Installation/Upgrade Information
View this article for step-by-step instructions on upgrading MemberMouse.
Security Audit
As part of our continuing commitment to provide a secure platform for our customers, we engaged Pritect.net to conduct a security audit on our full codebase. This release addresses multiple issues that were discovered, ranging from privilege escalation vulnerabilities to strengthening the source of entropy used in API key and password generation. Special thanks to James Golovich of Pritect.net for providing the security audit.
Summary
- Tested against WordPress 4.5
- Since the release of WordPress version 4.2.3, which included substantial changes to the Shortcode API, there have been a number of issues that have cropped up in relation to SmartTags (namely these, this and this). In this version of MemberMouse we've built our own tag processor so that we are no longer as reliant on the WordPress shortcode system to process SmartTags and therefore less open to potential conflicts caused by other plugins or themes installed. (1302)
- Added billingCountryName attribute to the MM_Order_Data SmartTag to enable outputting the printable country name instead of the country ISO code. (1337)
- We recently moved to a new support center. In this version of MemberMouse, all support links have been updated and a new support widget has been added to the plugin to make it easier to access support resources and open a ticket.
Added checkout link to purchase options dialog. (1353)
- Added a new filter which allows you to customize the information passed to Stripe along with a payment (mm_stripe_billing_statement_descriptor). Learn more. (1344)
Added a 'Please select your state' option to the billing and shipping state drop downs on the checkout form. If you're using the state drop down on your checkout page, this will ensure that customers can't submit the form without specifying a state. If you're not currently collecting the state on your checkout page everything will continue to function for you as it did in previous versions of MemberMouse. The only difference will be that the state for your members will default to no state instead of the first state in the alphabetical list of states (i.e. Alabama) (1318)
- Previously if an existing customer attempted to make a purchase while logged out and entered an invalid password the following message was displayed: Incorrect username or password, please try again... This message caused confusion so it has been updated to: There is an existing account associated with the email email@domain.com but the password entered is invalid. Please try placing your order again using the correct password. Read this article if you'd like to customize this or other error messages on the checkout page. (1336)
- Made it so that existing accounts in Error or Pending Activation status won't require their password to be validated when attempting to make a purchase when logged out.
- Updated necessary links in preparation for Authorize.net's upcoming infrastructure changes. You can find more details here: Authorize.net Akamai FAQs. (1161)
- Library used for Social Login (HybridAuth) updated to version 2.6.0.
- Fixed issue where it was possible to delete a WordPress user that's associated with a MemberMouse member resulting in orphaning the member records. (1323)
- Fixed issue where Free coupons couldn't be used in conjunction with Stripe.js. (1315)
- Fixed issue where WordPress users with the Author/Editor role could not use the Grant Access functionality on pages/posts. (1308)
- Fixed issue where the import wizard changed account permissions for administrators when the admin email was included in the import data. (1301)
- Fixed issue where customer name wasn't being sent to Stripe for certain transactions when Stripe.js is being used. (1295)
- Fixed issue where customer address wasn't being sent to Stripe when Stripe.js is being used. (1377)
- Fixed issue where rebill dates are displaying incorrectly on the Member Details Subscriptions tab when multiple subscriptions are listed. (1289)
- Fixed issue where refunds issued from PayPal and Authorize.net CIM were being added to Lifetime Customer Value (LCV) in the member details area as opposed to being subtracted. NOTE: this fix won't affect any LCV calculations made prior to upgrading to 2.2.5. It will only affect LCV calculations based on refunds going forward. (1341)
- Fixed issue where pending cancellation date wasn't being calculated correctly if a subscription was canceled during a free trial. (1066)
- Fixed issue where credit card number input on the checkout form wasn't working on Android devices. (1264)
- Fixed issue where database errors starting with WordPress database error Column 'order_item_id' cannot be null for query INSERT INTO 'mm_transaction_log' appeared in the error log in response to a checkout. (1320)
- Fixed issue where the main dashboard intermittently showed "sales today" as 0, regardless of the number of sales. (1331)
Change History
Date | Version | Description | Suggested Action |
April 12, 2016 @ 10 AM | 2.2.5-100 | Initial release | Manual upgrade of the plugin required |
April 14, 2016 @ 3 PM | 2.2.5-101 | Resolved Issues: 225-1, 225-2, 225-3 | Manual upgrade of the plugin required |
April 26, 2016 @ 10 AM | 2.2.5-102 | Resolved Issues: 225-4, 225-5 | Manual upgrade of the plugin required |
December 30, 2016 @ 1AM | 2.2.5-107 | Mailchimp provider updated to use API version 3.0 | None; unless you're explicitly experiencing issues with MailChimp, then a Repair Install is required. MM menu: General Settings > Manage Install > Repair Install |
Known Issues
This issue is being caused by the fact that the Braintree library requires PHP version 5.4 or above in order to load. If you're looking to use Braintree you'll need to upgrade to PHP 5.4. If you're not using Braintree, simply send an email to our support team requesting that Braintree be removed from your license. Once it's been removed you'll be able to save payment settings.
The text link provided in the 'copy checkout link' box has '&user_id=#' appended to it and won't work if sent to customers. There are two workarounds in order to provide a link to customers. 1/ Delete the '&user_id=#' from the end of the link, or 2/ Use the 'Email Checkout Link to Customer' button.
Resolved Issues
225-1: Core page settings not working
In the MemberMouse Options module, when a selection is made from the Core Page Settings drop down, items are not being rendered under the drop down. NOTE: The fix for this involved modifying a file that may be cached in your browser. If you're still experiencing this issue after upgrading, clear your browser cache.
When a customer goes to reset their password, the page hangs and the process isn't completed.
225-3: Sorting not working on Browse Transactions view
In certain environments, the sort functionality is not working on the Browse Transactions view.
225-4: Checkout page hanging when form is submitted
In certain environments, the checkout page just hangs when the form is submitted.
On any page that's protected by a bundle or membership level, when attempting to edit the access rights by clicking the edit icon, a "No data received" message is displayed.