ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
27,675 Commits
80 Branches
104 Tags
166 MiB
Commit Graph

16 Commits (686fd09534162da052d422930b18e9368d1592ff)

Author SHA1 Message Date
Isaac Connor b036408a5b Fix RCE vulnerability via API config edit privilege escalation 
Add RBAC checks to ConfigsController edit() and delete() requiring
System=Edit permission, matching the pattern used by other controllers.
Harden System/Readonly column checks with !empty() to handle missing
columns gracefully. Fix command injection in Event.php by using
ZM_PATH_FFMPEG constant with escapeshellarg() instead of hardcoded
unsanitized ffmpeg call. Add is_executable() validation at all exec()
sites using ZM_PATH_FFMPEG as defense-in-depth against poisoned config
values.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-26 13:51:30 -05:00
Isaac Connor 68f91acf10 Remove zm_configvals. Just use zm_config. Move code into loadConfig. 2025-12-22 13:17:01 -05:00
Isaac Connor cdbeea439b Add named paramter filtering to Configs api index. Add updating returned config entry with values from zm_config which may have been overridden in /etc/zm/conf.d 2025-12-19 16:48:25 -05:00
Isaac Connor 74aab0a76e Prevent editing of system config entries through the api 2022-05-30 10:02:49 -04:00
Isaac Connor e04eac57ae Include values in /etc/zm files in viewByName 2018-06-25 15:43:01 -04:00
Isaac Connor 2a5f05499e Munge the config in the global configvals into the configs array before returning it. 2018-05-10 13:44:46 -04:00
arjunrc 38b4785557 PP - Gone,flitted away, Taken the starts from the night and sun, From the day! Gone, and a cloud in my heart. - Tennyson 2015-12-19 18:36:38 -05:00
Pliable Pixels e332fc36a9 Fixed Configs API to return all values 2015-07-21 13:28:37 -04:00
Ubuntu dd9603f70f Merged Angular UI branch API to master 2015-06-11 02:58:58 +00:00
Kyle Johnson 9f80a7d5f5 Show a list of Config Key:Value pairs 2014-11-15 19:01:32 +00:00
Kyle Johnson 9268c503af Do not display the "hidden" config category 2014-11-15 19:01:19 +00:00
Kyle Johnson 0d57306790 Find category configs only when $category is not null. API 2014-11-15 18:58:58 +00:00
Kyle Johnson 9f150c4e46 Revert "Find category configs only when $category is not null. API" 
This reverts commit efbbcadc7d.
 2014-11-15 18:58:51 +00:00
Kyle Johnson b88febeaee Find category configs only when $category is not null. API 2014-11-15 18:58:43 +00:00
Kyle Johnson 0a7ba112ab API support for querying config categories. 
Either return a list of distinct categories, or all configs under a
certain category
 2014-11-15 18:55:20 +00:00
Kyle Johnson f1f3de6d7d Moved the api to underneath the web directory 2014-04-29 20:41:04 +00:00