- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Do you have some evidence, a citation or something, for the implied assertion that
Application("UploadPODs").ToString.Trimdoes exactly the same thing asServer.MapPath(Application("UploadPODs"))?That said, the huge repetition of those two, rather than capturing the right value once depending on DEV/PROD, is a WTF on its own.
Admin
And of course the DEV/PROD switch should be done in configuration rather than in code, naturally.
Admin
Switch? Anyone? It's not just a game console you know.
Admin
Why so many examples like the hell hole of NEW code I am being given and having to rewrite SANELY
Admin
Nobody has told this dev that that's not they way to check for an image format. You actually have to parse the header, or let something do it for you, like ImageSharp's Image.IdentifyAsync.
Admin
As to the last ...
Depending on where & how the
PODClaimfiles originate, assuming the extension correctly matches the content may be a completely reliable and therefore reasonable thing to do in this case. Note also that PDF is one of the possibilities and I'll betImage.IdentyAsync()isn't expecting that one. OTOH, if these files are uploaded by the end users and this page displays them back to the end user, then this becomes an example of GIGO; the user only fooled themselves by fooling the server.I like that the FILE_NOT_FOUND case simply returns an empty response page. No error message , no exception logging, no canned "We're sorry" image of an overgrown shrugging emoji; just pure crystalline silence. At it doesn't crash the response with a
NullReferenceException.Admin
As a bonus, .NET includes a class for translating between mime types and file extensions.
https://learn.microsoft.com/en-us/dotnet/api/system.web.mimemapping?redirectedfrom=MSDN&view=netframework-4.8.1
Admin
I will be fascinated to learn how to switch on file existence.
Admin
If only there was a way to read a directory...
Admin
Why couldn't they just get the full file path and parse it with system.io?
Admin
Nevermind. The source obscures that part of the file name.
Admin
Hey, if it works for Adobe … see solution 4: https://helpx.adobe.com/indesign/kb/pdf-export-background-task-hangs.html
Admin
Backing up a level from just the source code there's a real WTF. This code is an ASP.Net web page. We see that there is a file directory differing between dev & prod, set by some configuration entries. But within either dev or prod there is just one folder on the server(s). None of these files have any sort of collision-avoiding name. They are all just simple "PODClaim.xxx"
So despite the web server servicing hundreds or thousands of simultaneous users, there is exactly one "PodClaim" file to serve. Why not just configure the full path+name in the config store?
Or are we really seeing the tip of a much scarier iceberg where this code works fine as long as there's only one user on the website uploading their PODClaim??
Admin
What amazes me with these WTF entries is that if someone had asked me to write bad code, I'd have actually never thought of writing that.
Admin
Back when our network config was "test looks exactly the same as prod including machine names" (test being on a completely separate network), our scripts also had to check for a file in the home directory named "tst-$SERVER" if they needed to know whether they were running in the test environment. These days a check on the machine name suffices.
Admin
OK, but surely the only reason you'd want to know if you're on test instead of prod is so you can stick up a big banner to warn people that they are on this one or that one... (naïve, I know, but ...)
Admin
It's a web application and the images are not preprocessed, so yeah, it's pretty save to assume that those files are supplied by the user. Otherwise the whole code would be another level of wtfiness :-)
Yeah, I ignored that on purpose; again, this is again another level of not understanding the S in solid; and because UploadPOD is not following basic clean code naming suggestions, it's even harder to make any sense of it. Could stand for Picture Of Day and then you have PDFs? Not to mention providing uncompressed images formats like BMPs and TIFFs for a web request is also questionable.
Are not experts, otherwise we wouldn't need devs. I have seen a ton of nonsense for say less technically informed users, specially under Windows where extensions are hidden for whatever reason. So you end up with "MyPicture.jpg.doc" and other nonsense and it is actually a quiet common issue. So it's always 100% mandatory to validate user input and that includes obviously files as well. And you need to do it anyway, because then you can persist the file format in the database and you don't need any hacks like that on the web request side at all. Because generally reads are way more common than writes, so you always design you system (especially web based) around haven the most efficient read throughput.
Admin
thanks for info
Admin
this is insane
Addendum 2024-05-27 00:31: Working with files is generally quite a difficult task requiring good skills. I am lucky enough to have a reliable file converter https://pdfflex.com/dwg-to-pdf , so I can handle such tasks without any problems. I hope that this will be useful for you too and you will be able to understand this issue in detail. It has helped me a lot. Good luck.