We, as MOD team at phpBB.com, get regulary the question how MPV works and how we work with it.
This probarly is asked because a lot people think its a major part of our validation. This is absolute not true. MPV is a tool to help us with the validation and to see any basic problems. We dont deny MODs because of MPV directly, but because MPV saw a problem and we checked and confirmed this by hand.
MPV itself works pretty simple. It are a bunch of tests, that are done at the code. For some parts this means a line by line check, for other parts this is a global check.
First the MODX file itself is checked. We need to make sure ofcourse its valid XML and MODX. This is 1 global check for all MODX files. In case this fails we cant read the content of the MODX file anymore, so cant validate it. Because of this a lot MODs are insta-denied because a simple mistake in the MODX file.
After that we get the php validation. This validation gives with some MOD authors a problem. Why? Because it cant detect if some functions are used valid.
Lets take MD5 as example. MD5 should not be used for password encryption. Because of this reason we decided to give in case of a md5 call a warning. This doesn’t mean using MD5 is disallowed. No, it means that it should not be used in certian cases. But a LOT MOD author directly think they should not use MD5 anymore. This is plain incorrect.
There are some more examples, like the IN_PHPBB check for certian files (Even if its still a good idea to include them!).
If you are using MPV, you should not forgot that its a automatic tool, and absolute not perfect. It helps you in detecting basic problems, nothing less, nothing more. We dont deny because MPV, we deny because we found a problem, that was detected by MPV but checked by hand. all deny reports will be the same in case we didnt have MPV.
MPV only makes sure we can have a first round of checks, to make sure there is at least a basic level of quality of a certian MOD. You should not just trust MPV that something is good, or something is bad.
A fail doesnt mean directly that we will deny the MOD. It doesnt mean directly that its wrong to use something. It means it might be wrong to use at that spot. If you think its a correct usage, just let it there, it might be correct. If we disagree, we ask in a lot of cases why you used it there. If you arent sure, you can always ask in MOD writers discussion if its correct or not. One of the MOD teammembers will answer your questions, and there will be no problem.