Skip to content

Minor cleanup#28

Merged
spaze merged 4 commits intomainfrom
spaze/cleanup
Apr 10, 2026
Merged

Minor cleanup#28
spaze merged 4 commits intomainfrom
spaze/cleanup

Conversation

@spaze
Copy link
Copy Markdown
Owner

@spaze spaze commented Apr 10, 2026
edited
Loading

@spaze spaze changed the title Spaze/cleanup Minor cleanup Apr 10, 2026
@spaze spaze self-assigned this Apr 10, 2026
@spaze spaze requested a review from Copilot April 10, 2026 17:29
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR makes small internal cleanups to the sanitization flow and updates package metadata to better reflect current functionality.

Changes:

  • Avoid repeated getSessionId() calls during sanitization.
  • Tighten the addSanitization() contract via non-empty-string PHPDoc annotations.
  • Update composer.json description to include sanitization and CSS extraction behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
src/SensitiveValueSanitizer.php Refactors session-id sanitization path; adds PHPDoc contract to addSanitization().
src/PhpInfo.php Mirrors the addSanitization() PHPDoc contract at the facade level.
composer.json Expands the library description to reflect sanitization and CSS handling.
Comments suppressed due to low confidence (1)

src/SensitiveValueSanitizer.php:71

  • The new @param non-empty-string $sanitize docblock isn’t enforced at runtime. As written, callers can still pass an empty string, which will add '' as a replacement key and can trigger warnings in strtr() (and creates a duplicate key with urlencode('')). Consider explicitly rejecting/ignoring empty $sanitize in addSanitization() so the sanitizer can’t be put into an invalid state by external input.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
		return $this;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/SensitiveValueSanitizer.php Outdated
@spaze spaze requested a review from Copilot April 10, 2026 17:53
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (2)

src/SensitiveValueSanitizer.php:74

  • The new PHPDoc says $sanitize is a non-empty-string, but the method still accepts '' at runtime and will store it into $this->sanitize, which can later trigger strtr() warnings. Either enforce the contract (e.g., ignore/throw on empty) or adjust the annotation so it matches actual behavior.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
		return $this;

src/PhpInfo.php:75

  • This wrapper now documents $sanitize as non-empty-string, but it doesn't enforce it and will forward an empty string to the sanitizer. To keep the public API contract accurate and avoid strtr() warnings, consider validating here too or documenting/propagating whatever behavior SensitiveValueSanitizer::addSanitization() uses for empty input.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitizer->addSanitization($sanitize, $with);
		return $this;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/SensitiveValueSanitizer.php
Comment thread src/SensitiveValueSanitizer.php
@spaze spaze requested a review from Copilot April 10, 2026 18:46
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

src/SensitiveValueSanitizer.php:73

  • The new @param non-empty-string $sanitize contract isn’t enforced at runtime. If a caller passes '' to addSanitization(), it will still be added to the replacement map and sanitize() will call strtr() with an empty search string, which triggers a PHP warning (the same class of issue this PR is addressing for session IDs). Consider validating $sanitize !== '' and either throwing an InvalidArgumentException or skipping the entry.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
		return $this;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/PhpInfoTest.phpt
@spaze spaze requested a review from Copilot April 10, 2026 19:10
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (2)

src/SensitiveValueSanitizer.php:73

  • addSanitization() is now documented as accepting a non-empty-string, but the method still allows '' at runtime. If a caller passes an empty string, it will still be inserted into the replacement map and can trigger strtr() warnings (the regression this PR is addressing). Consider enforcing non-empty at runtime (e.g., throw an InvalidArgumentException or ignore empty input) so the public API matches the docblock and warnings are prevented reliably.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
		return $this;

src/PhpInfo.php:75

  • PhpInfo::addSanitization() is documented as taking a non-empty-string, but it doesn’t enforce that before delegating to the sanitizer. Passing '' is still possible for external callers and can reintroduce strtr() warnings. Consider validating here (or in SensitiveValueSanitizer::addSanitization()) to make the public API robust against empty inputs.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitizer->addSanitization($sanitize, $with);
		return $this;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/PhpInfoTest.phpt Outdated
@spaze spaze requested a review from Copilot April 10, 2026 19:24
Copilot AI reviewed Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

src/SensitiveValueSanitizer.php:73

  • addSanitization() is now documented as accepting a non-empty-string, but the method still accepts any string at runtime. If a caller passes '', it will still add an empty search string into the strtr() map, reintroducing the same warning this PR is addressing. Consider enforcing this contract (throw an InvalidArgumentException or ignore empty input) to make the API safe even without static analysis.
	/**
	 * @param non-empty-string $sanitize
	 */
	public function addSanitization(string $sanitize, ?string $with = null): self
	{
		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
		return $this;

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread tests/PhpInfoTest.phpt
@spaze spaze merged commit 5411b0e into main Apr 10, 2026
28 checks passed
@spaze spaze deleted the spaze/cleanup branch April 10, 2026 20:02
spaze added a commit that referenced this pull request Apr 11, 2026
@spaze
Check empty sanitization string run-time
a33fee2 
Annotating with PHPStan is fine, but requires some work to be done by the caller to not pass empty strings. This is more friendly.

Partially reverts some work done in #28
@spaze spaze mentioned this pull request Apr 11, 2026
Merged
spaze added a commit that referenced this pull request Apr 11, 2026
@spaze
Check empty sanitization string run-time
bb2fc7d 
Annotating with PHPStan is fine, but requires some work to be done by the caller to not pass empty strings. This is more friendly.

Partially reverts some work done in #28
spaze added a commit that referenced this pull request Apr 11, 2026
@spaze
Check empty sanitization string run-time (#30)
61ac829 
Annotating with PHPStan is fine, but requires some work to be done by the caller to not pass empty strings. This is more friendly.

Partially reverts some work done in #28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@spaze spaze

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spaze