- Feature Articles
- CodeSOD
-
Error'd
- Most Recent Articles
- Office Politics
- Secret Horror
- Not Impossible
- Monkeys
- Killing Time
- Hypersensitive
- Infallabella
- Doubled Daniel
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Im first not frist
Admin
eleventh!
Admin
Looks like the loop might have been copypasta from another appalling while loop that contains a user's attempts to log in. Because the users (or developers) are so terminally dozy, they allow not three, not five, but ten yummy opportunities to enter a valid username/password combination.
Admin
Having more than ten words in a comment is obviously
Admin
Oh...for security reasons...then it makes sense.
Admin
Looks like an attempt at preventing an infinite loop in the presence of pathological input, i.e. replacing "a" -> "aa". Which could be a security issue (depending on where the code lives and where the input comes from), in the sense that it protects against denial-of-service attacks.
Admin
Maybe it was written by a 10X Developer?
Admin
So, on the topic of Hungarian notation...
Admin
Boom!
Admin
It could be that the programmer was following a bloody stupid spec.
Admin
It could be a slightly kludgey way to avoid an infinite loop, using up all of RAM, then furiously thrashing all of the paging file, slowing the system to a slow hobbled limping crawl, if the replacing substitutes the original with the original plus a few more characters.
A slightly better way would be to stop when the output string reaches a certain length that it should never exceed, or checking that the replacement string does not have any part of the pattern in it beforehand. Yep, that's a lot better.
Admin
10 comments in and no one has complained about the Regex usage? Maybe it isn't TRWTF, but this code should absolutely use: https://msdn.microsoft.com/en-us/library/cft8645c(v=vs.110).aspx - rather than match the regex 4 times per replace.
Admin
As anyone knows, regex replacements can't handle more than 10 numbered groups ("\0" to "\9"). So this explains the number 10 ... no wait ... okay, obviously yes
And I think it's a good idea to replace field names with their to-be contents several times to make sure the replacement is really done.
Admin
Oh! So that's a 10X Developer!
(And here I thought it was something dirty...)
Admin
An 'Up to 10x'-developer, anyway
Admin
I was gonna write a witty comment, but there are already more than 10, so I can't, for security reasons. :(
Admin
Or not replace the output of previous replacements again:
% echo aaa | sed s/a/aa/g aaaaaa
Admin
Hungarian notation was good in one context - pre .Net versions of VB - and then only for the GUI elements. It made it much easier to read since the IDE wouldn't easily tell you and would scream at you if you left the line unfinished to go figure it out. Whoever came up with THAT time waster is beyond me.
Admin
Enterprise DDOS protection?
It's normal for searching to LIMIT N + 1, process N results and use the +1 to show that there are more. This doesn't really look like that though.
Admin
And the other thing, stupid solution for possibly stupid users running something to alter/change/corrupt/wipe billions of records.
Admin
This website S U C K S ! ! ! ! ! !!!!!!!
Admin
Blakeybrat! How we've missed your eloquent contributions to the discussion!
Admin
For job security reasons: Knowing how to fix the bug when it's eventually reported.
Admin
For more than 1570 security reasons, someone might want to stop visiting this site.
Admin
Wondering, if the loop has a chance to run. "break" stops the whole loop. And the next time this func is called, the counter is reset...
Admin
I don't see the WTF here. It's not very efficient to use regular expressions here, but it is easy to see what the code does, which is better than an O(N) algorithm another developed does not understand. Also, it seems reasonable to have some measure to avoid an infinite loop. Maybe the programmer is German? In German, the word "Sicherheit" can also mean safety, which seems to be a valid reason for the break. And if you translate "Sicherheit" to English, the first word that pops up is security. The code isn't particularly good for several reasons, but I would not qualify it as a WTF.
Admin
Sorry, please ignore the comment. I did not see the ">" correctly.. :(
Admin
I don't remember any eloquent contributions from him; I must have missed them, too.
Admin
I feel you could make a passable argument for Hungarian notation for Function/Method names if your IDE didn't automatically tell you what return value you'd get. For variable names, I don't really think that functions will end up being large enough that you'd need to confirm what type a variable was like that. (Function Arguments could fall into the same category as Function names.)
But in most modern IDEs, that tell you the typing of variables and functions with a mouseover, there's no reason for Hungarian.