Replace Psalm with PHPStan + PHP‑CS‑Fixer + Biome, add linting configs & cleanup

- Removed the `vimeo/psalm` dependency and all related files (`psalm.xml`, `psalm‑baseline.xml`, suppress annotations). - Added **PHPStan** (v2.1.54) and **PHP‑CS‑Fixer** (v3.95.1) to `vendor/bin/`. - Created `phpstan.neon` (level 5, bootstraps `app/bootstrap.php`, scans `Parsedown.php`). - Created `phpstan‑baseline.neon` with 10 pre‑existing errors. - Added `.php‑cs‑fixer.dist.php` (PSR‑12 + PHP80Migration, targets `app/src` & `app/tests`). - Added `biome.json` and updated `justfile` to replace the old Psalm recipes with `phpstan`, `cs‑check`, and `cs‑fix`. - Updated `.gitignore` to exclude PHPStan and PHP‑CS‑Fixer cache files. - Updated several JS files (`file‑preview.js`, `file‑upload‑queue.js`) eand PHP controllers (`MediaController.php`, `SearchController.php`, `SystemController.php`). - Minor adjustments to `TODO.md`, `app/src/Database.php`, `app/src/Parsedown.php`, `app/src/ShareLink.php`, and `app/src/SmtpRelay.php`.
2026-06-25 16:19:19 +02:00 · 2026-05-04 16:06:44 +02:00
parent d6e30ec9cd
commit 0a05f3911c
16 changed files with 191 additions and 58 deletions
--- a/app/src/Controllers/MediaController.php
+++ b/app/src/Controllers/MediaController.php
@@ -109,14 +109,9 @@ class MediaController
        // 5. Determine if download was explicitly requested
        $forceDownload = !empty($_GET['download']) && $_GET['download'] === '1';

-        // File types that should be displayed inline by default
-        $inlineExts = ['jpg','jpeg','png','gif','webp','pdf','mp4','webm','ogv','mov',
-                       'mp3','ogg','oga','wav','flac','aac','m4a','vtt'];
-        $inline = in_array($ext, $inlineExts, true) && !$forceDownload;
-
        // 6. Send response headers
        header('Content-Type: ' . $mimeType);
-        header('Content-Length: ' . filesize($realFull));
+        header('Content-Length: ' . (int) filesize($realFull));
        header('X-Content-Type-Options: nosniff');

        if ($ext === 'vtt') {
@@ -155,7 +150,7 @@ class MediaController
     */
    private function streamWithRange(string $path, string $mimeType): void
    {
-        $size  = filesize($path);
+        $size  = (int) filesize($path);
        $start = 0;
        $end   = $size - 1;

--- a/app/src/Controllers/SearchController.php
+++ b/app/src/Controllers/SearchController.php
@@ -233,7 +233,6 @@ class SearchController
        array $activeFilters,
    ): never {
        header("Content-Type: text/html; charset=UTF-8");
-        $isHtmx = true;
        include APP_ROOT . "/templates/partials/repertoire-index.php";
        exit();
    }
--- a/app/src/Controllers/SystemController.php
+++ b/app/src/Controllers/SystemController.php
@@ -98,9 +98,9 @@ class SystemController
        $info = [
            'version'      => PHP_VERSION,
            'sapi'         => PHP_SAPI,
-            'memory_limit' => ini_get('memory_limit'),
-            'upload_max'   => ini_get('upload_max_filesize'),
-            'post_max'     => ini_get('post_max_size'),
+            'memory_limit' => (string) ini_get('memory_limit'),
+            'upload_max'   => (string) ini_get('upload_max_filesize'),
+            'post_max'     => (string) ini_get('post_max_size'),
            'max_exec'     => ini_get('max_execution_time') . 's',
        ];
        $this->cache->set('php_info', $info);
@@ -123,7 +123,7 @@ class SystemController
        $total = (int) disk_total_space(APP_ROOT);
        $free  = (int) disk_free_space(APP_ROOT);
        $used  = $total - $free;
-        $pct   = $total > 0 ? (int) round($used / $total * 100) : 0;
+        $pct   = $total > 0 ? (int) round((float) $used / (float) $total * 100.0) : 0;

