Merge branch 'develop' into fix/GIVE-509

assets/src/css/admin/settings.scss

@@ -917,6 +917,7 @@ a.give-delete {
 	}
 
 	img {
+        object-fit: contain;
 		width: 100%;
 	}
 

assets/src/js/admin/admin-scripts.js

@@ -3149,7 +3149,7 @@ const gravatar = require('gravatar');
                                 orderedOptions.push({
                                     text: option.textContent,
                                     value: option.value,
-                                    selected: false,
+                                    selected: option.selected,
                                 });
                             }
                         });

assets/src/js/admin/onboarding-wizard/index.js

@@ -4,7 +4,7 @@
 
 // Vendor dependencies
 import React from 'react';
-import ReactDOM from 'react-dom';
+import {createRoot} from 'react-dom/client';
 
 // Onboarding Wizard app
 import App from './app/index.js';
@@ -13,7 +13,7 @@ import App from './app/index.js';
 import './style.scss';
 
 // Render application
-ReactDOM.render(
-	<App />,
-	document.getElementById( 'onboarding-wizard-app' )
-);
+const element = document.getElementById('onboarding-wizard-app');
+if (element) {
+    createRoot(element).render(<App />);
+}

assets/src/js/admin/paypal-commerce/index.js

@@ -314,6 +314,7 @@ window.addEventListener('DOMContentLoaded', function () {
                     formData.append('action', 'give_paypal_commerce_disconnect_account');
                     formData.append('mode', button.getAttribute('data-mode'));
                     formData.append('keep-webhooks', Boolean(keepWebhooks));
+                    formData.append('_ajax_nonce', button.getAttribute('data-nonce'));
 
                     requestData.method = 'POST';
                     requestData.body = formData;

assets/src/js/admin/reports/app.js

@@ -3,14 +3,16 @@
 // Vendor dependencies
 import { HashRouter as Router } from 'react-router-dom';
 import React from 'react';
-import ReactDOM from 'react-dom';
+import {createRoot} from 'react-dom/client';
 
 // Reports app
 import App from './app/index.js';
 
-ReactDOM.render(
-	<Router>
-		<App />
-	</Router>,
-	document.getElementById( 'reports-app' )
-);
+const element = document.getElementById('reports-app');
+if (element) {
+    createRoot(element).render(
+        <Router>
+            <App />
+        </Router>
+    );
+}

assets/src/js/admin/reports/widget.js

@@ -1,7 +1,7 @@
 // Entry point for dashboard widget
 
 // Vendor dependencies
-import ReactDOM from 'react-dom';
+import {createRoot} from 'react-dom/client';
 import moment from 'moment';
 
 // Reports widget
@@ -30,10 +30,8 @@ const initialState = {
 const container = document.getElementById('givewp-reports-widget');
 
 if (container) {
-    ReactDOM.render(
-        <StoreProvider initialState={initialState} reducer={reducer}>
+    createRoot(container).render(<StoreProvider initialState={initialState} reducer={reducer}>
             <Widget />
-        </StoreProvider>,
-        document.getElementById('givewp-reports-widget')
+        </StoreProvider>
     );
 }

composer.json

@@ -11,7 +11,6 @@
         "paypal/paypal-checkout-sdk": "^1.0",
         "kjohnson/format-object-list": "^0.1.0",
         "fakerphp/faker": "^1.9",
-        "myclabs/php-enum": "^1.6",
         "symfony/http-foundation": "^v3.4.47",
         "moneyphp/money": "v3.3.1",
         "stellarwp/field-conditions": "^1.1",

give.php

@@ -6,7 +6,7 @@
  * Description: The most robust, flexible, and intuitive way to accept donations on WordPress.
  * Author: GiveWP
  * Author URI: https://givewp.com/
- * Version: 3.15.1
+ * Version: 3.17.1
  * Requires at least: 6.4
  * Requires PHP: 7.2
  * Text Domain: give
@@ -190,6 +190,7 @@ final class Give
     private $container;
 
