Release lock before notify

db/zm_update-1.35.25.sql

@@ -56,7 +56,7 @@ EXECUTE stmt;
 SET @s = (SELECT IF(
     (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE()
      AND table_name = 'Monitor_Status'
-     AND column_name = 'DayEvents'
+     AND column_name = 'DayEventDiskSpace'
     ) > 0,
 "ALTER TABLE `Monitor_Status` DROP `DayEventDiskSpace`",
 "SELECT 'Column DayEventDiskSpace already removed from Monitor_Status'"

dep/RtspServer

@@ -1 +1 @@
-Subproject commit cd7fd49becad6010a1b8466bfebbd93999a39878
+Subproject commit eab32851421ffe54fec0229c3efc44c642bc8d46

scripts/ZoneMinder/lib/ZoneMinder/Control/AxisV2.pm

@@ -51,11 +51,21 @@ sub open {
   my $self = shift;
 
   $self->loadMonitor();
-	if ( $self->{Monitor}->{ControlAddress} !~ /^\w+:\/\// ) {
+
-		# Has no scheme at the beginning, so won't parse as a URI
+  if ($self->{Monitor}->{ControlAddress} and ($self->{Monitor}->{ControlAddress} ne 'user:pass@ip')) {
-		$self->{Monitor}->{ControlAddress} = 'http://'.$self->{Monitor}->{ControlAddress};
+    Debug("Getting connection details from Control Address " . $self->{Monitor}->{ControlAddress});
-	}
+    if ( $self->{Monitor}->{ControlAddress} !~ /^\w+:\/\// ) {
-  $uri = URI->new($self->{Monitor}->{ControlAddress});
+      # Has no scheme at the beginning, so won't parse as a URI
+      $self->{Monitor}->{ControlAddress} = 'http://'.$self->{Monitor}->{ControlAddress};
+    }
+    $uri = URI->new($self->{Monitor}->{ControlAddress});
+  } elsif ($self->{Monitor}->{Path}) {
+    Debug("Getting connection details from Path " . $self->{Monitor}->{Path});
+    $uri = URI->new($self->{Monitor}->{Path});
+    $uri->scheme('http');
+    $uri->port(80);
+    $uri->path('');
+  }
 
   use LWP::UserAgent;
   $self->{ua} = LWP::UserAgent->new;
@@ -64,6 +74,7 @@ sub open {
   $self->{state} = 'closed';
 
   my ( $username, $password, $host ) = ( $uri->authority() =~ /^([^:]+):([^@]*)@(.+)$/ );
+  Debug("Have username: $username password: $password host: $host from authority:" . $uri->authority());
   
   $uri->userinfo(undef);
 
@@ -75,40 +86,47 @@ sub open {
   # test auth
   my $res = $self->{ua}->get($uri->canonical().$url);
 
-  if ( $res->is_success ) {
+  if ($res->is_success) {
-    if ( $res->content() ne "Properties.PTZ.PTZ=yes\n" ) {
+    if ($res->content() ne "Properties.PTZ.PTZ=yes\n") {
       Warning('Response suggests that camera doesn\'t support PTZ. Content:('.$res->content().')');
     }
     $self->{state} = 'open';
     return;
   }
+  if ($res->status_line() eq '404 Not Found') {
+    #older style
+    $url = 'axis-cgi/com/ptz.cgi';
+    $res = $self->{ua}->get($uri->canonical().$url);
+    Debug("Result from getting ".$uri->canonical().$url . ':' . $res->status_line());
+  }
 
-  if ( $res->status_line() eq '401 Unauthorized' ) {
+  if ($res->status_line() eq '401 Unauthorized') {
-
     my $headers = $res->headers();
     foreach my $k ( keys %$headers ) {
       Debug("Initial Header $k => $$headers{$k}");
     }
 
     if ( $$headers{'www-authenticate'} ) {
-      my ( $auth, $tokens ) = $$headers{'www-authenticate'} =~ /^(\w+)\s+(.*)$/;
+      foreach my $auth_header ( ref $$headers{'www-authenticate'} eq 'ARRAY' ? @{$$headers{'www-authenticate'}} : ($$headers{'www-authenticate'})) {
-      if ( $tokens =~ /\w+="([^"]+)"/i ) {
+        my ( $auth, $tokens ) = $auth_header =~ /^(\w+)\s+(.*)$/;
-        if ( $realm ne $1 ) {
+        if ( $tokens =~ /\w+="([^"]+)"/i ) {
-          $realm = $1;
+          if ( $realm ne $1 ) {
-          $self->{ua}->credentials($uri->host_port(), $realm, $username, $password);
+            $realm = $1;
-          $res = $self->{ua}->get($uri->canonical().$url);
+            $self->{ua}->credentials($uri->host_port(), $realm, $username, $password);
-          if ( $res->is_success() ) {
+            $res = $self->{ua}->get($uri->canonical().$url);
-            Info("Auth succeeded after setting realm to $realm.  You can set this value in the Control Device field to speed up connections and remove these log entries.");
+            if ( $res->is_success() ) {
-            $self->{state} = 'open';
+              Info("Auth succeeded after setting realm to $realm.  You can set this value in the Control Device field to speed up connections and remove these log entries.");
-            return;
+              $self->{state} = 'open';
+              return;
+            }
+            Error('Authentication still failed after updating REALM status: '.$res->status_line);
+          } else {
+            Error('Authentication failed, not a REALM problem');
           }
-          Error('Authentication still failed after updating REALM status: '.$res->status_line);
         } else {
-          Error('Authentication failed, not a REALM problem');
+          Error('Failed to match realm in tokens');
-        }
+        } # end if
-      } else {
+      } # end foreach auth header
-        Error('Failed to match realm in tokens');
-      } # end if
     } else {
       Debug('No headers line');
     } # end if headers

src/zm_comms.h

@@ -244,6 +244,7 @@ class Socket : public CommsBase {
   }
 
   virtual ssize_t recv(std::string &msg) const {
+    msg.reserve(ZM_NETWORK_BUFSIZ);
     std::vector<char> buffer(msg.capacity());
     ssize_t nBytes;
     if ((nBytes = ::recv(mSd, buffer.data(), buffer.size(), 0)) < 0) {

src/zm_db.cpp

@@ -107,8 +107,8 @@ bool zmDbConnect() {
 }
 
 void zmDbClose() {
+  std::lock_guard<std::mutex> lck(db_mutex);
   if (zmDbConnected) {
-    std::lock_guard<std::mutex> lck(db_mutex);
     mysql_close(&dbconn);
     // mysql_init() call implicitly mysql_library_init() but
     // mysql_close() does not call mysql_library_end()
@@ -237,8 +237,12 @@ zmDbQueue::~zmDbQueue() {
 }
 
 void zmDbQueue::stop() {
-  mTerminate = true;
+  {
+    std::unique_lock<std::mutex> lock(mMutex);
+    mTerminate = true;
+  }
   mCondition.notify_all();
+
   if (mThread.joinable()) mThread.join();
 }
 

src/zm_ffmpeg.cpp

@@ -295,8 +295,8 @@ void zm_dump_stream_format(AVFormatContext *ic, int i, int index, int is_output)
     Debug(1, "ids [0x%x]", st->id);
   if (lang)
     Debug(1, "language (%s)", lang->value);
-  Debug(1, "frames:%d, frame_size:%d stream timebase: %d/%d",
+  Debug(1, "frame_size:%d stream timebase: %d/%d",
-      st->codec_info_nb_frames, codec->frame_size,
+      codec->frame_size,
       st->time_base.num, st->time_base.den
       );
 

src/zm_monitor.cpp

@@ -1175,7 +1175,7 @@ void Monitor::AddPrivacyBitmask() {
 
 int Monitor::GetImage(int32_t index, int scale) {
   if (index < 0 || index > image_buffer_count) {
-    Warning("Invalid index %d passed. image_buffer_count = %d", index, image_buffer_count);
+    Debug(1, "Invalid index %d passed. image_buffer_count = %d", index, image_buffer_count);
     index = shared_data->last_write_index;
   }
   if (!image_buffer.size() or static_cast<size_t>(index) >= image_buffer.size()) {

src/zm_remote_camera_rtsp.cpp

@@ -22,6 +22,7 @@
 #include "zm_config.h"
 #include "zm_monitor.h"
 #include "zm_packet.h"
+#include "zm_signal.h"
 
 #if HAVE_LIBAVFORMAT
 
@@ -128,7 +129,7 @@ int RemoteCameraRtsp::Disconnect() {
 
 int RemoteCameraRtsp::PrimeCapture() {
   Debug(2, "Waiting for sources");
-  for ( int i = 0; (i < 100) && !rtspThread->hasSources(); i++ ) {
+  for ( int i = 100; i &&zm_terminate && !rtspThread->hasSources(); i-- ) {
     usleep(100000);
   }
   if ( !rtspThread->hasSources() ) {
@@ -169,8 +170,10 @@ int RemoteCameraRtsp::PrimeCapture() {
     }
   } // end foreach stream
 
-  if ( mVideoStreamId == -1 )
+  if ( mVideoStreamId == -1 ) {
-    Fatal("Unable to locate video stream");
+    Error("Unable to locate video stream");
+    return -1;
+  }
   if ( mAudioStreamId == -1 )
     Debug(3, "Unable to locate audio stream");
 
@@ -184,8 +187,10 @@ int RemoteCameraRtsp::PrimeCapture() {
 
   // Find the decoder for the video stream
   AVCodec *codec = avcodec_find_decoder(mVideoCodecContext->codec_id);
-  if ( codec == nullptr )
+  if ( codec == nullptr ) {
-    Panic("Unable to locate codec %d decoder", mVideoCodecContext->codec_id);
+    Error("Unable to locate codec %d decoder", mVideoCodecContext->codec_id);
+    return -1;
+  }
 
   // Open codec
 #if !LIBAVFORMAT_VERSION_CHECK(53, 8, 0, 8, 0)
@@ -193,7 +198,10 @@ int RemoteCameraRtsp::PrimeCapture() {
 #else
   if ( avcodec_open2(mVideoCodecContext, codec, 0) < 0 )
 #endif
-    Panic("Can't open codec");
+  {
+    Error("Can't open codec");
+    return -1;
+  }
 
 #if LIBAVUTIL_VERSION_CHECK(54, 6, 0, 6, 0)
   int pSize = av_image_get_buffer_size(imagePixFormat, width, height, 1);
@@ -202,7 +210,8 @@ int RemoteCameraRtsp::PrimeCapture() {
 #endif
 
   if ( (unsigned int)pSize != imagesize ) {
-    Fatal("Image size mismatch. Required: %d Available: %llu", pSize, imagesize);
+    Error("Image size mismatch. Required: %d Available: %llu", pSize, imagesize);
+    return -1;
   }
 
   return 1;
@@ -221,18 +230,13 @@ int RemoteCameraRtsp::PreCapture() {
 int RemoteCameraRtsp::Capture(std::shared_ptr<ZMPacket> &zm_packet) {
   int frameComplete = false;
   AVPacket *packet = &zm_packet->packet;
-  if ( !zm_packet->image ) {
-    Debug(1, "Allocating image %dx%d %d colours %d", width, height, colours, subpixelorder);
-    zm_packet->image = new Image(width, height, colours, subpixelorder);
-  }
 
