CodeSOD: The Rule of Ten

by
Remy Porter
from The Daily WTF on (#22DGC)

Florian's office has a "rule of ten". Well, they don't, but one of Florian's co-workers seems to think so. This co-worker has lots of thoughts. For example, they wrote this block, which is supposed to replace certain characters with some other characters.

sbyte sbCount = 0;// set value of new field content to old valuesNewFieldContent = sFieldContent;while (rFieldIdentifierRegex.Match(sNewFieldContent).Success) { // for security reasons if (++sbCount > 10) break; // get identifier and name string sActFieldSymbol = rFieldIdentifierRegex.Match(sNewFieldContent).Groups[1].Value; string sActFieldName = rFieldIdentifierRegex.Match(sNewFieldContent).Groups[2].Value; string sActFieldIdentifier = sActFieldSymbol + sActFieldName; // default value for unknown fields is an empty string string sValue = ""; [... calculate actual replacement value ...] // replace value for placeholder in new field content sNewFieldContent = sNewFieldContent.Replace(sActFieldIdentifier, sValue);}

As Florian puts it:

Having more matches than 10 inside one line is obviously a security risk (it isn't) and must be prohibited (it mustn't) because that would cause erroneous behavior in the application (it doesn't).

otter-icon.png [Advertisement] Infrastructure as Code built from the start with first-class Windows functionality and an intuitive, visual user interface. Download Otter today! TheDailyWtf?d=yIl2AUoC8zAImFal01dYAY
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments