From 272921afc294da2400e3d4932a005a34e5874d7a Mon Sep 17 00:00:00 2001
From: sgiehl <stefan@matomo.org>
Date: Fri, 10 Jan 2025 14:55:59 +0100
Subject: [PATCH] Only allow calling Treemap API directly

---
 API.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/API.php b/API.php
index 07a1ccb..496141c 100644
--- a/API.php
+++ b/API.php
@@ -12,6 +12,7 @@
 
 use Piwik\API\Request;
 use Piwik\Common;
+use Piwik\DataTable;
 use Piwik\Metrics;
 use Piwik\Period\Range;
 use Piwik\Plugins\TreemapVisualization\Visualizations\Treemap;
@@ -48,7 +49,7 @@ public function getTreemapData(
         $availableHeight = false,
         $show_evolution_values = false
     ) {
-        if (trim($apiMethod) === 'TreemapVisualization.getTreemapData') {
+        if (!Request::isCurrentApiRequestTheRootApiRequest()) {
             return [];
         }
 
@@ -70,6 +71,10 @@ public function getTreemapData(
 
         $dataTable = Request::processRequest("$apiMethod", $params);
 
+        if (!$dataTable instanceof DataTable) {
+            return [];
+        }
+
         $columns = explode(',', $column);
         $column  = reset($columns);