From 7d5ac68891653dd23eba2b57aae0259cf555b91d Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:57:55 +0100
Subject: [PATCH 01/11] Update SUMMARY.md

---
 SUMMARY.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SUMMARY.md b/SUMMARY.md
index e69de29..794a0b2 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -0,0 +1,5 @@
+# Summary
+
+* [Introduction](README.md)
+* Security Guidelines
+

From 9582caed60169c9c315785e24c6ce083aa85cd96 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:58:05 +0100
Subject: [PATCH 02/11] Create security_guidelines.md

---
 security_guidelines.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 security_guidelines.md

diff --git a/security_guidelines.md b/security_guidelines.md
new file mode 100644
index 0000000..65a6360
--- /dev/null
+++ b/security_guidelines.md
@@ -0,0 +1,2 @@
+# Security Guidelines
+

From 5238ce3585145188d8e59c6d71436d62fb759d12 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:58:07 +0100
Subject: [PATCH 03/11] Update SUMMARY.md

---
 SUMMARY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SUMMARY.md b/SUMMARY.md
index 794a0b2..a97c0ea 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -1,5 +1,5 @@
 # Summary
 
 * [Introduction](README.md)
-* Security Guidelines
+* [Security Guidelines](security_guidelines.md)
 

From f2c86962a620def9fac40e8e020d1cbee686881f Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:58:20 +0100
Subject: [PATCH 04/11] Update security_guidelines.md

---
 security_guidelines.md | 118 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)

diff --git a/security_guidelines.md b/security_guidelines.md
index 65a6360..7cc568e 100644
--- a/security_guidelines.md
+++ b/security_guidelines.md
@@ -1,2 +1,120 @@
 # Security Guidelines
 
+## CSRF
+
+The tool to protect clients from CSRF is a randomly generated CSRF token,
+that can be used inside the URI generator. It's highly recomended to make 
+use of this token whenever possible in order to reduce the risk of CSRF 
+attacks.
+
+Example usage:
+
+```
+<form action="<?= UriFactory::build('/{/lang}/api/path?csrf={$CSRF}')" ...>
+    ...
+</form>
+```
+
+Now the application will receive the automatically generated CSRF token as 
+query parameter for further use. If the CSRF token is not the same as the one 
+assoziated with the client on the server side the client will receive a 403 
+HTTP response. The CSRF however doesn't have be specified, if that's the case 
+**every module itself must make sure wheter a valid CSRF token is required** 
+or not. The reason for this is that third party requests are a possibility as 
+well, and sharing the private CSRF token would render it useless.
+
+Since the validation of the CSRF token is performed automatically it is only 
+necessary to check the existence, since if it exists it has to be valid.
+
+Example usage in a module handling a API request:
+
+```
+if($request->getData('CSRF') === null) {
+    $response->setStatusCode(403);
+        
+    /* optional */
+    $response->set($request->__toString(), new Notify('Unknown referrer!', NotifyType::INFO));
+    
+    return;
+}
+```
+
+### When do I check for the CSRF token validity/existence?
+
+Always! Except the request has the potential to come from third party 
+referrers. Here a few examples of requests that must always have a valid CSRF 
+token:
+
+1. Login/logout
+2. Creating/updating/deleting a news post
+3. Uploading media files
+4. Changes in user settings
+
+Here some examples of requests that **MAY** not need a validation (mostly API 
+GET requests):
+
+1. Get news posts
+2. Get last log message
+
+It's important to understand that the CSRF token is not equivalent with 
+authentication or API token. Client can be logged out and still need a 
+CSRF token and obviously vice versa.
+
+## Super globals
+
+Super globals are not available througout the application and the values can 
+only be accesed through middleware classes like:
+
+* SessionManager
+* CookieJar
+* Request
+* Response
+
+In some cases super globals will even be overwritten by values from these 
+classes before generating a response. Do not directly access super globals!
+
+## Input validation
+
+Input validation be implemented on multiple levels.
+
+1. Regex validation in html/javascript by using the `pattern=""` attribute
+2. Type hints for method parameters wherever possible.
+3. Making use of the `Validation` classes as much as possible
+4. **Don't** sanitize at all! Accept or dismiss.
+
+## Inclusion and file paths
+
+Be vigilant of where and how the path for the following scenarios comes from:
+
+1. `include $path;`
+2. `fopen($path);`
+3. `file_get_contents('../relative/path/to/' . $path);`
+4. `mkdir($path);`
+
+These are just a few examples but it is very important to make sure, that 
+these paths only have access to wherever the programmer intended them for. 
+At first it is always a good idea to get the `$path = realpath($path)` of a 
+path in order to make sure the path exists and for further validation.
+
+Example usage:
+
+```
+if(($pathNew = realpath($path)) === false || strpos($pathNew, self::MODULE_PATH) === false) {
+    throw new FilePathException($path);
+}
+```
+
+The example throws an exception if the path either doesn't exist or is trying 
+to access a path that doesn't contain the path defined in `self::MODULE_PATH`. 
+Another validation could be:
+
+```
+if(($pathNew = realpath($path)) === false || !Validator::startsWith($pathNew, ROOT_PATH)) {
+    throw new FilePathException($path);
+}
+```
+
+This example now is not only checking if the path exists and if it contains a 
+path element, it also makes sure that the path is inside the application root 
+path. You could as easily replace `ROOT_PATH` with `self::MODULE_PATH` and this 
+validation would make sure `$path` only directs within a module.
\ No newline at end of file

