Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
271 Commits 1 Branch 47 Tags
c64c8ce12bc2e9bdc507025c5c2db3d848fb1c2d
Commit Graph

9 Commits

Author SHA1 Message Date
Jacek
5598888716 security: faza 4 - ochrona CSRF panelu administracyjnego 
- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 10:06:40 +01:00
Jacek Pyziak
d83d0ecdea feat: eliminate htaccess.conf, move all URL routes to pp_routes (v0.329-0.330) 
- Add category_id, page_id, article_id, type columns to pp_routes (migration 0.329)
- Move routing block in index.php before checkUrlParams() with Redis cache
- Routes for categories, pages, articles now stored in pp_routes instead of .htaccess
- Delete category/page/article routes on entity delete in respective repositories
- Eliminate libraries/htaccess.conf: generate .htaccess content entirely from PHP
- Move 32 static system routes (koszyk, logowanie, newsletter, AJAX modules, etc.)
  plus dynamic language/producer routes to pp_routes with type='system'
- Invalidate pp_routes Redis cache on every htacces() regeneration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-27 22:06:33 +01:00
Jacek Pyziak
ec77160130 ver. 0.305: Fix permutation attribute sorting + free delivery progress bar 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 16:33:30 +01:00
Jacek Pyziak
de11afb003 ver. 0.294: Code review complete — 96/96 classes, 27 fixes across all layers 
Full codebase review of autoload/ directory (96 classes, ~1144 methods).
Fixes: null safety (query/find guards), redundant DI bypass, undefined
variables, missing globals, and Imagick WebP mime type bug in Helpers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-19 15:26:07 +01:00
Jacek Pyziak
69e78ca248 ver. 0.294: Remove all 12 legacy autoload/shop/ classes (~2363 lines) 
Complete Domain-Driven Architecture migration:
- Phase 1-4: Transport, ProductSet, Coupon, Shop, Search, Basket,
  ProductCustomField, Category, ProductAttribute, Promotion
- Phase 5: Order (~562 lines) + Product (~952 lines)
- ~20 Product methods migrated to ProductRepository
- Apilo sync migrated to OrderAdminService
- Production hotfixes: stale Redis cache (prices 0.00), unqualified
  Product:: refs in LayoutEngine, object->array template conversion
- AttributeRepository::getAttributeValueById() Redis cache added

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 02:05:39 +01:00
Jacek Pyziak
8162df7356 ver. 0.286: Layouts, Menu, Pages frontend migration to Domain 
- Add 6 frontend methods to LayoutsRepository (Redis cache, 3-level fallback)
- Add 6 frontend methods to PagesRepository (Redis cache, recursive pages)
- Create front\Views\Menu (clean VIEW replacing front\view\Menu)
- Delete front\factory\Layouts, Menu, Pages + front\view\Menu + dead submenu.php
- Fix null $lang_id TypeError in check_url_params() (remove string type hint + ?? '')
- Optimize Helpers::htacces() from 3 layout calls to 1
- Tests: 470 OK, 1484 assertions (+16 new)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 08:21:53 +01:00
Jacek Pyziak
d2c9d97710 ver. 0.285: Tpl → Shared\Tpl namespace, CurlServer removal, thumb.php fix 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 00:13:59 +01:00
Jacek Pyziak
431add234c ver. 0.283: Legacy class cleanup — S, Html, Email, Image, Log, Mobile_Detect → Shared namespace 
- Migrate class.S → Shared\Helpers\Helpers (140+ files), remove 12 unused methods
- Migrate class.Html → Shared\Html\Html
- Migrate class.Email → Shared\Email\Email
- Migrate class.Image → Shared\Image\ImageManipulator
- Delete class.Log (unused), class.Mobile_Detect (outdated UA detection)
- Remove grid library loading from admin (index.php, ajax.php)
- Replace gridEdit usage in 10 admin templates with grid-edit-replacement.php
- Fix grid-edit-replacement.php AJAX to send values as JSON (grid.js compat)
- Remove mobile layout conditionals (m_html/m_css/m_js) from Site + LayoutsRepository
- Remove \Log::save_log() calls from OrderAdminService, ShopOrder, Order

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 23:06:06 +01:00
Jacek Pyziak
8e97413361 ver. 0.282: Banners frontend migration, Cache cleanup, Shared\Cache namespace 
- Banners frontend: front\Views\Banners (new), BannerRepository +2 frontend methods,
  front\view\Site przepięty, usunięte front\factory\Banners i front\view\Banners
- Cache cleanup: eliminacja legacy class.Cache.php (file-based cache),
  13 metod front\factory przepiętych z \Cache::fetch/store na CacheHandler
- Shared\Cache namespace: CacheHandler i RedisConnection przeniesione do Shared\Cache\,
  60 odwołań CacheHandler i 12 odwołań RedisConnection przepiętych,
  usunięte backward-compat wrappery class.CacheHandler.php i class.RedisConnection.php
- Naprawione rozbieżności kluczy cache (random_products, category_name)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 21:25:50 +01:00