PHP – fooled me once again…
I was asked to take a look at several free and opensource software web-projects which are capable for so called “ISP configuration management”, managing web-, mail-, database-servers, etc. – handling clients, resellers and admins and having specialized frontends for them…
Anyway… I trigerred a weird bug in one of the projects where I got into an if-condition where I shouldn’t get into… which not just caused a weird behaviour of the application but was also a big security hole in this special case.
The code was something like that (simplified and not tested):
get_sql($value) {
if ($ret = mysql_query ("SELECT * FROM `table` WHERE foo='%s'"),
mysql_real_escape_string($value))
{
return $ret;
}
else
{
return false;
}
}
$result = get_sql($foo);
if (count($result) > 0) {
// privileged area...
}
Ugly code – anyway… how it was expected to behave by the author?
1) function get_sql() gets executed and therefore a sql-query
2) get_sql() returns an array of results
3) the number of results is checked via count($result) and when the result-array is greater than 0 jump into the if-block
Okay, so far so good…
However – I finally found out the SQL-query in get_sql() fails because of a typo.
No error was thrown in the above code – so what’s happening?
1) function get_sql() gets executed and therefore a sql-query
2) get_sql() returns the boolean false, because the sql-query failed
3) count($result), evaluated count(false) is called
As the software just did behave different and didn’t throw an error an intermediate result is:
count() applied on a boolean is valid !
So what’s count(false) going to return?
1! – the integer one!
count(false) is 1 and in PHP therefore true!
Proof:
$ php
<? echo count(false); ?>
1
$
Even better: this behaviour is kind of “documented” within an example at http://php.net/manual/en/function.count.php without any comment.
Okay, now guess:
What’s count(true) returning? And this is not documented!
1! – the integer one!
PHP – dine in hell…
FOSDEM
Me and most of the other OpenWrt-guys are going to FOSDEM – the Free And Open Software Developement Meeting in Brussels.
See you there! 
changes…
Hey,
now I set up wordpress again and invested a lot of time for merging all posts from previous blogs / cm-systems.
I also recategorized them, added a new lightweight design and decided to start writing some of the future posts (like this) in English, ’cause this blog is mainly tech-oriented and – at least – these posts should also be readable by non-german-speaking visitors.
But this decision is associated with a huge disadvantage: you have to read my fucking bad English 
ich will euch ja nicht nerven…
…aber irgendwie macht das Blog-Schreiben Spaß.
Ich überlege, ob ich sämtliche Inhalte, welche jetzt noch auf www.nanl.de/nanl/ liegen hierhin transferriere, da ich in keinster Weise von mambo begeistert bin und es relativ overskilled ist für ein bisschen Doku zu meinen Projekten und “Lebensberichten” 
Sooo… erstmal frühstücken…
So long…
Design
Auch wenn dieses Design ein wenig an die Anfänge der Pseudo-Hacker-Website-Designgeschichten erinnert, finde ich es trotzdem irgendwie cool.
Evtl. änder ich das bei Gelegenheit nochmal bzw. wenn mir ein seriöseres Theme in die Hände fällt.
So long…
WTF means nAnL ?!?!?11ßelf
nAnL war ein ehemaliger Counter-Strike-Fun-Clan dem ich angehörte (ja, so was gab’s mal ), dessen Clan-Tag ausgeschrieben “nix Aim nur Luck” bedeutete.
Der Clan löste sich kurz darauf auf (wie so ziemlich alle, denen ich angehörte – ob sie vor meinem Skill flüchteten?) und ich hab mir die Domain unter den Nagel gerissen.
Kurze Domains mit Sinn sind selten, was im konkreten Fall wohl bedeutet, dass die DeNIC Geld an einer weiteren sinnlosen Domain verdient
So, das war mein erster Post.
So long,
d@ten