From f3d7866b37113ae276f047baa377ca94c8709057 Mon Sep 17 00:00:00 2001
From: Chris <info@steampixel.de>
Date: Wed, 25 Oct 2017 09:00:07 +0200
Subject: [PATCH] Fixed basepath bug and added security tips

---
 Route.php | 16 +++++-----------
 index.php | 23 ++++++++++-------------
 2 files changed, 15 insertions(+), 24 deletions(-)

diff --git a/Route.php b/Route.php
index cdd3dde..bb629e3 100644
--- a/Route.php
+++ b/Route.php
@@ -39,15 +39,9 @@ class Route{
 		
 		foreach(self::$routes as $route){
 			
-			if(Config::get('basepath')){
-				
-        //Add / if its not empty
-        if($route['expression']!=''){
-            $route['expression'] = '/'.$route['expression'];
-        }
-        
+      //Add basepath to matching string
+			if(Config::get('basepath')&&Config::get('basepath')!=''&&Config::get('basepath')!='/'){
 				$route['expression'] = '('.Config::get('basepath').')'.$route['expression'];
-				
 			}
 			
 			//Add 'find string start' automatically
@@ -55,15 +49,15 @@ class Route{
  
 			//Add 'find string end' automatically
 			$route['expression'] = $route['expression'].'$';
-            
+      
       //echo $route['expression'].'<br/>';
-            
+      
 			//check match	
 			if(preg_match('#'.$route['expression'].'#',self::$path,$matches)){
 
 				array_shift($matches);//Always remove first element. This contains the whole string
 				
-				if(Config::get('basepath')){
+				if(Config::get('basepath')&&Config::get('basepath')!=''&&Config::get('basepath')!='/'){
 					
 					array_shift($matches);//Remove Basepath
 					
diff --git a/index.php b/index.php
index e8cc366..72381d7 100644
--- a/index.php
+++ b/index.php
@@ -4,8 +4,12 @@
 include('Config.php');
 include('Route.php');
 
-//config
-Config::set('basepath','/api/v1');
+//configure basepath
+
+//If your script lives in the web root folder use a / , leave it empty or do not define this config
+Config::set('basepath','/');
+//If your script lives in a subfolder for example you can use the following example
+//Config::set('basepath','/api/v1');
 
 //init routing
 Route::init();
@@ -28,7 +32,10 @@ Route::add('/test.html',function(){
 	echo 'Hello from test.html';
 });
 
-//complex route with parameter
+//complex route with parameter 
+//be aware that (.*) will trigger on / too for example: /user/foo/bar/edit
+//also users could inject mysql-code if you use (.*)
+//you should better use a saver expression like /user/([0-9]*)/edit or /user/([A-Za-z]*)/edit
 Route::add('/user/(.*)/edit',function($id){
 	//Do something
 	echo 'Edit user with id '.$id.'<br/>';
@@ -52,16 +59,6 @@ Route::add('/(.*)/(.*)/(.*)/(.*)',function($var1,$var2,$var3,$var4){
 	echo 'You have entered: '.$var1.' / '.$var2.' / '.$var3.' / '.$var4.'<br/>';
 });
 
-Route::add('/api/v1/deployment/(.*)',function($id){
-	//Do something
-	echo $id;
-});
-
-Route::add('/deployment/(.*)',function($id){
-	//Do something
-	echo $id;
-});
-
 //Add a 404 Not found Route
 Route::add404(function($url){