Tobbi sends us a true confession: they wrote this code.
The code we're about to look at is the kind of code that mixes JavaScript and PHP together, using PHP to generate JavaScript code. That's already a terrible anti-pattern, but Tobbi adds another layer to the whole thing.
if (AJAX)
{
<?php
echo "AJAX.open(\"POST\", '/timesheets/v2/rapports/FactBCDetail/getDateDebutPeriode.php', true);";
?>
AJAX.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
AJAX.onreadystatechange = callback_getDateDebutPeriode;
AJAX.send(strPostRequest);
}
if (AJAX2)
{
<?php
echo "AJAX2.open(\"POST\", '/timesheets/v2/rapports/FactBCDetail/getDateFinPeriode.php', true);";
?>
AJAX2.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
AJAX2.onreadystatechange = callback_getDateFinPeriode;
AJAX2.send(strPostRequest);
}
So, this uses server side code to… output string literals which could have just been written directly into the JavaScript without the PHP step.
"What was I thinking when I wrote that?" Tobbi wonders. Likely, you weren't thinking, Tobbi. Have another cup of coffee, I think you need it.
All in all, this code is pretty harmless, but is a malodorous brain-fart. As for absolution: this is why we have code reviews. Either your org doesn't do them, or it doesn't do them well. Anyone can make this kind of mistake, but only organizational failures get this code merged.
[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.
This post originally appeared on The Daily WTF.