MyAAC v1.9.0

@gesior helped me to scan the code for vulnerabilities.
This results in following release, where we patched most of them.
Also some performance problems has been fixed.

Full changelog:

Added

• New hook: HOOK_FILTER_MAIL (#368)

Changed

• Improve bb [code] tag (1b321cd)
• News: Do not cache if logged as admin, so it shows the admin buttons (81b8bd8)

Fixed

• Security: Fix some session vulnerabilities (Thanks @gesior) (328f65c, 392eace)
• Security: Fix inline javascript execution in forum bbcode (Thanks @gesior) (a20a9b7)
• Highscores: Prevent mass queries amount caused by getPlayerLink (ac9a328)
• Fix: Clear hooks on plugin uninstall (4145d9e, 609cf15)
• Menus: Fix template_menus reload cache - instant change (c4435d2)
• Security: Fix: CSRF Token Uses Non-Constant-Time Comparison (65a6895)
• Security: Fix: Safer csrf token generation (70f4ff2)
• Security: Add escapeHtml in 404 & 405.php (065c1f0)
• Security: Fix: Account Redirect: Open Redirect via redirect Parameter (a1c1c8f)
• Fixes to cypress: Use expose instead of env (457bb3c)

Removed

• Move polls to plugins, may have sql injection (b6fc73c)
• Delete news_preview.php, wasn't used anyway (dd5a924)

Updated

• tinymce from 7.6.0 to 7.9.3
• cypress from ^14.3.3 to ^15.15.0
• lodash from 4.17.23 to 4.18.1
• tmp from 0.2.4 to 0.2.7
• qs from 6.14.2 to 6.15.2
• Update workflows actions versions to suppress the warnings about node 20 (1fba3f9)