False positives when excluding paths for CSRF

[14nd90]

I have this definition in my-theme/app/Middleware/VerifyNonce.php:
public $except = [ 'admin/stats/report' ];

But I noticed that this exception was getting applied where I was not expecting it, like admin/accounts/type/filtered

I took a dive and the issue is in the excludePath() function in BaseVerify.php where it fails this condition:
if( count($explodedPath) == count($exclude) ) {

I believe this to be a bug - since now any route which isn't 3 parts will be excluded.

[kevindees]

This is being fixed in the next major release of v6. That version will require PHP 8.2+.