diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 271af64a2..ee49cd9cb 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,4 +1,24 @@ == Changelog == += 3.0.1 - 2024-03-27 = +* ENHANCEMENT: Improved the admin UI on mobile devices. #2913 (@kimcoleman) +* ENHANCEMENT: Now hiding save messages when switching tabs on the edit member page. #2910 (@dparker1005) +* ENHANCEMENT: The "Generate pages" checkbox in the setup wizard is now checked by default. #2916 (@dparker1005) +* BUG FIX/ENHANCEMENT: Now only showing membership groups on the levels page if the group contains levels that will also be shown. #2917 (@dparker1005) +* BUG FIX: Fixed a fatal error caused by plugin conflicts with plugins triggering the `current_screen` action before `add_meta_box()` is defined. #2911 (@dparker1005) +* BUG FIX: Fixed a plugin conflict that may cause the "Require Membership" metabox not to show when editing a post. #2911 (@dparker1005) +* BUG FIX: Fixed an issue where the "Add New Level" button on the levels settings page would not work. #2905 (@dparker1005) +* BUG FIX: Fixed an issue where the expired/cancelled date would not show in the members list when filtering by old members. #2908 (@dparker1005) +* BUG FIX: Fixed an issue where the "Edit Member" link on the edit user page was visible to everyone. #2903 (@dparker1005) +* BUG FIX: Fixed an issue where custom code using the `pmpro_account_membership_expiration_text` filter would no longer run. #2906 (@dparker1005) +* BUG FIX: Fixed an issue where custom code passing an array of statuses to `pmpro_next_payment()` would no longer work. #2904 (@dparker1005) +* BUG FIX: Fixed an issue where discount codes could not be applied when using an outdated checkout page template. #2921 (@dparker1005) +* BUG FIX: Fixed a PHP warning when creating a new membership level. (@dparker1005) +* BUG FIX: Fixed a PHP warning when passing NULL to `pmpro_no_quotes()`. #2909 (@ipokkel) +* BUG FIX: Fixed a PHP warning when passing NULL as a value to `pmpro_setOption()`. #2915 (@dparker1005) +* BUG FIX: Fixed a PHP warning when saving a restricted post in the block editor. #2919 (@dparker1005) +* BUG FIX: Fixed the formatting of the "Status" column of the Stripe webhook checker. #2918 (@dparker1005) +* REFACTOR: Changed uses of `pmpro_getOption()` to `get_option()`. #2914 (@dparker1005) + = 3.0 - 2024-03-25 = * FEATURE: Now tracking payment subscriptions using a new subscriptions table. (@dparker1005) * FEATURE: The Multiple Memberships Per User Add On has been merged into the core PMPro plugin. #2250 (@dparker1005) diff --git a/paid-memberships-pro.php b/paid-memberships-pro.php index 9acf99e37..a9d3ee90c 100644 --- a/paid-memberships-pro.php +++ b/paid-memberships-pro.php @@ -3,7 +3,7 @@ * Plugin Name: Paid Memberships Pro * Plugin URI: https://www.paidmembershipspro.com * Description: The most complete member management and membership subscriptions plugin for WordPress. - * Version: 3.0 + * Version: 3.0.1 * Author: Paid Memberships Pro * Author URI: https://www.paidmembershipspro.com * Text Domain: paid-memberships-pro @@ -16,7 +16,7 @@ */ // version constant -define( 'PMPRO_VERSION', '3.0' ); +define( 'PMPRO_VERSION', '3.0.1' ); define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() ); define( 'PMPRO_MIN_PHP_VERSION', '5.6' ); diff --git a/readme.txt b/readme.txt index 6519174c8..5aa99d28c 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Tags: memberships, member, community, user profile, user registration, members, Requires at least: 5.2 Tested up to: 6.5 Requires PHP: 5.6 -Stable tag: 3.0 +Stable tag: 3.0.1 Build a membership site that grows with you: user registration, member profiles, 28 protected content types, free or paid subscriptions. @@ -214,6 +214,26 @@ Not sure? You can find out by doing a bit a research. 10. Advanced settings for updating non-member messages, optionally show excerpts or filter content, use reCAPTCHA, and a Terms of Service checkbox. == Changelog == += 3.0.1 - 2024-03-27 = +* ENHANCEMENT: Improved the admin UI on mobile devices. #2913 (@kimcoleman) +* ENHANCEMENT: Now hiding save messages when switching tabs on the edit member page. #2910 (@dparker1005) +* ENHANCEMENT: The "Generate pages" checkbox in the setup wizard is now checked by default. #2916 (@dparker1005) +* BUG FIX/ENHANCEMENT: Now only showing membership groups on the levels page if the group contains levels that will also be shown. #2917 (@dparker1005) +* BUG FIX: Fixed a fatal error caused by plugin conflicts with plugins triggering the `current_screen` action before `add_meta_box()` is defined. #2911 (@dparker1005) +* BUG FIX: Fixed a plugin conflict that may cause the "Require Membership" metabox not to show when editing a post. #2911 (@dparker1005) +* BUG FIX: Fixed an issue where the "Add New Level" button on the levels settings page would not work. #2905 (@dparker1005) +* BUG FIX: Fixed an issue where the expired/cancelled date would not show in the members list when filtering by old members. #2908 (@dparker1005) +* BUG FIX: Fixed an issue where the "Edit Member" link on the edit user page was visible to everyone. #2903 (@dparker1005) +* BUG FIX: Fixed an issue where custom code using the `pmpro_account_membership_expiration_text` filter would no longer run. #2906 (@dparker1005) +* BUG FIX: Fixed an issue where custom code passing an array of statuses to `pmpro_next_payment()` would no longer work. #2904 (@dparker1005) +* BUG FIX: Fixed an issue where discount codes could not be applied when using an outdated checkout page template. #2921 (@dparker1005) +* BUG FIX: Fixed a PHP warning when creating a new membership level. (@dparker1005) +* BUG FIX: Fixed a PHP warning when passing NULL to `pmpro_no_quotes()`. #2909 (@ipokkel) +* BUG FIX: Fixed a PHP warning when passing NULL as a value to `pmpro_setOption()`. #2915 (@dparker1005) +* BUG FIX: Fixed a PHP warning when saving a restricted post in the block editor. #2919 (@dparker1005) +* BUG FIX: Fixed the formatting of the "Status" column of the Stripe webhook checker. #2918 (@dparker1005) +* REFACTOR: Changed uses of `pmpro_getOption()` to `get_option()`. #2914 (@dparker1005) + = 3.0 - 2024-03-25 = * FEATURE: Now tracking payment subscriptions using a new subscriptions table. (@dparker1005) * FEATURE: The Multiple Memberships Per User Add On has been merged into the core PMPro plugin. #2250 (@dparker1005) @@ -715,350 +735,6 @@ BUG FIX: Fixed issue where the billing zipcode was not pulled from user meta cor * BUG FIX: Now using a single product per level and a single Stripe price per payment amount to prevent duplicate products and prices. #1824 (@dparker1005) * REFACTOR: Organized and simplified Stripe gateway class. (@dparker1005) -= 2.6.7 - 2022-01-06 = -* SECURITY: Updated escaping in the pmpro_getLevelAtCheckout and pmpro_checkDiscountCode functions as extra precaution against SQL injections. (Thanks, WPScan) - -= 2.6.6 - 2021-11-18 = -* SECURITY: Updated escaping on the discount codes page in the dashboard to prevent XSS attacks. #1867 (Thanks, Erwan from WPScan) -* BUG FIX/ENHANCEMENT: Added code to remove duplicate active rows in the pmpro_memberships_users table after level change. This might have happened e.g. if users were purchasing a level via the WooCommerce Add On multiple times. #1860 (@dparker1005) -* BUG FIX/ENHANCEMENT: Improved the REST API endpoints to better support Zapier native requirements. #1862 (@andrewlimaza) -* BUG FIX: Fixed PHP notices in the name parser library. #1861 (@sc0ttkclark) - -= 2.6.5 - 2021-11-12 = -* ENHANCEMENT: Introduced new action `pmpro_before_commit_express_checkout` to allow additional changes after an order has been saved but before sending customer to PayPal Express checkout. #1852 (@mircobabini) -* BUG FIX/ENHANCEMENT: Added login compatibility for Jetpack WordPress.com SSO when using the PMPro login page. #1848 (@sc0ttkclark) -* BUG FIX: Fixed PHP notices from status headers when server protocol information is unavailable. #1849 (@dparker1005) -* BUG FIX: Fixed metadata compatibility for membership levels and orders when calling `get_pmpro_membership_level_meta()` and `get_pmpro_membership_order_meta()` so they support getting all meta values for all keys. #1853 (@mircobabini) -* BUG FIX: Escape all Webhook communication debug output coming from gateways. #1855 (@ideadude, Victor Garcia) - -= 2.6.4 - 2021-11-02 = -* ENHANCEMENT: Now including some information from the htaccess file in Site Health, including whether a getfile.php script is defined or if caching is being used. (@sc0ttkclark) -* ENHANCEMENT: Now including some of the PMPro-related PHP constants in the Site Health. (@sc0ttkclark) -* ENHNACEMENT: Now including the minimum PHP version (5.6 currently) in the readme.txt so it's shared on the WordPress.org page. (@sc0ttkclark) -* ENHANCEMENT: Added scrollable classes to the member history shown on user profile edit page in the dashboard. (@kimcoleman) -* BUG FIX/ENHANCEMENT: Now sending a 200 OK status message early when the Stripe webhook is running to avoid timeout issues. We may use this new pmpro_send_200_http_response in the other webhook/IPN handlers later on. (@dparker1005) -* BUG FIX/EHNANCEMENT: Removed the "fee" info from the edit user page. This was often misleading. The fee is still shown on the members list and frontend account page. Future updates will include work to make sure the fee is more accurate in cases where subscriptions or levels are being changed by admins after checkout. (@ideadude) -* BUG FIX/ENHANCEMENT: Once again enqueuing the admin.css file on all WP admin pages. This fixes issues where styles weren't being applied to the edit user/profile page in the dashboard. (@ideadude) -* BUG FIX/ENHANCEMENT: Removed the "Member Value Report". We didn't intend to move this over from the old Member History add on. The report was inaccurate and had optimization issues. (@kimcoleman) -* BUG FIX/ENHANCEMENT: Added login compatibility for wordpress.com hosted sites. This fixes some issues with wordpress.com's SSO when using the PMPro login page. (@sc0ttkclark) -* BUG FIX: Fixed issue introduced in 2.6.3 where memberships were not being cancelled when cancelled at PayPal. (@mircobabini) -* BUG FIX: Now including time when calculating profile start date. In the past, we would set it to 00:00:00 which could add or remove a few hours from the subscription. (@dparker1005) -* BUG FIX: Fixed issue where enddates were incorrectly set sometimes when expiration period was "Hour". (@kimwhite) - -= 2.6.3 - 2021-10-11 = -* ENHANCEMENT: Now passing "app" information to Stripe through API calls. (@dparker1005) -* ENHANCEMENT: Updated PayPal IPN to detect messages for refunds to at least log it. (@mircobabini) -* ENHANCEMENT: Updated PayPal IPN to differentiate between cases where the initial payment failed vs a subscription was cancelled. (@mircobabini) -* ENHANCEMENT: Better styling of the membership levels history when empty. (@mircobabini) -* BUG FIX/ENHANCEMENT: Now showing better error messages when license key checks fail due to connection issues. (@ideadude) -* BUG FIX: Improved PayPal API integration to handle cases where PayPal is returning encoding errors but still processing payments and subscriptions. (@mircobabini) -* BUG FIX: Fixed issue where the Stripe sandbox key wasn't saved properly when using Stripe connect. (@dparker1005) -* BUG FIX: Fixed issue where a double $$ was showing up in specific emails. (@andrewlimaza) -* BUG FIX: Fixed warnings in various webhook