Reviews and Mentoring for darol100

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!

I have been reviewing projects since last year. I would like to become a code review administrator.

I would keep on adding projects reviews in wiki page.

https://www.drupal.org/project/issues/search/projectapplications?project...

Security issues

  1. [D7] Font Icon Select
  2. Review #1

    One of the fields from this module is vulnerable to xss and it should pass through check plain. That field can execute JavaScript.

Reviews

  1. [D7] Message Private
  2. Review #1

  3. [D7] Aspose Doc Importer
  4. Review #1

  5. [D7] Mapply
  6. Review #1

  7. [D7] Administrative Help
  8. Review #1
    Review #2

  9. [D7] Livechatoo
  10. Review #1

  11. [D7] Multiple Registration
  12. Review #1

  13. [D7] Zurb Responsive Tables
  14. Review #1

  15. [D7] Account Settings Email Attachment
  16. Review #1

  17. [D7] CKEditor AutoEmbed
  18. Review #1

  19. [D7] Kaltura Tag
  20. Review #1

  21. [D7] Addressfield - Japanese Postal Code
  22. Review #1

  23. [D7] Read only node
  24. Review #1

  25. [D7] shs search api
  26. Review #1

  27. [D7] Views_Reveal
  28. Review #1

  29. [D7] OpenQuestions
  30. Review #1

  31. [D7] Indonesian Phone
  32. Review #1

  33. [D7] OKVideo
  34. Review #1

  35. [D7] fieldupdate
  36. Review #1

  37. [D7] Useful Commands Drush
  38. Review #1

  39. [D7] Comment Stats
  40. Review #1

  41. [D7] Hellosign
  42. Review #1

  43. [D7] Views slug title
  44. Review #1

  45. [D7] Feedback Collect
  46. Review #1

  47. [D7] Crop Entity
  48. Review #1
    Review #2

  49. [D7] Image ALT text
  50. Review #1

  51. [D7] Video Embed Ted
  52. Review #1
    Review #2

  53. [D7] Media Facebook]
  54. Review #1

  55. [D7] Content Type Search in Add Content(node/add) Page
  56. Review #1

  57. [D7] Image Compresssion TinyPNG/JPG
  58. Review #1

  59. [D7] Views Filter Object
  60. Review #1

  61. [D7] OpenAccess
  62. Review #1
    Review #2

  63. [D7] Taxonomy Autocomplete Permission
  64. Review #1

  65. [D7] netForum Authenticate
  66. Review #1
    Review #2
    Review #3

  67. [D7] PTV Timetable API
  68. Review #1
    Review #2

  69. [D7] Wrap Word
  70. Review #1

  71. [D7] Influxis Video Upload]
  72. Review #1

  73. [D7] YPlan
  74. Review #1

  75. [D7] Pipedrive
  76. Review #1

  77. [D7] Font Icon Select
  78. Review #1

  79. [D7] Session Cache Form
  80. Review #1

  81. [D7] Field Sections
  82. Review #1
    Review #2

  83. [D7] TinyPNG On Upload
  84. Review #1

  85. [D7] Fancyselect module
  86. Review #1
    Review #2

  87. [D7] Show Node Aliases
  88. Review #1

  89. [D7] Multimedia block
  90. Review #1

  91. [D7] Rackspace webmail integration
  92. Review #1

  93. [D7] External Logger
  94. Review #1

  95. [D7] Custom Email Template
  96. Review #1

  97. [D7] Pingdom API
  98. Review #1

  99. [D7] Theme-color meta tag
  100. Review #1

  101. [D7] CKEditor Image2
  102. Review #1

  103. [D7] Comment Bulk actions
  104. Review #1

  105. [D7] Entity Pager
  106. Review #1

  107. [D7] Edit unpublished
  108. Review #1

  109. [D7] Webform Tooltip
  110. Review #1

Comments

Hi and thanks for starting

klausi's picture

Hi and thanks for starting this!

I saw in https://www.drupal.org/node/2486567#comment-9941151 that you posted a long list of automated results - could you edit that and put it in a txt attachment instead to not clutter up the application thread?

Also, you get bonus extra points for finding security issues, which is THE most important part of project application reviews. See https://www.drupal.org/project/issues/search/projectapplications?project... for examples what we usually find. Please create a section about your security vulnerability findings once you identify those in an application.

Done

darol100's picture

Done

I found two security issues....

The first one was a false

klausi's picture

The first one was a false positive, so also make sure that you can actually exploit the vulnerabilities you find.

@klausi, I do not think the

darol100's picture

@klausi,

I do not think the second one is an security issue either. I had a conversation with heddn about how to test XSS exploit. And I ended up running something like this on the field <script>alert("foo")</script> and this did not did not show me "foo". I would remove PAReview: security.

That might be a possible XSS

Novitsh's picture

That might be a possible XSS exploit.

To test XSS exploits,

heddn's picture

To test XSS exploits, https://www.drupal.org/sandbox/matthew.donadio/2319347 is a great tool.

Code review for security advisory coverage applications

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week