Simple Membership - Version 4.1.4

Version Description

PayPal smart checkout will pass the item name set in the payment button to PayPal's API.
The PayPal smart checkout transactions will try to find a member profile using the Transaction ID and show it in the Transactions tab (if found).
WooCommerce checkout integration will add the collected billing address to SWPM member record when available.

Release Info

Developer	mra13
Plugin	Simple Membership
Version	4.1.4
Comparing to
See all releases

Code changes from version 4.1.0 to 4.1.4

Files changed (24) hide show

classes/admin-includes/class.swpm-payments-list-table.php +12 -4
classes/class.simple-wp-membership.php +51 -3
classes/class.swpm-ajax.php +11 -11
classes/class.swpm-category-list.php +7 -7
classes/class.swpm-comment-form-related.php +25 -25
classes/class.swpm-form.php +15 -15
classes/class.swpm-front-registration.php +7 -0
classes/class.swpm-level-form.php +17 -17
classes/class.swpm-membership-levels.php +2 -2
classes/class.swpm-post-list.php +4 -4
classes/class.swpm-utils-misc.php +1 -0
classes/class.swpm-utils.php +15 -2
ipn/swpm-braintree-buy-now-ipn.php +6 -6
ipn/swpm-smart-checkout-ipn.php +8 -1
readme.txt +24 -2
simple-wp-membership.php +2 -2
views/add.php +1 -1
views/admin_add.php +13 -4
views/admin_edit.php +28 -0
views/admin_member_form_common_part.php +2 -11
views/admin_members_list.php +1 -1
views/admin_tools_settings.php +4 -4
views/payments/payment-gateway/admin_paypal_smart_checkout_button.php +6 -6
views/payments/payment-gateway/paypal_smart_checkout_button_shortcode_view.php +8 -2

classes/admin-includes/class.swpm-payments-list-table.php CHANGED Viewed

	@@ -46,18 +46,26 @@ class SWPMPaymentsListTable extends WP_List_Table {
46
47	function column_member_profile( $item ) {
48	global $wpdb;
49	- $member_id = $item['member_id'];
50	- $subscr_id = $item['subscr_id'];

51	$column_value = '';
52
53	if ( empty( $member_id ) ) {// Lets try to get the member id using unique reference
54	if ( ! empty( $subscr_id ) ) {
55	$resultset = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}swpm_members_tbl where subscr_id=%s", $subscr_id ), OBJECT );
56	if ( $resultset ) {
57	- // Found a record
58	$member_id = $resultset->member_id;
59	}
60	- }







61	}
62
63	if ( ! empty( $member_id ) ) {


46
47	function column_member_profile( $item ) {
48	global $wpdb;
49	+ $member_id = $item['member_id'];
50	+ $subscr_id = $item['subscr_id'];
51	+ $txn_id = $item['txn_id'];
52	$column_value = '';
53
54	if ( empty( $member_id ) ) {// Lets try to get the member id using unique reference
55	if ( ! empty( $subscr_id ) ) {
56	$resultset = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}swpm_members_tbl where subscr_id=%s", $subscr_id ), OBJECT );
57	if ( $resultset ) {
58	+ // Found a record using the "subscr_id" of the payments table.
59	$member_id = $resultset->member_id;
60	}
61	+ } else if ( ! empty ( $txn_id ) ){
62	+ //Fallback - lets try to find a member record using the "txn_id". See if this "txn_id" is found in the subscr_id of a member's profile.
63	+ $resultset = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}swpm_members_tbl where subscr_id=%s", $txn_id ), OBJECT );
64	+ if ( $resultset ) {
65	+ // Found a record using the "txn_id" of the payments table.
66	+ $member_id = $resultset->member_id;
67	+ }
68	+ }
69	}
70
71	if ( ! empty( $member_id ) ) {

classes/class.simple-wp-membership.php CHANGED Viewed

@@ -52,6 +52,7 @@ class SimpleWpMembership {
                     add_filter('wp_get_attachment_url', array(&$this, 'filter_attachment_url'), 10, 2);
                     add_filter('wp_get_attachment_metadata', array(&$this, 'filter_attachment'), 10, 2);
                     add_filter('attachment_fields_to_save', array(&$this, 'save_attachment_extra'), 10, 2);
                     //TODO - refactor these shortcodes into the shortcodes handler class
                     add_shortcode("swpm_registration_form", array(&$this, 'registration_form'));
@@ -115,6 +116,53 @@ class SimpleWpMembership {
                     return $post;
+                }
                 public function filter_attachment($content, $post_id) {
                     if (is_admin()) {//No need to filter on the admin side
                         return $content;
@@ -195,7 +243,7 @@ class SimpleWpMembership {
                     //Initialize the settings menu hooks.
                     $swpm_settings_obj->init_config_hooks();
-            -
                    $addon_saved = filter_input(INPUT_POST, 'swpm-addon-settings');
                     if (!empty($addon_saved) && current_user_can('manage_options')) {
                         check_admin_referer('swpm_addon_settings_section', 'swpm_addon_settings_section_save_settings');
                         do_action('swpm_addon_settings_save');
@@ -540,8 +588,8 @@ class SimpleWpMembership {
                 public function save_postdata($post_id) {
                     global $wpdb;
-            -
                    $post_type = filter_input(INPUT_POST, 'post_type');
-            -
                    $swpm_protect_post = filter_input(INPUT_POST, 'swpm_protect_post');
                     if (wp_is_post_revision($post_id)) {
                         return;


52	add_filter('wp_get_attachment_url', array(&$this, 'filter_attachment_url'), 10, 2);
53	add_filter('wp_get_attachment_metadata', array(&$this, 'filter_attachment'), 10, 2);
54	add_filter('attachment_fields_to_save', array(&$this, 'save_attachment_extra'), 10, 2);
55	+ add_filter('rest_request_before_callbacks', array(&$this, 'filter_media_rest_request_before_callbacks'), 10, 3);//For filtering REST API calls for media.
56
57	//TODO - refactor these shortcodes into the shortcodes handler class
58	add_shortcode("swpm_registration_form", array(&$this, 'registration_form'));

116	return $post;
117	}
118
119	+ public function filter_media_rest_request_before_callbacks( $response, $handler, $request ) {
120	+ //Trigger a filter to override this feature from custom code.
121	+ $overridden = apply_filters('swpm_override_filter_media_rest_request_before_callbacks', "");
122	+ if ( ! empty ( $overridden )){
123	+ //This filter has been overridden in a custom code/plugin.
124	+ return $response;
125	+ }
126	+
127	+ if ( is_admin() ) {
128	+ //No need to filter on the admin dashboard side
129	+ return $response;
130	+ }
131	+
132	+ //Check if this is a WP REST API query for media.
133	+ $req_route = $request->get_route();
134	+ //SwpmLog::log_simple_debug($req_route, true);
135	+ if ( stripos($req_route, 'media') === false ){
136	+ //Not a media request.
137	+ //SwpmLog::log_simple_debug('Not a media request.', true);
138	+ return $response;
139	+ }
140	+
141	+ //Check if the media belongs to a post/page that is protected.
142	+ $req_qry_params = $request->get_query_params();
143	+ if ( isset ( $req_qry_params['parent'] ) ){
144	+ //The media has a parent post/page. Lets check if that parent is protected.
145	+ $acl = SwpmAccessControl::get_instance();
146	+
147	+ $post_ids = $req_qry_params['parent'];
148	+ foreach ( $post_ids as $post_id){
149	+ //SwpmLog::log_simple_debug('Post ID: ' . $post_id, true);
150	+ //Check access control
151	+ $post = get_post($post_id);
152	+ if ($acl->can_i_read_post($post)) {
153	+ //I have permission read this post
154	+ return $response;
155	+ } else {
156	+ //No permission. Throw an error.
157	+ return new WP_Error( 'forbidden', 'Access forbidden! The post or page that this media belongs to is protected.', array( 'status' => 403 ) );
158	+ }
159	+ }
160	+ } else {
161	+ //Not for any post/page. Return the normal respose.
162	+ return $response;
163	+ }
164	+ }
165	+
166	public function filter_attachment($content, $post_id) {
167	if (is_admin()) {//No need to filter on the admin side
168	return $content;

243
244	//Initialize the settings menu hooks.
245	$swpm_settings_obj->init_config_hooks();
246	+ $addon_saved = isset($_POST['swpm-addon-settings']) ? sanitize_text_field($_POST['swpm-addon-settings']) : '';
247	if (!empty($addon_saved) && current_user_can('manage_options')) {
248	check_admin_referer('swpm_addon_settings_section', 'swpm_addon_settings_section_save_settings');
249	do_action('swpm_addon_settings_save');

588
589	public function save_postdata($post_id) {
590	global $wpdb;
591	+ $post_type = isset($_POST['post_type']) ? sanitize_text_field($_POST['post_type']) : '';
592	+ $swpm_protect_post = isset($_POST['swpm_protect_post']) ? sanitize_text_field($_POST['swpm_protect_post']) : '';
593
594	if (wp_is_post_revision($post_id)) {
595	return;

classes/class.swpm-ajax.php CHANGED Viewed

	@@ -7,41 +7,41 @@ class SwpmAjax {
7
8	public static function validate_email_ajax() {
9	global $wpdb;
10	- $field_value = ~~filter_input~~(~~INPUT_GET,~~ 'fieldValue');
11	- $field_id = ~~filter_input~~(~~INPUT_GET,~~ 'fieldId');
12	- $member_id = ~~filter_input~~(~~INPUT_GET,~~ 'member_id');
13	if (!check_ajax_referer( 'swpm-rego-form-ajax-nonce', 'nonce', false )) {
14	- echo '[ "' . $field_id . '",false, "'.SwpmUtils::_('Nonce check failed. Please reload the page.').'" ]' ;
15	exit;
16	}
17	if (!is_email($field_value)){
18	- echo '[ "' . $field_id . '",false, "'.SwpmUtils::_('Invalid Email Address').'" ]' ;
19	exit;
20	}
21	$table = $wpdb->prefix . "swpm_members_tbl";
22	$query = $wpdb->prepare("SELECT member_id FROM $table WHERE email = %s AND user_name != ''", $field_value);
23	$db_id = $wpdb->get_var($query) ;
24	$exists = ($db_id > 0) && $db_id != $member_id;
25	- echo '[ "' . $field_id . (($exists) ? '",false, "χ '.SwpmUtils::_('Already taken').'"]' : '",true, "√ '.SwpmUtils::_('Available'). '"]');
26	exit;
27	}
28
29	public static function validate_user_name_ajax() {
30	global $wpdb;
31	- $field_value = ~~filter_input~~(~~INPUT_GET,~~ 'fieldValue');
32	- $field_id = ~~filter_input~~(~~INPUT_GET,~~ 'fieldId');
33	if (!check_ajax_referer( 'swpm-rego-form-ajax-nonce', 'nonce', false )) {
34	- echo '[ "' . $field_id . '",false, "'.SwpmUtils::_('Nonce check failed. Please reload the page.').'" ]' ;
35	exit;
36	}
37	if (!SwpmMemberUtils::is_valid_user_name($field_value)){
38	- echo '[ "' . $field_id . '",false,"χ '. SwpmUtils::_('Name contains invalid character'). '"]';
39	exit;
40	}
41	$table = $wpdb->prefix . "swpm_members_tbl";
42	$query = $wpdb->prepare("SELECT COUNT(*) FROM $table WHERE user_name = %s", $field_value);
43	$exists = $wpdb->get_var($query) > 0;
44	- echo '[ "' . $field_id . (($exists) ? '",false,"χ '. SwpmUtils::_('Already taken'). '"]' :
45	'",true,"√ '.SwpmUtils::_('Available'). '"]');
46	exit;
47	}


7
8	public static function validate_email_ajax() {
9	global $wpdb;
10	+ $field_value = isset($_GET['fieldValue']) ? sanitize_text_field($_GET['fieldValue']) : '';
11	+ $field_id = isset($_GET['fieldId']) ? sanitize_text_field($_GET['fieldId']) : '';
12	+ $member_id = isset($_GET['member_id']) ? sanitize_text_field($_GET['member_id']) : '';
13	if (!check_ajax_referer( 'swpm-rego-form-ajax-nonce', 'nonce', false )) {
14	+ echo '[ "' . esc_attr($field_id) . '",false, "'.SwpmUtils::_('Nonce check failed. Please reload the page.').'" ]' ;
15	exit;
16	}
17	if (!is_email($field_value)){
18	+ echo '[ "' . esc_attr($field_id) . '",false, "'.SwpmUtils::_('Invalid Email Address').'" ]' ;
19	exit;
20	}
21	$table = $wpdb->prefix . "swpm_members_tbl";
22	$query = $wpdb->prepare("SELECT member_id FROM $table WHERE email = %s AND user_name != ''", $field_value);
23	$db_id = $wpdb->get_var($query) ;
24	$exists = ($db_id > 0) && $db_id != $member_id;
25	+ echo '[ "' . esc_attr($field_id) . (($exists) ? '",false, "χ '.SwpmUtils::_('Already taken').'"]' : '",true, "√ '.SwpmUtils::_('Available'). '"]');
26	exit;
27	}
28
29	public static function validate_user_name_ajax() {
30	global $wpdb;
31	+ $field_value = isset($_GET['fieldValue']) ? sanitize_text_field($_GET['fieldValue']) : '';
32	+ $field_id = isset($_GET['fieldId']) ? sanitize_text_field($_GET['fieldId']) : '';
33	if (!check_ajax_referer( 'swpm-rego-form-ajax-nonce', 'nonce', false )) {
34	+ echo '[ "' . esc_attr($field_id) . '",false, "'.SwpmUtils::_('Nonce check failed. Please reload the page.').'" ]' ;
35	exit;
36	}
37	if (!SwpmMemberUtils::is_valid_user_name($field_value)){
38	+ echo '[ "' . esc_attr($field_id) . '",false,"χ '. SwpmUtils::_('Name contains invalid character'). '"]';
39	exit;
40	}
41	$table = $wpdb->prefix . "swpm_members_tbl";
42	$query = $wpdb->prepare("SELECT COUNT(*) FROM $table WHERE user_name = %s", $field_value);
43	$exists = $wpdb->get_var($query) > 0;
44	+ echo '[ "' . esc_attr($field_id) . (($exists) ? '",false,"χ '. SwpmUtils::_('Already taken'). '"]' :
45	'",true,"√ '.SwpmUtils::_('Available'). '"]');
46	exit;
47	}

classes/class.swpm-category-list.php CHANGED Viewed

	@@ -20,7 +20,7 @@ class SwpmCategoryList extends WP_List_Table {
20	'plural' => SwpmUtils::_('Membership Levels'),
21	'ajax' => false
22	));
23	- $selected = filter_input(INPUT_POST, 'membership_level_id');
24	$this->selected_level_id = empty($selected) ? 1 : $selected;
25	$this->category = ($this->selected_level_id == 1) ?
26	SwpmProtection::get_instance() :
	@@ -59,7 +59,7 @@ class SwpmCategoryList extends WP_List_Table {
59	}
60	return $taxonomy;
61	}
62	-
63	function column_cb($item) {
64	return sprintf(
65	'<input type="hidden" name="ids_in_page[]" value="%s">
	@@ -68,17 +68,17 @@ class SwpmCategoryList extends WP_List_Table {
68	}
69
70	public static function update_category_list() {
71	- //Check we are on the admin end and user has management permission
72	SwpmMiscUtils::check_user_permission_and_is_admin('category protection update');
73	-
74	//Check nonce
75	$swpm_category_prot_update_nonce = filter_input(INPUT_POST, 'swpm_category_prot_update_nonce');
76	if (!wp_verify_nonce($swpm_category_prot_update_nonce, 'swpm_category_prot_update_nonce_action')) {
77	//Nonce check failed.
78	wp_die(SwpmUtils::_("Error! Nonce security verification failed for Category Protection Update action. Clear cache and try again."));
79	}
80	-
81	- $selected = filter_input(INPUT_POST, 'membership_level_id');
82	$selected_level_id = empty($selected) ? 1 : $selected;
83	$category = ($selected_level_id == 1) ?
84	SwpmProtection::get_instance() :
	@@ -104,7 +104,7 @@ class SwpmCategoryList extends WP_List_Table {
104	$all_categories = array();
105	$taxonomies = get_taxonomies($args = array('public' => true,'_builtin'=>false));
106	$taxonomies['category'] = 'category';
107	- $all_terms = get_terms( $taxonomies, 'orderby=count&hide_empty=0&order=DESC');
108	$totalitems = count($all_terms);
109	$perpage = 100;
110	$paged = !empty($_GET["paged"]) ? sanitize_text_field($_GET["paged"]) : '';


20	'plural' => SwpmUtils::_('Membership Levels'),
21	'ajax' => false
22	));
23	+ $selected = filter_input(INPUT_POST, 'membership_level_id', FILTER_SANITIZE_NUMBER_INT);
24	$this->selected_level_id = empty($selected) ? 1 : $selected;
25	$this->category = ($this->selected_level_id == 1) ?
26	SwpmProtection::get_instance() :

59	}
60	return $taxonomy;
61	}
62	+
63	function column_cb($item) {
64	return sprintf(
65	'<input type="hidden" name="ids_in_page[]" value="%s">

68	}
69
70	public static function update_category_list() {
71	+ //Check we are on the admin end and user has management permission
72	SwpmMiscUtils::check_user_permission_and_is_admin('category protection update');
73	+
74	//Check nonce
75	$swpm_category_prot_update_nonce = filter_input(INPUT_POST, 'swpm_category_prot_update_nonce');
76	if (!wp_verify_nonce($swpm_category_prot_update_nonce, 'swpm_category_prot_update_nonce_action')) {
77	//Nonce check failed.
78	wp_die(SwpmUtils::_("Error! Nonce security verification failed for Category Protection Update action. Clear cache and try again."));
79	}
80	+
81	+ $selected = filter_input(INPUT_POST, 'membership_level_id', FILTER_SANITIZE_NUMBER_INT);
82	$selected_level_id = empty($selected) ? 1 : $selected;
83	$category = ($selected_level_id == 1) ?
84	SwpmProtection::get_instance() :

104	$all_categories = array();
105	$taxonomies = get_taxonomies($args = array('public' => true,'_builtin'=>false));
106	$taxonomies['category'] = 'category';
107	+ $all_terms = get_terms( $taxonomies, 'orderby=count&hide_empty=0&order=DESC');
108	$totalitems = count($all_terms);
109	$perpage = 100;
110	$paged = !empty($_GET["paged"]) ? sanitize_text_field($_GET["paged"]) : '';

classes/class.swpm-comment-form-related.php CHANGED Viewed

	@@ -6,11 +6,11 @@ class SwpmCommentFormRelated {
6	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
7	if (empty($allow_comments)){
8	return;
9	- }
10	if (SwpmAuth::get_instance()->is_logged_in()){
11	- return;
12	}
13	-
14	//Apply a filter to the message so it can be customized using the custom message plugin
15	$comment_form_msg = apply_filters('swpm_login_to_comment_msg', SwpmUtils::_("Please login to comment."));
16	$comment_form_msg = '<div class="swpm-login-to-comment-msg">' . $comment_form_msg . '</div>';
	@@ -20,21 +20,21 @@ class SwpmCommentFormRelated {
20	$('#respond').html('<?php echo $comment_form_msg; ?>');
21	});
22	</script>
23	- <?php
24	}
25	-
26	public static function customize_comment_fields($fields){
27	-
28	//Check if login to comment feature is enabled.
29	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
30	if (empty($allow_comments)){//Feature is disabled
31	return $fields;
32	- }
33	-
34	if (SwpmAuth::get_instance()->is_logged_in()){//Member is logged-in.
35	return $fields;
36	}
37	-
38	//Member is not logged-in so show the protection message.
39	$fields = array();
40	$login_link = SwpmUtils::_('Please Login to Comment.');
	@@ -48,35 +48,35 @@ class SwpmCommentFormRelated {
48	$fields['title_reply_to'] = '';
49	$fields['id_submit'] = '';
50	$fields['id_form'] = '';
51	-
52	- return $fields;
53	}
54	-
55	/*
56	* This function checks and restricts comment posting (via HTTP POST) to members only (if the feature is enabled)
57	*/
58	- public static function check_and_restrict_comment_posting_to_members(){
59	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
60	if (empty($allow_comments)){
61	return;
62	}
63	-
64	if (is_admin()) {
65	- return;
66	- }
67	-
68	if (SwpmAuth::get_instance()->is_logged_in()){
69	- return;
70	}
71	-
72	- $comment_id = ~~filter_input~~(~~INPUT_POST,~~ 'comment_post_ID');
73	if (empty($comment_id)) {
74	- return;
75	}
76	-
77	- //Stop this request -> 1)we are on the front-side. 2) Comment posted by a not logged in member. 3) comment_post_ID missing.
78	- $_POST = array();
79	wp_die(SwpmUtils::_('Comments not allowed by a non-member.'));
80	}
81	-
82	}


6	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
7	if (empty($allow_comments)){
8	return;
9	+ }
10	if (SwpmAuth::get_instance()->is_logged_in()){
11	+ return;
12	}
13	+
14	//Apply a filter to the message so it can be customized using the custom message plugin
15	$comment_form_msg = apply_filters('swpm_login_to_comment_msg', SwpmUtils::_("Please login to comment."));
16	$comment_form_msg = '<div class="swpm-login-to-comment-msg">' . $comment_form_msg . '</div>';

20	$('#respond').html('<?php echo $comment_form_msg; ?>');
21	});
22	</script>
23	+ <?php
24	}
25	+
26	public static function customize_comment_fields($fields){
27	+
28	//Check if login to comment feature is enabled.
29	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
30	if (empty($allow_comments)){//Feature is disabled
31	return $fields;
32	+ }
33	+
34	if (SwpmAuth::get_instance()->is_logged_in()){//Member is logged-in.
35	return $fields;
36	}
37	+
38	//Member is not logged-in so show the protection message.
39	$fields = array();
40	$login_link = SwpmUtils::_('Please Login to Comment.');

48	$fields['title_reply_to'] = '';
49	$fields['id_submit'] = '';
50	$fields['id_form'] = '';
51	+
52	+ return $fields;
53	}
54	+
55	/*
56	* This function checks and restricts comment posting (via HTTP POST) to members only (if the feature is enabled)
57	*/
58	+ public static function check_and_restrict_comment_posting_to_members(){
59	$allow_comments = SwpmSettings::get_instance()->get_value('members-login-to-comment');
60	if (empty($allow_comments)){
61	return;
62	}
63	+
64	if (is_admin()) {
65	+ return;
66	+ }
67	+
68	if (SwpmAuth::get_instance()->is_logged_in()){
69	+ return;
70	}
71	+
72	+ $comment_id = isset($_POST['comment_post_ID']) ? sanitize_text_field($_POST['comment_post_ID']) : '';
73	if (empty($comment_id)) {
74	+ return;
75	}
76	+
77	+ //Stop this request -> 1)we are on the front-side. 2) Comment posted by a not logged in member. 3) comment_post_ID missing.
78	+ $_POST = array();
79	wp_die(SwpmUtils::_('Comments not allowed by a non-member.'));
80	}
81	+
82	}

classes/class.swpm-form.php CHANGED Viewed

	@@ -19,7 +19,7 @@ class SwpmForm {
19	}
20	}
21	protected function validate_wp_user_email(){
22	- $user_name = ~~filter_input~~(~~INPUT_POST,~~ 'user_name'~~,FILTER_SANITIZE_STRING~~);
23	$email = filter_input(INPUT_POST, 'email', FILTER_UNSAFE_RAW);
24	if (empty($user_name)) {
25	return;
	@@ -43,7 +43,7 @@ class SwpmForm {
43	protected function user_name() {
44	global $wpdb;
45	if (!empty($this->fields['user_name'])){return;}
46	- $user_name = ~~filter_input~~(~~INPUT_POST,~~ 'user_name'~~,FILTER_SANITIZE_STRING~~);
47	if (empty($user_name)) {
48	$this->errors['user_name'] = SwpmUtils::_('Username is required');
49	return;
	@@ -65,12 +65,12 @@ class SwpmForm {
65	}
66
67	protected function first_name() {
68	- $first_name = ~~filter_input~~(~~INPUT_POST,~~ 'first_name', ~~FILTER_SANITIZE_STRING)~~;
69	$this->sanitized['first_name'] = sanitize_text_field($first_name);
70	}
71
72	protected function last_name() {
73	- $last_name = ~~filter_input~~(~~INPUT_POST,~~ 'last_name', ~~FILTER_SANITIZE_STRING)~~;
74	$this->sanitized['last_name'] = sanitize_text_field($last_name);
75	}
76
	@@ -100,7 +100,7 @@ class SwpmForm {
100	return;
101	}
102	if (!is_email($email)) {
103	- $this->errors['email'] = SwpmUtils::_('Email is invalid') . " (".$email.")";
104	return;
105	}
106	$saned = sanitize_email($email);
	@@ -132,32 +132,32 @@ class SwpmForm {
132	}
133
134	protected function address_street() {
135	- $address_street = ~~filter_input~~(~~INPUT_POST,~~ 'address_street', ~~FILTER_SANITIZE_STRING)~~;
136	$this->sanitized['address_street'] = wp_kses($address_street, array());
137	}
138
139	protected function address_city() {
140	- $address_city = ~~filter_input~~(~~INPUT_POST,~~ 'address_city', ~~FILTER_SANITIZE_STRING)~~;
141	$this->sanitized['address_city'] = wp_kses($address_city, array());
142	}
143
144	protected function address_state() {
145	- $address_state = ~~filter_input~~(~~INPUT_POST,~~ 'address_state', ~~FILTER_SANITIZE_STRING)~~;
146	$this->sanitized['address_state'] = wp_kses($address_state, array());
147	}
148
149	protected function address_zipcode() {
150	- $address_zipcode = ~~filter_input~~(~~INPUT_POST,~~ 'address_zipcode', ~~FILTER_UNSAFE_RAW)~~;
151	$this->sanitized['address_zipcode'] = wp_kses($address_zipcode, array());
152	}
153
154	protected function country() {
155	- $country = ~~filter_input~~(~~INPUT_POST,~~ 'country', ~~FILTER_SANITIZE_STRING)~~;
156	$this->sanitized['country'] = wp_kses($country, array());
157	}
158
159	protected function company_name() {
160	- $company_name = ~~filter_input~~(~~INPUT_POST,~~ 'company_name', ~~FILTER_SANITIZE_STRING)~~;
161	$this->sanitized['company_name'] = $company_name;
162	}
163
	@@ -173,7 +173,7 @@ class SwpmForm {
173	}
174
175	protected function subscription_starts() {
176	- $subscription_starts = ~~filter_input~~(~~INPUT_POST,~~ 'subscription_starts', ~~FILTER_SANITIZE_STRING)~~;
177	if(empty($subscription_starts)) {return ;}
178	if (preg_match('/^[0-9]{4}-(0[1-9]\|1[0-2])-(0[1-9]\|[1-2][0-9]\|3[0-1])$/', $subscription_starts)){
179	$this->sanitized['subscription_starts'] = sanitize_text_field($subscription_starts);
	@@ -183,7 +183,7 @@ class SwpmForm {
183	}
184
185	protected function gender() {
186	- $gender = ~~filter_input~~(~~INPUT_POST,~~ 'gender', ~~FILTER_SANITIZE_STRING)~~;
187	if(empty($gender)) {return;}
188	if (in_array($gender, array('male', 'female', 'not specified'))){
189	$this->sanitized['gender'] = $gender;
	@@ -194,7 +194,7 @@ class SwpmForm {
194	}
195
196	protected function account_state() {
197	- $account_state = ~~filter_input~~(~~INPUT_POST,~~ 'account_state', ~~FILTER_SANITIZE_STRING)~~;
198	if(empty($account_state)) {return;}
199	if (in_array($account_state, array('active', 'pending', 'activation_required', 'inactive', 'expired'))){
200	$this->sanitized['account_state'] = $account_state;
	@@ -244,7 +244,7 @@ class SwpmForm {
244	}
245
246	protected function subscr_id() {
247	- $subscr_id = ~~filter_input~~(~~INPUT_POST,~~ 'subscr_id', ~~FILTER_SANITIZE_STRING)~~;
248	$this->sanitized['subscr_id'] = $subscr_id;
249	}
250