and IPN handlers. (@ideadude) -* BUG FIX: Fixed warning in the admin activity email cron job. (@andrewlimaza) - -= 2.6.2 - 2021-09-17 = -* ENHANCEMENT: Made username the first column in the members list. This helps with the mobile view. #1764 (@dparker1005) -* BUG FIX/ENHANCEMENT: Will now block uninstall.php from running if an older version of PMPro is deleted from the plugins page. #1773 (@mircobabini) -* BUG FIX/ENAHCEMENT: Expanded the allowed HTML for pmpro_kses to support email templates and added a pmpro_kses filter. #1770 (@sc0ttkclark) -* BUG FIX/ENHANCEMENT: Updated the CSS for "clickable" labels in checkbox lists. #1752 (@kimcoleman) -* BUG FIX: Fixed bug with sending test emails from the email templates page. #1765 (@ideadude) -* BUG FIX: Added the !!membership_level_confirmation_message!! var to the list on the email tempaltes page. #1783 (@kimwhite) -* BUG FIX: Updated the SendWP link per their new dashboard area. #1777 (@kimcoleman) -* BUG FIX: Fixed bug where PMPro-related usermeta was sometimes blanked out if those fields weren't present at checkout, e.g. when a logged in user was checking out. #1762 (@andrewlimaza) -* BUG FIX: Fixed issue where gateway-related notices weren't showing up on the discount codes page. #1757 (@mircobabini) -* BUG FIX: Fixed some design issues with the member history tables. #1753 (@mircobabini) -* BUG FIX: Fixed issues where the option to block subscribers from the dashboard would interfere with other plugins, e.g. the MailPoet plugin. #1749 (@sc0ttkclark) -* BUG FIX: Fixed issues where the RTL stylesheets might not load if your theme overrode frontend.css or admin.css but didn't have the RTL equivalents. (@ideadude, @sc0ttkclark) - -= 2.6.1.1 - 2021-08-25 = -* BUG FIX: Fixed issue with PMPro blocks not showing up in the block editor. -* REFACTOR: Some JS functions and element IDs and names have been prefixed with pmpro_ to avoid conflicts. - -= 2.6.1 - 2021-08-24 = -* SECURITY: Added capability checks to further tighten security around email template settings. (@ideadude, @sc0ttkclark) -* SECURITY: Added a pmpro_kses function and using that to sanitize email template bodies and all email bodies before sending. (@ideadude, @sc0ttkclark) -* ENHANCEMENT: Added Email Templates link to PMPro Dashboard for getting started. #1722 (@kimcoleman) -* ENHANCEMENT: All actions in the admin list tables are now filterable for Discount Codes (`pmpro_discountcodes_row_actions`), Membership Levels (`pmpro_membershiplevels_row_actions`), and Orders (`pmpro_orders_user_row_actions`). #1686 (@sc0ttkclark, @mircobabini) -* BUG FIX: Ensure our admin scripts/styles only load on PMPro admin pages. #1724 (@sc0ttkclark) -* BUG FIX: Remove unused code in `pmpro_comments_filter()` that was triggering a PHP warning. #1730 (@freax) -* BUG FIX: Stop turning on autoloading for PMPro options when saving them. #1719 (@freax) -* BUG FIX: Prevent fatal error for PHP 8 in `pmpro_email_templates_email_data()` to strictly check for `WP_User` objects. #1729 (@ZebulanStanphill) -* BUG FIX: Fix problem where `pmpro_round_price()` would not take into account currencies with decimals set to 0. #1732 (@dparker1005, @ipokkel, @sc0ttkclark) -* BUG FIX: Clarify that Stripe Legacy keys remain connected and will continue to work. #1735 (@dparker1005, @sc0ttkclark) - -= 2.6 - 2021-08-12 = -* FEATURE: Updated Stripe integration to use Stripe Connect. See [Gateway Fees](https://www.paidmembershipspro.com/gateway/stripe/#tab-fees) for information about transaction fees for Stripe Connect and our platform fee for those without an active Plus/Unlimited license. -* FEATURE: Improved REST API endpoints to support Zapier integration natively. -* FEATURE: You can now set levels to expire after a certain number of hours, and can set users to expire at a specific time down to the minute. -* FEATURE: The Member History Add On has been merged into the core PMPro plugin. A table of the user's membership and order history is shown on the edit user page of the admin dashboard. -* FEATURE: The Email Templates Add On has been merged into the core PMPro plugin. You can edit PMPro-related email templates from the Memberships -> Settings -> Email Templates page in the admin dashboard. -* FEATURE: You can now use PMPro blocks in the new widget area of WP 5.8. -* BUG FIX/ENHANCEMENT: Establishing style for scrollable boxes throughout core plugin. -* BUG FIX/ENHANCEMENT: Using HTTPS to set the pmpro_visit cookie if over HTTPS. (Thanks, freax on GitHub) -* BUG FIX: Fixed fatal error in PHP 8 when deleting a Stripe webhook. (Thanks, Zebulan Stanphill) -* BUG FIX: Fixed warnings shown on the widget page when using WP 5.8+. - -= 2.5.10.2 - 2021-08-02 = -* ENHANCEMENT: New scripts to use WP CLI to update pot and po/mo files. -* BUG FIX/ENHANCEMENT: Updated cancellation logic to support upcoming Cancel on Next Payment Date Add On changes. -* BUG FIX/ENHANCEMENT: Making sure to use the correct security setting when calling setcookie from an HTTPS site. (Thanks, freax on GitHub) -* BUG FIX: Now archiving Stripe products after checkout. We create a unique product for each checkout, and these would clutter up the Stripe reports. -* BUG FIX: Fixing data erasure and data export request action for login page. -* BUG FIX: Fixed issue where PMPro settings on Elementor elements could override the "should_render" setting incorrectly. (Thanks, codezz on GitHub) -* BUG FIX: Now catching the case where you try to email an invoice for an order that has no user. - -= 2.5.10.1 - 2021-07-05 = -* BUG FIX/ENHANCEMENT: The 'Edit Code: %s' string on the discount codes page is now wrapped for translation. -* BUG FIX: Fixed issue with the getfile.php script introduced in 2.5.10. - -= 2.5.10 - 2021-06-25 = -* SECURITY: Fixed XSS vulnerability on the edit order page in the dashboard. (Thanks, Scott Kingsley Clark) -* ENHANCEMENT: Improved escaping and localization for the message returned when clicking to apply discount code. -* ENHANCEMENT: Now hiding gateway setting API keys behind asterisks. -* ENHANCEMENT: Added some extra hooks to the edit membership levels page in the dashboard: pmpro_membership_level_after_billing_details_settings, pmpro_membership_level_after_other_settings, pmpro_membership_level_after_content_settings. -* ENHANCEMENT: Added a pmpro_after_order_settings_table hook to the edit order page in the dashboard. -* BUG FIX/ENHANCEMENT: Now passing a CARDONFILE parameter with PayPal Payflow payment and subscription transactions. -* BUG FIX/ENHANCEMENT: Using the wp.passwordStrength.userInputDisallowedList function from WP 4.5 if available. -* BUG FIX/EHNANCEMENT: Now making sure that the pmpro_update_order and pmpro_updated_order hooks fire whenever an order is updated in the DB. -* BUG FIX: Fixed issue in getfile script where parameters in the URL would cause File not found errors. -* BUG FIX: Fixed how the PayPal IPN handler handles cases where a subscription is set up correctly but the initial payment failed. We now correctly cancel these users and mark their order as error. -* BUG FIX: Improved error handling in the PayPal Express integration, particularly when a subscriptions PROFILESTATUS is missing. -* BUG FIX: User registered date is now shown in local time. -* BUG FIX: Fixed issue where the deprecated pmpro_getClassForField function wasn't returning a value properly. (Thanks, Elena Draculet) -* BUG FIX: Updated the pmpro_sort_levels_by_order function to use level IDs for keys, since some code expects that for level arrays. This matches the behavior we had before introducing this function. -* BUG FIX: Updated the pmpro_changeMembershipLevel function always set the order status to error if that was passed in as the "old level status". -* BUG FIX: Fixed warning in searches/pages when PMPro pages is not set. -* BUG FIX: Fixed warnings being generated when using PHP 8 and Divi -* BUG FIX: Fixed warnings related to PayPal Express session variables. - -= 2.5.9.1 - 2021-05-12 = -* BUG FIX/ENHANCEMENT: Updated pmpro_changeMembershipLevel() to return null if the user's level is not changed. For the past 2 vesions, we've been returning true in these cases, which caused PMPro to send emails to the admin when the edit use page was saved, even if there was no level change. This change has been backported to versions 2.5.8 and 2.5.9. - -= 2.5.9 - 2021-05-05 = -* ENHANCEMENT: Adjusting style for prices and price parts shown on the frontend. -* ENHANCEMENT: Adjusting HTML for links in the Orders table in the dashboard. -* BUG FIX: Reverted the change to the pmpro_is_checkout() function. Since we default to the first available level, calling pmpro_getLevelForCheckout() was causing pmpro_is_checkout to return true on ALL pages. This disrupted a lot of functionality. -* BUG FIX: Fixed warnings in the pmpro_getLevelAtCheckout() function. -* BUG FIX: Fixed issue where "All Time Sales" was showing up as 0, even when there were sales. - -= 2.5.8 - 2021-04-30 = -* ENHANCEMENT: Added `pmpro_membership_content_filter` filter to let other plugins change how PMPro filters member content. -* ENHANCEMENT: Improved de_DE email template translation. (Thanks, biker238 on GitHub) -* ENHANCEMENT: Added `pmpro_change_level` filter. -* ENHANCEMENT: Improved display of prices on invoices and added pmpro_display_price_parts function and filters so plugins like the upcoming AvaTax add on can add subtotals to the price displays. -* ENHANCEMENT: Added a pmpro_after_all_membesrhip_level_changes hook that fires at the end of the page load and can be used to process all membership changes in bulk. -* ENHANCEMENT: The "User" column on the orders page now shows the username and email. -* ENHANCEMENT: Added a pmpro_stripe_create_subscription_array filter. (Thanks, ermGit on GitHub) -* BUG FIX/ENHANCEMENT: pmpro_change_level returns true now if the function is called to change a user’s level to one they already have. -* BUG FIX/ENHANCEMENT: No longer calling $order->updateTimestamp() on orders adminpage. -* BUG FIX/ENHANCEMENT: Updated conditional to check ‘street’ instead of ‘name’ when displaying billing address on Invoice/Confirmation. -* BUG FIX/ENHANCEMENT: Improved localization and added missing strings to translation. -* BUG FIX/ENHANCEMENT: Updated to use `get_user_locale1 to load localization. -* BUG FIX/ENHANCEMENT: Now Preserving existing values for `post__not_in` and `category__not_in` when filtering search and archive queries. -* BUG FIX/ENHANCEMENT: Fixed sorting of the Membership Level column on the Users List table in the WP admin dashboard. -* BUG FIX/ENHANCEMENT: Added a pmpro_sort_levels_by_order function and using it in various places to make sure levels are listed in the order they are in on the PMPro settings page. -* BUG FIX/ENHANCEMENT: Added an extra check in the pmpro_is_checkout function that helps with issues that were coming up in some add ons. -* BUG FIX/ENHANCEMENT: The level cache now takes into account the $include_active parameter. -* BUG FIX/ENHANCEMENT: The CSS class is now properly added to the body tag when a PMPro page block is used on a page. -* BUG FIX/EHNANCEMENT: Better timezone handling in sales reports. -* BUG FIX/ENHANCEMENT: Fixed a few places where we might think a free order was paid if using a currency with more or less than 2 decimal places. -* BUG FIX: Fixed deprecated jQuery functions in pmpro-admin.js. -* BUG FIX: Fixed warning for a missing/deleted level in the pmpro_post_classes function. -* BUG FIX: Default `pmpro_longform_address` to true