Raise PHPStan to level 1 and fix all findings#1188
Open
utkarshcloudinary wants to merge 1 commit into
Open
Conversation
Bump the analysis level from 0 to 1 and resolve every new finding in code rather than baselining, matching the level-0 approach. Real bugs fixed: - extract_cname() checked an undefined $test['query'] instead of the $parsed_url['query'] parameter, so the query-string CNAME branch never ran. - connection-string.php passed two args to wp_kses_post() (1 arg) and the string was not translated; use esc_html__() with a translators comment. - remove_filter() in class-video.php was called with 4 args (max 3); drop the stray accepted_args value. Defensive / dead code simplified: - upgrade_connection() initialised $data and now bails when no cloudinary_url is present, instead of accessing a possibly-undefined variable. - Api::upload() initialises $result before the chunk loop so an empty file returns a WP_Error rather than reading an undefined variable. - Removed always-falsy $errors guard in Admin::save_settings(). - Removed redundant empty()/elseif branches in Delivery and Upgrade. Static-analysis support: - url_hash added to the Relationship @Property list (valid magic property backed by a DB column). - State and REST_API constructors now use the injected $plugin instead of get_plugin_instance()/discarding it, removing unused-parameter warnings. - New tests/phpstan/stubs/constants.php declares runtime-defined constants (CLDN_*, CLOUDINARY_ENDPOINTS_*, CLOUDINARY_CONNECTION_STRING) and the WP core constants WPINC/LOGGED_IN_COOKIE that the stub package omits. - Exclude php/templates/* since view files are included into a class scope, so $this is bound at runtime in a way PHPStan cannot model standalone. Run with: composer phpstan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps PHPStan analysis from level 0 to level 1 and resolves every new finding in code rather than baselining, matching the level-0 approach.
composer phpstan→ No errors at level 1.Real bugs fixed
extract_cname()checked an undefined$test['query'](typo) instead of the$parsed_url['query']parameter, so the query-string CNAME branch never ran.connection-string.phppassed two args towp_kses_post()(takes 1) and the string was not translated; now usesesc_html__()with a translators comment.remove_filter()inclass-video.phpwas called with 4 args (max 3); dropped the strayaccepted_argsvalue.Defensive / dead code simplified
upgrade_connection()initialises$dataand bails when nocloudinary_urlis present, instead of accessing a possibly-undefined variable.Api::upload()initialises$resultbefore the chunk loop so an empty file returns aWP_Errorrather than reading an undefined variable.$errorsguard inAdmin::save_settings().empty()/elseifbranches inDeliveryandUpgrade.Static-analysis support
url_hashadded to theRelationship@propertylist (valid magic property backed by a DB column).StateandREST_APIconstructors now use the injected$plugininstead ofget_plugin_instance()/ discarding it, removing unused-parameter warnings.tests/phpstan/stubs/constants.phpdeclares runtime-defined constants (CLDN_*,CLOUDINARY_ENDPOINTS_*,CLOUDINARY_CONNECTION_STRING) and the WP core constantsWPINC/LOGGED_IN_COOKIEthat the stub package omits.php/templates/*since view files are included into a class scope, so$thisis bound at runtime in a way PHPStan cannot model standalone.Test plan
composer phpstanreports no errors at level 1phpcspasses on changed files