[D7] Mailgun Email Validator

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Please find my review below:

Automated Review

No issues found on http://pareview.sh/

Manual Review

Individual user account

Yes: Follows.

No duplication

Yes: Does not cause.

Master Branch

Yes: Follows.

Licensing

Yes: Follows.

3rd party assets/code

Yes: Follows.

README.txt/README.md

Yes: Follows.

Code long/complex enough for review

Yes: Follows.

Secure code

Yes: Meets the security requirements.

Coding style & Drupal API usage

1. Just a recommendation : Should fix a Notice thrown while adding a new E-Mail field. Refer attached image file.
2. Just a recommendation : Very few inline comments.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

The module seems to follow all normal conventions, as pointed out in #5.

There are no serious issues, but a few minor ones:

1) In the install module, setting "webform_allowed_tags" is a bit brutish. What if it's already set? It should read the existing values, if any, and add to that.

2) In the function "mailgun_email_validator_validate_email_field", it could theoretically call the HTTP service a lot of times, incurring long response times for the user. This is probably rare, but it *is* an issue. Does the Mailgun validator have a bulk validation option? If so, that might be more appropriate.

3) The three validate callback functions in the module files are very similar. Maybe a little refactoring? Just a recommendation.

All in all, nothing serious. It could work out of the box.

Hi sandeep

No problem.

As for 1 and 2: that settles it :-)

As for 3: That's my own taste. It is not a problem for the module as such.

manual review:

1. mailgun_email_validator.info: why do you need to add your CSS to every single page request? Shouldn't you only add it with your form element or where you actually need it? Please add a comment.
2. mailgun_email_validator_form_alter(): instead of mixing the logic for different form IDs here you should use hook_form_FORM_ID_alter() to target the individual forms.
3. mailgun_email_validator_validate_email_field(): using LANGUAGE_NONE here will break for multilingual sites. You should get the field language, probably form the current entity and use that.
4. mailgun_email_validator_validate_email_field(): this vulnerable to XSS exploits if the response in $response['did_you_mean'] contains malicious text. External services need to be treated as untrusted user provided input and you need to sanitize that accordingly. Make sure to read https://www.drupal.org/node/28984 again. Same in mailgun_email_validator_validate_webform_field(). And please don't remove the security tag, we keep that for statistics and to show examples of security problems.

Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

I think this project is long enough to be eligible for the git vetted user role, so removing the single project promote tag.

Automated Review

[Best practice issues identified by pareview.sh / drupalcs / coder. Please don't copy/paste all of the results unless they are short. If there are a lot, then post a link to the automated review and mention that problems should be addressed.]

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not cause duplication and/or fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements.

3rd party assets/code

Yes: Follows the guidelines for 3rd party assets/code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes: Meets the security requirements.

Coding style & Drupal API usage

[List of identified issues in no particular order. Use (*) and (+) to indicate an issue importance. Replace the text below by the issues themselves:

1. Please mention "Email" CCK field is required in case user is not using webforms so that the module documentation will not confuse beginners.
2. This module otherwise looks RTBC to me.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

Automated Review

No issues found on http://pareview.sh/

Manual Review

Individual user account

Yes: Follows.

No duplication

Yes: Does not cause.

Master Branch

Yes: Follows.

Licensing

Yes: Follows.

3rd party assets/code

Yes: Follows.

README.txt/README.md

Yes: Follows.

Code long/complex enough for review

Yes: Follows. the guidelines for project length and complexity.

Secure code

Yes: Meets the security requirements.

Coding style & Drupal API usage

1. (*) As per comment #13 : function mailgun_email_validator_validate_custom_email_field() is still vulnerable to XSS exploits, Please update it.
2. Just a recommendation, please update git clone command to : git clone --branch 7.x-1.x http://git.drupal.org/sandbox/sandykumbhatil/2428499.git mailgun_email_validator
3. Please add comment #16 information in README file also, so there will be no confusion for beginners.
4. Please add "Open ssl extension required information" in README file

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

Thanks Sandeep,

Now this looks RTBC for me.

Assigning to myself for next review.

Automated Review

Best practice issues identified by pareview.sh / drupalcs / coder. Yes, one issue found.
Review of the 7.x-1.x branch (commit 3310e80):

FILE: ...ar/www/drupal-7-pareview/pareview_temp/mailgun_email_validator.module
---------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
---------------------------------------------------------------------------
70 | ERROR | The $text argument to l() should be enclosed within t() so
| | that it is translatable
---------------------------------------------------------------------------

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not cause module duplication and/or fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements.

3rd party assets/code

Yes: Follows the guidelines for 3rd party assets/code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes: Meets the security requirements.

Coding style & Drupal API usage

List of identified issues in no particular order. Use (*) and (+) to indicate an issue importance. Replace the text below by the issues themselves:

1. mailgun_email_validator_form_webform_component_edit_form_alter(): arg() is evil, and should almost always be avoided.
2. mailgun_email_validator_credential_form(): do not create link markup yourself, use url() or l() instead.
3. (+) $response_data = filter_xss($raw_response->data);: filter_xss() is not needed here as you are using check_plain() later to escape data where actual data is printing i.e check_plain($response['did_you_mean']).
4. ...]

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

But that are not critical application blockers, so...

Thanks for your contribution, Sandeep Kumbhatil!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.