Description:
The SolidOpinion commenting platform replaces your Drupal comment system with your comments hosted and powered by SolidOpinion.
SolidOpinion is a dynamic new commenting platform that can turn an ordinary discussion into a self-moderating community that promotes your content and generates revenue for your site.
The SolidOpinion for Drupal plugin is easy to integrate even if you’re not a tech-head. And it has a smart design that adapts to your look and feel.
https://drupal.org/sandbox/SolidOpinion/2348059
Documentation:
http://help.solidopinion.com/
Git access:
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/SolidOpinion/2348059.git
Manual reviews of other projects:
none yet.
Demo account for reviewers
http://my.solidopinion.com/
username: demo_account@test.com
password: demo_account
See also
Site with installed SolidOpinion
http://soliddemoonline.com/drupal/
pareview
http://pareview.sh/pareview/httpgitdrupalorgsandboxsolidopinion2348059git
Comments
Comment #1
SolidOpinion CreditAttribution: SolidOpinion commentedComment #2
SolidOpinion CreditAttribution: SolidOpinion commentedComment #3
SolidOpinion CreditAttribution: SolidOpinion commentedComment #4
SolidOpinion CreditAttribution: SolidOpinion commentedComment #5
SolidOpinion CreditAttribution: SolidOpinion commentedComment #6
mccrodp CreditAttribution: mccrodp commentedAutomated Review
Passed, no errors or warnings.
Submitted by Anonymous (not verified) on Mon, 10/06/2014 - 09:43
Review of the 7.x-1.x branch (commit bb97dcb):
No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.
Manual Review
I'd recommend to use one of the templates and maybe include a TOC and reviews can skim through your README easier once it's the boilerplate.
Follow the guidelines for in-project documentation.
In your solidopinion.js file you should be using something like Drupal.behaviours syntax?
E.g. - https://www.drupal.org/node/1025552
The Drupal Javascript coding standards
may help point you in the right direction too.
curl_setopt($curl, CURLOPT_USERPWD, "dev:eQ9UmN6WsuY");
This may be better suited as a 'status' message displayed when the widget is enabled, or even in the README for the module.
on your project review issue for ease of reviewing.
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
This review uses the Project Application Review Template.
I'd also recommend removing those Issue tags (aside from your PAReview: review bonus ;) ) from this issue.
Looking good for a 1st review anyway.
Comment #7
SolidOpinion CreditAttribution: SolidOpinion commented> mccrodp commented 5 days ago
Thank you a lot for your review! All recommendation were done.
Also was creating demo account and demo site for your testing (See in update of issure)
Comment #8
SolidOpinion CreditAttribution: SolidOpinion commentedComment #9
adixon CreditAttribution: adixon commentedYou don't want to take over the 'access administration pages' permission, that's bad. Just take it out of your permission hook, it already exists.
Your uninstall hook is deleting a system variable 'site_name', that's bad, don't do it!
You should prefix your variable 'solidopinion_', not 'so_'
You should not be deleting files in your uninstall hook, that's bad.
You don't need to rebuild the menu and shouldn't be redirecting your user on install/enable (for one thing, it breaks the drush install method). I'd recommend not implementing either if you don't need to do anything special - just let Drupal handle the user flow.
Comment #10
adixon CreditAttribution: adixon commentedI think the inclusion of your widget js should be done in the footer, not sprinkled into the code. I'll see if it works, anyway - checkout drupal_add_js.
Comment #11
SolidOpinion CreditAttribution: SolidOpinion commented> adixon commented about 4 hours ago
Thank you a lot for your review! All recommendation were done.
removed 'access administration pages' permission
uninstall hook:
- no deleting module files
- no deleting system variable 'site_name'
changed variables 'solidopinion_' to 'so_'
removed redirecting after installation module
included script with drupal_add_js
Comment #12
adixon CreditAttribution: adixon commentedHere are three more improvements in a patch:
1. use a custom permission 'administer solidopinion' instead of the administer node permission.
2. enable turning off of commenting per content type. The drupal comments allows you to turn commenting on and off per node, but I think that's probably overkill for most sites, and a lot of extra complications.
3. when you add content to the node via the links, you should add your content rather than just replace anything else that's there (i.e. play nicely with other modules)
Comment #13
SolidOpinion CreditAttribution: SolidOpinion commentedApplied patch
Comment #14
er.pushpinderrana CreditAttribution: er.pushpinderrana commentedCorrected git command.
