Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(IT World)   Here's your chance to violate Facebook's privacy for a change by laughing at their early source code   (itworld.com ) divider line
    More: Interesting, source codes, PHP, Mark Zuckerberg  
•       •       •

1953 clicks; posted to Geek » on 06 Nov 2013 at 10:27 AM (2 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



16 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2013-11-06 10:57:08 AM  
<?php
echo "who cares"; //meh
?>
 
2013-11-06 11:02:01 AM  

micah1701: <?php
echo "who cares"; //meh
?>


INCLUDE 'quotedabove';
 
2013-11-06 11:10:09 AM  
How is laughing at their poster the equivalent of violating their privacy?
 
2013-11-06 11:56:15 AM  
I especially like this:


my @rawCookies = split (/; /,$ENV{'HTTP_COOKIE'});
my %cookies;

foreach(@rawCookies){
my ($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}

...

my $db_data = Mysql->connect("$cookies{host}", "$cookies{db}", "mark", $pass);


Don't move until you see it.
 
2013-11-06 12:27:55 PM  
Seems very agile to me.
 
db2
2013-11-06 12:35:50 PM  
Zuckerberg does seem like the kind of tosspot that would use dynamic SQL statements.
 
2013-11-06 01:02:43 PM  
I don't see $dbh->quote anywhere in there so this code fails code review instantly.

// also no use taint;
 
2013-11-06 02:27:54 PM  

WayToBlue: I especially like this:


my @rawCookies = split (/; /,$ENV{'HTTP_COOKIE'});
my %cookies;

foreach(@rawCookies){
my ($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}

...

my $db_data = Mysql->connect("$cookies{host}", "$cookies{db}", "mark", $pass);


Don't move until you see it.


I'm no PHP guy, but that sure looks like db connection info in a freaking cookie...
 
2013-11-06 04:48:51 PM  

LurkerIndeed: WayToBlue: I especially like this:


my @rawCookies = split (/; /,$ENV{'HTTP_COOKIE'});
my %cookies;

foreach(@rawCookies){
my ($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}

...

my $db_data = Mysql->connect("$cookies{host}", "$cookies{db}", "mark", $pass);


Don't move until you see it.

I'm no PHP guy, but that sure looks like db connection info in a freaking cookie...


Shouldn't everyone be able to login as mark if they know his password?  Sounds very friendly.  He wouldn't give that to anyone who wasn't his friend.
 
2013-11-06 06:22:48 PM  

Vlad_the_Inaner: LurkerIndeed: WayToBlue: I especially like this:


my @rawCookies = split (/; /,$ENV{'HTTP_COOKIE'});
my %cookies;

foreach(@rawCookies){
my ($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}

...

my $db_data = Mysql->connect("$cookies{host}", "$cookies{db}", "mark", $pass);


Don't move until you see it.

I'm no PHP guy, but that sure looks like db connection info in a freaking cookie...

Shouldn't everyone be able to login as mark if they know his password?  Sounds very friendly.  He wouldn't give that to anyone who wasn't his friend.


That's not the issue.  The data is used without it being filtered for "bad things".  A carefully crafted cookie would have all kinds of fun with the database.  Think "little Bobby Drop Table".
 
2013-11-06 07:43:27 PM  
foreach($users as $marketingfodder){
$_GET['their wallet'];
echo "thanks for sharing!";
}
 
2013-11-06 08:35:05 PM  
NERDS!.jpg
 
2013-11-06 09:10:29 PM  

Oafmeel: NERDS!.jpg


That's "extremely well paid NERDS!.jpg".
 
2013-11-06 10:10:15 PM  

LurkerIndeed: WayToBlue: I especially like this:


my @rawCookies = split (/; /,$ENV{'HTTP_COOKIE'});
my %cookies;

foreach(@rawCookies){
my ($key, $val) = split (/=/,$_);
$cookies{$key} = $val;
}

...

my $db_data = Mysql->connect("$cookies{host}", "$cookies{db}", "mark", $pass);


Don't move until you see it.

I'm no PHP guy, but that sure looks like db connection info in a freaking cookie...


This is perl, but yes the connection ip info is in the cookie. Point it to a listener on an ip you control and collect the creds.
 
2013-11-07 10:56:43 AM  
I'm always amused that Perl code is riddled with snails.

my ($number) = @_;
 
2013-11-07 02:20:36 PM  
turboke: I'm always amused that Perl code is riddled with snails.

Using a sigil to denote variables is one of the best programming ideas ever.

// no name collision between variable names and function names

// built in variables use punctuation (by default, you can always use English), so you don't have to worry too much about what you name your own variables

// with sigils, you don't have to do a bunchOfStupidNamingTricks on your variables/functions/etc.

// @_ is also known as @ARG :P
 
Displayed 16 of 16 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report