Hi,

This module is to detect devices and then retheme or redirect the response. This could be used to improve your website on mobiles, or increase accessiblity on tv browsers or help out with just about any device.

The 51Degrees theme switcher requires the library api and the 51Degrees.mobi PHP device detector (simply copy the contents into the sites/all/libraries folder).

We've applied before for full access a twice before, but this an attempt from the bottom up making extensive use of the forms api. Switching and redirection are controlled from the 51Degrees.mobi menu this module creates in the Configuration.

Project Page - http://drupal.org/sandbox/51Degrees/2003022
Git Instructions - http://drupal.org/project/2003022/git-instructions

Reviews of other projects:
https://drupal.org/node/2005244#comment-7520827
https://drupal.org/node/2006076#comment-7520969
https://drupal.org/node/1743162#comment-6749692

Comments

PA robot’s picture

PA robot commented

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

cravecode’s picture

cravecode commented

I love that you're checking for the library and giving a direct link to the download location!

Great inline commenting!

I'm curious why the module is located in the sub-directory 51Degrees and is not in the root of the repository?

I reviewed this module using PHP 5.3.22

Automated Review via Code Sniffer

Running the module through Coder yields the following highlights:

  • Line 222: Potential problem: drupal_set_message() only accepts filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_dsm]
    drupal_set_message($message);
  • Line 370: Potential problem: drupal_set_message() only accepts filtered text, be sure to use check_plain(), filter_xss() or similar to ensure your $variable is fully sanitized. (Drupal Docs) [security_dsm]
    drupal_set_message($message, 'warning');

I know those are coming from form values that are only accessible by an authenticated user and thus could be a "trusted" user. I think it would be better to play it safe and make sure your value used from the form is ran through check_plain().

Manual Review

When I run clear caches from Drush, I get the following error consistently:

Invalid argument supplied for foreach() 51Degrees.mobi.php:142

While attempting to save a new Rule I get the following error:
Fatal error: Cannot use string offset as an array in 51degrees_mobi_mobile_theme_switcher\fiftyone_degrees\fiftyone_degrees.module on line 168

To reproduce this I did the following from the Device Rules page:

  1. Clicked Create Rule
  2. Checked "Mobile"
  3. Selected the Seven theme under Action
  4. Clicked Save Rule
cravecode’s picture

cravecode commented
Status: Needs review » Needs work
51Degrees.mobi’s picture

51Degrees.mobi commented
Status: Needs work » Needs review

Thanks a lot for the review cravecode.

I wasn't sure where to put files in the repository. I've now moved the files to the root of the repository.

The Drupal messages now go through check_plain.

I'm still trying to track down the fault in 51Degrees.mobi.php. This file is from the external library which will of course be published separately when I've fixed the issue.

Finally, I believe I've solved the problem you had with string offsets as arrays.

cravecode’s picture

cravecode commented
Status: Needs review » Reviewed & tested by the community

I tested your recent updates and it seems to work as advertised! I've got nothing else to add.
Congrats and good luck!

51Degrees.mobi’s picture

51Degrees.mobi commented
Issue tags: +PAreview: review bonus

Added my manual reviews.

klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
commented
Status: Reviewed & tested by the community » Fixed

Review of the 7.x-1.x branch:

  • Coder Sniffer has found some issues with your code (please check the Drupal coding standards).
    
FILE: /home/klausi/pareview_temp/fiftyone_degrees.module
--------------------------------------------------------------------------------
FOUND 10 ERROR(S) AND 1 WARNING(S) AFFECTING 11 LINE(S)
--------------------------------------------------------------------------------
 166 | ERROR   | Whitespace found at end of line
 168 | ERROR   | Whitespace found at end of line
 169 | ERROR   | Whitespace found at end of line
 639 | WARNING | There must be no blank line following an inline comment
 640 | ERROR   | Whitespace found at end of line
 644 | ERROR   | Whitespace found at end of line
 648 | ERROR   | Whitespace found at end of line
 654 | ERROR   | No space before comment text; expected "// 'id' =>
     |         | $check_box_id," but found "//'id' => $check_box_id,"
 667 | ERROR   | Whitespace found at end of line
 669 | ERROR   | Expected "foreach (...) {\n"; found "foreach(...) {\n"
 676 | ERROR   | No space before comment text; expected "// 'id' =>
     |         | array($select_id)," but found "//'id' => array($select_id),"
--------------------------------------------------------------------------------

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

manual review:

  1. The Git commits are not connected to your user account. You need to specify an email address. See http://drupal.org/node/1022156 and http://drupal.org/node/1051722
  2. fiftyone_degrees_get_rules(): is that function really necessary if it just loads a variable? Same for fiftyone_degrees_set_rules() and the other one line variable functions.
  3. fiftyone_degrees_shift_right_submit() and fiftyone_degrees_shift_left_submit() seem to be nearly identical, could they be unified by just looking at the submitted button in the form state?
  4. "t('Rule ') . $name . t(' has been deleted.')": do not concatenate translatable strings with variables like that, use placeholders with t() instead.
  5. "file_put_contents($library['library path'] . '/licence.lic', $licence_key);": that will not work on secure hosting environments where the web server user is not allowed to write to the libraries directory.
  6. fiftyone_degrees_init(): hook_init() is run on every single page request, so this is overkill. Use hook_requirements() instead.
  7. "'#value' => 'Shift Left',": all user facing text must run through t() for translation. Also elsewhere, please check all your strings.
  8. Invalid argument supplied for foreach() 51Degrees.mobi.php:142
  9. "$rule_url = fiftyone_degrees_get_plugin_url() . '\\' . $form['name']['rule_new_name']['#value'];": you are using back slashes in your URLs, so they don't work? I cannot edit any rule?
  10. "header("location: " . $rule['url']);": do not use header(), use drupal_add_http_header().
  11. I wanted to test the user provided rules name against XSS exploits, but the rule edit screens are broken. And the admin interface requires an administrative permission anyway, so that would not be a security issue, even if it were possible.

So there are a couple of major issues with the module, but not absolute critical blockers, so ...

Thanks for your contribution, 51Degrees.mobi!

I updated your account to let you promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and get involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

(not verified) commented
Issue summary: View changes

Added review links.