Paypal return is still broken

openmtbmap · 30 May 2026 07:48

It’s still there because it never got removed. You can read up in wordpress codex that any kind of php insertion plugins are about the biggest security danger existing.

There is simply no safe way to dynamically insert php. If you need it insert files containing php because those can be secured.

Ezphp got pulled by wordpress.org 8 years ago now for being s security risk. Someone actually tried to improve safety and publish it as easyphp and of course it still didn’t get approval.

Don’t destroy your security with a php insertion plugin. Plain and simple .

banai · 30 May 2026 08:02

So you’re here in the S2Member forum to tell me to stop using S2Member? Because that’s what you’ve just told me to do. Because that is the only solution S2M gives for what I need their plugin to do because they won’t write pretty basic code to do it without the added plugin.

openmtbmap · 31 May 2026 15:16

I don’t know why it’s not possible otherwise. But my opinion is not to use any kind of php insertion plugin that is not listed in the wordpress official plugin repository.

But you don’t seem to follow security advice strictly anyhow, another thing is to ditch plugins if you cannot use the latest update (few weeks hoping for a fix is different to some years).

Wordpress is very secure, but outdated plugins or themes are like 90% of all hacks. The rest is mostly bad passwords.

clavaque · 3 June 2026 00:10

Thank you for the additional details.

Please try this dev build if you want and let me know if the issue is gone.

s2member-dev-v260603.0305.zip (1.4 MB)

openmtbmap · 8 June 2026 14:48

I tried editing the de file - but somehow messed it up with encoding I guess - it’s a bit tough to edit without Umlauts - but then switching the encoding back and forward somehow messed it up. The new version is pretty fine - some things are strangely translated but it’s only concerning the backend or the default texts for payments that you can change anyhow.
Need to remember however to delete the s2member-de_DE.l10n.php
file - otherwise it overwrites the translations. Not sure what that file is for.

clavaque · 11 June 2026 20:47

s2member-de_DE.l10n.php file … Not sure what that file is for.

Me neither… Where is that file located? Is that one you created to customize the translation?

The new version is pretty fine - some things are strangely translated but it’s only concerning the backend or the default texts for payments that you can change anyhow.

Gut!

openmtbmap · 11 June 2026 21:14

In the same folder as the other translation plugin files, also exists for a few more languages. As long as it’s there it overwrites the translations from the standard file… seeing it doesn’t exist for other languages like Italian I guess it’s not needed.

/wp-content/languages/plugins/

maybe this is created by qtranslate-xt or wordpress when you have translations active for that language? For s2 I only have it for DE, but some other plugins have 10n files for French or Spanish too. But then I never had a French translation active, and Spanish only many many years ago. Also see it for CN for a plugin.

If you don’t have any 10n.php files - I guess it’s some sort of other plugin or wordpress creating it under special circumstances.

openmtbmap · 17 June 2026 06:51

Actually the 10n files are described in the documents about translating wordpress. They are supposed to contain translation for being shown directly on website frontend.

I guess wordpress changed guidelines on how the translation framework should look like many years ago and added 10n. It’s po, mo, and 10n files. But somehow it works also without 10n files.