ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix CSP violations on events

pull/2505/head
Isaac Connor 2019-02-06 13:31:34 -05:00
parent b04b67c39d
commit 0783802d0c
2 changed files with 52 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
web/skins/classic/views/events.php
View File

@ -190,8 +190,8 @@ while ( $event_row = dbFetchNext($results) ) {
$scale = max( reScale( SCALE_BASE, $event->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE ); $scale = max( reScale( SCALE_BASE, $event->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE );
?> ?>
<tr<?php if ($event->Archived()) echo ' class="archived"' ?>> <tr<?php if ($event->Archived()) echo ' class="archived"' ?>>
<td class="colId"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1"> '.$event->Id().($event->Archived()?'*':'') ?></a></td> <td class="colId"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.$event->Id().($event->Archived()?'*':'') ?></a></td>
<td class="colName"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1"> '.validHtmlStr($event->Name()).($event->Archived()?'*':'') ?></a></td> <td class="colName"><a href="?view=event&amp;eid=<?php echo $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.validHtmlStr($event->Name()).($event->Archived()?'*':'') ?></a></td>
<td class="colMonitorName"><?php echo makePopupLink( '?view=monitor&amp;mid='.$event->MonitorId(), 'zmMonitor'.$event->Monitorid(), 'monitor', $event->MonitorName(), canEdit( 'Monitors' ) ) ?></td> <td class="colMonitorName"><?php echo makePopupLink( '?view=monitor&amp;mid='.$event->MonitorId(), 'zmMonitor'.$event->Monitorid(), 'monitor', $event->MonitorName(), canEdit( 'Monitors' ) ) ?></td>
<td class="colCause"><?php echo makePopupLink( '?view=eventdetail&amp;eid='.$event->Id(), 'zmEventDetail', 'eventdetail', validHtmlStr($event->Cause()), canEdit( 'Events' ), 'title="'.htmlspecialchars($event->Notes()).'"' ) ?> <td class="colCause"><?php echo makePopupLink( '?view=eventdetail&amp;eid='.$event->Id(), 'zmEventDetail', 'eventdetail', validHtmlStr($event->Cause()), canEdit( 'Events' ), 'title="'.htmlspecialchars($event->Notes()).'"' ) ?>
<?php if ($event->Notes() && ($event->Notes() != 'Forced Web: ')) echo "<br/><div class=\"small text-nowrap text-muted\">".$event->Notes()."</div>" ?></td> <?php if ($event->Notes() && ($event->Notes() != 'Forced Web: ')) echo "<br/><div class=\"small text-nowrap text-muted\">".$event->Notes()."</div>" ?></td>
@ -227,12 +227,12 @@ while ( $event_row = dbFetchNext($results) ) {
$streamSrc = $event->getStreamSrc(array( $streamSrc = $event->getStreamSrc(array(
'mode'=>'jpeg', 'scale'=>$scale, 'maxfps'=>ZM_WEB_VIDEO_MAXFPS, 'replay'=>'single')); 'mode'=>'jpeg', 'scale'=>$scale, 'maxfps'=>ZM_WEB_VIDEO_MAXFPS, 'replay'=>'single'));
$imgHtml = '<img id="thumbnail'.$event->id().'" src="'.$imgSrc.'" alt="'. validHtmlStr('Event '.$event->Id()) .'" style="width:'. validInt($event->ThumbnailWidth()) .'px;height:'. validInt($event->ThumbnailHeight()).'px;" onmouseover="this.src=\''.$streamSrc.'\';" onmouseout="this.src=\''.$imgSrc.'\';"/>'; $imgHtml = '<img id="thumbnail'.$event->id().'" src="'.$imgSrc.'" alt="'. validHtmlStr('Event '.$event->Id()) .'" style="width:'. validInt($event->ThumbnailWidth()) .'px;height:'. validInt($event->ThumbnailHeight()).'px;" stream_src="'.$streamSrc.'" still_src="'.$imgSrc.'"/>';
echo '<a href="?view=event&amp;eid='. $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.$imgHtml.'</a>'; echo '<a href="?view=event&amp;eid='. $event->Id().$filterQuery.$sortQuery.'&amp;page=1">'.$imgHtml.'</a>';
echo '</td>'; echo '</td>';
} // end if ZM_WEB_LIST_THUMBS } // end if ZM_WEB_LIST_THUMBS
?> ?>
<td class="colMark"><input type="checkbox" name="markEids[]" value="<?php echo $event->Id() ?>" onclick="configureButton(this, 'markEids');"/></td> <td class="colMark"><input type="checkbox" name="markEids[]" value="<?php echo $event->Id() ?>" data-onclick-this="configureButton"/></td>
</tr> </tr>
<?php <?php
} }
@ -274,25 +274,25 @@ if ( $pagination ) {
} }
?> ?>
<div id="contentButtons"> <div id="contentButtons">
<button type="button" name="viewBtn" value="View" onclick="viewEvents(this, 'markEids');" disabled="disabled"> <button type="button" name="viewBtn" value="View" data-onclick-this="viewEvents" disabled="disabled">
<?php echo translate('View') ?> <?php echo translate('View') ?>
</button> </button>
<button type="button" name="archiveBtn" value="Archive" onclick="archiveEvents(this, 'markEids')" disabled="disabled"> <button type="button" name="archiveBtn" value="Archive" data-onclick-this="archiveEvents" disabled="disabled">
<?php echo translate('Archive') ?> <?php echo translate('Archive') ?>
</button> </button>
<button type="button" name="unarchiveBtn" value="Unarchive" onclick="unarchiveEvents(this, 'markEids');" disabled="disabled"> <button type="button" name="unarchiveBtn" value="Unarchive" data-onclick-this="unarchiveEvents" disabled="disabled">
<?php echo translate('Unarchive') ?> <?php echo translate('Unarchive') ?>
</button> </button>
<button type="button" name="editBtn" value="Edit" onclick="editEvents(this, 'markEids')" disabled="disabled"> <button type="button" name="editBtn" value="Edit" data-onclick-this="editEvents" disabled="disabled">
<?php echo translate('Edit') ?> <?php echo translate('Edit') ?>
</button> </button>
<button type="button" name="exportBtn" value="Export" onclick="exportEvents(this, 'markEids')" disabled="disabled"> <button type="button" name="exportBtn" value="Export" data-onclick-this="exportEvents" disabled="disabled">
<?php echo translate('Export') ?> <?php echo translate('Export') ?>
</button> </button>
<button type="button" name="downloadBtn" value="DownloadVideo" onclick="downloadVideo(this, 'markEids')" disabled="disabled"> <button type="button" name="downloadBtn" value="DownloadVideo" data-onclick-this="downloadVideo" disabled="disabled">
<?php echo translate('DownloadVideo') ?> <?php echo translate('DownloadVideo') ?>
</button> </button>
<button type="button" name="deleteBtn" value="Delete" onclick="deleteEvents(this, 'markEids');" disabled="disabled"> <button type="button" name="deleteBtn" value="Delete" data-onclick-this="deleteEvents" disabled="disabled">
<?php echo translate('Delete') ?> <?php echo translate('Delete') ?>
</button> </button>
</div> </div>
@ -301,6 +301,7 @@ if ( $pagination ) {
</div> </div>
<script nonce="<?php echo $cspNonce;?>"> <script nonce="<?php echo $cspNonce;?>">
// These are defined in the .js.php but need to be updated down here. // These are defined in the .js.php but need to be updated down here.
// This might be better done by selecting through the dom for the archived class
archivedEvents = <?php echo !empty($archived)?'true':'false' ?>; archivedEvents = <?php echo !empty($archived)?'true':'false' ?>;
unarchivedEvents = <?php echo !empty($unarchived)?'true':'false' ?>; unarchivedEvents = <?php echo !empty($unarchived)?'true':'false' ?>;
</script> </script>

61
web/skins/classic/views/js/events.js
View File

@ -17,12 +17,13 @@ function setButtonStates( element ) {
form.deleteBtn.disabled = !(canEditEvents && checked); form.deleteBtn.disabled = !(canEditEvents && checked);
} }
function configureButton( element, name ) { function configureButton(event) {
var element = event.target;
var form = element.form; var form = element.form;
var checked = element.checked; var checked = element.checked;
if ( !checked ) { if ( !checked ) {
for (var i = 0; i < form.elements.length; i++) { for (var i = 0, len=form.elements.length; i < len; i++) {
if ( form.elements[i].name.indexOf(name) == 0) { if ( form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
checked = true; checked = true;
break; break;
@ -42,15 +43,17 @@ function configureButton( element, name ) {
form.deleteBtn.disabled = !(canEditEvents && checked); form.deleteBtn.disabled = !(canEditEvents && checked);
} }
function deleteEvents( element, name ) { function deleteEvents( element ) {
if ( ! canEditEvents ) { if ( ! canEditEvents ) {
alert("You do not have permission to delete events."); alert("You do not have permission to delete events.");
return; return;
} }
var form = element.form; var form = element.form;
var count = 0; var count = 0;
// This is slightly more efficient than a jquery selector because we stop after finding one.
