Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Add PHP level configurations. You can add any PHP configurations like
memory_limit
max_input_time
max_execution_time
etc using this module. You don't need to edit settings.php or .htaccess file every time.
Project page: https://drupal.org/sandbox/bappa.sarkar/2010602
Git repository: http://git.drupal.org/sandbox/bappa.sarkar/2010602.git
Manual reviews for other projects
- https://drupal.org/node/2063215#comment-7803865
- https://drupal.org/node/2067409#comment-7803963
- https://drupal.org/node/2080245#comment-7821981
- https://drupal.org/node/2070535#comment-7822383
- https://drupal.org/node/2079961#comment-7822455
Adding more manual reviews
Comment | File | Size | Author |
---|---|---|---|
#21 | phpconfig_info.patch | 162 KB | geberele |
#19 | phpconfig_info.patch | 162.03 KB | geberele |
Comments
Comment #1
bappa.sarkar CreditAttribution: bappa.sarkar commentedCan anyone review this module?
Comment #2
bappa.sarkar CreditAttribution: bappa.sarkar commentedComment #3
PA robot CreditAttribution: PA robot commentedWe are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #4
Ayesh CreditAttribution: Ayesh commentedHi Bappa,
Thank you very much for your effort in the application.
I have used Drupal Tweaks module that can increase the PHP memory limit and maximum execution time via the UI.
Manual review
phpconfig.info
- I think it would be better if we change the
package
to somewhere we usually use. It's unlikely that there will be another module to adjust PHP configuration."Development" or such category would be better I think.
phpconfig.module
- In the hook_menu implementation for the
admin/build/phpconfig/add
, it's not necessary to use a separate function just to return the form.The following should work same but we no longer need
phpconfig_add
function.- You can also simplify the module by using woldcard loaders right in your hook_schema implementation.
For example you now have a function named
phpconfig_edit
that actually loads the given config item and returns thephpconfig_newform
.With wildcard loaders, you will define a
phpconfig_config_item_load<code>-like function and then you can use <code>%phpconfig_config_item
as the hook_menu item's wildcard. Drupal will load the item for you, and will even throw 404 errors if the config item is now found.It's more of the extreme side for now though.
phpconfig.inc
- You should now call drupal_goto() in a submit function. drupal_goto() will stop the rest of the page from being executed (which may seem to work at the moment, but if some other module altered the form and added its own submit handlers, they will not be executed).
Remove the drupal_goto() and you can get the same functionality as following.
Otherwise everything looks really great. Drupal Tweaks module can do the basic PHP configuration changes (memory limit, max_execution_time) and your module fills the gap and allows everything to be changed.
Consider adding some links to php.net docs about settings that can be changed in the runtime.
http://www.php.net/manual/en/configuration.changes.modes.php
http://www.php.net/manual/en/ini.list.php
I wish you all the best!
Comment #5
Ayesh CreditAttribution: Ayesh commentedI'm marking this as "needs work" because the drupal_goto usage is more of a problem than an improvement. Feel free to let us know when you have the changes done.
(I'm just a user trying to keep the application queue. Probably Klousi or someone will have better thoughts)
Comment #6
bappa.sarkar CreditAttribution: bappa.sarkar commentedThanks Ayesh for your comments! Really appreciating!
I have replaced drupal_goto with $form['#redirect']. Also removed phpconfig_add function and added drupal_get_form in the menu hook. I have also fixed the edit function.
Comment #7
abghosh82 CreditAttribution: abghosh82 commentedI have installed the module and had a look through the code and used it. I would like to mention that this module is a very good utility for a novice user.
I have reviewed the code and have a couple of suggestions below:
Comment #8
abghosh82 CreditAttribution: abghosh82 commentedAs per the above comments I am setting it to needs work.
Comment #9
Ayesh CreditAttribution: Ayesh commentedI too like this module because it's really straight forward and less confusing.
It would be great if we could put some fields that makes sense and easy to use. For example, for single on/off flags (register_globals, for example), we can use a checkbox or radios, while we can display a size-related field for memory_limit, post_max_size, etc. Ideally a field to enter a numeric value and a select list to choose MB, GB, etc.
Comment #10
SoumyaDas CreditAttribution: SoumyaDas commentedIt's a very good utility module. Keep up the good work.
Comment #11
bappa.sarkar CreditAttribution: bappa.sarkar commentedA new confirm form has been added to give user a warning about WSOD.
Comment #12
bappa.sarkar CreditAttribution: bappa.sarkar commentedThanks ssdas!
