Matthew Noorenberghe
|
9ce05a9a09
|
user.php: Escape the Username upon display. Fixes #2467
|
2019-02-09 17:45:52 -08:00 |
Matthew Noorenberghe
|
6d2f3c265f
|
events.php: Remove inline event handlers and enforce CSP
|
2019-02-09 17:34:59 -08:00 |
Matthew Noorenberghe
|
fcbc22b6a2
|
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
|
2019-02-09 17:27:47 -08:00 |
Matthew Noorenberghe
|
502f53fad0
|
functions.php: Fix SQLi in getFormChanges
|
2019-02-09 17:15:02 -08:00 |
Matthew Noorenberghe
|
ef0e5f453a
|
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
|
2019-02-09 17:11:53 -08:00 |
Matthew Noorenberghe
|
9705edfe24
|
monitor.php: Escape monitor method. Fixes #2464
|
2019-02-09 17:01:45 -08:00 |
Matthew Noorenberghe
|
cef54feaf9
|
monitor.php: Escape a bug of output variables. Fixes #2465
|
2019-02-09 16:54:06 -08:00 |
Matthew Noorenberghe
|
254b7286b4
|
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
|
2019-02-09 16:41:54 -08:00 |
Matthew Noorenberghe
|
bb75dad091
|
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
|
2019-02-09 15:35:55 -08:00 |
Matthew Noorenberghe
|
dd37808ef7
|
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
|
2019-02-09 15:24:13 -08:00 |
Matthew Noorenberghe
|
70e59ed546
|
filter.php: Escape the filter name on output. Fixes #2455
|
2019-02-09 15:19:15 -08:00 |
Matthew Noorenberghe
|
b2a97ee190
|
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
|
2019-02-09 15:10:45 -08:00 |
Matthew Noorenberghe
|
c8066919ff
|
functions.php: Esacepe textContent in htmlOptions()
|
2019-02-09 14:14:46 -08:00 |
Matthew Noorenberghe
|
7b0ee8a6a2
|
group: Escape group name in heading. Fixes #2454
|
2019-02-09 14:05:50 -08:00 |
Matthew Noorenberghe
|
fa6716a64b
|
console: Escape source column output to prevent XSS. Fixes #2452
|
2019-02-09 02:28:40 -08:00 |
Matthew Noorenberghe
|
98e0a0d2c5
|
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
|
2019-02-09 02:18:57 -08:00 |
Matthew Noorenberghe
|
02f09aad7f
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
Matthew Noorenberghe
|
61f6a92cc0
|
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
|
2019-02-09 01:37:32 -08:00 |
Matthew Noorenberghe
|
0b38e72f88
|
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
|
2019-02-09 01:16:32 -08:00 |
Matthew Noorenberghe
|
e36ac1b872
|
Add a polyfill for NodeList.prototype.forEach
|
2019-02-08 21:54:23 -08:00 |
Pliable Pixels
|
2dc935b488
|
added object detection frame rendering (#2505)
|
2019-02-08 13:49:00 -05:00 |
Isaac Connor
|
0eb1efff8b
|
fix eslint errors
|
2019-02-08 13:48:38 -05:00 |
Isaac Connor
|
e2fc0ea25d
|
Increase navbar refresh times. 5 seconds is way too fast
|
2019-02-08 10:22:42 -05:00 |
Isaac Connor
|
ee3a0c1fd1
|
fix validateForm running on monitor cancel due to lack of type=button on cancel button
|
2019-02-08 09:55:32 -05:00 |
Isaac Connor
|
1039149866
|
fix buttons on events page. data-onclick-this to data-on-click-this
|
2019-02-07 08:56:48 -05:00 |
Isaac Connor
|
7e84a5914c
|
fix CSP policy violations on filters view
|
2019-02-06 13:55:19 -05:00 |
Isaac Connor
|
0783802d0c
|
fix CSP violations on events
|
2019-02-06 13:31:34 -05:00 |
Isaac Connor
|
b04b67c39d
|
Fix CSP violation in the onclick of the monitor view in montagereview
|
2019-02-06 12:17:10 -05:00 |
Isaac Connor
|
6744a9a116
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:55 -05:00 |
Isaac Connor
|
edaf582eb4
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:48 -05:00 |
Isaac Connor
|
8e62c93f5f
|
add to_json function to Storage.
|
2019-02-06 11:44:36 -05:00 |
Isaac Connor
|
dca9a81cfd
|
implement data-on-click-true
|
2019-02-05 16:45:05 -05:00 |
Isaac Connor
|
a40cd144fa
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
|
2019-02-05 12:35:15 -05:00 |
Isaac Connor
|
c54fe7e89a
|
fix state actions
|
2019-02-05 12:35:06 -05:00 |
Steve Gilvarry
|
cab77d7c17
|
Merge pull request #2488 from connortechnology/update_version_view
Update version view
|
2019-02-02 15:46:59 +11:00 |
Isaac Connor
|
a2e04c307d
|
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
|
2019-01-31 09:40:19 -05:00 |
Isaac Connor
|
604dbf8776
|
fix state changing/etc
|
2019-01-30 14:36:46 -05:00 |
Isaac Connor
|
d310fd0d88
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
|
2019-01-25 09:22:14 -05:00 |
Isaac Connor
|
7ea8be3fa8
|
spacing, remove non html5 elements
|
2019-01-25 09:22:08 -05:00 |
Steve Gilvarry
|
9956eae70a
|
Merge pull request #2483 from connortechnology/fix_user_auth_memleak
Now that we are dynamically allocating safer_username and safer_passw…
|
2019-01-26 01:14:18 +11:00 |
Isaac Connor
|
6d7660cdbd
|
Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency
|
2019-01-25 08:46:40 -05:00 |
Matt N
|
8c5687ca30
|
Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479)
|
2019-01-25 08:35:07 -05:00 |
Matt N
|
fd6179d7c8
|
Enforce CSP on many more views (#2480)
|
2019-01-25 08:34:29 -05:00 |
Steve Gilvarry
|
a81e7c5221
|
Safer_username and safer_login should be based on the username and login (#2482)
(lengths * 2)+1. Control input lengths at user input
|
2019-01-25 08:33:30 -05:00 |
Andrew Bauer
|
99a6db3994
|
Merge pull request #2481 from mnoorenberghe/2444
Fix zones.php self-xss. Fixes #2444
|
2019-01-25 07:15:08 -06:00 |
Matthew Noorenberghe
|
a3e8fd4fd5
|
Fix zones.php self-xss. Fixes #2444
|
2019-01-24 23:40:41 -08:00 |
Andrew Bauer
|
03590226ac
|
Merge pull request #2439 from mnoorenberghe/plugin_xss
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
|
2019-01-24 07:32:57 -06:00 |
Matthew Noorenberghe
|
47d8c9b066
|
plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
|
2019-01-23 19:47:58 -08:00 |
Matthew Noorenberghe
|
59cc65411f
|
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
This view seems like dead code so maybe it should be removed instead.
|
2019-01-23 19:41:38 -08:00 |
Isaac Connor
|
e53678f869
|
Can't use a normal subsitution on the Order by field. So parse the sort param instead
|
2019-01-23 12:22:00 -05:00 |