Home

Code review (node)

Coder found 1 projects, 2 files, 2 normal warnings
Coder provides helpful hints without false positives, but offers no guarantee for creating good code. You are the final arbitrar. If in doubt, read the Drupal documentation (see review links below and api.drupal.org).
Use the Selection Form to select options for this code review, or change the Default Settings and use the Default tab above.
modules/node/node.module

node.module

  • severity: normalLine 972: string concatenation should be formatted without a space separating the operators (dot .) and a quote
            $select2 = implode(' + ', $ranking) . ' AS score';
  • severity: criticalclick to read moreLine 2791: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
        $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
    Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));
  • severity: criticalclick to read moreLine 2903: In SQL strings, Use db_query() placeholders in place of variables. This is a protential source of SQL injection attacks when the variable can come from user data. (Drupal Docs)
        $sql = "SELECT COUNT(*) FROM {node_access} WHERE nid = 0 $grants_sql AND grant_view >= 1";
    Explanation: Use %s and %d variable substitution. When inserting an array of values use $placeholders = implode(',', array_fill(0, count($args), "'%s'"));
modules/node/content_types.inc

content_types.inc

  • severity: normalLine 115: Arrays should be formatted with a space separating each element and assignment operator
        '#title' =>t('Submission form'),
  • severity: normalLine 153: Arrays should be formatted with a space separating each element and assignment operator
        '#title' =>t('Workflow'),