mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-03-26 09:42:42 -04:00
Code Issues Packages Projects Releases Wiki Activity
27,030 Commits 80 Branches 104 Tags
23cb4e42e95a7a8646a5170cbefbc92ec409bbec
Commit Graph

112 Commits

Author SHA1 Message Date
Isaac Connor
7592fd933c Fix command injection vulnerability in image.php (CVE-2025-65791) 
Add input validation and shell argument escaping to prevent OS command
injection via the 'show' parameter in web/views/image.php. The parameter
is now validated against an allowlist and all values passed to exec()
are wrapped with escapeshellarg().

Also fix PHP operator precedence bug in shutdown.php where 'and' was
used instead of '&&', causing the 'when' parameter validation to not
work as intended.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 16:39:38 -05:00
Simpler1
f6f7bf8f77 Fix: Deprecated format from ${ to {$ 2026-01-07 12:04:01 -05:00
Isaac Connor
d51fb62e26 apache_setenv is only available when running under apache. So test for it instead of crashing. 2024-04-10 07:15:09 -04:00
Isaac Connor
1bd94308b1 Make no alarm.jpg a debug instead of error, because continuous events don't have them. 2024-03-15 12:09:31 -04:00
Isaac Connor
43c3937b87 Fix image proxy broken due to imagecreatefromstream=>imagecreatefromstring 2024-02-02 11:50:03 -05:00
Isaac Connor
f62f1529f5 Try to prevent XSS by verifying valid image data 2024-01-24 19:18:22 -05:00
Isaac Connor
3d2fa3172f Fix im => i. Typo in variable name. 2024-01-22 15:41:00 -05:00
Isaac Connor
69383316aa If the video file doesn't exist, don't try ffmpeg etc and log all those errors. 2024-01-18 13:16:22 -05:00
Isaac Connor
a9997b943a Use new event::find_virtual_frame when loading frames 2023-09-08 14:19:01 -04:00
Isaac Connor
e5d125c4ef Handle when no linefeed found 2023-08-31 12:46:12 -04:00
Isaac Connor
56999da3eb Check for existence of path before scanning it generating a lot of erros 2023-08-30 14:38:43 -04:00
Isaac Connor
b48702c96c Fix lack of ZM on Warning 2023-08-02 13:36:26 -04:00
Isaac Connor
bb625ab237 nonce can contain =, so parse that properly. Use a betr nonce. 2023-07-25 12:32:13 -04:00
Isaac Connor
c7259fdc14 Implement read locks when accessing jpgs. Implement locking on creating scaled jpegs. 2023-07-13 17:20:18 -04:00
Isaac Connor
37b571a58a Handle no password specified and make testing for www-authenticate header non case sensitive 2023-07-05 15:51:16 -04:00
Isaac Connor
2cb697f0e9 Debug alarm.jpg path when not found. Spacing. Remove unused Monitor variable 2023-06-09 10:40:34 -04:00
Isaac Connor
847e803e82 If failed to open image, send a test jpeg explaining 2023-05-15 10:05:06 -04:00
Isaac Connor
e3a77876c0 Remove deprecated code for loading image by path. 2023-04-23 10:27:56 -04:00
Isaac Connor
1638869982 If mp4 is not found, look for any other mp4s to use. Handles care where db has not been updated 2023-04-22 10:30:25 -04:00
Isaac Connor
c36be30e2a Rough in an image proxy 2023-04-22 10:29:27 -04:00
Isaac Connor
dedff86511 Allow caching of images 2023-02-13 16:15:12 -05:00
Isaac Connor
ecf790b1d6 Diskspace(null) updates the db record so no need to call save as well 2023-01-25 12:27:59 -05:00
Isaac Connor
874119c04d Event->Diskspace(null) automatically updates the db. So don't do a second save 2023-01-25 11:50:16 -05:00
Martin Tiernan
237a95a415 If no next bulk. Use Event data to estimate the delta. 2022-11-21 10:23:08 -06:00
Martin Tiernan
047d109d59 Added potentially missing 404 header 2022-11-18 15:27:52 -06:00
Isaac Connor
1072a8aa69 When scaling frame images, apparently a float value for height is no good. So use intval to fix. 2022-09-21 13:23:16 -04:00
Isaac Connor
bcd0b6430b Convert Fatal()s to Errors() which is really more appropriate anyways. Maybe Fixes #3426 2022-02-08 18:12:06 -05:00
Isaac Connor
7dc36f67db output an error message image when we can't load a jpeg 2021-08-05 13:30:52 -04:00
Isaac Connor
b10b2932ee Code spacing and doc 2021-05-03 15:20:11 -04:00
Isaac Connor
b125b5d370 Allow users with snapshot::view to view the snapshot image of an event 2021-04-12 15:59:31 -04:00
Isaac Connor
feec631ca5 Only save updated DiskSpace if event is finished 2021-03-15 15:02:43 -04:00
Isaac Connor
671d58f0d0 bump version and put back ZM_MIN_RTSP_PORT setting 2021-01-26 12:35:17 -05:00
Isaac Connor
c8392feba3 Merge branch 'master' of github.com:/ZoneMinder/zoneminder 2020-10-22 16:35:44 -04:00
Isaac Connor
10c0a6617c Return Debug to a regular function to match other logging functions. Since we switched to using namespaces we no longer clash with cake_php. 2020-10-14 10:39:25 -04:00
Isaac Connor
a118e52f30 Add 2>&1 to ffmpeg command line to get stderr as well 2020-09-28 16:13:06 -04:00
Pliable Pixels
921c4c5bbd don't return mp4 if objdetect is used 2020-03-14 15:00:33 -04:00
Pliable Pixels
4342506e5b fix media type allocations 2020-03-14 14:24:39 -04:00
Pliable Pixels
4d5f9f7de0 add back gif, make nomenclature consistent of objdetect_subtypes 2020-03-14 14:18:25 -04:00
Pliable Pixels
9a31d545d4 replace GIF function with MP4 2020-03-14 08:08:52 -04:00
Pliable Pixels
49f23cb35b Added options to render objdetect, objdetectanim and objdetectimage 2020-03-10 13:51:55 -04:00
Pliable Pixels
38b519c8a6 better error log 2020-03-09 15:58:57 -04:00
Pliable Pixels
6bc8012e04 add support to render gif image that may be created by object detection 2020-03-09 15:56:34 -04:00
Isaac Connor
c465fa55d8 Use ZM_PATH_FFMPEG instead of ffmpeg 2020-02-06 13:22:22 -05:00
Isaac Connor
e0d085d187 CHeck for existence of snapshot.jpg or alarm.jpg instead of hitting the database. 2019-10-30 16:57:45 -04:00
Isaac Connor
12dfcae81f remove debug 2019-10-21 13:19:20 -04:00
Isaac Connor
a2861c1361 remove errant ( 2019-09-28 14:22:40 -04:00
Isaac Connor
7cab22b450 Use Event->SaveJPEGs instead of Monitor->SaveJPEGs 2019-08-26 15:04:59 -04:00
Isaac Connor
79de2b65cd If we are saving jpegs we don't save a snapshot image, and since we may delay writing frame info to the db, we have to default to frame 0 instead of snapshot 2019-04-04 12:18:46 -04:00
Isaac Connor
5098329d94 remove ob_clean stuff which logs errors when output buffering is turned off (#2395) 
* remove ob_clean stuff which logs errors when output buffering is turned off.

* Don't ob_clean because if buffering is off php will output an error
 2019-02-22 09:58:16 -05:00
Isaac Connor
8dd8888975 Php namespace (#2537) 
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
 2019-02-22 09:19:07 -05:00