3 files changed, 32 insertions, 3 deletions

diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 6f8a4b956..19f14ee8a 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Web;
 
+use Zotlabs\Lib\Text;
+
 class WebServer {
 
 	public function run() {
@@ -60,7 +62,7 @@ class WebServer {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
 				if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) {
-					$_SESSION['my_address'] = $_GET['zid'];
+					$_SESSION['my_address'] = Text::escape_tags($_GET['zid']);
 					$_SESSION['authenticated'] = 0;
 				}
 				if(!$_SESSION['authenticated']) {
diff --git a/doc/en/TermsOfService.md b/doc/en/TermsOfService.md
index 1e085559e..c44b1eb56 100644
--- a/doc/en/TermsOfService.md
+++ b/doc/en/TermsOfService.md
@@ -1,11 +1,11 @@
 Privacy Policy
 ==============
 
-#include doc/gdpr1.md;
+#include doc/en/gdpr1.md;
 
 
 Terms of Service
 ================
 
-#include doc/SiteTOS.md;
+#include doc/en/SiteTOS.md;
 
diff --git a/tests/unit/CleanupBBCodeTest.php b/tests/unit/CleanupBBCodeTest.php
new file mode 100644
index 000000000..8e19b1d7e
--- /dev/null
+++ b/tests/unit/CleanupBBCodeTest.php
@@ -0,0 +1,27 @@
+<?php
+/*
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
+
+namespace Zotlabs\Tests\Unit;
+
+use PHPUnit\Framework\Attributes\DataProvider;
+
+class CleanupBBCodeTest extends UnitTestCase {
+	#[DataProvider("cleanup_bbcode_provider")]
+	public function test_cleanup_bbcode(string $expected, string $input): void {
+		$this->assertEquals($expected, cleanup_bbcode($input));
+	}
+
+	public static function cleanup_bbcode_provider(): array {
+		return [
+			'url followed by newline' => [
+				"#^[url=https://example.com]https://example.com[/url]\na test link",
+				"https://example.com\na test link",
+			]
+		];
+	}
+}