-  
   while (!frameComplete) {
     buffer.clear();
     if (!rtspThread || rtspThread->IsStopped())
       return -1;
 
-    if ( rtspThread->getFrame(buffer) ) {
+    if (rtspThread->getFrame(buffer)) {
       Debug(3, "Read frame %d bytes", buffer.size());
       Hexdump(4, buffer.head(), 16);
 
@@ -267,49 +271,20 @@ int RemoteCameraRtsp::Capture(std::shared_ptr<ZMPacket> &zm_packet) {
 
       //while ( (!frameComplete) && (buffer.size() > 0) ) {
       if ( buffer.size() > 0 ) {
-        packet->data = buffer.head();
+        packet->data = (uint8_t*)av_malloc(buffer.size());
+        memcpy(packet->data, buffer.head(), buffer.size());
+        //packet->data = buffer.head();
         packet->size = buffer.size();
         bytes += packet->size;
+        buffer -= packet->size;
 
         struct timeval now;
-        gettimeofday(&now, NULL);
+        gettimeofday(&now, nullptr);
         packet->pts = packet->dts = now.tv_sec*1000000+now.tv_usec;
-
+        zm_packet->codec_type = mVideoCodecContext->codec_type;
-        int bytes_consumed = zm_packet->decode(mVideoCodecContext);
+        zm_packet->stream = mVideoStream;
-        if ( bytes_consumed < 0 ) {
+        frameComplete = true;
-          Error("Error while decoding frame %d", frameCount);
+        Debug(2, "Frame: %d - %d/%d", frameCount, packet->size, buffer.size());
-          //Hexdump(Logger::ERROR, buffer.head(), buffer.size()>256?256:buffer.size());
-        }
-        buffer -= packet->size;
-        if ( bytes_consumed ) {
-          zm_dump_video_frame(zm_packet->in_frame, "remote_rtsp_decode");
-          if ( ! mVideoStream->
-#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0)
-              codecpar
-#else
-              codec
-#endif
-              ->width ) {
-            zm_dump_codec(mVideoCodecContext);
-#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0)
-            zm_dump_codecpar(mVideoStream->codecpar);
-            mVideoStream->codecpar->width = zm_packet->in_frame->width;
-            mVideoStream->codecpar->height = zm_packet->in_frame->height;
-#else
-            mVideoStream->codec->width = zm_packet->in_frame->width;
-            mVideoStream->codec->height = zm_packet->in_frame->height;
-#endif
-#if LIBAVCODEC_VERSION_CHECK(57, 64, 0, 64, 0)
-            zm_dump_codecpar(mVideoStream->codecpar);
-#endif
-          }
-          zm_packet->codec_type = mVideoCodecContext->codec_type;
-          zm_packet->stream = mVideoStream;
-          frameComplete = true;
-          Debug(2, "Frame: %d - %d/%d", frameCount, bytes_consumed, buffer.size());
-          packet->data = nullptr;
-          packet->size = 0;
-        }
       }
     } /* getFrame() */
   } // end while true

src/zm_rtp_ctrl.cpp

@@ -279,7 +279,7 @@ void RtpCtrlThread::Run() {
   time_t  last_receive = time(nullptr);
   bool  timeout = false; // used as a flag that we had a timeout, and then sent an RR to see if we wake back up. Real timeout will happen when this is true.
 
-  while (!mTerminate && select.wait() >= 0) {
+  while (!mTerminate && (select.wait() >= 0)) {
     time_t now = time(nullptr);
     ZM::Select::CommsList readable = select.getReadable();
     if ( readable.size() == 0 ) {

src/zm_rtp_source.cpp

@@ -47,8 +47,10 @@ RtpSource::RtpSource(
   mFrame(65536),
   mFrameCount(0),
   mFrameGood(true),
+  prevM(false),
   mFrameReady(false),
-  mFrameProcessed(false)
+  mFrameProcessed(false),
+  mTerminate(false)
 {
   char hostname[256] = "";
   gethostname(hostname, sizeof(hostname));

src/zm_rtp_source.h

@@ -92,8 +92,6 @@ private:
   bool mFrameGood;
   bool prevM;
 
-  bool mTerminate;
-
   bool mFrameReady;
   std::condition_variable mFrameReadyCv;
   std::mutex mFrameReadyMutex;
@@ -101,6 +99,7 @@ private:
   bool mFrameProcessed;
   std::condition_variable mFrameProcessedCv;
   std::mutex mFrameProcessedMutex;
+  bool mTerminate;
 
 private:
   void init(uint16_t seq);

src/zmu.cpp

@@ -486,7 +486,7 @@ int main(int argc, char *argv[]) {
       exit_zmu(-1);
     }
 		if ( !ValidateAccess(user, mon_id, function) ) {
-			Error("Insufficient privileges for requested action");
+			Error("Insufficient privileges for user %s for requested function %x", username, function);
 			exit_zmu(-1);
 		}
   } // end if auth
@@ -730,7 +730,7 @@ int main(int argc, char *argv[]) {
     if ( function & ZMU_QUERY ) {
 #if ZM_HAS_V4L
 			char vidString[0x10000] = "";
-			bool ok = LocalCamera::GetCurrentSettings(device.c_str(), vidString, v4lVersion, verbose);
+			bool ok = LocalCamera::GetCurrentSettings(device.empty()?nullptr:device.c_str(), vidString, v4lVersion, verbose);
 			printf("%s", vidString);
 			exit_zmu(ok ? 0 : -1);
 #else // ZM_HAS_V4L

utils/do_debian_package.sh

@@ -136,13 +136,6 @@ else
       echo "Defaulting to master branch";
       BRANCH="master";
     fi;
-    if [ "$SNAPSHOT" == "NOW" ]; then
-      SNAPSHOT=`date +%Y%m%d%H%M%S`;
-    else
-      if [ "$SNAPSHOT" == "CURRENT" ]; then
-        SNAPSHOT="`date +%Y%m%d.`$(git rev-list ${versionhash}..HEAD --count)"
-      fi;
-    fi;
   fi;
 fi
 
