| .. |
|
js
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
|
_monitor_filters.php
|
Replace remaining `console` inline event handlers (#2432)
|
2019-01-21 11:11:40 -05:00 |
|
_monitor_source_nvsocket.php
|
fix nvsocket
|
2017-11-13 14:25:19 -08:00 |
|
add_monitors.php
|
make find and find_one functions consistent across Objects
|
2018-09-07 16:31:11 -04:00 |
|
bandwidth.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
blank.php
|
More inline JS / nonce conversions (#2415)
|
2019-01-18 09:51:06 -05:00 |
|
console.php
|
console: Escape source column output to prevent XSS. Fixes #2452
|
2019-02-09 02:28:40 -08:00 |
|
control.php
|
skins/classic/views/control.php second order sqli (#2422)
|
2019-01-19 09:46:21 -05:00 |
|
controlcap.php
|
controlcap.php: Reflected xss fix with validHtmlStr (#2423)
|
2019-01-19 09:43:28 -05:00 |
|
controlcaps.php
|
Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479)
|
2019-01-25 08:35:07 -05:00 |
|
controlpreset.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
cycle.php
|
Fix #2391 by defining monitor variable (#2392)
|
2019-01-05 10:20:34 -05:00 |
|
device.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
devices.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
donate.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
download.php
|
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
|
2019-02-09 01:37:32 -08:00 |
|
error.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
event.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
eventdetail.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
events.php
|
fix buttons on events page. data-onclick-this to data-on-click-this
|
2019-02-07 08:56:48 -05:00 |
|
export.php
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
|
filter.php
|
fix CSP policy violations on filters view
|
2019-02-06 13:55:19 -05:00 |
|
frame.php
|
Use buttons instead of anchor tags for Prev/Next/FIrst/Last buttons
|
2018-11-14 15:54:34 -05:00 |
|
frames.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
function.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
group.php
|
More inline JS / nonce conversions (#2415)
|
2019-01-18 09:51:06 -05:00 |
|
groups.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
image-ffmpeg.php
|
Merge branch 'master' into storageareas
|
2017-07-21 11:04:32 -04:00 |
|
log.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
login.php
|
When logging in, stay on the login view
|
2019-01-21 11:17:09 -05:00 |
|
logout.php
|
logout view should go to logout view
|
2019-01-16 12:23:18 -05:00 |
|
monitor.php
|
fix validateForm running on monitor cancel due to lack of type=button on cancel button
|
2019-02-08 09:55:32 -05:00 |
|
monitorpreset.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
monitorprobe.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
monitors.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
montage.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
montagereview.php
|
Fix CSP violation in the onclick of the monitor view in montagereview
|
2019-02-06 12:17:10 -05:00 |
|
none.php
|
Filter improvements (#2438)
|
2019-01-23 11:30:51 -05:00 |
|
onvifprobe.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
optionhelp.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
options.php
|
Fix duplicate 'class' attribute in options (#2418)
|
2019-01-18 10:05:44 -05:00 |
|
plugin.php
|
plugin.php: Remove undefined onclick function reference and enforce CSP
|
2019-01-23 19:47:58 -08:00 |
|
postlogin.php
|
turn into a url instead of boolean. Use it to refresh the options page on change so that changes are instantly noticable
|
2018-01-28 15:13:57 -05:00 |
|
privacy.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
report_event_audit.php
|
add fileSize to the api, and use it to add remote fileSize reporting in includes/Event
|
2018-05-08 13:33:56 -07:00 |
|
server.php
|
Add a validateForm event listener and enforce CSP on some views (#2425)
|
2019-01-19 09:41:53 -05:00 |
|
settings.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
state.php
|
fix state actions
|
2019-02-05 12:35:06 -05:00 |
|
stats.php
|
update gpl 2 mailing address in source files
|
2016-12-26 09:23:16 -06:00 |
|
status.php
|
fix state changing/etc
|
2019-01-30 14:36:46 -05:00 |
|
storage.php
|
Add a validateForm event listener and enforce CSP on some views (#2425)
|
2019-01-19 09:41:53 -05:00 |
|
timeline.php
|
specify E.* in query because otherwise it uses M.Id for Id
|
2018-04-20 14:25:38 -04:00 |
|
user.php
|
Filter improvements (#2438)
|
2019-01-23 11:30:51 -05:00 |
|
version.php
|
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
|
2019-01-31 09:40:19 -05:00 |
|
video.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
watch.php
|
spacing, remove non html5 elements
|
2019-01-25 09:22:08 -05:00 |
|
zone.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
zones.php
|
Fix zones.php self-xss. Fixes #2444
|
2019-01-24 23:40:41 -08:00 |
fa6716a64b