From 52c6c226c08726fc8c2e01af77f598a3db5efc64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Sessing=C3=B8?= <simon.sessingoe@gmail.com>
Date: Thu, 1 Apr 2021 03:04:32 +0200
Subject: [PATCH 1/3] [BUGFIX] Fixed issue with BaseCsrfVerifier matching urls
 against urls with parameters. - Added optional $includeParams parameter to
 Url::getRelativeUrl method.

---
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 6 +++---
 src/Pecee/Http/Middleware/IpRestrictAccess.php | 4 ++++
 src/Pecee/Http/Url.php                         | 7 ++++++-
 src/Pecee/SimpleRouter/Route/RouteGroup.php    | 1 -
 src/Pecee/SimpleRouter/SimpleRouter.php        | 4 ++--
 5 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index f42c94e..edfbd84 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -50,12 +50,12 @@ class BaseCsrfVerifier implements IMiddleware
                 $url = rtrim($url, '*');
                 $skip = $request->getUrl()->contains($url);
             } else {
-                $skip = ($url === $request->getUrl()->getOriginalUrl());
+                $skip = ($url === $request->getUrl()->getRelativeUrl(false));
             }
 
             if ($skip === true) {
 
-                if($this->include !== null && count($this->include) > 0) {
+                if(is_array($this->include) === true && count($this->include) > 0) {
                     foreach($this->include as $includeUrl) {
                         $includeUrl = rtrim($includeUrl, '/');
                         if ($includeUrl[strlen($includeUrl) - 1] === '*') {
@@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware
                             break;
                         }
 
-                        $skip = !($includeUrl === $request->getUrl()->getOriginalUrl());
+                        $skip = !($includeUrl === $request->getUrl()->getRelativeUrl(false));
                     }
                 }
 
diff --git a/src/Pecee/Http/Middleware/IpRestrictAccess.php b/src/Pecee/Http/Middleware/IpRestrictAccess.php
index 483ce22..23fdc35 100644
--- a/src/Pecee/Http/Middleware/IpRestrictAccess.php
+++ b/src/Pecee/Http/Middleware/IpRestrictAccess.php
@@ -34,6 +34,10 @@ abstract class IpRestrictAccess implements IMiddleware
         return true;
     }
 
+    /**
+     * @param Request $request
+     * @throws HttpException
+     */
     public function handle(Request $request): void
     {
         if($this->validate((string)$request->getIp()) === false) {
diff --git a/src/Pecee/Http/Url.php b/src/Pecee/Http/Url.php
index fb3c9c9..92be2c7 100644
--- a/src/Pecee/Http/Url.php
+++ b/src/Pecee/Http/Url.php
@@ -427,10 +427,15 @@ class Url implements JsonSerializable
     /**
      * Returns the relative url
      *
+     * @param bool $includeParams
      * @return string
      */
-    public function getRelativeUrl(): string
+    public function getRelativeUrl($includeParams = true): string
     {
+        if($includeParams === false) {
+            return rtrim($this->path, '/');
+        }
+
         $params = $this->getQueryString();
 
         $path = $this->path ?? '';
diff --git a/src/Pecee/SimpleRouter/Route/RouteGroup.php b/src/Pecee/SimpleRouter/Route/RouteGroup.php
index 8233fbc..714acc3 100644
--- a/src/Pecee/SimpleRouter/Route/RouteGroup.php
+++ b/src/Pecee/SimpleRouter/Route/RouteGroup.php
@@ -183,7 +183,6 @@ class RouteGroup extends Route implements IGroupRoute
      */
     public function setSettings(array $settings, bool $merge = false): IRoute
     {
-
         if (isset($settings['prefix']) === true) {
             $this->setPrefix($settings['prefix'] . $this->prefix);
         }
diff --git a/src/Pecee/SimpleRouter/SimpleRouter.php b/src/Pecee/SimpleRouter/SimpleRouter.php
index 74b3a79..f96bf84 100644
--- a/src/Pecee/SimpleRouter/SimpleRouter.php
+++ b/src/Pecee/SimpleRouter/SimpleRouter.php
@@ -4,8 +4,8 @@
  * Router helper class
  * ---------------------------
  *
- * This class is added so calls can be made statically like Router::get() making the code look pretty.
- * It also adds some extra functionality like default-namespace.
+ * This class is added so calls can be made statically like SimpleRouter::get() making the code look pretty.
+ * It also adds some extra functionality like default-namespace etc.
  */
 
 namespace Pecee\SimpleRouter;

From b94dc4355f0098eee7fa136156499d855c46b2b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Sessing=C3=B8?= <simon.sessingoe@gmail.com>
Date: Thu, 1 Apr 2021 03:11:05 +0200
Subject: [PATCH 2/3] Optimisations

---
 src/Pecee/Http/Middleware/BaseCsrfVerifier.php | 4 ++--
 src/Pecee/Http/Url.php                         | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
index edfbd84..dc60b06 100644
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -50,7 +50,7 @@ class BaseCsrfVerifier implements IMiddleware
                 $url = rtrim($url, '*');
                 $skip = $request->getUrl()->contains($url);
             } else {
-                $skip = ($url === $request->getUrl()->getRelativeUrl(false));
+                $skip = ($url === rtrim($request->getUrl()->getRelativeUrl(false), '/'));
             }
 
             if ($skip === true) {
@@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware
                             break;
                         }
 
-                        $skip = !($includeUrl === $request->getUrl()->getRelativeUrl(false));
+                        $skip = !($includeUrl === rtrim($request->getUrl()->getRelativeUrl(false), '/'));
                     }
                 }
 
diff --git a/src/Pecee/Http/Url.php b/src/Pecee/Http/Url.php
index 92be2c7..bd767a7 100644
--- a/src/Pecee/Http/Url.php
+++ b/src/Pecee/Http/Url.php
@@ -432,14 +432,13 @@ class Url implements JsonSerializable
      */
     public function getRelativeUrl($includeParams = true): string
     {
+        $path = $this->path ?? '/';
+
         if($includeParams === false) {
-            return rtrim($this->path, '/');
+            return $path;
         }
 
-        $params = $this->getQueryString();
-
-        $path = $this->path ?? '';
-        $query = $params !== '' ? '?' . $params : '';
+        $query = $this->getQueryString() !== '' ? '?' . $this->getQueryString() : '';
         $fragment = $this->fragment !== null ? '#' . $this->fragment : '';
 
         return $path . $query . $fragment;

From ecbb0825e0059f4b556012b08a905da0989d5deb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20Sessing=C3=B8?= <simon.sessingoe@gmail.com>
Date: Thu, 1 Apr 2021 03:14:22 +0200
Subject: [PATCH 3/3] Added include param parameter to Url::getAbsoluteUrl
 method.

---
 src/Pecee/Http/Url.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Pecee/Http/Url.php b/src/Pecee/Http/Url.php
index bd767a7..08dc50d 100644
--- a/src/Pecee/Http/Url.php
+++ b/src/Pecee/Http/Url.php
@@ -447,9 +447,10 @@ class Url implements JsonSerializable
     /**
      * Returns the absolute url
      *
+     * @param bool $includeParams
      * @return string
      */
-    public function getAbsoluteUrl(): string
+    public function getAbsoluteUrl($includeParams = true): string
     {
         $scheme = $this->scheme !== null ? $this->scheme . '://' : '';
         $host = $this->host ?? '';
@@ -458,7 +459,7 @@ class Url implements JsonSerializable
         $pass = $this->password !== null ? ':' . $this->password : '';
         $pass = ($user || $pass) ? $pass . '@' : '';
 
-        return $scheme . $user . $pass . $host . $port . $this->getRelativeUrl();
+        return $scheme . $user . $pass . $host . $port . $this->getRelativeUrl($includeParams);
     }
 
     /**