Paid Memberships Pro - Version 2.5.6

Version Description

  • 2021-03-05 =
  • SECURITY: Now sanitizing and escaping the order parameter when filtering the users table in the dashboard. (Thanks, Gen Sato)
  • BUG FIX/ENHANCEMENT: Now hiding the ApplePay/GooglePay "Payment Request" buttons when the main checkout form is submitted. This helps to prevent double checkouts.
  • BUG FIX: Fixed missing membership data in the billing failed email.
Download this release

Release Info

Developer strangerstudios
Plugin Icon 128x128 Paid Memberships Pro
Version 2.5.6
Comparing to
See all releases

Code changes from version 2.5.5 to 2.5.6

Files changed (6) hide show
  1. CHANGELOG.txt +5 -0
  2. classes/class.pmproemail.php +7 -4
  3. includes/init.php +8 -5
  4. js/pmpro-stripe.js +10 -0
  5. paid-memberships-pro.php +2 -2
  6. readme.txt +6 -1
CHANGELOG.txt CHANGED
@@ -1,4 +1,9 @@
1
  == Changelog ==
 
 
 
 
 
2
  = 2.5.5 - 2021-02-22 =
3
  * SECURITY: Better sanitization of parameters on some REST API endpoints.
4
  * SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.
1
  == Changelog ==
2
+ = 2.5.6 - 2021-03-05 =
3
+ * SECURITY: Now sanitizing and escaping the `order` parameter when filtering the users table in the dashboard. (Thanks, Gen Sato)
4
+ * BUG FIX/ENHANCEMENT: Now hiding the ApplePay/GooglePay "Payment Request" buttons when the main checkout form is submitted. This helps to prevent double checkouts.
5
+ * BUG FIX: Fixed missing membership data in the billing failed email.
6
+
7
  = 2.5.5 - 2021-02-22 =
8
  * SECURITY: Better sanitization of parameters on some REST API endpoints.
9
  * SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.
classes/class.pmproemail.php CHANGED
@@ -549,6 +549,8 @@
549
 
550
  if(!$user || !$invoice)
551
  return false;
 
 
552
 
553
  $this->email = $user->user_email;
554
  $this->subject = sprintf(__("Membership Payment Failed at %s", "paid-memberships-pro"), get_option("blogname"));
@@ -559,8 +561,8 @@
559
  "user_login" => $user->user_login,
560
  "sitename" => get_option("blogname"),
561
  "siteemail" => pmpro_getOption("from_email"),
562
- "membership_id" => $user->membership_level->id,
563
- "membership_level_name" => $user->membership_level->name,
564
  "display_name" => $user->display_name,
565
  "user_email" => $user->user_email,
566
  "billing_name" => $invoice->billing->name,
@@ -596,6 +598,7 @@
596
  return false;
597
 
598
  $user = get_userdata($invoice->user_id);
 
599
 
600
  $this->email = $email;
601
  $this->subject = sprintf(__("Membership Payment Failed For %s at %s", "paid-memberships-pro"), $user->display_name, get_option("blogname"));
@@ -606,8 +609,8 @@
606
  "user_login" => $user->user_login,
607
  "sitename" => get_option("blogname"),
608
  "siteemail" => pmpro_getOption("from_email"),
609
- "membership_id" => $user->membership_level->id,
610
- "membership_level_name" => $user->membership_level->name,
611
  "display_name" => $user->display_name,
612
  "user_email" => $user->user_email,
613
  "billing_name" => $invoice->billing->name,
549
 
550
  if(!$user || !$invoice)
551
  return false;
552
+
553
+ $membership_level = pmpro_getSpecificMembershipLevelForUser( $user->ID, $invoice->membership_id );
554
 
