ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,151 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

377 Commits

Author SHA1 Message Date
Isaac Connor 186e5ba866 Merge branch 'master' into storageareas 2017-02-21 09:48:00 -05:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Isaac Connor d135216ac7 Merge branch 'master' into storageareas 2017-02-15 09:30:35 -05:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection 
Sanitize input parameters
 2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2 
Log xss fixes2
 2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements. 
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
 2017-02-04 14:59:33 -07:00
Isaac Connor 9fd9c5de20 test for empty and non-existent path 2017-01-30 17:24:41 -05:00
Isaac Connor fda115bebe tell zmc and zma to stop before updating db 2017-01-30 16:37:53 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Isaac Connor 8ce7719a33 remove extra db call cuz i sredundant 2017-01-18 21:12:54 -05:00
Isaac Connor 899b1b82b9 Merge branch 'filter_by_runstate' into storageareas 2017-01-14 17:07:20 -05:00
Isaac Connor 242e5a56d8 rough in the ability to filter on RunState 2017-01-14 16:55:28 -05:00
Isaac Connor 3074263e06 Merge branch 'control_fixes' into storageareas 2017-01-10 12:54:46 -05:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00
Isaac Connor d8b8d78576 Fix storagearea lookup. Default to ZM_EVENTS_DIR 2017-01-09 16:35:58 -05:00
Isaac Connor 03fd964518 fix parsing StorageID 2017-01-09 14:59:14 -05:00
Isaac Connor f6ea52280a Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions 2017-01-02 10:34:15 -05:00
Isaac Connor 5ae34a7561 Merge branch 'master' into storageareas 2017-01-02 09:39:10 -05:00
klemens 0d549f1db3 spelling fixes 2016-12-29 10:31:05 +01:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 794043cbe9 On successful login, tell php to regenerate the session id 2016-12-14 15:06:18 -05:00
Isaac Connor 821f9f8e6e Merge branch 'fix_sql_injection' into storageareas 2016-12-08 15:58:10 -05:00
Isaac Connor b5e4c94682 test for integer string as well 2016-12-08 15:58:00 -05:00
Isaac Connor 08370b010e Merge branch 'log_xss_fixes' into storageareas 2016-12-08 15:52:37 -05:00
Isaac Connor 42fdd1fbe9 Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run. 2016-12-08 15:52:21 -05:00
Isaac Connor ced701f56f Merge branch 'fix_sql_injection' into storageareas 2016-12-08 14:58:50 -05:00
Isaac Connor e7d0861530 check limit for a valid integer and complain if not. 2016-12-08 13:37:23 -05:00
Isaac Connor 9e5f52a0ae fix MonitorId is part of event, not frame 2016-11-29 15:25:51 -05:00
Isaac Connor be5b4691da check for isset of SESSION['username'] instead of just assuming it exists 2016-11-22 15:35:07 -05:00
Isaac Connor 9312eed17f Merge branch 'master' into disk_space_in_events 2016-11-22 10:58:24 -05:00
Isaac Connor 6bf921a858 Add thumbnanils to the frames view. Also add a content-disposition header and some url mangling to help browsers give a useful filename when doing Save Image As 2016-11-21 12:28:15 -05:00
Isaac Connor 2bd080a6a6 Merge branch 'master' into storageareas 2016-11-15 08:41:00 -05:00
Isaac Connor 8f71971209 Show error message upon unsuccessful login. Fixes #1648 (#1680) 
* Add additional post-cmake files to .gitignore

* Add bootstrap 3.3.7

* Load bootstrap css

* Restyle login page, move recaptcha js to <head>

The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.

* Update doctype to HTML5, add meta tags for mobile browsers

* Move inline Login css to css file

* Remove extra php tag in functions.php

* Show error message upon unsuccessful login.  Fixes #1648

 * Includes bootstrap glyphicons as they're used in the error message.
 * Failure check is done via a simple test in login.js.php and login.js.
   The 'view' param will only be set (to 'postlogin') if the login page
   has refreshed due to a failed login.  Otherwise you're directed to
   the console view.

* Only load bootstrap css in specific views.

Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.

* Test for invalid login via session variable.

The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login

* Fix a few typos in login inputs

* Add new fonts directory to web CMakeLists
 2016-11-14 21:24:43 -05:00
Isaac Connor 3b7723ee8f Merge branch 'master' into storageareas 2016-11-11 22:40:00 -05:00
Andrew Bauer 49d8e35e56 Show available PATH_MAP percent on console (#1675) 
* Add PATH_SWAP percent to console

* add changes to console.php

* use ZM_PATH_MAP instead of ZM_PATH_SWAP

* show the folder name PATH_MAP points to

* use a dash as the delimiter instead of fwd slash
 2016-11-11 08:47:08 -05:00
Kyle Johnson 95d00f70a3 Test for invalid login via session variable. 
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
 2016-11-10 23:29:12 -07:00
Isaac Connor 4defad1352 Merge branch 'add_scale_to_frame_view' into storageareas 2016-10-26 14:04:43 -04:00
Isaac Connor d9a31f7fb6 Merge branch 'master' into storageareas 2016-10-26 13:39:31 -04:00
Isaac Connor 98cde11e86 add a scale element to the frame view. Include some bits from StorageAreas to make it work 2016-10-26 13:34:28 -04:00
Isaac Connor cf0e4935f1 cleanups, more debugging 
Also, when adding a monitor, a user who is restricted to monitors can't create one, add an error essage about it instead of failing silently.
 2016-10-21 12:43:23 -04:00
Isaac Connor f9ac601194 fix getOutputHelperStream -> getHelperStream 2016-10-21 12:41:37 -04:00
Isaac Connor 5ee8a1c0a7 deprecate the contents of getImageSrc since it is now in Event.php 2016-10-20 11:52:01 -04:00
Isaac Connor fc540786a5 Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php 2016-10-20 11:51:42 -04:00
Isaac Connor c795dd7568 double quotes to single quotes, remove some includes, slight efficiency gains and better error reporting when the .mp4 doesn't exist. 2016-10-20 11:50:13 -04:00
Steve Gilvarry 11cc73f55d Merge pull request #1651 from connortechnology/fix_disable_monitor 
Fix logic when disabling a monitor
 2016-10-20 05:16:22 +11:00
Steve Gilvarry c78a543e8e Merge pull request #1475 from connortechnology/htmlselect 
introduce htmlselect as an alternative to buildselect
 2016-10-20 05:05:59 +11:00
Isaac Connor de9c5a3bed add in missing break 2016-10-18 10:20:42 -04:00