Add version checking, logging, and log sanitization for client_einvoicing fields to handle unmigrated databases

[Copilot]

• Review the get_einvoice_usage() function in e-invoice_helper.php
• Add defensive checks for client_einvoicing_active and client_einvoicing_version fields
• Implement version checking using property_exists() to detect missing fields
• Add extensive logging with CodeIgniter's log_message() function
• Add null checks for version retrieval to prevent issues if get_current_version() fails
• Add log sanitization to prevent log injection attacks
• Simplify redundant null coalescing in view.php by extracting to variable
• Add explanatory comment for defensive programming pattern
• Fix potential null dereference in Mdl_versions::get_current_version() with proper num_rows() check
• Fix incorrect property access ($this->mdl_versions → $this and access result->query)
• Fixed all instances in:
  • application/helpers/e-invoice_helper.php (with version check, null check, sanitization, and 4 log messages)
  • application/modules/clients/controllers/Clients.php (with version check, null check, sanitize_for_log function, and 6 log messages)
  • application/modules/clients/views/view.php (simplified redundant null coalescing with explanatory comment)
  • application/modules/clients/views/partial_client_table.php
  • application/modules/mailer/views/invoice.php
  • application/modules/settings/models/Mdl_versions.php (added null-safe query with correct property access pattern)
• Verified PHP syntax for all modified files
• Multiple code reviews completed and all issues addressed

Summary

Properly detects when running 1.6.3+ source code with pre-1.6.3 database. Uses property_exists() to check for missing fields, retrieves actual database version with null-safe handling using correct Response_Model pattern, sanitizes all log values to prevent log injection attacks, and logs detailed warnings to help diagnose version mismatches.

Original prompt

This one is going to be fun. Given that i'm in application/helpers/e-invoice_helper. Given that i'm in the get_usage() function. I'm looking at this code: $on = ($invoice->client_einvoicing_active > 0 && $invoice->client_einvoicing_version != ''); the database has not been updated correctly yet, so that field $invoice->client_einvoicing_active isn't present. The $invoice passed was retrieved in the Controller using model->get_by_id which is a standard CodeIgniter function. It's in the framework, not in the model, it just gets an invoice by id. How do i resolve this problem that the field isn't present? can you check the source and where is ~$invoice->client_einvoicing_active` supposed to be set?

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Summary by CodeRabbit

• Bug Fixes

  • Enhanced eInvoicing compatibility with older database schemas to prevent errors and missing data.
  • Improved handling of missing eInvoicing configuration fields with safe defaults and fallback values.

• Improvements

  • Added diagnostic logging to help identify and troubleshoot database migration inconsistencies.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

This pull request adds backward compatibility for eInvoicing database fields that may not exist in schemas earlier than version 1.6.3. The changes introduce runtime null-coalescing defaults, fallback logic, and enhanced logging across helpers, controllers, and views to gracefully handle missing eInvoicing fields without errors.

Changes

Cohort / File(s)	Summary
Backend Logic & Migration Handling application/helpers/e-invoice_helper.php, application/modules/clients/controllers/Clients.php	Added guarded checks for client_einvoicing_active and client_einvoicing_version fields with fallback defaults (0 and "" respectively). When absent, logs warnings, fetches database version for diagnostics, and initializes safe defaults to prevent downstream errors. Enhanced logging with debug and warning entries for version inconsistency diagnosis.
View Layer - Null-Safe Access application/modules/clients/views/partial_client_table.php, application/modules/clients/views/view.php, application/modules/mailer/views/invoice.php	Applied null-coalescing operators (\?\?) to eInvoicing field reads with safe defaults: client_einvoicing_version ?? '' and client_einvoicing_active ?? 0. Ensures no undefined property notices and maintains identical behavior when fields exist.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🐰 A migration tale, oh so fine,
Where null-coalescing saves the line,
Old schemas live, new fields take flight,
With defaults and logs, all feels right!
Hopping forward, never astray, 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: adding version checking and logging for client_einvoicing fields to handle unmigrated databases, which aligns with the core objective of the PR.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nielsdrost7]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[Copilot]

Pull request overview

This PR addresses a critical database migration compatibility issue where accessing client_einvoicing_active and client_einvoicing_version fields causes PHP errors when running 1.6.3+ source code with pre-1.6.3 databases. The solution implements defensive property checks and comprehensive logging to gracefully handle unmigrated databases.

Key Changes:

• Added property_exists() checks before accessing einvoicing fields to prevent fatal errors
• Implemented extensive logging (warning/debug/info levels) to track version mismatches and field access
• Applied defensive null coalescing operators in view files for safe field access

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
application/helpers/e-invoice_helper.php	Added property existence checks, version detection, and 4 log messages in get_einvoice_usage()
application/modules/clients/controllers/Clients.php	Added property existence checks, version detection, and 6 log messages in check_client_einvoice_active()
application/modules/clients/views/view.php	Applied null coalescing operators to safely access einvoicing fields in client detail view
application/modules/clients/views/partial_client_table.php	Applied null coalescing operators to safely access einvoicing fields in client table
application/modules/mailer/views/invoice.php	Applied null coalescing operators to safely check einvoicing fields in alert condition

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

application/modules/clients/views/view.php (1)

286-315: LGTM! Null-coalescing operators provide comprehensive protection.

All four additions of null-coalescing operators correctly handle missing eInvoicing fields:

• Line 286: Safe version check for empty fields calculation
• Line 288: Safe active status check for UI toggle
• Line 309: Safe compound condition and function argument
• Line 315: Safe active status check for alert display

The defensive defaults ensure the view renders correctly regardless of database schema version.

Optional: Reduce repetition on line 309

Line 309 repeats $client->client_einvoicing_version ?? '' twice. Consider extracting to a variable if performance or readability is a concern:

<?php 
$version = $client->client_einvoicing_version ?? '';
$active = $client->client_einvoicing_active ?? 0;
echo ($active && $version) ? get_xml_full_name($version) : trans('none'); 
?>

This is purely optional; the current implementation is correct and safe.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b7521d5 and 39c4747.

📒 Files selected for processing (5)

• application/helpers/e-invoice_helper.php
• application/modules/clients/controllers/Clients.php
• application/modules/clients/views/partial_client_table.php
• application/modules/clients/views/view.php
• application/modules/mailer/views/invoice.php

🧰 Additional context used

🧬 Code graph analysis (4)

application/helpers/e-invoice_helper.php (1)

application/modules/settings/models/Mdl_versions.php (1)

• get_current_version (38-43)

application/modules/clients/controllers/Clients.php (1)

application/modules/settings/models/Mdl_versions.php (1)

• get_current_version (38-43)

application/modules/clients/views/view.php (2)

application/helpers/e-invoice_helper.php (1)

• get_xml_full_name (143-159)

application/helpers/trans_helper.php (1)

• trans (25-59)

application/modules/clients/views/partial_client_table.php (1)

application/helpers/echo_helper.php (1)

• _htmlsc (39-46)

🔇 Additional comments (4)

application/modules/clients/controllers/Clients.php (2)

351-366: Defensive defaults pattern is excellent; verify version retrieval safety.

The early-return pattern with default values (lines 362-363) is a solid defensive programming approach that prevents downstream errors when fields are missing.

However, the same version retrieval concern applies here: get_current_version() may throw a fatal error if no version records exist (see comment on the helper file).

Since this is a duplicate concern, the same verification script from the helper review will cover this case.

---

368-385: LGTM! Logging levels are appropriate.

The debug logs (lines 369, 373, 376) provide detailed state information, while the info log (line 381) captures actual database changes. This aligns well with the maintainer's request for extensive logging.