Comment #13
fuzzy76 CreditAttribution: fuzzy76 commentedComment #14
fuzzy76 CreditAttribution: fuzzy76 commentednotice: Undefined index: status in phpconfig_newform_submit() (line 142 of /Users/fuzzy76/public_html/test/drupal-6.x-dev/sites/all/modules/phpconfig/phpconfig.inc)
. You should probably enable all warnings when developing to catch these.Comment #15
fuzzy76 CreditAttribution: fuzzy76 commentedComment #16
gregglesIf the module is risky (as this is) then there should be a warning on the project page (there is) the README.txt (there isn't) and the permission should have a scary name like "administer phpconfig - can have stability and security implications" (it doesn't). In Drupal 7 you can use the description and "restrict access" permission array elements to give a more complete explanation.
Comment #17
bappa.sarkar CreditAttribution: bappa.sarkar commentedFollowing changes done.
Comment #18
gregglesThe new AJAX test for configurations seems cool. It should ideally be wrapped with a drupal_get_token/drupal_valid_token csrf protection to avoid a scenario where someone uses CSRF to send a php setting that sets memory and execution time to very high values and then sends a bunch of values to try to create a DOS scenario.
Comment #19
geberele CreditAttribution: geberele commentedHi bappa.sarkar,
really cool module and really powerfull, it will be used a lot if you add more information. For example you can create a new page inside your module with a list of 'Configuration options'.
I've created a patch for you with a new configuration of the menu in tabs and a page with the list of 'Configuration options'.
Comment #20
Ayesh CreditAttribution: Ayesh commentedNice additions, Gabriele!
This may be an extreme end request, but can we improve the table to show all possible values ?
For example, ini_get_all() returns all configuration options, and IMO, ideal for this list.
We can also list the current configured value as well as a link to change that specific configuration option with the config name prefilled.
I will try to show you an example with a patch but I'm stuck in a small workshop these day.
Comment #21
geberele CreditAttribution: geberele commentedThanks Ayesh!
I've just noticed a wrong row in the previous patch, the new one attached has the fix.
ini_get_all() is a good one, good idea!!
Ideally it will be more cool if it has 'select' fields instead of normal textfield or textfield with autocomplete at least for the field 'Item'.
Comment #22
bappa.sarkar CreditAttribution: bappa.sarkar commentedYou can't add all settings using ini_set. only PHP_INI_USER and PHP_INI_ALL can be added. Please see Changeable column in http://www.php.net/manual/en/ini.list.php
Ref: http://www.php.net/manual/en/configuration.changes.modes.php
@Geberele : It would be really nice to add a select box for item. But a new php extension comes with new ini setting options. So it is not always constant.
Cheers,
Bappa
Comment #23
bappa.sarkar CreditAttribution: bappa.sarkar commentedHi greggles,
I have added access check in boot hook to prevent testing phpconfig without access. I was not able to use drupal_valid_token as the function is not present at boot level. I used more robust access check by querying permission table based on user role.
Thanks,
Bappa
Comment #24
greggles@bappa.sarkar - prevent csrf is different from preventing access bypass. It's possible to have CSRF without access bypass (that is usually the case, in fact). There are some articles on csrf at http://drupalscout.com/tags/csrf that might be helpful. If you need to bootstrap further to get more functions it seems fine to me to use drupal_bootstrap inside of your AJAX code since it runs infrequently.
Comment #25
Ayesh CreditAttribution: Ayesh commentedHi Bappa,
Sorry for mentioning these too late. But I do have some comments about the current state of your module.
- Use of $_GET['q'], 'value' and 'item': value and item are common phrases, so if some other module accidentally sent the user to a page, for example,
http://example.com/add-to-wishlist?item=beer&value=99
, it will attempt toini_set('beer', 99);
Furthermore, I have never seen an
ini_set
call gives a fatal error. (try the following. Setting a )No errors. Cool!
I think for this validation part, an
ini_get()
and checking if the config name exists in the returned value would be a better validation.I really think this module would be a really useful one in the future without allowing non-techie users to update PHP configuration. Let's polish it up!
Comment #26
bappa.sarkar CreditAttribution: bappa.sarkar commentedHi Ayesh,
Thanks once again for pointing this out. Yes item and value are the common phrases but ini_set will only execute if $_GET['q'] is "admin/settings/phpconfig/test" and the user has permission administer phpconfig.
Thanks,
Bappa
Comment #27
gregglesFixing crosspost from #24.
Comment #28
Ayesh CreditAttribution: Ayesh commentedSorry about the false positive. I just did some tests with the latest version (a75539a3b970d3537dbf1549a62483d81a010e73) and works fine at my end - it's same in functional code as the previous version, though.
Good luck!
Comment #29
bappa.sarkar CreditAttribution: bappa.sarkar commentedHi greggles,
Thanks for the link that you have provided about CSRF, the tumblr video is really awesome.
I have added token validation in my module to handle CSRF. Please give me your feedback.
Thanks for the knowledge!
Cheers,
Bappa
Comment #30
gregglesThe diffs look like not quite what you wanted to achieve - http://drupalcode.org/sandbox/bappa.sarkar/2010602.git/commitdiff/9ba851... ?
Comment #31
bappa.sarkar CreditAttribution: bappa.sarkar commentedHi greggles,
Actually i had added a wrong file during my commit. Check the previous commit http://drupalcode.org/sandbox/bappa.sarkar/2010602.git/commitdiff/d6c288...
Thanks,
Bappa
Comment #32
kscheirerI'd like to see the extra warnings go in, but I don't think that's a blocking issue.
----
Top Shelf Modules - Crafted, Curated, Contributed.
Comment #33
bappa.sarkar CreditAttribution: bappa.sarkar commentedHi kscheirer,
I can't able to use user_access in boot hook as the function is not yet present in boot level.
All module file got included after boot hook. That's why I used custom access check.
Thanks,
Bappa
Comment #34
bappa.sarkar CreditAttribution: bappa.sarkar commentedI have Added the warning in the project page.
Comment #35
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdded review bonus tag.
Comment #35.0
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding Review links done for other's projects
Comment #36
klausiRemoving review bonus tag, you have not done all manual reviews, you just posted the output of an automated review tool. Make sure to read through the source code of the other projects, as requested on the review bonus page.
I also removed the purely automated review from the issue summary.
Comment #36.0
klausiremoved automated review.
Comment #37
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding review bonus tag.
Comment #37.0
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding reviews
Comment #37.1
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding review link
Comment #38
bappa.sarkar CreditAttribution: bappa.sarkar commentedCan anyone please tell me is there anything pending to get RTBC? Please help.
Thanks,
Bappa
Comment #39
kscheirerNo further action is required, but the best thing you can do is get a Review Bonus by reviewing other applications. That will get you to the top of the list of projects to get reviewed (and hopefully approved). Only manual reviews count, just using http://ventral.org is not enough.
Comment #40
alexmoreno CreditAttribution: alexmoreno commentedBappa, help me reviewing my module and I will give you the favour back: https://drupal.org/node/2083831
Comment #40.0
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding review bonus
Comment #41
bappa.sarkar CreditAttribution: bappa.sarkar commentedAdding more manual reviews
https://drupal.org/node/2083831#comment-7849425
https://drupal.org/node/2085833#comment-7849563
https://drupal.org/node/2086333#comment-7850323
https://drupal.org/node/2083831#comment-7850417
Comment #41.0
bappa.sarkar CreditAttribution: bappa.sarkar commentedadding more manual reviews
Comment #42
alexmoreno CreditAttribution: alexmoreno commentedin line 67, you are using include_once with the path to the module. Why not using module_load_include, which is standard and will detect your module path automatically?
module_load_include('inc', 'phpconfig', 'includes/phpconfig.inc');
other than that, the module looks good and the functionality is quite useful, nice approach to a common issue.
Comment #43
bappa.sarkar CreditAttribution: bappa.sarkar commentedWhich function you are talking about? I only used include once in function phpconfig_boot(). And I can't use module_load_include() as in boot level we don't have this function.
BTW thanks for the review :)
Comment #44
klausimanual review:
But otherwise looks good to me, so ...
Thanks for your contribution, bappa.sarkar!
I updated your account so you can promote this to a full project and also create new projects as either a sandbox or a "full" project.
Here are some recommended readings to help with excellent maintainership:
You can find lots more contributors chatting on IRC in #drupal-contribute. So, come hang out and stay involved!
Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
Thanks to the dedicated reviewer(s) as well.
Comment #45
alexmoreno CreditAttribution: alexmoreno commentedyou were right bappa, sorry for that... and congrats :-).
Comment #46
bappa.sarkar CreditAttribution: bappa.sarkar commentedI would like to give Thanks to all who gave their valuable time to review the module. Thanks once again :)
Cheers,
Bappa
Comment #47
geberele CreditAttribution: geberele commentedCongratulations Bappa!! ;)
Comment #48
Ayesh CreditAttribution: Ayesh commentedCongratulations, dear vetted member!
Comment #49
bappa.sarkar CreditAttribution: bappa.sarkar commentedThanks Ayesh, gebrele, urwen. You guys are awesome :-)
Comment #50.0
(not verified) CreditAttribution: commentedAdding more review