5da51d51bc
Merge branch 'master' into storageareas
2019-02-26 10:55:51 -05:00
2187dea2aa
add namespace to Warnings
2019-02-25 15:11:08 -05:00
fd310c0f0a
Merge branch 'master' into storageareas
2019-02-22 11:33:47 -05:00
8dd8888975
Php namespace ( #2537 )
...
* experiment with namespaces on the Server class
* experiment with namespaces on the Server class
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
b646284da3
don't quote dbEscape values it will quote it already ( #2529 )
2019-02-17 11:31:28 -05:00
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
533d021dea
Merge branch 'master' into storageareas
2019-01-30 15:17:27 -05:00
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
cc8de69eba
Merge branch 'master' into storageareas
2019-01-22 11:44:42 -05:00
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
7260f823cb
Merge branch 'master' into storageareas
2019-01-21 13:52:38 -05:00
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
fbc236128e
add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00
2019-01-21 11:16:14 -05:00
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
35fb4366b6
Fix recaptcha support with the CSP ( #2420 )
2019-01-19 09:47:04 -05:00
4e48939660
Add a validateForm event listener and enforce CSP on some views ( #2425 )
...
* Add a validateForm event listener and enforce CSP on the controlcap view
* filter.php: Use .validateFormOnSubmit
* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check
* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
552e14a971
Merge branch 'master' into storageareas
2019-01-18 10:36:59 -05:00
6bb5aa1b87
More inline JS / nonce conversions ( #2415 )
...
* monitor.php: Add nonce and move <script> inside </body>
* export_functions.php: Untested: Add @nonce to <script>
* blank.php: Add @nonce to <script> and add to CSP enforced views
* Enforce CSP on login and privacy views
* group.php: Add nonce and move <script> inside </body>
* filter.php: Add @nonce to <script>
* Fix updateButtons argument on the filter page upon change and page load
* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
f49dd93b6a
Merge branch 'master' into storageareas
2019-01-16 14:39:56 -05:00
1f3da476b8
switch to single quotes
2019-01-16 14:04:24 -05:00
d8ef33396a
If multi-port is on, we need to output CORS headers
2019-01-16 13:44:57 -05:00
ba21820fd0
fix typo
2019-01-16 12:10:34 -05:00
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
07d8ac1d49
implement timezone check function ( #2387 )
...
* implement timezone check function
* remove comment
* also check if the timezone is valid
* whitespace
2019-01-15 09:05:11 -05:00
083f284599
Replace onclick inline event handlers for createPopup ( #2410 )
...
* Move <script> before </body>
* Change makePopupLink to not use onclick
* Change makePopupButton to not use onclick
* Use .popup-link in control_functions.php
* Use makePopupButton in controlcaps.php
* Prevent double-encoding in makePopup*
* Use makePopupButton in devices.php
* Use makePopupButton in logout.php
* Use makePopupLink in monitor.php
* Use makePopupLink and .popup-link in montage.php
* Use makePopupButton in options.php
* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
52466c398b
Merge branch 'split_actions' into storageareas
2019-01-04 15:28:55 -05:00
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
5060358870
Merge branch 'master' into storageareas
2018-12-29 09:56:53 -05:00
d14e9ecf74
force overloadframes and ExtendAlarmFrames to int ( #2373 )
2018-12-29 09:53:31 -05:00
1a1231fdaa
Merge branch 'master' into storageareas
2018-12-28 10:47:27 -05:00
fb37fc48e1
update viewImagePatch ( #2370 )
2018-12-28 10:38:39 -05:00
eba8b3327d
Merge branch 'master' into cleanup_auth
2018-12-11 16:04:42 -05:00
4625f7c879
Merge branch 'master' into storageareas
2018-11-28 10:46:49 -05:00
17c1933913
remove an extra l
2018-11-26 16:20:15 -05:00
dea5db9dd9
Merge branch 'zmaudit_check_other_storageareas' into storageareas
2018-11-23 11:11:39 -05:00
415d43fafb
Include Server Name when testing for CORS. Also be case insensitive.
2018-11-15 12:23:52 -05:00
461ce3c1f8
Merge branch 'master' into storageareas
2018-10-29 12:52:06 -04:00
6691b5fb52
Include CORS headers when there is a Server defined, instead of requiring there to be more than 1
2018-10-29 12:50:50 -04:00
95a6d0666a
Improve behaviour and reduce extra logging when db goes away
2018-10-29 09:59:26 -04:00
91d83a89fa
include semaphore function replacements
2018-10-25 15:40:12 -04:00
2881d2af3f
Merge branch 'master' into storageareas
2018-10-10 14:13:27 -04:00
6ed146b4dd
Use Hostname instead of Url in test for CORS access.
2018-10-10 14:01:36 -04:00
e268264761
Merge branch 'cleanup_auth' into storageareas
2018-10-09 10:24:32 -04:00
918d5fd469
move utility functions for doing get/post requests into functions.php from actions.php
2018-10-09 09:39:04 -04:00
fa55cec12c
fix error when scale is auto
2018-09-14 16:57:28 -04:00
77edb8f74b
Add test for auto scale and don't rescale. Use find_one when loading StorageArea so as to use caching
2018-09-14 16:19:29 -04:00
34c7ee32ee
Merge branch 'master' into storageareas
2018-09-14 15:13:57 -04:00
f1442eba90
once we have found a match for our origin, break out of loop
2018-09-14 14:56:26 -04:00
d9b1d3ec11
fix CORS Headers when we are coming from a non-standard port. Use a regexp instead of == so that we match regardless of port
2018-09-14 14:52:33 -04:00
683789eb41
Merge branch 'master' into storageareas
2018-08-03 10:27:48 -04:00
b72d520e02
implement the ability to pass a disabled option to htmlSelect. Use it to disable the h264 passthrough option for non-ffmpeg monitors. Instead of disappearing it.
