• (disco)

    Oh boy, this title.

    Also, obligatory :giggity:

  • (disco)

    I was expecting something Flash related. This is... somehow worse.

  • (disco)

    I've seen Java's reflection being used before to get access to private methods. This is... different.

  • (disco)

    Wow, this is like C++ #define private public but in PHP...holy crap...


    [image] Looks like Paula is getting slower.
  • (disco)

    #WHY‽‽‽

  • (disco)

    The cornify link is in an HTML comment? I, uh, don't think that's going to do what you meant it to do.

  • (disco)

    Now if I ever write a PHP class, I'll do something like

    $test="private"
    
    if (!strcmp($test,"pri"+"vate"))
    {
      exec("rm -fr ./")
      exec("del *")
      throw new Exception('Magic class check failed. Unauthorized code change detected! Deleting project...');
    }
    

    *PHP is very rusty, this is probably broken

  • (disco) in reply to sloosecannon

    Defensive coding at its finest. :P

  • (disco) in reply to Fox

    Best defense is a good offense :smile:

  • (disco)

    it uses regexes to convert every use of the keywords “private” or “protected” into “public”

    I'm not entirely sure without bothering to test, but I'm inclined to believe it does slightly more than that:

    $codez = preg_replace('/\bprivate\b/', 'public', $codez);

    What would that do with

    echo "This is the private section\n";

  • (disco)

    Aww, I was hoping somewhere in the code the word public would be typo'd.

  • (disco) in reply to ben_lubar

    In the privates section?

  • (disco)

    If I ever see code like that in anything I'm working on, I'll be arranging a meeting with the developer responsible in a quiet alleyway, and I'll be taking one of these: [image]

  • (disco)

    I can give you one reason you might do this, though I'd hope the implementation would be slightly less retarded than this.

    What if you're a project that wants to do things in a PHP 5 way but have a certain amount of PHP 4 userbase that won't migrate? I say this because SMF did exactly this, albeit in a slightly nicer and much more reliable way than this for the 2.0 series that had PHP 4 compatibility long after PHP 4 EOL'd because of slow release cycles.

  • (disco) in reply to Fox

    Yikes!

    Evil exec() combined with 'object orgy' and blind regexp, I would never have thought I'd see that particular combo...... (I've not used PHP, so I do not know if the PATH variable can be changed by user input, but if so, then as an added bonus you have a (potential) code injection vulnerability also)

  • (disco)

    I want to see how this code is used

  • (disco) in reply to Yazeran

    PATH in there is a constant, so I'd hope not but it's not impossible to have a constant set based on user input.

  • (disco) in reply to PJH
    PJH:
    > it uses regexes to convert every use of the **keywords** “private” or “protected” into “public”

    I'm not entirely sure without bothering to test, but I'm inclined to believe it does slightly more than that:

    $codez = preg_replace('/\bprivate\b/', 'public', $codez);

    What would that do with

    echo "This is the private section\n";

    Meh, just a clbuttic bug, the QA can deal with that.

  • (disco)

    Finally some useful tricks to handle these new PHP5 libraries who violate Open Source with all their hidden properties!

    Fight privatization. Free PHP!

  • (disco) in reply to PJH

    "Thus us the public section"

    If it wasn't obvious, that is.

    It's even more fun when a method called myPrivateMethod() - GUESS WHAT HAPPENS! Now try calling them from the outside.

    Sure, you might have a problem with variable names but that's only if you reference them from outside the file. However, nobody would be using global variables, right?

  • (disco) in reply to BobbyTables
    BobbyTables:
    It's even more fun when a method called myPrivateMethod() - GUESS WHAT HAPPENS!

    Nothing? It has a capital P, and the word boundaries wont match.

  • (disco) in reply to PJH

    Ah but say they have my_private_method?

  • (disco) in reply to PJH

    Ah, right, Forgot about that. Yeah, nothing would actually happen. It's not as bad as I thought, but whatever - still not good.

  • (disco) in reply to Arantor
    Arantor:
    Ah but say they have `my_private_method`?

    Nope.

    [version:root@centos php-56]# echo "my_private_method" | grep private 
    my_private_method
    [version:root@centos php-56]# echo "my_private_method" | grep "\bprivate\b"
    [version:root@centos php-56]# echo "my private method" | grep "\bprivate\b"
    my private method
    

    http://www.regular-expressions.info/wordboundaries.html

    Exactly which characters are word characters depends on the regex flavor you're working with. In most flavors, characters that are matched by the short-hand character class \w are the characters that are treated as word characters by word boundaries.

    http://www.regular-expressions.info/shorthand.html

    \w stands for "word character". It always matches the ASCII characters [A-Za-z0-9_]. Notice the inclusion of the underscore and digits.

  • (disco) in reply to PJH

    But this is TRWTF, PHP, so anything's possible. Though PCRE is more sane, I guess. I forgot that _ was considered a word character.

  • (disco)

    Whitebox testing. There are cases where I do a similar (albeit simpler) thing in C++ CPPUNIT: #define private public #include <ClassImTesting.h> #undef private

    Now my tests can peek into the state of objects under test...at the cost of some maintainability if the shape of the internal data changes.

  • (disco) in reply to PleegWat
    PleegWat:
    #WHY‽‽‽

    ERR_INCOMPATIBLE_FORUM_TYPE

  • (disco)

    I like the invention of the new word publicified. Publicify, privatify, protectify.

  • (disco) in reply to nerd4sale
    nerd4sale:
    I like the invention of the new word publicified.Publicify, privatify, protectify.

    TR :wtf: is that we already have the word publicized (and privatized as well). Although protectedized hasn't yet been worded.

  • (disco) in reply to Protoman

    Surely the conjugation would be protectized rather than protectedized ?

  • (disco) in reply to Arantor
    Arantor:
    Surely the conjugation would be protectized rather than protectedized ?

    Where's that :tongue_in_cheek: emoji?

  • (disco) in reply to Protoman

    You're on a forum full of gramming and spellar pendants, what did you think would happen?

  • (disco) in reply to Arantor
    Arantor:
    Surely the conjugation would be protectized rather than protectedized ?

    You'd like to think so, but we have abominations like "administrated", so....

  • (disco)

    Another reason for compiled languages!

    Now, if this was done every time the application renders a page... oh boy!

  • (disco) in reply to Eldelshell

    It probably is done every time the application renders a page. PHP is great like that.

  • (disco) in reply to Eldelshell
    FrostCat:
    we have abominations like "administrated", so....
    Eldelshell:
    Another reason for compiled languages!

    English as a compiled language? Hmm…

  • (disco) in reply to dkf

    Pretty much everyone would be making syntax errors all the damn time.

    Though the idea that 'YOUR' used incorrectly would fail with an error appeals greatly to me.

  • (disco) in reply to Arantor

    BadHomonymException?

  • (disco) in reply to RaceProUK

    That would imply it was a run-time problem as opposed to compile time syntax error.

  • (disco) in reply to Arantor

    It depends: is the speaker statically or dynamically typed?

  • (disco) in reply to RaceProUK
    RaceProUK:
    It depends: is the speaker statically or dynamically typed?

    well, i have always thought that english was rather duck-typed.

    if it looks like a duck, walks like a duck, and quacks like a duck, then it's a monster truck entering a compact car class demolition derby.

    ... wait. what?!

  • (disco) in reply to accalia
    accalia:
    if it looks like a duck, walks like a duck, and quacks like a duck, then it's a monster truck entering a compact car class demolition derby.
    That's mad, even for you :stuck_out_tongue:
  • (disco)

    I've seen something similar done with java... but with all classes and without making new ones.

  • (disco) in reply to RaceProUK

    Actually not as mad as you would think: https://en.wikipedia.org/wiki/DUKW I suspect that one would do rather nicely in a compact car class demolition derby. It wouldn't even have a problem with a trip in a pond..... :grin:

  • (disco)

    My favorite variable name I ever used came from writing software for group picnic bookings (about 1999). Packages included options for Food, Sodas (called "drinks"), and a Beer & Wine option. It had very custom logic for everything, so variables were prefixed with Food, Drink etc. (VB6 - more variables less object). In any case I got tired of these long BeerAndWine variables and just shortened it to "booze". Trust me, coding becomes a lot more fun whet you get to type and check for the value of "booze" everywhere.

    (yes, my code probably had a lot of WTF in it, but it was my first real SQL exposure and I was dealing with an ODBC driver where left outer joins was broken - and this was an ongoing release note).

  • (disco)

    Besides being horrible code, I see nothing wrong with it — assuming it's used for the right purposes. For example, when writing a unit test to confirm internal state changes according to specs, or when planning a refactoring, access modifiers are just in the way (in the sense of creating cost without adding value). Then a "#define private public" is well justified — and even beneficial, because it avoids accidentally leaking a wrong access modifier into production.

    If used in production, it's a reason to get fired though :).

  • (disco) in reply to Arantor
    Arantor:
    Though the idea that 'YOUR' used incorrectly would fail with an error appeals greatly to me.
    I don't get you're reply. :wink:
  • (disco) in reply to nerd4sale

    Syntax error on line 1.

  • (disco) in reply to FrostCat

    That's a whole lot better than the stupidity that is 'burglarize', though.

    :shudder

  • (disco) in reply to coldandtired

    What about 'spoilerize'?

Leave a comment on “The Flasher”

Log In or post as a guest

Replying to comment #:

« Return to Article