Closed (won't fix)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Minor
Category:
Task
Assigned:
Unassigned
Issue tags:
Reporter:
Created:
21 Mar 2024 at 15:41 UTC
Updated:
4 Sep 2025 at 22:57 UTC
Jump to comment: Most recent
Comments
Comment #2
vishal.kadamThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
phpcs --standard=Drupal,DrupalPracticeon the project, which alone fixes most of what reviewers would report.Keep in mind that once the project is opted into security advisory coverage, only Security Team members may change coverage.
To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #3
vishal.kadamFor these applications, we need a project where, in at least the branch used for the application, most of the commits (if not all the commits) have been done from the person who applied.
The purpose of these applications is reviewing a project to understand what the person who applies understands about writing secure code that follows the Drupal coding standards and correctly uses the Drupal API. We do not review a project to understand what the project maintainers as a group understands about those topics.
This application can only continue with another project where most of the commits (and preferable all the commits) have been done by the piridium.
Comment #4
piridium commentedI understand the consideration that the review process aims to understand the competencies of the applicant. However, solely focusing on the commit count strikes me as somewhat superficial. For the past 28 months, nearly all commits have been made by the applicant, and during this time, a significant portion of the module has been rewritten. Is there a possibility for the code and contributions of the applicant to be evaluated?
Comment #5
piridium commentedComment #6
rushikesh raval commentedI am changing the issue priority as per issue priorities.
Comment #7
avpadernoimagelightbox.module
The correct placeholder for URLs starts with
:. It must also be wrapped on double quotation marks, as reported onFormattableMarkup::placeholderFormat().src/Plugin/Field/FieldFormatter/ImagelightboxFormatter.php
The
\Drupal\image\Plugin\Field\FieldFormatter\ImageFormatterclass is not part of the public API and cannot be used as parent class for classes implemented by a contributed module, differently from\Drupal\image\Plugin\Field\FieldFormatter\ImageFormatterBasewhich is a base class and therefore part of the public API.Comment #8
vishal.kadamI am changing priority as per Issue priorities.
Comment #9
vishal.kadamThis thread has been idle, in the Needs work state with no activity for several months. Therefore, I am assuming that you are no longer pursuing this application, and I marked it as Closed (won't fix).
If this is incorrect, and you are still pursuing this application, then please feel free to re-open it and set the issue status to Needs work or Needs review, depending on the current status of your code.
Comment #10
avpadernoLet's keep this application open for longer.
Comment #11
avpadernoThis thread has been idle, in the Needs work state with no activity for more than eight months; the application has been created more than 11 months ago. Therefore, I marked it as Closed (won't fix).
If this is incorrect, and you are still pursuing this application, please feel free to re-open it and set the issue status to Needs work or Needs review, depending on the current status of your code.