Description
Indicators module is used to automatically import, manage and graphically display (as a chart, table etc.) multi-dimensional statistical data (indicators) from Eurostat site or other sources. Additionally, it provides a geographical interface to select a country or region, and lets you to create a PDF file or export data to Excel.
Originally trageted to European Commission community, this module could be useful for anybody wishing to visually integrate Eurostat (or custom-built) statistical data on their site.
Link to project page
www.drupal.org/sandbox/ec-entr/2304245
GIT clone
You may use the following command to get the code:
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/EC-ENTR/2304245.git indicators
Comment | File | Size | Author |
---|---|---|---|
#30 | indicator_pareview_result.txt | 7.33 KB | vipul.patil7888 |
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxEC-ENTR2304245git
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
zaporyliehttp://pareview.sh gives really bad result for this project. Fix it first.
http://pareview.sh/pareview/httpgitdrupalorgsandboxec-entr2304245git
Comment #3
Anonymous (not verified) CreditAttribution: Anonymous commentedCode cleaned as much as possible to please Pareview.
Comment #4
sajiniantony CreditAttribution: sajiniantony commentedLine number 524 has defined PHP generic class as $source_file = new StdClass() instead of $source_file = new stdClass()(Mixed capital case) in the file indicators_import.data.admin.inc
Comment #5
sajiniantony CreditAttribution: sajiniantony commentedComment #6
Anonymous (not verified) CreditAttribution: Anonymous commentedFixed all outstanding issues. Please review.
Comment #7
drupalove CreditAttribution: drupalove commentedPlease first fix the errors as recommended by @zaporylie and remove any debugging code, i.e. dpm().
http://pareview.sh/pareview/httpgitdrupalorgsandboxec-entr2304245git
EDIT: removed long pareview.sh dump.
Comment #8
drupalove CreditAttribution: drupalove commentedComment #9
Anonymous (not verified) CreditAttribution: Anonymous commentedFixed all outstanding issues. Please review.
Please ignore the following warnings:
Comment #10
Anonymous (not verified) CreditAttribution: Anonymous commentedFixed all outstanding issues. Please review.
Please ignore the following warnings:
Comment #11
ziomizar CreditAttribution: ziomizar commentedHi EC-ENTR,
- At line 1368 of indicators_query.module you have to use placeholder and remove variables inside the queries. Look at db_query page for more informations
- You should use dpm only for testing your module and remove all system messages from the sites for security reasons.
- All constant and variables defined by your module should be prefixed with a module name to avoid conflict with other modules
- Please remove the EC_LICENSE.txt file. Drupal will add the appropriate version automatically during packaging so your repository should not include it. Read the licencing requirements
- In info file you need a specific version of php?
- Is better using arg() than $_GET in indicators_query.module
- In line 706 you catch a database exception error and print the error with drupal_set_message.
You should register this error on watchdog and remove drupal_set_message that expose part of your db to the frontend/backend users.
Comment #12
ziomizar CreditAttribution: ziomizar commentedComment #13
Anonymous (not verified) CreditAttribution: Anonymous commentedThank you for your comments.
The following points are now fixed:
These points are necessary and part of design:
First point: in that case it is impossible to use a placeholder. An extreme care has been provided to generate a secure SQL query, which doesn't come from user input.
Second point: dpm() is called only at design phase when the programmer activates the debug mode. At all other times dpm() is never called. Is there any other way to display debug info to the programmer?
Finally, the question of the licence. We would like to have a dual licensing: EUPL and GPL. EC_LICENSE.txt includes this statement already:
Comment #14
Anonymous (not verified) CreditAttribution: Anonymous commentedI would like to know if one of the points in the above discussion is seen as a blocking factor or if it is just that people are too busy?
Thanks in advance!
Patrick (project manager of the system using the module proposed here)
Comment #15
zaporylieFirst of all - it seems you are using a non-individual account. User accounts are intended for personal use by an individual.
