CodeSOD: This Is Really Empty

by
Remy Porter
from The Daily WTF on (#70YXP)

Konrad was trying to understand how an input form worked, and found this validation function.

function IsReallyEmpty($subject){ $trimmed = trim(preg_replace("/&.*;/", "", $subject)); return strlen($trimmed) != 0;}

Now, I can understand why one might want to have a different definition of "empty" when it comes to strings. An all whitespace string, like " " may rightfully be considered an empty input for many applications.

So calling trim makes a lot of sense. It's the preg_replace that starts to worry me, because that regex is clearly trying to match an HTML entity, aka  . But it matches all HTML entities, not just ones like   which are whitespace characters, but ampersands and greater/less-than signs.

But there's another problem with the regex. The * operator is greedy. So  Hello World  would see the opening &, the closing ; and decide the entire string could be rejected.

But that's not the real WTF. The real WTF is the very last line. In a function called IsReallyEmpty, it returns true if the input string is not empty, thus stretching the definition of "really" to new levels.

"Is this string really empty?" "No, it is."

buildmaster-icon.png [Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments