mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-03-25 09:11:53 -04:00
b036408a5b
Add RBAC checks to ConfigsController edit() and delete() requiring System=Edit permission, matching the pattern used by other controllers. Harden System/Readonly column checks with !empty() to handle missing columns gracefully. Fix command injection in Event.php by using ZM_PATH_FFMPEG constant with escapeshellarg() instead of hardcoded unsanitized ffmpeg call. Add is_executable() validation at all exec() sites using ZM_PATH_FFMPEG as defense-in-depth against poisoned config values. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>