[D7] Intellectmoney gateway for Ubercart

Git clone command for the sandbox is missing in the issue summary, please add it.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

There are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpgitdrupalorgsandboxmaxcpr2694905git

I'm a robot and this is an automated message from Project Applications Scraper.

According to https://www.drupal.org/node/539608#application-priorities, this issue should now be "Critical" because it has been waiting review for more than 4 weeks.

Automated Review

Best practice issues identified by pareview.sh.

http://pareview.sh/pareview/httpsgitdrupalorgsandboxmaxcpr2694905git

• README.txt or README.md missing (it's named readme.txt instead).
• uc_payment_method_uc_detovik_im() is not prefixed with the module name.
• No automated tests found.

Note that perfect adherence to Drupal Coding Standard is NOT a reason to block an application, except for total disregard of them. However, modules should follow them as closely as possible.

Manual Review

Individual user account

[Yes: Follows] the guidelines for individual user accounts.

No duplication

[Yes: Does not cause] module duplication and/or fragmentation.

Master Branch

[Yes: Follow] the guidelines for master branch.

Licensing

[Yes: Follows] the licensing requirements.

3rd party assets/code

[Yes: Follows] the guidelines for 3rd party assets/code.

README.txt/README.md

[Yes: Follows / No: Does not follow] the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

[Yes: Follows / No: Does not follow] the guidelines for project length and complexity.

Secure code

[Yes: Meets the security requirements. / No: List of security issues identified.]

Coding style & Drupal API usage

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

Module name

• * It looks like detovik in the module name uc_detovik_im is the name of a client or the organization that sponsored its development. I don't think it's appropriate for a community module to have that name in the module name. It was confusing to me and may be so to others.

uc_detovik_im.install

    function uc_detovik_im_uninstall() {
      // Delete variables.
      drupal_uninstall_schema('uc_yd');
      menu_rebuild();
    

• I don't understand the call to drupal_uninstall_schema here - it would remove the tables defined by a module called 'uc_yd'. If your intent is to remove the table created by this module, that happens automatically anyway.
• menu_rebuild() is called by update.php and install.php already so I don't think you want it in your hook.

* Rendering a form inside of another form. See Can you nest HTML forms?

    /**
     * Implements hook_form_alter() for uc_cart_checkout_review_form().
     */
    function uc_detovik_im_form_alter(&$form, &$form_state, $form_id) {
      if ($form_id == 'uc_cart_checkout_review_form' && ($order_id = intval($_SESSION['cart_order'])) > 0) {
        $order = uc_order_load($order_id);
        if ($order->payment_method == 'detovik_im') {
          unset($form['actions']['submit']);
          $form['#prefix'] = '<table><tr><td>';
          $g_form = drupal_get_form('uc_detovik_im_submit_form', $order);
          $form['#suffix'] = '</td><td>' . drupal_render($g_form) . '</td></tr></table>';
        }
      }
    }
    

• You might want to alter the existing form rather than rendering a new one inside.
• I don't understand wrapping the whole form in a table with a single cell - if it's necessary, could you explain why?

$order parameter for uc_detovik_im_submit() is unused.

    /**
     * Payment request.
     */
    function uc_detovik_im_submit_form($form, &$form_state, $order) {
      $order = uc_order_load($_SESSION['cart_order']);
    

• In uc_detovik_form_alter(), $order is already passed to uc_detovik_im_submit_form() so loading it again shouldn't be necessary.

uc_detovik_im_done_payment()

• Hard-coded server IP addresses.
  

      function uc_detovik_im_done_payment() {
        if (variable_get('uc_detovik_im_ip', '') == 'on') {
          // List of allowed IP.
          $allowed_ip = array(
            '89.111.188.128',
            '46.38.182.208',
            '46.38.182.209',
            '46.38.182.210',
          );
      

  Is it necessary to hard-code the IP addresses? If so, could they be constants so they're move visible at the top of the file instead of in this function? Is it possible to use domain names instead?

• There is a call to exit() later in uc_detovik_im_done_payment(). Drupal provides drupal_exit() which allows implementations of hook_exit() to be called.
• The switch statement in this function has numeric cases. Could these be turned into constants to make them more readable? Eg, UC_DETOVIK_IM_WAITING_PAYMENT or UC_DETOVIK_IM_PAYMENT_RECEIVED?

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.