for (var i = 0; i < form.elements.length; i++) { for (var i = 0; i < form.elements.length; i++) {
if (form.elements[i].name.indexOf(name) == 0) { if (form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
count++; count++;
break; break;
@ -65,15 +68,15 @@ function deleteEvents( element, name ) {
} }
} }
function editEvents( element, name ) { function editEvents( element ) {
if ( ! canEditEvents ) { if ( ! canEditEvents ) {
alert("You do not have permission to delete events."); alert("You do not have permission to delete events.");
return; return;
} }
var form = element.form; var form = element.form;
var eids = new Array(); var eids = new Array();
for (var i = 0; i < form.elements.length; i++) { for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf(name) == 0) { if (form.elements[i].name.indexOf('markEids') == 0) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value; eids[eids.length] = 'eids[]='+form.elements[i].value;
} }
@ -82,24 +85,24 @@ function editEvents( element, name ) {
createPopup( '?view=eventdetail&'+eids.join( '&' ), 'zmEventDetail', 'eventdetail' ); createPopup( '?view=eventdetail&'+eids.join( '&' ), 'zmEventDetail', 'eventdetail' );
} }
function downloadVideo( element, name ) { function downloadVideo( element ) {
var form = element.form; var form = element.form;
var eids = new Array(); var eids = new Array();
for (var i = 0; i < form.elements.length; i++) { for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf(name) == 0) { if (form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value; eids[eids.length] = 'eids[]='+form.elements[i].value;
} }
} }
} }
createPopup( '?view=download&'+eids.join( '&' ), 'zmDownload', 'download' ); createPopup( '?view=download&'+eids.join('&'), 'zmDownload', 'download' );
} }
function exportEvents( element, name ) { function exportEvents( element ) {
var form = element.form; var form = element.form;
var eids = new Array(); var eids = new Array();
for (var i = 0; i < form.elements.length; i++) { for (var i = 0, len=form.elements.length; i < len; i++) {
if (form.elements[i].name.indexOf(name) == 0) { if (form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
eids[eids.length] = 'eids[]='+form.elements[i].value; eids[eids.length] = 'eids[]='+form.elements[i].value;
} }
@ -108,11 +111,11 @@ function exportEvents( element, name ) {
createPopup( '?view=export&'+eids.join( '&' ), 'zmExport', 'export' ); createPopup( '?view=export&'+eids.join( '&' ), 'zmExport', 'export' );
} }
function viewEvents( element, name ) { function viewEvents( element ) {
var form = element.form; var form = element.form;
var events = new Array(); var events = new Array();
for (var i = 0; i < form.elements.length; i++) { for (var i = 0, len=form.elements.length; i < len; i++) {
if ( form.elements[i].name.indexOf(name) == 0) { if ( form.elements[i].name.indexOf('markEids') == 0 ) {
if ( form.elements[i].checked ) { if ( form.elements[i].checked ) {
events[events.length] = form.elements[i].value; events[events.length] = form.elements[i].value;
} }
@ -124,13 +127,13 @@ function viewEvents( element, name ) {
} }
} }
function archiveEvents( element, name ) { function archiveEvents(element) {
var form = element.form; var form = element.form;
form.elements['action'].value = 'archive'; form.elements['action'].value = 'archive';
form.submit(); form.submit();
} }
function unarchiveEvents(element, name) { function unarchiveEvents(element) {
if ( ! canEditEvents ) { if ( ! canEditEvents ) {
alert("You do not have permission to delete events."); alert("You do not have permission to delete events.");
return; return;
@ -146,10 +149,26 @@ if ( openFilterWindow ) {
location.replace( '?view='+currentView+'&page='+thisPage+filterQuery ); location.replace( '?view='+currentView+'&page='+thisPage+filterQuery );
} }
function thumbnail_onmouseover(event) {
var img = event.target;
img.src = img.getAttribute('stream_src');
}
function thumbnail_onmouseout(event) {
var img = event.target;
img.src = img.getAttribute('still_src');
}
function initPage() { function initPage() {
if (window.history.length == 1) { if ( window.history.length == 1 ) {
$j('#controls').children().eq(0).html(''); $j('#controls').children().eq(0).html('');
} }
$j('.colThumbnail img').each(function(){
this.addEventListener('mouseover',thumbnail_onmouseover,false);
this.addEventListener('mouseout',thumbnail_onmouseout,false);
});
$j('input[name=markEids\\[\\]]').each(function(){
this.addEventListener('click',configureButton,false);
});
} }
$j(document).ready(initPage); $j(document).ready(initPage);