- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix: globalna wyszukiwarka - Content-Type, Cache-Control, POST,
FETCH_ASSOC, try/catch wrapper
- New: document.title w szczegółach zamówienia = numer zamówienia
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Nowa zakladka "Logi" w sekcji Integracje - podglad tabeli pp_log
z paginacja, sortowaniem, filtrami i rozwijalnym kontekstem JSON.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ApiloLogger: logowanie operacji Apilo do pp_log z kontekstem JSON
- Cache-busting: ?ver=filemtime() dla CSS i JS w admin main-layout
- Fix: inicjalizacja $mdb przed SettingsRepository w admin/index.php
- Fix: rzutowanie (string) w ShopProductController::escapeHtml()
- UI: text-overflow ellipsis dla kategorii produktow + title tooltip
- JS: navigator.clipboard API w copyToClipboard() z fallbackiem
- CSS: uproszczenie .site-content, usuniecie .with-menu
- Migracja: pp_log + kolumny action, order_id, context
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Table filters hidden by default with toggle button (icon + active count badge)
- Filter state persisted in localStorage; auto-show when filters active
- Order details mobile layout: icon-only action bar, full-width stacking,
compact product list (image + name + qty x price = total), bottom-sheet
dropdown for integrations menu
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Implemented TransportRepository for managing transport data with methods for listing, finding, saving, and retrieving transport costs.
- Created ShopTransportController to handle transport-related actions, including listing, editing, and saving transports.
- Added views for transport management: transports list and transport edit forms.
- Introduced JavaScript for responsive tabs in transport edit view.
- Updated testing suite with comprehensive unit tests for TransportRepository and ShopTransportController.
- Increased test coverage with new assertions and scenarios for transport functionalities.
- Introduced new `SettingsRepository` and `CacheRepository` classes in the `autoload\Domain` namespace.
- Updated `SettingsController` in the `admin\Controllers` namespace to enhance settings management.
- Added new templates for settings in `admin\templates\settings` and `admin\templates\site`.
- Improved overall structure and organization of settings-related files.
- Added columns for two-factor authentication (2FA) in the pp_users table:
- twofa_enabled (TINYINT)
- twofa_email (VARCHAR)
- twofa_code_hash (VARCHAR)
- twofa_expires_at (DATETIME)
- twofa_sent_at (DATETIME)
- twofa_failed_attempts (INT)
- Updated the twofa_enabled and twofa_email for user with id 0.
- Enhanced .htaccess to disable directory listing, block execution of sensitive files, and prevent serving hidden files.
