Joshua Ruehlig
05a141bf78
Update database.php
2017-04-24 23:40:52 -07:00
Isaac Connor
f2920c37e0
escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead.
2017-04-18 12:31:20 -04:00
Isaac Connor
538658403c
Merge pull request #1822 from knnniggett/csrf
...
Implement CSRF Mitigation
2017-03-30 10:39:55 -04:00
Isaac Connor
589b369109
fix inserting x10 record with missing ,
2017-03-28 20:03:46 -04:00
Andy Bauer
4e16ae6d19
add ZM_ENABLE_CSRF_MAGIC toggle
2017-03-28 17:29:36 -05:00
Andrew Bauer
2dcd95bc7f
Merge pull request #1504 from ZoneMinder/improve_filter
...
Improve filter
2017-03-18 21:12:58 -05:00
Andrew Bauer
d38bae72ae
integrate csrf-magic library
2017-03-18 20:12:06 -05:00
Andrew Bauer
7e0ac4b239
Merge pull request #1780 from connortechnology/fix_1775
...
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
Andy Bauer
8759e2bdb4
prevent divide by zero, make error messages more descriptive
2017-02-21 13:10:41 -06:00
Andy Bauer
27ca8d8674
use === operator in getDiskPercent function
2017-02-21 12:33:05 -06:00
Manojav Sridhar
f50c0e2096
fix missing isset check, caused number of Undefined Property warnings
2017-02-18 11:15:43 -05:00
Isaac Connor
2bf4b5ad1a
use escapeshellarg on inputs to daemonControl and other functions where exec is called
2017-02-15 09:45:25 -05:00
Kyle Johnson
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
Isaac Connor
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
Kyle Johnson
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
Isaac Connor
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
Isaac Connor
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
Isaac Connor
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
Isaac Connor
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
klemens
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
Andy Bauer
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
Isaac Connor
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
Isaac Connor
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
Isaac Connor
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
Isaac Connor
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
Isaac Connor
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
Isaac Connor
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
Isaac Connor
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
Andrew Bauer
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
Kyle Johnson
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
Isaac Connor
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
Steve Gilvarry
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
Steve Gilvarry
c78a543e8e
Merge pull request #1475 from connortechnology/htmlselect
...
introduce htmlselect as an alternative to buildselect
2016-10-20 05:05:59 +11:00
Isaac Connor
aaf8f6c98b
add the missing case for ServerId in Filter processing.
2016-10-18 10:14:19 -04:00
Isaac Connor
c02b840274
Fix logic when disabling a monitor
2016-10-11 12:10:47 -04:00
Isaac Connor
db8cada380
fix merge
2016-09-13 15:01:02 -04:00
Steve Gilvarry
563f4a9d46
Merge pull request #1505 from ZoneMinder/fix_filter_actions
...
Confirmed check box status is now retained after save and changing filters.
2016-09-11 14:13:51 +10:00
Andrew Bauer
7d48b2c6c5
Merge pull request #1577 from ZoneMinder/fix_zmaControl
...
fix error in calling zmaControl
2016-08-17 08:36:51 -05:00
Andrew Bauer
31cb86046c
Merge pull request #1592 from connortechnology/fix_analysis_frame
...
Fix analysis frame
2016-08-14 10:54:46 -05:00
Isaac Connor
240336e3ec
silence error when Event has no StorageId set
2016-08-12 15:20:21 -04:00
Isaac Connor
3dadcc8d32
add ability to pass show=capture or show=analyse to getImageSrc
2016-08-12 15:14:51 -04:00
Andrew Bauer
382896dc0d
Merge pull request #1498 from josh4trunks/mysql_port_socket
...
Add support for MySQL Port / Unix Socket
2016-08-06 09:32:32 -05:00
Isaac Connor
aa78b403a1
zmaControl can take an id #, so need to move the check for local server test down.
2016-08-02 12:33:41 -04:00
Isaac Connor
cd43d1fa7a
Rough in Event disk space reporting
2016-07-19 17:34:01 -04:00
Andrew Bauer
a57a3d3186
Merge pull request #1501 from ZoneMinder/fix_zone_edit
...
Fix zone edit
2016-05-31 10:33:31 -05:00
Isaac Connor
65e33d6c19
synchronize on capitalizing the word Auto. This should fix the losing of the checkboxes when you change a filter
2016-05-27 11:11:30 -04:00
Andrew Bauer
1972c4116b
Merge pull request #1486 from connortechnology/update_image_view
...
Update image view
2016-05-26 09:05:14 -05:00