java2dev Posted September 28, 2016 Share Posted September 28, 2016 Hi all, I've developped an Addon and sent to prestashop to check, first time I've received a mail talking about prestashop standars using the validator and issues with sql injections to use pSQL secure Presta methode. The correction have been done and the addon tested in the validator, everything seems ok, but I've received a seconde mail (after 2 Months calling and contacting the support center) with the same content talking about standards and sql injection, is not specific at all to know which thing is wrong and my case is pending since 3 months without any advance. Anyone could help me with this or any contact support who could check that with me. Thanks in advance guys. Link to comment Share on other sites More sharing options...
Krystian Podemski Posted September 28, 2016 Share Posted September 28, 2016 Hi, you should share here at least one block of code with some SQL queries to allow us to help you and check the code Link to comment Share on other sites More sharing options...
java2dev Posted September 28, 2016 Author Share Posted September 28, 2016 Using the validator I have some red that doesn't impact the addon work. There's all : Structure : config_es.xml should be removed Errors (2) : The use of function file_get_contents() is forbidden; use Tools::file_get_contents() instead Optimizations : - Usage of "$this" in static methods will cause runtime errors - Undefined Variable (I have some variables in local). Licences : - There must be exactly one blank line after the file comment (there is a comment like this /*) - Missing license header (the file start with <?php) Standars : Spaces, etc... After receiving the first mail I correct almost all red issues during two days. Thanks for the answer @Krystian. Link to comment Share on other sites More sharing options...
Krystian Podemski Posted September 28, 2016 Share Posted September 28, 2016 Hmmm, you know, you can easily replace your file_get_contents function with the Tools::file_get_contents, i know that it may look weird and you can ask "why i need to change native php function to some function provided by PrestaShop?" - the answer is: to make sure that if something will change in PHP world you don't need to do anything, you just need to wait for a PrestaShop update where Tools::file_get_contents would be changed. config_es.xml, yeah, you need to make sure that your package doesn't contains any config_LANG_ISO.xml - Usage of "$this" in static methods will cause runtime errors This is bad and you should definitely change this. Overal you need to make green all: - errors - security - structure to pass validation. About security, pSQL is not everything, you need to remember about variables casting etc. Link to comment Share on other sites More sharing options...
java2dev Posted September 28, 2016 Author Share Posted September 28, 2016 ok, thanks again. Using "Tools::file_get_contents" I've to change some other things in the code or only that adding the Function Tools and it will work without any issue? The config_es.xml containe the module details name, version, description, uninstall, etc. I'll search more details for the $this to resolve it. I have security in green, sounds good. Link to comment Share on other sites More sharing options...
Krystian Podemski Posted September 28, 2016 Share Posted September 28, 2016 You don't need config_es.xml, this file is generated automatically, you only need to have config.xml. About $this. You can't use $this in function which is static, i mean: public static function something() { return 'Something: '.$this->varFromObject; } You can't do this because $this is for an Objects. Link to comment Share on other sites More sharing options...
java2dev Posted September 28, 2016 Author Share Posted September 28, 2016 I got it for $this. Thanks. Regarding the config_es.xml you mean the name file it should be "config.xm" or you mean the content? Link to comment Share on other sites More sharing options...
Krystian Podemski Posted September 28, 2016 Share Posted September 28, 2016 You can delete config_es.xml and leave only config.xml, you should have one. Link to comment Share on other sites More sharing options...
java2dev Posted September 29, 2016 Author Share Posted September 29, 2016 There's many issues "Variable $whathever is undefined" when I add "global $whatever" the new error generated is "Use of globals is forbidden" so I don't know really how to resolve this kind of issue. Link to comment Share on other sites More sharing options...
Krystian Podemski Posted September 29, 2016 Share Posted September 29, 2016 Uhh, you know, these are PHP programming basics, you just don't need and shouldn't use globals these days. Link to comment Share on other sites More sharing options...
roja45 Posted September 29, 2016 Share Posted September 29, 2016 yup, if you want to sell addons for Prestashop good for you, but if you're serious about it, spend some time to learn PHP first. The forum is very helpful when trying to understand how Prestashop works, but it doesn't sound like you should be submitting your modules, you certainly shouldn't be using the approval process to debug your modules, you just consume the time of the people approving modules for those of us that submit modules in a working state. It's already a slow enough process. If you getting errors with the validator, and can't justify them, don't submit it. I don't understand why they don't make the output from the validator a necessary input for submission, and improve the validator, and speed up approvals.. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now