Open Source Software Community - it's about ethics in Code of Conducts

[Nitro!]

It also has raw SQL queries:

Those are prepared queries, not concatenated. They are probably not vulnerable if XenForo is escaping these properly.

Methods ought to be type-hinted but may not be feasible. XenForo doesn't publish method prototypes for XF2, only general concept advice and could be invariant.

I skimmed through these when it was first published and the commit messages would have me storming over to my junior devs' desks for a friendly autism calming session but it's 99% CRUD operations and closed dependency injection operations. For all the hubbub it's pretty mundane service glue.

 

[4h0KSk9t]

Possibly unpopular opinion, but I always found these high-level languages gay and too complex.

Simplicity is key.

Only thing they have going for them is multi-OS capability, but Java has offered that for few decades now?

No need to reinvent the wheel, I mostly program in assembler and C..

Whatever

 

[Creative Username]

- snip -

also this post should probably go to the programming thread, click here to stop shitting up this thread and shit up another thread instead

 

[Creative Username]

For all the hubbub it's pretty mundane service glue.

well he was calling it "enterprise grade" and my webdev decoder ring i got from a box of ansi c-real back in 1999 tells me that this phrase translates to "making several good-looking crud forms using today's hottest tool"

 

[wtfNeedSignUp]

Possibly unpopular opinion, but I always found these high-level languages gay and too complex.

Simplicity is key.

Only thing they have going for them is multi-OS capability, but Java has offered that for few decades now?

No need to reinvent the wheel, I mostly program in assembler and C..

Whatever

Simplicity isn't writing in base languages, it's having a tool set of functions/classes that are optimized, clear in functionality and well documented so your code can be read rather than interpreted.

 

[skunt]

Somewhat worryingly, it appears to be extensively vibecoded. It has all the hallmarks of unedited AI code: slop readme, redundant, obvious comments splattered everywhere,

I don't know the first thing about PHP - maybe it's idiomatic in PHP or Xenforo, but it looks dodgy.

lol. you should @ him. I'm sure he'd love to know a rust retard is here calling his stuff vibe coded while you freely admit you don't have a clue about PHP.

 

[Kola]

lol. you should @ him. I'm sure he'd love to know a rust retard is here calling his stuff vibe coded while you freely admit you don't have a clue about PHP.

You really are mad about Rust, why? Do you treat languages like football clubs?

And yes at least the readme and many comments are obviously vibecoded. It's got the signature AI tone.

 

[ScooterL]

Somewhat worryingly, it appears to be extensively vibecoded. It has all the hallmarks of unedited AI code: slop readme, redundant, obvious comments splattered everywhere,

vibecoded. It's got the signature AI tone.

Probably the biggest clue was Null talking on last week's MATI about how he's using AI to program, because it increases productivity. Seems fine.

 

[Itchy Hemorrhoids]

You really are mad about Rust, why? Do you treat languages like football clubs?

Rust: the language for crybullies. Why are you doing this thing we started?!?!

 

[4h0KSk9t]

so your code can be read rather than interpreted.

For open source projects I absolutely agree, kind of misunderstood the thread's meaning since I just woke up when I posted.

 

[wtfNeedSignUp]

For open source projects I absolutely agree, kind of misunderstood the thread's meaning since I just woke up when I posted.

Every code may as well be someone else's code after enough time passes

 

[Kokonut Kangs Klan]

You really are mad about Rust, why? Do you treat languages like football clubs?

nigger you're writing security critiques while you can't distinguish parameterized SQL from raw string interpolation, and you chalk it up to "I don't know PHP". You've never used a DB without an ORM writing your queries for you, languages are the least of your worries. Astounding ignorance, fags like you are why I'm hesitant to participate in technical threads here.

e: and no XF isn't retarded, it redeems the needful. It does treat every param as a string which is odd but seems harmless.

Spoiler: source excerpt

    // XF\Db\AbstractAdapter
    public function fetchOne($query, $params = [], $column = 0)
    {
        return $this->query($query, $params)->fetchColumn($column);
    }
    public function query($query, $params = [])
    {
        $class = $this->statementClass;
        $statement = new $class($this, $query, $params);
        $statement->execute();
        return $statement;
    }

    // XF\Db\Mysqli\Statement
    public function execute()
    {
        if ($this->params)
        {
            $bind = [str_repeat('s', count($this->params))];
            foreach ($this->params AS &$param)
            {
                $bind[] = & $param;
            }

            call_user_func_array([$statement, 'bind_param'], $bind);
        }

 

[prollyanotherlurker]

I believe Karol Herbst was one of the prominent names that came up in my Nix write up.
Insane tranny being an insane tranny. talking about "maga/linux" wtf are you talking about?

 

[Kola]

You've never used a DB without an ORM writing your queries for you

I'll bite: why would you write simple selects and inserts manually when there are tools that will do it for you?

And yeah, I've never been interested in PHP. Sue me.

 

[SIMON THE PIEMAN]

I'll bite: why would you write simple selects and inserts manually when there are tools that will do it for you?

You answer your own question, it's simple to do and everyone understands it.

 

[Kola]

You answer your own question, it's simple to do and everyone understands it.

While this is a rational argument and has its place in some projects, I'd not risk it for a module that will take part in legal reporting, especially around the extremely sensitive topic of CP and compliance.

 

[DavidS877]

I'd trust my own queries far more than anything I've seen an ORM try and do.

 

[Kokonut Kangs Klan]

I'll bite: why would you write simple selects and inserts manually when there are tools that will do it for you?

And yeah, I've never been interested in PHP. Sue me.

it has nothing to do with PHP, prepared statements are a widely used database feature accessible from any language. And your preference for ORM-generated queries is irrelevant (I'm not here to debate the "why" of your tool choices, but fwiw it's easier to ensure that indexes are used properly when you're writing the query by hand), my point was that you're clearly unfamiliar with the patterns you're attempting to criticize. Almost like you're operating on vibes? Which is strangely common for AI critics seeking out things to talk shit about.

here's a tranny rust example so you can stop blaming your ignorance on php

 

[Kola]

it has nothing to do with PHP, prepared statements are a widely used database feature accessible from any language. And your preference for ORM-generated queries is irrelevant (I'm not here to debate the "why" of your tool choices), my point was that you're clearly unfamiliar with the patterns you're attempting to criticize. Almost like you're operating on vibes? Which is strangely common for AI critics seeking out things to talk shit about.

here's a tranny rust example so you can stop blaming your ignorance on php
View attachment 8238778

What an angry spergout of a post given the completely neutral subject. What's Rust got to do with it?

 

[Creative Username]

Insane tranny being an insane tranny. talking about "maga/linux" wtf are you talking about?

maybe it's seething over richard stallman, the greatest programmer alive, 2nd greatest to ever live, and current head gnuisance of the gnu project. as we all know, gnu is a critical part of desktop-targeted linux-based unix clone distributions, hence the proper and correct name "gnu/linux" for the combined system