Isaac Connor
0a7667f2d0
Use buttons instead of divs and inputs ( #2522 )
2019-02-22 09:23:06 -05:00
Isaac Connor
410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. ( #2534 )
2019-02-22 09:20:54 -05:00
Isaac Connor
8dd8888975
Php namespace ( #2537 )
...
* experiment with namespaces on the Server class
* experiment with namespaces on the Server class
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor
e087522203
remove debug
2019-02-21 14:15:10 -05:00
Isaac Connor
d93924bd89
increase width of controls popup.
2019-02-20 15:39:26 -05:00
Isaac Connor
8837015239
remove bogus test for Filter Id
2019-02-19 13:54:25 -05:00
Isaac Connor
6d1541a4d2
Merge branch 'fix_privacy_view' into storageareas
2019-02-19 12:57:01 -05:00
Isaac Connor
97a888c0db
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again.
2019-02-19 12:54:12 -05:00
Isaac Connor
fbdb5bcb62
Merge branch 'master' into storageareas
2019-02-19 12:06:32 -05:00
Isaac Connor
eaa7341935
Add missing / in path to auth.php
2019-02-19 10:07:36 -05:00
Isaac Connor
87988185e5
remove data-on-click-this from markEids[] because we have an onclick bind in initPage
2019-02-19 09:58:03 -05:00
Isaac Connor
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
Isaac Connor
4cd3a93e96
add missing /
2019-02-18 16:30:03 -05:00
Mitch Capper
b646284da3
don't quote dbEscape values it will quote it already ( #2529 )
2019-02-17 11:31:28 -05:00
Mitch Capper
04c17283ec
need to prefix with _dir_ otherwise relative to initial script ( #2531 )
2019-02-17 11:31:10 -05:00
Isaac Connor
b7a6aed1cd
Merge branch 'master' into storageareas
2019-02-16 11:51:23 -05:00
Isaac Connor
34873d5636
We must leave ZM_HOME_CONTENT unescaped so that we can insert actual html like image tags
2019-02-16 11:50:09 -05:00
Isaac Connor
6156aa2af9
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-02-15 10:49:06 -05:00
Isaac Connor
b25770a2f0
Merge branch 'master' into storageareas
2019-02-13 11:52:31 -05:00
Isaac Connor
d0745da11c
fix path to Control.php
2019-02-13 11:52:16 -05:00
Isaac Connor
a41e8a8834
Merge branch 'master' into storageareas
2019-02-13 11:38:38 -05:00
Isaac Connor
400d4dc27e
encode the label on the preset so that weird characters and quotes don't break the button
2019-02-13 11:24:09 -05:00
Isaac Connor
dd641793a2
Merge branch 'improve_session' into storageareas
2019-02-13 11:17:30 -05:00
Isaac Connor
91a280e56e
need to include session.php in auth.php
2019-02-13 11:17:15 -05:00
Isaac Connor
3d6efe2253
Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas
2019-02-13 11:10:07 -05:00
Isaac Connor
d1b3b23c09
Merge branch 'master' into storageareas
2019-02-13 09:42:03 -05:00
Isaac Connor
b6a0e704d2
whitespace, remove xhtml cruft
2019-02-12 16:41:08 -05:00
Isaac Connor
7a8668ea99
whitespace
2019-02-12 16:40:48 -05:00
Isaac Connor
9a0f3801de
fix + instead of .
2019-02-12 16:25:31 -05:00
Isaac Connor
2f301cf5fe
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-12 13:18:08 -05:00
Isaac Connor
5b9bb93703
fix navbar auth
2019-02-12 13:17:55 -05:00
Andrew Bauer
28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
...
rough in a control function in Filter object. Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld
f95e9c0363
Fix comment about hiding navbar ( #2521 )
...
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor
5ce681b463
instantiate a false Frame object with id = objectect
2019-02-11 16:37:22 -05:00
Isaac Connor
5a924ab176
cleanup redundant code and spacing
2019-02-11 16:29:19 -05:00
Isaac Connor
3871c28089
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 14:15:35 -05:00
Isaac Connor
40e0019267
fix all the nav missing when a users Monitors Permission is None
2019-02-11 14:15:24 -05:00
Isaac Connor
a3374aa26c
Merge branch 'reload_zmfilter_on_filter_save' into storageareas
2019-02-11 13:26:53 -05:00
Isaac Connor
5695be9f32
rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved.
