What to cover in an application review
This documentation needs work. See "Help improve this page" in the sidebar.
When a project is reviewed for an application, the following are critical points that need to be considered.
- Licensing
- Security
- Drupal coding standards
- Correct usage of Drupal APIs
The following points are important and need to be considered too.
- Code documentation
- Project duplication
Licensing
All code that is a derivative work of Drupal (typically PHP code), including modules, themes, and installation profiles hosted on Drupal.org, is licensed under the same license used for Drupal: GPL version 2.0 and later. It is not possible to license modules, themes, and installation profiles hosted on Drupal.org under a license that is different from the one used from Drupal, including GPL version 3.0.
Third party libraries that are hosted elsewhere should not be added to the project repository, with the exceptions listed in Policy on 3rd party assets on Drupal.org / Third party libraries.
Security
Writing secure code for Drupal has a list of common security issues a project used for an application should not have.
That documentation page could be updated for lasted Drupal release; for previous Drupal releases, what it reports is still valid, but the security issue and how to avoid it involves different functions/methods/classes.
Drupal coding standards
We do not expect the project to 100% adhere to the coding standards, but plain sloppy and poorly presented code is not accepted.
Correct usage of Drupal APIs
We check all the PHP code line-by-line, looking for proper use of Drupal APIs, to verify that functions/methods receive the correct parameters, but also that the correct APIs are used.
Verifying the code does not contain security issues also verifies the Drupal APIs are correctly used. This is an extension of the previous point; it also includes those cases where misusing a Drupal API does not cause any security issue.
Code documentation
Module documentation guidelines and API documentation and comment standards are helpful documentation pages on code documentation.
Help improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion