The experience of identifying one bug or how not to make out your code
At once I will state that nothing innovative is proposed in the article. I just describe one small case of working with someone else's code. Experienced developers, perhaps, will smile, for surely they themselves came across this, and maybe even worse. Those for whom this is all new, please take note of how not to draw up your code, especially if we are talking about a public plugin. The article further describes how to work with an outsider plugin for wordpress. After my “adventures” I really do not want to mention the name of the plugin in any way, so in the pieces of the source code I changed the name of variables, functions, in order to exclude the possibility of referring to the plugin as much as possible.
Often I see how people speak badly about php-programmers and about php in general as a programming language. I myself did not encounter language problems - I write small projects for myself, I don’t use third-party frameworks and enjoy life. Sometimes make familiar with the requests. If the task is interesting or just low-cost, then usually I do not refuse. And an acquaintance asked me to see why the autoposting plugin on various social networks does not work with Instagram as it should. Without thinking for a long time, I figured that there is nothing difficult in this - I’ll open the sublime text, download the source code for the plugin, search for the posting code on Instagram and correct what I need, but it wasn’t there ...
I set up FtpSync, downloaded the plug-in folder, opened the file suitable for the name and saw something like this:
That's right: several operations in one line file with a total number of lines more than a thousand. Then I realized that the case was bad and opened phpstorm, through Tools -> Deployment I set up access to ftp. Then, using Ctrl + Shift + Alt + L, I put the code in order and it became more readable:
')
The problem with the plug-in was that when posting a picture, an error was displayed instead of the header with an approximate content “Can not upload image to / tmp / FILE_NAME”, but the picture was successfully filled. Searching through files (Ctrl + Shift + F) I quickly got to the only place in the code where such text is used. (By the way, a similar error text with different variations of the statement of words in the sentence was in different places of the code. The developers should have put the text into a constant or created a function to get different variations depending on the parameters. In general, the presence of copy / paste programming.)
My friend tried to google the error and even found a user’s topic on the plugin’s authors ’forum with the same problem. Representatives of the plugin clearly tried to explain that a person should understand php better, indicated that their code uses only system functions and the problem is not on their side, by offering to read the FAQ. In general, support is low.
By a simple test of adding a word to a string, I tried to make sure that the function that I found in the code is being called, but no. After a little surprise, I began to track the call chain when I pressed the button. In exactly the same negligently formatted javascript code, I found which action is sent via ajax, again, by searching, I found a place in the php code and using
I constantly checked that I was moving the right way until I came to this place in the code:
Separately, a picture from phpstorm ide:
So I came to an undeclared class. First of all I downloaded from the server all the other sources of the engine and plug-ins and searched all the files and tried to find the definition of the class. I was quite surprised when nothing was found. In other words, posting a picture takes place in a class that is not in the source code.
I asked a friend what kind of plugin it is, as a result of which it turned out that the plugin is public, specifically this modification (posting on Instagram) is paid for in it and its developers are Hindus. All other social networks work well. My surprise from what was happening only intensified, but okay.
The following code:
I got to the file in a different plugin and in the indicated line of code I found the call to the 'eval' function:
A plugin with such a function is a paid add-on for connecting Instagram as well. The source code for working with “premium” networks is stored in the database and is loaded from the database with the help of 'eval' each time it is loaded.
Finally, I got to the code in which the output is not an actual error, now I had to open the code in phpstorm for further analysis, for which I just wrote the code from the database to a file and in order to change something I do require instead of eval:
The plugin provides for the intermediate saving of the published image in the / tmp folder in the system, and if it does not work out, then in the WordPress folder for downloads. The line with the error is used in several places of the code and the rest of the code for writing and checking for writing in different temporary folders, the developers simply copied and slightly modified the error text. Actually, only the file saving error was recorded in the variable:
It is not clear for what reasons the same variable was later used in the code for the caption attribute when posting to an instagram:
Changed the variable and ready. 5 minutes to identify and fix the bug and about 2 hours to find the location of the necessary code with the specified bug.
