S2member v250419

#1

Yesterday a new version has been released - 250419

I have not verified if the two serious bugs of the 250214 have been fixed - namely:

  • Stripe failed payments do not cause EOT

  • Paypal IPN messages cannot be forwarded with nginx and maybe also PHP (this is especially serious if you ever moved domain or if you have several languages on your website and users check out for example on /de so the IPN messages need to be forwarded to / to be received.)

  • Also not checked about whether or not the new vulnerability is fixed or not.

Note that the patched version 241216 from here still works fine:

I really advise against using 250214 patched or not. Stick to patched 2412 version or update to this one and make sure it works flawless in regard to above two problems!

Below the relevant extract from the Changelog to better inform you about your decision:

v250419

  • (Pro) Enhancement : Improved the new coupon code limit per user which prevents a user from applying a coupon code unlimited times, Instead of single use, it can now be limited to more uses, e.g. 3. It’s been renamed from “User Once” to “User Max”, max number of times a user can use that coupon. This is optional and leaving it blank will give the default “no limit”.
  • (Pro) Enhancement : Improved validation of the template attribute in the s2Member-List-Search-Box shortcode.
  • (Framework) UI : Temporary admin notice about Easter promo for Pro add-on at 20% off.

v250214

  • (Pro) Enhancement : Improved coupon usage logging for better tracking.
  • (Pro) Enhancement : Added a new single-use per user option for coupons. Thanks to Carl Borsani for sponsoring this.
  • (Pro) Enhancement : Coupons can now be limited to specific pro-forms. Thanks to Carl Borsani for sponsoring this.
  • (Framework) Fix : s2Get can now handle s2Member’s custom profile fields. Thanks to Gerard Earley for reporting this.
  • (Framework) Fix : Updated the admin notice about the PayPal button encryption setting.
  • (Pro) Enhancement : Improved data handling in the Remote Operations API. Props to István.
  • (Pro) Enhancement : Improved validation of the template attribute in pro-forms and s2Member-List shortcodes. Props to István.
1 Like
#4

I will NOT update my plugin without comparing yesterday’s version code with what we had December.

@clavaque disappeared completely from the forum and I don’t feel there’s a guarantee it’s legitimate until he comes around and gives us a better perspective.

My advice would be to do the same and NOT update until more of us know what changed by going through the code, not the official changelog.

:thinking:

#5

It’s not the first time he disappeared but it was him that posted an update. So I don’t think the website got taken over by a scammer or similar. The changelog is too legit in that regard. But yes I do wonder what was fixed or not. Best to put the code into git or svn and look for changes.

Even though the easter promo is what we really don’t want to see. Me and many others would much rather have a yearly fee so we know we actually get updates - including of course updating paypal and integrating Stripe sources as well as a new checkout page (that doesn’t reload)

1 Like
#6

Remember that having a yearly fee does not mean you’ll get all necessary updates in a timely manner.

Sorry.

:grimacing:

I will eventually compare files by having both versions on separate folders on my PC, then using a tool to compare them.

But that’s just my lack of affinity with the tools you mentioned.

:grin:

Happy Easter to you and everybody else!

:chocolate_bar: :chocolate_bar: :chocolate_bar: :chocolate_bar: :rabbit: :chocolate_bar: :chocolate_bar: :chocolate_bar: :chocolate_bar:

#7

well it looks to me like the change in sc-member-list.in.inc.php has now been carried forward to the second instance too. Otherwise not sure if there were changes.

I really should add my own s2member-pro repository to check for such changes. I will update to 250419 now and check if my problems will disappear or stay.

1 Like
#9

Well the paypal IPN bug is fixed - that one worked now again. I have to wait for Stripe as I was wrong on the last payment failed - it had still been in retrying status (past due). Also I may have forgotten the IPN vars patch is still not integrated into s2member (though I am pretty sure some subscriptions that failed were newer since when I had that problem solved)

1 Like