XtraForm

Hi,

There are a few issues which need to be fixed before we can fully review your code.

• To make it easier for reviewers to find the needed resources, make sure the application issue contains a link to the project page and a working "git clone" command / repository link.
• It appears you are working in the "master" branch in git. You should really be working in a version specific branch. The most direct documentation on this is Moving from a master branch to a version branch. For additional resources please see the documentation about release naming conventions and creating a branch in git.

• jqmobile appears to be 3rd party code. 3rd party code is not generally allowed on Drupal.org and should be deleted. This policy is described in the getting involved handbook. It also appears in the terms and conditions you agreed to when you signed up for Git access, which you may want to re-read, to be sure you´re not violating other terms.

  The Libraries API module is a recommended method for adding 3rd party dependencies without directly including the code on Drupal.org.

• Please create a README.txt that follows the guidelines for in-project documentation.

• An automated review of your project has found some issues with your code; As coding standards make sure projects are coded in a consistent style we please ask you to have a look at the report and try to fix them. Anyway, note that issues found are possibly false positives and fixing all issues is not a requirement for getting through the application process.

  You can find the results of the automated report at http://ventral.org/pareview/httpgitdrupalorgsandboxhaiping1587846git.

  You may notice these results are quite verbose! I suggest you fix one, commit it, and then repeat the review using the link on that page. For example, many of the reported errors are related to your use of tabs for indentation instead of spaces as outline in Drupal's coding standards

Once you have addressed these issues we can look again to review your code manually.

Thanks,

Andy

There appears to be no security protection for:

* CSRF - for example xtraform/delete_form_data/1 will try to delete node 1
* Access - xtraform/delete_form_data/1 doesn't check for proper permissions
* Access - there is no node_access nor addtag('node_access')
* XSS - I didn't test, but this looks vulnerable

Please see http://drupalscout.com/tags/csrf and http://drupalscout.com/tags/xss for some articles on fixing these problems.

Closing due to lack of activity. Feel free to reopen if you are still working on this application.

I see in http://drupalcode.org/sandbox/Haiping/1587846.git/commit/28f0741 that you removed 3rd party code. There's still a few other things to fix. Please set to "needs review" once you've made those changes.

We are currently quite busy with all the project applications and I can only review projects with a review bonus. Please help me reviewing and I'll take a look at your project right away :-)

And please fix the problems detected by automated review tools first: http://ventral.org/pareview/httpgitdrupalorgsandboxhaiping1587846git

There were code errors found by PAReview (http://ventral.org/pareview)

FILE: /var/www/drupal-7-pareview/pareview_temp/xtraform.install
--------------------------------------------------------------------------------
FOUND 2 ERROR(S) AFFECTING 2 LINE(S)
--------------------------------------------------------------------------------
11 | ERROR | Empty installation hooks are not necessary
18 | ERROR | Empty installation hooks are not necessary
--------------------------------------------------------------------------------

Also, when I installed and tried to use the module, I received a 500 error message when trying to save changes to a node.

Closing due to lack of activity. Feel free to reopen if you are still working on this application.

I'm a robot and this is an automated message from Project Applications Scraper.

added sandbox link