Headline
CVE-2022-0252: Changeset 2659032 – WordPress Plugin Repository
The GiveWP WordPress plugin before 2.17.3 does not escape the json parameter before outputting it back in an attribute in the Import admin dashboard, leading to a Reflected Cross-Site Scripting
give/assets/icon-128x128.jpg
- Property svn:mime-type changed from
application/octet-streamtoimage/jpeg
- Property svn:mime-type changed from
give/assets/icon-256x256.jpg
- Property svn:mime-type changed from
application/octet-streamtoimage/jpeg
- Property svn:mime-type changed from
give/tags/2.17.3/assets/dist/mix-manifest.json
r2632392
r2659032
35
35
"/css/admin-widgets.css": "/css/admin-widgets.css",
36
36
"/css/plugin-deactivation-survey.css": "/css/plugin-deactivation-survey.css",
37
"/vendor/tecnickcom/tcpdf/fonts/CODE2000.TTF": "/vendor/tecnickcom/tcpdf/fonts/CODE2000.TTF",
38
"/vendor/tecnickcom/tcpdf/fonts/code2000.ctg.z": "/vendor/tecnickcom/tcpdf/fonts/code2000.ctg.z",
39
"/vendor/tecnickcom/tcpdf/fonts/code2000.php": "/vendor/tecnickcom/tcpdf/fonts/code2000.php",
40
"/vendor/tecnickcom/tcpdf/fonts/code2000.z": "/vendor/tecnickcom/tcpdf/fonts/code2000.z",
41
"/vendor/tecnickcom/tcpdf/fonts/code2000.z.cpgz": "/vendor/tecnickcom/tcpdf/fonts/code2000.z.cpgz",
42
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.ctg.z": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.ctg.z",
43
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.php": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.php",
44
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.z": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.z",
45
"/vendor/tecnickcom/tcpdf/fonts/helvetica.php": "/vendor/tecnickcom/tcpdf/fonts/helvetica.php",
46
"/vendor/tecnickcom/tcpdf/fonts/helveticab.php": "/vendor/tecnickcom/tcpdf/fonts/helveticab.php",
47
"/vendor/tecnickcom/tcpdf/fonts/helveticabi.php": "/vendor/tecnickcom/tcpdf/fonts/helveticabi.php",
48
"/vendor/tecnickcom/tcpdf/fonts/helveticai.php": "/vendor/tecnickcom/tcpdf/fonts/helveticai.php",
49
37
"/images/ach.png": "/images/ach.png",
50
38
"/images/addons-admin-page-decor-1.png": "/images/addons-admin-page-decor-1.png",
give/tags/2.17.3/give.php
r2634415
r2659032
6
6
\* Author: GiveWP
7
7
\* Author URI: https://givewp.com/
8
\* Version: 2.17.1
8
\* Version: 2.17.3
9
9
\* Requires at least: 4.9
10
10
\* Requires PHP: 5.6
…
…
281
281
// Plugin version.
282
282
if ( ! defined('GIVE\_VERSION')) {
283
define('GIVE\_VERSION', '2.17.1');
283
define('GIVE\_VERSION', '2.17.3');
284
284
}
285
285
give/tags/2.17.3/includes/admin/forms/dashboard-columns.php
r2407987
r2659032
492
492
<div id="give-forms-advanced-filter" class="give-filters">
493
493
<div class="give-filter give-filter-search">
494
<input type="text" id="give-forms-search-input" placeholder="<?php \_e( 'Form Name or ID', 'give' ); ?>" name="s" value="<?php echo $search; ?>">
494
<input type="text" id="give-forms-search-input" placeholder="<?php \_e( 'Form Name or ID', 'give' ); ?>" name="s" value="<?php echo esc\_attr( $search ); ?>">
495
495
<?php
496
496
submit\_button(
give/tags/2.17.3/includes/admin/tools/import/class-give-import-core-settings.php
r2271154
r2659032
363
363
<div class="give-field-wrap">
364
364
<label for="json">
365
<input type="file" name="json" class="give-upload-json-file" value="<?php echo $json; ?>"
365
<input type="file" name="json" class="give-upload-json-file" value="<?php echo esc\_attr($json); ?>"
366
366
accept=".json">
367
367
<p class="give-field-description"><?php esc\_html\_e( 'The file type must be JSON.', 'give' ); ?></p>
give/tags/2.17.3/includes/forms/template.php
r2620345
r2659032
1477
1477
function give\_get\_login\_fields( $form\_id ) {
1478
1478
