One of Moodle’s great strengths is how easy it is to write a plugin that extends functionality and share it with other Moodle users. While the core Moodle code base goes through a stringent quality check and review process, plugins are often written and maintained by a single developer. This presentation covers how you can perform a technical review on a plugin, the common mistakes made by plugin developers and how to spot them quickly, such as:
- SQL injection vulnerabilities.
- Missing authentication or authorizations checks.
- Trusting data submitted by end users.
- Frankenstyle naming convention.
The presentation will also cover the technical process undertaken when plugins are submitted to the moodle.org plugins directory and how you can contribute to this process.