[Doc] How to Validate a MOD

This forum is now closed as part of retiring phpBB2.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

This forum is now closed due to phpBB2.0 being retired.
Nuttzy99
Former Team Member
Posts: 4917
Joined: Fri Aug 03, 2001 7:09 am
Location: the 11th dimension
Contact:

[Doc] How to Validate a MOD

Post by Nuttzy99 » Tue Mar 23, 2004 8:59 pm

How to Validate a MOD
v0.2.0
03/23/04

phpBB.com provides a service that, to our knowledge, is provided by no other phpBB site or any modification site of any forum product for that matter. The primary goal of validation is to do our best in providing secure, compliant, and working MODs to the public. The secondary goal is to validate MODs as quickly as possible while maintaining a high level of quality validation. Therefore these steps seek to optimize our every move to prevent needlessly getting bogged down. Here's the general outline followed by more in-depth explanations:
  • Download the MOD from the phpBB.com MODs Database and extract if necessary.
  • Quick check of The Obvious reasons to deny
  • Once created, a time-saver screening of the MOD with an Automatic Parsing proggie
  • Cut to the chase with the Insta-Deny Checklist
  • Targeted security checks and calculate the Security Score
  • Functionality Tests will justify if we should check or reject before having to manually inspect.
  • The big time hit - Manual Inspection of every line
  • Ensure the DB post entry lists any Prerequisites and Formatting is apporpriate
  • Surving all that.... release it!!
The Obvious:
These are the things that go without saying... but not for some people so I guess we gotta say 'em ;) If at a glance these requirements are not met, then Insta-Deny:
  • pack - Submissions can be .zip and .mod only
  • script - Must have a MOD (.mod or .txt) file included
  • preMOD - PreMOD'ed files can optionally be supplied only if kept separate from the base MOD and there are clear instructions for using them. However, there must be a MOD script for those not wanting to use the preMOD'ed files
  • ownership - MODs may only be submitted by the author (or whoever is now responsible for the MOD)
  • phpBB ver - Must be for current phpBB version on the date submitted
  • systems - Appear to use DBAL, templates, lang system
Automatic Parsing:
This is vaporware right now, but we hope to have a simple proggie that will scan files to make sure the following check out. Doesn't necessarily mean Insta-Deny... but probably :twisted: But until this proggie exists, it is unrealistic to ask that we spend the time to enforce some of these.
  • PHP - 3.0.9 is the lowest acceptable so PHP4+ commands need to be axed
  • MySQL - some folks skip DBAL and use straight MySQL commands and that is a no-no (unless there is a reason)
  • English - make sure English lang files are not hardcoded into paths
  • subSilver - make sure subSilver files are not hardcoded into paths
Insta-Deny Checklist
The Insta-Deny Checklist makes use of MOD Team tools that can automatically discover problems in MODs. The comphrensive guidelines can be found here. The general steps are:
  • validator - run through the MOD Validator
  • install - install with EM
Security Checks and Security Score
This is the first real time hit, but its not too bad. Mostly performing a straight search for key elements. The comphrensive guidelines can be found here.
  • check files - checks on PHP files
  • check MOD - check on MOD script
  • score - if passed, assign score
Functionality Tests
Plain and simple the MOD needs to work. Sure, it might not be as feature complete as one might like, but it's gotta work!
  • test the functionality of all effected files under as many scenarios as is feasible
  • check that DB updates/access is working smoothly
Manual Inspection
This is where all the times goes. Must check every line of code... blah!!! :evil: It is critical to make this process as efficient as possible and to reduce the number of items if possible.
  • coding - use the Coding Guidelines when applicable
  • policies - make sure the MOD script uses all acceptable policies and procedures (tutorial, BBCode, etc.)
  • SQL - scrutinize each SQL statement, especially insert and updates (mostly done already in the security check
  • admin - Make sure there is no unwarranted access to ADMIN/MOD permissions, when they are not warranted/expected.
  • bugs - look for any obvious bugs, especially in loops. No need to go crazy though.
  • Eng-SS - tpl files must use subSilver and the lang must be English. Other styles and langs can be additionally supplied though.
  • text - no hard coded text in tpl files, use the lang system
  • HTML - HTML in php files should be scarce, use the tpl files
Prerequisites and Formatting
Phew! The MOD is on the verge of release!
  • format - no obscenities or garrish formatting
  • prereqs - for example: specific DB only, gd graphics libraries, adjusting server permissions
  • notes - any obvious flaws; any author notes
-Nuttzy :cool:
Last edited by Nuttzy99 on Tue Mar 23, 2004 9:05 pm, edited 3 times in total.
SpellingCow.com - Free spell check service for your forums or any web form!
No Support via PM please!

wGEric
Former Team Member
Posts: 8805
Joined: Sun Oct 13, 2002 3:01 am
Location: Friday
Name: Eric Faerber
Contact:

Post by wGEric » Mon Aug 16, 2004 5:51 pm

Releasing this to the public.

This is how we validate MODs. If MOD Authors could run their own MOD through our validation process before submitting, chance are, your MOD won't be denied. This means, more of your MODs will be approved to go in our Database.
Eric

User avatar
battye
Extension Customisations
Extension Customisations
Posts: 10933
Joined: Wed Feb 11, 2004 11:02 am
Location: Australia
Contact:

Post by battye » Tue Aug 17, 2004 12:19 am

If you find something wrong, do you Pm or Email the author?
Customisations Team Member

ycl6
Translator
Posts: 5696
Joined: Sat Feb 15, 2003 10:35 am
Location: Taiwan
Contact:

Post by ycl6 » Tue Aug 17, 2004 12:30 am

As long as you let the author know, no matter by what means would be fine I suppose

~Mac

User avatar
A_Jelly_Doughnut
Former Team Member
Posts: 34457
Joined: Sat Jan 18, 2003 1:26 am
Location: Where the Rivers Run
Contact:

Post by A_Jelly_Doughnut » Tue Aug 17, 2004 12:50 am

Welcome to the MOD team ycl6 :)

Battye: assuming you aren't a MOD team member, I agree with ycl6...I'd probably post it in the beta dev topic. If you're a mod author, you'd be getting something via PM form the MOD team, but you probably already knew that :)
A Donut's Blog
"Bach's Prelude (Cello Suite No. 1) is driving Indiana country roads in Autumn" - Ann Kish

User avatar
battye
Extension Customisations
Extension Customisations
Posts: 10933
Joined: Wed Feb 11, 2004 11:02 am
Location: Australia
Contact:

Post by battye » Tue Aug 17, 2004 7:32 am

Sorry, it may have been interpreted wrongly...
I was asking a Nuttzy or Mod Team member if they would email or pm the author to tell them something was wrong with their MOD and why it couldn't be validated.
Jelly Doughnut wrote: If you're a mod author, you'd be getting something via PM form the MOD team, but you probably already knew that :)


That's what I mean, I made my first phpBB mod like, a few days ago, and submitted it to the database yesterday. In the event it wasn't validated I was curious as to whether I would be notified :)

Thanks :wink:
Customisations Team Member

ycl6
Translator
Posts: 5696
Joined: Sat Feb 15, 2003 10:35 am
Location: Taiwan
Contact:

Post by ycl6 » Tue Aug 17, 2004 7:38 am

Yes, reason of denial will be provided inside the PM that was sent to MOD author to notifiy their MOD was denied.

~Mac

User avatar
GPHemsley
Registered User
Posts: 1475
Joined: Fri Apr 18, 2003 3:12 am
Location: Long Beach, NY
Name: Gordon Hemsley
Contact:

Post by GPHemsley » Tue Aug 17, 2004 8:20 am

Not to mention that MODs are pretty backed up in the MOD DB and newly submitted MODs won't be even looked at for at least a month, maybe more. :wink:

Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham » Tue Aug 17, 2004 11:36 am

This has been released to hopefully speed things up a bit :) If a MOD Author runs through the same checks before they submit a MOD to the database it should reduce the number that get denied and have to get resubmitted over and over. Of course it does not mean it will automatically get through either, just make it more likely.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

User avatar
battye
Extension Customisations
Extension Customisations
Posts: 10933
Joined: Wed Feb 11, 2004 11:02 am
Location: Australia
Contact:

Post by battye » Tue Aug 17, 2004 12:15 pm

Graham wrote: This has been released to hopefully speed things up a bit :)


It's working very well! :D :D :D :D :D
Customisations Team Member

TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost » Sat Mar 12, 2005 8:16 pm

I was looking at the changelog for 2.0.13, and noticed...
Minimum requirements raised to PHP 4.0.3 or above due to fixing vulnerability issues breaking PHP3 compatibility.

If I'm interpreting this correctly, phpBB 2.0.13 no longer runs on PHP3. Should MODs now be expected to?

If this is an incorrect interpretation, then there are a few things that I've noticed, recently, that break PHP3 compatability in MODs whose descriptions make no note of the fact that they require PHP4.

For example, accessing individual characters in strings by doing something like $string{$num} (where $num is whatever location you're interested in), doesn't work in PHP3, even though php.net says that it is the better way to do things. The alternative - $string[$num] - is depricated in PHP4, but does work. That's what should be used, if compatability with PHP3 is to be used.


Also, in PHP4, if $array[0] = "test", then "{$array[0]}" will be "test". In PHP3, it'll be "{test}". Further, in PHP3, if $array[0] = "test", then "$array[0]" will be "test", whereas in PHP4, it'll be "$array[0]".

To remedy this, you'll have to do a concatenations where you would have otherwise done variable substition.

I don't know how many MODs this affects, but I do know of a few (ones I've done, heh).

Graham
Former Team Member
Posts: 8462
Joined: Tue Mar 19, 2002 7:11 pm
Location: UK
Contact:

Post by Graham » Sat Mar 12, 2005 9:07 pm

As wGEric said in another message earlier today, he will be clarifying this in the next few days.
"So Long, and Thanks for All the Fish"

phpBB Useful Links: Knowledge Base | Userguide | Forum Search | MOD Database | Styles Database
My Links: Blog!

TerraFrost
Former Team Member
Posts: 5957
Joined: Sun Dec 26, 2004 3:40 am
Location: Austin, TX

Post by TerraFrost » Sat Mar 12, 2005 9:43 pm

Looked at wGEric's recent post history, and found the post you were refering to:

http://www.phpbb.com/phpBB/viewtopic.php?p=1473626

Thanks for letting me know about it :)

User avatar
mosheen
Registered User
Posts: 259
Joined: Wed Apr 06, 2005 12:16 am
Location: Asheville, NC
Contact:

Post by mosheen » Tue Sep 20, 2005 1:38 pm

I have been looking for an answer to this one, reading through the mod docs... Forgive me if I have missed something.

How should the submission for validation process work for a mod version that, when released, will be zipped up with several other mod add-ons, like compatability mods, optional features, etc?

Do each of the add-ons need to be submitted as a separate mod for validation?

Any special notation you need on the mod submission form?

Thanks!
James
Interested in Random Avatars for your board? Click here
Need to Enable Avatars By Post Count? Click here
Want HTML in your polls? Click here

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll » Tue Sep 20, 2005 1:43 pm


Post Reply

Return to “[2.0.x] MOD Writers Discussion”