1479
$form\_id = isset( $\_POST\['form\_id'\] ) ? $\_POST\['form\_id'\] : $form\_id;
1479
$form\_id = isset( $\_POST\['form\_id'\] ) ? give\_clean( $\_POST\['form\_id'\] ) : $form\_id;
1480
1480
$show\_register\_form = give\_show\_login\_register\_option( $form\_id );
1481
1481
1482
1482
ob\_start();
1483
1483
?>
1484
<fieldset id="give-login-fields-<?php echo $form\_id; ?>">
1484
<fieldset id="give-login-fields-<?php echo esc\_attr( $form\_id ); ?>">
1485
1485
<legend>
1486
1486
<?php
…
…
1520
1520
?>
1521
1521
<div class="give-user-login-fields-container">
1522
<div id="give-user-login-wrap-<?php echo $form\_id; ?>" class="form-row form-row-first form-row-responsive">
1523
<label class="give-label" for="give-user-login-<?php echo $form\_id; ?>">
1522
<div id="give-user-login-wrap-<?php echo esc\_attr( $form\_id ); ?>" class="form-row form-row-first form-row-responsive">
1523
<label class="give-label" for="give-user-login-<?php echo esc\_attr( $form\_id ); ?>">
1524
1524
<?php \_e( 'Username or Email Address', 'give' ); ?>
1525
1525
<?php if ( give\_logged\_in\_only( $form\_id ) ) { ?>
…
…
1530
1530
<input class="give-input<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required' : ''; ?>"
1531
1531
type="text"
1532
name="give\_user\_login" id="give-user-login-<?php echo $form\_id; ?>" value=""
1532
name="give\_user\_login" id="give-user-login-<?php echo esc\_attr( $form\_id ); ?>" value=""
1533
1533
placeholder="<?php \_e( 'Your username or email', 'give' ); ?>"<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required aria-required="true" ' : ''; ?>/>
1534
1534
</div>
1535
1535
1536
<div id="give-user-pass-wrap-<?php echo $form\_id; ?>"
1536
<div id="give-user-pass-wrap-<?php echo esc\_attr( $form\_id ); ?>"
1537
1537
class="give\_login\_password form-row form-row-last form-row-responsive">
1538
<label class="give-label" for="give-user-pass-<?php echo $form\_id; ?>">
1538
<label class="give-label" for="give-user-pass-<?php echo esc\_attr( $form\_id ); ?>">
1539
1539
<?php \_e( 'Password', 'give' ); ?>
1540
1540
<?php if ( give\_logged\_in\_only( $form\_id ) ) { ?>
…
…
1543
1543
</label>
1544
1544
<input class="give-input<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required' : ''; ?>"
1545
type="password" name="give\_user\_pass" id="give-user-pass-<?php echo $form\_id; ?>"
1545
type="password" name="give\_user\_pass" id="give-user-pass-<?php echo esc\_attr( $form\_id ); ?>"
1546
1546
placeholder="<?php \_e( 'Your password', 'give' ); ?>"<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required aria-required="true" ' : ''; ?>/>
1547
1547
<?php if ( give\_logged\_in\_only( $form\_id ) ) : ?>
…
…
1551
1551
</div>
1552
1552
1553
<div id="give-user-login-submit-<?php echo $form\_id; ?>" class="give-clearfix">
1553
<div id="give-user-login-submit-<?php echo esc\_attr( $form\_id ); ?>" class="give-clearfix">
1554
1554
<input type="submit" class="give-submit give-btn button" name="give\_login\_submit"
1555
1555
value="<?php \_e( 'Login', 'give' ); ?>"/>
…
…
1560
1560
<?php } ?>
1561
1561
<span class="give-loading-animation"></span>
1562
<div id="give-forgot-password-wrap-<?php echo $form\_id; ?>" class="give\_login\_forgot\_password">
1562
<div id="give-forgot-password-wrap-<?php echo esc\_attr( $form\_id ); ?>" class="give\_login\_forgot\_password">
1563
1563
<span class="give-forgot-password ">
1564
1564
<a href="<?php echo wp\_lostpassword\_url(); ?>" target="\_blank"><?php \_e( 'Reset Password', 'give' ); ?></a>
give/tags/2.17.3/languages/give.pot
r2634415
r2659032
1
\# Copyright (C) 2021 GiveWP
1
\# Copyright (C) 2022 GiveWP
2
2
\# This file is distributed under the same license as the Give - Donation Plugin plugin.
3
3
msgid ""
4
4
msgstr ""
5
"Project-Id-Version: Give - Donation Plugin 2.17.1\\n"
5
"Project-Id-Version: Give - Donation Plugin 2.17.3\\n"
6
6
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/givewp\\n"
7
7
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\\n"
…
…
10
10
"Content-Type: text/plain; charset=UTF-8\\n"
11
11
"Content-Transfer-Encoding: 8bit\\n"
12
"POT-Creation-Date: 2021-11-23T23:44:43+00:00\\n"
12
"POT-Creation-Date: 2022-01-18T00:22:45+00:00\\n"
13
13
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\\n"
14
14
"X-Generator: WP-CLI 2.5.0\\n"
give/tags/2.17.3/output.log
r2634415
r2659032
17
17
2a0fa75da19b: Pulling fs layer
18
18
07289ea6b918: Pulling fs layer
19
4612e05a72cf: Waiting
20
f1478d838f46: Waiting
19
21
c88517be8365: Waiting
20
22
142abe9b67c6: Waiting
…
…
22
24
2a0fa75da19b: Waiting
23
25
07289ea6b918: Waiting
24
4612e05a72cf: Waiting
25
f1478d838f46: Waiting
26
320f26ee9b1c: Verifying Checksum
27
320f26ee9b1c: Download complete
26
28
30e209609427: Verifying Checksum
27
29
30e209609427: Download complete
28
320f26ee9b1c: Verifying Checksum
29
320f26ee9b1c: Download complete
30
30
801bfaa63ef2: Verifying Checksum
31
801bfaa63ef2: Download complete
31
801bfaa63ef2: Pull complete
32
32
c88517be8365: Verifying Checksum
33
33
c88517be8365: Download complete
34
801bfaa63ef2: Pull complete
35
34
4612e05a72cf: Verifying Checksum
36
35
4612e05a72cf: Download complete
37
36
f1478d838f46: Verifying Checksum
38
37
f1478d838f46: Download complete
39
181891da1ea0: Verifying Checksum
38
30e209609427: Pull complete
39
142abe9b67c6: Verifying Checksum
40
142abe9b67c6: Download complete
40
41
181891da1ea0: Download complete
41
42
2a0fa75da19b: Verifying Checksum
42
43
2a0fa75da19b: Download complete
43
142abe9b67c6: Verifying Checksum
44
142abe9b67c6: Download complete
45
07289ea6b918: Verifying Checksum
46
07289ea6b918: Download complete
47
30e209609427: Pull complete
48
44
320f26ee9b1c: Pull complete
49
45
4612e05a72cf: Pull complete
50
46
f1478d838f46: Pull complete
47
07289ea6b918: Download complete
51
48
c88517be8365: Pull complete
52
49
142abe9b67c6: Pull complete
give/tags/2.17.3/readme.txt
r2658954
r2659032
4
4
Tags: donation, donate, recurring donations, fundraising, crowdfunding
5
5
Requires at least: 4.9
6
Tested up to: 5.9
6
Tested up to: 5.8
7
7
Requires PHP: 5.6
8
Stable tag: 2.17.2
8
Stable tag: 2.17.3
9
9
License: GPLv3
10
10
License URI: http://www.gnu.org/licenses/gpl-3.0.html
…
…
252
252
253
253
\== Changelog ==
254
\= 2.17.3: January 17th, 2022 =
255
\* Security: Minor XSS vulnerabilities, which require admin access to exploit, have been resolved
256
254
257
\= 2.17.2: December 28th, 2021 =
255
258
\* Fix: Only validate email settings that are not empty
give/tags/2.17.3/src/Email/GlobalSettingValidator.php
r2634415
r2659032
29
29
/\*\*
30
30
\* @since 2.17.1
31
\* @since 2.17.2 Only filter value as unique array if set. Some settings do not need to be set, ie donation-receipt\_recipient.
31
32
\*/
32
33
public function validateSetting($value)
33
34
{
34
// Same unique email address for email recipients.
35
$recipientEmails = array\_unique(array\_filter($value));
35
if( ! empty( $value ) ) {
36
// Same unique email address for email recipients.
37
$recipientEmails = array\_unique(array\_filter($value));
36
38
37
// Set default email recipient to admin email.
38
return $recipientEmails ?: \[get\_bloginfo('admin\_email')\];
39
// Set default email recipient to admin email.
