gitmedia/mein-sterntours
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

WIP: Sicherheitsnetz vor Phase-1-R\u00fcckbau

Browse source 
Enth\u00e4lt gemischt: Laravel-10-Upgrade + Phase 1 (Contacts-Modul, Duplicats-Commands,
Soft-Delete+Merge-Fields) + Phase 2 Code-Umstellungen (inquiry_id, $table='contacts'/'inquiries')
+ Offers-Modul (Migrationen, Models, offer_id in Booking, offer-Disk in filesystems.php).

Phase 2 + Offers werden im folgenden Commit nach dev/backups/phase2-offers-2026-04-17/
verschoben, damit der Workspace auf Phase-1-only (= Test-System-Stand) reduziert ist
und direkt auf Live deploybar wird.

Tarball-Backup zus\u00e4tzlich unter: ../backups-safety/workspace-pre-phase1-rollback-2026-04-17.tar.gz

Made-with: Cursor
This commit is contained in:
Phase-1-Rollback-Agent 2026-04-17 13:40:31 +00:00
parent 389d5d1820
commit e3dc1afd8e
165 changed files with 21914 additions and 3516 deletions
Download patch file Download diff file Expand all files Collapse all files

222
_ide_helper.php
View file

@ -256,7 +256,7 @@
}
/**
* Get the path to the views directory.
*
*
* This method returns the first configured path in the array of view paths.
*
* @param string $path
@ -942,9 +942,9 @@
}
/**
* Returns true if the container can return an entry for the given identifier.
*
*
* Returns false otherwise.
*
*
* `has($id)` returning true does not mean that `get($id)` will not throw an exception.
* It does however mean that `get($id)` will not throw a `NotFoundExceptionInterface`.
*
@ -1963,7 +1963,7 @@
}
/**
* Log the user out of the application on their current device only.
*
*
* This method does not cycle the "remember" token.
*
* @return void
@ -1976,7 +1976,7 @@
}
/**
* Invalidate other sessions for the current user.
*
*
* The application must be using the AuthenticateSession middleware.
*
* @param string $password
@ -2909,7 +2909,7 @@
}
/**
* Dispatch a command to its appropriate handler in the current process.
*
*
* Queueable jobs will be dispatched to the "sync" queue.
*
* @param mixed $command
@ -3474,7 +3474,7 @@
}
/**
* Retrieve multiple items from the cache by key.
*
*
* Items not found in the cache will have a null value.
*
* @param array $keys
@ -6334,7 +6334,7 @@
}
/**
* Recursively delete a directory.
*
*
* The directory itself may be optionally preserved.
*
* @param string $directory
@ -7327,7 +7327,7 @@
}
/**
* Action must be taken immediately.
*
*
* Example: Entire website down, database unavailable, etc. This should
* trigger the SMS alerts and wake you up.
*
@ -7343,7 +7343,7 @@
}
/**
* Critical conditions.
*
*
* Example: Application component unavailable, unexpected exception.
*
* @param string $message
@ -7372,7 +7372,7 @@
}
/**
* Exceptional occurrences that are not errors.
*
*
* Example: Use of deprecated APIs, poor use of an API, undesirable things
* that are not necessarily wrong.
*
@ -7401,7 +7401,7 @@
}
/**
* Interesting events.
*
*
* Example: User logs in, SQL logs.
*
* @param string $message
@ -9250,7 +9250,7 @@
}
/**
* This method belongs to Symfony HttpFoundation and is not usually needed when using Laravel.
*
*
* Instead, you may use the "input" method.
*
* @param string $key
@ -9509,7 +9509,7 @@
}
/**
* Sets the parameters for this request.
*
*
* This method also re-initializes all properties.
*
* @param array $query The GET parameters
@ -9538,7 +9538,7 @@
}
/**
* Creates a Request based on a given URI and configuration.
*
*
* The information contained in the URI always take precedence
* over the other information (server and parameters).
*
@ -9559,7 +9559,7 @@
}
/**
* Sets a callable able to create a Request instance.
*
*
* This is mainly useful when you need to override the Request class
* to keep BC with an existing system. It should not be used for any
* other purpose.
@ -9572,7 +9572,7 @@
}
/**
* Overrides the PHP global variables according to this request instance.
*
*
* It overrides $_GET, $_POST, $_REQUEST, $_SERVER, $_COOKIE.
