mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-03-05 22:48:53 -05:00
Code Issues Packages Projects Releases Wiki Activity
11,754 Commits 76 Branches 104 Tags
5ef64bf256cef6a776688e560270bbd5b60dfd48
Commit Graph

114 Commits

Author SHA1 Message Date
Isaac Connor
623d31edae Don't do csrf for view=image 2018-08-31 11:58:17 -04:00
Isaac Connor
0823b28712 whitespace changes. Make Privacy test an else so that PRIVACY checks don't happen if not logged in 2018-08-31 10:37:11 -04:00
Andrew Bauer
8f0fb0843a Add Privacy Statement (#2194) 
* initial implementation of privacy popup

* split the privacy text and run it through translate

* change style of toggle button, validate the form

* fix copy/paste error

* fix typos

* display privacy view inline rather than popup

* display privacy inline if show_privacy flag set

* redirect to console after selection is made

* typo

* css formatting

* update privacy verbiage

* create and load default.php

* fix typos

* fix erroneous copy/paste
 2018-08-30 13:25:02 -04:00
Isaac Connor
15a6eb7e78 Revert "Add Privacy Statement (#2176)" (#2179) 
This reverts commit 56f4d768c2.
 2018-08-13 15:33:43 -04:00
Andrew Bauer
56f4d768c2 Add Privacy Statement (#2176) 
* initial implementation of privacy popup

* split the privacy text and run it through translate

* change style of toggle button, validate the form

* fix copy/paste error

* fix typos

* display privacy view inline rather than popup

* display privacy inline if show_privacy flag set

* redirect to console after selection is made

* typo

* css formatting

* update privacy verbiage

* push privacy text to all language files
 2018-08-13 15:23:44 -04:00
Isaac Connor
43827953cd test for existence of HTTP_X_FORWARDED_PROTO 2018-07-12 15:04:54 -04:00
Isaac Connor
eb610cd3a1 rewrite the HTTP_X_FORWARDED_PROTO test to just make it part of the if instead of modifying SERVER['HTTPS'] 2018-07-12 11:38:58 -04:00
Mike Brown
6a5ff83848 Adding support for HTTP_X_FORWARDED_PROTO 2018-07-11 21:01:37 -05:00
Isaac Connor
3109536dda Alternate fix for video generation under csrf. Now we just turn off output buffering (discarding contents before sending the avi 2018-06-06 11:55:51 -04:00
Isaac
cc27ce7ee9 Turn off csrf for archive downloading, which prevents out of memeory 2018-05-18 15:50:45 +02:00
Isaac Connor
dcfd9a60bc close the session earlier 2018-04-14 22:26:47 -04:00
Isaac Connor
53ce8c008a move auth functions into it's own file 2018-04-06 14:36:23 -04:00
Isaac Connor
a9f4b7899a move session closing higher up before actions.php. 2018-03-20 12:18:29 -07:00
Isaac Connor
b390633f70 Fix authHash generation 2018-01-31 14:58:01 -05:00
Isaac Connor
c59751713b fix redirect 2018-01-28 17:31:00 -05:00
Isaac Connor
8a4b17fb50 turn into a url instead of boolean. Use it to refresh the options page on change so that changes are instantly noticable 2018-01-28 15:13:57 -05:00
Isaac Connor
bb9d640c01 use instead of ['request'] to fix behaviour when request has been emptied due to failed auth 2018-01-26 12:56:38 -05:00
Isaac
5865bbfb12 turn off debugging 2018-01-24 23:07:21 +01:00
Isaac
06c9266c62 use snapshot.jpg more 2018-01-22 03:27:01 +01:00
Isaac Connor
cb70a3627f Fixes to montagereview and only load event data when in History mode 2017-11-28 14:50:21 -05:00
Isaac Connor
c0e49b65ef stop writing env to /tmp/env 2017-11-24 15:38:07 -05:00
Isaac Connor
4b92a788f7 fix filter execute 2017-11-24 15:37:50 -05:00
Isaac Connor
b5491102ef Fix saving MontageLayouts 2017-10-30 20:21:16 -04:00
Isaac Connor
a6c790b374 use a shared include for the filters bar 2017-10-30 07:37:08 -07:00
Isaac Connor
bc150574c7 wip import 2017-10-26 18:56:10 -07:00
Isaac Connor
4be133ed09 remove btn styles from buttons. make groups, cycle, montage, montage review non-popups. Add datetime filters to montagereview. Fix dark skin 2017-09-30 14:19:32 -04:00
Isaac Connor
160a553fb9 Don't do csrf for frames view either. If there are a lot of frames, we run out of mem. 2017-09-27 17:33:06 -04:00
Isaac Connor
27fe468868 Don't do csrf for view=video because the output buffering will make it run out of ram 2017-08-09 11:15:00 -04:00
Isaac Connor
b030fee429 don't do csrf checks for control commands 2017-07-14 12:29:24 -04:00
Isaac Connor
d7950bd732 Merge branch 'master' into knnniggett-configfiles 2017-07-03 21:53:47 -04:00
Isaac Connor
f782aeccd9 fix view is view_video, not action=niew_video 2017-06-26 21:09:54 -04:00
Isaac Connor
3a113899ed whitespace and braces fixing 2017-06-26 14:29:45 -04:00
Isaac Connor
c1b8105c0e only include csrf if it's going to be used. This fixes view_video using up all ram sending a video file 2017-06-26 14:23:54 -04:00
Isaac Connor
d97d156efb Don't do csrf for view_video 2017-06-26 11:48:26 -04:00
Isaac Connor
c7026a1b65 requests should be csrf'd. view_video does not need to be 2017-06-20 10:56:59 -04:00
Isaac Connor
1932fa7f81 don't do CSRF for requests, and when not auth, clear the request so that we don't do it. 2017-06-20 10:52:16 -04:00
Isaac Connor
0e643f0f93 Merge branch 'master' into storageareas 2017-05-30 11:58:38 -04:00
Isaac Connor
3062fe43f3 revert csrf on login page. csrf needs to be off in order for zmNinja to work 2017-05-30 11:25:25 -04:00
Isaac Connor
f851daca68 merge code to load video.js etc on Event view 2017-05-18 15:10:13 -04:00
Isaac Connor
3ccf7e102e fix Debug to Logger::Debug 2017-05-18 14:50:17 -04:00
Isaac Connor
f4224bb88e Merge branch 'master' into storageareas 2017-05-17 17:47:39 -04:00
Matt N
33092e4022 Allow API authentication using the auth query parameter containing an auth. hash. (#1845) 
* Allow API authentication using the `auth` query parameter containing an auth. hash.

Fixes #1827

The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.

* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals

This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.

* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
 2017-05-15 21:51:48 -04:00
Isaac Connor
92854f5cba more debug 2017-05-05 16:37:30 -04:00
Isaac Connor
dce39bb2a9 Merge branch 'master' into storageareas 2017-04-26 15:58:17 -04:00
Andrew Bauer
1a565a47f2 fix skin path in export_functions 2017-04-26 12:17:01 -05:00
Isaac Connor
b87839f785 turn off csrf on view=view_video 2017-04-19 10:12:51 -04:00
Isaac Connor
d1d4fa7b8f fix the redirect location 2017-04-19 10:02:07 -04:00
Isaac Connor
7815f1c539 introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups 2017-04-05 10:05:21 -04:00
Isaac Connor
b2db0888ae add a warning if csrf_check returns false 2017-03-30 10:46:13 -04:00
Isaac Connor
35067211e0 more the csrf to before actions.php 2017-03-29 10:19:00 -04:00