Hexed Id

Remy Porter

Computers were a mistake, which is why I'm trying to shoot them into space. Editor-in-Chief for TDWTF.

The web application David inherited has one main job: fetch articles based on the integer ID passed on the URL. The only trick to the whole thing is that the ID might be encrypted and represented as a hexadecimal number.

David didn’t really look into the process until someone complained that the system was serving up the wrong articles. When he read through the code, he saw this:

// String articleID = Encoder.decode(request.getParameter("articleID"));
String articleID = request.getParameter("articleID");
try
{
    if (articleID.contains("A") || articleID.contains("B") || articleID.contains("C") 
            || articleID.contains("D") || articleID.contains("E") || articleID.contains("F") 
            || articleID.contains("a") || articleID.contains("b") || articleID.contains("c") 
            || articleID.contains("d") || articleID.contains("e") || articleID.contains("f"))
            articleID= Encoder.decode(parameter.get("articleID"));
}
catch (Exception abc) {}

The rare hex string that didn’t contain any digits A-F was treated as a raw article ID. Of course, it’d be difficult to tell an integer from a hexadecimal in any case- which is why all of the encrypted IDs started with a leading “0x”.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!