Revisions of ZoneMinder
buildservice-autocommit
accepted
request 1067522
from
Eric Schirra (ecsos)
(revision 121)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 120)
- Update to 1.36.33 - Sanitise attr input in FilterTerm to prevent SQL Injection. Fixes GHSA-222j-wh8m-xjrx - Add object-src CSP directive to help prevent XSS - db: Add helper for escaping strings and use it on username retrieved from jwt to prevent SQL injection - use detaintPath on modal to prevent including other files instead of real modals - Check for valid date in minTime and maxTime to prevent SQL attack - Introduce check_datetime function to validate dates - Attempt to sanitize daemon and arguments before executing commands to prevent executing other programs. - Use validCardinal on MonitorId when creating snapshots to prevent executing other commands - Adjust size of text inputs MonitorName and Source Path Filters to match chosen inputs - test for existence of username in session to prevent error outputs when using AUTH_RELAY=plain - Move actions process to after the unauth check to prevent actions happening when unathentication - Fix detaintPath not stripping sequences like ..././ - Escape <> in log messages to prevent html shenanigans. Fixes [#3596] - Don't start the statusCmdQuery on streaming start, because it is used when doing still updates. If we start it too fast, zms may not have started yet, causing errors in logs about zms - Set a short expiry 1min and set the cookie name to include the filter so that each and every filter gets it;s own pagination saved. Fixes [#3510] - Use reload instead of restart on zone save - Add reload to monitor zmcControl - Stop streams when clicking cancel/Save so that we don't log errors trying to access a dead zms. Fixes [#3643] - Adding :80 to address is not worthy of an Error log, fixes warnings in logs from various PTZ scripts - Add a sleeping flag so that when we get sigterm, we can just exit instead of returning to the sleep. Speeds up zoneminder shutdown - fix format endtime on events list on watch view - Include command line in debug output when generating images - Fix missing/corrupted pre-alarm frames in recording. Fixes #3656 - Remove test for Enabled on monitor. Motion detection being disabled has nothing to do with manual triggering. Fixes [#3657] - Allow viewing of events whose Monitor[Function]=None - Remove stripslashes when saving config values. The values in REQUEST have not been escaped,
buildservice-autocommit
accepted
request 1065527
from
Eric Schirra (ecsos)
(revision 119)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 118)
Eric Schirra (ecsos)
committed
(revision 117)
Eric Schirra (ecsos)
committed
(revision 116)
Eric Schirra (ecsos)
committed
(revision 115)
- Let Leap use php8 also. - Remove BuildRequires of php%%{php_major}-* because not need to build.
Eric Schirra (ecsos)
committed
(revision 114)
buildservice-autocommit
accepted
request 1060961
from
Eric Schirra (ecsos)
(revision 113)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 112)
Eric Schirra (ecsos)
committed
(revision 111)
Eric Schirra (ecsos)
committed
(revision 110)
Eric Schirra (ecsos)
committed
(revision 109)
- Let Tumbleweed use php8.
buildservice-autocommit
accepted
request 1036806
from
Eric Schirra (ecsos)
(revision 108)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 107)
- Update to 1.36.32 - More properly fix the alarm status api changing. The previous hack broke doing alarm on/off. - fix handle of SQL generation of IN array when array is empty. Just always return false. - Fix test for null in Object::find - Make inputs on filter action table 100% - Fix Warning when monitor is not visible - Switch to utf8mb4 to support 4 byte unicode Fixes [#3514] - Make search input the same size as other toolbar elements - Remove deprecated CAMBOZOLA references - Update Monitor symlinking, improving deleting old link when changing name - Fix zone deleting and fix an extra comma in default coordinates - Add libswscale6 and libswresample4 dependencies for ubuntu kinetic - Remove return type from session class methods. not supported in php5.4. Fixes breakage on centos7. Fixes [#3622] - Fix recalculating Event Disk Space a second time when updating. - Set xhrFields: withCredentials: true so that we send cookies with our streaming xhr requests so that we pick up new auth hashes - Add Access-Control-Allow-Credentials: true so that we can pass cookies along with xhr requests. - Add Cause, Notes and EndDateTime to available columns in events list on watch view - Make button on Filter Debug modal be Close instead of Cancel - Handle empty but defined REQUEST[action] - replace php Memcached with Apc on Fedora - Allow MonitorName as default sort field as well as Monitor - Try out just using connkey as the semaphore key instead of ftok in ajax streaming requests - Turn back on error_reporting, just don't display the error in json ajax requests.
buildservice-autocommit
accepted
request 1029682
from
Eric Schirra (ecsos)
(revision 106)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 105)
Eric Schirra (ecsos)
committed
(revision 104)
- Update to 1.36.31 - Fix failed login due to remoteAddr not being populated in session after regeneration - Use REQUEST instead of SESSION to store the post login redirect because we clear the session on login. Fixes [#3517] - Turn off logging of deprecation notices so that we work with php8.2 - Update to 1.26.30 - Test for definition of ZM_LOG_INJECT. We don't include the config when not logged in. So it won't be defined and an error will be logged - Fix saving from the function modal (and other modals) - left align option value column - when a config value is overridden via *.conf files, put up a warning/explanation on the options view - Turn failure to send into a debug instead of warn. When running under fpm etc we may not get SIGPIPE. - Move relevant code out of includes/actions/auth.php into includs/auth.php. Fixes inability to login using GET method. - Don't panic if no font file found. We seem to be able to continue without it. - Rework session handling to fix breakage with php8.2. Please note that php 8.2 still completely breaks a ton of our code. Do not upgrade to php8.2 and expect ZoneMinder to work.
buildservice-autocommit
accepted
request 1010253
from
Eric Schirra (ecsos)
(revision 103)
baserev update by copy to link target
Eric Schirra (ecsos)
committed
(revision 102)
- Update to 1.36.29 - update web/ajax.log.php to contents from master. Fixes errors causing log view to not work. Fixes [#3606] - use ajax() instead of getJSON so that we can specify no timeouts.. This prevents log queries from stacking up overloading the db - Check for definition of CAMBOZOLA defines. The purpose is just to ease running the 1.36 UI against a 1.37 database. - Added option ZM_AUTH_CASE_INSENSITIVE_USERNAMES to match mixed case Usernames to lower case usernames in database [#3516] - Move LIBAVCODEC_VERSION_CHECK so that it is defined when the include files are under ffmpeg. Maybe fixes build with 5.1.2? - Test for matches[operator]. Fixes [#3607]
Displaying revisions 1 - 20 of 121