Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
30 Mar 2011 at 11:09 UTC
Updated:
7 Sep 2025 at 11:32 UTC
Jump to comment: Most recent
Comments
Comment #1
dysrama commentedComment #2
gregglesThanks for your work to improve Drupal!
I've just read the description and didn't look very much at the code. It sounds like this provides some features that are available in the Views module. Can you explain how this compares to the lists, filters, and caching capability of Views?
I created one non-critical issue: #1136672: Consider whether check_plain is necessary in links title that should be investigated but isn't a requirement for approval.
I created a critical security issue #1136668: Use db_rewrite_sql to prevent access bypass that must be addressed prior to this being approved.
Comment #3
dysrama commentedHi Greggles
Thanks for looking at the module.
Well, as you write, this module does provide some of the features available in Views, but on a much smaller scale, for the people not needing/wanting to use Views (yes, they exist :) ).
Of course, the configurability level of this module is way lower than that of Views, but what goes on is more transparent and the database queries can more readily be optimized for higher performance when the query isn't constructed on the fly. And as a list of latest nodes can be somewhat of a performance killer on high traffic websites, I figured other people could use this module.
As you've noticed, I'm skirting the comparison to the caching capability of Views, since I don't have much insight into this. I work mainly on sites with a lot of traffic where we don't use Views (because of the lack of control of what's going on), and the sites that do use views have so little traffic that Views caching mechanism hasn't been scrutinized.
I'll look at the issues you've raised right away.
Comment #4
dysrama commentedNew code committed.
Removed package info and $Id$ info
Ran the module through coder
check_plain() removed as per #1136672
fixed caching setup as per #1136668
Comment #5
gregglesGetting closer, thanks for your work Kummel!
Comment #6
dysrama commentedImplemented db_rewrite_sql as per #1136668
Comment #7
dysrama commentedComment #8
dave reidYou shouldn't RTBC your own application - that's a step to be performed by the reviewers.
Comment #9
dave reidAs per #1107684: Node relations (not CCK) you already have create project access...you only really had to submit one application to get access. :)
Comment #11
avpaderno