GiveWP
Security
- Protect against CSRF during donation import
Security
- Protect against CSRF during give cache clear settings
- Protect against CSV injection in donation export settings
- Protect against XSS and CSRF in donation import settings
- Protect against XSS in give_form_grid shortcode
- Protect against CSRF and Arbitrary Content Deletion in admin list tables
- Protect against SSRF in add-on changelog requests
Tweaks
- Compatibility in the Donor Dashboard with the new Square recurring support
- Exported donations are ordered by ID by default
Fixes
- Sites without the ctype PHP extension no longer run into problems
- Prevent a handful of PHP 8.1 deprecation notices
- Fixed a PHP 8.0 error in receipt templates
Features
- Donors now explicitly state whether they are donating as a company, useful for things like Gift Aid
Tweaks
- Improvements to the Gateway API in preparation for GiveWP 3.0
- Optimizations to how we interact with the GiveWP Gateway server
- New method for storing donation notes using the Donation model
Fixes
- Improved how PayPal Donation tokens are handled to prevent the need to reconnect one's PayPal account
- Classic forms using Authorize.Net as the default gateway now work as expected
- Square credit card fields now work properly on safari
- Resolved escaping issue preventing modal from displaying on some sites
- The "Download Receipt" link in the PDF is more reliable after making donation updates
- Prevented a filter from running twice on the donation summary
- Styling looks better for modals in the Classic template
- Corrected some styling in the Multi-Step and Classic template receipts that affected the Tributes add-on
Tweaks
- Reorganized the GiveWP admin menu items to a cleaner, more intuitive order.
Fixes
- Servers without the PHP Intl extension broke the admin list tables. This is a fixed and a new Currency setting was introduced to [control automatic formatting](https://docs.givewp.com/currency-format).
Security
- Further protection against SQL Injection attacks.
Fixes
- Forms with missing level data no longer breaks the whole form list table.
Security
- Fixed critical and a low level security vulnerabilities. See our [critical release notice](https://go.givewp.com/2-24) for more details.
Features
- Sorting and custom columns are now supported for the Form, Donor, and Donation admin list tables
- Subscription admin list table has a new, modern look like the other list tables — requires GiveWP Recurring add-on
Tweaks
- New Validation framework in preparation for GiveWP 3.0
- Donor Dashboard is ready for the upcoming Authorize.Net recurring support
- Further small improvements to get ready for the upcoming GiveWP Next Gen Feature Plugin
Fixes
- Donor errors correctly display when using the Multi-Step form template
- Donor comments now show up when the Stripe or PayPal Donations gateways are used
- Accessibility improvement for generating a new user API key
- The payment amount in the donation summary correctly updates when the donor enters a custom amount
Tweaks
- Added support for gateways that need to mark a new subscription as processing
Fixes
- Fixed a Stripe issue in conjunction with Stripe that would throw an error when processing a renewal
- Prevent some PHP notices when being used on PHP 8
Fixes
- Fee Recovered amount in the donation summary works better with currencies that use a comma as the thousands separator
- Form Grid donate button color defaults to black to avoid being invisible in some cases
- Made text translatable in the Form Grid that previously wasn't
- The give()->donations->getLatestDonation now correctly grabs the most recent
- Zip code and country are now in the correct order for donor exports
- The Donor and Donation models correctly handle missing meta
Tweaks
- Under the hood improvements to how recurrence is handled in donations and subscriptions
- Added additional filters to email settings (for Peer-to-Peer)
Fixes
- Wrapped up some issues to make sure GiveWP is ready for WordPress 6.1
- Scrolling a form on a mobile device will no longer select a amount level
- Errors now display properly (and are auto-scrolled to) in the Classic template