PHPCS and PHPStan fixes.

Author: colinmurphy

plugins/hwp-previews/src/Admin/Settings/Fields/Field/Abstract_Settings_Field.php

@@ -90,7 +90,7 @@ public function get_title(): string {
 		 * Get the description field.
 		 */
 	public function get_description(): string {
-		return esc_attr( $this->description );
+		return $this->description;
 	}
 
 	/**
@@ -126,7 +126,7 @@ public function settings_field_callback( array $args ): void {
 				<span class="dashicons dashicons-editor-help"></span>
 				<span id="%2$s-tooltip" class="tooltip-text description">%1$s</span>
 			</div>',
-			$this->get_description(),
+			esc_attr( $this->get_description() ),
 			esc_attr( $settings_key )
 		);
 

plugins/hwp-previews/src/Admin/Settings/Fields/Field/URL_Input_Field.php

@@ -8,39 +8,25 @@ class URL_Input_Field extends Text_Input_Field {
 	/**
 	 * @param mixed $value
 	 */
-public function sanitize_field( $value ): string {
-    $value = sanitize_text_field( (string) $value );
-    if ( ! $value ) {
-        return '';
-    }
-
-	// Validate the URL format
-    if ( false !== wp_http_validate_url( $value ) ) {
-        return $value;
-    }
-
-    // Clean and fix the URL and allow curly braces for parameter replacement
-    $value = $this->fix_url( $value );
-
-    // Sanitize while preserving placeholders
-	$value = str_replace( ['{', '}'], ['___OPEN___', '___CLOSE___'], $value );
-   	$value = esc_url_raw( $value );
-    return str_replace( ['___OPEN___', '___CLOSE___'], ['{', '}'], $value );
-}
-
-private function fix_url( string $value ): string {
-    // Remove HTML tags, trim, encode spaces, add protocol
-    $value = preg_replace( '/<(?!\{)[^>]+>/', '', $value );
-    $value = trim( str_replace( ' ', '%20', $value ) );
-
-    if ( $value && ! preg_match( '/^https?:\/\//i', $value ) ) {
-        $protocol = is_ssl() ? 'https://' : 'http://';
-        $value = $protocol . ltrim( $value, '/' );
-    }
-
-    return $value;
-}
-
+	public function sanitize_field( $value ): string {
+		$value = sanitize_text_field( (string) $value );
+		if ( '' === $value ) {
+			return '';
+		}
+
+		// Validate the URL format.
+		if ( false !== wp_http_validate_url( $value ) ) {
+			return $value;
+		}
+
+		// Clean and fix the URL and allow curly braces for parameter replacement.
+		$value = $this->fix_url( $value );
+
+		// Sanitize while preserving placeholders.
+		$value = str_replace( [ '{', '}' ], [ '___OPEN___', '___CLOSE___' ], $value );
+		$value = esc_url_raw( $value );
+		return str_replace( [ '___OPEN___', '___CLOSE___' ], [ '{', '}' ], $value );
+	}
 
 	/**
 	 * URL input field constructor.
@@ -50,4 +36,26 @@ private function fix_url( string $value ): string {
 	public function get_input_type(): string {
 		return 'url';
 	}
+
+	/**
+	 * Fixes the URL by removing HTML tags, trimming whitespace, encoding spaces, and adding a protocol if missing.
+	 *
+	 * @param string $value
+	 */
+	private function fix_url( string $value ): string {
+		// Remove HTML tags, trim, encode spaces, add protocol.
+		$value = preg_replace( '/<(?!\{)[^>]+>/', '', $value );
+		$value = trim( str_replace( ' ', '%20', (string) $value ) );
+
+		if ( '' === $value ) {
+			return '';
+		}
+
+		$has_prootocol = preg_match( '/^https?:\/\//i', $value ) === 1;
+		if ( $has_prootocol ) {
+			return $value;
+		}
+			$protocol = is_ssl() ? 'https://' : 'http://';
+			return $protocol . ltrim( $value, '/' );
+	}
 }