19	}
20	}
21	protected function validate_wp_user_email(){
22	+ $user_name = isset($_POST['user_name']) ? sanitize_text_field($_POST['user_name']) : '';
23	$email = filter_input(INPUT_POST, 'email', FILTER_UNSAFE_RAW);
24	if (empty($user_name)) {
25	return;

43	protected function user_name() {
44	global $wpdb;
45	if (!empty($this->fields['user_name'])){return;}
46	+ $user_name = isset($_POST['user_name']) ? sanitize_text_field($_POST['user_name']) : '';
47	if (empty($user_name)) {
48	$this->errors['user_name'] = SwpmUtils::_('Username is required');
49	return;

65	}
66
67	protected function first_name() {
68	+ $first_name = isset($_POST['first_name']) ? sanitize_text_field($_POST['first_name']) : '';
69	$this->sanitized['first_name'] = sanitize_text_field($first_name);
70	}
71
72	protected function last_name() {
73	+ $last_name = isset($_POST['last_name']) ? sanitize_text_field($_POST['last_name']) : '';
74	$this->sanitized['last_name'] = sanitize_text_field($last_name);
75	}
76

100	return;
101	}
102	if (!is_email($email)) {
103	+ $this->errors['email'] = SwpmUtils::_('Email is invalid') . " (".esc_attr($email).")";
104	return;
105	}
106	$saned = sanitize_email($email);

132	}
133
134	protected function address_street() {
135	+ $address_street = isset($_POST['address_street']) ? sanitize_text_field($_POST['address_street']) : '';
136	$this->sanitized['address_street'] = wp_kses($address_street, array());
137	}
138
139	protected function address_city() {
140	+ $address_city = isset($_POST['address_city']) ? sanitize_text_field($_POST['address_city']) : '';
141	$this->sanitized['address_city'] = wp_kses($address_city, array());
142	}
143
144	protected function address_state() {
145	+ $address_state = isset($_POST['address_state']) ? sanitize_text_field($_POST['address_state']) : '';
146	$this->sanitized['address_state'] = wp_kses($address_state, array());
147	}
148
149	protected function address_zipcode() {
150	+ $address_zipcode = isset($_POST['address_zipcode']) ? sanitize_text_field($_POST['address_zipcode']) : '';
151	$this->sanitized['address_zipcode'] = wp_kses($address_zipcode, array());
152	}
153
154	protected function country() {
155	+ $country = isset($_POST['country']) ? sanitize_text_field($_POST['country']) : '';
156	$this->sanitized['country'] = wp_kses($country, array());
157	}
158
159	protected function company_name() {
160	+ $company_name = isset($_POST['company_name']) ? sanitize_text_field($_POST['company_name']) : '';
161	$this->sanitized['company_name'] = $company_name;
162	}
163

173	}
174
175	protected function subscription_starts() {
176	+ $subscription_starts = isset($_POST['subscription_starts']) ? sanitize_text_field($_POST['subscription_starts']) : '';
177	if(empty($subscription_starts)) {return ;}
178	if (preg_match('/^[0-9]{4}-(0[1-9]\|1[0-2])-(0[1-9]\|[1-2][0-9]\|3[0-1])$/', $subscription_starts)){
179	$this->sanitized['subscription_starts'] = sanitize_text_field($subscription_starts);

183	}
184
185	protected function gender() {
186	+ $gender = isset($_POST['gender']) ? sanitize_text_field($_POST['gender']) : '';
187	if(empty($gender)) {return;}
188	if (in_array($gender, array('male', 'female', 'not specified'))){
189	$this->sanitized['gender'] = $gender;

194	}
195
196	protected function account_state() {
197	+ $account_state = isset($_POST['account_state']) ? sanitize_text_field($_POST['account_state']) : '';
198	if(empty($account_state)) {return;}
199	if (in_array($account_state, array('active', 'pending', 'activation_required', 'inactive', 'expired'))){
200	$this->sanitized['account_state'] = $account_state;

244	}
245
246	protected function subscr_id() {
247	+ $subscr_id = isset($_POST['subscr_id']) ? sanitize_text_field($_POST['subscr_id']) : '';
248	$this->sanitized['subscr_id'] = $subscr_id;
249	}
250

classes/class.swpm-front-registration.php CHANGED Viewed

	@@ -310,6 +310,13 @@ class SwpmFrontRegistration extends SwpmRegistration {
310	);
311
312	$member_info = $form->get_sanitized_member_form_data();







313	SwpmUtils::update_wp_user( $auth->get( 'user_name' ), $member_info ); //Update corresponding wp user record.
314
315	//Lets check if password was also changed.


310	);
311
312	$member_info = $form->get_sanitized_member_form_data();
313	+
314	+ //Check if membrship_level value has been posted.
315	+ if ( isset( $member_info['membership_level'] ) ){
316	+ //For edit profile, remove the membership level from the array (because we don't allow level updating in profile edit)
317	+ unset( $member_info['membership_level'] );
318	+ }
319	+
320	SwpmUtils::update_wp_user( $auth->get( 'user_name' ), $member_info ); //Update corresponding wp user record.
321
322	//Lets check if password was also changed.

classes/class.swpm-level-form.php CHANGED Viewed

	@@ -11,14 +11,14 @@ class SwpmLevelForm {
11	$this->fields = $fields;
12	$this->sanitized = array();
13	$this->errors = array();
14	-
15	foreach ($fields as $key => $value){
16	$this->$key();
17	}
18	}
19
20	protected function id() {
21	-
22	}
23
24	protected function alias() {
	@@ -36,7 +36,7 @@ class SwpmLevelForm {
36	}
37
38	protected function subscription_period() {
39	- $subscript_duration_type = ~~filter_input~~(~~INPUT_POST,~~ 'subscription_duration_type');
40
41	if ($subscript_duration_type == SwpmMembershipLevel::NO_EXPIRY) {
42	$this->sanitized['subscription_period'] = "";
	@@ -53,7 +53,7 @@ class SwpmLevelForm {
53	$this->sanitized['subscription_period'] = sanitize_text_field($subscription_period);
54	return;
55	}
56	-
57	if (!is_numeric($subscription_period)) {
58	$this->errors['subscription_period'] = SwpmUtils::_("Access duration must be > 0.");
59	return;
	@@ -62,55 +62,55 @@ class SwpmLevelForm {
62	}
63
64	protected function subscription_duration_type(){
65	- $subscription_duration_type = ~~filter_input~~(~~INPUT_POST,~~ 'subscription_duration_type');
66	$this->sanitized['subscription_duration_type'] = $subscription_duration_type;
67	return;
68	}
69	protected function subscription_unit(){
70	-
71	}
72	protected function loginredirect_page() {
73	-
74	}
75
76	protected function category_list() {
77	-
78	}
79
80	protected function page_list() {
81	-
82	}
83
84	protected function post_list() {
85	-
86	}
87
88	protected function comment_list() {
89	-
90	}
91
92	protected function attachment_list() {
93	-
94	}
95
96	protected function custom_post_list() {
97	-
98	}
99
100	protected function disable_bookmark_list() {
101	-
102	}
103
104	protected function options() {
105	-
106	}
107
108	protected function campaign_name() {
109	-
110	}
111
112	protected function protect_older_posts() {
113	- $checked = ~~filter_input~~(~~INPUT_POST,~~ 'protect_older_posts');
114	$this->sanitized['protect_older_posts'] = empty($checked) ? 0 : 1;
115	}
116


11	$this->fields = $fields;
12	$this->sanitized = array();
13	$this->errors = array();
14	+
15	foreach ($fields as $key => $value){
16	$this->$key();
17	}
18	}
19
20	protected function id() {
21	+
22	}
23
24	protected function alias() {

