SanitizeUserName::sanitizeValue() - Code Metrics - Inspection of "add button settings to glsr-divi/reviews" - pryley/site-reviews - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( d01060...4713f8 )

by Paul

created 2025-11-12 14:54 UTC

SanitizeUserName::sanitizeValue() A

↳ Parent: SanitizeUserName

Complexity

Conditions	3
Paths	2

Size

Total Lines	15
Code Lines	12

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	13
CRAP Score	3

Importance

Changes

Metric	Value
eloc	12
dl	0
loc	15
ccs	13
cts	13
cp	1
rs	9.8666
c	0
b	0
f	0
cc	3
nc	2
nop	1
crap	3

<?php

namespace GeminiLabs\SiteReviews\Modules\Sanitizers;

use GeminiLabs\SiteReviews\Helpers\Cast;

class SanitizeUserName extends StringSanitizer
{
    public array $args;
    public $value;
    public array $values;

    public function __construct($value, array $args = [], array $values = [])
    {
        $args = array_pad($args, 2, ''); // minimum of 2 args
        $this->args = $args;
        $this->value = $this->userValue($value);
        $this->values = $values;
    }

    public function run(): string
    {
        $value = $this->sanitizeValue($this->value()); // allow any valid name value
        if (defined('WP_IMPORTING')) {
            return $value;
        }
        if ('' !== $value) { // allow "0"
            return $value;
        }
        $fallback = Cast::toString($this->args[0]); // try the fallback value
        if ('current_user' === $fallback) {
            $fallback = $this->userValue(wp_get_current_user());
        }
        return $this->sanitizeValue($fallback);
    }

    /**
     * \p{L} = any kind of letter from any language.
     * \p{M} = any character intended to be combined with another character (e.g. accents, umlauts, enclosing boxes, etc.).
     * \p{N} = any kind of numeric character in any script.
     * \p{Pf} = any kind of closing quote.
     *
     * @see https://www.regular-expressions.info/unicode.html
     */
    protected function sanitizeValue(string $value): string
    {
        if ('' === $value) {
            return $value;
        }
        $name = strstr($value, '@', true) ?: $value; // prevent exposing user email
        $name = $this->kses($name);
        $name = html_entity_decode($name, ENT_QUOTES, 'UTF-8'); // &amp;lt => &lt;
        $name = wp_specialchars_decode($name); // &lt; => <
        $name = wp_strip_all_tags($name);
        $name = preg_replace('/%([a-fA-F0-9][a-fA-F0-9])/', '', $name); // Remove percent-encoded characters.
        $name = preg_replace('/&.+?;/', '', $name); // Remove HTML entities.
        $name = preg_replace('/[^\p{L}\p{M}\p{N}\p{Pf}\'\.\,\- ]/u', '', $name);
        $name = sanitize_text_field($name); // Remove extra whitespace.
        return $name;
    }

    /**
     * @param mixed $user
     */
    protected function userValue($user): string
    {
        if (!$user instanceof \WP_User) {
            return Cast::toString($user);
        }
        if (!$user->exists()) {
            return '';
        }
        return $user->display_name ?: $user->user_nicename ?: $user->user_login;
    }
}


1		<?php
2
3		namespace GeminiLabs\SiteReviews\Modules\Sanitizers;
4
5		use GeminiLabs\SiteReviews\Helpers\Cast;
6
7		class SanitizeUserName extends StringSanitizer
8		{
9		public array $args;
10		public $value;
11		public array $values;
12
13	27	public function __construct($value, array $args = [], array $values = [])
14		{
15	27	$args = array_pad($args, 2, ''); // minimum of 2 args
16	27	$this->args = $args;
17	27	$this->value = $this->userValue($value);
18	27	$this->values = $values;
19		}
20
21	27	public function run(): string
22		{
23	27	$value = $this->sanitizeValue($this->value()); // allow any valid name value
24	27	if (defined('WP_IMPORTING')) {
25		return $value;
26		}
27	27	if ('' !== $value) { // allow "0"
28	19	return $value;
29		}
30	14	$fallback = Cast::toString($this->args[0]); // try the fallback value
31	14	if ('current_user' === $fallback) {
32	2	$fallback = $this->userValue(wp_get_current_user());
33		}
34	14	return $this->sanitizeValue($fallback);
35		}
36
37		/**
38		* \p{L} = any kind of letter from any language.
39		* \p{M} = any character intended to be combined with another character (e.g. accents, umlauts, enclosing boxes, etc.).
40		* \p{N} = any kind of numeric character in any script.
41		* \p{Pf} = any kind of closing quote.
42		*
43		* @see https://www.regular-expressions.info/unicode.html
44		*/
45	27	protected function sanitizeValue(string $value): string
46		{
47	27	if ('' === $value) {
48	14	return $value;
49		}
50	19	$name = strstr($value, '@', true) ?: $value; // prevent exposing user email
51	19	$name = $this->kses($name);
52	19	$name = html_entity_decode($name, ENT_QUOTES, 'UTF-8'); // &lt => <
53	19	$name = wp_specialchars_decode($name); // < => <
54	19	$name = wp_strip_all_tags($name);
55	19	$name = preg_replace('/%([a-fA-F0-9][a-fA-F0-9])/', '', $name); // Remove percent-encoded characters.
56	19	$name = preg_replace('/&.+?;/', '', $name); // Remove HTML entities.
57	19	$name = preg_replace('/[^\p{L}\p{M}\p{N}\p{Pf}\'\.\,\- ]/u', '', $name);
58	19	$name = sanitize_text_field($name); // Remove extra whitespace.
59	19	return $name;
60		}
61
62		/**
63		* @param mixed $user
64		*/
65	27	protected function userValue($user): string
66		{
67	27	if (!$user instanceof \WP_User) {
68	19	return Cast::toString($user);
69		}
70	14	if (!$user->exists()) {
71	12	return '';
72		}
73	2	return $user->display_name ?: $user->user_nicename ?: $user->user_login;
74		}
75		}
76

pryley / site-reviews

Push — develop ( d01060...4713f8 )

SanitizeUserName::sanitizeValue() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like