Headline
CVE-2021-24728: Changeset 2566399 for paid-member-subscriptions – WordPress Plugin Repository
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages.
paid-member-subscriptions/tags/2.4.2/includes/admin/class-admin-members-list-table.php
r2547304
r2566399
277
277
$args\['orderby'\] = 'user\_login';
278
278
279
$args\['order'\] = sanitize\_text\_field( $\_REQUEST\['order'\] );
279
$order = strtolower( sanitize\_text\_field( $\_REQUEST\['order'\] ) );
280
281
if( $order == 'asc' )
282
$args\['order'\] = 'ASC';
283
elseif( $order == 'desc' )
284
$args\['order'\] = 'DESC';
280
285
281
286
}
paid-member-subscriptions/tags/2.4.2/includes/admin/class-admin-members.php
r2565019
r2566399
164
164
if( apply\_filters( 'pms\_update\_billing\_amount\_from\_backend\_on\_sub\_change', true ) ) {
165
165
if ($member\_subscription->subscription\_plan\_id != $\_POST\['subscription\_plan\_id'\]) {
166
$new\_subscription\_plan = pms\_get\_subscription\_plan($\_POST\['subscription\_plan\_id'\]);
166
$new\_subscription\_plan = pms\_get\_subscription\_plan( (int)$\_POST\['subscription\_plan\_id'\] );
167
167
if (isset($new\_subscription\_plan->price)) {
168
168
$\_POST\['billing\_amount'\] = $new\_subscription\_plan->price;
paid-member-subscriptions/tags/2.4.2/includes/admin/class-admin-payments-list-table.php
r2419267
r2566399
176
176
if( ! empty( $\_REQUEST\['orderby'\] ) && ! empty( $\_REQUEST\['order'\] ) ) {
177
177
178
$args\['orderby'\] = sanitize\_text\_field( $\_REQUEST\['orderby'\] );
179
$args\['order'\] = sanitize\_text\_field( $\_REQUEST\['order'\] );
178
$orderby = sanitize\_text\_field( $\_REQUEST\['orderby'\] );
179
$orderby\_possibilities = array( 'id', 'status' );
180
181
if( in\_array( $orderby, $orderby\_possibilities ) )
182
$args\['orderby'\] = $orderby;
183
184
$order = strtolower( sanitize\_text\_field( $\_REQUEST\['order'\] ) );
185
186
if( $order == 'asc' )
187
$args\['order'\] = 'ASC';
188
elseif( $order == 'desc' )
189
$args\['order'\] = 'DESC';
180
190
181
191
}
paid-member-subscriptions/tags/2.4.2/includes/admin/meta-boxes/class-meta-box-single-content-restriction.php
r2430152
r2566399
85
85
update\_post\_meta( $post\_id, 'pms-content-restrict-messages-enabled', 'yes' );
86
86
87
update\_post\_meta( $post\_id, 'pms-content-restrict-message-logged\_out', ( ! empty( $\_POST\['pms-content-restrict-message-logged\_out'\] ) ? $\_POST\['pms-content-restrict-message-logged\_out'\] : '' ) );
88
update\_post\_meta( $post\_id, 'pms-content-restrict-message-non\_members', ( ! empty( $\_POST\['pms-content-restrict-message-non\_members'\] ) ? $\_POST\['pms-content-restrict-message-non\_members'\] : '' ) );
87
update\_post\_meta( $post\_id, 'pms-content-restrict-message-logged\_out', ( ! empty( $\_POST\['pms-content-restrict-message-logged\_out'\] ) ? wp\_kses\_post( $\_POST\['pms-content-restrict-message-logged\_out'\] ) : '' ) );
88
update\_post\_meta( $post\_id, 'pms-content-restrict-message-non\_members', ( ! empty( $\_POST\['pms-content-restrict-message-non\_members'\] ) ? wp\_kses\_post( $\_POST\['pms-content-restrict-message-non\_members'\] ) : '' ) );
89
89
90
90
}
paid-member-subscriptions/tags/2.4.2/includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php
r2565019
r2566399
77
77
}
78
78
79
if( isset( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) )
80
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_duration\_unit', sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) );
79
if( isset( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) ){
80
81
$duration\_units = array( 'day', 'week', 'month', 'year' );
82
83
if( in\_array( $\_POST\['pms\_subscription\_plan\_duration\_unit'\], $duration\_units ) )
84
$duration\_unit = sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] );
85
else
86
$duration\_unit = 'day';
87
88
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_duration\_unit', $duration\_unit );
89
90
}
81
91
82
92
…
…
119
129
}
120
130
121
if( isset( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] ) )
122
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_trial\_duration\_unit', $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] );
131
if( isset( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] ) ){
132
133
$trial\_duration\_units = array( 'day', 'week', 'month', 'year' );
134
135
if( in\_array( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\], $trial\_duration\_units ) )
136
$trial\_duration\_unit = sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] );
137
else
138
$trial\_duration\_unit = 'day';
139
140
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_trial\_duration\_unit', $trial\_duration\_unit );
141
142
}
123
143
124
144
paid-member-subscriptions/tags/2.4.2/includes/class-billing-details.php
r2288267
r2566399
55
55
<?php endforeach; ?>
56
56
57
<input type="hidden" name="pms\_member\_id" value="<?php echo isset( $\_GET\['member\_id'\] ) ? $\_GET\['member\_id'\] : ''; ?>" />
57
<input type="hidden" name="pms\_member\_id" value="<?php echo esc\_attr( isset( $\_GET\['member\_id'\] ) ? $\_GET\['member\_id'\] : '' ); ?>" />
58
58
59
59
<a href="" id="save" class="button button-secondary"><?php \_e( 'Save', 'paid-member-subscriptions' ); ?></a>
paid-member-subscriptions/tags/2.4.2/index.php
r2565019
r2566399
4
4
\* Plugin URI: http://www.cozmoslabs.com/
5
5
\* Description: Accept payments, create subscription plans and restrict content on your membership website.
6
\* Version: 2.4.1
6
\* Version: 2.4.2
7
7
\* Author: Cozmoslabs
8
8
\* Author URI: http://www.cozmoslabs.com/
…
…
37
37
public function \_\_construct() {
38
38
39
define( 'PMS\_VERSION', '2.4.1' );
39
define( 'PMS\_VERSION', '2.4.2' );
40
40
define( 'PMS\_PLUGIN\_DIR\_PATH', plugin\_dir\_path( \_\_FILE\_\_ ) );
41
41
define( 'PMS\_PLUGIN\_DIR\_URL', plugin\_dir\_url( \_\_FILE\_\_ ) );
paid-member-subscriptions/tags/2.4.2/readme.txt
r2565019
r2566399
5
5
Requires at least: 3.1
6
6
Tested up to: 5.7
7
Stable tag: 2.4.1
7
Stable tag: 2.4.2
8
8
License: GPLv2 or later
9
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
194
194
195
195
\== Changelog ==
196
\= 2.4.2 =
197
\* Fix: Security issue on Members and Payments pages
198
196
199
\= 2.4.1 =
197
200
\* Fix: Compatibility issue between reCaptcha and new Stripe add-on version
paid-member-subscriptions/tags/2.4.2/translations/paid-member-subscriptions.pot
r2565019
r2566399
115
115
msgstr ""
116
116
117
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:125, includes/functions-user.php:247, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:205, ../pms-add-on-discount-codes/views/view-meta-box-discount-codes.php:133, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:109, includes/admin/class-admin-member-payments-list-table.php:53, includes/admin/class-admin-member-subscription-list-table.php:71, includes/admin/class-admin-members-list-table.php:503, includes/admin/class-admin-payments-list-table.php:106, includes/admin/class-admin-subscription-plans.php:323, ../pms-add-on-content-dripping/includes/views/view-meta-box-content-dripping-details.php:28, ../pms-add-on-email-reminders/includes/views/view-meta-box-email-reminders.php:127, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:65, ../pms-add-on-group-memberships/includes/views/view-members-list.php:40, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:19, includes/admin/views/view-page-members-add-new-edit-subscription.php:273, includes/admin/views/view-page-payments-add-new-edit.php:210, includes/views/shortcodes/view-shortcode-account-subscription-details.php:36, includes/views/shortcodes/view-shortcode-account.php:14, includes/views/shortcodes/view-shortcode-payment-history.php:40, includes/admin/meta-boxes/views/view-meta-box-subscription-details.php:147, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-product-membership-discounts.php:82, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-subscription-plan-product-discounts.php:64
117