@@ -150,6 +143,8 @@ if [ "$PACKAGE_VERSION" == "NOW" ]; then
   PACKAGE_VERSION=`date +%Y%m%d%H%M%S`;
 else
   if [ "$PACKAGE_VERSION" == "CURRENT" ]; then
+    # git the latest (short) commit hash of the version file
+    versionhash=$(git log -n1 --pretty=format:%h version)
     PACKAGE_VERSION="`date +%Y%m%d.`$(git rev-list ${versionhash}..HEAD --count)"
   fi;
 fi;
@@ -200,10 +195,19 @@ else
 fi;
 
 cd "${GITHUB_FORK}_zoneminder_release"
-  git checkout $BRANCH
+git checkout $BRANCH
-cd ../
 
-VERSION=`cat ${GITHUB_FORK}_zoneminder_release/version`
+VERSION=`cat version`
+if [ "$SNAPSHOT" == "NOW" ]; then
+  SNAPSHOT=`date +%Y%m%d%H%M%S`;
+else
+  if [ "$SNAPSHOT" == "CURRENT" ]; then
+    # git the latest (short) commit hash of the version file
+    versionhash=$(git log -n1 --pretty=format:%h version)
+    SNAPSHOT="`date +%Y%m%d.`$(git rev-list ${versionhash}..HEAD --count)"
+  fi;
+fi;
+cd ../
 
 if [ -z "$VERSION" ]; then
   exit 1;

web/ajax/events.php

@@ -182,6 +182,9 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
   $sort = $sort == 'Monitor' ? 'M.Name' : 'E.'.$sort;
   $col_str = 'E.*, M.Name AS Monitor';
   $sql = 'SELECT ' .$col_str. ' FROM `Events` AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id'.$where.' ORDER BY '.$sort.' '.$order;
+  if ($filter->limit() and !count($filter->pre_sql_conditions()) and !count($filter->post_sql_conditions())) {
+    $sql .= ' LIMIT '.$filter->limit();
+  }
 
   $storage_areas = ZM\Storage::find();
   $StorageById = array();
@@ -208,6 +211,12 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
     $unfiltered_rows[] = $row;
   } # end foreach row
 
+  # Filter limits come before pagination limits.
+  if ($filter->limit() and ($filter->limit() > count($unfiltered_rows))) {
+    ZM\Debug("Filtering rows due to filter->limit " . count($unfiltered_rows)." limit: ".$filter->limit());
+    $unfiltered_rows = array_slice($unfiltered_rows, 0, $filter->limit());
+  }
+
   ZM\Debug('Have ' . count($unfiltered_rows) . ' events matching base filter.');
 
   $filtered_rows = null;
@@ -246,8 +255,10 @@ function queryRequest($filter, $search, $advsearch, $sort, $offset, $order, $lim
     $filtered_rows = $unfiltered_rows;
   } # end if search_filter->terms() > 1
 
-  if ($limit) 
+  if ($limit) {
+    ZM\Debug("Filtering rows due to limit " . count($filtered_rows)." offset: $offset limit: $limit");
     $filtered_rows = array_slice($filtered_rows, $offset, $limit);
+  }
 
   $returned_rows = array();
   foreach ($filtered_rows as $row) {

web/ajax/status.php

@@ -112,6 +112,7 @@ $statusData = array(
       'StartTimeShort' => array( 'sql' => 'date_format( StartDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'StartDateTimeShort' => array( 'sql' => 'date_format( StartDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'EndDateTime' => true,
+      'EndDateTimeShort' => array( 'sql' => 'date_format( EndDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'Width' => true,
       'Height' => true,
       'Length' => true,
@@ -140,6 +141,7 @@ $statusData = array(
       'StartTimeShort' => array( 'sql' => 'date_format( StartDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'StartDateTimeShort' => array( 'sql' => 'date_format( StartDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'EndDateTime' => true,
+      'EndDateTimeShort' => array( 'sql' => 'date_format( EndDateTime, \''.MYSQL_FMT_DATETIME_SHORT.'\' )' ), 
       'Width' => true,
       'Height' => true,
       'Length' => true,

web/includes/Filter.php

@@ -227,7 +227,7 @@ class Filter extends ZM_Object {
     }
     if ( isset( $this->Query()['limit'] ) )
       return $this->{'Query'}['limit'];
-    return 100;
+    return 0;
     #return $this->defaults{'limit'};
   }
 

web/includes/actions/options.php

@@ -24,6 +24,8 @@ if ( !canEdit('System') ) {
   return;
 }
 
+global $error_message;
+
 if ( $action == 'delete' ) {
   if ( isset($_REQUEST['object']) ) {
     if ( $_REQUEST['object'] == 'server' ) {
@@ -65,10 +67,19 @@ if ( $action == 'delete' ) {
     }
 
     if ( isset($newValue) && ($newValue != $config['Value']) ) {
+      # Handle special cases first
+      if ($config['Name'] == 'ZM_LANG_DEFAULT') {
+        # Verify that the language file exists in the lang directory.
+        if (!file_exists(ZM_PATH_WEB.'/lang/'.$newValue.'.php')) {
+          $error_message .= 'Error setting ' . $config['Name'].'. New value ' .$newValue.' not saved because '.ZM_PATH_WEB.'/lang/'.$newValue.'.php doesn\'t exist.<br/>';
+          ZM\Error($error_message);
+          continue;
+        }
+      }
       dbQuery('UPDATE Config SET Value=? WHERE Name=?', array($newValue, $config['Name']));
       $changed = true;
-    }
+    } # end if value changed
-  }
+  } # end foreach config entry
   if ( $changed ) {
     switch ( $_REQUEST['tab'] ) {
     case 'system' :

web/includes/actions/user.php

@@ -44,12 +44,21 @@ if ($action == 'Save') {
     } else {
       unset($_REQUEST['newUser']['Password']);
     }
+    if (isset($_REQUEST['newUser']['Language']) and $_REQUEST['newUser']['Language']) {
+      # Verify that the language file exists in the lang directory.
+      if (!file_exists(ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php')) {
+        $error_message .= 'Error setting Language. New value ' .$_REQUEST['newUser']['Language'].' not saved because '.ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php doesn\'t exist.<br/>';
+        ZM\Error($error_message);
+        unset($_REQUEST['newUser']['Language']);
+        unset($_REQUEST['redirect']);
+      }
+    }
     $changes = $dbUser->changes($_REQUEST['newUser']);
-    ZM\Debug("Changes: " . print_r($changes, true));
+    ZM\Debug('Changes: ' . print_r($changes, true));
 
     if (count($changes)) {
       if (!$dbUser->save($changes)) {
-        $error_message = $dbUser->get_last_error();
+        $error_message .= $dbUser->get_last_error().'<br/>';
         unset($_REQUEST['redirect']);
         return;
       }
@@ -73,6 +82,15 @@ if ($action == 'Save') {
     } else {
       unset($_REQUEST['newUser']['Password']);
     }
+    if (isset($_REQUEST['newUser']['Language']) and $_REQUEST['newUser']['Language']) {
+      # Verify that the language file exists in the lang directory.
+      if (!file_exists(ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php')) {
+        $error_message .= 'Error setting Language. New value ' .$_REQUEST['newUser']['Language'].' not saved because '.ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php doesn\'t exist.<br/>';
+        ZM\Error($error_message);
+        unset($_REQUEST['newUser']['Language']);
+        unset($_REQUEST['redirect']);
+      }
+    }
     $fields = array('Password'=>'', 'Language'=>'', 'HomeView'=>'');
     ZM\Debug("changes: ".print_r(array_intersect_key($_REQUEST['newUser'], $fields),true));
     $changes = $dbUser->changes(array_intersect_key($_REQUEST['newUser'], $fields));
@@ -80,7 +98,7 @@ if ($action == 'Save') {
 
     if (count($changes)) {
       if (!$dbUser->save($changes)) {
-        $error_message = $dbUser->get_last_error();
+        $error_message .= $dbUser->get_last_error();
         unset($_REQUEST['redirect']);
         return;
       }

web/includes/csrf/csrf-magic.php

@@ -348,7 +348,7 @@ return false;
             return $value === csrf_hash($_COOKIE[$n], $time);
         case 'key':
             if (!$GLOBALS['csrf']['key']) {
-		    Debug("Checking key: no key set"  );
+		    ZM\Debug("Checking key: no key set"  );
 		    return false;
 	    }
  #Debug("Checking sid: $value === " . csrf_hash($GLOBALS['csrf']['key'], $time) );

web/includes/lang.php

@@ -30,20 +30,21 @@ function translate($name) {
 function loadLanguage($prefix='') {
   global $user;
 
-  if ( $prefix )
+  if ($prefix)
     $prefix = $prefix.'/';
 
-  if ( isset($user['Language']) and $user['Language'] ) {
+  if (isset($user['Language']) and $user['Language']) {
-    $userLangFile = $prefix.'lang/'.$user['Language'].'.php';
+    # Languages can only have letters, numbers and underscore
+    $userLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', $user['Language']).'.php';
 
-    if ( file_exists($userLangFile) ) {
+    if (file_exists($userLangFile)) {
       return $userLangFile;
     } else {
       ZM\Warning("User language file $userLangFile does not exist.");
     }
   }
 
-  $systemLangFile = $prefix.'lang/'.ZM_LANG_DEFAULT.'.php';
+  $systemLangFile = $prefix.'lang/'.preg_replace('/[^[:alnum:]_]+/', '', ZM_LANG_DEFAULT).'.php';
   if ( file_exists($systemLangFile) ) {
     return $systemLangFile;
   } else {

web/skins/classic/css/base/skin.css

@@ -340,6 +340,14 @@ ul.tabList li.active a {
 .alarm, .errorText, .error {
     color: #ff3f34;
 }
+/* Refers to the error box at the top of the web UI */
+#error {
+  width: 100%;
+  padding: 5px;
+  font-weight: bold;
+  background-color: white;
+  color: #ff3f34;
+}
 
 .timedErrorBox {
   color:white;

web/skins/classic/css/base/views/monitor.css

@@ -10,6 +10,7 @@
 }
 
 textarea,
+input[name="newMonitor[Host]"],
 input[name="newMonitor[Name]"],
 input[name="newMonitor[Path]"],
 input[name="newMonitor[SecondPath]"],

web/skins/classic/includes/functions.php

@@ -169,7 +169,7 @@ function getBodyTopHTML() {
 ';
   global $error_message;
   if ( $error_message ) {
-   echo '<div class="error">'.$error_message.'</div>';
+   echo '<div id="error">'.$error_message.'</div>';
   }
 } // end function getBodyTopHTML
 
@@ -203,7 +203,7 @@ function getNormalNavBarHTML($running, $user, $bandwidth_options, $view, $skin)
   $status = runtimeStatus($running);
 
 ?>
-<div class="fixed-top container-fluid p-0">
+<div class="container-fluid p-0">
   <nav class="navbar navbar-expand-md navbar-dark bg-dark justify-content-center flex-row">
 
