diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php b/data/web/inc/lib/vendor/owasp/csrf-protector-php
deleted file mode 160000
index aec0d696..00000000
--- a/data/web/inc/lib/vendor/owasp/csrf-protector-php
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit aec0d6966992363a7192b2ae9fb0a9643e8fa26b
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/.coveralls.yml b/data/web/inc/lib/vendor/owasp/csrf-protector-php/.coveralls.yml
new file mode 100644
index 00000000..bc8e74cc
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/.coveralls.yml
@@ -0,0 +1,4 @@
+service_name: travis-ci
+src_dir: ./libs/
+coverage_clover: build/logs/clover.xml
+json_path: build/logs/coveralls-upload.json
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/.travis.yml b/data/web/inc/lib/vendor/owasp/csrf-protector-php/.travis.yml
new file mode 100644
index 00000000..d5821b24
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/.travis.yml
@@ -0,0 +1,46 @@
+language: php
+php:
+ - "5.6"
+ - "5.5"
+ - "5.4"
+ - "5.3"
+ - "7.0"
+ - "7.1"
+ - hhvm
+ - nightly
+
+matrix:
+ allow_failures:
+ - php: nightly
+ - php: hhvm
+
+os:
+ - linux
+
+install:
+ # Install composer packages, will also trigger dump-autoload
+ - composer install --no-interaction
+ # Install coveralls.phar
+ - wget -c -nc --retry-connrefused --tries=0 https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar
+ - chmod +x coveralls.phar
+ - php coveralls.phar --version
+
+before_script:
+ - mkdir -p build/logs
+ - ls -al
+
+script:
+ - mkdir -p build/logs
+ - if [ $(phpenv version-name) = 'hhvm' ]; then echo 'xdebug.enable=1' >> /etc/hhvm/php.ini; fi
+ - phpunit --stderr --coverage-clover build/logs/clover.xml
+
+after_script:
+ - php vendor/bin/coveralls -v
+
+after_success:
+ - travis_retry php coveralls.phar -v
+
+cache:
+ directories:
+ - vendor
+ - $HOME/.cache/composer
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/composer.json b/data/web/inc/lib/vendor/owasp/csrf-protector-php/composer.json
new file mode 100644
index 00000000..bc7836ba
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/composer.json
@@ -0,0 +1,14 @@
+{
+ "name": "owasp/csrf-protector-php",
+ "type": "library",
+ "description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
+ "keywords": ["security","csrf", "owasp"],
+ "homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
+ "license": "APACHE",
+ "require-dev": {
+ "satooshi/php-coveralls": "~1.0"
+ },
+ "autoload": {
+ "classmap": ["libs/csrf/"]
+ }
+}
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/files/libs/csrf/csrfprotector-php.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/files/libs/csrf/csrfprotector-php.html
new file mode 100644
index 00000000..a6eeb437
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/files/libs/csrf/csrfprotector-php.html
@@ -0,0 +1,74 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>/Users/minhazav/github/CSRF-Protector-PHP/libs/csrf/csrfprotector.php</title><link rel="stylesheet" type="text/css" href="../../../styles/main.css"><script language=JavaScript src="../../../javascript/main.js"></script><script language=JavaScript src="../../../javascript/prettify.js"></script><script language=JavaScript src="../../../javascript/searchdata.js"></script></head><body class="ContentPage" onLoad="NDOnLoad();prettyPrint();"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Content><div class="CFile"><div class=CTopic id=MainTopic><h1 class=CTitle><a name="csrfprotector.php"></a>csrfprotector.php</h1><div class=CBody><!--START_ND_SUMMARY--><div class=Summary><div class=STitle>Summary</div><div class=SBorder><table border=0 cellspacing=0 cellpadding=0 class=STable><tr class="SMain"><td class=SEntry><a href="#csrfprotector.php" >csrfprotector.php</a></td><td class=SDescription></td></tr><tr class="SGroup"><td class=SEntry><a href="#Variables" >Variables</a></td><td class=SDescription></td></tr><tr class="SVariable SIndent1 SMarked"><td class=SEntry><a href="#$cookieExpiryTime" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')">$cookieExpiryTime</a></td><td class=SDescription>expiry time for cookie @var int</td></tr><tr class="SVariable SIndent1"><td class=SEntry><a href="#$isSameOrigin" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')">$isSameOrigin</a></td><td class=SDescription>flag for cross origin/same origin request @var bool</td></tr><tr class="SVariable SIndent1 SMarked"><td class=SEntry><a href="#$isValidHTML" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')">$isValidHTML</a></td><td class=SDescription>flag to check if output file is a valid HTML or not @var bool</td></tr><tr class="SVariable SIndent1"><td class=SEntry><a href="#$requestType" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')">$requestType</a></td><td class=SDescription>Varaible to store weather request type is post or get @var string</td></tr><tr class="SVariable SIndent1 SMarked"><td class=SEntry><a href="#$config" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')">$config</a></td><td class=SDescription>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails Property: #2: logDirectory (string) => directory in which log will be saved Property: #3: customErrorMessage (string) => custom error message to be sent in case of failed authentication Property: #4: jsFile (string) => location of the CSRFProtector js file Property: #5: tokenLength (int) => default length of hash Property: #6: disabledJavascriptMessage (string) => error message if client’s js is disabled</td></tr><tr class="SGroup"><td class=SEntry><a href="#Functions" >Functions</a></td><td class=SDescription></td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#init" id=link6 onMouseOver="ShowTip(event, 'tt6', 'link6')" onMouseOut="HideTip('tt6')">init</a></td><td class=SDescription>function to initialise the csrfProtector work flow</td></tr><tr class="SFunction SIndent1"><td class=SEntry><a href="#useCachedVersion" id=link7 onMouseOver="ShowTip(event, 'tt7', 'link7')" onMouseOut="HideTip('tt7')">useCachedVersion</a></td><td class=SDescription>function to check weather to use cached version of js file or not</td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#createNewJsCache" id=link8 onMouseOver="ShowTip(event, 'tt8', 'link8')" onMouseOut="HideTip('tt8')">createNewJsCache</a></td><td class=SDescription>Function to create new cache version of js</td></tr><tr class="SFunction SIndent1"><td class=SEntry><a href="#authorisePost" id=link9 onMouseOver="ShowTip(event, 'tt9', 'link9')" onMouseOut="HideTip('tt9')">authorisePost</a></td><td class=SDescription>function to authorise incoming post requests</td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#failedValidationAction" id=link10 onMouseOver="ShowTip(event, 'tt10', 'link10')" onMouseOut="HideTip('tt10')">failedValidationAction</a></td><td class=SDescription>function to be called in case of failed validation performs logging and take appropriate action</td></tr><tr class="SFunction SIndent1"><td class=SEntry><a href="#refreshToken" id=link11 onMouseOver="ShowTip(event, 'tt11', 'link11')" onMouseOut="HideTip('tt11')">refreshToken</a></td><td class=SDescription>Function to set auth cookie</td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#generateAuthToken" id=link12 onMouseOver="ShowTip(event, 'tt12', 'link12')" onMouseOut="HideTip('tt12')">generateAuthToken</a></td><td class=SDescription>function to generate random hash of length as given in parameter max length = 128</td></tr><tr class="SFunction SIndent1"><td class=SEntry><a href="#ob_handler" id=link13 onMouseOver="ShowTip(event, 'tt13', 'link13')" onMouseOut="HideTip('tt13')">ob_handler</a></td><td class=SDescription>Rewrites <form> on the fly to add CSRF tokens to them. </td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#logCSRFattack" id=link14 onMouseOver="ShowTip(event, 'tt14', 'link14')" onMouseOut="HideTip('tt14')">logCSRFattack</a></td><td class=SDescription>Functio to log CSRF Attack</td></tr><tr class="SFunction SIndent1"><td class=SEntry><a href="#getCurrentUrl" id=link15 onMouseOver="ShowTip(event, 'tt15', 'link15')" onMouseOut="HideTip('tt15')">getCurrentUrl</a></td><td class=SDescription>Function to return current url of executing page</td></tr><tr class="SFunction SIndent1 SMarked"><td class=SEntry><a href="#isURLallowed" id=link16 onMouseOver="ShowTip(event, 'tt16', 'link16')" onMouseOut="HideTip('tt16')">isURLallowed</a></td><td class=SDescription>Function to check if a url mataches for any urls Listed in config file</td></tr></table></div></div><!--END_ND_SUMMARY--></div></div></div>
+
+<div class="CGroup"><div class=CTopic><h3 class=CTitle><a name="Variables"></a>Variables</h3></div></div>
+
+<div class="CVariable"><div class=CTopic><h3 class=CTitle><a name="$cookieExpiryTime"></a>$cookieExpiryTime</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote><p>expiry time for cookie @var int</p></div></div></div>
+
+<div class="CVariable"><div class=CTopic><h3 class=CTitle><a name="$isSameOrigin"></a>$isSameOrigin</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote><p>flag for cross origin/same origin request @var bool</p></div></div></div>
+
+<div class="CVariable"><div class=CTopic><h3 class=CTitle><a name="$isValidHTML"></a>$isValidHTML</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote><p>flag to check if output file is a valid HTML or not @var bool</p></div></div></div>
+
+<div class="CVariable"><div class=CTopic><h3 class=CTitle><a name="$requestType"></a>$requestType</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote><p>Varaible to store weather request type is post or get @var string</p></div></div></div>
+
+<div class="CVariable"><div class=CTopic><h3 class=CTitle><a name="$config"></a>$config</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote><p>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails Property: #2: logDirectory (string) => directory in which log will be saved Property: #3: customErrorMessage (string) => custom error message to be sent in case of failed authentication Property: #4: jsFile (string) => location of the CSRFProtector js file Property: #5: tokenLength (int) => default length of hash Property: #6: disabledJavascriptMessage (string) => error message if client’s js is disabled</p></div></div></div>
+
+<div class="CGroup"><div class=CTopic><h3 class=CTitle><a name="Functions"></a>Functions</h3></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="init"></a>init</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function init(</td><td class="PParameter prettyprint " nowrap>$length</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$action</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote><p>function to initialise the csrfProtector work flow</p><h4 class=CHeading>Parameters</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>$length</td><td class=CDLDescription>length of CSRF_AUTH_TOKEN to be generated</td></tr><tr><td class=CDLEntry>$action</td><td class=CDLDescription>int array, for different actions to be taken in case of failed validation</td></tr></table><h4 class=CHeading>Returns</h4><p>void</p><h4 class=CHeading>Throws</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>configFileNotFoundException</td><td class=CDLDescription>when configuration file is not found</td></tr></table></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="useCachedVersion"></a>useCachedVersion</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function useCachedVersion()</td></tr></table></blockquote><p>function to check weather to use cached version of js file or not</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><p>bool -- true if cacheversion can be used -- false otherwise</p></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="createNewJsCache"></a>createNewJsCache</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function createNewJsCache()</td></tr></table></blockquote><p>Function to create new cache version of js</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><p>void</p><h4 class=CHeading>Throws</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>baseJSFileNotFoundExceptio</td><td class=CDLDescription>if baseJsFile is not found</td></tr></table></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="authorisePost"></a>authorisePost</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function authorisePost()</td></tr></table></blockquote><p>function to authorise incoming post requests</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><p>void</p><h4 class=CHeading>Throws</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>logDirectoryNotFoundException</td><td class=CDLDescription>if log directory is not found</td></tr></table></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="failedValidationAction"></a>failedValidationAction</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function failedValidationAction()</td></tr></table></blockquote><p>function to be called in case of failed validation performs logging and take appropriate action</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><p>void</p></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="refreshToken"></a>refreshToken</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function refreshToken()</td></tr></table></blockquote><p>Function to set auth cookie</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><p>void</p></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="generateAuthToken"></a>generateAuthToken</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function generateAuthToken()</td></tr></table></blockquote><p>function to generate random hash of length as given in parameter max length = 128</p><h4 class=CHeading>Parameters</h4><p>length to hash required, int</p><h4 class=CHeading>Returns</h4><p>string, token</p></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="ob_handler"></a>ob_handler</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function ob_handler(</td><td class="PParameter prettyprint " nowrap>$buffer,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$flags</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote><p>Rewrites <form> on the fly to add CSRF tokens to them. This can also inject our JavaScript library.</p><h4 class=CHeading>Parameters</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>$buffer</td><td class=CDLDescription>output buffer to which all output are stored</td></tr><tr><td class=CDLEntry>$flag</td><td class=CDLDescription>INT</td></tr></table><h4 class=CHeading>Return</h4><p>string, complete output buffer</p></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="logCSRFattack"></a>logCSRFattack</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function logCSRFattack()</td></tr></table></blockquote><p>Functio to log CSRF Attack</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Retruns</h4><p>void</p><h4 class=CHeading>Throws</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>logFileWriteError</td><td class=CDLDescription>if unable to log an attack</td></tr></table></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="getCurrentUrl"></a>getCurrentUrl</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function getCurrentUrl()</td></tr></table></blockquote><p>Function to return current url of executing page</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>string</td><td class=CDLDescription>current url</td></tr></table></div></div></div>
+
+<div class="CFunction"><div class=CTopic><h3 class=CTitle><a name="isURLallowed"></a>isURLallowed</h3><div class=CBody><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function isURLallowed()</td></tr></table></blockquote><p>Function to check if a url mataches for any urls Listed in config file</p><h4 class=CHeading>Parameters</h4><p>void</p><h4 class=CHeading>Returns</h4><table border=0 cellspacing=0 cellpadding=0 class=CDescriptionList><tr><td class=CDLEntry>boolean</td><td class=CDLDescription>true is url need no validation, false if validation needed</td></tr></table></div></div></div>
+
+</div><!--Content-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile id=MSelected>csrfprotector.php</div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="../../../index/General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="../../../index/Files.html">Files</a></div></div><div class=MEntry><div class=MIndex><a href="../../../index/Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="../../../index/Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../../../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote>expiry time for cookie @var int</div></div><div class=CToolTip id="tt2"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote>flag for cross origin/same origin request @var bool</div></div><div class=CToolTip id="tt3"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote>flag to check if output file is a valid HTML or not @var bool</div></div><div class=CToolTip id="tt4"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote>Varaible to store weather request type is post or get @var string</div></div><div class=CToolTip id="tt5"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails Property: #2: logDirectory (string) => directory in which log will be saved Property: #3: customErrorMessage (string) => custom error message to be sent in case of failed authentication Property: #4: jsFile (string) => location of the CSRFProtector js file Property: #5: tokenLength (int) => default length of hash Property: #6: disabledJavascriptMessage (string) => error message if client’s js is disabled</div></div><div class=CToolTip id="tt6"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function init(</td><td class="PParameter prettyprint " nowrap>$length</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$action</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>function to initialise the csrfProtector work flow</div></div><div class=CToolTip id="tt7"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function useCachedVersion()</td></tr></table></blockquote>function to check weather to use cached version of js file or not</div></div><div class=CToolTip id="tt8"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function createNewJsCache()</td></tr></table></blockquote>Function to create new cache version of js</div></div><div class=CToolTip id="tt9"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function authorisePost()</td></tr></table></blockquote>function to authorise incoming post requests</div></div><div class=CToolTip id="tt10"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function failedValidationAction()</td></tr></table></blockquote>function to be called in case of failed validation performs logging and take appropriate action</div></div><div class=CToolTip id="tt11"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function refreshToken()</td></tr></table></blockquote>Function to set auth cookie</div></div><div class=CToolTip id="tt12"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function generateAuthToken()</td></tr></table></blockquote>function to generate random hash of length as given in parameter max length = 128</div></div><div class=CToolTip id="tt13"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function ob_handler(</td><td class="PParameter prettyprint " nowrap>$buffer,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$flags</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>Rewrites form on the fly to add CSRF tokens to them. </div></div><div class=CToolTip id="tt14"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function logCSRFattack()</td></tr></table></blockquote>Functio to log CSRF Attack</div></div><div class=CToolTip id="tt15"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function getCurrentUrl()</td></tr></table></blockquote>Function to return current url of executing page</div></div><div class=CToolTip id="tt16"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function isURLallowed()</td></tr></table></blockquote>Function to check if a url mataches for any urls Listed in config file</div></div><!--END_ND_TOOLTIPS-->
+
+
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index.html
new file mode 100644
index 00000000..c42fb024
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index.html
@@ -0,0 +1 @@
+<html><head><meta http-equiv="Refresh" CONTENT="0; URL=files/libs/csrf/csrfprotector-php.html"></head></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Files.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Files.html
new file mode 100644
index 00000000..a984415a
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Files.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>File Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>File Index</div><div class=INavigationBar>$#! · 0-9 · A · B · <a href="#C">C</a> · D · E · F · G · H · I · J · K · L · M · N · O · P · Q · R · S · T · U · V · W · X · Y · Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" class=ISymbol>csrfprotector.php</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Files</div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Functions.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Functions.html
new file mode 100644
index 00000000..7a5a0f31
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Functions.html
@@ -0,0 +1,65 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Function Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Function Index</div><div class=INavigationBar>$#! · 0-9 · <a href="#A">A</a> · B · <a href="#C">C</a> · D · E · <a href="#F">F</a> · <a href="#G">G</a> · H · <a href="#I">I</a> · J · K · <a href="#L">L</a> · M · N · <a href="#O">O</a> · P · Q · <a href="#R">R</a> · S · T · <a href="#U">U</a> · V · W · X · Y · Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="A"></a>A</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>authorisePost</a></td></tr><tr><td class=IHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>createNewJsCache</a></td></tr><tr><td class=IHeading><a name="F"></a>F</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>failedValidationAction</a></td></tr><tr><td class=IHeading><a name="G"></a>G</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>generateAuthToken</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>getCurrentUrl</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" id=link6 onMouseOver="ShowTip(event, 'tt6', 'link6')" onMouseOut="HideTip('tt6')" class=ISymbol>init</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" id=link7 onMouseOver="ShowTip(event, 'tt7', 'link7')" onMouseOut="HideTip('tt7')" class=ISymbol>isURLallowed</a></td></tr><tr><td class=IHeading><a name="L"></a>L</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" id=link8 onMouseOver="ShowTip(event, 'tt8', 'link8')" onMouseOut="HideTip('tt8')" class=ISymbol>logCSRFattack</a></td></tr><tr><td class=IHeading><a name="O"></a>O</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" id=link9 onMouseOver="ShowTip(event, 'tt9', 'link9')" onMouseOut="HideTip('tt9')" class=ISymbol>ob_handler</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" id=link10 onMouseOver="ShowTip(event, 'tt10', 'link10')" onMouseOut="HideTip('tt10')" class=ISymbol>refreshToken</a></td></tr><tr><td class=IHeading><a name="U"></a>U</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" id=link11 onMouseOver="ShowTip(event, 'tt11', 'link11')" onMouseOut="HideTip('tt11')" class=ISymbol>useCachedVersion</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function authorisePost()</td></tr></table></blockquote>function to authorise incoming post requests</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt2"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function createNewJsCache()</td></tr></table></blockquote>Function to create new cache version of js</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt3"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function failedValidationAction()</td></tr></table></blockquote>function to be called in case of failed validation performs logging and take appropriate action</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt4"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function generateAuthToken()</td></tr></table></blockquote>function to generate random hash of length as given in parameter max length = 128</div></div><div class=CToolTip id="tt5"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function getCurrentUrl()</td></tr></table></blockquote>Function to return current url of executing page</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt6"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function init(</td><td class="PParameter prettyprint " nowrap>$length</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$action</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>function to initialise the csrfProtector work flow</div></div><div class=CToolTip id="tt7"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function isURLallowed()</td></tr></table></blockquote>Function to check if a url mataches for any urls Listed in config file</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt8"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function logCSRFattack()</td></tr></table></blockquote>Functio to log CSRF Attack</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt9"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function ob_handler(</td><td class="PParameter prettyprint " nowrap>$buffer,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$flags</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>Rewrites form on the fly to add CSRF tokens to them. </div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt10"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function refreshToken()</td></tr></table></blockquote>Function to set auth cookie</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt11"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function useCachedVersion()</td></tr></table></blockquote>function to check weather to use cached version of js file or not</div></div><!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Functions</div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/General.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/General.html
new file mode 100644
index 00000000..adc327a6
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/General.html
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Index</div><div class=INavigationBar>$#! · 0-9 · <a href="#A">A</a> · B · <a href="#C">C</a> · D · E · <a href="#F">F</a> · <a href="#G">G</a> · H · <a href="#I">I</a> · J · K · <a href="#L">L</a> · M · N · <a href="#O">O</a> · P · Q · <a href="#R">R</a> · S · T · <a href="#U">U</a> · <a href="#V">V</a> · W · X · Y · Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="A"></a>A</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>authorisePost</a></td></tr><tr><td class=IHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$config" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>config</a></td></tr><tr><td class=ISymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>cookieExpiryTime</a></td></tr><tr><td class=ISymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>createNewJsCache</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" class=ISymbol>csrfprotector.php</a></td></tr><tr><td class=IHeading><a name="F"></a>F</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>failedValidationAction</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Functions" class=ISymbol>Functions</a></td></tr><tr><td class=IHeading><a name="G"></a>G</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" id=link6 onMouseOver="ShowTip(event, 'tt6', 'link6')" onMouseOut="HideTip('tt6')" class=ISymbol>generateAuthToken</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" id=link7 onMouseOver="ShowTip(event, 'tt7', 'link7')" onMouseOut="HideTip('tt7')" class=ISymbol>getCurrentUrl</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" id=link8 onMouseOver="ShowTip(event, 'tt8', 'link8')" onMouseOut="HideTip('tt8')" class=ISymbol>init</a></td></tr><tr><td class=ISymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" id=link9 onMouseOver="ShowTip(event, 'tt9', 'link9')" onMouseOut="HideTip('tt9')" class=ISymbol>isSameOrigin</a></td></tr><tr><td class=ISymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" id=link10 onMouseOver="ShowTip(event, 'tt10', 'link10')" onMouseOut="HideTip('tt10')" class=ISymbol>isURLallowed</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" id=link11 onMouseOver="ShowTip(event, 'tt11', 'link11')" onMouseOut="HideTip('tt11')" class=ISymbol>isValidHTML</a></td></tr><tr><td class=IHeading><a name="L"></a>L</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" id=link12 onMouseOver="ShowTip(event, 'tt12', 'link12')" onMouseOut="HideTip('tt12')" class=ISymbol>logCSRFattack</a></td></tr><tr><td class=IHeading><a name="O"></a>O</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" id=link13 onMouseOver="ShowTip(event, 'tt13', 'link13')" onMouseOut="HideTip('tt13')" class=ISymbol>ob_handler</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" id=link14 onMouseOver="ShowTip(event, 'tt14', 'link14')" onMouseOut="HideTip('tt14')" class=ISymbol>refreshToken</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" id=link15 onMouseOver="ShowTip(event, 'tt15', 'link15')" onMouseOut="HideTip('tt15')" class=ISymbol>requestType</a></td></tr><tr><td class=IHeading><a name="U"></a>U</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" id=link16 onMouseOver="ShowTip(event, 'tt16', 'link16')" onMouseOut="HideTip('tt16')" class=ISymbol>useCachedVersion</a></td></tr><tr><td class=IHeading><a name="V"></a>V</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix> </td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Variables" class=ISymbol>Variables</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function authorisePost()</td></tr></table></blockquote>function to authorise incoming post requests</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt2"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails Property: #2: logDirectory (string) => directory in which log will be saved Property: #3: customErrorMessage (string) => custom error message to be sent in case of failed authentication Property: #4: jsFile (string) => location of the CSRFProtector js file Property: #5: tokenLength (int) => default length of hash Property: #6: disabledJavascriptMessage (string) => error message if client’s js is disabled</div></div><div class=CToolTip id="tt3"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote>expiry time for cookie @var int</div></div><div class=CToolTip id="tt4"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function createNewJsCache()</td></tr></table></blockquote>Function to create new cache version of js</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt5"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function failedValidationAction()</td></tr></table></blockquote>function to be called in case of failed validation performs logging and take appropriate action</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt6"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function generateAuthToken()</td></tr></table></blockquote>function to generate random hash of length as given in parameter max length = 128</div></div><div class=CToolTip id="tt7"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function getCurrentUrl()</td></tr></table></blockquote>Function to return current url of executing page</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt8"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function init(</td><td class="PParameter prettyprint " nowrap>$length</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$action</td><td class="PDefaultValuePrefix prettyprint "> = </td><td class="PDefaultValue prettyprint " width=100%> null</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>function to initialise the csrfProtector work flow</div></div><div class=CToolTip id="tt9"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote>flag for cross origin/same origin request @var bool</div></div><div class=CToolTip id="tt10"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function isURLallowed()</td></tr></table></blockquote>Function to check if a url mataches for any urls Listed in config file</div></div><div class=CToolTip id="tt11"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote>flag to check if output file is a valid HTML or not @var bool</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt12"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function logCSRFattack()</td></tr></table></blockquote>Functio to log CSRF Attack</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt13"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters prettyprint "nowrap>public static function ob_handler(</td><td class="PParameter prettyprint " nowrap>$buffer,</td></tr><tr><td></td><td class="PParameter prettyprint " nowrap>$flags</td><td class="PAfterParameters prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>Rewrites form on the fly to add CSRF tokens to them. </div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt14"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function refreshToken()</td></tr></table></blockquote>Function to set auth cookie</div></div><div class=CToolTip id="tt15"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote>Varaible to store weather request type is post or get @var string</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt16"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function useCachedVersion()</td></tr></table></blockquote>function to check weather to use cached version of js file or not</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex id=MSelected>Everything</div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Variables.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Variables.html
new file mode 100644
index 00000000..14fccdfb
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Variables.html
@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Variable Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Variable Index</div><div class=INavigationBar>$#! · 0-9 · A · B · <a href="#C">C</a> · D · E · F · G · H · <a href="#I">I</a> · J · K · L · M · N · O · P · Q · <a href="#R">R</a> · S · T · U · V · W · X · Y · Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$config" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>config</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>cookieExpiryTime</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>isSameOrigin</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>isValidHTML</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>requestType</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails Property: #2: logDirectory (string) => directory in which log will be saved Property: #3: customErrorMessage (string) => custom error message to be sent in case of failed authentication Property: #4: jsFile (string) => location of the CSRFProtector js file Property: #5: tokenLength (int) => default length of hash Property: #6: disabledJavascriptMessage (string) => error message if client’s js is disabled</div></div><div class=CToolTip id="tt2"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote>expiry time for cookie @var int</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt3"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote>flag for cross origin/same origin request @var bool</div></div><div class=CToolTip id="tt4"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote>flag to check if output file is a valid HTML or not @var bool</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt5"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote>Varaible to store weather request type is post or get @var string</div></div><!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Variables</div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/main.js b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/main.js
new file mode 100644
index 00000000..3f42acde
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/main.js
@@ -0,0 +1,841 @@
+// This file is part of Natural Docs, which is Copyright � 2003-2010 Greg Valure
+// Natural Docs is licensed under version 3 of the GNU Affero General Public License (AGPL)
+// Refer to License.txt for the complete details
+
+// This file may be distributed with documentation files generated by Natural Docs.
