fix: custom fields - type/is_required przy kopiowaniu produktu + obsługa obrazków w koszyku

ProductRepository: kopiowanie custom fields uwzględnia pola type i is_required.
product-custom-fields.php: ochrona XSS, obsługa pola image, fallback typu na text.
SonarQube 0.343: nowe issues dodane do TODO.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.claude/memory/reference_sonarqube.md

@@ -0,0 +1,14 @@
+---
+name: SonarQube scanner location
+description: Path to sonar-scanner CLI installed locally with bundled JRE
+type: reference
+---
+
+SonarQube scanner zainstalowany w `C:\tools\sonar-scanner-6.2.1.4610-windows-x64\bin\sonar-scanner.bat`
+
+Dodany do PATH usera — po restarcie terminala dostępny jako `sonar-scanner`.
+
+W bieżącej sesji bash używaj pełnej ścieżki: `"C:/tools/sonar-scanner-6.2.1.4610-windows-x64/bin/sonar-scanner.bat"`
+
+Konfiguracja projektu: `sonar-project.properties` w katalogu głównym shopPRO.
+Dashboard: https://sonar.project-pro.pl/dashboard?id=shopPRO

.scannerwork/report-task.txt

@@ -0,0 +1,6 @@
+projectKey=shopPRO
+serverUrl=https://sonar.project-pro.pl
+serverVersion=26.3.0.120487
+dashboardUrl=https://sonar.project-pro.pl/dashboard?id=shopPRO
+ceTaskId=cc124932-3cc6-464e-9f3b-36e783582dde
+ceTaskUrl=https://sonar.project-pro.pl/api/ce/task?id=cc124932-3cc6-464e-9f3b-36e783582dde

autoload/Domain/Product/ProductRepository.php

@@ -1751,8 +1751,10 @@ class ProductRepository
         if ( \Shared\Helpers\Helpers::is_array_fix( $customFields ) ) {
             foreach ( $customFields as $row ) {
                 $this->db->insert( 'pp_shop_products_custom_fields', [
-                    'id_product' => $newProductId,
-                    'name'       => $row['name'],
+                    'id_product'  => $newProductId,
+                    'name'        => $row['name'],
+                    'type'        => $row['type'] ?? 'text',
+                    'is_required' => $row['is_required'] ?? 0,
                 ] );
             }
         }

docs/CHANGELOG.md

@@ -4,6 +4,13 @@ Logi zmian z migracji na Domain-Driven Architecture. Najnowsze na gorze.
 
 ---
 
+## ver. 0.343 (2026-03-19) - Custom fields: type + is_required + obsługa obrazków w koszyku
+
+- **FIX**: `autoload/Domain/Product/ProductRepository.php` — kopiowanie custom fields przy duplikacji produktu uwzględnia teraz pola `type` i `is_required`
+- **FIX**: `templates/shop-basket/_partials/product-custom-fields.php` — ochrona XSS (htmlspecialchars), obsługa pola typu `image`, bezpieczny fallback typu na `text`
+
+---
+
 ## ver. 0.342 (2026-03-19) - Apilo: email z danymi zamówienia + infinite retry dla order jobów
 
 - **FIX**: `cron.php` — email notyfikacji Apilo zawiera teraz dane zamówienia (numer, klient, data, kwota) zamiast surowego JSON payload; temat emaila zawiera numery zamówień

