From 4932c36b1bcc1acd6e5b68a7874a25097647f9af Mon Sep 17 00:00:00 2001 From: Pliable Pixels Date: Wed, 15 Apr 2020 10:51:56 -0400 Subject: encode all non standard characters --- config.xml | 6 +----- package.json | 10 ++-------- www/js/EventCtrl.js | 4 ++-- www/js/EventDateTimeFilterCtrl.js | 4 ++-- www/js/EventModalCtrl.js | 10 +++++----- www/js/EventsGraphsCtrl.js | 4 ++-- www/js/MenuController.js | 2 +- www/js/MomentCtrl.js | 4 ++-- www/js/MontageCtrl.js | 4 ++-- www/js/MontageHistoryCtrl.js | 4 ++-- www/js/NVR.js | 26 +++++++++++++------------- www/js/TimelineCtrl.js | 8 ++++---- www/js/WizardCtrl.js | 2 +- www/js/app.js | 3 ++- 14 files changed, 41 insertions(+), 50 deletions(-) diff --git a/config.xml b/config.xml index 7af84f9c..e608d999 100644 --- a/config.xml +++ b/config.xml @@ -1,5 +1,5 @@ - + zmNinja High performance ZoneMinder client @@ -185,11 +185,7 @@ - - - - diff --git a/package.json b/package.json index 9f8e6608..f85c8304 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "zmninjapro", "description": "Home security mobile app for ZoneMinder", - "version":"1.4.2", + "version": "1.4.3", "displayName": "zmNinja", "author": "Pliable Pixels", "license": "custom see LICENSE.md", @@ -60,10 +60,6 @@ "cordova-plugin-android-permissions": {}, "cordova-plugin-inappbrowser": {}, "cordova-plugin-app-version": {}, - "cordova-plugin-certificates-pp-fork": {}, - "cordova-plugin-ionic-webview": { - "ANDROID_SUPPORT_ANNOTATIONS_VERSION": "27.+" - }, "cordova-plugin-statusbar-pp-fork": {}, "cordova-plugin-media-pp-fork": {} } @@ -80,7 +76,6 @@ "cordova-plugin-android-fingerprint-auth": "^1.5.0", "cordova-plugin-android-permissions": "1.0.2", "cordova-plugin-app-version": "0.1.9", - "cordova-plugin-certificates-pp-fork": "^0.9.1", "cordova-plugin-cloud-settings": "^1.0.4", "cordova-plugin-customurlscheme": "^4.4.0", "cordova-plugin-device": "^2.0.3", @@ -91,7 +86,6 @@ "cordova-plugin-inappbrowser": "git+https://github.com/apache/cordova-plugin-inappbrowser.git", "cordova-plugin-insomnia": "^4.3.0", "cordova-plugin-ionic-keyboard": "2.2.0", - "cordova-plugin-ionic-webview": "git+https://github.com/pliablepixels/cordova-plugin-ionic-webview.git", "cordova-plugin-media-pp-fork": "^1.0.2-dev", "cordova-plugin-multi-window": "0.0.3", "cordova-plugin-network-information": "^2.0.2", @@ -230,4 +224,4 @@ ] } } -} +} \ No newline at end of file diff --git a/www/js/EventCtrl.js b/www/js/EventCtrl.js index 535d4129..eed6bc44 100644 --- a/www/js/EventCtrl.js +++ b/www/js/EventCtrl.js @@ -1875,10 +1875,10 @@ angular.module('zmApp.controllers') //https://server/zm/api/events/consoleEvents/5%20minute.json var ld = NVR.getLogin(); - var af = "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0); + var af = "/"+encodeURIComponent("AlarmFrames >=:") + (ld.enableAlarmCount ? ld.minAlarmCount : 0); if (ld.objectDetectionFilter) { - af = af + '/Notes REGEXP:detected:'; + af = af + '/'+encodeURIComponent('Notes REGEXP:detected:'); } diff --git a/www/js/EventDateTimeFilterCtrl.js b/www/js/EventDateTimeFilterCtrl.js index ffe8cd62..e22bd0c1 100644 --- a/www/js/EventDateTimeFilterCtrl.js +++ b/www/js/EventDateTimeFilterCtrl.js @@ -154,11 +154,11 @@ angular.module('zmApp.controllers') for (var i=0; i < $scope.monitors.length; i++) { if ($scope.monitors[i].Monitor.isChecked) { totalChecked += 1; - includeString = includeString + '/MonitorId =:'+$scope.monitors[i].Monitor.Id; + includeString = includeString + '/'+encodeURIComponent('MonitorId =:')+$scope.monitors[i].Monitor.Id; } else { totalUnchecked +=1; - excludeString = excludeString + '/MonitorId !