* $_FILES is never overridden, see rfc1867
*
@ -9585,7 +9585,7 @@
}
/**
* Sets a list of trusted proxies.
*
*
* You should only list the reverse proxies that you manage directly.
*
* @param array $proxies A list of trusted proxies, the string 'REMOTE_ADDR' will be replaced with $_SERVER['REMOTE_ADDR']
@ -9618,7 +9618,7 @@
}
/**
* Sets a list of trusted host patterns.
*
*
* You should only list the hosts you manage using regexs.
*
* @param array $hostPatterns A list of trusted host patterns
@ -9640,7 +9640,7 @@
}
/**
* Normalizes a query string.
*
*
* It builds a normalized query string, where keys/value pairs are alphabetized,
* have consistent escaping and unneeded delimiters are removed.
*
@ -9653,13 +9653,13 @@
}
/**
* Enables support for the _method request parameter to determine the intended HTTP method.
*
*
* Be warned that enabling this feature might lead to CSRF issues in your code.
* Check that you are using CSRF tokens when required.
* If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered
* and used to send a "PUT" or "DELETE" request via the _method request parameter.
* If these methods are not protected against CSRF, this presents a possible vulnerability.
*
*
* The HTTP method can only be overridden when the real HTTP method is POST.
*
* @static
@ -9692,7 +9692,7 @@
}
/**
* Whether the request contains a Session object.
*
*
* This method does not give any information about the state of the session object,
* like whether the session is started or not. It is just a way to check if this Request
* is associated with a Session instance.
@ -9726,11 +9726,11 @@
}
/**
* Returns the client IP addresses.
*
*
* In the returned array the most trusted IP address is first, and the
* least trusted one last. The "real" client IP address is the last one,
* but this is also the least trusted one. Trusted proxies are stripped.
*
*
* Use this method carefully; you should use getClientIp() instead.
*
* @return array
@ -9744,13 +9744,13 @@
}
/**
* Returns the client IP address.
*
*
* This method can read the client IP address from the "X-Forwarded-For" header
* when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For"
* header value is a comma+space separated list of IP addresses, the left-most
* being the original client, and each successive proxy that passed the request
* adding the IP address where it received the request from.
*
*
* If your reverse proxy uses a different header name than "X-Forwarded-For",
* ("Client-Ip" for instance), configure it via the $trustedHeaderSet
* argument of the Request::setTrustedProxies() method instead.
@ -9778,11 +9778,11 @@
}
/**
* Returns the path being requested relative to the executed script.
*
*
* The path info always starts with a /.
*
*
* Suppose this request is instantiated from /mysite on localhost:
*
*
* * http://localhost/mysite returns an empty string
* * http://localhost/mysite/about returns '/about'
* * http://localhost/mysite/enco%20ded returns '/enco%20ded'
@ -9798,9 +9798,9 @@
}
/**
* Returns the root path from which this request is executed.
*
*
* Suppose that an index.php file instantiates this request object:
*
*
* * http://localhost/index.php returns an empty string
* * http://localhost/index.php/page returns an empty string
* * http://localhost/web/index.php returns '/web'
@ -9816,9 +9816,9 @@
}
/**
* Returns the root URL from which this request is executed.
*
*
* The base URL never ends with a /.
*
*
* This is similar to getBasePath(), except that it also includes the
* script filename (e.g. index.php) if one exists.
*
@ -9843,10 +9843,10 @@
}
/**
* Returns the port on which the request is made.
*
*
* This method can read the client port from the "X-Forwarded-Port" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Port" header must contain the client port.
*
* @return int|string|null Can be a string if fetched from the server bag
@ -9892,7 +9892,7 @@
}
/**
* Returns the HTTP host being requested.
*
*
* The port name will be appended to the host if it's non-standard.
*
* @return string
@ -9916,7 +9916,7 @@
}
/**
* Gets the scheme and HTTP host.
*
*
* If the URL was called with basic authentication, the user
* and the password are not added to the generated string.
*
@ -9954,12 +9954,12 @@
}
/**
* Returns the path as relative reference from the current Request path.
*
*
* Only the URIs path component (no schema, host etc.) is relevant and must be given.
* Both paths must be absolute and not contain relative parts.
* Relative URLs from one resource to another are useful when generating self-contained downloadable document archives.
* Furthermore, they can be used to reduce the link size in documents.
*
*
* Example target paths, given a base path of "/a/b/c/d":
* - "/a/b/c/d" -> ""
* - "/a/b/c/" -> "./"
@ -9977,7 +9977,7 @@
}
/**
* Generates the normalized query string for the Request.
*
*
* It builds a normalized query string, where keys/value pairs are alphabetized
* and have consistent escaping.
*
@ -9991,10 +9991,10 @@
}
/**
* Checks whether the request is secure or not.
*
*
* This method can read the client protocol from the "X-Forwarded-Proto" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
*
* @return bool
@ -10007,10 +10007,10 @@
}
/**
* Returns the host name.
*
*
* This method can read the client host name from the "X-Forwarded-Host" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Host" header must contain the client host name.
*
* @return string
@ -10034,13 +10034,13 @@
}
/**
* Gets the request "intended" method.
*
*
* If the X-HTTP-Method-Override header is set, and if the method is a POST,
* then it is used to determine the "real" intended HTTP method.
*
*
* The _method request parameter can also be used to determine the HTTP method,
* but only if enableHttpMethodParameterOverride() has been called.
*
*
* The method is always an uppercased string.
*
* @return string
@ -10109,9 +10109,9 @@
}
/**
* Gets the request format.
*
*
* Here is the process to determine the format:
*
*
* * format defined by the user (with setRequestFormat())
* * _format request attribute
* * $default
@ -10237,7 +10237,7 @@
}
/**
* Returns the protocol version.
*
*
* If the application is behind a proxy, the protocol version used in the
* requests between the client and the proxy and between the proxy and the
* server might be different. This returns the former (from the "Via" header)
@ -10288,7 +10288,7 @@
* Gets the preferred format for the response by inspecting, in the following order:
* * the request format set using setRequestFormat;
* * the values of the Accept HTTP header.
*
*
* Note that if you use this method, you should send the "Vary: Accept" header
* in the response to prevent any issues with intermediary HTTP caches.
*
@ -10357,7 +10357,7 @@
}
/**
* Returns true if the request is an XMLHttpRequest.
*
*
* It works if your JavaScript library sets an X-Requested-With HTTP header.
* It is known to work with common JavaScript frameworks:
*
@ -10383,7 +10383,7 @@
}
/**
* Indicates whether this request originated from a trusted proxy.
*
*
* This can be useful to determine whether or not to trust the
* contents of a proxy-specific header.
*
@ -10767,7 +10767,7 @@
}
/**
* Retrieve input as a boolean value.
*
*
* Returns true when value is "1", "true", "on", and "yes". Otherwise, returns false.
*
* @param string|null $key
@ -11750,7 +11750,7 @@
}
/**
* Add a middleware to the beginning of a middleware group.
*
*
* If the middleware is already in the group, it will not be added again.
*
* @param string $group
@ -11765,7 +11765,7 @@
}
/**
* Add a middleware to the end of a middleware group.
*
*
* If the middleware is already in the group, it will not be added again.
*
* @param string $group
@ -15728,7 +15728,7 @@
}
/**
* This method belongs to Symfony HttpFoundation and is not usually needed when using Laravel.
*
*
* Instead, you may use the "input" method.
*
* @param string $key
@ -15987,7 +15987,7 @@
}
/**
* Sets the parameters for this request.
*
*
* This method also re-initializes all properties.
*
* @param array $query The GET parameters
@ -16016,7 +16016,7 @@
}
/**
* Creates a Request based on a given URI and configuration.
*
*
* The information contained in the URI always take precedence
* over the other information (server and parameters).
*
@ -16037,7 +16037,7 @@
}
/**
* Sets a callable able to create a Request instance.
*
*
* This is mainly useful when you need to override the Request class
* to keep BC with an existing system. It should not be used for any
* other purpose.
@ -16050,7 +16050,7 @@
}
/**
* Overrides the PHP global variables according to this request instance.
*
*
* It overrides $_GET, $_POST, $_REQUEST, $_SERVER, $_COOKIE.
* $_FILES is never overridden, see rfc1867
*
@ -16063,7 +16063,7 @@
}
/**
* Sets a list of trusted proxies.
*
*
* You should only list the reverse proxies that you manage directly.
*
* @param array $proxies A list of trusted proxies, the string 'REMOTE_ADDR' will be replaced with $_SERVER['REMOTE_ADDR']
@ -16096,7 +16096,7 @@
}
/**
* Sets a list of trusted host patterns.
*
*
* You should only list the hosts you manage using regexs.
