mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-01-15 17:48:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
7,203 Commits 61 Branches 101 Tags
a933d4ae129b634ea3da170a9e857e5933223792
Commit Graph

48 Commits

Author SHA1 Message Date
Matt N
33092e4022 Allow API authentication using the auth query parameter containing an auth. hash. (#1845) 
* Allow API authentication using the `auth` query parameter containing an auth. hash.

Fixes #1827

The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.

* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals

This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.

* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
 2017-05-15 21:51:48 -04:00
Andrew Bauer
1a565a47f2 fix skin path in export_functions 2017-04-26 12:17:01 -05:00
Andy Bauer
eb55a6bb9b set action,view, and/or request to NULL if there are not defined 2017-03-28 17:52:31 -05:00
Andy Bauer
4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Andrew Bauer
d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Kyle Johnson
746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor
30674919c4 always include Storage object, because in the end we will be using it everywhere 2017-01-02 10:34:45 -05:00
Andy Bauer
2dda2d9e1e remove unneeded, empty files 2016-12-26 09:49:14 -06:00
Andy Bauer
254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor
69c39f8a23 set http_only flag in cookie settings 2016-12-14 14:39:44 -05:00
Isaac Connor
851a81eff7 Merge pull request #1406 from ZoneMinder/svg_zones 
replace the static zone image with a stream, and use SVG to draw the zones
 2016-04-11 11:14:11 -04:00
Andrew Bauer
5542788a45 make cannot write to content dir an error, rather than fatal 2016-04-10 18:45:38 -05:00
Isaac Connor
bbd33cc159 add monitor class so we don't have to everywhere else 2016-04-08 13:56:49 -04:00
Isaac Connor
41d92bbf94 need to include Server class 2015-12-02 10:26:11 -05:00
Isaac Connor
644080fd41 call CORSHeaders 2015-12-02 10:05:27 -05:00
Andy Bauer
cb7acb36ab Use relative URL's instead of absolute 2015-10-24 13:04:54 -05:00
Andrew Bauer
13aab8a1be Merge pull request #1113 from baffo32/1112-detect-missing-content 
Fatal if content dirs are unwritable
 2015-10-14 06:49:33 -05:00
baffo32
da8e9dd81b Remove reference to php.ini from timezone error 2015-10-13 16:55:38 -04:00
baffo32
250c3c31e1 Revised source-install specific recommendation. 2015-10-13 16:45:31 -04:00
baffo32
362b190641 Fatal if content dirs are unwritable 2015-10-12 16:16:22 -04:00
baffo32
4a280a73d1 Use Fatal function to report bad timezone 2015-10-12 15:43:24 -04:00
baffo32
d20478a15f Detect invalid timezones 2015-10-12 13:22:30 -04:00
baffo32
7190b532dd Fatal error if date.timezone is unset 2015-10-12 13:07:07 -04:00
Isaac Connor
c0139e87ad define ZM_BASE_PROTOCOL 2015-09-17 15:14:43 -04:00
Isaac Connor
82f5ab5175 Fix use of DEFINED. It takes a string not a constant. When COOKIE is not set or has changed, set it 2015-05-11 16:22:14 -04:00
Isaac Connor
01af58018b close the session before requiring the page contents to fix the concurrency issue that exists due to using the file-backed session. 2015-04-20 13:06:34 -04:00
Isaac Connor
0af7d0cc0b check defined(ZM_DEFAULT_SKIN) otherwise php will turn it into a string 2015-02-19 16:04:06 -05:00
Isaac Connor
b159f6ce9e Fatal->Error since Fatal is fatal 2015-02-19 15:57:37 -05:00
Isaac Connor
8eb8cacd56 Check to make sure that skin and css are valid. 2015-02-19 14:17:33 -05:00
Isaac Connor
1cfec7e3e7 Move require of config.php and logger up higher 2015-01-04 11:50:24 -05:00
Isaac Connor
50e6784779 this adds two config options to System tab to set the default skin and css 2014-12-17 16:45:41 -05:00
Isaac Connor
45feac3d36 Merge pull request #640 from jrd288/offer_login 
Offer login prompt instead of throwing error
 2014-12-16 09:35:08 -05:00
jrd288
10dba9b4c2 Offer login instead of error 
When a user accesses a view but receives an error, and is not logged
on, he is offered a login prompt instead.  The login prompt saves the
original query URL in a hidden field, and postlogin redirects back to
the original URL once the user has logged on.

If the user is logged in and there is an error, no login prompt is
shown.

This allows the user to click an event link in an e-mail and then log
in before being shown the event, instead of requiring going back
through the front ZM page to log in.
 2014-12-15 17:17:03 -05:00
Isaac Connor
3c8153c9b4 better fix for the view=console security flaw. 
This does it in index.php,so it guards all pages, and also just changes the view to login, so instead of giving an error, it presents you with the login, which I think is better.
 2014-12-12 09:38:54 -05:00
Isaac Connor
5bf34de07b Add lines to parse url ?css= commands and set a global variable to be used to determine which set of css files to use. 2014-11-26 11:26:29 -05:00
m-bene
b197f985e0 make expiry date relative (~10years) 2014-05-01 09:53:45 +02:00
m-bene
ed7ca66045 make skin selection cookie persistent 2014-05-01 09:37:39 +02:00
Isaac Connor
6e5d9272e0 supposed to fix #296 2014-01-03 18:33:01 -05:00
stan
6035ed211a Detaint some user inputs to avoid malicious file inclusion 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3483 e3e1d417-86f3-4887-817a-d78f3d33393f
 2011-07-22 08:37:01 +00:00
stan
6ff385e407 git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@3459 e3e1d417-86f3-4887-817a-d78f3d33393f 2011-06-21 09:19:10 +00:00
stan
160c0d4fa2 Log missing view or request files. 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2990 e3e1d417-86f3-4887-817a-d78f3d33393f
 2009-11-19 08:13:07 +00:00
stan
ef8f7b85fd Continuing development and bugfixes 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2632 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-09-26 09:47:20 +00:00
stan
d6fc2d0cd5 Fixed display or error page. 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2614 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-08-03 15:05:33 +00:00
stan
106882c161 Updated copyright notices 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2612 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-07-25 09:48:16 +00:00
stan
0f0a8c004f Changed skinSeq to skinBase 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2596 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-07-23 09:57:11 +00:00
stan
9e90f0971a Added ZM_BASE_PATH, may not be necessary though. 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2560 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-07-16 13:23:32 +00:00
stan
decaf0ef31 Fixed broken default user reference 
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2542 e3e1d417-86f3-4887-817a-d78f3d33393f
 2008-07-16 08:42:28 +00:00
stan
2824cb7355 git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2508 e3e1d417-86f3-4887-817a-d78f3d33393f 2008-07-14 13:54:50 +00:00