Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
28 Mar 2012 at 14:46 UTC
Updated:
4 Jan 2014 at 01:39 UTC
Jump to comment: Most recent
Comments
Comment #1
patrickd commentedWelcome!
I see you've already started fixing the codestyle issues found by drupalcs, great!
Please take a moment to make your README.txt follow the guidelines for in-project documentation.
We do really need more hands in the application queue and highly recommend to get a review bonus so we will(/can) come back to your application sooner.
regards
Comment #2
seyv commentedThank you for you response.
I have taken a second look at my README.txt and the guidelines you linked. According to me it follows these guidelines. Could you tell me where I made a mistake ?
Thanks in advance!
Comment #3
targoo commentedHi
Your README need to give more info on how to use your module. You can maybe repeat the synopsis of your project page on Drupal.org. The project page on Drupal.org should also contain a direct link to the README.txt.
We also really need more hands in the application queue. So please consider to get a review bonus so we will come back to your application sooner.
See also http://drupal.org/node/1011698
See also #1410826: [META] Review bonus
By the way I will not use 'und' but LANGUAGE_NONE instead...
Comment #4
patrickd commentedYes usage and installation instructions would be nice
(I don't think this is so critical for needs work)
Comment #5
seyv commentedThank you for your time to comment on my application.
But I want to ask if you have read the README.txt? There is a synopsis available where the usage of this module is explained. There are practically no install instructions needed, when you have the required Internationalization module installed, this should blend right in.
Though I will mention it explicitly, thanks for the tip!
Comment #6
targoo commentedno but LANGUAGE_NONE could be.
but fine by me if applications can stay 'need review' even if we spot something wrong...
Comment #7
seyv commentedI will change this as soon as possible, so it can stay on need review. Thanks for you input!
EDIT: changed to LANGUAGE_NONE ;)
Comment #8
seyv commentedAdded 'PAReview: review bonus' tag
Comment #9
klausimanual review:
<script>alert('XSS');</script>and go to admin/translate_terms I get a nasty javascript popup. Make sure to read http://drupal.org/node/28984 again.Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #10
seyv commentedthanks for your input klausi!
Comment #11
targoo commentedHi
The rule is to store exactly what the user typed but make sure it is secure when it is displayed.
So to prevent XSS you need to perform the conversion when content is output, not when saved into the database ;-)
Please check http://drupal.org/node/28984
Try to get another review bonus to speed up the process.
Cheers,
Comment #12
seyv commentedok, moved the check_plain() from input to output.
Comment #12.0
seyv commentedAdded 'Reviews I have done'
Comment #13
seyv commentedAdded 'PAReview: review bonus' tag
Comment #14
klausiReview of the 7.x-1.x branch:
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. Get a review bonus and we will come back to your application sooner.
manual review:
"translateterms_textbox_combo($term->tid, $globallang, check_plain($term->name))": instead of doing the check_plain in the function call you should do it as late as possible to the output, i.e directly in translateterms_textbox_combo(). And as the form API sanitizes #default_value automatically you are now doing double escaping, which is bad.
But that are just minor issues, otherwise I would say this is RTBC. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects. Assigning to tim.plunkett as he might have time to finally approve this.
Comment #15
sreynen commentedHi SeyVaneerdewegh,
Thanks for your contribution and welcome to the community of project contributors on drupal.org.
I've granted you the git vetted user role which will let you promote this to a full project and also create new projects as either sandbox or "full" projects, at your discretion.
Comment #16.0
(not verified) commentedAdded new reviews