Do not pass raw user data to unserialize

Filters were moved to TOKEN api, so the code in current_user_api to handle ?filter= on URL query strings is a left over from this move and is no longer necessary. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes #17875 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org>
mantisbt · Nov 29, 2014 · 599364b · 599364b
1 parent 0826cef
commit 599364b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/core/current_user_api.php b/core/current_user_api.php
@@ -203,7 +203,7 @@ function current_user_get_bug_filter( $p_project_id = null ) {
 				$t_filter = unserialize( $t_token );
 			}
 		} else {
-			$t_filter = unserialize( $f_filter_string );
+			return false;
 		}
 	} else if( !filter_is_cookie_valid() ) {
 		return false;