        $info = ['total' => $total, 'free' => $free, 'used' => $used, 'pct' => $pct];
        $this->cache->set('disk_info', $info);
@@ -449,7 +449,7 @@ class SystemController
        ]);
        $start = microtime(true);
        curl_exec($ch);
-        $ms   = (int) round((microtime(true) - $start) * 1000);
+        $ms   = (int) round((microtime(true) - $start) * 1000.0);
        $code = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE);
        return $code > 0 ? [$code, $ms] : null;
    }
--- a/app/src/Database.php
+++ b/app/src/Database.php
@@ -1242,7 +1242,7 @@ class Database {
                $role       = in_array($member['role'], ['president', 'promoteur', 'lecteur'])
                                ? $member['role'] : 'promoteur';
                $isExternal = isset($member['is_external']) ? (int)$member['is_external'] : 0;
-                $stmt->execute([$thesisId, $supervisorId, $role, $isExternal, $order + 1]);
+                $stmt->execute([$thesisId, $supervisorId, $role, $isExternal, (int)$order + 1]);
            }
            if (!$alreadyInTransaction) {
                $this->pdo->commit();
@@ -1605,7 +1605,7 @@ class Database {
            if ($name === '') continue;
            $showContact = !empty($author['show_contact']);
            $authorId = $this->findOrCreateAuthor($name, $author['email'] ?? null, $showContact);
-            $stmt->execute([$thesisId, $authorId, $index + 1]);
+            $stmt->execute([$thesisId, $authorId, (int)$index + 1]);
        }
    }

@@ -1763,7 +1763,7 @@ class Database {
            "UPDATE thesis_files SET sort_order = ? WHERE id = ? AND thesis_id = ?"
        );
        foreach ($order as $i => $fileId) {
-            $stmt->execute([$i + 1, (int)$fileId, $thesisId]);
+            $stmt->execute([(int)$i + 1, (int)$fileId, $thesisId]);
        }
    }

--- a/app/src/Parsedown.php
+++ b/app/src/Parsedown.php
@@ -1880,7 +1880,7 @@ class Parsedown

        if ( ! empty($Element['attributes']))
        {
-            foreach ($Element['attributes'] as $att => $val)
+            foreach ($Element['attributes'] as $att => $_)
            {
                # filter out badly parsed attribute
                if ( ! preg_match($goodAttribute, $att))
--- a/app/src/ShareLink.php
+++ b/app/src/ShareLink.php
@@ -46,9 +46,9 @@ class ShareLink
     * @param int        $createdBy    Admin user ID
     * @param string|null $password    Plain-text password (will be hashed), null = no password
     * @param string|null $expiresAt   ISO-8601 expiration date, null = never expires
-     * @return array                   The created link row
+     * @return array|null               The created link row
     */
-    public function create(int $createdBy, ?string $password = null, ?string $expiresAt = null, ?string $objetRestriction = null): array
+    public function create(int $createdBy, ?string $password = null, ?string $expiresAt = null, ?string $objetRestriction = null): ?array
    {
        $slug = self::generateSlug();
        $passwordHash = $password !== null ? password_hash($password, PASSWORD_BCRYPT) : null;
--- a/app/src/SmtpRelay.php
+++ b/app/src/SmtpRelay.php
@@ -60,7 +60,7 @@ class SmtpRelay {
    /**
     * Fetch current SMTP settings from the DB.
     *
-     * @return array{host:string,port:int,encryption:string,username:string,password:string,from_email:string,from_name:string}
+     * @return array{host:string,port:int,encryption:string,username:string,password:string,from_email:string,from_name:string,notify_email:string}
     */
    public static function getSettings(Database $db): array {
        $stmt = $db->getPDO()->query(