40
$value = $recipientEmails ?: \[get\_bloginfo('admin\_email')\];
41
}
42
return $value;
39
43
}
40
44
give/tags/2.17.3/vendor/autoload.php
r2634415
r2659032
5
5
require\_once \_\_DIR\_\_ . '/composer/autoload\_real.php';
6
6
7
return ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300::getLoader();
7
return ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a::getLoader();
give/tags/2.17.3/vendor/composer/ClassLoader.php
r2605579
r2659032
150
150
/\*\*
151
151
\* @return string\[\] Array of classname => path
152
\* @psalm-var array<string, string>
152
\* @psalm-return array<string, string>
153
153
\*/
154
154
public function getClassMap()
give/tags/2.17.3/vendor/composer/autoload_real.php
r2634415
r2659032
3
3
// autoload\_real.php @generated by Composer
4
4
5
class ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300
5
class ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a
6
6
{
7
7
private static $loader;
…
…
25
25
require \_\_DIR\_\_ . '/platform\_check.php';
26
26
27
spl\_autoload\_register(array('ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300', 'loadClassLoader'), true, true);
27
spl\_autoload\_register(array('ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a', 'loadClassLoader'), true, true);
28
28
self::$loader = $loader = new \\Composer\\Autoload\\ClassLoader(\\dirname(\\dirname(\_\_FILE\_\_)));
29
spl\_autoload\_unregister(array('ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300', 'loadClassLoader'));
29
spl\_autoload\_unregister(array('ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a', 'loadClassLoader'));
30
30
31
31
$useStaticLoader = PHP\_VERSION\_ID >= 50600 && !defined('HHVM\_VERSION') && (!function\_exists('zend\_loader\_file\_encoded') || !zend\_loader\_file\_encoded());
…
…
33
33
require \_\_DIR\_\_ . '/autoload\_static.php';
34
34
35
call\_user\_func(\\Composer\\Autoload\\ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::getInitializer($loader));
35
call\_user\_func(\\Composer\\Autoload\\ComposerStaticInit6f721593ee2d1fbbc28576266040467a::getInitializer($loader));
36
36
} else {
37
37
$map = require \_\_DIR\_\_ . '/autoload\_namespaces.php';
give/tags/2.17.3/vendor/composer/autoload_static.php
r2634415
r2659032
5
5
namespace Composer\\Autoload;
6
6
7
class ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300
7
class ComposerStaticInit6f721593ee2d1fbbc28576266040467a
8
8
{
9
9
public static $prefixLengthsPsr4 = array (
…
…
97
97
{
98
98
return \\Closure::bind(function () use ($loader) {
99
$loader->prefixLengthsPsr4 = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$prefixLengthsPsr4;
100
$loader->prefixDirsPsr4 = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$prefixDirsPsr4;
101
$loader->classMap = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$classMap;
99
$loader->prefixLengthsPsr4 = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$prefixLengthsPsr4;
100
$loader->prefixDirsPsr4 = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$prefixDirsPsr4;
101
$loader->classMap = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$classMap;
102
102
103
103
}, null, ClassLoader::class);
give/tags/2.17.3/vendor/composer/installed.php
r2634415
r2659032
1
1
<?php return array(
2
2
'root' => array(
3
'pretty\_version' => '2.17.1',
4
'version' => '2.17.1.0',
3
'pretty\_version' => '2.17.3',
4
'version' => '2.17.3.0',
5
5
'type' => 'wordpress-plugin',
6
6
'install\_path' => \_\_DIR\_\_ . '/../../',
7
7
'aliases' => array(),
8
'reference' => 'd5b4a96b7d107b41aef724f4cf063b87fcb995f2',
8
'reference' => 'd26ab82b6166d396d8aaa23018be0bfda26f19be',
9
9
'name' => 'impress-org/give',
10
10
'dev' => false,
…
…
42
42
),
43
43
'impress-org/give' => array(
44
'pretty\_version' => '2.17.1',
45
'version' => '2.17.1.0',
44
'pretty\_version' => '2.17.3',
45
'version' => '2.17.3.0',
46
46
'type' => 'wordpress-plugin',
47
47
'install\_path' => \_\_DIR\_\_ . '/../../',
48
48
'aliases' => array(),
49
'reference' => 'd5b4a96b7d107b41aef724f4cf063b87fcb995f2',
49
'reference' => 'd26ab82b6166d396d8aaa23018be0bfda26f19be',
50
50
'dev\_requirement' => false,
51
51
),
give/tags/2.17.3/webpack.mix.js
r2634415
r2659032
2
2
const path = require('path');
3
3
const WebpackRTLPlugin = require('webpack-rtl-plugin');
4
const {CleanWebpackPlugin} = require('clean-webpack-plugin');
5
4
6
5
mix.setPublicPath('assets/dist')
…
…
38
37
.js('src/MigrationLog/Admin/index.js', 'js/give-migrations-list-table-app.js')
39
38
.js('src/InPluginUpsells/resources/js/addons-admin-page.js', 'js/admin-upsell-addons-page.js')
40
.js('src/InPluginUpsells/resources/js/recurring-donations-settings-tab.js', 'js/admin-upsell-recurring-donations-settings-tab.js')
39
.js(
40
'src/InPluginUpsells/resources/js/recurring-donations-settings-tab.js',
41
'js/admin-upsell-recurring-donations-settings-tab.js'
42
)
41
43
.js('src/InPluginUpsells/resources/js/sale-banner.js', 'js/admin-upsell-sale-banner.js')
42
44
.js('src/DonationSummary/resources/js/summary.js', 'js/give-donation-summary.js')
…
…
44
46
.sourceMaps(false)
45
47
46
.copyDirectory('assets/src/tcpdf-fonts', 'vendor/tecnickcom/tcpdf/fonts')
47
48
.copyDirectory('assets/src/images', 'assets/dist/images')
48
49
.copyDirectory('assets/src/fonts', 'assets/dist/fonts');
…
…
72
73
format: {
73
74
comments: false,
74
}
75
}
76
}
75
},
76
},
77
},
77
78
});
78
79
…
…
84
85
minify: true,
85
86
}),
86
new CleanWebpackPlugin({
87
// We clean up he tcpdf directory in the vendor to prevent it from bloating the release file size
88
cleanOnceBeforeBuildPatterns: \[path.join(process.cwd(), 'vendor/tecnickcom/tcpdf/fonts/\*')\],
89
}),
90
87
\],
91
88
});
give/trunk/assets/dist/mix-manifest.json
r2632392
r2659032
35
35
"/css/admin-widgets.css": "/css/admin-widgets.css",
36
36
"/css/plugin-deactivation-survey.css": "/css/plugin-deactivation-survey.css",
37
"/vendor/tecnickcom/tcpdf/fonts/CODE2000.TTF": "/vendor/tecnickcom/tcpdf/fonts/CODE2000.TTF",
38
"/vendor/tecnickcom/tcpdf/fonts/code2000.ctg.z": "/vendor/tecnickcom/tcpdf/fonts/code2000.ctg.z",
39
"/vendor/tecnickcom/tcpdf/fonts/code2000.php": "/vendor/tecnickcom/tcpdf/fonts/code2000.php",
40
"/vendor/tecnickcom/tcpdf/fonts/code2000.z": "/vendor/tecnickcom/tcpdf/fonts/code2000.z",
41
"/vendor/tecnickcom/tcpdf/fonts/code2000.z.cpgz": "/vendor/tecnickcom/tcpdf/fonts/code2000.z.cpgz",
42
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.ctg.z": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.ctg.z",
43
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.php": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.php",
44
"/vendor/tecnickcom/tcpdf/fonts/dejavusans.z": "/vendor/tecnickcom/tcpdf/fonts/dejavusans.z",
45
"/vendor/tecnickcom/tcpdf/fonts/helvetica.php": "/vendor/tecnickcom/tcpdf/fonts/helvetica.php",
46
"/vendor/tecnickcom/tcpdf/fonts/helveticab.php": "/vendor/tecnickcom/tcpdf/fonts/helveticab.php",
47
"/vendor/tecnickcom/tcpdf/fonts/helveticabi.php": "/vendor/tecnickcom/tcpdf/fonts/helveticabi.php",
48
"/vendor/tecnickcom/tcpdf/fonts/helveticai.php": "/vendor/tecnickcom/tcpdf/fonts/helveticai.php",
49
37
"/images/ach.png": "/images/ach.png",
50
38
"/images/addons-admin-page-decor-1.png": "/images/addons-admin-page-decor-1.png",
give/trunk/give.php
r2634415
r2659032
6
6
\* Author: GiveWP
7
7
\* Author URI: https://givewp.com/
8
\* Version: 2.17.1
8
\* Version: 2.17.3
9
9
\* Requires at least: 4.9
10
10
\* Requires PHP: 5.6
…
…
281
281
// Plugin version.
282
282
if ( ! defined('GIVE\_VERSION')) {
283
define('GIVE\_VERSION', '2.17.1');
283
define('GIVE\_VERSION', '2.17.3');
284
284
}
285
285
give/trunk/includes/admin/forms/dashboard-columns.php
r2407987
r2659032
492
492
<div id="give-forms-advanced-filter" class="give-filters">
493
493
<div class="give-filter give-filter-search">
494
<input type="text" id="give-forms-search-input" placeholder="<?php \_e( 'Form Name or ID', 'give' ); ?>" name="s" value="<?php echo $search; ?>">
494
<input type="text" id="give-forms-search-input" placeholder="<?php \_e( 'Form Name or ID', 'give' ); ?>" name="s" value="<?php echo esc\_attr( $search ); ?>">
495
495
<?php
496
496
submit\_button(
give/trunk/includes/admin/tools/import/class-give-import-core-settings.php
r2271154
r2659032
363
363
<div class="give-field-wrap">
364
364
<label for="json">
365
