[2.0.0-rc2] Multistep Form Framework (multistep_form_framework).

Thank you for applying!

Please read Review process for security advisory coverage: What to expect → for more details and Security advisory coverage application checklist → to understand what reviewers look for. Tips for ensuring a smooth review → gives some hints for a smoother review.

The important notes are the following.

• If you have not done it yet, you should run phpcs --standard=Drupal,DrupalPractice on the project, which alone fixes most of what reviewers would report.
• For the time this application is open, only your commits are allowed.
• The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
• We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.

To the reviewers

Please read How to review security advisory coverage applications → , Application workflow → , What to cover in an application review → , and Tools to use for reviews → .

The important notes are the following.

• It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
• Reviewers should show the output of a CLI tool → only once per application.
• It may be best to have the applicant fix things before further review.

For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues → .

For these applications, we need a project where, in at least the branch used for the application, most of the commits (if not all the commits) have been done from the person who applied.

The purpose of these applications is reviewing a project to understand what the person who applies understands about writing secure code that follows the Drupal coding standards and correctly uses the Drupal API. We do not review a project to understand what the project maintainers as a group understands about those topics.

A project where the commits have been done by more than one person cannot be used for these applications.

This application can only continue with another project where most of the commits (and preferable all the commits) have been done by the dinazaur.

Hello, literally 2.x branch contains all my code. I deleted whole 1.x version when took the module. And reworked it from scratch. So this one commit is literally whole module

Please check the Contributor analytics for the 2.x branch. You'll see the commits per user.

https://git.drupalcode.org/project/multistep_form_framework/-/graphs/2.x...

@vishal.madam

I believe the assertion is that https://git.drupalcode.org/project/multistep_form_framework/-/commit/dfc... while made on top of the code from 1.x, is a complete re-write, and any of the commits prior to it are not relevant. This would mean the “commit counts” are inaccurate and anything before they commit should be ignored.

I haven’t looked like by line to be sure it wasn’t just a file rename or that a large number of files were not changed.

Ideally 2.x would have been created as an “orphan” branch to make it more clear it was a code split however not strictly a requirement IMHO (and D.O prevents that from happening now)

Unless we can assert the above commit just renamed files, this should probably be allowed to continue into the process. Especially since #3406966: [1.0.x] Time Clock → has made it through the process and it originally started as all but a few lines of code could not be attributed to the applicant while this issue appears on cursory glance to have a sizable amount of changed line.

Setting back to NR on the grounds this needs an actual line by line review to assert that it isn’t the applicants own commits.

So here is a screenshot that shows commits in 2.x branch only.

And here are explanations of what is inside 2.x branch. My initial commit contains 1941 additions and 406 deletions. I've removed all code from 1.x branch. So the 2.x contains all my code.

Here is a link → to related Drupal.org project ownership issue where I explained why I'm doing such a change. I just didn't want to make another module on Drupal.org and took the obsolete module and reworked it from scratch.

I checked the commit linked on comment #6. I would not say it is just renaming files. (I apologize, I checked the linked commit yesterday, but I forgot to comment about this application which seemed fine for me.)

Changing the priority according to Application Review Timelines

The priority of applications that have been waiting for a review for more than three weeks is changed to Major.

Changing the priority according to Application review Timelines

The priority of applications that have been waiting for a review for more than eight weeks is changed to Critical.

The MultistepForm::prepareWizard should have it's parameters documented in the function doc comment.

Your README.md does not follow best practices (headings need to be uppercase and sections are missing). See https://www.drupal.org/node/2181737 → . Also, lines should be wrapped at 80 characters.

1. @branch is a wrong name for a branch. Release branch names always end with the literal .x as described in Release branches → .

