Fix technical issues from PR review

Image_lib.php fixes:
- Remove incorrect 'GPS' => PelTag::GPS_OFFSET mapping (GPS handled separately)
- Fix PNG transparency: change imagealphablending to false
- Add animated GIF detection: skip processing for animations
- Add logging in stripExifFallback to show which APP markers are removed

Migration optimization:
- Use get()->getRow() instead of countAllResults() for lighter query
- More efficient existence check before insert

All changes address CodeRabbit technical review comments while maintaining
the simplified multiselect-only UI (no toggle needed).

.dockerignore

@@ -1,23 +1,56 @@
-node_modules
-tmp
+# Version control
+.git
+.gitignore
+
+# Sensitive config (user may mount their own)
 app/Config/Email.php
+
+# Build artifacts
+node_modules/
+dist/
+tmp/
 *.patch
 patches/
+
+# IDE and editor files
 .idea/
-git-svn-diff.py
-*.bash
+.vscode/
 .swp
+*.swp
 .buildpath
 .project
-.settings/*
-.git
-dist/
-node_modules/
-*.swp
+.settings/
+
+# Development tools and configs
+tests/
+phpunit.xml
+.php-cs-fixer.*
+phpstan.neon
+*.bash
+git-svn-diff.py
+
+# Documentation
+*.md
+!LICENSE
+branding/
+
+# Build configs (not needed at runtime)
+composer.json
+composer.lock
+package.json
+package-lock.json
+gulpfile.js
+.env.example
+.dockerignore
+
+# Temporary and backup files
 *.rej
 *.orig
 *~
 *.~
 *.log
-app/writable/session/*
-!app/writable/session/index.html
+
+# CI
+.github/
+.github/workflows/
+build/

.env.example

@@ -4,6 +4,24 @@
 
 CI_ENVIRONMENT = production
 
+#--------------------------------------------------------------------
+# SECURITY: ALLOWED HOSTNAMES
+#--------------------------------------------------------------------
+# CRITICAL: Whitelist of allowed hostnames to prevent Host Header
+# Injection attacks (GHSA-jchf-7hr6-h4f3).
+#
+# REQUIRED IN PRODUCTION: Application will fail to start if not configured.
+# In development, falls back to 'localhost' with an error log.
+#
+# Configure with comma-separated list of domains/subdomains:
+#   app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
+#
+# For local development:
+#   app.allowedHostnames = 'localhost'
+#
+# Note: Do not include protocol (http/https) or port numbers.
+app.allowedHostnames = ''
+
 #--------------------------------------------------------------------
 # DATABASE
 #--------------------------------------------------------------------

.github/ISSUE_TEMPLATE/bug report.yml

@@ -1,121 +1,188 @@
-name: Bug Report
-description: File a bug report
-title: "[Bug]: "
-labels: ["bug", "triage"]
-projects: ["ospos/3", "ospos/4"]
-assignees:
-  - none
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Bug reports indicate that something is not working as intended. 
-        Please include as much detail as possible and submit a separate bug report for each problem.
-        Do not include personal identifying information such as email addresses or encryption keys.           
-  - type: textarea
-    id: bug-description
-    attributes:
-      label: Bug Description?
-      description: Describe the problem that you are seeing
-      placeholder: "Describe the problem that you are seeing"
-    validations:
-      required: true 
-  - type: textarea
-    id: steps-reproduce
-    attributes:
-      label: Steps to Reproduce?
-      description: List the steps to reproduce this issue
-      placeholder: "Steps to Reproduce"
-    validations:
-      required: true
-  - type: textarea
-    id: expected-behavior
-    attributes:
-      label: Expected Behavior?
-      description: Tell us what did you expect to happen?
-      placeholder: "Expected Behavior"
-    validations:
-      required: true    
-  - type: dropdown
-    id: ospos-version
-    attributes:
-      label: OpensourcePOS Version
-      description: What version of our software are you running?
-      options:
-        - development (unreleased)
-        - opensourcepos 3.4.1
-        - opensourcepos 3.4.0
-        - opensourcepos 3.3.9
-        - opensourcepos 3.3.8
-        - opensourcepos 3.3.7
-      default: 0
-    validations:
-      required: true
-  - type: dropdown
-    id: php-version
-    attributes:
-      label: Php version
-      description: What version of Php?
-      options:
-        - Php 7.2
-        - Php 7.3
-        - Php 7.4
-        - Php 8.1 
-        - Php 8.2
-        - Php 8.3
-        - Php 8.4
-      default: 0
-    validations:
-      required: true 
-  - type: dropdown
-    id: browsers
-    attributes:
-      label: What browsers are you seeing the problem on?
-      multiple: true
-      options:
-        - Firefox
-        - Chrome
-        - Safari
-        - Microsoft Edge
-        - Other
-  - type: input
-    id: server
-    attributes:
-      label: Server Operating System and version
-      description: "Server Operating System "
-      placeholder: "Server Operating System "
-    validations:
-      required: true  
-  - type: input
-    id: database
-    attributes:
-      label: Database Management System and version
-      description: "Database Management System"
-      placeholder: "Database Management"
-    validations:
-      required: true   
-  - type: input
-    id: webserver
-    attributes:
-      label: Web Server and version
-      description: "Web Server and version "
-      placeholder: "Web Server and version "
-    validations:
-      required: true    
-  - type: textarea
-    id: servers
-    attributes:
-      label: System Information Report (optional)
-      description: Copy and paste from OSPOS > Configuration > Setup & Conf > Setup & Conf?
-      placeholder: System Information Report
-      value: "System Information Report"
-    validations:
-      required: true  
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Unmodified copy of OpensourcePOS
-      description: By submitting this issue you agree this copy has not been modified
-      options:
-        - label: I agree this copy has not been modified
-          required: true
+name: 🐛 Bug Report
+description: File a bug report to help us improve
+title: "[Bug]: "
+labels: ["bug", "triage"]
+projects: ["ospos/3", "ospos/4"]
+assignees: []
+body:
+  # ─────────────────────────────────────────────────────────────────────────────
+  # INTRODUCTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: markdown
+    attributes:
+      value: |
+        ## Thanks for taking the time to fill out this bug report! 🐜
+        
+        Bug reports help us identify and fix issues. Please provide as much detail as possible.
+        
+        > ⚠️ **Important:** Submit a separate bug report for each problem you encounter.
+        > 
+        > 🚫 Do not include personal identifying information such as email addresses or encryption keys.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # PROBLEM DESCRIPTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: bug-description
+    attributes:
+      label: 🐛 Bug Description
+      description: A clear and concise description of what the bug is.
+      placeholder: |
+        Example: When I try to print a receipt, the application crashes 
+        with an error message saying "Unable to connect to printer".
+    validations:
+      required: true
+
+  - type: textarea
+    id: steps-reproduce
+    attributes:
+      label: 📋 Steps to Reproduce
+      description: Detailed steps to reproduce the behavior.
+      placeholder: |
+        1. Go to '...'
+        2. Click on '...'
+        3. Scroll down to '...'
+        4. See error
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected-behavior
+    attributes:
+      label: ✅ Expected Behavior
+      description: A clear and concise description of what you expected to happen.
+      placeholder: |
+        Example: The receipt should print successfully without any errors.
+    validations:
+      required: true
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ENVIRONMENT DETAILS
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: 📦 OpenSourcePOS Version
+      description: What version of our software are you running?
+      options:
+        - development (unreleased)
+        - OpenSourcePOS 3.4.2
+        - OpenSourcePOS 3.4.1
+        - OpenSourcePOS 3.4.0
+        - OpenSourcePOS 3.3.9
+        - OpenSourcePOS 3.3.8
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: php-version
+    attributes:
+      label: 🔧 PHP Version
+      description: What version of PHP are you running?
+      options:
+        - PHP 8.4
+        - PHP 8.3
+        - PHP 8.2
+        - PHP 8.1
+        - PHP 7.4
+        - PHP 7.3
+        - PHP 7.2
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: 🌐 Browser(s)
+      description: What browser(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox
+        - Chrome
+        - Safari
+        - Microsoft Edge
+        - Other
+
+  - type: input
+    id: server
+    attributes:
+      label: 🖥️ Server Operating System
+      description: What server OS and version are you running?
+      placeholder: "e.g., Ubuntu 22.04, CentOS 7, Windows Server 2022"
+    validations:
+      required: true
+
+  - type: input
+    id: database
+    attributes:
+      label: 🗄️ Database
+      description: What database management system and version are you using?
+      placeholder: "e.g., MySQL 8.0, MariaDB 10.11, Percona 8.0"
+    validations:
+      required: true
+
+  - type: input
+    id: webserver
+    attributes:
+      label: 🌍 Web Server
+      description: What web server and version are you using?
+      placeholder: "e.g., Apache 2.4, Nginx 1.24, Caddy 2.7"
+    validations:
+      required: true
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ADDITIONAL INFORMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: system-info
+    attributes:
+      label: 📊 System Information Report
+      description: |
+        Copy and paste the system information from OSPOS:
+        
+        **Navigation:** Configuration → Setup & Conf → System Info
+      placeholder: |
+        Paste the System Information Report here...
+      render: text
+    validations:
+      required: true
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: 📜 Relevant Log Output
+      description: |
+        Please copy and paste any relevant log output.
+        
+        **Log locations:**
+        - OSPOS logs: `writable/logs/`
+        - Web server logs: `/var/log/apache2/` or `/var/log/nginx/`
+        - PHP logs: Check your `php.ini` for `error_log` location
+      placeholder: |
+        Paste log output here...
+      render: shell
+
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: 📸 Screenshots
+      description: If applicable, add screenshots to help explain your problem.
+      placeholder: Drag and drop images here...
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # CONFIRMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: ✓ Confirmation
+      description: Please confirm the following before submitting
+      options:
+        - label: I certify that this is an unmodified copy of OpenSourcePOS
+          required: true
+        - label: I have searched existing issues to ensure this bug has not already been reported
+          required: true
+        - label: I have provided all the information requested above
+          required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,63 +1,136 @@
-name: ✨ Feature Request
-description: Suggest an idea for this project
-title: "[Feature]: "
-labels: ["enhancement"]
-assignees: ["none"]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this feature request! 🤗
-        Please make sure this feature request hasn't been already submitted by someone by looking through other open/closed issues. 😃
-
-  - type: dropdown
-    attributes:
-      multiple: false
-      label: Type of Feature
-      description: Select the type of feature request.
-      options:
-        - "✨ New Feature"
-        - "📝 Documentation"
-        - "🎨 Style and UI"
-        - "🔨 Code Refactor"
-        - "⚡ Performance Improvements"
-        - "✅ New Test"
-    validations:
-      required: true
-      
-  - type: dropdown
-    id: ospos-version
-    attributes:
-      label: OpensourcePOS Version
-      description: What version of our software are you running?
-      options:
-        - opensourcepos 3.3.9
-        - opensourcepos 3.3.8
-        - opensourcepos 3.3.7
-      default: 0
-    validations:
-      required: true  
-
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: Give us a brief description of the feature or enhancement you would like
-    validations:
-      required: true
-
-  - type: textarea
-    id: additional-information
-    attributes:
-      label: Additional Information
-      description: Give us some additional information on the feature request like proposed solutions, links, screenshots, etc.
-      
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Verify you searched open requests in OpensourcePOS
-      description: By submitting this request you agree that you have searched Open Requests in the Tracker
-      options:
-        - label: I agree I have searched Open Requests
-          required: true 
- 
+name: ✨ Feature Request
+description: Suggest an idea or enhancement for this project
+title: "[Feature]: "
+labels: ["enhancement"]
+assignees: []
+body:
+  # ─────────────────────────────────────────────────────────────────────────────
+  # INTRODUCTION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: markdown
+    attributes:
+      value: |
+        ## Thanks for suggesting a new feature! 💡
+        
+        We appreciate you taking the time to help improve OpenSourcePOS.
+        
+        > 📋 **Before submitting:** Please search [existing feature requests](https://github.com/opensourcepos/opensourcepos/issues?q=is%3Aissue+is%3Aopen+label%3Aenhancement) to ensure your idea hasn't already been suggested.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # FEATURE DETAILS
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: dropdown
+    id: feature-type
+    attributes:
+      label: 🏷️ Feature Type
+      description: What type of feature are you requesting?
+      options:
+        - "✨ New Feature"
+        - "📝 Documentation Improvement"
+        - "🎨 UI/UX Enhancement"
+        - "🔨 Code Refactoring"
+        - "⚡ Performance Improvement"
+        - "✅ New Test Coverage"
+        - "🔌 Plugin/Integration"
+      default: 0
+    validations:
+      required: true
+
+  - type: dropdown
+    id: ospos-version
+    attributes:
+      label: 📦 OpenSourcePOS Version
+      description: What version are you currently running?
+      options:
+        - development (unreleased)
+        - OpenSourcePOS 3.4.2
+        - OpenSourcePOS 3.4.1
+        - OpenSourcePOS 3.4.0
+        - OpenSourcePOS 3.3.9
+        - OpenSourcePOS 3.3.8
+      default: 0
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem-statement
+    attributes:
+      label: 🎯 Problem Statement
+      description: |
+        Is your feature request related to a problem? Please describe.
+        
+        A clear description of what the problem is. Ex: I'm always frustrated when [...]
+      placeholder: |
+        Example: I always have to manually calculate taxes for different regions, 
+        which is time-consuming and error-prone.
+    validations:
+      required: true
+
+  - type: textarea
+    id: proposed-solution
+    attributes:
+      label: 💡 Proposed Solution
+      description: A clear and concise description of what you want to happen.
+      placeholder: |
+        Example: Add an automatic tax calculation feature that:
+        - Detects the customer's region
+        - Applies the correct tax rate
+        - Generates a tax report automatically
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: 🔄 Alternatives Considered
+      description: A clear description of any alternative solutions or features you've considered.
+      placeholder: |
+        Example: I considered using an external tax service, but it would be 
+        better to have this integrated directly into OpenSourcePOS.
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # ADDITIONAL INFORMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: 📎 Additional Context
+      description: |
+        Add any other context, screenshots, mockups, or references about the feature request here.
+        
+        **Helpful additions:**
+        - Links to similar features in other software
+        - Mockups or diagrams
+        - Code examples
+        - Documentation references
+      placeholder: |
+        Any other relevant information, links, or screenshots...
+
+  - type: textarea
+    id: acceptance-criteria
+    attributes:
+      label: ✅ Acceptance Criteria
+      description: |
+        (Optional) Define what "done" looks like for this feature.
+        
+        Format: **Given** [context], **When** [action], **Then** [outcome]
+      placeholder: |
+        Given a customer is selected from region X
+        When the sale is completed
+        Then the tax rate for region X is automatically applied
+        And the tax amount is correctly calculated
+        And a tax entry is logged in the report
+
+  # ─────────────────────────────────────────────────────────────────────────────
+  # CONFIRMATION
+  # ─────────────────────────────────────────────────────────────────────────────
+  - type: checkboxes
+    id: terms
+    attributes:
+      label: ✓ Confirmation
+      description: Please confirm before submitting
+      options:
+        - label: I have searched existing feature requests to ensure this is not a duplicate
+          required: true
+        - label: I have provided a clear problem statement and proposed solution
+          required: true

.github/workflows/README.md

@@ -0,0 +1,61 @@
+# GitHub Actions
+
+This document describes the CI/CD workflows for OSPOS.
+
+## Build and Release Workflow (`.github/workflows/build-release.yml`)
+
+### Build Process
+- Setup PHP 8.2 with required extensions
+- Setup Node.js 20
+- Install composer dependencies
+- Install npm dependencies
+- Build frontend assets with Gulp
+
+### Docker Images
+- Build and push `opensourcepos` Docker image for multiple architectures (linux/amd64, linux/arm64)
+- On master: tagged with version and `latest`
+- On other branches: tagged with version only
+- Pushed to Docker Hub
+
+### Releases
+- Create distribution archives (tar.gz, zip)
+- Create/update GitHub "unstable" release on master branch only
+
+## Required Secrets
+
+To use this workflow, you need to add the following secrets to your repository:
+
+1. **DOCKER_USERNAME** - Docker Hub username for pushing images
+2. **DOCKER_PASSWORD** - Docker Hub password/token for pushing images
+
+### How to add secrets
+
+1. Go to your repository on GitHub
+2. Click **Settings** → **Secrets and variables** → **Actions**
+3. Click **New repository secret**
+4. Add `DOCKER_USERNAME` and `DOCKER_PASSWORD`
+
+The `GITHUB_TOKEN` is automatically provided by GitHub Actions.
+
+## Workflow Triggers
+
+- **Push to master** - Runs build, Docker push (with `latest` tag), and release
+- **Push to other branches** - Runs build and Docker push (version tag only)
+- **Push tags** - Runs build and Docker push (version tag only)
+- **Pull requests** - Runs build only (PHPUnit tests run in parallel via phpunit.yml)
+
+## Existing Workflows
+
+This repository also has these workflows:
+- `.github/workflows/main.yml` - PHP linting with PHP-CS-Fixer
+- `.github/workflows/phpunit.yml` - PHPUnit tests (runs on all PHP versions 8.1-8.4)
+- `.github/workflows/php-linter.yml` - PHP linting
+
+## Testing
+
+PHPUnit tests are run separately via `.github/workflows/phpunit.yml` on every push and pull request, testing against PHP 8.1, 8.2, 8.3, and 8.4.
+
+To test the build workflow:
+1. Add the required secrets
+2. Push to master or create a PR
+3. Monitor the Actions tab in GitHub

