[drupal-devel] Checking coding style of contributed modules
Gerhard Killesreiter
killesreiter at physik.uni-freiburg.de
Sat Feb 19 21:53:51 UTC 2005
On Sat, 19 Feb 2005, Dries Buytaert wrote:
> I slapped together the foundations of a code checker scripts and
> installed it on drupal.org. It took me 50 minutes to write and install.
> It catched hundreds of (small) issues already, and will continue to
> catch many more in future to it most certainly pays off.
talk == silver
code == gold. :)
> What is next?
> -------------
>
> Of course, we'll want to integrate it better and make it visually more
> appealing. Also, we'll want to add many more tests.
>
> I won't be able to work on it until after DrupalCon but you're all
> invited to add more tests. I'd be happy to install newer versions on
> drupal.org as soon they hit CVS.
>
> So, who's first to add a new test?
I am. I added a test to check the integrity of database queries. It won't
catch sql errors, but it will barf at variables in the middle of a query
which could potentially be harmfull. Of course something like
db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
_is_ secure, but we should try to avoid such stuff nevertheless. Because
of the ambiguity the error message is quite soft:
- The INSERT query at line 164 is potentially insecure as it does not use
our database query wrapper properly.
Cheers,
Gerhard
More information about the drupal-devel
mailing list