     <div class="navbar-brand justify-content-start align-self-start">

web/skins/classic/views/js/event.js

@@ -52,14 +52,19 @@ function vjsReplay() {
         var overLaid = $j("#videoobj");
         overLaid.append('<p class="vjsMessage" style="height: '+overLaid.height()+'px; line-height: '+overLaid.height()+'px;">No more events</p>');
       } else {
-        var endTime = (Date.parse(eventData.EndDateTime)).getTime();
+        if (!eventData.EndDateTime) {
+          // No EndTime but have a next event, just go to it.
+          streamNext(true);
+          return;
+        }
+        var endTime = Date.parse(eventData.EndDateTime).getTime();
         var nextStartTime = nextEventStartTime.getTime(); //nextEventStartTime.getTime() is a mootools workaround, highjacks Date.parse
         if ( nextStartTime <= endTime ) {
           streamNext(true);
           return;
         }
-        var overLaid = $j("#videoobj");
         vid.pause();
+        var overLaid = $j("#videoobj");
         overLaid.append('<p class="vjsMessage" style="height: '+overLaid.height()+'px; line-height: '+overLaid.height()+'px;"></p>');
         var gapDuration = (new Date().getTime()) + (nextStartTime - endTime);
         var messageP = $j('.vjsMessage');

web/skins/classic/views/js/event.js.php

@@ -51,6 +51,7 @@ var eventData = {
     StartDateTime: '<?php echo $Event->StartDateTime() ?>',
     StartDateTimeShort: '<?php echo strftime(STRF_FMT_DATETIME_SHORT, strtotime($Event->StartDateTime())) ?>',
     EndDateTime: '<?php echo $Event->EndDateTime() ?>',
+    EndDateTimeShort: '<?php echo $Event->EndDateTime()? strftime(STRF_FMT_DATETIME_SHORT, strtotime($Event->EndDateTime())) : '' ?>',
     Frames: '<?php echo $Event->Frames() ?>',
     AlarmFrames: '<?php echo $Event->AlarmFrames() ?>',
     TotScore: '<?php echo $Event->TotScore() ?>',
@@ -73,6 +74,7 @@ var eventDataStrings = {
     MonitorName: '<?php echo translate('AttrMonitorName') ?>',
     Cause: '<?php echo translate('Cause') ?>',
     StartDateTimeShort: '<?php echo translate('AttrStartTime') ?>',
+    EndDateTimeShort: '<?php echo translate('AttrEndTime') ?>',
     Length: '<?php echo translate('Duration') ?>',
     Frames: '<?php echo translate('AttrFrames') ?>',
     AlarmFrames: '<?php echo translate('AttrAlarmFrames') ?>',

web/skins/classic/views/js/watch.js

@@ -850,7 +850,7 @@ function initPage() {
     // Load the PTZ Preset modal into the DOM
     if (monitorControllable) getCtrlPresetModal();
     // Load the settings modal into the DOM
-    if (monitorType == "Local") getSettingsModal();
+    if (monitorType == 'Local') getSettingsModal();
   }
 
   if (monitorType != 'WebSite') {
@@ -917,7 +917,15 @@ function initPage() {
   });
 
   // Only enable the settings button for local cameras
-  settingsBtn.prop('disabled', !(canView.Control && (monitorType == 'Local')));
+  if (!canView.Control) {
+    settingsBtn.prop('disabled', true);
+    settingsBtn.prop('title', 'Disbled due to lack of Control View permission.');
+  } else if (monitorType != 'Local') {
+    settingsBtn.prop('disabled', true);
+    settingsBtn.prop('title', 'Settings only available for Local monitors.');
+  } else {
+    settingsBtn.prop('disabled', false);
+  }
 
   // Init the bootstrap-table
   if (monitorType != 'WebSite') table.bootstrapTable({icons: icons});

web/skins/classic/views/monitor.php

@@ -770,9 +770,18 @@ include('_monitor_source_nvsocket.php');
 ?>
             </td>
           </tr>
-          <tr><td class="text-right pr-3"><?php echo translate('RemoteHostName') ?></td><td><input type="text" name="newMonitor[Host]" value="<?php echo validHtmlStr($monitor->Host()) ?>"/></td></tr>
+          <tr>
-          <tr><td><?php echo translate('RemoteHostPort') ?></td><td><input type="number" name="newMonitor[Port]" value="<?php echo validHtmlStr($monitor->Port()) ?>" min="0" max="65535"/></td></tr>
+            <td class="text-right pr-3"><?php echo translate('RemoteHostName') ?></td>
-          <tr><td><?php echo translate('RemoteHostPath') ?></td><td><input type="text" name="newMonitor[Path]" value="<?php echo validHtmlStr($monitor->Path()) ?>"/></td></tr>
+            <td><input type="text" name="newMonitor[Host]" value="<?php echo validHtmlStr($monitor->Host()) ?>"/></td>
+          </tr>
+          <tr>
+            <td class="text-right pr-3"><?php echo translate('RemoteHostPort') ?></td>
+            <td><input type="number" name="newMonitor[Port]" value="<?php echo validHtmlStr($monitor->Port()) ?>" min="0" max="65535" step="1"/></td>
+          </tr>
+          <tr>
+            <td class="text-right pr-3"><?php echo translate('RemoteHostPath') ?></td>
+            <td><input type="text" name="newMonitor[Path]" value="<?php echo validHtmlStr($monitor->Path()) ?>"/></td>
+          </tr>
 <?php
       } else if ( $monitor->Type() == 'File' ) {
 ?>

web/skins/classic/views/options.php

@@ -54,9 +54,9 @@ else
 $focusWindow = true;
 
 xhtmlHeaders(__FILE__, translate('Options'));
+getBodyTopHTML();
+echo getNavBarHTML();
 ?>
-<body>
-  <?php echo getNavBarHTML(); ?>
   <div class="container-fluid">
     <div class="row flex-nowrap">
       <nav id="sidebar">

web/views/image.php

@@ -65,7 +65,7 @@ if ( empty($_REQUEST['path']) ) {
 
   if ( empty($_REQUEST['fid']) ) {
     header('HTTP/1.0 404 Not Found');
-    ZM\Fatal('No Frame ID specified');
+    ZM\Error('No Frame ID specified');
     return;
   }
 
