From ce2ad7f3f0fe8a68a3ff0599e8801dd78a7564e1 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Wed, 19 Jul 2023 10:40:18 +0300
Subject: [PATCH 01/24] - updated version;

---
 readme.txt          | 3 +++
 ultimate-member.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/readme.txt b/readme.txt
index a3e229bf..893f147f 100644
--- a/readme.txt
+++ b/readme.txt
@@ -166,6 +166,9 @@ No specific extensions are needed. But we highly recommended keep active these P
 
 IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
 
+= 2.6.9: August xx, 2023 =
+
+
 = 2.6.8: July 19, 2023 =
 
 * Enhancements:
diff --git a/ultimate-member.php b/ultimate-member.php
index 32a0ccba..a7c4b81c 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.6.8
+Version: 2.6.9-alpha
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member

From 51f2606931cb060e0fd74e5d68a14c7a8a87b764 Mon Sep 17 00:00:00 2001
From: ashubawork <andrew.shuba2@gmail.com>
Date: Wed, 19 Jul 2023 13:49:49 +0300
Subject: [PATCH 02/24] - fix um_safe_redirect for deleting user

---
 includes/core/um-actions-account.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php
index 2bd2366f..b0513ef1 100644
--- a/includes/core/um-actions-account.php
+++ b/includes/core/um-actions-account.php
@@ -278,7 +278,7 @@ function um_submit_account_details( $args ) {
 				 * ?>
 				 */
 				$redirect_url = apply_filters( 'um_delete_account_redirect_url', um_user( 'delete_redirect_url' ), $user_id );
-				exit( wp_redirect( $redirect_url ) );
+				um_safe_redirect($redirect_url);
 			} else {
 				um_redirect_home();
 			}

From 4675f619a701ae3c687eeddfbda0743d0a6f0fed Mon Sep 17 00:00:00 2001
From: ashubawork <andrew.shuba2@gmail.com>
Date: Wed, 19 Jul 2023 13:51:26 +0300
Subject: [PATCH 03/24] - fix wpcs

---
 includes/core/um-actions-account.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php
index b0513ef1..1a10a6ca 100644
--- a/includes/core/um-actions-account.php
+++ b/includes/core/um-actions-account.php
@@ -278,7 +278,7 @@ function um_submit_account_details( $args ) {
 				 * ?>
 				 */
 				$redirect_url = apply_filters( 'um_delete_account_redirect_url', um_user( 'delete_redirect_url' ), $user_id );
-				um_safe_redirect($redirect_url);
+				um_safe_redirect( $redirect_url );
 			} else {
 				um_redirect_home();
 			}

From 6034b61debe91dacbc537a5a1b1964da7622d845 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Wed, 19 Jul 2023 16:15:16 +0300
Subject: [PATCH 04/24] - added compatibility with UM:Stripe

---
 assets/img/extensions/stripe.png        | Bin 0 -> 1647 bytes
 includes/admin/templates/extensions.php |   7 +++
 includes/core/class-plugin-updater.php  |  67 +++++++++++-------------
 readme.txt                              |   7 +++
 4 files changed, 45 insertions(+), 36 deletions(-)
 create mode 100644 assets/img/extensions/stripe.png

diff --git a/assets/img/extensions/stripe.png b/assets/img/extensions/stripe.png
new file mode 100644
index 0000000000000000000000000000000000000000..1ecf083bbd4ead4828f8c72638b6e0559b059399
GIT binary patch
literal 1647
zcmaKti#ro~1IK6Run;PmA;XiEm+`nPs-u{DE*<8QvdwMHt;L41hGn&syY@Jth2-{Z
zcys5Cp3R}xE21&i=twRJuR9&T*ZU8g@ALhBKmWn^``FXnQ4yvAgFqmP&Q93hjyU`O
z$Vnfye3Y)!5wbn6d)o&GfFlw80X+r;`T#!<;N=W_-9Z@--0}hezkwT$AmkPZ!~vh{
z0Otx~B7mDM*xv_{A%IK-bAJL}ArKFPogJ{W2>#s*-qeBdF|f1**vWwN0KDx03>v5^
z2hXxWN+MWa2U(B7@A;tdpP-`^OizKHZZP~22;TvIHK0a;_N;Lx1S0#~8GFq;p=hOe
zky~o5oYJThDJ6sTo;<x%{u!(s>v=o9NREPvO1@OBj{aPDkyrc1_d<zSSB|Cgcm9Hd
zq%ie>?=U;Z#W?IC@=4=jSj6qI=rDg}Gi{AbL5HE_DUH<EfVq<#Y@#{9_s0Nv51bo;
zNhr@-jmG<(-L6T2Ck~ezWoaL4C#FsnJGas70?MmpdYltW6L|{g)RJ`lx&-xSo9(!-
z3&Ms%<NKxp=>r#Lr<LDAl75;qt<z9~s6Ls$lAI3L@Nu)5d)PHJ&Z<<rRy$#vgIHRB
z&^UGpZri~{az>S3-jS_tBYx9yROXl5<LYz7gVVjLqVP&rxPuDfxg(i%QIUxBP_8I3
zWyabK>cdLS=PKec)KFNEIhDH_z0fByBU+|it=6%%yF`z-J9qEOgHN6myrj^;%SaAt
zG~w62S;th1#ggO%P6_53wAR(B4?~d4VU+o>k=C7=_;t9kjLaj`gFs51+x&;P<Sfyy
zf^RoV8u-^sMJi1k@^Ftoc&ZnyHrw#*A@M#H?fTYsq(Ib}Mwlxfu^z+uG>BG;J@I=N
zkhbh|M=547ONbt#wQ&PF1AC|UNqpx?Q=y>)CIjy$aiOGMB<lpCbq+^&edQX4w#V+Y
z<<m^;l|EVShC67I&;&^!?YS|DMy>by+?sB64Rh7xg^gstI;8I>dsi(vD7ETUnGrL@
z^dh=tm`d*p=E4$Aprb1dee&YQ2tfnsZsl$IjC}L|zys=MEpAipUFdc#I~=j}uIjCx
z6`}fDbQj+-ze>++4dH^IRk0KmEek<P8Q##hvNomc*P7sh6MU)trlrx0@4VY{5n5|Y
zuNjJ}(+#45tIe;8)81N>2ZmQ__-Fblj!;c`I$nKpU9)07B{4L!-7Ilx|9#Z?9|=kl
zXihgYlR2zr17-dt%2WCA7By?@ob=%5{K>Vb{<Q7NC--GZZ*Kfcg%oMY_mqouY&4EP
ztqBi?XeRlWY5&sFGmIc?xNR-VyUrmpJg9;dLnUkJ$&Et*d4my;KmusC8G|4BFtfQc
zdkx?;S|KiUr)T$@s5a&O>z<emM;3#)p;f&2c<n&i>im!XHM^@PEY^u6{!8L=TbMX)
z)d)4BvYNt^SF$#<SKLq<Q)#c{05ba<rR4U1Z)LD2f)#QUicY?^!lRQy`enH_j|T6%
zkqsf^oM(kRTB@E{`+{&=r@oJh$T?MnG!`xs1$x>^5Y)7`M;&}Vsjb-HIUT|evJ2sF
z=24Mc1HD`xE8^AOpXj^YP%DnEp4-`vk?UJ(6za|T(%?N$!q+&5hRwsc0V@|w)9jUG
zbaqy{?1U?}rs)x;wTBya@IlXc;FL<_U1fd;ZwiO!alM*_{SoI%3x{I@X5f)}YE65d
zU287pmsgto)vv!0PO_iD{!ss=AXl9|jo`$HCZnIKD4OTuy?5tW<c&>Lp=_zczN%0a
zQ+_B_Ycg44ZOdRI1x^#k6?$5R!UGAM@FF@J*_3Cn_fSJ{A^&cIgGF}J9OBER{G6x)
z<T!jfJ2K(jh(jnM=z3><xWo~K5-W?F)-tie!(rb*4f_|!kw@~c;OCrVL*Ysm`S;gg
zGFxv?QGz#Tkmt=87&uI8()Ut+7s48#ircm;KA#%R+(CAIUu?Z;xp;o#BOiNK+MQI7
z4#-<}eHyF8fYzC~!#b0xq!xTyfo>-&;n;DX_Io#;6l>;nIVNMa;WMUT@uc^R%XA8%
z^VcFixd^0HCjzOLmmGSFcl8SSxyw5vx#E8uzge7Zwq?^C_btBZ-Ct$&)$RVvf4`ut
bu0POZim!gU)@jwF2Z1=-yJH2m1lIomY<wcc

literal 0
HcmV?d00001

diff --git a/includes/admin/templates/extensions.php b/includes/admin/templates/extensions.php
index e4ec4052..be183050 100644
--- a/includes/admin/templates/extensions.php
+++ b/includes/admin/templates/extensions.php
@@ -163,6 +163,13 @@ $premium['profile-tabs'] = array(
 	'desc' => 'Add custom tabs to profiles',
 );
 
+$premium['stripe'] = array(
+	'url' => 'https://ultimatemember.com/extensions/stripe/',
+	'img'  => 'stripe.png',
+	'name' => 'Stripe',
+	'desc' => 'Sell paid memberships to access your website via Stripe subscriptions',
+);
+
 $free['jobboardwp'] = array(
 	'url' => 'https://wordpress.org/plugins/um-jobboardwp',
 	'img'  => 'jobboardwp.png',
diff --git a/includes/core/class-plugin-updater.php b/includes/core/class-plugin-updater.php
index 677f5f8b..f9961135 100644
--- a/includes/core/class-plugin-updater.php
+++ b/includes/core/class-plugin-updater.php
@@ -21,7 +21,7 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
 		function __construct() {
 			//cron request to UM()->store_url;
 			add_action( 'um_daily_scheduled_events', array( &$this, 'um_checklicenses' ) );
-			
+
 			// clean update plugin cache
 			add_action( 'upgrader_process_complete', array( &$this, 'clean_update_plugins_cache' ), 20, 2 );
 
@@ -56,10 +56,10 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
 			return $should_update;
 		}
 
-		
+
 		/**
 		 * This action is documented in wp-admin/includes/class-wp-upgrader.php
-		 * 
+		 *
 		 * @see file /wp-admin/includes/class-plugin-upgrader.php method bulk_upgrade()
 		 * @since 2.1.1 [2019-11-15]
 		 *
@@ -71,118 +71,113 @@ if ( ! class_exists( 'um\core\Plugin_Updater' ) ) {
 				wp_clean_plugins_cache( true );
 			}
 		}
-		
 
 		/**
 		 * Get all paid UM extensions
 		 *
 		 * @return array
 		 */
-		function get_active_plugins() {
+		public function get_active_plugins() {
 			$paid_extensions = array(
-				'um-bbpress/um-bbpress.php'                             => array(
+				'um-bbpress/um-bbpress.php'               => array(
 					'key'   => 'bbpress',
 					'title' => 'bbPress',
 				),
-				'um-followers/um-followers.php'                         => array(
+				'um-followers/um-followers.php'           => array(
 					'key'   => 'followers',
 					'title' => 'Followers',
 				),
-				'um-friends/um-friends.php'                             => array(
+				'um-friends/um-friends.php'               => array(
 					'key'   => 'friends',
 					'title' => 'Friends',
 				),
-				'um-groups/um-groups.php'                               => array(
+				'um-groups/um-groups.php'                 => array(
 					'key'   => 'groups',
 					'title' => 'Groups',
 				),
-				'um-instagram/um-instagram.php'                         => array(
+				'um-instagram/um-instagram.php'           => array(
 					'key'   => 'instagram',
 					'title' => 'Instagram',
 				),
-				'um-mailchimp/um-mailchimp.php'                         => array(
+				'um-mailchimp/um-mailchimp.php'           => array(
 					'key'   => 'mailchimp',
 					'title' => 'MailChimp',
 				),
-				'um-messaging/um-messaging.php'                         => array(
+				'um-messaging/um-messaging.php'           => array(
 					'key'   => 'messaging',
 					'title' => 'Private Messages',
 				),
-				'um-mycred/um-mycred.php'                               => array(
+				'um-mycred/um-mycred.php'                 => array(
 					'key'   => 'mycred',
 					'title' => 'myCRED',
 				),
-				'um-notices/um-notices.php'                             => array(
+				'um-notices/um-notices.php'               => array(
 					'key'   => 'notices',
 					'title' => 'Notices',
 				),
-				'um-notifications/um-notifications.php'                 => array(
+				'um-notifications/um-notifications.php'   => array(
 					'key'   => 'notifications',
 					'title' => 'Real-time Notifications',
 				),
-				'um-profile-completeness/um-profile-completeness.php'   => array(
+				'um-profile-completeness/um-profile-completeness.php' => array(
 					'key'   => 'profile_completeness',
 					'title' => 'Profile Completeness',
 				),
-				'um-reviews/um-reviews.php'                             => array(
+				'um-reviews/um-reviews.php'               => array(
 					'key'   => 'reviews',
 					'title' => 'User Reviews',
 				),
-				'um-social-activity/um-social-activity.php'             => array(
+				'um-social-activity/um-social-activity.php' => array(
 					'key'   => 'activity',
 					'title' => 'Social Activity',
 				),
-				'um-social-login/um-social-login.php'                   => array(
+				'um-social-login/um-social-login.php'     => array(
 					'key'   => 'social_login',
 					'title' => 'Social Login',
 				),
-				'um-user-tags/um-user-tags.php'                         => array(
+				'um-user-tags/um-user-tags.php'           => array(
 					'key'   => 'user_tags',
 					'title' => 'User Tags',
 				),
-				'um-verified-users/um-verified-users.php'               => array(
+				'um-verified-users/um-verified-users.php' => array(
 					'key'   => 'verified',
 					'title' => 'Verified Users',
 				),
-				'um-woocommerce/um-woocommerce.php'                     => array(
+				'um-woocommerce/um-woocommerce.php'       => array(
 					'key'   => 'woocommerce',
 					'title' => 'WooCommerce',
 				),
-				'um-user-photos/um-user-photos.php'                     => array(
+				'um-user-photos/um-user-photos.php'       => array(
 					'key'   => 'user_photos',
 					'title' => 'User Photos',
 				),
-				'um-private-content/um-private-content.php'             => array(
+				'um-private-content/um-private-content.php' => array(
 					'key'   => 'private_content',
 					'title' => 'Private Content',
 				),
-				'um-user-bookmarks/um-user-bookmarks.php'               => array(
+				'um-user-bookmarks/um-user-bookmarks.php' => array(
 					'key'   => 'user_bookmarks',
 					'title' => 'User Bookmarks',
 				),
-				'um-unsplash/um-unsplash.php'                           => array(
+				'um-unsplash/um-unsplash.php'             => array(
 					'key'   => 'unsplash',
 					'title' => 'Unsplash',
 				),
-				'um-user-locations/um-user-locations.php'               => array(
+				'um-user-locations/um-user-locations.php' => array(
 					'key'   => 'user_locations',
 					'title' => 'User Locations',
 				),
-				'um-profile-tabs/um-profile-tabs.php'                   => array(
+				'um-profile-tabs/um-profile-tabs.php'     => array(
 					'key'   => 'profile_tabs',
 					'title' => 'Profile tabs',
 				),
-				'um-user-notes/um-user-notes.php'                       => array(
+				'um-user-notes/um-user-notes.php'         => array(
 					'key'   => 'user_notes',
 					'title' => 'User Notes',
 				),
-				'um-frontend-posting/um-frontend-posting.php'           => array(
-					'key'   => 'frontend_posting',
-					'title' => 'Frontend Posting',
-				),
-				'um-google-authenticator/um-google-authenticator.php'   => array(
-					'key'   => 'google_authenticator',
-					'title' => 'Google Authenticator',
+				'um-stripe/um-stripe.php'                 => array(
+					'key'   => 'stripe',
+					'title' => 'Stripe',
 				),
 			);
 
diff --git a/readme.txt b/readme.txt
index 893f147f..063bc318 100644
--- a/readme.txt
+++ b/readme.txt
@@ -168,6 +168,13 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 
 = 2.6.9: August xx, 2023 =
 
+* Enhancements:
+
+  - Added: Compatibility with UM:Stripe extension
+
+* Bugfixes:
+
+  - Fixed: Using allowed hosts for safe redirect after profile deletion
 
 = 2.6.8: July 19, 2023 =
 

From 366563367dde98369afa68a4e64260461ab9fc76 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Wed, 19 Jul 2023 16:34:51 +0300
Subject: [PATCH 05/24] - compatibility with Stripe dependencies. changed
 version

---
 ultimate-member.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ultimate-member.php b/ultimate-member.php
index a7c4b81c..b62f1d8d 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.6.9-alpha
+Version: 2.6.9
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member

