Commit Graph

2347 Commits

Author SHA1 Message Date
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416)
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00
Isaac Connor 07c7c271a6 prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411 2019-01-15 11:38:19 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor a282b487d1 load Help from Config as it is not longer always loaded into ram. 2019-01-11 13:55:03 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor 1d54216e80 spacing 2019-01-09 16:23:58 -05:00
Isaac Connor c1e4fbac6a extend input path and options to the full width of the popup 2019-01-09 12:37:42 -05:00
Isaac Connor 2d03583b78 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-08 13:12:42 -05:00
Isaac Connor ffa37d8c10 Fix margins on replayControl 2019-01-08 13:12:35 -05:00
Isaac Connor 3f5a2a2aa6 disable delete button when event is archived. 2019-01-07 15:56:23 -05:00
David Beitey e6ba8e58ef Fix #2391 by defining monitor variable (#2392) 2019-01-05 10:20:34 -05:00
Isaac Connor 5b5905c83a We always use markEids[] now 2019-01-04 16:29:16 -05:00
Isaac Connor de0ef6ce43 Merge branch 'master' into split_actions 2019-01-04 15:55:54 -05:00
Isaac Connor e72e4e7ce4 Spacing, remove some html4 stuff, clean up duplicated hidden form elements. 2019-01-04 15:52:36 -05:00
Isaac Connor 5b9bf48945 Merge branch 'master' into split_actions 2019-01-04 09:35:54 -05:00
Isaac Connor dbe9817bc8 Split actions.php into individual files per view 2019-01-04 09:26:34 -05:00
Andrew Bauer 225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
Improve config efficiency
2019-01-02 19:34:34 -06:00
Isaac Connor 874930d8fc Merge branch 'master' into improve_config_efficiency 2019-01-02 13:07:53 -05:00
Isaac Connor 99471836b7 Use monitor's serverId when loading server object so that images load from recording server. 2019-01-02 11:28:12 -05:00
Isaac Connor 8a1707a615 Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server. 2019-01-02 11:27:46 -05:00
Isaac Connor 79113a6869 Add a default Server object to handle non-multi-server case 2019-01-02 10:56:40 -05:00
Isaac Connor 101f24feb5
Update area when editing x and y coords (#2366) 2018-12-27 14:28:14 -05:00
Andrew Bauer 27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
Small groups fixes
2018-12-24 11:30:57 -06:00
Isaac Connor e0a9c4a21e fix event popup detection 2018-12-24 11:23:58 -05:00
Isaac Connor 68adc289fe Fix colspan count now that depth is zero-based 2018-12-24 09:40:23 -05:00
Isaac Connor 0cce0a642b Update chosen library to 1.8.7 2018-12-24 09:37:49 -05:00
Isaac Connor 1130d6650a Fix spacing and pass popup to previous/next event so that popups stay as popups 2018-12-21 10:50:19 -05:00
Andrew Bauer 21a98f3653 Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view 2018-12-11 09:44:13 -06:00
Isaac Connor 278abbc201 Merge branch 'master' into remove_default_view 2018-12-11 10:37:26 -05:00
Andrew Bauer 3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
Andrew Bauer fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
Andrew Bauer 4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
Introduce get body top html
2018-12-11 09:35:54 -06:00
Andrew Bauer c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
Fix ios9
2018-12-11 09:29:50 -06:00
Isaac Connor 1e8c4276bb fix #2319 some more. This is fixing rate sticking across gapless events and reload 2018-12-10 17:32:17 -05:00
Isaac Connor 9ffd77428a fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui 2018-12-05 09:05:10 -05:00
Isaac Connor 18ce7c9ea0 Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead. 2018-12-03 15:17:16 -05:00
Isaac Connor 17551eacee Merge branch 'server_path_prefix' 2018-11-29 14:27:32 -05:00
Isaac Connor 1c17f334d3 fix missing bits. Implement UrlToIndex in Monitor and fix use of Url(). Implement PathToApi as well 2018-11-29 14:26:30 -05:00
Isaac Connor d83fb2e985 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2018-11-29 14:08:03 -05:00
Isaac Connor 5e0d742e26 Use history.go(-1) which works on safari 2018-11-29 14:04:35 -05:00
Andrew Bauer 5a88cbcddb
Merge pull request #2329 from connortechnology/fix_2319
Fix rate resetting
2018-11-29 09:57:13 -06:00
Andrew Bauer be07e4413f
Merge pull request #2152 from connortechnology/server_path_prefix
Server path prefix
2018-11-29 09:56:25 -06:00
Isaac Connor 605397b565 Fix rate resetting by storing it in a cookie and using that on initial event load. Fixes #2319 2018-11-29 09:43:21 -05:00
Isaac Connor 1e915e9567 Merge branch 'master' into server_path_prefix 2018-11-28 10:45:36 -05:00
Isaac Connor a89dd83565 Update to use object instead of db row 2018-11-28 09:55:34 -05:00
Isaac Connor cd13dda294 fix use of instead of 2018-11-28 09:54:22 -05:00
Elmar Pruesse 94d8e043ce Fix unreadable input text when OS theme dark (#2324)
* Update skin.css

