From 827eebd38c47045c6e0008790041fa97a4fed1c7 Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Sat, 29 Aug 2015 14:53:39 -0500 Subject: [PATCH 1/6] remove core.php, modify core.php.default --- web/api/app/Config/core.php | 388 ---------------------------- web/api/app/Config/core.php.default | 3 +- 2 files changed, 2 insertions(+), 389 deletions(-) delete mode 100644 web/api/app/Config/core.php diff --git a/web/api/app/Config/core.php b/web/api/app/Config/core.php deleted file mode 100644 index 5902a2235..000000000 --- a/web/api/app/Config/core.php +++ /dev/null @@ -1,388 +0,0 @@ - 0 - * and log errors with CakeLog when debug = 0. - * - * Options: - * - * - `handler` - callback - The callback to handle errors. You can set this to any callable type, - * including anonymous functions. - * Make sure you add App::uses('MyHandler', 'Error'); when using a custom handler class - * - `level` - integer - The level of errors you are interested in capturing. - * - `trace` - boolean - Include stack traces for errors in log files. - * - * @see ErrorHandler for more information on error handling and configuration. - */ - Configure::write('Error', array( - 'handler' => 'ErrorHandler::handleError', - 'level' => E_ALL & ~E_DEPRECATED, - 'trace' => true - )); - -/** - * Configure the Exception handler used for uncaught exceptions. By default, - * ErrorHandler::handleException() is used. It will display a HTML page for the exception, and - * while debug > 0, framework errors like Missing Controller will be displayed. When debug = 0, - * framework errors will be coerced into generic HTTP errors. - * - * Options: - * - * - `handler` - callback - The callback to handle exceptions. You can set this to any callback type, - * including anonymous functions. - * Make sure you add App::uses('MyHandler', 'Error'); when using a custom handler class - * - `renderer` - string - The class responsible for rendering uncaught exceptions. If you choose a custom class you - * should place the file for that class in app/Lib/Error. This class needs to implement a render method. - * - `log` - boolean - Should Exceptions be logged? - * - `skipLog` - array - list of exceptions to skip for logging. Exceptions that - * extend one of the listed exceptions will also be skipped for logging. - * Example: `'skipLog' => array('NotFoundException', 'UnauthorizedException')` - * - * @see ErrorHandler for more information on exception handling and configuration. - */ - Configure::write('Exception', array( - 'handler' => 'ErrorHandler::handleException', - 'renderer' => 'ExceptionRenderer', - 'log' => true - )); - -/** - * Application wide charset encoding - */ - Configure::write('App.encoding', 'UTF-8'); - -/** - * To configure CakePHP *not* to use mod_rewrite and to - * use CakePHP pretty URLs, remove these .htaccess - * files: - * - * /.htaccess - * /app/.htaccess - * /app/webroot/.htaccess - * - * And uncomment the App.baseUrl below. But keep in mind - * that plugin assets such as images, CSS and JavaScript files - * will not work without URL rewriting! - * To work around this issue you should either symlink or copy - * the plugin assets into you app's webroot directory. This is - * recommended even when you are using mod_rewrite. Handling static - * assets through the Dispatcher is incredibly inefficient and - * included primarily as a development convenience - and - * thus not recommended for production applications. - */ - //Configure::write('App.baseUrl', env('SCRIPT_NAME')); - -/** - * To configure CakePHP to use a particular domain URL - * for any URL generation inside the application, set the following - * configuration variable to the http(s) address to your domain. This - * will override the automatic detection of full base URL and can be - * useful when generating links from the CLI (e.g. sending emails) - */ - //Configure::write('App.fullBaseUrl', 'http://example.com'); - -/** - * Web path to the public images directory under webroot. - * If not set defaults to 'img/' - */ - //Configure::write('App.imageBaseUrl', 'img/'); - -/** - * Web path to the CSS files directory under webroot. - * If not set defaults to 'css/' - */ - //Configure::write('App.cssBaseUrl', 'css/'); - -/** - * Web path to the js files directory under webroot. - * If not set defaults to 'js/' - */ - //Configure::write('App.jsBaseUrl', 'js/'); - -/** - * Uncomment