diff --git a/apps/files/l10n/pt_PT.php b/apps/files/l10n/pt_PT.php index 15d6fc80bd..d90e299970 100644 --- a/apps/files/l10n/pt_PT.php +++ b/apps/files/l10n/pt_PT.php @@ -46,6 +46,7 @@ "{count} folders" => "{count} pastas", "1 file" => "1 ficheiro", "{count} files" => "{count} ficheiros", +"Invalid folder name. Usage of 'Shared' is reserved by ownCloud" => "Nome da pasta inválido. Palavra 'Shared' é reservado pela ownCloud", "Unable to rename file" => "Não foi possível renomear o ficheiro", "Upload" => "Carregar", "File handling" => "Manuseamento de ficheiros", diff --git a/apps/files_encryption/ajax/adminrecovery.php b/apps/files_encryption/ajax/adminrecovery.php index 6d7953b563..6a0186d5a9 100644 --- a/apps/files_encryption/ajax/adminrecovery.php +++ b/apps/files_encryption/ajax/adminrecovery.php @@ -13,31 +13,47 @@ use OCA\Encryption; \OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); -$l=OC_L10N::get('files_encryption'); +$l = OC_L10N::get('files_encryption'); $return = false; - // Enable recoveryAdmin $recoveryKeyId = OC_Appconfig::getValue('files_encryption', 'recoveryKeyId'); -if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] == 1){ +if (isset($_POST['adminEnableRecovery']) && $_POST['adminEnableRecovery'] === '1') { $return = \OCA\Encryption\Helper::adminEnableRecovery($recoveryKeyId, $_POST['recoveryPassword']); - $action = "enable"; + + // Return success or failure + if ($return) { + \OCP\JSON::success(array('data' => array('message' => $l->t('Recovery key successfully enabled')))); + } else { + \OCP\JSON::error(array( + 'data' => array( + 'message' => $l->t( + 'Could not enable recovery key. Please check your recovery key password!') + ) + )); + } // Disable recoveryAdmin } elseif ( isset($_POST['adminEnableRecovery']) - && 0 == $_POST['adminEnableRecovery'] + && '0' === $_POST['adminEnableRecovery'] ) { $return = \OCA\Encryption\Helper::adminDisableRecovery($_POST['recoveryPassword']); - $action = "disable"; + + // Return success or failure + if ($return) { + \OCP\JSON::success(array('data' => array('message' => $l->t('Recovery key successfully disabled')))); + } else { + \OCP\JSON::error(array( + 'data' => array( + 'message' => $l->t( + 'Could not disable recovery key. Please check your recovery key password!') + ) + )); + } } -// Return success or failure -if ($return) { - \OCP\JSON::success(array("data" => array( "message" => $l->t('Recovery key successfully ' . $action.'d')))); -} else { - \OCP\JSON::error(array("data" => array( "message" => $l->t('Could not '.$action.' recovery key. Please check your recovery key password!')))); -} + diff --git a/apps/files_encryption/ajax/changeRecoveryPassword.php b/apps/files_encryption/ajax/changeRecoveryPassword.php index d990796a4f..b0594f967b 100644 --- a/apps/files_encryption/ajax/changeRecoveryPassword.php +++ b/apps/files_encryption/ajax/changeRecoveryPassword.php @@ -6,7 +6,7 @@ * See the COPYING-README file. * * @brief Script to change recovery key password - * + * */ use OCA\Encryption; @@ -15,7 +15,7 @@ use OCA\Encryption; \OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); -$l=OC_L10N::get('core'); +$l = OC_L10N::get('core'); $return = false; @@ -28,7 +28,7 @@ $result = $util->checkRecoveryPassword($oldPassword); if ($result) { $keyId = $util->getRecoveryKeyId(); - $keyPath = '/owncloud_private_key/' . $keyId . ".private.key"; + $keyPath = '/owncloud_private_key/' . $keyId . '.private.key'; $view = new \OC\Files\View('/'); $proxyStatus = \OC_FileProxy::$enabled; @@ -46,7 +46,7 @@ if ($result) { // success or failure if ($return) { - \OCP\JSON::success(array("data" => array( "message" => $l->t('Password successfully changed.')))); + \OCP\JSON::success(array('data' => array('message' => $l->t('Password successfully changed.')))); } else { - \OCP\JSON::error(array("data" => array( "message" => $l->t('Could not change the password. Maybe the old password was not correct.')))); + \OCP\JSON::error(array('data' => array('message' => $l->t('Could not change the password. Maybe the old password was not correct.')))); } \ No newline at end of file diff --git a/apps/files_encryption/ajax/userrecovery.php b/apps/files_encryption/ajax/userrecovery.php index 1f42b376e4..1d0f1ac2d1 100644 --- a/apps/files_encryption/ajax/userrecovery.php +++ b/apps/files_encryption/ajax/userrecovery.php @@ -10,32 +10,32 @@ use OCA\Encryption; \OCP\JSON::checkLoggedIn(); -\OCP\JSON::checkAppEnabled( 'files_encryption' ); +\OCP\JSON::checkAppEnabled('files_encryption'); \OCP\JSON::callCheck(); -if ( - isset( $_POST['userEnableRecovery'] ) - && ( 0 == $_POST['userEnableRecovery'] || 1 == $_POST['userEnableRecovery'] ) +if ( + isset($_POST['userEnableRecovery']) + && (0 == $_POST['userEnableRecovery'] || '1' === $_POST['userEnableRecovery']) ) { $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView( '/' ); - $util = new \OCA\Encryption\Util( $view, $userId ); - - // Save recovery preference to DB - $return = $util->setRecoveryForUser( $_POST['userEnableRecovery'] ); + $view = new \OC_FilesystemView('/'); + $util = new \OCA\Encryption\Util($view, $userId); - if ($_POST['userEnableRecovery'] == "1") { + // Save recovery preference to DB + $return = $util->setRecoveryForUser($_POST['userEnableRecovery']); + + if ($_POST['userEnableRecovery'] === '1') { $util->addRecoveryKeys(); } else { $util->removeRecoveryKeys(); } - + } else { $return = false; - + } // Return success or failure -( $return ) ? \OCP\JSON::success() : \OCP\JSON::error(); \ No newline at end of file +($return) ? \OCP\JSON::success() : \OCP\JSON::error(); \ No newline at end of file diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php index 7d01696e08..d9bb4d5e74 100644 --- a/apps/files_encryption/appinfo/app.php +++ b/apps/files_encryption/appinfo/app.php @@ -10,7 +10,7 @@ OC::$CLASSPATH['OCA\Encryption\Session'] = 'files_encryption/lib/session.php'; OC::$CLASSPATH['OCA\Encryption\Capabilities'] = 'files_encryption/lib/capabilities.php'; OC::$CLASSPATH['OCA\Encryption\Helper'] = 'files_encryption/lib/helper.php'; -OC_FileProxy::register( new OCA\Encryption\Proxy() ); +OC_FileProxy::register(new OCA\Encryption\Proxy()); // User related hooks OCA\Encryption\Helper::registerUserHooks(); @@ -21,7 +21,7 @@ OCA\Encryption\Helper::registerShareHooks(); // Filesystem related hooks OCA\Encryption\Helper::registerFilesystemHooks(); -stream_wrapper_register( 'crypt', 'OCA\Encryption\Stream' ); +stream_wrapper_register('crypt', 'OCA\Encryption\Stream'); // check if we are logged in if (OCP\User::isLoggedIn()) { @@ -46,6 +46,6 @@ if (OCP\User::isLoggedIn()) { } // Register settings scripts -OCP\App::registerAdmin( 'files_encryption', 'settings-admin' ); -OCP\App::registerPersonal( 'files_encryption', 'settings-personal' ); +OCP\App::registerAdmin('files_encryption', 'settings-admin'); +OCP\App::registerPersonal('files_encryption', 'settings-personal'); diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php index 0ef796dbae..eb9a2600d7 100644 --- a/apps/files_encryption/hooks/hooks.php +++ b/apps/files_encryption/hooks/hooks.php @@ -37,106 +37,106 @@ class Hooks { * @brief Startup encryption backend upon user login * @note This method should never be called for users using client side encryption */ - public static function login( $params ) { - + public static function login($params) { + // Manually initialise Filesystem{} singleton with correct // fake root path, in order to avoid fatal webdav errors - // NOTE: disabled because this give errors on webdav! + // NOTE: disabled because this give errors on webdav! //\OC\Files\Filesystem::init( $params['uid'], '/' . 'files' . '/' ); - - $view = new \OC_FilesystemView( '/' ); - $util = new Util( $view, $params['uid'] ); + $view = new \OC_FilesystemView('/'); - // setup user, if user not ready force relogin - if(Helper::setupUser($util, $params['password']) === false) { - return false; - } + $util = new Util($view, $params['uid']); - $encryptedKey = Keymanager::getPrivateKey( $view, $params['uid'] ); - - $privateKey = Crypt::symmetricDecryptFileContent( $encryptedKey, $params['password'] ); + // setup user, if user not ready force relogin + if (Helper::setupUser($util, $params['password']) === false) { + return false; + } + + $encryptedKey = Keymanager::getPrivateKey($view, $params['uid']); + + $privateKey = Crypt::symmetricDecryptFileContent($encryptedKey, $params['password']); + + $session = new \OCA\Encryption\Session($view); + + $session->setPrivateKey($privateKey, $params['uid']); - $session = new \OCA\Encryption\Session( $view ); - - $session->setPrivateKey( $privateKey, $params['uid'] ); - // Check if first-run file migration has already been performed $migrationCompleted = $util->getMigrationStatus(); - + // If migration not yet done - if ( ! $migrationCompleted ) { - - $userView = new \OC_FilesystemView( '/' . $params['uid'] ); - + if (!$migrationCompleted) { + + $userView = new \OC_FilesystemView('/' . $params['uid']); + // Set legacy encryption key if it exists, to support // depreciated encryption system if ( - $userView->file_exists( 'encryption.key' ) - && $encLegacyKey = $userView->file_get_contents( 'encryption.key' ) + $userView->file_exists('encryption.key') + && $encLegacyKey = $userView->file_get_contents('encryption.key') ) { - - $plainLegacyKey = Crypt::legacyBlockDecrypt( $encLegacyKey, $params['password'] ); - - $session->setLegacyKey( $plainLegacyKey ); - + + $plainLegacyKey = Crypt::legacyBlockDecrypt($encLegacyKey, $params['password']); + + $session->setLegacyKey($plainLegacyKey); + } - + // Encrypt existing user files: // This serves to upgrade old versions of the encryption // app (see appinfo/spec.txt) if ( - $util->encryptAll( '/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'] ) + $util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password']) ) { - - \OC_Log::write( + + \OC_Log::write( 'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed' - , \OC_Log::INFO + , \OC_Log::INFO ); - + } // Register successful migration in DB - $util->setMigrationStatus( 1 ); - + $util->setMigrationStatus(1); + } return true; } - /** - * @brief setup encryption backend upon user created - * @note This method should never be called for users using client side encryption - */ - public static function postCreateUser( $params ) { - $view = new \OC_FilesystemView( '/' ); + /** + * @brief setup encryption backend upon user created + * @note This method should never be called for users using client side encryption + */ + public static function postCreateUser($params) { + $view = new \OC_FilesystemView('/'); - $util = new Util( $view, $params['uid'] ); + $util = new Util($view, $params['uid']); - Helper::setupUser($util, $params['password']); - } + Helper::setupUser($util, $params['password']); + } - /** - * @brief cleanup encryption backend upon user deleted - * @note This method should never be called for users using client side encryption - */ - public static function postDeleteUser( $params ) { - $view = new \OC_FilesystemView( '/' ); + /** + * @brief cleanup encryption backend upon user deleted + * @note This method should never be called for users using client side encryption + */ + public static function postDeleteUser($params) { + $view = new \OC_FilesystemView('/'); - // cleanup public key - $publicKey = '/public-keys/' . $params['uid'] . '.public.key'; + // cleanup public key + $publicKey = '/public-keys/' . $params['uid'] . '.public.key'; - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - $view->unlink($publicKey); + $view->unlink($publicKey); - \OC_FileProxy::$enabled = $proxyStatus; - } + \OC_FileProxy::$enabled = $proxyStatus; + } - /** + /** * @brief Change a user's encryption passphrase * @param array $params keys: uid, password */ @@ -145,9 +145,9 @@ class Hooks { // Only attempt to change passphrase if server-side encryption // is in use (client-side encryption does not have access to // the necessary keys) - if (Crypt::mode() == 'server') { + if (Crypt::mode() === 'server') { - if ($params['uid'] == \OCP\User::getUser()) { + if ($params['uid'] === \OCP\User::getUser()) { $view = new \OC_FilesystemView('/'); @@ -165,10 +165,10 @@ class Hooks { // NOTE: Session does not need to be updated as the // private key has not changed, only the passphrase // used to decrypt it has changed - - + + } else { // admin changed the password for a different user, create new keys and reencrypt file keys - + $user = $params['uid']; $recoveryPassword = $params['recoveryPassword']; $newUserPassword = $params['password']; @@ -179,21 +179,22 @@ class Hooks { \OC\Files\Filesystem::initMountPoints($user); $keypair = Crypt::createKeypair(); - + // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Save public key - $view->file_put_contents( '/public-keys/'.$user.'.public.key', $keypair['publicKey'] ); + $view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']); // Encrypt private key empty passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $newUserPassword ); + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword); // Save private key - $view->file_put_contents( '/'.$user.'/files_encryption/'.$user.'.private.key', $encryptedPrivateKey ); + $view->file_put_contents( + '/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey); - if ( $recoveryPassword ) { // if recovery key is set we can re-encrypt the key files + if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files $util = new Util($view, $user); $util->recoverUsersFiles($recoveryPassword); } @@ -231,16 +232,17 @@ class Hooks { } } - if($error) - // Set flag var 'run' to notify emitting + if ($error) // Set flag var 'run' to notify emitting // script that hook execution failed + { $params['run']->run = false; - // TODO: Make sure files_sharing provides user - // feedback on failed share + } + // TODO: Make sure files_sharing provides user + // feedback on failed share } /** - * @brief + * @brief */ public static function postShared($params) { @@ -273,7 +275,7 @@ class Hooks { $share = $util->getParentFromShare($params['id']); //if parent is set, then this is a re-share action - if ($share['parent'] != null) { + if ($share['parent'] !== null) { // get the parent from current share $parent = $util->getShareParent($params['parent']); @@ -325,6 +327,12 @@ class Hooks { $sharingEnabled = \OCP\Share::isEnabled(); + // get the path including mount point only if not a shared folder + if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) { + // get path including the the storage mount point + $path = $util->getPathWithMountPoint($params['itemSource']); + } + // if a folder was shared, get a list of all (sub-)folders if ($params['itemType'] === 'folder') { $allFiles = $util->getAllFiles($path); @@ -334,15 +342,15 @@ class Hooks { foreach ($allFiles as $path) { $usersSharing = $util->getSharingUsersArray($sharingEnabled, $path); - $util->setSharedFileKeyfiles( $session, $usersSharing, $path ); + $util->setSharedFileKeyfiles($session, $usersSharing, $path); } } } - + /** - * @brief + * @brief */ - public static function postUnshare( $params ) { + public static function postUnshare($params) { // NOTE: $params has keys: // [itemType] => file @@ -351,40 +359,34 @@ class Hooks { // [shareWith] => test1 // [itemParent] => - if ( $params['itemType'] === 'file' || $params['itemType'] === 'folder' ) { + if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') { - $view = new \OC_FilesystemView( '/' ); + $view = new \OC_FilesystemView('/'); $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId); - $path = $util->fileIdToPath( $params['itemSource'] ); + $util = new Util($view, $userId); + $path = $util->fileIdToPath($params['itemSource']); // check if this is a re-share - if ( $params['itemParent'] ) { + if ($params['itemParent']) { // get the parent from current share - $parent = $util->getShareParent( $params['itemParent'] ); + $parent = $util->getShareParent($params['itemParent']); // get target path - $targetPath = $util->fileIdToPath( $params['itemSource'] ); - $targetPathSplit = array_reverse( explode( '/', $targetPath ) ); + $targetPath = $util->fileIdToPath($params['itemSource']); + $targetPathSplit = array_reverse(explode('/', $targetPath)); // init values $path = ''; - $sharedPart = ltrim( $parent['file_target'], '/' ); + $sharedPart = ltrim($parent['file_target'], '/'); // rebuild path - foreach ( $targetPathSplit as $pathPart ) { - - if ( $pathPart !== $sharedPart ) { - + foreach ($targetPathSplit as $pathPart) { + if ($pathPart !== $sharedPart) { $path = '/' . $pathPart . $path; - } else { - break; - } - } // prefix path with Shared @@ -392,118 +394,127 @@ class Hooks { } // for group shares get a list of the group members - if ( $params['shareType'] == \OCP\Share::SHARE_TYPE_GROUP ) { + if ($params['shareType'] === \OCP\Share::SHARE_TYPE_GROUP) { $userIds = \OC_Group::usersInGroup($params['shareWith']); - } else if ( $params['shareType'] == \OCP\Share::SHARE_TYPE_LINK ){ - $userIds = array( $util->getPublicShareKeyId() ); } else { - $userIds = array( $params['shareWith'] ); + if ($params['shareType'] === \OCP\Share::SHARE_TYPE_LINK) { + $userIds = array($util->getPublicShareKeyId()); + } else { + $userIds = array($params['shareWith']); + } + } + + // get the path including mount point only if not a shared folder + if(strncmp($path, '/Shared' , strlen('/Shared') !== 0)) { + // get path including the the storage mount point + $path = $util->getPathWithMountPoint($params['itemSource']); } // if we unshare a folder we need a list of all (sub-)files - if ( $params['itemType'] === 'folder' ) { - + if ($params['itemType'] === 'folder') { $allFiles = $util->getAllFiles( $path ); - } else { - - $allFiles = array( $path ); + $allFiles = array($path); } - foreach ( $allFiles as $path ) { + foreach ($allFiles as $path) { // check if the user still has access to the file, otherwise delete share key - $sharingUsers = $util->getSharingUsersArray( true, $path ); + $sharingUsers = $util->getSharingUsersArray(true, $path); // Unshare every user who no longer has access to the file - $delUsers = array_diff( $userIds, $sharingUsers); + $delUsers = array_diff($userIds, $sharingUsers); // delete share key - Keymanager::delShareKey( $view, $delUsers, $path ); + Keymanager::delShareKey($view, $delUsers, $path); } } } - + /** - * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing - * @param array with oldpath and newpath - * - * This function is connected to the rename signal of OC_Filesystem and adjust the name and location - * of the stored versions along the actual file - */ - public static function postRename($params) { - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing + * @param array with oldpath and newpath + * + * This function is connected to the rename signal of OC_Filesystem and adjust the name and location + * of the stored versions along the actual file + */ + public static function postRename($params) { + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; - $view = new \OC_FilesystemView('/'); - $session = new \OCA\Encryption\Session($view); - $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId ); + $view = new \OC_FilesystemView('/'); + $session = new \OCA\Encryption\Session($view); + $userId = \OCP\User::getUser(); + $util = new Util($view, $userId); - // Format paths to be relative to user files dir - $oldKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['oldpath']); - $newKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['newpath']); + // Format paths to be relative to user files dir + $oldKeyfilePath = \OC\Files\Filesystem::normalizePath( + $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['oldpath']); + $newKeyfilePath = \OC\Files\Filesystem::normalizePath( + $userId . '/' . 'files_encryption' . '/' . 'keyfiles' . '/' . $params['newpath']); - // add key ext if this is not an folder - if (!$view->is_dir($oldKeyfilePath)) { - $oldKeyfilePath .= '.key'; - $newKeyfilePath .= '.key'; + // add key ext if this is not an folder + if (!$view->is_dir($oldKeyfilePath)) { + $oldKeyfilePath .= '.key'; + $newKeyfilePath .= '.key'; - // handle share-keys - $localKeyPath = $view->getLocalFile($userId.'/files_encryption/share-keys/'.$params['oldpath']); - $matches = glob(preg_quote($localKeyPath).'*.shareKey'); - foreach ($matches as $src) { - $dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src)); + // handle share-keys + $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $params['oldpath']); + $matches = glob(preg_quote($localKeyPath) . '*.shareKey'); + foreach ($matches as $src) { + $dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src)); - // create destination folder if not exists - if(!file_exists(dirname($dst))) { - mkdir(dirname($dst), 0750, true); - } + // create destination folder if not exists + if (!file_exists(dirname($dst))) { + mkdir(dirname($dst), 0750, true); + } - rename($src, $dst); - } + rename($src, $dst); + } - } else { - // handle share-keys folders - $oldShareKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['oldpath']); - $newShareKeyfilePath = \OC\Files\Filesystem::normalizePath($userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['newpath']); + } else { + // handle share-keys folders + $oldShareKeyfilePath = \OC\Files\Filesystem::normalizePath( + $userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['oldpath']); + $newShareKeyfilePath = \OC\Files\Filesystem::normalizePath( + $userId . '/' . 'files_encryption' . '/' . 'share-keys' . '/' . $params['newpath']); - // create destination folder if not exists - if(!$view->file_exists(dirname($newShareKeyfilePath))) { - $view->mkdir(dirname($newShareKeyfilePath), 0750, true); - } + // create destination folder if not exists + if (!$view->file_exists(dirname($newShareKeyfilePath))) { + $view->mkdir(dirname($newShareKeyfilePath), 0750, true); + } - $view->rename($oldShareKeyfilePath, $newShareKeyfilePath); - } + $view->rename($oldShareKeyfilePath, $newShareKeyfilePath); + } - // Rename keyfile so it isn't orphaned - if($view->file_exists($oldKeyfilePath)) { + // Rename keyfile so it isn't orphaned + if ($view->file_exists($oldKeyfilePath)) { - // create destination folder if not exists - if(!$view->file_exists(dirname($newKeyfilePath))) { - $view->mkdir(dirname($newKeyfilePath), 0750, true); - } + // create destination folder if not exists + if (!$view->file_exists(dirname($newKeyfilePath))) { + $view->mkdir(dirname($newKeyfilePath), 0750, true); + } - $view->rename($oldKeyfilePath, $newKeyfilePath); - } + $view->rename($oldKeyfilePath, $newKeyfilePath); + } - // build the path to the file - $newPath = '/' . $userId . '/files' .$params['newpath']; - $newPathRelative = $params['newpath']; + // build the path to the file + $newPath = '/' . $userId . '/files' . $params['newpath']; + $newPathRelative = $params['newpath']; - if($util->fixFileSize($newPath)) { - // get sharing app state - $sharingEnabled = \OCP\Share::isEnabled(); + if ($util->fixFileSize($newPath)) { + // get sharing app state + $sharingEnabled = \OCP\Share::isEnabled(); - // get users - $usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative); + // get users + $usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative); - // update sharing-keys - $util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative); - } + // update sharing-keys + $util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative); + } - \OC_FileProxy::$enabled = $proxyStatus; - } + \OC_FileProxy::$enabled = $proxyStatus; + } } diff --git a/apps/files_encryption/l10n/et_EE.php b/apps/files_encryption/l10n/et_EE.php index c8d5361c08..e762647f78 100644 --- a/apps/files_encryption/l10n/et_EE.php +++ b/apps/files_encryption/l10n/et_EE.php @@ -1,4 +1,22 @@ "Taastevõtme lubamine õnnestus", +"Could not enable recovery key. Please check your recovery key password!" => "Ei suutnud lubada taastevõtit. Palun kontrolli oma taastevõtme parooli!", +"Recovery key successfully disabled" => "Taastevõtme keelamine õnnestus", +"Could not disable recovery key. Please check your recovery key password!" => "Ei suuda keelata taastevõtit. Palun kontrolli oma taastevõtme parooli!", +"Password successfully changed." => "Parool edukalt vahetatud.", +"Could not change the password. Maybe the old password was not correct." => "Ei suutnud vahetada parooli. Võib-olla on vana parool valesti sisestatud.", "Saving..." => "Salvestamine...", -"Encryption" => "Krüpteerimine" +"Encryption" => "Krüpteerimine", +"Enable encryption passwords recovery key (allow sharing to recovery key):" => "Luba krüpteerimise paroolide taastevõti (võimalda parooli jagamine taastevõtmesse):", +"Recovery account password" => "Konto taasteparool", +"Enabled" => "Sisse lülitatud", +"Disabled" => "Väljalülitatud", +"Change encryption passwords recovery key:" => "Muuda taaste võtme krüpteerimise paroole:", +"Old Recovery account password" => "Konto vana taaste parool", +"New Recovery account password" => "Konto uus taasteparool", +"Change Password" => "Muuda parooli", +"Enable password recovery by sharing all files with your administrator:" => "Luba parooli taaste jagades kõik failid administraatoriga:", +"Enabling this option will allow you to reobtain access to your encrypted files if your password is lost" => "Valiku lubamine võimaldab taastada ligipääsu krüpteeritud failidele kui parool on kadunud", +"File recovery settings updated" => "Faili taaste seaded uuendatud", +"Could not update file recovery" => "Ei suuda uuendada taastefaili" ); diff --git a/apps/files_encryption/l10n/gl.php b/apps/files_encryption/l10n/gl.php index 4c53c7e3d2..ca93efba9a 100644 --- a/apps/files_encryption/l10n/gl.php +++ b/apps/files_encryption/l10n/gl.php @@ -1,6 +1,8 @@ "O contrasinal foi recuperado satisfactoriamente", -"Could not " => "Non foi posíbel", +"Recovery key successfully enabled" => "Activada satisfactoriamente a chave de recuperación", +"Could not enable recovery key. Please check your recovery key password!" => "Non foi posíbel activar a chave de recuperación. Comprobe o contrasinal da chave de recuperación!", +"Recovery key successfully disabled" => "Desactivada satisfactoriamente a chave de recuperación", +"Could not disable recovery key. Please check your recovery key password!" => "Non foi posíbel desactivar a chave de recuperación. Comprobe o contrasinal da chave de recuperación!", "Password successfully changed." => "O contrasinal foi cambiado satisfactoriamente", "Could not change the password. Maybe the old password was not correct." => "Non foi posíbel cambiar o contrasinal. Probabelmente o contrasinal antigo non é o correcto.", "Saving..." => "Gardando...", diff --git a/apps/files_encryption/l10n/it.php b/apps/files_encryption/l10n/it.php index 8f7a4023b6..63ae4b70b4 100644 --- a/apps/files_encryption/l10n/it.php +++ b/apps/files_encryption/l10n/it.php @@ -1,6 +1,8 @@ "Chiave ripristinata correttamente", -"Could not " => "Impossibile", +"Recovery key successfully enabled" => "Chiave di ripristino abilitata correttamente", +"Could not enable recovery key. Please check your recovery key password!" => "Impossibile abilitare la chiave di ripristino. Verifica la password della chiave di ripristino.", +"Recovery key successfully disabled" => "Chiave di ripristinata disabilitata correttamente", +"Could not disable recovery key. Please check your recovery key password!" => "Impossibile disabilitare la chiave di ripristino. Verifica la password della chiave di ripristino.", "Password successfully changed." => "Password modificata correttamente.", "Could not change the password. Maybe the old password was not correct." => "Impossibile cambiare la password. Forse la vecchia password non era corretta.", "Saving..." => "Salvataggio in corso...", diff --git a/apps/files_encryption/l10n/ja_JP.php b/apps/files_encryption/l10n/ja_JP.php index 287091f637..7f906ae5c0 100644 --- a/apps/files_encryption/l10n/ja_JP.php +++ b/apps/files_encryption/l10n/ja_JP.php @@ -1,6 +1,4 @@ "鍵を復旧することができました。", -"Could not " => "できませんでした。", "Password successfully changed." => "パスワードを変更できました。", "Could not change the password. Maybe the old password was not correct." => "パスワードを変更できませんでした。古いパスワードが間違っているかもしれません。", "Saving..." => "保存中...", diff --git a/apps/files_encryption/l10n/nl.php b/apps/files_encryption/l10n/nl.php index e2f22b4d92..ebcbdfab15 100644 --- a/apps/files_encryption/l10n/nl.php +++ b/apps/files_encryption/l10n/nl.php @@ -1,6 +1,4 @@ "Sleutelherstel succesvol", -"Could not " => "Kon niet", "Password successfully changed." => "Wachtwoord succesvol gewijzigd.", "Could not change the password. Maybe the old password was not correct." => "Kon wachtwoord niet wijzigen. Wellicht oude wachtwoord niet juist ingevoerd.", "Saving..." => "Opslaan", diff --git a/apps/files_encryption/l10n/pl.php b/apps/files_encryption/l10n/pl.php index 313d27b70c..a6f90db4cd 100644 --- a/apps/files_encryption/l10n/pl.php +++ b/apps/files_encryption/l10n/pl.php @@ -1,6 +1,4 @@ "Odzyskanie klucza udane", -"Could not " => "Nie można", "Password successfully changed." => "Zmiana hasła udana.", "Could not change the password. Maybe the old password was not correct." => "Nie można zmienić hasła. Może stare hasło nie było poprawne.", "Saving..." => "Zapisywanie...", diff --git a/apps/files_encryption/l10n/pt_BR.php b/apps/files_encryption/l10n/pt_BR.php index 91b4672f27..ce8814c233 100644 --- a/apps/files_encryption/l10n/pt_BR.php +++ b/apps/files_encryption/l10n/pt_BR.php @@ -1,6 +1,4 @@ "Recuperação de chave com sucesso", -"Could not " => "Não foi possível", "Password successfully changed." => "Senha alterada com sucesso.", "Could not change the password. Maybe the old password was not correct." => "Não foi possível alterar a senha. Talvez a senha antiga não estava correta.", "Saving..." => "Salvando...", diff --git a/apps/files_encryption/l10n/pt_PT.php b/apps/files_encryption/l10n/pt_PT.php index be75c0b768..e1bb17ecaa 100644 --- a/apps/files_encryption/l10n/pt_PT.php +++ b/apps/files_encryption/l10n/pt_PT.php @@ -1,4 +1,9 @@ "Password alterada com sucesso.", +"Could not change the password. Maybe the old password was not correct." => "Não foi possivel alterar a password. Possivelmente a password antiga não está correcta.", "Saving..." => "A guardar...", -"Encryption" => "Encriptação" +"Encryption" => "Encriptação", +"Enabled" => "Activado", +"Disabled" => "Desactivado", +"Change Password" => "Mudar a Password" ); diff --git a/apps/files_encryption/l10n/ru.php b/apps/files_encryption/l10n/ru.php index fac785730a..aaf7f0997c 100644 --- a/apps/files_encryption/l10n/ru.php +++ b/apps/files_encryption/l10n/ru.php @@ -1,4 +1,18 @@ "Пароль изменен удачно.", +"Could not change the password. Maybe the old password was not correct." => "Невозможно изменить пароль. Возможно старый пароль не был верен.", "Saving..." => "Сохранение...", -"Encryption" => "Шифрование" +"Encryption" => "Шифрование", +"Enable encryption passwords recovery key (allow sharing to recovery key):" => "Включить шифрование пароля ключа восстановления (понадобится разрешение для восстановления ключа)", +"Recovery account password" => "Восстановление пароля учетной записи", +"Enabled" => "Включено", +"Disabled" => "Отключено", +"Change encryption passwords recovery key:" => "Изменить шифрование пароля ключа восстановления:", +"Old Recovery account password" => "Старое Восстановление пароля учетной записи", +"New Recovery account password" => "Новое Восстановление пароля учетной записи", +"Change Password" => "Изменить пароль", +"Enable password recovery by sharing all files with your administrator:" => "Включить восстановление пароля путем доступа Вашего администратора ко всем файлам", +"Enabling this option will allow you to reobtain access to your encrypted files if your password is lost" => "Включение этой опции позволит вам получить доступ к зашифрованным файлам, в случае утери пароля", +"File recovery settings updated" => "Настройки файла восстановления обновлены", +"Could not update file recovery" => "Невозможно обновить файл восстановления" ); diff --git a/apps/files_encryption/l10n/sk_SK.php b/apps/files_encryption/l10n/sk_SK.php index fd77bb7e91..279481fbd4 100644 --- a/apps/files_encryption/l10n/sk_SK.php +++ b/apps/files_encryption/l10n/sk_SK.php @@ -1,4 +1,11 @@ "Heslo úspešne zmenené.", "Saving..." => "Ukladám...", -"Encryption" => "Šifrovanie" +"Encryption" => "Šifrovanie", +"Enabled" => "Povolené", +"Disabled" => "Zakázané", +"Change encryption passwords recovery key:" => "Zmeniť šifrovacie heslo obnovovacieho kľúča:", +"Change Password" => "Zmeniť heslo", +"File recovery settings updated" => "Nastavenie obnovy súborov aktualizované", +"Could not update file recovery" => "Nemožno aktualizovať obnovenie súborov" ); diff --git a/apps/files_encryption/l10n/zh_TW.php b/apps/files_encryption/l10n/zh_TW.php index a0b69bd9fc..faea3f54a1 100644 --- a/apps/files_encryption/l10n/zh_TW.php +++ b/apps/files_encryption/l10n/zh_TW.php @@ -1,6 +1,4 @@ "成功還原金鑰", -"Could not " => "無法", "Password successfully changed." => "成功變更密碼。", "Could not change the password. Maybe the old password was not correct." => "無法變更密碼,或許是輸入的舊密碼不正確。", "Saving..." => "儲存中...", diff --git a/apps/files_encryption/lib/crypt.php b/apps/files_encryption/lib/crypt.php index 33f9fc2060..ddeb3590f6 100755 --- a/apps/files_encryption/lib/crypt.php +++ b/apps/files_encryption/lib/crypt.php @@ -26,21 +26,20 @@ namespace OCA\Encryption; //require_once '../3rdparty/Crypt_Blowfish/Blowfish.php'; -require_once realpath( dirname( __FILE__ ) . '/../3rdparty/Crypt_Blowfish/Blowfish.php' ); +require_once realpath(dirname(__FILE__) . '/../3rdparty/Crypt_Blowfish/Blowfish.php'); /** * Class for common cryptography functionality */ -class Crypt -{ +class Crypt { /** * @brief return encryption mode client or server side encryption * @param string $user name (use system wide setting if name=null) * @return string 'client' or 'server' */ - public static function mode( $user = null ) { + public static function mode($user = null) { return 'server'; @@ -52,17 +51,20 @@ class Crypt */ public static function createKeypair() { - $res = openssl_pkey_new( array( 'private_key_bits' => 4096 ) ); + $res = openssl_pkey_new(array('private_key_bits' => 4096)); // Get private key - openssl_pkey_export( $res, $privateKey ); + openssl_pkey_export($res, $privateKey); // Get public key - $publicKey = openssl_pkey_get_details( $res ); + $publicKey = openssl_pkey_get_details($res); $publicKey = $publicKey['key']; - return ( array( 'publicKey' => $publicKey, 'privateKey' => $privateKey ) ); + return (array( + 'publicKey' => $publicKey, + 'privateKey' => $privateKey + )); } @@ -75,7 +77,7 @@ class Crypt * blocks with encryption alone, hence padding is added to achieve the * required length. */ - public static function addPadding( $data ) { + public static function addPadding($data) { $padded = $data . 'xx'; @@ -88,11 +90,11 @@ class Crypt * @param string $padded padded data to remove padding from * @return string unpadded data on success, false on error */ - public static function removePadding( $padded ) { + public static function removePadding($padded) { - if ( substr( $padded, -2 ) == 'xx' ) { + if (substr($padded, -2) === 'xx') { - $data = substr( $padded, 0, -2 ); + $data = substr($padded, 0, -2); return $data; @@ -111,26 +113,26 @@ class Crypt * @return boolean * @note see also OCA\Encryption\Util->isEncryptedPath() */ - public static function isCatfileContent( $content ) { + public static function isCatfileContent($content) { - if ( !$content ) { + if (!$content) { return false; } - $noPadding = self::removePadding( $content ); + $noPadding = self::removePadding($content); // Fetch encryption metadata from end of file - $meta = substr( $noPadding, -22 ); + $meta = substr($noPadding, -22); // Fetch IV from end of file - $iv = substr( $meta, -16 ); + $iv = substr($meta, -16); // Fetch identifier from start of metadata - $identifier = substr( $meta, 0, 6 ); + $identifier = substr($meta, 0, 6); - if ( $identifier == '00iv00' ) { + if ($identifier === '00iv00') { return true; @@ -147,15 +149,15 @@ class Crypt * @param string $path * @return bool */ - public static function isEncryptedMeta( $path ) { + public static function isEncryptedMeta($path) { // TODO: Use DI to get \OC\Files\Filesystem out of here // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $path ); + $metadata = \OC\Files\Filesystem::getFileInfo($path); // Return encryption status - return isset( $metadata['encrypted'] ) and ( bool )$metadata['encrypted']; + return isset($metadata['encrypted']) && ( bool )$metadata['encrypted']; } @@ -166,18 +168,17 @@ class Crypt * e.g. filename or /Docs/filename, NOT admin/files/filename * @return boolean */ - public static function isLegacyEncryptedContent( $data, $relPath ) { + public static function isLegacyEncryptedContent($data, $relPath) { // Fetch all file metadata from DB - $metadata = \OC\Files\Filesystem::getFileInfo( $relPath, '' ); + $metadata = \OC\Files\Filesystem::getFileInfo($relPath, ''); // If a file is flagged with encryption in DB, but isn't a // valid content + IV combination, it's probably using the // legacy encryption system - if ( - isset( $metadata['encrypted'] ) - and $metadata['encrypted'] === true - and !self::isCatfileContent( $data ) + if (isset($metadata['encrypted']) + && $metadata['encrypted'] === true + && !self::isCatfileContent($data) ) { return true; @@ -197,15 +198,15 @@ class Crypt * @param string $passphrase * @return string encrypted file content */ - public static function encrypt( $plainContent, $iv, $passphrase = '' ) { + public static function encrypt($plainContent, $iv, $passphrase = '') { - if ( $encryptedContent = openssl_encrypt( $plainContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { + if ($encryptedContent = openssl_encrypt($plainContent, 'AES-128-CFB', $passphrase, false, $iv)) { return $encryptedContent; } else { - \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of content failed', \OC_Log::ERROR ); + \OCP\Util::writeLog('Encryption library', 'Encryption (symmetric) of content failed', \OCP\Util::ERROR); return false; @@ -221,15 +222,15 @@ class Crypt * @throws \Exception * @return string decrypted file content */ - public static function decrypt( $encryptedContent, $iv, $passphrase ) { + public static function decrypt($encryptedContent, $iv, $passphrase) { - if ( $plainContent = openssl_decrypt( $encryptedContent, 'AES-128-CFB', $passphrase, false, $iv ) ) { + if ($plainContent = openssl_decrypt($encryptedContent, 'AES-128-CFB', $passphrase, false, $iv)) { return $plainContent; } else { - throw new \Exception( 'Encryption library: Decryption (symmetric) of content failed' ); + throw new \Exception('Encryption library: Decryption (symmetric) of content failed'); } @@ -241,7 +242,7 @@ class Crypt * @param string $iv IV to be concatenated * @returns string concatenated content */ - public static function concatIv( $content, $iv ) { + public static function concatIv($content, $iv) { $combined = $content . '00iv00' . $iv; @@ -254,20 +255,20 @@ class Crypt * @param string $catFile concatenated data to be split * @returns array keys: encrypted, iv */ - public static function splitIv( $catFile ) { + public static function splitIv($catFile) { // Fetch encryption metadata from end of file - $meta = substr( $catFile, -22 ); + $meta = substr($catFile, -22); // Fetch IV from end of file - $iv = substr( $meta, -16 ); + $iv = substr($meta, -16); // Remove IV and IV identifier text to expose encrypted content - $encrypted = substr( $catFile, 0, -22 ); + $encrypted = substr($catFile, 0, -22); $split = array( - 'encrypted' => $encrypted - , 'iv' => $iv + 'encrypted' => $encrypted, + 'iv' => $iv ); return $split; @@ -283,9 +284,9 @@ class Crypt * @note IV need not be specified, as it will be stored in the returned keyfile * and remain accessible therein. */ - public static function symmetricEncryptFileContent( $plainContent, $passphrase = '' ) { + public static function symmetricEncryptFileContent($plainContent, $passphrase = '') { - if ( !$plainContent ) { + if (!$plainContent) { return false; @@ -293,18 +294,18 @@ class Crypt $iv = self::generateIv(); - if ( $encryptedContent = self::encrypt( $plainContent, $iv, $passphrase ) ) { + if ($encryptedContent = self::encrypt($plainContent, $iv, $passphrase)) { // Combine content to encrypt with IV identifier and actual IV - $catfile = self::concatIv( $encryptedContent, $iv ); + $catfile = self::concatIv($encryptedContent, $iv); - $padded = self::addPadding( $catfile ); + $padded = self::addPadding($catfile); return $padded; } else { - \OC_Log::write( 'Encryption library', 'Encryption (symmetric) of keyfile content failed', \OC_Log::ERROR ); + \OCP\Util::writeLog('Encryption library', 'Encryption (symmetric) of keyfile content failed', \OCP\Util::ERROR); return false; @@ -326,21 +327,21 @@ class Crypt * * This function decrypts a file */ - public static function symmetricDecryptFileContent( $keyfileContent, $passphrase = '' ) { + public static function symmetricDecryptFileContent($keyfileContent, $passphrase = '') { - if ( !$keyfileContent ) { + if (!$keyfileContent) { - throw new \Exception( 'Encryption library: no data provided for decryption' ); + throw new \Exception('Encryption library: no data provided for decryption'); } // Remove padding - $noPadding = self::removePadding( $keyfileContent ); + $noPadding = self::removePadding($keyfileContent); // Split into enc data and catfile - $catfile = self::splitIv( $noPadding ); + $catfile = self::splitIv($noPadding); - if ( $plainContent = self::decrypt( $catfile['encrypted'], $catfile['iv'], $passphrase ) ) { + if ($plainContent = self::decrypt($catfile['encrypted'], $catfile['iv'], $passphrase)) { return $plainContent; @@ -358,11 +359,11 @@ class Crypt * * This function decrypts a file */ - public static function symmetricEncryptFileContentKeyfile( $plainContent ) { + public static function symmetricEncryptFileContentKeyfile($plainContent) { $key = self::generateKey(); - if ( $encryptedContent = self::symmetricEncryptFileContent( $plainContent, $key ) ) { + if ($encryptedContent = self::symmetricEncryptFileContent($plainContent, $key)) { return array( 'key' => $key, @@ -384,13 +385,13 @@ class Crypt * @returns array keys: keys (array, key = userId), data * @note symmetricDecryptFileContent() can decrypt files created using this method */ - public static function multiKeyEncrypt( $plainContent, array $publicKeys ) { + public static function multiKeyEncrypt($plainContent, array $publicKeys) { // openssl_seal returns false without errors if $plainContent // is empty, so trigger our own error - if ( empty( $plainContent ) ) { + if (empty($plainContent)) { - throw new \Exception( 'Cannot mutliKeyEncrypt empty plain content' ); + throw new \Exception('Cannot mutliKeyEncrypt empty plain content'); } @@ -399,13 +400,13 @@ class Crypt $shareKeys = array(); $mappedShareKeys = array(); - if ( openssl_seal( $plainContent, $sealed, $shareKeys, $publicKeys ) ) { + if (openssl_seal($plainContent, $sealed, $shareKeys, $publicKeys)) { $i = 0; // Ensure each shareKey is labelled with its // corresponding userId - foreach ( $publicKeys as $userId => $publicKey ) { + foreach ($publicKeys as $userId => $publicKey) { $mappedShareKeys[$userId] = $shareKeys[$i]; $i++; @@ -437,21 +438,21 @@ class Crypt * * This function decrypts a file */ - public static function multiKeyDecrypt( $encryptedContent, $shareKey, $privateKey ) { + public static function multiKeyDecrypt($encryptedContent, $shareKey, $privateKey) { - if ( !$encryptedContent ) { + if (!$encryptedContent) { return false; } - if ( openssl_open( $encryptedContent, $plainContent, $shareKey, $privateKey ) ) { + if (openssl_open($encryptedContent, $plainContent, $shareKey, $privateKey)) { return $plainContent; } else { - \OC_Log::write( 'Encryption library', 'Decryption (asymmetric) of sealed content failed', \OC_Log::ERROR ); + \OCP\Util::writeLog('Encryption library', 'Decryption (asymmetric) of sealed content failed', \OCP\Util::ERROR); return false; @@ -461,11 +462,13 @@ class Crypt /** * @brief Asymetrically encrypt a string using a public key + * @param $plainContent + * @param $publicKey * @return string encrypted file */ - public static function keyEncrypt( $plainContent, $publicKey ) { + public static function keyEncrypt($plainContent, $publicKey) { - openssl_public_encrypt( $plainContent, $encryptedContent, $publicKey ); + openssl_public_encrypt($plainContent, $encryptedContent, $publicKey); return $encryptedContent; @@ -473,13 +476,15 @@ class Crypt /** * @brief Asymetrically decrypt a file using a private key + * @param $encryptedContent + * @param $privatekey * @return string decrypted file */ - public static function keyDecrypt( $encryptedContent, $privatekey ) { + public static function keyDecrypt($encryptedContent, $privatekey) { - $result = @openssl_private_decrypt( $encryptedContent, $plainContent, $privatekey ); + $result = @openssl_private_decrypt($encryptedContent, $plainContent, $privatekey); - if ( $result ) { + if ($result) { return $plainContent; } @@ -493,24 +498,24 @@ class Crypt */ public static function generateIv() { - if ( $random = openssl_random_pseudo_bytes( 12, $strong ) ) { + if ($random = openssl_random_pseudo_bytes(12, $strong)) { - if ( !$strong ) { + if (!$strong) { // If OpenSSL indicates randomness is insecure, log error - \OC_Log::write( 'Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OC_Log::WARN ); + \OCP\Util::writeLog('Encryption library', 'Insecure symmetric key was generated using openssl_random_pseudo_bytes()', \OCP\Util::WARN); } // We encode the iv purely for string manipulation // purposes - it gets decoded before use - $iv = base64_encode( $random ); + $iv = base64_encode($random); return $iv; } else { - throw new \Exception( 'Generating IV failed' ); + throw new \Exception('Generating IV failed'); } @@ -523,12 +528,12 @@ class Crypt public static function generateKey() { // Generate key - if ( $key = base64_encode( openssl_random_pseudo_bytes( 183, $strong ) ) ) { + if ($key = base64_encode(openssl_random_pseudo_bytes(183, $strong))) { - if ( !$strong ) { + if (!$strong) { // If OpenSSL indicates randomness is insecure, log error - throw new \Exception( 'Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()' ); + throw new \Exception('Encryption library, Insecure symmetric key was generated using openssl_random_pseudo_bytes()'); } @@ -545,15 +550,15 @@ class Crypt /** * @brief Get the blowfish encryption handeler for a key * @param $key string (optional) - * @return Crypt_Blowfish blowfish object + * @return \Crypt_Blowfish blowfish object * * if the key is left out, the default handeler will be used */ - public static function getBlowfish( $key = '' ) { + public static function getBlowfish($key = '') { - if ( $key ) { + if ($key) { - return new \Crypt_Blowfish( $key ); + return new \Crypt_Blowfish($key); } else { @@ -567,13 +572,13 @@ class Crypt * @param $passphrase * @return mixed */ - public static function legacyCreateKey( $passphrase ) { + public static function legacyCreateKey($passphrase) { // Generate a random integer - $key = mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ) . mt_rand( 10000, 99999 ); + $key = mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999) . mt_rand(10000, 99999); // Encrypt the key with the passphrase - $legacyEncKey = self::legacyEncrypt( $key, $passphrase ); + $legacyEncKey = self::legacyEncrypt($key, $passphrase); return $legacyEncKey; @@ -583,17 +588,15 @@ class Crypt * @brief encrypts content using legacy blowfish system * @param string $content the cleartext message you want to encrypt * @param string $passphrase - * @return - * @internal param \OCA\Encryption\the $key encryption key (optional) * @returns string encrypted content * * This function encrypts an content */ - public static function legacyEncrypt( $content, $passphrase = '' ) { + public static function legacyEncrypt($content, $passphrase = '') { - $bf = self::getBlowfish( $passphrase ); + $bf = self::getBlowfish($passphrase); - return $bf->encrypt( $content ); + return $bf->encrypt($content); } @@ -601,20 +604,17 @@ class Crypt * @brief decrypts content using legacy blowfish system * @param string $content the cleartext message you want to decrypt * @param string $passphrase - * @return string - * @internal param \OCA\Encryption\the $key encryption key (optional) * @return string cleartext content * * This function decrypts an content */ - private static function legacyDecrypt( $content, $passphrase = '' ) { + private static function legacyDecrypt($content, $passphrase = '') { - $bf = self::getBlowfish( $passphrase ); + $bf = self::getBlowfish($passphrase); - $decrypted = $bf->decrypt( $content ); + $decrypted = $bf->decrypt($content); return $decrypted; - } /** @@ -623,16 +623,17 @@ class Crypt * @param int $maxLength * @return string */ - public static function legacyBlockDecrypt( $data, $key = '', $maxLength = 0 ) { + public static function legacyBlockDecrypt($data, $key = '', $maxLength = 0) { + $result = ''; - while ( strlen( $data ) ) { - $result .