feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator

- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu)
- users-handlers.php: password_hash explicitne vyloucen z dotazu
- Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech)
- Validator.php: validacni helper s pravidly required, string, int, email, in, numeric
- PaginationHelper: PHPStan typy opraveny

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api/admin/handlers/offers-handlers.php

@@ -54,7 +54,11 @@ function handleGetList(PDO $pdo): void
 function handleGetDetail(PDO $pdo, int $id): void
 {
     $stmt = $pdo->prepare('
-        SELECT q.*, c.name as customer_name
+        SELECT q.id, q.quotation_number, q.project_code, q.customer_id,
+               q.created_at, q.valid_until, q.currency, q.language,
+               q.vat_rate, q.apply_vat, q.exchange_rate, q.order_id,
+               q.status, q.scope_title, q.scope_description,
+               c.name as customer_name
         FROM quotations q
         LEFT JOIN customers c ON q.customer_id = c.id
         WHERE q.id = ?
@@ -68,7 +72,9 @@ function handleGetDetail(PDO $pdo, int $id): void
 
     // Get items
     $stmt = $pdo->prepare('
-        SELECT * FROM quotation_items
+        SELECT id, quotation_id, position, description, item_description,
+               quantity, unit, unit_price, is_included_in_total
+        FROM quotation_items
         WHERE quotation_id = ?
         ORDER BY position
     ');
@@ -77,7 +83,8 @@ function handleGetDetail(PDO $pdo, int $id): void
 
     // Get scope sections
     $stmt = $pdo->prepare('
-        SELECT * FROM scope_sections
+        SELECT id, quotation_id, position, title, title_cz, content
+        FROM scope_sections
         WHERE quotation_id = ?
         ORDER BY position
     ');
@@ -264,7 +271,12 @@ function handleCreateOffer(PDO $pdo): void
 
 function handleUpdateOffer(PDO $pdo, int $id): void
 {
-    $stmt = $pdo->prepare('SELECT * FROM quotations WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_number, project_code, customer_id, created_at,
+                valid_until, currency, language, vat_rate, apply_vat,
+                exchange_rate, order_id, status, scope_title, scope_description
+        FROM quotations WHERE id = ?'
+    );
     $stmt->execute([$id]);
     $existing = $stmt->fetch();
 
@@ -349,7 +361,12 @@ function handleUpdateOffer(PDO $pdo, int $id): void
 
 function handleDuplicate(PDO $pdo, int $sourceId): void
 {
-    $stmt = $pdo->prepare('SELECT * FROM quotations WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_number, project_code, customer_id, currency,
+                language, vat_rate, apply_vat, exchange_rate,
+                scope_title, scope_description
+        FROM quotations WHERE id = ?'
+    );
     $stmt->execute([$sourceId]);
     $source = $stmt->fetch();
 
@@ -357,11 +374,18 @@ function handleDuplicate(PDO $pdo, int $sourceId): void
         errorResponse('Zdrojová nabídka nebyla nalezena', 404);
     }
 
-    $stmt = $pdo->prepare('SELECT * FROM quotation_items WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT description, item_description, quantity, unit, unit_price,
+                is_included_in_total, position
+        FROM quotation_items WHERE quotation_id = ? ORDER BY position'
+    );
     $stmt->execute([$sourceId]);
     $sourceItems = $stmt->fetchAll();
 
-    $stmt = $pdo->prepare('SELECT * FROM scope_sections WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT title, title_cz, content, position
+        FROM scope_sections WHERE quotation_id = ? ORDER BY position'
+    );
     $stmt->execute([$sourceId]);
     $sourceSections = $stmt->fetchAll();