on Billing Information page. -* BUG FIX: Fixed `pmpro_twocheckout_validate` filter. -* BUG FIX: Fixed variables passed to the `pmpro_discount_code_used` filter. -* BUG FIX: CZK currency should have 2 decimals. -* BUG FIX: Avoiding a redirect loop if the login page is deleted. (Thanks, George Stephanis) -* BUG FIX: Fixed the password reset link in new user notification email when not using pretty permalinks. -* BUG FIX: Fixed issues with password reset URLs on multisite networks. -* BUG FIX: Fixed the issue where sales weren't showing up on report charts sometimes on the 31st of the month. - -= 2.5.7 - 2021-03-10 = -* ENHANCEMENT: Added a pmpro_checkout_message filter that can be used to filter error messages shown at checkout. -* BUG FIX/ENHANCEMENT: Now making sure some billing address fields are available for the billing failure emails sent during the PayPal IPN handler. -* BUG FIX/ENHANCEMENT: Fixed issues where HTML entities were shown in level prices in some places when using certain currencies. All prices are sent through a special pmpro_escape_price function that allows div, span, and sup tags with id and class attributes. Also removed from unneeded small tags and grey coloring of prices in certain spots. -* BUG FIX: Now cancelling membership when a SUBSCRIPTION_CANCELED message is sent to the Braintree webhook handler. In the past, we incorrectly sent the payment failed email instead. -* BUG FIX: Fixed display issues with the Require Membership block. The level select field has been swapped with a list of checkboxes. -* BUG FIX: Fixed warnings that occurred when processing failed payments in webhook and IPN handlers. -* BUG FIX: Fixed our Braintree class so we will only attempt to update a user's credit card and address when the getCustomer method is called at checkout or during a billing update. -* BUG FIX: Fixed issue where refreshing the checkout review page when using PayPal Express caused the associated order to be updated again. Now the order status is updated to review and only updates again when the user confirms. -* BUG FIX: Avoiding warnings when the pmpro_url function is used if the PMPro pages haven't been set up yet. (Thanks, Thomas Sjolshagen) -* REFACTOR: Updated the pmpro_getSpecificMembershipLevelForUser( $user_id, $level_id ) function so both fields are required. Will still default to the current user if null is passed for the $user_id. - -= 2.5.6 - 2021-03-05 = -* SECURITY: Now sanitizing and escaping the `order` parameter when filtering the users table in the dashboard. (Thanks, Gen Sato) -* BUG FIX/ENHANCEMENT: Now hiding the ApplePay/GooglePay "Payment Request" buttons when the main checkout form is submitted. This helps to prevent double checkouts. -* BUG FIX: Fixed missing membership data in the billing failed email. - -= 2.5.5 - 2021-02-22 = -* SECURITY: Better sanitization of parameters on some REST API endpoints. -* SECURITY: Now showing reCAPTCHA field at checkout even for logged in users. -* ENHANCEMENT: Added find_billing_address() method to the MemberOrder class. This will look for the address on the last order with the same sub id or in user meta. -* ENHANCEMENT: Better styling for invoices shown on the frontend. -* ENHANCEMENT: No longer forcing column width % in the members list table. -* ENHANCEMENT: Added a pmpro_doing_webhook action that is fired at the beginning of our webhook/IPN handlers. -* ENHANCEMENT: Added a pmpro_membership_level_after_billing_details_settings hook to the edit membership level page. This hook should now be used to add billing related settings. -* BUG FIX/ENHANCEMENT: Allowing order total to be set to 0, even if there is a subtotal and tax amount. -* BUG FIX/ENHANCEMENT: Stripe checkout fields will now use the language set in the Stripe settings. -* BUG FIX/ENHANCEMENT: The URL check in our notifications code now accepts arrays (e.g. to see if a URL has one of a group of top level domains). This fixes a warning some may have seen in error logs. -* BUG FIX: Fixed issues where totals on PayPal recurring payments were sometimes incorrect if both an mt_gross and amount field were passed via IPN. - -= 2.5.4 - 2021-01-28 = -* ENHANCEMENT: Bump license year 2021 - 10 years. -* ENHANCEMENT: Now passing billing street in `pmpro_tax` filter. -* ENHANCEMENT: Prefixed our pmpro_stripeResponseHandler function to avoid conflicts. -* ENHANCEMENT: Added getRealPaymentTransactionId method to PayPal Express gateway class to recover a missing transaction ID. -* ENHANCEMENT: Added `pmpro_checkout_before_form` action to hook anything before the membership checkout form. -* ENHANCEMENT: Added avatar as a valid field type for the [pmpro_member] shortcode. -* ENHANCEMENT: Changed license key field to text type and unmasked. Masking implied the key was hashed before saving which is not true. -* ENHANCEMENT: Added`pmpro_discount_code_used` action hook for when a discount code is used. -* ENHANCEMENT: Stripe will now pull billing address info for recurring orders from webhooks. -* BUG FIX/ENHANCEMENT: Improved user interface, error handling, and messages in the frontend password reset process. -* BUG FIX/ENHANCEMENT: Added a space between state and zip code in billing info. -* BUG FIX/ENHANCEMENT: Now rounding amount sent with Stripe payment request button. -* BUG FIX/ENHANCEMENT: Improved `pmpro_check_plugin_version` function to also check a specific value of the `get_plugin_data` array. -* BUG FIX/ENHANCEMENT: Added `pmpro_membership_levelmeta` and `pmpro_membership_ordermeta` tables to uninstall process. -* BUG FIX/ENHANCEMENT: Escaped things in SQL queries in 2Checkout INS service handler. -* BUG FIX/ENHANCEMENT: Cleaned up levels page template and added MMPU compatibility. -* BUG FIX/ENHANCEMENT: Fixed pagination