matomo-org · AltamashShaikh · Feb 14, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/API.php b/API.php
@@ -15,6 +15,7 @@
 use Piwik\DataTable;
 use Piwik\Metrics;
 use Piwik\Period\Range;
+use Piwik\Piwik;
 use Piwik\Plugins\TreemapVisualization\Visualizations\Treemap;
 
 /**
@@ -52,6 +53,12 @@ public function getTreemapData(
         if (!Request::isCurrentApiRequestTheRootApiRequest()) {
             return [];
         }
+        list($apiName, $apiAction) = explode('.', $apiMethod);
+        $disAllowedApiActions = ['getBulkRequest'];
+        // Block id API action does not start with get
+        if (!in_array($apiAction, $disAllowedApiActions) || stripos($apiAction, 'get') !== 0) {
+            throw new \Exception(Piwik::translate('TreemapVisualization_InvalidApiMethodException'));
+        }
 
         if (
             $period == 'range'

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 ## Changelog
 
+# 5.0.5 - 2026-02-16
+- Added validation rules for ApiAction
+
 # 5.0.4 - 2025-07-07
 - Textual changes
 

diff --git a/lang/en.json b/lang/en.json
@@ -1,6 +1,7 @@
 {
     "TreemapVisualization": {
         "PluginDescription": "Visualise any report in Matomo as a Treemap. Click on the Treemap icon in each report to load the visualisation.",
-        "Treemap": "Treemap"
+        "Treemap": "Treemap",
+        "InvalidApiMethodException": "Invalid API method."
     }
 }
diff --git a/plugin.json b/plugin.json
@@ -1,10 +1,7 @@
 {
     "name": "TreemapVisualization",
     "version": "5.0.4",
-    "description": "Visualise any report in Matomo as a Treemap. Click on the Treemap icon in each report to load the visualisation.",
-    "keywords": ["treemap", "graph", "visualization", "infovis", "jit"],
-    "license": "GPL v3+",
-    "homepage": "https://matomo.org",
+    "description": "Visualis5tps://matomo.org",
     "require": {
         "matomo": ">=5.0.0-b1,<6.0.0-b1"
     },