2975225918
Cleanup old files ( #2509 )
...
* Remove Doc-Pak folder
Duplicates and out of date
* Delete umutils dir, looks like some old build script.
* Remove NEWS file as it is not being used.
* Remove TODO
* Remove description-pak, hanging around since NextTime days
* Delete ChangeLog file leaving CHANGELOG.MD as main file, which needs updating..
* Remove INSTALL file as it was not up to date, happy to consider an update instead.
* Remove Authors, not really adding much value and pretty sure the history is documented elsewhere.
* Deleted BUGS. Should be covered in the readme, let me know if you want me to add a link..
2019-02-10 13:09:40 -05:00
87413d447d
Set CSRF on as the default for new installs. Fixes #2507 ( #2508 )
...
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.
* Fix the spelling mistake that I noticed after editing this.
2019-02-10 13:08:58 -05:00
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
a6ee79f428
Fix typo in dbc1c7b72f comment
2019-02-09 22:40:39 -08:00
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
e36ac1b872
Add a polyfill for NodeList.prototype.forEach
2019-02-08 21:54:23 -08:00
2dc935b488
added object detection frame rendering ( #2505 )
2019-02-08 13:49:00 -05:00
0eb1efff8b
fix eslint errors
2019-02-08 13:48:38 -05:00
e2fc0ea25d
Increase navbar refresh times. 5 seconds is way too fast
2019-02-08 10:22:42 -05:00
ee3a0c1fd1
fix validateForm running on monitor cancel due to lack of type=button on cancel button
2019-02-08 09:55:32 -05:00
1039149866
fix buttons on events page. data-onclick-this to data-on-click-this
2019-02-07 08:56:48 -05:00
7e84a5914c
fix CSP policy violations on filters view
2019-02-06 13:55:19 -05:00
0783802d0c
fix CSP violations on events
2019-02-06 13:31:34 -05:00
b04b67c39d
Fix CSP violation in the onclick of the monitor view in montagereview
2019-02-06 12:17:10 -05:00
6744a9a116
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:55 -05:00
edaf582eb4
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
2019-02-06 11:46:48 -05:00
8e62c93f5f
add to_json function to Storage.
2019-02-06 11:44:36 -05:00
dca9a81cfd
implement data-on-click-true
2019-02-05 16:45:05 -05:00
a40cd144fa
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-05 12:35:15 -05:00
c54fe7e89a
fix state actions
2019-02-05 12:35:06 -05:00
cab77d7c17
Merge pull request #2488 from connortechnology/update_version_view
...
Update version view
2019-02-02 15:46:59 +11:00
a2e04c307d
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
2019-01-31 09:40:19 -05:00
604dbf8776
fix state changing/etc
2019-01-30 14:36:46 -05:00
Steve Gilvarry
Isaac Connor
Matthew Noorenberghe
Pliable Pixels
Isaac Connor