the define below to use CakePHP prefix routes. - * - * The value of the define determines the names of the routes - * and their associated controller actions: - * - * Set to an array of prefixes you want to use in your application. Use for - * admin or other prefixed routes. - * - * Routing.prefixes = array('admin', 'manager'); - * - * Enables: - * `admin_index()` and `/admin/controller/index` - * `manager_index()` and `/manager/controller/index` - * - */ - //Configure::write('Routing.prefixes', array('admin')); - -/** - * Turn off all caching application-wide. - * - */ - //Configure::write('Cache.disable', true); - -/** - * Enable cache checking. - * - * If set to true, for view caching you must still use the controller - * public $cacheAction inside your controllers to define caching settings. - * You can either set it controller-wide by setting public $cacheAction = true, - * or in each action using $this->cacheAction = true. - * - */ - //Configure::write('Cache.check', true); - -/** - * Enable cache view prefixes. - * - * If set it will be prepended to the cache name for view file caching. This is - * helpful if you deploy the same application via multiple subdomains and languages, - * for instance. Each version can then have its own view cache namespace. - * Note: The final cache file name will then be `prefix_cachefilename`. - */ - //Configure::write('Cache.viewPrefix', 'prefix'); - -/** - * Session configuration. - * - * Contains an array of settings to use for session configuration. The defaults key is - * used to define a default preset to use for sessions, any settings declared here will override - * the settings of the default config. - * - * ## Options - * - * - `Session.cookie` - The name of the cookie to use. Defaults to 'CAKEPHP' - * - `Session.timeout` - The number of minutes you want sessions to live for. This timeout is handled by CakePHP - * - `Session.cookieTimeout` - The number of minutes you want session cookies to live for. - * - `Session.checkAgent` - Do you want the user agent to be checked when starting sessions? You might want to set the - * value to false, when dealing with older versions of IE, Chrome Frame or certain web-browsing devices and AJAX - * - `Session.defaults` - The default configuration set to use as a basis for your session. - * There are four builtins: php, cake, cache, database. - * - `Session.handler` - Can be used to enable a custom session handler. Expects an array of callables, - * that can be used with `session_save_handler`. Using this option will automatically add `session.save_handler` - * to the ini array. - * - `Session.autoRegenerate` - Enabling this setting, turns on automatic renewal of sessions, and - * sessionids that change frequently. See CakeSession::$requestCountdown. - * - `Session.ini` - An associative array of additional ini values to set. - * - * The built in defaults are: - * - * - 'php' - Uses settings defined in your php.ini. - * - 'cake' - Saves session files in CakePHP's /tmp directory. - * - 'database' - Uses CakePHP's database sessions. - * - 'cache' - Use the Cache class to save sessions. - * - * To define a custom session handler, save it at /app/Model/Datasource/Session/.php. - * Make sure the class implements `CakeSessionHandlerInterface` and set Session.handler to - * - * To use database sessions, run the app/Config/Schema/sessions.php schema using - * the cake shell command: cake schema create Sessions - * - */ - Configure::write('Session', array( - 'defaults' => 'php', - 'cookie'=>'ZMSESSID' - )); - -/** - * A random string used in security hashing methods. - */ - Configure::write('Security.salt', 'Q0MjGG2xRQEhJVQR85WhFJKI7f2St8RYMlVR7GNQ'); - -/** - * A random numeric string (digits only) used to encrypt/decrypt strings. - */ - Configure::write('Security.cipherSeed', '02670120062639232092038865362'); - -/** - * Apply timestamps with the last modified time to static assets (js, css, images). - * Will append a query string parameter containing the time the file was modified. This is - * useful for invalidating browser caches. - * - * Set to `true` to apply timestamps when debug > 0. Set to 'force' to always enable - * timestamping regardless of debug value. - */ - //Configure::write('Asset.timestamp', true); - -/** - * Compress CSS output by removing comments, whitespace, repeating tags, etc. - * This requires