Prevent deposit PDF 500s, preserve AdvancedDeposit filters, and improve Financial Reports UX

[DawoudIO]

What Changed

Critical Bug (PledgeQuery): filterForAdvancedDeposit() was using LEFT JOIN for deposit date filtering, which doesn't enforce the deposit must exist. Fixed by using innerJoinWithDeposit() when datetype='Deposit' fix #7638

• AdvancedDeposit CSV Export: No-data redirect wasn't preserving datetype + date parameters. Fixed.

• TaxReport CSV Export: No-data redirect wasn't preserving date parameters. Fixed.

• ZeroGivers CSV Export: No-data redirect wasn't preserving date parameters. Fixed.

• Restores Advanced Deposit Report datetype filtering (Deposit vs Payment date) and preserves date filters across redirects.

• Fixes deposit PDF/CSV server errors and noisy logs when deposits have no payments.

• Adds client-side pre-checks and user notifications to prevent invalid export attempts.

• Improves Financial Reports UI: moves inline styles to SCSS, de-cramps filters, and fixes datepicker z-index.

Type

• ✨ Feature
• 🐛 Bug fix
• ♻️ Refactor
• 🏗️ Build/Infrastructure
• 🔒 Security

Testing

Screenshots

Security Check

• Introduces new input validation
• Modifies authentication/authorization
• Affects data privacy/GDPR

Code Quality

• Database: Propel ORM only, no raw SQL
• No deprecated attributes (align, valign, nowrap, border, cellpadding, cellspacing, bgcolor)
• Bootstrap CSS classes used
• All CSS bundled via webpack

Pre-Merge

• Tested locally
• No new warnings
• Build passes
• Backward compatible (or migration documented)

[Copilot]

Pull request overview

This PR addresses critical bugs in deposit PDF generation and Advanced Deposit Report filtering. The main changes restore datetype filtering (Deposit vs Payment date) for the Advanced Deposit Report, add client-side and server-side guards to prevent 500 errors when generating PDFs for deposits without payments, preserve filter parameters across CSV export redirects, and improve Financial Reports UI by extracting inline styles to SCSS.

Key Changes:

• Adds datetype parameter to PledgeQuery::filterForAdvancedDeposit() to support filtering by either payment date or deposit date
• Implements client-side and API-level validation to prevent PDF generation for empty deposits
• Preserves date range and datetype parameters when redirecting back from "No Data" CSV exports

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/ChurchCRM/model/ChurchCRM/PledgeQuery.php	Adds datetype parameter and conditional INNER/LEFT JOIN logic for deposit date filtering; modifies payment method filtering approach
src/ChurchCRM/Service/FinancialService.php	Passes datetype parameter through to PledgeQuery
src/api/routes/finance/finance-deposits.php	Adds payment count validation before PDF generation with 404 response for empty deposits
src/Reports/PrintDeposit.php	Adds server-side guard that redirects with warning message when deposit has no payments
src/skin/js/FindDepositSlip.js	Implements client-side AJAX check for payments before allowing PDF export
src/skin/js/DepositSlipEditor.js	Implements client-side AJAX check for payments before PDF generation
src/Reports/AdvancedDeposit.php	Preserves DateStart, DateEnd, and datetype parameters in redirect URL
src/FinancialReports.php	Extracts and preserves date/datetype parameters from GET/POST for form repopulation
src/skin/scss/_financial-reports.scss	New SCSS file containing styles extracted from inline PHP
src/skin/churchcrm.scss	Imports the new _financial-reports.scss module

[Copilot]

The PHPDoc comment states "'Payment' for pledge date" but the parameter name is $datetype and the valid values are 'Payment' or 'Deposit'. This is confusing.

The comment should clarify what 'Payment' means in this context - it filters by the payment date (plg_date), not the deposit date.

