Isaac Connor
2f301cf5fe
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-12 13:18:08 -05:00
Isaac Connor
5b9bb93703
fix navbar auth
2019-02-12 13:17:55 -05:00
Andrew Bauer
28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
...
rough in a control function in Filter object. Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld
f95e9c0363
Fix comment about hiding navbar ( #2521 )
...
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor
5ce681b463
instantiate a false Frame object with id = objectect
2019-02-11 16:37:22 -05:00
Isaac Connor
ed6b22ac06
spacing
2019-02-11 16:29:36 -05:00
Isaac Connor
5a924ab176
cleanup redundant code and spacing
2019-02-11 16:29:19 -05:00
Isaac Connor
3871c28089
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 14:15:35 -05:00
Isaac Connor
40e0019267
fix all the nav missing when a users Monitors Permission is None
2019-02-11 14:15:24 -05:00
Isaac Connor
a3374aa26c
Merge branch 'reload_zmfilter_on_filter_save' into storageareas
2019-02-11 13:26:53 -05:00
Isaac Connor
5695be9f32
rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved.
2019-02-11 13:21:00 -05:00
Pliable Pixels
5a333e153c
show object detected file, if object detection in place ( #2514 )
2019-02-11 10:58:34 -05:00
Isaac Connor
cd0d753cce
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 09:55:50 -05:00
Isaac Connor
e79d7ec736
change let to var
2019-02-11 09:55:45 -05:00
Matt N
9675367e03
event.js: Wait for delete request to succeed before navigating. Fixes #2384 ( #2515 )
2019-02-11 09:34:51 -05:00
Matthew Noorenberghe
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
Matthew Noorenberghe
ef1112801f
Request browser name and version for web issues (part 2)
2019-02-10 12:38:18 -08:00
Matthew Noorenberghe
28a8af34d5
Request browser name and version for web issues
2019-02-10 12:22:44 -08:00
Matthew Noorenberghe
cda4a28fec
Fix accidental use of 'let' in 255806bd54
2019-02-10 11:14:55 -08:00
Steve Gilvarry
2975225918
Cleanup old files ( #2509 )
...
* Remove Doc-Pak folder
Duplicates and out of date
* Delete umutils dir, looks like some old build script.
* Remove NEWS file as it is not being used.
* Remove TODO
* Remove description-pak, hanging around since NextTime days
* Delete ChangeLog file leaving CHANGELOG.MD as main file, which needs updating..
* Remove INSTALL file as it was not up to date, happy to consider an update instead.
* Remove Authors, not really adding much value and pretty sure the history is documented elsewhere.
* Deleted BUGS. Should be covered in the readme, let me know if you want me to add a link..
2019-02-10 13:09:40 -05:00
Steve Gilvarry
87413d447d
Set CSRF on as the default for new installs. Fixes #2507 ( #2508 )
...
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.
* Fix the spelling mistake that I noticed after editing this.
2019-02-10 13:08:58 -05:00
Isaac Connor
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
Isaac Connor
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
Matthew Noorenberghe
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
Matthew Noorenberghe
a6ee79f428
Fix typo in dbc1c7b72f
comment
2019-02-09 22:40:39 -08:00
Matthew Noorenberghe
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
Matthew Noorenberghe
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
Matthew Noorenberghe
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
Matthew Noorenberghe
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
Matthew Noorenberghe
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
Matthew Noorenberghe
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
Matthew Noorenberghe
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
Matthew Noorenberghe
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
Matthew Noorenberghe
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
Matthew Noorenberghe
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
Matthew Noorenberghe
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
Matthew Noorenberghe
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
Matthew Noorenberghe
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
Matthew Noorenberghe
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
Matthew Noorenberghe
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
Matthew Noorenberghe
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
Matthew Noorenberghe
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
Matthew Noorenberghe
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
Matthew Noorenberghe
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
Matthew Noorenberghe
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
Matthew Noorenberghe
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
Matthew Noorenberghe
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
Matthew Noorenberghe
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
Matthew Noorenberghe
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00