ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zoneminder/web/includes
History
Isaac Connor 5561829450 fix: include username in auth relay and fix stale auth in stream restart 
- Add user= parameter to get_auth_relay() so zms can use the indexed
  Username column instead of iterating all users to validate the hash
- Apply the same fix to Event.php getStreamSrc() and getThumbnailSrc()
- Tighten Monitor.php from isset() to !empty() for consistency
- In MonitorStream.js start(), check if the auth hash in the img src
  matches the current auth_hash before resuming via CMD_PLAY. If stale,
  fall through to rebuild the URL with fresh auth_relay. This prevents
  long-running montage pages from spawning zms with expired credentials.
- Downgrade zms auth failure from Error to Warning

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		2026-03-16 10:01:47 -04:00
..
actions feat: make Remember Me a tri-state option (None/Yes/No) 2026-03-12 16:35:41 -04:00
csrf Until we use "use strict", additional code analysis is required (csrf-magic.js) 2025-08-09 18:54:45 +03:00
Control.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Event.php fix: include username in auth relay and fix stale auth in stream restart 2026-03-16 10:01:47 -04:00
Event_Data.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Event_Tag.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Filter.php Remove Preview Rate Control. Disable BuiltIn Video controls. 2026-01-29 11:18:30 -05:00
FilterTerm.php fix: close SQL injection, command injection, and shell escaping gaps 2026-03-09 10:48:23 -04:00
Frame.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Group.php Remove session usage for monitor filters, use cookies only 2026-01-07 18:23:47 +00:00
Group_Monitor.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Group_Permission.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Manufacturer.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
MenuItem.php feat: add 'none' icon type, show icons in navbar, fix console column dropdown 2026-03-09 16:59:40 -04:00
Model.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Monitor.php fix: include username in auth relay and fix stale auth in stream restart 2026-03-16 10:01:47 -04:00
Monitor_Permission.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
MontageLayout.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Object.php Add support for the string NULL is object lookup values 2026-01-30 08:33:49 -05:00
Report.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Role_Group_Permission.php feat: add User Roles feature for reusable permission templates 2026-01-29 13:34:27 -05:00
Role_Monitor_Permission.php feat: add User Roles feature for reusable permission templates 2026-01-29 13:34:27 -05:00
Server.php Update Server.php 2026-01-31 21:01:00 -05:00
Snapshot.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
Storage.php Use the same filter on Storage Name as we use in Monitor Name. 2024-09-30 06:33:09 -04:00
Tag.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
User.php feat: add User Roles feature for reusable permission templates 2026-01-29 13:34:27 -05:00
User_Preference.php fix: php 8.3 deprecated get_class method call without argument 2023-11-22 10:48:04 +03:30
User_Role.php feat: add User Roles feature for reusable permission templates 2026-01-29 13:34:27 -05:00
Zone.php fix: auto-detect and convert pixel zone coordinates to percentages in web layer 2026-02-27 17:49:14 -05:00
auth.php fix: include username in auth relay and fix stale auth in stream restart 2026-03-16 10:01:47 -04:00
config.php.in Increase potential config line size. HTML snippets can easily be larger than 256 2026-03-12 09:28:37 -04:00
control_functions.php Remove extra { breaking ptz 2022-04-23 19:29:04 -04:00
database.php Merge dbUpdate and dbInsert from another branch 2024-11-18 10:47:07 -05:00
download_functions.php fix: add -- end-of-options marker before filename operands in tar/zip/gzip commands 2026-03-09 16:55:56 +00:00
functions.php fix: clarify warning message field vs file wording 2026-03-09 16:55:35 +00:00
lang.php Convert user from an array to a User object 2023-04-23 12:57:29 -04:00
logger.php feat: add AUDIT logging level for tracking administrative changes 2026-02-23 18:19:20 -05:00
monitor_probe.php fix: escape URL in wget() to prevent command injection in camera probe (GHSA-745h-vg7c-73cg) 2026-03-08 16:56:03 -04:00
session.php feat: make Remember Me a tri-state option (None/Yes/No) 2026-03-12 16:35:41 -04:00