fix: whitelist OpenEMR symbols in composer-require-checker

kojiromike · kojiromike · commit 5253940ed6a8 · 2026-03-30T19:40:34.000-04:00
These symbols come from the host OpenEMR application at runtime.
openemr/openemr is a dev-only dependency (not declared in require)
so the checker must allow them explicitly.

Assisted-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.composer-require-checker.json b/.composer-require-checker.json
@@ -14,7 +14,13 @@
     "callable",
     "iterable",
     "void",
-    "object"
+    "object",
+    "attr",
+    "xlt",
+    "OpenEMR\\Common\\Crypto\\CryptoGen",
+    "OpenEMR\\Common\\Database\\QueryUtils",
+    "OpenEMR\\Events\\Globals\\GlobalsInitializedEvent",
+    "OpenEMR\\Services\\Globals\\GlobalSetting"
   ],
   "php-core-extensions": [
     "Core",
diff --git a/src/ConfigService.php b/src/ConfigService.php
@@ -18,15 +18,15 @@ class ConfigService
     private const UPSERT_SQL = <<<'SQL'
         INSERT INTO `globals` (`gl_name`, `gl_index`, `gl_value`)
         VALUES (?, 0, ?)
-        ON DUPLICATE KEY UPDATE `gl_value` = VALUES(`gl_value`)
+        ON DUPLICATE KEY UPDATE `gl_value` = ?
         SQL;
 
     /**
      * Save a setting to the globals table (plaintext).
      */
     public function saveSetting(string $key, string $value): void
     {
-        QueryUtils::sqlStatementThrowException(self::UPSERT_SQL, [$key, $value]);
+        QueryUtils::sqlStatementThrowException(self::UPSERT_SQL, [$key, $value, $value]);
     }
 
     /**
diff --git a/src/GlobalsRegistrar.php b/src/GlobalsRegistrar.php
@@ -42,10 +42,10 @@ static function (GlobalsInitializedEvent $event) use ($descriptor, $globalsBag):
 
                 // Enable/disable toggle
                 $enableSetting = new GlobalSetting(
-                    xlt('Enable ' . $descriptor->sectionName),
+                    sprintf(xlt('Enable %s'), $descriptor->sectionName),
                     GlobalSetting::DATA_TYPE_BOOL,
                     '0',
-                    xlt('Enable or disable the ' . $descriptor->sectionName . ' module'),
+                    sprintf(xlt('Enable or disable the %s module'), $descriptor->sectionName),
                 );
                 $service->appendToSection(
                     $descriptor->sectionName,
diff --git a/tests/Mocks/openemr_functions.php b/tests/Mocks/openemr_functions.php
@@ -15,6 +15,6 @@ function xlt(string $text): string
 if (!function_exists('attr')) {
     function attr(string $text): string
     {
-        return htmlspecialchars($text, ENT_QUOTES);
+        return htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
     }
 }
diff --git a/tests/Unit/ConfigServiceTest.php b/tests/Unit/ConfigServiceTest.php
@@ -31,7 +31,7 @@ public function testSaveSettingExecutesUpsert(): void
         $this->assertCount(1, $queries);
         $this->assertStringContainsString('INSERT INTO `globals`', $queries[0]['sql']);
         $this->assertStringContainsString('ON DUPLICATE KEY UPDATE', $queries[0]['sql']);
-        $this->assertSame(['oce_test_key', 'test_value'], $queries[0]['binds']);
+        $this->assertSame(['oce_test_key', 'test_value', 'test_value'], $queries[0]['binds']);
     }
 
     public function testSaveEncryptedSettingEncryptsBeforeSaving(): void
@@ -41,8 +41,10 @@ public function testSaveEncryptedSettingEncryptsBeforeSaving(): void
         $queries = QueryUtils::getQueries();
         $this->assertCount(1, $queries);
         $this->assertSame('oce_secret_key', $queries[0]['binds'][0]);
-        // MockCryptoGen uses base64
-        $this->assertSame(base64_encode('secret_value'), $queries[0]['binds'][1]);
+        // MockCryptoGen uses base64; value is bound twice for INSERT and UPDATE
+        $encrypted = base64_encode('secret_value');
+        $this->assertSame($encrypted, $queries[0]['binds'][1]);
+        $this->assertSame($encrypted, $queries[0]['binds'][2]);
     }
 
     public function testSaveSettingPropagatesExceptions(): void
@@ -62,7 +64,7 @@ public function testMultipleSaveSettingCallsAreRecorded(): void
 
         $queries = QueryUtils::getQueries();
         $this->assertCount(2, $queries);
-        $this->assertSame(['key_a', 'val_a'], $queries[0]['binds']);
-        $this->assertSame(['key_b', 'val_b'], $queries[1]['binds']);
+        $this->assertSame(['key_a', 'val_a', 'val_a'], $queries[0]['binds']);
+        $this->assertSame(['key_b', 'val_b', 'val_b'], $queries[1]['binds']);
     }
 }
diff --git a/tests/Unit/GlobalsRegistrarTest.php b/tests/Unit/GlobalsRegistrarTest.php
@@ -37,6 +37,14 @@ public function testRegisterAddsListener(): void
         $this->assertTrue($dispatcher->hasListeners(GlobalsInitializedEvent::EVENT_HANDLE));
     }
 
+    protected function tearDown(): void
+    {
+        // Clean up global state written by GlobalsService::save()
+        // phpcs:ignore Squiz.PHP.GlobalKeyword.NotAllowed
+        global $GLOBALS_METADATA;
+        $GLOBALS_METADATA = null;
+    }
+
     /**
      * Dispatch the event and return the captured globals metadata.
      *
@@ -80,6 +88,7 @@ public function testCreatesSectionWithSettingsLink(): void
     {
         $metadata = $this->dispatchAndCapture();
 
+        $this->assertArrayHasKey('OpenCoreEMR Test Module', $metadata);
         $section = $metadata['OpenCoreEMR Test Module'];
         $this->assertArrayHasKey('oce_test_module_enabled_settings_link', $section);
 
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
@@ -8,7 +8,7 @@
 // Suppress error_log output during tests
 ini_set('error_log', '/dev/null');
 
-// Load mock classes before anything else to prevent "class not found" errors
+// Load mock classes to shadow real OpenEMR classes (must come after autoloader)
 require_once __DIR__ . '/Mocks/MockQueryUtils.php';
 require_once __DIR__ . '/Mocks/MockCryptoGen.php';
 require_once __DIR__ . '/Mocks/openemr_functions.php';

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,6 @@ function xlt(string $text): string`
`15`	`15`	`if (!function_exists('attr')) {`
`16`	`16`	`function attr(string $text): string`
`17`	`17`	`{`
`18`		`- return htmlspecialchars($text, ENT_QUOTES);`
	`18`	`+ return htmlspecialchars($text, ENT_QUOTES \| ENT_SUBSTITUTE, 'UTF-8');`
`19`	`19`	`}`
`20`	`20`	`}`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,14 @@ public function testRegisterAddsListener(): void`
`37`	`37`	`$this->assertTrue($dispatcher->hasListeners(GlobalsInitializedEvent::EVENT_HANDLE));`
`38`	`38`	`}`
`39`	`39`
	`40`	`+ protected function tearDown(): void`
	`41`	`+ {`
	`42`	`+ // Clean up global state written by GlobalsService::save()`
	`43`	`+ // phpcs:ignore Squiz.PHP.GlobalKeyword.NotAllowed`
	`44`	`+ global $GLOBALS_METADATA;`
	`45`	`+ $GLOBALS_METADATA = null;`
	`46`	`+ }`
	`47`	`+`
`40`	`48`	`/**`
`41`	`49`	`* Dispatch the event and return the captured globals metadata.`
`42`	`50`	`*`
`@@ -80,6 +88,7 @@ public function testCreatesSectionWithSettingsLink(): void`
`80`	`88`	`{`
`81`	`89`	`$metadata = $this->dispatchAndCapture();`
`82`	`90`
	`91`	`+ $this->assertArrayHasKey('OpenCoreEMR Test Module', $metadata);`
`83`	`92`	`$section = $metadata['OpenCoreEMR Test Module'];`
`84`	`93`	`$this->assertArrayHasKey('oce_test_module_enabled_settings_link', $section);`
`85`	`94`