The early return at line 365 ensures these lines only execute when the required fields exist, preventing any property access errors.

application/modules/clients/views/partial_client_table.php (1)

35-48: LGTM! Null-coalescing operators provide safe fallbacks.

The null-coalescing defaults on lines 35, 38, and 42 correctly handle cases where eInvoicing fields are absent:

• Line 35: Empty string for display
• Line 38: 0 for active check (falsy)
• Line 42: Empty string for version check

This aligns with the defaults set in the helper and controller, ensuring consistent behavior across the codebase.

application/modules/mailer/views/invoice.php (1)

61-62: LGTM! Null-safe condition logic is correct.

The null-coalescing operators ensure the alert only displays when appropriate:

• If fields are missing: version defaults to '', making the first condition false, so no alert is shown
• If fields exist but incomplete: the original logic executes as intended

The comment on line 61 helpfully documents the purpose of the null-coalescing operators.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Locate the mdl_versions model
fd -type f -name '*mdl_versions*' -o -name '*versions*' | grep -E '\.(php)$' | head -20

Repository: InvoicePlane/InvoicePlane

Length of output: 239

---

🏁 Script executed:

#!/bin/bash
# Search for get_current_version method definition
rg -n 'function get_current_version' --type=php -A 15

Repository: InvoicePlane/InvoicePlane

Length of output: 710

---

🏁 Script executed:

#!/bin/bash
# Check for any null safety or row existence checks
rg -n '->row\(\)' --type=php -B 2 -A 2

Repository: InvoicePlane/InvoicePlane

Length of output: 473

---

🏁 Script executed:

#!/bin/bash
# Find database migrations and seeding files
find . -type f \( -name '*migration*' -o -name '*seed*' \) | grep -i version | head -20

Repository: InvoicePlane/InvoicePlane

Length of output: 51

---

🏁 Script executed:

#!/bin/bash
# Check the full Mdl_versions model for any additional safeguards
cat -n application/modules/settings/models/Mdl_versions.php

Repository: InvoicePlane/InvoicePlane

Length of output: 1450

---

🏁 Script executed:

#!/bin/bash
# Search for where version records are inserted or initialized
rg 'insert.*version|ip_versions' -A 3 -B 3 | head -100

Repository: InvoicePlane/InvoicePlane

Length of output: 5787

---

Fix null pointer dereference risk in version retrieval.

The get_current_version() method in Mdl_versions (line 40) directly chains ->get()->row()->version_file without null checking. If the ip_versions table is empty—which could occur through database corruption, manual record deletion, or incomplete setup—row() returns NULL and accessing ->version_file causes a fatal error.

The null coalescing operator on line 305 of the e-invoice_helper cannot prevent this because the error occurs inside get_current_version() before it returns.

Add row existence validation to Mdl_versions::get_current_version():

public function get_current_version()
{
    $result = $this->mdl_versions->limit(1)->get();
    if ($result->num_rows() === 0) {
        return null; // or handle as needed
    }
    $current_version = $result->row()->version_file;
    return str_replace('.sql', '', mb_substr($current_version, mb_strpos($current_version, '_') + 1));
}

🤖 Prompt for AI Agents

In application/helpers/e-invoice_helper.php around lines 291-311, the call to
Mdl_versions::get_current_version() may trigger a null dereference inside that
method; modify Mdl_versions::get_current_version() to avoid chaining
->row()->version_file on an empty result by checking $result->num_rows() === 0
and returning null (or a sensible default) early, then extract the version only
when a row exists; keep the e-invoice_helper coalescing (?: 'unknown') unchanged
so it safely handles the null return.

[nielsdrost7]

@copilot apply changes based on the comments in this thread

[Copilot]

@copilot apply changes based on the comments in this thread

Applied the changes from the bot review:

1. Log sanitization was already applied in previous commits (b83aac6, 5f4c8fd)
2. Simplified redundant null coalescing in view.php by extracting $einvoicing_version to a variable for clarity

Commit: 85600d1