and export issues with a discount code filter on the Orders admin page. -* BUG FIX/ENHANCEMENT: Prefixed our `pmpro_stripeResponseHandler` function to avoid conflicts with other Stripe code that may not be prefixed. -* BUG FIX/ENHANCEMENT: Cleaned up conditionals and escaping improvements in the `pmpro_redirect_to_logged_in` function. -* BUG FIX/ENHANCEMENT: Fixed deprecation notices for sites running PHP 8. -* BUG FIX/ENHANCEMENT: Improved SQL query format in the applydiscountcode service. -* BUG FIX: Fixed issues with ReCAPTCHA v2 and certain gateways. -* BUG FIX: Fixed bug where blog name was not showing in Admin Activity email. -* BUG FIX: Improved incorrect PHP doc blocks. -* BUG FIX: Fixed an issue on some sites where password reset link in email was incorrect. -* BUG FIX: Fixed level change issues during 2Checkout checkout. -* BUG FIX: Fixed issue where `checkout_levels` REST API endpoint could return the wrong initial payment -* BUG FIX: Fixed undefined notice for timestamp variable in the Stripe gateway class. -* BUG FIX: Avoiding warnings when user ids are in the memberships_users table, but a user doesn't exist. -* BUG FIX: Now setting the correct value for membership_id in the admin change emails. - -= 2.5.3 - 2021-01-26 = -* SECURITY: Fixed indirect object reference vulnerability where order information, including customer names, email addresses, and order numbers could be accessed by non-admin WordPress users. (Thanks, WP Plugins Team) -* SECURITY: Now checking ReCAPTCHA validation before enabling the submit button on the checkout form when using ReCAPTCHA v2. This helps to keep bad actors from testing credit cards on your checkout page. We were already doing a similar check when using ReCAPTCHA v3. Further updates to rate limit credit card failures are planned. - -= 2.5.2 - 2020-10-23 = -* BUG FIX: Fixed issue where the RECAPTCHA library wasn't being loaded early enough to validate at checkout. -* BUG FIX: Fixed issue where code in the Stripe class was unsetting some required fields, even if Stripe was not being used at checkout. - -= 2.5.1 - 2020-10-16 = -* SECURITY: Fixed XSS vulnerability on the Members List page of the dashboard. (Thanks, Ron Masas from Checkmarx.com) -* ENHANCEMENT: Add Ukrainian Hryvnia currency. (Thanks, Mirco Babini) -* ENHANCEMENT: Added a "non-members" option to the Beaver Build module. -* BUG FIX: Fixed issue where only USD and US were allowed with Stripe's GooglePay/ApplePay buttons. -* BUG FIX: Fixed issue where some profile fields, e.g. those added with Register Helper, were accidentally updated or removed when accessing the frontend profile page. -* BUG FIX: Fixed issue with tracking discount code uses when using the 2Checkout gateway. (Thanks, karambk on GitHub) -* BUG FIX: No longer running excerpts through wpautop when a more tag is used. - -= 2.5 - 2020-10-02 = -* FEATURE: When using the Stripe Gateway, you may now allow users to pay using Apple Pay, Google Pay, or Microsoft Pay depending on their browser. Enable this feature from the payment settings page. -* FEATURE: Added Divi Builder compatibility. -* FEATURE: Updated the Braintree Gateway class to be able to use the Braintree API for the pmpro_next_payment() function. Note, for performance reasons, you must call this method directly or enable it by hooking it up with code like `add_filter('pmpro_next_payment', array('PMProGateway_braintree', 'pmpro_next_payment'), 10, 3);` -* FEATURE: Added ordermeta tables and functions. We will wait about a year for all users to upgrade before using these widespread. (Thanks, Mirco Babini) -* ENHANCEMENT: The "short" version of the level cost text for a free level is now "Free" instead of "0.00 now". -* ENHANCEMENT: Added a `get_original_subscription_order` method to the MemberOrder class. This will return the first order in a subscription when called from a recurring order. -* ENHANCEMENT: Removed the old style license nags. -* BUG FIX/ENHANCEMENT: Using microtime and a static counter int to make sure our order and discount codes are unique. In the past very high traffic sites could run into duplicates if two checkouts happened at the exact same second. -* BUG FIX/ENHANCEMENT: Adjust order delete prompt to support other locales. -* BUG FIX/ENHANCEMENT: Better handling of tax amounts in recurring payments, e.g. when using the PMPro VAT Tax add on. -* BUG FIX/ENHANCEMENT: Optimized how often we hit the Stripe API when events on the checkout page could potentially update the price of checkout. -* BUG FIX/ENHANCEMENT: The checkout_levels api call now takes `level` as param. -* BUG FIX/ENHANCEMENT: No longer running sanitize_text_field on password fields. This would break passwords that had strings of characters resembling html tags. -* BUG FIX/ENHANCEMENT: Now warning admins if the Stripe billing period is longer than 1 year. Billing periods greater than 1 year are not allowed by Stripe. -* BUG FIX/ENHANCEMENT: Now detecting when a Stripe webhook is set up for an older version of the Stripe API and showing a notice with a link to update. -* BUG FIX/ENHANCEMENT: Adding MAXFAILEDPAYMENTS=1 to PayPal add subscription requests. This tells PayPal to cancel a subscription after the first failed payment. In our experience, the automatic retries rarely worked well. This change fixes issues with subscriptions going out of sync or users retaining access to your site when their payment has failed. Members still receive the payment failed email, which prompts users to return to the site to renew. -* BUG FIX/ENHANCEMENT: Fixing some issues where we are adding extra break tags into the password reset email. There are still some issues like this when using certain plugins. We are working on a general fix. -* BUG FIX/ENHANCEMENT: Removed