Merge branch 'develop' into epic/campaigns

impress-org · Oct 14, 2024 · 834138e · 834138e
2 parents 520f2a3 + 39721a4
commit 834138e
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 34 deletions.
diff --git a/give.php b/give.php
@@ -6,7 +6,7 @@
  * Description: The most robust, flexible, and intuitive way to accept donations on WordPress.
  * Author: GiveWP
  * Author URI: https://givewp.com/
- * Version: 3.16.3
+ * Version: 3.16.4
  * Requires at least: 6.4
  * Requires PHP: 7.2
  * Text Domain: give
@@ -407,7 +407,7 @@ private function setup_constants()
     {
         // Plugin version.
         if (!defined('GIVE_VERSION')) {
-            define('GIVE_VERSION', '3.16.3');
+            define('GIVE_VERSION', '3.16.4');
         }
 
         // Plugin Root File.

diff --git a/includes/process-donation.php b/includes/process-donation.php
@@ -418,38 +418,16 @@ function give_donation_form_validate_fields() {
 /**
  * Detect serialized fields.
  *
+ * @since 3.16.4 updated to check all values for serialized fields
  * @since 3.16.2 added additional check for stripslashes_deep
  * @since 3.14.2 add give-form-title, give_title
  * @since 3.5.0
  */
 function give_donation_form_has_serialized_fields(array $post_data): bool
 {
-    $post_data_keys = [
-        'give-form-id',
-        'give-gateway',
-        'card_name',
-        'card_number',
-        'card_cvc',
-        'card_exp_month',
-        'card_exp_year',
-        'card_address',
-        'card_address_2',
-        'card_city',
-        'card_state',
-        'billing_country',
-        'card_zip',
-        'give_email',
-        'give_first',
-        'give_last',
-        'give_user_login',
-        'give_user_pass',
-        'give-form-title',
-        'give_title',
-    ];
-
-    foreach ($post_data as $key => $value) {
-        if ( ! in_array($key, $post_data_keys, true)) {
-            continue;
+    foreach ($post_data as $value) {
+        if (is_serialized(ltrim($value, '\\'))) {
+          return true;
         }
 
         if (is_serialized(stripslashes_deep($value))) {
@@ -1644,6 +1622,7 @@ function give_validate_required_form_fields( $form_id ) {
  *
  * @param array $post_data List of post data.
  *
+ * @since 3.16.4 Add additional validation for company name field
  * @since 3.16.3 Add additional validations for name title prefix field
  * @since 2.1
  *
@@ -1657,6 +1636,10 @@ function give_donation_form_validate_name_fields( $post_data ) {
           give_set_error( 'disabled_name_title', esc_html__( 'The name title prefix field is not enabled.', 'give' ) );
     }
 
+    if (!give_is_company_field_enabled($formId) && isset($post_data['give_company_name'])) {
+          give_set_error( 'disabled_company', esc_html__( 'The company field is not enabled.', 'give' ) );
+    }
+
     if (give_is_name_title_prefix_enabled($formId) && isset($post_data['give_title']) && !in_array($post_data['give_title'], array_values(give_get_name_title_prefixes($formId)))) {
       give_set_error( 'invalid_name_title', esc_html__( 'The name title prefix field is not valid.', 'give' ) );
     }

diff --git a/readme.txt b/readme.txt
@@ -5,7 +5,7 @@ Tags: donation, donate, recurring donations, fundraising, crowdfunding
 Requires at least: 6.4
 Tested up to: 6.6
 Requires PHP: 7.2
-Stable tag: 3.16.3
+Stable tag: 3.16.4
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -262,6 +262,9 @@ The 2% fee on Stripe donations only applies to donations taken via our free Stri
 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on.
 
 == Changelog ==
+= 3.16.4: October 10th, 2024 =
+* Security: Added additional protection against serialized data in the option-based donation form request (CVE-2024-9634)
+
 = 3.16.3: October 7th, 2024 =
 * Security: Added additional validation to the donor title field, further protecting the option-based donation form request
 

diff --git a/src/DonorDashboards/resources/js/app/components/mobile-menu/index.js b/src/DonorDashboards/resources/js/app/components/mobile-menu/index.js
@@ -8,11 +8,11 @@ import './style.scss';
 const MobileMenu = ({children}) => {
     const [isOpen, setIsOpen] = useState(false);
 
-    const contentRef = useRef(null);
+    const toggleRef = useRef(null);
 
     useEffect(() => {
         const handleClick = (evt) => {
-            if (contentRef.current && !contentRef.current.contains(evt.target)) {
+            if (toggleRef.current && !toggleRef.current.contains(evt.target)) {
                 setIsOpen(false);
             }
         };
@@ -26,7 +26,7 @@ const MobileMenu = ({children}) => {
                 document.removeEventListener('click', handleClick);
             }
         };
-    }, [isOpen, contentRef]);
+    }, [isOpen, toggleRef]);
 
     const location = useLocation();
     const tabsSelector = useSelector((state) => state.tabs);
@@ -39,16 +39,19 @@ const MobileMenu = ({children}) => {
             <div className="give-donor-dashboard-mobile-menu__header">
                 <div className="give-donor-dashboard-mobile-menu__label">{label}</div>
                 <div
+                    ref={toggleRef}
                     className={`give-donor-dashboard-mobile-menu__toggle ${
                         isOpen ? 'give-donor-dashboard-mobile-menu__toggle--toggled' : ''
                     }`}
-                    onClick={() => setIsOpen(!isOpen)}
+                    onClick={() => {
+                        setIsOpen(!isOpen);
+                    }}
                 >
                     <FontAwesomeIcon icon="bars" />
                 </div>
             </div>
             {isOpen && (
-                <div className="give-donor-dashboard-mobile-menu__content" ref={contentRef}>
+                <div className="give-donor-dashboard-mobile-menu__content">
                     {children}
                 </div>
             )}

diff --git a/tests/includes/legacy/tests-functions.php b/tests/includes/legacy/tests-functions.php
@@ -86,4 +86,33 @@ public function test_give_form_get_default_level() {
 		// When passing invalid form id, it should return null.
 		$this->assertEquals( give_form_get_default_level( 123 ), null );
 	}
+
+    /**
+     * @since 3.16.4
+     * @dataProvider give_donation_form_has_serialized_fields_data
+     */
+    public function test_give_donation_form_has_serialized_fields(array $fields, bool $expected): void
+    {
+        if ($expected) {
+            $this->assertTrue(give_donation_form_has_serialized_fields($fields));
+        } else {
+            $this->assertFalse(give_donation_form_has_serialized_fields($fields));
+        }
+    }
+
+    /**
+     * @since 3.16.4
+     */
+    public function give_donation_form_has_serialized_fields_data(): array
+    {
+        return [
+            [['foo' => serialize('bar')], true],
+            [['foo' => 'bar', 'baz' => '\\' . serialize('backslash-bypass')], true],
+            [['foo' => 'bar', 'baz' => '\\\\' . serialize('double-backslash-bypass')], true],
+            [['foo' => 'bar'], false],
+            [['foo' => 'bar', 'baz' => serialize('qux')], true],
+            [['foo' => 'bar', 'baz' => 'qux'], false],
+            [['foo' => 'bar', 'baz' => 1], false],
+        ];
+    }
 }