Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
7 Apr 2022 at 00:40 UTC
Updated:
28 Apr 2022 at 09:24 UTC
Jump to comment: Most recent
Comments
Comment #2
simonbaeseI recommend running some static analysis with PHPStan (see PHPStan for Drupal).
You can get it with composer via:
Then run:
Getting the level up to 5 is quiet healthy. With my configuration with PHP8.0 your module returns 8 errors on level 0 and 24 errors on level 5. I ignore some errors in a
phpstan.neonfile, which you can place in your root directory. It looks like this:Comment #3
avpadernoA review needs to report what needs to be changed, although the review isn't required to be complete, nor to point out every single line that needs to be changed, especially when the same "error" is repeated more than once.
Comment #4
avpadernoThank you for applying! Reviewers will review the project files, describing what needs to be changed.
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smother review.
To reviewers: Please read How to review security advisory coverage applications, What to cover in an application review, and Drupal.org security advisory coverage application workflow.
Comment #5
avpadernoThe correct placeholders for URLs is
:edit_urlas described inFormattableMarkup::placeholderFormat().Private properties should be avoided in form classes, as those cause issues when the form instance is cached.
The task of the
create()method is passing the injected dependencies to the class constructor.Test classes go all in the tests/src directory.
The documentation comment for the class constructor is the same documentation comment for a method that isn't inherited from the parent class or defined in a interface.
The first line in the documentation comment should use a verb in the third person singular. The rest of the comment should document the parameters and the returned value.
Comment #6
akoepke commentedThank you @simonbaese and @apaderno for your feedback.
I have gone through the issues reported by PHPStan and have no errors at level 5 now.
@apaderno, the issues that you reported have all been resolved.
Can you please review the changes on commit 2cc02a9c and let me know if there is anything further required.
Comment #7
avpadernoThe code is still not calling the class constructor. The code should be similar to the code used from
RolePaywallPluginSettings::create().Comment #8
avpadernoThank you for your contribution! I am going to update your account.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the Slack #contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the dedicated reviewers as well.
Comment #9
akoepke commentedHi @apaderno, thanks for the feedback and for processing my application.
As for the code not calling the class constructor, this is handled in the parent::create call.
My code was based on this example: https://www.drupal.org/docs/drupal-apis/services-and-dependency-injectio...
Does this documentation need to be updated?
Comment #10
avpadernoThat example is wrong.
Any class that implements
ContainerInjectionInterface::create()calls the class constructor. The documentation itself says:That's what Drupal core does, for example in
CronForm::create()orRegionalForm::create().Comment #11
akoepke commentedHi @apaderno,
I had a look through the code for many of the forms in core and see that you are correct. I could only find one single example where the same method was used.
https://api.drupal.org/api/drupal/core%21modules%21update%21src%21Update...
I have updated the code for my forms to use the dependency injection correctly.
I have submitted an issue along with a merge request to fix the UpdateSettingsForm class - #3275216: Fix UpdateSettingsForm dependency injection.