Merge pull request #8137 from turbo124/v5-develop

Fix for data leak on products route when using the ?with filter

VERSION.txt

@@ -1 +1 @@
-5.5.53
+5.5.54

app/Console/Commands/CreateSingleAccount.php

@@ -306,7 +306,7 @@ class CreateSingleAccount extends Command
 
         $webhook_config = [
             'post_purchase_url' => 'http://ninja.test:8000/api/admin/plan',
-            'post_purchase_rest_method' => 'POST',
+            'post_purchase_rest_method' => 'post',
             'post_purchase_headers' => [config('ninja.ninja_hosted_header') => config('ninja.ninja_hosted_secret')],
         ];
 

app/Filters/QueryFilters.php

@@ -251,6 +251,7 @@ abstract class QueryFilters
     {
         return $this->builder
             ->orWhere($this->with_property, $value)
-            ->orderByRaw("{$this->with_property} = ? DESC", [$value]);
+            ->orderByRaw("{$this->with_property} = ? DESC", [$value])
+            ->company();
     }
 }

app/Services/Subscription/SubscriptionService.php

@@ -239,11 +239,6 @@ class SubscriptionService
                                 ->where('status_id', Invoice::STATUS_PAID)
                                 ->first();
 
-if($last_invoice)
-    nlog($last_invoice->toArray());
-else
-    nlog("no invoice found");
-
         $refund = $this->calculateProRataRefundForSubscription($last_invoice);
 
         if($use_credit_setting != 'off')
@@ -340,7 +335,7 @@ else
      */
     private function calculateProRataRefundForSubscription($invoice) :float
     {
-        if(!$invoice || !$invoice->date)
+        if(!$invoice || !$invoice->date || $invoice->status_id != Invoice::STATUS_PAID)
             return 0;
 
         $start_date = Carbon::parse($invoice->date);
@@ -486,7 +481,7 @@ else
                                          ->where('client_id', $recurring_invoice->client_id)
                                          ->where('is_proforma',0)
                                          ->where('is_deleted', 0)
-                                         ->where('status_id', Invoice::STATUS_PAID)
+                                         ->whereIn('status_id', [Invoice::STATUS_SENT, Invoice::STATUS_PARTIAL, Invoice::STATUS_PAID])
                                          ->withTrashed()
                                          ->orderBy('id', 'desc')
                                          ->first();
@@ -626,6 +621,7 @@ else
 
         $last_invoice = Invoice::where('subscription_id', $recurring_invoice->subscription_id)
                                          ->where('client_id', $recurring_invoice->client_id)
+                                         ->where('is_proforma',0)
                                          ->where('is_deleted', 0)
                                          ->withTrashed()
                                          ->orderBy('id', 'desc')
@@ -673,6 +669,7 @@ else
         $last_invoice = Invoice::where('subscription_id', $recurring_invoice->subscription_id)
                                          ->where('client_id', $recurring_invoice->client_id)
                                          ->where('is_deleted', 0)
+                                         ->where('is_proforma',0)
                                          ->withTrashed()
                                          ->orderBy('id', 'desc')
                                          ->first();

config/ninja.php

@@ -14,8 +14,8 @@ return [
     'require_https' => env('REQUIRE_HTTPS', true),
     'app_url' => rtrim(env('APP_URL', ''), '/'),
     'app_domain' => env('APP_DOMAIN', 'invoicing.co'),
-    'app_version' => '5.5.53',
+    'app_version' => '5.5.54',
-    'app_tag' => '5.5.53',
+    'app_tag' => '5.5.54',
     'minimum_client_version' => '5.0.16',
     'terms_version' => '1.0.1',
     'api_secret' => env('API_SECRET', ''),