36	}
37
38	protected function subscription_period() {
39	+ $subscript_duration_type = isset($_POST['subscription_duration_type']) ? sanitize_text_field($_POST['subscription_duration_type']) : '';
40
41	if ($subscript_duration_type == SwpmMembershipLevel::NO_EXPIRY) {
42	$this->sanitized['subscription_period'] = "";

53	$this->sanitized['subscription_period'] = sanitize_text_field($subscription_period);
54	return;
55	}
56	+
57	if (!is_numeric($subscription_period)) {
58	$this->errors['subscription_period'] = SwpmUtils::_("Access duration must be > 0.");
59	return;

62	}
63
64	protected function subscription_duration_type(){
65	+ $subscription_duration_type = isset($_POST['subscription_duration_type']) ? sanitize_text_field($_POST['subscription_duration_type']) : '';
66	$this->sanitized['subscription_duration_type'] = $subscription_duration_type;
67	return;
68	}
69	protected function subscription_unit(){
70	+
71	}
72	protected function loginredirect_page() {
73	+
74	}
75
76	protected function category_list() {
77	+
78	}
79
80	protected function page_list() {
81	+
82	}
83
84	protected function post_list() {
85	+
86	}
87
88	protected function comment_list() {
89	+
90	}
91
92	protected function attachment_list() {
93	+
94	}
95
96	protected function custom_post_list() {
97	+
98	}
99
100	protected function disable_bookmark_list() {
101	+
102	}
103
104	protected function options() {
105	+
106	}
107
108	protected function campaign_name() {
109	+
110	}
111
112	protected function protect_older_posts() {
113	+ $checked = isset($_POST['protect_older_posts']) ? sanitize_text_field($_POST['protect_older_posts']) : '';
114	$this->sanitized['protect_older_posts'] = empty($checked) ? 0 : 1;
115	}
116

classes/class.swpm-membership-levels.php CHANGED Viewed

	@@ -258,7 +258,7 @@ class SwpmMembershipLevels extends WP_List_Table {
258	//Check current_user_can() or die.
259	SwpmMiscUtils::check_user_permission_and_is_admin('Main Membership Level Admin Menu');
260
261	- $level_action = ~~filter_input~~(~~INPUT_GET,~~ 'level_action');
262	$action = $level_action;
263	$selected= $action;
264
	@@ -283,7 +283,7 @@ class SwpmMembershipLevels extends WP_List_Table {
283	$menu_tabs = apply_filters('swpm_membership_levels_additional_menu_tabs_array', array());
284	foreach ($menu_tabs as $level_action => $title){
285	?>
286	- <a class="nav-tab <?php echo ($selected == $member_action) ? 'nav-tab-active' : ''; ?>" href="admin.php?page=simple_wp_membership_levels&level_action=<?php echo $level_action; ?>" ><?php SwpmUtils::e($title); ?></a>
287	<?php
288	}
289


258	//Check current_user_can() or die.
259	SwpmMiscUtils::check_user_permission_and_is_admin('Main Membership Level Admin Menu');
260
261	+ $level_action = isset($_GET['level_action']) ? sanitize_text_field($_GET['level_action']) : '';
262	$action = $level_action;
263	$selected= $action;
264

283	$menu_tabs = apply_filters('swpm_membership_levels_additional_menu_tabs_array', array());
284	foreach ($menu_tabs as $level_action => $title){
285	?>
286	+ <a class="nav-tab <?php echo ($selected == $member_action) ? 'nav-tab-active' : ''; ?>" href="admin.php?page=simple_wp_membership_levels&level_action=<?php echo esc_attr($level_action); ?>" ><?php SwpmUtils::e($title); ?></a>
287	<?php
288	}
289

classes/class.swpm-post-list.php CHANGED Viewed

	@@ -21,7 +21,7 @@ class SwpmPostList extends WP_List_Table {
21	'plural' => SwpmUtils::_('Membership Levels'),
22	'ajax' => false
23	));
24	- $selected = ~~filter_input~~(~~INPUT_POST,~~ 'membership_level_id');
25	$this->selected_level_id = empty($selected) ? 1 : $selected;
26	$this->post = ($this->selected_level_id == 1) ?
27	SwpmProtection::get_instance() :
	@@ -99,7 +99,7 @@ class SwpmPostList extends WP_List_Table {
99	}
100
101	public static function update_post_list() {
102	- //Check we are on the admin end and user has management permission
103	SwpmMiscUtils::check_user_permission_and_is_admin('post protection update');
104
105	//Check nonce
	@@ -108,8 +108,8 @@ class SwpmPostList extends WP_List_Table {
108	//Nonce check failed.
109	wp_die(SwpmUtils::_("Error! Nonce security verification failed for Post Protection Update action. Clear cache and try again."));
110	}
111	-
112	- $type = ~~filter_input~~(~~INPUT_POST,~~ 'list_type');
113
114	$selected = filter_input(INPUT_POST, 'membership_level_id');
115	$selected_level_id = empty($selected) ? 1 : $selected;


21	'plural' => SwpmUtils::_('Membership Levels'),
22	'ajax' => false
23	));
24	+ $selected = isset($_POST['membership_level_id']) ? sanitize_text_field($_POST['membership_level_id']) : '';
25	$this->selected_level_id = empty($selected) ? 1 : $selected;
26	$this->post = ($this->selected_level_id == 1) ?
27	SwpmProtection::get_instance() :

99	}
100
101	public static function update_post_list() {
102	+ //Check we are on the admin end and user has management permission
103	SwpmMiscUtils::check_user_permission_and_is_admin('post protection update');
104
105	//Check nonce

108	//Nonce check failed.
109	wp_die(SwpmUtils::_("Error! Nonce security verification failed for Post Protection Update action. Clear cache and try again."));
110	}
111	+
112	+ $type = isset($_POST['list_type']) ? sanitize_text_field($_POST['list_type']) : '';
113
114	$selected = filter_input(INPUT_POST, 'membership_level_id');
115	$selected_level_id = empty($selected) ? 1 : $selected;

classes/class.swpm-utils-misc.php CHANGED Viewed

	@@ -523,6 +523,7 @@ class SwpmMiscUtils {
523	'Fiji',
524	'Finland',
525	'France',

526	'Gabon',
527	'Gambia, The',
528	'Georgia',


523	'Fiji',
524	'Finland',
525	'France',
526	+ 'French Polynesia',
527	'Gabon',
528	'Gambia, The',
529	'Georgia',

classes/class.swpm-utils.php CHANGED Viewed

@@ -418,9 +418,22 @@ abstract class SwpmUtils {
+            	}
             	public static function get_free_level() {
-            -
            		$encrypted = filter_input( INPUT_POST, 'level_identifier' );
             		if ( ! empty( $encrypted ) ) {
-            -
            			return SwpmPermission::get_instance( $encrypted )->get( 'id' );
+            		}
             		$is_free    = SwpmSettings::get_instance()->get_value( 'enable-free-membership' );


418	}
419
420	public static function get_free_level() {
421	+ $encrypted = sanitize_text_field( $_POST['level_identifier'] );
422	if ( ! empty( $encrypted ) ) {
423	+ //We already checked using hash that the membership_level value is authentic. Now check the level_identifier against the membership_level.
424	+ $level_value = sanitize_text_field( $_POST['membership_level'] );
425	+ $hash_val = md5( $level_value );
426	+ if ( $hash_val != $encrypted ) {//level_identifier validation failed.
427	+ $msg = '<p>Error! Security check failed for membership level identifier validation.</p>';
428	+ $msg .= '<p>The submitted membership level data does not match.</p>';
429	+ $msg .= '<p>If you are using caching please empty the cache data and try again.</p>';
430	+ if ( isset ( $_POST['swpm-fb-submit'] ) ){//Form builder submission potentially
431	+ $msg .= '<p>If you are using the Form Builder addon, please update the addon and try again.</p>';
432	+ }
433	+ wp_die( $msg );
434	+ }
435	+
436	+ return SwpmPermission::get_instance( $encrypted )->get( 'id' );
437	}
438
439	$is_free = SwpmSettings::get_instance()->get_value( 'enable-free-membership' );

