Exam spider module provides exam or quiz with single and multiple options in a question.You can also use exam spider clock, negative marking, Display Random Question,Exam Published or unpublished. Easily set re attempt time in days, User can reattempt exam after that time period.

Project link

https://www.drupal.org/project/exam_spider

Git instructions

git clone --branch 7.x-2.x https://git.drupal.org/project/exam_spider.git

PAReview link

https://pareview.sh/pareview/https-git.drupal.org-project-exam_spider.git

Comments

sachintyagi99 created an issue. See original summary.

PA robot’s picture

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

rajveergangwar’s picture

Issue summary: View changes
rajveergangwar’s picture

Hi,

I have reviewed module. Below are my mentioned points

1:- Implement hook_help
2:- Your comments should contain Implements hook_hookname. See line 722 exam.inc your comment Should be Implements hook_form_submit.
Below url is given of Drupal API documentation standards for functions
https://www.drupal.org/node/1354

visabhishek’s picture

@rajveergang : Looks like you forgot to change the status. Is this now RTBC after your review or are there application blockers left and this should be "needs work"?

gaydamaka’s picture

Hi,

1.

drupal_add_css(drupal_get_path('module', 'exam_spider') . '/css/exam_spider.css');

May be better define constant EXAM_SLIDER_MODULE_NAME in module file and to use it everywhere.

2. Move $('.answer.form-checkbox') in variable.

hiramanpatil’s picture

Hi @sachintyagi99,

As a part of module review process on drupal.org you need to do some manual reviews of projects posted by community members at https://www.drupal.org/project/issues/projectapplications

Once you reviewed some projects, you need to add URLs of reviews in this post as part of review bonus system.

For more information please check How it works and Summary section at below URL -

https://www.drupal.org/node/1975228

Thanks

hiramanpatil’s picture

Status: Needs review » Needs work

@sachintyagi99,

Also update module REAdME.md file with more details. You can review README Template format to update the file.

This will help users who will be using this module to understand and configured it easily.

Thanks

PA robot’s picture

Status: Needs work » Closed (won't fix)

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.

sachintyagi99’s picture

Hi All,

I have fixed all issues mentioned by you as well as implemented hook_help.
Please review module and let me know your valuable feedback.

Best Regards,
Sachin Kumar

sachintyagi99’s picture

Status: Closed (won't fix) » Needs review
nisith’s picture

Hi @Sachin,

Please look into the below mentioned comments :

File: exams.inc

  • In function exam_spider_dashboard() : Please sanitize the text while displaying, use check_plain/filter_xss function.
  • In function exam_spider_exam_results() & exam_spider_dashboard() : Instead of using user_load($row->uid) function you can write a query to fetch username as user_load fetches all the user related data which seems not to be required by your function and that to user_load() has been written inside a foreach loop.

File: questions.inc

  • In function exam_spider_get_questions() : Please sanitize the text while displaying, use check_plain/filter_xss function.
  • use $form['#redirect'] instead of drupal_goto() as a best practice

Thanks,
Nisith

jack_ry’s picture

Under Exam settings,
Exam Duration & Re-attempt exam Time allows negative values. I did check the code. Despite respective validations, this happens. Am I the only one facing this issue? Even in the database negative values are stored.

nisith’s picture

Status: Needs review » Needs work
jack_ry’s picture

Hi Sachintyagi,

After looking into the code, I think I have found out the reason why it doesn't validate against negative values.

File: exams.inc

function exam_spider_add_exam_validate($form, &$form_state) {
if (!is_numeric($form_state['values']['exam_duration'])) {
form_set_error('exam_duration', t('You must enter a positive integer value for @examSpiderExamTitle duration.', array('@examSpiderExamTitle' => EXAM_SPIDER_EXAM_TITLE)));
}

is_numeric will only validate whether it's a number or a number string. It will not validate against negative values. However You have used

Line no. 254,
'#element_validate' => array('element_validate_integer_positive'), for only one form field(total_marks)

Please use the same for Exam Duration & Re-attempt exam Time fields.

sachintyagi99’s picture

Hi Nitish and Jack,

Thanks for review module.
I have fixed all validation and use filter_xss function to display summary.
I have removed user_load function in forloop as well as used query instead of user_load.
So I have fixed all errors mentioned by you in previous comments.

Please review module and let me if you have any further suggestion.

