[drupal-devel] Checking coding style of contributed modules

Gerhard Killesreiter killesreiter at physik.uni-freiburg.de
Sat Feb 19 21:53:51 UTC 2005

On Sat, 19 Feb 2005, Dries Buytaert wrote:

> I slapped together the foundations of a code checker scripts and
> installed it on drupal.org.  It took me 50 minutes to write and install.
>   It catched hundreds of (small) issues already, and will continue to
> catch many more in future to it most certainly pays off.

talk == silver
code == gold. :)

> What is next?
> -------------
> Of course, we'll want to integrate it better and make it visually more
> appealing.  Also, we'll want to add many more tests.
> I won't be able to work on it until after DrupalCon but you're all
> invited to add more tests.  I'd be happy to install newer versions on
> drupal.org as soon they hit CVS.
> So, who's first to add a new test?

I am. I added a test to check the integrity of database queries. It won't
catch sql errors, but it will barf at variables in the middle of a query
which could potentially be harmfull. Of course something like

db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);

_is_ secure, but we should try to avoid such stuff nevertheless. Because
of the ambiguity the error message is quite soft:
 - The INSERT query at line 164 is potentially insecure as it does not use
our database query wrapper properly.


More information about the drupal-devel mailing list