2019-02-11 13:21:00 -05:00
Pliable Pixels
5a333e153c
show object detected file, if object detection in place ( #2514 )
2019-02-11 10:58:34 -05:00
Matt N
9675367e03
event.js: Wait for delete request to succeed before navigating. Fixes #2384 ( #2515 )
2019-02-11 09:34:51 -05:00
Matthew Noorenberghe
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
Matthew Noorenberghe
cda4a28fec
Fix accidental use of 'let' in 255806bd54
2019-02-10 11:14:55 -08:00
Isaac Connor
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
Isaac Connor
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
Matthew Noorenberghe
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
Matthew Noorenberghe
a6ee79f428
Fix typo in dbc1c7b72f
comment
2019-02-09 22:40:39 -08:00
Matthew Noorenberghe
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
Matthew Noorenberghe
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
Matthew Noorenberghe
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
Matthew Noorenberghe
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
Matthew Noorenberghe
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
Matthew Noorenberghe
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
Matthew Noorenberghe
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
Matthew Noorenberghe
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
Matthew Noorenberghe
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
Matthew Noorenberghe
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
Matthew Noorenberghe
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
Matthew Noorenberghe
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
Matthew Noorenberghe
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
Matthew Noorenberghe
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
Matthew Noorenberghe
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
Matthew Noorenberghe
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
Matthew Noorenberghe
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
Matthew Noorenberghe
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
Matthew Noorenberghe
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
Matthew Noorenberghe
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
Matthew Noorenberghe
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
Matthew Noorenberghe
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
Matthew Noorenberghe
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
Matthew Noorenberghe
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
Matthew Noorenberghe
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
Matthew Noorenberghe
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
Matthew Noorenberghe
e36ac1b872
Add a polyfill for NodeList.prototype.forEach
2019-02-08 21:54:23 -08:00
Pliable Pixels
2dc935b488
added object detection frame rendering ( #2505 )
2019-02-08 13:49:00 -05:00
Isaac Connor
0eb1efff8b
fix eslint errors
2019-02-08 13:48:38 -05:00
Isaac Connor
ee3a0c1fd1
fix validateForm running on monitor cancel due to lack of type=button on cancel button
2019-02-08 09:55:32 -05:00
Isaac Connor
ca781523a8
Merge branch 'master' into storageareas
2019-02-07 08:57:50 -05:00
Isaac Connor
1039149866
fix buttons on events page. data-onclick-this to data-on-click-this
2019-02-07 08:56:48 -05:00
Isaac Connor
d33e094526
Merge branch 'master' into storageareas
2019-02-06 17:03:41 -05:00
Isaac Connor
7e84a5914c
fix CSP policy violations on filters view
2019-02-06 13:55:19 -05:00
Isaac Connor
0783802d0c
fix CSP violations on events
2019-02-06 13:31:34 -05:00
Isaac Connor
b04b67c39d
Fix CSP violation in the onclick of the monitor view in montagereview
2019-02-06 12:17:10 -05:00
Isaac Connor
6744a9a116
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:55 -05:00
Isaac Connor
edaf582eb4
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:48 -05:00
Isaac Connor
8e62c93f5f
add to_json function to Storage.
