• (nodebb)

    despite the code doing the exact same thing

    Do you have some evidence, a citation or something, for the implied assertion that Application("UploadPODs").ToString.Trim does exactly the same thing as Server.MapPath(Application("UploadPODs"))?

    That said, the huge repetition of those two, rather than capturing the right value once depending on DEV/PROD, is a WTF on its own.

  • (nodebb)

    And of course the DEV/PROD switch should be done in configuration rather than in code, naturally.

  • LZ79LRU (unregistered)

    Switch? Anyone? It's not just a game console you know.

  • Just another Embedded Designer (unregistered)

    Why so many examples like the hell hole of NEW code I am being given and having to rewrite SANELY

  • (nodebb)

    Nobody has told this dev that that's not they way to check for an image format. You actually have to parse the header, or let something do it for you, like ImageSharp's Image.IdentifyAsync.

  • WTFGuy (unregistered)

    As to the last ...

    Depending on where & how the PODClaim files originate, assuming the extension correctly matches the content may be a completely reliable and therefore reasonable thing to do in this case. Note also that PDF is one of the possibilities and I'll bet Image.IdentyAsync() isn't expecting that one. OTOH, if these files are uploaded by the end users and this page displays them back to the end user, then this becomes an example of GIGO; the user only fooled themselves by fooling the server.

    I like that the FILE_NOT_FOUND case simply returns an empty response page. No error message , no exception logging, no canned "We're sorry" image of an overgrown shrugging emoji; just pure crystalline silence. At it doesn't crash the response with a NullReferenceException.

  • (nodebb)

    As a bonus, .NET includes a class for translating between mime types and file extensions.

    https://learn.microsoft.com/en-us/dotnet/api/system.web.mimemapping?redirectedfrom=MSDN&view=netframework-4.8.1

  • dpm (unregistered) in reply to LZ79LRU

    I will be fascinated to learn how to switch on file existence.

  • Álvaro González (github)

    If only there was a way to read a directory...

  • Jay (unregistered)

    Why couldn't they just get the full file path and parse it with system.io?

  • Jay (unregistered)

    Nevermind. The source obscures that part of the file name.

  • efahl (unregistered)
    Comment held for moderation.
  • (nodebb)

    the solution an old workplace of mine had: store a text file on the server in a known location that contains the word "DEV", "TEST", or "PROD" so your code can check that file every time it needs to know what behavior it should use.

    Hey, if it works for Adobe … see solution 4: https://helpx.adobe.com/indesign/kb/pdf-export-background-task-hangs.html

  • WTFGuy (unregistered)

    Backing up a level from just the source code there's a real WTF. This code is an ASP.Net web page. We see that there is a file directory differing between dev & prod, set by some configuration entries. But within either dev or prod there is just one folder on the server(s). None of these files have any sort of collision-avoiding name. They are all just simple "PODClaim.xxx"

    So despite the web server servicing hundreds or thousands of simultaneous users, there is exactly one "PodClaim" file to serve. Why not just configure the full path+name in the config store?

    Or are we really seeing the tip of a much scarier iceberg where this code works fine as long as there's only one user on the website uploading their PODClaim??

  • (nodebb)

    What amazes me with these WTF entries is that if someone had asked me to write bad code, I'd have actually never thought of writing that.

  • Radiant IT Services PVT LTD (unregistered)
    Comment held for moderation.
  • Radiant IT Services PVT LTD (unregistered)
    Comment held for moderation.
  • Saya Elevator (unregistered)
    Comment held for moderation.
  • (nodebb)

    Back when our network config was "test looks exactly the same as prod including machine names" (test being on a completely separate network), our scripts also had to check for a file in the home directory named "tst-$SERVER" if they needed to know whether they were running in the test environment. These days a check on the machine name suffices.

  • (nodebb) in reply to Scarlet_Manuka

    OK, but surely the only reason you'd want to know if you're on test instead of prod is so you can stick up a big banner to warn people that they are on this one or that one... (naïve, I know, but ...)

  • (nodebb) in reply to WTFGuy

    Depending on where & how the PODClaim files originate, assuming the extension correctly matches the content may be a completely reliable and therefore reasonable thing to do in this case.

    It's a web application and the images are not preprocessed, so yeah, it's pretty save to assume that those files are supplied by the user. Otherwise the whole code would be another level of wtfiness :-)

    Note also that PDF is one of the possibilities (..)

    Yeah, I ignored that on purpose; again, this is again another level of not understanding the S in solid; and because UploadPOD is not following basic clean code naming suggestions, it's even harder to make any sense of it. Could stand for Picture Of Day and then you have PDFs? Not to mention providing uncompressed images formats like BMPs and TIFFs for a web request is also questionable.

    (..) end users (..)

    Are not experts, otherwise we wouldn't need devs. I have seen a ton of nonsense for say less technically informed users, specially under Windows where extensions are hidden for whatever reason. So you end up with "MyPicture.jpg.doc" and other nonsense and it is actually a quiet common issue. So it's always 100% mandatory to validate user input and that includes obviously files as well. And you need to do it anyway, because then you can persist the file format in the database and you don't need any hacks like that on the web request side at all. Because generally reads are way more common than writes, so you always design you system (especially web based) around haven the most efficient read throughput.

  • Abdul. (unregistered)
    Comment held for moderation.
  • (nodebb)
    Comment held for moderation.
  • (nodebb)
    Comment held for moderation.
  • many manuals (unregistered)
    Comment held for moderation.

Leave a comment on “Switching File Types”

Log In or post as a guest

Replying to comment #:

« Return to Article