555
  $this->email = $user->user_email;
556
  $this->subject = sprintf(__("Membership Payment Failed at %s", "paid-memberships-pro"), get_option("blogname"));
561
  "user_login" => $user->user_login,
562
  "sitename" => get_option("blogname"),
563
  "siteemail" => pmpro_getOption("from_email"),
564
+ "membership_id" => $membership_level->id,
565
+ "membership_level_name" => $membership_level->name,
566
  "display_name" => $user->display_name,
567
  "user_email" => $user->user_email,
568
  "billing_name" => $invoice->billing->name,
598
  return false;
599
 
600
  $user = get_userdata($invoice->user_id);
601
+ $membership_level = pmpro_getSpecificMembershipLevelForUser( $user->ID, $invoice->membership_id );
602
 
603
  $this->email = $email;
604
  $this->subject = sprintf(__("Membership Payment Failed For %s at %s", "paid-memberships-pro"), $user->display_name, get_option("blogname"));
609
  "user_login" => $user->user_login,
610
  "sitename" => get_option("blogname"),
611
  "siteemail" => pmpro_getOption("from_email"),
612
+ "membership_id" => $membership_level->id,
613
+ "membership_level_name" => $membership_level->name,
614
  "display_name" => $user->display_name,
615
  "user_email" => $user->user_email,
616
  "billing_name" => $invoice->billing->name,
includes/init.php CHANGED
@@ -200,16 +200,19 @@ function pmpro_manage_users_custom_column($column_data, $column_name, $user_id)
200
  return $column_data;
201
  }
202
 
203
- function pmpro_sortable_column_query($query) {
204
  global $wpdb;
205
 
206
  $vars = $query->query_vars;
207
 
208
- if($vars['orderby'] == 'level'){
209
- $query->query_from .= " LEFT JOIN {$wpdb->prefix}pmpro_memberships_users AS pmpro_mu ON {$wpdb->prefix}users.ID = pmpro_mu.user_id AND pmpro_mu.status = 'active'";
210
- $query->query_orderby = "ORDER BY pmpro_mu.membership_id " . $vars['order'] . ", {$wpdb->prefix}users.user_registered";
 
 
 
 
211
  }
212
-
213
  }
214
 
215
  add_filter('manage_users_columns', 'pmpro_manage_users_columns');
200
  return $column_data;
201
  }
202
 
203
+ function pmpro_sortable_column_query( $query ) {
204
  global $wpdb;
205
 
206
  $vars = $query->query_vars;
207
 
208
+ if ( $vars['orderby'] == 'level' ){
209
+ $order = pmpro_sanitize_with_safelist( $vars['order'], array( 'asc', 'desc' ) );
210
+
211
+ if ( ! empty( $order ) ) {
212
+ $query->query_from .= " LEFT JOIN {$wpdb->prefix}pmpro_memberships_users AS pmpro_mu ON {$wpdb->prefix}users.ID = pmpro_mu.user_id AND pmpro_mu.status = 'active'";
213
+ $query->query_orderby = "ORDER BY pmpro_mu.membership_id " . esc_sql( $order ) . ", {$wpdb->prefix}users.user_registered";
214
+ }
215
  }
 
216
  }
217
 
218
  add_filter('manage_users_columns', 'pmpro_manage_users_columns');
js/pmpro-stripe.js CHANGED
@@ -130,12 +130,22 @@ jQuery( document ).ready( function( $ ) {
130
  });
131
  // Handle payment request button confirmation.
132
  paymentRequest.on('paymentmethod', function( event ) {
 
 
 
 
133
  pmpro_stripeResponseHandler( event );
134
  });
135
  }
136
  }
137
  });
138
 
 
 
 
 
 
 
139
  function stripeUpdatePaymentRequestButton() {
140
  jQuery.noConflict().ajax({
141
  url: pmproStripe.restUrl + 'pmpro/v1/checkout_levels',
130
  });
131
  // Handle payment request button confirmation.
132
  paymentRequest.on('paymentmethod', function( event ) {
133
+ $('#pmpro_btn-submit').attr('disabled', 'disabled');
134
+ $('#pmpro_processing_message').css('visibility', 'visible');
135
+ $('#payment-request-button').hide();
136
+ event.complete('success');
137
  pmpro_stripeResponseHandler( event );
138
  });
139
  }
140
  }
141
  });
142
 
