mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-06-21 12:09:31 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
186d31ed2397a18ee90156098193df6d6209540e
zoneminder/scripts
History
SteveGilvarry 186d31ed23 fix: write scratch temp files under ZoneMinder's temp dir, not system tmp 
Two spots wrote temp files outside ZoneMinder's controlled temp tree:

- zmvideo.pl concat mode built its ffmpeg concat list at a predictable
  path, /tmp/<concat_name>.concat.lst, in world-writable /tmp. A
  predictable name there is open to a symlink/race and leaks monitor and
  event names. Create it instead with File::Temp (randomized name, atomic
  O_EXCL) inside ZM_TMPDIR. The list entries are absolute paths, so its
  location does not affect ffmpeg's resolution.

- web/ajax/training.php created its detection scratch image with
  tempnam(sys_get_temp_dir(), ...), escaping ZM's temp tree and its
  cleanup. Use tempnam(ZM_DIR_TEMP, ...) so it stays under the configured
  temp dir.

Both now resolve to the per-distro temp dir (e.g. /var/lib/zoneminder/temp
on RedHat, /var/tmp/zm on Debian), keeping scratch files inside the tree
that packaging and systemd hardening already cover.

refs #2915

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 18:10:19 +10:00
..
ZoneMinder
fix: probe mp4 duration for events with no capture jpgs in zmrecover
2026-06-10 21:45:36 -04:00
CMakeLists.txt
Rough in zmeventtool with command deleteanalysisjpegs
2022-05-17 12:26:33 -04:00
zm.in
fix sftp xfers in zmfilter (#1677)
2016-11-07 16:08:43 -05:00
zmalarm-server.py
fix: messages
2023-07-05 01:03:48 +02:00
zmaudit.pl.in
fix: string-compare BIGINT counters in zmaudit CAS skip checks
2026-05-21 07:20:36 -04:00
zmcamtool.pl.in
feat: detect MariaDB-native command names with fallback to MySQL legacy names
2026-02-08 13:19:32 -06:00
zmcontrol.pl.in
feat: add Indicator LED control capability with session keepalive refs #4875
2026-06-03 20:00:00 -04:00
zmdbbackup.in
remake this branch off master instead of off mysql2PDO.
2013-11-01 09:47:28 -04:00
zmdbrestore.in
Migrate svn to git
2013-03-17 00:45:21 +01:00
zmdc.pl.in
feat: re-assert zm.pid in zmdc main loop so systemd keeps tracking refs #4874
2026-06-03 17:30:00 -04:00
zmeventdump.in
remake this branch off master instead of off mysql2PDO.
2013-11-01 09:47:28 -04:00
zmeventtool.pl.in
Add more debugging and event deleting when renumbering
2023-09-22 16:28:35 -04:00
zmfilter.pl.in
fix: QP-encode plain-text email body so URLs survive transit
2026-05-12 08:49:01 -04:00
zmlogrotate.conf.in
Migrate svn to git
2013-03-17 00:45:21 +01:00
zmonvif-probe.pl.in
feat: add events command to zmonvif-probe.pl
2026-02-09 09:29:36 -05:00
zmonvif-trigger.pl.in
fixes bug with zmonvif-trigger.pl (Perl) :
2023-07-02 10:32:28 +02:00
zmpkg.pl.in
fix: sanitize monitor Device path to prevent command injection (GHSA-g66m-77fq-79v9)
2026-03-08 13:19:03 -04:00
zmrecover.pl.in
Rename Event to event, and use new fix_DefaultVideo and guess_EndDateTime to make the recovered video more useuful by fixing DefaultVideo and EndDateTime
2025-08-14 18:07:55 -04:00
zmstats.pl.in
fix: chunk zmstats bucket-prune DELETE IN-list to avoid packet-size limits
2026-05-20 08:50:31 -04:00
zmsystemctl.pl.in
Don't hard code perl path. Use PERL_EXECUTABLE cmake var
2019-09-23 12:54:27 -04:00
zmtelemetry.pl.in
Add Deleted=false for Monitors count
2026-02-01 14:42:38 -05:00
zmtrack.pl.in
remove debug in zmtrack.pl.in
2020-06-30 18:58:46 -04:00
zmtrigger.pl.in
fix: messages
2023-07-05 01:03:48 +02:00
zmupdate.pl.in
feat: detect MariaDB-native command names with fallback to MySQL legacy names
2026-02-08 13:19:32 -06:00
zmvideo.pl.in
fix: write scratch temp files under ZoneMinder's temp dir, not system tmp
2026-06-13 18:10:19 +10:00
zmwatch.pl.in
In order to reboot, we need to be able to open the control. So don't bothwe with ping.
2025-10-24 16:59:13 -04:00
zmx10.pl.in
Add start to list of commands
2024-11-05 13:12:12 -05:00