<input type="file" name="json" class="give-upload-json-file" value="<?php echo $json; ?>"
365
<input type="file" name="json" class="give-upload-json-file" value="<?php echo esc\_attr($json); ?>"
366
366
accept=".json">
367
367
<p class="give-field-description"><?php esc\_html\_e( 'The file type must be JSON.', 'give' ); ?></p>
give/trunk/includes/forms/template.php
r2620345
r2659032
1477
1477
function give\_get\_login\_fields( $form\_id ) {
1478
1478
1479
$form\_id = isset( $\_POST\['form\_id'\] ) ? $\_POST\['form\_id'\] : $form\_id;
1479
$form\_id = isset( $\_POST\['form\_id'\] ) ? give\_clean( $\_POST\['form\_id'\] ) : $form\_id;
1480
1480
$show\_register\_form = give\_show\_login\_register\_option( $form\_id );
1481
1481
1482
1482
ob\_start();
1483
1483
?>
1484
<fieldset id="give-login-fields-<?php echo $form\_id; ?>">
1484
<fieldset id="give-login-fields-<?php echo esc\_attr( $form\_id ); ?>">
1485
1485
<legend>
1486
1486
<?php
…
…
1520
1520
?>
1521
1521
<div class="give-user-login-fields-container">
1522
<div id="give-user-login-wrap-<?php echo $form\_id; ?>" class="form-row form-row-first form-row-responsive">
1523
<label class="give-label" for="give-user-login-<?php echo $form\_id; ?>">
1522
<div id="give-user-login-wrap-<?php echo esc\_attr( $form\_id ); ?>" class="form-row form-row-first form-row-responsive">
1523
<label class="give-label" for="give-user-login-<?php echo esc\_attr( $form\_id ); ?>">
1524
1524
<?php \_e( 'Username or Email Address', 'give' ); ?>
1525
1525
<?php if ( give\_logged\_in\_only( $form\_id ) ) { ?>
…
…
1530
1530
<input class="give-input<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required' : ''; ?>"
1531
1531
type="text"
1532
name="give\_user\_login" id="give-user-login-<?php echo $form\_id; ?>" value=""
1532
name="give\_user\_login" id="give-user-login-<?php echo esc\_attr( $form\_id ); ?>" value=""
1533
1533
placeholder="<?php \_e( 'Your username or email', 'give' ); ?>"<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required aria-required="true" ' : ''; ?>/>
1534
1534
</div>
1535
1535
1536
<div id="give-user-pass-wrap-<?php echo $form\_id; ?>"
1536
<div id="give-user-pass-wrap-<?php echo esc\_attr( $form\_id ); ?>"
1537
1537
class="give\_login\_password form-row form-row-last form-row-responsive">
1538
<label class="give-label" for="give-user-pass-<?php echo $form\_id; ?>">
1538
<label class="give-label" for="give-user-pass-<?php echo esc\_attr( $form\_id ); ?>">
1539
1539
<?php \_e( 'Password', 'give' ); ?>
1540
1540
<?php if ( give\_logged\_in\_only( $form\_id ) ) { ?>
…
…
1543
1543
</label>
1544
1544
<input class="give-input<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required' : ''; ?>"
1545
type="password" name="give\_user\_pass" id="give-user-pass-<?php echo $form\_id; ?>"
1545
type="password" name="give\_user\_pass" id="give-user-pass-<?php echo esc\_attr( $form\_id ); ?>"
1546
1546
placeholder="<?php \_e( 'Your password', 'give' ); ?>"<?php echo ( give\_logged\_in\_only( $form\_id ) ) ? ' required aria-required="true" ' : ''; ?>/>
1547
1547
<?php if ( give\_logged\_in\_only( $form\_id ) ) : ?>
…
…
1551
1551
</div>
1552
1552
1553
<div id="give-user-login-submit-<?php echo $form\_id; ?>" class="give-clearfix">
1553
<div id="give-user-login-submit-<?php echo esc\_attr( $form\_id ); ?>" class="give-clearfix">
1554
1554
<input type="submit" class="give-submit give-btn button" name="give\_login\_submit"
1555
1555
value="<?php \_e( 'Login', 'give' ); ?>"/>
…
…
1560
1560
<?php } ?>
1561
1561
<span class="give-loading-animation"></span>
1562
<div id="give-forgot-password-wrap-<?php echo $form\_id; ?>" class="give\_login\_forgot\_password">
1562
<div id="give-forgot-password-wrap-<?php echo esc\_attr( $form\_id ); ?>" class="give\_login\_forgot\_password">
1563
1563
<span class="give-forgot-password ">
1564
1564
<a href="<?php echo wp\_lostpassword\_url(); ?>" target="\_blank"><?php \_e( 'Reset Password', 'give' ); ?></a>
give/trunk/languages/give.pot
r2634415
r2659032
1
\# Copyright (C) 2021 GiveWP
1
\# Copyright (C) 2022 GiveWP
2
2
\# This file is distributed under the same license as the Give - Donation Plugin plugin.
