fix: address CodeRabbit review + add sharing E2E tests

- SettingsController: dedup/canonicalize sharing slugs (array_unique + lowercase)
- BookRepository: toPlainTextDescription() helper handles <p>, <br>, entities
  instead of raw strip_tags()
- DigitalLibraryPlugin: atomic hook registration with INSERT...ON DUPLICATE KEY
  UPDATE, replacing race-prone SELECT+INSERT
- schema.sql + migrate_0.5.0.sql: add UNIQUE KEY uk_plugin_hook_callback on
  plugin_hooks (plugin_id, hook_name, callback_class, callback_method)
- frontend-buttons.php: add rel="noopener noreferrer" on target="_blank" link
- frontend-pdf-viewer.php + DigitalLibraryPlugin + frontend-buttons.php:
  parse_url() before pathinfo() to handle query strings in URLs
- locale/en_US.json + de_DE.json: remove duplicate keys (Anteprima, Condividi,
  Condividi su Facebook, Condividi su WhatsApp, Link copiato!)
- README.md: update Digital Library plugin version 1.2.0 → 1.3.0
- settings/index.php: deep-linkable tabs via ?tab= and #hash with popstate
- Add social-sharing.spec.js: 9 E2E tests covering settings, frontend buttons,
  OG meta tags, provider toggle, and share URL correctness

Author: fabiodalez-dev

README.md

@@ -630,7 +630,7 @@ curl "http://yoursite.com/api/sru?operation=searchRetrieve&query=bath.isbn=97888
 - **Retry logic** with exponential backoff
 - **Error logging** and debugging tools
 
-### 4. Digital Library (`digital-library-v1.2.0.zip`)
+### 4. Digital Library (`digital-library-v1.3.0.zip`)
 - **eBook support** (PDF, ePub) with download tracking
 - **Audiobook streaming** (MP3, M4A, OGG) with HTML5 player
 - **Per-item digital asset management** (unlimited files per book)

app/Controllers/SettingsController.php

@@ -905,7 +905,8 @@ public function updateSharingSettings(Request $request, Response $response, mysq
         if (!is_array($selected)) {
             $selected = [];
         }
-        $valid = array_values(array_intersect($selected, $allowedSlugs));
+        $selected = array_map(static fn($s) => strtolower(trim((string) $s)), $selected);
+        $valid = array_values(array_intersect($allowedSlugs, array_unique($selected)));
         $value = implode(',', $valid);
 
         $repository->set('sharing', 'enabled_providers', $value);

app/Models/BookRepository.php

@@ -98,7 +98,7 @@ public function getById(int $id): ?array
             && $row['descrizione_plain'] === null
             && !empty($row['descrizione'])
         ) {
-            $plain = strip_tags((string)$row['descrizione']);
+            $plain = $this->toPlainTextDescription((string)$row['descrizione']);
             $upd = $this->db->prepare("UPDATE libri SET descrizione_plain = ? WHERE id = ?");
             if ($upd) {
                 $upd->bind_param('si', $plain, $id);
@@ -298,7 +298,7 @@ public function createBasic(array $data): int
         }
         if ($this->hasColumn('descrizione_plain')) {
             $raw = $data['descrizione'] ?? null;
-            $addField('descrizione_plain', 's', $raw !== null && $raw !== '' ? strip_tags((string)$raw) : $raw);
+            $addField('descrizione_plain', 's', $this->toPlainTextDescription($raw));
         }
         if ($this->hasColumn('parole_chiave')) {
             $addField('parole_chiave', 's', $data['parole_chiave'] ?? null);
@@ -628,7 +628,7 @@ public function updateBasic(int $id, array $data): bool
         }
         if ($this->hasColumn('descrizione_plain')) {
             $raw = $data['descrizione'] ?? null;
-            $addSet('descrizione_plain', 's', $raw !== null && $raw !== '' ? strip_tags((string)$raw) : $raw);
+            $addSet('descrizione_plain', 's', $this->toPlainTextDescription($raw));
         }
         if ($this->hasColumn('parole_chiave')) {
             $addSet('parole_chiave', 's', $data['parole_chiave'] ?? null);
@@ -1172,6 +1172,18 @@ private function resolveGenreHierarchy(array &$row): void
         }
     }
 
