Compare commits

...

7 Commits

Author SHA1 Message Date
Isaac Connor 02be907692 Merge branch 'release-1.30.5' into release-1.30 2019-02-22 10:44:22 -05:00
Isaac Connor 09cdc5a6df update version to 1.30.5 2019-02-22 10:38:47 -05:00
Isaac Connor eccab15681 merge fix for use of abs 2019-02-22 10:35:26 -05:00
Isaac Connor 33ff7de899 Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency 2019-02-22 10:18:18 -05:00
Steve Gilvarry c0fa2cc335 Safer_username and safer_login should be based on the username and login (#2482)
(lengths * 2)+1. Control input lengths at user input
2019-02-22 10:16:11 -05:00
Isaac Connor c3930bb2ab workaround to mak sure that minTimeSecs and maxTimeSecs have values 2017-09-21 16:42:22 -04:00
Isaac Connor 9eb489288a fix typo maxiumum to maximum 2017-09-21 11:07:13 -04:00
6 changed files with 26 additions and 18 deletions

View File

@ -1650,6 +1650,7 @@ Image *Image::Highlight( unsigned int n_images, Image *images[], const Rgb thres
unsigned int size = result->size;
for ( unsigned int c = 0; c < colours; c++ )
{
unsigned int ref_colour_rgb = RGB_VAL(ref_colour,c);
for ( unsigned int i = 0; i < size; i++ )
{
unsigned int count = 0;
@ -1658,12 +1659,8 @@ Image *Image::Highlight( unsigned int n_images, Image *images[], const Rgb thres
{
uint8_t *psrc = images[j]->buffer+c;
#ifndef SOLARIS
if ( (unsigned)abs((*psrc)-RGB_VAL(ref_colour,c)) >= RGB_VAL(threshold,c) )
#else
if ( (unsigned)std::abs((*psrc)-RGB_VAL(ref_colour,c)) >= RGB_VAL(threshold,c) )
#endif
{
unsigned int diff = ((*psrc)-ref_colour_rgb) > 0 ? (*psrc)-ref_colour_rgb : ref_colour_rgb - (*psrc);
if (diff >= RGB_VAL(threshold,c)) {
count++;
}
psrc += colours;

View File

@ -98,18 +98,23 @@ bool User::canAccess( int monitor_id )
// Function to load a user from username and password
// Please note that in auth relay mode = none, password is NULL
User *zmLoadUser( const char *username, const char *password )
{
char sql[ZM_SQL_SML_BUFSIZ] = "";
char safer_username[65]; // current db username size is 32
char safer_password[129]; // current db password size is 64
User *zmLoadUser( const char *username, const char *password ) {
char sql[ZM_SQL_MED_BUFSIZ] = "";
int username_length = strlen(username);
char *safer_username = new char[(username_length * 2) + 1];
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) );
mysql_real_escape_string(&dbconn, safer_username, username, username_length );
if ( password ) {
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", safer_username, safer_password );
int password_length = strlen(password);
char *safer_password = new char[(password_length * 2) + 1];
mysql_real_escape_string(&dbconn, safer_password, password, password_length);
snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
safer_username, safer_password );
delete safer_password;
} else {
snprintf( sql, sizeof(sql), "select Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Enabled = 1", safer_username );
}
@ -139,7 +144,8 @@ User *zmLoadUser( const char *username, const char *password )
User *user = new User( dbrow );
Info( "Authenticated user '%s'", user->getUsername() );
mysql_free_result( result );
mysql_free_result(result);
delete safer_username;
return( user );
}

View File

@ -1 +1 @@
1.30.4
1.30.5

@ -1 +1 @@
Subproject commit c3976f1478c681b0bbc132ec3a3e82c3984eeed5
Subproject commit 0bd63fb464957080ead342db58ca9e01532cf1ef

View File

@ -44,7 +44,7 @@ function xhtmlHeaders( $file, $title )
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maxiumum-scale=1.0, user-scalable=no">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
<title><?php echo ZM_WEB_TITLE_PREFIX ?> - <?php echo validHtmlStr($title) ?></title>
<link rel="icon" type="image/ico" href="graphics/favicon.ico"/>
<link rel="shortcut icon" href="graphics/favicon.ico"/>

View File

@ -474,6 +474,11 @@ foreach ($monitors as $m)
$numMonitors += 1;
}
echo "var numMonitors = $numMonitors;\n";
if ( ! $minTimeSecs )
$minTimeSecs = strtotime("2036-01-01 01:01:01");
if ( ! $maxTimeSecs )
$maxTimeSecs = strtotime("1950-01-01 01:01:01");
echo "var minTimeSecs=" . $minTimeSecs . ";\n";
echo "var maxTimeSecs=" . $maxTimeSecs . ";\n";
echo "var rangeTimeSecs=" . ( $maxTimeSecs - $minTimeSecs + 1) . ";\n";