2019-02-06 11:44:36 -05:00
Isaac Connor
a9f0463223
Merge branch 'master' into storageareas
2019-02-05 16:46:47 -05:00
Isaac Connor
dca9a81cfd
implement data-on-click-true
2019-02-05 16:45:05 -05:00
Isaac Connor
d121ecab75
Merge branch 'improve_session' into storageareas
2019-02-05 15:48:42 -05:00
Isaac Connor
141f2afc8c
Merge branch 'master' into storageareas
2019-02-05 15:46:58 -05:00
Isaac Connor
21702dcc68
Merge branch 'master' into improve_session
2019-02-05 12:35:29 -05:00
Isaac Connor
a40cd144fa
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-05 12:35:15 -05:00
Isaac Connor
c54fe7e89a
fix state actions
2019-02-05 12:35:06 -05:00
Isaac Connor
d08a6fcc7c
Don't redirect to login if we are already viewing login. Put auth before including skin includes
2019-02-05 12:32:24 -05:00
Isaac Connor
78bc2c1dc2
add autocomplete tags to username and password inputs
2019-02-05 11:53:57 -05:00
Isaac Connor
b6b4a21dbe
Move auth code to includes/auth.php
2019-02-05 11:45:58 -05:00
Isaac Connor
cb0d9325e6
Use session_regenerate_id instead of our broken code to do the same
2019-02-05 11:45:09 -05:00
Isaac Connor
2466d765bf
If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
2019-02-05 11:44:45 -05:00
Isaac Connor
5a9083fe86
Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
2019-02-05 11:40:58 -05:00
Isaac Connor
a2e04c307d
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
2019-01-31 09:40:19 -05:00
Isaac Connor
86b7fe5d29
fix spacing
2019-01-30 16:08:41 -05:00
Isaac Connor
4bacd26c98
log redirections
2019-01-30 16:08:24 -05:00
Isaac Connor
97e3a8178a
use session_regenerate_id instead of other strange code
2019-01-30 16:08:09 -05:00
Isaac Connor
b09a71d0e2
code style
2019-01-30 16:06:16 -05:00
Isaac Connor
71f961d012
remove redirect to console on login, as it is done in javascript after Logging in message is displayed
2019-01-30 16:05:51 -05:00
Isaac Connor
4e10e6f0ae
Merge branch 'improve_session' into storageareas
2019-01-30 15:26:37 -05:00
Isaac Connor
9a3aa49bae
Merge branch 'fix_bandwidth' into storageareas
2019-01-30 15:18:16 -05:00
Isaac Connor
533d021dea
Merge branch 'master' into storageareas
2019-01-30 15:17:27 -05:00
Isaac Connor
604dbf8776
fix state changing/etc
2019-01-30 14:36:46 -05:00
Isaac Connor
2e2404643f
Fix bandwidth due to new actions code. Update buttons on bandwidth popup
2019-01-30 13:20:24 -05:00
Isaac Connor
cc0b5e0f1f
Move is_session_open to session.php. Move code to clear a session into session.php
2019-01-30 12:52:01 -05:00
Isaac Connor
0eba430932
remove duplicate line
2019-01-30 11:05:43 -05:00
Isaac Connor
4e9ce3c5b7
Move session code to includes/session.php
2019-01-30 11:05:36 -05:00
Isaac Connor
85bb70df68
Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
2019-01-30 11:05:19 -05:00
Isaac Connor
7ea8be3fa8
spacing, remove non html5 elements
2019-01-25 09:22:08 -05:00
Matt N
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
Matt N
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Matthew Noorenberghe
a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
Matthew Noorenberghe
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor
e53678f869
Can't use a normal subsitution on the Order by field. So parse the sort param instead
2019-01-23 12:22:00 -05:00
Isaac Connor
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
montagdude
4da95369f9
Fix zone area calculation ( #2437 )
...
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650
. This
change implements the method here:
http://mathworld.wolfram.com/PolygonArea.html
It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor
7026ebafac
Make ajax/stream wait longer for zms. On pi can take up to 3 seconds. Also for php < 5.6, we need to fake 64bit unpack support
2019-01-22 16:45:38 -05:00
Isaac Connor
cc8de69eba
Merge branch 'master' into storageareas
2019-01-22 11:44:42 -05:00
Isaac Connor
2914fb1d58
Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js
2019-01-22 09:15:25 -05:00
Isaac Connor
e712cedbde
spacing and quotes
2019-01-22 09:14:44 -05:00
Isaac Connor
ae703c45ee
Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it.
2019-01-22 09:14:33 -05:00
Matt N
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
Matt N
e7e45b2d95
Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j ( #2433 )
2019-01-22 08:00:39 -05:00
Isaac Connor
7260f823cb
Merge branch 'master' into storageareas
2019-01-21 13:52:38 -05:00
Isaac Connor
785c208ecf
Fixes #2426 . Ca should have been endTime
2019-01-21 12:01:46 -05:00
Isaac Connor
326ac60ae4
add missing braces to fix logic
2019-01-21 11:20:56 -05:00
Isaac Connor
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
Isaac Connor
e663397816
spacing
2019-01-21 11:17:21 -05:00
Isaac Connor
c6311b7079
When logging in, stay on the login view
2019-01-21 11:17:09 -05:00
Isaac Connor
fbc236128e
add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00
2019-01-21 11:16:14 -05:00
Isaac Connor
b24b930f65
After login go to postlogin, not console. the login view is in a popup so we want to close
2019-01-21 11:15:36 -05:00
Matt N
19c272061a
Replace MooTools usage for adding window event listeners ( #2429 )
2019-01-21 11:14:32 -05:00
Matt N
27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N
f0b33145f5
Log CSP violations in ZM logs in supported browsers ( #2431 )
2019-01-21 11:12:17 -05:00
Matt N
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Isaac Connor
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00
Matt N
a1a42345e3
More eslint fixes; eslint in php; add eslint to travis ( #2419 )
...
* Add eslint to travis.yml
* Update eslint package versions and apply new indent rules
* Enable the brace-style and block-style eslint rules
* Enable the 'curly' eslint rule
* Enable the 'keyword-spacing' eslint rule
* Enable the 'key-spacing' eslint rule
* Enable the 'object-curly-spacing' eslint rule
* Enable the 'no-new-object' eslint rule
* Only disable the no-caller eslint rule in the one affected file
* Enable the 'no-unused-vars' eslint rule for local variables
* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N
35fb4366b6
Fix recaptcha support with the CSP ( #2420 )
2019-01-19 09:47:04 -05:00
Matt N
c0a6e54d60
skins/classic/views/control.php second order sqli ( #2422 )
2019-01-19 09:46:21 -05:00
Matt N
02fd1e79b3
Fix ajax/status.php orderby sql injection ( #2421 )
...
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
Matt N
34e2e47993
controlcap.php: Reflected xss fix with validHtmlStr ( #2423 )
2019-01-19 09:43:28 -05:00
Matt N
d3f8037e58
Replace onclick='submitTab(...' with a click listener ( #2424 )
2019-01-19 09:42:12 -05:00
Matt N
4e48939660
Add a validateForm event listener and enforce CSP on some views ( #2425 )
...
* Add a validateForm event listener and enforce CSP on the controlcap view
* filter.php: Use .validateFormOnSubmit
* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check
* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor
552e14a971
Merge branch 'master' into storageareas
2019-01-18 10:36:59 -05:00
Matt N
43a1725060
Fix duplicate 'class' attribute in options ( #2418 )
2019-01-18 10:05:44 -05:00
Matt N
eef113b6a7
Convert some characters to HTML entities ( #2417 )
2019-01-18 10:02:48 -05:00
Matt N
deaf651aad
Fix eslint violations ( #2416 )
...
* Add more JS libraries to eslintignore
* eslint . --fix
Automatic fixes only
* frame.js: eslint fixes
* events.js: manual eslint fixes
* skin.js: manual eslint fixes
* watch.js: manual eslint fixes
* Remove some tabs used for indentation in JS
* state.js: Fix new-cap eslint violation
* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
Matt N
6bb5aa1b87
More inline JS / nonce conversions ( #2415 )
...
* monitor.php: Add nonce and move <script> inside </body>
* export_functions.php: Untested: Add @nonce to <script>
* blank.php: Add @nonce to <script> and add to CSP enforced views
* Enforce CSP on login and privacy views
* group.php: Add nonce and move <script> inside </body>
* filter.php: Add @nonce to <script>
* Fix updateButtons argument on the filter page upon change and page load
* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor
599769b701
rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none
2019-01-17 08:50:33 -05:00
Isaac Connor
87d1390fed
Merge branch 'storageareas' into h265
2019-01-16 15:20:17 -05:00
Isaac Connor
f49dd93b6a
Merge branch 'master' into storageareas
2019-01-16 14:39:56 -05:00
Isaac Connor
1f3da476b8
switch to single quotes
2019-01-16 14:04:24 -05:00
Isaac Connor
b1cc0c2b82
add CSP nonce to CSRF rewriting
2019-01-16 14:04:07 -05:00
Isaac Connor
a7db6f08f5
single vs double quotes
2019-01-16 13:47:50 -05:00
Isaac Connor
42076ad09b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-16 13:46:01 -05:00
Isaac Connor
a2c23d3263
Need nonce in inline script setting display css
2019-01-16 13:45:26 -05:00
Isaac Connor
d8ef33396a
If multi-port is on, we need to output CORS headers
2019-01-16 13:44:57 -05:00
Isaac Connor
e156a6cda0
logout view should go to logout view
2019-01-16 12:23:18 -05:00
Isaac Connor
ba21820fd0
fix typo
2019-01-16 12:10:34 -05:00
Isaac Connor
eee1d871e0
get rid of default value for PathToIndex so that it will use PHP_SELF instead
2019-01-16 12:09:26 -05:00
Matt N
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor
fd696bc066
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-15 11:38:56 -05:00
Isaac Connor
ac27005944
remove debug
2019-01-15 11:38:43 -05:00
Isaac Connor
07c7c271a6
prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411
2019-01-15 11:38:19 -05:00
Isaac Connor
3182d8bab7
implement to_json method so that defaults get included
2019-01-15 11:36:56 -05:00
Andrew Bauer
07d8ac1d49
implement timezone check function ( #2387 )
...
