Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
14 Dec 2012 at 11:15 UTC
Updated:
4 Jan 2014 at 02:42 UTC
Jump to comment: Most recent
Comments
Comment #1
vineet.osscube commentedHi,
Firstly there is lots of issue regarding line spaces, indentation & comments.
Look at this !
http://ventral.org/pareview/httpgitdrupalorgsandboxmitrpaka1866604git
Here you can check source code whether it meets drupal coding standards or not, and advise you what to change in your code. You can repeat review after your commits, and can fix those errors.
Manual Review:
1) There is no hook_uninstall to remove your custom variables from database like:
commerce_everyday_method_title, commerce_everyday_method_title_icons, commerce_everyday_method_offsite_autoredirect,etc. in admin.inc2) use
variable_del() in hook_uninstall()that remove variables or delete sql query.Comment #2
mitrpaka commentedThanks for the comments!
- commerce_everyday.install file with hook_uninstall() added
- line spaces, indentation and comments issues addressed
Comment #3
mitrpaka commentedPAReview: Commerce tag added
Comment #4
klausiWe are currently quite busy with all the project applications and I can only review projects with a review bonus. Please help me reviewing and I'll take a look at your project right away :-)
Comment #4.0
klausiReviews added
Comment #4.1
mitrpaka commentedReview link added
Comment #5
mitrpaka commentedReview links provided and PAReview: review bonus tag added
Comment #6
klausimanual review:
', array('!request' => check_plain(print_r($_REQUEST, 1))), WATCHDOG_INFO);": use "@" placeholders instead of "!" then you don't need check_plain().
Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #7
mitrpaka commented@klausi
Thank you for the review comments. Please see some of the comments below:
1. Changed. '%' placeholder used instead of "!" and check_plain() removed.
2. check_plain() used because of security issues (to prevent potential XSS). I have now removed check_plain() after reading http://drupal.org/node/28984 again and looking drupal_get_query_parameters() API.
3. No. Transaction validation is done after saving $order with $_REQUEST data. Incoming request is saved to $order->data['commerce_everyday']['response'] in order to have data available if needed later on (e.g. for debugging purposes)
4. Idea was to have fresh copy of $order before saving incoming request data. Maybe overkill and thus removed.
5. Unintentionally left for the code after testing. Now removed.
6. You are correct. _commerce_everyday_urlencode() now removed as not needed.
Comment #7.0
mitrpaka commentedReview link added
Comment #7.1
mitrpaka commentedReview link added
Comment #7.2
mitrpaka commentedReview link added
Comment #8
mitrpaka commentedPAReview: review bonus tag added once again (after 3 more reviews done)
Comment #9
tikto commentedPAReview: Commerce tag added
Comment #9.0
tikto commentedReview link added
Comment #10
mitrpaka commentedNow having both PAReview: Commerce and PAReview: review bonus tags
Comment #11
klausiDid a manual review, looks RTBC to me now. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #12
klausino objections for more than a week, so ...
Thanks for your contribution, mitrpaka!
I updated your account to let you promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and get involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.
Comment #13
mitrpaka commentedThank you klausi and osscube!
Comment #14.0
(not verified) commentedReview links corrected