Remove submodule, add as common directory

data/web/inc/lib/vendor/owasp/csrf-protector-php

@@ -1 +0,0 @@
-Subproject commit aec0d6966992363a7192b2ae9fb0a9643e8fa26b

data/web/inc/lib/vendor/owasp/csrf-protector-php/.coveralls.yml

@@ -0,0 +1,4 @@
+service_name: travis-ci
+src_dir: ./libs/
+coverage_clover: build/logs/clover.xml
+json_path: build/logs/coveralls-upload.json

data/web/inc/lib/vendor/owasp/csrf-protector-php/.travis.yml

@@ -0,0 +1,46 @@
+language: php
+php:
+  - "5.6"
+  - "5.5"
+  - "5.4"
+  - "5.3"
+  - "7.0"
+  - "7.1"
+  - hhvm
+  - nightly
+
+matrix:
+    allow_failures:
+    - php: nightly
+    - php: hhvm
+
+os:
+  - linux
+
+install:
+  # Install composer packages, will also trigger dump-autoload
+  - composer install --no-interaction
+  # Install coveralls.phar
+  - wget -c -nc --retry-connrefused --tries=0 https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar
+  - chmod +x coveralls.phar
+  - php coveralls.phar --version
+
+before_script:
+    - mkdir -p build/logs
+    - ls -al
+
+script:
+ - mkdir -p build/logs
+ - if [ $(phpenv version-name) = 'hhvm' ]; then echo 'xdebug.enable=1' >> /etc/hhvm/php.ini; fi
+ - phpunit --stderr --coverage-clover build/logs/clover.xml
+
+after_script:
+ - php vendor/bin/coveralls -v
+
+after_success:
+ - travis_retry php coveralls.phar -v
+
+cache:
+  directories:
+  - vendor
+  - $HOME/.cache/composer

data/web/inc/lib/vendor/owasp/csrf-protector-php/composer.json

@@ -0,0 +1,14 @@
+{   
+    "name": "owasp/csrf-protector-php",
+    "type": "library",
+    "description": "CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app.",
+    "keywords": ["security","csrf", "owasp"],
+    "homepage": "https://github.com/mebjas/CSRF-Protector-PHP",
+    "license": "APACHE",
+    "require-dev": {
+        "satooshi/php-coveralls": "~1.0"
+    },
+    "autoload": {
+        "classmap": ["libs/csrf/"]
+    }
+}

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index.html

@@ -0,0 +1 @@
+<html><head><meta http-equiv="Refresh" CONTENT="0; URL=files/libs/csrf/csrfprotector-php.html"></head></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Files.html

@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>File Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>File Index</div><div class=INavigationBar>$#! &middot; 0-9 &middot; A &middot; B &middot; <a href="#C">C</a> &middot; D &middot; E &middot; F &middot; G &middot; H &middot; I &middot; J &middot; K &middot; L &middot; M &middot; N &middot; O &middot; P &middot; Q &middot; R &middot; S &middot; T &middot; U &middot; V &middot; W &middot; X &middot; Y &middot; Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php"  class=ISymbol>csrfprotector.php</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Files</div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Functions.html

@@ -0,0 +1,65 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Function Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Function Index</div><div class=INavigationBar>$#! &middot; 0-9 &middot; <a href="#A">A</a> &middot; B &middot; <a href="#C">C</a> &middot; D &middot; E &middot; <a href="#F">F</a> &middot; <a href="#G">G</a> &middot; H &middot; <a href="#I">I</a> &middot; J &middot; K &middot; <a href="#L">L</a> &middot; M &middot; N &middot; <a href="#O">O</a> &middot; P &middot; Q &middot; <a href="#R">R</a> &middot; S &middot; T &middot; <a href="#U">U</a> &middot; V &middot; W &middot; X &middot; Y &middot; Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="A"></a>A</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>authorisePost</a></td></tr><tr><td class=IHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>createNewJsCache</a></td></tr><tr><td class=IHeading><a name="F"></a>F</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>failedValidationAction</a></td></tr><tr><td class=IHeading><a name="G"></a>G</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>generateAuthToken</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>getCurrentUrl</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" id=link6 onMouseOver="ShowTip(event, 'tt6', 'link6')" onMouseOut="HideTip('tt6')" class=ISymbol>init</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" id=link7 onMouseOver="ShowTip(event, 'tt7', 'link7')" onMouseOut="HideTip('tt7')" class=ISymbol>isURLallowed</a></td></tr><tr><td class=IHeading><a name="L"></a>L</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" id=link8 onMouseOver="ShowTip(event, 'tt8', 'link8')" onMouseOut="HideTip('tt8')" class=ISymbol>logCSRFattack</a></td></tr><tr><td class=IHeading><a name="O"></a>O</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" id=link9 onMouseOver="ShowTip(event, 'tt9', 'link9')" onMouseOut="HideTip('tt9')" class=ISymbol>ob_handler</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" id=link10 onMouseOver="ShowTip(event, 'tt10', 'link10')" onMouseOut="HideTip('tt10')" class=ISymbol>refreshToken</a></td></tr><tr><td class=IHeading><a name="U"></a>U</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>&nbsp;</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" id=link11 onMouseOver="ShowTip(event, 'tt11', 'link11')" onMouseOut="HideTip('tt11')" class=ISymbol>useCachedVersion</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function authorisePost()</td></tr></table></blockquote>function to authorise incoming post requests</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt2"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function createNewJsCache()</td></tr></table></blockquote>Function to create new cache version of js</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt3"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function failedValidationAction()</td></tr></table></blockquote>function to be called in case of failed validation performs logging and take appropriate action</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt4"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function generateAuthToken()</td></tr></table></blockquote>function to generate random hash of length as given in parameter max length = 128</div></div><div class=CToolTip id="tt5"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function getCurrentUrl()</td></tr></table></blockquote>Function to return current url of executing page</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt6"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters  prettyprint "nowrap>public static function init(</td><td class="PParameter  prettyprint " nowrap>$length</td><td class="PDefaultValuePrefix  prettyprint ">&nbsp;=&nbsp;</td><td class="PDefaultValue  prettyprint " width=100%> null,</td></tr><tr><td></td><td class="PParameter  prettyprint " nowrap>$action</td><td class="PDefaultValuePrefix  prettyprint ">&nbsp;=&nbsp;</td><td class="PDefaultValue  prettyprint " width=100%> null</td><td class="PAfterParameters  prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>function to initialise the csrfProtector work flow</div></div><div class=CToolTip id="tt7"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function isURLallowed()</td></tr></table></blockquote>Function to check if a url mataches for any urls Listed in config file</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt8"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static function logCSRFattack()</td></tr></table></blockquote>Functio to log CSRF Attack</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt9"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td><table border=0 cellspacing=0 cellpadding=0><tr><td class="PBeforeParameters  prettyprint "nowrap>public static function ob_handler(</td><td class="PParameter  prettyprint " nowrap>$buffer,</td></tr><tr><td></td><td class="PParameter  prettyprint " nowrap>$flags</td><td class="PAfterParameters  prettyprint "nowrap>)</td></tr></table></td></tr></table></blockquote>Rewrites form on the fly to add CSRF tokens to them. </div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt10"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function refreshToken()</td></tr></table></blockquote>Function to set auth cookie</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt11"><div class=CFunction><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static function useCachedVersion()</td></tr></table></blockquote>function to check weather to use cached version of js file or not</div></div><!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Functions</div></div><div class=MEntry><div class=MIndex><a href="Variables.html">Variables</a></div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/index/Variables.html

@@ -0,0 +1,41 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Variable Index</title><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script><script language=JavaScript src="../javascript/searchdata.js"></script></head><body class="IndexPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=IPageTitle>Variable Index</div><div class=INavigationBar>$#! &middot; 0-9 &middot; A &middot; B &middot; <a href="#C">C</a> &middot; D &middot; E &middot; F &middot; G &middot; H &middot; <a href="#I">I</a> &middot; J &middot; K &middot; L &middot; M &middot; N &middot; O &middot; P &middot; Q &middot; <a href="#R">R</a> &middot; S &middot; T &middot; U &middot; V &middot; W &middot; X &middot; Y &middot; Z</div><table border=0 cellspacing=0 cellpadding=0><tr><td class=IHeading id=IFirstHeading><a name="C"></a>C</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$config" id=link1 onMouseOver="ShowTip(event, 'tt1', 'link1')" onMouseOut="HideTip('tt1')" class=ISymbol>config</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" id=link2 onMouseOver="ShowTip(event, 'tt2', 'link2')" onMouseOut="HideTip('tt2')" class=ISymbol>cookieExpiryTime</a></td></tr><tr><td class=IHeading><a name="I"></a>I</td><td></td></tr><tr><td class=ISymbolPrefix id=IFirstSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" id=link3 onMouseOver="ShowTip(event, 'tt3', 'link3')" onMouseOut="HideTip('tt3')" class=ISymbol>isSameOrigin</a></td></tr><tr><td class=ISymbolPrefix id=ILastSymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" id=link4 onMouseOver="ShowTip(event, 'tt4', 'link4')" onMouseOut="HideTip('tt4')" class=ISymbol>isValidHTML</a></td></tr><tr><td class=IHeading><a name="R"></a>R</td><td></td></tr><tr><td class=ISymbolPrefix id=IOnlySymbolPrefix>$</td><td class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" id=link5 onMouseOver="ShowTip(event, 'tt5', 'link5')" onMouseOut="HideTip('tt5')" class=ISymbol>requestType</a></td></tr></table>
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt1"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $config</td></tr></table></blockquote>config file for CSRFProtector @var int Array, length = 6 Property: #1: failedAuthAction (int) =&gt; action to be taken in case autherisation fails Property: #2: logDirectory (string) =&gt; directory in which log will be saved Property: #3: customErrorMessage (string) =&gt; custom error message to be sent in case of failed authentication Property: #4: jsFile (string) =&gt; location of the CSRFProtector js file Property: #5: tokenLength (int) =&gt; default length of hash Property: #6: disabledJavascriptMessage (string) =&gt; error message if client&rsquo;s js is disabled</div></div><div class=CToolTip id="tt2"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">public static $cookieExpiryTime</td></tr></table></blockquote>expiry time for cookie @var int</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt3"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isSameOrigin</td></tr></table></blockquote>flag for cross origin/same origin request @var bool</div></div><div class=CToolTip id="tt4"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">private static $isValidHTML</td></tr></table></blockquote>flag to check if output file is a valid HTML or not @var bool</div></div><!--END_ND_TOOLTIPS-->
+
+
+<!--START_ND_TOOLTIPS-->
+<div class=CToolTip id="tt5"><div class=CVariable><blockquote><table border=0 cellspacing=0 cellpadding=0 class="Prototype"><tr><td class="prettyprint">protected static $requestType</td></tr></table></blockquote>Varaible to store weather request type is post or get @var string</div></div><!--END_ND_TOOLTIPS-->
+
+</div><!--Index-->
+
+
+<div id=Footer><a href="http://www.naturaldocs.org">Generated by Natural Docs</a></div><!--Footer-->
+
+
+<div id=Menu><div class=MEntry><div class=MFile><a href="../files/libs/csrf/csrfprotector-php.html">csrfprotector.php</a></div></div><div class=MEntry><div class=MGroup><a href="javascript:ToggleMenu('MGroupContent1')">Index</a><div class=MGroupContent id=MGroupContent1><div class=MEntry><div class=MIndex><a href="General.html">Everything</a></div></div><div class=MEntry><div class=MIndex><a href="Files.html">Files</a></div></div><div class=MEntry><div class=MIndex><a href="Functions.html">Functions</a></div></div><div class=MEntry><div class=MIndex id=MSelected>Variables</div></div></div></div></div><script type="text/javascript"><!--
+var searchPanel = new SearchPanel("searchPanel", "HTML", "../search");
+--></script><div id=MSearchPanel class=MSearchPanelInactive><input type=text id=MSearchField value=Search onFocus="searchPanel.OnSearchFieldFocus(true)" onBlur="searchPanel.OnSearchFieldFocus(false)" onKeyUp="searchPanel.OnSearchFieldChange()"><select id=MSearchType onFocus="searchPanel.OnSearchTypeFocus(true)" onBlur="searchPanel.OnSearchTypeFocus(false)" onChange="searchPanel.OnSearchTypeChange()"><option  id=MSearchEverything selected value="General">Everything</option><option value="Files">Files</option><option value="Functions">Functions</option><option value="Variables">Variables</option></select></div></div><!--Menu-->
+
+
+<div id=MSearchResultsWindow><iframe src="" frameborder=0 name=MSearchResults id=MSearchResults></iframe><a href="javascript:searchPanel.CloseResultsWindow()" id=MSearchResultsWindowClose>Close</a></div>
+
+
+<script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/main.js

@@ -0,0 +1,841 @@
+// This file is part of Natural Docs, which is Copyright © 2003-2010 Greg Valure
+// Natural Docs is licensed under version 3 of the GNU Affero General Public License (AGPL)
+// Refer to License.txt for the complete details
+
+// This file may be distributed with documentation files generated by Natural Docs.
+// Such documentation is not covered by Natural Docs' copyright and licensing,
+// and may have its own copyright and distribution terms as decided by its author.
+
+
+//
+//  Browser Styles
+// ____________________________________________________________________________
+
+var agt=navigator.userAgent.toLowerCase();
+var browserType;
+var browserVer;
+
+if (agt.indexOf("opera") != -1)
+    {
+    browserType = "Opera";
+
+    if (agt.indexOf("opera 7") != -1 || agt.indexOf("opera/7") != -1)
+        {  browserVer = "Opera7";  }
+    else if (agt.indexOf("opera 8") != -1 || agt.indexOf("opera/8") != -1)
+        {  browserVer = "Opera8";  }
+    else if (agt.indexOf("opera 9") != -1 || agt.indexOf("opera/9") != -1)
+        {  browserVer = "Opera9";  }
+    }
+
+else if (agt.indexOf("applewebkit") != -1)
+    {
+    browserType = "Safari";
+
+    if (agt.indexOf("version/3") != -1)
+        {  browserVer = "Safari3";  }
+    else if (agt.indexOf("safari/4") != -1)
+        {  browserVer = "Safari2";  }
+    }
+
+else if (agt.indexOf("khtml") != -1)
+    {
+    browserType = "Konqueror";
+    }
+
+else if (agt.indexOf("msie") != -1)
+    {
+    browserType = "IE";
+
+    if (agt.indexOf("msie 6") != -1)
+        {  browserVer = "IE6";  }
+    else if (agt.indexOf("msie 7") != -1)
+        {  browserVer = "IE7";  }
+    }
+
+else if (agt.indexOf("gecko") != -1)
+    {
+    browserType = "Firefox";
+
+    if (agt.indexOf("rv:1.7") != -1)
+        {  browserVer = "Firefox1";  }
+    else if (agt.indexOf("rv:1.8)") != -1 || agt.indexOf("rv:1.8.0") != -1)
+        {  browserVer = "Firefox15";  }
+    else if (agt.indexOf("rv:1.8.1") != -1)
+        {  browserVer = "Firefox2";  }
+    }
+
+
+//
+//  Support Functions
+// ____________________________________________________________________________
+
+
+function GetXPosition(item)
+    {
+    var position = 0;
+
+    if (item.offsetWidth != null)
+        {
+        while (item != document.body && item != null)
+            {
+            position += item.offsetLeft;
+            item = item.offsetParent;
+            };
+        };
+
+    return position;
+    };
+
+
+function GetYPosition(item)
+    {
+    var position = 0;
+
+    if (item.offsetWidth != null)
+        {
+        while (item != document.body && item != null)
+            {
+            position += item.offsetTop;
+            item = item.offsetParent;
+            };
+        };
+
+    return position;
+    };
+
+
+function MoveToPosition(item, x, y)
+    {
+    // Opera 5 chokes on the px extension, so it can use the Microsoft one instead.
+
+    if (item.style.left != null)
+        {
+        item.style.left = x + "px";
+        item.style.top = y + "px";
+        }
+    else if (item.style.pixelLeft != null)
+        {
+        item.style.pixelLeft = x;
+        item.style.pixelTop = y;
+        };
+    };
+
+
+//
+//  Menu
+// ____________________________________________________________________________
+
+
+function ToggleMenu(id)
+    {
+    if (!window.document.getElementById)
+        {  return;  };
+
+    var display = window.document.getElementById(id).style.display;
+
+    if (display == "none")
+        {  display = "block";  }
+    else
+        {  display = "none";  }
+
+    window.document.getElementById(id).style.display = display;
+    }
+
+function HideAllBut(ids, max)
+    {
+    if (document.getElementById)
+        {
+        ids.sort( function(a,b) { return a - b; } );
+        var number = 1;
+
+        while (number < max)
+            {
+            if (ids.length > 0 && number == ids[0])
+                {  ids.shift();  }
+            else
+                {
+                document.getElementById("MGroupContent" + number).style.display = "none";
+                };
+
+            number++;
+            };
+        };
+    }
+
+
+//
+//  Tooltips
+// ____________________________________________________________________________
+
+
+var tooltipTimer = 0;
+
+function ShowTip(event, tooltipID, linkID)
+    {
+    if (tooltipTimer)
+        {  clearTimeout(tooltipTimer);  };
+
+    var docX = event.clientX + window.pageXOffset;
+    var docY = event.clientY + window.pageYOffset;
+
+    var showCommand = "ReallyShowTip('" + tooltipID + "', '" + linkID + "', " + docX + ", " + docY + ")";
+
+    tooltipTimer = setTimeout(showCommand, 1000);
+    }
+
+function ReallyShowTip(tooltipID, linkID, docX, docY)
+    {
+    tooltipTimer = 0;
+
+    var tooltip;
+    var link;
+
+    if (document.getElementById)
+        {
+        tooltip = document.getElementById(tooltipID);
+        link = document.getElementById(linkID);
+        }
+/*    else if (document.all)
+        {
+        tooltip = eval("document.all['" + tooltipID + "']");
+        link = eval("document.all['" + linkID + "']");
+        }
+*/
+    if (tooltip)
+        {
+        var left = GetXPosition(link);
+        var top = GetYPosition(link);
+        top += link.offsetHeight;
+
+
+        // The fallback method is to use the mouse X and Y relative to the document.  We use a separate if and test if its a number
+        // in case some browser snuck through the above if statement but didn't support everything.
+
+        if (!isFinite(top) || top == 0)
+            {
+            left = docX;
+            top = docY;
+            }
+
+        // Some spacing to get it out from under the cursor.
+
+        top += 10;
+
+        // Make sure the tooltip doesnt get smushed by being too close to the edge, or in some browsers, go off the edge of the
+        // page.  We do it here because Konqueror does get offsetWidth right even if it doesnt get the positioning right.
+
+        if (tooltip.offsetWidth != null)
+            {
+            var width = tooltip.offsetWidth;
+            var docWidth = document.body.clientWidth;
+
+            if (left + width > docWidth)
+                {  left = docWidth - width - 1;  }
+
+            // If there's a horizontal scroll bar we could go past zero because it's using the page width, not the window width.
+            if (left < 0)
+                {  left = 0;  };
+            }
+
+        MoveToPosition(tooltip, left, top);
+        tooltip.style.visibility = "visible";
+        }
+    }
+
+function HideTip(tooltipID)
+    {
+    if (tooltipTimer)
+        {
+        clearTimeout(tooltipTimer);
+        tooltipTimer = 0;
+        }
+
+    var tooltip;
+
+    if (document.getElementById)
+        {  tooltip = document.getElementById(tooltipID); }
+    else if (document.all)
+        {  tooltip = eval("document.all['" + tooltipID + "']");  }
+
+    if (tooltip)
+        {  tooltip.style.visibility = "hidden";  }
+    }
+
+
+//
+//  Blockquote fix for IE
+// ____________________________________________________________________________
+
+
+function NDOnLoad()
+    {
+    if (browserVer == "IE6")
+        {
+        var scrollboxes = document.getElementsByTagName('blockquote');
+
+        if (scrollboxes.item(0))
+            {
+            NDDoResize();
+            window.onresize=NDOnResize;
+            };
+        };
+    };
+
+
+var resizeTimer = 0;
+
+function NDOnResize()
+    {
+    if (resizeTimer != 0)
+        {  clearTimeout(resizeTimer);  };
+
+    resizeTimer = setTimeout(NDDoResize, 250);
+    };
+
+
+function NDDoResize()
+    {
+    var scrollboxes = document.getElementsByTagName('blockquote');
+
+    var i;
+    var item;
+
+    i = 0;
+    while (item = scrollboxes.item(i))
+        {
+        item.style.width = 100;
+        i++;
+        };
+
+    i = 0;
+    while (item = scrollboxes.item(i))
+        {
+        item.style.width = item.parentNode.offsetWidth;
+        i++;
+        };
+
+    clearTimeout(resizeTimer);
+    resizeTimer = 0;
+    }
+
+
+
+/* ________________________________________________________________________________________________________
+
+    Class: SearchPanel
+    ________________________________________________________________________________________________________
+
+    A class handling everything associated with the search panel.
+
+    Parameters:
+
+        name - The name of the global variable that will be storing this instance.  Is needed to be able to set timeouts.
+        mode - The mode the search is going to work in.  Pass <NaturalDocs::Builder::Base->CommandLineOption()>, so the
+                   value will be something like "HTML" or "FramedHTML".
+
+    ________________________________________________________________________________________________________
+*/
+
+
+function SearchPanel(name, mode, resultsPath)
+    {
+    if (!name || !mode || !resultsPath)
+        {  alert("Incorrect parameters to SearchPanel.");  };
+
+
+    // Group: Variables
+    // ________________________________________________________________________
+
+    /*
+        var: name
+        The name of the global variable that will be storing this instance of the class.
+    */
+    this.name = name;
+
+    /*
+        var: mode
+        The mode the search is going to work in, such as "HTML" or "FramedHTML".
+    */
+    this.mode = mode;
+
+    /*
+        var: resultsPath
+        The relative path from the current HTML page to the results page directory.
+    */
+    this.resultsPath = resultsPath;
+
+    /*
+        var: keyTimeout
+        The timeout used between a keystroke and when a search is performed.
+    */
+    this.keyTimeout = 0;
+
+    /*
+        var: keyTimeoutLength
+        The length of <keyTimeout> in thousandths of a second.
+    */
+    this.keyTimeoutLength = 500;
+
+    /*
+        var: lastSearchValue
+        The last search string executed, or an empty string if none.
+    */
+    this.lastSearchValue = "";
+
+    /*
+        var: lastResultsPage
+        The last results page.  The value is only relevant if <lastSearchValue> is set.
+    */
+    this.lastResultsPage = "";
+
+    /*
+        var: deactivateTimeout
+
+        The timeout used between when a control is deactivated and when the entire panel is deactivated.  Is necessary
+        because a control may be deactivated in favor of another control in the same panel, in which case it should stay
+        active.
+    */
+    this.deactivateTimout = 0;
+
+    /*
+        var: deactivateTimeoutLength
+        The length of <deactivateTimeout> in thousandths of a second.
+    */
+    this.deactivateTimeoutLength = 200;
+
+
+
+
+    // Group: DOM Elements
+    // ________________________________________________________________________
+
+
+    // Function: DOMSearchField
+    this.DOMSearchField = function()
+        {  return document.getElementById("MSearchField");  };
+
+    // Function: DOMSearchType
+    this.DOMSearchType = function()
+        {  return document.getElementById("MSearchType");  };
+
+    // Function: DOMPopupSearchResults
+    this.DOMPopupSearchResults = function()
+        {  return document.getElementById("MSearchResults");  };
+
+    // Function: DOMPopupSearchResultsWindow
+    this.DOMPopupSearchResultsWindow = function()
+        {  return document.getElementById("MSearchResultsWindow");  };
+
+    // Function: DOMSearchPanel
+    this.DOMSearchPanel = function()
+        {  return document.getElementById("MSearchPanel");  };
+
+
+
+
+    // Group: Event Handlers
+    // ________________________________________________________________________
+
+
+    /*
+        Function: OnSearchFieldFocus
+        Called when focus is added or removed from the search field.
+    */
+    this.OnSearchFieldFocus = function(isActive)
+        {
+        this.Activate(isActive);
+        };
+
+
+    /*
+        Function: OnSearchFieldChange
+        Called when the content of the search field is changed.
+    */
+    this.OnSearchFieldChange = function()
+        {
+        if (this.keyTimeout)
+            {
+            clearTimeout(this.keyTimeout);
+            this.keyTimeout = 0;
+            };
+
+        var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+        if (searchValue != this.lastSearchValue)
+            {
+            if (searchValue != "")
+                {
+                this.keyTimeout = setTimeout(this.name + ".Search()", this.keyTimeoutLength);
+                }
+            else
+                {
+                if (this.mode == "HTML")
+                    {  this.DOMPopupSearchResultsWindow().style.display = "none";  };
+                this.lastSearchValue = "";
+                };
+            };
+        };
+
+
+    /*
+        Function: OnSearchTypeFocus
+        Called when focus is added or removed from the search type.
+    */
+    this.OnSearchTypeFocus = function(isActive)
+        {
+        this.Activate(isActive);
+        };
+
+
+    /*
+        Function: OnSearchTypeChange
+        Called when the search type is changed.
+    */
+    this.OnSearchTypeChange = function()
+        {
+        var searchValue = this.DOMSearchField().value.replace(/ +/g, "");
+
+        if (searchValue != "")
+            {
+            this.Search();
+            };
+        };
+
+
+
+    // Group: Action Functions
+    // ________________________________________________________________________
+
+
+    /*
+        Function: CloseResultsWindow
+        Closes the results window.
+    */
+    this.CloseResultsWindow = function()
+        {
+        this.DOMPopupSearchResultsWindow().style.display = "none";
+        this.Activate(false, true);
+        };
+
+
+    /*
+        Function: Search
+        Performs a search.
+    */
+    this.Search = function()
+        {
+        this.keyTimeout = 0;
+
+        var searchValue = this.DOMSearchField().value.replace(/^ +/, "");
+        var searchTopic = this.DOMSearchType().value;
+
+        var pageExtension = searchValue.substr(0,1);
+
+        if (pageExtension.match(/^[a-z]/i))
+            {  pageExtension = pageExtension.toUpperCase();  }
+        else if (pageExtension.match(/^[0-9]/))
+            {  pageExtension = 'Numbers';  }
+        else
+            {  pageExtension = "Symbols";  };
+
+        var resultsPage;
+        var resultsPageWithSearch;
+        var hasResultsPage;
+
+        // indexSectionsWithContent is defined in searchdata.js
+        if (indexSectionsWithContent[searchTopic][pageExtension] == true)
+            {
+            resultsPage = this.resultsPath + '/' + searchTopic + pageExtension + '.html';
+            resultsPageWithSearch = resultsPage+'?'+escape(searchValue);
+            hasResultsPage = true;
+            }
+        else
+            {
+            resultsPage = this.resultsPath + '/NoResults.html';
+            resultsPageWithSearch = resultsPage;
+            hasResultsPage = false;
+            };
+
+        var resultsFrame;
+        if (this.mode == "HTML")
+            {  resultsFrame = window.frames.MSearchResults;  }
+        else if (this.mode == "FramedHTML")
+            {  resultsFrame = window.top.frames['Content'];  };
+
+
+        if (resultsPage != this.lastResultsPage ||
+
+            // Bug in IE.  If everything becomes hidden in a run, none of them will be able to be reshown in the next for some
+            // reason.  It counts the right number of results, and you can even read the display as "block" after setting it, but it
+            // just doesn't work in IE 6 or IE 7.  So if we're on the right page but the previous search had no results, reload the
+            // page anyway to get around the bug.
+            (browserType == "IE" && hasResultsPage &&
+            	(!resultsFrame.searchResults || resultsFrame.searchResults.lastMatchCount == 0)) )
+
+            {
+            resultsFrame.location.href = resultsPageWithSearch;
+            }
+
+        // So if the results page is right and there's no IE bug, reperform the search on the existing page.  We have to check if there
+        // are results because NoResults.html doesn't have any JavaScript, and it would be useless to do anything on that page even
+        // if it did.
+        else if (hasResultsPage)
+            {
+            // We need to check if this exists in case the frame is present but didn't finish loading.
+            if (resultsFrame.searchResults)
+                {  resultsFrame.searchResults.Search(searchValue);  }
+
+            // Otherwise just reload instead of waiting.
+            else
+                {  resultsFrame.location.href = resultsPageWithSearch;  };
+            };
+
+
+        var domPopupSearchResultsWindow = this.DOMPopupSearchResultsWindow();
+
+        if (this.mode == "HTML" && domPopupSearchResultsWindow.style.display != "block")
+            {
+            var domSearchType = this.DOMSearchType();
+
+            var left = GetXPosition(domSearchType);
+            var top = GetYPosition(domSearchType) + domSearchType.offsetHeight;
+
+            MoveToPosition(domPopupSearchResultsWindow, left, top);
+            domPopupSearchResultsWindow.style.display = 'block';
+            };
+
+
+        this.lastSearchValue = searchValue;
+        this.lastResultsPage = resultsPage;
+        };
+
+
+
+    // Group: Activation Functions
+    // Functions that handle whether the entire panel is active or not.
+    // ________________________________________________________________________
+
+
+    /*
+        Function: Activate
+
+        Activates or deactivates the search panel, resetting things to their default values if necessary.  You can call this on every
+        control's OnBlur() and it will handle not deactivating the entire panel when focus is just switching between them transparently.
+
+        Parameters:
+
+            isActive - Whether you're activating or deactivating the panel.
+            ignoreDeactivateDelay - Set if you're positive the action will deactivate the panel and thus want to skip the delay.
+    */
+    this.Activate = function(isActive, ignoreDeactivateDelay)
+        {
+        // We want to ignore isActive being false while the results window is open.
+        if (isActive || (this.mode == "HTML" && this.DOMPopupSearchResultsWindow().style.display == "block"))
+            {
+            if (this.inactivateTimeout)
+                {
+                clearTimeout(this.inactivateTimeout);
+                this.inactivateTimeout = 0;
+                };
+
+            this.DOMSearchPanel().className = 'MSearchPanelActive';
+
+            var searchField = this.DOMSearchField();
+
+            if (searchField.value == 'Search')
+                 {  searchField.value = "";  }
+            }
+        else if (!ignoreDeactivateDelay)
+            {
+            this.inactivateTimeout = setTimeout(this.name + ".InactivateAfterTimeout()", this.inactivateTimeoutLength);
+            }
+        else
+            {
+            this.InactivateAfterTimeout();
+            };
+        };
+
+
+    /*
+        Function: InactivateAfterTimeout
+
+        Called by <inactivateTimeout>, which is set by <Activate()>.  Inactivation occurs on a timeout because a control may
+        receive OnBlur() when focus is really transferring to another control in the search panel.  In this case we don't want to
+        actually deactivate the panel because not only would that cause a visible flicker but it could also reset the search value.
+        So by doing it on a timeout instead, there's a short period where the second control's OnFocus() can cancel the deactivation.
+    */
+    this.InactivateAfterTimeout = function()
+        {
+        this.inactivateTimeout = 0;
+
+        this.DOMSearchPanel().className = 'MSearchPanelInactive';
+        this.DOMSearchField().value = "Search";
+
+	    this.lastSearchValue = "";
+	    this.lastResultsPage = "";
+        };
+    };
+
+
+
+
+/* ________________________________________________________________________________________________________
+
+   Class: SearchResults
+   _________________________________________________________________________________________________________
+
+   The class that handles everything on the search results page.
+   _________________________________________________________________________________________________________
+*/
+
+
+function SearchResults(name, mode)
+    {
+    /*
+        var: mode
+        The mode the search is going to work in, such as "HTML" or "FramedHTML".
+    */
+    this.mode = mode;
+
+    /*
+        var: lastMatchCount
+        The number of matches from the last run of <Search()>.
+    */
+    this.lastMatchCount = 0;
+
+
+    /*
+        Function: Toggle
+        Toggles the visibility of the passed element ID.
+    */
+    this.Toggle = function(id)
+        {
+        if (this.mode == "FramedHTML")
+            {  return;  };
+
+        var parentElement = document.getElementById(id);
+
+        var element = parentElement.firstChild;
+
+        while (element && element != parentElement)
+            {
+            if (element.nodeName == 'DIV' && element.className == 'ISubIndex')
+                {
+                if (element.style.display == 'block')
+                    {  element.style.display = "none";  }
+                else
+                    {  element.style.display = 'block';  }
+                };
+
+            if (element.nodeName == 'DIV' && element.hasChildNodes())
+                {  element = element.firstChild;  }
+            else if (element.nextSibling)
+                {  element = element.nextSibling;  }
+            else
+                {
+                do
+                    {
+                    element = element.parentNode;
+                    }
+                while (element && element != parentElement && !element.nextSibling);
+
+                if (element && element != parentElement)
+                    {  element = element.nextSibling;  };
+                };
+            };
+        };
+
+
+    /*
+        Function: Search
+
+        Searches for the passed string.  If there is no parameter, it takes it from the URL query.
+
+        Always returns true, since other documents may try to call it and that may or may not be possible.
+    */
+    this.Search = function(search)
+        {
+        if (!search)
+            {
+            search = window.location.search;
+            search = search.substring(1);  // Remove the leading ?
+            search = unescape(search);
+            };
+
+        search = search.replace(/^ +/, "");
+        search = search.replace(/ +$/, "");
+        search = search.toLowerCase();
+
+        if (search.match(/[^a-z0-9]/)) // Just a little speedup so it doesn't have to go through the below unnecessarily.
+            {
+            search = search.replace(/\_/g, "_und");
+            search = search.replace(/\ +/gi, "_spc");
+            search = search.replace(/\~/g, "_til");
+            search = search.replace(/\!/g, "_exc");
+            search = search.replace(/\@/g, "_att");
+            search = search.replace(/\#/g, "_num");
+            search = search.replace(/\$/g, "_dol");
+            search = search.replace(/\%/g, "_pct");
+            search = search.replace(/\^/g, "_car");
+            search = search.replace(/\&/g, "_amp");
+            search = search.replace(/\*/g, "_ast");
+            search = search.replace(/\(/g, "_lpa");
+            search = search.replace(/\)/g, "_rpa");
+            search = search.replace(/\-/g, "_min");
+            search = search.replace(/\+/g, "_plu");
+            search = search.replace(/\=/g, "_equ");
+            search = search.replace(/\{/g, "_lbc");
+            search = search.replace(/\}/g, "_rbc");
+            search = search.replace(/\[/g, "_lbk");
+            search = search.replace(/\]/g, "_rbk");
+            search = search.replace(/\:/g, "_col");
+            search = search.replace(/\;/g, "_sco");
+            search = search.replace(/\"/g, "_quo");
+            search = search.replace(/\'/g, "_apo");
+            search = search.replace(/\</g, "_lan");
+            search = search.replace(/\>/g, "_ran");
+            search = search.replace(/\,/g, "_com");
+            search = search.replace(/\./g, "_per");
+            search = search.replace(/\?/g, "_que");
+            search = search.replace(/\//g, "_sla");
+            search = search.replace(/[^a-z0-9\_]i/gi, "_zzz");
+            };
+
+        var resultRows = document.getElementsByTagName("div");
+        var matches = 0;
+
+        var i = 0;
+        while (i < resultRows.length)
+            {
+            var row = resultRows.item(i);
+
+            if (row.className == "SRResult")
+                {
+                var rowMatchName = row.id.toLowerCase();
+                rowMatchName = rowMatchName.replace(/^sr\d*_/, '');
+
+                if (search.length <= rowMatchName.length && rowMatchName.substr(0, search.length) == search)
+                    {
+                    row.style.display = "block";
+                    matches++;
+                    }
+                else
+                    {  row.style.display = "none";  };
+                };
+
+            i++;
+            };
+
+        document.getElementById("Searching").style.display="none";
+
+        if (matches == 0)
+            {  document.getElementById("NoMatches").style.display="block";  }
+        else
+            {  document.getElementById("NoMatches").style.display="none";  }
+
+        this.lastMatchCount = matches;
+
+        return true;
+        };
+    };
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/javascript/searchdata.js

