Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Review for drupal module. Locker module (https://drupal.org/node/2262991/). Uploaded zip file for review.
Git clone command code
git clone http://git.drupal.org/sandbox/websolutions.hr/2262991.git locker
cd locker
Comment | File | Size | Author |
---|---|---|---|
#30 | Untitled-1.png | 13.16 KB | gaurav.pahuja |
#28 | Locker 10.209.11.26.png | 33.64 KB | gaurav.pahuja |
#28 | Locker 10.209.11.26-1.png | 5.8 KB | gaurav.pahuja |
#24 | locker_module.zip | 125.24 KB | ws.agency |
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedGit clone command for the sandbox is missing in the issue summary, please add it.
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
ws.agency CreditAttribution: ws.agency commentedGit clone command added
Comment #3
ws.agency CreditAttribution: ws.agency commentedComment #4
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxwebsolutionshr2262991git
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #5
ws.agency CreditAttribution: ws.agency commentedComment #6
ws.agency CreditAttribution: ws.agency commentedComment #7
joachim CreditAttribution: joachim commentedGit clone command is wrong:
Also, no need to tag this with 'module review'! It's already in the issue queue for that!
Comment #8
klausiThat should not be an application blocker, you can use the version control tab on the sandbox page. Can you review the source code?
Comment #9
joachim CreditAttribution: joachim commentedGiven the ratio of the number of applications to the number of reviewers, I feel it's important to try to keep the process streamlined where possible.
Besides, the PA robot set it to needs work on the same grounds:
> Git clone command for the sandbox is missing in the issue summary, please add it.
Comment #10
ws.agency CreditAttribution: ws.agency commentedYou can clone it with this command:
git clone http://git.drupal.org/sandbox/websolutions.hr/2262991.git
Comment #11
joachim CreditAttribution: joachim commentedWell nearly... that gets me a folder called 2262991.
?? That's not a hook name! Also this function looks really odd.
That doesn't say much!
Looks weird. Document what on earth is going on here!
unlock.html
It's not customary to use .html in paths.
Also, again, what on earth is all that about??!
I really hope this is NOT implementing https://api.drupal.org/api/drupal/modules!node!node.api.php/function/hoo...! Also, how could it, given the function name!
Prefix your variable_get() variables with your module's name.
No such hook. Look at core code to see how to document form builders and handlers.
Make it clear that this stylesheet is only for the single page.
Comment #12
ws.agency CreditAttribution: ws.agency commentedWell purpose of our module is to protect Drupal website from being accessed unless user has username/password and one of methods to hide from user even knowing its drupal site is to use .html path. Other bugs fixed.
Comment #13
bmeme CreditAttribution: bmeme commentedit seems that this module is not passed through the basic "Pareview" check.
Get a look at this: http://pareview.sh/pareview/httpgitdrupalorgsandboxwebsolutionshr2262991git. There are some errors in your code.
You are also working in the "master" branch in git. Instead you should work in a version specifich branch. Get a look at:
to accomplish this task.
Comment #14
ws.agency CreditAttribution: ws.agency commentedSome error fixed. There are still some errors, but I can't find them in my code. Version branch specified. Needs review.
Comment #15
gisleGit clone command in issue summary is still wrong.
Not a blocker, and maybe somebody else will be enthusiastic enough about this project to visit the version tab and find the right command to clone. However, given the length of the review queue, I am not. I don't see why I should use some extra effort to review somebody that is too sloppy to even get the issue summary right.
Comment #16
ws.agency CreditAttribution: ws.agency commentedGit command clone:
git clone http://git.drupal.org/sandbox/websolutions.hr/2262991.git
Comment #17
ws.agency CreditAttribution: ws.agency commentedComment #18
ws.agency CreditAttribution: ws.agency commentedComment #19
gwprod CreditAttribution: gwprod commentedThe priority for this application should not be changed to major at this time.
2. Basic repository checks
2.1 Ensure the repository actually contains code.
Repository contains code.
2.2 Ensure you are working in a version specific branch.
Version specific branch used.
3. Security Review
3.1 Ensure the project does not contain any security issues.
I couldn't find any that were obvious other than from PAReview.
4. Licensing checks
4.1 Ensure the repository does not contain a ‘LICENSE.txt’ file.
No LICENSE.txt
4.2 Ensure the repository does not contain any 3rd party (non-GPL) code.
No 3rd-party code.
