The first steps towards tCMS2

Is a bit WIP, mostly cleanup and stubbing thigs out
Something is likely broken atm.

Summary of changes:
  * Adds t/ directory with stub/template test
  * Adds Makefile with rules for running all tests
  * Converts blacklist for filemanager to JSON, cleanup in sanitizer
  * Removes external.inc, forbidden template is already good enough
  * Golf index down a bit
  * Fix bug in microblog where editing titles with "" in them got bear-blasted
  * Adds a stubby wizard landing page for when nothing is configured.
    Expect more here in the future.

Makefile

@@ -0,0 +1,3 @@
+test:
+	[ -d t/lib/testmore ] || git clone https://github.com/shiflett/testmore.git t/lib/testmore
+	prove --exec 'php' t/*.t

index.php

@@ -1,42 +1,19 @@
+<?php
+$protocol = ( !empty($_SERVER["HTTPS"] ) ) ? 'https'       : 'http';
+$nav      = ( !empty($_GET['nav'] ) )      ? $_GET['nav']  : '';
+$post     = ( !empty($_GET['post'] ) )     ? $_GET['post'] : '';
+
+if(file_exists('sys/admin/config/main.json')) {
+	$config = json_decode(file_get_contents('sys/admin/config/main.json'),true);
+} else {
+	# XXX Need to have manual be hosted in repo under sys/admin/manual
+	include( "templates/default/notconfigured.tmpl" );
+	die();
+}
+?>
 <!doctype html>
 <html dir="ltr" lang="en-US">
  <head>
-  <?php
-    //SRSBIZNUSS below - you probably shouldn't edit this unless you know what you are doing
-    //GET validation/sanitation and parameter variable definitions below
-    if (!empty($_SERVER["HTTPS"])) {
-      $protocol = "http";
-    } else {
-      $protocol = "https";
-    }
-    if (empty($_GET['nav'])) {
-      $nav = '';
-    }
-    else {
-      $nav = $_GET['nav'];
-    }
-    if (empty($_GET['post'])) {
-      $post = '';
-    }
-    else {
-      $post = $_GET['post'];
-    }
-
-    //input sanitization - XXX Why is this in the index? Should only be include in stuff that needs it
-    $pwd=$post;
-    include 'sys/fileshare/sanitize.inc';
-    if ($san == 1) {
-      return(0);
-    };
-    if(file_exists('sys/admin/config/main.json')) {
-      $config = json_decode(file_get_contents('sys/admin/config/main.json'),true);
-    } else {
-      # XXX Need to have manual be hosted in repo under sys/admin/manual
-      echo "</head><body>tCMS has not gone through initial configuration.<br />";
-      echo 'Please see the <a href="https://tcms.troglodyne.net/index.php?nav=5&post=fileshare/manual/Chapter%2000-Introduction.post">tCMS Manual</a> for how to accomplish this.';
-      die("</body></html>");
-    }
-  ?>
   <meta charset="utf-8" />
   <meta name="description" content="A Simple CMS by teodesian.net"/>
   <meta name="viewport" content="width=device-width">
@@ -95,48 +72,25 @@
     ?>
    </div>
    <div id="kontent" class="kontained">
-    <?php
-      /*$kontent basically is just a handler for what PHP include needs to be loaded
-      based on the context passed via GET params - if you wanna add another, add an
-      elseif case then specify the next number in the nav index along with the
-      corresponding file to include above.*/
-      if (empty($nav)) {
-        $kontent = $config['home'];
-      }
-      elseif ($nav == 1) {
-        $kontent = $config['fileshare'];
-      }
-      elseif ($nav == 2) {
-        $kontent = $config['microblog'];
-        $editable = 0;
-      }
-      elseif ($nav == 3) {
-        $kontent = $config['blog'];
-      }
-      elseif ($nav == 4) {
-        $kontent = $config['about'];
-      }
-      elseif ($nav == 5) {
-        $kontent = $config['postloader'];
-      }
-      elseif ($nav == 6) {
-        $kontent = $config['codeloader'];
-      }
-      elseif ($nav == 7) {
-        $kontent = $config['audioloader'];
-      }
-      elseif ($nav == 8) {
-        $kontent = $config['videoloader'];
-      }
-      elseif ($nav == 9) {
-        $kontent = $config['imgloader'];
-      }
-      elseif ($nav == 10) {
-        $kontent = $config['docloader'];
-      }
-      //Main Content Display Frame goes below
-      include $kontent;
-    ?>
+   <?php
+/*$kontent basically is just a handler for what PHP include needs to be loaded
+based on the context passed via GET params - if you wanna add another, add an
+elseif case then specify the next number in the nav index along with the
+corresponding file to include above.*/
+$destinations = [
+	$config['home'], $config['fileshare'], $config['microblog'], $config['blog'], $config['about'],
+	$config['postloader'], $config['codeloader'], $config['audioloader'], $config['videoloader'],
+	$config['imgloader'], $config['docloader']
+];
+if ( empty($nav) ) $nav = 0;
+if ( $nav === 1 || $nav > 5 ) {
+	$pwd = $post;
+	include 'sys/fileshare/sanitize.inc';
+}
+$kontent = $destinations[$nav];
+//Main Content Display Frame goes below
+include $kontent;
+   ?>
    </div>
    <div id="rightbar" class="kontained">
     <?php