=:'+$scope.monitors[i].Monitor.Id; + excludeString = excludeString + '/'+encodeURIComponent('MonitorId !=:')+$scope.monitors[i].Monitor.Id; } } if (!totalUnchecked) { diff --git a/www/js/EventModalCtrl.js b/www/js/EventModalCtrl.js index e73779a6..37210c22 100644 --- a/www/js/EventModalCtrl.js +++ b/www/js/EventModalCtrl.js @@ -1477,19 +1477,19 @@ angular.module('zmApp.controllers').controller('EventModalCtrl', ['$scope', '$ro var loginData = NVR.getLogin(); var nextEvent = loginData.apiurl + "/events/index" + "/StartTime >: " + currentEvent.Event.StartTime + - ($scope.followSameMonitor == '1' ? "/MonitorId =: " + currentEvent.Monitor.Id : "") ; + ($scope.followSameMonitor == '1' ? "/"+encodeURIComponent("MonitorId =: ") + currentEvent.Monitor.Id : "") ; if ($scope.useFilters) { - nextEvent = nextEvent + "/AlarmFrames >=: " + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); + nextEvent = nextEvent + "/"+encodeURIComponent("AlarmFrames >=: ") + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); } nextEvent = nextEvent + ".json?sort=StartTime&direction=asc&limit=1"+$rootScope.authSession; var prevEvent = loginData.apiurl + "/events/index" + - "/StartTime <: " + currentEvent.Event.StartTime + - ($scope.followSameMonitor == '1' ? "/MonitorId =: " + currentEvent.Monitor.Id : ""); + "/"+encodeURIComponent("StartTime <: ") + currentEvent.Event.StartTime + + ($scope.followSameMonitor == '1' ? "/"+encodeURIComponent("MonitorId =: " )+ currentEvent.Monitor.Id : ""); if ($scope.useFilters) { - prevEvent = prevEvent + "/AlarmFrames >=: " + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); + prevEvent = prevEvent + "/"+encodeURIComponent("AlarmFrames >=: ") + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); } prevEvent = prevEvent + ".json?sort=StartTime&direction=desc&limit=1"+$rootScope.authSession; diff --git a/www/js/EventsGraphsCtrl.js b/www/js/EventsGraphsCtrl.js index c3c69b40..d0c79614 100644 --- a/www/js/EventsGraphsCtrl.js +++ b/www/js/EventsGraphsCtrl.js @@ -182,10 +182,10 @@ angular.module('zmApp.controllers').controller('zmApp.EventsGraphsCtrl', ['$ioni var dateString = ""; if (hrs) { - dateString = "/StartTime <=:" + endDate + "/EndTime >=:" + startDate; + dateString = "/"+encodeURIComponent("StartTime <=:") + endDate + "/"+encodeURIComponent("EndTime >=:") + startDate; } var url = loginData.apiurl + - "/events/index/MonitorId:" + monitors[j].Monitor.Id + dateString + + "/events/index/"+encodeURIComponent("MonitorId:") + monitors[j].Monitor.Id + dateString + ".json?page=1"+$rootScope.authSession; // console.log("Monitor event URL:" + url); NVR.log("EventGraph: composed url is " + url); diff --git a/www/js/MenuController.js b/www/js/MenuController.js index 781fb21e..e7bf6c53 100644 --- a/www/js/MenuController.js +++ b/www/js/MenuController.js @@ -146,7 +146,7 @@ angular.module('zmApp.controllers').controller('MenuController', ['$scope', '$io //alert("Enabling insecure SSL"); NVR.log(">>>> Disabling strict SSL checking (turn off in Dev Options if you can't connect)"); - cordova.plugin.http.setSSLCertMode('nocheck', function () { + cordova.plugin.http.setServerTrustMode('nocheck', function () { NVR.debug('--> SSL is permissive, will allow any certs. Use at your own risk.'); }, function () { NVR.log('-->Error setting SSL permissive'); diff --git a/www/js/MomentCtrl.js b/www/js/MomentCtrl.js index 501fedf5..dcf8a721 100644 --- a/www/js/MomentCtrl.js +++ b/www/js/MomentCtrl.js @@ -73,7 +73,7 @@ var masonry = null; excludeMonitorsFilter = ""; for (var i = 0; i < excludeMonitors.length; i++) { - excludeMonitorsFilter = excludeMonitorsFilter + "/MonitorId !=:" + excludeMonitors[i]; + excludeMonitorsFilter = excludeMonitorsFilter + "/"+encodeURIComponent("MonitorId !=:") + excludeMonitors[i]; } NVR.debug("Constructed Monitor Filter =" + excludeMonitorsFilter); } @@ -785,7 +785,7 @@ var masonry = null; var ld = NVR.getLogin(); // in API, always sort by StartTime so all monitors are represented - var myurl = ld.apiurl + "/events/index/AlarmFrames >=:1" + excludeMonitorsFilter + "/StartTime <=:" + timeTo + "/EndTime >=:" + timeFrom + ".json?sort=" + "StartTime" + "&direction=desc"+$rootScope.authSession; + var myurl = ld.apiurl + "/events/index/"+encodeURIComponent("AlarmFrames >=:1") + excludeMonitorsFilter + "/"+encodeURIComponent("StartTime <=:") + timeTo + "/"+encodeURIComponent("EndTime >=:") + timeFrom + ".json?sort=" + "StartTime" + "&direction=desc"+$rootScope.authSession; NVR.debug("Retrieving " + myurl); diff --git a/www/js/MontageCtrl.js b/www/js/MontageCtrl.js index 2b0d6311..f8544f19 100644 --- a/www/js/MontageCtrl.js +++ b/www/js/MontageCtrl.js @@ -577,7 +577,7 @@ angular.module('zmApp.controllers') // https:///zm/api/events/index/MonitorId=:2.json?sort=StartTime&direction=desc&limit=1 var apiurl = ld.apiurl +'/events/index'; // we need some interval or it errors - apiurl += "/MonitorId =:" + monitor.Monitor.Id; + apiurl += "/"+encodeURIComponent("MonitorId =:") + monitor.Monitor.Id; if (monitor.Monitor.Id in ld.lastEventCheckTimes) { // now is server TZ time @@ -586,7 +586,7 @@ angular.module('zmApp.controllers') } - apiurl += "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0); + apiurl += "/"+encodeURIComponent("AlarmFrames >=:") + (ld.enableAlarmCount ? ld.minAlarmCount : 0); /*if ( !(monitor.Monitor.Id in ld.lastEventCheckTimes)) { apiurl+= '/1 month'; diff --git a/www/js/MontageHistoryCtrl.js b/www/js/MontageHistoryCtrl.js index 2c0a2300..6d331735 100644 --- a/www/js/MontageHistoryCtrl.js +++ b/www/js/MontageHistoryCtrl.js @@ -264,7 +264,7 @@ angular.module('zmApp.controllers').controller('zmApp.MontageHistoryCtrl', ['$sc function getNextSetHistory() { // grab events that start on or after the time - apiurl = ld.apiurl + "/events/index/StartTime >=:" + TimeObjectFrom + "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0) + ".json?sort=StartTime&direction=asc"+$rootScope.authSession; + apiurl = ld.apiurl + "/events/index/"+encodeURIComponent("StartTime >=:") + TimeObjectFrom + "/"+encodeURIComponent("AlarmFrames >=:") + (ld.enableAlarmCount ? ld.minAlarmCount : 0) + ".json?sort=StartTime&direction=asc"+$rootScope.authSession; NVR.log("Grabbing history using: " + apiurl); // make sure there are no more than 5 active streams (noevent is ok) $scope.currentLimit = $scope.monLimit; @@ -357,7 +357,7 @@ angular.module('zmApp.controllers').controller('zmApp.MontageHistoryCtrl', ['$sc for (i = 0; i < $scope.MontageMonitors.length; i++) { //console.log("Fair chance check for " + $scope.MontageMonitors[i].Monitor.Name); if ($scope.MontageMonitors[i].Monitor.eventUrl == 'img/noimage.png') { - var indivGrab = ld.apiurl + "/events/index/MonitorId:" + $scope.MontageMonitors[i].Monitor.Id + "/StartTime >=:" + TimeObjectFrom + "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0) + ".json?"