diff --git a/include/ajax.users.php b/include/ajax.users.php
index 94f98c7fb5de96fb3e25a965b561a5e535fd3563..f211ff6e644238b29576f92313d8695e6f74cc51 100644
--- a/include/ajax.users.php
+++ b/include/ajax.users.php
@@ -129,7 +129,7 @@ class UsersAjaxAPI extends AjaxController {
             Http::response(404, 'Unknown user');
 
         $errors = array();
-        if($user->updateInfo($_POST, $errors))
+        if ($user->updateInfo($_POST, $errors, true) && !$errors)
              Http::response(201, $user->to_json());
 
         $forms = $user->getForms();
diff --git a/include/class.dynamic_forms.php b/include/class.dynamic_forms.php
index 59605162dbc48e7227f89d651d4753340057cad4..ad9022d780f7db635d779adbe65c36a177346dbf 100644
--- a/include/class.dynamic_forms.php
+++ b/include/class.dynamic_forms.php
@@ -732,23 +732,24 @@ class DynamicFormEntry extends VerySimpleModel {
         if (!is_array($this->_errors)) {
             $this->_errors = array();
             $this->getClean();
-            foreach ($this->getFields() as $field)
+            foreach ($this->getFields() as $field) {
                 if ($field->errors() && (!$filter || $filter($field)))
                     $this->_errors[$field->get('id')] = $field->errors();
+            }
         }
         return !$this->_errors;
     }
 
     function isValidForClient() {
         $filter = function($f) {
-            return !$f->isRequiredForUsers();
+            return $f->isVisibleToUsers();
         };
         return $this->isValid($filter);
     }
 
     function isValidForStaff() {
         $filter = function($f) {
-            return !$f->isRequiredForStaff();
+            return $f->isVisibleToStaff();
         };
         return $this->isValid($filter);
     }
diff --git a/include/class.forms.php b/include/class.forms.php
index a9dc57fb615f712a1c391d693999cf5861d2bd03..54ef6e9003821df2da2091adcf0b0125b01f61e1 100644
--- a/include/class.forms.php
+++ b/include/class.forms.php
@@ -678,6 +678,9 @@ class TextboxField extends FormField {
                             && false !== @preg_match($wrapped, ' ')) {
                         return $wrapped;
                     }
+                    if ($value == '//iu')
+                        return '';
+
                     return $value;
                 },
                 'validators' => function($self, $v) {
diff --git a/include/class.user.php b/include/class.user.php
index 1a7317fbaf9ff600d55648c5fe4bf3df165d9cd0..f619a38b727b4279cba9f3fa9a0ee7d854711e73 100644
--- a/include/class.user.php
+++ b/include/class.user.php
@@ -493,13 +493,15 @@ class User extends UserModel {
         return User::importCsv($stream, $extra);
     }
 
-    function updateInfo($vars, &$errors) {
+    function updateInfo($vars, &$errors, $staff=false) {
 
         $valid = true;
         $forms = $this->getDynamicData();
         foreach ($forms as $cd) {
             $cd->setSource($vars);
-            if (!$cd->isValidForClient())
+            if ($staff && !$cd->isValidForStaff())
+                $valid = false;
+            elseif (!$cd->isValidForClient())
                 $valid = false;
             elseif ($cd->get('type') == 'U'
                         && ($form= $cd->getForm())