- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I got as far as the substitution of "www.thecompany.com" for "inetpub" and was wondering where the WTF was. Had I missed it? I scrolled down to the next line of code and WHAM!
It was like keeping my head focused on the pavement as I walked around (watching for the odd dime or nickel) and smashing my skull into the brick wall I had completely not seen. Damn, that hurt.
Admin
I can only assume that all of the Perl code (as simple as it is) was generated by cutting and pasting various lines of code found on the web, because I can't think of any other explanation why you would need to use some canned script in ASP rather than using Perl to send email. Sending email in Perl is dead simple, even if you don't know about any of the modules designed to do exactly that.
Admin
There's plenty of Real WTF to go around here but does it bother anyone else when the see stuff like:
DEFINE VARIABLES
or
// GETTERS ///////////////////////////
or
/**** DATABASE STUFF *************************/
If you're using comments like this to break up your code you probably need to either:
I guess it looks good when you're first writing the code but it doesn't hold up after the first refactoring.
Admin
It's OK. I have fixed this script. Please see below.
print "Content-Type: text/html\n\n"; # parse form read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } # Define variables ########################################### $quiz_name = $FORM{'quiz_name'}; $my_score = $FORM{'my_score'}; $email = $FORM{'stu_email'}; $name = $FORM{'stu_name'}; $prof_email = $FORM{'prof_email'}; # $email_message = "$answ"; $message = 'mailer_d_alt.asp'; $answ = $FORM{'answ'}; $new_answ = $answ; $new_answ =~ s/"//g; $new_answ =~ s/\n/\" \& vbcrlf \& \"/g; $new_answ =~ s/\r//g; $final_answ = "(\"$new_answ\")"; $final_page = $FORM{'final_page'}; $final_page =~ s/\\/\//g; $final_page =~ s/e://g; $final_page =~ s/\/Inetpub\/wwwroot/http:\/\/www.thecompany.com/ig; # $final_page =~ s/\/inetpub\/wwwroot/http:\/\/www.thecompany.com/g; $page = $final_page; # Print asp page that will process and mail quiz response # NOTE: this seems a little ridiculous to me. why are we even using this # script if all it's going to do is just create another script? # -- XXXX XXXX, 2003-10-17 open(FILE,">$message") || print "Error: Could not create temporary file."; print FILE "<\%\n"; # The comment above is correct. This is the scalable solution. use Win32::OLE; $cd = Win32::OLE->new("CDONTS.NewMail") || die $!; $cd->{From}="$name <mailer@thecompany>"; $cd->{To}="$email"; $cd->{Cc}="$prof_email"; $cd->{Subject}="Results for $quiz_name"; $cd->{Body}="$final_answ"; $cd->Send; print FILE "response.redirect strPage\n"; print FILE "response.end\n"; print FILE "\%>"; close FILE; # mail.BodyFormat = MailFormat.Html\n print "<HTML><HEAD><META HTTP-EQUIV=\"Refresh\" CONTENT=\"1;"; print "URL=http://www.thecompany.com/scripts/mailer_d_alt.asp\">"; print "<TITLE></TITLE></HEAD><BODY></BODY></HTML>";Admin
Why do people have to make sending an email so friggin complicated?
Admin
I've seen the code fragment at the top before, including the Define Variables line, but I don't remember where.
I know the form parsing code was actually a pretty common code block in its time, though.
Admin
It looks remarkably like something an old boss of mine might have done...
Admin
That says something about you.
I wonder where this script is being used, that it's okay to completely blow up if two web users submit emails at the same time. (I assume the generated page is called *_alt_d because alt_a, alt_b, and alt_c are used on some other page.)
The real head scratcher is how did somebody have the mental capacity to dream up this rube goldberg design, but didn't have the sense to consider refactoring?
Admin
I can sometimes see the point of doing this sort of thing with one server- and one client-side language. But wtf is to be gained from using 2 server side? I despair
Admin
NOTE: this seems a little ridiculous to me.
Step 1 of the 12 step program.
Admin
Admin
Around early 2001, at my first programming job out of high school, I wrote my own SMTP queue in VB using winsock, and a COM control for adding mails to the queue, for use in a website I was building in ASP. After I got it all working well, and showed it off to my coworkers, one of them asked, "Why didn't you just use CDONTS?"
