Update

[MrIbrahem]

Summary by CodeRabbit

• New Features

  • Added dynamic sorting option for pages by update or add date.

• Bug Fixes

  • Improved order parameter validation and fallback handling.

• Tests

  • Enhanced test configuration with stricter quality checks and coverage reporting.

[coderabbitai]

Warning

Rate limit exceeded

@MrIbrahem has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 51 minutes and 48 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 51 minutes and 48 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5dff5f9b-9147-46dd-bbac-f0ccfc705b9c

📥 Commits

Reviewing files that changed from the base of the PR and between 75bb4cf and 3c177bd.

📒 Files selected for processing (4)

• src/api_cod/helps.php
• src/api_cod/request.php
• src/api_cod/select_helps.php
• tests/HelpsTest.php

Walkthrough

This pull request refactors order parameter handling by making it endpoint-driven rather than hardcoded. Changes include updating PHPUnit configuration with schema declarations and coverage settings, adding order-value mappings to endpoint parameters, modifying the add_order() function signature to accept GET values, and updating corresponding call sites and tests.

Changes

Cohort / File(s)	Summary
Build & Configuration .gitignore, phpunit.xml	Added PHPUnit cache directory and coverage HTML output to gitignore; expanded phpunit.xml with XSD schema declarations, test reporting flags, and restructured coverage configuration to generate HTML reports under build/coverage-html.
Core API Ordering Logic src/api_cod/helps.php	Modified filter_order() to return null when sanitized GET value is falsy with added logging; changed add_order() signature to accept third parameter $get_value, removed hardcoded order mappings in favor of reading from endpoint data, implemented fallback logic with computed defaults, and adjusted add_li_params() to validate non-empty values before comparison.
API Request Handling src/api_cod/request.php	Updated add_order() invocation to pass extracted order GET parameter as third argument; renamed $qua to $_qua in pages_with_views endpoint handling.
Endpoint Configuration src/endpoint_params.json	Changed categories column name from "def" to "is_default"; added order_values mapping to pages endpoint defining pupdate_or_add_date as computed timestamp expression.
Tests tests/HelpsTest.php	Updated all add_order() test invocations to include third argument; modified order parameter test cases to remove direct $_GET assignments while passing values to function; updated expected output assertions to match new behavior.

Sequence Diagram

sequenceDiagram
    participant req as request.php
    participant get as $_GET (User Input)
    participant helps as helps.php
    participant epd as endpoint_params.json
    participant db as SQL Query

    req->>get: read 'order' parameter
    get-->>req: order value (or empty)
    req->>helps: add_order($query, $endpoint_data, $order_value)
    
    alt order_value provided
        helps->>epd: lookup $order_values[$order_value]
        epd-->>helps: mapped SQL expression
        helps->>helps: use mapped expression
    else order_value empty
        helps->>helps: compute $default_order from endpoint
        alt default exists
            helps->>helps: use $default_order
        else default empty
            helps->>helps: call filter_order() with fallback
        end
    end
    
    helps->>db: apply ORDER BY clause to $query
    db-->>helps: final query
    helps-->>req: modified query

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Update #11: Both modify add_order() and order handling in src/api_cod/helps.php, with this PR moving hardcoded mappings to endpoint-driven configuration.
• . #6: Both refactor functions in src/api_cod/helps.php, update src/api_cod/request.php call sites, and modify src/endpoint_params.json data structures.
• Update #19: Both modify the add_li_params() function signature and behavior in src/api_cod/helps.php for parameter validation.

Poem

🐰 The rabbit hops through order's twisted tale,
Configuration carved in JSON trails,
Function signatures bloom like spring's new flowers,
Each test renewed with parameter powers!
From hardcoded paths to endpoint's call—
The ordering logic dances through it all! 🌸

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Update' is vague and generic, providing no meaningful information about what was changed in the pull request.	Provide a specific, descriptive title that summarizes the main changes, such as 'Add PHPUnit configuration updates and order filtering enhancements' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the PHPUnit configuration and refactors the ordering logic within the API. Key changes include updating .gitignore and phpunit.xml to support PHPUnit 10+ features, and refactoring the add_order function to accept an explicit order value while utilizing a new order_values mapping in the endpoint configuration. Review feedback highlights redundant logic in add_order where the function still relies on global $_GET state despite the new parameter, and recommends removing active error_log statements that could clutter production logs or cause performance issues during validation loops.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (7)

src/endpoint_params.json (1)

488-490: Minor: consider qualifying pupdate/add_date with the table alias.

