Sunday, June 23, 2024

CodeSOD: Metaception

Programming LanguageCodeSOD: Metaception


Meta-programming- programs which generate programs- is a delightful hobby, but usually shouldn't be used in production code. Usually. I mean, if you're working in LISP, 90% of your program is going to be macros.

But if you're using PHP and JavaScript, there's good odds that someone you work with has decided to combine these two tastes together to create something nobody wants to taste.

This is a depressingly common anti-pattern, usually seen in the form of JavaScript code which looks like: if (1 == 2)– once upon a time one or both of those values were PHP variables, but we only see the resulting generated code.

A more extreme version happened to our anonymous submitter.

<div class="w-box-content">
<?
    table(array( 
    //...
        'options'=> array(
            <script type="text/javascript"> 
                {if $doc_status=="edit"} 
                    $("#doc-{$id}").closest("tr").find("td,a").addClass("text-danger");
                {/if}
            </script>'
        )
    ));
?>
</div>

We start with some HTML which wraps some PHP code. The PHP code embeds an HTML tag for JavaScript into an array, and inside that JavaScript embeds a Smarty Template, which wraps some JavaScript code that modifies a CSS class.

"text-danger", indeed. It's an impressively nested system of different languages and tools.

As an aside, I was unfamiliar with Smarty templates, so I looked them up. I won't comment on the technology, but for a PHP library framework, they also have a slew of "partners" for monetization- mostly online casinos and scams that'll invest your IRA into gold. I won't link them, but at first I thought their page had been hacked and turned into a link farm. No, they're still updating (as of mid 2023).

[Advertisement]
Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.

Check out our other content

Check out other tags:

Most Popular Articles