Refactoring code to reach PHPStan v. 2.0 Level 9

Signed-off-by: Giuseppe Foti <foti.giuseppe@gmail.com>

Author: MocioF

admin/class-no-unsafe-inline-admin.php

@@ -393,7 +393,7 @@ public function nunil_set_screen(): void {
 		if ( ! is_null( $current_screen ) ) {
 			// Get the active tab from the $_GET param.
 			$default_tab = null;
-			$tab         = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : $default_tab;
+			$tab         = isset( $_GET['tab'] ) ? Utils::sanitize_text( $_GET['tab'] ) : $default_tab;
 
 			$help_tabs = new \NUNIL\Nunil_Admin_Help_Tabs( $current_screen );
 
@@ -869,7 +869,7 @@ public function register_base_rule(): void {
 	 * Sanitize the settings
 	 *
 	 * @throws \NUNIL\Nunil_Exception Main option is not an array.
-	 * @param array<string|array<string>> $input Contains the settings.
+	 * @param array<string|int|array<int|string>> $input Contains the settings.
 	 * @return array<mixed>
 	 */
 	public function sanitize_options( $input ) {
@@ -1022,7 +1022,12 @@ public function sanitize_options( $input ) {
 
 		unset( $options['endpoints'] );
 		if ( isset( $input['endpoints'] ) && is_array( $input['endpoints'] ) ) {
-			$new_input['endpoints'] = array_map( 'esc_url_raw', $input['endpoints'], $protocols = array( array( 'https' ) ) );
+			$new_input['endpoints'] = array_map(
+				function ( $url ) {
+					return esc_url_raw( strval( $url ), array( 'https' ) );
+				},
+				$input['endpoints']
+			);
 		}
 
 		if ( isset( $input['max_response_header_size'] ) ) {
@@ -1106,6 +1111,12 @@ public function sanitize_base_rule( $input ) {
 		if ( is_array( $options ) ) {
 			$new_input = array_merge( $options, $new_input );
 		}
+		$new_input = array_map(
+			function ( $a ) {
+				return Utils::sanitize_text( $a, false );
+			},
+			$new_input
+		);
 		return $new_input;
 	}
 
@@ -1784,26 +1795,25 @@ public function print_endpoints(): void {
 		);
 
 		print( '<ol class="nunil-endpoints-list" id="nunil-endpoints-list">' );
-		if ( is_array( $endpoints ) ) {
-			// Add a line for each url.
-			foreach ( $endpoints as $index => $endpoint ) {
-				printf(
-					'<li>' .
-					'<button class="nunil-btn nunil-btn-del-endpoint" ' .
-					'id="no-unsafe-inline[del-endpoint][%d]" name="no-unsafe-inline[del-endpoint][%d]">' .
-					'<span class="dashicons dashicons-remove"> </span></button>' .
-					'<span class="nunil-endpoint-string txt-active">%s</span>' .
-					'<input class="nunil-hidden-endpoint" type="hidden" id="no-unsafe-inline[endpoints][%d]" ' .
-					'name="no-unsafe-inline[endpoints][%d]" value="%s" />' .
-					'</li>',
-					esc_html( $index ),
-					esc_html( $index ),
-					esc_html( $endpoint ),
-					esc_html( $index ),
-					esc_html( $index ),
-					esc_html( $endpoint )
-				);
-			}
+		// Add a line for each url.
+		foreach ( $endpoints as $index => $endpoint ) {
+			$endp_txt = strval( Utils::cast_strval( $endpoint ) );
+			printf(
+				'<li>' .
+				'<button class="nunil-btn nunil-btn-del-endpoint" ' .
+				'id="no-unsafe-inline[del-endpoint][%d]" name="no-unsafe-inline[del-endpoint][%d]">' .
+				'<span class="dashicons dashicons-remove"> </span></button>' .
+				'<span class="nunil-endpoint-string txt-active">%s</span>' .
+				'<input class="nunil-hidden-endpoint" type="hidden" id="no-unsafe-inline[endpoints][%d]" ' .
+				'name="no-unsafe-inline[endpoints][%d]" value="%s" />' .
+				'</li>',
+				esc_html( $index ),
+				esc_html( $index ),
+				esc_html( $endp_txt ),
+				esc_html( $index ),
+				esc_html( $index ),
+				esc_html( $endp_txt )
+			);
 		}
 		print( '</ol>' );
 	}
@@ -1990,7 +2000,7 @@ public function nunil_manage_options(): void {
 
 		// Get the active tab from the $_GET param.
 		$default_tab = null;
-		$tab         = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : $default_tab;
+		$tab         = isset( $_GET['tab'] ) ? Utils::sanitize_text( $_GET['tab'], false ) : $default_tab;
 
