feat: P4 backend kvalita - SELECT * fix, overdue konsolidace, Validator

- SELECT * nahrazen explicitnimi sloupci ve 22 PHP souborech (69+ vyskytu) - users-handlers.php: password_hash explicitne vyloucen z dotazu - Overdue detekce presunuta do invoices.php routeru (1x pred dispatch misto 3x v handlerech) - Validator.php: validacni helper s pravidly required, string, int, email, in, numeric - PaginationHelper: PHPStan typy opraveny Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-12 18:42:42 +01:00
parent df506dfea4
commit 758be819c3
25 changed files with 513 additions and 102 deletions
--- a/api/admin/offers-pdf.php
+++ b/api/admin/offers-pdf.php
@@ -38,7 +38,12 @@ if (!$id) {
 try {
    $pdo = db();

-    $stmt = $pdo->prepare('SELECT * FROM quotations WHERE id = ?');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_number, project_code, customer_id, created_at,
+                valid_until, currency, language, vat_rate, apply_vat,
+                exchange_rate, scope_title, scope_description
+        FROM quotations WHERE id = ?'
+    );
    $stmt->execute([$id]);
    $quotation = $stmt->fetch();
    if (!$quotation) {
@@ -48,20 +53,36 @@ try {

    $customer = null;
    if ($quotation['customer_id']) {
-        $stmt = $pdo->prepare('SELECT * FROM customers WHERE id = ?');
+        $stmt = $pdo->prepare(
+            'SELECT id, name, street, city, postal_code, country,
+                    company_id, vat_id, custom_fields
+            FROM customers WHERE id = ?'
+        );
        $stmt->execute([$quotation['customer_id']]);
        $customer = $stmt->fetch();
    }

-    $stmt = $pdo->prepare('SELECT * FROM quotation_items WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_id, position, description, item_description,
+                quantity, unit, unit_price, is_included_in_total
+        FROM quotation_items WHERE quotation_id = ? ORDER BY position'
+    );
    $stmt->execute([$id]);
    $items = $stmt->fetchAll();

-    $stmt = $pdo->prepare('SELECT * FROM scope_sections WHERE quotation_id = ? ORDER BY position');
+    $stmt = $pdo->prepare(
+        'SELECT id, quotation_id, position, title, title_cz, content
+        FROM scope_sections WHERE quotation_id = ? ORDER BY position'
+    );
    $stmt->execute([$id]);
    $sections = $stmt->fetchAll();

-    $stmt = $pdo->query('SELECT * FROM company_settings LIMIT 1');
+    $stmt = $pdo->query(
+        'SELECT id, company_name, company_id, vat_id, street, city,
+                postal_code, country, custom_fields, logo_data,
+                quotation_prefix, default_currency, default_vat_rate
+        FROM company_settings LIMIT 1'
+    );
    $settings = $stmt->fetch();

    $logoBase64 = '';