Source Control Integration - MantisBT - Signup temporarily disabled due to spam

Author	Committer	Branch	Timestamp	Parent
Paul Richards	dregad	master-1.2.x	2014-11-01 12:10	master-1.2.x 0826cef8
Affected Issues	0017875: CVE-2014-9280: PHP Object Injection in filter API
Changeset	Do not pass raw user data to unserialize Filters were moved to TOKEN api, so the code in current_user_api to handle ?filter= on URL query strings is a left over from this move and is no longer necessary. This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me) as part of Offensive Security's bug bounty program [1]. Fixes 0017875 [1] http://www.offensive-security.com/bug-bounty-program/ Signed-off-by: Damien Regad dregad@mantisbt.org
Changeset	mod - core/current_user_api.php			Diff File