<base> Tag Revisited

[Vin DSL]

Only have a second, but I wanted to start a discussion concerning the <base> element.

I've been playing around with <base> this week -- haven't used it in years -- and I've noticed that it's really kicked down my page generation times. Plus, I figured out a way to make it dynamic, if you will.

Gotta run now, but has anyone else 'experimented' with this directive?

[Spathiphyllum]

Do you mean as an element in the head section of xHTML?

Been using it from about day one of my webmastering. Haven't read up on the RFC's for some, time but one of the relevant ones is rfc1808.

[Vin DSL]

Do you mean as an element in the head section of xHTML?

Been using it from about day one of my webmastering. Haven't read up on the RFC's for some, time but one of the relevant ones is rfc1808.

Yes! And, that's a lovely link! Specifically...

3.4. Default Base URL

If none of the conditions described in Sections 3.1 -- 3.3 apply,
then the base URL is considered to be the empty string and all
embedded URLs within that document are assumed to be absolute URLs.

Therein lies the problem! I never could put my (PHP) finger on this, until the other day. That's when I rediscovered the <base> element. Without it, relative URLs are turned into absolute URLs. In some circumstances, this produces highly undesireable results.

Example: http://jaguarpc.com/forums/index.php/index.php

Yes, it's a PHP thing, but it's also a <base> thing too!

Interested in what I've discovered about <base>?

[Spathiphyllum]

Interested in what I've discovered about <base>?

Go for it. I don't use PHP, being the flash-in-the-pan that it is, but I think a few people do. If it's a more global issue, then it could help everyone.

Or are you wanting to elaborate on "All Your <base> Belong To Us"?

[lokki]

Just can't go long without the puns, can you Spath?

I agree that PHP is a one-trick pony... so maybe you can do some linky/clicky/db-y kinds of things. The real future is in low-level machine language. As more and more people learn to type in binary, it will become 2nd nature to program that way. I imagine a future where basic language skills are tested by the efficiency of the compiler one writes.

But for purely historical reasons, I'd be interested to take Vin's bait. I mean 'hear what he as to say'.

Ha! Ha! Ha!

!!

Somebody set us up the bomb...

[Spathiphyllum]

We aim to entertain as well as to educate. Or at least waste as much time as humanly possible.

[Vin DSL]

Okay, here's the deal...

In one of the stratified circles that I hang, it was noted that you can kill the MySQL server on a PHP site by adding certain bogus strings to the end of a URL. I gave a rather harmless example of this above. However, if you were sitting at a proc screen, watching mem usage when that URL was entered, it would send a chill up your spine.

Anyway, we've been trying this on all sorts of PHP apps, on all sorts of sites, and it's a fairly universal problem -- and we've been trying to figure out why this is happening.

Without giving too much away, to you or the hacking community, I discovered a lot of this has to do with relative paths, which everyone is so fond of, being converted to bogus absolute paths.

Why this happens is anybody's guess. Personally, I think Apache is responsible for this, but I don't want to point any fingers at this juncture. Regardless, 'we' have discovered that the use of the <base> element seems to cure most of this nonsense. The only problem with the conventional use of the <base> tag is that it 'hard codes' a URL to a specific addy.

For instance, let's say I use this:

Code:

<base href="http://www.lenon.com/">

The problem is, no matter how you enter the site -- www.lenon.com -- lenon.com -- 69.73.166.75 -- the base URL will become www.lenon.com... That's why I gave up using it years ago.

What I've done is come up with a dynamic <base> directive script, if you will. I'm not the first person to come up with this concept, but I *think* I'm the first person to come up with a unified solution, and it works great, here at JagPC...

Code:

// Tolerant baseURL Hack II - VinDSL (Lenon.com)
$base_url = $_SERVER['HTTP_HOST'];
if ( !isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on' ) {
    echo "<base href=\"http://$base_url/\">\n";
} else {
    echo "<base href=\"https://$base_url/<~account>/\">\n";
}

I'm testing this on my PHP-Nuke install, but there really isn't any reason why it shouldn't work for any PHP app...

You might want to give this a try. If you're running it in a template file, HTML file, or whatever, you'll have to make some adjustments, like 'unescaping' things, but I think this should give you the general idea.

Soooo, having said all that, does anyone else have a better solution?

[Gwaihir]

The problem is, no matter how you enter the site -- www.lenon.com -- lenon.com -- 69.73.166.75 -- the base URL will become www.lenon.com... That's why I gave up using it years ago.

Hmm.. but is that so bad? Nice canonical URL for the search engines..