ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix the overzealous use of escapeshellcmd that breaks restarting monitors

pull/1857/head
Isaac Connor 2017-03-31 11:59:55 -04:00
parent 30455feef7
commit d1a60dedc8
1 changed files with 42 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
web/includes/functions.php
View File

@ -19,7 +19,7 @@
// //
// Compatibility functions // Compatibility functions
if ( version_compare( phpversion(), "4.3.0", "<") ) { if ( version_compare( phpversion(), '4.3.0', '<') ) {
function ob_get_clean() { function ob_get_clean() {
$buffer = ob_get_contents(); $buffer = ob_get_contents();
ob_end_clean(); ob_end_clean();
@ -27,24 +27,24 @@ if ( version_compare( phpversion(), "4.3.0", "<") ) {
} }
} }
function userLogin( $username, $password="", $passwordHashed=false ) { function userLogin( $username, $password='', $passwordHashed=false ) {
global $user, $cookies; global $user, $cookies;
$sql = "select * from Users where Enabled = 1"; $sql = 'SELECT * FROM Users WHERE Enabled = 1';
$sql_values = NULL; $sql_values = NULL;
if ( ZM_AUTH_TYPE == "builtin" ) { if ( ZM_AUTH_TYPE == 'builtin' ) {
if ( $passwordHashed ) { if ( $passwordHashed ) {
$sql .= " AND Username=? AND Password=?"; $sql .= ' AND Username=? AND Password=?';
} else { } else {
$sql .= " AND Username=? AND Password=password(?)"; $sql .= ' AND Username=? AND Password=password(?)';
} }
$sql_values = array( $username, $password ); $sql_values = array( $username, $password );
} else { } else {
$sql .= " AND Username = ?"; $sql .= ' AND Username = ?';
$sql_values = array( $username ); $sql_values = array( $username );
} }
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
if ( ZM_AUTH_RELAY == "plain" ) { if ( ZM_AUTH_RELAY == 'plain' ) {
// Need to save this in session // Need to save this in session
$_SESSION['password'] = $password; $_SESSION['password'] = $password;
} }
@ -829,36 +829,38 @@ function packageControl( $command ) {
} }
function daemonControl( $command, $daemon=false, $args=false ) { function daemonControl( $command, $daemon=false, $args=false ) {
$string = ZM_PATH_BIN."/zmdc.pl $command"; $string = escapeshellcmd(ZM_PATH_BIN).'/zmdc.pl '.$command;
if ( $daemon ) { if ( $daemon ) {
$string .= escapeshellarg(" $daemon"); #$string .= ' ' . $daemon;
$string .= ' ' . $daemon;
if ( $args ) { if ( $args ) {
$string .= escapeshellarg(" $args"); $string .= ' ' . $args;
#$string .= ' ' . $args;
} }
} }
$string .= " 2>/dev/null >&- <&- >/dev/null"; $string .= ' 2>/dev/null >&- <&- >/dev/null';
Debug("exec $string");
exec( $string ); exec( $string );
} }
function zmcControl( $monitor, $mode=false ) { function zmcControl( $monitor, $mode=false ) {
if ( (!defined('ZM_SERVER_ID')) or ( ZM_SERVER_ID==$monitor['ServerId'] ) ) { if ( (!defined('ZM_SERVER_ID')) or ( ZM_SERVER_ID==$monitor['ServerId'] ) ) {
$row = NULL; $row = NULL;
if ( $monitor['Type'] == "Local" ) { if ( $monitor['Type'] == 'Local' ) {
$row = dbFetchOne( "select count(if(Function!='None',1,NULL)) as ActiveCount from Monitors where Device = ?", NULL, array($monitor['Device']) ); $row = dbFetchOne( "SELECT count(if(Function!='None',1,NULL)) AS ActiveCount FROM Monitors WHERE Device = ?", NULL, array($monitor['Device']) );
$zmcArgs = "-d ".$monitor['Device']; $zmcArgs = '-d '.escapeshellarg( $monitor['Device'] );
} else { } else {
$row = dbFetchOne( "select count(if(Function!='None',1,NULL)) as ActiveCount from Monitors where Id = ?", NULL, array($monitor['Id']) ); $row = dbFetchOne( "SELECT count(if(Function!='None',1,NULL)) AS ActiveCount FROM Monitors WHERE Id = ?", NULL, array($monitor['Id']) );
$zmcArgs = "-m ".$monitor['Id']; $zmcArgs = '-m '.$monitor['Id'];
} }
$activeCount = $row['ActiveCount']; $activeCount = $row['ActiveCount'];
if ( (!$activeCount) || ($mode == 'stop') ) {
if ( !$activeCount || $mode == "stop" ) { daemonControl( 'stop', 'zmc', $zmcArgs );
daemonControl( "stop", "zmc", $zmcArgs );
} else { } else {
if ( $mode == "restart" ) { if ( $mode == 'restart' ) {
daemonControl( "stop", "zmc", $zmcArgs ); daemonControl( 'stop', 'zmc', $zmcArgs );
} }
daemonControl( "start", "zmc", $zmcArgs ); daemonControl( 'start', 'zmc', $zmcArgs );
} }
} else { } else {
$Server = new Server( $monitor['ServerId'] ); $Server = new Server( $monitor['ServerId'] );
@ -878,7 +880,6 @@ function zmcControl( $monitor, $mode=false ) {
$context = stream_context_create($options); $context = stream_context_create($options);
$result = file_get_contents($url, false, $context); $result = file_get_contents($url, false, $context);
if ($result === FALSE) { /* Handle error */ } if ($result === FALSE) { /* Handle error */ }
} }
} }
@ -937,34 +938,34 @@ function daemonStatus( $daemon, $args=false ) {
initDaemonStatus(); initDaemonStatus();
$string = "$daemon"; $string = $daemon;
if ( $args ) if ( $args )
$string .= " $args"; $string .= ' ' . $args;
return( strpos( $daemon_status, "'$string' running" ) !== false ); return( strpos( $daemon_status, "'$string' running" ) !== false );
} }
function zmcStatus( $monitor ) { function zmcStatus( $monitor ) {
if ( $monitor['Type'] == 'Local' ) { if ( $monitor['Type'] == 'Local' ) {
$zmcArgs = "-d ".$monitor['Device']; $zmcArgs = '-d '.$monitor['Device'];
} else { } else {
$zmcArgs = "-m ".$monitor['Id']; $zmcArgs = '-m '.$monitor['Id'];
} }
return( daemonStatus( "zmc", $zmcArgs ) ); return( daemonStatus( 'zmc', $zmcArgs ) );
} }
function zmaStatus( $monitor ) { function zmaStatus( $monitor ) {
if ( is_array( $monitor ) ) { if ( is_array( $monitor ) ) {
$monitor = $monitor['Id']; $monitor = $monitor['Id'];
} }
return( daemonStatus( "zma", "-m $monitor" ) ); return( daemonStatus( 'zma', "-m $monitor" ) );
} }
function daemonCheck( $daemon=false, $args=false ) { function daemonCheck( $daemon=false, $args=false ) {
$string = ZM_PATH_BIN."/zmdc.pl check"; $string = ZM_PATH_BIN."/zmdc.pl check";
if ( $daemon ) { if ( $daemon ) {
$string .= escapeshellarg(" $daemon"); $string .= ' ' . escapeshellarg( $daemon );
if ( $args ) if ( $args )
$string .= escapeshellarg(" $args"); $string .= ' ' . escapeshellarg( $args );
} }
$result = exec( $string ); $result = exec( $string );
return( preg_match( '/running/', $result ) ); return( preg_match( '/running/', $result ) );
@ -972,18 +973,18 @@ function daemonCheck( $daemon=false, $args=false ) {
function zmcCheck( $monitor ) { function zmcCheck( $monitor ) {
if ( $monitor['Type'] == 'Local' ) { if ( $monitor['Type'] == 'Local' ) {
$zmcArgs = "-d ".$monitor['Device']; $zmcArgs = '-d '.$monitor['Device'];
} else { } else {
$zmcArgs = "-m ".$monitor['Id']; $zmcArgs = '-m '.$monitor['Id'];
} }
return( daemonCheck( "zmc", $zmcArgs ) ); return( daemonCheck( 'zmc', $zmcArgs ) );
} }
function zmaCheck( $monitor ) { function zmaCheck( $monitor ) {
if ( is_array( $monitor ) ) { if ( is_array( $monitor ) ) {
$monitor = $monitor['Id']; $monitor = $monitor['Id'];
} }
return( daemonCheck( "zma", "-m $monitor" ) ); return( daemonCheck( 'zma', "-m $monitor" ) );
} }
function getImageSrc( $event, $frame, $scale=SCALE_BASE, $captureOnly=false, $overwrite=false ) { function getImageSrc( $event, $frame, $scale=SCALE_BASE, $captureOnly=false, $overwrite=false ) {
@ -1404,9 +1405,9 @@ function sortHeader( $field, $querySep='&amp;' ) {
function sortTag( $field ) { function sortTag( $field ) {
if ( $_REQUEST['sort_field'] == $field ) if ( $_REQUEST['sort_field'] == $field )
if ( $_REQUEST['sort_asc'] ) if ( $_REQUEST['sort_asc'] )
return( "(^)" ); return( '(^)' );
else else
return( "(v)" ); return( '(v)' );
return( false ); return( false );
} }
@ -1418,15 +1419,15 @@ function getLoad() {
function getDiskPercent($path = ZM_DIR_EVENTS) { function getDiskPercent($path = ZM_DIR_EVENTS) {
$total = disk_total_space($path); $total = disk_total_space($path);
if ( $total === false ) { if ( $total === false ) {
Error("disk_total_space returned false. Verify the web account user has access to " . $path ); Error('disk_total_space returned false. Verify the web account user has access to ' . $path );
return 0; return 0;
} elseif ( $total == 0 ) { } elseif ( $total == 0 ) {
Error("disk_total_space indicates the following path has a filesystem size of zero bytes" . $path ); Error('disk_total_space indicates the following path has a filesystem size of zero bytes' . $path );
return 100; return 100;
} }
$free = disk_free_space($path); $free = disk_free_space($path);
if ( $free === false ) { if ( $free === false ) {
Error("disk_free_space returned false. Verify the web account user has access to " . $path ); Error('disk_free_space returned false. Verify the web account user has access to ' . $path );
} }
$space = round((($total - $free) / $total) * 100); $space = round((($total - $free) / $total) * 100);
return( $space ); return( $space );