Merge pull request #268 from mailcow/dev

Dev

data/Dockerfiles/clamav/Dockerfile

@@ -1,36 +1,44 @@
 FROM debian:stretch-slim
-MAINTAINER https://m-ko.de Markus Kosmal <code@cnfg.io>
+LABEL maintainer "https://m-ko.de Markus Kosmal <code@cnfg.io>"
 
 # Debian Base to use
 ENV DEBIAN_VERSION stretch
+ARG DEBIAN_FRONTEND=noninteractive
 
 # initial install of av daemon
 RUN echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION main contrib non-free" > /etc/apt/sources.list && \
-    echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \
-    echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \
-    apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y -qq \
-        clamav-daemon \
-        clamav-freshclam \
-        libclamunrar7 \
-        curl && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
+	echo "deb http://http.debian.net/debian/ $DEBIAN_VERSION-updates main contrib non-free" >> /etc/apt/sources.list && \
+	echo "deb http://security.debian.org/ $DEBIAN_VERSION/updates main contrib non-free" >> /etc/apt/sources.list && \
+	apt-get update && apt-get install -y -qq --no-install-recommends \
+		clamav-daemon \
+		clamav-freshclam \
+		libclamunrar7 \
+	&& rm -rf /var/lib/apt/lists/*
 
 # initial update of av databases
 COPY dl_files.sh /dl_files.sh
 RUN chmod +x /dl_files.sh
-RUN /dl_files.sh
+
+RUN set -ex; \
+	\
+	fetchDeps=' \
+		curl \
+	'; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends $fetchDeps; \
+	rm -rf /var/lib/apt/lists/*; \
+	/dl_files.sh \
+	apt-get purge -y --auto-remove $fetchDeps
 
 # permission juggling
 RUN mkdir /var/run/clamav && \
-    chown clamav:clamav /var/run/clamav && \
-    chmod 750 /var/run/clamav
+	chown clamav:clamav /var/run/clamav && \
+	chmod 750 /var/run/clamav
 
 # av configuration update
 RUN sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/clamd.conf && \
-    echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
-    sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf
+	echo "TCPSocket 3310" >> /etc/clamav/clamd.conf && \
+	sed -i 's/^Foreground .*$/Foreground true/g' /etc/clamav/freshclam.conf
 
 # port provision
 EXPOSE 3310

data/Dockerfiles/dovecot/Dockerfile

@@ -1,83 +1,86 @@
 FROM debian:stretch-slim
 #ubuntu:xenial
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV DOVECOT_VERSION 2.2.29.1
 ENV PIGEONHOLE_VERSION 0.4.18
 
-RUN apt-get update \
-	&& apt-get -y install libpam-dev \
-	default-libmysqlclient-dev \
-	lzma-dev \
-	liblz-dev \
-	libbz2-dev \
-	liblz4-dev \
-	liblzma-dev \
-	build-essential \
-	autotools-dev \
+RUN apt-get update && apt-get -y install \
 	automake \
-	syslog-ng \
-	syslog-ng-core \
+	autotools-dev \
+	build-essential \
 	ca-certificates \
-	supervisor \
-	wget \
+	cpanminus \
 	curl \
-	libssl-dev \
+	default-libmysqlclient-dev \
 	libauthen-ntlm-perl \
+	libbz2-dev \
 	libcrypt-ssleay-perl \
+	libdbd-mysql-perl \
+	libdbi-perl \
 	libdigest-hmac-perl \
 	libfile-copy-recursive-perl \
 	libio-compress-perl \
 	libio-socket-inet6-perl \
 	libio-socket-ssl-perl \
 	libio-tee-perl \
+	libipc-run-perl \
+	liblockfile-simple-perl \
+	liblz-dev \
+	liblz4-dev \
+	liblzma-dev \
 	libmodule-scandeps-perl \
 	libnet-ssleay-perl \
+	libpam-dev \
 	libpar-packer-perl \
 	libreadonly-perl \
+	libssl-dev \
 	libterm-readkey-perl \
 	libtest-pod-perl \
 	libtest-simple-perl \
 	libunicode-string-perl \
 	liburi-perl \
-	libdbi-perl \
-	liblockfile-simple-perl \
-	libdbd-mysql-perl \
-	libipc-run-perl \
+	lzma-dev \
 	make \
-	cpanminus
+	supervisor \
+	syslog-ng \
+	syslog-ng-core \
+	syslog-ng-mod-redis \
+	&& rm -rf /var/lib/apt/lists/*
 
 
-RUN wget https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz -O - | tar xvz  \
+RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
 	&& cd dovecot-$DOVECOT_VERSION \
 	&& ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
 	&& make -j3 \
 	&& make install \
-	&& make clean
+	&& make clean \
+	&& cd .. && rm -rf dovecot-$DOVECOT_VERSION
 
-RUN wget https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz -O - | tar xvz  \
+RUN curl https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz  \
 	&& cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
 	&& ./configure \
 	&& make -j3 \
 	&& make install \
-	&& make clean
+	&& make clean \
+	&& cd .. && rm -rf dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION
 
-RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
 RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
 RUN echo '* * * * *   root   /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync
 RUN echo '30 3 * * *   vmail  /usr/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
 
-COPY ./imapsync /usr/local/bin/imapsync
-COPY ./postlogin.sh /usr/local/bin/postlogin.sh
-COPY ./imapsync_cron.pl /usr/local/bin/imapsync_cron.pl
-COPY ./report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.sieve
-COPY ./report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.sieve
-COPY ./rspamd-pipe-ham /usr/local/lib/dovecot/sieve/rspamd-pipe-ham
-COPY ./rspamd-pipe-spam /usr/local/lib/dovecot/sieve/rspamd-pipe-spam
-COPY ./docker-entrypoint.sh /
-COPY ./supervisord.conf /etc/supervisor/supervisord.conf
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
+COPY imapsync /usr/local/bin/imapsync
+COPY postlogin.sh /usr/local/bin/postlogin.sh
+COPY imapsync_cron.pl /usr/local/bin/imapsync_cron.pl
+COPY report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.sieve
+COPY report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.sieve
+COPY rspamd-pipe-ham /usr/local/lib/dovecot/sieve/rspamd-pipe-ham
+COPY rspamd-pipe-spam /usr/local/lib/dovecot/sieve/rspamd-pipe-spam
+COPY docker-entrypoint.sh /
+COPY supervisord.conf /etc/supervisor/supervisord.conf
 
 RUN chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
 	/usr/local/lib/dovecot/sieve/rspamd-pipe-spam \
@@ -87,19 +90,18 @@ RUN chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
 
 RUN groupadd -g 5000 vmail \
 	&& groupadd -g 401 dovecot \
-    && groupadd -g 402 dovenull \
+	&& groupadd -g 402 dovenull \
 	&& useradd -g vmail -u 5000 vmail -d /var/vmail \
 	&& useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
 	&& useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull
 
+RUN touch /etc/default/locale
+
 EXPOSE 24 10001
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 
-RUN apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
+RUN rm -rf \
 	/tmp/* \
-	/var/tmp/* \
-	/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
-	/dovecot-$DOVECOT_VERSION
+	/var/tmp/*

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -71,5 +71,7 @@ sievec /usr/local/lib/dovecot/sieve/report-ham.sieve
 # Fix permissions
 chown -R vmail:vmail /var/vmail/sieve
 
+# Fix more than 1 hardlink issue
+touch /etc/crontab /etc/cron.*/*
 
 exec "$@"

data/Dockerfiles/dovecot/supervisord.conf

@@ -12,7 +12,7 @@ command=/usr/local/sbin/dovecot -F
 autorestart=true
 
 [program:logfiles]
-command=/usr/bin/tail -f /var/log/mail.log /var/log/syslog
+command=/usr/bin/tail -f /var/log/combined.log
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 

data/Dockerfiles/dovecot/syslog-ng.conf

@@ -0,0 +1,31 @@
+@version: 3.8
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+
+destination d_combined { file("/var/log/combined.log"); };
+destination d_redis {
+  redis(
+    host("redis-mailcow")
+    port(6379)
+    command("LPUSH" "DOVECOT_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+filter f_mail { facility(mail) and not filter(f_debug); };
+log {
+  source(s_src);
+  destination(d_combined);
+  filter(f_mail);
+  destination(d_redis);
+};

data/Dockerfiles/php-fpm/Dockerfile

@@ -1,14 +1,24 @@
 FROM php:7.1-fpm
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get update \
-        && apt-get install -y zlib1g-dev libicu-dev g++ libidn11-dev libxml2-dev
+RUN apt-get update && apt-get install -y \
+	g++ \
+	libicu-dev \
+	libidn11-dev \
+	libxml2-dev \
+	mysql-client \
+	redis-tools \
+	zlib1g-dev \
+	&& rm -rf /var/lib/apt/lists/*
 
 RUN docker-php-ext-configure intl
 RUN docker-php-ext-install intl pdo pdo_mysql xmlrpc
 RUN pear install channel://pear.php.net/Net_IDNA2-0.1.1 Auth_SASL Net_IMAP NET_SMTP Net_IDNA2 Mail_mime
+RUN pecl install -o -f redis \
+	&& rm -rf /tmp/pear \
+	&& docker-php-ext-enable redis
 
 COPY ./docker-entrypoint.sh /
 

data/Dockerfiles/php-fpm/docker-entrypoint.sh

@@ -4,4 +4,57 @@ set -e
 if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then	mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi
 if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi
 
+# Wait for containers
+
+while ! mysqladmin ping --host mysql --silent; do
+  sleep 2
+done
+
+until [ $(redis-cli -h redis-mailcow PING) == "PONG" ]; do
+  sleep 2
+done
+
+# Migrate domain map
+
+declare -a DOMAIN_ARR
+redis-cli -h redis-mailcow DEL DOMAIN_MAP
+while read line
+do
+  DOMAIN_ARR+=("$line")
+done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT domain FROM domain" -Bs)
+
+if [[ ! -z ${DOMAIN_ARR} ]]; then
+for domain in "${DOMAIN_ARR[@]}"; do
+  redis-cli -h redis-mailcow HSET DOMAIN_MAP ${domain} 1
+done
+fi
+
+# Migrate tag settings map
+
+declare -a SUBJ_TAG_ARR
+redis-cli -h redis-mailcow DEL SUBJ_TAG_ARR
+while read line
+do
+  SUBJ_TAG_ARR+=("$line")
+done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT username FROM mailbox WHERE wants_tagged_subject='1'" -Bs)
+
+if [[ ! -z ${SUBJ_TAG_ARR} ]]; then
+for user in "${SUBJ_TAG_ARR[@]}"; do
+  redis-cli -h redis-mailcow HSET RCPT_WANTS_SUBJECT_TAG ${user} 1
+  mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE mailbox SET wants_tagged_subject='2' WHERE username = '${user}'"
+done
+fi
+
+# Migrate DKIM keys
+
+for file in $(ls /data/dkim/keys/); do
+  domain=${file%.dkim}
+  if [[ -f /data/dkim/txt/${file} ]]; then
+    redis-cli -h redis-mailcow HSET DKIM_PUB_KEYS "${domain}" "$(cat /data/dkim/keys/${domain})"
+    redis-cli -h redis-mailcow HSET DKIM_PRIV_KEYS "${domain}" "$(cat /data/dkim/keys/${file})"
+    redis-cli -h redis-mailcow HSET DKIM_SELECTORS "${domain}" "dkim.${domain}"
+  fi
+  rm /data/dkim/{keys,txt}/${file}
+done
+
 exec "$@"

data/Dockerfiles/postfix/Dockerfile

@@ -1,7 +1,7 @@
 FROM debian:stretch-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 
 RUN dpkg-divert --local --rename --add /sbin/initctl \
@@ -9,31 +9,35 @@ RUN dpkg-divert --local --rename --add /sbin/initctl \
 	&& dpkg-divert --local --rename --add /usr/bin/ischroot \
 	&& ln -sf /bin/true /usr/bin/ischroot
 
-RUN apt-get update
-RUN apt-get install -y --no-install-recommends supervisor \
-	postfix \
-	sasl2-bin \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+	ca-certificates \
+	curl \
+	dirmngr \
+	gnupg \
 	libsasl2-modules \
 	postfix \
+	postfix \
 	postfix-mysql \
 	postfix-pcre \
-	syslog-ng \
-	syslog-ng-core \
-	ca-certificates \
-	gnupg \
 	python-gpgme \
+	sasl2-bin \
 	sudo \
-	curl \
-	dirmngr
+	supervisor \
+	syslog-ng \
+	syslog-ng-core \
+	syslog-ng-mod-redis \
+	&& rm -rf /var/lib/apt/lists/*
 
 RUN addgroup --system --gid 600 zeyple
 RUN adduser --system --home /var/lib/zeyple --no-create-home --uid 600 --gid 600 --disabled-login zeyple
 RUN touch /var/log/zeyple.log && chown zeyple: /var/log/zeyple.log
-RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
+
+RUN touch /etc/default/locale
 
 COPY zeyple.py /usr/local/bin/zeyple.py
 COPY zeyple.conf /etc/zeyple.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 COPY postfix.sh /opt/postfix.sh
 COPY whitelist_forwardinghosts.sh /usr/local/bin/whitelist_forwardinghosts.sh
 
@@ -41,4 +45,4 @@ EXPOSE 588
 
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*

data/Dockerfiles/postfix/supervisord.conf

@@ -12,7 +12,7 @@ command=/opt/postfix.sh
 autorestart=true
 
 [program:postfix-maillog]
-command=/bin/tail -f /var/log/zeyple.log /var/log/mail.log
+command=/bin/tail -f /var/log/zeyple.log /var/log/combined.log
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 

data/Dockerfiles/postfix/syslog-ng.conf

@@ -0,0 +1,31 @@
+@version: 3.8
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+
+destination d_combined { file("/var/log/combined.log"); };
+destination d_redis {
+  redis(
+    host("redis-mailcow")
+    port(6379)
+    command("LPUSH" "POSTFIX_MAILLOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+filter f_mail { facility(mail) and not filter(f_debug); };
+log {
+  source(s_src);
+  destination(d_combined);
+  filter(f_mail);
+  destination(d_redis);
+};

data/Dockerfiles/rmilter/Dockerfile

@@ -1,13 +1,18 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 
 RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
 	&& echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \
-	&& apt-get update \
-	&& apt-get --no-install-recommends -y --force-yes install rmilter cron syslog-ng syslog-ng-core supervisor
+	&& apt-get update && apt-get install -y --force-yes --no-install-recommends \
+		cron \
+		rmilter \
+		supervisor \
+		syslog-ng \
+		syslog-ng-core \
+	&& rm -rf /var/lib/apt/lists/*
 
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 
@@ -18,4 +23,4 @@ RUN touch /var/log/mail.log && chmod 640 /var/log/mail.log && chown root:adm /va
 
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*

data/Dockerfiles/rspamd/Dockerfile

@@ -1,24 +1,27 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 
 RUN apt-key adv --fetch-keys http://rspamd.com/apt-stable/gpg.key \
-    && echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \
-    && apt-get update \
-    && apt-get -y install rspamd ca-certificates python-pip
+	&& echo "deb http://rspamd.com/apt-stable/ jessie main" > /etc/apt/sources.list.d/rspamd.list \
+	&& apt-get update && apt-get install -y \
+		ca-certificates \
+		python-pip \
+		rspamd \
+	&& rm -rf /var/lib/apt/lists/*
 
 RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
 
 COPY settings.conf /etc/rspamd/modules.d/settings.conf
 COPY antivirus.conf /etc/rspamd/modules.d/antivirus.conf
-
+COPY dkim_signing.lua /usr/share/rspamd/lua/dkim_signing.lua
 RUN pip install -U oletools
 
 CMD /usr/bin/rspamd -f -u _rspamd -g _rspamd
 
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*
 
 USER _rspamd
 

data/Dockerfiles/rspamd/dkim_signing.lua

@@ -0,0 +1,286 @@
+--[[
+Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org>
+Copyright (c) 2016, Vsevolod Stakhov <vsevolod@highsecure.ru>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+]]--
+
+local rspamd_logger = require "rspamd_logger"
+local rspamd_util = require "rspamd_util"
+
+if confighelp then
+  return
+end
+
+local settings = {
+  allow_envfrom_empty = true,
+  allow_hdrfrom_mismatch = false,
+  allow_hdrfrom_mismatch_local = false,
+  allow_hdrfrom_mismatch_sign_networks = false,
+  allow_hdrfrom_multiple = false,
+  allow_username_mismatch = false,
+  auth_only = true,
+  domain = {},
+  path = string.format('%s/%s/%s', rspamd_paths['DBDIR'], 'dkim', '$domain.$selector.key'),
+  sign_local = true,
+  selector = 'dkim',
+  symbol = 'DKIM_SIGNED',
+  try_fallback = true,
+  use_domain = 'header',
+  use_esld = true,
+  use_redis = false,
+  key_prefix = 'dkim_keys', -- default hash name
+}
+
+local E = {}
+local N = 'dkim_signing'
+local redis_params
+
+local function simple_template(tmpl, keys)
+  local lpeg = require "lpeg"
+
+  local var_lit = lpeg.P { lpeg.R("az") + lpeg.R("AZ") + lpeg.R("09") + "_" }
+  local var = lpeg.P { (lpeg.P("$") / "") * ((var_lit^1) / keys) }
+  local var_braced = lpeg.P { (lpeg.P("${") / "") * ((var_lit^1) / keys) * (lpeg.P("}") / "") }
+
+  local template_grammar = lpeg.Cs((var + var_braced + 1)^0)
+
+  return lpeg.match(template_grammar, tmpl)
+end
+
+local function dkim_signing_cb(task)
+  local is_local, is_sign_networks
+  local auser = task:get_user()
+  local ip = task:get_from_ip()
+  if ip and ip:is_local() then
+    is_local = true
+  end
+  if settings.auth_only and not auser then
+    if (settings.sign_networks and settings.sign_networks:get_key(ip)) then
+      is_sign_networks = true
+      rspamd_logger.debugm(N, task, 'mail is from address in sign_networks')
+    elseif settings.sign_local and is_local then
+      rspamd_logger.debugm(N, task, 'mail is from local address')
+    else
+      rspamd_logger.debugm(N, task, 'ignoring unauthenticated mail')
+      return
+    end
+  end
+  local efrom = task:get_from('smtp')
+  if not settings.allow_envfrom_empty and
+      #(((efrom or E)[1] or E).addr or '') == 0 then
+    rspamd_logger.debugm(N, task, 'empty envelope from not allowed')
+    return false
+  end
+  local hfrom = task:get_from('mime')
+  if not settings.allow_hdrfrom_multiple and (hfrom or E)[2] then
+    rspamd_logger.debugm(N, task, 'multiple header from not allowed')
+    return false
+  end
+  local dkim_domain
+  local hdom = ((hfrom or E)[1] or E).domain
+  local edom = ((efrom or E)[1] or E).domain
+  if hdom then
+    hdom = hdom:lower()
+  end
+  if edom then
+    edom = edom:lower()
+  end
+  if settings.use_domain_sign_networks and is_sign_networks then
+    if settings.use_domain_sign_networks == 'header' then
+      dkim_domain = hdom
+    else
+      dkim_domain = edom
+    end
+  elseif settings.use_domain_local and is_local then
+    if settings.use_domain_local == 'header' then
+      dkim_domain = hdom
+    else
+      dkim_domain = edom
+    end
+  else
+    if settings.use_domain == 'header' then
+      dkim_domain = hdom
+    else
+      dkim_domain = edom
+    end
+  end
+  if not dkim_domain then
+    rspamd_logger.debugm(N, task, 'could not extract dkim domain')
+    return false
+  end
+  if settings.use_esld then
+    dkim_domain = rspamd_util.get_tld(dkim_domain)
+    if settings.use_domain == 'envelope' and hdom then
+      hdom = rspamd_util.get_tld(hdom)
+    elseif settings.use_domain == 'header' and edom then
+      edom = rspamd_util.get_tld(edom)
+    end
+  end
+  if edom and hdom and not settings.allow_hdrfrom_mismatch and hdom ~= edom then
+    if settings.allow_hdrfrom_mismatch_local and is_local then
+      rspamd_logger.debugm(N, task, 'domain mismatch allowed for local IP: %1 != %2', hdom, edom)
+    elseif settings.allow_hdrfrom_mismatch_sign_networks and is_sign_networks then
+      rspamd_logger.debugm(N, task, 'domain mismatch allowed for sign_networks: %1 != %2', hdom, edom)
+    else
+      rspamd_logger.debugm(N, task, 'domain mismatch not allowed: %1 != %2', hdom, edom)
+      return false
+    end
+  end
+  if auser and not settings.allow_username_mismatch then
+    local udom = string.match(auser, '.*@(.*)')
+    if not udom then
+      rspamd_logger.debugm(N, task, 'couldnt find domain in username')
+      return false
+    end
+    if settings.use_esld then
+      udom = rspamd_util.get_tld(udom)
+    end
+    if udom ~= dkim_domain then
+      rspamd_logger.debugm(N, task, 'user domain mismatch')
+      return false
+    end
+  end
+  local p = {}
+  if settings.domain[dkim_domain] then
+    p.selector = settings.domain[dkim_domain].selector
+    p.key = settings.domain[dkim_domain].path
+  end
+  if not (p.key and p.selector) and not
+    (settings.try_fallback or settings.use_redis or settings.selector_map or settings.path_map) then
+    rspamd_logger.debugm(N, task, 'dkim unconfigured and fallback disabled')
+    return false
+  end
+  if not p.key then
+    if not settings.use_redis then
+      p.key = settings.path
+    end
+  end
+  if not p.selector then
+    p.selector = settings.selector
+  end
+  p.domain = dkim_domain
+
+  if settings.selector_map then
+    local data = settings.selector_map:get_key(dkim_domain)
+    if data then
+      p.selector = data
+    end
+  end
+  if settings.path_map then
+    local data = settings.path_map:get_key(dkim_domain)
+    if data then
+      p.key = data
+    end
+  end
+
+  if settings.use_redis then
+    local function try_redis_key(selector)
+      p.key = nil
+      p.selector = selector
+      local rk = string.format('%s.%s', p.selector, p.domain)
+      local function redis_key_cb(err, data)
+        if err or type(data) ~= 'string' then
+          rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM key for %s: %s",
+            rk, err)
+        else
+          p.rawkey = data
+          if rspamd_plugins.dkim.sign(task, p) then
+            task:insert_result(settings.symbol, 1.0)
+          end
+        end
+      end
+      local ret = rspamd_redis_make_request(task,
+        redis_params, -- connect params
+        rk, -- hash key
+        false, -- is write
+        redis_key_cb, --callback
+        'HGET', -- command
+        {settings.key_prefix, rk} -- arguments
+      )
+      if not ret then
+        rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM key for %s", rk)
+      end
+    end
+    if settings.selector_prefix then
+      rspamd_logger.infox(rspamd_config, "Using selector prefix %s for domain %s", settings.selector_prefix, p.domain);
+      local function redis_selector_cb(err, data)
+        if err or type(data) ~= 'string' then
+          rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM selector for domain %s: %s", p.domain, err)
+        else
+          try_redis_key(data)
+        end
+      end
+      local ret = rspamd_redis_make_request(task,
+        redis_params, -- connect params
+        p.domain, -- hash key
+        false, -- is write
+        redis_selector_cb, --callback
+        'HGET', -- command
+        {settings.selector_prefix, p.domain} -- arguments
+      )
+      if not ret then
+        rspamd_logger.infox(rspamd_config, "cannot make request to load DKIM selector for %s", p.domain)
+      end
+    else
+      if not p.selector then
+        rspamd_logger.errx(task, 'No selector specified')
+        return false
+      end
+      try_redis_key(p.selector)
+    end
+  else
+    if (p.key and p.selector) then
+      p.key = simple_template(p.key, {domain = p.domain, selector = p.selector})
+      return rspamd_plugins.dkim.sign(task, p)
+    else
+      rspamd_logger.infox(task, 'key path or dkim selector unconfigured; no signing')
+      return false
+    end
+  end
+end
+
+local opts =  rspamd_config:get_all_opt('dkim_signing')
+if not opts then return end
+for k,v in pairs(opts) do
+  if k == 'sign_networks' then
+    settings[k] = rspamd_map_add(N, k, 'radix', 'DKIM signing networks')
+  elseif k == 'path_map' then
+    settings[k] = rspamd_map_add(N, k, 'map', 'Paths to DKIM signing keys')
+  elseif k == 'selector_map' then
+    settings[k] = rspamd_map_add(N, k, 'map', 'DKIM selectors')
+  else
+    settings[k] = v
+  end
+end
+if not (settings.use_redis or settings.path or settings.domain or settings.path_map or settings.selector_map) then
+  rspamd_logger.infox(rspamd_config, 'mandatory parameters missing, disable dkim signing')
+  return
+end
+if settings.use_redis then
+  redis_params = rspamd_parse_redis_server('dkim_signing')
+
+  if not redis_params then
+    rspamd_logger.errx(rspamd_config, 'no servers are specified, but module is configured to load keys from redis, disable dkim signing')
+    return
+  end
+end
+if settings.use_domain ~= 'header' and settings.use_domain ~= 'envelope' then
+  rspamd_logger.errx(rspamd_config, "Value for 'use_domain' is invalid")
+  settings.use_domain = 'header'
+end
+
+rspamd_config:register_symbol({
+  name = settings['symbol'],
+  callback = dkim_signing_cb
+})

data/Dockerfiles/rspamd/docker-entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then	mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi
+if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi
+
+# Migrate domain table to redis
+
+
+exec "$@"

data/Dockerfiles/sogo/Dockerfile

@@ -1,45 +1,52 @@
 FROM debian:jessie-slim
-MAINTAINER Andre Peters <andre.peters@servercow.de>
+LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
-ENV DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
 ENV GOSU_VERSION 1.9
 
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends apt-transport-https gnupg \
+RUN apt-get update && apt-get install -y --no-install-recommends \
+		apt-transport-https \
 		ca-certificates \
-		wget \
+		cron \
+		gnupg \
+		mysql-client \
+		supervisor \
 		syslog-ng \
 		syslog-ng-core \
-		supervisor \
-		mysql-client \
-		cron \
-    && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-    && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
-    && export GNUPGHOME="$(mktemp -d)" \
-    && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
-    && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
-    && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
-    && chmod +x /usr/local/bin/gosu \
-    && gosu nobody true
+		syslog-ng-mod-redis \
+		wget \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
+	&& wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
+	&& wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
+	&& export GNUPGHOME="$(mktemp -d)" \
+	&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
+	&& gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
+	&& rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
+	&& chmod +x /usr/local/bin/gosu \
+	&& gosu nobody true
 
 RUN mkdir /usr/share/doc/sogo
 RUN touch /usr/share/doc/sogo/empty.sh
 
 RUN apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 \
 	&& echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list \
-	&& apt-get update \
-	&& apt-get -y --force-yes install sogo sogo-activesync 
+	&& apt-get update && apt-get install -y --force-yes \
+		sogo \
+		sogo-activesync \
+	&& rm -rf /var/lib/apt/lists/*
 
-RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
-RUN echo '* * * * *   sogo   /usr/sbin/sogo-ealarms-notify' > /etc/cron.d/sogo
+RUN echo '* * * * *   sogo   /usr/sbin/sogo-ealarms-notify 2>/dev/null' > /etc/cron.d/sogo
 RUN echo '* * * * *   sogo   /usr/sbin/sogo-tool expire-sessions 60' >> /etc/cron.d/sogo
 RUN echo '0 0 * * *   sogo   /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds' >> /etc/cron.d/sogo
 
+RUN touch /etc/default/locale
+
 COPY ./reconf-domains.sh /
+COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 COPY supervisord.conf /etc/supervisor/supervisord.conf
 
 CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+RUN rm -rf /tmp/* /var/tmp/*

data/Dockerfiles/sogo/supervisord.conf

@@ -19,7 +19,7 @@ autorestart=true
 priority=10
 
 [program:sogo-syslog]
-command=/usr/bin/tail -f /var/log/syslog -f /var/log/sogo/sogo.log
+command=/usr/bin/tail -f /var/log/combined.log
 stdout_logfile=/dev/fd/1
 stdout_logfile_maxbytes=0
 

data/Dockerfiles/sogo/syslog-ng.conf

@@ -0,0 +1,37 @@
+@version: 3.5
+@include "scl.conf"
+options {
+  chain_hostnames(off);
+  flush_lines(0);
+  use_dns(no);
+  use_fqdn(no);
+  owner("root"); group("adm"); perm(0640);
+  stats_freq(0);
+  bad_hostname("^gconfd$");
+};
+source s_src {
+  unix-stream("/dev/log");
+  internal();
+};
+source s_sogo {
+  file("/var/log/sogo/sogo.log");
+};
+destination d_combined {
+  file("/var/log/combined.log");
+};
+destination d_redis {
+  redis(
+    host("redis-mailcow")
+    port(6379)
+    command("LPUSH" "SOGO_LOG" "$(format-json time=\"$S_UNIXTIME\" priority=\"$PRIORITY\" program=\"$PROGRAM\" message=\"$MESSAGE\")\n")
+  );
+};
+log {
+  source(s_sogo);
+  source(s_src);
+  destination(d_combined);
+};
+log {
+  source(s_sogo);
+  destination(d_redis);
+};

data/conf/dovecot/dovecot.conf

@@ -1,6 +1,6 @@
 auth_mechanisms = plain login
 #mail_debug = yes
-log_path = /var/log/mail.log
+log_path = syslog
 disable_plaintext_auth = yes
 # Uncomment on NFS share
 #mmap_disable = yes

data/conf/dovecot/sieve_after

@@ -9,16 +9,13 @@ if header :contains "X-Spam-Flag" "YES" {
 }
 
 if allof (
-  envelope :detail :matches "to" "*",
-  header :contains "X-Moo-Tag" "YES",
-  mailboxexists "INBOX/${s}"
-  ) {
-    fileinto "INBOX/${s}";
-}
-elsif allof (
   envelope :detail :matches "to" "*",
   header :contains "X-Moo-Tag" "YES"
   ) {
-    set :lower "s" "${1}";
-    fileinto :create "INBOX/${s}";
+  set :lower :upperfirst "tag" "${1}";
+  if mailboxexists "INBOX/${1}" {
+    fileinto "INBOX/${1}";
+  } else {
+    fileinto :create "INBOX/${tag}";
+  }
 }

data/conf/rspamd/dynmaps/authoritative.php

@@ -1,34 +0,0 @@
-<?php
-require_once "vars.inc.php";
-ini_set('error_reporting', 0);
-$has_object = 0;
-header('Content-Type: text/plain');
-$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
-$opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-];
-try {
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT `domain` FROM `domain`");
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  while ($row = array_shift($rows)) {
-    $has_object = 1;
-    echo strtolower(trim($row['domain'])) . PHP_EOL;
-  }
-  $stmt = $pdo->query("SELECT `alias_domain` FROM `alias_domain`");
-  $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  while ($row = array_shift($rows)) {
-    $has_object = 1;
-    echo strtolower(trim($row['alias_domain'])) . PHP_EOL;
-  }
-  if ($has_object == 0) {
-    echo "dummy@domain.local";
-  }
-}
-catch (PDOException $e) {
-  echo "dummy@domain.local";
-  exit;
-}
-?>

data/conf/rspamd/dynmaps/forwardinghosts.php

@@ -1,56 +1,44 @@
 <?php
 header('Content-Type: text/plain');
-require_once "vars.inc.php";
-
 ini_set('error_reporting', 0);
 
-function in_net($addr, $net)
-{
-	$net = explode('/', $net);
-	if (count($net) > 1)
-		$mask = $net[1];
-	$net = inet_pton($net[0]);
-	$addr = inet_pton($addr);
-
-	$length = strlen($net); // 4 for IPv4, 16 for IPv6
-	if (strlen($net) != strlen($addr))
-		return FALSE;
-	if (!isset($mask))
-		$mask = $length * 8;
+$redis = new Redis();
+$redis->connect('redis-mailcow', 6379);
 
