Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
joshfraser
on Sept 4, 2013
|
parent
|
context
|
favorite
| on:
How not to check the validity of an email address
If I recall correctly the code looked something like this:
<?php
if (!admin())
echo "<script>window.location = '/signin';</script>";
delete_bid($_GET['bid_id']);
?>
mbenjaminsmith
on Sept 4, 2013
|
next
[–]
When you think about it it's actually pretty elegant -- if your purpose is to write something that appears to work but will
do the worst possible thing
when crawled.
sigkill
on Sept 4, 2013
|
parent
|
next
[–]
Something like the underhanded C contest then?
stavros
on Sept 4, 2013
|
prev
|
next
[–]
I don't understand. Was it supposed to delete the thing anyway, and then redirect if the user wasn't an admin?
xerophtye
on Sept 4, 2013
|
prev
[–]
a simple 'else' would have at least stopped the deleting part :/
bdg
on Sept 4, 2013
|
parent
[–]
This could have been written in the mindset that JavaScript and PHP ran at the same time. Lots of people still believe that.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
<?php
if (!admin())
delete_bid($_GET['bid_id']);?>