     /**
+     * @since 3.17.0 added Settings service provider
      * @since      2.25.0 added HttpServiceProvider
      * @since      2.19.6 added Donors, Donations, and Subscriptions
      * @since      2.8.0
@@ -241,6 +242,7 @@ final class Give
         Give\BetaFeatures\ServiceProvider::class,
         Give\FormTaxonomies\ServiceProvider::class,
         Give\DonationSpam\ServiceProvider::class,
+        Give\Settings\ServiceProvider::class
     ];
 
     /**
@@ -406,7 +408,7 @@ private function setup_constants()
     {
         // Plugin version.
         if (!defined('GIVE_VERSION')) {
-            define('GIVE_VERSION', '3.15.1');
+            define('GIVE_VERSION', '3.17.1');
         }
 
         // Plugin Root File.

includes/admin/admin-actions.php

@@ -1,6 +1,7 @@
 <?php
 
 use Give\Framework\Database\DB;
+use Give\Helpers\Utils;
 use Give\Log\ValueObjects\LogType;
 
 /**
@@ -680,6 +681,7 @@ function showReactTable () {
 /**
  * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
  *
+ * @since 3.16.1 Use Utils::giveMaybeSafeUnserialize() method
  * @since 3.5.0
  *
  * @param string $data Data that might be unserialized.
@@ -688,9 +690,7 @@ function showReactTable () {
  */
 function give_maybe_safe_unserialize($data)
 {
-    return is_serialized($data)
-        ? @unserialize(trim($data), ['allowed_classes' => false])
-        : $data;
+    return Utils::maybeSafeUnserialize($data);
 }
 
 /**

includes/admin/class-addon-activation-banner.php

@@ -16,11 +16,17 @@
 /**
  * Class Give_Addon_Activation_Banner
  *
+ * @unreleased added $user_id property to class
  * @since  2.1.0 Added pleasing interface when multiple add-ons are activated.
  */
 class Give_Addon_Activation_Banner {
+    /**
+     * @unreleased
+     * @var int
+     */
+    protected $user_id;
 
-	/**
+    /**
 	 * Class constructor.
 	 *
 	 * @since  1.0

includes/admin/class-admin-settings.php

@@ -68,11 +68,12 @@ public static function get_settings_pages() {
 			 * For example: if you register a setting page with give-settings menu slug
 			 *              then filter will be give-settings_get_settings_pages
 			 *
+			 * @since 3.17.1 cast to array
 			 * @since 1.8
 			 *
 			 * @param array $settings Array of settings class object.
 			 */
-			self::$settings = apply_filters( self::$setting_filter_prefix . '_get_settings_pages', [] );
+			self::$settings = (array)apply_filters( self::$setting_filter_prefix . '_get_settings_pages', [] );
 
 			return self::$settings;
 		}
@@ -956,6 +957,7 @@ class="give-select-chosen give-chosen-settings"
 									style="<?php echo esc_attr( $value['style'] ); ?>"
 									name="<?php echo esc_attr( $name ); ?>"
 									id="<?php echo esc_attr( $value['id'] ); ?>"
+									data-placeholder="<?php echo esc_attr__( 'Select Some Options', 'give'); ?>"
 								<?php
 								echo "{$type} {$allow_new_values}";
 								echo implode( ' ', $custom_attributes );

includes/admin/forms/dashboard-columns.php

@@ -59,6 +59,7 @@ function give_form_columns( $give_form_columns ) {
 /**
  * Render Give Form Columns
  *
+ * @since 3.16.0 Add new filters for the "donations count" and "revenue" columns
  * @since 1.0
  *
  * @param string $column_name Column name
@@ -86,6 +87,7 @@ function give_render_form_columns( $column_name, $post_id ) {
 				break;
 			case 'goal':
 				if ( give_is_setting_enabled( give_get_meta( $post_id, '_give_goal_option', true ) ) ) {
+                    do_action('give_admin_form_list_view_donations_goal_column_before', $post_id);
 
 					echo give_admin_form_goal_stats( $post_id );
 
