Feature/v2 refactor and renamer#20
Conversation
Replace legacy .gitignore patterns with generated-artifact entries. Remove blanket-silenced PHPCS rules in favour of targeted inline ignores. Add composer.json with PSR-4 autoloading, dev dependencies (PHPUnit 11, WPCS 3), scripts (lint, test, package, make-pot), and lock file pinning saltus/framework plus PHPUnit and PHPCS packages. Add phpunit.xml.dist and bin/package.php CLI for distributable ZIPs. Remove obsolete package-lock.json as Node/Grunt is no longer used.
Move plugin header constants to defined() guards for safety. Add PHP version check and Composer dependency check with admin notices. Replace deprecated Loader stub with direct framework registration. Convert Core properties from public to private typed fields with getters. Add return type declarations to all methods across core classes. Remove unused property storage after construction.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by upgrading the PHP requirement to 8.3, replacing Grunt build tasks with Composer scripts, and introducing a new plugin generator UI to download renamed copies of the plugin as a ZIP file. Feedback on these changes highlights a regex bug in the package name generator that mangles uppercase author names, a risk of corrupting third-party assets by globally replacing the version string '2.0.0', an unused $framework parameter in the Core constructor, and the necessity of clearing active output buffers before streaming the ZIP file to prevent archive corruption.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
The Core class no longer needs the Saltus Framework reference. The framework is still instantiated and registered at the plugin level, but is no longer passed into Core. The unused unset() call in the constructor is removed.
Clear all output buffers before sending ZIP headers to prevent "headers already sent" errors.
The regex now allows uppercase letters to pass through before strtolower() runs. Previously, uppercase letters in author names were replaced with dashes, producing incorrect package name segments.
Verify that the renamer correctly replaces the PLUGIN_VERSION value in the main plugin file when a custom version is provided.
Verify the renamer correctly rewrites the composer.json package name from saltus/framework-demo to the target author/slug combination. The test uses a mixed-case author name (Acme Inc) to verify the updated regex preserves uppercase letters before strtolower conversion.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by upgrading the PHP requirement to 8.3, replacing the Grunt build system with Composer scripts, and introducing a new admin UI to generate and download renamed copies of the plugin as a ZIP file. It also updates array syntax to match WordPress standards and adds PHPUnit tests. The review feedback highlights three key improvement opportunities: correcting the return value check for wp_tempnam() and ensuring temporary files are cleaned up via a shutdown function, removing a redundant submenu page registration, and simplifying the unslashing of $_POST data using wp_unslash() directly.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the WordPress demo plugin by upgrading the PHP requirement to 8.3, replacing Grunt with Composer scripts, and refactoring the codebase to adhere to WordPress coding standards. It also introduces a new plugin renamer feature that allows users to generate and download a renamed copy of the plugin as a ZIP file, complete with PHPUnit tests. The review feedback highlights several critical improvements for the renamer feature: validating URLs before they are sanitized by esc_url_raw() to prevent validation bypasses, making validation error messages translatable, checking the return values of ZipArchive operations to handle failures gracefully, and ensuring the error query parameter is a string before sanitizing it to avoid PHP warnings.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Check that $_GET['framework_demo_error'] is a string before passing it to sanitize_text_field(), which expects a string. A malicious array parameter would otherwise trigger PHP warnings.
Run validation before esc_url_raw() to catch invalid URLs before they are silently converted to empty strings. Wrap validation error messages in __() for i18n support.
ZipArchive::close() and addFromString() return false on failure without throwing exceptions. Check their return values and throw RuntimeException on failure to prevent silently generating incomplete or corrupted ZIP files.
Restore WordPress function stubs removed in prior cleanup. Make esc_url_raw return empty string for invalid URLs to match real WordPress behavior.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the WordPress plugin by upgrading the minimum PHP requirement to 8.3, replacing Grunt with Composer scripts, and introducing a new "Rename Plugin" feature that generates customized, renamed ZIP packages of the plugin. It also adds PHPUnit tests, updates coding standards, and refactors core classes to use typed properties and return types. The review feedback suggests improving security and usability on the renamer admin page by storing redirect error messages in WordPress Transients instead of passing them as raw URL query parameters.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
- Change Yoda condition to standard comparison (false === -> === false) - Add phpcs:ignore for NoSilencedErrors warnings in cleanup block - Suppress empty catch sniff on intentional empty catch
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by requiring PHP 8.3+, replacing Grunt with modern Composer scripts and PostCSS, adding PHPUnit tests, and introducing a "Rebrand This Demo" feature that allows users to generate a customized, renamed copy of the plugin. The review feedback focuses on improving the robustness of the rebranding tool, specifically by dynamically retrieving the plugin name in asset loading, suppressing potential PHP warnings from unlink() to prevent "Headers already sent" errors, and ensuring that the author name and homepage are fully rebranded within the generated composer.json file.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Rebrand composer.json author metadata with user-supplied values. - Replace "Saltus" author name and "saltus.dev" homepage URLs - Suppress unlink warnings in delete_file helpers - Add Saltus contributor checkbox on the rebrand form When the contributor checkbox is checked, inject Saltus as a second author in the generated plugin.
