Project Page
https://www.drupal.org/sandbox/pcai/2560563
Repo
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/pcai/2560563.git privy
Summary
This module installs the Privy (http://privy.com) website widget code on any Drupal website. Privy is an email list growth and marketing platform for businesses that allows them to:
- Collect more email addresses
- Automatically sync with email marketing services
- Track which online channels deliver the most revenue
- Manage promotions easily
- Limit promotions to first time customers only
Similar modules
https://www.drupal.org/project/bounce_convert - Privy also supports exit intent campaigns, but includes email marketing sync, multi-step conversion tracking (signups as well as offer redemptions), custom form inputs, and advanced segmentation and insights.
Comments
Comment #2
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
Pravin Ajaaz CreditAttribution: Pravin Ajaaz as a volunteer and at Ameex-Drupal Geeks commentedHi pcai,
I had a quick look at your module and I could find a security issue in the menu callback (pviy_menu function).
You have given
'access callback' => TRUE,
, so even a anonymous user can access this page and that shouldn't happenCreate your own permission or use an existing permission for it. Read through this (https://www.drupal.org/node/109157) for more about access control.
Please don't remove the security tag, we just use it for learning purpose.
Comment #4
pcai CreditAttribution: pcai commentedThank you for reporting this. I reviewed the documentation and made a change to address this. I was also able to test that anonymous users can no longer change the configuration.
Comment #5
gaja_daran CreditAttribution: gaja_daran commentedHi Pcai,
system_settings_form has a auto validate for required => true.
If you do any custom validate it to be fine. Else, don't want to call hook_admin_settings_form_validate
Kindly remove the following code from privy.admin.inc
Comment #6
klausi@gaja_daran: that sounds like a good improvement, but on its own it is not an application blocker. Anything else that you found or should this be RTBC instead?
Comment #7
gaja_daran CreditAttribution: gaja_daran commentedHI klausi,
There is no major blocker in this module.
Manual review commands:
1. If I didn't configure the Privy Account Identifier in admin configuration page, then also hook_page_alter calling a privy JS, and the inline JS (http://widget.privy.com/assets/widget.js) gets appended on the page. It should be validated.
2. There is no help file (hook_help). It is not mandatory.
3. Variable 'privy_identifier' not removed from the site when the module has un-install.
Comment #8
pcai CreditAttribution: pcai commentedHi, thank you for the feedback; we'll definitely take that into consideration for the next release. Are there any application blockers preventing this from being approved?
Comment #9
amiller90 CreditAttribution: amiller90 commentedBasic application checks:
Basic repository checks: Pass
Security: Pass
License: Pass
Documentation: Looks good Pass
Code style: No major issues, Pass
API: Pass
Comment #10
jimmyko CreditAttribution: jimmyko as a volunteer commentedI can't see the point to keep empty privy_admin_settings_form_validate() in code.
Comment #11
DamienMcKennaThanks for your contribution, Peter!
I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.