This page serves fr3shw3b's project application reviews and help to project application reviews. This is a part of mentoring to become a code review administrator eventually. add any advice that you may have through comments.
Supersized JQuery Plugin:
http://drupal.org/node/1837780#comment-6776652
http://drupal.org/node/1837780#comment-6897330
Commerce eurobank redirect:
http://drupal.org/node/1850716#comment-6781880
http://drupal.org/node/1850716#comment-6924756
Webform Feedback Module:
http://drupal.org/node/1852392#comment-6784556
http://drupal.org/node/1852392#comment-6897642
BetterTip:
http://drupal.org/node/1852590#comment-6784608
Email ajax check:
http://drupal.org/node/1784482#comment-6860568
http://drupal.org/node/1784482#comment-6897618
Address Field Portugal:
http://drupal.org/node/1863846#comment-6860662
Spaces OG Login / Logout
http://drupal.org/node/1867646#comment-6876014
http://drupal.org/node/1867646#comment-6889234
Menu Slice: (Didn't recognise it was a duplicate.)
http://drupal.org/node/1874178#comment-6877090
TableHover:
http://drupal.org/node/1873474#comment-6877126
Casengo Contact Widget:
http://drupal.org/node/1847914#comment-6877172
http://drupal.org/node/1847914#comment-6897570
http://drupal.org/node/1847914#comment-6901292
Further help and explanation:
http://drupal.org/node/1847914#comment-6916618
Youtube Video Uploader:
http://drupal.org/node/1874650#comment-6889170
http://drupal.org/node/1874650#comment-6897490
Assetic:
http://drupal.org/node/1826272#comment-6889266
http://drupal.org/node/1826272#comment-6897414
Deep Survey
http://drupal.org/node/1236914#comment-6921020
Registration Restriction
http://drupal.org/node/1884388#comment-6921174
http://drupal.org/node/1884388#comment-6924572
Apache Solr CSV
http://drupal.org/node/1884380#comment-6922388
Feed Loader
http://drupal.org/node/1877716#comment-6955306
Security Issues:
Webform Feedback
http://drupal.org/node/1852392#comment-6945090
Comments
Security issues
Security issues such as XSS and CSRF vulnerabilities have been looked for but there has been a struggle to find them, this is where more guidance might be needed.
This is the guidance I currently use (printed out from a word document):
• Where there are custom variables created which are module specific make sure there is module.install file with hook_uninstall().
• Look for XSS vulnerabilities in user input.
• Look for heavy use of hook_init() or hook_boot() and advise against this.
• Look for markup being built outside of the theme layer, advise and give examples of how they could use the theme layer.
• Look for heavily coded functions and advise for the person to break it down and give examples to help.
• Look for empty, meaningless functions, doc block errors and logical errors such as passing integers where there should be strings or miss spellings etc.
• Look for custom functions which are used when an existing function could be used.
• Look for UX issues, naming conventions and consistencies in the module’s interface and code.
• Look for whether the module is a duplicate or not!
• Look for CSRF vulnerabilities and give advice on how to guard against this.
• Look in JavaScript for unnecessary JS Calls and advise the applicant to use Drupal behaviours.
• Identify whether there are classes and functions placed in the module file and suggest a format in which the applicant could use.
• Look for code duplication and suggest helper functions.
• Identify where there should be translatable text and where links could be formed using l().
• Give suggestions to help concerning the UI, extra features or different, more effective ways of going about the solution.
• Where PHP alone methods are used such as render and strtolower advise to use the Drupal alternative.
• Help find ways of reducing the amount of code in a project as possible.
• Look for grammatical errors.
• More to come…
Nice list!Identifying
Nice list!
Identifying security issues requires a bit of practice and I learned a lot by just observing greggles as he pointed out security issues. The PAReview: security tag is used to keep track of security issues in project applications: http://drupal.org/project/issues/search/projectapplications?issue_tags=P...
Use that and you will get a feeling how and where we find them.
Hi fr3shw3b, hope you are
Hi fr3shw3b,
hope you are doing well? Just wanted to ask if you are still pursuing this effort to become a git administrator? Just let me know if you need any help or advice.
I think you did a pretty good job already and I would look to continue working with you on the project application issue queue.