 		?>
 		<div class="wrap">
@@ -2093,7 +2103,7 @@ public function nunil_manage_options(): void {
 	 * @return mixed
 	 */
 	public function save_screen_options( $status, $option, $value ) {
-		$this_page = isset( $_REQUEST['page'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) : '';
+		$this_page = isset( $_REQUEST['page'] ) ? Utils::sanitize_text( $_REQUEST['page'], false ) : '';
 		switch ( $this_page ) {
 			case 'no-unsafe-inline':
 				return $value;
@@ -2191,7 +2201,7 @@ public function show_admin_notice(): void {
 
 		if ( $notice && is_array( $notice ) ) {
 			$type    = $notice['type'];
-			$message = $notice['message'];
+			$message = Utils::sanitize_text( $notice['message'], false );
 
 			$allowed_html_in_notice = array(
 				'br'     => array(),
@@ -2222,7 +2232,7 @@ public function show_admin_notice(): void {
 	public function trigger_clustering(): void {
 		if ( ! (
 		isset( $_REQUEST['nonce'] )
-		&& wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'nunil_trigger_clustering_nonce' )
+		&& wp_verify_nonce( sanitize_key( strval( Utils::cast_strval( $_REQUEST['nonce'] ) ) ), 'nunil_trigger_clustering_nonce' )
 		) ) {
 			exit( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 		}
@@ -2231,10 +2241,10 @@ public function trigger_clustering(): void {
 
 		$result = $obj->cluster_by_dbscan();
 
-		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && strtolower( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ) ) === 'xmlhttprequest' ) {
+		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && Utils::sanitize_text( $_SERVER['HTTP_X_REQUESTED_WITH'] ) === 'xmlhttprequest' ) {
 			echo wp_json_encode( $result );
 		} elseif ( isset( $_SERVER['HTTP_REFERER'] ) ) {
-				header( 'Location: ' . esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) );
+				header( 'Location: ' . esc_url_raw( wp_unslash( strval( Utils::cast_strval( $_SERVER['HTTP_REFERER'] ) ) ) ) );
 		}
 
 		wp_die();
@@ -2249,7 +2259,7 @@ public function trigger_clustering(): void {
 	public function clean_database(): void {
 		if ( ! (
 		isset( $_REQUEST['nonce'] )
-		&& wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'nunil_trigger_clean_database' )
+		&& wp_verify_nonce( sanitize_key( strval( Utils::cast_strval( $_REQUEST['nonce'] ) ) ), 'nunil_trigger_clean_database' )
 		) ) {
 			exit( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 		}
@@ -2282,10 +2292,10 @@ public function clean_database(): void {
 			'report' => $result_string,
 		);
 
-		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && strtolower( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ) ) === 'xmlhttprequest' ) {
+		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && Utils::sanitize_text( $_SERVER['HTTP_X_REQUESTED_WITH'] ) === 'xmlhttprequest' ) {
 			echo wp_json_encode( $result );
 		} elseif ( isset( $_SERVER['HTTP_REFERER'] ) ) {
-				header( 'Location: ' . esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) );
+				header( 'Location: ' . esc_url_raw( wp_unslash( strval( Utils::cast_strval( $_SERVER['HTTP_REFERER'] ) ) ) ) );
 		}
 
 		wp_die();
@@ -2300,7 +2310,7 @@ public function clean_database(): void {
 	public function prune_database(): void {
 		if ( ! (
 		isset( $_REQUEST['nonce'] )
-		&& wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'nunil_trigger_prune_database' )
+		&& wp_verify_nonce( sanitize_key( strval( Utils::cast_strval( $_REQUEST['nonce'] ) ) ), 'nunil_trigger_prune_database' )
 		) ) {
 			exit( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 		}
@@ -2321,10 +2331,10 @@ public function prune_database(): void {
 			'report' => $result_string,
 		);
 
-		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && strtolower( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ) ) === 'xmlhttprequest' ) {
+		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && Utils::sanitize_text( $_SERVER['HTTP_X_REQUESTED_WITH'] ) === 'xmlhttprequest' ) {
 			echo wp_json_encode( $result );
 		} elseif ( isset( $_SERVER['HTTP_REFERER'] ) ) {
-				header( 'Location: ' . esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) );
+				header( 'Location: ' . esc_url_raw( wp_unslash( strval( Utils::cast_strval( $_SERVER['HTTP_REFERER'] ) ) ) ) );
 		}
 
 		wp_die();
@@ -2345,10 +2355,10 @@ public function update_summary_tables(): void {
 		$result['inline']   = DB::get_database_summary_data( 'inline_scripts' );
 		$result['events']   = DB::get_database_summary_data( 'event_handlers' );
 
