[drupal-devel] Project management contribs: Bundles: grouped modules.

Gerhard Killesreiter killesreiter at physik.uni-freiburg.de
Sat Feb 19 09:31:07 UTC 2005



On Sat, 19 Feb 2005, Gerhard Killesreiter wrote:

>
>
> On Fri, 18 Feb 2005, Moshe Weitzman wrote:
>
> > it is quite possible that we don't have enough qualified developers
> > with enough time on their hands to perform code checking and
> > functionality checking for this. If you look at the patch queue, it is
> > quite common for *noone* to review a given patch, and we just let dries
> > do it. i would think that Contrib code would be even less worthy of
> > review. I'm not opposed to the 'door guard' arrangement, i am just
> > skeptical that people will do what they promised.
>
> I share your concern. We should, however, at least check sql queries for
> insertion vulnerabilities. Having Drupal modules which cause major havoc
> is not acceptable.

We should also enforce use of our coding standards for contrib CVS. It
is much easier to look at all db queries if you can just grep for them
like this:

egrep -r  "SELECT|INSERT|UPDATE" */*.module */*.inc|less

I currently get 1727 matches which might not be all of them.

  $result = db_query('SELECT nid, uid, created, body

is part of the output from stats_plot/stats_plot_user_activity.inc which
makes judging the query difficult.

Cheers,
	Gerhard




More information about the drupal-devel mailing list