.github/workflows/build-release.yml

@@ -0,0 +1,214 @@
+name: Build and Release
+
+on:
+  push:
+  pull_request:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+      version-tag: ${{ steps.version.outputs.version-tag }}
+      short-sha: ${{ steps.version.outputs.short-sha }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: '8.2'
+          extensions: intl, mbstring, mysqli, gd, bcmath, zip
+          coverage: none
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get composer cache directory
+        run: echo "COMPOSER_CACHE_FILES_DIR=$(composer config cache-files-dir)" >> $GITHUB_ENV
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_FILES_DIR }}
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-
+
+      - name: Get npm cache directory
+        run: echo "NPM_CACHE_DIR=$(npm config get cache)" >> $GITHUB_ENV
+
+      - name: Cache npm dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.NPM_CACHE_DIR }}
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: Install composer dependencies
+        run: composer install --no-dev --optimize-autoloader
+
+      - name: Install npm dependencies
+        run: npm ci
+
+      - name: Install gulp globally
+        run: npm install -g gulp-cli
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | sed 's/feature\///' | tr '/' '_')
+          TAG=$(echo "${GITHUB_TAG:-$BRANCH}" | tr '/' '_')
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "version-tag=$VERSION-$BRANCH-$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+          echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TAG: ${{ github.ref_name }}
+
+      - name: Create .env file
+        run: |
+          cp .env.example .env
+          sed -i 's/production/development/g' .env
+
+      - name: Update commit hash
+        run: |
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$SHORT_SHA'/g" app/Config/OSPOS.php
+
+      - name: Build frontend assets
+        run: npm run build
+
+      - name: Create distribution archives
+        run: |
+          set -euo pipefail
+          gulp compress
+          VERSION="${{ steps.version.outputs.version }}"
+          SHORT_SHA="${{ steps.version.outputs.short-sha }}"
+          mv dist/opensourcepos.tar "dist/opensourcepos.$VERSION.$SHORT_SHA.tar"
+          mv dist/opensourcepos.zip "dist/opensourcepos.$VERSION.$SHORT_SHA.zip"
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-${{ steps.version.outputs.short-sha }}
+          path: dist/
+          retention-days: 7
+
+      - name: Upload build context for Docker
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-context-${{ steps.version.outputs.short-sha }}
+          path: |
+            .
+            !.git
+            !node_modules
+          retention-days: 1
+
+  docker:
+    name: Build Docker Image
+    runs-on: ubuntu-22.04
+    needs: build
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Download build context
+        uses: actions/download-artifact@v4
+        with:
+          name: build-context-${{ needs.build.outputs.short-sha }}
+          path: .
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Determine Docker tags
+        id: tags
+        run: |
+          BRANCH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '_')
+          if [ "$BRANCH" = "master" ]; then
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }},${{ secrets.DOCKER_USERNAME }}/opensourcepos:latest" >> $GITHUB_OUTPUT
+          else
+            echo "tags=${{ secrets.DOCKER_USERNAME }}/opensourcepos:${{ needs.build.outputs.version-tag }}" >> $GITHUB_OUTPUT
+          fi
+        env:
+          GITHUB_REF: ${{ github.ref }}
+
+      - name: Build and push Docker images
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          target: ospos
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.tags.outputs.tags }}
+
+  release:
+    name: Create Release
+    needs: build
+    runs-on: ubuntu-22.04
+    if: github.event_name == 'push' && github.ref == 'refs/heads/master'
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-${{ needs.build.outputs.short-sha }}
+          path: dist/
+
+      - name: Get version info
+        id: version
+        run: |
+          VERSION="${{ needs.build.outputs.version }}"
+          SHORT_SHA=$(git rev-parse --short=6 HEAD)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "short-sha=$SHORT_SHA" >> $GITHUB_OUTPUT
+
+      - name: Create/Update unstable release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: unstable
+          name: Unstable OpenSourcePOS
+          body: |
+            This is a build of the latest master which might contain bugs. Use at your own risk.
+            
+            Check the releases section for the latest official release.
+          files: |
+            dist/opensourcepos.${{ steps.version.outputs.version }}.${{ steps.version.outputs.short-sha }}.zip
+          prerelease: true
+          draft: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -1,71 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '21 12 * * 3'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1

.github/workflows/opencode.yml

@@ -1,33 +0,0 @@
-name: opencode
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-
-jobs:
-  opencode:
-    if: |
-      contains(github.event.comment.body, ' /oc') ||
-      startsWith(github.event.comment.body, '/oc') ||
-      contains(github.event.comment.body, ' /opencode') ||
-      startsWith(github.event.comment.body, '/opencode')
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-      pull-requests: read
-      issues: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-        with:
-          persist-credentials: false
-
-      - name: Run opencode
-        uses: anomalyco/opencode/github@latest
-        env:
-          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
-        with:
-          model: anthropic/claude-3-haiku-20240307

.github/workflows/phpunit.yml

@@ -69,9 +69,6 @@ jobs:
       - name: Install npm dependencies
         run: npm install
 
-      - name: Build database.sql
-        run: npm run gulp build-database
-
       - name: Start MariaDB
         run: |
           docker run -d --name mysql \
@@ -79,7 +76,6 @@ jobs:
             -e MYSQL_DATABASE=ospos \
             -e MYSQL_USER=admin \
             -e MYSQL_PASSWORD=pointofsale \
-            -v $PWD/app/Database/database.sql:/docker-entrypoint-initdb.d/database.sql \
             -p 3306:3306 \
             mariadb:10.5
           # Wait for MariaDB to be ready
@@ -111,7 +107,15 @@ jobs:
         env:
           CI_ENVIRONMENT: testing
           MYSQL_HOST_NAME: 127.0.0.1
-        run: composer test
+        run: composer test -- --log-junit test-results/junit.xml
+
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-results-php-${{ matrix.php-version }}
+          path: test-results/
+          retention-days: 30
 
       - name: Stop MariaDB
         if: always()

.github/workflows/release.yml

@@ -0,0 +1,172 @@
+name: Release Version Bump
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_type:
+        description: 'Version bump type'
+        required: true
+        type: choice
+        options:
+          - minor
+          - major
+          - patch
+        default: 'minor'
+
+permissions:
+  contents: write
+
+jobs:
+  prepare-release:
+    name: Prepare Release
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get current version
+        id: current_version
+        run: |
+          CURRENT_VERSION=$(grep "application_version" app/Config/App.php | sed "s/.*= '\(.*\)';/\1/g")
+          echo "current_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "Current version: $CURRENT_VERSION"
+
+      - name: Calculate new version
+        id: version
+        run: |
+          CURRENT_VERSION="${{ steps.current_version.outputs.current_version }}"
+          VERSION_TYPE="${{ github.event.inputs.version_type }}"
+          
+          # Parse current version
+          MAJOR=$(echo $CURRENT_VERSION | cut -d. -f1)
+          MINOR=$(echo $CURRENT_VERSION | cut -d. -f2)
+          PATCH=$(echo $CURRENT_VERSION | cut -d. -f3)
+          
+          # Bump version based on type
+          case $VERSION_TYPE in
+            major)
+              MAJOR=$((MAJOR + 1))
+              MINOR=0
+              PATCH=0
+              ;;
+            minor)
+              MINOR=$((MINOR + 1))
+              PATCH=0
+              ;;
+            patch)
+              PATCH=$((PATCH + 1))
+              ;;
+          esac
+          
+          NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
+          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
+          echo "previous_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+          echo "New version: $NEW_VERSION (was: $CURRENT_VERSION, type: $VERSION_TYPE)"
+
+      - name: Update version in App.php
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/public string \\\$application_version = '[^']*';/public string \\\$application_version = '$NEW_VERSION';/" app/Config/App.php
+          echo "Updated app/Config/App.php"
+
+      - name: Update version in package.json
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/\"version\": \"[^\"]*\",/\"version\": \"$NEW_VERSION\",/" package.json
+          echo "Updated package.json"
+
+      - name: Update version in docker-compose.nginx.yml
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          sed -i "s/jekkos\/opensourcepos:[^ ]*/jekkos\/opensourcepos:$NEW_VERSION/" docker-compose.nginx.yml
+          echo "Updated docker-compose.nginx.yml"
+
+      - name: Update version in README.md
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          # Extract major.minor for the "latest X.Y version" text
+          MAJOR_MINOR=$(echo "$NEW_VERSION" | cut -d. -f1,2)
+          sed -i "s/The latest \`[0-9]*\.[0-9]*\` version/The latest \`${MAJOR_MINOR}\` version/" README.md
+          echo "Updated README.md with version ${MAJOR_MINOR}"
+
+      - name: Generate changelog
+        id: changelog
+        run: |
+          PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          # Get commits since last version
+          if git rev-parse "$PREVIOUS_VERSION" >/dev/null 2>&1; then
+            COMMITS=$(git log "$PREVIOUS_VERSION"..HEAD --pretty=format:"- %s" --no-merges)
+          else
+            COMMITS=$(git log --pretty=format:"- %s" --no-merges -50)
+          fi
+          
+          # Create changelog entry
+          CHANGELOG_FILE="CHANGELOG.md"
+          
+          # Create the new version comparison link
+          NEW_LINK="[${NEW_VERSION}]: https://github.com/opensourcepos/opensourcepos/compare/${PREVIOUS_VERSION}...${NEW_VERSION}"
+          
+          # Insert new link after [unreleased] line
+          sed -i "/^\[unreleased\]/a $NEW_LINK" "$CHANGELOG_FILE"
+          
+          # Update [unreleased] link to start from new version
+          sed -i "s|^\[unreleased\]: .*|\[unreleased\]: https://github.com/opensourcepos/opensourcepos/compare/${NEW_VERSION}...HEAD|" "$CHANGELOG_FILE"
+          
+          # Create version header and content using temp file to avoid sed issues with special characters
+          VERSION_DATE=$(date +%Y-%m-%d)
+          VERSION_HEADER="## [$NEW_VERSION] - $VERSION_DATE"
+          
+          # Create temp file with changelog entry
+          TMP_FILE=$(mktemp)
+          {
+            echo ""
+            echo "$VERSION_HEADER"
+            echo ""
+            echo "$COMMITS"
+          } > "$TMP_FILE"
+          
+          # Insert after Unreleased header
+          sed -i "/^## \[Unreleased\]/r $TMP_FILE" "$CHANGELOG_FILE"
+          rm "$TMP_FILE"
+          
+          echo "Updated CHANGELOG.md"
+          echo "Changelog entries:"
+          echo "$COMMITS"
+
+      - name: Update version in issue templates
+        run: |
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          # Calculate version to remove (keep 5 versions)
+          PREVIOUS_VERSION="${{ steps.version.outputs.previous_version }}"
+          
+          # Bug report template - insert new version after development (unreleased)
+          BUG_TEMPLATE=".github/ISSUE_TEMPLATE/bug report.yml"
+          sed -i "/- development (unreleased)/a\\        - OpenSourcePOS ${NEW_VERSION}" "$BUG_TEMPLATE"
+          # Remove the oldest version (5th version from the end)
+          sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$BUG_TEMPLATE"
+          echo "Updated $BUG_TEMPLATE"
+          
+          # Feature request template - insert new version after development (unreleased)
+          FEATURE_TEMPLATE=".github/ISSUE_TEMPLATE/feature_request.yml"
+          sed -i "/- development (unreleased)/a\\        - OpenSourcePOS ${NEW_VERSION}" "$FEATURE_TEMPLATE"
+          # Remove the oldest version (5th version from the end)
+          sed -i "/OpenSourcePOS 3\\.3\\.7/d" "$FEATURE_TEMPLATE"
+          echo "Updated $FEATURE_TEMPLATE"
+
+      - name: Commit version bump
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          
+          NEW_VERSION="${{ steps.version.outputs.new_version }}"
+          
+          git add app/Config/App.php package.json docker-compose.nginx.yml CHANGELOG.md README.md .github/ISSUE_TEMPLATE/
+          git commit -m "chore: release version $NEW_VERSION"
+          git push origin HEAD

.travis.yml

@@ -1,54 +0,0 @@
-sudo: required
-
-branches:
-  except:
-    - unstable
-    - weblate
-services:
-  - docker
-
-dist: jammy
-language: node_js
-node_js:
-  - 20
-script:
-  - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-  - docker run --rm -u $(id -u) -v $(pwd):/app opensourcepos/composer:ci4 composer install
-  - version=$(grep application_version app/Config/App.php | sed "s/.*=\s'\(.*\)';/\1/g")
-  - cp .env.example .env && sed -i 's/production/development/g' .env
-  - sed -i "s/commit_sha1 = 'dev'/commit_sha1 = '$rev'/g" app/Config/OSPOS.php
-  - echo "$version-$branch-$rev"
-  - npm version "$version-$branch-$rev" --force || true
-  - sed -i 's/opensourcepos.tar.gz/opensourcepos.$version.tgz/g' package.json
-  - npm ci && npm install -g gulp && npm run build
-  - docker build . --target ospos -t ospos
-  - docker build . --target ospos_test -t ospos_test
-  - docker run --rm ospos_test /app/vendor/bin/phpunit --testdox
-  - docker build app/Database/ -t "jekkos/opensourcepos:sql-$TAG"
-env:
-  global:
-  - BRANCH=$(echo ${TRAVIS_BRANCH} | sed s/feature\\///)
-  - TAG=$(echo "${TRAVIS_TAG:-$BRANCH}" | tr '/' '-')
-  - date=`date +%Y%m%d%H%M%S` && branch=${TRAVIS_BRANCH} && rev=`git rev-parse --short=6 HEAD`
-after_success:
-  - docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD" && docker tag "ospos:latest"
-    "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:$TAG" && docker push "jekkos/opensourcepos:sql-$TAG"
-  - gulp compress
-  - mv dist/opensourcepos.tar.gz "dist/opensourcepos.$version.$rev.tgz"
-  - mv dist/opensourcepos.zip "dist/opensourcepos.$version.$rev.zip"
-deploy:
-  - provider: releases
-    edge: true
-    file: dist/opensourcepos.$version.$rev.zip
-    name: "Unstable OpensourcePos"
-    overwrite: true
-    release_notes: "This is a build of the latest master which might contain bugs. Use at your own risk. Check releases section for the latest official release"
-    prerelease: true
-    tag_name: unstable
-    user: jekkos
-
-    api_key:
-      secure: "KOukL8IFf/uL/BjMyCSKjf2vylydjcWqgEx0eMqFCg3nZ4ybMaOwPORRthIfyT72/FvGX/aoxxEn0uR/AEtb+hYQXHmNS+kZdX72JCe8LpGuZ7FJ5X+Eo9mhJcsmS+smd1sC95DySSc/GolKPo+0WtJYONY/xGCLxm+9Ay4HREg="
-
-    on:
-      branch: master

AGENTS.md

@@ -0,0 +1,40 @@
+# Agent Instructions
+
+This document provides guidance for AI agents working on the Open Source Point of Sale (OSPOS) codebase.
+
+## Code Style
+
+- Follow PHP CodeIgniter 4 coding standards
+- Run PHP-CS-Fixer before committing: `vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.no-header.php`
+- Write PHP 8.1+ compatible code with proper type declarations
+- Use PSR-12 naming conventions: `camelCase` for variables and functions, `PascalCase` for classes, `UPPER_CASE` for constants
+
+## Development
+
+- Create a new git worktree for each issue, based on the latest state of `origin/master`
+- Commit fixes to the worktree and push to the remote
+
+## Testing
+
+- Run PHPUnit tests: `composer test`
+- Tests must pass before submitting changes
+
+## Build
+
+- Install dependencies: `composer install && npm install`
+- Build assets: `npm run build` or `gulp`
+
+## Conventions
+
+- Controllers go in `app/Controllers/`
+- Models go in `app/Models/`
+- Views go in `app/Views/`
+- Database migrations in `app/Database/Migrations/`
+- Use CodeIgniter 4 framework patterns and helpers
+- Sanitize user input; escape output using `esc()` helper
+
+## Security
+
+- Never commit secrets, credentials, or `.env` files
+- Use parameterized queries to prevent SQL injection
+- Validate and sanitize all user input

Dockerfile

@@ -1,28 +1,22 @@
 FROM php:8.2-apache AS ospos
 LABEL maintainer="jekkos"
 
-RUN apt update && apt-get install -y libicu-dev libgd-dev
-RUN a2enmod rewrite
-RUN docker-php-ext-install mysqli bcmath intl gd
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    libicu-dev \
+    libgd-dev \
+    && docker-php-ext-install mysqli bcmath intl gd \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && a2enmod rewrite
+
 RUN echo "date.timezone = \"\${PHP_TIMEZONE}\"" > /usr/local/etc/php/conf.d/timezone.ini
 
 WORKDIR /app
-COPY . /app
-RUN ln -s /app/*[^public] /var/www && rm -rf /var/www/html && ln -nsf /app/public /var/www/html
-RUN chmod -R 770 /app/writable/uploads /app/writable/logs /app/writable/cache && chown -R www-data:www-data /app
-
-FROM ospos AS ospos_test
-
-COPY --from=composer /usr/bin/composer /usr/bin/composer
-
-RUN apt-get install -y libzip-dev wget git
-RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O /bin/wait-for-it.sh && chmod +x /bin/wait-for-it.sh
-RUN docker-php-ext-install zip
-RUN composer install -d/app
-#RUN sed -i 's/backupGlobals="true"/backupGlobals="false"/g' /app/tests/phpunit.xml
-WORKDIR /app/tests
-
-CMD ["/app/vendor/phpunit/phpunit/phpunit", "/app/test/helpers"]
+COPY --chown=www-data:www-data . /app
+RUN chmod 770 /app/writable/uploads /app/writable/logs /app/writable/cache \
+    && ln -s /app/*[^public] /var/www \
+    && rm -rf /var/www/html \
+    && ln -nsf /app/public /var/www/html
 
 FROM ospos AS ospos_dev
 

INSTALL.md

@@ -6,22 +6,63 @@
 - Raspberry PI based installations proved to work, see [wiki page here](<https://github.com/opensourcepos/opensourcepos/wiki/Installing-on-Raspberry-PI---Orange-PI-(Headless-OSPOS)>).
 - For Windows based installations please read [the wiki](https://github.com/opensourcepos/opensourcepos/wiki). There are closed issues about this subject, as this topic has been covered a lot.
 
+## Security Configuration
+
+### Allowed Hostnames (REQUIRED for Production)
+
+⚠️ **CRITICAL**: OpenSourcePOS validates the Host header to prevent Host Header Injection attacks (GHSA-jchf-7hr6-h4f3). **You MUST configure `app.allowedHostnames` for production deployments. If not configured, the application will fail to start.**
+
+**Add to your `.env` file:**
+
+```bash
+# Comma-separated list of allowed hostnames (no protocols or ports)
+app.allowedHostnames = 'yourdomain.com,www.yourdomain.com'
+```
+
+**For local development:**
+
+```bash
+app.allowedHostnames = 'localhost'
+```
+
+**If you see this error at startup:**
+
+```text
+RuntimeException: Security: allowedHostnames is not configured.
+```
+
+**Solution**: Add `app.allowedHostnames` to your `.env` file with your domain(s).
+
+**Why this matters:**
+- Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
+- Ensures URLs are generated with the correct domain
+- Security advisory: https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-jchf-7hr6-h4f3
+- Fixes issue #4480: .env configuration now works via comma-separated values
+
+### HTTPS Behind Proxy
+
+If your installation is behind a proxy with SSL offloading, set:
+```
+FORCE_HTTPS = true
+```
+
 ## Local install
 
-First of all, if you're seeing the message `system folder missing` after launching your browser, or cannot find `database.sql`, that most likely means you have cloned the repository and have not built the project.  To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
+First of all, if you're seeing the message `system folder missing` after launching your browser, that most likely means you have cloned the repository and have not built the project. To build the project from a source commit point instead of from an official release check out [Building OSPOS](BUILD.md). Otherwise, continue with the following steps.
 
 1. Download the a [pre-release for a specific branch](https://github.com/opensourcepos/opensourcepos/releases) or the latest stable [from GitHub here](https://github.com/opensourcepos/opensourcepos/releases). A repository clone will not work unless know how to build the project.
 2. Create/locate a new MySQL database to install Open Source Point of Sale into.
-3. Execute the file `app/Database/database.sql` to create the tables needed.
-4. Unzip and upload Open Source Point of Sale files to the web-server.
-5. Open `.env` file and modify credentials to connect to your database if needed. (First copy .env.example to .env and update)
+3. Unzip and upload Open Source Point of Sale files to the web-server.
+4. If `.env` does not exist, copy `.env.example` to `.env`.
+5. Open `.env` and modify credentials to connect to your database if needed.
+6. The database schema will be automatically created when you first access the application. Migrations run automatically on fresh installs.
 7. Go to your install `public` dir via the browser.
 8. Log in using
    - Username: admin
    - Password: pointofsale
 9. If everything works, then set the `CI_ENVIRONMENT` variable to `production` in the .env file
-9. Enjoy!
-10. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
+10. Enjoy!
+11. Oops, an issue? Please make sure you read the FAQ, wiki page, and you checked open and closed issues on GitHub. PHP `display_errors` is disabled by default. Create an` app/Config/.env` file from the `.env.example` to enable it in a development environment.
 
 ## Local install using Docker
 

README.md

@@ -8,7 +8,7 @@
 </p>
 
 <p align="center">
-<a href="https://app.travis-ci.com/opensourcepos/opensourcepos" target="_blank"><img src="https://api.travis-ci.com/opensourcepos/opensourcepos.svg?branch=master" alt="Build Status"></a>
+<a href="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/actions/workflows/build-release.yml/badge.svg" alt="Build Status"></a>
 <a href="https://app.gitter.im/#/room/#opensourcepos_Lobby:gitter.im?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge" target="_blank"><img src="https://badges.gitter.im/jekkos/opensourcepos.svg" alt="Join the chat at https://app.gitter.im"></a>
 <a href="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos" target="_blank"><img src="https://badge.fury.io/gh/opensourcepos%2Fopensourcepos.svg" alt="Project Version"></a>
 <a href="https://translate.opensourcepos.org/engage/opensourcepos/?utm_source=widget" target="_blank"><img src="https://translate.opensourcepos.org/widgets/opensourcepos/-/svg-badge.svg" alt="Translation Status"></a>
@@ -137,7 +137,7 @@ Any person or company found breaching the license agreement might find a bunch o
 
 ## 🙏 Credits
 
-| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">Travis CI</div> |
+| <div align="center">DigitalOcean</div> | <div align="center">JetBrains</div> | <div align="center">GitHub</div> |
 | --- | --- | --- |
-| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://www.travis-ci.com/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/71cc2b44-83af-4510-a543-6358285f43c6" alt="Travis CI Logo" height="50"></a></div> |
-| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [Travis CI](https://www.travis-ci.com/) for providing a free continuous integration service for open source projects. |
+| <div align="center"><a href="https://www.digitalocean.com?utm_medium=opensource&utm_source=opensourcepos" target="_blank"><img src="https://github.com/user-attachments/assets/fbbf7433-ed35-407d-8946-fd03d236d350" alt="DigitalOcean Logo" height="50"></a></div> | <div align="center"><a href="https://www.jetbrains.com/idea/" target="_blank"><img src="https://github.com/opensourcepos/opensourcepos/assets/12870258/187f9bbe-4484-475c-9b58-5e5d5f931f09" alt="IntelliJ IDEA Logo" height="50"></a></div> | <div align="center"><a href="https://github.com/features/actions" target="_blank"><img src="https://github.githubassets.com/images/modules/site/icons/eyebrow-panel/actions-icon.svg" alt="GitHub Actions Logo" height="50"></a></div> |
+| Many thanks to [DigitalOcean](https://www.digitalocean.com) for providing the project with hosting credits. | Many thanks to [JetBrains](https://www.jetbrains.com/) for providing a free license of [IntelliJ IDEA](https://www.jetbrains.com/idea/) to kindly support the development of OSPOS. | Many thanks to [GitHub](https://github.com) for providing free continuous integration via GitHub Actions for open-source projects. |

SECURITY.md

@@ -1,9 +1,9 @@
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
-
 - [Security Policy](#security-policy)
   - [Supported Versions](#supported-versions)
+  - [Security Advisories](#security-advisories)
   - [Reporting a Vulnerability](#reporting-a-vulnerability)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -12,14 +12,35 @@
 
 ## Supported Versions
 
-We release patches for security vulnerabilities. Which versions are eligible to receive such patches depend on the CVSS v3.0 Rating:
+We release patches for security vulnerabilities.
 
-| CVSS v3.0 | Supported Versions                                 |
-| --------- | -------------------------------------------------- |
-| 7.3       | 3.3.5                                              |
-| 9.8       | 3.3.6                                              |
-| 6.8       | 3.4.2                                              |
+| Version   | Supported          |
+| --------- | ------------------ |
+| >= 3.4.2  | :white_check_mark: |
+| < 3.4.2   | :x:                |
+
+## Security Advisories
+
+The following security vulnerabilities have been published:
+
+### High Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68434](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r) | CSRF leading to Admin Creation | 8.8 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-68147](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-xgr7-7pvw-fpmh) | Stored XSS in Return Policy | 8.1 | 2025-12-17 | 3.4.2 | @Nixon-H, @jekkos |
+| [CVE-2025-66924](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-gv8j-f6gq-g59m) | Stored XSS in Item Kits | 7.2 | 2026-03-04 | 3.4.2 | @hungnqdz, @omkaryepre |
+
+### Medium Severity
+
+| CVE | Vulnerability | CVSS | Published | Fixed In | Credit |
+|-----|--------------|------|-----------|----------|--------|
+| [CVE-2025-68658](https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw) | Stored XSS in Company Name | 4.3 | 2026-01-13 | 3.4.2 | @hungnqdz |
+
+For a complete list including draft advisories, see our [GitHub Security Advisories page](https://github.com/opensourcepos/opensourcepos/security/advisories).
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
+Please report (suspected) security vulnerabilities to **[jeroen@steganos.dev](mailto:jeroen@steganos.dev)**. 
+
+You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

app/Config/App.php

@@ -55,13 +55,21 @@ class App extends BaseConfig
     public string $baseURL;    // Defined in the constructor
 
     /**
-     * Allowed Hostnames in the Site URL other than the hostname in the baseURL.
-     * If you want to accept multiple Hostnames, set this.
-     *
-     * E.g.,
-     * When your site URL ($baseURL) is 'http://example.com/', and your site
-     * also accepts 'http://media.example.com/' and 'http://accounts.example.com/':
-     *     ['media.example.com', 'accounts.example.com']
+     * Allowed Hostnames for the Site URL.
+     * 
+     * Security: This is used to validate the HTTP Host header to prevent
+     * Host Header Injection attacks. If the Host header doesn't match
+     * an entry in this list, the request will use the first allowed hostname.
+     * 
+     * IMPORTANT: This MUST be configured for production deployments.
+     * If empty in production, the application will fail to start.
+     * In development, it will fall back to 'localhost' with a warning.
+     * 
+     * Configure via .env file (comma-separated list):
+     *   app.allowedHostnames = 'example.com,www.example.com'
+     * 
+     * For local development:
+     *   app.allowedHostnames = 'localhost'
      *
      * @var list<string>
      */
@@ -283,9 +291,74 @@ class App extends BaseConfig
     public function __construct()
     {
         parent::__construct();
+        
+        // Solution for CodeIgniter 4 limitation: arrays cannot be set from .env
+        // See: https://github.com/codeigniter4/CodeIgniter4/issues/7311
+        $envAllowedHostnames = getenv('app.allowedHostnames');
+        if ($envAllowedHostnames !== false && trim($envAllowedHostnames) !== '') {
+            $this->allowedHostnames = array_values(array_filter(
+                array_map('trim', explode(',', $envAllowedHostnames)),
+                static fn (string $hostname): bool => $hostname !== ''
+            ));
+        }
+        
         $this->https_on = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_ENV['FORCE_HTTPS']) && $_ENV['FORCE_HTTPS'] == 'true');
+        
+        $host = $this->getValidHost();
         $this->baseURL = $this->https_on ? 'https' : 'http';
-        $this->baseURL .= '://' . ((isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : 'localhost') . '/';
+        $this->baseURL .= '://' . $host . '/';
         $this->baseURL .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
     }
+
+    /**
+     * Validates and returns a trusted hostname.
+     * 
+     * Security: Prevents Host Header Injection attacks (GHSA-jchf-7hr6-h4f3)
+     * by validating the HTTP_HOST against a whitelist of allowed hostnames.
+     * 
+     * In production: Fails fast if allowedHostnames is not configured.
+     * In development: Allows localhost fallback with an error log.
+     * 
+     * @return string A validated hostname
+     * @throws \RuntimeException If allowedHostnames is not configured in production
+     */
+    private function getValidHost(): string
+    {
+        $httpHost = $_SERVER['HTTP_HOST'] ?? 'localhost';
+        
+        // Determine environment
+        // CodeIgniter's test bootstrap sets $_SERVER['CI_ENVIRONMENT'] = 'testing'
+        // Check $_SERVER first, then $_ENV, then fall back to 'production'
+        $environment = $_SERVER['CI_ENVIRONMENT'] ?? $_ENV['CI_ENVIRONMENT'] ?? getenv('CI_ENVIRONMENT') ?: 'production';
+
+        if (empty($this->allowedHostnames)) {
+            $errorMessage = 
+                'Security: allowedHostnames is not configured. ' .
+                'Host header injection protection is disabled. ' .
+                'Set app.allowedHostnames in your .env file. ' .
+                'Example: app.allowedHostnames = "example.com,www.example.com" ' .
+                'Received Host: ' . $httpHost;
+            
+            // Production: Fail explicitly to prevent silent security vulnerabilities
+            // Testing and development: Allow localhost fallback
+            if ($environment === 'production') {
+                throw new \RuntimeException($errorMessage);
+            }
+            
+            log_message('error', $errorMessage . ' Using localhost fallback (development only).');
+            return 'localhost';
+        }
+
+        if (in_array($httpHost, $this->allowedHostnames, true)) {
+            return $httpHost;
+        }
+
+        // Host not in whitelist - use first configured hostname as fallback
+        log_message('warning', 
+            'Security: Rejected HTTP_HOST "' . $httpHost . '" - not in allowedHostnames whitelist. ' .
+            'Using fallback: ' . $this->allowedHostnames[0]
+        );
+
+        return $this->allowedHostnames[0];
+    }
 }

app/Config/Constants.php

@@ -169,3 +169,8 @@ const MAX_PRECISION = 1e14;
 const DEFAULT_PRECISION = 2;
 const DEFAULT_LANGUAGE = 'english';
 const DEFAULT_LANGUAGE_CODE = 'en';
+
+/**
+ * Admin modules - list of modules required for admin privileges
+ */
+const ADMIN_MODULES = ['customers', 'employees', 'giftcards', 'items', 'item_kits', 'messages', 'receivings', 'reports', 'sales', 'config', 'suppliers'];

app/Config/Filters.php

@@ -70,7 +70,7 @@ class Filters extends BaseFilters
     public array $globals = [
         'before' => [
             'honeypot',
-            'csrf' => ['except' => 'login'],
+            'csrf' => ['except' => 'login|migrate'],
             'invalidchars',
         ],
         'after' => [

app/Config/OSPOS.php

@@ -5,6 +5,7 @@ namespace Config;
 use App\Models\Appconfig;
 use CodeIgniter\Cache\CacheInterface;
 use CodeIgniter\Config\BaseConfig;
+use CodeIgniter\Database\Exceptions\DatabaseException;
 
 /**
  * This class holds the configuration options stored from the database so that on launch those settings can be cached
@@ -34,11 +35,21 @@ class OSPOS extends BaseConfig
         if ($cache) {
             $this->settings = decode_array($cache);
         } else {
-            $appconfig = model(Appconfig::class);
-            foreach ($appconfig->get_all()->getResult() as $app_config) {
-                $this->settings[$app_config->key] = $app_config->value;
+            try {
+                $appconfig = model(Appconfig::class);
+                foreach ($appconfig->get_all()->getResult() as $app_config) {
+                    $this->settings[$app_config->key] = $app_config->value;
+                }
+                $this->cache->save('settings', encode_array($this->settings));
+            } catch (DatabaseException $e) {
+                // Database table doesn't exist yet (migrations haven't run)
+                // Return empty settings to allow migration page to display
+                $this->settings = [
+                    'language' => 'english',
+                    'language_code' => 'en',
+                    'company' => 'Home'
+                ];
             }
-            $this->cache->save('settings', encode_array($this->settings));
         }
     }
 
@@ -50,4 +61,4 @@ class OSPOS extends BaseConfig
         $this->cache->delete('settings');
         $this->set_settings();
     }
-}
+}

app/Config/Routes.php

@@ -10,6 +10,7 @@ $routes->setDefaultController('Login');
 $routes->get('/', 'Login::index');
 $routes->get('login', 'Login::index');
 $routes->post('login', 'Login::index');
+$routes->post('migrate', 'Login::migrate');
 
 $routes->add('no_access/index/(:segment)', 'No_access::index/$1');
 $routes->add('no_access/index/(:segment)/(:segment)', 'No_access::index/$1/$2');

app/Config/Session.php

@@ -5,6 +5,8 @@ namespace Config;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Session\Handlers\BaseHandler;
 use CodeIgniter\Session\Handlers\DatabaseHandler;
+use CodeIgniter\Session\Handlers\FileHandler;
+use Config\Database;
 
 class Session extends BaseConfig
 {
@@ -124,4 +126,23 @@ class Session extends BaseConfig
      * seconds.
      */
     public int $lockMaxRetries = 300;
+
+    public function __construct()
+    {
+        parent::__construct();
+
+        if ($this->driver === DatabaseHandler::class) {
+            try {
+                $db = Database::connect();
+
+                if (!$db->tableExists($this->savePath)) {
+                    $this->driver = FileHandler::class;
+                    $this->savePath = WRITEPATH . 'session';
+                }
+            } catch (\CodeIgniter\Database\Exceptions\DatabaseException $e) {
+                $this->driver = FileHandler::class;
+                $this->savePath = WRITEPATH . 'session';
+            }
+        }
+    }
 }

app/Config/Validation/OSPOSRules.php

@@ -135,4 +135,19 @@ class OSPOSRules
     {
         return parse_decimals($candidate) !== false;
     }
+
+    /**
+     * Validates that a locale-aware decimal value is non-negative (>= 0).
+     *
+     * @param string $candidate
+     * @param string|null $error
+     * @return bool
+     * @noinspection PhpUnused
+     */
+    public function nonNegativeDecimal(string $candidate, ?string &$error = null): bool
+    {
+        $value = parse_decimals($candidate);
+
+        return $value !== false && $value >= 0;
+    }
 }

app/Controllers/Attributes.php

@@ -106,12 +106,24 @@ class Attributes extends Secure_Controller
             $definition_flags |= $flag;
         }
 
+        // Validate definition_group (definition_fk) foreign key
+        $definition_group_input = $this->request->getPost('definition_group');
+        $definition_fk = $this->validateDefinitionGroup($definition_group_input);
+
+        if ($definition_fk === false) {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Attributes.definition_invalid_group'),
+                'id'      => NEW_ENTRY
+            ]);
+        }
+
         // Save definition data
         $definition_data = [
             'definition_name'  => $this->request->getPost('definition_name'),
             'definition_unit'  => $this->request->getPost('definition_unit') != '' ? $this->request->getPost('definition_unit') : null,
             'definition_flags' => $definition_flags,
-            'definition_fk'    => $this->request->getPost('definition_group') != '' ? $this->request->getPost('definition_group') : null
+            'definition_fk'    => $definition_fk
         ];
 
         if ($this->request->getPost('definition_type') != null) {
@@ -150,6 +162,32 @@ class Attributes extends Secure_Controller
         }
     }
 
+    /**
+     * Validates a definition_group foreign key.
+     * Returns the validated integer ID, null if empty, or false if invalid.
+     *
+     * @param mixed $definition_group_input
+     * @return int|null|false
+     */
+    private function validateDefinitionGroup(mixed $definition_group_input): int|null|false
+    {
+        if ($definition_group_input === '' || $definition_group_input === null) {
+            return null;
+        }
+
+        $definition_group_id = (int) $definition_group_input;
+
+        // Must be a positive integer, exist in attribute_definitions, and be of type GROUP
+        if ($definition_group_id <= 0
+            || !$this->attribute->exists($definition_group_id)
+            || $this->attribute->getAttributeInfo($definition_group_id)->definition_type !== GROUP
+        ) {
+            return false;
+        }
+
+        return $definition_group_id;
+    }
+
     /**
      *
      * @param int $definition_id

app/Controllers/Cashups.php

@@ -36,6 +36,9 @@ class Cashups extends Secure_Controller
         // filters that will be loaded in the multiselect dropdown
         $data['filters'] = ['is_deleted' => lang('Cashups.is_deleted')];
 
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
+
         return view('cashups/manage', $data);
     }
 

app/Controllers/Config.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Libraries\Barcode_lib;
+use App\Libraries\Image_lib;
 use App\Libraries\Mailchimp_lib;
 use App\Libraries\Receiving_lib;
 use App\Libraries\Sale_lib;
@@ -11,6 +12,7 @@ use App\Models\Appconfig;
 use App\Models\Attribute;
 use App\Models\Customer_rewards;
 use App\Models\Dinner_table;
+use App\Models\Item;
 use App\Models\Module;
 use App\Models\Enums\Rounding_mode;
 use App\Models\Stock_location;
@@ -249,6 +251,10 @@ class Config extends Secure_Controller
         $data['image_allowed_types'] = array_combine($image_allowed_types, $image_allowed_types);
         $data['selected_image_allowed_types'] = explode(',', $this->config['image_allowed_types']);
 
