fix: Add request validation to prevent untrusted access in configuration update

Daniel Neto · Daniel Neto · commit f9492f5e6123 · 2026-04-13T09:54:30.000-03:00
GHSA-vvfw-4m39-fjqf
diff --git a/objects/configurationUpdate.json.php b/objects/configurationUpdate.json.php
@@ -15,6 +15,8 @@
 require_once $global['systemRootPath'] . 'objects/configuration.php';
 require_once $global['systemRootPath'] . 'objects/functions.php';
 
+forbidIfIsUntrustedRequest('configurationUpdate');
+
 _error_log("save configuration {$_POST['language']}");
 
 $config = new AVideoConf();
