1. Home
  2. Categories
  3. Side Bar WTF
  4. PHP code WTFs

PHP code WTFs

  • rohypnol

    <font style="font-size: 9pt;"><font face="courier new,courier"> function UpdateHA()
    {
        $q = "update ha set rid = LPAD((CONV((CONV(rid, 16, 10) + 1), 10, 16)), 4, '0'), eid = rid ";
        $res = ExecQuery($q);
    }

    ...

    function get_select_data ($lskey)
    {
            $ID_UPDATE = & $GLOBALS["ID_UPDATE"];
        $q = "select query_code
             from query
             inner join class_field
             on query.id = class_field.id_query
             where class_field.field_name = \"".$lskey."\"
             and ( class_field.id_menu = ".$_GET["menuid"]." || class_field.id_menu =  0) order by class_field.id_menu DESC";
        $ID = (isset($_GET["id"])) ? $_GET["id"] : 0;
        $lscommand = '$res = ExecQuery(\''.$q.'\', "interface");';    
        eval($lscommand);
        
        $row = mysql_fetch_assoc($res);    
        mysql_free_result($res);
        $lscommand = "\$res = ExecQuery(\"".$row["query_code"]."\");";    
        eval($lscommand);
        $lareturn = array();
            if ($lskey == "id_interface"){
                    $ip_net = "<script language='JavaScript'>var id_interface_ip = new Array();var id_interface_netmask = new Array();";
            }
            while($row = mysql_fetch_assoc($res)){
                    $lareturn[$row["id"]] = $row["name"];
                    if ($lskey == "id_interface"){  
                            $ip_net .= "id_interface_ip[".$row["id"]."]=\"".$row["ip"]."\";";
                            $ip_net .= "id_interface_netmask[".$row["id"]."]=\"".$row["netmask"]."\";";
                    }
            }
            if ($lskey == "id_interface"){
                    $ip_net .= "</script>";
                    echo $ip_net;
            }
        mysql_free_result($res);
        return $lareturn;
    }

    ...

    function replace_url ($aaarg)
    {
        $laarr = $_GET;

        foreach($aaarg as $asstring => $asvalue)
        {
            if(isset($laarr[$asstring]))
            {
                if($asvalue)
                {
                    $laarr[$asstring] = $asvalue;
                }
                else
                {
                    unset($laarr[$asstring]);
                }
            }
            else
            {
                if($asvalue)
                {
                    $laarr[$asstring] = $asvalue;
                }
            }
        }

        return $_SERVER["PHP_SELF"]."?".http_build_query($laarr);
    }</font></font>

     

    1) The UpdateHA() function could use some comments. I sort of know what it's purpose is, but, for the love of the gods, WHY is it doing WHATever it's doing?

    2)  get_select_data() is pretty straightforward: it gets some string from the database and executes it as a query, but not before eval()ing it, therefore replacing PHP variables in it before execution. Spit a drop of JavaScript code using echo and you've got a mess!

    3)  The replace_url() function looks for keys in $aaarg that are also found in $_GET and if they're found in $_GET, it replaces their value if the new value (from $aaarg) evaluates to a true boolean, otherwise it removes the value from the $_GET array and if the key isn't found, the key=>value pair is appended to the $_GET array, even if the value evaluates to a false boolean, which [nobody knows why] is different from the case where it evaluates to false but it already exists. Also, the names of the variables and parameters, which seem to be abbreviations, mean absolutely nothing to me - and I'm quite familiar with a large chunk of the code.

    If I haven't made myself clear enough, it's because I've simply explained what the functions actually do. Don't blame the messenger.

    0
  • ?

    aaarg !!!

    </obvious joke>

    0
  • morbiuswilters

     Sweet Jesus...

    0
  • galgorah

    Good lord that looks atrocious.  I'm not a php guy but yikes. If you have to maintain that mess you have my condolences.  I can only imagine what else your going to find.

    0
  • O

     Wow, I hope the original developer has quit doing development. Source code like that should be used as an educational tool to teach students how not to develop software. 

    0
  • rohypnol

    @galgorah said:

    Good lord that looks atrocious.  I'm not a php guy but yikes. If you have to maintain that mess you have my condolences.  I can only imagine what else your going to find.
     

    Here are some other cool things I've found in the same application, just in case you've missed them: include_onceS  /  Quick coding WTF without failure  /  PHP code: Magic numbers, cool functions and useful stuff  /  Error in translation

    0
  • gherkin

    What a total mess. Dynamic SQL with no quoting or escaping (what if $_GET['menuid'] isn't an integer?), and using eval() for no apparent reason. eval() in PHP is always a bad code smell, unless you know the intention of the programmer was to do something really weird.

    0
  • Weng
    Garbage Person

     Looks like pretty standard PHP to me. Exactly what I'd expect to find on any inherited PHP project

    0
  • W

     A $_GET concatted into an eval string which is supposed to concat it into a SQL string?

     Holy crap, what a smorgasborg of injection opportunities!  Do I inject SQL, or do I inject PHP?  Decisions, decisions...

    0
  • julmu

    @rohypnol said:

    ... if the key isn't found, the key=>value pair is appended to the $_GET array, even if the value evaluates to a false boolean, ...

    @rohypnol said:

    
else
    
{
    
if($asvalue)
    
{
    
$laarr[$asstring] = $asvalue;
    
}
    
}

    if $asvalue evaluates to false then it won't be appended

    0
Log in to reply