From dd0ce50c17ba7a9c2524a189be231edd864412dd Mon Sep 17 00:00:00 2001
From: Isaac Connor <isaac@zoneminder.com>
Date: Thu, 6 Feb 2020 13:21:30 -0500
Subject: [PATCH] quotes and improve the output of the ajaxError to say what
 the action was and who the user was

---
 web/ajax/console.php | 54 +++++++++++++++++++++-----------------------
 1 file changed, 26 insertions(+), 28 deletions(-)

diff --git a/web/ajax/console.php b/web/ajax/console.php
index 1a5919b58..ae8a60b15 100644
--- a/web/ajax/console.php
+++ b/web/ajax/console.php
@@ -1,35 +1,33 @@
 <?php
 if ( canEdit('Monitors') ) {
-    switch ( $_REQUEST['action'] ) {
-      case 'sort' :
-        {
-          $monitor_ids = $_POST['monitor_ids'];
-          # Two concurrent sorts could generate odd sortings... so lock the table.
-          global $dbConn;
-          $dbConn->beginTransaction();
-          $dbConn->exec('LOCK TABLES Monitors WRITE');
-          for ( $i = 0; $i < count($monitor_ids); $i += 1 ) {
-            $monitor_id = $monitor_ids[$i];
-            $monitor_id = preg_replace( '/^monitor_id-/', '', $monitor_id );
-            if ( ( ! $monitor_id ) or ! ( is_integer( $monitor_id ) or ctype_digit( $monitor_id ) ) ) {
-              Warning("Got $monitor_id from " . $monitor_ids[$i]);
-              continue;
-            }
-            dbQuery('UPDATE Monitors SET Sequence=? WHERE Id=?', array($i, $monitor_id));
-          } // end for each monitor_id
-          $dbConn->commit();
-          $dbConn->exec('UNLOCK TABLES');
-        
-          return;
-      } // end case sort
-      default:
-      {
-        ZM\Warning('unknown action ' . $_REQUEST['action']);
-      } // end ddcase default
-    }
+  switch ( $_REQUEST['action'] ) {
+  case 'sort' :
+  {
+    $monitor_ids = $_POST['monitor_ids'];
+    # Two concurrent sorts could generate odd sortings... so lock the table.
+    global $dbConn;
+    $dbConn->beginTransaction();
+    $dbConn->exec('LOCK TABLES Monitors WRITE');
+    for ( $i = 0; $i < count($monitor_ids); $i += 1 ) {
+      $monitor_id = $monitor_ids[$i];
+      $monitor_id = preg_replace('/^monitor_id-/', '', $monitor_id);
+      if ( ( !$monitor_id ) or ! ( is_integer($monitor_id) or ctype_digit($monitor_id) ) ) {
+        Warning('Got '.$monitor_id.' from '.$monitor_ids[$i]);
+        continue;
+      }
+      dbQuery('UPDATE Monitors SET Sequence=? WHERE Id=?', array($i, $monitor_id));
+    } // end for each monitor_id
+    $dbConn->commit();
+    $dbConn->exec('UNLOCK TABLES');
+
+    return;
+  } // end case sort
+  default:
+    ZM\Warning('unknown action '.$_REQUEST['action']);
+  }
 } else {
   ZM\Warning('Cannot edit monitors');
 }
 
-ajaxError('Unrecognised action or insufficient permissions');
+ajaxError('Unrecognised action '.$_REQUEST['action'].' or insufficient permissions for user ' . $user['Username']);
 ?>