+    private function toPlainTextDescription(?string $html): ?string
+    {
+        if ($html === null || $html === '') {
+            return $html;
+        }
+        $text = preg_replace('/<(\/p|br\s*\/?)>/i', "\n", $html);
+        $text = html_entity_decode(strip_tags((string) $text), ENT_QUOTES | ENT_HTML5, 'UTF-8');
+        $text = preg_replace("/[ \t]+/", ' ', (string) $text);
+        $text = preg_replace("/\n{3,}/", "\n\n", (string) $text);
+        return trim((string) $text);
+    }
+
     private static array $columnCacheByDb = [];
     private function hasColumn(string $name): bool
     {

app/Views/settings/index.php

@@ -713,17 +713,25 @@ function activateTab(tabName) {
       });
     });
 
-    // Check URL hash on page load
+    // Check URL on page load: hash takes priority, then ?tab= query param
     const hash = window.location.hash.substring(1);
-    if (hash && document.querySelector(`[data-settings-tab="${hash}"]`)) {
-      activateTab(hash);
+    const qTab = new URL(window.location.href).searchParams.get('tab');
+    const initialTab = (hash || qTab || '');
+    if (initialTab && document.querySelector(`[data-settings-tab="${initialTab}"]`)) {
+      activateTab(initialTab);
+      // Sync URL so both ?tab= and # are consistent
+      const url = new URL(window.location.href);
+      url.searchParams.set('tab', initialTab);
+      url.hash = initialTab;
+      window.history.replaceState({}, '', url.toString());
     }
 
     // Handle browser back/forward
-    window.addEventListener('hashchange', () => {
-      const currentHash = window.location.hash.substring(1);
-      if (currentHash && document.querySelector(`[data-settings-tab="${currentHash}"]`)) {
-        activateTab(currentHash);
+    window.addEventListener('popstate', () => {
+      const url = new URL(window.location.href);
+      const tab = url.hash.substring(1) || url.searchParams.get('tab') || '';
+      if (tab && document.querySelector(`[data-settings-tab="${tab}"]`)) {
+        activateTab(tab);
       }
     });
 

installer/database/migrations/migrate_0.5.0.sql

@@ -32,3 +32,19 @@ DEALLOCATE PREPARE stmt;
 INSERT IGNORE INTO system_settings (category, setting_key, setting_value, description, updated_at)
 VALUES ('sharing', 'enabled_providers', 'facebook,x,whatsapp,email',
         'Enabled social sharing providers on book detail page', NOW());
+
+-- =============================================================================
+-- Add unique index on plugin_hooks for atomic upsert registration
+-- =============================================================================
+-- Prevents duplicate hook rows from concurrent registerHooks() calls.
+
+SET @idx_exists = (SELECT COUNT(*) FROM INFORMATION_SCHEMA.STATISTICS
+                   WHERE TABLE_SCHEMA = DATABASE()
+                     AND TABLE_NAME = 'plugin_hooks'
+                     AND INDEX_NAME = 'uk_plugin_hook_callback');
+SET @sql = IF(@idx_exists = 0,
+    'ALTER TABLE plugin_hooks ADD UNIQUE KEY uk_plugin_hook_callback (plugin_id, hook_name, callback_class, callback_method)',
+    'SELECT 1');
+PREPARE stmt FROM @sql;
+EXECUTE stmt;
+DEALLOCATE PREPARE stmt;

installer/database/schema.sql

@@ -545,6 +545,7 @@ CREATE TABLE `plugin_hooks` (
   `is_active` tinyint(1) NOT NULL DEFAULT '1' COMMENT 'Whether hook is active',
   `created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
   PRIMARY KEY (`id`),
+  UNIQUE KEY `uk_plugin_hook_callback` (`plugin_id`,`hook_name`,`callback_class`,`callback_method`),
   KEY `idx_hook_name` (`hook_name`,`priority`),
   KEY `idx_plugin_id` (`plugin_id`),
   KEY `idx_active` (`is_active`),