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:125, includes/functions-user.php:247, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:205, ../pms-add-on-discount-codes/views/view-meta-box-discount-codes.php:133, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:109, includes/admin/class-admin-member-payments-list-table.php:53, includes/admin/class-admin-member-subscription-list-table.php:71, includes/admin/class-admin-members-list-table.php:508, includes/admin/class-admin-payments-list-table.php:106, includes/admin/class-admin-subscription-plans.php:323, ../pms-add-on-content-dripping/includes/views/view-meta-box-content-dripping-details.php:28, ../pms-add-on-email-reminders/includes/views/view-meta-box-email-reminders.php:127, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:65, ../pms-add-on-group-memberships/includes/views/view-members-list.php:40, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:19, includes/admin/views/view-page-members-add-new-edit-subscription.php:273, includes/admin/views/view-page-payments-add-new-edit.php:210, includes/views/shortcodes/view-shortcode-account-subscription-details.php:36, includes/views/shortcodes/view-shortcode-account.php:14, includes/views/shortcodes/view-shortcode-payment-history.php:40, includes/admin/meta-boxes/views/view-meta-box-subscription-details.php:147, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-product-membership-discounts.php:82, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-subscription-plan-product-discounts.php:64
118
118
msgid "Status"
119
119
msgstr ""
…
…
131
131
msgstr ""
132
132
133
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:189, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:174, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:267, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:302, includes/admin/class-admin-payments-list-table.php:327, includes/admin/class-admin-subscription-plans.php:296, ../pms-add-on-tax/includes/views/view-settings-tab-tax.php:129, includes/views/shortcodes/view-shortcode-edit-profile-form.php:80
133
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:189, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:174, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:267, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:302, includes/admin/class-admin-payments-list-table.php:337, includes/admin/class-admin-subscription-plans.php:296, ../pms-add-on-tax/includes/views/view-settings-tab-tax.php:129, includes/views/shortcodes/view-shortcode-edit-profile-form.php:80
134
134
msgid "Delete"
135
135
msgstr ""
…
…
1202
1202
msgstr ""
1203
1203
1204
#: includes/functions-content-filtering.php:467, includes/admin/class-admin-member-subscription-list-table.php:273, includes/admin/class-admin-members-list-table.php:502, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:63, includes/views/shortcodes/view-shortcode-account-subscription-details.php:53, includes/views/shortcodes/view-shortcode-account.php:43
1204
#: includes/functions-content-filtering.php:467, includes/admin/class-admin-member-subscription-list-table.php:273, includes/admin/class-admin-members-list-table.php:507, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:63, includes/views/shortcodes/view-shortcode-account-subscription-details.php:53, includes/views/shortcodes/view-shortcode-account.php:43
1205
1205
msgid "Unlimited"
1206
1206
msgstr ""
…
…
4026
4026
msgstr ""
4027
4027
4028
#: ../pms-add-on-tax/includes/functions-admin.php:345, includes/admin/class-admin-payments-list-table.php:406
4028
#: ../pms-add-on-tax/includes/functions-admin.php:345, includes/admin/class-admin-payments-list-table.php:416
4029
4029
msgid "Discount code"
4030
4030
msgstr ""
…
…
4058
4058
msgstr ""
4059
4059
4060
#: ../pms-add-on-tax/includes/functions-admin.php:491, includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:506, includes/admin/class-admin-members-list-table.php:509, extend/elementor/widgets/class-widget-account.php:63, includes/admin/views/view-page-settings-general.php:25, extend/beaver-builder/modules/pms-account/pms-account.php:38, extend/siteorigin/widgets/pms-account/pms-account.php:26
4060
#: ../pms-add-on-tax/includes/functions-admin.php:491, includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:511, includes/admin/class-admin-members-list-table.php:514, extend/elementor/widgets/class-widget-account.php:63, includes/admin/views/view-page-settings-general.php:25, extend/beaver-builder/modules/pms-account/pms-account.php:38, extend/siteorigin/widgets/pms-account/pms-account.php:26
4061
4061
msgid "Yes"
4062
4062
msgstr ""
…
…
4362
4362
msgstr ""
4363
4363
4364
#: includes/admin/class-admin-member-payments-list-table.php:185, includes/admin/class-admin-payments-list-table.php:444, includes/views/shortcodes/view-shortcode-payment-history.php:66
4364
#: includes/admin/class-admin-member-payments-list-table.php:185, includes/admin/class-admin-payments-list-table.php:454, includes/views/shortcodes/view-shortcode-payment-history.php:66
4365
4365
msgid "No payments found"
4366
4366
msgstr ""
4367
4367
4368
#: includes/admin/class-admin-member-subscription-list-table.php:70, includes/admin/class-admin-members-list-table.php:502
4368
#: includes/admin/class-admin-member-subscription-list-table.php:70, includes/admin/class-admin-members-list-table.php:507
4369
4369
msgid "Expiration date"
4370
4370
msgstr ""
4371
4371
4372
#: includes/admin/class-admin-member-subscription-list-table.php:72, includes/admin/class-admin-members-list-table.php:506
4372
#: includes/admin/class-admin-member-subscription-list-table.php:72, includes/admin/class-admin-members-list-table.php:511
4373
4373
msgid "Auto-renewing"
4374
4374
msgstr ""
4375
4375
4376
#: includes/admin/class-admin-member-subscription-list-table.php:73, includes/admin/class-admin-members-list-table.php:509
4376
#: includes/admin/class-admin-member-subscription-list-table.php:73, includes/admin/class-admin-members-list-table.php:514
4377
4377
msgid "Active Trial"
4378
4378
msgstr ""
…
…
4382
4382
msgstr ""
4383
4383
4384
#: includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:506, extend/elementor/widgets/class-widget-account.php:64, includes/admin/views/view-page-settings-general.php:24, extend/beaver-builder/modules/pms-account/pms-account.php:39, extend/siteorigin/widgets/pms-account/pms-account.php:27
4384
#: includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:511, extend/elementor/widgets/class-widget-account.php:64, includes/admin/views/view-page-settings-general.php:24, extend/beaver-builder/modules/pms-account/pms-account.php:39, extend/siteorigin/widgets/pms-account/pms-account.php:27
4385
4385
msgid "No"
4386
4386
msgstr ""
…
…
4422
4422
msgstr ""
4423
4423
4424
#: includes/admin/class-admin-members-add-new-bulk-list-table.php:376, includes/admin/class-admin-members-list-table.php:494
4424
#: includes/admin/class-admin-members-add-new-bulk-list-table.php:376, includes/admin/class-admin-members-list-table.php:499
4425
4425
msgid "Subscription Plan Not Found - ID: %s"
4426
4426
msgstr ""
…
…
4442
4442
msgstr ""
4443
4443
4444
#: includes/admin/class-admin-members-list-table.php:452, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:233, includes/admin/views/view-page-members-edit.php:14
4444
#: includes/admin/class-admin-members-list-table.php:457, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:233, includes/admin/views/view-page-members-edit.php:14
4445
4445
msgid "Edit Member"
4446
4446
msgstr ""
4447
4447
4448
#: includes/admin/class-admin-members-list-table.php:501
4448
#: includes/admin/class-admin-members-list-table.php:506
4449
4449
msgid "Start date"
4450
4450
msgstr ""
4451
4451
4452
#: includes/admin/class-admin-members-list-table.php:528
4452
#: includes/admin/class-admin-members-list-table.php:533
4453
4453
msgid "View Abandoned Subscriptions"
4454
4454
msgstr ""
4455
4455
4456
#: includes/admin/class-admin-members-list-table.php:529
4456
#: includes/admin/class-admin-members-list-table.php:534
4457
4457
msgid "%s %s abandoned subscription"
4458
4458
msgid\_plural "%s %s abandoned subscriptions"
…
…
4460
4460
msgstr\[1\] ""
4461
4461
4462
#: includes/admin/class-admin-members-list-table.php:544
4462
#: includes/admin/class-admin-members-list-table.php:549
4463
4463
msgid "No members found"
4464
4464
msgstr ""
…
…
4650
4650
msgstr ""
4651
4651
4652
#: includes/admin/class-admin-payments-list-table.php:232
4652
#: includes/admin/class-admin-payments-list-table.php:242
4653
4653
msgid "User no longer exists"
4654
4654
msgstr ""
4655
4655
4656
#: includes/admin/class-admin-payments-list-table.php:324
4656
#: includes/admin/class-admin-payments-list-table.php:334
4657
4657
msgid "Edit Payment"
4658
4658
msgstr ""
4659
4659
4660
#: includes/admin/class-admin-payments-list-table.php:327
4660
#: includes/admin/class-admin-payments-list-table.php:337
4661
4661
msgid "Are you sure you want to delete this Payment?"
4662
4662
msgstr ""
4663
4663
4664
#: includes/admin/class-admin-payments-list-table.php:381
4664
#: includes/admin/class-admin-payments-list-table.php:391
4665
4665
msgid "View Logs"
4666
4666
msgstr ""
…
…
5763
5763
msgstr ""
5764
5764
5765
#: includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php:208
5765
#: includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php:228
5766
5766
msgid "Subscription Plan Details"
5767
5767
msgstr ""
paid-member-subscriptions/trunk/includes/admin/class-admin-members-list-table.php
r2547304
r2566399
277
277
$args\['orderby'\] = 'user\_login';
278
278
279
$args\['order'\] = sanitize\_text\_field( $\_REQUEST\['order'\] );
279
$order = strtolower( sanitize\_text\_field( $\_REQUEST\['order'\] ) );
280
281
if( $order == 'asc' )
282
$args\['order'\] = 'ASC';
283
elseif( $order == 'desc' )
284
$args\['order'\] = 'DESC';
280
285
281
286
}
paid-member-subscriptions/trunk/includes/admin/class-admin-members.php
r2565019
r2566399
164
164
if( apply\_filters( 'pms\_update\_billing\_amount\_from\_backend\_on\_sub\_change', true ) ) {
165
165
if ($member\_subscription->subscription\_plan\_id != $\_POST\['subscription\_plan\_id'\]) {
166
$new\_subscription\_plan = pms\_get\_subscription\_plan($\_POST\['subscription\_plan\_id'\]);
166
$new\_subscription\_plan = pms\_get\_subscription\_plan( (int)$\_POST\['subscription\_plan\_id'\] );
167
167
if (isset($new\_subscription\_plan->price)) {
168
168
$\_POST\['billing\_amount'\] = $new\_subscription\_plan->price;
paid-member-subscriptions/trunk/includes/admin/class-admin-payments-list-table.php
r2419267
r2566399
176
176
if( ! empty( $\_REQUEST\['orderby'\] ) && ! empty( $\_REQUEST\['order'\] ) ) {
177
177
178
$args\['orderby'\] = sanitize\_text\_field( $\_REQUEST\['orderby'\] );
179
$args\['order'\] = sanitize\_text\_field( $\_REQUEST\['order'\] );
178
$orderby = sanitize\_text\_field( $\_REQUEST\['orderby'\] );
179
$orderby\_possibilities = array( 'id', 'status' );
180
181
if( in\_array( $orderby, $orderby\_possibilities ) )
182
$args\['orderby'\] = $orderby;
183
184
$order = strtolower( sanitize\_text\_field( $\_REQUEST\['order'\] ) );
185
186
if( $order == 'asc' )
187
$args\['order'\] = 'ASC';
188
elseif( $order == 'desc' )
189
$args\['order'\] = 'DESC';
180
190
181
191
}
paid-member-subscriptions/trunk/includes/admin/meta-boxes/class-meta-box-single-content-restriction.php
r2430152
r2566399
85
85
update\_post\_meta( $post\_id, 'pms-content-restrict-messages-enabled', 'yes' );
86
86
87
update\_post\_meta( $post\_id, 'pms-content-restrict-message-logged\_out', ( ! empty( $\_POST\['pms-content-restrict-message-logged\_out'\] ) ? $\_POST\['pms-content-restrict-message-logged\_out'\] : '' ) );
88
update\_post\_meta( $post\_id, 'pms-content-restrict-message-non\_members', ( ! empty( $\_POST\['pms-content-restrict-message-non\_members'\] ) ? $\_POST\['pms-content-restrict-message-non\_members'\] : '' ) );
87
update\_post\_meta( $post\_id, 'pms-content-restrict-message-logged\_out', ( ! empty( $\_POST\['pms-content-restrict-message-logged\_out'\] ) ? wp\_kses\_post( $\_POST\['pms-content-restrict-message-logged\_out'\] ) : '' ) );
88
update\_post\_meta( $post\_id, 'pms-content-restrict-message-non\_members', ( ! empty( $\_POST\['pms-content-restrict-message-non\_members'\] ) ? wp\_kses\_post( $\_POST\['pms-content-restrict-message-non\_members'\] ) : '' ) );
89
89
90
90
}
paid-member-subscriptions/trunk/includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php
r2565019
r2566399
77
77
}
78
78
79
if( isset( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) )
80
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_duration\_unit', sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) );
79
if( isset( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] ) ){
80
81
$duration\_units = array( 'day', 'week', 'month', 'year' );
82
83
if( in\_array( $\_POST\['pms\_subscription\_plan\_duration\_unit'\], $duration\_units ) )
84
$duration\_unit = sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_duration\_unit'\] );
85
else
86
$duration\_unit = 'day';
87
88
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_duration\_unit', $duration\_unit );
89
90
}
81
91
82
92
…
…
119
129
}
120
130
121
if( isset( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] ) )
122
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_trial\_duration\_unit', $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] );
131
if( isset( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] ) ){
132
133
$trial\_duration\_units = array( 'day', 'week', 'month', 'year' );
134
135
if( in\_array( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\], $trial\_duration\_units ) )
136
$trial\_duration\_unit = sanitize\_text\_field( $\_POST\['pms\_subscription\_plan\_trial\_duration\_unit'\] );
137
else
138
$trial\_duration\_unit = 'day';
139
140
update\_post\_meta( $post\_id, 'pms\_subscription\_plan\_trial\_duration\_unit', $trial\_duration\_unit );
141
142
}
123
143
124
144
paid-member-subscriptions/trunk/includes/class-billing-details.php
r2288267
r2566399
55
55
<?php endforeach; ?>
56
56
57
<input type="hidden" name="pms\_member\_id" value="<?php echo isset( $\_GET\['member\_id'\] ) ? $\_GET\['member\_id'\] : ''; ?>" />
57
<input type="hidden" name="pms\_member\_id" value="<?php echo esc\_attr( isset( $\_GET\['member\_id'\] ) ? $\_GET\['member\_id'\] : '' ); ?>" />
58
58
59
59
<a href="" id="save" class="button button-secondary"><?php \_e( 'Save', 'paid-member-subscriptions' ); ?></a>
paid-member-subscriptions/trunk/index.php
r2565019
r2566399
4
4
\* Plugin URI: http://www.cozmoslabs.com/
5
5
\* Description: Accept payments, create subscription plans and restrict content on your membership website.
