|
Wheany posted:$get = sqlInjectionProtect($_GET); Pack it up, go home folks, this is the ultimate horror.
|
#
?
Nov 9, 2010 21:25
|
|
|
|
| # ? Apr 27, 2024 12:23 |
|
|
king_kilr posted:Pack it up, go home folks, this is the ultimate horror. Yeah, seriously, camel-case functions? *shudder*
|
|
#
?
Nov 9, 2010 21:46
|
|
|
Wheany posted:$get = sqlInjectionProtect($_GET); Might not be a horror (except for the fact that they're probably not used parameterized queries) - I assume the function does something like "Check if gpc_magic_quotes is enabled, if not, do manual escape of all variables."
|
|
#
?
Nov 9, 2010 21:55
|
|
|
ymgve posted:Might not be a horror (except for the fact that they're probably not used parameterized queries) - I assume the function does something like "Check if gpc_magic_quotes is enabled, if not, do manual escape of all variables." Something like that, yeah. Then on the next row after calling that function: $thing = getAThingById($get["id"]);
|
|
#
?
Nov 9, 2010 22:14
|
|
|
Haskell's Text.Printf.printf manages to implement a variadic function in a strongly typed language without native variadic support. It also determines whether it's being called in the IO monad or not, and either returns an IO () (an 'action' that when executed, will do something IO-y and not return any useful value), or a String. It does all this through horrible typeclass (think instances) fuckery.
|
|
#
?
Nov 9, 2010 22:35
|
|
|
pokeyman posted:I think this ties for best in thread with Duff's Enigma. I still think the string manipulation function I found at work is worse than Duff's, which is at least somewhat understandable. edit: took me a while to find it code:
Munkeymon fucked around with this message at 00:14 on Nov 10, 2010 |
|
#
?
Nov 9, 2010 23:37
|
|
|
code:Everything he did had a strange logic behind it, but due to his complete lack of commenting anything, this logic is often near impossible to figure out.
|
|
#
?
Nov 10, 2010 00:12
|
|
|
bobthecheese posted:
This line itself is horror gold.
|
|
#
?
Nov 10, 2010 00:23
|
|
|
Argue posted:Is this something that worked at some point in the past? Say, back in the day there was only one worker thread, and the socket pool was actually a queue, and then one day they decided to add more worker threads without paying attention to how sockets were matched up with requests? Or has it been broken since day one?
|
|
#
?
Nov 10, 2010 01:13
|
|
|
I wasn't around on day 1 and I'm pretty glad for that, but my guess is that since the text in the response doesn't have any identifying data, nobody noticed the flaw since they only test the cases where the operation was successful. That and the fact that they never tried doing more than one request at a time before we came in. I think I mentioned this before, but they don't have unit tests, and their devs are not in the habit of committing code. Sometimes, they will make single giant commits to add a feature, not finding or fixing anything they break, and one guy doesn't even commit at all--he just deploys to production himself. Since we're just contractors we can't really do anything about this; we tried teaching them how to at least write automated tests so that they don't have to wait for a team of humans to find bugs after several hours of manual testing. There are layers of management approval to go to before they start doing that though so I really doubt they ever will. I'm just glad that next week is our last at this nightmare.
|
|
#
?
Nov 10, 2010 03:13
|
|
|
Ugg boots posted:This line itself is horror gold. Eh, that's really garden-variety for PHP. Though I think validators don't like name attributes on <form>s anymore.
|
|
#
?
Nov 10, 2010 03:34
|
|
|
ymgve posted:Might not be a horror (except for the fact that they're probably not used parameterized queries) - I assume the function does something like "Check if gpc_magic_quotes is enabled, if not, do manual escape of all variables." Uhh, escaping on insertion is definitely a horror. You don't escape input data. Ever.
|
|
#
?
Nov 10, 2010 06:44
|
|
|
king_kilr posted:Uhh, escaping on insertion is definitely a horror. You don't escape input data. Ever. Sometimes you don't have a choice. I had to work on a RedHat Enterprise Linux box for a long time. Here's the thing about RedHat: they gently caress with standard libraries however they want so they're pretty much incompatible with anything outside of RedHat land. In this case, they had their own version of PHP 4.1 in which they EXPLICITLY DISABLED THE MYSQLI FUNCTIONS at compile time. I tried recompiling my own version of PHP but something else would randomly break on the system when I did so. So I couldn't do bound parameter statements and had to be stuck escaping SQL statements. Goddamn I'm so glad to not have to deal with that ever again.
|
|
#
?
