| .. |
|
js
|
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
|
2019-02-09 18:43:55 -08:00 |
|
_monitor_filters.php
|
Replace remaining `console` inline event handlers (#2432)
|
2019-01-21 11:11:40 -05:00 |
|
_monitor_source_nvsocket.php
|
fix nvsocket
|
2017-11-13 14:25:19 -08:00 |
|
add_monitors.php
|
make find and find_one functions consistent across Objects
|
2018-09-07 16:31:11 -04:00 |
|
bandwidth.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
blank.php
|
More inline JS / nonce conversions (#2415)
|
2019-01-18 09:51:06 -05:00 |
|
console.php
|
console: Escape source column output to prevent XSS. Fixes #2452
|
2019-02-09 02:28:40 -08:00 |
|
control.php
|
skins/classic/views/control.php second order sqli (#2422)
|
2019-01-19 09:46:21 -05:00 |
|
controlcap.php
|
controlcap.php: Reflected xss fix with validHtmlStr (#2423)
|
2019-01-19 09:43:28 -05:00 |
|
controlcaps.php
|
Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479)
|
2019-01-25 08:35:07 -05:00 |
|
controlpreset.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
cycle.php
|
Fix #2391 by defining monitor variable (#2392)
|
2019-01-05 10:20:34 -05:00 |
|
device.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
devices.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
donate.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
download.php
|
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
|
2019-02-09 01:37:32 -08:00 |
|
error.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
event.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
eventdetail.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
events.php
|
events.php: Remove inline event handlers and enforce CSP
|
2019-02-09 17:34:59 -08:00 |
|
export.php
|
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
|
2019-02-09 02:01:26 -08:00 |
|
filter.php
|
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
|
2019-02-09 15:35:55 -08:00 |
|
frame.php
|
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
|
2019-02-09 15:10:45 -08:00 |
|
frames.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
function.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
group.php
|
group: Escape group name in heading. Fixes #2454
|
2019-02-09 14:05:50 -08:00 |
|
groups.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
image-ffmpeg.php
|
Merge branch 'master' into storageareas
|
2017-07-21 11:04:32 -04:00 |
|
log.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
login.php
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
|
logout.php
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
|
monitor.php
|
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
|
2019-02-09 17:11:53 -08:00 |
|
monitorpreset.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
monitorprobe.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
monitors.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
montage.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
montagereview.php
|
Fix CSP violation in the onclick of the monitor view in montagereview
|
2019-02-06 12:17:10 -05:00 |
|
none.php
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
|
onvifprobe.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
optionhelp.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
options.php
|
Fix duplicate 'class' attribute in options (#2418)
|
2019-01-18 10:05:44 -05:00 |
|
plugin.php
|
plugin.php: Remove undefined onclick function reference and enforce CSP
|
2019-01-23 19:47:58 -08:00 |
|
postlogin.php
|
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
|
2019-02-09 18:06:21 -08:00 |
|
privacy.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
report_event_audit.php
|
add fileSize to the api, and use it to add remote fileSize reporting in includes/Event
|
2018-05-08 13:33:56 -07:00 |
|
server.php
|
Add a validateForm event listener and enforce CSP on some views (#2425)
|
2019-01-19 09:41:53 -05:00 |
|
settings.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
state.php
|
fix state actions
|
2019-02-05 12:35:06 -05:00 |
|
stats.php
|
update gpl 2 mailing address in source files
|
2016-12-26 09:23:16 -06:00 |
|
status.php
|
fix state changing/etc
|
2019-01-30 14:36:46 -05:00 |
|
storage.php
|
Add a validateForm event listener and enforce CSP on some views (#2425)
|
2019-01-19 09:41:53 -05:00 |
|
timeline.php
|
specify E.* in query because otherwise it uses M.Id for Id
|
2018-04-20 14:25:38 -04:00 |
|
user.php
|
user.php: Escape the Username upon display. Fixes #2467
|
2019-02-09 17:45:52 -08:00 |
|
version.php
|
update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update.
|
2019-01-31 09:40:19 -05:00 |
|
video.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
watch.php
|
spacing, remove non html5 elements
|
2019-01-25 09:22:08 -05:00 |
|
zone.php
|
Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
|
2019-01-16 09:59:58 -05:00 |
|
zones.php
|
Fix zones.php self-xss. Fixes #2444
|
2019-01-24 23:40:41 -08:00 |
255806bd54