Project-Pro/orderPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: cache-bust assets, fix XSS and filemtime error handling, clean up users filters

Browse Source 
- Add ?ver=<filemtime> cache-busting to CSS/JS assets in app and auth layouts
- Use ?: 0 fallback on filemtime() to prevent E_WARNING when files are missing
- Escape security_information output with $e() to fix XSS vulnerability (show.php:91)
- Wrap product image metadata in __meta container, move storage path into <details>
- Add table--details CSS class and th { white-space: nowrap } rule
- Remove redundant sort, sort_dir, per_page filter dropdowns from users list
- Add 10 as a per-page option in users list
- Clean up completed items from TODO.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jacek Pyziak
2026-02-27 21:40:17 +01:00
parent bfff05a61b
commit 1cbbc76a17
7 changed files with 22 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
resources/views/products/show.php
View File

@@ -46,7 +46,7 @@
<?php endif; ?>
<h3><?= $e($t('products.show.details')) ?></h3>
<table class="table mt-12">
<table class="table table--details mt-12">
<tbody>
<tr><th>ID</th><td><?= $e((string) ($item['id'] ?? '')) ?></td></tr>
<tr><th><?= $e($t('products.fields.name')) ?></th><td><?= $e((string) ($item['name'] ?? '')) ?></td></tr>
@@ -88,7 +88,7 @@
<?php if (!empty($item['security_information'])): ?>
<tr>
<th>GPSR — informacje o bezpieczeństwie</th>
<td><?= $item['security_information'] ?></td>
<td><?= $e((string) ($item['security_information'] ?? '')) ?></td>
</tr>
<?php endif; ?>
<?php
@@ -170,10 +170,17 @@
<div class="product-show-images-grid mt-12">
<?php foreach ($images as $image): ?>
<div class="product-show-image-card">
<div><strong>ID:</strong> <?= $e((string) ($image['id'] ?? 0)) ?><?= ((int) ($image['is_main'] ?? 0) === 1) ? ' | <strong>' . $e($t('products.images.main')) . '</strong>' : '' ?></div>
<div class="muted"><?= $e((string) ($image['storage_path'] ?? '')) ?></div>
<div class="product-show-image-card__meta">
<span><strong>ID:</strong> <?= $e((string) ($image['id'] ?? 0)) ?><?= ((int) ($image['is_main'] ?? 0) === 1) ? ' | <strong>' . $e($t('products.images.main')) . '</strong>' : '' ?></span>
<?php if ((string) ($image['storage_path'] ?? '') !== ''): ?>
<details class="product-show-image-path">
<summary><?= $e($t('products.images.path')) ?></summary>
<div class="product-show-image-path__url muted"><?= $e((string) ($image['storage_path'] ?? '')) ?></div>
</details>
<?php endif; ?>
</div>
<?php if ((string) ($image['public_url'] ?? '') !== ''): ?>
<div class="mt-12">
<div class="mt-8">
<img src="<?= $e((string) $image['public_url']) ?>" alt="<?= $e((string) ($image['alt'] ?? '')) ?>" class="product-show-image">
</div>
<?php endif; ?>