inspired by mmvector's support request, I had a closer look why space characters in the path of the CMSimple(_XH) installation folder might prohibit successful login. This is finally caused by using SCRIPT_NAME resp. REQUEST_URI to construct $sn (which is used to construct CMSIMPLE_ROOT, which is used as cookie path). The crucial difference is that SCRIPT_NAME contains the file path as is, but REQUEST_URI is URL encoded. This makes no difference as long as only unreserved characters are used in the folder path, but otherwise the two values may differ.
This might lead to unexpected quirks regarding $sn in CMSimple_XH, because $sn is conditionally defined:
Code: Select all
$sn = preg_replace(
'/([^\?]*)\?.*/', '$1',
sv(($iis ? 'SCRIPT_NAME' : 'REQUEST_URI'))
);
However, as an even simpler and rather pragmatic solution I suggest that we clearly document which characters are allowed in the path of the CMSimple_XH installation folder, and leave the code as is.
Any comments?
Christoph