Matthew Noorenberghe
|
255806bd54
|
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
|
2019-02-09 18:43:55 -08:00 |
Matthew Noorenberghe
|
6af2c4ad0e
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
Matthew Noorenberghe
|
9ce05a9a09
|
user.php: Escape the Username upon display. Fixes #2467
|
2019-02-09 17:45:52 -08:00 |
Matthew Noorenberghe
|
6d2f3c265f
|
events.php: Remove inline event handlers and enforce CSP
|
2019-02-09 17:34:59 -08:00 |
Matthew Noorenberghe
|
fcbc22b6a2
|
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
|
2019-02-09 17:27:47 -08:00 |
Matthew Noorenberghe
|
502f53fad0
|
functions.php: Fix SQLi in getFormChanges
|
2019-02-09 17:15:02 -08:00 |
Matthew Noorenberghe
|
ef0e5f453a
|
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
|
2019-02-09 17:11:53 -08:00 |
Matthew Noorenberghe
|
9705edfe24
|
monitor.php: Escape monitor method. Fixes #2464
|
2019-02-09 17:01:45 -08:00 |
Matthew Noorenberghe
|
cef54feaf9
|
monitor.php: Escape a bug of output variables. Fixes #2465
|
2019-02-09 16:54:06 -08:00 |
Matthew Noorenberghe
|
254b7286b4
|
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
|
2019-02-09 16:41:54 -08:00 |
Matthew Noorenberghe
|
bb75dad091
|
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
|
2019-02-09 15:35:55 -08:00 |
Matthew Noorenberghe
|
dd37808ef7
|
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
|
2019-02-09 15:24:13 -08:00 |
Matthew Noorenberghe
|
70e59ed546
|
filter.php: Escape the filter name on output. Fixes #2455
|
2019-02-09 15:19:15 -08:00 |
Matthew Noorenberghe
|
b2a97ee190
|
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
|
2019-02-09 15:10:45 -08:00 |
Matthew Noorenberghe
|
c8066919ff
|
functions.php: Esacepe textContent in htmlOptions()
|
2019-02-09 14:14:46 -08:00 |
Matthew Noorenberghe
|
7b0ee8a6a2
|
group: Escape group name in heading. Fixes #2454
|
2019-02-09 14:05:50 -08:00 |
Matthew Noorenberghe
|
fa6716a64b
|
console: Escape source column output to prevent XSS. Fixes #2452
|
2019-02-09 02:28:40 -08:00 |
Matthew Noorenberghe
|
98e0a0d2c5
|
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
|
2019-02-09 02:18:57 -08:00 |
Matthew Noorenberghe
|
02f09aad7f
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
Matthew Noorenberghe
|
61f6a92cc0
|
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
|
2019-02-09 01:37:32 -08:00 |
Matthew Noorenberghe
|
0b38e72f88
|
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
|
2019-02-09 01:16:32 -08:00 |
Matthew Noorenberghe
|
e36ac1b872
|
Add a polyfill for NodeList.prototype.forEach
|
2019-02-08 21:54:23 -08:00 |
Pliable Pixels
|
2dc935b488
|
added object detection frame rendering (#2505)
|
2019-02-08 13:49:00 -05:00 |
Isaac Connor
|
0eb1efff8b
|
fix eslint errors
|
2019-02-08 13:48:38 -05:00 |
Isaac Connor
|
e2fc0ea25d
|
Increase navbar refresh times. 5 seconds is way too fast
|
2019-02-08 10:22:42 -05:00 |
Isaac Connor
|
ee3a0c1fd1
|
fix validateForm running on monitor cancel due to lack of type=button on cancel button
|
2019-02-08 09:55:32 -05:00 |
Isaac Connor
|
4f9a32e7a7
|
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
|
2019-02-07 12:01:52 -05:00 |
Isaac Connor
|
ca781523a8
|
Merge branch 'master' into storageareas
|
2019-02-07 08:57:50 -05:00 |
Isaac Connor
|
1039149866
|
fix buttons on events page. data-onclick-this to data-on-click-this
|
2019-02-07 08:56:48 -05:00 |
Isaac Connor
|
d33e094526
|
Merge branch 'master' into storageareas
|
2019-02-06 17:03:41 -05:00 |
Isaac Connor
|
7e84a5914c
|
fix CSP policy violations on filters view
|
2019-02-06 13:55:19 -05:00 |
Isaac Connor
|
0783802d0c
|
fix CSP violations on events
|
2019-02-06 13:31:34 -05:00 |
Isaac Connor
|
b04b67c39d
|
Fix CSP violation in the onclick of the monitor view in montagereview
|
2019-02-06 12:17:10 -05:00 |
Isaac Connor
|
6744a9a116
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:55 -05:00 |
Isaac Connor
|
edaf582eb4
|
Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works.
|
2019-02-06 11:46:48 -05:00 |
Isaac Connor
|
8e62c93f5f
|
add to_json function to Storage.
|
2019-02-06 11:44:36 -05:00 |
Isaac Connor
|
cff1b6008f
|
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
|
2019-02-05 17:37:12 -05:00 |
Isaac Connor
|
a9f0463223
|
Merge branch 'master' into storageareas
|
2019-02-05 16:46:47 -05:00 |
Isaac Connor
|
dca9a81cfd
|
implement data-on-click-true
|
2019-02-05 16:45:05 -05:00 |
Isaac Connor
|
d121ecab75
|
Merge branch 'improve_session' into storageareas
|
2019-02-05 15:48:42 -05:00 |
Isaac Connor
|
141f2afc8c
|
Merge branch 'master' into storageareas
|
2019-02-05 15:46:58 -05:00 |
Isaac Connor
|
21702dcc68
|
Merge branch 'master' into improve_session
|
2019-02-05 12:35:29 -05:00 |
Isaac Connor
|
a40cd144fa
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
|
2019-02-05 12:35:15 -05:00 |
Isaac Connor
|
c54fe7e89a
|
fix state actions
|
2019-02-05 12:35:06 -05:00 |
Isaac Connor
|
d08a6fcc7c
|
Don't redirect to login if we are already viewing login. Put auth before including skin includes
|
2019-02-05 12:32:24 -05:00 |
Isaac Connor
|
78bc2c1dc2
|
add autocomplete tags to username and password inputs
|
2019-02-05 11:53:57 -05:00 |
Isaac Connor
|
b6b4a21dbe
|
Move auth code to includes/auth.php
|
2019-02-05 11:45:58 -05:00 |
Isaac Connor
|
cb0d9325e6
|
Use session_regenerate_id instead of our broken code to do the same
|
2019-02-05 11:45:09 -05:00 |
Isaac Connor
|
2466d765bf
|
If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
|
2019-02-05 11:44:45 -05:00 |
Isaac Connor
|
5a9083fe86
|
Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
|
2019-02-05 11:40:58 -05:00 |