Thanks

sachintyagi99’s picture

Status: Needs work » Needs review
rajveergangwar’s picture

Below are my reviews :

1) use t() for Next in function exam_spider_exam_continue line 345 exam.inc

sachintyagi99’s picture

Hi Rajveer,

I have update next button text with t ().

Thanks

visabhishek’s picture

Status: Needs review » Needs work
Issue tags: -Needs Review +PAreview: security

Hi sachintyagi99,

Sanitize user entered values before displaying in front-end. If enter javascript inside Examname field, it is getting executed while displaying on admin/structure/examspider/results page. To replicate the issue give this value
";} /*]]>*/--> </style><script>alert('hacked')</script>"
inside Examname field. It seems like XSS vulnerability and an application blocker. Use check_plain()/filter_xss() function to sanitize data before displaying. In admin pages you can use filter_xss_admin() to sanitize values.

poojasharmaece’s picture

StatusFileSize
new46.16 KB

+1 visabhishek

I am attaching the screenshot.

sachintyagi99’s picture

Hi,

I have used filter_xss() to sanitize user entered values before displaying in front-end. So please have a look on module.

Thanks

sachintyagi99’s picture

Status: Needs work » Needs review
sachintyagi99’s picture

Priority: Normal » Critical
sriharsha.uppuluri’s picture

Everything is working fine. I have got a issue create the exam with filling all the fields, edit the exam and remove re-exam and submit. You will get DB error.

Suggestion:
Its better to have admin interface for mail body and subject.

sriharsha.uppuluri’s picture

Status: Needs review » Needs work
PA robot’s picture

Status: Needs work » Closed (won't fix)

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.

sachintyagi99’s picture

Hi Sriharsha,

Thanks a lot for reviewing my module. I have fixed the empty re-exam error. I have applied validation for this error.

Thanks

sachintyagi99’s picture

Status: Closed (won't fix) » Needs review
sachintyagi99’s picture

Priority: Critical » Major
pavnish’s picture

Status: Needs review » Needs work

Hi sachin ,

Please make configuration for EXAM_SPIDER_EXAM_URL,EXAM_SPIDER_EXAM_TITLE,EXAM_SPIDER_EXAM_SPIDER
define('EXAM_SPIDER_EXAM_URL', 'examspider');
define('EXAM_SPIDER_EXAM_TITLE', 'Exam');
define('EXAM_SPIDER_EXAM_SPIDER', 'exam_spider');

PA robot’s picture

Status: Needs work » Closed (won't fix)

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.

sachintyagi99’s picture

Issue summary: View changes
sachintyagi99’s picture

Status: Closed (won't fix) » Needs review
sachintyagi99’s picture

Hi @pavnish,

I have created functionality for below variables:
define('EXAM_SPIDER_EXAM_URL', 'examspider');
define('EXAM_SPIDER_EXAM_TITLE', 'Exam');

No need change module name using get module path: define('EXAM_SPIDER_EXAM_SPIDER', 'exam_spider');

Please review.

Thanks

avpaderno’s picture

Issue tags: +PAreview: security

PAReview: security is kept for statistics purposes.

sachintyagi99’s picture

Hi @kiamlaluno,

How can I "Opt into security advisory coverage" for this module?

Thanks
Sachin

avpaderno’s picture

@sachintyagi99 We just need the reviewers to make their task.

avpaderno’s picture

Issue summary: View changes
sleitner’s picture

Priority: Major » Normal
Status: Needs review » Needs work

Automated Review

Pareview details: https://pareview.sh/pareview/https-git.drupal.org-project-exam_spider.gi...

Review of the 8.x-3.x branch (commit 5c6af3c):

  • Remove LICENSE.txt, it will be added by drupal.org packaging automatically.
  • Coder Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.
  • DrupalPractice has found some issues with your code, but could be false positives.
  • No automated test cases were found, did you consider writing PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script.

Manual Review 8.x-3.x

Individual user account
Yes: Follows the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
[Yes: Meets the security requirements. / No: List of security issues identified.]
Coding style & Drupal API usage
  1. (*) add package: Education in exam_spider.info.yml
  2. (*) Do not use $_GET in ExamSpiderResultsForm.php, it is not secure
  3. (*) pareview issues above
  4. (*) 8.x-3.x does not install in simplytest.me

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

avpaderno’s picture

Status: Needs work » Closed (won't fix)

If you are still working on this application, you should fix all known problems and set the status to Needs review. (See also the project application workflow.)
Please don't change status of this application if you aren't sure you have time to dedicate to this application, or it will be closed again as won't fix.

I am closing this application due to lack of activity.