[D7] Blizzard Community Platform API [#1351312]

Comment	File	Size	Author
#53	drupalcs-result.txt	14.64 KB	klausi
#48	drupalcs-result.txt	21.33 KB	klausi
#43	drupalcs-result.txt	13.75 KB	klausi

Comment #1

sylvain lecoy commented 24 November 2011 at 06:54

Here is actually the project page: http://drupal.org/sandbox/SylvainLecoy/1256604

Log in or register to post comments

Comment #2

patrickd commented 29 November 2011 at 13:04

Status:

Needs review

» Needs work

It appears you are working in the "master" branch in git. You should really be working in a version specific branch. The most direct documentation on this is Moving from a master branch to a version branch. For additional resources please see the documentation about release naming conventions and creating a branch in git.
Review of the master branch:

README.txt is missing, see the guidelines for in-project documentation.
Remove "version" from the info file, it will be added by drupal.org packaging automatically.
./modules/guild_rank/guild_rank.install: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function guild_rank_install() {
function guild_rank_requirements($phase) {
function guild_rank_uninstall() {
```
./modules/guild_rank/guild_rank.character.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function guild_rank_character_presave($character) {
```

./modules/guild_rank/guild_rank.admin.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function guild_admin_ranks($form, &$form_state) {
function guild_admin_ranks_order_submit($form, &$form_state) {
function guild_admin_rank($form, $form_state, $rank) {
function guild_admin_rank_validate($form, $form_state) {
function guild_admin_rank_submit($form, $form_state) {
function guild_admin_rank_delete_submit($form, &$form_state) {
function guild_admin_rank_delete_confirm($form, &$form_state, $rank) {
function guild_admin_rank_delete_confirm_submit($form, &$form_state) {

./modules/guild_rank/guild_rank.module: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function guild_rank_user_load($users) {
function guild_rank_boot() {
function guild_rank_menu() {
function guild_rank_load($rid) {
function guild_rank_load_by_name($rank_name) {
function guild_rank_permission() {
function guild_ranks() {
function guild_rank_save($rank) {
function guild_rank_delete($rank) {
function guild_rank_theme() {

./modules/guild/guild.admin.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function guild_information_settings($form, &$form_state) {
function guild_information_settings_validate($form, &$form_state) {
function guild_information_settings_submit($form, &$form_state) {
function guild_information_settings_submit_optional($form, &$form_state) {
function guild_information_region_callback($form, $form_state) {

./modules/guild/guild.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function _character_rank_cmp($a, $b) {
function guild_members_save($guild) {
```
./modules/guild/guild.install: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function guild_install() {
function guild_schema() {
function guild_schema_alter(&$schema) {
function guild_uninstall() {
```

./modules/guild/guild.module: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function guild_load_multiple($gids = array(), $reset = FALSE) {
function guild_load($gid = NULL, $reset = FALSE) {
function guild_load_by_name($realm, $name) {
function guild_save($guild) {
function guild_fetch($realm, $guild_name, array $fields = array(), array $options = array()) {
function guild_fetch_guild($guild, array $fields = array(), $force = FALSE) {
function guild_members_select($alias = NULL, $gid = NULL, $options = array()) {
function guild_is_default($guild) {
function guild_set_default($guild) {
function guild_character_set_main_access($character, $account, &$rights = array()) {
function guild_menu() {
function guild_hook_info() {
function guild_entity_info() {
function guild_theme() {
function guild_cron() {
function guild_permission() {
function guild_rewards($id = NULL, $reset = FALSE) {

./modules/character/character.install: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function character_requirements($phase) {
function character_install() {
function character_schema() {
function character_uninstall() {
```

./modules/character/character.pages.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function character_user($account) {
function character_user_add($form, &$form_state, $account) {
function character_user_add_validate($form, &$form_state) {
function character_user_add_submit($form, &$form_state) {
function character_set_main_status($main, $account, $rights) {
function character_user_delete_form($form, $form_state, $account, $cid = 0) {
function character_user_delete_form_submit($form, &$form_state) {
function character_set_main($character) {
function character_user_unblock_form($form, &$form_state, $account, $cid = 0) {
function character_user_unblock_form_validate($form, &$form_state) {
function character_user_unblock_form_submit($form, &$form_state) {
function character_page_title($character) {
function character_view_page($character) {
function character_show($character) {
function character_view_multiple($characters, $view_mode = 'teaser', $weight = 0, $langcode = NULL) {
function character_view($character, $view_mode = 'full', $langcode = NULL) {
function character_build_content($character, $view_mode = 'full', $langcode = NULL) {

./modules/character/character.admin.inc: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function character_admin($callback_arg = '') {
function character_filter_form() {
function character_filter_form_submit($form, &$form_state) {
function character_admin_account() {
function character_admin_account_submit($form, &$form_state) {
function character_admin_account_validate($form, &$form_state) {
function character_admin_settings() {
function character_filters() {
function character_build_filter_query(SelectQuery $query) {
function character_character_operations($form = array(), $form_state = array()) {
function character_character_operations_set_main($character) {
function character_character_operations_unblock($characters) {
function character_character_operations_block($characters) {

./modules/character/character.module: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming

function character_menu() {
function character_help($path, $arg) {
function character_access($op, $character, $account = NULL) {
function character_use_guild_ranks($character) {
function character_permission() {
function character_load_multiple($cids = array(), $reset = FALSE) {
function character_load($cid = NULL, $reset = FALSE) {
function character_load_by_name($realm, $name) {
function character_delete($cid) {
function character_delete_multiple(array $cids) {
function character_save($character) {
function character_hook_info() {
function character_entity_info() {
function character_races($id = NULL, $reset = FALSE) {
function character_classes($id = NULL, $reset = FALSE) {
function character_fetch($realm, $character_name, $fields = array(), array $options = array()) {
function character_theme() {
function character_uri($character) {
function character_preprocess_forum_submitted(&$variables) {

./tests/guild.test: all functions should be prefixed with your module/theme name to avoid name clashes. See http://drupal.org/node/318#naming
```
function guild_test_fetch($realm, $guild_name, array $fields = array()) {
```
./modules/guild/guild.admin.inc: The description on the line after the @param/@return documentation is either missing or not formatted correctly. See http://drupal.org/node/1354#functions
```
139- */
```
./modules/guild/guild.module: The description on the line after the @param/@return documentation is either missing or not formatted correctly. See http://drupal.org/node/1354#functions
```
236- */
```
./wow.admin.inc: The description on the line after the @param/@return documentation is either missing or not formatted correctly. See http://drupal.org/node/1354#functions
```
126- */
```

Bad line endings were found, always use unix style terminators. See http://drupal.org/coding-standards#indenting


css/roster.css
css/wow.css
modules/guild_rank/guild_rank.css
modules/guild_rank/guild_rank.install
modules/guild_rank/guild_rank.character.inc
modules/guild_rank/guild_rank.info
modules/guild_rank/guild_rank.admin.inc
modules/guild_rank/guild_rank.module
modules/guild/guild.admin.inc
modules/guild/guild.info
modules/guild/guild.inc
modules/guild/guild.install
modules/guild/guild.module
modules/character/character.install
modules/character/translations/ressources.php
modules/character/character.info
modules/character/character.css
modules/character/character.theme.inc
modules/character/character.pages.inc
modules/character/character.admin.inc
modules/character/character.module
modules/character/blizzard.tooltip.js
modules/character/character.tooltip.js
modules/character/blizzard.core.js
modules/wow_item/wow_item.module
modules/wow_realm/wow_realm.module
modules/wow_realm/wow_realm.info
tests/wow_test.test
tests/wow_test.info
tests/wow_test.module
tests/guild_rank.test
tests/resources/eu.battle.net/item/classes.json
tests/resources/eu.battle.net/guild/rewards
tests/resources/eu.battle.net/guild/perks
tests/resources/eu.battle.net/character/races.json
tests/resources/eu.battle.net/character/classes.json
tests/guild.test
wow.admin.inc
wow.info
wow.install
wow.module

Remove all old CVS $Id tags, they are not needed anymore.

modules/guild/guild.install:2:// $Id$
modules/character/character.install:2:// $Id$
modules/character/translations/fr.po:1:# $Id$
modules/character/translations/character.pot:1:# $Id$

All text files should end in a single newline (\n). See http://drupal.org/node/318#indenting

./modules/guild_rank/guild_rank.install ./modules/guild_rank/guild_rank.character.inc ./modules/guild_rank/guild_rank.info ./modules/guild_rank/guild_rank.admin.inc ./modules/guild_rank/guild_rank.module ./modules/guild/guild.admin.inc ./modules/guild/guild.info ./modules/guild/guild.inc ./modules/guild/guild.install ./modules/character/character.install ./modules/character/translations/ressources.php ./modules/character/character.info ./modules/character/character.css ./modules/character/character.theme.inc ./modules/character/character.pages.inc ./modules/character/character.admin.inc ./modules/character/character.module ./modules/character/blizzard.tooltip.js ./modules/character/character.tooltip.js ./modules/character/blizzard.core.js ./modules/wow_realm/wow_realm.info ./css/roster.css ./css/wow.css ./wow.install ./wow.admin.inc ./wow.info ./wow.module ./tests/wow_test.test ./tests/wow_test.info ./tests/wow_test.module ./tests/guild_rank.test ./tests/guild.test

This automated report was generated with PAReview.sh, your friendly project application review script. Go and review some other project applications, so we can get back to yours sooner.

Source: http://ventral.org/pareview - PAReview.sh online service

Log in or register to post comments

Comment #3

sylvain lecoy commented 30 November 2011 at 05:30

Status:

Needs work

» Needs review

Thanks for the review,

I fixed the master branch and deleted it. Now working on 7.x-1.x branch.

I added a README.txt text file for the module.

I removed the version field in info files.

I corrected the line ending to be UNIX friendly.

However, for namespace, I'm afraid that I used the right namespace for each of my submodules. Maybe because my project contains submodules it creates a bug saying submodules namespaces are not correct. For the submodule 'guild_rank'; functions are prefixed with 'guild_rank', same for character and guild. If I miss something really obvious please help because I don't know how to fix this.

Sylvain Lecoy

Log in or register to post comments

Comment #4

patrickd commented 30 November 2011 at 07:50

Yep your' right, seems like false positives.

IMHO your submodules sound a little unspecific, maybe something like blizzard_guild would be better ? just a suggestion.. ;)

Log in or register to post comments

Comment #5

sylvain lecoy commented 2 December 2011 at 05:49

In the first version I prefixed all submodules by wow_ :

wow_character
wow_item
wow_guild

But I started to stop this because of the length of hooks, for instance I have a hook in characters, called character_presave. This is hooked up in the guild_rank module to update guild ranks: guild_rank_character_presave. Also the file is simply: guild_rank.character.inc.

If I had to prefix all submodules by wow_, this would give: wow_guild_rank_wow_character_presave which looks a bit silly, in a file called wow_guild_rank.wow_character.inc. If this is a namespace problem I will consider prefixing submodules, if its not, I'd like to keep the name I given them.

Sylvain Lecoy

Edit: Actually I don't know, you're right 'wow_guild' sounds more specific, however, if you install this module, its likely to integrate World of Warcraft so I think guild and character entities do not need more specificity.

Log in or register to post comments

Comment #6

patrickd commented 4 December 2011 at 21:04

Status:

Needs review

» Needs work

See http://ventral.org/pareview/httpgitdrupalorgsandboxsylvainlecoy1256604git

Log in or register to post comments

Comment #7

patrickd commented 8 December 2011 at 08:07

Status:

Needs work

» Needs review

Switched back to needs review, so in-depth reviews won't be blocked by coding standart issues.

Log in or register to post comments

Comment #8

sylvain lecoy commented 25 December 2011 at 22:10

Ok thanks !

Any reviewers ? :)

Log in or register to post comments

Comment #9

sylvain lecoy commented 5 January 2012 at 12:03

Any news please ?

Log in or register to post comments

Comment #10

jthorson commented 6 January 2012 at 19:23

Regarding comment #5, I'd suggest adding the wow_ prefix to your submodule functions, even if it starts to look a bit silly.

The reason behind this suggestion is so that users who are attempting any customization or extension of your module's functionality can look at the main module file to determine your function naming pattern; rather than needing to look at every submodule in order to avoid declaring any duplicate php function names.

As an example, if I were to attempt to build some additional enhancements or functionality in a custom module after installing this one, I would initially assume that you are following common Drupal naming patterns, and using the 'wow_' prefix consistently throughout your module and submodules. Based on this assumption, I may decide to name my custom module 'guild', thus creating the possibility of namespace collisions with the php functions in your guild_rank submodule.

Log in or register to post comments

Comment #11

sylvain lecoy commented 7 January 2012 at 10:03

Hello jthorson and thank you for your time,

I have been thinking a long time to prefix or not submodules,

I first looked at the drupal core itself to see how it was done: based on field module; submodules are not prefixed by field: 'number', 'list', 'options', 'text'. This is a concise choice that I find elegant. In the core itself it seems there is no common naming patterns, also I have been looking at the online documentation but I couldn't find something about submodules.
I then looked at some contribs where there is no specific rules again: 'media' module base all its submodules by 'media_' ('media_gallery', 'media_youtube', etc.) whereas ctools got submodules not prefixed by 'ctools' ('bulk_export', 'page_manager', 'stylizer').
Regarding your concerns, I think if you want to extends the guild module (which provides a base table for guild, and a 'guild' entity), the module itself will need some more specificity in its naming because all basic functionnalities are already supported in guild module. It's like extending the node module, you cannot call it node since node is the owner of the node table and entity that allows to work on.

Eventually, I have been looking at drupal namespaces:

Guild is not taken by any contribs: http://drupal.org/project/guild leads to 404.
Character is not taken by any contribs: http://drupal.org/project/character leads to 404.
Auction is not taken by any contribs: http://drupal.org/project/auction leads to 404.
Item is a module which seems abandonned: http://drupal.org/project/item has no release nor description.
PVP is not taken by any contribs: http://drupal.org/project/pvp leads to 404.

Thank you for having reading me, I hope this is not a blocker for the review process as it has not blocked other contributed modules nor core by the past.

Sylvain Lecoy

Log in or register to post comments

Comment #12

jthorson commented 7 January 2012 at 16:26

The difference between your examples is that (in contrib) the field types are packaged as seperate modules ... address, name, etc can all be downloaded individually. These are 'field modules', but they are not 'submodules included in the field module package'.

The pattern I'm strongly suggesting is "one download, one namespace". The fact that there are other projects that don't follow this pattern is irrelevant to the application and/or recommendation ... we can go back and forth all day finding exceptions to best practices; but one of the goals of this process is to educate and enforce best practices in a new contributor's initial module.

Once approved by this process, contributors are granted free reign to produce new modules without review or restriction; and plenty of non-best practices are introduced into contrib due to this freedom. Since this application process is the only touch point where we can actively educate applicants and encourage best practices to be used once the applicant is released into contrib, reviewers will tend to stick to their guns and enforce these practices to their full extent. Arguments that 'Contrib module X did it this way' don't really carry much weight from this perspective.

That said, we also recognize that interpretations can differ from person to person, and what one might take as a strong opinion might be consider trivial to the next ... so we do offer a forum for discussion the best practices themselves (and/or a place to request a second opinion if a debate arises with a reviewer) ... please feel free to raise this debate at http://groups.drupal.org/code-review, so that it can be discussed and tracked outside of this individual application (and so the discussion can be easily found the next time the same issue is raised).

Your 'these namespaces aren't taken' comment reinforces the point ... the guild namespace isn't taken at drupal.org/project/guild ... but how can you easily confirm or prove that it hasn't already been taken as the name of a 'sub-module' in another project?

Log in or register to post comments

Comment #13

sylvain lecoy commented 7 January 2012 at 17:57

Well I didn't know that ctools wasn't respecting best practises. Don't get me wrong, it is not to compare with another contribs, I have taken this example because I thougt it was the proper way to do things. When you don't know, you look at how other people did, that is something I had in mind by looking at core and other contribs, and when I looked at other people code, I learned from them. Now that you say me that i'm probably wrong, I will listen to you and correct my mistakes but do you have any link where I can find some written rules about submodules naming ?

Thank you for your explaination, do you suggest that I need to refactor submodules ? And in this case, what about entity naming ? Should it be a 'wow_character' entity instead of a 'character' entity ? Or do you suggest to separate wow base module and provide a suit of modules called 'character', 'guild', with their own namespace.

About the question that you asked me, I can't confirm or prove that it hasn't already been taken in another project. However, I understood that the review process should not allow this.

Edit: I have found something here http://groups.drupal.org/node/21725 and it seems that its only a recommandation,

prefixing a module with the dependent/required module groups them nicely together in the filesystem (think views*, og*, ec*, ...), but is only a recommendation, no standard, convention, or requirement.

Log in or register to post comments

Comment #14

jthorson commented 8 January 2012 at 00:00

My concern would be primarily with php function names, as a duplicate function name can take down the entire site. I'd also recommend that at least 'character' be namespaced, as 'character' is a pretty generic term that can mean any number of things outside of the scope of WoW or RPGs, and thus the possibility of collisions is higher. Based on this, and from the perspective of consistency, the rest should thus probably be prefixed as well.

Your correct that this is only a recommendation, which is why I've used the term 'suggest' and not bumped your application down to 'needs work' because of it. But I would say it is at least enough of a convention that whether the resulting function name looks silly should not be part of the decision process. :)

Log in or register to post comments

Comment #15

sylvain lecoy commented 8 January 2012 at 13:23

Yes you are right, character is pretty generic, as well as guild. A WoW Character is really different that any other characters and this is the same for guild.

I am about to modify the following things:

- rename guild module to wow_guild.
- rename character module to wow_character.

But now, to keep it consistent, I will need as well to refactor entity name 'character' to 'wow_character' and SQL table from 'characters' to 'wow_characters', same for 'guild' entity to 'wow_guild' and 'guild' table to 'wow_guild'.

What about the rest of the module, did you actually looked at the code ? Security issues and so on ?

I'll let you know when the refactored module will be uploaded.

Thank you for your time,

Sylvain Lecoy

Log in or register to post comments

Comment #16

sylvain lecoy commented 9 January 2012 at 12:56

Seems it will be longer than expected, is the review process blocked until I commit the refactored version ?

Log in or register to post comments

Comment #17

jthorson commented 9 January 2012 at 14:10

We'll leave it in 'needs review', since it hasn't yet received a true in-depth review yet ... most reviewers will read the history as well, so should see the above conversation. (That said, be patient with them if they don't!)

Log in or register to post comments

Comment #18

sylvain lecoy commented 14 January 2012 at 14:39

I corrected the following:

- Changed sub-modules name to be prefixed by wow_.
- Corrected a timestamp bug preventing manually refreshing a guild info.
- Added dynamic translation for service related strings.
- Added 'HIDDEN = true' in the info file so old modules cannot be installed by mistake.

Tested upgrade path.
Tested on new install (locale).
Tested on live server (http://shinsen.fr).

Log in or register to post comments

Comment #19

sylvain lecoy commented 26 January 2012 at 18:48

Hi again, I would really like to know if I can find help somewhere to review my module.

I have nearly no code issue (scanned with the coder module), changed the function submodule namespace. Also I created a detailled project page, a demo website, the code is clean and documented, I have also written some test.

Is this not sufficient to review my module ? Nearly two months without any serious reviewer... Is there anyone here to review my module, then I review back his module. Is this how it works or the reviewer needs to be approved by a certain authority ?

Let's help us together, I pledge I will be a focused, in-depth reviewer :)

Log in or register to post comments

Comment #20

jthorson commented 27 January 2012 at 01:59

The way it works is that anyone can review and mark RTBC, and then a 'Git Admin' will visit and approve the application (or bounce it back to needs review if any issues have been overlooked). If you'd like to solicit another member of the Drupal community to review your application, they can find review guidelines and other information at http://groups.drupal.org/code-review

Unfortunately, there are around 150 projects awaiting reviews at any given time, and only a small handful (3-10 volunteers) of active 'deep-dive' reviewers ... so the wait in the queue can be somewhat frustrating.

While the longest wait between responses currently being experienced is in the neighborhood of 3-4 weeks, the good news is that this is a vast improvement over 6 months ago, when the wait for some applications could grow to three times that. :( Rest assured that the delay is simply a function of an overload of applications and too few reviewers ... and should not be interpreted as a lack of interest in your particular project.

Thanks again for your patience!

Log in or register to post comments

Comment #21

sylvain lecoy commented 11 February 2012 at 13:57

If I create a second account I can trick the system and review myself ? :p

Its not that I want to cheat but this module open possibilities, and I have already a suit of modules depending on this one to help people build guild website. It was ready in september, I submitted it in november 2011 and we are approaching march 2012 :(

I have already developped two modules depending on this one:

- EPGP: EPGP is an Effort/Gear reward system and addon for World of Warcraft.
- WoW Forum: This module adds guild forum capabilities. (such as avatar for your character, fetched from battle.net)

Log in or register to post comments

Comment #22

patrickd commented 11 February 2012 at 13:59

Have a look at #1410826: [META] Review bonus to get a review quicker

Log in or register to post comments

Comment #23

sylvain lecoy commented 21 March 2012 at 05:50

Status:

Needs review

» Reviewed & tested by the community

I think the code I written is drupal compliant.

I put it as RTBC after a deep review of myself.

Log in or register to post comments

Comment #24

jthorson commented 21 March 2012 at 07:39

Large suite of modules, leveraging multiple Drupal Apis, active repository, and waiting way to long ... Only did a partial review, but what I saw looks good. I'm willing to suggest we make this happen.

Log in or register to post comments

Comment #25

jthorson commented 21 March 2012 at 07:57

Status:

Reviewed & tested by the community

» Needs work

On second thought, I don't see a single sanitization function in the theme character code ... And since I can't really do a proper deep dive review on a tablet, I can't confirm whether this lack of check_plain or filter_xss calls in the theme components is covered elsewhere - and thus can not second you're RTBC claim at this time. (And I don't think I need to point out that, despite the wait and understandable frustration, marking your own issues as RTBC without review is heavily frowned upon in the Drupal community.)

Log in or register to post comments

Comment #26

jpontani commented 22 March 2012 at 17:32

On page admin/config/wow/guild, I chose "Lightning's Blade" and set my guild to "Section Eight". This brings up an error of "The guild name Section Eight does not exist on Lightning's Blade. You should first check that your guild exists at: http://us.battle.net/wow/guild/Lightning's Blade/Section Eight/."

You are not URL encoding spaces, so it is causing an error when trying to wow_http_request anything with a space (realm name or guild name would cause this).

Log in or register to post comments

Comment #27

sylvain lecoy commented 25 March 2012 at 05:24

Thanks jthorson for your partial review, I will check the theme flow and provide answer for the lack of check_plain.

Thanks jpontani for the bug report, I will fix this asap.

Log in or register to post comments

Comment #28

sylvain lecoy commented 4 April 2012 at 17:48

Jpontani things has been fixed. However, its because it was written in the doc of drupal_encode_path that the url function was taking care of properly encoding path. I checked this and in fact it seems not.

Its now using drupal_encode_path before any API calls. Thanks for the feedback !

Log in or register to post comments

Comment #29

sylvain lecoy commented 5 April 2012 at 02:08

Hi again, the check_plain or filter_xss is not needed in the theme layer for character and guild, let me explain why. But please correct me if you feel its wrong..!

The only place where I use check_plain is against database call with the input as key (name for instance). Otherwize, each time a character, a guilde or an item is updated, it get checked by the API call to battle.net. If the call return an error, it will be not updated.

That means that if a player name is erroneous (e.g. not valid for the API), it will never get created on local database. Here is a good example:

<?php
  $realm = $form_state['values']['realm'];
  $character_name = $form_state['values']['name']; // from user input (textfield).

  try {
    $character = wow_character_fetch($realm, $character_name, array('guild')); // No need to check_plain (API call).
  }
  catch (WoWException $exception) {
    // ...
  }

  $select = db_select('wow_characters', 'c')
    ->fields('c')
    ->condition('realm', $realm)
    ->condition('name', check_plain($character_name)) // Here it is safe to check_plain to avoid db hack.
    ->execute();
?>

However, I found out that it needed some work for guild ranks, and effectively I didn't covered the check_plain in the theme layer. If there is no need for characters or guilds (I believe), you are right that it need some input check for guild rank name and other input that I didn't thougt about.

Log in or register to post comments

Comment #30

sylvain lecoy commented 11 April 2012 at 00:30

Status:

Needs work

» Needs review

I think It's ok after double checking of my theming functions.

Log in or register to post comments

Comment #31

sylvain lecoy commented 23 April 2012 at 16:11

Hi I got a

Validation error, please try again. If this error persists, please contact the site administrator.
This content has been modified by another user, changes cannot be saved.

when I try to modify the description to update with the recent work I did. Who should I contact ?

Thanks.

Log in or register to post comments

Comment #32

sylvain lecoy commented 27 April 2012 at 15:58

Ok I eventually updated the doc and added the wow_item module as a working Proof of Concept. It need more work of course but this module ensures the basics such as entity representation and integration with Drupal. Items supports localizations and I updated the project page to reflect the new changes.

Also, I am very sad that this project is locked since 5 months; I am regularly fixing bug, testing it live and adding features. I will maintain it and keep working hard on it. But as you know, like at work, if there are no users to test the application, I can't make it a really solid foundation.

Quality API takes a long time to be made, but it starts with a good pool of users, that I can't have for now :(

Please consider my request and if you manifest any interest in my work, please do review :)

Log in or register to post comments

Comment #33

exlin commented 28 April 2012 at 18:29

Status:

Needs review

» Needs work

Hi,

I found following

1. In wow.install file you delete same variable on hook_uninstall as you do in wow_update_7000 witch seems unnessessary since if module is updated there is no longer variable to delete and if module is not updated that hook_update_ won't be executed.

function wow_update_7000() {
  // Removes unused.
  variable_del('wow_cdn');

2. param $host is not existing

/**
 * There are no required query parameters when accessing this resource, although
 * an array parameter can optionally be passed to limit the realms returned to
 * one or more.
 *
 * @param $host
 *   Optional host to use. If null, uses the site's default.
 * @param array $realms
 *   The list of realm.
 */
function wow_realm_fetch($region, array $realms = array()) {

3. Please consider using drupal_json_decode instead of json_decode. It's basically the same, but you will get array.

  $response = drupal_http_request($url, $options);

  if ($response->code == 200) {
    return json_decode($response->data);
  }

4. If you set your own variables, please delete them in hook_uninstall, check all forms and make sure you delete variables saved by them

   variable_set('wow_item_classes', $values);

5. Please document your custom hooks in *.api.php, see http://drupal.org/node/161085#api_php

Other than that, it looks nice (and big) module and hopefully we get lot of guild-pages to Drupal ;)

Log in or register to post comments

Comment #34

exlin commented 28 April 2012 at 18:46

You should also check http://ventral.org/pareview/httpgitdrupalorgsandboxsylvainlecoy1256604git witch an help you to see Drupal coding style issues.

Many of those propably can be skipped, but following coding style helps readability.

Thanks for your patience.

Log in or register to post comments

Comment #35

sylvain lecoy commented 30 April 2012 at 15:51

Hi and thank you exlin for your review.

I will work on 1, 2, 4, and 5.

However, I am not sure about using:

<?php return (object) drupal_json_decode($response->data); ?>

Instead of:

<?php return json_decode($response->data); ?>

Log in or register to post comments

Comment #36

sylvain lecoy commented 8 May 2012 at 14:55

Status:

Needs work

» Needs review

Fixed: point 1 to 5 (excepted 3).

Fixed a lot of coding style issues, including bad line endings to UNIX style. (see the commit log for details).

Log in or register to post comments

Comment #37

sylvain lecoy commented 24 May 2012 at 15:36

Any update ? :(

Log in or register to post comments

Comment #38

sylvain lecoy commented 26 May 2012 at 12:29

Hi there,

I followed all your recommandation, scanned multiple times the git repo to ventral for coding style issue. Refactored namespace to avoid potential collisions with other modules. Even in the development version I provided upgrade path to show you that I understand drupal core and best practises. I started development on June 2011. Comitted to drupal in November 2011. User test would help me to know if this module is heading the good direction, as well as community feedback. I know some of you completely doesn't care about gaming, but I need a serious review to publish my work and improve this module API.

Please I have waited enough time now, nearly 7 months waiting in the project application list.

Sylvain Lecoy

Log in or register to post comments

Comment #39

jthorson commented 26 May 2012 at 16:33

Re: #29: Because the API call is not within the scope of your module's control (i.e. it is a 3rd party API call), it should not be inherently trusted as you have suggested. I would still stand by the suggestion that you need to sanitize on output. (EDIT: Or at least on the DB Select as in your posted example .. but for all items.)

Please consider that there are about 450 other projects in the queue sitting either in 'needs work' or 'needs review' in the queue, and about 70 of those have been in there longer than your project. We realize that the wait is unacceptable, but do the best with the volunteer manpower that we have.

This delay is a bit part of the reason why initiatives such as http://drupal.org/node/1410826 have been introduced ... many applicants have jumped on board with the attempts to help improve the situation; if you are frustrated with the delay, I can only recommend you pursue the 'PAReview Bonus' as well (which will result in certain reviewers granting your project increased priority when reviewing).

Log in or register to post comments

Comment #40

sylvain lecoy commented 7 June 2012 at 15:46

Issue tags:

+PAreview: review bonus

Adding PAReview bonus as suggested !

Log in or register to post comments

Comment #41

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 7 June 2012 at 17:27

Issue tags:

-PAreview: review bonus

Removing review bonus tag, you have not listed any reviews in the issue summary as specified in #1410826: [META] Review bonus.

Log in or register to post comments

Comment #41.0

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 7 June 2012 at 17:27

Issue summary:

View changes

Updated issue summary.

Log in or register to post comments

Comment #41.1

sylvain lecoy commented 8 June 2012 at 17:42

Issue summary:

View changes

Adding review projects

Log in or register to post comments

Comment #41.2

sylvain lecoy commented 8 June 2012 at 17:53

Issue summary:

View changes

Another review

Log in or register to post comments

Comment #42

sylvain lecoy commented 8 June 2012 at 18:00

Issue tags:

+PAreview: review bonus

Added three manual reviews..!

Log in or register to post comments

Comment #43

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 8 June 2012 at 19:42

Status:	Needs review	» Needs work
Issue tags:	-PAreview: review bonus	+PAreview: security

Status	File	Size
new	drupalcs-result.txt	13.75 KB

Thank you for your reviews. When finishing your review comment also set the issue status either to "needs work" (you found some problems with the project) or "reviewed & tested by the community" (you found no flaws).

Review of the 7.x-1.x branch:

Drupal Code Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

manual review:

wow_http_request(): use drupal_json_decode() instead of json_decode(). Also elsewhere.
wow_test.info: "version = VERSION": Remove that line from all your info files.
"class GuildSaveTestCase": all classes in your project need to be properly prefixed with your module's name to avoid collisions. Also elsewhere.
CSS: "@CHARSET "ISO-8859-1";": Remove that, all code files in Drupal are UTF-8.
