- Existing site manager dug out this guest book from PurpleYin which you must never use. Aside from loading the entire text based file (no, not SQLite just some delimited text) into one massive array in memory which is then queried using array functions (which would cause your server to overload on high traffic sites), it stores options not in array, not in .ini but (i do not think there is even a name for this) in option per line format. So basically script reads the file using $lines=explode("\r\n",$this->contents); and so then line 1 becomes "entriesPerPage", line 2 becomes "maxWordLength" etc. Aside from having to dig into the source code to figure out what line 19 is suppose to represent this causes a problem outlined next.
- The site manager apparently did not see this flaw and added a line at the top of every file, including the options file, which caused the whole program to break since configurations were now mismatched. Well, maybe he also did not expect this unexpectedly wrong way of configuring an app but the context of the line he added negates all excuses. He has eval(base64_decode('some long encrypted string')); at the top of every file. Was he trying to protect his code? Well it was very simple to "crack" by just dumping content of base64_decode which reviled some sort of integration of tinymce. Well, fair enough. This was his attempt at getting tinymce theme over to guestbook which I can accept but why put it at the top of every single file there is in the directory, all 18 of then most of which are including each other thus running that decode and eval at least, I am guessing, 10 times per request.
Fixing the guestbook problem was then as simple as taking out that line from where it should not be and in doing so restoring order of options.
| Next > |
|---|