locale/de_DE.json

@@ -4039,13 +4039,10 @@
   "Usa il controllo schermo intero del viewer o del browser": "Verwenden Sie die Vollbildsteuerung des Viewers oder Browsers",
   "Condivisione": "Teilen",
   "Seleziona i pulsanti di condivisione da mostrare nella pagina del libro.": "Wählen Sie die Teilen-Schaltflächen aus, die auf der Buchseite angezeigt werden sollen.",
-  "Anteprima": "Vorschau",
   "Nessun pulsante selezionato": "Keine Schaltflächen ausgewählt",
   "Salva impostazioni condivisione": "Freigabeeinstellungen speichern",
   "Impostazioni di condivisione aggiornate.": "Freigabeeinstellungen aktualisiert.",
-  "Condividi su Facebook": "Auf Facebook teilen",
   "Condividi su X": "Auf X teilen",
-  "Condividi su WhatsApp": "Auf WhatsApp teilen",
   "Condividi su Telegram": "Auf Telegram teilen",
   "Condividi su LinkedIn": "Auf LinkedIn teilen",
   "Condividi su Reddit": "Auf Reddit teilen",
@@ -4058,7 +4055,5 @@
   "Condividi su LINE": "Auf LINE teilen",
   "Invia via SMS": "Per SMS senden",
   "Invia per email": "Per E-Mail senden",
-  "Copia link": "Link kopieren",
-  "Link copiato!": "Link kopiert!",
-  "Condividi": "Teilen"
+  "Copia link": "Link kopieren"
 }

locale/en_US.json

@@ -4039,13 +4039,10 @@
   "Usa il controllo schermo intero del viewer o del browser": "Use the viewer or browser fullscreen control",
   "Condivisione": "Sharing",
   "Seleziona i pulsanti di condivisione da mostrare nella pagina del libro.": "Select which share buttons to show on the book page.",
-  "Anteprima": "Preview",
   "Nessun pulsante selezionato": "No buttons selected",
   "Salva impostazioni condivisione": "Save sharing settings",
   "Impostazioni di condivisione aggiornate.": "Sharing settings updated.",
-  "Condividi su Facebook": "Share on Facebook",
   "Condividi su X": "Share on X",
-  "Condividi su WhatsApp": "Share on WhatsApp",
   "Condividi su Telegram": "Share on Telegram",
   "Condividi su LinkedIn": "Share on LinkedIn",
   "Condividi su Reddit": "Share on Reddit",
@@ -4058,7 +4055,5 @@
   "Condividi su LINE": "Share on LINE",
   "Invia via SMS": "Send via SMS",
   "Invia per email": "Send by email",
-  "Copia link": "Copy link",
-  "Link copiato!": "Link copied!",
-  "Condividi": "Share"
+  "Copia link": "Copy link"
 }

storage/plugins/digital-library/DigitalLibraryPlugin.php

@@ -196,54 +196,35 @@ private function registerHooks(): void
         ];
 