Admin
Admin
I'm embarassed for the amount of bad Perl code that has gotten out there over the years, when in fact, there's also a lot of good enterprise-grade Perl software running our networks and major websites and mom-and-pop shops as well. It really gives Perl a bad name. Perl was a bit too easy to use... deceptively so, so that people who were not professional programmers could actually think they could accomplish something. That was Perl's Achilles Heel... that it could be used by quasi-programmers.
Admin
I agree and the same could be said for VB, VBScript (which includes MS Access), PHP, etc. Even C# to some degree.
I'm not saying we should get rid of all these languages. However, easier programming languages help the industry, but it's a bit of a double edged sword as well.
Admin
One Script to rule them all, One Script to find them, One Script to bring them all and in the darkness bind them.
Admin
God, I hate Hungarian Notation. What a horrible, horrible crutch for a young programmer to take up. It's as bad a smoking, really.
Admin
Nevermind the glaring WTF - this is a huge security hole! With a hand crafted form one could write an entire asp script to do whatever you want on the web server!
Admin
The scary thing is.. we have a program here that does precisely the same thing, only its written in VB6 and generates ASP instead of Perl to ASP.
Admin
Admin
That's what people said about the camera when it was first introduced to the public. "Nobody will paint anymore, they'll just take a photo". But like anything, the good photographers float to the top; the wheat DOES separate from the chaff.
Admin
I disagree. It is quite useful when you are looking at other people's code. It can help guide you into the other person's thought process and figure out what variable do.
Admin
I think slater is referring to
Admin
I'd go to Mordor and throw The One Script into the fires.
Admin
I redisagree. hungarian notation as it's used is worthless and can be an impediment if datatypes have been changed without updating variable names. Proper hungarian notation means decorating names with app-level info about what the variable represents, not the datatype.
Admin
We've got a different mailer script for almost every site, though many of them are identical
Admin
The first thing that caught my eye was actually this: "the Web folks mostly do non-technical like designing websites, creating simple databases, and configuring web servers." Since when was creating databases and configuring servers not technical? Granted it's not the hardest task in the world, but it does still take some knowledge to pull off.
Of course, I work in a shop where people think being a web developer just means I'm "FrontPage Certified". sigh Some day us web devs will get the respect we deserve.
Admin
Admin
In the ancient Web days, that form parsing code was pretty common. Perl4 programmers used pack() to parse a query string. Proper modules, like CGI.pm are Perl5 features.
It looks like someone searched for Perl CGI, and got an old-style code fragment.
Admin
Good variable names==good programming practice, regardless of what notation you prefer. Hungarian requires you to specify your data type, but people who choose good variable names with it will choose good variable names without it (same with bad). While I'd rather dig through bad code with Hungarian than bad code without, Hungarian doesn't make code worse.
Personally, the only reason I like Hungarian notation is for use with intellisense when I can't remember exactly what I named a variable. I just type in the prefix and I can immediately see which one it is.
Admin
The ASP (IIS?) server is another web server, not a Mail Transfer Agent! The Perl script sends control back to the web client which must repeat the request.
Anyone can write a short Perl script to send an E-mail to a Mail Transfer Agent with or without any webserver. E-mail existed just fine before the Web.
Admin
I suppose the title of the site invites people to criticise, rather than make a constructive comment. However, there's really nothing wrong with this.
I've tried embedding SMTP in C/C++ using Perl, and I've tried it using Python. With Perl, I haven't found a module that's significantly better than back-quotes or a system call. Even Python is a bit of a pain (although an elegant pain). Both of them fall down on the basic premise of sendmail:
Because it is. But it shouldn't be. See http://research.microsoft.com/~daniel/unix-haters.html.It's just like that. Wanna send mail through your local servers? Naw, you've got to persuade the sysadmins to allow you to redirect. Good luck on that. The whole system is a god-awful 1970's mess, and needs a redesign, right now.
Given that, I have no problem with using ASP and (hawk, spit) Visual Basic. You pick the tools that are available Me, I'd have used a "here-doc," but that's just syntactic sugar.
So, tell me again. What's wrong with this little snippet? And how would you make a significant improvement?
Admin
I see a wtf that most people haven't commented on. This script assumes POST, though, depending on the webserver config, GETs may also be allowed. In that case, you'd either get a DOS attack (if the perl instances just hung around waiting for input never to come) or the script logic would totally blow up because the non-existent variables are never checked for existence. This is a specific case of the general "trust all inputs from client, what could possibly go wrong" of the script.
As far as sending email goes, MIME::Lite is a fairly common module and isn't that hard to use. It does need a SMTP server though, but then at least the IT guys could maintain it.
Admin
Of course then there are the people that come here to laugh at the post while not understanding it and assuming if they don't laugh at it other people will think they aren't smart enough to be here.
What a culture we have created huh? I'm leaving my fire retardant suit off because I want to get a head start on this summer's tan.
Helpdesk girl forever; she even has a tattoo.
Admin
Admin
I prefer Austro-Hungarian notation.
Admin
Maybe this script was written by an old DOS batch programmer (if there is such thing). Generating a batch file within batch file and then callign it was a pretty common technique to work around command.com's absolute clumsyness.
Admin
which method is a wtf?
There are more possibilities, but I can't bring myself to enumerate them all.
Admin
WTF yourself. If there's nothing on STDIN, there's nothing on STDIN. A CGI program doesn't wait for input, it just reads it (and should read up to Content-Length and stop). A proper CGI library like CGI.pm would make it all moot, so the advice would be to just use what's out there until you can do better for your specific task.
Admin
Not to start any flame wars here (the news groups are for that) but I've never had a problem parsing without cgi.pm - a habit I got into back in the day when it would break Flash e cards (don't ask, I needed the money). I also wish perl hadn't passed out of buzz-word-dom as I still prefer it to PHP but suggesting it instead of PHP is a great way to get a blank stare before losing a bid for non-buzzword compliance. I've had to say 'XML' about twenty times to dig myself out of that hole recently.
captcha: validus wikipedia: A fictional DC comics bad guy.
Admin
I agree always us i, j, k for integers and start a$ through g$ for strings.
Admin
I agree always us i, j, k for integers and a$ through g$ for strings.
Admin
Wow! That script looks incredibly familiar... I think the last piece of code that I wrote with Perl without CGI in 1998... This brings back memories....
Admin
Admin
Hmm...
You might use the CGI module, as it's not 1996 any more
As a result, you could then avoid using that antediluvian hairball of code to interpret the client request
You could maintain application state on the server, rather than passing lots of hidden form fields, many of which need likely never go near the client, through multiple client requests
You could properly check and sanitize inputs, rather than allowing the script to be used as a spam gateway for the rest of the world
You might want to use e.g. Mime::Lite to send the mail message. You already have SMTP running to make CDONTS work, so this will work. However, unlike CDONTS, you don't need SMTP running on the same box as IIS
You could display whatever you wanted to display to the user as a result of the submission, rather than having to redirect them twice
You might want to limit the number of programming languages and technologies involved in this trivial task beyond one
You would perhaps try to avoid creation of an unnecessary file to do something that is completely unnecessary
Even if you did do that, for some extraordinary reason, you might want to avoid writing to a "temp" file with the same name each time, leading to concurrency issues
Even if you were dumb enough to do that, you might want to avoid client-side redirects to send the user to the temp file, although this would be the very least of your worries
Apart from that it's a pretty good solution though.
Admin
The real WTF is the use of form mailers in the modern age. Often times these can be hijacked by 3rd parties and used as SPAM relays. This is because most form mailers are poorly written and don't contain adequate safe guards against being used to send arbitrary data or being used to send email to arbitrary addresses.
Admin
That's not really the best analogy for this situation. I'm just saying that having really low barrier programming languages can encourage people to code who have no business coding. And - if this site is to be believed - the chaff tends to float the top as management, causing more WTFs.
Again, this isn't an argument for removing easy programming languages, but it is definitely a concern.
Admin
Here's a secret - it doesn't even matter what the prefixes are, as long as they're consistent with each other. Though I guess if you're tripped up by Hungarian, that concept may be too much..
captcha: abico, usage: abico-ld on this chilly night.
Admin
Admin