When a function just won't do...
Thanks to Michael for sending this in! He was doing a code audit on a PHP application developed by a contractor. Our story starts with an include file named magdit.inc, which is Dutch for "isthisallowed".
This example makes it into the WTF Hall of Fame because it violates so many good design principles. Take a look at magdit.inc to get you started...
includes/magdit.inc
<?php
$cyfer = $magdit;
$magdit = "";
// hier testen we de list functions.. het blijkt makkelijk een list om te zetten in een array en er dan mee te werken dusse
$variablelist = $access;
eval("\$arraytest = array($variablelist);");
foreach($arraytest as $loopje) {
if ($cyfer == $loopje) {
$magdit = "ja";
}
}
if ($magdit == null) {
$magdit = "nee";
}
?>
Can you spot the multiple WTF's in magdit.php? The most blatent ones are the use of eval()
(why?!), and at the end of the file where $magdit
is either "ja" (yes) or "nee" (no). I bet you're wondering what's the point of this code if it just ends?! There's also another WTF in there that's a doozy. Can you spot it? Read on, it gets worse...
<?php
/**** Comments are editor's ****/
$magdit = 6; // WTF does 6 mean?!
include 'includes/magdit.inc'; // ahh here it is.
$magdit2 = $magdit; // $magdit (integer) goes in, $magdit (string) comes out
$magdit = 7;
include 'includes/magdit.inc'; // here it is again...
$magdit3 = $magdit;
$magdit = 12;
include 'includes/magdit.inc'; // and again...
if ($magdit == "ja" or $magdit2 == "ja" or $magdit3 == "ja") {
echo "<tr><td><a href=users.php target=mainFrame
class=\"linkmenu\">Gebruikers</a></td></tr>";
}
$magdit = 13;
include 'includes/magdit.inc';
$magdit2 = $magdit;
$magdit = 14;
include 'includes/magdit.inc';
$magdit3 = $magdit;
$magdit = 15;
include 'includes/magdit.inc';
$magdit4 = $magdit;
$magdit = 29;
// ... ohh the agony!
?>
In left_frame.php we see why magdit.inc ended so abruptly! It is used to reuse PHP logic! I particularly like how $magdit
is the hardest working variable in PHP. It's an integer then a string, then an integer again, etc.
Another thing that needs to be pointed out is the use of literals in the code. What does 6,7,12,13,14,15,29 really mean? Integer literals in code are the only thing more confusing than building a PHP application with billions of includes. This WTF makes me dizzy. Thanks again to Michael for sending it in, and we all pity you.