• SECURITY: Fixed XSS vulnerability on the edit order page in the dashboard. (Thanks, Scott Kingsley Clark)
• ENHANCEMENT: Improved escaping and localization for the message returned when clicking to apply discount code.
• ENHANCEMENT: Now hiding gateway setting API keys behind asterisks.
• BUG FIX/ENHANCEMENT: Now passing a CARDONFILE parameter with PayPal Payflow payment and subscription transactions.
• BUG FIX/ENHANCEMENT: Using the wp.passwordStrength.userInputDisallowedList function from WP 4.5 if available.
• BUG FIX: Fixed issue in getfile script where parameters in the URL would cause File not found errors.
• BUG FIX: Fixed how the PayPal IPN handler handles cases where a subscription is set up correctly but the initial payment failed. We now correctly cancel these users and mark their order as error.
• BUG FIX: Improved error handling in the PayPal Express integration, particularly when a subscriptions PROFILESTATUS is missing.
• BUG FIX: User registered date is now shown in local time.
• BUG FIX: Fixed issue where the deprecated pmpro_getClassForField function wasn't returning a value properly. (Thanks, Elena Draculet)
• BUG FIX: Updated the pmpro_sort_levels_by_order function to use level IDs for keys, since some code expects that for level arrays. This matches the behavior we had before introducing this function.
• BUG FIX: Updated the pmpro_changeMembershipLevel function always set the order status to error if that was passed in as the "old level status".
• BUG FIX: Fixed warning in searches/pages when PMPro pages is not set.
• BUG FIX: Fixed warnings being generated when using PHP 8 and Divi
• BUG FIX: Fixed warnings related to PayPal Express session variables.