mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-05-15 01:54:31 -04:00
Code Issues Packages Projects Releases Wiki Activity
26,983 Commits 95 Branches 104 Tags
62faabc5f0d045d5be9dca06f2d5efed1bfbbb49
Commit Graph

5 Commits

Author SHA1 Message Date
Isaac Connor
7592fd933c Fix command injection vulnerability in image.php (CVE-2025-65791) 
Add input validation and shell argument escaping to prevent OS command
injection via the 'show' parameter in web/views/image.php. The parameter
is now validated against an allowlist and all values passed to exec()
are wrapped with escapeshellarg().

Also fix PHP operator precedence bug in shutdown.php where 'and' was
used instead of '&&', causing the 'when' parameter validation to not
work as intended.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 16:39:38 -05:00
Isaac Connor
5a7bd74521 Remove commented out code 2023-09-28 12:59:51 -04:00
Andrew Bauer
e69b3800c7 set return status for cancel and restart commands 2020-10-14 12:22:21 -05:00
Andrew Bauer
bea95bca68 use ZM\Debug 2020-10-14 10:33:40 -05:00
Andrew Bauer
c3a98c1f44 replace shutdown form submit with ajax 2020-10-14 10:03:33 -05:00