Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Minor
Category:
Task
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
9 Feb 2024 at 11:01 UTC
Updated:
12 Feb 2025 at 06:59 UTC
Jump to comment: Most recent
Comments
Comment #2
vishal.kadamThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
phpcs --standard=Drupal,DrupalPracticeon the project, which alone fixes most of what reviewers would report.To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #3
vishal.kadam1.
masteris a wrong name for a branch, which needs to be deleted. Release branch names always end with the literal .x as described in Release branches.2. Fix phpcs issue.
3. FILE: src/Plugin/Block/SubscriptionBlock.php
The documentation comment for constructors is not mandatory anymore, If it is given, the description must be Constructs a new [class name] object. where [class name] includes the class namespace.
Comment #4
vinaygawadeThank you @vishalkadam for addressing the issues. I appreciate your prompt attention to these matters.
1. The incorrect branch "master" has been deleted, and the appropriate release branch has been created following the convention of ending with ".x".
2. The phpcs issue regarding the array declaration length has been fixed by splitting the array content over multiple lines, aligning with coding standards and enhancing code readability.
3. The constructor documentation comment has been adjusted to adhere to the specified format.
I've made these changes as requested. Could you please review them again to ensure they meet the project's standards? Thank you for your time and cooperation.
Comment #5
vishal.kadamRest looks fine to me.
Let’s wait for a Code Review Administrator to take a look and if everything goes fine, you will get the role.
Comment #6
avpadernosrc/Form/SubscriptionForm.php
The first argument of
warning()and similar logger methods is a literal string.Validating the entered values is a task for
validateForm().Since the parent class is
FormBase, those properties are not necessary. Instead, the class should use the methods to set the logger factory and the config factory, or to retrieve a logger and a configuration object.src/Form/SettingsForm.php
ContainerInjectionInterfaceis already implemented byConfigFormBase; there is no need to re-implement it.URLs should be added to translatable strings via placeholders. Translators are not expected to change the used URL when translating strings.
To log exceptions, there is
watchdog_exception()or the class method described in that documentation page.Comment #7
vishal.kadamI am changing priority as per Issue priorities.
Comment #8
vishal.kadamThis thread has been idle, in the Needs work state with no activity for several months. Therefore, I am assuming that you are no longer pursuing this application, and I marked it as Closed (won't fix).
If this is incorrect, and you are still pursuing this application, then please feel free to re-open it and set the issue status to Needs work or Needs review, depending on the current status of your code.
Comment #9
avpadernoComment #10
vinaygawadeThank you for the feedback, and apologies for the late reply.
please check the 1.x branch for the latest changes and let me know if further adjustments are needed.
Once all reviews are complete, I will release the newer version.
Comment #11
avpadernoComment #12
vishal.kadam1. FILE: templates/block--subscription.html.twig
Twig code needs to be correctly indented. Drupal uses two spaces for indentation, not four spaces or tabs.
2. FILE: sender_net.module
The usual description for a .module file is Hook implementations for the [module name] module. where [module name] is the module name given in the .info.yml file.
Comment #13
vinaygawadeThank you for the feedback.
1. The Twig file indentation has been updated to use two spaces as per Drupal standards.
2. The file header comment in the `.module` file has been revised to match the module name specified in the `.info.yml` file.
Let me know if any further changes are required.
Comment #14
vishal.kadamRest looks fine to me.
Let’s wait for other reviewers to take a look.
Comment #15
avpadernosrc/Form/SettingsForm.php
The correct placeholder for URL starts with
:. It must also be wrapped on double quotation marks, as reported onFormattableMarkup::placeholderFormat().Since the module can be installed on Drupal 11 too, it cannot use
watchdog_exception(), which does not exist in Drupal 11. The following code needs to replace the line callingwatchdog_exception('sender_net', $e).Instead of
\Drupal::logger(), an injected service should be used.src/Form/SubscriptionForm.php
Is there any reason to use a separate class for the plugin form?
src/SenderNetApi.php
Only one of those lines is necessary, since both lines log an error message. See also my previous note on
watchdog_exception().Comment #16
vinaygawadeThe changes have been made as per your feedback:
1. The URL placeholder format now uses the correct syntax with `:variable` and is wrapped in double quotes, ensuring proper escaping and security.
2. Replaced `watchdog_exception()` with the injected logger service to maintain compatibility with Drupal 11 and follow modern Drupal logging practices.
3. Removed the redundant error logging to simplify and ensure clarity.
4. src/Form/SubscriptionForm.php
Is there any reason to use a separate class for the plugin form?
Using a separate class for the form ensures clean separation of responsibilities, making the code easier to maintain and reuse. It aligns with Drupal standards, allowing the form to be used in multiple contexts while keeping the block plugin focused on rendering. This approach keeps the module flexible, organized.
Comment #17
vinaygawadeComment #18
klausimanual review:
But otherwise looks good to me.
Thanks for your contribution, Vinay!
I updated your account so you can opt into security advisory coverage now.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.
Comment #19
vinaygawadeThank you, Klausi, for the review and feedback! I appreciate the account update and recommended readings. Grateful to the reviewers and the supportive Drupal community. Looking forward to staying involved!