Image Compression TinyPNG/JPG is designed for users to integrate easily with an image compression tool that will make your image suitable for the web. It uses TinyPNG.com’s API which means no complex installation on your server.
This module will reduce the size of your png and jpg files significantly and make Google's PageSpeed Insights happy along reducing your server bandwidth. You will have the options to enable auto compression or keep it manual. You will also be able to bulk compress images that are already on you website.
This module is different from others at it offers simplicity by not presenting the user with any configuration options for images. This module will allow you to compress you historical images on your website using the bulk compression feature and will also give you a way to manually compress you images if you choose too. It provides a close integration with Scald which will also you to see if an image is already compressed or requires compression.
Link to project page: https://www.drupal.org/sandbox/chenderson/2457559
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/chenderson/2457559.git image_compresssion_tinypng_jpg
Manual reviews of other projects:
https://www.drupal.org/node/2495539#comment-9969555
https://www.drupal.org/node/2475755#comment-9969849
https://www.drupal.org/node/2495891#comment-9970057
https://www.drupal.org/node/2496507#comment-9972201
https://www.drupal.org/node/2496997#comment-9972329
https://www.drupal.org/node/2497023#comment-9972703
https://www.drupal.org/node/2498097#comment-9979415
https://www.drupal.org/node/2460777#comment-9986993
https://www.drupal.org/node/2499307#comment-9987823
https://www.drupal.org/node/2499307#comment-9991251 Second review from previous
Minor reviews
https://www.drupal.org/node/2500371#comment-9994307
https://www.drupal.org/node/2499307#comment-9994433
https://www.drupal.org/node/2493817#comment-9974353
Comments
Comment #1
mr_infinity CreditAttribution: mr_infinity commentedAutomated Review
[pareview.sh / drupalcs / coder] Tests are good:Pareview
Manual Review
This review uses the Project Application Review Template.
Comment #2
chenderson CreditAttribution: chenderson commentedThanks for the feedback.
I have changed the project page to only include the requirements, installation and configuration section (with an intro). I have also included two screenshots of the configuration section.
I have also removed some extra blanks spaces to make the code more compact but anymore and I think it starts to become unreadable.
Comment #3
darol100 CreditAttribution: darol100 as a volunteer and commentedIn the past I was looking for this integration. I personally, love TinyPNG. There is a place holder that you should consider asking the developer if I can give you the name of this project - https://www.drupal.org/project/tinypng.
I believe this is a Duplication of a module - ImageAPI Optimize (or Image Optimize) have a patch to integrate their module with TinyPNG services. Duplication is not a blocker; however, the Drupal community holds a strong "collaboration rather than competition" ethos, which values joining forces on improving one awesome project rather than building several sub-standard ones that overwhelm end users with choices.
Here are few minor warning from coder:
No complains from Pareview.sh - http://pareview.sh/pareview/httpgitdrupalorgsandboxchenderson2457559git
I do not see any blockers; however, consider to integrate this module with the ImageAPI Optimize (or Image Optimize) instead of creating your own project.
Comment #4
chenderson CreditAttribution: chenderson commentedComment #5
chenderson CreditAttribution: chenderson commentedThank for the feedback darol100, it is appreciated and I will look at those issues shortly.
I agree that ImageAPI Optimize is already in existence and there is room to integrate. However I did encounter issues with ImageAPI Optimize that I felt warranted something different. Also I want specifically to allow the user to compress there existing images on the server which ImageAPI Optimize does not offer.
I defiantly agree that there is room to merge once I complete the list of wants for this module.
Comment #6
darol100 CreditAttribution: darol100 as a volunteer and commented@chenderson,
Sounds great, if you wish to promote your own project due the differences between your project and the ImageAPI Optimize, try to talk to the developer that took the tinypng name to see if would give you that URL.
Comment #7
chenderson CreditAttribution: chenderson commentedComment #8
chenderson CreditAttribution: chenderson commented@darol100,
I made the changes you mentioned in #3. I could not see the minors issues you picked up using Coder. When I type in terminal the code below it shows no suggestions.
phpcs --standard=Drupal --extensions=php,module,inc,install,test,profile,theme tinypngjpg/
Does Coder do a better job at finding out minors or am I missing something from the command? I went through the steps outlined in the guide at https://www.drupal.org/node/1419988 and I can pick up errors just not the few you found. Is it a case of me not using the correct standards rules?
Any advice is appreciated.
Comment #9
chenderson CreditAttribution: chenderson commentedComment #10
darol100 CreditAttribution: darol100 as a volunteer and commented@chenderson,
I usually use Coder module alone without Sniffer because it show different warnings and errors from Coder Sniffer. In addition, Coder Sniffer is integrate with Pareview.sh so there is need for me to used it locally. If you want to get those warning, you would have to install the coder module, then find your module in the modules page (admin/modules) and click Code Review. From there you would have to click on SELECTION FORM and select the check box "minor (most)". This would make your review very picky and it would show you those warning.
Comment #11
chenderson CreditAttribution: chenderson commentedAdding three more reviews
Comment #12
chenderson CreditAttribution: chenderson commentedComment #13
chenderson CreditAttribution: chenderson commentedComment #14
darol100 CreditAttribution: darol100 as a volunteer and commented@chenderson,
Apparently, there is another project trying integrate Drupal with TinyPng #2471060: [D7] TinyPNG On Upload, which is also been under-review.
Comment #15
chenderson CreditAttribution: chenderson commented@darol100,
Yes the other module does seems to be doing the same tasks.
I have put a lot of time into other reviews here and I am reluctant to abandoned the review process. However I am equally willing not to promote this project to a full project. It would be good if a administrators could advise on the way forward here.
Comment #16
mpdonadioNext up on my review queue.
