fix: custom fields - type/is_required przy kopiowaniu produktu + obsługa obrazków w koszyku

ProductRepository: kopiowanie custom fields uwzględnia pola type i is_required. product-custom-fields.php: ochrona XSS, obsługa pola image, fallback typu na text. SonarQube 0.343: nowe issues dodane do TODO.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 13:36:54 +01:00
parent 2cc46fff62
commit 815331b05c
4 changed files with 56 additions and 11 deletions
--- a/autoload/Domain/Product/ProductRepository.php
+++ b/autoload/Domain/Product/ProductRepository.php
@@ -1751,8 +1751,10 @@ class ProductRepository
        if ( \Shared\Helpers\Helpers::is_array_fix( $customFields ) ) {
            foreach ( $customFields as $row ) {
                $this->db->insert( 'pp_shop_products_custom_fields', [
-                    'id_product' => $newProductId,
+                    'id_product'  => $newProductId,
-                    'name'       => $row['name'],
+                    'name'        => $row['name'],
                    'type'        => $row['type'] ?? 'text',
                    'is_required' => $row['is_required'] ?? 0,
                ] );
            }
        }
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -4,6 +4,13 @@ Logi zmian z migracji na Domain-Driven Architecture. Najnowsze na gorze.
 ---
 ## ver. 0.343 (2026-03-19) - Custom fields: type + is_required + obsługa obrazków w koszyku
 - **FIX**: `autoload/Domain/Product/ProductRepository.php` — kopiowanie custom fields przy duplikacji produktu uwzględnia teraz pola `type` i `is_required`
 - **FIX**: `templates/shop-basket/_partials/product-custom-fields.php` — ochrona XSS (htmlspecialchars), obsługa pola typu `image`, bezpieczny fallback typu na `text`
 ---
 ## ver. 0.342 (2026-03-19) - Apilo: email z danymi zamówienia + infinite retry dla order jobów
 - **FIX**: `cron.php` — email notyfikacji Apilo zawiera teraz dane zamówienia (numer, klient, data, kwota) zamiast surowego JSON payload; temat emaila zawiera numery zamówień
--- a/docs/TODO.md
+++ b/docs/TODO.md
@@ -74,3 +74,33 @@ Dodać możliwość ustawienia limitu znaków w wiadomościach do produktu
 - [ ] [MINOR] cron.php:198 — Remove unused "$orderAdminService" local variable (php:S1481)
 - [ ] [MINOR] cron.php:524 — Remove unused "$mdb" local variable (php:S1481)
 - [ ] [MINOR] cron.php:539 — Remove unused "$mdb" local variable (php:S1481)
 ## SonarQube — 0.343 (2026-03-19)
 ### Nowe issues (nie występowały w 0.340)
 #### Code Smells — CRITICAL
 - [ ] [CRITICAL] autoload/admin/App.php:39 — Cognitive Complexity 37 (max 15) (php:S3776)
 - [ ] [CRITICAL] autoload/admin/App.php:50 — Duplicated literal "Location: /admin/" 8 times (php:S1192)
 - [ ] [CRITICAL] autoload/front/Controllers/ShopOrderController.php:86 — Cognitive Complexity 22 (max 15) (php:S3776)
 - [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:275 — Duplicated literal "Location: /koszyk" 6 times (php:S1192)
 - [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:287 — Duplicated literal "Location: /zamowienie/" 3 times (php:S1192)
 - [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:495 — Add curly braces around nested statement(s) (php:S121)
 - [ ] [CRITICAL] autoload/Domain/Integrations/IntegrationsRepository.php:33 — Add curly braces around nested statement(s) (php:S121)
 - [ ] [CRITICAL] autoload/Domain/Integrations/ApiloRepository.php:449 — Cognitive Complexity 22 (max 15) (php:S3776)
 - [ ] [CRITICAL] autoload/Domain/Order/OrderRepository.php:635 — Cognitive Complexity 61 (max 15) (php:S3776)
 - [ ] [CRITICAL] cron.php:198 — Cognitive Complexity 109 (max 15) (php:S3776)
 - [ ] [CRITICAL] cron.php:651 — Cognitive Complexity 18 (max 15) (php:S3776)
 #### Code Smells — MAJOR
 - [ ] [MAJOR] cron.php:198 — Function has 305 lines (max 150) (php:S138)
 - [ ] [MAJOR] cron.php:572 — Unused function parameter "$payload" (php:S1172)
 - [ ] [MAJOR] cron.php:572 — 5 returns (max 3) (php:S1142)
 - [ ] [MAJOR] cron.php:605 — Unused function parameter "$payload" (php:S1172)
 - [ ] [MAJOR] cron.php:605 — 4 returns (max 3) (php:S1142)
 - [ ] [MAJOR] cron.php:651 — Unused function parameter "$payload" (php:S1172)
 - [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:53 — 4 returns (max 3) (php:S1142)
 - [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:93 — 4 returns (max 3) (php:S1142)
 - [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:105 — Merge if statement with enclosing one (php:S1066)
--- a/templates/shop-basket/_partials/product-custom-fields.php
+++ b/templates/shop-basket/_partials/product-custom-fields.php
@@ -1,20 +1,26 @@
 <? if ( $this -> custom_fields ) : ?>
  <? foreach ( $this -> custom_fields as $key => $val ) : ?>
    <? $custom_field = ( new \Domain\Product\ProductRepository( $GLOBALS['mdb'] ) )->findCustomFieldCached( $key ); ?>
    <? $field_type = !empty( $custom_field['type'] ) ? $custom_field['type'] : 'text'; ?>
-    <? if ( $custom_field['type'] == 'text' ) : ?>
+    <? if ( $field_type == 'text' ) : ?>
      <div class="custom-field">
        <div class="_name">
-          <?
+          <?= htmlspecialchars( $custom_field['name'] ) . ':'; ?>
            echo $custom_field['name'] . ':';
          ?>
        </div>
        <div class="_text">
-          <?= $val;?>
+          <?= nl2br( htmlspecialchars( $val ) );?>
        </div>
      </div>
    <? elseif ( $field_type == 'image' && !empty( $val ) ) : ?>
      <div class="custom-field">
        <div class="_name">
          <?= htmlspecialchars( $custom_field['name'] ) . ':'; ?>
        </div>
        <div class="_image">
          <img src="<?= htmlspecialchars( $val );?>" alt="<?= htmlspecialchars( $custom_field['name'] );?>">
        </div>
      </div>
    <? elseif ( $custom_field['type'] == 'image' ) : ?>
    <? endif; ?>
  <? endforeach; ?>
 <? endif;?>