Fix. Code. Improve statement.

[svfcode]

task https://app.doboard.com/1/task/48216

[codecov]

Codecov Report

❌ Patch coverage is 11.11111% with 32 lines in your changes missing coverage. Please review.
✅ Project coverage is 25.93%. Comparing base (dde7e1c) to head (52a7b72).

Files with missing lines	Patch %	Lines
lib/Cleantalk/ApbctWP/FindSpam/UsersChecker.php	0.00%	17 Missing ⚠️
lib/Cleantalk/ApbctWP/Firewall/AntiFlood.php	0.00%	6 Missing ⚠️
lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php	0.00%	4 Missing ⚠️
inc/cleantalk-find-spam.php	0.00%	2 Missing ⚠️
lib/Cleantalk/Common/SupportUser.php	0.00%	2 Missing ⚠️
lib/Cleantalk/ApbctWP/Cron.php	80.00%	1 Missing ⚠️

❌ Your patch check has failed because the patch coverage (11.11%) is below the target coverage (70.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff              @@
##                dev     #804      +/-   ##
============================================
- Coverage     25.93%   25.93%   -0.01%     
- Complexity     5612     5621       +9     
============================================
  Files           264      264              
  Lines         24117    24124       +7     
============================================
+ Hits           6255     6256       +1     
- Misses        17862    17868       +6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR hardens several security-sensitive paths in the anti-spam plugin, including support-user credential generation, UA blacklist matching, CSV export escaping, localhost-only debug user insertion, and cron option unserialization.

Changes:

• Replaces weak random generation for support-user login/password paths.
• Adds UA regex delimiter escaping and CSV formula/field escaping.
• Restricts debug AJAX user insertion to localhost and tightens cron task unserialization.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
lib/Cleantalk/Common/SupportUser.php	Uses stronger randomness for support-user credentials.
lib/Cleantalk/ApbctWP/Firewall/AntiCrawler.php	Hardens UA blacklist regex construction/error handling.
lib/Cleantalk/ApbctWP/FindSpam/UsersChecker.php	Adds CSV field escaping and localhost guard for debug user insertion.
lib/Cleantalk/ApbctWP/Cron.php	Validates and restricts cron option unserialization.
inc/cleantalk-find-spam.php	Registers debug user insertion AJAX action only on localhost.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.