+        $exif_fields = ['Make', 'Model', 'Orientation', 'Copyright', 'Software', 'DateTime', 'GPS'];
+        $data['exif_fields'] = array_combine($exif_fields, $exif_fields);
+        $data['selected_exif_fields'] = array_filter(explode(',', $this->config['exif_fields_to_keep'] ?? ''));
+
         // Integrations Related fields
         $data['mailchimp']    = [];
 
@@ -354,6 +360,15 @@ class Config extends Secure_Controller
 
         $file->move(FCPATH . 'uploads/', $file_info['raw_name'] . '.' . $file_info['file_ext'], true);
 
+        $exif_fields_to_keep = array_filter(explode(',', $this->appconfig->get_value('exif_fields_to_keep', 'Copyright,Orientation,Software')));
+        if (!empty($exif_fields_to_keep)) {
+            $image_lib = new Image_lib();
+            $filepath = FCPATH . 'uploads/' . $file_info['raw_name'] . '.' . $file_info['file_ext'];
+            if (!$image_lib->stripEXIF($filepath, $exif_fields_to_keep)) {
+                log_message('warning', 'EXIF stripping failed for: ' . $filepath);
+            }
+        }
+
         return ($file_info);
     }
 
@@ -381,13 +396,14 @@ class Config extends Secure_Controller
             'image_max_width'                   => $this->request->getPost('image_max_width', FILTER_SANITIZE_NUMBER_INT),
             'image_max_height'                  => $this->request->getPost('image_max_height', FILTER_SANITIZE_NUMBER_INT),
             'image_max_size'                    => $this->request->getPost('image_max_size', FILTER_SANITIZE_NUMBER_INT),
-            'image_allowed_types'               => implode(',', $this->request->getPost('image_allowed_types')),
+            'image_allowed_types'               => implode(',', $this->request->getPost('image_allowed_types') ?? []),
+            'exif_fields_to_keep'               => implode(',', $this->request->getPost('exif_fields_to_keep') ?? []),
             'gcaptcha_enable'                   => $this->request->getPost('gcaptcha_enable') != null,
             'gcaptcha_secret_key'               => $this->request->getPost('gcaptcha_secret_key'),
             'gcaptcha_site_key'                 => $this->request->getPost('gcaptcha_site_key'),
-            'suggestions_first_column'          => $this->request->getPost('suggestions_first_column'),
-            'suggestions_second_column'         => $this->request->getPost('suggestions_second_column'),
-            'suggestions_third_column'          => $this->request->getPost('suggestions_third_column'),
+            'suggestions_first_column'          => $this->validateSuggestionsColumn($this->request->getPost('suggestions_first_column'), 'first'),
+            'suggestions_second_column'         => $this->validateSuggestionsColumn($this->request->getPost('suggestions_second_column'), 'other'),
+            'suggestions_third_column'          => $this->validateSuggestionsColumn($this->request->getPost('suggestions_third_column'), 'other'),
             'giftcard_number'                   => $this->request->getPost('giftcard_number'),
             'derive_sale_quantity'              => $this->request->getPost('derive_sale_quantity') != null,
             'multi_pack_enabled'                => $this->request->getPost('multi_pack_enabled') != null,
@@ -461,8 +477,9 @@ class Config extends Secure_Controller
     public function postSaveLocale(): ResponseInterface
     {
         $exploded = explode(":", $this->request->getPost('language'));
+        $currency_symbol = $this->request->getPost('currency_symbol');
         $batch_save_data = [
-            'currency_symbol'       => $this->request->getPost('currency_symbol'),
+            'currency_symbol'       => htmlspecialchars($currency_symbol ?? ''),
             'currency_code'         => $this->request->getPost('currency_code'),
             'language_code'         => $exploded[0],
             'language'              => $exploded[1],
@@ -502,9 +519,24 @@ class Config extends Secure_Controller
             $password = $this->encrypter->encrypt($this->request->getPost('smtp_pass'));
         }
 
+        $protocol = $this->request->getPost('protocol');
+        $mailpath = $this->request->getPost('mailpath');
+
+        // Validate mailpath: required for sendmail, optional for others but must be safe if provided
+        $isMailpathRequired = ($protocol === 'sendmail');
+        $isMailpathProvided = !empty($mailpath);
+        $isMailpathValid = $isMailpathProvided && preg_match('/^[a-zA-Z0-9_\-\/.]+$/', $mailpath);
+
+        if (($isMailpathRequired && !$isMailpathProvided) || ($isMailpathProvided && !$isMailpathValid)) {
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => lang('Config.mailpath_invalid')
+            ]);
+        }
+
         $batch_save_data = [
-            'protocol'     => $this->request->getPost('protocol'),
-            'mailpath'     => $this->request->getPost('mailpath'),
+            'protocol'     => $protocol,
+            'mailpath'     => $mailpath,
             'smtp_host'    => $this->request->getPost('smtp_host'),
             'smtp_user'    => $this->request->getPost('smtp_user'),
             'smtp_pass'    => $password,
@@ -975,4 +1007,26 @@ class Config extends Secure_Controller
 
         return $this->response->setJSON(['success' => $success]);
     }
+
+    /**
+     * Validates suggestions column configuration to prevent SQL injection.
+     *
+     * @param mixed $column The column value from POST
+     * @param string $fieldType Either 'first' or 'other' to determine default fallback
+     * @return string Validated column name
+     */
+    private function validateSuggestionsColumn(mixed $column, string $fieldType): string
+    {
+        if (!is_string($column)) {
+            return $fieldType === 'first' ? 'name' : '';
+        }
+
+        $allowed = $fieldType === 'first' 
+            ? Item::ALLOWED_SUGGESTIONS_COLUMNS 
+            : Item::ALLOWED_SUGGESTIONS_COLUMNS_WITH_EMPTY;
+
+        $fallback = $fieldType === 'first' ? 'name' : '';
+
+        return in_array($column, $allowed, true) ? $column : $fallback;
+    }
 }

app/Controllers/Employees.php

@@ -78,7 +78,7 @@ class Employees extends Persons
         $person_info = $this->employee->get_info($employee_id);
         $current_user = $this->employee->get_logged_in_employee_info();
 
-        if ($employee_id != NEW_ENTRY && !$this->employee->can_modify_employee($person_info->person_id, $current_user->person_id)) {
+        if ($employee_id != NEW_ENTRY && !$this->employee->canModifyEmployee($person_info->person_id, $current_user->person_id)) {
             header('Location: ' . base_url('no_access/employees/employees'));
             exit();
         }
@@ -120,7 +120,7 @@ class Employees extends Persons
 
         if ($employee_id != NEW_ENTRY) {
             $target_employee = $this->employee->get_info($employee_id);
-            if (!$this->employee->can_modify_employee($target_employee->person_id, $current_user->person_id)) {
+            if (!$this->employee->canModifyEmployee($target_employee->person_id, $current_user->person_id)) {
                 return $this->response->setJSON([
                     'success' => false,
                     'message' => lang('Employees.error_updating_admin'),
@@ -153,14 +153,14 @@ class Employees extends Persons
         ];
 
         $grants_array = [];
-        $is_admin = $this->employee->is_admin($current_user->person_id);
+        $isAdmin = $this->employee->isAdmin($current_user->person_id);
 
         foreach ($this->module->get_all_permissions()->getResult() as $permission) {
             $grants = [];
             $grant = $this->request->getPost('grant_' . $permission->permission_id) != null ? $this->request->getPost('grant_' . $permission->permission_id, FILTER_SANITIZE_FULL_SPECIAL_CHARS) : '';
 
             if ($grant == $permission->permission_id) {
-                if (!$is_admin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
+                if (!$isAdmin && !$this->employee->has_grant($permission->permission_id, $current_user->person_id)) {
                     continue;
                 }
                 $grants['permission_id'] = $permission->permission_id;
@@ -226,9 +226,9 @@ class Employees extends Persons
         $employees_to_delete = $this->request->getPost('ids', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         $current_user = $this->employee->get_logged_in_employee_info();
 
-        if (!$this->employee->is_admin($current_user->person_id)) {
+        if (!$this->employee->isAdmin($current_user->person_id)) {
             foreach ($employees_to_delete as $emp_id) {
-                if ($this->employee->is_admin((int)$emp_id)) {
+                if ($this->employee->isAdmin((int)$emp_id)) {
                     return $this->response->setJSON(['success' => false, 'message' => lang('Employees.error_deleting_admin')]);
                 }
             }

app/Controllers/Expenses.php

@@ -38,6 +38,9 @@ class Expenses extends Secure_Controller
             'is_deleted'  => lang('Expenses.is_deleted')
         ];
 
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
+
         return view('expenses/manage', $data);
     }
 
@@ -90,16 +93,23 @@ class Expenses extends Secure_Controller
     {
         $data = [];    // TODO: Duplicated code
 
-        $data['employees'] = [];
-        foreach ($this->employee->get_all()->getResult() as $employee) {
-            foreach (get_object_vars($employee) as $property => $value) {
-                $employee->$property = $value;
-            }
-
-            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
-        }
-
         $data['expenses_info'] = $this->expense->get_info($expense_id);
+        $expense_id = $data['expenses_info']->expense_id;
+
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
+
+        $data['employees'] = [];
+        if ($can_assign_employee) {
+            foreach ($this->employee->get_all()->getResult() as $employee) {
+                $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+            }
+        } else {
+            $stored_employee_id = $expense_id == NEW_ENTRY ? $current_employee_id : $data['expenses_info']->employee_id;
+            $stored_employee = $this->employee->get_info($stored_employee_id);
+            $data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
+        }
+        $data['can_assign_employee'] = $can_assign_employee;
 
         $expense_categories = [];
         foreach ($this->expense_category->get_all(0, 0, true)->getResultArray() as $row) {
@@ -107,11 +117,9 @@ class Expenses extends Secure_Controller
         }
         $data['expense_categories'] = $expense_categories;
 
-        $expense_id = $data['expenses_info']->expense_id;
-
         if ($expense_id == NEW_ENTRY) {
             $data['expenses_info']->date = date('Y-m-d H:i:s');
-            $data['expenses_info']->employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+            $data['expenses_info']->employee_id = $current_employee_id;
         }
 
         $data['payments'] = [];
@@ -152,6 +160,20 @@ class Expenses extends Secure_Controller
 
         $date_formatter = date_create_from_format($config['dateformat'] . ' ' . $config['timeformat'], $newdate);
 
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
+
+        if (!$this->employee->has_grant('employees', $current_employee_id)) {
+            if ($expense_id == NEW_ENTRY) {
+                $employee_id = $current_employee_id;
+            } else {
+                $existing_expense = $this->expense->get_info($expense_id);
+                $employee_id = $existing_expense->employee_id;
+            }
+        } else {
+            $employee_id = $submitted_employee_id;
+        }
+
         $expense_data = [
             'date'                => $date_formatter->format('Y-m-d H:i:s'),
             'supplier_id'         => $this->request->getPost('supplier_id') == '' ? null : $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT),
@@ -161,7 +183,7 @@ class Expenses extends Secure_Controller
             'payment_type'        => $this->request->getPost('payment_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
             'expense_category_id' => $this->request->getPost('expense_category_id', FILTER_SANITIZE_NUMBER_INT),
             'description'         => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
-            'employee_id'         => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'employee_id'         => $employee_id,
             'deleted'             => $this->request->getPost('deleted') != null
         ];
 

app/Controllers/Home.php

@@ -2,6 +2,7 @@
 
 namespace App\Controllers;
 
+use App\Libraries\MY_Migration;
 use CodeIgniter\HTTP\RedirectResponse;
 use CodeIgniter\HTTP\ResponseInterface;
 
@@ -36,12 +37,21 @@ class Home extends Secure_Controller
     /**
      * Load "change employee password" form
      *
-     * @return string
+     * @return ResponseInterface|string
      * @noinspection PhpUnused
      */
-    public function getChangePassword(int $employee_id = -1): string    // TODO: Replace -1 with a constant
+    public function getChangePassword(int $employeeId = NEW_ENTRY)
     {
-        $person_info = $this->employee->get_info($employee_id);
+        $loggedInEmployee = $this->employee->get_logged_in_employee_info();
+        $currentPersonId = $loggedInEmployee->person_id;
+
+        $employeeId = $employeeId === NEW_ENTRY ? $currentPersonId : $employeeId;
+
+        if (!$this->employee->isAdmin($currentPersonId) && $employeeId !== $currentPersonId) {
+            return $this->response->setStatusCode(403)->setBody(lang('Employees.unauthorized_modify'));
+        }
+
+        $person_info = $this->employee->get_info($employeeId);
         foreach (get_object_vars($person_info) as $property => $value) {
             $person_info->$property = $value;
         }
@@ -55,52 +65,63 @@ class Home extends Secure_Controller
      *
      * @return ResponseInterface
      */
-    public function postSave(int $employee_id = -1): ResponseInterface    // TODO: Replace -1 with a constant
+    public function postSave(int $employeeId = NEW_ENTRY): ResponseInterface
     {
-        if (!empty($this->request->getPost('current_password')) && $employee_id != -1) {
+        $currentUser = $this->employee->get_logged_in_employee_info();
+
+        $employeeId = $employeeId === NEW_ENTRY ? $currentUser->person_id : $employeeId;
+
+        if (!$this->employee->isAdmin($currentUser->person_id) && $employeeId !== $currentUser->person_id) {
+            return $this->response->setStatusCode(403)->setJSON([
+                'success' => false,
+                'message' => lang('Employees.unauthorized_modify')
+            ]);
+        }
+
+        if (!empty($this->request->getPost('current_password')) && $employeeId != NEW_ENTRY) {
             if ($this->employee->check_password($this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS), $this->request->getPost('current_password'))) {
                 // Validate password length BEFORE hashing
                 $new_password = $this->request->getPost('password');
-                
+
                 if (strlen($new_password) < 8) {
                     return $this->response->setJSON([
                         'success' => false,
                         'message' => lang('Employees.password_minlength'),
-                        'id'      => -1
+                        'id'      => NEW_ENTRY
                     ]);
                 }
-                
+
                 $employee_data = [
                     'username'     => $this->request->getPost('username', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
                     'password'     => password_hash($new_password, PASSWORD_DEFAULT),
                     'hash_version' => 2
                 ];
 
-                if ($this->employee->change_password($employee_data, $employee_id)) {
+                if ($this->employee->change_password($employee_data, $employeeId)) {
                     return $this->response->setJSON([
                         'success' => true,
                         'message' => lang('Employees.successful_change_password'),
-                        'id'      => $employee_id
+                        'id'      => $employeeId
                     ]);
-                } else { // Failure    // TODO: Replace -1 with constant
+                } else {
                     return $this->response->setJSON([
                         'success' => false,
                         'message' => lang('Employees.unsuccessful_change_password'),
-                        'id'      => -1
+                        'id'      => NEW_ENTRY
                     ]);
                 }
-            } else {    // TODO: Replace -1 with constant
+            } else {
                 return $this->response->setJSON([
                     'success' => false,
                     'message' => lang('Employees.current_password_invalid'),
-                    'id'      => -1
+                    'id'      => NEW_ENTRY
                 ]);
             }
-        } else {    // TODO: Replace -1 with constant
+        } else {
             return $this->response->setJSON([
                 'success' => false,
                 'message' => lang('Employees.current_password_invalid'),
-                'id'      => -1
+                'id'      => NEW_ENTRY
             ]);
         }
     }

app/Controllers/Items.php

@@ -3,8 +3,10 @@
 namespace App\Controllers;
 
 use App\Libraries\Barcode_lib;
+use App\Libraries\Image_lib;
 use App\Libraries\Item_lib;
 
+use App\Models\Appconfig;
 use App\Models\Attribute;
 use App\Models\Inventory;
 use App\Models\Item;
@@ -39,6 +41,7 @@ class Items extends Secure_Controller
     private Stock_location $stock_location;
     private Supplier $supplier;
     private Tax_category $tax_category;
+    private Appconfig $appconfig;
     private array $config;
 
 
@@ -62,6 +65,7 @@ class Items extends Secure_Controller
         $this->stock_location = model(Stock_location::class);
         $this->supplier = model(Supplier::class);
         $this->tax_category = model(Tax_category::class);
+        $this->appconfig = model(Appconfig::class);
         $this->config = config(OSPOS::class)->settings;
     }
 
@@ -73,7 +77,12 @@ class Items extends Secure_Controller
         $this->session->set('allow_temp_items', 0);
 
         $data['table_headers'] = get_items_manage_table_headers();
-        $data['stock_location'] = $this->item_lib->get_item_location();
+        
+        // Restore stock_location from URL or session
+        $stockLocation = $this->request->getGet('stock_location', FILTER_SANITIZE_NUMBER_INT);
+        $data['stock_location'] = $stockLocation
+            ? $stockLocation
+            : $this->item_lib->get_item_location();
         $data['stock_locations'] = $this->stock_location->get_allowed_locations();
 
         // Filters that will be loaded in the multiselect dropdown
@@ -87,6 +96,9 @@ class Items extends Secure_Controller
             'temporary'      => lang('Items.temp')
         ];
 
+        // Restore filters from URL
+        $data = array_merge($data, restoreTableFilters($this->request));
+
         return view('items/manage', $data);
     }
 
@@ -96,7 +108,7 @@ class Items extends Secure_Controller
      **/
     public function getSearch(): ResponseInterface
     {
-        $search = $this->request->getGet('search');
+        $search = $this->request->getGet('search', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
         $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
         $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
         $sort = $this->sanitizeSortColumn(item_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id');
@@ -148,6 +160,7 @@ class Items extends Secure_Controller
     {
         helper('file');
 
