[D7] Secure form

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxDrupaldevassyst213463...

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

For starters, I can't checkout your branch. It's asking me for your password.

Hi.
When you try catch error after, you can watchdog_exception in http://drupalcode.org/sandbox/Drupaldevassyst/2134633.git/blob/HEAD:/sec...

  catch (Exception $e) {
    // Capture any exception raised to be recorded in watchdog.
    watchdog_exception('secure_form', $e, $e->getMessage());
}

Why not use system_settings_form

Replace

/**
 * Form to manage module configurations.
 */
function secure_form_settings() {
  $form['check_file'] = array(
    '#type' => 'checkbox',
    '#title' => t('Turn on file checker'),
    '#description' => t('When enabled, it will restrict file upload, if there is a mismatch between file MIME type and extension.'),
    '#default_value' => variable_get('secure_form_check_file'),
    '#weight' => 0,
  );

  $form['form_autocomplete'] = array(
    '#type' => 'checkbox',
    '#title' => t('Turn off form autocomplete'),
    '#description' => t('When enabled, it will turn off the autocomplete property on all user input forms.'),
    '#default_value' => variable_get('secure_form_autocomplete_form'),
    '#weight' => 1,
  );

  $form['save'] = array(
    '#type' => 'submit',
    '#value' => 'Save',
    '#weight' => 2,
  );

  return $form;
}

/**
 * Submit handler for secure_form_settings form.
 */
function secure_form_settings_submit($form, &$form_state) {
  $check_file = $form_state['values']['check_file'];
  variable_set('secure_form_check_file', $check_file);
  $form_autocomplete = $form_state['values']['form_autocomplete'];
  variable_set('secure_form_autocomplete_form', $form_autocomplete);
}

/**
 * Form to manage module configurations.
 */
function secure_form_settings() {
  $form['secure_form_check_file'] = array(
    '#type' => 'checkbox',
    '#title' => t('Turn on file checker'),
    '#description' => t('When enabled, it will restrict file upload, if there is a mismatch between file MIME type and extension.'),
    '#default_value' => variable_get('secure_form_check_file'),
    '#weight' => 0,
  );

  $form['secure_form_autocomplete_form'] = array(
    '#type' => 'checkbox',
    '#title' => t('Turn off form autocomplete'),
    '#description' => t('When enabled, it will turn off the autocomplete property on all user input forms.'),
    '#default_value' => variable_get('secure_form_autocomplete_form'),
    '#weight' => 1,
  );


  return system_settings_form($form);
}

I think that it looks fine. I see good explanation in the README, clear and seemingly compliant function headers, readable code, and logical functions. Good work!

Nice work! Your module is clean and tidy.

A recommendation is do a hook_requirement during INSTALL and RUNTIME to check if PHP functions provided by fileinfo extension exists.

There no major flaws found in the module.

Removing review bonus tag, you have not done all manual reviews, you just posted the output of an automated review tool. Make sure to read through the source code of the other projects, as requested on the review bonus page.

The Git commits are not connected to your user account. You need to specify an email address. See http://drupal.org/node/1022156 and http://drupal.org/node/1051722

manual review:

1. I think you have a typo in your git mail address: Drupaldev@assyst . That's why the commit is still not associated with your account?
2. I find the module name a bit misleading. The first feature is regarding file uploads, so a better name would be "upload_mime_check" or whatever. The second feature is not about security at all? Why would someone want to disable all autocomplete fields?
3. secure_form_file_validate(): this should use drupal_unlink() instead of unlink().

Anyway, that are not critical application blockers, so ...

Thanks for your contribution, Drupaldev@assyst!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.