-		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && strtolower( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ) ) === 'xmlhttprequest' ) {
+		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && Utils::sanitize_text( $_SERVER['HTTP_X_REQUESTED_WITH'] ) === 'xmlhttprequest' ) {
 			echo wp_json_encode( $result );
 		} elseif ( isset( $_SERVER['HTTP_REFERER'] ) ) {
-				header( 'Location: ' . esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) );
+				header( 'Location: ' . esc_url_raw( wp_unslash( strval( Utils::cast_strval( $_SERVER['HTTP_REFERER'] ) ) ) ) );
 		}
 
 		wp_die();
@@ -2526,7 +2536,7 @@ public static function output_summary_eventhandlers_table() {
 	public function test_classifier(): void {
 		if ( ! (
 		isset( $_REQUEST['nonce'] )
-		&& wp_verify_nonce( sanitize_key( $_REQUEST['nonce'] ), 'nunil_test_classifier_nonce' )
+		&& wp_verify_nonce( sanitize_key( strval( Utils::cast_strval( $_REQUEST['nonce'] ) ) ), 'nunil_test_classifier_nonce' )
 		) ) {
 			exit( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 		}
@@ -2537,10 +2547,10 @@ public function test_classifier(): void {
 			'type'   => 'success',
 			'report' => $result_string,
 		);
-		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && strtolower( sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_REQUESTED_WITH'] ) ) ) === 'xmlhttprequest' ) {
+		if ( ! empty( $_SERVER['HTTP_X_REQUESTED_WITH'] ) && Utils::sanitize_text( $_SERVER['HTTP_X_REQUESTED_WITH'] ) === 'xmlhttprequest' ) {
 			echo wp_json_encode( $result );
 		} elseif ( isset( $_SERVER['HTTP_REFERER'] ) ) {
-				header( 'Location: ' . esc_url_raw( wp_unslash( $_SERVER['HTTP_REFERER'] ) ) );
+				header( 'Location: ' . esc_url_raw( wp_unslash( strval( Utils::cast_strval( $_SERVER['HTTP_REFERER'] ) ) ) ) );
 		}
 
 		wp_die();

admin/partials/class-no-unsafe-inline-admin-logs-table.php

@@ -12,7 +12,14 @@
 
 namespace NUNIL\admin\partials;
 
+use NUNIL\Nunil_Lib_Utils as Utils;
+
 if ( ! class_exists( 'WP_List_Table' ) ) {
+	/**
+	 * Requires a core wp file.
+	 *
+	 * @phpstan-ignore requireOnce.fileNotFound
+	 */
 	require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
 }
 
@@ -50,7 +57,7 @@ public function __construct() {
 	public function column_default( $item, $column_name ) {
 		$content = $item['created_at'] . ' | ' . strtoupper( $item['level'] ) . ' | ' . $item['message'];
 
-		if ( is_string( $content ) && strlen( $content ) > self::MAX_LENGTH ) {
+		if ( strlen( $content ) > self::MAX_LENGTH ) {
 			return substr( $content, 0, self::MAX_LENGTH ) . '...';
 		} else {
 			return $content;
@@ -88,7 +95,7 @@ public function get_sortable_columns() {
 	 * @return void
 	 */
 	public function prepare_items() {
-		$per_page = 500;
+		$per_page = 50;
 
 		$columns  = $this->get_columns();
 		$sortable = $this->get_sortable_columns();
@@ -97,9 +104,9 @@ public function prepare_items() {
 
 		$total_items = \NUNIL\Nunil_Lib_Db::get_total_logs();
 
-		$paged   = isset( $_REQUEST['paged'] ) ? max( 0, intval( $_REQUEST['paged'] ) - 1 ) : 0;
+		$paged   = isset( $_REQUEST['paged'] ) ? max( 0, intval( Utils::cast_intval( $_REQUEST['paged'] ) ) - 1 ) : 0;
 		$orderby = ( isset( $_REQUEST['orderby'] ) && in_array( $_REQUEST['orderby'], array_keys( $this->get_sortable_columns() ), true ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['orderby'] ) ) : 'created_at';
-		$order   = ( isset( $_REQUEST['order'] ) && in_array( $_REQUEST['order'], array( 'asc', 'desc' ) ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ) : 'desc';
+		$order   = ( isset( $_REQUEST['order'] ) && in_array( $_REQUEST['order'], array( 'asc', 'desc' ) ) ) ? Utils::sanitize_text( $_REQUEST['order'], false ) : 'desc';
 
 		try {
 			$logs        = \NUNIL\Nunil_Lib_Db::get_logs( $paged * $per_page, $per_page, $orderby, $order, ARRAY_A );

admin/partials/class-no-unsafe-inline-base-rule-list.php

@@ -14,6 +14,11 @@
 defined( 'ABSPATH' ) || die( 'you do not have acces to this page!' );
 
 if ( ! class_exists( 'WP_List_Table' ) ) {
+	/**
+	 * Requires a core wp file.
+	 *
+	 * @phpstan-ignore requireOnce.fileNotFound
+	 */
 	require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
 }
 
@@ -43,7 +48,7 @@ public function __construct() {
 	 *
 	 * @since @1.0.0
 	 *
-	 * @return array<array{ID: int, directive: string, source: string}>>
+	 * @return array<array{ID: int, directive: string, source: string}>
 	 */
 	public static function get_sources() {
 		$basesrc = new \NUNIL\Nunil_Base_Src_Rules();

admin/partials/class-no-unsafe-inline-events-list.php

@@ -21,6 +21,11 @@
 }
 
 if ( ! class_exists( 'WP_List_Table' ) ) {
+	/**
+	 * Requires a core wp file.
+	 *
+	 * @phpstan-ignore requireOnce.fileNotFound
+	 */
 	require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
 }
 
@@ -100,7 +105,7 @@ public function process_bulk_action() {
 		} elseif ( isset( $_GET['action'] ) && isset( $_GET['_wpnonce'] ) && is_string( $_GET['_wpnonce'] ) ) {
 				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Reason: We are not processing form information; $nonce is used only for wp_verify_nonce
 				$nonce  = wp_unslash( $_GET['_wpnonce'] );
-				$action = ( isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '' );
+				$action = ( isset( $_GET['action'] ) ? Utils::sanitize_text( $_GET['action'], false ) : '' );
 		} else {
 				$action = '';
 				$nonce  = '';
@@ -112,7 +117,7 @@ public function process_bulk_action() {
 					wp_die( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 				}
 				if ( isset( $_GET['script_id'] ) ) {
-					$script_id = sanitize_text_field( wp_unslash( $_GET['script_id'] ) );
+					$script_id = Utils::sanitize_text( $_GET['script_id'], false );
 					$affected  = DB::evh_whitelist( $script_id );
 				}
 				break;
@@ -131,7 +136,7 @@ public function process_bulk_action() {
 					wp_die( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 				}
 				if ( isset( $_GET['script_id'] ) ) {
-					$script_id = sanitize_text_field( wp_unslash( $_GET['script_id'] ) );
+					$script_id = Utils::sanitize_text( $_GET['script_id'], false );
 					$affected  = DB::evh_whitelist( $script_id, false );
 				}
 				break;
@@ -150,7 +155,7 @@ public function process_bulk_action() {
 					wp_die( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 				}
 				if ( isset( $_GET['script_id'] ) ) {
-					$script_id = sanitize_text_field( wp_unslash( $_GET['script_id'] ) );
+					$script_id = Utils::sanitize_text( $_GET['script_id'], false );
 					$affected  = DB::evh_delete( $script_id );
 				}
 				break;
@@ -169,7 +174,7 @@ public function process_bulk_action() {
 					wp_die( esc_html__( 'Nope! Security check failed!', 'no-unsafe-inline' ) );
 				}
 				if ( isset( $_GET['script_id'] ) ) {
-					$script_id = sanitize_text_field( wp_unslash( $_GET['script_id'] ) );
+					$script_id = Utils::sanitize_text( $_GET['script_id'], false );
 					$affected  = DB::evh_uncluster( $script_id );
 				}
 				break;
@@ -380,7 +385,7 @@ public function get_columns() {
 	 */
 	public function prepare_items() {
 		if ( isset( $_REQUEST['s'] ) ) {
-			$search = sanitize_text_field( wp_unslash( $_REQUEST['s'] ) );
+			$search = Utils::sanitize_text( $_REQUEST['s'], false );
 		} else {
 			$search = '';
 		}
@@ -401,7 +406,7 @@ public function prepare_items() {
 			$per_page = 20;
 		}
 
-		$paged = isset( $_REQUEST['paged'] ) ? max( 0, intval( $_REQUEST['paged'] - 1 ) * $per_page ) : 0;
+		$paged = isset( $_REQUEST['paged'] ) ? max( 0, ( intval( Utils::cast_intval( $_REQUEST['paged'] ) ) - 1 ) * $per_page ) : 0;
 
 		$order = ( isset( $_REQUEST['order'] ) && in_array( $_REQUEST['order'], array( 'ASC', 'DESC', 'asc', 'desc' ), true ) ) ? sanitize_text_field( wp_unslash( $_REQUEST['order'] ) ) : 'ASC';