CMSimple_XH–Forum

[cmb]

Hello Developers,

often there's the need to do a redirect through a HTTP Location header (particularly when using the PRG pattern). But even if it works on nearly every browser with relative URLs, the internet standard (RFC 1945) clearly states, that a fully qualified absolute URL has to be given. So I suggest to add a constant to the core, say CMSIMPLE_URL, perhaps as follows:

Code: Select all


define('CMSIMPLE_URL', 'http://'.(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 's' : '')
    .$_SERVER['SERVER_NAME'].preg_replace('/index.php$/', '', $_SERVER['PHP_SELF']));
 

There might be problems with the correct recognition of HTTP vs. HTTPS in case of proxies, but that's probably no real problem, as CMSimple sites seldom are accessed through HTTPS.

With this constant, redirection would be really simple, e.g.

Code: Select all

header('Location: '.CMSIMPLE_URL.'?'.$su); 

Plugins could use this constant in a downward compatible way:

Code: Select all


if (!defined('CMSIMPLE_URL')) {
    define('CMSIMPLE_URL', ...);
}
 

What do you think about it?

Christoph

[cmb]

As bca pointed out, this definition won't work for non default port numbers. And I've found another bug related to HTTPS. So the definition should be:

Code: Select all

define('CMSIMPLE_URL', 'http'
    . (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 's' : '')
    . '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT']
    . preg_replace('/index.php$/', '', $_SERVER['PHP_SELF'])); 

[cmb]

The W3C validator complains about the explicit port number specified for ports < 1024. So I suggest the following change:

Code: Select all

define('CMSIMPLE_URL', 'http'
   . (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 's' : '')
   . '://' . $_SERVER['SERVER_NAME']
   . ($_SERVER['SERVER_PORT'] < 1024 ? '' : ':' . $_SERVER['SERVER_PORT'])
   . preg_replace('/index.php$/', '', $_SERVER['PHP_SELF'])); 

We should keep an eye on the outcome of Rob's login problems, and adjust $_SERVER['PHP_SELF'] appropriately.

[cmb]

We should keep an eye on the outcome of Rob's login problems, and adjust $_SERVER['PHP_SELF'] appropriately.

Even for Rob's "internal" domain redirect, the definition of CMSIMPLE_URL would work[1]. But I suggest to replace PHP_SELF with SCRIPT_NAME to avoid the problems disclosed by Holger in http://cmsimpleforum.com/viewtopic.php?f=6&t=5444&st=0&sk=t&sd=a&start=30#p32172.

So I suggest:

Code: Select all

define('CMSIMPLE_URL', 'http'
   . (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ? 's' : '')
   . '://' . $_SERVER['SERVER_NAME']
   . ($_SERVER['SERVER_PORT'] < 1024 ? '' : ':' . $_SERVER['SERVER_PORT'])
   . preg_replace('/index.php$/', '', $_SERVER['SCRIPT_NAME'])); 

[1] However, not for Ajax requests.