From dbe71b73b9742a239e27f66dc3c2446b71534b1d Mon Sep 17 00:00:00 2001
From: yuriinalivaiko <yuriinalivaiko.work@gmail.com>
Date: Thu, 20 Jul 2023 16:20:52 +0300
Subject: [PATCH 06/24] - synchronization of biography (description) fields in
 the profile header and profile body

---
 assets/js/um-profile.js              | 7 +++++++
 includes/core/um-actions-profile.php | 3 +--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/assets/js/um-profile.js b/assets/js/um-profile.js
index c8a97919..b353abae 100644
--- a/assets/js/um-profile.js
+++ b/assets/js/um-profile.js
@@ -122,6 +122,13 @@ jQuery(document).ready(function() {
 	jQuery( 'textarea[id="um-meta-bio"]' ).trigger('change');
 
 
+	// Biography (description) fields syncing.
+	jQuery( '.um-profile form' ).on( 'change, input', 'textarea[name="description"]', function ( e ) {
+		var $all_description_fields = jQuery( '#um-meta-bio, #description, textarea[name="description"]', e.delegateTarget );
+		$all_description_fields.val( e.currentTarget.value );
+	} );
+
+
 	jQuery( '.um-profile-edit a.um_delete-item' ).on( 'click', function(e) {
 		e.preventDefault();
 
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index 60d3081a..f3c73720 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -1225,8 +1225,7 @@ function um_profile_header( $args ) {
 					<textarea id="um-meta-bio"
 							  data-character-limit="<?php echo esc_attr( UM()->options()->get( 'profile_bio_maxchars' ) ); ?>"
 							  placeholder="<?php esc_attr_e( 'Tell us a bit about yourself...', 'ultimate-member' ); ?>"
-							  name="<?php echo esc_attr( $description_key . '-' . $args['form_id'] ); ?>"
-							  id="<?php echo esc_attr( $description_key . '-' . $args['form_id'] ); ?>"><?php echo UM()->fields()->field_value( $description_key ) ?></textarea>
+							  name="<?php echo esc_attr( $description_key ); ?>"><?php echo UM()->fields()->field_value( $description_key ) ?></textarea>
 					<span class="um-meta-bio-character um-right"><span
 							class="um-bio-limit"><?php echo UM()->options()->get( 'profile_bio_maxchars' ); ?></span></span>
 

From b3ab6b344068c4426d4ec5cfdc713818e2e8d1d7 Mon Sep 17 00:00:00 2001
From: yuriinalivaiko <yuriinalivaiko.work@gmail.com>
Date: Thu, 20 Jul 2023 16:25:19 +0300
Subject: [PATCH 07/24] - update minified JS file

---
 assets/js/um-profile.min.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assets/js/um-profile.min.js b/assets/js/um-profile.min.js
index 5cf10ded..ce3ed59d 100644
--- a/assets/js/um-profile.min.js
+++ b/assets/js/um-profile.min.js
@@ -1 +1 @@
-jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file
+jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").on("change, input",'textarea[name="description"]',function(e){jQuery('#um-meta-bio, #description, textarea[name="description"]',e.delegateTarget).val(e.currentTarget.value)}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file

From 909968df97aa80cbc78fa8842b469a3359d1f5cc Mon Sep 17 00:00:00 2001
From: ashubawork <andrew.shuba2@gmail.com>
Date: Thu, 20 Jul 2023 16:31:12 +0300
Subject: [PATCH 08/24] - fix sanitize directory name

---
 includes/admin/core/class-admin-metabox.php | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index 41bd7ebe..0c3ea133 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -1069,17 +1069,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 		 * @param $post_id
 		 * @param $post
 		 */
-		function save_metabox_directory( $post_id, $post ) {
+		public function save_metabox_directory( $post_id, $post ) {
 			global $wpdb;
 
 			// validate nonce
 			if ( ! isset( $_POST['um_admin_save_metabox_directory_nonce'] ) ||
-			     ! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) {
+				! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) {
 				return;
 			}
 
 			// validate post type
-			if ( $post->post_type != 'um_directory' ) {
+			if ( 'um_directory' !== $post->post_type ) {
 				return;
 			}
 
@@ -1096,8 +1096,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 				$_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id );
 			}
 
-			$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where );
-
 			do_action( 'um_before_member_directory_save', $post_id );
 
 			// save
@@ -1119,17 +1117,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 			$metadata = UM()->admin()->sanitize_member_directory_meta( $_POST['um_metadata'] );
 			foreach ( $metadata as $k => $v ) {
 
-				if ( $k == '_um_show_these_users' && trim( $v ) ) {
+				if ( '_um_show_these_users' === $k && trim( $v ) ) {
 					$v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY );
 				}
 
-				if ( $k == '_um_exclude_these_users' && trim( $v ) ) {
+				if ( '_um_exclude_these_users' === $k && trim( $v ) ) {
 					$v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY );
 				}
 
 				if ( strstr( $k, '_um_' ) ) {
 
-					if ( $k === '_um_is_default' ) {
+					if ( '_um_is_default' === $k ) {
 
 						$mode = UM()->query()->get_attr( 'mode', $post_id );
 
@@ -1145,9 +1143,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 							foreach ( $posts as $p_id ) {
 								delete_post_meta( $p_id, '_um_is_default' );
 							}
-
 						}
-
 					}
 
 					$v = apply_filters( 'um_member_directory_meta_value_before_save', $v, $k, $post_id );

From f085af988ff7595bb7e96541404c00d507533fe9 Mon Sep 17 00:00:00 2001
From: ashubawork <andrew.shuba2@gmail.com>
Date: Thu, 20 Jul 2023 16:59:38 +0300
Subject: [PATCH 09/24] - form name

---
 includes/admin/core/class-admin-metabox.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index 0c3ea133..a53f8285 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -1188,7 +1188,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 				// translators: %s: Form id.
 				$_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id );
 			}
-			$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where );
 
 			// save
 			delete_post_meta( $post_id, '_um_profile_metafields' );

From ad11a6c479a7c6257c735dda5dac5255eb157f16 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Fri, 21 Jul 2023 15:47:01 +0300
Subject: [PATCH 10/24] - fixed singleton for shortcode; - there were a
 conflicts with plugins who render shortcodes in hidden mode before loading
 shortcodes on the page content;

---
 includes/core/class-shortcodes.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/includes/core/class-shortcodes.php b/includes/core/class-shortcodes.php
index 6c3f1432..d65b304e 100644
--- a/includes/core/class-shortcodes.php
+++ b/includes/core/class-shortcodes.php
@@ -603,21 +603,23 @@ if ( ! class_exists( 'um\core\Shortcodes' ) ) {
 		 */
 		public function ultimatemember( $args = array() ) {
 			/**
-			 * Filters variable for disable singleton shortcode loading on the same page.
-			 * Note: Set it to `true` if you need to render the same form twice or more on the same page.
+			 * Filters variable for enable singleton shortcode loading on the same page.
+			 * Note: Set it to `false` if you don't need to render the same form twice or more on the same page.
 			 *
 			 * @since 2.6.8
+			 * @since 2.6.9 $disable argument set to `true` by default
+			 *
 			 * @hook  um_ultimatemember_shortcode_disable_singleton
 			 *
-			 * @param {bool}  $disable Disabled singleton. By default, it's `false`.
+			 * @param {bool}  $disable Disabled singleton. By default, it's `true`.
 			 * @param {array} $args    Shortcode arguments.
 			 *
 			 * @return {bool} Disabled singleton or not.
 			 *
-			 * @example <caption>Turn on ability to use ultimatemember shortcode twice.</caption>
-			 * add_filter( 'um_ultimatemember_shortcode_disable_singleton', '__return_true' );
+			 * @example <caption>Turn off ability to use ultimatemember shortcode twice.</caption>
+			 * add_filter( 'um_ultimatemember_shortcode_disable_singleton', '__return_false' );
 			 */
-			$disable_singleton_shortcode = apply_filters( 'um_ultimatemember_shortcode_disable_singleton', false, $args );
+			$disable_singleton_shortcode = apply_filters( 'um_ultimatemember_shortcode_disable_singleton', true, $args );
 			if ( false === $disable_singleton_shortcode ) {
 				if ( isset( $args['form_id'] ) ) {
 					$id = $args['form_id'];

From bf2ddacb73db78a47f983cd5678d831b8976d871 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Sat, 22 Jul 2023 00:51:26 +0300
Subject: [PATCH 11/24] - fixed singleton for Account shortcode; - there were a
 conflicts with plugins who render shortcodes in hidden mode before loading
 shortcodes on the page content;

---
 includes/core/class-account.php | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/includes/core/class-account.php b/includes/core/class-account.php
index ce4b5a15..1b016584 100644
--- a/includes/core/class-account.php
+++ b/includes/core/class-account.php
@@ -180,8 +180,7 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 			 *
 			 * @since 1.3.x
 			 * @hook  um_account_shortcode_args_filter
-			 * @deprecated 2.6.8
-			 * @todo Fully deprecate since 2.6.9. Use `shortcode_atts_ultimatemember_account` instead.
+			 * @deprecated 2.6.9
 			 *
 			 * @param {array} $args Shortcode arguments.
 			 *
@@ -194,13 +193,33 @@ if ( ! class_exists( 'um\core\Account' ) ) {
 			 * }
 			 * add_filter( 'um_account_shortcode_args_filter', 'my_account_shortcode_args' );
 			 */
-			$args = apply_filters( 'um_account_shortcode_args_filter', $args );
+			$args = apply_filters_deprecated( 'um_account_shortcode_args_filter', array( $args ), '2.6.9', 'shortcode_atts_ultimatemember_account' );
 
 			$account_hash = md5( wp_json_encode( $args ) );
-			if ( in_array( $account_hash, $this->account_exist, true ) ) {
+
+			/**
+			 * Filters variable for enable singleton shortcode loading on the same page.
+			 * Note: Set it to `false` if you don't need to render the same form twice or more on the same page.
+			 *
+			 * @since 2.6.9
+			 *
+			 * @hook  um_ultimatemember_account_shortcode_disable_singleton
+			 *
+			 * @param {bool}  $disable Disabled singleton. By default, it's `true`.
+			 * @param {array} $args    Shortcode arguments.
+			 *
+			 * @return {bool} Disabled singleton or not.
+			 *
+			 * @example <caption>Turn off ability to use ultimatemember_account shortcode twice.</caption>
+			 * add_filter( 'um_ultimatemember_account_shortcode_disable_singleton', '__return_false' );
+			 */
+			$disable_singleton_shortcode = apply_filters( 'um_ultimatemember_account_shortcode_disable_singleton', true, $args );
+			if ( false === $disable_singleton_shortcode && in_array( $account_hash, $this->account_exist, true ) ) {
 				return '';
 			}
 
+			ob_start();
+
 			if ( ! empty( $args['tab'] ) ) {
 
 				if ( 'account' === $args['tab'] ) {

From e6a9c4060f50f5b6174bf46721fec9b35bb016b8 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Mon, 24 Jul 2023 11:58:20 +0300
Subject: [PATCH 12/24] - fixed #1261;

---
 includes/admin/core/class-admin-notices.php | 22 ++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/includes/admin/core/class-admin-notices.php b/includes/admin/core/class-admin-notices.php
index c06015dd..f89f6f7b 100644
--- a/includes/admin/core/class-admin-notices.php
+++ b/includes/admin/core/class-admin-notices.php
@@ -7,7 +7,6 @@ if ( ! defined( 'ABSPATH' ) ) {
 
 if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 
-
 	/**
 	 * Class Admin_Notices
 	 * @package um\admin\core
@@ -19,16 +18,15 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 		 *
 		 * @var array
 		 */
-		var $list = array();
-
+		private $list = array();
 
 		/**
 		 * Admin_Notices constructor.
 		 */
-		function __construct() {
+		public function __construct() {
 			add_action( 'admin_init', array( &$this, 'create_languages_folder' ) );
 
-			add_action( 'admin_init', array( &$this, 'create_list' ), 10 );
+			add_action( 'admin_init', array( &$this, 'create_list' ) );
 			add_action( 'admin_notices', array( &$this, 'render_notices' ), 1 );
 
 			add_action( 'wp_ajax_um_dismiss_notice', array( &$this, 'dismiss_notice' ) );
@@ -37,11 +35,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			add_action( 'current_screen', array( &$this, 'create_list_for_screen' ) );
 		}
 
-
 		/**
 		 *
 		 */
-		function create_list() {
+		public function create_list() {
 			$this->old_extensions_notice();
 			$this->install_core_page_notice();
 			$this->exif_extension_notice();
@@ -93,7 +90,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 		/**
 		 * @return array
 		 */
-		function get_admin_notices() {
+		public function get_admin_notices() {
 			return $this->list;
 		}
 
@@ -885,7 +882,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			}
 
 			$global_role = get_option( 'default_role' ); // WP Global settings
-			$caps        = get_role( $global_role )->capabilities;
+			$global_role = get_role( $global_role );
+			$caps        = ( null !== $global_role && ! empty( $global_role->capabilities ) ) ? $global_role->capabilities : array();
 			foreach ( array_keys( $caps ) as $cap ) {
 				if ( in_array( $cap, $arr_banned_caps, true ) ) {
 					ob_start();
@@ -910,7 +908,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 
 			$um_global_role = UM()->options()->get( 'register_role' ); // UM Settings Global settings
 			if ( ! empty( $um_global_role ) ) {
-				$caps = get_role( $um_global_role )->capabilities;
+				$um_global_role = get_role( $um_global_role );
+				$caps           = ( null !== $um_global_role && ! empty( $um_global_role->capabilities ) ) ? $um_global_role->capabilities : array();
 				foreach ( array_keys( $caps ) as $cap ) {
 					if ( in_array( $cap, $arr_banned_caps, true ) ) {
 						ob_start();
@@ -966,7 +965,8 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 					continue;
 				}
 
-				$caps = get_role( $role )->capabilities;
+				$role = get_role( $role );
+				$caps = ( null !== $role && ! empty( $role->capabilities ) ) ? $role->capabilities : array();
 				foreach ( array_keys( $caps ) as $cap ) {
 					if ( in_array( $cap, $arr_banned_caps, true ) ) {
 						$content .= '<br /><a target="_blank" href="' . get_edit_post_link( $form_id ) . '">' . get_the_title( $form_id ) . '</a> contains <strong>administrative role</strong>.';

From 2ac7324f77cb05c9e44f60455bc83f46d349f089 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Mon, 24 Jul 2023 12:25:32 +0300
Subject: [PATCH 13/24] - fixed issue with sanitizing "0" values when value is
 "" empty line; - added _wpnonce to admin action

---
 includes/admin/class-admin.php | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/includes/admin/class-admin.php b/includes/admin/class-admin.php
index ef8f2544..1200d2d8 100644
--- a/includes/admin/class-admin.php
+++ b/includes/admin/class-admin.php
@@ -764,16 +764,16 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 						'sanitize' => 'bool',
 					),
 					'_max_selections'                 => array(
-						'sanitize' => 'empty_int',
+						'sanitize' => 'empty_absint',
 					),
 					'_min_selections'                 => array(
-						'sanitize' => 'empty_int',
+						'sanitize' => 'empty_absint',
 					),
 					'_max_entries'                    => array(
-						'sanitize' => 'absint',
+						'sanitize' => 'empty_absint',
 					),
 					'_max_words'                      => array(
-						'sanitize' => 'absint',
+						'sanitize' => 'empty_absint',
 					),
 					'_min'                            => array(
 						'sanitize' => 'empty_int',
@@ -782,10 +782,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 						'sanitize' => 'empty_int',
 					),
 					'_min_chars'                      => array(
-						'sanitize' => 'absint',
+						'sanitize' => 'empty_absint',
 					),
 					'_max_chars'                      => array(
-						'sanitize' => 'absint',
+						'sanitize' => 'empty_absint',
 					),
 					'_html'                           => array(
 						'sanitize' => 'bool',
@@ -1935,23 +1935,26 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 		 * @return array
 		 */
 		function plugin_links( $links ) {
-			$more_links[] = '<a href="http://docs.ultimatemember.com/">' . __( 'Docs', 'ultimate-member' ) . '</a>';
-			$more_links[] = '<a href="'.admin_url().'admin.php?page=um_options">' . __( 'Settings', 'ultimate-member' ) . '</a>';
+			$more_links[] = '<a href="http://docs.ultimatemember.com/">' . esc_html__( 'Docs', 'ultimate-member' ) . '</a>';
+			$more_links[] = '<a href="' . admin_url() . 'admin.php?page=um_options">' . esc_html__( 'Settings', 'ultimate-member' ) . '</a>';
 
 			$links = $more_links + $links;
 			return $links;
 		}
 
-
 		/**
 		 * Init admin action/filters + request handlers
 		 */
-		function admin_init() {
+		public function admin_init() {
 			$this->init_variables();
 
-			if ( is_admin() && current_user_can( 'manage_options' ) && ! empty( $_REQUEST['um_adm_action'] ) ) {
+			if ( ! empty( $_REQUEST['um_adm_action'] ) && is_admin() && current_user_can( 'manage_options' ) ) {
 				$action = sanitize_key( $_REQUEST['um_adm_action'] );
 
+				if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
+					wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
+				}
+
 				/**
 				 * UM hook
 				 *

From 2ea7fb9e331fdc230aed4830bc583708dc5254f5 Mon Sep 17 00:00:00 2001
From: ashubawork <andrew.shuba2@gmail.com>
Date: Mon, 24 Jul 2023 12:31:11 +0300
Subject: [PATCH 14/24] - fix counting words in a textarea field

---
 includes/core/um-actions-form.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/core/um-actions-form.php b/includes/core/um-actions-form.php
index 39eca33e..0d847b2e 100644
--- a/includes/core/um-actions-form.php
+++ b/includes/core/um-actions-form.php
@@ -573,7 +573,9 @@ function um_submit_form_errors_hook_( $submitted_data, $form_data ) {
 		}
 
 		if ( isset( $array['max_words'] ) && $array['max_words'] > 0 ) {
-			if ( str_word_count( $submitted_data[ $key ], 0, "éèàôù" ) > $array['max_words'] ) {
+			// count words without html tags
+			$without_tags = wp_strip_all_tags( $submitted_data[ $key ] );
+			if ( str_word_count( $without_tags, 0, 'éèàôù' ) > $array['max_words'] ) {
 				// translators: %s: max words.
 				UM()->form()->add_error( $key, sprintf( __( 'You are only allowed to enter a maximum of %s words', 'ultimate-member' ), $array['max_words'] ) );
 			}

From fa2108172ffdba0e7ce72bafdb8d4bb46826ecac Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Mon, 24 Jul 2023 12:57:18 +0300
Subject: [PATCH 15/24] - fixed issue with lack of the nonces in the
 um_adm_action handler;

---
 includes/admin/core/class-admin-columns.php   |  1 +
 includes/admin/core/class-admin-notices.php   | 66 +++++++++++++------
 includes/admin/core/class-admin-settings.php  |  9 ++-
 includes/admin/templates/dashboard/cache.php  | 23 +++++--
 includes/admin/templates/dashboard/purge.php  | 14 +++-
 .../templates/dashboard/upgrade-request.php   | 20 ++++--
 includes/core/class-permalinks.php            | 15 +++--
 7 files changed, 110 insertions(+), 38 deletions(-)

diff --git a/includes/admin/core/class-admin-columns.php b/includes/admin/core/class-admin-columns.php
index 55a65adb..1607220d 100644
--- a/includes/admin/core/class-admin-columns.php
+++ b/includes/admin/core/class-admin-columns.php
@@ -118,6 +118,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Columns' ) ) {
 					'um_adm_action' => 'duplicate_form',
 					'post_id'       => $id,
 					'nonce'         => wp_create_nonce( "um-duplicate_form{$id}" ),
+					'_wpnonce'      => wp_create_nonce( 'duplicate_form' ),
 				),
 				admin_url( 'edit.php' )
 			);
diff --git a/includes/admin/core/class-admin-notices.php b/includes/admin/core/class-admin-notices.php
index f89f6f7b..75af3e22 100644
--- a/includes/admin/core/class-admin-notices.php
+++ b/includes/admin/core/class-admin-notices.php
@@ -369,7 +369,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			);
 		}
 
-
 		/**
 		 * Regarding page setup
 		 */
@@ -381,9 +380,16 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 				foreach ( $pages as $slug => $page_id ) {
 					$page = get_post( $page_id );
 
-					if ( ! isset( $page->ID ) && in_array( $slug, array_keys( UM()->config()->core_pages ) ) ) {
+					if ( ! isset( $page->ID ) && array_key_exists( $slug, UM()->config()->core_pages ) ) {
+						$url = add_query_arg(
+							array(
+								'um_adm_action' => 'install_core_pages',
+								'_wpnonce'      => wp_create_nonce( 'install_core_pages' ),
+							)
+						);
 
-						ob_start(); ?>
+						ob_start();
+						?>
 
 						<p>
 							<?php
@@ -393,18 +399,23 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 						</p>
 
 						<p>
-							<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'install_core_pages' ) ); ?>" class="button button-primary"><?php _e( 'Create Pages', 'ultimate-member' ) ?></a>
+							<a href="<?php echo esc_url( $url ); ?>" class="button button-primary"><?php esc_html_e( 'Create Pages', 'ultimate-member' ); ?></a>
 							&nbsp;
-							<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php _e( 'No thanks', 'ultimate-member' ) ?></a>
+							<a href="javascript:void(0);" class="button-secondary um_secondary_dimiss"><?php esc_html_e( 'No thanks', 'ultimate-member' ); ?></a>
 						</p>
 
-						<?php $message = ob_get_clean();
+						<?php
+						$message = ob_get_clean();
 
-						$this->add_notice( 'wrong_pages', array(
-							'class'         => 'updated',
-							'message'       => $message,
-							'dismissible'   => true
-						), 20 );
+						$this->add_notice(
+							'wrong_pages',
+							array(
+								'class'       => 'updated',
+								'message'     => $message,
+								'dismissible' => true,
+							),
+							20
+						);
 
 						break;
 					}
@@ -413,23 +424,30 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 				if ( isset( $pages['user'] ) ) {
 					$test = get_post( $pages['user'] );
 					if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
-						$this->add_notice( 'wrong_user_page', array(
-							'class'     => 'updated',
-							'message'   => '<p>' . __( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
-						), 25 );
+						$this->add_notice(
+							'wrong_user_page',
+							array(
+								'class'   => 'updated',
+								'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: User page can not be a child page.', 'ultimate-member' ) . '</p>',
+							),
+							25
+						);
 					}
 				}
 
 				if ( isset( $pages['account'] ) ) {
 					$test = get_post( $pages['account'] );
 					if ( isset( $test->post_parent ) && $test->post_parent > 0 ) {
-						$this->add_notice( 'wrong_account_page', array(
-							'class'     => 'updated',
-							'message'   => '<p>' . __( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
-						), 30 );
+						$this->add_notice(
+							'wrong_account_page',
+							array(
+								'class'   => 'updated',
+								'message' => '<p>' . esc_html__( 'Ultimate Member Setup Error: Account page can not be a child page.', 'ultimate-member' ) . '</p>',
+							),
+							30
+						);
 					}
 				}
-
 			}
 		}
 
@@ -441,12 +459,18 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			$hide_exif_notice = get_option( 'um_hide_exif_notice' );
 
 			if ( ! extension_loaded( 'exif' ) && ! $hide_exif_notice ) {
+				$url = add_query_arg(
+					array(
+						'um_adm_action' => 'um_hide_exif_notice',
+						'_wpnonce'      => wp_create_nonce( 'um_hide_exif_notice' ),
+					)
+				);
 				$this->add_notice(
 					'exif_disabled',
 					array(
 						'class'   => 'updated',
 						// translators: %s: query args.
-						'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), add_query_arg( 'um_adm_action', 'um_hide_exif_notice' ) ) . '</p>',
+						'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), $url ) . '</p>',
 					),
 					10
 				);
diff --git a/includes/admin/core/class-admin-settings.php b/includes/admin/core/class-admin-settings.php
index d8a7cb4e..d504b8c7 100644
--- a/includes/admin/core/class-admin-settings.php
+++ b/includes/admin/core/class-admin-settings.php
@@ -3072,10 +3072,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
 		 */
 		public function settings_override_templates_tab() {
 			$um_check_version = get_transient( 'um_check_template_versions' );
+
+			$check_url = add_query_arg(
+				array(
+					'um_adm_action' => 'check_templates_version',
+					'_wpnonce'      => wp_create_nonce( 'check_templates_version' ),
+				)
+			);
 			?>
 
 			<p class="description" style="margin: 20px 0 0 0;">
-				<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'check_templates_version' ) ); ?>" class="button" style="margin-right: 10px;">
+				<a href="<?php echo esc_url( $check_url ); ?>" class="button" style="margin-right: 10px;">
 					<?php esc_html_e( 'Re-check templates', 'ultimate-member' ); ?>
 				</a>
 				<?php
diff --git a/includes/admin/templates/dashboard/cache.php b/includes/admin/templates/dashboard/cache.php
index a2241443..0477b9dd 100644
--- a/includes/admin/templates/dashboard/cache.php
+++ b/includes/admin/templates/dashboard/cache.php
@@ -1,4 +1,5 @@
-<?php if ( ! defined( 'ABSPATH' ) ) {
+<?php
+if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 
@@ -9,18 +10,32 @@ $count = $wpdb->get_var(
 	FROM {$wpdb->options}
 	WHERE option_name LIKE 'um_cache_userdata_%'"
 );
+
+$url_user_cache = add_query_arg(
+	array(
+		'um_adm_action' => 'user_cache',
+		'_wpnonce'      => wp_create_nonce( 'user_cache' ),
+	)
+);
+
+$url_user_status_cache = add_query_arg(
+	array(
+		'um_adm_action' => 'user_status_cache',
+		'_wpnonce'      => wp_create_nonce( 'user_status_cache' ),
+	)
+);
 ?>
 
-<p><?php _e( 'Run this task from time to time to keep your DB clean.', 'ultimate-member' ) ?></p>
+<p><?php esc_html_e( 'Run this task from time to time to keep your DB clean.', 'ultimate-member' ); ?></p>
 
 <p>
-	<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'user_cache' ) ); ?>" class="button">
+	<a href="<?php echo esc_url( $url_user_cache ); ?>" class="button">
 		<?php
 		// translators: %s: users number.
 		echo esc_html( sprintf( __( 'Clear cache of %s users', 'ultimate-member' ), $count ) );
 		?>
 	</a>
-	<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'user_status_cache' ) ); ?>" class="button">
+	<a href="<?php echo esc_url( $url_user_status_cache ); ?>" class="button">
 		<?php esc_html_e( 'Clear user statuses cache', 'ultimate-member' ); ?>
 	</a>
 </p>
diff --git a/includes/admin/templates/dashboard/purge.php b/includes/admin/templates/dashboard/purge.php
index b1facb25..5e80926b 100644
--- a/includes/admin/templates/dashboard/purge.php
+++ b/includes/admin/templates/dashboard/purge.php
@@ -1,7 +1,15 @@
-<?php if ( ! defined( 'ABSPATH' ) ) {
+<?php
+if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 
+$url = add_query_arg(
+	array(
+		'um_adm_action' => 'purge_temp',
+		'_wpnonce'      => wp_create_nonce( 'purge_temp' ),
+	)
+);
+
 if ( $this->dir_size( 'temp' ) > 0.1 ) { ?>
 
 	<p>
@@ -12,8 +20,8 @@ if ( $this->dir_size( 'temp' ) > 0.1 ) { ?>
 	</p>
 
 	<p>
-		<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'purge_temp' ) ); ?>" class="button">
-			<?php _e( 'Purge Temp', 'ultimate-member' ); ?>
+		<a href="<?php echo esc_url( $url ); ?>" class="button">
+			<?php esc_html_e( 'Purge Temp', 'ultimate-member' ); ?>
 		</a>
 	</p>
 
diff --git a/includes/admin/templates/dashboard/upgrade-request.php b/includes/admin/templates/dashboard/upgrade-request.php
index b5061d8e..0d10fd17 100644
--- a/includes/admin/templates/dashboard/upgrade-request.php
+++ b/includes/admin/templates/dashboard/upgrade-request.php
@@ -1,9 +1,19 @@
-<?php if ( ! defined( 'ABSPATH' ) ) exit; ?>
+<?php
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
 
+$url = add_query_arg(
+	array(
+		'um_adm_action' => 'manual_upgrades_request',
+		'_wpnonce'      => wp_create_nonce( 'manual_upgrades_request' ),
+	)
+);
+?>
 
-<p><?php _e( 'Run this task from time to time if you have issues with WP Cron and need to get UM extension updates.', 'ultimate-member' ) ?></p>
+<p><?php esc_html_e( 'Run this task from time to time if you have issues with WP Cron and need to get UM extension updates.', 'ultimate-member' ); ?></p>
 <p>
-	<a href="<?php echo esc_url( add_query_arg( 'um_adm_action', 'manual_upgrades_request' ) ); ?>" class="button">
-		<?php _e( 'Get latest versions', 'ultimate-member' ) ?>
+	<a href="<?php echo esc_url( $url ); ?>" class="button">
+		<?php esc_html_e( 'Get latest versions', 'ultimate-member' ); ?>
 	</a>
-</p>
\ No newline at end of file
+</p>
diff --git a/includes/core/class-permalinks.php b/includes/core/class-permalinks.php
index 59f9e6cd..0bbb47bf 100644
--- a/includes/core/class-permalinks.php
+++ b/includes/core/class-permalinks.php
@@ -482,13 +482,20 @@ if ( ! class_exists( 'um\core\Permalinks' ) ) {
 		 * @param $action
 		 * @param $subaction
 		 *
+		 * @deprecated 2.6.9
+		 *
 		 * @return mixed|string|void
 		 */
 		public function admin_act_url( $action, $subaction ) {
-			$url = $this->get_current_url();
-			$url = add_query_arg( 'um_adm_action', $action, $url );
-			$url = add_query_arg( 'sub', $subaction, $url );
-			$url = add_query_arg( 'user_id', um_user( 'ID' ), $url );
+			_deprecated_function( __METHOD__, '2.6.9' );
+			$url = add_query_arg(
+				array(
+					'um_adm_action' => $action,
+					'sub'           => $subaction,
+					'user_id'       => um_user( 'ID' ),
+					'_wpnonce'      => wp_create_nonce( $action ),
+				)
+			);
 			return $url;
 		}
 

From e14f165e735ef6cb5c6c117f2f928d72faef992a Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Mon, 24 Jul 2023 22:30:33 +0300
Subject: [PATCH 16/24] - fixed issue with lack of the nonces in the
 um_adm_action handler; - fixed #1263;

---
 includes/admin/class-admin.php              | 186 ++++++++------------
 includes/admin/core/class-admin-columns.php |   3 +-
 includes/admin/core/class-admin-notices.php |  19 +-
 includes/core/um-actions-profile.php        |  28 ++-
 4 files changed, 107 insertions(+), 129 deletions(-)

diff --git a/includes/admin/class-admin.php b/includes/admin/class-admin.php
index 1200d2d8..c2293a52 100644
--- a/includes/admin/class-admin.php
+++ b/includes/admin/class-admin.php
@@ -61,21 +61,18 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 		public function __construct() {
 			parent::__construct();
 
-			$this->templates_path = um_path . 'includes/admin/templates/';
+			$this->templates_path = UM_PATH . 'includes/admin/templates/';
 
 			add_action( 'admin_init', array( &$this, 'admin_init' ), 0 );
 
 			$prefix = is_network_admin() ? 'network_admin_' : '';
-			add_filter( "{$prefix}plugin_action_links_" . um_plugin, array( &$this, 'plugin_links' ) );
+			add_filter( "{$prefix}plugin_action_links_" . UM_PLUGIN, array( &$this, 'plugin_links' ) );
 
 			add_action( 'um_admin_do_action__user_cache', array( &$this, 'user_cache' ) );
 			add_action( 'um_admin_do_action__user_status_cache', array( &$this, 'user_status_cache' ) );
 			add_action( 'um_admin_do_action__purge_temp', array( &$this, 'purge_temp' ) );
 			add_action( 'um_admin_do_action__manual_upgrades_request', array( &$this, 'manual_upgrades_request' ) );
 			add_action( 'um_admin_do_action__duplicate_form', array( &$this, 'duplicate_form' ) );
-			add_action( 'um_admin_do_action__um_hide_locale_notice', array( &$this, 'um_hide_notice' ) );
-			add_action( 'um_admin_do_action__um_can_register_notice', array( &$this, 'um_hide_notice' ) );
-			add_action( 'um_admin_do_action__um_hide_exif_notice', array( &$this, 'um_hide_notice' ) );
 			add_action( 'um_admin_do_action__user_action', array( &$this, 'user_action' ) );
 			add_action( 'um_admin_do_action__check_templates_version', array( &$this, 'check_templates_version' ) );
 
@@ -1606,22 +1603,17 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 			return $classes;
 		}
 
-
 		/**
 		 *
 		 */
 		public function manual_upgrades_request() {
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
-
 			$last_request = get_option( 'um_last_manual_upgrades_request', false );
 
 			if ( empty( $last_request ) || time() > $last_request + DAY_IN_SECONDS ) {
 
 				if ( is_multisite() ) {
 					$blogs_ids = get_sites();
-					foreach( $blogs_ids as $b ) {
+					foreach ( $blogs_ids as $b ) {
 						switch_to_blog( $b->blog_id );
 						wp_clean_update_cache();
 
@@ -1638,22 +1630,30 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 					update_option( 'um_last_manual_upgrades_request', time() );
 				}
 
-				$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_got_updates' ), admin_url( 'admin.php' ) );
+				$url = add_query_arg(
+					array(
+						'page'   => 'ultimatemember',
+						'update' => 'um_got_updates',
+					),
+					admin_url( 'admin.php' )
+				);
 			} else {
-				$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_often_updates' ), admin_url( 'admin.php' ) );
+				$url = add_query_arg(
+					array(
+						'page'   => 'ultimatemember',
+						'update' => 'um_often_updates',
+					),
+					admin_url( 'admin.php' )
+				);
 			}
-			exit( wp_redirect( $url ) );
+			wp_safe_redirect( $url );
+			exit;
 		}
 
-
 		/**
-		 * Core pages installation
+		 * Core pages installation.
 		 */
-		function install_core_pages() {
-			if ( ! is_admin() ) {
-				die();
-			}
-
+		public function install_core_pages() {
 			UM()->setup()->install_default_pages();
 
 			//check empty pages in settings
@@ -1664,7 +1664,7 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 				foreach ( $pages as $slug => $page_id ) {
 					$page = get_post( $page_id );
 
-					if ( ! isset( $page->ID ) && in_array( $slug, array_keys( UM()->config()->core_pages ) ) ) {
+					if ( ! isset( $page->ID ) && array_key_exists( $slug, UM()->config()->core_pages ) ) {
 						$empty_pages[] = $slug;
 					}
 				}
@@ -1672,27 +1672,22 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 
 			//if there aren't empty pages - then hide pages notice
 			if ( empty( $empty_pages ) ) {
-				$hidden_notices = get_option( 'um_hidden_admin_notices', array() );
+				$hidden_notices   = get_option( 'um_hidden_admin_notices', array() );
 				$hidden_notices[] = 'wrong_pages';
 
 				update_option( 'um_hidden_admin_notices', $hidden_notices );
 			}
 
 			$url = add_query_arg( array( 'page' => 'um_options' ), admin_url( 'admin.php' ) );
-			exit( wp_redirect( $url ) );
+			wp_safe_redirect( $url );
+			exit;
 		}
 
-
 		/**
-		 * Clear all users cache
-		 *
-		 * @param $action
+		 * Clear all users cache.
 		 */
-		function user_cache( $action ) {
+		public function user_cache() {
 			global $wpdb;
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
 
 			$wpdb->query( "DELETE FROM {$wpdb->options} WHERE option_name LIKE 'um_cache_userdata_%'" );
 
@@ -1703,21 +1698,14 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 				),
 				admin_url( 'admin.php' )
 			);
-			wp_redirect( $url );
+			wp_safe_redirect( $url );
 			exit;
 		}
 
-
 		/**
-		 * Clear all users statuses count cache
-		 *
-		 * @param $action
+		 * Clear all users statuses count cache.
 		 */
-		function user_status_cache( $action ) {
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
-
+		public function user_status_cache() {
 			$statuses = array(
 				'approved',
 				'awaiting_admin_review',
@@ -1741,43 +1729,37 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 				),
 				admin_url( 'admin.php' )
 			);
-			wp_redirect( $url );
+			wp_safe_redirect( $url );
 			exit;
 		}
 
-
 		/**
-		 * Purge temp uploads dir
-		 * @param $action
+		 * Purge temp uploads dir.
 		 */
-		function purge_temp( $action ) {
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
-
+		public function purge_temp() {
 			UM()->files()->remove_dir( UM()->files()->upload_temp );
 
-			$url = add_query_arg( array( 'page' => 'ultimatemember', 'update' => 'um_purged_temp' ), admin_url( 'admin.php' ) );
-			exit( wp_redirect( $url ) );
+			$url = add_query_arg(
+				array(
+					'page'   => 'ultimatemember',
+					'update' => 'um_purged_temp',
+				),
+				admin_url( 'admin.php' )
+			);
+			wp_safe_redirect( $url );
+			exit;
 		}
 
-
 		/**
 		 * Duplicate form
-		 *
-		 * @param $action
 		 */
-		public function duplicate_form( $action ) {
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
-
-			if ( empty( $_REQUEST['post_id'] ) || empty( $_REQUEST['nonce'] ) || ! wp_verify_nonce( $_REQUEST['nonce'], "um-duplicate_form{$_REQUEST['post_id']}" ) ) {
-				die();
+		public function duplicate_form() {
+			if ( empty( $_REQUEST['post_id'] ) || empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], "um-duplicate_form{$_REQUEST['post_id']}" ) ) {
+				die( esc_html__( 'Security check', 'ultimate-member' ) );
 			}
 
 			if ( ! is_numeric( $_REQUEST['post_id'] ) ) {
-				die();
+				die( esc_html__( 'Wrong ID', 'ultimate-member' ) );
 			}
 
 			$post_id = absint( $_REQUEST['post_id'] );
@@ -1817,26 +1799,10 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 		}
 
 		/**
-		 * Action to hide notices in admin
-		 *
-		 * @param $action
+		 * Various user actions.
 		 */
-		function um_hide_notice( $action ) {
-			if ( ! is_admin() || ! current_user_can( 'manage_options' ) ) {
-				die();
-			}
-
-			update_option( $action, 1 );
-			exit( wp_redirect( remove_query_arg( 'um_adm_action' ) ) );
-		}
-
-		/**
-		 * Various user actions
-		 *
-		 * @param $action
-		 */
-		function user_action( $action ) {
-			if ( ! is_admin() || ! current_user_can( 'edit_users' ) ) {
+		public function user_action() {
+			if ( ! current_user_can( 'edit_users' ) ) {
 				die();
 			}
 			if ( ! isset( $_REQUEST['sub'] ) ) {
@@ -1891,17 +1857,14 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 
 			um_reset_user();
 
-			wp_redirect( add_query_arg( 'update', 'um_user_updated', admin_url( '?page=ultimatemember' ) ) );
+			wp_safe_redirect( add_query_arg( 'update', 'um_user_updated', admin_url( '?page=ultimatemember' ) ) );
 			exit;
-
 		}
 
 		/**
-		 * Manual check templates versions
-		 *
-		 * @param $action
+		 * Manual check templates versions.
 		 */
-		public function check_templates_version( $action ) {
+		public function check_templates_version() {
 			$templates = UM()->admin_settings()->get_override_templates( true );
 			$out_date  = false;
 
@@ -1928,13 +1891,13 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 		}
 
 		/**
-		 * Add any custom links to plugin page
+		 * Add any custom links to plugin page.
 		 *
 		 * @param array $links
 		 *
 		 * @return array
 		 */
-		function plugin_links( $links ) {
+		public function plugin_links( $links ) {
 			$more_links[] = '<a href="http://docs.ultimatemember.com/">' . esc_html__( 'Docs', 'ultimate-member' ) . '</a>';
 			$more_links[] = '<a href="' . admin_url() . 'admin.php?page=um_options">' . esc_html__( 'Settings', 'ultimate-member' ) . '</a>';
 
@@ -1951,8 +1914,17 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 			if ( ! empty( $_REQUEST['um_adm_action'] ) && is_admin() && current_user_can( 'manage_options' ) ) {
 				$action = sanitize_key( $_REQUEST['um_adm_action'] );
 
-				if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
-					wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
+				$individual_nonce_actions = array(
+					'user_action',
+					'duplicate_form',
+				);
+				$individual_nonce_actions = apply_filters( 'um_adm_action_individual_nonce_actions', $individual_nonce_actions );
+
+				// Some actions have their own nonce. Verify individually.
+				if ( ! in_array( $action, $individual_nonce_actions, true ) ) {
+					if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], $action ) ) {
+						wp_die( esc_attr__( 'Security Check', 'ultimate-member' ) );
+					}
 				}
 
 				/**
@@ -1998,7 +1970,6 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 			}
 		}
 
-
 		/**
 		 * Updated post messages
 		 *
@@ -2006,31 +1977,30 @@ if ( ! class_exists( 'um\admin\Admin' ) ) {
 		 *
 		 * @return array
 		 */
-		function post_updated_messages( $messages ) {
+		public function post_updated_messages( $messages ) {
 			global $post_ID;
 
 			$post_type = get_post_type( $post_ID );
 
-			if ( $post_type == 'um_form' ) {
+			if ( 'um_form' === $post_type ) {
 				$messages['um_form'] = array(
-					0   => '',
-					1   => __( 'Form updated.', 'ultimate-member' ),
-					2   => __( 'Custom field updated.', 'ultimate-member' ),
-					3   => __( 'Custom field deleted.', 'ultimate-member' ),
-					4   => __( 'Form updated.', 'ultimate-member' ),
-					5   => isset( $_GET['revision'] ) ? __( 'Form restored to revision.', 'ultimate-member' ) : false,
-					6   => __( 'Form created.', 'ultimate-member' ),
-					7   => __( 'Form saved.', 'ultimate-member' ),
-					8   => __( 'Form submitted.', 'ultimate-member' ),
-					9   => __( 'Form scheduled.', 'ultimate-member' ),
-					10  => __( 'Form draft updated.', 'ultimate-member' ),
+					0  => '',
+					1  => __( 'Form updated.', 'ultimate-member' ),
+					2  => __( 'Custom field updated.', 'ultimate-member' ),
+					3  => __( 'Custom field deleted.', 'ultimate-member' ),
+					4  => __( 'Form updated.', 'ultimate-member' ),
+					5  => isset( $_GET['revision'] ) ? __( 'Form restored to revision.', 'ultimate-member' ) : false,
+					6  => __( 'Form created.', 'ultimate-member' ),
+					7  => __( 'Form saved.', 'ultimate-member' ),
+					8  => __( 'Form submitted.', 'ultimate-member' ),
+					9  => __( 'Form scheduled.', 'ultimate-member' ),
+					10 => __( 'Form draft updated.', 'ultimate-member' ),
 				);
 			}
 
 			return $messages;
 		}
 
-
 		/**
 		 * Gettext filters
 		 *
diff --git a/includes/admin/core/class-admin-columns.php b/includes/admin/core/class-admin-columns.php
index 1607220d..317b0b36 100644
--- a/includes/admin/core/class-admin-columns.php
+++ b/includes/admin/core/class-admin-columns.php
@@ -117,8 +117,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Columns' ) ) {
 					'post_type'     => 'um_form',
 					'um_adm_action' => 'duplicate_form',
 					'post_id'       => $id,
-					'nonce'         => wp_create_nonce( "um-duplicate_form{$id}" ),
-					'_wpnonce'      => wp_create_nonce( 'duplicate_form' ),
+					'_wpnonce'      => wp_create_nonce( "um-duplicate_form{$id}" ),
 				),
 				admin_url( 'edit.php' )
 			);
diff --git a/includes/admin/core/class-admin-notices.php b/includes/admin/core/class-admin-notices.php
index 75af3e22..72dd29eb 100644
--- a/includes/admin/core/class-admin-notices.php
+++ b/includes/admin/core/class-admin-notices.php
@@ -451,28 +451,19 @@ if ( ! class_exists( 'um\admin\core\Admin_Notices' ) ) {
 			}
 		}
 
-
 		/**
 		* EXIF library notice
 		*/
 		public function exif_extension_notice() {
-			$hide_exif_notice = get_option( 'um_hide_exif_notice' );
-
-			if ( ! extension_loaded( 'exif' ) && ! $hide_exif_notice ) {
-				$url = add_query_arg(
-					array(
-						'um_adm_action' => 'um_hide_exif_notice',
-						'_wpnonce'      => wp_create_nonce( 'um_hide_exif_notice' ),
-					)
-				);
+			if ( ! extension_loaded( 'exif' ) ) {
 				$this->add_notice(
 					'exif_disabled',
 					array(
-						'class'   => 'updated',
+						'class'       => 'updated',
 						// translators: %s: query args.
-						'message' => '<p>' . sprintf( __( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension. <a href="%s">Hide this notice</a>', 'ultimate-member' ), $url ) . '</p>',
-					),
-					10
+						'message'     => '<p>' . esc_html__( 'Exif is not enabled on your server. Mobile photo uploads will not be rotated correctly until you enable the exif extension.', 'ultimate-member' ) . '</p>',
+						'dismissible' => true,
+					)
 				);
 			}
 		}
diff --git a/includes/core/um-actions-profile.php b/includes/core/um-actions-profile.php
index 60d3081a..8c5730ad 100644
--- a/includes/core/um-actions-profile.php
+++ b/includes/core/um-actions-profile.php
@@ -235,6 +235,14 @@ function um_user_edit_profile( $args, $form_data ) {
 				continue;
 			}
 
+			if ( is_array( $array ) ) {
+				$origin_data = UM()->fields()->get_field( $key );
+				if ( is_array( $origin_data ) ) {
+					// Merge data passed with original field data.
+					$array = array_merge( $origin_data, $array );
+				}
+			}
+
 			// required option? 'required_opt' - it's field attribute predefined in the field data in code
 			// @todo can be unnecessary. it's used in 1 place (user account).
 			if ( isset( $array['required_opt'] ) ) {
@@ -283,8 +291,7 @@ function um_user_edit_profile( $args, $form_data ) {
 			 */
 			$has_custom_source = apply_filters( "um_has_dropdown_options_source__{$key}", false );
 			if ( isset( $array['options'] ) && in_array( $array['type'], array( 'select', 'multiselect' ), true ) ) {
-
-				$options = array();
+				$options = $array['options'];
 				if ( ! empty( $array['custom_dropdown_options_source'] ) && function_exists( $array['custom_dropdown_options_source'] ) && ! $has_custom_source ) {
 					if ( ! UM()->fields()->is_source_blacklisted( $array['custom_dropdown_options_source'] ) ) {
 						$callback_result = call_user_func( $array['custom_dropdown_options_source'], $array['options'] );
@@ -293,7 +300,6 @@ function um_user_edit_profile( $args, $form_data ) {
 						}
 					}
 				}
-
 				$array['options'] = apply_filters( "um_custom_dropdown_options__{$key}", $options );
 			}
 
@@ -318,8 +324,20 @@ function um_user_edit_profile( $args, $form_data ) {
 			//the user cannot set invalid value in the hidden input at the page
 			if ( in_array( $array['type'], array( 'multiselect', 'checkbox', 'radio' ), true ) ) {
 				if ( ! empty( $args['submitted'][ $key ] ) && ! empty( $array['options'] ) ) {
-					$args['submitted'][ $key ] = array_map( 'stripslashes', array_map( 'trim', $args['submitted'][ $key ] ) );
-					$args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], array_map( 'trim', $array['options'] ) );
+					if ( is_array( $args['submitted'][ $key ] ) ) {
+						$args['submitted'][ $key ] = array_map( 'stripslashes', array_map( 'trim', $args['submitted'][ $key ] ) );
+						if ( is_array( $array['options'] ) ) {
+							$args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], array_map( 'trim', $array['options'] ) );
+						} else {
+							$args['submitted'][ $key ] = array_intersect( $args['submitted'][ $key ], array( trim( $array['options'] ) ) );
+						}
+					} else {
+						if ( is_array( $array['options'] ) ) {
+							$args['submitted'][ $key ] = array_intersect( array( stripslashes( trim( $args['submitted'][ $key ] ) ) ), array_map( 'trim', $array['options'] ) );
+						} else {
+							$args['submitted'][ $key ] = array_intersect( array( stripslashes( trim( $args['submitted'][ $key ] ) ) ), array( trim( $array['options'] ) ) );
+						}
+					}
 				}
 
 				// update empty user meta

From 15a18cf6d499a4bf5aee0e6ec33e4ada2fdffc70 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Mon, 24 Jul 2023 22:57:49 +0300
Subject: [PATCH 17/24] - reviewed #1256;

---
 includes/admin/core/class-admin-metabox.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php
index a53f8285..4e35a663 100644
--- a/includes/admin/core/class-admin-metabox.php
+++ b/includes/admin/core/class-admin-metabox.php
@@ -1062,7 +1062,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 			do_action( 'um_admin_custom_login_metaboxes' );
 		}
 
-
 		/**
 		 * Save directory metabox
 		 *
@@ -1089,11 +1088,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 				return;
 			}
 
-			$where = array( 'ID' => $post_id );
-
 			if ( empty( $_POST['post_title'] ) ) {
+				$where = array( 'ID' => $post_id );
 				// translators: %s: Directory id.
 				$_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id );
+				$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
 			}
 
 			do_action( 'um_before_member_directory_save', $post_id );
@@ -1156,14 +1155,13 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 			update_post_meta( $post_id, '_um_search_filters_gmt', (int) $_POST['um-gmt-offset'] );
 		}
 
-
 		/**
 		 * Save form metabox
 		 *
 		 * @param $post_id
 		 * @param $post
 		 */
-		function save_metabox_form( $post_id, $post ) {
+		public function save_metabox_form( $post_id, $post ) {
 			global $wpdb;
 
 			// validate nonce
@@ -1173,7 +1171,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 			}
 
 			// validate post type
-			if ( $post->post_type != 'um_form' ) {
+			if ( 'um_form' !== $post->post_type ) {
 				return;
 			}
 
@@ -1183,10 +1181,11 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) {
 				return;
 			}
 
-			$where = array( 'ID' => $post_id );
 			if ( empty( $_POST['post_title'] ) ) {
+				$where = array( 'ID' => $post_id );
 				// translators: %s: Form id.
 				$_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id );
+				$wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( wp_unslash( $_POST['post_title'] ) ) ), $where );
 			}
 
 			// save

From 9447fb6675575e565aba527c755ad340cb2e1cbc Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 00:29:35 +0300
Subject: [PATCH 18/24] - reviewed #1255;

---
 assets/js/um-profile.js     | 17 +++++++++++------
 assets/js/um-profile.min.js |  2 +-
 templates/profile.php       |  8 +++++---
 3 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/assets/js/um-profile.js b/assets/js/um-profile.js
index b353abae..45d81166 100644
--- a/assets/js/um-profile.js
+++ b/assets/js/um-profile.js
@@ -121,12 +121,17 @@ jQuery(document).ready(function() {
 	});
 	jQuery( 'textarea[id="um-meta-bio"]' ).trigger('change');
 
-
 	// Biography (description) fields syncing.
-	jQuery( '.um-profile form' ).on( 'change, input', 'textarea[name="description"]', function ( e ) {
-		var $all_description_fields = jQuery( '#um-meta-bio, #description, textarea[name="description"]', e.delegateTarget );
-		$all_description_fields.val( e.currentTarget.value );
-	} );
+	jQuery( '.um-profile form' ).each( function () {
+		let descKey = jQuery(this).data('description_key');
+		jQuery( document.body ).on( 'change, input', 'textarea[name="' + descKey + '"]', function ( e ) {
+			jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).each( function() {
+				if ( jQuery(this)[0] !== e.currentTarget ) {
+					jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).val( e.currentTarget.value ).trigger('change');
+				}
+			});
+		});
+	});
 
 
 	jQuery( '.um-profile-edit a.um_delete-item' ).on( 'click', function(e) {
@@ -145,4 +150,4 @@ jQuery(document).ready(function() {
 		jQuery( e.currentTarget).trigger( "click" );
 	});
 
-});
\ No newline at end of file
+});
diff --git a/assets/js/um-profile.min.js b/assets/js/um-profile.min.js
index ce3ed59d..21017c32 100644
--- a/assets/js/um-profile.min.js
+++ b/assets/js/um-profile.min.js
@@ -1 +1 @@
-jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").on("change, input",'textarea[name="description"]',function(e){jQuery('#um-meta-bio, #description, textarea[name="description"]',e.delegateTarget).val(e.currentTarget.value)}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file
+jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").each(function(){let r=jQuery(this).data("description_key");jQuery(document.body).on("change, input",'textarea[name="'+r+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+r+'"]').each(function(){jQuery(this)[0]!==e.currentTarget&&jQuery(this).parents("form").find('textarea[name="'+r+'"]').val(e.currentTarget.value).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file
diff --git a/templates/profile.php b/templates/profile.php
index 3dedc659..5c0cdefc 100644
--- a/templates/profile.php
+++ b/templates/profile.php
@@ -6,7 +6,7 @@
  *
  * Page: "Profile"
  *
- * @version 2.6.1
+ * @version 2.6.9
  *
  * @var string $mode
  * @var int    $form_id
@@ -14,7 +14,9 @@
  */
 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
-} ?>
+}
+$description_key = UM()->profile()->get_show_bio_key( $args );
+?>
 
 <div class="um <?php echo esc_attr( $this->get_class( $mode ) ); ?> um-<?php echo esc_attr( $form_id ); ?> um-role-<?php echo esc_attr( um_user( 'role' ) ); ?> ">
 
@@ -43,7 +45,7 @@ if ( ! defined( 'ABSPATH' ) ) {
 		do_action( 'um_profile_before_header', $args );
 
 		if ( um_is_on_edit_profile() ) { ?>
-			<form method="post" action="">
+			<form method="post" action="" data-description_key="<?php echo esc_attr( $description_key ); ?>">
 		<?php }
 
 		/**

From 0eae48a9a188a279cbc3fd769f21b4cd9e2bc883 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 00:31:35 +0300
Subject: [PATCH 19/24] - reviewed #1255;

---
 assets/js/um-profile.js     | 14 ++++++++------
 assets/js/um-profile.min.js |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/assets/js/um-profile.js b/assets/js/um-profile.js
index 45d81166..4d3c059b 100644
--- a/assets/js/um-profile.js
+++ b/assets/js/um-profile.js
@@ -124,13 +124,15 @@ jQuery(document).ready(function() {
 	// Biography (description) fields syncing.
 	jQuery( '.um-profile form' ).each( function () {
 		let descKey = jQuery(this).data('description_key');
-		jQuery( document.body ).on( 'change, input', 'textarea[name="' + descKey + '"]', function ( e ) {
-			jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).each( function() {
-				if ( jQuery(this)[0] !== e.currentTarget ) {
-					jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).val( e.currentTarget.value ).trigger('change');
-				}
+		if ( jQuery(this).find( 'textarea[name="' + descKey + '"]' ).length ) {
+			jQuery( document.body ).on( 'change, input', 'textarea[name="' + descKey + '"]', function ( e ) {
+				jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).each( function() {
+					if ( jQuery(this)[0] !== e.currentTarget ) {
+						jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).val( e.currentTarget.value ).trigger('change');
+					}
+				});
 			});
-		});
+		}
 	});
 
 
diff --git a/assets/js/um-profile.min.js b/assets/js/um-profile.min.js
index 21017c32..9b386e78 100644
--- a/assets/js/um-profile.min.js
+++ b/assets/js/um-profile.min.js
@@ -1 +1 @@
-jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").each(function(){let r=jQuery(this).data("description_key");jQuery(document.body).on("change, input",'textarea[name="'+r+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+r+'"]').each(function(){jQuery(this)[0]!==e.currentTarget&&jQuery(this).parents("form").find('textarea[name="'+r+'"]').val(e.currentTarget.value).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file
+jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){t.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").each(function(){let t=jQuery(this).data("description_key");jQuery(this).find('textarea[name="'+t+'"]').length&&jQuery(document.body).on("change, input",'textarea[name="'+t+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+t+'"]').each(function(){jQuery(this)[0]!==e.currentTarget&&jQuery(this).parents("form").find('textarea[name="'+t+'"]').val(e.currentTarget.value).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file

From 3100adbc50327dd90edcf4fd445ad560ff6ffe75 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 00:48:53 +0300
Subject: [PATCH 20/24] - reviewed #1255;

---
 assets/js/um-profile.js     | 14 ++++++++------
 assets/js/um-profile.min.js |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/assets/js/um-profile.js b/assets/js/um-profile.js
index 4d3c059b..5929df97 100644
--- a/assets/js/um-profile.js
+++ b/assets/js/um-profile.js
@@ -107,10 +107,11 @@ jQuery(document).ready(function() {
 	//jQuery( 'textarea[id="um-meta-bio"]' ).on('change', um_update_bio_countdown ).keyup( um_update_bio_countdown ).trigger('change');
 
 	// Bio characters limit
-	jQuery( document.body ).on( 'change, keyup', 'textarea[id="um-meta-bio"]', function() {
+	jQuery( document.body ).on( 'change keyup', '#um-meta-bio', function() {
 		if ( typeof jQuery(this).val() !== 'undefined' ) {
-			var um_bio_limit = jQuery(this).attr( "data-character-limit" );
+			var um_bio_limit = jQuery(this).data( 'character-limit' );
 			var remaining = um_bio_limit - jQuery(this).val().length;
+
 			jQuery( 'span.um-meta-bio-character span.um-bio-limit' ).text( remaining );
 			if ( remaining  < 5 ) {
 				jQuery('span.um-meta-bio-character').css('color','red');
@@ -119,16 +120,17 @@ jQuery(document).ready(function() {
 			}
 		}
 	});
-	jQuery( 'textarea[id="um-meta-bio"]' ).trigger('change');
+	jQuery( '#um-meta-bio' ).trigger('change');
 
 	// Biography (description) fields syncing.
 	jQuery( '.um-profile form' ).each( function () {
 		let descKey = jQuery(this).data('description_key');
 		if ( jQuery(this).find( 'textarea[name="' + descKey + '"]' ).length ) {
-			jQuery( document.body ).on( 'change, input', 'textarea[name="' + descKey + '"]', function ( e ) {
+			jQuery( document.body ).on( 'change input', 'textarea[name="' + descKey + '"]', function ( e ) {
 				jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).each( function() {
-					if ( jQuery(this)[0] !== e.currentTarget ) {
-						jQuery(this).parents( 'form' ).find( 'textarea[name="' + descKey + '"]' ).val( e.currentTarget.value ).trigger('change');
+					jQuery(this).val( e.currentTarget.value );
+					if ( jQuery('#um-meta-bio')[0] !== e.currentTarget && jQuery('#um-meta-bio')[0] === jQuery(this)[0] ) {
+						jQuery(this).trigger('change');
 					}
 				});
 			});
diff --git a/assets/js/um-profile.min.js b/assets/js/um-profile.min.js
index 9b386e78..f965ed66 100644
--- a/assets/js/um-profile.min.js
+++ b/assets/js/um-profile.min.js
@@ -1 +1 @@
-jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var t=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){t.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change, keyup",'textarea[id="um-meta-bio"]',function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).attr("data-character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery('textarea[id="um-meta-bio"]').trigger("change"),jQuery(".um-profile form").each(function(){let t=jQuery(this).data("description_key");jQuery(this).find('textarea[name="'+t+'"]').length&&jQuery(document.body).on("change, input",'textarea[name="'+t+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+t+'"]').each(function(){jQuery(this)[0]!==e.currentTarget&&jQuery(this).parents("form").find('textarea[name="'+t+'"]').val(e.currentTarget.value).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file
+jQuery(document).ready(function(){jQuery(".um-profile.um-viewing .um-profile-body .um-row").each(function(){var e=jQuery(this);0==e.find(".um-field").length&&(e.prev(".um-row-heading").remove(),e.remove())}),jQuery(".um-profile.um-viewing .um-profile-body").length&&0==jQuery(".um-profile.um-viewing .um-profile-body").find(".um-field").length&&(jQuery(".um-profile.um-viewing .um-profile-body").find(".um-row-heading,.um-row").remove(),jQuery(".um-profile-note").show()),jQuery(document.body).on("click",".um-profile-save",function(e){return e.preventDefault(),jQuery(this).parents(".um").find("form").trigger("submit"),!1}),jQuery(document.body).on("click",".um-profile-edit-a",function(e){jQuery(this).addClass("active")}),jQuery(document.body).on("click",".um-cover a.um-cover-add, .um-photo a",function(e){e.preventDefault()}),jQuery(document.body).on("click",".um-photo-modal",function(e){e.preventDefault();e=jQuery(this).attr("data-src");return um_new_modal("um_view_photo","fit",!0,e),!1}),jQuery(document.body).on("click",".um-reset-profile-photo",function(e){return jQuery(".um-profile-photo-img img").attr("src",jQuery(this).attr("data-default_src")),user_id=jQuery(this).attr("data-user_id"),metakey="profile_photo",UM.dropdown.hideAll(),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_profile_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce}}),jQuery(this).parents("li").hide(),!1}),jQuery(document.body).on("click",".um-reset-cover-photo",function(e){var r=jQuery(this);return jQuery(".um-cover-overlay").hide(),jQuery(".um-cover-e").html('<a href="javascript:void(0);" class="um-cover-add" style="height: 370px;"><span class="um-cover-add-i"><i class="um-icon-plus um-tip-n" original-title="Upload a cover photo"></i></span></a>'),um_responsive(),user_id=jQuery(this).attr("data-user_id"),metakey="cover_photo",jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_delete_cover_photo",metakey:metakey,user_id:user_id,nonce:um_scripts.nonce},success:function(e){r.hide()}}),UM.dropdown.hideAll(),!1}),jQuery(document.body).on("change keyup","#um-meta-bio",function(){var e;void 0!==jQuery(this).val()&&(e=jQuery(this).data("character-limit")-jQuery(this).val().length,jQuery("span.um-meta-bio-character span.um-bio-limit").text(e),e<5?jQuery("span.um-meta-bio-character").css("color","red"):jQuery("span.um-meta-bio-character").css("color",""))}),jQuery("#um-meta-bio").trigger("change"),jQuery(".um-profile form").each(function(){let r=jQuery(this).data("description_key");jQuery(this).find('textarea[name="'+r+'"]').length&&jQuery(document.body).on("change input",'textarea[name="'+r+'"]',function(e){jQuery(this).parents("form").find('textarea[name="'+r+'"]').each(function(){jQuery(this).val(e.currentTarget.value),jQuery("#um-meta-bio")[0]!==e.currentTarget&&jQuery("#um-meta-bio")[0]===jQuery(this)[0]&&jQuery(this).trigger("change")})})}),jQuery(".um-profile-edit a.um_delete-item").on("click",function(e){if(e.preventDefault(),!confirm(wp.i18n.__("Are you sure that you want to delete this user?","ultimate-member")))return!1}),jQuery(".um-profile-nav a").on("touchend",function(e){jQuery(e.currentTarget).trigger("click")})});
\ No newline at end of file

From e45add34c4aaea8a883d9698ce1bbf229108debd Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 01:04:12 +0300
Subject: [PATCH 21/24] - updated readme.txt; - updated plugin main file
 markup;

---
 README.md           |  2 +-
 readme.txt          | 17 +++++++++++++++--
 ultimate-member.php | 23 ++++++++++++++---------
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index ecebd89d..1c66fd5b 100644
--- a/README.md
+++ b/README.md
@@ -44,7 +44,7 @@ GNU Version 2 or Any Later Version
 
 ### IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
 
-[Official Release Version: 2.6.8](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.8).
+[Official Release Version: 2.6.9](https://github.com/ultimatemember/ultimatemember/releases/tag/2.6.9).
 
 ## Changelog
 
diff --git a/readme.txt b/readme.txt
index 063bc318..cf76f648 100644
--- a/readme.txt
+++ b/readme.txt
@@ -7,7 +7,7 @@ Tags: community, member, membership, user-profile, user-registration
 Requires PHP: 5.6
 Requires at least: 5.5
 Tested up to: 6.2
-Stable tag: 2.6.8
+Stable tag: 2.6.9
 License: GNU Version 2 or Any Later Version
 License URI: http://www.gnu.org/licenses/gpl-3.0.txt
 
@@ -166,7 +166,7 @@ No specific extensions are needed. But we highly recommended keep active these P
 
 IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSION 2.6.7 PATCHES SECURITY PRIVILEGE ESCALATION VULNERABILITY. PLEASE SEE [THIS ARTICLE](https://docs.ultimatemember.com/article/1866-security-incident-update-and-recommended-actions) FOR MORE INFORMATION
 
-= 2.6.9: August xx, 2023 =
+= 2.6.9: July 26, 2023 =
 
 * Enhancements:
 
@@ -175,6 +175,19 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 * Bugfixes:
 
   - Fixed: Using allowed hosts for safe redirect after profile deletion
+  - Fixed: Nonce validation for the admin actions handler
+  - Fixed: Using singleton for UM Forms and UM Account shortcodes. Empty pages issue
+  - Fixed: PHP errors in admin notices
+  - Fixed: PHP errors on UM Profile update when there is multiselect field
+  - Fixed: UM Form and UM Member Directories titles un-slashed. Please re-update the entities where you have extra-slashes
+  - Fixed: Maximum allowed words option for textarea where you may insert HTML tags. Ignore HTML tags symbols when count
+  - Fixed: Sanitize for fields (Min characters, Max characters, etc.) where can be empty string or absint value
+
+* Templates required update:
+
+  - profile.php
+
+* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade
 
 = 2.6.8: July 19, 2023 =
 
diff --git a/ultimate-member.php b/ultimate-member.php
index b62f1d8d..1366a2b5 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -1,13 +1,18 @@
 <?php
-/*
-Plugin Name: Ultimate Member
-Plugin URI: http://ultimatemember.com/
-Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.6.9
-Author: Ultimate Member
-Author URI: http://ultimatemember.com/
-Text Domain: ultimate-member
-*/
+/**
+ * Plugin Name: Ultimate Member
+ * Plugin URI: http://ultimatemember.com/
+ * Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
+ * Version: 2.6.9
+ * Author: Ultimate Member
+ * Author URI: http://ultimatemember.com/
+ * Text Domain: ultimate-member
+ * Domain Path: /languages
+ * Requires at least: 5.5
+ * Requires PHP: 5.6
+ *
+ * @package UM
+ */
 
 defined( 'ABSPATH' ) || exit;
 

From 2d5ab45c014245062d38c79c3ed504a82f3636b8 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 12:42:39 +0300
Subject: [PATCH 22/24] - added "Show/hide password button" option;

---
 includes/admin/core/class-admin-settings.php | 9 +++++++++
 includes/class-config.php                    | 1 +
 readme.txt                                   | 1 +
 3 files changed, 11 insertions(+)

diff --git a/includes/admin/core/class-admin-settings.php b/includes/admin/core/class-admin-settings.php
index d504b8c7..3a1bb03b 100644
--- a/includes/admin/core/class-admin-settings.php
+++ b/includes/admin/core/class-admin-settings.php
@@ -689,6 +689,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
 					'use_um_gravatar_default_image'         => array(
 						'sanitize' => 'bool',
 					),
+					'toggle_password'                       => array(
+						'sanitize' => 'bool',
+					),
 					'require_strongpass'                    => array(
 						'sanitize' => 'bool',
 					),
@@ -1088,6 +1091,12 @@ if ( ! class_exists( 'um\admin\core\Admin_Settings' ) ) {
 										'tooltip'     => __( 'Do you want to use the plugin default avatar instead of the gravatar default photo (If the user did not upload a custom profile photo / avatar)', 'ultimate-member' ),
 										'conditional' => array( 'use_um_gravatar_default_builtin_image', '=', 'default' ),
 									),
+									array(
+										'id'      => 'toggle_password',
+										'type'    => 'checkbox',
+										'label'   => __( 'Show/hide password button', 'ultimate-member' ),
+										'tooltip' => __( 'Enable visibility for show/hide password button for the password field-type.', 'ultimate-member' ),
+									),
 									array(
 										'id'      => 'require_strongpass',
 										'type'    => 'checkbox',
diff --git a/includes/class-config.php b/includes/class-config.php
index 4e7eb202..d7ce85bb 100644
--- a/includes/class-config.php
+++ b/includes/class-config.php
@@ -520,6 +520,7 @@ if ( ! class_exists( 'um\Config' ) ) {
 				'use_gravatars'                         => 0,
 				'use_um_gravatar_default_builtin_image' => 'default',
 				'use_um_gravatar_default_image'         => 0,
+				'toggle_password'                       => false,
 				'require_strongpass'                    => 0,
 				'password_min_chars'                    => 8,
 				'password_max_chars'                    => 30,
diff --git a/readme.txt b/readme.txt
index cf76f648..1527a497 100644
--- a/readme.txt
+++ b/readme.txt
@@ -171,6 +171,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 * Enhancements:
 
   - Added: Compatibility with UM:Stripe extension
+  - Added: Show/hide password button for toggle password visibility
 
 * Bugfixes:
 

From 886d4187058e6280f50a06485dc5b69674c191fb Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 13:22:22 +0300
Subject: [PATCH 23/24] - reviewed #1212 and manually merged it into
 development/2.6.9;

---
 assets/css/um-styles.css             |  79 ++++++++++-----
 assets/js/um-scripts.js              |  12 +++
 assets/js/um-scripts.min.js          |   2 +-
 includes/core/class-fields.php       |  39 ++++++--
 includes/core/um-actions-account.php | 138 +++++++++++++++++----------
 5 files changed, 185 insertions(+), 85 deletions(-)

diff --git a/assets/css/um-styles.css b/assets/css/um-styles.css
index 4db8e5e5..d107dea4 100644
--- a/assets/css/um-styles.css
+++ b/assets/css/um-styles.css
@@ -383,6 +383,32 @@ p.um-notice.warning a {
 	word-wrap: break-word;
 }
 
+.um-field-area-password {
+	position: relative;
+}
+
+.um-toggle-password {
+	cursor: pointer;
+	display: block;
+	position: absolute;
+	right: 0;
+	top: 0;
+	height: 100%;
+	width: 40px;
+	text-align: center;
+	box-sizing: border-box;
+	font-size: 20px;
+	line-height: 2;
+}
+
+.um-toggle-password i {
+	transition: all .2s linear;
+}
+
+.um-toggle-password:hover i {
+	color: #44b0ec;
+}
+
 .um-field-value p {
 	margin: 0 0 6px 0 !important;
 	padding: 0;
@@ -432,11 +458,11 @@ p.um-notice.warning a {
 	line-height: 1.7em;
 }
 
-.um-form input[type=text],
-.um-form input[type=search],
-.um-form input[type=tel],
-.um-form input[type=number],
-.um-form input[type=password] {
+.um-form input[type="text"],
+.um-form input[type="search"],
+.um-form input[type="tel"],
+.um-form input[type="number"],
+.um-form input[type="password"] {
 	padding: 0 12px !important;
 	width: 100%;
 	display: block !important;
@@ -451,32 +477,35 @@ p.um-notice.warning a {
 	box-shadow: none !important;
 	margin: 0 !important;
 	position: static;
-	outline: none !important;
 }
 
-.um-form input[type=number] {
+.um-form .um-field-area-password input[type="password"] {
+	padding-right: 40px !important;
+}
+
+.um-form input[type="number"] {
 	width: auto;
 	padding: 0 0 0 5px !important;
 	height: 30px !important;
 }
 
-.um-form input[type=text]:focus,
-.um-form input[type=search]:focus,
-.um-form input[type=tel]:focus,
-.um-form input[type=number]:focus,
-.um-form input[type=password]:focus,
+.um-form input[type="text"]:focus,
+.um-form input[type="search"]:focus,
+.um-form input[type="tel"]:focus,
+.um-form input[type="number"]:focus,
+.um-form input[type="password"]:focus,
 .um-form textarea:focus {
 	box-shadow: none !important;
 	outline: none !important;
 }
 
-.um-form input[type=text].um-iconed,
-.um-form input[type=tel].um-iconed,
-.um-form input[type=password].um-iconed { padding-left: 44px !important }
+.um-form input[type="text"].um-iconed,
+.um-form input[type="tel"].um-iconed,
+.um-form input[type="password"].um-iconed { padding-left: 44px !important }
 
-.um-form input[type=text].um-error,
-.um-form input[type=tel].um-error,
-.um-form input[type=password].um-error { border-color: #C74A4A !important }
+.um-form input[type="text"].um-error,
+.um-form input[type="tel"].um-error,
+.um-form input[type="password"].um-error { border-color: #C74A4A !important }
 
 .um-form textarea {
 	width: 100%;
@@ -633,15 +662,15 @@ p.um-notice.warning a {
 
 .um div.disabled,
 .um-disabled,
-.um input[type=submit]:disabled,
-.um input[type=text]:disabled,
-.um input[type=number]:disabled {
+.um input[type="submit"]:disabled,
+.um input[type="text"]:disabled,
+.um input[type="number"]:disabled {
 	opacity: 0.6 !important;
 	cursor: no-drop !important;
 }
 
-input[type=submit].um-button,
-input[type=submit].um-button:focus {
+input[type="submit"].um-button,
+input[type="submit"].um-button:focus {
 	vertical-align: middle !important;
 	height: auto !important;
 	font-size: 15px;
@@ -656,7 +685,7 @@ input[type=submit].um-button:focus {
 	-webkit-appearance: none;
 }
 
-input[type=submit].um-button:hover {
+input[type="submit"].um-button:hover {
 	opacity: 1;
 }
 
@@ -1098,4 +1127,4 @@ small.um-max-filesize span{
 .um-field-area .wp-switch-editor{
 	float: none;
 	height: auto;
-}
\ No newline at end of file
+}
diff --git a/assets/js/um-scripts.js b/assets/js/um-scripts.js
index 08cb66dd..51174c84 100644
--- a/assets/js/um-scripts.js
+++ b/assets/js/um-scripts.js
@@ -713,4 +713,16 @@ jQuery(document).ready(function() {
 		}
 	}
 
