mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-03-25 01:01:53 -04:00
62678b24f8
- Fix path traversal via directory prefix matching: append DIRECTORY_SEPARATOR to base path before strpos containment check (2 locations in training.php) - Fix temp file leak: rename tempnam() base file to .jpg instead of creating a second file, leaving the original orphaned - Remove raw_output from detect response (information disclosure) - Fix double _pushUndo on Delete key (keydown handler + deleteAnnotation) - Fix help text: "alongside events storage" → "inside the ZoneMinder cache directory" to match actual ZM_DIR_CACHE default (2 locations) - Add missing .frame-total span element in event.php Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>