+$rootScope.authSession; + var indivGrab = ld.apiurl + "/events/index/MonitorId:" + $scope.MontageMonitors[i].Monitor.Id + "/"+encodeURIComponent("StartTime >=:") + TimeObjectFrom + "/"+encodeURIComponent("AlarmFrames >=:") + (ld.enableAlarmCount ? ld.minAlarmCount : 0) + ".json?"+$rootScope.authSession; NVR.debug("Monitor " + $scope.MontageMonitors[i].Monitor.Id + ":" + $scope.MontageMonitors[i].Monitor.Name + " does not have events, trying " + indivGrab); var p = getExpandedEvents(i, indivGrab); promises.push(p); diff --git a/www/js/NVR.js b/www/js/NVR.js index 914b824a..01d82e41 100644 --- a/www/js/NVR.js +++ b/www/js/NVR.js @@ -21,7 +21,7 @@ angular.module('zmApp.controllers') DO NOT TOUCH zmAppVersion It is changed by sync_version.sh */ - var zmAppVersion = "1.4.1"; + var zmAppVersion = "1.4.3"; var isBackground = false; var justResumed = false; @@ -939,7 +939,7 @@ angular.module('zmApp.controllers') auth = success.data.match("user=(.*?)&"); if (auth && (auth[1] != null)) { log("NVR: Found simple stream auth mode (user=)"); - as = "&user=" + loginData.username + "&pass=" + loginData.password; + as = "&user=" + loginData.username + "&pass=" + encodeURIComponent(loginData.password); $rootScope.authSession = as; d.resolve(as); } else { @@ -2816,7 +2816,7 @@ angular.module('zmApp.controllers') log((forceReload == 1) ? "getMonitors:Force reloading all monitors" : "getMonitors:Loading all monitors"); var apiurl = loginData.apiurl; var myurl = apiurl + "/monitors"; - myurl += "/index/Type !=:WebSite.json?" + $rootScope.authSession; + myurl += "/index/"+encodeURIComponent("Type !=:WebSite.json") + "?"+$rootScope.authSession; getZmsMultiPortSupport() .then(function (zmsPort) { @@ -3472,17 +3472,17 @@ angular.module('zmApp.controllers') var myurl = apiurl + "/events/index"; if (monitorId != 0) - myurl = myurl + "/MonitorId:" + monitorId; + myurl = myurl + "/"+encodeURIComponent("MonitorId:") + monitorId; if (startTime) - myurl = myurl + "/StartTime <=:" + endTime; + myurl = myurl + "/"+encodeURIComponent("StartTime <=:") + endTime; if (endTime) - myurl = myurl + "/EndTime >=:" + startTime; + myurl = myurl + "/"+encodeURIComponent("EndTime >=:") + startTime; - myurl = myurl + "/AlarmFrames >=:" + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); + myurl = myurl + "/"+encodeURIComponent("AlarmFrames >=:") + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); //https:///zm/api/events/index/Notes%20REGEXP:detected%3A.json if (loginData.objectDetectionFilter && !noObjectFilter) { - myurl = myurl + '/Notes REGEXP:detected:'; + myurl = myurl +'/'+ encodeURIComponent('Notes REGEXP:detected:'); } @@ -3563,13 +3563,13 @@ angular.module('zmApp.controllers') var myurl = apiurl + "/events/index"; if (monitorId != 0) - myurl = myurl + "/MonitorId:" + monitorId; + myurl = myurl + "/"+encodeURIComponent("MonitorId:") + monitorId; if (startTime) - myurl = myurl + "/StartTime <=:" + endTime; + myurl = myurl + "/"+encodeURIComponent("StartTime <=:") + endTime; if (endTime) - myurl = myurl + "/EndTime >=:" + startTime; + myurl = myurl + "/"+encodeURIComponent("EndTime >=:") + startTime; - myurl = myurl + "/AlarmFrames >=:" + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); + myurl = myurl + "/"+encodeURIComponent("AlarmFrames >=:") + (loginData.enableAlarmCount ? loginData.minAlarmCount : 0); //console.log ('********* MON FILTER '+monListFilter); if (monListFilter) @@ -3578,7 +3578,7 @@ angular.module('zmApp.controllers') // don't know why but adding page messes up Notes //https:///zm/api/events/index/Notes%20REGEXP: detected%3A.json if (loginData.objectDetectionFilter && !noObjectFilter) { - myurl = myurl + '/Notes REGEXP:detected:'; + myurl = myurl + '/'+encodeURIComponent('Notes REGEXP:detected:'); } diff --git a/www/js/TimelineCtrl.js b/www/js/TimelineCtrl.js index f098ca2d..aaab1f24 100644 --- a/www/js/TimelineCtrl.js +++ b/www/js/TimelineCtrl.js @@ -783,12 +783,12 @@ angular.module('zmApp.controllers').controller('zmApp.TimelineCtrl', ['$ionicPla // FIXME: totally ignoring event pages - hoping it wont be more than 100 or 150 whatever // the events per page limit is. Why? laziness. // - var completedEvents = ld.apiurl + '/events/index/EndTime >=:' + from; + var completedEvents = ld.apiurl + '/events/index/'+encodeURIComponent('EndTime >=:') + from; // we can add alarmCount as this is really for completed events - completedEvents = completedEvents + "/AlarmFrames >=:" + (ld.enableAlarmCount ? ld.minAlarmCount : 0); + completedEvents = completedEvents + "/"+encodeURIComponent("AlarmFrames >=:") + (ld.enableAlarmCount ? ld.minAlarmCount : 0); if (ld.objectDetectionFilter) { - completedEvents = completedEvents + '/Notes REGEXP:"detected:"'; + completedEvents = completedEvents + '/'+ encodeURIComponent('Notes REGEXP:"detected:"'); } completedEvents = completedEvents + ".json?"+$rootScope.authSession; @@ -800,7 +800,7 @@ angular.module('zmApp.controllers').controller('zmApp.TimelineCtrl', ['$ionicPla var st = moment(lastTimeForEvent).tz(NVR.getTimeZoneNow()); st = st.subtract(10, 'minutes').locale('en').format("YYYY-MM-DD HH:mm:ss"); - var ongoingEvents = ld.apiurl + '/events/index/StartTime >=:' + st + '/EndTime =:.json?'+$rootScope.authSession; + var ongoingEvents = ld.apiurl + '/'+encodeURIComponent('events/index/StartTime >=:') + st + encodeURIComponent('/EndTime =:.json')+'?'+$rootScope.authSession; //NVR.debug("Getting incremental events using: " + completedEvents); NVR.debug("Completed events API:" + completedEvents); diff --git a/www/js/WizardCtrl.js b/www/js/WizardCtrl.js index c017b03f..897ffa18 100644 --- a/www/js/WizardCtrl.js +++ b/www/js/WizardCtrl.js @@ -238,7 +238,7 @@ angular.module('zmApp.controllers').controller('zmApp.WizardCtrl', ['$scope', '$ .then(function (success) { if (success == "") { NVR.log("getAuthKey returned null, so going user=&pwd= way"); - tail += "&user=" + $scope.wizard.zmuser + "&pass=" + $scope.wizard.zmpassword; + tail += "&user=" + $scope.wizard.zmuser + "&pass=" + encodeURIComponent($scope.wizard.zmpassword); } else { tail += success; } diff --git a/www/js/app.js b/www/js/app.js index 9c745a9a..a8041b1f 100755 --- a/www/js/app.js +++ b/www/js/app.js @@ -2100,7 +2100,8 @@ angular.module('zmApp', [ // nvr.debug ("cordova: got url "+url); // nvr.debug ("cordova: url after encode "+encodeURI(url)); - cordova.plugin.http.sendRequest(encodeURI(url), options, + //cordova.plugin.http.sendRequest(encodeURI(url), options, + cordova.plugin.http.sendRequest(url, options, function (succ) { // automatic JSON parse if no responseType: text // fall back to text if JSON parse fails too -- cgit v1.2.3