@@ -73,47 +73,50 @@ if ( empty($_REQUEST['path']) ) {
     $Event = ZM\Event::find_one(array('Id'=>$_REQUEST['eid']));
     if ( !$Event ) {
       header('HTTP/1.0 404 Not Found');
-      ZM\Fatal('Event '.$_REQUEST['eid'].' Not found');
+      ZM\Error('Event '.$_REQUEST['eid'].' Not found');
       return;
     }
 
     if ( $_REQUEST['fid'] == 'objdetect' ) {
-        // if animation file is found, return that, else return image
+      // if animation file is found, return that, else return image
-        // we are only looking for GIF or jpg here, not mp4
+      // we are only looking for GIF or jpg here, not mp4
-        // as most often, browsers asking for this link will be expecting
+      // as most often, browsers asking for this link will be expecting
-        // media types that can be rendered as <img src=>
+      // media types that can be rendered as <img src=>
-        $path_anim_gif = $Event->Path().'/objdetect.gif';
+      $path_anim_gif = $Event->Path().'/objdetect.gif';
-        $path_image = $Event->Path().'/objdetect.jpg';
+      $path_image = $Event->Path().'/objdetect.jpg';
-        if (file_exists($path_anim_gif)) {
+      if (file_exists($path_anim_gif)) {
-          // we found the animation gif file
+        // we found the animation gif file
-          $media_type = 'image/gif';
+        $media_type = 'image/gif';
-          ZM\Debug("Animation file found at $path");
+        ZM\Debug("Animation file found at $path");
-          $path = $path_anim_gif;
+        $path = $path_anim_gif;
-        } else if (file_exists($path_image)) {
+      } else if (file_exists($path_image)) {
-            // animation not found, but image found
+        // animation not found, but image found
-            ZM\Debug("Image file found at $path");
+        ZM\Debug("Image file found at $path");
-            $path = $path_image;
+        $path = $path_image;
-        } else {
+      } else {
-            // neither animation nor image found
+        // neither animation nor image found
-            header('HTTP/1.0 404 Not Found');
+        header('HTTP/1.0 404 Not Found');
-            ZM\Fatal("Object detection animation and image not found for this event");  
+        ZM\Error('Object detection animation and image not found for this event');  
-        }
+        return;
-        $Frame = new ZM\Frame();
+      }
-        $Frame->Id('objdetect');
+      $Frame = new ZM\Frame();
-      } else if ( $_REQUEST['fid'] == 'objdetect_mp4' ) {
+      $Frame->Id('objdetect');
-        $path = $Event->Path().'/objdetect.mp4';
+    } else if ( $_REQUEST['fid'] == 'objdetect_mp4' ) {
-        if ( !file_exists($path) ) {
+      $path = $Event->Path().'/objdetect.mp4';
-          header('HTTP/1.0 404 Not Found');
+      if ( !file_exists($path) ) {
-          ZM\Fatal("File $path does not exist. You might not have enabled create_animation in objectconfig.ini. If you have, inspect debug logs for errors during creation");
+        header('HTTP/1.0 404 Not Found');
-          }
+        ZM\Error("File $path does not exist. You might not have enabled create_animation in objectconfig.ini. If you have, inspect debug logs for errors during creation");
-        $Frame = new ZM\Frame();
+        return;
-        $Frame->Id('objdetect');
+      }
-        $media_type = 'video/mp4';
+      $Frame = new ZM\Frame();
-      } else if ( $_REQUEST['fid'] == 'objdetect_gif' ) {
+      $Frame->Id('objdetect');
-        $path = $Event->Path().'/objdetect.gif';
+      $media_type = 'video/mp4';
-        if ( !file_exists($path) ) {
+    } else if ( $_REQUEST['fid'] == 'objdetect_gif' ) {
-          header('HTTP/1.0 404 Not Found');
+      $path = $Event->Path().'/objdetect.gif';
-          ZM\Fatal("File $path does not exist. You might not have enabled create_animation in objectconfig.ini. If you have, inspect debug logs for errors during creation");
+      if ( !file_exists($path) ) {
+        header('HTTP/1.0 404 Not Found');
+        ZM\Error("File $path does not exist. You might not have enabled create_animation in objectconfig.ini. If you have, inspect debug logs for errors during creation");
+        return;
       }
       $Frame = new ZM\Frame();
       $Frame->Id('objdetect');
@@ -122,7 +125,8 @@ if ( empty($_REQUEST['path']) ) {
       $path = $Event->Path().'/objdetect.jpg';
       if ( !file_exists($path) ) {
         header('HTTP/1.0 404 Not Found');
-        ZM\Fatal("File $path does not exist. Please make sure store_frame_in_zm is enabled in the object detection config");
+        ZM\Error("File $path does not exist. Please make sure store_frame_in_zm is enabled in the object detection config");
+        return;
       }
       $Frame = new ZM\Frame();
       $Frame->Id('objdetect');
@@ -149,7 +153,7 @@ if ( empty($_REQUEST['path']) ) {
           $path = $Event->Path().'/'.sprintf('%0'.ZM_EVENT_IMAGE_DIGITS.'d', $Frame->FrameId()).'-'.$show.'.jpg';
         } else {
           header('HTTP/1.0 404 Not Found');
-          ZM\Fatal('No alarm jpg found for event '.$_REQUEST['eid']);
+          ZM\Error('No alarm jpg found for event '.$_REQUEST['eid']);
           return;
         }
       } else {
@@ -189,11 +193,12 @@ if ( empty($_REQUEST['path']) ) {
             ZM\Debug("Command: $command, retval: $retval, output: " . implode("\n", $output));
             if ( ! file_exists($path) ) {
               header('HTTP/1.0 404 Not Found');
-              ZM\Fatal('Can\'t create frame images from video for this event '.$Event->DefaultVideo().'
+              ZM\Error('Can\'t create frame images from video for this event '.$Event->DefaultVideo().'
 
