fix(security): Fix DOMPDF RCE and customer email sanitization

- Disable isPhpEnabled in DOMPDF to prevent RCE via embedded PHP in HTML
- Disable isRemoteEnabled to prevent SSRF attacks
- Add email validation and sanitization in CSV import (FILTER_SANITIZE_EMAIL, FILTER_VALIDATE_EMAIL)
- Reject invalid email formats during customer import

app/Controllers/Customers.php

@@ -419,7 +419,14 @@ class Customers extends Persons
                     $consent = $data[3] == '' ? 0 : 1;
 
                     if (sizeof($data) >= 16 && $consent) {
-                        $email = strtolower($data[4]);
+                        $email = filter_var(strtolower($data[4]), FILTER_SANITIZE_EMAIL);
+                        
+                        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+                            $failCodes[] = 'Row ' . $i . ': Invalid email format';
+                            $i++;
+                            continue;
+                        }
+                        
                         $person_data = [
                             'first_name'   => $data[0],
                             'last_name'    => $data[1],

app/Helpers/dompdf_helper.php

@@ -5,8 +5,13 @@
  */
 function create_pdf(string $html, string $filename = ''): string
 {
-    // Need to enable magic quotes for the
-    $dompdf = new Dompdf\Dompdf(['isRemoteEnabled' => true, 'isPhpEnabled' => true]);
+    // Security: Disable PHP execution in PDFs to prevent RCE attacks
+    // Security: Disable remote file access to prevent SSRF attacks
+    // Only local files referenced in HTML are allowed
+    $dompdf = new Dompdf\Dompdf([
+        'isRemoteEnabled' => false,
+        'isPhpEnabled' => false
+    ]);
     $dompdf->loadHtml(str_replace(['\n', '\r'], '', $html));
     $dompdf->render();