eric/multi-domain-redux
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

fix: rewrite URLs with explicit port numbers in post content #4

Merged
eric merged 1 commit from fix/content-rewriter-explicit-port into main 2026-06-27 15:19:27 -07:00
Conversation 0 Commits 1 Files changed 2 +10 -1
eric commented 2026-06-27 15:18:45 -07:00
Owner
Copy link

Summary

  • Adds (?::\d{1,5})? before the tail lookahead in ContentRewriter::rewrite() so URLs like https://example.com:8080/path are now matched and rewritten
  • Port is consumed and discarded — rewritten URL uses the target host on its default port
  • Adds a regression test covering both https and http with explicit ports

Motivation

Hardening note #3 from the 2026-06-27 security audit. Functional inconsistency: the boundary lookahead didn't include :, so port-qualified URLs in post/comment content were silently skipped. Not a security issue but a correctness gap.

Test plan

  • composer test — 35/35 pass (1 new assertion)
  • composer lint — clean

🤖 Generated with Claude Code

## Summary - Adds `(?::\d{1,5})?` before the tail lookahead in `ContentRewriter::rewrite()` so URLs like `https://example.com:8080/path` are now matched and rewritten - Port is consumed and discarded — rewritten URL uses the target host on its default port - Adds a regression test covering both `https` and `http` with explicit ports ## Motivation Hardening note #3 from the 2026-06-27 security audit. Functional inconsistency: the boundary lookahead didn't include `:`, so port-qualified URLs in post/comment content were silently skipped. Not a security issue but a correctness gap. ## Test plan - [x] `composer test` — 35/35 pass (1 new assertion) - [x] `composer lint` — clean 🤖 Generated with [Claude Code](https://claude.com/claude-code)
fix: rewrite URLs with explicit port numbers in post content
All checks were successful
CI / Lint + Static Analysis (pull_request) Successful in 47s
Details
CI / Unit Tests (PHP 8.2) (pull_request) Successful in 45s
Details
CI / Unit Tests (PHP 8.3) (pull_request) Successful in 1m14s
Details
CI / Unit Tests (PHP 8.4) (pull_request) Successful in 1m13s
Details
CI / Unit Tests (PHP 8.5) (pull_request) Successful in 1m16s
Details
5ab09a2776 
The boundary lookahead in ContentRewriter did not include `:`, so URLs
like `https://example.com:8080/path` were not matched and left unrewritten
in post/comment content.

Adds `(?::\d{1,5})?` before the tail lookahead to consume and discard
the port — the rewritten URL uses the target host on its default port.

Adds a regression test covering both https and http with explicit ports.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
eric merged commit 7346beea9e into main 2026-06-27 15:19:27 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
eric/multi-domain-redux!4
No description provided.