(Fix) Donations: prevent time loss, fix sorting, count pending, support multiple same user donos#5282
(Fix) Donations: prevent time loss, fix sorting, count pending, support multiple same user donos#5282Oha-you wants to merge 7 commits intoHDInnovations:developmentfrom
Conversation
|
It's usually best to make separate PRs, one for each commit here. Some of the changes look quick to approve, others not so much. I don't think your code accounts for if a donation is lifetime. Can you look into this? |
| if ($latestDonation === null) { | ||
| $donation->ends_at = $now->addDays($donation->package->donor_value); | ||
| } else { | ||
| $donation->ends_at = $latestDonation->ends_at->addDays($donation->package->donor_value); | ||
| } |
There was a problem hiding this comment.
| if ($latestDonation === null) { | |
| $donation->ends_at = $now->addDays($donation->package->donor_value); | |
| } else { | |
| $donation->ends_at = $latestDonation->ends_at->addDays($donation->package->donor_value); | |
| } | |
| $donation->ends_at = $donation->starts_at->addDays($donation->package->donor_value); |
There was a problem hiding this comment.
Something like this would also keep it simple. You can make the assumption that users use UTC so don't have to worry about daylight savings either.
There was a problem hiding this comment.
Great idea, thank you. AI also suggested to add ->copy() before ->addDays
Carbon mutates the object. Without
copy(), you risk modifyingstarts_at
5812cdb to
ef1335b
Compare
I'll try to do so in future PRs, but some commits here are tied together.
You were right. I think I managed to cover all possible scenarios now. I also added a new commit since I forgot to fix hardcoded values in the other Staff views: ef1335b There I extended default SweetAlert2 options for |
|
Haven't had time to look it over yet, but briefly saw this:
This is an XSS vulnerability since the |
ef1335b to
55543c0
Compare
Fair. Added escaping with e( ) helper to usernames, package and gateway names. It indeed helped:
|
|
The last commit here: 47377eb |

Using
datetype for donation'sstarts_atandends_attimes leads to up to 24 hours of lost paid time for all donors. Example:starts_atvalue is set to2026-02-16without a time (00:00:00internally); server time is also UTCends_atvalue is set to2026-02-23without a time (00:00:00internally)auto:remove_expired_donorsstarts at00:00:01and setsis_donorfor this user tofalse:UNIT3D/app/Console/Commands/AutoRemoveExpiredDonors.php
Lines 54 to 56 in fd63b96
timestamptype is chosen instead ofdatetimebecause it automatically adjusts values to the server timezone in case the admin decides to change it (not a single second will be lost)->daily()inConsole/Kernel.phpwithtwiceDaily(),everySixHours(), etc.Donations should be sorted by
updated_atproperty in sum and goal calculations. Example:created_at=2026-02-28)updated_at=2026-03-01)Correctly set start and end times for donations made by the same user when the current donation is still active
updated_atinstead ofstarts_atfor "Latest donation date" because after this changestarts_atmight be in the futureRemove some hardcoded
USDand$text from the donation modalAdd "Pending donations count" to the Staff Dashboard, same as for Applications (with an animated badge)