Nov 10, 2010 19:58
|
|
|
Munkeymon posted:I still think the string manipulation function I found at work is worse than Duff's, which is at least somewhat understandable. Wow, that's impressive. Here's some zingers from an app I just got told I have to "fix": code:code:
|
|
#
?
Nov 10, 2010 20:26
|
|
|
NotShadowStar posted:Sometimes you don't have a choice. I had to work on a RedHat Enterprise Linux box for a long time. Here's the thing about RedHat: they gently caress with standard libraries however they want so they're pretty much incompatible with anything outside of RedHat land. In this case, they had their own version of PHP 4.1 in which they EXPLICITLY DISABLED THE MYSQLI FUNCTIONS at compile time. I tried recompiling my own version of PHP but something else would randomly break on the system when I did so. So I couldn't do bound parameter statements and had to be stuck escaping SQL statements. Oh my god, it's like a meta-horror.
|
|
#
?
Nov 10, 2010 22:51
|
|
|
Lumpy posted:
Woah, why have I never thought of the !! operator before? Since it doesn't do anything you can pepper it around your code to indicate the important bits!
|
|
#
?
Nov 11, 2010 12:22
|
|
|
seiken posted:Woah, why have I never thought of the !! operator before? Since it doesn't do anything you can pepper it around your code to indicate the important bits! Why stop at !! when you can prefix the really important bits with !!!!!!!!!!!!
|
|
#
?
Nov 11, 2010 14:35
|
|
|
seiken posted:Woah, why have I never thought of the !! operator before? Since it doesn't do anything you can pepper it around your code to indicate the important bits! I guess !! is equivalent to a boolean cast? Like, if the input was appState.length, which is an integer from 0 upwards, !!appState.length will be FALSE if appState.length was 0 and TRUE if appState.length was greater than 0. I've seen code where !!! was used to call special attention to negation operations.
|
|
#
?
Nov 11, 2010 14:41
|
|
|
Oh man I just had a great idea! Instead of using confusing syntax like /**/ and // to add my comments, I could just create a class for commenting:code:code:
|
|
#
?
Nov 11, 2010 14:52
|
|
|
Internet Janitor posted:Oh man I just had a great idea! Instead of using confusing syntax like /**/ and // to add my comments, I could just create a class for commenting:
|
|
#
?
Nov 11, 2010 15:42
|
|
|
qntm posted:I guess !! is equivalent to a boolean cast? Like, if the input was appState.length, which is an integer from 0 upwards, !!appState.length will be FALSE if appState.length was 0 and TRUE if appState.length was greater than 0. Yeah, of course, I was just thinking about with boolean expressions I guess
|
|
#
?
Nov 11, 2010 16:18
|
|
|
_aaron posted:No god drat way. This is awesome because it makes debugging so much easier. If you're in a debug build, have it print comments to the debug console so you know what's going on, in English!
|
|
#
?
Nov 11, 2010 17:26
|
|
|
Internet Janitor posted:Oh man I just had a great idea! Instead of using confusing syntax like /**/ and // to add my comments, I could just create a class for commenting: I really hope you are being serious here and did not find this in someone's code.
|
|
#
?
Nov 11, 2010 17:46
|
|
|
seiken posted:Woah, why have I never thought of the !! operator before? Since it doesn't do anything you can pepper it around your code to indicate the important bits! With operator overloading, all bets are off. Unary ! could reformat your hard drive.
|
|
#
?
Nov 11, 2010 19:07
|
|
|
GrumpyDoctor posted:With operator overloading, all bets are off. Unary ! could reformat your hard drive. So two of them should bring your hard drive right back.
|
|
#
?
Nov 11, 2010 20:53
|
|
|
pokeyman posted:So two of them should bring your hard drive right back. Good point! Better stick another couple in just to be safe.
|
|
#
?
Nov 11, 2010 21:14
|
|
|
Suddenly I want a '¡' operator:code:
|
|
#
?
