Month selection



  • This is from my town hall's fuel and car management software. I picked a random file. Every one of them is good material for this site.

    <select name="mes">
    <option value="01" <? $data=false;
    if($_POST["mes"]=="01"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="01"){
    echo "selected='selected'";
    }
    }?>>Janeiro</option>
    <option value="02" <? if($_POST["mes"]=="02"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="02"){
    echo "selected='selected'";
    }
    }?>>Fevereiro</option>
    <option value="03" <? if($_POST["mes"]=="03"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="03"){
    echo "selected='selected'";
    }
    } ?>>Mar&ccedil;o</option>
    <option value="04" <? if($_POST["mes"]=="04"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="04"){
    echo "selected='selected'";
    }
    }?>>Abril</option>
    <option value="05" <? if($_POST["mes"]=="05"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="05"){
    echo "selected='selected'";
    }
    }?>>Maio</option>
    <option value="06" <? if($_POST["mes"]=="06"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="06"){
    echo "selected='selected'";
    }
    }?>>Junho</option>
    <option value="07" <? if($_POST["mes"]=="07"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="07"){
    echo "selected='selected'";
    }
    }?>>Julho</option>
    <option value="08" <? if($_POST["mes"]=="08"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="08"){
    echo "selected='selected'";
    }
    }?>>Agosto</option>
    <option value="09" <? if($_POST["mes"]=="09"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="09"){
    echo "selected='selected'";
    }
    }?>>Setembro</option>
    <option value="10" <? if($_POST["mes"]=="10"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="10"){
    echo "selected='selected'";
    }
    }?>>Outubro</option>
    <option value="11" <? if($_POST["mes"]=="11"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="11"){
    echo "selected='selected'";
    }
    }?>>Novembro</option>
    <option value="12" <? if($_POST["mes"]=="12"){
    echo "selected='selected'";
    $data=true;
    }
    else{
    if($data==false AND date('m')=="12"){
    echo "selected='selected'";
    }
    }?>>Dezembro</option>
    </select>




  • I'm starting to see too many WTFs from my country....

    Think itsย  time to move away...


    well.. thanks to internet at least people now know that there is (some kind of ) civilization here that is not only indians, but an "mix" of all kinds of people.

    ย 
    ok... i'm tired, dizzy and i don't know what i'm talking about... Good night! ๐Ÿ™‚



  • I worry that people can write code like this with a straight face for something other than OMGWTF and not realise that it's ridiculous. There are many mistakes that are perfectly acceptable, but writing code that's an obvious loop in production code?

    The funny thing in life is confidence. I'm told that I need more self-confidence. In what? I know I'm a screwball programmer and a screwball person. If I had "confidence" it would be a deceitful facade or a delusion but it would get me so much further in life than I've ever got to! Then, of course, I'd get to be one of the people who everyone on this site laughs at until they cry.

    Instead, I just despair at my own code ... I don't know what my worst mistake was, but the most memorable was a line or two of code in a program that, despite my best efforts, I could not figure out what it did. In the end, I just deleted it and replaced it with code that did what the existing code was presumably meant to do (regardless of whether or not it actually did that). (The app does work, but oh my, trying to get it to work on a 68k Mac ...)

    The key to getting ahead in life seems to be either wilful deceit, or to be grossly deluded as to your own ability. If you succeed in the latter, your code ends up here. If you fail in the latter, your interview stories end up here.



  • So, if date('m') is "05" and $_POST["mes"] == "10" (for example) you have two selected options?



  • Ooo ooo .... because I am subscribed to this topic, I got sent an interesting e-mail notifying me of Zecc's post. Do I even want to know what Community Server is doing to create that?



  • The author must have heard about optimisation by unrolling loops. ๐Ÿ™‚



  • @Daniel Beardsmore:

    Looks like the $_ confused it... Maybe it uses $_ as a placeholder in the email template?

    I wonder, if I type lots of $'s like this: $ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_ $_

    What will the email look like?



  • Hahaha. The e-mail is ...... a freaking mess and very long.



  • That email is wierd, it looks like $_ causes it to insert the email template into the email.

    What happens if I put the [PostBody] key in the post too? Does it recurse and crash the email server?
    ย 



  • @Thief^ said:

    That email is wierd, it looks like [redacted] causes it to insert the email template into the email.

    What happens if I put the [PostBody] key in the post too? Does it recurse and crash the email server?
    ย 

    Sadly, [postbody] works. But what if I use other $ parts, e.g. $A $B $a $b $X $Y $x $y $* $( $! $. $/ $\ $" $$ $postbody $user $message $# $: $; $' $< $> $^ $% $^ $$postbody $$message ... $postbody$ $message$ $(postbody)$ .... $-)



  • Hey, isn't $_ a php variable?

    I wonder if $_SERVER['SCRIPT_FILENAME'] works?



  • I take it that none of the $ items I typed, did anything interesting in the e-mail?

    It doesn't appear to be using PHP variable interpolation, but just some crazy hack. You know the sort ... "Nobody's ever going to write $ then _ in a message, so we'll use that for our stuff." Alas, it doesn't seem to be a security exploit ๐Ÿ˜‰



  • @Zecc said:

    So, if date('m') is "05" and $_POST["mes"] == "10" (for example) you have two selected options?

    Yes. The good thing is that the select box is not 3d or 4d so the other selection stays hidden.

    I use this code for enlightenment and inspiration only so I'll let it be.

    @Daniel Beardsmore said:

    The key to getting ahead in life seems to be either wilful deceit, or to be grossly deluded as to your own ability. If you succeed in the latter, your code ends up here. If you fail in the latter, your interview stories end up here.

    The person who wrote the code I posted here already quit and got an easier and better paid job. The code shows that he got the right mind to go very far as a programmer. Much more than me at least, who can't sleep well if writing "bad code".



  • @Daniel Beardsmore said:

    I take it that none of the $ items I typed, did anything interesting in the e-mail?

    It doesn't appear to be using PHP variable interpolation, but just some crazy hack. You know the sort ... "Nobody's ever going to write $ then _ in a message, so we'll use that for our stuff." Alas, it doesn't seem to be a security exploit ๐Ÿ˜‰

    I suggested it might be php variables because I don't see any reason why someone would want to be able to (and specifically code the ability to) insert the email template into the post in the email template.ย 



  • @Daniel Beardsmore said:

    Ooo ooo .... because I am subscribed to this topic, I got sent an interesting e-mail notifying me of Zecc's post. Do I even want to know what Community Server is doing to create that?

    It didn't disappear -- "POST[..." landed at the very end of the content - after WTF team signature. Now - think social engineering when I send this. $_PS. Your account will be deactivated if you don't click on http://malicious.host.com?im_in_ur_box_sending_ur_cukys NOW!



  • Heh, interesting. You'd want to find a trick that accounts for the resulting mess, though.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.