This module allows administrators to replace a particular taxonomy term associated with 'Published' and/or 'Unpublished' nodes with another taxonomy term of the same vocabulary.

Features

  • Users can 'replace' 'existing' term ID for all associated nodes for the same vocabulary as that of the entered 'Existing' term ID.
  • Users can search how many nodes are associated with a specific term's ID using the 'Search' button. Note: This will only show 'Published' nodes. To include 'Unpublished' nodes as well, see the below feature.
  • There is an additional 'Include Unpublished Nodes' checkbox in order to include unpublished nodes as well.
  • Upon successful search of nodes associated with the entered term ID, node details will be shown in 'Table' format with the total count of nodes mentioned at the top of the table.
  • Upon successful search of nodes, an additional button will appear on the screen - 'Download CSV' which will generate a CSV with all the data visible in the table.
  • Users will be able to see the 'Term Name' for the entered Term ID(s) along with the corresponding vocabulary it belongs to.
  • Users will be able to 'Confirm' or 'Cancel' the replacement of the existing term with the replacement term in a 'Confirmation Page' where all the details will be mentioned, like - Term ID and Term Name of the existing and replacement Terms, and total nodes associated with the existing term ID.

Project link

https://www.drupal.org/project/taxonomy_term_replace

Comments

ighosh created an issue. See original summary.

vishal.kadam’s picture

Thank you for applying!

Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

The important notes are the following.

  • If you have not done it yet, you should run phpcs --standard=Drupal,DrupalPractice on the project, which alone fixes most of what reviewers would report.
  • For the time this application is open, only your commits are allowed.
  • The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
  • We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.

To the reviewers

Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.

The important notes are the following.

  • It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
  • Reviewers should show the output of a CLI tool only once per application.
  • It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.

vishal.kadam’s picture

Issue summary: View changes
avpaderno’s picture

Assigned: ighosh » Unassigned
Issue tags: -PAreview: security
rushikesh raval’s picture

Priority: Normal » Major

I am changing priority as per Issue priorities.

rushikesh raval’s picture

Status: Needs review » Needs work
  • The following points are just a start and don't necessarily encompass all of the changes that may be necessary
  • A specific point may just be an example and may apply in other places
  • A review is about code that doesn't follow the coding standards, contains possible security issue, or doesn't correctly use the Drupal API; the single points aren't ordered, not even by importance

src/Form/TaxonomyTermConfirmationForm.php & TaxonomyTermReplaceForm.php

    $target_term_id = base64_decode($request->query->get('target_term_id'));
    $replacement_term_id = base64_decode($request->query->get('replacement_term_id'));
    $total_nodes = base64_decode($request->query->get('total_nodes'));
    $target_term = base64_decode($request->query->get('target_term'));
    $replacement_term = base64_decode($request->query->get('replacement_term'));

sanitize user inputted text

rushikesh raval’s picture

Priority: Major » Minor

I am changing priority as per Issue priorities.

avpaderno’s picture

Priority: Minor » Critical
Status: Needs work » Needs review

Given the used code is the following one, the user input is correctly sanitized, and at the right moment.

    $target_term_id = base64_decode($request->query->get('target_term_id'));
    $replacement_term_id = base64_decode($request->query->get('replacement_term_id'));
    $total_nodes = base64_decode($request->query->get('total_nodes'));
    $target_term = base64_decode($request->query->get('target_term'));
    $replacement_term = base64_decode($request->query->get('replacement_term'));
    $form['confirmation'] = [
      '#markup' => $this->t('You will be replacing term @target_term (Term ID  - @target_term_id) with @replacement_term (Term ID - @replacement_term_id) for a total of @total_nodes nodes associated to @target_term.', [
        '@target_term_id' => $target_term_id,
        '@replacement_term_id' => $replacement_term_id,
        '@total_nodes' => $total_nodes,
        '@target_term' => $target_term,
        '@replacement_term' => $replacement_term,
      ]),
    ];
avpaderno’s picture

Assigned: Unassigned » avpaderno
Status: Needs review » Reviewed & tested by the community

Thank you for your contribution and for your patience with the review process!

I am going to update your account so you can opt into security advisory coverage any project you create, including the projects you already created.

These are some recommended readings to help you with maintainership:

You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank the dedicated reviewers as well.

avpaderno’s picture

Priority: Critical » Normal
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

ighosh’s picture

@avpaderno The security advisory issue has been resolved and moved to the fixed state. What should I do next to ensure the module's release status is updated and reflects the fix? Should I tag a new release, or do I need to do something else to ensure the green indicator shows under the release (Composer) of my module page? Thanks for the guidance!

vishal.kadam’s picture

To enable the green security coverage indicator, go to the module's project page and click "Edit." Find the "Security advisory coverage" section, check the box for "Opt into security advisory coverage," and save the changes. After doing this, the green security badge will be displayed on the project page.

avpaderno’s picture