Paid Memberships Pro - Version 2.0.6

Version Description

  • 2019-05-30 =
  • SECURITY: Now using wp_safe_redirect when possible, especially in includes/login.php where the user-provided redirect_to URL parameter is used. (Thanks PluginVulnerabilities.com)
Download this release

Release Info

Developer strangerstudios
Plugin Icon 128x128 Paid Memberships Pro
Version 2.0.6
Comparing to
See all releases

Code changes from version 2.0.5 to 2.0.6

includes/https.php CHANGED
@@ -67,13 +67,13 @@ function pmpro_besecure()
67
if($besecure && (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" || $_SERVER['HTTPS'] == "false"))
68
{
69
//need to be secure
70
- wp_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
71
exit;
72
}
73
elseif(!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false")
74
{
75
//don't need to be secure
76
- wp_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
77
exit;
78
}
79
}
@@ -139,7 +139,7 @@ function pmpro_admin_https_handler()
139
if(substr(get_option("siteurl"), 0, 5) == "http:" && !force_ssl_admin())
140
{
141
//need to redirect to non https
142
- wp_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
143
exit;
144
}
145
}
67
if($besecure && (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" || $_SERVER['HTTPS'] == "false"))
68
{
69
//need to be secure
70
+ wp_safe_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
71
exit;
72
}
73
elseif(!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false")
74
{
75
//don't need to be secure
76
+ wp_safe_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
77
exit;
78
}
79
}
139
if(substr(get_option("siteurl"), 0, 5) == "http:" && !force_ssl_admin())
140
{
141
//need to redirect to non https
142
+ wp_safe_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
143
exit;
144
}
145
}
includes/login.php CHANGED
@@ -161,7 +161,7 @@ function pmpro_redirect_to_logged_in()
161
{
162
if((pmpro_is_login_page() || is_page("login")) && !empty($_REQUEST['redirect_to']) && is_user_logged_in() && (empty($_REQUEST['action']) || $_REQUEST['action'] == 'login') && empty($_REQUEST['reauth']))
163
{
164
- wp_redirect($_REQUEST['redirect_to']);
165
exit;
166
}
167
}
161
{
162
if((pmpro_is_login_page() || is_page("login")) && !empty($_REQUEST['redirect_to']) && is_user_logged_in() && (empty($_REQUEST['action']) || $_REQUEST['action'] == 'login') && empty($_REQUEST['reauth']))
163
{
164
+ wp_safe_redirect($_REQUEST['redirect_to']);
165
exit;
166
}
167
}
paid-memberships-pro.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: Paid Memberships Pro
4
* Plugin URI: https://www.paidmembershipspro.com
5
* Description: The most complete member management and membership subscriptions plugin for WordPress.
6
- * Version: 2.0.5
7
* Author: Stranger Studios
8
* Author URI: https://www.strangerstudios.com
9
* Text Domain: paid-memberships-pro
@@ -16,7 +16,7 @@
16
*/
17
18
// version constant
19
- define( 'PMPRO_VERSION', '2.0.5' );
20
define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21
define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22
3
* Plugin Name: Paid Memberships Pro
4
* Plugin URI: https://www.paidmembershipspro.com
5
* Description: The most complete member management and membership subscriptions plugin for WordPress.
6
+ * Version: 2.0.6
7
* Author: Stranger Studios
8
* Author URI: https://www.strangerstudios.com
9
* Text Domain: paid-memberships-pro
16
*/
17
18
// version constant
19
+ define( 'PMPRO_VERSION', '2.0.6' );
20
define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21
define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22
readme.txt CHANGED
@@ -2,8 +2,8 @@
2
Contributors: strangerstudios
3
Tags: membership, memberships, member, members, ecommerce, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4
Requires at least: 4
5
- Tested up to: 5.1.1
6
- Stable tag: 2.0.4
7
8
Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
@@ -129,6 +129,9 @@ Not sure? You can find out by doing a bit a research.
129
130
== Changelog ==
131
132
= 2.0.5 - 2019-04-25 =
133
* BUG FIX: Fixed fatal error on return from 2Checkout.
134
* BUG FIX: Removed error when installing PMPro via WP-CLI.
2
Contributors: strangerstudios
3
Tags: membership, memberships, member, members, ecommerce, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4
Requires at least: 4
5
+ Tested up to: 5.2.1
6
+ Stable tag: 2.0.6
7
8
Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
129
130
== Changelog ==
131
132
+ = 2.0.6 - 2019-05-30 =
133
+ * SECURITY: Now using wp_safe_redirect when possible, especially in includes/login.php where the user-provided redirect_to URL parameter is used. (Thanks PluginVulnerabilities.com)
134
+
135
= 2.0.5 - 2019-04-25 =
136
* BUG FIX: Fixed fatal error on return from 2Checkout.
137
* BUG FIX: Removed error when installing PMPro via WP-CLI.
services/getfile.php CHANGED
@@ -120,12 +120,11 @@
120
else
121
$uri = "http://" . $_SERVER['HTTP_HOST'] . "/" . $uri;
122
123
- wp_redirect($uri);
124
exit;
125
}
126
127
//okay show the file
128
header("Content-type: " . $file_mimetype);
129
readfile($filename);
130
- exit;
131
- ?>
120
else
121
$uri = "http://" . $_SERVER['HTTP_HOST'] . "/" . $uri;
122
123
+ wp_safe_redirect($uri);
124
exit;
125
}
126
127
//okay show the file
128
header("Content-type: " . $file_mimetype);
129
readfile($filename);
130
+ exit;