Re: [HELP] code modification

From: Tad McClellan (tadmc_at_augustmail.com)
Date: 12/20/03 

Date: Sat, 20 Dec 2003 10:11:32 -0600

Paul Sellis <paul.sellis@alussinan.org> wrote:
> In article (Dans l'article)
><paul.sellis-B3911D.10560620122003@news3-1.free.fr>,
> Paul Sellis <paul.sellis@alussinan.org> wrote (écrivait) :

>> I don't know if you recommand it to me Š

The code is amateurish and buggy. I recommend deleting it and
looking for a replacement.

It is worth *less* than you paid for it!

> &check_url;

That is how subroutines were called 7 years ago.

Is this program 7 years old?

Or is the "programmer" just stuck in the Dark Ages?

   check_url();

> sub check_url
> {
> if ($ENV{'HTTP_REFERER'})
> {
> foreach $AUTHURL (@AUTHURLS)
> {
> if ($ENV{'HTTP_REFERER'} =~ /$AUTHURL/i)
> {
> $check_url = '1';
> last;
> }
> }
> }
> else
> {
> $check_url = '1';
> }

That is some foolish logic.

It accepts _anything_ if HTTP_REFERER is not defined.

> if ($hour < 10)
> { $hour = "0$hour"; }

sprintf() should be used for padding instead.

> if ($year >= 100)
> { $year = $year - 100; }

This is a y2100 bug.

The docs for localtime() show the correct way to get a 2-digit year.

Looks like the "programmer" did not read the docs for the function
that he used...

> sub reformat_form_data
> {
> if ($ENV{'REQUEST_METHOD'} eq 'POST')
> {
> # Get the input
> read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
> # Split the name-value pairs
> @pairs = split(/&/, $buffer);

Contains a host of classic bugs, repeated yet again!

> ## Test for valid email
> if ($value !~ /^[\w\.-]+@[\w\.-]+$/) {

This will reject some perfectly valid addresses...

> sub send_email
> {
> # Build the 'from' address of the form: "name <email address>"
>
> $from_name=($CONFIG{'Name'} . " <" . $CONFIG{'email'} . "> ");

   $from_name = "$CONFIG{Name} <$CONFIG{email}> ";

> open(MAIL,"|$SENDMAIL -t") || die "Can't open $mailprog!\n";

That diagnostic message is misleading, and it does not include
the $! variable containing the reason for the failure.

This is an example of Script Kiddie code. Blech! 

-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas

Relevant Pages

  • Re: Job title: $300 flat for job in perl, cgi, Visual Basic/Asp.Net, whatever online project
    ... Lookie lookie for programmer ?? ... worth of work 35.000 euro`s ... $300 flat for job in perl, cgi, Visual Basic/Asp.Net, ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Modules
    ... Having started out as a top-down type of programmer from the 70's may have ... point where I'd create some base object with some core features, ... VB6 doesn't do inheritance, but it does do interface implementation, which gets ... Anything worth having is worth having two of. ...
    (comp.lang.basic.visual.misc)
  • Re: Why C#?
    ... I guess if C# spells more $ than I guess it's worth taking a look at. ... My employer will buy the book if I want. ... one of those books a c#/.net programmer should never be too far away ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: D8: first impression and uneasy feeling... (long)
    ... it's not worth its money. ... > protecting resources like files, etc., has to be up to the programmer. ...
    (borland.public.delphi.non-technical)