* implement timezone check function
* remove comment
* also check if the timezone is valid
* whitespace
2019-01-15 09:05:11 -05:00
Matt N
083f284599
Replace onclick inline event handlers for createPopup ( #2410 )
...
* Move <script> before </body>
* Change makePopupLink to not use onclick
* Change makePopupButton to not use onclick
* Use .popup-link in control_functions.php
* Use makePopupButton in controlcaps.php
* Prevent double-encoding in makePopup*
* Use makePopupButton in devices.php
* Use makePopupButton in logout.php
* Use makePopupLink in monitor.php
* Use makePopupLink and .popup-link in montage.php
* Use makePopupButton in options.php
* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor
f726666f54
Merge branch 'master' into h265
2019-01-14 12:36:11 -05:00
Isaac Connor
fc7403fe3d
Merge branch 'master' into storageareas
2019-01-13 14:53:34 -05:00
Isaac Connor
c834fbe462
the filter action should singular filter, not filters
2019-01-13 14:52:39 -05:00
Isaac Connor
a282b487d1
load Help from Config as it is not longer always loaded into ram.
2019-01-11 13:55:03 -05:00
Isaac Connor
b373577589
fix function view after actions cleanup
2019-01-10 12:08:25 -05:00
Isaac Connor
1d54216e80
spacing
2019-01-09 16:23:58 -05:00
Isaac Connor
c1e4fbac6a
extend input path and options to the full width of the popup
2019-01-09 12:37:42 -05:00
Isaac Connor
2d03583b78
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-08 13:12:42 -05:00
Isaac Connor
ffa37d8c10
Fix margins on replayControl
2019-01-08 13:12:35 -05:00
Isaac Connor
3f5a2a2aa6
disable delete button when event is archived.
2019-01-07 15:56:23 -05:00
Isaac Connor
f3a807f1f8
Merge branch 'master' into storageareas
2019-01-07 09:21:25 -05:00
Isaac Connor
b4f8500cb5
Merge branch 'split_actions'
2019-01-05 18:33:04 -05:00
Isaac Connor
3f10553464
Fix include path to Monitors.php
2019-01-05 18:32:53 -05:00
Isaac Connor
1a75cf333e
Merge branch 'master' into storageareas
2019-01-05 11:12:38 -05:00
Isaac Connor
e34a5e972a
fix missing }
2019-01-05 11:12:26 -05:00
Isaac Connor
cf0d55d3db
Merge branch 'master' into storageareas
2019-01-05 10:59:01 -05:00
David Beitey
e6ba8e58ef
Fix #2391 by defining monitor variable ( #2392 )
2019-01-05 10:20:34 -05:00
Isaac Connor
8eb61b1c11
Merge branch 'master' into storageareas
2019-01-05 10:16:38 -05:00
Isaac Connor
5b5905c83a
We always use markEids[] now
2019-01-04 16:29:16 -05:00
Isaac Connor
de0ef6ce43
Merge branch 'master' into split_actions
2019-01-04 15:55:54 -05:00
Isaac Connor
e72e4e7ce4
Spacing, remove some html4 stuff, clean up duplicated hidden form elements.
2019-01-04 15:52:36 -05:00
Isaac Connor
dea64320f0
Fix a + that should be a .
