Leaf\Router Allows Misspelled Base Paths to Process Routes #289
Description
Describe the bug
The Leaf\Router class incorrectly processes requests when the base path set via setBasePath (e.g., /portal/customername) is misspelled or slightly different in the request URI (e.g., /portal/customarnama). The getCurrentUri method strips the base path length from the request URI without validating an exact match, allowing invalid base paths to proceed and match routes unexpectedly, resulting in pages loading when they should trigger a 404.
To Reproduce
Steps to reproduce the behavior:
-
Set the base path in your application:
app()->setBasePath('/portal/customername'); -
Define a group route:
app()->group('/', function () {
app()->view('/dashboard', 'test');
});
- Access the correct URL: https://your-app/portal/customername/dashboard.
- This works as expected, loading the dashboard.
- Now access an incorrect URL with a misspelled base path: https://your-app/portal/customarnama/dashboard.
- The page still loads, incorrectly resolving to the /dashboard route.
Expected behavior
When the request URI does not exactly match the base path set via setBasePath (e.g., /portal/customarnama instead of /portal/customername), the router should return a 404 response, as the base path is invalid. Only URIs starting with the exact base path should proceed to route matching.
Additional context
None