Skip to content

Commit 599364b

Browse files
mantisdregad
authored andcommitted
Do not pass raw user data to unserialize
Filters were moved to TOKEN api, so the code in current_user_api to handle ?filter= on URL query strings is a left over from this move and is no longer necessary. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes #17875 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad <dregad@mantisbt.org>
1 parent 0826cef commit 599364b

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: core/current_user_api.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ function current_user_get_bug_filter( $p_project_id = null ) {
203203
$t_filter = unserialize( $t_token );
204204
}
205205
} else {
206-
$t_filter = unserialize( $f_filter_string );
206+
return false;
207207
}
208208
} else if( !filter_is_cookie_valid() ) {
209209
return false;

0 commit comments

Comments
 (0)