mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-04-17 05:19:43 -04:00
85c7ce2da4
* Fix business logic vulnerability allowing negative sale totals (GHSA-wv3j-pp8r-7q43) Add server-side validation in postEditItem() to reject negative prices, quantities, and discounts, as well as percentage discounts exceeding 100% and fixed discounts exceeding the item total. Also block sale completion with negative totals in non-return mode to prevent fraud/theft. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix: exempt return mode from negative quantity validation Return mode legitimately stores items with negative quantities. The quantity validation now skips the non-negative check in return mode, consistent with the existing return mode exemption in postComplete(). Also use abs() for fixed discount comparison to handle return quantities. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Refactor: use $rules + validate() pattern per review feedback Address review comments from jekkos on PR #4450: 1. Use CI4 $rules variable with custom non_negative_decimal validation rule instead of manual if-checks for price/discount validation. 2. Add validation error strings to all 44 non-English language files (English fallback values used until translations are contributed). 3. Use validate() method with $messages array for localized error display, maintaining the existing controller pattern. Additional improvements: - Add non_negative_decimal rule to OSPOSRules.php (leverages parse_decimals() for locale-aware decimal parsing) - Preserve manual checks for business logic (return mode quantity exemption, discount bounds via bccomp) - Fix PHP 8.1+ compatibility: avoid passing method return to reset() - Explicit empty discount handling for bc-math safety Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * Fix: rename to nonNegativeDecimal (PSR), clear non-English translation strings - Rename validation rule method non_negative_decimal → nonNegativeDecimal in OSPOSRules.php and all $rules/$messages references in Sales.php (PSR naming per @objecttothis review) - Replace English fallback text with "" in 43 non-English language files so CI4 falls back to the base language string; weblate will handle translations (per @jekkos and @objecttothis agreement) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Paul <morimori-dev@github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: objecttothis <17935339+objecttothis@users.noreply.github.com>
232 lines
6.5 KiB
PHP
232 lines
6.5 KiB
PHP
<?php
|
|
|
|
return [
|
|
'customers_available_points' => "Dostępne punkty",
|
|
'rewards_package' => "",
|
|
'rewards_remaining_balance' => "",
|
|
'account_number' => "",
|
|
'add_payment' => "",
|
|
'amount_due' => "",
|
|
'amount_tendered' => "",
|
|
'authorized_signature' => "",
|
|
'cancel_sale' => "",
|
|
'cash' => "",
|
|
'cash_1' => "",
|
|
'cash_2' => "",
|
|
'cash_3' => "",
|
|
'cash_4' => "",
|
|
'cash_adjustment' => "",
|
|
'cash_deposit' => "",
|
|
'cash_filter' => "",
|
|
'change_due' => "",
|
|
'change_price' => "",
|
|
'check' => "",
|
|
'check_balance' => "",
|
|
'check_filter' => "",
|
|
'close' => "",
|
|
'comment' => "",
|
|
'comments' => "",
|
|
'company_name' => "",
|
|
'complete' => "",
|
|
'complete_sale' => "",
|
|
'confirm_cancel_sale' => "",
|
|
'confirm_delete' => "",
|
|
'confirm_restore' => "",
|
|
'credit' => "",
|
|
'credit_deposit' => "",
|
|
'credit_filter' => "",
|
|
'current_table' => "",
|
|
'customer' => "",
|
|
'customer_address' => "",
|
|
'customer_discount' => "",
|
|
'customer_email' => "",
|
|
'customer_location' => "",
|
|
'customer_mailchimp_status' => "",
|
|
'customer_optional' => "",
|
|
'customer_required' => "",
|
|
'customer_total' => "",
|
|
'customer_total_spent' => "",
|
|
'daily_sales' => "",
|
|
'date' => "",
|
|
'date_range' => "",
|
|
'date_required' => "",
|
|
'date_type' => "",
|
|
'debit' => "",
|
|
'debit_filter' => "",
|
|
'delete' => "",
|
|
'delete_confirmation' => "",
|
|
'delete_entire_sale' => "",
|
|
'delete_successful' => "",
|
|
'delete_unsuccessful' => "",
|
|
'description_abbrv' => "",
|
|
'discard' => "",
|
|
'discard_quote' => "",
|
|
'discount' => "",
|
|
'discount_included' => "",
|
|
'discount_short' => "",
|
|
'due' => "",
|
|
'due_filter' => "",
|
|
'edit' => "",
|
|
'edit_item' => "",
|
|
'edit_sale' => "",
|
|
'email_receipt' => "",
|
|
'employee' => "",
|
|
'entry' => "",
|
|
'error_editing_item' => "",
|
|
"negative_price_invalid" => "",
|
|
"negative_quantity_invalid" => "",
|
|
"negative_discount_invalid" => "",
|
|
"discount_percent_exceeds_100" => "",
|
|
"discount_exceeds_item_total" => "",
|
|
"negative_total_invalid" => "",
|
|
'find_or_scan_item' => "",
|
|
'find_or_scan_item_or_receipt' => "",
|
|
'giftcard' => "Karta Podarunkowa",
|
|
'giftcard_balance' => "",
|
|
'giftcard_filter' => "",
|
|
'giftcard_number' => "Numer Karty Podarunkowej",
|
|
'group_by_category' => "",
|
|
'group_by_type' => "",
|
|
'hsn' => "",
|
|
'id' => "",
|
|
'include_prices' => "",
|
|
'invoice' => "",
|
|
'invoice_confirm' => "",
|
|
'invoice_enable' => "",
|
|
'invoice_filter' => "",
|
|
'invoice_no_email' => "",
|
|
'invoice_number' => "",
|
|
'invoice_number_duplicate' => "",
|
|
'invoice_sent' => "",
|
|
'invoice_total' => "",
|
|
'invoice_type_custom_invoice' => "",
|
|
'invoice_type_custom_tax_invoice' => "",
|
|
'invoice_type_invoice' => "",
|
|
'invoice_type_tax_invoice' => "",
|
|
'invoice_unsent' => "",
|
|
'invoice_update' => "",
|
|
'item_insufficient_of_stock' => "",
|
|
'item_name' => "",
|
|
'item_number' => "",
|
|
'item_out_of_stock' => "",
|
|
'key_browser' => "",
|
|
'key_cancel' => "Cancels Current Quote/Invoice/Sale",
|
|
'key_customer_search' => "Customer Search",
|
|
'key_finish_quote' => "Finish Quote/Invoice witdout payment",
|
|
'key_finish_sale' => "Add Payment and Complete Invoice/Sale",
|
|
'key_full' => "",
|
|
'key_function' => "Function",
|
|
'key_help' => "Shortcuts",
|
|
'key_help_modal' => "Open Shortcuts Window",
|
|
'key_in' => "",
|
|
'key_item_search' => "Item Search",
|
|
'key_out' => "",
|
|
'key_payment' => "Add Payment",
|
|
'key_print' => "",
|
|
'key_restore' => "",
|
|
'key_search' => "",
|
|
'key_suspend' => "Suspend Current Sale",
|
|
'key_suspended' => "Show Suspended Sales",
|
|
'key_system' => "",
|
|
'key_tendered' => "Edit Amount Tendered",
|
|
'key_title' => "Sales Keyboard Shortcuts",
|
|
'mc' => "",
|
|
'mode' => "",
|
|
'must_enter_numeric' => "",
|
|
'must_enter_numeric_giftcard' => "",
|
|
'new_customer' => "",
|
|
'new_item' => "",
|
|
'no_description' => "",
|
|
'no_filter' => "",
|
|
'no_items_in_cart' => "",
|
|
'no_sales_to_display' => "",
|
|
'none_selected' => "",
|
|
'nontaxed_ind' => "",
|
|
'not_authorized' => "",
|
|
'one_or_multiple' => "",
|
|
'payment' => "",
|
|
'payment_amount' => "",
|
|
'payment_not_cover_total' => "",
|
|
'payment_type' => "",
|
|
'payments' => "",
|
|
'payments_total' => "",
|
|
'price' => "",
|
|
'print_after_sale' => "",
|
|
'quantity' => "Ilość",
|
|
'quantity_less_than_reorder_level' => "",
|
|
'quantity_less_than_zero' => "",
|
|
'quantity_of_items' => "",
|
|
'quote' => "",
|
|
'quote_number' => "",
|
|
'quote_number_duplicate' => "",
|
|
'quote_sent' => "",
|
|
'quote_unsent' => "",
|
|
'receipt' => "",
|
|
'receipt_no_email' => "",
|
|
'receipt_number' => "",
|
|
'receipt_sent' => "",
|
|
'receipt_unsent' => "",
|
|
'refund' => "",
|
|
'register' => "",
|
|
'remove_customer' => "",
|
|
'remove_discount' => "",
|
|
'return' => "",
|
|
'rewards' => "",
|
|
'rewards_balance' => "",
|
|
'sale' => "",
|
|
'sale_by_invoice' => "",
|
|
'sale_for_customer' => "",
|
|
'sale_time' => "",
|
|
'sales_tax' => "",
|
|
'sales_total' => "",
|
|
'select_customer' => "",
|
|
'send_invoice' => "",
|
|
'send_quote' => "",
|
|
'send_receipt' => "",
|
|
'send_work_order' => "",
|
|
'serial' => "",
|
|
'service_charge' => "",
|
|
'show_due' => "",
|
|
'show_invoice' => "",
|
|
'show_receipt' => "",
|
|
'start_typing_customer_name' => "",
|
|
'start_typing_item_name' => "",
|
|
'stock' => "",
|
|
'stock_location' => "",
|
|
'sub_total' => "",
|
|
'successfully_deleted' => "",
|
|
'successfully_restored' => "",
|
|
'successfully_suspended_sale' => "",
|
|
'successfully_updated' => "",
|
|
'suspend_sale' => "",
|
|
'suspended_doc_id' => "",
|
|
'suspended_sale_id' => "",
|
|
'suspended_sales' => "",
|
|
'table' => "",
|
|
'takings' => "",
|
|
'tax' => "",
|
|
'tax_id' => "",
|
|
'tax_invoice' => "",
|
|
'tax_percent' => "",
|
|
'taxed_ind' => "",
|
|
'total' => "",
|
|
'total_tax_exclusive' => "",
|
|
'transaction_failed' => "",
|
|
'unable_to_add_item' => "",
|
|
'unsuccessfully_deleted' => "",
|
|
'unsuccessfully_restored' => "",
|
|
'unsuccessfully_suspended_sale' => "",
|
|
'unsuccessfully_updated' => "",
|
|
'unsuspend' => "",
|
|
'unsuspend_and_delete' => "",
|
|
'update' => "",
|
|
'upi' => "",
|
|
'visa' => "",
|
|
'wholesale' => "",
|
|
'work_order' => "",
|
|
'work_order_number' => "",
|
|
'work_order_number_duplicate' => "",
|
|
'work_order_sent' => "",
|
|
'work_order_unsent' => "",
|
|
];
|