Comments

fadonascimento created an issue. See original summary.

PA robot’s picture

Issue summary: View changes

Fixed the git clone URL in the issue summary for non-maintainer users.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

ljcarnieri’s picture

Issue summary: View changes
Issue tags: -#ciandt-contrib +#ciandt-contrib #PAReview: review bonus
ljcarnieri’s picture

Issue tags: -#ciandt-contrib #PAReview: review bonus +#ciandt-contrib, +#PAReview: review bonus
ljcarnieri’s picture

Issue tags: -#PAReview: review bonus +PAreview: review bonus
rajveergangwar’s picture

I didn't found any issues , below are my manual review

Manual Review

Individual user account
[Yes: Follows / No: Does not follow] the guidelines for individual user accounts.
No duplication
[Yes: Does not cause / No: Causes] module duplication and/or fragmentation.
Master Branch
[Yes: Follows / No: Does not follow] the guidelines for master branch.
Licensing
[Yes: Follows / No: Does not follow] the licensing requirements.
3rd party assets/code
[Yes: Follows / No: Does not follow] the guidelines for 3rd party assets/code.
README.txt/README.md
[Yes: Follows / No: Does not follow] the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
[Yes: Follows / No: Does not follow] the guidelines for project length and complexity.
rajveergangwar’s picture

Status: Needs review » Reviewed & tested by the community

changing status look like RTBC

ljcarnieri’s picture

Issue tags: -PAreview: review bonus
ljcarnieri’s picture

Issue summary: View changes
visabhishek’s picture

Issue summary: View changes
visabhishek’s picture

Status: Reviewed & tested by the community » Needs review
Issue tags: +PAreview: security
StatusFileSize
new51.89 KB
new11.28 KB

Automated Review

https://pareview.sh/node/435

Manual Review

Individual user account
Yes: Follows the guidelines for individual user accounts.
Yes duplication
https://www.drupal.org/project/webform_classes, Please explain the differences.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
No: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
No: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
No: Meets the security requirements.
  1. Found XSS Issue : If I enter <script>alert('XSS');</script> , its getting executed(see the attached screenshot). You need to sanitize data before printing. For more information about sanitizing, please read https://www.drupal.org/node/28984.
    1. Coding style & Drupal API usage
      1. (*) Please use t() for all user facing text.
      2. Example :
        1: Title in following code :

        function _webform_attributes_form_webform_component_edit_form_alter_all_components(&$form, &$form_state, $form_id, $node) {
          $default_value = _webform_attributes_get_value_extra($node, 'webform_attributes_data_field');
          $field = array(
            '#type'          => 'textarea',
            '#default_value' => $default_value,
            '#title'         => 'HTML attributes',
            '#description'   => t('Key-value pairs MUST be specified as "attribute_name|attribute_value". Use of only alphanumeric characters and underscores is recommended in keys. One attribute per line.'),
            '#required'      => FALSE,
            '#weight'        => -8,
          );
          $form['extra']['webform_attributes_data_field'] = $field;
        }
        function webform_attributes_form_webform_configure_form_alter(&$form, &$form_state) {
          _webform_attributes_files_include();
        
          // Custom textarea to add attributes on form.
          $form['advanced']['webform_attributes_form'] = array(
            '#type'          => 'textarea',
            '#default_value' => _webform_attributes_find_record_by_nid($form['#node']->nid),
            '#title'         => 'HTML attributes',
            '#description'   => t('Key-value pairs MUST be specified as "attribute_name|attribute_value". Use of only alphanumeric characters and underscores is recommended in keys. One attribute per line.'),
            '#required'      => FALSE,
            '#weight'        => -8,
          );
        
          // Add custom submit function to save values in database.
          $form['#submit'][] = "webform_attributes_configure_form_submit";
        }

      The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

visabhishek’s picture

Status: Needs review » Needs work
fadonascimento’s picture

Thanks a lot @rajveergang and @visabhishek for the review.

