arne/simple-withdrawalbutton
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity
Files
346ee7b6164bcc236ec4152e89d5c49511591398
simple-withdrawalbutton/CLAUDE.md
T
Arne Weiss 346ee7b616 Initial commit with all bug and compliance fixes 
- Remove double pSQL() escaping in Db::insert/update calls (data corruption fix)
- Rename honeypot field from 'website' to 'cyp_hp_v1' to prevent browser autofill false positives
- Wrap Mail::Send() in try/catch; capture shop notification result to detect failures
- Scope order lookup to current shop (multi-shop fix)
- Translate scope_label and email subjects per language (de/en)
- Make formatDateTimeForMail() language-aware
- Add GDPR Art. 13 privacy notice to withdrawal form
- Add configurable privacy policy URL and Widerrufsbelehrung link
- Add configurable retention period and manual purge button in admin settings
- Show full submitted data on success page as proper receipt
- Fix admin redirect URL format in processStatusUpdate()
- Remove IP/UA hash display from admin detail view (GDPR data minimization)
2026-06-01 07:30:29 +02:00

2.8 KiB
Raw Blame History

CLAUDE.md

This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.

Project Overview

PrestaShop module (v0.1.0) implementing an electronic withdrawal declaration form for German B2C e-commerce. Fulfills EU consumer protection law requirements (Widerrufsrecht) by providing a documented receipt of withdrawal requests.

Compatibility: PrestaShop 1.7.8+ / 8 / 9, PHP 7.2+

No Build System

This is a classical PrestaShop legacy module with no npm, Composer, Makefile, or test framework. Deployment is via ZIP upload in PrestaShop Admin → Module Manager.

Architecture

Core Components

File Role
cyp_withdrawalbutton.php Main module class: install/uninstall, config form, hook handlers, utility methods
controllers/front/withdraw.php Public front controller for the withdrawal form (no auth required)
controllers/admin/AdminCypWithdrawalController.php Backoffice list/detail view with status management

Request Flow

  1. Customer clicks footer link (displayFooter hook) or account dashboard link (displayCustomerAccount hook)
  2. controllers/front/withdraw.php handles two POST steps:
    • Step 1 (prepare): validate + render confirm.tpl
    • Step 2 (confirm): write to DB, send emails, render success.tpl
  3. Two emails sent: customer confirmation + shop notification (configured admin email)

Database

Single table ps_cyp_withdrawal_request. Schema is defined inline in cyp_withdrawalbutton.php::install() — no separate SQL files. Records are intentionally not deleted on uninstall (legal compliance).

Key fields: order_reference, withdrawal_scope (ENUM: full|partial), status (ENUM: new|processing|closed), customer_ip_hash / user_agent_hash (SHA256, privacy).

Security Model

  • CSRF token stored in session, validated on confirm step
  • Honeypot field (website input, must be empty)
  • Rate limiting: configurable max requests per email+IP hash per hour (default 5)
  • All DB queries use PrestaShop's pSQL() parameterization
  • IP and user-agent are hashed (SHA256) before storage

Templates

Smarty templates in views/templates/front/ (form.tpl, confirm.tpl, success.tpl) and views/templates/hook/. Email templates in mails/de/ and mails/en/.

The items field in form.tpl is conditionally shown via vanilla JS only when withdrawal_scope === 'partial'.

PrestaShop Conventions

  • Use pSQL() for all DB string interpolation; (int) cast for integers
  • Hook registration/deregistration in install()/uninstall()
  • Admin tab registered as AdminCypWithdrawal — the controller class name must match
  • Module config stored via Configuration::get/updateValue()
  • Email sending uses Mail::Send() with template files in mails/{lang}/
Reference in New Issue View Git Blame Copy Permalink