Project Page

https://www.drupal.org/sandbox/pcai/2560563

Repo

git clone --branch 7.x-1.x http://git.drupal.org/sandbox/pcai/2560563.git privy

Summary

This module installs the Privy (http://privy.com) website widget code on any Drupal website. Privy is an email list growth and marketing platform for businesses that allows them to:

  • Collect more email addresses
  • Automatically sync with email marketing services
  • Track which online channels deliver the most revenue
  • Manage promotions easily
  • Limit promotions to first time customers only

Similar modules

https://www.drupal.org/project/bounce_convert - Privy also supports exit intent campaigns, but includes email marketing sync, multi-step conversion tracking (signups as well as offer redemptions), custom form inputs, and advanced segmentation and insights.

Comments

pcai created an issue. See original summary.

PA robot’s picture

PA robot CreditAttribution: PA robot commented

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Pravin Ajaaz’s picture

Pravin Ajaaz CreditAttribution: Pravin Ajaaz as a volunteer and at Ameex-Drupal Geeks commented
Status: Needs review » Needs work
Issue tags: +PAreview: security

Hi pcai,

I had a quick look at your module and I could find a security issue in the menu callback (pviy_menu function).

You have given 'access callback' => TRUE,, so even a anonymous user can access this page and that shouldn't happen

Create your own permission or use an existing permission for it. Read through this (https://www.drupal.org/node/109157) for more about access control.

Please don't remove the security tag, we just use it for learning purpose.

pcai’s picture

pcai CreditAttribution: pcai commented
Status: Needs work » Needs review

Thank you for reporting this. I reviewed the documentation and made a change to address this. I was also able to test that anonymous users can no longer change the configuration.

gaja_daran’s picture

gaja_daran CreditAttribution: gaja_daran commented
Status: Needs review » Needs work

Hi Pcai,

system_settings_form has a auto validate for required => true.
If you do any custom validate it to be fine. Else, don't want to call hook_admin_settings_form_validate

Kindly remove the following code from privy.admin.inc

/**
 * Implements _form_validate().
 */
function privy_admin_settings_form_validate($form, &$form_state) {
}
klausi’s picture

klausi
he/him||they/them
Primary language German
Location 🇦🇹 Vienna
CreditAttribution: klausi commented
Status: Needs work » Needs review

@gaja_daran: that sounds like a good improvement, but on its own it is not an application blocker. Anything else that you found or should this be RTBC instead?

gaja_daran’s picture

gaja_daran CreditAttribution: gaja_daran commented

HI klausi,

There is no major blocker in this module.

Manual review commands:

1. If I didn't configure the Privy Account Identifier in admin configuration page, then also hook_page_alter calling a privy JS, and the inline JS (http://widget.privy.com/assets/widget.js) gets appended on the page. It should be validated.

2. There is no help file (hook_help). It is not mandatory.

3. Variable 'privy_identifier' not removed from the site when the module has un-install.

pcai’s picture

pcai CreditAttribution: pcai commented

Hi, thank you for the feedback; we'll definitely take that into consideration for the next release. Are there any application blockers preventing this from being approved?

amiller90’s picture

amiller90 CreditAttribution: amiller90 commented
Status: Needs review » Reviewed & tested by the community

Basic application checks:

  1. Project page/repository: Pass
  2. No duplication: Pass

Basic repository checks: Pass

Security: Pass

License: Pass

Documentation: Looks good Pass

Code style: No major issues, Pass

API: Pass

jimmyko’s picture

jimmyko CreditAttribution: jimmyko as a volunteer commented

I can't see the point to keep empty privy_admin_settings_form_validate() in code.

DamienMcKenna’s picture

DamienMcKenna
Location NH, USA
CreditAttribution: DamienMcKenna at Mediacurrent commented
Status: Reviewed & tested by the community » Fixed

Thanks for your contribution, Peter!

I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.

Here are some recommended readings to help with excellent maintainership:

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.