Article 5X2YX CodeSOD: When You Can't Use WordPress

CodeSOD: When You Can't Use WordPress

by
Remy Porter
from The Daily WTF on (#5X2YX)

Initech had a lovely little Content Management System built by a third party that was good at "building" CMSes. That is to say, this company knew its way around a WordPress template.

When Initech needed a new public-facing website, they went straight back to that vendor. Now, this new website was a complicated statistical tool, with all sorts of complicated business rules and requiring a large amount of custom programming. So the vendor that just cranked out WordPress templates may not have been a good fit for the project, but that didn't stop anybody.

That's how Magnus M found code which looks like this:

$dataTotalArray[$md['adt_group_id']][$md['atss_id']]['adt_text'] = $md['adt_text'];if($md['type'] == "totalthisyear") { $dataTotalArray[$md['adt_group_id']][$md['atss_id']]['amount'] = $md['amount']; $dataTotalArray[$md['adt_group_id']][$md['atss_id']]['count'] = $md['count'];}

There are so many nested braces here I'd almost suspect this was a LISP dialect instead of PHP.

That's just ugly and incomprehensible, and it isn't the WTF. The real WTF is that someone had it in their head that "web code" meant anyone doing "view source" could see the code. This complete misunderstanding about what constitutes server-side code lead them to ensure that all their constants were obfuscated via an MD5 hash.

if($_GET['size_cat'] == '59e9effecfe048c8-b13a76da69cc12df') { $adt_old_type = 0;} else { $adt_old_type = 1;}// later in document - in the "presentation" partif ($_GET['size_cat'] == '59e9effecfe048c8-b13a76da69cc12df') { echo "ADT";} else { echo "ADT";}

Magnus writes:

In some cases even the arguments to their stored procedures requires the arguments MD5'ed. Makes for wonderful debugging.

buildmaster-icon.png [Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today! TheDailyWtf?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://syndication.thedailywtf.com/TheDailyWtf
Feed Title The Daily WTF
Feed Link http://thedailywtf.com/
Reply 0 comments