RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Archives for nonce

nonce

WP-Members 2.8.1 Release

· ·

This article is provided free. Find out how you can get full access to premium content, including how-to articles and support forums, as well as priority email support and member exclusive plugin extensions..

 

The WP-Members 2.8.1 release is an important security update for the plugin. It is highly recommended that you upgrade as previous versions of the plugin have a possible exploit that may be vulnerable. As soon as I became aware of this, I put all other items on the project list on hold.

While 2.8.1 is primarily a security fix, there are some additional features, as well as a few improvements as well.  These are items that were already in the works when the security issue was made apparent.

Here is a list of what is included in the 2.8.1 release:

Security Updates

  • The most important fix in this update (and the reason why you should update) is that this closes a potential cross site scripting exploit.
  • Updated nonces in the updated admin panels from 2.8.0.
  • Added nonces to the front-side form submission.
  • Security evaluation and updates to other areas.

Feature Updates

  • Added dropdown selector option for the User Profile (members-area) page and Register page location (There is still the option to enter the URL yourself, and for backward compatibility, if you have a custom URL entered in the setting, it will default to that).
  • Updated the dropdown field custom field type to accommodate commas in the field values (such as “1,000”).  The dropdown example shows how to enclose this with double quotes.

Other Updates

  • Updated the TOS shortcode to be case insensitive for the shortcode parameter (TOS/tos).  Either will work.  The User Guide had previously indicated the incorrect case in the instructions, so I updated this to be case insensitive to allow for backward compatibility.
  • The members-area parameter will be prepared to be deprecated and replaced with user-profile.  More on this below.
  • Separated backend User Profile functions from the wp-members-core.php file to users.php.
  • Applied post 2.8.0 patches

Members Area nomenclature change

In previous versions, the front side page that was used to handle user functions such as reset a forgotten password, update registration info, change your password, and (in the PayPal addon) renew a subscription, was called with the shortcode [[wp-members page=”members-area”]].

It has been called that since the beginning of this plugin.  Unfortunately, it has been a confusing issue because it has turned out that this is not intuitive.   For users that do not necessarily read the plugin documentation and installation instructions (or do not read them thoroughly), the term Members Area gets interpreted as “area of my site that is restricted content” and not “area of my site for members to update their info”.

So beginning in 2.8.1, this is being changed to User Profile.  The shortcode will be [[wp-members page=”user-profile”]] but the old shortcode will still work.  As you can see in 2.8.0, the name was already changed in the options panel.  If you continue to use the old shortcode, that is ok.  Future releases will support it (for now).  However, all references to the Members Area will be changed to User Profile in the plugin documentation and instructions as the use of the term is deprecated.

Ready to get started?

Join Today!