Peer reviewing checklist
These are points to consider while peer-reviewing issues. They can also be applied when solving issues, to reduce the likelihood of problems during peer-review and integration.
To allow the community of Moodle developers to work together, conventions should be followed.
- The code is easy to understand and, where it isn't, comments have been provided.
- Variables are named correctly (all lower case, no camel-case, no underscores).
- Functions are named correctly (all lower case, no camel-case, underscores allowed).
- PHP DocBlocks have been updated and adhere to coding style guide.
- Where functions are being removed, the Deprecation process is followed.
- The code doesn't use deprecated functions.
- $_GET, $_POST, $_REQUEST, $_COOKIE, and $_SESSION are never used.
See the Coding style guide for details.
Unnecessary whitespace changes can cause conflicts when committing code.
- there are no unnecessary blank lines in the new code;
- blank lines do not contain spaces;
- there are no unnecessary changes to whitespace in other areas on the file;
Output needs to be controlled by renderers to achieve consistency and correct application of themes.
- output renders are used to generate output strings, including HTML tags;
- HTML output is valid XHTML;
- no inline styles have been used in HTML output (everything has to be in CSS);
- CSS has been added to the appropriate CSS files (base, specific area, sometimes canvas); and
- the code doesn't use buffered output unless absolutely necessary.
feedback any notices (E_STRICT, etc) seen into the MDL.
To achieve appropriate internationalisation of Moodle, language strings must be managed correctly.
- new language strings are named correctly (all lower case, no camel-case, underscores are permissible in some cases);
- language strings are used instead of hard-coded strings for text output;
- language strings have not been removed or renamed in stable branches (permitted only in master); and
- AMOS commands have been specified when moving, copying, or deleting language strings.
DB calls are the greatest performance bottleneck in Moodle.
If there is SQL code you can test quickly then do so.
- there are minimal DB calls (no excessive use of the DB); and
- the code uses SQL compatible with all the supported DB engines (check all selected fields appear in an 'order by' clause).
It is the developer's responsibility to test code before integration. Issues should not be sent for peer review without tests so that the peer reviewer can assess their quality and use them to consider the scope of the issue.
- there are specific testing instructions that state how, as well as what, to test. Please ensure that the testing instructions are in the correct format: Behat gherkin;
- new unit tests have been added when there is a change in functionality; and
- unit tests pass for related areas where changes have been made.
The user community relies on Moodle being responsibly secure.
- user login is checked where an identity is needed;
- sesskey values are checked before all write actions where appropriate (some read actions as well);
- capabilities are checked where roles differ; and
- if the issue itself is a security issue, the security process is being followed.
- Ensure that the fix is not available in a public repository (ie. a personal Github account); stand-alone patches should be provided instead.
- The issue will not be integrated until just before the next minor version release.
Work does not stop when code is integrated.
- Appropriate labels have been added when there has been a function change, particularly
- qa_test_required (significant functional change),
- docs_required (any functional change, usually paired with ui_change),
- dev_docs_required (any change to APIs, usually paired with api_chage),
- ui_change (any functional change, usually paired with docs_required, except ui_change remains permanetly), and
- api_change (any change to APIs that devs will need to know about, usually paired with dev_docs_required, except api_change remains permanetly).
- the commit message includes the tracker issue number and ideally the component (ideal format is
MDL-xxxx Component: Commit message);
- the commit message makes sense and describes what is going on in the patch. (see Commit_cheat_sheet for some guidance)
- the Git history is clean and the work has been rebased to logical commits; and
- the original author of the work provided as a patch has been given credit within the commit (as author of in the commit message if changes were made).
- the code seems to solve the described problem completely within its reported scope (and further issues have been created to resolve remaining parts or further refactoring);
- the code makes sense in relation to the broader codebase (look at the whole function, not just the altered code); and
- the developer has searched for and fixed other areas that may also have been affected by the same problem.
Acceptable check-marks are Y (for yes), N (for no) or - (for not applicable). All N check-marks should be accompanied by a comment.
 Syntax  Output  Whitespace  Language  Databases  Testing  Security  Documentation  Git  Sanity check