Synopsis
KANDY is about making communications simple with the KANDY platform managing all the complexity and hard stuff, while you focus on the intent of your application. KANDY manages all the elements of your voice, video, presence and messaging requirements. Accessing the power of KANDY is simple using our provided developer tools.
Requirements
Drupal 7.34
Shortcode https://www.drupal.org/project/shortcode
Link to project page: https://www.drupal.org/sandbox/kandy-io/2445545
Git repo:
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/kandy-io/2445545.git kandy
I've developed quite a few custom modules for internal/custom projects, but this is my first public project. I have done my best to follow best practices but appreciate any insight / recommendations.
Manual reviews of other projects:
https://www.drupal.org/node/2445625#comment-9684027
https://www.drupal.org/node/2445625#comment-9712031
https://www.drupal.org/node/2455723#comment-9740121
https://www.drupal.org/node/2495891#comment-9971695
https://www.drupal.org/node/2445625#comment-9971727
https://www.drupal.org/node/2359783#comment-9971801
https://www.drupal.org/node/2474101#comment-9971895
Cheers,
Kandy-IO
Comment | File | Size | Author |
---|---|---|---|
#45 | coder-results.txt | 39.96 KB | klausi |
#34 | coder-results.txt | 4.08 KB | klausi |
Comments
Comment #1
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxkandy-io2445545git
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #2
kandy-io CreditAttribution: kandy-io commentedFixed readme.md. Please verify.
Comment #3
saurabh.tripathi.cs CreditAttribution: saurabh.tripathi.cs commentedHello, and welcome to the review process!
Take a look at the pareview results and correct them if feasible as they are warnings not errors.
FILE: /var/www/drupal-7-pareview/pareview_temp/includes/RestClient.php
--------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
--------------------------------------------------------------------------
10 | WARNING | Class name must be prefixed with the project name "Kandy"
16 | WARNING | Class name must be prefixed with the project name "Kandy"
Comment #4
kandy-io CreditAttribution: kandy-io commentedComment #5
kandy-io CreditAttribution: kandy-io commentedadd review bonus tag
Comment #6
k_zoltan CreditAttribution: k_zoltan commentedAll user accounts are for individuals. Accounts created for more than one user or those using anonymous mail services will be blocked when discovered (see Get a Drupal.org account).
Please note that organization accounts cannot be approved for git commit access. See https://drupal.org/node/1966218 and https://drupal.org/node/1863498 for details on what is/isn't allowed. Please update your user profile so that we don't have to assume that this is a group account.
Comment #7
kandy-io CreditAttribution: kandy-io commentedI am actually an individual developer. I updated the organization to empty. This account is for individual not for organization.
Comment #8
kandy-io CreditAttribution: kandy-io commentedUpdate profile to prove I am an individual account, not an organization account.
Comment #9
joshi.rohit100Review :-
1. I think there is no need to have hook_install() and hook_uninstall() as drupal takes care of this stuff itself.
2. You have created multiple menu callbacks in module. You should use 'file' attribute in hook_menu() instead of defining callback in module file.
3. You have created a file name kandy.api.php which contains your useful methods. Rename this file as in drupal, *.api.php file is used for documentation/help purpose.
4. In few of your methods, you are getting data from query-string without sanitizing it. Use filter_xss() there for security or XSS.
5. In your info file, I think you have typo "Kanky" => Kandy
6. Instead of creating your own RestClass, you can use drupal_http_request() method.
Comment #10
kandy-io CreditAttribution: kandy-io commentedHi joshi.rohit100 Thanks for your review.
1. I need add some table with my module, so i need implement hook_install and hook_uninstall.
2. I need a clean workflow, so i add them in module file.
3. Fixed
4. Fixed.
5. Not mandatory.
6. Fixed. Thanks you so much at this point.
Comment #11
kandy-io CreditAttribution: kandy-io commentedComment #12
joshi.rohit100What I meant in point 1 is that you dont need to write hook_install() to install a table. You just need to have hook_schema() and when you install the module, it will automatically create the table.
For hook_uninstall(), drupal itself will remove the table when you uninstall the module (not disable). So no need to have hook_uninstall() to remove the table. You can check this on your local environment.
As per point 3, you are still using the *.api.php file in wrong context.
Also you don't have to attach zip/tar of your code. You just update your code and push into the repositor.
Thanks
Comment #13
kandy-io CreditAttribution: kandy-io commentedHi Joshi!
1. Fixed.
3. Rename kandy.api.php => kandy_api.php right?
Thank you so much. Please give me feedback if you get any error about my module.
Comment #14
joshi.rohit100In kandy_api.php,
this is irrelevant.
I am removing, PAReview tag now. Please do some more review to add this tag.
Comment #15
klausiThat minor problem alone is surely not application blocker, anything else that you found or should this be RTBC instead?
Comment #16
joshi.rohit100@klausi - I am agree with you as this is not a blocker.
The major problem that I have found (as per my thought) is in this submit handler.
A you see here, content is collected from $_POST instead of $form_state and I think it is major.
Apart of this, I can still see some minor issues (not blocker).
Comment #17
kandy-io CreditAttribution: kandy-io commentedThis is my manual reviews of other projects:
https://www.drupal.org/node/2053373#comment-9683781
https://www.drupal.org/node/2193367#comment-9683813
https://www.drupal.org/node/2445633#comment-9684001
https://www.drupal.org/node/2445625#comment-9684027
Follow bonus review https://www.drupal.org/node/1975228
Do at least 3 manual reviews of separate project applications in the main issue queue. While not mandatory, there is a template that you can use to make sure you cover all of the necessary points in your review.
Why did you remove my PAReview: review bonus tag?
Comment #18
kandy-io CreditAttribution: kandy-io commented@joshi.rohit100
Remove module_load_include in kandy_api.
thanks.
Comment #19
joshi.rohit100PAReview: review bonus tag is a way to encourage people to review other project applications and with this, they can learn new things.
As per https://www.drupal.org/node/1975228, check What Happens Next section.
Comment #20
joshi.rohit100Also, as per my comment #16, please check whether you should use $_POST or $form_state.
Also as per @klausi #15, I am not marking is as Needs Work, but please check for your code formatting for variable_get() and set as it is not consistent and also please use t() function wherever you print the output.
Comment #21
klausimanual review:
Comment #22
kandy-io CreditAttribution: kandy-io commentedHi joshi.rohit100!
Can you tell me more about "formatting for variable_get() and set as it is not consistent"?
Comment #23
kandy-io CreditAttribution: kandy-io commentedHi klausi!
3. Can you tell me more about Why can't you use the usual public:// or private:// files folder?. I can not find any folder name files in my default drupal project? Where should we place my writable file?
Comment #24
joshi.rohit100Variable_get() formatting - Some places you have used like this
and some places like this -
So its not a blocker or major thing, but I prefer if you have time then format that.
Comment #25
kandy-io CreditAttribution: kandy-io commentedHi klausi and joshi.rohit100!
I have just updated code follow your review:
1. use $form_state['values'] instead of $_POST
2. I replace all ".." character in my filename, to make sure, attacker can not edit any file.
3. move all kandy files to public folder: site/default/files, so that we can change anything we want in these files.
4. Remove filter_xss.
5. formatting variable_get (as joshi.rohit100's suggestion).
Please verify, thanks.
Comment #26
kandy-io CreditAttribution: kandy-io commentedThanks you very much!
Comment #27
kandy-io CreditAttribution: kandy-io commentedUpdate manual reviews for PAReview: review bonus
Comment #28
klausiRemoving review bonus tag, you have not done all manual reviews, you just repeated the output of an automated review tool. Make sure to read through the source code of the other projects, as requested on the review bonus page.
Anyone can correct git clone commands in the issue summary of applications, feel free to do so.
Comment #29
kandy-io CreditAttribution: kandy-io commentedUpdate manual review.
Comment #30
naveenvalechaReview of the 7.x-1.x branch (commit 9cc6f26):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Manual Review :
Assigning to myself for next review and will continue tonight.
Comment #31
nesta_ CreditAttribution: nesta_ commentedHi :)
You can remove width to "kandyDrupal.css"
Line 31 .kandyButton .kandyButtonComponent input[type='button'] {
Line 32 cursor: pointer;
Line 33 width: 90px; <---------------- you repeat in line 24 :)
Line 34 }
Line 36 - line 58: All display none, add only 1 display:none.
Ej:
.kandyButton .kandyButtonComponent .someonesCalling,
....
.kandyButton .kandyVideoButtonCalling,
.kandyButton .kandyButtonComponent .someonesCalling{
display: none;
}
Line 180 use REM niiiiiceeeeeee :) IE8 not good, but... IE8 xD
Comment #32
kandy-io CreditAttribution: kandy-io commentedHi naveenvalecha.
1. Can you explain more about "directly"?
2. I need a button anchor not an simple anchor, so that is use a markup element to create my button.
3. Only admin can use script, style customization feature. In my previous comment
https://www.drupal.org/node/2445561#comment-9711691 i have fixed your issue.
4. I have replaced json_encode by drupal_json_encode.
Hi nguerrero.
1. I have just fixed your review.
2. Currently, kandy module only support for Chrome, not support for IE.
Thanks for all reviews.
Comment #33
klausiRemoved one none-manual review.
Comment #34
klausiReview of the 7.x-1.x branch (commit d5413bc):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
manual review:
Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.
Comment #35
kandy-io CreditAttribution: kandy-io commentedHi Klausi.
I have just fixed some issues below:
1. Please show me how to create a doc page for my module?
2. Rename help.php to help.html
3. Add plain text on description kandy_schema
4. Add filter_xss when get user data from system.
5. Change desciprtion on #empty_text
6. Add permisson for all menu.
Please verify. Thanks.
Comment #36
k_zoltan CreditAttribution: k_zoltan commentedI know @Klausi is busy helping many people so I try to help you about point 1.
Here you can find great tips:
https://www.drupal.org/node/997024
http://growingventuresolutions.com/blog/module-owners-how-make-your-modu...
