Oh Wow, Man...
-
I maintain a huge site for a client. The site's been around forever, but I joined the team only a year ago. As big as it is, I find new WTFs on almost a daily basis. The two gems for today were a page called "hello", which was, in its entirety (and live on the site):
<BODY BGCOLOR=#FFFFFF>
<% for i = 3 to 7 %>
<FONT SIZE=<% = i %>>Wow man!</FONT><BR>
<% next %>
</BODY>...and a page called query.asp:
<FORM METHOD=POST ACTION="Results.asp">
<P>Query:
<% sql = Request("sql")
if sql = "" Then
sql = "select ProductName, ProductType, ProductDescription, ProductImageURL from products"
end if
%>
<P><TEXTAREA NAME="sql" ROWS=15 COLS=75><%=sql%></TEXTAREA><BR>
<P><INPUT TYPE=SUBMIT VALUE="Execute"><INPUT TYPE=RESET VALUE="Reset">
</FORM>I nearly soiled myself on that one. It was live, not secured, and definitely hitting a production database. Fortunately, nothing sensitive, but still. Incidentally, both pages were in a folder called "wow". Indeed.
The offending pages have been removed from the server.
-
But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?
-
Atleast 'wow' was not misspelt, unlike 'brillant'.
-
[quote user="RShilling"]But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]
Yeah. The possibilities are endless...
'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'
-
[quote user="codemoose"]
[quote user="RShilling"]But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]
Yeah. The possibilities are endless...
'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'
[/quote]
You might have used a real url ...
-
[quote user="RShilling"]But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]
We call this "empowering the users"
Remember - "Code you don't write is code you don't have to maintain"!
-
[quote user="codemoose"]
[quote user="RShilling"]But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]
Yeah. The possibilities are endless...
'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'
[/quote]
WTF!? That URL isn't working! Do you have the correct URL? Please fix this quickly. ;)
-
[quote user="rbriem"]
Remember - "Code you don't write is code you don't have to maintain"!
[/quote]
I wish.
Where do you work and how do I apply?
-
@rbriem said:
[quote user="RShilling"]But, but... Wouldn't it be a lot of fun for your customers to be able to write their own queries?
We call this "empowering the users"
Remember - "Code you don't write is code you don't have to maintain"!
[/quote]My neverending stream of WTFs is from code I [i]didn't[/i] write, but [i]do[/i] have to maintain...
-
[quote user="Balthazaar"][quote user="rbriem"]
Remember - "Code you don't write is code you don't have to maintain"!
[/quote]
I wish.
Where do you work and how do I apply?[/quote]
That was the actual marketing slogan for a product I supported once ... looooong ago ...
-
[quote user="smbell"]
WTF!? That URL isn't working! Do you have the correct URL? Please fix this quickly. ;)
[/quote]
I just knew someone would try whatever I typed in there.
-
[quote user="codemoose"]
The offending pages have been removed from the server.
[/quote]
Please restore the production server to its correct state immediately. I require the"hello" page to carry out my duties.
Thank you.