Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Please find details of a simple module that uses NZ Post's Ratefinder API to provide shipping quotes (extends Ubercart's uc_quote)
Project page
https://drupal.org/sandbox/southweb/2224413
Comment | File | Size | Author |
---|---|---|---|
#7 | paraview.png | 89.94 KB | southweb |
Comments
Comment #1
southweb CreditAttribution: southweb commentedComment #2
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
TR CreditAttribution: TR commentedThere is no code in the git repository for your project. Please add your code to the repository and then set the issue status back to "Needs review".
Comment #4
southweb CreditAttribution: southweb commentedOk thanks
Comment #5
southweb CreditAttribution: southweb commentedI have added files to the GIT sandbox.
Note to self- use ssh with GIT URLs and set origin master on first PUSH.
Comment #6
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxsouthweb2224413git
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #7
southweb CreditAttribution: southweb commentedNot quite sure how I can view these errors. The link sent me to a form to test the code, but then asked for a URL.
Neither
http://drupalcode.org/sandbox/southweb/2224413.git
or
ssh://drupalcode.org/sandbox/southweb/2224413.git
Were considered a valid repository host.
Great concept though. Have uploaded attached error screen.
Comment #8
TR CreditAttribution: TR commentedThe URL seems to be working now - I was able to click the link in #6 and see the errors. BTW the correct form of the URL is http://git.drupal.org/sandbox/southweb/2224413.git - the examples for the input textfield in your image show this form.
One thing that pareview didn't point out was that you put all your files into a uc_ratefinder subdirectory - you don't need to / shouldn't do that. Put everything at the top level of the repository.
Comment #9
southweb CreditAttribution: southweb commentedI have created and started using the 7.x-1.x branch but seem unable to delete the master (see errors below)
Also paraview now spits out over a hundred or so pedantic formatting errors. Is there a tool to tidy up some php code in order to meet its formatting requirements?
Thanks
remote: error: By default, deleting the current branch is denied, because the next
remote: error: 'git clone' won't result in any file checked out, causing confusion.
remote: error:
remote: error: You can set 'receive.denyDeleteCurrent' configuration variable to
remote: error: 'warn' or 'ignore' in the remote repository to allow deleting the
remote: error: current branch, with or without a warning message.
remote: error:
remote: error: To squelch this message, you can set it to 'refuse'.
remote: error: refusing to delete the current branch: refs/heads/master
To ssh://southweb@drupalcode.org/sandbox/southweb/2224413.git
! [remote rejected] master (deletion of the current branch prohibited)
error: failed to push some refs to 'ssh://southweb@drupalcode.org/sandbox/southweb/2224413.git'
Comment #10
southweb CreditAttribution: southweb commentedComment #11
TR CreditAttribution: TR commentedThe error messages don't mean much without knowing what commands you used to try to remove the branch. The parreview page gives you a link to the procedure to remove the master branch - if you follow those instructions it should work just fine. If it doesn't, then the instructions need to be fixed.
Drupal, like any other organization, has its own coding standards. Many of these are the result of long experience on how to avoid well-known coding problems, many are so that the module works with our automated tools (like the documentation generator), but some are just so that we share a common language and can use, maintain, and contribute to the code developed by others in this large community. Part of the instructions for apply for git permissions on drupal.org tell you how to check your code against the Drupal coding standards, and ask you to ensure your code complies before you submit your application. Once you have fixed your coding standards it will be a lot easier for the volunteer reviewers to examine your code and approve your application.
While there are a bunch of PHP beautifiers available online, I don't know of any specifically designed for Drupal code. In my opinion, because your module is small it would be quick and easy to make these changes by hand. In doing so you would learn what needs to be done, which will greatly benefit you when writing other modules or contributing to Drupal.
You still need to move the code out of the subdirectory. Take a look at some other project repositories if you're unsure what iyours should look like.
Comment #12
southweb CreditAttribution: southweb commentedpareview errors address. Note: a nice module called coder gets you about 75% of the way there.
files moved to parent
branch changed - see details below:
mac02:git andrew$ git push origin 7.x-1.x
southweb@drupalcode.org's password:
Total 0 (delta 0), reused 0 (delta 0)
To ssh://southweb@drupalcode.org/sandbox/southweb/2224413.git
* [new branch] 7.x-1.x -> 7.x-1.x
Comment #13
inders CreditAttribution: inders commentedsomething reported by coder module about security:
Comment #14
southweb CreditAttribution: southweb commentedAdded check_plain
Comment #15
santiwww CreditAttribution: santiwww commentedThere's a master branch configured as default and also a 7.x-1.x branch.
The 7.x.-1.x should be set as default and the master branch should be deleted.
Follow these steps to do it properly: https://drupal.org/node/1127732
Variable names in .install file are incorrect, causing some of them still remains after uninstalling module.
Comment #16
southweb CreditAttribution: southweb commentedHave updated the .install file to delete the correct variable names. Well spotted
Hopefully I have done the correct steps with regard Git. I'm an SVN user from way back to am still struggling a little here.
See session below.
Comment #17
southweb CreditAttribution: southweb commentedPing
Comment #18
gisleSince this is a sandbox project, it can safely be deleted. I think the simplest way to sort out the mess is to do the following:
1234567
.(The last two commands are the same as the last two commands in the instructions under "Version control" for setting up this repository for the first time.)
You should now have a sandbox that is correctly set up, with all your commits inside it.
Finally, update your issue summary so that the link to the sandbox and the git clone command refers to this new sandbox.
(Being a SVN veteran myself before moving to git, I know how you feel. But git grows on you!)
Comment #19
gwprod CreditAttribution: gwprod commentedYou can't delete the master branch, because it's set as default in your project. Go into Version Control, change to 7.x-1.x, and save. Then try deleting master.
Comment #20
southweb CreditAttribution: southweb commentedThanks for the instructions gisle! I will try this if gwprod's solution doesn't work.
gwprod, when you say "go into Version Control" what do you mean? I am using command line Git. What would be the commands to use?
cheers
Comment #21
gwprod CreditAttribution: gwprod commented@southweb
on your sandbox project page, go to the Version Control tab, and set your Default Branch to 7.x-1.x
Comment #22
southweb CreditAttribution: southweb commentedThanks for above advice. Have changed default branch to 7.x-1.x and committed the change to fix the variable names again (#15)
Hopefully this time.
Comment #23
gwprod CreditAttribution: gwprod commentedYou're still supposed to delete the Master branch.
Comment #24
southweb CreditAttribution: southweb commentedMaster removed!
For anyone following this who is new/struggling with GIT I downloaded a wonderful tool (SourceTree) that enabled me to view then delete remote branches.
Comment #25
southweb CreditAttribution: southweb commentedPing
Comment #26
southweb CreditAttribution: southweb commentedping
Comment #27
southweb CreditAttribution: southweb commentedping
Comment #28
southweb CreditAttribution: southweb commentedping
Comment #29
southweb CreditAttribution: southweb commentedping
Comment #30
er.pushpinderrana CreditAttribution: er.pushpinderrana commented@southweb, thankyou for your contribution.
Automated Review
Best practice issues identified by pareview.sh / drupalcs / coder. Yes, http://pareview.sh/pareview/httpgitdrupalorgsandboxsouthweb2224413git reported few minor issues.
Manual Review
admin/store/settings/quotes (enable quote method here)
NoYes. If "no", list security issues identified.(*) uc_ratefinder_ratefinder: this is vulnerable to XSS. uc_ratefinder_api_key variable value coming form user provided input and this is passing directly to curl request, you need to sanitize it before passing further, make sure to read https://www.drupal.org/node/28984 again.As per klausi comment in #31, making correction.(+) uc_ratefinder_menu:As per klausi comment in #31, correcting this and moving to below list because still unable to find defined permissions in your module."'access arguments' => array('configure quotes'),"
that permission is not defined by your module in hook_permission()? Also the permission name does not really fit?Thanks Klausi for correcting me.
$mid = 0
param here. Also doc missing of this function. Why are you writing separate submit function as you are saving form values throughvaribale_set()
that can be easily achieved through system_settings_form(). Also what is the use ofif (preg_match('/^ratefinder_.*/', $key)) {
?configure = admin/store/settings/quotes/methods/ratefinder
in your .info file to make it directly accessible from module page.uc_ratefinder_admin_method_edit_form()
in separate admin.inc file.uc_ratefinder_ratefinder()
function you are using PHP cURL to send http get request, I would recommend you to use drupal_http_request() to hit the external URL.@
in this codeif (@$rates['status'] != 'success') {
, add your comment on this."'access arguments' => array('configure quotes'),"
that permission is not defined by your module in hook_permission()? Also the permission name does not really fit?The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
Please don't remove the security tag, we keep that for statistics and to show examples of security problems.
As I am not a git administrator, so I would recommend you, please help to review other project applications to get a review bonus. This will put you on the high priority list, then git administrators will take a look at your project right away :-)
Thanks Again!
Comment #31
klausiDon't sanitize variables when you pass them to cURL. It will issue a HTTP request to some other site, but it will not print anything to HTML. Therefore sanitization would be wrong here.
Also the permission question is technically not a security issue. If people use permissions that are not defined then that is not a security issue because the system will just not grant access on permissions that don't exist (only user 1 will always pass user_access()).
So I'll remove the security tag for now since those 2 things are not vulnerabilities. Feel free to add it if you find other exploits.
Comment #32
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.