Subscribe: The Daily WTF
http://thedailywtf.com/Rss.aspx
Preview: The Daily WTF

The Daily WTF



Curious Perversions in Information Technology



Last Build Date: Mon, 11 Dec 2017 08:28:13 GMT

 



Error'd: PIck an Object, Any Object

Fri, 08 Dec 2017 11:30:00 GMT

"Who would have guessed Microsoft would have a hard time developing web apps?" writes Sam B.

(image)

 

Jerry O. writes, "So, if I eat my phone, I might get acid indigestion? That sounds reasonable."

(image)

 

"Got this when I typed into a SwaggerHub session I'd left open overnight and tried to save it," wrote Rupert, "The 'newer' draft was not, in fact, the newer version."

(image)

 

Antonio write, "It's nice to buy software from another planet, especially if year there is much longer."

(image)

 

"Either Meteorologist (http://heat-meteo.sourceforge.net/) is having some trouble with OpenWeatherMap data, or we're having an unusually hot November in Canada," writes Chris H.

(image)

 

"This is possibly one case where a Windows crash can result in a REAL crash," writes Ruben.

(image)

 

(image) [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
(image)



Representative Line: A Case of File Handling

Thu, 07 Dec 2017 11:30:00 GMT

Tim W caught a ticket. The PHP system he inherited allowed users to upload files, and then would process those files. It worked… most of the time. It seemed like a Heisenbug. Logging was non-existent, documentation was a fantasy, and to be honest, no one was exactly 100% certain what the processing feature was supposed to do- but whatever it was doing now was the right thing, except the times that it wasn’t right.

Specifically, some files got processed. Some files didn’t. They all were supposed to.

But other than that, it worked.

Tim worried that this was going to be difficult to replicate, especially after he tried it with a few files he had handy. Digging through the code though, made it perfectly clear what was going on. Buried on about line 1,200 in a 3,000 line file, he found this:

while (false !== ($file = readdir($handle))) {
    if ($file != "." && $file != ".." && ( $file == strtolower($file) ) ) {
        …
    }
}

For some reason, this code required that the name of the file contain no capital letters. Why? Well, again, no documentation, no comments, and the change predated the organization’s use of source control at the variable initialization. What you see before you is a dank abyss, a gaping hole with a bottom so deep that the bottom may as well not exist. Here, we stand at a precipice.

The value of edit_button comes from PHP code, executed on the server-side. The actual template comes from an external PHP file, dropzone_edit_button_template.php. But that template, the result of all the other methods called here, returns a string that may not be safe for JavaScript, like my simple bug above. Thus, the chain of str_replace calls, nested one within the other.

(image) [Advertisement] Manage IT infrastructure as code across all environments with Puppet. Puppet Enterprise now offers more control and insight, with role-based access control, activity logging and all-new Puppet Apps. Start your free trial today!
(image)