the "coupon amount" field from the edit order page. These were hold outs from the 2007! ecommerce plugin PMPro was forked from. You can set the pmpro_orders_show_coupon_amounts filter to __return_true to show these fields again if you were using them for tracking things in your custom code. -* BUG FIX: Fixed MMPU compatibility when using discount codes. -* BUG FIX: No longer filtering the wp login url when on wp-login.php. This fixes issues with iThemes Security 2FA. -* BUG FIX: Fixed issues where the Stripe webhook was not being updated sometimes when clicking the button to update. -* BUG FIX: Fixed some notices and warnings when using Braintree. -* BUG FIX: Now resetting memberslist page number when changing shown level. -* BUG FIX: Now ensuring that the discount code field updates, update the Request Button price. -* BUG FIX: Fixed issue where non-pretty permalinks may break frontend password resets. -* BUG FIX: Fixed invoice links on the account page. (Thanks, Mateusz Hołtyn) -* BUG FIX: Fixed incorrect label "for" attribute for uninstall setting. -* BUG FIX: Fixed issue where some free plugins distributed by PMPro would show warnings about requiring a Plus license. - -= 2.4.4 - 2020-09-02 = -* BUG FIX: Fixed fatal error that sometimes occurred on the payment settings page when using PHP 5.6 or earlier. -* BUG FIX: Fixed fatal errors that showed up on the frontend invoice page. -* BUG FIX: Fixed issue where the confirmation message was not showing up in the confirmation email if that option was checked. -* ENHANCEMENT: Added a pmpro_stripe_charge_params filter that can be used to edit or add params sent to the Stripe create charge method. (Thanks, Michael Bester) -* ENHANCEMENT: Tweaked the markup of the invoice page so the payment type information looks a little better. - -= 2.4.3 - 2020-08-25 -* SECURITY: Fixed a cross-site scripting vulnerability in the code that updates the Required Membership settings on a post. This vulnerability could have been used in conjunction with other security vulnerabilities to trick an admin into editing the membership settings for a page, potentially exposing members only content to non-members. It is unlikely that there was any active exploitation of this vulnerability. This issue may also have shown up as a bug on some sites using page builders, where the membership settings for a post would be cleared out when editing a post. (Thanks to the wp.org plugin review team for catching this issue.) -* SECURITY: Better escaping of variables shown in the Require Membership meta box and related SQL queries. -* BUG FIX/ENHANCEMENT: Renamed the Vietnamese language files to match what is expected. - -= 2.4.2 - 2020-08-24 -* SECURITY: Updated the PMPro REST API endpoints accessed via the GET method to also require appropriate capabilities to access. The membership confirmation text will be hidden from non-members and non-admins. The endpoints to check a user's level or access to a post require the pmpro_edit_memberships capability now. You should make sure your API users have the appropriate capabilities to use the API. You can use the pmpro_rest_api_route_capabilities filter and/or pmpro_rest_api_permissions filter to change this behavior. -* BUG FIX: Fixed issues with the PMPro REST API endpoints, including the discount code and checkout level endpoints. -* BUG FIX: Fixed issue with backslashes in the display name when editing form the PMPro frontend profile page. -* BUG FIX: Fixed issue where timestamps were showing up incorrectly for recent orders shown on the dashboard page. -BUG FIX: Fixed issue where PMPro would always try to add capabilities to the administrator role, even if you removed that role for some reason. -* ENHANCEMENT: Added a pmpro_get_no_access_message() function, which can be used to show the no access messages. -* ENHANCEMENT: Added a "show_noaccess" property to the membership shortcode. When set, it will show the noaccess message to users who don't have the levels specified. -* ENHANCEMENT: Added a pmpro_user_profile_update_errors hook, which can be used to show errors on the PMPro frontend profile page. -* ENHANCEMENT: The pmpro_set_capabilities_for_role() function now returns true or false if the caps were added in case others want to use this function and tell if it worked. -* ENHANCEMENT: You can now include links in the description of the fields you add to the PMPro advanced settings page via the pmpro_custom_advanced_settings filter. -* ENHANCEMENT: Updated the PayPal gateways to use the latest versions of the PayPal buttons. -* ENHANCEMENT: Fixed styling of the PMPro update script notice. -* ENHANCEMENT: Added the pmpro_account_membership_expiration_text filter to the expiration dates shown on the cancel page when using MMPU. - -= 2.4.1 - 2020-08-10 = -* BUG FIX: Fixed issues with password resets on WP Engine hosting due to security features added by their mu-plugin. -* BUG FIX: Fixed issue where end dates were showing up incorrectly in the confirmation email sometimes. -* BUG FIX: Fixed issue where renewing memberships were extended one day less than they should have been in some cases. -* BUG FIX: Fixed issue where users without a PMPro Plus license were sometimes not getting an error when trying to update a Plus Add On. -* BUG FIX/ENHANCEMENT: Added compatibility for core auto-updates for our Add Ons which aren't hosted in the .org repository. -* BUG FIX/ENHANCEMENT: Fixed issue where PHP sessions were set up to track ReCAPTCHA even if you weren't using ReCAPTCHA. ReCAPTCHA is now only loaded on the checkout page. Loading sessions unecessarily would break some Varnish cache setups. -* BUG FIX/ENHANCEMENT: Updated the single invoice/order page. No longer showing the end date, which isn't really related