b1cc0c2b82
add CSP nonce to CSRF rewriting
2019-01-16 14:04:07 -05:00
d8ef33396a
If multi-port is on, we need to output CORS headers
2019-01-16 13:44:57 -05:00
ba21820fd0
fix typo
2019-01-16 12:10:34 -05:00
eee1d871e0
get rid of default value for PathToIndex so that it will use PHP_SELF instead
2019-01-16 12:09:26 -05:00
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
fd696bc066
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-15 11:38:56 -05:00
3182d8bab7
implement to_json method so that defaults get included
2019-01-15 11:36:56 -05:00
07d8ac1d49
implement timezone check function ( #2387 )
...
* implement timezone check function
* remove comment
* also check if the timezone is valid
* whitespace
2019-01-15 09:05:11 -05:00
083f284599
Replace onclick inline event handlers for createPopup ( #2410 )
...
* Move <script> before </body>
* Change makePopupLink to not use onclick
* Change makePopupButton to not use onclick
* Use .popup-link in control_functions.php
* Use makePopupButton in controlcaps.php
* Prevent double-encoding in makePopup*
* Use makePopupButton in devices.php
* Use makePopupButton in logout.php
* Use makePopupLink in monitor.php
* Use makePopupLink and .popup-link in montage.php
* Use makePopupButton in options.php
* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
c834fbe462
the filter action should singular filter, not filters
2019-01-13 14:52:39 -05:00
b373577589
fix function view after actions cleanup
2019-01-10 12:08:25 -05:00
b4f8500cb5
Merge branch 'split_actions'
2019-01-05 18:33:04 -05:00
3f10553464
Fix include path to Monitors.php
2019-01-05 18:32:53 -05:00
e34a5e972a
fix missing }
2019-01-05 11:12:26 -05:00
5b5905c83a
We always use markEids[] now
2019-01-04 16:29:16 -05:00
0e20666992
fix eventdetail actions being in events
2019-01-04 15:43:31 -05:00
e2f32ab091
Upgrade config saving
2019-01-04 09:43:36 -05:00
7ec96655c3
fix missing ! when testing for permission on editing config
2019-01-04 09:37:26 -05:00
5b9bf48945
Merge branch 'master' into split_actions
2019-01-04 09:35:54 -05:00
46adcbb66b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-04 09:34:51 -05:00
edeaa07c12
Fix no quotes around Id
2019-01-04 09:34:42 -05:00
6cad852e11
fix path to MontageLayout
2019-01-04 09:34:18 -05:00
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
874930d8fc
Merge branch 'master' into improve_config_efficiency
2019-01-02 13:07:53 -05:00
d14e9ecf74
force overloadframes and ExtendAlarmFrames to int ( #2373 )
2018-12-29 09:53:31 -05:00
a029909972
fix path to thumb and anal images ( #2367 )
2018-12-28 10:46:13 -05:00
fb37fc48e1
update viewImagePatch ( #2370 )
2018-12-28 10:38:39 -05:00
5f9a113da1
redirect to montage rather than montagereview
2018-12-26 10:34:01 -06:00
e0cae5709f
Group::find is now more powerful so we can just use it to return all Groups to be deleted
2018-12-24 09:39:40 -05:00
63199289ad
Change depth function to be 0-based.
2018-12-24 09:38:55 -05:00
a277f697e9
whitespace
2018-12-20 14:58:38 -05:00
567b60ffa7
support for forwarded proto/port in Server.php ( #2343 )
2018-12-13 10:24:32 -05:00
8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
...
Cleanup auth
2018-12-12 20:53:24 -06:00
eba8b3327d
Merge branch 'master' into cleanup_auth
2018-12-11 16:04:42 -05:00
4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
...
Introduce get body top html
2018-12-11 09:35:54 -06:00
e1ecd47bff
Fix missing use of UrlToApi
2018-12-11 09:40:40 -05:00
a1141d2dc4
remove second use of HTTP_HOST and use a better method of stripping off port from HTTP_HOST
2018-12-07 08:39:23 -05:00
757e538550
strip port from HTTP_HOST
2018-12-06 17:12:03 -05:00
e327ad100e
fix WebSite camera startup issue
2018-12-01 17:03:50 -06:00
cae6ffd5a3
use HTTP_HOST instead of SERVER_NAME
2018-12-01 13:27:08 -06:00
8c626c984b
Need to pass port through all Url functions
2018-11-30 14:45:58 -05:00
3bd5774ea1
Default to PathToIndex should have the index.php in it
2018-11-29 15:53:19 -05:00
1c17f334d3
fix missing bits. Implement UrlToIndex in Monitor and fix use of Url(). Implement PathToApi as well
2018-11-29 14:26:30 -05:00
1e915e9567
Merge branch 'master' into server_path_prefix
2018-11-28 10:45:36 -05:00
f8b2ff5c77
rework from Url() to PathToIndex(), PathToZMS(), UrlToIndex() and UrlToZMS()
2018-11-27 17:35:25 -05:00
17c1933913
remove an extra l
2018-11-26 16:20:15 -05:00
c5f7fb7b18
Merge branch 'master' into server_path_prefix
2018-11-22 10:04:33 -05:00
415d43fafb
Include Server Name when testing for CORS. Also be case insensitive.
2018-11-15 12:23:52 -05:00
ec09a71ba0
Include defaults for all the missing Monitor Columns
2018-11-07 13:18:53 -05:00
702143e51b
Create a function called getBodyTopHTML that outputs the body tag and anything else that should go at the top.
...
Things like the we require javascript message, and any other messages like error messages.
Use this on the monitor and console view to stick an error message at the top when saving a monitor fails.
This is a pretty quick, crude implementation.
2018-11-07 12:33:54 -05:00
Isaac Connor
Isaac Connor
Matt N
Andrew Bauer
Mike Rosack
Andrew Bauer