[D7] Webform Purge

We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)

Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).

I'm a robot and this is an automated message from Project Applications Scraper.

Hi bfry,

I have installed this module and have done some manual code review and found some code which need to be fix.

• Variable "webform_purge_run" is set in .install file which no where used.
• In module file, there is some html code written for table display, kindly use Theme function or create template file.

Other code looks good.

Thanks
Sourdrup

@sourdrup: those are good tips but surely not application blockers. Anything else that you found or should this be RTBC instead?

Automated Review

No issues found. https://pareview.sh/node/485

Manual Review

Individual user account

Yes: Follows the guidelines for individual user accounts.

No duplication

Yes: Does not cause module duplication and/or fragmentation.

Master Branch

Yes: Follows the guidelines for master branch.

Licensing

Yes: Follows the licensing requirements.

3rd party assets/code

Yes: Follows the guidelines for 3rd party assets/code.

README.txt/README.md

Yes: Follows the guidelines for in-project documentation and/or the README Template.

Code long/complex enough for review

Yes: Follows the guidelines for project length and complexity.

Secure code

No: See the first 2 issues below.

Coding style & Drupal API usage

[List of identified issues:

1. (*) On the settings page, the use of db_query() to retrieve nodes may allow the user to view information about webform nodes that they do have permission to access. db_select() should be used to retrieve webform nodes, with ->addTag('node_access') added so that node access modules can modify the query.
2. (*) The settings page may also allow the user to view information about webform submissions that they do have permission to access - the number of submissions and oldest submission. The relevant webform permission "access all webform results" should be checked before querying the database for submissions.
3. (+) Consider providing the contents of the README file in your hook_help()implementation, instead of the short description that is currently there.
4. The title of the Admin configuration group in hook_menu() should use appropriate capitalization.
5. The form callback webform_purge_admin_settings_form() is commented as "Implements hook_admin_settings_form()", but there is no such hook. It is a form callback for the admin page.
6. CSS should be added to the settings form using #attached.
7. It is not necessary to include the module name in hook implementation comments.

The starred items (*) are fairly big issues and warrant going back to Needs Work. Items marked with a plus sign (+) are important and should be addressed before a stable project release. The rest of the comments in the code walkthrough are recommendations.

If added, please don't remove the security tag, we keep that for statistics and to show examples of security problems.

This review uses the Project Application Review Template.

If the intent is that the "administer webform purges" permission should override the webform node and submission access permissions, then this should be flagged as a trusted admin permission via the "restrict access" key in hook_permission(). That would fix the security concerns.

I downloaded this and tested it out, and it appears to work as intended. I would say this is at a release candidate state and should be ready to go.

Module looks good and working fine.
Please use curly brackets for table name in sql queries, because code will break if site is installed with table_prefix :

$query = db_query('SELECT nid FROM webform_submissions WHERE webform_submissions.nid = :nid', array(':nid' => $webform->nid));

$query = db_query('SELECT MIN(webform_submissions.submitted) as oldest_date FROM webform_submissions WHERE webform_submissions.nid = :nid', array(':nid' => $webform->nid));

$query = db_query("SELECT `timestamp` FROM watchdog WHERE `type` = 'cron' ORDER BY `timestamp` DESC LIMIT 1");

Looks great! Thanks for your contribution!

Thanks for your contribution, Bernie Fry!

I updated your account so you can opt into security advisory coverage now.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Assigning Credit.