Forums
Code Snippet Of the Day (CodeSOD) features interesting and usually incorrect code snippets taken from actual production code in a commercial and/or open source software projects.
Andreas C stumbled upon what might possibly be the most secure code ever written. At least, according to its original author.
Following is the contents of just one of many similarly coded PHP pages...
"I recently started a new job," writes D.Z., "and one of my tasks is to maintain a $DEITY-forsaken piece of software, written originally in VB.NET, then mutated and mutilated into C#."
"Generally speaking, I don't mind working on badly designed and poorly written applications. In fact, I've found it to be a fun challenge to dive head-first into spaghetti code and straighten it out as best as I can. It's like being an archeologist who tries to extract knowledge from a bunch of incoherent paintings on a cave wall... just without the adventures and, of course, the fedoras.
When it comes to SQL injection detection, we at The Daily WTF could be doing better. It's not that I don't trust Alex's modifications to our CMS system to be injection-proof, I'm just saying that I'd prefer that you people didn't post comments like "') DELETE FROM Articles --". Or, if you must, at least "') DELETE FROM Articles WHERE Author_Name <> 'Jake Vinson' --".
But I'm getting ahead of myself. The point here is that we should've employed a strategy that B. V. tipped us off to so we could learn when "Some one [was] trying to Hack the Site."
Ben Siemon was pleasantly surprised to find comments in some code he came across...
"Some years ago I was looking for a job and did a lot of online résumé form filling," Gustavo S. writes.
"One of those many sites had a form that took about a second to uppercase my name when I hit Tab, before putting the focus on the next field.
"While exploring a rather large PHP codebase at my new job," Anthony C writes, "I kept coming across a rather curious pattern from the previous developers:
Apr 08
src="content.php?NoCache=<?php $random = make_random_code(); echo("$random"); ?>"
"Not too long ago," Jess writes, "I adopted an application that needed 'a rather minor change' to its functionality. Naturally, when I started, the project owner had no idea what file or directory the functionality was in, so he gave me access to the server and sent me off. After wading through a number of oddly named directories trying to find where the site was even located, I finally found the index file I had hoped would set me in the right direction."
"Of course, it didn't. After twenty minutes of jumping from page to page to page, I realized that I'd simply have to grep the entire application: a gig or so of content with tens of thousands of files within hundreds of directories. After nothing turned up, I quickly realized that most of the files had completely meaningless extensions: .html files had lots of PHP, .php4 files had PHP5, and .php files rarely had any PHP.