Comment #17
mpdonadioAutomated Review
Review of the 7.x-1.x branch (commit a5a9241):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Manual Review
(*) There is a security problem with this module. As part of project review mentoring, I am assigning this to @darol100 to find it.
Why cURL and not drupal_http_request()?
All of your variable_get() should have a default value.
Why the exif_imagetype() and not use the MIME type that is in the $file object? Comment needed.
tinypngjpg_compress_for_batch(), don't concatenate with t(). Use placeholders.
tinypngjpg_bulk_import_form() has untranslated strings. Use t() w/ placeholders.
tinypngjpg_bulk_import_form_submit(), you don't need the leading slash in the drupal_goto().
In general single quoted strings are preferred over double-quoted ones.
tinypngjpg_start_batch_process(). Avoid using header() and die() directly. See http://drupal.stackexchange.com/questions/91011/can-a-batch-process-be-s...
tinypngjpg_process_finished(), the check_plain is superflous here. There is no user input.
In the .module file you shouldn't have any logic at the top level. You need to move these includes somewhere else.
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
The security problem is the blocker. Otherwise, I didn't see anything.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #18
mpdonadioComment #19
mpdonadioOK, no response about the security problem.
In tinypngjpg_admin_settings(), line 15, the variable_get() is used directly in #markup without sanitization. This is user input and considered unsafe. Use t() w/ a placeholder. See https://www.drupal.org/node/28984
Comment #20
chenderson CreditAttribution: chenderson commentedThanks for the review mpdonadio.
I have went through the issues you have highlighted.
Remove the .gitignore from the repo. This like this should go in your global ignore.
Done.
Why cURL and not drupal_http_request()?
Main reason was there was already a snippet available for the cURL from tinypng.com. I have changed it over to drupal_http_request() now.
All of your variable_get() should have a default value.
Done.
Why the exif_imagetype() and not use the MIME type that is in the $file object? Comment needed.
I think my original concern was dealing with jpg, jpeg and what they would return, I thought they would return different mime type of image/jpeg and image/jpg and that lead me in the wrong direction. I changed the check to $file->filemime == 'image/jpeg' || $file->filemime == 'image/png'.
tinypngjpg_compress_for_batch(), don't concatenate with t(). Use placeholders.
Done.
tinypngjpg_bulk_import_form() has untranslated strings. Use t() w/ placeholders.
Done.
tinypngjpg_bulk_import_form_submit(), you don't need the leading slash in the drupal_goto().
Done.
In general single quoted strings are preferred over double-quoted ones.
Changed to single quotes.
tinypngjpg_start_batch_process(). Avoid using header() and die() directly.
Removed header() and die() to use $context['finished'] = 1
tinypngjpg_process_finished(), the check_plain is superflous here. There is no user input.
Removed the check_plain.
In the .module file you shouldn't have any logic at the top level. You need to move these includes somewhere else.
Sorry I am not sure what you are suggesting here.
In tinypngjpg_admin_settings(), line 15, the variable_get() is used directly in #markup without sanitization. This is user input and considered unsafe. Use t() w/ a placeholder. See https://www.drupal.org/node/28984
I have made the change but I would just like to follow up for better clarification on my part.
I understand not sanitising user code is unsafe however this variable is set by the function tinypngjpg_update_tinypng_allowance_info() and is uses the response for the tinypng.com api.
Are you suggesting that I should always consider third party responses unsafe and on the same level as a user? Or is it about future maintenance and a potential for the variable to change use and be exposed to a user?
Comment #21
chenderson CreditAttribution: chenderson commentedComment #22
mpdonadioSorry for the delay. The review admins have a big queue to go through, and we do it by age. I will check the security fix tonight (which was the only blocker).
And to answer your question, third-party content is considered unsafe. In general, we require sanitization here.
Comment #23
mpdonadioI read `git diff a5a9241`, and my security issue was addressed via proper use of t() w/ an @arg placeholder. Nothing else jumped out at me. Setting RTBC and assigning to @er.pushpinderrana, if he has time.
Comment #24
er.pushpinderrana CreditAttribution: er.pushpinderrana as a volunteer and at Publicis Sapient for Publicis Sapient commentedAutomated Review
Best practice issues identified by pareview.sh / drupalcs / coder. None
Review of the 7.x-1.x branch (commit 1884ed5):
This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.
Manual Review
(*) tinypngjpg_bulk_import_form(): doc block is wrong, this is not a hook. See https://www.drupal.org/coding-standards/docs#forms. Same applies for tinypngjpg_bulk_import_form_submit(), tinypngjpg_compress_form_submit() and tinypngjpg_batch(). Need a proper doc block with @param and @return, check for other functions too.
(+) tinypngjpg_batch(): BatchAPI code looks wired to me. That's not the right way to do this at all. Use the batch sandbox to store details from one batch iteration to the next, it's what it's there to do.
You should only add the operation once, and let the operation iterate over a set number of results, using the sandbox to mark how far it got each time. If you go with sandbox then there is no need to use
$_SESSION
to hold batch results.tinypngjpg_bulk_import_form_submit(): IMO do NOT use drupal_goto() in form submit handlers, $form_state['redirect'] is the correct way.
tinypngjpg_extract_error_message(): Instead of using json_decode(), should use drupal_json_decode().
tinypngjpg_save_error(): Instead of using time(), should use REQUEST_TIME.
(*) tinypngjpg_compress():
drupal_set_message(check_plain('Compression failed: ' . $error['Error'] . ', ' . $error['Message']), 'error');
The check_plain does not suit for static text. Use t() with "@" or "%" instead, see https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/t/7tinypngjpg_init(): hook_init() is run on every single page request and even on drush invocations. Could you add a comment here why you can't use hook_page_build() or others?
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
Comment #25
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.