6
\* Version: 2.4.1
6
\* Version: 2.4.2
7
7
\* Author: Cozmoslabs
8
8
\* Author URI: http://www.cozmoslabs.com/
…
…
37
37
public function \_\_construct() {
38
38
39
define( 'PMS\_VERSION', '2.4.1' );
39
define( 'PMS\_VERSION', '2.4.2' );
40
40
define( 'PMS\_PLUGIN\_DIR\_PATH', plugin\_dir\_path( \_\_FILE\_\_ ) );
41
41
define( 'PMS\_PLUGIN\_DIR\_URL', plugin\_dir\_url( \_\_FILE\_\_ ) );
paid-member-subscriptions/trunk/readme.txt
r2565019
r2566399
5
5
Requires at least: 3.1
6
6
Tested up to: 5.7
7
Stable tag: 2.4.1
7
Stable tag: 2.4.2
8
8
License: GPLv2 or later
9
9
License URI: http://www.gnu.org/licenses/gpl-2.0.html
…
…
194
194
195
195
\== Changelog ==
196
\= 2.4.2 =
197
\* Fix: Security issue on Members and Payments pages
198
196
199
\= 2.4.1 =
197
200
\* Fix: Compatibility issue between reCaptcha and new Stripe add-on version
paid-member-subscriptions/trunk/translations/paid-member-subscriptions.pot
r2565019
r2566399
115
115
msgstr ""
116
116
117
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:125, includes/functions-user.php:247, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:205, ../pms-add-on-discount-codes/views/view-meta-box-discount-codes.php:133, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:109, includes/admin/class-admin-member-payments-list-table.php:53, includes/admin/class-admin-member-subscription-list-table.php:71, includes/admin/class-admin-members-list-table.php:503, includes/admin/class-admin-payments-list-table.php:106, includes/admin/class-admin-subscription-plans.php:323, ../pms-add-on-content-dripping/includes/views/view-meta-box-content-dripping-details.php:28, ../pms-add-on-email-reminders/includes/views/view-meta-box-email-reminders.php:127, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:65, ../pms-add-on-group-memberships/includes/views/view-members-list.php:40, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:19, includes/admin/views/view-page-members-add-new-edit-subscription.php:273, includes/admin/views/view-page-payments-add-new-edit.php:210, includes/views/shortcodes/view-shortcode-account-subscription-details.php:36, includes/views/shortcodes/view-shortcode-account.php:14, includes/views/shortcodes/view-shortcode-payment-history.php:40, includes/admin/meta-boxes/views/view-meta-box-subscription-details.php:147, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-product-membership-discounts.php:82, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-subscription-plan-product-discounts.php:64
117
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:125, includes/functions-user.php:247, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:205, ../pms-add-on-discount-codes/views/view-meta-box-discount-codes.php:133, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:109, includes/admin/class-admin-member-payments-list-table.php:53, includes/admin/class-admin-member-subscription-list-table.php:71, includes/admin/class-admin-members-list-table.php:508, includes/admin/class-admin-payments-list-table.php:106, includes/admin/class-admin-subscription-plans.php:323, ../pms-add-on-content-dripping/includes/views/view-meta-box-content-dripping-details.php:28, ../pms-add-on-email-reminders/includes/views/view-meta-box-email-reminders.php:127, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:65, ../pms-add-on-group-memberships/includes/views/view-members-list.php:40, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:19, includes/admin/views/view-page-members-add-new-edit-subscription.php:273, includes/admin/views/view-page-payments-add-new-edit.php:210, includes/views/shortcodes/view-shortcode-account-subscription-details.php:36, includes/views/shortcodes/view-shortcode-account.php:14, includes/views/shortcodes/view-shortcode-payment-history.php:40, includes/admin/meta-boxes/views/view-meta-box-subscription-details.php:147, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-product-membership-discounts.php:82, extend/woocommerce/includes/admin/meta-boxes/class-meta-box-subscription-plan-product-discounts.php:64
118
118
msgid "Status"
