feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator

- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu) - users-handlers.php: password_hash explicitne vyloucen z dotazu - Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech) - Validator.php: validacni helper s pravidly required, string, int, email, in, numeric - PaginationHelper: PHPStan typy opraveny Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 18:42:42 +01:00
parent df506dfea4
commit 758be819c3
25 changed files with 513 additions and 102 deletions
--- a/api/admin/invoices-pdf.php
+++ b/api/admin/invoices-pdf.php
@@ -43,7 +43,14 @@ $lang = in_array($_GET['lang'] ?? '', ['cs', 'en']) ? $_GET['lang'] : 'cs';
 try {
    $pdo = db();

-    $stmt = $pdo->prepare('SELECT * FROM invoices WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, invoice_number, order_id, customer_id, status, currency,
+                vat_rate, apply_vat, payment_method, constant_symbol,
+                bank_name, bank_swift, bank_iban, bank_account,
+                issue_date, due_date, tax_date, paid_date,
+                issued_by, notes
+        FROM invoices WHERE id = ?'
+    );
    $stmt->execute([$id]);
    $invoice = $stmt->fetch();
    if (!$invoice) {
@@ -52,20 +59,32 @@ try {
    }

    // Polozky
-    $stmt = $pdo->prepare('SELECT * FROM invoice_items WHERE invoice_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT id, invoice_id, description, quantity, unit, unit_price, vat_rate, position
+        FROM invoice_items WHERE invoice_id = ? ORDER BY position'
+    );
    $stmt->execute([$id]);
    $items = $stmt->fetchAll();

    // Zakaznik
    $customer = null;
    if ($invoice['customer_id']) {
-        $stmt = $pdo->prepare('SELECT * FROM customers WHERE id = ?');
+        $stmt = $pdo->prepare(
+            'SELECT id, name, street, city, postal_code, country,
+                    company_id, vat_id, custom_fields
+            FROM customers WHERE id = ?'
+        );
        $stmt->execute([$invoice['customer_id']]);
        $customer = $stmt->fetch();
    }

    // Firemni udaje
-    $stmt = $pdo->query('SELECT * FROM company_settings LIMIT 1');
+    $stmt = $pdo->query(
+        'SELECT id, company_name, company_id, vat_id, street, city,
+                postal_code, country, custom_fields, logo_data,
+                default_currency, default_vat_rate
+        FROM company_settings LIMIT 1'
+    );
    $settings = $stmt->fetch();

    // Logo