Synopsis
This module provides a webform component to reference a node in webform. Most of the times a list of node needs to select in webform. So currently, this includes node reference only. User and term reference will be added later.
Requirements
webform only.
Known problems
Don't disable and uninstall the module if it has node reference type field otherwise it will gives an error on webform page.
Git Access
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/sumitmadan/2332637.git webform_references
Sandbox URL
https://www.drupal.org/sandbox/sumitmadan/2332637
Automated Review
http://pareview.sh/pareview/httpgitdrupalorgsandboxsumitmadan2332637git
The errors of pareview which are currently showing can't be resolved. Because they are the components hook which are provided by webform api.
Reviews
Roles for menu
Webform Country List
User profile override
Drop Down Login
Webform Country List
Better Comments
Commerce Lease Calculator
Comment | File | Size | Author |
---|---|---|---|
#14 | warning.png | 31.14 KB | sumitmadan |
#2 | pareview.sh-error.png | 45.23 KB | sanat.panda |
Comments
Comment #1
naveenvalechaHi Sumit,
Awesome module. Thanks for your contribution!
Added updated issue summary link.
Updated git access url.Please make sure to add the public accessible git repo url so that other users can access it .i.e. not include your name in the git repo url.
Will update the manual review of this module soon.
As I am not a git administrator, so I would recommend you, should review other project applications to get a review bonus. This will put you on the high priority list, then git administrators will take a look at your project right away :-)
Thanks!
Naveen Valecha
Comment #2
sanat.panda CreditAttribution: sanat.panda commentedHi,
Nice work.
Please fix the issues provided by the PareView.sh(Automated review).
Those are very minor issues in your module and take a jiffy to fix them.
Have look to the attached file for more information.
Good Luck.
Sanat
Comment #3
sumitmadan CreditAttribution: sumitmadan commentedHi,
Thanks Naveen and Sanat for Reviewing this.
I have resolved the http://pareview.sh/pareview/httpgitdrupalorgsandboxsumitmadan2332637git issue.
Comment #4
sumitmadan CreditAttribution: sumitmadan commentedComment #5
sumitmadan CreditAttribution: sumitmadan commentedComment #6
rahulbile CreditAttribution: rahulbile commentedHey Sumit,
Good work, I dont think the issues are still fixed from Automated review, as it says " All functions should be prefixed with your module/theme name to avoid name clashes" so your function names from webform_references_node.inc would be usually like webform_references_node_reference etc. also would suggest renaming webform_references_node.inc to webform_references.node.inc
Rahul
Comment #7
sumitmadan CreditAttribution: sumitmadan commentedHi Rahul,
Thanx for reviewing the project. I have changed the file name to webform_references.node.inc.
As I stated above, the function names can't be changed, because it is according to Webform API.
Comment #8
sumitmadan CreditAttribution: sumitmadan commentedComment #9
rashid_786 CreditAttribution: rashid_786 commentedHi Thanks for contribution,
below is the feedback of manual review:
Code comments does not match with function name, you can use "implements" in case of implementing of hook only, this function doesn't seem hook.
Comment #10
sumitmadan CreditAttribution: sumitmadan commentedHi rashid,
Thanx for review.
Answer to your question is, it is same like as hook. Below is the sample of webform_phone :
Comment #11
rashid_786 CreditAttribution: rashid_786 commentedHi Sumit,
If it is hook must be prefixed with module name. I would suggest to treat this as a handler and mark comments accordingly. Please see automated review also.
http://pareview.sh/pareview/httpgitdrupalorgsandboxsumitmadan2332637git
Thanks,
Rashid
Comment #12
sumitmadan CreditAttribution: sumitmadan commentedHi rashid,
I meant it works same as hook. But it needs to write as like "_webform_component_[component_name]". [component_name] is defined in webform_references.module file.
Comment #13
ricovandevin CreditAttribution: ricovandevin commentedI don't think we should blame Sumit for following the naming conventions of the Webform module. It might be strange choice to work with hooks that have a different structure of names than we are used to in Drupal but that is a decision that has been made earlier by the makers of the Webform module.
For me it is ok to ignore the warnings of the automated review about these function names. The rest of the code looks ok and there are comments that explain what each piece of code does.
As for the working of the module it is easy to install and use. The only thing that bugs me is what is already described as a 'known issue': if you disable the module while your have reference components in use it generates notices on several pages of the webforms that use such a component. Is there any way to prevent this or can we at least warn the site builder about the component being in use when he or she wants to disable the module?
Comment #14
sumitmadan CreditAttribution: sumitmadan commentedHi ricovandevin,
Thanks for the review. I have added a warning message if any node reference component is in used.
See attachment.
Comment #15
sendinblue CreditAttribution: sendinblue commentedManual Reviews:
I found one issue.
Please use t() function in $info['description].
Comment #16
sumitmadan CreditAttribution: sumitmadan commentedHi, Thanx for the review. I have implemented t() function now thanks.
Comment #17
Watergate CreditAttribution: Watergate commentedComment #18
Watergate CreditAttribution: Watergate commentedHi Sumit,
This seems like an interesting extension to Webform. I would like to know if it is possible to reference to entities, instead of nodes (or is this future work?). My general remarks:
Below you can find (the rest of) my review using the Project Application Review Template.
Let me know if you need some clarification on my feedback.
Automated Review
function webform_validate_node_reference($element, $form_state) {
I understand the naming convention imposed by Webform, however, I think that this function should be prefixed with your module name. If not, could you explain why?
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #19
sumitmadan CreditAttribution: sumitmadan commentedHi MrWatergate,
A heartly thanks for the time you taken for review and mentions the important things that I missed. :)
If modules will be going good then I will update the 2.x release with Enity Reference.
Below are my feedback on your comments :
>> Yes, It will be always visible. The developer should keep in mind that node should be there for reference. You can see the "reference" module behaviour too.
>> Thanks. Done.
>> Thanks, Done.
>> Thanks, Done.
Automated Review
function webform_validate_node_reference($element, $form_state) {
>> Because the things won't work if I use my module name prefix. I have reviewed the webform_phone module, the same things if for webform_phone module. It can't be changed.
Manual Review
README.txt/README.md
>> Thanks, Done.
>> Thanks, Done.
>> Thanks, Done.
>> Thanks Done.
>> Thanks, Done.
>> Thanks, Done.
Coding style > Drupal API usage
>> Thanks, Done.
>> I will add it in later version when find it useful or any feature request. I will be the active maintainer of this module.
>> Thanks, Done.
>> Thanks, Removed array_map().
Comment #20
Watergate CreditAttribution: Watergate commentedHello Sumit,
Nice to see that my feedback was useful, however, some changes you made introduced (minor) issues according to PAReview.
I understand that Webform introduces 'conflicts' with Drupal's naming convention. However, the
function webform_validate_node_reference($element, $form_state) {
should be
function webform_references_validate_node_reference($element, $form_state) {
.I've just tested locally by changing the function name and everything still works as expected. Please let me know if I'm wrong! As far as I understand this validation callback function is (currently) only attached to your form items and not called by other modules (i.e., Webform itself).
Kind regards,
Niels
Comment #21
sumitmadan CreditAttribution: sumitmadan commentedThanks MrWatergate,
Hats off to you. :)
Solved the issues you mentioned.
Comment #22
Watergate CreditAttribution: Watergate commentedOk! Marking this project RTBC.
Comment #23
sumitmadan CreditAttribution: sumitmadan commentedComment #24
mpdonadioAssigning to myself for next full review.
Comment #25
mpdonadioAutomated Review
Review of the 7.x-1.x branch (commit f5f4186):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Manual Review
(*) Without seeing the context of where/how _webform_references_get_node_list() is being called, this needs a ->addTag('node_access'), otherwise
there is a node access bypass problem. Also webform_references_validate_node_reference(), and possibly _webform_references_get_node_title(). In general, all
db_select() against {node} should have this tag unless you have already established that the current user has access to the node. Even revealing the title of the
node would be considered a security issue.
Will this work with both Webform 3 and 4? If not, specify a version in the .info dependency.
Use NODE_PUBLISHED instead of the actual constant value.
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #26
sumitmadan CreditAttribution: sumitmadan commentedHi mpdonadio,
Thanks for the review.
For the naming of function, I already explained above that these are as per the webform standard and can't be changed.
I added the addTag to db_select in
_webform_references_get_node_list()
andwebform_references_validate_node_reference()
.Used NODE_PUBLISHED in the db_select.
And Yes, It will work with webform 3 and 4 both.
Comment #27
mpdonadioManual Review
Review of the 7.x-1.x branch (commit a6c88dcb):
Looked at changes. Since appears _webform_references_get_node_title() after a reference has been established, and is an
internal helper function, the tag isn't needed here.
(*) Sorry I missed this, but you have one more security problem. theme_webform_display_node_reference_field() plains
the $element['#value'], and passes it to _webform_references_get_node_title(), which uses it as the $nid in the query. When you don't
use the link option, the title is not plained. See https://www.drupal.org/node/28984. When you make a link, everything
is secure because l() does a check_plain() on the title internally.
Comment #28
sumitmadan CreditAttribution: sumitmadan commentedHi mpdonadio,
Thanks for review the changes. I added
check_plain
to title. Thanks again. :)Comment #29
mpdonadioI read `git diff a6c88dcb..HEAD` and my blocking issue has been addressed. Assigning to @heddn for a second look, if he has time. Otherwise, I will give this a few days at RTBC for any objections.
Comment #30
mpdonadioComment #31
mpdonadioAbout a week at RTBC w/o objections, so...
Thanks for your contribution, sumitmadan!
I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.
Comment #32
sumitmadan CreditAttribution: sumitmadan commentedA big thanks to all who helped me to Improve my code quality level... :)