= self::legacyDecrypt( substr( $data, 0, 8192 ), $key ); - $data = substr( $data, 8192 ); + while (strlen($data)) { + $result .= self::legacyDecrypt(substr($data, 0, 8192), $key); + $data = substr($data, 8192); } - if ( $maxLength > 0 ) { - return substr( $result, 0, $maxLength ); + if ($maxLength > 0) { + return substr($result, 0, $maxLength); } else { - return rtrim( $result, "\0" ); + return rtrim($result, "\0"); } } @@ -640,21 +641,23 @@ class Crypt * @param $legacyEncryptedContent * @param $legacyPassphrase * @param $publicKeys - * @param $newPassphrase - * @param $path * @return array */ - public static function legacyKeyRecryptKeyfile( $legacyEncryptedContent, $legacyPassphrase, $publicKeys, $newPassphrase, $path ) { + public static function legacyKeyRecryptKeyfile($legacyEncryptedContent, $legacyPassphrase, $publicKeys) { - $decrypted = self::legacyBlockDecrypt( $legacyEncryptedContent, $legacyPassphrase ); + $decrypted = self::legacyBlockDecrypt($legacyEncryptedContent, $legacyPassphrase); // Encrypt plain data, generate keyfile & encrypted file - $cryptedData = self::symmetricEncryptFileContentKeyfile( $decrypted ); + $cryptedData = self::symmetricEncryptFileContentKeyfile($decrypted); // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt( $cryptedData['key'], $publicKeys ); + $multiEncrypted = Crypt::multiKeyEncrypt($cryptedData['key'], $publicKeys); - return array( 'data' => $cryptedData['encrypted'], 'filekey' => $multiEncrypted['data'], 'sharekeys' => $multiEncrypted['keys'] ); + return array( + 'data' => $cryptedData['encrypted'], + 'filekey' => $multiEncrypted['data'], + 'sharekeys' => $multiEncrypted['keys'] + ); } diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php index 3867a368a9..e078ab3554 100755 --- a/apps/files_encryption/lib/helper.php +++ b/apps/files_encryption/lib/helper.php @@ -23,15 +23,11 @@ namespace OCA\Encryption; - /** - * @brief Class to manage registration of hooks an various helper methods - */ /** - * Class Helper + * @brief Class to manage registration of hooks an various helper methods * @package OCA\Encryption */ -class Helper -{ +class Helper { /** * @brief register share related hooks @@ -39,9 +35,9 @@ class Helper */ public static function registerShareHooks() { - \OCP\Util::connectHook( 'OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared' ); - \OCP\Util::connectHook( 'OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared' ); - \OCP\Util::connectHook( 'OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare' ); + \OCP\Util::connectHook('OCP\Share', 'pre_shared', 'OCA\Encryption\Hooks', 'preShared'); + \OCP\Util::connectHook('OCP\Share', 'post_shared', 'OCA\Encryption\Hooks', 'postShared'); + \OCP\Util::connectHook('OCP\Share', 'post_unshare', 'OCA\Encryption\Hooks', 'postUnshare'); } /** @@ -50,10 +46,10 @@ class Helper */ public static function registerUserHooks() { - \OCP\Util::connectHook( 'OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login' ); - \OCP\Util::connectHook( 'OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase' ); - \OCP\Util::connectHook( 'OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser' ); - \OCP\Util::connectHook( 'OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser' ); + \OCP\Util::connectHook('OC_User', 'post_login', 'OCA\Encryption\Hooks', 'login'); + \OCP\Util::connectHook('OC_User', 'post_setPassword', 'OCA\Encryption\Hooks', 'setPassphrase'); + \OCP\Util::connectHook('OC_User', 'post_createUser', 'OCA\Encryption\Hooks', 'postCreateUser'); + \OCP\Util::connectHook('OC_User', 'post_deleteUser', 'OCA\Encryption\Hooks', 'postDeleteUser'); } /** @@ -62,7 +58,7 @@ class Helper */ public static function registerFilesystemHooks() { - \OCP\Util::connectHook( 'OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename' ); + \OCP\Util::connectHook('OC_Filesystem', 'post_rename', 'OCA\Encryption\Hooks', 'postRename'); } /** @@ -72,13 +68,14 @@ class Helper * @param string $password * @return bool */ - public static function setupUser( $util, $password ) { + public static function setupUser($util, $password) { // Check files_encryption infrastructure is ready for action - if ( !$util->ready() ) { + if (!$util->ready()) { - \OC_Log::write( 'Encryption library', 'User account "' . $util->getUserId() . '" is not ready for encryption; configuration started', \OC_Log::DEBUG ); + \OCP\Util::writeLog('Encryption library', 'User account "' . $util->getUserId() + . '" is not ready for encryption; configuration started', \OCP\Util::DEBUG); - if ( !$util->setupServerSide( $password ) ) { + if (!$util->setupServerSide($password)) { return false; } } @@ -95,21 +92,21 @@ class Helper * @internal param string $password * @return bool */ - public static function adminEnableRecovery( $recoveryKeyId, $recoveryPassword ) { - $view = new \OC\Files\View( '/' ); + public static function adminEnableRecovery($recoveryKeyId, $recoveryPassword) { + $view = new \OC\Files\View('/'); - if ( $recoveryKeyId === null ) { - $recoveryKeyId = 'recovery_' . substr( md5( time() ), 0, 8 ); - \OC_Appconfig::setValue( 'files_encryption', 'recoveryKeyId', $recoveryKeyId ); + if ($recoveryKeyId === null) { + $recoveryKeyId = 'recovery_' . substr(md5(time()), 0, 8); + \OC_Appconfig::setValue('files_encryption', 'recoveryKeyId', $recoveryKeyId); } - if ( !$view->is_dir( '/owncloud_private_key' ) ) { - $view->mkdir( '/owncloud_private_key' ); + if (!$view->is_dir('/owncloud_private_key')) { + $view->mkdir('/owncloud_private_key'); } if ( - ( !$view->file_exists( "/public-keys/" . $recoveryKeyId . ".public.key" ) - || !$view->file_exists( "/owncloud_private_key/" . $recoveryKeyId . ".private.key" ) ) + (!$view->file_exists("/public-keys/" . $recoveryKeyId . ".public.key") + || !$view->file_exists("/owncloud_private_key/" . $recoveryKeyId . ".private.key")) ) { $keypair = \OCA\Encryption\Crypt::createKeypair(); @@ -118,37 +115,37 @@ class Helper // Save public key - if ( !$view->is_dir( '/public-keys' ) ) { - $view->mkdir( '/public-keys' ); + if (!$view->is_dir('/public-keys')) { + $view->mkdir('/public-keys'); } - $view->file_put_contents( '/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey'] ); + $view->file_put_contents('/public-keys/' . $recoveryKeyId . '.public.key', $keypair['publicKey']); // Encrypt private key empthy passphrase - $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent( $keypair['privateKey'], $recoveryPassword ); + $encryptedPrivateKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($keypair['privateKey'], $recoveryPassword); // Save private key - $view->file_put_contents( '/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey ); + $view->file_put_contents('/owncloud_private_key/' . $recoveryKeyId . '.private.key', $encryptedPrivateKey); // create control file which let us check later on if the entered password was correct. - $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt( "ownCloud", $keypair['publicKey'] ); - if ( !$view->is_dir( '/control-file' ) ) { - $view->mkdir( '/control-file' ); + $encryptedControlData = \OCA\Encryption\Crypt::keyEncrypt("ownCloud", $keypair['publicKey']); + if (!$view->is_dir('/control-file')) { + $view->mkdir('/control-file'); } - $view->file_put_contents( '/control-file/controlfile.enc', $encryptedControlData ); + $view->file_put_contents('/control-file/controlfile.enc', $encryptedControlData); \OC_FileProxy::$enabled = true; // Set recoveryAdmin as enabled - \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 ); + \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); $return = true; } else { // get recovery key and check the password - $util = new \OCA\Encryption\Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() ); - $return = $util->checkRecoveryPassword( $recoveryPassword ); - if ( $return ) { - \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 1 ); + $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), \OCP\User::getUser()); + $return = $util->checkRecoveryPassword($recoveryPassword); + if ($return) { + \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 1); } } @@ -162,13 +159,13 @@ class Helper * @param $recoveryPassword * @return bool */ - public static function adminDisableRecovery( $recoveryPassword ) { - $util = new Util( new \OC_FilesystemView( '/' ), \OCP\User::getUser() ); - $return = $util->checkRecoveryPassword( $recoveryPassword ); + public static function adminDisableRecovery($recoveryPassword) { + $util = new Util(new \OC_FilesystemView('/'), \OCP\User::getUser()); + $return = $util->checkRecoveryPassword($recoveryPassword); - if ( $return ) { + if ($return) { // Set recoveryAdmin as disabled - \OC_Appconfig::setValue( 'files_encryption', 'recoveryAdminEnabled', 0 ); + \OC_Appconfig::setValue('files_encryption', 'recoveryAdminEnabled', 0); } return $return; @@ -189,4 +186,18 @@ class Helper return false; } } + + /** + * @brief Format a path to be relative to the /user/files/ directory + * @param string $path the absolute path + * @return string e.g. turns '/admin/files/test.txt' into 'test.txt' + */ + public static function stripUserFilesPath($path) { + $trimmed = ltrim($path, '/'); + $split = explode('/', $trimmed); + $sliced = array_slice($split, 2); + $relPath = implode('/', $sliced); + + return $relPath; + } } \ No newline at end of file diff --git a/apps/files_encryption/lib/keymanager.php b/apps/files_encryption/lib/keymanager.php index aaa2e4ba1b..e911c1785d 100755 --- a/apps/files_encryption/lib/keymanager.php +++ b/apps/files_encryption/lib/keymanager.php @@ -27,8 +27,7 @@ namespace OCA\Encryption; * @brief Class to manage storage and retrieval of encryption keys * @note Where a method requires a view object, it's root must be '/' */ -class Keymanager -{ +class Keymanager { /** * @brief retrieve the ENCRYPTED private key from a user @@ -38,14 +37,14 @@ class Keymanager * @return string private key or false (hopefully) * @note the key returned by this method must be decrypted before use */ - public static function getPrivateKey( \OC_FilesystemView $view, $user ) { + public static function getPrivateKey(\OC_FilesystemView $view, $user) { $path = '/' . $user . '/' . 'files_encryption' . '/' . $user . '.private.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $key = $view->file_get_contents( $path ); + $key = $view->file_get_contents($path); \OC_FileProxy::$enabled = $proxyStatus; @@ -58,12 +57,12 @@ class Keymanager * @param $userId * @return string public key or false */ - public static function getPublicKey( \OC_FilesystemView $view, $userId ) { + public static function getPublicKey(\OC_FilesystemView $view, $userId) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_get_contents( '/public-keys/' . $userId . '.public.key' ); + $result = $view->file_get_contents('/public-keys/' . $userId . '.public.key'); \OC_FileProxy::$enabled = $proxyStatus; @@ -77,11 +76,11 @@ class Keymanager * @param $userId * @return array keys: privateKey, publicKey */ - public static function getUserKeys( \OC_FilesystemView $view, $userId ) { + public static function getUserKeys(\OC_FilesystemView $view, $userId) { return array( - 'publicKey' => self::getPublicKey( $view, $userId ) - , 'privateKey' => self::getPrivateKey( $view, $userId ) + 'publicKey' => self::getPublicKey($view, $userId), + 'privateKey' => self::getPrivateKey($view, $userId) ); } @@ -92,13 +91,13 @@ class Keymanager * @param array $userIds * @return array of public keys for the specified users */ - public static function getPublicKeys( \OC_FilesystemView $view, array $userIds ) { + public static function getPublicKeys(\OC_FilesystemView $view, array $userIds) { $keys = array(); - foreach ( $userIds as $userId ) { + foreach ($userIds as $userId) { - $keys[$userId] = self::getPublicKey( $view, $userId ); + $keys[$userId] = self::getPublicKey($view, $userId); } @@ -118,40 +117,41 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setFileKey( \OC_FilesystemView $view, $path, $userId, $catfile ) { + public static function setFileKey(\OC_FilesystemView $view, $path, $userId, $catfile) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + $util = new Util($view, \OCP\User::getUser()); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/keyfiles'; - $targetPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); + $targetPath = self::keySetPreparation($view, $filename, $basePath, $owner); - if ( !$view->is_dir( $basePath . '/' . $targetPath ) ) { + if (!$view->is_dir($basePath . '/' . $targetPath)) { // create all parent folders - $info = pathinfo( $basePath . '/' . $targetPath ); - $keyfileFolderName = $view->getLocalFolder( $info['dirname'] ); + $info = pathinfo($basePath . '/' . $targetPath); + $keyfileFolderName = $view->getLocalFolder($info['dirname']); - if ( !file_exists( $keyfileFolderName ) ) { + if (!file_exists($keyfileFolderName)) { - mkdir( $keyfileFolderName, 0750, true ); + mkdir($keyfileFolderName, 0750, true); } } // try reusing key file if part file - if ( self::isPartialFilePath( $targetPath ) ) { + if (self::isPartialFilePath($targetPath)) { - $result = $view->file_put_contents( $basePath . '/' . self::fixPartialFilePath( $targetPath ) . '.key', $catfile ); + $result = $view->file_put_contents( + $basePath . '/' . self::fixPartialFilePath($targetPath) . '.key', $catfile); } else { - $result = $view->file_put_contents( $basePath . '/' . $targetPath . '.key', $catfile ); + $result = $view->file_put_contents($basePath . '/' . $targetPath . '.key', $catfile); } @@ -167,12 +167,12 @@ class Keymanager * @return string File path without .part extension * @note this is needed for reusing keys */ - public static function fixPartialFilePath( $path ) { + public static function fixPartialFilePath($path) { - if ( preg_match( '/\.part$/', $path ) ) { + if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) { - $newLength = strlen( $path ) - 5; - $fPath = substr( $path, 0, $newLength ); + $newLength = strlen($path) - 5; + $fPath = substr($path, 0, $newLength); return $fPath; @@ -189,9 +189,9 @@ class Keymanager * @param string $path Path that may identify a .part file * @return bool */ - public static function isPartialFilePath( $path ) { + public static function isPartialFilePath($path) { - if ( preg_match( '/\.part$/', $path ) ) { + if (preg_match('/\.part$/', $path) || preg_match('/\.etmp$/', $path)) { return true; @@ -213,14 +213,14 @@ class Keymanager * @note The keyfile returned is asymmetrically encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getFileKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) { // try reusing key file if part file - if ( self::isPartialFilePath( $filePath ) ) { + if (self::isPartialFilePath($filePath)) { - $result = self::getFileKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); + $result = self::getFileKey($view, $userId, self::fixPartialFilePath($filePath)); - if ( $result ) { + if ($result) { return $result; @@ -228,19 +228,19 @@ class Keymanager } - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); - $filePath_f = ltrim( $filename, '/' ); + list($owner, $filename) = $util->getUidAndFilename($filePath); + $filePath_f = ltrim($filename, '/'); $keyfilePath = '/' . $owner . '/files_encryption/keyfiles/' . $filePath_f . '.key'; $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if ( $view->file_exists( $keyfilePath ) ) { + if ($view->file_exists($keyfilePath)) { - $result = $view->file_get_contents( $keyfilePath ); + $result = $view->file_get_contents($keyfilePath); } else { @@ -264,26 +264,29 @@ class Keymanager * @note $path must be relative to data/user/files. e.g. mydoc.txt NOT * /data/admin/files/mydoc.txt */ - public static function deleteFileKey( \OC_FilesystemView $view, $userId, $path ) { + public static function deleteFileKey(\OC_FilesystemView $view, $userId, $path) { - $trimmed = ltrim( $path, '/' ); + $trimmed = ltrim($path, '/'); $keyPath = '/' . $userId . '/files_encryption/keyfiles/' . $trimmed; $result = false; - if ( $view->is_dir( $keyPath ) ) { + if ($view->is_dir($keyPath)) { - $result = $view->unlink( $keyPath ); + $result = $view->unlink($keyPath); - } else if ( $view->file_exists( $keyPath . '.key' ) ) { + } else { + if ($view->file_exists($keyPath . '.key')) { - $result = $view->unlink( $keyPath . '.key' ); + $result = $view->unlink($keyPath . '.key'); + } } - if ( !$result ) { + if (!$result) { - \OC_Log::write( 'Encryption library', 'Could not delete keyfile; does not exist: "' . $keyPath, \OC_Log::ERROR ); + \OCP\Util::writeLog('Encryption library', + 'Could not delete keyfile; does not exist: "' . $keyPath, \OCP\Util::ERROR); } @@ -298,19 +301,19 @@ class Keymanager * @note Encryption of the private key must be performed by client code * as no encryption takes place here */ - public static function setPrivateKey( $key ) { + public static function setPrivateKey($key) { $user = \OCP\User::getUser(); - $view = new \OC_FilesystemView( '/' . $user . '/files_encryption' ); + $view = new \OC_FilesystemView('/' . $user . '/files_encryption'); $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - if ( !$view->file_exists( '' ) ) - $view->mkdir( '' ); + if (!$view->file_exists('')) + $view->mkdir(''); - $result = $view->file_put_contents( $user . '.private.key', $key ); + $result = $view->file_put_contents($user . '.private.key', $key); \OC_FileProxy::$enabled = $proxyStatus; @@ -331,21 +334,21 @@ class Keymanager * @note The keyfile is not encrypted here. Client code must * asymmetrically encrypt the keyfile before passing it to this method */ - public static function setShareKey( \OC_FilesystemView $view, $path, $userId, $shareKey ) { + public static function setShareKey(\OC_FilesystemView $view, $path, $userId, $shareKey) { // Here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $path ); + list($owner, $filename) = $util->getUidAndFilename($path); $basePath = '/' . $owner . '/files_encryption/share-keys'; - $shareKeyPath = self::keySetPreparation( $view, $filename, $basePath, $owner ); + $shareKeyPath = self::keySetPreparation($view, $filename, $basePath, $owner); // try reusing key file if part file - if ( self::isPartialFilePath( $shareKeyPath ) ) { + if (self::isPartialFilePath($shareKeyPath)) { - $writePath = $basePath . '/' . self::fixPartialFilePath( $shareKeyPath ) . '.' . $userId . '.shareKey'; + $writePath = $basePath . '/' . self::fixPartialFilePath($shareKeyPath) . '.' . $userId . '.shareKey'; } else { @@ -356,12 +359,12 @@ class Keymanager $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $result = $view->file_put_contents( $writePath, $shareKey ); + $result = $view->file_put_contents($writePath, $shareKey); \OC_FileProxy::$enabled = $proxyStatus; if ( - is_int( $result ) + is_int($result) && $result > 0 ) { @@ -382,16 +385,16 @@ class Keymanager * @param array $shareKeys * @return bool */ - public static function setShareKeys( \OC_FilesystemView $view, $path, array $shareKeys ) { + public static function setShareKeys(\OC_FilesystemView $view, $path, array $shareKeys) { // $shareKeys must be an array with the following format: // [userId] => [encrypted key] $result = true; - foreach ( $shareKeys as $userId => $shareKey ) { + foreach ($shareKeys as $userId => $shareKey) { - if ( !self::setShareKey( $view, $path, $userId, $shareKey ) ) { + if (!self::setShareKey($view, $path, $userId, $shareKey)) { // If any of the keys are not set, flag false $result = false; @@ -415,14 +418,14 @@ class Keymanager * @note The sharekey returned is encrypted. Decryption * of the keyfile must be performed by client code */ - public static function getShareKey( \OC_FilesystemView $view, $userId, $filePath ) { + public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) { // try reusing key file if part file - if ( self::isPartialFilePath( $filePath ) ) { + if (self::isPartialFilePath($filePath)) { - $result = self::getShareKey( $view, $userId, self::fixPartialFilePath( $filePath ) ); + $result = self::getShareKey($view, $userId, self::fixPartialFilePath($filePath)); - if ( $result ) { + if ($result) { return $result; @@ -434,14 +437,15 @@ class Keymanager \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); - $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey' ); + list($owner, $filename) = $util->getUidAndFilename($filePath); + $shareKeyPath = \OC\Files\Filesystem::normalizePath( + '/' . $owner . '/files_encryption/share-keys/' . $filename . '.' . $userId . '.shareKey'); - if ( $view->file_exists( $shareKeyPath ) ) { + if ($view->file_exists($shareKeyPath)) { - $result = $view->file_get_contents( $shareKeyPath ); + $result = $view->file_get_contents($shareKeyPath); } else { @@ -461,17 +465,18 @@ class Keymanager * @param string $userId owner of the file * @param string $filePath path to the file, relative to the owners file dir */ - public static function delAllShareKeys( \OC_FilesystemView $view, $userId, $filePath ) { + public static function delAllShareKeys(\OC_FilesystemView $view, $userId, $filePath) { - if ( $view->is_dir( $userId . '/files/' . $filePath ) ) { - $view->unlink( $userId . '/files_encryption/share-keys/' . $filePath ); + if ($view->is_dir($userId . '/files/' . $filePath)) { + $view->unlink($userId . '/files_encryption/share-keys/' . $filePath); } else { - $localKeyPath = $view->getLocalFile( $userId . '/files_encryption/share-keys/' . $filePath ); - $matches = glob( preg_quote( $localKeyPath ) . '*.shareKey' ); - foreach ( $matches as $ma ) { - $result = unlink( $ma ); - if ( !$result ) { - \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OC_Log::ERROR ); + $localKeyPath = $view->getLocalFile($userId . '/files_encryption/share-keys/' . $filePath); + $matches = glob(preg_quote($localKeyPath) . '*.shareKey'); + foreach ($matches as $ma) { + $result = unlink($ma); + if (!$result) { + \OCP\Util::writeLog('Encryption library', + 'Keyfile or shareKey could not be deleted for file "' . $filePath . '"', \OCP\Util::ERROR); } } } @@ -480,29 +485,31 @@ class Keymanager /** * @brief Delete a single user's shareKey for a single file */ - public static function delShareKey( \OC_FilesystemView $view, $userIds, $filePath ) { + public static function delShareKey(\OC_FilesystemView $view, $userIds, $filePath) { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; //here we need the currently logged in user, while userId can be a different user - $util = new Util( $view, \OCP\User::getUser() ); + $util = new Util($view, \OCP\User::getUser()); - list( $owner, $filename ) = $util->getUidAndFilename( $filePath ); + list($owner, $filename) = $util->getUidAndFilename($filePath); - $shareKeyPath = \OC\Files\Filesystem::normalizePath( '/' . $owner . '/files_encryption/share-keys/' . $filename ); + $shareKeyPath = \OC\Files\Filesystem::normalizePath('/' . $owner . '/files_encryption/share-keys/' . $filename); - if ( $view->is_dir( $shareKeyPath ) ) { + if ($view->is_dir($shareKeyPath)) { - $localPath = \OC\Files\Filesystem::normalizePath( $view->getLocalFolder( $shareKeyPath ) ); - self::recursiveDelShareKeys( $localPath, $userIds ); + $localPath = \OC\Files\Filesystem::normalizePath($view->getLocalFolder($shareKeyPath)); + self::recursiveDelShareKeys($localPath, $userIds); } else { - foreach ( $userIds as $userId ) { + foreach ($userIds as $userId) { - if ( !