to the order. Showing a better status related to the order now. -* BUG FIX/ENHANCEMENT: Fixed some links to the PMPro site in the plugin admin area. -* BUG FIX/ENHANCEMENT: Now saving a hash of the Stripe secretkey when saving webhook ids. This allows us to keep track of webhook ids if you switch between gateway environments or swap your Stripe keys for some reason. -* BUG FIX/ENHANCEMENT: No longer running the Terms of Service text through wpautop. This usually just added extra spacing to your TOS. Shortcodes are rendered now though. Added a filter pmpro_tos_content so you can change the TOS content or how it is shown. -* ENHANCEMENT: Added a checkout_levels API endpoint. This will allow us to build features that adjust the price on the frontend at checkout. -* ENHANCEMENT: Added a pmpro_member_profile_edit_form_tag action to the form tag on the frontend member profile page. This is useful to set the form enctype for file uploads. -* ENHANCEMENT: Added Romanian Leu as a currency option. -* ENHANCEMENT: Added the pmpro_stripe_payment_intent_params filter. Useful if you would like to set a specific statement descriptor for the site. See https://gist.github.com/ideadude/16983fdfa0da12fc40ef36d870f4cbd0 -* REFACTOR: Removed some unused methods from the Stripe class. -* REFACTOR: Removed the help pointer about the menu location change. - -= 2.4 - 2020-07-24 = -* FEATURE: Now detecting if the Stripe webhook is set up correctly. You can now create or disable the webhook from the payment settings page in the WP admin dashboard. -* FEATURE: Added a link to use and set up SendWP for more reliable email sending from WP. -* BUG FIX: Fixed further issues with dates and timezones. -* BUG FIX: Fixed issue where reports would cause white screens on some server set ups. We had some report start dates set to 1960, which caused issues. (Thanks, Sam "gausam" on GitHub) -* BUG FIX: Fixed issue with the query to find expiring memberships that happened on certain MySQL setups. -* BUG FIX: Fixed issue that was caused if other code called wp_login_url() too early. -* BUG FIX: Fixed an error in the is_login_page() function. -* BUG FIX: Fixed a fatal error that was happening in PHP 5.2 or earlier due to code syntax that was not supported then. We noticed a few other cases as well, but decided we won't support PHP 5.2 consistent with WP and other plugins. -* BUG FIX: Fixed the URL used when using 2Checkout in sandbox mode. -* BUG FIX: Fixed JavaScript errors that would occur sometimes on the Billing Update page when using the Stripe gateway. -* BUG FIX: Fixed issue where the dummy $0 orders created when using the "Stripe Updates" feature weren't saving with the updated subscription_transaction_id. This would prevent future payments from being linked to that user and could prevent subscriptions cancellations from being synchronized. When updating to PMPro 2.4, an update script will run to try to restore these subscription_transaction_id values. However, any recurring orders that occured when the id was missing will not be added to PMPro. You will have to update them manually. -* BUG FIX: Fixed JavaScript error on the edit discount code page. -* BUG FIX/ENHANCEMENT: Showing expiration date as text when it is set as a readonly field. (Thanks, Rodmar "rodmarzavala" on GitHub) -* BUG FIX/ENHANCEMENT: Now checking if headers were already sent before trying to start the PHP session. If headers are sent before PMPro tries to start the session, there is usually another error somewhere on the WP site that needs to be fixed. But at least we aren't adding to the confusion by trying to start the session late causing another error in the log. -* BUG FIX/ENHANCEMENT: Updated misleading hint for the PayPal Express IPN URL on the payment settings page. -* BUG FIX/ENHANCEMENT: Fixed invalid key description in the SQL in includes/setup.sql. The actually query used to set up table in PMPro was correct though. The setup.sql file is included for reference and developers who want to create the tables "manually" in MySQL. -* BUG FIX/ENHANCEMENT: The post type search filter now supports cases where post type set in WPQuery is an array. -* BUG FIX/ENHANCEMENT: Fixed warning that showed when a user with no levels visited the frontend account page. -* BUG FIX/ENHANCEMENT: Fixing warnings that would be logged at checkout in certain cases. -* BUG FIX/ENHANCEMENT: Better handling of cases where users who checked out using a gateway different from the current setting are shown a message that they cannot update their billing information. They should instead checkout again to renew their membership. -* ENHANCEMENT: Updated to use the latest version of the Stripe API and SDK. -* ENHANCEMENT: More detailed logging for Braintree webhook debug emails. -* ENHANCEMENT: Added a getTransactionStatus method to the PayPal and PayPal Express payment gateway classes. (Thanks, Mirco Babini) -* ENHANCEMENT: Added a checkout_level API call. This will be used in the future to update the price total at checking using JS and is also needed to implement support for Google Pay and Apple Pay through Stripe. -* ENHANCEMENT: Cleaned up the email settings page. -* ENHANCEMENT: Better handling of some login and password reset errors. -* ENHANCEMENT: Added links to the PMPro YouTube and Facebook profiles. -* REFACTOR: Cleaned up some code in incldues/content.php, especially around the pmpro_search_filter() function. -* REFACTOR: Removed the package-lock.json file from the repository. - == Upgrade Notice == = 3.0 = The PMPro v3.0 release will make irreversible changes to the structure of your membership site data. Please back up your database before upgrading. For more information, please visit https://www.paidmembershipspro.com/pmpro-update-3-0/.