a/var/cache directory to be writable by the web server for caching. - * and /vendors/csspp/csspp.php - * - * To use, prefix the CSS link URL with '/ccss/' instead of '/css/' or use HtmlHelper::css(). - */ - //Configure::write('Asset.filter.css', 'css.php'); - -/** - * Plug in your own custom JavaScript compressor by dropping a script in your webroot to handle the - * output, and setting the config below to the name of the script. - * - * To use, prefix your JavaScript link URLs with '/cjs/' instead of '/js/' or use JsHelper::link(). - */ - //Configure::write('Asset.filter.js', 'custom_javascript_output_filter.php'); - -/** - * The class name and database used in CakePHP's - * access control lists. - */ - Configure::write('Acl.classname', 'DbAcl'); - Configure::write('Acl.database', 'default'); - -/** - * Uncomment this line and correct your server timezone to fix - * any date & time related errors. - */ - //date_default_timezone_set('UTC'); - -/** - * `Config.timezone` is available in which you can set users' timezone string. - * If a method of CakeTime class is called with $timezone parameter as null and `Config.timezone` is set, - * then the value of `Config.timezone` will be used. This feature allows you to set users' timezone just - * once instead of passing it each time in function calls. - */ - //Configure::write('Config.timezone', 'Europe/Paris'); - -/** - * - * Cache Engine Configuration - * Default settings provided below - * - * File storage engine. - * - * Cache::config('default', array( - * 'engine' => 'File', //[required] - * 'duration' => 3600, //[optional] - * 'probability' => 100, //[optional] - * 'path' => CACHE, //[optional] use system tmp directory - remember to use absolute path - * 'prefix' => 'cake_', //[optional] prefix every cache file with this string - * 'lock' => false, //[optional] use file locking - * 'serialize' => true, //[optional] - * 'mask' => 0664, //[optional] - * )); - * - * APC (http://pecl.php.net/package/APC) - * - * Cache::config('default', array( - * 'engine' => 'Apc', //[required] - * 'duration' => 3600, //[optional] - * 'probability' => 100, //[optional] - * 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string - * )); - * - * Xcache (http://xcache.lighttpd.net/) - * - * Cache::config('default', array( - * 'engine' => 'Xcache', //[required] - * 'duration' => 3600, //[optional] - * 'probability' => 100, //[optional] - * 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string - * 'user' => 'user', //user from xcache.admin.user settings - * 'password' => 'password', //plaintext password (xcache.admin.pass) - * )); - * - * Memcached (http://www.danga.com/memcached/) - * - * Uses the memcached extension. See http://php.net/memcached - * - * Cache::config('default', array( - * 'engine' => 'Memcached', //[required] - * 'duration' => 3600, //[optional] - * 'probability' => 100, //[optional] - * 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string - * 'servers' => array( - * '127.0.0.1:11211' // localhost, default port 11211 - * ), //[optional] - * 'persistent' => 'my_connection', // [optional] The name of the persistent connection. - * 'compress' => false, // [optional] compress data in Memcached (slower, but uses less memory) - * )); - * - * Wincache (http://php.net/wincache) - * - * Cache::config('default', array( - * 'engine' => 'Wincache', //[required] - * 'duration' => 3600, //[optional] - * 'probability' => 100, //[optional] - * 'prefix' => Inflector::slug(APP_DIR) . '_', //[optional] prefix every cache file with this string - * )); - */ - -/** - * Configure the cache handlers that CakePHP will use for internal - * metadata like class maps, and model schema. - * - * By default File is used, but for improved performance you should use APC. - * - * Note: 'default' and other application caches should be configured in app/Config/bootstrap.php. - * Please check the comments in bootstrap.php for more info on the cache engines available - * and their settings. - */ -$engine = 'File'; - -// In development mode, caches should expire quickly. -$duration = '+999 days'; -if (Configure::read('debug') > 0) { - $duration = '+10 seconds'; -} - -// Prefix each application on the same server with a different string, to avoid Memcache and APC conflicts. -$prefix = 'myapp_'; - -/** - * Configure the cache used for general framework caching. Path information, - * object listings, and translation cache files are stored with this configuration. - */ -Cache::config('_cake_core_', array( - 'engine' => $engine, - 'prefix' => $prefix . 'cake_core_', - 'path' => CACHE . 'persistent' . DS, - 'serialize' => ($engine === 'File'), - 'duration' => $duration -)); - -/** - * Configure the cache for model and datasource caches. This cache configuration - * is used to store schema descriptions, and table listings in connections. - */ -Cache::config('_cake_model_', array( - 'engine' => $engine, - 'prefix' => $prefix . 'cake_model_', - 'path' => CACHE . 'models' . DS, - 'serialize' => ($engine === 'File'), - 'duration' => $duration -)); diff --git a/web/api/app/Config/core.php.default b/web/api/app/Config/core.php.default index 156f404df..43736a61f 100644 --- a/web/api/app/Config/core.php.default +++ b/web/api/app/Config/core.php.default @@ -216,7 +216,8 @@ * */ Configure::write('Session', array( - 'defaults' => 'php' + 'defaults' => 'php', + 'cookie'=>'ZMSESSID' )); /** From 333e7ec67b7aa33d954f7ebca84f8cb1e40e34ac Mon Sep 17 00:00:00 2001 From: Dmitry Smirnov Date: Sat, 19 Sep 2015 17:30:07 +1000 Subject: [PATCH 2/6] header typo corrections --- src/zm_buffer.h | 2 +- web/skins/classic/css/classic/skin.css | 2 +- web/skins/classic/css/dark/skin.css | 2 +- web/skins/classic/css/flat/skin.css | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/zm_buffer.h b/src/zm_buffer.h index a0db4a2c5..007df4459 100644 --- a/src/zm_buffer.h +++ b/src/zm_buffer.h @@ -10,7 +10,7 @@ * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more demTails. + * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software diff --git a/web/skins/classic/css/classic/skin.css b/web/skins/classic/css/classic/skin.css index 735ac7e5c..f066837bb 100644 --- a/web/skins/classic/css/classic/skin.css +++ b/web/skins/classic/css/classic/skin.css @@ -5,7 +5,7 @@ * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) input[type=password], any later version. + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/web/skins/classic/css/dark/skin.css b/web/skins/classic/css/dark/skin.css index d8b2afe9e..d8ecbc006 100644 --- a/web/skins/classic/css/dark/skin.css +++ b/web/skins/classic/css/dark/skin.css @@ -5,7 +5,7 @@ * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) input[type=password], any later version. + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/web/skins/classic/css/flat/skin.css b/web/skins/classic/css/flat/skin.css index a818d4c1b..6a871c416 100644 --- a/web/skins/classic/css/flat/skin.css +++ b/web/skins/classic/css/flat/skin.css @@ -5,7 +5,7 @@ * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) input[type=password], any later version. + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of From 7af5652e55133c11d918a76552f51e03fdad4e54 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 21 Sep 2015 06:45:27 -0500 Subject: [PATCH 3/6] Update README.md spelling --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b1d96befb..381b2dd54 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ All documentation for ZoneMinder is now online at http://www.zoneminder.com/wiki ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine. It is designed to run on distributions which support the Video For Linux (V4L) interface and has been tested with video cameras attached to BTTV cards, various USB cameras and also supports most IP network cameras. -## Contacting the Developement Team +## Contacting the Development Team Before creating an issue in our github forum, please read our posting rules: https://github.com/ZoneMinder/ZoneMinder/wiki/Github-Posting-Rules From 75e28a527fb58d2ca039613f36c60cdaf1bb8011 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Mon, 21 Sep 2015 08:52:32 -0500 Subject: [PATCH 4/6] Create CONTRIBUTING.md --- CONTRIBUTING.