From 74d2ba56db5d0b2376700edc923d524e97cd902a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 26 Aug 2020 15:15:10 -0400 Subject: [PATCH 1/8] Persist video volume in a cookie so that subsequent events remember the volume level. --- web/skins/classic/views/js/event.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/skins/classic/views/js/event.js b/web/skins/classic/views/js/event.js index 93da7e9f2..683f144f6 100644 --- a/web/skins/classic/views/js/event.js +++ b/web/skins/classic/views/js/event.js @@ -1077,6 +1077,12 @@ function initPage() { vid.on('click', function(event) { handleClick(event); }); + vid.on('volumechange', function() { + Cookie.write('volume', vid.volume(), {duration: 10*365}); + }); + if ( Cookie.read('volume') != null ) { + vid.volume(Cookie.read('volume')); + } vid.on('timeupdate', function() { $j('#progressValue').html(secsToTime(Math.floor(vid.currentTime()))); }); From 3b1be3346b2cda92454c3bc4cbd87e6161cebd8e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 7 Sep 2020 10:21:06 -0400 Subject: [PATCH 2/8] escape table name when updating Objects --- web/includes/Object.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/includes/Object.php b/web/includes/Object.php index 09be86a9e..2af989e8a 100644 --- a/web/includes/Object.php +++ b/web/includes/Object.php @@ -306,7 +306,7 @@ class ZM_Object { $fields = array_keys($fields); if ( $this->Id() ) { - $sql = 'UPDATE '.$table.' SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?'; + $sql = 'UPDATE `'.$table.'` SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?'; $values = array_map(function($field){ return $this->{$field};}, $fields); $values[] = $this->{'Id'}; if ( dbQuery($sql, $values) ) @@ -314,8 +314,8 @@ class ZM_Object { } else { unset($fields['Id']); - $sql = 'INSERT INTO '.$table. - ' ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)). + $sql = 'INSERT INTO `'.$table. + '` ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)). ') VALUES ('. implode(', ', array_map(function($field){return '?';}, $fields)).')'; From 2cd9c8e2327ba58563dae6b5a1b04a57384458f5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 10 Sep 2020 13:31:39 -0400 Subject: [PATCH 3/8] Update api Zone Saving. Fixes #3037 --- web/api/app/Controller/ZonesController.php | 14 ++++++++------ web/api/app/Model/Zone.php | 4 ---- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/web/api/app/Controller/ZonesController.php b/web/api/app/Controller/ZonesController.php index f01931f65..8d5e661bb 100644 --- a/web/api/app/Controller/ZonesController.php +++ b/web/api/app/Controller/ZonesController.php @@ -115,6 +115,7 @@ class ZonesController extends AppController { if ( !$this->Zone->exists($id) ) { throw new NotFoundException(__('Invalid zone')); } + $message = ''; if ( $this->request->is(array('post', 'put')) ) { global $user; $canEdit = (!$user) || $user['Monitors'] == 'Edit'; @@ -123,14 +124,15 @@ class ZonesController extends AppController { return; } if ( $this->Zone->save($this->request->data) ) { - return $this->flash(__('The zone has been saved.'), array('action' => 'index')); + $message = 'The zone has been saved.'; + } else { + $message = 'Error ' . print_r($this->Zone->invalidFields()); } - } else { - $options = array('conditions' => array('Zone.' . $this->Zone->primaryKey => $id)); - $this->request->data = $this->Zone->find('first', $options); } - $monitors = $this->Zone->Monitor->find('list'); - $this->set(compact('monitors')); + $this->set(array( + 'message' => $message, + '_serialize' => array('message') + )); } /** diff --git a/web/api/app/Model/Zone.php b/web/api/app/Model/Zone.php index 0f5e4d653..cdf8464e2 100644 --- a/web/api/app/Model/Zone.php +++ b/web/api/app/Model/Zone.php @@ -41,19 +41,15 @@ class Zone extends AppModel { //array('naturalNumber'), 'message' => 'Zones must have a valid MonitorId', 'allowEmpty' => false, - 'required' => true, //'last' => false, // Stop validation after this rule //'on' => 'create', // Limit validation to 'create' or 'update' operations ), 'Name' => array( 'required' => array( - //'on' => 'create', 'rule' => 'notBlank', 'message' => 'Zone Name must be specified for creation', - 'required' => true, ), ) - ); //The Associations below have been created with all possible keys, those that are not needed can be removed From 8ad62b89050e7f4c0e97b931b1fe2bc60bd573e8 Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Sun, 