The pages query in src/api_cod/request.php aliases pages as p and left-joins categories ca. Using unqualified pupdate/add_date relies on only one joined table having those columns. Qualifying them (e.g., GREATEST(UNIX_TIMESTAMP(p.pupdate), UNIX_TIMESTAMP(p.add_date))) would be more robust against future joins and easier to read.

🔧 Suggested change

         "order_values": {
-            "pupdate_or_add_date": "GREATEST(UNIX_TIMESTAMP(pupdate), UNIX_TIMESTAMP(add_date))"
+            "pupdate_or_add_date": "GREATEST(UNIX_TIMESTAMP(p.pupdate), UNIX_TIMESTAMP(p.add_date))"
         }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/endpoint_params.json` around lines 488 - 490, The order_values entry
"pupdate_or_add_date" uses unqualified column names; update it to explicitly
qualify pupdate and add_date with the pages table alias (p) so the expression
becomes GREATEST(UNIX_TIMESTAMP(p.pupdate), UNIX_TIMESTAMP(p.add_date)); this
aligns with the pages query in src/api_cod/request.php which aliases pages as p
and prevents ambiguity when additional joins (e.g., categories ca) are present.

src/api_cod/request.php (2)

426-431: Nit: the leading-underscore local $_qua is an unusual naming choice.

In PHP, names prefixed with an underscore (especially $_...) evoke superglobals like $_GET/$_POST. If the rename was purely to avoid shadowing the outer $qua, a descriptive name such as $base_from or $pages_from would read better.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/api_cod/request.php` around lines 426 - 431, Rename the local variable
$_qua to a descriptive non-superglobal-like name (e.g., $base_from or
$pages_from) used in the block that builds the SQL fragment so it doesn't
resemble PHP superglobals and improves readability; update its declaration and
the subsequent use where it's passed into add_li_params (the variable referenced
as $_qua and the call list($query, $params) = add_li_params($_qua, [],
$endpoint_params)) so the new name is used consistently.

---

479-480: Slight redundancy: add_order() still re-reads $_GET['order'] internally via filter_order().

$order_value is derived from $_GET['order'], passed into add_order(), and then add_order() falls back to filter_order('order', $endpoint_data) which reads $_GET['order'] again. This works, but means the new third argument only matters when there is a hit in order_values. If the intent was to fully decouple add_order() from $_GET, consider having the function receive both the raw value and rely on it exclusively (or push the filter_order() call to the caller). Otherwise this is fine functionally.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/api_cod/request.php` around lines 479 - 480, The call site passes a
sanitized $order_value to add_order() but add_order() still re-reads $_GET via
filter_order(), causing redundancy; change add_order() (the function definition)
to accept and use the provided $order_value parameter exclusively (remove or
bypass any internal calls to filter_order('order', ...) and any fallback to
$_GET) and ensure callers (e.g., the call in request.php) pass the sanitized
$order_value; alternatively, if you prefer the filter inside add_order(), remove
the third argument and move filter_order() to the caller—pick one approach and
make the function signature and all call sites consistent (update add_order()
signature and internal logic and adjust request.php if needed).

src/api_cod/helps.php (2)

126-136: Trusted-config invariant: order_values entries are injected verbatim into SQL.

$added = $order_values[$get_value] and subsequently "ORDER BY $added $order_direction" means any expression stored in endpoint_params.json's order_values is concatenated directly into SQL. That's acceptable today because order_values is file-sourced config, but it's worth a short code comment here and/or in endpoint_params.json so future contributors don't populate order_values from request/DB input. The user-supplied part (the key $get_value) is safely used only as an array lookup — good.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/api_cod/helps.php` around lines 126 - 136, This block uses $added =
$order_values[$get_value] and later injects $added into SQL "ORDER BY $added
$order_direction", so add a short, explicit comment above this conditional (near
variables order_values, $get_value, $added and the call filter_order('order',
$endpoint_data)) stating the “trusted-config invariant” — that entries in
order_values are file-sourced/whitelisted config only and must never be
populated from request/DB input; optionally note that $get_value is only used as
an array key lookup and not concatenated. Also add the same warning to
endpoint_params.json so future contributors know to keep order_values trusted
and not expose it to user-controlled data.

---

128-140: Consider making $get_value optional to ease migration and add parameter defaults.

Making the third parameter string $get_value = '' (or nullable) would avoid fatal errors at any untouched caller and communicate intent. Also, type-hinting the function signature would make the contract explicit.

🔧 Suggested signature

-function add_order($qua, $endpoint_data, $get_value)
+function add_order(string $qua, array $endpoint_data, ?string $get_value = null): string
 {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/api_cod/helps.php` around lines 128 - 140, The code assumes a third
parameter $get_value exists and can cause fatal errors for callers that don't
pass it; update the function signature that contains this block to declare the
third parameter as optional and type-hinted (e.g. string $get_value = '' or
?string $get_value = null) so callers can omit it, and adjust the conditional to
check against an empty string/null accordingly (using $get_value !== '' or
$get_value !== null) before reading $order_values[$get_value]; keep the existing
fallback logic using filter_order('order', $endpoint_data) ?? $default_order and
ensure variable $added is initialized/handled when $get_value is not provided.

tests/HelpsTest.php (1)

222-242: Consider also covering the get_value miss → filter_order fallback path.

The happy-path mapping (order_values[$get_value] hit) is well covered, but there is no explicit test for the branch where $get_value is provided but has no entry in order_values (line 133-135 in src/api_cod/helps.php), which falls through to filter_order('order', ...) ?? $default_order. Adding one test for that branch would lock in the current behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/HelpsTest.php` around lines 222 - 242, Add a unit test exercising the
branch where add_order receives a provided get_value that is NOT present in
endpoint_data['order_values'] so it falls back to filter_order('order', ...) ??
$default_order; replicate the existing test structure but pass a get_value
string not in order_values (e.g. "nonexistent_order_key"), ensure $_GET behavior
is accounted for the same way as the current test, call add_order($query,
$endpoint_data, "nonexistent_order_key") and assert the returned ORDER BY
matches the filter_order/default fallback behavior; reference add_order,
filter_order and endpoint_data['order_values'] to locate the code to test.

phpunit.xml (1)

37-42: Optional: consider also emitting a coverage clover/xml for CI.

The current report block only produces HTML + text. If you plan to consume coverage in CI (badges, PR comments, thresholds), adding <clover outputFile="build/coverage.xml"/> or <cobertura.../> would be handy. Not required.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@phpunit.xml` around lines 37 - 42, The coverage report currently only emits
HTML and text from the <coverage><report> block; add an additional XML reporter
for CI by inserting a clover (or cobertura) entry such as <clover
outputFile="build/coverage.xml"/> (or <cobertura .../>) alongside the existing
<html> and <text> elements so CI tools can consume the coverage XML for
badges/thresholds.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/api_cod/helps.php`:
- Around line 58-59: Consolidate per-value error_log calls into a single
request-level log: inside the loop that validates order values (where error_log
is called and unset($added_array[$k]) is used), accumulate invalid values (e.g.,
$invalid_values[]) instead of logging each one, continue to unset as needed, and
after finishing the parsing/validation loop emit a single error_log that reports
the list of invalid values (or skip/log only when a debug flag is enabled);
update the code paths that reference $added_array and the order parsing so they
still remove invalid entries but only produce one combined log entry per
request.
- Around line 42-44: The unconditional error_log call that logs every valid
$added value in the filter that returns $added (seen in src/api_cod/helps.php
around the filter that validates endpoint/order values and is called from
add_group) is too noisy; remove the unconditional error_log or wrap it in a
debug check (e.g., only call error_log when a debug flag or environment variable
like DEBUG or APP_ENV==='development' is set) consistent with the surrounding
commented // error_log(...) lines so normal production requests no longer flood
the PHP error log.

In `@tests/HelpsTest.php`:
- Around line 231-235: The params array contains duplicate entries for the
"order" param so the second overwrites the first when add_order() uses
array_column($endpoint_params, null, 'name'); remove the redundant ['name' =>
'order', 'default' => ''] and consolidate into a single ['name' => 'order',
'column' => 'order', 'type' => 'text', 'placeholder' => 'Order by', 'default' =>
''] entry (keep the existing ['name' => 'order_direction'] entry unchanged) so
the column/type/placeholder metadata is preserved for add_order().

---

Nitpick comments:
In `@phpunit.xml`:
- Around line 37-42: The coverage report currently only emits HTML and text from
the <coverage><report> block; add an additional XML reporter for CI by inserting
a clover (or cobertura) entry such as <clover outputFile="build/coverage.xml"/>
(or <cobertura .../>) alongside the existing <html> and <text> elements so CI
tools can consume the coverage XML for badges/thresholds.

In `@src/api_cod/helps.php`:
- Around line 126-136: This block uses $added = $order_values[$get_value] and
later injects $added into SQL "ORDER BY $added $order_direction", so add a
short, explicit comment above this conditional (near variables order_values,
$get_value, $added and the call filter_order('order', $endpoint_data)) stating
the “trusted-config invariant” — that entries in order_values are
file-sourced/whitelisted config only and must never be populated from request/DB
input; optionally note that $get_value is only used as an array key lookup and
not concatenated. Also add the same warning to endpoint_params.json so future
contributors know to keep order_values trusted and not expose it to
user-controlled data.
- Around line 128-140: The code assumes a third parameter $get_value exists and
can cause fatal errors for callers that don't pass it; update the function
signature that contains this block to declare the third parameter as optional
and type-hinted (e.g. string $get_value = '' or ?string $get_value = null) so
callers can omit it, and adjust the conditional to check against an empty
string/null accordingly (using $get_value !== '' or $get_value !== null) before
reading $order_values[$get_value]; keep the existing fallback logic using
filter_order('order', $endpoint_data) ?? $default_order and ensure variable
$added is initialized/handled when $get_value is not provided.

In `@src/api_cod/request.php`:
- Around line 426-431: Rename the local variable $_qua to a descriptive
non-superglobal-like name (e.g., $base_from or $pages_from) used in the block
that builds the SQL fragment so it doesn't resemble PHP superglobals and
improves readability; update its declaration and the subsequent use where it's
passed into add_li_params (the variable referenced as $_qua and the call
list($query, $params) = add_li_params($_qua, [], $endpoint_params)) so the new
name is used consistently.
- Around line 479-480: The call site passes a sanitized $order_value to
add_order() but add_order() still re-reads $_GET via filter_order(), causing
redundancy; change add_order() (the function definition) to accept and use the
provided $order_value parameter exclusively (remove or bypass any internal calls
to filter_order('order', ...) and any fallback to $_GET) and ensure callers
(e.g., the call in request.php) pass the sanitized $order_value; alternatively,
if you prefer the filter inside add_order(), remove the third argument and move
filter_order() to the caller—pick one approach and make the function signature
and all call sites consistent (update add_order() signature and internal logic
and adjust request.php if needed).

In `@src/endpoint_params.json`:
- Around line 488-490: The order_values entry "pupdate_or_add_date" uses
unqualified column names; update it to explicitly qualify pupdate and add_date
with the pages table alias (p) so the expression becomes
GREATEST(UNIX_TIMESTAMP(p.pupdate), UNIX_TIMESTAMP(p.add_date)); this aligns
with the pages query in src/api_cod/request.php which aliases pages as p and
prevents ambiguity when additional joins (e.g., categories ca) are present.

In `@tests/HelpsTest.php`:
- Around line 222-242: Add a unit test exercising the branch where add_order
receives a provided get_value that is NOT present in
endpoint_data['order_values'] so it falls back to filter_order('order', ...) ??
$default_order; replicate the existing test structure but pass a get_value
string not in order_values (e.g. "nonexistent_order_key"), ensure $_GET behavior
is accounted for the same way as the current test, call add_order($query,
$endpoint_data, "nonexistent_order_key") and assert the returned ORDER BY
matches the filter_order/default fallback behavior; reference add_order,
filter_order and endpoint_data['order_values'] to locate the code to test.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7ec106c0-bb18-45d7-938f-1e69f0b6c555

📥 Commits

Reviewing files that changed from the base of the PR and between 34c906a and 75bb4cf.

📒 Files selected for processing (6)

• .gitignore
• phpunit.xml
• src/api_cod/helps.php
• src/api_cod/request.php
• src/endpoint_params.json
• tests/HelpsTest.php