Isaac Connor
53ce8c008a
move auth functions into it's own file
2018-04-06 14:36:23 -04:00
Isaac Connor
a9f4b7899a
move session closing higher up before actions.php.
2018-03-20 12:18:29 -07:00
Isaac Connor
b390633f70
Fix authHash generation
2018-01-31 14:58:01 -05:00
Isaac Connor
c59751713b
fix redirect
2018-01-28 17:31:00 -05:00
Isaac Connor
8a4b17fb50
turn into a url instead of boolean. Use it to refresh the options page on change so that changes are instantly noticable
2018-01-28 15:13:57 -05:00
Isaac Connor
bb9d640c01
use instead of ['request'] to fix behaviour when request has been emptied due to failed auth
2018-01-26 12:56:38 -05:00
Isaac
5865bbfb12
turn off debugging
2018-01-24 23:07:21 +01:00
Isaac
06c9266c62
use snapshot.jpg more
2018-01-22 03:27:01 +01:00
Isaac Connor
cb70a3627f
Fixes to montagereview and only load event data when in History mode
2017-11-28 14:50:21 -05:00
Isaac Connor
c0e49b65ef
stop writing env to /tmp/env
2017-11-24 15:38:07 -05:00
Isaac Connor
4b92a788f7
fix filter execute
2017-11-24 15:37:50 -05:00
Isaac Connor
b5491102ef
Fix saving MontageLayouts
2017-10-30 20:21:16 -04:00
Isaac Connor
a6c790b374
use a shared include for the filters bar
2017-10-30 07:37:08 -07:00
Isaac Connor
bc150574c7
wip import
2017-10-26 18:56:10 -07:00
Isaac Connor
4be133ed09
remove btn styles from buttons. make groups, cycle, montage, montage review non-popups. Add datetime filters to montagereview. Fix dark skin
2017-09-30 14:19:32 -04:00
Isaac Connor
160a553fb9
Don't do csrf for frames view either. If there are a lot of frames, we run out of mem.
2017-09-27 17:33:06 -04:00
Isaac Connor
27fe468868
Don't do csrf for view=video because the output buffering will make it run out of ram
2017-08-09 11:15:00 -04:00
Isaac Connor
b030fee429
don't do csrf checks for control commands
2017-07-14 12:29:24 -04:00
Isaac Connor
d7950bd732
Merge branch 'master' into knnniggett-configfiles
2017-07-03 21:53:47 -04:00
Isaac Connor
f782aeccd9
fix view is view_video, not action=niew_video
2017-06-26 21:09:54 -04:00
Isaac Connor
3a113899ed
whitespace and braces fixing
2017-06-26 14:29:45 -04:00
Isaac Connor
c1b8105c0e
only include csrf if it's going to be used. This fixes view_video using up all ram sending a video file
2017-06-26 14:23:54 -04:00
Isaac Connor
d97d156efb
Don't do csrf for view_video
2017-06-26 11:48:26 -04:00
Isaac Connor
c7026a1b65
requests should be csrf'd. view_video does not need to be
2017-06-20 10:56:59 -04:00
Isaac Connor
1932fa7f81
don't do CSRF for requests, and when not auth, clear the request so that we don't do it.
2017-06-20 10:52:16 -04:00
Isaac Connor
0e643f0f93
Merge branch 'master' into storageareas
2017-05-30 11:58:38 -04:00
Isaac Connor
3062fe43f3
revert csrf on login page. csrf needs to be off in order for zmNinja to work
2017-05-30 11:25:25 -04:00
Isaac Connor
f851daca68
merge code to load video.js etc on Event view
2017-05-18 15:10:13 -04:00
Isaac Connor
3ccf7e102e
fix Debug to Logger::Debug
2017-05-18 14:50:17 -04:00
Isaac Connor
f4224bb88e
Merge branch 'master' into storageareas
2017-05-17 17:47:39 -04:00
Matt N
33092e4022
Allow API authentication using the `auth` query parameter containing an auth. hash. ( #1845 )
...
* Allow API authentication using the `auth` query parameter containing an auth. hash.
Fixes #1827
The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.
* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals
This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.
* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
Isaac Connor
92854f5cba
more debug
2017-05-05 16:37:30 -04:00
Isaac Connor
dce39bb2a9
Merge branch 'master' into storageareas
2017-04-26 15:58:17 -04:00
Andrew Bauer
1a565a47f2
fix skin path in export_functions
2017-04-26 12:17:01 -05:00
Isaac Connor
b87839f785
turn off csrf on view=view_video
2017-04-19 10:12:51 -04:00
Isaac Connor
d1d4fa7b8f
fix the redirect location
2017-04-19 10:02:07 -04:00
Isaac Connor
7815f1c539
introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups
2017-04-05 10:05:21 -04:00
Isaac Connor
b2db0888ae
add a warning if csrf_check returns false
2017-03-30 10:46:13 -04:00
Isaac Connor
35067211e0
more the csrf to before actions.php
2017-03-29 10:19:00 -04:00
Isaac Connor
3cd9e46df9
Merge branch 'knnniggett-csrf' into storageareas
2017-03-28 20:44:38 -04:00
Andy Bauer
eb55a6bb9b
set action,view, and/or request to NULL if there are not defined
2017-03-28 17:52:31 -05:00
Andy Bauer
4e16ae6d19
add ZM_ENABLE_CSRF_MAGIC toggle
2017-03-28 17:29:36 -05:00
Andrew Bauer
d38bae72ae
integrate csrf-magic library
2017-03-18 20:12:06 -05:00
Kyle Johnson
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
Isaac Connor
30674919c4
always include Storage object, because in the end we will be using it everywhere
2017-01-02 10:34:45 -05:00
Isaac Connor
5ae34a7561
Merge branch 'master' into storageareas
2017-01-02 09:39:10 -05:00
Andy Bauer
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
Andy Bauer
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
Isaac Connor
69c39f8a23
set http_only flag in cookie settings
2016-12-14 14:39:44 -05:00
Isaac Connor
acbc5bc9e3
Merge branch 'cookie_http_only' into storageareas
2016-12-08 15:20:54 -05:00
Isaac Connor
772792a1b9
remove extra ,
2016-12-08 15:20:43 -05:00
Isaac Connor
7f2bf04c2f
Merge branch 'cookie_http_only' into storageareas
2016-12-08 14:26:13 -05:00
Isaac Connor
20793ee822
set httpOnly to true on cookie creation. This will override whatever is in php.ini
2016-12-08 14:25:29 -05:00
Isaac Connor
c2d6b3d809
fix auth
2016-11-29 15:25:10 -05:00
Isaac Connor
f9af1e7129
put authorized check back after including actions.php where it needs to go
2016-11-28 11:34:46 -05:00
Isaac Connor
f153e9b8fb
MontageReview should only be visisble to people who can view events. Fix running state
2016-10-20 13:38:12 -04:00
Isaac Connor
67e14bd12f
move States loading code into state view where it belongs. Move runnign check into specific places where it is needed. These changes reduce events list load time by about 4 seconds for me.
2016-10-20 13:16:50 -04:00
Isaac Connor
fc540786a5
Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php
2016-10-20 11:51:42 -04:00
Isaac Connor
01397b6695
Merge branch 'iconnor-updated-console' into storageareas
2016-05-06 14:31:27 -04:00
Isaac Connor
83795805f2
Move state getting into index.php
2016-05-06 14:30:50 -04:00
Isaac Connor
44e5b566b8
Merge branch 'iconnor-updated-console' into storageareas
2016-05-06 11:56:24 -04:00
Isaac Connor
8405db4750
Move running=daemonCheck from header to index.php so that it is defined early and can be used everywhere
2016-05-06 11:56:03 -04:00
Isaac Connor
851a81eff7
Merge pull request #1406 from ZoneMinder/svg_zones
...
replace the static zone image with a stream, and use SVG to draw the zones
2016-04-11 11:14:11 -04:00
Isaac Connor
56c2679afd
Merge branch 'icon_video' into storageareas
2016-04-11 10:30:01 -04:00
Andrew Bauer
5542788a45
make cannot write to content dir an error, rather than fatal
2016-04-10 18:45:38 -05:00
Isaac Connor
bbd33cc159
add monitor class so we don't have to everywhere else
2016-04-08 13:56:49 -04:00
Isaac Connor
1b69299c2d
Include Monitor object so it can be used elsewhere
2016-03-29 14:36:42 -04:00
Isaac Connor
c309cdaad4
include Event object so it can be used elsewhere
2016-03-29 12:06:51 -04:00
Isaac Connor
41d92bbf94
need to include Server class
2015-12-02 10:26:11 -05:00
Isaac Connor
644080fd41
call CORSHeaders
2015-12-02 10:05:27 -05:00
Andy Bauer
cb7acb36ab
Use relative URL's instead of absolute
2015-10-24 13:04:54 -05:00
Andrew Bauer
13aab8a1be
Merge pull request #1113 from baffo32/1112-detect-missing-content
...
