v2.5.7

• ENHANCEMENT: Added a pmpro_checkout_message filter that can be used to filter error messages shown at checkout.
• BUG FIX/ENHANCEMENT: Now making sure some billing address fields are available for the billing failure emails sent during the PayPal IPN handler.
• BUG FIX/ENHANCEMENT: Fixed issues where HTML entities were shown in level prices in some places when using certain currencies. All prices are sent through a special pmpro_escape_price function that allows div, span, and sup tags with id and class attributes. Also removed from unneeded small tags and grey coloring of prices in certain spots.
• BUG FIX: Now cancelling membership when a SUBSCRIPTION_CANCELED message is sent to the Braintree webhook handler. In the past, we incorrectly sent the payment failed email instead.
• BUG FIX: Fixed display issues with the Require Membership block. The level select field has been swapped with a list of checkboxes.
• BUG FIX: Fixed warnings that occurred when processing failed payments in webhook and IPN handlers.
• BUG FIX: Fixed our Braintree class so we will only attempt to update a user's credit card and address when the getCustomer method is called at checkout or during a billing update.
• BUG FIX: Fixed issue where refreshing the checkout review page when using PayPal Express caused the associated order to be updated again. Now the order status is updated to review and only updates again when the user confirms.
• BUG FIX: Avoiding warnings when the pmpro_url function is used if the PMPro pages haven't been set up yet. (Thanks, Thomas Sjolshagen)
• REFACTOR: Updated the pmpro_getSpecificMembershipLevelForUser( $user_id, $level_id ) function so both fields are required. Will still default to the current user if null is passed for the $user_id.

v2.5.6

• SECURITY: Now sanitizing and escaping the order parameter when filtering the users table in the dashboard. (Thanks, Gen Sato)
• BUG FIX/ENHANCEMENT: Now hiding the ApplePay/GooglePay "Payment Request" buttons when the main checkout form is submitted. This helps to prevent double checkouts.
• BUG FIX: Fixed missing membership data in the billing failed email.

v2.5.5

• SECURITY: Better sanitization of parameters on some REST API endpoints.
• SECURITY: Now showing reCAPTCHA field at checkout even for logged in users.
• ENHANCEMENT: Added find_billing_address() method to the MemberOrder class. This will look for the address on the last order with the same sub id or in user meta.
• ENHANCEMENT: Better styling for invoices shown on the frontend.
• ENHANCEMENT: No longer forcing column width % in the members list table.
• ENHANCEMENT: Added a pmpro_doing_webhook action that is fired at the beginning of our webhook/IPN handlers.
• ENHANCEMENT: Added a pmpro_membership_level_after_billing_details_settings hook to the edit membership level page. This hook should now be used to add billing related settings.
• BUG FIX/ENHANCEMENT: Allowing order total to be set to 0, even if there is a subtotal and tax amount.
• BUG FIX/ENHANCEMENT: Stripe checkout fields will now use the language set in the Stripe settings.
• BUG FIX/ENHANCEMENT: The URL check in our notifications code now accepts arrays (e.g. to see if a URL has one of a group of top level domains). This fixes a warning some may have seen in error logs.
• BUG FIX: Fixed issues where totals on PayPal recurring payments were sometimes incorrect if both an mt_gross and amount field were passed via IPN.

