Fixed basepath bug and added security tips

This commit is contained in:
Chris 2017-10-25 09:00:07 +02:00
parent 140681593c
commit f3d7866b37
2 changed files with 15 additions and 24 deletions

View File

@ -39,15 +39,9 @@ class Route{
foreach(self::$routes as $route){ foreach(self::$routes as $route){
if(Config::get('basepath')){ //Add basepath to matching string
if(Config::get('basepath')&&Config::get('basepath')!=''&&Config::get('basepath')!='/'){
//Add / if its not empty
if($route['expression']!=''){
$route['expression'] = '/'.$route['expression'];
}
$route['expression'] = '('.Config::get('basepath').')'.$route['expression']; $route['expression'] = '('.Config::get('basepath').')'.$route['expression'];
} }
//Add 'find string start' automatically //Add 'find string start' automatically
@ -63,7 +57,7 @@ class Route{
array_shift($matches);//Always remove first element. This contains the whole string array_shift($matches);//Always remove first element. This contains the whole string
if(Config::get('basepath')){ if(Config::get('basepath')&&Config::get('basepath')!=''&&Config::get('basepath')!='/'){
array_shift($matches);//Remove Basepath array_shift($matches);//Remove Basepath

View File

@ -4,8 +4,12 @@
include('Config.php'); include('Config.php');
include('Route.php'); include('Route.php');
//config //configure basepath
Config::set('basepath','/api/v1');
//If your script lives in the web root folder use a / , leave it empty or do not define this config
Config::set('basepath','/');
//If your script lives in a subfolder for example you can use the following example
//Config::set('basepath','/api/v1');
//init routing //init routing
Route::init(); Route::init();
@ -29,6 +33,9 @@ Route::add('/test.html',function(){
}); });
//complex route with parameter //complex route with parameter
//be aware that (.*) will trigger on / too for example: /user/foo/bar/edit
//also users could inject mysql-code if you use (.*)
//you should better use a saver expression like /user/([0-9]*)/edit or /user/([A-Za-z]*)/edit
Route::add('/user/(.*)/edit',function($id){ Route::add('/user/(.*)/edit',function($id){
//Do something //Do something
echo 'Edit user with id '.$id.'<br/>'; echo 'Edit user with id '.$id.'<br/>';
@ -52,16 +59,6 @@ Route::add('/(.*)/(.*)/(.*)/(.*)',function($var1,$var2,$var3,$var4){
echo 'You have entered: '.$var1.' / '.$var2.' / '.$var3.' / '.$var4.'<br/>'; echo 'You have entered: '.$var1.' / '.$var2.' / '.$var3.' / '.$var4.'<br/>';
}); });
Route::add('/api/v1/deployment/(.*)',function($id){
//Do something
echo $id;
});
Route::add('/deployment/(.*)',function($id){
//Do something
echo $id;
});
//Add a 404 Not found Route //Add a 404 Not found Route
Route::add404(function($url){ Route::add404(function($url){