$view->unlink( $shareKeyPath . '.' . $userId . '.shareKey' ) ) { - \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId . '.shareKey"', \OC_Log::ERROR ); + if (!$view->unlink($shareKeyPath . '.' . $userId . '.shareKey')) { + \OCP\Util::writeLog('Encryption library', + 'Could not delete shareKey; does not exist: "' . $shareKeyPath . '.' . $userId + . '.shareKey"', \OCP\Util::ERROR); } } @@ -517,42 +524,43 @@ class Keymanager * @param string $dir directory * @param array $userIds user ids for which the share keys should be deleted */ - private static function recursiveDelShareKeys( $dir, $userIds ) { - foreach ( $userIds as $userId ) { - $matches = glob( preg_quote( $dir ) . '/*' . preg_quote( '.' . $userId . '.shareKey' ) ); + private static function recursiveDelShareKeys($dir, $userIds) { + foreach ($userIds as $userId) { + $matches = glob(preg_quote($dir) . '/*' . preg_quote('.' . $userId . '.shareKey')); } /** @var $matches array */ - foreach ( $matches as $ma ) { - if ( !unlink( $ma ) ) { - \OC_Log::write( 'Encryption library', 'Could not delete shareKey; does not exist: "' . $ma . '"', \OC_Log::ERROR ); + foreach ($matches as $ma) { + if (!unlink($ma)) { + \OCP\Util::writeLog('Encryption library', + 'Could not delete shareKey; does not exist: "' . $ma . '"', \OCP\Util::ERROR); } } - $subdirs = $directories = glob( preg_quote( $dir ) . '/*', GLOB_ONLYDIR ); - foreach ( $subdirs as $subdir ) { - self::recursiveDelShareKeys( $subdir, $userIds ); + $subdirs = $directories = glob(preg_quote($dir) . '/*', GLOB_ONLYDIR); + foreach ($subdirs as $subdir) { + self::recursiveDelShareKeys($subdir, $userIds); } } /** * @brief Make preparations to vars and filesystem for saving a keyfile */ - public static function keySetPreparation( \OC_FilesystemView $view, $path, $basePath, $userId ) { + public static function keySetPreparation(\OC_FilesystemView $view, $path, $basePath, $userId) { - $targetPath = ltrim( $path, '/' ); + $targetPath = ltrim($path, '/'); - $path_parts = pathinfo( $targetPath ); + $path_parts = pathinfo($targetPath); // If the file resides within a subdirectory, create it if ( - isset( $path_parts['dirname'] ) - && !$view->file_exists( $basePath . '/' . $path_parts['dirname'] ) + isset($path_parts['dirname']) + && !$view->file_exists($basePath . '/' . $path_parts['dirname']) ) { - $sub_dirs = explode( DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname'] ); + $sub_dirs = explode(DIRECTORY_SEPARATOR, $basePath . '/' . $path_parts['dirname']); $dir = ''; - foreach ( $sub_dirs as $sub_dir ) { + foreach ($sub_dirs as $sub_dir) { $dir .= '/' . $sub_dir; - if ( !$view->is_dir( $dir ) ) { - $view->mkdir( $dir ); + if (!$view->is_dir($dir)) { + $view->mkdir($dir); } } } diff --git a/apps/files_encryption/lib/proxy.php b/apps/files_encryption/lib/proxy.php index e381ecab5c..0df34a38bd 100644 --- a/apps/files_encryption/lib/proxy.php +++ b/apps/files_encryption/lib/proxy.php @@ -34,8 +34,7 @@ namespace OCA\Encryption; * Class Proxy * @package OCA\Encryption */ -class Proxy extends \OC_FileProxy -{ +class Proxy extends \OC_FileProxy { private static $blackList = null; //mimetypes blacklisted from encryption @@ -48,13 +47,13 @@ class Proxy extends \OC_FileProxy * * Tests if server side encryption is enabled, and file is allowed by blacklists */ - private static function shouldEncrypt( $path ) { + private static function shouldEncrypt($path) { - if ( is_null( self::$enableEncryption ) ) { + if (is_null(self::$enableEncryption)) { if ( - \OCP\Config::getAppValue( 'files_encryption', 'enable_encryption', 'true' ) == 'true' - && Crypt::mode() == 'server' + \OCP\Config::getAppValue('files_encryption', 'enable_encryption', 'true') === 'true' + && Crypt::mode() === 'server' ) { self::$enableEncryption = true; @@ -67,27 +66,27 @@ class Proxy extends \OC_FileProxy } - if ( !self::$enableEncryption ) { + if (!self::$enableEncryption) { return false; } - if ( is_null( self::$blackList ) ) { + if (is_null(self::$blackList)) { - self::$blackList = explode( ',', \OCP\Config::getAppValue( 'files_encryption', 'type_blacklist', '' ) ); + self::$blackList = explode(',', \OCP\Config::getAppValue('files_encryption', 'type_blacklist', '')); } - if ( Crypt::isCatfileContent( $path ) ) { + if (Crypt::isCatfileContent($path)) { return true; } - $extension = substr( $path, strrpos( $path, '.' ) + 1 ); + $extension = substr($path, strrpos($path, '.') + 1); - if ( array_search( $extension, self::$blackList ) === false ) { + if (array_search($extension, self::$blackList) === false) { return true; @@ -101,78 +100,44 @@ class Proxy extends \OC_FileProxy * @param $data * @return bool */ - public function preFile_put_contents( $path, &$data ) { + public function preFile_put_contents($path, &$data) { - if ( self::shouldEncrypt( $path ) ) { + if (self::shouldEncrypt($path)) { - // Stream put contents should have been converted to fopen - if ( !is_resource( $data ) ) { + if (!is_resource($data)) { - $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView( '/' ); - $util = new Util( $view, $userId ); - $session = new \OCA\Encryption\Session( $view ); - $privateKey = $session->getPrivateKey(); - $filePath = $util->stripUserFilesPath( $path ); - // Set the filesize for userland, before encrypting - $size = strlen( $data ); + // get root view + $view = new \OC_FilesystemView('/'); - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; - - // Check if there is an existing key we can reuse - if ( $encKeyfile = Keymanager::getFileKey( $view, $userId, $filePath ) ) { - - // Fetch shareKey - $shareKey = Keymanager::getShareKey( $view, $userId, $filePath ); - - // Decrypt the keyfile - $plainKey = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - - } else { - - // Make a new key - $plainKey = Crypt::generateKey(); + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); + if (!isset($relativePath)) { + return true; } - // Encrypt data - $encData = Crypt::symmetricEncryptFileContent( $data, $plainKey ); + $handle = fopen('crypt://' . $relativePath . '.etmp', 'w'); + if (is_resource($handle)) { - $sharingEnabled = \OCP\Share::isEnabled(); + // write data to stream + fwrite($handle, $data); - // if file exists try to get sharing users - if ( $view->file_exists( $path ) ) { - $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $filePath, $userId ); - } else { - $uniqueUserIds[] = $userId; + // close stream + fclose($handle); + + // disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + // get encrypted content + $data = $view->file_get_contents($path . '.etmp'); + + // remove our temp file + $view->unlink($path . '.etmp'); + + // re-enable proxy - our work is done + \OC_FileProxy::$enabled = $proxyStatus; } - - // Fetch public keys for all users who will share the file - $publicKeys = Keymanager::getPublicKeys( $view, $uniqueUserIds ); - - // Encrypt plain keyfile to multiple sharefiles - $multiEncrypted = Crypt::multiKeyEncrypt( $plainKey, $publicKeys ); - - // Save sharekeys to user folders - Keymanager::setShareKeys( $view, $filePath, $multiEncrypted['keys'] ); - - // Set encrypted keyfile as common varname - $encKey = $multiEncrypted['data']; - - // Save keyfile for newly encrypted file in parallel directory tree - Keymanager::setFileKey( $view, $filePath, $userId, $encKey ); - - // Replace plain content with encrypted content by reference - $data = $encData; - - // Update the file cache with file info - \OC\Files\Filesystem::putFileInfo( $filePath, array( 'encrypted' => true, 'size' => strlen( $data ), 'unencrypted_size' => $size ), '' ); - - // Re-enable proxy - our work is done - \OC_FileProxy::$enabled = $proxyStatus; - } } @@ -184,51 +149,46 @@ class Proxy extends \OC_FileProxy * @param string $path Path of file from which has been read * @param string $data Data that has been read from file */ - public function postFile_get_contents( $path, $data ) { + public function postFile_get_contents($path, $data) { - $userId = \OCP\USER::getUser(); - $view = new \OC_FilesystemView( '/' ); - $util = new Util( $view, $userId ); + $plainData = null; + $view = new \OC_FilesystemView('/'); - $relPath = $util->stripUserFilesPath( $path ); - - // Disable encryption proxy to prevent recursive calls - $proxyStatus = \OC_FileProxy::$enabled; - \OC_FileProxy::$enabled = false; + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); // init session - $session = new \OCA\Encryption\Session( $view ); + $session = new \OCA\Encryption\Session($view); // If data is a catfile if ( - Crypt::mode() == 'server' - && Crypt::isCatfileContent( $data ) + Crypt::mode() === 'server' + && Crypt::isCatfileContent($data) ) { - $privateKey = $session->getPrivateKey( $userId ); + $handle = fopen('crypt://' . $relativePath, 'r'); - // Get the encrypted keyfile - $encKeyfile = Keymanager::getFileKey( $view, $userId, $relPath ); - - // Attempt to fetch the user's shareKey - $shareKey = Keymanager::getShareKey( $view, $userId, $relPath ); - - // Decrypt keyfile with shareKey - $plainKeyfile = Crypt::multiKeyDecrypt( $encKeyfile, $shareKey, $privateKey ); - - $plainData = Crypt::symmetricDecryptFileContent( $data, $plainKeyfile ); + if (is_resource($handle)) { + while (($plainDataChunk = fgets($handle, 8192)) !== false) { + $plainData .= $plainDataChunk; + } + } } elseif ( Crypt::mode() == 'server' - &&\OC::$session->exists('legacyenckey') - && Crypt::isEncryptedMeta( $path ) + && \OC::$session->exists('legacyenckey') + && Crypt::isEncryptedMeta($path) ) { - $plainData = Crypt::legacyBlockDecrypt( $data, $session->getLegacyKey() ); + // Disable encryption proxy to prevent recursive calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + + $plainData = Crypt::legacyBlockDecrypt($data, $session->getLegacyKey()); + + \OC_FileProxy::$enabled = $proxyStatus; } - \OC_FileProxy::$enabled = $proxyStatus; - - if ( !isset( $plainData ) ) { + if (!isset($plainData)) { $plainData = $data; @@ -241,10 +201,10 @@ class Proxy extends \OC_FileProxy /** * @brief When a file is deleted, remove its keyfile also */ - public function preUnlink( $path ) { + public function preUnlink($path) { // let the trashbin handle this - if ( \OCP\App::isEnabled( 'files_trashbin' ) ) { + if (\OCP\App::isEnabled('files_trashbin')) { return true; } @@ -252,23 +212,24 @@ class Proxy extends \OC_FileProxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $view = new \OC_FilesystemView( '/' ); + $view = new \OC_FilesystemView('/'); $userId = \OCP\USER::getUser(); - $util = new Util( $view, $userId ); + $util = new Util($view, $userId); - // Format path to be relative to user files dir - $relPath = $util->stripUserFilesPath( $path ); + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); - list( $owner, $ownerPath ) = $util->getUidAndFilename( $relPath ); + list($owner, $ownerPath) = $util->getUidAndFilename($relativePath); // Delete keyfile & shareKey so it isn't orphaned - if ( !Keymanager::deleteFileKey( $view, $owner, $ownerPath ) ) { - \OC_Log::write( 'Encryption library', 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OC_Log::ERROR ); + if (!Keymanager::deleteFileKey($view, $owner, $ownerPath)) { + \OCP\Util::writeLog('Encryption library', + 'Keyfile or shareKey could not be deleted for file "' . $ownerPath . '"', \OCP\Util::ERROR); } - Keymanager::delAllShareKeys( $view, $owner, $ownerPath ); + Keymanager::delAllShareKeys($view, $owner, $ownerPath); \OC_FileProxy::$enabled = $proxyStatus; @@ -282,8 +243,8 @@ class Proxy extends \OC_FileProxy * @param $path * @return bool */ - public function postTouch( $path ) { - $this->handleFile( $path ); + public function postTouch($path) { + $this->handleFile($path); return true; } @@ -293,20 +254,22 @@ class Proxy extends \OC_FileProxy * @param $result * @return resource */ - public function postFopen( $path, &$result ) { + public function postFopen($path, &$result) { - if ( !$result ) { + if (!$result) { return $result; } - // Reformat path for use with OC_FSV - $path_split = explode( '/', $path ); - $path_f = implode( '/', array_slice( $path_split, 3 ) ); + // split the path parts + $pathParts = explode('/', $path); + + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); // FIXME: handling for /userId/cache used by webdav for chunking. The cache chunks are NOT encrypted - if ( count($path_split) >= 2 && $path_split[2] == 'cache' ) { + if (isset($pathParts[2]) && $pathParts[2] === 'cache') { return $result; } @@ -314,31 +277,31 @@ class Proxy extends \OC_FileProxy $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $meta = stream_get_meta_data( $result ); + $meta = stream_get_meta_data($result); - $view = new \OC_FilesystemView( '' ); + $view = new \OC_FilesystemView(''); - $util = new Util( $view, \OCP\USER::getUser() ); + $util = new Util($view, \OCP\USER::getUser()); // If file is already encrypted, decrypt using crypto protocol if ( - Crypt::mode() == 'server' - && $util->isEncryptedPath( $path ) + Crypt::mode() === 'server' + && $util->isEncryptedPath($path) ) { // Close the original encrypted file - fclose( $result ); + fclose($result); // Open the file using the crypto stream wrapper // protocol and let it do the decryption work instead - $result = fopen( 'crypt://' . $path_f, $meta['mode'] ); + $result = fopen('crypt://' . $relativePath, $meta['mode']); } elseif ( - self::shouldEncrypt( $path ) - and $meta ['mode'] != 'r' - and $meta['mode'] != 'rb' + self::shouldEncrypt($path) + and $meta ['mode'] !== 'r' + and $meta['mode'] !== 'rb' ) { - $result = fopen( 'crypt://' . $path_f, $meta['mode'] ); + $result = fopen('crypt://' . $relativePath, $meta['mode']); } // Re-enable the proxy @@ -353,17 +316,17 @@ class Proxy extends \OC_FileProxy * @param $data * @return array */ - public function postGetFileInfo( $path, $data ) { + public function postGetFileInfo($path, $data) { // if path is a folder do nothing - if ( is_array( $data ) && array_key_exists( 'size', $data ) ) { + if (is_array($data) && array_key_exists('size', $data)) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // get file size - $data['size'] = self::postFileSize( $path, $data['size'] ); + $data['size'] = self::postFileSize($path, $data['size']); // Re-enable the proxy \OC_FileProxy::$enabled = $proxyStatus; @@ -377,51 +340,50 @@ class Proxy extends \OC_FileProxy * @param $size * @return bool */ - public function postFileSize( $path, $size ) { + public function postFileSize($path, $size) { - $view = new \OC_FilesystemView( '/' ); + $view = new \OC_FilesystemView('/'); // if path is a folder do nothing - if ( $view->is_dir( $path ) ) { + if ($view->is_dir($path)) { return $size; } - // Reformat path for use with OC_FSV - $path_split = explode( '/', $path ); - $path_f = implode( '/', array_slice( $path_split, 3 ) ); + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); // if path is empty we cannot resolve anything - if ( empty( $path_f ) ) { + if (empty($relativePath)) { return $size; } $fileInfo = false; // get file info from database/cache if not .part file - if ( !Keymanager::isPartialFilePath( $path ) ) { - $fileInfo = $view->getFileInfo( $path ); + if (!Keymanager::isPartialFilePath($path)) { + $fileInfo = $view->getFileInfo($path); } // if file is encrypted return real file size - if ( is_array( $fileInfo ) && $fileInfo['encrypted'] === true ) { + if (is_array($fileInfo) && $fileInfo['encrypted'] === true) { $size = $fileInfo['unencrypted_size']; } else { // self healing if file was removed from file cache - if ( !is_array( $fileInfo ) ) { + if (!is_array($fileInfo)) { $fileInfo = array(); } $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId ); - $fixSize = $util->getFileSize( $path ); - if ( $fixSize > 0 ) { + $util = new Util($view, $userId); + $fixSize = $util->getFileSize($path); + if ($fixSize > 0) { $size = $fixSize; $fileInfo['encrypted'] = true; $fileInfo['unencrypted_size'] = $size; // put file info if not .part file - if ( !Keymanager::isPartialFilePath( $path_f ) ) { - $view->putFileInfo( $path, $fileInfo ); + if (!Keymanager::isPartialFilePath($relativePath)) { + $view->putFileInfo($path, $fileInfo); } } @@ -432,32 +394,34 @@ class Proxy extends \OC_FileProxy /** * @param $path */ - public function handleFile( $path ) { + public function handleFile($path) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - $view = new \OC_FilesystemView( '/' ); - $session = new \OCA\Encryption\Session( $view ); + $view = new \OC_FilesystemView('/'); + $session = new \OCA\Encryption\Session($view); $userId = \OCP\User::getUser(); - $util = new Util( $view, $userId ); + $util = new Util($view, $userId); - // Reformat path for use with OC_FSV - $path_split = explode( '/', $path ); - $path_f = implode( '/', array_slice( $path_split, 3 ) ); + // split the path parts + $pathParts = explode('/', $path); + + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); // only if file is on 'files' folder fix file size and sharing - if ( count($path_split) >= 2 && $path_split[2] == 'files' && $util->fixFileSize( $path ) ) { + if (isset($pathParts[2]) && $pathParts[2] === 'files' && $util->fixFileSize($path)) { // get sharing app state $sharingEnabled = \OCP\Share::isEnabled(); // get users - $usersSharing = $util->getSharingUsersArray( $sharingEnabled, $path_f ); + $usersSharing = $util->getSharingUsersArray($sharingEnabled, $relativePath); // update sharing-keys - $util->setSharedFileKeyfiles( $session, $usersSharing, $path_f ); + $util->setSharedFileKeyfiles($session, $usersSharing, $relativePath); } \OC_FileProxy::$enabled = $proxyStatus; diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php index d60c386fb1..bff1737554 100644 --- a/apps/files_encryption/lib/session.php +++ b/apps/files_encryption/lib/session.php @@ -26,8 +26,7 @@ namespace OCA\Encryption; * Class for handling encryption related session data */ -class Session -{ +class Session { private $view; @@ -37,26 +36,26 @@ class Session * * @note The ownCloud key pair is used to allow public link sharing even if encryption is enabled */ - public function __construct( $view ) { + public function __construct($view) { $this->view = $view; - if ( !$this->view->is_dir( 'owncloud_private_key' ) ) { + if (!$this->view->is_dir('owncloud_private_key')) { - $this->view->mkdir( 'owncloud_private_key' ); + $this->view->mkdir('owncloud_private_key'); } - $publicShareKeyId = \OC_Appconfig::getValue( 'files_encryption', 'publicShareKeyId' ); + $publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId'); - if ( $publicShareKeyId === null ) { - $publicShareKeyId = 'pubShare_' . substr( md5( time() ), 0, 8 ); - \OC_Appconfig::setValue( 'files_encryption', 'publicShareKeyId', $publicShareKeyId ); + if ($publicShareKeyId === null) { + $publicShareKeyId = 'pubShare_' . substr(md5(time()), 0, 8); + \OC_Appconfig::setValue('files_encryption', 'publicShareKeyId', $publicShareKeyId); } if ( - !$this->view->file_exists( "/public-keys/" . $publicShareKeyId . ".public.key" ) - || !$this->view->file_exists( "/owncloud_private_key/" . $publicShareKeyId . ".private.key" ) + !$this->view->file_exists("/public-keys/" . $publicShareKeyId . ".public.key") + || !$this->view->file_exists("/owncloud_private_key/" . $publicShareKeyId . ".private.key") ) { $keypair = Crypt::createKeypair(); @@ -67,17 +66,18 @@ class Session // Save public key - if ( !$view->is_dir( '/public-keys' ) ) { - $view->mkdir( '/public-keys' ); + if (!$view->is_dir('/public-keys')) { + $view->mkdir('/public-keys'); } - $this->view->file_put_contents( '/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey'] ); + $this->view->file_put_contents('/public-keys/' . $publicShareKeyId . '.public.key', $keypair['publicKey']); // Encrypt private key empty passphrase - $encryptedPrivateKey = Crypt::symmetricEncryptFileContent( $keypair['privateKey'], '' ); + $encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], ''); // Save private key - $this->view->file_put_contents( '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey ); + $this->view->file_put_contents( + '/owncloud_private_key/' . $publicShareKeyId . '.private.key', $encryptedPrivateKey); \OC_FileProxy::$enabled = $proxyStatus; @@ -103,7 +103,7 @@ class Session * * @note this should only be set on login */ - public function setPrivateKey( $privateKey ) { + public function setPrivateKey($privateKey) { \OC::$session->set('privateKey', $privateKey); @@ -117,7 +117,6 @@ class Session * */ public function getPrivateKey() { - // return the public share private key if this is a public access if (\OCA\Encryption\Helper::isPublicAccess()) { return $this->getPublicSharePrivateKey(); @@ -163,7 +162,7 @@ class Session * @param $legacyKey * @return bool */ - public function setLegacyKey( $legacyKey ) { + public function setLegacyKey($legacyKey) { \OC::$session->set('legacyKey', $legacyKey); diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php index da8c249413..072c528664 100644 --- a/apps/files_encryption/lib/stream.php +++ b/apps/files_encryption/lib/stream.php @@ -48,8 +48,7 @@ namespace OCA\Encryption; * previous version deleted, this is handled by OC\Files\View, and thus the * encryption proxies are used and keyfiles deleted. */ -class Stream -{ +class Stream { private $plainKey; private $encKeyfiles; @@ -77,18 +76,18 @@ class Stream * @param $opened_path * @return bool */ - public function stream_open( $path, $mode, $options, &$opened_path ) { + public function stream_open($path, $mode, $options, &$opened_path) { - if ( !isset( $this->rootView ) ) { - $this->rootView = new \OC_FilesystemView( '/' ); + if (!isset($this->rootView)) { + $this->rootView = new \OC_FilesystemView('/'); } - $util = new Util( $this->rootView, \OCP\USER::getUser() ); + $util = new Util($this->rootView, \OCP\USER::getUser()); $this->userId = $util->getUserId(); // Strip identifier text from path, this gives us the path relative to data//files - $this->relPath = \OC\Files\Filesystem::normalizePath( str_replace( 'crypt://', '', $path ) ); + $this->relPath = \OC\Files\Filesystem::normalizePath(str_replace('crypt://', '', $path)); // rawPath is relative to the data directory $this->rawPath = $util->getUserFilesDir() . $this->relPath; @@ -98,10 +97,10 @@ class Stream \OC_FileProxy::$enabled = false; if ( - $mode == 'w' - or $mode == 'w+' - or $mode == 'wb' - or $mode == 'wb+' + $mode === 'w' + or $mode === 'w+' + or $mode === 'wb' + or $mode === 'wb+' ) { // We're writing a new file so start write counter with 0 bytes @@ -110,25 +109,25 @@ class Stream } else { - $this->size = $this->rootView->filesize( $this->rawPath, $mode ); + $this->size = $this->rootView->filesize($this->rawPath, $mode); } - $this->handle = $this->rootView->fopen( $this->rawPath, $mode ); + $this->handle = $this->rootView->fopen($this->rawPath, $mode); \OC_FileProxy::$enabled = $proxyStatus; - if ( !is_resource( $this->handle ) ) { + if (!is_resource($this->handle)) { - \OCP\Util::writeLog( 'files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR ); + \OCP\Util::writeLog('files_encryption', 'failed to open file "' . $this->rawPath . '"', \OCP\Util::ERROR); } else { - $this->meta = stream_get_meta_data( $this->handle ); + $this->meta = stream_get_meta_data($this->handle); } - return is_resource( $this->handle ); + return is_resource($this->handle); } @@ -136,11 +135,11 @@ class Stream * @param $offset * @param int $whence */ - public function stream_seek( $offset, $whence = SEEK_SET ) { + public function stream_seek($offset, $whence = SEEK_SET) { $this->flush(); - fseek( $this->handle, $offset, $whence ); + fseek($this->handle, $offset, $whence); } @@ -149,36 +148,37 @@ class Stream * @return bool|string * @throws \Exception */ - public function stream_read( $count ) { + public function stream_read($count) { $this->writeCache = ''; - if ( $count != 8192 ) { + if ($count !== 8192) { // $count will always be 8192 https://bugs.php.net/bug.php?id=21641 // This makes this function a lot simpler, but will break this class if the above 'bug' gets 'fixed' - \OCP\Util::writeLog( 'files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL ); + \OCP\Util::writeLog('files_encryption', 'PHP "bug" 21641 no longer holds, decryption system requires refactoring', \OCP\Util::FATAL); die(); } // Get the data from the file handle - $data = fread( $this->handle, 8192 ); + $data = fread($this->handle, 8192); $result = ''; - if ( strlen( $data ) ) { + if (strlen($data)) { - if ( !$this->getKey() ) { + if (!$this->getKey()) { // Error! We don't have a key to decrypt the file with - throw new \Exception( 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream' ); + throw new \Exception( + 'Encryption key not found for "' . $this->rawPath . '" during attempted read via stream'); } // Decrypt data - $result = Crypt::symmetricDecryptFileContent( $data, $this->plainKey ); + $result = Crypt::symmetricDecryptFileContent($data, $this->plainKey); } @@ -192,10 +192,10 @@ class Stream * @param string $key key to use for encryption * @return string encrypted data on success, false on failure */ - public function preWriteEncrypt( $plainData, $key ) { + public function preWriteEncrypt($plainData, $key) { // Encrypt data to 'catfile', which includes IV - if ( $encrypted = Crypt::symmetricEncryptFileContent( $plainData, $key ) ) { + if ($encrypted = Crypt::symmetricEncryptFileContent($plainData, $key)) { return $encrypted; @@ -215,7 +215,7 @@ class Stream public function getKey() { // Check if key is already set - if ( isset( $this->plainKey ) && isset( $this->encKeyfile ) ) { + if (isset($this->plainKey) && isset($this->encKeyfile)) { return true; @@ -223,18 +223,18 @@ class Stream // Fetch and decrypt keyfile // Fetch existing keyfile - $this->encKeyfile = Keymanager::getFileKey( $this->rootView, $this->userId, $this->relPath ); + $this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath); // If a keyfile already exists - if ( $this->encKeyfile ) { + if ($this->encKeyfile) { $session = new \OCA\Encryption\Session( $this->rootView ); - $privateKey = $session->getPrivateKey( $this->userId ); + $privateKey = $session->getPrivateKey($this->userId); - $shareKey = Keymanager::getShareKey( $this->rootView, $this->userId, $this->relPath ); + $shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath); - $this->plainKey = Crypt::multiKeyDecrypt( $this->encKeyfile, $shareKey, $privateKey ); + $this->plainKey = Crypt::multiKeyDecrypt($this->encKeyfile, $shareKey, $privateKey); return true; @@ -255,7 +255,7 @@ class Stream * @note Padding is added to each encrypted block to ensure that the resulting block is exactly 8192 bytes. This is removed during stream_read * @note PHP automatically updates the file pointer after writing data to reflect it's length. There is generally no need to update the poitner manually using fseek */ - public function stream_write( $data ) { + public function stream_write($data) { // Disable the file proxies so that encryption is not // automatically attempted when the file is written to disk - @@ -265,16 +265,16 @@ class Stream \OC_FileProxy::$enabled = false; // Get the length of the unencrypted data that we are handling - $length = strlen( $data ); + $length = strlen($data); // Find out where we are up to in the writing of data to the // file - $pointer = ftell( $this->handle ); + $pointer = ftell($this->handle); // Get / generate the keyfile for the file we're handling // If we're writing a new file (not overwriting an existing // one), save the newly generated keyfile - if ( !$this->getKey() ) { + if (!$this->getKey()) { $this->plainKey = Crypt::generateKey(); @@ -282,7 +282,7 @@ class Stream // If extra data is left over from the last round, make sure it // is integrated into the next 6126 / 8192 block - if ( $this->writeCache ) { + if ($this->writeCache) { // Concat writeCache to start of $data $data = $this->writeCache . $data; @@ -294,15 +294,15 @@ class Stream } // While there still remains some data to be processed & written - while ( strlen( $data ) > 0 ) { + while (strlen($data) > 0) { // Remaining length for this iteration, not of the // entire file (may be greater than 8192 bytes) - $remainingLength = strlen( $data ); + $remainingLength = strlen($data); // If data remaining to be written is less than the // size of 1 6126 byte block - if ( $remainingLength < 6126 ) { + if ($remainingLength < 6126) { // Set writeCache to contents of $data // The writeCache will be carried over to the @@ -320,25 +320,25 @@ class Stream } else { // Read the chunk from the start of $data - $chunk = substr( $data, 0, 6126 ); + $chunk = substr($data, 0, 6126); - $encrypted = $this->preWriteEncrypt( $chunk, $this->plainKey ); + $encrypted = $this->preWriteEncrypt($chunk, $this->plainKey); // Write the data chunk to disk. This will be // attended to the last data chunk if the file // being handled totals more than 6126 bytes - fwrite( $this->handle, $encrypted ); + fwrite($this->handle, $encrypted); // Remove the chunk we just processed from // $data, leaving only unprocessed data in $data // var, for handling on the next round - $data = substr( $data, 6126 ); + $data = substr($data, 6126); } } - $this->size = max( $this->size, $pointer + $length ); + $this->size = max($this->size, $pointer + $length); $this->unencryptedSize += $length; \OC_FileProxy::$enabled = $proxyStatus; @@ -353,17 +353,17 @@ class Stream * @param $arg1 * @param $arg2 */ - public function stream_set_option( $option, $arg1, $arg2 ) { + public function stream_set_option($option, $arg1, $arg2) { $return = false; - switch ( $option ) { + switch ($option) { case STREAM_OPTION_BLOCKING: - $return = stream_set_blocking( $this->handle, $arg1 ); + $return = stream_set_blocking($this->handle, $arg1); break; case STREAM_OPTION_READ_TIMEOUT: - $return = stream_set_timeout( $this->handle, $arg1, $arg2 ); + $return = stream_set_timeout($this->handle, $arg1, $arg2); break; case STREAM_OPTION_WRITE_BUFFER: - $return = stream_set_write_buffer( $this->handle, $arg1 ); + $return = stream_set_write_buffer($this->handle, $arg1); } return $return; @@ -373,14 +373,14 @@ class Stream * @return array */ public function stream_stat() { - return fstat( $this->handle ); + return fstat($this->handle); } /** * @param $mode */ - public function stream_lock( $mode ) { - return flock( $this->handle, $mode ); + public function stream_lock($mode) { + return flock($this->handle, $mode); } /** @@ -388,7 +388,7 @@ class Stream */ public function stream_flush() { - return fflush( $this->handle ); + return fflush($this->handle); // Not a typo: http://php.net/manual/en/function.fflush.php } @@ -397,19 +397,19 @@ class Stream * @return bool */ public function stream_eof() { - return feof( $this->handle ); + return feof($this->handle); } private function flush() { - if ( $this->writeCache ) { + if ($this->writeCache) { // Set keyfile property for file in question $this->getKey(); - $encrypted = $this->preWriteEncrypt( $this->writeCache, $this->plainKey ); + $encrypted = $this->preWriteEncrypt($this->writeCache, $this->plainKey); - fwrite( $this->handle, $encrypted ); + fwrite($this->handle, $encrypted); $this->writeCache = ''; @@ -425,42 +425,42 @@ class Stream $this->flush(); if ( - $this->meta['mode'] != 'r' - and $this->meta['mode'] != 'rb' - and $this->size > 0 + $this->meta['mode'] !== 'r' + and $this->meta['mode'] !== 'rb' + and $this->size > 0 ) { // Disable encryption proxy to prevent recursive calls $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; // Fetch user's public key - $this->publicKey = Keymanager::getPublicKey( $this->rootView, $this->userId ); + $this->publicKey = Keymanager::getPublicKey($this->rootView, $this->userId); // Check if OC sharing api is enabled $sharingEnabled = \OCP\Share::isEnabled(); - $util = new Util( $this->rootView, $this->userId ); + $util = new Util($this->rootView, $this->userId); // Get all users sharing the file includes current user - $uniqueUserIds = $util->getSharingUsersArray( $sharingEnabled, $this->relPath, $this->userId ); + $uniqueUserIds = $util->getSharingUsersArray($sharingEnabled, $this->relPath, $this->userId); // Fetch public keys for all sharing users - $publicKeys = Keymanager::getPublicKeys( $this->rootView, $uniqueUserIds ); + $publicKeys = Keymanager::getPublicKeys($this->rootView, $uniqueUserIds); // Encrypt enc key for all sharing users - $this->encKeyfiles = Crypt::multiKeyEncrypt( $this->plainKey, $publicKeys ); + $this->encKeyfiles = Crypt::multiKeyEncrypt($this->plainKey, $publicKeys); - $view = new \OC_FilesystemView( '/' ); + $view = new \OC_FilesystemView('/'); // Save the new encrypted file key - Keymanager::setFileKey( $this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data'] ); + Keymanager::setFileKey($this->rootView, $this->relPath, $this->userId, $this->encKeyfiles['data']); // Save the sharekeys - Keymanager::setShareKeys( $view, $this->relPath, $this->encKeyfiles['keys'] ); + Keymanager::setShareKeys($view, $this->relPath, $this->encKeyfiles['keys']); // get file info - $fileInfo = $view->getFileInfo( $this->rawPath ); - if ( !is_array( $fileInfo ) ) { + $fileInfo = $view->getFileInfo($this->rawPath); + if (!is_array($fileInfo)) { $fileInfo = array(); } @@ -473,10 +473,10 @@ class Stream $fileInfo['unencrypted_size'] = $this->unencryptedSize; // set fileinfo - $view->putFileInfo( $this->rawPath, $fileInfo ); + $view->putFileInfo($this->rawPath, $fileInfo); } - return fclose( $this->handle ); + return fclose($this->handle); } diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php index 6ffe31c9bb..04bd4dc8ac 100644 --- a/apps/files_encryption/lib/util.php +++ b/apps/files_encryption/lib/util.php @@ -188,7 +188,9 @@ class Util { /** * @brief Sets up user folders and keys for serverside encryption - * @param string $passphrase passphrase to encrypt server-stored private key with + * + * @param string $passphrase to encrypt server-stored private key with + * @return bool */ public function setupServerSide($passphrase = null) { @@ -382,7 +384,7 @@ class Util { // we handle them \OC_FileProxy::$enabled = false; - if ($found == false) { + if ($found === false) { $found = array( 'plain' => array(), 'encrypted' => array(), @@ -398,12 +400,12 @@ class Util { while (false !== ($file = readdir($handle))) { if ( - $file != "." - && $file != ".." + $file !== "." + && $file !== ".." ) { $filePath = $directory . '/' . $this->view->getRelativePath('/' . $file); - $relPath = $this->stripUserFilesPath($filePath); + $relPath = \OCA\Encryption\Helper::stripUserFilesPath($filePath); // If the path is a directory, search // its contents @@ -528,7 +530,7 @@ class Util { /** * @brief Check if a given path identifies an encrypted file - * @param $path + * @param string $path * @return boolean */ public function isEncryptedPath($path) { @@ -541,7 +543,7 @@ class Util { // we only need 24 byte from the last chunk $data = ''; $handle = $this->view->fopen($path, 'r'); - if (!fseek($handle, -24, SEEK_END)) { + if (is_resource($handle) && !fseek($handle, -24, SEEK_END)) { $data = fgets($handle); } @@ -565,11 +567,13 @@ class Util { $proxyStatus = \OC_FileProxy::$enabled; \OC_FileProxy::$enabled = false; - // Reformat path for use with OC_FSV - $pathSplit = explode('/', $path); - $pathRelative = implode('/', array_slice($pathSplit, 3)); + // split the path parts + $pathParts = explode('/', $path); - if ($pathSplit[2] == 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) { + // get relative path + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); + + if (isset($pathParts[2]) && $pathParts[2] === 'files' && $this->view->file_exists($path) && $this->isEncryptedPath($path)) { // get the size from filesystem $fullPath = $this->view->getLocalFile($path); @@ -579,7 +583,7 @@ class Util { $lastChunkNr = floor($size / 8192); // open stream - $stream = fopen('crypt://' . $pathRelative, "r"); + $stream = fopen('crypt://' . $relativePath, "r"); if (is_resource($stream)) { // calculate last chunk position @@ -639,21 +643,7 @@ class Util { return $result; } - /** - * @brief Format a path to be relative to the /user/files/ directory - * @note e.g. turns '/admin/files/test.txt' into 'test.txt' - */ - public function stripUserFilesPath($path) { - - $trimmed = ltrim($path, '/'); - $split = explode('/', $trimmed); - $sliced = array_slice($split, 2); - $relPath = implode('/', $sliced); - - return $relPath; - - } - + /** * @param $path * @return bool @@ -663,7 +653,7 @@ class Util { $trimmed = ltrim($path, '/'); $split = explode('/', $trimmed); - if ($split[2] == "Shared") { + if (isset($split[2]) && $split[2] === 'Shared') { return true; @@ -745,10 +735,10 @@ class Util { $publicKeys = Keymanager::getPublicKeys($this->view, $uniqueUserIds); // Recrypt data, generate catfile - $recrypted = Crypt::legacyKeyRecryptKeyfile($legacyData, $legacyPassphrase, $publicKeys, $newPassphrase, $legacyFile['path']); + $recrypted = Crypt::legacyKeyRecryptKeyfile( $legacyData, $legacyPassphrase, $publicKeys ); $rawPath = $legacyFile['path']; - $relPath = $this->stripUserFilesPath($rawPath); + $relPath = \OCA\Encryption\Helper::stripUserFilesPath($rawPath); // Save keyfile Keymanager::setFileKey($this->view, $relPath, $this->userId, $recrypted['filekey']); @@ -869,8 +859,8 @@ class Util { // Check that the user is encryption capable, or is the // public system user 'ownCloud' (for public shares) if ( - $user == $this->publicShareKeyId - or $user == $this->recoveryKeyId + $user === $this->publicShareKeyId + or $user === $this->recoveryKeyId or $util->ready() ) { @@ -903,6 +893,7 @@ class Util { * @param string $filePath * @param string $fileOwner * @param string $privateKey + * @return bool|string * @note Checks whether file was encrypted with openssl_seal or * openssl_encrypt, and decrypts accrdingly * @note This was used when 2 types of encryption for keyfiles was used, @@ -918,7 +909,7 @@ class Util { // We need to decrypt the keyfile // Has the file been shared yet? if ( - $this->userId == $fileOwner + $this->userId === $fileOwner && !Keymanager::getShareKey($this->view, $this->userId, $filePath) // NOTE: we can't use isShared() here because it's a post share hook so it always returns true ) { @@ -1028,7 +1019,7 @@ class Util { if ($sharingEnabled) { // Find out who, if anyone, is sharing the file - $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true, true, true); + $result = \OCP\Share::getUsersSharingFile($ownerPath, $owner, true); $userIds = $result['users']; if ($result['public']) { $userIds[] = $this->publicShareKeyId; @@ -1049,7 +1040,7 @@ class Util { } // add current user if given - if ($currentUserId != false) { + if ($currentUserId !== false) { $userIds[] = $currentUserId; @@ -1136,6 +1127,7 @@ class Util { /** * @brief get uid of the owners of the file and the path to the file * @param string $path Path of the file to check + * @throws \Exception * @note $shareFilePath must be relative to data/UID/files. Files * relative to /Shared are also acceptable * @return array @@ -1166,7 +1158,7 @@ class Util { \OC\Files\Filesystem::initMountPoints($fileOwnerUid); // If the file owner is the currently logged in user - if ($fileOwnerUid == $this->userId) { + if ($fileOwnerUid === $this->userId) { // Assume the path supplied is correct $filename = $path; @@ -1199,14 +1191,14 @@ class Util { $result = array(); - $content = $this->view->getDirectoryContent($this->userFilesDir . $dir); + $content = $this->view->getDirectoryContent(\OC\Files\Filesystem::normalizePath($this->userFilesDir . '/' . $dir)); // handling for re shared folders - $path_split = explode('/', $dir); + $pathSplit = explode('/', $dir); foreach ($content as $c) { - $sharedPart = $path_split[sizeof($path_split) - 1]; + $sharedPart = $pathSplit[sizeof($pathSplit) - 1]; $targetPathSplit = array_reverse(explode('/', $c['path'])); $path = ''; @@ -1228,7 +1220,7 @@ class Util { $path = $dir . $path; - if ($c['type'] === "dir") { + if ($c['type'] === 'dir') { $result = array_merge($result, $this->getAllFiles($path)); @@ -1417,11 +1409,12 @@ class Util { foreach ($dirContent as $item) { // get relative path from files_encryption/keyfiles/ $filePath = substr($item['path'], strlen('files_encryption/keyfiles')); - if ($item['type'] == 'dir') { + if ($item['type'] === 'dir') { $this->addRecoveryKeys($filePath . '/'); } else { $session = new \OCA\Encryption\Session(new \OC_FilesystemView('/')); $sharingEnabled = \OCP\Share::isEnabled(); + // remove '.key' extension from path e.g. 'file.txt.key' to 'file.txt' $file = substr($filePath, 0, -4); $usersSharing = $this->getSharingUsersArray($sharingEnabled, $file); $this->setSharedFileKeyfiles($session, $usersSharing, $file); @@ -1437,9 +1430,10 @@ class Util { foreach ($dirContent as $item) { // get relative path from files_encryption/keyfiles $filePath = substr($item['path'], strlen('files_encryption/keyfiles')); - if ($item['type'] == 'dir') { + if ($item['type'] === 'dir') { $this->removeRecoveryKeys($filePath . '/'); } else { + // remove '.key' extension from path e.g. 'file.txt.key' to 'file.txt' $file = substr($filePath, 0, -4); $this->view->unlink($this->shareKeysPath . '/' . $file . '.' . $this->recoveryKeyId . '.shareKey'); } @@ -1457,7 +1451,7 @@ class Util { // Find out who, if anyone, is sharing the file if ($sharingEnabled) { - $result = \OCP\Share::getUsersSharingFile($file, $this->userId, true, true, true); + $result = \OCP\Share::getUsersSharingFile($file, $this->userId, true); $userIds = $result['users']; $userIds[] = $this->recoveryKeyId; if ($result['public']) { @@ -1502,10 +1496,12 @@ class Util { private function recoverAllFiles($path, $privateKey) { $dirContent = $this->view->getDirectoryContent($this->keyfilesPath . $path); foreach ($dirContent as $item) { - $filePath = substr($item['path'], 25); - if ($item['type'] == 'dir') { + // get relative path from files_encryption/keyfiles + $filePath = substr($item['path'], strlen('files_encryption/keyfiles')); + if ($item['type'] === 'dir') { $this->recoverAllFiles($filePath . '/', $privateKey); } else { + // remove '.key' extension from path e.g. 'file.txt.key' to 'file.txt' $file = substr($filePath, 0, -4); $this->recoverFile($file, $privateKey); } @@ -1531,4 +1527,21 @@ class Util { $this->recoverAllFiles('/', $privateKey); } + /** + * Get the path including the storage mount point + * @param int $id + * @return string the path including the mount point like AmazonS3/folder/file.txt + */ + public function getPathWithMountPoint($id) { + list($storage, $internalPath) = \OC\Files\Cache\Cache::getById($id); + $mount = \OC\Files\Filesystem::getMountByStorageId($storage); + $mountPoint = $mount[0]->getMountPoint(); + $path = \OC\Files\Filesystem::normalizePath($mountPoint.'/'.$internalPath); + + // reformat the path to be relative e.g. /user/files/folder becomes /folder/ + $relativePath = \OCA\Encryption\Helper::stripUserFilesPath($path); + + return $relativePath; + } + } diff --git a/apps/files_encryption/settings-admin.php b/apps/files_encryption/settings-admin.php index 6cc5b997fd..5367605898 100644 --- a/apps/files_encryption/settings-admin.php +++ b/apps/files_encryption/settings-admin.php @@ -8,16 +8,16 @@ \OC_Util::checkAdminUser(); -$tmpl = new OCP\Template( 'files_encryption', 'settings-admin' ); +$tmpl = new OCP\Template('files_encryption', 'settings-admin'); // Check if an adminRecovery account is enabled for recovering files after lost pwd -$view = new OC_FilesystemView( '' ); +$view = new OC_FilesystemView(''); -$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); +$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); -$tmpl->assign( 'recoveryEnabled', $recoveryAdminEnabled ); +$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); -\OCP\Util::addscript( 'files_encryption', 'settings-admin' ); -\OCP\Util::addscript( 'core', 'multiselect' ); +\OCP\Util::addscript('files_encryption', 'settings-admin'); +\OCP\Util::addscript('core', 'multiselect'); return $tmpl->fetchPage(); diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php index 57f7f58452..3e96565949 100644 --- a/apps/files_encryption/settings-personal.php +++ b/apps/files_encryption/settings-personal.php @@ -7,22 +7,22 @@ */ // Add CSS stylesheet -\OC_Util::addStyle( 'files_encryption', 'settings-personal' ); - -$tmpl = new OCP\Template( 'files_encryption', 'settings-personal'); +\OC_Util::addStyle('files_encryption', 'settings-personal'); + +$tmpl = new OCP\Template('files_encryption', 'settings-personal'); $user = \OCP\USER::getUser(); -$view = new \OC_FilesystemView( '/' ); -$util = new \OCA\Encryption\Util( $view, $user ); +$view = new \OC_FilesystemView('/'); +$util = new \OCA\Encryption\Util($view, $user); -$recoveryAdminEnabled = OC_Appconfig::getValue( 'files_encryption', 'recoveryAdminEnabled' ); +$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $recoveryEnabledForUser = $util->recoveryEnabledForUser(); -\OCP\Util::addscript( 'files_encryption', 'settings-personal' ); -\OCP\Util::addScript( 'settings', 'personal' ); +\OCP\Util::addscript('files_encryption', 'settings-personal'); +\OCP\Util::addScript('settings', 'personal'); -$tmpl->assign( 'recoveryEnabled', $recoveryAdminEnabled ); -$tmpl->assign( 'recoveryEnabledForUser', $recoveryEnabledForUser ); +$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled); +$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser); return $tmpl->fetchPage(); diff --git a/apps/files_encryption/tests/crypt.php b/apps/files_encryption/tests/crypt.php index 5b0486aad8..32156eea27 100755 --- a/apps/files_encryption/tests/crypt.php +++ b/apps/files_encryption/tests/crypt.php @@ -575,7 +575,7 @@ class Test_Encryption_Crypt extends \PHPUnit_Framework_TestCase { */ function testLegacyKeyRecryptKeyfileEncrypt($crypted) { - $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey), $this->pass, ''); + $recrypted = Encryption\Crypt::LegacyKeyRecryptKeyfile($crypted, $this->pass, array($this->genPublicKey)); $this->assertNotEquals($this->dataLong, $recrypted['data']); diff --git a/apps/files_encryption/tests/webdav.php b/apps/files_encryption/tests/webdav.php index 94d3ec3fa5..1d406789f0 100755 --- a/apps/files_encryption/tests/webdav.php +++ b/apps/files_encryption/tests/webdav.php @@ -120,7 +120,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase { $_SERVER['REQUEST_METHOD'] = 'PUT'; $_SERVER['REQUEST_URI'] = '/remote.php/webdav' . $filename; - $_SERVER['HTTP_AUTHORIZATION'] = 'Basic YWRtaW46YWRtaW4='; + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dGVzdC13ZWJkYXYtdXNlcjE6dGVzdC13ZWJkYXYtdXNlcjE='; $_SERVER['CONTENT_TYPE'] = 'application/octet-stream'; $_SERVER['PATH_INFO'] = '/webdav' . $filename; $_SERVER['CONTENT_LENGTH'] = strlen($this->dataShort); @@ -172,7 +172,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase { // set server vars $_SERVER['REQUEST_METHOD'] = 'GET'; $_SERVER['REQUEST_URI'] = '/remote.php/webdav' . $filename; - $_SERVER['HTTP_AUTHORIZATION'] = 'Basic YWRtaW46YWRtaW4='; + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dGVzdC13ZWJkYXYtdXNlcjE6dGVzdC13ZWJkYXYtdXNlcjE='; $_SERVER['PATH_INFO'] = '/webdav' . $filename; // handle webdav request @@ -193,7 +193,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase { // set server vars $_SERVER['REQUEST_METHOD'] = 'DELETE'; $_SERVER['REQUEST_URI'] = '/remote.php/webdav' . $filename; - $_SERVER['HTTP_AUTHORIZATION'] = 'Basic YWRtaW46YWRtaW4='; + $_SERVER['HTTP_AUTHORIZATION'] = 'Basic dGVzdC13ZWJkYXYtdXNlcjE6dGVzdC13ZWJkYXYtdXNlcjE='; $_SERVER['PATH_INFO'] = '/webdav' . $filename; // handle webdav request @@ -216,7 +216,7 @@ class Test_Encryption_Webdav extends \PHPUnit_Framework_TestCase { * * @param bool $body * - * @note this init procedure is copied from /apps/files/remote.php + * @note this init procedure is copied from /apps/files/appinfo/remote.php */ function handleWebdavRequest($body = false) { // Backends diff --git a/apps/files_external/l10n/lt_LT.php b/apps/files_external/l10n/lt_LT.php index 9bf997d87c..29c962d9a8 100644 --- a/apps/files_external/l10n/lt_LT.php +++ b/apps/files_external/l10n/lt_LT.php @@ -6,6 +6,7 @@ "Error configuring Google Drive storage" => "Klaida nustatinėjant Google Drive talpyklą", "Warning: \"smbclient\" is not installed. Mounting of CIFS/SMB shares is not possible. Please ask your system administrator to install it." => "Įspėjimas: \"smbclient\" nėra įdiegtas. CIFS/SMB dalinimasis nėra galimas. Prašome susisiekti su sistemos administratoriumi kad būtų įdiegtas \"smbclient\"", "Warning: The FTP support in PHP is not enabled or installed. Mounting of FTP shares is not possible. Please ask your system administrator to install it." => "Įspėjimas: FTP palaikymas PHP sistemoje nėra įjungtas arba nėra įdiegtas. FTP dalinimosi įjungimas nėra galimas. Prašome susisiekti su sistemos administratoriumi kad būtų įdiegtas FTP palaikymas. ", +"Warning: The Curl support in PHP is not enabled or installed. Mounting of ownCloud / WebDAV or GoogleDrive is not possible. Please ask your system administrator to install it." => "Įspėjimas: \"Curl\" palaikymas PHP terpėje nėra įjungtas arba įdiegtas. ownCloud/WebDAV ar GoogleDrive įjungimas nebus įmanomas. Prašome susisiekti su sistemos administratoriumi kad būtų įdiegtas arba įjungtas \"Curl\" palaikymas.", "External Storage" => "Išorinės saugyklos", "Folder name" => "Katalogo pavadinimas", "External storage" => "Išorinė saugykla", diff --git a/apps/files_external/l10n/nn_NO.php b/apps/files_external/l10n/nn_NO.php index 4b4b6167d8..998c3f8245 100644 --- a/apps/files_external/l10n/nn_NO.php +++ b/apps/files_external/l10n/nn_NO.php @@ -1,4 +1,5 @@ "Innstillingar", "Groups" => "Grupper", "Users" => "Brukarar", "Delete" => "Slett" diff --git a/apps/files_sharing/lib/permissions.php b/apps/files_sharing/lib/permissions.php index 6747faa4d4..b6638564cd 100644 --- a/apps/files_sharing/lib/permissions.php +++ b/apps/files_sharing/lib/permissions.php @@ -70,6 +70,28 @@ class Shared_Permissions extends Permissions { return $filePermissions; } + /** + * get the permissions for all files in a folder + * + * @param int $parentId + * @param string $user + * @return int[] + */ + public function getDirectoryPermissions($parentId, $user) { + // Root of the Shared folder + if ($parentId === -1) { + return \OCP\Share::getItemsSharedWith('file', \OC_Share_Backend_File::FORMAT_PERMISSIONS); + } + $permissions = $this->get($parentId, $user); + $query = \OC_DB::prepare('SELECT `fileid` FROM `*PREFIX*filecache` WHERE `parent` = ?'); + $result = $query->execute(array($parentId)); + $filePermissions = array(); + while ($row = $result->fetchRow()) { + $filePermissions[$row['fileid']] = $permissions; + } + return $filePermissions; + } + /** * remove the permissions for a file * @@ -83,4 +105,5 @@ class Shared_Permissions extends Permissions { public function removeMultiple($fileIds, $user) { // Not a valid action for Shared Permissions } -} + +} \ No newline at end of file diff --git a/apps/files_sharing/lib/share/file.php b/apps/files_sharing/lib/share/file.php index 6294865180..07e7a4ca0c 100644 --- a/apps/files_sharing/lib/share/file.php +++ b/apps/files_sharing/lib/share/file.php @@ -26,6 +26,7 @@ class OC_Share_Backend_File implements OCP\Share_Backend_File_Dependent { const FORMAT_FILE_APP_ROOT = 2; const FORMAT_OPENDIR = 3; const FORMAT_GET_ALL = 4; + const FORMAT_PERMISSIONS = 5; private $path; @@ -125,6 +126,12 @@ class OC_Share_Backend_File implements OCP\Share_Backend_File_Dependent { $ids[] = $item['file_source']; } return $ids; + } else if ($format === self::FORMAT_PERMISSIONS) { + $filePermissions = array(); + foreach ($items as $item) { + $filePermissions[$item['file_source']] = $item['permissions']; + } + return $filePermissions; } return array(); } diff --git a/apps/files_versions/lib/versions.php b/apps/files_versions/lib/versions.php index 5fdbef2774..4beb9e0fe5 100644 --- a/apps/files_versions/lib/versions.php +++ b/apps/files_versions/lib/versions.php @@ -113,8 +113,16 @@ class Storage { mkdir($versionsFolderName.'/'.$info['dirname'], 0750, true); } + // disable proxy to prevent multiple fopen calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + // store a new version of a file $users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename)); + + // reset proxy state + \OC_FileProxy::$enabled = $proxyStatus; + $versionsSize = self::getVersionsSize($uid); if ( $versionsSize === false || $versionsSize < 0 ) { $versionsSize = self::calculateSize($uid); @@ -195,7 +203,16 @@ class Storage { //first create a new version $version = 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename); if ( !$users_view->file_exists($version)) { + + // disable proxy to prevent multiple fopen calls + $proxyStatus = \OC_FileProxy::$enabled; + \OC_FileProxy::$enabled = false; + $users_view->copy('files'.$filename, 'files_versions'.$filename.'.v'.$users_view->filemtime('files'.$filename)); + + // reset proxy state + \OC_FileProxy::$enabled = $proxyStatus; + $versionCreated = true; } diff --git a/apps/user_ldap/l10n/pl.php b/apps/user_ldap/l10n/pl.php index 29c814b5fb..7edfe0919e 100644 --- a/apps/user_ldap/l10n/pl.php +++ b/apps/user_ldap/l10n/pl.php @@ -79,6 +79,8 @@ "Override UUID detection" => "Zastąp wykrywanie UUID", "UUID Attribute:" => "Atrybuty UUID:", "Username-LDAP User Mapping" => "Mapowanie użytkownika LDAP", +"Clear Username-LDAP User Mapping" => "Czyść Mapowanie użytkownika LDAP", +"Clear Groupname-LDAP Group Mapping" => "Czyść Mapowanie nazwy grupy LDAP", "Test Configuration" => "Konfiguracja testowa", "Help" => "Pomoc" ); diff --git a/apps/user_ldap/l10n/sk_SK.php b/apps/user_ldap/l10n/sk_SK.php index b31fe37756..e36a158936 100644 --- a/apps/user_ldap/l10n/sk_SK.php +++ b/apps/user_ldap/l10n/sk_SK.php @@ -1,4 +1,5 @@ "Nepodarilo sa vymazať mapovania.", "Failed to delete the server configuration" => "Zlyhalo zmazanie nastavenia servera.", "The configuration is valid and the connection could be established!" => "Nastavenie je v poriadku a pripojenie je stabilné.", "The configuration is valid, but the Bind failed. Please check the server settings and credentials." => "Nastavenie je v poriadku, ale pripojenie zlyhalo. Skontrolujte nastavenia servera a prihlasovacie údaje.", @@ -7,6 +8,7 @@ "Take over settings from recent server configuration?" => "Prebrať nastavenia z nedávneho nastavenia servera?", "Keep settings?" => "Ponechať nastavenia?", "Cannot add server configuration" => "Nemožno pridať nastavenie servera", +"mappings cleared" => "mapovanie vymazané", "Success" => "Úspešné", "Error" => "Chyba", "Connection test succeeded" => "Test pripojenia bol úspešný", @@ -72,6 +74,11 @@ "Email Field" => "Pole email", "User Home Folder Naming Rule" => "Pravidlo pre nastavenie mena používateľského priečinka dát", "Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute." => "Nechajte prázdne pre používateľské meno (predvolené). Inak uveďte atribút LDAP/AD.", +"Internal Username" => "Interné používateľské meno", +"By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder in ownCloud. It is also a port of remote URLs, for instance for all *DAV services. With this setting, the default behaviour can be overriden. To achieve a similar behaviour as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behaviour. Changes will have effect only on newly mapped (added) LDAP users." => "V predvolenom nastavení bude interné používateľské meno vytvorené z UUID atribútu. Zabezpečí sa to, že používateľské meno bude jedinečné a znaky nemusia byť prevedené. Interné meno má obmedzenie, iba tieto znaky sú povolené: [a-zA-Z0-9_ @ -.]. Ostatné znaky sú nahradené ich ASCII alebo jednoducho vynechané. Pri kolíziách bude číslo byť pridané / odobrané. Interné používateľské meno sa používa na identifikáciu používateľa interne. Je to tiež predvolený názov používateľského domovského priečinka v ownCloud. To je tiež port vzdialeného URL, napríklad pre všetky služby * DAV. S týmto nastavením sa dá prepísať predvolené správanie. Pre dosiahnutie podobného správania sa ako pred ownCloud 5 zadajte atribút zobrazenia používateľského mena v tomto poli. Ponechajte prázdne pre predvolené správanie. Zmeny budú mať vplyv iba na novo mapovaných (pridaných) LDAP používateľov.", +"Internal Username Attribute:" => "Atribút interného používateľského mena:", +"Override UUID detection" => "Prepísať UUID detekciu", +"UUID Attribute:" => "UUID atribút:", "Test Configuration" => "Test nastavenia", "Help" => "Pomoc" ); diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index a7611eb3e8..04f73cf01f 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -441,8 +441,8 @@ abstract class Access { //while loop is just a precaution. If a name is not generated within //20 attempts, something else is very wrong. Avoids infinite loop. while($attempts < 20){ - $altName = $name . '_' . uniqid(); - if(\OCP\User::userExists($altName)) { + $altName = $name . '_' . rand(1000,9999); + if(!\OCP\User::userExists($altName)) { return $altName; } $attempts++; diff --git a/apps/user_webdavauth/l10n/nn_NO.php b/apps/user_webdavauth/l10n/nn_NO.php new file mode 100644 index 0000000000..772e084b63 --- /dev/null +++ b/apps/user_webdavauth/l10n/nn_NO.php @@ -0,0 +1,5 @@ + "WebDAV-autentisering", +"URL: http://" => "Nettadresse: http://", +"ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials." => "ownCloud sender brukarakkreditiv til denne nettadressa. Dette programtillegget kontrollerer svaret og tolkar HTTP-statuskodane 401 og 403 som ugyldige, og alle andre svar som gyldige." +); diff --git a/core/js/jquery-1.10.0.min.js b/core/js/jquery-1.10.0.min.js new file mode 100644 index 0000000000..01c688164a --- /dev/null +++ b/core/js/jquery-1.10.0.min.js @@ -0,0 +1,6 @@ +/*! jQuery v1.10.0 | (c) 2005, 2013 jQuery Foundation, Inc. | jquery.org/license +//@ sourceMappingURL=jquery-1.10.0.min.map +*/ +(function(e,t){var n,r,i=typeof t,o=e.location,a=e.document,s=a.documentElement,l=e.jQuery,u=e.$,c={},p=[],f="1.10.0",d=p.concat,h=p.push,g=p.slice,m=p.indexOf,y=c.toString,v=c.hasOwnProperty,b=f.trim,x=function(e,t){return new x.fn.init(e,t,r)},w=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,T=/\S+/g,C=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,k=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,E=/^[\],:{}\s]*$/,S=/(?:^|:|,)(?:\s*\[)+/g,A=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,j=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,D=/^-ms-/,L=/-([\da-z])/gi,H=function(e,t){return t.toUpperCase()},q=function(e){(a.addEventListener||"load"===e.type||"complete"===a.readyState)&&(_(),x.ready())},_=function(){a.addEventListener?(a.removeEventListener("DOMContentLoaded",q,!1),e.removeEventListener("load",q,!1)):(a.detachEvent("onreadystatechange",q),e.detachEvent("onload",q))};x.fn=x.prototype={jquery:f,constructor:x,init:function(e,n,r){var i,o;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:N.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof x?n[0]:n,x.merge(this,x.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:a,!0)),k.test(i[1])&&x.isPlainObject(n))for(i in n)x.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(o=a.getElementById(i[2]),o&&o.parentNode){if(o.id!==i[2])return r.find(e);this.length=1,this[0]=o}return this.context=a,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):x.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),x.makeArray(e,this))},selector:"",length:0,toArray:function(){return g.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length+e]:this[e]},pushStack:function(e){var t=x.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return x.each(this,e,t)},ready:function(e){return x.ready.promise().done(e),this},slice:function(){return this.pushStack(g.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n=+e+(0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(x.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:h,sort:[].sort,splice:[].splice},x.fn.init.prototype=x.fn,x.extend=x.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},l=1,u=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},l=2),"object"==typeof s||x.isFunction(s)||(s={}),u===l&&(s=this,--l);u>l;l++)if(null!=(o=arguments[l]))for(i in o)e=s[i],r=o[i],s!==r&&(c&&r&&(x.isPlainObject(r)||(n=x.isArray(r)))?(n?(n=!1,a=e&&x.isArray(e)?e:[]):a=e&&x.isPlainObject(e)?e:{},s[i]=x.extend(c,a,r)):r!==t&&(s[i]=r));return s},x.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),noConflict:function(t){return e.$===x&&(e.$=u),t&&e.jQuery===x&&(e.jQuery=l),x},isReady:!1,readyWait:1,holdReady:function(e){e?x.readyWait++:x.ready(!0)},ready:function(e){if(e===!0?!--x.readyWait:!x.isReady){if(!a.body)return setTimeout(x.ready);x.isReady=!0,e!==!0&&--x.readyWait>0||(n.resolveWith(a,[x]),x.fn.trigger&&x(a).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===x.type(e)},isArray:Array.isArray||function(e){return"array"===x.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?c[y.call(e)]||"object":typeof e},isPlainObject:function(e){var n;if(!e||"object"!==x.type(e)||e.nodeType||x.isWindow(e))return!1;try{if(e.constructor&&!v.call(e,"constructor")&&!v.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(r){return!1}if(x.support.ownLast)for(n in e)return v.call(e,n);for(n in e);return n===t||v.call(e,n)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||a;var r=k.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=x.buildFragment([e],t,i),i&&x(i).remove(),x.merge([],r.childNodes))},parseJSON:function(n){return e.JSON&&e.JSON.parse?e.JSON.parse(n):null===n?n:"string"==typeof n&&(n=x.trim(n),n&&E.test(n.replace(A,"@").replace(j,"]").replace(S,"")))?Function("return "+n)():(x.error("Invalid JSON: "+n),t)},parseXML:function(n){var r,i;if(!n||"string"!=typeof n)return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(o){r=t}return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||x.error("Invalid XML: "+n),r},noop:function(){},globalEval:function(t){t&&x.trim(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(D,"ms-").replace(L,H)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,n){var r,i=0,o=e.length,a=M(e);if(n){if(a){for(;o>i;i++)if(r=t.apply(e[i],n),r===!1)break}else for(i in e)if(r=t.apply(e[i],n),r===!1)break}else if(a){for(;o>i;i++)if(r=t.call(e[i],i,e[i]),r===!1)break}else for(i in e)if(r=t.call(e[i],i,e[i]),r===!1)break;return e},trim:b&&!b.call("\ufeff\u00a0")?function(e){return null==e?"":b.call(e)}:function(e){return null==e?"":(e+"").replace(C,"")},makeArray:function(e,t){var n=t||[];return null!=e&&(M(Object(e))?x.merge(n,"string"==typeof e?[e]:e):h.call(n,e)),n},inArray:function(e,t,n){var r;if(t){if(m)return m.call(t,e,n);for(r=t.length,n=n?0>n?Math.max(0,r+n):n:0;r>n;n++)if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,o=0;if("number"==typeof r)for(;r>o;o++)e[i++]=n[o];else while(n[o]!==t)e[i++]=n[o++];return e.length=i,e},grep:function(e,t,n){var r,i=[],o=0,a=e.length;for(n=!!n;a>o;o++)r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,n){var r,i=0,o=e.length,a=M(e),s=[];if(a)for(;o>i;i++)r=t(e[i],i,n),null!=r&&(s[s.length]=r);else for(i in e)r=t(e[i],i,n),null!=r&&(s[s.length]=r);return d.apply([],s)},guid:1,proxy:function(e,n){var r,i,o;return"string"==typeof n&&(o=e[n],n=e,e=o),x.isFunction(e)?(r=g.call(arguments,2),i=function(){return e.apply(n||this,r.concat(g.call(arguments)))},i.guid=e.guid=e.guid||x.guid++,i):t},access:function(e,n,r,i,o,a,s){var l=0,u=e.length,c=null==r;if("object"===x.type(r)){o=!0;for(l in r)x.access(e,n,l,r[l],!0,a,s)}else if(i!==t&&(o=!0,x.isFunction(i)||(s=!0),c&&(s?(n.call(e,i),n=null):(c=n,n=function(e,t,n){return c.call(x(e),n)})),n))for(;u>l;l++)n(e[l],r,s?i:i.call(e[l],l,n(e[l],r)));return o?e:c?n.call(e):u?n(e[0],r):a},now:function(){return(new Date).getTime()},swap:function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i}}),x.ready.promise=function(t){if(!n)if(n=x.Deferred(),"complete"===a.readyState)setTimeout(x.ready);else if(a.addEventListener)a.addEventListener("DOMContentLoaded",q,!1),e.addEventListener("load",q,!1);else{a.attachEvent("onreadystatechange",q),e.attachEvent("onload",q);var r=!1;try{r=null==e.frameElement&&a.documentElement}catch(i){}r&&r.doScroll&&function o(){if(!x.isReady){try{r.doScroll("left")}catch(e){return setTimeout(o,50)}_(),x.ready()}}()}return n.promise(t)},x.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){c["[object "+t+"]"]=t.toLowerCase()});function M(e){var t=e.length,n=x.type(e);return x.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}r=x(a),function(e,t){var n,r,i,o,a,s,l,u,c,p,f,d,h,g,m,y,v,b="sizzle"+-new Date,w=e.document,T=0,C=0,N=lt(),k=lt(),E=lt(),S=!1,A=function(){return 0},j=typeof t,D=1<<31,L={}.hasOwnProperty,H=[],q=H.pop,_=H.push,M=H.push,O=H.slice,F=H.indexOf||function(e){var t=0,n=this.length;for(;n>t;t++)if(this[t]===e)return t;return-1},B="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",P="[\\x20\\t\\r\\n\\f]",R="(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",W=R.replace("w","w#"),$="\\["+P+"*("+R+")"+P+"*(?:([*^$|!~]?=)"+P+"*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|("+W+")|)|)"+P+"*\\]",I=":("+R+")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|"+$.replace(3,8)+")*)|.*)\\)|)",z=RegExp("^"+P+"+|((?:^|[^\\\\])(?:\\\\.)*)"+P+"+$","g"),X=RegExp("^"+P+"*,"+P+"*"),U=RegExp("^"+P+"*([>+~]|"+P+")"+P+"*"),V=RegExp(P+"*[+~]"),Y=RegExp("="+P+"*([^\\]'\"]*)"+P+"*\\]","g"),J=RegExp(I),G=RegExp("^"+W+"$"),Q={ID:RegExp("^#("+R+")"),CLASS:RegExp("^\\.("+R+")"),TAG:RegExp("^("+R.replace("w","w*")+")"),ATTR:RegExp("^"+$),PSEUDO:RegExp("^"+I),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+P+"*(even|odd|(([+-]|)(\\d*)n|)"+P+"*(?:([+-]|)"+P+"*(\\d+)|))"+P+"*\\)|)","i"),bool:RegExp("^(?:"+B+")$","i"),needsContext:RegExp("^"+P+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+P+"*((?:-\\d)?\\d*)"+P+"*\\)|)(?=[^-]|$)","i")},K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,et=/^(?:input|select|textarea|button)$/i,tt=/^h\d$/i,nt=/'|\\/g,rt=RegExp("\\\\([\\da-f]{1,6}"+P+"?|("+P+")|.)","ig"),it=function(e,t,n){var r="0x"+t-65536;return r!==r||n?t:0>r?String.fromCharCode(r+65536):String.fromCharCode(55296|r>>10,56320|1023&r)};try{M.apply(H=O.call(w.childNodes),w.childNodes),H[w.childNodes.length].nodeType}catch(ot){M={apply:H.length?function(e,t){_.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function at(e,t,n,i){var o,a,s,l,u,c,d,m,y,x;if((t?t.ownerDocument||t:w)!==f&&p(t),t=t||f,n=n||[],!e||"string"!=typeof e)return n;if(1!==(l=t.nodeType)&&9!==l)return[];if(h&&!i){if(o=Z.exec(e))if(s=o[1]){if(9===l){if(a=t.getElementById(s),!a||!a.parentNode)return n;if(a.id===s)return n.push(a),n}else if(t.ownerDocument&&(a=t.ownerDocument.getElementById(s))&&v(t,a)&&a.id===s)return n.push(a),n}else{if(o[2])return M.apply(n,t.getElementsByTagName(e)),n;if((s=o[3])&&r.getElementsByClassName&&t.getElementsByClassName)return M.apply(n,t.getElementsByClassName(s)),n}if(r.qsa&&(!g||!g.test(e))){if(m=d=b,y=t,x=9===l&&e,1===l&&"object"!==t.nodeName.toLowerCase()){c=bt(e),(d=t.getAttribute("id"))?m=d.replace(nt,"\\$&"):t.setAttribute("id",m),m="[id='"+m+"'] ",u=c.length;while(u--)c[u]=m+xt(c[u]);y=V.test(e)&&t.parentNode||t,x=c.join(",")}if(x)try{return M.apply(n,y.querySelectorAll(x)),n}catch(T){}finally{d||t.removeAttribute("id")}}}return At(e.replace(z,"$1"),t,n,i)}function st(e){return K.test(e+"")}function lt(){var e=[];function t(n,r){return e.push(n+=" ")>o.cacheLength&&delete t[e.shift()],t[n]=r}return t}function ut(e){return e[b]=!0,e}function ct(e){var t=f.createElement("div");try{return!!e(t)}catch(n){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function pt(e,t,n){e=e.split("|");var r,i=e.length,a=n?null:t;while(i--)(r=o.attrHandle[e[i]])&&r!==t||(o.attrHandle[e[i]]=a)}function ft(e,t){var n=e.getAttributeNode(t);return n&&n.specified?n.value:e[t]===!0?t.toLowerCase():null}function dt(e,t){return e.getAttribute(t,"type"===t.toLowerCase()?1:2)}function ht(e){return"input"===e.nodeName.toLowerCase()?e.defaultValue:t}function gt(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&(~t.sourceIndex||D)-(~e.sourceIndex||D);if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function mt(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function yt(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function vt(e){return ut(function(t){return t=+t,ut(function(n,r){var i,o=e([],n.length,t),a=o.length;while(a--)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}s=at.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},r=at.support={},p=at.setDocument=function(e){var n=e?e.ownerDocument||e:w;return n!==f&&9===n.nodeType&&n.documentElement?(f=n,d=n.documentElement,h=!s(n),r.attributes=ct(function(e){return e.innerHTML="",pt("type|href|height|width",dt,"#"===e.firstChild.getAttribute("href")),pt(B,ft,null==e.getAttribute("disabled")),e.className="i",!e.getAttribute("className")}),r.input=ct(function(e){return e.innerHTML="",e.firstChild.setAttribute("value",""),""===e.firstChild.getAttribute("value")}),pt("value",ht,r.attributes&&r.input),r.getElementsByTagName=ct(function(e){return e.appendChild(n.createComment("")),!e.getElementsByTagName("*").length}),r.getElementsByClassName=ct(function(e){return e.innerHTML="
",e.firstChild.className="i",2===e.getElementsByClassName("i").length}),r.getById=ct(function(e){return d.appendChild(e).id=b,!n.getElementsByName||!n.getElementsByName(b).length}),r.getById?(o.find.ID=function(e,t){if(typeof t.getElementById!==j&&h){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},o.filter.ID=function(e){var t=e.replace(rt,it);return function(e){return e.getAttribute("id")===t}}):(delete o.find.ID,o.filter.ID=function(e){var t=e.replace(rt,it);return function(e){var n=typeof e.getAttributeNode!==j&&e.getAttributeNode("id");return n&&n.value===t}}),o.find.TAG=r.getElementsByTagName?function(e,n){return typeof n.getElementsByTagName!==j?n.getElementsByTagName(e):t}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},o.find.CLASS=r.getElementsByClassName&&function(e,n){return typeof n.getElementsByClassName!==j&&h?n.getElementsByClassName(e):t},m=[],g=[],(r.qsa=st(n.querySelectorAll))&&(ct(function(e){e.innerHTML="",e.querySelectorAll("[selected]").length||g.push("\\["+P+"*(?:value|"+B+")"),e.querySelectorAll(":checked").length||g.push(":checked")}),ct(function(e){var t=n.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("t",""),e.querySelectorAll("[t^='']").length&&g.push("[*^$]="+P+"*(?:''|\"\")"),e.querySelectorAll(":enabled").length||g.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),g.push(",.*:")})),(r.matchesSelector=st(y=d.webkitMatchesSelector||d.mozMatchesSelector||d.oMatchesSelector||d.msMatchesSelector))&&ct(function(e){r.disconnectedMatch=y.call(e,"div"),y.call(e,"[s!='']:x"),m.push("!=",I)}),g=g.length&&RegExp(g.join("|")),m=m.length&&RegExp(m.join("|")),v=st(d.contains)||d.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},r.sortDetached=ct(function(e){return 1&e.compareDocumentPosition(n.createElement("div"))}),A=d.compareDocumentPosition?function(e,t){if(e===t)return S=!0,0;var i=t.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(t);return i?1&i||!r.sortDetached&&t.compareDocumentPosition(e)===i?e===n||v(w,e)?-1:t===n||v(w,t)?1:c?F.call(c,e)-F.call(c,t):0:4&i?-1:1:e.compareDocumentPosition?-1:1}:function(e,t){var r,i=0,o=e.parentNode,a=t.parentNode,s=[e],l=[t];if(e===t)return S=!0,0;if(!o||!a)return e===n?-1:t===n?1:o?-1:a?1:c?F.call(c,e)-F.call(c,t):0;if(o===a)return gt(e,t);r=e;while(r=r.parentNode)s.unshift(r);r=t;while(r=r.parentNode)l.unshift(r);while(s[i]===l[i])i++;return i?gt(s[i],l[i]):s[i]===w?-1:l[i]===w?1:0},n):f},at.matches=function(e,t){return at(e,null,null,t)},at.matchesSelector=function(e,t){if((e.ownerDocument||e)!==f&&p(e),t=t.replace(Y,"='$1']"),!(!r.matchesSelector||!h||m&&m.test(t)||g&&g.test(t)))try{var n=y.call(e,t);if(n||r.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(i){}return at(t,f,null,[e]).length>0},at.contains=function(e,t){return(e.ownerDocument||e)!==f&&p(e),v(e,t)},at.attr=function(e,n){(e.ownerDocument||e)!==f&&p(e);var i=o.attrHandle[n.toLowerCase()],a=i&&L.call(o.attrHandle,n.toLowerCase())?i(e,n,!h):t;return a===t?r.attributes||!h?e.getAttribute(n):(a=e.getAttributeNode(n))&&a.specified?a.value:null:a},at.error=function(e){throw Error("Syntax error, unrecognized expression: "+e)},at.uniqueSort=function(e){var t,n=[],i=0,o=0;if(S=!r.detectDuplicates,c=!r.sortStable&&e.slice(0),e.sort(A),S){while(t=e[o++])t===e[o]&&(i=n.push(o));while(i--)e.splice(n[i],1)}return e},a=at.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n+=a(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r++)n+=a(t);return n},o=at.selectors={cacheLength:50,createPseudo:ut,match:Q,attrHandle:{},find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(rt,it),e[3]=(e[4]||e[5]||"").replace(rt,it),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||at.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&at.error(e[0]),e},PSEUDO:function(e){var n,r=!e[5]&&e[2];return Q.CHILD.test(e[0])?null:(e[3]&&e[4]!==t?e[2]=e[4]:r&&J.test(r)&&(n=bt(r,!0))&&(n=r.indexOf(")",r.length-n)-r.length)&&(e[0]=e[0].slice(0,n),e[2]=r.slice(0,n)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(rt,it).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=N[e+" "];return t||(t=RegExp("(^|"+P+")"+e+"("+P+"|$)"))&&N(e,function(e){return t.test("string"==typeof e.className&&e.className||typeof e.getAttribute!==j&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=at.attr(r,e);return null==i?"!="===t:t?(i+="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.slice(-n.length)===n:"~="===t?(" "+i+" ").indexOf(n)>-1:"|="===t?i===n||i.slice(0,n.length+1)===n+"-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,l){var u,c,p,f,d,h,g=o!==a?"nextSibling":"previousSibling",m=t.parentNode,y=s&&t.nodeName.toLowerCase(),v=!l&&!s;if(m){if(o){while(g){p=t;while(p=p[g])if(s?p.nodeName.toLowerCase()===y:1===p.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?m.firstChild:m.lastChild],a&&v){c=m[b]||(m[b]={}),u=c[e]||[],d=u[0]===T&&u[1],f=u[0]===T&&u[2],p=d&&m.childNodes[d];while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if(1===p.nodeType&&++f&&p===t){c[e]=[T,d,f];break}}else if(v&&(u=(t[b]||(t[b]={}))[e])&&u[0]===T)f=u[1];else while(p=++d&&p&&p[g]||(f=d=0)||h.pop())if((s?p.nodeName.toLowerCase()===y:1===p.nodeType)&&++f&&(v&&((p[b]||(p[b]={}))[e]=[T,f]),p===t))break;return f-=i,f===r||0===f%r&&f/r>=0}}},PSEUDO:function(e,t){var n,r=o.pseudos[e]||o.setFilters[e.toLowerCase()]||at.error("unsupported pseudo: "+e);return r[b]?r(t):r.length>1?(n=[e,e,"",t],o.setFilters.hasOwnProperty(e.toLowerCase())?ut(function(e,n){var i,o=r(e,t),a=o.length;while(a--)i=F.call(e,o[a]),e[i]=!(n[i]=o[a])}):function(e){return r(e,0,n)}):r}},pseudos:{not:ut(function(e){var t=[],n=[],r=l(e.replace(z,"$1"));return r[b]?ut(function(e,t,n,i){var o,a=r(e,null,i,[]),s=e.length;while(s--)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:ut(function(e){return function(t){return at(e,t).length>0}}),contains:ut(function(e){return function(t){return(t.textContent||t.innerText||a(t)).indexOf(e)>-1}}),lang:ut(function(e){return G.test(e||"")||at.error("unsupported lang: "+e),e=e.replace(rt,it).toLowerCase(),function(t){var n;do if(n=h?t.lang:t.getAttribute("xml:lang")||t.getAttribute("lang"))return n=n.toLowerCase(),n===e||0===n.indexOf(e+"-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===d},focus:function(e){return e===f.activeElement&&(!f.hasFocus||f.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!o.pseudos.empty(e)},header:function(e){return tt.test(e.nodeName)},input:function(e){return et.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:vt(function(){return[0]}),last:vt(function(e,t){return[t-1]}),eq:vt(function(e,t,n){return[0>n?n+t:n]}),even:vt(function(e,t){var n=0;for(;t>n;n+=2)e.push(n);return e}),odd:vt(function(e,t){var n=1;for(;t>n;n+=2)e.push(n);return e}),lt:vt(function(e,t,n){var r=0>n?n+t:n;for(;--r>=0;)e.push(r);return e}),gt:vt(function(e,t,n){var r=0>n?n+t:n;for(;t>++r;)e.push(r);return e})}};for(n in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})o.pseudos[n]=mt(n);for(n in{submit:!0,reset:!0})o.pseudos[n]=yt(n);function bt(e,t){var n,r,i,a,s,l,u,c=k[e+" "];if(c)return t?0:c.slice(0);s=e,l=[],u=o.preFilter;while(s){(!n||(r=X.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),l.push(i=[])),n=!1,(r=U.exec(s))&&(n=r.shift(),i.push({value:n,type:r[0].replace(z," ")}),s=s.slice(n.length));for(a in o.filter)!(r=Q[a].exec(s))||u[a]&&!(r=u[a](r))||(n=r.shift(),i.push({value:n,type:a,matches:r}),s=s.slice(n.length));if(!n)break}return t?s.length:s?at.error(e):k(e,l).slice(0)}function xt(e){var t=0,n=e.length,r="";for(;n>t;t++)r+=e[t].value;return r}function wt(e,t,n){var r=t.dir,o=n&&"parentNode"===r,a=C++;return t.first?function(t,n,i){while(t=t[r])if(1===t.nodeType||o)return e(t,n,i)}:function(t,n,s){var l,u,c,p=T+" "+a;if(s){while(t=t[r])if((1===t.nodeType||o)&&e(t,n,s))return!0}else while(t=t[r])if(1===t.nodeType||o)if(c=t[b]||(t[b]={}),(u=c[r])&&u[0]===p){if((l=u[1])===!0||l===i)return l===!0}else if(u=c[r]=[p],u[1]=e(t,n,s)||i,u[1]===!0)return!0}}function Tt(e){return e.length>1?function(t,n,r){var i=e.length;while(i--)if(!e[i](t,n,r))return!1;return!0}:e[0]}function Ct(e,t,n,r,i){var o,a=[],s=0,l=e.length,u=null!=t;for(;l>s;s++)(o=e[s])&&(!n||n(o,r,i))&&(a.push(o),u&&t.push(s));return a}function Nt(e,t,n,r,i,o){return r&&!r[b]&&(r=Nt(r)),i&&!i[b]&&(i=Nt(i,o)),ut(function(o,a,s,l){var u,c,p,f=[],d=[],h=a.length,g=o||St(t||"*",s.nodeType?[s]:s,[]),m=!e||!o&&t?g:Ct(g,f,e,s,l),y=n?i||(o?e:h||r)?[]:a:m;if(n&&n(m,y,s,l),r){u=Ct(y,d),r(u,[],s,l),c=u.length;while(c--)(p=u[c])&&(y[d[c]]=!(m[d[c]]=p))}if(o){if(i||e){if(i){u=[],c=y.length;while(c--)(p=y[c])&&u.push(m[c]=p);i(null,y=[],u,l)}c=y.length;while(c--)(p=y[c])&&(u=i?F.call(o,p):f[c])>-1&&(o[u]=!(a[u]=p))}}else y=Ct(y===a?y.splice(h,y.length):y),i?i(null,a,y,l):M.apply(a,y)})}function kt(e){var t,n,r,i=e.length,a=o.relative[e[0].type],s=a||o.relative[" "],l=a?1:0,c=wt(function(e){return e===t},s,!0),p=wt(function(e){return F.call(t,e)>-1},s,!0),f=[function(e,n,r){return!a&&(r||n!==u)||((t=n).nodeType?c(e,n,r):p(e,n,r))}];for(;i>l;l++)if(n=o.relative[e[l].type])f=[wt(Tt(f),n)];else{if(n=o.filter[e[l].type].apply(null,e[l].matches),n[b]){for(r=++l;i>r;r++)if(o.relative[e[r].type])break;return Nt(l>1&&Tt(f),l>1&&xt(e.slice(0,l-1).concat({value:" "===e[l-2].type?"*":""})).replace(z,"$1"),n,r>l&&kt(e.slice(l,r)),i>r&&kt(e=e.slice(r)),i>r&&xt(e))}f.push(n)}return Tt(f)}function Et(e,t){var n=0,r=t.length>0,a=e.length>0,s=function(s,l,c,p,d){var h,g,m,y=[],v=0,b="0",x=s&&[],w=null!=d,C=u,N=s||a&&o.find.TAG("*",d&&l.parentNode||l),k=T+=null==C?1:Math.random()||.1;for(w&&(u=l!==f&&l,i=n);null!=(h=N[b]);b++){if(a&&h){g=0;while(m=e[g++])if(m(h,l,c)){p.push(h);break}w&&(T=k,i=++n)}r&&((h=!m&&h)&&v--,s&&x.push(h))}if(v+=b,r&&b!==v){g=0;while(m=t[g++])m(x,y,l,c);if(s){if(v>0)while(b--)x[b]||y[b]||(y[b]=q.call(p));y=Ct(y)}M.apply(p,y),w&&!s&&y.length>0&&v+t.length>1&&at.uniqueSort(p)}return w&&(T=k,u=C),x};return r?ut(s):s}l=at.compile=function(e,t){var n,r=[],i=[],o=E[e+" "];if(!o){t||(t=bt(e)),n=t.length;while(n--)o=kt(t[n]),o[b]?r.push(o):i.push(o);o=E(e,Et(i,r))}return o};function St(e,t,n){var r=0,i=t.length;for(;i>r;r++)at(e,t[r],n);return n}function At(e,t,n,i){var a,s,u,c,p,f=bt(e);if(!i&&1===f.length){if(s=f[0]=f[0].slice(0),s.length>2&&"ID"===(u=s[0]).type&&r.getById&&9===t.nodeType&&h&&o.relative[s[1].type]){if(t=(o.find.ID(u.matches[0].replace(rt,it),t)||[])[0],!t)return n;e=e.slice(s.shift().value.length)}a=Q.needsContext.test(e)?0:s.length;while(a--){if(u=s[a],o.relative[c=u.type])break;if((p=o.find[c])&&(i=p(u.matches[0].replace(rt,it),V.test(s[0].type)&&t.parentNode||t))){if(s.splice(a,1),e=i.length&&xt(s),!e)return M.apply(n,i),n;break}}}return l(e,f)(i,t,!h,n,V.test(e)),n}o.pseudos.nth=o.pseudos.eq;function jt(){}jt.prototype=o.filters=o.pseudos,o.setFilters=new jt,r.sortStable=b.split("").sort(A).join("")===b,p(),[0,0].sort(A),r.detectDuplicates=S,x.find=at,x.expr=at.selectors,x.expr[":"]=x.expr.pseudos,x.unique=at.uniqueSort,x.text=at.getText,x.isXMLDoc=at.isXML,x.contains=at.contains}(e);var O={};function F(e){var t=O[e]={};return x.each(e.match(T)||[],function(e,n){t[n]=!0}),t}x.Callbacks=function(e){e="string"==typeof e?O[e]||F(e):x.extend({},e);var n,r,i,o,a,s,l=[],u=!e.once&&[],c=function(t){for(r=e.memory&&t,i=!0,a=s||0,s=0,o=l.length,n=!0;l&&o>a;a++)if(l[a].apply(t[0],t[1])===!1&&e.stopOnFalse){r=!1;break}n=!1,l&&(u?u.length&&c(u.shift()):r?l=[]:p.disable())},p={add:function(){if(l){var t=l.length;(function i(t){x.each(t,function(t,n){var r=x.type(n);"function"===r?e.unique&&p.has(n)||l.push(n):n&&n.length&&"string"!==r&&i(n)})})(arguments),n?o=l.length:r&&(s=t,c(r))}return this},remove:function(){return l&&x.each(arguments,function(e,t){var r;while((r=x.inArray(t,l,r))>-1)l.splice(r,1),n&&(o>=r&&o--,a>=r&&a--)}),this},has:function(e){return e?x.inArray(e,l)>-1:!(!l||!l.length)},empty:function(){return l=[],o=0,this},disable:function(){return l=u=r=t,this},disabled:function(){return!l},lock:function(){return u=t,r||p.disable(),this},locked:function(){return!u},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],!l||i&&!u||(n?u.push(t):c(t)),this},fire:function(){return p.fireWith(this,arguments),this},fired:function(){return!!i}};return p},x.extend({Deferred:function(e){var t=[["resolve","done",x.Callbacks("once memory"),"resolved"],["reject","fail",x.Callbacks("once memory"),"rejected"],["notify","progress",x.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return x.Deferred(function(n){x.each(t,function(t,o){var a=o[0],s=x.isFunction(e[t])&&e[t];i[o[1]](function(){var e=s&&s.apply(this,arguments);e&&x.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[a+"With"](this===r?n.promise():this,s?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?x.extend(e,r):r}},i={};return r.pipe=r.then,x.each(t,function(e,o){var a=o[2],s=o[3];r[o[1]]=a.add,s&&a.add(function(){n=s},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0]+"With"](this===i?r:this,arguments),this},i[o[0]+"With"]=a.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t=0,n=g.call(arguments),r=n.length,i=1!==r||e&&x.isFunction(e.promise)?r:0,o=1===i?e:x.Deferred(),a=function(e,t,n){return function(r){t[e]=this,n[e]=arguments.length>1?g.call(arguments):r,n===s?o.notifyWith(t,n):--i||o.resolveWith(t,n)}},s,l,u;if(r>1)for(s=Array(r),l=Array(r),u=Array(r);r>t;t++)n[t]&&x.isFunction(n[t].promise)?n[t].promise().done(a(t,u,n)).fail(o.reject).progress(a(t,l,s)):--i;return i||o.resolveWith(u,n),o.promise()}}),x.support=function(t){var n,r,o,s,l,u,c,p,f,d=a.createElement("div");if(d.setAttribute("className","t"),d.innerHTML="
a",n=d.getElementsByTagName("*")||[],r=d.getElementsByTagName("a")[0],!r||!r.style||!n.length)return t;s=a.createElement("select"),u=s.appendChild(a.createElement("option")),o=d.getElementsByTagName("input")[0],r.style.cssText="top:1px;float:left;opacity:.5",t.getSetAttribute="t"!==d.className,t.leadingWhitespace=3===d.firstChild.nodeType,t.tbody=!d.getElementsByTagName("tbody").length,t.htmlSerialize=!!d.getElementsByTagName("link").length,t.style=/top/.test(r.getAttribute("style")),t.hrefNormalized="/a"===r.getAttribute("href"),t.opacity=/^0.5/.test(r.style.opacity),t.cssFloat=!!r.style.cssFloat,t.checkOn=!!o.value,t.optSelected=u.selected,t.enctype=!!a.createElement("form").enctype,t.html5Clone="<:nav>"!==a.createElement("nav").cloneNode(!0).outerHTML,t.inlineBlockNeedsLayout=!1,t.shrinkWrapBlocks=!1,t.pixelPosition=!1,t.deleteExpando=!0,t.noCloneEvent=!0,t.reliableMarginRight=!0,t.boxSizingReliable=!0,o.checked=!0,t.noCloneChecked=o.cloneNode(!0).checked,s.disabled=!0,t.optDisabled=!u.disabled;try{delete d.test}catch(h){t.deleteExpando=!1}o=a.createElement("input"),o.setAttribute("value",""),t.input=""===o.getAttribute("value"),o.value="t",o.setAttribute("type","radio"),t.radioValue="t"===o.value,o.setAttribute("checked","t"),o.setAttribute("name","t"),l=a.createDocumentFragment(),l.appendChild(o),t.appendChecked=o.checked,t.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,d.attachEvent&&(d.attachEvent("onclick",function(){t.noCloneEvent=!1}),d.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})d.setAttribute(c="on"+f,"t"),t[f+"Bubbles"]=c in e||d.attributes[c].expando===!1;d.style.backgroundClip="content-box",d.cloneNode(!0).style.backgroundClip="",t.clearCloneStyle="content-box"===d.style.backgroundClip;for(f in x(t))break;return t.ownLast="0"!==f,x(function(){var n,r,o,s="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",l=a.getElementsByTagName("body")[0];l&&(n=a.createElement("div"),n.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",l.appendChild(n).appendChild(d),d.innerHTML="
t
",o=d.getElementsByTagName("td"),o[0].style.cssText="padding:0;margin:0;border:0;display:none",p=0===o[0].offsetHeight,o[0].style.display="",o[1].style.display="none",t.reliableHiddenOffsets=p&&0===o[0].offsetHeight,d.innerHTML="",d.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",x.swap(l,null!=l.style.zoom?{zoom:1}:{},function(){t.boxSizing=4===d.offsetWidth}),e.getComputedStyle&&(t.pixelPosition="1%"!==(e.getComputedStyle(d,null)||{}).top,t.boxSizingReliable="4px"===(e.getComputedStyle(d,null)||{width:"4px"}).width,r=d.appendChild(a.createElement("div")),r.style.cssText=d.style.cssText=s,r.style.marginRight=r.style.width="0",d.style.width="1px",t.reliableMarginRight=!parseFloat((e.getComputedStyle(r,null)||{}).marginRight)),typeof d.style.zoom!==i&&(d.innerHTML="",d.style.cssText=s+"width:1px;padding:1px;display:inline;zoom:1",t.inlineBlockNeedsLayout=3===d.offsetWidth,d.style.display="block",d.innerHTML="
",d.firstChild.style.width="5px",t.shrinkWrapBlocks=3!==d.offsetWidth,t.inlineBlockNeedsLayout&&(l.style.zoom=1)),l.removeChild(n),n=d=o=r=null)}),n=s=l=u=r=o=null,t}({});var B=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,P=/([A-Z])/g;function R(e,n,r,i){if(x.acceptData(e)){var o,a,s=x.expando,l=e.nodeType,u=l?x.cache:e,c=l?e[s]:e[s]&&s; +if(c&&u[c]&&(i||u[c].data)||r!==t||"string"!=typeof n)return c||(c=l?e[s]=p.pop()||x.guid++:s),u[c]||(u[c]=l?{}:{toJSON:x.noop}),("object"==typeof n||"function"==typeof n)&&(i?u[c]=x.extend(u[c],n):u[c].data=x.extend(u[c].data,n)),a=u[c],i||(a.data||(a.data={}),a=a.data),r!==t&&(a[x.camelCase(n)]=r),"string"==typeof n?(o=a[n],null==o&&(o=a[x.camelCase(n)])):o=a,o}}function W(e,t,n){if(x.acceptData(e)){var r,i,o=e.nodeType,a=o?x.cache:e,s=o?e[x.expando]:x.expando;if(a[s]){if(t&&(r=n?a[s]:a[s].data)){x.isArray(t)?t=t.concat(x.map(t,x.camelCase)):t in r?t=[t]:(t=x.camelCase(t),t=t in r?[t]:t.split(" ")),i=t.length;while(i--)delete r[t[i]];if(n?!I(r):!x.isEmptyObject(r))return}(n||(delete a[s].data,I(a[s])))&&(o?x.cleanData([e],!0):x.support.deleteExpando||a!=a.window?delete a[s]:a[s]=null)}}}x.extend({cache:{},noData:{applet:!0,embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"},hasData:function(e){return e=e.nodeType?x.cache[e[x.expando]]:e[x.expando],!!e&&!I(e)},data:function(e,t,n){return R(e,t,n)},removeData:function(e,t){return W(e,t)},_data:function(e,t,n){return R(e,t,n,!0)},_removeData:function(e,t){return W(e,t,!0)},acceptData:function(e){if(e.nodeType&&1!==e.nodeType&&9!==e.nodeType)return!1;var t=e.nodeName&&x.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),x.fn.extend({data:function(e,n){var r,i,o=null,a=0,s=this[0];if(e===t){if(this.length&&(o=x.data(s),1===s.nodeType&&!x._data(s,"parsedAttrs"))){for(r=s.attributes;r.length>a;a++)i=r[a].name,0===i.indexOf("data-")&&(i=x.camelCase(i.slice(5)),$(s,i,o[i]));x._data(s,"parsedAttrs",!0)}return o}return"object"==typeof e?this.each(function(){x.data(this,e)}):arguments.length>1?this.each(function(){x.data(this,e,n)}):s?$(s,e,x.data(s,e)):null},removeData:function(e){return this.each(function(){x.removeData(this,e)})}});function $(e,n,r){if(r===t&&1===e.nodeType){var i="data-"+n.replace(P,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null:+r+""===r?+r:B.test(r)?x.parseJSON(r):r}catch(o){}x.data(e,n,r)}else r=t}return r}function I(e){var t;for(t in e)if(("data"!==t||!x.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}x.extend({queue:function(e,n,r){var i;return e?(n=(n||"fx")+"queue",i=x._data(e,n),r&&(!i||x.isArray(r)?i=x._data(e,n,x.makeArray(r)):i.push(r)),i||[]):t},dequeue:function(e,t){t=t||"fx";var n=x.queue(e,t),r=n.length,i=n.shift(),o=x._queueHooks(e,t),a=function(){x.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),o.cur=i,i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t+"queueHooks";return x._data(e,n)||x._data(e,n,{empty:x.Callbacks("once memory").add(function(){x._removeData(e,t+"queue"),x._removeData(e,n)})})}}),x.fn.extend({queue:function(e,n){var r=2;return"string"!=typeof e&&(n=e,e="fx",r--),r>arguments.length?x.queue(this[0],e):n===t?this:this.each(function(){var t=x.queue(this,e,n);x._queueHooks(this,e),"fx"===e&&"inprogress"!==t[0]&&x.dequeue(this,e)})},dequeue:function(e){return this.each(function(){x.dequeue(this,e)})},delay:function(e,t){return e=x.fx?x.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,o=x.Deferred(),a=this,s=this.length,l=function(){--i||o.resolveWith(a,[a])};"string"!=typeof e&&(n=e,e=t),e=e||"fx";while(s--)r=x._data(a[s],e+"queueHooks"),r&&r.empty&&(i++,r.empty.add(l));return l(),o.promise(n)}});var z,X,U=/[\t\r\n\f]/g,V=/\r/g,Y=/^(?:input|select|textarea|button|object)$/i,J=/^(?:a|area)$/i,G=/^(?:checked|selected)$/i,Q=x.support.getSetAttribute,K=x.support.input;x.fn.extend({attr:function(e,t){return x.access(this,x.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){x.removeAttr(this,e)})},prop:function(e,t){return x.access(this,x.prop,e,t,arguments.length>1)},removeProp:function(e){return e=x.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,o,a=0,s=this.length,l="string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).addClass(e.call(this,t,this.className))});if(l)for(t=(e||"").match(T)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(U," "):" ")){o=0;while(i=t[o++])0>r.indexOf(" "+i+" ")&&(r+=i+" ");n.className=x.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,a=0,s=this.length,l=0===arguments.length||"string"==typeof e&&e;if(x.isFunction(e))return this.each(function(t){x(this).removeClass(e.call(this,t,this.className))});if(l)for(t=(e||"").match(T)||[];s>a;a++)if(n=this[a],r=1===n.nodeType&&(n.className?(" "+n.className+" ").replace(U," "):"")){o=0;while(i=t[o++])while(r.indexOf(" "+i+" ")>=0)r=r.replace(" "+i+" "," ");n.className=e?x.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e,r="boolean"==typeof t;return x.isFunction(e)?this.each(function(n){x(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n){var o,a=0,s=x(this),l=t,u=e.match(T)||[];while(o=u[a++])l=r?l:!s.hasClass(o),s[l?"addClass":"removeClass"](o)}else(n===i||"boolean"===n)&&(this.className&&x._data(this,"__className__",this.className),this.className=this.className||e===!1?"":x._data(this,"__className__")||"")})},hasClass:function(e){var t=" "+e+" ",n=0,r=this.length;for(;r>n;n++)if(1===this[n].nodeType&&(" "+this[n].className+" ").replace(U," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,o=this[0];{if(arguments.length)return i=x.isFunction(e),this.each(function(n){var o;1===this.nodeType&&(o=i?e.call(this,n,x(this).val()):e,null==o?o="":"number"==typeof o?o+="":x.isArray(o)&&(o=x.map(o,function(e){return null==e?"":e+""})),r=x.valHooks[this.type]||x.valHooks[this.nodeName.toLowerCase()],r&&"set"in r&&r.set(this,o,"value")!==t||(this.value=o))});if(o)return r=x.valHooks[o.type]||x.valHooks[o.nodeName.toLowerCase()],r&&"get"in r&&(n=r.get(o,"value"))!==t?n:(n=o.value,"string"==typeof n?n.replace(V,""):null==n?"":n)}}}),x.extend({valHooks:{option:{get:function(e){var t=x.find.attr(e,"value");return null!=t?t:e.text}},select:{get:function(e){var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,a=o?null:[],s=o?i+1:r.length,l=0>i?s:o?i:0;for(;s>l;l++)if(n=r[l],!(!n.selected&&l!==i||(x.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&x.nodeName(n.parentNode,"optgroup"))){if(t=x(n).val(),o)return t;a.push(t)}return a},set:function(e,t){var n,r,i=e.options,o=x.makeArray(t),a=i.length;while(a--)r=i[a],(r.selected=x.inArray(x(r).val(),o)>=0)&&(n=!0);return n||(e.selectedIndex=-1),o}}},attr:function(e,n,r){var o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return typeof e.getAttribute===i?x.prop(e,n,r):(1===s&&x.isXMLDoc(e)||(n=n.toLowerCase(),o=x.attrHooks[n]||(x.expr.match.bool.test(n)?X:z)),r===t?o&&"get"in o&&null!==(a=o.get(e,n))?a:(a=x.find.attr(e,n),null==a?t:a):null!==r?o&&"set"in o&&(a=o.set(e,r,n))!==t?a:(e.setAttribute(n,r+""),r):(x.removeAttr(e,n),t))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(T);if(o&&1===e.nodeType)while(n=o[i++])r=x.propFix[n]||n,x.expr.match.bool.test(n)?K&&Q||!G.test(n)?e[r]=!1:e[x.camelCase("default-"+n)]=e[r]=!1:x.attr(e,n,""),e.removeAttribute(Q?n:r)},attrHooks:{type:{set:function(e,t){if(!x.support.radioValue&&"radio"===t&&x.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{"for":"htmlFor","class":"className"},prop:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return a=1!==s||!x.isXMLDoc(e),a&&(n=x.propFix[n]||n,o=x.propHooks[n]),r!==t?o&&"set"in o&&(i=o.set(e,r,n))!==t?i:e[n]=r:o&&"get"in o&&null!==(i=o.get(e,n))?i:e[n]},propHooks:{tabIndex:{get:function(e){var t=x.find.attr(e,"tabindex");return t?parseInt(t,10):Y.test(e.nodeName)||J.test(e.nodeName)&&e.href?0:-1}}}}),X={set:function(e,t,n){return t===!1?x.removeAttr(e,n):K&&Q||!G.test(n)?e.setAttribute(!Q&&x.propFix[n]||n,n):e[x.camelCase("default-"+n)]=e[n]=!0,n}},x.each(x.expr.match.bool.source.match(/\w+/g),function(e,n){var r=x.expr.attrHandle[n]||x.find.attr;x.expr.attrHandle[n]=K&&Q||!G.test(n)?function(e,n,i){var o=x.expr.attrHandle[n],a=i?t:(x.expr.attrHandle[n]=t)!=r(e,n,i)?n.toLowerCase():null;return x.expr.attrHandle[n]=o,a}:function(e,n,r){return r?t:e[x.camelCase("default-"+n)]?n.toLowerCase():null}}),K&&Q||(x.attrHooks.value={set:function(e,n,r){return x.nodeName(e,"input")?(e.defaultValue=n,t):z&&z.set(e,n,r)}}),Q||(z={set:function(e,n,r){var i=e.getAttributeNode(r);return i||e.setAttributeNode(i=e.ownerDocument.createAttribute(r)),i.value=n+="","value"===r||n===e.getAttribute(r)?n:t}},x.expr.attrHandle.id=x.expr.attrHandle.name=x.expr.attrHandle.coords=function(e,n,r){var i;return r?t:(i=e.getAttributeNode(n))&&""!==i.value?i.value:null},x.valHooks.button={get:function(e,n){var r=e.getAttributeNode(n);return r&&r.specified?r.value:t},set:z.set},x.attrHooks.contenteditable={set:function(e,t,n){z.set(e,""===t?!1:t,n)}},x.each(["width","height"],function(e,n){x.attrHooks[n]={set:function(e,r){return""===r?(e.setAttribute(n,"auto"),r):t}}})),x.support.hrefNormalized||x.each(["href","src"],function(e,t){x.propHooks[t]={get:function(e){return e.getAttribute(t,4)}}}),x.support.style||(x.attrHooks.style={get:function(e){return e.style.cssText||t},set:function(e,t){return e.style.cssText=t+""}}),x.support.optSelected||(x.propHooks.selected={get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}}),x.each(["tabIndex","readOnly","maxLength","cellSpacing","cellPadding","rowSpan","colSpan","useMap","frameBorder","contentEditable"],function(){x.propFix[this.toLowerCase()]=this}),x.support.enctype||(x.propFix.enctype="encoding"),x.each(["radio","checkbox"],function(){x.valHooks[this]={set:function(e,n){return x.isArray(n)?e.checked=x.inArray(x(e).val(),n)>=0:t}},x.support.checkOn||(x.valHooks[this].get=function(e){return null===e.getAttribute("value")?"on":e.value})});var Z=/^(?:input|select|textarea)$/i,et=/^key/,tt=/^(?:mouse|contextmenu)|click/,nt=/^(?:focusinfocus|focusoutblur)$/,rt=/^([^.]*)(?:\.(.+)|)$/;function it(){return!0}function ot(){return!1}function at(){try{return a.activeElement}catch(e){}}x.event={global:{},add:function(e,n,r,o,a){var s,l,u,c,p,f,d,h,g,m,y,v=x._data(e);if(v){r.handler&&(c=r,r=c.handler,a=c.selector),r.guid||(r.guid=x.guid++),(l=v.events)||(l=v.events={}),(f=v.handle)||(f=v.handle=function(e){return typeof x===i||e&&x.event.triggered===e.type?t:x.event.dispatch.apply(f.elem,arguments)},f.elem=e),n=(n||"").match(T)||[""],u=n.length;while(u--)s=rt.exec(n[u])||[],g=y=s[1],m=(s[2]||"").split(".").sort(),g&&(p=x.event.special[g]||{},g=(a?p.delegateType:p.bindType)||g,p=x.event.special[g]||{},d=x.extend({type:g,origType:y,data:o,handler:r,guid:r.guid,selector:a,needsContext:a&&x.expr.match.needsContext.test(a),namespace:m.join(".")},c),(h=l[g])||(h=l[g]=[],h.delegateCount=0,p.setup&&p.setup.call(e,o,m,f)!==!1||(e.addEventListener?e.addEventListener(g,f,!1):e.attachEvent&&e.attachEvent("on"+g,f))),p.add&&(p.add.call(e,d),d.handler.guid||(d.handler.guid=r.guid)),a?h.splice(h.delegateCount++,0,d):h.push(d),x.event.global[g]=!0);e=null}},remove:function(e,t,n,r,i){var o,a,s,l,u,c,p,f,d,h,g,m=x.hasData(e)&&x._data(e);if(m&&(c=m.events)){t=(t||"").match(T)||[""],u=t.length;while(u--)if(s=rt.exec(t[u])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){p=x.event.special[d]||{},d=(r?p.delegateType:p.bindType)||d,f=c[d]||[],s=s[2]&&RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),l=o=f.length;while(o--)a=f[o],!i&&g!==a.origType||n&&n.guid!==a.guid||s&&!s.test(a.namespace)||r&&r!==a.selector&&("**"!==r||!a.selector)||(f.splice(o,1),a.selector&&f.delegateCount--,p.remove&&p.remove.call(e,a));l&&!f.length&&(p.teardown&&p.teardown.call(e,h,m.handle)!==!1||x.removeEvent(e,d,m.handle),delete c[d])}else for(d in c)x.event.remove(e,d+t[u],n,r,!0);x.isEmptyObject(c)&&(delete m.handle,x._removeData(e,"events"))}},trigger:function(n,r,i,o){var s,l,u,c,p,f,d,h=[i||a],g=v.call(n,"type")?n.type:n,m=v.call(n,"namespace")?n.namespace.split("."):[];if(u=f=i=i||a,3!==i.nodeType&&8!==i.nodeType&&!nt.test(g+x.event.triggered)&&(g.indexOf(".")>=0&&(m=g.split("."),g=m.shift(),m.sort()),l=0>g.indexOf(":")&&"on"+g,n=n[x.expando]?n:new x.Event(g,"object"==typeof n&&n),n.isTrigger=o?2:3,n.namespace=m.join("."),n.namespace_re=n.namespace?RegExp("(^|\\.)"+m.join("\\.(?:.*\\.|)")+"(\\.|$)"):null,n.result=t,n.target||(n.target=i),r=null==r?[n]:x.makeArray(r,[n]),p=x.event.special[g]||{},o||!p.trigger||p.trigger.apply(i,r)!==!1)){if(!o&&!p.noBubble&&!x.isWindow(i)){for(c=p.delegateType||g,nt.test(c+g)||(u=u.parentNode);u;u=u.parentNode)h.push(u),f=u;f===(i.ownerDocument||a)&&h.push(f.defaultView||f.parentWindow||e)}d=0;while((u=h[d++])&&!n.isPropagationStopped())n.type=d>1?c:p.bindType||g,s=(x._data(u,"events")||{})[n.type]&&x._data(u,"handle"),s&&s.apply(u,r),s=l&&u[l],s&&x.acceptData(u)&&s.apply&&s.apply(u,r)===!1&&n.preventDefault();if(n.type=g,!o&&!n.isDefaultPrevented()&&(!p._default||p._default.apply(h.pop(),r)===!1)&&x.acceptData(i)&&l&&i[g]&&!x.isWindow(i)){f=i[l],f&&(i[l]=null),x.event.triggered=g;try{i[g]()}catch(y){}x.event.triggered=t,f&&(i[l]=f)}return n.result}},dispatch:function(e){e=x.event.fix(e);var n,r,i,o,a,s=[],l=g.call(arguments),u=(x._data(this,"events")||{})[e.type]||[],c=x.event.special[e.type]||{};if(l[0]=e,e.delegateTarget=this,!c.preDispatch||c.preDispatch.call(this,e)!==!1){s=x.event.handlers.call(this,e,u),n=0;while((o=s[n++])&&!e.isPropagationStopped()){e.currentTarget=o.elem,a=0;while((i=o.handlers[a++])&&!e.isImmediatePropagationStopped())(!e.namespace_re||e.namespace_re.test(i.namespace))&&(e.handleObj=i,e.data=i.data,r=((x.event.special[i.origType]||{}).handle||i.handler).apply(o.elem,l),r!==t&&(e.result=r)===!1&&(e.preventDefault(),e.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,e),e.result}},handlers:function(e,n){var r,i,o,a,s=[],l=n.delegateCount,u=e.target;if(l&&u.nodeType&&(!e.button||"click"!==e.type))for(;u!=this;u=u.parentNode||this)if(1===u.nodeType&&(u.disabled!==!0||"click"!==e.type)){for(o=[],a=0;l>a;a++)i=n[a],r=i.selector+" ",o[r]===t&&(o[r]=i.needsContext?x(r,this).index(u)>=0:x.find(r,this,null,[u]).length),o[r]&&o.push(i);o.length&&s.push({elem:u,handlers:o})}return n.length>l&&s.push({elem:this,handlers:n.slice(l)}),s},fix:function(e){if(e[x.expando])return e;var t,n,r,i=e.type,o=e,s=this.fixHooks[i];s||(this.fixHooks[i]=s=tt.test(i)?this.mouseHooks:et.test(i)?this.keyHooks:{}),r=s.props?this.props.concat(s.props):this.props,e=new x.Event(o),t=r.length;while(t--)n=r[t],e[n]=o[n];return e.target||(e.target=o.srcElement||a),3===e.target.nodeType&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,s.filter?s.filter(e,o):e},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,i,o,s=n.button,l=n.fromElement;return null==e.pageX&&null!=n.clientX&&(i=e.target.ownerDocument||a,o=i.documentElement,r=i.body,e.pageX=n.clientX+(o&&o.scrollLeft||r&&r.scrollLeft||0)-(o&&o.clientLeft||r&&r.clientLeft||0),e.pageY=n.clientY+(o&&o.scrollTop||r&&r.scrollTop||0)-(o&&o.clientTop||r&&r.clientTop||0)),!e.relatedTarget&&l&&(e.relatedTarget=l===e.target?n.toElement:l),e.which||s===t||(e.which=1&s?1:2&s?3:4&s?2:0),e}},special:{load:{noBubble:!0},focus:{trigger:function(){if(this!==at()&&this.focus)try{return this.focus(),!1}catch(e){}},delegateType:"focusin"},blur:{trigger:function(){return this===at()&&this.blur?(this.blur(),!1):t},delegateType:"focusout"},click:{trigger:function(){return x.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):t},_default:function(e){return x.nodeName(e.target,"a")}},beforeunload:{postDispatch:function(e){e.result!==t&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=x.extend(new x.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?x.event.trigger(i,null,t):x.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},x.removeEvent=a.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,t,n){var r="on"+t;e.detachEvent&&(typeof e[r]===i&&(e[r]=null),e.detachEvent(r,n))},x.Event=function(e,n){return this instanceof x.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?it:ot):this.type=e,n&&x.extend(this,n),this.timeStamp=e&&e.timeStamp||x.now(),this[x.expando]=!0,t):new x.Event(e,n)},x.Event.prototype={isDefaultPrevented:ot,isPropagationStopped:ot,isImmediatePropagationStopped:ot,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=it,e&&(e.preventDefault?e.preventDefault():e.returnValue=!1)},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=it,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=it,this.stopPropagation()}},x.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){x.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;return(!i||i!==r&&!x.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),x.support.submitBubbles||(x.event.special.submit={setup:function(){return x.nodeName(this,"form")?!1:(x.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=x.nodeName(n,"input")||x.nodeName(n,"button")?n.form:t;r&&!x._data(r,"submitBubbles")&&(x.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),x._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&x.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){return x.nodeName(this,"form")?!1:(x.event.remove(this,"._submit"),t)}}),x.support.changeBubbles||(x.event.special.change={setup:function(){return Z.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(x.event.add(this,"propertychange._change",function(e){"checked"===e.originalEvent.propertyName&&(this._just_changed=!0)}),x.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),x.event.simulate("change",this,e,!0)})),!1):(x.event.add(this,"beforeactivate._change",function(e){var t=e.target;Z.test(t.nodeName)&&!x._data(t,"changeBubbles")&&(x.event.add(t,"change._change",function(e){!this.parentNode||e.isSimulated||e.isTrigger||x.event.simulate("change",this.parentNode,e,!0)}),x._data(t,"changeBubbles",!0))}),t)},handle:function(e){var n=e.target;return this!==n||e.isSimulated||e.isTrigger||"radio"!==n.type&&"checkbox"!==n.type?e.handleObj.handler.apply(this,arguments):t},teardown:function(){return x.event.remove(this,"._change"),!Z.test(this.nodeName)}}),x.support.focusinBubbles||x.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){x.event.simulate(t,e.target,x.event.fix(e),!0)};x.event.special[t]={setup:function(){0===n++&&a.addEventListener(e,r,!0)},teardown:function(){0===--n&&a.removeEventListener(e,r,!0)}}}),x.fn.extend({on:function(e,n,r,i,o){var a,s;if("object"==typeof e){"string"!=typeof n&&(r=r||n,n=t);for(a in e)this.on(a,n,r,e[a],o);return this}if(null==r&&null==i?(i=n,r=n=t):null==i&&("string"==typeof n?(i=r,r=t):(i=r,r=n,n=t)),i===!1)i=ot;else if(!i)return this;return 1===o&&(s=i,i=function(e){return x().off(e),s.apply(this,arguments)},i.guid=s.guid||(s.guid=x.guid++)),this.each(function(){x.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,o;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,x(e.delegateTarget).off(i.namespace?i.origType+"."+i.namespace:i.origType,i.selector,i.handler),this;if("object"==typeof e){for(o in e)this.off(o,n,e[o]);return this}return(n===!1||"function"==typeof n)&&(r=n,n=t),r===!1&&(r=ot),this.each(function(){x.event.remove(this,e,r,n)})},trigger:function(e,t){return this.each(function(){x.event.trigger(e,t,this)})},triggerHandler:function(e,n){var r=this[0];return r?x.event.trigger(e,n,r,!0):t}});var st=/^.[^:#\[\.,]*$/,lt=/^(?:parents|prev(?:Until|All))/,ut=x.expr.match.needsContext,ct={children:!0,contents:!0,next:!0,prev:!0};x.fn.extend({find:function(e){var t,n=[],r=this,i=r.length;if("string"!=typeof e)return this.pushStack(x(e).filter(function(){for(t=0;i>t;t++)if(x.contains(r[t],this))return!0}));for(t=0;i>t;t++)x.find(e,r[t],n);return n=this.pushStack(i>1?x.unique(n):n),n.selector=this.selector?this.selector+" "+e:e,n},has:function(e){var t,n=x(e,this),r=n.length;return this.filter(function(){for(t=0;r>t;t++)if(x.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(ft(this,e||[],!0))},filter:function(e){return this.pushStack(ft(this,e||[],!1))},is:function(e){return!!ft(this,"string"==typeof e&&ut.test(e)?x(e):e||[],!1).length},closest:function(e,t){var n,r=0,i=this.length,o=[],a=ut.test(e)||"string"!=typeof e?x(e,t||this.context):0;for(;i>r;r++)for(n=this[r];n&&n!==t;n=n.parentNode)if(11>n.nodeType&&(a?a.index(n)>-1:1===n.nodeType&&x.find.matchesSelector(n,e))){n=o.push(n);break}return this.pushStack(o.length>1?x.unique(o):o)},index:function(e){return e?"string"==typeof e?x.inArray(this[0],x(e)):x.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?x(e,t):x.makeArray(e&&e.nodeType?[e]:e),r=x.merge(this.get(),n);return this.pushStack(x.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}});function pt(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}x.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return x.dir(e,"parentNode")},parentsUntil:function(e,t,n){return x.dir(e,"parentNode",n)},next:function(e){return pt(e,"nextSibling")},prev:function(e){return pt(e,"previousSibling")},nextAll:function(e){return x.dir(e,"nextSibling")},prevAll:function(e){return x.dir(e,"previousSibling")},nextUntil:function(e,t,n){return x.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return x.dir(e,"previousSibling",n)},siblings:function(e){return x.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return x.sibling(e.firstChild)},contents:function(e){return x.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:x.merge([],e.childNodes)}},function(e,t){x.fn[e]=function(n,r){var i=x.map(this,t,n);return"Until"!==e.slice(-5)&&(r=n),r&&"string"==typeof r&&(i=x.filter(r,i)),this.length>1&&(ct[e]||(i=x.unique(i)),lt.test(e)&&(i=i.reverse())),this.pushStack(i)}}),x.extend({filter:function(e,t,n){var r=t[0];return n&&(e=":not("+e+")"),1===t.length&&1===r.nodeType?x.find.matchesSelector(r,e)?[r]:[]:x.find.matches(e,x.grep(t,function(e){return 1===e.nodeType}))},dir:function(e,n,r){var i=[],o=e[n];while(o&&9!==o.nodeType&&(r===t||1!==o.nodeType||!x(o).is(r)))1===o.nodeType&&i.push(o),o=o[n];return i},sibling:function(e,t){var n=[];for(;e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});function ft(e,t,n){if(x.isFunction(t))return x.grep(e,function(e,r){return!!t.call(e,r,e)!==n});if(t.nodeType)return x.grep(e,function(e){return e===t!==n});if("string"==typeof t){if(st.test(t))return x.filter(t,e,n);t=x.filter(t,e)}return x.grep(e,function(e){return x.inArray(e,t)>=0!==n})}function dt(e){var t=ht.split("|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}var ht="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",gt=/ jQuery\d+="(?:null|\d+)"/g,mt=RegExp("<(?:"+ht+")[\\s/>]","i"),yt=/^\s+/,vt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,bt=/<([\w:]+)/,xt=/\s*$/g,At={option:[1,""],legend:[1,"
","
"],area:[1,"",""],param:[1,"",""],thead:[1,"","
"],tr:[2,"","
"],col:[2,"","
"],td:[3,"","
"],_default:x.support.htmlSerialize?[0,"",""]:[1,"X
","
"]},jt=dt(a),Dt=jt.appendChild(a.createElement("div"));At.optgroup=At.option,At.tbody=At.tfoot=At.colgroup=At.caption=At.thead,At.th=At.td,x.fn.extend({text:function(e){return x.access(this,function(e){return e===t?x.text(this):this.empty().append((this[0]&&this[0].ownerDocument||a).createTextNode(e))},null,e,arguments.length)},append:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Lt(this,e);t.appendChild(e)}})},prepend:function(){return this.domManip(arguments,function(e){if(1===this.nodeType||11===this.nodeType||9===this.nodeType){var t=Lt(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){var n,r=e?x.filter(e,this):this,i=0;for(;null!=(n=r[i]);i++)t||1!==n.nodeType||x.cleanData(Ft(n)),n.parentNode&&(t&&x.contains(n.ownerDocument,n)&&_t(Ft(n,"script")),n.parentNode.removeChild(n));return this},empty:function(){var e,t=0;for(;null!=(e=this[t]);t++){1===e.nodeType&&x.cleanData(Ft(e,!1));while(e.firstChild)e.removeChild(e.firstChild);e.options&&x.nodeName(e,"select")&&(e.options.length=0)}return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return x.clone(this,e,t)})},html:function(e){return x.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return 1===n.nodeType?n.innerHTML.replace(gt,""):t;if(!("string"!=typeof e||Tt.test(e)||!x.support.htmlSerialize&&mt.test(e)||!x.support.leadingWhitespace&&yt.test(e)||At[(bt.exec(e)||["",""])[1].toLowerCase()])){e=e.replace(vt,"<$1>");try{for(;i>r;r++)n=this[r]||{},1===n.nodeType&&(x.cleanData(Ft(n,!1)),n.innerHTML=e);n=0}catch(o){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(){var e=x.map(this,function(e){return[e.nextSibling,e.parentNode]}),t=0;return this.domManip(arguments,function(n){var r=e[t++],i=e[t++];i&&(r&&r.parentNode!==i&&(r=this.nextSibling),x(this).remove(),i.insertBefore(n,r))},!0),t?this:this.remove()},detach:function(e){return this.remove(e,!0)},domManip:function(e,t,n){e=d.apply([],e);var r,i,o,a,s,l,u=0,c=this.length,p=this,f=c-1,h=e[0],g=x.isFunction(h);if(g||!(1>=c||"string"!=typeof h||x.support.checkClone)&&Nt.test(h))return this.each(function(r){var i=p.eq(r);g&&(e[0]=h.call(this,r,i.html())),i.domManip(e,t,n)});if(c&&(l=x.buildFragment(e,this[0].ownerDocument,!1,!n&&this),r=l.firstChild,1===l.childNodes.length&&(l=r),r)){for(a=x.map(Ft(l,"script"),Ht),o=a.length;c>u;u++)i=l,u!==f&&(i=x.clone(i,!0,!0),o&&x.merge(a,Ft(i,"script"))),t.call(this[u],i,u);if(o)for(s=a[a.length-1].ownerDocument,x.map(a,qt),u=0;o>u;u++)i=a[u],kt.test(i.type||"")&&!x._data(i,"globalEval")&&x.contains(s,i)&&(i.src?x._evalUrl(i.src):x.globalEval((i.text||i.textContent||i.innerHTML||"").replace(St,"")));l=r=null}return this}});function Lt(e,t){return x.nodeName(e,"table")&&x.nodeName(1===t.nodeType?t:t.firstChild,"tr")?e.getElementsByTagName("tbody")[0]||e.appendChild(e.ownerDocument.createElement("tbody")):e}function Ht(e){return e.type=(null!==x.find.attr(e,"type"))+"/"+e.type,e}function qt(e){var t=Et.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function _t(e,t){var n,r=0;for(;null!=(n=e[r]);r++)x._data(n,"globalEval",!t||x._data(t[r],"globalEval"))}function Mt(e,t){if(1===t.nodeType&&x.hasData(e)){var n,r,i,o=x._data(e),a=x._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r++)x.event.add(t,n,s[n][r])}a.data&&(a.data=x.extend({},a.data))}}function Ot(e,t){var n,r,i;if(1===t.nodeType){if(n=t.nodeName.toLowerCase(),!x.support.noCloneEvent&&t[x.expando]){i=x._data(t);for(r in i.events)x.removeEvent(t,r,i.handle);t.removeAttribute(x.expando)}"script"===n&&t.text!==e.text?(Ht(t).text=e.text,qt(t)):"object"===n?(t.parentNode&&(t.outerHTML=e.outerHTML),x.support.html5Clone&&e.innerHTML&&!x.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):"input"===n&&Ct.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):"option"===n?t.defaultSelected=t.selected=e.defaultSelected:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}}x.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){x.fn[e]=function(e){var n,r=0,i=[],o=x(e),a=o.length-1;for(;a>=r;r++)n=r===a?this:this.clone(!0),x(o[r])[t](n),h.apply(i,n.get());return this.pushStack(i)}});function Ft(e,n){var r,o,a=0,s=typeof e.getElementsByTagName!==i?e.getElementsByTagName(n||"*"):typeof e.querySelectorAll!==i?e.querySelectorAll(n||"*"):t;if(!s)for(s=[],r=e.childNodes||e;null!=(o=r[a]);a++)!n||x.nodeName(o,n)?s.push(o):x.merge(s,Ft(o,n));return n===t||n&&x.nodeName(e,n)?x.merge([e],s):s}function Bt(e){Ct.test(e.type)&&(e.defaultChecked=e.checked)}x.extend({clone:function(e,t,n){var r,i,o,a,s,l=x.contains(e.ownerDocument,e);if(x.support.html5Clone||x.isXMLDoc(e)||!mt.test("<"+e.nodeName+">")?o=e.cloneNode(!0):(Dt.innerHTML=e.outerHTML,Dt.removeChild(o=Dt.firstChild)),!(x.support.noCloneEvent&&x.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||x.isXMLDoc(e)))for(r=Ft(o),s=Ft(e),a=0;null!=(i=s[a]);++a)r[a]&&Ot(i,r[a]);if(t)if(n)for(s=s||Ft(e),r=r||Ft(o),a=0;null!=(i=s[a]);a++)Mt(i,r[a]);else Mt(e,o);return r=Ft(o,"script"),r.length>0&&_t(r,!l&&Ft(e,"script")),r=s=i=null,o},buildFragment:function(e,t,n,r){var i,o,a,s,l,u,c,p=e.length,f=dt(t),d=[],h=0;for(;p>h;h++)if(o=e[h],o||0===o)if("object"===x.type(o))x.merge(d,o.nodeType?[o]:o);else if(wt.test(o)){s=s||f.appendChild(t.createElement("div")),l=(bt.exec(o)||["",""])[1].toLowerCase(),c=At[l]||At._default,s.innerHTML=c[1]+o.replace(vt,"<$1>")+c[2],i=c[0];while(i--)s=s.lastChild;if(!x.support.leadingWhitespace&&yt.test(o)&&d.push(t.createTextNode(yt.exec(o)[0])),!x.support.tbody){o="table"!==l||xt.test(o)?""!==c[1]||xt.test(o)?0:s:s.firstChild,i=o&&o.childNodes.length;while(i--)x.nodeName(u=o.childNodes[i],"tbody")&&!u.childNodes.length&&o.removeChild(u)}x.merge(d,s.childNodes),s.textContent="";while(s.firstChild)s.removeChild(s.firstChild);s=f.lastChild}else d.push(t.createTextNode(o));s&&f.removeChild(s),x.support.appendChecked||x.grep(Ft(d,"input"),Bt),h=0;while(o=d[h++])if((!r||-1===x.inArray(o,r))&&(a=x.contains(o.ownerDocument,o),s=Ft(f.appendChild(o),"script"),a&&_t(s),n)){i=0;while(o=s[i++])kt.test(o.type||"")&&n.push(o)}return s=null,f},cleanData:function(e,t){var n,r,o,a,s=0,l=x.expando,u=x.cache,c=x.support.deleteExpando,f=x.event.special;for(;null!=(n=e[s]);s++)if((t||x.acceptData(n))&&(o=n[l],a=o&&u[o])){if(a.events)for(r in a.events)f[r]?x.event.remove(n,r):x.removeEvent(n,r,a.handle);u[o]&&(delete u[o],c?delete n[l]:typeof n.removeAttribute!==i?n.removeAttribute(l):n[l]=null,p.push(o))}},_evalUrl:function(e){return x.ajax({url:e,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}) +}}),x.fn.extend({wrapAll:function(e){if(x.isFunction(e))return this.each(function(t){x(this).wrapAll(e.call(this,t))});if(this[0]){var t=x(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){var e=this;while(e.firstChild&&1===e.firstChild.nodeType)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return x.isFunction(e)?this.each(function(t){x(this).wrapInner(e.call(this,t))}):this.each(function(){var t=x(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=x.isFunction(e);return this.each(function(n){x(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){x.nodeName(this,"body")||x(this).replaceWith(this.childNodes)}).end()}});var Pt,Rt,Wt,$t=/alpha\([^)]*\)/i,It=/opacity\s*=\s*([^)]*)/,zt=/^(top|right|bottom|left)$/,Xt=/^(none|table(?!-c[ea]).+)/,Ut=/^margin/,Vt=RegExp("^("+w+")(.*)$","i"),Yt=RegExp("^("+w+")(?!px)[a-z%]+$","i"),Jt=RegExp("^([+-])=("+w+")","i"),Gt={BODY:"block"},Qt={position:"absolute",visibility:"hidden",display:"block"},Kt={letterSpacing:0,fontWeight:400},Zt=["Top","Right","Bottom","Left"],en=["Webkit","O","Moz","ms"];function tn(e,t){if(t in e)return t;var n=t.charAt(0).toUpperCase()+t.slice(1),r=t,i=en.length;while(i--)if(t=en[i]+n,t in e)return t;return r}function nn(e,t){return e=t||e,"none"===x.css(e,"display")||!x.contains(e.ownerDocument,e)}function rn(e,t){var n,r,i,o=[],a=0,s=e.length;for(;s>a;a++)r=e[a],r.style&&(o[a]=x._data(r,"olddisplay"),n=r.style.display,t?(o[a]||"none"!==n||(r.style.display=""),""===r.style.display&&nn(r)&&(o[a]=x._data(r,"olddisplay",ln(r.nodeName)))):o[a]||(i=nn(r),(n&&"none"!==n||!i)&&x._data(r,"olddisplay",i?n:x.css(r,"display"))));for(a=0;s>a;a++)r=e[a],r.style&&(t&&"none"!==r.style.display&&""!==r.style.display||(r.style.display=t?o[a]||"":"none"));return e}x.fn.extend({css:function(e,n){return x.access(this,function(e,n,r){var i,o,a={},s=0;if(x.isArray(n)){for(o=Rt(e),i=n.length;i>s;s++)a[n[s]]=x.css(e,n[s],!1,o);return a}return r!==t?x.style(e,n,r):x.css(e,n)},e,n,arguments.length>1)},show:function(){return rn(this,!0)},hide:function(){return rn(this)},toggle:function(e){var t="boolean"==typeof e;return this.each(function(){(t?e:nn(this))?x(this).show():x(this).hide()})}}),x.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=Wt(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":x.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var o,a,s,l=x.camelCase(n),u=e.style;if(n=x.cssProps[l]||(x.cssProps[l]=tn(u,l)),s=x.cssHooks[n]||x.cssHooks[l],r===t)return s&&"get"in s&&(o=s.get(e,!1,i))!==t?o:u[n];if(a=typeof r,"string"===a&&(o=Jt.exec(r))&&(r=(o[1]+1)*o[2]+parseFloat(x.css(e,n)),a="number"),!(null==r||"number"===a&&isNaN(r)||("number"!==a||x.cssNumber[l]||(r+="px"),x.support.clearCloneStyle||""!==r||0!==n.indexOf("background")||(u[n]="inherit"),s&&"set"in s&&(r=s.set(e,r,i))===t)))try{u[n]=r}catch(c){}}},css:function(e,n,r,i){var o,a,s,l=x.camelCase(n);return n=x.cssProps[l]||(x.cssProps[l]=tn(e.style,l)),s=x.cssHooks[n]||x.cssHooks[l],s&&"get"in s&&(a=s.get(e,!0,r)),a===t&&(a=Wt(e,n,i)),"normal"===a&&n in Kt&&(a=Kt[n]),""===r||r?(o=parseFloat(a),r===!0||x.isNumeric(o)?o||0:a):a}}),e.getComputedStyle?(Rt=function(t){return e.getComputedStyle(t,null)},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),l=s?s.getPropertyValue(n)||s[n]:t,u=e.style;return s&&(""!==l||x.contains(e.ownerDocument,e)||(l=x.style(e,n)),Yt.test(l)&&Ut.test(n)&&(i=u.width,o=u.minWidth,a=u.maxWidth,u.minWidth=u.maxWidth=u.width=l,l=s.width,u.width=i,u.minWidth=o,u.maxWidth=a)),l}):a.documentElement.currentStyle&&(Rt=function(e){return e.currentStyle},Wt=function(e,n,r){var i,o,a,s=r||Rt(e),l=s?s[n]:t,u=e.style;return null==l&&u&&u[n]&&(l=u[n]),Yt.test(l)&&!zt.test(n)&&(i=u.left,o=e.runtimeStyle,a=o&&o.left,a&&(o.left=e.currentStyle.left),u.left="fontSize"===n?"1em":l,l=u.pixelLeft+"px",u.left=i,a&&(o.left=a)),""===l?"auto":l});function on(e,t,n){var r=Vt.exec(t);return r?Math.max(0,r[1]-(n||0))+(r[2]||"px"):t}function an(e,t,n,r,i){var o=n===(r?"border":"content")?4:"width"===t?1:0,a=0;for(;4>o;o+=2)"margin"===n&&(a+=x.css(e,n+Zt[o],!0,i)),r?("content"===n&&(a-=x.css(e,"padding"+Zt[o],!0,i)),"margin"!==n&&(a-=x.css(e,"border"+Zt[o]+"Width",!0,i))):(a+=x.css(e,"padding"+Zt[o],!0,i),"padding"!==n&&(a+=x.css(e,"border"+Zt[o]+"Width",!0,i)));return a}function sn(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=Rt(e),a=x.support.boxSizing&&"border-box"===x.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=Wt(e,t,o),(0>i||null==i)&&(i=e.style[t]),Yt.test(i))return i;r=a&&(x.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i+an(e,t,n||(a?"border":"content"),r,o)+"px"}function ln(e){var t=a,n=Gt[e];return n||(n=un(e,t),"none"!==n&&n||(Pt=(Pt||x("