translations folder: remove that, translations are now done on localize.drupal.org.
wow_character_user_add_validate(): User names are user provided input and need to be sanitized before printing in error messages to avoid XSS exploits. Use the "@" placeholder with t() and will get check_plain()'ed. Same for the realm name I guess. See http://drupal.org/node/28984
Same in theme_wow_character_description() and wow_guild_rank_form_user_admin_account_alter(). You should only use the "!" placeholder if you have previously escaped the data anyway and want to make use of markup in it. Please check all your code where you falsely use "!".
wow_realm: empty module, so remove it.
wow_item_install(): no need to use module_load_inlcude as you are including files from your own module which you already know where they are. Use something like require_once dirname(__FILE__) . '/mymodule.inc';. Applies to all module_load_include() calls in your project.

The security issues are blockers, so I have to set this back to "needs work". Overall the code looks good so I think we are nearly there. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

Log in or register to post comments

Comment #44

sylvain lecoy commented 9 June 2012 at 11:06

Thank you for the review:

1) Considering that drupal_json_decode make call to drupal_json but asking to return explicitely an array, which is not what the service is returning (object) and not the type that the module is expecting (object). I see absolutely no reasons of using this function.

<?php
drupal_json_decode($var) {
  return json_decode($var, TRUE);
}
?>

2) Fixed.
3) Fixed. Also elsewhere.
4) Fixed.
5) Fixed.
6) Fixed: Added check_plain for $name. However Form API take already care of $realm value since it comes from a dropdown.
7) Fixed: Replaced some of ! with @, added check_plain for remaining !.
8) I will actually implement this module.
9) Fixed. Need support however: What if I'm on a submodule calling parent module ? e.g. wow_character module including wow.inc file ?

Log in or register to post comments

Comment #44.0

sylvain lecoy commented 9 June 2012 at 11:06

Issue summary:

View changes

Added a third review.

Log in or register to post comments

Comment #45

sylvain lecoy commented 19 June 2012 at 22:55

Status:	Needs work	» Needs review
Issue tags:	-PAreview: security

Push back to need review.

Log in or register to post comments

Comment #46

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 20 June 2012 at 07:07

Issue tags:

+PAreview: security

Please don't remove the security tag, we keep that for statistics.

Log in or register to post comments

Comment #46.0

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 20 June 2012 at 07:07

Issue summary:

View changes

Added one project.

Log in or register to post comments

Comment #46.1

sylvain lecoy commented 20 June 2012 at 17:20

Issue summary:

View changes

Another reviewed project.

Log in or register to post comments

Comment #47

sylvain lecoy commented 20 June 2012 at 17:28

Issue tags:

+PAreview: review bonus

What do you mean by statistic ? What is this tag semantic ? I thought it was because my project contained security issues, but now that I have fixed, I should remove it no ?

Did 3 manuals reviews, so pushing back the "magic" tag. All the fixed issues since #43 has been fixed in the last commit (http://drupalcode.org/sandbox/SylvainLecoy/1256604.git/commit/f98823c66e...).

Log in or register to post comments

Comment #48

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 20 June 2012 at 22:00

Status:	Needs review	» Reviewed & tested by the community
Issue tags:	-PAreview: review bonus

Status	File	Size
new	drupalcs-result.txt	21.33 KB

The "PAReview: security" tag is used to get an estimation how many project applications contained security issues and to show examples of security problems.

Review of the 7.x-1.x branch:

Bad line endings were found, always use unix style terminators. See http://drupal.org/coding-standards#indenting

./modules/wow_character/wow_character.install:                         PHP script, ASCII text, with CRLF, LF line terminators
./modules/wow_character/wow_character.api.php:                         PHP script, ASCII text, with CRLF, LF line terminators
./modules/wow_character/wow_character.module:                          PHP script, ASCII text, with CRLF, LF line terminators
./modules/wow_realm/wow_realm.module:                                  PHP script, ASCII text, with CRLF, LF line terminators

Drupal Code Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

manual review:

For including files of parent folders: I'm not sure about about a clean solution for that, so I guess keeping module_load_include() is ok in that case. Using "../.." or similar should be fine, too.
wow_character.api.php: *.api.php files should only be used for documentation purposes and never be actually included or executed, see http://drupal.org/node/161085#api_php
wow_character_user_add_validate(): no need to use check_plain() here as the "@" and "%" placeholder in t() will sanitize for you. And double escaping is bad.
wow_character_user_add_validate(): "form_set_error('name', t('@name is already in your character list.'));": replacement arguments for t() are missing.
wow_character_user_add_validate(): the user name is still using the "!" placeholder, so this is still vulnerable when malicious user names come into play.
"class GuildRankUserRolesAssignmentTestCase" misses the wow prefix.
The automated review shows still some trivial errors you should fix.

Although you should definitively fix those issues I think my points are no blockers, so I say RTBC. The user name security issue is minor as most special characters are forbidden anyway in standard Drupal installations. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

Log in or register to post comments

Comment #49

sylvain lecoy commented 21 June 2012 at 18:22

Fixed in: http://drupalcode.org/sandbox/SylvainLecoy/1256604.git/commit/fcf09668f3...

Log in or register to post comments

Comment #49.0

sylvain lecoy commented 21 June 2012 at 18:22

Issue summary:

View changes

The third review;

Log in or register to post comments

Comment #49.1

sylvain lecoy commented 21 June 2012 at 18:59

Issue summary:

View changes

Added pagerer.

Log in or register to post comments

Comment #49.2

sylvain lecoy commented 21 June 2012 at 19:17

Issue summary:

View changes

Another review

Log in or register to post comments

Comment #50

sylvain lecoy commented 21 June 2012 at 19:41

Issue tags:

+PAreview: review bonus

I did another 3 reviews.

Please consider that this project is waiting since almost 10 months. I can't really improve on features if I have no real users;

Regards,

Sylvain Lecoy

Log in or register to post comments

Comment #51

MattA commented 22 June 2012 at 05:10

Status:

Reviewed & tested by the community

» Needs work

After installing this module on a fresh install here are some things I've come across after giving the module/code a quick glance (using commit aec336bf):

Miscellaneous bugs:

Line 64 of wow_character.install has a require_once to a file that does not exist (wow_character.resources.inc).
Line 76 of wow_character.module references an undefined callback. I assume this should actually be 'wow_character_admin_settings'.
Line 276 of wow_guild.module has a call to wow_guild_character_set_main_access() in the middle of nowhere. Said function is tagged with @deprecated in the documentation and also causes various exceptions, preventing the installation of the module.
You cannot uninstall the Item Resources module (which also blocks removal of the main module). Drupal registers a field in use by a non-existant 'Item' type and disables the module's enable/disable checkbox.

Project issues:

In wow_item.install your hook_uninstall() implementation does not cooperate with other modules. You're technically using the Drupal 7 equivalent of the code fragment shown on that page.

While the sub-modules in this project seem to be fairly unique, could you explain how the main module is different from this project: Blizzard API?

Log in or register to post comments

Comment #52

sylvain lecoy commented 22 June 2012 at 19:00

Status:

Needs work

» Needs review

Hi MattA,

Thank you for this detailled review.

The bugs was due to missing file in the git index. I fixed that and cleaned-up the test functions in the middle of nowhere.
About the Item Resource declaring a field, this is a more general bug fixed in D8 (see this issue: http://drupal.org/node/943772), and which is being worked on D7 (http://drupal.org/node/1284332). This is sadly a bug coming from drupal itself and not the module. I have however added a warning on the project page and in the README file.

About the project issue: It does cooperate with other modules, the wildcard matches all declared variables in the namespace of the module, 'wow_item_classes:%'.

The main module is a framework, not a product. Blizzard API is a wrapper to the API, it does not integrate to drupal system, letting developper some freedom. His module contains some interresting feature such as tabard creation, and seems really well-coded, with a lot of feature that we should maybe merge, depending on the wishes of the author and the direction he wants to take. Also he got lucky that his project got accepted before me, comparing the date of sandboxed projects (Posted by Sylvain Lecoy on August 22, 2011 at 5:19pm, and Posted by MattA on August 27, 2011 at 2:20am) it seems its a cross posting so the same question can echo on his side ;)

Sadly work has started on both side since almost 10 months yet and we cannot throw away one of the two module. Anyway the separation is clear to me: Blizzard API is a service wrapper. Blizzard Community Platform API is a framework which integrate with drupal. Two different goal, one with a lot of freedom for developer, the second offers persistence, user roles integration, etc. Although we have two different visions, and I have to admint that I am a bit frustrated after waiting for 10 month (still not accepted) where his module got accepted in only 2 weeks, I am open for joining forces in a future version.

Log in or register to post comments

Comment #53

klausi

he/him||they/them

German

🇦🇹 Vienna

commented 23 June 2012 at 09:06

Status:

Needs review

» Reviewed & tested by the community

Status	File	Size
new	drupalcs-result.txt	14.64 KB

Review of the 7.x-1.x branch:

Bad line endings were found, always use unix style terminators. See http://drupal.org/coding-standards#indenting

./modules/wow_character/wow_character.resources.inc:                   PHP script, ASCII text, with CRLF, LF line terminators

Drupal Code Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Still some code style errors, but no blockers. RTBC again.

Log in or register to post comments

Comment #54

sylvain lecoy commented 23 June 2012 at 16:27

Actually MattA I just realized you was the current maintainer.

I had a thought this night and I am really exciting into collaborating with you. What do you think if you handle the service side, while I handle the drupal integration and persistence side ?

I am thinking about having a set of high quality interfaces that your services class implements. Then the modules uses these interfaces in all functions. It also allows us to work on a focused part. I am thinking about using drupal entity module (included in D8) to support class on entities (e.g. a user is no more a generic object, but a User. Here its basically the same for a Character, Guild, etc.).

This would go in a future release, such as 2.0, or for D8.

I also have an echo-system of modules to use with the API, for instance EPGP module (http://www.epgpweb.com/help/system) is already developped.

There is a lot to improve, tell me what do you think ?

Regards,

Sylvain Lecoy

Log in or register to post comments

Comment #55

misc commented 24 June 2012 at 07:48

Thanks for your contribution, Sylvain Lecoy! Welcome to the community of project contributors on drupal.org.

I've granted you the git vetted user role which will let you promote this to a full project and also create new projects as either sandbox or "full" projects depending on which you feel is best.

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

As you continue to work on your module, keep in mind: Commit messages - providing history and credit and Release naming conventions.

Thanks to the dedicated reviewer(s) as well.

Log in or register to post comments

Comment #56

misc commented 24 June 2012 at 07:49

Status:

Reviewed & tested by the community

» Fixed

Log in or register to post comments

Comment #57

MattA commented 24 June 2012 at 11:01

Overall, any unresolved bugs may or may not become issues for your project later on. However, they aren't a priority for this review.

As for the module comparison, the goal was to check your awareness of Drupal's collaboration over competition ethos. Throwing away one of the modules would be a bit drastic!

Also, this guy beat everyone, but sandbox projects aren't "existing solutions" to compare against, especially since there are a lot like his with no code in them. Still, waiting around for 7 months (this issue and your first commit were on Nov 23) really sucks. As Blizzard API became a full project on Oct 17, I guess the early bird really does get the worm. =/

That said, it looks like your wait is over. Congratulations!