13 Sep 2020 16:43:49 -0400 Subject: [PATCH 4/8] another try at fixing Eventcontroller --- web/api/app/Controller/EventsController.php | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/web/api/app/Controller/EventsController.php b/web/api/app/Controller/EventsController.php index 5188c18b4..3b132e932 100644 --- a/web/api/app/Controller/EventsController.php +++ b/web/api/app/Controller/EventsController.php @@ -434,14 +434,11 @@ class EventsController extends AppController { // Find the max Frame for this Event. Error out otherwise. $this->loadModel('Frame'); - if (! $frame = $this->Frame->find('first', array( + $frame = $this->Frame->find('first', array( 'conditions' => array( - 'EventId' => $event['Event']['Id'], - 'Score' => $event['Event']['MaxScore'] - ) - ))) { - throw new NotFoundException(__('Can not find Frame for Event ' . $event['Event']['Id'])); - } - return $frame['Frame']['Id']; + 'EventId' => $event['Event']['Id'], + 'Score' => $event['Event']['MaxScore'] + ))); + return empty($frame)?null:$frame['Frame']['Id']; } } // end class EventsController From 9268db14a79c4ccd444c2bf8d24e62b13207b413 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 16 Sep 2020 14:14:31 -0400 Subject: [PATCH 5/8] Fix xss reported by Noccolo Picca relating to not sanitizing connkey --- web/skins/classic/views/download.php | 4 ++-- web/skins/classic/views/export.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/download.php b/web/skins/classic/views/download.php index 88bb0958b..3e504e5f4 100644 --- a/web/skins/classic/views/download.php +++ b/web/skins/classic/views/download.php @@ -62,7 +62,7 @@ if ( !empty($_REQUEST['eid']) ) { } $focusWindow = true; -$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey(); +$connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey(); xhtmlHeaders(__FILE__, translate('Download')); ?> @@ -75,7 +75,7 @@ xhtmlHeaders(__FILE__, translate('Download'));

-
+ From 6b2773ad8c0036ca74f8d284c3e38fdf3446f1aa Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 16 Sep 2020 14:21:03 -0400 Subject: [PATCH 6/8] Handle invalid eid more gracefully. --- web/skins/classic/views/download.php | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/web/skins/classic/views/download.php b/web/skins/classic/views/download.php index 3e504e5f4..a4e2aa757 100644 --- a/web/skins/classic/views/download.php +++ b/web/skins/classic/views/download.php @@ -54,13 +54,6 @@ if ( isset($_REQUEST['exportFormat']) ) { } } -if ( !empty($_REQUEST['eid']) ) { - $Event = new ZM\Event($_REQUEST['eid']); - if ( !$Event->Id ) { - Error('Invalid event id'); - } -} - $focusWindow = true; $connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey(); @@ -83,7 +76,12 @@ if ( !empty($_REQUEST['eid']) ) { Id . '. Resulting file should be approximately ' . human_filesize( $Event->DiskSpace() ); + if ( !$Event->Id() ) { + ZM\Error('Invalid event id'); + echo '
Invalid event id
'; + } else { + echo 'Downloading event ' . $Event->Id . '. Resulting file should be approximately ' . human_filesize( $Event->DiskSpace() ); + } } else if ( !empty($_REQUEST['eids']) ) { $total_size = 0; foreach ( $_REQUEST['eids'] as $eid ) { From 89913adfa3d10cd67d4afb1bbf42197916fdf3c8 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 16 Sep 2020 14:23:23 -0400 Subject: [PATCH 7/8] Bump version to 1.34.21 for release --- distros/redhat/zoneminder.spec | 2 +- version | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 637630324..d602ec855 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -28,7 +28,7 @@ %global _hardened_build 1 Name: zoneminder -Version: 1.34.20 +Version: 1.34.21 Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons diff --git a/version b/version index f883b434e..63a880485 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.34.20 +1.34.21 From 3492582b9876159c52c604408a62124ce27530a4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sat, 19 Sep 2020 12:00:32 -0400 Subject: [PATCH 8/8] add missing css for settings popup --- web/skins/classic/css/base/views/settings.css | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 web/skins/classic/css/base/views/settings.css diff --git a/web/skins/classic/css/base/views/settings.css b/web/skins/classic/css/base/views/settings.css new file mode 100644 index 000000000..622976b2a --- /dev/null +++ b/web/skins/classic/css/base/views/settings.css @@ -0,0 +1,3 @@ +input[type="number"] { + width: 50px; +}