@visabhishek we fixed the following issues: 3rd party assets/code, README.txt/README.md, Secure code

This module is not duplication because the module webform_classes just add classes inside in each component, our module allows you to add any attributes to your form and their components, html5 attributes or custom attributes like a autocomplete, autofocus, contenteditable, data-XXXX, etc...
For example:

In admin page:

data-subject|physics
data-level|complex

When render the component:
<input type="text" data-subject="physics" data-level="complex"/>

And it's easy to manipulate attributes with javascript or modern framework javascript, in jQuery for example:

$('input').data('subject');
$('input').data('level');
fadonascimento’s picture

Status: Needs work » Needs review
naiduharish’s picture

Manual Review

Coding style & Drupal API usage
  1. This module is altering only text area, is there any scope of adding other elements further?
  2. Just a recommendation
  3. You can assign arg() to variable in below code and use instead of using directly

    /**
     * Find value in extra value webform.
     */
    function _webform_attributes_get_value_extra($node, $find_extra_element) {
      $default_value  = NULL;
      if (arg(4) === 'new') {
        return $default_value;
      }
      $extra_elements = $node->webform['components'][arg(4)]['extra'];
      if (!empty($extra_elements[$find_extra_element])) {
        $default_value = $extra_elements[$find_extra_element];
      }
      return $default_value;
    }
    

    as below

    /**
     * Find value in extra value webform.
     */
    function _webform_attributes_get_value_extra($node, $find_extra_element) {
      $default_value  = NULL;
      $arg = arg();
      if ($arg[4] === 'new') {
        return $default_value;
      }
      $extra_elements = $node->webform['components'][$arg[4]]['extra'];
      if (!empty($extra_elements[$find_extra_element])) {
        $default_value = $extra_elements[$find_extra_element];
      }
      return $default_value;
    }
    

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

naiduharish’s picture

Status: Needs review » Needs work
klausi’s picture

Status: Needs work » Needs review

@naiduharish: changing the usage of arg() is surely not an application blocker, anything else that you found or should this be RTBC instead?

murilomleandro’s picture

Status: Needs review » Reviewed & tested by the community

I also didn't found any issues. This will be very usefull for Bootstrap (data-target, data-dismiss) attributes, find below are my manual review

Manual Review

Individual user account
Yes: Follows the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.

fadonascimento’s picture

Thanks a lot @naiduharish for your review.
(2) - We fixed the issue about the arg() function, it's not a blocker but a good recomendation.
(1) - This module allows you to add any attributes to your form like a formnovalidate and their all components, not just in textarea, but also in textfield, email, selects, etc...

Thanks a lot @klausi for your time on reviewing my issue.

fadonascimento’s picture

Issue summary: View changes
fadonascimento’s picture

Issue tags: +#PAReview: review bonus
klausi’s picture

Issue summary: View changes
Issue tags: -#PAReview: review bonus

@fadonascimento: looks like you assigned the wrong tag, should be without '#'.

And you have not done all manual reviews, you just posted the output of an automated review tool. Make sure to read through the source code of the other projects as requested on the review bonus page https://www.drupal.org/node/1975228

fadonascimento’s picture

Thank you @murilomleandro for your time on reviewing my module.

Sorry for my mistake @klausi, I read the article and I will be following the template, Thanks a lot for your time on reviewing my issue tag.

fadonascimento’s picture

Issue summary: View changes
fadonascimento’s picture

Issue summary: View changes
fadonascimento’s picture

Issue tags: +PAreview: review bonus
rajveergangwar’s picture

I tested this module , working fine

fadonascimento’s picture

Thanks @rajveergang for your time on testing my module.

visabhishek’s picture

Status: Reviewed & tested by the community » Fixed

Review of the 7.x-1.x branch (commit e566c1c):

No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Module looks good for me.

Thanks for your contribution, fadonascimento!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

fadonascimento’s picture

Thanks a lot @visabhishek, I'll make a full release in soon.
Congratulations @visabhishek to the work you have been doing with a community.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.