Ultimate Member Core Plugin 2.8.9 Nulled

* Enhancements:

- Added: Using PHP tidy extension (if it's active) to make HTML textarea value clear
- Added: `um_tidy_config` filter hook for setting PHP tidy config
- Tweak: Avoid using force `set_status()` function.
- Tweak: Properly using `UM()->common()->users()->get_status( $user_id )` instead of `um_user( 'account_status' )`
- Tweak: Properly using `UM()->common()->users()->get_status( $user_id, 'formatted' )` instead of `um_user( 'account_status_name' )`
- Tweak: Properly using `um_user( 'status' )` for getting user role setting while registration

* Bugfixes:

- Fixed: UM tipsy removing inside .um-page selector (e.g. tipsy init from um-modal)
- Fixed: Rollback using `<iframe>` for displaying HTML formatted textarea value
- Fixed: Capability to edit user profile for Administrator when user doesn't have a capability to edit its profile
- Fixed: Sending email notifications based on user status after registration
- Fixed: PHP error when meta `um_member_directory_data` has a wrong format

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

* Bugfixes:

- Fixed: Download routing initialization
- Fixed: Textarea height and HTML formatted textarea field height isolated via `<iframe>` on view mode
- Fixed: User registration if email activation or admin review are required
- Fixed: First installation errors

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

Enhancements:

- Added: Single user actions on WP Users list table
- Updated: User status filter on WP Users list table
- Updated: User bulk actions on WP Users list table
- Updated: User actions on User Profile and Member Directory card
- Added: Applying shortcodes in the post restriction message
- Added: ProfilePage Structured Data
- Added: Ability to use HTML tags (allowed in `wp_kses_post`) in the global block restriction message
- Changed: Some wp-admin fields descriptions
- Updated: Data format in `um_admin_bulk_user_actions_hook` filter hook. Changed format from `$action_slug => array( 'label' => $action_title )` to `$action_slug => $action_title`
- Added: `$old_status` param to `um_after_user_status_is_changed` action hook
- Added: `$user_id` param to `um_before_user_hash_is_changed` action hook
- Added: `$user_id, $hash, $expiration` params to `um_after_user_hash_is_changed` action hook
- Added: `um_restricted_post_content` filter hook
- Added: `um_loggedin_inner_content` filter hook
- Added: `um_profile_dynamic_meta_profile_schema` filter hook
- Removed: `UM()->fields()->get_restricted_fields_for_edit()` function from a fields loop

* Enhancements:

- Added: Member Directory > Admin Filtering supports datepicker and timepicker filter-types with only "From" or "To" filled value
- Added: Ability to customize modal templates upload-single.php and view-photo.php
- Added: New FontAwesome library. Version 6.5.2

* Bugfixes:

- Fixed: Using HTML in the block restriction message. Replaced escaper to wp_kses sanitize while saving
- Fixed: Getting user capabilities without role
- Fixed: YouTube validation when field value is empty
- Fixed: Social URLs sanitizing where user can put his social username (e.g. Instagram, Facebook)
- Fixed: Using only published forms and member directories IDs on predefined pages installation
- Fixed: Member Directory before query hook when custom meta table is active
- Fixed: Unique email validation
- Fixed: Displaying asterisk on the Profile > View Mode
- Fixed: PHP errors while upgrade from 1.3.x version
- Fixed: Rating field view
- Fixed: Sorting by last login value when "Hide my last login" is set
- Fixed: PHP errors while uploading files
- Fixed: Parsing error on the license activation

* Templates required update:

- Renamed templates/modal/um_upload_single.php → templates/modal/upload-single.php
- Renamed templates/modal/um_view_photo.php → templates/modal/view-photo.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

**Enhancements**

* Tweak: Added separate file for full changelog. readme.txt shows only a few latest versions

**Bugfixes**

* Fixed: Member directory data sanitizing (CVE-2024-2123)
* Fixed: Activation link time changed from seconds to days
* Fixed: Password validation error
* Fixed: Password reset url for the approved user who didn't set their password after registration without password
* Fixed: Conflict with WebP Uploads

* Enhancements:

- Added: The `data` protocol for embedding base64 encoded logos in emails
- Added: Hook `um_access_restricted_post_instance` for filtering the restricted post instance
- Added: Shortcode `[um_author_profile_link]` for getting user Profile URL
- Updated: Using underscore.js native debounce method for resize handler
- Updated: Texts spelling

* Bugfixes:

- Fixed: AJAX requests conflict with `um_current_locale` attribute
- Fixed: Pickadate styling (Date & Time fields) in wp-admin screen
- Fixed: RTL styling and removed `um` class from UM frontend predefined pages
- Fixed: select2 conflict with Impreza theme
- Fixed: cropper conflict with Avada theme and active Fusion Image lazyload
- Fixed: MegaMenu conflict with nav menu items conditional settings (e.g. Newsletter theme)
- Fixed: PHP Fatal error when there isn't a proper WP_Post object in UM User Profile > Posts loop
- Fixed: Account styles
- Fixed: Saving `um_form_version` postmeta

* Templates required update:

- profile/posts-single.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

* Enhancements:

- Updated: Twitter texts to X
- Added: Safeguards against clickjacking attacks on UM Forms

* Bugfixes:

- Fixed: Displaying notice to avoid using wrong symbols
- Fixed: UM > Settings button styles
- Fixed: Error notice when creating page via extensions
- Fixed: Workaround for Cropper.JS if UM.frontend.cropper.obj undefined (Cropper hasn't been properly inited for UM objects)
- Fixed: The visibility of sub-items of hidden menu items

* Enhancements:
- Added: Site Health sections
- Added: oEmbed field type
- Added: YouTube field type supports YouTube Shorts links
- Added: Profile permalink base options: Unique hash, Custom usermeta
- Added: UM Form meta `um_form_version` for legacy support in the future
- Added: Setting "Deleting user comments after deleting a user" for WordPress native logic workaround
- Added: `aria-invalid` and `aria-errormessage` attributes to the fields on UM Forms
- Updated: Structure for enqueue assets PHP classes
- Updated: [Hooks Documentation v2](https://ultimatemember.github.io/ultimatemember/hooks/)

* Bugfixes:
- Fixed: Member directory search query escaping process
- Fixed: Added 'ID' metakey to the blacklist. It's not possible to create field with 'ID' metakey to avoid the conflict
- Fixed: Add/Edit Field metabox and "Field Icon", "Conditional logic" fields
- Fixed: Init `jquery-slider-ui` script/style on the block editor page
- Fixed: Displaying "Notifications Account Tab" setting
- Fixed: Displaying Post Date on the User Profile > Posts tab based on this [article](https://make.wordpress.org/core/2019/09/23/date-time-improvements-wp-5-3/)
- Fixed: Small PHP warning, notices and typos

* Deprecated:
- `UM()->enqueue()` use `UM()->frontend()->enqueue()` method
- `UM()->admin_enqueue()` use `UM()->admin()->enqueue()` method
- `UM()->admin_enqueue()->suffix` property use `UM()->frontend()->enqueue()::get_suffix()`
- `UM()->admin()->enqueue()->suffix` property use `UM()->frontend()->enqueue()::get_suffix()`
- Changed directories for the fonts (fonticons + raty), and JS/CSS files related to libs `jquery-ui`, `raty`, `select2`, `tipsy`, `fonticons (FontAwesome + Ionicons)`

* Templates required update:
- account.php
- login.php
- password-change.php
- password-reset.php
- register.php
- profile/posts-single.php

* Cached and optimized/minified assets(JS/CSS) must be flushed/re-generated after upgrade

- Fixed: Empty mail From data when there isn't set an option
- Fixed: Nonce validation for the admin actions handler
- Fixed: REST API endpoint List Pages redirecting to the homepage
- Fixed: Standardize the 'editable' attribute for the UM fields and hooks that can extend these fields
- Fixed: Redirection from default WordPress registration to UM registration page (if it's not a published)

• Bugfixes:
  • Fixed: A privilege escalation vulnerability used through UM Forms. Known in the wild that vulnerability allowed strangers to create administrator-level WordPress users. Please update immediately and check all administrator-level users on your website.
  • Fixed: Displaying fields on Account page > Privacy > Member directory settings
  • Fixed: Allowed types for the file field
  • Fixed: Disabled weekdays for the datepicker field