The Official Blog for LifterLMS Contributors

Security Fix

• Fixed an XSS issue on account edit and registration forms. Thanks to Morningstar for reporting this issue!

Bug fixes

• Fixed an error encountered during customizer live theme preview encountered when Twenty-twenty is the current theme.
• The $type property of the LLMS_Abstract_Database_Store is now set to a default placeholder value (_db_record_) in favor of an empty string.
• Set the $type property of the LLMS_Event class to event.
• Set the $type property of the LLMS_Quiz_Attempt class to quiz_attempt.
• Set the $type property of the LLMS_User_Post_Meta class to user_postmeta.

Updates

• Added a filter llms_form_field_args to allow extending form fields prior to HTML rendering.

Deprecations

The following filter hooks have been deprecated. These hooks were being called as the result of a bug (noted above) and should no longer be used. They will be removed in the next major version of LifterLMS.

• llms__created has been deprecated, use llms_{$type}_created where {$type} is the database record type defined by the class property.
• llms__deleted has been deprecated, use llms_{$type}_deleted where {$type} is the database record type defined by the class property.
• llms__updated has been deprecated, use llms_{$type}_updated where {$type} is the database record type defined by the class property.

Updates

• Admins can now preview the checkout screen as visitors or students using the “View As” function from the WP Admin bar
• Javascript cookies now set cookies with sameSite set to strict as recommended by Firefox/Mozilla.
• Added filters to allow 3rd parties to use LifterLMS completion tracking APIs to “complete” external or non-LMS content.
• Added “deep” orphan checks when checking the relationship between a quiz and a lesson.
• Normalized the return structure in LLMS_Post_Instructors::get_instructors() when no instructor set, thanks @nicolas-jaussaud!
• Update LifterLMS rocket icon used in the WP Admin Bar in the “View As” area.

Bug fixes

• When deleting a quiz attempt the related lesson will now be automatically marked as “Incomplete” when appropriate.
• LLMS_Abstact_User_Data::get_id() now always returns an integer.
• Fixed a 404 error resulting from settings tooltips referencing a missing icon asset.
• Added logic to set the order status to ‘cancelled’ when an enrollment linked to an order is deleted.

LifterLMS REST 1.0.0-beta.14

• Breaking: LLMS_REST_Controller::prepare_links() now requires a second parameter, the WP_REST_Request for the current request. Any classes extending and overwriting this method must adjust their method signature to accommodate this change.
• Bugfix: Fixed issue causing response objects to unintentionally include keys of remapped fields. This error occurs only when extending core controllers and attempting to exclude core fields.