5. Documentation checks
5.1 Ensure the project page contains detailed information.
Project page seems to indicate what the module does and how it is used.
5.2 Ensure the repository contains a detailed README.txt.
README.txt exists, and has documentation.
5.3 Ensure the code contains a well-balanced amount of inline-comments.
Very little in the way of inline comments. This code definitely needs to be better documented.
6. Coding standards and style
6.1 Run an automated review and ensure there are no major issues.
Automated Review:
There is still a master branch, make sure to set the correct default branch: http://drupal.org/node/1659588 . Then remove the master branch, see also step 6 and 7 in http://drupal.org/node/1127732
Review of the 7.x-1.x branch:
Remove all .project files from your repository.
Remove all .settings files from your repository.
Bad line endings were found, always use unix style terminators. See http://drupal.org/coding-standards#indenting
FILE: /var/www/drupal-7-pareview/pareview_temp/locker.info
--------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
--------------------------------------------------------------------------------
5 | ERROR | Files must end in a single new line character
--------------------------------------------------------------------------------
FILE: /var/www/drupal-7-pareview/pareview_temp/locker.module
--------------------------------------------------------------------------------
FOUND 32 ERRORS AND 5 WARNINGS AFFECTING 20 LINES
--------------------------------------------------------------------------------
1 | WARNING | [ ] File has mixed line endings; this may cause incorrect
| | results
9 | WARNING | [ ] Format should be "* Implements hook_foo().", "* Implements
| | hook_foo_BAR_ID_bar() for xyz_bar().",, "* Implements
| | hook_foo_BAR_ID_bar() for xyz-bar.html.twig.", or "*
| | Implements hook_foo_BAR_ID_bar() for xyz-bar.tpl.php.".
9 | ERROR | [x] Whitespace found at end of line
49 | ERROR | [ ] You must use "/**" style comments for a function comment
105 | ERROR | [x] Whitespace found at end of line
106 | ERROR | [x] Whitespace found at end of line
107 | ERROR | [x] Whitespace found at end of line
109 | ERROR | [x] Whitespace found at end of line
110 | ERROR | [x] Whitespace found at end of line
111 | ERROR | [x] Whitespace found at end of line
112 | ERROR | [x] Whitespace found at end of line
113 | ERROR | [x] Whitespace found at end of line
124 | ERROR | [ ] You must use "/**" style comments for a function comment
139 | ERROR | [x] The open comment tag must be the only content on the line
139 | WARNING | [ ] Format should be "* Implements hook_foo().", "* Implements
| | hook_foo_BAR_ID_bar() for xyz_bar().",, "* Implements
| | hook_foo_BAR_ID_bar() for xyz-bar.html.twig.", or "*
| | Implements hook_foo_BAR_ID_bar() for xyz-bar.tpl.php.".
139 | ERROR | [ ] Doc comment short description must be on the first line
139 | ERROR | [ ] Function comment short description must start with exactly
| | one space
139 | ERROR | [x] Whitespace found at end of line
140 | ERROR | [ ] Doc comment short description must be on a single line,
| | further text should be a separate paragraph
140 | ERROR | [x] Whitespace found at end of line
179 | ERROR | [x] The open comment tag must be the only content on the line
179 | WARNING | [ ] Format should be "* Implements hook_foo().", "* Implements
| | hook_foo_BAR_ID_bar() for xyz_bar().",, "* Implements
| | hook_foo_BAR_ID_bar() for xyz-bar.html.twig.", or "*
| | Implements hook_foo_BAR_ID_bar() for xyz-bar.tpl.php.".
179 | ERROR | [ ] Doc comment short description must be on the first line
179 | ERROR | [ ] Function comment short description must start with exactly
| | one space
179 | ERROR | [x] Whitespace found at end of line
180 | ERROR | [ ] Doc comment short description must be on a single line,
| | further text should be a separate paragraph
180 | ERROR | [x] Whitespace found at end of line
195 | ERROR | [x] Whitespace found at end of line
196 | ERROR | [ ] Use XHTML style tags instead of
196 | ERROR | [x] Whitespace found at end of line
202 | ERROR | [x] The open comment tag must be the only content on the line
202 | WARNING | [ ] Format should be "* Implements hook_foo().", "* Implements
| | hook_foo_BAR_ID_bar() for xyz_bar().",, "* Implements
| | hook_foo_BAR_ID_bar() for xyz-bar.html.twig.", or "*
| | Implements hook_foo_BAR_ID_bar() for xyz-bar.tpl.php.".
