Commit Graph

13021 Commits

Author SHA1 Message Date
Matthew Noorenberghe 98e0a0d2c5 Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459 2019-02-09 02:18:57 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 61f6a92cc0 view=download: Validate the eid parameter to avoid XSS. Fixes #2442 2019-02-09 01:37:32 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Matthew Noorenberghe e36ac1b872 Add a polyfill for NodeList.prototype.forEach 2019-02-08 21:54:23 -08:00
Pliable Pixels 2dc935b488 added object detection frame rendering (#2505) 2019-02-08 13:49:00 -05:00
Isaac Connor 0eb1efff8b fix eslint errors 2019-02-08 13:48:38 -05:00
Isaac Connor e2fc0ea25d Increase navbar refresh times. 5 seconds is way too fast 2019-02-08 10:22:42 -05:00
Isaac Connor ee3a0c1fd1 fix validateForm running on monitor cancel due to lack of type=button on cancel button 2019-02-08 09:55:32 -05:00
Isaac Connor 4f9a32e7a7 Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-02-07 12:01:52 -05:00
Isaac Connor ca781523a8 Merge branch 'master' into storageareas 2019-02-07 08:57:50 -05:00
Isaac Connor 1039149866 fix buttons on events page. data-onclick-this to data-on-click-this 2019-02-07 08:56:48 -05:00
Isaac Connor d33e094526 Merge branch 'master' into storageareas 2019-02-06 17:03:41 -05:00
Isaac Connor 7e84a5914c fix CSP policy violations on filters view 2019-02-06 13:55:19 -05:00
Isaac Connor 0783802d0c fix CSP violations on events 2019-02-06 13:31:34 -05:00
Isaac Connor b04b67c39d Fix CSP violation in the onclick of the monitor view in montagereview 2019-02-06 12:17:10 -05:00
Isaac Connor 6744a9a116 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:55 -05:00
Isaac Connor edaf582eb4 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:48 -05:00
Isaac Connor 8e62c93f5f add to_json function to Storage. 2019-02-06 11:44:36 -05:00
Isaac Connor cff1b6008f Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-02-05 17:37:12 -05:00
Isaac Connor a9f0463223 Merge branch 'master' into storageareas 2019-02-05 16:46:47 -05:00
Isaac Connor dca9a81cfd implement data-on-click-true 2019-02-05 16:45:05 -05:00
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor a40cd144fa Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-05 12:35:15 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor d08a6fcc7c Don't redirect to login if we are already viewing login. Put auth before including skin includes 2019-02-05 12:32:24 -05:00
Isaac Connor 78bc2c1dc2 add autocomplete tags to username and password inputs 2019-02-05 11:53:57 -05:00
Isaac Connor b6b4a21dbe Move auth code to includes/auth.php 2019-02-05 11:45:58 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor 5b288d3b67 split description into description and help text for COOKIE_LIFETIME 2019-02-05 11:39:50 -05:00
Isaac Connor a176c9bbd2 improve debug line when there is a problem updating config entry 2019-02-05 11:39:21 -05:00
Steve Gilvarry cab77d7c17
Merge pull request #2488 from connortechnology/update_version_view
Update version view
2019-02-02 15:46:59 +11:00
Isaac Connor a2e04c307d update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update. 2019-01-31 09:40:19 -05:00
Isaac Connor 86b7fe5d29 fix spacing 2019-01-30 16:08:41 -05:00
Isaac Connor 4bacd26c98 log redirections 2019-01-30 16:08:24 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 2d560a176e Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-01-30 15:19:01 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor e90f49deb9 Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2019-01-30 15:17:32 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00