[ D7] Node Type count

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxdevarajjohnson2535180git

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hi Devaraj johnson,
This module is working perfectly. Good job. :)

Thanks,
Vimala

Hi Devaraj johnson,

I have reviewed your project, below are my findings:

In info file(Line no 5)
configure = admin/admin/reports/node-type-count
You have mentioned a configuration path but there is no items in hook menu for it.
In module file(Line no 36, 41, 47)
'access callback' => TRUE,
You have specified access callback to TRUE, which I feel is a security concern.

Hence, I am updating the status to 'Needs Work'.

Also note that, once you have completed 3 manual reviews of separate project applications then add the 'PAReview: review bonus' tag. For more on review Bonus Refer: https://www.drupal.org/node/1975228

Regards,
Neeraj Singh

Hi, the module works fine, one issue i found:
1) It is recommended to always implement hook_install(). Here you can find an example.

Hi Devaraj,

This module is working fine.

Reviewed by Coder module.

File name: node_type_count.install

Error:
Line 13: Potential problem: drupal_set_message() only accepts filtered text, be sure all !placeholders for $variables in t() are fully sanitized using check_plain(), filter_xss() or similar. (Drupal Docs) [security_3]
drupal_set_message($t("Node Type Count Module settings are available under !link", array('!link' => l($t('Reports > Node Type Count'), 'admin/reports/node-type-count'))));

Solution: Find the attached patch.

Hello Devaraj johnson,
This module is working perfectly in Drupal 7.38 . Good job.

Found small syntax issue in .install file

node_type_count.install

Line 13: Potential problem: drupal_set_message() only accepts filtered text, be sure all !placeholders for $variables in t() are fully sanitized using check_plain(), filter_xss() or similar. (Drupal Docs) [security_3]
drupal_set_message($t("Node Type Count Module settings are available under !link", array('!link' => l($t('Reports > Node Type Count'), 'admin/reports/node-type-count'))));

and change it as

drupal_set_message(check_plain($t("Node Type Count Module settings are available under !link", array('!link' => l($t('Reports > Node Type Count'), 'admin/reports/node-type-count')))));

So changing status to Needs Work.

@ajaykumarreddy1392: that is a false positive from the old coder review module. Since there is no user provided text involved you should NOT run check_plain() here. Make sure to read https://www.drupal.org/node/28984 again and don't blindly fix issues reported by the old coder review, since it has known false positives.

Hi Devaraj johnson,

I have reviewed your project.
This module is working perfectly.
Pareview / Coder review: OK

But below are my findings:

• Please add PHP version into your .info file.
• Please see what's what with the case letters on the help page :)

Thanks!

Devaraj,

I mean, it would be nice if you set words to one register ("published and Unpublished").
I think, it is not critical issue,but it would be better :)

I agree with the second point.

Thanks!

Manual Review:

In .install file:

• In the file comment block, it states "This Install file is for Node Type Count" better change it to something like "Install/Enable functions for Node type count".
• Also prefer using hook_enable instead of hook_install. Because hook_install is mostly used to set variables or update DB.
• And when I install the module, the link is just displayed as HTML anchor tag instead of link. So consider changing it to something like this:

  $config_link = url() . 'admin/reports/node-type-count';
  drupal_set_message($t("Node Type Count Module settings are available under <a href='@link'>Reports > Node Type</a>", array('@link' => $config_link)));

In .module file:

• In hook_help(), please make these small changes > "This Module is used to count the number of published and unpublished nodes in all content types and counts the number of users in Every User Role".
• Change the first line of hooks as just "Implements hook_help()" and "Implements hook_menu()", instead of "This hook Implements hook_menu() for Node Type Count module"

In .admin.inc file:

• Consider changing the Tables column names "Title" and "Type" into "Content type" and "Machine name".

These are just minor changes and I couldn't see any blockers here. So setting the status to RTBC, for the final review by a git admin.

I'll look at this tonight or tomorrow.

Automated Review

Review of the 7.x-1.x branch (commit 1beef7e):

• Coder Sniffer has found some issues with your code (please check the Drupal coding standards). See attachment.
• No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

FILE: /Users/matt/PAR/pareview_temp/node_type_count.install
---------------------------------------------------------------------------
FOUND 6 ERRORS AFFECTING 3 LINES
---------------------------------------------------------------------------
 12 | ERROR | [x] Spaces must be used to indent lines; tabs are not
    |       |     allowed
 12 | ERROR | [x] Line indented incorrectly; expected 2 spaces, found 1
 13 | ERROR | [x] Spaces must be used to indent lines; tabs are not
    |       |     allowed
 13 | ERROR | [x] Line indented incorrectly; expected 2 spaces, found 1
 14 | ERROR | [x] Spaces must be used to indent lines; tabs are not
    |       |     allowed
 14 | ERROR | [x] Line indented incorrectly; expected 2 spaces, found 3
---------------------------------------------------------------------------
PHPCBF CAN FIX THE 6 MARKED SNIFF VIOLATIONS AUTOMATICALLY
---------------------------------------------------------------------------


FILE: /Users/matt/PAR/pareview_temp/node_type_count.module
---------------------------------------------------------------------------
FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
---------------------------------------------------------------------------
 15 | WARNING | Hook implementations should not duplicate @param
    |         | documentation
 17 | WARNING | Hook implementations should not duplicate @param
    |         | documentation
---------------------------------------------------------------------------

Time: 212ms; Memory: 5.75Mb

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Maybe: Causes module duplication and/or fragmentation. Not sure if this can just be accomplished with Views. Not a blocker.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements.

3rd party assets/code

Yes: Follows the guidelines for 3rd party assets/code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

(*) theme_table() does not sanitize output. The content type name and user role name are both user input and need to be run through check_plain().
Test this by using.

  <script>alert('XSS');</script>
  

for each.

Coding style & Drupal API usage

Reviews 7.x-1.x branch. 8.x-1.x branch appears identical.

node_type_count_page_node() doesn't need to call theme. It can just build up and return a render array.

node_type_count_page_user() doesn't need to call theme. It can just build up and return a render array.

The row headers are untranslated. Run them through t().

node_type_count_published(), use NODE_PUBLISHED and NODE_NOT_PUBLISHED instead of the values.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

manual review:

1. project page: please add the differences to existing projects to the project page.
2. node_type_count_page_node(): this is vulnerable to XSS exploits. If I ahve a content type with the name <script>alert('XSS');</script> then I will get a nasty javascript popup. You need to sanitize user provided text before printing, make sure to read https://www.drupal.org/node/28984 again. Strictly speaking this is not a big security problem because it requires a trusted permission to create that content type, but this should be fixed anyway.

I meant that you add the difference to existing projects to the project page of the sandbox (your later full project page), not the issue summary here.

But otherwise looks RTBC to me now. Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

Assigning to mpdonadio as he might have time to take a final look at this.

Automated Review

Review of the 7.x-1.x branch (commit c73b11e):

• No automated test cases were found, did you consider writing Simpletests or PHPUnit tests? This is not a requirement but encouraged for professional software development.

This automated report was generated with PAReview.sh, your friendly project application review script. You can also use the online version to check your project. You have to get a review bonus to get a review from me.

Manual Review

My XSS concerns were addressed and explicitly tested. Read `git diff 1beef7e` and changes look good.

Don't see any blocking issues.

Thanks for your contribution, Devaraj johnson!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.