@@ -0,0 +1,122 @@
+var indexSectionsWithContent = {
+   "General": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": true,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": true,
+      "G": true,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": true,
+      "M": false,
+      "N": false,
+      "O": true,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": true,
+      "V": true,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Variables": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": false,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": false,
+      "G": false,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": false,
+      "M": false,
+      "N": false,
+      "O": false,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": false,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Functions": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": true,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": true,
+      "G": true,
+      "H": false,
+      "I": true,
+      "J": false,
+      "K": false,
+      "L": true,
+      "M": false,
+      "N": false,
+      "O": true,
+      "P": false,
+      "Q": false,
+      "R": true,
+      "S": false,
+      "T": false,
+      "U": true,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      },
+   "Files": {
+      "Symbols": false,
+      "Numbers": false,
+      "A": false,
+      "B": false,
+      "C": true,
+      "D": false,
+      "E": false,
+      "F": false,
+      "G": false,
+      "H": false,
+      "I": false,
+      "J": false,
+      "K": false,
+      "L": false,
+      "M": false,
+      "N": false,
+      "O": false,
+      "P": false,
+      "Q": false,
+      "R": false,
+      "S": false,
+      "T": false,
+      "U": false,
+      "V": false,
+      "W": false,
+      "X": false,
+      "Y": false,
+      "Z": false
+      }
+   }

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FilesC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsA.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsF.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsG.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsL.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsO.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/FunctionsU.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralA.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_authorisePost><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#authorisePost" target=_parent class=ISymbol>authorisePost</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div><div class=SRResult id=SR_createNewJsCache><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#createNewJsCache" target=_parent class=ISymbol>createNewJsCache</a></div></div><div class=SRResult id=SR_csrfprotector_perphp><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#csrfprotector.php" target=_parent class=ISymbol>csrfprotector.php</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralF.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_failedValidationAction><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#failedValidationAction" target=_parent class=ISymbol>failedValidationAction</a></div></div><div class=SRResult id=SR_Functions><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Functions" target=_parent class=ISymbol>Functions</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralG.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_generateAuthToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#generateAuthToken" target=_parent class=ISymbol>generateAuthToken</a></div></div><div class=SRResult id=SR_getCurrentUrl><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#getCurrentUrl" target=_parent class=ISymbol>getCurrentUrl</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_init><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#init" target=_parent class=ISymbol>init</a></div></div><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isURLallowed><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#isURLallowed" target=_parent class=ISymbol>isURLallowed</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralL.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_logCSRFattack><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#logCSRFattack" target=_parent class=ISymbol>logCSRFattack</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralO.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_ob_undhandler><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#ob_handler" target=_parent class=ISymbol>ob_handler</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_refreshToken><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#refreshToken" target=_parent class=ISymbol>refreshToken</a></div></div><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralU.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_useCachedVersion><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#useCachedVersion" target=_parent class=ISymbol>useCachedVersion</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/GeneralV.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_Variables><div class=IEntry><a href="../files/libs/csrf/csrfprotector-php.html#Variables" target=_parent class=ISymbol>Variables</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/NoResults.html

@@ -0,0 +1,15 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=NoMatches>No Matches</div></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesC.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_config><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$config" target=_parent class=ISymbol>config</a></div></div><div class=SRResult id=SR_cookieExpiryTime><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$cookieExpiryTime" target=_parent class=ISymbol>cookieExpiryTime</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesI.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_isSameOrigin><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isSameOrigin" target=_parent class=ISymbol>isSameOrigin</a></div></div><div class=SRResult id=SR_isValidHTML><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$isValidHTML" target=_parent class=ISymbol>isValidHTML</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/search/VariablesR.html

@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
+
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><link rel="stylesheet" type="text/css" href="../styles/main.css"><script language=JavaScript src="../javascript/main.js"></script></head><body class="PopupSearchResultsPage" onLoad="NDOnLoad()"><script language=JavaScript><!--
+if (browserType) {document.write("<div class=" + browserType + ">");if (browserVer) {document.write("<div class=" + browserVer + ">"); }}// --></script>
+
+<!--  Generated by Natural Docs, version 1.52 -->
+<!--  http://www.naturaldocs.org  -->
+
+<!-- saved from url=(0026)http://www.naturaldocs.org -->
+
+
+
+
+<div id=Index><div class=SRStatus id=Loading>Loading...</div><table border=0 cellspacing=0 cellpadding=0><div class=SRResult id=SR_requestType><div class=IEntry><span class=ISymbolPrefix>$</span><a href="../files/libs/csrf/csrfprotector-php.html#$requestType" target=_parent class=ISymbol>requestType</a></div></div></table><div class=SRStatus id=Searching>Searching...</div><div class=SRStatus id=NoMatches>No Matches</div><script type="text/javascript"><!--
+document.getElementById("Loading").style.display="none";
+document.getElementById("NoMatches").style.display="none";
+var searchResults = new SearchResults("searchResults", "HTML");
+searchResults.Search();
+--></script></div><script language=JavaScript><!--
+if (browserType) {if (browserVer) {document.write("</div>"); }document.write("</div>");}// --></script></body></html>

data/web/inc/lib/vendor/owasp/csrf-protector-php/docs/styles/main.css

@@ -0,0 +1,824 @@
+/*
+   IMPORTANT: If you're editing this file in the output directory of one of
+   your projects, your changes will be overwritten the next time you run
+   Natural Docs.  Instead, copy this file to your project directory, make your
+   changes, and you can use it with -s.  Even better would be to make a CSS
+   file in your project directory with only your changes, which you can then
+   use with -s [original style] [your changes].
+
+   On the other hand, if you're editing this file in the Natural Docs styles
+   directory, the changes will automatically be applied to all your projects
+   that use this style the next time Natural Docs is run on them.
+
+   This file is part of Natural Docs, which is Copyright © 2003-2010 Greg Valure.
+   Natural Docs is licensed under version 3 of the GNU Affero General Public
+   License (AGPL).  Refer to License.txt for the complete details.
+
+   This file may be distributed with documentation files generated by Natural Docs.
+   Such documentation is not covered by Natural Docs' copyright and licensing,
+   and may have its own copyright and distribution terms as decided by its author.
+*/
+
+body {
+    font: 8pt Verdana, Arial, sans-serif;
+    color: #000000;
+    margin: 0; padding: 0;
+    }
+
+.ContentPage,
+.IndexPage,
+.FramedMenuPage {
+    background-color: #E8E8E8;
+    }
+.FramedContentPage,
+.FramedIndexPage,
+.FramedSearchResultsPage,
+.PopupSearchResultsPage {
+    background-color: #FFFFFF;
+    }
+
+
+a:link,
+a:visited { color: #900000; text-decoration: none }
+a:hover { color: #900000; text-decoration: underline }
+a:active { color: #FF0000; text-decoration: underline }
+
+td {
+    vertical-align: top }
+
+img { border: 0;  }
+
+
+/*
+    Comment out this line to use web-style paragraphs (blank line between
+    paragraphs, no indent) instead of print-style paragraphs (no blank line,
+    indented.)
+*/
+p {
+    text-indent: 5ex; margin: 0 }
+
+
+/*  Opera doesn't break with just wbr, but will if you add this.  */
+.Opera wbr:after {
+	content: "\00200B";
+	}
+
+/*  Blockquotes are used as containers for things that may need to scroll.  */
+blockquote {
+    padding: 0;
+    margin: 0;
+    overflow: auto;
+    }
+
+
+.Firefox1 blockquote {
+    padding-bottom: .5em;
+    }
+
+/*  Turn off scrolling when printing.  */
+@media print {
+    blockquote {
+        overflow: visible;
+        }
+    .IE blockquote {
+        width: auto;
+        }
+    }
+
+
+
+#Menu {
+    font-size: 8pt;
+    padding: 10px 0 0 0;
+    }
+.ContentPage #Menu,
+.IndexPage #Menu {
+    position: absolute;
+    top: 0;
+    left: 0;
+    width: 31ex;
+    overflow: hidden;
+    }
+.ContentPage .Firefox #Menu,
+.IndexPage .Firefox #Menu {
+    width: 27ex;
+    }
+
+
+    .MTitle {
+        font-size: 16pt; font-weight: bold; font-variant: small-caps;
+        text-align: center;
+        padding: 5px 10px 15px 10px;
+        border-bottom: 1px dotted #000000;
+        margin-bottom: 15px }
+
+    .MSubTitle {
+        font-size: 9pt; font-weight: normal; font-variant: normal;
+        margin-top: 1ex; margin-bottom: 5px }
+
+
+    .MEntry a:link,
+    .MEntry a:hover,
+    .MEntry a:visited { color: #606060; margin-right: 0 }
+    .MEntry a:active { color: #A00000; margin-right: 0 }
+
+
+    .MGroup {
+        font-variant: small-caps; font-weight: bold;
+        margin: 1em 0 1em 10px;
+        }
+
+    .MGroupContent {
+        font-variant: normal; font-weight: normal }
+
+    .MGroup a:link,
+    .MGroup a:hover,
+    .MGroup a:visited { color: #545454; margin-right: 10px }
+    .MGroup a:active { color: #A00000; margin-right: 10px }
+
+
+    .MFile,
+    .MText,
+    .MLink,
+    .MIndex {
+        padding: 1px 17px 2px 10px;
+        margin: .25em 0 .25em 0;
+        }
+
+    .MText {
+        font-size: 8pt; font-style: italic }
+
+    .MLink {
+        font-style: italic }
+
+    #MSelected {
+        color: #000000; background-color: #FFFFFF;
+        /*  Replace padding with border.  */
+        padding: 0 10px 0 10px;
+        border-width: 1px 2px 2px 0; border-style: solid; border-color: #000000;
+        margin-right: 5px;
+        }
+
+    /*  Close off the left side when its in a group.  */
+    .MGroup #MSelected {
+        padding-left: 9px; border-left-width: 1px }
+
+    /*  A treat for Mozilla users.  Blatantly non-standard.  Will be replaced with CSS 3 attributes when finalized/supported.  */
+    .Firefox #MSelected {
+        -moz-border-radius-topright: 10px;
+        -moz-border-radius-bottomright: 10px }
+    .Firefox .MGroup #MSelected {
+        -moz-border-radius-topleft: 10px;
+        -moz-border-radius-bottomleft: 10px }
+
+
+    #MSearchPanel {
+        padding: 0px 6px;
+        margin: .25em 0;
+        }
+
+
+    #MSearchField {
+        font: italic 8pt Verdana, sans-serif;
+        color: #606060;
+        background-color: #E8E8E8;
+        border: none;
+        padding: 2px 4px;
+        width: 100%;
+        }
+    /* Only Opera gets it right. */
+    .Firefox #MSearchField,
+    .IE #MSearchField,
+    .Safari #MSearchField {
+        width: 94%;
+        }
+    .Opera9 #MSearchField,
+    .Konqueror #MSearchField {
+        width: 97%;
+        }
+    .FramedMenuPage .Firefox #MSearchField,
+    .FramedMenuPage .Safari #MSearchField,
+    .FramedMenuPage .Konqueror #MSearchField {
+        width: 98%;
+        }
+
+    /* Firefox doesn't do this right in frames without #MSearchPanel added on.
+        It's presence doesn't hurt anything other browsers. */
+    #MSearchPanel.MSearchPanelInactive:hover #MSearchField {
+        background-color: #FFFFFF;
+        border: 1px solid #C0C0C0;
+        padding: 1px 3px;
+        }
+    .MSearchPanelActive #MSearchField {
+        background-color: #FFFFFF;
+        border: 1px solid #C0C0C0;
+        font-style: normal;
+        padding: 1px 3px;
+        }
+
+    #MSearchType {
+        visibility: hidden;
+        font: 8pt Verdana, sans-serif;
+        width: 98%;
+        padding: 0;
+        border: 1px solid #C0C0C0;
+        }
+    .MSearchPanelActive #MSearchType,
+    /*  As mentioned above, Firefox doesn't do this right in frames without #MSearchPanel added on. */
+    #MSearchPanel.MSearchPanelInactive:hover #MSearchType,
+    #MSearchType:focus {
+        visibility: visible;
+        color: #606060;
+        }
+    #MSearchType option#MSearchEverything {
+        font-weight: bold;
+        }
+
+    .Opera8 .MSearchPanelInactive:hover,
+    .Opera8 .MSearchPanelActive {
+        margin-left: -1px;
+        }
+
+
+    iframe#MSearchResults {
+        width: 60ex;
+        height: 15em;
+        }
+    #MSearchResultsWindow {
+        display: none;
+        position: absolute;
+        left: 0; top: 0;
+        border: 1px solid #000000;
+        background-color: #E8E8E8;
+        }
+    #MSearchResultsWindowClose {
+        font-weight: bold;
+        font-size: 8pt;
+        display: block;
+        padding: 2px 5px;
+        }
+    #MSearchResultsWindowClose:link,
+    #MSearchResultsWindowClose:visited {
+        color: #000000;
+        text-decoration: none;
+        }
+    #MSearchResultsWindowClose:active,
+    #MSearchResultsWindowClose:hover {
+        color: #800000;
+        text-decoration: none;
+        background-color: #F4F4F4;
+        }
+
+
+
+
+#Content {
+    padding-bottom: 15px;
+    }
+
+.ContentPage #Content {
+    border-width: 0 0 1px 1px;
+    border-style: solid;
+    border-color: #000000;
+    background-color: #FFFFFF;
+    font-size: 8pt;  /* To make 31ex match the menu's 31ex. */
+    margin-left: 31ex;
+    }
+.ContentPage .Firefox #Content {
+    margin-left: 27ex;
+    }
+
+
+
+    .CTopic {
+        font-size: 8pt;
+        margin-bottom: 3em;
+        }
+
+
+    .CTitle {
+        font-size: 11pt; font-weight: bold;
+        border-width: 0 0 1px 0; border-style: solid; border-color: #A0A0A0;
+        margin: 0 15px .5em 15px }
+
+    .CGroup .CTitle {
+        font-size: 16pt; font-variant: small-caps;
+        padding-left: 15px; padding-right: 15px;
+        border-width: 0 0 2px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    .CClass .CTitle,
+    .CInterface .CTitle,
+    .CDatabase .CTitle,
+    .CDatabaseTable .CTitle,
+    .CSection .CTitle {
+        font-size: 18pt;
+        color: #FFFFFF; background-color: #A0A0A0;
+        padding: 10px 15px 10px 15px;
+        border-width: 2px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    #MainTopic .CTitle {
+        font-size: 20pt;
+        color: #FFFFFF; background-color: #7070C0;
+        padding: 10px 15px 10px 15px;
+        border-width: 0 0 3px 0; border-color: #000000;
+        margin-left: 0; margin-right: 0 }
+
+    .CBody {
+        margin-left: 15px; margin-right: 15px }
+
+
+    .CToolTip {
+        position: absolute; visibility: hidden;
+        left: 0; top: 0;
+        background-color: #FFFFE0;
+        padding: 5px;
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #000000;
+        font-size: 8pt;
+        }
+
+    .Opera .CToolTip {
+        max-width: 98%;
+        }
+
+    /*  Scrollbars would be useless.  */
+    .CToolTip blockquote {
+        overflow: hidden;
+        }
+    .IE6 .CToolTip blockquote {
+        overflow: visible;
+        }
+
+    .CHeading {
+        font-weight: bold; font-size: 9pt;
+        margin: 1.5em 0 .5em 0;
+        }
+
+    .CBody pre {
+        font: 8pt "Courier New", Courier, monospace;
+	    background-color: #FCFCFC;
+	    margin: 1em 35px;
+	    padding: 10px 15px 10px 10px;
+	    border-color: #E0E0E0 #E0E0E0 #E0E0E0 #E4E4E4;
+	    border-width: 1px 1px 1px 6px;
+	    border-style: dashed dashed dashed solid;
+        }
+
+    .CBody ul {
+        /*  I don't know why CBody's margin doesn't apply, but it's consistent across browsers so whatever.
+             Reapply it here as padding.  */
+        padding-left: 15px; padding-right: 15px;
+        margin: .5em 5ex .5em 5ex;
+        }
+
+    .CDescriptionList {
+        margin: .5em 5ex 0 5ex }
+
+        .CDLEntry {
+            font: 8pt "Courier New", Courier, monospace; color: #808080;
+            padding-bottom: .25em;
+            white-space: nowrap }
+
+        .CDLDescription {
+            font-size: 8pt;  /*  For browsers that don't inherit correctly, like Opera 5.  */
+            padding-bottom: .5em; padding-left: 5ex }
+
+
+    .CTopic img {
+        text-align: center;
+        display: block;
+        margin: 1em auto;
+        }
+    .CImageCaption {
+        font-variant: small-caps;
+        font-size: 8pt;
+        color: #808080;
+        text-align: center;
+        position: relative;
+        top: 1em;
+        }
+
+    .CImageLink {
+        color: #808080;
+        font-style: italic;
+        }
+    a.CImageLink:link,
+    a.CImageLink:visited,
+    a.CImageLink:hover { color: #808080 }
+
+
+
+
+
+.Prototype {
+    font: 8pt "Courier New", Courier, monospace;
+    padding: 5px 3ex;
+    border-width: 1px; border-style: solid;
+    margin: 0 5ex 1.5em 5ex;
+    }
+
+    .Prototype td {
+        font-size: 8pt;
+        }
+
+    .PDefaultValue,
+    .PDefaultValuePrefix,
+    .PTypePrefix {
+        color: #8F8F8F;
+        }
+    .PTypePrefix {
+        text-align: right;
+        }
+    .PAfterParameters {
+        vertical-align: bottom;
+        }
+
+    .IE .Prototype table {
+        padding: 0;
+        }
+
+    .CFunction .Prototype {
+        background-color: #F4F4F4; border-color: #D0D0D0 }
+    .CProperty .Prototype {
+        background-color: #F4F4FF; border-color: #C0C0E8 }
+    .CVariable .Prototype {
+        background-color: #FFFFF0; border-color: #E0E0A0 }
+
+    .CClass .Prototype {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+        background-color: #F4F4F4;
+        }
+    .CInterface .Prototype {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0D0;
+        background-color: #F4F4FF;
+        }
+
+    .CDatabaseIndex .Prototype,
+    .CConstant .Prototype {
+        background-color: #D0D0D0; border-color: #000000 }
+    .CType .Prototype,
+    .CEnumeration .Prototype {
+        background-color: #FAF0F0; border-color: #E0B0B0;
+        }
+    .CDatabaseTrigger .Prototype,
+    .CEvent .Prototype,
+    .CDelegate .Prototype {
+        background-color: #F0FCF0; border-color: #B8E4B8 }
+
+    .CToolTip .Prototype {
+        margin: 0 0 .5em 0;
+        white-space: nowrap;
+        }
+
+
+
+
+
+.Summary {
+    margin: 1.5em 5ex 0 5ex }
+
+    .STitle {
+        font-size: 11pt; font-weight: bold;
+        margin-bottom: .5em }
+
+
+    .SBorder {
+        background-color: #FFFFF0;
+        padding: 15px;
+        border: 1px solid #C0C060 }
+
+    /* In a frame IE 6 will make them too long unless you set the width to 100%.  Without frames it will be correct without a width
+        or slightly too long (but not enough to scroll) with a width.  This arbitrary weirdness simply astounds me.  IE 7 has the same
+        problem with frames, haven't tested it without.  */
+    .FramedContentPage .IE .SBorder {
+        width: 100% }
+
+    /*  A treat for Mozilla users.  Blatantly non-standard.  Will be replaced with CSS 3 attributes when finalized/supported.  */
+    .Firefox .SBorder {
+        -moz-border-radius: 20px }
+
+
+    .STable {
+        font-size: 8pt; width: 100% }
+
+    .SEntry {
+        width: 30% }
+    .SDescription {
+        width: 70% }
+
+
+    .SMarked {
+        background-color: #F8F8D8 }
+
+    .SDescription { padding-left: 2ex }
+    .SIndent1 .SEntry { padding-left: 1.5ex }   .SIndent1 .SDescription { padding-left: 3.5ex }
+    .SIndent2 .SEntry { padding-left: 3.0ex }   .SIndent2 .SDescription { padding-left: 5.0ex }
+    .SIndent3 .SEntry { padding-left: 4.5ex }   .SIndent3 .SDescription { padding-left: 6.5ex }
+    .SIndent4 .SEntry { padding-left: 6.0ex }   .SIndent4 .SDescription { padding-left: 8.0ex }
+    .SIndent5 .SEntry { padding-left: 7.5ex }   .SIndent5 .SDescription { padding-left: 9.5ex }
+
+    .SDescription a { color: #800000}
+    .SDescription a:active { color: #A00000 }
+
+    .SGroup td {
+        padding-top: .5em; padding-bottom: .25em }
+
+    .SGroup .SEntry {
+        font-weight: bold; font-variant: small-caps }
+
+    .SGroup .SEntry a { color: #800000 }
+    .SGroup .SEntry a:active { color: #F00000 }
+
+
+    .SMain td,
+    .SClass td,
+    .SDatabase td,
+    .SDatabaseTable td,
+    .SSection td {
+        font-size: 10pt;
+        padding-bottom: .25em }
+
+    .SClass td,
+    .SDatabase td,
+    .SDatabaseTable td,
+    .SSection td {
+        padding-top: 1em }
+
+    .SMain .SEntry,
+    .SClass .SEntry,
+    .SDatabase .SEntry,
+    .SDatabaseTable .SEntry,
+    .SSection .SEntry {
+        font-weight: bold;
+        }
+
+    .SMain .SEntry a,
+    .SClass .SEntry a,
+    .SDatabase .SEntry a,
+    .SDatabaseTable .SEntry a,
+    .SSection .SEntry a { color: #000000 }
+
+    .SMain .SEntry a:active,
+    .SClass .SEntry a:active,
+    .SDatabase .SEntry a:active,
+    .SDatabaseTable .SEntry a:active,
+    .SSection .SEntry a:active { color: #A00000 }
+
+
+
+
+
+.ClassHierarchy {
+    margin: 0 15px 1em 15px }
+
+    .CHEntry {
+        border-width: 1px 2px 2px 1px; border-style: solid; border-color: #A0A0A0;
+        margin-bottom: 3px;
+        padding: 2px 2ex;
+        font-size: 8pt;
+        background-color: #F4F4F4; color: #606060;
+        }
+
+    .Firefox .CHEntry {
+        -moz-border-radius: 4px;
+        }
+
+    .CHCurrent .CHEntry {
+        font-weight: bold;
+        border-color: #000000;
+        color: #000000;
+        }
+
+    .CHChildNote .CHEntry {
+        font-style: italic;
+        font-size: 8pt;
+        }
+
+    .CHIndent {
+        margin-left: 3ex;
+        }
+
+    .CHEntry a:link,
+    .CHEntry a:visited,
+    .CHEntry a:hover {
+        color: #606060;
+        }
+    .CHEntry a:active {
+        color: #800000;
+        }
+
+
+
+
+
+#Index {
+    background-color: #FFFFFF;
+    }
+
+/*  As opposed to .PopupSearchResultsPage #Index  */
+.IndexPage #Index,
+.FramedIndexPage #Index,
+.FramedSearchResultsPage #Index {
+    padding: 15px;
+    }
+
+.IndexPage #Index {
+    border-width: 0 0 1px 1px;
+    border-style: solid;
+    border-color: #000000;
+    font-size: 8pt;  /* To make 27ex match the menu's 27ex. */
+    margin-left: 27ex;
+    }
+
+
+    .IPageTitle {
+        font-size: 20pt; font-weight: bold;
+        color: #FFFFFF; background-color: #7070C0;
+        padding: 10px 15px 10px 15px;
+        border-width: 0 0 3px 0; border-color: #000000; border-style: solid;
+        margin: -15px -15px 0 -15px }
+
+    .FramedSearchResultsPage .IPageTitle {
+        margin-bottom: 15px;
+        }
+
+    .INavigationBar {
+        text-align: center;
+        background-color: #FFFFF0;
+        padding: 5px;
+        border-bottom: solid 1px black;
+        margin: 0 -15px 15px -15px;
+        }
+
+    .INavigationBar a {
+        font-weight: bold }
+
+    .IHeading {
+        font-size: 14pt; font-weight: bold;
+        padding: 2.5em 0 .5em 0;
+        text-align: center;
+        width: 3.5ex;
+        }
+    #IFirstHeading {
+        padding-top: 0;
+        }
+
+    .IEntry {
+        padding-left: 1ex;
+        }
+    .PopupSearchResultsPage .IEntry {
+        font-size: 8pt;
+        padding: 1px 5px;
+        }
+    .PopupSearchResultsPage .Opera9 .IEntry,
+    .FramedSearchResultsPage .Opera9 .IEntry {
+        text-align: left;
+        }
+    .FramedSearchResultsPage .IEntry {
+        padding: 0;
+        }
+
+    .ISubIndex {
+        padding-left: 3ex; padding-bottom: .5em }
+    .PopupSearchResultsPage .ISubIndex {
+        display: none;
+        }
+
+    /*  While it may cause some entries to look like links when they aren't, I found it's much easier to read the
+         index if everything's the same color.  */
+    .ISymbol {
+        font-weight: bold; color: #900000  }
+
+    .IndexPage .ISymbolPrefix,
+    .FramedIndexPage .ISymbolPrefix {
+        text-align: right;
+        color: #C47C7C;
+        background-color: #F8F8F8;
+        border-right: 3px solid #E0E0E0;
+        border-left: 1px solid #E0E0E0;
+        padding: 0 1px 0 2px;
+        }
+    .PopupSearchResultsPage .ISymbolPrefix,
+    .FramedSearchResultsPage .ISymbolPrefix {
+        color: #900000;
+        }
+    .PopupSearchResultsPage .ISymbolPrefix {
+        font-size: 8pt;
+        }
+
+    .IndexPage #IFirstSymbolPrefix,
+    .FramedIndexPage #IFirstSymbolPrefix {
+        border-top: 1px solid #E0E0E0;
+        }
+    .IndexPage #ILastSymbolPrefix,
+    .FramedIndexPage #ILastSymbolPrefix {
+        border-bottom: 1px solid #E0E0E0;
+        }
+    .IndexPage #IOnlySymbolPrefix,
+    .FramedIndexPage #IOnlySymbolPrefix {
+        border-top: 1px solid #E0E0E0;
+        border-bottom: 1px solid #E0E0E0;
+        }
+
+    a.IParent,
+    a.IFile {
+        display: block;
+        }
+
+    .PopupSearchResultsPage .SRStatus {
+        padding: 2px 5px;
+        font-size: 8pt;
+        font-style: italic;
+        }
+    .FramedSearchResultsPage .SRStatus {
+        font-size: 8pt;
+        font-style: italic;
+        }
+
+    .SRResult {
+        display: none;
+        }
+
+
+
+#Footer {
+    font-size: 8pt;
+    color: #989898;
+    text-align: right;
+    }
+
+#Footer p {
+    text-indent: 0;
+    margin-bottom: .5em;
+    }
+
+.ContentPage #Footer,
+.IndexPage #Footer {
+    text-align: right;
+    margin: 2px;
+    }
+
+.FramedMenuPage #Footer {
+    text-align: center;
+    margin: 5em 10px 10px 10px;
+    padding-top: 1em;
+    border-top: 1px solid #C8C8C8;
+    }
+
+    #Footer a:link,
+    #Footer a:hover,
+    #Footer a:visited { color: #989898 }
+    #Footer a:active { color: #A00000 }
+
+
+
+.prettyprint .kwd { color: #800000; }  /* keywords */
+
+    .prettyprint.PDefaultValue .kwd,
+    .prettyprint.PDefaultValuePrefix .kwd,
+    .prettyprint.PTypePrefix .kwd {
+        color: #C88F8F;
+        }
+
+.prettyprint .com { color: #008000; }  /* comments */
+
+    .prettyprint.PDefaultValue .com,
+    .prettyprint.PDefaultValuePrefix .com,
+    .prettyprint.PTypePrefix .com {
+        color: #8FC88F;
+        }
+
+.prettyprint .str { color: #0000B0; }  /* strings */
+.prettyprint .lit { color: #0000B0; }  /* literals */
+
+    .prettyprint.PDefaultValue .str,
+    .prettyprint.PDefaultValuePrefix .str,
+    .prettyprint.PTypePrefix .str,
+    .prettyprint.PDefaultValue .lit,
+    .prettyprint.PDefaultValuePrefix .lit,
+    .prettyprint.PTypePrefix .lit {
+        color: #8F8FC0;
+        }
+
+.prettyprint .typ { color: #000000; }  /* types */
+.prettyprint .pun { color: #000000; }  /* punctuation */
+.prettyprint .pln { color: #000000; }  /* punctuation */
+
+    .prettyprint.PDefaultValue .typ,
+    .prettyprint.PDefaultValuePrefix .typ,
+    .prettyprint.PTypePrefix .typ,
+    .prettyprint.PDefaultValue .pun,
+    .prettyprint.PDefaultValuePrefix .pun,
+    .prettyprint.PTypePrefix .pun,
+    .prettyprint.PDefaultValue .pln,
+    .prettyprint.PDefaultValuePrefix .pln,
+    .prettyprint.PTypePrefix .pln {
+        color: #8F8F8F;
+        }
+
+.prettyprint .tag { color: #008; }
+.prettyprint .atn { color: #606; }
+.prettyprint .atv { color: #080; }
+.prettyprint .dec { color: #606; }
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/README.md

