• aaron (unregistered) in reply to Marquess von Hinten

    It does...

  • aaron (unregistered) in reply to Marquess von Hinten
    Marquess von Hinten:
    Rodnas:
    CSV is a CHARACTER separated values file. They did state they needed a tab-delimited file, thus a text file is correctamundo.
    Gee, and I always thought the C stood for comma ...

    It does...

  • carlyle (unregistered)

    GetAllFileExtensionsPossible() { //return array of file extensions }

  • Barf4Eva (unregistered) in reply to Engival
    Engival:
    if (System.IO.Path.GetExtension(fileName).ToLower() == "txt")
    and I thought THAT was the WTF at first. Who cares what the extension is. Who names csv files .txt? I can just see the training of the users now. "Okay, export your file, you can pick csv, or tsv. okay, now go rename the file because the web site needs it as txt)

    At least the guy doing "the real WTF" was excluding some common types that idiot users might click on by mistake. It's not supposed to be an exhaustive list. I'm not sure I agree with either approach. One is a pretty poor defense against invalid types, and the other is restrictive.

    Also, at this point in time, you can bet that the file has already been uploaded to the web server. So you won't even bother inspecting the first 1k of the file, just because your preconceptions of filename aren't met?

    Exactly what I was thinking after I got done reading this.

    Fire them all!! :P jk.

  • Barf4Eva (unregistered) in reply to Barf4Eva

    I should have also stated, why is everyone so gung ho about "people getting fired", "getting people fired", or "I can't believe that dumbass is still holding on to his job" attitude, especially these days? I think OP of this comment was on to something by finding fault with the very dev who couldn't believe the guy was still working at the companty.

    Learn to deal with the blows. In corporate world, I'm more worried about whether I'll be given an unrealistic deadline for a crucial project, or if I'll be given the time to properly resolve a problem instead of issuing bandaids, or if after all my work, the project gets cut. Sure, we all have our fair share of B.S. to deal with... and we all produce some of our own. It's a natural function of the human body.

  • (cs)

    Stupefied, mortified, petrified... by you.

    So why didn't you (the poster) ask him why he didn't just check if it was .txt ? It's not like he's ever going to learn if he doesn't get asked those kinds of questions...

  • (cs) in reply to Pepster
    Pepster:
    The business process called for a .txt file, so that's what was being verified. if a .tsv, or a .csv, or a .wtf file showed up, then the user was doing something wrong! It doesn't matter that they COULD cram the data into any extension, it matters that they're not supposed to.
    The business process called for a tab-delimited text file. The file extension is irrelevant. There is absolutely no point in verifying it at all. If a file has the .txt extension, it might still be incorrect; if it does not, it might still be correct.

    Neither the business process nor the software have any business specifying the file extension. The process should specify the steps to follow to create the data, and the software should validate the data. And then everything will keep working even if Excel 2010 suddenly decides to use a different default extension for tab-separated exports.

  • (cs)

    not a very good check anyway...you can rename any file to .txt

  • Fred (unregistered)

    The fact that the 'three letters at the end of a filename' don't guarantee anything at all about its contents anyway seems to have completely flown over this poster's head.

    It might make more sense to use 'file' on the file, to verify that it really is text. Checking the last three letters of the filename is irrelevant.

  • Fred (unregistered) in reply to m0ffx

    On the Internet 'extensions' are irrelevant, because real software uses MIME-Type (originally intended for use with email, since expanded to lots of other things, including HTTP)

    Notable exceptions include most crap distributed by Microsoft.

  • Anonymous Cow-Herd (unregistered) in reply to Fred
    Fred:
    Notable exceptions include most crap distributed by Microsoft.

    Such as IE ignoring a misconfigured web server and rendering anything that looks like HTML as HTML. Source of no end of problems.

  • History Teacher (unregistered) in reply to Fred
    Fred:
    On the Internet 'extensions' are irrelevant, because real software uses MIME-Type (originally intended for use with email, since expanded to lots of other things, including HTTP)
    Such basic protocols as FTP and SSH file transfer don't preserve mime type. Which is probably just as well, since the sender of the file has no reliable way to determine mime type of the file sent, and receiver usually has no way to store it...

    Also, just how do you think a web servers normally determine the mime type of most random files linked to in a web page?

  • no (unregistered)

    The real WTF here is that someone believes that a file extension has anything to do with the contents. Who cares whether the filename ends in ".txt" or not?

  • AndyC (unregistered) in reply to Anonymous Cow-Herd
    Anonymous Cow-Herd:
    Such as IE ignoring a misconfigured web server and rendering anything that looks like HTML as HTML. Source of no end of problems.

    They actually "fixed" that in one of the IE7 beta builds. Result: the 90% of servers misconfigured to hand out buggered up MIME types resulted in a very broken web browsing experience. And, in case you were wondering, those web servers were almost universally Apache.

  • Skaro (unregistered)

    I think a large number of WTFs are executed by simply not using the python(or any other batteries-included language) module built to achieve the task at hand in 10 lines of code or so.

  • Adriaan (unregistered)

    Definitely the wrong approach - he should have provided him with a dozen new extensions every day to add to the list.....

  • (cs)

    On balance, I like the original code better. The original code will reject filenames that are almost certain to be invalid. The suggested code will reject any number of perfectly valid files.

    On Windows at least, it does make some sense to validate extensions. Windows will treat a file very differently based on its extension even in system-like contexts. (UNIXes may if you double-click on it from a GUI, but in system-like contexts, they ignore the extension.)

    This Windows/UNIX difference is a source of much irritation to people who deal with cross-platform software.

  • Design Pattern (unregistered) in reply to A. Friend
    A. Friend:
    Duh! He should have used a code generator to generate the 17574 invalid strings (all three-letter strings except for txt and tsv).

    Your MP3 player just called. It wants it's files back!

  • Don (unregistered)

    validating the file type by the extension is the real wtf here

  • Brent (unregistered) in reply to Carl

    The frist intelligent comment in the thread.

  • Quirkafleeg (unregistered) in reply to Anonymous Cow-Herd
    Anonymous Cow-Herd:
    Jasper:
    And also: Some extensions such as .asp and .aspx are in the list twice. Probably those are files you really don't want people to upload. Just to be extra sure you check twice.
    When you really want to be sure of something, you're supposed to do it three times.
    Are my hands clean yet?
  • Quirkafleeg (unregistered) in reply to sadwings
    sadwings:
    There's more wtf worthy answers in this thread than there was wtf'ness in the article.
    Plenty in the comments (there you go, another one), some in the article – win-win, I think. :-)
  • Thom (unregistered)

    Fcking lol!

  • anon (unregistered)

    i haven't read all the comments, but i hope someone else has noticed that .asp, .php, .ascx, .csproj, .vbproj etc etc are all text files!

Leave a comment on “Pretty Basic Validation”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article