119
119
msgstr ""
…
…
131
131
msgstr ""
132
132
133
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:189, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:174, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:267, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:302, includes/admin/class-admin-payments-list-table.php:327, includes/admin/class-admin-subscription-plans.php:296, ../pms-add-on-tax/includes/views/view-settings-tab-tax.php:129, includes/views/shortcodes/view-shortcode-edit-profile-form.php:80
133
#: ../pms-add-on-discount-codes/class-admin-discount-codes.php:189, ../pms-add-on-content-dripping/includes/class-admin-content-dripping.php:174, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:267, ../pms-add-on-email-reminders/includes/class-admin-email-reminders.php:302, includes/admin/class-admin-payments-list-table.php:337, includes/admin/class-admin-subscription-plans.php:296, ../pms-add-on-tax/includes/views/view-settings-tab-tax.php:129, includes/views/shortcodes/view-shortcode-edit-profile-form.php:80
134
134
msgid "Delete"
135
135
msgstr ""
…
…
1202
1202
msgstr ""
1203
1203
1204
#: includes/functions-content-filtering.php:467, includes/admin/class-admin-member-subscription-list-table.php:273, includes/admin/class-admin-members-list-table.php:502, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:63, includes/views/shortcodes/view-shortcode-account-subscription-details.php:53, includes/views/shortcodes/view-shortcode-account.php:43
1204
#: includes/functions-content-filtering.php:467, includes/admin/class-admin-member-subscription-list-table.php:273, includes/admin/class-admin-members-list-table.php:507, ../pms-add-on-group-memberships/includes/views/view-shortcode-account-subscriptions-row.php:63, includes/views/shortcodes/view-shortcode-account-subscription-details.php:53, includes/views/shortcodes/view-shortcode-account.php:43
1205
1205
msgid "Unlimited"
1206
1206
msgstr ""
…
…
4026
4026
msgstr ""
4027
4027
4028
#: ../pms-add-on-tax/includes/functions-admin.php:345, includes/admin/class-admin-payments-list-table.php:406
4028
#: ../pms-add-on-tax/includes/functions-admin.php:345, includes/admin/class-admin-payments-list-table.php:416
4029
4029
msgid "Discount code"
4030
4030
msgstr ""
…
…
4058
4058
msgstr ""
4059
4059
4060
#: ../pms-add-on-tax/includes/functions-admin.php:491, includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:506, includes/admin/class-admin-members-list-table.php:509, extend/elementor/widgets/class-widget-account.php:63, includes/admin/views/view-page-settings-general.php:25, extend/beaver-builder/modules/pms-account/pms-account.php:38, extend/siteorigin/widgets/pms-account/pms-account.php:26
4060
#: ../pms-add-on-tax/includes/functions-admin.php:491, includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:511, includes/admin/class-admin-members-list-table.php:514, extend/elementor/widgets/class-widget-account.php:63, includes/admin/views/view-page-settings-general.php:25, extend/beaver-builder/modules/pms-account/pms-account.php:38, extend/siteorigin/widgets/pms-account/pms-account.php:26
4061
4061
msgid "Yes"
4062
4062
msgstr ""
…
…
4362
4362
msgstr ""
4363
4363
4364
#: includes/admin/class-admin-member-payments-list-table.php:185, includes/admin/class-admin-payments-list-table.php:444, includes/views/shortcodes/view-shortcode-payment-history.php:66
4364
#: includes/admin/class-admin-member-payments-list-table.php:185, includes/admin/class-admin-payments-list-table.php:454, includes/views/shortcodes/view-shortcode-payment-history.php:66
4365
4365
msgid "No payments found"
4366
4366
msgstr ""
4367
4367
4368
#: includes/admin/class-admin-member-subscription-list-table.php:70, includes/admin/class-admin-members-list-table.php:502
4368
#: includes/admin/class-admin-member-subscription-list-table.php:70, includes/admin/class-admin-members-list-table.php:507
4369
4369
msgid "Expiration date"
4370
4370
msgstr ""
4371
4371
4372
#: includes/admin/class-admin-member-subscription-list-table.php:72, includes/admin/class-admin-members-list-table.php:506
4372
#: includes/admin/class-admin-member-subscription-list-table.php:72, includes/admin/class-admin-members-list-table.php:511
4373
4373
msgid "Auto-renewing"
4374
4374
msgstr ""
4375
4375
4376
#: includes/admin/class-admin-member-subscription-list-table.php:73, includes/admin/class-admin-members-list-table.php:509
4376
#: includes/admin/class-admin-member-subscription-list-table.php:73, includes/admin/class-admin-members-list-table.php:514
4377
4377
msgid "Active Trial"
4378
4378
msgstr ""
…
…
4382
4382
msgstr ""
4383
4383
4384
#: includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:506, extend/elementor/widgets/class-widget-account.php:64, includes/admin/views/view-page-settings-general.php:24, extend/beaver-builder/modules/pms-account/pms-account.php:39, extend/siteorigin/widgets/pms-account/pms-account.php:27
4384
#: includes/admin/class-admin-member-subscription-list-table.php:309, includes/admin/class-admin-member-subscription-list-table.php:317, includes/admin/class-admin-members-list-table.php:511, extend/elementor/widgets/class-widget-account.php:64, includes/admin/views/view-page-settings-general.php:24, extend/beaver-builder/modules/pms-account/pms-account.php:39, extend/siteorigin/widgets/pms-account/pms-account.php:27
4385
4385
msgid "No"
4386
4386
msgstr ""
…
…
4422
4422
msgstr ""
4423
4423
4424
#: includes/admin/class-admin-members-add-new-bulk-list-table.php:376, includes/admin/class-admin-members-list-table.php:494
4424
#: includes/admin/class-admin-members-add-new-bulk-list-table.php:376, includes/admin/class-admin-members-list-table.php:499
4425
4425
msgid "Subscription Plan Not Found - ID: %s"
4426
4426
msgstr ""
…
…
4442
4442
msgstr ""
4443
4443
4444
#: includes/admin/class-admin-members-list-table.php:452, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:233, includes/admin/views/view-page-members-edit.php:14
4444
#: includes/admin/class-admin-members-list-table.php:457, ../pms-add-on-group-memberships/includes/admin/class-admin-group-members-list-table.php:233, includes/admin/views/view-page-members-edit.php:14
4445
4445
msgid "Edit Member"
4446
4446
msgstr ""
4447
4447
4448
#: includes/admin/class-admin-members-list-table.php:501
4448
#: includes/admin/class-admin-members-list-table.php:506
4449
4449
msgid "Start date"
4450
4450
msgstr ""
4451
4451
4452
#: includes/admin/class-admin-members-list-table.php:528
4452
#: includes/admin/class-admin-members-list-table.php:533
4453
4453
msgid "View Abandoned Subscriptions"
4454
4454
msgstr ""
4455
4455
4456
#: includes/admin/class-admin-members-list-table.php:529
4456
#: includes/admin/class-admin-members-list-table.php:534
4457
4457
msgid "%s %s abandoned subscription"
4458
4458
msgid\_plural "%s %s abandoned subscriptions"
…
…
4460
4460
msgstr\[1\] ""
4461
4461
4462
#: includes/admin/class-admin-members-list-table.php:544
4462
#: includes/admin/class-admin-members-list-table.php:549
4463
4463
msgid "No members found"
4464
4464
msgstr ""
…
…
4650
4650
msgstr ""
4651
4651
4652
#: includes/admin/class-admin-payments-list-table.php:232
4652
#: includes/admin/class-admin-payments-list-table.php:242
4653
4653
msgid "User no longer exists"
4654
4654
msgstr ""
4655
4655
4656
#: includes/admin/class-admin-payments-list-table.php:324
4656
#: includes/admin/class-admin-payments-list-table.php:334
4657
4657
msgid "Edit Payment"
4658
4658
msgstr ""
4659
4659
4660
#: includes/admin/class-admin-payments-list-table.php:327
4660
#: includes/admin/class-admin-payments-list-table.php:337
4661
4661
msgid "Are you sure you want to delete this Payment?"
4662
4662
msgstr ""
4663
4663
4664
#: includes/admin/class-admin-payments-list-table.php:381
4664
#: includes/admin/class-admin-payments-list-table.php:391
4665
4665
msgid "View Logs"
4666
4666
msgstr ""
…
…
5763
5763
msgstr ""
5764
5764
5765
#: includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php:208
5765
#: includes/admin/meta-boxes/class-meta-box-subscription-plan-details.php:228
5766
5766
msgid "Subscription Plan Details"
5767
5767
msgstr ""