@@ -0,0 +1,15 @@
+Compatiblity with different browsers
+===================================
+**OS: `windows`**<br>
+
+
+ Cases               | IE (Win)   | Opera | Chrome | Mozilla | Safari 
+ ------------------  | ------- | ----- | ------ | ------- | ------ 
+ XHR wrapping        | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)      |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+ HTML dom-0 wrapping |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+ HTML dom-2 wrapping |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     |      ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   | ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png) 
+ URL rewriting       |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |   ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)    |     ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)   |    ![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)     |![yes](https://cdn3.iconfinder.com/data/icons/fatcow/32/accept.png)
+
+<pre>Note: Missing tick means, this has not yet been implemented or tested</pre>
+
+

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js

@@ -0,0 +1,366 @@
+/** 
+ * =================================================================
+ * Javascript code for OWASP CSRF Protector
+ * Task it does: Fetch csrftoken from cookie, and attach it to every
+ * 		POST request
+ *		Allowed GET url
+ *			-- XHR
+ *			-- Static Forms
+ *			-- URLS (GET only)
+ *			-- dynamic forms
+ * =================================================================
+ */
+
+var CSRFP_FIELD_TOKEN_NAME = 'csrfp_hidden_data_token';
+var CSRFP_FIELD_URLS = 'csrfp_hidden_data_urls';
+
+var CSRFP = {
+	CSRFP_TOKEN: 'csrfp_token',
+	/**
+	 * Array of patterns of url, for which csrftoken need to be added
+	 * In case of GET request also, provided from server
+	 *
+	 * @var string array
+	 */
+	checkForUrls: [],
+	/**
+	 * Function to check if a certain url is allowed to perform the request
+	 * With or without csrf token
+	 *
+	 * @param: string, url
+	 *
+	 * @return: boolean, 	true if csrftoken is not needed
+	 * 						false if csrftoken is needed
+	 */
+	_isValidGetRequest: function(url) {
+		for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+			var match = CSRFP.checkForUrls[i].exec(url);
+			if (match !== null && match.length > 0) {
+				return false;
+			}
+		}
+		return true;
+	},
+	/** 
+	 * function to get Auth key from cookie Andreturn it to requesting function
+	 *
+	 * @param: void
+	 *
+	 * @return: string, csrftoken retrieved from cookie
+	 */
+	_getAuthKey: function() {
+		var re = new RegExp(CSRFP.CSRFP_TOKEN +"=([^;]+)(;|$)");
+		var RegExpArray = re.exec(document.cookie);
+		
+		if (RegExpArray === null) {
+			return false;
+		}
+		return RegExpArray[1];
+	},
+	/** 
+	 * Function to get domain of any url
+	 *
+	 * @param: string, url
+	 *
+	 * @return: string, domain of url
+	 */
+	_getDomain: function(url) {
+		if (url.indexOf("http://") !== 0 
+			&& url.indexOf("https://") !== 0)
+			return document.domain;
+		return /http(s)?:\/\/([^\/]+)/.exec(url)[2];
+	},
+	/**
+	 * Function to create and return a hidden input element
+	 * For stroing the CSRFP_TOKEN
+	 *
+	 * @param void
+	 *
+	 * @return input element
+	 */
+	_getInputElt: function() {
+		var hiddenObj = document.createElement("input");
+		hiddenObj.setAttribute('name', CSRFP.CSRFP_TOKEN);
+		hiddenObj.setAttribute('class', CSRFP.CSRFP_TOKEN);
+		hiddenObj.type = 'hidden';
+		hiddenObj.value = CSRFP._getAuthKey();
+		return hiddenObj;
+	},
+	/**
+	 * Returns absolute path for relative path
+	 * 
+	 * @param base, base url
+	 * @param relative, relative url
+	 *
+	 * @return absolute path (string)
+	 */
+	_getAbsolutePath: function(base, relative) {
+		var stack = base.split("/");
+		var parts = relative.split("/");
+		// remove current file name (or empty string)
+		// (omit if "base" is the current folder without trailing slash)
+		stack.pop(); 
+			 
+		for (var i = 0; i < parts.length; i++) {
+			if (parts[i] == ".")
+				continue;
+			if (parts[i] == "..")
+				stack.pop();
+			else
+				stack.push(parts[i]);
+		}
+		return stack.join("/");
+	},
+	/** 
+	 * Remove jcsrfp-token run fun and then put them back 
+	 *
+	 * @param function
+	 * @param reference form obj
+	 *
+	 * @retrun function
+	 */
+	_csrfpWrap: function(fun, obj) {
+		return function(event) {
+			// Remove CSRf token if exists
+			if (typeof obj[CSRFP.CSRFP_TOKEN] !== 'undefined') {
+				var target = obj[CSRFP.CSRFP_TOKEN];
+				target.parentNode.removeChild(target);
+			}
+			
+			// Trigger the functions
+			var result = fun.apply(this, [event]);
+			
+			// Now append the csrfp_token back
+			obj.appendChild(CSRFP._getInputElt());
+			
+			return result;
+		};
+	},
+	/**
+	 * Initialises the CSRFProtector js script
+	 *
+	 * @param void
+	 *
+	 * @return void
+	 */
+	_init: function() {
+		CSRFP.CSRFP_TOKEN = document.getElementById(CSRFP_FIELD_TOKEN_NAME).value;
+		try {
+			CSRFP.checkForUrls = JSON.parse(document.getElementById(CSRFP_FIELD_URLS).value);
+		} catch (err) {
+			console.error(err);
+			console.error('[ERROR] [CSRF Protector] unable to parse blacklisted url fields.');
+		}
+
+		//convert these rules received from php lib to regex objects
+		for (var i = 0; i < CSRFP.checkForUrls.length; i++) {
+			CSRFP.checkForUrls[i] = CSRFP.checkForUrls[i].replace(/\*/g, '(.*)')
+								.replace(/\//g, "\\/");
+			CSRFP.checkForUrls[i] = new RegExp(CSRFP.checkForUrls[i]);
+		}
+	
+	}
+	
+}; 
+
+//==========================================================
+// Adding tokens, wrappers on window onload
+//==========================================================
+
+function csrfprotector_init() {
+	
+	// Call the init funcion
+	CSRFP._init();
+
+	// definition of basic FORM submit event handler to intercept the form request
+	// and attach a CSRFP TOKEN if it's not already available
+	var BasicSubmitInterceptor = function(event) {
+		if (typeof event.target[CSRFP.CSRFP_TOKEN] === 'undefined') {
+			event.target.appendChild(CSRFP._getInputElt());
+		} else {
+			//modify token to latest value
+			event.target[CSRFP.CSRFP_TOKEN].value = CSRFP._getAuthKey();
+		}
+	}
+
+	//==================================================================
+	// Adding csrftoken to request resulting from <form> submissions
+	// Add for each POST, while for mentioned GET request
+	// TODO - check for method
+	//==================================================================
+	// run time binding
+	document.querySelector('body').addEventListener('submit', function(event) {
+		if (event.target.tagName.toLowerCase() === 'form') {
+			BasicSubmitInterceptor(event);
+		};
+	});
+
+	// intial binding
+	// for(var i = 0; i < document.forms.length; i++) {
+	// 	document.forms[i].addEventListener("submit", BasicSubmitInterceptor);
+	// }
+
+	//==================================================================
+	// Adding csrftoken to request resulting from direct form.submit() call
+	// Add for each POST, while for mentioned GET request
+	// TODO - check for form method
+	//==================================================================
+	HTMLFormElement.prototype.submit_ = HTMLFormElement.prototype.submit;
+	HTMLFormElement.prototype.submit = function() {
+		// check if the FORM already contains the token element
+		if (!this.getElementsByClassName(CSRFP.CSRFP_TOKEN).length)
+			this.appendChild(CSRFP._getInputElt());
+		this.submit_();
+	}
+
+
+	/**
+	 * Add wrapper for HTMLFormElements addEventListener so that any further 
+	 * addEventListens won't have trouble with CSRF token
+	 * todo - check for method
+	 */
+	HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener;
+	HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) {
+		if (eventType === 'submit') {
+			var wrapped = CSRFP._csrfpWrap(fun, this);
+			this.addEventListener_(eventType, wrapped, bubble);
+		} else {
+			this.addEventListener_(eventType, fun, bubble);
+		}	
+	}
+
+	/**
+	 * Add wrapper for IE's attachEvent
+	 * todo - check for method
+	 * todo - typeof is now obselete for IE 11, use some other method.
+	 */
+	if (typeof HTMLFormElement.prototype.attachEvent !== 'undefined') {
+		HTMLFormElement.prototype.attachEvent_ = HTMLFormElement.prototype.attachEvent;
+		HTMLFormElement.prototype.attachEvent = function(eventType, fun) {
+			if (eventType === 'onsubmit') {
+				var wrapped = CSRFP._csrfpWrap(fun, this);
+				this.attachEvent_(eventType, wrapped);
+			} else {
+				this.attachEvent_(eventType, fun);
+			}
+		}
+	}
+
+
+	//==================================================================
+	// Wrapper for XMLHttpRequest & ActiveXObject (for IE 6 & below)
+	// Set X-No-CSRF to true before sending if request method is 
+	//==================================================================
+
+	/** 
+	 * Wrapper to XHR open method
+	 * Add a property method to XMLHttpRequst class
+	 * @param: all parameters to XHR open method
+	 * @return: object returned by default, XHR open method
+	 */
+	function new_open(method, url, async, username, password) {
+		this.method = method;
+		var isAbsolute = (url.indexOf("./") === -1) ? true : false;
+		if (!isAbsolute) {
+			var base = location.protocol +'//' +location.host 
+							+ location.pathname;
+			url = CSRFP._getAbsolutePath(base, url);
+		}
+		if (method.toLowerCase() === 'get' 
+			&& !CSRFP._isValidGetRequest(url)) {
+			//modify the url
+			if (url.indexOf('?') === -1) {
+				url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			} else {
+				url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			}
+		}
+
+		return this.old_open(method, url, async, username, password);
+	}
+
+	/** 
+	 * Wrapper to XHR send method
+	 * Add query paramter to XHR object
+	 *
+	 * @param: all parameters to XHR send method
+	 *
+	 * @return: object returned by default, XHR send method
+	 */
+	function new_send(data) {
+		if (this.method.toLowerCase() === 'post') {
+			if (data !== null && typeof data === 'object') {
+				data.append(CSRFP.CSRFP_TOKEN, CSRFP._getAuthKey());
+			} else {
+				if (typeof data != "undefined") {
+					data += "&";
+				} else {
+					data = "";
+				}
+				data += CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+			}
+		}
+		return this.old_send(data);
+	}
+
+	if (window.XMLHttpRequest) {
+		// Wrapping
+		XMLHttpRequest.prototype.old_send = XMLHttpRequest.prototype.send;
+		XMLHttpRequest.prototype.old_open = XMLHttpRequest.prototype.open;
+		XMLHttpRequest.prototype.open = new_open;
+		XMLHttpRequest.prototype.send = new_send;
+	}
+	if (typeof ActiveXObject !== 'undefined') {
+		ActiveXObject.prototype.old_send = ActiveXObject.prototype.send;
+		ActiveXObject.prototype.old_open = ActiveXObject.prototype.open;
+		ActiveXObject.prototype.open = new_open;
+		ActiveXObject.prototype.send = new_send;	
+	}
+	//==================================================================
+	// Rewrite existing urls ( Attach CSRF token )
+	// Rules:
+	// Rewrite those urls which matches the regex sent by Server
+	// Ignore cross origin urls & internal links (one with hashtags)
+	// Append the token to those url already containig GET query parameter(s)
+	// Add the token to those which does not contain GET query parameter(s)
+	//==================================================================
+
+	for (var i = 0; i < document.links.length; i++) {
+		document.links[i].addEventListener("mousedown", function(event) {
+			var href = event.target.href;
+			if(typeof href === "string")
+			{
+				var urlDisect = href.split('#');
+				var url = urlDisect[0];
+				var hash = urlDisect[1];
+
+				if(CSRFP._getDomain(url).indexOf(document.domain) === -1
+					|| CSRFP._isValidGetRequest(url)) {
+					//cross origin or not to be protected by rules -- ignore
+					return;
+				}
+
+				if (url.indexOf('?') !== -1) {
+					if(url.indexOf(CSRFP.CSRFP_TOKEN) === -1) {
+						url += "&" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+					} else {
+						url = url.replace(new RegExp(CSRFP.CSRFP_TOKEN +"=.*?(&|$)", 'g'),
+							CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey() + "$1");
+					}
+				} else {
+					url += "?" +CSRFP.CSRFP_TOKEN +"=" +CSRFP._getAuthKey();
+				}
+
+				event.target.href = url;
+				if (typeof hash !== 'undefined') {
+					event.target.href += '#' +hash;
+				}
+			}
+		});
+	}
+
+}
+
+window.addEventListener("DOMContentLoaded", function() {
+	csrfprotector_init();
+}, false);

