Matthew Noorenberghe
|
c8e41bfee7
|
log.php: Ensure 'line' is an integer. Helps with #2466
|
2019-02-10 00:10:39 -08:00 |
Matthew Noorenberghe
|
a6ee79f428
|
Fix typo in dbc1c7b72f comment
|
2019-02-09 22:40:39 -08:00 |
Matthew Noorenberghe
|
dbc1c7b72f
|
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
|
2019-02-09 22:39:54 -08:00 |
Matthew Noorenberghe
|
a97711de89
|
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
|
2019-02-09 22:12:36 -08:00 |
Matthew Noorenberghe
|
99f1e23c5b
|
Replace usage of PHP_SELF in views/. Fixes #2450
|
2019-02-09 21:39:19 -08:00 |
Matthew Noorenberghe
|
effd609ff7
|
Escape output of state names. Fixes #2475
|
2019-02-09 20:40:08 -08:00 |
Matthew Noorenberghe
|
d7ede4643d
|
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
|
2019-02-09 19:14:31 -08:00 |
Matthew Noorenberghe
|
c9d597dced
|
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
|
2019-02-09 18:51:30 -08:00 |
Matthew Noorenberghe
|
255806bd54
|
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
|
2019-02-09 18:43:55 -08:00 |
Matthew Noorenberghe
|
6af2c4ad0e
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
Matthew Noorenberghe
|
9ce05a9a09
|
user.php: Escape the Username upon display. Fixes #2467
|
2019-02-09 17:45:52 -08:00 |
Matthew Noorenberghe
|
6d2f3c265f
|
events.php: Remove inline event handlers and enforce CSP
|
2019-02-09 17:34:59 -08:00 |
Matthew Noorenberghe
|
fcbc22b6a2
|
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
|
2019-02-09 17:27:47 -08:00 |
Matthew Noorenberghe
|
502f53fad0
|
functions.php: Fix SQLi in getFormChanges
|
2019-02-09 17:15:02 -08:00 |
Matthew Noorenberghe
|
ef0e5f453a
|
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
|
2019-02-09 17:11:53 -08:00 |
Matthew Noorenberghe
|
9705edfe24
|
monitor.php: Escape monitor method. Fixes #2464
|
2019-02-09 17:01:45 -08:00 |
Matthew Noorenberghe
|
cef54feaf9
|
monitor.php: Escape a bug of output variables. Fixes #2465
|
2019-02-09 16:54:06 -08:00 |
Matthew Noorenberghe
|
254b7286b4
|
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
|
2019-02-09 16:41:54 -08:00 |
Matthew Noorenberghe
|
bb75dad091
|
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
|
2019-02-09 15:35:55 -08:00 |
Matthew Noorenberghe
|
dd37808ef7
|
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
|
2019-02-09 15:24:13 -08:00 |
Matthew Noorenberghe
|
70e59ed546
|
filter.php: Escape the filter name on output. Fixes #2455
|
2019-02-09 15:19:15 -08:00 |
Matthew Noorenberghe
|
b2a97ee190
|
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
|
2019-02-09 15:10:45 -08:00 |
Matthew Noorenberghe
|
c8066919ff
|
functions.php: Esacepe textContent in htmlOptions()
|
2019-02-09 14:14:46 -08:00 |
Matthew Noorenberghe
|
7b0ee8a6a2
|
group: Escape group name in heading. Fixes #2454
|
2019-02-09 14:05:50 -08:00 |
Matthew Noorenberghe
|
fa6716a64b
|
console: Escape source column output to prevent XSS. Fixes #2452
|
2019-02-09 02:28:40 -08:00 |
Matthew Noorenberghe
|
98e0a0d2c5
|
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
|
2019-02-09 02:18:57 -08:00 |
Matthew Noorenberghe
|
02f09aad7f
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
Matthew Noorenberghe
|
61f6a92cc0
|
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
|
2019-02-09 01:37:32 -08:00 |
Matthew Noorenberghe
|
0b38e72f88
|
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
|
2019-02-09 01:16:32 -08:00 |
Matthew Noorenberghe
|
e36ac1b872
|
Add a polyfill for NodeList.prototype.forEach
|
2019-02-08 21:54:23 -08:00 |
Pliable Pixels
|
2dc935b488
|
added object detection frame rendering (#2505)
|
2019-02-08 13:49:00 -05:00 |
Isaac Connor
|
0eb1efff8b
|
fix eslint errors
|
2019-02-08 13:48:38 -05:00 |
Isaac Connor
|
e2fc0ea25d
|
Increase navbar refresh times. 5 seconds is way too fast
|
2019-02-08 10:22:42 -05:00 |
Isaac Connor
|
ee3a0c1fd1
|
fix validateForm running on monitor cancel due to lack of type=button on cancel button
|
2019-02-08 09:55:32 -05:00 |
Isaac Connor
|
4f9a32e7a7
|
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
|
2019-02-07 12:01:52 -05:00 |
Isaac Connor
|
ca781523a8
|
Merge branch 'master' into storageareas
|
2019-02-07 08:57:50 -05:00 |
Isaac Connor
|
1039149866
|
fix buttons on events page. data-onclick-this to data-on-click-this
|
2019-02-07 08:56:48 -05:00 |
Isaac Connor
|
d33e094526
|
Merge branch 'master' into storageareas
|
2019-02-06 17:03:41 -05:00 |
Isaac Connor
|
7e84a5914c
|
fix CSP policy violations on filters view
|
2019-02-06 13:55:19 -05:00 |
Isaac Connor
|
0783802d0c
|
fix CSP violations on events
|
2019-02-06 13:31:34 -05:00 |
Isaac Connor
|
b04b67c39d
|
Fix CSP violation in the onclick of the monitor view in montagereview
|
2019-02-06 12:17:10 -05:00 |
Isaac Connor
|
6744a9a116
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:55 -05:00 |
Isaac Connor
|
edaf582eb4
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:48 -05:00 |
Isaac Connor
|
8e62c93f5f
|
add to_json function to Storage.
|
2019-02-06 11:44:36 -05:00 |
Isaac Connor
|
cff1b6008f
|
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
|
2019-02-05 17:37:12 -05:00 |
Isaac Connor
|
a9f0463223
|
Merge branch 'master' into storageareas
|
2019-02-05 16:46:47 -05:00 |
Isaac Connor
|
dca9a81cfd
|
implement data-on-click-true
|
2019-02-05 16:45:05 -05:00 |
Isaac Connor
|
d121ecab75
|
Merge branch 'improve_session' into storageareas
|
2019-02-05 15:48:42 -05:00 |
Isaac Connor
|
141f2afc8c
|
Merge branch 'master' into storageareas
|
2019-02-05 15:46:58 -05:00 |
Isaac Connor
|
21702dcc68
|
Merge branch 'master' into improve_session
|
2019-02-05 12:35:29 -05:00 |