Comment #15
er.pushpinderrana CreditAttribution: er.pushpinderrana commented@SolidOpinion, you have not created this issue at right place. It should be appear in Issues for Drupal.org Project applications list. Please correct this for future review, for now I've reviewed this.
Automated Review
Best practice issues identified by pareview.sh / drupalcs / coder. None
Review of the 7.x-1.x branch (commit 24f7c61):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Manual Review
$shortname = variable_get('solidopinion_shortname', '');
As I understood from the codesolidopinion_shortname
value is coming through$_REQUEST['shortname']
that is vulnerable to XSS exploits. You need to sanitize this before rendering, make sure to read https://www.drupal.org/node/28984 again. Same applies for solidopinion_block_view(). Can you point me to the place in code where you perform the sanitization? If I'm right please don't remove the security tag, we keep that for statistics and to show examples of security problems.'access solidopinion content'
doesn't seems to be in use. If not then remove it.The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
Please don't remove the security tag, we keep that for statistics and to show examples of security problems.
Comment #16
SolidOpinion CreditAttribution: SolidOpinion commentedThere is a new version without iframe. Please review.
Comment #17
SolidOpinion CreditAttribution: SolidOpinion commentedComment #18
vbouchetNot sure it's important but if you follow "create a new issue" link on the "Apply for permission to create full projects" page, the project should be "Drupal.org Project applications".
I have been able to find this ticket only because I globally search for tickets tagged with "PAReview: review bonus". I think other reviewers currently don't see this ticket if they only use the "Project" field.
Comment #19
PA robot CreditAttribution: PA robot commentedProject 1: https://www.drupal.org/node/2351269
Project 2: https://www.drupal.org/node/2347459
As successful completion of the project application process results in the applicant being granted the 'Create Full Projects' permission, there is no need to take multiple applications through the process. Once the first application has been successfully approved, then the applicant can promote other projects without review. Because of this, posting multiple applications is not necessary, and results in additional workload for reviewers ... which in turn results in longer wait times for everyone in the queue. With this in mind, your secondary applications have been marked as 'closed(duplicate)', with only one application left open (chosen at random).
If you prefer that we proceed through this review process with a different application than the one which was left open, then feel free to close the 'open' application as a duplicate, and re-open one of the project applications which had been closed.
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #20
klausiRemoving review bonus tag, you have not done any manual review, you just posted the output of an automated review tool. Make sure to read through the source code of the other projects, as requested on the review bonus page.
Comment #21
k_zoltan CreditAttribution: k_zoltan commentedAll user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered (see Get a Drupal.org account).
Please note that organization accounts cannot be approved for git commit access. See https://drupal.org/node/1966218 and https://drupal.org/node/1863498 for details on what is/isn't allowed. Please update your user profile so that we don't have to assume that this is a group account.
Comment #22
klausiThe user account has a full individual name, so that qualifies as individual account.
Comment #23
jzasnake CreditAttribution: jzasnake commentedAutomated Review
Is missing a README.txt you should check out https://www.drupal.org/node/2181737 add make sure you get all the required sections.
Manual Review
Individual user account
Yes: Follows the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
No: Does not follow the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
Yes: Meets the security requirements.
Coding style & Drupal API usage
solidopinion.module
You are using one line comments above some of your functions' comment blocks, you should add that to the comment block's short summary or a new paragraph in the block. (just a recommendation)
Comment #24
jzasnake CreditAttribution: jzasnake commentedComment #25
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #26
SolidOpinion CreditAttribution: SolidOpinion commentedComment #27
SolidOpinion CreditAttribution: SolidOpinion commentedComment #28
SolidOpinion CreditAttribution: SolidOpinion commentedREADME.txt file was added. Please review.
Comment #29
lhguerra CreditAttribution: lhguerra as a volunteer and at Taller commentedManual Review
I should agree with jzasnake about those inline comments.
Comment #30
kari.kaariainen CreditAttribution: kari.kaariainen commentedOn admin/config/services/solidopinion it says "To add SolidOpinion comments on your site you should create an integration. Please go to SolidOpinion control panel and create an integration code or you can use existing one."
Then I can log in using this info that you provided on this issue page.
"Demo account for reviewers
http://my.solidopinion.com/
username: demo_account@test.com
password: demo_account"
But what am I supposed to do next? How to "create an integration"? On solidopinion.com I found no mention of integration. Please add clear instructions of how to test.
Comment #31
apadernoI will update your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thank you, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks go the dedicated reviewer(s) as well.
Comment #32
klausiPlease don't remove the security tag, we keep that for statistics and to show examples of security problems.
Comment #34
apaderno