Posted by omissis on May 26, 2010 at 12:52pm
| Project: | Drupal.org CVS applications |
| Component: | Miscellaneous |
| Category: | task |
| Priority: | normal |
| Assigned: | kiamlaluno |
| Status: | closed (fixed) |
| Issue tags: | module review |
Issue Summary
I would like to submit a module I' ve created that allows site administrators to enable other users to download the ePub version of the book contents available on the website. What this module basically does is to enable an ePub content type, allowing the admin to create as much ePub contents as he needs. Every ePub content has to be linked to a book outline, and has to have a few extra fields like title, language, author and so on. Once an ePub content is properly created and linked to a book outline, a 'Download ePub' tab will appear on the book outline page, allowing the user to download the .epub file containing the book content on his pc/handheld device. The module also features all the CRUD functionalities to administer the ePub contents, a configuration section, and a 'create ePub' content tab that shows up on book outlines when the module is activated but no ePub content still exists on it.Further improvements for this module could be custom css file/image for each epub, better advanced_help contents and some unit tests.
I consider it ready for production, since I took quite a lot of care about coding standards, secure queries and comments/documentation.
Finally, this module has a dependency: another module I' ve written called iso_639. What this second tiny module does basically is to create a field and a widget to enable a select list containing all the iso 639 language codes. The field is used for picking a language when creating an epub, I thought that separating this functionality was good for the sake of code reusing and for keeping the module clean and tidy.
Comments
#1
#2
Hello, and thanks for applying for a CVS account. I am adding the review tags, and some volunteers will review your code, pointing out what needs to be changed.
#3
Hey omissis,
Were you going to provide your iso_639 module too? as your module can't be installed without it.
I've actually recently completed an epub exporter for the epublish module. It's very custom written for a clients needs at present, so its not ready for submitting to drupal.org yet. I was also tossing up, whether it would be better to have an epub like api, that everything can use, like book, epublish, and others.
Looking over your code you've done a lot of work, so well done. I notice though, that you're using additional php libraries that the user installing the module must download first - I've found it easier to create the epub file without the use of external libraries, using the ZipArchive features of php. I'll post back my notes on this in my spare time - perhaps I can help you co-maintain this module.
Anyway, when you post the iso_639 module, I'll be sure to check this out. Cheers.
#4
@alexkb: Purpose of the review is to
For such cases, there isn't any reason to install the module.
omissis correctly uploaded a single module, as we review a single theme/module per applicant.
#5
First of all thank you for checking the module :)
I am not sure about the issue you' re having with the iso_639 module: it' s included in the zip file, but if I got it well from kiamlaluno's comment that' s not the correct way of submitting a module.
So should I open another Issue for iso_639 itself?
@alexkb: it would be great to get the ideas you were talking about into code, perhaps we can kinda merge the two modules or talk about future developments.
#6
@omissis: If iso_639.module is included in the same archive, that is fine; if I review the code, I will report just what I find wrong in the main module. There is no reason to open a different issue for the other module (which is not possible, then); you can create the other project when you will have your CVS account.
#7
ok, I will wait for news then. thx :)
#8
Hey omissis, sorry for the delayed reply - I've whacked the crux of what I was doing into this post: http://www.akb.id.au/2010/epub-files-with-php/
Probably best to just go with what you've got though, and we can discuss things in the issue queue for your new module.
#9
I am going to read it asap, thanks :)
Btw I just sent you an email so we can discuss privately about it without generating too much noise here.
#10
Was this module published as a project? I'm very interested in helping out. Some folks just came out with a wordpress plugin doing something similar to this: http://anthologize.org/
#12
Hi,
I'm very interested in this module as well. What's the current status?
#13
Hi, in the meanwhile I added some new features to the module, if you want to try it feel free to drop me your email via the contact form and I'll send you everything.
'Course every feedback is more than welcome :)
#14
You should upload the new archive here too. It doesn't make sense to review code, when the code is already changed; there are chances reviewers would report something that has been already changed.
#15
Well actually I didn' t submit any other update to avoid confusion. Anyway when a reviewer will take a look at the application and will read about the updates he will eventually ask I think. We' ll see, thanks for the suggestion in the meanwhile.
#16
<?phpdrupal_set_message(st(
"ePub settings are available here: !settings.",
array(
'!settings' => l(
t('Administer > Content management > ePubs'),
'admin/content/epub/settings'
),
)
));
?>
l()is never used togethert(). See the documentation fort(), where such code is reported to not be correct.The function
t()is then available tohook_install(), andhook_uninstall().t().<?phpdb_rewrite_sql(
"SELECT `b`.`nid` FROM {node} AS n
INNER JOIN {book} AS b ON `b`.`nid` = `n`.`nid`
WHERE `b`.`nid` = `b`.`bid` AND `n`.`title` = '%s'"
),
?>
The character
`is specific to MySQL; there is no need to use it, as the database API functions escape the field names when necessary.<?php$result = db_query(
"INSERT INTO {epub} (
`nid`, `vid`, `bid`, `author_name`, `language_code`, `identifier`,
`identifier_type`, `publisher_name`, `publisher_site`, `creation_date`,
`rights`, `source_url`
) VALUES (%d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
$node->nid,
$node->vid,
$book->nid,
$node->author_name,
$node->language_code,
$node->identifier,
$node->identifier_type,
$node->publisher_name,
$node->publisher_site,
$node->creation_date,
$node->rights,
$node->source_url
);
?>
Why isn't the code simply using
drupal_write_record().<?phpif (!$result) {
node_delete($node->nid);
drupal_set_message(t('Error occurred during the creation of the ePub.'), 'error');
drupal_goto('node/add/epub');
}
?>
I have never seen an implementation of
hook_insert()callingdrupal_goto().<?php
$result = db_query("SELECT * FROM {node} WHERE `type` = 'epub' ORDER BY `title`");
$headers = array(t('ePub'), t('Operations'), '', '');
$rows = array();
while ($epub = db_fetch_object($result)) {
$rows[] = array(
l($epub->title, "node/$epub->nid"),
l(t('Download'), "node/$epub->nid/epub"),
l(t('Edit'), "node/$epub->nid/edit"),
l(t('Delete'), "node/$epub->nid/delete"),
);
}
return theme('table', $headers, $rows);
?>
The code is showing nodes data without to verify if the user has access to the node. This is considered a security issue.
<?phpform_set_error('epub_custom_chapter_size', t('Chapter size can\' t be less than 1 kB'));
?>
Avoid to escape the string delimiter inside of strings, especially the ones that are passed as argument of
t().#17
Hi, thanks for the notes, I did the following corrections:
1 - Fixed the two errors in .install file. All the others look fine.
2 - Fixed the menu entry that was using t() in title attribute.
3 - "`" char removed from all files.
4 - Code changed to introduce the use of drupal_write_record() instead of db_queries.
5 - Removed drupal_goto in hook_insert() and in hook_update(). I kept it in hook_delete() though.
6 - Added drupal_rewrite_sql() where missing. In that case the function (a menu callback) should be already protected from unauthorized access by the menu .system which already checks permissions right? Anyway one more check won't hurt. :)
7 - " \' " changed into " ' ", in these cases changed enclosing single quotes into double quotes.
8 - Added variable_del() to hook_uninstall().
#18
<?php
function epub_install() {
// Create tables.
drupal_install_schema('epub');
drupal_set_message(st(
'ePub settings are available here: <a href="!settings">Administer > Content management > ePubs</a>.',
array('!settings' => url('admin/content/epub/settings'))
));
drupal_set_message(st(
'Also do not forget to check permissions for ePub contents: <a href="!permissions">Administer > User management > Permissions</a>.',
array('!permissions' => url('admin/user/permissions'))
));
}
?>
The code is still using
st(); the placeholder for URLs is@.<?phpfunction epub_uninstall() {
db_query(db_rewrite_sql("DELETE FROM {menu_links} WHERE module = 'epub'"));
db_query(db_rewrite_sql("DELETE FROM {node} WHERE type = 'epub'"));
variable_del('epub_custom_chapter_size');
drupal_uninstall_schema('epub');
menu_cache_clear_all();
}
?>
There is no need to use
db_rewrite_sql()inhook_uninstall(). The module should not then delete the nodes that use the content type it defines; that is not done from any Drupal core modules.#19
1 - Changed st() into t() and changed placeholders from "!" to "@".
2 - Removed delete queries and menu cache clearance.
3 - Removed version from .install file.
#20
I will review the code tomorrow morning, but I think it is good to go.
#21
Remember to remove any debug code.
#22
done, thanks. Here it is the path of the project: http://drupal.org/project/epub
#23
Automatically closed -- issue fixed for 2 weeks with no activity.