- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Almost. In PHP, defined() only looks for symbolic constants. ... would be closer.
Admin
I once found a cronjob running on a clients realtime production server "find . -mtime +7 -exec rm -f".
It was running on one of their samba share directories, and worked without incident for 2yrs - until we moved the directory and created a link to its new location. It then proceeded to delete the link every week.
Oh, did i say that command was in the ROOT users crontab?
Admin
Admin
Unless you have overridden the default PHP session handler, the garbage collection isn't run till the end of the request, and maybe won't even be run in this particular request (0.1% chance of running every request, or something like that).
Also, by default the session is stored in a file which is locked exclusively so that only one request per session may be active at any one time. Even if the filesystem doesn't support exclusive locking and there are two requests where one garbage collects the session right in the middle of the check...the session would still be in memory for the first process.
So, a race-condition would not occur in this case...but so many other things could go horribly horribly wrong.
Admin
In my opinion PHP is WTF...but if you can have a solution for only 5000 $, why not give it a try ? :) However you have to be prepared to have 50,000$ ready, just in case the 5000 $ solution fails :))
Admin
I find it incredible that you can sit there and happily correct the code! When you see a line like that, why the fuck bother with good coding practice? IT SAYS exec() damnit! The moment you see it you know it was never meant to be, I had the whole system out as fast as I could, and now the dept runs on Pen and Paper 1.0
I doesn't matter where the quotes are placed, or weather It need parens, its still going to nuke my damn webroot everytime somebody goes for a coffee.
FYI, I don't know why it wasn't all /tmp/ but I can tell you that it was a temp folder that it was trying to delete (Which were filled with badly converted Word docs)
Admin
Well this thing hacks itself... seems like it keeps finding out it's not hack-proof. :)
Also, I think they should include a function in PHP to delete a file... and they should call it... unlink()
If they really insist on keeping it the way it is, setting the files to read-only might suffice but alltogether this is a bit of dumb mistake.
Admin
The correct answer is, of course, it depends:
http://unixhelp.ed.ac.uk/CGI/man-cgi?rm
If a file is unwritable, the standard input is a tty, and the -f or
--force option is not given, rm prompts the user for whether to remove
the file.
So it depends on the file permissions, and whether or not you're running the rm command in an interactive shell, which the Web application is obviously not. So the terminate()or might happily blast everything even though you get a couple thousand prompts asking for your confirmation if you try to duplicate that behaviour in a terminal window.
Admin
You need at least a +5 Pedantry modifier to get apo'strophe's right.
Admin
You have at least two items with a pedantry modifier equiped. The effect of these modifiers is not cumulative.
Admin
you're joking right? please?
server side delete using rm based on time... to remove tmp files? on the server? omg. OMG OMG!!!
Admin
Don't try this at home :)
Remains me of a blog of an IRC chat I saw where one guy threatened another to hack him.
The other replied well go ahead my ip is 127.0.0.1, a few minutes later the hacker timed-out.
:)
Admin
No hispanic would pronounce hasta like esta. Hasta la vista means:
untill we see eachother.
In dutch you have a very common phrase: Tot ziens.
Tot ziens.
Admin
OMG WTF those Yanks again...
Admin
Tell me about it dude, there everywhere. Seems like they were trying to delete the internet.
Perhaps this code originated at google.cn who are just trying to help the communist dictatorship be more humane by censoring the internet.
Must be the delete all, add tianamensquarenothinghappened.htm --> publish entire web -->OK
Admin
What an amazing conversation
Admin
LOL
Admin
> The real WTF here is someone paid $5K and never reviewed the code they bought.
Oh I don't know.
Someone here decided to go ahead and purchase a task managment tool.
I looked at the database. They don't use any indexes or foreign keys. Still, the purchase is going through.
Admin
I like to spell peddantic with two 'd's... it is a silent challenge to other pedants to try and correct me ;)
Admin
I cannot believe you admitted that
__________________________________________
"To make your code faster you take out the slow parts."
Admin
LOL this actually happened to me. We hired a programmer to modify one of our applications. One day we experienced strange behavior on a sales person's computer -- all the shortcuts from his desktop started to disappear. You could see all the icons being deleted one after the other. We suspected that it might have been a virus. A day later it happened on the server computer too -- virtually everything disappeared from the hard disk. They reported that before this happened, they were running our product.
I spent 2 hours browsing his source code, when I noticed a suspicious function called "DeleteTemporaryFiles(const string directory)", a recursive delete-all function. Needless to say, he didn't check if the string that specified the directory was an empty string -- and of course it was, under certain cases. Under Windows, an empty path means the current directory, which is usually the desktop, but it could be worse. The application cleared at least the current user's dektop, but in many cases the entire hard disk!
I wrote an angry email to the programmer, who mentioned that he was wondering why his system slowed down tremendously during testing, but he didn't think too much about it. I walked over to his workstation and realized that most of his C:\Project directory was already gone...
Admin
PHP is one big WTF hack-job. The real 'bug' (feature) is returning a null value for undefined keys in a dictionary and coercing said nulls to an empty string.
Admin
Well, it certainly depends, but it only depends on what that rm's man page says if you're using that rm. Believe it or not, Richard Stallman didn't write everybody's. I have a positive menagerie of different machines at work whose rms (heh!) no doubt work in all kinds of excitingly different ways.
Pete
Admin
We had an application like that. It was launched by a Unix shell script terminated by this simple line:
rm -rf /$TEMP_DIR
Unfortunately, the variable TEMP_DIR was nowhere defined in the software, let alone the associated configuration files. The script had been written by a single guy and only tested on his account where TEMP_DIR was defined in his private shell configuration file. Of course the script had to be run as 'root' to function. First day the guy game a demo of his software, it worked fine until he closed the last window. Then the machine he was using for demonstration vanished from the surface of the Earth.