v2.5.4

• ENHANCEMENT: Bump license year 2021 - 10 years.
• ENHANCEMENT: Now passing billing street in pmpro_tax filter.
• ENHANCEMENT: Prefixed our pmpro_stripeResponseHandler function to avoid conflicts.
• ENHANCEMENT: Added getRealPaymentTransactionId method to PayPal Express gateway class to recover a missing transaction ID.
• ENHANCEMENT: Added pmpro_checkout_before_form action to hook anything before the membership checkout form.
• ENHANCEMENT: Added avatar as a valid field type for the [pmpro_member] shortcode.
• ENHANCEMENT: Changed license key field to text type and unmasked. Masking implied the key was hashed before saving which is not true.
• ENHANCEMENT: Addedpmpro_discount_code_used action hook for when a discount code is used.
• ENHANCEMENT: Stripe will now pull billing address info for recurring orders from webhooks.
• BUG FIX/ENHANCEMENT: Improved user interface, error handling, and messages in the frontend password reset process.
• BUG FIX/ENHANCEMENT: Added a space between state and zip code in billing info.
• BUG FIX/ENHANCEMENT: Now rounding amount sent with Stripe payment request button.
• BUG FIX/ENHANCEMENT: Improved pmpro_check_plugin_version function to also check a specific value of the get_plugin_data array.
• BUG FIX/ENHANCEMENT: Added pmpro_membership_levelmeta and pmpro_membership_ordermeta tables to uninstall process.
• BUG FIX/ENHANCEMENT: Escaped things in SQL queries in 2Checkout INS service handler.
• BUG FIX/ENHANCEMENT: Cleaned up levels page template and added MMPU compatibility.
• BUG FIX/ENHANCEMENT: Fixed pagination and export issues with a discount code filter on the Orders admin page.
• BUG FIX/ENHANCEMENT: Prefixed our pmpro_stripeResponseHandler function to avoid conflicts with other Stripe code that may not be prefixed.
• BUG FIX/ENHANCEMENT: Cleaned up conditionals and escaping improvements in the pmpro_redirect_to_logged_in function.
• BUG FIX/ENHANCEMENT: Fixed deprecation notices for sites running PHP 8.
• BUG FIX/ENHANCEMENT: Improved SQL query format in the applydiscountcode service.
• BUG FIX: Fixed issues with ReCAPTCHA v2 and certain gateways.
• BUG FIX: Fixed bug where blog name was not showing in Admin Activity email.
• BUG FIX: Improved incorrect PHP doc blocks.
• BUG FIX: Fixed an issue on some sites where password reset link in email was incorrect.
• BUG FIX: Fixed level change issues during 2Checkout checkout.
• BUG FIX: Fixed issue where checkout_levels REST API endpoint could return the wrong initial payment
• BUG FIX: Fixed undefined notice for timestamp variable in the Stripe gateway class.
• BUG FIX: Avoiding warnings when user ids are in the memberships_users table, but a user doesn't exist.
• BUG FIX: Now setting the correct value for membership_id in the admin change emails.

v2.5.3

• SECURITY: Fixed indirect object reference vulnerability where order information, including customer names, email addresses, and order numbers could be accessed by non-admin WordPress users. (Thanks, WP Plugins Team)
• SECURITY: Now checking ReCAPTCHA validation before enabling the submit button on the checkout form when using ReCAPTCHA v2. This helps to keep bad actors from testing credit cards on your checkout page. We were already doing a similar check when using ReCAPTCHA v3. Further updates to rate limit credit card failures are planned.

v2.5.2

• BUG FIX: Fixed issue where the RECAPTCHA library wasn't being loaded early enough to validate at checkout.
• BUG FIX: Fixed issue where code in the Stripe class was unsetting some required fields, even if Stripe was not being used at checkout.

v2.5.1

• SECURITY: Fixed XSS vulnerability on the Members List page of the dashboard. (Thanks, Ron Masas from Checkmarx.com)
• ENHANCEMENT: Add Ukrainian Hryvnia currency. (Thanks, Mirco Babini)
• ENHANCEMENT: Added a "non-members" option to the Beaver Build module.
• BUG FIX: Fixed issue where only USD and US were allowed with Stripe's GooglePay/ApplePay buttons.
• BUG FIX: Fixed issue where some profile fields, e.g. those added with Register Helper, were accidentally updated or removed when accessing the frontend profile page.
• BUG FIX: Fixed issue with tracking discount code uses when using the 2Checkout gateway. (Thanks, karambk on GitHub)
• BUG FIX: No longer running excerpts through wpautop when a more tag is used.

