Merge pull request #413 from JLG-WOCFR-DEV/codex/refactor-sanitizementions-and-update-addcomment

JLG-WOCFR-DEV · web-flow · commit c6ce8c85b7da · 2025-10-26T02:49:06.000+02:00
Refine mention sanitization in CommentStore
diff --git a/supersede-css-jlg-enhanced/src/Infra/Comments/CommentStore.php b/supersede-css-jlg-enhanced/src/Infra/Comments/CommentStore.php
@@ -69,7 +69,7 @@ public function addComment(string $entityType, string $entityId, string $message
         }
 
         $userId = (int) $userId;
-        $mentions = $this->sanitizeMentions($mentions);
+        $cleanMentions = $this->sanitizeMentions($mentions);
 
         $comments = $this->read();
         $entityComments = $comments[$entityType][$entityId] ?? [];
@@ -83,7 +83,7 @@ public function addComment(string $entityType, string $entityId, string $message
             'entity_type' => $entityType,
             'entity_id' => $entityId,
             'message' => $message,
-            'mentions' => $mentions,
+            'mentions' => $cleanMentions,
             'created_by' => $userId,
             'created_at' => $timestamp,
         ];
@@ -105,7 +105,7 @@ public function addComment(string $entityType, string $entityId, string $message
             'entity_id' => $entityId,
             'details' => [
                 'comment_id' => $commentId,
-                'mentions' => $mentions,
+                'mentions' => $cleanMentions,
             ],
         ]);
 
@@ -205,19 +205,31 @@ private function hydrateComment(array $raw, array $users): array
      */
     private function sanitizeMentions(array $mentions): array
     {
-        $sanitized = [];
+        $uniqueIds = [];
         foreach ($mentions as $mention) {
             $id = is_int($mention) ? $mention : (int) $mention;
             if ($id <= 0) {
                 continue;
             }
-            $user = get_userdata($id);
-            if ($user instanceof WP_User) {
-                $sanitized[] = $user->ID;
+            if (in_array($id, $uniqueIds, true)) {
+                continue;
             }
+            $uniqueIds[] = $id;
+        }
+
+        if ($uniqueIds === []) {
+            return [];
+        }
+
+        $users = $this->loadUsers($uniqueIds);
+        if ($users === []) {
+            return [];
         }
 
-        return array_values(array_unique($sanitized));
+        return array_values(array_filter(
+            $uniqueIds,
+            static fn(int $id): bool => isset($users[$id])
+        ));
     }
 
     /**
diff --git a/supersede-css-jlg-enhanced/tests/Infra/Comments/CommentStoreTest.php b/supersede-css-jlg-enhanced/tests/Infra/Comments/CommentStoreTest.php
@@ -78,4 +78,67 @@ public function test_get_comments_uses_single_query_for_shared_users(): void
         $this->assertSame($mentionId, $second['mentions'][0]['id']);
         $this->assertSame($authorId, $second['mentions'][1]['id']);
     }
+
+    public function test_add_comment_filters_duplicate_and_invalid_mentions(): void
+    {
+        $authorId = self::factory()->user->create([
+            'display_name' => 'Author',
+        ]);
+        $firstMentionId = self::factory()->user->create([
+            'display_name' => 'Bob',
+        ]);
+        $secondMentionId = self::factory()->user->create([
+            'display_name' => 'Carol',
+        ]);
+
+        $result = $this->store->addComment(
+            'post',
+            '42',
+            'Hello mentions',
+            [
+                $firstMentionId,
+                (string) $firstMentionId,
+                0,
+                -5,
+                'abc',
+                $secondMentionId,
+                99999,
+                $secondMentionId,
+            ],
+            $authorId
+        );
+
+        $stored = get_option('ssc_entity_comments');
+        $mentions = $stored['post']['42'][0]['mentions'] ?? null;
+
+        $this->assertSame([
+            $firstMentionId,
+            $secondMentionId,
+        ], $mentions);
+
+        $this->assertCount(2, $result['mentions']);
+        $this->assertSame($firstMentionId, $result['mentions'][0]['id']);
+        $this->assertSame($secondMentionId, $result['mentions'][1]['id']);
+    }
+
+    public function test_add_comment_discards_nonexistent_mentions(): void
+    {
+        $authorId = self::factory()->user->create([
+            'display_name' => 'Author',
+        ]);
+
+        $result = $this->store->addComment(
+            'post',
+            '99',
+            'No valid mentions',
+            [123456, 0, 'foo'],
+            $authorId
+        );
+
+        $stored = get_option('ssc_entity_comments');
+        $mentions = $stored['post']['99'][0]['mentions'] ?? null;
+
+        $this->assertSame([], $mentions);
+        $this->assertSame([], $result['mentions']);
+    }
 }
