30

Yes, high quality code...

Comments
  • 8
    I can’t…
  • 15
    Passing strings like this to the db....
  • 7
    PHP 📈
  • 7
    oh cmon at least make $fields an array of strings, and make $where not having to contain the actual "WHERE" word!
  • 2
  • 2
    Did you get someone from fiverr to write that
  • 7
    @aadilp Sadly no...
    it was done by a webdev company consisting of some 15+ "devs". It's their own CMS (or "Content Management Framework" as they call it).

    Check the "cmsofdoom" tag to find more such gems...

    The short backstory is: I took over all code of my employers websites from said webdev company as they "didn't want to support it anymore".
    Imagine writing your own CMS and it's such a garbage that you tell your customers you won't support it any longer... very telling.

    I've already fixed some MAJOR gaping security holes since these last 10 months, but the gift keeps on giving...

    My employer has probably paid this company some $600k in the 7 years they "worked" on this clusterfuck of doom...

    I'm currently maintaining it solo until it gets shut off in a few months. The after party will be huge!
  • 6
    @PonySlaystation cute when people try to write their own frameworks because they're too lazy to learn how Symfony/Laravel/anything works
  • 2
    Wow…
  • 4
    @aadilp hahaha absolutely!
    I think they laid the early foundation of their CMS in 2002 (judging by som code comment dates), but it's absolutely crazy how they never had a single thought about using a solid, well maintained opensource framework later on.
  • 7
    @PonySlaystation I'm assuming they only made the junior devs work on it who didn't know any better. Happened to me when I was starting out. They made me work on a codebase that had a controller with 8000 lines of code. With no seniors to guide me, I added 4000 of my own. Don't ask what happened next.
  • 5
    @aadilp They are only juniors... (at best)
    Some seem to be in the company for 8+ years but I'm pretty sure they're still juniors.
    We've all made such mistakes early on, but somehow they never had a single thought about refactoring the core of said CMS... they must be perpetual juniors (even the boss who wrote the core in 2002).
    The core seems to be still the same, only with additions, no refactoring lol
  • 1
    @PonySlaystation why even buy and maintain it if it will be shut off soon?
  • 1
    @PonySlaystation map the business logic in a miro board and burn the whole thing down. Only a fresh start can save this codebase
  • 1
    @Lensflare Our daily business runs on these websites, mostly clients who fill out data and upload stuff. About every 1-2 months there are some minor changes to be implemented depending on changes in laws or other factors.
    The craziest thing is that a load of money indirectly flows through these websites, but it's a complete clusterfuck of code...
  • 1
    @aadilp if only it was that easy...
    The new project is already in the final stages and runs on Azure Cloud, based on a microservice arch to allow for easier extension and better scaling. The thing is beautiful 😊
  • 1
  • 1
    I'm kind of over the fact that there are devs who are capable of committing the code in your cmsofdoom series. What I'm more worried is how they got so far with the project without the client cancelling it. I think there must be a limit after which the client is responsible for keeping it going.
  • 2
    I love it, and hate it simultaneously at the same time
  • 3
    While it is a bad practice, it is not necessarily a security hole, since $fields and $where probably come from internal operations and don't come from any user input (the user has no access to modify them at all).
  • 1
    Oh wow
    Zero fucks given
  • 1
  • 2
    hm. yes. what could go wrong?
  • 1
    @electrineer Great point... I think some clients, in this case my employer, didn't know any better and I think they didn't have a webdev partner before these imbeciles.
  • 2
    wtf, I haven't done PHP in a long time, but even if the unsafe string passing to the db query is a noob mistake, why on Earth would he loop through the result to push it back in another array!? What is the point of this?
  • 1
    @glemiere that is a very good question…
  • 4
    @100110111 and why iterating through the array to modify nothing? lmao that just rocked my head 😂
  • 2
    Please tell me this is not used with user input (both directly and indirectly).
    Well it would be ideal if this function was not used at all.
  • 1
    @hjk101 Thankfully in this instance, no user input can directly end up in the query...
    But there are other gaping holes. 🙈
  • 1
    Ahhh.. I am totally focused on them concenating the query string directly; I missed that they perform a pointless loop under there; even though they can simply return the query result.

    The loop makes no sense since it simply recreates the array, lol!
  • 0
    @daniel-wu Yeah, thankfully one of the easier code blocks to refactor...
  • 1
    Someone wants their DB to be injected
Add Comment