mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-03-25 09:11:53 -04:00
Code Issues Packages Projects Releases Wiki Activity
27,339 Commits 80 Branches 104 Tags
a90a3bcceac524b02165a64e61546809ff9927f2
Commit Graph

16 Commits

Author SHA1 Message Date
Isaac Connor
b036408a5b Fix RCE vulnerability via API config edit privilege escalation 
Add RBAC checks to ConfigsController edit() and delete() requiring
System=Edit permission, matching the pattern used by other controllers.
Harden System/Readonly column checks with !empty() to handle missing
columns gracefully. Fix command injection in Event.php by using
ZM_PATH_FFMPEG constant with escapeshellarg() instead of hardcoded
unsanitized ffmpeg call. Add is_executable() validation at all exec()
sites using ZM_PATH_FFMPEG as defense-in-depth against poisoned config
values.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 13:51:30 -05:00
Isaac Connor
68f91acf10 Remove zm_configvals. Just use zm_config. Move code into loadConfig. 2025-12-22 13:17:01 -05:00
Isaac Connor
cdbeea439b Add named paramter filtering to Configs api index. Add updating returned config entry with values from zm_config which may have been overridden in /etc/zm/conf.d 2025-12-19 16:48:25 -05:00
Isaac Connor
74aab0a76e Prevent editing of system config entries through the api 2022-05-30 10:02:49 -04:00
Isaac Connor
e04eac57ae Include values in /etc/zm files in viewByName 2018-06-25 15:43:01 -04:00
Isaac Connor
2a5f05499e Munge the config in the global configvals into the configs array before returning it. 2018-05-10 13:44:46 -04:00
arjunrc
38b4785557 PP - Gone,flitted away, Taken the starts from the night and sun, From the day! Gone, and a cloud in my heart. - Tennyson 2015-12-19 18:36:38 -05:00
Pliable Pixels
e332fc36a9 Fixed Configs API to return all values 2015-07-21 13:28:37 -04:00
Ubuntu
dd9603f70f Merged Angular UI branch API to master 2015-06-11 02:58:58 +00:00
Kyle Johnson
9f80a7d5f5 Show a list of Config Key:Value pairs 2014-11-15 19:01:32 +00:00
Kyle Johnson
9268c503af Do not display the "hidden" config category 2014-11-15 19:01:19 +00:00
Kyle Johnson
0d57306790 Find category configs only when $category is not null. API 2014-11-15 18:58:58 +00:00
Kyle Johnson
9f150c4e46 Revert "Find category configs only when $category is not null. API" 
This reverts commit efbbcadc7d.
 2014-11-15 18:58:51 +00:00
Kyle Johnson
b88febeaee Find category configs only when $category is not null. API 2014-11-15 18:58:43 +00:00
Kyle Johnson
0a7ba112ab API support for querying config categories. 
Either return a list of distinct categories, or all configs under a
certain category
 2014-11-15 18:55:20 +00:00
Kyle Johnson
f1f3de6d7d Moved the api to underneath the web directory 2014-04-29 20:41:04 +00:00