Matt N
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Steve Gilvarry
a81e7c5221
Safer_username and safer_login should be based on the username and login ( #2482 )
...
(lengths * 2)+1. Control input lengths at user input
2019-01-25 08:33:30 -05:00
Andrew Bauer
99a6db3994
Merge pull request #2481 from mnoorenberghe/2444
...
Fix zones.php self-xss. Fixes #2444
2019-01-25 07:15:08 -06:00
Matthew Noorenberghe
a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
Andrew Bauer
03590226ac
Merge pull request #2439 from mnoorenberghe/plugin_xss
...
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
2019-01-24 07:32:57 -06:00
Matthew Noorenberghe
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor
e53678f869
Can't use a normal subsitution on the Order by field. So parse the sort param instead
2019-01-23 12:22:00 -05:00
Isaac Connor
8d92375d41
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-23 11:31:10 -05:00
Isaac Connor
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor
b1cc7bf837
fix code style
2019-01-23 11:20:31 -05:00
Isaac Connor
b9584bb5d2
Increase width of user popup
2019-01-23 11:18:46 -05:00
Isaac Connor
58d3583722
clean up and reduce depth of some logic
2019-01-23 11:18:30 -05:00
montagdude
4da95369f9
Fix zone area calculation ( #2437 )
...
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650
. This
change implements the method here:
http://mathworld.wolfram.com/PolygonArea.html
It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor
124be4eee6
Put back code to close the popup when view is none
2019-01-23 10:18:57 -05:00
Isaac Connor
e60e3666d5
Fix comment
2019-01-22 10:53:53 -05:00
Isaac Connor
2914fb1d58
Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js
2019-01-22 09:15:25 -05:00
Isaac Connor
e712cedbde
spacing and quotes
2019-01-22 09:14:44 -05:00
Isaac Connor
ae703c45ee
Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it.
2019-01-22 09:14:33 -05:00
Matt N
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
Matt N
e7e45b2d95
Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j ( #2433 )
2019-01-22 08:00:39 -05:00
Isaac Connor
a81428f701
add a test for a 0 fps passed in to updateFrameRate which would cause an infinite loop. Fixes #2427
2019-01-21 13:30:00 -05:00
Isaac Connor
189e78b42d
add comments and a test for zm_terminate in the checkCommandQueue while loop
2019-01-21 13:29:20 -05:00
Isaac Connor
83a652aade
add comments and a test for zm_terminate in the checkCommandQueue while loop
2019-01-21 13:29:14 -05:00
Isaac Connor
9f588d5758
prevent returning infinity from GetFPS
2019-01-21 13:00:10 -05:00
Isaac Connor
785c208ecf
Fixes #2426 . Ca should have been endTime
2019-01-21 12:01:46 -05:00
Isaac Connor
326ac60ae4
add missing braces to fix logic
2019-01-21 11:20:56 -05:00
Isaac Connor
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
Isaac Connor
e663397816
spacing
2019-01-21 11:17:21 -05:00
Isaac Connor
c6311b7079
When logging in, stay on the login view
2019-01-21 11:17:09 -05:00
Isaac Connor
fbc236128e
add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00
2019-01-21 11:16:14 -05:00
Isaac Connor
b24b930f65
After login go to postlogin, not console. the login view is in a popup so we want to close
2019-01-21 11:15:36 -05:00
Matt N
19c272061a
Replace MooTools usage for adding window event listeners ( #2429 )
2019-01-21 11:14:32 -05:00
Matt N
27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N
f0b33145f5
Log CSP violations in ZM logs in supported browsers ( #2431 )
2019-01-21 11:12:17 -05:00
Matt N
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Andrew Bauer
d575403900
Update support.yml
2019-01-20 18:15:15 -06:00
Isaac Connor
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00
Matt N
a1a42345e3
More eslint fixes; eslint in php; add eslint to travis ( #2419 )
...
* Add eslint to travis.yml
* Update eslint package versions and apply new indent rules
* Enable the brace-style and block-style eslint rules
* Enable the 'curly' eslint rule
* Enable the 'keyword-spacing' eslint rule
* Enable the 'key-spacing' eslint rule
* Enable the 'object-curly-spacing' eslint rule
* Enable the 'no-new-object' eslint rule
* Only disable the no-caller eslint rule in the one affected file
* Enable the 'no-unused-vars' eslint rule for local variables
* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N
35fb4366b6
Fix recaptcha support with the CSP ( #2420 )
2019-01-19 09:47:04 -05:00
Matt N
c0a6e54d60
skins/classic/views/control.php second order sqli ( #2422 )
2019-01-19 09:46:21 -05:00
Matt N
02fd1e79b3
Fix ajax/status.php orderby sql injection ( #2421 )
...
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
Matt N
34e2e47993
controlcap.php: Reflected xss fix with validHtmlStr ( #2423 )
2019-01-19 09:43:28 -05:00
Matt N
d3f8037e58
Replace onclick='submitTab(...' with a click listener ( #2424 )
2019-01-19 09:42:12 -05:00
Matt N
4e48939660
Add a validateForm event listener and enforce CSP on some views ( #2425 )
...
* Add a validateForm event listener and enforce CSP on the controlcap view
* filter.php: Use .validateFormOnSubmit
* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check
* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor
4e6c1d42b1
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-18 10:30:15 -05:00
Isaac Connor
358cfc7f49
Don't let issues with bounties or labelling as valid bug go stale
2019-01-18 10:30:02 -05:00
Matt N
43a1725060
Fix duplicate 'class' attribute in options ( #2418 )
2019-01-18 10:05:44 -05:00
Matt N
eef113b6a7
Convert some characters to HTML entities ( #2417 )
2019-01-18 10:02:48 -05:00
Matt N
deaf651aad
Fix eslint violations ( #2416 )
...
* Add more JS libraries to eslintignore
* eslint . --fix
Automatic fixes only
* frame.js: eslint fixes
* events.js: manual eslint fixes
* skin.js: manual eslint fixes
* watch.js: manual eslint fixes
* Remove some tabs used for indentation in JS
* state.js: Fix new-cap eslint violation
* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00