143
+ // Find ALL <form> tags on your page
144
+ jQuery('form').submit(function(){
145
+ // Hide payment request button on form submit to prevent double charges.
146
+ jQuery('#payment-request-button').hide();
147
+ });
148
+
149
  function stripeUpdatePaymentRequestButton() {
150
  jQuery.noConflict().ajax({
151
  url: pmproStripe.restUrl + 'pmpro/v1/checkout_levels',
paid-memberships-pro.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: Paid Memberships Pro
4
  * Plugin URI: https://www.paidmembershipspro.com
5
  * Description: The most complete member management and membership subscriptions plugin for WordPress.
6
- * Version: 2.5.5
7
  * Author: Stranger Studios
8
  * Author URI: https://www.strangerstudios.com
9
  * Text Domain: paid-memberships-pro
@@ -16,7 +16,7 @@
16
  */
17
 
18
  // version constant
19
- define( 'PMPRO_VERSION', '2.5.5' );
20
  define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21
  define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22
 
3
  * Plugin Name: Paid Memberships Pro
4
  * Plugin URI: https://www.paidmembershipspro.com
5
  * Description: The most complete member management and membership subscriptions plugin for WordPress.
6
+ * Version: 2.5.6
7
  * Author: Stranger Studios
8
  * Author URI: https://www.strangerstudios.com
9
  * Text Domain: paid-memberships-pro
16
  */
17
 
18
  // version constant
19
+ define( 'PMPRO_VERSION', '2.5.6' );
20
  define( 'PMPRO_USER_AGENT', 'Paid Memberships Pro v' . PMPRO_VERSION . '; ' . site_url() );
21
  define( 'PMPRO_MIN_PHP_VERSION', '5.6' );
22
 
readme.txt CHANGED
@@ -3,7 +3,7 @@ Contributors: strangerstudios, kimannwall, andrewza, dlparker1005, paidmembershi
3
  Tags: memberships, members, subscriptions, ecommerce, user registration, member, membership, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4
  Requires at least: 4
5
  Tested up to: 5.6.2
6
- Stable tag: 2.5.5
7
 
8
  Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
 
@@ -153,6 +153,11 @@ Not sure? You can find out by doing a bit a research.
153
  9. Membership Account page, display all sections or show specific sections using shortcode attributes.
154
 
155
  == Changelog ==
 
 
 
 
 
156
  = 2.5.5 - 2021-02-22 =
157
  * SECURITY: Better sanitization of parameters on some REST API endpoints.
158
  * SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.
3
  Tags: memberships, members, subscriptions, ecommerce, user registration, member, membership, e-commerce, paypal, stripe, braintree, authorize.net, payflow, restrict access, restrict content, directory
4
  Requires at least: 4
5
  Tested up to: 5.6.2
6
+ Stable tag: 2.5.6
7
 
8
  Get Paid with Paid Memberships Pro: The most complete member management and membership subscriptions plugin for your WordPress site.
9
 
153
  9. Membership Account page, display all sections or show specific sections using shortcode attributes.
154
 
155
  == Changelog ==
156
+ = 2.5.6 - 2021-03-05 =
157
+ * SECURITY: Now sanitizing and escaping the `order` parameter when filtering the users table in the dashboard. (Thanks, Gen Sato)
158
+ * BUG FIX/ENHANCEMENT: Now hiding the ApplePay/GooglePay "Payment Request" buttons when the main checkout form is submitted. This helps to prevent double checkouts.
159
+ * BUG FIX: Fixed missing membership data in the billing failed email.
160
+
161
  = 2.5.5 - 2021-02-22 =
162
  * SECURITY: Better sanitization of parameters on some REST API endpoints.
163
  * SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.