Tweaks

[superdav42]

Summary by CodeRabbit

• Bug Fixes

  • Corrected the PHP snippet shown in the setup wizard
  • Fixed redirects to primary domain and mapping-related redirect behavior
  • Resolved extra domain creation for subdirectory installs
  • Fixed conflict with YesCookie plugin

• Improvements

  • Domain search now includes mapped domains in results
  • Template selection shows larger, higher-quality preview images
  • Domain mapping instructions now allow HTML and clarified wording

• Documentation

  • Added changelog entry for Version 2.4.7

[coderabbitai]

Walkthrough

Refactors and behavioral tweaks across database table caching, site/domain handling, installer messages, admin notices, template thumbnails, build scripts, and minor docblocks/annotations; adds domain-aware site search and tightens redirect/creation side effects.

Changes

Cohort / File(s)	Change Summary
Database Table Class inc/database/engine/class-table.php	Added @property-read string $name; converted protected $_exists → private typed bool $exists; is_upgradeable() and exists() now declare : bool; exists() caching updated to use the new property.
Admin Setup Wizard inc/admin-pages/class-setup-wizard-admin-page.php	Fixed SUNRISE code example by quoting the constant name in the generated snippet (corrected define( SUNRISE, '1' ); to use quoted constant).
Core Installer inc/installers/class-core-installer.php	Added phpcs ignore comments on underscore-prefixed installers; post-install verification now checks table get_version() instead of relying on install() return.
Primary Domain / Redirects inc/domain-mapping/class-primary-domain.php	Only perform redirect when computed URL differs from current URL (if ($url !== $new_url) wrapping redirect + exit); added TODO/phpcs ignore around redirect call.
Domain Manager inc/managers/class-domain-manager.php	Registered wu_domain_post_delete handler with 2 args (was 3); removed automatic domain creation for non-subdomain sites in handle_site_created; enabled allow_html => true for domain mapping instructions and adjusted UI strings/attrs.
Site / Search Logic inc/functions/site.php, inc/models/class-site.php	wu_get_sites now does domain-aware search: collect domain IDs via wu_get_domains, return domain-scoped matches first then remaining sites (adjusting limits and exclusions); Site renamed _membership → membership, set_public($public) → set_public($is_public), and URL/path assembly uses trimmed paths.
Host Provider Integration inc/integrations/host-providers/class-base-host-provider.php	Defer admin alert: call alert_provider_not_setup() immediately if did_action('init'), otherwise hook it into init to avoid early textdomain loading.
Models & Docs inc/models/class-domain.php, inc/models/class-product.php	Docblock grammar fix in get_path(); $_mappings annotated with phpcs ignore; duplicate() docblock broadened return to `Base_Model
Checkout Template Thumbnails views/checkout/templates/template-selection/*.php	Use larger thumbnail: get_featured_image('wu-thumb-large') in clean.php, legacy.php, and minimal.php.
Build Scripts package.json	build script now runs npm-run-all --parallel copylibs uglify cleancss; archive moved into a new postbuild script.
Changelog readme.txt	Added Version 2.4.7 changelog and upgrade notice entries documenting fixes and improvements.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant wu_get_sites as wu_get_sites()
    participant wu_get_domains as wu_get_domains()
    participant Query as Site Query

    Client->>wu_get_sites: Search request (term, number=N)
    activate wu_get_sites

    wu_get_sites->>wu_get_domains: Request domain_ids (search, number, fields, blog_id__in?)
    activate wu_get_domains
    wu_get_domains-->>wu_get_sites: domain_ids
    deactivate wu_get_domains

    alt domain_ids found
        Note over wu_get_sites: Query domain-scoped sites first (sites_by_domain)
        wu_get_sites->>Query: Query sites with blog_id__in = domain_ids
        activate Query
        Query-->>wu_get_sites: sites_by_domain
        deactivate Query

        Note over wu_get_sites: Adjust remaining limit and exclude domain_ids
        wu_get_sites->>Query: Query remaining sites (blog_id__not_in = domain_ids, number = N - count(domain_ids))
        activate Query
        Query-->>wu_get_sites: remaining_sites
        deactivate Query

        wu_get_sites-->>Client: return sites_by_domain + remaining_sites
    else no domain_ids
        wu_get_sites->>Query: Query standard sites (search, number=N)
        activate Query
        Query-->>wu_get_sites: sites
        deactivate Query

        wu_get_sites-->>Client: return sites
    end

    deactivate wu_get_sites

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Key attention areas:

• inc/functions/site.php — verify domain-first ordering, limit math, exclusions, and edge cases when domain results >= requested number.
• inc/models/class-site.php — ensure all references updated from _membership → membership and set_public rename’s callers adjusted.
• inc/managers/class-domain-manager.php — confirm hook arity change (3→2) doesn’t break existing integrations and validate removal of domain-creation side-effect.
• inc/database/engine/class-table.php — check external code or subclasses referencing $_exists for breakage due to name/visibility change.
• inc/domain-mapping/class-primary-domain.php — review redirect wrapping to ensure no regression in redirect behavior or tests.

Poem

"I'm a rabbit in the code so spry,
I quoted SUNRISE and let redirects spy,
I fetched big thumbs and trimmed each path,
Cached memberships, tweaked builds—no wrath,
Hoppity hop—merge and fly!" 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The PR title "Tweaks" is overly generic and non-descriptive, failing to convey meaningful information about the changeset to reviewers scanning the history. While the changes do represent minor improvements and fixes across multiple files, the title uses a vague term that provides no insight into what is actually being modified. The PR spans diverse areas including domain mapping, database models, site management, build configuration, and template selection, making a single descriptive title important for clarity.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch tweaks

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (5)

package.json (1)

31-32: Consider parallel execution for build:dev and build:translate for consistency.

Lines 31–32 still use sequential execution (&&) for build:dev and build:translate, whereas the main build script (line 29) now uses parallel execution. If the parallelization is safe for the main build, consider applying the same pattern to these scripts for consistency and performance:

-"build:dev": "npm run copylibs && npm run uglify && npm run cleancss && npm run makepot",
-"build:translate": "npm run copylibs && npm run uglify && npm run cleancss && npm run makepot && npm run translate",
+"build:dev": "npm-run-all --parallel copylibs uglify cleancss makepot",
+"build:translate": "npm-run-all --parallel copylibs uglify cleancss makepot translate",

(Note: Adjust the makepot and translate sequencing if they depend on outputs from the prior tasks.)

inc/integrations/host-providers/class-base-host-provider.php (2)

97-102: Good fix for text domain timing, but consider applying the same pattern to alert_provider_detected().

The conditional deferment correctly ensures that translation functions are not called before the text domain is loaded. However, alert_provider_detected() at line 83 also uses translation functions (__()) but is called immediately without the same safety check. For consistency and to avoid potential timing issues, consider applying the same did_action('init') pattern there as well.

Apply this pattern to alert_provider_detected() for consistency:

 if ($this->detect() && ! $this->is_enabled()) {
     /*
      * Adds an admin notice telling the admin that they should probably enable this integration.
      */
-    $this->alert_provider_detected();
+    if (did_action('init')) {
+        $this->alert_provider_detected();
+    } else {
+        add_action('init', [$this, 'alert_provider_detected']);
+    }
 }

---

118-118: Consider the same pattern for add_to_integration_list to handle late initialization.

Line 118 always hooks add_to_integration_list to the init action without checking if it has already fired. If this class's init() method is ever called after WordPress's init action completes, the callback will never execute. While this may not be an issue in practice if initialization timing is controlled, applying the same conditional pattern would make the code more robust.

-add_action('init', [$this, 'add_to_integration_list']);
+if (did_action('init')) {
+    $this->add_to_integration_list();
+} else {
+    add_action('init', [$this, 'add_to_integration_list']);
+}

inc/database/engine/class-table.php (1)

37-37: Typed property improves type safety.

The change to a typed bool property with private visibility is good. The uninitialized property works correctly with the isset() pattern on line 66, and making it private better encapsulates this caching implementation detail.

Alternatively, you could use private ?bool $exists = null; with a null check for more explicit intent, though both approaches are valid.

inc/managers/class-domain-manager.php (1)

394-407: Clarify the placeholder sample.

Please move the trailing period outside the <code> snippet so the UI shows %NETWORK_IP% (without the dot) before “HTML is allowed.” It keeps the copied placeholder consistent with the actual token your replacement routine expects.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4731cdd and 2142ae4.

