From 074dc440cc1447493694181cce95cb336476eda3 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Mon, 14 Oct 2024 22:52:13 +0200
Subject: Change DB_Upgrade to a static function instead.

No need for this to be an object, since it's never referenced or even
kept after construction. Further all the functionality was in the
constructor anyways.

Also removed some unused properties.
---
 Zotlabs/Lib/DB_Upgrade.php | 8 +-------
 boot.php                   | 2 +-
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/Zotlabs/Lib/DB_Upgrade.php b/Zotlabs/Lib/DB_Upgrade.php
index 981c354a4..7e1016a73 100644
--- a/Zotlabs/Lib/DB_Upgrade.php
+++ b/Zotlabs/Lib/DB_Upgrade.php
@@ -6,13 +6,7 @@ use Zotlabs\Lib\Config;
 
 class DB_Upgrade {
 
-	public $config_name = '';
-	public $func_prefix = '';
-
-	function __construct($db_revision) {
-
-		$this->config_name = 'db_version';
-		$this->func_prefix = '_';
+	public static function run(int $db_revision): void {
 
 		$build = Config::Get('system', 'db_version', 0);
 		if(! intval($build))
diff --git a/boot.php b/boot.php
index 66dba84c3..6d53f7f25 100644
--- a/boot.php
+++ b/boot.php
@@ -1545,7 +1545,7 @@ function check_config() {
 	if (!$syschan_exists)
 		create_sys_channel();
 
-	new DB_Upgrade(DB_UPDATE_VERSION);
+	DB_Upgrade::run(DB_UPDATE_VERSION);
 
 	plugins_sync();
 
-- 
cgit v1.2.3


From e2ae8f0c4d83060b2606f03b1c86d040c3161f18 Mon Sep 17 00:00:00 2001
From: Harald Eilertsen <haraldei@anduin.net>
Date: Mon, 14 Oct 2024 23:07:42 +0200
Subject: Zotlabs\Lib\DB_Upgrade: Add API documentation.

---
 Zotlabs/Lib/DB_Upgrade.php | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/Zotlabs/Lib/DB_Upgrade.php b/Zotlabs/Lib/DB_Upgrade.php
index 7e1016a73..e11c2eb10 100644
--- a/Zotlabs/Lib/DB_Upgrade.php
+++ b/Zotlabs/Lib/DB_Upgrade.php
@@ -1,11 +1,34 @@
 <?php
+/**
+ * A class to handle database schema upgrades.
+ *
+ * SPDX-FileCopyrightText: 2024 Hubzilla Community
+ * SPDX-FileContributor: Harald Eilertsen
+ *
+ * SPDX-License-Identifier: MIT
+ */
 
 namespace Zotlabs\Lib;
 
 use Zotlabs\Lib\Config;
 
+/**
+ * Upgrade the database schema if necessary.
+ *
+ * Compares the currently active database schema version with the version
+ * required for this version of Hubzilla, and performs the upgrade if needed.
+ *
+ * If the difference consists of more than one revision of the schema, each of
+ * the intermediate upgrades are performed in turn.
+ */
 class DB_Upgrade {
 
+	/**
+	 * Check the installed and required schema versions and perform the upgrade
+	 * if necessary.
+	 *
+	 * @param int $db_version	The required DB schema version.
+	 */
 	public static function run(int $db_revision): void {
 
 		$build = Config::Get('system', 'db_version', 0);
-- 
cgit v1.2.3


From 0207c024201eec8d3fe83d4151f8cb5165e28886 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Wed, 30 Oct 2024 09:12:26 +0000
Subject: escape the zid parameter - issue #1877

---
 Zotlabs/Web/WebServer.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 6f8a4b956..19f14ee8a 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Web;
 
+use Zotlabs\Lib\Text;
+
 class WebServer {
 
 	public function run() {
@@ -60,7 +62,7 @@ class WebServer {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
 				if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) {
-					$_SESSION['my_address'] = $_GET['zid'];
+					$_SESSION['my_address'] = Text::escape_tags($_GET['zid']);
 					$_SESSION['authenticated'] = 0;
 				}
 				if(!$_SESSION['authenticated']) {
-- 
cgit v1.2.3