ver. 0.293: Code review fixes — 6 repositories, 16 fixes

- ArticleRepository: SQL injection fix (addslashes→parameterized), DRY refactor topArticles/newsListArticles - AttributeRepository: dead class_exists('\S') blocking cache/temp clear - CategoryRepository: dead class_exists('\S') blocking SEO link generation (critical) - BannerRepository: parameterize $today in SQL + null guard on query() - BasketCalculator: null guard checkProductQuantityInStock + optional DI params - PromotionRepository: null guard on $basket (production fatal) - OrderRepository/ShopBasketController/ajax.php: explicit DI in BasketCalculator callers 614 tests, 1821 assertions (+4 new) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 01:07:39 +01:00
parent 29821bccf2
commit 054b1b4a34
19 changed files with 297 additions and 218 deletions
--- a/autoload/Domain/Order/OrderRepository.php
+++ b/autoload/Domain/Order/OrderRepository.php
@@ -560,7 +560,8 @@ class OrderRepository

        $transport = ( new \Domain\Transport\TransportRepository( $this->db ) )->findActiveByIdCached( $transport_id );
        $payment_method = ( new \Domain\PaymentMethod\PaymentMethodRepository( $this->db ) )->findActiveById( (int)$payment_id );
-        $basket_summary = \Domain\Basket\BasketCalculator::summaryPrice($basket, $coupon);
+        $productRepo = new \Domain\Product\ProductRepository($this->db);
+        $basket_summary = \Domain\Basket\BasketCalculator::summaryPrice($basket, $coupon, $lang_id, $productRepo);
        $order_number = $this->generateOrderNumber();
        $order_date = date('Y-m-d H:i:s');
        $hash = md5($order_number . time());
@@ -619,7 +620,6 @@ class OrderRepository
        if (is_array($basket)) {
            foreach ($basket as $basket_position) {
                $attributes = '';
-                $productRepo = new \Domain\Product\ProductRepository($this->db);
                $product = $productRepo->findCached($basket_position['product-id'], $lang_id);

                if (is_array($basket_position['attributes'])) {
@@ -649,7 +649,7 @@ class OrderRepository
                    }
                }

-                $product_price_tmp = \Domain\Basket\BasketCalculator::calculateBasketProductPrice((float)$product['price_brutto_promo'], (float)$product['price_brutto'], $coupon, $basket_position);
+                $product_price_tmp = \Domain\Basket\BasketCalculator::calculateBasketProductPrice((float)$product['price_brutto_promo'], (float)$product['price_brutto'], $coupon, $basket_position, $productRepo);

                $this->db->insert('pp_shop_order_products', [
                    'order_id' => $order_id,