June 26, 2006
Quote Of The Day
SESSION is an associative array (aka Dictionary). When the session times out, things like 'Tempfile' are no longer defined. (PHP has an unset() function that undefines a reference.) But when PHP sees an undeclared reference, it doesn't error out -- instead it substitutes '' (a blank string) if the reference occurs within a string. So now the user is executing rm -r /var/public_www/ As you might imagine, this behavior makes PHP very dangerous in the hands of an idiot.Yeah.
Posted by: Pixy Misa at 02:25 PM | Comments (6) | Add Comment | Trackbacks (Suck)
1
Ahh, the Daily WTF. And I agree with several of the commenters in that thread...what, exactly, was the brainstorm that resulted in a 'rm -r' call in code in the first place 
Posted by: Chris C. at June 27, 2006 01:23 AM (V5vg4)
2
And my buddy, Dr. Heinous, wonders why I'm very, very leery of trying
to learn enough PHP to actually work under the hood of WP. I
understood a little of that -- on about the fourth reading. Not
that I know a php SESSION from a gaming session. Well, maybe I
dimly grasped it when I played with .asp a few years ago, but do I want
to risk my whole site on how well I understand something? No.
'rm' is remove directory? But what's the '-r' parameter do?
Crud, don't tell me that's root? No, wait, www_root is the site root.... recursive maybe? But what's var?
Pardon me while I advertise my ignorance....
to learn enough PHP to actually work under the hood of WP. I
understood a little of that -- on about the fourth reading. Not
that I know a php SESSION from a gaming session. Well, maybe I
dimly grasped it when I played with .asp a few years ago, but do I want
to risk my whole site on how well I understand something? No.
'rm' is remove directory? But what's the '-r' parameter do?
Crud, don't tell me that's root? No, wait, www_root is the site root.... recursive maybe? But what's var?
Pardon me while I advertise my ignorance....
Posted by: ubu roi at June 27, 2006 11:35 AM (s/dU4)
3
-r is indeed recursive.
/var is a particular filesystem that the document root really shouldn't be in.
What this little beauty did was whenever a user's session timed out, it deleted the entire web site.
Not, on the whole, a good thing.
/var is a particular filesystem that the document root really shouldn't be in.
What this little beauty did was whenever a user's session timed out, it deleted the entire web site.
Not, on the whole, a good thing.
Posted by: Pixy Misa at June 27, 2006 12:15 PM (FRalS)
4
Well, that's atad excessive.
Posted by: Wonderduck at June 27, 2006 01:39 PM (+FLIL)
5
I kind of thought that might be the effect of "remove recursive" executed in the root, but do you mean to say the user didn't even have to enter anything? Just let his session time out and the order would execute?
Ow.
Ow.
Posted by: ubu roi at June 27, 2006 02:05 PM (s/dU4)
Processing 0.01, elapsed 0.0083 seconds.
16 queries taking 0.0045 seconds, 27 records returned.
Page size 9 kb.
Powered by Minx 0.8 beta.