Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
oh cmon at least make $fields an array of strings, and make $where not having to contain the actual "WHERE" word!
-
@aadilp Sadly no...
it was done by a webdev company consisting of some 15+ "devs". It's their own CMS (or "Content Management Framework" as they call it).
Check the "cmsofdoom" tag to find more such gems...
The short backstory is: I took over all code of my employers websites from said webdev company as they "didn't want to support it anymore".
Imagine writing your own CMS and it's such a garbage that you tell your customers you won't support it any longer... very telling.
I've already fixed some MAJOR gaping security holes since these last 10 months, but the gift keeps on giving...
My employer has probably paid this company some $600k in the 7 years they "worked" on this clusterfuck of doom...
I'm currently maintaining it solo until it gets shut off in a few months. The after party will be huge! -
aadilp12842y@PonySlaystation cute when people try to write their own frameworks because they're too lazy to learn how Symfony/Laravel/anything works
-
@aadilp hahaha absolutely!
I think they laid the early foundation of their CMS in 2002 (judging by som code comment dates), but it's absolutely crazy how they never had a single thought about using a solid, well maintained opensource framework later on. -
aadilp12842y@PonySlaystation I'm assuming they only made the junior devs work on it who didn't know any better. Happened to me when I was starting out. They made me work on a codebase that had a controller with 8000 lines of code. With no seniors to guide me, I added 4000 of my own. Don't ask what happened next.
-
@aadilp They are only juniors... (at best)
Some seem to be in the company for 8+ years but I'm pretty sure they're still juniors.
We've all made such mistakes early on, but somehow they never had a single thought about refactoring the core of said CMS... they must be perpetual juniors (even the boss who wrote the core in 2002).
The core seems to be still the same, only with additions, no refactoring lol -
aadilp12842y@PonySlaystation map the business logic in a miro board and burn the whole thing down. Only a fresh start can save this codebase
-
@Lensflare Our daily business runs on these websites, mostly clients who fill out data and upload stuff. About every 1-2 months there are some minor changes to be implemented depending on changes in laws or other factors.
The craziest thing is that a load of money indirectly flows through these websites, but it's a complete clusterfuck of code... -
@aadilp if only it was that easy...
The new project is already in the final stages and runs on Azure Cloud, based on a microservice arch to allow for easier extension and better scaling. The thing is beautiful 😊 -
I'm kind of over the fact that there are devs who are capable of committing the code in your cmsofdoom series. What I'm more worried is how they got so far with the project without the client cancelling it. I think there must be a limit after which the client is responsible for keeping it going.
-
While it is a bad practice, it is not necessarily a security hole, since $fields and $where probably come from internal operations and don't come from any user input (the user has no access to modify them at all).
-
@electrineer Great point... I think some clients, in this case my employer, didn't know any better and I think they didn't have a webdev partner before these imbeciles.
-
wtf, I haven't done PHP in a long time, but even if the unsafe string passing to the db query is a noob mistake, why on Earth would he loop through the result to push it back in another array!? What is the point of this?
-
@100110111 and why iterating through the array to modify nothing? lmao that just rocked my head 😂
-
hjk10156962yPlease tell me this is not used with user input (both directly and indirectly).
Well it would be ideal if this function was not used at all. -
@hjk101 Thankfully in this instance, no user input can directly end up in the query...
But there are other gaping holes. 🙈 -
Ahhh.. I am totally focused on them concenating the query string directly; I missed that they perform a pointless loop under there; even though they can simply return the query result.
The loop makes no sense since it simply recreates the array, lol!
Related Rants
Yes, high quality code...
rant
phptsd
php
cmsofdoom