Sanitize PMA URL host and prevent double :8443

scripts/pma-gateway/create_pma_gateway.sh

@@ -51,6 +51,14 @@ HOSTNAME_DOMAIN=${HOSTNAME_DOMAIN#node*-}
 DOMAIN_CANDIDATES=()
 SEEN_DOMAINS="|"
 for candidate in "$CERT_DOMAIN" "${JELASTIC_ENV_DOMAIN:-}" "$HOSTNAME_DOMAIN"; do
+  # Normalize host-like input (strip scheme/path/port if present).
+  candidate="${candidate#https://}"
+  candidate="${candidate#http://}"
+  candidate="${candidate%%/*}"
+  if [[ "$candidate" =~ ^(.+):[0-9]+$ ]]; then
+    candidate="${BASH_REMATCH[1]}"
+  fi
+
   if [[ -n "$candidate" ]] && [[ "$candidate" != *'${'* ]] && [[ "$SEEN_DOMAINS" != *"|$candidate|"* ]]; then
     DOMAIN_CANDIDATES+=("$candidate")
     SEEN_DOMAINS="${SEEN_DOMAINS}${candidate}|"
@@ -108,6 +116,16 @@ for candidate in "${DOMAIN_CANDIDATES[@]}"; do
   fi
 done
 
+# Otherwise prefer the first host-like candidate containing letters (avoid bare IP if possible).
+if [[ ! "$URL_HOST" =~ ^[^.]+\.mightybox\.cloud$ ]]; then
+  for candidate in "${DOMAIN_CANDIDATES[@]}"; do
+    if [[ "$candidate" =~ [A-Za-z] ]]; then
+      URL_HOST="$candidate"
+      break
+    fi
+  done
+fi
+
 PMADB_DIR="/usr/share/phpMyAdmin"
 GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php"
 
@@ -530,6 +548,14 @@ if [[ -z "${URL_HOST:-}" ]]; then
     URL_HOST="$ENV_HOST"
 fi
 
+# Defensive sanitization before composing final URL.
+URL_HOST="${URL_HOST#https://}"
+URL_HOST="${URL_HOST#http://}"
+URL_HOST="${URL_HOST%%/*}"
+if [[ "$URL_HOST" =~ ^(.+):[0-9]+$ ]]; then
+    URL_HOST="${BASH_REMATCH[1]}"
+fi
+
 echo "INFO: Gateway URL host selected: $URL_HOST" >&2
 URL="https://$URL_HOST:8443/access-db-$SLUG.php?token=$token"
 echo "$URL"