sys/fileshare/include/blacklist

@@ -1 +0,0 @@
-img/sys/special/microblog/css/

sys/fileshare/include/blacklist.json

@@ -0,0 +1 @@
+[ "img", "sys", "special", "microblog", "css" ]

sys/fileshare/include/external.inc

@@ -1,12 +0,0 @@
-<center>
-<?php
-
-$pwd = $_GET['dir'];
-
-echo '<p style="vertical-align: middle;">';
-echo '<img src="img/mime/denied.gif" alt="deeenied" />';
-echo 'No External linking Allowed';
-echo '<img src="img/mime/denied.gif" alt="deeniedagain" />';
-echo '</p>'
-
-?>

sys/fileshare/sanitize.inc

@@ -1,49 +1,20 @@
 <?php 
-$san=0;
-//Forbid anything starting with / and anything with .. in it; also remote links
- $badguy = strpos($pwd, '/');
- $badguys = strstr($pwd,'..');
-
- $http = stristr($pwd,'http://');
- $https = stristr($pwd,'https://');
- $ftp = stristr($pwd, 'ftp://');
- $gop = stristr($pwd, 'gopher://');
-
- if ($badguy === 0) {
-        include 'sys/fileshare/include/forbidden.inc';
-        $san=1;
-	return(0);
- }
-
- if ($badguys !== FALSE) {
+if( !empty($pwd) ) {
+    //Forbid anything starting with / and anything with .. in it; also protocol links (://)
+    $forbidden = preg_match( "/|..|://", $pwd );
+    if ( $forbidden ) {
         include 'sys/fileshare/include/forbidden.inc';
-        $san=1;
-	return(0);
- }
-
-if ($http !== FALSE || $https !== FALSE || $ftp !== FALSE || $gop !== FALSE) {
-        include 'sys/fileshare/include/external.inc';
-        $san=1;
-	return(0);
-}
-
- //Check the list of other forbidden directories
- $blist = "sys/fileshare/include/blacklist";
- $channel = fopen($blist, "r");
- $contents = fread($channel, filesize($blist));
- $readable = preg_split('[/]', $contents);
- $countchocula = count($readable)-1;
-
- for ($a = 0; $a < $countchocula; $a++) {
-
-        $patterns = '^'.$readable[$a];
-        $foos = ereg($patterns, $pwd);
-
-        if ($foos == 1) {
-                include 'sys/fileshare/include/forbidden.inc';
-		$san=1;
-                return(0);
+        die();	
+    }
+
+    //Check the list of other forbidden directories
+    $blacklist = json_decode( file_get_contents("sys/fileshare/include/blacklist.json"), true );
+    if( !empty( $blacklist ) ) {
+    foreach ( $blacklist as $blacklisted ) {
+        if ( preg_match('^' . $blacklisted, $pwd) ) {
+            include 'sys/fileshare/include/forbidden.inc';
+            die();
         }
-
- }
+    }
+}
 ?>