-	$addr_bin = '';
-	$net_bin = '';
-	for ($i = 0; $i < $length; ++$i)
-	{
-		$addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
-		$net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
-	}
-
-	return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
+function in_net($addr, $net) {
+  $net = explode('/', $net);
+  if (count($net) > 1) {
+    $mask = $net[1];
+  }
+  $net = inet_pton($net[0]);
+  $addr = inet_pton($addr);
+  $length = strlen($net); // 4 for IPv4, 16 for IPv6
+  if (strlen($net) != strlen($addr)) {
+    return false;
+  }
+  if (!isset($mask)) {
+    $mask = $length * 8;
+  }
+  $addr_bin = '';
+  $net_bin = '';
+  for ($i = 0; $i < $length; ++$i) {
+    $addr_bin .= str_pad(decbin(ord(substr($addr, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+    $net_bin .= str_pad(decbin(ord(substr($net, $i, $i+1))), 8, '0', STR_PAD_LEFT);
+  }
+  return substr($addr_bin, 0, $mask) == substr($net_bin, 0, $mask);
 }
 
-$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
-$opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-];
 try {
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT host FROM `forwarding_hosts`");
-  $networks = $stmt->fetchAll(PDO::FETCH_COLUMN);
-  foreach ($networks as $network)
-  {
-    if (in_net($_GET['host'], $network))
-    {
-      echo '200 permit';
+  foreach ($redis->hGetAll('WHITELISTED_FWD_HOST') as $host => $source) {
+    if (in_net($_GET['host'], $host)) {
+      echo '200 PERMIT';
       exit;
     }
   }
-  echo '200 dunno';
+  echo '200 DUNNO';
 }
-catch (PDOException $e) {
-  echo '200 dunno';
+catch (RedisException $e) {
+  echo '200 DUNNO';
   exit;
 }
 ?>

data/conf/rspamd/dynmaps/settings.php

@@ -32,35 +32,11 @@ catch (PDOException $e) {
 ?>
 settings {
 <?php
-try {
-	$stmt = $pdo->query("SELECT `host` FROM `forwarding_hosts`");
-	$rows = $stmt->fetchAll(PDO::FETCH_COLUMN);
-}
-catch (PDOException $e) {
-	$rows = array();
-}
 
-if ($rows)
-{
-?>
-	whitelist_forwarding_hosts {
-		priority = high;
-<?php
-foreach ($rows as $host) {
-	echo "\t\t" . 'ip = "' . $host . '";' . "\n";
-}
-?>
-		apply "default" {
-			actions {
-				reject = 999.9;
-			}
-		}
-		symbols [
-			"WHITELIST_FORWARDING_HOST"
-		]
-	}
-<?php
-}
+/*
+// Start custom scores for users
+*/
+
 $stmt = $pdo->query("SELECT DISTINCT `object` FROM `filterconf` WHERE `option` = 'highspamlevel' OR `option` = 'lowspamlevel'");
 $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
@@ -343,4 +319,4 @@ while ($row = array_shift($rows)) {
 <?php
 }
 ?>
-}
+}

data/conf/rspamd/dynmaps/tags.php

@@ -1,41 +0,0 @@
-<?php
-require_once "vars.inc.php";
-ini_set('error_reporting', 0);
-$has_object = 0;
-header('Content-Type: text/plain');
-$dsn = $database_type . ':host=' . $database_host . ';dbname=' . $database_name;
-$opt = [
-    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
-    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
-    PDO::ATTR_EMULATE_PREPARES   => false,
-];
-try {
-  $pdo = new PDO($dsn, $database_user, $database_pass, $opt);
-  $stmt = $pdo->query("SELECT `username` FROM `mailbox` WHERE `wants_tagged_subject` = '1'");
-  $rows_a = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  while ($row_a = array_shift($rows_a)) {
-    $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` REGEXP :username AND goto != `address` AND `address` NOT LIKE '@%'");
-    $stmt->execute(array(':username' => '(^|,)'.$row_a['username'].'($|,)'));
-    $rows_a_a = $stmt->fetchAll(PDO::FETCH_ASSOC);
-    while ($row_a_a = array_shift($rows_a_a)) {
-      echo strtolower(trim($row_a_a['address'])) . PHP_EOL;
-    }
-    $has_object = 1;
-    echo strtolower(trim($row_a['username'])) . PHP_EOL;
-  }
-  $stmt = $pdo->query("SELECT CONCAT(`mailbox`.`local_part`, '@', `alias_domain`.`alias_domain`) AS `tag_ad` FROM `mailbox`
-    INNER JOIN `alias_domain` ON `mailbox`.`domain` = `alias_domain`.`target_domain` WHERE `mailbox`.`wants_tagged_subject` = '1';");
-  $rows_b = $stmt->fetchAll(PDO::FETCH_ASSOC);
-  while ($row_b = array_shift($rows_b)) {
-    $has_object = 1;
-    echo strtolower(trim($row_b['tag_ad'])) . PHP_EOL;
-  }
-  if ($has_object == 0) {
-    echo "dummy@domain.local";
-  }
-}
-catch (PDOException $e) {
-  echo "dummy@domain.local";
-  exit;
-}
-?>

data/conf/rspamd/local.d/dkim_signing.conf

@@ -23,6 +23,8 @@ use_domain = "envelope";
 # Whether to normalise domains to eSLD
 use_esld = false;
 # Whether to get keys from Redis
-use_redis = false;
+use_redis = true;
 # Hash for DKIM keys in Redis
-hash_key = "DKIM_KEYS";
+key_prefix = "DKIM_PRIV_KEYS";
+# Selector map
+selector_prefix = "DKIM_SELECTORS";

data/conf/rspamd/local.d/force_actions.conf

@@ -9,4 +9,14 @@ rules {
     expression = "CLAM_VIRUS & !MAILCOW_WHITE";
     honor_action = ["reject"];
   }
+  WHITELIST_FORWARDING_HOST_NO_REJECT {
+    action = "add header";
+    expression = "WHITELISTED_FWD_HOST";
+    require_action = ["soft reject", "reject"];
+  }
+  WHITELIST_FORWARDING_HOST_NO_GREYLIST {
+    action = "no action";
+    expression = "WHITELISTED_FWD_HOST";
+    require_action = ["greylist"];
+  }
 }

data/conf/rspamd/local.d/multimap.conf

@@ -0,0 +1,22 @@
+RCPT_MAILCOW_DOMAIN {
+  type = "rcpt";
+  filter = "email:domain"
+  map = "redis://DOMAIN_MAP"
+}
+
+RCPT_WANTS_SUBJECT_TAG {
+  type = "rcpt";
+  filter = "email:addr"
+  map = "redis://RCPT_WANTS_SUBJECT_TAG"
+}
+
+WHITELISTED_FWD_HOST {
+  type = "ip";
+  map = "redis://WHITELISTED_FWD_HOST"
+}
+
+KEEP_SPAM {
+  type = "ip";
+  map = "redis://KEEP_SPAM"
+  action = "accept";
+}

data/conf/rspamd/lua/rspamd.local.lua

@@ -13,12 +13,9 @@ modify_subject_map = rspamd_config:add_map({
   description = 'Map of users to use subject tags for'
 })
 
-auth_domain_map = rspamd_config:add_map({
-  url = 'http://172.22.1.251:8081/authoritative.php',
-  type = 'map',
-  description = 'Map of domains we are authoritative for'
-})
-
+local redis_params
+redis_params = rspamd_parse_redis_server('tag_settings')
+if redis_params then
 rspamd_config:register_symbol({
   name = 'TAG_MOO',
   type = 'postfilter',
@@ -27,12 +24,14 @@ rspamd_config:register_symbol({
     local rspamd_logger = require "rspamd_logger"
 
     local tagged_rcpt = task:get_symbol("TAGGED_RCPT")
+    local mailcow_domain = task:get_symbol("RCPT_MAILCOW_DOMAIN")
+
     local user = task:get_recipients(0)[1]['user']
     local domain = task:get_recipients(0)[1]['domain']
     local rcpt = user .. '@' .. domain
-    local authdomain = auth_domain_map:get_key(domain)
 
-    if tagged_rcpt then
+
+    if tagged_rcpt and mailcow_domain then
       local tag = tagged_rcpt[1].options[1]
       rspamd_logger.infox("found tag: %s", tag)
       local action = task:get_metric_action('default')
@@ -44,32 +43,27 @@ rspamd_config:register_symbol({
         return true
       end
 
-      if authdomain then
-        rspamd_logger.infox("found mailcow domain %s", domain)
-        rspamd_logger.infox("querying tag settings for user %s", rcpt)
+      local wants_subject_tag = task:get_symbol("RCPT_WANTS_SUBJECT_TAG")
 
-        if modify_subject_map:get_key(rcpt) then
-          rspamd_logger.infox("user wants subject modified for tagged mail")
-          local sbj = task:get_header('Subject')
-          new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
-          task:set_rmilter_reply({
-            remove_headers = {['Subject'] = 1},
-            add_headers = {['Subject'] = new_sbj}
-          })
-        else
-          rspamd_logger.infox("Add X-Moo-Tag header")
-          task:set_rmilter_reply({
-            add_headers = {['X-Moo-Tag'] = 'YES'}
-          })
-        end
+      if wants_subject_tag then
+        rspamd_logger.infox("user wants subject modified for tagged mail")
+        local sbj = task:get_header('Subject')
+        new_sbj = '=?UTF-8?B?' .. tostring(util.encode_base64('[' .. tag .. '] ' .. sbj)) .. '?='
+        task:set_rmilter_reply({
+          remove_headers = {['Subject'] = 1},
+          add_headers = {['Subject'] = new_sbj}
+        })
       else
-        rspamd_logger.infox("skip delimiter handling for unknown domain")
+        rspamd_logger.infox("Add X-Moo-Tag header")
+        task:set_rmilter_reply({
+          add_headers = {['X-Moo-Tag'] = 'YES'}
+        })
       end
-      return false
     end
   end,
   priority = 10
 })
+end
 
 rspamd_config.MRAPTOR = {
   callback = function(task)

data/web/add.php

@@ -21,6 +21,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 ?>
 				<h4><?=$lang['add']['domain'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" value="0" name="backupmx">
+					<input type="hidden" value="0" name="relay_all_recipients">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="domain"><?=$lang['add']['domain'];?>:</label>
 						<div class="col-sm-10">
@@ -61,9 +64,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<label class="control-label col-sm-2"><?=$lang['add']['backup_mx_options'];?></label>
 						<div class="col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="backupmx"> <?=$lang['add']['relay_domain'];?></label>
+							<label><input type="checkbox" value="1" name="backupmx"> <?=$lang['add']['relay_domain'];?></label>
 							<br />
-							<label><input type="checkbox" name="relay_all_recipients"> <?=$lang['add']['relay_all'];?></label>
+							<label><input type="checkbox" value="1" name="relay_all_recipients"> <?=$lang['add']['relay_all'];?></label>
 							<p><?=$lang['add']['relay_all_info'];?></p>
 							</div>
 						</div>
@@ -71,7 +74,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -89,6 +92,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				<h4><?=$lang['add']['alias'];?></h4>
 				<p><?=$lang['add']['alias_spf_fail'];?></p>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="address"><?=$lang['add']['alias_address'];?></label>
 						<div class="col-sm-10">
@@ -106,7 +110,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -122,6 +126,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 	?>
 				<h4><?=$lang['add']['alias_domain'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="alias_domain"><?=$lang['add']['alias_domain'];?></label>
 						<div class="col-sm-10">
@@ -144,7 +149,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -160,6 +165,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 	?>
 				<h4><?=$lang['add']['mailbox'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="local_part"><?=$lang['add']['mailbox_username'];?></label>
 						<div class="col-sm-10">
@@ -169,7 +175,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="domain"><?=$lang['add']['domain'];?>:</label>
 						<div class="col-sm-10">
-							<select id="addSelectDomain" name="domain" id="domain" title="<?=$lang['add']['select'];?>" required>
+							<select id="addSelectDomain" name="domain" id="domain" required>
 							<?php
               foreach (mailbox_get_domains() as $domain) {
 								echo "<option>".htmlspecialchars($domain)."</option>";
@@ -207,7 +213,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -223,6 +229,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 	?>
 				<h4><?=$lang['add']['resource'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" value="0" name="multiple_bookings">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
 						<div class="col-sm-10">
@@ -254,14 +262,14 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="multiple_bookings" checked> <?=$lang['add']['multiple_bookings'];?></label>
+							<label><input type="checkbox" value="1" name="multiple_bookings" checked> <?=$lang['add']['multiple_bookings'];?></label>
 							</div>
 						</div>
 					</div>
@@ -285,6 +293,9 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 				<h4><?=$lang['add']['syncjob'];?></h4>
 				<p><?=$lang['add']['syncjob_hint'];?></p>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" value="0" name="delete1">
+					<input type="hidden" value="0" name="delete2duplicates">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="host1"><?=$lang['add']['hostname'];?></label>
 						<div class="col-sm-10">
@@ -346,27 +357,27 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete2duplicates" checked> <?=$lang['add']['delete2duplicates'];?></label>
+							<label><input type="checkbox" value="1" name="delete2duplicates" checked> <?=$lang['add']['delete2duplicates'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete1"> <?=$lang['add']['delete1'];?></label>
+							<label><input type="checkbox" value="1" name="delete1"> <?=$lang['add']['delete1'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" checked> <?=$lang['add']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" checked> <?=$lang['add']['active'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
-							<button type="submit" name="add_syncjob" value="1" class="btn btn-success "><?=$lang['add']['save'];?></button>
+							<button type="submit" name="add_syncjob" class="btn btn-success "><?=$lang['add']['save'];?></button>
 						</div>
 					</div>
 				</form>

data/web/admin.php

@@ -7,9 +7,21 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
 $tfa_data = get_tfa();
 ?>
 <div class="container">
-  <h4><span class="glyphicon glyphicon-user" aria-hidden="true"></span> <?=$lang['admin']['access'];?></h4>
 
-  <div class="panel-group" id="accordion_access">
+  <ul class="nav nav-tabs" role="tablist">
+    <li role="presentation" class="active">
+      <a href="#tab-access" aria-controls="tab-access" role="tab" data-toggle="tab"><?=$lang['admin']['access'];?></a>
+    </li>
+    <li role="presentation">
+      <a href="#tab-config" aria-controls="tab-config" role="tab" data-toggle="tab"><?=$lang['admin']['configuration'];?></a>
+    </li>
+    <li role="presentation">
+      <a href="#tab-logs" aria-controls="tab-logs" role="tab" data-toggle="tab"><?=$lang['admin']['logs'];?></a>
+    </li>
+  </ul>
+
+  <div class="tab-content" style="padding-top:20px">
+  <div role="tabpanel" class="tab-pane active" id="tab-access">
     <div class="panel panel-danger">
       <div class="panel-heading"><?=$lang['admin']['admin_details'];?></div>
       <div class="panel-body">
@@ -82,57 +94,13 @@ $tfa_data = get_tfa();
         <div class="panel-body">
           <form method="post">
             <div class="table-responsive">
-            <table class="table table-striped" id="domainadminstable">
-              <thead>
-              <tr>
-                <th style="min-width: 100px;"><?=$lang['admin']['username'];?></th>
-                <th style="min-width: 166px;"><?=$lang['admin']['admin_domains'];?></th>
-                <th style="min-width: 76px;"><?=$lang['admin']['active'];?></th>
-                <th style="min-width: 76px;"><?=$lang['tfa']['tfa'];?></th>
-                <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
-              </tr>
-              </thead>
-              <tbody>
-                <?php
-                foreach (get_domain_admins() as $domain_admin) {
-                  $da_data = get_domain_admin_details($domain_admin); 
-                  if (!empty($da_data)):
-                ?>
-                <tr id="data">
-                  <td><?=htmlspecialchars(strtolower($domain_admin));?></td>
-                  <td>
-                  <?php
-                  foreach ($da_data['selected_domains'] as $domain) {
-                    echo htmlspecialchars($domain).'<br />';
-                  }
-                  ?>
-                  </td>
-                  <td><?=$da_data['active'];?></td>
-                  <td><?=empty($da_data['tfa_active_int']) ? "✘" : "✔";?></td>
-                  <td style="text-align: right;">
-                    <div class="btn-group">
-                      <a href="edit.php?domainadmin=<?=$domain_admin;?>" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> <?=$lang['admin']['edit'];?></a>
-                      <a href="delete.php?domainadmin=<?=$domain_admin;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
-                    </div>
-                  </td>
-                  </td>
-                </tr>
-
-                <?php
-                else:
-                ?>
-                  <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
-                <?php
-                endif;
-                }
-                ?>
-              </tbody>
-            </table>
+            <table class="table table-striped" id="domainadminstable"></table>
             </div>
           </form>
           <small>
           <legend><?=$lang['admin']['add_domain_admin'];?></legend>
           <form class="form-horizontal" role="form" method="post">
+            <input type="hidden" value="0" name="active">
             <div class="form-group">
               <label class="control-label col-sm-2" for="username"><?=$lang['admin']['username'];?>:</label>
               <div class="col-sm-10">
@@ -167,7 +135,7 @@ $tfa_data = get_tfa();
             <div class="form-group">
               <div class="col-sm-offset-2 col-sm-10">
                 <div class="checkbox">
-                <label><input type="checkbox" name="active" checked> <?=$lang['admin']['active'];?></label>
+                <label><input type="checkbox" value="1" name="active" checked> <?=$lang['admin']['active'];?></label>
                 </div>
               </div>
             </div>
@@ -183,189 +151,201 @@ $tfa_data = get_tfa();
     </div>
   </div>
 
-  <h4><span class="glyphicon glyphicon-wrench" aria-hidden="true"></span> <?=$lang['admin']['configuration'];?></h4>
 
-  <div class="panel-group" id="accordion_access">
-
-  <div class="panel panel-default">
-  <div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
-  <div class="panel-body">
-    <p style="margin-bottom:40px"><?=$lang['admin']['dkim_key_hint'];?></p>
-    <?php
-    foreach(mailbox_get_domains() as $domain) {
-        if (!empty($dkim = dkim_get_key_details($domain))) {
-      ?>
-        <div class="row">
-          <div class="col-xs-3">
-            <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br />
-              <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
-              <span class="label label-info"><?=$dkim['length'];?> bit</span>
-            </p>
-          </div>
-          <div class="col-xs-8">
-              <pre><?=$dkim['dkim_txt'];?></pre>
-          </div>
-          <div class="col-xs-1">
-            <form class="form-inline" method="post">
-              <input type="hidden" name="domain" value="<?=$domain;?>">
-              <input type="hidden" name="dkim_delete_key" value="1">
-                <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
-            </form>
+  <div role="tabpanel" class="tab-pane" id="tab-config">
+    <div class="panel panel-default">
+      <div class="panel-heading"><?=$lang['admin']['dkim_keys'];?></div>
+      <div class="panel-body">
+        <div class="mass-actions-admin">
+          <div class="btn-group btn-group-sm">
+            <button type="button" id="toggle_multi_select_all" data-id="dkim" class="btn btn-default"><?=$lang['mailbox']['toggle_all'];?></button>
+            <button type="button" id="delete_selected" name="delete_selected" data-id="dkim" data-api-url="delete/dkim" class="btn btn-danger"><?=$lang['admin']['remove'];?></button>
           </div>
         </div>
-      <?php
-      }
-      else {
-      ?>
-      <div class="row">
-        <div class="col-xs-3">
-          <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
-        </div>
-        <div class="col-xs-8"><pre>-</pre></div>
-        <div class="col-xs-1">&nbsp;</div>
-      </div>
-      <?php
-      }
-      foreach(mailbox_get_alias_domains($domain) as $alias_domain) {
-        if (!empty($dkim = dkim_get_key_details($alias_domain))) {
-        ?>
+        <?php
+        foreach(mailbox_get_domains() as $domain) {
+            if (!empty($dkim = dkim_get_key_details($domain))) {
+          ?>
+            <div class="row">
+              <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" /></div>
+              <div class="col-xs-2">
+                <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br />
+                  <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
+                  <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
+                  <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                </p>
+              </div>
+              <div class="col-xs-9">
+                  <pre><?=$dkim['dkim_txt'];?></pre>
+              </div>
+            </div>
+          <?php
+          }
+          else {
+          ?>
           <div class="row">
-            <div class="col-xs-offset-1 col-xs-2">
-              <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small>
-                <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
-                <span class="label label-info"><?=$dkim['length'];?> bit</span>
-            </p>
+              <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" disabled /></div>
+            <div class="col-xs-2">
+              <p>Domain: <strong><?=htmlspecialchars($domain);?></strong><br /><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
             </div>
-            <div class="col-xs-8">
-              <pre><?=$dkim['dkim_txt'];?></pre>
+            <div class="col-xs-9"><pre>-</pre></div>
+          </div>
+          <?php
+          }
+          foreach(mailbox_get_alias_domains($domain) as $alias_domain) {
+            if (!empty($dkim = dkim_get_key_details($alias_domain))) {
+            ?>
+              <div class="row">
+              <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$alias_domain;?>" /></div>
+                <div class="col-xs-1 col-xs-offset-1">
+                  <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small>
+                    <span class="label label-success"><?=$lang['admin']['dkim_key_valid'];?></span>
+                    <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
+                    <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                </p>
+                </div>
+                <div class="col-xs-9">
+                  <pre><?=$dkim['dkim_txt'];?></pre>
+                </div>
+              </div>
+            <?php
+            }
+            else {
+            ?>
+            <div class="row">
+              <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$domain;?>" disabled /></div>
+              <div class="col-xs-1 col-xs-offset-1">
+                <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
+              </div>
+            <div class="col-xs-9"><pre>-</pre></div>
             </div>
-            <div class="col-xs-1">
-              <form class="form-inline" method="post">
-                <input type="hidden" name="domain" value="<?=$alias_domain;?>">
-                <input type="hidden" name="dkim_delete_key" value="1">
-                <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
-              </form>
+            <?php
+            }
+          }
+        }
+        foreach(dkim_get_blind_keys() as $blind) {
+          if (!empty($dkim = dkim_get_key_details($blind))) {
+          ?>
+            <div class="row">
+              <div class="col-xs-1"><input type="checkbox" data-id="dkim" name="multi_select" value="<?=$blind;?>" /></div>
+              <div class="col-xs-2">
+                <p>Domain: <strong><?=htmlspecialchars($blind);?></strong><br />
+                  <span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span>
+                  <span class="label label-primary">Selector '<?=$dkim['dkim_selector'];?>'</span>
+                  <span class="label label-info"><?=$dkim['length'];?> bit</span>
+                </p>
+                </div>
+                <div class="col-xs-9">
+                  <pre><?=$dkim['dkim_txt'];?></pre>
+                </div>
             </div>
-          </div>
-        <?php
+          <?php
+          }
         }
-        else {
         ?>
-        <div class="row">
-          <div class="col-xs-2 col-xs-offset-1">
-            <p><small>↳ Alias-Domain: <strong><?=htmlspecialchars($alias_domain);?></strong><br /></small><span class="label label-danger"><?=$lang['admin']['dkim_key_missing'];?></span></p>
+
+        <legend style="margin-top:40px"><?=$lang['admin']['dkim_add_key'];?></legend>
+        <form class="form-inline" role="form" method="post">
+          <div class="form-group">
+            <label for="domain">Domain</label>
+            <input class="form-control" id="domain" name="domain" placeholder="example.org" required>
+          </div>
+          <div class="form-group">
+            <label for="domain">Selector</label>
+            <input class="form-control" id="dkim_selector" name="dkim_selector" value="dkim" required>
+          </div>
+          <div class="form-group">
+            <select data-width="200px" class="form-control" id="key_size" name="key_size" title="<?=$lang['admin']['dkim_key_length'];?>" required>
+              <option data-subtext="bits">1024</option>
+              <option data-subtext="bits">2048</option>
+            </select>
+          </div>
+          <button type="submit" name="dkim_add_key" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
+        </form>
+      </div>
+    </div>
+    
+    <div class="panel panel-default">
+      <div class="panel-heading"><?=$lang['admin']['forwarding_hosts'];?></div>
+      <div class="panel-body">
+        <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
+        <div class="mass-actions-admin">
+          <div class="btn-group btn-group-sm">
+            <button type="button" id="toggle_multi_select_all" data-id="fwdhosts" class="btn btn-default"><?=$lang['mailbox']['toggle_all'];?></button>
+            <button type="button" id="delete_selected" name="delete_selected" data-id="fwdhosts" data-api-url="delete/fwdhost" class="btn btn-danger"><?=$lang['admin']['remove'];?></button>
           </div>
-        <div class="col-xs-8"><pre>-</pre></div>
-        <div class="col-xs-1">&nbsp;</div>
         </div>
-        <?php
-        }
-      }
-    }
-    foreach(dkim_get_blind_keys() as $blind) {
-      if (!empty($dkim = dkim_get_key_details($blind))) {
-      ?>
-        <div class="row">
-          <div class="col-xs-3">
-            <p>Domain: <strong><?=htmlspecialchars($blind);?></strong><br /><span class="label label-warning"><?=$lang['admin']['dkim_key_unused'];?></span></p>
+        <div class="table-responsive">
+          <table class="table table-striped" id="forwardinghoststable"></table>
+        </div>
+        <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
+        <p class="help-block"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
+        <form class="form-inline" role="form" method="post">
+          <div class="form-group">
+            <label for="hostname"><?=$lang['admin']['host'];?></label>
+            <input class="form-control" id="hostname" name="hostname" placeholder="example.org" required>
           </div>
-            <div class="col-xs-8">
-              <pre><?=$dkim['dkim_txt'];?></pre>
-            </div>
-            <div class="col-xs-1">
-              <form class="form-inline" method="post">
-                <input type="hidden" name="domain" value="<?=$blind;?>">
-                <input type="hidden" name="dkim_delete_key" value="1">
-                <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="top" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
-              </form>
-            </div>
+          <div class="form-group">
+            <select data-width="200px" class="form-control" id="filter_spam" name="filter_spam" title="<?=$lang['user']['spamfilter'];?>" required>
+              <option value="1"><?=$lang['admin']['active'];?></option>
+              <option value="0"><?=$lang['admin']['inactive'];?></option>
+            </select>
+          </div>
+          <button type="submit" name="add_forwarding_host" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
+        </form>
+      </div>
+    </div>
+  </div>
+
+  <div role="tabpanel" class="tab-pane" id="tab-logs">
+    <div class="panel panel-default">
+      <div class="panel-heading">Dovecot
+        <div class="btn-group pull-right">
+          <a class="btn btn-xs btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['admin']['action'];?> <span class="caret"></span></a>
+          <ul class="dropdown-menu">
+            <li><a href="#" id="refresh_dovecot_log"><?=$lang['admin']['refresh'];?></a></li>
+          </ul>
+        </div>
+      </div>
+      <div class="panel-body">
+        <div class="table-responsive">
+          <table class="table table-striped" id="dovecot_log"></table>
         </div>
-      <?php
-      }
-    }
-    ?>
-    <legend style="margin-top:40px"><?=$lang['admin']['dkim_add_key'];?></legend>
-    <form class="form-inline" role="form" method="post">
-      <div class="form-group">
-        <label for="domain">Domain</label>
-        <input class="form-control" id="domain" name="domain" placeholder="example.org" required>
       </div>
-      <div class="form-group">
-        <select data-width="200px" class="form-control" id="key_size" name="key_size" title="<?=$lang['admin']['dkim_key_length'];?>" required>
-          <option data-subtext="bits">1024</option>
-          <option data-subtext="bits">2048</option>
-        </select>
+    </div>
+    <div class="panel panel-default">
+      <div class="panel-heading">Postfix
+        <div class="btn-group pull-right">
+          <a class="btn btn-xs btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['admin']['action'];?> <span class="caret"></span></a>
+          <ul class="dropdown-menu">
+            <li><a href="#" id="refresh_postfix_log"><?=$lang['admin']['refresh'];?></a></li>
+          </ul>
+        </div>
       </div>
-      <button type="submit" name="dkim_add_key" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> <?=$lang['admin']['add'];?></button>
-    </form>
-  </div>
-  </div>
-  
-  <div class="panel panel-default">
-    <div class="panel-heading"><?=$lang['admin']['forwarding_hosts'];?></div>
-    <div class="panel-body">
-      <p style="margin-bottom:40px"><?=$lang['admin']['forwarding_hosts_hint'];?></p>
-      <form method="post">
+      <div class="panel-body">
         <div class="table-responsive">
-        <table class="table table-striped" id="forwardinghoststable">
-          <thead>
-          <tr>
-            <th style="min-width: 100px;"><?=$lang['edit']['host'];?></th>
-            <th style="min-width: 100px;"><?=$lang['edit']['source'];?></th>
-            <th style="text-align: right; min-width: 200px;"><?=$lang['admin']['action'];?></th>
-          </tr>
-          </thead>
-          <tbody>
-            <?php
-            $forwarding_hosts = get_forwarding_hosts();
-            if ($forwarding_hosts) {
-              foreach ($forwarding_hosts as $host) {
-                $source = $host->source;
-                $host = $host->host;
-              ?>
-              <tr id="data">
-                <td><?=htmlspecialchars(strtolower($host));?></td>
-                <td><?=htmlspecialchars(strtolower($source));?></td>
-                <td style="text-align: right;">
-                  <div class="btn-group">
-                    <a href="delete.php?forwardinghost=<?=$host;?>" class="btn btn-xs btn-danger"><span class="glyphicon glyphicon-trash"></span> <?=$lang['admin']['remove'];?></a>
-                  </div>
-                </td>
-                </td>
-              </tr>
-
-              <?php
-              }
-            } else {
-            ?>
-              <tr id="no-data"><td colspan="4" style="text-align: center; font-style: italic;"><?=$lang['admin']['no_record'];?></td></tr>
-            <?php
-            }
-            ?>
-          </tbody>
-        </table>
+          <table class="table table-striped" id="postfix_log"></table>
         </div>
-      </form>
-      <legend><?=$lang['admin']['add_forwarding_host'];?></legend>
-      <p class="help-block"><?=$lang['admin']['forwarding_hosts_add_hint'];?></p>
-      <form class="form-horizontal" role="form" method="post">
-        <div class="form-group">
-          <label class="control-label col-sm-2" for="hostname"><?=$lang['edit']['host'];?>:</label>
-          <div class="col-sm-10">
-            <input type="text" class="form-control" name="hostname" id="hostname" required>
-          </div>
+      </div>
+    </div>
+    <div class="panel panel-default">
+      <div class="panel-heading">SOGo
+        <div class="btn-group pull-right">
+          <a class="btn btn-xs btn-default dropdown-toggle" data-toggle="dropdown" href="#"><?=$lang['admin']['action'];?> <span class="caret"></span></a>
+          <ul class="dropdown-menu">
+            <li><a href="#" id="refresh_sogo_log"><?=$lang['admin']['refresh'];?></a></li>
+          </ul>
         </div>
-        <div class="form-group">
-          <div class="col-sm-offset-2 col-sm-10">
-            <button type="submit" name="add_forwarding_host" class="btn btn-default"><?=$lang['admin']['add'];?></button>
-          </div>
+      </div>
+      <div class="panel-body">
+        <div class="table-responsive">
+          <table class="table table-striped" id="sogo_log"></table>
         </div>
-      </form>
+      </div>
     </div>
   </div>
 
   </div>
-
 </div> <!-- /container -->
 <script type='text/javascript'>
 <?php

data/web/css/admin.css

@@ -10,4 +10,12 @@ table.footable>tbody>tr.footable-empty>td {
 }
 .table-responsive {
   overflow: visible !important;
+}
+body {
+  overflow-y:scroll;
+}
+/* Fix modal moving content left */
+body.modal-open {
+  overflow-y:scroll;
+  padding-right: inherit !important;
 }

data/web/css/mailbox.css

@@ -13,21 +13,12 @@ table.footable>tbody>tr.footable-empty>td {
 }
 .footer-add-item {
   display:block;
+  text-align: center;
+  font-style: italic;
   padding: 10px;
   background: #F5F5F5;
 }
-.mass-each-action {
-  padding: 0 3px 0 3px;
-  user-select: none;
-}
-.mass-actions {
-  user-select: none;
-  padding:10px;
-}
-.mass-select-all {
-  cursor:pointer;
-  color:#555;
-}
+
 #alias_table {
   cursor:pointer;
 }
@@ -38,4 +29,4 @@ table.footable>tbody>tr.footable-empty>td {
   .container {
       width: 80%;
   }
-}
+}

data/web/css/mailcow.css

@@ -55,4 +55,19 @@ body.modal-open {
   overflow: inherit;
   padding-right: inherit !important;
 }
-
+#mailcow-alert {
+  position: fixed;
+  bottom: 8px;
+  right: 25px;
+  min-width: 350px;
+  max-width: 550px;
+  z-index: 2000;
+}
+.mass-actions-mailbox {
+  user-select: none;
+  padding:10px 0 10px 10px;
+}
+.mass-actions-admin {
+  user-select: none;
+  padding:10px 0 10px 0;
+}

data/web/edit.php

@@ -26,7 +26,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<h4><?=$lang['edit']['alias'];?></h4>
 					<br />
 					<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-					<input type="hidden" name="address" value="<?=htmlspecialchars($alias);?>">
+						<input type="hidden" value="0" name="active">
+						<input type="hidden" name="address" value="<?=htmlspecialchars($alias);?>">
 						<div class="form-group">
 							<label class="control-label col-sm-2" for="goto"><?=$lang['edit']['target_address'];?></label>
 							<div class="col-sm-10">
@@ -36,7 +37,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<div class="form-group">
 							<div class="col-sm-offset-2 col-sm-10">
 								<div class="checkbox">
-								<label><input type="checkbox" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
+								<label><input type="checkbox" value="1" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
 								</div>
 							</div>
 						</div>
@@ -66,7 +67,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 				<h4><?=$lang['edit']['domain_admin'];?></h4>
 				<br />
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-				<input type="hidden" name="username_now" value="<?=htmlspecialchars($domain_admin);?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" name="username_now" value="<?=htmlspecialchars($domain_admin);?>">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="username"><?=$lang['edit']['username'];?></label>
 						<div class="col-sm-10">
@@ -107,14 +109,14 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" <?php if (isset($result['active_int']) && $result['active_int']=="1") { echo "checked"; }; ?>> <?=$lang['edit']['active'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="disable_tfa"> <?=$lang['tfa']['disable_tfa'];?></label>
+							<label><input type="checkbox" value="1" name="disable_tfa"> <?=$lang['tfa']['disable_tfa'];?></label>
 							</div>
 						</div>
 					</div>
@@ -141,7 +143,10 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 			?>
 				<h4><?=$lang['edit']['domain'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-				<input type="hidden" name="domain" value="<?=htmlspecialchars($domain);?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" value="0" name="backupmx">
+					<input type="hidden" value="0" name="relay_all_recipients">
+					<input type="hidden" name="domain" value="<?=htmlspecialchars($domain);?>">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="description"><?=$lang['edit']['description'];?></label>
 						<div class="col-sm-10">
@@ -179,9 +184,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 						<label class="control-label col-sm-2"><?=$lang['edit']['backup_mx_options'];?></label>
 						<div class="col-sm-10">
 							<div class="checkbox">
-								<label><input type="checkbox" name="backupmx" <?=(isset($result['backupmx_int']) && $result['backupmx_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_domain'];?></label>
+								<label><input type="checkbox" value="1" name="backupmx" <?=(isset($result['backupmx_int']) && $result['backupmx_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_domain'];?></label>
 								<br />
-								<label><input type="checkbox" name="relay_all_recipients" <?=(isset($result['relay_all_recipients_int']) && $result['relay_all_recipients_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_all'];?></label>
+								<label><input type="checkbox" value="1" name="relay_all_recipients" <?=(isset($result['relay_all_recipients_int']) && $result['relay_all_recipients_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['relay_all'];?></label>
 								<p><?=$lang['edit']['relay_all_info'];?></p>
 							</div>
 						</div>
@@ -192,7 +197,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-								<label><input type="checkbox" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ? "checked" : null;?> <?=($_SESSION['mailcow_cc_role'] == "admin") ? null : "disabled";?>> <?=$lang['edit']['active'];?></label>
+								<label><input type="checkbox" value="1" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ? "checked" : null;?> <?=($_SESSION['mailcow_cc_role'] == "admin") ? null : "disabled";?>> <?=$lang['edit']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -244,9 +249,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
               <?php
               if ($wl['object'] == $domain):
               ?>
-                <input type="hidden" name="delete_prefid" value="<?=$wl['prefid'];?>">
-                <input type="hidden" name="delete_policy_list_item">
-                <input type="hidden" name="domain" value="<?=$domain;?>">
+							<input type="hidden" name="delete_prefid" value="<?=$wl['prefid'];?>">
+							<input type="hidden" name="delete_policy_list_item">
+							<input type="hidden" name="domain" value="<?=$domain;?>">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
               else:
@@ -297,12 +302,12 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
             <form class="form-inline" method="post">
             <div class="col-xs-6"><code><?=$bl['value'];?></code></div>
             <div class="col-xs-6">
-              <input type="hidden" name="delete_prefid" value="<?=$bl['prefid'];?>">
+							<input type="hidden" name="delete_prefid" value="<?=$bl['prefid'];?>">
               <?php
               if ($bl['object'] == $domain):
               ?>
-                <input type="hidden" name="delete_policy_list_item">
-                <input type="hidden" name="domain" value="<?=$domain;?>">
+								<input type="hidden" name="delete_policy_list_item">
+								<input type="hidden" name="domain" value="<?=$domain;?>">
                 <a href="#" onclick="$(this).closest('form').submit()" data-toggle="tooltip" data-placement="left" title="<?=$lang['user']['delete_now'];?>"><span class="glyphicon glyphicon-remove"></span></a>
               <?php
               else:
@@ -350,17 +355,18 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 			?>
 				<h4><?=$lang['edit']['edit_alias_domain'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-					<input type="hidden" name="alias_domain_now" value="<?=htmlspecialchars($alias_domain);?>">
+					<input type="hidden" value="0" name="active">
+					<input type="hidden" value="<?=$result['alias_domain'];?>" name="alias_domain">
 					<div class="form-group">
-						<label class="control-label col-sm-2" for="alias_domain"><?=$lang['edit']['alias_domain'];?></label>
+						<label class="control-label col-sm-2" for="target_domain"><?=$lang['edit']['target_domain'];?></label>
 						<div class="col-sm-10">
-							<input type="text" class="form-control" name="alias_domain" id="alias_domain" value="<?=htmlspecialchars($result['alias_domain']);?>">
+							<input type="text" class="form-control" name="target_domain" id="target_domain" value="<?=htmlspecialchars($result['target_domain']);?>">
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-								<label><input type="checkbox" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ?  "checked" : null ?>> <?=$lang['edit']['active'];?></label>
+								<label><input type="checkbox" value="1" name="active" <?=(isset($result['active_int']) && $result['active_int']=="1") ?  "checked" : null ?>> <?=$lang['edit']['active'];?></label>
 							</div>
 						</div>
 					</div>
@@ -398,7 +404,9 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
       ?>
       <h4><?=$lang['edit']['mailbox'];?></h4>
       <form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-      <input type="hidden" name="username" value="<?=htmlspecialchars($result['username']);?>">
+				<input type="hidden" value="0" name="sender_acl">
+				<input type="hidden" value="0" name="active">
+				<input type="hidden" name="username" value="<?=htmlspecialchars($result['username']);?>">
         <div class="form-group">
           <label class="control-label col-sm-2" for="name"><?=$lang['edit']['full_name'];?>:</label>
           <div class="col-sm-10">
@@ -481,7 +489,7 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
         <div class="form-group">
           <div class="col-sm-offset-2 col-sm-10">
             <div class="checkbox">
-            <label><input type="checkbox" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
+            <label><input type="checkbox" value="1" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
             </div>
           </div>
         </div>
@@ -501,6 +509,8 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
         ?>
 				<h4><?=$lang['edit']['resource'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
+          <input type="hidden" value="0" name="active">
+          <input type="hidden" value="0" name="multiple_bookings">
           <input type="hidden" name="name" value="<?=htmlspecialchars($result['name']);?>">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="description"><?=$lang['add']['description'];?></label>
@@ -521,14 +531,14 @@ if (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] == "adm
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" <?=($result['active_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['active'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="multiple_bookings" <?=($result['multiple_bookings_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['multiple_bookings'];?></label>
+							<label><input type="checkbox" value="1" name="multiple_bookings" <?=($result['multiple_bookings_int']=="1") ? "checked" : null;?>> <?=$lang['edit']['multiple_bookings'];?></label>
 							</div>
 						</div>
 					</div>
@@ -561,7 +571,10 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 			?>
 				<h4><?=$lang['edit']['syncjob'];?></h4>
 				<form class="form-horizontal" role="form" method="post" action="<?=($FORM_ACTION == "previous") ? $_SESSION['return_to'] : null;?>">
-				<input type="hidden" name="id" value="<?=htmlspecialchars($result['id']);?>">
+          <input type="hidden" value="0" name="delete2duplicates">
+          <input type="hidden" value="0" name="delete1">
+          <input type="hidden" value="0" name="active">
+          <input type="hidden" name="id" value="<?=htmlspecialchars($result['id']);?>">
 					<div class="form-group">
 						<label class="control-label col-sm-2" for="host1"><?=$lang['edit']['hostname'];?></label>
 						<div class="col-sm-10">
@@ -623,21 +636,21 @@ elseif (isset($_SESSION['mailcow_cc_role']) && ($_SESSION['mailcow_cc_role'] ==
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete2duplicates" <?=($result['delete2duplicates']=="1") ? "checked" : "";?>> <?=$lang['edit']['delete2duplicates'];?></label>
+							<label><input type="checkbox" value="1" name="delete2duplicates" <?=($result['delete2duplicates']=="1") ? "checked" : "";?>> <?=$lang['edit']['delete2duplicates'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="delete1" <?=($result['delete1']=="1") ? "checked" : "";?>> <?=$lang['edit']['delete1'];?></label>
+							<label><input type="checkbox" value="1" name="delete1" <?=($result['delete1']=="1") ? "checked" : "";?>> <?=$lang['edit']['delete1'];?></label>
 							</div>
 						</div>
 					</div>
 					<div class="form-group">
 						<div class="col-sm-offset-2 col-sm-10">
 							<div class="checkbox">
-							<label><input type="checkbox" name="active" <?=($result['active']=="1") ? "checked" : "";?>> <?=$lang['edit']['active'];?></label>
+							<label><input type="checkbox" value="1" name="active" <?=($result['active']=="1") ? "checked" : "";?>> <?=$lang['edit']['active'];?></label>
 							</div>
 						</div>
 					</div>

data/web/inc/footer.inc.php

@@ -19,6 +19,9 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 		</div>
 	</div>
 </div>
+<?php
+endif;
+?>
 <div id="ConfirmDeleteModal" class="modal fade" role="dialog">
 	<div class="modal-dialog">
 		<div class="modal-content">
@@ -36,14 +39,12 @@ if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == "admi
 		</div>
 	</div>
 </div>
-<?php
-endif;
-?>
 <div style="margin-bottom:100px"></div>
 <script src="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/js/bootstrap.min.js"></script>
 <script src="/js/bootstrap-switch.min.js"></script>
 <script src="/js/bootstrap-slider.min.js"></script>
 <script src="/js/bootstrap-select.min.js"></script>
+<script src="/js/notifications.min.js"></script>
 <script src="/js/u2f-api.js"></script>
 <script>
 // Select language and reopen active URL without POST
@@ -53,6 +54,12 @@ function setLang(sel) {
 }
 
 $(document).ready(function() {
+  function mailcow_alert_box(message, type) {
+    $.notify({message: message},{type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
+  }
+  <?php if (isset($_SESSION['return'])): ?>
+  mailcow_alert_box("<?=$_SESSION['return']['msg'];?>",  "<?=$_SESSION['return']['type'];?>");
+  <?php endif; unset($_SESSION['return']); ?>
   // Confirm TFA modal
   <?php if (isset($_SESSION['pending_tfa_method'])):?>
   $('#ConfirmTFAModal').modal({
@@ -220,21 +227,7 @@ $(document).ready(function() {
 	});
 });
 </script>
-<?php
-if (isset($_SESSION['return'])):
-?>
-<div class="container">
-	<div style="position:fixed;bottom:8px;right:25px;min-width:300px;max-width:350px;z-index:2000">
-		<div <?=($_SESSION['return']['type'] == 'danger') ? null : 'id="alert-fade"'?> class="alert alert-<?=$_SESSION['return']['type'];?>" role="alert">
-		<a href="#" class="close" data-dismiss="alert"> &times;</a>
-		<?=htmlspecialchars($_SESSION['return']['msg']);?>
-		</div>
-	</div>
-</div>
-<?php
-unset($_SESSION['return']);
-endif;
-?>
+
 </body>
 </html>
 <?php $stmt = null; $pdo = null; ?>

data/web/inc/header.inc.php

@@ -18,6 +18,7 @@
 <link rel="stylesheet" href="/css/footable.bootstrap.min.css">
 <link rel="stylesheet" href="/inc/languages.min.css">
 <link rel="stylesheet" href="/css/mailcow.css">
+<link rel="stylesheet" href="/css/animate.min.css">
 <?=(preg_match("/mailbox.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/mailbox.css">' : null;?>
 <?=(preg_match("/admin.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/admin.css">' : null;?>
 <link rel="shortcut icon" href="/favicon.png" type="image/png">

data/web/inc/init_db.inc.php

@@ -3,7 +3,7 @@ function init_db_schema() {
   try {
     global $pdo;
 
-    $db_version = "01052017_1702";
+    $db_version = "07052017_0824";
 
     $stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); 
     $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@@ -268,7 +268,8 @@ function init_db_schema() {
       "forwarding_hosts" => array(
         "cols" => array(
           "host" => "VARCHAR(255) NOT NULL",
-          "source" => "VARCHAR(255) NOT NULL"
+          "source" => "VARCHAR(255) NOT NULL",
+          "filter_spam" => "TINYINT(1) NOT NULL DEFAULT '0'"
         ),
         "keys" => array(
           "primary" => array(

data/web/inc/lib/composer.json

@@ -1,6 +1,7 @@
 {
     "require": {
         "robthree/twofactorauth": "^1.6",
-        "yubico/u2flib-server": "^1.0"
+        "yubico/u2flib-server": "^1.0",
+        "owasp/csrf-protector-php": "dev-master"
     }
 }

data/web/inc/lib/composer.lock

@@ -4,8 +4,44 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "5652a086b6d277d72d7ae0341e517b1e",
+    "content-hash": "413fc63dc6c7815f0a175217bccb490a",
     "packages": [
+        {
+            "name": "owasp/csrf-protector-php",
+            "version": "dev-master",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/mebjas/CSRF-Protector-PHP.git",
+                "reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/mebjas/CSRF-Protector-PHP/zipball/aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
+                "reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
+                "shasum": ""
+            },
+            "require-dev": {
+                "satooshi/php-coveralls": "~1.0"
+            },
+            "type": "library",
+            "autoload": {
+                "classmap": [
+                    "libs/csrf/"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "APACHE"
+            ],
+            "description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
+            "homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
+            "keywords": [
+                "csrf",
+                "owasp",
+                "security"
+            ],
+            "time": "2017-04-12T05:47:07+00:00"
+        },
         {
             "name": "robthree/twofactorauth",
             "version": "1.6",
@@ -59,20 +95,24 @@
         },
         {
             "name": "yubico/u2flib-server",
-            "version": "1.0.0",
+            "version": "1.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Yubico/php-u2flib-server.git",
-                "reference": "407eb21da24150aad30bcd8cc0ee72963eac5e9d"
+                "reference": "dc318c80b59e62921c210f31b014def26ceebbab"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/407eb21da24150aad30bcd8cc0ee72963eac5e9d",
-                "reference": "407eb21da24150aad30bcd8cc0ee72963eac5e9d",
+                "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/dc318c80b59e62921c210f31b014def26ceebbab",
+                "reference": "dc318c80b59e62921c210f31b014def26ceebbab",
                 "shasum": ""
             },
             "require": {
-                "ext-openssl": "*"
+                "ext-openssl": "*",
+                "php": ">=5.6"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "~5.7"
             },
             "type": "library",
             "autoload": {
@@ -86,13 +126,15 @@
             ],
             "description": "Library for U2F implementation",
             "homepage": "https://developers.yubico.com/php-u2flib-server",
-            "time": "2016-02-19T09:47:51+00:00"
+            "time": "2017-05-09T07:33:58+00:00"
         }
     ],
     "packages-dev": [],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {
+        "owasp/csrf-protector-php": 20
+    },
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": [],

data/web/inc/lib/vendor/composer/autoload_classmap.php

@@ -6,6 +6,14 @@ $vendorDir = dirname(dirname(__FILE__));
 $baseDir = dirname($vendorDir);
 
 return array(
+    'alreadyInitializedException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'baseJSFileNotFoundExceptio' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'configFileNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'csrfProtector' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'incompleteConfigurationException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'jsFileNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'logDirectoryNotFoundException' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+    'logFileWriteError' => $vendorDir . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
     'u2flib_server\\Error' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
     'u2flib_server\\RegisterRequest' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
     'u2flib_server\\Registration' => $vendorDir . '/yubico/u2flib-server/src/u2flib_server/U2F.php',

data/web/inc/lib/vendor/composer/autoload_static.php

@@ -21,6 +21,14 @@ class ComposerStaticInit873464e4bd965a3168f133248b1b218b
     );
 
     public static $classMap = array (
+        'alreadyInitializedException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'baseJSFileNotFoundExceptio' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'configFileNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'csrfProtector' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'incompleteConfigurationException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'jsFileNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'logDirectoryNotFoundException' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
+        'logFileWriteError' => __DIR__ . '/..' . '/owasp/csrf-protector-php/libs/csrf/csrfprotector.php',
         'u2flib_server\\Error' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
         'u2flib_server\\RegisterRequest' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',
         'u2flib_server\\Registration' => __DIR__ . '/..' . '/yubico/u2flib-server/src/u2flib_server/U2F.php',

data/web/inc/lib/vendor/composer/installed.json

@@ -52,25 +52,67 @@
             "tfa"
         ]
     },
+    {
+        "name": "owasp/csrf-protector-php",
+        "version": "dev-master",
+        "version_normalized": "9999999-dev",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/mebjas/CSRF-Protector-PHP.git",
+            "reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/mebjas/CSRF-Protector-PHP/zipball/aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
+            "reference": "aec0d6966992363a7192b2ae9fb0a9643e8fa26b",
+            "shasum": ""
+        },
+        "require-dev": {
+            "satooshi/php-coveralls": "~1.0"
+        },
+        "time": "2017-04-12T05:47:07+00:00",
+        "type": "library",
+        "installation-source": "source",
+        "autoload": {
+            "classmap": [
+                "libs/csrf/"
+            ]
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "APACHE"
+        ],
+        "description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
+        "homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
+        "keywords": [
+            "csrf",
+            "owasp",
+            "security"
+        ]
+    },
     {
         "name": "yubico/u2flib-server",
-        "version": "1.0.0",
-        "version_normalized": "1.0.0.0",
+        "version": "1.0.1",
+        "version_normalized": "1.0.1.0",
         "source": {
             "type": "git",
             "url": "https://github.com/Yubico/php-u2flib-server.git",
-            "reference": "407eb21da24150aad30bcd8cc0ee72963eac5e9d"
+            "reference": "dc318c80b59e62921c210f31b014def26ceebbab"
         },
         "dist": {
             "type": "zip",
-            "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/407eb21da24150aad30bcd8cc0ee72963eac5e9d",
-            "reference": "407eb21da24150aad30bcd8cc0ee72963eac5e9d",
+            "url": "https://api.github.com/repos/Yubico/php-u2flib-server/zipball/dc318c80b59e62921c210f31b014def26ceebbab",
+            "reference": "dc318c80b59e62921c210f31b014def26ceebbab",
             "shasum": ""
         },
         "require": {
-            "ext-openssl": "*"
+            "ext-openssl": "*",
+            "php": ">=5.6"
+        },
+        "require-dev": {
+            "phpunit/phpunit": "~5.7"
         },
-        "time": "2016-02-19T09:47:51+00:00",
+        "time": "2017-05-09T07:33:58+00:00",
         "type": "library",
         "installation-source": "dist",
         "autoload": {

data/web/inc/lib/vendor/owasp/csrf-protector-php/.coveralls.yml

@@ -0,0 +1,4 @@
+service_name: travis-ci
+src_dir: ./libs/
+coverage_clover: build/logs/clover.xml
+json_path: build/logs/coveralls-upload.json

data/web/inc/lib/vendor/owasp/csrf-protector-php/.travis.yml

@@ -0,0 +1,46 @@
+language: php
+php:
+  - "5.6"
+  - "5.5"
+  - "5.4"
+  - "5.3"
+  - "7.0"
+  - "7.1"
+  - hhvm
+  - nightly
+
+matrix:
+    allow_failures:
+    - php: nightly
+    - php: hhvm
+
+os:
+  - linux
+
+install:
+  # Install composer packages, will also trigger dump-autoload
+  - composer install --no-interaction
+  # Install coveralls.phar
+  - wget -c -nc --retry-connrefused --tries=0 https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar
+  - chmod +x coveralls.phar
+  - php coveralls.phar --version
+
+before_script:
+    - mkdir -p build/logs
+    - ls -al
+
+script:
+ - mkdir -p build/logs
+ - if [ $(phpenv version-name) = 'hhvm' ]; then echo 'xdebug.enable=1' >> /etc/hhvm/php.ini; fi
+ - phpunit --stderr --coverage-clover build/logs/clover.xml
+
+after_script:
+ - php vendor/bin/coveralls -v
+
+after_success:
+ - travis_retry php coveralls.phar -v
+
+cache:
+  directories:
+  - vendor
+  - $HOME/.cache/composer

data/web/inc/lib/vendor/owasp/csrf-protector-php/composer.json

@@ -0,0 +1,14 @@
+{   
+    "name": "owasp/csrf-protector-php",
+    "type": "library",
+    "description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
+    "keywords": ["security","csrf", "owasp"],
+    "homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
+    "license": "APACHE",
+    "require-dev": {
+        "satooshi/php-coveralls": "~1.0"
+    },
+    "autoload": {
+        "classmap": ["libs/csrf/"]
+    }
+}

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index.html

@@ -0,0 +1 @@
+<html><head><meta http-equiv="Refresh" CONTENT="0; URL=files/libs/csrf/csrfprotector-php.html"></head></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Files.html

@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>File Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>File Index</div><div class=INavigationBar>$#! &middot; 0-9 &middot; A &middot; B &middot; <a href="#C">C</a> &middot; D &middot; E &middot; F &middot; G &middot; H &middot; I &middot; J &middot; K &middot; L &middot; M &middot; N &middot; O &middot; P &middot; Q &middot; R &middot; S &middot; T &middot; U &middot; V &middot; W &middot; X &middot; Y &middot; Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php"  class=ISymbol>csrfprotector.php</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Files</div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Variables.html

@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Variable Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Variable Index</div><div class=INavigationBar>$#! &middot; 0-9 &middot; A &middot; B &middot; <a href="#C">C</a> &middot; D &middot; E &middot; F &middot; G &middot; H &middot; <a href="#I">I</a> &middot; J &middot; K &middot; L &middot; M &middot; N &middot; O &middot; P &middot; Q &middot; <a href="#R">R</a> &middot; S &middot; T &middot; U &middot; V &middot; W &middot; X &middot; Y &middot; Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$config" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>config</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>cookieExpiryTime</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>isSameOrigin</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>isValidHTML</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>requestType</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) =&gt; action to be taken in case autherisation fails Property: #2: logDirectory (string) =&gt; directory in which log will be saved Property: #3: customErrorMessage (string) =&gt; custom error message to be sent in case of failed authentication Property: #4: jsFile (string) =&gt; location of the CSRFProtector js file Property: #5: tokenLength (int) =&gt; default length of hash Property: #6: disabledJavascriptMessage (string) =&gt; error message if client&rsquo;s js is disabled</div></div><div class=CToolTip id="tt2"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote>expiry time for cookie @var int</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt3"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote>flag for cross origin/same origin request @var bool</div></div><div class=CToolTip id="tt4"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote>flag to check if output file is a valid HTML or not @var bool</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt5"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote>Varaible to store weather request type is post or get @var string</div></div><!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Variables</div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/main.js

