2363 Commits

Author	SHA1	Message	Date
Isaac Connor	2f301cf5fe	Merge branch 'master' of github.com:ZoneMinder/ZoneMinder	2019-02-12 13:18:08 -05:00
Isaac Connor	5b9bb93703	fix navbar auth	2019-02-12 13:17:55 -05:00
timwsuqld	f95e9c0363	Fix comment about hiding navbar (#2521) ... Fixes #2520	2019-02-11 17:14:33 -05:00
Isaac Connor	3871c28089	Merge branch 'master' of github.com:ZoneMinder/ZoneMinder	2019-02-11 14:15:35 -05:00
Isaac Connor	40e0019267	fix all the nav missing when a users Monitors Permission is None	2019-02-11 14:15:24 -05:00
Pliable Pixels	5a333e153c	show object detected file, if object detection in place (#2514)	2019-02-11 10:58:34 -05:00
Matt N	9675367e03	event.js: Wait for delete request to succeed before navigating. Fixes #2384 (#2515)	2019-02-11 09:34:51 -05:00
Matthew Noorenberghe	cdbd59f054	bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493	2019-02-10 13:22:08 -08:00
Matthew Noorenberghe	cda4a28fec	Fix accidental use of 'let' in 255806bd54	2019-02-10 11:14:55 -08:00
Isaac Connor	c9032d3cb4	add autocomplete tags to username and password inputs	2019-02-10 00:27:33 -08:00
Matthew Noorenberghe	a97711de89	Replace or sanitize remaining uses of PHP_SELF. Fixes #2446	2019-02-09 22:12:36 -08:00
Matthew Noorenberghe	99f1e23c5b	Replace usage of PHP_SELF in views/. Fixes #2450	2019-02-09 21:39:19 -08:00
Matthew Noorenberghe	effd609ff7	Escape output of state names. Fixes #2475	2019-02-09 20:40:08 -08:00
Matthew Noorenberghe	d7ede4643d	_monitor_filters.php: Escape MonitorName and Source. Fixes #2457	2019-02-09 19:14:31 -08:00
Matthew Noorenberghe	255806bd54	log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453	2019-02-09 18:43:55 -08:00
Matthew Noorenberghe	6af2c4ad0e	Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468	2019-02-09 18:06:21 -08:00
Matthew Noorenberghe	9ce05a9a09	user.php: Escape the Username upon display. Fixes #2467	2019-02-09 17:45:52 -08:00
Matthew Noorenberghe	6d2f3c265f	events.php: Remove inline event handlers and enforce CSP	2019-02-09 17:34:59 -08:00
Matthew Noorenberghe	ef0e5f453a	monitor.php: Fix XSS from LinkedMonitors. Fixes #2463	2019-02-09 17:11:53 -08:00
Matthew Noorenberghe	9705edfe24	monitor.php: Escape monitor method. Fixes #2464	2019-02-09 17:01:45 -08:00
Matthew Noorenberghe	cef54feaf9	monitor.php: Escape a bug of output variables. Fixes #2465	2019-02-09 16:54:06 -08:00
Matthew Noorenberghe	254b7286b4	monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451	2019-02-09 16:41:54 -08:00
Matthew Noorenberghe	bb75dad091	filter.php: Escape filter query term value to avoid XSS. Fixes #2462	2019-02-09 15:35:55 -08:00
Matthew Noorenberghe	dd37808ef7	filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461	2019-02-09 15:24:13 -08:00
Matthew Noorenberghe	70e59ed546	filter.php: Escape the filter name on output. Fixes #2455	2019-02-09 15:19:15 -08:00
Matthew Noorenberghe	b2a97ee190	frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP. ... Fixes #2448, fixes #2449, and fixes #2447.	2019-02-09 15:10:45 -08:00
Matthew Noorenberghe	7b0ee8a6a2	group: Escape group name in heading. Fixes #2454	2019-02-09 14:05:50 -08:00
Matthew Noorenberghe	fa6716a64b	console: Escape source column output to prevent XSS. Fixes #2452	2019-02-09 02:28:40 -08:00
Matthew Noorenberghe	02f09aad7f	view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443	2019-02-09 02:01:26 -08:00
Matthew Noorenberghe	61f6a92cc0	view=download: Validate the eid parameter to avoid XSS. Fixes #2442	2019-02-09 01:37:32 -08:00
Matthew Noorenberghe	0b38e72f88	view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441	2019-02-09 01:16:32 -08:00
Matthew Noorenberghe	e36ac1b872	Add a polyfill for NodeList.prototype.forEach	2019-02-08 21:54:23 -08:00
Isaac Connor	0eb1efff8b	fix eslint errors	2019-02-08 13:48:38 -05:00
Isaac Connor	ee3a0c1fd1	fix validateForm running on monitor cancel due to lack of type=button on cancel button	2019-02-08 09:55:32 -05:00
Isaac Connor	1039149866	fix buttons on events page. data-onclick-this to data-on-click-this	2019-02-07 08:56:48 -05:00
Isaac Connor	7e84a5914c	fix CSP policy violations on filters view	2019-02-06 13:55:19 -05:00
Isaac Connor	0783802d0c	fix CSP violations on events	2019-02-06 13:31:34 -05:00
Isaac Connor	b04b67c39d	Fix CSP violation in the onclick of the monitor view in montagereview	2019-02-06 12:17:10 -05:00
Isaac Connor	6744a9a116	Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.	2019-02-06 11:46:55 -05:00
Isaac Connor	edaf582eb4	Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.	2019-02-06 11:46:48 -05:00
Isaac Connor	dca9a81cfd	implement data-on-click-true	2019-02-05 16:45:05 -05:00
Isaac Connor	a40cd144fa	Merge branch 'master' of github.com:ZoneMinder/ZoneMinder	2019-02-05 12:35:15 -05:00
Isaac Connor	c54fe7e89a	fix state actions	2019-02-05 12:35:06 -05:00
Isaac Connor	a2e04c307d	update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.	2019-01-31 09:40:19 -05:00
Isaac Connor	604dbf8776	fix state changing/etc	2019-01-30 14:36:46 -05:00
Isaac Connor	7ea8be3fa8	spacing, remove non html5 elements	2019-01-25 09:22:08 -05:00
Matt N	8c5687ca30	Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479)	2019-01-25 08:35:07 -05:00
Matthew Noorenberghe	a3e8fd4fd5	Fix zones.php self-xss. Fixes #2444	2019-01-24 23:40:41 -08:00
Matthew Noorenberghe	47d8c9b066	plugin.php: Remove undefined onclick function reference and enforce CSP ... Also fix tag closing.	2019-01-23 19:47:58 -08:00
Matthew Noorenberghe	59cc65411f	plugin.php: Fix XSS and directory traversal bugs. Fixes #2436 ... This view seems like dead code so maybe it should be removed instead.	2019-01-23 19:41:38 -08:00