The Motionpoint Connector Plugin is an external translation service for the Translation Management Tool module. We developed plugin module for Drupal 7,. 8, and 9 as an extension over TMGMT module. The plugin connects to motionpoint backend system to post content for translation and retrieve translated content back to Drupal.

Project link

https://www.drupal.org/project/tmgmt_motionpoint

Git instructions

git clone --branch '8.0.x' https://git.drupalcode.org/project/tmgmt_motionpoint.git

Comments

MotionPoint created an issue. See original summary.

avpaderno’s picture

Issue summary: View changes
Status: Needs review » Needs work

We only review a single branch for a single project. Please choose the branch you want to be reviewed and edit the issue summary accordingly.

Is the account used to post this application a shared account?

avpaderno’s picture

Anyway, there aren't commits from the account used to create this application; we cannot accept an application that uses a project for which the user who created the application hasn't done any commits.

mpbackenduser’s picture

Thank you for the feedback

Code is committed with account maintenance account. Summary section is updated accordingly need review only for the below branch.

git clone --branch '8.0-x' https://git.drupalcode.org/project/motionpointtranslation.git

mpbackenduser’s picture

Issue summary: View changes
Status: Needs work » Needs review
avpaderno’s picture

See comment #3: A user who hasn't committed code in a project cannot apply using that project. These applications are for users, not for projects.

avpaderno’s picture

Status: Needs review » Needs work
mpbackenduser’s picture

Commits for MotionPoint Translation Provider(D7,D8,D9)
8 Oct 2021 at 09:07 EDT
Commit 9d5f63f on 8.0-x
by MotionPoint
Commit the project for security review

The code is committed by the User "MotionPoint" who created the Project. Please let me know is anything iam missing.

there are two more additional developers (sugumarant and yli are added as maintainers for the project)

mpbackenduser’s picture

Status: Needs work » Fixed
avpaderno’s picture

Status: Fixed » Needs work

That's just one commit. There is a user who made more commits.

I also asked: Is the account used to post this application a shared account?

mpbackenduser’s picture

Yes Sir the account is the shared account with the developers of MotionPoint. the user sugumarant is the Senior Software Engineer worked on this project. If you want i can ask the developer sugumarant to create the project and submit the code for security review.

Sir We are new to the drupal ecosystem apologize if we missed any of the process.

mpbackenduser’s picture

Status: Needs work » Needs review
avpaderno’s picture

Title: MotionPoint Translation Provider » [D8] MotionPoint Translation Provider
Issue summary: View changes

There is no need to create a new project: sugumarant can commit code in the existing project and follow this application.

As side note, shared accounts cannot be used to:

  • Commit code to Git repositories
  • Create any node except for organization, case study or project nodes
  • Comment on nodes
avpaderno’s picture

Status: Needs review » Needs work
  • What follows is a quick review of the project; it doesn't mean to be complete
  • For every point, the review doesn't make a complete list of lines that should be fixed, but an example of what is wrong in the code
  • A review is about code that doesn't follow the coding standards, contains possible security issue, or doesn't correctly use the Drupal API; if a point isn't about that, it makes it clear

8.0-x and 9.0-x are wrong tag names. The correct ones would be 8.0.x and 9.0.x. New tags needs to be created, the default one changed, and the old tags deleted.

Since the project machine name is motionpointtranslation, the following filenames are wrong.

  • tmgmt_motionpoint.info.yml
  • tmgmt_motionpoint.module
  • tmgmt_motionpoint.routing.yml

There are other files/directory with the wrong name, including src/Plugin/tmgmt/Translator. The same is true for the paths used in the route definitions.

The .module file isn't necessary, if it doesn't contain code.

    /** @var \Drupal\tmgmt_file\Format\FormatInterface $xliff_converter */
    $xliff_converter = \Drupal::service('plugin.manager.tmgmt_file.format')->createInstance('xlf');
    $xliff_content = $xliff_converter->export($job);

A class that implements create() from which it receives the dependency container object doesn't use \Drupal to access a service or other dependencies.

      if (is_bool($received_translation) === true) { throw new Exception(); };

The code isn't following the Drupal coding standards.

 $api_base_url = UrlHelper::isValid($translator->getSetting('motionpoint_api_url')) ? $translator->getSetting('motionpoint_api_url') : 'https://api.motionpoint.com';

UrlHelper::isValid() returns TRUE or FALSE; that code is setting a URL to a Boolean value (which is surely not what it should do).

mpbackenduser’s picture

Thank You apaderno for the feedback. we discussed with the team and decided not to use the shared account going forward. We will delete the project created by shared account so in compliance with the drupal eco system.

sugumarant will create and project and check in the code.

I'll withdraw this issue and create an new request with the developer account.

Thanks for your feedback we want to be incompliance with drupal.

avpaderno’s picture

@MotionPoint It's not necessary to delete the project. The developer can continue with this application and change the project code as reported here.

