So we need to be careful with upper- and lowercase. Meanwhile the docs: > settiings
Yes, the settiings are different than the settings. You also need to be careful with those.
had to use a different spelliings at backend and frontend, otherwise it wouldn't work.
They specifically said "this is not a typo"!!!
Is the backend Python and the frontend JavaScript? Because then that would happen and just be normal, because Boolean true is
Truein python.Probably, but if you're interpreting user inputs as raw code, you've got much much worse problems going on, lol.
Given the warning about capitalization, the best possible case is that they're using ast.literal_eval() rather than throwing untrusted input into
eval().Err, I guess they might be comparing strings to 'True' and are choosing to be really strict about capitalization for some reason.
It's not User input, it's config file
Can't they just convert a "true" input to backend to uppercase
Yep they should use a config file format like JSON or TOML or YAML or what have you, and then decode that into python objects. Using an actual programming language for config is dumb as hell IMO. (inb4 pissed off suckless fans)
Depends on how it's set up. If the setting is going into the env it's a string, so I'd expect some sort of
if os.getenv("this_variable", "false").lower() == "true": # or maybe "in true, yes, on, 1" if you want to be weird like yaml this_variable = True else: this_variable = FalseExcept maybe a little more elegant and not typed on my phone.
But if the instructions are telling the user to edit the settings directly, like where I wrote this_variable=True, they'd need to case it correctly there.
I refer you to #7 on Bruce Tognazzini's evergreen top ten list of design bugs.
Searching for the phrase, documentation matches for Taiga so maybe you're right!
The cherry on top is that they didn't even spell settings correctly.
settiings is spelled differently on the backend
I swear, spelling mistakes are such an indicator for a codebase and the overall quality of the software team, and maybe the whole company. No attention paid to detail leaks out into other areas.
Glorious. I remember some hilarious nonsense in an API where the devs I worked with hadn't known they could just use boolean in JSON and had badly implemented it through strings, but this... This is amazing!
At my last job we had a lot of old code, and our supposedly smartest framework people couldn't be bothered learning front end properly. So there was a mix of methods for passing values to the front end, but nobody seemed to think of just passing JSON and parsing it into a single source of truth. There was so much digging for data in hidden columns of nested HTML tables, and you never knew if booleans would be "true", "TRUE", "1", or "Y" strings.
Never mind having to unformat currency strings to check the value then format them back to strings after updating values.
I fixed this stuff when I could, but it was half baked into the custom framework.
A system I work with gives all keys a string value of "Not_set" when the key is intended to be unset. The team decided to put this in because of a connection with a different, legacy system, whose developers (somehow) could not distinguish between a key being missing or being present but with a null value. So now every team that integrates with this system has to deal with these unset values.
Of course, it's up to individual developers to never forget to set a key to "Not_Set". Also, they forgot to standardise capitalisation and such so there are all sorts of variations "NOT_SET", "Not_set", "NotSet", etc. floating around the API responses. Also null is still a possible value you need to handle as well, though what it means is context dependent (usually it means someone fucked up).
Implying Hell is frontend.... yeah, actually, that tracks.
Baseball, huh?
Hear me out, what about using JSON to store the configuration in the Python backend?
I like your idea, but hear me out:
A Python file for configuration is the best way to guarantee that any friendly code I write to help the user with config usually won't execute. And I hate my users.
What happened to the good old
1Backend:
1Frontend:
¹2happened
I’ve always hated case sensitivity. I know that at an ASCII level “variable” != “Variable” but is there really a reason to have a distinction between them?
You stated the reason yourself. Those are different values and matching in a case-insensitive manner is more work under the hood.
You are thinking it's easy because you only think of e == E, but I'll let you look up collation and accents and, you know, Unicode and let you think about it.
There is nothing trivial about case sensitivity, except in trivial cases.
var true = false;var false = true;That makes me think, perhaps, you might be able to set it to
exec("stuff") or True...Cap in the back, low-key up front. Got it.
The backend and frontend on the product I work on are like this.
As long as you remember that booleans are not strings and should always be parsed if they are, this won't be a problem.
I am yet to see a boolean.parse() implementation in the wild that is case sensitive.
The could be using .js and .py files directly as config files and letting the language interpreter so the heavy lifting. Just like ye olde config.php.
And yes this absolutely will allow code injection by a config admin.
!!true't'+'r'+'u'+'e'Why have the options be "frontend", "backend", or "none" when you can be this creative?
But if it needs to be both why the case difference?
different languages I presume
if publicRegistration.equalsIgnoreCase("true")
