- Issue created by @manishsaharan29497
- 🇮🇳India vishal.kadam Mumbai
Thank you for applying!
Please read Review process for security advisory coverage: What to expect → for more details and Security advisory coverage application checklist → to understand what reviewers look for. Tips for ensuring a smooth review → gives some hints for a smoother review.
The important notes are the following.
- If you have not done it yet, you should run
phpcs --standard=Drupal,DrupalPracticeon the project, which alone fixes most of what reviewers would report. - For the time this application is open, only your commits are allowed.
- The purpose of this application is giving you a new drupal.org role that allows you to opt projects into security advisory coverage, either projects you already created, or projects you will create. The project status won't be changed by this application and no other user will be able to opt projects into security advisory policy.
- We only accept an application per user. If you change your mind about the project to use for this application, or it is necessary to use a different project for the application, please update the issue summary with the link to the correct project and the issue title with the project name and the branch to review.
To the reviewers
Please read How to review security advisory coverage applications → , Application workflow → , What to cover in an application review → , and Tools to use for reviews → .
The important notes are the following.
- It is preferable to wait for a Code Review Administrator before commenting on newly created applications. Code Review Administrators will do some preliminary checks that are necessary before any change on the project files is suggested.
- Reviewers should show the output of a CLI tool → only once per application.
- It may be best to have the applicant fix things before further review.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues → .
- If you have not done it yet, you should run
- Status changed to Needs work
5 months ago 11:17am 26 January 2024 - 🇸🇮Slovenia slogar32
Hey, following is my module review:
use Drupal\Core\Render\ElementInfo;This class is not found neither on latest Drupal 9 and on latest Drupal 10 releases. This will results in a PHP error, since you then injext this into the class in the formatted. You also have the constructor function define twice. In both of those constructors the parent constructor is not called.
/** * ElementInfo This property stores information about the element. * * @var mixed */ protected $elementInfo; /** * MyCustomClass constructor. * * @param \Drupal\Core\Render\ElementInfo $elementInfo * The element info service. */ public function __construct(ElementInfo $elementInfo) { $this->elementInfo = $elementInfo; } /** * The element info manager. * * @var \Drupal\Core\Render\ElementInfoManagerInterface */ protected $elementInfo; /** * Constructs a TextSummaryOnlyFormatter object. * * @param \Drupal\Core\Render\ElementInfoManagerInterface $elementInfo * The element info manager. */ public function __construct(ElementInfoManagerInterface $elementInfo) { $this->elementInfo = $elementInfo; }- The create function is also not compatible with the parent class
/** * {@inheritdoc} */ public static function create(ContainerInterface $container, $plugin_id, $plugin_definition, array $context) { return new static( $container->get('element_info') ); } - There is already a contrib module which does basically the same thing. The only difference, that I see here, that you added some extra logic with the trim summary length. -> Text Summary Formatter →
- I also don't think, that there is enough code to for security opt-in approval in this module, see https://groups.drupal.org/node/195848. This is debatable though.
- Status changed to Needs review
5 months ago 12:16pm 26 January 2024 - 🇮🇳India manishsaharan29497 New Delhi
Hi @slogar32, Very thanks for your review, I don't know how I missed this part, but I apologize for pushing the buggy code, actually, this happened during merging someone MR. Right now I have updated the code and pushed it to the same branch and tested it thoroughly.
/** * The element info manager. * * @var \Drupal\Core\Render\ElementInfoManagerInterface */ protected $elementInfo; /** * Constructs a TextSummaryOnlyFormatter object. * * @param string $plugin_id * The plugin_id for the formatter. * @param mixed $plugin_definition * The plugin implementation definition. * @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition * The definition of the field to which the formatter is associated. * @param array $settings * The formatter settings. * @param string $label * The formatter label display setting. * @param string $view_mode * The view mode. * @param array $third_party_settings * Any third party settings. * @param \Drupal\Core\Render\ElementInfoManagerInterface $elementInfo * The element info manager. */ public function __construct($plugin_id, $plugin_definition, FieldDefinitionInterface $field_definition, array $settings, $label, $view_mode, array $third_party_settings, ElementInfoManagerInterface $elementInfo) { parent::__construct($plugin_id, $plugin_definition, $field_definition, $settings, $label, $view_mode, $third_party_settings); $this->elementInfo = $elementInfo; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { return new static( $plugin_id, $plugin_definition, $configuration['field_definition'], $configuration['settings'], $configuration['label'], $configuration['view_mode'], $configuration['third_party_settings'], $container->get('element_info') ); } - 🇮🇳India rushiraval
I am changing the issue priority as per issue priorities → .
if ($this->getSetting('trim_summary') == TRUE && !empty($item->summary)) {You can remove the
== TRUEhere.Otherwise it looks pretty good to me.
Also, if you could remove the words "Summary Only" at the top of the module page on Drupal.org, I think it'd look cleaner:
Summary Only This module provides a field formatter that helps to render only summary value of any field having type "text_with_summary".I will also note that this module is extremely small, having only 3 files (only one of them a PHP file), and I'm not sure if this is enough code to properly demonstrate someone's ability to follow coding standards and create secure code.
- Status changed to Needs work
about 1 month ago 6:10pm 26 May 2024 - 🇮🇹Italy apaderno Brescia, 🇮🇹
To last comment, I am also wondering:
- Is there any reason to trim the summary, which by definition is a manually-trimmed version of the full content?
- The Drupal formatter already shows the summary when it is set. What is the purpose of a Summary only formatter?
class TextSummaryOnlyFormatter extends FormatterBase implements TrustedCallbackInterface { /** * ElementInfo This property stores information about the element. * * @var mixed */ protected $elementInfo; /** * MyCustomClass constructor. * * @param \Drupal\Core\Render\ElementInfo $elementInfo * The element info service. */ public function __construct(ElementInfo $elementInfo) { $this->elementInfo = $elementInfo; }There must be an empty line after the class declaration.
The$elementInfotype is notmixedand its description does not need to start with ElementInfo nor This property stores.
The constructor description seems to be for the wrong class.Also, do you see anything wrong in the following code?
/** * MyCustomClass constructor. * * @param \Drupal\Core\Render\ElementInfo $elementInfo * The element info service. */ public function __construct(ElementInfo $elementInfo) { $this->elementInfo = $elementInfo; } /** * The element info manager. * * @var \Drupal\Core\Render\ElementInfoManagerInterface */ protected $elementInfo; /** * Constructs a TextSummaryOnlyFormatter object. * * @param \Drupal\Core\Render\ElementInfoManagerInterface $elementInfo * The element info manager. */ public function __construct(ElementInfoManagerInterface $elementInfo) { $this->elementInfo = $elementInfo; }/** * {@inheritdoc} */ public static function defaultSettings() { return [ 'trim_summary' => FALSE, 'trim_length' => '600', ] + parent::defaultSettings(); }It is not really necessary to use two different settings:
trim_lengthis sufficient, when 0 is used to mean no trigger needs to be performed (but then see my previous comment on trimming a value that is already manually trimmed).