Manojav Sridhar
11b90e6011
fix usage of wrong key
2017-02-17 12:37:58 -05:00
Kyle Johnson
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor
9135da92ed
fix typo fileFields => filterFields
2017-01-31 21:33:43 -05:00
Isaac Connor
3437f23e8a
Merge branch 'master' into fix_sql_injection
2017-01-28 14:33:49 -05:00
Isaac Connor
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
Isaac Connor
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
Kyle Johnson
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
Isaac Connor
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
Andrew Bauer
dbd73690b2
use !== false rather than === true
2017-01-25 09:26:07 -06:00
Andrew Bauer
6189d2670c
ZM_DIR_EVENTS can be, and often is, a symlink
2017-01-25 09:05:34 -06:00
Andrew Bauer
8b19fca992
sanitize the image path before processing
2017-01-25 08:30:19 -06:00
Kyle Johnson
0e7794f2a7
Merge pull request #1 from connortechnology/cookie_http_only
...
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
Andy Bauer
7ef7a36f39
fix conditional logic in controlcap.js
2017-01-10 17:53:05 -06:00
Isaac Connor
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
Isaac Connor
fea5fa1b59
fix xtell should be -1 for move left
2017-01-10 12:35:02 -05:00
Isaac Connor
0a90dbac9f
require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path.
2017-01-02 10:35:51 -05:00
Isaac Connor
30674919c4
always include Storage object, because in the end we will be using it everywhere
2017-01-02 10:34:45 -05:00
Isaac Connor
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
Andrew Bauer
b063d8d6aa
Merge pull request #1728 from connortechnology/path_zms_message
...
Path zms message
2017-01-02 08:54:32 -06:00
Isaac Connor
ef71ae248c
fix ramSocketFile to remSocketFile
2017-01-02 09:31:26 -05:00
klemens
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
Andy Bauer
25ab1bee18
more fixed to gpl license text
2016-12-26 10:40:09 -06:00
Andy Bauer
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
Andy Bauer
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
Isaac Connor
38c0cedecc
remove the use of empty which on php < 5.5 only supports variables.
2016-12-20 16:37:42 -05:00
Andrew Bauer
68a24040ab
Merge pull request #1710 from connortechnology/path_zms_message
...
replace the old socket_sendto error message with something more useful
2016-12-20 10:30:35 -06:00
Isaac Connor
8b726996f7
FAQ fixes, more text about zms problems in it, and adjust the socket_sendto error message to point to the FAQ entry that is relevant.
2016-12-19 21:36:39 -05:00
Isaac Connor
fe3f3d91ce
replace the old socket_sendto error message with something more useful so that people stop asking us how to fix it.
2016-12-16 09:12:27 -05:00
Isaac Connor
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
Isaac Connor
ad157cf21c
fix tabs
2016-12-14 14:56:54 -05:00
Isaac Connor
69c39f8a23
set http_only flag in cookie settings
2016-12-14 14:39:44 -05:00
Isaac Connor
a9548d3f6b
Add a config entry to turn event disk space on/off
2016-12-13 13:34:56 -05:00
Isaac Connor
30ec67d4c3
Merge branch 'master' into disk_space_in_events
2016-12-13 13:28:32 -05:00
Isaac Connor
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
Isaac Connor
7c84e2417d
remove extra ?
2016-12-08 15:53:38 -05:00
Isaac Connor
c8009baf3f
fix missing ; and test for integer string in limit
2016-12-08 15:46:42 -05:00
Isaac Connor
d600eb0e8b
Merge branch 'master' into fix_sql_injection
2016-12-08 13:39:04 -05:00
Isaac Connor
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
Isaac Connor
587fd16aa6
Add testing for limit, sortField and all the filters to ensure that they are valid.
2016-12-08 13:31:44 -05:00
Bernardus Jansen
986567839e
Additional minor changes
2016-12-02 10:08:49 +01:00
Bernardus Jansen
e27639f599
Updated dutch translation
2016-12-02 09:49:50 +01:00
Isaac Connor
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
Isaac Connor
02cd3e8cba
Merge branch 'master' into small_fixes
2016-11-22 10:52:07 -05:00
Kyle Johnson
4eb5ff7aff
Fix Undefined index: loginFailed. Resolves #1684
2016-11-16 19:42:04 -07:00
Isaac Connor
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
Kyle Johnson
b0d22aa2a5
Add new fonts directory to web CMakeLists
2016-11-14 19:23:05 -07:00
Andrew Bauer
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
Kyle Johnson
65fe07e7aa
Fix a few typos in login inputs
2016-11-10 23:36:28 -07:00