feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator

- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu)
- users-handlers.php: password_hash explicitne vyloucen z dotazu
- Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech)
- Validator.php: validacni helper s pravidly required, string, int, email, in, numeric
- PaginationHelper: PHPStan typy opraveny

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

api/admin/handlers/orders-handlers.php

@@ -96,12 +96,19 @@ function handleGetDetail(PDO $pdo, int $id): void
     }
 
     // Get items
-    $stmt = $pdo->prepare('SELECT * FROM order_items WHERE order_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT id, order_id, description, item_description, quantity, unit,
+                unit_price, is_included_in_total, position
+        FROM order_items WHERE order_id = ? ORDER BY position'
+    );
     $stmt->execute([$id]);
     $order['items'] = $stmt->fetchAll();
 
     // Get sections
-    $stmt = $pdo->prepare('SELECT * FROM order_sections WHERE order_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT id, order_id, title, title_cz, content, position
+        FROM order_sections WHERE order_id = ? ORDER BY position'
+    );
     $stmt->execute([$id]);
     $order['sections'] = $stmt->fetchAll();
 
@@ -202,7 +209,12 @@ function handleCreateOrder(PDO $pdo): void
     }
 
     // Verify quotation exists and has no order yet
-    $stmt = $pdo->prepare('SELECT * FROM quotations WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_number, project_code, customer_id, currency,
+                language, vat_rate, apply_vat, exchange_rate, order_id,
+                scope_title, scope_description
+        FROM quotations WHERE id = ?'
+    );
     $stmt->execute([$quotationId]);
     $quotation = $stmt->fetch();
 
@@ -215,11 +227,18 @@ function handleCreateOrder(PDO $pdo): void
     }
 
     // Get quotation items and sections
-    $stmt = $pdo->prepare('SELECT * FROM quotation_items WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT description, item_description, quantity, unit,
+                unit_price, is_included_in_total, position
+        FROM quotation_items WHERE quotation_id = ? ORDER BY position'
+    );
     $stmt->execute([$quotationId]);
     $quotationItems = $stmt->fetchAll();
 
-    $stmt = $pdo->prepare('SELECT * FROM scope_sections WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT title, title_cz, content, position
+        FROM scope_sections WHERE quotation_id = ? ORDER BY position'
+    );
     $stmt->execute([$quotationId]);
     $quotationSections = $stmt->fetchAll();
 
@@ -354,7 +373,9 @@ function handleCreateOrder(PDO $pdo): void
 
 function handleUpdateOrder(PDO $pdo, int $id): void
 {
-    $stmt = $pdo->prepare('SELECT * FROM orders WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, order_number, status, notes FROM orders WHERE id = ?'
+    );
     $stmt->execute([$id]);
     $order = $stmt->fetch();
 
@@ -461,7 +482,9 @@ function handleUpdateOrder(PDO $pdo, int $id): void
 
 function handleDeleteOrder(PDO $pdo, int $id): void
 {
-    $stmt = $pdo->prepare('SELECT * FROM orders WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, order_number, quotation_id FROM orders WHERE id = ?'
+    );
     $stmt->execute([$id]);
     $order = $stmt->fetch();