Some of this is PHP8 compatibility related, but not all:
There was a new field admin_note that was added in the original v17 days. The new field was not included in the setup. To fix that, I updated the upgrade script to run that part even when updating to version 20 in case you are on a version where you didn't get it. And I added the field in the database snapshot.
On user management in the admin:
Cleaned up the class a lot. May still be more work but a lot of it is cleaned up.
Fixed places that did not use SQL bind params. This may have pointed to possible SQL injection. The old one did use add slashes, but IIRC that is not foolproof depending on the charset. So the change eliminates the possibility in that area. I believe admin area was low priority for fixing existing areas that may have had possible SQL injection, since you have to be logged in to take advantage of the SQL injection. Still it is good to eliminate them.
While testing the changes to upgrade and setup, I fixed a number of PHP8 compatibility issues in the respective areas.
Some of this is PHP8 compatibility related, but not all:
There was a new field
admin_note
that was added in the original v17 days. The new field was not included in the setup. To fix that, I updated the upgrade script to run that part even when updating to version 20 in case you are on a version where you didn't get it. And I added the field in the database snapshot.On user management in the admin: