Minor cleanup (#28)

spaze · web-flow · commit 5411b0eca57c · 2026-04-10T22:02:30.000+02:00
- Call `getSessionId()` just once
- Pass only non-empty string to `strtr()`, otherwise it throws a warning
- Update description in `composer.json`
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
 	"name": "spaze/phpinfo",
-	"description": "Extract phpinfo() into a variable and move CSS to external file.",
+	"description": "Extract phpinfo() output into a variable, sanitize sensitive values, and move inline styles to external CSS.",
 	"keywords": ["PHP","phpinfo"],
 	"license": "MIT",
 	"authors": [
diff --git a/src/PhpInfo.php b/src/PhpInfo.php
@@ -66,6 +66,9 @@ public function doNotSanitizeSessionId(): self
 	}
 
 
+	/**
+	 * @param non-empty-string $sanitize
+	 */
 	public function addSanitization(string $sanitize, ?string $with = null): self
 	{
 		$this->sanitizer->addSanitization($sanitize, $with);
diff --git a/src/SensitiveValueSanitizer.php b/src/SensitiveValueSanitizer.php
@@ -26,9 +26,12 @@ public function __construct(private string $sanitizeWith = '[***]')
 	public function sanitize(string $info): string
 	{
 		$sanitize = [];
-		if ($this->sanitizeSessionId && $this->getSessionId() !== null) {
-			$sanitize[$this->getSessionId()] = $this->sanitizeWith;
-			$sanitize[urlencode($this->getSessionId())] = $this->sanitizeWith;
+		if ($this->sanitizeSessionId) {
+			$sessionId = $this->getSessionId();
+			if ($sessionId !== null) {
+				$sanitize[$sessionId] = $this->sanitizeWith;
+				$sanitize[urlencode($sessionId)] = $this->sanitizeWith;
+			}
 		}
 		return strtr($info, $this->sanitize + $sanitize);
 	}
@@ -46,7 +49,7 @@ private function getSessionId(): ?string
 		} else {
 			$sessionId = $_COOKIE[$sessionName] ?? null;
 		}
-		return is_string($sessionId) ? $sessionId : null;
+		return is_string($sessionId) && $sessionId !== '' ? $sessionId : null;
 	}
 
 
@@ -61,6 +64,9 @@ public function doNotSanitizeSessionId(): self
 	}
 
 
+	/**
+	 * @param non-empty-string $sanitize
+	 */
 	public function addSanitization(string $sanitize, ?string $with = null): self
 	{
 		$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;
diff --git a/tests/PhpInfoTest.phpt b/tests/PhpInfoTest.phpt
@@ -23,11 +23,7 @@ class PhpInfoTest extends TestCase
 	protected function setUp(): void
 	{
 		$_SERVER['HTTP_WALDO_FRED'] = self::WALDO_1337;
-		$_SERVER['HTTP_COOKIE'] = 'PHPSESSID=' . urlencode(self::SESSION_ID);
-		$_COOKIE['PHPSESSID'] = self::SESSION_ID;
-
-		session_set_save_handler(new TestSessionHandler(self::SESSION_ID));
-		session_start();
+		$this->sessionStart(self::SESSION_ID);
 	}
 
 
@@ -135,6 +131,25 @@ class PhpInfoTest extends TestCase
 		Assert::contains('🍕', $html);
 	}
 
+
+	public function testGetHtmlEmptySessionCookie(): void
+	{
+		session_destroy();
+		$this->sessionStart('');
+		Assert::noError(function (): void {
+			(new PhpInfo())->getHtml();
+		});
+	}
+
+
+	private function sessionStart(string $sessionId): void
+	{
+		$_SERVER['HTTP_COOKIE'] = 'PHPSESSID=' . urlencode($sessionId);
+		$_COOKIE['PHPSESSID'] = $sessionId;
+		session_set_save_handler(new TestSessionHandler($sessionId));
+		session_start();
+	}
+
 }
 
 (new PhpInfoTest())->run();

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "spaze/phpinfo",`
`3`		`- "description": "Extract phpinfo() into a variable and move CSS to external file.",`
	`3`	`+ "description": "Extract phpinfo() output into a variable, sanitize sensitive values, and move inline styles to external CSS.",`
`4`	`4`	`"keywords": ["PHP","phpinfo"],`
`5`	`5`	`"license": "MIT",`
`6`	`6`	`"authors": [`
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,9 @@ public function doNotSanitizeSessionId(): self`
`66`	`66`	`}`
`67`	`67`
`68`	`68`
	`69`	`+ /**`
	`70`	`+ * @param non-empty-string $sanitize`
	`71`	`+ */`
`69`	`72`	`public function addSanitization(string $sanitize, ?string $with = null): self`
`70`	`73`	`{`
`71`	`74`	`$this->sanitizer->addSanitization($sanitize, $with);`
Original file line number	Diff line number	Diff line change
`@@ -26,9 +26,12 @@ public function __construct(private string $sanitizeWith = '[***]')`
`26`	`26`	`public function sanitize(string $info): string`
`27`	`27`	`{`
`28`	`28`	`$sanitize = [];`
`29`		`- if ($this->sanitizeSessionId && $this->getSessionId() !== null) {`
`30`		`- $sanitize[$this->getSessionId()] = $this->sanitizeWith;`
`31`		`- $sanitize[urlencode($this->getSessionId())] = $this->sanitizeWith;`
	`29`	`+ if ($this->sanitizeSessionId) {`
	`30`	`+ $sessionId = $this->getSessionId();`
	`31`	`+ if ($sessionId !== null) {`
	`32`	`+ $sanitize[$sessionId] = $this->sanitizeWith;`
	`33`	`+ $sanitize[urlencode($sessionId)] = $this->sanitizeWith;`
	`34`	`+ }`
`32`	`35`	`}`
`33`	`36`	`return strtr($info, $this->sanitize + $sanitize);`
`34`	`37`	`}`
`@@ -46,7 +49,7 @@ private function getSessionId(): ?string`
`46`	`49`	`} else {`
`47`	`50`	`$sessionId = $_COOKIE[$sessionName] ?? null;`
`48`	`51`	`}`
`49`		`- return is_string($sessionId) ? $sessionId : null;`
	`52`	`+ return is_string($sessionId) && $sessionId !== '' ? $sessionId : null;`
`50`	`53`	`}`
`51`	`54`
`52`	`55`
`@@ -61,6 +64,9 @@ public function doNotSanitizeSessionId(): self`
`61`	`64`	`}`
`62`	`65`
`63`	`66`
	`67`	`+ /**`
	`68`	`+ * @param non-empty-string $sanitize`
	`69`	`+ */`
`64`	`70`	`public function addSanitization(string $sanitize, ?string $with = null): self`
`65`	`71`	`{`
`66`	`72`	`$this->sanitize[$sanitize] = $this->sanitize[urlencode($sanitize)] = $with ?? $this->sanitizeWith;`