2. Fix phpcs issues.

phpcs --standard=Drupal,DrupalPractice --extensions=php,module,inc,install,test,profile,theme,css,info,txt,md,yml multistep_form_framework/

FILE: multistep_form_framework/modules/multistep_form_framework_examples/src/Form/BuyBookStep/Description.php
--------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
--------------------------------------------------------------------------------
 54 | ERROR | No key specified for array entry; first entry specifies key
--------------------------------------------------------------------------------

FILE: multistep_form_framework/README.md
------------------------------------------------------------------------
FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 4 LINES
------------------------------------------------------------------------
 13 | WARNING | Line exceeds 80 characters; contains 89 characters
 16 | WARNING | Line exceeds 80 characters; contains 94 characters
 18 | WARNING | Line exceeds 80 characters; contains 194 characters
 21 | WARNING | Line exceeds 80 characters; contains 83 characters
------------------------------------------------------------------------

I am changing priority as per Issue priorities → .

This thread has been idle, in the Needs work state with no activity for several months. Therefore, I am assuming that you are no longer pursuing this application, and I marked it as Closed (won't fix).

If this is incorrect, and you are still pursuing this application, then please feel free to re-open it and set the issue status to Needs work or Needs review, depending on the current status of your code.

@solideogloria

The MultistepForm::prepareWizard should have its parameters documented in the function doc comment.

Drupal coding standards allow to omit documenting function parameters.

Your README.md does not follow best practices

Yeah, it does not. This module was created for developers only, site builders will never use it, hence I don't see reasons why I should change README format.

Drupal recommends the following README formatting →

@vishal.kadam

@branch is a wrong name for a branch. Release branch names always end with the literal .x as described in Release branches.

It is wrong and was created by the previous maintainer. From what I see it is not used as Release branch. And because of that, I think it is okay to keep it, cause I don't know why it was created in first place.

Fix phpcs issues.

I already answered about README, but I'd to quote README.md template → page.

Please note that the Drupal Coding Standards have not yet been updated to allow Markdown files, conversion should only be undertaken at the request of an existing project maintainer.

FILE: multistep_form_framework/modules/multistep_form_framework_examples/src/Form/BuyBookStep/Description.php
--------------------------------------------------------------------------------
FOUND 1 ERROR AFFECTING 1 LINE
--------------------------------------------------------------------------------
 54 | ERROR | No key specified for array entry; first entry specifies key
--------------------------------------------------------------------------------

I cannot reproduce it. I'm using latest (8.3.25) Drupal coder version

Actually, the Drupal coding standards → says:

Documenting functions is somewhat more complex than documenting other types of PHP language constructs, so they have their own coding standards:

• Each parameter of a function must be documented with a @param tag (see exceptions below).
• If a function has a return value, it must be documented with a @return tag (see exceptions below).
• If there is no return value for a function, there must not be a @return tag.
• For most functions (see exceptions below), summary lines must start with a third person singular present tense verb, and they must explain what the function does. Example: "Calculates the maximum weight for a list."
• Functions that are easily described in one line may be documented by providing the function summary line only (omitting all parameters and return value).

@avpaderno you're right. I thought that it was possible to omit parameters because the code sniffer allowed → to do it. There's a current discussion about " Allow omitting doxygen ... 📌 Allow omitting doxygen when type and variable name is enough Active " I suppose sooner or later they will allow omitting them as they did with constructors 🌱 Allow constructor methods to omit docblocks Fixed . But anyway it is not possible right now.

What is possible to do is to:

Omit @param and @return documentation for the standard parameters and return value (such as $form and $form_state. in Form-generating functions →

what apparently is a case, cause the only places where I omitted docs are for $form and $form_state params.

Changing the priority according to Application Review Timelines

The priority of applications that have been waiting for a review for more than three weeks is changed to Major.

I am changing priority as per Issue priorities → .

Looks good to me!

Thanks for your contribution, Nazar!

I updated your account so you can opt into security advisory coverage now.

Here are some recommended readings to help with excellent maintainership:

• Dries → ' post on Responsible maintainers
• Best practices for creating and maintaining projects →
• Maintaining a drupal.org project with Git →
• Commit messages - providing history and credit →
• Release naming conventions → .
• Helping maintainers in the issue queues →

You can find lots more contributors chatting on Slack → or IRC → in #drupal-contribute. So, come hang out and stay involved → !

Thanks, also, for your patience with the review process. Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review → . I encourage you to learn more about that process and join the group of reviewers.

Thanks to the dedicated reviewer(s) as well.

Automatically closed - issue fixed for 2 weeks with no activity.