* Update skin.css
2018-11-27 18:25:05 -05:00
Isaac Connor f8b2ff5c77 rework from Url() to PathToIndex(), PathToZMS(), UrlToIndex() and UrlToZMS() 2018-11-27 17:35:25 -05:00
Isaac Connor 6128d2a4d9 fix #2317 by updating the url encoding of a filter to match events for that monitor 2018-11-23 15:34:23 -05:00
Isaac Connor c5f7fb7b18 Merge branch 'master' into server_path_prefix 2018-11-22 10:04:33 -05:00
Isaac Connor d8d9544497 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2018-11-17 10:39:52 -05:00
Isaac Connor 87140ecdb5 white space and quiet warning 2018-11-17 10:39:42 -05:00
Andrew Bauer 5c2e5d89ed
fix gpl mailing address
This makes rpmlint & lintian complain less
2018-11-15 19:53:45 -06:00
Isaac Connor f72651da5a Add auth hash to ajax fps and status calls in zone edit 2018-11-15 12:22:35 -05:00
Isaac Connor aa8ac9c31c spaces and quotes 2018-11-14 15:54:45 -05:00
Isaac Connor 3a409b26aa Use buttons instead of anchor tags for Prev/Next/FIrst/Last buttons 2018-11-14 15:54:34 -05:00
Isaac Connor 3be31020b7 Automatically add width to frames view when thumbnails are turned on. 2018-11-14 15:54:01 -05:00
Isaac Connor 490fb40917 DefaultView in the past was used to control whether the watch view starts up with ptz controls visible or the events list. Isaac changed the watch view to always have the controls visible... so this setting is no longer useful. 2018-11-14 09:22:38 -05:00
Isaac Connor d76d6bb9d1 include overlay.js when viewing the log, so that export works 2018-11-12 15:09:15 -05:00
Isaac Connor 246765ced9 Add tooltip for sorting monitors 2018-11-11 16:23:19 -05:00
Isaac Connor 82abd04f36 Add type=button to buttons so they don't act like submit buttons 2018-11-07 13:19:42 -05:00
Isaac Connor 702143e51b Create a function called getBodyTopHTML that outputs the body tag and anything else that should go at the top.
Things like the we require javascript message, and any other messages like error messages.
Use this on the monitor and console view to stick an error message at the top when saving a monitor fails.

This is a pretty quick, crude implementation.
2018-11-07 12:33:54 -05:00
Andrew Bauer a50c2bae35
Merge pull request #2289 from connortechnology/audio_only_with_ffmpeg
Audio only with ffmpeg
2018-11-03 20:39:18 -05:00
Isaac Connor 589b6f3eef add further note about needing h264 passthrough 2018-10-31 11:35:06 -04:00
Isaac Connor 69f7d36729 Make it clear that audio recording is only for ffmpeg input type 2018-10-31 11:34:30 -04:00
Isaac Connor f95379742b Use a warning colour when motion detection is disabled. 2018-10-30 12:04:05 -04:00
Andrew Bauer f790eacc92
Merge pull request #2273 from connortechnology/fix_rce
use json_encode/decode instead of serialize/unserialize to pass onvif…
2018-10-30 07:06:45 -05:00
Isaac Connor 95a6d0666a Improve behaviour and reduce extra logging when db goes away 2018-10-29 09:59:26 -04:00
Isaac Connor 2024df4393 use json_encode/decode instead of serialize/unserialize to pass onvif probe results around. Also clean up some code/ add some missing things. Fixes #2271 and #2272 2018-10-24 09:49:56 -04:00
Isaac Connor 86b0e4ea18 fix auth_hash. Should use generateAuthHash instead of accessing session directly 2018-10-22 18:32:39 -04:00
Isaac Connor ccd64b0fae Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2018-10-22 14:21:34 -04:00
Isaac Connor 7e4c54fec0 Use proper buttons and remove extra bootstrap styles from buttons so that they aren't all jammed together 2018-10-22 13:54:27 -04:00
Isaac Connor 559f34a838 User Monitor->Url() instead of Monitor->Server->Url() which will append port # 2018-10-20 14:33:09 -04:00
Isaac Connor 069f67a10f Break some long lines 2018-10-20 14:32:58 -04:00
Isaac Connor c9c46aa12d User Monitor->Url() instead of Monitor->Server->Url() which will append port # 2018-10-20 14:32:25 -04:00
Isaac Connor f5eca2da1e No longer need to add thisUrl to monitorUrl 2018-10-20 11:37:36 -04:00
Isaac Connor 3723f7acb3 comment out redundatn code increasing load on server 2018-10-19 15:02:10 -04:00
Isaac Connor 4c7fe8741b Load the complete config info only for options 2018-10-19 15:00:47 -04:00
Isaac Connor 23fd5db5c8 fix #2265 extra graphics in url 2018-10-19 10:06:51 -04:00
Isaac Connor e7ec2faccd monitorUrl now includes /zm/index.php so adding thisUrl generates an incorrect url 2018-10-18 20:33:50 -04:00
Isaac Connor 37a48550e5 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2018-10-18 08:57:29 -04:00
Pliable Pixels f7de3a87e2 show event notes in same event view (#2259) 2018-10-16 12:11:25 -04:00
Isaac Connor 1b9b2811b3 remove ? from streamCmdParms. Mootools adds it in so this gives us a double ? 2018-10-16 11:39:16 -04:00
Isaac Connor d1bef49d0b Don't reload on a timeout when refreshing the navbar 2018-10-11 11:30:30 -04:00
Isaac Connor be78cb1b34 correct falsepi=> false 2018-10-10 16:08:48 -04:00
Andrew Bauer 4d5b0ca864
Merge pull request #2247 from connortechnology/turn_off_navbar
Turn off navbar
2018-10-10 13:21:46 -05:00