Before approaching the Moodle plugins directory and submitting your plugin, you are encouraged to go through the checklists below and fix eventual issues with your plugin. Doing so will make the reviewer of your plugin happy :-) and may have impact on how long your plugin has to spend in the approval queue.
Meta-data
| [ ]
|
Plugin descriptions
|
Have a meaningful description of your plugin prepared in English. You will need a short concise description (just a sentence or two) and another elaborated one. It is encouraged to have the same info at the plugin record page and in its README file.
|
| [ ]
|
Code repository name
|
Provide a consistent experience for other Moodle developers and site administrators - follow the repository naming convention for Moodle plugins: moodle-{plugintype}_{pluginname}.
|
| [ ]
|
Source control URL
|
Facilitate sharing and further development of your open-source plugin - provide publicly accessible URL of your code repository. Github is a choice of most Moodle plugin developers.
|
| [ ]
|
Bug tracker URL
|
Encourage participation and have a place to report issues, bugs, make feature requests, or suggest other types of improvements. Both Moodle tracker and Github issues are common.
|
| [ ]
|
Documentation URL
|
Have a place where further documentation of your plugin will be located. Moodle docs is preferred location, Github wikis or even your own website will work, too.
|
| [ ]
|
Illustrative screenshots
|
Capture some screenshots of your plugin to help folks get an idea of what it looks like when installed. We will use these screenshots at more places in the plugins directory in the future.
|
| [ ]
|
Licensing
|
All files that implement the interface between the Moodle core and the plugin must be licensed under GNU GPL v3 (or later). Additional files contained in the plugin ZIP package (such as third party libraries used by the plugin, or included media) may eventually use other license as long as it is GPL compatible. Note that binary files violate GPL unless the source code is also included (e.g. Java classes or Flash).
|
| [ ]
|
Subscription needed?
|
If the plugin requires a third-party subscription based service, make sure the description states it very clearly. To allow the testing of the plugin functionality, prepare demo credentials (such as API keys etc) so that the approval team can use them to see the plugin in action.
|
Usability
| [ ]
|
Installation
|
Make sure the plugin installs smoothly from the ZIP package using the in-build plugin installation interface. If any non-standard post-installation steps are needed, make sure they are clearly listed in both plugin description and the README file.
|
| [ ]
|
Dependencies
|
If the plugin depends on another additional plugin, make sure it is clearly stated in the description and in the README file. Also declare the dependency explicitly in the plugin's version.php file.
|
| [ ]
|
Functionality
|
Test the plugin functionality with full developer debugging enabled. Make sure the code does not throw unexpected PHP warnings, notices or even errors.
|
| [ ]
|
Cross-DB compatibility
|
Test the plugin with multiple database engines supported by Moodle. At very least, the plugin is supposed to work with MySQL and PostgreSQL unless reasons are clearly explained in the description and the README file (such as the plugin is a wrapper for third-party DB specific utility). Data manipulation API helps you to ensure cross-db compatibility.
|
Coding
| [ ]
|
Coding style
|
It is encouraged to follow Moodle coding style and other coding guidelines. It's not always possible to achieve "all greens" in automated syntax checks (especially when third party libraries are involved) but you should aim to it. It helps others to read and understand your code (not only during the approval review).
|
| [ ]
|
Boilerplate
|
All files should contain the common boilerplate at the beginning with explicit GPL license statement. See the section Coding_style#Files for the template.
|
| [ ]
|
Copyrights
|
All files should contain the @copyright tag with your name. If you are re-using someone else's file, keep the original copyrights reference to the previous author and add your name as a copyright holder.
|
| [ ]
|
CSS styles
|
Make sure to use proper namespace via frankenstyle prefixes so that your style sheets can be safely concatenated with others. Use plugin specific CSS selectors to make sure that your styling does not accidentally affect other parts of Moodle outside your plugin scope.
|
| [ ]
|
Namespace collisions
|
Check that all your DB tables, settings, functions and classes are named correctly. Do not define functions in the global PHP scope without the valid frankenstyle prefix. See Coding style#Functions and Methods for details.
|
| [ ]
|
Settings storage
|
Check that your settings are stored in the table config_plugins and not in the main config table. This helps to avoid $CFG bloat and potential collisions. Use get_config() to pull the settings data out of the config_plugins table. In the file settings.php, the setting names are supposed to be plugintype_pluginname/settingname (note the slash) and not plugintype_pluginname_settingname or even just settingname. If you eventually need to change the settings yourself, use set_config().
|
| [ ]
|
Strings
|
Avoid hard-code texts in the code, always use get_string(). Just the English strings should ship with the plugin. All other translations are supposed to be submitted as contributions at [1] once your plugin is approved - see Translating plugins. Your code must not rely on trailing and leading whitespace in strings. The string file must be considered as pure data file with the syntax $string['id'] = 'value';. No other PHP syntax such as concatenation, heredoc and nowdoc is supported by the tools that we use when processing your strings (even if it may work in Moodle itself).
|
| [ ]
|
Security
|
Never trust the user. Do not access superglobals like $_REQUEST directly, use wrappers like required_param() with correct type declared to sanitize input. Always use placeholders in custom SQL queries (? or :named). Always check for the sesskey before taking an action on submitted data. Check for require_login(). Always check that the user has appropriate capabilities before displaying the widgets and before taking the actual action. Avoid using malicious functions like call_user_func(), eval(), unserialize() and so on, especially when they would be called with user-supplied data.
|
See also
