CodeSOD: A Valid Call

, Software Pundits
This post was originally published on this site

The Daily WTF

“Never trust your inputs” is a generally good piece of advice for software development. We can, however, get carried away.

Janice inherited a system which, among many other things, stores phone numbers. Like most such systems, the database validates phone numbers, and guarantees that numbers are stored in a canonical format, as text.

For some reason, their Rails presentation layer isn’t satisfied with this, and needs to validate the data coming from the database. In their specific environment, they know the database only contains canonical phone numbers, but honestly, I’m willing to forgive the belts-and-braces approach, as I’ve certainly used enough databases that couldn’t provide those kinds of guarantees.

No, the problem is the way they went about it.

phone = acct.phone_number.to_s raise “phone number blank!” if phone.blank? phone.gsub!(/+/,”) if (phone =~ /A+[0-9]+Z/) phone = ‘phn:’+phone elsif (phone =~ /A[0-9]+Z/) phone = ‘phn:+’+phone else raise “phone number: incorrect format!” end

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

XJSOML

CodeSOD: The Variable Toggle

Error'd: Hot Dog

Guiding an LLM for Robust Java ByteBuffer Code

CodeSOD: Static State

CodeSOD: Conventional Events