forked from pkp/ojs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README-DEV
300 lines (251 loc) · 11.1 KB
/
README-DEV
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
====================
=== Coding Standards
====================
Contributing Code
_________________
The PKP team is happy to accept patches in the PKP Community Forum at
<http://forum.pkp.sfu.ca> or Github at <http://www.github.com/pkp>. If you
would like to have your patch included in the OJS codebase, we suggest
discussing it with the OJS team before implementation to ensure that it suits
upcoming development plans.
For code that is intended for inclusion in the main codebase:
* Pull requests against a current git clone are preferred; alternately, pull
requests against the most recent release version are acceptable. Patches will
also be accepted.
* Unless agreed with the development team, users should be able to toggle
contributed features between enabled and disabled with a single setting; the
system behavior should not be modified when the feature is disabled.
* The feature should be suitable for situations where very distinct journals are
hosted within the same deployment; i.e. settings should generally be journal-
level, not system-level.
* The design patterns used in OJS should be understood and adhered to.
* Localization standards should be maintained.
* Database IDs should be checked as in the current codebase.
* XSS (cross-site scripting) attacks should be checked as in the current
codebase.
* Contributors are responsible for writing code compatible with the primary
platforms listed in README.
* OJS management features should be kept in mind, such as upgrade and
installation; database schema information should be maintained in the
dbscripts/xml/ojs_schema.xml file for OJS-specific functionality and in
lib/pkp/xml/schema for functionality that can be shared across PKP apps; etc.
* The development team is happy to review contributed patches, but we have a
limited amount of time to spend integrating patches with the codebase or
modifying contributed code. If aspects of the code need work, we would rather
inform the author and have them perform the modifications.
For contributions that are distributed separately as patches or plugins:
* If contributors haven't met all the conditions above, they are welcome to
distribute additional features as patches or plugins. However, the OJS team
won't be able to provide support in this case.
* If the option is available, coding a feature as a plugin is the preferred
method. The OJS team is continuing to refine the plugin infrastructure and
welcomes discussion with plugin developers.
General Conventions
___________________
Editors
-------
* Tabs: Configure your editor to use tabs instead of spaces for indentation.
* Linefeeds: Your editor must save files using UNIX linefeed format (not DOS
CR/LF or Mac CR format).
* Ensure your files end with a linefeed if your editor does not automatically
add one.
Indentation style
-------------
* Always include braces even in cases where they are optional.
* Use K&R indentation style.
* For example:
if (condition) {
...
} else {
...
}
Naming Conventions
------------------
* Use descriptive names. One character names are only acceptable as index
variables in for loops.
* Variable and function/method names (excluding constructors) should start with
a lowercase letter and capitalize all other words.
E.g., $myVariableName; function myMethodName() { }
* Class names should start with a capital letter and capitalize all words.
E.g., MyClassName
* Constant names should be capitalized with words separated by an underscore. In
general, constant names should also be prefixed with the package/class name to
avoid collisions. E.g., ROLE_ID_MANAGER
Comments
--------
* PHPDoc/Javadoc-style commenting is encouraged. See <http://www.phpdoc.de/>
* For example:
/**
* My method.
* @param $foo string
* @return boolean
*/
function myMethod($foo) {
...
}
PHP Tags
--------
* Use the <?php ?> tags to enclose PHP code instead of the abbreviated <? ?>
form.
* Ensure that each opening "<?php" tag is followed by a closing "?>" tag (i.e.,
do not omit a trailing "?>" at the end of a file even though the PHP parser
does not strictly require it).
Quoting Strings
---------------
* Use single quotes (') instead of double quotes (") to quote strings unless the
string contains variables or escape sequences. Single quotes are slightly more
efficient since PHP does not have to perform variable interpolation.
Error Level
-----------
* Code must not produce any error or warning messages with the error_reporting
level set to E_ALL (this is the default level set in includes/driver.inc.php).
* This means using $array['key'] rather than $array[key], not using
uninitialized variables, etc.
* Note that this means that "@" should not be used haphazardly to suppress
error messages.
Global Variables
----------------
* Code should not rely on register_globals being enabled.
* GET/POST/Cookie variables should be accessed through the appropriate helper
function.
Other PHP Conventions
_____________________
* The inline form of if/else is acceptable for small statements (e.g.,
assignments) only. E.g., $foo = $bar ? 1 : 0;
* Use spaces between tokens. E.g., $foo = 1; $i > 0
* Compatibility with PHP per the README document is required. Appropriate
abstractions should be used around non-backwards compatible code (e.g., using
function_exists() to check for an available function and using an alternate
implementation if it does not exist).
* Traditionally we used static access to class methods a lot. These provide
a relatively easy to implement Singleton-like design pattern. They have two
important drawbacks though: static methods cannot be overridden which inhibits
clean OO design and they are notoriously difficult to unit test. That's why
we try to no longer introduce static method calls and refactor to object methods
where possible.
HTML/XML
--------
* HTML should be XHTML-compliant as much as possible. E.g., use "<br />" instead
of "<br>".
* Tag names should be lower case.
SQL
---
* Use spaces between tokens. E.g., "column = ?" instead of "column=?"
* Uppercase SQL keywords. E.g., INSERT, UPDATE, etc.
* Long SQL statements should be logically broken up into multiple lines.
* SQL INSERT statements should always specify the column names.
* For example:
INSERT INTO mytable (x, y, z)
VALUES (?, ?, ?)
* All SQL queries should be compatible with at least the versions of MySQL and
PostgreSQL supported by the application. Although vendor-specific SQL
expressions should be avoided, a record should be kept of any non-portable SQL
that does get used (e.g., by filing a bug report).
OJS Conventions
_______________
git
---
* A web interface to the git repository is located at <http://github.com/pkp>.
* A brief log message describing the changes made must be included with all git
commits.
* Whenever possible, git commit log messages should be prefixed with
"pkp/pkp-lib#ISSUENUM" to reference a git issue; see
<https://github.com/pkp/pkp-lib#issues>.
* Please consult http://pkp.sfu.ca/wiki/index.php/HOW-TO_check_out_PKP_applications_from_git
for instructions on setting up a development environment.
File Header
-----------
* PHP files should begin with a header similar to the following. Non-PHP files
should begin with a similar header adapted to the appropriate comment style.
/**
* @file /path/to/filename.inc.php
*
* Copyright (c) 2014-2017 Simon Fraser University
* Copyright (c) 2003-2017 John Willinsky
* Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
*
* @package PACKAGE
* @class CLASS
*
* DESCRIPTION.
*/
Database Queries
-----------
* SQL queries should use the ADOdb abstraction layer.
* SQL should use placeholders for variables.
* Explicit typecasts should be used where possible in variable replacements.
* For example:
$dbconn = DBConnection::getConn();
$result = $dbconn->execute('SELECT x FROM mytable WHERE y = ?', array($y));
$result = $dbconn->execute('INSERT INTO mytable (x, y) VALUES (?, ?)', array((int) $x, $y));
* Only portable, standards compliant SQL should be used - compatibility with
MySQL and PostgreSQL (versions as per README) is required. If database
specific logic cannot be avoided it should be abstracted into DBConnection or
ADOdb.
Direct Access Objects
---------------------
* DAO classes should be used to encapsulate all database calls.
* For example:
$sessionDao = DAORegistry::getDAO('SessionDAO');
* DAO classes are expected to handle date/datetime format conversion between the
database and PHP, and insertion ID retrieval for sequenced records;
abstractions are provided in the base DAO class.
Templates
---------
* HTML output in PHP code should be kept to a minimum.
* HTML output should come from the Smarty template abstraction layer.
* The template engine supports basic conditional logic and loops and can access
objects and arrays, but the complexity of the business logic used in templates
should be minimized.
* Basic template skeleton:
{**
* /path/to/filename.tpl
*
* Copyright (c) 2014-2017 Simon Fraser University
* Copyright (c) 2003-2017 John Willinsky
* Distributed under the GNU GPL v2. For full terms see the file docs/COPYING.
*
* DESCRIPTION.
*}
{assign var="pageTitle" value="user.userHome"}
{include file="common/header.tpl"}
...
{include file="common/footer.tpl"}
Localization
------------
* i18n strings are defined in locale/<locale_key>/locale.xml.
* Key names should be in the form "sectionname(.subsectionname)*.name".
E.g., "manager.setup.journalTitle"
* Use {translate key="my.key.name"} in templates to translate i18n keys.
* Use the String wrapper class in place of the built-in string
manipulation/regexp routines when handling data that could potentially be in
UTF-8 (e.g., user input, parsed user files, etc.).
Input Validation
----------------
* User input should be properly validated/escaped (do not rely on
magic_quotes_gpc being on or off).
* For example, in template forms:
<input type="text" name="title" value="{$title|escape}" />
* Retrieving user input:
$foo = $request->getUserVar('foo');
* Escaping habits in order of precedence:
- Manager's setup text fields: No escaping performed
- Abstracts, notes, comments, emails: {$field|strip_unsafe_html|nl2br}
- Database IDs safely fetched from DB: no escaping necessary.
- Mailing Address fields: {$mailingAddress|escape|nl2br}
- Biography fields: {$biography|escape|nl2br}
- Custom issue or article IDs in URLs: {$pageUrl}/.../{$customId|escape:"url"}
- Date fields: Use date_format.
- Comment fields: {$comment|strip_unsafe_html}
- Multi-line fields inside textarea tags: {$field|escape}
- Multi-line input fields that are filled in by the Manager or Site Administrator: {$field|nl2br}
- All other fields: {$field|escape}
Note that these should apply to parameters supplied to {translate key="..."} and
{mailto address="..."} calls, e.g
{translate key="my.key.takes.parameter" myParam=$myVar|escape}
Other Tips
----------
* Use $request->redirectUrl($url), or better yet, $request->redirect(...) for
HTTP redirects instead of header('Location: ...');
* For additional coding convention information, see the OJS Design Document
at <http://pkp.sfu.ca/ojs/OJSTechnicalReference.pdf>.