ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,523 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

2193 Commits

Author SHA1 Message Date
Isaac Connor f2920c37e0 escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead. 2017-04-18 12:31:20 -04:00
Andrew Bauer 008624451f Merge pull request #1856 from connortechnology/remove_BOM 
use dos2unix to remove BOM
 2017-04-17 08:32:17 -05:00
Isaac Connor 5e0012569f use dos2unix to remove BOM 2017-04-16 09:22:37 -04:00
Isaac Connor 0efca38d68 Merge pull request #1854 from knnniggett/caketmp 
make cake tmp = zoneminder tmp
 2017-04-15 10:23:03 -04:00
Isaac Connor ab4b5e6b69 Merge pull request #1853 from knnniggett/cakecache 
change cake cache engine from File -> Apc
 2017-04-14 21:10:23 -04:00
Andrew Bauer 0b729cf295 modify cmakelists.txt 2017-04-14 15:15:29 -05:00
Andrew Bauer d2490cf7e3 make cake tmp = zoneminder tmp 2017-04-14 15:11:41 -05:00
Andrew Bauer 48a73f7e78 change cache engine from File -> Apc 2017-04-14 14:31:42 -05:00
Andrew Bauer 3cbd32cd41 move cake log to zoneminder log folder 2017-04-14 14:24:29 -05:00
Andrew Bauer a10d52a3e1 Merge pull request #1844 from connortechnology/fix_1812 
fix Monitors filtering SQL
 2017-04-03 20:06:39 -05:00
Isaac Connor d3f6ab3d29 fix Monitors filtering SQL 2017-03-30 13:06:54 -04:00
Isaac Connor 7e3b27a130 Test for Controllable as well as ControlId 2017-03-30 10:49:02 -04:00
Isaac Connor 538658403c Merge pull request #1822 from knnniggett/csrf 
Implement CSRF Mitigation
 2017-03-30 10:39:55 -04:00
Isaac Connor 589b369109 fix inserting x10 record with missing , 2017-03-28 20:03:46 -04:00
Andy Bauer eb55a6bb9b set action,view, and/or request to NULL if there are not defined 2017-03-28 17:52:31 -05:00
Andy Bauer 4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Isaac Connor eaca58bb7c Merge pull request #1815 from mnoorenberghe/postlogin 
Properly escape postLoginQuery. Fixes #1797
 2017-03-21 10:27:13 -04:00
Matthew Noorenberghe ea558c79a0 Fix check that API user is enabled 2017-03-20 17:16:24 -07:00
Isaac Connor badbf1c74c Merge pull request #1816 from mnoorenberghe/flat_window_sizes 
Increase default window sizes for the flat theme. Fixes #1059
 2017-03-20 13:10:13 -04:00
Andrew Bauer 2dcd95bc7f Merge pull request #1504 from ZoneMinder/improve_filter 
Improve filter
 2017-03-18 21:12:58 -05:00
Andrew Bauer d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Matthew Noorenberghe 91ad6afffb Increase default window sizes for the flat theme. Fixes #1059 
Used the computed height of <html> and rounded up the nearest multiple of 5.
 2017-03-17 22:24:42 -07:00
Matthew Noorenberghe ea5342abd2 Properly escape postLoginQuery. Fixes #1797 2017-03-17 21:05:28 -07:00
Andrew Bauer 9681a444b4 Merge pull request #1765 from SteveGilvarry/ffmpeg_url 
Align Method description to what it is actually doing
 2017-03-16 09:32:30 -05:00
Andrew Bauer 7e0ac4b239 Merge pull request #1780 from connortechnology/fix_1775 
use escapeshellarg on inputs to daemonControl and other functions
 2017-03-16 09:27:04 -05:00
Andy Bauer 8759e2bdb4 prevent divide by zero, make error messages more descriptive 2017-02-21 13:10:41 -06:00
Andy Bauer 27ca8d8674 use === operator in getDiskPercent function 2017-02-21 12:33:05 -06:00
Isaac Connor 971c70f540 Merge pull request #1793 from mnoorenberghe/api_debug_default 
Reduce the default API debug level
 2017-02-20 21:44:48 -05:00
Matthew Noorenberghe df4739826b Reduce the default API debug level 2017-02-18 23:06:53 -08:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Manojav Sridhar 11b90e6011 fix usage of wrong key 2017-02-17 12:37:58 -05:00
Isaac Connor 2bf4b5ad1a use escapeshellarg on inputs to daemonControl and other functions where exec is called 2017-02-15 09:45:25 -05:00
SteveGilvarry b791504598 Wording of help text fixes 2017-02-06 08:01:04 +11:00
SteveGilvarry 9716c4ef89 Add Option help 2017-02-05 18:43:47 +11:00
SteveGilvarry c72704bf0b Change descriptions for ffmpeg methods and put TCP first. 2017-02-05 15:34:06 +11:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection 
Sanitize input parameters
 2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2 
Log xss fixes2
 2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements. 
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
 2017-02-04 14:59:33 -07:00
Isaac Connor 9135da92ed fix typo fileFields => filterFields 2017-01-31 21:33:43 -05:00
Isaac Connor 3437f23e8a Merge branch 'master' into fix_sql_injection 2017-01-28 14:33:49 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Andrew Bauer dbd73690b2 use !== false rather than === true 2017-01-25 09:26:07 -06:00
Andrew Bauer 6189d2670c ZM_DIR_EVENTS can be, and often is, a symlink 2017-01-25 09:05:34 -06:00
Andrew Bauer 8b19fca992 sanitize the image path before processing 2017-01-25 08:30:19 -06:00
Kyle Johnson 0e7794f2a7 Merge pull request #1 from connortechnology/cookie_http_only 
set http_only flag in cookie settings
 2017-01-12 09:25:36 -07:00
Andy Bauer 7ef7a36f39 fix conditional logic in controlcap.js 2017-01-10 17:53:05 -06:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00