*
* @param array $hostPatterns A list of trusted host patterns
@ -16118,7 +16118,7 @@
}
/**
* Normalizes a query string.
*
*
* It builds a normalized query string, where keys/value pairs are alphabetized,
* have consistent escaping and unneeded delimiters are removed.
*
@ -16131,13 +16131,13 @@
}
/**
* Enables support for the _method request parameter to determine the intended HTTP method.
*
*
* Be warned that enabling this feature might lead to CSRF issues in your code.
* Check that you are using CSRF tokens when required.
* If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered
* and used to send a "PUT" or "DELETE" request via the _method request parameter.
* If these methods are not protected against CSRF, this presents a possible vulnerability.
*
*
* The HTTP method can only be overridden when the real HTTP method is POST.
*
* @static
@ -16170,7 +16170,7 @@
}
/**
* Whether the request contains a Session object.
*
*
* This method does not give any information about the state of the session object,
* like whether the session is started or not. It is just a way to check if this Request
* is associated with a Session instance.
@ -16204,11 +16204,11 @@
}
/**
* Returns the client IP addresses.
*
*
* In the returned array the most trusted IP address is first, and the
* least trusted one last. The "real" client IP address is the last one,
* but this is also the least trusted one. Trusted proxies are stripped.
*
*
* Use this method carefully; you should use getClientIp() instead.
*
* @return array
@ -16222,13 +16222,13 @@
}
/**
* Returns the client IP address.
*
*
* This method can read the client IP address from the "X-Forwarded-For" header
* when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For"
* header value is a comma+space separated list of IP addresses, the left-most
* being the original client, and each successive proxy that passed the request
* adding the IP address where it received the request from.
*
*
* If your reverse proxy uses a different header name than "X-Forwarded-For",
* ("Client-Ip" for instance), configure it via the $trustedHeaderSet
* argument of the Request::setTrustedProxies() method instead.
@ -16256,11 +16256,11 @@
}
/**
* Returns the path being requested relative to the executed script.
*
*
* The path info always starts with a /.
*
*
* Suppose this request is instantiated from /mysite on localhost:
*
*
* * http://localhost/mysite returns an empty string
* * http://localhost/mysite/about returns '/about'
* * http://localhost/mysite/enco%20ded returns '/enco%20ded'
@ -16276,9 +16276,9 @@
}
/**
* Returns the root path from which this request is executed.
*
*
* Suppose that an index.php file instantiates this request object:
*
*
* * http://localhost/index.php returns an empty string
* * http://localhost/index.php/page returns an empty string
* * http://localhost/web/index.php returns '/web'
@ -16294,9 +16294,9 @@
}
/**
* Returns the root URL from which this request is executed.
*
*
* The base URL never ends with a /.
*
*
* This is similar to getBasePath(), except that it also includes the
* script filename (e.g. index.php) if one exists.
*
@ -16321,10 +16321,10 @@
}
/**
* Returns the port on which the request is made.
*
*
* This method can read the client port from the "X-Forwarded-Port" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Port" header must contain the client port.
*
* @return int|string|null Can be a string if fetched from the server bag
@ -16370,7 +16370,7 @@
}
/**
* Returns the HTTP host being requested.
*
*
* The port name will be appended to the host if it's non-standard.
*
* @return string
@ -16394,7 +16394,7 @@
}
/**
* Gets the scheme and HTTP host.
*
*
* If the URL was called with basic authentication, the user
* and the password are not added to the generated string.
*
@ -16432,12 +16432,12 @@
}
/**
* Returns the path as relative reference from the current Request path.
*
*
* Only the URIs path component (no schema, host etc.) is relevant and must be given.
* Both paths must be absolute and not contain relative parts.
* Relative URLs from one resource to another are useful when generating self-contained downloadable document archives.
* Furthermore, they can be used to reduce the link size in documents.
*
*
* Example target paths, given a base path of "/a/b/c/d":
* - "/a/b/c/d" -> ""
* - "/a/b/c/" -> "./"
@ -16455,7 +16455,7 @@
}
/**
* Generates the normalized query string for the Request.
*
*
* It builds a normalized query string, where keys/value pairs are alphabetized
* and have consistent escaping.
*
@ -16469,10 +16469,10 @@
}
/**
* Checks whether the request is secure or not.
*
*
* This method can read the client protocol from the "X-Forwarded-Proto" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
*
* @return bool
@ -16485,10 +16485,10 @@
}
/**
* Returns the host name.