Please note that organization accounts cannot be approved for git commit access. See https://www.drupal.org/terms for details on what is/isn't allowed.
If you have question about licence - please ask licensing working group https://www.drupal.org/governance/licensing-working-group, although I believe you cannot publish code on drupal.org (or create any drupal-related code) with non-GPL licence.
Before you enter the project application process, you should first make sure that your project is a release candidate (rc). That means you shouldn't release code which is still in "active development mode". And if you think your code is release-ready just remove all debug-related code.
If you want to speed-up reviewing process, please join review bonus program.
Comment #16
Anonymous (not verified) CreditAttribution: Anonymous commented1°) First of all - it seems you are using a non-individual account. User accounts are intended for personal use by an individual.
Please note that organization accounts cannot be approved for git commit access. See https://www.drupal.org/terms for details on what is/isn't allowed.
--> I now commit using my personal account at Drupal: rsorokine. It has been added to the project's committers list.
2°) If you have question about licence - please ask licensing working group https://www.drupal.org/governance/licensing-working-group, although I believe you cannot publish code on drupal.org (or create any drupal-related code) with non-GPL licence.
--> Created a new Issue in Drupal Licensing Working Group: https://www.drupal.org/node/2510036
3°) dpm() is called only at design phase when the programmer activates the debug mode. At all other times dpm() is never called. Is there any other way to display debug info to the programmer?
Before you enter the project application process, you should first make sure that your project is a release candidate (rc). That means you shouldn't release code which is still in "active development mode". And if you think your code is release-ready just remove all debug-related code.
--> What I mean is not the programmer who develops Indicators module, but the one who uses it to develop a site with Indicators.
4°) If you want to speed-up reviewing process, please join review bonus program.
--> Thank you for your suggestion.
Comment #17
kreynen CreditAttribution: kreynen commentedThe answer to #2510036: Possibility of using EUPL v1.1 or later is no. You cannot license module code as EUPL in a sandbox or promoted module.
I've opened #2514084: Remove EC_LICENSE.txt.
So not only is including EUPL code blocking, you risk having your git access revoked if you don't fix the licensing.
If you want to change the project's structure so that some part of it is considered a 3rd party library maintained on GitHub or another repo using EUPL, you could ask the LWG to confirm the license compatibility for the library. We'd then have to review the GPLv3 quirks in that license.
But for module code, this is very clear. The license for what is committed MUST be GPLv2 and later. What is packaged for downloaded MUST be GPLv2.
Comment #18
Anonymous (not verified) CreditAttribution: Anonymous commentedEC_LICENSE.txt has been removed. Do I understand well it was the only remaining issue?
Comment #19
zaporylieI would say you should still remove all instances of
dpm()
from codebase or, at least, move it to separate module with devel as a dependency. Check commerce_devel for best practices.And please remember that you cannot commit as EC-ENTR. You have to use your own, personal account instead.
As I wrote before, if you want to get review from security team you should join review bonus program.
Comment #20
Anonymous (not verified) CreditAttribution: Anonymous commentedThank you for your suggestion. Indicators Devel module has been added to the stack.
Regarding my committing under EC-ENTR account, I tried committing under my own account, but for some reason, it fails:
It used to work a month ago, and for some obscure reason it seems that it worked yesterday even though I always got this error message. I checked everything: the project has two maintainers, and I can access my account too:
The same git push command runs ok when GIT and SSH are configured to use EC-ENTR...
Finally, I will join the bonus program time permitting. Would not doing so be an obstacle for getting the full project status, or just the security review part of the review missing?
Comment #21
babusaheb.vikas CreditAttribution: babusaheb.vikas commentedHi EC-GROW,
1) Lots of coder issue in your project.
Install coder module, check your module with coder and fix those errors.
2) In README.txt line no. 41
It should be /admin/modules instead of /admin/build/modules
Comment #22
Anonymous (not verified) CreditAttribution: Anonymous commentedDone as requested. Please review.
