ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix CSP violations on events

pull/2505/head
Isaac Connor 2019-02-06 13:31:34 -05:00
parent b04b67c39d
commit 0783802d0c
2 changed files with 52 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
web/skins/classic/views/events.php
View File

@ -190,8 +190,8 @@ while ( $event_row = dbFetchNext($results) ) {
$scale = max( reScale( SCALE_BASE, $event->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE );
?>
<tr<?php if ($event->Archived()) echo ' class="archived"' ?>>
<td class="colId"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1"> '.$event->Id().($event->Archived()?'*':'') ?></a></td>
<td class="colName"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1"> '.validHtmlStr($event->Name()).($event->Archived()?'*':'') ?></a></td>
<td class="colId"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.$event->Id().($event->Archived()?'*':'') ?></a></td>
<td class="colName"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.validHtmlStr($event->Name()).($event->Archived()?'*':'') ?></a></td>
<td class="colMonitorName"><?php echo makePopupLink( '?view=monitor&amp;mid='.$event->MonitorId(), 'zmMonitor'.$event->Monitorid(), 'monitor', $event->MonitorName(), canEdit( 'Monitors' ) ) ?></td>
<td class="colCause"><?php echo makePopupLink( '?view=eventdetail&amp;eid='.$event->Id(), 'zmEventDetail', 'eventdetail', validHtmlStr($event->Cause()), canEdit( 'Events' ), 'title="'.htmlspecialchars($event->Notes()).'"' ) ?>
<?php if ($event->Notes() && ($event->Notes() != 'Forced Web: ')) echo "<br/><div class=\"small text-nowrap text-muted\">".$event->Notes()."</div>" ?></td>
@ -227,12 +227,12 @@ while ( $event_row = dbFetchNext($results) ) {
$streamSrc = $event->getStreamSrc(array(
'mode'=>'jpeg', 'scale'=>$scale, 'maxfps'=>ZM_WEB_VIDEO_MAXFPS, 'replay'=>'single'));
$imgHtml = '<img id="thumbnail'.$event->id().'" src="'.$imgSrc.'" alt="'. validHtmlStr('Event '.$event->Id()) .'" style="width:'. validInt($event->ThumbnailWidth()) .'px;height:'. validInt($event->ThumbnailHeight()).'px;" onmouseover="this.src=\''.$streamSrc.'\';" onmouseout="this.src=\''.$imgSrc.'\';"/>';
$imgHtml = '<img id="thumbnail'.$event->id().'" src="'.$imgSrc.'" alt="'. validHtmlStr('Event '.$event->Id()) .'" style="width:'. validInt($event->ThumbnailWidth()) .'px;height:'. validInt($event->ThumbnailHeight()).'px;" stream_src="'.$streamSrc.'" still_src="'.$imgSrc.'"/>';
echo '<a href="?view=event&amp;eid='. $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.$imgHtml.'</a>';
echo '</td>';
} // end if ZM_WEB_LIST_THUMBS
?>
<td class="colMark"><input type="checkbox" name="markEids[]" value="<?php echo $event->Id() ?>" onclick="configureButton(this, 'markEids');"/></td>
<td class="colMark"><input type="checkbox" name="markEids[]" value="<?php echo $event->Id() ?>" data-onclick-this="configureButton"/></td>
</tr>
<?php
}
@ -274,25 +274,25 @@ if ( $pagination ) {
}
?>
<div id="contentButtons">
<button type="button" name="viewBtn" value="View" onclick="viewEvents(this, 'markEids');" disabled="disabled">
<button type="button" name="viewBtn" value="View" data-onclick-this="viewEvents" disabled="disabled">
<?php echo translate('View') ?>
</button>
<button type="button" name="archiveBtn" value="Archive" onclick="archiveEvents(this, 'markEids')" disabled="disabled">
<button type="button" name="archiveBtn" value="Archive" data-onclick-this="archiveEvents" disabled="disabled">
<?php echo translate('Archive') ?>
</button>
<button type="button" name="unarchiveBtn" value="Unarchive" onclick="unarchiveEvents(this, 'markEids');" disabled="disabled">
<button type="button" name="unarchiveBtn" value="Unarchive" data-onclick-this="unarchiveEvents" disabled="disabled">
<?php echo translate('Unarchive') ?>
</button>
<button type="button" name="editBtn" value="Edit" onclick="editEvents(this, 'markEids')" disabled="disabled">
<button type="button" name="editBtn" value="Edit" data-onclick-this="editEvents" disabled="disabled">
<?php echo translate('Edit') ?>
</button>
<button type="button" name="exportBtn" value="Export" onclick="exportEvents(this, 'markEids')" disabled="disabled">
<button type="button" name="exportBtn" value="Export" data-onclick-this="exportEvents" disabled="disabled">
<?php echo translate('Export') ?>
</button>
<button type="button" name="downloadBtn" value="DownloadVideo" onclick="downloadVideo(this, 'markEids')" disabled="disabled">
<button type="button" name="downloadBtn" value="DownloadVideo" data-onclick-this="downloadVideo" disabled="disabled">
<?php echo translate('DownloadVideo') ?>
</button>
<button type="button" name="deleteBtn" value="Delete" onclick="deleteEvents(this, 'markEids');" disabled="disabled">
<button type="button" name="deleteBtn" value="Delete" data-onclick-this="deleteEvents" disabled="disabled">
<?php echo translate('Delete') ?>
</button>
</div>
@ -301,6 +301,7 @@ if ( $pagination ) {
</div>
<script nonce="<?php echo $cspNonce;?>">
// These are defined in the .js.php but need to be updated down here.
// This might be better done by selecting through the dom for the archived class
archivedEvents = <?php echo !empty($archived)?'true':'false' ?>;
unarchivedEvents = <?php echo !empty($unarchived)?'true':'false' ?>;
</script>

