commit by denisbaranov:

- fixed conditional logic in form;
- fixed prohibition on editing a field (Form->field->Can user edit this field?);
- fixed cleaning on XSS injection;
- fixed addition "wp_unslash" and "esc_attr" in the "Admin_Forms" class method "render_form_row";

includes/admin/core/class-admin-forms.php

@@ -77,6 +77,15 @@ if ( ! class_exists( 'Admin_Forms' ) ) {
             if ( empty( $data['type'] ) )
                 return '';
 
+            if ( !empty( $data['value'] ) && $data['type'] != 'email_template' ) {
+		        $data['value'] = wp_unslash( $data['value'] );
+
+		        /*for multi_text*/
+		        if ( !is_array( $data['value'] ) ) {
+			        $data['value'] = esc_attr( $data['value'] );
+		        }
+	        }
+
             $conditional = ! empty( $data['conditional'] ) ? 'data-conditional="' . esc_attr( json_encode( $data['conditional'] ) ) . '"' : '';
             $prefix_attr = ! empty( $this->form_data['prefix_id'] ) ? ' data-prefix="' . $this->form_data['prefix_id'] . '" ' : '';
 
@@ -805,7 +814,7 @@ if ( ! class_exists( 'Admin_Forms' ) ) {
 
             if ( ! empty( $values ) ) {
                 foreach ( $values as $k=>$value ) {
-
+	                $value = esc_attr($value);
                     $id_attr = ' id="' . $id . '-' . $k . '" ';
 
                     $html .= "<li class=\"um-multi-text-option-line {$size}\"><span class=\"um-field-wrapper\">