From 4f6d50313372d71f4f3c629bbe7359f49bd5039f Mon Sep 17 00:00:00 2001 From: Glauber Silva Date: Fri, 6 Sep 2024 16:35:34 -0300 Subject: [PATCH 1/6] Enhancement: use give_maybe_safe_unserialize for user data (#7533) Co-authored-by: Jon Waldstein --- includes/process-donation.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/process-donation.php b/includes/process-donation.php index 0125137e1f..6c3e5f3188 100644 --- a/includes/process-donation.php +++ b/includes/process-donation.php @@ -20,6 +20,7 @@ * Handles the donation form process. * * @access private + * @unreleased Use give_maybe_safe_unserialize() on $user_info data * @since 1.0 * * @throws ReflectionException Exception Handling. @@ -151,12 +152,13 @@ function give_process_donation_form() { ); // Setup donation information. + $user_info = array_map('give_maybe_safe_unserialize', stripslashes_deep( $user_info )); $donation_data = [ 'price' => $price, 'purchase_key' => $purchase_key, 'user_email' => $user['user_email'], 'date' => date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ), - 'user_info' => stripslashes_deep( $user_info ), + 'user_info' => $user_info, 'post_data' => $post_data, 'gateway' => $valid_data['gateway'], 'card_info' => $valid_data['cc_info'], From bf89314bdbb52833dab2f155437745b713e721be Mon Sep 17 00:00:00 2001 From: Jon Waldstein Date: Fri, 6 Sep 2024 15:41:41 -0400 Subject: [PATCH 2/6] chore: prepare for release 3.16.1 --- give.php | 4 ++-- includes/process-donation.php | 2 +- readme.txt | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/give.php b/give.php index 0f832200b3..d675ed1e1a 100644 --- a/give.php +++ b/give.php @@ -6,7 +6,7 @@ * Description: The most robust, flexible, and intuitive way to accept donations on WordPress. * Author: GiveWP * Author URI: https://givewp.com/ - * Version: 3.16.0 + * Version: 3.16.1 * Requires at least: 6.4 * Requires PHP: 7.2 * Text Domain: give @@ -406,7 +406,7 @@ private function setup_constants() { // Plugin version. if (!defined('GIVE_VERSION')) { - define('GIVE_VERSION', '3.16.0'); + define('GIVE_VERSION', '3.16.1'); } // Plugin Root File. diff --git a/includes/process-donation.php b/includes/process-donation.php index 6c3e5f3188..f8690f30c3 100644 --- a/includes/process-donation.php +++ b/includes/process-donation.php @@ -20,7 +20,7 @@ * Handles the donation form process. * * @access private - * @unreleased Use give_maybe_safe_unserialize() on $user_info data + * @since 3.16.1 Use give_maybe_safe_unserialize() on $user_info data * @since 1.0 * * @throws ReflectionException Exception Handling. diff --git a/readme.txt b/readme.txt index 0e8e709369..dee7f5fac2 100644 --- a/readme.txt +++ b/readme.txt @@ -262,6 +262,9 @@ The 2% fee on Stripe donations only applies to donations taken via our free Stri 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on. == Changelog == += 3.16.1: September 9th, 2024 = +* Security: Added additional protection to the option-based donation form request (CVE-2024-8353) + = 3.16.0: Aug 28th, 2024 = * New: Added support for form taxonomy tags and categories in the visual form builder settings * New: Added a setting to the visual form builder to enable redirecting to an individual donation confirmation page From 7b3d09b85ab772f2cd3322bd094684bb1392798a Mon Sep 17 00:00:00 2001 From: Jon Waldstein Date: Fri, 6 Sep 2024 15:42:16 -0400 Subject: [PATCH 3/6] chore: update stable tag to 3.16.1 --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index dee7f5fac2..f2098c41fb 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Tags: donation, donate, recurring donations, fundraising, crowdfunding Requires at least: 6.4 Tested up to: 6.6 Requires PHP: 7.2 -Stable tag: 3.16.0 +Stable tag: 3.16.1 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html From 2ef2d39b82eaa6d769206446a6f419a628d0817c Mon Sep 17 00:00:00 2001 From: Glauber Silva Date: Mon, 9 Sep 2024 17:36:09 -0300 Subject: [PATCH 4/6] fix: array_map missing callback --- includes/admin/admin-actions.php | 6 +++--- includes/process-donation.php | 2 +- src/Helpers/Utils.php | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/includes/admin/admin-actions.php b/includes/admin/admin-actions.php index 81861a1a7c..8e3f6d2264 100644 --- a/includes/admin/admin-actions.php +++ b/includes/admin/admin-actions.php @@ -1,6 +1,7 @@ false]) - : $data; + return Utils::maybeSafeUnserialize($data); } /** diff --git a/includes/process-donation.php b/includes/process-donation.php index f8690f30c3..cef182b944 100644 --- a/includes/process-donation.php +++ b/includes/process-donation.php @@ -152,7 +152,7 @@ function give_process_donation_form() { ); // Setup donation information. - $user_info = array_map('give_maybe_safe_unserialize', stripslashes_deep( $user_info )); + $user_info = array_map('\Give\Helpers\Utils::maybeSafeUnserialize', stripslashes_deep( $user_info )); $donation_data = [ 'price' => $price, 'purchase_key' => $purchase_key, diff --git a/src/Helpers/Utils.php b/src/Helpers/Utils.php index 9470ab5389..3776c10e8d 100644 --- a/src/Helpers/Utils.php +++ b/src/Helpers/Utils.php @@ -111,4 +111,20 @@ public static function isPluginActive($plugin) return is_plugin_active($plugin); } + + /** + * Avoid insecure usage of `unserialize` when the data could be submitted by the user. + * + * @since 3.16.1 + * + * @param string $data Data that might be unserialized. + * + * @return mixed Unserialized data can be any type. + */ + public static function maybeSafeUnserialize($data) + { + return is_serialized($data) + ? @unserialize(trim($data), ['allowed_classes' => false]) + : $data; + } } From 04eb44dd96673e3f1c916ac02c7009fe23914ab9 Mon Sep 17 00:00:00 2001 From: Jon Waldstein Date: Tue, 10 Sep 2024 09:21:10 -0400 Subject: [PATCH 5/6] chore: update readme --- readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.txt b/readme.txt index f2098c41fb..ce7e84e85c 100644 --- a/readme.txt +++ b/readme.txt @@ -262,7 +262,7 @@ The 2% fee on Stripe donations only applies to donations taken via our free Stri 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on. == Changelog == -= 3.16.1: September 9th, 2024 = += 3.16.1: September 10th, 2024 = * Security: Added additional protection to the option-based donation form request (CVE-2024-8353) = 3.16.0: Aug 28th, 2024 = From ada60729253a132b338c789a5e03c574696b87b1 Mon Sep 17 00:00:00 2001 From: Joshua Dinh <75056371+JoshuaHungDinh@users.noreply.github.com> Date: Tue, 17 Sep 2024 07:22:42 -0700 Subject: [PATCH 6/6] Fix: Adjust design selector card height for Safari compatibility (#7530) --- .../resources/js/form-builder/src/styles/_onboarding.scss | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss b/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss index 2adb54a267..3865186224 100644 --- a/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss +++ b/src/FormBuilder/resources/js/form-builder/src/styles/_onboarding.scss @@ -119,10 +119,9 @@ } .givewp-design-selector--card { - position: relative; - height: 100%; + height: auto; border-radius: 2px; border: solid 1px var(--givewp-grey-50);