3
3
msgid ""
4
4
msgstr ""
5
"Project-Id-Version: Give - Donation Plugin 2.17.1\\n"
5
"Project-Id-Version: Give - Donation Plugin 2.17.3\\n"
6
6
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/givewp\\n"
7
7
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\\n"
…
…
10
10
"Content-Type: text/plain; charset=UTF-8\\n"
11
11
"Content-Transfer-Encoding: 8bit\\n"
12
"POT-Creation-Date: 2021-11-23T23:44:43+00:00\\n"
12
"POT-Creation-Date: 2022-01-18T00:22:45+00:00\\n"
13
13
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\\n"
14
14
"X-Generator: WP-CLI 2.5.0\\n"
give/trunk/output.log
r2634415
r2659032
17
17
2a0fa75da19b: Pulling fs layer
18
18
07289ea6b918: Pulling fs layer
19
4612e05a72cf: Waiting
20
f1478d838f46: Waiting
19
21
c88517be8365: Waiting
20
22
142abe9b67c6: Waiting
…
…
22
24
2a0fa75da19b: Waiting
23
25
07289ea6b918: Waiting
24
4612e05a72cf: Waiting
25
f1478d838f46: Waiting
26
320f26ee9b1c: Verifying Checksum
27
320f26ee9b1c: Download complete
26
28
30e209609427: Verifying Checksum
27
29
30e209609427: Download complete
28
320f26ee9b1c: Verifying Checksum
29
320f26ee9b1c: Download complete
30
30
801bfaa63ef2: Verifying Checksum
31
801bfaa63ef2: Download complete
31
801bfaa63ef2: Pull complete
32
32
c88517be8365: Verifying Checksum
33
33
c88517be8365: Download complete
34
801bfaa63ef2: Pull complete
35
34
4612e05a72cf: Verifying Checksum
36
35
4612e05a72cf: Download complete
37
36
f1478d838f46: Verifying Checksum
38
37
f1478d838f46: Download complete
39
181891da1ea0: Verifying Checksum
38
30e209609427: Pull complete
39
142abe9b67c6: Verifying Checksum
40
142abe9b67c6: Download complete
40
41
181891da1ea0: Download complete
41
42
2a0fa75da19b: Verifying Checksum
42
43
2a0fa75da19b: Download complete
43
142abe9b67c6: Verifying Checksum
44
142abe9b67c6: Download complete
45
07289ea6b918: Verifying Checksum
46
07289ea6b918: Download complete
47
30e209609427: Pull complete
48
44
320f26ee9b1c: Pull complete
49
45
4612e05a72cf: Pull complete
50
46
f1478d838f46: Pull complete
47
07289ea6b918: Download complete
51
48
c88517be8365: Pull complete
52
49
142abe9b67c6: Pull complete
give/trunk/readme.txt
r2658954
r2659032
4
4
Tags: donation, donate, recurring donations, fundraising, crowdfunding
5
5
Requires at least: 4.9
6
Tested up to: 5.9
6
Tested up to: 5.8
7
7
Requires PHP: 5.6
8
Stable tag: 2.17.2
8
Stable tag: 2.17.3
9
9
License: GPLv3
10
10
License URI: http://www.gnu.org/licenses/gpl-3.0.html
…
…
252
252
253
253
\== Changelog ==
254
\= 2.17.3: January 17th, 2022 =
255
\* Security: Minor XSS vulnerabilities, which require admin access to exploit, have been resolved
256
254
257
\= 2.17.2: December 28th, 2021 =
255
258
\* Fix: Only validate email settings that are not empty
give/trunk/src/Email/GlobalSettingValidator.php
r2634415
r2659032
29
29
/\*\*
30
30
\* @since 2.17.1
31
\* @since 2.17.2 Only filter value as unique array if set. Some settings do not need to be set, ie donation-receipt\_recipient.
31
32
\*/
32
33
public function validateSetting($value)
33
34
{
34
// Same unique email address for email recipients.
35
$recipientEmails = array\_unique(array\_filter($value));
35
if( ! empty( $value ) ) {
36
// Same unique email address for email recipients.
37
$recipientEmails = array\_unique(array\_filter($value));
36
38
37
// Set default email recipient to admin email.
38
return $recipientEmails ?: \[get\_bloginfo('admin\_email')\];
39
// Set default email recipient to admin email.
40
$value = $recipientEmails ?: \[get\_bloginfo('admin\_email')\];
41
}
42
return $value;
39
43
}
40
44
give/trunk/vendor/autoload.php
r2634415
r2659032
5
5
require\_once \_\_DIR\_\_ . '/composer/autoload\_real.php';
6
6
7
return ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300::getLoader();
7
return ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a::getLoader();
give/trunk/vendor/composer/ClassLoader.php
r2605579
r2659032
150
150
/\*\*
151
151
\* @return string\[\] Array of classname => path
152
\* @psalm-var array<string, string>
152
\* @psalm-return array<string, string>
153
153
\*/
154
154
public function getClassMap()
give/trunk/vendor/composer/autoload_real.php
r2634415
r2659032
3
3
// autoload\_real.php @generated by Composer
4
4
5
class ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300
5
class ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a
6
6
{
7
7
private static $loader;
…
…
25
25
require \_\_DIR\_\_ . '/platform\_check.php';
26
26
27
spl\_autoload\_register(array('ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300', 'loadClassLoader'), true, true);
