chore: prepare for release 3.19.4

readme.txt

@@ -266,8 +266,9 @@ You can report security bugs through the Patchstack Vulnerability Disclosure Pro
 10. Use almost any payment gateway integration with GiveWP through our add-ons or by creating your own add-on.
 
 == Changelog ==
-= 3.19.4: January 7th, 2024 =
-* Security: Added additional sanitization to the donation form request to prevent malicious serialized data
+= 3.19.4: January 7th, 2025 =
+* Security: Added additional sanitization to the donation form request to prevent malicious encoded data
+* Security: Added additional validation to the company field
 
 = 3.19.3: December 24th, 2024 =
 * Security: Added additional sanitization to the donation form request to prevent malicious serialized data (CVE-2024-12877)

src/DonationForms/Actions/ConvertDonationFormBlocksToFieldsApi.php

@@ -129,7 +129,7 @@ protected function convertInnerBlockToNode(BlockModel $block, int $blockIndex)
     }
 
     /**
-     * @unreleased add max rule to company field
+     * @since 3.19.4 add max rule to company field
      * @since 3.9.0 Add "givewp/donor-phone" block
      * @since 3.0.0
      *

src/Helpers/Utils.php

@@ -132,7 +132,7 @@ public static function removeBackslashes($data)
     /**
      * Decode strings recursively to prevent double (or more) encoded strings
      *
-     * @unreleased
+     * @since 3.19.4
      */
     public static function recursiveUrlDecode(string $data): string
     {
@@ -144,7 +144,7 @@ public static function recursiveUrlDecode(string $data): string
     /**
      * The regular expression attempts to capture the basic structure of all data types that can be serialized by PHP.
      *
-     * @unreleased Decode the string and remove any character not allowed in a serialized string
+     * @since 3.19.4 Decode the string and remove any character not allowed in a serialized string
      * @since 3.19.3 Support all types of serialized data instead of only objects and arrays
      * @since 3.17.2
      */