• (cs)

    "This works well for months like ANF and POC." - clearly all those extra months you need to insert into the project schedule to allow for debugging this POC...

  • Anonymous (unregistered)

    Weird, I wonder what date format has a 3-character month in the front.

  • Jim (unregistered)

    Microsoft SQL Server's default. Try this:

    SELECT CAST(CAST('2014-08-14' AS DATETIME) AS VARCHAR)
  • noland (unregistered)
    "imagine what he might have done with a boolean?!"
    Her we go (JavaScript):
    var boolList = 'TRUEFALSE';
    
    function notNullBoolean(b) {
      try {
         var rc = b.valueOf().toString();
         if (boolList.indexOf(rc.toUpperCase()) < 0) throw 'ValueButNotBoolean';
      }
      catch (e) {
         b = 'FILE NOT FOUND';
      }
      return b;
    }
  • Linux Kernel (unregistered)

    You just wait until 2038 and you'll be sorry you didn't add in support for ANF.

  • (cs)
    I guess we should all count our blessings that the developer of that code limited himself to strings; imagine what he might have done with a boolean?!
    I'm guessing something like this:
    def noNullBoolean(bool) {
      def rc = bool
      try {
        def x = rc.equals(Boolean.TRUE.BooleanValue())
      }
      catch (NullPointerException e) {
        rc = FILE_NOT_FOUND
      }
      return rc;
    }
    
  • Herman (unregistered)
    def MonthOk = MONTHLIST.contains(date.substring(1, 4).toUpperCase())
    Somhow me thinx no month be Ok
  • akozakie (unregistered)

    Maybe it's supposed to work with yesterday's uebermorgen code? ANF would be a great name for that 13th month...

  • Herman (unregistered) in reply to Herman
    This works well for months like ANF and POC.
    Nope, but it would work for janfuari and marach
  • Carrie (unregistered) in reply to Herman
    Herman:
    This works well for months like ANF and POC.
    Nope, but it would work for janfuari and marach

    JavaScript's substring method gives you the substring from the start index, up to but not including the end index.

  • (cs)

    Fixed?

    def MonthOk = (MONTHLIST.indexOf(date.substring(1, 4).toUpperCase()) % 3 == 0)

  • cyborg (unregistered)

    I don't see any handling for Smarch.

  • foo AKA fooo (unregistered)

    EPOCH is a valid month, perfectly cromulent.

  • v (unregistered) in reply to Herman
    Herman:
    def MonthOk = MONTHLIST.contains(date.substring(1, 4).toUpperCase())
    Somhow me thinx no month be Ok
    I regret to inform you that there are in fact languages crazy enough to do such despicable things... starting index inclusive and ending index exclusive... I too was so used to the sane notation of (start, length) that I was recently caught by surprise by javascript's substring() vs substr(), and even more so by slice() vs splice()...
  • Alduin (unregistered)

    If you are bored ask him what happens when the month doesn't start at index 1 but ... lets say ... at -2. The solution he comes up with should be entertaining.

  • (cs)

    Groovy has language support for not having to do null checks... and so this moron wrote a null check.

  • Smug Unix User (unregistered)
     Private Function isMonth(ByVal rawInput As String) As Boolean
            Return "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC".IndexOf(rawInput.ToUpper) Mod 3 = 0
    End Function
    

    Or maybe use a sanitation library.

  • Gumpy Gus (unregistered)

    I've used that same trick myself, but made a bit more exclusive:

    Found := pos( '/' + Month + '/', '/Jan/Feb/Mar/Apr/..../' ) > 0;

    Works just fine.

  • Smug Unix User (unregistered) in reply to Gumpy Gus

    Feb/Mar has always been my favorite month.

  • (cs)

    FILE_NOT_FOUND!!!

  • Alexandros Katechis (unregistered)
    imagine what he might have done with a boolean?!

    Maybe XOR the boolean with a copy of itself, then do a bitwise comparison with 0 and assign that to a third variable. Then return the third variable. This would all be wrapped in a try-catch block which would return TRUE as a "failsafe"

  • towel (unregistered) in reply to akozakie
    akozakie:
    Maybe it's supposed to work with yesterday's uebermorgen code? ANF would be a great name for that 13th month...

    The 13th month is called Undecimber.

  • (cs) in reply to v
    v:
    I regret to inform you that there are in fact languages crazy enough to do such despicable things... starting index inclusive and ending index exclusive...
    A certain whitespace-dependent language that shares its name with snakes does this.
    >>> x=range(6)
    >>> x[4:5]
    [4]
    >>> x[2:5]
    [2, 3, 4]
    >>> x
    [0, 1, 2, 3, 4, 5]
    >>> 
  • (cs)

    is equivocal same as equivalent?

  • foo AKA fooo (unregistered) in reply to Smug Unix User
    Smug Unix User:
    Feb/Mar has always been my favorite month.
    And neatly answers yesterday's problem: ubermorgen("Feb 27") = "Feb/Mar 29/1".
  • nitePhyyre (unregistered) in reply to Nagesh
    Nagesh:
    is equivocal same as equivalent?
    Equivocal means uncertain or ambiguous. So no.
  • Zapp Brannigan (unregistered)

    From the very beginning programmers have had trouble with dates. I think it's because of poor social skills.

  • St. Pat (unregistered)

    Well, in fairness, the month method does have a McCabe complexity of under 5. Clearly that's more important that actual correct functionality.

    CAPTCHA: Consequat. The consequat of the low McCabe complexity was that the error was obvious.

  • (cs)

    I love the month of Rap!

  • (cs)
    snoofle:
    migrating some Groovy scripts. ... This works well for months like ANF and POC.
    Well - nope!

    Groovy strings have the same indexing as Java Strings, so first index is 0 not 1 (and second parameter of substring is the exclusive end index, as already noted).

    So the following are valid month names: HANF, SPOCK!

  • (cs) in reply to JoeCool
    JoeCool:
    I love the month of Crap!
    FTFY!
  • Your Name (unregistered) in reply to towel
    towel:
    akozakie:
    Maybe it's supposed to work with yesterday's uebermorgen code? ANF would be a great name for that 13th month...

    The 13th month is called Undecimber.

    And Java still supports it.

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    v:
    I regret to inform you that there are in fact languages crazy enough to do such despicable things... starting index inclusive and ending index exclusive...
    A certain whitespace-dependent language that shares its name with snakes does this.
    >>> x=range(6)
    >>> x[4:5]
    [4]
    >>> x[2:5]
    [2, 3, 4]
    >>> x
    [0, 1, 2, 3, 4, 5]
    >>> 

    Forgot how much I hate that.

    >>> range(1, 10)
    [1, 2, 3, 4, 5, 6, 7, 8, 9]
    
  • (cs)

    Now try that in python34

    range(1,10) range(1,10)

    Thankfuly this works:

    for i in range(1,10): ... print(i) ... 1 2 3 4 5 6 7 8 9

  • asryh rtj tyklsmkdgh (unregistered) in reply to Herman
    Herman:
    def MonthOk = MONTHLIST.contains(date.substring(1, 4).toUpperCase())
    Somhow me thinx no month be Ok
    and the 1....suggets there's a char in front of the month too....I could imagine 1 or 2, but not exclusively 1.....
  • YellowOnline (unregistered)

    I don't know anything about Groovy, but assuming it wouldn't be possible to use a class, doesn't the language have arrays? :s

  • (cs)

    I suppose some people would greatly prefer the month of "RAP".

  • Static (unregistered) in reply to Steve The Cynic

    The reason this makes sense is that the index locations are between the items. Once you grasp that, you don't have concerns about inclusive versus exclusive positions.

    Icon does the same thing.

  • e (unregistered) in reply to Steve The Cynic

    When you use this syntax it makes a bit more sense. I won't say I like it but it's not horrible.

  • Hormoke Blofein (unregistered) in reply to Static
    Static:
    The reason this makes sense is that the index locations are *between* the items. Once you grasp that, you don't have concerns about inclusive versus exclusive positions.

    Icon does the same thing.

    "Right-half-open intervals" as they are technically called are preferred for reasons mentioned here: http://www.cs.utexas.edu/users/EWD/transcriptions/EWD08xx/EWD831.html

    Don't ever start thinking of positions "between" items, because such a thing just does not exist and you'll be even more likely to make off-by-one errors.

  • Nagesh the nitpicker. (unregistered) in reply to Static
    Static:
    The reason this makes sense is that the index locations are *between* the items. Once you grasp that, you don't have concerns about inclusive versus exclusive positions.

    Icon does the same thing.

    If they are between, then range(1,10) should print from 2 - 9 and not 1 -9.

  • nupanick (unregistered) in reply to Nagesh the nitpicker.
    +--+--+--+--+--+--+--+--+--+--+--+--+--+-->
    | 0| 1| 2| 3| 4| 5| 6| 7| 8| 9|10|11|12|
    +--+--+--+--+--+--+--+--+--+--+--+--+--+-->
    0  1  2  3  4  5  6  7  8  9 10 11 12 13
       |__________________________|
                   |
               range(1,10)
    

    This trick does in fact result in getting range(1,10) = 1,2,...,9.

    Thinking of range indexes as sitting on the edges between elements, like marks on the x-axis, is a very reliable way of remembering how ranges work. It's saved me from substring trouble tons of times.

  • allo (unregistered)

    not only POC ... but even POCAHONTAS will work

  • Robin (unregistered) in reply to Severity One

    Groovy has language support for not having to do null checks... and so this moron wrote a null check.

    Compilers are buggy. You can't trust them.

Leave a comment on “Securing Input”

Log In or post as a guest

Replying to comment #437838:

« Return to Article