GiveWP
Security
- Added additional sanitization to the donation form request to prevent malicious serialized data (CVE-2024-12877)
Fixes
- Resolved an issue with the custom donation amount field where using certain languages like Swedish were resulting in additional zero values being added
Fixes
- Resolved an issue with PayPal where some fields were not being validated properly before processing the donation
- Resolved an issue with PayPal and emails with a plus sign trying to connect to GiveWP
- Updated the format of the donation count in the multi form goal progress stats
Tweaks
- Updated subdivision ISO code for Odisha, India to OD (Open source submission by @sorensd)
Features
- Added support to the donor dashboard for managing recurring donations from our Blink Payment Gateway add-on
Fixes
- Resolved a compatability issue with loading translations on WordPress 6.7
Security
- Added sanitization to the manual migrations parameters
Features
- Added support to our form migration process for our upcoming Constant Contact add-on 3.0.0 version
- The donor wall now shows the donor's uploaded image avatar when available
- Added a global setting to enable or disable the Option-Based Form Editor and settings.
- Addressed PHP 8.2 depreciation warnings in the Donation Session Object
Fixes
- Resolved an issue with multi-step form designs growing extra space outside the form
- Resolved an issue where some people were not able to connect to PayPal
- Resolved an issue that was preventing the form migration process from completing
- Resolved an issue with the donation confirmation email sending the wrong donation description for visual form builder forms
Fixes
- Resolved an issue with the Donor Wall shortcode and block filtering by only_comments
- Resolved a WordPress 6.7 styling compatibility issue with the visual form builder
- Resolved an issue where Stripe Payment Element was causing an error when donation amount is zero
- Resolved php 8.1 compatibility warnings for Give_Addon_Activation_Banner, Give_License, and CurrencySwitcherSetting classes
Security
- Removed Faker PHP library from production to prevent malicious direct access
- Further improved our data sanitization and validation across all of GiveWP to prevent malicious serialized data
Fixes
- Resolved an issue with PayPal donation buttons where clicking the GiveWP donate button was causing an error.
- Resolved an issue where the donation amount level descriptions option was not visible in the form builder.
- Resolved an issue with the "Update Subscription" button being always disabled for Stripe in the donor dashboard.
- Resolved a styling issue in the donor dashboard with Stripe subscription amount fields.
Features
- Added new security tab with option to enable a honeypot field for visual builder forms
- Added gateway api updates for pausing subscriptions
Fixes
- Resolved an issue with the donor name prefix block not saving correctly
- Resolved php 8.1 compatability conflict with MyCLabs\Enum\Enum::jsonSerialize()
Fixes
- Resolved a PHP v8+ fatal error on option-based forms when the Tributes add-on was enabled
- Resolved an issue with the donor dashboard menu not opening on mobile devices
Security
- Added additional protection against serialized data in the option-based donation form request (CVE-2024-9634)