Performing code reviews on Moodle plugins – MoodleMoot Global 2024 Skip to content
Day 1 Presentation

Performing code reviews on Moodle plugins

One of Moodle’s great strengths is how easy it is to write a plugin that extends functionality and share it with other Moodle users. While the core Moodle code base goes through a stringent quality check and review process, plugins are often written and maintained by a single developer. This presentation covers how you can perform a technical review on a plugin, the common mistakes made by plugin developers and how to spot them quickly, such as:

  • SQL injection vulnerabilities.
  • Missing authentication or authorizations checks.
  • Trusting data submitted by end users.
  • Frankenstyle naming convention.

The presentation will also cover the technical process undertaken when plugins are submitted to the plugins directory and how you can contribute to this process.

Do you want to hide this popup?