data/web/inc/lib/vendor/owasp/csrf-protector-php/js/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/README.md

@@ -0,0 +1,21 @@
+CSRFProtector configuration
+==========================================
+
+ - `CSRFP_TOKEN`: name of the csrf nonce, used for cookie or posting as argument. default: `csrfp_token` (if left blank)
+ - `logDirectory`: location of the directory at which log files will be saved **relative** to `config.php` file. This is required for file based logging (default), Not needed, in case you override logging function to implement your logging logic. (View [Overriding logging function](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Overriding-logging-function))
+ <br>**Default value:** `../log/`
+ - `failedAuthAction`: Action code (integer) for action to be taken in case of failed validation. Has two different values for bot `GET` and `POST`. Different action codes are specified as follows, (<br>**Default:** `0` for both `GET` & `POST`):
+*  `0` Send **403, Forbidden** Header
+*  `1` **Strip the POST/GET query** and forward the request! unset($_POST)
+*  `2` **Redirect to custom error page** mentioned in `errorRedirectionPage` 
+*  `3` **Show custom error message** to user, mentioned in `customErrorMessage` 
+*  `4` Send **500, Internal Server Error** header
+
+ - `errorRedirectionPage`: **Absolute url** of the file to which user should be redirected. <br>**Default: null**
+ - `customErrorMessage`: **Error Message** to be shown to user. Only this text will be shown!<br>**Default: null**
+ - `jsPath`: location of the js file **relative** to `config.php`. <br>**Default:** `../js/csrfprotector.js`
+ - `jsUrl`: **Absolute url** of the js file. (See [Setting up](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Setting-up-CSRF-Protector-PHP-in-your-web-application) for more information)
+ - `tokenLength`: length of csrfp token, Default `10`
+ - `secureCookie`: sets the "secure" HTTPS flag on the cookie. <br>**Default: `false`**
+ - `disabledJavascriptMessage`: messaged to be shown if js is disabled (string)
+ - `verifyGetFor`: regex rules for those urls for which csrfp validation should be enabled for `GET` requests also. (View [verifyGetFor rules](https://github.com/mebjas/CSRF-Protector-PHP/wiki/verifyGetFor-rules) for more information)

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+
+return array(
+	"CSRFP_TOKEN" => "MAILCOW_CSRF",
+	"logDirectory" => "../log",
+	"failedAuthAction" => array(
+		"GET" => 1,
+		"POST" => 1),
+	"errorRedirectionPage" => "",
+	"customErrorMessage" => "",
+	"jsPath" => "../js/csrfprotector.js",
+  // Fetching IS_HTTPS from sessions handler
+	"jsUrl" => (($GLOBALS['IS_HTTPS'] === true) ? 'https://' : 'http://') . $GLOBALS['mailcow_hostname'] . ':' . intval(explode(':', $_SERVER['HTTP_HOST'])[1]) . "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
+	"tokenLength" => 10,
+	"secureCookie" => false,
+	"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
+	Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
+	 See details of your web browser for how to enable JavaScript.",
+	 "verifyGetFor" => array()
+);

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/README.md

@@ -0,0 +1,6 @@
+Placeholder for **CSRF Protector - php library**
+=====================================================
+
+**Dependency:** `None`<br>
+**Configuration-File:** `../config.php`<br>
+**Configuration-Format:** `PHP ARRAY`<br>

