Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Tocbot makes it easy to add an automatic table of contents to Drupal sites via a block. This module is a wrapper around the Tocbot javascript library https://tscanlin.github.io/tocbot/ (MIT license) and has a Drupal configuration page to adjust the Tocbot javascript settings.
Project link
https://www.drupal.org/project/tocbot
Git instructions
git clone --branch 7.x-1.x https://git.drupalcode.org/project/tocbot.git
PAReview checklist
https://pareview.sh/pareview/https-git.drupal.org-project-tocbot.git
Comment | File | Size | Author |
---|---|---|---|
#9 | pareview.txt | 3.19 KB | klausi |
Comments
Comment #2
nickonom CreditAttribution: nickonom commentedThe Coder Review module reveals the following inconsistencies that need to be addressed:
and
Comment #3
apadernoThank you for applying! I added the PAReview checklist link. Reviewers will check the project and post comments to list what should be changed.
If you haven't done it, yet, please check the PAReview report and fix what needs to be fixed. There could be some false positives; verify that what reported is correct, before making any change.
Comment #4
apadernovariable_set()
must be prefixed by the module machine namehook_content()
hook, sotocbot_content()
is not a hook implementationComment #5
apadernoIf you are still working on this application, you should fix all known problems and set the status to Needs review. (See also the project application workflow.)
Please don't change status of this application if you aren't sure you have time to dedicate to this application, or it will be closed again as won't fix.
I am closing this issue due to lack of replies.
Comment #6
NicholasSSorry for the late reply I pushed changes to the branch and I believe worked through most of the issues identified. How do I trigger a new automated test to see if all those issues were corrected properly?
Comment #7
NicholasSPushed changes and would like another automated test to see if everything was corrected appropriately.
Comment #8
seroton CreditAttribution: seroton as a volunteer commentedHi,
You just need to click repeat review, or submit the branch again from homepage. Latest review:
https://pareview.sh/pareview/https-git.drupal.org-project-tocbot.git-7.x... looks ok now
Thanks for your module!
Comment #9
klausiThanks for your contribution!
* Error: Call to undefined function libraries_get_path() in tocbot_block_view() (line 357 of tocbot.module). Looks like you forgot to declare a dependency tot he libraries API module in the info file? Please alsways test your module on a clean drupal installation.
* JS error: Uncaught TypeError: Cannot read property 'className' of null. Please test your module's JS, it does not seem to work.
* hook_uninstall() is missing to remove all your variables, please add that.
I wanted to test the title display of the block for XSS security issues, but the Javascript breaks. Can you fix the errors from above? Then I can take another look.
Attached are some Coder errors that you should also fix.
Comment #10
NicholasS@klausi thanks for looking at it in more detail, the uninstall makes sense I didn't think about that. I will work through these new issues.
I was looking over Drupal docs and couldn't find a clear answer but during the security review should I just be pushing updates onto the branch? Wasn't clear on that.
Comment #11
NicholasSA Big thank you for everyone who has reviewed this so far. I tested this a lot more in a fresh D7 site, made the module not depend on the Libraries module, made it more presentable out of the box. I also finally got phpcs working with VSCODE (on windows everything seems harder) so I think I got all the errors and comments corrected identified in the reports.
Comment #12
NicholasSComment #13
vuilThank you for the contribution!
I have not found any security related issues into the code.
Good work!
Comment #14
klausiThank you, yes you just push all new changes to the branch.
All looking good to me now as well. I tried a couple of XSS attacks in the config options but it seems everything is sanitized correctly.
Comment #15
apadernoThank you for your contribution! I am going to update your account.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the dedicated reviewers as well.