*
*
* This method can read the client host name from the "X-Forwarded-Host" header
* when trusted proxies were set via "setTrustedProxies()".
*
*
* The "X-Forwarded-Host" header must contain the client host name.
*
* @return string
@ -16512,13 +16512,13 @@
}
/**
* Gets the request "intended" method.
*
*
* If the X-HTTP-Method-Override header is set, and if the method is a POST,
* then it is used to determine the "real" intended HTTP method.
*
*
* The _method request parameter can also be used to determine the HTTP method,
* but only if enableHttpMethodParameterOverride() has been called.
*
*
* The method is always an uppercased string.
*
* @return string
@ -16587,9 +16587,9 @@
}
/**
* Gets the request format.
*
*
* Here is the process to determine the format:
*
*
* * format defined by the user (with setRequestFormat())
* * _format request attribute
* * $default
@ -16715,7 +16715,7 @@
}
/**
* Returns the protocol version.
*
*
* If the application is behind a proxy, the protocol version used in the
* requests between the client and the proxy and between the proxy and the
* server might be different. This returns the former (from the "Via" header)
@ -16766,7 +16766,7 @@
* Gets the preferred format for the response by inspecting, in the following order:
* * the request format set using setRequestFormat;
* * the values of the Accept HTTP header.
*
*
* Note that if you use this method, you should send the "Vary: Accept" header
* in the response to prevent any issues with intermediary HTTP caches.
*
@ -16835,7 +16835,7 @@
}
/**
* Returns true if the request is an XMLHttpRequest.
*
*
* It works if your JavaScript library sets an X-Requested-With HTTP header.
* It is known to work with common JavaScript frameworks:
*
@ -16861,7 +16861,7 @@
}
/**
* Indicates whether this request originated from a trusted proxy.
*
*
* This can be useful to determine whether or not to trust the
* contents of a proxy-specific header.
*
@ -17245,7 +17245,7 @@
}
/**
* Retrieve input as a boolean value.
*
*
* Returns true when value is "1", "true", "on", and "yes". Otherwise, returns false.
*
* @param string|null $key
@ -18754,7 +18754,7 @@
* A simple API extension for DateTime.
*
* @mixin DeprecatedProperties
*
*
* <autodoc generated by `composer phpdoc`>
* @property int $year
* @property int $yearIso
@ -19235,7 +19235,7 @@
* @method string longRelativeToOtherDiffForHumans(DateTimeInterface $other = null, int $parts = 1) Get the difference (long format, 'RelativeToOther' mode) in a human readable format in the current locale. ($other and $parts parameters can be swapped.)
* @method static static|false createFromFormat(string $format, string $time, DateTimeZone|string|false|null $timezone = null) Parse a string into a new Carbon object according to the specified format.
* @method static static __set_state(array $array) https://php.net/manual/en/datetime.set-state.php
*
*
* </autodoc>
*/
class Carbon {
@ -19538,7 +19538,7 @@
class DataTables {
/**
* Make a DataTable instance from source.
*
*
* Alias of make for backward compatibility.
*
* @param mixed $source
@ -19812,9 +19812,9 @@
}
/**
* Output the PDF as a string.
*
*
* The options parameter controls the output. Accepted options are:
*
*
* 'compress' = > 1 or 0 - apply content stream compression, this is
* on (1) by default
*
@ -19983,9 +19983,9 @@
}
/**
* Output the PDF as a string.
*
*
* The options parameter controls the output. Accepted options are:
*
*
* 'compress' = > 1 or 0 - apply content stream compression, this is
* on (1) by default
*
@ -20278,7 +20278,7 @@
}
/**
* Adds a message to the MessagesCollector
*
*
* A message can be anything from an object to a string
*
* @param mixed $message
@ -20404,7 +20404,7 @@
}
/**
* Returns the HTTP driver
*
*
* If no http driver where defined, a PhpHttpDriver is automatically created
*
* @return \DebugBar\HttpDriverInterface
@ -20417,7 +20417,7 @@
}
/**
* Returns collected data
*
*
* Will collect the data if none have been collected yet
*
* @return array
@ -20833,7 +20833,7 @@
/**
* Allows to charge for additional fees that may or may not be taxable
* ex - service fee , delivery fee, tips.
*
*
* Because it uses ->put, the name must be unique otherwise will be overwritten.
*
* @param $name