From ec843d48ec60b42b3f7af83bdcdd98e7ab1cda93 Mon Sep 17 00:00:00 2001 From: terrybr Date: Sat, 12 Apr 2025 08:45:27 -0400 Subject: [PATCH 1/2] Fix Leaf\Router base path validation to enforce exact match --- src/Router.php | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/Router.php b/src/Router.php index e4c2eab..46baab6 100644 --- a/src/Router.php +++ b/src/Router.php @@ -686,16 +686,28 @@ public static function setBasePath($serverBasePath) */ public static function getCurrentUri(): string { - // Get the current Request URI and remove rewrite base path from it (= allows one to run the router in a sub folder) - $uri = substr(rawurldecode($_SERVER['REQUEST_URI']), strlen(static::getBasePath())); + $basePath = static::getBasePath(); + $requestUri = rawurldecode($_SERVER['REQUEST_URI']); - if (strstr($uri, '?')) { - $uri = substr($uri, 0, strpos($uri, '?')); + // Early exit If base path doesn't match + if (strncmp($requestUri, $basePath, strlen($basePath)) !== 0) { + if (!static::$notFoundHandler) { + static::$notFoundHandler = function () { + \Leaf\Exception\General::default404(); + }; + } + static::invoke(static::$notFoundHandler); + } + + // Get the current Request URI and remove rewrite base path from it (= allows one to run the router in a sub folder) + $uri = substr($requestUri, strlen($basePath)) ?: '/'; + if (($queryPos = strpos($uri, '?')) !== false) { + $uri = substr($uri, 0, $queryPos); } return '/' . trim($uri, '/'); } - + /** * Get route info of the current route * From 70145de3c5fa492c2b15c8cf0d23b301125bd304 Mon Sep 17 00:00:00 2001 From: terrybr Date: Sat, 12 Apr 2025 12:45:57 +0000 Subject: [PATCH 2/2] chore: fix styling --- src/Router.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Router.php b/src/Router.php index 46baab6..b3c50b7 100644 --- a/src/Router.php +++ b/src/Router.php @@ -707,7 +707,7 @@ public static function getCurrentUri(): string return '/' . trim($uri, '/'); } - + /** * Get route info of the current route *