Shared accounts can be used to create project. They cannot be used to commit code, but a single commit isn't going to be a big issue.

avpaderno’s picture

Also, I think projects cannot be deleted.

mpbackenduser’s picture

Issue summary: View changes
mpbackenduser’s picture

Comment 1:
Since the project machine name is motionpointtranslation, the following filenames are wrong.

tmgmt_motionpoint.info.yml
tmgmt_motionpoint.module
tmgmt_motionpoint.routing.yml
There are other files/directory with the wrong name, including src/Plugin/tmgmt/Translator. The same is true for the paths used in the route definitions.


Fixed Since the MotionPoint translation provider should be part of tmgmt module . Original project was created wrongly. I created a new project with proper machinename "tmgmt_motionpoint" updated the Issue with the project name.

The .module file isn't necessary, if it doesn't contain code.

Fixed. Removed the .Module File

/** @var \Drupal\tmgmt_file\Format\FormatInterface $xliff_converter */
$xliff_converter = \Drupal::service('plugin.manager.tmgmt_file.format')->createInstance('xlf');
$xliff_content = $xliff_converter->export($job);
A class that implements create() from which it receives the dependency container object doesn't use \Drupal to access a service or other dependencies.

we Followed the same way as tmgmt FileTranslator uses \Drupal::service('plugin.manager.tmgmt_file.format')->createInstance('xlf');
(examples in following classes)
tmgmt\translators\tmgmt_file\src\Plugin\tmgmt\Translator\FileTranslator.php
tmgmt\translators\tmgmt_file\src\Commands\TmgmtFileCommands.php

if (is_bool($received_translation) === true) { throw new Exception(); };
The code isn't following the Drupal coding standards.

Fixed


$api_base_url = UrlHelper::isValid($translator->getSetting('motionpoint_api_url')) ? $translator->getSetting('motionpoint_api_url') : 'https://api.motionpoint.com';
UrlHelper::isValid() returns TRUE or FALSE; that code is setting a URL to a Boolean value (which is surely not what it should do).

Fixed

mpbackenduser’s picture

Status: Needs work » Needs review
sugumarant’s picture

Issue summary: View changes
avpaderno’s picture

Issue summary: View changes
Status: Needs review » Needs work
Issue tags: +PAreview: security

Please remember that only sugumarant can make commits for the duration of this application.

    return AvailableResult::no(t('@translator is not available. Please make sure it is properly <a href=:configured>configured</a>.', [

:configured needs to be surrounded by double quotes, as described in FormattableMarkup::placeholderFormat().

:variable: Return value is escaped with \Drupal\Component\Utility\Html::escape() and filtered for dangerous protocols using UrlHelper::stripDangerousProtocols(). Use this when using the "href" attribute, ensuring the attribute value is always wrapped in quotes

// Secure (with quotes):
$this->placeholderFormat('<a href=":url">@variable</a>', [
  ':url' => $url,
  '@variable' => $variable,
]);

// Insecure (without quotes):
$this->placeholderFormat('<a href=:url>@variable</a>', [
  ':url' => $url,
  '@variable' => $variable,
]);

The code doesn't follow the Drupal coding standards in some points, as:

  • PHP constants must be written all capital case (including TRUE, FALSE, NULL)
  • else and elseif branches must be written on a new line
  • The indentation is expected to be two spaces
  • There should not be empty lines between the line containing function and the first function/method code line

\Drupal::logger('tmgmt_motionpoint')->warning('API Request Exception, status code is: ' . print_r();

Instead of concatenating string, the message should use placeholders.

    catch (Exception $e) {
      if (method_exists($e, 'getCode')) {
        \Drupal::logger('tmgmt_motionpoint')->warning('API Request Exception, status code is: ' . print_r() . 'omitted string' );
      }
      return $e;
    }

Why is the code returning an exception instead of re-throwing it? in PHP, exceptions aren't returned.

    } catch (Exception $e) {
      \Drupal::logger('tmgmt_motionpoint')->warning('Translation cannot be retrieved. If situation persists please contact support@motionpoint.com.');
    }

Classes that implement ContainerFactoryPluginInterface don't use \Drupal, but inject their dependencies in create().

  private $submitSettings = [
    0 => 'Single Job - all pages are combined into one MotionPoint job',
    1 => 'Multiple Jobs - an individual MotionPoint job is created for each page',
  ];

Strings shown in the user interface must be translatable.

    $out = [];
    foreach ($this->submitSettings as $value) {
        $out[] = t($value);
    }

The first parameter of t() must be a literal string, not a variable. Passing a variable is considered a potential security issue.

  requirements:
    _access: 'TRUE'

The README.txt isn't complete and it's not formatted as the Drupal coding standards say.

sugumarant’s picture

Fixed all the review comments. Please review and let me know your feedback.

sugumarant’s picture

Status: Needs work » Needs review
avpaderno’s picture

Assigned: Unassigned » avpaderno
Status: Needs review » Fixed

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

sugumarant’s picture

Thank you apaderno for you time and valuable feedback

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.