- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
What if you start telling him that by accident someone might make their extention a random combination of letters of size 1-6 characters, he needs to list them all out.
See if the guy would actually type it all up. If he at least makes a loop we know that he read the basics of programming books :P
Admin
Don't try to spin history to someone who was there.
Admin
Well, then you should use (and check for) quotes when you open a CSV file:
Example:
John,"5th Street, number 10", 100$
contains three columns.
Admin
Actually his idea initially was correct. Extension really doesn't matter except for certain files that are executables or might contain code that you don't want uploaded. You don't want someone uploading an executable that could contain a virus for example. As long as it was not a dnagerous extenstion, then check to see if the contents are valid. But he got carried away with exentension-mania and/or failed to comment his code well enough so others understood the intent.
Admin
It works just fine. Till someone gives you a file with absolutely no context as to what it is or what it was created with and you either have to keep guessing or just go back and ask them.
The file extension is metadata. It's also the one piece of metadata that is pretty much guaranteed to survive the translation to any file system, to any OS, that can easily be transferred as part of transmitting a file (regardless of protocols etc) and that can always be used consistently on any kind of file (even plain text which is utterly unstructured).
It may not be fancy, it may not be particularly clever, but it does work. Which is why you even see Apple using it these days.
Admin
I think we almost don't have enough background here.
The situation could be that a delimited .txt file is being spit out to Windows users that then make a small change to it, via the system, viewer or plain textpad(hence the .txt prolly!) User then uploads the changes.
However, like others have said, the extension is a convenience, not a requirement. Your validation logic is going to tell you if the file is good or not, so what's the point in caring about the extension?
Truth be told, this thing will probably only be used by 4 people who should know what file they are uploading and the extension check is a simple "Whoops. Wrong file." catch.
Captcha: validus-def:strong, mighty, powerful, exceeding
Admin
I did not complain about commas or semicolons! But tabs, spaces and rectums look all alike (eg: did you mean a tab instead of 8 spaces?) should be avoided as single delimiters.
Admin
Where do people get the idea that data in itself can be malicious? It's only when you (or your OS) try and do something with it that it can be seen as such.
Admin
You people are really missing the point of the article:
"To solve this, my colleague figured the best way was to verify that the uploaded file's name had the correct extension of .txt. It's a decent first step that one would normally code as follows."
It doesn't claim to be a perfect system, the point is how the guy attempted to program said condition.
Admin
If you really can't figure out what you are supposed to do with a file based on context, try using the 'file' command to determine what sort of file it is, and if it is a text file, open it up to see what is in it.
Really this is unneeded 99.99% of the time bacause it is generally pretty damned obvious what a file is from context.
Admin
Comma is a rather bad separator, especially since there are lots of characters hardly used in normal text or numbers to pick from in a normal keymap. Perhaps pipe? Or some other even more archaic character.
For example; John|5th Street, number 10|100,00$
Admin
Stupid is as Stupid does, sir.
Admin
TRWTF, why this comment has been quoted only twice.
You sir, win at the Internets
Admin
as a nonprogrammer, i think the idea of checking for .txt is good. after all, how many "regular" people actually know about extensions in the first place ? if the admins who are uplaoding the files are not programers, they may not even know what extensions are .....
anyway, having it in .txt means you used notepad, or saved it somehow in a special way from excell or word, which means you actually thought about the file for a second, and , maybe, there is a prayer you got it right
Admin
Just a note: back when I was doing this kind of thing, one of the mail merge formats Microsoft Word used was the Microsoft Word Table: which was was a tab delimited text file with the extension .DOC
Admin
Just sayin'...you know...
Admin
Dude, that's so 20th century. You should use a loop in text to speech engine to have the conversation with this dude.
I was going to include code for a loop to go through all the permutations but then realized that would make me dumber than the guy who did the coding, so I'll leave that as an exercise for any masochistic moron reading this.
Admin
Well, you know what they say, when you eliminate the improbable, whatever remains, however idiotic, must be TRWTF.
Admin
Admin
Ah, yes, that line of thinking is such a common source of WTFs: "I don't use that particular feature, so I won't bother to include it in my program."
Admin
Given it's ToUpper() and not .toUpper() I'd guess it's .NET, rather than Java. Which still has exceptions.
Admin
Given it's using ToUpper() and not .toUpper() I'd guess it's .NET, rather than Java. Which still has exceptions.
Admin
This is retarded. If you read it correctly you'll realize that it's actually listing the extensions ".aspx;.asp", ".asp;.cer", and ".aspx;.axd". It's unsurprising that you would miss this though, as knowledge of these extensions has only been made available to non-retarded people.
Admin
ASCAPE THE DERIMETER
Admin
// Incorrect extension. Show error message.
Sorry dude, there's no such thing as a "narwhale".
Admin
yeah I did that too but then the system didn't boot any more. something about not being able to find the boot loader menu file. fortunately, the guy it landed on knew it wasn't an anvil, so he was okay.
Admin
Seriously?
Why do 90% of people on here not understand "example"? This isn't gospel, people, this is humorous snippets.
I'm sure the original poster could have given a ten page case study with notes of the "correct" way to do it, just as I'm sure you would have gone through each of the ten pages picking out typos in his comments.
Admin
or just saved it normally and renamed it to .txt thinking it's been "converted". (See also .bmp -> .jpg)
Admin
Thought I was the only person who remembered Mr Pode of Croydon. Saluto!
Admin
Admin
YOUR RETARDED
Discuss
Admin
For a nice read about make, you might be interested in this: http://miller.emu.id.au/pmiller/books/rmch/
I see extensions as just a bit of metadata for users to interpret with which program they should try to use the file, the programs themselves should make as few assumptions as possible based on the file name or it's extension. Depending on the kind of program, it should have other ways to identify a file, or it should defer to the user (whom might use an extension to help him).
For example: If I get a files.tar file, I might try running it through tar, but if it's not a valid tar archive, tar should complain it's not.
Admin
Of course the real real wtf is in the validation as well ;-)
if (System.IO.Path.GetExtension(fileName).ToLower() == "txt")
should've been:
if (System.IO.Path.GetExtension(fileName).ToLower().Equals(txt))
Admin
Admin
My god, I seriously facepalmed...
Admin
Try telling Excel
Quotes don't fix the problem. Example:
John,"5,12",100
Now is 5,12 a string or a number?
Admin
fail
Admin
Here we go with this file-extension-hating argument... The one thing that I've always liked about Windows is that every file has a meaningful file extension. I don't NEED to look at any metadata or anything more complicated than the name. If it says txt, there's a 99.99% chance that it's a simple text file. When I double click that file, the only thing Windows needs to check is the file extension and it knows how to open the file.
If I want to use Notepad++ to open a text file, I have to update exactly one record in the registry and now ALL the txt files automatically open with the new program.
Your argument about the date, owner, etc. is ridiculous. All of those items can change and some change frequently. Of course they wouldn't be a part of the file name. The type of file will never change. A JPG doesn't just turn into a TXT file. It's always a JPG... Sometimes a type can change (ie. from a TXT to a CSV) but for the most part, that doesn't happen, and when it does, it's most likely because the contents of the file did fundamentally change or it was given the wrong name to begin with.
Anyway, just because you prefer to not have file extensions doesn't make them wrong or broken. I understand that you can't rely on them to be 100% accurate, but it's a good, easy first line defense to help select the right files in the first place. Do I think that an app should reject files with the wrong extension? No. But if this was a quick, internal app, and the users were told specifically to use a TXT file, than why not reject anything else immediately? If they couldn't get that right, who knows what else they messed up!
For arguments sake, if you had a file named "Configuration" how would you keep track of the fact that it's a text-based file that is human readable? On my machine, it'd be called "configuration.ini" and I would know exactly what to expect.
Admin
Be conservative in what you do; be liberal in what you accept from others.
Admin
This entire discussion is an absolute mess.
Admin
^
and "Equals()" should be lowercase
Admin
Quite true, but today comma is still being used, even in todays international world of programming. It is a very unfortunate relic of the past, and one that is so easy to remedy that it is silly. Not that I mind. I see a lot of worse things being done again and again just because they were always done... (And I know that wasnt really your point there, I just went off on a tangent)
Admin
Don't forget the "."
Admin
Admin
Let's be realistic. What is more likely to happen is that the software will tell the user that the extension has to be ".txt", so they'll take their .xlsx and rename it to .txt and upload that.
Admin
You, much, you little prick?
Admin
Three characters: W3C.
Admin
You can't even compile your precious Unix without using tools that depend on extension to be accurate metadata about contents of the file.
Then there's editors determining what editing mode a file should be opened in.
There's GUI file managers determining what application should be used to open a file (no, file manager looking for magic strings in file contents is not reliable nor easily user-configurable).
There's web servers needing to easily and efficiently provide correct mime type for all static files.
Need I go on, or elaborate more on above cases?
If you're thinking of current "unix-like" filesystems, I believe they are a rather decent invention, from the 1980's or so, much more recent than for example CP/M with it's 8+3 filenames. But I'm not saying you're wrong about there having been better alternatives suitable for small media capacities, abysmal seek times (8" floppy) and small RAM sizes. But current kind of filesystems would be totally retarded choice for personal computer technology of the 70's... Are you sure you were there?
Admin