+        $pic_filename = rawurldecode($pic_filename);
         $file_extension = pathinfo($pic_filename, PATHINFO_EXTENSION);
         $images = glob("./uploads/item_pics/$pic_filename");
         $base_path = './uploads/item_pics/' . pathinfo($pic_filename, PATHINFO_FILENAME);
@@ -377,7 +390,7 @@ class Items extends Secure_Controller
             } else {
                 $images = glob("./uploads/item_pics/$item_info->pic_filename");
             }
-            $data['image_path']    = sizeof($images) > 0 ? base_url($images[0]) : '';
+            $data['image_path']    = sizeof($images) > 0 ? base_url(implode('/', array_map('rawurlencode', explode('/', ltrim($images[0], './'))))) : '';
         } else {
             $data['image_path']    = '';
         }
@@ -617,7 +630,7 @@ class Items extends Secure_Controller
         // Save item data
         $item_data = [
             'name'                  => $this->request->getPost('name'),
-            'description'           => $this->request->getPost('description'),
+            'description'           => $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
             'category'              => $this->request->getPost('category'),
             'item_type'             => $item_type,
             'stock_type'            => $this->request->getPost('stock_type') === null ? HAS_STOCK : intval($this->request->getPost('stock_type')),
@@ -768,14 +781,27 @@ class Items extends Secure_Controller
 
         $filename = $file->getClientName();
         $info = pathinfo($filename);
+        
+        // Sanitize filename to remove problematic characters like spaces
+        $sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $info['filename']);
 
         $file_info = [
             'orig_name' => $filename,
-            'raw_name'  => $info['filename'],
+            'raw_name'  => $sanitized_name,
             'file_ext'  => $file->guessExtension()
         ];
 
         $file->move(FCPATH . 'uploads/item_pics/', $file_info['raw_name'] . '.' . $file_info['file_ext'], true);
+
+        $exif_fields_to_keep = array_filter(explode(',', $this->appconfig->get_value('exif_fields_to_keep', 'Copyright,Orientation,Software')));
+        if (!empty($exif_fields_to_keep)) {
+            $image_lib = new Image_lib();
+            $filepath = FCPATH . 'uploads/item_pics/' . $file_info['raw_name'] . '.' . $file_info['file_ext'];
+            if (!$image_lib->stripEXIF($filepath, $exif_fields_to_keep)) {
+                log_message('warning', 'EXIF stripping failed for: ' . $filepath);
+            }
+        }
+
         return ($file_info);
     }
 
@@ -872,12 +898,12 @@ class Items extends Secure_Controller
         $items_to_update = $this->request->getPost('item_ids');
         $item_data = [];
 
-        foreach ($_POST as $key => $value) {
-            // This field is nullable, so treat it differently
-            if ($key === 'supplier_id' && $value !== '') {
-                $item_data[$key] = $value;
-            } elseif ($value !== '' && !(in_array($key, ['item_ids', 'tax_names', 'tax_percents']))) {
-                $item_data[$key] = $value;
+        foreach (Item::ALLOWED_BULK_EDIT_FIELDS as $field) {
+            $value = $this->request->getPost($field);
+            if ($field === 'supplier_id' && $value !== '') {
+                $item_data[$field] = $value;
+            } elseif ($value !== null && $value !== '') {
+                $item_data[$field] = $value;
             }
         }
 

app/Controllers/Login.php

@@ -5,6 +5,7 @@ namespace App\Controllers;
 use App\Libraries\MY_Migration;
 use App\Models\Employee;
 use CodeIgniter\HTTP\RedirectResponse;
+use CodeIgniter\HTTP\ResponseInterface;
 use CodeIgniter\Model;
 use Config\OSPOS;
 use Config\Services;
@@ -36,6 +37,7 @@ class Login extends BaseController
 
             $data = [
                 'has_errors'       => false,
+                'is_new_install'   => !(MY_Migration::get_current_version()),
                 'is_latest'        => $migration->is_latest(),
                 'latest_version'   => $migration->get_latest_migration(),
                 'gcaptcha_enabled' => $gcaptcha_enabled,
@@ -71,4 +73,28 @@ class Login extends BaseController
 
         return redirect()->to('home');
     }
+
+    public function migrate(): ResponseInterface
+    {
+        try {
+            $migration = new MY_Migration(config('Migrations'));
+            $migration->migrate_to_ci4();
+            
+            set_time_limit(3600);
+            $migration->setNamespace('App')->latest();
+            
+            return $this->response->setJSON([
+                'success' => true,
+                'message' => 'Migration completed successfully'
+            ]);
+            
+        } catch (\Exception $e) {
+            log_message('error', 'Migration failed: ' . $e->getMessage());
+            
+            return $this->response->setJSON([
+                'success' => false,
+                'message' => 'Migration failed: ' . $e->getMessage()
+            ])->setStatusCode(500);
+        }
+    }
 }

app/Controllers/Receivings.php

@@ -241,15 +241,26 @@ class Receivings extends Secure_Controller
             $data['suppliers'][$supplier->person_id] = $supplier->first_name . ' ' . $supplier->last_name;
         }
 
+        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
+        
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $can_assign_employee = $this->employee->has_grant('employees', $current_employee_id);
+
         $data['employees'] = [];
-        foreach ($this->employee->get_all()->getResult() as $employee) {
-            $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+        if ($can_assign_employee) {
+            foreach ($this->employee->get_all()->getResult() as $employee) {
+                $data['employees'][$employee->person_id] = $employee->first_name . ' ' . $employee->last_name;
+            }
+        } else {
+            $stored_employee_id = $receiving_info['employee_id'];
+            $stored_employee = $this->employee->get_info($stored_employee_id);
+            $data['employees'][$stored_employee_id] = $stored_employee->first_name . ' ' . $stored_employee->last_name;
         }
 
-        $receiving_info = $this->receiving->get_info($receiving_id)->getRowArray();
         $data['selected_supplier_name'] = !empty($receiving_info['supplier_id']) ? $receiving_info['company_name'] : '';
         $data['selected_supplier_id'] = $receiving_info['supplier_id'];
         $data['receiving_info'] = $receiving_info;
+        $data['can_assign_employee'] = $can_assign_employee;
 
         return view('receivings/form', $data);
     }
@@ -491,10 +502,20 @@ class Receivings extends Secure_Controller
         $date_formatter = date_create_from_format($this->config['dateformat'] . ' ' . $this->config['timeformat'], $newdate);
         $receiving_time = $date_formatter->format('Y-m-d H:i:s');
 
+        $current_employee_id = $this->employee->get_logged_in_employee_info()->person_id;
+        $submitted_employee_id = $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT);
+
+        if (!$this->employee->has_grant('employees', $current_employee_id)) {
+            $existing_receiving = $this->receiving->get_info($receiving_id)->getRowArray();
+            $employee_id = $existing_receiving['employee_id'];
+        } else {
+            $employee_id = $submitted_employee_id;
+        }
+
         $receiving_data = [
             'receiving_time' => $receiving_time,
             'supplier_id'    => $this->request->getPost('supplier_id') ? $this->request->getPost('supplier_id', FILTER_SANITIZE_NUMBER_INT) : null,
-            'employee_id'    => $this->request->getPost('employee_id', FILTER_SANITIZE_NUMBER_INT),
+            'employee_id'    => $employee_id,
             'comment'        => $this->request->getPost('comment', FILTER_SANITIZE_FULL_SPECIAL_CHARS),
             'reference'      => $this->request->getPost('reference') != '' ? $this->request->getPost('reference', FILTER_SANITIZE_FULL_SPECIAL_CHARS) : null
         ];

app/Controllers/Reports.php

@@ -1776,7 +1776,7 @@ class Reports extends Secure_Controller
     {
         $this->clearCache();
 
-        $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES);
+        $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_SALES, true);
 
         $inputs = [
             'start_date'     => $start_date,
@@ -1789,7 +1789,12 @@ class Reports extends Secure_Controller
         $this->detailed_sales->create($inputs);
 
         $columns = $this->detailed_sales->getDataColumns();
-        $columns['details'] = array_merge($columns['details'], $definition_names);
+        // Extract just names for column headers
+        $definitionHeaders = [];
+        foreach ($definition_names as $definition_id => $definitionInfo) {
+            $definitionHeaders[$definition_id] = $definitionInfo['name'];
+        }
+        $columns['details'] = array_merge($columns['details'], $definitionHeaders);
 
         $headers = $columns;
 
@@ -1930,14 +1935,19 @@ class Reports extends Secure_Controller
     {
         $this->clearCache();
 
-        $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS);
+        $definition_names = $this->attribute->get_definitions_by_flags(attribute::SHOW_IN_RECEIVINGS, true);
 
         $inputs = ['start_date' => $start_date, 'end_date' => $end_date, 'receiving_type' => $receiving_type, 'location_id' => $location_id, 'definition_ids' => array_keys($definition_names)];
 
         $this->detailed_receivings->create($inputs);
 
         $columns = $this->detailed_receivings->getDataColumns();
-        $columns['details'] = array_merge($columns['details'], $definition_names);
+        // Extract just names for column headers
+        $definitionHeaders = [];
+        foreach ($definition_names as $definition_id => $definitionInfo) {
+            $definitionHeaders[$definition_id] = $definitionInfo['name'];
+        }
+        $columns['details'] = array_merge($columns['details'], $definitionHeaders);
 
         $headers = $columns;
         $report_data = $this->detailed_receivings->getData($inputs);

app/Controllers/Sales.php

@@ -75,15 +75,15 @@ class Sales extends Secure_Controller
     /**
      * Load the sale edit modal. Used in app/Views/sales/register.php.
      *
-     * @return string
+     * @return ResponseInterface|string
      * @noinspection PhpUnused
      */
-    public function getManage(): string
+    public function getManage(): ResponseInterface|string
     {
-        $person_id = $this->session->get('person_id');
+        $personId = $this->session->get('person_id');
 
-        if (!$this->employee->has_grant('reports_sales', $person_id)) {
-            redirect('no_access/sales/reports_sales');
+        if (!$this->employee->has_grant('reports_sales', $personId)) {
+            return redirect()->to('no_access/sales/reports_sales');
         } else {
             $data['table_headers'] = get_sales_manage_table_headers();
 
@@ -92,18 +92,31 @@ class Sales extends Secure_Controller
                 'only_due'          => lang('Sales.due_filter'),
                 'only_check'        => lang('Sales.check_filter'),
                 'only_creditcard'   => lang('Sales.credit_filter'),
+                'only_debit'        => lang('Sales.debit'),
                 'only_invoices'     => lang('Sales.invoice_filter'),
                 'selected_customer' => lang('Sales.selected_customer')
             ];
 
             if ($this->sale_lib->get_customer() != -1) {
-                $selected_filters = ['selected_customer'];
+                $selectedFilters = ['selected_customer'];
                 $data['customer_selected'] = true;
             } else {
                 $data['customer_selected'] = false;
-                $selected_filters = [];
+                $selectedFilters = [];
             }
-            $data['selected_filters'] = $selected_filters;
+
+            // Restore filters from URL query string
+            $filters = restoreTableFilters($this->request);
+            if (!empty($filters['selected_filters'])) {
+                $selectedFilters = array_merge($selectedFilters, $filters['selected_filters']);
+            }
+            if (isset($filters['start_date'])) {
+                $data['start_date'] = $filters['start_date'];
+            }
+            if (isset($filters['end_date'])) {
+                $data['end_date'] = $filters['end_date'];
+            }
+            $data['selected_filters'] = $selectedFilters;
 
             return view('sales/manage', $data);
         }
@@ -142,6 +155,7 @@ class Sales extends Secure_Controller
             'only_check'        => false,
             'selected_customer' => false,
             'only_creditcard'   => false,
+            'only_debit'        => false,
             'only_invoices'     => $this->config['invoice_enable'] && $this->request->getGet('only_invoices', FILTER_SANITIZE_NUMBER_INT),
             'is_valid_receipt'  => $this->sale->is_valid_receipt($search)
         ];
@@ -568,12 +582,21 @@ class Sales extends Secure_Controller
         $data = [];
 
         $rules = [
-            'price'    => 'trim|required|decimal_locale',
+            'price'    => 'trim|required|decimal_locale|nonNegativeDecimal',
             'quantity' => 'trim|required|decimal_locale',
-            'discount' => 'trim|permit_empty|decimal_locale',
+            'discount' => 'trim|permit_empty|decimal_locale|nonNegativeDecimal',
         ];
 
-        if ($this->validate($rules)) {
+        $messages = [
+            'price' => [
+                'nonNegativeDecimal' => lang('Sales.negative_price_invalid'),
+            ],
+            'discount' => [
+                'nonNegativeDecimal' => lang('Sales.negative_discount_invalid'),
+            ],
+        ];
+
+        if ($this->validate($rules, $messages)) {
             $description = $this->request->getPost('description', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
             $serialnumber = $this->request->getPost('serialnumber', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
             $price = parse_decimals($this->request->getPost('price'));
@@ -582,20 +605,38 @@ class Sales extends Secure_Controller
             $discount = $discount_type
                 ? parse_quantity($this->request->getPost('discount'))
                 : parse_decimals($this->request->getPost('discount'));
+            $discount = $discount ?: 0;
+
+            // Return mode legitimately uses negative quantities for refunds
+            if ($this->sale_lib->get_mode() != 'return' && $quantity < 0) {
+                $data['error'] = lang('Sales.negative_quantity_invalid');
+                return $this->_reload($data);
+            }
+
+            // Business logic: discount bounds depend on discount_type and item values
+            if ($discount_type == PERCENT && $discount > 100) {
+                $data['error'] = lang('Sales.discount_percent_exceeds_100');
+                return $this->_reload($data);
+            }
+
+            if ($discount_type == FIXED && bccomp((string)$discount, bcmul((string)abs($quantity), (string)$price, 2), 2) > 0) {
+                $data['error'] = lang('Sales.discount_exceeds_item_total');
+                return $this->_reload($data);
+            }
 
             $item_location = $this->request->getPost('location', FILTER_SANITIZE_NUMBER_INT);
             $discounted_total = $this->request->getPost('discounted_total') != ''
                 ? parse_decimals($this->request->getPost('discounted_total') ?? '')
                 : null;
 
-
             $this->sale_lib->edit_item($line, $description, $serialnumber, $quantity, $discount, $discount_type, $price, $discounted_total);
 
             $this->sale_lib->empty_payments();
 
             $data['warning'] = $this->sale_lib->out_of_stock($this->sale_lib->get_item_id($line), $item_location);
         } else {
-            $data['error'] = lang('Sales.error_editing_item');
+            $errors = $this->validator->getErrors();
+            $data['error'] = $errors ? reset($errors) : lang('Sales.error_editing_item');
         }
 
         return $this->_reload($data);
@@ -709,6 +750,12 @@ class Sales extends Secure_Controller
         $data['cash_amount_due'] = $totals['cash_amount_due'];
         $data['non_cash_amount_due'] = $totals['amount_due'];
 
+        // Prevent negative total sales (fraud/theft vector) - returns can have negative totals for legitimate refunds
+        if ($this->sale_lib->get_mode() != 'return' && bccomp($totals['total'], '0') < 0) {
+            $data['error'] = lang('Sales.negative_total_invalid');
+            return $this->_reload($data);
+        }
+
         if ($data['cash_mode']) {    // TODO: Convert this to ternary notation
             $data['amount_due'] = $totals['cash_amount_due'];
         } else {
@@ -772,8 +819,8 @@ class Sales extends Secure_Controller
                     $data['error_message'] = lang('Sales.transaction_failed');
                 } else {
                     $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
-                    return view('sales/' . $invoice_view, $data);
                     $this->sale_lib->clear_all();
+                    return view('sales/' . $invoice_view, $data);
                 }
             }
         } elseif ($this->sale_lib->is_work_order_mode()) {
@@ -806,9 +853,8 @@ class Sales extends Secure_Controller
 
                 $data['barcode'] = null;
 
-                return view('sales/work_order', $data);
-                $this->sale_lib->clear_mode();
                 $this->sale_lib->clear_all();
+                return view('sales/work_order', $data);
             }
         } elseif ($this->sale_lib->is_quote_mode()) {
             $data['sales_quote'] = lang('Sales.quote');
@@ -834,9 +880,8 @@ class Sales extends Secure_Controller
                 $data['cart'] = $this->sale_lib->sort_and_filter_cart($data['cart']);
                 $data['barcode'] = null;
 
-                return view('sales/quote', $data);
-                $this->sale_lib->clear_mode();
                 $this->sale_lib->clear_all();
+                return view('sales/quote', $data);
             }
         } else {
             // Save the data to the sales table
@@ -857,8 +902,8 @@ class Sales extends Secure_Controller
                 $data['error_message'] = lang('Sales.transaction_failed');
             } else {
                 $data['barcode'] = $this->barcode_lib->generate_receipt_barcode($data['sale_id']);
-                return view('sales/receipt', $data);
                 $this->sale_lib->clear_all();
+                return view('sales/receipt', $data);
             }
         }
     }

app/Controllers/Tax_categories.php

@@ -40,7 +40,7 @@ class Tax_categories extends Secure_Controller
         $search = $this->request->getGet('search');
         $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
         $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_categories_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_category_id');
         $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
         $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order);

app/Controllers/Tax_codes.php

@@ -50,7 +50,7 @@ class Tax_codes extends Secure_Controller
         $search = $this->request->getGet('search');
         $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
         $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_code_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_code');
         $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
         $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order);

app/Controllers/Tax_jurisdictions.php

@@ -43,7 +43,7 @@ class Tax_jurisdictions extends Secure_Controller
         $search = $this->request->getGet('search');
         $limit  = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
         $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort   = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort   = $this->sanitizeSortColumn(get_tax_jurisdictions_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'jurisdiction_id');
         $order  = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
         $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order);

app/Controllers/Taxes.php

@@ -81,7 +81,7 @@ class Taxes extends Secure_Controller
         $search = $this->request->getGet('search');
         $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT);
         $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT);
-        $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+        $sort = $this->sanitizeSortColumn(get_tax_rates_manage_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_rate_id');
         $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
 
