sec: Mitigate the attack surface of potential malicious injection (#24)

alexandreelise · web-flow · commit 018a4e0bf8b9 · 2026-03-02T19:40:43.000-06:00
Simplify error message for route not found

- This change attempts to leave less room to potential attacks possible when double quotes are use without prior sanitize or type enforcement.
- By using plain text with single quote we mitigate the issue.
diff --git a/src/Services/Routes.php b/src/Services/Routes.php
@@ -107,7 +107,7 @@ public function offsetGet($path) : array
             return $this->routes[$path];
         }
 
-        throw new InvalidArgumentException("Route $path not found.");
+        throw new InvalidArgumentException('Route not found.');
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public function offsetGet($path) : array`
`107`	`107`	`return $this->routes[$path];`
`108`	`108`	`}`
`109`	`109`
`110`		`- throw new InvalidArgumentException("Route $path not found.");`
	`110`	`+ throw new InvalidArgumentException('Route not found.');`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`/**`