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php

@@ -0,0 +1,536 @@
+<?php
+
+if (!defined('__CSRF_PROTECTOR__')) {
+	define('__CSRF_PROTECTOR__', true); 	// to avoid multiple declaration errors
+
+	// name of HTTP POST variable for authentication
+	define("CSRFP_TOKEN","csrfp_token");
+
+	// We insert token name and list of url patterns for which
+	// GET requests are validated against CSRF as hidden input fields
+	// these are the names of the input fields
+	define("CSRFP_FIELD_TOKEN_NAME", "csrfp_hidden_data_token");
+	define("CSRFP_FIELD_URLS", "csrfp_hidden_data_urls");
+
+	/**
+	 * child exception classes
+	 */
+	class configFileNotFoundException extends \exception {};
+	class logDirectoryNotFoundException extends \exception {};
+	class jsFileNotFoundException extends \exception {};
+	class logFileWriteError extends \exception {};
+	class baseJSFileNotFoundExceptio extends \exception {};
+	class incompleteConfigurationException extends \exception {};
+	class alreadyInitializedException extends \exception {};
+
+	class csrfProtector
+	{
+		/*
+		 * Variable: $cookieExpiryTime
+		 * expiry time for cookie
+		 * @var int
+		 */
+		public static $cookieExpiryTime = 1800;	//30 minutes
+
+		/*
+		 * Variable: $isSameOrigin
+		 * flag for cross origin/same origin request
+		 * @var bool
+		 */
+		private static $isSameOrigin = true;
+
+		/*
+		 * Variable: $isValidHTML
+		 * flag to check if output file is a valid HTML or not
+		 * @var bool
+		 */
+		private static $isValidHTML = false;
+
+		/*
+		 * Variable: $requestType
+		 * Varaible to store weather request type is post or get
+		 * @var string
+		 */
+		protected static $requestType = "GET";
+
+		/*
+		 * Variable: $config
+		 * config file for CSRFProtector
+		 * @var int Array, length = 6
+		 * Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails
+		 * Property: #2: logDirectory (string) => directory in which log will be saved
+		 * Property: #3: customErrorMessage (string) => custom error message to be sent in case
+		 *						of failed authentication
+		 * Property: #4: jsFile (string) => location of the CSRFProtector js file
+		 * Property: #5: tokenLength (int) => default length of hash
+		 * Property: #6: disabledJavascriptMessage (string) => error message if client's js is disabled
+		 */
+		public static $config = array();
+
+		/*
+		 * Variable: $requiredConfigurations
+		 * Contains list of those parameters that are required to be there
+		 * 	in config file for csrfp to work
+		 */
+		public static $requiredConfigurations  = array('logDirectory', 'failedAuthAction', 'jsPath', 'jsUrl', 'tokenLength');
+		
+		/*
+		 *	Function: init
+	 	 *
+		 *	function to initialise the csrfProtector work flow
+		 *
+		 *	Parameters:
+		 *	$length - length of CSRF_AUTH_TOKEN to be generated
+		 *	$action - int array, for different actions to be taken in case of failed validation
+		 *
+		 *	Returns:
+		 *		void
+		 *
+		 *	Throws:
+		 *		configFileNotFoundException - when configuration file is not found
+		 * 		incompleteConfigurationException - when all required fields in config
+		 *											file are not available
+		 *
+		 */
+		public static function init($length = null, $action = null)
+		{
+			/*
+			 * Check if init has already been called.
+			 */
+			 if (count(self::$config) > 0) {
+				 throw new alreadyInitializedException("OWASP CSRFProtector: library was already initialized.");
+			 }
+
+			/*
+			 * if mod_csrfp already enabled, no verification, no filtering
+			 * Already done by mod_csrfp
+			 */
+			if (getenv('mod_csrfp_enabled'))
+				return;
+
+			//start session in case its not
+			if (session_id() == '')
+			    session_start();
+
+			/*
+			 * load configuration file and properties
+			 * Check locally for a config.php then check for 
+			 * a config/csrf_config.php file in the root folder
+			 * for composer installations
+			 */
+			$standard_config_location = __DIR__ ."/../config.php";
+			$composer_config_location = __DIR__ ."/../../../../../config/csrf_config.php";
+
+			if (file_exists($standard_config_location)) {
+				self::$config = include($standard_config_location);
+			} elseif(file_exists($composer_config_location)) {
+				self::$config = include($composer_config_location);
+			} else {
+				throw new configFileNotFoundException("OWASP CSRFProtector: configuration file not found for CSRFProtector!");
+			}
+
+			//overriding length property if passed in parameters
+			if ($length != null)
+				self::$config['tokenLength'] = intval($length);
+			
+			//action that is needed to be taken in case of failed authorisation
+			if ($action != null)
+				self::$config['failedAuthAction'] = $action;
+
+			if (self::$config['CSRFP_TOKEN'] == '')
+				self::$config['CSRFP_TOKEN'] = CSRFP_TOKEN;
+
+			// Validate the config if everythings filled out
+			// TODO: collect all missing values and throw exception together
+			foreach (self::$requiredConfigurations as $value) {
+				if (!isset(self::$config[$value]) || self::$config[$value] == '') {
+					throw new incompleteConfigurationException(
+						sprintf(
+							"OWASP CSRFProtector: Incomplete configuration file, Value: %s missing ",
+							$value
+						)
+					);
+					exit;
+				}
+			}
+
+			// Authorise the incoming request
+			self::authorizePost();
+
+			// Initialize output buffering handler
+			if (!defined('__TESTING_CSRFP__'))
+				ob_start('csrfProtector::ob_handler');
+
+			if (!isset($_COOKIE[self::$config['CSRFP_TOKEN']])
+				|| !isset($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !in_array($_COOKIE[self::$config['CSRFP_TOKEN']],
+					$_SESSION[self::$config['CSRFP_TOKEN']]))
+				self::refreshToken();
+
+			// Set protected by CSRF Protector header
+			header('X-CSRF-Protection: OWASP CSRFP 1.0.0');
+		}
+
+		/*
+		 * Function: authorizePost
+		 * function to authorise incoming post requests
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 *
+		 * Throws: 
+		 * logDirectoryNotFoundException - if log directory is not found
+		 */
+		public static function authorizePost()
+		{
+			//#todo this method is valid for same origin request only, 
+			//enable it for cross origin also sometime
+			//for cross origin the functionality is different
+			if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+
+				//set request type to POST
+				self::$requestType = "POST";
+
+				//currently for same origin only
+				if (!(isset($_POST[self::$config['CSRFP_TOKEN']]) 
+					&& isset($_SESSION[self::$config['CSRFP_TOKEN']])
+					&& (self::isValidToken($_POST[self::$config['CSRFP_TOKEN']]))
+					)) {
+
+					//action in case of failed validation
+					self::failedValidationAction();			
+				} else {
+					self::refreshToken();	//refresh token for successfull validation
+				}
+			} else if (!static::isURLallowed()) {
+				
+				//currently for same origin only
+				if (!(isset($_GET[self::$config['CSRFP_TOKEN']]) 
+					&& isset($_SESSION[self::$config['CSRFP_TOKEN']])
+					&& (self::isValidToken($_GET[self::$config['CSRFP_TOKEN']]))
+					)) {
+
+					//action in case of failed validation
+					self::failedValidationAction();			
+				} else {
+					self::refreshToken();	//refresh token for successfull validation
+				}
+			}	
+		}
+
+		/*
+		 * Function: isValidToken
+		 * function to check the validity of token in session array
+		 * Function also clears all tokens older than latest one
+		 *
+		 * Parameters: 
+		 * $token - the token sent with GET or POST payload
+		 *
+		 * Returns: 
+		 * bool - true if its valid else false
+		 */
+		private static function isValidToken($token) {
+			if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+			if (!is_array($_SESSION[self::$config['CSRFP_TOKEN']])) return false;
+			foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $key => $value) {
+				if ($value == $token) {
+
+					// Clear all older tokens assuming they have been consumed
+					foreach ($_SESSION[self::$config['CSRFP_TOKEN']] as $_key => $_value) {
+						if ($_value == $token) break;
+						array_shift($_SESSION[self::$config['CSRFP_TOKEN']]);
+					}
+					return true;
+				}
+			}
+
+			return false;
+		}
+
+		/*
+		 * Function: failedValidationAction
+		 * function to be called in case of failed validation
+		 * performs logging and take appropriate action
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 */
+		private static function failedValidationAction()
+		{
+			if (!file_exists(__DIR__ ."/../" .self::$config['logDirectory']))
+				throw new logDirectoryNotFoundException("OWASP CSRFProtector: Log Directory Not Found!");
+		
+			//call the logging function
+			static::logCSRFattack();
+
+			//#todo: ask mentors if $failedAuthAction is better as an int or string
+			//default case is case 0
+			switch (self::$config['failedAuthAction'][self::$requestType]) {
+				case 0:
+					//send 403 header
+					header('HTTP/1.0 403 Forbidden');
+					exit("<h2>403 Access Forbidden by CSRFProtector!</h2>");
+					break;
+				case 1:
+					//unset the query parameters and forward
+					if (self::$requestType === 'GET') {
+						$_GET = array();
+					} else {
+						$_POST = array();
+					}
+					break;
+				case 2:
+					//redirect to custom error page
+					$location  = self::$config['errorRedirectionPage'];
+					header("location: $location");
+				case 3:
+					//send custom error message
+					exit(self::$config['customErrorMessage']);
+					break;
+				case 4:
+					//send 500 header -- internal server error
+					header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
+					exit("<h2>500 Internal Server Error!</h2>");
+					break;
+				default:
+					//unset the query parameters and forward
+					if (self::$requestType === 'GET') {
+						$_GET = array();
+					} else {
+						$_POST = array();
+					}
+					break;
+			}		
+		}
+
+		/*
+		 * Function: refreshToken
+		 * Function to set auth cookie
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * void
+		 */
+		public static function refreshToken()
+		{
+			$token = self::generateAuthToken();
+
+			if (!isset($_SESSION[self::$config['CSRFP_TOKEN']])
+				|| !is_array($_SESSION[self::$config['CSRFP_TOKEN']]))
+				$_SESSION[self::$config['CSRFP_TOKEN']] = array();
+
+			//set token to session for server side validation
+			array_push($_SESSION[self::$config['CSRFP_TOKEN']], $token);
+
+			//set token to cookie for client side processing
+			setcookie(self::$config['CSRFP_TOKEN'], 
+				$token, 
+				time() + self::$cookieExpiryTime,
+				'',
+				'',
+				(array_key_exists('secureCookie', self::$config) ? (bool)self::$config['secureCookie'] : false));
+		}
+
+		/*
+		 * Function: generateAuthToken
+		 * function to generate random hash of length as given in parameter
+		 * max length = 128
+		 *
+		 * Parameters: 
+		 * length to hash required, int
+		 *
+		 * Returns:
+		 * string, token
+		 */
+		public static function generateAuthToken()
+		{
+			// todo - make this a member method / configurable
+			$randLength = 64;
+			
+			//if config tokenLength value is 0 or some non int
+			if (intval(self::$config['tokenLength']) == 0) {
+				self::$config['tokenLength'] = 32;	//set as default
+			}
+
+			//#todo - if $length > 128 throw exception 
+
+			if (function_exists("random_bytes")) {
+				$token = bin2hex(random_bytes($randLength));
+			} elseif (function_exists("openssl_random_pseudo_bytes")) {
+				$token = bin2hex(openssl_random_pseudo_bytes($randLength));
+			} else {
+				$token = '';
+				for ($i = 0; $i < 128; ++$i) {
+					$r = mt_rand (0, 35);
+					if ($r < 26) {
+						$c = chr(ord('a') + $r);
+					} else { 
+						$c = chr(ord('0') + $r - 26);
+					}
+					$token .= $c;
+				}
+			}
+			return substr($token, 0, self::$config['tokenLength']);
+		}
+
+		/*
+		 * Function: ob_handler
+		 * Rewrites <form> on the fly to add CSRF tokens to them. This can also
+		 * inject our JavaScript library.
+		 *
+		 * Parameters: 
+		 * $buffer - output buffer to which all output are stored
+		 * $flag - INT
+		 *
+		 * Return:
+		 * string, complete output buffer
+		 */
+		public static function ob_handler($buffer, $flags)
+		{
+			// Even though the user told us to rewrite, we should do a quick heuristic
+		    // to check if the page is *actually* HTML. We don't begin rewriting until
+		    // we hit the first <html tag.
+		    if (!self::$isValidHTML) {
+		        // not HTML until proven otherwise
+		        if (stripos($buffer, '<html') !== false) {
+		            self::$isValidHTML = true; 
+		        } else {
+		            return $buffer;
+		        }
+		    }
+		    
+		    // TODO: statically rewrite all forms as well so that if a form is submitted
+		    // before the js has worked on, it will still have token to send
+		    // @priority: medium @labels: important @assign: mebjas
+		    // @deadline: 1 week
+
+		    //add a <noscript> message to outgoing HTML output,
+		    //informing the user to enable js for CSRFProtector to work
+		    //best section to add, after <body> tag
+		    $buffer = preg_replace("/<body[^>]*>/", "$0 <noscript>" .self::$config['disabledJavascriptMessage'] .
+		    	"</noscript>", $buffer);
+
+		    $hiddenInput = '<input type="hidden" id="' . CSRFP_FIELD_TOKEN_NAME.'" value="' 
+		    				.self::$config['CSRFP_TOKEN'] .'">' .PHP_EOL;
+
+		    $hiddenInput .= '<input type="hidden" id="' .CSRFP_FIELD_URLS .'" value=\''
+		    				.json_encode(self::$config['verifyGetFor']) .'\'>';
+
+		    //implant hidden fields with check url information for reading in javascript
+	        $buffer = str_ireplace('</body>', $hiddenInput . '</body>', $buffer);
+
+		    //implant the CSRFGuard js file to outgoing script
+		    $script = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>' . PHP_EOL;
+		    $buffer = str_ireplace('</body>', $script . '</body>', $buffer, $count);
+
+		    if (!$count)
+		        $buffer .= $script;
+
+		    return $buffer;
+		}
+
+		/*
+		 * Function: logCSRFattack
+		 * Function to log CSRF Attack
+		 * 
+		 * Parameters: 
+		 * void
+		 *
+		 * Retruns: 
+		 * void
+		 *
+		 * Throws: 
+		 * logFileWriteError - if unable to log an attack
+		 */
+		protected static function logCSRFattack()
+		{
+			//if file doesnot exist for, create it
+			$logFile = fopen(__DIR__ ."/../" .self::$config['logDirectory']
+			."/" .date("m-20y") .".log", "a+");
+			
+			//throw exception if above fopen fails
+			if (!$logFile)
+				throw new logFileWriteError("OWASP CSRFProtector: Unable to write to the log file");	
+
+			//miniature version of the log
+			$log = array();
+			$log['timestamp'] = time();
+			$log['HOST'] = $_SERVER['HTTP_HOST'];
+			$log['REQUEST_URI'] = $_SERVER['REQUEST_URI'];
+			$log['requestType'] = self::$requestType;
+
+			if (self::$requestType === "GET")
+				$log['query'] = $_GET;
+			else
+				$log['query'] = $_POST;
+
+			$log['cookie'] = $_COOKIE;
+
+			//convert log array to JSON format to be logged
+			$log = json_encode($log) .PHP_EOL;
+
+			//append log to the file
+			fwrite($logFile, $log);
+
+			//close the file handler
+			fclose($logFile);
+		}
+
+		/*
+		 * Function: getCurrentUrl
+		 * Function to return current url of executing page
+		 * 
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * string - current url
+		 */
+		private static function getCurrentUrl()
+		{
+			$request_scheme = 'https';
+
+			if (isset($_SERVER['REQUEST_SCHEME'])) {
+				$request_scheme = $_SERVER['REQUEST_SCHEME'];
+			} else {
+				if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+					$request_scheme = 'https';
+				} else {
+					$request_scheme = 'http';
+				}
+			}
+
+			return $request_scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
+		}
+
+		/*
+		 * Function: isURLallowed
+		 * Function to check if a url mataches for any urls
+		 * Listed in config file
+		 *
+		 * Parameters: 
+		 * void
+		 *
+		 * Returns: 
+		 * boolean - true is url need no validation, false if validation needed
+		 */  
+		public static function isURLallowed() {
+			foreach (self::$config['verifyGetFor'] as $key => $value) {
+				$value = str_replace(array('/','*'), array('\/','(.*)'), $value);
+				preg_match('/' .$value .'/', self::getCurrentUrl(), $output);
+				if (count($output) > 0)
+					return false;
+			}
+			return true;
+		}
+	};
+}

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/csrf/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/licence.md

@@ -0,0 +1,13 @@
+Copyright 2014 OWASP Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/web/inc/lib/vendor/owasp/csrf-protector-php/log/.htaccess

@@ -0,0 +1 @@
+deny from all

data/web/inc/lib/vendor/owasp/csrf-protector-php/log/index.php

@@ -0,0 +1,7 @@
+<?php
+/**
+ * OWASP CSRF Protector Project
+ * Code to redirect the user to previosus directory
+ * In case a user try to access this directory directly
+ */
+header('location: ../index.php');

data/web/inc/lib/vendor/owasp/csrf-protector-php/phpunit.xml.dist

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit verbose="true">
+    <php>
+        <ini name="memory_limit" value="1024M" />
+        <ini name="error_reporting" value="E_ALL"/>
+    </php>
+    <testsuite name="OWASP CSRF Protector php">
+        <directory>./test/csrfprotector_test.php</directory>
+    </testsuite>
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+        <file>libs/csrf/csrfprotector.php</file>
+        </whitelist>
+    </filter>
+</phpunit>

data/web/inc/lib/vendor/owasp/csrf-protector-php/readme.md

@@ -0,0 +1,65 @@
+CSRF Protector
+==========================
+[![Todo Status](http://todofy.org/b/mebjas/CSRF-Protector-PHP)](http://todofy.org/r/mebjas/CSRF-Protector-PHP) [![Build Status](https://travis-ci.org/mebjas/CSRF-Protector-PHP.svg?branch=master)](https://travis-ci.org/mebjas/CSRF-Protector-PHP)  [![codecov](https://codecov.io/gh/mebjas/CSRF-Protector-PHP/branch/master/graph/badge.svg)](https://codecov.io/gh/mebjas/CSRF-Protector-PHP)
+<br>CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 
+
+Add to your project using packagist
+==========
+ Add a `composer.json` file to your project directory
+ ```json
+ {
+    "require": {
+        "owasp/csrf-protector-php": "dev-master"
+    }
+}
+```
+Then open terminal (or command prompt), move to project directory and run
+```shell
+composer install
+```
+OR
+```
+php composer.phar install
+```
+This will add CSRFP (library will be downloaded at ./vendor/owasp/csrf-protector-php) to your project directory. View [packagist.org](https://packagist.org/) for more help with composer!
+
+Configuration
+==========
+For composer installations: Copy the config.sample.php file into your root folder at config/csrf_config.php
+For non-composer installations: Copy the libs/csrf/config.sample.php file into libs/csrc/config.php
+Edit config accordingly. See Detailed Information link below.
+
+How to use
+==========
+```php
+<?php
+include_once __DIR__ .'/vendor/owasp/csrf-protector-php/libs/csrf/csrfprotector.php';
+
+//Initialise CSRFGuard library
+csrfProtector::init();
+```
+simply include the library and call the `init()` function!
+
+### Detailed information @[Project wiki on github](https://github.com/mebjas/CSRF-Protector-PHP/wiki)
+
+### More information @[OWASP wiki](https://www.owasp.org/index.php/CSRFProtector_Project)
+
+### Contribute
+
+* Fork the repo
+* Create your branch
+* Commit your changes
+* Create a pull request
+
+### Note
+This version (`master`) requires the clients to have Javascript enabled. However if your application can work without javascript & you require a nojs version of this library, check our [nojs version](https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support)
+
+## Discussion
+Join Discussions on the [mailing list](https://lists.owasp.org/mailman/listinfo/owasp-csrfprotector)
+
+For any other queries contact me at: **minhaz@owasp.org**
+
+### FAQ:
+1. What happens if token expires? - https://github.com/mebjas/CSRF-Protector-PHP/wiki/what-if-token-expires
+2. Secure flag in cookie? - https://github.com/mebjas/CSRF-Protector-PHP/issues/54
+3. NoJS support? - https://github.com/mebjas/CSRF-Protector-PHP/tree/nojs-support

data/web/inc/lib/vendor/owasp/csrf-protector-php/test/config.test.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * Configuration file for CSRF Protector
+ * Necessary configurations are (library would throw exception otherwise)
+ * ---- logDirectory
+ * ---- failedAuthAction
+ * ---- jsPath
+ * ---- jsUrl
+ * ---- tokenLength
+ */
+return array(
+	"CSRFP_TOKEN" => "csrfp_token",
+	"logDirectory" => "../log",
+	"failedAuthAction" => array(
+		"GET" => 0,
+		"POST" => 0),
+	"errorRedirectionPage" => "",
+	"customErrorMessage" => "",
+	"jsPath" => "../js/csrfprotector.js",
+	"jsUrl" => "http://localhost/csrfp/js/csrfprotector.js",
+	"tokenLength" => 10,
+	"secureCookie" => false,
+	"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
+	Cross-Site Request Forgeries </a> attacks. In order to do so, you must have JavaScript enabled in your web browser otherwise this site will fail to work correctly for you.
+	 See details of your web browser for how to enable JavaScript.",
+	 "verifyGetFor" => array()
+);

data/web/inc/lib/vendor/owasp/csrf-protector-php/test/csrfprotector_test.php

@@ -0,0 +1,534 @@
+<?php
+date_default_timezone_set('UTC');
+require_once __DIR__ .'/../libs/csrf/csrfprotector.php';
+
+if (intval(phpversion('tidy')) >= 7 && !class_exists('\PHPUnit_Framework_TestCase', true)) {
+    class_alias('\PHPUnit\Framework\TestCase', '\PHPUnit_Framework_TestCase');
+}
+
+/**
+ * Wrapper class for testing purpose
+ */
+class csrfp_wrapper extends csrfprotector
+{
+    /**
+     * Function to provide wrapper methode to set the protected var, requestType
+     */
+    public static function changeRequestType($type)
+    {
+        self::$requestType = $type;
+    }
+
+    /**
+     * Function to check for a string value anywhere within HTTP response headers
+     * Returns true on first match of $needle in header names or values
+     */
+    public static function checkHeader($needle)
+    {
+        $haystack = xdebug_get_headers();
+        foreach ($haystack as $key => $value) {
+            if (strpos($value, $needle) !== false)
+                return true;
+        }
+        return false;
+    }
+
+    /**
+     * Function to return the string value of the last response header
+     * identified by name $needle
+     */
+    public static function getHeaderValue($needle)
+    {
+        $haystack = xdebug_get_headers();
+        foreach ($haystack as $key => $value) {
+            if (strpos($value, $needle) === 0) {
+                // Deliberately overwrite to accept the last rather than first match
+                // as xdebug_get_headers() will accumulate all set headers
+                list(,$hvalue) = explode(':', $value, 2);
+            }
+        }
+        return $hvalue;
+    } 
+}
+
+/**
+ * helper methods
+ */
+class Helper {
+    /**
+     * Function to recusively delete a dir
+     */
+    public static function delTree($dir) { 
+        $files = array_diff(scandir($dir), array('.','..')); 
+        foreach ($files as $file) { 
+            (is_dir("$dir/$file")) ? delTree("$dir/$file") : unlink("$dir/$file"); 
+        } 
+        return rmdir($dir); 
+    }
+}
+
+
+/**
+ * main test class
+ */
+class csrfp_test extends PHPUnit_Framework_TestCase
+{
+    /**
+     * @var to hold current configurations
+     */
+    protected $config = array();
+
+    /**
+     * @var log directory for testing
+     */
+    private $logDir;
+
+    /**
+     * Function to be run before every test*() functions.
+     */
+    public function setUp()
+    {
+        $this->logDir = __DIR__ .'/logs';
+
+        csrfprotector::$config['jsPath'] = '../js/csrfprotector.js';
+        csrfprotector::$config['CSRFP_TOKEN'] = 'csrfp_token';
+        csrfprotector::$config['secureCookie'] = false;
+        csrfprotector::$config['logDirectory'] = '../test/logs';
+
+        $_SERVER['REQUEST_URI'] = 'temp';       // For logging
+        $_SERVER['REQUEST_SCHEME'] = 'http';    // For authorizePost
+        $_SERVER['HTTP_HOST'] = 'test';         // For isUrlAllowed
+        $_SERVER['PHP_SELF'] = '/index.php';     // For authorizePost
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+          = $_GET[csrfprotector::$config['CSRFP_TOKEN']] = '123';
+
+        //token mismatch - leading to failed validation
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+        $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.1';
+        $_SERVER['HTTPS'] = null;
+
+        $this->config = include(__DIR__ .'/config.test.php');
+
+        // Create an instance of config file -- for testing
+        $data = file_get_contents(__DIR__ .'/config.test.php');
+        file_put_contents(__DIR__ .'/../libs/config.php', $data);
+
+        if (!defined('__TESTING_CSRFP__')) define('__TESTING_CSRFP__', true);
+    }
+
+    /**
+     * tearDown()
+     */
+    public function tearDown()
+    {
+        unlink(__DIR__ .'/../libs/config.php');
+        if (is_dir(__DIR__ .'/logs'))
+            Helper::delTree(__DIR__ .'/logs');
+    }
+
+    /**
+     * Function to check refreshToken() functionality
+     */
+    public function testRefreshToken()
+    {
+        $val = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = '123abcd';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+        csrfProtector::$config['tokenLength'] = 20;
+        csrfProtector::refreshToken();
+
+        $this->assertTrue(strcmp($val, $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]) != 0);
+
+        $this->assertTrue(csrfP_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfP_wrapper::checkHeader('csrfp_token'));
+        $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][1]));
+    }
+
+    /**
+     * test secure flag is set in the token cookie when requested
+     */
+    public function testSecureCookie()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('123abcd');
+
+        csrfprotector::$config['secureCookie'] = false;
+        csrfprotector::refreshToken();
+        $this->assertNotRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+
+        csrfprotector::$config['secureCookie'] = true;
+        csrfprotector::refreshToken();
+        $this->assertRegExp('/; secure/', csrfp_wrapper::getHeaderValue('Set-Cookie'));
+    }
+
+    /**
+     * test authorise post -> log directory exception
+     */
+    public function testAuthorisePost_logdirException()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        csrfprotector::$config['logDirectory'] = 'unknown_location';
+
+        try {
+            csrfprotector::authorizePost();
+        } catch (logDirectoryNotFoundException $ex) {
+            $this->assertTrue(true);
+            return;;
+        }
+        $this->fail('logDirectoryNotFoundException has not been raised.');
+    }
+
+    /**
+     * test authorise post -> action = 403, forbidden
+     */
+    public function testAuthorisePost_failedAction_1()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['failedAuthAction']['POST'] = 0;
+        csrfprotector::$config['failedAuthAction']['GET'] = 0;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> strip $_GET, $_POST
+     */
+    public function testAuthorisePost_failedAction_2()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 1;
+        csrfprotector::$config['failedAuthAction']['GET'] = 1;
+
+        $_POST = array('param1' => 1, 'param2' => 2);
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_POST);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_GET = array('param1' => 1, 'param2' => 2);
+
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_GET);
+    }
+
+    /**
+     * test authorise post -> redirect
+     */
+    public function testAuthorisePost_failedAction_3()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['errorRedirectionPage'] = 'http://test';
+        csrfprotector::$config['failedAuthAction']['POST'] = 2;
+        csrfprotector::$config['failedAuthAction']['GET'] = 2;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> error message & exit
+     */
+    public function testAuthorisePost_failedAction_4()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['customErrorMessage'] = 'custom error message';
+        csrfprotector::$config['failedAuthAction']['POST'] = 3;
+        csrfprotector::$config['failedAuthAction']['POST'] = 3;
+
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        $this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> 500 internal server error
+     */
+    public function testAuthorisePost_failedAction_5()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 4;
+        csrfprotector::$config['failedAuthAction']['GET'] = 4;
+
+        //csrfprotector::authorizePost();
+        //$this->markTestSkipped('Cannot add tests as code exit here');
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        //csrfprotector::authorizePost();
+        //csrfp_wrapper::checkHeader('500');
+        //$this->markTestSkipped('Cannot add tests as code exit here');
+    }
+
+    /**
+     * test authorise post -> default action: strip $_GET, $_POST
+     */
+    public function testAuthorisePost_failedAction_6()
+    {
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+
+        csrfprotector::$config['logDirectory'] = '../log';
+        csrfprotector::$config['verifyGetFor'] = array('http://test/index*');
+        csrfprotector::$config['failedAuthAction']['POST'] = 10;
+        csrfprotector::$config['failedAuthAction']['GET'] = 10;
+
+        $_POST = array('param1' => 1, 'param2' => 2);
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_POST);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_GET = array('param1' => 1, 'param2' => 2);
+
+        csrfprotector::authorizePost();
+        $this->assertEmpty($_GET);
+    }
+
+    /**
+     * test authorise success
+     */
+    public function testAuthorisePost_success()
+    {
+
+        $_SERVER['REQUEST_METHOD'] = 'POST';
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+        $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+        csrfprotector::authorizePost(); //will create new session and cookies
+        $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]);
+        $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+        // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]));  // Combine these 3 later
+
+        // For get method
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfp_wrapper::changeRequestType('GET');
+        $_POST[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_GET[csrfprotector::$config['CSRFP_TOKEN']]
+            = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0];
+        $temp = $_SESSION[csrfprotector::$config['CSRFP_TOKEN']];
+
+        csrfprotector::authorizePost(); //will create new session and cookies
+        $this->assertFalse($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']]);
+        $this->assertTrue(csrfp_wrapper::checkHeader('Set-Cookie'));
+        $this->assertTrue(csrfp_wrapper::checkHeader('csrfp_token'));
+        // $this->assertTrue(csrfp_wrapper::checkHeader($_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]));  // Combine these 3 later
+    }
+
+    /**
+     * test for generateAuthToken()
+     */
+    public function testGenerateAuthToken()
+    {
+        csrfprotector::$config['tokenLength'] = 20;
+        $token1 = csrfprotector::generateAuthToken();
+        $token2 = csrfprotector::generateAuthToken();
+
+        $this->assertFalse($token1 == $token2);
+        $this->assertEquals(strlen($token1), 20);
+        $this->assertRegExp('/^[a-z0-9]{20}$/', $token1);
+
+        csrfprotector::$config['tokenLength'] = 128;
+        $token = csrfprotector::generateAuthToken();
+        $this->assertEquals(strlen($token), 128);
+        $this->assertRegExp('/^[a-z0-9]{128}$/', $token);
+    }
+
+    /**
+     * test ob_handler_function
+     */
+    public function testob_handler()
+    {
+        csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+        csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+        $testHTML = '<html>';
+        $testHTML .= '<head><title>1</title>';
+        $testHTML .= '<body onload="test()">';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '</body>';
+        $testHTML .= '</head></html>';
+
+        $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+        $inpLength = strlen($testHTML);
+        $outLength = strlen($modifiedHTML);
+
+        //Check if file has been modified
+        $this->assertFalse($outLength == $inpLength);
+        $this->assertTrue(strpos($modifiedHTML, '<noscript>') !== false);
+        $this->assertTrue(strpos($modifiedHTML, '<script') !== false);
+
+    }
+
+    /**
+     * test ob_handler_function for output filter
+     */
+    public function testob_handler_positioning()
+    {
+        csrfprotector::$config['disabledJavascriptMessage'] = 'test message';
+        csrfprotector::$config['jsUrl'] = 'http://localhost/test/csrf/js/csrfprotector.js';
+
+        $testHTML = '<html>';
+        $testHTML .= '<head><title>1</title>';
+        $testHTML .= '<body onload="test()">';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '-- some static content --';
+        $testHTML .= '</body>';
+        $testHTML .= '</head></html>';
+
+        $modifiedHTML = csrfprotector::ob_handler($testHTML, 0);
+
+        $this->assertEquals(strpos($modifiedHTML, '<body') + 23, strpos($modifiedHTML, '<noscript'));
+        // Check if content before </body> is </script> #todo
+        //$this->markTestSkipped('todo, add appropriate test here');
+    }
+
+    /**
+     * testing exception in logging function
+     */
+    public function testgetCurrentUrl()
+    {
+        $stub = new ReflectionClass('csrfprotector');
+        $method = $stub->getMethod('getCurrentUrl');
+        $method->setAccessible(true);
+        $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+        $tmp_request_scheme = $_SERVER['REQUEST_SCHEME'];
+        unset($_SERVER['REQUEST_SCHEME']);
+
+        // server-https is not set
+        $this->assertEquals($method->invoke(null, array()), "http://test/index.php");
+
+        $_SERVER['HTTPS'] = 'on';
+        $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+        unset($_SERVER['HTTPS']);
+
+        $_SERVER['REQUEST_SCHEME'] = "https";
+        $this->assertEquals($method->invoke(null, array()), "https://test/index.php");
+
+        $_SERVER['REQUEST_SCHEME'] = $tmp_request_scheme;
+    }
+
+    /**
+     * testing exception in logging function
+     */
+    public function testLoggingException()
+    {
+        $stub = new ReflectionClass('csrfprotector');
+        $method = $stub->getMethod('logCSRFattack');
+        $method->setAccessible(true);
+
+        try {
+            $method->invoke(null, array());
+            $this->fail("logFileWriteError was not caught");
+        } catch (Exception $ex) {
+            // pass
+            $this->assertTrue(true);
+        }
+
+        if (!is_dir($this->logDir))
+            mkdir($this->logDir);
+        $method->invoke(null, array());
+        $this->assertTrue(file_exists($this->logDir ."/" .date("m-20y") .".log"));
+    }
+
+    /**
+     * Tests isUrlAllowed() function for various urls and configuration
+     */
+    public function testisURLallowed()
+    {
+        csrfprotector::$config['verifyGetFor'] = array('http://test/delete*', 'https://test/*');
+
+        $_SERVER['PHP_SELF'] = '/nodelete.php';
+        $this->assertTrue(csrfprotector::isURLallowed());
+
+        $_SERVER['PHP_SELF'] = '/index.php';
+        $this->assertTrue(csrfprotector::isURLallowed('http://test/index.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete.php';
+        $this->assertFalse(csrfprotector::isURLallowed('http://test/delete.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete_user.php';
+        $this->assertFalse(csrfprotector::isURLallowed('http://test/delete_users.php'));
+
+        $_SERVER['REQUEST_SCHEME'] = 'https';
+        $_SERVER['PHP_SELF'] = '/index.php';
+        $this->assertFalse(csrfprotector::isURLallowed('https://test/index.php'));
+
+        $_SERVER['PHP_SELF'] = '/delete_user.php';
+        $this->assertFalse(csrfprotector::isURLallowed('https://test/delete_users.php'));
+    }
+
+    /**
+     * Test for exception thrown when env variable is set by mod_csrfprotector
+     */
+    public function testModCSRFPEnabledException()
+    {
+        putenv('mod_csrfp_enabled=true');
+        $temp = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = 'abc';
+        $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc');
+
+        csrfProtector::$config = array();
+        csrfProtector::init();
+
+        // Assuming no config was added
+        $this->assertTrue(count(csrfProtector::$config) == 0);
+        
+        // unset the env variable
+        putenv('mod_csrfp_enabled');
+    }
+
+    /**
+     * Test for exception thrown when init() method is called multiple times
+     */
+    public function testMultipleInitializeException()
+    {
+        csrfProtector::$config = array();
+        $this->assertTrue(count(csrfProtector::$config) == 0);
+
+        $_SERVER['REQUEST_METHOD'] = 'GET';
+        csrfProtector::init();
+
+        $this->assertTrue(count(csrfProtector::$config) == 11);
+        try {
+            csrfProtector::init();
+            $this->fail("alreadyInitializedException not raised");
+        }  catch (alreadyInitializedException $ex) {
+            // pass
+            $this->assertTrue(true);
+        } catch (Exception $ex) {
+            $this->fail("exception other than alreadyInitializedException failed");            
+        }
+    }
+}