ipn/swpm-braintree-buy-now-ipn.php CHANGED Viewed

	@@ -17,8 +17,8 @@ class SwpmBraintreeBuyNowIpnHandler {
17
18	//Read and sanitize the request parameters.
19	$button_id = filter_input(INPUT_POST, 'item_number', FILTER_SANITIZE_NUMBER_INT);
20	- $button_title = ~~filter_input~~(~~INPUT_POST,~~ 'item_name'~~, FILTER_SANITIZE_STRING~~);
21	- $payment_amount = ~~filter_input~~(~~INPUT_POST,~~ 'item_price'~~, FILTER_SANITIZE_STRING~~);
22
23	//Retrieve the CPT for this button
24	$button_cpt = get_post($button_id);
	@@ -63,7 +63,7 @@ class SwpmBraintreeBuyNowIpnHandler {
63
64	// Create the charge on Braintree's servers - this will charge the user's card
65
66	- $nonce = ~~filter_input~~(~~INPUT_POST,~~ 'payment_method_nonce'~~, FILTER_SANITIZE_STRING~~);
67
68	$result = Braintree_Transaction::sale([
69	'amount' => $payment_amount,
	@@ -90,15 +90,15 @@ class SwpmBraintreeBuyNowIpnHandler {
90	//Grab the transaction ID.
91	$txn_id = $result->transaction->id; //$charge->balance_transaction;
92
93	- $custom = ~~filter_input~~(~~INPUT_POST,~~ 'custom'~~, FILTER_SANITIZE_STRING~~);
94	$custom_var = SwpmTransactions::parse_custom_var($custom);
95	$swpm_id = isset($custom_var['swpm_id']) ? $custom_var['swpm_id'] : '';
96
97	//Create the $ipn_data array.
98	$ipn_data = array();
99	$ipn_data['mc_gross'] = $payment_amount;
100	- $ipn_data['first_name'] = ~~filter_input~~(~~INPUT_POST,~~ 'first_name'~~, FILTER_SANITIZE_STRING~~);
101	- $ipn_data['last_name'] = ~~filter_input~~(~~INPUT_POST,~~ 'last_name'~~, FILTER_SANITIZE_STRING~~);
102	$ipn_data['payer_email'] = filter_input(INPUT_POST, 'member_email', FILTER_SANITIZE_EMAIL);
103	$ipn_data['membership_level'] = $membership_level_id;
104	$ipn_data['txn_id'] = $txn_id;


17
18	//Read and sanitize the request parameters.
19	$button_id = filter_input(INPUT_POST, 'item_number', FILTER_SANITIZE_NUMBER_INT);
20	+ $button_title = sanitize_text_field($_POST['item_name']);
21	+ $payment_amount = sanitize_text_field($_POST['item_price']);
22
23	//Retrieve the CPT for this button
24	$button_cpt = get_post($button_id);

63
64	// Create the charge on Braintree's servers - this will charge the user's card
65
66	+ $nonce = sanitize_text_field($_POST['payment_method_nonce']);
67
68	$result = Braintree_Transaction::sale([
69	'amount' => $payment_amount,

90	//Grab the transaction ID.
91	$txn_id = $result->transaction->id; //$charge->balance_transaction;
92
93	+ $custom = sanitize_text_field($_POST['custom']);
94	$custom_var = SwpmTransactions::parse_custom_var($custom);
95	$swpm_id = isset($custom_var['swpm_id']) ? $custom_var['swpm_id'] : '';
96
97	//Create the $ipn_data array.
98	$ipn_data = array();
99	$ipn_data['mc_gross'] = $payment_amount;
100	+ $ipn_data['first_name'] = sanitize_text_field($_POST['first_name']);
101	+ $ipn_data['last_name'] = sanitize_text_field($_POST['last_name']);
102	$ipn_data['payer_email'] = filter_input(INPUT_POST, 'member_email', FILTER_SANITIZE_EMAIL);
103	$ipn_data['membership_level'] = $membership_level_id;
104	$ipn_data['txn_id'] = $txn_id;

ipn/swpm-smart-checkout-ipn.php CHANGED Viewed

	@@ -200,6 +200,13 @@ class swpm_smart_checkout_ipn_handler { // phpcs:ignore
200	}
201
202	public function create_ipn_from_smart_checkout( $data ) {







203	$ipn['custom'] = $data['custom_field'];
204	$ipn['item_number'] = $data['button_id'];
205	$ipn['item_name'] = $data['item_name'];
	@@ -218,7 +225,7 @@ class swpm_smart_checkout_ipn_handler { // phpcs:ignore
218	$ipn['first_name'] = $data['payer']['payer_info']['first_name'];
219	$ipn['last_name'] = $data['payer']['payer_info']['last_name'];
220	$ipn['payer_email'] = $data['payer']['payer_info']['email'];
221	- $ipn['address_street'] = $~~data['payer']['payer_info']['shipping_address']['line1']~~;
222	$ipn['address_city'] = $data['payer']['payer_info']['shipping_address']['city'];
223	$ipn['address_state'] = $data['payer']['payer_info']['shipping_address']['state'];
224	$ipn['address_zip'] = $data['payer']['payer_info']['shipping_address']['postal_code'];


200	}
201
202	public function create_ipn_from_smart_checkout( $data ) {
203	+
204	+ $address_street = $data['payer']['payer_info']['shipping_address']['line1'];
205	+ if ( isset ( $data[ 'payer' ][ 'payer_info' ][ 'shipping_address' ][ 'line2' ] )){
206	+ //If address line 2 is present, add it to the address.
207	+ $address_street .= ", " . $data[ 'payer' ][ 'payer_info' ][ 'shipping_address' ][ 'line2' ];
208	+ }
209	+
210	$ipn['custom'] = $data['custom_field'];
211	$ipn['item_number'] = $data['button_id'];
212	$ipn['item_name'] = $data['item_name'];

225	$ipn['first_name'] = $data['payer']['payer_info']['first_name'];
226	$ipn['last_name'] = $data['payer']['payer_info']['last_name'];
227	$ipn['payer_email'] = $data['payer']['payer_info']['email'];
228	+ $ipn['address_street'] = $address_street;
229	$ipn['address_city'] = $data['payer']['payer_info']['shipping_address']['city'];
230	$ipn['address_state'] = $data['payer']['payer_info']['shipping_address']['state'];
231	$ipn['address_zip'] = $data['payer']['payer_info']['shipping_address']['postal_code'];

readme.txt CHANGED Viewed

@@ -4,8 +4,8 @@ Donate link: https://simple-membership-plugin.com/
             Tags: member, members, members only, membership, memberships, register, WordPress membership plugin, content, content protection, paypal, restrict, restrict access, Restrict content, admin, access control, subscription, teaser, protection, profile, login, login page, bbpress, stripe, braintree
             Requires at least: 5.0
             Requires PHP: 5.6
-            -
            Tested up to: 5.9
-            -
            Stable tag: 4.1.0
             License: GPLv2 or later
             License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -159,6 +159,28 @@ https://simple-membership-plugin.com/
             == Changelog ==
             = 4.1.0 =
             - Added the text 'Username or Email' to the language translation POT file.
             - Added a new action hook (swpm_front_end_registration_form_submitted) for when the front-end registration form is submitted


4	Tags: member, members, members only, membership, memberships, register, WordPress membership plugin, content, content protection, paypal, restrict, restrict access, Restrict content, admin, access control, subscription, teaser, protection, profile, login, login page, bbpress, stripe, braintree
5	Requires at least: 5.0
6	Requires PHP: 5.6
7	+ Tested up to: 6.0
8	+ Stable tag: 4.1.4
9	License: GPLv2 or later
10	License URI: http://www.gnu.org/licenses/gpl-2.0.html
11

159
160	== Changelog ==
161
162	+ = 4.1.4 =
163	+ - PayPal smart checkout will pass the item name set in the payment button to PayPal's API.
164	+ - The PayPal smart checkout transactions will try to find a member profile using the Transaction ID and show it in the Transactions tab (if found).
165	+ - WooCommerce checkout integration will add the collected billing address to SWPM member record when available.
166	+
167	+ = 4.1.3 =
168	+ - Added a warning in the edit member interface for situation when a member account is created without a membership level value.
169	+ - Small user edit interface improvement.
170	+ - Added 'French Polynesia' country to the countries dropdown list.
171	+ - Removes the membership_level data (if posted) from the edit profile update operation (since this data is not needed for this operation). Thanks to Vladimir for pointing this out.
172	+ - Added an additional hash check for the level_identified on registration form.
173	+
174	+ = 4.1.2 =
175	+ - Fixed a minor Undefined array key warning.
176	+
177	+ = 4.1.1 =
178	+ - Tested on WordPress 6.0.
179	+ - Added output escaping to the email validation ajax request.
180	+ - Added output escaping to the username validation ajax request.
181	+ - Added sanitization to the account status field of the member listing page.
182	+ - Removed some use of the FILTER_SANITIZE_STRING flag to be compatible with PHP8.1.
183	+
184	= 4.1.0 =
185	- Added the text 'Username or Email' to the language translation POT file.
186	- Added a new action hook (swpm_front_end_registration_form_submitted) for when the front-end registration form is submitted

simple-wp-membership.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/*
3	Plugin Name: Simple WordPress Membership
4	- Version: 4.1.0
5	Plugin URI: https://simple-membership-plugin.com/
6	Author: smp7, wp.insider
7	Author URI: https://simple-membership-plugin.com/
	@@ -20,7 +20,7 @@ include_once( 'classes/class.simple-wp-membership.php' );
20	include_once( 'classes/class.swpm-cronjob.php' );
21	include_once( 'swpm-compat.php' );
22
23	- define( 'SIMPLE_WP_MEMBERSHIP_VER', '4.1.0' );
24	define( 'SIMPLE_WP_MEMBERSHIP_DB_VER', '1.3' );
25	define( 'SIMPLE_WP_MEMBERSHIP_SITE_HOME_URL', home_url() );
26	define( 'SIMPLE_WP_MEMBERSHIP_PATH', dirname( __FILE__ ) . '/' );