         foreach ($hooks as $hook) {
-            // Check if hook already exists (include callback_method to support
-            // multiple callbacks on the same hook_name, e.g. audio + PDF on digital_player)
+            // Atomic upsert — relies on UNIQUE KEY uk_plugin_hook_callback
+            // (plugin_id, hook_name, callback_class, callback_method)
             $stmt = $this->db->prepare("
-                SELECT id FROM plugin_hooks
-                WHERE plugin_id = ? AND hook_name = ? AND callback_method = ?
+                INSERT INTO plugin_hooks
+                (plugin_id, hook_name, callback_class, callback_method, priority, is_active)
+                VALUES (?, ?, ?, ?, ?, ?)
+                ON DUPLICATE KEY UPDATE
+                    priority  = VALUES(priority),
+                    is_active = VALUES(is_active)
             ");
             if (!$stmt) {
-                \App\Support\SecureLogger::error('DigitalLibraryPlugin: prepare() failed for hook check', ['hook' => $hook['hook_name']]);
+                \App\Support\SecureLogger::error('DigitalLibraryPlugin: prepare() failed for hook upsert', ['hook' => $hook['hook_name']]);
                 continue;
             }
-            $stmt->bind_param("iss", $this->pluginId, $hook['hook_name'], $hook['callback_method']);
-            $stmt->execute();
-            $result = $stmt->get_result();
-            if (!$result instanceof \mysqli_result) {
-                \App\Support\SecureLogger::error('DigitalLibraryPlugin: get_result() failed for hook check', ['hook' => $hook['hook_name']]);
-                $stmt->close();
-                continue;
-            }
-
-            if ($result->num_rows === 0) {
-                $stmt->close(); // close SELECT stmt before reassignment
-                // Insert new hook
-                $stmt = $this->db->prepare("
-                    INSERT INTO plugin_hooks
-                    (plugin_id, hook_name, callback_class, callback_method, priority, is_active)
-                    VALUES (?, ?, ?, ?, ?, ?)
-                ");
-                if (!$stmt) {
-                    \App\Support\SecureLogger::error('DigitalLibraryPlugin: prepare() failed for hook insert', ['hook' => $hook['hook_name']]);
-                    continue;
-                }
-                $stmt->bind_param(
-                    "isssii",
-                    $this->pluginId,
-                    $hook['hook_name'],
-                    $hook['callback_class'],
-                    $hook['callback_method'],
-                    $hook['priority'],
-                    $hook['is_active']
-                );
-                if (!$stmt->execute()) {
-                    \App\Support\SecureLogger::error('[Digital Library] Hook insert failed', [
-                        'hook' => $hook['hook_name'],
-                        'error' => $stmt->error,
-                    ]);
-                }
+            $stmt->bind_param(
+                "isssii",
+                $this->pluginId,
+                $hook['hook_name'],
+                $hook['callback_class'],
+                $hook['callback_method'],
+                $hook['priority'],
+                $hook['is_active']
+            );
+            if (!$stmt->execute()) {
+                \App\Support\SecureLogger::error('[Digital Library] Hook upsert failed', [
+                    'hook' => $hook['hook_name'],
+                    'error' => $stmt->error,
+                ]);
             }
-
             $stmt->close();
         }
     }
@@ -320,8 +301,9 @@ public function renderAudioPlayer(array $book): void
      */
     public function renderPdfViewer(array $book): void
     {
-        $fileUrl = $book['file_url'] ?? '';
-        if (!empty($fileUrl) && strtolower(pathinfo($fileUrl, PATHINFO_EXTENSION)) === 'pdf') {
+        $fileUrl = (string) ($book['file_url'] ?? '');
+        $filePath = (string) (parse_url($fileUrl, PHP_URL_PATH) ?? '');
+        if ($filePath !== '' && strtolower(pathinfo($filePath, PATHINFO_EXTENSION)) === 'pdf') {
             include __DIR__ . '/views/frontend-pdf-viewer.php';
         }
     }

storage/plugins/digital-library/views/frontend-buttons.php

@@ -15,7 +15,8 @@
     return;
 }
 
-$isPdf = $hasEbook && strtolower(pathinfo($book['file_url'] ?? '', PATHINFO_EXTENSION)) === 'pdf';
+$ebookPath = parse_url($book['file_url'] ?? '', PHP_URL_PATH) ?: ($book['file_url'] ?? '');
+$isPdf = $hasEbook && strtolower(pathinfo($ebookPath, PATHINFO_EXTENSION)) === 'pdf';
 ?>
 
 <?php if ($hasEbook && $isPdf): ?>
@@ -41,6 +42,7 @@ class="btn btn-outline-secondary btn-lg"
 <!-- Non-PDF (ePub etc.): open in new tab, no download attribute -->
 <a href="<?= htmlspecialchars(url($book['file_url']), ENT_QUOTES, 'UTF-8') ?>"
    target="_blank"
+   rel="noopener noreferrer"
    class="btn btn-outline-danger btn-lg"
    title="<?= __("Scarica l'eBook in formato digitale") ?>">
     <i class="fas fa-file-pdf me-2"></i>