Merge branch 'release/3.16.1' into develop

give.php

@@ -6,7 +6,7 @@
  * Description: The most robust, flexible, and intuitive way to accept donations on WordPress.
  * Author: GiveWP
  * Author URI: https://givewp.com/
- * Version: 3.16.0
+ * Version: 3.16.1
  * Requires at least: 6.4
  * Requires PHP: 7.2
  * Text Domain: give
@@ -406,7 +406,7 @@ private function setup_constants()
     {
         // Plugin version.
         if (!defined('GIVE_VERSION')) {
-            define('GIVE_VERSION', '3.16.0');
+            define('GIVE_VERSION', '3.16.1');
         }
 
         // Plugin Root File.

includes/admin/admin-actions.php

@@ -1,6 +1,7 @@
 <?php
 
 use Give\Framework\Database\DB;
+use Give\Helpers\Utils;
 use Give\Log\ValueObjects\LogType;
 
 /**
@@ -680,6 +681,7 @@ function showReactTable () {
 /**
  * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
  *
+ * @since 3.16.1 Use Utils::giveMaybeSafeUnserialize() method
  * @since 3.5.0
  *
  * @param string $data Data that might be unserialized.
@@ -688,9 +690,7 @@ function showReactTable () {
  */
 function give_maybe_safe_unserialize($data)
 {
-    return is_serialized($data)
-        ? @unserialize(trim($data), ['allowed_classes' => false])
-        : $data;
+    return Utils::maybeSafeUnserialize($data);
 }
 
 /**

includes/process-donation.php

@@ -20,6 +20,7 @@
  * Handles the donation form process.
  *
  * @access private
+ * @since 3.16.1 Use give_maybe_safe_unserialize() on $user_info data
  * @since  1.0
  *
  * @throws ReflectionException Exception Handling.
@@ -151,12 +152,13 @@ function give_process_donation_form() {
 	);
 
 	// Setup donation information.
+	$user_info = array_map('\Give\Helpers\Utils::maybeSafeUnserialize', stripslashes_deep( $user_info ));
 	$donation_data = [
 		'price'        => $price,
 		'purchase_key' => $purchase_key,
 		'user_email'   => $user['user_email'],
 		'date'         => date( 'Y-m-d H:i:s', current_time( 'timestamp' ) ),
-		'user_info'    => stripslashes_deep( $user_info ),
+		'user_info'    => $user_info,
 		'post_data'    => $post_data,
 		'gateway'      => $valid_data['gateway'],
 		'card_info'    => $valid_data['cc_info'],

readme.txt

@@ -5,7 +5,7 @@ Tags: donation, donate, recurring donations, fundraising, crowdfunding
 Requires at least: 6.4
 Tested up to: 6.6
 Requires PHP: 7.2
-Stable tag: 3.16.0
+Stable tag: 3.16.1
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -262,6 +262,9 @@ The 2% fee on Stripe donations only applies to donations taken via our free Stri
 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on.
 
 == Changelog ==
+= 3.16.1: September 10th, 2024 =
+* Security: Added additional protection to the option-based donation form request (CVE-2024-8353)
+
 = 3.16.0: Aug 28th, 2024 =
 * New: Added support for form taxonomy tags and categories in the visual form builder settings
 * New: Added a setting to the visual form builder to enable redirecting to an individual donation confirmation page 

src/Helpers/Utils.php

@@ -111,4 +111,20 @@ public static function isPluginActive($plugin)
 
         return is_plugin_active($plugin);
     }
+
+    /**
+     * Avoid insecure usage of `unserialize` when the data could be submitted by the user.
+     *
+     * @since 3.16.1
+     *
+     * @param string $data Data that might be unserialized.
+     *
+     * @return mixed Unserialized data can be any type.
+     */
+    public static function maybeSafeUnserialize($data)
+    {
+        return is_serialized($data)
+            ? @unserialize(trim($data), ['allowed_classes' => false])
+            : $data;
+    }
 }