- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
The responsible party is called St. Isidore
Admin
CAPTCHA Test
This is a temporary hack until I can get the real CAPTCHA validation working. Just type broken in the textbox below.
<!-- HIP:ImageHipChallenge Run~at="server" Height="50px" Width="250px" id="wtf_HipImage" / --> <!-- p style="margin:3px;">Prove that you're not a robot. In the textbox below, type in the word you see in the above image.</p --> <input name="ctl00$ctl01$bcr$PostForm$_$wtf_HipText" id="ctl00_ctl01_bcr_PostForm___wtf_HipText" type="text"> <!-- HIP:HipValidator ID="wtf_HipValidator" Run~at="server" Text="* That's not it" CssClass="validationWarning" ControlToValidate="wtf_HipText" HipChallenge="wtf_HipImage" ErrorMessage="- CAPTCHA Validation Failed" / -->Note that registered users don't have to do this.
Admin
Admin
Reminds me of a slashdot post several months ago: "Three English teams always get blocked by these filters: Arsenal, Scunthorpe, and Manchester Fucking United."
Admin
That's Perl blended with PHP (there's no "function" keyword in Perl, and there's no sub parameter list in Perl, additionally there's no eq operator in PHP.)
Admin
the point about the $-signs in the code:
the code was written for some e-banking organisation.
and IT managers of e-banking organisations prefer their code written in languages that use $ signs...
Admin
Can you please let us know the name of the company, so that nobody will deal with these kinds of shitty companies in future and be alert...
Admin
What a load of bollocks.
For instance, Visual C++ 6 allows you to 'scope' an enum defined in class scope:
class A
{
public:
enum x { FALSE, TRUE, FILENOTFOUND };
};
A::x;
It's still not legal (C++ in this case), and indeed fails to compile with later Visual C++ versions.
Admin
I used to work for a SW company specializing in secure web form management software. The software that they had was used by ISPs, insurance companies etc. The funny thing was that my comrade found out that this 'or 1=1-- trick worked quite well against the software.
We made top management aware of the problem and they were quite scared. They said the problem must be fixed ASAP but would not allocate any resources to fix it. Finally some poor testers were appointed with the responsibility of fixing the problem. The poor bastard could not even write java code. The fault was buried so deep into the workings of the system that it would have required the full re-design of the whole damn system.
Eventually the bug was not corrected at all. Even nowadays those poor customers use the system unaware of the fact that any dumb student could become uber-admin in their system without any real skill. This all was two years ago. THE SYSTEM IS STILL IN USE!!!
That's real WTF I say.
Admin
Not sure if that's what you meant, but in standard C++, an enum's enumerators are in the same scope as the enum itself. That is, in ISO C++, you would have to say "A::FALSE" etc. from outside A's scope.
VC++6 however allowed the use of "A::x::FALSE", which is not legal ISO C++.
Admin
What's up with using SQL in scripts and middleware anyway? That's so 90's.
Time for Stored Procs.
Admin
No, that is seriously bad! baaaad!
Using Javascript as a REPLACEMENT for server-side validation is a huge WTF in web-programming. Never do it, unless you want to be hacked.
Basically, you can't trust the client will run the Javascipts, or that the client is even a broswer!
Any kid who knows HTML can easily edit the page to remove your JS validation code and send corrupt data to the server. Any professional could construct their own HTTP headers without even using a browser and send corrupt data to the server.
JS validation is great to COMPLEMENT server-side validation, but it cant be used as a replacement.
BTW, got any links to web-sites you've developed, heh heh heh....
Admin
Are you sure you read the post to which you're replying?
Admin
"IMHO, this problem could have been solved better with Javascript."
Uhm.. WTF should not be followed by more WTF. What are you going to do, use javascript on the prior page? So somebody can just make a page on their hard drive, that POST's to the same server, with dangerous data?
Oh, let me guess, you'd fix that by making sure that the page it was coming from was the expected origin page.
Too bad that that information is sent by the client, as well, and thus can be spoofed.
Admin
PLEASE STOP THIS ALREADY :D You're killing me!
Admin
is your name "Amanda," "Seth," or "George?" if so, stop trying to hack the forum!
Admin
You-can't-really-be-serious, right?
Right?
I mean seriously; your comment must have been meant as the true WTF??
On the other hand, of course no hacker smart enough to think of injection could possibly circumvent a client-side check...
Admin
Admin
[q
h;lk
Admin
OMG! a "hack attept!"
Admin
Wow... been reading back articles recently. Not that anyone's ever going to read this comment, but normally I just think "who would ever write that?" This time, for the first time, I was forced instead to think back to a time when I did, in fact, fix exactly this bug. Though at least the person who wrote our implementation had the forethought to only check full words, so George would be fine. If you wanted to get a document named "table 5", though... too bad.