From 88a9f6c7db46c379b884a040f43880946fd8f52a Mon Sep 17 00:00:00 2001
From: Champ Camba <heychampsupertramp@gmail.com>
Date: Wed, 2 Nov 2022 12:32:02 +0800
Subject: [PATCH 1/3] Fix sanitization text

---
 templates/members.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/members.php b/templates/members.php
index e1dc9adf..cf10f6c3 100644
--- a/templates/members.php
+++ b/templates/members.php
@@ -45,7 +45,7 @@ if ( count( $args['view_types'] ) == 1 ) {
 } else {
 	$args['default_view'] = ! empty( $args['default_view'] ) ? $args['default_view'] : $args['view_types'][0];
 	$default_view = $args['default_view'];
-	$current_view = ( ! empty( $_GET[ 'view_type_' . $unique_hash ] ) && in_array( $_GET[ 'view_type_' . $unique_hash ], $args['view_types'] ) ) ? $_GET[ 'view_type_' . $unique_hash ] : $args['default_view'];
+	$current_view = ( ! empty( $_GET[ 'view_type_' . $unique_hash ] ) && in_array( $_GET[ 'view_type_' . $unique_hash ], $args['view_types'] ) ) ? sanitize_text_field( $_GET[ 'view_type_' . $unique_hash ] ) : $args['default_view'];
 }
 
 // Sorting

From 907ac38a76b882b24acb5654eca86e31f3f66ca6 Mon Sep 17 00:00:00 2001
From: Champ Camba <heychampsupertramp@gmail.com>
Date: Wed, 2 Nov 2022 12:33:22 +0800
Subject: [PATCH 2/3] Add validation for upgrade package

---
 includes/admin/core/class-admin-upgrade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/admin/core/class-admin-upgrade.php b/includes/admin/core/class-admin-upgrade.php
index e6d0c39c..0fca265c 100644
--- a/includes/admin/core/class-admin-upgrade.php
+++ b/includes/admin/core/class-admin-upgrade.php
@@ -67,7 +67,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
 			if ( ! empty( $this->necessary_packages ) ) {
 				add_action( 'admin_menu', array( $this, 'admin_menu' ), 0 );
 
-				if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
+				if ( defined( 'DOING_AJAX' ) && DOING_AJAX && current_user_can("manage_options") ) {
 					$this->init_packages_ajax();
 
 					add_action( 'wp_ajax_um_run_package', array( $this, 'ajax_run_package' ) );

From faa5a9d4f9cfcf76723c0f2d7da6c964dba853be Mon Sep 17 00:00:00 2001
From: Nikita Sinelnikov <nsinelnikov.work@gmail.com>
Date: Thu, 3 Nov 2022 01:46:31 +0200
Subject: [PATCH 3/3] Update class-admin-upgrade.php

---
 includes/admin/core/class-admin-upgrade.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/admin/core/class-admin-upgrade.php b/includes/admin/core/class-admin-upgrade.php
index 0fca265c..0c56bee0 100644
--- a/includes/admin/core/class-admin-upgrade.php
+++ b/includes/admin/core/class-admin-upgrade.php
@@ -67,7 +67,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Upgrade' ) ) {
 			if ( ! empty( $this->necessary_packages ) ) {
 				add_action( 'admin_menu', array( $this, 'admin_menu' ), 0 );
 
-				if ( defined( 'DOING_AJAX' ) && DOING_AJAX && current_user_can("manage_options") ) {
+				if ( defined( 'DOING_AJAX' ) && DOING_AJAX && current_user_can( 'manage_options' ) ) {
 					$this->init_packages_ajax();
 
 					add_action( 'wp_ajax_um_run_package', array( $this, 'ajax_run_package' ) );