Thursday, November 19, 2009

ESAPI For PHP Project - call for help

The ESAPI for PHP project is always on the lookout for volunteers who are interested in contributing developer cycles. Right now, we’re looking for volunteers to help port ESAPI for Java EE version 1.4 to PHP version 5.2. Here’s what you’ll need to do, if you are interested.

Step 1: Subscribe to the ESAPI for PHP mail list

The first step is to subscribe to the ESAPI for PHP mail list. This is a different separate mail list than the main ESAPI mail list. You can subscribe to the ESAPI for PHP mail list here.

Step 2: Ask Mike for an assignment
The next step is to email Mike to introduce yourself and to ask for an assignment. “Mike” is Mike Boberski, the project manager for ESAPI for PHP. You can email Mike here.

Step 3: Provide Mike with your Google Account ID
The next step is to email Mike with your Google Account name. If you don’t have a Google Account, you’ll need one. ESAPI for PHP source code and documentation is hosted on Google Code here.

Step 4: Check out the latest project source code
The next step is to obtain the SVN client of your choice (such as TortoiseSVN) and point it at the project repository here.

Step 5: Check out the ESAPI for Java source code
The next step is to obtain the ESAPI for Java EE version 1.4 baseline, again using SVN. The ESAPI for Java EE version 1.4 baseline is here.

Step 6: Start coding!
The next step is to get to work! Thank you again for contributing your valuable developer cycles, we recognize and appreciate the value of your time. More details about the approach that we’re using can be found on the other side of this datasheet.

Step 7: Email the list with any questions
If in doubt, email the list with any questions or concerns as you work on the code. Please be patient if you don’t get a response right away. The development team that is working on ESAPI for PHP literally spans the globe, so depending on your location and whomever may have insight into a particular item, there may be a delay.

Step 8: Email the list weekly with your status
Mike sends out a project status email once a week. An archive of weekly status emails can be found here. Please email the ESAPI for PHP mail list with a brief summary of what you worked on during the past week, what you plan on working on the next, and any issues or requests for assistance. Please try to email your status by COB Thursday Eastern time (Mike is located in the greater Washington DC area).

The ESAPI for Java EE is “the” design

Basically, we’re going interface by interface, class by class, line by line through the ESAPI for Java EE code and translating Java language constructs into PHP version 5.2 statements. The only differences between the code should be language‐specific differences. In certain instances however, a solution that is unique to PHP may be required. For example, the ESAPI for PHP configuration file is an XML file, compared to the Java version’s properties file.

In such instances, please email the list with your proposal BEFORE continuing on. Basically, you need to get Mike’s OK, after making sure to follow any guidance or technical direction provided by Andrew. Mike is, in addition to managing tasking, reviewing code and tests to ensure quality and consistency, and to watch for the introduction of any new dependencies. “Andrew” is Andrew van der Stock, the technical lead and the overall project lead. You can email Andrew here.

Check this checklist, before you check in code
Please make sure to run through this checklist BEFORE you commit code:
  1. You have created tests for your new or updated code in /test
  2. You have run /test/AllTests.php and have verified that your tests all run successfully
  3. You have run /test/AllTests.php and have verified that your new code hasn’t broken any existing code
  4. You have updated the phpdoc to match the ESAPI for Java EE javadoc, and added yourself to the attributions
  5. Please make sure to run through this checklist AFTER you commit code:
  6. You have emailed the ESAPI for PHP mail list to let them know what code has been checked in, and what the new or modified code is or does.

No comments: