“That’s right,” Kristof wrote. “He put a very limited list of invalid extensions in a string, and then made sure that the extension of the uploaded file was not in that list.”
He added, “when I asked my colleague what would happen if someone uploaded a .doc file or a .pdf file, he replied ‘Oh yeah, you’re right… I should add those to the list as well!’ I was stupefied.”
I’m stupefied as to how people like that ever become programmers. One of the most basic necessities of the occupation is the ability to think logically. Where is the logic in this? I need to understand how this guy thought he was performing the task correctly.
This will drive me crazy for the next week or so.
