[1.0.x] revolt

Thank you for applying!

Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

The important notes are the following.

• If you have not done it yet, you should run phpcs --standard=Drupal,DrupalPractice on the project, which alone fixes most of what reviewers would report.
• For the time this application is open, only your commits are allowed.
• The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
• We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.

To the reviewers

Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.

The important notes are the following.

• It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
• Reviewers should show the output of a CLI tool only once per application.
• It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.

• The following points are just a start and do not necessarily encompass all of the changes that may be necessary
• A specific point may just be an example and may apply to other places
• A review is about coding standards, security issues, and correct usage of the Drupal API; the single points aren't ordered, not even by importance

revolt.theme

/**
 * @file
 * Functions to support theming in the VT theme.
 */

The theme name given in its .info.yml file is not VT.

/**
 * Implements theme_preprocess_page().
 */
function revolt_preprocess_page(&$variables) {

That is a hook implementation; the description must be different.

/**
 * Implements hook_preprocess_HOOK() for page templates.
 */
function revolt_preprocess_views_view_fields(&$variables) {

/**
 * Implements hook_preprocess_views_view_list() for page templates.
 */
function revolt_preprocess_views_view_list(&$variables) {

/**
 * Implements hook_preprocess_views_view_list() for page templates.
 */
function revolt_preprocess_views_view_table(&$variables) {

Those are not hook implementations for page templates.

I am changing priority as per Issue priorities.

This thread has been idle, in the Needs work state with no activity for several months. Therefore, I am assuming that you are no longer pursuing this application, and I marked it as Closed (won't fix).

If this is incorrect, and you are still pursuing this application, then please feel free to re-open it and set the issue status to Needs work or Needs review, depending on the current status of your code.

Hello there, Apologies for the delay. I wasn’t able to complete this task earlier,
but I’ve now added the new release: 1.1.6
Repo : https://git.drupalcode.org/project/revolt/

Please let me know if there's anything else I can assist with.

This is an yogesh.k's application; it is yogesh.k who needs to make commits to fix what reported.

It'syogesh.kh who needs to reply here and make the necessary changes, not every project maintainer.
This is not an application to review what the project maintainers as group understand about writing secure code which correctly uses the Drupal API and follows the Drupal coding standards. This is yogesh.k's application.

Please go through all link in comment#4 for more details.

Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.

1. main is a wrong name for a branch. Release branch names always end with the literal .x as described in Release branches.

manual review:

1. The "raw" twig filter looks a bit suspicious in revolt/templates/form/form-element.html.twig , but I could not trigger it with an XSS attack. Looks like this label is already sanitized. Why do you need to print it raw here? Please add a comment in code.
2. templates/layout/page.html.twig: the banner description is printed raw here, so could also be an XSS attack vector. But only trusted users can change theme settings, so this is also not a vulnerability.

Otherwise looks good to me.

Thanks for your contribution, Yogesh!

I updated your account so you can opt into security advisory coverage now.

Here are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find lots more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Adding tag.