         $tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);

app/Database/Migrations/20170501000000_initial_schema.php

@@ -0,0 +1,60 @@
+<?php
+
+namespace App\Database\Migrations;
+
+use CodeIgniter\Database\Migration;
+
+class Migration_Initial_Schema extends Migration
+{
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Perform a migration step.
+     * Only runs on fresh installs - skips if database already has tables.
+     *
+     * For testing: CI4's DatabaseTestTrait with $refresh=true handles table
+     * cleanup/creation automatically. This migration only loads initial schema
+     * on fresh databases where no application tables exist.
+     */
+    public function up(): void
+    {
+        // Check if core application tables exist (existing install)
+        // Note: migrations table may exist even on fresh DB due to migration tracking
+        $tables = $this->db->listTables();
+        
+        // Check for a core application table, not just migrations table
+        foreach ($tables as $table) {
+            // Strip prefix if present for comparison
+            $tableName = str_replace($this->db->getPrefix(), '', $table);
+            if (in_array($tableName, ['app_config', 'items', 'employees', 'people'])) {
+                // Database already populated - skip initial schema
+                // This is an existing installation upgrading from older version
+                return;
+            }
+        }
+        
+        // Fresh install - load initial schema
+        helper('migration');
+        execute_script(APPPATH . 'Database/Migrations/sqlscripts/initial_schema.sql');
+    }
+
+    /**
+     * Revert a migration step.
+     * Cannot revert initial schema - would lose all data.
+     */
+    public function down(): void
+    {
+        // Cannot safely revert initial schema
+        // Would require dropping all tables which would lose all data
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 0');
+        
+        foreach ($this->db->listTables() as $table) {
+            $this->db->query('DROP TABLE IF EXISTS `' . $table . '`');
+        }
+        
+        $this->db->query('SET FOREIGN_KEY_CHECKS = 1');
+    }
+}

app/Database/Migrations/20250521000000_FixImageFilenameSpaces.php

@@ -0,0 +1,65 @@
+<?php
+
+namespace App\Database\Migrations;
+
+use CodeIgniter\Database\Migration;
+
+/**
+ * Migration to sanitize existing image filenames by replacing spaces with underscores
+ * This fixes issue #4372 where thumbnails failed to load for images with spaces in filenames
+ */
+class FixImageFilenameSpaces extends Migration
+{
+    /**
+     * Perform a migration.
+     */
+    public function up(): void
+    {
+        $db = \Config\Database::connect();
+        $builder = $db->table('ospos_items');
+        
+        // Get all items with pic_filename containing spaces
+        $query = $builder->like('pic_filename', ' ', 'both')->get();
+        $items = $query->getResult();
+        
+        foreach ($items as $item) {
+            $old_filename = $item->pic_filename;
+            $ext = pathinfo($old_filename, PATHINFO_EXTENSION);
+            $base_name = pathinfo($old_filename, PATHINFO_FILENAME);
+            
+            // Sanitize the filename by replacing spaces and special characters
+            $sanitized_name = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', $base_name);
+            $new_filename = $sanitized_name . '.' . $ext;
+            
+            // Rename the file on the filesystem
+            $old_path = FCPATH . 'uploads/item_pics/' . $old_filename;
+            $new_path = FCPATH . 'uploads/item_pics/' . $new_filename;
+            
+            if (file_exists($old_path)) {
+                // Rename the original file
+                if (rename($old_path, $new_path)) {
+                    // Check if thumbnail exists and rename it too
+                    $old_thumb = FCPATH . 'uploads/item_pics/' . $base_name . '_thumb.' . $ext;
+                    $new_thumb = FCPATH . 'uploads/item_pics/' . $sanitized_name . '_thumb.' . $ext;
+                    if (file_exists($old_thumb)) {
+                        rename($old_thumb, $new_thumb);
+                    }
+                    
+                    // Update database record
+                    $builder->where('item_id', $item->item_id)
+                        ->update(['pic_filename' => $new_filename]);
+                }
+            }
+        }
+    }
+
+    /**
+     * Revert a migration.
+     * Note: This migration does not support rollback as the original filenames are lost
+     */
+    public function down(): void
+    {
+        // This migration cannot be safely reversed as the original filenames are lost
+        // after sanitization.
+    }
+}

app/Database/Migrations/20260306120000_MigrationEXIFStrippingOptions.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Database\Migrations;
+
+use CodeIgniter\Database\Migration;
+use Config\Database;
+
+class MigrationEXIFStrippingOptions extends Migration
+{
+    /**
+     * Perform a migration step.
+     */
+    public function up(): void
+    {
+        log_message('info', 'Migrating EXIF Stripping Options');
+
+        $db = Database::connect();
+
+        $configs = [
+            [
+                'key' => 'exif_fields_to_keep',
+                'value' => 'Copyright,Orientation,Software'
+            ]
+        ];
+
+        foreach ($configs as $config) {
+            $existing = $db->table('app_config')
+                ->where('key', $config['key'])
+                ->get()
+                ->getRow();
+
+            if ($existing === null) {
+                $db->table('app_config')->insert($config);
+            }
+        }
+    }
+
+    /**
+     * Revert a migration step.
+     */
+    public function down(): void
+    {
+        $db = Database::connect();
+
+        $db->table('app_config')
+            ->where('key', 'exif_fields_to_keep')
+            ->delete();
+    }
+}

app/Database/Migrations/sqlscripts/initial_schema.sql

@@ -730,3 +730,148 @@ CREATE TABLE `ospos_suppliers` (
 --
 -- Dumping data for table `ospos_suppliers`
 --
+--
+-- Constraints for dumped tables
+--
+
+--
+-- Constraints for table `ospos_customers`
+--
+ALTER TABLE `ospos_customers`
+    ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
+
+--
+-- Constraints for table `ospos_employees`
+--
+ALTER TABLE `ospos_employees`
+    ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
+
+--
+-- Constraints for table `ospos_inventory`
+--
+ALTER TABLE `ospos_inventory`
+    ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
+    ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
+    ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
+
+--
+-- Constraints for table `ospos_items`
+--
+ALTER TABLE `ospos_items`
+    ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
+
+--
+-- Constraints for table `ospos_items_taxes`
+--
+ALTER TABLE `ospos_items_taxes`
+    ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
+
+--
+-- Constraints for table `ospos_item_kit_items`
+--
+ALTER TABLE `ospos_item_kit_items`
+    ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
+    ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`)  ON DELETE CASCADE;
+
+--
+-- Constraints for table `ospos_permissions`
+--
+ALTER TABLE `ospos_permissions`
+    ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
+    ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
+
+--
+-- Constraints for table `ospos_grants`
+--
+ALTER TABLE `ospos_grants`
+    ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
+    ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
+
+--
+-- Constraints for table `ospos_receivings`
+--
+ALTER TABLE `ospos_receivings`
+    ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
+    ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
+
+--
+-- Constraints for table `ospos_receivings_items`
+--
+ALTER TABLE `ospos_receivings_items`
+    ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
+    ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
+
+--
+-- Constraints for table `ospos_sales`
+--
+ALTER TABLE `ospos_sales`
+    ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
+    ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
+
+--
+-- Constraints for table `ospos_sales_items`
+--
+ALTER TABLE `ospos_sales_items`
+    ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
+    ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
+    ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
+
+--
+-- Constraints for table `ospos_sales_items_taxes`
+--
+ALTER TABLE `ospos_sales_items_taxes`
+    ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
+    ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
+
+--
+-- Constraints for table `ospos_sales_payments`
+--
+ALTER TABLE `ospos_sales_payments`
+    ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
+
+--
+-- Constraints for table `ospos_sales_suspended`
+--
+ALTER TABLE `ospos_sales_suspended`
+    ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
+    ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
+
+--
+-- Constraints for table `ospos_sales_suspended_items`
+--
+ALTER TABLE `ospos_sales_suspended_items`
+    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
+    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
+    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
+
+--
+-- Constraints for table `ospos_sales_suspended_items_taxes`
+--
+ALTER TABLE `ospos_sales_suspended_items_taxes`
+    ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
+    ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
+
+--
+-- Constraints for table `ospos_sales_suspended_payments`
+--
+ALTER TABLE `ospos_sales_suspended_payments`
+    ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
+
+--
+-- Constraints for table `ospos_item_quantities`
+--
+ALTER TABLE `ospos_item_quantities`
+    ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
+    ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
+
+--
+-- Constraints for table `ospos_suppliers`
+--
+ALTER TABLE `ospos_suppliers`
+    ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
+
+--
+-- Constraints for table `ospos_giftcards`
+--
+ALTER TABLE `ospos_giftcards`
+    ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

app/Database/constraints.sql

@@ -1,145 +0,0 @@
---
--- Constraints for dumped tables
---
-
---
--- Constraints for table `ospos_customers`
---
-ALTER TABLE `ospos_customers`
-    ADD CONSTRAINT `ospos_customers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
-
---
--- Constraints for table `ospos_employees`
---
-ALTER TABLE `ospos_employees`
-    ADD CONSTRAINT `ospos_employees_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
-
---
--- Constraints for table `ospos_inventory`
---
-ALTER TABLE `ospos_inventory`
-    ADD CONSTRAINT `ospos_inventory_ibfk_1` FOREIGN KEY (`trans_items`) REFERENCES `ospos_items` (`item_id`),
-    ADD CONSTRAINT `ospos_inventory_ibfk_2` FOREIGN KEY (`trans_user`) REFERENCES `ospos_employees` (`person_id`),
-    ADD CONSTRAINT `ospos_inventory_ibfk_3` FOREIGN KEY (`trans_location`) REFERENCES `ospos_stock_locations` (`location_id`);
-
---
--- Constraints for table `ospos_items`
---
-ALTER TABLE `ospos_items`
-    ADD CONSTRAINT `ospos_items_ibfk_1` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
-
---
--- Constraints for table `ospos_items_taxes`
---
-ALTER TABLE `ospos_items_taxes`
-    ADD CONSTRAINT `ospos_items_taxes_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`) ON DELETE CASCADE;
-
---
--- Constraints for table `ospos_item_kit_items`
---
-ALTER TABLE `ospos_item_kit_items`
-    ADD CONSTRAINT `ospos_item_kit_items_ibfk_1` FOREIGN KEY (`item_kit_id`) REFERENCES `ospos_item_kits` (`item_kit_id`) ON DELETE CASCADE,
-    ADD CONSTRAINT `ospos_item_kit_items_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`)  ON DELETE CASCADE;
-
---
--- Constraints for table `ospos_permissions`
---
-ALTER TABLE `ospos_permissions`
-    ADD CONSTRAINT `ospos_permissions_ibfk_1` FOREIGN KEY (`module_id`) REFERENCES `ospos_modules` (`module_id`) ON DELETE CASCADE,
-    ADD CONSTRAINT `ospos_permissions_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`) ON DELETE CASCADE;
-
---
--- Constraints for table `ospos_grants`
---
-ALTER TABLE `ospos_grants`
-    ADD CONSTRAINT `ospos_grants_ibfk_1` foreign key (`permission_id`) references `ospos_permissions` (`permission_id`) ON DELETE CASCADE,
-    ADD CONSTRAINT `ospos_grants_ibfk_2` foreign key (`person_id`) references `ospos_employees` (`person_id`) ON DELETE CASCADE;
-
---
--- Constraints for table `ospos_receivings`
---
-ALTER TABLE `ospos_receivings`
-    ADD CONSTRAINT `ospos_receivings_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
-    ADD CONSTRAINT `ospos_receivings_ibfk_2` FOREIGN KEY (`supplier_id`) REFERENCES `ospos_suppliers` (`person_id`);
-
---
--- Constraints for table `ospos_receivings_items`
---
-ALTER TABLE `ospos_receivings_items`
-    ADD CONSTRAINT `ospos_receivings_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
-    ADD CONSTRAINT `ospos_receivings_items_ibfk_2` FOREIGN KEY (`receiving_id`) REFERENCES `ospos_receivings` (`receiving_id`);
-
---
--- Constraints for table `ospos_sales`
---
-ALTER TABLE `ospos_sales`
-    ADD CONSTRAINT `ospos_sales_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
-    ADD CONSTRAINT `ospos_sales_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
-
---
--- Constraints for table `ospos_sales_items`
---
-ALTER TABLE `ospos_sales_items`
-    ADD CONSTRAINT `ospos_sales_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
-    ADD CONSTRAINT `ospos_sales_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`),
-    ADD CONSTRAINT `ospos_sales_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
-
---
--- Constraints for table `ospos_sales_items_taxes`
---
-ALTER TABLE `ospos_sales_items_taxes`
-    ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_items` (`sale_id`,`item_id`,`line`),
-    ADD CONSTRAINT `ospos_sales_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
-
---
--- Constraints for table `ospos_sales_payments`
---
-ALTER TABLE `ospos_sales_payments`
-    ADD CONSTRAINT `ospos_sales_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales` (`sale_id`);
-
---
--- Constraints for table `ospos_sales_suspended`
---
-ALTER TABLE `ospos_sales_suspended`
-    ADD CONSTRAINT `ospos_sales_suspended_ibfk_1` FOREIGN KEY (`employee_id`) REFERENCES `ospos_employees` (`person_id`),
-    ADD CONSTRAINT `ospos_sales_suspended_ibfk_2` FOREIGN KEY (`customer_id`) REFERENCES `ospos_customers` (`person_id`);
-
---
--- Constraints for table `ospos_sales_suspended_items`
---
-ALTER TABLE `ospos_sales_suspended_items`
-    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
-    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_2` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`),
-    ADD CONSTRAINT `ospos_sales_suspended_items_ibfk_3` FOREIGN KEY (`item_location`) REFERENCES `ospos_stock_locations` (`location_id`);
-
---
--- Constraints for table `ospos_sales_suspended_items_taxes`
---
-ALTER TABLE `ospos_sales_suspended_items_taxes`
-    ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_1` FOREIGN KEY (`sale_id`,`item_id`,`line`) REFERENCES `ospos_sales_suspended_items` (`sale_id`,`item_id`,`line`),
-    ADD CONSTRAINT `ospos_sales_suspended_items_taxes_ibfk_2` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`);
-
---
--- Constraints for table `ospos_sales_suspended_payments`
---
-ALTER TABLE `ospos_sales_suspended_payments`
-    ADD CONSTRAINT `ospos_sales_suspended_payments_ibfk_1` FOREIGN KEY (`sale_id`) REFERENCES `ospos_sales_suspended` (`sale_id`);
-
---
--- Constraints for table `ospos_item_quantities`
---
-ALTER TABLE `ospos_item_quantities`
-    ADD CONSTRAINT `ospos_item_quantities_ibfk_1` FOREIGN KEY (`item_id`) REFERENCES `ospos_items` (`item_id`),
-    ADD CONSTRAINT `ospos_item_quantities_ibfk_2` FOREIGN KEY (`location_id`) REFERENCES `ospos_stock_locations` (`location_id`);
-
---
--- Constraints for table `ospos_suppliers`
---
-ALTER TABLE `ospos_suppliers`
-    ADD CONSTRAINT `ospos_suppliers_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);
-
---
--- Constraints for table `ospos_giftcards`
---
-ALTER TABLE `ospos_giftcards`
-    ADD CONSTRAINT `ospos_giftcards_ibfk_1` FOREIGN KEY (`person_id`) REFERENCES `ospos_people` (`person_id`);

app/Events/Load_config.php

@@ -4,6 +4,8 @@ namespace App\Events;
 
 use App\Libraries\MY_Migration;
 use App\Models\Appconfig;
+use CodeIgniter\Session\Handlers\DatabaseHandler;
+use CodeIgniter\Session\Handlers\FileHandler;
 use CodeIgniter\Session\Session;
 use Config\OSPOS;
 use Config\Services;
@@ -19,38 +21,47 @@ class Load_config
 {
     public Session $session;
 
-    /**
-     * Loads configuration from database into App CI config and then applies those settings
-     */
     public function load_config(): void
     {
-        // Migrations
         $migration_config = config('Migrations');
         $migration = new MY_Migration($migration_config);
 
         $this->session = session();
 
-        // Database Configuration
         $config = config(OSPOS::class);
 
         if (!$migration->is_latest()) {
             $this->session->destroy();
         }
 
-        // Language
-        $language_exists = file_exists('../app/Language/' . current_language_code());
-
-        if (current_language_code() == null || current_language() == null || !$language_exists) {    // TODO: current_language() is undefined
-            $config->settings['language'] = 'english';
-            $config->settings['language_code'] = 'en';
-        }
+        $this->setDefaultLanguage($config);
 
         $language = Services::language();
-        $language->setLocale($config->settings['language_code']);
+        $language->setLocale(current_language_code());
 
-        // Time Zone
         date_default_timezone_set($config->settings['timezone'] ?? ini_get('date.timezone'));
 
         bcscale(max(2, totals_decimals() + tax_decimals()));
     }
+
+    private function setDefaultLanguage(OSPOS $config): void
+    {
+        $languageCode = $config->settings['language_code'] ?? null;
+
+        if (empty($config->settings) || $languageCode === null) {
+            $config->settings['language'] = 'english';
+            $config->settings['language_code'] = 'en';
+            return;
+        }
+
+        if (!$this->languageExists($languageCode)) {
+            $config->settings['language'] = 'english';
+            $config->settings['language_code'] = 'en';
+        }
+    }
+
+    private function languageExists(string $languageCode): bool
+    {
+        return file_exists(APPPATH . 'Language/' . $languageCode);
+    }
 }

app/Helpers/locale_helper.php

@@ -22,9 +22,7 @@ function current_language_code(bool $load_system_language = false): string
         }
     }
 
-    $language_code = $config['language_code'];
-
-    return empty($language_code) ? DEFAULT_LANGUAGE_CODE : $language_code;
+    return $config->language_code ?? DEFAULT_LANGUAGE_CODE;
 }
 
 /**
@@ -45,9 +43,7 @@ function current_language(bool $load_system_language = false): string
         }
     }
 
-    $language = $config['language'];
-
-    return empty($language) ? DEFAULT_LANGUAGE : $language;
+    return $config->language ?? DEFAULT_LANGUAGE_CODE;
 }
 
 /**

app/Helpers/security_helper.php

@@ -11,56 +11,54 @@ function check_encryption(): bool
     $old_key = config('Encryption')->key;
 
     if ((empty($old_key)) || (strlen($old_key) < 64)) {
-        // Create Key
         $encryption = new Encryption();
         $key = bin2hex($encryption->createKey());
         config('Encryption')->key = $key;
 
-        // Write to .env
         $config_path = ROOTPATH . '.env';
-        $new_config_path = WRITEPATH . '/backup/.env';
         $backup_path = WRITEPATH . '/backup/.env.bak';
-
         $backup_folder = WRITEPATH . '/backup';
 
-        if (!file_exists($backup_folder) && !mkdir($backup_folder)) {
-            log_message('error', 'Could not create backup folder');
-            return false;
+        if (!file_exists($backup_folder)) {
+            @mkdir($backup_folder, 0750, true);
         }
 
-        if (!copy($config_path, $backup_path)) {
-            log_message('error', "Unable to copy $config_path to $backup_path");
+        if (!file_exists($config_path)) {
+            $example_path = ROOTPATH . '.env.example';
+            if (file_exists($example_path)) {
+                @copy($example_path, $config_path);
+            } else {
+                @file_put_contents($config_path, "# OSPOS Configuration\n\n");
+            }
+            @chmod($config_path, 0640);
         }
 
-        // Copy to backup
-        @chmod($config_path, 0660);
-        @chmod($backup_path, 0660);
+        if (file_exists($config_path)) {
+            @copy($config_path, $backup_path);
+            @chmod($backup_path, 0640);
+            @chmod($config_path, 0640);
 
-        $config_file = file_get_contents($config_path);
-        $config_file = preg_replace("/(encryption\.key.*=.*)('.*')/", "$1'$key'", $config_file);
+            $config_file = file_get_contents($config_path);
 
-        if (!empty($old_key)) {
-            $old_line = "# encryption.key = '$old_key' REMOVE IF UNNEEDED\r\n";
-            $insertion_point = stripos($config_file, 'encryption.key');
-            $config_file = substr_replace($config_file, $old_line, $insertion_point, 0);
+            if (strpos($config_file, 'encryption.key') !== false) {
+                $config_file = preg_replace("/(encryption\.key.*=.*)('.*')/", "$1'$key'", $config_file);
+            } else {
+                $config_file .= "\nencryption.key = '$key'\n";
+            }
+
+            if (!empty($old_key)) {
+                $old_line = "# encryption.key = '$old_key' REMOVE IF UNNEEDED\r\n";
+                $insertion_point = stripos($config_file, 'encryption.key');
+                if ($insertion_point !== false) {
+                    $config_file = substr_replace($config_file, $old_line, $insertion_point, 0);
+                }
+            }
+
+            @file_put_contents($config_path, $config_file);
+            @chmod($config_path, 0640);
+
+            log_message('info', "Updated encryption key in $config_path");
         }
-
-        $handle = @fopen($config_path, 'w+');
-
-        if (empty($handle)) {
-            log_message('error', "Unable to open $config_path for updating");
-            return false;
-        }
-
-        @chmod($config_path, 0660);
-        $write_failed = !fwrite($handle, $config_file);
-        fclose($handle);
-
-        if ($write_failed) {
-            log_message('error', "Unable to write to $config_path for updating.");
-            return false;
-        }
-        log_message('info', "File $config_path has been updated.");
     }
 
     return true;
@@ -74,23 +72,14 @@ function abort_encryption_conversion(): void
     $config_path = ROOTPATH . '.env';
     $backup_path = WRITEPATH . '/backup/.env.bak';
 
-    $config_file = file_get_contents($backup_path);
-
-    $handle = @fopen($config_path, 'w+');
-
-    if (empty($handle)) {
-        log_message('error', "Unable to open $config_path to undo encryption conversion");
-    } else {
-        @chmod($config_path, 0660);
-        $write_failed = !fwrite($handle, $config_file);
-        fclose($handle);
-
-        if ($write_failed) {
-            log_message('error', "Unable to write to $config_path to undo encryption conversion.");
-            return;
-        }
-        log_message('info', "File $config_path has been updated to undo encryption conversion");
+    if (!file_exists($backup_path)) {
+        return;
     }
+
+    @chmod($config_path, 0640);
+    $config_file = file_get_contents($backup_path);
+    @file_put_contents($config_path, $config_file);
+    log_message('info', "Restored $config_path from backup");
 }
 
 /**
@@ -99,13 +88,10 @@ function abort_encryption_conversion(): void
 function remove_backup(): void
 {
     $backup_path = WRITEPATH . '/backup/.env.bak';
-    if (! file_exists($backup_path)) {
+    if (!file_exists($backup_path)) {
         return;
     }
-    if (!unlink($backup_path)) {
-        log_message('error', "Unable to remove $backup_path.");
-        return;
-    }
-    log_message('info', "File $backup_path has been removed");
+    @unlink($backup_path);
+    log_message('info', "Removed $backup_path");
 }
 

app/Helpers/tabular_helper.php

@@ -48,7 +48,7 @@ function transform_headers(array $headers, bool $readonly = false, bool $editabl
             'field'      => key($element),
             'title'      => current($element),
             'switchable' => $element['switchable'] ?? !preg_match('(^$|&nbsp)', current($element)),
-            'escape'     => !preg_match("/(edit|email|messages|item_pic|customer_name|note)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
+            'escape'     => !preg_match("/(edit|email|messages|item_pic)/", key($element)) && !(isset($element['escape']) && !$element['escape']),
             'sortable'   => $element['sortable'] ?? current($element) != '',
             'checkbox'   => $element['checkbox'] ?? false,
             'class'      => isset($element['checkbox']) || preg_match('(^$|&nbsp)', current($element)) ? 'print_hide' : '',
@@ -408,7 +408,7 @@ function get_items_manage_table_headers(): string
 {
     $attribute = model(Attribute::class);
     $config = config(OSPOS::class)->settings;
-    $definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS);    // TODO: this should be made into a constant in constants.php
+    $definitionsWithTypes = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
 
     $headers = item_headers();
 
@@ -420,8 +420,8 @@ function get_items_manage_table_headers(): string
 
     $headers[] = ['item_pic' => lang('Items.image'), 'sortable' => false];
 
-    foreach ($definition_names as $definition_id => $definition_name) {
-        $headers[] = [$definition_id => $definition_name, 'sortable' => false];
+    foreach ($definitionsWithTypes as $definition_id => $definitionInfo) {
+        $headers[] = [$definition_id => $definitionInfo['name'], 'sortable' => false];
     }
 
     $headers[] = ['inventory' => '', 'escape' => false];
@@ -470,7 +470,8 @@ function get_item_data_row(object $item): array
             : glob("./uploads/item_pics/$item->pic_filename");
 
         if (sizeof($images) > 0) {
-            $image .= '<a class="rollover" href="' . base_url($images[0]) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . pathinfo($images[0], PATHINFO_BASENAME)) . '"></a>';
+            $image_path = ltrim($images[0], './');
+            $image .= '<a class="rollover" href="' . base_url(implode('/', array_map('rawurlencode', explode('/', $image_path)))) . '"><img alt="Image thumbnail" src="' . site_url('items/PicThumb/' . rawurlencode(pathinfo($images[0], PATHINFO_BASENAME))) . '"></a>';
         }
     }
 
@@ -478,7 +479,7 @@ function get_item_data_row(object $item): array
         $item->name .= NAME_SEPARATOR . $item->pack_name;
     }
 
-    $definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS);
+    $definition_names = $attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS, true);
 
     $columns = [
         'items.item_id' => $item->item_id,
@@ -633,7 +634,7 @@ function parse_attribute_values(array $columns, array $row): array
 }
 
 /**
- * @param array $definition_names
+ * @param array $definition_names Array of definition_id => ['name' => name, 'type' => type] or definition_id => name
  * @param array $row
  * @return array
  */
@@ -650,10 +651,16 @@ function expand_attribute_values(array $definition_names, array $row): array
     }
 
     $attribute_values = [];
-    foreach ($definition_names as $definition_id => $definition_name) {
+    foreach ($definition_names as $definition_id => $definitionInfo) {
         if (isset($indexed_values[$definition_id])) {
-            $attribute_value = $indexed_values[$definition_id];
-            $attribute_values["$definition_id"] = $attribute_value;
+            $raw_value = $indexed_values[$definition_id];
+            
+            // Format DECIMAL attributes according to locale
+            if (is_array($definitionInfo) && isset($definitionInfo['type']) && $definitionInfo['type'] === DECIMAL) {
+                $attribute_values["$definition_id"] = to_decimals($raw_value);
+            } else {
+                $attribute_values["$definition_id"] = $raw_value;
+            }
         } else {
             $attribute_values["$definition_id"] = "";
         }
@@ -924,3 +931,24 @@ function get_controller(): string
     $controller_name_parts = explode('\\', $controller_name);
     return end($controller_name_parts);
 }
+
+/**
+ * Restores filter values from URL query string.
+ * 
+ * @param CodeIgniter\HTTP\IncomingRequest $request The request object
+ * @return array Array with 'start_date', 'end_date', and 'selected_filters' keys
+ */
+function restoreTableFilters($request): array
+{
+    $startDate = $request->getGet('start_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    $endDate = $request->getGet('end_date', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    $urlFilters = $request->getGet('filters', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+    
+    return array_filter([
+        'start_date' => $startDate ?: null,
+        'end_date' => $endDate ?: null,
+        'selected_filters' => $urlFilters ?? []
+    ], function($value) {
+        return $value !== null && $value !== [];
+    });
+}

app/Helpers/tax_helper.php

@@ -143,8 +143,7 @@ function get_tax_rates_manage_table_headers(): string
  */
 function get_tax_rates_data_row($tax_rates_row): array
 {
-    $router = service('router');
-    $controller_name = strtolower($router->controllerName());
+    $controller_name = 'taxes';
 
     return [
         'tax_rate_id'        => $tax_rates_row->tax_rate_id,

app/Language/ar-EG/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
     "confirm_restore"                  => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
     "definition_cannot_be_deleted"     => "لا يمكن حذف السمات المحددة",
+    "definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
     "definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
     "definition_flags"                 => "رؤية الميزات",
     "definition_group"                 => "المجموعة",

app/Language/ar-EG/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "الجميع",
-    "columns"              => "أعمدة",
-    "hide_show_pagination" => "عرض/إخفاء أرقام الصفحات",
-    "loading"              => "جارى التحميل، برجاء الإنتظار ...",
-    "page_from_to"         => "عرض {0} إلى {1} من {2} صفوف",
-    "refresh"              => "إعادة تحميل",
-    "rows_per_page"        => "{0} صف بالصفحة",
-    "toggle"               => "تغيير",
+    'all' => "الجميع",
+    'columns' => "أعمدة",
+    'hide_show_pagination' => "عرض/إخفاء أرقام الصفحات",
+    'loading' => "جارى التحميل، برجاء الإنتظار",
+    'page_from_to' => "عرض {0} إلى {1} من {2} صفوف",
+    'refresh' => "إعادة تحميل",
+    'rows_per_page' => "{0} صف بالصفحة",
+    'toggle' => "تغيير",
 ];

app/Language/ar-EG/Calendar.php

@@ -0,0 +1,49 @@
+<?php
+
+return [
+    "su"        => "أحد",
+    "mo"        => "اثنين",
+    "tu"        => "ثلاثاء",
+    "we"        => "أربعاء",
+    "th"        => "خميس",
+    "fr"        => "جمعة",
+    "sa"        => "سبت",
+    "sun"       => "الأحد",
+    "mon"       => "الاثنين",
+    "tue"       => "الثلاثاء",
+    "wed"       => "الأربعاء",
+    "thu"       => "الخميس",
+    "fri"       => "الجمعة",
+    "sat"       => "السبت",
+    "sunday"    => "الأحد",
+    "monday"    => "الاثنين",
+    "tuesday"   => "الثلاثاء",
+    "wednesday" => "الأربعاء",
+    "thursday"  => "الخميس",
+    "friday"    => "الجمعة",
+    "saturday"  => "السبت",
+    "jan"       => "يناير",
+    "feb"       => "فبراير",
+    "mar"       => "مارس",
+    "apr"       => "أبريل",
+    "may"       => "مايو",
+    "jun"       => "يونيو",
+    "jul"       => "يوليو",
+    "aug"       => "أغسطس",
+    "sep"       => "سبتمبر",
+    "oct"       => "أكتوبر",
+    "nov"       => "نوفمبر",
+    "dec"       => "ديسمبر",
+    "january"   => "يناير",
+    "february"  => "فبراير",
+    "march"     => "مارس",
+    "april"     => "أبريل",
+    "mayl"      => "مايو",
+    "june"      => "يونيو",
+    "july"      => "يوليو",
+    "august"    => "أغسطس",
+    "september" => "سبتمبر",
+    "october"   => "أكتوبر",
+    "november"  => "نوفمبر",
+    "december"  => "ديسمبر",
+];

app/Language/ar-EG/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "يمين",
     "sales_invoice_format"                      => "شكل فاتورة البيع",
     "sales_quote_format"                        => "شكل فاتورة عرض الاسعار",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "تم حفظ التهيئة بنجاح.",
     "saved_unsuccessfully"                      => "لم يتم حفظ التهيئة بنجاح.",
     "security_issue"                            => "تحذير من ثغرة أمنية",

app/Language/ar-EG/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "كلمة المرور الحالية غير صحيحة.",
     "employee"                     => "موظف",
     "error_adding_updating"        => "خطاء فى إضافة/تعديل موظف.",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
     "error_updating_demo_admin"    => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
     "language"                     => "اللغة",

app/Language/ar-EG/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "سعر التكلفة مطلوب.",
     "count"                              => "تحديث المخزون",
     "csv_import_failed"                  => "فشل الإستيراد من اكسل",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
     "csv_import_partially_failed"        => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
     "csv_import_success"                 => "تم استيراد الأصناف بنجاح.",

app/Language/ar-EG/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "دخول",
     "logout"                        => "تسجيل خروج",
     "migration_needed"              => "سيبدأ ترحيل قاعدة البيانات إلى{0} بعد تسجيل الدخول.",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "كلمة السر",
     "required_username"             => "",
     "username"                      => "اسم المستخدم",

app/Language/ar-EG/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "الموظف",
     "entry"                            => "ادخال",
     "error_editing_item"               => "خطاء فى تحرير الصنف",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "بحث/مسح باركود صنف",
     "find_or_scan_item_or_receipt"     => "بحث/مسح باركود صنف أو ايصال",
     "giftcard"                         => "بطاقة هدية",

app/Language/ar-LB/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "هل أنت متأكد من أنك تريد حذف الميزات المحددة ؟",
     "confirm_restore"                  => "هل أنت متأكد من أنك تريد استعادة السمة (السمات) المحددة؟",
     "definition_cannot_be_deleted"     => "لا يمكن حذف السمات المحددة",
+    "definition_invalid_group" => "المجموعة المحددة غير موجودة أو غير صالحة.",
     "definition_error_adding_updating" => "لا يمكن إضافة السمة {0} أو تحديثها. يرجى التحقق من سجل الخطأ.",
     "definition_flags"                 => "رؤية الميزات",
     "definition_group"                 => "المجموعة",

app/Language/ar-LB/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "الكل",
-    "columns"              => "أعمدة",
-    "hide_show_pagination" => "عرض/إخفاء أرقام الصفحات",
-    "loading"              => "جارى التحميل، برجاء الإنتظار ...",
-    "page_from_to"         => "عرض {0} إلى {1} من {2} صفوف",
-    "refresh"              => "إعادة تحميل",
-    "rows_per_page"        => "{0} صف بالصفحة",
-    "toggle"               => "تغيير",
+    'all' => "الكل",
+    'columns' => "أعمدة",
+    'hide_show_pagination' => "عرض/إخفاء أرقام الصفحات",
+    'loading' => "جارى التحميل، برجاء الإنتظار",
+    'page_from_to' => "عرض {0} إلى {1} من {2} صفوف",
+    'refresh' => "إعادة تحميل",
+    'rows_per_page' => "{0} صف بالصفحة",
+    'toggle' => "تغيير",
 ];

app/Language/ar-LB/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "يمين",
     "sales_invoice_format"                      => "شكل فاتورة البيع",
     "sales_quote_format"                        => "شكل فاتورة عرض الاسعار",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "تم حفظ التهيئة بنجاح.",
     "saved_unsuccessfully"                      => "لم يتم حفظ التهيئة بنجاح.",
     "security_issue"                            => "تحذير من ثغرة أمنية",

app/Language/ar-LB/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "كلمة المرور الحالية غير صحيحة.",
     "employee"                     => "موظف",
     "error_adding_updating"        => "خطاء فى إضافة/تعديل موظف.",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "لايمكن حذف المستخدم admin الخاص بنسخة العرض.",
     "error_updating_demo_admin"    => "لايمكن تغيير بيانات المستخدم admin الخاص بنسخة العرض.",
     "language"                     => "اللغة",

app/Language/ar-LB/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "سعر التكلفة مطلوب.",
     "count"                              => "تحديث المخزون",
     "csv_import_failed"                  => "فشل الإستيراد من اكسل",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "الملف الذى رفعته إما فارغ أو أنه مختلف البنية.",
     "csv_import_partially_failed"        => "يوجد خطأ بنسبة {0} في استيراد الاصناف في السطر: {1}. لم يتم استيرادهم.",
     "csv_import_success"                 => "تم استيراد الأصناف بنجاح.",

app/Language/ar-LB/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "دخول",
     "logout"                        => "تسجيل خروج",
     "migration_needed"              => "سيبدأ ترحيل قاعدة البيانات إلى{0} بعد تسجيل الدخول.",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "كلمة السر",
     "required_username"             => "خانة أسم المستخدم مطلوبة.",
     "username"                      => "اسم المستخدم",

app/Language/ar-LB/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "الموظف",
     "entry"                            => "ادخال",
     "error_editing_item"               => "خطاء فى تعديل المادة",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "بحث/مسح باركود المادة",
     "find_or_scan_item_or_receipt"     => "بحث/مسح باركود المادة أو الايصال",
     "giftcard"                         => "بطاقة هدية",

app/Language/az/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "Seçilmiş Atributları silmək istədiyinizdən əminsinizmi?",
     "confirm_restore"                  => "Seçilmiş atributları bərpa etmək istədiyinizə əminsinizmi?",
     "definition_cannot_be_deleted"     => "Seçilmiş xüsusiyyətləri silmək olmadı",
+    "definition_invalid_group" => "",
     "definition_error_adding_updating" => "{0} -in atributları əlavə oluna və yenilənə bilmədi. Lütfən XƏTA loq faylını yoxlayın.",
     "definition_flags"                 => "Atribut görünüşü",
     "definition_group"                 => "Qrup",

app/Language/az/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "hamısı",
-    "columns"              => "Sütunlar",
-    "hide_show_pagination" => "Gizlət/Göstər səhifənin nömrələnməsin",
-    "loading"              => "Lütfən gözləyin, səhifə yüklənir...",
-    "page_from_to"         => "Göstər {0} bundan {1} buna {2} kimi",
-    "refresh"              => "Yenilə",
-    "rows_per_page"        => "{0} yazı səhifədə",
-    "toggle"               => "Keçid",
+    'all' => "hamısı",
+    'columns' => "Sütunlar",
+    'hide_show_pagination' => "Gizlət/Göstər səhifənin nömrələnməsin",
+    'loading' => "Lütfən gözləyin, səhifə yüklənir",
+    'page_from_to' => "Göstər {0} bundan {1} buna {2} kimi",
+    'refresh' => "Yenilə",
+    'rows_per_page' => "{0} yazı səhifədə",
+    'toggle' => "Keçid",
 ];

