@slimekat This was the same software that provided an inline text area to let people write their own sort algorithms for doing complex data sorting. It accepted arbitrary perl code and made no attempt to detaint its input, which it ran as root, because the program ran as root on its hosts. When I asked him what his defense was against "for find unlink," his response was to tell my boss I wasn't a team player.
Good times.
@slimekat On the back end, his database was two fields: ID and DATA. DATA was an import of whatever Data::Dumper spat out, which prevented us from upgrading our OS because Dumper's serializing algorithms aren't consistent from version to version; they warn as much in their software. I suggested we should upgrade to Data::Serializer, perhaps, for compatibility. I got told maybe I should just stick to operating the tool, not trying to be a developer.
programmers bad