@@ -0,0 +1,841 @@
+// This file is part of Natural Docs, which is Copyright © 2003-2010 Greg Valure
+// Natural Docs is licensed under version 3 of the GNU Affero General Public License (AGPL)
+// Refer to License.txt for the complete details
+
+// This file may be distributed with documentation files generated by Natural Docs.
+// Such documentation is not covered by Natural Docs' copyright and licensing,
+// and may have its own copyright and distribution terms as decided by its author.
+
+
+//
+//  Browser Styles
+// ____________________________________________________________________________
+
+var agt=navigator.userAgent.toLowerCase();
+var browserType;
+var browserVer;
+
+if (agt.indexOf("opera") != -1)
+    {
+    browserType = "Opera";
+
+    if (agt.indexOf("opera 7") != -1 || agt.indexOf("opera/7") != -1)
+        {  browserVer = "Opera7";  }
+    else if (agt.indexOf("opera 8") != -1 || agt.indexOf("opera/8") != -1)
+        {  browserVer = "Opera8";  }
+    else if (agt.indexOf("opera 9") != -1 || agt.indexOf("opera/9") != -1)
+        {  browserVer = "Opera9";  }
+    }
+
+else if (agt.indexOf("applewebkit") != -1)
+    {
+    browserType = "Safari";
+
+    if (agt.indexOf("version/3") != -1)
+        {  browserVer = "Safari3";  }
+    else if (agt.indexOf("safari/4") != -1)
+        {  browserVer = "Safari2";  }
+    }
+
+else if (agt.indexOf("khtml") != -1)
+    {
+    browserType = "Konqueror";
+    }
+
+else if (agt.indexOf("msie") != -1)
+    {
+    browserType = "IE";
+
+    if (agt.indexOf("msie 6") != -1)
+        {  browserVer = "IE6";  }
+    else if (agt.indexOf("msie 7") != -1)
+        {  browserVer = "IE7";  }
+    }
+
+else if (agt.indexOf("gecko") != -1)
+    {
+    browserType = "Firefox";
+
+    if (agt.indexOf("rv:1.7") != -1)
+        {  browserVer = "Firefox1";  }
+    else if (agt.indexOf("rv:1.8)") != -1 || agt.indexOf("rv:1.8.0") != -1)
+        {  browserVer = "Firefox15";  }
+    else if (agt.indexOf("rv:1.8.1") != -1)
+        {  browserVer = "Firefox2";  }
+    }
+
+
+//
+//  Support Functions
+// ____________________________________________________________________________
+
+
+function GetXPosition(item)
+    {
+    var position = 0;
+
+    if (item.offsetWidth != null)
+        {
+        while (item != document.body && item != null)
+            {
+            position += item.offsetLeft;
+            item = item.offsetParent;
+            };
+        };
+
+    return position;
+    };
+
+
+function GetYPosition(item)
+    {
+    var position = 0;
+
+    if (item.offsetWidth != null)
+        {
+        while (item != document.body && item != null)
+            {
+            position += item.offsetTop;
+            item = item.offsetParent;
+            };
+        };
+
+    return position;
+    };
+
+
+function MoveToPosition(item, x, y)
+    {
+    // Opera 5 chokes on the px extension, so it can use the Microsoft one instead.
+
+    if (item.style.left != null)
+        {
+        item.style.left = x + "px";
+        item.style.top = y + "px";
+        }
+    else if (item.style.pixelLeft != null)
+        {
+        item.style.pixelLeft = x;
+        item.style.pixelTop = y;
+        };
+    };
+
+
+//
+//  Menu
+// ____________________________________________________________________________
+
+
+function ToggleMenu(id)
+    {
+    if (!window.document.getElementById)
+        {  return;  };
+
+    var display = window.document.getElementById(id).style.display;
+
+    if (display == "none")
+        {  display = "block";  }
+    else
+        {  display = "none";  }
+
+    window.document.getElementById(id).style.display = display;
+    }
+
+function HideAllBut(ids, max)
+    {
+    if (document.getElementById)
+        {
+        ids.sort( function(a,b) { return a - b; } );
+        var number = 1;
+
+        while (number < max)
+            {
+            if (ids.length > 0 && number == ids[0])
+                {  ids.shift();  }
+            else
+                {
+                document.getElementById("MGroupContent" + number).style.display = "none";
+                };
+
+            number++;
+            };
+        };
+    }
+
+
+//
+//  Tooltips
+// ____________________________________________________________________________
+
+
+var tooltipTimer = 0;
+
+function ShowTip(event, tooltipID, linkID)
+    {
+    if (tooltipTimer)
+        {  clearTimeout(tooltipTimer);  };
+
+    var docX = event.clientX + window.pageXOffset;
+    var docY = event.clientY + window.pageYOffset;
+
+    var showCommand = "ReallyShowTip('" + tooltipID + "', '" + linkID + "', " + docX + ", " + docY + ")";
+
+    tooltipTimer = setTimeout(showCommand, 1000);
+    }
+
+function ReallyShowTip(tooltipID, linkID, docX, docY)
+    {
+    tooltipTimer = 0;
+
+    var tooltip;
+    var link;
+
+    if (document.getElementById)
+        {
+        tooltip = document.getElementById(tooltipID);
+        link = document.getElementById(linkID);
+        }
+/*    else if (document.all)
+        {
+        tooltip = eval("document.all['" + tooltipID + "']");
+        link = eval("document.all['" + linkID + "']");
+        }
+*/
+    if (tooltip)
+        {
+        var left = GetXPosition(link);
+        var top = GetYPosition(link);
+        top += link.offsetHeight;
+
+
+        // The fallback method is to use the mouse X and Y relative to the document.  We use a separate if and test if its a number
+        // in case some browser snuck through the above if statement but didn't support everything.
+
+        if (!isFinite(top) || top == 0)
+            {
+            left = docX;
+            top = docY;
+            }
+
+        // Some spacing to get it out from under the cursor.
+
+        top += 10;
+
+        // Make sure the tooltip doesnt get smushed by being too close to the edge, or in some browsers, go off the edge of the
+        // page.  We do it here because Konqueror does get offsetWidth right even if it doesnt get the positioning right.
+
+        if (tooltip.offsetWidth != null)
+            {
+            var width = tooltip.offsetWidth;
+            var docWidth = document.body.clientWidth;
+
+            if (left + width > docWidth)
+                {  left = docWidth - width - 1;  }
+
+            // If there's a horizontal scroll bar we could go past zero because it's using the page width, not the window width.
+            if (left < 0)
+                {  left = 0;  };
+            }
+
+        MoveToPosition(tooltip, left, top);
+        tooltip.style.visibility = "visible";
+        }
+    }
+
+function HideTip(tooltipID)
+    {
+    if (tooltipTimer)
+        {
+        clearTimeout(tooltipTimer);
+        tooltipTimer = 0;
+        }
+
+    var tooltip;
+
+    if (document.getElementById)
+        {  tooltip = document.getElementById(tooltipID); }
+    else if (document.all)
+        {  tooltip = eval("document.all['" + tooltipID + "']");  }
+
+    if (tooltip)
+        {  tooltip.style.visibility = "hidden";  }
+    }
+
+
+//
+//  Blockquote fix for IE
+// ____________________________________________________________________________
+
+
+function NDOnLoad()
+    {
+    if (browserVer == "IE6")
+        {
+        var scrollboxes = document.getElementsByTagName('blockquote');
+
+        if (scrollboxes.item(0))
+            {
+            NDDoResize();
+            window.onresize=NDOnResize;
+            };
+        };
+    };
+
+
+var resizeTimer = 0;
+
+function NDOnResize()
+    {
+    if (resizeTimer != 0)
+        {  clearTimeout(resizeTimer);  };
+
+    resizeTimer = setTimeout(NDDoResize, 250);
+    };
+
+
+function NDDoResize()
+    {
+    var scrollboxes = document.getElementsByTagName('blockquote');
+
+    var i;
+    var item;
+
+    i = 0;
+    while (item = scrollboxes.item(i))
+        {
+        item.style.width = 100;
+        i++;
+        };
+
+    i = 0;
+    while (item = scrollboxes.item(i))
+        {
+        item.style.width = item.parentNode.offsetWidth;
+        i++;
+        };
+
+    clearTimeout(resizeTimer);
+    resizeTimer = 0;
+    }
+
+
+
+/* ________________________________________________________________________________________________________
+
+    Class: SearchPanel
+    ________________________________________________________________________________________________________
+
+    A class handling everything associated with the search panel.
+
+    Parameters:
+
+        name - The name of the global variable that will be storing this instance.  Is needed to be able to set timeouts.
+        mode - The mode the search is going to work in.  Pass <NaturalDocs::Builder::Base->CommandLineOption()>, so the
+                   value will be something like "HTML" or "FramedHTML".
+
+    ________________________________________________________________________________________________________
+*/
+
+
+function SearchPanel(name, mode, resultsPath)
+    {
+    if (!name || !mode || !resultsPath)
+        {  alert("Incorrect parameters to SearchPanel.");  };
+
+
+    // Group: Variables
+    // ________________________________________________________________________
+
+    /*
+        var: name
+        The name of the global variable that will be storing this instance of the class.
+    */
+    this.name = name;
+
+    /*
+        var: mode
+        The mode the search is going to work in, such as "HTML" or "FramedHTML".
+    */
+    this.mode = mode;
+
+    /*
+        var: resultsPath
+        The relative path from the current HTML page to the results page directory.
+    */
+    this.resultsPath = resultsPath;
+
+    /*
+        var: keyTimeout
+        The timeout used between a keystroke and when a search is performed.
+    */
+    this.keyTimeout = 0;
+
+    /*
+        var: keyTimeoutLength
+        The length of <keyTimeout> in thousandths of a second.
+    */
+    this.keyTimeoutLength = 500;
+
+    /*
+        var: lastSearchValue
+        The last search string executed, or an empty string if none.
+    */
+    this.lastSearchValue = "";
+
+    /*
+        var: lastResultsPage
+        The last results page.  The value is only relevant if <lastSearchValue> is set.
+    */
+    this.lastResultsPage = "";
+
+    /*
+        var: deactivateTimeout
+
+        The timeout used between when a control is deactivated and when the entire panel is deactivated.  Is necessary
+        because a control may be deactivated in favor of another control in the same panel, in which case it should stay
+        active.
+    */
+    this.deactivateTimout = 0;
+
+    /*
+        var: deactivateTimeoutLength
+        The length of <deactivateTimeout> in thousandths of a second.
+    */
+    this.deactivateTimeoutLength = 200;
+
+
+
+
+    // Group: DOM Elements
+    // ________________________________________________________________________
+
+
+    // Function: DOMSearchField
+    this.DOMSearchField = function()
+        {  return document.getElementById("MSearchField");  };
+
+    // Function: DOMSearchType
+    this.DOMSearchType = function()
+        {  return document.getElementById("MSearchType");  };
+
+    // Function: DOMPopupSearchResults
+    this.DOMPopupSearchResults = function()
+        {  return document.getElementById("MSearchResults");  };
+
+    // Function: DOMPopupSearchResultsWindow
+    this.DOMPopupSearchResultsWindow = function()
+        {  return document.getElementById("MSearchResultsWindow");  };
+
+    // Function: DOMSearchPanel
+    this.DOMSearchPanel = function()
+        {  return document.getElementById("MSearchPanel");  };
+
+
+
+
+    // Group: Event Handlers
+    // ________________________________________________________________________
+
+
+    /*
+        Function: OnSearchFieldFocus
+        Called when focus is added or removed from the search field.
+    */
+    this.OnSearchFieldFocus = function(isActive)
+        {
+        this.Activate(isActive);
+        };
+
+
+    /*
+        Function: OnSearchFieldChange
+        Called when the content of the search field is changed.
+    */
+    this.OnSearchFieldChange = function()
+        {
+        if (this.keyTimeout)
+            {
+            clearTimeout(this.keyTimeout);
+            this.keyTimeout = 0;
+            };
+
+        var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+        if (searchValue != this.lastSearchValue)
+            {
+            if (searchValue != "")
+                {
+                this.keyTimeout = setTimeout(this.name + ".Search()", this.keyTimeoutLength);
+                }
+            else
+                {
+                if (this.mode == "HTML")
+                    {  this.DOMPopupSearchResultsWindow().style.display = "none";  };
+                this.lastSearchValue = "";
+                };
+            };
+        };
+
+
+    /*
+        Function: OnSearchTypeFocus
+        Called when focus is added or removed from the search type.
+    */
+    this.OnSearchTypeFocus = function(isActive)
+        {
+        this.Activate(isActive);
+        };
+
+
+    /*
+        Function: OnSearchTypeChange
+        Called when the search type is changed.
+    */
+    this.OnSearchTypeChange = function()
+        {
+        var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+        if (searchValue != "")
+            {
+            this.Search();
+            };
+        };
+
+
+
+    // Group: Action Functions
+    // ________________________________________________________________________
+
+
+    /*
+        Function: CloseResultsWindow
+        Closes the results window.
+    */
+    this.CloseResultsWindow = function()
+        {
+        this.DOMPopupSearchResultsWindow().style.display = "none";
+        this.Activate(false, true);
+        };
+
+
+    /*
+        Function: Search
+        Performs a search.
+    */
+    this.Search = function()
+        {
+        this.keyTimeout = 0;
+
+        var searchValue = this.DOMSearchField().value.replace(/^ +/, "");
+        var searchTopic = this.DOMSearchType().value;
+
+        var pageExtension = searchValue.substr(0,1);
+
+        if (pageExtension.match(/^[a-z]/i))
+            {  pageExtension = pageExtension.toUpperCase();  }
+        else if (pageExtension.match(/^[0-9]/))
+            {  pageExtension = 'Numbers';  }
+        else
+            {  pageExtension = "Symbols";  };
+
+        var resultsPage;
+        var resultsPageWithSearch;
+        var hasResultsPage;
+
+        // indexSectionsWithContent is defined in searchdata.js
+        if (indexSectionsWithContent[searchTopic][pageExtension] == true)
+            {
+            resultsPage = this.resultsPath + '/' + searchTopic + pageExtension + '.html';
+            resultsPageWithSearch = resultsPage+'?'+escape(searchValue);
+            hasResultsPage = true;
+            }
+        else
+            {
+            resultsPage = this.resultsPath + '/NoResults.html';
+            resultsPageWithSearch = resultsPage;
+            hasResultsPage = false;
+            };
+
+        var resultsFrame;
+        if (this.mode == "HTML")
+            {  resultsFrame = window.frames.MSearchResults;  }
+        else if (this.mode == "FramedHTML")
+            {  resultsFrame = window.top.frames['Content'];  };
+
+
+        if (resultsPage != this.lastResultsPage ||
+
+            // Bug in IE.  If everything becomes hidden in a run, none of them will be able to be reshown in the next for some
+            // reason.  It counts the right number of results, and you can even read the display as "block" after setting it, but it
+            // just doesn't work in IE 6 or IE 7.  So if we're on the right page but the previous search had no results, reload the
+            // page anyway to get around the bug.
+            (browserType == "IE" && hasResultsPage &&
+            	(!resultsFrame.searchResults || resultsFrame.searchResults.lastMatchCount == 0)) )
+
+            {
+            resultsFrame.location.href = resultsPageWithSearch;
+            }
+
+        // So if the results page is right and there's no IE bug, reperform the search on the existing page.  We have to check if there
+        // are results because NoResults.html doesn't have any JavaScript, and it would be useless to do anything on that page even
+        // if it did.
+        else if (hasResultsPage)
+            {
+            // We need to check if this exists in case the frame is present but didn't finish loading.
+            if (resultsFrame.searchResults)
+                {  resultsFrame.searchResults.Search(searchValue);  }
+
+            // Otherwise just reload instead of waiting.
+            else
+                {  resultsFrame.location.href = resultsPageWithSearch;  };
+            };
+
+
+        var domPopupSearchResultsWindow = this.DOMPopupSearchResultsWindow();
+
+        if (this.mode == "HTML" && domPopupSearchResultsWindow.style.display != "block")
+            {
+            var domSearchType = this.DOMSearchType();
+
+            var left = GetXPosition(domSearchType);
+            var top = GetYPosition(domSearchType) + domSearchType.offsetHeight;
+
+            MoveToPosition(domPopupSearchResultsWindow, left, top);
+            domPopupSearchResultsWindow.style.display = 'block';
+            };
+
+
+        this.lastSearchValue = searchValue;
+        this.lastResultsPage = resultsPage;
+        };
+
+
+
+    // Group: Activation Functions
+    // Functions that handle whether the entire panel is active or not.
+    // ________________________________________________________________________
+
+
+    /*
+        Function: Activate
+
+        Activates or deactivates the search panel, resetting things to their default values if necessary.  You can call this on every
+        control's OnBlur() and it will handle not deactivating the entire panel when focus is just switching between them transparently.
+
+        Parameters:
+
+            isActive - Whether you're activating or deactivating the panel.
+            ignoreDeactivateDelay - Set if you're positive the action will deactivate the panel and thus want to skip the delay.
+    */
+    this.Activate = function(isActive, ignoreDeactivateDelay)
+        {
+        // We want to ignore isActive being false while the results window is open.
+        if (isActive || (this.mode == "HTML" && this.DOMPopupSearchResultsWindow().style.display == "block"))
+            {
+            if (this.inactivateTimeout)
+                {
+                clearTimeout(this.inactivateTimeout);
+                this.inactivateTimeout = 0;
+                };
+
+            this.DOMSearchPanel().className = 'MSearchPanelActive';
+
+            var searchField = this.DOMSearchField();
+
+            if (searchField.value == 'Search')
+                 {  searchField.value = "";  }
+            }
+        else if (!ignoreDeactivateDelay)
+            {
+            this.inactivateTimeout = setTimeout(this.name + ".InactivateAfterTimeout()", this.inactivateTimeoutLength);
+            }
+        else
+            {
+            this.InactivateAfterTimeout();
+            };
+        };
+
+
+    /*
+        Function: InactivateAfterTimeout
+
+        Called by <inactivateTimeout>, which is set by <Activate()>.  Inactivation occurs on a timeout because a control may
+        receive OnBlur() when focus is really transferring to another control in the search panel.  In this case we don't want to
+        actually deactivate the panel because not only would that cause a visible flicker but it could also reset the search value.
+        So by doing it on a timeout instead, there's a short period where the second control's OnFocus() can cancel the deactivation.
+    */
+    this.InactivateAfterTimeout = function()
+        {
+        this.inactivateTimeout = 0;
+
+        this.DOMSearchPanel().className = 'MSearchPanelInactive';
+        this.DOMSearchField().value = "Search";
+
+	    this.lastSearchValue = "";
+	    this.lastResultsPage = "";
+        };
+    };
+
+
+
+
+/* ________________________________________________________________________________________________________
+
+   Class: SearchResults
+   _________________________________________________________________________________________________________
+
+   The class that handles everything on the search results page.
+   _________________________________________________________________________________________________________
+*/
+
+
+function SearchResults(name, mode)
+    {
+    /*
+        var: mode
+        The mode the search is going to work in, such as "HTML" or "FramedHTML".
+    */
+    this.mode = mode;
+
+    /*
+        var: lastMatchCount
+        The number of matches from the last run of <Search()>.
+    */
+    this.lastMatchCount = 0;
+
+
+    /*
+        Function: Toggle
+        Toggles the visibility of the passed element ID.
+    */
+    this.Toggle = function(id)
+        {
+        if (this.mode == "FramedHTML")
+            {  return;  };
+
+        var parentElement = document.getElementById(id);
+
+        var element = parentElement.firstChild;
+
+        while (element && element != parentElement)
+            {
+            if (element.nodeName == 'DIV' && element.className == 'ISubIndex')
+                {
+                if (element.style.display == 'block')
+                    {  element.style.display = "none";  }
+                else
+                    {  element.style.display = 'block';  }
+                };
+
+            if (element.nodeName == 'DIV' && element.hasChildNodes())
+                {  element = element.firstChild;  }
+            else if (element.nextSibling)
+                {  element = element.nextSibling;  }
+            else
+                {
+                do
+                    {
+                    element = element.parentNode;
+                    }
+                while (element && element != parentElement && !element.nextSibling);
+
+                if (element && element != parentElement)
+                    {  element = element.nextSibling;  };
+                };
+            };
+        };
+
+
+    /*
+        Function: Search
+
+        Searches for the passed string.  If there is no parameter, it takes it from the URL query.
+
+        Always returns true, since other documents may try to call it and that may or may not be possible.
+    */
+    this.Search = function(search)
+        {
+        if (!search)
+            {
+            search = window.location.search;
+            search = search.substring(1);  // Remove the leading ?
+            search = unescape(search);
+            };
+
+        search = search.replace(/^ +/, "");
+        search = search.replace(/ +$/, "");
+        search = search.toLowerCase();
+
+        if (search.match(/[^a-z0-9]/)) // Just a little speedup so it doesn't have to go through the below unnecessarily.
+            {
+            search = search.replace(/\_/g, "_und");
+            search = search.replace(/\ +/gi, "_spc");
+            search = search.replace(/\~/g, "_til");
+            search = search.replace(/\!/g, "_exc");
+            search = search.replace(/\@/g, "_att");
+            search = search.replace(/\#/g, "_num");
+            search = search.replace(/\$/g, "_dol");
+            search = search.replace(/\%/g, "_pct");
+            search = search.replace(/\^/g, "_car");
+            search = search.replace(/\&/g, "_amp");
+            search = search.replace(/\*/g, "_ast");
+            search = search.replace(/\(/g, "_lpa");
+            search = search.replace(/\)/g, "_rpa");
+            search = search.replace(/\-/g, "_min");
+            search = search.replace(/\+/g, "_plu");
+            search = search.replace(/\=/g, "_equ");
+            search = search.replace(/\{/g, "_lbc");
+            search = search.replace(/\}/g, "_rbc");
+            search = search.replace(/\[/g, "_lbk");
+            search = search.replace(/\]/g, "_rbk");
+            search = search.replace(/\:/g, "_col");
+            search = search.replace(/\;/g, "_sco");
+            search = search.replace(/\"/g, "_quo");
+            search = search.replace(/\'/g, "_apo");
+            search = search.replace(/\</g, "_lan");
+            search = search.replace(/\>/g, "_ran");
+            search = search.replace(/\,/g, "_com");
+            search = search.replace(/\./g, "_per");
+            search = search.replace(/\?/g, "_que");
+            search = search.replace(/\//g, "_sla");
+            search = search.replace(/[^a-z0-9\_]i/gi, "_zzz");
+            };
+
+        var resultRows = document.getElementsByTagName("div");
+        var matches = 0;
+
+        var i = 0;
+        while (i < resultRows.length)
+            {
+            var row = resultRows.item(i);
+
+            if (row.className == "SRResult")
+                {
+                var rowMatchName = row.id.toLowerCase();
+                rowMatchName = rowMatchName.replace(/^sr\d*_/, '');
+
+                if (search.length <= rowMatchName.length && rowMatchName.substr(0, search.length) == search)
+                    {
+                    row.style.display = "block";
+                    matches++;
+                    }
+                else
+                    {  row.style.display = "none";  };
+                };
+
+            i++;
+            };
+
+        document.getElementById("Searching").style.display="none";
+
+        if (matches == 0)
+            {  document.getElementById("NoMatches").style.display="block";  }
+        else
+            {  document.getElementById("NoMatches").style.display="none";  }
+
+        this.lastMatchCount = matches;
+
+        return true;
+        };
+    };
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/prettify.js

