The life of a Fixer

Intro

So, for those of you who don't already know: I've recently stepped into my own business fulltime. I work as a freelancer for a company that has outsourced me to another company as a consultant. (Yeah complicated,  I know).

In that company ("the client") I'm taking care of all the internally used PHP applications. Internally I'm what they refer to as "a fixer" and boy that expression holds some serious truth.

Most of the tools were originally written by non-developers (basically by anyone that had some web-experience and needed some kind of tool to get something done) and unfortunately it shows.

Now mind you, they are doing everything humanly possible to clean all this up, I wouldn't be here if they weren't. So in no way do these posts say negative things about the company as a whole, this is just about the legacy they have to deal with on a daily basis. I consider it my mission to improve their code while I'm maintaining it, but unfortunately it will take a while.

And... ?

Well as you might already suspect, I've been working there for a month now and I used up my "WTF!?" quota for the next 5 years. Which is why I figured I might as well share some stuff with the world :-)

Unfortunately I've missed a lot of good ones already, perhaps I'll recall enough details one day to still post them, but I'm sure there's more than enough stuff remaining :-)

A lot of these assume you know a thing or 2 about web development, which is why I'm putting them all under nerdy and webdev (and definitely WTF!).

Why not The Daily WTF you might ask? I don't want to fill up their news queue for the next year ;-)

Here we go!

A very urgent ticket was created yesterday. When arriving on the target site whilst not being logged in, you would get an error after logging in there. (Invalid template).

Some investigating later we determined that the user was correctly redirected to the login form if still anonymous, but that the redirect back to the originating page seemed to lose the query parameters.

This of course resulted in the described error, as the target page did not know what article to show.

Easy fix right? Figure out where the access check is done and make it include the query string as well. Mind you, for once this actually was the problem! Unfortunately as with everything I encounter here, there's more!

The code that did the check was in the actual target file. Not an included file, not a class... the actual source file. I'm pretty sure this will cause "oh shit" thoughts in every developers' head.

So we have an "isAuthorized"-function and a piece of regular code below, with a lot of MM_ prefixes (ah MacroMedia Dreamweaver stuff... nostalgia!).

A search later (a lot of doubting on whether I should actually do that) it turns out that the same snippet (function AND regular code) is copy/pasted into every one of the 253 entry scripts.

The allocated budget is limited to just this one fix, so there's no fixing the rest... So we log a "problem ticket" about the 252 other cases (that have the same bug but aren't currently considered an issue). If the customer ever approves that ticket we'll handle those. 'til then it's 252 pieces of buggy code!

See you on the one ;-)