Recommendation: Update the comment to be clearer:

* @param string $datetype 'Payment' for payment date (plg_date), 'Deposit' for deposit date (dep_date)

Suggested change

	* @param string $datetype 'Payment' for pledge date, 'Deposit' for deposit date
	* @param string $datetype 'Payment' for payment date (plg_date), 'Deposit' for deposit date (dep_date)

[Copilot]

The payment method filtering logic is incorrect. Using addOr() with a new query instance doesn't combine filters properly in Propel. This will likely produce incorrect SQL.

The original code $this->filterByMethod($methods, \Propel\Runtime\ActiveQuery\Criteria::IN) was correct for filtering by multiple payment methods using an IN clause. The new loop-based approach with addOr() won't work as intended.

Recommendation: Revert this change to use the original IN clause approach:

if (!empty($methods)) {
    $this->filterByMethod($methods, \Propel\Runtime\ActiveQuery\Criteria::IN);
}

[Copilot]

Trailing whitespace on line 113. This line contains only spaces after the closing brace, which should be removed for code cleanliness.

Suggested change

[Copilot]

When multiple deposits are selected for PDF export, the AJAX requests are fired asynchronously in parallel (via $.each). If one fails, the others continue processing, which could lead to race conditions and inconsistent user feedback.

Additionally, if a user selects 10 deposits with no payments, they'll receive 10 separate warning notifications that may overlap or confuse the user.

Recommendation: Consider batching the validation check before the loop, or showing a consolidated message about which deposits failed validation.

[Copilot]

Missing null check for the deposit. If a deposit with the given ID doesn't exist, findOneById() returns null, and calling getPDF() on null will cause a fatal error.

Recommendation: Add a null check before calling getPDF():

$deposit = DepositQuery::create()->findOneById($id);
if ($deposit === null) {
    return SlimUtils::renderJson($response->withStatus(404), ['message' => 'Deposit not found']);
}
$deposit->getPDF();

Suggested change

	$deposit = DepositQuery::create()->findOneById($id);
	$deposit = DepositQuery::create()->findOneById($id);
	if ($deposit === null) {
	return SlimUtils::renderJson($response->withStatus(404), ['message' => 'Deposit not found']);
	}

[Copilot]

Potential open redirect vulnerability. Using $_SERVER['HTTP_REFERER'] directly in RedirectUtils::absoluteRedirect() without validation allows an attacker to control the redirect destination by manipulating the Referer header.

An attacker could craft a malicious link that redirects users to an external phishing site after they attempt to generate a PDF for an empty deposit.

Recommendation: Validate that the referer URL belongs to the same domain before redirecting:

if (array_key_exists('HTTP_REFERER', $_SERVER) && !empty($_SERVER['HTTP_REFERER'])) {
    $referer = $_SERVER['HTTP_REFERER'];
    $parsedReferer = parse_url($referer);
    $parsedRoot = parse_url(SystemURLs::getRootPath());
    if (isset($parsedReferer['host']) && $parsedReferer['host'] === $parsedRoot['host']) {
        RedirectUtils::absoluteRedirect($referer);
        exit;
    }
}
RedirectUtils::redirect('DepositSlipEditor.php?DepositSlipID=' . (int)$iDepositSlipID);

Suggested change

	RedirectUtils::absoluteRedirect($_SERVER['HTTP_REFERER']);
	} else {
	RedirectUtils::redirect('DepositSlipEditor.php?DepositSlipID=' . (int)$iDepositSlipID);
	}
	$referer = $_SERVER['HTTP_REFERER'];
	$parsedReferer = parse_url($referer);
	$parsedRoot = parse_url(SystemURLs::getRootPath());
	if (isset($parsedReferer['host']) && $parsedReferer['host'] === $parsedRoot['host']) {
	RedirectUtils::absoluteRedirect($referer);
	exit;
	}
	}
	RedirectUtils::redirect('DepositSlipEditor.php?DepositSlipID=' . (int)$iDepositSlipID);