@@ -0,0 +1,1526 @@
+
+// This code comes from the December 2009 release of Google Prettify, which is Copyright © 2006 Google Inc.
+// Minor modifications are marked with "ND Change" comments.
+// As part of Natural Docs, this code is licensed under version 3 of the GNU Affero General Public License (AGPL.)
+// However, it may also be obtained separately under version 2.0 of the Apache License.
+// Refer to License.txt for the complete details
+
+
+// Main code
+// ____________________________________________________________________________
+
+// Copyright (C) 2006 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+
+/**
+ * @fileoverview
+ * some functions for browser-side pretty printing of code contained in html.
+ * <p>
+ *
+ * For a fairly comprehensive set of languages see the
+ * <a href="http://google-code-prettify.googlecode.com/svn/trunk/README.html#langs">README</a>
+ * file that came with this source.  At a minimum, the lexer should work on a
+ * number of languages including C and friends, Java, Python, Bash, SQL, HTML,
+ * XML, CSS, Javascript, and Makefiles.  It works passably on Ruby, PHP and Awk
+ * and a subset of Perl, but, because of commenting conventions, doesn't work on
+ * Smalltalk, Lisp-like, or CAML-like languages without an explicit lang class.
+ * <p>
+ * Usage: <ol>
+ * <li> include this source file in an html page via
+ *   {@code <script type="text/javascript" src="/path/to/prettify.js"></script>}
+ * <li> define style rules.  See the example page for examples.
+ * <li> mark the {@code <pre>} and {@code <code>} tags in your source with
+ *    {@code class=prettyprint.}
+ *    You can also use the (html deprecated) {@code <xmp>} tag, but the pretty
+ *    printer needs to do more substantial DOM manipulations to support that, so
+ *    some css styles may not be preserved.
+ * </ol>
+ * That's it.  I wanted to keep the API as simple as possible, so there's no
+ * need to specify which language the code is in, but if you wish, you can add
+ * another class to the {@code <pre>} or {@code <code>} element to specify the
+ * language, as in {@code <pre class="prettyprint lang-java">}.  Any class that
+ * starts with "lang-" followed by a file extension, specifies the file type.
+ * See the "lang-*.js" files in this directory for code that implements
+ * per-language file handlers.
+ * <p>
+ * Change log:<br>
+ * cbeust, 2006/08/22
+ * <blockquote>
+ *   Java annotations (start with "@") are now captured as literals ("lit")
+ * </blockquote>
+ * @requires console
+ * @overrides window
+ */
+
+// JSLint declarations
+/*global console, document, navigator, setTimeout, window */
+
+/**
+ * Split {@code prettyPrint} into multiple timeouts so as not to interfere with
+ * UI events.
+ * If set to {@code false}, {@code prettyPrint()} is synchronous.
+ */
+window['PR_SHOULD_USE_CONTINUATION'] = true;
+
+/** the number of characters between tab columns */
+window['PR_TAB_WIDTH'] = 8;
+
+/** Walks the DOM returning a properly escaped version of innerHTML.
+  * @param {Node} node
+  * @param {Array.<string>} out output buffer that receives chunks of HTML.
+  */
+window['PR_normalizedHtml']
+
+/** Contains functions for creating and registering new language handlers.
+  * @type {Object}
+  */
+  = window['PR']
+
+/** Pretty print a chunk of code.
+  *
+  * @param {string} sourceCodeHtml code as html
+  * @return {string} code as html, but prettier
+  */
+  = window['prettyPrintOne']
+/** Find all the {@code <pre>} and {@code <code>} tags in the DOM with
+  * {@code class=prettyprint} and prettify them.
+  * @param {Function?} opt_whenDone if specified, called when the last entry
+  *     has been finished.
+  */
+  = window['prettyPrint'] = void 0;
+
+/** browser detection. @extern @returns false if not IE, otherwise the major version. */
+window['_pr_isIE6'] = function () {
+  var ieVersion = navigator && navigator.userAgent &&
+      navigator.userAgent.match(/\bMSIE ([678])\./);
+  ieVersion = ieVersion ? +ieVersion[1] : false;
+  window['_pr_isIE6'] = function () { return ieVersion; };
+  return ieVersion;
+};
+
+
+(function () {
+  // Keyword lists for various languages.
+  var FLOW_CONTROL_KEYWORDS =
+      "break continue do else for if return while ";
+  var C_KEYWORDS = FLOW_CONTROL_KEYWORDS + "auto case char const default " +
+      "double enum extern float goto int long register short signed sizeof " +
+      "static struct switch typedef union unsigned void volatile ";
+  var COMMON_KEYWORDS = C_KEYWORDS + "catch class delete false import " +
+      "new operator private protected public this throw true try typeof ";
+  var CPP_KEYWORDS = COMMON_KEYWORDS + "alignof align_union asm axiom bool " +
+      "concept concept_map const_cast constexpr decltype " +
+      "dynamic_cast explicit export friend inline late_check " +
+      "mutable namespace nullptr reinterpret_cast static_assert static_cast " +
+      "template typeid typename using virtual wchar_t where ";
+  var JAVA_KEYWORDS = COMMON_KEYWORDS +
+      "abstract boolean byte extends final finally implements import " +
+      "instanceof null native package strictfp super synchronized throws " +
+      "transient ";
+  var CSHARP_KEYWORDS = JAVA_KEYWORDS +
+      "as base by checked decimal delegate descending event " +
+      "fixed foreach from group implicit in interface internal into is lock " +
+      "object out override orderby params partial readonly ref sbyte sealed " +
+      "stackalloc string select uint ulong unchecked unsafe ushort var ";
+  var JSCRIPT_KEYWORDS = COMMON_KEYWORDS +
+      "debugger eval export function get null set undefined var with " +
+      "Infinity NaN ";
+  var PERL_KEYWORDS = "caller delete die do dump elsif eval exit foreach for " +
+      "goto if import last local my next no our print package redo require " +
+      "sub undef unless until use wantarray while BEGIN END ";
+  var PYTHON_KEYWORDS = FLOW_CONTROL_KEYWORDS + "and as assert class def del " +
+      "elif except exec finally from global import in is lambda " +
+      "nonlocal not or pass print raise try with yield " +
+      "False True None ";
+  var RUBY_KEYWORDS = FLOW_CONTROL_KEYWORDS + "alias and begin case class def" +
+      " defined elsif end ensure false in module next nil not or redo rescue " +
+      "retry self super then true undef unless until when yield BEGIN END ";
+  var SH_KEYWORDS = FLOW_CONTROL_KEYWORDS + "case done elif esac eval fi " +
+      "function in local set then until ";
+  var ALL_KEYWORDS = (
+      CPP_KEYWORDS + CSHARP_KEYWORDS + JSCRIPT_KEYWORDS + PERL_KEYWORDS +
+      PYTHON_KEYWORDS + RUBY_KEYWORDS + SH_KEYWORDS);
+
+  // token style names.  correspond to css classes
+  /** token style for a string literal */
+  var PR_STRING = 'str';
+  /** token style for a keyword */
+  var PR_KEYWORD = 'kwd';
+  /** token style for a comment */
+  var PR_COMMENT = 'com';
+  /** token style for a type */
+  var PR_TYPE = 'typ';
+  /** token style for a literal value.  e.g. 1, null, true. */
+  var PR_LITERAL = 'lit';
+  /** token style for a punctuation string. */
+  var PR_PUNCTUATION = 'pun';
+  /** token style for a punctuation string. */
+  var PR_PLAIN = 'pln';
+
+  /** token style for an sgml tag. */
+  var PR_TAG = 'tag';
+  /** token style for a markup declaration such as a DOCTYPE. */
+  var PR_DECLARATION = 'dec';
+  /** token style for embedded source. */
+  var PR_SOURCE = 'src';
+  /** token style for an sgml attribute name. */
+  var PR_ATTRIB_NAME = 'atn';
+  /** token style for an sgml attribute value. */
+  var PR_ATTRIB_VALUE = 'atv';
+
+  /**
+   * A class that indicates a section of markup that is not code, e.g. to allow
+   * embedding of line numbers within code listings.
+   */
+  var PR_NOCODE = 'nocode';
+
+  /** A set of tokens that can precede a regular expression literal in
+    * javascript.
+    * http://www.mozilla.org/js/language/js20/rationale/syntax.html has the full
+    * list, but I've removed ones that might be problematic when seen in
+    * languages that don't support regular expression literals.
+    *
+    * <p>Specifically, I've removed any keywords that can't precede a regexp
+    * literal in a syntactically legal javascript program, and I've removed the
+    * "in" keyword since it's not a keyword in many languages, and might be used
+    * as a count of inches.
+    *
+    * <p>The link a above does not accurately describe EcmaScript rules since
+    * it fails to distinguish between (a=++/b/i) and (a++/b/i) but it works
+    * very well in practice.
+    *
+    * @private
+    */
+  var REGEXP_PRECEDER_PATTERN = function () {
+      var preceders = [
+          "!", "!=", "!==", "#", "%", "%=", "&", "&&", "&&=",
+          "&=", "(", "*", "*=", /* "+", */ "+=", ",", /* "-", */ "-=",
+          "->", /*".", "..", "...", handled below */ "/", "/=", ":", "::", ";",
+          "<", "<<", "<<=", "<=", "=", "==", "===", ">",
+          ">=", ">>", ">>=", ">>>", ">>>=", "?", "@", "[",
+          "^", "^=", "^^", "^^=", "{", "|", "|=", "||",
+          "||=", "~" /* handles =~ and !~ */,
+          "break", "case", "continue", "delete",
+          "do", "else", "finally", "instanceof",
+          "return", "throw", "try", "typeof"
+          ];
+      var pattern = '(?:^^|[+-]';
+      for (var i = 0; i < preceders.length; ++i) {
+        pattern += '|' + preceders[i].replace(/([^=<>:&a-z])/g, '\\$1');
+      }
+      pattern += ')\\s*';  // matches at end, and matches empty string
+      return pattern;
+      // CAVEAT: this does not properly handle the case where a regular
+      // expression immediately follows another since a regular expression may
+      // have flags for case-sensitivity and the like.  Having regexp tokens
+      // adjacent is not valid in any language I'm aware of, so I'm punting.
+      // TODO: maybe style special characters inside a regexp as punctuation.
+    }();
+
+  // Define regexps here so that the interpreter doesn't have to create an
+  // object each time the function containing them is called.
+  // The language spec requires a new object created even if you don't access
+  // the $1 members.
+  var pr_amp = /&/g;
+  var pr_lt = /</g;
+  var pr_gt = />/g;
+  var pr_quot = /\"/g;
+  /** like textToHtml but escapes double quotes to be attribute safe. */
+  function attribToHtml(str) {
+    return str.replace(pr_amp, '&amp;')
+        .replace(pr_lt, '&lt;')
+        .replace(pr_gt, '&gt;')
+        .replace(pr_quot, '&quot;');
+  }
+
+  /** escapest html special characters to html. */
+  function textToHtml(str) {
+    return str.replace(pr_amp, '&amp;')
+        .replace(pr_lt, '&lt;')
+        .replace(pr_gt, '&gt;');
+  }
+
+
+  var pr_ltEnt = /&lt;/g;
+  var pr_gtEnt = /&gt;/g;
+  var pr_aposEnt = /&apos;/g;
+  var pr_quotEnt = /&quot;/g;
+  var pr_ampEnt = /&amp;/g;
+  var pr_nbspEnt = /&nbsp;/g;
+  /** unescapes html to plain text. */
+  function htmlToText(html) {
+    var pos = html.indexOf('&');
+    if (pos < 0) { return html; }
+    // Handle numeric entities specially.  We can't use functional substitution
+    // since that doesn't work in older versions of Safari.
+    // These should be rare since most browsers convert them to normal chars.
+    for (--pos; (pos = html.indexOf('&#', pos + 1)) >= 0;) {
+      var end = html.indexOf(';', pos);
+      if (end >= 0) {
+        var num = html.substring(pos + 3, end);
+        var radix = 10;
+        if (num && num.charAt(0) === 'x') {
+          num = num.substring(1);
+          radix = 16;
+        }
+        var codePoint = parseInt(num, radix);
+        if (!isNaN(codePoint)) {
+          html = (html.substring(0, pos) + String.fromCharCode(codePoint) +
+                  html.substring(end + 1));
+        }
+      }
+    }
+
+    return html.replace(pr_ltEnt, '<')
+        .replace(pr_gtEnt, '>')
+        .replace(pr_aposEnt, "'")
+        .replace(pr_quotEnt, '"')
+        .replace(pr_nbspEnt, ' ')
+        .replace(pr_ampEnt, '&');
+  }
+
+  /** is the given node's innerHTML normally unescaped? */
+  function isRawContent(node) {
+    return 'XMP' === node.tagName;
+  }
+
+  var newlineRe = /[\r\n]/g;
+  /**
+   * Are newlines and adjacent spaces significant in the given node's innerHTML?
+   */
+  function isPreformatted(node, content) {
+    // PRE means preformatted, and is a very common case, so don't create
+    // unnecessary computed style objects.
+    if ('PRE' === node.tagName) { return true; }
+    if (!newlineRe.test(content)) { return true; }  // Don't care
+    var whitespace = '';
+    // For disconnected nodes, IE has no currentStyle.
+    if (node.currentStyle) {
+      whitespace = node.currentStyle.whiteSpace;
+    } else if (window.getComputedStyle) {
+      // Firefox makes a best guess if node is disconnected whereas Safari
+      // returns the empty string.
+      whitespace = window.getComputedStyle(node, null).whiteSpace;
+    }
+    return !whitespace || whitespace === 'pre';
+  }
+
+  function normalizedHtml(node, out) {
+    switch (node.nodeType) {
+      case 1:  // an element
+        var name = node.tagName.toLowerCase();
+        out.push('<', name);
+        for (var i = 0; i < node.attributes.length; ++i) {
+          var attr = node.attributes[i];
+          if (!attr.specified) { continue; }
+          out.push(' ');
+          normalizedHtml(attr, out);
+        }
+        out.push('>');
+        for (var child = node.firstChild; child; child = child.nextSibling) {
+          normalizedHtml(child, out);
+        }
+        if (node.firstChild || !/^(?:br|link|img)$/.test(name)) {
+          out.push('<\/', name, '>');
+        }
+        break;
+      case 2: // an attribute
+        out.push(node.name.toLowerCase(), '="', attribToHtml(node.value), '"');
+        break;
+      case 3: case 4: // text
+        out.push(textToHtml(node.nodeValue));
+        break;
+    }
+  }
+
+  /**
+   * Given a group of {@link RegExp}s, returns a {@code RegExp} that globally
+   * matches the union o the sets o strings matched d by the input RegExp.
+   * Since it matches globally, if the input strings have a start-of-input
+   * anchor (/^.../), it is ignored for the purposes of unioning.
+   * @param {Array.<RegExp>} regexs non multiline, non-global regexs.
+   * @return {RegExp} a global regex.
+   */
+  function combinePrefixPatterns(regexs) {
+    var capturedGroupIndex = 0;
+
+    var needToFoldCase = false;
+    var ignoreCase = false;
+    for (var i = 0, n = regexs.length; i < n; ++i) {
+      var regex = regexs[i];
+      if (regex.ignoreCase) {
+        ignoreCase = true;
+      } else if (/[a-z]/i.test(regex.source.replace(
+                     /\\u[0-9a-f]{4}|\\x[0-9a-f]{2}|\\[^ux]/gi, ''))) {
+        needToFoldCase = true;
+        ignoreCase = false;
+        break;
+      }
+    }
+
+    function decodeEscape(charsetPart) {
+      if (charsetPart.charAt(0) !== '\\') { return charsetPart.charCodeAt(0); }
+      switch (charsetPart.charAt(1)) {
+        case 'b': return 8;
+        case 't': return 9;
+        case 'n': return 0xa;
+        case 'v': return 0xb;
+        case 'f': return 0xc;
+        case 'r': return 0xd;
+        case 'u': case 'x':
+          return parseInt(charsetPart.substring(2), 16)
+              || charsetPart.charCodeAt(1);
+        case '0': case '1': case '2': case '3': case '4':
+        case '5': case '6': case '7':
+          return parseInt(charsetPart.substring(1), 8);
+        default: return charsetPart.charCodeAt(1);
+      }
+    }
+
+    function encodeEscape(charCode) {
+      if (charCode < 0x20) {
+        return (charCode < 0x10 ? '\\x0' : '\\x') + charCode.toString(16);
+      }
+      var ch = String.fromCharCode(charCode);
+      if (ch === '\\' || ch === '-' || ch === '[' || ch === ']') {
+        ch = '\\' + ch;
+      }
+      return ch;
+    }
+
+    function caseFoldCharset(charSet) {
+      var charsetParts = charSet.substring(1, charSet.length - 1).match(
+          new RegExp(
+              '\\\\u[0-9A-Fa-f]{4}'
+              + '|\\\\x[0-9A-Fa-f]{2}'
+              + '|\\\\[0-3][0-7]{0,2}'
+              + '|\\\\[0-7]{1,2}'
+              + '|\\\\[\\s\\S]'
+              + '|-'
+              + '|[^-\\\\]',
+              'g'));
+      var groups = [];
+      var ranges = [];
+      var inverse = charsetParts[0] === '^';
+      for (var i = inverse ? 1 : 0, n = charsetParts.length; i < n; ++i) {
+        var p = charsetParts[i];
+        switch (p) {
+          case '\\B': case '\\b':
+          case '\\D': case '\\d':
+          case '\\S': case '\\s':
+          case '\\W': case '\\w':
+            groups.push(p);
+            continue;
+        }
+        var start = decodeEscape(p);
+        var end;
+        if (i + 2 < n && '-' === charsetParts[i + 1]) {
+          end = decodeEscape(charsetParts[i + 2]);
+          i += 2;
+        } else {
+          end = start;
+        }
+        ranges.push([start, end]);
+        // If the range might intersect letters, then expand it.
+        if (!(end < 65 || start > 122)) {
+          if (!(end < 65 || start > 90)) {
+            ranges.push([Math.max(65, start) | 32, Math.min(end, 90) | 32]);
+          }
+          if (!(end < 97 || start > 122)) {
+            ranges.push([Math.max(97, start) & ~32, Math.min(end, 122) & ~32]);
+          }
+        }
+      }
+
+      // [[1, 10], [3, 4], [8, 12], [14, 14], [16, 16], [17, 17]]
+      // -> [[1, 12], [14, 14], [16, 17]]
+      ranges.sort(function (a, b) { return (a[0] - b[0]) || (b[1]  - a[1]); });
+      var consolidatedRanges = [];
+      var lastRange = [NaN, NaN];
+      for (var i = 0; i < ranges.length; ++i) {
+        var range = ranges[i];
+        if (range[0] <= lastRange[1] + 1) {
+          lastRange[1] = Math.max(lastRange[1], range[1]);
+        } else {
+          consolidatedRanges.push(lastRange = range);
+        }
+      }
+
+      var out = ['['];
+      if (inverse) { out.push('^'); }
+      out.push.apply(out, groups);
+      for (var i = 0; i < consolidatedRanges.length; ++i) {
+        var range = consolidatedRanges[i];
+        out.push(encodeEscape(range[0]));
+        if (range[1] > range[0]) {
+          if (range[1] + 1 > range[0]) { out.push('-'); }
+          out.push(encodeEscape(range[1]));
+        }
+      }
+      out.push(']');
+      return out.join('');
+    }
+
+    function allowAnywhereFoldCaseAndRenumberGroups(regex) {
+      // Split into character sets, escape sequences, punctuation strings
+      // like ('(', '(?:', ')', '^'), and runs of characters that do not
+      // include any of the above.
+      var parts = regex.source.match(
+          new RegExp(
+              '(?:'
+              + '\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]'  // a character set
+              + '|\\\\u[A-Fa-f0-9]{4}'  // a unicode escape
+              + '|\\\\x[A-Fa-f0-9]{2}'  // a hex escape
+              + '|\\\\[0-9]+'  // a back-reference or octal escape
+              + '|\\\\[^ux0-9]'  // other escape sequence
+              + '|\\(\\?[:!=]'  // start of a non-capturing group
+              + '|[\\(\\)\\^]'  // start/emd of a group, or line start
+              + '|[^\\x5B\\x5C\\(\\)\\^]+'  // run of other characters
+              + ')',
+              'g'));
+      var n = parts.length;
+
+      // Maps captured group numbers to the number they will occupy in
+      // the output or to -1 if that has not been determined, or to
+      // undefined if they need not be capturing in the output.
+      var capturedGroups = [];
+
+      // Walk over and identify back references to build the capturedGroups
+      // mapping.
+      for (var i = 0, groupIndex = 0; i < n; ++i) {
+        var p = parts[i];
+        if (p === '(') {
+          // groups are 1-indexed, so max group index is count of '('
+          ++groupIndex;
+        } else if ('\\' === p.charAt(0)) {
+          var decimalValue = +p.substring(1);
+          if (decimalValue && decimalValue <= groupIndex) {
+            capturedGroups[decimalValue] = -1;
+          }
+        }
+      }
+
+      // Renumber groups and reduce capturing groups to non-capturing groups
+      // where possible.
+      for (var i = 1; i < capturedGroups.length; ++i) {
+        if (-1 === capturedGroups[i]) {
+          capturedGroups[i] = ++capturedGroupIndex;
+        }
+      }
+      for (var i = 0, groupIndex = 0; i < n; ++i) {
+        var p = parts[i];
+        if (p === '(') {
+          ++groupIndex;
+          if (capturedGroups[groupIndex] === undefined) {
+            parts[i] = '(?:';
+          }
+        } else if ('\\' === p.charAt(0)) {
+          var decimalValue = +p.substring(1);
+          if (decimalValue && decimalValue <= groupIndex) {
+            parts[i] = '\\' + capturedGroups[groupIndex];
+          }
+        }
+      }
+
+      // Remove any prefix anchors so that the output will match anywhere.
+      // ^^ really does mean an anchored match though.
+      for (var i = 0, groupIndex = 0; i < n; ++i) {
+        if ('^' === parts[i] && '^' !== parts[i + 1]) { parts[i] = ''; }
+      }
+
+      // Expand letters to groupts to handle mixing of case-sensitive and
+      // case-insensitive patterns if necessary.
+      if (regex.ignoreCase && needToFoldCase) {
+        for (var i = 0; i < n; ++i) {
+          var p = parts[i];
+          var ch0 = p.charAt(0);
+          if (p.length >= 2 && ch0 === '[') {
+            parts[i] = caseFoldCharset(p);
+          } else if (ch0 !== '\\') {
+            // TODO: handle letters in numeric escapes.
+            parts[i] = p.replace(
+                /[a-zA-Z]/g,
+                function (ch) {
+                  var cc = ch.charCodeAt(0);
+                  return '[' + String.fromCharCode(cc & ~32, cc | 32) + ']';
+                });
+          }
+        }
+      }
+
+      return parts.join('');
+    }
+
+    var rewritten = [];
+    for (var i = 0, n = regexs.length; i < n; ++i) {
+      var regex = regexs[i];
+      if (regex.global || regex.multiline) { throw new Error('' + regex); }
+      rewritten.push(
+          '(?:' + allowAnywhereFoldCaseAndRenumberGroups(regex) + ')');
+    }
+
+    return new RegExp(rewritten.join('|'), ignoreCase ? 'gi' : 'g');
+  }
+
+  var PR_innerHtmlWorks = null;
+  function getInnerHtml(node) {
+    // inner html is hopelessly broken in Safari 2.0.4 when the content is
+    // an html description of well formed XML and the containing tag is a PRE
+    // tag, so we detect that case and emulate innerHTML.
+    if (null === PR_innerHtmlWorks) {
+      var testNode = document.createElement('PRE');
+      testNode.appendChild(
+          document.createTextNode('<!DOCTYPE foo PUBLIC "foo bar">\n<foo />'));
+      PR_innerHtmlWorks = !/</.test(testNode.innerHTML);
+    }
+
+    if (PR_innerHtmlWorks) {
+      var content = node.innerHTML;
+      // XMP tags contain unescaped entities so require special handling.
+      if (isRawContent(node)) {
+        content = textToHtml(content);
+      } else if (!isPreformatted(node, content)) {
+        content = content.replace(/(<br\s*\/?>)[\r\n]+/g, '$1')
+            .replace(/(?:[\r\n]+[ \t]*)+/g, ' ');
+      }
+      return content;
+    }
+
+    var out = [];
+    for (var child = node.firstChild; child; child = child.nextSibling) {
+      normalizedHtml(child, out);
+    }
+    return out.join('');
+  }
+
+  /** returns a function that expand tabs to spaces.  This function can be fed
+    * successive chunks of text, and will maintain its own internal state to
+    * keep track of how tabs are expanded.
+    * @return {function (string) : string} a function that takes
+    *   plain text and return the text with tabs expanded.
+    * @private
+    */
+  function makeTabExpander(tabWidth) {
+    var SPACES = '                ';
+    var charInLine = 0;
+
+    return function (plainText) {
+      // walk over each character looking for tabs and newlines.
+      // On tabs, expand them.  On newlines, reset charInLine.
+      // Otherwise increment charInLine
+      var out = null;
+      var pos = 0;
+      for (var i = 0, n = plainText.length; i < n; ++i) {
+        var ch = plainText.charAt(i);
+
+        switch (ch) {
+          case '\t':
+            if (!out) { out = []; }
+            out.push(plainText.substring(pos, i));
+            // calculate how much space we need in front of this part
+            // nSpaces is the amount of padding -- the number of spaces needed
+            // to move us to the next column, where columns occur at factors of
+            // tabWidth.
+            var nSpaces = tabWidth - (charInLine % tabWidth);
+            charInLine += nSpaces;
+            for (; nSpaces >= 0; nSpaces -= SPACES.length) {
+              out.push(SPACES.substring(0, nSpaces));
+            }
+            pos = i + 1;
+            break;
+          case '\n':
+            charInLine = 0;
+            break;
+          default:
+            ++charInLine;
+        }
+      }
+      if (!out) { return plainText; }
+      out.push(plainText.substring(pos));
+      return out.join('');
+    };
+  }
+
+  var pr_chunkPattern = new RegExp(
+      '[^<]+'  // A run of characters other than '<'
+      + '|<\!--[\\s\\S]*?--\>'  // an HTML comment
+      + '|<!\\[CDATA\\[[\\s\\S]*?\\]\\]>'  // a CDATA section
+      // a probable tag that should not be highlighted
+      + '|<\/?[a-zA-Z](?:[^>\"\']|\'[^\']*\'|\"[^\"]*\")*>'
+      + '|<',  // A '<' that does not begin a larger chunk
+      'g');
+  var pr_commentPrefix = /^<\!--/;
+  var pr_cdataPrefix = /^<!\[CDATA\[/;
+  var pr_brPrefix = /^<br\b/i;
+  var pr_tagNameRe = /^<(\/?)([a-zA-Z][a-zA-Z0-9]*)/;
+
+  /** split markup into chunks of html tags (style null) and
+    * plain text (style {@link #PR_PLAIN}), converting tags which are
+    * significant for tokenization (<br>) into their textual equivalent.
+    *
+    * @param {string} s html where whitespace is considered significant.
+    * @return {Object} source code and extracted tags.
+    * @private
+    */
+  function extractTags(s) {
+    // since the pattern has the 'g' modifier and defines no capturing groups,
+    // this will return a list of all chunks which we then classify and wrap as
+    // PR_Tokens
+    var matches = s.match(pr_chunkPattern);
+    var sourceBuf = [];
+    var sourceBufLen = 0;
+    var extractedTags = [];
+    if (matches) {
+      for (var i = 0, n = matches.length; i < n; ++i) {
+        var match = matches[i];
+        if (match.length > 1 && match.charAt(0) === '<') {
+          if (pr_commentPrefix.test(match)) { continue; }
+          if (pr_cdataPrefix.test(match)) {
+            // strip CDATA prefix and suffix.  Don't unescape since it's CDATA
+            sourceBuf.push(match.substring(9, match.length - 3));
+            sourceBufLen += match.length - 12;
+          } else if (pr_brPrefix.test(match)) {
+            // <br> tags are lexically significant so convert them to text.
+            // This is undone later.
+            sourceBuf.push('\n');
+            ++sourceBufLen;
+          } else {
+            if (match.indexOf(PR_NOCODE) >= 0 && isNoCodeTag(match)) {
+              // A <span class="nocode"> will start a section that should be
+              // ignored.  Continue walking the list until we see a matching end
+              // tag.
+              var name = match.match(pr_tagNameRe)[2];
+              var depth = 1;
+              var j;
+              end_tag_loop:
+              for (j = i + 1; j < n; ++j) {
+                var name2 = matches[j].match(pr_tagNameRe);
+                if (name2 && name2[2] === name) {
+                  if (name2[1] === '/') {
+                    if (--depth === 0) { break end_tag_loop; }
+                  } else {
+                    ++depth;
+                  }
+                }
+              }
+              if (j < n) {
+                extractedTags.push(
+                    sourceBufLen, matches.slice(i, j + 1).join(''));
+                i = j;
+              } else {  // Ignore unclosed sections.
+                extractedTags.push(sourceBufLen, match);
+              }
+            } else {
+              extractedTags.push(sourceBufLen, match);
+            }
+          }
+        } else {
+          var literalText = htmlToText(match);
+          sourceBuf.push(literalText);
+          sourceBufLen += literalText.length;
+        }
+      }
+    }
+    return { source: sourceBuf.join(''), tags: extractedTags };
+  }
+
+  /** True if the given tag contains a class attribute with the nocode class. */
+  function isNoCodeTag(tag) {
+    return !!tag
+        // First canonicalize the representation of attributes
+        .replace(/\s(\w+)\s*=\s*(?:\"([^\"]*)\"|'([^\']*)'|(\S+))/g,
+                 ' $1="$2$3$4"')
+        // Then look for the attribute we want.
+        .match(/[cC][lL][aA][sS][sS]=\"[^\"]*\bnocode\b/);
+  }
+
+  /**
+   * Apply the given language handler to sourceCode and add the resulting
+   * decorations to out.
+   * @param {number} basePos the index of sourceCode within the chunk of source
+   *    whose decorations are already present on out.
+   */
+  function appendDecorations(basePos, sourceCode, langHandler, out) {
+    if (!sourceCode) { return; }
+    var job = {
+      source: sourceCode,
+      basePos: basePos
+    };
+    langHandler(job);
+    out.push.apply(out, job.decorations);
+  }
+
+  /** Given triples of [style, pattern, context] returns a lexing function,
+    * The lexing function interprets the patterns to find token boundaries and
+    * returns a decoration list of the form
+    * [index_0, style_0, index_1, style_1, ..., index_n, style_n]
+    * where index_n is an index into the sourceCode, and style_n is a style
+    * constant like PR_PLAIN.  index_n-1 <= index_n, and style_n-1 applies to
+    * all characters in sourceCode[index_n-1:index_n].
+    *
+    * The stylePatterns is a list whose elements have the form
+    * [style : string, pattern : RegExp, DEPRECATED, shortcut : string].
+    *
+    * Style is a style constant like PR_PLAIN, or can be a string of the
+    * form 'lang-FOO', where FOO is a language extension describing the
+    * language of the portion of the token in $1 after pattern executes.
+    * E.g., if style is 'lang-lisp', and group 1 contains the text
+    * '(hello (world))', then that portion of the token will be passed to the
+    * registered lisp handler for formatting.
+    * The text before and after group 1 will be restyled using this decorator
+    * so decorators should take care that this doesn't result in infinite
+    * recursion.  For example, the HTML lexer rule for SCRIPT elements looks
+    * something like ['lang-js', /<[s]cript>(.+?)<\/script>/].  This may match
+    * '<script>foo()<\/script>', which would cause the current decorator to
+    * be called with '<script>' which would not match the same rule since
+    * group 1 must not be empty, so it would be instead styled as PR_TAG by
+    * the generic tag rule.  The handler registered for the 'js' extension would
+    * then be called with 'foo()', and finally, the current decorator would
+    * be called with '<\/script>' which would not match the original rule and
+    * so the generic tag rule would identify it as a tag.
+    *
+    * Pattern must only match prefixes, and if it matches a prefix, then that
+    * match is considered a token with the same style.
+    *
+    * Context is applied to the last non-whitespace, non-comment token
+    * recognized.
+    *
+    * Shortcut is an optional string of characters, any of which, if the first
+    * character, gurantee that this pattern and only this pattern matches.
+    *
+    * @param {Array} shortcutStylePatterns patterns that always start with
+    *   a known character.  Must have a shortcut string.
+    * @param {Array} fallthroughStylePatterns patterns that will be tried in
+    *   order if the shortcut ones fail.  May have shortcuts.
+    *
+    * @return {function (Object)} a
+    *   function that takes source code and returns a list of decorations.
+    */
+  function createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns) {
+    var shortcuts = {};
+    var tokenizer;
+    (function () {
+      var allPatterns = shortcutStylePatterns.concat(fallthroughStylePatterns);
+      var allRegexs = [];
+      var regexKeys = {};
+      for (var i = 0, n = allPatterns.length; i < n; ++i) {
+        var patternParts = allPatterns[i];
+        var shortcutChars = patternParts[3];
+        if (shortcutChars) {
+          for (var c = shortcutChars.length; --c >= 0;) {
+            shortcuts[shortcutChars.charAt(c)] = patternParts;
+          }
+        }
+        var regex = patternParts[1];
+        var k = '' + regex;
+        if (!regexKeys.hasOwnProperty(k)) {
+          allRegexs.push(regex);
+          regexKeys[k] = null;
+        }
+      }
+      allRegexs.push(/[\0-\uffff]/);
+      tokenizer = combinePrefixPatterns(allRegexs);
+    })();
+
+    var nPatterns = fallthroughStylePatterns.length;
+    var notWs = /\S/;
+
+    /**
+     * Lexes job.source and produces an output array job.decorations of style
+     * classes preceded by the position at which they start in job.source in
+     * order.
+     *
+     * @param {Object} job an object like {@code
+     *    source: {string} sourceText plain text,
+     *    basePos: {int} position of job.source in the larger chunk of
+     *        sourceCode.
+     * }
+     */
+    var decorate = function (job) {
+      var sourceCode = job.source, basePos = job.basePos;
+      /** Even entries are positions in source in ascending order.  Odd enties
+        * are style markers (e.g., PR_COMMENT) that run from that position until
+        * the end.
+        * @type {Array.<number|string>}
+        */
+      var decorations = [basePos, PR_PLAIN];
+      var pos = 0;  // index into sourceCode
+      var tokens = sourceCode.match(tokenizer) || [];
+      var styleCache = {};
+
+      for (var ti = 0, nTokens = tokens.length; ti < nTokens; ++ti) {
+        var token = tokens[ti];
+        var style = styleCache[token];
+        var match = void 0;
+
+        var isEmbedded;
+        if (typeof style === 'string') {
+          isEmbedded = false;
+        } else {
+          var patternParts = shortcuts[token.charAt(0)];
+          if (patternParts) {
+            match = token.match(patternParts[1]);
+            style = patternParts[0];
+          } else {
+            for (var i = 0; i < nPatterns; ++i) {
+              patternParts = fallthroughStylePatterns[i];
+              match = token.match(patternParts[1]);
+              if (match) {
+                style = patternParts[0];
+                break;
+              }
+            }
+
+            if (!match) {  // make sure that we make progress
+              style = PR_PLAIN;
+            }
+          }
+
+          isEmbedded = style.length >= 5 && 'lang-' === style.substring(0, 5);
+          if (isEmbedded && !(match && typeof match[1] === 'string')) {
+            isEmbedded = false;
+            style = PR_SOURCE;
+          }
+
+          if (!isEmbedded) { styleCache[token] = style; }
+        }
+
+        var tokenStart = pos;
+        pos += token.length;
+
+        if (!isEmbedded) {
+          decorations.push(basePos + tokenStart, style);
+        } else {  // Treat group 1 as an embedded block of source code.
+          var embeddedSource = match[1];
+          var embeddedSourceStart = token.indexOf(embeddedSource);
+          var embeddedSourceEnd = embeddedSourceStart + embeddedSource.length;
+          if (match[2]) {
+            // If embeddedSource can be blank, then it would match at the
+            // beginning which would cause us to infinitely recurse on the
+            // entire token, so we catch the right context in match[2].
+            embeddedSourceEnd = token.length - match[2].length;
+            embeddedSourceStart = embeddedSourceEnd - embeddedSource.length;
+          }
+          var lang = style.substring(5);
+          // Decorate the left of the embedded source
+          appendDecorations(
+              basePos + tokenStart,
+              token.substring(0, embeddedSourceStart),
+              decorate, decorations);
+          // Decorate the embedded source
+          appendDecorations(
+              basePos + tokenStart + embeddedSourceStart,
+              embeddedSource,
+              langHandlerForExtension(lang, embeddedSource),
+              decorations);
+          // Decorate the right of the embedded section
+          appendDecorations(
+              basePos + tokenStart + embeddedSourceEnd,
+              token.substring(embeddedSourceEnd),
+              decorate, decorations);
+        }
+      }
+      job.decorations = decorations;
+    };
+    return decorate;
+  }
+
+  /** returns a function that produces a list of decorations from source text.
+    *
+    * This code treats ", ', and ` as string delimiters, and \ as a string
+    * escape.  It does not recognize perl's qq() style strings.
+    * It has no special handling for double delimiter escapes as in basic, or
+    * the tripled delimiters used in python, but should work on those regardless
+    * although in those cases a single string literal may be broken up into
+    * multiple adjacent string literals.
+    *
+    * It recognizes C, C++, and shell style comments.
+    *
+    * @param {Object} options a set of optional parameters.
+    * @return {function (Object)} a function that examines the source code
+    *     in the input job and builds the decoration list.
+    */
+  function sourceDecorator(options) {
+    var shortcutStylePatterns = [], fallthroughStylePatterns = [];
+    if (options['tripleQuotedStrings']) {
+      // '''multi-line-string''', 'single-line-string', and double-quoted
+      shortcutStylePatterns.push(
+          [PR_STRING,  /^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,
+           null, '\'"']);
+    } else if (options['multiLineStrings']) {
+      // 'multi-line-string', "multi-line-string"
+      shortcutStylePatterns.push(
+          [PR_STRING,  /^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,
+           null, '\'"`']);
+    } else {
+      // 'single-line-string', "single-line-string"
+      shortcutStylePatterns.push(
+          [PR_STRING,
+           /^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,
+           null, '"\'']);
+    }
+    if (options['verbatimStrings']) {
+      // verbatim-string-literal production from the C# grammar.  See issue 93.
+      fallthroughStylePatterns.push(
+          [PR_STRING, /^@\"(?:[^\"]|\"\")*(?:\"|$)/, null]);
+    }
+    if (options['hashComments']) {
+      if (options['cStyleComments']) {
+        // Stop C preprocessor declarations at an unclosed open comment
+        shortcutStylePatterns.push(
+            [PR_COMMENT, /^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,
+             null, '#']);
+        fallthroughStylePatterns.push(
+            [PR_STRING,
+             /^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,
+             null]);
+      } else {
+        shortcutStylePatterns.push([PR_COMMENT, /^#[^\r\n]*/, null, '#']);
+      }
+    }
+    if (options['cStyleComments']) {
+      fallthroughStylePatterns.push([PR_COMMENT, /^\/\/[^\r\n]*/, null]);
+      fallthroughStylePatterns.push(
+          [PR_COMMENT, /^\/\*[\s\S]*?(?:\*\/|$)/, null]);
+    }
+    if (options['regexLiterals']) {
+      var REGEX_LITERAL = (
+          // A regular expression literal starts with a slash that is
+          // not followed by * or / so that it is not confused with
+          // comments.
+          '/(?=[^/*])'
+          // and then contains any number of raw characters,
+          + '(?:[^/\\x5B\\x5C]'
+          // escape sequences (\x5C),
+          +    '|\\x5C[\\s\\S]'
+          // or non-nesting character sets (\x5B\x5D);
+          +    '|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+'
+          // finally closed by a /.
+          + '/');
+      fallthroughStylePatterns.push(
+          ['lang-regex',
+           new RegExp('^' + REGEXP_PRECEDER_PATTERN + '(' + REGEX_LITERAL + ')')
+           ]);
+    }
+
+    var keywords = options['keywords'].replace(/^\s+|\s+$/g, '');
+    if (keywords.length) {
+      fallthroughStylePatterns.push(
+          [PR_KEYWORD,
+           new RegExp('^(?:' + keywords.replace(/\s+/g, '|') + ')\\b'), null]);
+    }
+
+    shortcutStylePatterns.push([PR_PLAIN,       /^\s+/, null, ' \r\n\t\xA0']);
+    fallthroughStylePatterns.push(
+        // TODO(mikesamuel): recognize non-latin letters and numerals in idents
+        [PR_LITERAL,     /^@[a-z_$][a-z_$@0-9]*/i, null],
+        [PR_TYPE,        /^@?[A-Z]+[a-z][A-Za-z_$@0-9]*/, null],
+        [PR_PLAIN,       /^[a-z_$][a-z_$@0-9]*/i, null],
+        [PR_LITERAL,
+         new RegExp(
+             '^(?:'
+             // A hex number
+             + '0x[a-f0-9]+'
+             // or an octal or decimal number,
+             + '|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)'
+             // possibly in scientific notation
+             + '(?:e[+\\-]?\\d+)?'
+             + ')'
+             // with an optional modifier like UL for unsigned long
+             + '[a-z]*', 'i'),
+         null, '0123456789'],
+        [PR_PUNCTUATION, /^.[^\s\w\.$@\'\"\`\/\#]*/, null]);
+
+    return createSimpleLexer(shortcutStylePatterns, fallthroughStylePatterns);
+  }
+
+  var decorateSource = sourceDecorator({
+        'keywords': ALL_KEYWORDS,
+        'hashComments': true,
+        'cStyleComments': true,
+        'multiLineStrings': true,
+        'regexLiterals': true
+      });
+
+  /** Breaks {@code job.source} around style boundaries in
+    * {@code job.decorations} while re-interleaving {@code job.extractedTags},
+    * and leaves the result in {@code job.prettyPrintedHtml}.
+    * @param {Object} job like {
+    *    source: {string} source as plain text,
+    *    extractedTags: {Array.<number|string>} extractedTags chunks of raw
+    *                   html preceded by their position in {@code job.source}
+    *                   in order
+    *    decorations: {Array.<number|string} an array of style classes preceded
+    *                 by the position at which they start in job.source in order
+    * }
+    * @private
+    */
+  function recombineTagsAndDecorations(job) {
+    var sourceText = job.source;
+    var extractedTags = job.extractedTags;
+    var decorations = job.decorations;
+
+    var html = [];
+    // index past the last char in sourceText written to html
+    var outputIdx = 0;
+
+    var openDecoration = null;
+    var currentDecoration = null;
+    var tagPos = 0;  // index into extractedTags
+    var decPos = 0;  // index into decorations
+    var tabExpander = makeTabExpander(window['PR_TAB_WIDTH']);
+
+    var adjacentSpaceRe = /([\r\n ]) /g;
+    var startOrSpaceRe = /(^| ) /gm;
+    var newlineRe = /\r\n?|\n/g;
+    var trailingSpaceRe = /[ \r\n]$/;
+    var lastWasSpace = true;  // the last text chunk emitted ended with a space.
+
+    // A helper function that is responsible for opening sections of decoration
+    // and outputing properly escaped chunks of source
+    function emitTextUpTo(sourceIdx) {
+      if (sourceIdx > outputIdx) {
+        if (openDecoration && openDecoration !== currentDecoration) {
+          // Close the current decoration
+          html.push('</span>');
+          openDecoration = null;
+        }
+        if (!openDecoration && currentDecoration) {
+          openDecoration = currentDecoration;
+          html.push('<span class="', openDecoration, '">');
+        }
+        // This interacts badly with some wikis which introduces paragraph tags
+        // into pre blocks for some strange reason.
+        // It's necessary for IE though which seems to lose the preformattedness
+        // of <pre> tags when their innerHTML is assigned.
+        // http://stud3.tuwien.ac.at/~e0226430/innerHtmlQuirk.html
+        // and it serves to undo the conversion of <br>s to newlines done in
+        // chunkify.
+        var htmlChunk = textToHtml(
+            tabExpander(sourceText.substring(outputIdx, sourceIdx)))
+            .replace(lastWasSpace
+                     ? startOrSpaceRe
+                     : adjacentSpaceRe, '$1&nbsp;');
+        // Keep track of whether we need to escape space at the beginning of the
+        // next chunk.
+        lastWasSpace = trailingSpaceRe.test(htmlChunk);
+        // IE collapses multiple adjacient <br>s into 1 line break.
+        // Prefix every <br> with '&nbsp;' can prevent such IE's behavior.
+        var lineBreakHtml = window['_pr_isIE6']() ? '&nbsp;<br />' : '<br />';
+        html.push(htmlChunk.replace(newlineRe, lineBreakHtml));
+        outputIdx = sourceIdx;
+      }
+    }
+
+    while (true) {
+      // Determine if we're going to consume a tag this time around.  Otherwise
+      // we consume a decoration or exit.
+      var outputTag;
+      if (tagPos < extractedTags.length) {
+        if (decPos < decorations.length) {
+          // Pick one giving preference to extractedTags since we shouldn't open
+          // a new style that we're going to have to immediately close in order
+          // to output a tag.
+          outputTag = extractedTags[tagPos] <= decorations[decPos];
+        } else {
+          outputTag = true;
+        }
+      } else {
+        outputTag = false;
+      }
+      // Consume either a decoration or a tag or exit.
+      if (outputTag) {
+        emitTextUpTo(extractedTags[tagPos]);
+        if (openDecoration) {
+          // Close the current decoration
+          html.push('</span>');
+          openDecoration = null;
+        }
+        html.push(extractedTags[tagPos + 1]);
+        tagPos += 2;
+      } else if (decPos < decorations.length) {
+        emitTextUpTo(decorations[decPos]);
+        currentDecoration = decorations[decPos + 1];
+        decPos += 2;
+      } else {
+        break;
+      }
+    }
+    emitTextUpTo(sourceText.length);
+    if (openDecoration) {
+      html.push('</span>');
+    }
+    job.prettyPrintedHtml = html.join('');
+  }
+
+  /** Maps language-specific file extensions to handlers. */
+  var langHandlerRegistry = {};
+  /** Register a language handler for the given file extensions.
+    * @param {function (Object)} handler a function from source code to a list
+    *      of decorations.  Takes a single argument job which describes the
+    *      state of the computation.   The single parameter has the form
+    *      {@code {
+    *        source: {string} as plain text.
+    *        decorations: {Array.<number|string>} an array of style classes
+    *                     preceded by the position at which they start in
+    *                     job.source in order.
+    *                     The language handler should assigned this field.
+    *        basePos: {int} the position of source in the larger source chunk.
+    *                 All positions in the output decorations array are relative
+    *                 to the larger source chunk.
+    *      } }
+    * @param {Array.<string>} fileExtensions
+    */
+  function registerLangHandler(handler, fileExtensions) {
+    for (var i = fileExtensions.length; --i >= 0;) {
+      var ext = fileExtensions[i];
+      if (!langHandlerRegistry.hasOwnProperty(ext)) {
+        langHandlerRegistry[ext] = handler;
+      } else if ('console' in window) {
+        console.warn('cannot override language handler %s', ext);
+      }
+    }
+  }
+  function langHandlerForExtension(extension, source) {
+    if (!(extension && langHandlerRegistry.hasOwnProperty(extension))) {
+      // Treat it as markup if the first non whitespace character is a < and
+      // the last non-whitespace character is a >.
+      extension = /^\s*</.test(source)
+          ? 'default-markup'
+          : 'default-code';
+    }
+    return langHandlerRegistry[extension];
+  }
+  registerLangHandler(decorateSource, ['default-code']);
+  registerLangHandler(
+      createSimpleLexer(
+          [],
+          [
+           [PR_PLAIN,       /^[^<?]+/],
+           [PR_DECLARATION, /^<!\w[^>]*(?:>|$)/],
+           [PR_COMMENT,     /^<\!--[\s\S]*?(?:-\->|$)/],
+           // Unescaped content in an unknown language
+           ['lang-',        /^<\?([\s\S]+?)(?:\?>|$)/],
+           ['lang-',        /^<%([\s\S]+?)(?:%>|$)/],
+           [PR_PUNCTUATION, /^(?:<[%?]|[%?]>)/],
+           ['lang-',        /^<xmp\b[^>]*>([\s\S]+?)<\/xmp\b[^>]*>/i],
+           // Unescaped content in javascript.  (Or possibly vbscript).
+           ['lang-js',      /^<script\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],
+           // Contains unescaped stylesheet content
+           ['lang-css',     /^<style\b[^>]*>([\s\S]*?)(<\/style\b[^>]*>)/i],
+           ['lang-in.tag',  /^(<\/?[a-z][^<>]*>)/i]
+          ]),
+      ['default-markup', 'htm', 'html', 'mxml', 'xhtml', 'xml', 'xsl']);
+  registerLangHandler(
+      createSimpleLexer(
+          [
+           [PR_PLAIN,        /^[\s]+/, null, ' \t\r\n'],
+           [PR_ATTRIB_VALUE, /^(?:\"[^\"]*\"?|\'[^\']*\'?)/, null, '\"\'']
+           ],
+          [
+           [PR_TAG,          /^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],
+           [PR_ATTRIB_NAME,  /^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],
+           ['lang-uq.val',   /^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],
+           [PR_PUNCTUATION,  /^[=<>\/]+/],
+           ['lang-js',       /^on\w+\s*=\s*\"([^\"]+)\"/i],
+           ['lang-js',       /^on\w+\s*=\s*\'([^\']+)\'/i],
+           ['lang-js',       /^on\w+\s*=\s*([^\"\'>\s]+)/i],
+           ['lang-css',      /^style\s*=\s*\"([^\"]+)\"/i],
+           ['lang-css',      /^style\s*=\s*\'([^\']+)\'/i],
+           ['lang-css',      /^style\s*=\s*([^\"\'>\s]+)/i]
+           ]),
+      ['in.tag']);
+  registerLangHandler(
+      createSimpleLexer([], [[PR_ATTRIB_VALUE, /^[\s\S]+/]]), ['uq.val']);
+  registerLangHandler(sourceDecorator({
+          'keywords': CPP_KEYWORDS,
+          'hashComments': true,
+          'cStyleComments': true
+        }), ['c', 'cc', 'cpp', 'cxx', 'cyc', 'm']);
+  registerLangHandler(sourceDecorator({
+          'keywords': 'null true false'
+        }), ['json']);
+  registerLangHandler(sourceDecorator({
+          'keywords': CSHARP_KEYWORDS,
+          'hashComments': true,
+          'cStyleComments': true,
+          'verbatimStrings': true
+        }), ['cs']);
+  registerLangHandler(sourceDecorator({
+          'keywords': JAVA_KEYWORDS,
+          'cStyleComments': true
+        }), ['java']);
+  registerLangHandler(sourceDecorator({
+          'keywords': SH_KEYWORDS,
+          'hashComments': true,
+          'multiLineStrings': true
+        }), ['bsh', 'csh', 'sh']);
+  registerLangHandler(sourceDecorator({
+          'keywords': PYTHON_KEYWORDS,
+          'hashComments': true,
+          'multiLineStrings': true,
+          'tripleQuotedStrings': true
+        }), ['cv', 'py']);
+  registerLangHandler(sourceDecorator({
+          'keywords': PERL_KEYWORDS,
+          'hashComments': true,
+          'multiLineStrings': true,
+          'regexLiterals': true
+        }), ['perl', 'pl', 'pm']);
+  registerLangHandler(sourceDecorator({
+          'keywords': RUBY_KEYWORDS,
+          'hashComments': true,
+          'multiLineStrings': true,
+          'regexLiterals': true
+        }), ['rb']);
+  registerLangHandler(sourceDecorator({
+          'keywords': JSCRIPT_KEYWORDS,
+          'cStyleComments': true,
+          'regexLiterals': true
+        }), ['js']);
+  registerLangHandler(
+      createSimpleLexer([], [[PR_STRING, /^[\s\S]+/]]), ['regex']);
+
+  function applyDecorator(job) {
+    var sourceCodeHtml = job.sourceCodeHtml;
+    var opt_langExtension = job.langExtension;
+
+    // Prepopulate output in case processing fails with an exception.
+    job.prettyPrintedHtml = sourceCodeHtml;
+
+    try {
+      // Extract tags, and convert the source code to plain text.
+      var sourceAndExtractedTags = extractTags(sourceCodeHtml);
+      /** Plain text. @type {string} */
+      var source = sourceAndExtractedTags.source;
+      job.source = source;
+      job.basePos = 0;
+
+      /** Even entries are positions in source in ascending order.  Odd entries
+        * are tags that were extracted at that position.
+        * @type {Array.<number|string>}
+        */
+      job.extractedTags = sourceAndExtractedTags.tags;
+
+      // Apply the appropriate language handler
+      langHandlerForExtension(opt_langExtension, source)(job);
+      // Integrate the decorations and tags back into the source code to produce
+      // a decorated html string which is left in job.prettyPrintedHtml.
+      recombineTagsAndDecorations(job);
+    } catch (e) {
+      if ('console' in window) {
+        console.log(e);
+        console.trace();
+      }
+    }
+  }
+
+  function prettyPrintOne(sourceCodeHtml, opt_langExtension) {
+    var job = {
+      sourceCodeHtml: sourceCodeHtml,
+      langExtension: opt_langExtension
+    };
+    applyDecorator(job);
+    return job.prettyPrintedHtml;
+  }
+
+  function prettyPrint(opt_whenDone) {
+    var isIE678 = window['_pr_isIE6']();
+    var ieNewline = isIE678 === 6 ? '\r\n' : '\r';
+    // See bug 71 and http://stackoverflow.com/questions/136443/why-doesnt-ie7-
+
+    // fetch a list of nodes to rewrite
+    var codeSegments = [
+        document.getElementsByTagName('pre'),
+        document.getElementsByTagName('code'),
+        document.getElementsByTagName('td'),  /* ND Change: Add tables to support prototypes. */
+        document.getElementsByTagName('xmp') ];
+    var elements = [];
+    for (var i = 0; i < codeSegments.length; ++i) {
+      for (var j = 0, n = codeSegments[i].length; j < n; ++j) {
+        elements.push(codeSegments[i][j]);
+      }
+    }
+    codeSegments = null;
+
+    var clock = Date;
+    if (!clock['now']) {
+      clock = { 'now': function () { return (new Date).getTime(); } };
+    }
+
+    // The loop is broken into a series of continuations to make sure that we
+    // don't make the browser unresponsive when rewriting a large page.
+    var k = 0;
+    var prettyPrintingJob;
+
+    function doWork() {
+      var endTime = (window['PR_SHOULD_USE_CONTINUATION'] ?
+                     clock.now() + 250 /* ms */ :
+                     Infinity);
+      for (; k < elements.length && clock.now() < endTime; k++) {
+        var cs = elements[k];
+        if (cs.className && cs.className.indexOf('prettyprint') >= 0) {
+          // If the classes includes a language extensions, use it.
+          // Language extensions can be specified like
+          //     <pre class="prettyprint lang-cpp">
+          // the language extension "cpp" is used to find a language handler as
+          // passed to PR_registerLangHandler.
+          var langExtension = cs.className.match(/\blang-(\w+)\b/);
+          if (langExtension) { langExtension = langExtension[1]; }
+
+          // make sure this is not nested in an already prettified element
+          var nested = false;
+          for (var p = cs.parentNode; p; p = p.parentNode) {
+            if ((p.tagName === 'pre' || p.tagName === 'code' ||
+                 p.tagName === 'xmp' || p.tagName === 'td') &&  /* ND Change: Add tables to support prototypes */
+                p.className && p.className.indexOf('prettyprint') >= 0) {
+              nested = true;
+              break;
+            }
+          }
+          if (!nested) {
+            // fetch the content as a snippet of properly escaped HTML.
+            // Firefox adds newlines at the end.
+            var content = getInnerHtml(cs);
+            content = content.replace(/(?:\r\n?|\n)$/, '');
+
+	  		/* ND Change: we need to preserve &nbsp;s so change them to a special character instead of a space. */
+			content = content.replace(/&nbsp;/g, '\x11');
+
+            // do the pretty printing
+            prettyPrintingJob = {
+              sourceCodeHtml: content,
+              langExtension: langExtension,
+              sourceNode: cs
+            };
+            applyDecorator(prettyPrintingJob);
+            replaceWithPrettyPrintedHtml();
+          }
+        }
+      }
+      if (k < elements.length) {
+        // finish up in a continuation
+        setTimeout(doWork, 250);
+      } else if (opt_whenDone) {
+        opt_whenDone();
+      }
+    }
+
+    function replaceWithPrettyPrintedHtml() {
+      var newContent = prettyPrintingJob.prettyPrintedHtml;
+      if (!newContent) { return; }
+
+      /* ND Change: Restore the preserved &nbsp;s.  */
+	  newContent = newContent.replace(/\x11/g, '&nbsp;');
+
+      var cs = prettyPrintingJob.sourceNode;
+
+      // push the prettified html back into the tag.
+      if (!isRawContent(cs)) {
+        // just replace the old html with the new
+        cs.innerHTML = newContent;
+      } else {
+        // we need to change the tag to a <pre> since <xmp>s do not allow
+        // embedded tags such as the span tags used to attach styles to
+        // sections of source code.
+        var pre = document.createElement('PRE');
+        for (var i = 0; i < cs.attributes.length; ++i) {
+          var a = cs.attributes[i];
+          if (a.specified) {
+            var aname = a.name.toLowerCase();
+            if (aname === 'class') {
+              pre.className = a.value;  // For IE 6
+            } else {
+              pre.setAttribute(a.name, a.value);
+            }
+          }
+        }
+        pre.innerHTML = newContent;
+
+        // remove the old
+        cs.parentNode.replaceChild(pre, cs);
+        cs = pre;
+      }
+
+      // Replace <br>s with line-feeds so that copying and pasting works
+      // on IE 6.
+      // Doing this on other browsers breaks lots of stuff since \r\n is
+      // treated as two newlines on Firefox, and doing this also slows
+      // down rendering.
+      if (isIE678 && cs.tagName === 'PRE') {
+        var lineBreaks = cs.getElementsByTagName('br');
+        for (var j = lineBreaks.length; --j >= 0;) {
+          var lineBreak = lineBreaks[j];
+          lineBreak.parentNode.replaceChild(
+              document.createTextNode(ieNewline), lineBreak);
+        }
+      }
+    }
+
+    doWork();
+  }
+
+  window['PR_normalizedHtml'] = normalizedHtml;
+  window['prettyPrintOne'] = prettyPrintOne;
+  window['prettyPrint'] = prettyPrint;
+  window['PR'] = {
+        'combinePrefixPatterns': combinePrefixPatterns,
+        'createSimpleLexer': createSimpleLexer,
+        'registerLangHandler': registerLangHandler,
+        'sourceDecorator': sourceDecorator,
+        'PR_ATTRIB_NAME': PR_ATTRIB_NAME,
+        'PR_ATTRIB_VALUE': PR_ATTRIB_VALUE,
+        'PR_COMMENT': PR_COMMENT,
+        'PR_DECLARATION': PR_DECLARATION,
+        'PR_KEYWORD': PR_KEYWORD,
+        'PR_LITERAL': PR_LITERAL,
+        'PR_NOCODE': PR_NOCODE,
+        'PR_PLAIN': PR_PLAIN,
+        'PR_PUNCTUATION': PR_PUNCTUATION,
+        'PR_SOURCE': PR_SOURCE,
+        'PR_STRING': PR_STRING,
+        'PR_TAG': PR_TAG,
+        'PR_TYPE': PR_TYPE
+      };
+})();
+
+
+// ____________________________________________________________________________
+
+
+
+// Lua extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,'	\n\r \xa0'],[PR.PR_STRING,/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'\"\'']],[[PR.PR_COMMENT,/^--(?:\[(=*)\[[\s\S]*?(?:\]\1\]|$)|[^\r\n]*)/],[PR.PR_STRING,/^\[(=*)\[[\s\S]*?(?:\]\1\]|$)/],[PR.PR_KEYWORD,/^(?:and|break|do|else|elseif|end|false|for|function|if|in|local|nil|not|or|repeat|return|then|true|until|while)\b/,null],[PR.PR_LITERAL,/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^[a-z_]\w*/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \xA0][^\w\t\n\r \xA0\"\'\-\+=]*/]]),['lua'])
+
+
+// Haskell extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\x0B\x0C\r ]+/,null,'	\n\r '],[PR.PR_STRING,/^\"(?:[^\"\\\n\x0C\r]|\\[\s\S])*(?:\"|$)/,null,'\"'],[PR.PR_STRING,/^\'(?:[^\'\\\n\x0C\r]|\\[^&])\'?/,null,'\''],[PR.PR_LITERAL,/^(?:0o[0-7]+|0x[\da-f]+|\d+(?:\.\d+)?(?:e[+\-]?\d+)?)/i,null,'0123456789']],[[PR.PR_COMMENT,/^(?:(?:--+(?:[^\r\n\x0C]*)?)|(?:\{-(?:[^-]|-+[^-\}])*-\}))/],[PR.PR_KEYWORD,/^(?:case|class|data|default|deriving|do|else|if|import|in|infix|infixl|infixr|instance|let|module|newtype|of|then|type|where|_)(?=[^a-zA-Z0-9\']|$)/,null],[PR.PR_PLAIN,/^(?:[A-Z][\w\']*\.)*[a-zA-Z][\w\']*/],[PR.PR_PUNCTUATION,/^[^\t\n\x0B\x0C\r a-zA-Z0-9\'\"]+/]]),['hs'])
+
+
+// ML extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,'	\n\r \xa0'],[PR.PR_COMMENT,/^#(?:if[\t\n\r \xA0]+(?:[a-z_$][\w\']*|``[^\r\n\t`]*(?:``|$))|else|endif|light)/i,null,'#'],[PR.PR_STRING,/^(?:\"(?:[^\"\\]|\\[\s\S])*(?:\"|$)|\'(?:[^\'\\]|\\[\s\S])*(?:\'|$))/,null,'\"\'']],[[PR.PR_COMMENT,/^(?:\/\/[^\r\n]*|\(\*[\s\S]*?\*\))/],[PR.PR_KEYWORD,/^(?:abstract|and|as|assert|begin|class|default|delegate|do|done|downcast|downto|elif|else|end|exception|extern|false|finally|for|fun|function|if|in|inherit|inline|interface|internal|lazy|let|match|member|module|mutable|namespace|new|null|of|open|or|override|private|public|rec|return|static|struct|then|to|true|try|type|upcast|use|val|void|when|while|with|yield|asr|land|lor|lsl|lsr|lxor|mod|sig|atomic|break|checked|component|const|constraint|constructor|continue|eager|event|external|fixed|functor|global|include|method|mixin|object|parallel|process|protected|pure|sealed|trait|virtual|volatile)\b/],[PR.PR_LITERAL,/^[+\-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^(?:[a-z_]\w*[!?#]?|``[^\r\n\t`]*(?:``|$))/i],[PR.PR_PUNCTUATION,/^[^\t\n\r \xA0\"\'\w]+/]]),['fs','ml'])
+
+
+// SQL extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0]+/,null,'	\n\r \xa0'],[PR.PR_STRING,/^(?:"(?:[^\"\\]|\\.)*"|'(?:[^\'\\]|\\.)*')/,null,'\"\'']],[[PR.PR_COMMENT,/^(?:--[^\r\n]*|\/\*[\s\S]*?(?:\*\/|$))/],[PR.PR_KEYWORD,/^(?:ADD|ALL|ALTER|AND|ANY|AS|ASC|AUTHORIZATION|BACKUP|BEGIN|BETWEEN|BREAK|BROWSE|BULK|BY|CASCADE|CASE|CHECK|CHECKPOINT|CLOSE|CLUSTERED|COALESCE|COLLATE|COLUMN|COMMIT|COMPUTE|CONSTRAINT|CONTAINS|CONTAINSTABLE|CONTINUE|CONVERT|CREATE|CROSS|CURRENT|CURRENT_DATE|CURRENT_TIME|CURRENT_TIMESTAMP|CURRENT_USER|CURSOR|DATABASE|DBCC|DEALLOCATE|DECLARE|DEFAULT|DELETE|DENY|DESC|DISK|DISTINCT|DISTRIBUTED|DOUBLE|DROP|DUMMY|DUMP|ELSE|END|ERRLVL|ESCAPE|EXCEPT|EXEC|EXECUTE|EXISTS|EXIT|FETCH|FILE|FILLFACTOR|FOR|FOREIGN|FREETEXT|FREETEXTTABLE|FROM|FULL|FUNCTION|GOTO|GRANT|GROUP|HAVING|HOLDLOCK|IDENTITY|IDENTITYCOL|IDENTITY_INSERT|IF|IN|INDEX|INNER|INSERT|INTERSECT|INTO|IS|JOIN|KEY|KILL|LEFT|LIKE|LINENO|LOAD|NATIONAL|NOCHECK|NONCLUSTERED|NOT|NULL|NULLIF|OF|OFF|OFFSETS|ON|OPEN|OPENDATASOURCE|OPENQUERY|OPENROWSET|OPENXML|OPTION|OR|ORDER|OUTER|OVER|PERCENT|PLAN|PRECISION|PRIMARY|PRINT|PROC|PROCEDURE|PUBLIC|RAISERROR|READ|READTEXT|RECONFIGURE|REFERENCES|REPLICATION|RESTORE|RESTRICT|RETURN|REVOKE|RIGHT|ROLLBACK|ROWCOUNT|ROWGUIDCOL|RULE|SAVE|SCHEMA|SELECT|SESSION_USER|SET|SETUSER|SHUTDOWN|SOME|STATISTICS|SYSTEM_USER|TABLE|TEXTSIZE|THEN|TO|TOP|TRAN|TRANSACTION|TRIGGER|TRUNCATE|TSEQUAL|UNION|UNIQUE|UPDATE|UPDATETEXT|USE|USER|VALUES|VARYING|VIEW|WAITFOR|WHEN|WHERE|WHILE|WITH|WRITETEXT)(?=[^\w-]|$)/i,null],[PR.PR_LITERAL,/^[+-]?(?:0x[\da-f]+|(?:(?:\.\d+|\d+(?:\.\d*)?)(?:e[+\-]?\d+)?))/i],[PR.PR_PLAIN,/^[a-z_][\w-]*/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \xA0\"\'][^\w\t\n\r \xA0+\-\"\']*/]]),['sql'])
+
+
+// VB extension
+
+PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[\t\n\r \xA0\u2028\u2029]+/,null,'	\n\r \xa0\u2028\u2029'],[PR.PR_STRING,/^(?:[\"\u201C\u201D](?:[^\"\u201C\u201D]|[\"\u201C\u201D]{2})(?:[\"\u201C\u201D]c|$)|[\"\u201C\u201D](?:[^\"\u201C\u201D]|[\"\u201C\u201D]{2})*(?:[\"\u201C\u201D]|$))/i,null,'\"\u201c\u201d'],[PR.PR_COMMENT,/^[\'\u2018\u2019][^\r\n\u2028\u2029]*/,null,'\'\u2018\u2019']],[[PR.PR_KEYWORD,/^(?:AddHandler|AddressOf|Alias|And|AndAlso|Ansi|As|Assembly|Auto|Boolean|ByRef|Byte|ByVal|Call|Case|Catch|CBool|CByte|CChar|CDate|CDbl|CDec|Char|CInt|Class|CLng|CObj|Const|CShort|CSng|CStr|CType|Date|Decimal|Declare|Default|Delegate|Dim|DirectCast|Do|Double|Each|Else|ElseIf|End|EndIf|Enum|Erase|Error|Event|Exit|Finally|For|Friend|Function|Get|GetType|GoSub|GoTo|Handles|If|Implements|Imports|In|Inherits|Integer|Interface|Is|Let|Lib|Like|Long|Loop|Me|Mod|Module|MustInherit|MustOverride|MyBase|MyClass|Namespace|New|Next|Not|NotInheritable|NotOverridable|Object|On|Option|Optional|Or|OrElse|Overloads|Overridable|Overrides|ParamArray|Preserve|Private|Property|Protected|Public|RaiseEvent|ReadOnly|ReDim|RemoveHandler|Resume|Return|Select|Set|Shadows|Shared|Short|Single|Static|Step|Stop|String|Structure|Sub|SyncLock|Then|Throw|To|Try|TypeOf|Unicode|Until|Variant|Wend|When|While|With|WithEvents|WriteOnly|Xor|EndIf|GoSub|Let|Variant|Wend)\b/i,null],[PR.PR_COMMENT,/^REM[^\r\n\u2028\u2029]*/i],[PR.PR_LITERAL,/^(?:True\b|False\b|Nothing\b|\d+(?:E[+\-]?\d+[FRD]?|[FRDSIL])?|(?:&H[0-9A-F]+|&O[0-7]+)[SIL]?|\d*\.\d+(?:E[+\-]?\d+)?[FRD]?|#\s+(?:\d+[\-\/]\d+[\-\/]\d+(?:\s+\d+:\d+(?::\d+)?(\s*(?:AM|PM))?)?|\d+:\d+(?::\d+)?(\s*(?:AM|PM))?)\s+#)/i],[PR.PR_PLAIN,/^(?:(?:[a-z]|_\w)\w*|\[(?:[a-z]|_\w)\w*\])/i],[PR.PR_PUNCTUATION,/^[^\w\t\n\r \"\'\[\]\xA0\u2018\u2019\u201C\u201D\u2028\u2029]+/],[PR.PR_PUNCTUATION,/^(?:\[|\])/]]),['vb','vbs'])