                 Command was: '.$command.'
 
                 Output was: '.implode(PHP_EOL,$output) );
+              return;
             }
             # Generating an image file will use up more disk space, so update the Event record.
             if ( $Event->EndDateTime() ) {
@@ -202,7 +207,7 @@ if ( empty($_REQUEST['path']) ) {
             }
           } else {
             header('HTTP/1.0 404 Not Found');
-            ZM\Fatal('No snapshot jpg found for event '.$_REQUEST['eid']);
+            ZM\Error('No snapshot jpg found for event '.$_REQUEST['eid']);
             return;
           }
         } # end if stored jpgs
@@ -231,7 +236,8 @@ if ( empty($_REQUEST['path']) ) {
           $Frame->Delta($previousBulkFrame['Delta'] + floor( 100* ( $nextBulkFrame['Delta'] - $previousBulkFrame['Delta'] ) * $percentage )/100);
           ZM\Debug('Got virtual frame from Bulk Frames previous delta: ' . $previousBulkFrame['Delta'] . ' + nextdelta:' . $nextBulkFrame['Delta'] . ' - ' . $previousBulkFrame['Delta'] . ' * ' . $percentage );
         } else {
-          ZM\Fatal('No Frame found for event('.$_REQUEST['eid'].') and frame id('.$_REQUEST['fid'].')');
+          ZM\Error('No Frame found for event('.$_REQUEST['eid'].') and frame id('.$_REQUEST['fid'].')');
+          return;
         }
       }  # end if !Frame
       // Frame can be non-existent.  We have Bulk frames.  So now we should try to load the bulk frame 
@@ -244,14 +250,14 @@ if ( empty($_REQUEST['path']) ) {
     $Frame = ZM\Frame::find_one(array('Id'=>$_REQUEST['fid']));
     if ( !$Frame ) {
       header('HTTP/1.0 404 Not Found');
-      ZM\Fatal('Frame ' . $_REQUEST['fid'] . ' Not Found');
+      ZM\Error('Frame ' . $_REQUEST['fid'] . ' Not Found');
       return;
     }
 
     $Event = ZM\Event::find_one(array('Id'=>$Frame->EventId()));
     if ( !$Event ) {
       header('HTTP/1.0 404 Not Found');
-      ZM\Fatal('Event ' . $Frame->EventId() . ' Not Found');
+      ZM\Error('Event ' . $Frame->EventId() . ' Not Found');
       return;
     }
     $path = $Event->Path().'/'.sprintf('%0'.ZM_EVENT_IMAGE_DIGITS.'d',$Frame->FrameId()).'-'.$show.'.jpg';
@@ -263,7 +269,8 @@ if ( empty($_REQUEST['path']) ) {
     if ( ($show == 'capture') and $Event->DefaultVideo() ) {
       if ( !file_exists($Event->Path().'/'.$Event->DefaultVideo()) ) {
         header('HTTP/1.0 404 Not Found');
-        ZM\Fatal("Can't create frame images from video because there is no video file for this event at (".$Event->Path().'/'.$Event->DefaultVideo() );
+        ZM\Error("Can't create frame images from video because there is no video file for this event at (".$Event->Path().'/'.$Event->DefaultVideo() );
+        return;
       }
       $command = ZM_PATH_FFMPEG.' -ss '. $Frame->Delta() .' -i '.$Event->Path().'/'.$Event->DefaultVideo().' -frames:v 1 '.$path . ' 2>&1';
       #$command ='ffmpeg -ss '. $Frame->Delta() .' -i '.$Event->Path().'/'.$Event->DefaultVideo().' -vf "select=gte(n\\,'.$Frame->FrameId().'),setpts=PTS-STARTPTS" '.$path;
@@ -275,11 +282,12 @@ if ( empty($_REQUEST['path']) ) {
       ZM\Debug("Command: $command, retval: $retval, output: " . implode("\n", $output));
       if ( ! file_exists($path) ) {
         header('HTTP/1.0 404 Not Found');
-        ZM\Fatal('Can\'t create frame images from video for this event '.$Event->DefaultVideo().'
+        ZM\Error('Can\'t create frame images from video for this event '.$Event->DefaultVideo().'
 
 Command was: '.$command.'
 
 Output was: '.implode(PHP_EOL,$output) );
+        return;
       }
       # Generating an image file will use up more disk space, so update the Event record.
       if ( $Event->EndDateTime() ) {
@@ -288,8 +296,9 @@ Output was: '.implode(PHP_EOL,$output) );
       }
     } else {
       header('HTTP/1.0 404 Not Found');
-      ZM\Fatal("Can't create frame $show images from video because there is no video file for this event at ".
+      ZM\Error("Can't create frame $show images from video because there is no video file for this event at ".
         $Event->Path().'/'.$Event->DefaultVideo() );
+      return;
     }
   } # end if ! file_exists($path)
 
@@ -317,7 +326,8 @@ Output was: '.implode(PHP_EOL,$output) );
   }
   if ( !file_exists($path) ) {
     header('HTTP/1.0 404 Not Found');
-    ZM\Fatal("Image not found at $path");
+    ZM\Error("Image not found at $path");
+    return;
   }
 }