Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "cms of doom"
-
[Certified CMS Of Doom™ moment]
Ah yes, the good old "generate a huge CSV just to know how many rows there are"14 -
The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.
The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......
I could go on, but yes, I've seen it all now.12 -
Behold the PHP pyramid of doom!
You know what kind of code is coming... a big pile of shite! 😍
Obviously you have to return by reference (&) because of performance and memory reasons. ☝️🤓
Man... I've seen code...22 -
Oh boy, my riskiest coding decision was certainly that one time when I refactored some 50k lines of critical legacy shit code in 3 days, straight up merged everything into master and then deployed to prod.
Luckily there was only one minor bug I had to fix after that... phew...
(To my defense: I was solo-working on it - the infamous CMS Of Doom™)2 -
[CMS of Doom™]
The gift that keeps on giving...
When you think you've seen it all after 7 months in legacy hell, you get another gift:
Let's say you use PHP, but your IQ is in the zero-ish range, then it is obvious to:
- use define() for constants in all your config.*.php files
- then include said config.*.php files multiple times
- and because define() doesn't overwrite the same constant, because it's - you know - a constant, you instead of including just do a file_get_contents() to read the PHP file as string and then parse the values by Regex.
The dev who wrote this was truly one of the devs ever.12 -
Oh boy... something just happened I'd have never expected.
Remember my rants about the PHP CMS Of Doom™?
Guess what... the boss of said company just called me to offer me a job as their new tech lead. WTF.
I'd rather slowly impale myself on a rusy pickaxe.
I'd rather tattoo my face with a giant, pulsating, uncircimcised shlong.
I'd rather take a swim in a pool of Hydrogen fluoride.
I'd rather work 80h/wk on pimple extraction.10 -
So I've started learning Rust and I must say it feels great! But some parts of the language, like enums, are quite different than what I'm used to.
As a proof of concept I've reimplemented a small API (an Azure Function App) in Rust with Actix Web and it's FAST AS FUCK BOIII.
The response is served about 5x as quckly and the memory footprint shrinked from some 90 MB to around 5 MB.
In my small scale usecase it's not a huge difference, but I think it can be massive at large scales...
What is your experience with Rust (at scale)?
I wish I could quickly reimplement the whole fucking CMS Of Doom™ in Rust... but no time and resources :(5 -
[CMS of Doom™]
Gotta love the fact that the fuckers who originally "coded" this abomination of a CMS implemented a method which replaces some text before sending the HTML to the client.
Guess what fucks with my code?6 -
If you ever feel incompetent or unsuccessful in life, I have to tell you one important thing:
The company which created the "CMS Of Doom"* has been existing for 21 years and is still going "strong".
*not actual name4 -
Damn, it's quite refreshing to work on some C#.NET microservices instead of the usual PHPTSD in the CMS Of Doom™...4
-
[CMS Of Doom™]
Imagine bringing every HTTP Query Param and every god damn fucking POST var into to current code context.
"extract()" is one of the reasons why I have terminal PHPTSD.10 -
I'd rather take a swim in a moist human massgrave than fix any more bugs of this cancer-inducing "selfmade" CMS developped by a "company" that shall not be named.
Sadly I am not aware of any such pit in the neighborhood, thus more bugfixing it is... yay ⚰️5 -
How to log in to CMS Of Doom™...
What could go wrong?
MD5 password hashing? HTTP links? Extracting the whole $_POST array?8 -
I got terminal white-space autism because of the CMS Of Doom.
Forgetting one or adding one too many leads to major problems on prod.4 -
[CMS of Doom™]
Imagine creating a CMS so bad that you let the owner (who I work for) define in a simple input field what email address is used as the sender address for the welcome email of newly registered users.
Basically they filled in a personal email of the company some 3 years ago AND of course the person with said email address left the company a few months later thus for some 2-3 years newly registered users received a welcome email with a sender address of an unavailable user.
And I thought I've seen it all in this CMS...3 -
[CMS Of Doom™]
Ah, yes, their built-in bullshit newsletter module just sent the n-th user n emails. Wonderful considering n=368.
The culprit? Better don't ask...
OK, anyway: So the mailer is running as a CRONjob, but nah, not as a console script call but by a public HTTP GET URL call, fucking obviously (it's the CMS Of Doom for a reason).
So these fucking imbeciles "implemented" an ob_start() callback where HTML links are - for whatever fucking reason - modified by some regex (obviously everybody knows parsing HTML by Regex is trivial). In this case the link was somehow modified to recall the mailer Cronjob...
This must have upset the pngoing mailing process thus spamming mails. Whyyyy
And I've thought I've seen it all after 6 months in this legacy hell...
This is why you don't run a company consisting of only beginners in PHP (in cluding their "CEO")! -
At my first programming job, the codebase was a tangle of legacy web forms, MVC, templates in a content-management-system, and AngularJS. Learning the CMS was particularly stressful.
One Saturday night, after binge-watching videos of DOOM 2 speedruns and mods, I had a dream that the Icon of Sin from DOOM 2 appeared in the code, gazed at me menacingly, and lunged at me before I woke up.1 -
In the previous company I've worked, we've had about one customer every 1-2 months that had his WorstPress website hacked.
It's a horrible CMS and there is no argument that could convince me otherwise, not even bribery.
Luckily enough for WP, it's not the worst CMS I've encountered... that award goes by far to "The CMS Of Doom™" (name changed to not dox the incompetent company that created it). Fucking bastards. -
(relating the CMS of Doom™)
Imagine loading a shared CSS for your subdomain site from your main site via PHP over cURL and then embed it in a <style/> tag on every single damn request.
🤯7