Improve code quality and address static analysis issues

slowestwind · slowestwind · commit 11c7b143cb8f · 2025-10-15T11:45:18.000Z
- Fix missing class brace syntax error in Helper.php
- Refactor getNormalizeAccentsFunction into smaller methods for better maintainability
- Add proper SQL escaping and error handling
- Fix keyword normalization in CollectionDataTable to avoid modification inside loop
- Add comprehensive documentation and parameter validation
- Preserve case sensitivity in normalizeAccents mapping
- Add defensive programming checks for empty values

These changes address potential security hotspots and improve code reliability.
diff --git a/src/CollectionDataTable.php b/src/CollectionDataTable.php
@@ -100,6 +100,11 @@ public function columnSearch(): void
             $regex = $this->request->isRegex($i);
             $keyword = $this->request->columnKeyword($i);
 
+            // Normalize keyword for accent-insensitive search if enabled
+            if ($this->config->isIgnoreAccents()) {
+                $keyword = Helper::normalizeAccents($keyword);
+            }
+
             $this->collection = $this->collection->filter(
                 function ($row) use ($column, $keyword, $regex) {
                     $data = $this->serialize($row);
@@ -109,7 +114,6 @@ function ($row) use ($column, $keyword, $regex) {
 
                     if ($this->config->isIgnoreAccents()) {
                         $value = Helper::normalizeAccents($value);
-                        $keyword = Helper::normalizeAccents($keyword);
                     }
 
                     if ($this->config->isCaseInsensitive()) {
diff --git a/src/QueryDataTable.php b/src/QueryDataTable.php
@@ -564,15 +564,16 @@ protected function castColumn(string $column): string
      */
     protected function compileQuerySearch($query, string $column, string $keyword, string $boolean = 'or'): void
     {
-        $column = $this->wrap($this->addTablePrefix($query, $column));
-        $column = $this->castColumn($column);
-        $sql = $column.' LIKE ?';
-
+        $wrappedColumn = $this->wrap($this->addTablePrefix($query, $column));
+        $castedColumn = $this->castColumn($wrappedColumn);
+        
         if ($this->config->isIgnoreAccents()) {
             // For accent-insensitive search, we normalize both the column and the keyword
-            $sql = $this->getNormalizeAccentsFunction($column).' LIKE ?';
+            $sql = $this->getNormalizeAccentsFunction($castedColumn).' LIKE ?';
         } elseif ($this->config->isCaseInsensitive()) {
-            $sql = 'LOWER('.$column.') LIKE ?';
+            $sql = 'LOWER('.$castedColumn.') LIKE ?';
+        } else {
+            $sql = $castedColumn.' LIKE ?';
         }
 
         $query->{$boolean.'WhereRaw'}($sql, [$this->prepareKeyword($keyword)]);
@@ -708,19 +709,59 @@ protected function prepareKeyword(string $keyword): string
 
     /**
      * Get the database function to normalize accents for the given column.
+     *
+     * @param  string  $column  The column name (should be already wrapped/escaped)
+     * @return string SQL function to normalize accents
      */
     protected function getNormalizeAccentsFunction(string $column): string
     {
+        if (empty($column)) {
+            return "LOWER('')";
+        }
+
         $driver = $this->getConnection()->getDriverName();
         
         return match ($driver) {
-            'mysql' => "REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(LOWER($column), 'ã', 'a'), 'á', 'a'), 'à', 'a'), 'â', 'a'), 'é', 'e'), 'ê', 'e'), 'í', 'i'), 'ó', 'o'), 'ô', 'o'), 'õ', 'o'), 'ú', 'u'), 'ç', 'c'), 'ã', 'a'), 'á', 'a'), 'à', 'a'), 'â', 'a')",
-            'pgsql' => "LOWER(translate($column, 'ÃãÁáÀàÂâÉéÊêÍíÓóÔôÕõÚúÇç', 'aaaaaaaeeeiioooooucc'))",
-            'sqlite' => "LOWER($column)", // SQLite doesn't have built-in accent normalization, so we'll rely on keyword normalization only
+            'mysql' => $this->getMySqlNormalizeFunction($column),
+            'pgsql' => $this->getPostgreSqlNormalizeFunction($column),
+            'sqlite' => "LOWER($column)", // SQLite doesn't have built-in accent normalization
             default => "LOWER($column)" // Fallback for other databases
         };
     }
 
+    /**
+     * Get MySQL-specific accent normalization function.
+     */
+    private function getMySqlNormalizeFunction(string $column): string
+    {
+        $replacements = [
+            'ã' => 'a', 'á' => 'a', 'à' => 'a', 'â' => 'a',
+            'é' => 'e', 'ê' => 'e',
+            'í' => 'i',
+            'ó' => 'o', 'ô' => 'o', 'õ' => 'o',
+            'ú' => 'u',
+            'ç' => 'c'
+        ];
+
+        $sql = "LOWER($column)";
+        foreach ($replacements as $from => $to) {
+            // Use proper SQL string escaping
+            $from = addslashes($from);
+            $to = addslashes($to);
+            $sql = "REPLACE($sql, '$from', '$to')";
+        }
+
+        return $sql;
+    }
+
+    /**
+     * Get PostgreSQL-specific accent normalization function.
+     */
+    private function getPostgreSqlNormalizeFunction(string $column): string
+    {
+        return "LOWER(translate($column, 'ÃãÁáÀàÂâÉéÊêÍíÓóÔôÕõÚúÇç', 'aaaaaaaeeeiioooooucc'))";
+    }
+
     /**
      * Add custom filter handler for the give column.
      *
diff --git a/src/Utilities/Config.php b/src/Utilities/Config.php
@@ -82,7 +82,12 @@ public function isStartsWithSearch(): bool
     }
 
     /**
-     * Check if dataTable config ignores accents when searching.
+     * Check if DataTable config ignores accents when searching.
+     *
+     * When enabled, accented characters are normalized to their base letters
+     * during search operations (e.g., 'é' becomes 'e', 'ã' becomes 'a').
+     *
+     * @return bool True if accent-insensitive search is enabled
      */
     public function isIgnoreAccents(): bool
     {
diff --git a/src/Utilities/Helper.php b/src/Utilities/Helper.php
@@ -12,21 +12,29 @@
 use ReflectionMethod;
 
 class Helper
-
+{
     /**
      * Normalize accented characters to their base letter for accent-insensitive search.
      * Only replaces Portuguese Brazilian accents as specified.
+     *
+     * @param  string  $value  The string to normalize
+     * @return string The normalized string with accents removed
      */
     public static function normalizeAccents(string $value): string
     {
+        if (empty($value)) {
+            return $value;
+        }
+
         $map = [
-            'Ã' => 'a', 'ã' => 'a', 'Á' => 'a', 'á' => 'a', 'À' => 'a', 'à' => 'a', 'Â' => 'a', 'â' => 'a',
-            'É' => 'e', 'é' => 'e', 'Ê' => 'e', 'ê' => 'e',
-            'Í' => 'i', 'í' => 'i',
-            'Ó' => 'o', 'ó' => 'o', 'Ô' => 'o', 'ô' => 'o', 'Õ' => 'o', 'õ' => 'o',
-            'Ú' => 'u', 'ú' => 'u',
-            'Ç' => 'c', 'ç' => 'c',
+            'Ã' => 'A', 'ã' => 'a', 'Á' => 'A', 'á' => 'a', 'À' => 'A', 'à' => 'a', 'Â' => 'A', 'â' => 'a',
+            'É' => 'E', 'é' => 'e', 'Ê' => 'E', 'ê' => 'e',
+            'Í' => 'I', 'í' => 'i',
+            'Ó' => 'O', 'ó' => 'o', 'Ô' => 'O', 'ô' => 'o', 'Õ' => 'O', 'õ' => 'o',
+            'Ú' => 'U', 'ú' => 'u',
+            'Ç' => 'C', 'ç' => 'c',
         ];
+        
         return strtr($value, $map);
     }
 {

Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,12 @@ public function isStartsWithSearch(): bool`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`/**`
`85`		`- * Check if dataTable config ignores accents when searching.`
	`85`	`+ * Check if DataTable config ignores accents when searching.`
	`86`	`+ *`
	`87`	`+ * When enabled, accented characters are normalized to their base letters`
	`88`	`+ * during search operations (e.g., 'é' becomes 'e', 'ã' becomes 'a').`
	`89`	`+ *`
	`90`	`+ * @return bool True if accent-insensitive search is enabled`
`86`	`91`	`*/`
`87`	`92`	`public function isIgnoreAccents(): bool`
`88`	`93`	`{`