sys/microblog.inc

@@ -1,5 +1,5 @@
 <?php
-  if ($editable) { //Insert the Only JS the project should have, all it does is toggle a div
+  if ( !empty( $editable ) ) { //Insert the Only JS the project should have, all it does is toggle a div
     echo "
       <script type=\"text/javascript\">
         function switchMenu(obj) {
@@ -117,9 +117,9 @@
           $out .= '<hr />';
           echo $out;
         } #Note that if nothing works out here, I'm just opting not to show anything.
-        if ($editable) {
+        if ( !empty( $editable ) ) {
           $id=basename($i);
-	  $editblock = "
+		  $editblock = "
             <a style=\"display: inline-block;\" onclick=\"switchMenu('$id');\">[Edit]</a>
             <div style=\"display: none;\" id=\"$id\">
              <form style=\"display: inline\" method=\"POST\">
@@ -129,7 +129,8 @@
             $editblock .= "<textarea class=\"mbedit_text\" name=\"content\">$fc</textarea>";
           } else {
           $editblock .= '<input type="hidden" name="type" value="JSON" />
-            Title: <input class="cooltext" type="text" name="title" value="'.$json->title.'" /><br />
+            Title: <input class="cooltext" type="text" name="title"
+			value="' . preg_replace( '"' ,'\"' , $json->title ) .'" /><br />
             URL: <input class="cooltext" type="text" name="URL" value="'.$json->url.'" /><br />
             Image: <input class="cooltext" type="text" name="IMG" value="'.$json->image.'" /><br />
             Audio: <input class="cooltext" type="text" name="AUD" value="'.$json->audio.'" /><br />

t/README.txt

@@ -0,0 +1,4 @@
+Running the tests requires 'Test::More for PHP':
+https://github.com/shiflett/testmore
+
+The Makefile will scan for this, of course and attempt to clone it if it does not exist.

t/admin.t

@@ -0,0 +1,5 @@
+<?php
+    require_once("lib/testmore/testmore.php");
+    plan(1);
+    ok("This is a stub for now");
+?>

t/lib/.gitignore

@@ -0,0 +1 @@
+testmore

templates/default/notconfigured.tmpl

@@ -0,0 +1,70 @@
+<!doctype html>
+<html dir="ltr" lang="en-US">
+    <head>
+        <meta charset="utf-8" />
+        <meta name="description" content="tCMS"/>
+        <meta name="viewport" content="width=device-width">
+        <link rel="icon" type="image/vnd.microsoft.icon" href="img/icon/favicon.ico" />
+        <title>
+            tCMS Requires Setup to Continue...
+        </title>
+        <style>
+            body, html {
+                font-size: 100%;
+                margin: 0;
+            }
+            nav {
+                padding: .5rem;
+                height: 2rem;
+                line-height: 2rem;
+                font-size: 1.5rem;
+                background-color: black;
+                color: white;
+            }
+            section {
+                display: block;
+                width: 100%;
+                margin: 1rem auto 0 auto;
+            }
+            @media( min-width: 768px ) {
+                section {
+                    width: 80%;
+                }
+            }
+            #notice {
+                display: table;
+                padding: .5rem;
+                background-color: rgba( 0, 0, 0, .75 );
+                color: #00FF00;
+                border-radius: .25rem;
+            }
+            #notice > img, #notice > span {
+                margin: .25rem;
+                display: table-cell;
+                vertical-align: middle;
+            }
+        </style>
+    </head>
+    <body>
+        <nav>
+            <strong>tCMS Configuration <!--Wizard--></strong>
+            <span style="float: right;">Step 1</span>
+        </nav>
+        <section>
+            <div id="notice">
+                <img alt="Icon indicating a missing file" src="img/mime/missing.gif" />
+                <span>
+                    [INFO] This page is being displayed because sys/admin/config/main.json is missing
+                    (or corrupted).
+                </span>
+            </div>
+            <p>
+                Please see the
+                <a href="https://tcms.troglodyne.net/index.php?nav=5&post=fileshare/manual/Chapter%2000-Introduction.post">
+                    tCMS Manual
+                </a>
+                for instructions on how configure tCMS.
+            </p>
+        </section>
+    </body>
+</html>