Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
8 Jun 2016 at 06:11 UTC
Updated:
15 Mar 2017 at 10:54 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
gisleTo get people to review your application, you need to set its state to "Needs review". Please see project applicaton workflow.
Comment #4
ashwinshHello sriharsha.uppuluri,
My findings for your module as follows:
webform_redmine.module
Line 33: Menu item titles and descriptions should NOT be enclosed within t().
'description' => t('Select a Redmine project.'),Please check : https://www.drupal.org/node/140311
Line 257: Control statements should have one space between the control keyword and opening parenthesis
if(isset($token)){Line 257: use a space between the closing parenthesis and the open bracket
if(isset($token)){Line 258: Functions should be called with no spaces between the function name and opening parentheses
$uploads['upload'] = array (Line 260: String concatenation should be formatted with a space separating the operators (dot .) and the surrounding terms
'filename' => 'fmuser_'.$user->uid.'_on_'.time().'.json',Line 285: String concatenation should be formatted with a space separating the operators (dot .) and the surrounding terms
$request_url = $rm_base_url.$rm_endpoint;Line 291: Control statements should have one space between the control keyword and opening parenthesis
if($response->status_message != 'Created') {Line 297: The $message argument to drupal_set_message() should be enclosed within t() so that it is translatable.
drupal_set_message('Thanks for your feedback, an issue has been created.', 'status');Line 311: use a space between the closing parenthesis and the open bracket
function webform_redmine_issue_attach($file_contents){Line 327: String concatenation should be formatted with a space separating the operators (dot .) and the surrounding terms
$request_url = $rm_base_url.$rm_endpoint;Line 333: Control statements should have one space between the control keyword and opening parenthesis
if(isset($response->error) && $response->error != 'Created') {Line 345: Control statements should have one space between the control keyword and opening parenthesis
if(isset($results->upload->token)){Line 345: use a space between the closing parenthesis and the open bracket
if(isset($results->upload->token)){webform_redmine.admin.inc
Line 76: use a space between the closing parenthesis and the open bracket
function webform_redmine_admin_rmapi_config_submit($form, &$form_state){Line 89: use a space between the closing parenthesis and the open bracket
function webform_redmine_rmproject_select($form, &$form_state){Line 92: Control statements should have one space between the control keyword and opening parenthesis
if(!isset($rmkey_check)){Line 92: use a space between the closing parenthesis and the open bracket
if(!isset($rmkey_check)){Line 96: The $text argument to l() should be enclosed within t() so that it is translatable.
'#markup' => t('Configure your !apisettings first.', array('!apisettings' => l('Redmine API settings', 'admin/config/services/webform_redmine'))),Line 104: Control statements should have one space between the control keyword and opening parenthesis
if(isset($rmuid)){Line 104: use a space between the closing parenthesis and the open bracket
if(isset($rmuid)){Line 116: Control statements should have one space between the control keyword and opening parenthesis
if(!isset($projects)){Line 116: use a space between the closing parenthesis and the open bracket
if(!isset($projects)){Line 118: The $text argument to l() should be enclosed within t() so that it is translatable.
$args = array('!apisettings' => l('Redmine API settings', 'admin/config/services/webform_redmine'), '!recentlogs' => l('recent log entries', 'admin/reports/dblog'));Line 145: use a space between the closing parenthesis and the open bracket
Line 157: use a space between the closing parenthesis and the open bracket
function webform_redmine_rmuid(){Line 163: Control statements should have one space between the control keyword and opening parenthesis
if(!isset($rm_api_key)){Line 163: use a space between the closing parenthesis and the open bracket
if(!isset($rm_api_key)){Line 178: String concatenation should be formatted with a space separating the operators (dot .) and the surrounding terms
$request_url = $rm_base_url.$rm_endpoint;Line 184: Control statements should have one space between the control keyword and opening parenthesis
if($response->status_message == 'OK') {Line 202: use a space between the closing parenthesis and the open bracket
function webform_redmine_getrmprojects(){Line 208: Control statements should have one space between the control keyword and opening parenthesis
if(!isset($rm_api_key)){Line 208: use a space between the closing parenthesis and the open bracket
if(!isset($rm_api_key)){Line 226: String concatenation should be formatted with a space separating the operators (dot .) and the surrounding terms
$request_url = $rm_base_url.$rm_endpoint.'?'.drupal_http_build_query($rm_options);Line 232: Control statements should have one space between the control keyword and opening parenthesis
Line 235: Control statements should have one space between the control keyword and opening parenthesis
if(count($results->projects) < 1){Line 235: use a space between the closing parenthesis and the open bracket
if(count($results->projects) < 1){Line 247: Control statements should have one space between the control keyword and opening parenthesis
foreach($results->projects as $key => $project){Line 247: use a space between the closing parenthesis and the open bracket
foreach($results->projects as $key => $project){Thank you,
Comment #5
sriharsha.uppuluri commentedHello ashwin.shaharkar,
Thanks for reviewing, I have made the changes and committed.
Comment #6
David Fiaty commentedHello ashwin.shaharkar,
It looks like your code has been through pareview.sh, which is a very good thing.
There are a couple of things that should maybe be modified:
1. In webform_redmine.install line 28 there is a mysql table field definition called 'status', which is a reserved word in MySQL.
It could generate issues when using your module. You should rename this field and update any code that calls the field.
2. In webform_redmine.install line 34 there is a mysql table field definition called 'value', which is a reserved word in MySQL.
It could generate issues when using your module. You should rename this field and update any code that calls the field.
Thank you.
Comment #7
sriharsha.uppuluri commentedThanks, for reviewing. Changes are commited
Comment #8
gokulnk commentedLooks ok to me. If there are no more concerns, I think we can mark it as RTBC.
Comment #9
sriharsha.uppuluri commentedComment #10
sriharsha.uppuluri commentedComment #11
misc commentedRenewed the automatic review, and there are are some issues that you should take care of before a new manual review
http://pareview.sh/pareview/httpsgitdrupalorgsandboxsriharshauppuluri274...
Comment #12
visabhishek commentedComment #13
visabhishek commentedHi Harsha,
I think you have to retest all validations, because i am getting errors while i am trying to use.
Without setting APIs keys if i am trying to access mapping urls then i am getting error. Please see the screenshot.
Some more suggestions are :
Use t() for #value and #title.
Comment #14
sriharsha.uppuluri commentedI think pa-review has been updated. Updated the code accordingly. Thanks for the feedback @visabhishek.
Comment #15
sriharsha.uppuluri commentedComment #16
visabhishek commentedHi Harsha,
Some more points :
AS
Please remove all variables in hook_uninstall()
And i am getting following error , Please see screenshot.
Comment #17
sriharsha.uppuluri commentedThanks for the feedback. Fixed the error message.
Comment #18
sriharsha.uppuluri commentedComment #19
visabhishek commentedHi Harsha,
Now module is lookes good and working for me. I dont think we have any blocker point, So marking as RTBC.
Comment #20
sriharsha.uppuluri commentedComment #21
sriharsha.uppuluri commentedAdding review bonus
https://www.drupal.org/node/2680727#comment-11803735
https://www.drupal.org/node/2687641#comment-11803750
https://www.drupal.org/node/2723603#comment-11803790
https://www.drupal.org/node/2729031#comment-11803859
Comment #22
klausiReview of the 7.x-1.x branch (commit ad62dad):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
manual review:
Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #23
visabhishek commentedThanks klausi for this assignment.
My Findings are :
1: Please use % or @ instead of ! placeholder.
The placeholders (e.g. '%data' or '@data') are passed as plain-text and will be escaped when inserted into the translatable string. You can disable this escaping by using placeholders of the form '!data' but only if you are sure that the string is safe.
Examples are :
In webform_redmine_getrmprojects()
2: URLs must be checked with check_url()
Examples are :
in webform_redmine_api_call();
In webform_redmine_rmuid();
IN webform_redmine_getrmprojects()
Please let me know if i missed anything.
Thanks
Abhishek
Comment #24
klausi@visabhishek: your point 1) is correct.
point 2 is not correct: you should use check_url() only when printing something to HTML. drupal_http_request() is performing a request to a different site, but does not print anything to your HTML output. Same for curl_set_opt().
Comment #25
sriharsha.uppuluri commentedThanks for the review @visabhishek and @klausi will fix the issues.
Comment #26
PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #27
sriharsha.uppuluri commentedFixed the security issues.
Comment #28
sriharsha.uppuluri commentedComment #29
poojasharmaece commentedModules Looks good and working fine, Marking as RTBC.
Comment #30
visabhishek commentedReview of the 7.x-1.x branch (commit 72ea4ae):
No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Please update your readme file as https://www.drupal.org/node/2181737 otherwise all looks good for me.
Thanks for your contribution, sriharsha.uppuluri!
I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.
Comment #31
visabhishek commentedAssigning credits.
Comment #32
sriharsha.uppuluri commentedThanks for the feedback and approving my project. @klausi @visabhishek