#1174 open reverse proxy in a production web app Python +27 
from django.http import JsonResponse, HttpResponse
import requests

def download_custom_award(request):
    try:
        custom_img = requests.get(request.GET.get('award'))
        response = HttpResponse(custom_img.content, content_type='application/PNG')
        filename = "Your_Award.png"
        response['Content-Disposition'] = 'attachment; filename=%s' % (filename)
        return response
    except Exception as e:
        return JsonResponse({'Status': 404, "message": e.message})

This developer was trying to force the browser to download a custom image rather than show it inline, so he coded an open reverse proxy and attempted to release it to a production web app. Also, all exceptions are trapped and shown to the user in plaintext in their browser.

Comments
By Anonymous, 2020-05-26 10:38:31
#1205 Pensando dificil C# +27 
if ((string)filtros[0] != "-1" && (string)filtros[0] != "0") 
    filtros[0] = (string)filtros[0] != "" ? filtros[0] : DBNull.Value;
    
else
    filtros[0] = DBNull.Value;
Comments
By Anonymous, 2020-06-02 18:22:05
#442 How ToDo Webservice Java +27 
for (InformacionPagareServiceDTO aux : res_pon.getListaRespuesta()) {
			String pattern_dic = "{\"Estdo\":\"%s\", \"Fecha Firma\":\"%s\", \"Fecha Grabacion\": \"%s\", \"ID Pagare\": \"%s\",\"Nombre Otorgante\": \"%s\",\"Tipo documento Otorgante\": \"%s\",\"Documento Otorgante\": \"%s\",\"Numero Pagare Entidad\": \"%s\",\"Pdf Pagare Nom\": \"%s\",\"Pdf Pagare Cont\": \"%s\"}";
			if (aux.getPdfPagare() == null) {
				if(dic_txt.equals("")) {
					dic_txt = String.format(pattern_dic, aux.getEstadoPagare(), aux.getFechaFirmaPagare(), aux.getFechaGrabacionPagare(), aux.getIdPagareDeceval(), aux.getNombreOtorgante(), aux.getTipoDocumentoOtorgante(), aux.getNumeroDocumentoOtorgante(), aux.getNumPagareEntidad(), aux.getPdfPagare(), aux.getPdfPagare());
				}else {
					dic_txt += ","+String.format(pattern_dic, aux.getEstadoPagare(), aux.getFechaFirmaPagare(), aux.getFechaGrabacionPagare(), aux.getIdPagareDeceval(), aux.getNombreOtorgante(), aux.getTipoDocumentoOtorgante(), aux.getNumeroDocumentoOtorgante(), aux.getNumPagareEntidad(), aux.getPdfPagare(), aux.getPdfPagare());
				}
			}else {
				if(dic_txt.equals("")) {
					dic_txt = String.format(pattern_dic, aux.getEstadoPagare(), aux.getFechaFirmaPagare(), aux.getFechaGrabacionPagare(), aux.getIdPagareDeceval(), aux.getNombreOtorgante(), aux.getTipoDocumentoOtorgante(), aux.getNumeroDocumentoOtorgante(), aux.getNumPagareEntidad(), aux.getPdfPagare().getNombreArchivo(), aux.getPdfPagare().getContenido());
				}else {
					dic_txt += ","+String.format(pattern_dic, aux.getEstadoPagare(), aux.getFechaFirmaPagare(), aux.getFechaGrabacionPagare(), aux.getIdPagareDeceval(), aux.getNombreOtorgante(), aux.getTipoDocumentoOtorgante(), aux.getNumeroDocumentoOtorgante(), aux.getNumPagareEntidad(), aux.getPdfPagare().getNombreArchivo(), aux.getPdfPagare().getContenido());
				}
			}
		}

Holy Shit

Comments
By rootweiller, 2020-01-15 03:47:22
#2567 Try catch whole code + no exception info for end user + exit code 0 Java +28 
public class Main {
    public static void main(String[] args) {
        try {
            //code goes here
        } catch (Exception e) {
            System.exit(0);
        }
    }
}
Comments
By s0m31, 2022-06-03 15:46:49
#144 Who needs socket.io rooms when you can do this? JavaScript +28 
socket.on('newMessage', (messageObj) => {
	if (roomNumber === messageObj.roomNumber) {

		console.log("message received:" + messageObj.message);
		$('#messages').append($('<li>').text(messageObj.userName + ' : ' + messageObj.message));

	}
});

socket.in wasn't behaving as advertised (broadcasting to all rooms). I decided to take matters into my own hands.

Comments
By Andrew, 2017-12-13 02:57:58
#196 true or false? LSL +28 
int true = 0;
while (true)
{
    //do something
}

true = false

Comments
By noz1995, 2017-12-15 16:08:59
#233 If only there was a way to determine when something is less than or equal to zero... PHP +29 
if ($customerId > 0) {
    $customerId = $customerId;
} else {
    $customerId = $this->customerSession->getId();
}
Comments
By Anonymous, 2018-01-10 16:42:14
#2155 nice repeat Lua +30 
local part = script.Parent

local OriginColor = Color3.new(0,170,255)

local KillColor = Color3.new(1, 0, 0)

part.Touched:Connect(function(H)
	local humanoid = H.Parent:FindFirstChild("Humanoid")
	if humanoid and part.Color == KillColor then
		humanoid.Health = 0

	end

end)

local shit = 1
repeat

	part.Color = OriginColor
	wait(1.5) 
	part.Color = KillColor
	wait(1.5)



until shit == 2
Comments
By petierko, 2021-06-23 19:02:54
#1441 ascii JavaScript +30 

function atoi(charstring)
{
  if(charstring=="a") return 0x61;if(charstring=="b") return 0x62;
  if(charstring=="c") return 0x63;if(charstring=="d") return 0x64;
  if(charstring=="e") return 0x65;if(charstring=="f") return 0x66;
  if(charstring=="g") return 0x67;if(charstring=="h") return 0x68;
  if(charstring=="i") return 0x69;if(charstring=="j") return 0x6a;
  if(charstring=="k") return 0x6b;if(charstring=="l") return 0x6c;
  if(charstring=="m") return 0x6d;if(charstring=="n") return 0x6e;
  if(charstring=="o") return 0x6f;if(charstring=="p") return 0x70;
  if(charstring=="q") return 0x71;if(charstring=="r") return 0x72;
  if(charstring=="s") return 0x73;if(charstring=="t") return 0x74;
  if(charstring=="u") return 0x75;if(charstring=="v") return 0x76;
  if(charstring=="w") return 0x77;if(charstring=="x") return 0x78;
  if(charstring=="y") return 0x79;if(charstring=="z") return 0x7a;
  if(charstring=="0") return 0x30;if(charstring=="1") return 0x31;
  if(charstring=="2") return 0x32;if(charstring=="3") return 0x33;
  if(charstring=="4") return 0x34;if(charstring=="5") return 0x35;
  if(charstring=="6") return 0x36;if(charstring=="7") return 0x37;
  if(charstring=="8") return 0x38;if(charstring=="9") return 0x39;
  if(charstring==".") return 0x2e;
  return 0x20;
}

found in a proxy script

Comments
By Anonymous, 2020-08-10 03:17:52
#1978 YII Framework debug PHP +30 
// comment out the following two lines when deployed to production
defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');

Never, ever define developer environment and debug as default thing! #pdk

Comments
By kadet, 2021-03-08 23:28:18
#214 Formsy plugin JavaScript +30 
// Method put on each input component to unregister
  // itself from the form
  detachFromForm: function detachFromForm(component) {
    var componentPos = this.inputs.indexOf(component);

    if (componentPos !== -1) {
      this.inputs = this.inputs.slice(0, componentPos).concat(this.inputs.slice(componentPos + 1));
    }

    this.validateForm();
  },

oh boy

Comments
By Anonymous, 2017-12-21 10:48:00
#2574 BRUH JavaScript +31 
else if result !== true && result === false { return result !== true }

should I keep this in our project or nah

Comments
By codelord, 2022-06-20 16:43:54
#68 "chukupax" framework PHP +31 
$_POST = $this->db->mres($_POST);
$_SESSION['post'] = $_POST;

$sql = "SELECT id, documento, nombre1, nombre2, apellido1, apellido2 "
        . "FROM usuarios "
        . "WHERE " .
    "REPLACE(" .
        "REPLACE(" .
            "REPLACE(" .
                "REPLACE(telefono,' ','')," .
                "'(','')," .
            "')','')," .
        "'-','') LIKE '%{$searchTel}'";
Comments
By Carlos Correa, 2016-09-16 22:11:38
#101 please, just stop Java +31 
if (baza[mCurrentIndex] == Boolean.TRUE) {
            if (mCurrentIndex != baza.length-1) {
                up();
                nextQuestion();
            }

            if (mCurrentIndex == baza.length) {
                WypiszWynik();
            }

        }

so you have an array of booleans and you're comparing it to Boolean.TRUE why

Comments
By pain, 2017-10-31 21:58:54
#1935 just gotta make sure it's a string Java +31 
String s = "string";

String.valueOf(s).toString();

// just to make sure it's a damn string
while(!s instanceof String) {
    String.valueOf(s).toString();
}
Comments
By Anonymous, 2021-01-23 17:11:10