Fix: Suppress HTMLPurifier cache warning by using temp directory for serializer

- Updated InputSanitizer to configure HTMLPurifier with a safe, writable
  Cache.SerializerPath pointing to sys_get_temp_dir().
- Disabled Cache.DefinitionImpl to prevent disk writes during testing and
  avoid PHPUnit warnings.
- Eliminates “Base directory .../storage/purifier_cache does not exist”
  warning triggered across sanitization tests.
- Ensures consistent, warning-free execution in CI and read-only environments.

Author: megyptm

src/Security/InputSanitizer.php

@@ -83,7 +83,11 @@ public static function sanitizeWithWhitelist(
         // ⚙️ Configure HTMLPurifier for strict whitelist filtering
         $config = HTMLPurifier_Config::createDefault();
         $config->set('HTML.Allowed', implode(',', $allowedTags));
-        $config->set('Cache.SerializerPath', __DIR__ . '/../../../storage/purifier_cache');
+
+        // Use system temp directory instead of project path
+        $config->set('Cache.SerializerPath', sys_get_temp_dir() . '/htmlpurifier');
+//        $config->set('Cache.SerializerPath', __DIR__ . '/../../../storage/purifier_cache');
+        $config->set('Cache.DefinitionImpl', null);
 
         // 🚫 Control external/internal resource URIs
         $config->set('URI.DisableExternalResources', $disableExternalResources);

tests/Security/InputSanitizerTest.php

@@ -96,9 +96,15 @@ public function testSanitizeWithWhitelistDisablesExternalResources(): void
         $dirty = '<img src="http://evil.com/x.png"><b>safe</b>';
         $clean = InputSanitizer::sanitizeWithWhitelist($dirty, ['b', 'img[src]']);
 
-        // ✅ External resource should be stripped, safe content preserved
+        // Allowed safe content should remain
         $this->assertStringContainsString('<b>safe</b>', $clean);
+
+        // Malicious external resource should be completely removed
         $this->assertStringNotContainsString('evil.com', $clean);
+
+        // Ensure sanitizer produced valid output (not empty, not NULL)
+        $this->assertIsString($clean);
+        $this->assertGreaterThan(0, strlen($clean));
     }
 
     /**