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 000000000..5e211cb31 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,17 @@ +# Contributing + +The ZoneMinder project was originally written by Philip Coombes in 2001. It has since moved to Github and is maintained by just a few who volunteer their spare time. + +Over the years, ZoneMinder has accumulated a rather large user base. This presents a challenge to the development team when it comes to managing communications. Welcome to the world of software development, right? + +In order to keep the kinds of issues, which require changes to the source code, separate from all other questions and comments, our methods of communication are organized in the following manner: + +- The ZoneMinder Github forum is intended for bug reports and serious feature requests only +- The ZoneMinder user forum is intended for general questions and tech support +- The ZoneMinder IRC channel is intended for general questions and tech support + +More details can be found in our [Github Posting Rules](https://github.com/ZoneMinder/ZoneMinder/wiki/Github-Posting-Rules). Please read this before creating an issue in our Github forum. + +Knowledge of Github is a necessary first step to contribute to the project. To contribute, one must generate a pull request. For those just starting out, [this guide](https://github.com/ZoneMinder/ZoneMinder/wiki/Understanding-Github-and-Pull-Requests) will step you through the process. + +Note that pasting code into our Github forum, with the expectation we will do the work for you, is not acceptable. From 08e04afcd2a142f7e4d9ef04b6e019dba65d4e96 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Tue, 22 Sep 2015 07:39:27 -0400 Subject: [PATCH 5/6] fixed security instructions with curl --- docs/api.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index f42f5c4a2..d4dc9b6f1 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -24,10 +24,13 @@ This means if you plan to use cuRL to experiment with these APIs, you first need :: - curl -d "username=XXXX&password=YYYY&action=login&view=console" http://yourzmip/zm/index.php -c cookies.txt + curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt http://yourzmip/zm/index.php replacing *XXXX* and *YYYY* with your username and password, respectively. -Then for each of the examples below, add a ``-c cookies.txt`` at the end of the requests. +Then for each of the examples below, add a ``-b cookies.txt`` to each of the commands below. + +Please make sure you do this in a directory where you have write permissions, otherwise cookies.txt will not be created +and the command will silently fail. Examples (please read security notice above) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From f13dddb7190ee3e8cb192fd8398862a6630f5285 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Tue, 22 Sep 2015 09:26:09 -0500 Subject: [PATCH 6/6] Update api.rst --- docs/api.rst | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index d4dc9b6f1..53c6d155b 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -20,18 +20,35 @@ OPT_AUTH enabled, you need to log into ZoneMinder using the same browser you pla use the APIs from. If you are developing an app that relies on the API, you need to do a POST login from the app into ZoneMinder before you can access the API. +Then, you need to re-use the authentication information of the login (returned as cookie states) +with subsequent APIs for the authentication information to flow through to the APIs. + This means if you plan to use cuRL to experiment with these APIs, you first need to do :: - curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt http://yourzmip/zm/index.php + curl -d "username=XXXX&password=YYYY&action=login&view=console" -c cookies.txt http://yourzmip/zm/index.php replacing *XXXX* and *YYYY* with your username and password, respectively. -Then for each of the examples below, add a ``-b cookies.txt`` to each of the commands below. Please make sure you do this in a directory where you have write permissions, otherwise cookies.txt will not be created and the command will silently fail. + +What the "-c cookies.txt" does is store a cookie state reflecting that you have logged into ZM. You now need +to apply that cookie state to all subsequent APIs. You do that by using a '-b cookies.txt' to subsequent APIs if you are +using CuRL like so: + +:: + + curl -b cookies.txt http://yourzmip/zm/api/monitors.json + +This would return a list of monitors and pass on the authentication information to the ZM API layer. + +So remember, if you are using authentication, please add a ``-b cookies.txt`` to each of the commands below if you are using +CuRL. If you are not using CuRL and writing your own app, you need to make sure you pass on cookies to subsequent requests +in your app. + Examples (please read security notice above) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^