2019-01-04 15:52:14 -05:00
Isaac Connor
0e20666992
fix eventdetail actions being in events
2019-01-04 15:43:31 -05:00
Isaac Connor
ab198bfd75
remove master version of actions.php
2019-01-04 15:29:21 -05:00
Isaac Connor
52466c398b
Merge branch 'split_actions' into storageareas
2019-01-04 15:28:55 -05:00
Isaac Connor
b8d065275b
Merge branch 'master' into storageareas
2019-01-04 15:22:18 -05:00
Isaac Connor
e2f32ab091
Upgrade config saving
2019-01-04 09:43:36 -05:00
Isaac Connor
7ec96655c3
fix missing ! when testing for permission on editing config
2019-01-04 09:37:26 -05:00
Isaac Connor
5b9bf48945
Merge branch 'master' into split_actions
2019-01-04 09:35:54 -05:00
Isaac Connor
46adcbb66b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-04 09:34:51 -05:00
Isaac Connor
edeaa07c12
Fix no quotes around Id
2019-01-04 09:34:42 -05:00
Isaac Connor
6cad852e11
fix path to MontageLayout
2019-01-04 09:34:18 -05:00
Isaac Connor
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
Andrew Bauer
225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
...
Improve config efficiency
2019-01-02 19:34:34 -06:00
Isaac Connor
874930d8fc
Merge branch 'master' into improve_config_efficiency
2019-01-02 13:07:53 -05:00
Isaac Connor
99471836b7
Use monitor's serverId when loading server object so that images load from recording server.
2019-01-02 11:28:12 -05:00
Isaac Connor
8a1707a615
Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server.
2019-01-02 11:27:46 -05:00
Isaac Connor
79113a6869
Add a default Server object to handle non-multi-server case
2019-01-02 10:56:40 -05:00
Isaac Connor
5060358870
Merge branch 'master' into storageareas
2018-12-29 09:56:53 -05:00
Andrew Bauer
d14e9ecf74
force overloadframes and ExtendAlarmFrames to int ( #2373 )
2018-12-29 09:53:31 -05:00
Andrew Bauer
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
Isaac Connor
1a1231fdaa
Merge branch 'master' into storageareas
2018-12-28 10:47:27 -05:00
Andrew Bauer
a029909972
fix path to thumb and anal images ( #2367 )
2018-12-28 10:46:13 -05:00
Andrew Bauer
fb37fc48e1
update viewImagePatch ( #2370 )
2018-12-28 10:38:39 -05:00
Isaac Connor
101f24feb5
Update area when editing x and y coords ( #2366 )
2018-12-27 14:28:14 -05:00
Isaac Connor
3e06bbcef8
Merge branch 'master' into storageareas
2018-12-27 13:50:29 -05:00
Andrew Bauer
5f9a113da1
redirect to montage rather than montagereview
2018-12-26 10:34:01 -06:00
Andrew Bauer
27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
...
Small groups fixes
2018-12-24 11:30:57 -06:00
Isaac Connor
e0a9c4a21e
fix event popup detection
2018-12-24 11:23:58 -05:00
Isaac Connor
2b8fa653ed
Merge branch 'small_groups_fixes' into storageareas
2018-12-24 09:48:36 -05:00
Isaac Connor
27826b4aca
Merge branch 'master' into storageareas
2018-12-24 09:48:29 -05:00
Isaac Connor
68adc289fe
Fix colspan count now that depth is zero-based
2018-12-24 09:40:23 -05:00
Isaac Connor
e0cae5709f
Group::find is now more powerful so we can just use it to return all Groups to be deleted
2018-12-24 09:39:40 -05:00
Isaac Connor
63199289ad
Change depth function to be 0-based.
2018-12-24 09:38:55 -05:00
Isaac Connor
0cce0a642b
Update chosen library to 1.8.7
2018-12-24 09:37:49 -05:00
Andrew Bauer
153877b9c0
Merge pull request #2359 from connortechnology/fix_2353
...
