Commit Graph

504 Commits

Author SHA1 Message Date
Isaac Connor 24c09a8207 Accept 0 as a value for scale meaning scale to fit 2020-05-08 17:55:12 -04:00
Isaac Connor 54995ab0d1 handle sort_asc not being set. Handle term['val'] not being set. 2020-04-23 15:18:05 -04:00
Isaac Connor 2d748091a2 handle sort_asc not being set. Handle term['val'] not being set. 2020-04-10 11:13:30 -04:00
Isaac Connor d0fe1b60df Merge branch 'release-1.34' 2020-04-04 16:58:53 -04:00
Isaac Connor 210d380029 CSP must include all Servers. 2020-04-04 16:57:52 -04:00
Isaac Connor b611e2616b handle scale=auto 2020-03-24 16:15:24 -04:00
Isaac Connor e06912a995 Merge branch 'release-1.34' 2020-03-21 15:28:27 -04:00
Isaac Connor d3df0defc9 Support missing openssl_random_pseudo_bytes by using alternate functions 2020-03-21 15:28:18 -04:00
Isaac Connor d24069e3d0 Look for global array so we don't load all Servers multiple times. Add all servers to allowed script-src in CSPHeaders 2020-03-04 11:03:07 -05:00
Isaac Connor fa6ac399be Fix code in makePopupLink. Return content-type application/json for json response 2020-03-02 17:21:58 -05:00
Isaac Connor 85e5ade07a fix makePopupLink when condition is false 2020-03-02 16:10:56 -05:00
Isaac Connor 6456d52b97 Merge branch 'fix_user_lang' 2020-02-27 17:43:51 -05:00
Isaac Connor bab0b2e830 handle a scale value of auto 2020-02-27 11:35:40 -05:00
Isaac Connor a34af39ca7 Fix logging line in generate video function 2020-02-25 18:14:14 -05:00
Isaac Connor 4d044a1f14 Fix logging line in generate video function 2020-02-25 18:11:07 -05:00
Isaac Connor f719514998 remove debug 2020-02-25 13:39:33 -05:00
Isaac Connor 4dda37a6ee remove extra } 2020-02-25 12:13:12 -05:00
Isaac Connor d68d115581 Handle scale==0 to do width=100%. 2020-02-25 11:12:49 -05:00
Isaac Connor df5bf788d9 Filtering by Alarmed Zone now only supports a single value using EXISTS as the operator. We now also support CURDATE() and NOW() as values for Date/StartDate/EndDate 2020-01-24 11:09:27 -05:00
Isaac Connor 9d41334e8f Merge branch 'master' into add_alarmed_zone_to_filters 2020-01-22 13:45:37 -05:00
Isaac Connor a3754709e4 allow filters to not have terms specified. We can't pass an empty array in a url, so we will just have to handle it. 2020-01-18 16:09:33 -05:00
Isaac Connor 714d304528 Change WebColour to a colour selector input and add a random colour icon. Select a random colour on new Monitor creation 2019-12-31 19:10:29 -05:00
Isaac Connor 9e43e06a55 Add empty array value for terms when there isn't any to get rid of warning when loading all events 2019-12-26 11:22:42 -05:00
Isaac Connor e39a95d761 Add AlarmedZoned to filters, work on fixing filter behaviour in js. Enable viewing filter results in montagereview 2019-12-18 19:06:10 -05:00
Isaac Connor 4d9d4ba957 Do not allow deletion of archived events. 2019-12-15 10:35:43 -05:00
Isaac Connor df9f6103e4 fix syntax error 2019-12-04 09:00:20 -05:00
Isaac Connor 78912584e1 re-arrange code to hopefully get rid of syntax error reported by some people 2019-12-04 07:10:33 -05:00
Isaac Connor 576dd23907 test for existence of filter in query 2019-12-02 12:30:15 -05:00
Isaac Connor cab1056328 improve debugging in recursive_array_diff 2019-11-29 14:49:10 -05:00
Isaac Connor 1c54f22627 Introduce CSP_REPORT_URI to config and use it when setting up CSP headers as to where to report unsafe inline js to. 2019-11-08 15:18:08 -05:00
Isaac Connor 014ce0afe8 improve error message regarding timezone differences 2019-11-05 12:40:11 -05:00
Isaac Connor 988b2183c3 use new ViewWIdth and ViewHeight functions to generate video stream. 2019-10-29 17:42:48 -04:00
Isaac Connor 3244c8ab5b spacing, quotes, remove debug 2019-10-21 13:18:09 -04:00
Isaac Connor 13b02284fe Merge branch 'master' into timezone_as_config 2019-10-18 13:58:22 -04:00
externo6 4b71bc75ea Change language to Contains / Not Contains and update perl filter. 2019-10-16 00:35:49 +01:00
Isaac Connor d02aee64e4 Add setting of timezone to Options/Config instead of php.ini 2019-10-02 09:07:18 -04:00
externo6 7479d3f1f1 Add LIKE and NOT LIKE to filter options
This is useful for filtering notes.
EG filtering detected objects from zmeventnofification;
WHERE notes LIKE %detect%
WHERE notes NOT LIKE %car%
2019-09-28 13:03:16 +01:00
Isaac Connor 555f3e9c0d Fix missing semi colon in Content-Security-Policy-Report-Only 2019-09-26 13:52:27 -04:00
Isaac Connor 4deea4c6ab code doc 2019-09-25 10:35:57 -04:00
Isaac Connor fe893a4a01 Add report-uri to out Content-Security-Policy-Report-Only header 2019-09-25 10:16:02 -04:00
Isaac Connor 1539e34204 spacing 2019-09-19 14:57:28 -04:00
Isaac Connor 1407d849e8 deprecate getStreamSrc in functions.php. 2019-09-18 11:10:25 -04:00
Isaac Connor 6b9e8bec69 Add logging of delete events 2019-08-29 11:26:32 -04:00
Isaac Connor 231c9c3902 move executeFilter to Filter->execute. If no changes have been made, don't make a tempfilter. 2019-08-26 18:48:34 -04:00
Isaac Connor 7ef26275bc use isset to get rid of warnings when eid is not in REQUEST 2019-08-20 10:28:19 -04:00
Isaac Connor f09941ed48 timezone errors shouldn't be fatal 2019-08-15 15:16:02 -04:00
Isaac Connor 702cb65d2a Merge branch 'storageareas' 2019-08-08 13:38:36 -04:00
Isaac Connor df285006d2 change sortHeader to include eid if it is in the request 2019-08-08 13:34:10 -04:00
Isaac Connor 5b0509e000 When invalid operator terms, use print_r on the term instead of just the operator 2019-08-08 09:26:00 -04:00
Isaac Connor 45afc2a534 introduce array_recursive_diff which we use to compare two arrays in Object::changes 2019-07-24 11:24:37 -04:00
Isaac Connor fe71a9abaa php_errormsg is deprecated 2019-07-19 16:32:40 -04:00
Tom Hodder 1336c03f97 WIP: Add pagination to frames.php in classic (#2618)
* add pagination to the frames.php results

* remove commented code, fix view all paging

* removing debugging logging statements

* default frames paging to on
2019-06-16 12:02:00 -04:00
Isaac Connor b0869a0b13 spaces and quotes 2019-05-31 10:34:53 -04:00
Isaac Connor db9ba7eeab Add StartDateTime and EndDateTime as Sort options. Fixes #2614 2019-05-24 10:02:15 -04:00
Isaac Connor 8f28ba0be3 beter debug and less often when no terms in parseFilter 2019-03-22 17:28:12 -04:00
Isaac Connor 7f7acc18ee spacing and code doc 2019-03-21 14:14:30 -04:00
Isaac Connor 6efeab5f8d improve readability of parseFilter 2019-03-20 14:26:48 -04:00
Isaac Connor 778707c8df Merge branch 'master' into storageareas 2019-03-04 14:33:28 -05:00
Isaac Connor 96e29c0299 fix up remaining issues with cycle updates 2019-03-04 13:35:40 -05:00
Isaac Connor 5da51d51bc Merge branch 'master' into storageareas 2019-02-26 10:55:51 -05:00
Isaac Connor 2187dea2aa add namespace to Warnings 2019-02-25 15:11:08 -05:00
Isaac Connor fd310c0f0a Merge branch 'master' into storageareas 2019-02-22 11:33:47 -05:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Mitch Capper b646284da3 don't quote dbEscape values it will quote it already (#2529) 2019-02-17 11:31:28 -05:00
Isaac Connor 555cb4780d Merge branch 'master' into storageareas 2019-02-10 12:37:45 -05:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe b2a97ee190 frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432)
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor 552e14a971 Merge branch 'master' into storageareas 2019-01-18 10:36:59 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor f49dd93b6a Merge branch 'master' into storageareas 2019-01-16 14:39:56 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor 52466c398b Merge branch 'split_actions' into storageareas 2019-01-04 15:28:55 -05:00
Isaac Connor dbe9817bc8 Split actions.php into individual files per view 2019-01-04 09:26:34 -05:00
Isaac Connor 5060358870 Merge branch 'master' into storageareas 2018-12-29 09:56:53 -05:00