• Duke of New York (unregistered)

    1.7 percent, obviously

  • Registered (unregistered)

    No Magic Numbers? Check.
    Easy devaluation of rewards points? Check.
    No magic function symbols? Check.
    Well documented way of devaluating rewards points? Oops, missed that one. But it should be easy, once figured out.
    No runtime eval statements? Oops, missed that one.
    Overall intent comment? Oops, missed another one.

  • (nodebb)

    Oh, and depending on how that $points value gets set (of if php has a notion lilke perl taint mode):

    Remote code execution vulnerability? Check

  • (nodebb)

    Perhaps predecessor recently converted to PHP from COBOL?

  • Duke of New York (unregistered)

    My guess: points is a string, or possibly a string. The coder didn't know about automatic string-to-number conversion or heard that relying on it was bad. They also didn't know how to explicitly convert or believed that it was also bad, so they wrote this code that worked and committed it.

  • (nodebb) in reply to Bim Zively

    I know that COBOL has been described as a "bondage and discipline" language, but doing the calculation that way in COBOL would be equally WTF-level perverse.

  • Michael R (unregistered)
    Comment held for moderation.
  • Jeremy (unregistered)
    Comment held for moderation.
  • (nodebb)

    I feel somehow worried that the ';' at the end of the string passed to eval should be necessary. it just makes it seem more wrong (NB I don't know php or how the eval statement works, so it might be - it's just that - it makes it feel wronger).

  • Duston (unregistered)
    Comment held for moderation.
  • (nodebb) in reply to thosrtanner

    The argument to eval() is PHP statements to execute, not an expression (it's analogous to Python exec()). Notice that it begins with return. So the ; at the end is indeed required.

    The code works, it's just wrong in principle.

  • (nodebb)

    My first impression was that this is a coder who learned / saw somewhere how to use eval, and that's about the sum of their knowledge about PHP. A problem looks like a nail to their eval-hammer.

  • löchlein deluxe (unregistered)
    Comment held for moderation.
  • Nick (unregistered)
    Comment held for moderation.
  • Tinkle (unregistered)
    Comment held for moderation.
  • (nodebb)

    IANA a PHP coder.

    At least they avoided assembling the string for eval() using PHP's moral equivalent of C's sprintf() or C#'s String.Format(). That would have made this mess oh so much more deliciously crunchy.

Leave a comment on “Evaluating Perks”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article