Commit Graph

12410 Commits

Author SHA1 Message Date
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Isaac Connor 2b21fe3640 increase sql var size to MED to hold the largest possible sql string. 2019-01-16 11:48:31 -05:00
Isaac Connor 3560d6247f whitespace and comments. 2019-01-16 11:20:10 -05:00
Isaac Connor 5f5f28378d Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 11:19:22 -05:00
Isaac Connor c2b1b43cde fix typo 2019-01-16 11:19:14 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00
Isaac Connor 07c7c271a6 prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411 2019-01-15 11:38:19 -05:00
Isaac Connor 3182d8bab7 implement to_json method so that defaults get included 2019-01-15 11:36:56 -05:00
Isaac Connor 34224a957b cleanup error string 2019-01-15 11:36:13 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor 0e06bdd1f2 zmcuston.conf => zmcustom.conf 2019-01-14 11:41:44 -05:00
Isaac Connor c834fbe462 the filter action should singular filter, not filters 2019-01-13 14:52:39 -05:00
Isaac Connor ee2b9b011a Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-11 13:55:17 -05:00
Isaac Connor a282b487d1 load Help from Config as it is not longer always loaded into ram. 2019-01-11 13:55:03 -05:00
kobold81 208d8f28de update debian to 1.32.x (#2407)
Hello,

the ZM_PATH config has cost me several hours to fix. I would like to add this little snipped to help others avoid this pitfall.

Best regards
Marc
2019-01-11 12:14:42 -05:00
Isaac Connor 730ced60d8 specify which input we are setting standard on. Not sure it is required, but the api docs do it 2019-01-10 12:08:51 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor 4a82f460b2 add some parenthesis to make logic at more clear if not more correct. Potentially fix #2405 2019-01-09 16:39:53 -05:00
Isaac Connor 1d54216e80 spacing 2019-01-09 16:23:58 -05:00
Isaac Connor 941ce6e97f Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-09 12:37:54 -05:00
Isaac Connor c1e4fbac6a extend input path and options to the full width of the popup 2019-01-09 12:37:42 -05:00
Andrew Bauer 9811679cc0
Merge pull request #2401 from connortechnology/vlc_logging
add a logging callback to the libvlc camera
2019-01-08 13:49:51 -06:00
Isaac Connor 2d03583b78 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-08 13:12:42 -05:00
Isaac Connor ffa37d8c10 Fix margins on replayControl 2019-01-08 13:12:35 -05:00
Isaac Connor a5de51478e The termination callback should be private 2019-01-08 13:12:22 -05:00
Isaac Connor ae1f00f2a1 add a logging callback to the libvlc camera 2019-01-08 13:06:19 -05:00
Andrew Bauer dd4bd42066
Merge pull request #2396 from connortechnology/fix_2383
disable delete button when event is archived.
2019-01-07 18:40:05 -06:00
Isaac Connor 3f5a2a2aa6 disable delete button when event is archived. 2019-01-07 15:56:23 -05:00
Isaac Connor b8bf91bec6 include libswresample-ffmpeg1 in depends 2019-01-07 09:20:58 -05:00
Isaac Connor b4f8500cb5 Merge branch 'split_actions' 2019-01-05 18:33:04 -05:00
Isaac Connor 3f10553464 Fix include path to Monitors.php 2019-01-05 18:32:53 -05:00
Isaac Connor e34a5e972a fix missing } 2019-01-05 11:12:26 -05:00
David Beitey e6ba8e58ef Fix #2391 by defining monitor variable (#2392) 2019-01-05 10:20:34 -05:00
Andrew Bauer 7336cdaf0d
Update ISSUE_TEMPLATE.md 2019-01-05 08:29:58 -06:00
Andrew Bauer 16f272e3e0
Update issue templates 2019-01-05 08:21:52 -06:00
Andrew Bauer 986961d1d4
Create issue-close-app.yml 2019-01-05 08:14:39 -06:00
Andrew Bauer 4678456fe5
Merge pull request #2385 from connortechnology/split_actions
Split actions.php into individual files per view
2019-01-04 17:33:57 -06:00