[D7] Simple braintree payment gateway

Please set default branch
Git errors:
Git default branch is not set, see the documentation on setting a default branch.

Hi Rishabh

There are few points which needs to be updated.

1. f_name description needs to be changed.
2. f_name and l_name must be changed to first_name and last_name. Use proper column names.
3. Hook_help is missing.
4. Use proper field names in the simple_braintree_gateway_boooking_form form.

Thanks

Hi Rishabh

The link provided in the description is not found "404 page not found" is seen on the URL: https://www.braintreepayments.com/assets/client_libraries/php/braintree-...

Please update the Readme file and the description so as to get the braintree zip file. And also add steps to installation.

I guess u_email on line no 82 of .admin.inc must be changed to email as the table dont have u_email field anymore.

Thanks

Done manual review its a nice module. Looks like RTBC +1.

Thanks
Shipra

Hi Rishabh

Manual review is done, Looks nice.

RTBC +1.

Thanks

Hi Rishabh,

function simple_braintree_gateway_payment_session_load($order_id) {
  return isset($_SESSION['order_id']) ? $_SESSION['order_id'] : NULL;
}

$order_id is not used. Why did you pass this variable.

Done manual review. Looks like RTBC +1

Done manual review. Looks like RTBC +1.

Hi rishabh318,

I did a manual review and please see my comments below.

1. Missing access callback/access arguments for MENU_CALLBACK items. Please make sure user has access to the required urls.
2. access callback looks like user permission. Pass 'access arguments' instead of 'access callback' in simple_braintree_gateway_menu(). URL is not accessible getting Access Denied.
   

   $items['order/checkout/%'] = array(
       'page callback' => 'drupal_get_form',
       'page arguments' => array('simple_braintree_gateway_boooking_form', 2),
       'access callback' => array('access content'),
       'type' => MENU_CALLBACK,
     );

3. Use drupal library api to load external libraries.
   Found

   $simple_braintree_gateway_lib_path = function_exists('libraries_get_path') ? libraries_get_path('braintree-php-3.2.0') : 'sites/all/libraries/braintree-php-3.2.0';
     $simple_braintree_gateway_platform = $simple_braintree_gateway_lib_path . '/lib/Braintree.php';
     @include $simple_braintree_gateway_platform;

   in simple_braintree_gateway.module.

4. Can use drupal_get_query_parameters() instead of $_SERVER['QUERY_STRING'] in simple_braintree_gateway.module line no 114.
5. Module only works with a particular library version? Found below in simple_braintree_gateway.install file.
   

   if (isset($libraries['braintree-php-3.2.0'])) {
         $requirements['braintree']['value'] = $t('Installed');
         $requirements['braintree']['severity'] = REQUIREMENT_OK;
       }

6. While installing getting error
   

   Fatal error: Call to undefined function hashtags_add_filter().

   Add Hashtags module dependency in module info file.

7. Setup config link properly in configuration page. Use system_admin_menu_block_page page callback instead of MENU_LOCAL_ACTION to add link in config page. Refer code in https://www.drupal.org/node/2390747
   Found

   $items['admin/config/braintree_payment_config'] = array(
       'title' => 'Braintree Configuration',
       'description' => 'Allows admins to Manage Featured products',
       'page callback' => 'drupal_get_form',
       'page arguments' => array('simple_braintree_gateway_payment_config_form'),
       'access arguments' => array('administer braintree payment api'),
       'type' => MENU_LOCAL_ACTION,
       'file' => 'simple_braintree_gateway.admin.inc',
     );

Thanks,
ARUN AK

Multiple Applications

It appears that there have been multiple project applications opened under your username:

Project 1: https://www.drupal.org/node/2724479

Project 2: https://www.drupal.org/node/2783047

As successful completion of the project application process results in the applicant being granted the 'Create Full Projects' permission, there is no need to take multiple applications through the process. Once the first application has been successfully approved, then the applicant can promote other projects without review. Because of this, posting multiple applications is not necessary, and results in additional workload for reviewers ... which in turn results in longer wait times for everyone in the queue. With this in mind, your secondary applications have been marked as 'closed(duplicate)', with only one application left open (chosen at random).

If you prefer that we proceed through this review process with a different application than the one which was left open, then feel free to close the 'open' application as a duplicate, and re-open one of the project applications which had been closed.

I'm a robot and this is an automated message from Project Applications Scraper.

Removing security tag, it looks the open page callbacks are required for the module to work?
@ARUN AK: can you check again and describe any vulnerability you see and how you can exploit it?

Looks like RTBC +1

Git default branch is not set, see the documentation on setting a default branch.

The project page is completely empty: http://git.drupal.org/sandbox/rishabh318/2560947.git . Can you add a description and what is different to existing modules before we start reviewing here? See also https://www.drupal.org/node/997024

manual review:

1. simple_braintree_gateway_theme(): doc block is wrong, there is no @implement annotation. See https://www.drupal.org/docs/develop/coding-standards/api-documentation-a...
2. simple_braintree_gateway_credit_card_form_submit(): you are writing credit card information to $_SESSION, which means it is stored in the database in the session table. That is strictly forbidden by security standards, credit card information must never end up in the database and must only be submitted to your payment provider. Please check how https://www.drupal.org/project/commerce_braintree handles that workflow without credit card information in $_SESSION. This is currently a security blocker. And please don't remove the security tag, we keep that for statistics and to show examples of security problems.

Removing review bonus tag, you can add it again if you have done another 3 reviews of other projects.

I found another security issue, while looking for @klausis [security quiz](https://twitter.com/_klausi_/status/797383620746997760):
In the file [simple_braintree_gateway.pages.inc line 40](http://cgit.drupalcode.org/sandbox-rishabh318-2560947/tree/simple_braint...), you are passing the queries result directly to your template. This is not a security issue out of the box, but I would suggest to change it, so you can reuse the template more easily.
The problem is that in your template, you then output the query result unchecked. You should use check_plain() here, to prevent an [XSS issue](https://docs.acquia.com/articles/introduction-cross-site-scripting-xss-a...).

Closing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).

I'm a robot and this is an automated message from Project Applications Scraper.