Version 1.9.5.4 of Paid Memberships Pro is out with a handful of bug fixes. Included are fixes for Theme My Login 7, Stripe and TwoCheckout integration, and a few others.


About the Update

In addition to the improvements mentioned above, we added some SQL escaping to our reports pages. While this work is marked as a SECURITY update, we do not believe there were any related vulnerabilities in the prior code. It’s just good practice to be extra cautious here to harden the code for future updates.

In addition to the PMPro team, this update includes work by many third party authors including Jeff Farthing, Charl P. Botha, and David Cervantes Caballero.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.9.5.4 specifically here.


About the Level Description and Confirmation Message

As of version 1.9.5.4, we are no longer using the WordPress the_content filter when displaying the membership level’s description or confirmation message. Using the the_content filter in these areas allowed you to use shortcodes and other post styling that relied on that filter. However, some sites (depending on the other plugins installed) would get caught in an infinite loop while rendering this text and crash. If you need to revert your site, please copy and paste this code recipe into a helper PMPro Customizations plugin.

Note that these filters only affect the level description and confirmation message when displayed on your site. If your level description or confirmation message appear in emails to your members, shortcodes and other styles may not work even with the above gist installed.


The full list of updates is below.

  • SECURITY: Some values used in SQL queries in our reporting code were sanitized but not later escaped via esc_sql(). All variables added to SQL queries in the reports are now wrapped in esc_sql(). The previous code was not vulnerable to any known attack, but this change hardens the code against vulnerabilities in the case other parts of the code change in the future.
  • BUG FIX: Fixed issue with lost passwords when Theme My Login 7 is active. (Thanks, Jeff Farthing)
  • BUG FIX: No longer sending an “error canceling the subscription” email when subscriptions are cancelled from Stripe.
  • BUG FIX: Fixed issue where TwoCheckout orders were not correctly updating the TOS consent data. (Thanks, Charl P. Botha)
  • BUG FIX: Fixed issue where privacy function weren’t defaulting to $current_user correctly. In practice, we were always passing a user_id anyway.
  • BUG FIX/ENHANCEMENT: Changed the confirmation message to use wpautop() instead of apply_filters('the_content'). If you were relying on shortcodes or other content that required that filter, you must use the custom functions outlined earlier in this post to revert this for your site.
  • BUG FIX/ENHANCEMENT: Using the strict parameter of sanitize_user when getting usernames. This will prevent some special characters from being used in usernames at checkout. This is inline with WP core and other plugins. (Thanks, David Cervantes Caballero).
  • ENHANCEMENT: Added a breakdown of orders at each price point to the Sales Report widget.
  • ENHANCEMENT: Showing the Stripe version we use on the Payment Settings page.
  • ENHANCEMENT: Updated Copyright date and GPLv2 link in license.txt.

Comments (2)

Hi Jason,
Thanks for releasing the upgrade. When I performed the update it removed all of my custom code which enabled my users to purchase subscriptions through PayFast. I proceeded to perform the whole step-by-step process to reintegrate PayFast. After I did I see that there is no longer the option for me to create levels charging daily or weekly?! It only allows me to create monthly and yearly.
Please advise if this is due to the upgrade, and how I can rectify it.
Thank you

Hi there. PayFast had a fork of PMPro that you might have been using, and upgrading PMPro would have overwritten those changes.

Instead of using a forked version of PMPro, it’s better to use the add-on we’ve developed here: https://github.com/strangerstudios/pmpro-payfast

The dev branch of that plugin should be stable. We haven’t released it officially yet because we are fixing up some bugs (that are also present in the Payfast fork of PMPro anyway). Our add-on does allow you to set daily and weekly recurring levels.

Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *