Hardening

2025-08-20 19:24:03 +02:00
parent 41200633cb
commit 010b23b0e5
19 changed files with 1358 additions and 59 deletions
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -842,6 +842,7 @@ function getWhereclause($table_name,$permission,$partner,$method){
  switch ($permission) {    
      case '4': 
          $whereclause = '';
+          $condition = '';
          break;
      case '3':
          $condition = '__salesid___'.$partner->salesid.'___soldto___%';
@@ -892,6 +893,7 @@ function getWhereclauselvl2($table_name,$permission,$partner,$method){
  switch ($permission) {    
    case '4':
        $whereclause = '';
+        $condition = '';
        break;
    case '3':
        $condition = '__salesid___'.$partner->salesid.'___soldto___%';
@@ -3330,6 +3332,7 @@ function processProductCollection($products) {
              // Add version specific data
              $versionProduct['version_id'] = $version['version_id'];
              $versionProduct['config_setting'] = $version['config_setting'];
+              $versionProduct['main_option_for_display'] = $version['main_option_for_display'];
              $versionProduct['configurations'] = $version['configurations'];
              
              // Only modify identifiers if there's more than one version
@@ -3630,7 +3633,14 @@ class ShoppingCartCalculator {
      $stmt->execute([$this->selected_country]);
      $tax = $stmt->fetch(PDO::FETCH_ASSOC);
      
-      return $tax ? ($amount_to_tax * ($tax['rate'] / 100)) : 0;
+      if ($this->business_type === 'b2c') {
+          // Tax is included in final price
+          return $tax ? ($amount_to_tax - ($amount_to_tax / ( 1 + ($tax['rate'] / 100)))) : 0;
+      } else {
+          // Tax is added on top for B2B
+          return $tax ? ($amount_to_tax * ($tax['rate'] / 100)) : 0;
+      }
+      
  }

  private function calculateFinalTotal($subtotal, $shippingtotal, $discounttotal, $taxtotal) {
@@ -4025,7 +4035,7 @@ function getDomainName($hostname) {
 // encode ID to UUID
 //=======================================
 function encodeUuid($number) {
-  $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&?-';
+  $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  $base = strlen($alphabet);
  
  $encoded = '';
@@ -4049,7 +4059,7 @@ function encodeUuid($number) {
 function decodeUuid($encoded) {
  $encoded = strtoupper($encoded);

-  $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&?-';
+  $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
  $base = strlen($alphabet);
  
  $number = 0;