Oh Wow, Man...



  • I maintain a huge site for a client.  The site's been around forever, but I joined the team only a year ago.  As big as it is, I find new WTFs on almost a daily basis.  The two gems for today were a page called "hello", which was, in its entirety (and live on the site):

    <BODY BGCOLOR=#FFFFFF>
    <% for i = 3 to 7 %>
    <FONT SIZE=<% = i %>>Wow man!</FONT><BR>
    <% next %>
    </BODY>

    ...and a page called query.asp:

    <FORM METHOD=POST ACTION="Results.asp">
    <P>Query:
    <% sql = Request("sql")
    if sql = "" Then
    sql = "select ProductName, ProductType, ProductDescription, ProductImageURL from products"
    end if
    %>
    <P><TEXTAREA NAME="sql" ROWS=15 COLS=75><%=sql%></TEXTAREA><BR>
    <P><INPUT TYPE=SUBMIT VALUE="Execute"><INPUT TYPE=RESET VALUE="Reset">
    </FORM>

    I nearly soiled myself on that one. It was live, not secured, and definitely hitting a production database. Fortunately, nothing sensitive, but still. Incidentally, both pages were in a folder called "wow".  Indeed.

    The offending pages have been removed from the server.



  • But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?



  • Atleast 'wow' was not misspelt, unlike 'brillant'.



  • [quote user="RShilling"]But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]

     Yeah. The possibilities are endless...

    'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'

     



  • [quote user="codemoose"]

    [quote user="RShilling"]But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]

     Yeah. The possibilities are endless...

    'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'

     

    [/quote]

    You might have used a real url ...



  • [quote user="RShilling"]But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]

    We call this "empowering the users"

    Remember - "Code you don't write is code you don't have to maintain"!



  • [quote user="codemoose"]

    [quote user="RShilling"]But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?[/quote]

     Yeah. The possibilities are endless...

    'UPDATE products SET ProductImageURL = 'http://www.hotbarnyardporn.com/images/blondewithhorse.jpg'

     [/quote]

    WTF!?  That URL isn't working!  Do you have the correct URL?  Please fix this quickly.  ;) 



  • [quote user="rbriem"]

    Remember - "Code you don't write is code you don't have to maintain"!

    [/quote]

    I wish.
    Where do you work and how do I apply? 



  • @rbriem said:

    [quote user="RShilling"]But, but...  Wouldn't it be a lot of fun for your customers to be able to write their own queries?

    We call this "empowering the users"

    Remember - "Code you don't write is code you don't have to maintain"!

    [/quote]

    My neverending stream of WTFs is from code I [i]didn't[/i] write, but [i]do[/i] have to maintain...



  • [quote user="Balthazaar"][quote user="rbriem"]

    Remember - "Code you don't write is code you don't have to maintain"!

    [/quote]

    I wish.
    Where do you work and how do I apply? 

    [/quote]

    That was the actual marketing slogan for a product I supported once ... looooong ago ...



  • [quote user="smbell"]

    WTF!?  That URL isn't working!  Do you have the correct URL?  Please fix this quickly.  ;) 

    [/quote]

     I just knew someone would try whatever I typed in there.
     



  • [quote user="codemoose"]

    The offending pages have been removed from the server.

    [/quote]

    Please restore the production server to its correct state immediately. I require the"hello" page to carry out my duties.

    Thank you.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.