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 15:16:49 -06:00
Isaac Connor
1130d6650a
Fix spacing and pass popup to previous/next event so that popups stay as popups
2018-12-21 10:50:19 -05:00
Isaac Connor
47465260d1
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 10:01:48 -05:00
Isaac Connor
7a8beffdcc
Merge branch 'master' into storageareas
2018-12-20 15:10:52 -05:00
Isaac Connor
a277f697e9
whitespace
2018-12-20 14:58:38 -05:00
Isaac Connor
e626049f6b
Merge branch 'swresample' into storageareas
2018-12-20 14:08:40 -05:00
Isaac Connor
d4fb85a9aa
Merge branch 'master' into swresample
2018-12-20 09:16:27 -05:00
Isaac Connor
3a068ae6a3
Merge branch 'master' into swresample
2018-12-16 16:15:28 -05:00
Pliable Pixels
622c17f628
make sure auth is regenerated each time we call this API ( #2347 )
2018-12-16 11:02:07 -05:00
Isaac Connor
0bfe1007c8
Merge branch 'master' into storageareas
2018-12-14 10:16:08 -05:00
Mike Rosack
567b60ffa7
support for forwarded proto/port in Server.php ( #2343 )
2018-12-13 10:24:32 -05:00
Andrew Bauer
8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
...
Cleanup auth
2018-12-12 20:53:24 -06:00
Isaac Connor
eba8b3327d
Merge branch 'master' into cleanup_auth
2018-12-11 16:04:42 -05:00
Andrew Bauer
21a98f3653
Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view
2018-12-11 09:44:13 -06:00
Isaac Connor
278abbc201
Merge branch 'master' into remove_default_view
2018-12-11 10:37:26 -05:00
Andrew Bauer
3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
...
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
Andrew Bauer
fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
...
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
Andrew Bauer
4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
...
Introduce get body top html
2018-12-11 09:35:54 -06:00
Andrew Bauer
22460f580b
Merge pull request #2305 from pliablepixels/save-first-alarm
...
Save first alarm
2018-12-11 09:35:40 -06:00
Andrew Bauer
c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
...
Fix ios9
2018-12-11 09:29:50 -06:00
Isaac Connor
c8c34d3f95
Merge branch 'master' into storageareas
2018-12-11 10:21:22 -05:00
Isaac Connor
b3bed9a28a
fix whitespace
2018-12-11 10:20:02 -05:00
Isaac Connor
e1ecd47bff
Fix missing use of UrlToApi
2018-12-11 09:40:40 -05:00
Isaac Connor
1e8c4276bb
fix #2319 some more. This is fixing rate sticking across gapless events and reload
2018-12-10 17:32:17 -05:00
Isaac Connor
a1141d2dc4
remove second use of HTTP_HOST and use a better method of stripping off port from HTTP_HOST
2018-12-07 08:39:23 -05:00
Isaac Connor
757e538550
strip port from HTTP_HOST
2018-12-06 17:12:03 -05:00
Isaac Connor
50017057de
Merge branch 'master' into storageareas
2018-12-05 09:05:27 -05:00
Isaac Connor
9ffd77428a
fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui
2018-12-05 09:05:10 -05:00
Isaac Connor
bc5f8d0d8d
rework pts/dts of audio stream. Spacing. Fix crash
2018-12-04 18:23:08 -05:00
Isaac Connor
a9290759a5
Merge branch 'fix_ios9' into storageareas
2018-12-03 16:25:34 -05:00
Isaac Connor
18ce7c9ea0
Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead.
2018-12-03 15:17:16 -05:00
Isaac Connor
27d4ba9e5f
use output of babeljs.io to provide code that works on older browsers. The nice class notation is ES6 upwards.. Safari on IOS9 doesn't like it
2018-12-03 15:16:47 -05:00
Isaac Connor
2df6d74a3e
Merge branch 'master' into storageareas
2018-12-02 17:15:12 -05:00
Andrew Bauer
e327ad100e
fix WebSite camera startup issue
2018-12-01 17:03:50 -06:00
Andrew Bauer
cae6ffd5a3
use HTTP_HOST instead of SERVER_NAME
2018-12-01 13:27:08 -06:00
Isaac Connor
4272225a17
Merge branch 'master' into h265
2018-11-30 16:42:16 -05:00
Isaac Connor
7d90a56561
Merge branch 'master' into storageareas
2018-11-30 14:46:42 -05:00
Isaac Connor
9bb4f1804e
Merge branch 'server_path_prefix'
2018-11-30 14:46:20 -05:00
Isaac Connor
8c626c984b
Need to pass port through all Url functions
2018-11-30 14:45:58 -05:00
Isaac Connor
fe45e83bb4
Fix PathToIndex
2018-11-29 15:54:25 -05:00
Isaac Connor
4cf7ff7fe4
Merge branch 'server_path_prefix' into storageareas
2018-11-29 15:53:58 -05:00
Isaac Connor
945770c819
Merge branch 'server_path_prefix'
2018-11-29 15:53:35 -05:00
Isaac Connor
3bd5774ea1
Default to PathToIndex should have the index.php in it
2018-11-29 15:53:19 -05:00
Isaac Connor
af2bb992e9
Merge branch 'server_path_prefix' into storageareas
2018-11-29 14:33:46 -05:00
Isaac Connor
17551eacee
Merge branch 'server_path_prefix'
2018-11-29 14:27:32 -05:00
Isaac Connor
1c17f334d3
fix missing bits. Implement UrlToIndex in Monitor and fix use of Url(). Implement PathToApi as well
2018-11-29 14:26:30 -05:00
Isaac Connor
d83fb2e985
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2018-11-29 14:08:03 -05:00
Isaac Connor
5e0d742e26
Use history.go(-1) which works on safari
2018-11-29 14:04:35 -05:00
Andrew Bauer
a74a9ae292
Merge pull request #2328 from pliablepixels/login-auth-relay
...
returns user=&pass= in credentials for auth_relay plain and none #2327
2018-11-29 09:59:09 -06:00
Andrew Bauer
5a88cbcddb
Merge pull request #2329 from connortechnology/fix_2319
...
Fix rate resetting
2018-11-29 09:57:13 -06:00
Andrew Bauer
be07e4413f
Merge pull request #2152 from connortechnology/server_path_prefix
...
Server path prefix
2018-11-29 09:56:25 -06:00
Isaac Connor
df0b600431
Merge branch 'master' into storageareas
2018-11-29 10:49:06 -05:00
Isaac Connor
c0a9fae01f
Merge branch 'fix_2319' into storageareas
2018-11-29 09:57:41 -05:00
Isaac Connor
605397b565
Fix rate resetting by storing it in a cookie and using that on initial event load. Fixes #2319
2018-11-29 09:43:21 -05:00
Pliable Pixels
e6b8a7bc66
resolves #2327
2018-11-29 09:21:10 -05:00
Isaac Connor
4625f7c879
Merge branch 'master' into storageareas
2018-11-28 10:46:49 -05:00
Isaac Connor
1e915e9567
Merge branch 'master' into server_path_prefix
2018-11-28 10:45:36 -05:00
Isaac Connor
57acb2aac6
Merge branch 'server_path_prefix' into storageareas
2018-11-28 10:41:11 -05:00
Isaac Connor
a89dd83565
Update to use object instead of db row
2018-11-28 09:55:34 -05:00
Isaac Connor
cd13dda294
fix use of instead of
2018-11-28 09:54:22 -05:00
Isaac Connor
2b48b09ef5
Add entries for PathToIndex and PathToZMS
2018-11-28 09:53:35 -05:00
Isaac Connor
f5328265ef
fix missing daemons definition
2018-11-28 09:12:22 -05:00
Elmar Pruesse
94d8e043ce
Fix unreadable input text when OS theme dark ( #2324 )
...
* Update skin.css
* Update skin.css
2018-11-27 18:25:05 -05:00
Isaac Connor
f8b2ff5c77
rework from Url() to PathToIndex(), PathToZMS(), UrlToIndex() and UrlToZMS()
2018-11-27 17:35:25 -05:00
Isaac Connor
10ce55c396
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2018-11-26 16:20:22 -05:00
Isaac Connor
17c1933913
remove an extra l
2018-11-26 16:20:15 -05:00
Isaac Connor
b5430a1927
Merge branch 'fix_2317' into storageareas
2018-11-23 15:35:55 -05:00
Isaac Connor
6128d2a4d9
fix #2317 by updating the url encoding of a filter to match events for that monitor
2018-11-23 15:34:23 -05:00
Isaac Connor
19f3cce41f
Dont auto-guess pathPrefix
2018-11-23 13:54:14 -05:00
Isaac Connor
7ad19be0d7
Merge branch 'server_path_prefix' into storageareas
2018-11-23 13:29:01 -05:00