diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-02-23 00:45:33 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-02-23 00:45:33 +0900 |
| commit | dec86d887629e8478455f7b4a8a22fcb9aa0f6e3 (patch) | |
| tree | d29aab13dbb3afc51c2755796c906b87fbab2e74 /crates/mozart/src | |
| parent | 530ebc5e425b254f74fa0d5fce77b87f95395f26 (diff) | |
| download | php-mozart-dec86d887629e8478455f7b4a8a22fcb9aa0f6e3.tar.gz php-mozart-dec86d887629e8478455f7b4a8a22fcb9aa0f6e3.tar.zst php-mozart-dec86d887629e8478455f7b4a8a22fcb9aa0f6e3.zip | |
fix(browse): use proper URL validation and match Composer's Windows browser launch
Replace simple prefix check in is_valid_url with url::Url::parse() for
structural validation (e.g. "https://" with no host now correctly
rejected). Update Windows open_browser to use `start "web" explorer`
matching Composer's HomeCommand behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Diffstat (limited to 'crates/mozart/src')
| -rw-r--r-- | crates/mozart/src/commands/browse.rs | 15 | ||||
| -rw-r--r-- | crates/mozart/src/commands/init.rs | 12 |
2 files changed, 16 insertions, 11 deletions
diff --git a/crates/mozart/src/commands/browse.rs b/crates/mozart/src/commands/browse.rs index 9a663e5..a88e503 100644 --- a/crates/mozart/src/commands/browse.rs +++ b/crates/mozart/src/commands/browse.rs @@ -248,7 +248,10 @@ fn extract_url_from_packagist( // ─── Helpers ────────────────────────────────────────────────────────────────── fn is_valid_url(url: &str) -> bool { - url.starts_with("http://") || url.starts_with("https://") + match url::Url::parse(url) { + Ok(parsed) => matches!(parsed.scheme(), "http" | "https"), + Err(_) => false, + } } fn open_browser(url: &str) -> anyhow::Result<()> { @@ -261,7 +264,7 @@ fn open_browser(url: &str) -> anyhow::Result<()> { #[cfg(target_os = "windows")] { Command::new("cmd") - .args(["/C", "start", "", url]) + .args(["/C", "start", "web", "explorer", url]) .status()?; return Ok(()); } @@ -341,12 +344,12 @@ mod tests { #[test] fn test_is_valid_url() { - assert!(is_valid_url("https://github.com/foo/bar")); - assert!(is_valid_url("http://example.com")); + assert!(!is_valid_url("https://")); + assert!(is_valid_url("https://example.com")); + assert!(is_valid_url("http://example.com/path?query=1")); assert!(!is_valid_url("ftp://example.com")); - assert!(!is_valid_url("git@github.com:foo/bar.git")); - assert!(!is_valid_url("")); assert!(!is_valid_url("not-a-url")); + assert!(!is_valid_url("")); } // ── extract_url_from_locked ─────────────────────────────────────────────── diff --git a/crates/mozart/src/commands/init.rs b/crates/mozart/src/commands/init.rs index 15729a8..dc32c7c 100644 --- a/crates/mozart/src/commands/init.rs +++ b/crates/mozart/src/commands/init.rs @@ -162,11 +162,13 @@ fn build_non_interactive(args: &InitArgs, working_dir: &Path) -> anyhow::Result< .clone() .or_else(|| std::env::var("COMPOSER_DEFAULT_LICENSE").ok()); if let Some(ref license) = resolved_license - && !validation::validate_license(license) && !license.eq_ignore_ascii_case("proprietary") { - bail!( - "Invalid license provided: {license}. Only SPDX license identifiers (https://spdx.org/licenses/) or \"proprietary\" are accepted." - ); - } + && !validation::validate_license(license) + && !license.eq_ignore_ascii_case("proprietary") + { + bail!( + "Invalid license provided: {license}. Only SPDX license identifiers (https://spdx.org/licenses/) or \"proprietary\" are accepted." + ); + } composer.license = resolved_license; if let Some(ref stability) = args.stability { |