Closed (won't fix)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
22 Jul 2016 at 12:19 UTC
Updated:
22 Oct 2018 at 07:17 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
rajveergangwarComment #4
rajveergangwarHi,
I have reviewed module. Below are my mentioned points
1:- Implement hook_help
2:- Your comments should contain Implements hook_hookname. See line 722 exam.inc your comment Should be Implements hook_form_submit.
Below url is given of Drupal API documentation standards for functions
https://www.drupal.org/node/1354
Comment #5
visabhishek commented@rajveergang : Looks like you forgot to change the status. Is this now RTBC after your review or are there application blockers left and this should be "needs work"?
Comment #6
gaydamaka commentedHi,
1.
May be better define constant
EXAM_SLIDER_MODULE_NAMEin module file and to use it everywhere.2. Move
$('.answer.form-checkbox')in variable.Comment #7
hiramanpatilHi @sachintyagi99,
As a part of module review process on drupal.org you need to do some manual reviews of projects posted by community members at https://www.drupal.org/project/issues/projectapplications
Once you reviewed some projects, you need to add URLs of reviews in this post as part of review bonus system.
For more information please check How it works and Summary section at below URL -
https://www.drupal.org/node/1975228
Thanks
Comment #8
hiramanpatil@sachintyagi99,
Also update module REAdME.md file with more details. You can review README Template format to update the file.
This will help users who will be using this module to understand and configured it easily.
Thanks
Comment #9
PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #10
sachintyagi99 commentedHi All,
I have fixed all issues mentioned by you as well as implemented hook_help.
Please review module and let me know your valuable feedback.
Best Regards,
Sachin Kumar
Comment #11
sachintyagi99 commentedComment #12
nisith commentedHi @Sachin,
Please look into the below mentioned comments :
File: exams.inc
File: questions.inc
Thanks,
Nisith
Comment #13
jack_ry commentedUnder Exam settings,
Exam Duration & Re-attempt exam Time allows negative values. I did check the code. Despite respective validations, this happens. Am I the only one facing this issue? Even in the database negative values are stored.
Comment #14
nisith commentedComment #15
jack_ry commentedHi Sachintyagi,
After looking into the code, I think I have found out the reason why it doesn't validate against negative values.
File: exams.inc
function exam_spider_add_exam_validate($form, &$form_state) {
if (!is_numeric($form_state['values']['exam_duration'])) {
form_set_error('exam_duration', t('You must enter a positive integer value for @examSpiderExamTitle duration.', array('@examSpiderExamTitle' => EXAM_SPIDER_EXAM_TITLE)));
}
is_numeric will only validate whether it's a number or a number string. It will not validate against negative values. However You have used
Line no. 254,
'#element_validate' => array('element_validate_integer_positive'), for only one form field(total_marks)
Please use the same for Exam Duration & Re-attempt exam Time fields.
Comment #16
sachintyagi99 commentedHi Nitish and Jack,
Thanks for review module.
I have fixed all validation and use filter_xss function to display summary.
I have removed user_load function in forloop as well as used query instead of user_load.
So I have fixed all errors mentioned by you in previous comments.
Please review module and let me if you have any further suggestion.
Thanks
Comment #17
sachintyagi99 commentedComment #18
rajveergangwarBelow are my reviews :
1) use t() for Next in function exam_spider_exam_continue line 345 exam.inc
Comment #19
sachintyagi99 commentedHi Rajveer,
I have update next button text with t ().
Thanks
Comment #20
visabhishek commentedHi sachintyagi99,
Sanitize user entered values before displaying in front-end. If enter javascript inside Examname field, it is getting executed while displaying on admin/structure/examspider/results page. To replicate the issue give this value
";} /*]]>*/--> </style><script>alert('hacked')</script>"inside Examname field. It seems like XSS vulnerability and an application blocker. Use check_plain()/filter_xss() function to sanitize data before displaying. In admin pages you can use filter_xss_admin() to sanitize values.
Comment #21
poojasharmaece commented+1 visabhishek
I am attaching the screenshot.
Comment #22
sachintyagi99 commentedHi,
I have used filter_xss() to sanitize user entered values before displaying in front-end. So please have a look on module.
Thanks
Comment #23
sachintyagi99 commentedComment #24
sachintyagi99 commentedComment #25
sriharsha.uppuluri commentedEverything is working fine. I have got a issue create the exam with filling all the fields, edit the exam and remove re-exam and submit. You will get DB error.
Suggestion:
Its better to have admin interface for mail body and subject.
Comment #26
sriharsha.uppuluri commentedComment #27
PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #28
sachintyagi99 commentedHi Sriharsha,
Thanks a lot for reviewing my module. I have fixed the empty re-exam error. I have applied validation for this error.
Thanks
Comment #29
sachintyagi99 commentedComment #30
sachintyagi99 commentedManual reviews of other projects:
https://www.drupal.org/node/2876230#comment-12074456
https://www.drupal.org/node/2876230#comment-12074489
https://www.drupal.org/node/2846434#comment-12074471
https://www.drupal.org/node/2853833#comment-12074477
Comment #31
sachintyagi99 commentedComment #33
pavnish commentedHi sachin ,
Please make configuration for EXAM_SPIDER_EXAM_URL,EXAM_SPIDER_EXAM_TITLE,EXAM_SPIDER_EXAM_SPIDER
define('EXAM_SPIDER_EXAM_URL', 'examspider');
define('EXAM_SPIDER_EXAM_TITLE', 'Exam');
define('EXAM_SPIDER_EXAM_SPIDER', 'exam_spider');
Comment #34
PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #35
sachintyagi99 commentedComment #36
sachintyagi99 commentedComment #37
sachintyagi99 commentedHi @pavnish,
I have created functionality for below variables:
define('EXAM_SPIDER_EXAM_URL', 'examspider');
define('EXAM_SPIDER_EXAM_TITLE', 'Exam');
No need change module name using get module path: define('EXAM_SPIDER_EXAM_SPIDER', 'exam_spider');
Please review.
Thanks
Comment #38
avpadernoPAReview: security is kept for statistics purposes.
Comment #39
sachintyagi99 commentedHi @kiamlaluno,
How can I "Opt into security advisory coverage" for this module?
Thanks
Sachin
Comment #40
avpaderno@sachintyagi99 We just need the reviewers to make their task.
Comment #41
avpadernoComment #42
sleitner commentedAutomated Review
Pareview details: https://pareview.sh/pareview/https-git.drupal.org-project-exam_spider.gi...
Review of the 8.x-3.x branch (commit 5c6af3c):
This automated report was generated with PAReview.sh, your friendly project application review script.
Manual Review 8.x-3.x
package: Educationin exam_spider.info.ymlThe starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #43
avpadernoIf you are still working on this application, you should fix all known problems and set the status to Needs review. (See also the project application workflow.)
Please don't change status of this application if you aren't sure you have time to dedicate to this application, or it will be closed again as won't fix.
I am closing this application due to lack of activity.