From 0c49055a16f28ad9351d2658d8b1e60f344d0894 Mon Sep 17 00:00:00 2001
From: Calin Crisan <ccrisan@gmail.com>
Date: Thu, 6 Aug 2015 20:21:12 +0300
Subject: [PATCH] on_event_start/on_event_end: use apostrophes to avoid shell
 expansion

---
 eventrelay.py       | 25 ++++++++++++-------------
 src/config.py       |  4 ++--
 templates/main.html |  4 ++--
 3 files changed, 16 insertions(+), 17 deletions(-)

diff --git a/eventrelay.py b/eventrelay.py
index e09142b..ca3bb2d 100755
--- a/eventrelay.py
+++ b/eventrelay.py
@@ -17,17 +17,16 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>. 
 
 import errno
-import hashlib
 import json
 import logging
 import os.path
 import sys
 import urllib
-import urlparse
 
 sys.path.append(os.path.join(os.path.dirname(sys.argv[0]),'src'))
 
 import settings
+import utils
 
 from motioneye import _configure_settings, _configure_logging
 
@@ -98,16 +97,16 @@ def get_admin_credentials():
     return admin_username, admin_password
 
 
-def compute_signature(method, uri, body, key):
-    parts = list(urlparse.urlsplit(uri))
-    query = [q for q in urlparse.parse_qsl(parts[3]) if (q[0] != 'signature')]
-    query.sort(key=lambda q: q[0])
-    query = urllib.urlencode(query)
-    parts[0] = parts[1] = ''
-    parts[3] = query
-    uri = urlparse.urlunsplit(parts)
-    
-    return hashlib.sha1('%s:%s:%s:%s' % (method, uri, body or '', key)).hexdigest().lower()
+# def compute_signature(method, uri, body, key):
+#     parts = list(urlparse.urlsplit(uri))
+#     query = [q for q in urlparse.parse_qsl(parts[3]) if (q[0] != 'signature')]
+#     query.sort(key=lambda q: q[0])
+#     query = urllib.urlencode(query)
+#     parts[0] = parts[1] = ''
+#     parts[3] = query
+#     uri = urlparse.urlunsplit(parts)
+#     
+#     return hashlib.sha1('%s:%s:%s:%s' % (method, uri, body or '', key)).hexdigest().lower()
 
 
 if __name__ == '__main__':
@@ -128,7 +127,7 @@ if __name__ == '__main__':
             'thread_id': thread_id,
             'event': event}
     
-    signature = compute_signature('POST', uri, '', admin_password)
+    signature = utils.compute_signature('POST', uri, '', admin_password)
     
     url = 'http://127.0.0.1:%(port)s' + uri + '&_signature=' + signature
     url = url % {'port': settings.PORT}
diff --git a/src/config.py b/src/config.py
index d941ebb..d89bb42 100644
--- a/src/config.py
+++ b/src/config.py
@@ -825,7 +825,7 @@ def motion_camera_ui_to_dict(ui, old_config=None):
         send_mail_path = os.path.abspath(send_mail_path)
         emails = re.sub('\\s', '', ui['email_notifications_addresses'])
         
-        on_event_start.append('%(script)s "%(server)s" "%(port)s" "%(account)s" "%(password)s" "%(tls)s" "%(to)s" "motion_start" "%%t" "%%Y-%%m-%%dT%%H:%%M:%%S" "%(timespan)s"' % {
+        on_event_start.append("%(script)s '%(server)s' '%(port)s' '%(account)s' '%(password)s' '%(tls)s' '%(to)s' 'motion_start' '%%t' '%%Y-%%m-%%dT%%H:%%M:%%S' '%(timespan)s'" % {
                 'script': send_mail_path,
                 'server': ui['email_notifications_smtp_server'],
                 'port': ui['email_notifications_smtp_port'],
@@ -840,7 +840,7 @@ def motion_camera_ui_to_dict(ui, old_config=None):
         web_hook_path = os.path.abspath(web_hook_path)
         url = re.sub('\\s', '+', ui['web_hook_notifications_url'])
 
-        on_event_start.append('%(script)s "%(method)s" "%(url)s"' % {
+        on_event_start.append("%(script)s '%(method)s' '%(url)s'" % {
                 'script': web_hook_path,
                 'method': ui['web_hook_notifications_http_method'],
                 'url': url})
diff --git a/templates/main.html b/templates/main.html
index 0a44d8d..ccaba8a 100644
--- a/templates/main.html
+++ b/templates/main.html
@@ -2,7 +2,7 @@
 
 {% macro config_item(config) -%}
     <tr class="settings-item additional-config {% if config['advanced'] %}advanced-setting{% endif %}"
-            {% if config.get('reboot') %}reboot="true"{% endif %}
+            {% if config.get('reboot') and enable_reboot %}reboot="true"{% endif %}
             {% if config.get('required') %}required="true"{% endif %}
             {% if config.get('strip') %}strip="true"{% endif %}
             {% if config.get('depends') %}depends="{{' '.join(config['depends'])}}"{% endif %}
@@ -114,7 +114,7 @@
                         <td class="settings-item-value"><input type="text" class="styled general main-config" id="adminUsernameEntry" readonly="readonly"></td>
                         <td><span class="help-mark" title="the username to be used for configuring the system">?</span></td>
                     </tr>
-                    <tr class="settings-item" strip="true" reboot="true">
+                    <tr class="settings-item" strip="true" {% if enable_reboot %}reboot="true"{% endif %}>
                         <td class="settings-item-label"><span class="settings-item-label">Administrator Password</span></td>
                         <td class="settings-item-value"><input type="password" class="styled general main-config" id="adminPasswordEntry"></td>
                         <td><span class="help-mark" title="administrator's password">?</span></td>
-- 
2.39.5