From ace0568647f421fccbf9a747bde398fef246acd6 Mon Sep 17 00:00:00 2001
From: terrybr <terry.webdesign@gmail.com>
Date: Mon, 14 Apr 2025 09:38:56 -0400
Subject: [PATCH] Fix Leaf\Router base path validation to enforce exact match

---
 src/Router.php | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/Router.php b/src/Router.php
index 213cd3c..2a1af9b 100644
--- a/src/Router.php
+++ b/src/Router.php
@@ -701,11 +701,23 @@ public static function setBasePath($serverBasePath)
      */
     public static function getCurrentUri(): string
     {
-        // Get the current Request URI and remove rewrite base path from it (= allows one to run the router in a sub folder)
-        $uri = substr(rawurldecode($_SERVER['REQUEST_URI']), strlen(static::getBasePath()));
+        $basePath = static::getBasePath();
+        $requestUri = rawurldecode($_SERVER['REQUEST_URI']);
+
+        // Early exit If base path doesn't match
+        if (strncmp($requestUri, $basePath, strlen($basePath)) !== 0) {
+            if (!static::$notFoundHandler) {
+                static::$notFoundHandler = function () {
+                    \Leaf\Exception\General::default404();
+                };
+            }
+            static::invoke(static::$notFoundHandler);
+        }
 
-        if (strstr($uri, '?')) {
-            $uri = substr($uri, 0, strpos($uri, '?'));
+        // Get the current Request URI and remove rewrite base path from it (= allows one to run the router in a sub folder)
+        $uri = substr($requestUri, strlen($basePath)) ?: '/';
+        if (($queryPos = strpos($uri, '?')) !== false) {
+            $uri = substr($uri, 0, $queryPos);
         }
 
         return '/' . trim($uri, '/');