📒 Files selected for processing (14)

• inc/admin-pages/class-setup-wizard-admin-page.php (1 hunks)
• inc/database/engine/class-table.php (4 hunks)
• inc/domain-mapping/class-primary-domain.php (2 hunks)
• inc/functions/site.php (1 hunks)
• inc/installers/class-core-installer.php (3 hunks)
• inc/integrations/host-providers/class-base-host-provider.php (1 hunks)
• inc/managers/class-domain-manager.php (2 hunks)
• inc/models/class-domain.php (1 hunks)
• inc/models/class-product.php (2 hunks)
• inc/models/class-site.php (8 hunks)
• package.json (1 hunks)
• views/checkout/templates/template-selection/clean.php (1 hunks)
• views/checkout/templates/template-selection/legacy.php (1 hunks)
• views/checkout/templates/template-selection/minimal.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

inc/installers/class-core-installer.php (1)

inc/database/sites/class-sites-table.php (1)

• install (73-73)

inc/functions/site.php (2)

inc/models/class-base-model.php (1)

• query (833-842)

inc/models/class-site.php (1)

• Site (26-1925)

inc/models/class-site.php (1)

inc/models/class-payment.php (1)

• get_membership_id (289-292)

inc/database/engine/class-table.php (2)

inc/models/class-site.php (1)

• exists (1243-1246)

inc/models/class-base-model.php (1)

• exists (323-326)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: cypress (8.2, chrome)
• GitHub Check: cypress (8.1, chrome)

🔇 Additional comments (13)

package.json (1)

29-30: Verify that build subtasks can safely run in parallel and check postbuild lifecycle handling.

The refactoring uses npm-run-all --parallel for the build script (good for performance), which assumes copylibs, uglify, and cleancss are independent and have no file system conflicts. The new postbuild script correctly uses npm's lifecycle hook to run archive after the main build completes, following npm conventions.

However, verify that:

1. The three parallelized tasks (copylibs, uglify, cleancss) have no undocumented dependencies or write conflicts
2. npm-run-all v4.1.5 properly respects the postbuild lifecycle hook

You can verify the task independence by reviewing the scripts at scripts/copy-libs.js, scripts/uglify.js, and scripts/cleancss.js to confirm they operate on distinct file sets and outputs.

inc/installers/class-core-installer.php (2)

97-121: LGTM! Correct validation approach.

The validation logic has been improved to check get_version() after installation instead of checking the return value of install(). Since install() returns void (as confirmed in the relevant code snippet for Sites_Table::install()), this change correctly validates the installation by inspecting the table's version post-install.

---

132-132: LGTM!

The phpcs ignore comment is appropriate for this method with an underscore prefix.

inc/admin-pages/class-setup-wizard-admin-page.php (1)

773-773: LGTM! Critical syntax fix in user guidance.

The code snippet now correctly shows define( 'SUNRISE', '1' ); with quotes around SUNRISE. The previous version without quotes would have been invalid PHP syntax, as SUNRISE without quotes would be interpreted as a constant reference rather than a string literal. This fix ensures users receive correct instructions for their wp-config.php configuration.

views/checkout/templates/template-selection/legacy.php (1)

205-205: LGTM! Image size is properly registered.

The 'wu-thumb-large' image size is confirmed to be registered in inc/managers/class-site-manager.php at line 400 with dimensions 900×675. The escaping is correct, and the code change appropriately references this registered size.

inc/database/engine/class-table.php (3)

19-19: Good addition for IDE support.

The @property-read annotation improves developer experience by documenting the inherited $name property from the BerlinDB parent class, enabling better autocomplete and static analysis.

---

49-56: Return type improves type safety.

Adding the : bool return type declaration is correct and enhances type safety. All code paths return boolean values.

---

64-71: Caching implementation is correct.

The return type declaration and caching logic are well implemented. The isset() check correctly handles the uninitialized typed property, caching the result from parent::exists() on first access and returning the cached value on subsequent calls.

inc/models/class-product.php (1)

1368-1369: Docblock return type clarification is welcome.

Thanks for updating the PHPDoc to reflect the actual Base_Model|Product return type, it keeps downstream tooling aligned.

inc/models/class-site.php (1)

997-1030: Membership cache rename improves clarity.

Switching the private cache to $membership and consolidating the getter logic keeps the property name consistent with its usage without affecting behavior.

inc/models/class-domain.php (1)

233-233: Doc comment typo fix appreciated.

Nice to see the grammar correction in the getter documentation.

inc/domain-mapping/class-primary-domain.php (1)

108-113: Redirect guard prevents superfluous loops.

Only redirecting when the new URL actually differs avoids redundant redirects while keeping the existing behavior intact.

inc/managers/class-domain-manager.php (1)

159-159: Arity alignment avoids PHP 8 fatals.

Matching the accepted argument count with the two-parameter callback stops WordPress from forwarding the unused third argument, eliminating the ArgumentCountError we were seeing on PHP 8+. Good fix.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Guard access to $query['number'] before mutating it.

When wu_get_sites() is called with a search but without an explicit number, $query['number'] is undefined. Reading it raises PHP notices, and subtracting from it coerces null to 0, making $query['number'] negative and causing the function to return only the domain-matched sites—dropping the regular site results entirely. Please capture the original limit (if any) before the domain lookup and only adjust number when it exists; otherwise leave it unset.

-		$domain_ids = wu_get_domains(
-			[
-				'number'      => $query['number'],
-				'search'      => '*' . $query['search'] . '*',
-				'fields'      => ['blog_id'],
-				'blog_id__in' => $query['blog_id__in'] ?? false,
-			]
-		);
+		$limit = isset($query['number']) ? (int) $query['number'] : null;
+
+		$domain_query_args = [
+			'search'      => '*' . $query['search'] . '*',
+			'fields'      => ['blog_id'],
+			'blog_id__in' => $query['blog_id__in'] ?? false,
+		];
+
+		if (null !== $limit) {
+			$domain_query_args['number'] = $limit;
+		}
+
+		$domain_ids = wu_get_domains($domain_query_args);
@@
-			$sites_with_domain_query                = $query;
-			$sites_with_domain_query['blog_id__in'] = $domain_ids;
-			unset($sites_with_domain_query['search']);
-			$sites_by_domain = \WP_Ultimo\Models\Site::query($sites_with_domain_query);
-
-			$query['number']         -= count($sites_by_domain);
-			$query['blog_id__not_in'] = $domain_ids;
-
-			if ($query['number'] <= 0) {
-				// We reached the limit already.
-				return $sites_by_domain;
-			}
-			$sites = \WP_Ultimo\Models\Site::query($query);
-			// return matches by domain first.
-			return array_merge($sites_by_domain, $sites);
+			$sites_with_domain_query                = $query;
+			$sites_with_domain_query['blog_id__in'] = $domain_ids;
+			unset($sites_with_domain_query['search']);
+			$sites_by_domain = \WP_Ultimo\Models\Site::query($sites_with_domain_query);
+
+			if (null !== $limit) {
+				$remaining = max(0, $limit - count($sites_by_domain));
+				$query['number'] = $remaining;
+				if (0 === $remaining) {
+					return $sites_by_domain;
+				}
+			} else {
+				unset($query['number']);
+			}
+
+			$query['blog_id__not_in'] = $domain_ids;
+			$sites                    = \WP_Ultimo\Models\Site::query($query);
+			// return matches by domain first.
+			return array_merge($sites_by_domain, $sites);

🤖 Prompt for AI Agents

In inc/functions/site.php around lines 65 to 95, capture the original limit with
something like $original_number = $query['number'] ?? null before mutating
$query; only subtract count($sites_by_domain) and set $query['number'] when
$original_number is not null (or is_numeric), and perform the <= 0 early-return
check only in that case; if there was no original number, leave $query['number']
unset so the second query returns the remaining results as expected.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use esc_url() for the image source attribute.

The explicit image size parameter improves consistency. However, the src attribute should use esc_url() instead of esc_attr() for proper URL sanitization.

-<img class="wu-site-template-image wu-w-full wu-border-solid wu-border wu-border-gray-300 wu-mb-4 wu-bg-white" src="<?php echo esc_attr($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">
+<img class="wu-site-template-image wu-w-full wu-border-solid wu-border wu-border-gray-300 wu-mb-4 wu-bg-white" src="<?php echo esc_url($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<img class="wu-site-template-image wu-w-full wu-border-solid wu-border wu-border-gray-300 wu-mb-4 wu-bg-white" src="<?php echo esc_attr($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">
	<img class="wu-site-template-image wu-w-full wu-border-solid wu-border wu-border-gray-300 wu-mb-4 wu-bg-white" src="<?php echo esc_url($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">

🤖 Prompt for AI Agents

In views/checkout/templates/template-selection/clean.php around line 117, the
image src is currently sanitized with esc_attr() but should use esc_url() for
proper URL escaping; update the src attribute to wrap
$site_template->get_featured_image('wu-thumb-large') with esc_url() while
keeping esc_attr() for the alt attribute, ensuring the output remains escaped
and safe for use in an HTML src.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use esc_url() for the image source attribute.

The addition of the explicit image size parameter is good. However, since this line is being modified, consider using esc_url() instead of esc_attr() for the src attribute, as it's specifically designed for URL sanitization.

-<img class="wu-site-template-image" src="<?php echo esc_attr($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">
+<img class="wu-site-template-image" src="<?php echo esc_url($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<img class="wu-site-template-image" src="<?php echo esc_attr($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">
	<img class="wu-site-template-image" src="<?php echo esc_url($site_template->get_featured_image('wu-thumb-large')); ?>" alt="<?php echo esc_attr($site_template->get_title()); ?>">

🤖 Prompt for AI Agents

In views/checkout/templates/template-selection/minimal.php around line 102, the
img src is escaped with esc_attr() which is intended for general attributes;
replace esc_attr() with esc_url() for the src attribute while keeping esc_attr()
for the alt text — i.e., call
esc_url($site_template->get_featured_image('wu-thumb-large')) for src and leave
esc_attr($site_template->get_title()) for alt to ensure proper URL sanitization.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2142ae4 and 2fa798a.

📒 Files selected for processing (2)

• inc/functions/site.php (1 hunks)
• readme.txt (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• readme.txt

🧰 Additional context used

🧬 Code graph analysis (1)

inc/functions/site.php (2)

inc/models/class-base-model.php (1)

• query (833-842)

inc/models/class-site.php (1)

• Site (26-1925)

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2fa798a and c812b09.

📒 Files selected for processing (1)

• inc/functions/site.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

inc/functions/site.php (2)

inc/models/class-base-model.php (1)

• query (833-842)

inc/models/class-site.php (1)

• Site (26-1925)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: PHP 8.4
• GitHub Check: cypress (8.1, chrome)
• GitHub Check: cypress (8.2, chrome)

🔇 Additional comments (1)

inc/functions/site.php (1)

68-99: Domain-aware search logic handles limits correctly; confirm default behavior is intentional.

The changes successfully prevent the PHP notices and negative number issues raised in the previous review. The logic now flows correctly:

1. Lines 89-90 properly preserve existing blog_id__not_in filters by merging with new domain IDs ✓
2. Line 88's subtraction now operates on a defined number (due to the default at line 65) ✓
3. The early return at line 92 correctly handles the case when domain results fill the limit ✓

However, the implementation differs from the previous review's suggestion: instead of distinguishing between "no limit specified" (unlimited results) and "limit specified" (bounded results), the code now always imposes a default limit of 100. This prevents unbounded queries, which may be intentional for performance reasons.

Can you confirm the default limit of 100 (line 65) is the intended behavior when callers don't specify a number? The previous suggestion recommended allowing unlimited results in that scenario, but a default limit may be a better design choice for your use case.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use isset() instead of empty() to check for number parameter.

The empty() function returns true for 0, false, and empty strings, not just unset/null values. If a caller explicitly sets $query['number'] = 0 (perhaps for counting or other purposes), it will be incorrectly overridden to 100.

Apply this diff to check only for unset/null:

-	if ( empty($query['number']) ) {
+	if ( ! isset($query['number']) ) {
 		$query['number'] = 100;
 	}

🤖 Prompt for AI Agents

In inc/functions/site.php around lines 64 to 66, the code uses
empty($query['number']) which treats 0/false as empty and will override an
explicit 0; change the condition to check only for unset or null (e.g., use
!isset($query['number']) or a strict null check) so that only missing/null
values get the default 100 and explicit 0 or false values are preserved.