61
web/skins/classic/views/js/events.js
View File

@ -17,12 +17,13 @@ function setButtonStates( element ) {
form.deleteBtn.disabled = !(canEditEvents && checked);
}
function configureButton( element, name ) {
function configureButton(event) {
var element = event.target;
var form = element.form;
var checked = element.checked;
if ( !checked ) {
for (var i = 0; i < form.elements.length; i++) {
if ( form.elements[i].name.indexOf(name) == 0) {
for (var i = 0, len=form.elements.length; i < len; i++) {
if ( form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) {
checked = true;
break;
@ -42,15 +43,17 @@ function configureButton( element, name ) {
form.deleteBtn.disabled = !(canEditEvents && checked);
}
function deleteEvents( element, name ) {
function deleteEvents( element ) {
if ( ! canEditEvents ) {
alert("You do not have permission to delete events.");
return;
}
var form = element.form;
var count = 0;
// This is slightly more efficient than a jquery selector because we stop after finding one.
for (var i = 0; i < form.elements.length; i++) {
if (form.elements[i].name.indexOf(name) == 0) {
if (form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) {
count++;
break;
@ -65,15 +68,15 @@ function deleteEvents( element, name ) {
}
}
function editEvents( element, name ) {
function editEvents( element ) {
if ( ! canEditEvents ) {
alert("You do not have permission to delete events.");
return;
}
var form = element.form;
var eids = new Array();
for (var i = 0; i < form.elements.length; i++) {
if (form.elements[i].name.indexOf(name) == 0) {
for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value;
}
@ -82,24 +85,24 @@ function editEvents( element, name ) {
createPopup( '?view=eventdetail&'+eids.join( '&' ), 'zmEventDetail', 'eventdetail' );
}
function downloadVideo( element, name ) {
function downloadVideo( element ) {
var form = element.form;
var eids = new Array();
for (var i = 0; i < form.elements.length; i++) {
if (form.elements[i].name.indexOf(name) == 0) {
for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value;
}
}
}
createPopup( '?view=download&'+eids.join( '&' ), 'zmDownload', 'download' );
createPopup( '?view=download&'+eids.join('&'), 'zmDownload', 'download' );
}
function exportEvents( element, name ) {
function exportEvents( element ) {
var form = element.form;
var eids = new Array();
for (var i = 0; i < form.elements.length; i++) {
if (form.elements[i].name.indexOf(name) == 0) {
for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value;
}
@ -108,11 +111,11 @@ function exportEvents( element, name ) {
createPopup( '?view=export&'+eids.join( '&' ), 'zmExport', 'export' );
}
function viewEvents( element, name ) {
function viewEvents( element ) {
var form = element.form;
var events = new Array();
for (var i = 0; i < form.elements.length; i++) {
if ( form.elements[i].name.indexOf(name) == 0) {
for (var i = 0, len=form.elements.length; i < len; i++) {
if ( form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) {
events[events.length] = form.elements[i].value;
}
@ -124,13 +127,13 @@ function viewEvents( element, name ) {
}
}
function archiveEvents( element, name ) {
function archiveEvents(element) {
var form = element.form;
form.elements['action'].value = 'archive';
form.submit();
}
function unarchiveEvents(element, name) {
function unarchiveEvents(element) {
if ( ! canEditEvents ) {
alert("You do not have permission to delete events.");
return;
@ -146,10 +149,26 @@ if ( openFilterWindow ) {
location.replace( '?view='+currentView+'&page='+thisPage+filterQuery );
}
function thumbnail_onmouseover(event) {
var img = event.target;
img.src = img.getAttribute('stream_src');
}
function thumbnail_onmouseout(event) {
var img = event.target;
img.src = img.getAttribute('still_src');
}
function initPage() {
if (window.history.length == 1) {
if ( window.history.length == 1 ) {
$j('#controls').children().eq(0).html('');
}
$j('.colThumbnail img').each(function(){
this.addEventListener('mouseover',thumbnail_onmouseover,false);
this.addEventListener('mouseout',thumbnail_onmouseout,false);
});
$j('input[name=markEids\\[\\]]').each(function(){
this.addEventListener('click',configureButton,false);
});
}
$j(document).ready(initPage);