- Nowa klasa \Shared\Security\CsrfToken (generate/validate/regenerate)
- Token CSRF we wszystkich formularzach edycji (form-edit.php)
- Walidacja CSRF w FormRequestHandler::handleSubmit()
- Token CSRF w formularzu logowania i formularzach 2FA
- Walidacja CSRF w App::special_actions() dla żądań POST
- Regeneracja tokenu po udanym logowaniu (bezpośrednia i przez 2FA)
- Fix XSS: htmlspecialchars na $alert w unlogged-layout.php
- 7 nowych testów CsrfTokenTest (817 testów łącznie)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ShopOrderController: usunieto file_put_contents do tpay.txt (ujawnial dane platnicze)
- ShopOrderController: hardcoded sekret HotPay przeniesiony do stałej HOTPAY_HASH_SEED
- IntegrationsRepository: zastapiono raw SQL query('SELECT * FROM $table') metodą Medoo select()
- index.php + admin/index.php: usunieto RedBeanPHP (rb.php) - biblioteka byla ladowana ale nieuzywana
- libraries/rb.php: usunieto plik (536 KB, zero uzyc w kodzie aplikacji)
- Testy IntegrationsRepository zaktualizowane do nowego API (select zamiast query)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each attribute in .atributes div gets a clipboard icon button.
Click copies the value, icon switches to checkmark for 1.5s.
Uses Clipboard API with textarea fallback.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rebuilt changelog data from manifest JSON files to fix garbled Polish
characters. Converted changelog.php from static HTML to PHP script that
filters entries by instance version (?ver= parameter).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- NEW: IntegrationsRepository::shopproExportProduct() — eksport produktu do
zdalnej instancji shopPRO (pola główne, tłumaczenia, custom fields, zdjęcia)
- NEW: sendImageToShopproApi() — wysyłka zdjęć przez API shopPRO (base64 POST)
- REFACTOR: shopproImportProduct() — wydzielono shopproDb() i
missingShopproSetting(); dodano security_information, producer_id,
custom fields, alt zdjęcia
- NEW: AttributeRepository::ensureAttributeForApi() i
ensureAttributeValueForApi() — idempotent find-or-create dla słowników
- NEW: API POST dictionaries/ensure_attribute — utwórz lub znajdź atrybut
- NEW: API POST dictionaries/ensure_attribute_value — utwórz lub znajdź wartość
- NEW: API POST products/upload_image — przyjmuje base64, zapisuje plik i DB
- NEW: IntegrationsController::shoppro_product_export() — akcja admina
- NEW: przycisk "Eksportuj do shopPRO" w liście produktów
- NEW: pole API key w ustawieniach integracji shopPRO
Tests: 765 tests, 2153 assertions — all green
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix: globalna wyszukiwarka - Content-Type, Cache-Control, POST,
FETCH_ASSOC, try/catch wrapper
- New: document.title w szczegółach zamówienia = numer zamówienia
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix: (int) cast na apilo_order_id (format "PPxxxxxx") dawał 0, przez co
syncApiloPayment() i syncApiloStatus() pomijały wywołanie API Apilo.
Zmiana na empty() w obu metodach.
New: logowanie ApiloLogger w syncApiloPaymentIfNeeded() i
syncApiloStatusIfNeeded() — każda ścieżka decyzyjna zapisuje wpis
do pp_log z kontekstem.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Fix: race condition callback płatności przed wysłaniem do Apilo
- Fix: processApiloSyncQueue czeka na apilo_order_id zamiast usuwać task
- Fix: drugie wywołanie processApiloSyncQueue po wysyłce zamówień w cronie
- Fix: ceny w szczegółach zamówienia (effective price zamiast 0 zł)
- New: persistence filtrów tabel admin (localStorage)
- Testy: 760 tests, 2141 assertions
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Nowa zakladka "Logi" w sekcji Integracje - podglad tabeli pp_log
z paginacja, sortowaniem, filtrami i rozwijalnym kontekstem JSON.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- ApiloLogger: logowanie operacji Apilo do pp_log z kontekstem JSON
- Cache-busting: ?ver=filemtime() dla CSS i JS w admin main-layout
- Fix: inicjalizacja $mdb przed SettingsRepository w admin/index.php
- Fix: rzutowanie (string) w ShopProductController::escapeHtml()
- UI: text-overflow ellipsis dla kategorii produktow + title tooltip
- JS: navigator.clipboard API w copyToClipboard() z fallbackiem
- CSS: uproszczenie .site-content, usuniecie .with-menu
- Migracja: pp_log + kolumny action, order_id, context
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Kolorowe badge statusow na liscie zamowien (pp_shop_statuses.color)
- Walidacja hex koloru z DB (regex), sanityzacja HTML transport
- Polaczenie 2 zapytan SQL w jedno orderStatusData()
- Path-based form submit w table-list.php (admin URL routing)
- 11 nowych testow (750 total, 2114 assertions)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fix: product attributes with the same sort order value were overwriting
each other in getProductAttributes(), causing only one attribute to
display on the frontend. Now uses usort() with sequential keys.
New: Preview button in product edit form opens product page in new tab.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Table filters hidden by default with toggle button (icon + active count badge)
- Filter state persisted in localStorage; auto-show when filters active
- Order details mobile layout: icon-only action bar, full-width stacking,
compact product list (image + name + qty x price = total), bottom-sheet
dropdown for integrations menu
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces the manual ZIP packaging workflow with an automated build script.
UpdateRepository now supports both manifest JSON format (new) and legacy
_sql.txt/_files.txt format (fallback), enabling a smooth transition for
existing client instances.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Order product CRUD in admin panel (add, delete, edit quantity/prices)
- AJAX product search endpoint for order edit form
- Automatic stock adjustment when editing order products
- Transport cost recalculation based on free delivery threshold
- Fix: promo price = 0 when equal to base price (no real promotion)
- Clean up stale temp/ build artifacts
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Implemented TransportRepository for managing transport data with methods for listing, finding, saving, and retrieving transport costs.
- Created ShopTransportController to handle transport-related actions, including listing, editing, and saving transports.
- Added views for transport management: transports list and transport edit forms.
- Introduced JavaScript for responsive tabs in transport edit view.
- Updated testing suite with comprehensive unit tests for TransportRepository and ShopTransportController.
- Increased test coverage with new assertions and scenarios for transport functionalities.
- Removed legacy Scontainers controller and view files, transitioning to a new controller structure.
- Introduced ScontainersController to handle CRUD operations with improved dependency injection.
- Created ScontainersRepository for database interactions, encapsulating logic for container management.
- Updated container edit and list views to utilize new templating system.
- Added unit tests for ScontainersRepository and ScontainersController to ensure functionality.
- Enhanced form handling for container editing, including validation and error management.
