ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,614 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

5036 Commits

Author SHA1 Message Date
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 0eba430932 remove duplicate line 2019-01-30 11:05:43 -05:00
Isaac Connor 4e9ce3c5b7 Move session code to includes/session.php 2019-01-30 11:05:36 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor 7ea8be3fa8 spacing, remove non html5 elements 2019-01-25 09:22:08 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe a3e8fd4fd5 Fix zones.php self-xss. Fixes #2444 2019-01-24 23:40:41 -08:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP 
Also fix tag closing.
 2019-01-23 19:47:58 -08:00
Matthew Noorenberghe 59cc65411f plugin.php: Fix XSS and directory traversal bugs. Fixes #2436 
This view seems like dead code so maybe it should be removed instead.
 2019-01-23 19:41:38 -08:00
Isaac Connor e53678f869 Can't use a normal subsitution on the Order by field. So parse the sort param instead 2019-01-23 12:22:00 -05:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438) 
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
 2019-01-23 11:30:51 -05:00
montagdude 4da95369f9 Fix zone area calculation (#2437) 
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650. This
change implements the method here:

http://mathworld.wolfram.com/PolygonArea.html

It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
 2019-01-23 10:35:18 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Isaac Connor 2914fb1d58 Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js 2019-01-22 09:15:25 -05:00
Isaac Connor e712cedbde spacing and quotes 2019-01-22 09:14:44 -05:00
Isaac Connor ae703c45ee Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it. 2019-01-22 09:14:33 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Matt N e7e45b2d95 Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j (#2433) 2019-01-22 08:00:39 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor 785c208ecf Fixes #2426. Ca should have been endTime 2019-01-21 12:01:46 -05:00
Isaac Connor 326ac60ae4 add missing braces to fix logic 2019-01-21 11:20:56 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor e663397816 spacing 2019-01-21 11:17:21 -05:00
Isaac Connor c6311b7079 When logging in, stay on the login view 2019-01-21 11:17:09 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Isaac Connor b24b930f65 After login go to postlogin, not console. the login view is in a popup so we want to close 2019-01-21 11:15:36 -05:00
Matt N 19c272061a Replace MooTools usage for adding window event listeners (#2429) 2019-01-21 11:14:32 -05:00
Matt N 27bcf3f994 Upgrade jQuery version (#2430) 
* Upgrade jQuery to 1.12.4

* Upgrade jQuery to 2.2.4; Stop support for IE8

* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
 2019-01-21 11:13:40 -05:00
Matt N f0b33145f5 Log CSP violations in ZM logs in supported browsers (#2431) 2019-01-21 11:12:17 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432) 
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
 2019-01-21 11:11:40 -05:00
Isaac Connor f69b77e38f fix eslint complaints 2019-01-19 12:40:17 -05:00
Matt N a1a42345e3 More eslint fixes; eslint in php; add eslint to travis (#2419) 
* Add eslint to travis.yml

* Update eslint package versions and apply new indent rules

* Enable the brace-style and block-style eslint rules

* Enable the 'curly' eslint rule

* Enable the 'keyword-spacing' eslint rule

* Enable the 'key-spacing' eslint rule

* Enable the 'object-curly-spacing' eslint rule

* Enable the 'no-new-object' eslint rule

* Only disable the no-caller eslint rule in the one affected file

* Enable the 'no-unused-vars' eslint rule for local variables

* Add linting of JS in .php files
 2019-01-19 10:32:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N c0a6e54d60 skins/classic/views/control.php second order sqli (#2422) 2019-01-19 09:46:21 -05:00
Matt N 02fd1e79b3 Fix ajax/status.php orderby sql injection (#2421) 
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
 2019-01-19 09:46:08 -05:00
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425) 
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
 2019-01-19 09:41:53 -05:00
Isaac Connor 552e14a971 Merge branch 'master' into storageareas 2019-01-18 10:36:59 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416) 
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
 2019-01-18 10:00:55 -05:00