Add test coverage for: - Author name and homepage replacements in composer.json - Saltus contributor injection when flag is set - Saltus contributor omission when flag is unset
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by replacing Grunt with Composer scripts, updating PHP requirements to 8.3+, and introducing a rebranding tool to generate customized copies of the plugin. The review feedback highlights several critical improvements for the rebranding and packaging scripts: resolving a path resolution issue in bin/package.php for rebranded plugins, excluding local development cache artifacts (.phpunit.cache and .phpcs-cache) from the generated ZIP, escaping backslashes in the author's name to prevent invalid JSON, and refactoring the contributor insertion in composer.json to use robust JSON parsing instead of fragile string replacement.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Move all procedural functions and variables from bin/package.php into a PackageBuilder class with a single run() entry point. The script now requires the class and delegates to it. Previously the file was a flat script with global functions and top-level variables. The class encapsulates state (root, slug, stage, dist) and exposes only run() publicly, with all build steps as private methods.
Add .github/, bin/, tests/, .phpunit.cache, and all common dev config files (.gitignore, .phpunit.result.cache, package.json, phpcs.xml, phpunit.xml.dist, postcss.config.js, README.md) to the exclusion list so they are not bundled into the renamed plugin download. Refactor add_saltus_contributor() to use json_decode/json_encode instead of fragile str_replace on whitespace-dependent markup, ensuring it works regardless of composer.json formatting.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by upgrading to PHP 8.3, replacing Grunt with Composer scripts and PostCSS, and introducing a rebranding tool that allows users to generate a customized copy of the plugin. It also adds robust testing, static analysis tools, and namespace prefixing via Strauss. Feedback on the changes highlights an out-of-bounds array access risk in the text domain checker (bin/check-textdomains.php) when handling heredocs near the end of a file, as well as overly strict regular expressions for matching the PLUGIN_VERSION constant in both bin/PackageBuilder.php and bin/bump.php that could fail with different code formatting.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by upgrading the PHP requirement to 8.3, replacing Grunt with modern Composer scripts and PostCSS, and introducing a 'Rebrand This Demo' admin tool to generate customized copies of the plugin. Feedback on the changes highlights three key issues: an input validation bypass in PluginIdentity.php where URL sanitization occurs before validation, a potential PHP warning when handling array inputs for the contributor checkbox, and a potential plugin activation failure in RenamerPage.php due to uncleared plugin caches.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
…in cache - Move self::validate() before esc_url_raw() so filter_var validates raw URLs, not the sanitized output esc_url_raw() may have altered - Add is_array guard on saltus_contributor to prevent PHP 8.0+ Array-to-string warning - Call wp_clean_plugins_cache() before activate_plugin() so newly extracted plugins are recognized by WordPress's cached plugin list
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the plugin by replacing the legacy Grunt build system with Composer scripts and PostCSS, upgrading the PHP requirement to 8.3, and introducing a "Rebrand This Demo" admin tool to generate customized copies of the plugin. Feedback on these changes highlights a potential Stored XSS vulnerability in the URL validation of the renamer tool, an array syntax inconsistency in PluginIdentity.php, and redundant token checks in the text domain validation script.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
FILTER_VALIDATE_URL allows non-HTTP schemes such as javascript://, which can lead to stored XSS when the plugin header is rendered in the WordPress admin dashboard. Add an explicit preg_match check requiring http or https scheme, and convert long array syntax to short syntax in the same file. Includes tests for javascript: URL rejection and empty URL passthrough.
PHP's token_get_all() always returns operators (->, ::, ?->) as array tokens (T_OBJECT_OPERATOR, T_DOUBLE_COLON, etc.), never as plain strings. The string comparisons were unreachable dead code.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request modernizes the Saltus Framework Demo plugin by upgrading the minimum PHP requirement to 8.3, replacing the legacy Grunt-based build system with a modern Composer and PostCSS workflow, and introducing a new "Rebrand This Demo" feature. The rebranding tool allows users to generate and download or directly activate a customized copy of the plugin with their own name, slug, namespace, and prefix. Additionally, the codebase has been refactored to use strict typing, PHPCS rules have been updated, and comprehensive unit tests have been added for the rebranding functionality. I have no feedback to provide as there are no review comments.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
No description provided.