10:56:40 -05:00
Isaac Connor 5060358870 Merge branch 'master' into storageareas 2018-12-29 09:56:53 -05:00
Andrew Bauer d14e9ecf74 force overloadframes and ExtendAlarmFrames to int (#2373) 2018-12-29 09:53:31 -05:00
Andrew Bauer 3258d8e590 remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00
Isaac Connor 1a1231fdaa Merge branch 'master' into storageareas 2018-12-28 10:47:27 -05:00
Andrew Bauer a029909972 fix path to thumb and anal images (#2367) 2018-12-28 10:46:13 -05:00
Andrew Bauer fb37fc48e1 update viewImagePatch (#2370) 2018-12-28 10:38:39 -05:00
Isaac Connor 101f24feb5
Update area when editing x and y coords (#2366) 2018-12-27 14:28:14 -05:00
Isaac Connor 3e06bbcef8 Merge branch 'master' into storageareas 2018-12-27 13:50:29 -05:00
Andrew Bauer 5f9a113da1
redirect to montage rather than montagereview 2018-12-26 10:34:01 -06:00
Andrew Bauer 27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
Small groups fixes
2018-12-24 11:30:57 -06:00
Isaac Connor e0a9c4a21e fix event popup detection 2018-12-24 11:23:58 -05:00
Isaac Connor 2b8fa653ed Merge branch 'small_groups_fixes' into storageareas 2018-12-24 09:48:36 -05:00
Isaac Connor 27826b4aca Merge branch 'master' into storageareas 2018-12-24 09:48:29 -05:00
Isaac Connor 68adc289fe Fix colspan count now that depth is zero-based 2018-12-24 09:40:23 -05:00
Isaac Connor e0cae5709f Group::find is now more powerful so we can just use it to return all Groups to be deleted 2018-12-24 09:39:40 -05:00
Isaac Connor 63199289ad Change depth function to be 0-based. 2018-12-24 09:38:55 -05:00
Isaac Connor 0cce0a642b Update chosen library to 1.8.7 2018-12-24 09:37:49 -05:00
Andrew Bauer 153877b9c0
Merge pull request #2359 from connortechnology/fix_2353
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 15:16:49 -06:00
Isaac Connor 1130d6650a Fix spacing and pass popup to previous/next event so that popups stay as popups 2018-12-21 10:50:19 -05:00
Isaac Connor 47465260d1 Update permissions checking for Groups to not use session. Fixes #2353 2018-12-21 10:01:48 -05:00
Isaac Connor 7a8beffdcc Merge branch 'master' into storageareas 2018-12-20 15:10:52 -05:00
Isaac Connor a277f697e9 whitespace 2018-12-20 14:58:38 -05:00
Isaac Connor e626049f6b Merge branch 'swresample' into storageareas 2018-12-20 14:08:40 -05:00
Isaac Connor d4fb85a9aa Merge branch 'master' into swresample 2018-12-20 09:16:27 -05:00
Isaac Connor 3a068ae6a3 Merge branch 'master' into swresample 2018-12-16 16:15:28 -05:00
Pliable Pixels 622c17f628 make sure auth is regenerated each time we call this API (#2347) 2018-12-16 11:02:07 -05:00
Isaac Connor 0bfe1007c8 Merge branch 'master' into storageareas 2018-12-14 10:16:08 -05:00
Mike Rosack 567b60ffa7 support for forwarded proto/port in Server.php (#2343) 2018-12-13 10:24:32 -05:00
Andrew Bauer 8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
Cleanup auth
2018-12-12 20:53:24 -06:00
Isaac Connor eba8b3327d Merge branch 'master' into cleanup_auth 2018-12-11 16:04:42 -05:00
Andrew Bauer 21a98f3653 Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view 2018-12-11 09:44:13 -06:00
Isaac Connor 278abbc201 Merge branch 'master' into remove_default_view 2018-12-11 10:37:26 -05:00
Andrew Bauer 3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
Andrew Bauer fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
Andrew Bauer 4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
Introduce get body top html
2018-12-11 09:35:54 -06:00
Andrew Bauer 22460f580b
Merge pull request #2305 from pliablepixels/save-first-alarm
Save first alarm
2018-12-11 09:35:40 -06:00
Andrew Bauer c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
Fix ios9
2018-12-11 09:29:50 -06:00
Isaac Connor c8c34d3f95 Merge branch 'master' into storageareas 2018-12-11 10:21:22 -05:00
Isaac Connor b3bed9a28a fix whitespace 2018-12-11 10:20:02 -05:00
Isaac Connor e1ecd47bff Fix missing use of UrlToApi 2018-12-11 09:40:40 -05:00
Isaac Connor 1e8c4276bb fix #2319 some more. This is fixing rate sticking across gapless events and reload 2018-12-10 17:32:17 -05:00
Isaac Connor a1141d2dc4 remove second use of HTTP_HOST and use a better method of stripping off port from HTTP_HOST 2018-12-07 08:39:23 -05:00
Isaac Connor 757e538550 strip port from HTTP_HOST 2018-12-06 17:12:03 -05:00
Isaac Connor 50017057de Merge branch 'master' into storageareas 2018-12-05 09:05:27 -05:00
Isaac Connor 9ffd77428a fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui 2018-12-05 09:05:10 -05:00
Isaac Connor bc5f8d0d8d rework pts/dts of audio stream. Spacing. Fix crash 2018-12-04 18:23:08 -05:00
Isaac Connor a9290759a5 Merge branch 'fix_ios9' into storageareas 2018-12-03 16:25:34 -05:00
Isaac Connor 18ce7c9ea0 Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead. 2018-12-03 15:17:16 -05:00
Isaac Connor 27d4ba9e5f use output of babeljs.io to provide code that works on older browsers. The nice class notation is ES6 upwards.. Safari on IOS9 doesn't like it 2018-12-03 15:16:47 -05:00
Isaac Connor 2df6d74a3e Merge branch 'master' into storageareas 2018-12-02 17:15:12 -05:00
Andrew Bauer e327ad100e fix WebSite camera startup issue 2018-12-01 17:03:50 -06:00
Andrew Bauer cae6ffd5a3 use HTTP_HOST instead of SERVER_NAME 2018-12-01 13:27:08 -06:00
Isaac Connor 4272225a17 Merge branch 'master' into h265 2018-11-30 16:42:16 -05:00
Isaac Connor 7d90a56561 Merge branch 'master' into storageareas 2018-11-30 14:46:42 -05:00