Fatal if content dirs are unwritable
2015-10-14 06:49:33 -05:00
baffo32
da8e9dd81b
Remove reference to php.ini from timezone error
2015-10-13 16:55:38 -04:00
baffo32
250c3c31e1
Revised source-install specific recommendation.
2015-10-13 16:45:31 -04:00
baffo32
362b190641
Fatal if content dirs are unwritable
2015-10-12 16:16:22 -04:00
baffo32
4a280a73d1
Use Fatal function to report bad timezone
2015-10-12 15:43:24 -04:00
baffo32
d20478a15f
Detect invalid timezones
2015-10-12 13:22:30 -04:00
baffo32
7190b532dd
Fatal error if date.timezone is unset
2015-10-12 13:07:07 -04:00
Isaac Connor
c0139e87ad
define ZM_BASE_PROTOCOL
2015-09-17 15:14:43 -04:00
Isaac Connor
82f5ab5175
Fix use of DEFINED. It takes a string not a constant. When COOKIE is not set or has changed, set it
2015-05-11 16:22:14 -04:00
Isaac Connor
01af58018b
close the session before requiring the page contents to fix the concurrency issue that exists due to using the file-backed session.
2015-04-20 13:06:34 -04:00
Isaac Connor
0af7d0cc0b
check defined(ZM_DEFAULT_SKIN) otherwise php will turn it into a string
2015-02-19 16:04:06 -05:00
Isaac Connor
b159f6ce9e
Fatal->Error since Fatal is fatal
2015-02-19 15:57:37 -05:00
Isaac Connor
8eb8cacd56
Check to make sure that skin and css are valid.
2015-02-19 14:17:33 -05:00
Isaac Connor
1cfec7e3e7
Move require of config.php and logger up higher
2015-01-04 11:50:24 -05:00
Isaac Connor
50e6784779
this adds two config options to System tab to set the default skin and css
2014-12-17 16:45:41 -05:00
Isaac Connor
45feac3d36
Merge pull request #640 from jrd288/offer_login
...
Offer login prompt instead of throwing error
2014-12-16 09:35:08 -05:00
jrd288
10dba9b4c2
Offer login instead of error
...
When a user accesses a view but receives an error, and is not logged
on, he is offered a login prompt instead. The login prompt saves the
original query URL in a hidden field, and postlogin redirects back to
the original URL once the user has logged on.
If the user is logged in and there is an error, no login prompt is
shown.
This allows the user to click an event link in an e-mail and then log
in before being shown the event, instead of requiring going back
through the front ZM page to log in.
2014-12-15 17:17:03 -05:00
Isaac Connor
3c8153c9b4
better fix for the view=console security flaw.
...
This does it in index.php,so it guards all pages, and also just changes the view to login, so instead of giving an error, it presents you with the login, which I think is better.
2014-12-12 09:38:54 -05:00
Isaac Connor
5bf34de07b
Add lines to parse url ?css= commands and set a global variable to be used to determine which set of css files to use.
2014-11-26 11:26:29 -05:00
m-bene
b197f985e0
make expiry date relative (~10years)
2014-05-01 09:53:45 +02:00
m-bene
ed7ca66045
make skin selection cookie persistent
2014-05-01 09:37:39 +02:00
Isaac Connor
6e5d9272e0
supposed to fix #296
2014-01-03 18:33:01 -05:00
stan
6035ed211a
Detaint some user inputs to avoid malicious file inclusion
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3483 e3e1d417-86f3-4887-817a-d78f3d33393f
2011-07-22 08:37:01 +00:00
stan
6ff385e407
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3459 e3e1d417-86f3-4887-817a-d78f3d33393f
2011-06-21 09:19:10 +00:00
stan
160c0d4fa2
Log missing view or request files.
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2990 e3e1d417-86f3-4887-817a-d78f3d33393f
2009-11-19 08:13:07 +00:00
stan
ef8f7b85fd
Continuing development and bugfixes
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2632 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-09-26 09:47:20 +00:00
stan
d6fc2d0cd5
Fixed display or error page.
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2614 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-08-03 15:05:33 +00:00
stan
106882c161
Updated copyright notices
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2612 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-25 09:48:16 +00:00
stan
0f0a8c004f
Changed skinSeq to skinBase
...
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2596 e3e1d417-86f3-4887-817a-d78f3d33393f
2008-07-23 09:57:11 +00:00