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/searchdata.js

@@ -0,0 +1,122 @@
+var indexSectionsWithContent = {
+   "General": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": true,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": true,
+      "G": true,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": true,
+      "M": false,
+      "N": false,
+      "O": true,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": true,
+      "V": true,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Variables": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": false,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": false,
+      "G": false,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": false,
+      "M": false,
+      "N": false,
+      "O": false,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": false,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Functions": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": true,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": true,
+      "G": true,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": true,
+      "M": false,
+      "N": false,
+      "O": true,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": true,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Files": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": false,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": false,
+      "G": false,
+      "H": false,
+      "I": false,
+      "J": false,
+      "K": false,
+      "L": false,
+      "M": false,
+      "N": false,
+      "O": false,
+      "P": false,
+      "Q": false,
+      "R": false,
+      "S": false,
+      "T": false,
+      "U": false,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      }
+   }

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FilesC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsA.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsF.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsG.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsL.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsO.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsU.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralA.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralF.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div><div class=SRResult id=SR_Functions><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Functions" target=_parent class=ISymbol>Functions</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralG.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralL.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralO.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralU.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralV.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_Variables><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Variables" target=_parent class=ISymbol>Variables</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/NoResults.html

@@ -0,0 +1,15 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=NoMatches>No Matches</div></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/styles/main.css

@@ -0,0 +1,824 @@
+/*
+   IMPORTANT: If you're editing this file in the output directory of one of
+   your projects, your changes will be overwritten the next time you run
+   Natural Docs.  Instead, copy this file to your project directory, make your
+   changes, and you can use it with -s.  Even better would be to make a CSS
+   file in your project directory with only your changes, which you can then
+   use with -s [original style] [your changes].
+
+   On the other hand, if you're editing this file in the Natural Docs styles
+   directory, the changes will automatically be applied to all your projects
+   that use this style the next time Natural Docs is run on them.
+
+   This file is part of Natural Docs, which is Copyright © 2003-2010 Greg Valure.
+   Natural Docs is licensed under version 3 of the GNU Affero General Public
+   License (AGPL).  Refer to License.txt for the complete details.
+
+   This file may be distributed with documentation files generated by Natural Docs.
+   Such documentation is not covered by Natural Docs' copyright and licensing,
+   and may have its own copyright and distribution terms as decided by its author.
+*/
+
+body {
+    font: 8pt Verdana, Arial, sans-serif;
+    color: #000000;
+    margin: 0; padding: 0;
+    }
+
+.ContentPage,
+.IndexPage,
+.FramedMenuPage {
+    background-color: #E8E8E8;
+    }
+.FramedContentPage,
+.FramedIndexPage,
+.FramedSearchResultsPage,
+.PopupSearchResultsPage {
+    background-color: #FFFFFF;
+    }
+
+
+a:link,
+a:visited { color: #900000; text-decoration: none }
+a:hover { color: #900000; text-decoration: underline }
+a:active { color: #FF0000; text-decoration: underline }
+
+td {
+    vertical-align: top }
+
+img { border: 0;  }
+
+
+/*
+    Comment out this line to use web-style paragraphs (blank line between
+    paragraphs, no indent) instead of print-style paragraphs (no blank line,
+    indented.)
+*/
+p {
+    text-indent: 5ex; margin: 0 }
+
+
+/*  Opera doesn't break with just wbr, but will if you add this.  */
+.Opera wbr:after {
+	content: "\00200B";
+	}
+
+/*  Blockquotes are used as containers for things that may need to scroll.  */
+blockquote {
+    padding: 0;
+    margin: 0;
+    overflow: auto;
+    }
+
+
+.Firefox1 blockquote {
+    padding-bottom: .5em;
+    }
+
+/*  Turn off scrolling when printing.  */
+@media print {
+    blockquote {
+        overflow: visible;
+        }
+    .IE blockquote {
+        width: auto;
+        }
+    }
+
+
+
+#Menu {
+    font-size: 8pt;
+    padding: 10px 0 0 0;
+    }
+.ContentPage #Menu,
+.IndexPage #Menu {
+    position: absolute;
+    top: 0;
+    left: 0;
+    width: 31ex;
+    overflow: hidden;
+    }
+.ContentPage .Firefox #Menu,
+.IndexPage .Firefox #Menu {
+    width: 27ex;
+    }
+
+
+    .MTitle {
+        font-size: 16pt; font-weight: bold; font-variant: small-caps;
+        text-align: center;
+        padding: 5px 10px 15px 10px;
+        border-bottom: 1px dotted #000000;
+        margin-bottom: 15px }
+
+    .MSubTitle {
+        font-size: 9pt; font-weight: normal; font-variant: normal;
+        margin-top: 1ex; margin-bottom: 5px }
+
+
+    .MEntry a:link,
+    .MEntry a:hover,
+    .MEntry a:visited { color: #606060; margin-right: 0 }
+    .MEntry a:active { color: #A00000; margin-right: 0 }
+
+
+    .MGroup {
+        font-variant: small-caps; font-weight: bold;
+        margin: 1em 0 1em 10px;
+        }
+
+    .MGroupContent {
+        font-variant: normal; font-weight: normal }
+
+    .MGroup a:link,
+    .MGroup a:hover,
+    .MGroup a:visited { color: #545454; margin-right: 10px }
+    .MGroup a:active { color: #A00000; margin-right: 10px }
+
+
+    .MFile,
+    .MText,
+    .MLink,
+    .MIndex {
+        padding: 1px 17px 2px 10px;
+        margin: .25em 0 .25em 0;
+        }
+
+    .MText {
+        font-size: 8pt; font-style: italic }
+
+    .MLink {
+        font-style: italic }
+
+    #MSelected {
+        color: #000000; background-color: #FFFFFF;
+        /*  Replace padding with border.  */
+        padding: 0 10px 0 10px;
+        border-width: 1px 2px 2px 0; border-style: solid; border-color: #000000;
+        margin-right: 5px;
+        }
+
+    /*  Close off the left side when its in a group.  */
+    .MGroup #MSelected {
+        padding-left: 9px; border-left-width: 1px }
+
+    /*  A treat for Mozilla users.  Blatantly non-standard.  Will be replaced with CSS 3 attributes when finalized/supported.  */
+    .Firefox #MSelected {
+        -moz-border-radius-topright: 10px;
+        -moz-border-radius-bottomright: 10px }
+    .Firefox .MGroup #MSelected {
+        -moz-border-radius-topleft: 10px;
+        -moz-border-radius-bottomleft: 10px }
+
+
+    #MSearchPanel {
+        padding: 0px 6px;
+        margin: .25em 0;
+        }
+
+
+    #MSearchField {
+        font: italic 8pt Verdana, sans-serif;
+        color: #606060;
+        background-color: #E8E8E8;
+        border: none;
+        padding: 2px 4px;
+        width: 100%;
+        }
+    /* Only Opera gets it right. */
+    .Firefox #MSearchField,
+    .IE #MSearchField,
+    .Safari #MSearchField {
+        width: 94%;
+        }
+    .Opera9 #MSearchField,
+    .Konqueror #MSearchField {
+        width: 97%;
+        }
+    .FramedMenuPage .Firefox #MSearchField,
+    .FramedMenuPage .Safari #MSearchField,
+    .FramedMenuPage .Konqueror #MSearchField {
+        width: 98%;
+        }
+
+    /* Firefox doesn't do this right in frames without #MSearchPanel added on.
+        It's presence doesn't hurt anything other browsers. */
+    #MSearchPanel.MSearchPanelInactive:hover #MSearchField {
+        background-color: #FFFFFF;
+        border: 1px solid #C0C0C0;
+        padding: 1px 3px;
+        }
+    .MSearchPanelActive #MSearchField {
+        background-color: #FFFFFF;
+        border: 1px solid #C0C0C0;
+        font-style: normal;
+        padding: 1px 3px;
+        }
+
+    #MSearchType {
+        visibility: hidden;
+        font: 8pt Verdana, sans-serif;
+        width: 98%;
+        padding: 0;
+        border: 1px solid #C0C0C0;
+        }
+    .MSearchPanelActive #MSearchType,
+    /*  As mentioned above, Firefox doesn't do this right in frames without #MSearchPanel added on. */
+    #MSearchPanel.MSearchPanelInactive:hover #MSearchType,
+    #MSearchType:focus {
+        visibility: visible;
+        color: #606060;
+        }
+    #MSearchType option#MSearchEverything {
+        font-weight: bold;
+        }
+
+    .Opera8 .MSearchPanelInactive:hover,
+    .Opera8 .MSearchPanelActive {
+        margin-left: -1px;
+        }
+
+
+    iframe#MSearchResults {
+        width: 60ex;
+        height: 15em;
+        }
+    #MSearchResultsWindow {
+        display: none;
+        position: absolute;
+        left: 0; top: 0;
+        border: 1px solid #000000;
+        background-color: #E8E8E8;
+        }
+    #MSearchResultsWindowClose {
+        font-weight: bold;
+        font-size: 8pt;
+        display: block;
+        padding: 2px 5px;
+        }
+    #MSearchResultsWindowClose:link,
+    #MSearchResultsWindowClose:visited {
+        color: #000000;
+        text-decoration: none;
+        }
+    #MSearchResultsWindowClose:active,
+    #MSearchResultsWindowClose:hover {
+        color: #800000;
+        text-decoration: none;
+        background-color: #F4F4F4;
+        }
+
+
+
+
+#Content {
+    padding-bottom: 15px;
+    }
+
+.ContentPage #Content {
+    border-width: 0 0 1px 1px;
+    border-style: solid;
+    border-color: #000000;
+    background-color: #FFFFFF;
+    font-size: 8pt;  /* To make 31ex match the menu's 31ex. */
+    margin-left: 31ex;
+    }
+.ContentPage .Firefox #Content {
+    margin-left: 27ex;
+    }
+
+
+
+    .CTopic {
+        font-size: 8pt;
+        margin-bottom: 3em;
+        }
+
+
+    .CTitle {
+        font-size: 11pt; font-weight: bold;
+        border-width: 0 0 1px 0; border-style: solid; border-color: #A0A0A0;
+        margin: 0 15px .5em 15px }
+
+    .CGroup .CTitle {
+        font-size: 16pt; font-variant: small-caps;
+        padding-left: 15px; padding-right: 15px;
+        border-width: 0 0 2px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    .CClass .CTitle,
+    .CInterface .CTitle,
+    .CDatabase .CTitle,
+    .CDatabaseTable .CTitle,
+    .CSection .CTitle {
+        font-size: 18pt;
+        color: #FFFFFF; background-color: #A0A0A0;
+        padding: 10px 15px 10px 15px;
+        border-width: 2px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    #MainTopic .CTitle {
+        font-size: 20pt;
+        color: #FFFFFF; background-color: #7070C0;
+        padding: 10px 15px 10px 15px;
+        border-width: 0 0 3px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    .CBody {
+        margin-left: 15px; margin-right: 15px }
+
+
+    .CToolTip {
+        position: absolute; visibility: hidden;
+        left: 0; top: 0;
+        background-color: #FFFFE0;
+        padding: 5px;
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #000000;
+        font-size: 8pt;
+        }
+
+    .Opera .CToolTip {
+        max-width: 98%;
+        }
+
+    /*  Scrollbars would be useless.  */
+    .CToolTip blockquote {
+        overflow: hidden;
+        }
+    .IE6 .CToolTip blockquote {
+        overflow: visible;
+        }
+
+    .CHeading {
+        font-weight: bold; font-size: 9pt;
+        margin: 1.5em 0 .5em 0;
+        }
+
+    .CBody pre {
+        font: 8pt "Courier New", Courier, monospace;
+	    background-color: #FCFCFC;
+	    margin: 1em 35px;
+	    padding: 10px 15px 10px 10px;
+	    border-color: #E0E0E0 #E0E0E0 #E0E0E0 #E4E4E4;
+	    border-width: 1px 1px 1px 6px;
+	    border-style: dashed dashed dashed solid;
+        }
+
+    .CBody ul {
+        /*  I don't know why CBody's margin doesn't apply, but it's consistent across browsers so whatever.
+             Reapply it here as padding.  */
+        padding-left: 15px; padding-right: 15px;
+        margin: .5em 5ex .5em 5ex;
+        }
+
+    .CDescriptionList {
+        margin: .5em 5ex 0 5ex }
+
+        .CDLEntry {
+            font: 8pt "Courier New", Courier, monospace; color: #808080;
+            padding-bottom: .25em;
+            white-space: nowrap }
+
+        .CDLDescription {
+            font-size: 8pt;  /*  For browsers that don't inherit correctly, like Opera 5.  */
+            padding-bottom: .5em; padding-left: 5ex }
+
+
+    .CTopic img {
+        text-align: center;
+        display: block;
+        margin: 1em auto;
+        }
+    .CImageCaption {
+        font-variant: small-caps;
+        font-size: 8pt;
+        color: #808080;
+        text-align: center;
+        position: relative;
+        top: 1em;
+        }
+
+    .CImageLink {
+        color: #808080;
+        font-style: italic;
+        }
+    a.CImageLink:link,
+    a.CImageLink:visited,
+    a.CImageLink:hover { color: #808080 }
+
+
+
+
+
+.Prototype {
+    font: 8pt "Courier New", Courier, monospace;
+    padding: 5px 3ex;
+    border-width: 1px; border-style: solid;
+    margin: 0 5ex 1.5em 5ex;
+    }
+
+    .Prototype td {
+        font-size: 8pt;
+        }
+
+    .PDefaultValue,
+    .PDefaultValuePrefix,
+    .PTypePrefix {
+        color: #8F8F8F;
+        }
+    .PTypePrefix {
+        text-align: right;
+        }
+    .PAfterParameters {
+        vertical-align: bottom;
+        }
+
+    .IE .Prototype table {
+        padding: 0;
+        }
+
+    .CFunction .Prototype {
+        background-color: #F4F4F4; border-color: #D0D0D0 }
+    .CProperty .Prototype {
+        background-color: #F4F4FF; border-color: #C0C0E8 }
+    .CVariable .Prototype {
+        background-color: #FFFFF0; border-color: #E0E0A0 }
+
+    .CClass .Prototype {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+        background-color: #F4F4F4;
+        }
+    .CInterface .Prototype {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0D0;
+        background-color: #F4F4FF;
+        }
+
+    .CDatabaseIndex .Prototype,
+    .CConstant .Prototype {
+        background-color: #D0D0D0; border-color: #000000 }
+    .CType .Prototype,
+    .CEnumeration .Prototype {
+        background-color: #FAF0F0; border-color: #E0B0B0;
+        }
+    .CDatabaseTrigger .Prototype,
+    .CEvent .Prototype,
+    .CDelegate .Prototype {
+        background-color: #F0FCF0; border-color: #B8E4B8 }
+
+    .CToolTip .Prototype {
+        margin: 0 0 .5em 0;
+        white-space: nowrap;
+        }
+
+
+
+
+
+.Summary {
+    margin: 1.5em 5ex 0 5ex }
+
+    .STitle {
+        font-size: 11pt; font-weight: bold;
+        margin-bottom: .5em }
+
+
+    .SBorder {
+        background-color: #FFFFF0;
+        padding: 15px;
+        border: 1px solid #C0C060 }
+
+    /* In a frame IE 6 will make them too long unless you set the width to 100%.  Without frames it will be correct without a width
+        or slightly too long (but not enough to scroll) with a width.  This arbitrary weirdness simply astounds me.  IE 7 has the same
+        problem with frames, haven't tested it without.  */
+    .FramedContentPage .IE .SBorder {
+        width: 100% }
+
+    /*  A treat for Mozilla users.  Blatantly non-standard.  Will be replaced with CSS 3 attributes when finalized/supported.  */
+    .Firefox .SBorder {
+        -moz-border-radius: 20px }
+
+
+    .STable {
+        font-size: 8pt; width: 100% }
+
+    .SEntry {
+        width: 30% }
+    .SDescription {
+        width: 70% }
+
+
+    .SMarked {
+        background-color: #F8F8D8 }
+
+    .SDescription { padding-left: 2ex }
+    .SIndent1 .SEntry { padding-left: 1.5ex }   .SIndent1 .SDescription { padding-left: 3.5ex }
+    .SIndent2 .SEntry { padding-left: 3.0ex }   .SIndent2 .SDescription { padding-left: 5.0ex }
+    .SIndent3 .SEntry { padding-left: 4.5ex }   .SIndent3 .SDescription { padding-left: 6.5ex }
+    .SIndent4 .SEntry { padding-left: 6.0ex }   .SIndent4 .SDescription { padding-left: 8.0ex }
+    .SIndent5 .SEntry { padding-left: 7.5ex }   .SIndent5 .SDescription { padding-left: 9.5ex }
+
+    .SDescription a { color: #800000}
+    .SDescription a:active { color: #A00000 }
+
+    .SGroup td {
+        padding-top: .5em; padding-bottom: .25em }
+
+    .SGroup .SEntry {
+        font-weight: bold; font-variant: small-caps }
+
+    .SGroup .SEntry a { color: #800000 }
+    .SGroup .SEntry a:active { color: #F00000 }
+
+
+    .SMain td,
+    .SClass td,
+    .SDatabase td,
+    .SDatabaseTable td,
+    .SSection td {
+        font-size: 10pt;
+        padding-bottom: .25em }
+
+    .SClass td,
+    .SDatabase td,
+    .SDatabaseTable td,
+    .SSection td {
+        padding-top: 1em }
+
+    .SMain .SEntry,
+    .SClass .SEntry,
+    .SDatabase .SEntry,
+    .SDatabaseTable .SEntry,
+    .SSection .SEntry {
+        font-weight: bold;
+        }
+
+    .SMain .SEntry a,
+    .SClass .SEntry a,
+    .SDatabase .SEntry a,
+    .SDatabaseTable .SEntry a,
+    .SSection .SEntry a { color: #000000 }
+
+    .SMain .SEntry a:active,
+    .SClass .SEntry a:active,
+    .SDatabase .SEntry a:active,
+    .SDatabaseTable .SEntry a:active,
+    .SSection .SEntry a:active { color: #A00000 }
+
+
+
+
+
+.ClassHierarchy {
+    margin: 0 15px 1em 15px }
+
+    .CHEntry {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+        margin-bottom: 3px;
+        padding: 2px 2ex;
+        font-size: 8pt;
+        background-color: #F4F4F4; color: #606060;
+        }
+
+    .Firefox .CHEntry {
+        -moz-border-radius: 4px;
+        }
+
+    .CHCurrent .CHEntry {
+        font-weight: bold;
+        border-color: #000000;
+        color: #000000;
+        }
+
+    .CHChildNote .CHEntry {
+        font-style: italic;
+        font-size: 8pt;
+        }
+
+    .CHIndent {
+        margin-left: 3ex;
+        }
+
+    .CHEntry a:link,
+    .CHEntry a:visited,
+    .CHEntry a:hover {
+        color: #606060;
+        }
+    .CHEntry a:active {
+        color: #800000;
+        }
+
+
+
+
+
+#Index {
+    background-color: #FFFFFF;
+    }
+
+/*  As opposed to .PopupSearchResultsPage #Index  */
+.IndexPage #Index,
+.FramedIndexPage #Index,
+.FramedSearchResultsPage #Index {
+    padding: 15px;
+    }
+
+.IndexPage #Index {
+    border-width: 0 0 1px 1px;
+    border-style: solid;
+    border-color: #000000;
+    font-size: 8pt;  /* To make 27ex match the menu's 27ex. */
+    margin-left: 27ex;
+    }
+
+
+    .IPageTitle {
+        font-size: 20pt; font-weight: bold;
+        color: #FFFFFF; background-color: #7070C0;
+        padding: 10px 15px 10px 15px;
+        border-width: 0 0 3px 0; border-color: #000000; border-style: solid;
+        margin: -15px -15px 0 -15px }
+
+    .FramedSearchResultsPage .IPageTitle {
+        margin-bottom: 15px;
+        }
+
+    .INavigationBar {
+        text-align: center;
+        background-color: #FFFFF0;
+        padding: 5px;
+        border-bottom: solid 1px black;
+        margin: 0 -15px 15px -15px;
+        }
+
+    .INavigationBar a {
+        font-weight: bold }
+
+    .IHeading {
+        font-size: 14pt; font-weight: bold;
+        padding: 2.5em 0 .5em 0;
+        text-align: center;
+        width: 3.5ex;
+        }
+    #IFirstHeading {
+        padding-top: 0;
+        }
+
+    .IEntry {
+        padding-left: 1ex;
+        }
+    .PopupSearchResultsPage .IEntry {
+        font-size: 8pt;
+        padding: 1px 5px;
+        }
+    .PopupSearchResultsPage .Opera9 .IEntry,
+    .FramedSearchResultsPage .Opera9 .IEntry {
+        text-align: left;
+        }
+    .FramedSearchResultsPage .IEntry {
+        padding: 0;
+        }
+
+    .ISubIndex {
+        padding-left: 3ex; padding-bottom: .5em }
+    .PopupSearchResultsPage .ISubIndex {
+        display: none;
+        }
+
+    /*  While it may cause some entries to look like links when they aren't, I found it's much easier to read the
+         index if everything's the same color.  */
+    .ISymbol {
+        font-weight: bold; color: #900000  }
+
+    .IndexPage .ISymbolPrefix,
+    .FramedIndexPage .ISymbolPrefix {
+        text-align: right;
+        color: #C47C7C;
+        background-color: #F8F8F8;
+        border-right: 3px solid #E0E0E0;
+        border-left: 1px solid #E0E0E0;
+        padding: 0 1px 0 2px;
+        }
+    .PopupSearchResultsPage .ISymbolPrefix,
+    .FramedSearchResultsPage .ISymbolPrefix {
+        color: #900000;
+        }
+    .PopupSearchResultsPage .ISymbolPrefix {
+        font-size: 8pt;
+        }
+
+    .IndexPage #IFirstSymbolPrefix,
+    .FramedIndexPage #IFirstSymbolPrefix {
+        border-top: 1px solid #E0E0E0;
+        }
+    .IndexPage #ILastSymbolPrefix,
+    .FramedIndexPage #ILastSymbolPrefix {
+        border-bottom: 1px solid #E0E0E0;
+        }
+    .IndexPage #IOnlySymbolPrefix,
+    .FramedIndexPage #IOnlySymbolPrefix {
+        border-top: 1px solid #E0E0E0;
+        border-bottom: 1px solid #E0E0E0;
+        }
+
+    a.IParent,
+    a.IFile {
+        display: block;
+        }
+
+    .PopupSearchResultsPage .SRStatus {
+        padding: 2px 5px;
+        font-size: 8pt;
+        font-style: italic;
+        }
+    .FramedSearchResultsPage .SRStatus {
+        font-size: 8pt;
+        font-style: italic;
+        }
+
+    .SRResult {
+        display: none;
+        }
+
+
+
+#Footer {
+    font-size: 8pt;
+    color: #989898;
+    text-align: right;
+    }
+
+#Footer p {
+    text-indent: 0;
+    margin-bottom: .5em;
+    }
+
+.ContentPage #Footer,
+.IndexPage #Footer {
+    text-align: right;
+    margin: 2px;
+    }
+
+.FramedMenuPage #Footer {
+    text-align: center;
+    margin: 5em 10px 10px 10px;
+    padding-top: 1em;
+    border-top: 1px solid #C8C8C8;
+    }
+
+    #Footer a:link,
+    #Footer a:hover,
+    #Footer a:visited { color: #989898 }
+    #Footer a:active { color: #A00000 }
+
+
+
+.prettyprint .kwd { color: #800000; }  /* keywords */
+
+    .prettyprint.PDefaultValue .kwd,
+    .prettyprint.PDefaultValuePrefix .kwd,
+    .prettyprint.PTypePrefix .kwd {
+        color: #C88F8F;
+        }
+
+.prettyprint .com { color: #008000; }  /* comments */
+
+    .prettyprint.PDefaultValue .com,
+    .prettyprint.PDefaultValuePrefix .com,
+    .prettyprint.PTypePrefix .com {
+        color: #8FC88F;
+        }
+
+.prettyprint .str { color: #0000B0; }  /* strings */
+.prettyprint .lit { color: #0000B0; }  /* literals */
+
+    .prettyprint.PDefaultValue .str,
+    .prettyprint.PDefaultValuePrefix .str,
+    .prettyprint.PTypePrefix .str,
+    .prettyprint.PDefaultValue .lit,
+    .prettyprint.PDefaultValuePrefix .lit,
+    .prettyprint.PTypePrefix .lit {
+        color: #8F8FC0;
+        }
+
+.prettyprint .typ { color: #000000; }  /* types */
+.prettyprint .pun { color: #000000; }  /* punctuation */
+.prettyprint .pln { color: #000000; }  /* punctuation */
+
+    .prettyprint.PDefaultValue .typ,
+    .prettyprint.PDefaultValuePrefix .typ,
+    .prettyprint.PTypePrefix .typ,
+    .prettyprint.PDefaultValue .pun,
+    .prettyprint.PDefaultValuePrefix .pun,
+    .prettyprint.PTypePrefix .pun,
+    .prettyprint.PDefaultValue .pln,
+    .prettyprint.PDefaultValuePrefix .pln,
+    .prettyprint.PTypePrefix .pln {
+        color: #8F8F8F;
+        }
+
+.prettyprint .tag { color: #008; }
+.prettyprint .atn { color: #606; }
+.prettyprint .atv { color: #080; }
+.prettyprint .dec { color: #606; }
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/README.md

@@ -0,0 +1,15 @@
+Compatiblity with different browsers
+===================================
+**OS: `windows`**<br>
+
+
+ Cases               | IE (Win)   | Opera | Chrome | Mozilla | Safari 
+ ------------------  | ------- | ----- | ------ | ------- | ------ 
+ XHR wrapping        | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)      |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+ HTML dom-0 wrapping |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+ HTML dom-2 wrapping |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     |      ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png) 
+ URL rewriting       |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     |![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+
+<pre>Note: Missing tick means, this has not yet been implemented or tested</pre>
+
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js

@@ -0,0 +1,366 @@
+/** 
+ * =================================================================
+ * Javascript code for OWASP CSRF Protector
+ * Task it does: Fetch csrftoken from cookie, and attach it to every
+ * 		POST request
+ *		Allowed GET url
+ *			-- XHR
+ *			-- Static Forms
+ *			-- URLS (GET only)
+ *			-- dynamic forms
+ * =================================================================
+ */
+
+var CSRFP_FIELD_TOKEN_NAME = 'csrfp_hidden_data_token';
+var CSRFP_FIELD_URLS = 'csrfp_hidden_data_urls';
+
+var CSRFP = {
+	CSRFP_TOKEN: 'csrfp_token',
+	/**
+	 * Array of patterns of url, for which csrftoken need to be added
+	 * In case of GET request also, provided from server
+	 *
+	 * @var string array
+	 */
+	checkForUrls: [],
+	/**
+	 * Function to check if a certain url is allowed to perform the request
+	 * With or without csrf token
+	 *
+	 * @param: string, url
+	 *
+	 * @return: boolean, 	true if csrftoken is not needed
+	 * 						false if csrftoken is needed
+	 */
+	_isValidGetRequest: function(url) {
+		for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+			var match = CSRFP.checkForUrls[i].exec(url);
+			if (match !== null && match.length > 0) {
+				return false;
+			}
+		}
+		return true;
+	},
+	/** 
+	 * function to get Auth key from cookie Andreturn it to requesting function
+	 *
+	 * @param: void
+	 *
+	 * @return: string, csrftoken retrieved from cookie
+	 */
+	_getAuthKey: function() {
+		var re = new RegExp(CSRFP.CSRFP_TOKEN +"=([^;]+)(;|$)");
+		var RegExpArray = re.exec(document.cookie);
+		
+		if (RegExpArray === null) {
+			return false;
+		}
+		return RegExpArray[1];
+	},
+	/** 
+	 * Function to get domain of any url
+	 *
+	 * @param: string, url
+	 *
+	 * @return: string, domain of url
+	 */
+	_getDomain: function(url) {
+		if (url.indexOf("http://") !== 0 
+			&& url.indexOf("https://") !== 0)
+			return document.domain;
+		return /http(s)?:\/\/([^\/]+)/.exec(url)[2];
+	},
+	/**
+	 * Function to create and return a hidden input element
+	 * For stroing the CSRFP_TOKEN
+	 *
+	 * @param void
+	 *
+	 * @return input element
+	 */
+	_getInputElt: function() {
+		var hiddenObj = document.createElement("input");
+		hiddenObj.setAttribute('name', CSRFP.CSRFP_TOKEN);
+		hiddenObj.setAttribute('class', CSRFP.CSRFP_TOKEN);
+		hiddenObj.type = 'hidden';
+		hiddenObj.value = CSRFP._getAuthKey();
+		return hiddenObj;
+	},
+	/**
+	 * Returns absolute path for relative path
+	 * 
+	 * @param base, base url
+	 * @param relative, relative url
+	 *
+	 * @return absolute path (string)
+	 */
+	_getAbsolutePath: function(base, relative) {
+		var stack = base.split("/");
+		var parts = relative.split("/");
+		// remove current file name (or empty string)
+		// (omit if "base" is the current folder without trailing slash)
+		stack.pop(); 
+			 
+		for (var i = 0; i < parts.length; i++) {
+			if (parts[i] == ".")
+				continue;
+			if (parts[i] == "..")
+				stack.pop();
+			else
+				stack.push(parts[i]);
+		}
+		return stack.join("/");
+	},
+	/** 
+	 * Remove jcsrfp-token run fun and then put them back 
+	 *
+	 * @param function
+	 * @param reference form obj
+	 *
+	 * @retrun function
+	 */
+	_csrfpWrap: function(fun, obj) {
+		return function(event) {
+			// Remove CSRf token if exists
+			if (typeof obj[CSRFP.CSRFP_TOKEN] !== 'undefined') {
+				var target = obj[CSRFP.CSRFP_TOKEN];
+				target.parentNode.removeChild(target);
+			}
+			
+			// Trigger the functions
+			var result = fun.apply(this, [event]);
+			
+			// Now append the csrfp_token back
+			obj.appendChild(CSRFP._getInputElt());
+			
+			return result;
+		};
+	},
+	/**
+	 * Initialises the CSRFProtector js script
+	 *
+	 * @param void
+	 *
+	 * @return void
+	 */
+	_init: function() {
+		CSRFP.CSRFP_TOKEN = document.getElementById(CSRFP_FIELD_TOKEN_NAME).value;
+		try {
+			CSRFP.checkForUrls = JSON.parse(document.getElementById(CSRFP_FIELD_URLS).value);
+		} catch (err) {
+			console.error(err);
+			console.error('[ERROR] [CSRF Protector] unable to parse blacklisted url fields.');
+		}
+
+		//convert these rules received from php lib to regex objects
+		for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+			CSRFP.checkForUrls[i] = CSRFP.checkForUrls[i].replace(/\*/g, '(.*)')
+								.replace(/\//g, "\\/");
+			CSRFP.checkForUrls[i] = new RegExp(CSRFP.checkForUrls[i]);
+		}
+	
+	}
+	
+}; 
+
+//==========================================================
+// Adding tokens, wrappers on window onload
+//==========================================================
+
+function csrfprotector_init() {
+	
+	// Call the init funcion
+	CSRFP._init();
+
+	// definition of basic FORM submit event handler to intercept the form request
+	// and attach a CSRFP TOKEN if it's not already available
+	var BasicSubmitInterceptor = function(event) {
+		if (typeof event.target[CSRFP.CSRFP_TOKEN] === 'undefined') {
+			event.target.appendChild(CSRFP._getInputElt());
+		} else {
+			//modify token to latest value
+			event.target[CSRFP.CSRFP_TOKEN].value = CSRFP._getAuthKey();
+		}
+	}
+
+	//==================================================================
+	// Adding csrftoken to request resulting from <form> submissions
+	// Add for each POST, while for mentioned GET request
+	// TODO - check for method
+	//==================================================================
+	// run time binding
+	document.querySelector('body').addEventListener('submit', function(event) {
+		if (event.target.tagName.toLowerCase() === 'form') {
+			BasicSubmitInterceptor(event);
+		};
+	});
+
+	// intial binding
+	// for(var i = 0; i < document.forms.length; i++) {
+	// 	document.forms[i].addEventListener("submit", BasicSubmitInterceptor);
+	// }
+
+	//==================================================================
+	// Adding csrftoken to request resulting from direct form.submit() call
+	// Add for each POST, while for mentioned GET request
+	// TODO - check for form method
+	//==================================================================
+	HTMLFormElement.prototype.submit_ = HTMLFormElement.prototype.submit;
+	HTMLFormElement.prototype.submit = function() {
+		// check if the FORM already contains the token element
+		if (!this.getElementsByClassName(CSRFP.CSRFP_TOKEN).length)
+			this.appendChild(CSRFP._getInputElt());
+		this.submit_();
+	}
+
+
+	/**
+	 * Add wrapper for HTMLFormElements addEventListener so that any further 
+	 * addEventListens won't have trouble with CSRF token
+	 * todo - check for method
+	 */
+	HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener;
+	HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) {
+		if (eventType === 'submit') {
+			var wrapped = CSRFP._csrfpWrap(fun, this);
+			this.addEventListener_(eventType, wrapped, bubble);
+		} else {
+			this.addEventListener_(eventType, fun, bubble);
+		}	
+	}
+
+	/**
+	 * Add wrapper for IE's attachEvent
+	 * todo - check for method
+	 * todo - typeof is now obselete for IE 11, use some other method.
+	 */
+	if (typeof HTMLFormElement.prototype.attachEvent !== 'undefined') {
+		HTMLFormElement.prototype.attachEvent_ = HTMLFormElement.prototype.attachEvent;
+		HTMLFormElement.prototype.attachEvent = function(eventType, fun) {
+			if (eventType === 'onsubmit') {
+				var wrapped = CSRFP._csrfpWrap(fun, this);
+				this.attachEvent_(eventType, wrapped);
+			} else {
+				this.attachEvent_(eventType, fun);
+			}
+		}
+	}
+
+
+	//==================================================================
+	// Wrapper for XMLHttpRequest & ActiveXObject (for IE 6 & below)
+	// Set X-No-CSRF to true before sending if request method is 
+	//==================================================================
+
+	/** 
+	 * Wrapper to XHR open method
+	 * Add a property method to XMLHttpRequst class
+	 * @param: all parameters to XHR open method
+	 * @return: object returned by default, XHR open method
+	 */
+	function new_open(method, url, async, username, password) {
+		this.method = method;
+		var isAbsolute = (url.indexOf("./") === -1) ? true : false;
+		if (!isAbsolute) {
+			var base = location.protocol +'//' +location.host 
+							+ location.pathname;
+			url = CSRFP._getAbsolutePath(base, url);
+		}
+		if (method.toLowerCase() === 'get' 
+			&& !CSRFP._isValidGetRequest(url)) {
+			//modify the url
+			if (url.indexOf('?') === -1) {
+				url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			} else {
+				url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			}
+		}
+
+		return this.old_open(method, url, async, username, password);
+	}
+
+	/** 
+	 * Wrapper to XHR send method
+	 * Add query paramter to XHR object
+	 *
+	 * @param: all parameters to XHR send method
+	 *
+	 * @return: object returned by default, XHR send method
+	 */
+	function new_send(data) {
+		if (this.method.toLowerCase() === 'post') {
+			if (data !== null && typeof data === 'object') {
+				data.append(CSRFP.CSRFP_TOKEN, CSRFP._getAuthKey());
+			} else {
+				if (typeof data != "undefined") {
+					data += "&";
+				} else {
+					data = "";
+				}
+				data += CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			}
+		}
+		return this.old_send(data);
+	}
+
+	if (window.XMLHttpRequest) {
+		// Wrapping
+		XMLHttpRequest.prototype.old_send = XMLHttpRequest.prototype.send;
+		XMLHttpRequest.prototype.old_open = XMLHttpRequest.prototype.open;
+		XMLHttpRequest.prototype.open = new_open;
+		XMLHttpRequest.prototype.send = new_send;
+	}
+	if (typeof ActiveXObject !== 'undefined') {
+		ActiveXObject.prototype.old_send = ActiveXObject.prototype.send;
+		ActiveXObject.prototype.old_open = ActiveXObject.prototype.open;
+		ActiveXObject.prototype.open = new_open;
+		ActiveXObject.prototype.send = new_send;	
+	}
+	//==================================================================
+	// Rewrite existing urls ( Attach CSRF token )
+	// Rules:
+	// Rewrite those urls which matches the regex sent by Server
+	// Ignore cross origin urls & internal links (one with hashtags)
+	// Append the token to those url already containig GET query parameter(s)
+	// Add the token to those which does not contain GET query parameter(s)
+	//==================================================================
+
+	for (var i = 0; i < document.links.length; i++) {
+		document.links[i].addEventListener("mousedown", function(event) {
+			var href = event.target.href;
+			if(typeof href === "string")
+			{
+				var urlDisect = href.split('#');
+				var url = urlDisect[0];
+				var hash = urlDisect[1];
+
+				if(CSRFP._getDomain(url).indexOf(document.domain) === -1
+					|| CSRFP._isValidGetRequest(url)) {
+					//cross origin or not to be protected by rules -- ignore
+					return;
+				}
+
+				if (url.indexOf('?') !== -1) {
+					if(url.indexOf(CSRFP.CSRFP_TOKEN) === -1) {
+						url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+					} else {
+						url = url.replace(new RegExp(CSRFP.CSRFP_TOKEN +"=.*?(&|$)", 'g'),
+							CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey() + "$1");
+					}
+				} else {
+					url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+				}
+
+				event.target.href = url;
+				if (typeof hash !== 'undefined') {
+					event.target.href += '#' +hash;
+				}
+			}
+		});
+	}
+
+}
+
+window.addEventListener("DOMContentLoaded", function() {
+	csrfprotector_init();
+}, false);

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/README.md

@@ -0,0 +1,21 @@
+CSRFProtector configuration
+==========================================
+
+ - `CSRFP_TOKEN`: name of the csrf nonce, used for cookie or posting as argument. default: `csrfp_token` (if left blank)
+ - `logDirectory`: location of the directory at which log files will be saved **relative** to `config.php` file. This is required for file based logging (default), Not needed, in case you override logging function to implement your logging logic. (View [Overriding logging function](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Overriding-logging-function))
+ <br>**Default value:** `../log/`
+ - `failedAuthAction`: Action code (integer) for action to be taken in case of failed validation. Has two different values for bot `GET` and `POST`. Different action codes are specified as follows, (<br>**Default:** `0` for both `GET` & `POST`):
+*  `0` Send **403, Forbidden** Header
+*  `1` **Strip the POST/GET query** and forward the request! unset($_POST)
+*  `2` **Redirect to custom error page** mentioned in `errorRedirectionPage` 
+*  `3` **Show custom error message** to user, mentioned in `customErrorMessage` 
+*  `4` Send **500, Internal Server Error** header
+
+ - `errorRedirectionPage`: **Absolute url** of the file to which user should be redirected. <br>**Default: null**
+ - `customErrorMessage`: **Error Message** to be shown to user. Only this text will be shown!<br>**Default: null**
+ - `jsPath`: location of the js file **relative** to `config.php`. <br>**Default:** `../js/csrfprotector.js`
+ - `jsUrl`: **Absolute url** of the js file. (See [Setting up](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Setting-up-CSRF-Protector-PHP-in-your-web-application) for more information)
+ - `tokenLength`: length of csrfp token, Default `10`
+ - `secureCookie`: sets the "secure" HTTPS flag on the cookie. <br>**Default: `false`**
+ - `disabledJavascriptMessage`: messaged to be shown if js is disabled (string)
+ - `verifyGetFor`: regex rules for those urls for which csrfp validation should be enabled for `GET` requests also. (View [verifyGetFor rules](https://github.com/mebjas/CSRF-Protector-PHP/wiki/verifyGetFor-rules) for more information)

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php

@@ -0,0 +1,47 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+
+function get_trusted_hostname() {
+  $js_path = "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js";
+  if ((isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") || isset($_SERVER['HTTPS'])) {
+    $is_scheme = "https://";
+  }
+  else {
+    $is_scheme = "http://";
+  }
+  if (isset(explode(':', $_SERVER['HTTP_HOST'])[1])) {
+    $is_port = intval(explode(':', $_SERVER['HTTP_HOST'])[1]);
+    if (filter_var($is_port, FILTER_VALIDATE_INT, array("options" => array("min_range" =>1, "max_range" => 65535))) === false) {
+      return false;
+    }
+  }
+  if (!isset($is_port) || $is_port == 0) {
+    $is_port = ($is_scheme == "https://") ? 443 : 80;
+  }
+  return $is_scheme . $GLOBALS['mailcow_hostname'] . ':' . $is_port . $js_path;
+}
+
+return array(
+	"CSRFP_TOKEN" => "MAILCOW_CSRF",
+	"logDirectory" => "../log",
+	"failedAuthAction" => array(
+		"GET" => 1,
+		"POST" => 1),
+	"errorRedirectionPage" => "",
+	"customErrorMessage" => "",
+	"jsPath" => "../js/csrfprotector.js",
+  // Fetching IS_HTTPS from sessions handler
+	"jsUrl" => get_trusted_hostname(),
+	"tokenLength" => 10,
+	"secureCookie" => false,
+	"disabledJavascriptMessage" => "",
+	 "verifyGetFor" => array()
+);

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/README.md

@@ -0,0 +1,6 @@
+Placeholder for **CSRF Protector - php library**
+=====================================================
+
+**Dependency:** `None`<br>
+**Configuration-File:** `../config.php`<br>
+**Configuration-Format:** `PHP ARRAY`<br>

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php

@@ -0,0 +1,536 @@
+<?php
+
+if (!defined('__CSRF_PROTECTOR__')) {
+	define('__CSRF_PROTECTOR__', true); 	// to avoid multiple declaration errors
+
+	// name of HTTP POST variable for authentication
+	define("CSRFP_TOKEN","csrfp_token");
+
+	// We insert token name and list of url patterns for which
+	// GET requests are validated against CSRF as hidden input fields
+	// these are the names of the input fields
+	define("CSRFP_FIELD_TOKEN_NAME", "csrfp_hidden_data_token");
+	define("CSRFP_FIELD_URLS", "csrfp_hidden_data_urls");
+
+	/**
+	 * child exception classes
+	 */
+	class configFileNotFoundException extends \exception {};
+	class logDirectoryNotFoundException extends \exception {};
+	class jsFileNotFoundException extends \exception {};
+	class logFileWriteError extends \exception {};
+	class baseJSFileNotFoundExceptio extends \exception {};
+	class incompleteConfigurationException extends \exception {};
+	class alreadyInitializedException extends \exception {};
+
+	class csrfProtector
+	{
+		/*
+		 * Variable: $cookieExpiryTime
+		 * expiry time for cookie
+		 * @var int
+		 */
+		public static $cookieExpiryTime = 1800;	//30 minutes
+
+		/*
+		 * Variable: $isSameOrigin
+		 * flag for cross origin/same origin request
+		 * @var bool
+		 */
+		private static $isSameOrigin = true;
+
+		/*
+		 * Variable: $isValidHTML
+		 * flag to check if output file is a valid HTML or not
+		 * @var bool
+		 */
+		private static $isValidHTML = false;
+
+		/*
+		 * Variable: $requestType
+		 * Varaible to store weather request type is post or get
+		 * @var string
+		 */
+		protected static $requestType = "GET";
+
+		/*
+		 * Variable: $config
+		 * config file for CSRFProtector
+		 * @var int Array, length = 6
+		 * Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails
+		 * Property: #2: logDirectory (string) => directory in which log will be saved
+		 * Property: #3: customErrorMessage (string) => custom error message to be sent in case
+		 *						of failed authentication
+		 * Property: #4: jsFile (string) => location of the CSRFProtector js file
+		 * Property: #5: tokenLength (int) => default length of hash
+		 * Property: #6: disabledJavascriptMessage (string) => error message if client's js is disabled
+		 */
+		public static $config = array();
+
+		/*
+		 * Variable: $requiredConfigurations
+		 * Contains list of those parameters that are required to be there
+		 * 	in config file for csrfp to work
+		 */
+		public static $requiredConfigurations  = array('logDirectory', 'failedAuthAction', 'jsPath', 'jsUrl', 'tokenLength');
+		
+		/*
+		 *	Function: init
+	 	 *
+		 *	function to initialise the csrfProtector work flow
+		 *
+		 *	Parameters:
+		 *	$length - length of CSRF_AUTH_TOKEN to be generated
+		 *	$action - int array, for different actions to be taken in case of failed validation
+		 *
+		 *	Returns:
+		 *		void
+		 *
+		 *	Throws:
+		 *		configFileNotFoundException - when configuration file is not found
+		 * 		incompleteConfigurationException - when all required fields in config
+		 *											file are not available
+		 *
+		 */
+		public static function init($length = null, $action = null)
+		{
+			/*
+			 * Check if init has already been called.
+			 */
+			 if (count(self::$config) > 0) {
+				 throw new alreadyInitializedException("OWASP CSRFProtector: library was already initialized.");
+			 }
+
+			/*
+			 * if mod_csrfp already enabled, no verification, no filtering
+			 * Already done by mod_csrfp
+			 */
+			if (getenv('mod_csrfp_enabled'))
+				return;
+
+			//start session in case its not
+			if (session_id() == '')
+			    session_start();
+
+			/*
+			 * load configuration file and properties
+			 * Check locally for a config.php then check for 
+			 * a config/csrf_config.php file in the root folder
+			 * for composer installations
+			 */
+			$standard_config_location = __DIR__ ."/../config.php";
+			$composer_config_location = __DIR__ ."/../../../../../config/csrf_config.php";
+
+			if (file_exists($standard_config_location)) {
+				self::$config = include($standard_config_location);
+			} elseif(file_exists($composer_config_location)) {
+				self::$config = include($composer_config_location);
+			} else {
+				throw new configFileNotFoundException("OWASP CSRFProtector: configuration file not found for CSRFProtector!");
+			}
+
+			//overriding length property if passed in parameters
+			if ($length != null)
+				self::$config['tokenLength'] = intval($length);
+			
+			//action that is needed to be taken in case of failed authorisation
+			if ($action != null)
+				self::$config['failedAuthAction'] = $action;
+
+			if (self::$config['CSRFP_TOKEN'] == '')
+				self::$config['CSRFP_TOKEN'] = CSRFP_TOKEN;
+
+			// Validate the config if everythings filled out
+			// TODO: collect all missing values and throw exception together
+			foreach (self::$requiredConfigurations as $value) {
+				if (!isset(self::$config[$value]) || self::$config[$value] == '') {
+					throw new incompleteConfigurationException(
+						sprintf(
+							"OWASP CSRFProtector: Incomplete configuration file, Value: %s missing ",
+							$value
+						)
+					);
+					exit;
+				}
+			}
+
+			// Authorise the incoming request
+			self::authorizePost();
+
+			// Initialize output buffering handler
+			if (!defined('__TESTING_CSRFP__'))
+				ob_start('csrfProtector::ob_handler');
+
+			if (!isset($_COOKIE[self::$config['CSRFP_TOKEN']])
+				|| !isset($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !in_array($_COOKIE[self::$config['CSRFP_TOKEN']],
+					$_SESSION[self::$config['CSRFP_TOKEN']]))
+				self::refreshToken();
+
+			// Set protected by CSRF Protector header
+			header('X-CSRF-Protection: OWASP CSRFP 1.0.0');
+		}
+
+		/*
+		 * Function: authorizePost
+		 * function to authorise incoming post requests
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 *
+		 * Throws: 
+		 * logDirectoryNotFoundException - if log directory is not found
+		 */
+		public static function authorizePost()
+		{
+			//#todo this method is valid for same origin request only, 
+			//enable it for cross origin also sometime
+			//for cross origin the functionality is different
+			if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+
+				//set request type to POST
+				self::$requestType = "POST";
+
+				//currently for same origin only
+				if (!(isset($_POST[self::$config['CSRFP_TOKEN']]) 
+					&& isset($_SESSION[self::$config['CSRFP_TOKEN']])
+					&& (self::isValidToken($_POST[self::$config['CSRFP_TOKEN']]))
+					)) {
+
+					//action in case of failed validation
+					self::failedValidationAction();			
+				} else {
+					self::refreshToken();	//refresh token for successfull validation
+				}
+			} else if (!static::isURLallowed()) {
+				
+				//currently for same origin only
+				if (!(isset($_GET[self::$config['CSRFP_TOKEN']]) 
+					&& isset($_SESSION[self::$config['CSRFP_TOKEN']])
+					&& (self::isValidToken($_GET[self::$config['CSRFP_TOKEN']]))
+					)) {
+
+					//action in case of failed validation
+					self::failedValidationAction();			
+				} else {
+					self::refreshToken();	//refresh token for successfull validation
+				}
+			}	
+		}
+
+		/*
+		 * Function: isValidToken
+		 * function to check the validity of token in session array
+		 * Function also clears all tokens older than latest one
+		 *
+		 * Parameters: 
+		 * $token - the token sent with GET or POST payload
+		 *
+		 * Returns: 
+		 * bool - true if its valid else false
+		 */
+		private static function isValidToken($token) {
+			if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+			if (!is_array($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+			foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $key => $value) {
+				if ($value == $token) {
+
+					// Clear all older tokens assuming they have been consumed
+					foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $_key => $_value) {
+						if ($_value == $token) break;
+						array_shift($_SESSION[self::$config['CSRFP_TOKEN']]);
+					}
+					return true;
+				}
+			}
+
+			return false;
+		}
+
+		/*
+		 * Function: failedValidationAction
+		 * function to be called in case of failed validation
+		 * performs logging and take appropriate action
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 */
+		private static function failedValidationAction()
+		{
+			if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory']))
+				throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
+		
+			//call the logging function
+			static::logCSRFattack();
+
+			//#todo: ask mentors if $failedAuthAction is better as an int or string
+			//default case is case 0
+			switch (self::$config['failedAuthAction'][self::$requestType]) {
+				case 0:
+					//send 403 header
+					header('HTTP/1.0 403 Forbidden');
+					exit("<h2>403 Access Forbidden by CSRFProtector!</h2>");
+					break;
+				case 1:
+					//unset the query parameters and forward
+					if (self::$requestType === 'GET') {
+						$_GET = array();
+					} else {
+						$_POST = array();
+					}
+					break;
+				case 2:
+					//redirect to custom error page
+					$location  = self::$config['errorRedirectionPage'];
+					header("location: $location");
+				case 3:
+					//send custom error message
+					exit(self::$config['customErrorMessage']);
+					break;
+				case 4:
+					//send 500 header -- internal server error
+					header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
+					exit("<h2>500 Internal Server Error!</h2>");
+					break;
+				default:
+					//unset the query parameters and forward
+					if (self::$requestType === 'GET') {
+						$_GET = array();
+					} else {
+						$_POST = array();
+					}
+					break;
+			}		
+		}
+
+		/*
+		 * Function: refreshToken
+		 * Function to set auth cookie
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 */
+		public static function refreshToken()
+		{
+			$token = self::generateAuthToken();
+
+			if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']]))
+				$_SESSION[self::$config['CSRFP_TOKEN']] = array();
+
+			//set token to session for server side validation
+			array_push($_SESSION[self::$config['CSRFP_TOKEN']], $token);
+
+			//set token to cookie for client side processing
+			setcookie(self::$config['CSRFP_TOKEN'], 
+				$token, 
+				time() + self::$cookieExpiryTime,
+				'',
+				'',
+				(array_key_exists('secureCookie', self::$config) ? (bool)self::$config['secureCookie'] : false));
+		}
+
+		/*
+		 * Function: generateAuthToken
+		 * function to generate random hash of length as given in parameter
+		 * max length = 128
+		 *
+		 * Parameters: 
+		 * length to hash required, int
+		 *
+		 * Returns:
+		 * string, token
+		 */
+		public static function generateAuthToken()
+		{
+			// todo - make this a member method / configurable
+			$randLength = 64;
+			
+			//if config tokenLength value is 0 or some non int
+			if (intval(self::$config['tokenLength']) == 0) {
+				self::$config['tokenLength'] = 32;	//set as default
+			}
+
+			//#todo - if $length > 128 throw exception 
+
+			if (function_exists("random_bytes")) {
+				$token = bin2hex(random_bytes($randLength));
+			} elseif (function_exists("openssl_random_pseudo_bytes")) {
+				$token = bin2hex(openssl_random_pseudo_bytes($randLength));
+			} else {
+				$token = '';
+				for ($i = 0; $i < 128; ++$i) {
+					$r = mt_rand (0, 35);
+					if ($r < 26) {
+						$c = chr(ord('a') + $r);
+					} else { 
+						$c = chr(ord('0') + $r - 26);
+					}
+					$token .= $c;
+				}
+			}
+			return substr($token, 0, self::$config['tokenLength']);
+		}
+
+		/*
+		 * Function: ob_handler
+		 * Rewrites <form> on the fly to add CSRF tokens to them. This can also
+		 * inject our JavaScript library.
+		 *
+		 * Parameters: 
+		 * $buffer - output buffer to which all output are stored
+		 * $flag - INT
+		 *
+		 * Return:
+		 * string, complete output buffer
+		 */
+		public static function ob_handler($buffer, $flags)
+		{
+			// Even though the user told us to rewrite, we should do a quick heuristic
+		    // to check if the page is *actually* HTML. We don't begin rewriting until
+		    // we hit the first <html tag.
+		    if (!self::$isValidHTML) {
+		        // not HTML until proven otherwise
+		        if (stripos($buffer, '<html') !== false) {
+		            self::$isValidHTML = true; 
+		        } else {
+		            return $buffer;
+		        }
+		    }
+		    
+		    // TODO: statically rewrite all forms as well so that if a form is submitted
+		    // before the js has worked on, it will still have token to send
+		    // @priority: medium @labels: important @assign: mebjas
+		    // @deadline: 1 week
+
+		    //add a <noscript> message to outgoing HTML output,
+		    //informing the user to enable js for CSRFProtector to work
+		    //best section to add, after <body> tag
+		    $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>" .self::$config['disabledJavascriptMessage'] .
+		    	"</noscript>", $buffer);
+
+		    $hiddenInput = '<input type="hidden" id="' . CSRFP_FIELD_TOKEN_NAME.'" value="' 
+		    				.self::$config['CSRFP_TOKEN'] .'">' .PHP_EOL;
+
+		    $hiddenInput .= '<input type="hidden" id="' .CSRFP_FIELD_URLS .'" value=\''
+		    				.json_encode(self::$config['verifyGetFor']) .'\'>';
+
+		    //implant hidden fields with check url information for reading in javascript
+	        $buffer = str_ireplace('</body>', $hiddenInput . '</body>', $buffer);
+
+		    //implant the CSRFGuard js file to outgoing script
+		    $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL;
+		    $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count);
+
+		    if (!$count)
+		        $buffer .= $script;
+
+		    return $buffer;
+		}
+
+		/*
+		 * Function: logCSRFattack
+		 * Function to log CSRF Attack
+		 * 
+		 * Parameters: 
+		 * void
+		 *
+		 * Retruns: 
+		 * void
+		 *
+		 * Throws: 
+		 * logFileWriteError - if unable to log an attack
+		 */
+		protected static function logCSRFattack()
+		{
+			//if file doesnot exist for, create it
+			$logFile = fopen(__DIR__ ."/../" .self::$config['logDirectory']
+			."/" .date("m-20y") .".log", "a+");
+			
+			//throw exception if above fopen fails
+			if (!$logFile)
+				throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file");	
+
+			//miniature version of the log
+			$log = array();
+			$log['timestamp'] = time();
+			$log['HOST'] = $_SERVER['HTTP_HOST'];
+			$log['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
+			$log['requestType'] = self::$requestType;
+
+			if (self::$requestType === "GET")
+				$log['query'] = $_GET;
+			else
+				$log['query'] = $_POST;
+
+			$log['cookie'] = $_COOKIE;
+
+			//convert log array to JSON format to be logged
+			$log = json_encode($log) .PHP_EOL;
+
+			//append log to the file
+			fwrite($logFile, $log);
+
+			//close the file handler
+			fclose($logFile);
+		}
+
+		/*
+		 * Function: getCurrentUrl
+		 * Function to return current url of executing page
+		 * 
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * string - current url
+		 */
+		private static function getCurrentUrl()
+		{
+			$request_scheme = 'https';
+
+			if (isset($_SERVER['REQUEST_SCHEME'])) {
+				$request_scheme = $_SERVER['REQUEST_SCHEME'];
+			} else {
+				if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+					$request_scheme = 'https';
+				} else {
+					$request_scheme = 'http';
+				}
+			}
+
+			return $request_scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
+		}
+
+		/*
+		 * Function: isURLallowed
+		 * Function to check if a url mataches for any urls
+		 * Listed in config file
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * boolean - true is url need no validation, false if validation needed
+		 */  
+		public static function isURLallowed() {
+			foreach (self::$config['verifyGetFor'] as $key => $value) {
+				$value = str_replace(array('/','*'), array('\/','(.*)'), $value);
+				preg_match('/' .$value .'/', self::getCurrentUrl(), $output);
+				if (count($output) > 0)
+					return false;
+			}
+			return true;
+		}
+	};
+}

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/licence.md

@@ -0,0 +1,13 @@
+Copyright 2014 OWASP Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/web/inc/lib/vendor/owasp/csrf-protector-php/log/.htaccess

@@ -0,0 +1 @@
+deny from all

data/web/inc/lib/vendor/owasp/csrf-protector-php/log/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/phpunit.xml.dist

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit verbose="true">
+    <php>
+        <ini name="memory_limit" value="1024M" />
+        <ini name="error_reporting" value="E_ALL"/>
+    </php>
+    <testsuite name="OWASP CSRF Protector php">
+        <directory>./test/csrfprotector_test.php</directory>
+    </testsuite>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+        <file>libs/csrf/csrfprotector.php</file>
+        </whitelist>
+    </filter>
+</phpunit>

data/web/inc/lib/vendor/owasp/csrf-protector-php/readme.md

@@ -0,0 +1,65 @@
+CSRF Protector
+==========================
+[![Todo Status](http://todofy.org/b/mebjas/CSRF-Protector-PHP)](http://todofy.org/r/mebjas/CSRF-Protector-PHP) [![Build Status](https://travis-ci.org/mebjas/CSRF-Protector-PHP.svg?branch=master)](https://travis-ci.org/mebjas/CSRF-Protector-PHP)  [![codecov](https://codecov.io/gh/mebjas/CSRF-Protector-PHP/branch/master/graph/badge.svg)](https://codecov.io/gh/mebjas/CSRF-Protector-PHP)
+<br>CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 
+
+Add to your project using packagist
+==========
+ Add a `composer.json` file to your project directory
+ ```json
+ {
+    "require": {
+        "owasp/csrf-protector-php": "dev-master"
+    }
+}
+```
+Then open terminal (or command prompt), move to project directory and run
+```shell
+composer install
+```
+OR
+```
+php composer.phar install
+```
+This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View [packagist.org](https://packagist.org/) for more help with composer!
+
+Configuration
+==========
+For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php
+For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrc/config.php
+Edit config accordingly. See Detailed Information link below.
+
+How to use
+==========
+```php
+<?php
+include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';
+
+//Initialise CSRFGuard library
+csrfProtector::init();
+```
+simply include the library and call the `init()` function!
+
+### Detailed information @[Project wiki on github](https://github.com/mebjas/CSRF-Protector-PHP/wiki)
+
+### More information @[OWASP wiki](https://www.owasp.org/index.php/CSRFProtector_Project)
+
+### Contribute
+
+* Fork the repo
+* Create your branch
+* Commit your changes
+* Create a pull request
+
+### Note
+This version (`master`) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our [nojs version](https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support)
+
+## Discussion
+Join Discussions on the [mailing list](https://lists.owasp.org/mailman/listinfo/owasp-csrfprotector)
+
+For any other queries contact me at: **minhaz@owasp.org**
+
+### FAQ:
+1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
+2. Secure flag in cookie? - https://github.com/mebjas/CSRF-Protector-PHP/issues/54
+3. NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support

data/web/inc/lib/vendor/owasp/csrf-protector-php/test/config.test.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+return array(
+	"CSRFP_TOKEN" => "csrfp_token",
+	"logDirectory" => "../log",
+	"failedAuthAction" => array(
+		"GET" => 0,
+		"POST" => 0),
+	"errorRedirectionPage" => "",
+	"customErrorMessage" => "",
+	"jsPath" => "../js/csrfprotector.js",
+	"jsUrl" => "http://localhost/csrfp/js/csrfprotector.js",
+	"tokenLength" => 10,
+	"secureCookie" => false,
+	"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
+	Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
+	 See details of your web browser for how to enable JavaScript.",
+	 "verifyGetFor" => array()
+);

data/web/inc/lib/vendor/owasp/csrf-protector-php/test/csrfprotector_test.php

@@ -0,0 +1,534 @@
+<?php
+date_default_timezone_set('UTC');
+require_once __DIR__ .'/../libs/csrf/csrfprotector.php';
+
+if (intval(phpversion('tidy')) >= 7 && !class_exists('\PHPUnit_Framework_TestCase', true)) {
+    class_alias('\PHPUnit\Framework\TestCase', '\PHPUnit_Framework_TestCase');
+}
+
+/**
+ * Wrapper class for testing purpose
+ */
+class csrfp_wrapper extends csrfprotector
+{
+    /**
+     * Function to provide wrapper methode to set the protected var, requestType
+     */
+    public static function changeRequestType($type)
+    {
+        self::$requestType = $type;
+    }
+
+    /**
+     * Function to check for a string value anywhere within HTTP response headers
+     * Returns true on first match of $needle in header names or values
+     */
+    public static function checkHeader($needle)
+    {
+        $haystack = xdebug_get_headers();
+        foreach ($haystack as $key => $value) {
+            if (strpos($value, $needle) !== false)
+                return true;
+        }
+        return false;
+    }
+
+    /**
+     * Function to return the string value of the last response header
+     * identified by name $needle
+     */
+    public static function getHeaderValue($needle)
+    {
+        $haystack = xdebug_get_headers();
+        foreach ($haystack as $key => $value) {
+            if (strpos($value, $needle) === 0) {
+                // Deliberately overwrite to accept the last rather than first match
+                // as xdebug_get_headers() will accumulate all set headers
+                list(,$hvalue) = explode(':', $value, 2);
+            }
+        }
+        return $hvalue;
+    } 
+}
+
+/**
+ * helper methods
+ */
+class Helper {
+    /**
+     * Function to recusively delete a dir
+     */
+    public static function delTree($dir) { 
+        $files = array_diff(scandir($dir), array('.','..')); 
+        foreach ($files as $file) { 
+            (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); 
+        } 
+        return rmdir($dir); 
+    }
+}
+
+
+/**
+ * main test class
+ */
+class csrfp_test extends PHPUnit_Framework_TestCase
+{
+    /**
+     * @var to hold current configurations
+     */
+    protected $config = array();
+
+    /**
+     * @var log directory for testing
+     */
+    private $logDir;
+
+    /**
+     * Function to be run before every test*() functions.
+     */
+    public function setUp()
+    {
+        $this->logDir = __DIR__ .'/logs';
+
+        csrfprotector::$config['jsPath'] = '../js/csrfprotector.js';
+        csrfprotector::$config['CSRFP_TOKEN'] = 'csrfp_token';
+        csrfprotector::$config['secureCookie'] = false;
+        csrfprotector::$config['logDirectory'] = '../test/logs';
+
+        $_SERVER['REQUEST_URI'] = 'temp';       // For logging
+        $_SERVER['REQUEST_SCHEME'] = 'http';    // For authorizePost
+        $_SERVER['HTTP_HOST'] = 'test';         // For isUrlAllowed
+        $_SERVER['PHP_SELF'] = '/index.php';     // For authorizePost
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+          = $_GET[csrfprotector::$config['CSRFP_TOKEN']] = '123';
+
+        //token mismatch - leading to failed validation
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+        $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.1';
+        $_SERVER['HTTPS'] = null;
+
+        $this->config = include(__DIR__ .'/config.test.php');
+
+        // Create an instance of config file -- for testing
+        $data = file_get_contents(__DIR__ .'/config.test.php');
+        file_put_contents(__DIR__ .'/../libs/config.php', $data);
+
+        if (!defined('__TESTING_CSRFP__')) define('__TESTING_CSRFP__', true);
+    }
+
+    /**
+     * tearDown()
+     */
+    public function tearDown()
+    {
+        unlink(__DIR__ .'/../libs/config.php');
+        if (is_dir(__DIR__ .'/logs'))
+            Helper::delTree(__DIR__ .'/logs');
+    }
+
+    /**
+     * Function to check refreshToken() functionality
+     */
+    public function testRefreshToken()
+    {
+        $val = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = '123abcd';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+        csrfProtector::$config['tokenLength'] = 20;
+        csrfProtector::refreshToken();
+
+        $this->assertTrue(strcmp($val, $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]) != 0);
+
+        $this->assertTrue(csrfP_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfP_wrapper::checkHeader('csrfp_token'));
+        $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]));
+    }
+
+    /**
+     * test secure flag is set in the token cookie when requested
+     */
+    public function testSecureCookie()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+
+        csrfprotector::$config['secureCookie'] = false;
+        csrfprotector::refreshToken();
+        $this->assertNotRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+
+        csrfprotector::$config['secureCookie'] = true;
+        csrfprotector::refreshToken();
+        $this->assertRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+    }
+
+    /**
+     * test authorise post -> log directory exception
+     */
+    public function testAuthorisePost_logdirException()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        csrfprotector::$config['logDirectory'] = 'unknown_location';
+
+        try {
+            csrfprotector::authorizePost();
+        } catch (logDirectoryNotFoundException $ex) {
+            $this->assertTrue(true);
+            return;;
+        }
+        $this->fail('logDirectoryNotFoundException has not been raised.');
+    }
+
+    /**
+     * test authorise post -> action = 403, forbidden
+     */
+    public function testAuthorisePost_failedAction_1()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['failedAuthAction']['POST'] = 0;
+        csrfprotector::$config['failedAuthAction']['GET'] = 0;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> strip $_GET, $_POST
+     */
+    public function testAuthorisePost_failedAction_2()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 1;
+        csrfprotector::$config['failedAuthAction']['GET'] = 1;
+
+        $_POST = array('param1' => 1, 'param2' => 2);
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_POST);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_GET = array('param1' => 1, 'param2' => 2);
+
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_GET);
+    }
+
+    /**
+     * test authorise post -> redirect
+     */
+    public function testAuthorisePost_failedAction_3()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['errorRedirectionPage'] = 'http://test';
+        csrfprotector::$config['failedAuthAction']['POST'] = 2;
+        csrfprotector::$config['failedAuthAction']['GET'] = 2;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> error message & exit
+     */
+    public function testAuthorisePost_failedAction_4()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['customErrorMessage'] = 'custom error message';
+        csrfprotector::$config['failedAuthAction']['POST'] = 3;
+        csrfprotector::$config['failedAuthAction']['POST'] = 3;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> 500 internal server error
+     */
+    public function testAuthorisePost_failedAction_5()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 4;
+        csrfprotector::$config['failedAuthAction']['GET'] = 4;
+
+        //csrfprotector::authorizePost();
+        //$this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        //csrfp_wrapper::checkHeader('500');
+        //$this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> default action: strip $_GET, $_POST
+     */
+    public function testAuthorisePost_failedAction_6()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 10;
+        csrfprotector::$config['failedAuthAction']['GET'] = 10;
+
+        $_POST = array('param1' => 1, 'param2' => 2);
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_POST);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_GET = array('param1' => 1, 'param2' => 2);
+
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_GET);
+    }
+
+    /**
+     * test authorise success
+     */
+    public function testAuthorisePost_success()
+    {
+
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+        $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+        csrfprotector::authorizePost(); //will create new session and cookies
+        $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]);
+        $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+        // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]));  // Combine these 3 later
+
+        // For get method
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+        $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+        csrfprotector::authorizePost(); //will create new session and cookies
+        $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']]);
+        $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+        // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]));  // Combine these 3 later
+    }
+
+    /**
+     * test for generateAuthToken()
+     */
+    public function testGenerateAuthToken()
+    {
+        csrfprotector::$config['tokenLength'] = 20;
+        $token1 = csrfprotector::generateAuthToken();
+        $token2 = csrfprotector::generateAuthToken();
+
+        $this->assertFalse($token1 == $token2);
+        $this->assertEquals(strlen($token1), 20);
+        $this->assertRegExp('/^[a-z0-9]{20}$/', $token1);
+
+        csrfprotector::$config['tokenLength'] = 128;
+        $token = csrfprotector::generateAuthToken();
+        $this->assertEquals(strlen($token), 128);
+        $this->assertRegExp('/^[a-z0-9]{128}$/', $token);
+    }
+
+    /**
+     * test ob_handler_function
+     */
+    public function testob_handler()
+    {
+        csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+        csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+        $testHTML = '<html>';
+        $testHTML .= '<head><title>1</title>';
+        $testHTML .= '<body onload="test()">';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '</body>';
+        $testHTML .= '</head></html>';
+
+        $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+        $inpLength = strlen($testHTML);
+        $outLength = strlen($modifiedHTML);
+
+        //Check if file has been modified
+        $this->assertFalse($outLength == $inpLength);
+        $this->assertTrue(strpos($modifiedHTML, '<noscript>') !== false);
+        $this->assertTrue(strpos($modifiedHTML, '<script') !== false);
+
+    }
+
+    /**
+     * test ob_handler_function for output filter
+     */
+    public function testob_handler_positioning()
+    {
+        csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+        csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+        $testHTML = '<html>';
+        $testHTML .= '<head><title>1</title>';
+        $testHTML .= '<body onload="test()">';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '</body>';
+        $testHTML .= '</head></html>';
+
+        $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+
+        $this->assertEquals(strpos($modifiedHTML, '<body') + 23, strpos($modifiedHTML, '<noscript'));
+        // Check if content before </body> is </script> #todo
+        //$this->markTestSkipped('todo, add appropriate test here');
+    }
+
+    /**
+     * testing exception in logging function
+     */
+    public function testgetCurrentUrl()
+    {
+        $stub = new ReflectionClass('csrfprotector');
+        $method = $stub->getMethod('getCurrentUrl');
+        $method->setAccessible(true);
+        $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+        $tmp_request_scheme = $_SERVER['REQUEST_SCHEME'];
+        unset($_SERVER['REQUEST_SCHEME']);
+
+        // server-https is not set
+        $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+        $_SERVER['HTTPS'] = 'on';
+        $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+        unset($_SERVER['HTTPS']);
+
+        $_SERVER['REQUEST_SCHEME'] = "https";
+        $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+
+        $_SERVER['REQUEST_SCHEME'] = $tmp_request_scheme;
+    }
+
+    /**
+     * testing exception in logging function
+     */
+    public function testLoggingException()
+    {
+        $stub = new ReflectionClass('csrfprotector');
+        $method = $stub->getMethod('logCSRFattack');
+        $method->setAccessible(true);
+
+        try {
+            $method->invoke(null, array());
+            $this->fail("logFileWriteError was not caught");
+        } catch (Exception $ex) {
+            // pass
+            $this->assertTrue(true);
+        }
+
+        if (!is_dir($this->logDir))
+            mkdir($this->logDir);
+        $method->invoke(null, array());
+        $this->assertTrue(file_exists($this->logDir ."/" .date("m-20y") .".log"));
+    }
+
+    /**
+     * Tests isUrlAllowed() function for various urls and configuration
+     */
+    public function testisURLallowed()
+    {
+        csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
+
+        $_SERVER['PHP_SELF'] = '/nodelete.php';
+        $this->assertTrue(csrfprotector::isURLallowed());
+
+        $_SERVER['PHP_SELF'] = '/index.php';
+        $this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete.php';
+        $this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete_user.php';
+        $this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
+
+        $_SERVER['REQUEST_SCHEME'] = 'https';
+        $_SERVER['PHP_SELF'] = '/index.php';
+        $this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete_user.php';
+        $this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
+    }
+
+    /**
+     * Test for exception thrown when env variable is set by mod_csrfprotector
+     */
+    public function testModCSRFPEnabledException()
+    {
+        putenv('mod_csrfp_enabled=true');
+        $temp = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = 'abc';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+
+        csrfProtector::$config = array();
+        csrfProtector::init();
+
+        // Assuming no config was added
+        $this->assertTrue(count(csrfProtector::$config) == 0);
+        
+        // unset the env variable
+        putenv('mod_csrfp_enabled');
+    }
+
+    /**
+     * Test for exception thrown when init() method is called multiple times
+     */
+    public function testMultipleInitializeException()
+    {
+        csrfProtector::$config = array();
+        $this->assertTrue(count(csrfProtector::$config) == 0);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfProtector::init();
+
+        $this->assertTrue(count(csrfProtector::$config) == 11);
+        try {
+            csrfProtector::init();
+            $this->fail("alreadyInitializedException not raised");
+        }  catch (alreadyInitializedException $ex) {
+            // pass
+            $this->assertTrue(true);
+        } catch (Exception $ex) {
+            $this->fail("exception other than alreadyInitializedException failed");            
+        }
+    }
+}

data/web/inc/lib/vendor/yubico/u2flib-server/.travis.yml

@@ -1,19 +1,21 @@
 language: php
 sudo: false
 php:
-  - 5.3
-  - 5.4
-  - 5.5
-  - 5.6
   - 7.0
+  - 7.1
   - hhvm
-  - hhvm-nightly
-after_success:
-  - test -z $COVERALLS || (composer require satooshi/php-coveralls && vendor/bin/coveralls -v)
 matrix:
   include:
     - php: 5.6
       env: COVERALLS=true
   allow_failures:
     - php: hhvm
-    - php: hhvm-nightly
+
+before_script:
+  - composer install
+
+script:
+  - ./vendor/phpunit/phpunit/phpunit -c phpunit.xml
+
+after_success:
+  - test -z $COVERALLS || (composer require satooshi/php-coveralls && vendor/bin/coveralls -v)

data/web/inc/lib/vendor/yubico/u2flib-server/NEWS

@@ -1,5 +1,9 @@
 php-u2flib-server NEWS -- History of user-visible changes.
 
+* Version 1.0.1 (released 2017-05-09)
+ ** Move examples to phps so they don't execute by default
+ ** Use common challenge for multiple registrations
+
 * Version 1.0.0 (released 2016-02-19)
  ** Give an early error on openssl < 1.0
  ** Support devices with initial counter 0

data/web/inc/lib/vendor/yubico/u2flib-server/apigen.neon

@@ -3,7 +3,8 @@ destination: apidocs
 source:
   - src/u2flib_server
 
-exclude: "*/tests/*"
+exclude:
+  - "*/tests/*"
 
 groups: none
 

data/web/inc/lib/vendor/yubico/u2flib-server/composer.json

@@ -4,10 +4,13 @@
   "homepage":"https://developers.yubico.com/php-u2flib-server",
   "license":"BSD-2-Clause",
   "require": {
-    "ext-openssl":"*"
+    "ext-openssl":"*",
+    "php": ">=5.6"
   },
   "autoload": {
     "classmap": ["src/"]
+  },
+  "require-dev": {
+    "phpunit/phpunit": "~5.7"
   }
 }
-