Paid Memberships Pro - Version 2.0.6

Version Description

2019-05-30 =
SECURITY: Now using wp_safe_redirect when possible, especially in includes/login.php where the user-provided redirect_to URL parameter is used. (Thanks PluginVulnerabilities.com)

Files changed (5) hide show

includes/https.php CHANGED Viewed

	@@ -67,13 +67,13 @@ function pmpro_besecure()
67	if($besecure && (empty($_SERVER['HTTPS']) \|\| $_SERVER['HTTPS'] == "off" \|\| $_SERVER['HTTPS'] == "false"))
68	{
69	//need to be secure
70	- ~~wp_redirect~~("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
71	exit;
72	}
73	elseif(!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false")
74	{
75	//don't need to be secure
76	- ~~wp_redirect~~("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
77	exit;
78	}
79	}
	@@ -139,7 +139,7 @@ function pmpro_admin_https_handler()
139	if(substr(get_option("siteurl"), 0, 5) == "http:" && !force_ssl_admin())
140	{
141	//need to redirect to non https
142	- ~~wp_redirect~~("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
143	exit;
144	}
145	}


67	if($besecure && (empty($_SERVER['HTTPS']) \|\| $_SERVER['HTTPS'] == "off" \|\| $_SERVER['HTTPS'] == "false"))
68	{
69	//need to be secure
70	+ wp_safe_redirect("https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
71	exit;
72	}
73	elseif(!$besecure && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off" && $_SERVER['HTTPS'] != "false")
74	{
75	//don't need to be secure
76	+ wp_safe_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
77	exit;
78	}
79	}

139	if(substr(get_option("siteurl"), 0, 5) == "http:" && !force_ssl_admin())
140	{
141	//need to redirect to non https
142	+ wp_safe_redirect("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
143	exit;
144	}
145	}

includes/login.php CHANGED Viewed

	@@ -161,7 +161,7 @@ function pmpro_redirect_to_logged_in()
161	{
162	if((pmpro_is_login_page() \|\| is_page("login")) && !empty($_REQUEST['redirect_to']) && is_user_logged_in() && (empty($_REQUEST['action']) \|\| $_REQUEST['action'] == 'login') && empty($_REQUEST['reauth']))
163	{
164	- ~~wp_redirect~~($_REQUEST['redirect_to']);
165	exit;
166	}
167	}


161	{
162	if((pmpro_is_login_page() \|\| is_page("login")) && !empty($_REQUEST['redirect_to']) && is_user_logged_in() && (empty($_REQUEST['action']) \|\| $_REQUEST['action'] == 'login') && empty($_REQUEST['reauth']))
163	{
164	+ wp_safe_redirect($_REQUEST['redirect_to']);
165	exit;
166	}
167	}

paid-memberships-pro.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Paid Memberships Pro
4	* Plugin URI: https://www.paidmembershipspro.com
5	* Description: The most complete member management and membership subscriptions plugin for WordPress.
6	- * Version: 2.0.5
7	* Author: Stranger Studios
8	* Author URI: https://www.strangerstudios.com
9	* Text Domain: paid-memberships-pro
	@@ -16,7 +16,7 @@
16	*/
17
18	// version constant
19	- define( 'PMPRO_VERSION', '2.0.5' );
20	define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21	define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22


3	* Plugin Name: Paid Memberships Pro
4	* Plugin URI: https://www.paidmembershipspro.com
5	* Description: The most complete member management and membership subscriptions plugin for WordPress.
6	+ * Version: 2.0.6
7	* Author: Stranger Studios
8	* Author URI: https://www.strangerstudios.com
9	* Text Domain: paid-memberships-pro

16	*/
17
18	// version constant
19	+ define( 'PMPRO_VERSION', '2.0.6' );
20	define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21	define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22

readme.txt CHANGED Viewed

	@@ -2,8 +2,8 @@
2	Contributors: strangerstudios
3	Tags: membership, memberships, member, members, ecommerce, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4	Requires at least: 4
5	- Tested up to: 5.1.1
6	- Stable tag: 2.0.4
7
8	Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
	@@ -129,6 +129,9 @@ Not sure? You can find out by doing a bit a research.
129
130	== Changelog ==
131



132	= 2.0.5 - 2019-04-25 =
133	* BUG FIX: Fixed fatal error on return from 2Checkout.
134	* BUG FIX: Removed error when installing PMPro via WP-CLI.


2	Contributors: strangerstudios
3	Tags: membership, memberships, member, members, ecommerce, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4	Requires at least: 4
5	+ Tested up to: 5.2.1
6	+ Stable tag: 2.0.6
7
8	Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9

129
130	== Changelog ==
131
132	+ = 2.0.6 - 2019-05-30 =
133	+ * SECURITY: Now using wp_safe_redirect when possible, especially in includes/login.php where the user-provided redirect_to URL parameter is used. (Thanks PluginVulnerabilities.com)
134	+
135	= 2.0.5 - 2019-04-25 =
136	* BUG FIX: Fixed fatal error on return from 2Checkout.
137	* BUG FIX: Removed error when installing PMPro via WP-CLI.

services/getfile.php CHANGED Viewed

	@@ -120,12 +120,11 @@
120	else
121	$uri = "http://" . $_SERVER['HTTP_HOST'] . "/" . $uri;
122
123	- ~~wp_redirect~~($uri);
124	exit;
125	}
126
127	//okay show the file
128	header("Content-type: " . $file_mimetype);
129	readfile($filename);
130	- exit;
131	- ?>


120	else
121	$uri = "http://" . $_SERVER['HTTP_HOST'] . "/" . $uri;
122
123	+ wp_safe_redirect($uri);
124	exit;
125	}
126
127	//okay show the file
128	header("Content-type: " . $file_mimetype);
129	readfile($filename);
130	+ exit;