diff --git a/give.php b/give.php index 0f832200b3..d675ed1e1a 100644 --- a/give.php +++ b/give.php @@ -6,7 +6,7 @@ * Description: The most robust, flexible, and intuitive way to accept donations on WordPress. * Author: GiveWP * Author URI: https://givewp.com/ - * Version: 3.16.0 + * Version: 3.16.1 * Requires at least: 6.4 * Requires PHP: 7.2 * Text Domain: give @@ -406,7 +406,7 @@ private function setup_constants() { // Plugin version. if (!defined('GIVE_VERSION')) { - define('GIVE_VERSION', '3.16.0'); + define('GIVE_VERSION', '3.16.1'); } // Plugin Root File. diff --git a/includes/admin/admin-actions.php b/includes/admin/admin-actions.php index 81861a1a7c..8e3f6d2264 100644 --- a/includes/admin/admin-actions.php +++ b/includes/admin/admin-actions.php @@ -1,6 +1,7 @@ false]) - : $data; + return Utils::maybeSafeUnserialize($data); } /** diff --git a/includes/process-donation.php b/includes/process-donation.php index 0125137e1f..cef182b944 100644 --- a/includes/process-donation.php +++ b/includes/process-donation.php @@ -20,6 +20,7 @@ * Handles the donation form process. * * @access private + * @since 3.16.1 Use give_maybe_safe_unserialize() on $user_info data * @since 1.0 * * @throws ReflectionException Exception Handling. @@ -151,12 +152,13 @@ function give_process_donation_form() { ); // Setup donation information. + $user_info = array_map('\Give\Helpers\Utils::maybeSafeUnserialize', stripslashes_deep( $user_info )); $donation_data = [ 'price' => $price, 'purchase_key' => $purchase_key, 'user_email' => $user['user_email'], 'date' => date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ), - 'user_info' => stripslashes_deep( $user_info ), + 'user_info' => $user_info, 'post_data' => $post_data, 'gateway' => $valid_data['gateway'], 'card_info' => $valid_data['cc_info'], diff --git a/readme.txt b/readme.txt index 0e8e709369..ce7e84e85c 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: donation, donate, recurring donations, fundraising, crowdfunding Requires at least: 6.4 Tested up to: 6.6 Requires PHP: 7.2 -Stable tag: 3.16.0 +Stable tag: 3.16.1 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html @@ -262,6 +262,9 @@ The 2% fee on Stripe donations only applies to donations taken via our free Stri 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on. == Changelog == += 3.16.1: September 10th, 2024 = +* Security: Added additional protection to the option-based donation form request (CVE-2024-8353) + = 3.16.0: Aug 28th, 2024 = * New: Added support for form taxonomy tags and categories in the visual form builder settings * New: Added a setting to the visual form builder to enable redirecting to an individual donation confirmation page diff --git a/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss b/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss index 2adb54a267..3865186224 100644 --- a/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss +++ b/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss @@ -119,10 +119,9 @@ } .givewp-design-selector--card { - position: relative; - height: 100%; + height: auto; border-radius: 2px; border: solid 1px var(--givewp-grey-50); diff --git a/src/Helpers/Utils.php b/src/Helpers/Utils.php index 9470ab5389..3776c10e8d 100644 --- a/src/Helpers/Utils.php +++ b/src/Helpers/Utils.php @@ -111,4 +111,20 @@ public static function isPluginActive($plugin) return is_plugin_active($plugin); } + + /** + * Avoid insecure usage of `unserialize` when the data could be submitted by the user. + * + * @since 3.16.1 + * + * @param string $data Data that might be unserialized. + * + * @return mixed Unserialized data can be any type. + */ + public static function maybeSafeUnserialize($data) + { + return is_serialized($data) + ? @unserialize(trim($data), ['allowed_classes' => false]) + : $data; + } }