+// Such documentation is not covered by Natural Docs' copyright and licensing,
+// and may have its own copyright and distribution terms as decided by its author.
+
+
+//
+// Browser Styles
+// ____________________________________________________________________________
+
+var agt=navigator.userAgent.toLowerCase();
+var browserType;
+var browserVer;
+
+if (agt.indexOf("opera") != -1)
+ {
+ browserType = "Opera";
+
+ if (agt.indexOf("opera 7") != -1 || agt.indexOf("opera/7") != -1)
+ { browserVer = "Opera7"; }
+ else if (agt.indexOf("opera 8") != -1 || agt.indexOf("opera/8") != -1)
+ { browserVer = "Opera8"; }
+ else if (agt.indexOf("opera 9") != -1 || agt.indexOf("opera/9") != -1)
+ { browserVer = "Opera9"; }
+ }
+
+else if (agt.indexOf("applewebkit") != -1)
+ {
+ browserType = "Safari";
+
+ if (agt.indexOf("version/3") != -1)
+ { browserVer = "Safari3"; }
+ else if (agt.indexOf("safari/4") != -1)
+ { browserVer = "Safari2"; }
+ }
+
+else if (agt.indexOf("khtml") != -1)
+ {
+ browserType = "Konqueror";
+ }
+
+else if (agt.indexOf("msie") != -1)
+ {
+ browserType = "IE";
+
+ if (agt.indexOf("msie 6") != -1)
+ { browserVer = "IE6"; }
+ else if (agt.indexOf("msie 7") != -1)
+ { browserVer = "IE7"; }
+ }
+
+else if (agt.indexOf("gecko") != -1)
+ {
+ browserType = "Firefox";
+
+ if (agt.indexOf("rv:1.7") != -1)
+ { browserVer = "Firefox1"; }
+ else if (agt.indexOf("rv:1.8)") != -1 || agt.indexOf("rv:1.8.0") != -1)
+ { browserVer = "Firefox15"; }
+ else if (agt.indexOf("rv:1.8.1") != -1)
+ { browserVer = "Firefox2"; }
+ }
+
+
+//
+// Support Functions
+// ____________________________________________________________________________
+
+
+function GetXPosition(item)
+ {
+ var position = 0;
+
+ if (item.offsetWidth != null)
+ {
+ while (item != document.body && item != null)
+ {
+ position += item.offsetLeft;
+ item = item.offsetParent;
+ };
+ };
+
+ return position;
+ };
+
+
+function GetYPosition(item)
+ {
+ var position = 0;
+
+ if (item.offsetWidth != null)
+ {
+ while (item != document.body && item != null)
+ {
+ position += item.offsetTop;
+ item = item.offsetParent;
+ };
+ };
+
+ return position;
+ };
+
+
+function MoveToPosition(item, x, y)
+ {
+ // Opera 5 chokes on the px extension, so it can use the Microsoft one instead.
+
+ if (item.style.left != null)
+ {
+ item.style.left = x + "px";
+ item.style.top = y + "px";
+ }
+ else if (item.style.pixelLeft != null)
+ {
+ item.style.pixelLeft = x;
+ item.style.pixelTop = y;
+ };
+ };
+
+
+//
+// Menu
+// ____________________________________________________________________________
+
+
+function ToggleMenu(id)
+ {
+ if (!window.document.getElementById)
+ { return; };
+
+ var display = window.document.getElementById(id).style.display;
+
+ if (display == "none")
+ { display = "block"; }
+ else
+ { display = "none"; }
+
+ window.document.getElementById(id).style.display = display;
+ }
+
+function HideAllBut(ids, max)
+ {
+ if (document.getElementById)
+ {
+ ids.sort( function(a,b) { return a - b; } );
+ var number = 1;
+
+ while (number < max)
+ {
+ if (ids.length > 0 && number == ids[0])
+ { ids.shift(); }
+ else
+ {
+ document.getElementById("MGroupContent" + number).style.display = "none";
+ };
+
+ number++;
+ };
+ };
+ }
+
+
+//
+// Tooltips
+// ____________________________________________________________________________
+
+
+var tooltipTimer = 0;
+
+function ShowTip(event, tooltipID, linkID)
+ {
+ if (tooltipTimer)
+ { clearTimeout(tooltipTimer); };
+
+ var docX = event.clientX + window.pageXOffset;
+ var docY = event.clientY + window.pageYOffset;
+
+ var showCommand = "ReallyShowTip('" + tooltipID + "', '" + linkID + "', " + docX + ", " + docY + ")";
+
+ tooltipTimer = setTimeout(showCommand, 1000);
+ }
+
+function ReallyShowTip(tooltipID, linkID, docX, docY)
+ {
+ tooltipTimer = 0;
+
+ var tooltip;
+ var link;
+
+ if (document.getElementById)
+ {
+ tooltip = document.getElementById(tooltipID);
+ link = document.getElementById(linkID);
+ }
+/* else if (document.all)
+ {
+ tooltip = eval("document.all['" + tooltipID + "']");
+ link = eval("document.all['" + linkID + "']");
+ }
+*/
+ if (tooltip)
+ {
+ var left = GetXPosition(link);
+ var top = GetYPosition(link);
+ top += link.offsetHeight;
+
+
+ // The fallback method is to use the mouse X and Y relative to the document. We use a separate if and test if its a number
+ // in case some browser snuck through the above if statement but didn't support everything.
+
+ if (!isFinite(top) || top == 0)
+ {
+ left = docX;
+ top = docY;
+ }
+
+ // Some spacing to get it out from under the cursor.
+
+ top += 10;
+
+ // Make sure the tooltip doesnt get smushed by being too close to the edge, or in some browsers, go off the edge of the
+ // page. We do it here because Konqueror does get offsetWidth right even if it doesnt get the positioning right.
+
+ if (tooltip.offsetWidth != null)
+ {
+ var width = tooltip.offsetWidth;
+ var docWidth = document.body.clientWidth;
+
+ if (left + width > docWidth)
+ { left = docWidth - width - 1; }
+
+ // If there's a horizontal scroll bar we could go past zero because it's using the page width, not the window width.
+ if (left < 0)
+ { left = 0; };
+ }
+
+ MoveToPosition(tooltip, left, top);
+ tooltip.style.visibility = "visible";
+ }
+ }
+
+function HideTip(tooltipID)
+ {
+ if (tooltipTimer)
+ {
+ clearTimeout(tooltipTimer);
+ tooltipTimer = 0;
+ }
+
+ var tooltip;
+
+ if (document.getElementById)
+ { tooltip = document.getElementById(tooltipID); }
+ else if (document.all)
+ { tooltip = eval("document.all['" + tooltipID + "']"); }
+
+ if (tooltip)
+ { tooltip.style.visibility = "hidden"; }
+ }
+
+
+//
+// Blockquote fix for IE
+// ____________________________________________________________________________
+
+
+function NDOnLoad()
+ {
+ if (browserVer == "IE6")
+ {
+ var scrollboxes = document.getElementsByTagName('blockquote');
+
+ if (scrollboxes.item(0))
+ {
+ NDDoResize();
+ window.onresize=NDOnResize;
+ };
+ };
+ };
+
+
+var resizeTimer = 0;
+
+function NDOnResize()
+ {
+ if (resizeTimer != 0)
+ { clearTimeout(resizeTimer); };
+
+ resizeTimer = setTimeout(NDDoResize, 250);
+ };
+
+
+function NDDoResize()
+ {
+ var scrollboxes = document.getElementsByTagName('blockquote');
+
+ var i;
+ var item;
+
+ i = 0;
+ while (item = scrollboxes.item(i))
+ {
+ item.style.width = 100;
+ i++;
+ };
+
+ i = 0;
+ while (item = scrollboxes.item(i))
+ {
+ item.style.width = item.parentNode.offsetWidth;
+ i++;
+ };
+
+ clearTimeout(resizeTimer);
+ resizeTimer = 0;
+ }
+
+
+
+/* ________________________________________________________________________________________________________
+
+ Class: SearchPanel
+ ________________________________________________________________________________________________________
+
+ A class handling everything associated with the search panel.
+
+ Parameters:
+
+ name - The name of the global variable that will be storing this instance. Is needed to be able to set timeouts.
+ mode - The mode the search is going to work in. Pass <NaturalDocs::Builder::Base->CommandLineOption()>, so the
+ value will be something like "HTML" or "FramedHTML".
+
+ ________________________________________________________________________________________________________
+*/
+
+
+function SearchPanel(name, mode, resultsPath)
+ {
+ if (!name || !mode || !resultsPath)
+ { alert("Incorrect parameters to SearchPanel."); };
+
+
+ // Group: Variables
+ // ________________________________________________________________________
+
+ /*
+ var: name
+ The name of the global variable that will be storing this instance of the class.
+ */
+ this.name = name;
+
+ /*
+ var: mode
+ The mode the search is going to work in, such as "HTML" or "FramedHTML".
+ */
+ this.mode = mode;
+
+ /*
+ var: resultsPath
+ The relative path from the current HTML page to the results page directory.
+ */
+ this.resultsPath = resultsPath;
+
+ /*
+ var: keyTimeout
+ The timeout used between a keystroke and when a search is performed.
+ */
+ this.keyTimeout = 0;
+
+ /*
+ var: keyTimeoutLength
+ The length of <keyTimeout> in thousandths of a second.
+ */
+ this.keyTimeoutLength = 500;
+
+ /*
+ var: lastSearchValue
+ The last search string executed, or an empty string if none.
+ */
+ this.lastSearchValue = "";
+
+ /*
+ var: lastResultsPage
+ The last results page. The value is only relevant if <lastSearchValue> is set.
+ */
+ this.lastResultsPage = "";
+
+ /*
+ var: deactivateTimeout
+
+ The timeout used between when a control is deactivated and when the entire panel is deactivated. Is necessary
+ because a control may be deactivated in favor of another control in the same panel, in which case it should stay
+ active.
+ */
+ this.deactivateTimout = 0;
+
+ /*
+ var: deactivateTimeoutLength
+ The length of <deactivateTimeout> in thousandths of a second.
+ */
+ this.deactivateTimeoutLength = 200;
+
+
+
+
+ // Group: DOM Elements
+ // ________________________________________________________________________
+
+
+ // Function: DOMSearchField
+ this.DOMSearchField = function()
+ { return document.getElementById("MSearchField"); };
+
+ // Function: DOMSearchType
+ this.DOMSearchType = function()
+ { return document.getElementById("MSearchType"); };
+
+ // Function: DOMPopupSearchResults
+ this.DOMPopupSearchResults = function()
+ { return document.getElementById("MSearchResults"); };
+
+ // Function: DOMPopupSearchResultsWindow
+ this.DOMPopupSearchResultsWindow = function()
+ { return document.getElementById("MSearchResultsWindow"); };
+
+ // Function: DOMSearchPanel
+ this.DOMSearchPanel = function()
+ { return document.getElementById("MSearchPanel"); };
+
+
+
+
+ // Group: Event Handlers
+ // ________________________________________________________________________
+
+
+ /*
+ Function: OnSearchFieldFocus
+ Called when focus is added or removed from the search field.
+ */
+ this.OnSearchFieldFocus = function(isActive)
+ {
+ this.Activate(isActive);
+ };
+
+
+ /*
+ Function: OnSearchFieldChange
+ Called when the content of the search field is changed.
+ */
+ this.OnSearchFieldChange = function()
+ {
+ if (this.keyTimeout)
+ {
+ clearTimeout(this.keyTimeout);
+ this.keyTimeout = 0;
+ };
+
+ var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+ if (searchValue != this.lastSearchValue)
+ {
+ if (searchValue != "")
+ {
+ this.keyTimeout = setTimeout(this.name + ".Search()", this.keyTimeoutLength);
+ }
+ else
+ {
+ if (this.mode == "HTML")
+ { this.DOMPopupSearchResultsWindow().style.display = "none"; };
+ this.lastSearchValue = "";
+ };
+ };
+ };
+
+
+ /*
+ Function: OnSearchTypeFocus
+ Called when focus is added or removed from the search type.
+ */
+ this.OnSearchTypeFocus = function(isActive)
+ {
+ this.Activate(isActive);
+ };
+
+
+ /*
+ Function: OnSearchTypeChange
+ Called when the search type is changed.
+ */
+ this.OnSearchTypeChange = function()
+ {
+ var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+ if (searchValue != "")
+ {
+ this.Search();
+ };
+ };
+
+
+
+ // Group: Action Functions
+ // ________________________________________________________________________
+
+
+ /*
+ Function: CloseResultsWindow
+ Closes the results window.
+ */
+ this.CloseResultsWindow = function()
+ {
+ this.DOMPopupSearchResultsWindow().style.display = "none";
+ this.Activate(false, true);
+ };
+
+
+ /*
+ Function: Search
+ Performs a search.
+ */
+ this.Search = function()
+ {
+ this.keyTimeout = 0;
+
+ var searchValue = this.DOMSearchField().value.replace(/^ +/, "");
+ var searchTopic = this.DOMSearchType().value;
+
+ var pageExtension = searchValue.substr(0,1);
+
+ if (pageExtension.match(/^[a-z]/i))
+ { pageExtension = pageExtension.toUpperCase(); }
+ else if (pageExtension.match(/^[0-9]/))
+ { pageExtension = 'Numbers'; }
+ else
+ { pageExtension = "Symbols"; };
+
+ var resultsPage;
+ var resultsPageWithSearch;
+ var hasResultsPage;
+
+ // indexSectionsWithContent is defined in searchdata.js
+ if (indexSectionsWithContent[searchTopic][pageExtension] == true)
+ {
+ resultsPage = this.resultsPath + '/' + searchTopic + pageExtension + '.html';
+ resultsPageWithSearch = resultsPage+'?'+escape(searchValue);
+ hasResultsPage = true;
+ }
+ else
+ {
+ resultsPage = this.resultsPath + '/NoResults.html';
+ resultsPageWithSearch = resultsPage;
+ hasResultsPage = false;
+ };
+
+ var resultsFrame;
+ if (this.mode == "HTML")
+ { resultsFrame = window.frames.MSearchResults; }
+ else if (this.mode == "FramedHTML")
+ { resultsFrame = window.top.frames['Content']; };
+
+
+ if (resultsPage != this.lastResultsPage ||
+
+ // Bug in IE. If everything becomes hidden in a run, none of them will be able to be reshown in the next for some
+ // reason. It counts the right number of results, and you can even read the display as "block" after setting it, but it
+ // just doesn't work in IE 6 or IE 7. So if we're on the right page but the previous search had no results, reload the
+ // page anyway to get around the bug.
+ (browserType == "IE" && hasResultsPage &&
+ (!resultsFrame.searchResults || resultsFrame.searchResults.lastMatchCount == 0)) )
+
+ {
+ resultsFrame.location.href = resultsPageWithSearch;
+ }
+
+ // So if the results page is right and there's no IE bug, reperform the search on the existing page. We have to check if there
+ // are results because NoResults.html doesn't have any JavaScript, and it would be useless to do anything on that page even
+ // if it did.
+ else if (hasResultsPage)
+ {
+ // We need to check if this exists in case the frame is present but didn't finish loading.
+ if (resultsFrame.searchResults)
+ { resultsFrame.searchResults.Search(searchValue); }
+
+ // Otherwise just reload instead of waiting.
+ else
+ { resultsFrame.location.href = resultsPageWithSearch; };
+ };
+
+
+ var domPopupSearchResultsWindow = this.DOMPopupSearchResultsWindow();
+
+ if (this.mode == "HTML" && domPopupSearchResultsWindow.style.display != "block")
+ {
+ var domSearchType = this.DOMSearchType();
+
+ var left = GetXPosition(domSearchType);
+ var top = GetYPosition(domSearchType) + domSearchType.offsetHeight;
+
+ MoveToPosition(domPopupSearchResultsWindow, left, top);
+ domPopupSearchResultsWindow.style.display = 'block';
+ };
+
+
+ this.lastSearchValue = searchValue;
+ this.lastResultsPage = resultsPage;
+ };
+
+
+
+ // Group: Activation Functions
+ // Functions that handle whether the entire panel is active or not.
+ // ________________________________________________________________________
+
+
+ /*
+ Function: Activate
+
+ Activates or deactivates the search panel, resetting things to their default values if necessary. You can call this on every
+ control's OnBlur() and it will handle not deactivating the entire panel when focus is just switching between them transparently.
+
+ Parameters:
+
+ isActive - Whether you're activating or deactivating the panel.
+ ignoreDeactivateDelay - Set if you're positive the action will deactivate the panel and thus want to skip the delay.
+ */
+ this.Activate = function(isActive, ignoreDeactivateDelay)
+ {
+ // We want to ignore isActive being false while the results window is open.
+ if (isActive || (this.mode == "HTML" && this.DOMPopupSearchResultsWindow().style.display == "block"))
+ {
+ if (this.inactivateTimeout)
+ {
+ clearTimeout(this.inactivateTimeout);
+ this.inactivateTimeout = 0;
+ };
+
+ this.DOMSearchPanel().className = 'MSearchPanelActive';
+
+ var searchField = this.DOMSearchField();
+
+ if (searchField.value == 'Search')
+ { searchField.value = ""; }
+ }
+ else if (!ignoreDeactivateDelay)
+ {
+ this.inactivateTimeout = setTimeout(this.name + ".InactivateAfterTimeout()", this.inactivateTimeoutLength);
+ }
+ else
+ {
+ this.InactivateAfterTimeout();
+ };
+ };
+
+
+ /*
+ Function: InactivateAfterTimeout
+
+ Called by <inactivateTimeout>, which is set by <Activate()>. Inactivation occurs on a timeout because a control may
+ receive OnBlur() when focus is really transferring to another control in the search panel. In this case we don't want to
+ actually deactivate the panel because not only would that cause a visible flicker but it could also reset the search value.
+ So by doing it on a timeout instead, there's a short period where the second control's OnFocus() can cancel the deactivation.
+ */
+ this.InactivateAfterTimeout = function()
+ {
+ this.inactivateTimeout = 0;
+
+ this.DOMSearchPanel().className = 'MSearchPanelInactive';
+ this.DOMSearchField().value = "Search";
+
+ this.lastSearchValue = "";
+ this.lastResultsPage = "";
+ };
+ };
+
+
+
+
+/* ________________________________________________________________________________________________________
+
+ Class: SearchResults
+ _________________________________________________________________________________________________________
+
+ The class that handles everything on the search results page.
+ _________________________________________________________________________________________________________
+*/
+
+
+function SearchResults(name, mode)
+ {
+ /*
+ var: mode
+ The mode the search is going to work in, such as "HTML" or "FramedHTML".
+ */
+ this.mode = mode;
+
+ /*
+ var: lastMatchCount
+ The number of matches from the last run of <Search()>.
+ */
+ this.lastMatchCount = 0;
+
+
+ /*
+ Function: Toggle
+ Toggles the visibility of the passed element ID.
+ */
+ this.Toggle = function(id)
+ {
+ if (this.mode == "FramedHTML")
+ { return; };
+
+ var parentElement = document.getElementById(id);
+
+ var element = parentElement.firstChild;
+
+ while (element && element != parentElement)
+ {
+ if (element.nodeName == 'DIV' && element.className == 'ISubIndex')
+ {
+ if (element.style.display == 'block')
+ { element.style.display = "none"; }
+ else
+ { element.style.display = 'block'; }
+ };
+
+ if (element.nodeName == 'DIV' && element.hasChildNodes())
+ { element = element.firstChild; }
+ else if (element.nextSibling)
+ { element = element.nextSibling; }
+ else
+ {
+ do
+ {
+ element = element.parentNode;
+ }
+ while (element && element != parentElement && !element.nextSibling);
+
+ if (element && element != parentElement)
+ { element = element.nextSibling; };
+ };
+ };
+ };
+
+
+ /*
+ Function: Search
+
+ Searches for the passed string. If there is no parameter, it takes it from the URL query.
+
+ Always returns true, since other documents may try to call it and that may or may not be possible.
+ */
+ this.Search = function(search)
+ {
+ if (!search)
+ {
+ search = window.location.search;
+ search = search.substring(1); // Remove the leading ?
+ search = unescape(search);
+ };
+
+ search = search.replace(/^ +/, "");
+ search = search.replace(/ +$/, "");
+ search = search.toLowerCase();
+
+ if (search.match(/[^a-z0-9]/)) // Just a little speedup so it doesn't have to go through the below unnecessarily.
+ {
+ search = search.replace(/\_/g, "_und");
+ search = search.replace(/\ +/gi, "_spc");
+ search = search.replace(/\~/g, "_til");
+ search = search.replace(/\!/g, "_exc");
+ search = search.replace(/\@/g, "_att");
+ search = search.replace(/\#/g, "_num");
+ search = search.replace(/\$/g, "_dol");
+ search = search.replace(/\%/g, "_pct");
+ search = search.replace(/\^/g, "_car");
+ search = search.replace(/\&/g, "_amp");
+ search = search.replace(/\*/g, "_ast");
+ search = search.replace(/\(/g, "_lpa");
+ search = search.replace(/\)/g, "_rpa");
+ search = search.replace(/\-/g, "_min");
+ search = search.replace(/\+/g, "_plu");
+ search = search.replace(/\=/g, "_equ");
+ search = search.replace(/\{/g, "_lbc");
+ search = search.replace(/\}/g, "_rbc");
+ search = search.replace(/\[/g, "_lbk");
+ search = search.replace(/\]/g, "_rbk");
+ search = search.replace(/\:/g, "_col");
+ search = search.replace(/\;/g, "_sco");
+ search = search.replace(/\"/g, "_quo");
+ search = search.replace(/\'/g, "_apo");
+ search = search.replace(/\</g, "_lan");
+ search = search.replace(/\>/g, "_ran");
+ search = search.replace(/\,/g, "_com");
+ search = search.replace(/\./g, "_per");
+ search = search.replace(/\?/g, "_que");
+ search = search.replace(/\//g, "_sla");
+ search = search.replace(/[^a-z0-9\_]i/gi, "_zzz");
+ };
+
+ var resultRows = document.getElementsByTagName("div");
+ var matches = 0;
+
+ var i = 0;
+ while (i < resultRows.length)
+ {
+ var row = resultRows.item(i);
+
+ if (row.className == "SRResult")
+ {
+ var rowMatchName = row.id.toLowerCase();
+ rowMatchName = rowMatchName.replace(/^sr\d*_/, '');
+
+ if (search.length <= rowMatchName.length && rowMatchName.substr(0, search.length) == search)
+ {
+ row.style.display = "block";
+ matches++;
+ }
+ else
+ { row.style.display = "none"; };
+ };
+
+ i++;
+ };
+
+ document.getElementById("Searching").style.display="none";
+
+ if (matches == 0)
+ { document.getElementById("NoMatches").style.display="block"; }
+ else
+ { document.getElementById("NoMatches").style.display="none"; }
+
+ this.lastMatchCount = matches;
+
+ return true;
+ };
+ };
+
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/prettify.js b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/prettify.js
new file mode 100644
index 00000000..fda4bf1e
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/prettify.js
@@ -0,0 +1,1526 @@
+
+// This code comes from the December 2009 release of Google Prettify, which is Copyright � 2006 Google Inc.