@@ -105,7 +107,7 @@ function give_render_form_columns( $column_name, $post_id ) {
 					printf(
 						'<a href="%1$s">%2$s</a>',
 						esc_url( admin_url( 'edit.php?post_type=give_forms&page=give-payment-history&form_id=' . $post_id ) ),
-						give_get_form_sales_stats( $post_id )
+                        apply_filters('give_admin_form_list_view_donations_count_column_value', give_get_form_sales_stats( $post_id ), $post_id)
 					);
 				} else {
 					echo '-';
@@ -116,7 +118,7 @@ function give_render_form_columns( $column_name, $post_id ) {
 					printf(
 						'<a href="%1$s">%2$s</a>',
 						esc_url( admin_url( 'edit.php?post_type=give_forms&page=give-reports&tab=forms&form-id=' . $post_id ) ),
-						give_currency_filter( give_format_amount( give_get_form_earnings_stats( $post_id ), [ 'sanitize' => false ] ) )
+                        apply_filters('give_admin_form_list_view_revenue_column_value', give_currency_filter( give_format_amount( give_get_form_earnings_stats( $post_id ), [ 'sanitize' => false ] ) ), $post_id)
 					);
 				} else {
 					echo '-';
@@ -168,7 +170,8 @@ function give_sortable_form_columns( $columns ) {
 /**
  * Sorts Columns in the Forms List Table
  *
- * @since 3.14.0 Use the 'give_donate_form_get_sales" filter to ensure the correct donation count will be used
+ * @since 3.16.0 Remove "give_donate_form_get_sales" filter logic
+ * @since 3.14.0 Use the "give_donate_form_get_sales" filter to ensure the correct donation count will be used
  * @since 1.0
  *
  * @param array $vars Array of all the sort variables.
@@ -181,10 +184,6 @@ function give_sort_forms( $vars ) {
 		return $vars;
 	}
 
-    add_filter('give_donate_form_get_sales', function ($sales, $donationFormId) {
-        return (new Give\MultiFormGoals\ProgressBar\Model(['ids' => [$donationFormId]]))->getDonationCount();
-    }, 10, 2);
-
 	switch ( $vars['orderby'] ) {
 		// Check if 'orderby' is set to "sales".
 		case 'sales':

includes/admin/settings/class-settings-advanced.php

@@ -177,7 +177,7 @@ public function get_settings() {
 							],
 						],
 						[
-							'name'        => 'GiveWP Cache',
+							'name'        => __( 'GiveWP Cache', 'give' ),
 							'id'          => 'give-clear-cache',
 							'buttonTitle' => __( 'Clear Cache', 'give' ),
 							'desc'        => __( 'Click this button if you want to clear GiveWP\'s cache. The plugin stores common settings and queries in cache to optimize performance. Clearing cache will remove and begin rebuilding these saved queries.', 'give' ),

includes/class-give-license-handler.php

@@ -196,6 +196,7 @@ class Give_License
 		 * @param string $_account_url
 		 * @param int    $_item_id
 		 *
+		 * @unreleased removed unused auto_updater_obj property assignment
 		 * @since  1.0
 		 */
 		public function __construct(
@@ -230,7 +231,6 @@ public function __construct(
 			self::$api_url          = is_null( $_api_url ) ? self::$api_url : $_api_url;
 			self::$checkout_url     = is_null( $_checkout_url ) ? self::$checkout_url : $_checkout_url;
 			self::$account_url      = is_null( $_account_url ) ? self::$account_url : $_account_url;
-			$this->auto_updater_obj = null;
 
 			// Add plugin to registered licenses list.
 			array_push( self::$licensed_addons, plugin_basename( $this->file ) );

includes/donors/class-give-donors-query.php

@@ -481,14 +481,19 @@ private function get_order_query() {
 
 		// Create query.
 		foreach ( $ordersby as $orderby => $order ) {
+            /**
+             * @since 3.16.2 Prevent SQL Injection by not using the user defined order value directly in the query.
+             */
+            $sanitizedOrder = $order === 'ASC' ? 'ASC' : 'DESC';
+
 			switch ( $table_columns[ $orderby ] ) {
 				case '%d':
 				case '%f':
-					$query[] = "{$this->table_name}.{$orderby}+0 {$order}";
+					$query[] = "{$this->table_name}.{$orderby}+0 {$sanitizedOrder}";
 					break;
 
 				default:
-					$query[] = "{$this->table_name}.{$orderby} {$order}";
+					$query[] = "{$this->table_name}.{$orderby} {$sanitizedOrder}";
 			}
 		}