added GET status guard and server-side price validation

Author: Lung

src/Participant/Admin/AdminController.php

@@ -397,12 +397,19 @@ public function cancelPayment(
     }
 
     public function showChangePaymentPrice(
+        Request $request,
         Response $response,
         Event $event,
         int $paymentId,
     ): Response {
         $payment = $this->paymentRepository->getById($paymentId, $event);
 
+        if ($payment->status !== PaymentStatus::Waiting) {
+            $this->flashMessages->warning('flash.warning.paymentNotWaitingCannotChangePrice');
+
+            return $this->redirect($request, $response, 'admin-show-payments');
+        }
+
         return $this->view->render($response, 'admin/changePaymentPrice.twig', ['payment' => $payment]);
     }
 
@@ -422,6 +429,12 @@ public function changePaymentPrice(
             return $this->redirect($request, $response, 'admin-show-payments');
         }
 
+        if ($newPrice < 0 || $newPrice > 99999) {
+            $this->flashMessages->warning('flash.warning.paymentNotWaitingCannotChangePrice');
+
+            return $this->redirect($request, $response, 'admin-show-payments');
+        }
+
         $this->participantService->changePaymentPrice($payment, $newPrice, $reason);
         $this->flashMessages->success('flash.success.paymentPriceChanged');
         $this->logger->info('Payment ID ' . $paymentId . ' price changed to ' . $newPrice . ' with reason: ' . $reason);