Commit Graph

4885 Commits

Author SHA1 Message Date
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Isaac Connor b24b930f65 After login go to postlogin, not console. the login view is in a popup so we want to close 2019-01-21 11:15:36 -05:00
Matt N 19c272061a Replace MooTools usage for adding window event listeners (#2429) 2019-01-21 11:14:32 -05:00
Matt N 27bcf3f994 Upgrade jQuery version (#2430)
* Upgrade jQuery to 1.12.4

* Upgrade jQuery to 2.2.4; Stop support for IE8

* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N f0b33145f5 Log CSP violations in ZM logs in supported browsers (#2431) 2019-01-21 11:12:17 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432)
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Isaac Connor f69b77e38f fix eslint complaints 2019-01-19 12:40:17 -05:00
Matt N a1a42345e3 More eslint fixes; eslint in php; add eslint to travis (#2419)
* Add eslint to travis.yml

* Update eslint package versions and apply new indent rules

* Enable the brace-style and block-style eslint rules

* Enable the 'curly' eslint rule

* Enable the 'keyword-spacing' eslint rule

* Enable the 'key-spacing' eslint rule

* Enable the 'object-curly-spacing' eslint rule

* Enable the 'no-new-object' eslint rule

* Only disable the no-caller eslint rule in the one affected file

* Enable the 'no-unused-vars' eslint rule for local variables

* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N c0a6e54d60 skins/classic/views/control.php second order sqli (#2422) 2019-01-19 09:46:21 -05:00
Matt N 02fd1e79b3 Fix ajax/status.php orderby sql injection (#2421)
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
Matt N 34e2e47993 controlcap.php: Reflected xss fix with validHtmlStr (#2423) 2019-01-19 09:43:28 -05:00
Matt N d3f8037e58 Replace onclick='submitTab(...' with a click listener (#2424) 2019-01-19 09:42:12 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Matt N 43a1725060 Fix duplicate 'class' attribute in options (#2418) 2019-01-18 10:05:44 -05:00
Matt N eef113b6a7 Convert some characters to HTML entities (#2417) 2019-01-18 10:02:48 -05:00
Matt N deaf651aad Fix eslint violations (#2416)
* Add more JS libraries to eslintignore

