core/php-content
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11 commits 2 branches 0 tags 418 KiB
Commit graph

11 commits

This branch
This branch
All branches
Author SHA1 Message Date
Claude
b673a940ea
ci: trigger rebuild with fixed reusable workflow
Some checks failed
CI / tests (push) Failing after 1m20s
Details 
The reusable php-test.yml now detects pest/phpunit/pint availability
and clones path dependencies using the runner token.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 04:57:18 +00:00
Claude
12bb5509d5
chore: fix pint code style and add test config
Some checks failed
CI / tests (push) Failing after 1m24s
Details 
Add phpunit.xml and tests/Pest.php for standalone test execution.
Apply Laravel Pint formatting fixes across all source files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-23 03:50:06 +00:00
Claude
a955a4b4c1
ci: use reusable PHP test workflow from core/php
Some checks failed
CI / tests (push) Failing after 1m30s
Details 
Co-Authored-By: Charon <charon@lethean.io>
 2026-02-23 01:22:10 +00:00
Snider
045e3678fd docs(changelog): add completed P2 items for January 2026
Some checks failed
CI / PHP 8.2 (push) Has been cancelled
Details
CI / PHP 8.3 (push) Has been cancelled
Details
CI / PHP 8.4 (push) Has been cancelled
Details
CI / Assets (push) Has been cancelled
Details 
Track completed improvements:
- P2-082 to P2-083: Webhook signature and logging

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 19:52:32 +00:00
Snider
0120908669 feat(webhooks): P2-082 P2-083 signature verification and delivery logging 
P2-082: Webhook Signature Verification
- Add require_signature field, verifySignatureWithDetails()
- Support grace period during secret rotation
- Log signature failures for audit

P2-083: Webhook Delivery Logging
- WebhookDeliveryLogger service for centralised logging
- Track duration, response code, signature verification
- Add getDeliveryStats() and getRecentSignatureFailures()

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 14:22:09 +00:00
Snider
fa4893d064 fix(security): require HTMLPurifier for XSS sanitisation 
The previous getSanitisedContent() method fell back to strip_tags() when
HTMLPurifier was unavailable. This fallback was insecure as strip_tags()
does not sanitise attributes, allowing XSS via onclick, onerror, and
javascript: URLs.

Changes:
- Created Services/HtmlSanitiser.php using HTMLPurifier as the sole sanitiser
- Added ezyang/htmlpurifier as a required dependency in composer.json
- Added boot-time validation that throws RuntimeException if missing
- Removed insecure strip_tags() fallback from ContentItem model
- Added 30+ unit tests covering XSS attack vectors

Closes SEC-002 from TODO.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:34:35 +00:00
Snider
5c92e92a29 docs: update CLAUDE.md to reflect package structure 
Previous version described the application template, but this repository
is the core-content package. Updated to document actual namespace,
structure, models, API routes, rate limiters, and configuration.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 14:08:45 +00:00
Snider
35946a895b refactor: update namespaces for L1/L2 package convention 
- Core\Mod\Tenant -> Core\Tenant
- Mod\Agentic -> Core\Mod\Agentic

Part of namespace restructure to align with L1/L2 module conventions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 17:34:49 +00:00
Snider
6ede1b1a20 refactor: rename namespace Core\Content to Core\Mod\Content 
Aligns content module namespace with the standard module structure
convention (Core\Mod\{Name}) for consistency across the monorepo.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:24:53 +00:00
Snider
f990dc1bd3 monorepo sepration 2026-01-26 23:59:46 +00:00
Snider
c29badf6b7
Initial commit 2026-01-26 23:24:57 +00:00