[D7] Webform Dragndrop

Hi aaron.ferris,
Can you add some css for padding in the file input so that when user click in the dragndrop box then a file selection dialog will be appear. Right now file selection will be appear only when user click on top left area of drag n drop box.

Hi aaron.ferris,

Automated Review

Please check the errors in automatic reviews
http://pareview.sh/pareview/httpsgitdrupalorgsandboxaaronferris2765191git

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not Causes module duplication and/or fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements.

3rd party assets/code

Yes: Follows the guidelines for 3rd party assets/code.

README.txt/README.md

No: Does not follows the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

Yes: Meets the security requirements.

Coding style & Drupal API usage

[List of identified issues in no particular order. Use (*) and (+) to indicate an issue importance. Replace the text below by the issues themselves:

1. (*) Nothing.
2. (+) 1. There are lots of coding standard issues which are mentioned in automatic review.
   2. It would be good, if you implement hook_help & hook_permission in your module.
3. Just a recommendation - Nothing.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

This module works for me & there are no more application blockers left. so i am moving this module to RTBC.

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

https://www.drupal.org/project/dragndrop_upload is looking for a new Maintainer:

Maintenance status: Seeking new maintainer

It would be better to merge your code with that module, instead of creating a new module.

Hi Aaron,

thanks for this module. It works fine on my local site over HTTP, but when I use it on site external over HTTPS, nothing happens.

Do you have any idea what could be a reason?

Best Regards,
Scardinius

We don't close as duplicate an application just because there is a project that is very similar. Duplication is not an application stopper, except in the case the code has been copied from an existing project.

Since it doesn't seem this is the case, I am reopening this application.

I didn't find any security issue in the code.

Hi @aaron.ferris,

1. There is a security issue in the module. I was able to inject javascript code through the field from module's admin configuration. See attached screenshot. I got a nasty javascript popup with "hello" message on visiting a webform page. (Security Issue)
2. There was no link on /admin/config page, to go to module's configuration page.

If webform_dragndrop_upload_text isn't supposed to use any HTML markup, check_plain() should be used. Differently, if the value of that persistent variable is allowed to contain HTML markup, webform_dragndrop_settings() should give a description that is different from The text displayed within the drag and drop element.

If there aren't any other important issues with the code, I will take the final step in 4 hour (less or more).

Thank you for your contribution!

I am going to update your account so you can opt into security advisory coverage now.
These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.