Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Issue tags:
Reporter:
Created:
13 Mar 2019 at 20:40 UTC
Updated:
4 Apr 2019 at 16:29 UTC
Jump to comment: Most recent
Comments
Comment #2
validoll commentedComment #3
avpadernoThank you for your contribution! Reviewers will soon check the code and report here what they found out.
Comment #4
klausiLooks good to me!
TokensStringFilter: do not use \Drupal in classes, use dependency injection instead. See https://www.drupal.org/docs/8/api/services-and-dependency-injection/serv...
I think we should do a full user promotion here since there is a test case and with that enough code to justify that.
Comment #5
validoll commented> TokensStringFilter: do not use \Drupal in classes
Oh... It looks like I missed this point. Thanks. Will be fixed in future release.
Comment #6
avpadernoComment #7
klausi@kiamlaluno: I removed the "PAReview: single application approval" intentionally because I think there is enough code to fully approve the user. Any objections?
Comment #8
avpadernoWell, yes... I see a file with just a line of code, one with two lines of code, and a file with 23 lines of code (of which 18 lines are for defining arrays). I didn't count the lines defining the namespaces, the
usestatements, or the opening/closing part of functions/methods/classes.The project doesn't contain enough code that I could say Yes, this user has a grasp of how to use Drupal APIs and write secure code. I am not saying the OP doesn't understand how to write Drupal code, but that the code is not enough to understand how much the OP knows.
Comment #9
klausiI see, there is also the test file I mentioned with 70 lines extra well structured code.
Anyway, @validoll feel free to get back to us when you have your next project to get security team support :-)
Comment #10
avpadernoThank you for your contribution! I am going to update the project.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the dedicated reviewers as well.