f9a3c5fc83
Don't log error when ignoring action if it is an ajax request
2022-11-16 09:28:33 -05:00
89c6e22052
Remove check for ZM_WEB_DIR is writable.
2022-11-15 14:44:45 -05:00
6199613c40
Merge branch 'add_event_data'
2022-10-31 18:00:32 -04:00
6edbee7c70
Handle empty but defined REQUEST[action]
2022-10-31 17:59:34 -04:00
91e728c0d3
Sort servers in global array
2022-10-25 13:31:40 -04:00
ce62bb1297
Minor cleanup, remove dead code
2022-10-17 17:25:36 -04:00
c0a4c05e84
Only perform actions on post. Doing them on GET allows doing actions from things like img tags which is not good.
2022-10-03 15:49:48 -04:00
c7ded07794
Only look for action if there is a view
2022-09-27 10:49:50 -04:00
7874825064
put back including config.php
2022-06-03 10:09:36 -04:00
4a6ad1f880
move dateFormatters to config. This is so that they get setup even if not using index.php. Like cakephp for example.
2022-06-02 20:13:37 -04:00
efe2f0b0a1
Add overriding timeFormatter pattern
2022-06-01 16:20:36 -04:00
655daff383
Add timeFormatter
2022-06-01 16:16:38 -04:00
ce6bb6140a
Setup global dateFormatter and dateTimeFormatter. Once config is initialized, redo them if a different local was specified, and then apply custom patters if specified.
2022-06-01 15:49:50 -04:00
8f05b4788f
Add default global dateFormatter. Default to en_US but after config is loaded we can replace it.
2022-06-01 13:33:41 -04:00
efc1ec770c
Debug the contents of REQUEST on every hit.
2022-02-15 18:52:46 -05:00
db866fa668
Implement zm_setcookie to simplify setting cookies, set samesite, deal with older php etc. Use it.
2022-01-20 09:46:38 -05:00
ba9a871daf
Move CSP stuff down to view parsing. ajax requests only output json, so CSP shouldn't be relevant. Only end output buffer if there is one. archive view for example clears all output buffers.
2021-08-18 10:53:59 -04:00
ed5262432f
Fix samsite support for php <= 7.2
2021-06-02 14:59:13 -04:00
9e64b912a8
Add samesite when setting cookie for skin and css
2021-05-25 11:33:28 -04:00
7aa625ea8e
Don't both loading all the Object code until after auth.
2021-04-12 15:59:31 -04:00
284837d536
quotes, spaces. Also move setting redirect to to where we actually do the redirect so that actions can remove the redirect if there was an error to report.
2021-03-21 09:19:21 -04:00
0bb4afa0bc
The test for xmlhttprequest is bogus. chrome jquery JSON requests don't send it. Replace with a test for instead. So now only redirect on proper html views.
2021-03-13 12:11:55 -05:00
c6cf1da47d
Merge branch 'master' into zma_to_thread
2021-01-11 17:08:44 -05:00
10c0a6617c
Return Debug to a regular function to match other logging functions. Since we switched to using namespaces we no longer clash with cake_php.
2020-10-14 10:39:25 -04:00
0f263407a5
make redirect conditional on previous view
2020-10-12 10:32:25 -05:00
70b73048cc
add csrf checks to frames view
2020-09-02 18:11:53 -04:00
29ab186a7e
put generating the view html into an ob_start/ob_end_flush so that we can do things like re-open sessions in the middle of generating content. Only send CSP headers on html content.
2020-09-02 13:58:24 -04:00
0a3ad719cd
Merge branch 'master' into filter_pre_post
2020-08-17 18:30:44 -04:00
ea4edcbc94
Make a global so tht we can use it in export_functions
2020-08-16 20:08:14 -04:00
0a383c02c4
Better debugging of REQUEST/POST vars
2020-06-23 22:20:07 -04:00
ebfae1f855
turn off debug
2020-05-01 13:17:39 -04:00
da94985508
add back global servers
2020-04-10 11:14:09 -04:00
e06912a995
Merge branch 'release-1.34'
2020-03-21 15:28:27 -04:00
d3df0defc9
Support missing openssl_random_pseudo_bytes by using alternate functions
2020-03-21 15:28:18 -04:00
8eee5cc222
Add global array so that we only do it once.
2020-03-04 11:03:30 -05:00
6456d52b97
Merge branch 'fix_user_lang'
2020-02-27 17:43:51 -05:00
d371da7b4f
including the language files must come after auth in order to user the user's language setting
2020-02-27 17:42:02 -05:00
dab5c520fe
Merge branch 'master' into add_alarmed_zone_to_filters
2020-02-19 14:20:08 -05:00
600dbba8c5
We don't need to set date_default_timezone_get
2020-02-11 13:23:53 -05:00
6345ecc479
remove debug
2020-01-23 17:04:33 -05:00
9d41334e8f
Merge branch 'master' into add_alarmed_zone_to_filters
2020-01-22 13:45:37 -05:00
dbdb13efd7
Instead of passing query string in form post variables, store it in session so that it survives redirects. Fixes #2811
2020-01-20 11:02:43 -05:00
e39a95d761
Add AlarmedZoned to filters, work on fixing filter behaviour in js. Enable viewing filter results in montagereview
2019-12-18 19:06:10 -05:00
d02aee64e4
Add setting of timezone to Options/Config instead of php.ini
2019-10-02 09:07:18 -04:00
ff8e9fa072
Don't glob skins dir and css dirs unless our skin or css is invalid.
2019-09-17 12:07:10 -04:00
25198e0eb0
move session_close to after auth so that whatever we do with the session in auth gets saved
2019-09-04 17:53:59 -04:00
ef5497cba8
If we have an ajax request, don't do actions.
2019-08-29 11:26:14 -04:00
84492f29b1
Fix token auth sessions ( #2676 )
...
* If token is present do token based auth and do not do anything with session
* update HostController. Use config constants, don't use sessions
* Remove Session from the components list
* spacing
* Remove Session from App Components list.
* Move APIEnabled check to the api from auth.php
* Rework auth. login using username and password only occurs on login action now. Including auth.php should not touch the session. auth_hash logins no longer touch the session. replace userLogin with a function called validateUser which matches the semantics of validateToken.
* remove debugging
* Add session storage if stateful query param is on, but only for LEGACY_API_AUTH
* fix mUser to username, etc.
* shuffle lines
* use instead of session when generating auth hash.
* Add docs regarding the use of cookies and stateful query param
* Only open/close session if we are clearing a session var
* Use zm_session_start instead of session_start
* Should use zm_session_start instead of session_start
* document that zm_session_start should be called previously to session_regenerate_id
* Don't actually write out the session when generating auth hashes. Means they should never actually persist.
* More backticking of SQL
* add .. to fix #2686
* Use material icons for sort because they look nicer
* fix typo
* have to add authhash to session on login
* restore username&password login for all urls
* fix
* fixes
2019-08-20 09:46:53 -04:00
1103928ed7
only call check_timezone on console for efficiency in all other requests
2019-08-15 15:16:20 -04:00
940338ea12
namespace escape Error calls
2019-04-29 12:51:02 -04:00
Isaac Connor
Isaac Connor
Andrew Bauer
Isaac Connor