The module integrates the about.me profile with Drupal and display the profile
information in a block which can be placed anywhere in the site.
Go to admin/config/services/aboutme and fill out the configuration form for the
block. Here you need to enter your about.me username, photo settings and other
settings which you want to pull from your about.me profile.
Currently only the basic informations are being fetched.
Once the configurations are saved a block will be created which can be placed
in any region or can be used in panels.
Sandbox URL https://www.drupal.org/sandbox/malabya/2485723
Git Instructions
git clone --branch 7.x-1.x http://git.drupal.org/sandbox/malabya/2485723.git aboutme
Comments
Comment #2
PA robot CreditAttribution: PA robot commentedFixed the git clone URL in the issue summary for non-maintainer users.
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedManual Review
Comment #4
Chandan Chaudhary CreditAttribution: Chandan Chaudhary commentedNicely coded module :)
1. @ line #202
return $block_data;
should be inside the if condition, because it dose not make much sense there.
2. Should have the provision to change the ABOUTME_CLIENT_ID
Comment #5
imalabyaHi chandan, Thanks for the review. I have updated the module with the changes that you pointed out. Please review.
Comment #6
sysosmaster CreditAttribution: sysosmaster at 040lab commentedModule does what it advertises, unfortunetly I identified a security issue otherways I would have passed this.
Manual Review
The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.
If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.
This review uses the Project Application Review Template.
Comment #7
imalabyaHi sysosmaster,
For the security concern you mentioned, the data that is being put in the block array are all variables coming form the API. Now according to Drupal coding standards it is not suggested to pass variables through t() function.
Have updated the code replacing json_decode with drupal_json_decode.
Thanks
Comment #8
sysosmaster CreditAttribution: sysosmaster at 040lab commented@malavya I believe you are confusing a Drupal variable (from the variables array) with external input. Coding standards indeed dictate that you do not mess with a Drupal variable and that we store input as given to us that we validated.
What you are doing is trusting the external service (with there API) to always have correct values. a service which may or may not be running on php and may or may not have the same security measures in place as Drupal does.
Since you are using an external provider you should consider all values passed on by them the same as if they were user input, and we never blindly put user input back in the page (we validate it and possibly impose a formatter on it to limit treats)
To have a similar protection in place without implimenting a full formatter implementation, you can use the t() functino to atleast have sane output.
Comment #9
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #10
imalabyaComment #11
shkiper CreditAttribution: shkiper as a volunteer commentedManual Review
Could you please consider possibility of using hook_block_configure function instead of custom menu item for about.me settings?
Comment #12
imalabyaHave added the sanitation for data coming from about.me.
I am not sure why should I use
hook_block_configure
over an administration form for the building the block content.Comment #13
NitinSP CreditAttribution: NitinSP at Clarion Technologies commentedHi jdrichmond
Manual Review:
I reviewed your module, following thing have need to fixed.
1. If I have enter integer value for Your about.me User Name and submit the form it will accept this value, so please ad validation for Your about.me User Name.
2. Please include hook_help.
3. In hook_menu, missing the t() in description text
4. have you also read the comments on Proper way to bulk-delete variables on module uninstall? You should not delete variables directly from db.
Please reffer following code
Comment #14
NitinSP CreditAttribution: NitinSP at Clarion Technologies commentedComment #15
imalabyaHi Nitin,
Thanks for the review. Have added the hook_help for the module.
Regarding other points:
About.me allows user to have integers as username. check this profile https://about.me/09000910192091
As per Drupal coding standards we should not use t() in
hook_menu()
If you refer the code in the module even I am using
variable_del()
function to delete the variables on module uninstall. If you are talking about the manual deletion of the variables, I guess it's OK since the variables are fixed and number is less than 10.Thanks
Comment #16
heykarthikwithuLooks fine,
Let's wait for a git admin to look in this.
Comment #17
mlncn CreditAttribution: mlncn at Agaric commented@NitinSP, apologies if you've already taken this to heart, but in the order i've gone through the issues you've been corrected about recommending t() in hook_menu and asking for the unnecessarily complex way of deleting variables on uninstall more than once, so please, stop making those recommendations ;-)
Comment #18
mlncn CreditAttribution: mlncn at Agaric commentedThanks for your contribution! Congratulations, you are now a vetted Git user. You can promote this to a full project.
When you create new projects (typically as a sandbox to start) you can then promote them to a full project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Comment #19
imalabyaThanks a lot mlncn. I had a great learning through your review.