[D6] CurdBee

You neglected to put the Drupal version in the title of your post.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hi ashishupadhayay,

There is still a master branch, make sure to set the correct default branch: http://drupal.org/node/1659588 . Then remove the master branch, see also step 6 and 7 in http://drupal.org/node/1127732

Hi ashishupadhayay,
I have manually reviewed the module code, I found that you have not followed the drupal commenting standards, check the API documentation and comment standards (https://drupal.org/node/1354) for the commenting standards for hook implementation methods.
Second, regarding drupal_add_css() in hook_init() function, I checked the css file and there is a CSS code only for displaying the table of invoice data. The css file will be loaded on all page requests, which is not required. So, try to load it on the required page.
Third, you are using the variable_get() in the module, on uninstallation of the module, there may be the module variables left in the database. So, you will have to write the .install file, and ensure that the variables are deleted from database on uninstallation.

Thanks.

Removing automated review comments, make sure to read through the source code of other projects and provide feedback on that.

Hi

Good module, congrats.

I found some minor issues on the function curdbee_request. You are using CURL and if you want to do that you should (at least) implement the hook_requirements.

Any it doesn´t look like necessary because you can use drupal_http_request for that, and also http_build_query to buid the query_string.

You can see and example of this below

/**
 * Sends a request to CurdBee.
 */
function curdbee_request($type, $condition = array()) {

  $response = array();

  $curdbee_id = variable_get('curdbee_id', CURDBEE_ID);
  $curdbee_api_token = variable_get('curdbee_api_token', CURDBEE_API_TOKEN);
  $condition['api_token'] = $curdbee_api_token;

  $query_string = $data = http_build_query($condition, '', '&');

  $url = 'https://' . $curdbee_id . '/' . $type . '.json?' . $query_string;

  // Make the request.
  $result = drupal_http_request($url);

  if (isset($result) && in_array($result->code, array('200', '302', '307')) && $result->data != '') {
    $response = $result->data;
  }
  else {
    // Add debug info to watchdog.
    watchdog('curdbee', 'Error retrieving @type', array('@type' => $type), WATCHDOG_ERROR);
  }

  return json_decode($response);
}

define('CURDBEE_ID', 'auworks.curdbee.com');
define('CURDBEE_API_TOKEN', '_5V5pmtfnZs7WVYc3av4');

I'm not sure, but if no API token is configured, should the module work at all? It it wise to have a default token configured?

function curdbee_form_alter(&$form, $form_state, $form_id) {

$form_state should be passed by reference: &$form_state (https://api.drupal.org/api/drupal/modules!system!system.api.php/function...)

Ah, I see. Sounds reasonable! :)

Please put the git clone command in the description of the module. It makes it much easier for someone to check out the code and if it saves a review even a few keystrokes it's worth it.

You are missing @param and @return documentation for several functions.

Good work - things seem orderly and well thought out. I cannot comment on runtime but the code reads well.

manual review:

1. curdbee_invoices(): this is vulnerable to XSS exploits. The $client variable contains data from a third party source and must therefore be treated as untrusted user provided input. You need to sanitize all user provided text before printing into HTML. Make sure to read https://drupal.org/node/28984 again. Same for the $invoices variable in that function. And please don't remove the security tag, we keep that for statistics and to show examples of security problems. ""Phone: ' . $client->client->phone"": this should run through t() for translation, and you should use a placeholder like "@" or "%" for the variable, then it will get check_plain()ed automatically for you.
2. "$options[] = '- Select -';": all user facing text must run through t() for translation.

Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

Hi ashishupadhayay,

You will have a better chance at getting reviewed if you review other projects. Do some reviews, update this issue with links to those reviews, update your issue tags with "PAReview: review bonus", and be patient. The reviewers are very busy and your participation will help to clear the queue.

Please be sure that you are actually reviewing code and giving useful comments. It's hard work but it builds our community.

Thank you for participating!

manual review:

• curdbee_form_alter(): performance problem: you are making a HTTP request every time a form is being built in Drupal, you should only invoke stuff on form IDs that you are actually targeting.

But otherwise looks RTBC to me.

Assigning to Dave Reid as he might have time to take a final look at this.

no objections for more than a week, so ...

Thanks for your contribution, ashishupadhayay!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.