* eslint . --fix

Automatic fixes only

* frame.js: eslint fixes

* events.js: manual eslint fixes

* skin.js: manual eslint fixes

* watch.js: manual eslint fixes

* Remove some tabs used for indentation in JS

* state.js: Fix new-cap eslint violation

* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor 599769b701 rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none 2019-01-17 08:50:33 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor b1cc0c2b82 add CSP nonce to CSRF rewriting 2019-01-16 14:04:07 -05:00
Isaac Connor a7db6f08f5 single vs double quotes 2019-01-16 13:47:50 -05:00
Isaac Connor 42076ad09b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-16 13:46:01 -05:00
Isaac Connor a2c23d3263 Need nonce in inline script setting display css 2019-01-16 13:45:26 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor e156a6cda0 logout view should go to logout view 2019-01-16 12:23:18 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Isaac Connor eee1d871e0 get rid of default value for PathToIndex so that it will use PHP_SELF instead 2019-01-16 12:09:26 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Isaac Connor fd696bc066 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-15 11:38:56 -05:00
Isaac Connor ac27005944 remove debug 2019-01-15 11:38:43 -05:00
Isaac Connor 07c7c271a6 prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411 2019-01-15 11:38:19 -05:00
Isaac Connor 3182d8bab7 implement to_json method so that defaults get included 2019-01-15 11:36:56 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor c834fbe462 the filter action should singular filter, not filters 2019-01-13 14:52:39 -05:00
Isaac Connor a282b487d1 load Help from Config as it is not longer always loaded into ram. 2019-01-11 13:55:03 -05:00
Isaac Connor b373577589 fix function view after actions cleanup 2019-01-10 12:08:25 -05:00
Isaac Connor 1d54216e80 spacing 2019-01-09 16:23:58 -05:00
Isaac Connor c1e4fbac6a extend input path and options to the full width of the popup 2019-01-09 12:37:42 -05:00
Isaac Connor 2d03583b78 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-08 13:12:42 -05:00
Isaac Connor ffa37d8c10 Fix margins on replayControl 2019-01-08 13:12:35 -05:00
Isaac Connor 3f5a2a2aa6 disable delete button when event is archived. 2019-01-07 15:56:23 -05:00
Isaac Connor b4f8500cb5 Merge branch 'split_actions' 2019-01-05 18:33:04 -05:00
Isaac Connor 3f10553464 Fix include path to Monitors.php 2019-01-05 18:32:53 -05:00
Isaac Connor e34a5e972a fix missing } 2019-01-05 11:12:26 -05:00
David Beitey e6ba8e58ef Fix #2391 by defining monitor variable (#2392) 2019-01-05 10:20:34 -05:00
Isaac Connor 5b5905c83a We always use markEids[] now 2019-01-04 16:29:16 -05:00
Isaac Connor de0ef6ce43 Merge branch 'master' into split_actions 2019-01-04 15:55:54 -05:00
Isaac Connor e72e4e7ce4 Spacing, remove some html4 stuff, clean up duplicated hidden form elements. 2019-01-04 15:52:36 -05:00
Isaac Connor dea64320f0 Fix a + that should be a . 2019-01-04 15:52:14 -05:00
Isaac Connor 0e20666992 fix eventdetail actions being in events 2019-01-04 15:43:31 -05:00
Isaac Connor e2f32ab091 Upgrade config saving 2019-01-04 09:43:36 -05:00
Isaac Connor 7ec96655c3 fix missing ! when testing for permission on editing config 2019-01-04 09:37:26 -05:00
Isaac Connor 5b9bf48945 Merge branch 'master' into split_actions 2019-01-04 09:35:54 -05:00
Isaac Connor 46adcbb66b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-04 09:34:51 -05:00
Isaac Connor edeaa07c12 Fix no quotes around Id 2019-01-04 09:34:42 -05:00
Isaac Connor 6cad852e11 fix path to MontageLayout 2019-01-04 09:34:18 -05:00
Isaac Connor dbe9817bc8 Split actions.php into individual files per view 2019-01-04 09:26:34 -05:00
Andrew Bauer 225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
Improve config efficiency
2019-01-02 19:34:34 -06:00
Isaac Connor 874930d8fc Merge branch 'master' into improve_config_efficiency 2019-01-02 13:07:53 -05:00
Isaac Connor 99471836b7 Use monitor's serverId when loading server object so that images load from recording server. 2019-01-02 11:28:12 -05:00
Isaac Connor 8a1707a615 Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server. 2019-01-02 11:27:46 -05:00
Isaac Connor 79113a6869 Add a default Server object to handle non-multi-server case 2019-01-02 10:56:40 -05:00
Andrew Bauer d14e9ecf74 force overloadframes and ExtendAlarmFrames to int (#2373) 2018-12-29 09:53:31 -05:00
Andrew Bauer 3258d8e590 remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00
Andrew Bauer a029909972 fix path to thumb and anal images (#2367) 2018-12-28 10:46:13 -05:00
Andrew Bauer fb37fc48e1 update viewImagePatch (#2370) 2018-12-28 10:38:39 -05:00
Isaac Connor 101f24feb5
Update area when editing x and y coords (#2366) 2018-12-27 14:28:14 -05:00
Andrew Bauer 5f9a113da1
redirect to montage rather than montagereview 2018-12-26 10:34:01 -06:00
Andrew Bauer 27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
Small groups fixes
2018-12-24 11:30:57 -06:00
Isaac Connor e0a9c4a21e fix event popup detection 2018-12-24 11:23:58 -05:00
Isaac Connor 68adc289fe Fix colspan count now that depth is zero-based 2018-12-24 09:40:23 -05:00
Isaac Connor e0cae5709f Group::find is now more powerful so we can just use it to return all Groups to be deleted 2018-12-24 09:39:40 -05:00
Isaac Connor 63199289ad Change depth function to be 0-based. 2018-12-24 09:38:55 -05:00
Isaac Connor 0cce0a642b Update chosen library to 1.8.7 2018-12-24 09:37:49 -05:00
Andrew Bauer 153877b9c0
Merge pull request #2359 from connortechnology/fix_2353
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 15:16:49 -06:00
Isaac Connor 1130d6650a Fix spacing and pass popup to previous/next event so that popups stay as popups 2018-12-21 10:50:19 -05:00
Isaac Connor 47465260d1 Update permissions checking for Groups to not use session. Fixes #2353 2018-12-21 10:01:48 -05:00
Isaac Connor a277f697e9 whitespace 2018-12-20 14:58:38 -05:00
Pliable Pixels 622c17f628 make sure auth is regenerated each time we call this API (#2347) 2018-12-16 11:02:07 -05:00
Mike Rosack 567b60ffa7 support for forwarded proto/port in Server.php (#2343) 2018-12-13 10:24:32 -05:00
Andrew Bauer 8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
Cleanup auth
2018-12-12 20:53:24 -06:00
Isaac Connor eba8b3327d Merge branch 'master' into cleanup_auth 2018-12-11 16:04:42 -05:00
Andrew Bauer 21a98f3653 Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view 2018-12-11 09:44:13 -06:00
Isaac Connor 278abbc201 Merge branch 'master' into remove_default_view 2018-12-11 10:37:26 -05:00
Andrew Bauer 3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
Andrew Bauer fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
Andrew Bauer 4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
Introduce get body top html
2018-12-11 09:35:54 -06:00
Andrew Bauer 22460f580b
Merge pull request #2305 from pliablepixels/save-first-alarm
Save first alarm
2018-12-11 09:35:40 -06:00
Andrew Bauer c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
Fix ios9
2018-12-11 09:29:50 -06:00
Isaac Connor b3bed9a28a fix whitespace 2018-12-11 10:20:02 -05:00
Isaac Connor e1ecd47bff Fix missing use of UrlToApi 2018-12-11 09:40:40 -05:00
Isaac Connor 1e8c4276bb fix #2319 some more. This is fixing rate sticking across gapless events and reload 2018-12-10 17:32:17 -05:00
Isaac Connor a1141d2dc4 remove second use of HTTP_HOST and use a better method of stripping off port from HTTP_HOST 2018-12-07 08:39:23 -05:00
Isaac Connor 757e538550 strip port from HTTP_HOST 2018-12-06 17:12:03 -05:00
Isaac Connor 9ffd77428a fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui 2018-12-05 09:05:10 -05:00
Isaac Connor 18ce7c9ea0 Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead. 2018-12-03 15:17:16 -05:00
Isaac Connor 27d4ba9e5f use output of babeljs.io to provide code that works on older browsers. The nice class notation is ES6 upwards.. Safari on IOS9 doesn't like it 2018-12-03 15:16:47 -05:00
Andrew Bauer e327ad100e fix WebSite camera startup issue 2018-12-01 17:03:50 -06:00