From 1f7fb8556e7abf6ca7f396b46ccd29e789f3c343 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:58:27 +0100
Subject: [PATCH 05/11] Delete Security Guidelines.md

---
 Security Guidelines.md | 120 -----------------------------------------
 1 file changed, 120 deletions(-)
 delete mode 100644 Security Guidelines.md

diff --git a/Security Guidelines.md b/Security Guidelines.md
deleted file mode 100644
index 7cc568e..0000000
--- a/Security Guidelines.md	
+++ /dev/null
@@ -1,120 +0,0 @@
-# Security Guidelines
-
-## CSRF
-
-The tool to protect clients from CSRF is a randomly generated CSRF token,
-that can be used inside the URI generator. It's highly recomended to make 
-use of this token whenever possible in order to reduce the risk of CSRF 
-attacks.
-
-Example usage:
-
-```
-<form action="<?= UriFactory::build('/{/lang}/api/path?csrf={$CSRF}')" ...>
-    ...
-</form>
-```
-
-Now the application will receive the automatically generated CSRF token as 
-query parameter for further use. If the CSRF token is not the same as the one 
-assoziated with the client on the server side the client will receive a 403 
-HTTP response. The CSRF however doesn't have be specified, if that's the case 
-**every module itself must make sure wheter a valid CSRF token is required** 
-or not. The reason for this is that third party requests are a possibility as 
-well, and sharing the private CSRF token would render it useless.
-
-Since the validation of the CSRF token is performed automatically it is only 
-necessary to check the existence, since if it exists it has to be valid.
-
-Example usage in a module handling a API request:
-
-```
-if($request->getData('CSRF') === null) {
-    $response->setStatusCode(403);
-        
-    /* optional */
-    $response->set($request->__toString(), new Notify('Unknown referrer!', NotifyType::INFO));
-    
-    return;
-}
-```
-
-### When do I check for the CSRF token validity/existence?
-
-Always! Except the request has the potential to come from third party 
-referrers. Here a few examples of requests that must always have a valid CSRF 
-token:
-
-1. Login/logout
-2. Creating/updating/deleting a news post
-3. Uploading media files
-4. Changes in user settings
-
-Here some examples of requests that **MAY** not need a validation (mostly API 
-GET requests):
-
-1. Get news posts
-2. Get last log message
-
-It's important to understand that the CSRF token is not equivalent with 
-authentication or API token. Client can be logged out and still need a 
-CSRF token and obviously vice versa.
-
-## Super globals
-
-Super globals are not available througout the application and the values can 
-only be accesed through middleware classes like:
-
-* SessionManager
-* CookieJar
-* Request
-* Response
-
-In some cases super globals will even be overwritten by values from these 
-classes before generating a response. Do not directly access super globals!
-
-## Input validation
-
-Input validation be implemented on multiple levels.
-
-1. Regex validation in html/javascript by using the `pattern=""` attribute
-2. Type hints for method parameters wherever possible.
-3. Making use of the `Validation` classes as much as possible
-4. **Don't** sanitize at all! Accept or dismiss.
-
-## Inclusion and file paths
-
-Be vigilant of where and how the path for the following scenarios comes from:
-
-1. `include $path;`
-2. `fopen($path);`
-3. `file_get_contents('../relative/path/to/' . $path);`
-4. `mkdir($path);`
-
-These are just a few examples but it is very important to make sure, that 
-these paths only have access to wherever the programmer intended them for. 
-At first it is always a good idea to get the `$path = realpath($path)` of a 
-path in order to make sure the path exists and for further validation.
-
-Example usage:
-
-```
-if(($pathNew = realpath($path)) === false || strpos($pathNew, self::MODULE_PATH) === false) {
-    throw new FilePathException($path);
-}
-```
-
-The example throws an exception if the path either doesn't exist or is trying 
-to access a path that doesn't contain the path defined in `self::MODULE_PATH`. 
-Another validation could be:
-
-```
-if(($pathNew = realpath($path)) === false || !Validator::startsWith($pathNew, ROOT_PATH)) {
-    throw new FilePathException($path);
-}
-```
-
-This example now is not only checking if the path exists and if it contains a 
-path element, it also makes sure that the path is inside the application root 
-path. You could as easily replace `ROOT_PATH` with `self::MODULE_PATH` and this 
-validation would make sure `$path` only directs within a module.
\ No newline at end of file

From 4c523d475b10d749185103abd5dd9f3481b7f37b Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:58:49 +0100
Subject: [PATCH 06/11] Update SUMMARY.md

---
 SUMMARY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SUMMARY.md b/SUMMARY.md
index a97c0ea..b8f6e4e 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -2,4 +2,5 @@
 
 * [Introduction](README.md)
 * [Security Guidelines](security_guidelines.md)
+* Inspections, Tests & Code Guidelines
 

From 6e14ebb4b9bd63767acfb4b6d1fed6f498ec930b Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:59:00 +0100
Subject: [PATCH 07/11] Create inspections,_tests_&_code_guidelines.md

---
 inspections,_tests_&_code_guidelines.md | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 inspections,_tests_&_code_guidelines.md

diff --git a/inspections,_tests_&_code_guidelines.md b/inspections,_tests_&_code_guidelines.md
new file mode 100644
index 0000000..5c3d4f6
--- /dev/null
+++ b/inspections,_tests_&_code_guidelines.md
@@ -0,0 +1,2 @@
+# Inspections, Tests & Code Guidelines
+

From d211562c742d5e53fed79da0f97083da418d9feb Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:59:01 +0100
Subject: [PATCH 08/11] Update SUMMARY.md

---
 SUMMARY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SUMMARY.md b/SUMMARY.md
index b8f6e4e..9784e4a 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -2,5 +2,5 @@
 
 * [Introduction](README.md)
 * [Security Guidelines](security_guidelines.md)
-* Inspections, Tests & Code Guidelines
+* [Inspections, Tests & Code Guidelines](inspections,_tests_&_code_guidelines.md)
 

From 7bdf180ed764081ec675af9ad8f1e71940386c51 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:59:06 +0100
Subject: [PATCH 09/11] Update inspections,_tests_&_code_guidelines.md

---
 inspections,_tests_&_code_guidelines.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/inspections,_tests_&_code_guidelines.md b/inspections,_tests_&_code_guidelines.md
index 5c3d4f6..ae15030 100644
--- a/inspections,_tests_&_code_guidelines.md
+++ b/inspections,_tests_&_code_guidelines.md
@@ -1,2 +1,14 @@
 # Inspections, Tests & Code Guidelines
 
+Running inspections and tests ensures the quality of the provided code. It 
+also helps to ensure multiple programmers follow the same standard which 
+helps to work on other programmers code.
+
+## Unit tests
+
+### PHPUnit
+
+## Code style
+
+##  External tools
+

From ca8af4e9a7feed1d1f09417e3b4a534bbed939a5 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:59:11 +0100
Subject: [PATCH 10/11] Delete Inspections, Tests & Code Guidelines.md

---
 Inspections, Tests & Code Guidelines.md | 14 --------------
 1 file changed, 14 deletions(-)
 delete mode 100644 Inspections, Tests & Code Guidelines.md

diff --git a/Inspections, Tests & Code Guidelines.md b/Inspections, Tests & Code Guidelines.md
deleted file mode 100644
index ae15030..0000000
--- a/Inspections, Tests & Code Guidelines.md	
+++ /dev/null
@@ -1,14 +0,0 @@
-# Inspections, Tests & Code Guidelines
-
-Running inspections and tests ensures the quality of the provided code. It 
-also helps to ensure multiple programmers follow the same standard which 
-helps to work on other programmers code.
-
-## Unit tests
-
-### PHPUnit
-
-## Code style
-
-##  External tools
-

From 90b84c524ac21cadbb70e563388dae7bd936c318 Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 18:59:32 +0100
Subject: [PATCH 11/11] Update README.md

---
 README.md | 73 +------------------------------------------------------
 1 file changed, 1 insertion(+), 72 deletions(-)

diff --git a/README.md b/README.md
index c1dc5da..f6ecaa6 100644
--- a/README.md
+++ b/README.md
@@ -1,72 +1 @@
-# General
-
-The Orange Management software is a modular web application for small to mid sized companies that need CRM, ERP, Intranet and/or CMS features. The Orange Management modules can be split into the following different categories:
-
-* General
-* Business
-* Education
-* Health Care
-
-There is no limitation on how to combine modules. The modules are structured in a way that there is a minimum amount of dependencies between modules. Often modules provide additional functionality for other modules or modules request features from existing modules. Only in a few cases modules require another module for it's functionality, this is usually only the case for core modules or modules that have a strong relation to an other module.
-
-Thanks to the modular structure it's easy to have full control over the costs and keep the functionality to the exact amount that is needed. There is no fear of having too many functions that reduce the usability if they are not needed. This also results in a fast environment not just because only the necessary parts get installed but also because the core is built for a good experience in terms of performance.
-
-## Pricing & Services
-
-The current pricing model is single payment for the core application and modules. All updates regarding security and software fixes are free for the core application and all modules. Only enhancements, visually and in terms of functionality require a one time payment for that update. This way it's also possible to have full control over software changes and their costs. For convenience reasons Orange Management also offers various module bundles and upgrade subscriptions for updates during that subscription.
-
-Additional optional services Orange Management provides are:
-
-* Initial software setup with all purchased modules
-* Regular maintenance
-* Customization of all modules provided by Orange Management
-* Hosting
-
-## Development Status
-
-Currently Orange Management is still fully developing the first Alpha version. As soon as we have a running Beta version we are allowing external testers to use our software and a selected amount of inhouse developed modules.
-
-## Jobs
-
-We are always looking for people that are interested in joining this project. Unfortunately our current financial situation doesn't leave any room for payed staff members. All we can offer right now is a share of our future income and a great time. We are looking for:
-
-* PHP developer
-* JavaScript developer
-* Frontend developer
-* Designer
-
-Are you interested in joining us? Feel free to contact us at spl1nes.com@gmail.com.
-
-## Overview
-
-* Project: Orange Management
-* Group: Orange Management
-* Developers: 1
-* Languages: PHP, JS, Java, HTML, CSS
-* Dependencies: d3.js, THREE.js, tcpdf, PhpExcel
-
-### Build info
-
-Build infos are getting generated automatically for every build and manually for key commits.
-
-#### Metrics
-[LOC Framework](http://orange-management.de/Build/stats/phpOMS.log) - 
-[LOC Modules](http://orange-management.de/Build/stats/ModulesStats.log) - 
-[Metrics Framework](http://orange-management.de/Build/stats/ReportFramework.html) - 
-[Metrics Modules](http://orange-management.de/Build/stats/ReportModules.html) - 
-
-#### Code quality
-[PhpUnit Framework](http://orange-management.de/Build/logs/phpunit.log) - 
-[PhpCPD Framework](http://orange-management.de/Build/logs/phpcpdFramework.log) - 
-[PhpCPD Modules](http://orange-management.de/Build/logs/phpcpdModules.log) - 
-
-#### Linting
-[Php Core](http://orange-management.de/Build/logs/phpLintFramework.log) - 
-[Php Modules](http://orange-management.de/Build/logs/phpLintModules.log) - 
-[Json](http://orange-management.de/Build/logs/jsonLint.log)
-
-#### Code style
-[PhpCS Framework](http://orange-management.de/Build/logs/phpcsFramework.log) - 
-[PhpCS Modules](http://orange-management.de/Build/logs/phpcsModules.log) - 
-[Html Tags](http://orange-management.de/Build/logs/htmlinspection.log) - 
-[Empty Attributes](http://orange-management.de/Build/logs/unusedattributes.log)
+# Introduction
\ No newline at end of file