Commit Graph

6359 Commits

Author SHA1 Message Date
Andrew Bauer bd4aea0385 rpm specfile - php requires was listed twice 2017-02-08 20:21:23 -06:00
Andrew Bauer 9c8c87f591 rpm specfile - require php-mysqli, bump to 1.30.2 2017-02-08 20:12:54 -06:00
Andrew Bauer 8feac1747d Merge pull request #1764 from ZoneMinder/vulerability-fixes
sql injection and session fixation vulerability fixes
2017-02-04 16:23:51 -06:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson 024dd54716 Merge pull request #7 from ZoneMinder/pdo-emulated-prepares
Tell PDO to use real prepared statements.
2017-02-04 15:05:25 -07:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements.
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor 9135da92ed fix typo fileFields => filterFields 2017-01-31 21:33:43 -05:00
Isaac Connor 3437f23e8a Merge branch 'master' into fix_sql_injection 2017-01-28 14:33:49 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor b5e995712e Merge branch 'master' of github.com:ConnorTechnology/ZoneMinder-Pro 2017-01-27 17:43:58 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Isaac Connor 9e9b1a3a35 Merge pull request #1758 from knnniggett/sanitize_image_path
sanitize the image path before processing
2017-01-27 09:41:54 -05:00
Isaac Connor 20f31ce804 Merge pull request #1759 from knnniggett/packpack_crud
check if crud plugin exists before unpacking
2017-01-27 09:37:05 -05:00
Andrew Bauer fbb8375a1a check if crud plugin exists before unpacking 2017-01-25 10:49:58 -06:00
Andrew Bauer dbd73690b2 use !== false rather than === true 2017-01-25 09:26:07 -06:00
Andrew Bauer 6189d2670c ZM_DIR_EVENTS can be, and often is, a symlink 2017-01-25 09:05:34 -06:00
Andrew Bauer 8b19fca992 sanitize the image path before processing 2017-01-25 08:30:19 -06:00
Andrew Bauer 13dc11bdf5 Merge pull request #1717 from connortechnology/fix_mmap_leak
must call zmMemInvalidate before next
2017-01-24 19:39:51 -06:00
Andrew Bauer af728388d0 Merge pull request #1734 from connortechnology/fix_1720
Fix 1720
2017-01-23 20:35:10 -06:00
Isaac Connor ab34127d62 bump version too 2017-01-16 21:31:45 -05:00
Isaac Connor 0e64ff9b24 Merge pull request #1754 from pliablepixels/1716-doc-img-typo
1716 doc img typo
2017-01-16 21:30:37 -05:00
Andrew Bauer 9fd52c231a remove packpack build files 2017-01-16 08:39:54 -06:00
Andrew Bauer 5833196a84 packpack - change error code handling 2017-01-16 08:36:46 -06:00
Andrew Bauer 000ba2300a packpack - initial support for debian distros 2017-01-15 20:43:03 -06:00
Pliable Pixels 0f3642adf4 added uncompressed xml 2017-01-15 21:40:25 -05:00
Andy Bauer 3882b74766 rpm specfile - el6 buildrequires epel-rpm-macros 2017-01-15 16:39:38 -06:00
Pliable Pixels d5d9a3a8e9 reminder message for website used to draw XML source images 2017-01-15 17:35:34 -05:00
Pliable Pixels 9bf83a409b fixed image type 2017-01-15 17:35:12 -05:00
Andy Bauer 4325e8f7ea Merge branch 'master' of https://github.com/ZoneMinder/ZoneMinder 2017-01-15 15:49:46 -06:00
Andy Bauer 49c35d5733 packpack - f24,f25,el7 confirmed working 2017-01-15 15:48:57 -06:00
Andrew Bauer 418995df84 rpm specfile changes
need to put this back in to maintain compatibility with packpack
2017-01-15 09:59:17 -06:00
Andrew Bauer b3ee97ad11 Merge pull request #1753 from jbehrends/docker_apache_fix
Docker - Fixed broken cgi-bin path in apache site conf.
2017-01-14 20:38:33 -06:00
Josh Behrends 41f5ee5032 Fixed broken cgi-bin path 2017-01-14 16:35:46 -08:00
Andy Bauer 08d4d0c5c2 packpack - auto retrieve zmrepo rpm 2017-01-14 16:35:56 -06:00
Andy Bauer 7d91b4cdc7 minor changes to packpack patch 2017-01-14 16:24:55 -06:00
Isaac Connor 80c948b61e Merge pull request #1751 from knnniggett/pp_files
initial commit for packpack support
2017-01-14 16:44:05 -05:00
Andrew Bauer 3ae7038e3b make the build script executable 2017-01-14 14:15:54 -06:00
Andrew Bauer 105e43fafd initial commit for packpack support 2017-01-14 14:14:41 -06:00
Isaac Connor ac32b001e9 use a real variable for the file handle so that it sticks around. 2017-01-12 13:05:39 -05:00
Isaac Connor c97ecc2a38 remove debug line 2017-01-12 13:04:44 -05:00
Isaac Connor a5cdfd2932 call loadMonitors at the beginning. Otherwise we may not know about a monitor while handling a message from it. 2017-01-12 13:03:53 -05:00
Isaac Connor 513cd68c20 remove the verified caching. It makes calling zmMemVerify useless. 2017-01-12 13:02:16 -05:00
Kyle Johnson 0e7794f2a7 Merge pull request #1 from connortechnology/cookie_http_only
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
Kyle Johnson a0958f9b70 Merge pull request #4 from connortechnology/regenerate_session
On successful login, tell php to regenerate the session id
2017-01-12 09:06:28 -07:00
Andrew Bauer c50cbc2b9e Merge pull request #1749 from jbehrends/1747-docker-apache-config-fix
Fixed apache documentroot, and fixed permissions for "/" in the project's Dockerfile
2017-01-12 07:58:15 -06:00
Josh Behrends 2104561eca Fixed apache documentroot, and fixed permissions for "/" 2017-01-11 19:49:29 -08:00
Andrew Bauer 2e730f0426 Merge pull request #1746 from connortechnology/fix_else
fix else behaviour by adding braces
2017-01-11 19:38:59 -06:00