b036408a5b
Add RBAC checks to ConfigsController edit() and delete() requiring System=Edit permission, matching the pattern used by other controllers. Harden System/Readonly column checks with !empty() to handle missing columns gracefully. Fix command injection in Event.php by using ZM_PATH_FFMPEG constant with escapeshellarg() instead of hardcoded unsanitized ffmpeg call. Add is_executable() validation at all exec() sites using ZM_PATH_FFMPEG as defense-in-depth against poisoned config values. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Config | ||
| Console | ||
| Controller | ||
| Model | ||
| Plugin | ||
| View | ||
| vendor | ||
| webroot | ||
| index.php | ||