+	jQuery( document.body ).on('click', '.um-toggle-password', function (){
+		let parent = jQuery(this).closest('.um-field-area-password');
+		let passwordField = parent.find('input');
+		let type = passwordField.attr('type');
+		if ( 'text' === type ) {
+			passwordField.attr('type', 'password');
+			parent.find('i').toggleClass('um-icon-eye um-icon-eye-disabled');
+		} else {
+			passwordField.attr('type', 'text');
+			parent.find('i').toggleClass('um-icon-eye um-icon-eye-disabled');
+		}
+	});
 });
diff --git a/assets/js/um-scripts.min.js b/assets/js/um-scripts.min.js
index b215de80..f1753abd 100644
--- a/assets/js/um-scripts.min.js
+++ b/assets/js/um-scripts.min.js
@@ -1 +1 @@
-function um_sanitize_value(e,t){var a=document.createElement("div"),e=(a.innerText=e,a.innerHTML);return t&&jQuery(t).val(e),e}function um_unsanitize_value(e){var t=document.createElement("textarea");return t.innerHTML=e,0===t.childNodes.length?"":t.childNodes[0].nodeValue}function um_init_datetimepicker(){jQuery(".um-datepicker:not(.picker__input)").each(function(){var e=jQuery(this),t=!1,a=(void 0!==e.attr("data-disabled_weekdays")&&""!==e.attr("data-disabled_weekdays")&&(t=JSON.parse(e.attr("data-disabled_weekdays"))),null),i=(void 0!==e.attr("data-years")&&(a=e.attr("data-years")),e.attr("data-date_min")),n=e.attr("data-date_max"),r=[],u=[],i=(void 0!==i&&(r=i.split(",")),void 0!==n&&(u=n.split(",")),r.length?new Date(r):null),n=r.length?new Date(u):null,u=(i&&"Invalid Date"==i.toString()&&3==r.length&&(r=r[1]+"/"+r[2]+"/"+r[0],i=new Date(Date.parse(r))),n&&"Invalid Date"==n.toString()&&3==u.length&&(r=u[1]+"/"+u[2]+"/"+u[0],n=new Date(Date.parse(r))),{disable:t,format:e.attr("data-format"),formatSubmit:"yyyy/mm/dd",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}});null!==a&&(u.selectYears=a),null!==i&&(u.min=i),null!==n&&(u.max=n),e.pickadate(u)}),jQuery(".um-timepicker:not(.picker__input)").each(function(){var e=jQuery(this);e.pickatime({format:e.attr("data-format"),interval:parseInt(e.attr("data-intervals")),formatSubmit:"HH:i",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}})})}function init_tipsy(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy({gravity:"n",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-w").tipsy({gravity:"w",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-e").tipsy({gravity:"e",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-s").tipsy({gravity:"s",opacity:1,live:"a.live",offset:3}))}jQuery(document).ready(function(){function i(e){var a=jQuery(e.currentTarget),e=a.find(":selected");1<e.length&&e.each(function(e,t){""===t.value&&(t.selected=!1,a.trigger("change"))})}jQuery(document.body).on("click",".um-dropdown a.real_url",function(){window.location=jQuery(this).attr("href")}),jQuery(document.body).on("click",".um-trigger-menu-on-click",function(){var e=jQuery(this).find(".um-dropdown");return UM.dropdown.show(e),!1}),jQuery(document.body).on("click",".um-dropdown-hide",function(){return UM.dropdown.hideAll(),!1}),jQuery(document.body).on("click","a.um-manual-trigger",function(){var e=jQuery(this).attr("data-child"),t=jQuery(this).attr("data-parent");return jQuery(this).parents(t).find(e).trigger("click"),UM.dropdown.hideAll(),!1}),jQuery(".um-s1,.um-s2").css({display:"block"}),"function"==typeof jQuery.fn.select2&&(jQuery(".um-s1").each(function(e){var t=jQuery(this);t.select2({allowClear:!0,dropdownParent:t.parent()}).on("change",i)}),jQuery(".um-s2").each(function(e){var t=jQuery(this),a={},a=t.parents(".um-custom-shortcode-tab").length?{allowClear:!1}:{allowClear:!1,minimumResultsForSearch:10,dropdownParent:t.parent()};t.select2(a).on("change",i)}),jQuery(".um-s3").each(function(e){var t=jQuery(this);t.select2({allowClear:!1,minimumResultsForSearch:-1,dropdownParent:t.parent()}).on("change",i)})),init_tipsy(),"function"==typeof jQuery.fn.um_raty&&(jQuery(".um-rating").um_raty({half:!1,starType:"i",number:function(){return jQuery(this).attr("data-number")},score:function(){return jQuery(this).attr("data-score")},scoreName:function(){return jQuery(this).attr("data-key")},hints:!1,click:function(e,t){um_live_field=this.id,um_live_value=e,um_apply_conditions(jQuery(this),!1)}}),jQuery(".um-rating-readonly").um_raty({half:!1,starType:"i",number:function(){return jQuery(this).attr("data-number")},score:function(){return jQuery(this).attr("data-score")},scoreName:function(){return jQuery(this).attr("data-key")},hints:!1,readOnly:!0})),jQuery(document).on("change",'.um-field-area input[type="radio"]',function(){var e=jQuery(this).parents(".um-field-area"),t=jQuery(this).parents("label");e.find(".um-field-radio").removeClass("active"),e.find(".um-field-radio").find("i").removeAttr("class").addClass("um-icon-android-radio-button-off"),t.addClass("active"),t.find("i").removeAttr("class").addClass("um-icon-android-radio-button-on")}),jQuery(document).on("change",'.um-field-area input[type="checkbox"]',function(){var e=jQuery(this).parents("label");e.hasClass("active")?(e.removeClass("active"),e.find("i").removeAttr("class").addClass("um-icon-android-checkbox-outline-blank")):(e.addClass("active"),e.find("i").removeAttr("class").addClass("um-icon-android-checkbox-outline"))}),um_init_datetimepicker(),jQuery(document).on("click",".um .um-single-image-preview a.cancel",function(e){e.preventDefault();var t=jQuery(this).parents(".um-field"),e=t.find('input[type="hidden"]#'+t.data("key")+"-"+jQuery(this).parents("form").find('input[type="hidden"][name="form_id"]').val()).val(),a=jQuery(this).parents(".um-field").find(".um-single-image-preview img").attr("src"),i=t.data("mode"),e={data:{mode:i,filename:e,src:a,nonce:um_scripts.nonce},success:function(){t.find(".um-single-image-preview img").attr("src",""),t.find(".um-single-image-preview").hide(),t.find(".um-btn-auto-width").html(t.data("upload-label")),t.find('input[type="hidden"]').val("empty_file")}};return"register"!==i&&(e.data.user_id=jQuery(this).parents("form").find("#user_id").val()),wp.ajax.send("um_remove_file",e),!1}),jQuery(document).on("click",".um .um-single-file-preview a.cancel",function(e){e.preventDefault();var t=jQuery(this).parents(".um-field"),e=t.find('input[type="hidden"]#'+t.data("key")+"-"+jQuery(this).parents("form").find('input[type="hidden"][name="form_id"]').val()).val(),a=jQuery(this).parents(".um-field").find(".um-single-fileinfo a").attr("href"),i=t.data("mode"),e={data:{mode:i,filename:e,src:a,nonce:um_scripts.nonce},success:function(){t.find(".um-single-file-preview").hide(),t.find(".um-btn-auto-width").html(t.data("upload-label")),t.find("input[type=hidden]").val("empty_file")}};return"register"!==i&&(e.data.user_id=jQuery(this).parents("form").find("#user_id").val()),wp.ajax.send("um_remove_file",e),!1}),jQuery(document).on("click",".um-field-group-head:not(.disabled)",function(){var e=jQuery(this).parents(".um-field-group"),t=e.data("max_entries"),a=(e.find(".um-field-group-body").is(":hidden")?e.find(".um-field-group-body").show():e.find(".um-field-group-body:first").clone().appendTo(e),0);e.find(".um-field-group-body").each(function(){a++,jQuery(this).find("input").each(function(){var e=jQuery(this);e.attr("id",e.data("key")+"-"+a),e.attr("name",e.data("key")+"-"+a),e.parent().parent().find("label").attr("for",e.data("key")+"-"+a)})}),0<t&&e.find(".um-field-group-body").length==t&&jQuery(this).addClass("disabled")}),jQuery(document).on("click",".um-field-group-cancel",function(e){e.preventDefault();var e=jQuery(this).parents(".um-field-group"),t=e.data("max_entries");return 1<e.find(".um-field-group-body").length?jQuery(this).parents(".um-field-group-body").remove():jQuery(this).parents(".um-field-group-body").hide(),0<t&&e.find(".um-field-group-body").length<t&&e.find(".um-field-group-head").removeClass("disabled"),!1}),jQuery(document.body).on("click",".um-ajax-paginate",function(e){e.preventDefault();var t,a,i=jQuery(this),n=i.parent(),r=(n.addClass("loading"),+i.data("pages")),u=+i.data("page")+1,e=i.data("hook");"um_load_posts"===e?jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate_posts",author:jQuery(this).data("author"),page:u,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.before(e),u==r?n.remove():i.data("page",u)}}):"um_load_comments"===e?jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate_comments",user_id:jQuery(this).data("user_id"),page:u,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.before(e),u==r?n.remove():i.data("page",u)}}):(t=jQuery(this).data("args"),a=jQuery(this).parents(".um").find(".um-ajax-items"),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate",hook:e,args:t,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.remove(),a.append(e)}}))}),jQuery(document).on("click",".um-ajax-action",function(e){e.preventDefault();var t=jQuery(this).data("hook"),a=jQuery(this).data("user_id"),arguments=jQuery(this).data("arguments");return jQuery(this).data("js-remove")&&jQuery(this).parents("."+jQuery(this).data("js-remove")).fadeOut("fast"),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_muted_action",hook:t,user_id:a,arguments:arguments,nonce:um_scripts.nonce},success:function(e){}}),!1}),jQuery(document.body).on("click","#um-search-button",function(){var e,t=jQuery(this).parents(".um-search-form").data("members_page"),a=[],i=(jQuery(this).parents(".um-search-form").find('input[name="um-search-keys[]"]').each(function(){a.push(jQuery(this).val())}),jQuery(this).parents(".um-search-form").find(".um-search-field").val());if(""===i)e=t;else{for(var n="?",r=0;r<a.length;r++)n+=a[r]+"="+i,r!==a.length-1&&(n+="&");e=t+n}window.location=e}),jQuery(document.body).on("keypress",".um-search-field",function(e){if(13===e.which){var t,e=jQuery(this).parents(".um-search-form").data("members_page"),a=[],i=(jQuery(this).parents(".um-search-form").find('input[name="um-search-keys[]"]').each(function(){a.push(jQuery(this).val())}),jQuery(this).val());if(""===i)t=e;else{for(var n="?",r=0;r<a.length;r++)n+=a[r]+"="+i,r!==a.length-1&&(n+="&");t=e+n}window.location=t}}),jQuery('.um-form input[class="um-button"][type="submit"]').prop("disabled",!1),jQuery(document).one("click",'.um:not(.um-account) .um-form input[class="um-button"][type="submit"]:not(.um-has-recaptcha)',function(){jQuery(this).attr("disabled","disabled"),jQuery(this).parents("form").trigger("submit")});var o={};function d(t,e,a){var i,n,r=t.parents(".um-directory"),u=t.attr("name"),o=(t.find('option[value!=""]').remove(),t.hasClass("um-child-option-disabled")||t.prop("disabled",!1),[]);"yes"===e.post.members_directory&&o.push({id:"",text:"",selected:1}),jQuery.each(e.items,function(e,t){o.push({id:e,text:t,selected:""===t})}),t.select2("destroy"),t.select2({data:o,allowClear:!0,minimumResultsForSearch:10}),"yes"===e.post.members_directory&&(t.find("option").each(function(){""!==jQuery(this).html()&&jQuery(this).data("value_label",jQuery(this).html()).attr("data-value_label",jQuery(this).html())}),void 0!==(i=um_get_data_for_directory(r,"filter_"+u))&&(i=i.split("||"),n=[],jQuery.each(i,function(e){t.find('option[value="'+i[e]+'"]').length&&n.push(i[e]),t.find('option[value="'+i[e]+'"]').prop("disabled",!0).hide(),1===t.find("option:not(:disabled)").length&&t.prop("disabled",!0),t.select2("destroy").select2(),t.val("").trigger("change")}),n=n.join("||"),i!==n)&&(um_set_url_from_data(r,"filter_"+u,n),um_ajax_get_members(r)),um_change_tag(r)),"yes"!==e.post.members_directory&&(void 0===e.field.default||t.data("um-original-value")?""!==t.data("um-original-value")&&t.val(t.data("um-original-value")).trigger("change"):t.val(e.field.default).trigger("change"),0==e.field.editable)&&(t.addClass("um-child-option-disabled"),t.attr("disabled","disabled"))}jQuery("select[data-um-parent]").each(function(){var n=jQuery(this),r=n.data("um-parent"),u=n.data("um-ajax-source");n.attr("data-um-init-field",!0),jQuery(document).on("change",'select[name="'+r+'"]',function(){var e,t,a=jQuery(this),i=a.closest("form").find('input[type="hidden"][name="form_id"]').val();if(void 0!==(t="yes"===n.attr("data-member-directory")?(e=a.parents(".um-directory"),void 0!==(t=um_get_data_for_directory(e,"filter_"+r))?t.split("||"):""):a.val())&&""!==t&&"object"!=typeof o[t]){if(void 0!==n.um_wait&&!1!==n.um_wait)return;n.um_wait=!0,jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_select_options",parent_option_name:r,parent_option:t,child_callback:u,child_name:n.attr("name"),members_directory:n.attr("data-member-directory"),form_id:i,nonce:um_scripts.nonce},success:function(e){"success"===e.status&&""!==t&&d(n,o[t]=e),void 0!==e.debug&&console.log(e),n.um_wait=!1},error:function(e){console.log(e),n.um_wait=!1}})}void 0!==t&&""!==t&&"object"==typeof o[t]&&setTimeout(d,10,n,o[t],t),void 0===t&&""!==t||(n.find('option[value!=""]').remove(),n.val("").trigger("change"))}),jQuery('select[name="'+r+'"]').trigger("change")})});
\ No newline at end of file
+function um_sanitize_value(e,t){var a=document.createElement("div"),e=(a.innerText=e,a.innerHTML);return t&&jQuery(t).val(e),e}function um_unsanitize_value(e){var t=document.createElement("textarea");return t.innerHTML=e,0===t.childNodes.length?"":t.childNodes[0].nodeValue}function um_init_datetimepicker(){jQuery(".um-datepicker:not(.picker__input)").each(function(){var e=jQuery(this),t=!1,a=(void 0!==e.attr("data-disabled_weekdays")&&""!==e.attr("data-disabled_weekdays")&&(t=JSON.parse(e.attr("data-disabled_weekdays"))),null),i=(void 0!==e.attr("data-years")&&(a=e.attr("data-years")),e.attr("data-date_min")),n=e.attr("data-date_max"),r=[],u=[],i=(void 0!==i&&(r=i.split(",")),void 0!==n&&(u=n.split(",")),r.length?new Date(r):null),n=r.length?new Date(u):null,u=(i&&"Invalid Date"==i.toString()&&3==r.length&&(r=r[1]+"/"+r[2]+"/"+r[0],i=new Date(Date.parse(r))),n&&"Invalid Date"==n.toString()&&3==u.length&&(r=u[1]+"/"+u[2]+"/"+u[0],n=new Date(Date.parse(r))),{disable:t,format:e.attr("data-format"),formatSubmit:"yyyy/mm/dd",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}});null!==a&&(u.selectYears=a),null!==i&&(u.min=i),null!==n&&(u.max=n),e.pickadate(u)}),jQuery(".um-timepicker:not(.picker__input)").each(function(){var e=jQuery(this);e.pickatime({format:e.attr("data-format"),interval:parseInt(e.attr("data-intervals")),formatSubmit:"HH:i",hiddenName:!0,onOpen:function(){e.blur()},onClose:function(){e.blur()}})})}function init_tipsy(){"function"==typeof jQuery.fn.tipsy&&(jQuery(".um-tip-n").tipsy({gravity:"n",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-w").tipsy({gravity:"w",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-e").tipsy({gravity:"e",opacity:1,live:"a.live",offset:3}),jQuery(".um-tip-s").tipsy({gravity:"s",opacity:1,live:"a.live",offset:3}))}jQuery(document).ready(function(){function i(e){var a=jQuery(e.currentTarget),e=a.find(":selected");1<e.length&&e.each(function(e,t){""===t.value&&(t.selected=!1,a.trigger("change"))})}jQuery(document.body).on("click",".um-dropdown a.real_url",function(){window.location=jQuery(this).attr("href")}),jQuery(document.body).on("click",".um-trigger-menu-on-click",function(){var e=jQuery(this).find(".um-dropdown");return UM.dropdown.show(e),!1}),jQuery(document.body).on("click",".um-dropdown-hide",function(){return UM.dropdown.hideAll(),!1}),jQuery(document.body).on("click","a.um-manual-trigger",function(){var e=jQuery(this).attr("data-child"),t=jQuery(this).attr("data-parent");return jQuery(this).parents(t).find(e).trigger("click"),UM.dropdown.hideAll(),!1}),jQuery(".um-s1,.um-s2").css({display:"block"}),"function"==typeof jQuery.fn.select2&&(jQuery(".um-s1").each(function(e){var t=jQuery(this);t.select2({allowClear:!0,dropdownParent:t.parent()}).on("change",i)}),jQuery(".um-s2").each(function(e){var t=jQuery(this),a={},a=t.parents(".um-custom-shortcode-tab").length?{allowClear:!1}:{allowClear:!1,minimumResultsForSearch:10,dropdownParent:t.parent()};t.select2(a).on("change",i)}),jQuery(".um-s3").each(function(e){var t=jQuery(this);t.select2({allowClear:!1,minimumResultsForSearch:-1,dropdownParent:t.parent()}).on("change",i)})),init_tipsy(),"function"==typeof jQuery.fn.um_raty&&(jQuery(".um-rating").um_raty({half:!1,starType:"i",number:function(){return jQuery(this).attr("data-number")},score:function(){return jQuery(this).attr("data-score")},scoreName:function(){return jQuery(this).attr("data-key")},hints:!1,click:function(e,t){um_live_field=this.id,um_live_value=e,um_apply_conditions(jQuery(this),!1)}}),jQuery(".um-rating-readonly").um_raty({half:!1,starType:"i",number:function(){return jQuery(this).attr("data-number")},score:function(){return jQuery(this).attr("data-score")},scoreName:function(){return jQuery(this).attr("data-key")},hints:!1,readOnly:!0})),jQuery(document).on("change",'.um-field-area input[type="radio"]',function(){var e=jQuery(this).parents(".um-field-area"),t=jQuery(this).parents("label");e.find(".um-field-radio").removeClass("active"),e.find(".um-field-radio").find("i").removeAttr("class").addClass("um-icon-android-radio-button-off"),t.addClass("active"),t.find("i").removeAttr("class").addClass("um-icon-android-radio-button-on")}),jQuery(document).on("change",'.um-field-area input[type="checkbox"]',function(){var e=jQuery(this).parents("label");e.hasClass("active")?(e.removeClass("active"),e.find("i").removeAttr("class").addClass("um-icon-android-checkbox-outline-blank")):(e.addClass("active"),e.find("i").removeAttr("class").addClass("um-icon-android-checkbox-outline"))}),um_init_datetimepicker(),jQuery(document).on("click",".um .um-single-image-preview a.cancel",function(e){e.preventDefault();var t=jQuery(this).parents(".um-field"),e=t.find('input[type="hidden"]#'+t.data("key")+"-"+jQuery(this).parents("form").find('input[type="hidden"][name="form_id"]').val()).val(),a=jQuery(this).parents(".um-field").find(".um-single-image-preview img").attr("src"),i=t.data("mode"),e={data:{mode:i,filename:e,src:a,nonce:um_scripts.nonce},success:function(){t.find(".um-single-image-preview img").attr("src",""),t.find(".um-single-image-preview").hide(),t.find(".um-btn-auto-width").html(t.data("upload-label")),t.find('input[type="hidden"]').val("empty_file")}};return"register"!==i&&(e.data.user_id=jQuery(this).parents("form").find("#user_id").val()),wp.ajax.send("um_remove_file",e),!1}),jQuery(document).on("click",".um .um-single-file-preview a.cancel",function(e){e.preventDefault();var t=jQuery(this).parents(".um-field"),e=t.find('input[type="hidden"]#'+t.data("key")+"-"+jQuery(this).parents("form").find('input[type="hidden"][name="form_id"]').val()).val(),a=jQuery(this).parents(".um-field").find(".um-single-fileinfo a").attr("href"),i=t.data("mode"),e={data:{mode:i,filename:e,src:a,nonce:um_scripts.nonce},success:function(){t.find(".um-single-file-preview").hide(),t.find(".um-btn-auto-width").html(t.data("upload-label")),t.find("input[type=hidden]").val("empty_file")}};return"register"!==i&&(e.data.user_id=jQuery(this).parents("form").find("#user_id").val()),wp.ajax.send("um_remove_file",e),!1}),jQuery(document).on("click",".um-field-group-head:not(.disabled)",function(){var e=jQuery(this).parents(".um-field-group"),t=e.data("max_entries"),a=(e.find(".um-field-group-body").is(":hidden")?e.find(".um-field-group-body").show():e.find(".um-field-group-body:first").clone().appendTo(e),0);e.find(".um-field-group-body").each(function(){a++,jQuery(this).find("input").each(function(){var e=jQuery(this);e.attr("id",e.data("key")+"-"+a),e.attr("name",e.data("key")+"-"+a),e.parent().parent().find("label").attr("for",e.data("key")+"-"+a)})}),0<t&&e.find(".um-field-group-body").length==t&&jQuery(this).addClass("disabled")}),jQuery(document).on("click",".um-field-group-cancel",function(e){e.preventDefault();var e=jQuery(this).parents(".um-field-group"),t=e.data("max_entries");return 1<e.find(".um-field-group-body").length?jQuery(this).parents(".um-field-group-body").remove():jQuery(this).parents(".um-field-group-body").hide(),0<t&&e.find(".um-field-group-body").length<t&&e.find(".um-field-group-head").removeClass("disabled"),!1}),jQuery(document.body).on("click",".um-ajax-paginate",function(e){e.preventDefault();var t,a,i=jQuery(this),n=i.parent(),r=(n.addClass("loading"),+i.data("pages")),u=+i.data("page")+1,e=i.data("hook");"um_load_posts"===e?jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate_posts",author:jQuery(this).data("author"),page:u,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.before(e),u==r?n.remove():i.data("page",u)}}):"um_load_comments"===e?jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate_comments",user_id:jQuery(this).data("user_id"),page:u,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.before(e),u==r?n.remove():i.data("page",u)}}):(t=jQuery(this).data("args"),a=jQuery(this).parents(".um").find(".um-ajax-items"),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_ajax_paginate",hook:e,args:t,nonce:um_scripts.nonce},complete:function(){n.removeClass("loading")},success:function(e){n.remove(),a.append(e)}}))}),jQuery(document).on("click",".um-ajax-action",function(e){e.preventDefault();var t=jQuery(this).data("hook"),a=jQuery(this).data("user_id"),arguments=jQuery(this).data("arguments");return jQuery(this).data("js-remove")&&jQuery(this).parents("."+jQuery(this).data("js-remove")).fadeOut("fast"),jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_muted_action",hook:t,user_id:a,arguments:arguments,nonce:um_scripts.nonce},success:function(e){}}),!1}),jQuery(document.body).on("click","#um-search-button",function(){var e,t=jQuery(this).parents(".um-search-form").data("members_page"),a=[],i=(jQuery(this).parents(".um-search-form").find('input[name="um-search-keys[]"]').each(function(){a.push(jQuery(this).val())}),jQuery(this).parents(".um-search-form").find(".um-search-field").val());if(""===i)e=t;else{for(var n="?",r=0;r<a.length;r++)n+=a[r]+"="+i,r!==a.length-1&&(n+="&");e=t+n}window.location=e}),jQuery(document.body).on("keypress",".um-search-field",function(e){if(13===e.which){var t,e=jQuery(this).parents(".um-search-form").data("members_page"),a=[],i=(jQuery(this).parents(".um-search-form").find('input[name="um-search-keys[]"]').each(function(){a.push(jQuery(this).val())}),jQuery(this).val());if(""===i)t=e;else{for(var n="?",r=0;r<a.length;r++)n+=a[r]+"="+i,r!==a.length-1&&(n+="&");t=e+n}window.location=t}}),jQuery('.um-form input[class="um-button"][type="submit"]').prop("disabled",!1),jQuery(document).one("click",'.um:not(.um-account) .um-form input[class="um-button"][type="submit"]:not(.um-has-recaptcha)',function(){jQuery(this).attr("disabled","disabled"),jQuery(this).parents("form").trigger("submit")});var o={};function d(t,e,a){var i,n,r=t.parents(".um-directory"),u=t.attr("name"),o=(t.find('option[value!=""]').remove(),t.hasClass("um-child-option-disabled")||t.prop("disabled",!1),[]);"yes"===e.post.members_directory&&o.push({id:"",text:"",selected:1}),jQuery.each(e.items,function(e,t){o.push({id:e,text:t,selected:""===t})}),t.select2("destroy"),t.select2({data:o,allowClear:!0,minimumResultsForSearch:10}),"yes"===e.post.members_directory&&(t.find("option").each(function(){""!==jQuery(this).html()&&jQuery(this).data("value_label",jQuery(this).html()).attr("data-value_label",jQuery(this).html())}),void 0!==(i=um_get_data_for_directory(r,"filter_"+u))&&(i=i.split("||"),n=[],jQuery.each(i,function(e){t.find('option[value="'+i[e]+'"]').length&&n.push(i[e]),t.find('option[value="'+i[e]+'"]').prop("disabled",!0).hide(),1===t.find("option:not(:disabled)").length&&t.prop("disabled",!0),t.select2("destroy").select2(),t.val("").trigger("change")}),n=n.join("||"),i!==n)&&(um_set_url_from_data(r,"filter_"+u,n),um_ajax_get_members(r)),um_change_tag(r)),"yes"!==e.post.members_directory&&(void 0===e.field.default||t.data("um-original-value")?""!==t.data("um-original-value")&&t.val(t.data("um-original-value")).trigger("change"):t.val(e.field.default).trigger("change"),0==e.field.editable)&&(t.addClass("um-child-option-disabled"),t.attr("disabled","disabled"))}jQuery("select[data-um-parent]").each(function(){var n=jQuery(this),r=n.data("um-parent"),u=n.data("um-ajax-source");n.attr("data-um-init-field",!0),jQuery(document).on("change",'select[name="'+r+'"]',function(){var e,t,a=jQuery(this),i=a.closest("form").find('input[type="hidden"][name="form_id"]').val();if(void 0!==(t="yes"===n.attr("data-member-directory")?(e=a.parents(".um-directory"),void 0!==(t=um_get_data_for_directory(e,"filter_"+r))?t.split("||"):""):a.val())&&""!==t&&"object"!=typeof o[t]){if(void 0!==n.um_wait&&!1!==n.um_wait)return;n.um_wait=!0,jQuery.ajax({url:wp.ajax.settings.url,type:"post",data:{action:"um_select_options",parent_option_name:r,parent_option:t,child_callback:u,child_name:n.attr("name"),members_directory:n.attr("data-member-directory"),form_id:i,nonce:um_scripts.nonce},success:function(e){"success"===e.status&&""!==t&&d(n,o[t]=e),void 0!==e.debug&&console.log(e),n.um_wait=!1},error:function(e){console.log(e),n.um_wait=!1}})}void 0!==t&&""!==t&&"object"==typeof o[t]&&setTimeout(d,10,n,o[t],t),void 0===t&&""!==t||(n.find('option[value!=""]').remove(),n.val("").trigger("change"))}),jQuery('select[name="'+r+'"]').trigger("change")}),jQuery(document.body).on("click",".um-toggle-password",function(){var e=jQuery(this).closest(".um-field-area-password"),t=e.find("input");"text"===t.attr("type")?t.attr("type","password"):t.attr("type","text"),e.find("i").toggleClass("um-icon-eye um-icon-eye-disabled")})});
\ No newline at end of file
diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index a9510b69..c901eeec 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -2437,9 +2437,17 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 						$field_name  = $key . $form_suffix;
 						$field_value = $this->field_value( $key, $default, $data );
 
