Commit Graph

12474 Commits

Author SHA1 Message Date
Andrew Bauer d575403900
Update support.yml 2019-01-20 18:15:15 -06:00
Isaac Connor f69b77e38f fix eslint complaints 2019-01-19 12:40:17 -05:00
Matt N a1a42345e3 More eslint fixes; eslint in php; add eslint to travis (#2419)
* Add eslint to travis.yml

* Update eslint package versions and apply new indent rules

* Enable the brace-style and block-style eslint rules

* Enable the 'curly' eslint rule

* Enable the 'keyword-spacing' eslint rule

* Enable the 'key-spacing' eslint rule

* Enable the 'object-curly-spacing' eslint rule

* Enable the 'no-new-object' eslint rule

* Only disable the no-caller eslint rule in the one affected file

* Enable the 'no-unused-vars' eslint rule for local variables

* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N c0a6e54d60 skins/classic/views/control.php second order sqli (#2422) 2019-01-19 09:46:21 -05:00
Matt N 02fd1e79b3 Fix ajax/status.php orderby sql injection (#2421)
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor 4e6c1d42b1 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-18 10:30:15 -05:00
Isaac Connor 358cfc7f49 Don't let issues with bounties or labelling as valid bug go stale 2019-01-18 10:30:02 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416)
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Isaac Connor 2b21fe3640 increase sql var size to MED to hold the largest possible sql string. 2019-01-16 11:48:31 -05:00
Isaac Connor 3560d6247f whitespace and comments. 2019-01-16 11:20:10 -05:00
Isaac Connor 5f5f28378d Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 11:19:22 -05:00
Isaac Connor c2b1b43cde fix typo 2019-01-16 11:19:14 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00
Isaac Connor 07c7c271a6 prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411 2019-01-15 11:38:19 -05:00
Isaac Connor 3182d8bab7 implement to_json method so that defaults get included 2019-01-15 11:36:56 -05:00
Isaac Connor 34224a957b cleanup error string 2019-01-15 11:36:13 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor 0e06bdd1f2 zmcuston.conf => zmcustom.conf 2019-01-14 11:41:44 -05:00
Isaac Connor c834fbe462 the filter action should singular filter, not filters 2019-01-13 14:52:39 -05:00
Isaac Connor ee2b9b011a Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-11 13:55:17 -05:00
Isaac Connor a282b487d1 load Help from Config as it is not longer always loaded into ram. 2019-01-11 13:55:03 -05:00
kobold81 208d8f28de update debian to 1.32.x (#2407)
Hello,

the ZM_PATH config has cost me several hours to fix. I would like to add this little snipped to help others avoid this pitfall.

Best regards
Marc
2019-01-11 12:14:42 -05:00
Isaac Connor 730ced60d8 specify which input we are setting standard on. Not sure it is required, but the api docs do it 2019-01-10 12:08:51 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor 4a82f460b2 add some parenthesis to make logic at more clear if not more correct. Potentially fix #2405 2019-01-09 16:39:53 -05:00
Isaac Connor 1d54216e80 spacing 2019-01-09 16:23:58 -05:00
Isaac Connor 941ce6e97f Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-09 12:37:54 -05:00
Isaac Connor c1e4fbac6a extend input path and options to the full width of the popup 2019-01-09 12:37:42 -05:00
Andrew Bauer 9811679cc0
Merge pull request #2401 from connortechnology/vlc_logging
add a logging callback to the libvlc camera
2019-01-08 13:49:51 -06:00
Isaac Connor 2d03583b78 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-08 13:12:42 -05:00