+// Minor modifications are marked with "ND Change" comments.
+// As part of Natural Docs, this code is licensed under version 3 of the GNU Affero General Public License (AGPL.)
+// However, it may also be obtained separately under version 2.0 of the Apache License.
+// Refer to License.txt for the complete details
+
+
+// Main code
+// ____________________________________________________________________________
+
+// Copyright (C) 2006 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+/**
+ * @fileoverview
+ * some functions for browser-side pretty printing of code contained in html.
+ * <p>
+ *
+ * For a fairly comprehensive set of languages see the
+ * <a href="http://google-code-prettify.googlecode.com/svn/trunk/README.html#langs">README</a>
+ * file that came with this source. At a minimum, the lexer should work on a
+ * number of languages including C and friends, Java, Python, Bash, SQL, HTML,
+ * XML, CSS, Javascript, and Makefiles. It works passably on Ruby, PHP and Awk
+ * and a subset of Perl, but, because of commenting conventions, doesn't work on
+ * Smalltalk, Lisp-like, or CAML-like languages without an explicit lang class.
+ * <p>
+ * Usage: <ol>
+ * <li> include this source file in an html page via
+ * {@code <script type="text/javascript" src="/path/to/prettify.js"></script>}
+ * <li> define style rules. See the example page for examples.
+ * <li> mark the {@code <pre>} and {@code <code>} tags in your source with
+ * {@code class=prettyprint.}
+ * You can also use the (html deprecated) {@code <xmp>} tag, but the pretty
+ * printer needs to do more substantial DOM manipulations to support that, so
+ * some css styles may not be preserved.
+ * </ol>
+ * That's it. I wanted to keep the API as simple as possible, so there's no
+ * need to specify which language the code is in, but if you wish, you can add
+ * another class to the {@code <pre>} or {@code <code>} element to specify the
+ * language, as in {@code <pre class="prettyprint lang-java">}. Any class that
+ * starts with "lang-" followed by a file extension, specifies the file type.
+ * See the "lang-*.js" files in this directory for code that implements
+ * per-language file handlers.
+ * <p>
+ * Change log:<br>
+ * cbeust, 2006/08/22
+ * <blockquote>
+ * Java annotations (start with "@") are now captured as literals ("lit")
+ * </blockquote>
+ * @requires console
+ * @overrides window
+ */
+
+// JSLint declarations
+/*global console, document, navigator, setTimeout, window */
+
+/**
+ * Split {@code prettyPrint} into multiple timeouts so as not to interfere with
+ * UI events.
+ * If set to {@code false}, {@code prettyPrint()} is synchronous.
+ */
+window['PR_SHOULD_USE_CONTINUATION'] = true;
+
+/** the number of characters between tab columns */
+window['PR_TAB_WIDTH'] = 8;
+
+/** Walks the DOM returning a properly escaped version of innerHTML.
+ * @param {Node} node
+ * @param {Array.<string>} out output buffer that receives chunks of HTML.
+ */
+window['PR_normalizedHtml']
+
+/** Contains functions for creating and registering new language handlers.
+ * @type {Object}
+ */
+ = window['PR']
+
+/** Pretty print a chunk of code.
+ *
+ * @param {string} sourceCodeHtml code as html
+ * @return {string} code as html, but prettier
+ */
+ = window['prettyPrintOne']
+/** Find all the {@code <pre>} and {@code <code>} tags in the DOM with
+ * {@code class=prettyprint} and prettify them.
+ * @param {Function?} opt_whenDone if specified, called when the last entry
+ * has been finished.
+ */
+ = window['prettyPrint'] = void 0;
+
+/** browser detection. @extern @returns false if not IE, otherwise the major version. */
+window['_pr_isIE6'] = function () {
+ var ieVersion = navigator && navigator.userAgent &&
+ navigator.userAgent.match(/\bMSIE ([678])\./);
+ ieVersion = ieVersion ? +ieVersion[1] : false;
+ window['_pr_isIE6'] = function () { return ieVersion; };
+ return ieVersion;
+};
+
+
+(function () {
+ // Keyword lists for various languages.
+ var FLOW_CONTROL_KEYWORDS =
+ "break continue do else for if return while ";
+ var C_KEYWORDS = FLOW_CONTROL_KEYWORDS + "auto case char const default " +
+ "double enum extern float goto int long register short signed sizeof " +
+ "static struct switch typedef union unsigned void volatile ";
+ var COMMON_KEYWORDS = C_KEYWORDS + "catch class delete false import " +
+ "new operator private protected public this throw true try typeof ";
+ var CPP_KEYWORDS = COMMON_KEYWORDS + "alignof align_union asm axiom bool " +
+ "concept concept_map const_cast constexpr decltype " +
+ "dynamic_cast explicit export friend inline late_check " +
+ "mutable namespace nullptr reinterpret_cast static_assert static_cast " +
+ "template typeid typename using virtual wchar_t where ";
+ var JAVA_KEYWORDS = COMMON_KEYWORDS +
+ "abstract boolean byte extends final finally implements import " +
+ "instanceof null native package strictfp super synchronized throws " +
+ "transient ";
+ var CSHARP_KEYWORDS = JAVA_KEYWORDS +
+ "as base by checked decimal delegate descending event " +
+ "fixed foreach from group implicit in interface internal into is lock " +
+ "object out override orderby params partial readonly ref sbyte sealed " +
+ "stackalloc string select uint ulong unchecked unsafe ushort var ";
+ var JSCRIPT_KEYWORDS = COMMON_KEYWORDS +
+ "debugger eval export function get null set undefined var with " +
+ "Infinity NaN ";
+ var PERL_KEYWORDS = "caller delete die do dump elsif eval exit foreach for " +
+ "goto if import last local my next no our print package redo require " +
+ "sub undef unless until use wantarray while BEGIN END ";
+ var PYTHON_KEYWORDS = FLOW_CONTROL_KEYWORDS + "and as assert class def del " +
+ "elif except exec finally from global import in is lambda " +
+ "nonlocal not or pass print raise try with yield " +
+ "False True None ";
+ var RUBY_KEYWORDS = FLOW_CONTROL_KEYWORDS + "alias and begin case class def" +
+ " defined elsif end ensure false in module next nil not or redo rescue " +
+ "retry self super then true undef unless until when yield BEGIN END ";
+ var SH_KEYWORDS = FLOW_CONTROL_KEYWORDS + "case done elif esac eval fi " +
+ "function in local set then until ";
+ var ALL_KEYWORDS = (
+ CPP_KEYWORDS + CSHARP_KEYWORDS + JSCRIPT_KEYWORDS + PERL_KEYWORDS +
+ PYTHON_KEYWORDS + RUBY_KEYWORDS + SH_KEYWORDS);
+
+ // token style names. correspond to css classes
+ /** token style for a string literal */
+ var PR_STRING = 'str';
+ /** token style for a keyword */
+ var PR_KEYWORD = 'kwd';
+ /** token style for a comment */
+ var PR_COMMENT = 'com';
+ /** token style for a type */
+ var PR_TYPE = 'typ';
+ /** token style for a literal value. e.g. 1, null, true. */
+ var PR_LITERAL = 'lit';
+ /** token style for a punctuation string. */
+ var PR_PUNCTUATION = 'pun';
+ /** token style for a punctuation string. */
+ var PR_PLAIN = 'pln';
+
+ /** token style for an sgml tag. */
+ var PR_TAG = 'tag';
+ /** token style for a markup declaration such as a DOCTYPE. */
+ var PR_DECLARATION = 'dec';
+ /** token style for embedded source. */
+ var PR_SOURCE = 'src';
+ /** token style for an sgml attribute name. */
+ var PR_ATTRIB_NAME = 'atn';
+ /** token style for an sgml attribute value. */
+ var PR_ATTRIB_VALUE = 'atv';
+
+ /**
+ * A class that indicates a section of markup that is not code, e.g. to allow
+ * embedding of line numbers within code listings.
+ */
+ var PR_NOCODE = 'nocode';
+
+ /** A set of tokens that can precede a regular expression literal in
+ * javascript.
+ * http://www.mozilla.org/js/language/js20/rationale/syntax.html has the full
+ * list, but I've removed ones that might be problematic when seen in
+ * languages that don't support regular expression literals.
+ *
+ * <p>Specifically, I've removed any keywords that can't precede a regexp
+ * literal in a syntactically legal javascript program, and I've removed the
+ * "in" keyword since it's not a keyword in many languages, and might be used
+ * as a count of inches.
+ *
+ * <p>The link a above does not accurately describe EcmaScript rules since
+ * it fails to distinguish between (a=++/b/i) and (a++/b/i) but it works
+ * very well in practice.
+ *
+ * @private
+ */
+ var REGEXP_PRECEDER_PATTERN = function () {
+ var preceders = [
+ "!", "!=", "!==", "#", "%", "%=", "&", "&&", "&&=",
+ "&=", "(", "*", "*=", /* "+", */ "+=", ",", /* "-", */ "-=",
+ "->", /*".", "..", "...", handled below */ "/", "/=", ":", "::", ";",
+ "<", "<<", "<<=", "<=", "=", "==", "===", ">",
+ ">=", ">>", ">>=", ">>>", ">>>=", "?", "@", "[",
+ "^", "^=", "^^", "^^=", "{", "|", "|=", "||",
+ "||=", "~" /* handles =~ and !~ */,
+ "break", "case", "continue", "delete",
+ "do", "else", "finally", "instanceof",
+ "return", "throw", "try", "typeof"
+ ];
+ var pattern = '(?:^^|[+-]';
+ for (var i = 0; i < preceders.length; ++i) {
+ pattern += '|' + preceders[i].replace(/([^=<>:&a-z])/g, '\\$1');
+ }
+ pattern += ')\\s*'; // matches at end, and matches empty string
+ return pattern;
+ // CAVEAT: this does not properly handle the case where a regular
+ // expression immediately follows another since a regular expression may
+ // have flags for case-sensitivity and the like. Having regexp tokens
+ // adjacent is not valid in any language I'm aware of, so I'm punting.
+ // TODO: maybe style special characters inside a regexp as punctuation.
+ }();
+
+ // Define regexps here so that the interpreter doesn't have to create an
+ // object each time the function containing them is called.
+ // The language spec requires a new object created even if you don't access
+ // the $1 members.
+ var pr_amp = /&/g;
+ var pr_lt = /</g;
+ var pr_gt = />/g;
+ var pr_quot = /\"/g;
+ /** like textToHtml but escapes double quotes to be attribute safe. */
+ function attribToHtml(str) {
+ return str.replace(pr_amp, '&')
+ .replace(pr_lt, '<')
+ .replace(pr_gt, '>')
+ .replace(pr_quot, '"');
+ }
+
+ /** escapest html special characters to html. */
+ function textToHtml(str) {
+ return str.replace(pr_amp, '&')
+ .replace(pr_lt, '<')
+ .replace(pr_gt, '>');
+ }
+
+
+ var pr_ltEnt = /</g;
+ var pr_gtEnt = />/g;
+ var pr_aposEnt = /'/g;
+ var pr_quotEnt = /"/g;
+ var pr_ampEnt = /&/g;
+ var pr_nbspEnt = / /g;
+ /** unescapes html to plain text. */
+ function htmlToText(html) {
+ var pos = html.indexOf('&');
+ if (pos < 0) { return html; }
+ // Handle numeric entities specially. We can't use functional substitution
+ // since that doesn't work in older versions of Safari.
+ // These should be rare since most browsers convert them to normal chars.
+ for (--pos; (pos = html.indexOf('&#', pos + 1)) >= 0;) {
+ var end = html.indexOf(';', pos);
+ if (end >= 0) {
+ var num = html.substring(pos + 3, end);
+ var radix = 10;
+ if (num && num.charAt(0) === 'x') {
+ num = num.substring(1);
+ radix = 16;
+ }
+ var codePoint = parseInt(num, radix);
+ if (!isNaN(codePoint)) {
+ html = (html.substring(0, pos) + String.fromCharCode(codePoint) +
+ html.substring(end + 1));
+ }
+ }
+ }
+
+ return html.replace(pr_ltEnt, '<')
+ .replace(pr_gtEnt, '>')
+ .replace(pr_aposEnt, "'")
+ .replace(pr_quotEnt, '"')
+ .replace(pr_nbspEnt, ' ')
+ .replace(pr_ampEnt, '&');
+ }
+
+ /** is the given node's innerHTML normally unescaped? */
+ function isRawContent(node) {
+ return 'XMP' === node.tagName;
+ }
+
+ var newlineRe = /[\r\n]/g;
+ /**
+ * Are newlines and adjacent spaces significant in the given node's innerHTML?
+ */
+ function isPreformatted(node, content) {
+ // PRE means preformatted, and is a very common case, so don't create
+ // unnecessary computed style objects.
+ if ('PRE' === node.tagName) { return true; }
+ if (!newlineRe.test(content)) { return true; } // Don't care
+ var whitespace = '';
+ // For disconnected nodes, IE has no currentStyle.
+ if (node.currentStyle) {
+ whitespace = node.currentStyle.whiteSpace;
+ } else if (window.getComputedStyle) {
+ // Firefox makes a best guess if node is disconnected whereas Safari
+ // returns the empty string.
+ whitespace = window.getComputedStyle(node, null).whiteSpace;
+ }
+ return !whitespace || whitespace === 'pre';
+ }
+
+ function normalizedHtml(node, out) {
+ switch (node.nodeType) {
+ case 1: // an element
+ var name = node.tagName.toLowerCase();
+ out.push('<', name);
+ for (var i = 0; i < node.attributes.length; ++i) {
+ var attr = node.attributes[i];
+ if (!attr.specified) { continue; }
+ out.push(' ');
+ normalizedHtml(attr, out);
+ }
+ out.push('>');
+ for (var child = node.firstChild; child; child = child.nextSibling) {
+ normalizedHtml(child, out);
+ }
+ if (node.firstChild || !/^(?:br|link|img)$/.test(name)) {
+ out.push('<\/', name, '>');
+ }
+ break;
+ case 2: // an attribute
+ out.push(node.name.toLowerCase(), '="', attribToHtml(node.value), '"');
+ break;
+ case 3: case 4: // text
+ out.push(textToHtml(node.nodeValue));
+ break;
+ }
+ }
+
+ /**
+ * Given a group of {@link RegExp}s, returns a {@code RegExp} that globally
+ * matches the union o the sets o strings matched d by the input RegExp.
+ * Since it matches globally, if the input strings have a start-of-input
+ * anchor (/^.../), it is ignored for the purposes of unioning.
+ * @param {Array.<RegExp>} regexs non multiline, non-global regexs.
+ * @return {RegExp} a global regex.
+ */
+ function combinePrefixPatterns(regexs) {
+ var capturedGroupIndex = 0;
+
+ var needToFoldCase = false;
+ var ignoreCase = false;
+ for (var i = 0, n = regexs.length; i < n; ++i) {
+ var regex = regexs[i];
+ if (regex.ignoreCase) {
+ ignoreCase = true;
+ } else if (/[a-z]/i.test(regex.source.replace(
+ /\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi, ''))) {
+ needToFoldCase = true;
+ ignoreCase = false;
+ break;
+ }
+ }
+
+ function decodeEscape(charsetPart) {
+ if (charsetPart.charAt(0) !== '\\') { return charsetPart.charCodeAt(0); }
+ switch (charsetPart.charAt(1)) {
+ case 'b': return 8;
+ case 't': return 9;
+ case 'n': return 0xa;
+ case 'v': return 0xb;
+ case 'f': return 0xc;
+ case 'r': return 0xd;
+ case 'u': case 'x':
+ return parseInt(charsetPart.substring(2), 16)
+ || charsetPart.charCodeAt(1);
+ case '0': case '1': case '2': case '3': case '4':
+ case '5': case '6': case '7':
+ return parseInt(charsetPart.substring(1), 8);
+ default: return charsetPart.charCodeAt(1);
+ }
+ }
+
+ function encodeEscape(charCode) {
+ if (charCode < 0x20) {
+ return (charCode < 0x10 ? '\\x0' : '\\x') + charCode.toString(16);
+ }
+ var ch = String.fromCharCode(charCode);
+ if (ch === '\\' || ch === '-' || ch === '[' || ch === ']') {
+ ch = '\\' + ch;
+ }
+ return ch;
+ }
+
+ function caseFoldCharset(charSet) {
+ var charsetParts = charSet.substring(1, charSet.length - 1).match(
+ new RegExp(
+ '\\\\u[0-9A-Fa-f]{4}'
+ + '|\\\\x[0-9A-Fa-f]{2}'
+ + '|\\\\[0-3][0-7]{0,2}'
+ + '|\\\\[0-7]{1,2}'
+ + '|\\\\[\\s\\S]'
+ + '|-'
+ + '|[^-\\\\]',
+ 'g'));
+ var groups = [];
+ var ranges = [];
+ var inverse = charsetParts[0] === '^';
+ for (var i = inverse ? 1 : 0, n = charsetParts.length; i < n; ++i) {
+ var p = charsetParts[i];
+ switch (p) {
+ case '\\B': case '\\b':
+ case '\\D': case '\\d':
+ case '\\S': case '\\s':
+ case '\\W': case '\\w':
+ groups.push(p);
+ continue;
+ }
+ var start = decodeEscape(p);
+ var end;
+ if (i + 2 < n && '-' === charsetParts[i + 1]) {
+ end = decodeEscape(charsetParts[i + 2]);
+ i += 2;
+ } else {
+ end = start;
+ }
+ ranges.push([start, end]);
+ // If the range might intersect letters, then expand it.
+ if (!(end < 65 || start > 122)) {
+ if (!(end < 65 || start > 90)) {
+ ranges.push([Math.max(65, start) | 32, Math.min(end, 90) | 32]);
+ }
+ if (!(end < 97 || start > 122)) {
+ ranges.push([Math.max(97, start) & ~32, Math.min(end, 122) & ~32]);
+ }
+ }
+ }
+
+ // [[1, 10], [3, 4], [8, 12], [14, 14], [16, 16], [17, 17]]
+ // -> [[1, 12], [14, 14], [16, 17]]
+ ranges.sort(function (a, b) { return (a[0] - b[0]) || (b[1] - a[1]); });
+ var consolidatedRanges = [];
+ var lastRange = [NaN, NaN];
+ for (var i = 0; i < ranges.length; ++i) {
+ var range = ranges[i];
+ if (range[0] <= lastRange[1] + 1) {
+ lastRange[1] = Math.max(lastRange[1], range[1]);
+ } else {
+ consolidatedRanges.push(lastRange = range);
+ }
+ }
+
+ var out = ['['];
+ if (inverse) { out.push('^'); }
+ out.push.apply(out, groups);
+ for (var i = 0; i < consolidatedRanges.length; ++i) {
+ var range = consolidatedRanges[i];
+ out.push(encodeEscape(range[0]));
+ if (range[1] > range[0]) {
+ if (range[1] + 1 > range[0]) { out.push('-'); }
+ out.push(encodeEscape(range[1]));
+ }
+ }
+ out.push(']');
+ return out.join('');
+ }
+
+ function allowAnywhereFoldCaseAndRenumberGroups(regex) {
+ // Split into character sets, escape sequences, punctuation strings
+ // like ('(', '(?:', ')', '^'), and runs of characters that do not
+ // include any of the above.
+ var parts = regex.source.match(
+ new RegExp(
+ '(?:'
+ + '\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]' // a character set
+ + '|\\\\u[A-Fa-f0-9]{4}' // a unicode escape
+ + '|\\\\x[A-Fa-f0-9]{2}' // a hex escape
+ + '|\\\\[0-9]+' // a back-reference or octal escape
+ + '|\\\\[^ux0-9]' // other escape sequence
+ + '|\\(\\?[:!=]' // start of a non-capturing group
+ + '|[\\(\\)\\^]' // start/emd of a group, or line start
+ + '|[^\\x5B\\x5C\\(\\)\\^]+' // run of other characters
+ + ')',
+ 'g'));
+ var n = parts.length;
+
+ // Maps captured group numbers to the number they will occupy in
+ // the output or to -1 if that has not been determined, or to
+ // undefined if they need not be capturing in the output.
+ var capturedGroups = [];
+
+ // Walk over and identify back references to build the capturedGroups
+ // mapping.
+ for (var i = 0, groupIndex = 0; i < n; ++i) {
+ var p = parts[i];
+ if (p === '(') {
+ // groups are 1-indexed, so max group index is count of '('
+ ++groupIndex;
+ } else if ('\\' === p.charAt(0)) {
+ var decimalValue = +p.substring(1);
+ if (decimalValue && decimalValue <= groupIndex) {
+ capturedGroups[decimalValue] = -1;
+ }
+ }
+ }
+
+ // Renumber groups and reduce capturing groups to non-capturing groups
+ // where possible.
+ for (var i = 1; i < capturedGroups.length; ++i) {
+ if (-1 === capturedGroups[i]) {
+ capturedGroups[i] = ++capturedGroupIndex;
+ }
+ }
+ for (var i = 0, groupIndex = 0; i < n; ++i) {
+ var p = parts[i];
+ if (p === '(') {
+ ++groupIndex;
+ if (capturedGroups[groupIndex] === undefined) {
+ parts[i] = '(?:';
+ }
+ } else if ('\\' === p.charAt(0)) {
+ var decimalValue = +p.substring(1);
+ if (decimalValue && decimalValue <= groupIndex) {
+ parts[i] = '\\' + capturedGroups[groupIndex];
+ }
+ }
+ }
+
+ // Remove any prefix anchors so that the output will match anywhere.
+ // ^^ really does mean an anchored match though.
+ for (var i = 0, groupIndex = 0; i < n; ++i) {
+ if ('^' === parts[i] && '^' !== parts[i + 1]) { parts[i] = ''; }
+ }
+
+ // Expand letters to groupts to handle mixing of case-sensitive and
+ // case-insensitive patterns if necessary.
+ if (regex.ignoreCase && needToFoldCase) {
+ for (var i = 0; i < n; ++i) {
+ var p = parts[i];
+ var ch0 = p.charAt(0);
+ if (p.length >= 2 && ch0 === '[') {
+ parts[i] = caseFoldCharset(p);
+ } else if (ch0 !== '\\') {
+ // TODO: handle letters in numeric escapes.
+ parts[i] = p.replace(
+ /[a-zA-Z]/g,
+ function (ch) {
+ var cc = ch.charCodeAt(0);
+ return '[' + String.fromCharCode(cc & ~32, cc | 32) + ']';
+ });
+ }
+ }
+ }
+
+ return parts.join('');
+ }
+
+ var rewritten = [];
+ for (var i = 0, n = regexs.length; i < n; ++i) {
+ var regex = regexs[i];
+ if (regex.global || regex.multiline) { throw new Error('' + regex); }
+ rewritten.push(
+ '(?:' + allowAnywhereFoldCaseAndRenumberGroups(regex) + ')');
+ }
+
+ return new RegExp(rewritten.join('|'), ignoreCase ? 'gi' : 'g');
+ }
+
+ var PR_innerHtmlWorks = null;
+ function getInnerHtml(node) {
+ // inner html is hopelessly broken in Safari 2.0.4 when the content is
+ // an html description of well formed XML and the containing tag is a PRE
+ // tag, so we detect that case and emulate innerHTML.
+ if (null === PR_innerHtmlWorks) {
+ var testNode = document.createElement('PRE');
+ testNode.appendChild(
+ document.createTextNode('<!DOCTYPE foo PUBLIC "foo bar">\n<foo />'));
+ PR_innerHtmlWorks = !/</.test(testNode.innerHTML);
+ }
+
+ if (PR_innerHtmlWorks) {
+ var content = node.innerHTML;
+ // XMP tags contain unescaped entities so require special handling.
+ if (isRawContent(node)) {
+ content = textToHtml(content);
+ } else if (!isPreformatted(node, content)) {
+ content = content.replace(/(<br\s*\/?>)[\r\n]+/g, '$1')
+ .replace(/(?:[\r\n]+[ \t]*)+/g, ' ');
+ }
+ return content;
+ }
+
+ var out = [];
+ for (var child = node.firstChild; child; child = child.nextSibling) {
+ normalizedHtml(child, out);
+ }
+ return out.join('');
+ }
+
+ /** returns a function that expand tabs to spaces. This function can be fed
+ * successive chunks of text, and will maintain its own internal state to
+ * keep track of how tabs are expanded.
+ * @return {function (string) : string} a function that takes
+ * plain text and return the text with tabs expanded.
+ * @private
+ */
+ function makeTabExpander(tabWidth) {
+ var SPACES = ' ';
+ var charInLine = 0;
+
+ return function (plainText) {
+ // walk over each character looking for tabs and newlines.
+ // On tabs, expand them. On newlines, reset charInLine.
+ // Otherwise increment charInLine
+ var out = null;
+ var pos = 0;
+ for (var i = 0, n = plainText.length; i < n; ++i) {
+ var ch = plainText.charAt(i);
+
+ switch (ch) {
+ case '\t':
+ if (!out) { out = []; }
+ out.push(plainText.substring(pos, i));
+ // calculate how much space we need in front of this part
+ // nSpaces is the amount of padding -- the number of spaces needed
+ // to move us to the next column, where columns occur at factors of
+ // tabWidth.
+ var nSpaces = tabWidth - (charInLine % tabWidth);
+ charInLine += nSpaces;
+ for (; nSpaces >= 0; nSpaces -= SPACES.length) {
+ out.push(SPACES.substring(0, nSpaces));
+ }
+ pos = i + 1;
+ break;
+ case '\n':
+ charInLine = 0;
+ break;
+ default:
+ ++charInLine;
+ }
+ }
+ if (!out) { return plainText; }
+ out.push(plainText.substring(pos));
+ return out.join('');
+ };
+ }
+
+ var pr_chunkPattern = new RegExp(
+ '[^<]+' // A run of characters other than '<'
+ + '|<\!--[\\s\\S]*?--\>' // an HTML comment
+ + '|<!\\[CDATA\\[[\\s\\S]*?\\]\\]>' // a CDATA section
+ // a probable tag that should not be highlighted
+ + '|<\/?[a-zA-Z](?:[^>\"\']|\'[^\']*\'|\"[^\"]*\")*>'
+ + '|<', // A '<' that does not begin a larger chunk
+ 'g');
+ var pr_commentPrefix = /^<\!--/;
+ var pr_cdataPrefix = /^<!\[CDATA\[/;
+ var pr_brPrefix = /^<br\b/i;
+ var pr_tagNameRe = /^<(\/?)([a-zA-Z][a-zA-Z0-9]*)/;
+
+ /** split markup into chunks of html tags (style null) and
+ * plain text (style {@link #PR_PLAIN}), converting tags which are
+ * significant for tokenization (<br>) into their textual equivalent.
+ *
+ * @param {string} s html where whitespace is considered significant.
+ * @return {Object} source code and extracted tags.
+ * @private
+ */
+ function extractTags(s) {
+ // since the pattern has the 'g' modifier and defines no capturing groups,
+ // this will return a list of all chunks which we then classify and wrap as
+ // PR_Tokens
+ var matches = s.match(pr_chunkPattern);
+ var sourceBuf = [];
+ var sourceBufLen = 0;
+ var extractedTags = [];
+ if (matches) {
+ for (var i = 0, n = matches.length; i < n; ++i) {
+ var match = matches[i];
+ if (match.length > 1 && match.charAt(0) === '<') {
+ if (pr_commentPrefix.test(match)) { continue; }
+ if (pr_cdataPrefix.test(match)) {
+ // strip CDATA prefix and suffix. Don't unescape since it's CDATA
+ sourceBuf.push(match.substring(9, match.length - 3));
+ sourceBufLen += match.length - 12;
+ } else if (pr_brPrefix.test(match)) {
+ // <br> tags are lexically significant so convert them to text.
+ // This is undone later.
+ sourceBuf.push('\n');
+ ++sourceBufLen;
+ } else {
+ if (match.indexOf(PR_NOCODE) >= 0 && isNoCodeTag(match)) {
+ // A <span class="nocode"> will start a section that should be
+ // ignored. Continue walking the list until we see a matching end
+ // tag.
+ var name = match.match(pr_tagNameRe)[2];
+ var depth = 1;
+ var j;
+ end_tag_loop:
+ for (j = i + 1; j < n; ++j) {
+ var name2 = matches[j].match(pr_tagNameRe);
+ if (name2 && name2[2] === name) {
+ if (name2[1] === '/') {
+ if (--depth === 0) { break end_tag_loop; }
+ } else {
+ ++depth;
+ }
+ }
+ }
+ if (j < n) {
+ extractedTags.push(
+ sourceBufLen, matches.slice(i, j + 1).join(''));
+ i = j;
+ } else { // Ignore unclosed sections.
+ extractedTags.push(sourceBufLen, match);
+ }
+ } else {
+ extractedTags.push(sourceBufLen, match);
+ }
+ }
+ } else {
+ var literalText = htmlToText(match);
+ sourceBuf.push(literalText);
+ sourceBufLen += literalText.length;
+ }
+ }
+ }
+ return { source: sourceBuf.join(''), tags: extractedTags };
+ }
+
+ /** True if the given tag contains a class attribute with the nocode class. */
+ function isNoCodeTag(tag) {
+ return !!tag
+ // First canonicalize the representation of attributes
+ .replace(/\s(\w+)\s*=\s*(?:\"([^\"]*)\"|'([^\']*)'|(\S+))/g,
+ ' $1="$2$3$4"')
+ // Then look for the attribute we want.
+ .match(/[cC][lL][aA][sS][sS]=\"[^\"]*\bnocode\b/);
+ }
+
+ /**
+ * Apply the given language handler to sourceCode and add the resulting
+ * decorations to out.
+ * @param {number} basePos the index of sourceCode within the chunk of source
+ * whose decorations are already present on out.
+ */
+ function appendDecorations(basePos, sourceCode, langHandler, out) {
+ if (!sourceCode) { return; }
+ var job = {
+ source: sourceCode,
+ basePos: basePos
+ };
+ langHandler(job);
+ out.push.apply(out, job.decorations);
+ }
+
+ /** Given triples of [style, pattern, context] returns a lexing function,
+ * The lexing function interprets the patterns to find token boundaries and
+ * returns a decoration list of the form
+ * [index_0, style_0, index_1, style_1, ..., index_n, style_n]
+ * where index_n is an index into the sourceCode, and style_n is a style
+ * constant like PR_PLAIN. index_n-1 <= index_n, and style_n-1 applies to
+ * all characters in sourceCode[index_n-1:index_n].
+ *
+ * The stylePatterns is a list whose elements have the form
+ * [style : string, pattern : RegExp, DEPRECATED, shortcut : string].
+ *
+ * Style is a style constant like PR_PLAIN, or can be a string of the
+ * form 'lang-FOO', where FOO is a language extension describing the
+ * language of the portion of the token in $1 after pattern executes.
+ * E.g., if style is 'lang-lisp', and group 1 contains the text
+ * '(hello (world))', then that portion of the token will be passed to the
+ * registered lisp handler for formatting.
+ * The text before and after group 1 will be restyled using this decorator
+ * so decorators should take care that this doesn't result in infinite
+ * recursion. For example, the HTML lexer rule for SCRIPT elements looks
+ * something like ['lang-js', /<[s]cript>(.+?)<\/script>/]. This may match
+ * '<script>foo()<\/script>', which would cause the current decorator to
+ * be called with '<script>' which would not match the same rule since
+ * group 1 must not be empty, so it would be instead styled as PR_TAG by
+ * the generic tag rule. The handler registered for the 'js' extension would
+ * then be called with 'foo()', and finally, the current decorator would
+ * be called with '<\/script>' which would not match the original rule and
+ * so the generic tag rule would identify it as a tag.
+ *
+ * Pattern must only match prefixes, and if it matches a prefix, then that
+ * match is considered a token with the same style.
+ *
+ * Context is applied to the last non-whitespace, non-comment token
+ * recognized.
+ *
+ * Shortcut is an optional string of characters, any of which, if the first
+ * character, gurantee that this pattern and only this pattern matches.
+ *
+ * @param {Array} shortcutStylePatterns patterns that always start with
+ * a known character. Must have a shortcut string.
+ * @param {Array} fallthroughStylePatterns patterns that will be tried in
+ * order if the shortcut ones fail. May have shortcuts.
+ *
+ * @return {function (Object)} a
+ * function that takes source code and returns a list of decorations.
+ */
+ function createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns) {
+ var shortcuts = {};
+ var tokenizer;
+ (function () {
+ var allPatterns = shortcutStylePatterns.concat(fallthroughStylePatterns);
+ var allRegexs = [];
+ var regexKeys = {};
+ for (var i = 0, n = allPatterns.length; i < n; ++i) {
+ var patternParts = allPatterns[i];
+ var shortcutChars = patternParts[3];
+ if (shortcutChars) {
+ for (var c = shortcutChars.length; --c >= 0;) {
+ shortcuts[shortcutChars.charAt(c)] = patternParts;
+ }
+ }
+ var regex = patternParts[1];
+ var k = '' + regex;
+ if (!regexKeys.hasOwnProperty(k)) {
+ allRegexs.push(regex);
+ regexKeys[k] = null;
+ }
+ }
+ allRegexs.push(/[\0-\uffff]/);
+ tokenizer = combinePrefixPatterns(allRegexs);
+ })();
+
+ var nPatterns = fallthroughStylePatterns.length;
+ var notWs = /\S/;
+
+ /**
+ * Lexes job.source and produces an output array job.decorations of style
+ * classes preceded by the position at which they start in job.source in
+ * order.
+ *
+ * @param {Object} job an object like {@code
+ * source: {string} sourceText plain text,
+ * basePos: {int} position of job.source in the larger chunk of
+ * sourceCode.
+ * }
+ */
+ var decorate = function (job) {
+ var sourceCode = job.source, basePos = job.basePos;
+ /** Even entries are positions in source in ascending order. Odd enties
+ * are style markers (e.g., PR_COMMENT) that run from that position until
+ * the end.
+ * @type {Array.<number|string>}
+ */
+ var decorations = [basePos, PR_PLAIN];
+ var pos = 0; // index into sourceCode
+ var tokens = sourceCode.match(tokenizer) || [];
+ var styleCache = {};
+
+ for (var ti = 0, nTokens = tokens.length; ti < nTokens; ++ti) {
+ var token = tokens[ti];
+ var style = styleCache[token];
+ var match = void 0;
+
+ var isEmbedded;
+ if (typeof style === 'string') {
+ isEmbedded = false;
+ } else {
+ var patternParts = shortcuts[token.charAt(0)];
+ if (patternParts) {
+ match = token.match(patternParts[1]);
+ style = patternParts[0];
+ } else {
+ for (var i = 0; i < nPatterns; ++i) {
+ patternParts = fallthroughStylePatterns[i];
+ match = token.match(patternParts[1]);
+ if (match) {
+ style = patternParts[0];
+ break;
+ }
+ }
+
+ if (!match) { // make sure that we make progress
+ style = PR_PLAIN;
+ }
+ }
+
+ isEmbedded = style.length >= 5 && 'lang-' === style.substring(0, 5);
+ if (isEmbedded && !(match && typeof match[1] === 'string')) {
+ isEmbedded = false;
+ style = PR_SOURCE;
+ }
+
+ if (!isEmbedded) { styleCache[token] = style; }
+ }
+
+ var tokenStart = pos;
+ pos += token.length;
+
+ if (!isEmbedded) {
+ decorations.push(basePos + tokenStart, style);
+ } else { // Treat group 1 as an embedded block of source code.
+ var embeddedSource = match[1];
+ var embeddedSourceStart = token.indexOf(embeddedSource);
+ var embeddedSourceEnd = embeddedSourceStart + embeddedSource.length;
+ if (match[2]) {
+ // If embeddedSource can be blank, then it would match at the
+ // beginning which would cause us to infinitely recurse on the
+ // entire token, so we catch the right context in match[2].
+ embeddedSourceEnd = token.length - match[2].length;
+ embeddedSourceStart = embeddedSourceEnd - embeddedSource.length;
+ }
+ var lang = style.substring(5);
+ // Decorate the left of the embedded source
+ appendDecorations(
+ basePos + tokenStart,
+ token.substring(0, embeddedSourceStart),
+ decorate, decorations);
+ // Decorate the embedded source
+ appendDecorations(
+ basePos + tokenStart + embeddedSourceStart,
+ embeddedSource,
+ langHandlerForExtension(lang, embeddedSource),
+ decorations);
+ // Decorate the right of the embedded section
+ appendDecorations(
+ basePos + tokenStart + embeddedSourceEnd,
+ token.substring(embeddedSourceEnd),
+ decorate, decorations);
+ }
+ }
+ job.decorations = decorations;
+ };
+ return decorate;
+ }
+
+ /** returns a function that produces a list of decorations from source text.
+ *
+ * This code treats ", ', and ` as string delimiters, and \ as a string
+ * escape. It does not recognize perl's qq() style strings.
+ * It has no special handling for double delimiter escapes as in basic, or
+ * the tripled delimiters used in python, but should work on those regardless
+ * although in those cases a single string literal may be broken up into
+ * multiple adjacent string literals.
+ *
+ * It recognizes C, C++, and shell style comments.
+ *
+ * @param {Object} options a set of optional parameters.
+ * @return {function (Object)} a function that examines the source code
+ * in the input job and builds the decoration list.
+ */
+ function sourceDecorator(options) {
+ var shortcutStylePatterns = [], fallthroughStylePatterns = [];
+ if (options['tripleQuotedStrings']) {
+ // '''multi-line-string''', 'single-line-string', and double-quoted
+ shortcutStylePatterns.push(
+ [PR_STRING, /^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,
+ null, '\'"']);
+ } else if (options['multiLineStrings']) {
+ // 'multi-line-string', "multi-line-string"
+ shortcutStylePatterns.push(
+ [PR_STRING, /^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,
+ null, '\'"`']);
+ } else {
+ // 'single-line-string', "single-line-string"
+ shortcutStylePatterns.push(
+ [PR_STRING,
+ /^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,
+ null, '"\'']);
+ }
+ if (options['verbatimStrings']) {
+ // verbatim-string-literal production from the C# grammar. See issue 93.
+ fallthroughStylePatterns.push(
+ [PR_STRING, /^@\"(?:[^\"]|\"\")*(?:\"|$)/, null]);
+ }
+ if (options['hashComments']) {
+ if (options['cStyleComments']) {
+ // Stop C preprocessor declarations at an unclosed open comment
+ shortcutStylePatterns.push(
+ [PR_COMMENT, /^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,
+ null, '#']);
+ fallthroughStylePatterns.push(
+ [PR_STRING,
+ /^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,
+ null]);
+ } else {
+ shortcutStylePatterns.push([PR_COMMENT, /^#[^\r\n]*/, null, '#']);
+ }
+ }
+ if (options['cStyleComments']) {
+ fallthroughStylePatterns.push([PR_COMMENT, /^\/\/[^\r\n]*/, null]);
+ fallthroughStylePatterns.push(
+ [PR_COMMENT, /^\/\*[\s\S]*?(?:\*\/|$)/, null]);
+ }
+ if (options['regexLiterals']) {
+ var REGEX_LITERAL = (
+ // A regular expression literal starts with a slash that is
+ // not followed by * or / so that it is not confused with
+ // comments.
+ '/(?=[^/*])'
+ // and then contains any number of raw characters,
+ + '(?:[^/\\x5B\\x5C]'
+ // escape sequences (\x5C),
+ + '|\\x5C[\\s\\S]'
+ // or non-nesting character sets (\x5B\x5D);
+ + '|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
+ // finally closed by a /.
+ + '/');
+ fallthroughStylePatterns.push(
+ ['lang-regex',
+ new RegExp('^' + REGEXP_PRECEDER_PATTERN + '(' + REGEX_LITERAL + ')')
+ ]);
+ }
+
+ var keywords = options['keywords'].replace(/^\s+|\s+$/g, '');
+ if (keywords.length) {
+ fallthroughStylePatterns.push(
+ [PR_KEYWORD,
+ new RegExp('^(?:' + keywords.replace(/\s+/g, '|') + ')\\b'), null]);
+ }
+
+ shortcutStylePatterns.push([PR_PLAIN, /^\s+/, null, ' \r\n\t\xA0']);
+ fallthroughStylePatterns.push(
+ // TODO(mikesamuel): recognize non-latin letters and numerals in idents
+ [PR_LITERAL, /^@[a-z_$][a-z_$@0-9]*/i, null],
+ [PR_TYPE, /^@?[A-Z]+[a-z][A-Za-z_$@0-9]*/, null],
+ [PR_PLAIN, /^[a-z_$][a-z_$@0-9]*/i, null],
+ [PR_LITERAL,
+ new RegExp(
+ '^(?:'
+ // A hex number
+ + '0x[a-f0-9]+'
+ // or an octal or decimal number,
+ + '|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
+ // possibly in scientific notation
+ + '(?:e[+\\-]?\\d+)?'
+ + ')'
+ // with an optional modifier like UL for unsigned long
+ + '[a-z]*', 'i'),
+ null, '0123456789'],
+ [PR_PUNCTUATION, /^.[^\s\w\.$@\'\"\`\/\#]*/, null]);
+
+ return createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns);
+ }
+
+ var decorateSource = sourceDecorator({
+ 'keywords': ALL_KEYWORDS,
+ 'hashComments': true,
+ 'cStyleComments': true,
+ 'multiLineStrings': true,
+ 'regexLiterals': true
+ });
+
+ /** Breaks {@code job.source} around style boundaries in
+ * {@code job.decorations} while re-interleaving {@code job.extractedTags},
+ * and leaves the result in {@code job.prettyPrintedHtml}.
+ * @param {Object} job like {
+ * source: {string} source as plain text,
+ * extractedTags: {Array.<number|string>} extractedTags chunks of raw
+ * html preceded by their position in {@code job.source}
+ * in order
+ * decorations: {Array.<number|string} an array of style classes preceded
+ * by the position at which they start in job.source in order
+ * }
+ * @private
+ */
+ function recombineTagsAndDecorations(job) {
+ var sourceText = job.source;
+ var extractedTags = job.extractedTags;
+ var decorations = job.decorations;
+
+ var html = [];
+ // index past the last char in sourceText written to html
+ var outputIdx = 0;
+
+ var openDecoration = null;
+ var currentDecoration = null;
+ var tagPos = 0; // index into extractedTags
+ var decPos = 0; // index into decorations
+ var tabExpander = makeTabExpander(window['PR_TAB_WIDTH']);
+
+ var adjacentSpaceRe = /([\r\n ]) /g;
+ var startOrSpaceRe = /(^| ) /gm;
+ var newlineRe = /\r\n?|\n/g;
+ var trailingSpaceRe = /[ \r\n]$/;
+ var lastWasSpace = true; // the last text chunk emitted ended with a space.
+
+ // A helper function that is responsible for opening sections of decoration
+ // and outputing properly escaped chunks of source
+ function emitTextUpTo(sourceIdx) {
+ if (sourceIdx > outputIdx) {
+ if (openDecoration && openDecoration !== currentDecoration) {
+ // Close the current decoration
+ html.push('</span>');
+ openDecoration = null;
+ }
+ if (!openDecoration && currentDecoration) {
+ openDecoration = currentDecoration;
+ html.push('<span class="', openDecoration, '">');
+ }
+ // This interacts badly with some wikis which introduces paragraph tags
+ // into pre blocks for some strange reason.
+ // It's necessary for IE though which seems to lose the preformattedness
+ // of <pre> tags when their innerHTML is assigned.
+ // http://stud3.tuwien.ac.at/~e0226430/innerHtmlQuirk.html
+ // and it serves to undo the conversion of <br>s to newlines done in
+ // chunkify.
+ var htmlChunk = textToHtml(
+ tabExpander(sourceText.substring(outputIdx, sourceIdx)))
+ .replace(lastWasSpace
+ ? startOrSpaceRe
+ : adjacentSpaceRe, '$1 ');
+ // Keep track of whether we need to escape space at the beginning of the
+ // next chunk.
+ lastWasSpace = trailingSpaceRe.test(htmlChunk);
+ // IE collapses multiple adjacient <br>s into 1 line break.
+ // Prefix every <br> with ' ' can prevent such IE's behavior.
+ var lineBreakHtml = window['_pr_isIE6']() ? ' <br />' : '<br />';
+ html.push(htmlChunk.replace(newlineRe, lineBreakHtml));
+ outputIdx = sourceIdx;
+ }
+ }
+
+ while (true) {
+ // Determine if we're going to consume a tag this time around. Otherwise
+ // we consume a decoration or exit.
+ var outputTag;
+ if (tagPos < extractedTags.length) {
+ if (decPos < decorations.length) {
+ // Pick one giving preference to extractedTags since we shouldn't open
+ // a new style that we're going to have to immediately close in order
+ // to output a tag.
+ outputTag = extractedTags[tagPos] <= decorations[decPos];
+ } else {
+ outputTag = true;
+ }
+ } else {
+ outputTag = false;
+ }
+ // Consume either a decoration or a tag or exit.
+ if (outputTag) {
+ emitTextUpTo(extractedTags[tagPos]);
+ if (openDecoration) {
+ // Close the current decoration
+ html.push('</span>');
+ openDecoration = null;
+ }
+ html.push(extractedTags[tagPos + 1]);
+ tagPos += 2;
+ } else if (decPos < decorations.length) {
+ emitTextUpTo(decorations[decPos]);
+ currentDecoration = decorations[decPos + 1];
+ decPos += 2;
+ } else {
+ break;
+ }
+ }
+ emitTextUpTo(sourceText.length);
+ if (openDecoration) {
+ html.push('</span>');
+ }
+ job.prettyPrintedHtml = html.join('');
+ }
+
+ /** Maps language-specific file extensions to handlers. */
+ var langHandlerRegistry = {};
+ /** Register a language handler for the given file extensions.
+ * @param {function (Object)} handler a function from source code to a list
+ * of decorations. Takes a single argument job which describes the
+ * state of the computation. The single parameter has the form
+ * {@code {
+ * source: {string} as plain text.
+ * decorations: {Array.<number|string>} an array of style classes
+ * preceded by the position at which they start in
+ * job.source in order.
+ * The language handler should assigned this field.
+ * basePos: {int} the position of source in the larger source chunk.
+ * All positions in the output decorations array are relative
+ * to the larger source chunk.
+ * } }
+ * @param {Array.<string>} fileExtensions
+ */
+ function registerLangHandler(handler, fileExtensions) {
+ for (var i = fileExtensions.length; --i >= 0;) {
+ var ext = fileExtensions[i];
+ if (!langHandlerRegistry.hasOwnProperty(ext)) {
+ langHandlerRegistry[ext] = handler;
+ } else if ('console' in window) {
+ console.warn('cannot override language handler %s', ext);
+ }
+ }
+ }
+ function langHandlerForExtension(extension, source) {
+ if (!(extension && langHandlerRegistry.hasOwnProperty(extension))) {
+ // Treat it as markup if the first non whitespace character is a < and
+ // the last non-whitespace character is a >.
+ extension = /^\s*</.test(source)
+ ? 'default-markup'
+ : 'default-code';
+ }
+ return langHandlerRegistry[extension];
+ }
+ registerLangHandler(decorateSource, ['default-code']);
+ registerLangHandler(
+ createSimpleLexer(
+ [],
+ [
+ [PR_PLAIN, /^[^<?]+/],
+ [PR_DECLARATION, /^<!\w[^>]*(?:>|$)/],
+ [PR_COMMENT, /^<\!--[\s\S]*?(?:-\->|$)/],
+ // Unescaped content in an unknown language
+ ['lang-', /^<\?([\s\S]+?)(?:\?>|$)/],
+ ['lang-', /^<%([\s\S]+?)(?:%>|$)/],
+ [PR_PUNCTUATION, /^(?:<[%?]|[%?]>)/],
+ ['lang-', /^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],
+ // Unescaped content in javascript. (Or possibly vbscript).
+ ['lang-js', /^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],
+ // Contains unescaped stylesheet content
+ ['lang-css', /^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],
+ ['lang-in.tag', /^(<\/?[a-z][^<>]*>)/i]
+ ]),
+ ['default-markup', 'htm', 'html', 'mxml', 'xhtml', 'xml', 'xsl']);
+ registerLangHandler(
+ createSimpleLexer(
+ [
+ [PR_PLAIN, /^[\s]+/, null, ' \t\r\n'],
+ [PR_ATTRIB_VALUE, /^(?:\"[^\"]*\"?|\'[^\']*\'?)/, null, '\"\'']
+ ],
+ [
+ [PR_TAG, /^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],
+ [PR_ATTRIB_NAME, /^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],
+ ['lang-uq.val', /^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],
+ [PR_PUNCTUATION, /^[=<>\/]+/],
+ ['lang-js', /^on\w+\s*=\s*\"([^\"]+)\"/i],
+ ['lang-js', /^on\w+\s*=\s*\'([^\']+)\'/i],
+ ['lang-js', /^on\w+\s*=\s*([^\"\'>\s]+)/i],
+ ['lang-css', /^style\s*=\s*\"([^\"]+)\"/i],
+ ['lang-css', /^style\s*=\s*\'([^\']+)\'/i],
+ ['lang-css', /^style\s*=\s*([^\"\'>\s]+)/i]
+ ]),
+ ['in.tag']);
+ registerLangHandler(
+ createSimpleLexer([], [[PR_ATTRIB_VALUE, /^[\s\S]+/]]), ['uq.val']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': CPP_KEYWORDS,
+ 'hashComments': true,
+ 'cStyleComments': true
+ }), ['c', 'cc', 'cpp', 'cxx', 'cyc', 'm']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': 'null true false'
+ }), ['json']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': CSHARP_KEYWORDS,
+ 'hashComments': true,
+ 'cStyleComments': true,
+ 'verbatimStrings': true
+ }), ['cs']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': JAVA_KEYWORDS,
+ 'cStyleComments': true
+ }), ['java']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': SH_KEYWORDS,
+ 'hashComments': true,
+ 'multiLineStrings': true
+ }), ['bsh', 'csh', 'sh']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': PYTHON_KEYWORDS,
+ 'hashComments': true,
+ 'multiLineStrings': true,
+ 'tripleQuotedStrings': true
+ }), ['cv', 'py']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': PERL_KEYWORDS,
+ 'hashComments': true,
+ 'multiLineStrings': true,
+ 'regexLiterals': true
+ }), ['perl', 'pl', 'pm']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': RUBY_KEYWORDS,
+ 'hashComments': true,
+ 'multiLineStrings': true,
+ 'regexLiterals': true
+ }), ['rb']);
+ registerLangHandler(sourceDecorator({
+ 'keywords': JSCRIPT_KEYWORDS,
+ 'cStyleComments': true,
+ 'regexLiterals': true
+ }), ['js']);
+ registerLangHandler(
+ createSimpleLexer([], [[PR_STRING, /^[\s\S]+/]]), ['regex']);
+
+ function applyDecorator(job) {
+ var sourceCodeHtml = job.sourceCodeHtml;
+ var opt_langExtension = job.langExtension;
+
+ // Prepopulate output in case processing fails with an exception.
+ job.prettyPrintedHtml = sourceCodeHtml;
+
+ try {
+ // Extract tags, and convert the source code to plain text.
+ var sourceAndExtractedTags = extractTags(sourceCodeHtml);
+ /** Plain text. @type {string} */
+ var source = sourceAndExtractedTags.source;
+ job.source = source;
+ job.basePos = 0;
+
+ /** Even entries are positions in source in ascending order. Odd entries
+ * are tags that were extracted at that position.
+ * @type {Array.<number|string>}
+ */
+ job.extractedTags = sourceAndExtractedTags.tags;
+
+ // Apply the appropriate language handler
+ langHandlerForExtension(opt_langExtension, source)(job);
+ // Integrate the decorations and tags back into the source code to produce
+ // a decorated html string which is left in job.prettyPrintedHtml.
+ recombineTagsAndDecorations(job);
+ } catch (e) {
+ if ('console' in window) {
+ console.log(e);
+ console.trace();
+ }
+ }
+ }
+
+ function prettyPrintOne(sourceCodeHtml, opt_langExtension) {
+ var job = {
+ sourceCodeHtml: sourceCodeHtml,
+ langExtension: opt_langExtension
+ };
+ applyDecorator(job);
+ return job.prettyPrintedHtml;
+ }
+
+ function prettyPrint(opt_whenDone) {
+ var isIE678 = window['_pr_isIE6']();
+ var ieNewline = isIE678 === 6 ? '\r\n' : '\r';
+ // See bug 71 and http://stackoverflow.com/questions/136443/why-doesnt-ie7-
+
+ // fetch a list of nodes to rewrite
+ var codeSegments = [
+ document.getElementsByTagName('pre'),
+ document.getElementsByTagName('code'),
+ document.getElementsByTagName('td'), /* ND Change: Add tables to support prototypes. */
+ document.getElementsByTagName('xmp') ];
+ var elements = [];
+ for (var i = 0; i < codeSegments.length; ++i) {
+ for (var j = 0, n = codeSegments[i].length; j < n; ++j) {
+ elements.push(codeSegments[i][j]);
+ }
+ }
+ codeSegments = null;
+
+ var clock = Date;
+ if (!clock['now']) {
+ clock = { 'now': function () { return (new Date).getTime(); } };
+ }
+
+ // The loop is broken into a series of continuations to make sure that we
+ // don't make the browser unresponsive when rewriting a large page.
+ var k = 0;
+ var prettyPrintingJob;
+
+ function doWork() {
+ var endTime = (window['PR_SHOULD_USE_CONTINUATION'] ?
+ clock.now() + 250 /* ms */ :
+ Infinity);
+ for (; k < elements.length && clock.now() < endTime; k++) {
+ var cs = elements[k];
+ if (cs.className && cs.className.indexOf('prettyprint') >= 0) {
+ // If the classes includes a language extensions, use it.
+ // Language extensions can be specified like
+ // <pre class="prettyprint lang-cpp">
+ // the language extension "cpp" is used to find a language handler as
+ // passed to PR_registerLangHandler.
+ var langExtension = cs.className.match(/\blang-(\w+)\b/);
+ if (langExtension) { langExtension = langExtension[1]; }
+
+ // make sure this is not nested in an already prettified element
+ var nested = false;
+ for (var p = cs.parentNode; p; p = p.parentNode) {
+ if ((p.tagName === 'pre' || p.tagName === 'code' ||
+ p.tagName === 'xmp' || p.tagName === 'td') && /* ND Change: Add tables to support prototypes */
+ p.className && p.className.indexOf('prettyprint') >= 0) {
+ nested = true;
+ break;
+ }
+ }
+ if (!nested) {
+ // fetch the content as a snippet of properly escaped HTML.
+ // Firefox adds newlines at the end.
+ var content = getInnerHtml(cs);
+ content = content.replace(/(?:\r\n?|\n)$/, '');
+
+ /* ND Change: we need to preserve s so change them to a special character instead of a space. */
+ content = content.replace(/ /g, '\x11');
+
+ // do the pretty printing
+ prettyPrintingJob = {
+ sourceCodeHtml: content,
+ langExtension: langExtension,
+ sourceNode: cs
+ };
+ applyDecorator(prettyPrintingJob);
+ replaceWithPrettyPrintedHtml();
+ }
+ }
+ }
+ if (k < elements.length) {
+ // finish up in a continuation
+ setTimeout(doWork, 250);
+ } else if (opt_whenDone) {
+ opt_whenDone();
+ }
+ }
+
+ function replaceWithPrettyPrintedHtml() {
+ var newContent = prettyPrintingJob.prettyPrintedHtml;
+ if (!newContent) { return; }
+
+ /* ND Change: Restore the preserved s. */
+ newContent = newContent.replace(/\x11/g, ' ');
+
+ var cs = prettyPrintingJob.sourceNode;
+
+ // push the prettified html back into the tag.
+ if (!isRawContent(cs)) {
+ // just replace the old html with the new
+ cs.innerHTML = newContent;
+ } else {
+ // we need to change the tag to a <pre> since <xmp>s do not allow
+ // embedded tags such as the span tags used to attach styles to
+ // sections of source code.
+ var pre = document.createElement('PRE');
+ for (var i = 0; i < cs.attributes.length; ++i) {
+ var a = cs.attributes[i];
+ if (a.specified) {
+ var aname = a.name.toLowerCase();
+ if (aname === 'class') {
+ pre.className = a.value; // For IE 6
+ } else {
+ pre.setAttribute(a.name, a.value);
+ }
+ }
+ }
+ pre.innerHTML = newContent;
+
+ // remove the old
+ cs.parentNode.replaceChild(pre, cs);
+ cs = pre;
+ }
+
+ // Replace <br>s with line-feeds so that copying and pasting works
+ // on IE 6.
+ // Doing this on other browsers breaks lots of stuff since \r\n is
+ // treated as two newlines on Firefox, and doing this also slows
+ // down rendering.
+ if (isIE678 && cs.tagName === 'PRE') {
+ var lineBreaks = cs.getElementsByTagName('br');
+ for (var j = lineBreaks.length; --j >= 0;) {
+ var lineBreak = lineBreaks[j];
+ lineBreak.parentNode.replaceChild(
+ document.createTextNode(ieNewline), lineBreak);
+ }
+ }
+ }
+
+ doWork();
+ }
+
+ window['PR_normalizedHtml'] = normalizedHtml;
+ window['prettyPrintOne'] = prettyPrintOne;
+ window['prettyPrint'] = prettyPrint;
+ window['PR'] = {
+ 'combinePrefixPatterns': combinePrefixPatterns,
+ 'createSimpleLexer': createSimpleLexer,
+ 'registerLangHandler': registerLangHandler,
+ 'sourceDecorator': sourceDecorator,
+ 'PR_ATTRIB_NAME': PR_ATTRIB_NAME,
+ 'PR_ATTRIB_VALUE': PR_ATTRIB_VALUE,
+ 'PR_COMMENT': PR_COMMENT,
+ 'PR_DECLARATION': PR_DECLARATION,
+ 'PR_KEYWORD': PR_KEYWORD,
+ 'PR_LITERAL': PR_LITERAL,
+ 'PR_NOCODE': PR_NOCODE,
+ 'PR_PLAIN': PR_PLAIN,
+ 'PR_PUNCTUATION': PR_PUNCTUATION,
+ 'PR_SOURCE': PR_SOURCE,
+ 'PR_STRING': PR_STRING,
+ 'PR_TAG': PR_TAG,
+ 'PR_TYPE': PR_TYPE
+ };
+})();
+
+
+// ____________________________________________________________________________
+
+
+
+// Lua extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,' \n\r \xa0'],[PR.PR_STRING,/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'\"\'']],[[PR.PR_COMMENT,/^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],[PR.PR_STRING,/^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],[PR.PR_KEYWORD,/^(?:and|break|do|else|elseif|end|false|for|function|if|in|local|nil|not|or|repeat|return|then|true|until|while)\b/,null],[PR.PR_LITERAL,/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^[a-z_]\w*/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]]),['lua'])
+
+
+// Haskell extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\x0B\x0C\r ]+/,null,' \n��\r '],[PR.PR_STRING,/^\"(?:[^\"\\\n\x0C\r]|\\[\s\S])*(?:\"|$)/,null,'\"'],[PR.PR_STRING,/^\'(?:[^\'\\\n\x0C\r]|\\[^&])\'?/,null,'\''],[PR.PR_LITERAL,/^(?:0o[0-7]+|0x[\da-f]+|\d+(?:\.\d+)?(?:e[+\-]?\d+)?)/i,null,'0123456789']],[[PR.PR_COMMENT,/^(?:(?:--+(?:[^\r\n\x0C]*)?)|(?:\{-(?:[^-]|-+[^-\}])*-\}))/],[PR.PR_KEYWORD,/^(?:case|class|data|default|deriving|do|else|if|import|in|infix|infixl|infixr|instance|let|module|newtype|of|then|type|where|_)(?=[^a-zA-Z0-9\']|$)/,null],[PR.PR_PLAIN,/^(?:[A-Z][\w\']*\.)*[a-zA-Z][\w\']*/],[PR.PR_PUNCTUATION,/^[^\t\n\x0B\x0C\r a-zA-Z0-9\'\"]+/]]),['hs'])
+
+
+// ML extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,' \n\r \xa0'],[PR.PR_COMMENT,/^#(?:if[\t\n\r \xA0]+(?:[a-z_$][\w\']*|``[^\r\n\t`]*(?:``|$))|else|endif|light)/i,null,'#'],[PR.PR_STRING,/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'\"\'']],[[PR.PR_COMMENT,/^(?:\/\/[^\r\n]*|\(\*[\s\S]*?\*\))/],[PR.PR_KEYWORD,/^(?:abstract|and|as|assert|begin|class|default|delegate|do|done|downcast|downto|elif|else|end|exception|extern|false|finally|for|fun|function|if|in|inherit|inline|interface|internal|lazy|let|match|member|module|mutable|namespace|new|null|of|open|or|override|private|public|rec|return|static|struct|then|to|true|try|type|upcast|use|val|void|when|while|with|yield|asr|land|lor|lsl|lsr|lxor|mod|sig|atomic|break|checked|component|const|constraint|constructor|continue|eager|event|external|fixed|functor|global|include|method|mixin|object|parallel|process|protected|pure|sealed|trait|virtual|volatile)\b/],[PR.PR_LITERAL,/^[+\-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^(?:[a-z_]\w*[!?#]?|``[^\r\n\t`]*(?:``|$))/i],[PR.PR_PUNCTUATION,/^[^\t\n\r \xA0\"\'\w]+/]]),['fs','ml'])
+
+
+// SQL extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,' \n\r \xa0'],[PR.PR_STRING,/^(?:"(?:[^\"\\]|\\.)*"|'(?:[^\'\\]|\\.)*')/,null,'\"\'']],[[PR.PR_COMMENT,/^(?:--[^\r\n]*|\/\*[\s\S]*?(?:\*\/|$))/],[PR.PR_KEYWORD,/^(?:ADD|ALL|ALTER|AND|ANY|AS|ASC|AUTHORIZATION|BACKUP|BEGIN|BETWEEN|BREAK|BROWSE|BULK|BY|CASCADE|CASE|CHECK|CHECKPOINT|CLOSE|CLUSTERED|COALESCE|COLLATE|COLUMN|COMMIT|COMPUTE|CONSTRAINT|CONTAINS|CONTAINSTABLE|CONTINUE|CONVERT|CREATE|CROSS|CURRENT|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|DATABASE|DBCC|DEALLOCATE|DECLARE|DEFAULT|DELETE|DENY|DESC|DISK|DISTINCT|DISTRIBUTED|DOUBLE|DROP|DUMMY|DUMP|ELSE|END|ERRLVL|ESCAPE|EXCEPT|EXEC|EXECUTE|EXISTS|EXIT|FETCH|FILE|FILLFACTOR|FOR|FOREIGN|FREETEXT|FREETEXTTABLE|FROM|FULL|FUNCTION|GOTO|GRANT|GROUP|HAVING|HOLDLOCK|IDENTITY|IDENTITYCOL|IDENTITY_INSERT|IF|IN|INDEX|INNER|INSERT|INTERSECT|INTO|IS|JOIN|KEY|KILL|LEFT|LIKE|LINENO|LOAD|NATIONAL|NOCHECK|NONCLUSTERED|NOT|NULL|NULLIF|OF|OFF|OFFSETS|ON|OPEN|OPENDATASOURCE|OPENQUERY|OPENROWSET|OPENXML|OPTION|OR|ORDER|OUTER|OVER|PERCENT|PLAN|PRECISION|PRIMARY|PRINT|PROC|PROCEDURE|PUBLIC|RAISERROR|READ|READTEXT|RECONFIGURE|REFERENCES|REPLICATION|RESTORE|RESTRICT|RETURN|REVOKE|RIGHT|ROLLBACK|ROWCOUNT|ROWGUIDCOL|RULE|SAVE|SCHEMA|SELECT|SESSION_USER|SET|SETUSER|SHUTDOWN|SOME|STATISTICS|SYSTEM_USER|TABLE|TEXTSIZE|THEN|TO|TOP|TRAN|TRANSACTION|TRIGGER|TRUNCATE|TSEQUAL|UNION|UNIQUE|UPDATE|UPDATETEXT|USE|USER|VALUES|VARYING|VIEW|WAITFOR|WHEN|WHERE|WHILE|WITH|WRITETEXT)(?=[^\w-]|$)/i,null],[PR.PR_LITERAL,/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^[a-z_][\w-]*/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \xA0\"\'][^\w\t\n\r \xA0+\-\"\']*/]]),['sql'])
+
+
+// VB extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0\u2028\u2029]+/,null,' \n\r \xa0\u2028\u2029'],[PR.PR_STRING,/^(?:[\"\u201C\u201D](?:[^\"\u201C\u201D]|[\"\u201C\u201D]{2})(?:[\"\u201C\u201D]c|$)|[\"\u201C\u201D](?:[^\"\u201C\u201D]|[\"\u201C\u201D]{2})*(?:[\"\u201C\u201D]|$))/i,null,'\"\u201c\u201d'],[PR.PR_COMMENT,/^[\'\u2018\u2019][^\r\n\u2028\u2029]*/,null,'\'\u2018\u2019']],[[PR.PR_KEYWORD,/^(?:AddHandler|AddressOf|Alias|And|AndAlso|Ansi|As|Assembly|Auto|Boolean|ByRef|Byte|ByVal|Call|Case|Catch|CBool|CByte|CChar|CDate|CDbl|CDec|Char|CInt|Class|CLng|CObj|Const|CShort|CSng|CStr|CType|Date|Decimal|Declare|Default|Delegate|Dim|DirectCast|Do|Double|Each|Else|ElseIf|End|EndIf|Enum|Erase|Error|Event|Exit|Finally|For|Friend|Function|Get|GetType|GoSub|GoTo|Handles|If|Implements|Imports|In|Inherits|Integer|Interface|Is|Let|Lib|Like|Long|Loop|Me|Mod|Module|MustInherit|MustOverride|MyBase|MyClass|Namespace|New|Next|Not|NotInheritable|NotOverridable|Object|On|Option|Optional|Or|OrElse|Overloads|Overridable|Overrides|ParamArray|Preserve|Private|Property|Protected|Public|RaiseEvent|ReadOnly|ReDim|RemoveHandler|Resume|Return|Select|Set|Shadows|Shared|Short|Single|Static|Step|Stop|String|Structure|Sub|SyncLock|Then|Throw|To|Try|TypeOf|Unicode|Until|Variant|Wend|When|While|With|WithEvents|WriteOnly|Xor|EndIf|GoSub|Let|Variant|Wend)\b/i,null],[PR.PR_COMMENT,/^REM[^\r\n\u2028\u2029]*/i],[PR.PR_LITERAL,/^(?:True\b|False\b|Nothing\b|\d+(?:E[+\-]?\d+[FRD]?|[FRDSIL])?|(?:&H[0-9A-F]+|&O[0-7]+)[SIL]?|\d*\.\d+(?:E[+\-]?\d+)?[FRD]?|#\s+(?:\d+[\-\/]\d+[\-\/]\d+(?:\s+\d+:\d+(?::\d+)?(\s*(?:AM|PM))?)?|\d+:\d+(?::\d+)?(\s*(?:AM|PM))?)\s+#)/i],[PR.PR_PLAIN,/^(?:(?:[a-z]|_\w)\w*|\[(?:[a-z]|_\w)\w*\])/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \"\'\[\]\xA0\u2018\u2019\u201C\u201D\u2028\u2029]+/],[PR.PR_PUNCTUATION,/^(?:\[|\])/]]),['vb','vbs'])
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/searchdata.js b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/searchdata.js
new file mode 100644
index 00000000..229a815f
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/searchdata.js
@@ -0,0 +1,122 @@
+var indexSectionsWithContent = {
+ "General": {
+ "Symbols": false,
+ "Numbers": false,
+ "A": true,
+ "B": false,
+ "C": true,
+ "D": false,
+ "E": false,
+ "F": true,
+ "G": true,
+ "H": false,
+ "I": true,
+ "J": false,
+ "K": false,
+ "L": true,
+ "M": false,
+ "N": false,
+ "O": true,
+ "P": false,
+ "Q": false,
+ "R": true,
+ "S": false,
+ "T": false,
+ "U": true,
+ "V": true,
+ "W": false,
+ "X": false,
+ "Y": false,
+ "Z": false
+ },
+ "Variables": {
+ "Symbols": false,
+ "Numbers": false,
+ "A": false,
+ "B": false,
+ "C": true,
+ "D": false,
+ "E": false,
+ "F": false,
+ "G": false,
+ "H": false,
+ "I": true,
+ "J": false,
+ "K": false,
+ "L": false,
+ "M": false,
+ "N": false,
+ "O": false,
+ "P": false,
+ "Q": false,
+ "R": true,
+ "S": false,
+ "T": false,
+ "U": false,
+ "V": false,
+ "W": false,
+ "X": false,
+ "Y": false,
+ "Z": false
+ },
+ "Functions": {
+ "Symbols": false,
+ "Numbers": false,
+ "A": true,
+ "B": false,
+ "C": true,
+ "D": false,
+ "E": false,
+ "F": true,
+ "G": true,
+ "H": false,
+ "I": true,
+ "J": false,
+ "K": false,
+ "L": true,
+ "M": false,
+ "N": false,
+ "O": true,
+ "P": false,
+ "Q": false,
+ "R": true,
+ "S": false,
+ "T": false,
+ "U": true,
+ "V": false,
+ "W": false,
+ "X": false,
+ "Y": false,
+ "Z": false
+ },
+ "Files": {
+ "Symbols": false,
+ "Numbers": false,
+ "A": false,
+ "B": false,
+ "C": true,
+ "D": false,
+ "E": false,
+ "F": false,
+ "G": false,
+ "H": false,
+ "I": false,
+ "J": false,
+ "K": false,
+ "L": false,
+ "M": false,
+ "N": false,
+ "O": false,
+ "P": false,
+ "Q": false,
+ "R": false,
+ "S": false,
+ "T": false,
+ "U": false,
+ "V": false,
+ "W": false,
+ "X": false,
+ "Y": false,
+ "Z": false
+ }
+ }
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FilesC.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FilesC.html
new file mode 100644
index 00000000..9b13d7ea
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FilesC.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsA.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsA.html
new file mode 100644
index 00000000..2a3a150e
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsA.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsC.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsC.html
new file mode 100644
index 00000000..c02adb84
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsC.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsF.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsF.html
new file mode 100644
index 00000000..88d09287
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsF.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsG.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsG.html
new file mode 100644
index 00000000..4c9b125a
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsG.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsI.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsI.html
new file mode 100644
index 00000000..9dc7a592
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsI.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsL.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsL.html
new file mode 100644
index 00000000..c2cbb504
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsL.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsO.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsO.html
new file mode 100644
index 00000000..0c67005f
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsO.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsR.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsR.html
new file mode 100644
index 00000000..c25cffe0
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsR.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsU.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsU.html
new file mode 100644
index 00000000..a43aa753
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsU.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralA.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralA.html
new file mode 100644
index 00000000..2a3a150e
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralA.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralC.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralC.html
new file mode 100644
index 00000000..edb09c50
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralC.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralF.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralF.html
new file mode 100644
index 00000000..b624d11b
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralF.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div><div class=SRResult id=SR_Functions><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Functions" target=_parent class=ISymbol>Functions</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralG.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralG.html
new file mode 100644
index 00000000..4c9b125a
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralG.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralI.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralI.html
new file mode 100644
index 00000000..0bdb7a47
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralI.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralL.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralL.html
new file mode 100644
index 00000000..c2cbb504
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralL.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralO.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralO.html
new file mode 100644
index 00000000..0c67005f
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralO.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralR.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralR.html
new file mode 100644
index 00000000..e6d917c1
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralR.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralU.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralU.html
new file mode 100644
index 00000000..a43aa753
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralU.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralV.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralV.html
new file mode 100644
index 00000000..ce09ee7c
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralV.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_Variables><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Variables" target=_parent class=ISymbol>Variables</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/NoResults.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/NoResults.html
new file mode 100644
index 00000000..8c724966
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/NoResults.html
@@ -0,0 +1,15 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=NoMatches>No Matches</div></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesC.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesC.html
new file mode 100644
index 00000000..8b8dc9dc
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesC.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesI.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesI.html
new file mode 100644
index 00000000..a32aac1d
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesI.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesR.html b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesR.html
new file mode 100644
index 00000000..3a06b30e
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesR.html
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!-- Generated by Natural Docs, version 1.52 -->
+<!-- http://www.naturaldocs.org -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/styles/main.css b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/styles/main.css
new file mode 100644
index 00000000..1832d8f3
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/styles/main.css
@@ -0,0 +1,824 @@
+/*
+ IMPORTANT: If you're editing this file in the output directory of one of
+ your projects, your changes will be overwritten the next time you run
+ Natural Docs. Instead, copy this file to your project directory, make your
+ changes, and you can use it with -s. Even better would be to make a CSS
+ file in your project directory with only your changes, which you can then
+ use with -s [original style] [your changes].
+
+ On the other hand, if you're editing this file in the Natural Docs styles
+ directory, the changes will automatically be applied to all your projects
+ that use this style the next time Natural Docs is run on them.