-						$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
+						if ( UM()->options()->get( 'toggle_password' ) ) {
+							$output .= '<div class="um-field-area-password">
+									<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
+									<span class="um-toggle-password"><i class="um-icon-eye"></i></span>
+								</div>
+							</div>';
+						} else {
+							$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
 
 							</div>';
+						}
 
 						if ( $this->is_error( $key ) ) {
 							$output .= $this->field_error( $this->show_error( $key ) );
@@ -2467,9 +2475,17 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 							$field_name  = $key . $form_suffix;
 							$field_value = $this->field_value( $key, $default, $data );
 
-							$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
+							if ( UM()->options()->get( 'toggle_password' ) ) {
+								$output .= '<div class="um-field-area-password">
+										<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
+										<span class="um-toggle-password"><i class="um-icon-eye"></i></span>
+									</div>
+								</div>';
+							} else {
+								$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $field_name ) . '" id="' . esc_attr( $field_name ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
 
 								</div>';
+							}
 
 							if ( $this->is_error( $key ) ) {
 								$output .= $this->field_error( $this->show_error( $key ) );
@@ -2507,10 +2523,17 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 						}
 
 						$field_value = $this->field_value( $key, $default, $data );
+						if ( UM()->options()->get( 'toggle_password' ) ) {
+							$output .= '<div class="um-field-area-password">
+									<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
+									<span class="um-toggle-password"><i class="um-icon-eye"></i></span>
+								</div>
+							</div>';
+						} else {
+							$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
 
-						$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $field_value ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />
-
-						</div>';
+							</div>';
+						}
 
 						if ( $this->is_error( $key ) ) {
 							$output .= $this->field_error( $this->show_error( $key ) );
@@ -2555,7 +2578,11 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 								$placeholder = sprintf( __( 'Confirm %s', 'ultimate-member' ), $data['label'] );
 							}
 
-							$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $this->field_value( $key, $default, $data ) ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />';
+							if ( UM()->options()->get( 'toggle_password' ) ) {
+								$output .= '<div class="um-field-area-password"><input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $this->field_value( $key, $default, $data ) ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" /><span class="um-toggle-password"><i class="um-icon-eye"></i></span></div>';
+							} else {
+								$output .= '<input class="' . esc_attr( $this->get_class( $key, $data ) ) . '" type="' . esc_attr( $input ) . '" name="' . esc_attr( $name ) . '" id="' . esc_attr( $key . $form_suffix ) . '" value="' . esc_attr( $this->field_value( $key, $default, $data ) ) . '" placeholder="' . esc_attr( $placeholder ) . '" data-validate="' . esc_attr( $validate ) . '" data-key="' . esc_attr( $key ) . '" />';
+							}
 
 							$output .= '</div>';
 
diff --git a/includes/core/um-actions-account.php b/includes/core/um-actions-account.php
index 1a10a6ca..9d4c4e02 100644
--- a/includes/core/um-actions-account.php
+++ b/includes/core/um-actions-account.php
@@ -1,8 +1,8 @@
-<?php if ( ! defined( 'ABSPATH' ) ) {
+<?php
+if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 
-
 /**
  * Validate for errors in account form
  *
@@ -588,55 +588,71 @@ function um_after_account_privacy( $args ) {
 			<label>
 				<?php esc_html_e( 'Download your data', 'ultimate-member' ); ?>
 			</label>
-			<span class="um-tip um-tip-<?php echo is_rtl() ? 'e' : 'w' ?>" original-title="<?php esc_attr_e( 'You can request a file with the information that we believe is most relevant and useful to you.', 'ultimate-member' ); ?>">
+			<span class="um-tip um-tip-<?php echo is_rtl() ? 'e' : 'w'; ?>" title="<?php esc_attr_e( 'You can request a file with the information that we believe is most relevant and useful to you.', 'ultimate-member' ); ?>">
 				<i class="um-icon-help-circled"></i>
 			</span>
 			<div class="um-clear"></div>
 		</div>
-		<?php $completed = $wpdb->get_row(
-			"SELECT ID
-			FROM $wpdb->posts
-			WHERE post_author = $user_id AND
-			      post_type = 'user_request' AND
-			      post_name = 'export_personal_data' AND
-			      post_status = 'request-completed'
-			ORDER BY ID DESC
-			LIMIT 1",
-		ARRAY_A );
+		<?php
+		$completed = $wpdb->get_row(
+			$wpdb->prepare(
+				"SELECT ID
+				FROM $wpdb->posts
+				WHERE post_author = %d AND
+					  post_type = 'user_request' AND
+					  post_name = 'export_personal_data' AND
+					  post_status = 'request-completed'
+				ORDER BY ID DESC
+				LIMIT 1",
+				$user_id
+			),
+			ARRAY_A
+		);
 
 		if ( ! empty( $completed ) ) {
 
 			$exports_url = wp_privacy_exports_url();
 
 			echo '<p>' . esc_html__( 'You could download your previous data:', 'ultimate-member' ) . '</p>';
-			echo '<a href="'.esc_attr( $exports_url . get_post_meta( $completed['ID'], '_export_file_name', true ) ) . '">' . esc_html__( 'Download Personal Data', 'ultimate-member' ) . '</a>';
+			echo '<a href="' . esc_attr( $exports_url . get_post_meta( $completed['ID'], '_export_file_name', true ) ) . '">' . esc_html__( 'Download Personal Data', 'ultimate-member' ) . '</a>';
 			echo '<p>' . esc_html__( 'You could send a new request for an export of personal your data.', 'ultimate-member' ) . '</p>';
 
 		}
 
 		$pending = $wpdb->get_row(
-			"SELECT ID, post_status
-			FROM $wpdb->posts
-			WHERE post_author = $user_id AND
-			      post_type = 'user_request' AND
-			      post_name = 'export_personal_data' AND
-			      post_status != 'request-completed'
-			ORDER BY ID DESC
-			LIMIT 1",
-		ARRAY_A );
+			$wpdb->prepare(
+				"SELECT ID, post_status
+				FROM $wpdb->posts
+				WHERE post_author = %d AND
+					  post_type = 'user_request' AND
+					  post_name = 'export_personal_data' AND
+					  post_status != 'request-completed'
+				ORDER BY ID DESC
+				LIMIT 1",
+				$user_id
+			),
+			ARRAY_A
+		);
 
-		if ( ! empty( $pending ) && $pending['post_status'] == 'request-pending' ) {
+		if ( ! empty( $pending ) && 'request-pending' === $pending['post_status'] ) {
 			echo '<p>' . esc_html__( 'A confirmation email has been sent to your email. Click the link within the email to confirm your export request.', 'ultimate-member' ) . '</p>';
-		} elseif ( ! empty( $pending ) && $pending['post_status'] == 'request-confirmed' ) {
+		} elseif ( ! empty( $pending ) && 'request-confirmed' === $pending['post_status'] ) {
 			echo '<p>' . esc_html__( 'The administrator has not yet approved downloading the data. Please expect an email with a link to your data.', 'ultimate-member' ) . '</p>';
 		} else {
-			if ( UM()->account()->current_password_is_required( 'privacy_download_data' ) ) { ?>
-
+			if ( UM()->account()->current_password_is_required( 'privacy_download_data' ) ) {
+				?>
 				<label name="um-export-data">
 					<?php esc_html_e( 'Enter your current password to confirm a new export of your personal data.', 'ultimate-member' ); ?>
 				</label>
 				<div class="um-field-area">
-					<input id="um-export-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' )?>">
+					<?php if ( UM()->options()->get( 'toggle_password' ) ) { ?>
+						<div class="um-field-area-password">
+							<input id="um-export-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' ); ?>">
+							<span class="um-toggle-password"><i class="um-icon-eye"></i></span>
+						</div>
+					<?php } else { ?>
+						<input id="um-export-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' ); ?>">
+					<?php } ?>
 					<div class="um-field-error um-export-data">
 						<span class="um-field-arrow"><i class="um-faicon-caret-up"></i></span><?php esc_html_e( 'You must enter a password', 'ultimate-member' ); ?>
 					</div>
@@ -664,22 +680,27 @@ function um_after_account_privacy( $args ) {
 			<label>
 				<?php esc_html_e( 'Erase of your data', 'ultimate-member' ); ?>
 			</label>
-			<span class="um-tip um-tip-<?php echo is_rtl() ? 'e' : 'w' ?>" original-title="<?php esc_attr_e( 'You can request erasing of the data that we have about you.', 'ultimate-member' ); ?>">
+			<span class="um-tip um-tip-<?php echo is_rtl() ? 'e' : 'w'; ?>" title="<?php esc_attr_e( 'You can request erasing of the data that we have about you.', 'ultimate-member' ); ?>">
 				<i class="um-icon-help-circled"></i>
 			</span>
 			<div class="um-clear"></div>
 		</div>
 
-		<?php $completed = $wpdb->get_row(
-			"SELECT ID
-			FROM $wpdb->posts
-			WHERE post_author = $user_id AND
-			      post_type = 'user_request' AND
-			      post_name = 'remove_personal_data' AND
-			      post_status = 'request-completed'
-			ORDER BY ID DESC
-			LIMIT 1",
-		ARRAY_A );
+		<?php
+		$completed = $wpdb->get_row(
+			$wpdb->prepare(
+				"SELECT ID
+				FROM $wpdb->posts
+				WHERE post_author = %d AND
+					  post_type = 'user_request' AND
+					  post_name = 'remove_personal_data' AND
+					  post_status = 'request-completed'
+				ORDER BY ID DESC
+				LIMIT 1",
+				$user_id
+			),
+			ARRAY_A
+		);
 
 		if ( ! empty( $completed ) ) {
 
@@ -689,26 +710,37 @@ function um_after_account_privacy( $args ) {
 		}
 
 		$pending = $wpdb->get_row(
-			"SELECT ID, post_status
-			FROM $wpdb->posts
-			WHERE post_author = $user_id AND
-			      post_type = 'user_request' AND
-			      post_name = 'remove_personal_data' AND
-			      post_status != 'request-completed'
-			ORDER BY ID DESC
-			LIMIT 1",
-		ARRAY_A );
+			$wpdb->prepare(
+				"SELECT ID, post_status
+				FROM $wpdb->posts
+				WHERE post_author = %d AND
+					  post_type = 'user_request' AND
+					  post_name = 'remove_personal_data' AND
+					  post_status != 'request-completed'
+				ORDER BY ID DESC
+				LIMIT 1",
+				$user_id
+			),
+			ARRAY_A
+		);
 
-		if ( ! empty( $pending ) && $pending['post_status'] == 'request-pending' ) {
+		if ( ! empty( $pending ) && 'request-pending' === $pending['post_status'] ) {
 			echo '<p>' . esc_html__( 'A confirmation email has been sent to your email. Click the link within the email to confirm your deletion request.', 'ultimate-member' ) . '</p>';
-		} elseif ( ! empty( $pending ) && $pending['post_status'] == 'request-confirmed' ) {
+		} elseif ( ! empty( $pending ) && 'request-confirmed' === $pending['post_status'] ) {
 			echo '<p>' . esc_html__( 'The administrator has not yet approved deleting your data. Please expect an email with a link to your data.', 'ultimate-member' ) . '</p>';
 		} else {
-			if ( UM()->account()->current_password_is_required( 'privacy_erase_data' ) ) { ?>
-
+			if ( UM()->account()->current_password_is_required( 'privacy_erase_data' ) ) {
+				?>
 				<label name="um-erase-data">
 					<?php esc_html_e( 'Enter your current password to confirm the erasure of your personal data.', 'ultimate-member' ); ?>
-					<input id="um-erase-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' )?>">
+					<?php if ( UM()->options()->get( 'toggle_password' ) ) { ?>
+						<div class="um-field-area-password">
+							<input id="um-erase-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' ); ?>">
+							<span class="um-toggle-password"><i class="um-icon-eye"></i></span>
+						</div>
+					<?php } else { ?>
+						<input id="um-erase-data" type="password" placeholder="<?php esc_attr_e( 'Password', 'ultimate-member' ); ?>">
+					<?php } ?>
 					<div class="um-field-error um-erase-data">
 						<span class="um-field-arrow"><i class="um-faicon-caret-up"></i></span><?php esc_html_e( 'You must enter a password', 'ultimate-member' ); ?>
 					</div>

From ffa65ba3019862bdd957907f1df122381621c4e4 Mon Sep 17 00:00:00 2001
From: Mykyta Synelnikov <nsinelnikov.work@gmail.com>
Date: Tue, 25 Jul 2023 13:47:08 +0300
Subject: [PATCH 24/24] - updated readme.txt;

---
 readme.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.txt b/readme.txt
index 1527a497..8f51d06a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -172,6 +172,7 @@ IMPORTANT: PLEASE UPDATE THE PLUGIN TO AT LEAST VERSION 2.6.7 IMMEDIATELY. VERSI
 
   - Added: Compatibility with UM:Stripe extension
   - Added: Show/hide password button for toggle password visibility
+  - Added: JS scripts for syncing biography fields if there are the 1st field in the profile header and the 2nd field in the profile form
 
 * Bugfixes: