v3.44.1

What's Changed

Installer Improvements

• Fixed installer timeout on large schema upgrades — Rewrote upgrade logic to use staged table comparisons, temp tables for complex migrations, and in-place ALTER for simple changes (PR #7 by @dwalenczak)
• Standardized database engine and charset — All tables migrated to InnoDB/utf8mb4. Legacy MyISAM, latin1, and swedish collations converted automatically during upgrade
• Safe data migration — Complex schema changes use temp tables with data migration. Unmigrated data preserved in _unmigrated backup tables with CSV download link
• Version mismatch detection — Users now see a clear upgrade page when application files are newer than the database, with embedded admin login
• Latest release check — Installer now shows the latest GitHub release version for comparison (with 1-hour API cache)

Bug Fixes

• Fixed missing menu bar after login — Top navigation frame now refreshes automatically on first login via session flag (PR #8 by @dwalenczak)
• Fixed favicon not loading — Added explicit <link rel="icon"> tags to index.php and top.php for subdirectory installations
• Fixed undefined key warnings during upgrade — admin_user, admin_pass, admin_name POST keys now use null-coalescing in upgrade mode
• Fixed coordinate sanitization — Consolidated sanitize_coordinate() into shared incs/security.inc.php with lat/lng range validation

Security

• Restricted CSV download endpoint to _unmigrated tables only (prevents arbitrary table export)
• Added regex whitelist on table name parameter
• Fixed innerHTML XSS vector in installer log rendering
• Removed duplicate JS function definitions

Testing

• Added 10 unit tests for coordinate sanitizer
• Added 7 installer safety tests
• All 96 tests pass

Contributors

• @dwalenczak — Installer timeout fix, schema modernization, menu fix, release version check