ver. 0.308: kolory statusow zamowien + poprawki bezpieczenstwa

- Kolorowe badge statusow na liscie zamowien (pp_shop_statuses.color) - Walidacja hex koloru z DB (regex), sanityzacja HTML transport - Polaczenie 2 zapytan SQL w jedno orderStatusData() - Path-based form submit w table-list.php (admin URL routing) - 11 nowych testow (750 total, 2114 assertions) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 20:57:56 +01:00
parent 56c931f7da
commit efcf06969c
10 changed files with 236 additions and 18 deletions
--- a/autoload/Domain/Order/OrderAdminService.php
+++ b/autoload/Domain/Order/OrderAdminService.php
@@ -30,6 +30,14 @@ class OrderAdminService
        return $this->orders->orderStatuses();
    }

+    /**
+     * @return array{names: array<int, string>, colors: array<int, string>}
+     */
+    public function statusData(): array
+    {
+        return $this->orders->orderStatusData();
+    }
+
    /**
     * @return array{items: array<int, array<string, mixed>>, total: int}
     */
--- a/autoload/Domain/Order/OrderRepository.php
+++ b/autoload/Domain/Order/OrderRepository.php
@@ -245,25 +245,43 @@ class OrderRepository

    public function orderStatuses(): array
    {
-        $rows = $this->db->select('pp_shop_statuses', ['id', 'status'], [
+        $data = $this->orderStatusData();
+        return $data['names'];
+    }
+
+    /**
+     * Zwraca nazwy i kolory statusów w jednym zapytaniu.
+     *
+     * @return array{names: array<int, string>, colors: array<int, string>}
+     */
+    public function orderStatusData(): array
+    {
+        $rows = $this->db->select('pp_shop_statuses', ['id', 'status', 'color'], [
            'ORDER' => ['o' => 'ASC'],
        ]);

+        $names = [];
+        $colors = [];
+
        if (!is_array($rows)) {
-            return [];
+            return ['names' => $names, 'colors' => $colors];
        }

-        $result = [];
        foreach ($rows as $row) {
            $id = (int)($row['id'] ?? 0);
            if ($id < 0) {
                continue;
            }

-            $result[$id] = (string)($row['status'] ?? '');
+            $names[$id] = (string)($row['status'] ?? '');
+
+            $color = trim((string)($row['color'] ?? ''));
+            if ($color !== '' && preg_match('/^#[0-9a-fA-F]{3,6}$/', $color)) {
+                $colors[$id] = $color;
+            }
        }

-        return $result;
+        return ['names' => $names, 'colors' => $colors];
    }

    public function nextOrderId(int $orderId): ?int