Nov 11, 2010 22:13
|
|
|
BigRedDot posted:Suddenly I want a '¡' operator: Aw, I thought scala allowed ¡ as an operator but apparently not.
|
|
#
?
Nov 11, 2010 22:21
|
|
|
^ Weird, it supports ! and everything in unicode I've thrown at it.
|
|
#
?
Nov 11, 2010 23:25
|
|
|
BigRedDot posted:Suddenly I want a '¡' operator: You can't define operators in Ruby... well, official Ruby, Rubinius is turtles all the way down so you can do whatever the gently caress you want. But 1.9 is complete Unicode so you can start going to crazytown that will make Windows users hate you even more. code:
|
|
#
?
Nov 12, 2010 05:34
|
|
|
Only in code tags though. I don't know if thats funny or not.pre:def ¡(n)
return !!n
end
puts ¡"farts".reverse!
Array.class_eval do
alias :∀ :each
def Σ
return self.reduce(0) {|k, i| k + i}
end
def ∋(obj)
return !!self.find {|n| n == obj }
end
end
π = Math::PI
def √(n)
return Math.sqrt(n)
end
def ∀(obj)
obj.each {|e| yield e}
end
arr = [1, 2, 3]
∀(arr) {|n| puts n } #=> 1 2 3
arr.∋ 2 #=> true
arr.push π
arr.∋ π #=> true
arr.Σ #=>9.141592653589793
√ π #=>1.7724538509055159
|
|
#
?
Nov 12, 2010 06:25
|
|
|
Looks like that Fortran replacement that Sun was working on and didn't go anywhere. Or APL, for that matter.
|
|
#
?
Nov 12, 2010 06:29
|
|
|
I'd like to see you program the game of life more tersely!
|
|
#
?
Nov 12, 2010 06:37
|
|
|
tripwire posted:I'd like to see you program the game of life more tersely! That program probably legitimately usesd the "domino" character, but I couldn't help but laugh when an APL listing seemed to contain undisplayable characters, even in a screenshot.
|
|
#
?
Nov 12, 2010 15:25
|
|
|
pseudorandom name posted:Looks like that Fortran replacement that Sun was working on and didn't go anywhere. Fortress is/was pretty cool. I'm sad that Oracle will probably vaporize it. Guy Steele had a bunch of cool slides on it, where its parallelism could be tweaked to match the execution environment. I don't know if it was programmatically or manually, but it seemed like a good step forward. Get rid of accumulators, get rid of cons'es, program intent and not implementation, `for` loops are bad, etc. Also, lots of people used APL, but many more now use K or J which are derivatives of APL without the bullshit escape sequences. Their propensity to look like line noise goes way beyond Perl, but they are extremely powerful languages if you are working with arrays.
|
|
#
?
Nov 12, 2010 15:45
|
|
|
pseudorandom name posted:Looks like that Fortran replacement that Sun was working on and didn't go anywhere. I read one of their articles about it and the part about development methodology was pretty funny. "We sat Fortran programmers down and had them design a language. Turns out - and this is just shocking - they pretty much came up with Fortran!"
|
|
#
?
Nov 12, 2010 15:57
|
|
|
Munkeymon posted:I read one of their articles about it and the part about development methodology was pretty funny. "We sat Fortran programmers down and had them design a language. Turns out - and this is just shocking - they pretty much came up with Fortran!" This is clearly evidence that Fortran is the best programming language.
|
|
#
?
Nov 12, 2010 20:42
|
|
|
Monkeyseesaw posted:We need a language where the only data type is a string and when you do non-string operations like arithmetic it converts it to some internal representation, does the bit shuffling, and returns the result as a string. All functions are simply extending the string type. SNOBOL was pretty much literally this. It's right there in the name, 'String Oriented Symbolic Language'.
|
|
#
?
Nov 12, 2010 21:14
|
|
|
Monkeyseesaw posted:We need a language where the only data type is a string and when you do non-string operations like arithmetic it converts it to some internal representation, does the bit shuffling, and returns the result as a string. All functions are simply extending the string type. Extend INTERCAL to support Unicode 
|
|
#
?
Nov 13, 2010 07:40
|
|
|
|
| # ? Apr 27, 2024 12:23 |
|
|
code:
|
|
#
?
Nov 13, 2010 23:38
|
|