If I would be in your situation I would do the following:
I am not in charge to say how you should format your project page, these are just some suggestions based on my experience what I have seen on other module pages.
You could also link the README to the project page like this http://cgit.drupalcode.org/sandbox-kandy-io-2445545/tree/README.md
Great work,
Keep up the good work
Comment #37
kandy-io CreditAttribution: kandy-io commentedHi k_zoltan!
I want to have a documentation page same link this: https://www.drupal.org/documentation/modules/views. Could I create a new page look like this: https://www.drupal.org/documentation/modules/kandy ?
Comment #38
kandy-io CreditAttribution: kandy-io commentedAdd sync user feature when active module. Need reviews.
Comment #39
mqannehThere is no need to write a hook_uninstall_schema for your module if you have hook_schema then drupal will uninstall your schema automatically when you uninstall your module.
change
into
Comment #40
kandy-io CreditAttribution: kandy-io commentedI test on Php 5.4 and drupal 7.3.4, Some times I can not delete kandy_users table when I uninstall kandy module. In order to make sure my module works properly. I add this
// Drop my tables.
if (db_table_exists('kandy_users')) {
drupal_uninstall_schema('kandy');
}
Comment #41
kandy-io CreditAttribution: kandy-io commentedNeed uninstall hook
Comment #42
klausiRemoving review bonus tag, you have not listed any additional review in the issue summary? There should be at least 6 review links before you add the review bonus tag again. Thanks!
Comment #43
kandy-io CreditAttribution: kandy-io commentedMake more comments to make a review bonus tag.
Comment #44
kandy-io CreditAttribution: kandy-io commentedComment #45
klausiReview of the 7.x-1.x branch (commit 1617d63):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
manual review:
Comment #46
mouhammed CreditAttribution: mouhammed commented$_GET['returnPath'] and $_GET['id']
are not safely exploited.$form_state['redirect']
instead ofdrupal_goto
?Comment #47
klausiCheck_plain() should only be used when actually printing something to html. If the data is just used for comparisons then no sanitization is necessary.
The point about the open redirects is a good one, I found that too.
Comment #48
Alan D. CreditAttribution: Alan D. commentedJust bypassing...
You can reduce a lot of the code which would allow for a faster code review, manly related to your form menu callback definitions and implementations.
Firstly, is this information in the public domain?
$kandy_user->user_id . "@" . $kandy_user->domain_name;
With this menu callback everybody can see this. Seems to be a few possible areas in question depending on this answer. Was this what custom permission 'access kandy content' was for?
You shouldn't be using exit(), drupal_json_output() does this for you.
You may be using term as a search key, but the query doesn't use this, and it loads all users.
Recommend limiting this to a query that matches the term AND adding a limit. Running on drupal.org, you would hit millions of returns here!!
db_select()->range(0, 25)
Read up on menu wild card loaders and let Drupal take care of some basic loading... %user will accept a {user}.uid and pass the fully loaded user object via user_load(%).
Rather than the all powerful, nearly god like permission, 'administer site configuration', you could define your own :)
Any reason why you don't just use this?
Or when you have the form state:
But make sure you are passing this by reference (&so that it works:
You should always have this set, so no need to check this nor to have the else { drupal_goto() }
Another possible place for menu placeholders?
Comment #49
Alan D. CreditAttribution: Alan D. commentedAnd a couple other minor points.
By using $user as a variable name, you can quickly hit some nasty bugs if you accidentally do this:
Try to use $account to avoid this from happening.
I accidentally done this once, assigning everybody as the admin 1 account... luckily only on my local dev environment! It did take a while to track down though.
Hyphens are nicer than underscores: "kandy/get_user_for_search" c/f "kandy/get-user-for-search"
More of a style thing
Good luck with your project :)
Comment #50
KartagisComment #51
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #52
kodeplusdev CreditAttribution: kodeplusdev commentedI fixed all issues above and committed some changes for new features.
Need reviews. Thanks!
Comment #53
klausiThe Git commits are not connected to your user account. You need to specify an email address. See https://www.drupal.org/node/1022156 and https://www.drupal.org/node/1051722
jquery.rateit.min.js: appears to be 3rd party code. 3rd party code is not generally allowed on Drupal.org and should be deleted. This policy is described in the getting involved handbook. It also appears in the terms and conditions you agreed to when you signed up for Git access, which you may want to re-read, to be sure you're not violating other terms.
The Libraries API module is a recommended method for adding 3rd party dependencies without directly including the code on Drupal.org.
Can you also fix the coding standards according to http://pareview.sh/pareview/httpgitdrupalorgsandboxkandy-io2445545git before we start the next round of reviews?
And the automated review reports a security issue: DrupalPractice has found some issues with your code, but could be false positives.
Comment #54
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #55
kandy-io CreditAttribution: kandy-io commented@klausi I've fixed all issues you mentioned. Please help me to do a review. Thanks a lot!
Comment #56
klausiLooks like you forgot to push your changes with git?
Comment #57
Manjit.Singh@kandy-io Please add some recent manual code reviews to boost up the project application.
Comment #58
klausiThey already did 6 reviews, so that is fine.
Comment #59
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.