27
spl\_autoload\_register(array('ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a', 'loadClassLoader'), true, true);
28
28
self::$loader = $loader = new \\Composer\\Autoload\\ClassLoader(\\dirname(\\dirname(\_\_FILE\_\_)));
29
spl\_autoload\_unregister(array('ComposerAutoloaderInitb207af65f4e0031a4b9ee4b8dd488300', 'loadClassLoader'));
29
spl\_autoload\_unregister(array('ComposerAutoloaderInit6f721593ee2d1fbbc28576266040467a', 'loadClassLoader'));
30
30
31
31
$useStaticLoader = PHP\_VERSION\_ID >= 50600 && !defined('HHVM\_VERSION') && (!function\_exists('zend\_loader\_file\_encoded') || !zend\_loader\_file\_encoded());
…
…
33
33
require \_\_DIR\_\_ . '/autoload\_static.php';
34
34
35
call\_user\_func(\\Composer\\Autoload\\ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::getInitializer($loader));
35
call\_user\_func(\\Composer\\Autoload\\ComposerStaticInit6f721593ee2d1fbbc28576266040467a::getInitializer($loader));
36
36
} else {
37
37
$map = require \_\_DIR\_\_ . '/autoload\_namespaces.php';
give/trunk/vendor/composer/autoload_static.php
r2634415
r2659032
5
5
namespace Composer\\Autoload;
6
6
7
class ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300
7
class ComposerStaticInit6f721593ee2d1fbbc28576266040467a
8
8
{
9
9
public static $prefixLengthsPsr4 = array (
…
…
97
97
{
98
98
return \\Closure::bind(function () use ($loader) {
99
$loader->prefixLengthsPsr4 = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$prefixLengthsPsr4;
100
$loader->prefixDirsPsr4 = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$prefixDirsPsr4;
101
$loader->classMap = ComposerStaticInitb207af65f4e0031a4b9ee4b8dd488300::$classMap;
99
$loader->prefixLengthsPsr4 = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$prefixLengthsPsr4;
100
$loader->prefixDirsPsr4 = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$prefixDirsPsr4;
101
$loader->classMap = ComposerStaticInit6f721593ee2d1fbbc28576266040467a::$classMap;
102
102
103
103
}, null, ClassLoader::class);
give/trunk/vendor/composer/installed.php
r2634415
r2659032
1
1
<?php return array(
2
2
'root' => array(
3
'pretty\_version' => '2.17.1',
4
'version' => '2.17.1.0',
3
'pretty\_version' => '2.17.3',
4
'version' => '2.17.3.0',
5
5
'type' => 'wordpress-plugin',
6
6
'install\_path' => \_\_DIR\_\_ . '/../../',
7
7
'aliases' => array(),
8
'reference' => 'd5b4a96b7d107b41aef724f4cf063b87fcb995f2',
8
'reference' => 'd26ab82b6166d396d8aaa23018be0bfda26f19be',
9
9
'name' => 'impress-org/give',
10
10
'dev' => false,
…
…
42
42
),
43
43
'impress-org/give' => array(
44
'pretty\_version' => '2.17.1',
45
'version' => '2.17.1.0',
44
'pretty\_version' => '2.17.3',
45
'version' => '2.17.3.0',
46
46
'type' => 'wordpress-plugin',
47
47
'install\_path' => \_\_DIR\_\_ . '/../../',
48
48
'aliases' => array(),
49
'reference' => 'd5b4a96b7d107b41aef724f4cf063b87fcb995f2',
49
'reference' => 'd26ab82b6166d396d8aaa23018be0bfda26f19be',
50
50
'dev\_requirement' => false,
51
51
),
give/trunk/webpack.mix.js
r2634415
r2659032
2
2
const path = require('path');
3
3
const WebpackRTLPlugin = require('webpack-rtl-plugin');
4
const {CleanWebpackPlugin} = require('clean-webpack-plugin');
5
4
6
5
mix.setPublicPath('assets/dist')
…
…
38
37
.js('src/MigrationLog/Admin/index.js', 'js/give-migrations-list-table-app.js')
39
38
.js('src/InPluginUpsells/resources/js/addons-admin-page.js', 'js/admin-upsell-addons-page.js')
40
.js('src/InPluginUpsells/resources/js/recurring-donations-settings-tab.js', 'js/admin-upsell-recurring-donations-settings-tab.js')
39
.js(
40
'src/InPluginUpsells/resources/js/recurring-donations-settings-tab.js',
41
'js/admin-upsell-recurring-donations-settings-tab.js'
42
)
41
43
.js('src/InPluginUpsells/resources/js/sale-banner.js', 'js/admin-upsell-sale-banner.js')
42
44
.js('src/DonationSummary/resources/js/summary.js', 'js/give-donation-summary.js')
…
…
44
46
.sourceMaps(false)
45
47
46
.copyDirectory('assets/src/tcpdf-fonts', 'vendor/tecnickcom/tcpdf/fonts')
47
48
.copyDirectory('assets/src/images', 'assets/dist/images')
48
49
.copyDirectory('assets/src/fonts', 'assets/dist/fonts');
…
…
72
73
format: {
73
74
comments: false,
74
}
75
}
76
}
75
},
76
},
77
},
77
78
});
78
79
…
…
84
85
minify: true,
85
86
}),
86
new CleanWebpackPlugin({
87
// We clean up he tcpdf directory in the vendor to prevent it from bloating the release file size
88
cleanOnceBeforeBuildPatterns: \[path.join(process.cwd(), 'vendor/tecnickcom/tcpdf/fonts/\*')\],
89
}),
90
87
\],
91
88
});