1	<?php
2	/*
3	Plugin Name: Simple WordPress Membership
4	+ Version: 4.1.4
5	Plugin URI: https://simple-membership-plugin.com/
6	Author: smp7, wp.insider
7	Author URI: https://simple-membership-plugin.com/

20	include_once( 'classes/class.swpm-cronjob.php' );
21	include_once( 'swpm-compat.php' );
22
23	+ define( 'SIMPLE_WP_MEMBERSHIP_VER', '4.1.4' );
24	define( 'SIMPLE_WP_MEMBERSHIP_DB_VER', '1.3' );
25	define( 'SIMPLE_WP_MEMBERSHIP_SITE_HOME_URL', home_url() );
26	define( 'SIMPLE_WP_MEMBERSHIP_PATH', dirname( __FILE__ ) . '/' );

views/add.php CHANGED Viewed

	@@ -1,5 +1,5 @@
1	<?php
2	- SimpleWpMembership::enqueue_validation_scripts(array('ajaxEmailCall' => array('extraData' => '&action=swpm_validate_email&member_id=' . filter_input(INPUT_GET, 'member_id'))));
3	$settings = SwpmSettings::get_instance();
4	$force_strong_pass = $settings->get_value('force-strong-passwords');
5	if (!empty($force_strong_pass)) {


1	<?php
2	+ SimpleWpMembership::enqueue_validation_scripts(array('ajaxEmailCall' => array('extraData' => '&action=swpm_validate_email&member_id=' . filter_input(INPUT_GET, 'member_id', FILTER_SANITIZE_NUMBER_INT))));
3	$settings = SwpmSettings::get_instance();
4	$force_strong_pass = $settings->get_value('force-strong-passwords');
5	if (!empty($force_strong_pass)) {

views/admin_add.php CHANGED Viewed

	@@ -25,18 +25,27 @@
25	<div id="pass-strength-result"><?php echo SwpmUtils::_('Strength indicator'); ?></div>
26	<p class="description indicator-hint"><?php echo SwpmUtils::_('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
27	</td>
28	- </tr>
29	<tr class="swpm-admin-add-account-state">
30	<th scope="row"><label for="account_state"><?php echo SwpmUtils::_('Account Status'); ?></label></th>
31	<td><select class="regular-text" name="account_state" id="account_state">
32	<?php echo SwpmUtils::account_state_dropdown('active'); ?>
33	</select>
34	</td>
35	- </tr>









36	<?php include('admin_member_form_common_part.php'); ?>
37	</tbody>
38	- </table>
39	- <?php include('admin_member_form_common_js.php'); ?>
40	<?php submit_button(SwpmUtils::_('Add New Member '), 'primary', 'createswpmuser', true, array('id' => 'createswpmusersub')); ?>
41	</form>
42	</div>


25	<div id="pass-strength-result"><?php echo SwpmUtils::_('Strength indicator'); ?></div>
26	<p class="description indicator-hint"><?php echo SwpmUtils::_('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
27	</td>
28	+ </tr>
29	<tr class="swpm-admin-add-account-state">
30	<th scope="row"><label for="account_state"><?php echo SwpmUtils::_('Account Status'); ?></label></th>
31	<td><select class="regular-text" name="account_state" id="account_state">
32	<?php echo SwpmUtils::account_state_dropdown('active'); ?>
33	</select>
34	</td>
35	+ </tr>
36	+ <tr class="swpm-admin-edit-membership-level">
37	+ <th scope="row"><label for="membership_level"><?php echo SwpmUtils::_('Membership Level'); ?></label></th>
38	+ <td><select class="regular-text" name="membership_level" id="membership_level">
39	+ <?php foreach ($levels as $level): ?>
40	+ <option <?php echo ($level['id'] == $membership_level) ? "selected='selected'" : ""; ?> value="<?php echo $level['id']; ?>"> <?php echo $level['alias'] ?></option>
41	+ <?php endforeach; ?>
42	+ </select>
43	+ </td>
44	+ </tr>
45	<?php include('admin_member_form_common_part.php'); ?>
46	</tbody>
47	+ </table>
48	+ <?php include('admin_member_form_common_js.php'); ?>
49	<?php submit_button(SwpmUtils::_('Add New Member '), 'primary', 'createswpmuser', true, array('id' => 'createswpmusersub')); ?>
50	</form>
51	</div>

views/admin_edit.php CHANGED Viewed

@@ -70,6 +70,34 @@
                             </p>
                         </td>
             	</tr>
                 <?php include('admin_member_form_common_part.php');?>
                     <tr class="swpm-admin-edit-subscriber-id">
             		<th scope="row"><label for="subscr_id"><?php echo  SwpmUtils::_('Subscriber ID/Reference') ?> </label></th>


70	</p>
71	</td>
72	</tr>
73	+ <tr class="swpm-admin-edit-membership-level">
74	+ <th scope="row"><label for="membership_level"><?php echo SwpmUtils::_('Membership Level'); ?></label></th>
75	+ <td>
76	+ <?php
77	+ //This is an edit member record view. Check that the membershp level is set.
78	+ if ( !isset( $membership_level ) \|\| empty( $membership_level ) ){
79	+ //The member's membership level is not set. Show an error message.
80	+ echo '<div class="swpm-yellow-box" style="max-width:450px;">';
81	+ echo '<p>' . 'Error! This user\'s membership level is not set. Please select a membership level and save the record.' . '</p>';
82	+ echo '<p>';
83	+ echo 'If member accounts are created without a level, that indicates a problem in your setup. Please review your ';
84	+ echo '<a href="https://simple-membership-plugin.com/membership-registration-process-overview/" target="_blank">registration setup</a>.';
85	+ echo '</p>';
86	+ echo '</div>';
87	+ }
88	+ ?>
89	+ <select class="regular-text" name="membership_level" id="membership_level">
90	+ <?php
91	+ if ( !isset( $membership_level ) \|\| empty( $membership_level ) ){
92	+ echo '<option value="2">--</option>';//Show select prompt and set the action value to the default level ID.
93	+ }
94	+ ?>
95	+ <?php foreach ($levels as $level): ?>
96	+ <option <?php echo ($level['id'] == $membership_level) ? "selected='selected'" : ""; ?> value="<?php echo $level['id']; ?>"> <?php echo $level['alias'] ?></option>
97	+ <?php endforeach; ?>
98	+ </select>
99	+ </td>
100	+ </tr>
101	<?php include('admin_member_form_common_part.php');?>
102	<tr class="swpm-admin-edit-subscriber-id">
103	<th scope="row"><label for="subscr_id"><?php echo SwpmUtils::_('Subscriber ID/Reference') ?> </label></th>

views/admin_member_form_common_part.php CHANGED Viewed

	@@ -1,16 +1,7 @@
1	- <tr class="swpm-admin-edit-membership-level">
2	- <th scope="row"><label for="membership_level"><?php echo SwpmUtils::_('Membership Level'); ?></label></th>
3	- <td><select class="regular-text" name="membership_level" id="membership_level">
4	- <?php foreach ($levels as $level): ?>
5	- <option <?php echo ($level['id'] == $membership_level) ? "selected='selected'" : ""; ?> value="<?php echo $level['id']; ?>"> <?php echo $level['alias'] ?></option>
6	- <?php endforeach; ?>
7	- </select>
8	- </td>
9	- </tr>
10	<tr class="swpm-admin-edit-access-starts">
11	<th scope="row"><label for="subscription_starts"><?php echo SwpmUtils::_('Access Starts') ?> </label></th>
12	<td><input class="regular-text" name="subscription_starts" type="text" id="subscription_starts" value="<?php echo esc_attr($subscription_starts); ?>" /></td>
13	- </tr>
14	<tr class="swpm-admin-edit-first-name">
15	<th scope="row"><label for="first_name"><?php echo SwpmUtils::_('First Name') ?> </label></th>
16	<td><input class="regular-text" name="first_name" type="text" id="first_name" value="<?php echo esc_attr($first_name); ?>" /></td>
	@@ -53,7 +44,7 @@
53	<tr class="swpm-admin-edit-company">
54	<th scope="row"><label for="company_name"><?php echo SwpmUtils::_('Company') ?></label></th>
55	<td><input name="company_name" type="text" id="company_name" class="regular-text" value="<?php echo esc_attr($company_name); ?>" /></td>
56	- </tr>
57	<tr class="swpm-admin-edit-member-since">
58	<th scope="row"><label for="member_since"><?php echo SwpmUtils::_('Member Since') ?> </label></th>
59	<td><input class="regular-text" name="member_since" type="text" id="member_since" value="<?php echo esc_attr($member_since); ?>" /></td>











1	<tr class="swpm-admin-edit-access-starts">
2	<th scope="row"><label for="subscription_starts"><?php echo SwpmUtils::_('Access Starts') ?> </label></th>
3	<td><input class="regular-text" name="subscription_starts" type="text" id="subscription_starts" value="<?php echo esc_attr($subscription_starts); ?>" /></td>
4	+ </tr>
5	<tr class="swpm-admin-edit-first-name">
6	<th scope="row"><label for="first_name"><?php echo SwpmUtils::_('First Name') ?> </label></th>
7	<td><input class="regular-text" name="first_name" type="text" id="first_name" value="<?php echo esc_attr($first_name); ?>" /></td>

44	<tr class="swpm-admin-edit-company">
45	<th scope="row"><label for="company_name"><?php echo SwpmUtils::_('Company') ?></label></th>
46	<td><input name="company_name" type="text" id="company_name" class="regular-text" value="<?php echo esc_attr($company_name); ?>" /></td>
47	+ </tr>
48	<tr class="swpm-admin-edit-member-since">
49	<th scope="row"><label for="member_since"><?php echo SwpmUtils::_('Member Since') ?> </label></th>
50	<td><input class="regular-text" name="member_since" type="text" id="member_since" value="<?php echo esc_attr($member_since); ?>" /></td>

views/admin_members_list.php CHANGED Viewed

	@@ -17,7 +17,7 @@ global $wpdb;
17	$query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id !=1 ";
18	$levels = $wpdb->get_results($query, ARRAY_A);
19
20	- $account_state = ~~filter_input~~(~~INPUT_GET,~~ 'status', ~~FILTER_SANITIZE_STRING)~~;
21	$membership_level = filter_input(INPUT_GET, 'membership_level', FILTER_SANITIZE_NUMBER_INT);
22	?>
23	<style>


17	$query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id !=1 ";
18	$levels = $wpdb->get_results($query, ARRAY_A);
19
20	+ $account_state = isset($_GET['status']) ? sanitize_text_field($_GET['status']) : '';
21	$membership_level = filter_input(INPUT_GET, 'membership_level', FILTER_SANITIZE_NUMBER_INT);
22	?>
23	<style>

views/admin_tools_settings.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	$links = array();
3	if(isset($_REQUEST['swpm_link_for'])){
4	//Rego complete link feature
5	- $link_for = ~~filter_input~~(~~INPUT_POST,~~ 'swpm_link_for', ~~FILTER_SANITIZE_STRING)~~;
6	$member_id = filter_input(INPUT_POST, 'member_id', FILTER_SANITIZE_NUMBER_INT);
7	$send_email = isset($_REQUEST['swpm_reminder_email']) ? true : false;
8	$links = SwpmUtils::get_registration_complete_prompt_link($link_for, $send_email, $member_id);
	@@ -54,12 +54,12 @@ if(isset($_REQUEST['recreate-required-pages-submit'])){
54	} else {
55	echo '<div class="swpm-grey-box">' . SwpmUtils::_('Registration completion links will appear below') . '</div>';
56	}
57	- ?>
58	<div class="swpm-margin-top-10"></div>
59	<?php foreach ($links as $key => $link) { ?>
60	<input type="text" size="120" readonly="readonly" name="link[<?php echo $key ?>]" value="<?php echo $link; ?>"/><br/>
61	<?php } ?>
62	-
63	<?php
64	if (isset($_REQUEST['swpm_reminder_email'])) {
65	echo '<div class="swpm-green-box">' . SwpmUtils::_('A prompt to complete registration email was also sent.') . '</div>';
	@@ -93,7 +93,7 @@ if(isset($_REQUEST['recreate-required-pages-submit'])){
93
94	</div>
95	</div>
96	-
97	</div><!-- end of post-body -->
98	</div><!-- end of poststuff -->
99


2	$links = array();
3	if(isset($_REQUEST['swpm_link_for'])){
4	//Rego complete link feature
5	+ $link_for = isset($_POST['swpm_link_for']) ? sanitize_text_field($_POST['swpm_link_for']) : '';
6	$member_id = filter_input(INPUT_POST, 'member_id', FILTER_SANITIZE_NUMBER_INT);
7	$send_email = isset($_REQUEST['swpm_reminder_email']) ? true : false;
8	$links = SwpmUtils::get_registration_complete_prompt_link($link_for, $send_email, $member_id);

54	} else {
55	echo '<div class="swpm-grey-box">' . SwpmUtils::_('Registration completion links will appear below') . '</div>';
56	}
57	+ ?>
58	<div class="swpm-margin-top-10"></div>
59	<?php foreach ($links as $key => $link) { ?>
60	<input type="text" size="120" readonly="readonly" name="link[<?php echo $key ?>]" value="<?php echo $link; ?>"/><br/>
61	<?php } ?>
62	+
63	<?php
64	if (isset($_REQUEST['swpm_reminder_email'])) {
65	echo '<div class="swpm-green-box">' . SwpmUtils::_('A prompt to complete registration email was also sent.') . '</div>';

93
94	</div>
95	</div>
96	+
97	</div><!-- end of post-body -->
98	</div><!-- end of poststuff -->
99

views/payments/payment-gateway/admin_paypal_smart_checkout_button.php CHANGED Viewed

	@@ -285,12 +285,12 @@ add_action('swpm_edit_payment_button_process_submission', 'swpm_save_edit_pp_sma
285
286	function swpm_save_edit_pp_smart_checkout_button_data() {
287
288	- $btn_size = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_btn_size'~~, FILTER_SANITIZE_STRING~~);
289	- $btn_color = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_btn_color'~~, FILTER_SANITIZE_STRING~~);
290	- $btn_shape = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_btn_shape'~~, FILTER_SANITIZE_STRING~~);
291	- $btn_layout = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_btn_layout'~~, FILTER_SANITIZE_STRING~~);
292	- $pm_credit = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_payment_method_credit'~~, FILTER_SANITIZE_STRING~~);
293	- $pm_elv = ~~filter_input~~(~~INPUT_POST,~~ 'pp_smart_checkout_payment_method_elv'~~, FILTER_SANITIZE_STRING~~);
294
295	if (isset($_REQUEST['swpm_pp_smart_checkout_save_submit'])) {
296	//This is a PayPal Smart Checkout button save event.


285
286	function swpm_save_edit_pp_smart_checkout_button_data() {
287
288	+ $btn_size = sanitize_text_field($_POST['pp_smart_checkout_btn_size']);
289	+ $btn_color = sanitize_text_field($_POST['pp_smart_checkout_btn_color']);
290	+ $btn_shape = sanitize_text_field($_POST['pp_smart_checkout_btn_shape']);
291	+ $btn_layout = sanitize_text_field($_POST['pp_smart_checkout_btn_layout']);
292	+ $pm_credit = sanitize_text_field($_POST['pp_smart_checkout_payment_method_credit']);
293	+ $pm_elv = sanitize_text_field($_POST['pp_smart_checkout_payment_method_elv']);
294
295	if (isset($_REQUEST['swpm_pp_smart_checkout_save_submit'])) {
296	//This is a PayPal Smart Checkout button save event.

views/payments/payment-gateway/paypal_smart_checkout_button_shortcode_view.php CHANGED Viewed

	@@ -36,6 +36,9 @@ function swpm_render_pp_smart_checkout_button_sc_output($button_code, $args) {
36	$payment_amount_formatted = number_format($payment_amount, 2, '.', '');
37	$payment_currency = get_post_meta($button_id, 'payment_currency', true);
38



39	//Return, cancel, notifiy URLs
40	$return_url = get_post_meta($button_id, 'return_url', true);
41	if (empty($return_url)) {
	@@ -96,7 +99,7 @@ function swpm_render_pp_smart_checkout_button_sc_output($button_code, $args) {
96	}
97	?>
98	<div class="swpm-button-wrapper">
99	- <?php
100	//apply filter to output additional form fields
101	$coupon_input = '';
102	$coupon_input = apply_filters('swpm_payment_form_additional_fields', $coupon_input, $button_id, $uniqid);
	@@ -137,7 +140,10 @@ function swpm_render_pp_smart_checkout_button_sc_output($button_code, $args) {
137	return actions.payment.create({
138	payment: {
139	transactions: [{
140	- amount: {total: amount, currency: '<?php echo $payment_currency; ?>'}



141	}]
142	},
143	meta: {partner_attribution_id: 'TipsandTricks_SP'}


36	$payment_amount_formatted = number_format($payment_amount, 2, '.', '');
37	$payment_currency = get_post_meta($button_id, 'payment_currency', true);
38
39	+ //Create the items_list for passing to PayPal API
40	+ $items_list = "{name: '".$item_name."', quantity: '1', price: '".$payment_amount."', currency: '".$payment_currency."'}";
41	+
42	//Return, cancel, notifiy URLs
43	$return_url = get_post_meta($button_id, 'return_url', true);
44	if (empty($return_url)) {

99	}
100	?>
101	<div class="swpm-button-wrapper">
102	+ <?php
103	//apply filter to output additional form fields
104	$coupon_input = '';
105	$coupon_input = apply_filters('swpm_payment_form_additional_fields', $coupon_input, $button_id, $uniqid);

140	return actions.payment.create({
141	payment: {
142	transactions: [{
143	+ amount: {total: amount, currency: '<?php echo $payment_currency; ?>'},
144	+ item_list: {
145	+ items: [<?php echo $items_list; ?>]
146	+ }
147	}]
148	},
149	meta: {partner_attribution_id: 'TipsandTricks_SP'}