+
+ This file is part of Natural Docs, which is Copyright � 2003-2010 Greg Valure.
+ Natural Docs is licensed under version 3 of the GNU Affero General Public
+ License (AGPL). Refer to License.txt for the complete details.
+
+ This file may be distributed with documentation files generated by Natural Docs.
+ Such documentation is not covered by Natural Docs' copyright and licensing,
+ and may have its own copyright and distribution terms as decided by its author.
+*/
+
+body {
+ font: 8pt Verdana, Arial, sans-serif;
+ color: #000000;
+ margin: 0; padding: 0;
+ }
+
+.ContentPage,
+.IndexPage,
+.FramedMenuPage {
+ background-color: #E8E8E8;
+ }
+.FramedContentPage,
+.FramedIndexPage,
+.FramedSearchResultsPage,
+.PopupSearchResultsPage {
+ background-color: #FFFFFF;
+ }
+
+
+a:link,
+a:visited { color: #900000; text-decoration: none }
+a:hover { color: #900000; text-decoration: underline }
+a:active { color: #FF0000; text-decoration: underline }
+
+td {
+ vertical-align: top }
+
+img { border: 0; }
+
+
+/*
+ Comment out this line to use web-style paragraphs (blank line between
+ paragraphs, no indent) instead of print-style paragraphs (no blank line,
+ indented.)
+*/
+p {
+ text-indent: 5ex; margin: 0 }
+
+
+/* Opera doesn't break with just wbr, but will if you add this. */
+.Opera wbr:after {
+ content: "\00200B";
+ }
+
+/* Blockquotes are used as containers for things that may need to scroll. */
+blockquote {
+ padding: 0;
+ margin: 0;
+ overflow: auto;
+ }
+
+
+.Firefox1 blockquote {
+ padding-bottom: .5em;
+ }
+
+/* Turn off scrolling when printing. */
+@media print {
+ blockquote {
+ overflow: visible;
+ }
+ .IE blockquote {
+ width: auto;
+ }
+ }
+
+
+
+#Menu {
+ font-size: 8pt;
+ padding: 10px 0 0 0;
+ }
+.ContentPage #Menu,
+.IndexPage #Menu {
+ position: absolute;
+ top: 0;
+ left: 0;
+ width: 31ex;
+ overflow: hidden;
+ }
+.ContentPage .Firefox #Menu,
+.IndexPage .Firefox #Menu {
+ width: 27ex;
+ }
+
+
+ .MTitle {
+ font-size: 16pt; font-weight: bold; font-variant: small-caps;
+ text-align: center;
+ padding: 5px 10px 15px 10px;
+ border-bottom: 1px dotted #000000;
+ margin-bottom: 15px }
+
+ .MSubTitle {
+ font-size: 9pt; font-weight: normal; font-variant: normal;
+ margin-top: 1ex; margin-bottom: 5px }
+
+
+ .MEntry a:link,
+ .MEntry a:hover,
+ .MEntry a:visited { color: #606060; margin-right: 0 }
+ .MEntry a:active { color: #A00000; margin-right: 0 }
+
+
+ .MGroup {
+ font-variant: small-caps; font-weight: bold;
+ margin: 1em 0 1em 10px;
+ }
+
+ .MGroupContent {
+ font-variant: normal; font-weight: normal }
+
+ .MGroup a:link,
+ .MGroup a:hover,
+ .MGroup a:visited { color: #545454; margin-right: 10px }
+ .MGroup a:active { color: #A00000; margin-right: 10px }
+
+
+ .MFile,
+ .MText,
+ .MLink,
+ .MIndex {
+ padding: 1px 17px 2px 10px;
+ margin: .25em 0 .25em 0;
+ }
+
+ .MText {
+ font-size: 8pt; font-style: italic }
+
+ .MLink {
+ font-style: italic }
+
+ #MSelected {
+ color: #000000; background-color: #FFFFFF;
+ /* Replace padding with border. */
+ padding: 0 10px 0 10px;
+ border-width: 1px 2px 2px 0; border-style: solid; border-color: #000000;
+ margin-right: 5px;
+ }
+
+ /* Close off the left side when its in a group. */
+ .MGroup #MSelected {
+ padding-left: 9px; border-left-width: 1px }
+
+ /* A treat for Mozilla users. Blatantly non-standard. Will be replaced with CSS 3 attributes when finalized/supported. */
+ .Firefox #MSelected {
+ -moz-border-radius-topright: 10px;
+ -moz-border-radius-bottomright: 10px }
+ .Firefox .MGroup #MSelected {
+ -moz-border-radius-topleft: 10px;
+ -moz-border-radius-bottomleft: 10px }
+
+
+ #MSearchPanel {
+ padding: 0px 6px;
+ margin: .25em 0;
+ }
+
+
+ #MSearchField {
+ font: italic 8pt Verdana, sans-serif;
+ color: #606060;
+ background-color: #E8E8E8;
+ border: none;
+ padding: 2px 4px;
+ width: 100%;
+ }
+ /* Only Opera gets it right. */
+ .Firefox #MSearchField,
+ .IE #MSearchField,
+ .Safari #MSearchField {
+ width: 94%;
+ }
+ .Opera9 #MSearchField,
+ .Konqueror #MSearchField {
+ width: 97%;
+ }
+ .FramedMenuPage .Firefox #MSearchField,
+ .FramedMenuPage .Safari #MSearchField,
+ .FramedMenuPage .Konqueror #MSearchField {
+ width: 98%;
+ }
+
+ /* Firefox doesn't do this right in frames without #MSearchPanel added on.
+ It's presence doesn't hurt anything other browsers. */
+ #MSearchPanel.MSearchPanelInactive:hover #MSearchField {
+ background-color: #FFFFFF;
+ border: 1px solid #C0C0C0;
+ padding: 1px 3px;
+ }
+ .MSearchPanelActive #MSearchField {
+ background-color: #FFFFFF;
+ border: 1px solid #C0C0C0;
+ font-style: normal;
+ padding: 1px 3px;
+ }
+
+ #MSearchType {
+ visibility: hidden;
+ font: 8pt Verdana, sans-serif;
+ width: 98%;
+ padding: 0;
+ border: 1px solid #C0C0C0;
+ }
+ .MSearchPanelActive #MSearchType,
+ /* As mentioned above, Firefox doesn't do this right in frames without #MSearchPanel added on. */
+ #MSearchPanel.MSearchPanelInactive:hover #MSearchType,
+ #MSearchType:focus {
+ visibility: visible;
+ color: #606060;
+ }
+ #MSearchType option#MSearchEverything {
+ font-weight: bold;
+ }
+
+ .Opera8 .MSearchPanelInactive:hover,
+ .Opera8 .MSearchPanelActive {
+ margin-left: -1px;
+ }
+
+
+ iframe#MSearchResults {
+ width: 60ex;
+ height: 15em;
+ }
+ #MSearchResultsWindow {
+ display: none;
+ position: absolute;
+ left: 0; top: 0;
+ border: 1px solid #000000;
+ background-color: #E8E8E8;
+ }
+ #MSearchResultsWindowClose {
+ font-weight: bold;
+ font-size: 8pt;
+ display: block;
+ padding: 2px 5px;
+ }
+ #MSearchResultsWindowClose:link,
+ #MSearchResultsWindowClose:visited {
+ color: #000000;
+ text-decoration: none;
+ }
+ #MSearchResultsWindowClose:active,
+ #MSearchResultsWindowClose:hover {
+ color: #800000;
+ text-decoration: none;
+ background-color: #F4F4F4;
+ }
+
+
+
+
+#Content {
+ padding-bottom: 15px;
+ }
+
+.ContentPage #Content {
+ border-width: 0 0 1px 1px;
+ border-style: solid;
+ border-color: #000000;
+ background-color: #FFFFFF;
+ font-size: 8pt; /* To make 31ex match the menu's 31ex. */
+ margin-left: 31ex;
+ }
+.ContentPage .Firefox #Content {
+ margin-left: 27ex;
+ }
+
+
+
+ .CTopic {
+ font-size: 8pt;
+ margin-bottom: 3em;
+ }
+
+
+ .CTitle {
+ font-size: 11pt; font-weight: bold;
+ border-width: 0 0 1px 0; border-style: solid; border-color: #A0A0A0;
+ margin: 0 15px .5em 15px }
+
+ .CGroup .CTitle {
+ font-size: 16pt; font-variant: small-caps;
+ padding-left: 15px; padding-right: 15px;
+ border-width: 0 0 2px 0; border-color: #000000;
+ margin-left: 0; margin-right: 0 }
+
+ .CClass .CTitle,
+ .CInterface .CTitle,
+ .CDatabase .CTitle,
+ .CDatabaseTable .CTitle,
+ .CSection .CTitle {
+ font-size: 18pt;
+ color: #FFFFFF; background-color: #A0A0A0;
+ padding: 10px 15px 10px 15px;
+ border-width: 2px 0; border-color: #000000;
+ margin-left: 0; margin-right: 0 }
+
+ #MainTopic .CTitle {
+ font-size: 20pt;
+ color: #FFFFFF; background-color: #7070C0;
+ padding: 10px 15px 10px 15px;
+ border-width: 0 0 3px 0; border-color: #000000;
+ margin-left: 0; margin-right: 0 }
+
+ .CBody {
+ margin-left: 15px; margin-right: 15px }
+
+
+ .CToolTip {
+ position: absolute; visibility: hidden;
+ left: 0; top: 0;
+ background-color: #FFFFE0;
+ padding: 5px;
+ border-width: 1px 2px 2px 1px; border-style: solid; border-color: #000000;
+ font-size: 8pt;
+ }
+
+ .Opera .CToolTip {
+ max-width: 98%;
+ }
+
+ /* Scrollbars would be useless. */
+ .CToolTip blockquote {
+ overflow: hidden;
+ }
+ .IE6 .CToolTip blockquote {
+ overflow: visible;
+ }
+
+ .CHeading {
+ font-weight: bold; font-size: 9pt;
+ margin: 1.5em 0 .5em 0;
+ }
+
+ .CBody pre {
+ font: 8pt "Courier New", Courier, monospace;
+ background-color: #FCFCFC;
+ margin: 1em 35px;
+ padding: 10px 15px 10px 10px;
+ border-color: #E0E0E0 #E0E0E0 #E0E0E0 #E4E4E4;
+ border-width: 1px 1px 1px 6px;
+ border-style: dashed dashed dashed solid;
+ }
+
+ .CBody ul {
+ /* I don't know why CBody's margin doesn't apply, but it's consistent across browsers so whatever.
+ Reapply it here as padding. */
+ padding-left: 15px; padding-right: 15px;
+ margin: .5em 5ex .5em 5ex;
+ }
+
+ .CDescriptionList {
+ margin: .5em 5ex 0 5ex }
+
+ .CDLEntry {
+ font: 8pt "Courier New", Courier, monospace; color: #808080;
+ padding-bottom: .25em;
+ white-space: nowrap }
+
+ .CDLDescription {
+ font-size: 8pt; /* For browsers that don't inherit correctly, like Opera 5. */
+ padding-bottom: .5em; padding-left: 5ex }
+
+
+ .CTopic img {
+ text-align: center;
+ display: block;
+ margin: 1em auto;
+ }
+ .CImageCaption {
+ font-variant: small-caps;
+ font-size: 8pt;
+ color: #808080;
+ text-align: center;
+ position: relative;
+ top: 1em;
+ }
+
+ .CImageLink {
+ color: #808080;
+ font-style: italic;
+ }
+ a.CImageLink:link,
+ a.CImageLink:visited,
+ a.CImageLink:hover { color: #808080 }
+
+
+
+
+
+.Prototype {
+ font: 8pt "Courier New", Courier, monospace;
+ padding: 5px 3ex;
+ border-width: 1px; border-style: solid;
+ margin: 0 5ex 1.5em 5ex;
+ }
+
+ .Prototype td {
+ font-size: 8pt;
+ }
+
+ .PDefaultValue,
+ .PDefaultValuePrefix,
+ .PTypePrefix {
+ color: #8F8F8F;
+ }
+ .PTypePrefix {
+ text-align: right;
+ }
+ .PAfterParameters {
+ vertical-align: bottom;
+ }
+
+ .IE .Prototype table {
+ padding: 0;
+ }
+
+ .CFunction .Prototype {
+ background-color: #F4F4F4; border-color: #D0D0D0 }
+ .CProperty .Prototype {
+ background-color: #F4F4FF; border-color: #C0C0E8 }
+ .CVariable .Prototype {
+ background-color: #FFFFF0; border-color: #E0E0A0 }
+
+ .CClass .Prototype {
+ border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+ background-color: #F4F4F4;
+ }
+ .CInterface .Prototype {
+ border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0D0;
+ background-color: #F4F4FF;
+ }
+
+ .CDatabaseIndex .Prototype,
+ .CConstant .Prototype {
+ background-color: #D0D0D0; border-color: #000000 }
+ .CType .Prototype,
+ .CEnumeration .Prototype {
+ background-color: #FAF0F0; border-color: #E0B0B0;
+ }
+ .CDatabaseTrigger .Prototype,
+ .CEvent .Prototype,
+ .CDelegate .Prototype {
+ background-color: #F0FCF0; border-color: #B8E4B8 }
+
+ .CToolTip .Prototype {
+ margin: 0 0 .5em 0;
+ white-space: nowrap;
+ }
+
+
+
+
+
+.Summary {
+ margin: 1.5em 5ex 0 5ex }
+
+ .STitle {
+ font-size: 11pt; font-weight: bold;
+ margin-bottom: .5em }
+
+
+ .SBorder {
+ background-color: #FFFFF0;
+ padding: 15px;
+ border: 1px solid #C0C060 }
+
+ /* In a frame IE 6 will make them too long unless you set the width to 100%. Without frames it will be correct without a width
+ or slightly too long (but not enough to scroll) with a width. This arbitrary weirdness simply astounds me. IE 7 has the same
+ problem with frames, haven't tested it without. */
+ .FramedContentPage .IE .SBorder {
+ width: 100% }
+
+ /* A treat for Mozilla users. Blatantly non-standard. Will be replaced with CSS 3 attributes when finalized/supported. */
+ .Firefox .SBorder {
+ -moz-border-radius: 20px }
+
+
+ .STable {
+ font-size: 8pt; width: 100% }
+
+ .SEntry {
+ width: 30% }
+ .SDescription {
+ width: 70% }
+
+
+ .SMarked {
+ background-color: #F8F8D8 }
+
+ .SDescription { padding-left: 2ex }
+ .SIndent1 .SEntry { padding-left: 1.5ex } .SIndent1 .SDescription { padding-left: 3.5ex }
+ .SIndent2 .SEntry { padding-left: 3.0ex } .SIndent2 .SDescription { padding-left: 5.0ex }
+ .SIndent3 .SEntry { padding-left: 4.5ex } .SIndent3 .SDescription { padding-left: 6.5ex }
+ .SIndent4 .SEntry { padding-left: 6.0ex } .SIndent4 .SDescription { padding-left: 8.0ex }
+ .SIndent5 .SEntry { padding-left: 7.5ex } .SIndent5 .SDescription { padding-left: 9.5ex }
+
+ .SDescription a { color: #800000}
+ .SDescription a:active { color: #A00000 }
+
+ .SGroup td {
+ padding-top: .5em; padding-bottom: .25em }
+
+ .SGroup .SEntry {
+ font-weight: bold; font-variant: small-caps }
+
+ .SGroup .SEntry a { color: #800000 }
+ .SGroup .SEntry a:active { color: #F00000 }
+
+
+ .SMain td,
+ .SClass td,
+ .SDatabase td,
+ .SDatabaseTable td,
+ .SSection td {
+ font-size: 10pt;
+ padding-bottom: .25em }
+
+ .SClass td,
+ .SDatabase td,
+ .SDatabaseTable td,
+ .SSection td {
+ padding-top: 1em }
+
+ .SMain .SEntry,
+ .SClass .SEntry,
+ .SDatabase .SEntry,
+ .SDatabaseTable .SEntry,
+ .SSection .SEntry {
+ font-weight: bold;
+ }
+
+ .SMain .SEntry a,
+ .SClass .SEntry a,
+ .SDatabase .SEntry a,
+ .SDatabaseTable .SEntry a,
+ .SSection .SEntry a { color: #000000 }
+
+ .SMain .SEntry a:active,
+ .SClass .SEntry a:active,
+ .SDatabase .SEntry a:active,
+ .SDatabaseTable .SEntry a:active,
+ .SSection .SEntry a:active { color: #A00000 }
+
+
+
+
+
+.ClassHierarchy {
+ margin: 0 15px 1em 15px }
+
+ .CHEntry {
+ border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+ margin-bottom: 3px;
+ padding: 2px 2ex;
+ font-size: 8pt;
+ background-color: #F4F4F4; color: #606060;
+ }
+
+ .Firefox .CHEntry {
+ -moz-border-radius: 4px;
+ }
+
+ .CHCurrent .CHEntry {
+ font-weight: bold;
+ border-color: #000000;
+ color: #000000;
+ }
+
+ .CHChildNote .CHEntry {
+ font-style: italic;
+ font-size: 8pt;
+ }
+
+ .CHIndent {
+ margin-left: 3ex;
+ }
+
+ .CHEntry a:link,
+ .CHEntry a:visited,
+ .CHEntry a:hover {
+ color: #606060;
+ }
+ .CHEntry a:active {
+ color: #800000;
+ }
+
+
+
+
+
+#Index {
+ background-color: #FFFFFF;
+ }
+
+/* As opposed to .PopupSearchResultsPage #Index */
+.IndexPage #Index,
+.FramedIndexPage #Index,
+.FramedSearchResultsPage #Index {
+ padding: 15px;
+ }
+
+.IndexPage #Index {
+ border-width: 0 0 1px 1px;
+ border-style: solid;
+ border-color: #000000;
+ font-size: 8pt; /* To make 27ex match the menu's 27ex. */
+ margin-left: 27ex;
+ }
+
+
+ .IPageTitle {
+ font-size: 20pt; font-weight: bold;
+ color: #FFFFFF; background-color: #7070C0;
+ padding: 10px 15px 10px 15px;
+ border-width: 0 0 3px 0; border-color: #000000; border-style: solid;
+ margin: -15px -15px 0 -15px }
+
+ .FramedSearchResultsPage .IPageTitle {
+ margin-bottom: 15px;
+ }
+
+ .INavigationBar {
+ text-align: center;
+ background-color: #FFFFF0;
+ padding: 5px;
+ border-bottom: solid 1px black;
+ margin: 0 -15px 15px -15px;
+ }
+
+ .INavigationBar a {
+ font-weight: bold }
+
+ .IHeading {
+ font-size: 14pt; font-weight: bold;
+ padding: 2.5em 0 .5em 0;
+ text-align: center;
+ width: 3.5ex;
+ }
+ #IFirstHeading {
+ padding-top: 0;
+ }
+
+ .IEntry {
+ padding-left: 1ex;
+ }
+ .PopupSearchResultsPage .IEntry {
+ font-size: 8pt;
+ padding: 1px 5px;
+ }
+ .PopupSearchResultsPage .Opera9 .IEntry,
+ .FramedSearchResultsPage .Opera9 .IEntry {
+ text-align: left;
+ }
+ .FramedSearchResultsPage .IEntry {
+ padding: 0;
+ }
+
+ .ISubIndex {
+ padding-left: 3ex; padding-bottom: .5em }
+ .PopupSearchResultsPage .ISubIndex {
+ display: none;
+ }
+
+ /* While it may cause some entries to look like links when they aren't, I found it's much easier to read the
+ index if everything's the same color. */
+ .ISymbol {
+ font-weight: bold; color: #900000 }
+
+ .IndexPage .ISymbolPrefix,
+ .FramedIndexPage .ISymbolPrefix {
+ text-align: right;
+ color: #C47C7C;
+ background-color: #F8F8F8;
+ border-right: 3px solid #E0E0E0;
+ border-left: 1px solid #E0E0E0;
+ padding: 0 1px 0 2px;
+ }
+ .PopupSearchResultsPage .ISymbolPrefix,
+ .FramedSearchResultsPage .ISymbolPrefix {
+ color: #900000;
+ }
+ .PopupSearchResultsPage .ISymbolPrefix {
+ font-size: 8pt;
+ }
+
+ .IndexPage #IFirstSymbolPrefix,
+ .FramedIndexPage #IFirstSymbolPrefix {
+ border-top: 1px solid #E0E0E0;
+ }
+ .IndexPage #ILastSymbolPrefix,
+ .FramedIndexPage #ILastSymbolPrefix {
+ border-bottom: 1px solid #E0E0E0;
+ }
+ .IndexPage #IOnlySymbolPrefix,
+ .FramedIndexPage #IOnlySymbolPrefix {
+ border-top: 1px solid #E0E0E0;
+ border-bottom: 1px solid #E0E0E0;
+ }
+
+ a.IParent,
+ a.IFile {
+ display: block;
+ }
+
+ .PopupSearchResultsPage .SRStatus {
+ padding: 2px 5px;
+ font-size: 8pt;
+ font-style: italic;
+ }
+ .FramedSearchResultsPage .SRStatus {
+ font-size: 8pt;
+ font-style: italic;
+ }
+
+ .SRResult {
+ display: none;
+ }
+
+
+
+#Footer {
+ font-size: 8pt;
+ color: #989898;
+ text-align: right;
+ }
+
+#Footer p {
+ text-indent: 0;
+ margin-bottom: .5em;
+ }
+
+.ContentPage #Footer,
+.IndexPage #Footer {
+ text-align: right;
+ margin: 2px;
+ }
+
+.FramedMenuPage #Footer {
+ text-align: center;
+ margin: 5em 10px 10px 10px;
+ padding-top: 1em;
+ border-top: 1px solid #C8C8C8;
+ }
+
+ #Footer a:link,
+ #Footer a:hover,
+ #Footer a:visited { color: #989898 }
+ #Footer a:active { color: #A00000 }
+
+
+
+.prettyprint .kwd { color: #800000; } /* keywords */
+
+ .prettyprint.PDefaultValue .kwd,
+ .prettyprint.PDefaultValuePrefix .kwd,
+ .prettyprint.PTypePrefix .kwd {
+ color: #C88F8F;
+ }
+
+.prettyprint .com { color: #008000; } /* comments */
+
+ .prettyprint.PDefaultValue .com,
+ .prettyprint.PDefaultValuePrefix .com,
+ .prettyprint.PTypePrefix .com {
+ color: #8FC88F;
+ }
+
+.prettyprint .str { color: #0000B0; } /* strings */
+.prettyprint .lit { color: #0000B0; } /* literals */
+
+ .prettyprint.PDefaultValue .str,
+ .prettyprint.PDefaultValuePrefix .str,
+ .prettyprint.PTypePrefix .str,
+ .prettyprint.PDefaultValue .lit,
+ .prettyprint.PDefaultValuePrefix .lit,
+ .prettyprint.PTypePrefix .lit {
+ color: #8F8FC0;
+ }
+
+.prettyprint .typ { color: #000000; } /* types */
+.prettyprint .pun { color: #000000; } /* punctuation */
+.prettyprint .pln { color: #000000; } /* punctuation */
+
+ .prettyprint.PDefaultValue .typ,
+ .prettyprint.PDefaultValuePrefix .typ,
+ .prettyprint.PTypePrefix .typ,
+ .prettyprint.PDefaultValue .pun,
+ .prettyprint.PDefaultValuePrefix .pun,
+ .prettyprint.PTypePrefix .pun,
+ .prettyprint.PDefaultValue .pln,
+ .prettyprint.PDefaultValuePrefix .pln,
+ .prettyprint.PTypePrefix .pln {
+ color: #8F8F8F;
+ }
+
+.prettyprint .tag { color: #008; }
+.prettyprint .atn { color: #606; }
+.prettyprint .atv { color: #080; }
+.prettyprint .dec { color: #606; }
+
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/README.md b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/README.md
new file mode 100644
index 00000000..9b9dbbc0
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/README.md
@@ -0,0 +1,15 @@
+Compatiblity with different browsers
+===================================
+**OS: `windows`**<br>
+
+
+ Cases | IE (Win) | Opera | Chrome | Mozilla | Safari
+ ------------------ | ------- | ----- | ------ | ------- | ------
+ XHR wrapping |  |  |  |  | 
+ HTML dom-0 wrapping |  |  |  |  | 
+ HTML dom-2 wrapping |  |  |  |  | 
+ URL rewriting |  |  |  |  |
+
+<pre>Note: Missing tick means, this has not yet been implemented or tested</pre>
+
+
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js
new file mode 100644
index 00000000..aa548cb3
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js
@@ -0,0 +1,366 @@
+/**
+ * =================================================================
+ * Javascript code for OWASP CSRF Protector
+ * Task it does: Fetch csrftoken from cookie, and attach it to every
+ * POST request
+ * Allowed GET url
+ * -- XHR
+ * -- Static Forms
+ * -- URLS (GET only)
+ * -- dynamic forms
+ * =================================================================
+ */
+
+var CSRFP_FIELD_TOKEN_NAME = 'csrfp_hidden_data_token';
+var CSRFP_FIELD_URLS = 'csrfp_hidden_data_urls';
+
+var CSRFP = {
+ CSRFP_TOKEN: 'csrfp_token',
+ /**
+ * Array of patterns of url, for which csrftoken need to be added
+ * In case of GET request also, provided from server
+ *
+ * @var string array
+ */
+ checkForUrls: [],
+ /**
+ * Function to check if a certain url is allowed to perform the request
+ * With or without csrf token
+ *
+ * @param: string, url
+ *
+ * @return: boolean, true if csrftoken is not needed
+ * false if csrftoken is needed
+ */
+ _isValidGetRequest: function(url) {
+ for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+ var match = CSRFP.checkForUrls[i].exec(url);
+ if (match !== null && match.length > 0) {
+ return false;
+ }
+ }
+ return true;
+ },
+ /**
+ * function to get Auth key from cookie Andreturn it to requesting function
+ *
+ * @param: void
+ *
+ * @return: string, csrftoken retrieved from cookie
+ */
+ _getAuthKey: function() {
+ var re = new RegExp(CSRFP.CSRFP_TOKEN +"=([^;]+)(;|$)");
+ var RegExpArray = re.exec(document.cookie);
+
+ if (RegExpArray === null) {
+ return false;
+ }
+ return RegExpArray[1];
+ },
+ /**
+ * Function to get domain of any url
+ *
+ * @param: string, url
+ *
+ * @return: string, domain of url
+ */
+ _getDomain: function(url) {
+ if (url.indexOf("http://") !== 0
+ && url.indexOf("https://") !== 0)
+ return document.domain;
+ return /http(s)?:\/\/([^\/]+)/.exec(url)[2];
+ },
+ /**
+ * Function to create and return a hidden input element
+ * For stroing the CSRFP_TOKEN
+ *
+ * @param void
+ *
+ * @return input element
+ */
+ _getInputElt: function() {
+ var hiddenObj = document.createElement("input");
+ hiddenObj.setAttribute('name', CSRFP.CSRFP_TOKEN);
+ hiddenObj.setAttribute('class', CSRFP.CSRFP_TOKEN);
+ hiddenObj.type = 'hidden';
+ hiddenObj.value = CSRFP._getAuthKey();
+ return hiddenObj;
+ },
+ /**
+ * Returns absolute path for relative path
+ *
+ * @param base, base url
+ * @param relative, relative url
+ *
+ * @return absolute path (string)
+ */
+ _getAbsolutePath: function(base, relative) {
+ var stack = base.split("/");
+ var parts = relative.split("/");
+ // remove current file name (or empty string)
+ // (omit if "base" is the current folder without trailing slash)
+ stack.pop();
+
+ for (var i = 0; i < parts.length; i++) {
+ if (parts[i] == ".")
+ continue;
+ if (parts[i] == "..")
+ stack.pop();
+ else
+ stack.push(parts[i]);
+ }
+ return stack.join("/");
+ },
+ /**
+ * Remove jcsrfp-token run fun and then put them back
+ *
+ * @param function
+ * @param reference form obj
+ *
+ * @retrun function
+ */
+ _csrfpWrap: function(fun, obj) {
+ return function(event) {
+ // Remove CSRf token if exists
+ if (typeof obj[CSRFP.CSRFP_TOKEN] !== 'undefined') {
+ var target = obj[CSRFP.CSRFP_TOKEN];
+ target.parentNode.removeChild(target);
+ }
+
+ // Trigger the functions
+ var result = fun.apply(this, [event]);
+
+ // Now append the csrfp_token back
+ obj.appendChild(CSRFP._getInputElt());
+
+ return result;
+ };
+ },
+ /**
+ * Initialises the CSRFProtector js script
+ *
+ * @param void
+ *
+ * @return void
+ */
+ _init: function() {
+ CSRFP.CSRFP_TOKEN = document.getElementById(CSRFP_FIELD_TOKEN_NAME).value;
+ try {
+ CSRFP.checkForUrls = JSON.parse(document.getElementById(CSRFP_FIELD_URLS).value);
+ } catch (err) {
+ console.error(err);
+ console.error('[ERROR] [CSRF Protector] unable to parse blacklisted url fields.');
+ }
+
+ //convert these rules received from php lib to regex objects
+ for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+ CSRFP.checkForUrls[i] = CSRFP.checkForUrls[i].replace(/\*/g, '(.*)')
+ .replace(/\//g, "\\/");
+ CSRFP.checkForUrls[i] = new RegExp(CSRFP.checkForUrls[i]);
+ }
+
+ }
+
+};
+
+//==========================================================
+// Adding tokens, wrappers on window onload
+//==========================================================
+
+function csrfprotector_init() {
+
+ // Call the init funcion
+ CSRFP._init();
+
+ // definition of basic FORM submit event handler to intercept the form request
+ // and attach a CSRFP TOKEN if it's not already available
+ var BasicSubmitInterceptor = function(event) {
+ if (typeof event.target[CSRFP.CSRFP_TOKEN] === 'undefined') {
+ event.target.appendChild(CSRFP._getInputElt());
+ } else {
+ //modify token to latest value
+ event.target[CSRFP.CSRFP_TOKEN].value = CSRFP._getAuthKey();
+ }
+ }
+
+ //==================================================================
+ // Adding csrftoken to request resulting from <form> submissions
+ // Add for each POST, while for mentioned GET request
+ // TODO - check for method
+ //==================================================================
+ // run time binding
+ document.querySelector('body').addEventListener('submit', function(event) {
+ if (event.target.tagName.toLowerCase() === 'form') {
+ BasicSubmitInterceptor(event);
+ };
+ });
+
+ // intial binding
+ // for(var i = 0; i < document.forms.length; i++) {
+ // document.forms[i].addEventListener("submit", BasicSubmitInterceptor);
+ // }
+
+ //==================================================================
+ // Adding csrftoken to request resulting from direct form.submit() call
+ // Add for each POST, while for mentioned GET request
+ // TODO - check for form method
+ //==================================================================
+ HTMLFormElement.prototype.submit_ = HTMLFormElement.prototype.submit;
+ HTMLFormElement.prototype.submit = function() {
+ // check if the FORM already contains the token element
+ if (!this.getElementsByClassName(CSRFP.CSRFP_TOKEN).length)
+ this.appendChild(CSRFP._getInputElt());
+ this.submit_();
+ }
+
+
+ /**
+ * Add wrapper for HTMLFormElements addEventListener so that any further
+ * addEventListens won't have trouble with CSRF token
+ * todo - check for method
+ */
+ HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener;
+ HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) {
+ if (eventType === 'submit') {
+ var wrapped = CSRFP._csrfpWrap(fun, this);
+ this.addEventListener_(eventType, wrapped, bubble);
+ } else {
+ this.addEventListener_(eventType, fun, bubble);
+ }
+ }
+
+ /**
+ * Add wrapper for IE's attachEvent
+ * todo - check for method
+ * todo - typeof is now obselete for IE 11, use some other method.
+ */
+ if (typeof HTMLFormElement.prototype.attachEvent !== 'undefined') {
+ HTMLFormElement.prototype.attachEvent_ = HTMLFormElement.prototype.attachEvent;
+ HTMLFormElement.prototype.attachEvent = function(eventType, fun) {
+ if (eventType === 'onsubmit') {
+ var wrapped = CSRFP._csrfpWrap(fun, this);
+ this.attachEvent_(eventType, wrapped);
+ } else {
+ this.attachEvent_(eventType, fun);
+ }
+ }
+ }
+
+
+ //==================================================================
+ // Wrapper for XMLHttpRequest & ActiveXObject (for IE 6 & below)
+ // Set X-No-CSRF to true before sending if request method is
+ //==================================================================
+
+ /**
+ * Wrapper to XHR open method
+ * Add a property method to XMLHttpRequst class
+ * @param: all parameters to XHR open method
+ * @return: object returned by default, XHR open method
+ */
+ function new_open(method, url, async, username, password) {
+ this.method = method;
+ var isAbsolute = (url.indexOf("./") === -1) ? true : false;
+ if (!isAbsolute) {
+ var base = location.protocol +'//' +location.host
+ + location.pathname;
+ url = CSRFP._getAbsolutePath(base, url);
+ }
+ if (method.toLowerCase() === 'get'
+ && !CSRFP._isValidGetRequest(url)) {
+ //modify the url
+ if (url.indexOf('?') === -1) {
+ url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+ } else {
+ url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+ }
+ }
+
+ return this.old_open(method, url, async, username, password);
+ }
+
+ /**
+ * Wrapper to XHR send method
+ * Add query paramter to XHR object
+ *
+ * @param: all parameters to XHR send method
+ *
+ * @return: object returned by default, XHR send method
+ */
+ function new_send(data) {
+ if (this.method.toLowerCase() === 'post') {
+ if (data !== null && typeof data === 'object') {
+ data.append(CSRFP.CSRFP_TOKEN, CSRFP._getAuthKey());
+ } else {
+ if (typeof data != "undefined") {
+ data += "&";
+ } else {
+ data = "";
+ }
+ data += CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+ }
+ }
+ return this.old_send(data);
+ }
+
+ if (window.XMLHttpRequest) {
+ // Wrapping
+ XMLHttpRequest.prototype.old_send = XMLHttpRequest.prototype.send;
+ XMLHttpRequest.prototype.old_open = XMLHttpRequest.prototype.open;
+ XMLHttpRequest.prototype.open = new_open;
+ XMLHttpRequest.prototype.send = new_send;
+ }
+ if (typeof ActiveXObject !== 'undefined') {
+ ActiveXObject.prototype.old_send = ActiveXObject.prototype.send;
+ ActiveXObject.prototype.old_open = ActiveXObject.prototype.open;
+ ActiveXObject.prototype.open = new_open;
+ ActiveXObject.prototype.send = new_send;
+ }
+ //==================================================================
+ // Rewrite existing urls ( Attach CSRF token )
+ // Rules:
+ // Rewrite those urls which matches the regex sent by Server
+ // Ignore cross origin urls & internal links (one with hashtags)
+ // Append the token to those url already containig GET query parameter(s)
+ // Add the token to those which does not contain GET query parameter(s)
+ //==================================================================
+
+ for (var i = 0; i < document.links.length; i++) {
+ document.links[i].addEventListener("mousedown", function(event) {
+ var href = event.target.href;
+ if(typeof href === "string")
+ {
+ var urlDisect = href.split('#');
+ var url = urlDisect[0];
+ var hash = urlDisect[1];
+
+ if(CSRFP._getDomain(url).indexOf(document.domain) === -1
+ || CSRFP._isValidGetRequest(url)) {
+ //cross origin or not to be protected by rules -- ignore
+ return;
+ }
+
+ if (url.indexOf('?') !== -1) {
+ if(url.indexOf(CSRFP.CSRFP_TOKEN) === -1) {
+ url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+ } else {
+ url = url.replace(new RegExp(CSRFP.CSRFP_TOKEN +"=.*?(&|$)", 'g'),
+ CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey() + "$1");
+ }
+ } else {
+ url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+ }
+
+ event.target.href = url;
+ if (typeof hash !== 'undefined') {
+ event.target.href += '#' +hash;
+ }
+ }
+ });
+ }
+
+}
+
+window.addEventListener("DOMContentLoaded", function() {
+ csrfprotector_init();
+}, false);
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/index.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/index.php
new file mode 100644
index 00000000..03e25a69
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/js/index.php
@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/README.md b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/README.md
new file mode 100644
index 00000000..6562a9d9
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/README.md
@@ -0,0 +1,21 @@
+CSRFProtector configuration
+==========================================
+
+ - `CSRFP_TOKEN`: name of the csrf nonce, used for cookie or posting as argument. default: `csrfp_token` (if left blank)
+ - `logDirectory`: location of the directory at which log files will be saved **relative** to `config.php` file. This is required for file based logging (default), Not needed, in case you override logging function to implement your logging logic. (View [Overriding logging function](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Overriding-logging-function))
+ <br>**Default value:** `../log/`
+ - `failedAuthAction`: Action code (integer) for action to be taken in case of failed validation. Has two different values for bot `GET` and `POST`. Different action codes are specified as follows, (<br>**Default:** `0` for both `GET` & `POST`):
+* `0` Send **403, Forbidden** Header
+* `1` **Strip the POST/GET query** and forward the request! unset($_POST)
+* `2` **Redirect to custom error page** mentioned in `errorRedirectionPage`
+* `3` **Show custom error message** to user, mentioned in `customErrorMessage`
+* `4` Send **500, Internal Server Error** header
+
+ - `errorRedirectionPage`: **Absolute url** of the file to which user should be redirected. <br>**Default: null**
+ - `customErrorMessage`: **Error Message** to be shown to user. Only this text will be shown!<br>**Default: null**
+ - `jsPath`: location of the js file **relative** to `config.php`. <br>**Default:** `../js/csrfprotector.js`
+ - `jsUrl`: **Absolute url** of the js file. (See [Setting up](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Setting-up-CSRF-Protector-PHP-in-your-web-application) for more information)
+ - `tokenLength`: length of csrfp token, Default `10`
+ - `secureCookie`: sets the "secure" HTTPS flag on the cookie. <br>**Default: `false`**
+ - `disabledJavascriptMessage`: messaged to be shown if js is disabled (string)
+ - `verifyGetFor`: regex rules for those urls for which csrfp validation should be enabled for `GET` requests also. (View [verifyGetFor rules](https://github.com/mebjas/CSRF-Protector-PHP/wiki/verifyGetFor-rules) for more information)
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php
new file mode 100755
index 00000000..a12394e0
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php
@@ -0,0 +1,29 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+
+return array(
+ "CSRFP_TOKEN" => "MAILCOW_CSRF",
+ "logDirectory" => "../log",
+ "failedAuthAction" => array(
+ "GET" => 1,
+ "POST" => 1),
+ "errorRedirectionPage" => "",
+ "customErrorMessage" => "",
+ "jsPath" => "../js/csrfprotector.js",
+ // Fetching IS_HTTPS from sessions handler
+ "jsUrl" => (($GLOBALS['IS_HTTPS'] === true) ? 'https://' : 'http://') . $GLOBALS['mailcow_hostname'] . ':' . intval(explode(':', $_SERVER['HTTP_HOST'])[1]) . "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
+ "tokenLength" => 10,
+ "secureCookie" => false,
+ "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
+ Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
+ See details of your web browser for how to enable JavaScript.",
+ "verifyGetFor" => array()
+);
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/README.md b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/README.md
new file mode 100644
index 00000000..286bcbad
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/README.md
@@ -0,0 +1,6 @@
+Placeholder for **CSRF Protector - php library**
+=====================================================
+
+**Dependency:** `None`<br>
+**Configuration-File:** `../config.php`<br>
+**Configuration-Format:** `PHP ARRAY`<br>
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php
new file mode 100755
index 00000000..c09a5b03
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php
@@ -0,0 +1,536 @@
+<?php
+
+if (!defined('__CSRF_PROTECTOR__')) {
+ define('__CSRF_PROTECTOR__', true); // to avoid multiple declaration errors
+
+ // name of HTTP POST variable for authentication
+ define("CSRFP_TOKEN","csrfp_token");
+
+ // We insert token name and list of url patterns for which
+ // GET requests are validated against CSRF as hidden input fields
+ // these are the names of the input fields
+ define("CSRFP_FIELD_TOKEN_NAME", "csrfp_hidden_data_token");
+ define("CSRFP_FIELD_URLS", "csrfp_hidden_data_urls");
+
+ /**
+ * child exception classes
+ */
+ class configFileNotFoundException extends \exception {};
+ class logDirectoryNotFoundException extends \exception {};
+ class jsFileNotFoundException extends \exception {};
+ class logFileWriteError extends \exception {};
+ class baseJSFileNotFoundExceptio extends \exception {};
+ class incompleteConfigurationException extends \exception {};
+ class alreadyInitializedException extends \exception {};
+
+ class csrfProtector
+ {
+ /*
+ * Variable: $cookieExpiryTime
+ * expiry time for cookie
+ * @var int
+ */
+ public static $cookieExpiryTime = 1800; //30 minutes
+
+ /*
+ * Variable: $isSameOrigin
+ * flag for cross origin/same origin request
+ * @var bool
+ */
+ private static $isSameOrigin = true;
+
+ /*
+ * Variable: $isValidHTML
+ * flag to check if output file is a valid HTML or not
+ * @var bool
+ */
+ private static $isValidHTML = false;
+
+ /*
+ * Variable: $requestType
+ * Varaible to store weather request type is post or get
+ * @var string
+ */
+ protected static $requestType = "GET";
+
+ /*
+ * Variable: $config
+ * config file for CSRFProtector
+ * @var int Array, length = 6
+ * Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails
+ * Property: #2: logDirectory (string) => directory in which log will be saved
+ * Property: #3: customErrorMessage (string) => custom error message to be sent in case
+ * of failed authentication
+ * Property: #4: jsFile (string) => location of the CSRFProtector js file
+ * Property: #5: tokenLength (int) => default length of hash
+ * Property: #6: disabledJavascriptMessage (string) => error message if client's js is disabled
+ */
+ public static $config = array();
+
+ /*
+ * Variable: $requiredConfigurations
+ * Contains list of those parameters that are required to be there
+ * in config file for csrfp to work
+ */
+ public static $requiredConfigurations = array('logDirectory', 'failedAuthAction', 'jsPath', 'jsUrl', 'tokenLength');
+
+ /*
+ * Function: init
+ *
+ * function to initialise the csrfProtector work flow
+ *
+ * Parameters:
+ * $length - length of CSRF_AUTH_TOKEN to be generated
+ * $action - int array, for different actions to be taken in case of failed validation
+ *
+ * Returns:
+ * void
+ *
+ * Throws:
+ * configFileNotFoundException - when configuration file is not found
+ * incompleteConfigurationException - when all required fields in config
+ * file are not available
+ *
+ */
+ public static function init($length = null, $action = null)
+ {
+ /*
+ * Check if init has already been called.
+ */
+ if (count(self::$config) > 0) {
+ throw new alreadyInitializedException("OWASP CSRFProtector: library was already initialized.");
+ }
+
+ /*
+ * if mod_csrfp already enabled, no verification, no filtering
+ * Already done by mod_csrfp
+ */
+ if (getenv('mod_csrfp_enabled'))
+ return;
+
+ //start session in case its not
+ if (session_id() == '')
+ session_start();
+
+ /*
+ * load configuration file and properties
+ * Check locally for a config.php then check for
+ * a config/csrf_config.php file in the root folder
+ * for composer installations
+ */
+ $standard_config_location = __DIR__ ."/../config.php";
+ $composer_config_location = __DIR__ ."/../../../../../config/csrf_config.php";
+
+ if (file_exists($standard_config_location)) {
+ self::$config = include($standard_config_location);
+ } elseif(file_exists($composer_config_location)) {
+ self::$config = include($composer_config_location);
+ } else {
+ throw new configFileNotFoundException("OWASP CSRFProtector: configuration file not found for CSRFProtector!");
+ }
+
+ //overriding length property if passed in parameters
+ if ($length != null)
+ self::$config['tokenLength'] = intval($length);
+
+ //action that is needed to be taken in case of failed authorisation
+ if ($action != null)
+ self::$config['failedAuthAction'] = $action;
+
+ if (self::$config['CSRFP_TOKEN'] == '')
+ self::$config['CSRFP_TOKEN'] = CSRFP_TOKEN;
+
+ // Validate the config if everythings filled out
+ // TODO: collect all missing values and throw exception together
+ foreach (self::$requiredConfigurations as $value) {
+ if (!isset(self::$config[$value]) || self::$config[$value] == '') {
+ throw new incompleteConfigurationException(
+ sprintf(
+ "OWASP CSRFProtector: Incomplete configuration file, Value: %s missing ",
+ $value
+ )
+ );
+ exit;
+ }
+ }
+
+ // Authorise the incoming request
+ self::authorizePost();
+
+ // Initialize output buffering handler
+ if (!defined('__TESTING_CSRFP__'))
+ ob_start('csrfProtector::ob_handler');
+
+ if (!isset($_COOKIE[self::$config['CSRFP_TOKEN']])
+ || !isset($_SESSION[self::$config['CSRFP_TOKEN']])
+ || !is_array($_SESSION[self::$config['CSRFP_TOKEN']])
+ || !in_array($_COOKIE[self::$config['CSRFP_TOKEN']],
+ $_SESSION[self::$config['CSRFP_TOKEN']]))
+ self::refreshToken();
+
+ // Set protected by CSRF Protector header
+ header('X-CSRF-Protection: OWASP CSRFP 1.0.0');
+ }
+
+ /*
+ * Function: authorizePost
+ * function to authorise incoming post requests
+ *
+ * Parameters:
+ * void
+ *
+ * Returns:
+ * void
+ *
+ * Throws:
+ * logDirectoryNotFoundException - if log directory is not found
+ */
+ public static function authorizePost()
+ {
+ //#todo this method is valid for same origin request only,
+ //enable it for cross origin also sometime
+ //for cross origin the functionality is different
+ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+
+ //set request type to POST
+ self::$requestType = "POST";
+
+ //currently for same origin only
+ if (!(isset($_POST[self::$config['CSRFP_TOKEN']])
+ && isset($_SESSION[self::$config['CSRFP_TOKEN']])
+ && (self::isValidToken($_POST[self::$config['CSRFP_TOKEN']]))
+ )) {
+
+ //action in case of failed validation
+ self::failedValidationAction();
+ } else {
+ self::refreshToken(); //refresh token for successfull validation
+ }
+ } else if (!static::isURLallowed()) {
+
+ //currently for same origin only
+ if (!(isset($_GET[self::$config['CSRFP_TOKEN']])
+ && isset($_SESSION[self::$config['CSRFP_TOKEN']])
+ && (self::isValidToken($_GET[self::$config['CSRFP_TOKEN']]))
+ )) {
+
+ //action in case of failed validation
+ self::failedValidationAction();
+ } else {
+ self::refreshToken(); //refresh token for successfull validation
+ }
+ }
+ }
+
+ /*
+ * Function: isValidToken
+ * function to check the validity of token in session array
+ * Function also clears all tokens older than latest one
+ *
+ * Parameters:
+ * $token - the token sent with GET or POST payload
+ *
+ * Returns:
+ * bool - true if its valid else false
+ */
+ private static function isValidToken($token) {
+ if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+ if (!is_array($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+ foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $key => $value) {
+ if ($value == $token) {
+
+ // Clear all older tokens assuming they have been consumed
+ foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $_key => $_value) {
+ if ($_value == $token) break;
+ array_shift($_SESSION[self::$config['CSRFP_TOKEN']]);
+ }
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /*
+ * Function: failedValidationAction
+ * function to be called in case of failed validation
+ * performs logging and take appropriate action
+ *
+ * Parameters:
+ * void
+ *
+ * Returns:
+ * void
+ */
+ private static function failedValidationAction()
+ {
+ if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory']))
+ throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
+
+ //call the logging function
+ static::logCSRFattack();
+
+ //#todo: ask mentors if $failedAuthAction is better as an int or string
+ //default case is case 0
+ switch (self::$config['failedAuthAction'][self::$requestType]) {
+ case 0:
+ //send 403 header
+ header('HTTP/1.0 403 Forbidden');
+ exit("<h2>403 Access Forbidden by CSRFProtector!</h2>");
+ break;
+ case 1:
+ //unset the query parameters and forward
+ if (self::$requestType === 'GET') {
+ $_GET = array();
+ } else {
+ $_POST = array();
+ }
+ break;
+ case 2:
+ //redirect to custom error page
+ $location = self::$config['errorRedirectionPage'];
+ header("location: $location");
+ case 3:
+ //send custom error message
+ exit(self::$config['customErrorMessage']);
+ break;
+ case 4:
+ //send 500 header -- internal server error
+ header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
+ exit("<h2>500 Internal Server Error!</h2>");
+ break;
+ default:
+ //unset the query parameters and forward
+ if (self::$requestType === 'GET') {
+ $_GET = array();
+ } else {
+ $_POST = array();
+ }
+ break;
+ }
+ }
+
+ /*
+ * Function: refreshToken
+ * Function to set auth cookie
+ *
+ * Parameters:
+ * void
+ *
+ * Returns:
+ * void
+ */
+ public static function refreshToken()
+ {
+ $token = self::generateAuthToken();
+
+ if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])
+ || !is_array($_SESSION[self::$config['CSRFP_TOKEN']]))
+ $_SESSION[self::$config['CSRFP_TOKEN']] = array();
+
+ //set token to session for server side validation
+ array_push($_SESSION[self::$config['CSRFP_TOKEN']], $token);
+
+ //set token to cookie for client side processing
+ setcookie(self::$config['CSRFP_TOKEN'],
+ $token,
+ time() + self::$cookieExpiryTime,
+ '',
+ '',
+ (array_key_exists('secureCookie', self::$config) ? (bool)self::$config['secureCookie'] : false));
+ }
+
+ /*
+ * Function: generateAuthToken
+ * function to generate random hash of length as given in parameter
+ * max length = 128
+ *
+ * Parameters:
+ * length to hash required, int
+ *
+ * Returns:
+ * string, token
+ */
+ public static function generateAuthToken()
+ {
+ // todo - make this a member method / configurable
+ $randLength = 64;
+
+ //if config tokenLength value is 0 or some non int
+ if (intval(self::$config['tokenLength']) == 0) {
+ self::$config['tokenLength'] = 32; //set as default
+ }
+
+ //#todo - if $length > 128 throw exception
+
+ if (function_exists("random_bytes")) {
+ $token = bin2hex(random_bytes($randLength));
+ } elseif (function_exists("openssl_random_pseudo_bytes")) {
+ $token = bin2hex(openssl_random_pseudo_bytes($randLength));
+ } else {
+ $token = '';
+ for ($i = 0; $i < 128; ++$i) {
+ $r = mt_rand (0, 35);
+ if ($r < 26) {
+ $c = chr(ord('a') + $r);
+ } else {
+ $c = chr(ord('0') + $r - 26);
+ }
+ $token .= $c;
+ }
+ }
+ return substr($token, 0, self::$config['tokenLength']);
+ }
+
+ /*
+ * Function: ob_handler
+ * Rewrites <form> on the fly to add CSRF tokens to them. This can also
+ * inject our JavaScript library.
+ *
+ * Parameters:
+ * $buffer - output buffer to which all output are stored
+ * $flag - INT
+ *
+ * Return:
+ * string, complete output buffer
+ */
+ public static function ob_handler($buffer, $flags)
+ {
+ // Even though the user told us to rewrite, we should do a quick heuristic
+ // to check if the page is *actually* HTML. We don't begin rewriting until
+ // we hit the first <html tag.
+ if (!self::$isValidHTML) {
+ // not HTML until proven otherwise
+ if (stripos($buffer, '<html') !== false) {
+ self::$isValidHTML = true;
+ } else {
+ return $buffer;
+ }
+ }
+
+ // TODO: statically rewrite all forms as well so that if a form is submitted
+ // before the js has worked on, it will still have token to send
+ // @priority: medium @labels: important @assign: mebjas
+ // @deadline: 1 week
+
+ //add a <noscript> message to outgoing HTML output,
+ //informing the user to enable js for CSRFProtector to work
+ //best section to add, after <body> tag
+ $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>" .self::$config['disabledJavascriptMessage'] .
+ "</noscript>", $buffer);
+
+ $hiddenInput = '<input type="hidden" id="' . CSRFP_FIELD_TOKEN_NAME.'" value="'
+ .self::$config['CSRFP_TOKEN'] .'">' .PHP_EOL;
+
+ $hiddenInput .= '<input type="hidden" id="' .CSRFP_FIELD_URLS .'" value=\''
+ .json_encode(self::$config['verifyGetFor']) .'\'>';
+
+ //implant hidden fields with check url information for reading in javascript
+ $buffer = str_ireplace('</body>', $hiddenInput . '</body>', $buffer);
+
+ //implant the CSRFGuard js file to outgoing script
+ $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL;
+ $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count);
+
+ if (!$count)
+ $buffer .= $script;
+
+ return $buffer;
+ }
+
+ /*
+ * Function: logCSRFattack
+ * Function to log CSRF Attack
+ *
+ * Parameters:
+ * void
+ *
+ * Retruns:
+ * void
+ *
+ * Throws:
+ * logFileWriteError - if unable to log an attack
+ */
+ protected static function logCSRFattack()
+ {
+ //if file doesnot exist for, create it
+ $logFile = fopen(__DIR__ ."/../" .self::$config['logDirectory']
+ ."/" .date("m-20y") .".log", "a+");
+
+ //throw exception if above fopen fails
+ if (!$logFile)
+ throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file");
+
+ //miniature version of the log
+ $log = array();
+ $log['timestamp'] = time();
+ $log['HOST'] = $_SERVER['HTTP_HOST'];
+ $log['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
+ $log['requestType'] = self::$requestType;
+
+ if (self::$requestType === "GET")
+ $log['query'] = $_GET;
+ else
+ $log['query'] = $_POST;
+
+ $log['cookie'] = $_COOKIE;
+
+ //convert log array to JSON format to be logged
+ $log = json_encode($log) .PHP_EOL;
+
+ //append log to the file
+ fwrite($logFile, $log);
+
+ //close the file handler
+ fclose($logFile);
+ }
+
+ /*
+ * Function: getCurrentUrl
+ * Function to return current url of executing page
+ *
+ * Parameters:
+ * void
+ *
+ * Returns:
+ * string - current url
+ */
+ private static function getCurrentUrl()
+ {
+ $request_scheme = 'https';
+
+ if (isset($_SERVER['REQUEST_SCHEME'])) {
+ $request_scheme = $_SERVER['REQUEST_SCHEME'];
+ } else {
+ if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+ $request_scheme = 'https';
+ } else {
+ $request_scheme = 'http';
+ }
+ }
+
+ return $request_scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
+ }
+
+ /*
+ * Function: isURLallowed
+ * Function to check if a url mataches for any urls
+ * Listed in config file
+ *
+ * Parameters:
+ * void
+ *
+ * Returns:
+ * boolean - true is url need no validation, false if validation needed
+ */
+ public static function isURLallowed() {
+ foreach (self::$config['verifyGetFor'] as $key => $value) {
+ $value = str_replace(array('/','*'), array('\/','(.*)'), $value);
+ preg_match('/' .$value .'/', self::getCurrentUrl(), $output);
+ if (count($output) > 0)
+ return false;
+ }
+ return true;
+ }
+ };
+}
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/index.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/index.php
new file mode 100644
index 00000000..03e25a69
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/index.php
@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/index.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/index.php
new file mode 100644
index 00000000..03e25a69
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/index.php
@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/licence.md b/data/web/inc/lib/vendor/owasp/csrf-protector-php/licence.md
new file mode 100644
index 00000000..eba85e5b
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/licence.md
@@ -0,0 +1,13 @@
+Copyright 2014 OWASP Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/.htaccess b/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/.htaccess
new file mode 100644
index 00000000..3418e55a
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/.htaccess
@@ -0,0 +1 @@
+deny from all
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/index.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/index.php
new file mode 100644
index 00000000..03e25a69
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/log/index.php
@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/phpunit.xml.dist b/data/web/inc/lib/vendor/owasp/csrf-protector-php/phpunit.xml.dist
new file mode 100644
index 00000000..34814a25
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/phpunit.xml.dist
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit verbose="true">
+ <php>
+ <ini name="memory_limit" value="1024M" />
+ <ini name="error_reporting" value="E_ALL"/>
+ </php>
+ <testsuite name="OWASP CSRF Protector php">
+ <directory>./test/csrfprotector_test.php</directory>
+ </testsuite>
+ <filter>
+ <whitelist processUncoveredFilesFromWhitelist="true">
+ <file>libs/csrf/csrfprotector.php</file>
+ </whitelist>
+ </filter>
+</phpunit>
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/readme.md b/data/web/inc/lib/vendor/owasp/csrf-protector-php/readme.md
new file mode 100644
index 00000000..fa427811
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/readme.md
@@ -0,0 +1,65 @@
+CSRF Protector
+==========================
+[](http://todofy.org/r/mebjas/CSRF-Protector-PHP) [](https://travis-ci.org/mebjas/CSRF-Protector-PHP) [](https://codecov.io/gh/mebjas/CSRF-Protector-PHP)
+<br>CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.
+
+Add to your project using packagist
+==========
+ Add a `composer.json` file to your project directory
+ ```json
+ {
+ "require": {
+ "owasp/csrf-protector-php": "dev-master"
+ }
+}
+```
+Then open terminal (or command prompt), move to project directory and run
+```shell
+composer install
+```
+OR
+```
+php composer.phar install
+```
+This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View [packagist.org](https://packagist.org/) for more help with composer!
+
+Configuration
+==========
+For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php
+For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrc/config.php
+Edit config accordingly. See Detailed Information link below.
+
+How to use
+==========
+```php
+<?php
+include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';
+
+//Initialise CSRFGuard library
+csrfProtector::init();
+```
+simply include the library and call the `init()` function!
+
+### Detailed information @[Project wiki on github](https://github.com/mebjas/CSRF-Protector-PHP/wiki)
+
+### More information @[OWASP wiki](https://www.owasp.org/index.php/CSRFProtector_Project)
+
+### Contribute
+
+* Fork the repo
+* Create your branch
+* Commit your changes
+* Create a pull request
+
+### Note
+This version (`master`) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our [nojs version](https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support)
+
+## Discussion
+Join Discussions on the [mailing list](https://lists.owasp.org/mailman/listinfo/owasp-csrfprotector)
+
+For any other queries contact me at: **minhaz@owasp.org**
+
+### FAQ:
+1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
+2. Secure flag in cookie? - https://github.com/mebjas/CSRF-Protector-PHP/issues/54
+3. NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/config.test.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/config.test.php
new file mode 100644
index 00000000..14bc1828
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/config.test.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+return array(
+ "CSRFP_TOKEN" => "csrfp_token",
+ "logDirectory" => "../log",
+ "failedAuthAction" => array(
+ "GET" => 0,
+ "POST" => 0),
+ "errorRedirectionPage" => "",
+ "customErrorMessage" => "",
+ "jsPath" => "../js/csrfprotector.js",
+ "jsUrl" => "http://localhost/csrfp/js/csrfprotector.js",
+ "tokenLength" => 10,
+ "secureCookie" => false,
+ "disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
+ Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
+ See details of your web browser for how to enable JavaScript.",
+ "verifyGetFor" => array()
+);
\ No newline at end of file
diff --git a/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/csrfprotector_test.php b/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/csrfprotector_test.php
new file mode 100644
index 00000000..ca5404e5
--- /dev/null
+++ b/data/web/inc/lib/vendor/owasp/csrf-protector-php/test/csrfprotector_test.php
@@ -0,0 +1,534 @@
+<?php
+date_default_timezone_set('UTC');
+require_once __DIR__ .'/../libs/csrf/csrfprotector.php';
+
+if (intval(phpversion('tidy')) >= 7 && !class_exists('\PHPUnit_Framework_TestCase', true)) {
+ class_alias('\PHPUnit\Framework\TestCase', '\PHPUnit_Framework_TestCase');
+}
+
+/**
+ * Wrapper class for testing purpose
+ */
+class csrfp_wrapper extends csrfprotector
+{
+ /**
+ * Function to provide wrapper methode to set the protected var, requestType
+ */
+ public static function changeRequestType($type)
+ {
+ self::$requestType = $type;
+ }
+
+ /**
+ * Function to check for a string value anywhere within HTTP response headers
+ * Returns true on first match of $needle in header names or values
+ */
+ public static function checkHeader($needle)
+ {
+ $haystack = xdebug_get_headers();
+ foreach ($haystack as $key => $value) {
+ if (strpos($value, $needle) !== false)
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Function to return the string value of the last response header
+ * identified by name $needle
+ */
+ public static function getHeaderValue($needle)
+ {
+ $haystack = xdebug_get_headers();
+ foreach ($haystack as $key => $value) {
+ if (strpos($value, $needle) === 0) {
+ // Deliberately overwrite to accept the last rather than first match
+ // as xdebug_get_headers() will accumulate all set headers
+ list(,$hvalue) = explode(':', $value, 2);
+ }
+ }
+ return $hvalue;
+ }
+}
+
+/**
+ * helper methods
+ */
+class Helper {
+ /**
+ * Function to recusively delete a dir
+ */
+ public static function delTree($dir) {
+ $files = array_diff(scandir($dir), array('.','..'));
+ foreach ($files as $file) {
+ (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file");
+ }
+ return rmdir($dir);
+ }
+}
+
+
+/**
+ * main test class
+ */
+class csrfp_test extends PHPUnit_Framework_TestCase
+{
+ /**
+ * @var to hold current configurations
+ */
+ protected $config = array();
+
+ /**
+ * @var log directory for testing
+ */
+ private $logDir;
+
+ /**
+ * Function to be run before every test*() functions.
+ */
+ public function setUp()
+ {
+ $this->logDir = __DIR__ .'/logs';
+
+ csrfprotector::$config['jsPath'] = '../js/csrfprotector.js';
+ csrfprotector::$config['CSRFP_TOKEN'] = 'csrfp_token';
+ csrfprotector::$config['secureCookie'] = false;
+ csrfprotector::$config['logDirectory'] = '../test/logs';
+
+ $_SERVER['REQUEST_URI'] = 'temp'; // For logging
+ $_SERVER['REQUEST_SCHEME'] = 'http'; // For authorizePost
+ $_SERVER['HTTP_HOST'] = 'test'; // For isUrlAllowed
+ $_SERVER['PHP_SELF'] = '/index.php'; // For authorizePost
+ $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+ = $_GET[csrfprotector::$config['CSRFP_TOKEN']] = '123';
+
+ //token mismatch - leading to failed validation
+ $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+ $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.1';
+ $_SERVER['HTTPS'] = null;
+
+ $this->config = include(__DIR__ .'/config.test.php');
+
+ // Create an instance of config file -- for testing
+ $data = file_get_contents(__DIR__ .'/config.test.php');
+ file_put_contents(__DIR__ .'/../libs/config.php', $data);
+
+ if (!defined('__TESTING_CSRFP__')) define('__TESTING_CSRFP__', true);
+ }
+
+ /**
+ * tearDown()
+ */
+ public function tearDown()
+ {
+ unlink(__DIR__ .'/../libs/config.php');
+ if (is_dir(__DIR__ .'/logs'))
+ Helper::delTree(__DIR__ .'/logs');
+ }
+
+ /**
+ * Function to check refreshToken() functionality
+ */
+ public function testRefreshToken()
+ {
+ $val = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = '123abcd';
+ $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+ csrfProtector::$config['tokenLength'] = 20;
+ csrfProtector::refreshToken();
+
+ $this->assertTrue(strcmp($val, $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]) != 0);
+
+ $this->assertTrue(csrfP_wrapper::checkHeader('Set-Cookie'));
+ $this->assertTrue(csrfP_wrapper::checkHeader('csrfp_token'));
+ $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]));
+ }
+
+ /**
+ * test secure flag is set in the token cookie when requested
+ */
+ public function testSecureCookie()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+
+ csrfprotector::$config['secureCookie'] = false;
+ csrfprotector::refreshToken();
+ $this->assertNotRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+
+ csrfprotector::$config['secureCookie'] = true;
+ csrfprotector::refreshToken();
+ $this->assertRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+ }
+
+ /**
+ * test authorise post -> log directory exception
+ */
+ public function testAuthorisePost_logdirException()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ csrfprotector::$config['logDirectory'] = 'unknown_location';
+
+ try {
+ csrfprotector::authorizePost();
+ } catch (logDirectoryNotFoundException $ex) {
+ $this->assertTrue(true);
+ return;;
+ }
+ $this->fail('logDirectoryNotFoundException has not been raised.');
+ }
+
+ /**
+ * test authorise post -> action = 403, forbidden
+ */
+ public function testAuthorisePost_failedAction_1()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['failedAuthAction']['POST'] = 0;
+ csrfprotector::$config['failedAuthAction']['GET'] = 0;
+
+ //csrfprotector::authorizePost();
+ $this->markTestSkipped('Cannot add tests as code exit here');
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ //csrfprotector::authorizePost();
+
+ $this->markTestSkipped('Cannot add tests as code exit here');
+ }
+
+ /**
+ * test authorise post -> strip $_GET, $_POST
+ */
+ public function testAuthorisePost_failedAction_2()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['failedAuthAction']['POST'] = 1;
+ csrfprotector::$config['failedAuthAction']['GET'] = 1;
+
+ $_POST = array('param1' => 1, 'param2' => 2);
+ csrfprotector::authorizePost();
+ $this->assertEmpty($_POST);
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ $_GET = array('param1' => 1, 'param2' => 2);
+
+ csrfprotector::authorizePost();
+ $this->assertEmpty($_GET);
+ }
+
+ /**
+ * test authorise post -> redirect
+ */
+ public function testAuthorisePost_failedAction_3()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['errorRedirectionPage'] = 'http://test';
+ csrfprotector::$config['failedAuthAction']['POST'] = 2;
+ csrfprotector::$config['failedAuthAction']['GET'] = 2;
+
+ //csrfprotector::authorizePost();
+ $this->markTestSkipped('Cannot add tests as code exit here');
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ //csrfprotector::authorizePost();
+ $this->markTestSkipped('Cannot add tests as code exit here');
+ }
+
+ /**
+ * test authorise post -> error message & exit
+ */
+ public function testAuthorisePost_failedAction_4()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['customErrorMessage'] = 'custom error message';
+ csrfprotector::$config['failedAuthAction']['POST'] = 3;
+ csrfprotector::$config['failedAuthAction']['POST'] = 3;
+
+ //csrfprotector::authorizePost();
+ $this->markTestSkipped('Cannot add tests as code exit here');
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ //csrfprotector::authorizePost();
+ $this->markTestSkipped('Cannot add tests as code exit here');
+ }
+
+ /**
+ * test authorise post -> 500 internal server error
+ */
+ public function testAuthorisePost_failedAction_5()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['failedAuthAction']['POST'] = 4;
+ csrfprotector::$config['failedAuthAction']['GET'] = 4;
+
+ //csrfprotector::authorizePost();
+ //$this->markTestSkipped('Cannot add tests as code exit here');
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ //csrfprotector::authorizePost();
+ //csrfp_wrapper::checkHeader('500');
+ //$this->markTestSkipped('Cannot add tests as code exit here');
+ }
+
+ /**
+ * test authorise post -> default action: strip $_GET, $_POST
+ */
+ public function testAuthorisePost_failedAction_6()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ csrfprotector::$config['logDirectory'] = '../log';
+ csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+ csrfprotector::$config['failedAuthAction']['POST'] = 10;
+ csrfprotector::$config['failedAuthAction']['GET'] = 10;
+
+ $_POST = array('param1' => 1, 'param2' => 2);
+ csrfprotector::authorizePost();
+ $this->assertEmpty($_POST);
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ $_GET = array('param1' => 1, 'param2' => 2);
+
+ csrfprotector::authorizePost();
+ $this->assertEmpty($_GET);
+ }
+
+ /**
+ * test authorise success
+ */
+ public function testAuthorisePost_success()
+ {
+
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+ = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+ = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+ $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+ csrfprotector::authorizePost(); //will create new session and cookies
+ $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]);
+ $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+ $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+ // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0])); // Combine these 3 later
+
+ // For get method
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfp_wrapper::changeRequestType('GET');
+ $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+ = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+ = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+ $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+ csrfprotector::authorizePost(); //will create new session and cookies
+ $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']]);
+ $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+ $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+ // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0])); // Combine these 3 later
+ }
+
+ /**
+ * test for generateAuthToken()
+ */
+ public function testGenerateAuthToken()
+ {
+ csrfprotector::$config['tokenLength'] = 20;
+ $token1 = csrfprotector::generateAuthToken();
+ $token2 = csrfprotector::generateAuthToken();
+
+ $this->assertFalse($token1 == $token2);
+ $this->assertEquals(strlen($token1), 20);
+ $this->assertRegExp('/^[a-z0-9]{20}$/', $token1);
+
+ csrfprotector::$config['tokenLength'] = 128;
+ $token = csrfprotector::generateAuthToken();
+ $this->assertEquals(strlen($token), 128);
+ $this->assertRegExp('/^[a-z0-9]{128}$/', $token);
+ }
+
+ /**
+ * test ob_handler_function
+ */
+ public function testob_handler()
+ {
+ csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+ csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+ $testHTML = '<html>';
+ $testHTML .= '<head><title>1</title>';
+ $testHTML .= '<body onload="test()">';
+ $testHTML .= '-- some static content --';
+ $testHTML .= '-- some static content --';
+ $testHTML .= '</body>';
+ $testHTML .= '</head></html>';
+
+ $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+ $inpLength = strlen($testHTML);
+ $outLength = strlen($modifiedHTML);
+
+ //Check if file has been modified
+ $this->assertFalse($outLength == $inpLength);
+ $this->assertTrue(strpos($modifiedHTML, '<noscript>') !== false);
+ $this->assertTrue(strpos($modifiedHTML, '<script') !== false);
+
+ }
+
+ /**
+ * test ob_handler_function for output filter
+ */
+ public function testob_handler_positioning()
+ {
+ csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+ csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+ $testHTML = '<html>';
+ $testHTML .= '<head><title>1</title>';
+ $testHTML .= '<body onload="test()">';
+ $testHTML .= '-- some static content --';
+ $testHTML .= '-- some static content --';
+ $testHTML .= '</body>';
+ $testHTML .= '</head></html>';
+
+ $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+
+ $this->assertEquals(strpos($modifiedHTML, '<body') + 23, strpos($modifiedHTML, '<noscript'));
+ // Check if content before </body> is </script> #todo
+ //$this->markTestSkipped('todo, add appropriate test here');
+ }
+
+ /**
+ * testing exception in logging function
+ */
+ public function testgetCurrentUrl()
+ {
+ $stub = new ReflectionClass('csrfprotector');
+ $method = $stub->getMethod('getCurrentUrl');
+ $method->setAccessible(true);
+ $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+ $tmp_request_scheme = $_SERVER['REQUEST_SCHEME'];
+ unset($_SERVER['REQUEST_SCHEME']);
+
+ // server-https is not set
+ $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+ $_SERVER['HTTPS'] = 'on';
+ $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+ unset($_SERVER['HTTPS']);
+
+ $_SERVER['REQUEST_SCHEME'] = "https";
+ $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+
+ $_SERVER['REQUEST_SCHEME'] = $tmp_request_scheme;
+ }
+
+ /**
+ * testing exception in logging function
+ */
+ public function testLoggingException()
+ {
+ $stub = new ReflectionClass('csrfprotector');
+ $method = $stub->getMethod('logCSRFattack');
+ $method->setAccessible(true);
+
+ try {
+ $method->invoke(null, array());
+ $this->fail("logFileWriteError was not caught");
+ } catch (Exception $ex) {
+ // pass
+ $this->assertTrue(true);
+ }
+
+ if (!is_dir($this->logDir))
+ mkdir($this->logDir);
+ $method->invoke(null, array());
+ $this->assertTrue(file_exists($this->logDir ."/" .date("m-20y") .".log"));
+ }
+
+ /**
+ * Tests isUrlAllowed() function for various urls and configuration
+ */
+ public function testisURLallowed()
+ {
+ csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
+
+ $_SERVER['PHP_SELF'] = '/nodelete.php';
+ $this->assertTrue(csrfprotector::isURLallowed());
+
+ $_SERVER['PHP_SELF'] = '/index.php';
+ $this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
+
+ $_SERVER['PHP_SELF'] = '/delete.php';
+ $this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
+
+ $_SERVER['PHP_SELF'] = '/delete_user.php';
+ $this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
+
+ $_SERVER['REQUEST_SCHEME'] = 'https';
+ $_SERVER['PHP_SELF'] = '/index.php';
+ $this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
+
+ $_SERVER['PHP_SELF'] = '/delete_user.php';
+ $this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
+ }
+
+ /**
+ * Test for exception thrown when env variable is set by mod_csrfprotector
+ */
+ public function testModCSRFPEnabledException()
+ {
+ putenv('mod_csrfp_enabled=true');
+ $temp = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = 'abc';
+ $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+
+ csrfProtector::$config = array();
+ csrfProtector::init();
+
+ // Assuming no config was added
+ $this->assertTrue(count(csrfProtector::$config) == 0);
+
+ // unset the env variable
+ putenv('mod_csrfp_enabled');
+ }
+
+ /**
+ * Test for exception thrown when init() method is called multiple times
+ */
+ public function testMultipleInitializeException()
+ {
+ csrfProtector::$config = array();
+ $this->assertTrue(count(csrfProtector::$config) == 0);
+
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ csrfProtector::init();
+
+ $this->assertTrue(count(csrfProtector::$config) == 11);
+ try {
+ csrfProtector::init();
+ $this->fail("alreadyInitializedException not raised");
+ } catch (alreadyInitializedException $ex) {
+ // pass
+ $this->assertTrue(true);
+ } catch (Exception $ex) {
+ $this->fail("exception other than alreadyInitializedException failed");
+ }
+ }
+}