2018-08-03 10:02:42 -04:00
c934295bf9
we shall always pass width & height as pixels without units.
2018-07-31 16:55:13 -04:00
05615c5cf4
We should not use a hard path in cache bust
2018-07-11 15:48:01 -04:00
cf4a1c73fd
Always us /zm in cache_bust
2018-07-04 14:46:22 -04:00
d271d8bf1d
Fix my botched change to generateAuthHash
2018-06-25 14:50:54 -04:00
99a97543f1
Rework generateAuthHash to take a force parameter so that it can be used to generate auth hashes for zmu
2018-06-25 13:43:08 -04:00
af3ce3660f
Only unlink if file exists, removing warning. Always return a Storage object in Monitor->Storage() fixes Monitor Delete.
2018-05-24 09:54:45 -04:00
348468a98d
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2018-04-26 22:09:48 -04:00
86b2f6a12e
New Monitor Type - Website ( #2065 )
...
* implement website monitor
* don't check certain fields when using website monitor
* continue to fix javascript errors for website monitors
* check $monitor, not $new_monitor here
* add website monitor documentation
was somehow left out of the initial commit
* fix corruption of functions.php
* add missing comma
* remove errors by testing for existence of key. If it's a new monitor, then none of the keys will be valid
* If the monitor type is WebSite, then default Status to Running.
* put back start function that got lost in merge. Don't start StreamCmd's if it's a WebSite
* Add midding comma
* Hide unrelated tabs when type is WebSite. Put back input fields for Type=WebSite
* Don't show control or any of the status fields for WebSite type monitors
* add some parenthesis to ensure order of operations, seems to fix fps and status fields not being shown for regular monitors
2018-04-26 17:18:36 -04:00
00e82fb751
Implement MonitoServerId,StorageServerId,FilterServerID in Filters
2018-04-25 13:05:19 -07:00
dfae6661ab
use isset when determining if a column exists, otherwise we throw warnings
2018-04-25 09:32:40 -04:00
fac3cde1e7
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2018-04-20 15:23:23 -04:00
3ea39ad417
whitespace
2018-04-20 15:22:45 -04:00
3c225c9f1c
Migrate Webcache out of webroot ( #2083 )
...
* migrate webcache folder out of webroot, migrate htaccess files
* rpm specfile - add missing reference to cache folder
* fix submodule mixup
2018-04-19 15:01:46 -04:00
e3afa5e309
handle scale not being defined when using mpeg streaming
2018-04-18 11:28:19 -04:00
ef70ff86e9
cleanup zmaControl
2018-04-17 11:36:14 -04:00
53ce8c008a
move auth functions into it's own file
2018-04-06 14:36:23 -04:00
793f630ee0
Merge branch 'storageareas' of github.com:connortechnology/ZoneMinder into storageareas
2018-04-02 10:43:07 -07:00
df3a5b7d58
must reopen the session before destorying it
2018-03-29 19:19:08 -04:00
3fe5bb6fe2
open and close the session around user login
2018-03-29 11:30:20 -04:00
27736fb5d9
Merge ../ZoneMinder.master into storageareas
2018-03-15 11:04:41 -04:00
0df59c26b8
fix typo
...
Fix unable to enable camera
2018-03-10 19:48:53 -06:00
ed4dac761a
Merge pull request #2049 from ZoneMinder/fix_2044
...
Fix 2044
2018-03-03 12:49:57 -06:00
3fc7ebee6c
Merge ../ZoneMinder.master into storageareas
2018-03-03 09:32:23 -08:00
735e36c2a8
split htmlSelect into htmlOptions
2018-02-26 17:08:30 -08:00
464b588f08
add a case for toggle, which are booleans and default them to false
2018-02-26 07:29:49 -08:00
505e726636
turn off debug
2018-02-14 13:51:49 -05:00
a09bf3b097
slightly improve auth debugging
2018-02-14 11:58:00 -05:00
93996402d9
turn off debug
2018-02-02 13:24:07 -05:00
018523134e
use ZM_BASE_PROTOCOL when loading plugins. https can't load http content
2018-01-31 14:35:23 -05:00
2ea2f46ec8
braes
2018-01-25 09:13:31 -08:00
a271f1776d
Fix #80 don't escape NULL value when building SQL
2018-01-24 10:35:22 -05:00
9f89ccfa32
revert issue with AUTH_HASH_LOGINS
2018-01-24 07:46:56 -05:00
06c9266c62
use snapshot.jpg more
2018-01-22 03:27:01 +01:00
0f3cf33565
Move unparse_url from add_monitors to functions to make it generally available
2018-01-19 08:16:52 -08:00
4b37c6fc42
Change the Group dropdown to a single indented dropdown, and use chosen on it
2018-01-12 11:25:15 -08:00
3c55557c77
Handle to val in a filter term
2018-01-11 22:53:53 +01:00
Isaac Connor
Isaac Connor
Mitch Capper
Matthew Noorenberghe
Andrew Bauer
Isaac Connor
Isaac Connor
Isaac