Perhaps, it would be necessary to draw some conclusions from the whole situation. In fact, there is no high morality in this. After the "adventures" I just wanted to share. So as I wrote in the introduction, this is just a small story from my experience with someone else's code, bad code. Hopefully, the story still smiled at someone, someone might have noticed something new in the approach of analyzing someone else's code, and someone may have taken a note of how best to design their code.
In the process of analysis, I ran into a variety of stamp problems, the most basic of which are:
There were many other minor omissions that made the code a little more unreadable for outsiders. The biggest problem is that php syntax allows you to do all this and people, unfortunately, use this freedom for other purposes. I understand that the developers, keeping the source code in the database of the engine for which they are taking money, thus tried to make it less accessible, but this is an extremely wrong approach. The most banal argument: based on my experience, this approach did not work - I still got to paid sources without too much difficulty, but because of the time I wasted, my desire to distribute this paid code for free only intensified, and so it was zero. Thoughts even appeared to write your own plugin with exactly the same functionality in order to deliberately compete with developers. In general, if you still can't hide the source, then make it readable for other developers. This definitely will not negatively affect your profitability, but it will very well affect your reputation and will only increase your ability to earn more in the future.
Often I see how people speak badly about php-programmers and about php in general as a programming language. I myself did not encounter language problems - I write small projects for myself, I don’t use third-party frameworks and enjoy life. Sometimes make familiar with the requests. If the task is interesting or just low-cost, then usually I do not refuse. And an acquaintance asked me to see why the autoposting plugin on various social networks does not work with Instagram as it should. Without thinking for a long time, I figured that there is nothing difficult in this - I’ll open the sublime text, download the source code for the plugin, search for the posting code on Instagram and correct what I need, but it wasn’t there ...
I set up FtpSync, downloaded the plug-in folder, opened the file suitable for the name and saw something like this:
if (!function_exists('CutFromTo')){ function CutFromTo($string, $from, $to){$fstart = stripos($string, $from); $tmp = substr($string,$fstart+strlen($from)); $flen = stripos($tmp, $to); return substr($tmp,0, $flen);}} That's right: several operations in one line file with a total number of lines more than a thousand. Then I realized that the case was bad and opened phpstorm, through Tools -> Deployment I set up access to ftp. Then, using Ctrl + Shift + Alt + L, I put the code in order and it became more readable:
')
if (!function_exists('CutFromTo')) { function CutFromTo($string, $from, $to) { $fstart = stripos($string, $from); $tmp = substr($string, $fstart + strlen($from)); $flen = stripos($tmp, $to); return substr($tmp, 0, $flen); } } The problem with the plug-in was that when posting a picture, an error was displayed instead of the header with an approximate content “Can not upload image to / tmp / FILE_NAME”, but the picture was successfully filled. Searching through files (Ctrl + Shift + F) I quickly got to the only place in the code where such text is used. (By the way, a similar error text with different variations of the statement of words in the sentence was in different places of the code. The developers should have put the text into a constant or created a function to get different variations depending on the parameters. In general, the presence of copy / paste programming.)
My friend tried to google the error and even found a user’s topic on the plugin’s authors ’forum with the same problem. Representatives of the plugin clearly tried to explain that a person should understand php better, indicated that their code uses only system functions and the problem is not on their side, by offering to read the FAQ. In general, support is low.
By a simple test of adding a word to a string, I tried to make sure that the function that I found in the code is being called, but no. After a little surprise, I began to track the call chain when I pressed the button. In exactly the same negligently formatted javascript code, I found which action is sent via ajax, again, by searching, I found a place in the php code and using
echo “aga”; I constantly checked that I was moving the right way until I came to this place in the code:
$nt = new SomeClass(); $nt->debug = false; if (!empty($options['ck'])) $nt->ck = $options['ck']; if (!empty($options['proxy']) && !empty($options['proxyOn'])) { $nt->proxy['proxy'] = $options['proxy']['proxy']; if (!empty($options['proxy']['up'])) $nt->proxy['up'] = $options['proxy']['up']; }; $loginErr = $nt->connect($options['uName'], $pass); if (!$loginErr) $ret = $nt->post($msg, $imgURL, $options['imgAct']); else { $badOut['Error'] .= 'Something went wrong - ' . print_r($loginErr, true); $ret = $badOut; } Separately, a picture from phpstorm ide:
So I came to an undeclared class. First of all I downloaded from the server all the other sources of the engine and plug-ins and searched all the files and tried to find the definition of the class. I was quite surprised when nothing was found. In other words, posting a picture takes place in a class that is not in the source code.
I asked a friend what kind of plugin it is, as a result of which it turned out that the plugin is public, specifically this modification (posting on Instagram) is paid for in it and its developers are Hindus. All other social networks work well. My surprise from what was happening only intensified, but okay.
The following code:
$reflector = new ReflectionClass('SomeClass'); echo $reflector->getFileName(); I got to the file in a different plugin and in the indicated line of code I found the call to the 'eval' function:
$t = get_site_option($this->c); $d = $this->k . 'decode'; if (!empty($t)) { $t = $d($t); eval($t); } A plugin with such a function is a paid add-on for connecting Instagram as well. The source code for working with “premium” networks is stored in the database and is loaded from the database with the help of 'eval' each time it is loaded.
Finally, I got to the code in which the output is not an actual error, now I had to open the code in phpstorm for further analysis, for which I just wrote the code from the database to a file and in order to change something I do require instead of eval:
$t = get_site_option($this->c); $fileName = $path . $this->c . '.php'; $d = $this->k . 'decode'; if (!empty($t)) { $t = $d($t); if (file_exists($fileName)) { require_once $fileName; } else { eval($t); file_put_contents($fileName, "<?php $t ?>"); } } The plugin provides for the intermediate saving of the published image in the / tmp folder in the system, and if it does not work out, then in the WordPress folder for downloads. The line with the error is used in several places of the code and the rest of the code for writing and checking for writing in different temporary folders, the developers simply copied and slightly modified the error text. Actually, only the file saving error was recorded in the variable:
if (!is_writebale($path)) { $variable = “can not upload image from /tmp/FILENAME”; if (!tryToSaveImageInWordpressFolder()) { return $variable; } } It is not clear for what reasons the same variable was later used in the code for the caption attribute when posting to an instagram:
sendImageToInstagram(array('caption' => $variable)); Changed the variable and ready. 5 minutes to identify and fix the bug and about 2 hours to find the location of the necessary code with the specified bug.
Perhaps, it would be necessary to draw some conclusions from the whole situation. In fact, there is no high morality in this. After the "adventures" I just wanted to share. So as I wrote in the introduction, this is just a small story from my experience with someone else's code, bad code. Hopefully, the story still smiled at someone, someone might have noticed something new in the approach of analyzing someone else's code, and someone may have taken a note of how best to design their code.
In the process of analysis, I ran into a variety of stamp problems, the most basic of which are:
- ridiculous code design: several operations in one line,
- active use of copy / paste programming,
- using the same variable for different purposes, which was the final bug,
- Another big reading problem was in the concatenation of function names when the name of the called function from several lines is collected ($ func = $ prefix. "_". $ name) is flexible, yes, but in the future using, for example, Alt + F7 in ide loses the ability to track the use of such functions and increases the difficulty of reading, I would recommend using switch and constants.
There were many other minor omissions that made the code a little more unreadable for outsiders. The biggest problem is that php syntax allows you to do all this and people, unfortunately, use this freedom for other purposes. I understand that the developers, keeping the source code in the database of the engine for which they are taking money, thus tried to make it less accessible, but this is an extremely wrong approach. The most banal argument: based on my experience, this approach did not work - I still got to paid sources without too much difficulty, but because of the time I wasted, my desire to distribute this paid code for free only intensified, and so it was zero. Thoughts even appeared to write your own plugin with exactly the same functionality in order to deliberately compete with developers. In general, if you still can't hide the source, then make it readable for other developers. This definitely will not negatively affect your profitability, but it will very well affect your reputation and will only increase your ability to earn more in the future.
Source: https://habr.com/ru/post/342670/
All Articles