app/Language/az/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "Konfiqurasiya ugursuz oldu saxlanilmadi",
     "sales_invoice_format"                      => "Satış Fatura Formatı",
     "sales_quote_format"                        => "Satış Sitat Formati",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "Konfiqurasiya uğurla saxlanıldı.",
     "saved_unsuccessfully"                      => "Konfiqurasiyanı saxlamq mümkün olmadı.",
     "security_issue"                            => "Təhlükəsizlik açığı xəbərdarlığı",

app/Language/az/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "Hazirki Şifrə düzgün deyil.",
     "employee"                     => "Əməkdaş",
     "error_adding_updating"        => "Əməkdaş əlavə etməsk və ya yeniləməsi baş vermədi.",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "Demo administrator istifadəçisini silə bilməzsiniz.",
     "error_updating_demo_admin"    => "Demo administrator istifadəçisini dəyişə bilməzsiniz.",
     "language"                     => "Dil",

app/Language/az/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "Topdan satiış - doldurulması vacib sahə.",
     "count"                              => "inventorun yenilənməsi",
     "csv_import_failed"                  => "səhv csv import",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "Yüklənmiş faylda məlumat yoxdur və ya düzgün formatlanmır.",
     "csv_import_partially_failed"        => "Xətlərdə {0} element idxalı uğursuzluq (lar) var: {1}. Heç bir sıra idxal edilmədi.",
     "csv_import_success"                 => "Malların İdxalı Uğurla Həyata Keçdi.",

app/Language/az/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "Giriş",
     "logout"                        => "Çıxış",
     "migration_needed"              => "{0} -ə daxil olandan sonra verilənlər bazası miqrasiyası başlayacaq.",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "Şifrə",
     "required_username"             => "",
     "username"                      => "İstifadəçi",

app/Language/az/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "Əməkdaş",
     "entry"                            => "Daxil",
     "error_editing_item"               => "XƏTA Malın redaktəsində",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "Malın axtarışı",
     "find_or_scan_item_or_receipt"     => "Tapmaq skan etmək və ya kvitansiya",
     "giftcard"                         => "Hədiyyə Kartı",

app/Language/bg/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "",
     "confirm_restore"                  => "",
     "definition_cannot_be_deleted"     => "",
+    "definition_invalid_group" => "",
     "definition_error_adding_updating" => "",
     "definition_flags"                 => "",
     "definition_group"                 => "",

app/Language/bg/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "Всичко/и",
-    "columns"              => "Колони",
-    "hide_show_pagination" => "Скриване / Показване на страници",
-    "loading"              => "Зареждане, моля изчакайте...",
-    "page_from_to"         => "Показани са {0} до {1} от {2} реда",
-    "refresh"              => "Опресняване",
-    "rows_per_page"        => "{0} редове на страница",
-    "toggle"               => "Щифт",
+    'all' => "Всичко/и",
+    'columns' => "Колони",
+    'hide_show_pagination' => "Скриване / Показване на страници",
+    'loading' => "Зареждане, моля изчакайте",
+    'page_from_to' => "Показани са {0} до {1} от {2} реда",
+    'refresh' => "Опресняване",
+    'rows_per_page' => "{0} редове на страница",
+    'toggle' => "Щифт",
 ];

app/Language/bg/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "Right",
     "sales_invoice_format"                      => "Sales Invoice Format",
     "sales_quote_format"                        => "Sales Quote Format",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "Configuration save successful.",
     "saved_unsuccessfully"                      => "Configuration save failed.",
     "security_issue"                            => "Security Vulnerability Warning",

app/Language/bg/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "Текущата парола е невалидна.",
     "employee"                     => "Служител",
     "error_adding_updating"        => "Добавянето или актуализирането на служителите е неуспешно.",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "Не може да изтриете Пробният Администратор.",
     "error_updating_demo_admin"    => "Не може да промените Пробният Администратор.",
     "language"                     => "Език",

app/Language/bg/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "Wholesale Price is a required field.",
     "count"                              => "Update Inventory",
     "csv_import_failed"                  => "CSV import failed",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "The uploaded file has no data or is formatted incorrectly.",
     "csv_import_partially_failed"        => "Item import successful with some failures:",
     "csv_import_success"                 => "Item import successful.",

app/Language/bg/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "Login",
     "logout"                        => "",
     "migration_needed"              => "",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "Password",
     "required_username"             => "",
     "username"                      => "Username",

app/Language/bg/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "Служител",
     "entry"                            => "Вход",
     "error_editing_item"               => "Грешка при редактирането на елемента",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "Намерете или сканирайте елемента",
     "find_or_scan_item_or_receipt"     => "Намерете или сканирайте елемент или разпис",
     "giftcard"                         => "Gift Карта",

app/Language/bs/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "Da li ste sigurni da želite da izbrišete izabrani atribut?",
     "confirm_restore"                  => "Da li ste sigurni da želite vratiti izabrane atribute?",
     "definition_cannot_be_deleted"     => "Nije moguće izbrisati izabrane atribut",
+    "definition_invalid_group" => "",
     "definition_error_adding_updating" => "Atribut {0} nije moguće dodati ili ažurirati. Molimo provjerite dnevnik grešaka.",
     "definition_flags"                 => "Vidljivost atributa",
     "definition_group"                 => "Grupa",

app/Language/bs/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "Sve",
-    "columns"              => "Kolone",
-    "hide_show_pagination" => "Sakrij / prikaži paginaciju",
-    "loading"              => "Učitavanje sačekajte...",
-    "page_from_to"         => "Prikazivanje {0} do {1} od {2} redova",
-    "refresh"              => "Osvježi",
-    "rows_per_page"        => "{0} redova po stranici",
-    "toggle"               => "Promijeni prikaz",
+    'all' => "Sve",
+    'columns' => "Kolone",
+    'hide_show_pagination' => "Sakrij / prikaži paginaciju",
+    'loading' => "Učitavanje sačekajte",
+    'page_from_to' => "Prikazivanje {0} do {1} od {2} redova",
+    'refresh' => "Osvježi",
+    'rows_per_page' => "{0} redova po stranici",
+    'toggle' => "Promijeni prikaz",
 ];

app/Language/bs/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "Desno",
     "sales_invoice_format"                      => "Format fakture",
     "sales_quote_format"                        => "Format navedene prodaje",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "Konfiguracija je uspješno snimljena.",
     "saved_unsuccessfully"                      => "Konfiguracija nije uspješno snimljena.",
     "security_issue"                            => "Upozorenje o sigurnosnoj ranjivosti",

app/Language/bs/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "Trenutna lozinka je nevažeća.",
     "employee"                     => "Zaposlenik",
     "error_adding_updating"        => "Dodavanje ili ažuriranje zaposlenika nije uspjelo.",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "Ne možete izbrisati demo korisnika administratora.",
     "error_updating_demo_admin"    => "Ne možete promijeniti korisnika demo administratora.",
     "language"                     => "Jezik",

app/Language/bs/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "Fakturna cijena je obavezno polje.",
     "count"                              => "Ažuriraj zalihu",
     "csv_import_failed"                  => "Uvoz CSV-a nije uspio",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "Učitana CSV datoteka nema podatke ili je pogrešno formatirana.",
     "csv_import_partially_failed"        => "Bilo je {0} grešaka pri uvozu stavke na liniji: {1}. Nijedan red nije uvezen.",
     "csv_import_success"                 => "Uvoz CSV stavke je uspješan.",

app/Language/bs/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "Prijava",
     "logout"                        => "Odjava",
     "migration_needed"              => "Migracija baze podataka na {0} će početi nakon prijavljivanja.",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "Lozinka",
     "required_username"             => "",
     "username"                      => "Korisničko ime",

app/Language/bs/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "Zaposlenik",
     "entry"                            => "Ulaz",
     "error_editing_item"               => "Greška pri uređivanju artikla",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "Pronađi/Skeniraj artikal",
     "find_or_scan_item_or_receipt"     => "Pronađi/Skeniraj artikal ili priznanicu",
     "giftcard"                         => "Poklon kartica",

app/Language/ckb/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بسڕیتەوە؟",
     "confirm_restore"                  => "ئایا دڵنیای کە دەتەوێت تایبەتمەندییە هەڵبژێردراوەکە(کان) بگەڕێنیتەوە؟",
     "definition_cannot_be_deleted"     => "نەتوانرا تایبەتمەندی هەڵبژێردراو بسڕدرێتەوە",
+    "definition_invalid_group" => "",
     "definition_error_adding_updating" => "تایبەتمەندی {0} نەتوانرا زیاد بکرێت یان نوێ بکرێتەوە. تکایە لیستی هەڵەکان بپشکنە.",
     "definition_flags"                 => "توانای بینراویی تایبەتمەندی",
     "definition_group"                 => "گروپ",

app/Language/ckb/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "هەموو",
-    "columns"              => "ستنوونەکان",
-    "hide_show_pagination" => "شاردنەوە/پێشاندانی لاپەڕەسازی",
-    "loading"              => "بارکردن، تکایە چاوەڕوان بن...",
-    "page_from_to"         => "پیشاندانی {0} بۆ {1} لە {2} ڕیزەکان",
-    "refresh"              => "ڕفرێش",
-    "rows_per_page"        => "{0} ڕیز بۆ هەر لاپەڕەیەک",
-    "toggle"               => "دوگمە",
+    'all' => "هەموو",
+    'columns' => "ستنوونەکان",
+    'hide_show_pagination' => "شاردنەوە/پێشاندانی لاپەڕەسازی",
+    'loading' => "بارکردن، تکایە چاوەڕوان بن",
+    'page_from_to' => "پیشاندانی {0} بۆ {1} لە {2} ڕیزەکان",
+    'refresh' => "ڕفرێش",
+    'rows_per_page' => "{0} ڕیز بۆ هەر لاپەڕەیەک",
+    'toggle' => "دوگمە",
 ];

app/Language/ckb/Employees.php

@@ -14,6 +14,8 @@ return [
     'current_password_invalid' => "وشەی نهێنی ئێستا نادروستە.",
     'employee' => "فەرمانبەر",
     'error_adding_updating' => "زیادکردن یان نوێکردنەوەی کارمەند سەرکەوتوو نەبوو.",
+    'error_deleting_admin' => "",
+    'error_updating_admin' => "",
     'error_deleting_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمینی تاقیکردنەوەیی بسڕیتەوە.",
     'error_updating_demo_admin' => "ناتوانیت بەکارهێنەری ئەدمین تاقیکردنەوەیی بگۆڕیت.",
     'language' => "زمان",

app/Language/ckb/Items.php

@@ -26,6 +26,7 @@ return [
     'cost_price_required' => "نرخی جوملە خانەیەکی پێویستە.",
     'count' => "جەرد نوێ بکەوە",
     'csv_import_failed' => "هاوردەکردنی CSV سەرکەوتوو نەبوو",
+    'csv_import_invalid_location' => "",
     'csv_import_nodata_wrongformat' => "پەڕگەی CSV بارکراو هیچ داتایەکی نییە یان بە هەڵە فۆرمات کراوە.",
     'csv_import_partially_failed' => "{0} شکستی هاوردەکردنی بابەتی لەسەر هێڵەکان هەبوو: {1}. هیچ ڕیزێک هاوردە نەکرا.",
     'csv_import_success' => "بابەتی هاوردەکردنی CSV سەرکەوتوو بوو.",

app/Language/ckb/Login.php

@@ -9,6 +9,15 @@ return [
     'login' => "چوونەژوورەوە",
     'logout' => "چوونەدەرەوە",
     'migration_needed' => "گواستنەوەی داتابەیس بۆ {0} دوای چوونەژوورەوە دەست پێدەکات.",
+    'migration_required' => "",
+    'migration_auth_message' => "",
+    'migration_initializing' => "",
+    'migration_running' => "",
+    'migration_complete' => "",
+    'migration_complete_login' => "",
+    'migration_failed' => "",
+    'migration_error_connection' => "",
+    'migration_complete_redirect' => "",
     'password' => "وشەی نهێنی",
     'required_username' => "خانەی ناوی بەکارهێنەر پێویستە.",
     'username' => "ناوی بەکارهێنەر",

app/Language/ckb/Sales.php

@@ -73,6 +73,12 @@ return [
     'employee' => "فەرمانبەر",
     'entry' => "تۆمار",
     'error_editing_item' => "هەڵە لە دەستکاریکردنی ئایتم",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     'find_or_scan_item' => "دۆزینەوە یان سکانکردنی ئایتم",
     'find_or_scan_item_or_receipt' => "دۆزینەوە یان سکانکردنی ئایتم یان پسوڵە",
     'giftcard' => "کارتی دیاری",

app/Language/cs/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "",
     "confirm_restore"                  => "",
     "definition_cannot_be_deleted"     => "",
+    "definition_invalid_group" => "",
     "definition_error_adding_updating" => "",
     "definition_flags"                 => "",
     "definition_group"                 => "",

app/Language/cs/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "Vše",
-    "columns"              => "Sloupce",
-    "hide_show_pagination" => "Zobrazit/skrýt stránkování",
-    "loading"              => "Nahrávám, prosím počkejte...",
-    "page_from_to"         => "Zobrazeno {0} až {1} z {2} řádků",
-    "refresh"              => "Obnovit",
-    "rows_per_page"        => "{0} řádků na stránku",
-    "toggle"               => "Přepnout",
+    'all' => "Vše",
+    'columns' => "Sloupce",
+    'hide_show_pagination' => "Zobrazit/skrýt stránkování",
+    'loading' => "Nahrávám, prosím počkejte",
+    'page_from_to' => "Zobrazeno {0} až {1} z {2} řádků",
+    'refresh' => "Obnovit",
+    'rows_per_page' => "{0} řádků na stránku",
+    'toggle' => "Přepnout",
 ];

app/Language/cs/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "",
     "sales_invoice_format"                      => "",
     "sales_quote_format"                        => "",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "",
     "saved_unsuccessfully"                      => "",
     "security_issue"                            => "Security Vulnerability Warning",

app/Language/cs/Employees.php

@@ -14,6 +14,8 @@ return [
     "current_password_invalid"     => "",
     "employee"                     => "",
     "error_adding_updating"        => "",
+    "error_deleting_admin"         => "",
+    "error_updating_admin"         => "",
     "error_deleting_demo_admin"    => "",
     "error_updating_demo_admin"    => "",
     "language"                     => "",

app/Language/cs/Items.php

@@ -26,6 +26,7 @@ return [
     "cost_price_required"                => "Musíte zadat nákupní cenu.",
     "count"                              => "Upravit množství",
     "csv_import_failed"                  => "Import z CSVu se nepovedl",
+    "csv_import_invalid_location"        => "",
     "csv_import_nodata_wrongformat"      => "Nahraný soubor neobsahuje žádná data nebo má špatný formát.",
     "csv_import_partially_failed"        => "Při importu položek došlo k několika chybám:",
     "csv_import_success"                 => "Import položek proběhl bez chyby.",

app/Language/cs/Login.php

@@ -9,6 +9,15 @@ return [
     "login"                         => "Login",
     "logout"                        => "",
     "migration_needed"              => "",
+    "migration_required"            => "",
+    "migration_auth_message"        => "",
+    "migration_initializing"        => "",
+    "migration_running"             => "",
+    "migration_complete"            => "",
+    "migration_complete_login"      => "",
+    "migration_failed"              => "",
+    "migration_error_connection"    => "",
+    "migration_complete_redirect"   => "",
     "password"                      => "Heslo",
     "required_username"             => "",
     "username"                      => "Uživatelské jméno",

app/Language/cs/Sales.php

@@ -73,6 +73,12 @@ return [
     "employee"                         => "Prodávající",
     "entry"                            => "Záznam",
     "error_editing_item"               => "Chyba při úpravě položky",
+    "negative_price_invalid"           => "",
+    "negative_quantity_invalid"        => "",
+    "negative_discount_invalid"        => "",
+    "discount_percent_exceeds_100"     => "",
+    "discount_exceeds_item_total"      => "",
+    "negative_total_invalid"           => "",
     "find_or_scan_item"                => "Najít nebo skenovat položku",
     "find_or_scan_item_or_receipt"     => "Najít nebo skenovat položku či účtenku",
     "giftcard"                         => "Dárkový poukaz",

app/Language/da/Attributes.php

@@ -5,6 +5,7 @@ return [
     "confirm_delete"                   => "Er du sikker på, at du vil slette de valgte egenskaber?",
     "confirm_restore"                  => "Er du sikker på, at du vil gendanne de valgte egenskaber?",
     "definition_cannot_be_deleted"     => "De valgte egenskaber kunne ikke slettes",
+    "definition_invalid_group" => "Den valgte gruppe findes ikke eller er ugyldig.",
     "definition_error_adding_updating" => "Egenskab {0} Kunne ikke tilføjes eller opdateres. Tjek venligst fejlprotokollen.",
     "definition_flags"                 => "Egenskabens Synlighed",
     "definition_group"                 => "Gruppe",

app/Language/da/Bootstrap_tables.php

@@ -1,12 +1,12 @@
 <?php
 
 return [
-    "all"                  => "Alle",
-    "columns"              => "Kolonner",
-    "hide_show_pagination" => "Gem/Vis sideinddeling",
-    "loading"              => "Indlæser, vent venligst...",
-    "page_from_to"         => "Viser {0} to {1} af {2} rækker",
-    "refresh"              => "Opdater",
-    "rows_per_page"        => "{0} rækker per side",
-    "toggle"               => "Skift",
+    'all' => "Alle",
+    'columns' => "Kolonner",
+    'hide_show_pagination' => "Gem/Vis sideinddeling",
+    'loading' => "Indlæser, vent venligst",
+    'page_from_to' => "Viser {0} to {1} af {2} rækker",
+    'refresh' => "Opdater",
+    'rows_per_page' => "{0} rækker per side",
+    'toggle' => "Skift",
 ];

app/Language/da/Config.php

@@ -282,6 +282,7 @@ return [
     "right"                                     => "Right",
     "sales_invoice_format"                      => "Sales Invoice Format",
     "sales_quote_format"                        => "Sales Quote Format",
+    "mailpath_invalid"                          => "",
     "saved_successfully"                        => "Configuration save successful.",
     "saved_unsuccessfully"                      => "Configuration save failed.",
     "security_issue"                            => "Security Vulnerability Warning",