docs/TODO.md

@@ -73,4 +73,34 @@ Dodać możliwość ustawienia limitu znaków w wiadomościach do produktu
 - [ ] [MINOR] autoload/api/ApiRouter.php:107 — Remove unused "$db" local variable (php:S1481)
 - [ ] [MINOR] cron.php:198 — Remove unused "$orderAdminService" local variable (php:S1481)
 - [ ] [MINOR] cron.php:524 — Remove unused "$mdb" local variable (php:S1481)
-- [ ] [MINOR] cron.php:539 — Remove unused "$mdb" local variable (php:S1481)
+- [ ] [MINOR] cron.php:539 — Remove unused "$mdb" local variable (php:S1481)
+
+## SonarQube — 0.343 (2026-03-19)
+
+### Nowe issues (nie występowały w 0.340)
+
+#### Code Smells — CRITICAL
+
+- [ ] [CRITICAL] autoload/admin/App.php:39 — Cognitive Complexity 37 (max 15) (php:S3776)
+- [ ] [CRITICAL] autoload/admin/App.php:50 — Duplicated literal "Location: /admin/" 8 times (php:S1192)
+- [ ] [CRITICAL] autoload/front/Controllers/ShopOrderController.php:86 — Cognitive Complexity 22 (max 15) (php:S3776)
+- [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:275 — Duplicated literal "Location: /koszyk" 6 times (php:S1192)
+- [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:287 — Duplicated literal "Location: /zamowienie/" 3 times (php:S1192)
+- [ ] [CRITICAL] autoload/front/Controllers/ShopBasketController.php:495 — Add curly braces around nested statement(s) (php:S121)
+- [ ] [CRITICAL] autoload/Domain/Integrations/IntegrationsRepository.php:33 — Add curly braces around nested statement(s) (php:S121)
+- [ ] [CRITICAL] autoload/Domain/Integrations/ApiloRepository.php:449 — Cognitive Complexity 22 (max 15) (php:S3776)
+- [ ] [CRITICAL] autoload/Domain/Order/OrderRepository.php:635 — Cognitive Complexity 61 (max 15) (php:S3776)
+- [ ] [CRITICAL] cron.php:198 — Cognitive Complexity 109 (max 15) (php:S3776)
+- [ ] [CRITICAL] cron.php:651 — Cognitive Complexity 18 (max 15) (php:S3776)
+
+#### Code Smells — MAJOR
+
+- [ ] [MAJOR] cron.php:198 — Function has 305 lines (max 150) (php:S138)
+- [ ] [MAJOR] cron.php:572 — Unused function parameter "$payload" (php:S1172)
+- [ ] [MAJOR] cron.php:572 — 5 returns (max 3) (php:S1142)
+- [ ] [MAJOR] cron.php:605 — Unused function parameter "$payload" (php:S1172)
+- [ ] [MAJOR] cron.php:605 — 4 returns (max 3) (php:S1142)
+- [ ] [MAJOR] cron.php:651 — Unused function parameter "$payload" (php:S1172)
+- [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:53 — 4 returns (max 3) (php:S1142)
+- [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:93 — 4 returns (max 3) (php:S1142)
+- [ ] [MAJOR] autoload/Domain/Integrations/ApiloRepository.php:105 — Merge if statement with enclosing one (php:S1066)

templates/shop-basket/_partials/product-custom-fields.php

@@ -1,20 +1,26 @@
 <? if ( $this -> custom_fields ) : ?>
   <? foreach ( $this -> custom_fields as $key => $val ) : ?>
     <? $custom_field = ( new \Domain\Product\ProductRepository( $GLOBALS['mdb'] ) )->findCustomFieldCached( $key ); ?>
-    
-    <? if ( $custom_field['type'] == 'text' ) : ?>
+    <? $field_type = !empty( $custom_field['type'] ) ? $custom_field['type'] : 'text'; ?>
+
+    <? if ( $field_type == 'text' ) : ?>
       <div class="custom-field">
         <div class="_name">
-          <?
-            echo $custom_field['name'] . ':';
-          ?>
+          <?= htmlspecialchars( $custom_field['name'] ) . ':'; ?>
         </div>
         <div class="_text">
-          <?= $val;?>
+          <?= nl2br( htmlspecialchars( $val ) );?>
+        </div>
+      </div>
+    <? elseif ( $field_type == 'image' && !empty( $val ) ) : ?>
+      <div class="custom-field">
+        <div class="_name">
+          <?= htmlspecialchars( $custom_field['name'] ) . ':'; ?>
+        </div>
+        <div class="_image">
+          <img src="<?= htmlspecialchars( $val );?>" alt="<?= htmlspecialchars( $custom_field['name'] );?>">
         </div>
       </div>
-    <? elseif ( $custom_field['type'] == 'image' ) : ?>
-
     <? endif; ?>
   <? endforeach; ?>
 <? endif;?>

updates/0.30/ver_0.342_manifest.json

@@ -0,0 +1,25 @@
+{
+    "changelog":  "Apilo: email z danymi zamówienia + infinite retry co 30 min dla order jobów",
+    "version":  "0.342",
+    "files":  {
+                  "added":  [
+
+                            ],
+                  "deleted":  [
+
+                              ],
+                  "modified":  [
+                                   "autoload/Domain/CronJob/CronJobRepository.php",
+                                   "autoload/Domain/CronJob/CronJobType.php",
+                                   "cron.php"
+                               ]
+              },
+    "checksum_zip":  "sha256:1c1560ecdb4f83f62fa1c5b6c97f7c1a9640aa9b6c4927ad29acc96ff23d8ecd",
+    "sql":  [
+
+            ],
+    "date":  "2026-03-19",
+    "directories_deleted":  [
+
+                            ]
+}

updates/changelog-data.html

@@ -1,3 +1,6 @@
+<b>ver. 0.342 - 19.03.2026</b><br />
+Apilo: email z danymi zamówienia + infinite retry co 30 min dla order jobów
+<hr>
 <b>ver. 0.341 - 16.03.2026</b><br />
 Bugfix: naprawiono wysyłkę zamówień do Apilo (regresja z 0.339), retry failed orders co 1h, powiadomienia mailowe o błędach
 <hr>

updates/versions.php

@@ -1,5 +1,5 @@
 <?
-$current_ver = 341;
+$current_ver = 342;
 
 for ($i = 1; $i <= $current_ver; $i++)
 {