Comment #23
patriiiiiiiiiick CreditAttribution: patriiiiiiiiiick commentedCould it be that this application has been off the radar lately for some reason?
Thank you in advance for looking once more into it or telling us what would be missing!
Thank you for your time!
Comment #24
catchI'm out of date on project application requirements, but noticed this when doing a quick review:
Both of these functions are using db_select() and joining directly to the field_data_* table(s).
Instead they should use EntityFieldQuery - this isn't tied to the specific database schema for field storage.
Comment #25
dawehnerSome things realized during the review. Most of them are just general comments and improvements which could be implemented later I guess. To be honest I also
don't really have any clue about the current review process.
indicators_install()
calls out to_indicators_import_create_voc()
during install, which though is just provided by indicators_import.module.Maybe some of that install code should be moved to indicators_import module itself?
_indicators_term_find_code ()
could convert the machine_name to a vid first. Then an EFQ should be usable,same with
_indicators_term_find_tid
.indicators_query.module
is not part of theindicators_query
folder?function indicators_query_preprocess_html()
:IMHO we could replace that by using some
Drupal.behaviours.foo
call inside the javascript.indicators_import_datasets_list()
Ideally you would use
drupal_static_reset()
instead of the simple static.indicators_query_data_field_options
: This could usetrigger_error()
, so normal users don't see that message.In order to make it possible to parse the
t()
strings using potxideally you would use
t('the-help-string')
, but I see, this help text is coming from configuration, so ideally you would rely onhttps://www.drupal.org/project/i18n
for translation those help texts._indicators_import_data_save_line_eurostat()
should usedb_insert()
instead of raw sql queries, because its on the onehand more reusable (sqlite, pgsql) and on the other hand potentially more secure.
indicators_devel
modules still exists? This module seems quite empty and its function could be easily replaced by the devel module.Comment #26
Rahul Seth CreditAttribution: Rahul Seth commentedAutomated Review
I ran your code against auto code sniffer at 'http://pareview.sh/pareview/httpgitdrupalorgsandboxec-entr2304245git'.
Review of the 7.x-1.x branch (commit 93c2f91):
EDIT: removed long pareview.sh dump.
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #27
klausi@Rahul Seth: please don't post long pareview.sh dumps, either attach it as text file or just link to pareview.sh.
Is this application now RTBC or does it need work from the applicant?
Comment #28
dawehnerThere are some things (like the location of the indicators_query.module which would be nice to fix). Not using
db_insert()
seems to be maybecritical from a security point of view, not entirely sure.
In general though I mostly found things which can be improved over time, there should be some more room for that. On the other hand, again, I've no idea whether things like codestyle stuff should really block a project.
Comment #29
Anonymous (not verified) CreditAttribution: Anonymous commentedComment #30
vipul.patil7888 CreditAttribution: vipul.patil7888 as a volunteer and at Faichi Solutions Pvt Ltd for Faichi Solutions Pvt Ltd commentedHi EC-GROW,
Please fix the some basic issues suggested by paraview (http://pareview.sh/pareview/httpgitdrupalorgsandboxec-entr2304245git) in "indicator_pareview_result.txt" file attached.
Thanks,
Comment #31
klausiYeah, the file encoding should be fixed. Also:
All user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered (see Get a Drupal.org account).
Please note that organization accounts cannot be approved for git commit access. See https://drupal.org/node/1966218 and https://drupal.org/node/1863498 for details on what is/isn't allowed. Please update your user profile so that we don't have to assume that this is a group account.
Comment #32
tvb1507 CreditAttribution: tvb1507 commentedHello,
db_query()
is use for performance reason to insert/import big datasets (+100.000). As mentioned in https://www.drupal.org/node/310079 db_query not call hooks (#28)Thanks!
Comment #33
tvb1507 CreditAttribution: tvb1507 commentedComment #34
apadernoIt doesn't seem the point about the individual account has been fixed.
Comment #35
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.