I could give you a list of developers I would trust but I'm not going to do it public.
These points are totally valid, yet also concerning to me - especially being under the "are learning" category (and hopefully "get better" category).I agree with Robbo that this is highly dependent by whom it was coded. Some addon coders can be trusted blindly, because they know exactly what they are doing (Syndol for example), some coders can simply be disregarded. Most are learning and get better with each addon.
I have before posted about poor code and it got deleted because I didn't think of their feelings enough or some ****. Basic things which should never be done which make extending impossible. I'll put it this way, there are only like 5 peoples code I have seen here that has been by someone who knows OOP, MVC and basic code design.These points are totally valid, yet also concerning to me - especially being under the "are learning" category (and hopefully "get better" category).
Out of interest, do you guys contact authors who you feel are producing work that isn't up to scratch?
I'd much rather someone tap me on the shoulder and say "you know that add-on you've made is crap and full of holes" than blindly continue releasing work that isn't up to par.
Hmm, well, personally I don't care about my feelings.I have before posted about poor code and it got deleted because I didn't think of their feelings enough or some ****. Basic things which should never be done which make extending impossible.
Generally if you look at the code of an add-on and it looks similar to XenForo code it can probably be trusted. There are a lot of terribly made add-ons here, I would say at least 70%. Simply because people have come from poor OO or procedural platforms and don't have a clue about code design.Ermm... I know that using OO and MVC only doesn´t mean any security. That is just a way to do things like you said. I meant more like "use the right tool for the right job". So, if you are coding an add-on for XenForo, then use all XenForo has to offer. Use their style to do things, so that you can minimize your own flaws. In no way any code is 100% secure, that simply doesn´t exist
And I was talking about only in the PHP level indeed. I agree about proper escaping with JS.
Excellent point.The mistake we see very often is that addon developers do not think about scalability at all.
Addons work well on their small test systems with 2 users and are released proudly.
If someone uses it at a live web site with more than some occasional users the forum breaks down completely.
It is not the count of queries that matters that much. It is more the type of query that matters. If you do queries joining the whole user and the whole post table each time your addon is called you create a DoS at each installation with more than a couple of congruent users... Not only at big boards..Excellent point.
But .... does anyone know ANY examples where this was true ?
I think the Tags addon might qualify, but that seemed to have 1 query per tag, which was of course going to be an issue (predictable).
Any other addons with a scalability issue ?
I certainly think the Big Boards need to have their own list of scalable addons.