From 586f9f3e52a70c8060a2592e4e5464a8864e74d3 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 11:27:25 -0400
Subject: [PATCH 1/7] Use zm_session_start

---
 web/skins/classic/views/event.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/skins/classic/views/event.php b/web/skins/classic/views/event.php
index f8bceb837..464c68b14 100644
--- a/web/skins/classic/views/event.php
+++ b/web/skins/classic/views/event.php
@@ -58,7 +58,7 @@ if ( isset($_REQUEST['scale']) ) {
 $codec = 'auto';
 if ( isset($_REQUEST['codec']) ) {
   $codec = $_REQUEST['codec'];
-  session_start();
+  zm_session_start();
   $_SESSION['zmEventCodec'.$Event->MonitorId()] = $codec;
   session_write_close();
 } else if ( isset($_SESSION['zmEventCodec'.$Event->MonitorId()]) ) {

From 3c29228df5b15e2bcb0855617c5c48e8ce1e3ae1 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 11:30:22 -0400
Subject: [PATCH 2/7] Use zm_session_start

---
 distros/ubuntu1604/changelog                 | 6 +++---
 web/includes/csrf/csrf-magic.php             | 2 +-
 web/skins/classic/views/_monitor_filters.php | 2 +-
 web/skins/classic/views/cycle.php            | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/distros/ubuntu1604/changelog b/distros/ubuntu1604/changelog
index 616f75178..0fc2fda2e 100644
--- a/distros/ubuntu1604/changelog
+++ b/distros/ubuntu1604/changelog
@@ -1,3 +1,3 @@
-zoneminder (1.31.39~20180223.27-stretch-1) unstable; urgency=low
-  * 
- -- Isaac Connor <iconnor@connortechnology.com>  Fri, 23 Feb 2018 14:15:59 -0500
+zoneminder (1.35.6~20200825.27-xenial) xenial; urgency=low
+  *
+ -- Isaac Connor <isaac@zoneminder.com>  Tue, 25 Aug 2020 09:28:18 -0400
diff --git a/web/includes/csrf/csrf-magic.php b/web/includes/csrf/csrf-magic.php
index d96165eb9..edb04002a 100644
--- a/web/includes/csrf/csrf-magic.php
+++ b/web/includes/csrf/csrf-magic.php
@@ -389,7 +389,7 @@ function csrf_conf($key, $val) {
  */
 function csrf_start() {
     if ($GLOBALS['csrf']['auto-session'] && !session_id()) {
-        session_start();
+        zm_session_start();
     }
 }
 
diff --git a/web/skins/classic/views/_monitor_filters.php b/web/skins/classic/views/_monitor_filters.php
index 62a91d7f3..f144c17fa 100644
--- a/web/skins/classic/views/_monitor_filters.php
+++ b/web/skins/classic/views/_monitor_filters.php
@@ -23,7 +23,7 @@ $ServersById = array();
 foreach ( $servers as $S ) {
   $ServersById[$S->Id()] = $S;
 }
-session_start();
+zm_session_start();
 foreach ( array('GroupId','Function','ServerId','StorageId','Status','MonitorId','MonitorName','Source') as $var ) {
   if ( isset($_REQUEST[$var]) ) {
     if ( $_REQUEST[$var] != '' ) {
diff --git a/web/skins/classic/views/cycle.php b/web/skins/classic/views/cycle.php
index 082afad66..dd12b0fa3 100644
--- a/web/skins/classic/views/cycle.php
+++ b/web/skins/classic/views/cycle.php
@@ -91,7 +91,7 @@ if ( !$monitor ) {
   ZM\Error('There was no monitor to display.');
 }
 
-session_start();
+zm_session_start();
 
 if ( isset($_REQUEST['scale']) ) {
   $options['scale'] = validInt($_REQUEST['scale']);

From 98dce06d6ba92fb729f629b5e959c6b5585187c1 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 12:38:31 -0400
Subject: [PATCH 3/7] Introduce get_auth_relay to return an auth string to use
 in urls.

---
 web/includes/auth.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/web/includes/auth.php b/web/includes/auth.php
index c3a34405d..e49f5876b 100644
--- a/web/includes/auth.php
+++ b/web/includes/auth.php
@@ -260,6 +260,22 @@ function userFromSession() {
   return $user;
 }
 
+function get_auth_relay() {
+  if ( ZM_OPT_USE_AUTH ) {
+    if ( ZM_AUTH_RELAY == 'hashed' ) {
+      return 'auth='.generateAuthHash(ZM_AUTH_HASH_IPS);
+    } else if ( ZM_AUTH_RELAY == 'plain' ) {
+      // password probably needs to be escaped
+      return 'username='.$_SESSION['username'].'&password='.urlencode($_SESSION['password']);
+    } else if ( ZM_AUTH_RELAY == 'none' ) {
+      return 'username='.$_SESSION['username'];
+    } else {
+      ZM\Error('Unknown value for ZM_AUTH_RELAY ' . ZM_AUTH_RELAY);
+    }
+  }
+  return '';
+} // end function get_auth_relay
+
 if ( ZM_OPT_USE_AUTH ) {
   if ( !empty($_REQUEST['token']) ) {
     // we only need to get the username here

From f1fab6361fe89834fb13f9738cb52bbfe505a4ac Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 12:38:46 -0400
Subject: [PATCH 4/7] fix dimensions of v4l settings popup

---
 web/skins/classic/js/base.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/skins/classic/js/base.js b/web/skins/classic/js/base.js
index 48747b98d..86f4e2533 100644
--- a/web/skins/classic/js/base.js
+++ b/web/skins/classic/js/base.js
@@ -59,7 +59,7 @@ var popupSizes = {
   'options':      {'width': 1000, 'height': 660},
   'preset':       {'width': 300, 'height': 220},
   'server':       {'width': 600, 'height': 405},
-  'settings':     {'width': 220, 'height': 235},
+  'settings':     {'width': 250, 'height': 335},
   'shutdown':     {'width': 400, 'height': 400},
   'state':        {'width': 400, 'height': 170},
   'stats':        {'width': 840, 'height': 200},

From b0f5f3617aab12d7c95d332e119275b0323c8343 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 12:39:14 -0400
Subject: [PATCH 5/7] Always set auth_hash and always set auth_relay, using our
 handy new get_auth_relay function

---
 web/skins/classic/js/skin.js.php | 22 ++--------------------
 1 file changed, 2 insertions(+), 20 deletions(-)

diff --git a/web/skins/classic/js/skin.js.php b/web/skins/classic/js/skin.js.php
index 5250e654f..2855b404d 100644
--- a/web/skins/classic/js/skin.js.php
+++ b/web/skins/classic/js/skin.js.php
@@ -70,23 +70,5 @@ var focusWindow = <?php echo !empty($focusWindow)?'true':'false' ?>;
 
 var imagePrefix = "<?php echo '?view=image&eid=' ?>";
 
-var auth_hash;
-var auth_relay;
-<?php
-if ( ZM_OPT_USE_AUTH ) {
-  if ( ZM_AUTH_RELAY == 'hashed' ) {
-    echo ' auth_hash = \''.generateAuthHash(ZM_AUTH_HASH_IPS).'\';
-';
-  } else if ( ZM_AUTH_RELAY == 'plain' ) {
-    // password probably needs to be escaped
-    echo ' auth_relay=\'username='.$_SESSION['username'].'&password='.$_SESSION['password'].'\';
-';
-  } else if ( ZM_AUTH_RELAY == 'none' ) {
-    // password probably needs to be escaped
-    echo ' auth_relay=\'username='.$_SESSION['username'].'\';
-';
-  } else {
-    ZM\Error('Unknown value for ZM_AUTH_RELAY ' . ZM_AUTH_RELAY);
-  }
-}
-?>
+var auth_hash = '<?php echo generateAuthHash(ZM_AUTH_HASH_IPS) ?>';
+var auth_relay = '<?php echo get_auth_relay() ?>';

From 6587cdd3dee55b65631d75cb06ecb5401554b414 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 12:39:44 -0400
Subject: [PATCH 6/7] Handle failure to get v4l settings.  Fix assignment of
 values to monitor object.

---
 web/skins/classic/views/settings.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/web/skins/classic/views/settings.php b/web/skins/classic/views/settings.php
index 7a19c00cf..b594cdc0f 100644
--- a/web/skins/classic/views/settings.php
+++ b/web/skins/classic/views/settings.php
@@ -26,12 +26,14 @@ $monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid']));
 
 $zmuCommand = getZmuCommand(' -m '.escapeshellarg($_REQUEST['mid']).' -B -C -H -O');
 $zmuOutput = exec( $zmuCommand );
-list($brightness, $contrast, $hue, $colour) = explode(' ', $zmuOutput);
+if ( $zmuOutput ) {
+  list($brightness, $contrast, $hue, $colour) = explode(' ', $zmuOutput);
 
-$monitor->Brightness() = $brightness;
-$monitor->Contrast() = $contrast;
-$monitor->Hue() = $hue;
-$monitor->Colour() = $colour;
+  $monitor->Brightness($brightness);
+  $monitor->Contrast($contrast);
+  $monitor->Hue($hue);
+  $monitor->Colour($colour);
+}
 
 $focusWindow = true;
 
@@ -47,23 +49,23 @@ xhtmlHeaders(__FILE__, validHtmlStr($monitor->Name()).' - '.translate('Settings'
         <input type="hidden" name="view" value="<?php echo $view ?>"/>
         <input type="hidden" name="action" value="settings"/>
         <input type="hidden" name="mid" value="<?php echo validInt($_REQUEST['mid']) ?>"/>
-        <table id="contentTable" class="major" cellspacing="0">
+        <table id="contentTable" class="major">
           <tbody>
             <tr>
               <th scope="row"><?php echo translate('Brightness') ?></th>
-              <td><input type="number" name="newBrightness" value="<?php echo $monitor->Brightness() ?>" <?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td>
+              <td><input type="number" name="newBrightness" value="<?php echo $monitor->Brightness() ?>" <?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?> /></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('Contrast') ?></th>
-              <td><input type="number" name="newContrast" value="<?php echo $monitor->Contrast() ?>" <?php  echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
+              <td><input type="number" name="newContrast" value="<?php echo $monitor->Contrast() ?>" <?php  echo canView('Control') ? '' : ' disabled="disabled"' ?> /></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('Hue') ?></th>
-              <td><input type="number" name="newHue" value="<?php echo $monitor->Hue() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
+              <td><input type="number" name="newHue" value="<?php echo $monitor->Hue() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?> /></td>
             </tr>
             <tr>
               <th scope="row"><?php echo translate('Colour') ?></th>
-              <td><input type="number" name="newColour" value="<?php echo $monitor->Colour() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
+              <td><input type="number" name="newColour" value="<?php echo $monitor->Colour() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?> /></td>
             </tr>
           </tbody>
         </table>

From b5ef7b08b9cc78cdee7ee19e6a70d4b730a4c1c2 Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Tue, 25 Aug 2020 12:40:22 -0400
Subject: [PATCH 7/7] settings popup has to come from the server hosting the
 v4l device, so use monitor->UrlToIndex and include auth.

---
 web/skins/classic/views/watch.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php
index 70e5f410a..9c3dfce80 100644
--- a/web/skins/classic/views/watch.php
+++ b/web/skins/classic/views/watch.php
@@ -67,7 +67,7 @@ xhtmlHeaders(__FILE__, $monitor->Name().' - '.translate('Feed'));
 <?php
 if ( canView('Control') && $monitor->Type() == 'Local' ) {
 ?>
-          <div id="settingsControl"><?php echo makePopupLink('?view=settings&amp;mid='.$monitor->Id(), 'zmSettings'.$monitor->Id(), 'settings', translate('Settings'), true, 'id="settingsLink"') ?></div>
+          <div id="settingsControl"><?php echo makePopupLink($monitor->UrlToIndex().'?view=settings&amp;mid='.$monitor->Id().'&amp;'.get_auth_relay(), 'zmSettings'.$monitor->Id(), 'settings', translate('Settings'), true, 'id="settingsLink"') ?></div>
 <?php
 }
 ?>