v2.5

• FEATURE: When using the Stripe Gateway, you may now allow users to pay using Apple Pay, Google Pay, or Microsoft Pay depending on their browser. Enable this feature from the payment settings page.
• FEATURE: Added Divi Builder compatibility.
• FEATURE: Updated the Braintree Gateway class to be able to use the Braintree API for the pmpro_next_payment() function. Note, for performance reasons, you must call this method directly or enable it by hooking it up with code like add_filter('pmpro_next_payment', array('PMProGateway_braintree', 'pmpro_next_payment'), 10, 3);
• FEATURE: Added ordermeta tables and functions. We will wait about a year for all users to upgrade before using these widespread. (Thanks, Mirco Babini)
• ENHANCEMENT: The "short" version of the level cost text for a free level is now "Free" instead of "0.00 now".
• ENHANCEMENT: Added a get_original_subscription_order method to the MemberOrder class. This will return the first order in a subscription when called from a recurring order.
• ENHANCEMENT: Removed the old style license nags.
• BUG FIX/ENHANCEMENT: Using microtime and a static counter int to make sure our order and discount codes are unique. In the past very high traffic sites could run into duplicates if two checkouts happened at the exact same second.
• BUG FIX/ENHANCEMENT: Adjust order delete prompt to support other locales.
• BUG FIX/ENHANCEMENT: Better handling of tax amounts in recurring payments, e.g. when using the PMPro VAT Tax add on.
• BUG FIX/ENHANCEMENT: Optimized how often we hit the Stripe API when events on the checkout page could potentially update the price of checkout.
• BUG FIX/ENHANCEMENT: The checkout_levels api call now takes level as param.
• BUG FIX/ENHANCEMENT: No longer running sanitize_text_field on password fields. This would break passwords that had strings of characters resembling html tags.
• BUG FIX/ENHANCEMENT: Now warning admins if the Stripe billing period is longer than 1 year. Billing periods greater than 1 year are not allowed by Stripe.
• BUG FIX/ENHANCEMENT: Now detecting when a Stripe webhook is set up for an older version of the Stripe API and showing a notice with a link to update.
• BUG FIX/ENHANCEMENT: Adding MAXFAILEDPAYMENTS=1 to PayPal add subscription requests. This tells PayPal to cancel a subscription after the first failed payment. In our experience, the automatic retries rarely worked well. This change fixes issues with subscriptions going out of sync or users retaining access to your site when their payment has failed. Members still receive the payment failed email, which prompts users to return to the site to renew.
• BUG FIX/ENHANCEMENT: Fixing some issues where we are adding extra break tags into the password reset email. There are still some issues like this when using certain plugins. We are working on a general fix.
• BUG FIX/ENHANCEMENT: Removed the "coupon amount" field from the edit order page. These were hold outs from the 2007! ecommerce plugin PMPro was forked from. You can set the pmpro_orders_show_coupon_amounts filter to __return_true to show these fields again if you were using them for tracking things in your custom code.
• BUG FIX: Fixed MMPU compatibility when using discount codes.
• BUG FIX: No longer filtering the wp login url when on wp-login.php. This fixes issues with iThemes Security 2FA.
• BUG FIX: Fixed issues where the Stripe webhook was not being updated sometimes when clicking the button to update.
• BUG FIX: Fixed some notices and warnings when using Braintree.
• BUG FIX: Now resetting memberslist page number when changing shown level.
• BUG FIX: Now ensuring that the discount code field updates, update the Request Button price.
• BUG FIX: Fixed issue where non-pretty permalinks may break frontend password resets.
• BUG FIX: Fixed invoice links on the account page. (Thanks, Mateusz Hołtyn)
• BUG FIX: Fixed incorrect label "for" attribute for uninstall setting.
• BUG FIX: Fixed issue where some free plugins distributed by PMPro would show warnings about requiring a Plus license.

v2.4.4

• BUG FIX: Fixed fatal error that sometimes occurred on the payment settings page when using PHP 5.6 or earlier.
• BUG FIX: Fixed fatal errors that showed up on the frontend invoice page.
• BUG FIX: Fixed issue where the confirmation message was not showing up in the confirmation email if that option was checked.
• ENHANCEMENT: Added a pmpro_stripe_charge_params filter that can be used to edit or add params sent to the Stripe create charge method. (Thanks, Michael Bester)
• ENHANCEMENT: Tweaked the markup of the invoice page so the payment type information looks a little better.

v2.4.3

• SECURITY: Fixed a cross-site scripting vulnerability in the code that updates the Required Membership settings on a post. This vulnerability could have been used in conjunction with other security vulnerabilities to trick an admin into editing the membership settings for a page, potentially exposing members only content to non-members. It is unlikely that there was any active exploitation of this vulnerability. This issue may also have shown up as a bug on some sites using page builders, where the membership settings for a post would be cleared out when editing a post. (Thanks to the wp.org plugin review team for catching this issue.)
• SECURITY: Better escaping of variables shown in the Require Membership meta box and related SQL queries.
• BUG FIX/ENHANCEMENT: Renamed the Vietnamese language files to match what is expected.