From bb2fc7d15e3dd6faa9bd9507e5c1b63d8deef169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C5=A0pa=C4=8Dek?= Date: Sat, 11 Apr 2026 19:05:08 +0200 Subject: [PATCH] Check empty sanitization string run-time Annotating with PHPStan is fine, but requires some work to be done by the caller to not pass empty strings. This is more friendly. Partially reverts some work done in #28 --- src/PhpInfo.php | 3 --- src/SensitiveValueSanitizer.php | 6 +++--- tests/SensitiveValueSanitizerTest.phpt | 10 ++++++++++ 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/PhpInfo.php b/src/PhpInfo.php index c43b3ca..ee76da4 100644 --- a/src/PhpInfo.php +++ b/src/PhpInfo.php @@ -66,9 +66,6 @@ public function doNotSanitizeSessionId(): self } - /** - * @param non-empty-string $sanitize - */ public function addSanitization(string $sanitize, ?string $with = null): self { $this->sanitizer->addSanitization($sanitize, $with); diff --git a/src/SensitiveValueSanitizer.php b/src/SensitiveValueSanitizer.php index 8919a18..62c737a 100644 --- a/src/SensitiveValueSanitizer.php +++ b/src/SensitiveValueSanitizer.php @@ -64,11 +64,11 @@ public function doNotSanitizeSessionId(): self } - /** - * @param non-empty-string $sanitize - */ public function addSanitization(string $sanitize, ?string $with = null): self { + if ($sanitize === '') { + return $this; + } $this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith; return $this; } diff --git a/tests/SensitiveValueSanitizerTest.phpt b/tests/SensitiveValueSanitizerTest.phpt index b94f504..da0b681 100644 --- a/tests/SensitiveValueSanitizerTest.phpt +++ b/tests/SensitiveValueSanitizerTest.phpt @@ -143,6 +143,16 @@ class SensitiveValueSanitizerTest extends TestCase Assert::notContains($sessionId, $html); } + + public function testAddSanitizationEmptyString(): void + { + Assert::noError(function () use (&$string): void { + $string = (new SensitiveValueSanitizer())->addSanitization('', '💫')->sanitize('foo'); + }); + Assert::same('foo', $string); + Assert::notContains('💫', $string); + } + } (new SensitiveValueSanitizerTest())->run();