202 | ERROR | [ ] Doc comment short description must be on the first line
202 | ERROR | [ ] Function comment short description must start with exactly
| | one space
202 | ERROR | [x] Whitespace found at end of line
203 | ERROR | [ ] Doc comment short description must be on a single line,
| | further text should be a separate paragraph
203 | ERROR | [x] Whitespace found at end of line
--------------------------------------------------------------------------------
PHPCBF CAN FIX THE 20 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------
FILE: /var/www/drupal-7-pareview/pareview_temp/locker.inc
--------------------------------------------------------------------------------
FOUND 9 ERRORS AND 1 WARNING AFFECTING 6 LINES
--------------------------------------------------------------------------------
1 | WARNING | [ ] File has mixed line endings; this may cause incorrect
| | results
1 | ERROR | [x] End of line character is invalid; expected "\n" but found
| | "\r\n"
1 | ERROR | [x] Additional whitespace found at start of file
6 | ERROR | [ ] There must be exactly one blank line after the file comment
8 | ERROR | [x] Line indented incorrectly; expected 1 spaces, found 0
8 | ERROR | [ ] You must use "/**" style comments for a function comment
13 | ERROR | [ ] There should be no white space before a closing "}"
13 | ERROR | [ ] Closing brace must be on a line by itself
29 | ERROR | [x] Line indented incorrectly; expected 3 spaces, found 2
30 | ERROR | [ ] Files must end in a single new line character
--------------------------------------------------------------------------------
PHPCBF CAN FIX THE 4 MARKED SNIFF VIOLATIONS AUTOMATICALLY
--------------------------------------------------------------------------------
7. API and best practices Review
7.1 Ensure you are using Drupals API correctly.
I've never seen anyone attempt to do this before, but I think deeper adherence to 'The Drupal Way' is warranted.
My Specific Issues:
Use a template for the unlock page, instead of trying to generate html in code.
A menu item of unlock.html is going to be server/?q=unlock.html, which somewhat defeats the purpose.
I can't understand why you're using '#states' the way you are in locker_lock_form
In locker_lock_form_validate, you don't verify there is data to work with before working with it.
form_set_error('name' doesn't seem to correspond to any elements.
Comment #20
perennial.sky CreditAttribution: perennial.sky commentedModule is not working for me.. i don't know may be i configure it wrong but i follow steps written in readme file
I just do a quick review of your project, please see below points
1. Update the purpose of your module in readme file.
2. There are many places where you direct get the value from form_state, so if form state has no variable set then it may through error, Please use isset function.
3. Please use install file to delete variable from database and remove sites/default/files/locker_logos folder when module is uninstall.
4. Try to use drupal api like you may use user_hash_password instead of md5, drupal_get_query_parameters() instead of $_GET['q'].
5. In this locker_lock_form_submit() function
you wrote
you may write in this way
It will optimise your code
6. Please follow the drupal coding standard. Please describe about the function and put some comments in function definition.
Comment #21
perennial.sky CreditAttribution: perennial.sky commentedComment #22
ws.agency CreditAttribution: ws.agency commentedComment #23
ws.agency CreditAttribution: ws.agency commentedAll errors fixed: http://pareview.sh/pareview/httpgitdrupalorgsandboxwebsolutionshr2262991git
Need review for this project.
$_GET['q'] is still there and md5 is still there, it works good with that. Path unlock.html is also there because we don't want to let users know that drupal site is in use.
Comment #24
ws.agency CreditAttribution: ws.agency commentedComment #25
ws.agency CreditAttribution: ws.agency commentedNeeds review so we can finish and publish module.
Comment #26
gisleComment #27
ws.agency CreditAttribution: ws.agency commentedComment #28
gaurav.pahuja CreditAttribution: gaurav.pahuja commentedThanks for your contribution. Here are my initial comments:
Getting following error while uploading logo:
Please strip HTML tags from all input fields. These tags are security risk.
Also use drupal_add_css would be a better option to include CSS file to locker page.
Comment #29
gaurav.pahuja CreditAttribution: gaurav.pahuja commentedComment #30
gaurav.pahuja CreditAttribution: gaurav.pahuja commentedAlso I am not getting error if my credentials are incorrect on unlock.html.
Comment #31
ws.agency CreditAttribution: ws.agency commentedHello gaurav,
Thank you for reviewing the module.
I just pushed updated version with bunch of fixes and updated README which will clarify what this module tries to achieve.
Regarding your comments:
1. Getting following error while uploading logo:
We decided to totally remove the option to display or upload logo, we will keep the module simple.
2. Please strip HTML tags from all input fields. These tags are security risk.
All html is added through Drupal Form API and as I know its not necessary to run it through filter_xss function since Form API does that at a lower level. I tried executing javascript from the form itself but didn't managed, meaning its filtered.
3. Also use drupal_add_css would be a better option to include CSS file to locker page.
Agree however our user case is bit different. Since the purpose of the module is to hide the Drupal from users which don't have access, for example on developement servers sometimes you don't want anyone to see the site except for you and your client. In this case Locker serves as an alternative to HTTP auth protocol.
Because of that we don't want to display login form inside the Drupal but instead we display it on top of it by using print + drupal_exit functions. In that case drupal_add_css won't work since the function to render would be loaded after we already printed the output. Therefore we had to include the css via
attribute.
4. Also I am not getting error if my credentials are incorrect on unlock.html.
Idea was to mimic the HTTP Auth which also doesn't show incorrect credentials, however yeah its bit confusing so we added the validation feedback.
Comment #32
guelzow CreditAttribution: guelzow commentedHi info@websolutions.hr
Manual Review
According to https://groups.drupal.org/node/427683#comment-1062368 the account of this application must belong to an individual.
I'm not so sure about this one, there are nearly no inline comments.
The starred items (*) are fairly big issues and warrant going back to Needs Work.
This review uses the Project Application Review Template.
Tobi
Comment #33
benjaminarthurtAutomated Review
No best practice issues identified by pareview.sh / drupalcs / coder. http://pareview.sh/pareview/httpgitdrupalorgsandboxwebsolutionshr2262991git
No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #34
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #35
ws.agency CreditAttribution: ws.agency at Websolutions Agency commentedAll code formatted, check here: http://pareview.sh/pareview/httpgitdrupalorgsandboxwebsolutionshr2262991git
Clone module using: git clone http://git.drupal.org/sandbox/websolutions.hr/2262991.git locker
Go to "/admin/modules" and enable module
Then go to module configuration "/admin/config/development/locker" and click "Yes" to lock drupal site
Enter desired username and password and click "Submit" - site will be locked
To unlock site, enter username and password you set in locker configuration
Site will be unlocked using $_SESSION unless you go back to locker configuration and submit "No"
Comment #36
chandrasekhar539 CreditAttribution: chandrasekhar539 commentedAutomated Review
no issues
Manual review
every thing seems good. functionality working fine.It is acting as a protection layer before accessing site
Comment #37
ws.agency CreditAttribution: ws.agency at Websolutions Agency commentedComment #38
chandrasekhar539 CreditAttribution: chandrasekhar539 commentedComment #39
chandrasekhar539 CreditAttribution: chandrasekhar539 commentedHi info@websolutions.hr
Automated Review
everything fine
Manual Review
Individual user account
Yes: Follows follow the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
Yes: Meets the security requirements. / No: List of security issues identified.]
Comment #40
ws.agency CreditAttribution: ws.agency at Websolutions Agency commentedNeed permission to promote sandbox to full project?
Comment #41
ws.agency CreditAttribution: ws.agency at Websolutions Agency commentedCan we get "Create Full Projects" permission? Our module passed review but reopening ticket because we didn't get permission?
Comment #42
monojnath CreditAttribution: monojnath at TATA Consultancy Services commentedHi
I tried to use your module.
But, it seems to lack the basic documention for the project.
So I was unable to understand what it does.
Please visit "https://www.drupal.org/node/2190239".
So, please fix these things and good luck :).
Comment #43
ws.agency CreditAttribution: ws.agency at Websolutions Agency commented@monojnath module was already reviewed and passed (see https://www.drupal.org/node/2264953#comment-10242985), but we didn't got permission to "Create full projects". Can you please do that?
Comment #44
PA robot CreditAttribution: PA robot commentedProject 1: https://www.drupal.org/node/2576713
Project 2: https://www.drupal.org/node/2264953
As successful completion of the project application process results in the applicant being granted the 'Create Full Projects' permission, there is no need to take multiple applications through the process. Once the first application has been successfully approved, then the applicant can promote other projects without review. Because of this, posting multiple applications is not necessary, and results in additional workload for reviewers ... which in turn results in longer wait times for everyone in the queue. With this in mind, your secondary applications have been marked as 'closed(duplicate)', with only one application left open (chosen at random).
If you prefer that we proceed through this review process with a different application than the one which was left open, then feel free to close the 'open' application as a duplicate, and re-open one of the project applications which had been closed.
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #45
ws.agency CreditAttribution: ws.agency at Websolutions Agency commented[D7] Json Editor closed - duplicated
[D7] Json Editor already Reviewed & tested by the community
Need account permission to promote full projects from sandbox!
Comment #46
ws.agency CreditAttribution: ws.agency at Websolutions Agency commentedStill need account permission to promote full projects from sandbox!
Comment #47
fabian.fernandes_30 CreditAttribution: fabian.fernandes_30 as a volunteer commentedHi, info@websolutions.hr
I will like to say that it a good module, perfectly as in the description.
I have just one queries that is would list:
How is this module different from user login.(We can display the data to the users when they are logged in, not otherwise)
Comment #48
pankajsachdeva CreditAttribution: pankajsachdeva at QED42 commentedHi info@websolutions.hr,
It seems like your drupal.org account is not individual user account. This account is of any organisation account. Can you please clear it.
Otherwise, your module works fine and I think there is no other major blocker for this module.
Comment #49
pankajsachdeva CreditAttribution: pankajsachdeva at QED42 commentedComment #50
ws.agency CreditAttribution: ws.agency at Websolutions Agency commented@pankajsahdeva my account is individual user account, see my profile for details and full name: https://www.drupal.org/u/infowebsolutionshr
My username shouldn't be the issue and was already approved by drupal.org administrators!
Comment #51
pankajsachdeva CreditAttribution: pankajsachdeva at QED42 commentedHi info@websolutions.hr,
But your profile page has the 'Organisation Member' badge.
Comment #52
benjaminarthurt@infowebsolutionshr
Part of the Standard Project review process is for reviewers to check if an account belongs to that of an individual or an organization.
All user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered (see Get a Drupal.org account).
Please note that organization accounts cannot be approved for git commit access. See https://drupal.org/node/1966218 and https://drupal.org/node/1863498 for details on what is/isn't allowed. Please update your user profile so that we don't have to assume that this is a group account.
This is also echoed in the Drupal.org terms of service Section A. Accounts, sub-section 3.
The wording of your profile text, the username on the account, and the fact that your account has the organization member Drupal Association badge, lead the reviewers to believe your account does not belong to an individual. That is what is blocking the approval of this project, and your account being given the permission to promote projects from sandbox to full projects. Once the account is updated to reflect that of an individual and not an Organization I'd support the change of this application to "Reviewed & Tested by the Community".
I hope this helps clarify the confusion.
Comment #53
klausiThere is an individual name on the user page, so this does not appear to be an organization account.
Comment #54
pankajsachdeva CreditAttribution: pankajsachdeva at QED42 commentedHi @klausi,
If this account is individual user account, I think, there is no other major blocker in this module.
Comment #55
pankajsachdeva CreditAttribution: pankajsachdeva at QED42 commentedComment #56
ws.agency CreditAttribution: ws.agency commentedCan somebody give me permission to publish module?
Thanks!
Comment #57
kattekrab CreditAttribution: kattekrab at Creative Contingencies commentedBumping to major.
Has been RTBC for more than 2 weeks.
Was created almost 2 years ago.
Has been through multiple rounds of review.
@info@websolutions.hr - if you could please review other peoples modules, and add links to those reviews in the issue summary, that will also speed up your final approval and permissions. For more info on the PAReview process see https://www.drupal.org/node/1975228
Comment #58
mlncn CreditAttribution: mlncn at Agaric commentedThanks for your contribution! Congratulations, you are now a vetted Git user. You can promote this to a full project.
When you create new projects (typically as a sandbox to start) you can then promote them to a full project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.