From 7f6fe9a39aeae85c10d0a01d9cff4d1a5e32bc91 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sat, 2 May 2026 14:52:30 +0000 Subject: [PATCH] fix: address code review - prepared stmt, first-radio auto-select, remove unused var, clarify comment Agent-Logs-Url: https://github.com/GameServerPanel/GSP/sessions/4a9c8aab-3782-44a8-a5e4-01b50a813cc0 Co-authored-by: iaretechnician <2749183+iaretechnician@users.noreply.github.com> --- modules/billing/adminserverlist.php | 27 ++++++++++++++++----------- modules/billing/module.php | 3 ++- modules/billing/order.php | 9 ++++++--- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/modules/billing/adminserverlist.php b/modules/billing/adminserverlist.php index 1d0e6011..f3765e0c 100644 --- a/modules/billing/adminserverlist.php +++ b/modules/billing/adminserverlist.php @@ -71,7 +71,6 @@ if (isset($_POST['save_matrix'])) { $price_col = $period === 'daily' ? 'price_daily' : ($period === 'yearly' ? 'price_year' : 'price_monthly'); $base_esc = $db->real_escape_string($base_price); - $period_esc = $db->real_escape_string($period); $db->query( "UPDATE `{$table_prefix}billing_services` @@ -88,23 +87,29 @@ if (isset($_POST['save_matrix'])) { $allServerIds[] = (int)$rsRow['remote_server_id']; } + $stmt = $db->prepare( + "INSERT INTO `{$table_prefix}billing_service_remote_servers` + (service_id, remote_server_id, enabled, override_price) + VALUES (?, ?, ?, ?) + ON DUPLICATE KEY UPDATE + enabled = VALUES(enabled), + override_price = VALUES(override_price)" + ); foreach ((array)$postedServices as $sid => $ignored) { $sid = (int)$sid; foreach ($allServerIds as $rid) { $mapEnabled = isset($postedMappings[$sid][$rid]['enabled']) ? 1 : 0; $ovRaw = $postedMappings[$sid][$rid]['override_price'] ?? ''; - $override = (trim($ovRaw) === '') ? 'NULL' : "'" . $db->real_escape_string(number_format((float)$ovRaw, 2, '.', '')) . "'"; - - $db->query( - "INSERT INTO `{$table_prefix}billing_service_remote_servers` - (service_id, remote_server_id, enabled, override_price) - VALUES ({$sid}, {$rid}, {$mapEnabled}, {$override}) - ON DUPLICATE KEY UPDATE - enabled = VALUES(enabled), - override_price = VALUES(override_price)" - ); + $ovPrice = (trim($ovRaw) === '') ? null : number_format((float)$ovRaw, 2, '.', ''); + if ($stmt) { + $stmt->bind_param('iisd', $sid, $rid, $mapEnabled, $ovPrice); + $stmt->execute(); + } } } + if ($stmt) { + $stmt->close(); + } $flash[] = "Matrix saved successfully."; } diff --git a/modules/billing/module.php b/modules/billing/module.php index 71ff12f0..f310acbf 100644 --- a/modules/billing/module.php +++ b/modules/billing/module.php @@ -173,7 +173,8 @@ $install_queries[1] = array( ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;" ); -// Version 3: Add override_price to service-to-server mapping table +// Version 3 (array index 2, because install_queries is zero-indexed starting from version 1): +// Add override_price to service-to-server mapping table $install_queries[2] = array( "ALTER TABLE `".OGP_DB_PREFIX."billing_service_remote_servers` ADD COLUMN `override_price` DECIMAL(10,2) NULL AFTER `enabled`" ); diff --git a/modules/billing/order.php b/modules/billing/order.php index 8f2c7933..6a662eb0 100644 --- a/modules/billing/order.php +++ b/modules/billing/order.php @@ -201,12 +201,15 @@ if ($row['price_monthly'] == 0.0) { ORDER BY r.remote_server_name"; $mappedResult = $db->query($mappedQuery); if ($mappedResult) { + $firstServer = true; while ($rs = $mappedResult->fetch_assoc()) { - $rsID = (int)$rs['remote_server_id']; - $rsNAME = htmlspecialchars((string)$rs['remote_server_name'], ENT_QUOTES, 'UTF-8'); + $rsID = (int)$rs['remote_server_id']; + $rsNAME = htmlspecialchars((string)$rs['remote_server_name'], ENT_QUOTES, 'UTF-8'); + $checked = $firstServer ? ' checked' : ''; $available_server = true; + $firstServer = false; echo "
\n" - . " \n" + . " \n" . " \n" . "
\n"; }