diff --git a/CHANGELOG-1.x.md b/CHANGELOG-1.x.md
index 9713f965..768abb73 100644
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,21 @@
# Changelog
+## [1.8.8 - 31.01.2026]
+### Added
+* Change Comment: Add missing hooks - patched from 0.8 (https://github.com/slawkens/myaac/commit/a60a23b84f61d41d1503073b52e01e3120f6d92a)
+*
+### Changed
+* Account Manage: Change the last login to the correct login time – Instead of just "now" (https://github.com/slawkens/myaac/commit/5b841682cdc473b38ef1a5edfcfe1a020802e286)
+* Twig: Extract renderInline(content, context) as a method to $twig (https://github.com/slawkens/myaac/commit/5e4806f891f8c88c37d45b89bbede23afc2fa37b)
+* Mail: Remove HTML tags from the email function (https://github.com/slawkens/myaac/commit/6661c78dac69c6aa498b9c79fe7da4fe0150e5c8)
+
+### Fixed
+* Forum: Fix XSS in board name (https://github.com/slawkens/myaac/commit/e52d9e486f5bf1dea867f59287f70aef3d538189, https://github.com/slawkens/myaac/commit/6db738a87c44b8d96919191ba5e661c32ab47457)
+* Forum: Fix edit_post, despite being an author, edit didn't work (https://github.com/slawkens/myaac/commit/e8b47429e8c607c2662a78b65415dfa772aa0e48)
+* Forum: Fix a player link in the forum thread being not clickable (When outfits are enabled) (https://github.com/slawkens/myaac/commit/f640ca636f34cd2dfc1fa8de6fdbed0674908b30)
+* Settings: Fix variable overlapping if the same var name as in core (https://github.com/slawkens/myaac/commit/c2415e9df3a5ffaf768f6f9668bdd38b5efd0771)
+* Settings: fix show_if for the selects (https://github.com/slawkens/myaac/commit/8dcbb66753914322706216cfd01436eb1478a5ce)
+
## [1.8.7 - 04.01.2026]
### Fixed
diff --git a/package-lock.json b/package-lock.json
index af143d0e..4901f59f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1431,9 +1431,9 @@
}
},
"node_modules/lodash": {
- "version": "4.17.21",
- "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
- "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+ "version": "4.17.23",
+ "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+ "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
"dev": true,
"license": "MIT"
},
diff --git a/system/pages/forum/edit_post.php b/system/pages/forum/edit_post.php
index b9f2890d..6eff5804 100644
--- a/system/pages/forum/edit_post.php
+++ b/system/pages/forum/edit_post.php
@@ -36,9 +36,9 @@ if(Forum::canPost($account_logged)) {
$thread = $db->query("SELECT `author_guid`, `author_aid`, `first_post`, `post_topic`, `post_date`, `post_text`, `post_smile`, `post_html`, `id`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post_id." LIMIT 1")->fetch();
if(isset($thread['id'])) {
$first_post = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread['first_post']." LIMIT 1")->fetch();
- echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.htmlspecialchars($first_post['post_topic']).' >> Edit post';
+ echo 'Boards >> '.escapeHtml($sections[$thread['section']]['name']).' >> '.htmlspecialchars($first_post['post_topic']).' >> Edit post';
- if(Forum::hasAccess($thread['section'] && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator()))) {
+ if(Forum::hasAccess($thread['section']) && ($account_logged->getId() == $thread['author_aid'] || Forum::isModerator())) {
$char_id = $post_topic = $text = $smile = $html = null;
$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
$saved = false;
diff --git a/system/pages/forum/new_post.php b/system/pages/forum/new_post.php
index 71bc3417..a06183e8 100644
--- a/system/pages/forum/new_post.php
+++ b/system/pages/forum/new_post.php
@@ -42,7 +42,7 @@ if(Forum::canPost($account_logged)) {
$thread = $db->query("SELECT `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`id` = ".(int) $thread_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." LIMIT 1")->fetch();
if(isset($thread['id']) && Forum::hasAccess($thread['section'])) {
- echo 'Boards >> '.$sections[$thread['section']]['name'].' >> '.htmlspecialchars($thread['post_topic']).' >> Post new reply
'.htmlspecialchars($thread['post_topic']).'
';
+ echo 'Boards >> '.escapeHtml($sections[$thread['section']]['name']).' >> '.htmlspecialchars($thread['post_topic']).' >> Post new reply
'.htmlspecialchars($thread['post_topic']).'
';
$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
diff --git a/system/pages/forum/new_thread.php b/system/pages/forum/new_thread.php
index 4f311977..2ed6fe81 100644
--- a/system/pages/forum/new_thread.php
+++ b/system/pages/forum/new_thread.php
@@ -34,7 +34,7 @@ if(Forum::canPost($account_logged)) {
$players_from_account = $db->query('SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = '.(int) $account_logged->getId())->fetchAll();
$section_id = $_REQUEST['section_id'] ?? null;
if($section_id !== null) {
- echo 'Boards >> ' . $sections[$section_id]['name'] . ' >> Post new thread
';
+ echo 'Boards >> ' . escapeHtml($sections[$section_id]['name']) . ' >> Post new thread
';
if(isset($sections[$section_id]['name']) && Forum::hasAccess($section_id)) {
if ($sections[$section_id]['closed'] && !Forum::isModerator())