diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitattributes b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitattributes
new file mode 100644
index 0000000..acc5026
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitattributes
@@ -0,0 +1,15 @@
+# Set default behaviour, in case users don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files we want to always be normalized and converted 
+# to native line endings on checkout.
+*.php text eol=lf
+*.js text eol=lf
+*.css text eol=lf
+*.html text eol=lf
+*.xml text eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpg binary
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitignore b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitignore
new file mode 100644
index 0000000..16af611
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitignore
@@ -0,0 +1,28 @@
+.*.swp
+.*.swo
+._*
+.DS_Store
+/ImgCache/
+/Backup_rar/
+/Debug/
+/debug/
+/upload/
+/avatar/
+/.idea/
+.svn/
+*.orig
+*.aps
+*.APS
+*.chm
+*.exp
+*.pdb
+*.rar
+*.mo
+*.po
+*.pot
+.smbdelete*
+*.sublime*
+.sass-cache
+config.rb
+/config.inc.php
+/usr/uploads/
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitmodules b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.gitmodules
new file mode 100644
index 0000000..e69de29
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.travis.yml b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.travis.yml
new file mode 100644
index 0000000..02b4d16
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/.travis.yml
@@ -0,0 +1,12 @@
+language: php
+
+php:
+  - 5.6
+  - 5.5
+  - 5.4
+  - 5.3
+  - 5.2
+  - hhvm
+
+script: cd ./tools/ && set -e && make test
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/README.md b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/README.md
new file mode 100644
index 0000000..69fcb17
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/README.md
@@ -0,0 +1,15 @@
+Typecho Blogging Platform
+=========================
+
+####Homepage
+http://typecho.org/
+
+####Document
+http://docs.typecho.org/
+
+####Forum
+http://forum.typecho.org/
+
+####Download
+http://typecho.org/download
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/category.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/category.php
new file mode 100644
index 0000000..97de61d
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/category.php
@@ -0,0 +1,23 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-6 col-tb-offset-3">
+                <?php Typecho_Widget::widget('Widget_Metas_Category_Edit')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common-js.php
new file mode 100644
index 0000000..e652930
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common-js.php
@@ -0,0 +1,105 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<script src="<?php $options->adminStaticUrl('js', 'jquery.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'jquery-ui.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'typecho.js?v=' . $suffixVersion); ?>"></script>
+<script>
+    (function () {
+        $(document).ready(function() {
+            // 处理消息机制
+            (function () {
+                var prefix = '<?php echo Typecho_Cookie::getPrefix(); ?>',
+                    cookies = {
+                        notice      :   $.cookie(prefix + '__typecho_notice'),
+                        noticeType  :   $.cookie(prefix + '__typecho_notice_type'),
+                        highlight   :   $.cookie(prefix + '__typecho_notice_highlight')
+                    },
+                    path = '<?php echo Typecho_Cookie::getPath(); ?>';
+
+                if (!!cookies.notice && 'success|notice|error'.indexOf(cookies.noticeType) >= 0) {
+                    var head = $('.typecho-head-nav'),
+                        p = $('<div class="message popup ' + cookies.noticeType + '">'
+                        + '<ul><li>' + $.parseJSON(cookies.notice).join('</li><li>') 
+                        + '</li></ul></div>'), offset = 0;
+
+                    if (head.length > 0) {
+                        p.insertAfter(head);
+                        offset = head.outerHeight();
+                    } else {
+                        p.prependTo(document.body);
+                    }
+
+                    function checkScroll () {
+                        if ($(window).scrollTop() >= offset) {
+                            p.css({
+                                'position'  :   'fixed',
+                                'top'       :   0
+                            });
+                        } else {
+                            p.css({
+                                'position'  :   'absolute',
+                                'top'       :   offset
+                            });
+                        }
+                    }
+
+                    $(window).scroll(function () {
+                        checkScroll();
+                    });
+
+                    checkScroll();
+
+                    p.slideDown(function () {
+                        var t = $(this), color = '#C6D880';
+                        
+                        if (t.hasClass('error')) {
+                            color = '#FBC2C4';
+                        } else if (t.hasClass('notice')) {
+                            color = '#FFD324';
+                        }
+
+                        t.effect('highlight', {color : color})
+                            .delay(5000).slideUp(function () {
+                            $(this).remove();
+                        });
+                    });
+
+                    
+                    $.cookie(prefix + '__typecho_notice', null, {path : path});
+                    $.cookie(prefix + '__typecho_notice_type', null, {path : path});
+                }
+
+                if (cookies.highlight) {
+                    $('#' + cookies.highlight).effect('highlight', 1000);
+                    $.cookie(prefix + '__typecho_notice_highlight', null, {path : path});
+                }
+            })();
+
+
+            // 导航菜单 tab 聚焦时展开下拉菜单
+            (function () {
+                $('#typecho-nav-list').find('.parent a').focus(function() {
+                    $('#typecho-nav-list').find('.child').hide();
+                    $(this).parents('.root').find('.child').show();
+                });
+                $('.operate').find('a').focus(function() {
+                    $('#typecho-nav-list').find('.child').hide();
+                });
+            })();
+
+
+            if ($('.typecho-login').length == 0) {
+                $('a').each(function () {
+                    var t = $(this), href = t.attr('href');
+
+                    if ((href && href[0] == '#')
+                        || /^<?php echo preg_quote($options->adminUrl, '/'); ?>.*$/.exec(href) 
+                            || /^<?php echo substr(preg_quote(Typecho_Common::url('s', $options->index), '/'), 0, -1); ?>action\/[_a-zA-Z0-9\/]+.*$/.exec(href)) {
+                        return;
+                    }
+
+                    t.attr('target', '_blank');
+                });
+            }
+        });
+    })();
+</script>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common.php
new file mode 100644
index 0000000..e3a6702
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/common.php
@@ -0,0 +1,59 @@
+<?php
+if (!defined('__DIR__')) {
+    define('__DIR__', dirname(__FILE__));
+}
+
+define('__TYPECHO_ADMIN__', true);
+
+/** 载入配置文件 */
+if (!defined('__TYPECHO_ROOT_DIR__') && !@include_once __DIR__ . '/../config.inc.php') {
+    file_exists(__DIR__ . '/../install.php') ? header('Location: ../install.php') : print('Missing Config File');
+    exit;
+}
+
+/** 初始化组件 */
+Typecho_Widget::widget('Widget_Init');
+
+/** 注册一个初始化插件 */
+Typecho_Plugin::factory('admin/common.php')->begin();
+
+Typecho_Widget::widget('Widget_Options')->to($options);
+Typecho_Widget::widget('Widget_User')->to($user);
+Typecho_Widget::widget('Widget_Security')->to($security);
+Typecho_Widget::widget('Widget_Menu')->to($menu);
+
+/** 初始化上下文 */
+$request = $options->request;
+$response = $options->response;
+
+/** 检测是否是第一次登录 */
+$currentMenu = $menu->getCurrentMenu();
+list($prefixVersion, $suffixVersion) = explode('/', $options->version);
+$params = parse_url($currentMenu[2]);
+$adminFile = basename($params['path']);
+
+if (!$user->logged && !Typecho_Cookie::get('__typecho_first_run') && !empty($currentMenu)) {
+    
+    if ('welcome.php' != $adminFile) {
+        $response->redirect(Typecho_Common::url('welcome.php', $options->adminUrl));
+    } else {
+        Typecho_Cookie::set('__typecho_first_run', 1);
+    }
+    
+} else {
+
+    /** 检测版本是否升级 */
+    if ($user->pass('administrator', true) && !empty($currentMenu)) {
+        $mustUpgrade = (!defined('Typecho_Common::VERSION') || version_compare(str_replace('/', '.', Typecho_Common::VERSION),
+        str_replace('/', '.', $options->version), '>'));
+
+        if ($mustUpgrade && 'upgrade.php' != $adminFile) {
+            $response->redirect(Typecho_Common::url('upgrade.php', $options->adminUrl));
+        } else if (!$mustUpgrade && 'upgrade.php' == $adminFile) {
+            $response->redirect($options->adminUrl);
+        } else if (!$mustUpgrade && 'welcome.php' == $adminFile && $user->logged) {
+            $response->redirect($options->adminUrl);
+        }
+    }
+
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/copyright.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/copyright.php
new file mode 100644
index 0000000..b17e928
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/copyright.php
@@ -0,0 +1,13 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<div class="typecho-foot" role="contentinfo">
+    <div class="copyright">
+        <a href="http://typecho.org" class="i-logo-s">Typecho</a>
+        <p><?php _e('由 <a href="http://typecho.org">%s</a> 强力驱动, 版本 %s (%s)', $options->software, $prefixVersion, $suffixVersion); ?></p>
+    </div>
+    <nav class="resource">
+        <a href="http://docs.typecho.org"><?php _e('帮助文档'); ?></a> &bull;
+        <a href="http://forum.typecho.org"><?php _e('支持论坛'); ?></a> &bull;
+        <a href="https://github.com/typecho/typecho/issues"><?php _e('报告错误'); ?></a> &bull;
+        <a href="http://extends.typecho.org"><?php _e('资源下载'); ?></a>
+    </nav>
+</div>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/grid.css b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/grid.css
new file mode 100644
index 0000000..6303d21
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/grid.css
@@ -0,0 +1,748 @@
+/*
+ * Bento Grid System
+ * Source: https://github.com/fenbox/bento
+ * Version: 1.2.8
+ * Update: 2013.11.25
+ */
+/* line 23, ../scss/grid.scss */
+.container, .row [class*="col-"] {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box; }
+
+/* line 31, ../scss/grid.scss */
+.container {
+  margin-left: auto;
+  margin-right: auto;
+  padding-left: 10px;
+  padding-right: 10px; }
+
+/* line 40, ../scss/grid.scss */
+.row {
+  margin-right: -10px;
+  margin-left: -10px; }
+
+/* line 46, ../scss/grid.scss */
+.row [class*="col-"] {
+  float: left;
+  min-height: 1px;
+  padding-right: 10px;
+  padding-left: 10px; }
+
+/* line 54, ../scss/grid.scss */
+.row [class*="-push-"],
+.row [class*="-pull-"] {
+  position: relative; }
+
+/*
+ * Mobile and up
+ */
+/* line 65, ../scss/grid.scss */
+.col-mb-1 {
+  width: 8.33333%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-2 {
+  width: 16.66667%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-3 {
+  width: 25%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-4 {
+  width: 33.33333%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-5 {
+  width: 41.66667%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-6 {
+  width: 50%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-7 {
+  width: 58.33333%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-8 {
+  width: 66.66667%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-9 {
+  width: 75%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-10 {
+  width: 83.33333%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-11 {
+  width: 91.66667%; }
+
+/* line 65, ../scss/grid.scss */
+.col-mb-12 {
+  width: 100%; }
+
+/*
+ * Tablet and up
+ */
+@media (min-width: 768px) {
+  /* line 76, ../scss/grid.scss */
+  .container {
+    max-width: 728px; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-1 {
+    width: 8.33333%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-2 {
+    width: 16.66667%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-3 {
+    width: 25%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-4 {
+    width: 33.33333%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-5 {
+    width: 41.66667%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-6 {
+    width: 50%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-7 {
+    width: 58.33333%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-8 {
+    width: 66.66667%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-9 {
+    width: 75%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-10 {
+    width: 83.33333%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-11 {
+    width: 91.66667%; }
+
+  /* line 82, ../scss/grid.scss */
+  .col-tb-12 {
+    width: 100%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-0 {
+    margin-left: 0%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-1 {
+    margin-left: 8.33333%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-2 {
+    margin-left: 16.66667%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-3 {
+    margin-left: 25%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-4 {
+    margin-left: 33.33333%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-5 {
+    margin-left: 41.66667%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-6 {
+    margin-left: 50%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-7 {
+    margin-left: 58.33333%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-8 {
+    margin-left: 66.66667%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-9 {
+    margin-left: 75%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-10 {
+    margin-left: 83.33333%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-11 {
+    margin-left: 91.66667%; }
+
+  /* line 89, ../scss/grid.scss */
+  .col-tb-offset-12 {
+    margin-left: 100%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-0 {
+    right: 0%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-1 {
+    right: 8.33333%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-2 {
+    right: 16.66667%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-3 {
+    right: 25%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-4 {
+    right: 33.33333%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-5 {
+    right: 41.66667%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-6 {
+    right: 50%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-7 {
+    right: 58.33333%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-8 {
+    right: 66.66667%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-9 {
+    right: 75%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-10 {
+    right: 83.33333%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-11 {
+    right: 91.66667%; }
+
+  /* line 96, ../scss/grid.scss */
+  .col-tb-pull-12 {
+    right: 100%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-0 {
+    left: 0%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-1 {
+    left: 8.33333%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-2 {
+    left: 16.66667%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-3 {
+    left: 25%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-4 {
+    left: 33.33333%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-5 {
+    left: 41.66667%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-6 {
+    left: 50%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-7 {
+    left: 58.33333%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-8 {
+    left: 66.66667%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-9 {
+    left: 75%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-10 {
+    left: 83.33333%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-11 {
+    left: 91.66667%; }
+
+  /* line 103, ../scss/grid.scss */
+  .col-tb-push-12 {
+    left: 100%; } }
+/*
+ * Desktop and up
+ */
+@media (min-width: 992px) {
+  /* line 115, ../scss/grid.scss */
+  .container {
+    max-width: 952px; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-1 {
+    width: 8.33333%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-2 {
+    width: 16.66667%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-3 {
+    width: 25%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-4 {
+    width: 33.33333%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-5 {
+    width: 41.66667%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-6 {
+    width: 50%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-7 {
+    width: 58.33333%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-8 {
+    width: 66.66667%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-9 {
+    width: 75%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-10 {
+    width: 83.33333%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-11 {
+    width: 91.66667%; }
+
+  /* line 121, ../scss/grid.scss */
+  .col-12 {
+    width: 100%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-0 {
+    margin-left: 0%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-1 {
+    margin-left: 8.33333%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-2 {
+    margin-left: 16.66667%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-3 {
+    margin-left: 25%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-4 {
+    margin-left: 33.33333%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-5 {
+    margin-left: 41.66667%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-6 {
+    margin-left: 50%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-7 {
+    margin-left: 58.33333%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-8 {
+    margin-left: 66.66667%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-9 {
+    margin-left: 75%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-10 {
+    margin-left: 83.33333%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-11 {
+    margin-left: 91.66667%; }
+
+  /* line 128, ../scss/grid.scss */
+  .col-offset-12 {
+    margin-left: 100%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-0 {
+    right: 0%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-1 {
+    right: 8.33333%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-2 {
+    right: 16.66667%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-3 {
+    right: 25%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-4 {
+    right: 33.33333%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-5 {
+    right: 41.66667%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-6 {
+    right: 50%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-7 {
+    right: 58.33333%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-8 {
+    right: 66.66667%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-9 {
+    right: 75%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-10 {
+    right: 83.33333%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-11 {
+    right: 91.66667%; }
+
+  /* line 135, ../scss/grid.scss */
+  .col-pull-12 {
+    right: 100%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-0 {
+    left: 0%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-1 {
+    left: 8.33333%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-2 {
+    left: 16.66667%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-3 {
+    left: 25%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-4 {
+    left: 33.33333%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-5 {
+    left: 41.66667%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-6 {
+    left: 50%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-7 {
+    left: 58.33333%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-8 {
+    left: 66.66667%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-9 {
+    left: 75%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-10 {
+    left: 83.33333%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-11 {
+    left: 91.66667%; }
+
+  /* line 142, ../scss/grid.scss */
+  .col-push-12 {
+    left: 100%; } }
+/*
+ * Widescreen and up
+ */
+@media (min-width: 1200px) {
+  /* line 154, ../scss/grid.scss */
+  .container {
+    max-width: 1160px; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-1 {
+    width: 8.33333%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-2 {
+    width: 16.66667%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-3 {
+    width: 25%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-4 {
+    width: 33.33333%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-5 {
+    width: 41.66667%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-6 {
+    width: 50%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-7 {
+    width: 58.33333%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-8 {
+    width: 66.66667%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-9 {
+    width: 75%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-10 {
+    width: 83.33333%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-11 {
+    width: 91.66667%; }
+
+  /* line 160, ../scss/grid.scss */
+  .col-wd-12 {
+    width: 100%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-0 {
+    margin-left: 0%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-1 {
+    margin-left: 8.33333%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-2 {
+    margin-left: 16.66667%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-3 {
+    margin-left: 25%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-4 {
+    margin-left: 33.33333%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-5 {
+    margin-left: 41.66667%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-6 {
+    margin-left: 50%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-7 {
+    margin-left: 58.33333%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-8 {
+    margin-left: 66.66667%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-9 {
+    margin-left: 75%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-10 {
+    margin-left: 83.33333%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-11 {
+    margin-left: 91.66667%; }
+
+  /* line 167, ../scss/grid.scss */
+  .col-wd-offset-12 {
+    margin-left: 100%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-0 {
+    right: 0%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-1 {
+    right: 8.33333%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-2 {
+    right: 16.66667%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-3 {
+    right: 25%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-4 {
+    right: 33.33333%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-5 {
+    right: 41.66667%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-6 {
+    right: 50%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-7 {
+    right: 58.33333%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-8 {
+    right: 66.66667%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-9 {
+    right: 75%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-10 {
+    right: 83.33333%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-11 {
+    right: 91.66667%; }
+
+  /* line 174, ../scss/grid.scss */
+  .col-wd-pull-12 {
+    right: 100%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-0 {
+    left: 0%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-1 {
+    left: 8.33333%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-2 {
+    left: 16.66667%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-3 {
+    left: 25%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-4 {
+    left: 33.33333%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-5 {
+    left: 41.66667%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-6 {
+    left: 50%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-7 {
+    left: 58.33333%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-8 {
+    left: 66.66667%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-9 {
+    left: 75%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-10 {
+    left: 83.33333%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-11 {
+    left: 91.66667%; }
+
+  /* line 181, ../scss/grid.scss */
+  .col-wd-push-12 {
+    left: 100%; } }
+/*
+ * Responsive kit
+ */
+@media (max-width: 767px) {
+  /* line 194, ../scss/grid.scss */
+  .kit-hidden-mb {
+    display: none; } }
+@media (max-width: 991px) {
+  /* line 201, ../scss/grid.scss */
+  .kit-hidden-tb {
+    display: none; } }
+@media (max-width: 1199px) {
+  /* line 208, ../scss/grid.scss */
+  .kit-hidden {
+    display: none; } }
+/*
+ * Clearfix
+ */
+/* line 217, ../scss/grid.scss */
+.clearfix, .row {
+  zoom: 1; }
+  /* line 219, ../scss/grid.scss */
+  .clearfix:before, .row:before, .clearfix:after, .row:after {
+    content: " ";
+    display: table; }
+  /* line 223, ../scss/grid.scss */
+  .clearfix:after, .row:after {
+    clear: both; }
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/normalize.css b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/normalize.css
new file mode 100644
index 0000000..c2de8df
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/normalize.css
@@ -0,0 +1,406 @@
+/*! normalize.css v2.1.3 | MIT License | git.io/normalize */
+
+/* ==========================================================================
+   HTML5 display definitions
+   ========================================================================== */
+
+/**
+ * Correct `block` display not defined in IE 8/9.
+ */
+
+article,
+aside,
+details,
+figcaption,
+figure,
+footer,
+header,
+hgroup,
+main,
+nav,
+section,
+summary {
+    display: block;
+}
+
+/**
+ * Correct `inline-block` display not defined in IE 8/9.
+ */
+
+audio,
+canvas,
+video {
+    display: inline-block;
+}
+
+/**
+ * Prevent modern browsers from displaying `audio` without controls.
+ * Remove excess height in iOS 5 devices.
+ */
+
+audio:not([controls]) {
+    display: none;
+    height: 0;
+}
+
+/**
+ * Address `[hidden]` styling not present in IE 8/9.
+ * Hide the `template` element in IE, Safari, and Firefox < 22.
+ */
+
+[hidden],
+template {
+    display: none;
+}
+
+/* ==========================================================================
+   Base
+   ========================================================================== */
+
+/**
+ * 1. Set default font family to sans-serif.
+ * 2. Prevent iOS text size adjust after orientation change, without disabling
+ *    user zoom.
+ */
+
+html {
+    font-family: sans-serif; /* 1 */
+    -ms-text-size-adjust: 100%; /* 2 */
+    -webkit-text-size-adjust: 100%; /* 2 */
+}
+
+/**
+ * Remove default margin.
+ */
+
+body {
+    margin: 0;
+}
+
+/* ==========================================================================
+   Links
+   ========================================================================== */
+
+/**
+ * Remove the gray background color from active links in IE 10.
+ */
+
+a {
+    background: transparent;
+}
+
+/**
+ * Address `outline` inconsistency between Chrome and other browsers.
+ */
+
+a:focus {
+    outline: thin dotted;
+}
+
+/**
+ * Improve readability when focused and also mouse hovered in all browsers.
+ */
+
+a:active,
+a:hover {
+    outline: 0;
+}
+
+/* ==========================================================================
+   Typography
+   ========================================================================== */
+
+/**
+ * Address variable `h1` font-size and margin within `section` and `article`
+ * contexts in Firefox 4+, Safari 5, and Chrome.
+ */
+
+h1 {
+    font-size: 2em;
+    margin: 0.67em 0;
+}
+
+/**
+ * Address styling not present in IE 8/9, Safari 5, and Chrome.
+ */
+
+abbr[title] {
+    border-bottom: 1px dotted;
+}
+
+/**
+ * Address style set to `bolder` in Firefox 4+, Safari 5, and Chrome.
+ */
+
+b,
+strong {
+    font-weight: bold;
+}
+
+/**
+ * Address styling not present in Safari 5 and Chrome.
+ */
+
+dfn {
+    font-style: italic;
+}
+
+/**
+ * Address differences between Firefox and other browsers.
+ */
+
+hr {
+    -moz-box-sizing: content-box;
+    box-sizing: content-box;
+    height: 0;
+}
+
+/**
+ * Address styling not present in IE 8/9.
+ */
+
+mark {
+    background: #ff0;
+    color: #000;
+}
+
+/**
+ * Correct font family set oddly in Safari 5 and Chrome.
+ */
+
+code,
+kbd,
+pre,
+samp {
+    font-family: monospace, serif;
+    font-size: 1em;
+}
+
+/**
+ * Improve readability of pre-formatted text in all browsers.
+ */
+
+pre {
+    white-space: pre-wrap;
+}
+
+/**
+ * Set consistent quote types.
+ */
+
+q {
+    quotes: "\201C" "\201D" "\2018" "\2019";
+}
+
+/**
+ * Address inconsistent and variable font size in all browsers.
+ */
+
+small {
+    font-size: 80%;
+}
+
+/**
+ * Prevent `sub` and `sup` affecting `line-height` in all browsers.
+ */
+
+sub,
+sup {
+    font-size: 75%;
+    line-height: 0;
+    position: relative;
+    vertical-align: baseline;
+}
+
+sup {
+    top: -0.5em;
+}
+
+sub {
+    bottom: -0.25em;
+}
+
+/* ==========================================================================
+   Embedded content
+   ========================================================================== */
+
+/**
+ * Remove border when inside `a` element in IE 8/9.
+ */
+
+img {
+    border: 0;
+}
+
+/**
+ * Correct overflow displayed oddly in IE 9.
+ */
+
+svg:not(:root) {
+    overflow: hidden;
+}
+
+/* ==========================================================================
+   Figures
+   ========================================================================== */
+
+/**
+ * Address margin not present in IE 8/9 and Safari 5.
+ */
+
+figure {
+    margin: 0;
+}
+
+/* ==========================================================================
+   Forms
+   ========================================================================== */
+
+/**
+ * Define consistent border, margin, and padding.
+ */
+
+fieldset {
+    border: 1px solid #c0c0c0;
+    margin: 0 2px;
+    padding: 0.35em 0.625em 0.75em;
+}
+
+/**
+ * 1. Correct `color` not being inherited in IE 8/9.
+ * 2. Remove padding so people aren't caught out if they zero out fieldsets.
+ */
+
+legend {
+    border: 0; /* 1 */
+    padding: 0; /* 2 */
+}
+
+/**
+ * 1. Correct font family not being inherited in all browsers.
+ * 2. Correct font size not being inherited in all browsers.
+ * 3. Address margins set differently in Firefox 4+, Safari 5, and Chrome.
+ */
+
+button,
+input,
+select,
+textarea {
+    font-family: inherit; /* 1 */
+    font-size: 100%; /* 2 */
+    margin: 0; /* 3 */
+}
+
+/**
+ * Address Firefox 4+ setting `line-height` on `input` using `!important` in
+ * the UA stylesheet.
+ */
+
+button,
+input {
+    line-height: normal;
+}
+
+/**
+ * Address inconsistent `text-transform` inheritance for `button` and `select`.
+ * All other form control elements do not inherit `text-transform` values.
+ * Correct `button` style inheritance in Chrome, Safari 5+, and IE 8+.
+ * Correct `select` style inheritance in Firefox 4+ and Opera.
+ */
+
+button,
+select {
+    text-transform: none;
+}
+
+/**
+ * 1. Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio`
+ *    and `video` controls.
+ * 2. Correct inability to style clickable `input` types in iOS.
+ * 3. Improve usability and consistency of cursor style between image-type
+ *    `input` and others.
+ */
+
+button,
+html input[type="button"], /* 1 */
+input[type="reset"],
+input[type="submit"] {
+    -webkit-appearance: button; /* 2 */
+    cursor: pointer; /* 3 */
+}
+
+/**
+ * Re-set default cursor for disabled elements.
+ */
+
+button[disabled],
+html input[disabled] {
+    cursor: default;
+}
+
+/**
+ * 1. Address box sizing set to `content-box` in IE 8/9/10.
+ * 2. Remove excess padding in IE 8/9/10.
+ */
+
+input[type="checkbox"],
+input[type="radio"] {
+    box-sizing: border-box; /* 1 */
+    padding: 0; /* 2 */
+}
+
+/**
+ * 1. Address `appearance` set to `searchfield` in Safari 5 and Chrome.
+ * 2. Address `box-sizing` set to `border-box` in Safari 5 and Chrome
+ *    (include `-moz` to future-proof).
+ */
+
+input[type="search"] {
+    -webkit-appearance: textfield; /* 1 */
+    -moz-box-sizing: content-box;
+    -webkit-box-sizing: content-box; /* 2 */
+    box-sizing: content-box;
+}
+
+/**
+ * Remove inner padding and search cancel button in Safari 5 and Chrome
+ * on OS X.
+ */
+
+input[type="search"]::-webkit-search-cancel-button,
+input[type="search"]::-webkit-search-decoration {
+    -webkit-appearance: none;
+}
+
+/**
+ * Remove inner padding and border in Firefox 4+.
+ */
+
+button::-moz-focus-inner,
+input::-moz-focus-inner {
+    border: 0;
+    padding: 0;
+}
+
+/**
+ * 1. Remove default vertical scrollbar in IE 8/9.
+ * 2. Improve readability and alignment in all browsers.
+ */
+
+textarea {
+    overflow: auto; /* 1 */
+    vertical-align: top; /* 2 */
+}
+
+/* ==========================================================================
+   Tables
+   ========================================================================== */
+
+/**
+ * Remove most spacing between table cells.
+ */
+
+table {
+    border-collapse: collapse;
+    border-spacing: 0;
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/style.css b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/style.css
new file mode 100644
index 0000000..3037620
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/css/style.css
@@ -0,0 +1,2118 @@
+@charset "UTF-8";
+/* vim: set et sw=2 ts=2 sts=2 fdm=marker ff=unix fenc=utf8 */
+/**
+* Typecho 后台样式
+*
+* @author  Typecho Team
+* @since   2008-09-26
+* @update  2013-11-02
+* @link    http://www.typecho.org/
+* @version 0.9
+*/
+/**
+* Typecho 全局样式
+*/
+/* line 18, ../scss/style.scss */
+html {
+  height: 100%; }
+
+/* line 22, ../scss/style.scss */
+body {
+  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+  background: #F6F6F3;
+  color: #444;
+  font-size: 87.5%;
+  line-height: 1.5; }
+
+/* line 30, ../scss/style.scss */
+a {
+  color: #467B96;
+  text-decoration: none; }
+  /* line 33, ../scss/style.scss */
+  a:hover {
+    color: #499BC3;
+    text-decoration: underline; }
+
+/* line 39, ../scss/style.scss */
+code, pre, .mono {
+  font-family: Menlo, Monaco, Consolas, "Courier New", monospace; }
+
+/* line 43, ../scss/style.scss */
+.p {
+  margin: 1em 0; }
+
+/* line 45, ../scss/style.scss */
+.body-100 {
+  height: 100%; }
+
+/* line 49, ../scss/style.scss */
+a.balloon-button {
+  display: inline-block;
+  padding: 0 6px;
+  min-width: 12px;
+  height: 18px;
+  line-height: 18px;
+  background: #D8E7EE;
+  font-size: .85714em;
+  text-align: center;
+  text-decoration: none;
+  /** 修正ie中文不对齐 */
+  zoom: 1;
+  -moz-border-radius: 30px;
+  -webkit-border-radius: 30px;
+  border-radius: 30px; }
+
+/* line 68, ../scss/style.scss */
+a.button:hover, a.balloon-button:hover {
+  background-color: #A5CADC;
+  color: #FFF;
+  text-decoration: none; }
+
+/**
+* Forms
+*/
+/* line 5, ../scss/_forms.scss */
+input[type=text], input[type=password], input[type=email],
+textarea {
+  background: #FFF;
+  border: 1px solid #D9D9D6;
+  padding: 7px;
+  border-radius: 2px;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box; }
+
+/* line 18, ../scss/_forms.scss */
+textarea {
+  resize: vertical;
+  line-height: 1.5; }
+
+/* line 23, ../scss/_forms.scss */
+input[type="radio"], input[type="checkbox"] {
+  margin-right: 3px; }
+
+/* line 26, ../scss/_forms.scss */
+input.text-s, textarea.text-s {
+  padding: 5px; }
+/* line 27, ../scss/_forms.scss */
+input.text-l, textarea.text-l {
+  padding: 10px;
+  font-size: 1.14286em; }
+
+/* line 33, ../scss/_forms.scss */
+.w-10 {
+  width: 10%; }
+
+/* line 34, ../scss/_forms.scss */
+.w-20 {
+  width: 20%; }
+
+/* line 35, ../scss/_forms.scss */
+.w-30 {
+  width: 30%; }
+
+/* line 36, ../scss/_forms.scss */
+.w-40 {
+  width: 40%; }
+
+/* line 37, ../scss/_forms.scss */
+.w-50 {
+  width: 50%; }
+
+/* line 38, ../scss/_forms.scss */
+.w-60 {
+  width: 60%; }
+
+/* line 39, ../scss/_forms.scss */
+.w-70 {
+  width: 70%; }
+
+/* line 40, ../scss/_forms.scss */
+.w-80 {
+  width: 80%; }
+
+/* line 41, ../scss/_forms.scss */
+.w-90 {
+  width: 90%; }
+
+/* line 42, ../scss/_forms.scss */
+.w-100 {
+  width: 100%; }
+
+/* line 44, ../scss/_forms.scss */
+select {
+  border: 1px solid #CCC;
+  height: 28px; }
+
+/**
+* Buttons
+*/
+/* line 28, ../scss/_buttons.scss */
+.btn, #ui-datepicker-div .ui-datepicker-current,
+#ui-datepicker-div .ui-datepicker-close {
+  border: none;
+  background-color: #E9E9E6;
+  cursor: pointer;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px;
+  display: inline-block;
+  padding: 0 12px;
+  height: 32px;
+  color: #666;
+  vertical-align: middle;
+  zoom: 1; }
+  /* line 15, ../scss/_buttons.scss */
+  .btn:hover, #ui-datepicker-div .ui-datepicker-current:hover,
+  #ui-datepicker-div .ui-datepicker-close:hover {
+    -moz-transition-duration: 0.4s;
+    -o-transition-duration: 0.4s;
+    -webkit-transition-duration: 0.4s;
+    transition-duration: 0.4s;
+    background-color: #dbdbd6; }
+  /* line 19, ../scss/_buttons.scss */
+  .btn:active, #ui-datepicker-div .ui-datepicker-current:active,
+  #ui-datepicker-div .ui-datepicker-close:active, .btn.active, #ui-datepicker-div .active.ui-datepicker-current,
+  #ui-datepicker-div .active.ui-datepicker-close {
+    background-color: #d6d6d0; }
+  /* line 22, ../scss/_buttons.scss */
+  .btn:disabled, #ui-datepicker-div .ui-datepicker-current:disabled,
+  #ui-datepicker-div .ui-datepicker-close:disabled {
+    background-color: #f7f7f6;
+    cursor: default; }
+  /* line 38, ../scss/_buttons.scss */
+  .btn:disabled, #ui-datepicker-div .ui-datepicker-current:disabled,
+  #ui-datepicker-div .ui-datepicker-close:disabled {
+    color: #999; }
+
+/* line 43, ../scss/_buttons.scss */
+.btn-xs, #ui-datepicker-div .ui-datepicker-current,
+#ui-datepicker-div .ui-datepicker-close {
+  padding: 0 10px;
+  height: 25px;
+  font-size: 13px; }
+
+/* line 48, ../scss/_buttons.scss */
+.btn-s {
+  height: 28px; }
+
+/* line 49, ../scss/_buttons.scss */
+.btn-l {
+  height: 40px;
+  font-size: 1.14286em;
+  font-weight: bold; }
+
+/* line 55, ../scss/_buttons.scss */
+.primary {
+  border: none;
+  background-color: #467B96;
+  cursor: pointer;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px;
+  color: #FFF; }
+  /* line 15, ../scss/_buttons.scss */
+  .primary:hover {
+    -moz-transition-duration: 0.4s;
+    -o-transition-duration: 0.4s;
+    -webkit-transition-duration: 0.4s;
+    transition-duration: 0.4s;
+    background-color: #3c6a81; }
+  /* line 19, ../scss/_buttons.scss */
+  .primary:active, .primary.active {
+    background-color: #39647a; }
+  /* line 22, ../scss/_buttons.scss */
+  .primary:disabled {
+    background-color: #508cab;
+    cursor: default; }
+
+/* line 60, ../scss/_buttons.scss */
+.btn-group {
+  display: inline-block; }
+
+/* line 64, ../scss/_buttons.scss */
+.btn-warn {
+  border: none;
+  background-color: #B94A48;
+  cursor: pointer;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px;
+  color: #FFF; }
+  /* line 15, ../scss/_buttons.scss */
+  .btn-warn:hover {
+    -moz-transition-duration: 0.4s;
+    -o-transition-duration: 0.4s;
+    -webkit-transition-duration: 0.4s;
+    transition-duration: 0.4s;
+    background-color: #a4403f; }
+  /* line 19, ../scss/_buttons.scss */
+  .btn-warn:active, .btn-warn.active {
+    background-color: #9c3e3c; }
+  /* line 22, ../scss/_buttons.scss */
+  .btn-warn:disabled {
+    background-color: #c1605e;
+    cursor: default; }
+
+/* line 69, ../scss/_buttons.scss */
+.btn-link,
+.btn-link:hover,
+.btn-link:focus,
+.btn-link:active,
+.btn-link.active {
+  background-color: transparent; }
+
+/* 下拉菜单 */
+/* line 78, ../scss/_buttons.scss */
+.btn-drop {
+  position: relative; }
+
+/* line 81, ../scss/_buttons.scss */
+.dropdown-toggle {
+  padding-right: 8px; }
+
+/* line 84, ../scss/_buttons.scss */
+.dropdown-menu {
+  list-style: none;
+  position: absolute;
+  z-index: 2;
+  left: 0;
+  margin: 0;
+  padding: 0;
+  border: 1px solid #D9D9D6;
+  background: #FFF;
+  text-align: left;
+  min-width: 108px;
+  display: none; }
+  /* line 97, ../scss/_buttons.scss */
+  .dropdown-menu li {
+    white-space: nowrap; }
+    /* line 99, ../scss/_buttons.scss */
+    .dropdown-menu li.multiline {
+      padding: 5px 12px 12px; }
+  /* line 104, ../scss/_buttons.scss */
+  .dropdown-menu a {
+    display: block;
+    padding: 5px 12px;
+    color: #666; }
+    /* line 108, ../scss/_buttons.scss */
+    .dropdown-menu a:hover {
+      background: #F6F6F3;
+      text-decoration: none !important; }
+
+/**
+* 提示信息框
+*/
+/* line 6, ../scss/_messages.scss */
+.message {
+  padding: 8px 10px;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px; }
+
+/* line 11, ../scss/_messages.scss */
+.message a {
+  font-weight: bold;
+  text-decoration: underline; }
+
+/* line 16, ../scss/_messages.scss */
+.error {
+  background: #FBE3E4;
+  color: #8A1F11; }
+
+/* line 20, ../scss/_messages.scss */
+.error a {
+  color: #8A1F11; }
+
+/* line 22, ../scss/_messages.scss */
+.notice {
+  background: #FFF6BF;
+  color: #8A6D3B; }
+
+/* line 26, ../scss/_messages.scss */
+.notice a {
+  color: #8A6D3B; }
+
+/* line 28, ../scss/_messages.scss */
+.success {
+  background: #E6EFC2;
+  color: #264409; }
+
+/* line 32, ../scss/_messages.scss */
+.success a {
+  color: #264409; }
+
+/* line 36, ../scss/_messages.scss */
+.balloon {
+  display: inline-block;
+  padding: 0 4px;
+  min-width: 10px;
+  height: 14px;
+  line-height: 14px;
+  background: #B9B9B6;
+  vertical-align: text-top;
+  text-align: center;
+  font-size: 12px;
+  color: #FFF;
+  -moz-border-radius: 20px;
+  -webkit-border-radius: 20px;
+  border-radius: 20px; }
+
+/**
+* 后台分页
+*/
+/* line 5, ../scss/_pagenavi.scss */
+.typecho-pager {
+  list-style: none;
+  float: right;
+  margin: 0;
+  padding: 0;
+  line-height: 1;
+  text-align: center;
+  zoom: 1; }
+
+/* line 15, ../scss/_pagenavi.scss */
+.typecho-pager li {
+  display: inline-block;
+  margin: 0 3px;
+  height: 28px;
+  line-height: 28px; }
+
+/* line 22, ../scss/_pagenavi.scss */
+.typecho-pager a {
+  display: block;
+  padding: 0 10px;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px; }
+
+/* line 28, ../scss/_pagenavi.scss */
+.typecho-pager a:hover {
+  text-decoration: none;
+  background: #E9E9E6; }
+
+/* line 33, ../scss/_pagenavi.scss */
+.typecho-pager li.current a {
+  background: #E9E9E6;
+  color: #444; }
+
+/**
+* 后台头部导航
+*/
+/* line 4, ../scss/_header.scss */
+.typecho-head-nav {
+  padding: 0 10px;
+  background: #292D33; }
+
+/* line 9, ../scss/_header.scss */
+.typecho-head-nav a {
+  color: #BBB; }
+
+/* line 12, ../scss/_header.scss */
+.typecho-head-nav a:hover,
+.typecho-head-nav a:focus {
+  color: #FFF;
+  text-decoration: none; }
+
+/* line 18, ../scss/_header.scss */
+#typecho-nav-list {
+  float: left; }
+  /* line 20, ../scss/_header.scss */
+  #typecho-nav-list ul {
+    list-style: none;
+    margin: 0;
+    padding: 0; }
+
+/* line 27, ../scss/_header.scss */
+#typecho-nav-list ul:first-child {
+  border-left: 1px solid #383D45; }
+
+/* line 31, ../scss/_header.scss */
+#typecho-nav-list .root {
+  position: relative;
+  float: left; }
+
+/* line 36, ../scss/_header.scss */
+#typecho-nav-list .parent a {
+  display: block;
+  float: left;
+  padding: 0 20px;
+  border-right: 1px solid #383D45;
+  height: 36px;
+  line-height: 36px;
+  color: #BBB; }
+
+/* line 46, ../scss/_header.scss */
+#typecho-nav-list .parent a:hover,
+#typecho-nav-list .focus .parent a,
+#typecho-nav-list .root:hover .parent a {
+  background: #202328;
+  color: #FFF;
+  text-decoration: none; }
+
+/* line 54, ../scss/_header.scss */
+#typecho-nav-list .focus .parent a {
+  font-weight: bold; }
+
+/* line 58, ../scss/_header.scss */
+#typecho-nav-list .child {
+  position: absolute;
+  top: 36px;
+  display: none;
+  margin: 0;
+  min-width: 160px;
+  max-width: 240px;
+  background: #202328;
+  z-index: 250; }
+
+/* line 69, ../scss/_header.scss */
+#typecho-nav-list .root:hover .child {
+  display: block; }
+
+/* line 73, ../scss/_header.scss */
+#typecho-nav-list .child li a {
+  color: #BBB;
+  display: block;
+  padding: 0 20px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  height: 36px;
+  line-height: 36px; }
+
+/* line 84, ../scss/_header.scss */
+#typecho-nav-list .child li a:hover,
+#typecho-nav-list .child li a:focus {
+  background: #292D33;
+  color: #FFF; }
+
+/* line 89, ../scss/_header.scss */
+#typecho-nav-list .child li.focus a {
+  color: #6DA1BB;
+  font-weight: bold; }
+
+/* line 94, ../scss/_header.scss */
+.typecho-head-nav .operate {
+  float: right; }
+
+/* line 97, ../scss/_header.scss */
+.typecho-head-nav .operate a {
+  display: inline-block;
+  margin-left: -1px;
+  padding: 0 20px;
+  border: 1px solid #383D45;
+  border-width: 0 1px;
+  line-height: 36px;
+  color: #BBB; }
+
+/* line 106, ../scss/_header.scss */
+.typecho-head-nav .operate a:hover {
+  background-color: #202328;
+  color: #FFF; }
+
+/**
+* 注脚
+*/
+/* line 4, ../scss/_footer.scss */
+.typecho-foot {
+  padding: 4em 0 3em;
+  color: #999;
+  line-height: 1.8;
+  text-align: center; }
+  /* line 10, ../scss/_footer.scss */
+  .typecho-foot .copyright p {
+    margin: 10px 0 0; }
+  /* line 13, ../scss/_footer.scss */
+  .typecho-foot .resource {
+    color: #CCC; }
+  /* line 16, ../scss/_footer.scss */
+  .typecho-foot .resource a {
+    margin: 0 3px;
+    color: #999; }
+
+/* 低版本浏览器升级提示 */
+/* line 84, ../scss/style.scss */
+.browsehappy {
+  border: none;
+  text-align: center; }
+
+/** 顶部消息样式 by 70 */
+/* line 90, ../scss/style.scss */
+.popup {
+  display: none;
+  position: absolute;
+  top: 0;
+  left: 0;
+  margin: 0;
+  padding: 8px 0;
+  border: none;
+  width: 100%;
+  z-index: 10;
+  text-align: center;
+  -moz-border-radius: 0;
+  -webkit-border-radius: 0;
+  border-radius: 0; }
+
+/* line 107, ../scss/style.scss */
+.popup ul {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  text-align: center; }
+
+/* line 114, ../scss/style.scss */
+.popup ul li {
+  display: inline-block;
+  margin-right: 10px; }
+
+/**
+* logo 的样式
+*/
+/**
+* 载入状态
+*/
+/* line 128, ../scss/style.scss */
+.loading {
+  padding-left: 20px !important;
+  background: transparent url(../img/ajax-loader.gif) no-repeat left center; }
+
+/**
+* 典型配置选项
+*/
+/* line 137, ../scss/style.scss */
+.typecho-option {
+  list-style: none;
+  margin: 1em 0;
+  padding: 0; }
+
+/* line 146, ../scss/style.scss */
+.typecho-option-submit li {
+  border-bottom: none; }
+
+/* line 150, ../scss/style.scss */
+.typecho-option label.typecho-label {
+  display: block;
+  margin-bottom: .5em;
+  font-weight: bold; }
+
+/* line 155, ../scss/style.scss */
+.typecho-option label.required:after {
+  content: " *";
+  color: #B94A48; }
+
+/* line 161, ../scss/style.scss */
+.typecho-option span {
+  margin-right: 15px; }
+
+/* line 162, ../scss/style.scss */
+.typecho-option .description {
+  margin: .5em 0 0;
+  color: #999;
+  font-size: .92857em; }
+
+/* line 168, ../scss/style.scss */
+.front-archive {
+  padding-left: 1.5em; }
+
+/* line 172, ../scss/style.scss */
+.profile-avatar {
+  border: 1px dashed #D9D9D6;
+  max-width: 100%; }
+
+/** 增加配置面板内部的错误样式 by 70 */
+/** 
+* 安装样式
+* 
+* @author mingcheng
+* @date   2008-09-06
+*/
+/**
+* 安装向导
+*/
+/* line 190, ../scss/style.scss */
+.typecho-install {
+  padding-bottom: 2em; }
+
+/* line 193, ../scss/style.scss */
+.typecho-install-patch {
+  margin-bottom: 2em;
+  padding: 2em 0;
+  background-color: #292D33;
+  color: #FFF;
+  text-align: center; }
+
+/* line 201, ../scss/style.scss */
+.typecho-install-patch ol {
+  list-style: none;
+  margin: 3em 0 1em;
+  padding: 0;
+  color: #999; }
+
+/* line 207, ../scss/style.scss */
+.typecho-install-patch li {
+  display: inline-block;
+  margin: 0 .8em; }
+
+/* line 211, ../scss/style.scss */
+.typecho-install-patch span {
+  display: inline-block;
+  margin-right: 5px;
+  width: 20px;
+  height: 20px;
+  line-height: 20px;
+  border: 2px solid #999;
+  text-align: center;
+  border-radius: 2em; }
+
+/* line 221, ../scss/style.scss */
+.typecho-install-patch li.current {
+  color: #FFF;
+  font-weight: bold; }
+
+/* line 225, ../scss/style.scss */
+.typecho-install-patch li.current span {
+  border-color: #FFF; }
+
+/**
+* 安装主体内容
+*/
+/* line 234, ../scss/style.scss */
+.typecho-install .typecho-install-body input {
+  width: 100%; }
+
+/* line 237, ../scss/style.scss */
+.typecho-install-body .typecho-option li {
+  margin: 1em 0; }
+
+/**
+* 欢迎界面
+*/
+/* line 246, ../scss/style.scss */
+#typecho-welcome {
+  margin: 1em 0;
+  padding: 1em 2em;
+  background-color: #E9E9E6; }
+
+/* line 252, ../scss/style.scss */
+.welcome-board {
+  color: #999;
+  font-size: 1.15em; }
+  /* line 255, ../scss/style.scss */
+  .welcome-board em {
+    color: #444;
+    font-size: 2em;
+    font-style: normal;
+    font-family: Georgia, serif; }
+
+/* line 263, ../scss/style.scss */
+#start-link {
+  margin-bottom: 25px;
+  padding: 0 0 35px;
+  border-bottom: 1px solid #ECECEC; }
+  /* line 267, ../scss/style.scss */
+  #start-link li {
+    float: left;
+    margin-right: 1.5em; }
+  /* line 271, ../scss/style.scss */
+  #start-link .balloon {
+    margin-top: 2px; }
+
+/* line 277, ../scss/style.scss */
+.latest-link li {
+  white-space: nowrap;
+  overflow: hidden;
+  text-overflow: ellipsis; }
+/* line 282, ../scss/style.scss */
+.latest-link span {
+  display: inline-block;
+  margin-right: 4px;
+  padding-right: 8px;
+  border-right: 1px solid #ECECEC;
+  width: 37px;
+  text-align: right;
+  color: #999; }
+
+/* line 293, ../scss/style.scss */
+.update-check {
+  font-size: 14px; }
+
+/**
+* 登录框
+*/
+/* line 300, ../scss/style.scss */
+.typecho-login-wrap {
+  display: table;
+  margin: 0 auto;
+  height: 100%; }
+
+/* line 305, ../scss/style.scss */
+.typecho-login {
+  display: table-cell;
+  padding: 30px 0 100px;
+  width: 280px;
+  text-align: center;
+  vertical-align: middle; }
+  /* line 311, ../scss/style.scss */
+  .typecho-login h1 {
+    margin: 0 0 1em; }
+
+/* line 316, ../scss/style.scss */
+.typecho-login .more-link {
+  margin-top: 2em;
+  color: #CCC; }
+
+/* line 320, ../scss/style.scss */
+.typecho-login .more-link a {
+  margin: 0 3px; }
+
+/**
+* 标题
+*/
+/* line 327, ../scss/style.scss */
+.typecho-page-title h2 {
+  margin: 25px 0 10px;
+  font-size: 1.28571em; }
+
+/* line 331, ../scss/style.scss */
+.typecho-page-title h2 a {
+  margin-left: 10px;
+  padding: 3px 8px;
+  background: #E9E9E6;
+  font-size: .8em;
+  border-radius: 2px; }
+
+/* line 339, ../scss/style.scss */
+.typecho-page-title h2 a:hover {
+  text-decoration: none; }
+
+/**
+* 后台页面主体
+*/
+/**
+* 主页主体
+*/
+/* line 353, ../scss/style.scss */
+.typecho-dashboard ul {
+  list-style: none;
+  padding: 0; }
+
+/* line 357, ../scss/style.scss */
+.typecho-dashboard li {
+  margin-bottom: 5px; }
+
+/**
+* 标签页
+*/
+/* line 365, ../scss/style.scss */
+.typecho-option-tabs {
+  list-style: none;
+  margin: 1em 0 0;
+  padding: 0;
+  font-size: 13px;
+  text-align: center; }
+  /* line 371, ../scss/style.scss */
+  .typecho-option-tabs.fix-tabs {
+    margin-bottom: 1em; }
+
+/* line 376, ../scss/style.scss */
+.typecho-option-tabs a {
+  display: block;
+  margin-right: -1px;
+  border: 1px solid #D9D9D6;
+  padding: 0 15px;
+  height: 26px;
+  line-height: 26px;
+  color: #666;
+  -moz-box-sizing: border-box;
+  -webkit-box-sizing: border-box;
+  box-sizing: border-box; }
+
+/* line 387, ../scss/style.scss */
+.typecho-option-tabs a:hover {
+  background-color: #E9E9E6;
+  color: #666;
+  text-decoration: none; }
+
+/* line 393, ../scss/style.scss */
+.typecho-option-tabs li {
+  float: left; }
+  /* line 395, ../scss/style.scss */
+  .typecho-option-tabs li:first-child a {
+    -moz-border-radius: 2px 0 0 2px;
+    -webkit-border-radius: 2px;
+    border-radius: 2px 0 0 2px; }
+  /* line 398, ../scss/style.scss */
+  .typecho-option-tabs li:last-child a {
+    -moz-border-radius: 0 2px 2px 0;
+    -webkit-border-radius: 0;
+    border-radius: 0 2px 2px 0; }
+
+/* line 403, ../scss/style.scss */
+.typecho-option-tabs.right {
+  float: right; }
+
+/* line 407, ../scss/style.scss */
+.typecho-option-tabs li.current a,
+.typecho-option-tabs li.active a {
+  background-color: #E9E9E6; }
+
+/**
+* 表格列表页
+*/
+/**
+* 列表页选项
+*/
+/* line 423, ../scss/style.scss */
+.typecho-list-operate {
+  margin: 1em 0; }
+
+/* line 427, ../scss/style.scss */
+.typecho-list-operate input,
+.typecho-list-operate button,
+.typecho-list-operate select {
+  vertical-align: bottom; }
+
+/* line 433, ../scss/style.scss */
+.typecho-list-operate input[type="checkbox"] {
+  vertical-align: text-top; }
+
+/* line 437, ../scss/style.scss */
+.typecho-list-operate .operate {
+  float: left; }
+
+/* line 441, ../scss/style.scss */
+.typecho-list-operate .search {
+  float: right; }
+
+/* line 445, ../scss/style.scss */
+.typecho-list-operate span.operate-delete, a.operate-delete,
+.typecho-list-operate span.operate-button-delete, a.operate-button-delete {
+  color: #B94A48; }
+
+/* line 450, ../scss/style.scss */
+a.operate-edit {
+  color: #007700; }
+
+/* line 454, ../scss/style.scss */
+a.operate-reply {
+  color: #545c30; }
+
+/* line 458, ../scss/style.scss */
+.typecho-list-operate a:hover {
+  text-decoration: none; }
+
+/**
+* 列表表格
+*/
+/** 增加表格标题 by 70 */
+/* line 466, ../scss/style.scss */
+.typecho-list-table-title {
+  margin: 1em 0;
+  color: #999;
+  text-align: center; }
+
+/* line 471, ../scss/style.scss */
+.typecho-table-wrap {
+  padding: 30px;
+  background: #FFF; }
+
+/* line 475, ../scss/style.scss */
+.typecho-list-table {
+  width: 100%; }
+
+/* line 479, ../scss/style.scss */
+.typecho-list-table.deactivate {
+  color: #999; }
+
+/* line 483, ../scss/style.scss */
+.typecho-list-table .right {
+  text-align: right; }
+
+/* line 487, ../scss/style.scss */
+.typecho-list-table th {
+  padding: 0 10px 10px;
+  border-bottom: 2px solid #F0F0EC;
+  text-align: left; }
+
+/* line 493, ../scss/style.scss */
+.typecho-list-table td {
+  padding: 10px;
+  border-top: 1px solid #F0F0EC;
+  word-break: break-all; }
+
+/* line 498, ../scss/style.scss */
+.typecho-list-table .status {
+  margin-left: 5px;
+  color: #999;
+  font-size: .92857em;
+  font-style: normal; }
+
+/* line 504, ../scss/style.scss */
+.typecho-list-table tbody tr:hover td {
+  background-color: #F6F6F3; }
+
+/* line 508, ../scss/style.scss */
+.typecho-list-table tbody tr.checked td {
+  background-color: #FFF9E8; }
+
+/* line 512, ../scss/style.scss */
+.warning {
+  color: #B94A48; }
+
+/* line 517, ../scss/style.scss */
+.typecho-list-table tr td .hidden-by-mouse {
+  filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=0);
+  opacity: 0; }
+
+/* line 521, ../scss/style.scss */
+.typecho-list-table tr:hover td .hidden-by-mouse {
+  filter: progid:DXImageTransform.Microsoft.Alpha(enabled=false);
+  opacity: 1; }
+
+/**
+* 评论管理
+*/
+/* line 530, ../scss/style.scss */
+.comment-reply-content {
+  position: relative;
+  margin: 1em 0;
+  padding: 0 1em;
+  border: 1px solid transparent;
+  background-color: #F0F0EC; }
+
+/* line 537, ../scss/style.scss */
+.comment-reply-content:after {
+  position: absolute;
+  right: 1em;
+  border: 8px solid #F0F0EC;
+  border-color: #F0F0EC #F0F0EC transparent transparent;
+  content: " "; }
+
+/* line 545, ../scss/style.scss */
+.comment-meta span,
+.comment-date {
+  font-size: .92857em;
+  color: #999; }
+
+/* line 551, ../scss/style.scss */
+.comment-action a, .comment-action span {
+  margin-right: 4px; }
+
+/* line 553, ../scss/style.scss */
+.comment-edit label {
+  display: block; }
+
+/**
+* 评论回复
+*/
+/* line 561, ../scss/style.scss */
+#typecho-respond {
+  padding: 10px;
+  display: none; }
+
+/**
+* 模板列表
+*/
+/* line 579, ../scss/style.scss */
+.typecho-theme-list img {
+  margin: 1em 0;
+  max-width: 100%;
+  max-height: 240px; }
+
+/* line 585, ../scss/style.scss */
+.typecho-theme-list cite {
+  font-style: normal;
+  color: #999; }
+
+/* line 590, ../scss/style.scss */
+.typecho-theme-list tbody tr.current td {
+  background-color: #FFF9E8; }
+
+/**
+* 后台配置项
+*/
+/* line 599, ../scss/style.scss */
+.typecho-page-main .typecho-option input.text {
+  width: 100%; }
+
+/* line 603, ../scss/style.scss */
+.typecho-page-main .typecho-option input.num {
+  width: 40px; }
+
+/* line 607, ../scss/style.scss */
+.typecho-page-main .typecho-option textarea {
+  width: 100%;
+  height: 100px; }
+
+/* line 612, ../scss/style.scss */
+.typecho-page-main .typecho-option .multiline {
+  display: block;
+  margin: .3em 0; }
+  /* line 615, ../scss/style.scss */
+  .typecho-page-main .typecho-option .multiline.hidden {
+    display: none; }
+
+/**
+* 编辑模板
+*/
+/* line 624, ../scss/style.scss */
+.typecho-select-theme {
+  height: 25px;
+  line-height: 25px;
+  margin: 15px 0px; }
+
+/* line 630, ../scss/style.scss */
+.typecho-select-theme h5 {
+  color: #E47E00;
+  font-weight: bold;
+  float: left;
+  font-size: 14px;
+  width: 120px;
+  margin-right: 10px; }
+
+/* line 639, ../scss/style.scss */
+.typecho-select-theme select {
+  width: 150px; }
+
+/**
+* 编辑模板（编辑详情）
+*/
+/* line 647, ../scss/style.scss */
+.typecho-edit-theme ul {
+  list-style: none;
+  margin: 0;
+  padding: 0; }
+
+/* line 653, ../scss/style.scss */
+.typecho-edit-theme li {
+  padding: 3px 10px; }
+
+/* line 657, ../scss/style.scss */
+.typecho-edit-theme .current {
+  background-color: #E6E6E3; }
+
+/* line 660, ../scss/style.scss */
+.typecho-edit-theme .current a {
+  color: #444; }
+
+/* line 664, ../scss/style.scss */
+.typecho-edit-theme textarea {
+  font-size: .92857em;
+  line-height: 1.2;
+  height: 500px; }
+
+/**
+* 编写页面
+*/
+/* line 674, ../scss/style.scss */
+.typecho-post-area .edit-draft-notice {
+  color: #999;
+  font-size: .92857em; }
+
+/* line 678, ../scss/style.scss */
+.typecho-post-area .edit-draft-notice a {
+  color: #B94A48; }
+
+/* line 680, ../scss/style.scss */
+.typecho-post-area .typecho-label {
+  display: block;
+  margin: 1em 0 -0.5em;
+  font-weight: bold; }
+
+/* line 686, ../scss/style.scss */
+.typecho-post-area #auto-save-message {
+  display: block;
+  margin-top: 0.5em;
+  color: #999;
+  font-size: .92857em; }
+
+/* line 693, ../scss/style.scss */
+.typecho-post-area .submit .right button {
+  margin-left: 5px; }
+
+/* line 697, ../scss/style.scss */
+.typecho-post-area .right {
+  float: right;
+  padding-left: 24px; }
+
+/* line 702, ../scss/style.scss */
+.typecho-post-area .left {
+  float: left; }
+
+/* line 709, ../scss/style.scss */
+.typecho-post-area .out-date {
+  border: 1px solid #D3DBB3;
+  padding: 3px;
+  background: #fff; }
+
+/* line 715, ../scss/style.scss */
+.typecho-post-area input.title {
+  font-size: 1.17em;
+  font-weight: bold; }
+
+/* line 719, ../scss/style.scss */
+.typecho-post-area .url-slug {
+  margin-top: -0.5em;
+  color: #AAA;
+  font-size: .92857em;
+  word-break: break-word; }
+
+/* line 725, ../scss/style.scss */
+.typecho-post-area #slug {
+  padding: 2px;
+  border: none;
+  background: #FFFBCC;
+  color: #666; }
+
+/* line 732, ../scss/style.scss */
+.typecho-post-area #text {
+  resize: none; }
+
+/* line 736, ../scss/style.scss */
+#advance-panel {
+  display: none; }
+
+/* line 740, ../scss/style.scss */
+#custom-field {
+  margin: 1em 0;
+  padding: 10px 15px;
+  background: #FFF; }
+  /* line 745, ../scss/style.scss */
+  #custom-field.fold table, #custom-field.fold .description {
+    display: none; }
+  /* line 748, ../scss/style.scss */
+  #custom-field .description {
+    margin-top: 10px;
+    text-align: right; }
+    /* line 751, ../scss/style.scss */
+    #custom-field .description button {
+      float: left; }
+  /* line 756, ../scss/style.scss */
+  #custom-field p.description {
+    text-align: left; }
+  /* line 760, ../scss/style.scss */
+  #custom-field .typecho-label {
+    margin: 0; }
+    /* line 762, ../scss/style.scss */
+    #custom-field .typecho-label a {
+      display: block;
+      color: #444; }
+      /* line 765, ../scss/style.scss */
+      #custom-field .typecho-label a:hover {
+        color: #467B96;
+        text-decoration: none; }
+  /* line 771, ../scss/style.scss */
+  #custom-field table {
+    margin-top: 10px; }
+  /* line 774, ../scss/style.scss */
+  #custom-field td {
+    padding: 10px 5px;
+    font-size: .92857em;
+    border-bottom: 1px solid #F0F0EC;
+    vertical-align: top; }
+    /* line 779, ../scss/style.scss */
+    #custom-field td label {
+      font-size: 1em;
+      font-weight: normal; }
+  /* line 784, ../scss/style.scss */
+  #custom-field select {
+    height: 27px; }
+
+/* line 787, ../scss/style.scss */
+.typecho-post-area .is-draft {
+  background: #FFF1A8; }
+
+/* line 791, ../scss/style.scss */
+.typecho-post-option .description {
+  margin-top: -0.5em;
+  color: #999;
+  font-size: .92857em; }
+
+/* line 797, ../scss/style.scss */
+.category-option ul {
+  list-style: none;
+  border: 1px solid #D9D9D6;
+  padding: 6px 12px;
+  max-height: 240px;
+  overflow: auto;
+  background-color: #FFF;
+  border-radius: 2px; }
+
+/* line 806, ../scss/style.scss */
+.category-option li {
+  margin: 3px 0; }
+
+/* line 810, ../scss/style.scss */
+.visibility-option ul,
+.allow-option ul {
+  list-style: none;
+  padding: 0; }
+
+/**
+* 标签列表
+*/
+/* line 821, ../scss/style.scss */
+.typecho-page-main ul.tag-list {
+  list-style: none;
+  margin: 0;
+  padding: 20px;
+  background-color: #FFF; }
+
+/* line 828, ../scss/style.scss */
+.typecho-page-main ul.tag-list li {
+  display: inline-block;
+  margin: 0 0 5px 0;
+  padding: 5px 5px 5px 10px;
+  cursor: pointer; }
+
+/* line 834, ../scss/style.scss */
+.typecho-page-main ul.tag-list li:hover {
+  background-color: #E9E9E6; }
+
+/* line 838, ../scss/style.scss */
+.typecho-page-main ul.tag-list li input {
+  display: none; }
+
+/* line 843, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.checked {
+  background-color: #FFFBCC; }
+
+/* line 847, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.size-5 {
+  font-size: 1em; }
+
+/* line 848, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.size-10 {
+  font-size: 1.2em; }
+
+/* line 849, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.size-20 {
+  font-size: 1.4em; }
+
+/* line 850, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.size-30 {
+  font-size: 1.6em; }
+
+/* line 851, ../scss/style.scss */
+.typecho-page-main ul.tag-list li.size-0 {
+  font-size: 1.8em; }
+
+/* line 853, ../scss/style.scss */
+.typecho-page-main .tag-edit-link {
+  visibility: hidden; }
+
+/* line 854, ../scss/style.scss */
+.typecho-page-main li:hover .tag-edit-link {
+  visibility: visible; }
+
+/* line 856, ../scss/style.scss */
+.typecho-attachment-photo {
+  border: 1px solid #E6E6E3;
+  max-width: 100%; }
+
+/*
+* Upload
+*/
+/* line 865, ../scss/style.scss */
+#upload-panel {
+  border: 1px dashed #D9D9D6;
+  background-color: #FFF;
+  color: #999;
+  font-size: .92857em; }
+  /* line 870, ../scss/style.scss */
+  #upload-panel.drag {
+    background-color: #FFFBCC; }
+
+/* line 875, ../scss/style.scss */
+.upload-area {
+  padding: 15px;
+  text-align: center; }
+
+/* line 880, ../scss/style.scss */
+#file-list {
+  list-style: none;
+  margin: 0 10px;
+  padding: 0;
+  max-height: 450px;
+  overflow: auto;
+  word-break: break-all; }
+  /* line 887, ../scss/style.scss */
+  #file-list li,
+  #file-list .insert {
+    overflow: hidden;
+    white-space: nowrap;
+    text-overflow: ellipsis; }
+  /* line 893, ../scss/style.scss */
+  #file-list li {
+    padding: 8px 0;
+    border-top: 1px dashed #D9D9D6; }
+  /* line 897, ../scss/style.scss */
+  #file-list .insert {
+    display: block;
+    max-width: 100%; }
+  /* line 901, ../scss/style.scss */
+  #file-list .file {
+    margin-left: 5px; }
+  /* line 904, ../scss/style.scss */
+  #file-list .info {
+    text-transform: uppercase; }
+
+/* line 909, ../scss/style.scss */
+#btn-fullscreen-upload {
+  visibility: hidden; }
+
+/**
+* 附件管理
+*/
+/* line 917, ../scss/style.scss */
+.edit-media button {
+  margin-right: 6px; }
+
+/* 拖动调整 textarea 大小 */
+/* line 920, ../scss/style.scss */
+.resize {
+  display: block;
+  margin: 2px auto 0;
+  padding: 2px 0;
+  border: 1px solid #D9D9D6;
+  border-width: 1px 0;
+  width: 60px;
+  cursor: row-resize; }
+  /* line 928, ../scss/style.scss */
+  .resize i {
+    display: block;
+    height: 1px;
+    background-color: #D9D9D6; }
+
+/* 拖动排序 */
+/* line 936, ../scss/style.scss */
+.tDnD_whileDrag {
+  background-color: #FFFBCC; }
+
+/**
+* 导入扩展样式
+*/
+/**
+ * icons
+ */
+/* line 29, ../scss/_icons.scss */
+.i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow, .i-upload, .i-upload-active {
+  display: inline-block;
+  vertical-align: text-bottom;
+  text-indent: -9999em;
+  background-image: url('../img/icons-s0c4f1c5ae6.png');
+  background-repeat: no-repeat; }
+  /* line 35, ../scss/_icons.scss */
+  .i-edit:hover, .i-delete:hover, .i-exlink:hover, .mime-office:hover, .mime-text:hover, .mime-image:hover, .mime-html:hover, .mime-archive:hover, .mime-application:hover, .mime-audio:hover, .mime-script:hover, .mime-video:hover, .mime-unknow:hover, .i-upload:hover, .i-upload-active:hover {
+    filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=75);
+    opacity: 0.75; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 29, ../scss/_icons.scss */
+    .i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow, .i-upload, .i-upload-active {
+      -moz-background-size: auto 256px;
+      -o-background-size: auto 256px;
+      -webkit-background-size: auto 256px;
+      background-size: auto 256px;
+      background-image: url('../img/icons-2x-s481937020b.png'); } }
+
+/* line 47, ../scss/_icons.scss */
+.i-edit, .i-delete, .i-exlink, .mime-office, .mime-text, .mime-image, .mime-html, .mime-archive, .mime-application, .mime-audio, .mime-script, .mime-video, .mime-unknow {
+  width: 16px;
+  height: 16px; }
+
+/* line 53, ../scss/_icons.scss */
+.i-upload, .i-upload-active {
+  width: 24px;
+  height: 24px; }
+
+/* line 59, ../scss/_icons.scss */
+.i-edit {
+  background-position: 0 -16px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 59, ../scss/_icons.scss */
+    .i-edit {
+      background-position: 0 -16px; } }
+
+/* line 63, ../scss/_icons.scss */
+.i-delete {
+  background-position: 0 0; }
+
+/* line 71, ../scss/_icons.scss */
+.i-upload {
+  background-position: 0 -72px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 71, ../scss/_icons.scss */
+    .i-upload {
+      background-position: 0 -72px; } }
+
+/* line 76, ../scss/_icons.scss */
+.i-upload-active {
+  background-position: 0 -48px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 76, ../scss/_icons.scss */
+    .i-upload-active {
+      background-position: 0 -48px; } }
+
+/* line 82, ../scss/_icons.scss */
+.i-caret-up, .i-caret-down, .i-caret-left, .i-caret-right {
+  display: inline-block;
+  border-style: solid;
+  border-color: transparent transparent #BBB transparent;
+  border-width: 3px 4px 5px; }
+
+/* line 88, ../scss/_icons.scss */
+.i-caret-down {
+  border-color: #BBB transparent transparent transparent;
+  border-width: 5px 4px 3px; }
+
+/* line 92, ../scss/_icons.scss */
+.i-caret-left {
+  border-color: transparent #BBB transparent transparent;
+  border-width: 4px 5px 4px 3px; }
+
+/* line 96, ../scss/_icons.scss */
+.i-caret-right {
+  border-color: transparent transparent transparent #BBB;
+  border-width: 4px 3px 4px 5px; }
+
+/* line 101, ../scss/_icons.scss */
+.i-exlink {
+  background-position: 0 -32px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 101, ../scss/_icons.scss */
+    .i-exlink {
+      background-position: 0 -32px; } }
+
+/* 文件类型图标 */
+/* line 109, ../scss/_icons.scss */
+.mime-office {
+  background-position: 0 -176px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 109, ../scss/_icons.scss */
+    .mime-office {
+      background-position: 0 -176px; } }
+
+/* line 114, ../scss/_icons.scss */
+.mime-text {
+  background-position: 0 -208px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 114, ../scss/_icons.scss */
+    .mime-text {
+      background-position: 0 -208px; } }
+
+/* line 119, ../scss/_icons.scss */
+.mime-image {
+  background-position: 0 -160px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 119, ../scss/_icons.scss */
+    .mime-image {
+      background-position: 0 -160px; } }
+
+/* line 124, ../scss/_icons.scss */
+.mime-html {
+  background-position: 0 -144px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 124, ../scss/_icons.scss */
+    .mime-html {
+      background-position: 0 -144px; } }
+
+/* line 129, ../scss/_icons.scss */
+.mime-archive {
+  background-position: 0 -112px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 129, ../scss/_icons.scss */
+    .mime-archive {
+      background-position: 0 -112px; } }
+
+/* line 134, ../scss/_icons.scss */
+.mime-application {
+  background-position: 0 -96px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 134, ../scss/_icons.scss */
+    .mime-application {
+      background-position: 0 -96px; } }
+
+/* line 139, ../scss/_icons.scss */
+.mime-audio {
+  background-position: 0 -128px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 139, ../scss/_icons.scss */
+    .mime-audio {
+      background-position: 0 -128px; } }
+
+/* line 144, ../scss/_icons.scss */
+.mime-script {
+  background-position: 0 -192px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 144, ../scss/_icons.scss */
+    .mime-script {
+      background-position: 0 -192px; } }
+
+/* line 149, ../scss/_icons.scss */
+.mime-video {
+  background-position: 0 -240px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 149, ../scss/_icons.scss */
+    .mime-video {
+      background-position: 0 -240px; } }
+
+/* line 154, ../scss/_icons.scss */
+.mime-unknow {
+  background-position: 0 -224px; }
+  @media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+    /* line 154, ../scss/_icons.scss */
+    .mime-unknow {
+      background-position: 0 -224px; } }
+
+/* Logo 图标 */
+/* line 161, ../scss/_icons.scss */
+.i-logo, .i-logo-s {
+  width: 169px;
+  height: 40px;
+  display: inline-block;
+  background: url("../img/typecho-logo.svg") no-repeat;
+  text-indent: -9999em;
+  -moz-background-size: auto 40px;
+  -o-background-size: auto 40px;
+  -webkit-background-size: auto 40px;
+  background-size: auto 40px;
+  filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=15);
+  opacity: 0.15; }
+  /* line 169, ../scss/_icons.scss */
+  .i-logo:hover, .i-logo-s:hover {
+    filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=20);
+    opacity: 0.2; }
+
+/* line 173, ../scss/_icons.scss */
+.i-logo-s {
+  width: 26px;
+  height: 26px;
+  -moz-background-size: auto 26px;
+  -o-background-size: auto 26px;
+  -webkit-background-size: auto 26px;
+  background-size: auto 26px; }
+
+/*
+* Editor
+*/
+/* line 4, ../scss/components/_editor.scss */
+.editor {
+  margin-bottom: -0.5em; }
+
+/* line 8, ../scss/components/_editor.scss */
+.wmd-button-row {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  height: 26px;
+  line-height: 1; }
+  /* line 15, ../scss/components/_editor.scss */
+  .wmd-button-row li {
+    display: inline-block;
+    margin-right: 4px;
+    padding: 3px;
+    cursor: pointer;
+    vertical-align: middle;
+    -moz-border-radius: 2px;
+    -webkit-border-radius: 2px;
+    border-radius: 2px; }
+    /* line 22, ../scss/components/_editor.scss */
+    .wmd-button-row li:hover {
+      background-color: #E9E9E6; }
+    /* line 25, ../scss/components/_editor.scss */
+    .wmd-button-row li.wmd-spacer {
+      height: 20px;
+      margin: 0 10px 0 6px;
+      padding: 0;
+      width: 1px;
+      background: #E9E9E6;
+      cursor: default; }
+
+/* line 36, ../scss/components/_editor.scss */
+#wmd-button-row span {
+  display: block;
+  width: 20px;
+  height: 20px;
+  background: transparent url(../img/editor.png) no-repeat; }
+
+@media (-webkit-min-device-pixel-ratio: 2), (min-resolution: 192dpi) {
+  /* line 46, ../scss/components/_editor.scss */
+  #wmd-button-row span {
+    background-image: url(../img/editor@2x.png);
+    -moz-background-size: 320px auto;
+    -o-background-size: 320px auto;
+    -webkit-background-size: 320px auto;
+    background-size: 320px auto; } }
+/* line 53, ../scss/components/_editor.scss */
+.wmd-edittab {
+  float: right;
+  margin-top: 3px;
+  font-size: .92857em; }
+  /* line 57, ../scss/components/_editor.scss */
+  .wmd-edittab a {
+    display: inline-block;
+    padding: 0 8px;
+    margin-left: 5px;
+    height: 20px;
+    line-height: 20px; }
+    /* line 63, ../scss/components/_editor.scss */
+    .wmd-edittab a:hover {
+      text-decoration: none; }
+    /* line 66, ../scss/components/_editor.scss */
+    .wmd-edittab a.active {
+      background: #E9E9E6;
+      color: #999; }
+
+/* line 74, ../scss/components/_editor.scss */
+.wmd-hidetab {
+  display: none; }
+
+/* line 78, ../scss/components/_editor.scss */
+.wmd-visualhide {
+  visibility: hidden; }
+
+/* 对话框 */
+/* line 83, ../scss/components/_editor.scss */
+.wmd-prompt-background {
+  background-color: #000; }
+
+/* line 86, ../scss/components/_editor.scss */
+.wmd-prompt-dialog {
+  position: fixed;
+  z-index: 1001;
+  top: 50%;
+  left: 50%;
+  margin-top: -95px;
+  margin-left: -200px;
+  padding: 20px;
+  width: 360px;
+  background: #F6F6F3; }
+  /* line 97, ../scss/components/_editor.scss */
+  .wmd-prompt-dialog p {
+    margin: 0 0 5px; }
+  /* line 98, ../scss/components/_editor.scss */
+  .wmd-prompt-dialog form {
+    margin-top: 10px; }
+  /* line 99, ../scss/components/_editor.scss */
+  .wmd-prompt-dialog input[type="text"] {
+    margin-bottom: 10px;
+    width: 100%; }
+  /* line 103, ../scss/components/_editor.scss */
+  .wmd-prompt-dialog button {
+    margin-right: 10px; }
+
+/* 预览 */
+/* line 107, ../scss/components/_editor.scss */
+#wmd-preview {
+  background: #FFF;
+  margin: 1em 0;
+  padding: 0 15px;
+  word-wrap: break-word;
+  overflow: auto;
+  -moz-border-radius: 2px;
+  -webkit-border-radius: 2px;
+  border-radius: 2px; }
+  /* line 114, ../scss/components/_editor.scss */
+  #wmd-preview img {
+    max-width: 100%; }
+  /* line 115, ../scss/components/_editor.scss */
+  #wmd-preview code, #wmd-preview pre {
+    padding: 2px 4px;
+    background: #F3F3F0;
+    font-size: .92857em; }
+  /* line 120, ../scss/components/_editor.scss */
+  #wmd-preview code {
+    color: #C13; }
+  /* line 121, ../scss/components/_editor.scss */
+  #wmd-preview pre {
+    padding: 1em; }
+    /* line 123, ../scss/components/_editor.scss */
+    #wmd-preview pre code {
+      padding: 0;
+      color: #444; }
+  /* line 128, ../scss/components/_editor.scss */
+  #wmd-preview blockquote {
+    margin: 1em 1.5em;
+    padding-left: 1.5em;
+    border-left: 4px solid #E9E9E6;
+    color: #777; }
+  /* line 134, ../scss/components/_editor.scss */
+  #wmd-preview hr {
+    margin: 2em auto;
+    width: 100px;
+    border: 1px solid #E9E9E6;
+    border-width: 2px 0 0 0; }
+  /* line 140, ../scss/components/_editor.scss */
+  #wmd-preview .summary:after {
+    display: block;
+    margin: 2em 0;
+    background: #FFF9E8;
+    color: #ce9900;
+    font-size: .85714em;
+    text-align: center;
+    content: "- more -"; }
+
+/* 上传面板动画效果 */
+@keyframes fullscreen-upload {
+  0% {
+    right: -280px; }
+  100% {
+    right: -1px; } }
+@-moz-keyframes fullscreen-upload {
+  0% {
+    right: -280px; }
+  100% {
+    right: -1px; } }
+@-webkit-keyframes fullscreen-upload {
+  0% {
+    right: -280px; }
+  100% {
+    right: -1px; } }
+@-o-keyframes fullscreen-upload {
+  0% {
+    right: -280px; }
+  100% {
+    right: -1px; } }
+/* 编辑器全屏 */
+/* line 174, ../scss/components/_editor.scss */
+.fullscreen #wmd-button-bar, .fullscreen #text, .fullscreen #wmd-preview, .fullscreen .submit {
+  position: absolute;
+  top: 0;
+  width: 50%;
+  background: #FFF;
+  z-index: 999;
+  -moz-box-sizing: border-box;
+  -webkit-box-sizing: border-box;
+  box-sizing: border-box;
+  -moz-border-radius: 0;
+  -webkit-border-radius: 0;
+  border-radius: 0; }
+/* line 184, ../scss/components/_editor.scss */
+.fullscreen #wmd-button-bar {
+  left: 0;
+  padding: 13px 20px;
+  border-bottom: 1px solid #F3F3F0;
+  z-index: 1000; }
+/* line 190, ../scss/components/_editor.scss */
+.fullscreen #text {
+  top: 53px;
+  left: 0;
+  padding: 20px;
+  border: none;
+  outline: none; }
+/* line 197, ../scss/components/_editor.scss */
+.fullscreen #wmd-preview {
+  top: 53px;
+  right: 0;
+  margin: 0;
+  padding: 5px 20px;
+  border: none;
+  border-left: 1px solid #F3F3F0;
+  background: #F6F6F3;
+  overflow: auto; }
+  /* line 206, ../scss/components/_editor.scss */
+  .fullscreen #wmd-preview code, .fullscreen #wmd-preview pre {
+    background: #F0F0EC; }
+/* line 210, ../scss/components/_editor.scss */
+.fullscreen .submit {
+  right: 0;
+  margin: 0;
+  padding: 10px 20px;
+  border-bottom: 1px solid #F3F3F0; }
+/* line 216, ../scss/components/_editor.scss */
+.fullscreen #upload-panel {
+  -webkit-box-shadow: 0 4px 16px rgba(0, 0, 0, 0.225);
+  box-shadow: 0 4px 16px rgba(0, 0, 0, 0.225);
+  border-style: solid; }
+/* line 223, ../scss/components/_editor.scss */
+.fullscreen #tab-files {
+  position: absolute;
+  top: 52px;
+  right: -1px;
+  width: 280px;
+  z-index: 1001;
+  animation: fullscreen-upload 0.5s;
+  -moz-animation: fullscreen-upload 0.5s;
+  -webkit-animation: fullscreen-upload 0.5s;
+  -o-animation: fullscreen-upload 0.5s; }
+/* line 236, ../scss/components/_editor.scss */
+.fullscreen .wmd-edittab,
+.fullscreen .typecho-post-option,
+.fullscreen .title,
+.fullscreen .url-slug,
+.fullscreen .typecho-page-title,
+.fullscreen .typecho-head-nav,
+.fullscreen .message {
+  display: none; }
+/* line 243, ../scss/components/_editor.scss */
+.fullscreen .wmd-hidetab {
+  display: block; }
+/* line 244, ../scss/components/_editor.scss */
+.fullscreen .wmd-visualhide,
+.fullscreen #btn-fullscreen-upload {
+  visibility: visible; }
+
+/**
+* Jquery Timepicker
+*/
+/* line 5, ../scss/components/_timepicker.scss */
+#ui-datepicker-div {
+  display: none;
+  margin-top: -1px;
+  padding: 10px;
+  border: 1px solid #D9D9D6;
+  background: #FFF; }
+
+/* line 12, ../scss/components/_timepicker.scss */
+.ui-timepicker-div .ui-widget-header {
+  margin-bottom: 8px; }
+
+/* line 13, ../scss/components/_timepicker.scss */
+.ui-timepicker-div dl {
+  text-align: left; }
+
+/* line 14, ../scss/components/_timepicker.scss */
+.ui-timepicker-div dl dt {
+  float: left;
+  clear: left; }
+
+/* line 15, ../scss/components/_timepicker.scss */
+.ui-timepicker-div dl dd {
+  margin: 0 0 10px 40%; }
+
+/* line 16, ../scss/components/_timepicker.scss */
+.ui-tpicker-grid-label {
+  background: none;
+  border: none;
+  margin: 0;
+  padding: 0; }
+
+/* line 18, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-header {
+  margin-bottom: 10px;
+  padding-bottom: 10px;
+  border-bottom: 1px solid #EEE; }
+
+/* line 23, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-prev {
+  float: left;
+  cursor: pointer; }
+
+/* line 24, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-next {
+  float: right;
+  cursor: pointer; }
+
+/* line 25, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-title {
+  font-weight: bold;
+  text-align: center; }
+
+/* line 29, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-calendar th {
+  line-height: 24px; }
+
+/* line 30, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-calendar a {
+  display: block;
+  width: 30px;
+  background-color: #F3F3F0;
+  line-height: 24px;
+  text-align: center; }
+
+/* line 37, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-calendar a:hover {
+  background-color: #E9E9E6;
+  text-decoration: none; }
+
+/* line 41, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-today a {
+  background-color: #E9E9E6;
+  color: #444; }
+
+/* line 45, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-current-day a {
+  background-color: #467B96 !important;
+  color: #FFF; }
+
+/* line 49, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-timepicker-div {
+  margin-top: 20px;
+  border-top: 1px solid #EEE; }
+
+/* line 53, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-slider {
+  position: relative;
+  margin-top: 18px;
+  border: 1px solid #E9E9E6;
+  background-color: #F6F6F3;
+  height: 4px; }
+
+/* line 60, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-slider .ui-slider-handle {
+  position: absolute;
+  top: -7px;
+  margin-left: -5px;
+  z-index: 2;
+  width: 10px;
+  height: 16px;
+  background-color: #467B96; }
+
+/* line 70, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-buttonpane {
+  padding-top: 10px;
+  border-top: 1px solid #EEE; }
+
+/* line 74, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-current,
+#ui-datepicker-div .ui-datepicker-close {
+  float: left; }
+
+/* line 80, ../scss/components/_timepicker.scss */
+#ui-datepicker-div .ui-datepicker-close {
+  float: right; }
+
+/* line 84, ../scss/components/_timepicker.scss */
+.ui-effects-transfer {
+  border: 2px dotted #ccc; }
+
+/**
+* Jquery Tokeninput
+*/
+/* line 5, ../scss/components/_tokeninput.scss */
+ul.token-input-list {
+  list-style: none;
+  margin: 0;
+  padding: 0 4px;
+  min-height: 32px;
+  border: 1px solid #D9D9D6;
+  cursor: text;
+  z-index: 999;
+  background-color: #FFF;
+  clear: left;
+  border-radius: 2px;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box; }
+  /* line 22, ../scss/components/_tokeninput.scss */
+  ul.token-input-list li {
+    margin: 4px 0; }
+
+/* line 28, ../scss/components/_tokeninput.scss */
+ul.token-input-list li input {
+  padding: 0;
+  border: 0;
+  width: 100%;
+  -webkit-appearance: caret; }
+
+/* line 35, ../scss/components/_tokeninput.scss */
+li.token-input-token {
+  padding: 0 6px;
+  height: 27px;
+  line-height: 27px;
+  background-color: #F3F3F0;
+  cursor: default;
+  font-size: .92857em;
+  text-align: right;
+  white-space: nowrap; }
+  /* line 44, ../scss/components/_tokeninput.scss */
+  li.token-input-token p {
+    float: left;
+    display: inline;
+    margin: 0; }
+  /* line 49, ../scss/components/_tokeninput.scss */
+  li.token-input-token span {
+    color: #BBB;
+    font-weight: bold;
+    cursor: pointer; }
+
+/* line 58, ../scss/components/_tokeninput.scss */
+li.token-input-selected-token {
+  background-color: #E9E9E6; }
+
+/* line 62, ../scss/components/_tokeninput.scss */
+li.token-input-input-token {
+  padding: 0 4px; }
+
+/* line 66, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown {
+  position: absolute;
+  background-color: #FFF;
+  overflow: hidden;
+  border: 1px solid #D9D9D6;
+  border-top-width: 0;
+  cursor: default;
+  z-index: 1;
+  font-size: .92857em; }
+
+/* line 77, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown p {
+  margin: 0;
+  padding: 5px 10px;
+  color: #777;
+  font-weight: bold; }
+
+/* line 84, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown ul {
+  list-style: none;
+  margin: 0;
+  padding: 0; }
+
+/* line 90, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown ul li {
+  padding: 4px 10px;
+  background-color: #FFF; }
+
+/* line 95, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown ul li.token-input-dropdown-item {
+  background-color: #FFF; }
+
+/* line 99, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown ul li em {
+  font-style: normal; }
+
+/* line 103, ../scss/components/_tokeninput.scss */
+div.token-input-dropdown ul li.token-input-selected-dropdown-item {
+  background-color: #467B96;
+  color: #FFF; }
+
+/*
+* Hide from both screenreaders and browsers: h5bp.com/u
+*/
+/* line 5, ../scss/_hidden.scss */
+.hidden {
+  display: none; }
+
+/*
+* Hide only visually, but have it available for screenreaders: h5bp.com/v
+*/
+/* line 15, ../scss/_hidden.scss */
+.sr-only {
+  border: 0;
+  height: 1px;
+  margin: -1px;
+  overflow: hidden;
+  padding: 0;
+  position: absolute;
+  width: 1px; }
+
+/*
+* Extends the .sr-only class to allow the element to be focusable
+* when navigated to via the keyboard: h5bp.com/p
+*/
+/* line 30, ../scss/_hidden.scss */
+.sr-only.focusable:active,
+.sr-only.focusable:focus {
+  clip: auto;
+  height: auto;
+  margin: 0;
+  overflow: visible;
+  position: static;
+  width: auto; }
+
+/*
+* Hide visually and from screenreaders, but maintain layout
+*/
+/* line 44, ../scss/_hidden.scss */
+.invisible {
+  visibility: hidden; }
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields-js.php
new file mode 100644
index 0000000..b1011f7
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields-js.php
@@ -0,0 +1,44 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<script>
+$(document).ready(function () {
+    // 自定义字段
+    $('#custom-field-expand').click(function() {
+        var btn = $('i', this);
+        if (btn.hasClass('i-caret-right')) {
+            btn.removeClass('i-caret-right').addClass('i-caret-down');
+        } else {
+            btn.removeClass('i-caret-down').addClass('i-caret-right');
+        }
+        $(this).parent().toggleClass('fold');
+        return false;
+    });
+
+    function attachDeleteEvent (el) {
+        $('button.btn-xs', el).click(function () {
+            if (confirm('<?php _e('确认要删除此字段吗?'); ?>')) {
+                $(this).parents('tr').fadeOut(function () {
+                    $(this).remove();
+                });
+            }
+        });
+    }
+
+    $('#custom-field table tbody tr').each(function () {
+        attachDeleteEvent(this);
+    });
+
+    $('#custom-field button.operate-add').click(function () {
+        var html = '<tr><td><input type="text" name="fieldNames[]" placeholder="<?php _e('字段名称'); ?>" class="text-s w-100"></td>'
+                + '<td><select name="fieldTypes[]" id="">'
+                + '<option value="str"><?php _e('字符'); ?></option>'
+                + '<option value="int"><?php _e('整数'); ?></option>'
+                + '<option value="float"><?php _e('小数'); ?></option>'
+                + '</select></td>'
+                + '<td><textarea name="fieldValues[]" placeholder="<?php _e('字段值'); ?>" class="text-s w-100" rows="2"></textarea></td>'
+                + '<td><button type="button" class="btn btn-xs"><?php _e('删除'); ?></button></td></tr>',
+            el = $(html).hide().appendTo('#custom-field table tbody').fadeIn();
+
+        attachDeleteEvent(el);
+    });
+});
+</script>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields.php
new file mode 100644
index 0000000..6fd85b2
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/custom-fields.php
@@ -0,0 +1,73 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<?php
+$fields = isset($post) ? $post->getFieldItems() : $page->getFieldItems();
+$defaultFields = isset($post) ? $post->getDefaultFieldItems() : $page->getDefaultFieldItems();
+?>
+                    <section id="custom-field" class="typecho-post-option<?php if (empty($defaultFields) && empty($fields)): ?> fold<?php endif; ?>">
+                        <label id="custom-field-expand" class="typecho-label"><a href="##"><i class="i-caret-right"></i> <?php _e('自定义字段'); ?></a></label>
+                        <table class="typecho-list-table mono">
+                            <colgroup>
+                                <col width="25%"/>
+                                <col width="10%"/>
+                                <col width="55%"/>
+                                <col width="10%"/>
+                            </colgroup>
+                            <?php foreach ($defaultFields as $field): ?>
+                            <?php list ($label, $input) = $field; ?>
+                            <tr>
+                                <td><?php $label->render(); ?></td>
+                                <td colspan="3"><?php $input->render(); ?></td>
+                            </tr>
+                            <?php endforeach; ?>
+                            <?php foreach ($fields as $field): ?>
+                            <tr>
+                                <td>
+                                    <label for="fieldname" class="sr-only"><?php _e('字段名称'); ?></label>
+                                    <input type="text" name="fieldNames[]" value="<?php echo htmlspecialchars($field['name']); ?>" id="fieldname" class="text-s w-100">
+                                </td>
+                                <td>
+                                    <label for="fieldtype" class="sr-only"><?php _e('字段类型'); ?></label>
+                                    <select name="fieldTypes[]" id="fieldtype">
+                                        <option value="str"<?php if ('str' == $field['type']): ?> selected<?php endif; ?>><?php _e('字符'); ?></option>
+                                        <option value="int"<?php if ('int' == $field['type']): ?> selected<?php endif; ?>><?php _e('整数'); ?></option>
+                                        <option value="float"<?php if ('float' == $field['type']): ?> selected<?php endif; ?>><?php _e('小数'); ?></option>
+                                    </select>
+                                </td>
+                                <td>
+                                    <label for="fieldvalue" class="sr-only"><?php _e('字段值'); ?></label>
+                                    <textarea name="fieldValues[]" id="fieldvalue" class="text-s w-100" rows="2"><?php echo htmlspecialchars($field[$field['type'] . '_value']); ?></textarea>
+                                </td>
+                                <td>
+                                    <button type="button" class="btn btn-xs"><?php _e('删除'); ?></button>
+                                </td>
+                            </tr>
+                            <?php endforeach; ?>
+                            <?php if (empty($defaultFields) && empty($fields)): ?>
+                            <tr>
+                                <td>
+                                    <label for="fieldname" class="sr-only"><?php _e('字段名称'); ?></label>
+                                    <input type="text" name="fieldNames[]" placeholder="<?php _e('字段名称'); ?>" id="fieldname" class="text-s w-100">
+                                </td>
+                                <td>
+                                    <label for="fieldtype" class="sr-only"><?php _e('字段类型'); ?></label>
+                                    <select name="fieldTypes[]" id="fieldtype">
+                                        <option value="str"><?php _e('字符'); ?></option>
+                                        <option value="int"><?php _e('整数'); ?></option>
+                                        <option value="float"><?php _e('小数'); ?></option>
+                                    </select>
+                                </td>
+                                <td>
+                                    <label for="fieldvalue" class="sr-only"><?php _e('字段值'); ?></label>
+                                    <textarea name="fieldValues[]" placeholder="<?php _e('字段值'); ?>" id="fieldvalue" class="text-s w-100" rows="2"></textarea>
+                                </td>
+                                <td>
+                                    <button type="button" class="btn btn-xs"><?php _e('删除'); ?></button>
+                                </td>
+                            </tr>
+                            <?php endif; ?>
+                        </table>
+                        <div class="description clearfix">
+                            <button type="button" class="btn btn-xs operate-add"><?php _e('+添加字段'); ?></button>
+                            <?php _e('自定义字段可以扩展你的模板功能, 使用方法参见 <a href="http://docs.typecho.org/help/custom-fields">帮助文档</a>'); ?>
+                        </div>
+                    </section>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/editor-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/editor-js.php
new file mode 100644
index 0000000..949305c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/editor-js.php
@@ -0,0 +1,330 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<?php $content = !empty($post) ? $post : $page; if ($options->markdown): ?>
+<script src="<?php $options->adminStaticUrl('js', 'pagedown.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'stmd.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'diff.js?v=' . $suffixVersion); ?>"></script>
+<script>
+$(document).ready(function () {
+    var textarea = $('#text'),
+        toolbar = $('<div class="editor" id="wmd-button-bar" />').insertBefore(textarea.parent()),
+        preview = $('<div id="wmd-preview" class="wmd-hidetab" />').insertAfter('.editor');
+
+    var options = {}, isMarkdown = <?php echo intval($content->isMarkdown || !$content->have()); ?>;
+
+    options.strings = {
+        bold: '<?php _e('加粗'); ?> <strong> Ctrl+B',
+        boldexample: '<?php _e('加粗文字'); ?>',
+            
+        italic: '<?php _e('斜体'); ?> <em> Ctrl+I',
+        italicexample: '<?php _e('斜体文字'); ?>',
+
+        link: '<?php _e('链接'); ?> <a> Ctrl+L',
+        linkdescription: '<?php _e('请输入链接描述'); ?>',
+
+        quote:  '<?php _e('引用'); ?> <blockquote> Ctrl+Q',
+        quoteexample: '<?php _e('引用文字'); ?>',
+
+        code: '<?php _e('代码'); ?> <pre><code> Ctrl+K',
+        codeexample: '<?php _e('请输入代码'); ?>',
+
+        image: '<?php _e('图片'); ?> <img> Ctrl+G',
+        imagedescription: '<?php _e('请输入图片描述'); ?>',
+
+        olist: '<?php _e('数字列表'); ?> <ol> Ctrl+O',
+        ulist: '<?php _e('普通列表'); ?> <ul> Ctrl+U',
+        litem: '<?php _e('列表项目'); ?>',
+
+        heading: '<?php _e('标题'); ?> <h1>/<h2> Ctrl+H',
+        headingexample: '<?php _e('标题文字'); ?>',
+
+        hr: '<?php _e('分割线'); ?> <hr> Ctrl+R',
+        more: '<?php _e('摘要分割线'); ?> <!--more--> Ctrl+M',
+
+        undo: '<?php _e('撤销'); ?> - Ctrl+Z',
+        redo: '<?php _e('重做'); ?> - Ctrl+Y',
+        redomac: '<?php _e('重做'); ?> - Ctrl+Shift+Z',
+
+        fullscreen: '<?php _e('全屏'); ?> - Ctrl+J',
+        exitFullscreen: '<?php _e('退出全屏'); ?> - Ctrl+E',
+        fullscreenUnsupport: '<?php _e('此浏览器不支持全屏操作'); ?>',
+
+        imagedialog: '<p><b><?php _e('插入图片'); ?></b></p><p><?php _e('请在下方的输入框内输入要插入的远程图片地址'); ?></p><p><?php _e('您也可以使用附件功能插入上传的本地图片'); ?></p>',
+        linkdialog: '<p><b><?php _e('插入链接'); ?></b></p><p><?php _e('请在下方的输入框内输入要插入的链接地址'); ?></p>',
+
+        ok: '<?php _e('确定'); ?>',
+        cancel: '<?php _e('取消'); ?>',
+
+        help: '<?php _e('Markdown语法帮助'); ?>'
+    };
+
+    var converter = new Typecho.Markdown,
+        editor = new Markdown.Editor(converter, '', options),
+        diffMatch = new diff_match_patch(), last = '', preview = $('#wmd-preview'),
+        mark = '@mark' + Math.ceil(Math.random() * 100000000) + '@',
+        span = '<span class="diff" />',
+        cache = {};
+    
+
+    // 自动跟随
+    converter.hooks.chain('postConversion', function (html) {
+        // clear special html tags
+        html = html.replace(/<\/?(\!doctype|html|head|body|link|title|input|select|button|textarea|style|noscript)[^>]*>/ig, function (all) {
+            return all.replace(/&/g, '&amp;')
+                .replace(/</g, '&lt;')
+                .replace(/>/g, '&gt;')
+                .replace(/'/g, '&#039;')
+                .replace(/"/g, '&quot;');
+        });
+
+        // clear hard breaks
+        html = html.replace(/\s*((?:<br>\n)+)\s*(<\/?(?:p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|address|form|fieldset|iframe|hr|legend|article|section|nav|aside|hgroup|header|footer|figcaption|li|dd|dt)[^\w])/gm, '$2');
+
+        if (html.indexOf('<!--more-->') > 0) {
+            var parts = html.split(/\s*<\!\-\-more\-\->\s*/),
+                summary = parts.shift(),
+                details = parts.join('');
+
+            html = '<div class="summary">' + summary + '</div>'
+                + '<div class="details">' + details + '</div>';
+        }
+
+
+        var diffs = diffMatch.diff_main(last, html);
+        last = html;
+
+        if (diffs.length > 0) {
+            var stack = [], markStr = mark;
+            
+            for (var i = 0; i < diffs.length; i ++) {
+                var diff = diffs[i], op = diff[0], str = diff[1]
+                    sp = str.lastIndexOf('<'), ep = str.lastIndexOf('>');
+
+                if (op != 0) {
+                    if (sp >=0 && sp > ep) {
+                        if (op > 0) {
+                            stack.push(str.substring(0, sp) + markStr + str.substring(sp));
+                        } else {
+                            var lastStr = stack[stack.length - 1], lastSp = lastStr.lastIndexOf('<');
+                            stack[stack.length - 1] = lastStr.substring(0, lastSp) + markStr + lastStr.substring(lastSp);
+                        }
+                    } else {
+                        if (op > 0) {
+                            stack.push(str + markStr);
+                        } else {
+                            stack.push(markStr);
+                        }
+                    }
+                    
+                    markStr = '';
+                } else {
+                    stack.push(str);
+                }
+            }
+
+            html = stack.join('');
+
+            if (!markStr) {
+                var pos = html.indexOf(mark), prev = html.substring(0, pos),
+                    next = html.substr(pos + mark.length),
+                    sp = prev.lastIndexOf('<'), ep = prev.lastIndexOf('>');
+
+                if (sp >= 0 && sp > ep) {
+                    html = prev.substring(0, sp) + span + prev.substring(sp) + next;
+                } else {
+                    html = prev + span + next;
+                }
+            }
+        }
+
+        // 替换img
+        html = html.replace(/<(img)\s+([^>]*)\s*src="([^"]+)"([^>]*)>/ig, function (all, tag, prefix, src, suffix) {
+            if (!cache[src]) {
+                cache[src] = false;
+            } else {
+                return '<span class="cache" data-width="' + cache[src][0] + '" data-height="' + cache[src][1] + '" '
+                    + 'style="background:url(' + src + ') no-repeat left top; width:'
+                    + cache[src][0] + 'px; height:' + cache[src][1] + 'px; display: inline-block; max-width: 100%;'
+                    + '-webkit-background-size: contain;-moz-background-size: contain;-o-background-size: contain;background-size: contain;" />';
+            }
+
+            return all;
+        });
+
+        // 替换block
+        html = html.replace(/<(iframe|embed)\s+([^>]*)>/ig, function (all, tag, src) {
+            if (src[src.length - 1] == '/') {
+                src = src.substring(0, src.length - 1);
+            }
+
+            return '<div style="background: #ddd; height: 40px; overflow: hidden; line-height: 40px; text-align: center; font-size: 12px; color: #777">'
+                + tag + ' : ' + $.trim(src) + '</div>';
+        });
+
+        return html;
+    });
+
+    function cacheResize() {
+        var t = $(this), w = parseInt(t.data('width')), h = parseInt(t.data('height')),
+            ow = t.width();
+
+        t.height(h * ow / w);
+    }
+
+    var to;
+    editor.hooks.chain('onPreviewRefresh', function () {
+        var diff = $('.diff', preview), scrolled = false;
+
+        if (to) {
+            clearTimeout(to);
+        }
+
+        $('img', preview).load(function () {
+            var t = $(this), src = t.attr('src');
+
+            if (scrolled) {
+                preview.scrollTo(diff, {
+                    offset  :   - 50
+                });
+            }
+
+            if (!!src && !cache[src]) {
+                cache[src] = [this.width, this.height];
+            }
+        });
+
+        $('.cache', preview).resize(cacheResize).each(cacheResize);
+        
+        var changed = $('.diff', preview).parent();
+        if (!changed.is(preview)) {
+            changed.css('background-color', 'rgba(255,230,0,0.5)');
+            to = setTimeout(function () {
+                changed.css('background-color', 'transparent');
+            }, 4500);
+        }
+
+        if (diff.length > 0) {
+            var p = diff.position(), lh = diff.parent().css('line-height');
+            lh = !!lh ? parseInt(lh) : 0;
+
+            if (p.top < 0 || p.top > preview.height() - lh) {
+                preview.scrollTo(diff, {
+                    offset  :   - 50
+                });
+                scrolled = true;
+            }
+        }
+    });
+
+    <?php Typecho_Plugin::factory('admin/editor-js.php')->markdownEditor($content); ?>
+
+    var input = $('#text'), th = textarea.height(), ph = preview.height(),
+        uploadBtn = $('<button type="button" id="btn-fullscreen-upload" class="btn btn-link">'
+            + '<i class="i-upload"><?php _e('附件'); ?></i></button>')
+            .prependTo('.submit .right')
+            .click(function() {
+                $('a', $('.typecho-option-tabs li').not('.active')).trigger('click');
+                return false;
+            });
+
+    $('.typecho-option-tabs li').click(function () {
+        uploadBtn.find('i').toggleClass('i-upload-active',
+            $('#tab-files-btn', this).length > 0);
+    });
+
+    editor.hooks.chain('enterFakeFullScreen', function () {
+        th = textarea.height();
+        ph = preview.height();
+        $(document.body).addClass('fullscreen');
+        var h = $(window).height() - toolbar.outerHeight();
+        
+        textarea.css('height', h);
+        preview.css('height', h);
+    });
+
+    editor.hooks.chain('enterFullScreen', function () {
+        $(document.body).addClass('fullscreen');
+        
+        var h = window.screen.height - toolbar.outerHeight();
+        textarea.css('height', h);
+        preview.css('height', h);
+    });
+
+    editor.hooks.chain('exitFullScreen', function () {
+        $(document.body).removeClass('fullscreen');
+        textarea.height(th);
+        preview.height(ph);
+    });
+
+    function initMarkdown() {
+        editor.run();
+
+        var imageButton = $('#wmd-image-button'),
+            linkButton = $('#wmd-link-button');
+
+        Typecho.insertFileToEditor = function (file, url, isImage) {
+            var button = isImage ? imageButton : linkButton;
+
+            options.strings[isImage ? 'imagename' : 'linkname'] = file;
+            button.trigger('click');
+
+            var checkDialog = setInterval(function () {
+                if ($('.wmd-prompt-dialog').length > 0) {
+                    $('.wmd-prompt-dialog input').val(url).select();
+                    clearInterval(checkDialog);
+                    checkDialog = null;
+                }
+            }, 10);
+        };
+
+        Typecho.uploadComplete = function (file) {
+            Typecho.insertFileToEditor(file.title, file.url, file.isImage);
+        };
+
+        // 编辑预览切换
+        var edittab = $('.editor').prepend('<div class="wmd-edittab"><a href="#wmd-editarea" class="active"><?php _e('撰写'); ?></a><a href="#wmd-preview"><?php _e('预览'); ?></a></div>'),
+            editarea = $(textarea.parent()).attr("id", "wmd-editarea");
+
+        $(".wmd-edittab a").click(function() {
+            $(".wmd-edittab a").removeClass('active');
+            $(this).addClass("active");
+            $("#wmd-editarea, #wmd-preview").addClass("wmd-hidetab");
+        
+            var selected_tab = $(this).attr("href"),
+                selected_el = $(selected_tab).removeClass("wmd-hidetab");
+
+            // 预览时隐藏编辑器按钮
+            if (selected_tab == "#wmd-preview") {
+                $("#wmd-button-row").addClass("wmd-visualhide");
+            } else {
+                $("#wmd-button-row").removeClass("wmd-visualhide");
+            }
+
+            // 预览和编辑窗口高度一致
+            $("#wmd-preview").outerHeight($("#wmd-editarea").innerHeight());
+
+            return false;
+        });
+    }
+
+    if (isMarkdown) {
+        initMarkdown();
+    } else {
+        var notice = $('<div class="message notice"><?php _e('这篇文章不是由Markdown语法创建的, 继续使用Markdown编辑它吗?'); ?> '
+            + '<button class="btn btn-xs primary yes"><?php _e('是'); ?></button> ' 
+            + '<button class="btn btn-xs no"><?php _e('否'); ?></button></div>')
+            .hide().insertBefore(textarea).slideDown();
+
+        $('.yes', notice).click(function () {
+            notice.remove();
+            $('<input type="hidden" name="markdown" value="1" />').appendTo('.submit');
+            initMarkdown();
+        });
+
+        $('.no', notice).click(function () {
+            notice.remove();
+        });
+    }
+});
+</script>
+<?php endif; ?>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/extending.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/extending.php
new file mode 100644
index 0000000..be228ef
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/extending.php
@@ -0,0 +1,13 @@
+<?php
+include 'common.php';
+
+$panel = $request->get('panel');
+$panelTable = unserialize($options->panelTable);
+
+if (!isset($panelTable['file']) || !in_array(urlencode($panel), $panelTable['file'])) {
+    throw new Typecho_Plugin_Exception(_t('页面不存在'), 404);
+}
+
+list ($pluginName, $file) = explode('/', trim($panel, '/'), 2);
+
+require_once $options->pluginDir($pluginName) . '/' . $panel;
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload-js.php
new file mode 100644
index 0000000..133dde3
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload-js.php
@@ -0,0 +1,208 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<?php
+if (isset($post) && $post instanceof Typecho_Widget && $post->have()) {
+    $fileParentContent = $post;
+} else if (isset($page) && $page instanceof Typecho_Widget && $page->have()) {
+    $fileParentContent = $page;
+}
+
+$phpMaxFilesize = function_exists('ini_get') ? trim(ini_get('upload_max_filesize')) : 0;
+
+if (preg_match("/^([0-9]+)([a-z]{1,2})$/i", $phpMaxFilesize, $matches)) {
+    $phpMaxFilesize = strtolower($matches[1] . $matches[2] . (1 == strlen($matches[2]) ? 'b' : ''));
+}
+?>
+
+<script src="<?php $options->adminStaticUrl('js', 'moxie.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'plupload.js?v=' . $suffixVersion); ?>"></script>
+<script>
+$(document).ready(function() {
+    function updateAttacmentNumber () {
+        var btn = $('#tab-files-btn'),
+            balloon = $('.balloon', btn),
+            count = $('#file-list li .insert').length;
+
+        if (count > 0) {
+            if (!balloon.length) {
+                btn.html($.trim(btn.html()) + ' ');
+                balloon = $('<span class="balloon"></span>').appendTo(btn);
+            }
+
+            balloon.html(count);
+        } else if (0 == count && balloon.length > 0) {
+            balloon.remove();
+        }
+    }
+
+    $('.upload-area').bind({
+        dragenter   :   function () {
+            $(this).parent().addClass('drag');
+        },
+
+        dragover    :   function (e) {
+            $(this).parent().addClass('drag');
+        },
+
+        drop        :   function () {
+            $(this).parent().removeClass('drag');
+        },
+        
+        dragend     :   function () {
+            $(this).parent().removeClass('drag');
+        },
+
+        dragleave   :   function () {
+            $(this).parent().removeClass('drag');
+        }
+    });
+
+    updateAttacmentNumber();
+
+    function fileUploadStart (file) {
+        $('<li id="' + file.id + '" class="loading">'
+            + file.name + '</li>').appendTo('#file-list');
+    }
+
+    function fileUploadError (error) {
+        var file = error.file, code = error.code, word; 
+        
+        switch (code) {
+            case plupload.FILE_SIZE_ERROR:
+                word = '<?php _e('文件大小超过限制'); ?>';
+                break;
+            case plupload.FILE_EXTENSION_ERROR:
+                word = '<?php _e('文件扩展名不被支持'); ?>';
+                break;
+            case plupload.FILE_DUPLICATE_ERROR:
+                word = '<?php _e('文件已经上传过'); ?>';
+                break;
+            case plupload.HTTP_ERROR:
+            default:
+                word = '<?php _e('上传出现错误'); ?>';
+                break;
+        }
+
+        var fileError = '<?php _e('%s 上传失败'); ?>'.replace('%s', file.name),
+            li, exist = $('#' + file.id);
+
+        if (exist.length > 0) {
+            li = exist.removeClass('loading').html(fileError);
+        } else {
+            li = $('<li>' + fileError + '<br />' + word + '</li>').appendTo('#file-list');
+        }
+
+        li.effect('highlight', {color : '#FBC2C4'}, 2000, function () {
+            $(this).remove();
+        });
+    }
+
+    var completeFile = null;
+    function fileUploadComplete (id, url, data) {
+        var li = $('#' + id).removeClass('loading').data('cid', data.cid)
+            .data('url', data.url)
+            .data('image', data.isImage)
+            .html('<input type="hidden" name="attachment[]" value="' + data.cid + '" />'
+                + '<a class="insert" target="_blank" href="###" title="<?php _e('点击插入文件'); ?>">' + data.title + '</a><div class="info">' + data.bytes
+                + ' <a class="file" target="_blank" href="<?php $options->adminUrl('media.php'); ?>?cid=' 
+                + data.cid + '" title="<?php _e('编辑'); ?>"><i class="i-edit"></i></a>'
+                + ' <a class="delete" href="###" title="<?php _e('删除'); ?>"><i class="i-delete"></i></a></div>')
+            .effect('highlight', 1000);
+            
+        attachInsertEvent(li);
+        attachDeleteEvent(li);
+        updateAttacmentNumber();
+
+        if (!completeFile) {
+            completeFile = data;
+        }
+    }
+
+    $('#tab-files').bind('init', function () {
+        var uploader = new plupload.Uploader({
+            browse_button   :   $('.upload-file').get(0),
+            url             :   '<?php $security->index('/action/upload'
+                . (isset($fileParentContent) ? '?cid=' . $fileParentContent->cid : '')); ?>',
+            runtimes        :   'html5,flash,html4',
+            flash_swf_url   :   '<?php $options->adminStaticUrl('js', 'Moxie.swf'); ?>',
+            drop_element    :   $('.upload-area').get(0),
+            filters         :   {
+                max_file_size       :   '<?php echo $phpMaxFilesize ?>',
+                mime_types          :   [{'title' : '<?php _e('允许上传的文件'); ?>', 'extensions' : '<?php echo implode(',', $options->allowedAttachmentTypes); ?>'}],
+                prevent_duplicates  :   true
+            },
+
+            init            :   {
+                FilesAdded      :   function (up, files) {
+                    plupload.each(files, function(file) {
+                        fileUploadStart(file);
+                    });
+
+                    completeFile = null;
+                    uploader.start();
+                },
+
+                UploadComplete  :   function () {
+                    if (completeFile) {
+                        Typecho.uploadComplete(completeFile);
+                    }
+                },
+
+                FileUploaded    :   function (up, file, result) {
+                    if (200 == result.status) {
+                        var data = $.parseJSON(result.response);
+
+                        if (data) {
+                            fileUploadComplete(file.id, data[0], data[1]);
+                            return;
+                        }
+                    }
+
+                    fileUploadError({
+                        code : plupload.HTTP_ERROR,
+                        file : file
+                    });
+                },
+
+                Error           :   function (up, error) {
+                    fileUploadError(error);
+                }
+            }
+        });
+
+        uploader.init();
+    });
+
+    function attachInsertEvent (el) {
+        $('.insert', el).click(function () {
+            var t = $(this), p = t.parents('li');
+            Typecho.insertFileToEditor(t.text(), p.data('url'), p.data('image'));
+            return false;
+        });
+    }
+
+    function attachDeleteEvent (el) {
+        var file = $('a.insert', el).text();
+        $('.delete', el).click(function () {
+            if (confirm('<?php _e('确认要删除文件 %s 吗?'); ?>'.replace('%s', file))) {
+                var cid = $(this).parents('li').data('cid');
+                $.post('<?php $security->index('/action/contents-attachment-edit'); ?>',
+                    {'do' : 'delete', 'cid' : cid},
+                    function () {
+                        $(el).fadeOut(function () {
+                            $(this).remove();
+                            updateAttacmentNumber();
+                        });
+                    });
+            }
+
+            return false;
+        });
+    }
+
+    $('#file-list li').each(function () {
+        attachInsertEvent(this);
+        attachDeleteEvent(this);
+    });
+});
+</script>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload.php
new file mode 100644
index 0000000..d276094
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/file-upload.php
@@ -0,0 +1,30 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+
+<?php
+if (isset($post) || isset($page)) {
+    $cid = isset($post) ? $post->cid : $page->cid;
+    
+    if ($cid) {
+        Typecho_Widget::widget('Widget_Contents_Attachment_Related', 'parentId=' . $cid)->to($attachment);
+    } else {
+        Typecho_Widget::widget('Widget_Contents_Attachment_Unattached')->to($attachment);
+    }
+}
+?>
+
+<div id="upload-panel" class="p">
+    <div class="upload-area" draggable="true"><?php _e('拖放文件到这里<br>或者 %s选择文件上传%s', '<a href="###" class="upload-file">', '</a>'); ?></div>
+    <ul id="file-list">
+    <?php while ($attachment->next()): ?>
+        <li data-cid="<?php $attachment->cid(); ?>" data-url="<?php echo $attachment->attachment->url; ?>" data-image="<?php echo $attachment->attachment->isImage ? 1 : 0; ?>"><input type="hidden" name="attachment[]" value="<?php $attachment->cid(); ?>" />
+            <a class="insert" title="<?php _e('点击插入文件'); ?>" href="###"><?php $attachment->title(); ?></a>
+            <div class="info">
+                <?php echo number_format(ceil($attachment->attachment->size / 1024)); ?> Kb
+                <a class="file" target="_blank" href="<?php $options->adminUrl('media.php?cid=' . $attachment->cid); ?>" title="<?php _e('编辑'); ?>"><i class="i-edit"></i></a>
+                <a href="###" class="delete" title="<?php _e('删除'); ?>"><i class="i-delete"></i></a>
+            </div>
+        </li>
+    <?php endwhile; ?>
+    </ul>
+</div>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/footer.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/footer.php
new file mode 100644
index 0000000..57c0084
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/footer.php
@@ -0,0 +1,6 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+    </body>
+</html>
+<?php
+/** 注册一个结束插件 */
+Typecho_Plugin::factory('admin/footer.php')->end();
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/form-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/form-js.php
new file mode 100644
index 0000000..7c52d69
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/form-js.php
@@ -0,0 +1,26 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<script>
+(function () {
+    $(document).ready(function () {
+        var error = $('.typecho-option .error:first');
+
+        if (error.length > 0) {
+            $('html,body').scrollTop(error.parents('.typecho-option').offset().top);
+        }
+
+        $('form').submit(function () {
+            if (this.submitted) {
+                return false;
+            } else {
+                this.submitted = true;
+            }
+        });
+
+        $('label input[type=text]').click(function (e) {
+            var check = $('#' + $(this).parents('label').attr('for'));
+            check.prop('checked', true);
+            return false;
+        });
+    });
+})();
+</script>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/header.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/header.php
new file mode 100644
index 0000000..50e3c6e
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/header.php
@@ -0,0 +1,31 @@
+<?php
+if (!defined('__TYPECHO_ADMIN__')) {
+    exit;
+}
+
+$header = '<link rel="stylesheet" href="' . Typecho_Common::url('normalize.css?v=' . $suffixVersion, $options->adminStaticUrl('css')) . '">
+<link rel="stylesheet" href="' . Typecho_Common::url('grid.css?v=' . $suffixVersion, $options->adminStaticUrl('css')) . '">
+<link rel="stylesheet" href="' . Typecho_Common::url('style.css?v=' . $suffixVersion, $options->adminStaticUrl('css')) . '">
+<!--[if lt IE 9]>
+<script src="' . Typecho_Common::url('html5shiv.js?v=' . $suffixVersion, $options->adminStaticUrl('js')) . '"></script>
+<script src="' . Typecho_Common::url('respond.js?v=' . $suffixVersion, $options->adminStaticUrl('js')) . '"></script>
+<![endif]-->';
+
+/** 注册一个初始化插件 */
+$header = Typecho_Plugin::factory('admin/header.php')->header($header);
+
+?><!DOCTYPE HTML>
+<html class="no-js">
+    <head>
+        <meta charset="<?php $options->charset(); ?>">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
+        <meta name="renderer" content="webkit">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <title><?php _e('%s - %s - Powered by Typecho', $menu->title, $options->title); ?></title>
+        <meta name="robots" content="noindex, nofollow">
+        <?php echo $header; ?>
+    </head>
+    <body<?php if (isset($bodyClass)) {echo ' class="' . $bodyClass . '"';} ?>>
+    <!--[if lt IE 9]>
+        <div class="message error browsehappy" role="dialog"><?php _e('当前网页 <strong>不支持</strong> 你正在使用的浏览器. 为了正常的访问, 请 <a href="http://browsehappy.com/">升级你的浏览器</a>'); ?>.</div>
+    <![endif]-->
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/ajax-loader.gif b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/ajax-loader.gif
new file mode 100644
index 0000000..32666da
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/ajax-loader.gif differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor.png
new file mode 100644
index 0000000..aeee188
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-bold@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-bold@2x.png
new file mode 100644
index 0000000..bcbab97
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-bold@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-code@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-code@2x.png
new file mode 100644
index 0000000..21d2fa0
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-code@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-exitfull@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-exitfull@2x.png
new file mode 100644
index 0000000..2d26190
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-exitfull@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-fullscreen@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-fullscreen@2x.png
new file mode 100644
index 0000000..420ea7c
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-fullscreen@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-heading@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-heading@2x.png
new file mode 100644
index 0000000..5096e41
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-heading@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-hr@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-hr@2x.png
new file mode 100644
index 0000000..8371458
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-hr@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-image@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-image@2x.png
new file mode 100644
index 0000000..e8857a8
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-image@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-italic@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-italic@2x.png
new file mode 100644
index 0000000..666dfb6
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-italic@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-link@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-link@2x.png
new file mode 100644
index 0000000..68e4f87
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-link@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-more@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-more@2x.png
new file mode 100644
index 0000000..87f58e6
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-more@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-olist@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-olist@2x.png
new file mode 100644
index 0000000..17eca6e
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-olist@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-quote@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-quote@2x.png
new file mode 100644
index 0000000..6c703ad
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-quote@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-redo@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-redo@2x.png
new file mode 100644
index 0000000..baad4d6
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-redo@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-ulist@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-ulist@2x.png
new file mode 100644
index 0000000..356ab46
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-ulist@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-undo@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-undo@2x.png
new file mode 100644
index 0000000..36d001f
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/2x/editor-undo@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-bold.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-bold.png
new file mode 100644
index 0000000..6111560
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-bold.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-code.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-code.png
new file mode 100644
index 0000000..3a2c176
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-code.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-exitfull.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-exitfull.png
new file mode 100644
index 0000000..4827612
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-exitfull.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-fullscreen.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-fullscreen.png
new file mode 100644
index 0000000..4593cf3
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-fullscreen.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-heading.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-heading.png
new file mode 100644
index 0000000..228a76d
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-heading.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-hr.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-hr.png
new file mode 100644
index 0000000..d248f66
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-hr.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-image.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-image.png
new file mode 100644
index 0000000..c091557
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-image.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-italic.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-italic.png
new file mode 100644
index 0000000..275a487
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-italic.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-link.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-link.png
new file mode 100644
index 0000000..e1de15d
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-link.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-more.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-more.png
new file mode 100644
index 0000000..4b24a6b
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-more.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-olist.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-olist.png
new file mode 100644
index 0000000..590df03
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-olist.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-quote.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-quote.png
new file mode 100644
index 0000000..5d3060a
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-quote.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-redo.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-redo.png
new file mode 100644
index 0000000..b59377e
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-redo.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-ulist.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-ulist.png
new file mode 100644
index 0000000..8aa1c9d
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-ulist.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-undo.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-undo.png
new file mode 100644
index 0000000..98cbcc8
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor/editor-undo.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor@2x.png
new file mode 100644
index 0000000..b361ff6
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/editor@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x-s481937020b.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x-s481937020b.png
new file mode 100644
index 0000000..f887f62
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x-s481937020b.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-delete.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-delete.png
new file mode 100644
index 0000000..09b954d
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-delete.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-edit.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-edit.png
new file mode 100644
index 0000000..f7798ca
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-edit.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-exlink.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-exlink.png
new file mode 100644
index 0000000..be6bcca
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-exlink.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload-active.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload-active.png
new file mode 100644
index 0000000..b7ffae8
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload-active.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload.png
new file mode 100644
index 0000000..b5b4d76
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/icon-upload.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-application.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-application.png
new file mode 100644
index 0000000..1f1bfe0
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-application.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-archive.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-archive.png
new file mode 100644
index 0000000..bc723bc
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-archive.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-audio.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-audio.png
new file mode 100644
index 0000000..67c95f1
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-audio.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-html.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-html.png
new file mode 100644
index 0000000..e636cf3
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-html.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-image.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-image.png
new file mode 100644
index 0000000..4e515e1
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-image.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-office.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-office.png
new file mode 100644
index 0000000..32f524f
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-office.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-script.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-script.png
new file mode 100644
index 0000000..ab22750
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-script.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-text.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-text.png
new file mode 100644
index 0000000..3640ae5
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-text.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-unknow.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-unknow.png
new file mode 100644
index 0000000..88be1a4
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-unknow.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-video.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-video.png
new file mode 100644
index 0000000..ce948d9
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-2x/mime-video.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-s0c4f1c5ae6.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-s0c4f1c5ae6.png
new file mode 100644
index 0000000..b82a6da
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons-s0c4f1c5ae6.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-delete.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-delete.png
new file mode 100644
index 0000000..d159e4c
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-delete.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-edit.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-edit.png
new file mode 100644
index 0000000..cf8a4f7
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-edit.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-exlink.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-exlink.png
new file mode 100644
index 0000000..d3283c7
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-exlink.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload-active.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload-active.png
new file mode 100644
index 0000000..036d1c9
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload-active.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload.png
new file mode 100644
index 0000000..c4f677f
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/icon-upload.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-application.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-application.png
new file mode 100644
index 0000000..531b7bc
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-application.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-archive.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-archive.png
new file mode 100644
index 0000000..2d300b3
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-archive.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-audio.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-audio.png
new file mode 100644
index 0000000..8b970a1
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-audio.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-html.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-html.png
new file mode 100644
index 0000000..67436e6
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-html.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-image.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-image.png
new file mode 100644
index 0000000..4020983
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-image.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-office.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-office.png
new file mode 100644
index 0000000..97f2380
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-office.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-script.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-script.png
new file mode 100644
index 0000000..c6c06fd
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-script.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-text.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-text.png
new file mode 100644
index 0000000..8d9b2e5
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-text.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-unknow.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-unknow.png
new file mode 100644
index 0000000..ec3126d
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-unknow.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-video.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-video.png
new file mode 100644
index 0000000..0f19420
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/icons/mime-video.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/noscreen.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/noscreen.png
new file mode 100644
index 0000000..67b7a6a
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/noscreen.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/typecho-logo.svg b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/typecho-logo.svg
new file mode 100644
index 0000000..b447bb5
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/img/typecho-logo.svg
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg width="110px" height="26px" viewBox="0 0 110 26" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sketch="http://www.bohemiancoding.com/sketch/ns">
+    <title>typecho-logo</title>
+    <description>Created with Sketch (http://www.bohemiancoding.com/sketch)</description>
+    <defs></defs>
+    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage">
+        <path d="M34.75,5.288 C34.288,6.542 33.76,7.73 32.22,7.862 L32,9.468 L33.562,9.468 L33.562,15.342 C33.562,16.882 33.54,18.994 36.972,18.994 C38.006,18.994 39.106,18.686 39.766,18.224 L39.106,16.53 C38.754,16.75 38.204,16.992 37.61,16.992 C36.708,16.992 36.18,16.596 36.18,15.254 L36.18,9.468 L38.886,9.468 L39.106,7.62 L36.18,7.62 L36.18,5.288 L34.75,5.288 Z M48.258,18.268 C48.258,20.27 47.444,21.502 45.42,21.502 C44.76,21.502 44.276,21.436 43.858,21.282 C43.462,21.128 43.352,20.908 43.352,20.49 L43.352,19.434 L41.262,19.61 L41.262,22.668 C42.186,23.13 44.012,23.394 45.398,23.394 C48.676,23.394 50.502,21.898 50.502,18.268 L50.502,7.62 L46.63,7.62 L46.63,9.424 L47.334,9.468 C47.752,9.468 47.884,9.644 47.884,10.128 L47.884,14.11 C47.884,15.254 47.07,16.288 45.53,16.288 C44.122,16.288 43.902,15.276 43.902,13.934 L43.902,7.62 L40.03,7.62 L40.03,9.424 L40.734,9.468 C41.108,9.49 41.284,9.622 41.284,10.084 L41.284,14.506 C41.284,17.102 42.494,18.312 44.694,18.312 C46.146,18.312 47.488,17.696 48.258,16.596 L48.258,18.268 Z M54,20.776 C54,21.326 53.78,21.458 53.362,21.502 L52.636,21.568 L52.636,23.24 L58.312,23.24 L58.312,21.502 L56.53,21.414 L56.53,18.378 C57.102,18.73 58.026,19.016 58.884,19.016 C61.788,19.016 63.702,16.926 63.702,12.878 C63.702,8.94 62.162,7.29 59.72,7.29 C57.85,7.29 56.64,8.302 56.244,9.05 L56.244,7.62 L52.526,7.62 L52.526,9.402 L53.45,9.468 C53.868,9.468 54,9.644 54,10.128 L54,20.776 Z M60.974,13.098 C60.974,15.012 60.336,16.926 58.466,16.926 C57.894,16.926 57.102,16.75 56.53,16.376 L56.53,11.316 C56.53,10.304 57.498,9.424 58.752,9.424 C59.918,9.424 60.974,10.172 60.974,13.098 Z M70.786,7.29 C67.178,7.29 65.352,10.15 65.352,13.406 C65.352,16.684 66.804,18.972 70.544,18.972 C72.612,18.972 74.064,18.048 74.416,17.74 L73.58,15.958 C73.052,16.332 72.106,16.926 70.808,16.926 C68.938,16.926 68.19,15.76 68.102,14.33 C70.698,14.308 74.372,13.736 74.372,10.348 C74.372,8.39 72.942,7.29 70.786,7.29 Z M71.952,10.392 C71.952,12.086 69.642,12.46 68.014,12.482 C68.08,10.854 68.872,9.16 70.632,9.16 C71.424,9.16 71.952,9.578 71.952,10.392 Z M81.192,16.97 C79.234,16.97 78.354,15.43 78.354,13.032 C78.354,10.59 79.256,9.27 81.016,9.27 C81.346,9.27 81.61,9.314 81.874,9.402 C82.27,9.534 82.336,9.732 82.336,10.15 L82.336,11.206 L84.36,11.052 L84.36,8.192 C83.304,7.62 82.248,7.29 80.928,7.29 C78.442,7.29 75.692,8.83 75.692,13.296 C75.692,16.948 77.606,18.994 80.84,18.994 C82.468,18.994 83.81,18.422 84.668,17.718 L83.722,16.024 C82.82,16.684 82.05,16.97 81.192,16.97 Z M87.286,16.222 C87.286,16.772 87.066,16.904 86.648,16.948 L85.922,17.014 L85.922,18.686 L91.158,18.686 L91.158,16.926 L89.904,16.86 L89.904,11.536 C89.904,10.392 90.718,9.314 92.258,9.314 C93.666,9.314 93.974,10.348 93.974,11.69 L93.974,16.222 C93.974,16.772 93.754,16.904 93.336,16.948 L92.61,17.014 L92.61,18.686 L97.846,18.686 L97.846,16.926 L96.592,16.86 L96.592,11.118 C96.592,8.522 95.294,7.29 93.094,7.29 C91.642,7.29 90.542,7.972 89.882,8.918 L89.882,3 L85.966,3 L85.966,4.826 L86.736,4.87 C87.154,4.892 87.286,5.024 87.286,5.508 L87.286,16.222 Z M98.924,13.142 C98.924,17.124 100.86,19.016 103.808,19.016 C106.712,19.016 109.066,17.08 109.066,12.856 C109.066,7.796 105.788,7.29 104.16,7.29 C101.894,7.29 98.924,8.566 98.924,13.142 Z M103.984,17.08 C101.872,17.08 101.586,14.88 101.586,12.834 C101.586,10.722 102.29,9.226 104.028,9.226 C105.788,9.226 106.382,10.744 106.382,13.208 C106.382,15.496 105.7,17.08 103.984,17.08 Z" id="typecho" fill="#000000" sketch:type="MSShapeGroup"></path>
+        <path d="M13,26 C3.36833333,26 0,22.631 0,13 C0,3.36866667 3.36833333,0 13,0 C22.6316667,0 26,3.36866667 26,13 C26,22.631 22.6316667,26 13,26 Z M6,9 L20,9 L20,7 L6,7 L6,9 Z M6,14 L16,14 L16,12 L6,12 L6,14 Z M6,19 L18,19 L18,17 L6,17 L6,19 Z" id="icon" fill="#000000" sketch:type="MSShapeGroup"></path>
+    </g>
+</svg>
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/index.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/index.php
new file mode 100644
index 0000000..1ee87fc
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/index.php
@@ -0,0 +1,159 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+?>
+<div class="main">
+    <div class="container typecho-dashboard">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main">
+            <div class="col-mb-12 welcome-board" role="main">
+                <p><?php _e('目前有 <em>%s</em> 篇文章, 并有 <em>%s</em> 条关于你的评论在 <em>%s</em> 个分类中.',
+                $stat->myPublishedPostsNum, $stat->myPublishedCommentsNum, $stat->categoriesNum); ?>
+                <br><?php _e('点击下面的链接快速开始:'); ?></p>
+
+                <ul id="start-link" class="clearfix">
+                    <?php if($user->pass('contributor', true)): ?>
+                    <li><a href="<?php $options->adminUrl('write-post.php'); ?>"><?php _e('撰写新文章'); ?></a></li>
+                    <?php if($user->pass('editor', true) && 'on' == $request->get('__typecho_all_comments') && $stat->waitingCommentsNum > 0): ?>
+                        <li><a href="<?php $options->adminUrl('manage-comments.php?status=waiting'); ?>"><?php _e('待审核的评论'); ?></a>
+                        <span class="balloon"><?php $stat->waitingCommentsNum(); ?></span>
+                        </li>
+                    <?php elseif($stat->myWaitingCommentsNum > 0): ?>
+                        <li><a href="<?php $options->adminUrl('manage-comments.php?status=waiting'); ?>"><?php _e('待审核评论'); ?></a>
+                        <span class="balloon"><?php $stat->myWaitingCommentsNum(); ?></span>
+                        </li>
+                    <?php endif; ?>
+                    <?php if($user->pass('editor', true) && 'on' == $request->get('__typecho_all_comments') && $stat->spamCommentsNum > 0): ?>
+                        <li><a href="<?php $options->adminUrl('manage-comments.php?status=spam'); ?>"><?php _e('垃圾评论'); ?></a>
+                        <span class="balloon"><?php $stat->spamCommentsNum(); ?></span>
+                        </li>
+                    <?php elseif($stat->mySpamCommentsNum > 0): ?>
+                        <li><a href="<?php $options->adminUrl('manage-comments.php?status=spam'); ?>"><?php _e('垃圾评论'); ?></a>
+                        <span class="balloon"><?php $stat->mySpamCommentsNum(); ?></span>
+                        </li>
+                    <?php endif; ?>
+                    <?php if($user->pass('administrator', true)): ?>
+                    <li><a href="<?php $options->adminUrl('themes.php'); ?>"><?php _e('更换外观'); ?></a></li>
+                    <li><a href="<?php $options->adminUrl('plugins.php'); ?>"><?php _e('插件管理'); ?></a></li>
+                    <li><a href="<?php $options->adminUrl('options-general.php'); ?>"><?php _e('系统设置'); ?></a></li>
+                    <?php endif; ?>
+                    <?php endif; ?>
+                    <!--<li><a href="<?php $options->adminUrl('profile.php'); ?>"><?php _e('更新我的资料'); ?></a></li>-->
+                </ul>
+                <?php $version = Typecho_Cookie::get('__typecho_check_version'); ?>
+                <?php if ($version && $version['available']): ?>
+                <div class="update-check">
+                    <p class="message notice">
+                        <?php _e('您当前使用的版本是'); ?> <?php echo $version['current']; ?> &rarr;
+                        <strong><a href="<?php echo $version['link']; ?>"><?php _e('官方最新版本是'); ?> <?php echo $version['latest']; ?></a></strong>
+                    </p>
+                </div>
+                <?php endif; ?>
+            </div>
+
+            <div class="col-mb-12 col-tb-4" role="complementary">
+                <section class="latest-link">
+                    <h3><?php _e('最近发布的文章'); ?></h3>
+                    <?php Typecho_Widget::widget('Widget_Contents_Post_Recent', 'pageSize=10')->to($posts); ?>
+                    <ul>
+                    <?php if($posts->have()): ?>
+                    <?php while($posts->next()): ?>
+                        <li>
+                            <span><?php $posts->date('n.j'); ?></span>
+                            <a href="<?php $posts->permalink(); ?>" class="title"><?php $posts->title(); ?></a>
+                        </li>
+                    <?php endwhile; ?>
+                    <?php else: ?>
+                        <li><em><?php _e('暂时没有文章'); ?></em></li>
+                    <?php endif; ?>
+                    </ul>
+                </section>
+            </div>
+
+            <div class="col-mb-12 col-tb-4" role="complementary">
+                <section class="latest-link">
+                    <h3><?php _e('最近得到的回复'); ?></h3>
+                    <ul>
+                        <?php Typecho_Widget::widget('Widget_Comments_Recent', 'pageSize=10')->to($comments); ?>
+                        <?php if($comments->have()): ?>
+                        <?php while($comments->next()): ?>
+                        <li>
+                            <span><?php $comments->date('n.j'); ?></span>
+                            <a href="<?php $comments->permalink(); ?>" class="title"><?php $comments->author(true); ?></a>:
+                            <?php $comments->excerpt(35, '...'); ?>
+                        </li>
+                        <?php endwhile; ?>
+                        <?php else: ?>
+                        <li><?php _e('暂时没有回复'); ?></li>
+                        <?php endif; ?>
+                    </ul>
+                </section>
+            </div>
+
+            <div class="col-mb-12 col-tb-4" role="complementary">
+                <section class="latest-link">
+                    <h3><?php _e('官方最新日志'); ?></h3>
+                    <div id="typecho-message">
+                        <ul>
+                            <li><?php _e('读取中...'); ?></li>
+                        </ul>
+                    </div>
+                </section>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+?>
+
+<script>
+$(document).ready(function () {
+    var ul = $('#typecho-message ul'), cache = window.sessionStorage,
+        html = cache ? cache.getItem('feed') : '',
+        update = cache ? cache.getItem('update') : '';
+
+    if (!!html) {
+        ul.html(html);
+    } else {
+        html = '';
+        $.get('<?php $options->index('/action/ajax?do=feed'); ?>', function (o) {
+            for (var i = 0; i < o.length; i ++) {
+                var item = o[i];
+                html += '<li><span>' + item.date + '</span> <a href="' + item.link + '" target="_blank">' + item.title
+                    + '</a></li>';
+            }
+
+            ul.html(html);
+            cache.setItem('feed', html);
+        }, 'json');
+    }
+
+    function applyUpdate(update) {
+        if (update.available) {
+            $('<div class="update-check"><p>'
+                + '<?php _e('您当前使用的版本是 %s'); ?>'.replace('%s', update.current) + '<br />'
+                + '<strong><a href="' + update.link + '" target="_blank">'
+                + '<?php _e('官方最新版本是 %s'); ?>'.replace('%s', update.latest) + '</a></strong></p></div>')
+            .appendTo('.welcome-board').effect('highlight');
+        }
+    }
+
+    if (!!update) {
+        applyUpdate($.parseJSON(update));
+    } else {
+        update = '';
+        $.get('<?php $options->index('/action/ajax?do=checkVersion'); ?>', function (o, status, resp) {
+            applyUpdate(o);
+            cache.setItem('update', resp.responseText);
+        }, 'json');
+    }
+});
+
+</script>
+<?php include 'footer.php'; ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/Moxie.swf b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/Moxie.swf
new file mode 100644
index 0000000..6493572
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/Moxie.swf differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/diff.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/diff.js
new file mode 100644
index 0000000..112130e
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/diff.js
@@ -0,0 +1,2193 @@
+/**
+ * Diff Match and Patch
+ *
+ * Copyright 2006 Google Inc.
+ * http://code.google.com/p/google-diff-match-patch/
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @fileoverview Computes the difference between two texts to create a patch.
+ * Applies the patch onto another text, allowing for errors.
+ * @author fraser@google.com (Neil Fraser)
+ */
+
+/**
+ * Class containing the diff, match and patch methods.
+ * @constructor
+ */
+function diff_match_patch() {
+
+  // Defaults.
+  // Redefine these in your program to override the defaults.
+
+  // Number of seconds to map a diff before giving up (0 for infinity).
+  this.Diff_Timeout = 1.0;
+  // Cost of an empty edit operation in terms of edit characters.
+  this.Diff_EditCost = 4;
+  // At what point is no match declared (0.0 = perfection, 1.0 = very loose).
+  this.Match_Threshold = 0.5;
+  // How far to search for a match (0 = exact location, 1000+ = broad match).
+  // A match this many characters away from the expected location will add
+  // 1.0 to the score (0.0 is a perfect match).
+  this.Match_Distance = 1000;
+  // When deleting a large block of text (over ~64 characters), how close do
+  // the contents have to be to match the expected contents. (0.0 = perfection,
+  // 1.0 = very loose).  Note that Match_Threshold controls how closely the
+  // end points of a delete need to match.
+  this.Patch_DeleteThreshold = 0.5;
+  // Chunk size for context length.
+  this.Patch_Margin = 4;
+
+  // The number of bits in an int.
+  this.Match_MaxBits = 32;
+}
+
+
+//  DIFF FUNCTIONS
+
+
+/**
+ * The data structure representing a diff is an array of tuples:
+ * [[DIFF_DELETE, 'Hello'], [DIFF_INSERT, 'Goodbye'], [DIFF_EQUAL, ' world.']]
+ * which means: delete 'Hello', add 'Goodbye' and keep ' world.'
+ */
+var DIFF_DELETE = -1;
+var DIFF_INSERT = 1;
+var DIFF_EQUAL = 0;
+
+/** @typedef {{0: number, 1: string}} */
+diff_match_patch.Diff;
+
+
+/**
+ * Find the differences between two texts.  Simplifies the problem by stripping
+ * any common prefix or suffix off the texts before diffing.
+ * @param {string} text1 Old string to be diffed.
+ * @param {string} text2 New string to be diffed.
+ * @param {boolean=} opt_checklines Optional speedup flag. If present and false,
+ *     then don't run a line-level diff first to identify the changed areas.
+ *     Defaults to true, which does a faster, slightly less optimal diff.
+ * @param {number} opt_deadline Optional time when the diff should be complete
+ *     by.  Used internally for recursive calls.  Users should set DiffTimeout
+ *     instead.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ */
+diff_match_patch.prototype.diff_main = function(text1, text2, opt_checklines,
+    opt_deadline) {
+  // Set a deadline by which time the diff must be complete.
+  if (typeof opt_deadline == 'undefined') {
+    if (this.Diff_Timeout <= 0) {
+      opt_deadline = Number.MAX_VALUE;
+    } else {
+      opt_deadline = (new Date).getTime() + this.Diff_Timeout * 1000;
+    }
+  }
+  var deadline = opt_deadline;
+
+  // Check for null inputs.
+  if (text1 == null || text2 == null) {
+    throw new Error('Null input. (diff_main)');
+  }
+
+  // Check for equality (speedup).
+  if (text1 == text2) {
+    if (text1) {
+      return [[DIFF_EQUAL, text1]];
+    }
+    return [];
+  }
+
+  if (typeof opt_checklines == 'undefined') {
+    opt_checklines = true;
+  }
+  var checklines = opt_checklines;
+
+  // Trim off common prefix (speedup).
+  var commonlength = this.diff_commonPrefix(text1, text2);
+  var commonprefix = text1.substring(0, commonlength);
+  text1 = text1.substring(commonlength);
+  text2 = text2.substring(commonlength);
+
+  // Trim off common suffix (speedup).
+  commonlength = this.diff_commonSuffix(text1, text2);
+  var commonsuffix = text1.substring(text1.length - commonlength);
+  text1 = text1.substring(0, text1.length - commonlength);
+  text2 = text2.substring(0, text2.length - commonlength);
+
+  // Compute the diff on the middle block.
+  var diffs = this.diff_compute_(text1, text2, checklines, deadline);
+
+  // Restore the prefix and suffix.
+  if (commonprefix) {
+    diffs.unshift([DIFF_EQUAL, commonprefix]);
+  }
+  if (commonsuffix) {
+    diffs.push([DIFF_EQUAL, commonsuffix]);
+  }
+  this.diff_cleanupMerge(diffs);
+  return diffs;
+};
+
+
+/**
+ * Find the differences between two texts.  Assumes that the texts do not
+ * have any common prefix or suffix.
+ * @param {string} text1 Old string to be diffed.
+ * @param {string} text2 New string to be diffed.
+ * @param {boolean} checklines Speedup flag.  If false, then don't run a
+ *     line-level diff first to identify the changed areas.
+ *     If true, then run a faster, slightly less optimal diff.
+ * @param {number} deadline Time when the diff should be complete by.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ * @private
+ */
+diff_match_patch.prototype.diff_compute_ = function(text1, text2, checklines,
+    deadline) {
+  var diffs;
+
+  if (!text1) {
+    // Just add some text (speedup).
+    return [[DIFF_INSERT, text2]];
+  }
+
+  if (!text2) {
+    // Just delete some text (speedup).
+    return [[DIFF_DELETE, text1]];
+  }
+
+  var longtext = text1.length > text2.length ? text1 : text2;
+  var shorttext = text1.length > text2.length ? text2 : text1;
+  var i = longtext.indexOf(shorttext);
+  if (i != -1) {
+    // Shorter text is inside the longer text (speedup).
+    diffs = [[DIFF_INSERT, longtext.substring(0, i)],
+             [DIFF_EQUAL, shorttext],
+             [DIFF_INSERT, longtext.substring(i + shorttext.length)]];
+    // Swap insertions for deletions if diff is reversed.
+    if (text1.length > text2.length) {
+      diffs[0][0] = diffs[2][0] = DIFF_DELETE;
+    }
+    return diffs;
+  }
+
+  if (shorttext.length == 1) {
+    // Single character string.
+    // After the previous speedup, the character can't be an equality.
+    return [[DIFF_DELETE, text1], [DIFF_INSERT, text2]];
+  }
+
+  // Check to see if the problem can be split in two.
+  var hm = this.diff_halfMatch_(text1, text2);
+  if (hm) {
+    // A half-match was found, sort out the return data.
+    var text1_a = hm[0];
+    var text1_b = hm[1];
+    var text2_a = hm[2];
+    var text2_b = hm[3];
+    var mid_common = hm[4];
+    // Send both pairs off for separate processing.
+    var diffs_a = this.diff_main(text1_a, text2_a, checklines, deadline);
+    var diffs_b = this.diff_main(text1_b, text2_b, checklines, deadline);
+    // Merge the results.
+    return diffs_a.concat([[DIFF_EQUAL, mid_common]], diffs_b);
+  }
+
+  if (checklines && text1.length > 100 && text2.length > 100) {
+    return this.diff_lineMode_(text1, text2, deadline);
+  }
+
+  return this.diff_bisect_(text1, text2, deadline);
+};
+
+
+/**
+ * Do a quick line-level diff on both strings, then rediff the parts for
+ * greater accuracy.
+ * This speedup can produce non-minimal diffs.
+ * @param {string} text1 Old string to be diffed.
+ * @param {string} text2 New string to be diffed.
+ * @param {number} deadline Time when the diff should be complete by.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ * @private
+ */
+diff_match_patch.prototype.diff_lineMode_ = function(text1, text2, deadline) {
+  // Scan the text on a line-by-line basis first.
+  var a = this.diff_linesToChars_(text1, text2);
+  text1 = a.chars1;
+  text2 = a.chars2;
+  var linearray = a.lineArray;
+
+  var diffs = this.diff_main(text1, text2, false, deadline);
+
+  // Convert the diff back to original text.
+  this.diff_charsToLines_(diffs, linearray);
+  // Eliminate freak matches (e.g. blank lines)
+  this.diff_cleanupSemantic(diffs);
+
+  // Rediff any replacement blocks, this time character-by-character.
+  // Add a dummy entry at the end.
+  diffs.push([DIFF_EQUAL, '']);
+  var pointer = 0;
+  var count_delete = 0;
+  var count_insert = 0;
+  var text_delete = '';
+  var text_insert = '';
+  while (pointer < diffs.length) {
+    switch (diffs[pointer][0]) {
+      case DIFF_INSERT:
+        count_insert++;
+        text_insert += diffs[pointer][1];
+        break;
+      case DIFF_DELETE:
+        count_delete++;
+        text_delete += diffs[pointer][1];
+        break;
+      case DIFF_EQUAL:
+        // Upon reaching an equality, check for prior redundancies.
+        if (count_delete >= 1 && count_insert >= 1) {
+          // Delete the offending records and add the merged ones.
+          diffs.splice(pointer - count_delete - count_insert,
+                       count_delete + count_insert);
+          pointer = pointer - count_delete - count_insert;
+          var a = this.diff_main(text_delete, text_insert, false, deadline);
+          for (var j = a.length - 1; j >= 0; j--) {
+            diffs.splice(pointer, 0, a[j]);
+          }
+          pointer = pointer + a.length;
+        }
+        count_insert = 0;
+        count_delete = 0;
+        text_delete = '';
+        text_insert = '';
+        break;
+    }
+    pointer++;
+  }
+  diffs.pop();  // Remove the dummy entry at the end.
+
+  return diffs;
+};
+
+
+/**
+ * Find the 'middle snake' of a diff, split the problem in two
+ * and return the recursively constructed diff.
+ * See Myers 1986 paper: An O(ND) Difference Algorithm and Its Variations.
+ * @param {string} text1 Old string to be diffed.
+ * @param {string} text2 New string to be diffed.
+ * @param {number} deadline Time at which to bail if not yet complete.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ * @private
+ */
+diff_match_patch.prototype.diff_bisect_ = function(text1, text2, deadline) {
+  // Cache the text lengths to prevent multiple calls.
+  var text1_length = text1.length;
+  var text2_length = text2.length;
+  var max_d = Math.ceil((text1_length + text2_length) / 2);
+  var v_offset = max_d;
+  var v_length = 2 * max_d;
+  var v1 = new Array(v_length);
+  var v2 = new Array(v_length);
+  // Setting all elements to -1 is faster in Chrome & Firefox than mixing
+  // integers and undefined.
+  for (var x = 0; x < v_length; x++) {
+    v1[x] = -1;
+    v2[x] = -1;
+  }
+  v1[v_offset + 1] = 0;
+  v2[v_offset + 1] = 0;
+  var delta = text1_length - text2_length;
+  // If the total number of characters is odd, then the front path will collide
+  // with the reverse path.
+  var front = (delta % 2 != 0);
+  // Offsets for start and end of k loop.
+  // Prevents mapping of space beyond the grid.
+  var k1start = 0;
+  var k1end = 0;
+  var k2start = 0;
+  var k2end = 0;
+  for (var d = 0; d < max_d; d++) {
+    // Bail out if deadline is reached.
+    if ((new Date()).getTime() > deadline) {
+      break;
+    }
+
+    // Walk the front path one step.
+    for (var k1 = -d + k1start; k1 <= d - k1end; k1 += 2) {
+      var k1_offset = v_offset + k1;
+      var x1;
+      if (k1 == -d || (k1 != d && v1[k1_offset - 1] < v1[k1_offset + 1])) {
+        x1 = v1[k1_offset + 1];
+      } else {
+        x1 = v1[k1_offset - 1] + 1;
+      }
+      var y1 = x1 - k1;
+      while (x1 < text1_length && y1 < text2_length &&
+             text1.charAt(x1) == text2.charAt(y1)) {
+        x1++;
+        y1++;
+      }
+      v1[k1_offset] = x1;
+      if (x1 > text1_length) {
+        // Ran off the right of the graph.
+        k1end += 2;
+      } else if (y1 > text2_length) {
+        // Ran off the bottom of the graph.
+        k1start += 2;
+      } else if (front) {
+        var k2_offset = v_offset + delta - k1;
+        if (k2_offset >= 0 && k2_offset < v_length && v2[k2_offset] != -1) {
+          // Mirror x2 onto top-left coordinate system.
+          var x2 = text1_length - v2[k2_offset];
+          if (x1 >= x2) {
+            // Overlap detected.
+            return this.diff_bisectSplit_(text1, text2, x1, y1, deadline);
+          }
+        }
+      }
+    }
+
+    // Walk the reverse path one step.
+    for (var k2 = -d + k2start; k2 <= d - k2end; k2 += 2) {
+      var k2_offset = v_offset + k2;
+      var x2;
+      if (k2 == -d || (k2 != d && v2[k2_offset - 1] < v2[k2_offset + 1])) {
+        x2 = v2[k2_offset + 1];
+      } else {
+        x2 = v2[k2_offset - 1] + 1;
+      }
+      var y2 = x2 - k2;
+      while (x2 < text1_length && y2 < text2_length &&
+             text1.charAt(text1_length - x2 - 1) ==
+             text2.charAt(text2_length - y2 - 1)) {
+        x2++;
+        y2++;
+      }
+      v2[k2_offset] = x2;
+      if (x2 > text1_length) {
+        // Ran off the left of the graph.
+        k2end += 2;
+      } else if (y2 > text2_length) {
+        // Ran off the top of the graph.
+        k2start += 2;
+      } else if (!front) {
+        var k1_offset = v_offset + delta - k2;
+        if (k1_offset >= 0 && k1_offset < v_length && v1[k1_offset] != -1) {
+          var x1 = v1[k1_offset];
+          var y1 = v_offset + x1 - k1_offset;
+          // Mirror x2 onto top-left coordinate system.
+          x2 = text1_length - x2;
+          if (x1 >= x2) {
+            // Overlap detected.
+            return this.diff_bisectSplit_(text1, text2, x1, y1, deadline);
+          }
+        }
+      }
+    }
+  }
+  // Diff took too long and hit the deadline or
+  // number of diffs equals number of characters, no commonality at all.
+  return [[DIFF_DELETE, text1], [DIFF_INSERT, text2]];
+};
+
+
+/**
+ * Given the location of the 'middle snake', split the diff in two parts
+ * and recurse.
+ * @param {string} text1 Old string to be diffed.
+ * @param {string} text2 New string to be diffed.
+ * @param {number} x Index of split point in text1.
+ * @param {number} y Index of split point in text2.
+ * @param {number} deadline Time at which to bail if not yet complete.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ * @private
+ */
+diff_match_patch.prototype.diff_bisectSplit_ = function(text1, text2, x, y,
+    deadline) {
+  var text1a = text1.substring(0, x);
+  var text2a = text2.substring(0, y);
+  var text1b = text1.substring(x);
+  var text2b = text2.substring(y);
+
+  // Compute both diffs serially.
+  var diffs = this.diff_main(text1a, text2a, false, deadline);
+  var diffsb = this.diff_main(text1b, text2b, false, deadline);
+
+  return diffs.concat(diffsb);
+};
+
+
+/**
+ * Split two texts into an array of strings.  Reduce the texts to a string of
+ * hashes where each Unicode character represents one line.
+ * @param {string} text1 First string.
+ * @param {string} text2 Second string.
+ * @return {{chars1: string, chars2: string, lineArray: !Array.<string>}}
+ *     An object containing the encoded text1, the encoded text2 and
+ *     the array of unique strings.
+ *     The zeroth element of the array of unique strings is intentionally blank.
+ * @private
+ */
+diff_match_patch.prototype.diff_linesToChars_ = function(text1, text2) {
+  var lineArray = [];  // e.g. lineArray[4] == 'Hello\n'
+  var lineHash = {};   // e.g. lineHash['Hello\n'] == 4
+
+  // '\x00' is a valid character, but various debuggers don't like it.
+  // So we'll insert a junk entry to avoid generating a null character.
+  lineArray[0] = '';
+
+  /**
+   * Split a text into an array of strings.  Reduce the texts to a string of
+   * hashes where each Unicode character represents one line.
+   * Modifies linearray and linehash through being a closure.
+   * @param {string} text String to encode.
+   * @return {string} Encoded string.
+   * @private
+   */
+  function diff_linesToCharsMunge_(text) {
+    var chars = '';
+    // Walk the text, pulling out a substring for each line.
+    // text.split('\n') would would temporarily double our memory footprint.
+    // Modifying text would create many large strings to garbage collect.
+    var lineStart = 0;
+    var lineEnd = -1;
+    // Keeping our own length variable is faster than looking it up.
+    var lineArrayLength = lineArray.length;
+    while (lineEnd < text.length - 1) {
+      lineEnd = text.indexOf('\n', lineStart);
+      if (lineEnd == -1) {
+        lineEnd = text.length - 1;
+      }
+      var line = text.substring(lineStart, lineEnd + 1);
+      lineStart = lineEnd + 1;
+
+      if (lineHash.hasOwnProperty ? lineHash.hasOwnProperty(line) :
+          (lineHash[line] !== undefined)) {
+        chars += String.fromCharCode(lineHash[line]);
+      } else {
+        chars += String.fromCharCode(lineArrayLength);
+        lineHash[line] = lineArrayLength;
+        lineArray[lineArrayLength++] = line;
+      }
+    }
+    return chars;
+  }
+
+  var chars1 = diff_linesToCharsMunge_(text1);
+  var chars2 = diff_linesToCharsMunge_(text2);
+  return {chars1: chars1, chars2: chars2, lineArray: lineArray};
+};
+
+
+/**
+ * Rehydrate the text in a diff from a string of line hashes to real lines of
+ * text.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @param {!Array.<string>} lineArray Array of unique strings.
+ * @private
+ */
+diff_match_patch.prototype.diff_charsToLines_ = function(diffs, lineArray) {
+  for (var x = 0; x < diffs.length; x++) {
+    var chars = diffs[x][1];
+    var text = [];
+    for (var y = 0; y < chars.length; y++) {
+      text[y] = lineArray[chars.charCodeAt(y)];
+    }
+    diffs[x][1] = text.join('');
+  }
+};
+
+
+/**
+ * Determine the common prefix of two strings.
+ * @param {string} text1 First string.
+ * @param {string} text2 Second string.
+ * @return {number} The number of characters common to the start of each
+ *     string.
+ */
+diff_match_patch.prototype.diff_commonPrefix = function(text1, text2) {
+  // Quick check for common null cases.
+  if (!text1 || !text2 || text1.charAt(0) != text2.charAt(0)) {
+    return 0;
+  }
+  // Binary search.
+  // Performance analysis: http://neil.fraser.name/news/2007/10/09/
+  var pointermin = 0;
+  var pointermax = Math.min(text1.length, text2.length);
+  var pointermid = pointermax;
+  var pointerstart = 0;
+  while (pointermin < pointermid) {
+    if (text1.substring(pointerstart, pointermid) ==
+        text2.substring(pointerstart, pointermid)) {
+      pointermin = pointermid;
+      pointerstart = pointermin;
+    } else {
+      pointermax = pointermid;
+    }
+    pointermid = Math.floor((pointermax - pointermin) / 2 + pointermin);
+  }
+  return pointermid;
+};
+
+
+/**
+ * Determine the common suffix of two strings.
+ * @param {string} text1 First string.
+ * @param {string} text2 Second string.
+ * @return {number} The number of characters common to the end of each string.
+ */
+diff_match_patch.prototype.diff_commonSuffix = function(text1, text2) {
+  // Quick check for common null cases.
+  if (!text1 || !text2 ||
+      text1.charAt(text1.length - 1) != text2.charAt(text2.length - 1)) {
+    return 0;
+  }
+  // Binary search.
+  // Performance analysis: http://neil.fraser.name/news/2007/10/09/
+  var pointermin = 0;
+  var pointermax = Math.min(text1.length, text2.length);
+  var pointermid = pointermax;
+  var pointerend = 0;
+  while (pointermin < pointermid) {
+    if (text1.substring(text1.length - pointermid, text1.length - pointerend) ==
+        text2.substring(text2.length - pointermid, text2.length - pointerend)) {
+      pointermin = pointermid;
+      pointerend = pointermin;
+    } else {
+      pointermax = pointermid;
+    }
+    pointermid = Math.floor((pointermax - pointermin) / 2 + pointermin);
+  }
+  return pointermid;
+};
+
+
+/**
+ * Determine if the suffix of one string is the prefix of another.
+ * @param {string} text1 First string.
+ * @param {string} text2 Second string.
+ * @return {number} The number of characters common to the end of the first
+ *     string and the start of the second string.
+ * @private
+ */
+diff_match_patch.prototype.diff_commonOverlap_ = function(text1, text2) {
+  // Cache the text lengths to prevent multiple calls.
+  var text1_length = text1.length;
+  var text2_length = text2.length;
+  // Eliminate the null case.
+  if (text1_length == 0 || text2_length == 0) {
+    return 0;
+  }
+  // Truncate the longer string.
+  if (text1_length > text2_length) {
+    text1 = text1.substring(text1_length - text2_length);
+  } else if (text1_length < text2_length) {
+    text2 = text2.substring(0, text1_length);
+  }
+  var text_length = Math.min(text1_length, text2_length);
+  // Quick check for the worst case.
+  if (text1 == text2) {
+    return text_length;
+  }
+
+  // Start by looking for a single character match
+  // and increase length until no match is found.
+  // Performance analysis: http://neil.fraser.name/news/2010/11/04/
+  var best = 0;
+  var length = 1;
+  while (true) {
+    var pattern = text1.substring(text_length - length);
+    var found = text2.indexOf(pattern);
+    if (found == -1) {
+      return best;
+    }
+    length += found;
+    if (found == 0 || text1.substring(text_length - length) ==
+        text2.substring(0, length)) {
+      best = length;
+      length++;
+    }
+  }
+};
+
+
+/**
+ * Do the two texts share a substring which is at least half the length of the
+ * longer text?
+ * This speedup can produce non-minimal diffs.
+ * @param {string} text1 First string.
+ * @param {string} text2 Second string.
+ * @return {Array.<string>} Five element Array, containing the prefix of
+ *     text1, the suffix of text1, the prefix of text2, the suffix of
+ *     text2 and the common middle.  Or null if there was no match.
+ * @private
+ */
+diff_match_patch.prototype.diff_halfMatch_ = function(text1, text2) {
+  if (this.Diff_Timeout <= 0) {
+    // Don't risk returning a non-optimal diff if we have unlimited time.
+    return null;
+  }
+  var longtext = text1.length > text2.length ? text1 : text2;
+  var shorttext = text1.length > text2.length ? text2 : text1;
+  if (longtext.length < 4 || shorttext.length * 2 < longtext.length) {
+    return null;  // Pointless.
+  }
+  var dmp = this;  // 'this' becomes 'window' in a closure.
+
+  /**
+   * Does a substring of shorttext exist within longtext such that the substring
+   * is at least half the length of longtext?
+   * Closure, but does not reference any external variables.
+   * @param {string} longtext Longer string.
+   * @param {string} shorttext Shorter string.
+   * @param {number} i Start index of quarter length substring within longtext.
+   * @return {Array.<string>} Five element Array, containing the prefix of
+   *     longtext, the suffix of longtext, the prefix of shorttext, the suffix
+   *     of shorttext and the common middle.  Or null if there was no match.
+   * @private
+   */
+  function diff_halfMatchI_(longtext, shorttext, i) {
+    // Start with a 1/4 length substring at position i as a seed.
+    var seed = longtext.substring(i, i + Math.floor(longtext.length / 4));
+    var j = -1;
+    var best_common = '';
+    var best_longtext_a, best_longtext_b, best_shorttext_a, best_shorttext_b;
+    while ((j = shorttext.indexOf(seed, j + 1)) != -1) {
+      var prefixLength = dmp.diff_commonPrefix(longtext.substring(i),
+                                               shorttext.substring(j));
+      var suffixLength = dmp.diff_commonSuffix(longtext.substring(0, i),
+                                               shorttext.substring(0, j));
+      if (best_common.length < suffixLength + prefixLength) {
+        best_common = shorttext.substring(j - suffixLength, j) +
+            shorttext.substring(j, j + prefixLength);
+        best_longtext_a = longtext.substring(0, i - suffixLength);
+        best_longtext_b = longtext.substring(i + prefixLength);
+        best_shorttext_a = shorttext.substring(0, j - suffixLength);
+        best_shorttext_b = shorttext.substring(j + prefixLength);
+      }
+    }
+    if (best_common.length * 2 >= longtext.length) {
+      return [best_longtext_a, best_longtext_b,
+              best_shorttext_a, best_shorttext_b, best_common];
+    } else {
+      return null;
+    }
+  }
+
+  // First check if the second quarter is the seed for a half-match.
+  var hm1 = diff_halfMatchI_(longtext, shorttext,
+                             Math.ceil(longtext.length / 4));
+  // Check again based on the third quarter.
+  var hm2 = diff_halfMatchI_(longtext, shorttext,
+                             Math.ceil(longtext.length / 2));
+  var hm;
+  if (!hm1 && !hm2) {
+    return null;
+  } else if (!hm2) {
+    hm = hm1;
+  } else if (!hm1) {
+    hm = hm2;
+  } else {
+    // Both matched.  Select the longest.
+    hm = hm1[4].length > hm2[4].length ? hm1 : hm2;
+  }
+
+  // A half-match was found, sort out the return data.
+  var text1_a, text1_b, text2_a, text2_b;
+  if (text1.length > text2.length) {
+    text1_a = hm[0];
+    text1_b = hm[1];
+    text2_a = hm[2];
+    text2_b = hm[3];
+  } else {
+    text2_a = hm[0];
+    text2_b = hm[1];
+    text1_a = hm[2];
+    text1_b = hm[3];
+  }
+  var mid_common = hm[4];
+  return [text1_a, text1_b, text2_a, text2_b, mid_common];
+};
+
+
+/**
+ * Reduce the number of edits by eliminating semantically trivial equalities.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ */
+diff_match_patch.prototype.diff_cleanupSemantic = function(diffs) {
+  var changes = false;
+  var equalities = [];  // Stack of indices where equalities are found.
+  var equalitiesLength = 0;  // Keeping our own length var is faster in JS.
+  /** @type {?string} */
+  var lastequality = null;
+  // Always equal to diffs[equalities[equalitiesLength - 1]][1]
+  var pointer = 0;  // Index of current position.
+  // Number of characters that changed prior to the equality.
+  var length_insertions1 = 0;
+  var length_deletions1 = 0;
+  // Number of characters that changed after the equality.
+  var length_insertions2 = 0;
+  var length_deletions2 = 0;
+  while (pointer < diffs.length) {
+    if (diffs[pointer][0] == DIFF_EQUAL) {  // Equality found.
+      equalities[equalitiesLength++] = pointer;
+      length_insertions1 = length_insertions2;
+      length_deletions1 = length_deletions2;
+      length_insertions2 = 0;
+      length_deletions2 = 0;
+      lastequality = diffs[pointer][1];
+    } else {  // An insertion or deletion.
+      if (diffs[pointer][0] == DIFF_INSERT) {
+        length_insertions2 += diffs[pointer][1].length;
+      } else {
+        length_deletions2 += diffs[pointer][1].length;
+      }
+      // Eliminate an equality that is smaller or equal to the edits on both
+      // sides of it.
+      if (lastequality && (lastequality.length <=
+          Math.max(length_insertions1, length_deletions1)) &&
+          (lastequality.length <= Math.max(length_insertions2,
+                                           length_deletions2))) {
+        // Duplicate record.
+        diffs.splice(equalities[equalitiesLength - 1], 0,
+                     [DIFF_DELETE, lastequality]);
+        // Change second copy to insert.
+        diffs[equalities[equalitiesLength - 1] + 1][0] = DIFF_INSERT;
+        // Throw away the equality we just deleted.
+        equalitiesLength--;
+        // Throw away the previous equality (it needs to be reevaluated).
+        equalitiesLength--;
+        pointer = equalitiesLength > 0 ? equalities[equalitiesLength - 1] : -1;
+        length_insertions1 = 0;  // Reset the counters.
+        length_deletions1 = 0;
+        length_insertions2 = 0;
+        length_deletions2 = 0;
+        lastequality = null;
+        changes = true;
+      }
+    }
+    pointer++;
+  }
+
+  // Normalize the diff.
+  if (changes) {
+    this.diff_cleanupMerge(diffs);
+  }
+  this.diff_cleanupSemanticLossless(diffs);
+
+  // Find any overlaps between deletions and insertions.
+  // e.g: <del>abcxxx</del><ins>xxxdef</ins>
+  //   -> <del>abc</del>xxx<ins>def</ins>
+  // e.g: <del>xxxabc</del><ins>defxxx</ins>
+  //   -> <ins>def</ins>xxx<del>abc</del>
+  // Only extract an overlap if it is as big as the edit ahead or behind it.
+  pointer = 1;
+  while (pointer < diffs.length) {
+    if (diffs[pointer - 1][0] == DIFF_DELETE &&
+        diffs[pointer][0] == DIFF_INSERT) {
+      var deletion = diffs[pointer - 1][1];
+      var insertion = diffs[pointer][1];
+      var overlap_length1 = this.diff_commonOverlap_(deletion, insertion);
+      var overlap_length2 = this.diff_commonOverlap_(insertion, deletion);
+      if (overlap_length1 >= overlap_length2) {
+        if (overlap_length1 >= deletion.length / 2 ||
+            overlap_length1 >= insertion.length / 2) {
+          // Overlap found.  Insert an equality and trim the surrounding edits.
+          diffs.splice(pointer, 0,
+              [DIFF_EQUAL, insertion.substring(0, overlap_length1)]);
+          diffs[pointer - 1][1] =
+              deletion.substring(0, deletion.length - overlap_length1);
+          diffs[pointer + 1][1] = insertion.substring(overlap_length1);
+          pointer++;
+        }
+      } else {
+        if (overlap_length2 >= deletion.length / 2 ||
+            overlap_length2 >= insertion.length / 2) {
+          // Reverse overlap found.
+          // Insert an equality and swap and trim the surrounding edits.
+          diffs.splice(pointer, 0,
+              [DIFF_EQUAL, deletion.substring(0, overlap_length2)]);
+          diffs[pointer - 1][0] = DIFF_INSERT;
+          diffs[pointer - 1][1] =
+              insertion.substring(0, insertion.length - overlap_length2);
+          diffs[pointer + 1][0] = DIFF_DELETE;
+          diffs[pointer + 1][1] =
+              deletion.substring(overlap_length2);
+          pointer++;
+        }
+      }
+      pointer++;
+    }
+    pointer++;
+  }
+};
+
+
+/**
+ * Look for single edits surrounded on both sides by equalities
+ * which can be shifted sideways to align the edit to a word boundary.
+ * e.g: The c<ins>at c</ins>ame. -> The <ins>cat </ins>came.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ */
+diff_match_patch.prototype.diff_cleanupSemanticLossless = function(diffs) {
+  /**
+   * Given two strings, compute a score representing whether the internal
+   * boundary falls on logical boundaries.
+   * Scores range from 6 (best) to 0 (worst).
+   * Closure, but does not reference any external variables.
+   * @param {string} one First string.
+   * @param {string} two Second string.
+   * @return {number} The score.
+   * @private
+   */
+  function diff_cleanupSemanticScore_(one, two) {
+    if (!one || !two) {
+      // Edges are the best.
+      return 6;
+    }
+
+    // Each port of this function behaves slightly differently due to
+    // subtle differences in each language's definition of things like
+    // 'whitespace'.  Since this function's purpose is largely cosmetic,
+    // the choice has been made to use each language's native features
+    // rather than force total conformity.
+    var char1 = one.charAt(one.length - 1);
+    var char2 = two.charAt(0);
+    var nonAlphaNumeric1 = char1.match(diff_match_patch.nonAlphaNumericRegex_);
+    var nonAlphaNumeric2 = char2.match(diff_match_patch.nonAlphaNumericRegex_);
+    var whitespace1 = nonAlphaNumeric1 &&
+        char1.match(diff_match_patch.whitespaceRegex_);
+    var whitespace2 = nonAlphaNumeric2 &&
+        char2.match(diff_match_patch.whitespaceRegex_);
+    var lineBreak1 = whitespace1 &&
+        char1.match(diff_match_patch.linebreakRegex_);
+    var lineBreak2 = whitespace2 &&
+        char2.match(diff_match_patch.linebreakRegex_);
+    var blankLine1 = lineBreak1 &&
+        one.match(diff_match_patch.blanklineEndRegex_);
+    var blankLine2 = lineBreak2 &&
+        two.match(diff_match_patch.blanklineStartRegex_);
+
+    if (blankLine1 || blankLine2) {
+      // Five points for blank lines.
+      return 5;
+    } else if (lineBreak1 || lineBreak2) {
+      // Four points for line breaks.
+      return 4;
+    } else if (nonAlphaNumeric1 && !whitespace1 && whitespace2) {
+      // Three points for end of sentences.
+      return 3;
+    } else if (whitespace1 || whitespace2) {
+      // Two points for whitespace.
+      return 2;
+    } else if (nonAlphaNumeric1 || nonAlphaNumeric2) {
+      // One point for non-alphanumeric.
+      return 1;
+    }
+    return 0;
+  }
+
+  var pointer = 1;
+  // Intentionally ignore the first and last element (don't need checking).
+  while (pointer < diffs.length - 1) {
+    if (diffs[pointer - 1][0] == DIFF_EQUAL &&
+        diffs[pointer + 1][0] == DIFF_EQUAL) {
+      // This is a single edit surrounded by equalities.
+      var equality1 = diffs[pointer - 1][1];
+      var edit = diffs[pointer][1];
+      var equality2 = diffs[pointer + 1][1];
+
+      // First, shift the edit as far left as possible.
+      var commonOffset = this.diff_commonSuffix(equality1, edit);
+      if (commonOffset) {
+        var commonString = edit.substring(edit.length - commonOffset);
+        equality1 = equality1.substring(0, equality1.length - commonOffset);
+        edit = commonString + edit.substring(0, edit.length - commonOffset);
+        equality2 = commonString + equality2;
+      }
+
+      // Second, step character by character right, looking for the best fit.
+      var bestEquality1 = equality1;
+      var bestEdit = edit;
+      var bestEquality2 = equality2;
+      var bestScore = diff_cleanupSemanticScore_(equality1, edit) +
+          diff_cleanupSemanticScore_(edit, equality2);
+      while (edit.charAt(0) === equality2.charAt(0)) {
+        equality1 += edit.charAt(0);
+        edit = edit.substring(1) + equality2.charAt(0);
+        equality2 = equality2.substring(1);
+        var score = diff_cleanupSemanticScore_(equality1, edit) +
+            diff_cleanupSemanticScore_(edit, equality2);
+        // The >= encourages trailing rather than leading whitespace on edits.
+        if (score >= bestScore) {
+          bestScore = score;
+          bestEquality1 = equality1;
+          bestEdit = edit;
+          bestEquality2 = equality2;
+        }
+      }
+
+      if (diffs[pointer - 1][1] != bestEquality1) {
+        // We have an improvement, save it back to the diff.
+        if (bestEquality1) {
+          diffs[pointer - 1][1] = bestEquality1;
+        } else {
+          diffs.splice(pointer - 1, 1);
+          pointer--;
+        }
+        diffs[pointer][1] = bestEdit;
+        if (bestEquality2) {
+          diffs[pointer + 1][1] = bestEquality2;
+        } else {
+          diffs.splice(pointer + 1, 1);
+          pointer--;
+        }
+      }
+    }
+    pointer++;
+  }
+};
+
+// Define some regex patterns for matching boundaries.
+diff_match_patch.nonAlphaNumericRegex_ = /[^a-zA-Z0-9]/;
+diff_match_patch.whitespaceRegex_ = /\s/;
+diff_match_patch.linebreakRegex_ = /[\r\n]/;
+diff_match_patch.blanklineEndRegex_ = /\n\r?\n$/;
+diff_match_patch.blanklineStartRegex_ = /^\r?\n\r?\n/;
+
+/**
+ * Reduce the number of edits by eliminating operationally trivial equalities.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ */
+diff_match_patch.prototype.diff_cleanupEfficiency = function(diffs) {
+  var changes = false;
+  var equalities = [];  // Stack of indices where equalities are found.
+  var equalitiesLength = 0;  // Keeping our own length var is faster in JS.
+  /** @type {?string} */
+  var lastequality = null;
+  // Always equal to diffs[equalities[equalitiesLength - 1]][1]
+  var pointer = 0;  // Index of current position.
+  // Is there an insertion operation before the last equality.
+  var pre_ins = false;
+  // Is there a deletion operation before the last equality.
+  var pre_del = false;
+  // Is there an insertion operation after the last equality.
+  var post_ins = false;
+  // Is there a deletion operation after the last equality.
+  var post_del = false;
+  while (pointer < diffs.length) {
+    if (diffs[pointer][0] == DIFF_EQUAL) {  // Equality found.
+      if (diffs[pointer][1].length < this.Diff_EditCost &&
+          (post_ins || post_del)) {
+        // Candidate found.
+        equalities[equalitiesLength++] = pointer;
+        pre_ins = post_ins;
+        pre_del = post_del;
+        lastequality = diffs[pointer][1];
+      } else {
+        // Not a candidate, and can never become one.
+        equalitiesLength = 0;
+        lastequality = null;
+      }
+      post_ins = post_del = false;
+    } else {  // An insertion or deletion.
+      if (diffs[pointer][0] == DIFF_DELETE) {
+        post_del = true;
+      } else {
+        post_ins = true;
+      }
+      /*
+       * Five types to be split:
+       * <ins>A</ins><del>B</del>XY<ins>C</ins><del>D</del>
+       * <ins>A</ins>X<ins>C</ins><del>D</del>
+       * <ins>A</ins><del>B</del>X<ins>C</ins>
+       * <ins>A</del>X<ins>C</ins><del>D</del>
+       * <ins>A</ins><del>B</del>X<del>C</del>
+       */
+      if (lastequality && ((pre_ins && pre_del && post_ins && post_del) ||
+                           ((lastequality.length < this.Diff_EditCost / 2) &&
+                            (pre_ins + pre_del + post_ins + post_del) == 3))) {
+        // Duplicate record.
+        diffs.splice(equalities[equalitiesLength - 1], 0,
+                     [DIFF_DELETE, lastequality]);
+        // Change second copy to insert.
+        diffs[equalities[equalitiesLength - 1] + 1][0] = DIFF_INSERT;
+        equalitiesLength--;  // Throw away the equality we just deleted;
+        lastequality = null;
+        if (pre_ins && pre_del) {
+          // No changes made which could affect previous entry, keep going.
+          post_ins = post_del = true;
+          equalitiesLength = 0;
+        } else {
+          equalitiesLength--;  // Throw away the previous equality.
+          pointer = equalitiesLength > 0 ?
+              equalities[equalitiesLength - 1] : -1;
+          post_ins = post_del = false;
+        }
+        changes = true;
+      }
+    }
+    pointer++;
+  }
+
+  if (changes) {
+    this.diff_cleanupMerge(diffs);
+  }
+};
+
+
+/**
+ * Reorder and merge like edit sections.  Merge equalities.
+ * Any edit section can move as long as it doesn't cross an equality.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ */
+diff_match_patch.prototype.diff_cleanupMerge = function(diffs) {
+  diffs.push([DIFF_EQUAL, '']);  // Add a dummy entry at the end.
+  var pointer = 0;
+  var count_delete = 0;
+  var count_insert = 0;
+  var text_delete = '';
+  var text_insert = '';
+  var commonlength;
+  while (pointer < diffs.length) {
+    switch (diffs[pointer][0]) {
+      case DIFF_INSERT:
+        count_insert++;
+        text_insert += diffs[pointer][1];
+        pointer++;
+        break;
+      case DIFF_DELETE:
+        count_delete++;
+        text_delete += diffs[pointer][1];
+        pointer++;
+        break;
+      case DIFF_EQUAL:
+        // Upon reaching an equality, check for prior redundancies.
+        if (count_delete + count_insert > 1) {
+          if (count_delete !== 0 && count_insert !== 0) {
+            // Factor out any common prefixies.
+            commonlength = this.diff_commonPrefix(text_insert, text_delete);
+            if (commonlength !== 0) {
+              if ((pointer - count_delete - count_insert) > 0 &&
+                  diffs[pointer - count_delete - count_insert - 1][0] ==
+                  DIFF_EQUAL) {
+                diffs[pointer - count_delete - count_insert - 1][1] +=
+                    text_insert.substring(0, commonlength);
+              } else {
+                diffs.splice(0, 0, [DIFF_EQUAL,
+                                    text_insert.substring(0, commonlength)]);
+                pointer++;
+              }
+              text_insert = text_insert.substring(commonlength);
+              text_delete = text_delete.substring(commonlength);
+            }
+            // Factor out any common suffixies.
+            commonlength = this.diff_commonSuffix(text_insert, text_delete);
+            if (commonlength !== 0) {
+              diffs[pointer][1] = text_insert.substring(text_insert.length -
+                  commonlength) + diffs[pointer][1];
+              text_insert = text_insert.substring(0, text_insert.length -
+                  commonlength);
+              text_delete = text_delete.substring(0, text_delete.length -
+                  commonlength);
+            }
+          }
+          // Delete the offending records and add the merged ones.
+          if (count_delete === 0) {
+            diffs.splice(pointer - count_insert,
+                count_delete + count_insert, [DIFF_INSERT, text_insert]);
+          } else if (count_insert === 0) {
+            diffs.splice(pointer - count_delete,
+                count_delete + count_insert, [DIFF_DELETE, text_delete]);
+          } else {
+            diffs.splice(pointer - count_delete - count_insert,
+                count_delete + count_insert, [DIFF_DELETE, text_delete],
+                [DIFF_INSERT, text_insert]);
+          }
+          pointer = pointer - count_delete - count_insert +
+                    (count_delete ? 1 : 0) + (count_insert ? 1 : 0) + 1;
+        } else if (pointer !== 0 && diffs[pointer - 1][0] == DIFF_EQUAL) {
+          // Merge this equality with the previous one.
+          diffs[pointer - 1][1] += diffs[pointer][1];
+          diffs.splice(pointer, 1);
+        } else {
+          pointer++;
+        }
+        count_insert = 0;
+        count_delete = 0;
+        text_delete = '';
+        text_insert = '';
+        break;
+    }
+  }
+  if (diffs[diffs.length - 1][1] === '') {
+    diffs.pop();  // Remove the dummy entry at the end.
+  }
+
+  // Second pass: look for single edits surrounded on both sides by equalities
+  // which can be shifted sideways to eliminate an equality.
+  // e.g: A<ins>BA</ins>C -> <ins>AB</ins>AC
+  var changes = false;
+  pointer = 1;
+  // Intentionally ignore the first and last element (don't need checking).
+  while (pointer < diffs.length - 1) {
+    if (diffs[pointer - 1][0] == DIFF_EQUAL &&
+        diffs[pointer + 1][0] == DIFF_EQUAL) {
+      // This is a single edit surrounded by equalities.
+      if (diffs[pointer][1].substring(diffs[pointer][1].length -
+          diffs[pointer - 1][1].length) == diffs[pointer - 1][1]) {
+        // Shift the edit over the previous equality.
+        diffs[pointer][1] = diffs[pointer - 1][1] +
+            diffs[pointer][1].substring(0, diffs[pointer][1].length -
+                                        diffs[pointer - 1][1].length);
+        diffs[pointer + 1][1] = diffs[pointer - 1][1] + diffs[pointer + 1][1];
+        diffs.splice(pointer - 1, 1);
+        changes = true;
+      } else if (diffs[pointer][1].substring(0, diffs[pointer + 1][1].length) ==
+          diffs[pointer + 1][1]) {
+        // Shift the edit over the next equality.
+        diffs[pointer - 1][1] += diffs[pointer + 1][1];
+        diffs[pointer][1] =
+            diffs[pointer][1].substring(diffs[pointer + 1][1].length) +
+            diffs[pointer + 1][1];
+        diffs.splice(pointer + 1, 1);
+        changes = true;
+      }
+    }
+    pointer++;
+  }
+  // If shifts were made, the diff needs reordering and another shift sweep.
+  if (changes) {
+    this.diff_cleanupMerge(diffs);
+  }
+};
+
+
+/**
+ * loc is a location in text1, compute and return the equivalent location in
+ * text2.
+ * e.g. 'The cat' vs 'The big cat', 1->1, 5->8
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @param {number} loc Location within text1.
+ * @return {number} Location within text2.
+ */
+diff_match_patch.prototype.diff_xIndex = function(diffs, loc) {
+  var chars1 = 0;
+  var chars2 = 0;
+  var last_chars1 = 0;
+  var last_chars2 = 0;
+  var x;
+  for (x = 0; x < diffs.length; x++) {
+    if (diffs[x][0] !== DIFF_INSERT) {  // Equality or deletion.
+      chars1 += diffs[x][1].length;
+    }
+    if (diffs[x][0] !== DIFF_DELETE) {  // Equality or insertion.
+      chars2 += diffs[x][1].length;
+    }
+    if (chars1 > loc) {  // Overshot the location.
+      break;
+    }
+    last_chars1 = chars1;
+    last_chars2 = chars2;
+  }
+  // Was the location was deleted?
+  if (diffs.length != x && diffs[x][0] === DIFF_DELETE) {
+    return last_chars2;
+  }
+  // Add the remaining character length.
+  return last_chars2 + (loc - last_chars1);
+};
+
+
+/**
+ * Convert a diff array into a pretty HTML report.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @return {string} HTML representation.
+ */
+diff_match_patch.prototype.diff_prettyHtml = function(diffs) {
+  var html = [];
+  var pattern_amp = /&/g;
+  var pattern_lt = /</g;
+  var pattern_gt = />/g;
+  var pattern_para = /\n/g;
+  for (var x = 0; x < diffs.length; x++) {
+    var op = diffs[x][0];    // Operation (insert, delete, equal)
+    var data = diffs[x][1];  // Text of change.
+    var text = data.replace(pattern_amp, '&amp;').replace(pattern_lt, '&lt;')
+        .replace(pattern_gt, '&gt;').replace(pattern_para, '&para;<br>');
+    switch (op) {
+      case DIFF_INSERT:
+        html[x] = '<ins style="background:#e6ffe6;">' + text + '</ins>';
+        break;
+      case DIFF_DELETE:
+        html[x] = '<del style="background:#ffe6e6;">' + text + '</del>';
+        break;
+      case DIFF_EQUAL:
+        html[x] = '<span>' + text + '</span>';
+        break;
+    }
+  }
+  return html.join('');
+};
+
+
+/**
+ * Compute and return the source text (all equalities and deletions).
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @return {string} Source text.
+ */
+diff_match_patch.prototype.diff_text1 = function(diffs) {
+  var text = [];
+  for (var x = 0; x < diffs.length; x++) {
+    if (diffs[x][0] !== DIFF_INSERT) {
+      text[x] = diffs[x][1];
+    }
+  }
+  return text.join('');
+};
+
+
+/**
+ * Compute and return the destination text (all equalities and insertions).
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @return {string} Destination text.
+ */
+diff_match_patch.prototype.diff_text2 = function(diffs) {
+  var text = [];
+  for (var x = 0; x < diffs.length; x++) {
+    if (diffs[x][0] !== DIFF_DELETE) {
+      text[x] = diffs[x][1];
+    }
+  }
+  return text.join('');
+};
+
+
+/**
+ * Compute the Levenshtein distance; the number of inserted, deleted or
+ * substituted characters.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @return {number} Number of changes.
+ */
+diff_match_patch.prototype.diff_levenshtein = function(diffs) {
+  var levenshtein = 0;
+  var insertions = 0;
+  var deletions = 0;
+  for (var x = 0; x < diffs.length; x++) {
+    var op = diffs[x][0];
+    var data = diffs[x][1];
+    switch (op) {
+      case DIFF_INSERT:
+        insertions += data.length;
+        break;
+      case DIFF_DELETE:
+        deletions += data.length;
+        break;
+      case DIFF_EQUAL:
+        // A deletion and an insertion is one substitution.
+        levenshtein += Math.max(insertions, deletions);
+        insertions = 0;
+        deletions = 0;
+        break;
+    }
+  }
+  levenshtein += Math.max(insertions, deletions);
+  return levenshtein;
+};
+
+
+/**
+ * Crush the diff into an encoded string which describes the operations
+ * required to transform text1 into text2.
+ * E.g. =3\t-2\t+ing  -> Keep 3 chars, delete 2 chars, insert 'ing'.
+ * Operations are tab-separated.  Inserted text is escaped using %xx notation.
+ * @param {!Array.<!diff_match_patch.Diff>} diffs Array of diff tuples.
+ * @return {string} Delta text.
+ */
+diff_match_patch.prototype.diff_toDelta = function(diffs) {
+  var text = [];
+  for (var x = 0; x < diffs.length; x++) {
+    switch (diffs[x][0]) {
+      case DIFF_INSERT:
+        text[x] = '+' + encodeURI(diffs[x][1]);
+        break;
+      case DIFF_DELETE:
+        text[x] = '-' + diffs[x][1].length;
+        break;
+      case DIFF_EQUAL:
+        text[x] = '=' + diffs[x][1].length;
+        break;
+    }
+  }
+  return text.join('\t').replace(/%20/g, ' ');
+};
+
+
+/**
+ * Given the original text1, and an encoded string which describes the
+ * operations required to transform text1 into text2, compute the full diff.
+ * @param {string} text1 Source string for the diff.
+ * @param {string} delta Delta text.
+ * @return {!Array.<!diff_match_patch.Diff>} Array of diff tuples.
+ * @throws {!Error} If invalid input.
+ */
+diff_match_patch.prototype.diff_fromDelta = function(text1, delta) {
+  var diffs = [];
+  var diffsLength = 0;  // Keeping our own length var is faster in JS.
+  var pointer = 0;  // Cursor in text1
+  var tokens = delta.split(/\t/g);
+  for (var x = 0; x < tokens.length; x++) {
+    // Each token begins with a one character parameter which specifies the
+    // operation of this token (delete, insert, equality).
+    var param = tokens[x].substring(1);
+    switch (tokens[x].charAt(0)) {
+      case '+':
+        try {
+          diffs[diffsLength++] = [DIFF_INSERT, decodeURI(param)];
+        } catch (ex) {
+          // Malformed URI sequence.
+          throw new Error('Illegal escape in diff_fromDelta: ' + param);
+        }
+        break;
+      case '-':
+        // Fall through.
+      case '=':
+        var n = parseInt(param, 10);
+        if (isNaN(n) || n < 0) {
+          throw new Error('Invalid number in diff_fromDelta: ' + param);
+        }
+        var text = text1.substring(pointer, pointer += n);
+        if (tokens[x].charAt(0) == '=') {
+          diffs[diffsLength++] = [DIFF_EQUAL, text];
+        } else {
+          diffs[diffsLength++] = [DIFF_DELETE, text];
+        }
+        break;
+      default:
+        // Blank tokens are ok (from a trailing \t).
+        // Anything else is an error.
+        if (tokens[x]) {
+          throw new Error('Invalid diff operation in diff_fromDelta: ' +
+                          tokens[x]);
+        }
+    }
+  }
+  if (pointer != text1.length) {
+    throw new Error('Delta length (' + pointer +
+        ') does not equal source text length (' + text1.length + ').');
+  }
+  return diffs;
+};
+
+
+//  MATCH FUNCTIONS
+
+
+/**
+ * Locate the best instance of 'pattern' in 'text' near 'loc'.
+ * @param {string} text The text to search.
+ * @param {string} pattern The pattern to search for.
+ * @param {number} loc The location to search around.
+ * @return {number} Best match index or -1.
+ */
+diff_match_patch.prototype.match_main = function(text, pattern, loc) {
+  // Check for null inputs.
+  if (text == null || pattern == null || loc == null) {
+    throw new Error('Null input. (match_main)');
+  }
+
+  loc = Math.max(0, Math.min(loc, text.length));
+  if (text == pattern) {
+    // Shortcut (potentially not guaranteed by the algorithm)
+    return 0;
+  } else if (!text.length) {
+    // Nothing to match.
+    return -1;
+  } else if (text.substring(loc, loc + pattern.length) == pattern) {
+    // Perfect match at the perfect spot!  (Includes case of null pattern)
+    return loc;
+  } else {
+    // Do a fuzzy compare.
+    return this.match_bitap_(text, pattern, loc);
+  }
+};
+
+
+/**
+ * Locate the best instance of 'pattern' in 'text' near 'loc' using the
+ * Bitap algorithm.
+ * @param {string} text The text to search.
+ * @param {string} pattern The pattern to search for.
+ * @param {number} loc The location to search around.
+ * @return {number} Best match index or -1.
+ * @private
+ */
+diff_match_patch.prototype.match_bitap_ = function(text, pattern, loc) {
+  if (pattern.length > this.Match_MaxBits) {
+    throw new Error('Pattern too long for this browser.');
+  }
+
+  // Initialise the alphabet.
+  var s = this.match_alphabet_(pattern);
+
+  var dmp = this;  // 'this' becomes 'window' in a closure.
+
+  /**
+   * Compute and return the score for a match with e errors and x location.
+   * Accesses loc and pattern through being a closure.
+   * @param {number} e Number of errors in match.
+   * @param {number} x Location of match.
+   * @return {number} Overall score for match (0.0 = good, 1.0 = bad).
+   * @private
+   */
+  function match_bitapScore_(e, x) {
+    var accuracy = e / pattern.length;
+    var proximity = Math.abs(loc - x);
+    if (!dmp.Match_Distance) {
+      // Dodge divide by zero error.
+      return proximity ? 1.0 : accuracy;
+    }
+    return accuracy + (proximity / dmp.Match_Distance);
+  }
+
+  // Highest score beyond which we give up.
+  var score_threshold = this.Match_Threshold;
+  // Is there a nearby exact match? (speedup)
+  var best_loc = text.indexOf(pattern, loc);
+  if (best_loc != -1) {
+    score_threshold = Math.min(match_bitapScore_(0, best_loc), score_threshold);
+    // What about in the other direction? (speedup)
+    best_loc = text.lastIndexOf(pattern, loc + pattern.length);
+    if (best_loc != -1) {
+      score_threshold =
+          Math.min(match_bitapScore_(0, best_loc), score_threshold);
+    }
+  }
+
+  // Initialise the bit arrays.
+  var matchmask = 1 << (pattern.length - 1);
+  best_loc = -1;
+
+  var bin_min, bin_mid;
+  var bin_max = pattern.length + text.length;
+  var last_rd;
+  for (var d = 0; d < pattern.length; d++) {
+    // Scan for the best match; each iteration allows for one more error.
+    // Run a binary search to determine how far from 'loc' we can stray at this
+    // error level.
+    bin_min = 0;
+    bin_mid = bin_max;
+    while (bin_min < bin_mid) {
+      if (match_bitapScore_(d, loc + bin_mid) <= score_threshold) {
+        bin_min = bin_mid;
+      } else {
+        bin_max = bin_mid;
+      }
+      bin_mid = Math.floor((bin_max - bin_min) / 2 + bin_min);
+    }
+    // Use the result from this iteration as the maximum for the next.
+    bin_max = bin_mid;
+    var start = Math.max(1, loc - bin_mid + 1);
+    var finish = Math.min(loc + bin_mid, text.length) + pattern.length;
+
+    var rd = Array(finish + 2);
+    rd[finish + 1] = (1 << d) - 1;
+    for (var j = finish; j >= start; j--) {
+      // The alphabet (s) is a sparse hash, so the following line generates
+      // warnings.
+      var charMatch = s[text.charAt(j - 1)];
+      if (d === 0) {  // First pass: exact match.
+        rd[j] = ((rd[j + 1] << 1) | 1) & charMatch;
+      } else {  // Subsequent passes: fuzzy match.
+        rd[j] = (((rd[j + 1] << 1) | 1) & charMatch) |
+                (((last_rd[j + 1] | last_rd[j]) << 1) | 1) |
+                last_rd[j + 1];
+      }
+      if (rd[j] & matchmask) {
+        var score = match_bitapScore_(d, j - 1);
+        // This match will almost certainly be better than any existing match.
+        // But check anyway.
+        if (score <= score_threshold) {
+          // Told you so.
+          score_threshold = score;
+          best_loc = j - 1;
+          if (best_loc > loc) {
+            // When passing loc, don't exceed our current distance from loc.
+            start = Math.max(1, 2 * loc - best_loc);
+          } else {
+            // Already passed loc, downhill from here on in.
+            break;
+          }
+        }
+      }
+    }
+    // No hope for a (better) match at greater error levels.
+    if (match_bitapScore_(d + 1, loc) > score_threshold) {
+      break;
+    }
+    last_rd = rd;
+  }
+  return best_loc;
+};
+
+
+/**
+ * Initialise the alphabet for the Bitap algorithm.
+ * @param {string} pattern The text to encode.
+ * @return {!Object} Hash of character locations.
+ * @private
+ */
+diff_match_patch.prototype.match_alphabet_ = function(pattern) {
+  var s = {};
+  for (var i = 0; i < pattern.length; i++) {
+    s[pattern.charAt(i)] = 0;
+  }
+  for (var i = 0; i < pattern.length; i++) {
+    s[pattern.charAt(i)] |= 1 << (pattern.length - i - 1);
+  }
+  return s;
+};
+
+
+//  PATCH FUNCTIONS
+
+
+/**
+ * Increase the context until it is unique,
+ * but don't let the pattern expand beyond Match_MaxBits.
+ * @param {!diff_match_patch.patch_obj} patch The patch to grow.
+ * @param {string} text Source text.
+ * @private
+ */
+diff_match_patch.prototype.patch_addContext_ = function(patch, text) {
+  if (text.length == 0) {
+    return;
+  }
+  var pattern = text.substring(patch.start2, patch.start2 + patch.length1);
+  var padding = 0;
+
+  // Look for the first and last matches of pattern in text.  If two different
+  // matches are found, increase the pattern length.
+  while (text.indexOf(pattern) != text.lastIndexOf(pattern) &&
+         pattern.length < this.Match_MaxBits - this.Patch_Margin -
+         this.Patch_Margin) {
+    padding += this.Patch_Margin;
+    pattern = text.substring(patch.start2 - padding,
+                             patch.start2 + patch.length1 + padding);
+  }
+  // Add one chunk for good luck.
+  padding += this.Patch_Margin;
+
+  // Add the prefix.
+  var prefix = text.substring(patch.start2 - padding, patch.start2);
+  if (prefix) {
+    patch.diffs.unshift([DIFF_EQUAL, prefix]);
+  }
+  // Add the suffix.
+  var suffix = text.substring(patch.start2 + patch.length1,
+                              patch.start2 + patch.length1 + padding);
+  if (suffix) {
+    patch.diffs.push([DIFF_EQUAL, suffix]);
+  }
+
+  // Roll back the start points.
+  patch.start1 -= prefix.length;
+  patch.start2 -= prefix.length;
+  // Extend the lengths.
+  patch.length1 += prefix.length + suffix.length;
+  patch.length2 += prefix.length + suffix.length;
+};
+
+
+/**
+ * Compute a list of patches to turn text1 into text2.
+ * Use diffs if provided, otherwise compute it ourselves.
+ * There are four ways to call this function, depending on what data is
+ * available to the caller:
+ * Method 1:
+ * a = text1, b = text2
+ * Method 2:
+ * a = diffs
+ * Method 3 (optimal):
+ * a = text1, b = diffs
+ * Method 4 (deprecated, use method 3):
+ * a = text1, b = text2, c = diffs
+ *
+ * @param {string|!Array.<!diff_match_patch.Diff>} a text1 (methods 1,3,4) or
+ * Array of diff tuples for text1 to text2 (method 2).
+ * @param {string|!Array.<!diff_match_patch.Diff>} opt_b text2 (methods 1,4) or
+ * Array of diff tuples for text1 to text2 (method 3) or undefined (method 2).
+ * @param {string|!Array.<!diff_match_patch.Diff>} opt_c Array of diff tuples
+ * for text1 to text2 (method 4) or undefined (methods 1,2,3).
+ * @return {!Array.<!diff_match_patch.patch_obj>} Array of Patch objects.
+ */
+diff_match_patch.prototype.patch_make = function(a, opt_b, opt_c) {
+  var text1, diffs;
+  if (typeof a == 'string' && typeof opt_b == 'string' &&
+      typeof opt_c == 'undefined') {
+    // Method 1: text1, text2
+    // Compute diffs from text1 and text2.
+    text1 = /** @type {string} */(a);
+    diffs = this.diff_main(text1, /** @type {string} */(opt_b), true);
+    if (diffs.length > 2) {
+      this.diff_cleanupSemantic(diffs);
+      this.diff_cleanupEfficiency(diffs);
+    }
+  } else if (a && typeof a == 'object' && typeof opt_b == 'undefined' &&
+      typeof opt_c == 'undefined') {
+    // Method 2: diffs
+    // Compute text1 from diffs.
+    diffs = /** @type {!Array.<!diff_match_patch.Diff>} */(a);
+    text1 = this.diff_text1(diffs);
+  } else if (typeof a == 'string' && opt_b && typeof opt_b == 'object' &&
+      typeof opt_c == 'undefined') {
+    // Method 3: text1, diffs
+    text1 = /** @type {string} */(a);
+    diffs = /** @type {!Array.<!diff_match_patch.Diff>} */(opt_b);
+  } else if (typeof a == 'string' && typeof opt_b == 'string' &&
+      opt_c && typeof opt_c == 'object') {
+    // Method 4: text1, text2, diffs
+    // text2 is not used.
+    text1 = /** @type {string} */(a);
+    diffs = /** @type {!Array.<!diff_match_patch.Diff>} */(opt_c);
+  } else {
+    throw new Error('Unknown call format to patch_make.');
+  }
+
+  if (diffs.length === 0) {
+    return [];  // Get rid of the null case.
+  }
+  var patches = [];
+  var patch = new diff_match_patch.patch_obj();
+  var patchDiffLength = 0;  // Keeping our own length var is faster in JS.
+  var char_count1 = 0;  // Number of characters into the text1 string.
+  var char_count2 = 0;  // Number of characters into the text2 string.
+  // Start with text1 (prepatch_text) and apply the diffs until we arrive at
+  // text2 (postpatch_text).  We recreate the patches one by one to determine
+  // context info.
+  var prepatch_text = text1;
+  var postpatch_text = text1;
+  for (var x = 0; x < diffs.length; x++) {
+    var diff_type = diffs[x][0];
+    var diff_text = diffs[x][1];
+
+    if (!patchDiffLength && diff_type !== DIFF_EQUAL) {
+      // A new patch starts here.
+      patch.start1 = char_count1;
+      patch.start2 = char_count2;
+    }
+
+    switch (diff_type) {
+      case DIFF_INSERT:
+        patch.diffs[patchDiffLength++] = diffs[x];
+        patch.length2 += diff_text.length;
+        postpatch_text = postpatch_text.substring(0, char_count2) + diff_text +
+                         postpatch_text.substring(char_count2);
+        break;
+      case DIFF_DELETE:
+        patch.length1 += diff_text.length;
+        patch.diffs[patchDiffLength++] = diffs[x];
+        postpatch_text = postpatch_text.substring(0, char_count2) +
+                         postpatch_text.substring(char_count2 +
+                             diff_text.length);
+        break;
+      case DIFF_EQUAL:
+        if (diff_text.length <= 2 * this.Patch_Margin &&
+            patchDiffLength && diffs.length != x + 1) {
+          // Small equality inside a patch.
+          patch.diffs[patchDiffLength++] = diffs[x];
+          patch.length1 += diff_text.length;
+          patch.length2 += diff_text.length;
+        } else if (diff_text.length >= 2 * this.Patch_Margin) {
+          // Time for a new patch.
+          if (patchDiffLength) {
+            this.patch_addContext_(patch, prepatch_text);
+            patches.push(patch);
+            patch = new diff_match_patch.patch_obj();
+            patchDiffLength = 0;
+            // Unlike Unidiff, our patch lists have a rolling context.
+            // http://code.google.com/p/google-diff-match-patch/wiki/Unidiff
+            // Update prepatch text & pos to reflect the application of the
+            // just completed patch.
+            prepatch_text = postpatch_text;
+            char_count1 = char_count2;
+          }
+        }
+        break;
+    }
+
+    // Update the current character count.
+    if (diff_type !== DIFF_INSERT) {
+      char_count1 += diff_text.length;
+    }
+    if (diff_type !== DIFF_DELETE) {
+      char_count2 += diff_text.length;
+    }
+  }
+  // Pick up the leftover patch if not empty.
+  if (patchDiffLength) {
+    this.patch_addContext_(patch, prepatch_text);
+    patches.push(patch);
+  }
+
+  return patches;
+};
+
+
+/**
+ * Given an array of patches, return another array that is identical.
+ * @param {!Array.<!diff_match_patch.patch_obj>} patches Array of Patch objects.
+ * @return {!Array.<!diff_match_patch.patch_obj>} Array of Patch objects.
+ */
+diff_match_patch.prototype.patch_deepCopy = function(patches) {
+  // Making deep copies is hard in JavaScript.
+  var patchesCopy = [];
+  for (var x = 0; x < patches.length; x++) {
+    var patch = patches[x];
+    var patchCopy = new diff_match_patch.patch_obj();
+    patchCopy.diffs = [];
+    for (var y = 0; y < patch.diffs.length; y++) {
+      patchCopy.diffs[y] = patch.diffs[y].slice();
+    }
+    patchCopy.start1 = patch.start1;
+    patchCopy.start2 = patch.start2;
+    patchCopy.length1 = patch.length1;
+    patchCopy.length2 = patch.length2;
+    patchesCopy[x] = patchCopy;
+  }
+  return patchesCopy;
+};
+
+
+/**
+ * Merge a set of patches onto the text.  Return a patched text, as well
+ * as a list of true/false values indicating which patches were applied.
+ * @param {!Array.<!diff_match_patch.patch_obj>} patches Array of Patch objects.
+ * @param {string} text Old text.
+ * @return {!Array.<string|!Array.<boolean>>} Two element Array, containing the
+ *      new text and an array of boolean values.
+ */
+diff_match_patch.prototype.patch_apply = function(patches, text) {
+  if (patches.length == 0) {
+    return [text, []];
+  }
+
+  // Deep copy the patches so that no changes are made to originals.
+  patches = this.patch_deepCopy(patches);
+
+  var nullPadding = this.patch_addPadding(patches);
+  text = nullPadding + text + nullPadding;
+
+  this.patch_splitMax(patches);
+  // delta keeps track of the offset between the expected and actual location
+  // of the previous patch.  If there are patches expected at positions 10 and
+  // 20, but the first patch was found at 12, delta is 2 and the second patch
+  // has an effective expected position of 22.
+  var delta = 0;
+  var results = [];
+  for (var x = 0; x < patches.length; x++) {
+    var expected_loc = patches[x].start2 + delta;
+    var text1 = this.diff_text1(patches[x].diffs);
+    var start_loc;
+    var end_loc = -1;
+    if (text1.length > this.Match_MaxBits) {
+      // patch_splitMax will only provide an oversized pattern in the case of
+      // a monster delete.
+      start_loc = this.match_main(text, text1.substring(0, this.Match_MaxBits),
+                                  expected_loc);
+      if (start_loc != -1) {
+        end_loc = this.match_main(text,
+            text1.substring(text1.length - this.Match_MaxBits),
+            expected_loc + text1.length - this.Match_MaxBits);
+        if (end_loc == -1 || start_loc >= end_loc) {
+          // Can't find valid trailing context.  Drop this patch.
+          start_loc = -1;
+        }
+      }
+    } else {
+      start_loc = this.match_main(text, text1, expected_loc);
+    }
+    if (start_loc == -1) {
+      // No match found.  :(
+      results[x] = false;
+      // Subtract the delta for this failed patch from subsequent patches.
+      delta -= patches[x].length2 - patches[x].length1;
+    } else {
+      // Found a match.  :)
+      results[x] = true;
+      delta = start_loc - expected_loc;
+      var text2;
+      if (end_loc == -1) {
+        text2 = text.substring(start_loc, start_loc + text1.length);
+      } else {
+        text2 = text.substring(start_loc, end_loc + this.Match_MaxBits);
+      }
+      if (text1 == text2) {
+        // Perfect match, just shove the replacement text in.
+        text = text.substring(0, start_loc) +
+               this.diff_text2(patches[x].diffs) +
+               text.substring(start_loc + text1.length);
+      } else {
+        // Imperfect match.  Run a diff to get a framework of equivalent
+        // indices.
+        var diffs = this.diff_main(text1, text2, false);
+        if (text1.length > this.Match_MaxBits &&
+            this.diff_levenshtein(diffs) / text1.length >
+            this.Patch_DeleteThreshold) {
+          // The end points match, but the content is unacceptably bad.
+          results[x] = false;
+        } else {
+          this.diff_cleanupSemanticLossless(diffs);
+          var index1 = 0;
+          var index2;
+          for (var y = 0; y < patches[x].diffs.length; y++) {
+            var mod = patches[x].diffs[y];
+            if (mod[0] !== DIFF_EQUAL) {
+              index2 = this.diff_xIndex(diffs, index1);
+            }
+            if (mod[0] === DIFF_INSERT) {  // Insertion
+              text = text.substring(0, start_loc + index2) + mod[1] +
+                     text.substring(start_loc + index2);
+            } else if (mod[0] === DIFF_DELETE) {  // Deletion
+              text = text.substring(0, start_loc + index2) +
+                     text.substring(start_loc + this.diff_xIndex(diffs,
+                         index1 + mod[1].length));
+            }
+            if (mod[0] !== DIFF_DELETE) {
+              index1 += mod[1].length;
+            }
+          }
+        }
+      }
+    }
+  }
+  // Strip the padding off.
+  text = text.substring(nullPadding.length, text.length - nullPadding.length);
+  return [text, results];
+};
+
+
+/**
+ * Add some padding on text start and end so that edges can match something.
+ * Intended to be called only from within patch_apply.
+ * @param {!Array.<!diff_match_patch.patch_obj>} patches Array of Patch objects.
+ * @return {string} The padding string added to each side.
+ */
+diff_match_patch.prototype.patch_addPadding = function(patches) {
+  var paddingLength = this.Patch_Margin;
+  var nullPadding = '';
+  for (var x = 1; x <= paddingLength; x++) {
+    nullPadding += String.fromCharCode(x);
+  }
+
+  // Bump all the patches forward.
+  for (var x = 0; x < patches.length; x++) {
+    patches[x].start1 += paddingLength;
+    patches[x].start2 += paddingLength;
+  }
+
+  // Add some padding on start of first diff.
+  var patch = patches[0];
+  var diffs = patch.diffs;
+  if (diffs.length == 0 || diffs[0][0] != DIFF_EQUAL) {
+    // Add nullPadding equality.
+    diffs.unshift([DIFF_EQUAL, nullPadding]);
+    patch.start1 -= paddingLength;  // Should be 0.
+    patch.start2 -= paddingLength;  // Should be 0.
+    patch.length1 += paddingLength;
+    patch.length2 += paddingLength;
+  } else if (paddingLength > diffs[0][1].length) {
+    // Grow first equality.
+    var extraLength = paddingLength - diffs[0][1].length;
+    diffs[0][1] = nullPadding.substring(diffs[0][1].length) + diffs[0][1];
+    patch.start1 -= extraLength;
+    patch.start2 -= extraLength;
+    patch.length1 += extraLength;
+    patch.length2 += extraLength;
+  }
+
+  // Add some padding on end of last diff.
+  patch = patches[patches.length - 1];
+  diffs = patch.diffs;
+  if (diffs.length == 0 || diffs[diffs.length - 1][0] != DIFF_EQUAL) {
+    // Add nullPadding equality.
+    diffs.push([DIFF_EQUAL, nullPadding]);
+    patch.length1 += paddingLength;
+    patch.length2 += paddingLength;
+  } else if (paddingLength > diffs[diffs.length - 1][1].length) {
+    // Grow last equality.
+    var extraLength = paddingLength - diffs[diffs.length - 1][1].length;
+    diffs[diffs.length - 1][1] += nullPadding.substring(0, extraLength);
+    patch.length1 += extraLength;
+    patch.length2 += extraLength;
+  }
+
+  return nullPadding;
+};
+
+
+/**
+ * Look through the patches and break up any which are longer than the maximum
+ * limit of the match algorithm.
+ * Intended to be called only from within patch_apply.
+ * @param {!Array.<!diff_match_patch.patch_obj>} patches Array of Patch objects.
+ */
+diff_match_patch.prototype.patch_splitMax = function(patches) {
+  var patch_size = this.Match_MaxBits;
+  for (var x = 0; x < patches.length; x++) {
+    if (patches[x].length1 <= patch_size) {
+      continue;
+    }
+    var bigpatch = patches[x];
+    // Remove the big old patch.
+    patches.splice(x--, 1);
+    var start1 = bigpatch.start1;
+    var start2 = bigpatch.start2;
+    var precontext = '';
+    while (bigpatch.diffs.length !== 0) {
+      // Create one of several smaller patches.
+      var patch = new diff_match_patch.patch_obj();
+      var empty = true;
+      patch.start1 = start1 - precontext.length;
+      patch.start2 = start2 - precontext.length;
+      if (precontext !== '') {
+        patch.length1 = patch.length2 = precontext.length;
+        patch.diffs.push([DIFF_EQUAL, precontext]);
+      }
+      while (bigpatch.diffs.length !== 0 &&
+             patch.length1 < patch_size - this.Patch_Margin) {
+        var diff_type = bigpatch.diffs[0][0];
+        var diff_text = bigpatch.diffs[0][1];
+        if (diff_type === DIFF_INSERT) {
+          // Insertions are harmless.
+          patch.length2 += diff_text.length;
+          start2 += diff_text.length;
+          patch.diffs.push(bigpatch.diffs.shift());
+          empty = false;
+        } else if (diff_type === DIFF_DELETE && patch.diffs.length == 1 &&
+                   patch.diffs[0][0] == DIFF_EQUAL &&
+                   diff_text.length > 2 * patch_size) {
+          // This is a large deletion.  Let it pass in one chunk.
+          patch.length1 += diff_text.length;
+          start1 += diff_text.length;
+          empty = false;
+          patch.diffs.push([diff_type, diff_text]);
+          bigpatch.diffs.shift();
+        } else {
+          // Deletion or equality.  Only take as much as we can stomach.
+          diff_text = diff_text.substring(0,
+              patch_size - patch.length1 - this.Patch_Margin);
+          patch.length1 += diff_text.length;
+          start1 += diff_text.length;
+          if (diff_type === DIFF_EQUAL) {
+            patch.length2 += diff_text.length;
+            start2 += diff_text.length;
+          } else {
+            empty = false;
+          }
+          patch.diffs.push([diff_type, diff_text]);
+          if (diff_text == bigpatch.diffs[0][1]) {
+            bigpatch.diffs.shift();
+          } else {
+            bigpatch.diffs[0][1] =
+                bigpatch.diffs[0][1].substring(diff_text.length);
+          }
+        }
+      }
+      // Compute the head context for the next patch.
+      precontext = this.diff_text2(patch.diffs);
+      precontext =
+          precontext.substring(precontext.length - this.Patch_Margin);
+      // Append the end context for this patch.
+      var postcontext = this.diff_text1(bigpatch.diffs)
+                            .substring(0, this.Patch_Margin);
+      if (postcontext !== '') {
+        patch.length1 += postcontext.length;
+        patch.length2 += postcontext.length;
+        if (patch.diffs.length !== 0 &&
+            patch.diffs[patch.diffs.length - 1][0] === DIFF_EQUAL) {
+          patch.diffs[patch.diffs.length - 1][1] += postcontext;
+        } else {
+          patch.diffs.push([DIFF_EQUAL, postcontext]);
+        }
+      }
+      if (!empty) {
+        patches.splice(++x, 0, patch);
+      }
+    }
+  }
+};
+
+
+/**
+ * Take a list of patches and return a textual representation.
+ * @param {!Array.<!diff_match_patch.patch_obj>} patches Array of Patch objects.
+ * @return {string} Text representation of patches.
+ */
+diff_match_patch.prototype.patch_toText = function(patches) {
+  var text = [];
+  for (var x = 0; x < patches.length; x++) {
+    text[x] = patches[x];
+  }
+  return text.join('');
+};
+
+
+/**
+ * Parse a textual representation of patches and return a list of Patch objects.
+ * @param {string} textline Text representation of patches.
+ * @return {!Array.<!diff_match_patch.patch_obj>} Array of Patch objects.
+ * @throws {!Error} If invalid input.
+ */
+diff_match_patch.prototype.patch_fromText = function(textline) {
+  var patches = [];
+  if (!textline) {
+    return patches;
+  }
+  var text = textline.split('\n');
+  var textPointer = 0;
+  var patchHeader = /^@@ -(\d+),?(\d*) \+(\d+),?(\d*) @@$/;
+  while (textPointer < text.length) {
+    var m = text[textPointer].match(patchHeader);
+    if (!m) {
+      throw new Error('Invalid patch string: ' + text[textPointer]);
+    }
+    var patch = new diff_match_patch.patch_obj();
+    patches.push(patch);
+    patch.start1 = parseInt(m[1], 10);
+    if (m[2] === '') {
+      patch.start1--;
+      patch.length1 = 1;
+    } else if (m[2] == '0') {
+      patch.length1 = 0;
+    } else {
+      patch.start1--;
+      patch.length1 = parseInt(m[2], 10);
+    }
+
+    patch.start2 = parseInt(m[3], 10);
+    if (m[4] === '') {
+      patch.start2--;
+      patch.length2 = 1;
+    } else if (m[4] == '0') {
+      patch.length2 = 0;
+    } else {
+      patch.start2--;
+      patch.length2 = parseInt(m[4], 10);
+    }
+    textPointer++;
+
+    while (textPointer < text.length) {
+      var sign = text[textPointer].charAt(0);
+      try {
+        var line = decodeURI(text[textPointer].substring(1));
+      } catch (ex) {
+        // Malformed URI sequence.
+        throw new Error('Illegal escape in patch_fromText: ' + line);
+      }
+      if (sign == '-') {
+        // Deletion.
+        patch.diffs.push([DIFF_DELETE, line]);
+      } else if (sign == '+') {
+        // Insertion.
+        patch.diffs.push([DIFF_INSERT, line]);
+      } else if (sign == ' ') {
+        // Minor equality.
+        patch.diffs.push([DIFF_EQUAL, line]);
+      } else if (sign == '@') {
+        // Start of next patch.
+        break;
+      } else if (sign === '') {
+        // Blank line?  Whatever.
+      } else {
+        // WTF?
+        throw new Error('Invalid patch mode "' + sign + '" in: ' + line);
+      }
+      textPointer++;
+    }
+  }
+  return patches;
+};
+
+
+/**
+ * Class representing one patch operation.
+ * @constructor
+ */
+diff_match_patch.patch_obj = function() {
+  /** @type {!Array.<!diff_match_patch.Diff>} */
+  this.diffs = [];
+  /** @type {?number} */
+  this.start1 = null;
+  /** @type {?number} */
+  this.start2 = null;
+  /** @type {number} */
+  this.length1 = 0;
+  /** @type {number} */
+  this.length2 = 0;
+};
+
+
+/**
+ * Emmulate GNU diff's format.
+ * Header: @@ -382,8 +481,9 @@
+ * Indicies are printed as 1-based, not 0-based.
+ * @return {string} The GNU diff string.
+ */
+diff_match_patch.patch_obj.prototype.toString = function() {
+  var coords1, coords2;
+  if (this.length1 === 0) {
+    coords1 = this.start1 + ',0';
+  } else if (this.length1 == 1) {
+    coords1 = this.start1 + 1;
+  } else {
+    coords1 = (this.start1 + 1) + ',' + this.length1;
+  }
+  if (this.length2 === 0) {
+    coords2 = this.start2 + ',0';
+  } else if (this.length2 == 1) {
+    coords2 = this.start2 + 1;
+  } else {
+    coords2 = (this.start2 + 1) + ',' + this.length2;
+  }
+  var text = ['@@ -' + coords1 + ' +' + coords2 + ' @@\n'];
+  var op;
+  // Escape the body of the patch with %xx notation.
+  for (var x = 0; x < this.diffs.length; x++) {
+    switch (this.diffs[x][0]) {
+      case DIFF_INSERT:
+        op = '+';
+        break;
+      case DIFF_DELETE:
+        op = '-';
+        break;
+      case DIFF_EQUAL:
+        op = ' ';
+        break;
+    }
+    text[x + 1] = op + encodeURI(this.diffs[x][1]) + '\n';
+  }
+  return text.join('').replace(/%20/g, ' ');
+};
+
+
+// Export these global variables so that they survive Google's JS compiler.
+// In a browser, 'this' will be 'window'.
+// Users of node.js should 'require' the uncompressed version since Google's
+// JS compiler may break the following exports for non-browser environments.
+this['diff_match_patch'] = diff_match_patch;
+this['DIFF_DELETE'] = DIFF_DELETE;
+this['DIFF_INSERT'] = DIFF_INSERT;
+this['DIFF_EQUAL'] = DIFF_EQUAL;
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/html5shiv.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/html5shiv.js
new file mode 100644
index 0000000..d074da7
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/html5shiv.js
@@ -0,0 +1,301 @@
+/**
+* @preserve HTML5 Shiv v3.7.0 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed
+*/
+;(function(window, document) {
+/*jshint evil:true */
+  /** version */
+  var version = '3.7.0';
+
+  /** Preset options */
+  var options = window.html5 || {};
+
+  /** Used to skip problem elements */
+  var reSkip = /^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i;
+
+  /** Not all elements can be cloned in IE **/
+  var saveClones = /^(?:a|b|code|div|fieldset|h1|h2|h3|h4|h5|h6|i|label|li|ol|p|q|span|strong|style|table|tbody|td|th|tr|ul)$/i;
+
+  /** Detect whether the browser supports default html5 styles */
+  var supportsHtml5Styles;
+
+  /** Name of the expando, to work with multiple documents or to re-shiv one document */
+  var expando = '_html5shiv';
+
+  /** The id for the the documents expando */
+  var expanID = 0;
+
+  /** Cached data for each document */
+  var expandoData = {};
+
+  /** Detect whether the browser supports unknown elements */
+  var supportsUnknownElements;
+
+  (function() {
+    try {
+        var a = document.createElement('a');
+        a.innerHTML = '<xyz></xyz>';
+        //if the hidden property is implemented we can assume, that the browser supports basic HTML5 Styles
+        supportsHtml5Styles = ('hidden' in a);
+
+        supportsUnknownElements = a.childNodes.length == 1 || (function() {
+          // assign a false positive if unable to shiv
+          (document.createElement)('a');
+          var frag = document.createDocumentFragment();
+          return (
+            typeof frag.cloneNode == 'undefined' ||
+            typeof frag.createDocumentFragment == 'undefined' ||
+            typeof frag.createElement == 'undefined'
+          );
+        }());
+    } catch(e) {
+      // assign a false positive if detection fails => unable to shiv
+      supportsHtml5Styles = true;
+      supportsUnknownElements = true;
+    }
+
+  }());
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * Creates a style sheet with the given CSS text and adds it to the document.
+   * @private
+   * @param {Document} ownerDocument The document.
+   * @param {String} cssText The CSS text.
+   * @returns {StyleSheet} The style element.
+   */
+  function addStyleSheet(ownerDocument, cssText) {
+    var p = ownerDocument.createElement('p'),
+        parent = ownerDocument.getElementsByTagName('head')[0] || ownerDocument.documentElement;
+
+    p.innerHTML = 'x<style>' + cssText + '</style>';
+    return parent.insertBefore(p.lastChild, parent.firstChild);
+  }
+
+  /**
+   * Returns the value of `html5.elements` as an array.
+   * @private
+   * @returns {Array} An array of shived element node names.
+   */
+  function getElements() {
+    var elements = html5.elements;
+    return typeof elements == 'string' ? elements.split(' ') : elements;
+  }
+
+    /**
+   * Returns the data associated to the given document
+   * @private
+   * @param {Document} ownerDocument The document.
+   * @returns {Object} An object of data.
+   */
+  function getExpandoData(ownerDocument) {
+    var data = expandoData[ownerDocument[expando]];
+    if (!data) {
+        data = {};
+        expanID++;
+        ownerDocument[expando] = expanID;
+        expandoData[expanID] = data;
+    }
+    return data;
+  }
+
+  /**
+   * returns a shived element for the given nodeName and document
+   * @memberOf html5
+   * @param {String} nodeName name of the element
+   * @param {Document} ownerDocument The context document.
+   * @returns {Object} The shived element.
+   */
+  function createElement(nodeName, ownerDocument, data){
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    if(supportsUnknownElements){
+        return ownerDocument.createElement(nodeName);
+    }
+    if (!data) {
+        data = getExpandoData(ownerDocument);
+    }
+    var node;
+
+    if (data.cache[nodeName]) {
+        node = data.cache[nodeName].cloneNode();
+    } else if (saveClones.test(nodeName)) {
+        node = (data.cache[nodeName] = data.createElem(nodeName)).cloneNode();
+    } else {
+        node = data.createElem(nodeName);
+    }
+
+    // Avoid adding some elements to fragments in IE < 9 because
+    // * Attributes like `name` or `type` cannot be set/changed once an element
+    //   is inserted into a document/fragment
+    // * Link elements with `src` attributes that are inaccessible, as with
+    //   a 403 response, will cause the tab/window to crash
+    // * Script elements appended to fragments will execute when their `src`
+    //   or `text` property is set
+    return node.canHaveChildren && !reSkip.test(nodeName) ? data.frag.appendChild(node) : node;
+  }
+
+  /**
+   * returns a shived DocumentFragment for the given document
+   * @memberOf html5
+   * @param {Document} ownerDocument The context document.
+   * @returns {Object} The shived DocumentFragment.
+   */
+  function createDocumentFragment(ownerDocument, data){
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    if(supportsUnknownElements){
+        return ownerDocument.createDocumentFragment();
+    }
+    data = data || getExpandoData(ownerDocument);
+    var clone = data.frag.cloneNode(),
+        i = 0,
+        elems = getElements(),
+        l = elems.length;
+    for(;i<l;i++){
+        clone.createElement(elems[i]);
+    }
+    return clone;
+  }
+
+  /**
+   * Shivs the `createElement` and `createDocumentFragment` methods of the document.
+   * @private
+   * @param {Document|DocumentFragment} ownerDocument The document.
+   * @param {Object} data of the document.
+   */
+  function shivMethods(ownerDocument, data) {
+    if (!data.cache) {
+        data.cache = {};
+        data.createElem = ownerDocument.createElement;
+        data.createFrag = ownerDocument.createDocumentFragment;
+        data.frag = data.createFrag();
+    }
+
+
+    ownerDocument.createElement = function(nodeName) {
+      //abort shiv
+      if (!html5.shivMethods) {
+          return data.createElem(nodeName);
+      }
+      return createElement(nodeName, ownerDocument, data);
+    };
+
+    ownerDocument.createDocumentFragment = Function('h,f', 'return function(){' +
+      'var n=f.cloneNode(),c=n.createElement;' +
+      'h.shivMethods&&(' +
+        // unroll the `createElement` calls
+        getElements().join().replace(/[\w\-]+/g, function(nodeName) {
+          data.createElem(nodeName);
+          data.frag.createElement(nodeName);
+          return 'c("' + nodeName + '")';
+        }) +
+      ');return n}'
+    )(html5, data.frag);
+  }
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * Shivs the given document.
+   * @memberOf html5
+   * @param {Document} ownerDocument The document to shiv.
+   * @returns {Document} The shived document.
+   */
+  function shivDocument(ownerDocument) {
+    if (!ownerDocument) {
+        ownerDocument = document;
+    }
+    var data = getExpandoData(ownerDocument);
+
+    if (html5.shivCSS && !supportsHtml5Styles && !data.hasCSS) {
+      data.hasCSS = !!addStyleSheet(ownerDocument,
+        // corrects block display not defined in IE6/7/8/9
+        'article,aside,dialog,figcaption,figure,footer,header,hgroup,main,nav,section{display:block}' +
+        // adds styling not present in IE6/7/8/9
+        'mark{background:#FF0;color:#000}' +
+        // hides non-rendered elements
+        'template{display:none}'
+      );
+    }
+    if (!supportsUnknownElements) {
+      shivMethods(ownerDocument, data);
+    }
+    return ownerDocument;
+  }
+
+  /*--------------------------------------------------------------------------*/
+
+  /**
+   * The `html5` object is exposed so that more elements can be shived and
+   * existing shiving can be detected on iframes.
+   * @type Object
+   * @example
+   *
+   * // options can be changed before the script is included
+   * html5 = { 'elements': 'mark section', 'shivCSS': false, 'shivMethods': false };
+   */
+  var html5 = {
+
+    /**
+     * An array or space separated string of node names of the elements to shiv.
+     * @memberOf html5
+     * @type Array|String
+     */
+    'elements': options.elements || 'abbr article aside audio bdi canvas data datalist details dialog figcaption figure footer header hgroup main mark meter nav output progress section summary template time video',
+
+    /**
+     * current version of html5shiv
+     */
+    'version': version,
+
+    /**
+     * A flag to indicate that the HTML5 style sheet should be inserted.
+     * @memberOf html5
+     * @type Boolean
+     */
+    'shivCSS': (options.shivCSS !== false),
+
+    /**
+     * Is equal to true if a browser supports creating unknown/HTML5 elements
+     * @memberOf html5
+     * @type boolean
+     */
+    'supportsUnknownElements': supportsUnknownElements,
+
+    /**
+     * A flag to indicate that the document's `createElement` and `createDocumentFragment`
+     * methods should be overwritten.
+     * @memberOf html5
+     * @type Boolean
+     */
+    'shivMethods': (options.shivMethods !== false),
+
+    /**
+     * A string to describe the type of `html5` object ("default" or "default print").
+     * @memberOf html5
+     * @type String
+     */
+    'type': 'default',
+
+    // shivs the document according to the specified `html5` object options
+    'shivDocument': shivDocument,
+
+    //creates a shived element
+    createElement: createElement,
+
+    //creates a shived documentFragment
+    createDocumentFragment: createDocumentFragment
+  };
+
+  /*--------------------------------------------------------------------------*/
+
+  // expose html5
+  window.html5 = html5;
+
+  // shiv the document
+  shivDocument(document);
+
+}(this, document));
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery-ui.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery-ui.js
new file mode 100644
index 0000000..5e24f39
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery-ui.js
@@ -0,0 +1,4980 @@
+/*! jQuery UI - v1.10.3 - 2013-10-16
+* http://jqueryui.com
+* Includes: jquery.ui.core.js, jquery.ui.widget.js, jquery.ui.mouse.js, jquery.ui.datepicker.js, jquery.ui.slider.js, jquery.ui.effect.js, jquery.ui.effect-highlight.js
+* Copyright 2013 jQuery Foundation and other contributors; Licensed MIT */
+
+(function( $, undefined ) {
+
+var uuid = 0,
+	runiqueId = /^ui-id-\d+$/;
+
+// $.ui might exist from components with no dependencies, e.g., $.ui.position
+$.ui = $.ui || {};
+
+$.extend( $.ui, {
+	version: "1.10.3",
+
+	keyCode: {
+		BACKSPACE: 8,
+		COMMA: 188,
+		DELETE: 46,
+		DOWN: 40,
+		END: 35,
+		ENTER: 13,
+		ESCAPE: 27,
+		HOME: 36,
+		LEFT: 37,
+		NUMPAD_ADD: 107,
+		NUMPAD_DECIMAL: 110,
+		NUMPAD_DIVIDE: 111,
+		NUMPAD_ENTER: 108,
+		NUMPAD_MULTIPLY: 106,
+		NUMPAD_SUBTRACT: 109,
+		PAGE_DOWN: 34,
+		PAGE_UP: 33,
+		PERIOD: 190,
+		RIGHT: 39,
+		SPACE: 32,
+		TAB: 9,
+		UP: 38
+	}
+});
+
+// plugins
+$.fn.extend({
+	focus: (function( orig ) {
+		return function( delay, fn ) {
+			return typeof delay === "number" ?
+				this.each(function() {
+					var elem = this;
+					setTimeout(function() {
+						$( elem ).focus();
+						if ( fn ) {
+							fn.call( elem );
+						}
+					}, delay );
+				}) :
+				orig.apply( this, arguments );
+		};
+	})( $.fn.focus ),
+
+	scrollParent: function() {
+		var scrollParent;
+		if (($.ui.ie && (/(static|relative)/).test(this.css("position"))) || (/absolute/).test(this.css("position"))) {
+			scrollParent = this.parents().filter(function() {
+				return (/(relative|absolute|fixed)/).test($.css(this,"position")) && (/(auto|scroll)/).test($.css(this,"overflow")+$.css(this,"overflow-y")+$.css(this,"overflow-x"));
+			}).eq(0);
+		} else {
+			scrollParent = this.parents().filter(function() {
+				return (/(auto|scroll)/).test($.css(this,"overflow")+$.css(this,"overflow-y")+$.css(this,"overflow-x"));
+			}).eq(0);
+		}
+
+		return (/fixed/).test(this.css("position")) || !scrollParent.length ? $(document) : scrollParent;
+	},
+
+	zIndex: function( zIndex ) {
+		if ( zIndex !== undefined ) {
+			return this.css( "zIndex", zIndex );
+		}
+
+		if ( this.length ) {
+			var elem = $( this[ 0 ] ), position, value;
+			while ( elem.length && elem[ 0 ] !== document ) {
+				// Ignore z-index if position is set to a value where z-index is ignored by the browser
+				// This makes behavior of this function consistent across browsers
+				// WebKit always returns auto if the element is positioned
+				position = elem.css( "position" );
+				if ( position === "absolute" || position === "relative" || position === "fixed" ) {
+					// IE returns 0 when zIndex is not specified
+					// other browsers return a string
+					// we ignore the case of nested elements with an explicit value of 0
+					// <div style="z-index: -10;"><div style="z-index: 0;"></div></div>
+					value = parseInt( elem.css( "zIndex" ), 10 );
+					if ( !isNaN( value ) && value !== 0 ) {
+						return value;
+					}
+				}
+				elem = elem.parent();
+			}
+		}
+
+		return 0;
+	},
+
+	uniqueId: function() {
+		return this.each(function() {
+			if ( !this.id ) {
+				this.id = "ui-id-" + (++uuid);
+			}
+		});
+	},
+
+	removeUniqueId: function() {
+		return this.each(function() {
+			if ( runiqueId.test( this.id ) ) {
+				$( this ).removeAttr( "id" );
+			}
+		});
+	}
+});
+
+// selectors
+function focusable( element, isTabIndexNotNaN ) {
+	var map, mapName, img,
+		nodeName = element.nodeName.toLowerCase();
+	if ( "area" === nodeName ) {
+		map = element.parentNode;
+		mapName = map.name;
+		if ( !element.href || !mapName || map.nodeName.toLowerCase() !== "map" ) {
+			return false;
+		}
+		img = $( "img[usemap=#" + mapName + "]" )[0];
+		return !!img && visible( img );
+	}
+	return ( /input|select|textarea|button|object/.test( nodeName ) ?
+		!element.disabled :
+		"a" === nodeName ?
+			element.href || isTabIndexNotNaN :
+			isTabIndexNotNaN) &&
+		// the element and all of its ancestors must be visible
+		visible( element );
+}
+
+function visible( element ) {
+	return $.expr.filters.visible( element ) &&
+		!$( element ).parents().addBack().filter(function() {
+			return $.css( this, "visibility" ) === "hidden";
+		}).length;
+}
+
+$.extend( $.expr[ ":" ], {
+	data: $.expr.createPseudo ?
+		$.expr.createPseudo(function( dataName ) {
+			return function( elem ) {
+				return !!$.data( elem, dataName );
+			};
+		}) :
+		// support: jQuery <1.8
+		function( elem, i, match ) {
+			return !!$.data( elem, match[ 3 ] );
+		},
+
+	focusable: function( element ) {
+		return focusable( element, !isNaN( $.attr( element, "tabindex" ) ) );
+	},
+
+	tabbable: function( element ) {
+		var tabIndex = $.attr( element, "tabindex" ),
+			isTabIndexNaN = isNaN( tabIndex );
+		return ( isTabIndexNaN || tabIndex >= 0 ) && focusable( element, !isTabIndexNaN );
+	}
+});
+
+// support: jQuery <1.8
+if ( !$( "<a>" ).outerWidth( 1 ).jquery ) {
+	$.each( [ "Width", "Height" ], function( i, name ) {
+		var side = name === "Width" ? [ "Left", "Right" ] : [ "Top", "Bottom" ],
+			type = name.toLowerCase(),
+			orig = {
+				innerWidth: $.fn.innerWidth,
+				innerHeight: $.fn.innerHeight,
+				outerWidth: $.fn.outerWidth,
+				outerHeight: $.fn.outerHeight
+			};
+
+		function reduce( elem, size, border, margin ) {
+			$.each( side, function() {
+				size -= parseFloat( $.css( elem, "padding" + this ) ) || 0;
+				if ( border ) {
+					size -= parseFloat( $.css( elem, "border" + this + "Width" ) ) || 0;
+				}
+				if ( margin ) {
+					size -= parseFloat( $.css( elem, "margin" + this ) ) || 0;
+				}
+			});
+			return size;
+		}
+
+		$.fn[ "inner" + name ] = function( size ) {
+			if ( size === undefined ) {
+				return orig[ "inner" + name ].call( this );
+			}
+
+			return this.each(function() {
+				$( this ).css( type, reduce( this, size ) + "px" );
+			});
+		};
+
+		$.fn[ "outer" + name] = function( size, margin ) {
+			if ( typeof size !== "number" ) {
+				return orig[ "outer" + name ].call( this, size );
+			}
+
+			return this.each(function() {
+				$( this).css( type, reduce( this, size, true, margin ) + "px" );
+			});
+		};
+	});
+}
+
+// support: jQuery <1.8
+if ( !$.fn.addBack ) {
+	$.fn.addBack = function( selector ) {
+		return this.add( selector == null ?
+			this.prevObject : this.prevObject.filter( selector )
+		);
+	};
+}
+
+// support: jQuery 1.6.1, 1.6.2 (http://bugs.jquery.com/ticket/9413)
+if ( $( "<a>" ).data( "a-b", "a" ).removeData( "a-b" ).data( "a-b" ) ) {
+	$.fn.removeData = (function( removeData ) {
+		return function( key ) {
+			if ( arguments.length ) {
+				return removeData.call( this, $.camelCase( key ) );
+			} else {
+				return removeData.call( this );
+			}
+		};
+	})( $.fn.removeData );
+}
+
+
+
+
+
+// deprecated
+$.ui.ie = !!/msie [\w.]+/.exec( navigator.userAgent.toLowerCase() );
+
+$.support.selectstart = "onselectstart" in document.createElement( "div" );
+$.fn.extend({
+	disableSelection: function() {
+		return this.bind( ( $.support.selectstart ? "selectstart" : "mousedown" ) +
+			".ui-disableSelection", function( event ) {
+				event.preventDefault();
+			});
+	},
+
+	enableSelection: function() {
+		return this.unbind( ".ui-disableSelection" );
+	}
+});
+
+$.extend( $.ui, {
+	// $.ui.plugin is deprecated. Use $.widget() extensions instead.
+	plugin: {
+		add: function( module, option, set ) {
+			var i,
+				proto = $.ui[ module ].prototype;
+			for ( i in set ) {
+				proto.plugins[ i ] = proto.plugins[ i ] || [];
+				proto.plugins[ i ].push( [ option, set[ i ] ] );
+			}
+		},
+		call: function( instance, name, args ) {
+			var i,
+				set = instance.plugins[ name ];
+			if ( !set || !instance.element[ 0 ].parentNode || instance.element[ 0 ].parentNode.nodeType === 11 ) {
+				return;
+			}
+
+			for ( i = 0; i < set.length; i++ ) {
+				if ( instance.options[ set[ i ][ 0 ] ] ) {
+					set[ i ][ 1 ].apply( instance.element, args );
+				}
+			}
+		}
+	},
+
+	// only used by resizable
+	hasScroll: function( el, a ) {
+
+		//If overflow is hidden, the element might have extra content, but the user wants to hide it
+		if ( $( el ).css( "overflow" ) === "hidden") {
+			return false;
+		}
+
+		var scroll = ( a && a === "left" ) ? "scrollLeft" : "scrollTop",
+			has = false;
+
+		if ( el[ scroll ] > 0 ) {
+			return true;
+		}
+
+		// TODO: determine which cases actually cause this to happen
+		// if the element doesn't have the scroll set, see if it's possible to
+		// set the scroll
+		el[ scroll ] = 1;
+		has = ( el[ scroll ] > 0 );
+		el[ scroll ] = 0;
+		return has;
+	}
+});
+
+})( jQuery );
+(function( $, undefined ) {
+
+var uuid = 0,
+	slice = Array.prototype.slice,
+	_cleanData = $.cleanData;
+$.cleanData = function( elems ) {
+	for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) {
+		try {
+			$( elem ).triggerHandler( "remove" );
+		// http://bugs.jquery.com/ticket/8235
+		} catch( e ) {}
+	}
+	_cleanData( elems );
+};
+
+$.widget = function( name, base, prototype ) {
+	var fullName, existingConstructor, constructor, basePrototype,
+		// proxiedPrototype allows the provided prototype to remain unmodified
+		// so that it can be used as a mixin for multiple widgets (#8876)
+		proxiedPrototype = {},
+		namespace = name.split( "." )[ 0 ];
+
+	name = name.split( "." )[ 1 ];
+	fullName = namespace + "-" + name;
+
+	if ( !prototype ) {
+		prototype = base;
+		base = $.Widget;
+	}
+
+	// create selector for plugin
+	$.expr[ ":" ][ fullName.toLowerCase() ] = function( elem ) {
+		return !!$.data( elem, fullName );
+	};
+
+	$[ namespace ] = $[ namespace ] || {};
+	existingConstructor = $[ namespace ][ name ];
+	constructor = $[ namespace ][ name ] = function( options, element ) {
+		// allow instantiation without "new" keyword
+		if ( !this._createWidget ) {
+			return new constructor( options, element );
+		}
+
+		// allow instantiation without initializing for simple inheritance
+		// must use "new" keyword (the code above always passes args)
+		if ( arguments.length ) {
+			this._createWidget( options, element );
+		}
+	};
+	// extend with the existing constructor to carry over any static properties
+	$.extend( constructor, existingConstructor, {
+		version: prototype.version,
+		// copy the object used to create the prototype in case we need to
+		// redefine the widget later
+		_proto: $.extend( {}, prototype ),
+		// track widgets that inherit from this widget in case this widget is
+		// redefined after a widget inherits from it
+		_childConstructors: []
+	});
+
+	basePrototype = new base();
+	// we need to make the options hash a property directly on the new instance
+	// otherwise we'll modify the options hash on the prototype that we're
+	// inheriting from
+	basePrototype.options = $.widget.extend( {}, basePrototype.options );
+	$.each( prototype, function( prop, value ) {
+		if ( !$.isFunction( value ) ) {
+			proxiedPrototype[ prop ] = value;
+			return;
+		}
+		proxiedPrototype[ prop ] = (function() {
+			var _super = function() {
+					return base.prototype[ prop ].apply( this, arguments );
+				},
+				_superApply = function( args ) {
+					return base.prototype[ prop ].apply( this, args );
+				};
+			return function() {
+				var __super = this._super,
+					__superApply = this._superApply,
+					returnValue;
+
+				this._super = _super;
+				this._superApply = _superApply;
+
+				returnValue = value.apply( this, arguments );
+
+				this._super = __super;
+				this._superApply = __superApply;
+
+				return returnValue;
+			};
+		})();
+	});
+	constructor.prototype = $.widget.extend( basePrototype, {
+		// TODO: remove support for widgetEventPrefix
+		// always use the name + a colon as the prefix, e.g., draggable:start
+		// don't prefix for widgets that aren't DOM-based
+		widgetEventPrefix: existingConstructor ? basePrototype.widgetEventPrefix : name
+	}, proxiedPrototype, {
+		constructor: constructor,
+		namespace: namespace,
+		widgetName: name,
+		widgetFullName: fullName
+	});
+
+	// If this widget is being redefined then we need to find all widgets that
+	// are inheriting from it and redefine all of them so that they inherit from
+	// the new version of this widget. We're essentially trying to replace one
+	// level in the prototype chain.
+	if ( existingConstructor ) {
+		$.each( existingConstructor._childConstructors, function( i, child ) {
+			var childPrototype = child.prototype;
+
+			// redefine the child widget using the same prototype that was
+			// originally used, but inherit from the new version of the base
+			$.widget( childPrototype.namespace + "." + childPrototype.widgetName, constructor, child._proto );
+		});
+		// remove the list of existing child constructors from the old constructor
+		// so the old child constructors can be garbage collected
+		delete existingConstructor._childConstructors;
+	} else {
+		base._childConstructors.push( constructor );
+	}
+
+	$.widget.bridge( name, constructor );
+};
+
+$.widget.extend = function( target ) {
+	var input = slice.call( arguments, 1 ),
+		inputIndex = 0,
+		inputLength = input.length,
+		key,
+		value;
+	for ( ; inputIndex < inputLength; inputIndex++ ) {
+		for ( key in input[ inputIndex ] ) {
+			value = input[ inputIndex ][ key ];
+			if ( input[ inputIndex ].hasOwnProperty( key ) && value !== undefined ) {
+				// Clone objects
+				if ( $.isPlainObject( value ) ) {
+					target[ key ] = $.isPlainObject( target[ key ] ) ?
+						$.widget.extend( {}, target[ key ], value ) :
+						// Don't extend strings, arrays, etc. with objects
+						$.widget.extend( {}, value );
+				// Copy everything else by reference
+				} else {
+					target[ key ] = value;
+				}
+			}
+		}
+	}
+	return target;
+};
+
+$.widget.bridge = function( name, object ) {
+	var fullName = object.prototype.widgetFullName || name;
+	$.fn[ name ] = function( options ) {
+		var isMethodCall = typeof options === "string",
+			args = slice.call( arguments, 1 ),
+			returnValue = this;
+
+		// allow multiple hashes to be passed on init
+		options = !isMethodCall && args.length ?
+			$.widget.extend.apply( null, [ options ].concat(args) ) :
+			options;
+
+		if ( isMethodCall ) {
+			this.each(function() {
+				var methodValue,
+					instance = $.data( this, fullName );
+				if ( !instance ) {
+					return $.error( "cannot call methods on " + name + " prior to initialization; " +
+						"attempted to call method '" + options + "'" );
+				}
+				if ( !$.isFunction( instance[options] ) || options.charAt( 0 ) === "_" ) {
+					return $.error( "no such method '" + options + "' for " + name + " widget instance" );
+				}
+				methodValue = instance[ options ].apply( instance, args );
+				if ( methodValue !== instance && methodValue !== undefined ) {
+					returnValue = methodValue && methodValue.jquery ?
+						returnValue.pushStack( methodValue.get() ) :
+						methodValue;
+					return false;
+				}
+			});
+		} else {
+			this.each(function() {
+				var instance = $.data( this, fullName );
+				if ( instance ) {
+					instance.option( options || {} )._init();
+				} else {
+					$.data( this, fullName, new object( options, this ) );
+				}
+			});
+		}
+
+		return returnValue;
+	};
+};
+
+$.Widget = function( /* options, element */ ) {};
+$.Widget._childConstructors = [];
+
+$.Widget.prototype = {
+	widgetName: "widget",
+	widgetEventPrefix: "",
+	defaultElement: "<div>",
+	options: {
+		disabled: false,
+
+		// callbacks
+		create: null
+	},
+	_createWidget: function( options, element ) {
+		element = $( element || this.defaultElement || this )[ 0 ];
+		this.element = $( element );
+		this.uuid = uuid++;
+		this.eventNamespace = "." + this.widgetName + this.uuid;
+		this.options = $.widget.extend( {},
+			this.options,
+			this._getCreateOptions(),
+			options );
+
+		this.bindings = $();
+		this.hoverable = $();
+		this.focusable = $();
+
+		if ( element !== this ) {
+			$.data( element, this.widgetFullName, this );
+			this._on( true, this.element, {
+				remove: function( event ) {
+					if ( event.target === element ) {
+						this.destroy();
+					}
+				}
+			});
+			this.document = $( element.style ?
+				// element within the document
+				element.ownerDocument :
+				// element is window or document
+				element.document || element );
+			this.window = $( this.document[0].defaultView || this.document[0].parentWindow );
+		}
+
+		this._create();
+		this._trigger( "create", null, this._getCreateEventData() );
+		this._init();
+	},
+	_getCreateOptions: $.noop,
+	_getCreateEventData: $.noop,
+	_create: $.noop,
+	_init: $.noop,
+
+	destroy: function() {
+		this._destroy();
+		// we can probably remove the unbind calls in 2.0
+		// all event bindings should go through this._on()
+		this.element
+			.unbind( this.eventNamespace )
+			// 1.9 BC for #7810
+			// TODO remove dual storage
+			.removeData( this.widgetName )
+			.removeData( this.widgetFullName )
+			// support: jquery <1.6.3
+			// http://bugs.jquery.com/ticket/9413
+			.removeData( $.camelCase( this.widgetFullName ) );
+		this.widget()
+			.unbind( this.eventNamespace )
+			.removeAttr( "aria-disabled" )
+			.removeClass(
+				this.widgetFullName + "-disabled " +
+				"ui-state-disabled" );
+
+		// clean up events and states
+		this.bindings.unbind( this.eventNamespace );
+		this.hoverable.removeClass( "ui-state-hover" );
+		this.focusable.removeClass( "ui-state-focus" );
+	},
+	_destroy: $.noop,
+
+	widget: function() {
+		return this.element;
+	},
+
+	option: function( key, value ) {
+		var options = key,
+			parts,
+			curOption,
+			i;
+
+		if ( arguments.length === 0 ) {
+			// don't return a reference to the internal hash
+			return $.widget.extend( {}, this.options );
+		}
+
+		if ( typeof key === "string" ) {
+			// handle nested keys, e.g., "foo.bar" => { foo: { bar: ___ } }
+			options = {};
+			parts = key.split( "." );
+			key = parts.shift();
+			if ( parts.length ) {
+				curOption = options[ key ] = $.widget.extend( {}, this.options[ key ] );
+				for ( i = 0; i < parts.length - 1; i++ ) {
+					curOption[ parts[ i ] ] = curOption[ parts[ i ] ] || {};
+					curOption = curOption[ parts[ i ] ];
+				}
+				key = parts.pop();
+				if ( value === undefined ) {
+					return curOption[ key ] === undefined ? null : curOption[ key ];
+				}
+				curOption[ key ] = value;
+			} else {
+				if ( value === undefined ) {
+					return this.options[ key ] === undefined ? null : this.options[ key ];
+				}
+				options[ key ] = value;
+			}
+		}
+
+		this._setOptions( options );
+
+		return this;
+	},
+	_setOptions: function( options ) {
+		var key;
+
+		for ( key in options ) {
+			this._setOption( key, options[ key ] );
+		}
+
+		return this;
+	},
+	_setOption: function( key, value ) {
+		this.options[ key ] = value;
+
+		if ( key === "disabled" ) {
+			this.widget()
+				.toggleClass( this.widgetFullName + "-disabled ui-state-disabled", !!value )
+				.attr( "aria-disabled", value );
+			this.hoverable.removeClass( "ui-state-hover" );
+			this.focusable.removeClass( "ui-state-focus" );
+		}
+
+		return this;
+	},
+
+	enable: function() {
+		return this._setOption( "disabled", false );
+	},
+	disable: function() {
+		return this._setOption( "disabled", true );
+	},
+
+	_on: function( suppressDisabledCheck, element, handlers ) {
+		var delegateElement,
+			instance = this;
+
+		// no suppressDisabledCheck flag, shuffle arguments
+		if ( typeof suppressDisabledCheck !== "boolean" ) {
+			handlers = element;
+			element = suppressDisabledCheck;
+			suppressDisabledCheck = false;
+		}
+
+		// no element argument, shuffle and use this.element
+		if ( !handlers ) {
+			handlers = element;
+			element = this.element;
+			delegateElement = this.widget();
+		} else {
+			// accept selectors, DOM elements
+			element = delegateElement = $( element );
+			this.bindings = this.bindings.add( element );
+		}
+
+		$.each( handlers, function( event, handler ) {
+			function handlerProxy() {
+				// allow widgets to customize the disabled handling
+				// - disabled as an array instead of boolean
+				// - disabled class as method for disabling individual parts
+				if ( !suppressDisabledCheck &&
+						( instance.options.disabled === true ||
+							$( this ).hasClass( "ui-state-disabled" ) ) ) {
+					return;
+				}
+				return ( typeof handler === "string" ? instance[ handler ] : handler )
+					.apply( instance, arguments );
+			}
+
+			// copy the guid so direct unbinding works
+			if ( typeof handler !== "string" ) {
+				handlerProxy.guid = handler.guid =
+					handler.guid || handlerProxy.guid || $.guid++;
+			}
+
+			var match = event.match( /^(\w+)\s*(.*)$/ ),
+				eventName = match[1] + instance.eventNamespace,
+				selector = match[2];
+			if ( selector ) {
+				delegateElement.delegate( selector, eventName, handlerProxy );
+			} else {
+				element.bind( eventName, handlerProxy );
+			}
+		});
+	},
+
+	_off: function( element, eventName ) {
+		eventName = (eventName || "").split( " " ).join( this.eventNamespace + " " ) + this.eventNamespace;
+		element.unbind( eventName ).undelegate( eventName );
+	},
+
+	_delay: function( handler, delay ) {
+		function handlerProxy() {
+			return ( typeof handler === "string" ? instance[ handler ] : handler )
+				.apply( instance, arguments );
+		}
+		var instance = this;
+		return setTimeout( handlerProxy, delay || 0 );
+	},
+
+	_hoverable: function( element ) {
+		this.hoverable = this.hoverable.add( element );
+		this._on( element, {
+			mouseenter: function( event ) {
+				$( event.currentTarget ).addClass( "ui-state-hover" );
+			},
+			mouseleave: function( event ) {
+				$( event.currentTarget ).removeClass( "ui-state-hover" );
+			}
+		});
+	},
+
+	_focusable: function( element ) {
+		this.focusable = this.focusable.add( element );
+		this._on( element, {
+			focusin: function( event ) {
+				$( event.currentTarget ).addClass( "ui-state-focus" );
+			},
+			focusout: function( event ) {
+				$( event.currentTarget ).removeClass( "ui-state-focus" );
+			}
+		});
+	},
+
+	_trigger: function( type, event, data ) {
+		var prop, orig,
+			callback = this.options[ type ];
+
+		data = data || {};
+		event = $.Event( event );
+		event.type = ( type === this.widgetEventPrefix ?
+			type :
+			this.widgetEventPrefix + type ).toLowerCase();
+		// the original event may come from any element
+		// so we need to reset the target on the new event
+		event.target = this.element[ 0 ];
+
+		// copy original event properties over to the new event
+		orig = event.originalEvent;
+		if ( orig ) {
+			for ( prop in orig ) {
+				if ( !( prop in event ) ) {
+					event[ prop ] = orig[ prop ];
+				}
+			}
+		}
+
+		this.element.trigger( event, data );
+		return !( $.isFunction( callback ) &&
+			callback.apply( this.element[0], [ event ].concat( data ) ) === false ||
+			event.isDefaultPrevented() );
+	}
+};
+
+$.each( { show: "fadeIn", hide: "fadeOut" }, function( method, defaultEffect ) {
+	$.Widget.prototype[ "_" + method ] = function( element, options, callback ) {
+		if ( typeof options === "string" ) {
+			options = { effect: options };
+		}
+		var hasOptions,
+			effectName = !options ?
+				method :
+				options === true || typeof options === "number" ?
+					defaultEffect :
+					options.effect || defaultEffect;
+		options = options || {};
+		if ( typeof options === "number" ) {
+			options = { duration: options };
+		}
+		hasOptions = !$.isEmptyObject( options );
+		options.complete = callback;
+		if ( options.delay ) {
+			element.delay( options.delay );
+		}
+		if ( hasOptions && $.effects && $.effects.effect[ effectName ] ) {
+			element[ method ]( options );
+		} else if ( effectName !== method && element[ effectName ] ) {
+			element[ effectName ]( options.duration, options.easing, callback );
+		} else {
+			element.queue(function( next ) {
+				$( this )[ method ]();
+				if ( callback ) {
+					callback.call( element[ 0 ] );
+				}
+				next();
+			});
+		}
+	};
+});
+
+})( jQuery );
+(function( $, undefined ) {
+
+var mouseHandled = false;
+$( document ).mouseup( function() {
+	mouseHandled = false;
+});
+
+$.widget("ui.mouse", {
+	version: "1.10.3",
+	options: {
+		cancel: "input,textarea,button,select,option",
+		distance: 1,
+		delay: 0
+	},
+	_mouseInit: function() {
+		var that = this;
+
+		this.element
+			.bind("mousedown."+this.widgetName, function(event) {
+				return that._mouseDown(event);
+			})
+			.bind("click."+this.widgetName, function(event) {
+				if (true === $.data(event.target, that.widgetName + ".preventClickEvent")) {
+					$.removeData(event.target, that.widgetName + ".preventClickEvent");
+					event.stopImmediatePropagation();
+					return false;
+				}
+			});
+
+		this.started = false;
+	},
+
+	// TODO: make sure destroying one instance of mouse doesn't mess with
+	// other instances of mouse
+	_mouseDestroy: function() {
+		this.element.unbind("."+this.widgetName);
+		if ( this._mouseMoveDelegate ) {
+			$(document)
+				.unbind("mousemove."+this.widgetName, this._mouseMoveDelegate)
+				.unbind("mouseup."+this.widgetName, this._mouseUpDelegate);
+		}
+	},
+
+	_mouseDown: function(event) {
+		// don't let more than one widget handle mouseStart
+		if( mouseHandled ) { return; }
+
+		// we may have missed mouseup (out of window)
+		(this._mouseStarted && this._mouseUp(event));
+
+		this._mouseDownEvent = event;
+
+		var that = this,
+			btnIsLeft = (event.which === 1),
+			// event.target.nodeName works around a bug in IE 8 with
+			// disabled inputs (#7620)
+			elIsCancel = (typeof this.options.cancel === "string" && event.target.nodeName ? $(event.target).closest(this.options.cancel).length : false);
+		if (!btnIsLeft || elIsCancel || !this._mouseCapture(event)) {
+			return true;
+		}
+
+		this.mouseDelayMet = !this.options.delay;
+		if (!this.mouseDelayMet) {
+			this._mouseDelayTimer = setTimeout(function() {
+				that.mouseDelayMet = true;
+			}, this.options.delay);
+		}
+
+		if (this._mouseDistanceMet(event) && this._mouseDelayMet(event)) {
+			this._mouseStarted = (this._mouseStart(event) !== false);
+			if (!this._mouseStarted) {
+				event.preventDefault();
+				return true;
+			}
+		}
+
+		// Click event may never have fired (Gecko & Opera)
+		if (true === $.data(event.target, this.widgetName + ".preventClickEvent")) {
+			$.removeData(event.target, this.widgetName + ".preventClickEvent");
+		}
+
+		// these delegates are required to keep context
+		this._mouseMoveDelegate = function(event) {
+			return that._mouseMove(event);
+		};
+		this._mouseUpDelegate = function(event) {
+			return that._mouseUp(event);
+		};
+		$(document)
+			.bind("mousemove."+this.widgetName, this._mouseMoveDelegate)
+			.bind("mouseup."+this.widgetName, this._mouseUpDelegate);
+
+		event.preventDefault();
+
+		mouseHandled = true;
+		return true;
+	},
+
+	_mouseMove: function(event) {
+		// IE mouseup check - mouseup happened when mouse was out of window
+		if ($.ui.ie && ( !document.documentMode || document.documentMode < 9 ) && !event.button) {
+			return this._mouseUp(event);
+		}
+
+		if (this._mouseStarted) {
+			this._mouseDrag(event);
+			return event.preventDefault();
+		}
+
+		if (this._mouseDistanceMet(event) && this._mouseDelayMet(event)) {
+			this._mouseStarted =
+				(this._mouseStart(this._mouseDownEvent, event) !== false);
+			(this._mouseStarted ? this._mouseDrag(event) : this._mouseUp(event));
+		}
+
+		return !this._mouseStarted;
+	},
+
+	_mouseUp: function(event) {
+		$(document)
+			.unbind("mousemove."+this.widgetName, this._mouseMoveDelegate)
+			.unbind("mouseup."+this.widgetName, this._mouseUpDelegate);
+
+		if (this._mouseStarted) {
+			this._mouseStarted = false;
+
+			if (event.target === this._mouseDownEvent.target) {
+				$.data(event.target, this.widgetName + ".preventClickEvent", true);
+			}
+
+			this._mouseStop(event);
+		}
+
+		return false;
+	},
+
+	_mouseDistanceMet: function(event) {
+		return (Math.max(
+				Math.abs(this._mouseDownEvent.pageX - event.pageX),
+				Math.abs(this._mouseDownEvent.pageY - event.pageY)
+			) >= this.options.distance
+		);
+	},
+
+	_mouseDelayMet: function(/* event */) {
+		return this.mouseDelayMet;
+	},
+
+	// These are placeholder methods, to be overriden by extending plugin
+	_mouseStart: function(/* event */) {},
+	_mouseDrag: function(/* event */) {},
+	_mouseStop: function(/* event */) {},
+	_mouseCapture: function(/* event */) { return true; }
+});
+
+})(jQuery);
+(function( $, undefined ) {
+
+$.extend($.ui, { datepicker: { version: "1.10.3" } });
+
+var PROP_NAME = "datepicker",
+	instActive;
+
+/* Date picker manager.
+   Use the singleton instance of this class, $.datepicker, to interact with the date picker.
+   Settings for (groups of) date pickers are maintained in an instance object,
+   allowing multiple different settings on the same page. */
+
+function Datepicker() {
+	this._curInst = null; // The current instance in use
+	this._keyEvent = false; // If the last event was a key event
+	this._disabledInputs = []; // List of date picker inputs that have been disabled
+	this._datepickerShowing = false; // True if the popup picker is showing , false if not
+	this._inDialog = false; // True if showing within a "dialog", false if not
+	this._mainDivId = "ui-datepicker-div"; // The ID of the main datepicker division
+	this._inlineClass = "ui-datepicker-inline"; // The name of the inline marker class
+	this._appendClass = "ui-datepicker-append"; // The name of the append marker class
+	this._triggerClass = "ui-datepicker-trigger"; // The name of the trigger marker class
+	this._dialogClass = "ui-datepicker-dialog"; // The name of the dialog marker class
+	this._disableClass = "ui-datepicker-disabled"; // The name of the disabled covering marker class
+	this._unselectableClass = "ui-datepicker-unselectable"; // The name of the unselectable cell marker class
+	this._currentClass = "ui-datepicker-current-day"; // The name of the current day marker class
+	this._dayOverClass = "ui-datepicker-days-cell-over"; // The name of the day hover marker class
+	this.regional = []; // Available regional settings, indexed by language code
+	this.regional[""] = { // Default regional settings
+		closeText: "Done", // Display text for close link
+		prevText: "Prev", // Display text for previous month link
+		nextText: "Next", // Display text for next month link
+		currentText: "Today", // Display text for current month link
+		monthNames: ["January","February","March","April","May","June",
+			"July","August","September","October","November","December"], // Names of months for drop-down and formatting
+		monthNamesShort: ["Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"], // For formatting
+		dayNames: ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"], // For formatting
+		dayNamesShort: ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"], // For formatting
+		dayNamesMin: ["Su","Mo","Tu","We","Th","Fr","Sa"], // Column headings for days starting at Sunday
+		weekHeader: "Wk", // Column header for week of the year
+		dateFormat: "mm/dd/yy", // See format options on parseDate
+		firstDay: 0, // The first day of the week, Sun = 0, Mon = 1, ...
+		isRTL: false, // True if right-to-left language, false if left-to-right
+		showMonthAfterYear: false, // True if the year select precedes month, false for month then year
+		yearSuffix: "" // Additional text to append to the year in the month headers
+	};
+	this._defaults = { // Global defaults for all the date picker instances
+		showOn: "focus", // "focus" for popup on focus,
+			// "button" for trigger button, or "both" for either
+		showAnim: "fadeIn", // Name of jQuery animation for popup
+		showOptions: {}, // Options for enhanced animations
+		defaultDate: null, // Used when field is blank: actual date,
+			// +/-number for offset from today, null for today
+		appendText: "", // Display text following the input box, e.g. showing the format
+		buttonText: "...", // Text for trigger button
+		buttonImage: "", // URL for trigger button image
+		buttonImageOnly: false, // True if the image appears alone, false if it appears on a button
+		hideIfNoPrevNext: false, // True to hide next/previous month links
+			// if not applicable, false to just disable them
+		navigationAsDateFormat: false, // True if date formatting applied to prev/today/next links
+		gotoCurrent: false, // True if today link goes back to current selection instead
+		changeMonth: false, // True if month can be selected directly, false if only prev/next
+		changeYear: false, // True if year can be selected directly, false if only prev/next
+		yearRange: "c-10:c+10", // Range of years to display in drop-down,
+			// either relative to today's year (-nn:+nn), relative to currently displayed year
+			// (c-nn:c+nn), absolute (nnnn:nnnn), or a combination of the above (nnnn:-n)
+		showOtherMonths: false, // True to show dates in other months, false to leave blank
+		selectOtherMonths: false, // True to allow selection of dates in other months, false for unselectable
+		showWeek: false, // True to show week of the year, false to not show it
+		calculateWeek: this.iso8601Week, // How to calculate the week of the year,
+			// takes a Date and returns the number of the week for it
+		shortYearCutoff: "+10", // Short year values < this are in the current century,
+			// > this are in the previous century,
+			// string value starting with "+" for current year + value
+		minDate: null, // The earliest selectable date, or null for no limit
+		maxDate: null, // The latest selectable date, or null for no limit
+		duration: "fast", // Duration of display/closure
+		beforeShowDay: null, // Function that takes a date and returns an array with
+			// [0] = true if selectable, false if not, [1] = custom CSS class name(s) or "",
+			// [2] = cell title (optional), e.g. $.datepicker.noWeekends
+		beforeShow: null, // Function that takes an input field and
+			// returns a set of custom settings for the date picker
+		onSelect: null, // Define a callback function when a date is selected
+		onChangeMonthYear: null, // Define a callback function when the month or year is changed
+		onClose: null, // Define a callback function when the datepicker is closed
+		numberOfMonths: 1, // Number of months to show at a time
+		showCurrentAtPos: 0, // The position in multipe months at which to show the current month (starting at 0)
+		stepMonths: 1, // Number of months to step back/forward
+		stepBigMonths: 12, // Number of months to step back/forward for the big links
+		altField: "", // Selector for an alternate field to store selected dates into
+		altFormat: "", // The date format to use for the alternate field
+		constrainInput: true, // The input is constrained by the current date format
+		showButtonPanel: false, // True to show button panel, false to not show it
+		autoSize: false, // True to size the input for the date format, false to leave as is
+		disabled: false // The initial disabled state
+	};
+	$.extend(this._defaults, this.regional[""]);
+	this.dpDiv = bindHover($("<div id='" + this._mainDivId + "' class='ui-datepicker ui-widget ui-widget-content ui-helper-clearfix ui-corner-all'></div>"));
+}
+
+$.extend(Datepicker.prototype, {
+	/* Class name added to elements to indicate already configured with a date picker. */
+	markerClassName: "hasDatepicker",
+
+	//Keep track of the maximum number of rows displayed (see #7043)
+	maxRows: 4,
+
+	// TODO rename to "widget" when switching to widget factory
+	_widgetDatepicker: function() {
+		return this.dpDiv;
+	},
+
+	/* Override the default settings for all instances of the date picker.
+	 * @param  settings  object - the new settings to use as defaults (anonymous object)
+	 * @return the manager object
+	 */
+	setDefaults: function(settings) {
+		extendRemove(this._defaults, settings || {});
+		return this;
+	},
+
+	/* Attach the date picker to a jQuery selection.
+	 * @param  target	element - the target input field or division or span
+	 * @param  settings  object - the new settings to use for this date picker instance (anonymous)
+	 */
+	_attachDatepicker: function(target, settings) {
+		var nodeName, inline, inst;
+		nodeName = target.nodeName.toLowerCase();
+		inline = (nodeName === "div" || nodeName === "span");
+		if (!target.id) {
+			this.uuid += 1;
+			target.id = "dp" + this.uuid;
+		}
+		inst = this._newInst($(target), inline);
+		inst.settings = $.extend({}, settings || {});
+		if (nodeName === "input") {
+			this._connectDatepicker(target, inst);
+		} else if (inline) {
+			this._inlineDatepicker(target, inst);
+		}
+	},
+
+	/* Create a new instance object. */
+	_newInst: function(target, inline) {
+		var id = target[0].id.replace(/([^A-Za-z0-9_\-])/g, "\\\\$1"); // escape jQuery meta chars
+		return {id: id, input: target, // associated target
+			selectedDay: 0, selectedMonth: 0, selectedYear: 0, // current selection
+			drawMonth: 0, drawYear: 0, // month being drawn
+			inline: inline, // is datepicker inline or not
+			dpDiv: (!inline ? this.dpDiv : // presentation div
+			bindHover($("<div class='" + this._inlineClass + " ui-datepicker ui-widget ui-widget-content ui-helper-clearfix ui-corner-all'></div>")))};
+	},
+
+	/* Attach the date picker to an input field. */
+	_connectDatepicker: function(target, inst) {
+		var input = $(target);
+		inst.append = $([]);
+		inst.trigger = $([]);
+		if (input.hasClass(this.markerClassName)) {
+			return;
+		}
+		this._attachments(input, inst);
+		input.addClass(this.markerClassName).keydown(this._doKeyDown).
+			keypress(this._doKeyPress).keyup(this._doKeyUp);
+		this._autoSize(inst);
+		$.data(target, PROP_NAME, inst);
+		//If disabled option is true, disable the datepicker once it has been attached to the input (see ticket #5665)
+		if( inst.settings.disabled ) {
+			this._disableDatepicker( target );
+		}
+	},
+
+	/* Make attachments based on settings. */
+	_attachments: function(input, inst) {
+		var showOn, buttonText, buttonImage,
+			appendText = this._get(inst, "appendText"),
+			isRTL = this._get(inst, "isRTL");
+
+		if (inst.append) {
+			inst.append.remove();
+		}
+		if (appendText) {
+			inst.append = $("<span class='" + this._appendClass + "'>" + appendText + "</span>");
+			input[isRTL ? "before" : "after"](inst.append);
+		}
+
+		input.unbind("focus", this._showDatepicker);
+
+		if (inst.trigger) {
+			inst.trigger.remove();
+		}
+
+		showOn = this._get(inst, "showOn");
+		if (showOn === "focus" || showOn === "both") { // pop-up date picker when in the marked field
+			input.focus(this._showDatepicker);
+		}
+		if (showOn === "button" || showOn === "both") { // pop-up date picker when button clicked
+			buttonText = this._get(inst, "buttonText");
+			buttonImage = this._get(inst, "buttonImage");
+			inst.trigger = $(this._get(inst, "buttonImageOnly") ?
+				$("<img/>").addClass(this._triggerClass).
+					attr({ src: buttonImage, alt: buttonText, title: buttonText }) :
+				$("<button type='button'></button>").addClass(this._triggerClass).
+					html(!buttonImage ? buttonText : $("<img/>").attr(
+					{ src:buttonImage, alt:buttonText, title:buttonText })));
+			input[isRTL ? "before" : "after"](inst.trigger);
+			inst.trigger.click(function() {
+				if ($.datepicker._datepickerShowing && $.datepicker._lastInput === input[0]) {
+					$.datepicker._hideDatepicker();
+				} else if ($.datepicker._datepickerShowing && $.datepicker._lastInput !== input[0]) {
+					$.datepicker._hideDatepicker();
+					$.datepicker._showDatepicker(input[0]);
+				} else {
+					$.datepicker._showDatepicker(input[0]);
+				}
+				return false;
+			});
+		}
+	},
+
+	/* Apply the maximum length for the date format. */
+	_autoSize: function(inst) {
+		if (this._get(inst, "autoSize") && !inst.inline) {
+			var findMax, max, maxI, i,
+				date = new Date(2009, 12 - 1, 20), // Ensure double digits
+				dateFormat = this._get(inst, "dateFormat");
+
+			if (dateFormat.match(/[DM]/)) {
+				findMax = function(names) {
+					max = 0;
+					maxI = 0;
+					for (i = 0; i < names.length; i++) {
+						if (names[i].length > max) {
+							max = names[i].length;
+							maxI = i;
+						}
+					}
+					return maxI;
+				};
+				date.setMonth(findMax(this._get(inst, (dateFormat.match(/MM/) ?
+					"monthNames" : "monthNamesShort"))));
+				date.setDate(findMax(this._get(inst, (dateFormat.match(/DD/) ?
+					"dayNames" : "dayNamesShort"))) + 20 - date.getDay());
+			}
+			inst.input.attr("size", this._formatDate(inst, date).length);
+		}
+	},
+
+	/* Attach an inline date picker to a div. */
+	_inlineDatepicker: function(target, inst) {
+		var divSpan = $(target);
+		if (divSpan.hasClass(this.markerClassName)) {
+			return;
+		}
+		divSpan.addClass(this.markerClassName).append(inst.dpDiv);
+		$.data(target, PROP_NAME, inst);
+		this._setDate(inst, this._getDefaultDate(inst), true);
+		this._updateDatepicker(inst);
+		this._updateAlternate(inst);
+		//If disabled option is true, disable the datepicker before showing it (see ticket #5665)
+		if( inst.settings.disabled ) {
+			this._disableDatepicker( target );
+		}
+		// Set display:block in place of inst.dpDiv.show() which won't work on disconnected elements
+		// http://bugs.jqueryui.com/ticket/7552 - A Datepicker created on a detached div has zero height
+		inst.dpDiv.css( "display", "block" );
+	},
+
+	/* Pop-up the date picker in a "dialog" box.
+	 * @param  input element - ignored
+	 * @param  date	string or Date - the initial date to display
+	 * @param  onSelect  function - the function to call when a date is selected
+	 * @param  settings  object - update the dialog date picker instance's settings (anonymous object)
+	 * @param  pos int[2] - coordinates for the dialog's position within the screen or
+	 *					event - with x/y coordinates or
+	 *					leave empty for default (screen centre)
+	 * @return the manager object
+	 */
+	_dialogDatepicker: function(input, date, onSelect, settings, pos) {
+		var id, browserWidth, browserHeight, scrollX, scrollY,
+			inst = this._dialogInst; // internal instance
+
+		if (!inst) {
+			this.uuid += 1;
+			id = "dp" + this.uuid;
+			this._dialogInput = $("<input type='text' id='" + id +
+				"' style='position: absolute; top: -100px; width: 0px;'/>");
+			this._dialogInput.keydown(this._doKeyDown);
+			$("body").append(this._dialogInput);
+			inst = this._dialogInst = this._newInst(this._dialogInput, false);
+			inst.settings = {};
+			$.data(this._dialogInput[0], PROP_NAME, inst);
+		}
+		extendRemove(inst.settings, settings || {});
+		date = (date && date.constructor === Date ? this._formatDate(inst, date) : date);
+		this._dialogInput.val(date);
+
+		this._pos = (pos ? (pos.length ? pos : [pos.pageX, pos.pageY]) : null);
+		if (!this._pos) {
+			browserWidth = document.documentElement.clientWidth;
+			browserHeight = document.documentElement.clientHeight;
+			scrollX = document.documentElement.scrollLeft || document.body.scrollLeft;
+			scrollY = document.documentElement.scrollTop || document.body.scrollTop;
+			this._pos = // should use actual width/height below
+				[(browserWidth / 2) - 100 + scrollX, (browserHeight / 2) - 150 + scrollY];
+		}
+
+		// move input on screen for focus, but hidden behind dialog
+		this._dialogInput.css("left", (this._pos[0] + 20) + "px").css("top", this._pos[1] + "px");
+		inst.settings.onSelect = onSelect;
+		this._inDialog = true;
+		this.dpDiv.addClass(this._dialogClass);
+		this._showDatepicker(this._dialogInput[0]);
+		if ($.blockUI) {
+			$.blockUI(this.dpDiv);
+		}
+		$.data(this._dialogInput[0], PROP_NAME, inst);
+		return this;
+	},
+
+	/* Detach a datepicker from its control.
+	 * @param  target	element - the target input field or division or span
+	 */
+	_destroyDatepicker: function(target) {
+		var nodeName,
+			$target = $(target),
+			inst = $.data(target, PROP_NAME);
+
+		if (!$target.hasClass(this.markerClassName)) {
+			return;
+		}
+
+		nodeName = target.nodeName.toLowerCase();
+		$.removeData(target, PROP_NAME);
+		if (nodeName === "input") {
+			inst.append.remove();
+			inst.trigger.remove();
+			$target.removeClass(this.markerClassName).
+				unbind("focus", this._showDatepicker).
+				unbind("keydown", this._doKeyDown).
+				unbind("keypress", this._doKeyPress).
+				unbind("keyup", this._doKeyUp);
+		} else if (nodeName === "div" || nodeName === "span") {
+			$target.removeClass(this.markerClassName).empty();
+		}
+	},
+
+	/* Enable the date picker to a jQuery selection.
+	 * @param  target	element - the target input field or division or span
+	 */
+	_enableDatepicker: function(target) {
+		var nodeName, inline,
+			$target = $(target),
+			inst = $.data(target, PROP_NAME);
+
+		if (!$target.hasClass(this.markerClassName)) {
+			return;
+		}
+
+		nodeName = target.nodeName.toLowerCase();
+		if (nodeName === "input") {
+			target.disabled = false;
+			inst.trigger.filter("button").
+				each(function() { this.disabled = false; }).end().
+				filter("img").css({opacity: "1.0", cursor: ""});
+		} else if (nodeName === "div" || nodeName === "span") {
+			inline = $target.children("." + this._inlineClass);
+			inline.children().removeClass("ui-state-disabled");
+			inline.find("select.ui-datepicker-month, select.ui-datepicker-year").
+				prop("disabled", false);
+		}
+		this._disabledInputs = $.map(this._disabledInputs,
+			function(value) { return (value === target ? null : value); }); // delete entry
+	},
+
+	/* Disable the date picker to a jQuery selection.
+	 * @param  target	element - the target input field or division or span
+	 */
+	_disableDatepicker: function(target) {
+		var nodeName, inline,
+			$target = $(target),
+			inst = $.data(target, PROP_NAME);
+
+		if (!$target.hasClass(this.markerClassName)) {
+			return;
+		}
+
+		nodeName = target.nodeName.toLowerCase();
+		if (nodeName === "input") {
+			target.disabled = true;
+			inst.trigger.filter("button").
+				each(function() { this.disabled = true; }).end().
+				filter("img").css({opacity: "0.5", cursor: "default"});
+		} else if (nodeName === "div" || nodeName === "span") {
+			inline = $target.children("." + this._inlineClass);
+			inline.children().addClass("ui-state-disabled");
+			inline.find("select.ui-datepicker-month, select.ui-datepicker-year").
+				prop("disabled", true);
+		}
+		this._disabledInputs = $.map(this._disabledInputs,
+			function(value) { return (value === target ? null : value); }); // delete entry
+		this._disabledInputs[this._disabledInputs.length] = target;
+	},
+
+	/* Is the first field in a jQuery collection disabled as a datepicker?
+	 * @param  target	element - the target input field or division or span
+	 * @return boolean - true if disabled, false if enabled
+	 */
+	_isDisabledDatepicker: function(target) {
+		if (!target) {
+			return false;
+		}
+		for (var i = 0; i < this._disabledInputs.length; i++) {
+			if (this._disabledInputs[i] === target) {
+				return true;
+			}
+		}
+		return false;
+	},
+
+	/* Retrieve the instance data for the target control.
+	 * @param  target  element - the target input field or division or span
+	 * @return  object - the associated instance data
+	 * @throws  error if a jQuery problem getting data
+	 */
+	_getInst: function(target) {
+		try {
+			return $.data(target, PROP_NAME);
+		}
+		catch (err) {
+			throw "Missing instance data for this datepicker";
+		}
+	},
+
+	/* Update or retrieve the settings for a date picker attached to an input field or division.
+	 * @param  target  element - the target input field or division or span
+	 * @param  name	object - the new settings to update or
+	 *				string - the name of the setting to change or retrieve,
+	 *				when retrieving also "all" for all instance settings or
+	 *				"defaults" for all global defaults
+	 * @param  value   any - the new value for the setting
+	 *				(omit if above is an object or to retrieve a value)
+	 */
+	_optionDatepicker: function(target, name, value) {
+		var settings, date, minDate, maxDate,
+			inst = this._getInst(target);
+
+		if (arguments.length === 2 && typeof name === "string") {
+			return (name === "defaults" ? $.extend({}, $.datepicker._defaults) :
+				(inst ? (name === "all" ? $.extend({}, inst.settings) :
+				this._get(inst, name)) : null));
+		}
+
+		settings = name || {};
+		if (typeof name === "string") {
+			settings = {};
+			settings[name] = value;
+		}
+
+		if (inst) {
+			if (this._curInst === inst) {
+				this._hideDatepicker();
+			}
+
+			date = this._getDateDatepicker(target, true);
+			minDate = this._getMinMaxDate(inst, "min");
+			maxDate = this._getMinMaxDate(inst, "max");
+			extendRemove(inst.settings, settings);
+			// reformat the old minDate/maxDate values if dateFormat changes and a new minDate/maxDate isn't provided
+			if (minDate !== null && settings.dateFormat !== undefined && settings.minDate === undefined) {
+				inst.settings.minDate = this._formatDate(inst, minDate);
+			}
+			if (maxDate !== null && settings.dateFormat !== undefined && settings.maxDate === undefined) {
+				inst.settings.maxDate = this._formatDate(inst, maxDate);
+			}
+			if ( "disabled" in settings ) {
+				if ( settings.disabled ) {
+					this._disableDatepicker(target);
+				} else {
+					this._enableDatepicker(target);
+				}
+			}
+			this._attachments($(target), inst);
+			this._autoSize(inst);
+			this._setDate(inst, date);
+			this._updateAlternate(inst);
+			this._updateDatepicker(inst);
+		}
+	},
+
+	// change method deprecated
+	_changeDatepicker: function(target, name, value) {
+		this._optionDatepicker(target, name, value);
+	},
+
+	/* Redraw the date picker attached to an input field or division.
+	 * @param  target  element - the target input field or division or span
+	 */
+	_refreshDatepicker: function(target) {
+		var inst = this._getInst(target);
+		if (inst) {
+			this._updateDatepicker(inst);
+		}
+	},
+
+	/* Set the dates for a jQuery selection.
+	 * @param  target element - the target input field or division or span
+	 * @param  date	Date - the new date
+	 */
+	_setDateDatepicker: function(target, date) {
+		var inst = this._getInst(target);
+		if (inst) {
+			this._setDate(inst, date);
+			this._updateDatepicker(inst);
+			this._updateAlternate(inst);
+		}
+	},
+
+	/* Get the date(s) for the first entry in a jQuery selection.
+	 * @param  target element - the target input field or division or span
+	 * @param  noDefault boolean - true if no default date is to be used
+	 * @return Date - the current date
+	 */
+	_getDateDatepicker: function(target, noDefault) {
+		var inst = this._getInst(target);
+		if (inst && !inst.inline) {
+			this._setDateFromField(inst, noDefault);
+		}
+		return (inst ? this._getDate(inst) : null);
+	},
+
+	/* Handle keystrokes. */
+	_doKeyDown: function(event) {
+		var onSelect, dateStr, sel,
+			inst = $.datepicker._getInst(event.target),
+			handled = true,
+			isRTL = inst.dpDiv.is(".ui-datepicker-rtl");
+
+		inst._keyEvent = true;
+		if ($.datepicker._datepickerShowing) {
+			switch (event.keyCode) {
+				case 9: $.datepicker._hideDatepicker();
+						handled = false;
+						break; // hide on tab out
+				case 13: sel = $("td." + $.datepicker._dayOverClass + ":not(." +
+									$.datepicker._currentClass + ")", inst.dpDiv);
+						if (sel[0]) {
+							$.datepicker._selectDay(event.target, inst.selectedMonth, inst.selectedYear, sel[0]);
+						}
+
+						onSelect = $.datepicker._get(inst, "onSelect");
+						if (onSelect) {
+							dateStr = $.datepicker._formatDate(inst);
+
+							// trigger custom callback
+							onSelect.apply((inst.input ? inst.input[0] : null), [dateStr, inst]);
+						} else {
+							$.datepicker._hideDatepicker();
+						}
+
+						return false; // don't submit the form
+				case 27: $.datepicker._hideDatepicker();
+						break; // hide on escape
+				case 33: $.datepicker._adjustDate(event.target, (event.ctrlKey ?
+							-$.datepicker._get(inst, "stepBigMonths") :
+							-$.datepicker._get(inst, "stepMonths")), "M");
+						break; // previous month/year on page up/+ ctrl
+				case 34: $.datepicker._adjustDate(event.target, (event.ctrlKey ?
+							+$.datepicker._get(inst, "stepBigMonths") :
+							+$.datepicker._get(inst, "stepMonths")), "M");
+						break; // next month/year on page down/+ ctrl
+				case 35: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._clearDate(event.target);
+						}
+						handled = event.ctrlKey || event.metaKey;
+						break; // clear on ctrl or command +end
+				case 36: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._gotoToday(event.target);
+						}
+						handled = event.ctrlKey || event.metaKey;
+						break; // current on ctrl or command +home
+				case 37: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._adjustDate(event.target, (isRTL ? +1 : -1), "D");
+						}
+						handled = event.ctrlKey || event.metaKey;
+						// -1 day on ctrl or command +left
+						if (event.originalEvent.altKey) {
+							$.datepicker._adjustDate(event.target, (event.ctrlKey ?
+								-$.datepicker._get(inst, "stepBigMonths") :
+								-$.datepicker._get(inst, "stepMonths")), "M");
+						}
+						// next month/year on alt +left on Mac
+						break;
+				case 38: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._adjustDate(event.target, -7, "D");
+						}
+						handled = event.ctrlKey || event.metaKey;
+						break; // -1 week on ctrl or command +up
+				case 39: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._adjustDate(event.target, (isRTL ? -1 : +1), "D");
+						}
+						handled = event.ctrlKey || event.metaKey;
+						// +1 day on ctrl or command +right
+						if (event.originalEvent.altKey) {
+							$.datepicker._adjustDate(event.target, (event.ctrlKey ?
+								+$.datepicker._get(inst, "stepBigMonths") :
+								+$.datepicker._get(inst, "stepMonths")), "M");
+						}
+						// next month/year on alt +right
+						break;
+				case 40: if (event.ctrlKey || event.metaKey) {
+							$.datepicker._adjustDate(event.target, +7, "D");
+						}
+						handled = event.ctrlKey || event.metaKey;
+						break; // +1 week on ctrl or command +down
+				default: handled = false;
+			}
+		} else if (event.keyCode === 36 && event.ctrlKey) { // display the date picker on ctrl+home
+			$.datepicker._showDatepicker(this);
+		} else {
+			handled = false;
+		}
+
+		if (handled) {
+			event.preventDefault();
+			event.stopPropagation();
+		}
+	},
+
+	/* Filter entered characters - based on date format. */
+	_doKeyPress: function(event) {
+		var chars, chr,
+			inst = $.datepicker._getInst(event.target);
+
+		if ($.datepicker._get(inst, "constrainInput")) {
+			chars = $.datepicker._possibleChars($.datepicker._get(inst, "dateFormat"));
+			chr = String.fromCharCode(event.charCode == null ? event.keyCode : event.charCode);
+			return event.ctrlKey || event.metaKey || (chr < " " || !chars || chars.indexOf(chr) > -1);
+		}
+	},
+
+	/* Synchronise manual entry and field/alternate field. */
+	_doKeyUp: function(event) {
+		var date,
+			inst = $.datepicker._getInst(event.target);
+
+		if (inst.input.val() !== inst.lastVal) {
+			try {
+				date = $.datepicker.parseDate($.datepicker._get(inst, "dateFormat"),
+					(inst.input ? inst.input.val() : null),
+					$.datepicker._getFormatConfig(inst));
+
+				if (date) { // only if valid
+					$.datepicker._setDateFromField(inst);
+					$.datepicker._updateAlternate(inst);
+					$.datepicker._updateDatepicker(inst);
+				}
+			}
+			catch (err) {
+			}
+		}
+		return true;
+	},
+
+	/* Pop-up the date picker for a given input field.
+	 * If false returned from beforeShow event handler do not show.
+	 * @param  input  element - the input field attached to the date picker or
+	 *					event - if triggered by focus
+	 */
+	_showDatepicker: function(input) {
+		input = input.target || input;
+		if (input.nodeName.toLowerCase() !== "input") { // find from button/image trigger
+			input = $("input", input.parentNode)[0];
+		}
+
+		if ($.datepicker._isDisabledDatepicker(input) || $.datepicker._lastInput === input) { // already here
+			return;
+		}
+
+		var inst, beforeShow, beforeShowSettings, isFixed,
+			offset, showAnim, duration;
+
+		inst = $.datepicker._getInst(input);
+		if ($.datepicker._curInst && $.datepicker._curInst !== inst) {
+			$.datepicker._curInst.dpDiv.stop(true, true);
+			if ( inst && $.datepicker._datepickerShowing ) {
+				$.datepicker._hideDatepicker( $.datepicker._curInst.input[0] );
+			}
+		}
+
+		beforeShow = $.datepicker._get(inst, "beforeShow");
+		beforeShowSettings = beforeShow ? beforeShow.apply(input, [input, inst]) : {};
+		if(beforeShowSettings === false){
+			return;
+		}
+		extendRemove(inst.settings, beforeShowSettings);
+
+		inst.lastVal = null;
+		$.datepicker._lastInput = input;
+		$.datepicker._setDateFromField(inst);
+
+		if ($.datepicker._inDialog) { // hide cursor
+			input.value = "";
+		}
+		if (!$.datepicker._pos) { // position below input
+			$.datepicker._pos = $.datepicker._findPos(input);
+			$.datepicker._pos[1] += input.offsetHeight; // add the height
+		}
+
+		isFixed = false;
+		$(input).parents().each(function() {
+			isFixed |= $(this).css("position") === "fixed";
+			return !isFixed;
+		});
+
+		offset = {left: $.datepicker._pos[0], top: $.datepicker._pos[1]};
+		$.datepicker._pos = null;
+		//to avoid flashes on Firefox
+		inst.dpDiv.empty();
+		// determine sizing offscreen
+		inst.dpDiv.css({position: "absolute", display: "block", top: "-1000px"});
+		$.datepicker._updateDatepicker(inst);
+		// fix width for dynamic number of date pickers
+		// and adjust position before showing
+		offset = $.datepicker._checkOffset(inst, offset, isFixed);
+		inst.dpDiv.css({position: ($.datepicker._inDialog && $.blockUI ?
+			"static" : (isFixed ? "fixed" : "absolute")), display: "none",
+			left: offset.left + "px", top: offset.top + "px"});
+
+		if (!inst.inline) {
+			showAnim = $.datepicker._get(inst, "showAnim");
+			duration = $.datepicker._get(inst, "duration");
+			inst.dpDiv.zIndex($(input).zIndex()+1);
+			$.datepicker._datepickerShowing = true;
+
+			if ( $.effects && $.effects.effect[ showAnim ] ) {
+				inst.dpDiv.show(showAnim, $.datepicker._get(inst, "showOptions"), duration);
+			} else {
+				inst.dpDiv[showAnim || "show"](showAnim ? duration : null);
+			}
+
+			if ( $.datepicker._shouldFocusInput( inst ) ) {
+				inst.input.focus();
+			}
+
+			$.datepicker._curInst = inst;
+		}
+	},
+
+	/* Generate the date picker content. */
+	_updateDatepicker: function(inst) {
+		this.maxRows = 4; //Reset the max number of rows being displayed (see #7043)
+		instActive = inst; // for delegate hover events
+		inst.dpDiv.empty().append(this._generateHTML(inst));
+		this._attachHandlers(inst);
+		inst.dpDiv.find("." + this._dayOverClass + " a").mouseover();
+
+		var origyearshtml,
+			numMonths = this._getNumberOfMonths(inst),
+			cols = numMonths[1],
+			width = 17;
+
+		inst.dpDiv.removeClass("ui-datepicker-multi-2 ui-datepicker-multi-3 ui-datepicker-multi-4").width("");
+		if (cols > 1) {
+			inst.dpDiv.addClass("ui-datepicker-multi-" + cols).css("width", (width * cols) + "em");
+		}
+		inst.dpDiv[(numMonths[0] !== 1 || numMonths[1] !== 1 ? "add" : "remove") +
+			"Class"]("ui-datepicker-multi");
+		inst.dpDiv[(this._get(inst, "isRTL") ? "add" : "remove") +
+			"Class"]("ui-datepicker-rtl");
+
+		if (inst === $.datepicker._curInst && $.datepicker._datepickerShowing && $.datepicker._shouldFocusInput( inst ) ) {
+			inst.input.focus();
+		}
+
+		// deffered render of the years select (to avoid flashes on Firefox)
+		if( inst.yearshtml ){
+			origyearshtml = inst.yearshtml;
+			setTimeout(function(){
+				//assure that inst.yearshtml didn't change.
+				if( origyearshtml === inst.yearshtml && inst.yearshtml ){
+					inst.dpDiv.find("select.ui-datepicker-year:first").replaceWith(inst.yearshtml);
+				}
+				origyearshtml = inst.yearshtml = null;
+			}, 0);
+		}
+	},
+
+	// #6694 - don't focus the input if it's already focused
+	// this breaks the change event in IE
+	// Support: IE and jQuery <1.9
+	_shouldFocusInput: function( inst ) {
+		return inst.input && inst.input.is( ":visible" ) && !inst.input.is( ":disabled" ) && !inst.input.is( ":focus" );
+	},
+
+	/* Check positioning to remain on screen. */
+	_checkOffset: function(inst, offset, isFixed) {
+		var dpWidth = inst.dpDiv.outerWidth(),
+			dpHeight = inst.dpDiv.outerHeight(),
+			inputWidth = inst.input ? inst.input.outerWidth() : 0,
+			inputHeight = inst.input ? inst.input.outerHeight() : 0,
+			viewWidth = document.documentElement.clientWidth + (isFixed ? 0 : $(document).scrollLeft()),
+			viewHeight = document.documentElement.clientHeight + (isFixed ? 0 : $(document).scrollTop());
+
+		offset.left -= (this._get(inst, "isRTL") ? (dpWidth - inputWidth) : 0);
+		offset.left -= (isFixed && offset.left === inst.input.offset().left) ? $(document).scrollLeft() : 0;
+		offset.top -= (isFixed && offset.top === (inst.input.offset().top + inputHeight)) ? $(document).scrollTop() : 0;
+
+		// now check if datepicker is showing outside window viewport - move to a better place if so.
+		offset.left -= Math.min(offset.left, (offset.left + dpWidth > viewWidth && viewWidth > dpWidth) ?
+			Math.abs(offset.left + dpWidth - viewWidth) : 0);
+		offset.top -= Math.min(offset.top, (offset.top + dpHeight > viewHeight && viewHeight > dpHeight) ?
+			Math.abs(dpHeight + inputHeight) : 0);
+
+		return offset;
+	},
+
+	/* Find an object's position on the screen. */
+	_findPos: function(obj) {
+		var position,
+			inst = this._getInst(obj),
+			isRTL = this._get(inst, "isRTL");
+
+		while (obj && (obj.type === "hidden" || obj.nodeType !== 1 || $.expr.filters.hidden(obj))) {
+			obj = obj[isRTL ? "previousSibling" : "nextSibling"];
+		}
+
+		position = $(obj).offset();
+		return [position.left, position.top];
+	},
+
+	/* Hide the date picker from view.
+	 * @param  input  element - the input field attached to the date picker
+	 */
+	_hideDatepicker: function(input) {
+		var showAnim, duration, postProcess, onClose,
+			inst = this._curInst;
+
+		if (!inst || (input && inst !== $.data(input, PROP_NAME))) {
+			return;
+		}
+
+		if (this._datepickerShowing) {
+			showAnim = this._get(inst, "showAnim");
+			duration = this._get(inst, "duration");
+			postProcess = function() {
+				$.datepicker._tidyDialog(inst);
+			};
+
+			// DEPRECATED: after BC for 1.8.x $.effects[ showAnim ] is not needed
+			if ( $.effects && ( $.effects.effect[ showAnim ] || $.effects[ showAnim ] ) ) {
+				inst.dpDiv.hide(showAnim, $.datepicker._get(inst, "showOptions"), duration, postProcess);
+			} else {
+				inst.dpDiv[(showAnim === "slideDown" ? "slideUp" :
+					(showAnim === "fadeIn" ? "fadeOut" : "hide"))]((showAnim ? duration : null), postProcess);
+			}
+
+			if (!showAnim) {
+				postProcess();
+			}
+			this._datepickerShowing = false;
+
+			onClose = this._get(inst, "onClose");
+			if (onClose) {
+				onClose.apply((inst.input ? inst.input[0] : null), [(inst.input ? inst.input.val() : ""), inst]);
+			}
+
+			this._lastInput = null;
+			if (this._inDialog) {
+				this._dialogInput.css({ position: "absolute", left: "0", top: "-100px" });
+				if ($.blockUI) {
+					$.unblockUI();
+					$("body").append(this.dpDiv);
+				}
+			}
+			this._inDialog = false;
+		}
+	},
+
+	/* Tidy up after a dialog display. */
+	_tidyDialog: function(inst) {
+		inst.dpDiv.removeClass(this._dialogClass).unbind(".ui-datepicker-calendar");
+	},
+
+	/* Close date picker if clicked elsewhere. */
+	_checkExternalClick: function(event) {
+		if (!$.datepicker._curInst) {
+			return;
+		}
+
+		var $target = $(event.target),
+			inst = $.datepicker._getInst($target[0]);
+
+		if ( ( ( $target[0].id !== $.datepicker._mainDivId &&
+				$target.parents("#" + $.datepicker._mainDivId).length === 0 &&
+				!$target.hasClass($.datepicker.markerClassName) &&
+				!$target.closest("." + $.datepicker._triggerClass).length &&
+				$.datepicker._datepickerShowing && !($.datepicker._inDialog && $.blockUI) ) ) ||
+			( $target.hasClass($.datepicker.markerClassName) && $.datepicker._curInst !== inst ) ) {
+				$.datepicker._hideDatepicker();
+		}
+	},
+
+	/* Adjust one of the date sub-fields. */
+	_adjustDate: function(id, offset, period) {
+		var target = $(id),
+			inst = this._getInst(target[0]);
+
+		if (this._isDisabledDatepicker(target[0])) {
+			return;
+		}
+		this._adjustInstDate(inst, offset +
+			(period === "M" ? this._get(inst, "showCurrentAtPos") : 0), // undo positioning
+			period);
+		this._updateDatepicker(inst);
+	},
+
+	/* Action for current link. */
+	_gotoToday: function(id) {
+		var date,
+			target = $(id),
+			inst = this._getInst(target[0]);
+
+		if (this._get(inst, "gotoCurrent") && inst.currentDay) {
+			inst.selectedDay = inst.currentDay;
+			inst.drawMonth = inst.selectedMonth = inst.currentMonth;
+			inst.drawYear = inst.selectedYear = inst.currentYear;
+		} else {
+			date = new Date();
+			inst.selectedDay = date.getDate();
+			inst.drawMonth = inst.selectedMonth = date.getMonth();
+			inst.drawYear = inst.selectedYear = date.getFullYear();
+		}
+		this._notifyChange(inst);
+		this._adjustDate(target);
+	},
+
+	/* Action for selecting a new month/year. */
+	_selectMonthYear: function(id, select, period) {
+		var target = $(id),
+			inst = this._getInst(target[0]);
+
+		inst["selected" + (period === "M" ? "Month" : "Year")] =
+		inst["draw" + (period === "M" ? "Month" : "Year")] =
+			parseInt(select.options[select.selectedIndex].value,10);
+
+		this._notifyChange(inst);
+		this._adjustDate(target);
+	},
+
+	/* Action for selecting a day. */
+	_selectDay: function(id, month, year, td) {
+		var inst,
+			target = $(id);
+
+		if ($(td).hasClass(this._unselectableClass) || this._isDisabledDatepicker(target[0])) {
+			return;
+		}
+
+		inst = this._getInst(target[0]);
+		inst.selectedDay = inst.currentDay = $("a", td).html();
+		inst.selectedMonth = inst.currentMonth = month;
+		inst.selectedYear = inst.currentYear = year;
+		this._selectDate(id, this._formatDate(inst,
+			inst.currentDay, inst.currentMonth, inst.currentYear));
+	},
+
+	/* Erase the input field and hide the date picker. */
+	_clearDate: function(id) {
+		var target = $(id);
+		this._selectDate(target, "");
+	},
+
+	/* Update the input field with the selected date. */
+	_selectDate: function(id, dateStr) {
+		var onSelect,
+			target = $(id),
+			inst = this._getInst(target[0]);
+
+		dateStr = (dateStr != null ? dateStr : this._formatDate(inst));
+		if (inst.input) {
+			inst.input.val(dateStr);
+		}
+		this._updateAlternate(inst);
+
+		onSelect = this._get(inst, "onSelect");
+		if (onSelect) {
+			onSelect.apply((inst.input ? inst.input[0] : null), [dateStr, inst]);  // trigger custom callback
+		} else if (inst.input) {
+			inst.input.trigger("change"); // fire the change event
+		}
+
+		if (inst.inline){
+			this._updateDatepicker(inst);
+		} else {
+			this._hideDatepicker();
+			this._lastInput = inst.input[0];
+			if (typeof(inst.input[0]) !== "object") {
+				inst.input.focus(); // restore focus
+			}
+			this._lastInput = null;
+		}
+	},
+
+	/* Update any alternate field to synchronise with the main field. */
+	_updateAlternate: function(inst) {
+		var altFormat, date, dateStr,
+			altField = this._get(inst, "altField");
+
+		if (altField) { // update alternate field too
+			altFormat = this._get(inst, "altFormat") || this._get(inst, "dateFormat");
+			date = this._getDate(inst);
+			dateStr = this.formatDate(altFormat, date, this._getFormatConfig(inst));
+			$(altField).each(function() { $(this).val(dateStr); });
+		}
+	},
+
+	/* Set as beforeShowDay function to prevent selection of weekends.
+	 * @param  date  Date - the date to customise
+	 * @return [boolean, string] - is this date selectable?, what is its CSS class?
+	 */
+	noWeekends: function(date) {
+		var day = date.getDay();
+		return [(day > 0 && day < 6), ""];
+	},
+
+	/* Set as calculateWeek to determine the week of the year based on the ISO 8601 definition.
+	 * @param  date  Date - the date to get the week for
+	 * @return  number - the number of the week within the year that contains this date
+	 */
+	iso8601Week: function(date) {
+		var time,
+			checkDate = new Date(date.getTime());
+
+		// Find Thursday of this week starting on Monday
+		checkDate.setDate(checkDate.getDate() + 4 - (checkDate.getDay() || 7));
+
+		time = checkDate.getTime();
+		checkDate.setMonth(0); // Compare with Jan 1
+		checkDate.setDate(1);
+		return Math.floor(Math.round((time - checkDate) / 86400000) / 7) + 1;
+	},
+
+	/* Parse a string value into a date object.
+	 * See formatDate below for the possible formats.
+	 *
+	 * @param  format string - the expected format of the date
+	 * @param  value string - the date in the above format
+	 * @param  settings Object - attributes include:
+	 *					shortYearCutoff  number - the cutoff year for determining the century (optional)
+	 *					dayNamesShort	string[7] - abbreviated names of the days from Sunday (optional)
+	 *					dayNames		string[7] - names of the days from Sunday (optional)
+	 *					monthNamesShort string[12] - abbreviated names of the months (optional)
+	 *					monthNames		string[12] - names of the months (optional)
+	 * @return  Date - the extracted date value or null if value is blank
+	 */
+	parseDate: function (format, value, settings) {
+		if (format == null || value == null) {
+			throw "Invalid arguments";
+		}
+
+		value = (typeof value === "object" ? value.toString() : value + "");
+		if (value === "") {
+			return null;
+		}
+
+		var iFormat, dim, extra,
+			iValue = 0,
+			shortYearCutoffTemp = (settings ? settings.shortYearCutoff : null) || this._defaults.shortYearCutoff,
+			shortYearCutoff = (typeof shortYearCutoffTemp !== "string" ? shortYearCutoffTemp :
+				new Date().getFullYear() % 100 + parseInt(shortYearCutoffTemp, 10)),
+			dayNamesShort = (settings ? settings.dayNamesShort : null) || this._defaults.dayNamesShort,
+			dayNames = (settings ? settings.dayNames : null) || this._defaults.dayNames,
+			monthNamesShort = (settings ? settings.monthNamesShort : null) || this._defaults.monthNamesShort,
+			monthNames = (settings ? settings.monthNames : null) || this._defaults.monthNames,
+			year = -1,
+			month = -1,
+			day = -1,
+			doy = -1,
+			literal = false,
+			date,
+			// Check whether a format character is doubled
+			lookAhead = function(match) {
+				var matches = (iFormat + 1 < format.length && format.charAt(iFormat + 1) === match);
+				if (matches) {
+					iFormat++;
+				}
+				return matches;
+			},
+			// Extract a number from the string value
+			getNumber = function(match) {
+				var isDoubled = lookAhead(match),
+					size = (match === "@" ? 14 : (match === "!" ? 20 :
+					(match === "y" && isDoubled ? 4 : (match === "o" ? 3 : 2)))),
+					digits = new RegExp("^\\d{1," + size + "}"),
+					num = value.substring(iValue).match(digits);
+				if (!num) {
+					throw "Missing number at position " + iValue;
+				}
+				iValue += num[0].length;
+				return parseInt(num[0], 10);
+			},
+			// Extract a name from the string value and convert to an index
+			getName = function(match, shortNames, longNames) {
+				var index = -1,
+					names = $.map(lookAhead(match) ? longNames : shortNames, function (v, k) {
+						return [ [k, v] ];
+					}).sort(function (a, b) {
+						return -(a[1].length - b[1].length);
+					});
+
+				$.each(names, function (i, pair) {
+					var name = pair[1];
+					if (value.substr(iValue, name.length).toLowerCase() === name.toLowerCase()) {
+						index = pair[0];
+						iValue += name.length;
+						return false;
+					}
+				});
+				if (index !== -1) {
+					return index + 1;
+				} else {
+					throw "Unknown name at position " + iValue;
+				}
+			},
+			// Confirm that a literal character matches the string value
+			checkLiteral = function() {
+				if (value.charAt(iValue) !== format.charAt(iFormat)) {
+					throw "Unexpected literal at position " + iValue;
+				}
+				iValue++;
+			};
+
+		for (iFormat = 0; iFormat < format.length; iFormat++) {
+			if (literal) {
+				if (format.charAt(iFormat) === "'" && !lookAhead("'")) {
+					literal = false;
+				} else {
+					checkLiteral();
+				}
+			} else {
+				switch (format.charAt(iFormat)) {
+					case "d":
+						day = getNumber("d");
+						break;
+					case "D":
+						getName("D", dayNamesShort, dayNames);
+						break;
+					case "o":
+						doy = getNumber("o");
+						break;
+					case "m":
+						month = getNumber("m");
+						break;
+					case "M":
+						month = getName("M", monthNamesShort, monthNames);
+						break;
+					case "y":
+						year = getNumber("y");
+						break;
+					case "@":
+						date = new Date(getNumber("@"));
+						year = date.getFullYear();
+						month = date.getMonth() + 1;
+						day = date.getDate();
+						break;
+					case "!":
+						date = new Date((getNumber("!") - this._ticksTo1970) / 10000);
+						year = date.getFullYear();
+						month = date.getMonth() + 1;
+						day = date.getDate();
+						break;
+					case "'":
+						if (lookAhead("'")){
+							checkLiteral();
+						} else {
+							literal = true;
+						}
+						break;
+					default:
+						checkLiteral();
+				}
+			}
+		}
+
+		if (iValue < value.length){
+			extra = value.substr(iValue);
+			if (!/^\s+/.test(extra)) {
+				throw "Extra/unparsed characters found in date: " + extra;
+			}
+		}
+
+		if (year === -1) {
+			year = new Date().getFullYear();
+		} else if (year < 100) {
+			year += new Date().getFullYear() - new Date().getFullYear() % 100 +
+				(year <= shortYearCutoff ? 0 : -100);
+		}
+
+		if (doy > -1) {
+			month = 1;
+			day = doy;
+			do {
+				dim = this._getDaysInMonth(year, month - 1);
+				if (day <= dim) {
+					break;
+				}
+				month++;
+				day -= dim;
+			} while (true);
+		}
+
+		date = this._daylightSavingAdjust(new Date(year, month - 1, day));
+		if (date.getFullYear() !== year || date.getMonth() + 1 !== month || date.getDate() !== day) {
+			throw "Invalid date"; // E.g. 31/02/00
+		}
+		return date;
+	},
+
+	/* Standard date formats. */
+	ATOM: "yy-mm-dd", // RFC 3339 (ISO 8601)
+	COOKIE: "D, dd M yy",
+	ISO_8601: "yy-mm-dd",
+	RFC_822: "D, d M y",
+	RFC_850: "DD, dd-M-y",
+	RFC_1036: "D, d M y",
+	RFC_1123: "D, d M yy",
+	RFC_2822: "D, d M yy",
+	RSS: "D, d M y", // RFC 822
+	TICKS: "!",
+	TIMESTAMP: "@",
+	W3C: "yy-mm-dd", // ISO 8601
+
+	_ticksTo1970: (((1970 - 1) * 365 + Math.floor(1970 / 4) - Math.floor(1970 / 100) +
+		Math.floor(1970 / 400)) * 24 * 60 * 60 * 10000000),
+
+	/* Format a date object into a string value.
+	 * The format can be combinations of the following:
+	 * d  - day of month (no leading zero)
+	 * dd - day of month (two digit)
+	 * o  - day of year (no leading zeros)
+	 * oo - day of year (three digit)
+	 * D  - day name short
+	 * DD - day name long
+	 * m  - month of year (no leading zero)
+	 * mm - month of year (two digit)
+	 * M  - month name short
+	 * MM - month name long
+	 * y  - year (two digit)
+	 * yy - year (four digit)
+	 * @ - Unix timestamp (ms since 01/01/1970)
+	 * ! - Windows ticks (100ns since 01/01/0001)
+	 * "..." - literal text
+	 * '' - single quote
+	 *
+	 * @param  format string - the desired format of the date
+	 * @param  date Date - the date value to format
+	 * @param  settings Object - attributes include:
+	 *					dayNamesShort	string[7] - abbreviated names of the days from Sunday (optional)
+	 *					dayNames		string[7] - names of the days from Sunday (optional)
+	 *					monthNamesShort string[12] - abbreviated names of the months (optional)
+	 *					monthNames		string[12] - names of the months (optional)
+	 * @return  string - the date in the above format
+	 */
+	formatDate: function (format, date, settings) {
+		if (!date) {
+			return "";
+		}
+
+		var iFormat,
+			dayNamesShort = (settings ? settings.dayNamesShort : null) || this._defaults.dayNamesShort,
+			dayNames = (settings ? settings.dayNames : null) || this._defaults.dayNames,
+			monthNamesShort = (settings ? settings.monthNamesShort : null) || this._defaults.monthNamesShort,
+			monthNames = (settings ? settings.monthNames : null) || this._defaults.monthNames,
+			// Check whether a format character is doubled
+			lookAhead = function(match) {
+				var matches = (iFormat + 1 < format.length && format.charAt(iFormat + 1) === match);
+				if (matches) {
+					iFormat++;
+				}
+				return matches;
+			},
+			// Format a number, with leading zero if necessary
+			formatNumber = function(match, value, len) {
+				var num = "" + value;
+				if (lookAhead(match)) {
+					while (num.length < len) {
+						num = "0" + num;
+					}
+				}
+				return num;
+			},
+			// Format a name, short or long as requested
+			formatName = function(match, value, shortNames, longNames) {
+				return (lookAhead(match) ? longNames[value] : shortNames[value]);
+			},
+			output = "",
+			literal = false;
+
+		if (date) {
+			for (iFormat = 0; iFormat < format.length; iFormat++) {
+				if (literal) {
+					if (format.charAt(iFormat) === "'" && !lookAhead("'")) {
+						literal = false;
+					} else {
+						output += format.charAt(iFormat);
+					}
+				} else {
+					switch (format.charAt(iFormat)) {
+						case "d":
+							output += formatNumber("d", date.getDate(), 2);
+							break;
+						case "D":
+							output += formatName("D", date.getDay(), dayNamesShort, dayNames);
+							break;
+						case "o":
+							output += formatNumber("o",
+								Math.round((new Date(date.getFullYear(), date.getMonth(), date.getDate()).getTime() - new Date(date.getFullYear(), 0, 0).getTime()) / 86400000), 3);
+							break;
+						case "m":
+							output += formatNumber("m", date.getMonth() + 1, 2);
+							break;
+						case "M":
+							output += formatName("M", date.getMonth(), monthNamesShort, monthNames);
+							break;
+						case "y":
+							output += (lookAhead("y") ? date.getFullYear() :
+								(date.getYear() % 100 < 10 ? "0" : "") + date.getYear() % 100);
+							break;
+						case "@":
+							output += date.getTime();
+							break;
+						case "!":
+							output += date.getTime() * 10000 + this._ticksTo1970;
+							break;
+						case "'":
+							if (lookAhead("'")) {
+								output += "'";
+							} else {
+								literal = true;
+							}
+							break;
+						default:
+							output += format.charAt(iFormat);
+					}
+				}
+			}
+		}
+		return output;
+	},
+
+	/* Extract all possible characters from the date format. */
+	_possibleChars: function (format) {
+		var iFormat,
+			chars = "",
+			literal = false,
+			// Check whether a format character is doubled
+			lookAhead = function(match) {
+				var matches = (iFormat + 1 < format.length && format.charAt(iFormat + 1) === match);
+				if (matches) {
+					iFormat++;
+				}
+				return matches;
+			};
+
+		for (iFormat = 0; iFormat < format.length; iFormat++) {
+			if (literal) {
+				if (format.charAt(iFormat) === "'" && !lookAhead("'")) {
+					literal = false;
+				} else {
+					chars += format.charAt(iFormat);
+				}
+			} else {
+				switch (format.charAt(iFormat)) {
+					case "d": case "m": case "y": case "@":
+						chars += "0123456789";
+						break;
+					case "D": case "M":
+						return null; // Accept anything
+					case "'":
+						if (lookAhead("'")) {
+							chars += "'";
+						} else {
+							literal = true;
+						}
+						break;
+					default:
+						chars += format.charAt(iFormat);
+				}
+			}
+		}
+		return chars;
+	},
+
+	/* Get a setting value, defaulting if necessary. */
+	_get: function(inst, name) {
+		return inst.settings[name] !== undefined ?
+			inst.settings[name] : this._defaults[name];
+	},
+
+	/* Parse existing date and initialise date picker. */
+	_setDateFromField: function(inst, noDefault) {
+		if (inst.input.val() === inst.lastVal) {
+			return;
+		}
+
+		var dateFormat = this._get(inst, "dateFormat"),
+			dates = inst.lastVal = inst.input ? inst.input.val() : null,
+			defaultDate = this._getDefaultDate(inst),
+			date = defaultDate,
+			settings = this._getFormatConfig(inst);
+
+		try {
+			date = this.parseDate(dateFormat, dates, settings) || defaultDate;
+		} catch (event) {
+			dates = (noDefault ? "" : dates);
+		}
+		inst.selectedDay = date.getDate();
+		inst.drawMonth = inst.selectedMonth = date.getMonth();
+		inst.drawYear = inst.selectedYear = date.getFullYear();
+		inst.currentDay = (dates ? date.getDate() : 0);
+		inst.currentMonth = (dates ? date.getMonth() : 0);
+		inst.currentYear = (dates ? date.getFullYear() : 0);
+		this._adjustInstDate(inst);
+	},
+
+	/* Retrieve the default date shown on opening. */
+	_getDefaultDate: function(inst) {
+		return this._restrictMinMax(inst,
+			this._determineDate(inst, this._get(inst, "defaultDate"), new Date()));
+	},
+
+	/* A date may be specified as an exact value or a relative one. */
+	_determineDate: function(inst, date, defaultDate) {
+		var offsetNumeric = function(offset) {
+				var date = new Date();
+				date.setDate(date.getDate() + offset);
+				return date;
+			},
+			offsetString = function(offset) {
+				try {
+					return $.datepicker.parseDate($.datepicker._get(inst, "dateFormat"),
+						offset, $.datepicker._getFormatConfig(inst));
+				}
+				catch (e) {
+					// Ignore
+				}
+
+				var date = (offset.toLowerCase().match(/^c/) ?
+					$.datepicker._getDate(inst) : null) || new Date(),
+					year = date.getFullYear(),
+					month = date.getMonth(),
+					day = date.getDate(),
+					pattern = /([+\-]?[0-9]+)\s*(d|D|w|W|m|M|y|Y)?/g,
+					matches = pattern.exec(offset);
+
+				while (matches) {
+					switch (matches[2] || "d") {
+						case "d" : case "D" :
+							day += parseInt(matches[1],10); break;
+						case "w" : case "W" :
+							day += parseInt(matches[1],10) * 7; break;
+						case "m" : case "M" :
+							month += parseInt(matches[1],10);
+							day = Math.min(day, $.datepicker._getDaysInMonth(year, month));
+							break;
+						case "y": case "Y" :
+							year += parseInt(matches[1],10);
+							day = Math.min(day, $.datepicker._getDaysInMonth(year, month));
+							break;
+					}
+					matches = pattern.exec(offset);
+				}
+				return new Date(year, month, day);
+			},
+			newDate = (date == null || date === "" ? defaultDate : (typeof date === "string" ? offsetString(date) :
+				(typeof date === "number" ? (isNaN(date) ? defaultDate : offsetNumeric(date)) : new Date(date.getTime()))));
+
+		newDate = (newDate && newDate.toString() === "Invalid Date" ? defaultDate : newDate);
+		if (newDate) {
+			newDate.setHours(0);
+			newDate.setMinutes(0);
+			newDate.setSeconds(0);
+			newDate.setMilliseconds(0);
+		}
+		return this._daylightSavingAdjust(newDate);
+	},
+
+	/* Handle switch to/from daylight saving.
+	 * Hours may be non-zero on daylight saving cut-over:
+	 * > 12 when midnight changeover, but then cannot generate
+	 * midnight datetime, so jump to 1AM, otherwise reset.
+	 * @param  date  (Date) the date to check
+	 * @return  (Date) the corrected date
+	 */
+	_daylightSavingAdjust: function(date) {
+		if (!date) {
+			return null;
+		}
+		date.setHours(date.getHours() > 12 ? date.getHours() + 2 : 0);
+		return date;
+	},
+
+	/* Set the date(s) directly. */
+	_setDate: function(inst, date, noChange) {
+		var clear = !date,
+			origMonth = inst.selectedMonth,
+			origYear = inst.selectedYear,
+			newDate = this._restrictMinMax(inst, this._determineDate(inst, date, new Date()));
+
+		inst.selectedDay = inst.currentDay = newDate.getDate();
+		inst.drawMonth = inst.selectedMonth = inst.currentMonth = newDate.getMonth();
+		inst.drawYear = inst.selectedYear = inst.currentYear = newDate.getFullYear();
+		if ((origMonth !== inst.selectedMonth || origYear !== inst.selectedYear) && !noChange) {
+			this._notifyChange(inst);
+		}
+		this._adjustInstDate(inst);
+		if (inst.input) {
+			inst.input.val(clear ? "" : this._formatDate(inst));
+		}
+	},
+
+	/* Retrieve the date(s) directly. */
+	_getDate: function(inst) {
+		var startDate = (!inst.currentYear || (inst.input && inst.input.val() === "") ? null :
+			this._daylightSavingAdjust(new Date(
+			inst.currentYear, inst.currentMonth, inst.currentDay)));
+			return startDate;
+	},
+
+	/* Attach the onxxx handlers.  These are declared statically so
+	 * they work with static code transformers like Caja.
+	 */
+	_attachHandlers: function(inst) {
+		var stepMonths = this._get(inst, "stepMonths"),
+			id = "#" + inst.id.replace( /\\\\/g, "\\" );
+		inst.dpDiv.find("[data-handler]").map(function () {
+			var handler = {
+				prev: function () {
+					$.datepicker._adjustDate(id, -stepMonths, "M");
+				},
+				next: function () {
+					$.datepicker._adjustDate(id, +stepMonths, "M");
+				},
+				hide: function () {
+					$.datepicker._hideDatepicker();
+				},
+				today: function () {
+					$.datepicker._gotoToday(id);
+				},
+				selectDay: function () {
+					$.datepicker._selectDay(id, +this.getAttribute("data-month"), +this.getAttribute("data-year"), this);
+					return false;
+				},
+				selectMonth: function () {
+					$.datepicker._selectMonthYear(id, this, "M");
+					return false;
+				},
+				selectYear: function () {
+					$.datepicker._selectMonthYear(id, this, "Y");
+					return false;
+				}
+			};
+			$(this).bind(this.getAttribute("data-event"), handler[this.getAttribute("data-handler")]);
+		});
+	},
+
+	/* Generate the HTML for the current state of the date picker. */
+	_generateHTML: function(inst) {
+		var maxDraw, prevText, prev, nextText, next, currentText, gotoDate,
+			controls, buttonPanel, firstDay, showWeek, dayNames, dayNamesMin,
+			monthNames, monthNamesShort, beforeShowDay, showOtherMonths,
+			selectOtherMonths, defaultDate, html, dow, row, group, col, selectedDate,
+			cornerClass, calender, thead, day, daysInMonth, leadDays, curRows, numRows,
+			printDate, dRow, tbody, daySettings, otherMonth, unselectable,
+			tempDate = new Date(),
+			today = this._daylightSavingAdjust(
+				new Date(tempDate.getFullYear(), tempDate.getMonth(), tempDate.getDate())), // clear time
+			isRTL = this._get(inst, "isRTL"),
+			showButtonPanel = this._get(inst, "showButtonPanel"),
+			hideIfNoPrevNext = this._get(inst, "hideIfNoPrevNext"),
+			navigationAsDateFormat = this._get(inst, "navigationAsDateFormat"),
+			numMonths = this._getNumberOfMonths(inst),
+			showCurrentAtPos = this._get(inst, "showCurrentAtPos"),
+			stepMonths = this._get(inst, "stepMonths"),
+			isMultiMonth = (numMonths[0] !== 1 || numMonths[1] !== 1),
+			currentDate = this._daylightSavingAdjust((!inst.currentDay ? new Date(9999, 9, 9) :
+				new Date(inst.currentYear, inst.currentMonth, inst.currentDay))),
+			minDate = this._getMinMaxDate(inst, "min"),
+			maxDate = this._getMinMaxDate(inst, "max"),
+			drawMonth = inst.drawMonth - showCurrentAtPos,
+			drawYear = inst.drawYear;
+
+		if (drawMonth < 0) {
+			drawMonth += 12;
+			drawYear--;
+		}
+		if (maxDate) {
+			maxDraw = this._daylightSavingAdjust(new Date(maxDate.getFullYear(),
+				maxDate.getMonth() - (numMonths[0] * numMonths[1]) + 1, maxDate.getDate()));
+			maxDraw = (minDate && maxDraw < minDate ? minDate : maxDraw);
+			while (this._daylightSavingAdjust(new Date(drawYear, drawMonth, 1)) > maxDraw) {
+				drawMonth--;
+				if (drawMonth < 0) {
+					drawMonth = 11;
+					drawYear--;
+				}
+			}
+		}
+		inst.drawMonth = drawMonth;
+		inst.drawYear = drawYear;
+
+		prevText = this._get(inst, "prevText");
+		prevText = (!navigationAsDateFormat ? prevText : this.formatDate(prevText,
+			this._daylightSavingAdjust(new Date(drawYear, drawMonth - stepMonths, 1)),
+			this._getFormatConfig(inst)));
+
+		prev = (this._canAdjustMonth(inst, -1, drawYear, drawMonth) ?
+			"<a class='ui-datepicker-prev ui-corner-all' data-handler='prev' data-event='click'" +
+			" title='" + prevText + "'><span class='ui-icon ui-icon-circle-triangle-" + ( isRTL ? "e" : "w") + "'>" + prevText + "</span></a>" :
+			(hideIfNoPrevNext ? "" : "<a class='ui-datepicker-prev ui-corner-all ui-state-disabled' title='"+ prevText +"'><span class='ui-icon ui-icon-circle-triangle-" + ( isRTL ? "e" : "w") + "'>" + prevText + "</span></a>"));
+
+		nextText = this._get(inst, "nextText");
+		nextText = (!navigationAsDateFormat ? nextText : this.formatDate(nextText,
+			this._daylightSavingAdjust(new Date(drawYear, drawMonth + stepMonths, 1)),
+			this._getFormatConfig(inst)));
+
+		next = (this._canAdjustMonth(inst, +1, drawYear, drawMonth) ?
+			"<a class='ui-datepicker-next ui-corner-all' data-handler='next' data-event='click'" +
+			" title='" + nextText + "'><span class='ui-icon ui-icon-circle-triangle-" + ( isRTL ? "w" : "e") + "'>" + nextText + "</span></a>" :
+			(hideIfNoPrevNext ? "" : "<a class='ui-datepicker-next ui-corner-all ui-state-disabled' title='"+ nextText + "'><span class='ui-icon ui-icon-circle-triangle-" + ( isRTL ? "w" : "e") + "'>" + nextText + "</span></a>"));
+
+		currentText = this._get(inst, "currentText");
+		gotoDate = (this._get(inst, "gotoCurrent") && inst.currentDay ? currentDate : today);
+		currentText = (!navigationAsDateFormat ? currentText :
+			this.formatDate(currentText, gotoDate, this._getFormatConfig(inst)));
+
+		controls = (!inst.inline ? "<button type='button' class='ui-datepicker-close ui-state-default ui-priority-primary ui-corner-all' data-handler='hide' data-event='click'>" +
+			this._get(inst, "closeText") + "</button>" : "");
+
+		buttonPanel = (showButtonPanel) ? "<div class='ui-datepicker-buttonpane ui-widget-content'>" + (isRTL ? controls : "") +
+			(this._isInRange(inst, gotoDate) ? "<button type='button' class='ui-datepicker-current ui-state-default ui-priority-secondary ui-corner-all' data-handler='today' data-event='click'" +
+			">" + currentText + "</button>" : "") + (isRTL ? "" : controls) + "</div>" : "";
+
+		firstDay = parseInt(this._get(inst, "firstDay"),10);
+		firstDay = (isNaN(firstDay) ? 0 : firstDay);
+
+		showWeek = this._get(inst, "showWeek");
+		dayNames = this._get(inst, "dayNames");
+		dayNamesMin = this._get(inst, "dayNamesMin");
+		monthNames = this._get(inst, "monthNames");
+		monthNamesShort = this._get(inst, "monthNamesShort");
+		beforeShowDay = this._get(inst, "beforeShowDay");
+		showOtherMonths = this._get(inst, "showOtherMonths");
+		selectOtherMonths = this._get(inst, "selectOtherMonths");
+		defaultDate = this._getDefaultDate(inst);
+		html = "";
+		dow;
+		for (row = 0; row < numMonths[0]; row++) {
+			group = "";
+			this.maxRows = 4;
+			for (col = 0; col < numMonths[1]; col++) {
+				selectedDate = this._daylightSavingAdjust(new Date(drawYear, drawMonth, inst.selectedDay));
+				cornerClass = " ui-corner-all";
+				calender = "";
+				if (isMultiMonth) {
+					calender += "<div class='ui-datepicker-group";
+					if (numMonths[1] > 1) {
+						switch (col) {
+							case 0: calender += " ui-datepicker-group-first";
+								cornerClass = " ui-corner-" + (isRTL ? "right" : "left"); break;
+							case numMonths[1]-1: calender += " ui-datepicker-group-last";
+								cornerClass = " ui-corner-" + (isRTL ? "left" : "right"); break;
+							default: calender += " ui-datepicker-group-middle"; cornerClass = ""; break;
+						}
+					}
+					calender += "'>";
+				}
+				calender += "<div class='ui-datepicker-header ui-widget-header ui-helper-clearfix" + cornerClass + "'>" +
+					(/all|left/.test(cornerClass) && row === 0 ? (isRTL ? next : prev) : "") +
+					(/all|right/.test(cornerClass) && row === 0 ? (isRTL ? prev : next) : "") +
+					this._generateMonthYearHeader(inst, drawMonth, drawYear, minDate, maxDate,
+					row > 0 || col > 0, monthNames, monthNamesShort) + // draw month headers
+					"</div><table class='ui-datepicker-calendar'><thead>" +
+					"<tr>";
+				thead = (showWeek ? "<th class='ui-datepicker-week-col'>" + this._get(inst, "weekHeader") + "</th>" : "");
+				for (dow = 0; dow < 7; dow++) { // days of the week
+					day = (dow + firstDay) % 7;
+					thead += "<th" + ((dow + firstDay + 6) % 7 >= 5 ? " class='ui-datepicker-week-end'" : "") + ">" +
+						"<span title='" + dayNames[day] + "'>" + dayNamesMin[day] + "</span></th>";
+				}
+				calender += thead + "</tr></thead><tbody>";
+				daysInMonth = this._getDaysInMonth(drawYear, drawMonth);
+				if (drawYear === inst.selectedYear && drawMonth === inst.selectedMonth) {
+					inst.selectedDay = Math.min(inst.selectedDay, daysInMonth);
+				}
+				leadDays = (this._getFirstDayOfMonth(drawYear, drawMonth) - firstDay + 7) % 7;
+				curRows = Math.ceil((leadDays + daysInMonth) / 7); // calculate the number of rows to generate
+				numRows = (isMultiMonth ? this.maxRows > curRows ? this.maxRows : curRows : curRows); //If multiple months, use the higher number of rows (see #7043)
+				this.maxRows = numRows;
+				printDate = this._daylightSavingAdjust(new Date(drawYear, drawMonth, 1 - leadDays));
+				for (dRow = 0; dRow < numRows; dRow++) { // create date picker rows
+					calender += "<tr>";
+					tbody = (!showWeek ? "" : "<td class='ui-datepicker-week-col'>" +
+						this._get(inst, "calculateWeek")(printDate) + "</td>");
+					for (dow = 0; dow < 7; dow++) { // create date picker days
+						daySettings = (beforeShowDay ?
+							beforeShowDay.apply((inst.input ? inst.input[0] : null), [printDate]) : [true, ""]);
+						otherMonth = (printDate.getMonth() !== drawMonth);
+						unselectable = (otherMonth && !selectOtherMonths) || !daySettings[0] ||
+							(minDate && printDate < minDate) || (maxDate && printDate > maxDate);
+						tbody += "<td class='" +
+							((dow + firstDay + 6) % 7 >= 5 ? " ui-datepicker-week-end" : "") + // highlight weekends
+							(otherMonth ? " ui-datepicker-other-month" : "") + // highlight days from other months
+							((printDate.getTime() === selectedDate.getTime() && drawMonth === inst.selectedMonth && inst._keyEvent) || // user pressed key
+							(defaultDate.getTime() === printDate.getTime() && defaultDate.getTime() === selectedDate.getTime()) ?
+							// or defaultDate is current printedDate and defaultDate is selectedDate
+							" " + this._dayOverClass : "") + // highlight selected day
+							(unselectable ? " " + this._unselectableClass + " ui-state-disabled": "") +  // highlight unselectable days
+							(otherMonth && !showOtherMonths ? "" : " " + daySettings[1] + // highlight custom dates
+							(printDate.getTime() === currentDate.getTime() ? " " + this._currentClass : "") + // highlight selected day
+							(printDate.getTime() === today.getTime() ? " ui-datepicker-today" : "")) + "'" + // highlight today (if different)
+							((!otherMonth || showOtherMonths) && daySettings[2] ? " title='" + daySettings[2].replace(/'/g, "&#39;") + "'" : "") + // cell title
+							(unselectable ? "" : " data-handler='selectDay' data-event='click' data-month='" + printDate.getMonth() + "' data-year='" + printDate.getFullYear() + "'") + ">" + // actions
+							(otherMonth && !showOtherMonths ? "&#xa0;" : // display for other months
+							(unselectable ? "<span class='ui-state-default'>" + printDate.getDate() + "</span>" : "<a class='ui-state-default" +
+							(printDate.getTime() === today.getTime() ? " ui-state-highlight" : "") +
+							(printDate.getTime() === currentDate.getTime() ? " ui-state-active" : "") + // highlight selected day
+							(otherMonth ? " ui-priority-secondary" : "") + // distinguish dates from other months
+							"' href='#'>" + printDate.getDate() + "</a>")) + "</td>"; // display selectable date
+						printDate.setDate(printDate.getDate() + 1);
+						printDate = this._daylightSavingAdjust(printDate);
+					}
+					calender += tbody + "</tr>";
+				}
+				drawMonth++;
+				if (drawMonth > 11) {
+					drawMonth = 0;
+					drawYear++;
+				}
+				calender += "</tbody></table>" + (isMultiMonth ? "</div>" +
+							((numMonths[0] > 0 && col === numMonths[1]-1) ? "<div class='ui-datepicker-row-break'></div>" : "") : "");
+				group += calender;
+			}
+			html += group;
+		}
+		html += buttonPanel;
+		inst._keyEvent = false;
+		return html;
+	},
+
+	/* Generate the month and year header. */
+	_generateMonthYearHeader: function(inst, drawMonth, drawYear, minDate, maxDate,
+			secondary, monthNames, monthNamesShort) {
+
+		var inMinYear, inMaxYear, month, years, thisYear, determineYear, year, endYear,
+			changeMonth = this._get(inst, "changeMonth"),
+			changeYear = this._get(inst, "changeYear"),
+			showMonthAfterYear = this._get(inst, "showMonthAfterYear"),
+			html = "<div class='ui-datepicker-title'>",
+			monthHtml = "";
+
+		// month selection
+		if (secondary || !changeMonth) {
+			monthHtml += "<span class='ui-datepicker-month'>" + monthNames[drawMonth] + "</span>";
+		} else {
+			inMinYear = (minDate && minDate.getFullYear() === drawYear);
+			inMaxYear = (maxDate && maxDate.getFullYear() === drawYear);
+			monthHtml += "<select class='ui-datepicker-month' data-handler='selectMonth' data-event='change'>";
+			for ( month = 0; month < 12; month++) {
+				if ((!inMinYear || month >= minDate.getMonth()) && (!inMaxYear || month <= maxDate.getMonth())) {
+					monthHtml += "<option value='" + month + "'" +
+						(month === drawMonth ? " selected='selected'" : "") +
+						">" + monthNamesShort[month] + "</option>";
+				}
+			}
+			monthHtml += "</select>";
+		}
+
+		if (!showMonthAfterYear) {
+			html += monthHtml + (secondary || !(changeMonth && changeYear) ? "&#xa0;" : "");
+		}
+
+		// year selection
+		if ( !inst.yearshtml ) {
+			inst.yearshtml = "";
+			if (secondary || !changeYear) {
+				html += "<span class='ui-datepicker-year'>" + drawYear + "</span>";
+			} else {
+				// determine range of years to display
+				years = this._get(inst, "yearRange").split(":");
+				thisYear = new Date().getFullYear();
+				determineYear = function(value) {
+					var year = (value.match(/c[+\-].*/) ? drawYear + parseInt(value.substring(1), 10) :
+						(value.match(/[+\-].*/) ? thisYear + parseInt(value, 10) :
+						parseInt(value, 10)));
+					return (isNaN(year) ? thisYear : year);
+				};
+				year = determineYear(years[0]);
+				endYear = Math.max(year, determineYear(years[1] || ""));
+				year = (minDate ? Math.max(year, minDate.getFullYear()) : year);
+				endYear = (maxDate ? Math.min(endYear, maxDate.getFullYear()) : endYear);
+				inst.yearshtml += "<select class='ui-datepicker-year' data-handler='selectYear' data-event='change'>";
+				for (; year <= endYear; year++) {
+					inst.yearshtml += "<option value='" + year + "'" +
+						(year === drawYear ? " selected='selected'" : "") +
+						">" + year + "</option>";
+				}
+				inst.yearshtml += "</select>";
+
+				html += inst.yearshtml;
+				inst.yearshtml = null;
+			}
+		}
+
+		html += this._get(inst, "yearSuffix");
+		if (showMonthAfterYear) {
+			html += (secondary || !(changeMonth && changeYear) ? "&#xa0;" : "") + monthHtml;
+		}
+		html += "</div>"; // Close datepicker_header
+		return html;
+	},
+
+	/* Adjust one of the date sub-fields. */
+	_adjustInstDate: function(inst, offset, period) {
+		var year = inst.drawYear + (period === "Y" ? offset : 0),
+			month = inst.drawMonth + (period === "M" ? offset : 0),
+			day = Math.min(inst.selectedDay, this._getDaysInMonth(year, month)) + (period === "D" ? offset : 0),
+			date = this._restrictMinMax(inst, this._daylightSavingAdjust(new Date(year, month, day)));
+
+		inst.selectedDay = date.getDate();
+		inst.drawMonth = inst.selectedMonth = date.getMonth();
+		inst.drawYear = inst.selectedYear = date.getFullYear();
+		if (period === "M" || period === "Y") {
+			this._notifyChange(inst);
+		}
+	},
+
+	/* Ensure a date is within any min/max bounds. */
+	_restrictMinMax: function(inst, date) {
+		var minDate = this._getMinMaxDate(inst, "min"),
+			maxDate = this._getMinMaxDate(inst, "max"),
+			newDate = (minDate && date < minDate ? minDate : date);
+		return (maxDate && newDate > maxDate ? maxDate : newDate);
+	},
+
+	/* Notify change of month/year. */
+	_notifyChange: function(inst) {
+		var onChange = this._get(inst, "onChangeMonthYear");
+		if (onChange) {
+			onChange.apply((inst.input ? inst.input[0] : null),
+				[inst.selectedYear, inst.selectedMonth + 1, inst]);
+		}
+	},
+
+	/* Determine the number of months to show. */
+	_getNumberOfMonths: function(inst) {
+		var numMonths = this._get(inst, "numberOfMonths");
+		return (numMonths == null ? [1, 1] : (typeof numMonths === "number" ? [1, numMonths] : numMonths));
+	},
+
+	/* Determine the current maximum date - ensure no time components are set. */
+	_getMinMaxDate: function(inst, minMax) {
+		return this._determineDate(inst, this._get(inst, minMax + "Date"), null);
+	},
+
+	/* Find the number of days in a given month. */
+	_getDaysInMonth: function(year, month) {
+		return 32 - this._daylightSavingAdjust(new Date(year, month, 32)).getDate();
+	},
+
+	/* Find the day of the week of the first of a month. */
+	_getFirstDayOfMonth: function(year, month) {
+		return new Date(year, month, 1).getDay();
+	},
+
+	/* Determines if we should allow a "next/prev" month display change. */
+	_canAdjustMonth: function(inst, offset, curYear, curMonth) {
+		var numMonths = this._getNumberOfMonths(inst),
+			date = this._daylightSavingAdjust(new Date(curYear,
+			curMonth + (offset < 0 ? offset : numMonths[0] * numMonths[1]), 1));
+
+		if (offset < 0) {
+			date.setDate(this._getDaysInMonth(date.getFullYear(), date.getMonth()));
+		}
+		return this._isInRange(inst, date);
+	},
+
+	/* Is the given date in the accepted range? */
+	_isInRange: function(inst, date) {
+		var yearSplit, currentYear,
+			minDate = this._getMinMaxDate(inst, "min"),
+			maxDate = this._getMinMaxDate(inst, "max"),
+			minYear = null,
+			maxYear = null,
+			years = this._get(inst, "yearRange");
+			if (years){
+				yearSplit = years.split(":");
+				currentYear = new Date().getFullYear();
+				minYear = parseInt(yearSplit[0], 10);
+				maxYear = parseInt(yearSplit[1], 10);
+				if ( yearSplit[0].match(/[+\-].*/) ) {
+					minYear += currentYear;
+				}
+				if ( yearSplit[1].match(/[+\-].*/) ) {
+					maxYear += currentYear;
+				}
+			}
+
+		return ((!minDate || date.getTime() >= minDate.getTime()) &&
+			(!maxDate || date.getTime() <= maxDate.getTime()) &&
+			(!minYear || date.getFullYear() >= minYear) &&
+			(!maxYear || date.getFullYear() <= maxYear));
+	},
+
+	/* Provide the configuration settings for formatting/parsing. */
+	_getFormatConfig: function(inst) {
+		var shortYearCutoff = this._get(inst, "shortYearCutoff");
+		shortYearCutoff = (typeof shortYearCutoff !== "string" ? shortYearCutoff :
+			new Date().getFullYear() % 100 + parseInt(shortYearCutoff, 10));
+		return {shortYearCutoff: shortYearCutoff,
+			dayNamesShort: this._get(inst, "dayNamesShort"), dayNames: this._get(inst, "dayNames"),
+			monthNamesShort: this._get(inst, "monthNamesShort"), monthNames: this._get(inst, "monthNames")};
+	},
+
+	/* Format the given date for display. */
+	_formatDate: function(inst, day, month, year) {
+		if (!day) {
+			inst.currentDay = inst.selectedDay;
+			inst.currentMonth = inst.selectedMonth;
+			inst.currentYear = inst.selectedYear;
+		}
+		var date = (day ? (typeof day === "object" ? day :
+			this._daylightSavingAdjust(new Date(year, month, day))) :
+			this._daylightSavingAdjust(new Date(inst.currentYear, inst.currentMonth, inst.currentDay)));
+		return this.formatDate(this._get(inst, "dateFormat"), date, this._getFormatConfig(inst));
+	}
+});
+
+/*
+ * Bind hover events for datepicker elements.
+ * Done via delegate so the binding only occurs once in the lifetime of the parent div.
+ * Global instActive, set by _updateDatepicker allows the handlers to find their way back to the active picker.
+ */
+function bindHover(dpDiv) {
+	var selector = "button, .ui-datepicker-prev, .ui-datepicker-next, .ui-datepicker-calendar td a";
+	return dpDiv.delegate(selector, "mouseout", function() {
+			$(this).removeClass("ui-state-hover");
+			if (this.className.indexOf("ui-datepicker-prev") !== -1) {
+				$(this).removeClass("ui-datepicker-prev-hover");
+			}
+			if (this.className.indexOf("ui-datepicker-next") !== -1) {
+				$(this).removeClass("ui-datepicker-next-hover");
+			}
+		})
+		.delegate(selector, "mouseover", function(){
+			if (!$.datepicker._isDisabledDatepicker( instActive.inline ? dpDiv.parent()[0] : instActive.input[0])) {
+				$(this).parents(".ui-datepicker-calendar").find("a").removeClass("ui-state-hover");
+				$(this).addClass("ui-state-hover");
+				if (this.className.indexOf("ui-datepicker-prev") !== -1) {
+					$(this).addClass("ui-datepicker-prev-hover");
+				}
+				if (this.className.indexOf("ui-datepicker-next") !== -1) {
+					$(this).addClass("ui-datepicker-next-hover");
+				}
+			}
+		});
+}
+
+/* jQuery extend now ignores nulls! */
+function extendRemove(target, props) {
+	$.extend(target, props);
+	for (var name in props) {
+		if (props[name] == null) {
+			target[name] = props[name];
+		}
+	}
+	return target;
+}
+
+/* Invoke the datepicker functionality.
+   @param  options  string - a command, optionally followed by additional parameters or
+					Object - settings for attaching new datepicker functionality
+   @return  jQuery object */
+$.fn.datepicker = function(options){
+
+	/* Verify an empty collection wasn't passed - Fixes #6976 */
+	if ( !this.length ) {
+		return this;
+	}
+
+	/* Initialise the date picker. */
+	if (!$.datepicker.initialized) {
+		$(document).mousedown($.datepicker._checkExternalClick);
+		$.datepicker.initialized = true;
+	}
+
+	/* Append datepicker main container to body if not exist. */
+	if ($("#"+$.datepicker._mainDivId).length === 0) {
+		$("body").append($.datepicker.dpDiv);
+	}
+
+	var otherArgs = Array.prototype.slice.call(arguments, 1);
+	if (typeof options === "string" && (options === "isDisabled" || options === "getDate" || options === "widget")) {
+		return $.datepicker["_" + options + "Datepicker"].
+			apply($.datepicker, [this[0]].concat(otherArgs));
+	}
+	if (options === "option" && arguments.length === 2 && typeof arguments[1] === "string") {
+		return $.datepicker["_" + options + "Datepicker"].
+			apply($.datepicker, [this[0]].concat(otherArgs));
+	}
+	return this.each(function() {
+		typeof options === "string" ?
+			$.datepicker["_" + options + "Datepicker"].
+				apply($.datepicker, [this].concat(otherArgs)) :
+			$.datepicker._attachDatepicker(this, options);
+	});
+};
+
+$.datepicker = new Datepicker(); // singleton instance
+$.datepicker.initialized = false;
+$.datepicker.uuid = new Date().getTime();
+$.datepicker.version = "1.10.3";
+
+})(jQuery);
+(function( $, undefined ) {
+
+// number of pages in a slider
+// (how many times can you page up/down to go through the whole range)
+var numPages = 5;
+
+$.widget( "ui.slider", $.ui.mouse, {
+	version: "1.10.3",
+	widgetEventPrefix: "slide",
+
+	options: {
+		animate: false,
+		distance: 0,
+		max: 100,
+		min: 0,
+		orientation: "horizontal",
+		range: false,
+		step: 1,
+		value: 0,
+		values: null,
+
+		// callbacks
+		change: null,
+		slide: null,
+		start: null,
+		stop: null
+	},
+
+	_create: function() {
+		this._keySliding = false;
+		this._mouseSliding = false;
+		this._animateOff = true;
+		this._handleIndex = null;
+		this._detectOrientation();
+		this._mouseInit();
+
+		this.element
+			.addClass( "ui-slider" +
+				" ui-slider-" + this.orientation +
+				" ui-widget" +
+				" ui-widget-content" +
+				" ui-corner-all");
+
+		this._refresh();
+		this._setOption( "disabled", this.options.disabled );
+
+		this._animateOff = false;
+	},
+
+	_refresh: function() {
+		this._createRange();
+		this._createHandles();
+		this._setupEvents();
+		this._refreshValue();
+	},
+
+	_createHandles: function() {
+		var i, handleCount,
+			options = this.options,
+			existingHandles = this.element.find( ".ui-slider-handle" ).addClass( "ui-state-default ui-corner-all" ),
+			handle = "<a class='ui-slider-handle ui-state-default ui-corner-all' href='#'></a>",
+			handles = [];
+
+		handleCount = ( options.values && options.values.length ) || 1;
+
+		if ( existingHandles.length > handleCount ) {
+			existingHandles.slice( handleCount ).remove();
+			existingHandles = existingHandles.slice( 0, handleCount );
+		}
+
+		for ( i = existingHandles.length; i < handleCount; i++ ) {
+			handles.push( handle );
+		}
+
+		this.handles = existingHandles.add( $( handles.join( "" ) ).appendTo( this.element ) );
+
+		this.handle = this.handles.eq( 0 );
+
+		this.handles.each(function( i ) {
+			$( this ).data( "ui-slider-handle-index", i );
+		});
+	},
+
+	_createRange: function() {
+		var options = this.options,
+			classes = "";
+
+		if ( options.range ) {
+			if ( options.range === true ) {
+				if ( !options.values ) {
+					options.values = [ this._valueMin(), this._valueMin() ];
+				} else if ( options.values.length && options.values.length !== 2 ) {
+					options.values = [ options.values[0], options.values[0] ];
+				} else if ( $.isArray( options.values ) ) {
+					options.values = options.values.slice(0);
+				}
+			}
+
+			if ( !this.range || !this.range.length ) {
+				this.range = $( "<div></div>" )
+					.appendTo( this.element );
+
+				classes = "ui-slider-range" +
+				// note: this isn't the most fittingly semantic framework class for this element,
+				// but worked best visually with a variety of themes
+				" ui-widget-header ui-corner-all";
+			} else {
+				this.range.removeClass( "ui-slider-range-min ui-slider-range-max" )
+					// Handle range switching from true to min/max
+					.css({
+						"left": "",
+						"bottom": ""
+					});
+			}
+
+			this.range.addClass( classes +
+				( ( options.range === "min" || options.range === "max" ) ? " ui-slider-range-" + options.range : "" ) );
+		} else {
+			this.range = $([]);
+		}
+	},
+
+	_setupEvents: function() {
+		var elements = this.handles.add( this.range ).filter( "a" );
+		this._off( elements );
+		this._on( elements, this._handleEvents );
+		this._hoverable( elements );
+		this._focusable( elements );
+	},
+
+	_destroy: function() {
+		this.handles.remove();
+		this.range.remove();
+
+		this.element
+			.removeClass( "ui-slider" +
+				" ui-slider-horizontal" +
+				" ui-slider-vertical" +
+				" ui-widget" +
+				" ui-widget-content" +
+				" ui-corner-all" );
+
+		this._mouseDestroy();
+	},
+
+	_mouseCapture: function( event ) {
+		var position, normValue, distance, closestHandle, index, allowed, offset, mouseOverHandle,
+			that = this,
+			o = this.options;
+
+		if ( o.disabled ) {
+			return false;
+		}
+
+		this.elementSize = {
+			width: this.element.outerWidth(),
+			height: this.element.outerHeight()
+		};
+		this.elementOffset = this.element.offset();
+
+		position = { x: event.pageX, y: event.pageY };
+		normValue = this._normValueFromMouse( position );
+		distance = this._valueMax() - this._valueMin() + 1;
+		this.handles.each(function( i ) {
+			var thisDistance = Math.abs( normValue - that.values(i) );
+			if (( distance > thisDistance ) ||
+				( distance === thisDistance &&
+					(i === that._lastChangedValue || that.values(i) === o.min ))) {
+				distance = thisDistance;
+				closestHandle = $( this );
+				index = i;
+			}
+		});
+
+		allowed = this._start( event, index );
+		if ( allowed === false ) {
+			return false;
+		}
+		this._mouseSliding = true;
+
+		this._handleIndex = index;
+
+		closestHandle
+			.addClass( "ui-state-active" )
+			.focus();
+
+		offset = closestHandle.offset();
+		mouseOverHandle = !$( event.target ).parents().addBack().is( ".ui-slider-handle" );
+		this._clickOffset = mouseOverHandle ? { left: 0, top: 0 } : {
+			left: event.pageX - offset.left - ( closestHandle.width() / 2 ),
+			top: event.pageY - offset.top -
+				( closestHandle.height() / 2 ) -
+				( parseInt( closestHandle.css("borderTopWidth"), 10 ) || 0 ) -
+				( parseInt( closestHandle.css("borderBottomWidth"), 10 ) || 0) +
+				( parseInt( closestHandle.css("marginTop"), 10 ) || 0)
+		};
+
+		if ( !this.handles.hasClass( "ui-state-hover" ) ) {
+			this._slide( event, index, normValue );
+		}
+		this._animateOff = true;
+		return true;
+	},
+
+	_mouseStart: function() {
+		return true;
+	},
+
+	_mouseDrag: function( event ) {
+		var position = { x: event.pageX, y: event.pageY },
+			normValue = this._normValueFromMouse( position );
+
+		this._slide( event, this._handleIndex, normValue );
+
+		return false;
+	},
+
+	_mouseStop: function( event ) {
+		this.handles.removeClass( "ui-state-active" );
+		this._mouseSliding = false;
+
+		this._stop( event, this._handleIndex );
+		this._change( event, this._handleIndex );
+
+		this._handleIndex = null;
+		this._clickOffset = null;
+		this._animateOff = false;
+
+		return false;
+	},
+
+	_detectOrientation: function() {
+		this.orientation = ( this.options.orientation === "vertical" ) ? "vertical" : "horizontal";
+	},
+
+	_normValueFromMouse: function( position ) {
+		var pixelTotal,
+			pixelMouse,
+			percentMouse,
+			valueTotal,
+			valueMouse;
+
+		if ( this.orientation === "horizontal" ) {
+			pixelTotal = this.elementSize.width;
+			pixelMouse = position.x - this.elementOffset.left - ( this._clickOffset ? this._clickOffset.left : 0 );
+		} else {
+			pixelTotal = this.elementSize.height;
+			pixelMouse = position.y - this.elementOffset.top - ( this._clickOffset ? this._clickOffset.top : 0 );
+		}
+
+		percentMouse = ( pixelMouse / pixelTotal );
+		if ( percentMouse > 1 ) {
+			percentMouse = 1;
+		}
+		if ( percentMouse < 0 ) {
+			percentMouse = 0;
+		}
+		if ( this.orientation === "vertical" ) {
+			percentMouse = 1 - percentMouse;
+		}
+
+		valueTotal = this._valueMax() - this._valueMin();
+		valueMouse = this._valueMin() + percentMouse * valueTotal;
+
+		return this._trimAlignValue( valueMouse );
+	},
+
+	_start: function( event, index ) {
+		var uiHash = {
+			handle: this.handles[ index ],
+			value: this.value()
+		};
+		if ( this.options.values && this.options.values.length ) {
+			uiHash.value = this.values( index );
+			uiHash.values = this.values();
+		}
+		return this._trigger( "start", event, uiHash );
+	},
+
+	_slide: function( event, index, newVal ) {
+		var otherVal,
+			newValues,
+			allowed;
+
+		if ( this.options.values && this.options.values.length ) {
+			otherVal = this.values( index ? 0 : 1 );
+
+			if ( ( this.options.values.length === 2 && this.options.range === true ) &&
+					( ( index === 0 && newVal > otherVal) || ( index === 1 && newVal < otherVal ) )
+				) {
+				newVal = otherVal;
+			}
+
+			if ( newVal !== this.values( index ) ) {
+				newValues = this.values();
+				newValues[ index ] = newVal;
+				// A slide can be canceled by returning false from the slide callback
+				allowed = this._trigger( "slide", event, {
+					handle: this.handles[ index ],
+					value: newVal,
+					values: newValues
+				} );
+				otherVal = this.values( index ? 0 : 1 );
+				if ( allowed !== false ) {
+					this.values( index, newVal, true );
+				}
+			}
+		} else {
+			if ( newVal !== this.value() ) {
+				// A slide can be canceled by returning false from the slide callback
+				allowed = this._trigger( "slide", event, {
+					handle: this.handles[ index ],
+					value: newVal
+				} );
+				if ( allowed !== false ) {
+					this.value( newVal );
+				}
+			}
+		}
+	},
+
+	_stop: function( event, index ) {
+		var uiHash = {
+			handle: this.handles[ index ],
+			value: this.value()
+		};
+		if ( this.options.values && this.options.values.length ) {
+			uiHash.value = this.values( index );
+			uiHash.values = this.values();
+		}
+
+		this._trigger( "stop", event, uiHash );
+	},
+
+	_change: function( event, index ) {
+		if ( !this._keySliding && !this._mouseSliding ) {
+			var uiHash = {
+				handle: this.handles[ index ],
+				value: this.value()
+			};
+			if ( this.options.values && this.options.values.length ) {
+				uiHash.value = this.values( index );
+				uiHash.values = this.values();
+			}
+
+			//store the last changed value index for reference when handles overlap
+			this._lastChangedValue = index;
+
+			this._trigger( "change", event, uiHash );
+		}
+	},
+
+	value: function( newValue ) {
+		if ( arguments.length ) {
+			this.options.value = this._trimAlignValue( newValue );
+			this._refreshValue();
+			this._change( null, 0 );
+			return;
+		}
+
+		return this._value();
+	},
+
+	values: function( index, newValue ) {
+		var vals,
+			newValues,
+			i;
+
+		if ( arguments.length > 1 ) {
+			this.options.values[ index ] = this._trimAlignValue( newValue );
+			this._refreshValue();
+			this._change( null, index );
+			return;
+		}
+
+		if ( arguments.length ) {
+			if ( $.isArray( arguments[ 0 ] ) ) {
+				vals = this.options.values;
+				newValues = arguments[ 0 ];
+				for ( i = 0; i < vals.length; i += 1 ) {
+					vals[ i ] = this._trimAlignValue( newValues[ i ] );
+					this._change( null, i );
+				}
+				this._refreshValue();
+			} else {
+				if ( this.options.values && this.options.values.length ) {
+					return this._values( index );
+				} else {
+					return this.value();
+				}
+			}
+		} else {
+			return this._values();
+		}
+	},
+
+	_setOption: function( key, value ) {
+		var i,
+			valsLength = 0;
+
+		if ( key === "range" && this.options.range === true ) {
+			if ( value === "min" ) {
+				this.options.value = this._values( 0 );
+				this.options.values = null;
+			} else if ( value === "max" ) {
+				this.options.value = this._values( this.options.values.length-1 );
+				this.options.values = null;
+			}
+		}
+
+		if ( $.isArray( this.options.values ) ) {
+			valsLength = this.options.values.length;
+		}
+
+		$.Widget.prototype._setOption.apply( this, arguments );
+
+		switch ( key ) {
+			case "orientation":
+				this._detectOrientation();
+				this.element
+					.removeClass( "ui-slider-horizontal ui-slider-vertical" )
+					.addClass( "ui-slider-" + this.orientation );
+				this._refreshValue();
+				break;
+			case "value":
+				this._animateOff = true;
+				this._refreshValue();
+				this._change( null, 0 );
+				this._animateOff = false;
+				break;
+			case "values":
+				this._animateOff = true;
+				this._refreshValue();
+				for ( i = 0; i < valsLength; i += 1 ) {
+					this._change( null, i );
+				}
+				this._animateOff = false;
+				break;
+			case "min":
+			case "max":
+				this._animateOff = true;
+				this._refreshValue();
+				this._animateOff = false;
+				break;
+			case "range":
+				this._animateOff = true;
+				this._refresh();
+				this._animateOff = false;
+				break;
+		}
+	},
+
+	//internal value getter
+	// _value() returns value trimmed by min and max, aligned by step
+	_value: function() {
+		var val = this.options.value;
+		val = this._trimAlignValue( val );
+
+		return val;
+	},
+
+	//internal values getter
+	// _values() returns array of values trimmed by min and max, aligned by step
+	// _values( index ) returns single value trimmed by min and max, aligned by step
+	_values: function( index ) {
+		var val,
+			vals,
+			i;
+
+		if ( arguments.length ) {
+			val = this.options.values[ index ];
+			val = this._trimAlignValue( val );
+
+			return val;
+		} else if ( this.options.values && this.options.values.length ) {
+			// .slice() creates a copy of the array
+			// this copy gets trimmed by min and max and then returned
+			vals = this.options.values.slice();
+			for ( i = 0; i < vals.length; i+= 1) {
+				vals[ i ] = this._trimAlignValue( vals[ i ] );
+			}
+
+			return vals;
+		} else {
+			return [];
+		}
+	},
+
+	// returns the step-aligned value that val is closest to, between (inclusive) min and max
+	_trimAlignValue: function( val ) {
+		if ( val <= this._valueMin() ) {
+			return this._valueMin();
+		}
+		if ( val >= this._valueMax() ) {
+			return this._valueMax();
+		}
+		var step = ( this.options.step > 0 ) ? this.options.step : 1,
+			valModStep = (val - this._valueMin()) % step,
+			alignValue = val - valModStep;
+
+		if ( Math.abs(valModStep) * 2 >= step ) {
+			alignValue += ( valModStep > 0 ) ? step : ( -step );
+		}
+
+		// Since JavaScript has problems with large floats, round
+		// the final value to 5 digits after the decimal point (see #4124)
+		return parseFloat( alignValue.toFixed(5) );
+	},
+
+	_valueMin: function() {
+		return this.options.min;
+	},
+
+	_valueMax: function() {
+		return this.options.max;
+	},
+
+	_refreshValue: function() {
+		var lastValPercent, valPercent, value, valueMin, valueMax,
+			oRange = this.options.range,
+			o = this.options,
+			that = this,
+			animate = ( !this._animateOff ) ? o.animate : false,
+			_set = {};
+
+		if ( this.options.values && this.options.values.length ) {
+			this.handles.each(function( i ) {
+				valPercent = ( that.values(i) - that._valueMin() ) / ( that._valueMax() - that._valueMin() ) * 100;
+				_set[ that.orientation === "horizontal" ? "left" : "bottom" ] = valPercent + "%";
+				$( this ).stop( 1, 1 )[ animate ? "animate" : "css" ]( _set, o.animate );
+				if ( that.options.range === true ) {
+					if ( that.orientation === "horizontal" ) {
+						if ( i === 0 ) {
+							that.range.stop( 1, 1 )[ animate ? "animate" : "css" ]( { left: valPercent + "%" }, o.animate );
+						}
+						if ( i === 1 ) {
+							that.range[ animate ? "animate" : "css" ]( { width: ( valPercent - lastValPercent ) + "%" }, { queue: false, duration: o.animate } );
+						}
+					} else {
+						if ( i === 0 ) {
+							that.range.stop( 1, 1 )[ animate ? "animate" : "css" ]( { bottom: ( valPercent ) + "%" }, o.animate );
+						}
+						if ( i === 1 ) {
+							that.range[ animate ? "animate" : "css" ]( { height: ( valPercent - lastValPercent ) + "%" }, { queue: false, duration: o.animate } );
+						}
+					}
+				}
+				lastValPercent = valPercent;
+			});
+		} else {
+			value = this.value();
+			valueMin = this._valueMin();
+			valueMax = this._valueMax();
+			valPercent = ( valueMax !== valueMin ) ?
+					( value - valueMin ) / ( valueMax - valueMin ) * 100 :
+					0;
+			_set[ this.orientation === "horizontal" ? "left" : "bottom" ] = valPercent + "%";
+			this.handle.stop( 1, 1 )[ animate ? "animate" : "css" ]( _set, o.animate );
+
+			if ( oRange === "min" && this.orientation === "horizontal" ) {
+				this.range.stop( 1, 1 )[ animate ? "animate" : "css" ]( { width: valPercent + "%" }, o.animate );
+			}
+			if ( oRange === "max" && this.orientation === "horizontal" ) {
+				this.range[ animate ? "animate" : "css" ]( { width: ( 100 - valPercent ) + "%" }, { queue: false, duration: o.animate } );
+			}
+			if ( oRange === "min" && this.orientation === "vertical" ) {
+				this.range.stop( 1, 1 )[ animate ? "animate" : "css" ]( { height: valPercent + "%" }, o.animate );
+			}
+			if ( oRange === "max" && this.orientation === "vertical" ) {
+				this.range[ animate ? "animate" : "css" ]( { height: ( 100 - valPercent ) + "%" }, { queue: false, duration: o.animate } );
+			}
+		}
+	},
+
+	_handleEvents: {
+		keydown: function( event ) {
+			/*jshint maxcomplexity:25*/
+			var allowed, curVal, newVal, step,
+				index = $( event.target ).data( "ui-slider-handle-index" );
+
+			switch ( event.keyCode ) {
+				case $.ui.keyCode.HOME:
+				case $.ui.keyCode.END:
+				case $.ui.keyCode.PAGE_UP:
+				case $.ui.keyCode.PAGE_DOWN:
+				case $.ui.keyCode.UP:
+				case $.ui.keyCode.RIGHT:
+				case $.ui.keyCode.DOWN:
+				case $.ui.keyCode.LEFT:
+					event.preventDefault();
+					if ( !this._keySliding ) {
+						this._keySliding = true;
+						$( event.target ).addClass( "ui-state-active" );
+						allowed = this._start( event, index );
+						if ( allowed === false ) {
+							return;
+						}
+					}
+					break;
+			}
+
+			step = this.options.step;
+			if ( this.options.values && this.options.values.length ) {
+				curVal = newVal = this.values( index );
+			} else {
+				curVal = newVal = this.value();
+			}
+
+			switch ( event.keyCode ) {
+				case $.ui.keyCode.HOME:
+					newVal = this._valueMin();
+					break;
+				case $.ui.keyCode.END:
+					newVal = this._valueMax();
+					break;
+				case $.ui.keyCode.PAGE_UP:
+					newVal = this._trimAlignValue( curVal + ( (this._valueMax() - this._valueMin()) / numPages ) );
+					break;
+				case $.ui.keyCode.PAGE_DOWN:
+					newVal = this._trimAlignValue( curVal - ( (this._valueMax() - this._valueMin()) / numPages ) );
+					break;
+				case $.ui.keyCode.UP:
+				case $.ui.keyCode.RIGHT:
+					if ( curVal === this._valueMax() ) {
+						return;
+					}
+					newVal = this._trimAlignValue( curVal + step );
+					break;
+				case $.ui.keyCode.DOWN:
+				case $.ui.keyCode.LEFT:
+					if ( curVal === this._valueMin() ) {
+						return;
+					}
+					newVal = this._trimAlignValue( curVal - step );
+					break;
+			}
+
+			this._slide( event, index, newVal );
+		},
+		click: function( event ) {
+			event.preventDefault();
+		},
+		keyup: function( event ) {
+			var index = $( event.target ).data( "ui-slider-handle-index" );
+
+			if ( this._keySliding ) {
+				this._keySliding = false;
+				this._stop( event, index );
+				this._change( event, index );
+				$( event.target ).removeClass( "ui-state-active" );
+			}
+		}
+	}
+
+});
+
+}(jQuery));
+(function($, undefined) {
+
+var dataSpace = "ui-effects-";
+
+$.effects = {
+	effect: {}
+};
+
+/*!
+ * jQuery Color Animations v2.1.2
+ * https://github.com/jquery/jquery-color
+ *
+ * Copyright 2013 jQuery Foundation and other contributors
+ * Released under the MIT license.
+ * http://jquery.org/license
+ *
+ * Date: Wed Jan 16 08:47:09 2013 -0600
+ */
+(function( jQuery, undefined ) {
+
+	var stepHooks = "backgroundColor borderBottomColor borderLeftColor borderRightColor borderTopColor color columnRuleColor outlineColor textDecorationColor textEmphasisColor",
+
+	// plusequals test for += 100 -= 100
+	rplusequals = /^([\-+])=\s*(\d+\.?\d*)/,
+	// a set of RE's that can match strings and generate color tuples.
+	stringParsers = [{
+			re: /rgba?\(\s*(\d{1,3})\s*,\s*(\d{1,3})\s*,\s*(\d{1,3})\s*(?:,\s*(\d?(?:\.\d+)?)\s*)?\)/,
+			parse: function( execResult ) {
+				return [
+					execResult[ 1 ],
+					execResult[ 2 ],
+					execResult[ 3 ],
+					execResult[ 4 ]
+				];
+			}
+		}, {
+			re: /rgba?\(\s*(\d+(?:\.\d+)?)\%\s*,\s*(\d+(?:\.\d+)?)\%\s*,\s*(\d+(?:\.\d+)?)\%\s*(?:,\s*(\d?(?:\.\d+)?)\s*)?\)/,
+			parse: function( execResult ) {
+				return [
+					execResult[ 1 ] * 2.55,
+					execResult[ 2 ] * 2.55,
+					execResult[ 3 ] * 2.55,
+					execResult[ 4 ]
+				];
+			}
+		}, {
+			// this regex ignores A-F because it's compared against an already lowercased string
+			re: /#([a-f0-9]{2})([a-f0-9]{2})([a-f0-9]{2})/,
+			parse: function( execResult ) {
+				return [
+					parseInt( execResult[ 1 ], 16 ),
+					parseInt( execResult[ 2 ], 16 ),
+					parseInt( execResult[ 3 ], 16 )
+				];
+			}
+		}, {
+			// this regex ignores A-F because it's compared against an already lowercased string
+			re: /#([a-f0-9])([a-f0-9])([a-f0-9])/,
+			parse: function( execResult ) {
+				return [
+					parseInt( execResult[ 1 ] + execResult[ 1 ], 16 ),
+					parseInt( execResult[ 2 ] + execResult[ 2 ], 16 ),
+					parseInt( execResult[ 3 ] + execResult[ 3 ], 16 )
+				];
+			}
+		}, {
+			re: /hsla?\(\s*(\d+(?:\.\d+)?)\s*,\s*(\d+(?:\.\d+)?)\%\s*,\s*(\d+(?:\.\d+)?)\%\s*(?:,\s*(\d?(?:\.\d+)?)\s*)?\)/,
+			space: "hsla",
+			parse: function( execResult ) {
+				return [
+					execResult[ 1 ],
+					execResult[ 2 ] / 100,
+					execResult[ 3 ] / 100,
+					execResult[ 4 ]
+				];
+			}
+		}],
+
+	// jQuery.Color( )
+	color = jQuery.Color = function( color, green, blue, alpha ) {
+		return new jQuery.Color.fn.parse( color, green, blue, alpha );
+	},
+	spaces = {
+		rgba: {
+			props: {
+				red: {
+					idx: 0,
+					type: "byte"
+				},
+				green: {
+					idx: 1,
+					type: "byte"
+				},
+				blue: {
+					idx: 2,
+					type: "byte"
+				}
+			}
+		},
+
+		hsla: {
+			props: {
+				hue: {
+					idx: 0,
+					type: "degrees"
+				},
+				saturation: {
+					idx: 1,
+					type: "percent"
+				},
+				lightness: {
+					idx: 2,
+					type: "percent"
+				}
+			}
+		}
+	},
+	propTypes = {
+		"byte": {
+			floor: true,
+			max: 255
+		},
+		"percent": {
+			max: 1
+		},
+		"degrees": {
+			mod: 360,
+			floor: true
+		}
+	},
+	support = color.support = {},
+
+	// element for support tests
+	supportElem = jQuery( "<p>" )[ 0 ],
+
+	// colors = jQuery.Color.names
+	colors,
+
+	// local aliases of functions called often
+	each = jQuery.each;
+
+// determine rgba support immediately
+supportElem.style.cssText = "background-color:rgba(1,1,1,.5)";
+support.rgba = supportElem.style.backgroundColor.indexOf( "rgba" ) > -1;
+
+// define cache name and alpha properties
+// for rgba and hsla spaces
+each( spaces, function( spaceName, space ) {
+	space.cache = "_" + spaceName;
+	space.props.alpha = {
+		idx: 3,
+		type: "percent",
+		def: 1
+	};
+});
+
+function clamp( value, prop, allowEmpty ) {
+	var type = propTypes[ prop.type ] || {};
+
+	if ( value == null ) {
+		return (allowEmpty || !prop.def) ? null : prop.def;
+	}
+
+	// ~~ is an short way of doing floor for positive numbers
+	value = type.floor ? ~~value : parseFloat( value );
+
+	// IE will pass in empty strings as value for alpha,
+	// which will hit this case
+	if ( isNaN( value ) ) {
+		return prop.def;
+	}
+
+	if ( type.mod ) {
+		// we add mod before modding to make sure that negatives values
+		// get converted properly: -10 -> 350
+		return (value + type.mod) % type.mod;
+	}
+
+	// for now all property types without mod have min and max
+	return 0 > value ? 0 : type.max < value ? type.max : value;
+}
+
+function stringParse( string ) {
+	var inst = color(),
+		rgba = inst._rgba = [];
+
+	string = string.toLowerCase();
+
+	each( stringParsers, function( i, parser ) {
+		var parsed,
+			match = parser.re.exec( string ),
+			values = match && parser.parse( match ),
+			spaceName = parser.space || "rgba";
+
+		if ( values ) {
+			parsed = inst[ spaceName ]( values );
+
+			// if this was an rgba parse the assignment might happen twice
+			// oh well....
+			inst[ spaces[ spaceName ].cache ] = parsed[ spaces[ spaceName ].cache ];
+			rgba = inst._rgba = parsed._rgba;
+
+			// exit each( stringParsers ) here because we matched
+			return false;
+		}
+	});
+
+	// Found a stringParser that handled it
+	if ( rgba.length ) {
+
+		// if this came from a parsed string, force "transparent" when alpha is 0
+		// chrome, (and maybe others) return "transparent" as rgba(0,0,0,0)
+		if ( rgba.join() === "0,0,0,0" ) {
+			jQuery.extend( rgba, colors.transparent );
+		}
+		return inst;
+	}
+
+	// named colors
+	return colors[ string ];
+}
+
+color.fn = jQuery.extend( color.prototype, {
+	parse: function( red, green, blue, alpha ) {
+		if ( red === undefined ) {
+			this._rgba = [ null, null, null, null ];
+			return this;
+		}
+		if ( red.jquery || red.nodeType ) {
+			red = jQuery( red ).css( green );
+			green = undefined;
+		}
+
+		var inst = this,
+			type = jQuery.type( red ),
+			rgba = this._rgba = [];
+
+		// more than 1 argument specified - assume ( red, green, blue, alpha )
+		if ( green !== undefined ) {
+			red = [ red, green, blue, alpha ];
+			type = "array";
+		}
+
+		if ( type === "string" ) {
+			return this.parse( stringParse( red ) || colors._default );
+		}
+
+		if ( type === "array" ) {
+			each( spaces.rgba.props, function( key, prop ) {
+				rgba[ prop.idx ] = clamp( red[ prop.idx ], prop );
+			});
+			return this;
+		}
+
+		if ( type === "object" ) {
+			if ( red instanceof color ) {
+				each( spaces, function( spaceName, space ) {
+					if ( red[ space.cache ] ) {
+						inst[ space.cache ] = red[ space.cache ].slice();
+					}
+				});
+			} else {
+				each( spaces, function( spaceName, space ) {
+					var cache = space.cache;
+					each( space.props, function( key, prop ) {
+
+						// if the cache doesn't exist, and we know how to convert
+						if ( !inst[ cache ] && space.to ) {
+
+							// if the value was null, we don't need to copy it
+							// if the key was alpha, we don't need to copy it either
+							if ( key === "alpha" || red[ key ] == null ) {
+								return;
+							}
+							inst[ cache ] = space.to( inst._rgba );
+						}
+
+						// this is the only case where we allow nulls for ALL properties.
+						// call clamp with alwaysAllowEmpty
+						inst[ cache ][ prop.idx ] = clamp( red[ key ], prop, true );
+					});
+
+					// everything defined but alpha?
+					if ( inst[ cache ] && jQuery.inArray( null, inst[ cache ].slice( 0, 3 ) ) < 0 ) {
+						// use the default of 1
+						inst[ cache ][ 3 ] = 1;
+						if ( space.from ) {
+							inst._rgba = space.from( inst[ cache ] );
+						}
+					}
+				});
+			}
+			return this;
+		}
+	},
+	is: function( compare ) {
+		var is = color( compare ),
+			same = true,
+			inst = this;
+
+		each( spaces, function( _, space ) {
+			var localCache,
+				isCache = is[ space.cache ];
+			if (isCache) {
+				localCache = inst[ space.cache ] || space.to && space.to( inst._rgba ) || [];
+				each( space.props, function( _, prop ) {
+					if ( isCache[ prop.idx ] != null ) {
+						same = ( isCache[ prop.idx ] === localCache[ prop.idx ] );
+						return same;
+					}
+				});
+			}
+			return same;
+		});
+		return same;
+	},
+	_space: function() {
+		var used = [],
+			inst = this;
+		each( spaces, function( spaceName, space ) {
+			if ( inst[ space.cache ] ) {
+				used.push( spaceName );
+			}
+		});
+		return used.pop();
+	},
+	transition: function( other, distance ) {
+		var end = color( other ),
+			spaceName = end._space(),
+			space = spaces[ spaceName ],
+			startColor = this.alpha() === 0 ? color( "transparent" ) : this,
+			start = startColor[ space.cache ] || space.to( startColor._rgba ),
+			result = start.slice();
+
+		end = end[ space.cache ];
+		each( space.props, function( key, prop ) {
+			var index = prop.idx,
+				startValue = start[ index ],
+				endValue = end[ index ],
+				type = propTypes[ prop.type ] || {};
+
+			// if null, don't override start value
+			if ( endValue === null ) {
+				return;
+			}
+			// if null - use end
+			if ( startValue === null ) {
+				result[ index ] = endValue;
+			} else {
+				if ( type.mod ) {
+					if ( endValue - startValue > type.mod / 2 ) {
+						startValue += type.mod;
+					} else if ( startValue - endValue > type.mod / 2 ) {
+						startValue -= type.mod;
+					}
+				}
+				result[ index ] = clamp( ( endValue - startValue ) * distance + startValue, prop );
+			}
+		});
+		return this[ spaceName ]( result );
+	},
+	blend: function( opaque ) {
+		// if we are already opaque - return ourself
+		if ( this._rgba[ 3 ] === 1 ) {
+			return this;
+		}
+
+		var rgb = this._rgba.slice(),
+			a = rgb.pop(),
+			blend = color( opaque )._rgba;
+
+		return color( jQuery.map( rgb, function( v, i ) {
+			return ( 1 - a ) * blend[ i ] + a * v;
+		}));
+	},
+	toRgbaString: function() {
+		var prefix = "rgba(",
+			rgba = jQuery.map( this._rgba, function( v, i ) {
+				return v == null ? ( i > 2 ? 1 : 0 ) : v;
+			});
+
+		if ( rgba[ 3 ] === 1 ) {
+			rgba.pop();
+			prefix = "rgb(";
+		}
+
+		return prefix + rgba.join() + ")";
+	},
+	toHslaString: function() {
+		var prefix = "hsla(",
+			hsla = jQuery.map( this.hsla(), function( v, i ) {
+				if ( v == null ) {
+					v = i > 2 ? 1 : 0;
+				}
+
+				// catch 1 and 2
+				if ( i && i < 3 ) {
+					v = Math.round( v * 100 ) + "%";
+				}
+				return v;
+			});
+
+		if ( hsla[ 3 ] === 1 ) {
+			hsla.pop();
+			prefix = "hsl(";
+		}
+		return prefix + hsla.join() + ")";
+	},
+	toHexString: function( includeAlpha ) {
+		var rgba = this._rgba.slice(),
+			alpha = rgba.pop();
+
+		if ( includeAlpha ) {
+			rgba.push( ~~( alpha * 255 ) );
+		}
+
+		return "#" + jQuery.map( rgba, function( v ) {
+
+			// default to 0 when nulls exist
+			v = ( v || 0 ).toString( 16 );
+			return v.length === 1 ? "0" + v : v;
+		}).join("");
+	},
+	toString: function() {
+		return this._rgba[ 3 ] === 0 ? "transparent" : this.toRgbaString();
+	}
+});
+color.fn.parse.prototype = color.fn;
+
+// hsla conversions adapted from:
+// https://code.google.com/p/maashaack/source/browse/packages/graphics/trunk/src/graphics/colors/HUE2RGB.as?r=5021
+
+function hue2rgb( p, q, h ) {
+	h = ( h + 1 ) % 1;
+	if ( h * 6 < 1 ) {
+		return p + (q - p) * h * 6;
+	}
+	if ( h * 2 < 1) {
+		return q;
+	}
+	if ( h * 3 < 2 ) {
+		return p + (q - p) * ((2/3) - h) * 6;
+	}
+	return p;
+}
+
+spaces.hsla.to = function ( rgba ) {
+	if ( rgba[ 0 ] == null || rgba[ 1 ] == null || rgba[ 2 ] == null ) {
+		return [ null, null, null, rgba[ 3 ] ];
+	}
+	var r = rgba[ 0 ] / 255,
+		g = rgba[ 1 ] / 255,
+		b = rgba[ 2 ] / 255,
+		a = rgba[ 3 ],
+		max = Math.max( r, g, b ),
+		min = Math.min( r, g, b ),
+		diff = max - min,
+		add = max + min,
+		l = add * 0.5,
+		h, s;
+
+	if ( min === max ) {
+		h = 0;
+	} else if ( r === max ) {
+		h = ( 60 * ( g - b ) / diff ) + 360;
+	} else if ( g === max ) {
+		h = ( 60 * ( b - r ) / diff ) + 120;
+	} else {
+		h = ( 60 * ( r - g ) / diff ) + 240;
+	}
+
+	// chroma (diff) == 0 means greyscale which, by definition, saturation = 0%
+	// otherwise, saturation is based on the ratio of chroma (diff) to lightness (add)
+	if ( diff === 0 ) {
+		s = 0;
+	} else if ( l <= 0.5 ) {
+		s = diff / add;
+	} else {
+		s = diff / ( 2 - add );
+	}
+	return [ Math.round(h) % 360, s, l, a == null ? 1 : a ];
+};
+
+spaces.hsla.from = function ( hsla ) {
+	if ( hsla[ 0 ] == null || hsla[ 1 ] == null || hsla[ 2 ] == null ) {
+		return [ null, null, null, hsla[ 3 ] ];
+	}
+	var h = hsla[ 0 ] / 360,
+		s = hsla[ 1 ],
+		l = hsla[ 2 ],
+		a = hsla[ 3 ],
+		q = l <= 0.5 ? l * ( 1 + s ) : l + s - l * s,
+		p = 2 * l - q;
+
+	return [
+		Math.round( hue2rgb( p, q, h + ( 1 / 3 ) ) * 255 ),
+		Math.round( hue2rgb( p, q, h ) * 255 ),
+		Math.round( hue2rgb( p, q, h - ( 1 / 3 ) ) * 255 ),
+		a
+	];
+};
+
+
+each( spaces, function( spaceName, space ) {
+	var props = space.props,
+		cache = space.cache,
+		to = space.to,
+		from = space.from;
+
+	// makes rgba() and hsla()
+	color.fn[ spaceName ] = function( value ) {
+
+		// generate a cache for this space if it doesn't exist
+		if ( to && !this[ cache ] ) {
+			this[ cache ] = to( this._rgba );
+		}
+		if ( value === undefined ) {
+			return this[ cache ].slice();
+		}
+
+		var ret,
+			type = jQuery.type( value ),
+			arr = ( type === "array" || type === "object" ) ? value : arguments,
+			local = this[ cache ].slice();
+
+		each( props, function( key, prop ) {
+			var val = arr[ type === "object" ? key : prop.idx ];
+			if ( val == null ) {
+				val = local[ prop.idx ];
+			}
+			local[ prop.idx ] = clamp( val, prop );
+		});
+
+		if ( from ) {
+			ret = color( from( local ) );
+			ret[ cache ] = local;
+			return ret;
+		} else {
+			return color( local );
+		}
+	};
+
+	// makes red() green() blue() alpha() hue() saturation() lightness()
+	each( props, function( key, prop ) {
+		// alpha is included in more than one space
+		if ( color.fn[ key ] ) {
+			return;
+		}
+		color.fn[ key ] = function( value ) {
+			var vtype = jQuery.type( value ),
+				fn = ( key === "alpha" ? ( this._hsla ? "hsla" : "rgba" ) : spaceName ),
+				local = this[ fn ](),
+				cur = local[ prop.idx ],
+				match;
+
+			if ( vtype === "undefined" ) {
+				return cur;
+			}
+
+			if ( vtype === "function" ) {
+				value = value.call( this, cur );
+				vtype = jQuery.type( value );
+			}
+			if ( value == null && prop.empty ) {
+				return this;
+			}
+			if ( vtype === "string" ) {
+				match = rplusequals.exec( value );
+				if ( match ) {
+					value = cur + parseFloat( match[ 2 ] ) * ( match[ 1 ] === "+" ? 1 : -1 );
+				}
+			}
+			local[ prop.idx ] = value;
+			return this[ fn ]( local );
+		};
+	});
+});
+
+// add cssHook and .fx.step function for each named hook.
+// accept a space separated string of properties
+color.hook = function( hook ) {
+	var hooks = hook.split( " " );
+	each( hooks, function( i, hook ) {
+		jQuery.cssHooks[ hook ] = {
+			set: function( elem, value ) {
+				var parsed, curElem,
+					backgroundColor = "";
+
+				if ( value !== "transparent" && ( jQuery.type( value ) !== "string" || ( parsed = stringParse( value ) ) ) ) {
+					value = color( parsed || value );
+					if ( !support.rgba && value._rgba[ 3 ] !== 1 ) {
+						curElem = hook === "backgroundColor" ? elem.parentNode : elem;
+						while (
+							(backgroundColor === "" || backgroundColor === "transparent") &&
+							curElem && curElem.style
+						) {
+							try {
+								backgroundColor = jQuery.css( curElem, "backgroundColor" );
+								curElem = curElem.parentNode;
+							} catch ( e ) {
+							}
+						}
+
+						value = value.blend( backgroundColor && backgroundColor !== "transparent" ?
+							backgroundColor :
+							"_default" );
+					}
+
+					value = value.toRgbaString();
+				}
+				try {
+					elem.style[ hook ] = value;
+				} catch( e ) {
+					// wrapped to prevent IE from throwing errors on "invalid" values like 'auto' or 'inherit'
+				}
+			}
+		};
+		jQuery.fx.step[ hook ] = function( fx ) {
+			if ( !fx.colorInit ) {
+				fx.start = color( fx.elem, hook );
+				fx.end = color( fx.end );
+				fx.colorInit = true;
+			}
+			jQuery.cssHooks[ hook ].set( fx.elem, fx.start.transition( fx.end, fx.pos ) );
+		};
+	});
+
+};
+
+color.hook( stepHooks );
+
+jQuery.cssHooks.borderColor = {
+	expand: function( value ) {
+		var expanded = {};
+
+		each( [ "Top", "Right", "Bottom", "Left" ], function( i, part ) {
+			expanded[ "border" + part + "Color" ] = value;
+		});
+		return expanded;
+	}
+};
+
+// Basic color names only.
+// Usage of any of the other color names requires adding yourself or including
+// jquery.color.svg-names.js.
+colors = jQuery.Color.names = {
+	// 4.1. Basic color keywords
+	aqua: "#00ffff",
+	black: "#000000",
+	blue: "#0000ff",
+	fuchsia: "#ff00ff",
+	gray: "#808080",
+	green: "#008000",
+	lime: "#00ff00",
+	maroon: "#800000",
+	navy: "#000080",
+	olive: "#808000",
+	purple: "#800080",
+	red: "#ff0000",
+	silver: "#c0c0c0",
+	teal: "#008080",
+	white: "#ffffff",
+	yellow: "#ffff00",
+
+	// 4.2.3. "transparent" color keyword
+	transparent: [ null, null, null, 0 ],
+
+	_default: "#ffffff"
+};
+
+})( jQuery );
+
+
+/******************************************************************************/
+/****************************** CLASS ANIMATIONS ******************************/
+/******************************************************************************/
+(function() {
+
+var classAnimationActions = [ "add", "remove", "toggle" ],
+	shorthandStyles = {
+		border: 1,
+		borderBottom: 1,
+		borderColor: 1,
+		borderLeft: 1,
+		borderRight: 1,
+		borderTop: 1,
+		borderWidth: 1,
+		margin: 1,
+		padding: 1
+	};
+
+$.each([ "borderLeftStyle", "borderRightStyle", "borderBottomStyle", "borderTopStyle" ], function( _, prop ) {
+	$.fx.step[ prop ] = function( fx ) {
+		if ( fx.end !== "none" && !fx.setAttr || fx.pos === 1 && !fx.setAttr ) {
+			jQuery.style( fx.elem, prop, fx.end );
+			fx.setAttr = true;
+		}
+	};
+});
+
+function getElementStyles( elem ) {
+	var key, len,
+		style = elem.ownerDocument.defaultView ?
+			elem.ownerDocument.defaultView.getComputedStyle( elem, null ) :
+			elem.currentStyle,
+		styles = {};
+
+	if ( style && style.length && style[ 0 ] && style[ style[ 0 ] ] ) {
+		len = style.length;
+		while ( len-- ) {
+			key = style[ len ];
+			if ( typeof style[ key ] === "string" ) {
+				styles[ $.camelCase( key ) ] = style[ key ];
+			}
+		}
+	// support: Opera, IE <9
+	} else {
+		for ( key in style ) {
+			if ( typeof style[ key ] === "string" ) {
+				styles[ key ] = style[ key ];
+			}
+		}
+	}
+
+	return styles;
+}
+
+
+function styleDifference( oldStyle, newStyle ) {
+	var diff = {},
+		name, value;
+
+	for ( name in newStyle ) {
+		value = newStyle[ name ];
+		if ( oldStyle[ name ] !== value ) {
+			if ( !shorthandStyles[ name ] ) {
+				if ( $.fx.step[ name ] || !isNaN( parseFloat( value ) ) ) {
+					diff[ name ] = value;
+				}
+			}
+		}
+	}
+
+	return diff;
+}
+
+// support: jQuery <1.8
+if ( !$.fn.addBack ) {
+	$.fn.addBack = function( selector ) {
+		return this.add( selector == null ?
+			this.prevObject : this.prevObject.filter( selector )
+		);
+	};
+}
+
+$.effects.animateClass = function( value, duration, easing, callback ) {
+	var o = $.speed( duration, easing, callback );
+
+	return this.queue( function() {
+		var animated = $( this ),
+			baseClass = animated.attr( "class" ) || "",
+			applyClassChange,
+			allAnimations = o.children ? animated.find( "*" ).addBack() : animated;
+
+		// map the animated objects to store the original styles.
+		allAnimations = allAnimations.map(function() {
+			var el = $( this );
+			return {
+				el: el,
+				start: getElementStyles( this )
+			};
+		});
+
+		// apply class change
+		applyClassChange = function() {
+			$.each( classAnimationActions, function(i, action) {
+				if ( value[ action ] ) {
+					animated[ action + "Class" ]( value[ action ] );
+				}
+			});
+		};
+		applyClassChange();
+
+		// map all animated objects again - calculate new styles and diff
+		allAnimations = allAnimations.map(function() {
+			this.end = getElementStyles( this.el[ 0 ] );
+			this.diff = styleDifference( this.start, this.end );
+			return this;
+		});
+
+		// apply original class
+		animated.attr( "class", baseClass );
+
+		// map all animated objects again - this time collecting a promise
+		allAnimations = allAnimations.map(function() {
+			var styleInfo = this,
+				dfd = $.Deferred(),
+				opts = $.extend({}, o, {
+					queue: false,
+					complete: function() {
+						dfd.resolve( styleInfo );
+					}
+				});
+
+			this.el.animate( this.diff, opts );
+			return dfd.promise();
+		});
+
+		// once all animations have completed:
+		$.when.apply( $, allAnimations.get() ).done(function() {
+
+			// set the final class
+			applyClassChange();
+
+			// for each animated element,
+			// clear all css properties that were animated
+			$.each( arguments, function() {
+				var el = this.el;
+				$.each( this.diff, function(key) {
+					el.css( key, "" );
+				});
+			});
+
+			// this is guarnteed to be there if you use jQuery.speed()
+			// it also handles dequeuing the next anim...
+			o.complete.call( animated[ 0 ] );
+		});
+	});
+};
+
+$.fn.extend({
+	addClass: (function( orig ) {
+		return function( classNames, speed, easing, callback ) {
+			return speed ?
+				$.effects.animateClass.call( this,
+					{ add: classNames }, speed, easing, callback ) :
+				orig.apply( this, arguments );
+		};
+	})( $.fn.addClass ),
+
+	removeClass: (function( orig ) {
+		return function( classNames, speed, easing, callback ) {
+			return arguments.length > 1 ?
+				$.effects.animateClass.call( this,
+					{ remove: classNames }, speed, easing, callback ) :
+				orig.apply( this, arguments );
+		};
+	})( $.fn.removeClass ),
+
+	toggleClass: (function( orig ) {
+		return function( classNames, force, speed, easing, callback ) {
+			if ( typeof force === "boolean" || force === undefined ) {
+				if ( !speed ) {
+					// without speed parameter
+					return orig.apply( this, arguments );
+				} else {
+					return $.effects.animateClass.call( this,
+						(force ? { add: classNames } : { remove: classNames }),
+						speed, easing, callback );
+				}
+			} else {
+				// without force parameter
+				return $.effects.animateClass.call( this,
+					{ toggle: classNames }, force, speed, easing );
+			}
+		};
+	})( $.fn.toggleClass ),
+
+	switchClass: function( remove, add, speed, easing, callback) {
+		return $.effects.animateClass.call( this, {
+			add: add,
+			remove: remove
+		}, speed, easing, callback );
+	}
+});
+
+})();
+
+/******************************************************************************/
+/*********************************** EFFECTS **********************************/
+/******************************************************************************/
+
+(function() {
+
+$.extend( $.effects, {
+	version: "1.10.3",
+
+	// Saves a set of properties in a data storage
+	save: function( element, set ) {
+		for( var i=0; i < set.length; i++ ) {
+			if ( set[ i ] !== null ) {
+				element.data( dataSpace + set[ i ], element[ 0 ].style[ set[ i ] ] );
+			}
+		}
+	},
+
+	// Restores a set of previously saved properties from a data storage
+	restore: function( element, set ) {
+		var val, i;
+		for( i=0; i < set.length; i++ ) {
+			if ( set[ i ] !== null ) {
+				val = element.data( dataSpace + set[ i ] );
+				// support: jQuery 1.6.2
+				// http://bugs.jquery.com/ticket/9917
+				// jQuery 1.6.2 incorrectly returns undefined for any falsy value.
+				// We can't differentiate between "" and 0 here, so we just assume
+				// empty string since it's likely to be a more common value...
+				if ( val === undefined ) {
+					val = "";
+				}
+				element.css( set[ i ], val );
+			}
+		}
+	},
+
+	setMode: function( el, mode ) {
+		if (mode === "toggle") {
+			mode = el.is( ":hidden" ) ? "show" : "hide";
+		}
+		return mode;
+	},
+
+	// Translates a [top,left] array into a baseline value
+	// this should be a little more flexible in the future to handle a string & hash
+	getBaseline: function( origin, original ) {
+		var y, x;
+		switch ( origin[ 0 ] ) {
+			case "top": y = 0; break;
+			case "middle": y = 0.5; break;
+			case "bottom": y = 1; break;
+			default: y = origin[ 0 ] / original.height;
+		}
+		switch ( origin[ 1 ] ) {
+			case "left": x = 0; break;
+			case "center": x = 0.5; break;
+			case "right": x = 1; break;
+			default: x = origin[ 1 ] / original.width;
+		}
+		return {
+			x: x,
+			y: y
+		};
+	},
+
+	// Wraps the element around a wrapper that copies position properties
+	createWrapper: function( element ) {
+
+		// if the element is already wrapped, return it
+		if ( element.parent().is( ".ui-effects-wrapper" )) {
+			return element.parent();
+		}
+
+		// wrap the element
+		var props = {
+				width: element.outerWidth(true),
+				height: element.outerHeight(true),
+				"float": element.css( "float" )
+			},
+			wrapper = $( "<div></div>" )
+				.addClass( "ui-effects-wrapper" )
+				.css({
+					fontSize: "100%",
+					background: "transparent",
+					border: "none",
+					margin: 0,
+					padding: 0
+				}),
+			// Store the size in case width/height are defined in % - Fixes #5245
+			size = {
+				width: element.width(),
+				height: element.height()
+			},
+			active = document.activeElement;
+
+		// support: Firefox
+		// Firefox incorrectly exposes anonymous content
+		// https://bugzilla.mozilla.org/show_bug.cgi?id=561664
+		try {
+			active.id;
+		} catch( e ) {
+			active = document.body;
+		}
+
+		element.wrap( wrapper );
+
+		// Fixes #7595 - Elements lose focus when wrapped.
+		if ( element[ 0 ] === active || $.contains( element[ 0 ], active ) ) {
+			$( active ).focus();
+		}
+
+		wrapper = element.parent(); //Hotfix for jQuery 1.4 since some change in wrap() seems to actually lose the reference to the wrapped element
+
+		// transfer positioning properties to the wrapper
+		if ( element.css( "position" ) === "static" ) {
+			wrapper.css({ position: "relative" });
+			element.css({ position: "relative" });
+		} else {
+			$.extend( props, {
+				position: element.css( "position" ),
+				zIndex: element.css( "z-index" )
+			});
+			$.each([ "top", "left", "bottom", "right" ], function(i, pos) {
+				props[ pos ] = element.css( pos );
+				if ( isNaN( parseInt( props[ pos ], 10 ) ) ) {
+					props[ pos ] = "auto";
+				}
+			});
+			element.css({
+				position: "relative",
+				top: 0,
+				left: 0,
+				right: "auto",
+				bottom: "auto"
+			});
+		}
+		element.css(size);
+
+		return wrapper.css( props ).show();
+	},
+
+	removeWrapper: function( element ) {
+		var active = document.activeElement;
+
+		if ( element.parent().is( ".ui-effects-wrapper" ) ) {
+			element.parent().replaceWith( element );
+
+			// Fixes #7595 - Elements lose focus when wrapped.
+			if ( element[ 0 ] === active || $.contains( element[ 0 ], active ) ) {
+				$( active ).focus();
+			}
+		}
+
+
+		return element;
+	},
+
+	setTransition: function( element, list, factor, value ) {
+		value = value || {};
+		$.each( list, function( i, x ) {
+			var unit = element.cssUnit( x );
+			if ( unit[ 0 ] > 0 ) {
+				value[ x ] = unit[ 0 ] * factor + unit[ 1 ];
+			}
+		});
+		return value;
+	}
+});
+
+// return an effect options object for the given parameters:
+function _normalizeArguments( effect, options, speed, callback ) {
+
+	// allow passing all options as the first parameter
+	if ( $.isPlainObject( effect ) ) {
+		options = effect;
+		effect = effect.effect;
+	}
+
+	// convert to an object
+	effect = { effect: effect };
+
+	// catch (effect, null, ...)
+	if ( options == null ) {
+		options = {};
+	}
+
+	// catch (effect, callback)
+	if ( $.isFunction( options ) ) {
+		callback = options;
+		speed = null;
+		options = {};
+	}
+
+	// catch (effect, speed, ?)
+	if ( typeof options === "number" || $.fx.speeds[ options ] ) {
+		callback = speed;
+		speed = options;
+		options = {};
+	}
+
+	// catch (effect, options, callback)
+	if ( $.isFunction( speed ) ) {
+		callback = speed;
+		speed = null;
+	}
+
+	// add options to effect
+	if ( options ) {
+		$.extend( effect, options );
+	}
+
+	speed = speed || options.duration;
+	effect.duration = $.fx.off ? 0 :
+		typeof speed === "number" ? speed :
+		speed in $.fx.speeds ? $.fx.speeds[ speed ] :
+		$.fx.speeds._default;
+
+	effect.complete = callback || options.complete;
+
+	return effect;
+}
+
+function standardAnimationOption( option ) {
+	// Valid standard speeds (nothing, number, named speed)
+	if ( !option || typeof option === "number" || $.fx.speeds[ option ] ) {
+		return true;
+	}
+
+	// Invalid strings - treat as "normal" speed
+	if ( typeof option === "string" && !$.effects.effect[ option ] ) {
+		return true;
+	}
+
+	// Complete callback
+	if ( $.isFunction( option ) ) {
+		return true;
+	}
+
+	// Options hash (but not naming an effect)
+	if ( typeof option === "object" && !option.effect ) {
+		return true;
+	}
+
+	// Didn't match any standard API
+	return false;
+}
+
+$.fn.extend({
+	effect: function( /* effect, options, speed, callback */ ) {
+		var args = _normalizeArguments.apply( this, arguments ),
+			mode = args.mode,
+			queue = args.queue,
+			effectMethod = $.effects.effect[ args.effect ];
+
+		if ( $.fx.off || !effectMethod ) {
+			// delegate to the original method (e.g., .show()) if possible
+			if ( mode ) {
+				return this[ mode ]( args.duration, args.complete );
+			} else {
+				return this.each( function() {
+					if ( args.complete ) {
+						args.complete.call( this );
+					}
+				});
+			}
+		}
+
+		function run( next ) {
+			var elem = $( this ),
+				complete = args.complete,
+				mode = args.mode;
+
+			function done() {
+				if ( $.isFunction( complete ) ) {
+					complete.call( elem[0] );
+				}
+				if ( $.isFunction( next ) ) {
+					next();
+				}
+			}
+
+			// If the element already has the correct final state, delegate to
+			// the core methods so the internal tracking of "olddisplay" works.
+			if ( elem.is( ":hidden" ) ? mode === "hide" : mode === "show" ) {
+				elem[ mode ]();
+				done();
+			} else {
+				effectMethod.call( elem[0], args, done );
+			}
+		}
+
+		return queue === false ? this.each( run ) : this.queue( queue || "fx", run );
+	},
+
+	show: (function( orig ) {
+		return function( option ) {
+			if ( standardAnimationOption( option ) ) {
+				return orig.apply( this, arguments );
+			} else {
+				var args = _normalizeArguments.apply( this, arguments );
+				args.mode = "show";
+				return this.effect.call( this, args );
+			}
+		};
+	})( $.fn.show ),
+
+	hide: (function( orig ) {
+		return function( option ) {
+			if ( standardAnimationOption( option ) ) {
+				return orig.apply( this, arguments );
+			} else {
+				var args = _normalizeArguments.apply( this, arguments );
+				args.mode = "hide";
+				return this.effect.call( this, args );
+			}
+		};
+	})( $.fn.hide ),
+
+	toggle: (function( orig ) {
+		return function( option ) {
+			if ( standardAnimationOption( option ) || typeof option === "boolean" ) {
+				return orig.apply( this, arguments );
+			} else {
+				var args = _normalizeArguments.apply( this, arguments );
+				args.mode = "toggle";
+				return this.effect.call( this, args );
+			}
+		};
+	})( $.fn.toggle ),
+
+	// helper functions
+	cssUnit: function(key) {
+		var style = this.css( key ),
+			val = [];
+
+		$.each( [ "em", "px", "%", "pt" ], function( i, unit ) {
+			if ( style.indexOf( unit ) > 0 ) {
+				val = [ parseFloat( style ), unit ];
+			}
+		});
+		return val;
+	}
+});
+
+})();
+
+/******************************************************************************/
+/*********************************** EASING ***********************************/
+/******************************************************************************/
+
+(function() {
+
+// based on easing equations from Robert Penner (http://www.robertpenner.com/easing)
+
+var baseEasings = {};
+
+$.each( [ "Quad", "Cubic", "Quart", "Quint", "Expo" ], function( i, name ) {
+	baseEasings[ name ] = function( p ) {
+		return Math.pow( p, i + 2 );
+	};
+});
+
+$.extend( baseEasings, {
+	Sine: function ( p ) {
+		return 1 - Math.cos( p * Math.PI / 2 );
+	},
+	Circ: function ( p ) {
+		return 1 - Math.sqrt( 1 - p * p );
+	},
+	Elastic: function( p ) {
+		return p === 0 || p === 1 ? p :
+			-Math.pow( 2, 8 * (p - 1) ) * Math.sin( ( (p - 1) * 80 - 7.5 ) * Math.PI / 15 );
+	},
+	Back: function( p ) {
+		return p * p * ( 3 * p - 2 );
+	},
+	Bounce: function ( p ) {
+		var pow2,
+			bounce = 4;
+
+		while ( p < ( ( pow2 = Math.pow( 2, --bounce ) ) - 1 ) / 11 ) {}
+		return 1 / Math.pow( 4, 3 - bounce ) - 7.5625 * Math.pow( ( pow2 * 3 - 2 ) / 22 - p, 2 );
+	}
+});
+
+$.each( baseEasings, function( name, easeIn ) {
+	$.easing[ "easeIn" + name ] = easeIn;
+	$.easing[ "easeOut" + name ] = function( p ) {
+		return 1 - easeIn( 1 - p );
+	};
+	$.easing[ "easeInOut" + name ] = function( p ) {
+		return p < 0.5 ?
+			easeIn( p * 2 ) / 2 :
+			1 - easeIn( p * -2 + 2 ) / 2;
+	};
+});
+
+})();
+
+})(jQuery);
+(function( $, undefined ) {
+
+$.effects.effect.highlight = function( o, done ) {
+	var elem = $( this ),
+		props = [ "backgroundImage", "backgroundColor", "opacity" ],
+		mode = $.effects.setMode( elem, o.mode || "show" ),
+		animation = {
+			backgroundColor: elem.css( "backgroundColor" )
+		};
+
+	if (mode === "hide") {
+		animation.opacity = 0;
+	}
+
+	$.effects.save( elem, props );
+
+	elem
+		.show()
+		.css({
+			backgroundImage: "none",
+			backgroundColor: o.color || "#ffff99"
+		})
+		.animate( animation, {
+			queue: false,
+			duration: o.duration,
+			easing: o.easing,
+			complete: function() {
+				if ( mode === "hide" ) {
+					elem.hide();
+				}
+				$.effects.restore( elem, props );
+				done();
+			}
+		});
+};
+
+})(jQuery);
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery.js
new file mode 100644
index 0000000..7971fea
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/jquery.js
@@ -0,0 +1,9184 @@
+/*!
+ * jQuery JavaScript Library v2.1.1-rc2
+ * http://jquery.com/
+ *
+ * Includes Sizzle.js
+ * http://sizzlejs.com/
+ *
+ * Copyright 2005, 2014 jQuery Foundation, Inc. and other contributors
+ * Released under the MIT license
+ * http://jquery.org/license
+ *
+ * Date: 2014-04-21T20:27Z
+ */
+
+(function( global, factory ) {
+
+	if ( typeof module === "object" && typeof module.exports === "object" ) {
+		// For CommonJS and CommonJS-like environments where a proper window is present,
+		// execute the factory and get jQuery
+		// For environments that do not inherently posses a window with a document
+		// (such as Node.js), expose a jQuery-making factory as module.exports
+		// This accentuates the need for the creation of a real window
+		// e.g. var jQuery = require("jquery")(window);
+		// See ticket #14549 for more info
+		module.exports = global.document ?
+			factory( global, true ) :
+			function( w ) {
+				if ( !w.document ) {
+					throw new Error( "jQuery requires a window with a document" );
+				}
+				return factory( w );
+			};
+	} else {
+		factory( global );
+	}
+
+// Pass this if window is not defined yet
+}(typeof window !== "undefined" ? window : this, function( window, noGlobal ) {
+
+// Can't do this because several apps including ASP.NET trace
+// the stack via arguments.caller.callee and Firefox dies if
+// you try to trace through "use strict" call chains. (#13335)
+// Support: Firefox 18+
+//
+
+var arr = [];
+
+var slice = arr.slice;
+
+var concat = arr.concat;
+
+var push = arr.push;
+
+var indexOf = arr.indexOf;
+
+var class2type = {};
+
+var toString = class2type.toString;
+
+var hasOwn = class2type.hasOwnProperty;
+
+var support = {};
+
+
+
+var
+	// Use the correct document accordingly with window argument (sandbox)
+	document = window.document,
+
+	version = "2.1.1-rc2",
+
+	// Define a local copy of jQuery
+	jQuery = function( selector, context ) {
+		// The jQuery object is actually just the init constructor 'enhanced'
+		// Need init if jQuery is called (just allow error to be thrown if not included)
+		return new jQuery.fn.init( selector, context );
+	},
+
+	// Support: Android<4.1
+	// Make sure we trim BOM and NBSP
+	rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,
+
+	// Matches dashed string for camelizing
+	rmsPrefix = /^-ms-/,
+	rdashAlpha = /-([\da-z])/gi,
+
+	// Used by jQuery.camelCase as callback to replace()
+	fcamelCase = function( all, letter ) {
+		return letter.toUpperCase();
+	};
+
+jQuery.fn = jQuery.prototype = {
+	// The current version of jQuery being used
+	jquery: version,
+
+	constructor: jQuery,
+
+	// Start with an empty selector
+	selector: "",
+
+	// The default length of a jQuery object is 0
+	length: 0,
+
+	toArray: function() {
+		return slice.call( this );
+	},
+
+	// Get the Nth element in the matched element set OR
+	// Get the whole matched element set as a clean array
+	get: function( num ) {
+		return num != null ?
+
+			// Return just the one element from the set
+			( num < 0 ? this[ num + this.length ] : this[ num ] ) :
+
+			// Return all the elements in a clean array
+			slice.call( this );
+	},
+
+	// Take an array of elements and push it onto the stack
+	// (returning the new matched element set)
+	pushStack: function( elems ) {
+
+		// Build a new jQuery matched element set
+		var ret = jQuery.merge( this.constructor(), elems );
+
+		// Add the old object onto the stack (as a reference)
+		ret.prevObject = this;
+		ret.context = this.context;
+
+		// Return the newly-formed element set
+		return ret;
+	},
+
+	// Execute a callback for every element in the matched set.
+	// (You can seed the arguments with an array of args, but this is
+	// only used internally.)
+	each: function( callback, args ) {
+		return jQuery.each( this, callback, args );
+	},
+
+	map: function( callback ) {
+		return this.pushStack( jQuery.map(this, function( elem, i ) {
+			return callback.call( elem, i, elem );
+		}));
+	},
+
+	slice: function() {
+		return this.pushStack( slice.apply( this, arguments ) );
+	},
+
+	first: function() {
+		return this.eq( 0 );
+	},
+
+	last: function() {
+		return this.eq( -1 );
+	},
+
+	eq: function( i ) {
+		var len = this.length,
+			j = +i + ( i < 0 ? len : 0 );
+		return this.pushStack( j >= 0 && j < len ? [ this[j] ] : [] );
+	},
+
+	end: function() {
+		return this.prevObject || this.constructor(null);
+	},
+
+	// For internal use only.
+	// Behaves like an Array's method, not like a jQuery method.
+	push: push,
+	sort: arr.sort,
+	splice: arr.splice
+};
+
+jQuery.extend = jQuery.fn.extend = function() {
+	var options, name, src, copy, copyIsArray, clone,
+		target = arguments[0] || {},
+		i = 1,
+		length = arguments.length,
+		deep = false;
+
+	// Handle a deep copy situation
+	if ( typeof target === "boolean" ) {
+		deep = target;
+
+		// skip the boolean and the target
+		target = arguments[ i ] || {};
+		i++;
+	}
+
+	// Handle case when target is a string or something (possible in deep copy)
+	if ( typeof target !== "object" && !jQuery.isFunction(target) ) {
+		target = {};
+	}
+
+	// extend jQuery itself if only one argument is passed
+	if ( i === length ) {
+		target = this;
+		i--;
+	}
+
+	for ( ; i < length; i++ ) {
+		// Only deal with non-null/undefined values
+		if ( (options = arguments[ i ]) != null ) {
+			// Extend the base object
+			for ( name in options ) {
+				src = target[ name ];
+				copy = options[ name ];
+
+				// Prevent never-ending loop
+				if ( target === copy ) {
+					continue;
+				}
+
+				// Recurse if we're merging plain objects or arrays
+				if ( deep && copy && ( jQuery.isPlainObject(copy) || (copyIsArray = jQuery.isArray(copy)) ) ) {
+					if ( copyIsArray ) {
+						copyIsArray = false;
+						clone = src && jQuery.isArray(src) ? src : [];
+
+					} else {
+						clone = src && jQuery.isPlainObject(src) ? src : {};
+					}
+
+					// Never move original objects, clone them
+					target[ name ] = jQuery.extend( deep, clone, copy );
+
+				// Don't bring in undefined values
+				} else if ( copy !== undefined ) {
+					target[ name ] = copy;
+				}
+			}
+		}
+	}
+
+	// Return the modified object
+	return target;
+};
+
+jQuery.extend({
+	// Unique for each copy of jQuery on the page
+	expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ),
+
+	// Assume jQuery is ready without the ready module
+	isReady: true,
+
+	error: function( msg ) {
+		throw new Error( msg );
+	},
+
+	noop: function() {},
+
+	// See test/unit/core.js for details concerning isFunction.
+	// Since version 1.3, DOM methods and functions like alert
+	// aren't supported. They return false on IE (#2968).
+	isFunction: function( obj ) {
+		return jQuery.type(obj) === "function";
+	},
+
+	isArray: Array.isArray,
+
+	isWindow: function( obj ) {
+		return obj != null && obj === obj.window;
+	},
+
+	isNumeric: function( obj ) {
+		// parseFloat NaNs numeric-cast false positives (null|true|false|"")
+		// ...but misinterprets leading-number strings, particularly hex literals ("0x...")
+		// subtraction forces infinities to NaN
+		return !jQuery.isArray( obj ) && obj - parseFloat( obj ) >= 0;
+	},
+
+	isPlainObject: function( obj ) {
+		// Not plain objects:
+		// - Any object or value whose internal [[Class]] property is not "[object Object]"
+		// - DOM nodes
+		// - window
+		if ( jQuery.type( obj ) !== "object" || obj.nodeType || jQuery.isWindow( obj ) ) {
+			return false;
+		}
+
+		if ( obj.constructor &&
+				!hasOwn.call( obj.constructor.prototype, "isPrototypeOf" ) ) {
+			return false;
+		}
+
+		// If the function hasn't returned already, we're confident that
+		// |obj| is a plain object, created by {} or constructed with new Object
+		return true;
+	},
+
+	isEmptyObject: function( obj ) {
+		var name;
+		for ( name in obj ) {
+			return false;
+		}
+		return true;
+	},
+
+	type: function( obj ) {
+		if ( obj == null ) {
+			return obj + "";
+		}
+		// Support: Android < 4.0, iOS < 6 (functionish RegExp)
+		return typeof obj === "object" || typeof obj === "function" ?
+			class2type[ toString.call(obj) ] || "object" :
+			typeof obj;
+	},
+
+	// Evaluates a script in a global context
+	globalEval: function( code ) {
+		var script,
+			indirect = eval;
+
+		code = jQuery.trim( code );
+
+		if ( code ) {
+			// If the code includes a valid, prologue position
+			// strict mode pragma, execute code by injecting a
+			// script tag into the document.
+			if ( code.indexOf("use strict") === 1 ) {
+				script = document.createElement("script");
+				script.text = code;
+				document.head.appendChild( script ).parentNode.removeChild( script );
+			} else {
+			// Otherwise, avoid the DOM node creation, insertion
+			// and removal by using an indirect global eval
+				indirect( code );
+			}
+		}
+	},
+
+	// Convert dashed to camelCase; used by the css and data modules
+	// Microsoft forgot to hump their vendor prefix (#9572)
+	camelCase: function( string ) {
+		return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase );
+	},
+
+	nodeName: function( elem, name ) {
+		return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase();
+	},
+
+	// args is for internal usage only
+	each: function( obj, callback, args ) {
+		var value,
+			i = 0,
+			length = obj.length,
+			isArray = isArraylike( obj );
+
+		if ( args ) {
+			if ( isArray ) {
+				for ( ; i < length; i++ ) {
+					value = callback.apply( obj[ i ], args );
+
+					if ( value === false ) {
+						break;
+					}
+				}
+			} else {
+				for ( i in obj ) {
+					value = callback.apply( obj[ i ], args );
+
+					if ( value === false ) {
+						break;
+					}
+				}
+			}
+
+		// A special, fast, case for the most common use of each
+		} else {
+			if ( isArray ) {
+				for ( ; i < length; i++ ) {
+					value = callback.call( obj[ i ], i, obj[ i ] );
+
+					if ( value === false ) {
+						break;
+					}
+				}
+			} else {
+				for ( i in obj ) {
+					value = callback.call( obj[ i ], i, obj[ i ] );
+
+					if ( value === false ) {
+						break;
+					}
+				}
+			}
+		}
+
+		return obj;
+	},
+
+	// Support: Android<4.1
+	trim: function( text ) {
+		return text == null ?
+			"" :
+			( text + "" ).replace( rtrim, "" );
+	},
+
+	// results is for internal usage only
+	makeArray: function( arr, results ) {
+		var ret = results || [];
+
+		if ( arr != null ) {
+			if ( isArraylike( Object(arr) ) ) {
+				jQuery.merge( ret,
+					typeof arr === "string" ?
+					[ arr ] : arr
+				);
+			} else {
+				push.call( ret, arr );
+			}
+		}
+
+		return ret;
+	},
+
+	inArray: function( elem, arr, i ) {
+		return arr == null ? -1 : indexOf.call( arr, elem, i );
+	},
+
+	merge: function( first, second ) {
+		var len = +second.length,
+			j = 0,
+			i = first.length;
+
+		for ( ; j < len; j++ ) {
+			first[ i++ ] = second[ j ];
+		}
+
+		first.length = i;
+
+		return first;
+	},
+
+	grep: function( elems, callback, invert ) {
+		var callbackInverse,
+			matches = [],
+			i = 0,
+			length = elems.length,
+			callbackExpect = !invert;
+
+		// Go through the array, only saving the items
+		// that pass the validator function
+		for ( ; i < length; i++ ) {
+			callbackInverse = !callback( elems[ i ], i );
+			if ( callbackInverse !== callbackExpect ) {
+				matches.push( elems[ i ] );
+			}
+		}
+
+		return matches;
+	},
+
+	// arg is for internal usage only
+	map: function( elems, callback, arg ) {
+		var value,
+			i = 0,
+			length = elems.length,
+			isArray = isArraylike( elems ),
+			ret = [];
+
+		// Go through the array, translating each of the items to their new values
+		if ( isArray ) {
+			for ( ; i < length; i++ ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+
+		// Go through every key on the object,
+		} else {
+			for ( i in elems ) {
+				value = callback( elems[ i ], i, arg );
+
+				if ( value != null ) {
+					ret.push( value );
+				}
+			}
+		}
+
+		// Flatten any nested arrays
+		return concat.apply( [], ret );
+	},
+
+	// A global GUID counter for objects
+	guid: 1,
+
+	// Bind a function to a context, optionally partially applying any
+	// arguments.
+	proxy: function( fn, context ) {
+		var tmp, args, proxy;
+
+		if ( typeof context === "string" ) {
+			tmp = fn[ context ];
+			context = fn;
+			fn = tmp;
+		}
+
+		// Quick check to determine if target is callable, in the spec
+		// this throws a TypeError, but we will just return undefined.
+		if ( !jQuery.isFunction( fn ) ) {
+			return undefined;
+		}
+
+		// Simulated bind
+		args = slice.call( arguments, 2 );
+		proxy = function() {
+			return fn.apply( context || this, args.concat( slice.call( arguments ) ) );
+		};
+
+		// Set the guid of unique handler to the same of original handler, so it can be removed
+		proxy.guid = fn.guid = fn.guid || jQuery.guid++;
+
+		return proxy;
+	},
+
+	now: Date.now,
+
+	// jQuery.support is not used in Core but other projects attach their
+	// properties to it so it needs to exist.
+	support: support
+});
+
+// Populate the class2type map
+jQuery.each("Boolean Number String Function Array Date RegExp Object Error".split(" "), function(i, name) {
+	class2type[ "[object " + name + "]" ] = name.toLowerCase();
+});
+
+function isArraylike( obj ) {
+	var length = obj.length,
+		type = jQuery.type( obj );
+
+	if ( type === "function" || jQuery.isWindow( obj ) ) {
+		return false;
+	}
+
+	if ( obj.nodeType === 1 && length ) {
+		return true;
+	}
+
+	return type === "array" || length === 0 ||
+		typeof length === "number" && length > 0 && ( length - 1 ) in obj;
+}
+var Sizzle =
+/*!
+ * Sizzle CSS Selector Engine v1.10.19
+ * http://sizzlejs.com/
+ *
+ * Copyright 2013 jQuery Foundation, Inc. and other contributors
+ * Released under the MIT license
+ * http://jquery.org/license
+ *
+ * Date: 2014-04-18
+ */
+(function( window ) {
+
+var i,
+	support,
+	Expr,
+	getText,
+	isXML,
+	tokenize,
+	compile,
+	select,
+	outermostContext,
+	sortInput,
+	hasDuplicate,
+
+	// Local document vars
+	setDocument,
+	document,
+	docElem,
+	documentIsHTML,
+	rbuggyQSA,
+	rbuggyMatches,
+	matches,
+	contains,
+
+	// Instance-specific data
+	expando = "sizzle" + -(new Date()),
+	preferredDoc = window.document,
+	dirruns = 0,
+	done = 0,
+	classCache = createCache(),
+	tokenCache = createCache(),
+	compilerCache = createCache(),
+	sortOrder = function( a, b ) {
+		if ( a === b ) {
+			hasDuplicate = true;
+		}
+		return 0;
+	},
+
+	// General-purpose constants
+	strundefined = typeof undefined,
+	MAX_NEGATIVE = 1 << 31,
+
+	// Instance methods
+	hasOwn = ({}).hasOwnProperty,
+	arr = [],
+	pop = arr.pop,
+	push_native = arr.push,
+	push = arr.push,
+	slice = arr.slice,
+	// Use a stripped-down indexOf if we can't use a native one
+	indexOf = arr.indexOf || function( elem ) {
+		var i = 0,
+			len = this.length;
+		for ( ; i < len; i++ ) {
+			if ( this[i] === elem ) {
+				return i;
+			}
+		}
+		return -1;
+	},
+
+	booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",
+
+	// Regular expressions
+
+	// Whitespace characters http://www.w3.org/TR/css3-selectors/#whitespace
+	whitespace = "[\\x20\\t\\r\\n\\f]",
+	// http://www.w3.org/TR/css3-syntax/#characters
+	characterEncoding = "(?:\\\\.|[\\w-]|[^\\x00-\\xa0])+",
+
+	// Loosely modeled on CSS identifier characters
+	// An unquoted value should be a CSS identifier http://www.w3.org/TR/css3-selectors/#attribute-selectors
+	// Proper syntax: http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier
+	identifier = characterEncoding.replace( "w", "w#" ),
+
+	// Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors
+	attributes = "\\[" + whitespace + "*(" + characterEncoding + ")(?:" + whitespace +
+		// Operator (capture 2)
+		"*([*^$|!~]?=)" + whitespace +
+		// "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]"
+		"*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace +
+		"*\\]",
+
+	pseudos = ":(" + characterEncoding + ")(?:\\((" +
+		// To reduce the number of selectors needing tokenize in the preFilter, prefer arguments:
+		// 1. quoted (capture 3; capture 4 or capture 5)
+		"('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" +
+		// 2. simple (capture 6)
+		"((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" +
+		// 3. anything else (capture 2)
+		".*" +
+		")\\)|)",
+
+	// Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter
+	rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ),
+
+	rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ),
+	rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ),
+
+	rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ),
+
+	rpseudo = new RegExp( pseudos ),
+	ridentifier = new RegExp( "^" + identifier + "$" ),
+
+	matchExpr = {
+		"ID": new RegExp( "^#(" + characterEncoding + ")" ),
+		"CLASS": new RegExp( "^\\.(" + characterEncoding + ")" ),
+		"TAG": new RegExp( "^(" + characterEncoding.replace( "w", "w*" ) + ")" ),
+		"ATTR": new RegExp( "^" + attributes ),
+		"PSEUDO": new RegExp( "^" + pseudos ),
+		"CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace +
+			"*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace +
+			"*(\\d+)|))" + whitespace + "*\\)|)", "i" ),
+		"bool": new RegExp( "^(?:" + booleans + ")$", "i" ),
+		// For use in libraries implementing .is()
+		// We use this for POS matching in `select`
+		"needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" +
+			whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" )
+	},
+
+	rinputs = /^(?:input|select|textarea|button)$/i,
+	rheader = /^h\d$/i,
+
+	rnative = /^[^{]+\{\s*\[native \w/,
+
+	// Easily-parseable/retrievable ID or TAG or CLASS selectors
+	rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,
+
+	rsibling = /[+~]/,
+	rescape = /'|\\/g,
+
+	// CSS escapes http://www.w3.org/TR/CSS21/syndata.html#escaped-characters
+	runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ),
+	funescape = function( _, escaped, escapedWhitespace ) {
+		var high = "0x" + escaped - 0x10000;
+		// NaN means non-codepoint
+		// Support: Firefox<24
+		// Workaround erroneous numeric interpretation of +"0x"
+		return high !== high || escapedWhitespace ?
+			escaped :
+			high < 0 ?
+				// BMP codepoint
+				String.fromCharCode( high + 0x10000 ) :
+				// Supplemental Plane codepoint (surrogate pair)
+				String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 );
+	};
+
+// Optimize for push.apply( _, NodeList )
+try {
+	push.apply(
+		(arr = slice.call( preferredDoc.childNodes )),
+		preferredDoc.childNodes
+	);
+	// Support: Android<4.0
+	// Detect silently failing push.apply
+	arr[ preferredDoc.childNodes.length ].nodeType;
+} catch ( e ) {
+	push = { apply: arr.length ?
+
+		// Leverage slice if possible
+		function( target, els ) {
+			push_native.apply( target, slice.call(els) );
+		} :
+
+		// Support: IE<9
+		// Otherwise append directly
+		function( target, els ) {
+			var j = target.length,
+				i = 0;
+			// Can't trust NodeList.length
+			while ( (target[j++] = els[i++]) ) {}
+			target.length = j - 1;
+		}
+	};
+}
+
+function Sizzle( selector, context, results, seed ) {
+	var match, elem, m, nodeType,
+		// QSA vars
+		i, groups, old, nid, newContext, newSelector;
+
+	if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) {
+		setDocument( context );
+	}
+
+	context = context || document;
+	results = results || [];
+
+	if ( !selector || typeof selector !== "string" ) {
+		return results;
+	}
+
+	if ( (nodeType = context.nodeType) !== 1 && nodeType !== 9 ) {
+		return [];
+	}
+
+	if ( documentIsHTML && !seed ) {
+
+		// Shortcuts
+		if ( (match = rquickExpr.exec( selector )) ) {
+			// Speed-up: Sizzle("#ID")
+			if ( (m = match[1]) ) {
+				if ( nodeType === 9 ) {
+					elem = context.getElementById( m );
+					// Check parentNode to catch when Blackberry 4.6 returns
+					// nodes that are no longer in the document (jQuery #6963)
+					if ( elem && elem.parentNode ) {
+						// Handle the case where IE, Opera, and Webkit return items
+						// by name instead of ID
+						if ( elem.id === m ) {
+							results.push( elem );
+							return results;
+						}
+					} else {
+						return results;
+					}
+				} else {
+					// Context is not a document
+					if ( context.ownerDocument && (elem = context.ownerDocument.getElementById( m )) &&
+						contains( context, elem ) && elem.id === m ) {
+						results.push( elem );
+						return results;
+					}
+				}
+
+			// Speed-up: Sizzle("TAG")
+			} else if ( match[2] ) {
+				push.apply( results, context.getElementsByTagName( selector ) );
+				return results;
+
+			// Speed-up: Sizzle(".CLASS")
+			} else if ( (m = match[3]) && support.getElementsByClassName && context.getElementsByClassName ) {
+				push.apply( results, context.getElementsByClassName( m ) );
+				return results;
+			}
+		}
+
+		// QSA path
+		if ( support.qsa && (!rbuggyQSA || !rbuggyQSA.test( selector )) ) {
+			nid = old = expando;
+			newContext = context;
+			newSelector = nodeType === 9 && selector;
+
+			// qSA works strangely on Element-rooted queries
+			// We can work around this by specifying an extra ID on the root
+			// and working up from there (Thanks to Andrew Dupont for the technique)
+			// IE 8 doesn't work on object elements
+			if ( nodeType === 1 && context.nodeName.toLowerCase() !== "object" ) {
+				groups = tokenize( selector );
+
+				if ( (old = context.getAttribute("id")) ) {
+					nid = old.replace( rescape, "\\$&" );
+				} else {
+					context.setAttribute( "id", nid );
+				}
+				nid = "[id='" + nid + "'] ";
+
+				i = groups.length;
+				while ( i-- ) {
+					groups[i] = nid + toSelector( groups[i] );
+				}
+				newContext = rsibling.test( selector ) && testContext( context.parentNode ) || context;
+				newSelector = groups.join(",");
+			}
+
+			if ( newSelector ) {
+				try {
+					push.apply( results,
+						newContext.querySelectorAll( newSelector )
+					);
+					return results;
+				} catch(qsaError) {
+				} finally {
+					if ( !old ) {
+						context.removeAttribute("id");
+					}
+				}
+			}
+		}
+	}
+
+	// All others
+	return select( selector.replace( rtrim, "$1" ), context, results, seed );
+}
+
+/**
+ * Create key-value caches of limited size
+ * @returns {Function(string, Object)} Returns the Object data after storing it on itself with
+ *	property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength)
+ *	deleting the oldest entry
+ */
+function createCache() {
+	var keys = [];
+
+	function cache( key, value ) {
+		// Use (key + " ") to avoid collision with native prototype properties (see Issue #157)
+		if ( keys.push( key + " " ) > Expr.cacheLength ) {
+			// Only keep the most recent entries
+			delete cache[ keys.shift() ];
+		}
+		return (cache[ key + " " ] = value);
+	}
+	return cache;
+}
+
+/**
+ * Mark a function for special use by Sizzle
+ * @param {Function} fn The function to mark
+ */
+function markFunction( fn ) {
+	fn[ expando ] = true;
+	return fn;
+}
+
+/**
+ * Support testing using an element
+ * @param {Function} fn Passed the created div and expects a boolean result
+ */
+function assert( fn ) {
+	var div = document.createElement("div");
+
+	try {
+		return !!fn( div );
+	} catch (e) {
+		return false;
+	} finally {
+		// Remove from its parent by default
+		if ( div.parentNode ) {
+			div.parentNode.removeChild( div );
+		}
+		// release memory in IE
+		div = null;
+	}
+}
+
+/**
+ * Adds the same handler for all of the specified attrs
+ * @param {String} attrs Pipe-separated list of attributes
+ * @param {Function} handler The method that will be applied
+ */
+function addHandle( attrs, handler ) {
+	var arr = attrs.split("|"),
+		i = attrs.length;
+
+	while ( i-- ) {
+		Expr.attrHandle[ arr[i] ] = handler;
+	}
+}
+
+/**
+ * Checks document order of two siblings
+ * @param {Element} a
+ * @param {Element} b
+ * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b
+ */
+function siblingCheck( a, b ) {
+	var cur = b && a,
+		diff = cur && a.nodeType === 1 && b.nodeType === 1 &&
+			( ~b.sourceIndex || MAX_NEGATIVE ) -
+			( ~a.sourceIndex || MAX_NEGATIVE );
+
+	// Use IE sourceIndex if available on both nodes
+	if ( diff ) {
+		return diff;
+	}
+
+	// Check if b follows a
+	if ( cur ) {
+		while ( (cur = cur.nextSibling) ) {
+			if ( cur === b ) {
+				return -1;
+			}
+		}
+	}
+
+	return a ? 1 : -1;
+}
+
+/**
+ * Returns a function to use in pseudos for input types
+ * @param {String} type
+ */
+function createInputPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return name === "input" && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for buttons
+ * @param {String} type
+ */
+function createButtonPseudo( type ) {
+	return function( elem ) {
+		var name = elem.nodeName.toLowerCase();
+		return (name === "input" || name === "button") && elem.type === type;
+	};
+}
+
+/**
+ * Returns a function to use in pseudos for positionals
+ * @param {Function} fn
+ */
+function createPositionalPseudo( fn ) {
+	return markFunction(function( argument ) {
+		argument = +argument;
+		return markFunction(function( seed, matches ) {
+			var j,
+				matchIndexes = fn( [], seed.length, argument ),
+				i = matchIndexes.length;
+
+			// Match elements found at the specified indexes
+			while ( i-- ) {
+				if ( seed[ (j = matchIndexes[i]) ] ) {
+					seed[j] = !(matches[j] = seed[j]);
+				}
+			}
+		});
+	});
+}
+
+/**
+ * Checks a node for validity as a Sizzle context
+ * @param {Element|Object=} context
+ * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value
+ */
+function testContext( context ) {
+	return context && typeof context.getElementsByTagName !== strundefined && context;
+}
+
+// Expose support vars for convenience
+support = Sizzle.support = {};
+
+/**
+ * Detects XML nodes
+ * @param {Element|Object} elem An element or a document
+ * @returns {Boolean} True iff elem is a non-HTML XML node
+ */
+isXML = Sizzle.isXML = function( elem ) {
+	// documentElement is verified for cases where it doesn't yet exist
+	// (such as loading iframes in IE - #4833)
+	var documentElement = elem && (elem.ownerDocument || elem).documentElement;
+	return documentElement ? documentElement.nodeName !== "HTML" : false;
+};
+
+/**
+ * Sets document-related variables once based on the current document
+ * @param {Element|Object} [doc] An element or document object to use to set the document
+ * @returns {Object} Returns the current document
+ */
+setDocument = Sizzle.setDocument = function( node ) {
+	var hasCompare,
+		doc = node ? node.ownerDocument || node : preferredDoc,
+		parent = doc.defaultView;
+
+	// If no document and documentElement is available, return
+	if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) {
+		return document;
+	}
+
+	// Set our document
+	document = doc;
+	docElem = doc.documentElement;
+
+	// Support tests
+	documentIsHTML = !isXML( doc );
+
+	// Support: IE>8
+	// If iframe document is assigned to "document" variable and if iframe has been reloaded,
+	// IE will throw "permission denied" error when accessing "document" variable, see jQuery #13936
+	// IE6-8 do not support the defaultView property so parent will be undefined
+	if ( parent && parent !== parent.top ) {
+		// IE11 does not have attachEvent, so all must suffer
+		if ( parent.addEventListener ) {
+			parent.addEventListener( "unload", function() {
+				setDocument();
+			}, false );
+		} else if ( parent.attachEvent ) {
+			parent.attachEvent( "onunload", function() {
+				setDocument();
+			});
+		}
+	}
+
+	/* Attributes
+	---------------------------------------------------------------------- */
+
+	// Support: IE<8
+	// Verify that getAttribute really returns attributes and not properties (excepting IE8 booleans)
+	support.attributes = assert(function( div ) {
+		div.className = "i";
+		return !div.getAttribute("className");
+	});
+
+	/* getElement(s)By*
+	---------------------------------------------------------------------- */
+
+	// Check if getElementsByTagName("*") returns only elements
+	support.getElementsByTagName = assert(function( div ) {
+		div.appendChild( doc.createComment("") );
+		return !div.getElementsByTagName("*").length;
+	});
+
+	// Check if getElementsByClassName can be trusted
+	support.getElementsByClassName = rnative.test( doc.getElementsByClassName ) && assert(function( div ) {
+		div.innerHTML = "<div class='a'></div><div class='a i'></div>";
+
+		// Support: Safari<4
+		// Catch class over-caching
+		div.firstChild.className = "i";
+		// Support: Opera<10
+		// Catch gEBCN failure to find non-leading classes
+		return div.getElementsByClassName("i").length === 2;
+	});
+
+	// Support: IE<10
+	// Check if getElementById returns elements by name
+	// The broken getElementById methods don't pick up programatically-set names,
+	// so use a roundabout getElementsByName test
+	support.getById = assert(function( div ) {
+		docElem.appendChild( div ).id = expando;
+		return !doc.getElementsByName || !doc.getElementsByName( expando ).length;
+	});
+
+	// ID find and filter
+	if ( support.getById ) {
+		Expr.find["ID"] = function( id, context ) {
+			if ( typeof context.getElementById !== strundefined && documentIsHTML ) {
+				var m = context.getElementById( id );
+				// Check parentNode to catch when Blackberry 4.6 returns
+				// nodes that are no longer in the document #6963
+				return m && m.parentNode ? [ m ] : [];
+			}
+		};
+		Expr.filter["ID"] = function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				return elem.getAttribute("id") === attrId;
+			};
+		};
+	} else {
+		// Support: IE6/7
+		// getElementById is not reliable as a find shortcut
+		delete Expr.find["ID"];
+
+		Expr.filter["ID"] =  function( id ) {
+			var attrId = id.replace( runescape, funescape );
+			return function( elem ) {
+				var node = typeof elem.getAttributeNode !== strundefined && elem.getAttributeNode("id");
+				return node && node.value === attrId;
+			};
+		};
+	}
+
+	// Tag
+	Expr.find["TAG"] = support.getElementsByTagName ?
+		function( tag, context ) {
+			if ( typeof context.getElementsByTagName !== strundefined ) {
+				return context.getElementsByTagName( tag );
+			}
+		} :
+		function( tag, context ) {
+			var elem,
+				tmp = [],
+				i = 0,
+				results = context.getElementsByTagName( tag );
+
+			// Filter out possible comments
+			if ( tag === "*" ) {
+				while ( (elem = results[i++]) ) {
+					if ( elem.nodeType === 1 ) {
+						tmp.push( elem );
+					}
+				}
+
+				return tmp;
+			}
+			return results;
+		};
+
+	// Class
+	Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) {
+		if ( typeof context.getElementsByClassName !== strundefined && documentIsHTML ) {
+			return context.getElementsByClassName( className );
+		}
+	};
+
+	/* QSA/matchesSelector
+	---------------------------------------------------------------------- */
+
+	// QSA and matchesSelector support
+
+	// matchesSelector(:active) reports false when true (IE9/Opera 11.5)
+	rbuggyMatches = [];
+
+	// qSa(:focus) reports false when true (Chrome 21)
+	// We allow this because of a bug in IE8/9 that throws an error
+	// whenever `document.activeElement` is accessed on an iframe
+	// So, we allow :focus to pass through QSA all the time to avoid the IE error
+	// See http://bugs.jquery.com/ticket/13378
+	rbuggyQSA = [];
+
+	if ( (support.qsa = rnative.test( doc.querySelectorAll )) ) {
+		// Build QSA regex
+		// Regex strategy adopted from Diego Perini
+		assert(function( div ) {
+			// Select is set to empty string on purpose
+			// This is to test IE's treatment of not explicitly
+			// setting a boolean content attribute,
+			// since its presence should be enough
+			// http://bugs.jquery.com/ticket/12359
+			div.innerHTML = "<select msallowclip=''><option selected=''></option></select>";
+
+			// Support: IE8, Opera 11-12.16
+			// Nothing should be selected when empty strings follow ^= or $= or *=
+			// The test attribute must be unknown in Opera but "safe" for WinRT
+			// http://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section
+			if ( div.querySelectorAll("[msallowclip^='']").length ) {
+				rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" );
+			}
+
+			// Support: IE8
+			// Boolean attributes and "value" are not treated correctly
+			if ( !div.querySelectorAll("[selected]").length ) {
+				rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" );
+			}
+
+			// Webkit/Opera - :checked should return selected option elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			// IE8 throws error here and will not see later tests
+			if ( !div.querySelectorAll(":checked").length ) {
+				rbuggyQSA.push(":checked");
+			}
+		});
+
+		assert(function( div ) {
+			// Support: Windows 8 Native Apps
+			// The type and name attributes are restricted during .innerHTML assignment
+			var input = doc.createElement("input");
+			input.setAttribute( "type", "hidden" );
+			div.appendChild( input ).setAttribute( "name", "D" );
+
+			// Support: IE8
+			// Enforce case-sensitivity of name attribute
+			if ( div.querySelectorAll("[name=d]").length ) {
+				rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" );
+			}
+
+			// FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled)
+			// IE8 throws error here and will not see later tests
+			if ( !div.querySelectorAll(":enabled").length ) {
+				rbuggyQSA.push( ":enabled", ":disabled" );
+			}
+
+			// Opera 10-11 does not throw on post-comma invalid pseudos
+			div.querySelectorAll("*,:x");
+			rbuggyQSA.push(",.*:");
+		});
+	}
+
+	if ( (support.matchesSelector = rnative.test( (matches = docElem.matches ||
+		docElem.webkitMatchesSelector ||
+		docElem.mozMatchesSelector ||
+		docElem.oMatchesSelector ||
+		docElem.msMatchesSelector) )) ) {
+
+		assert(function( div ) {
+			// Check to see if it's possible to do matchesSelector
+			// on a disconnected node (IE 9)
+			support.disconnectedMatch = matches.call( div, "div" );
+
+			// This should fail with an exception
+			// Gecko does not error, returns false instead
+			matches.call( div, "[s!='']:x" );
+			rbuggyMatches.push( "!=", pseudos );
+		});
+	}
+
+	rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") );
+	rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") );
+
+	/* Contains
+	---------------------------------------------------------------------- */
+	hasCompare = rnative.test( docElem.compareDocumentPosition );
+
+	// Element contains another
+	// Purposefully does not implement inclusive descendent
+	// As in, an element does not contain itself
+	contains = hasCompare || rnative.test( docElem.contains ) ?
+		function( a, b ) {
+			var adown = a.nodeType === 9 ? a.documentElement : a,
+				bup = b && b.parentNode;
+			return a === bup || !!( bup && bup.nodeType === 1 && (
+				adown.contains ?
+					adown.contains( bup ) :
+					a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16
+			));
+		} :
+		function( a, b ) {
+			if ( b ) {
+				while ( (b = b.parentNode) ) {
+					if ( b === a ) {
+						return true;
+					}
+				}
+			}
+			return false;
+		};
+
+	/* Sorting
+	---------------------------------------------------------------------- */
+
+	// Document order sorting
+	sortOrder = hasCompare ?
+	function( a, b ) {
+
+		// Flag for duplicate removal
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		// Sort on method existence if only one input has compareDocumentPosition
+		var compare = !a.compareDocumentPosition - !b.compareDocumentPosition;
+		if ( compare ) {
+			return compare;
+		}
+
+		// Calculate position if both inputs belong to the same document
+		compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ?
+			a.compareDocumentPosition( b ) :
+
+			// Otherwise we know they are disconnected
+			1;
+
+		// Disconnected nodes
+		if ( compare & 1 ||
+			(!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) {
+
+			// Choose the first element that is related to our preferred document
+			if ( a === doc || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) {
+				return -1;
+			}
+			if ( b === doc || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) {
+				return 1;
+			}
+
+			// Maintain original order
+			return sortInput ?
+				( indexOf.call( sortInput, a ) - indexOf.call( sortInput, b ) ) :
+				0;
+		}
+
+		return compare & 4 ? -1 : 1;
+	} :
+	function( a, b ) {
+		// Exit early if the nodes are identical
+		if ( a === b ) {
+			hasDuplicate = true;
+			return 0;
+		}
+
+		var cur,
+			i = 0,
+			aup = a.parentNode,
+			bup = b.parentNode,
+			ap = [ a ],
+			bp = [ b ];
+
+		// Parentless nodes are either documents or disconnected
+		if ( !aup || !bup ) {
+			return a === doc ? -1 :
+				b === doc ? 1 :
+				aup ? -1 :
+				bup ? 1 :
+				sortInput ?
+				( indexOf.call( sortInput, a ) - indexOf.call( sortInput, b ) ) :
+				0;
+
+		// If the nodes are siblings, we can do a quick check
+		} else if ( aup === bup ) {
+			return siblingCheck( a, b );
+		}
+
+		// Otherwise we need full lists of their ancestors for comparison
+		cur = a;
+		while ( (cur = cur.parentNode) ) {
+			ap.unshift( cur );
+		}
+		cur = b;
+		while ( (cur = cur.parentNode) ) {
+			bp.unshift( cur );
+		}
+
+		// Walk down the tree looking for a discrepancy
+		while ( ap[i] === bp[i] ) {
+			i++;
+		}
+
+		return i ?
+			// Do a sibling check if the nodes have a common ancestor
+			siblingCheck( ap[i], bp[i] ) :
+
+			// Otherwise nodes in our document sort first
+			ap[i] === preferredDoc ? -1 :
+			bp[i] === preferredDoc ? 1 :
+			0;
+	};
+
+	return doc;
+};
+
+Sizzle.matches = function( expr, elements ) {
+	return Sizzle( expr, null, null, elements );
+};
+
+Sizzle.matchesSelector = function( elem, expr ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	// Make sure that attribute selectors are quoted
+	expr = expr.replace( rattributeQuotes, "='$1']" );
+
+	if ( support.matchesSelector && documentIsHTML &&
+		( !rbuggyMatches || !rbuggyMatches.test( expr ) ) &&
+		( !rbuggyQSA     || !rbuggyQSA.test( expr ) ) ) {
+
+		try {
+			var ret = matches.call( elem, expr );
+
+			// IE 9's matchesSelector returns false on disconnected nodes
+			if ( ret || support.disconnectedMatch ||
+					// As well, disconnected nodes are said to be in a document
+					// fragment in IE 9
+					elem.document && elem.document.nodeType !== 11 ) {
+				return ret;
+			}
+		} catch(e) {}
+	}
+
+	return Sizzle( expr, document, null, [ elem ] ).length > 0;
+};
+
+Sizzle.contains = function( context, elem ) {
+	// Set document vars if needed
+	if ( ( context.ownerDocument || context ) !== document ) {
+		setDocument( context );
+	}
+	return contains( context, elem );
+};
+
+Sizzle.attr = function( elem, name ) {
+	// Set document vars if needed
+	if ( ( elem.ownerDocument || elem ) !== document ) {
+		setDocument( elem );
+	}
+
+	var fn = Expr.attrHandle[ name.toLowerCase() ],
+		// Don't get fooled by Object.prototype properties (jQuery #13807)
+		val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ?
+			fn( elem, name, !documentIsHTML ) :
+			undefined;
+
+	return val !== undefined ?
+		val :
+		support.attributes || !documentIsHTML ?
+			elem.getAttribute( name ) :
+			(val = elem.getAttributeNode(name)) && val.specified ?
+				val.value :
+				null;
+};
+
+Sizzle.error = function( msg ) {
+	throw new Error( "Syntax error, unrecognized expression: " + msg );
+};
+
+/**
+ * Document sorting and removing duplicates
+ * @param {ArrayLike} results
+ */
+Sizzle.uniqueSort = function( results ) {
+	var elem,
+		duplicates = [],
+		j = 0,
+		i = 0;
+
+	// Unless we *know* we can detect duplicates, assume their presence
+	hasDuplicate = !support.detectDuplicates;
+	sortInput = !support.sortStable && results.slice( 0 );
+	results.sort( sortOrder );
+
+	if ( hasDuplicate ) {
+		while ( (elem = results[i++]) ) {
+			if ( elem === results[ i ] ) {
+				j = duplicates.push( i );
+			}
+		}
+		while ( j-- ) {
+			results.splice( duplicates[ j ], 1 );
+		}
+	}
+
+	// Clear input after sorting to release objects
+	// See https://github.com/jquery/sizzle/pull/225
+	sortInput = null;
+
+	return results;
+};
+
+/**
+ * Utility function for retrieving the text value of an array of DOM nodes
+ * @param {Array|Element} elem
+ */
+getText = Sizzle.getText = function( elem ) {
+	var node,
+		ret = "",
+		i = 0,
+		nodeType = elem.nodeType;
+
+	if ( !nodeType ) {
+		// If no nodeType, this is expected to be an array
+		while ( (node = elem[i++]) ) {
+			// Do not traverse comment nodes
+			ret += getText( node );
+		}
+	} else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) {
+		// Use textContent for elements
+		// innerText usage removed for consistency of new lines (jQuery #11153)
+		if ( typeof elem.textContent === "string" ) {
+			return elem.textContent;
+		} else {
+			// Traverse its children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				ret += getText( elem );
+			}
+		}
+	} else if ( nodeType === 3 || nodeType === 4 ) {
+		return elem.nodeValue;
+	}
+	// Do not include comment or processing instruction nodes
+
+	return ret;
+};
+
+Expr = Sizzle.selectors = {
+
+	// Can be adjusted by the user
+	cacheLength: 50,
+
+	createPseudo: markFunction,
+
+	match: matchExpr,
+
+	attrHandle: {},
+
+	find: {},
+
+	relative: {
+		">": { dir: "parentNode", first: true },
+		" ": { dir: "parentNode" },
+		"+": { dir: "previousSibling", first: true },
+		"~": { dir: "previousSibling" }
+	},
+
+	preFilter: {
+		"ATTR": function( match ) {
+			match[1] = match[1].replace( runescape, funescape );
+
+			// Move the given value to match[3] whether quoted or unquoted
+			match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape );
+
+			if ( match[2] === "~=" ) {
+				match[3] = " " + match[3] + " ";
+			}
+
+			return match.slice( 0, 4 );
+		},
+
+		"CHILD": function( match ) {
+			/* matches from matchExpr["CHILD"]
+				1 type (only|nth|...)
+				2 what (child|of-type)
+				3 argument (even|odd|\d*|\d*n([+-]\d+)?|...)
+				4 xn-component of xn+y argument ([+-]?\d*n|)
+				5 sign of xn-component
+				6 x of xn-component
+				7 sign of y-component
+				8 y of y-component
+			*/
+			match[1] = match[1].toLowerCase();
+
+			if ( match[1].slice( 0, 3 ) === "nth" ) {
+				// nth-* requires argument
+				if ( !match[3] ) {
+					Sizzle.error( match[0] );
+				}
+
+				// numeric x and y parameters for Expr.filter.CHILD
+				// remember that false/true cast respectively to 0/1
+				match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) );
+				match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" );
+
+			// other types prohibit arguments
+			} else if ( match[3] ) {
+				Sizzle.error( match[0] );
+			}
+
+			return match;
+		},
+
+		"PSEUDO": function( match ) {
+			var excess,
+				unquoted = !match[6] && match[2];
+
+			if ( matchExpr["CHILD"].test( match[0] ) ) {
+				return null;
+			}
+
+			// Accept quoted arguments as-is
+			if ( match[3] ) {
+				match[2] = match[4] || match[5] || "";
+
+			// Strip excess characters from unquoted arguments
+			} else if ( unquoted && rpseudo.test( unquoted ) &&
+				// Get excess from tokenize (recursively)
+				(excess = tokenize( unquoted, true )) &&
+				// advance to the next closing parenthesis
+				(excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) {
+
+				// excess is a negative index
+				match[0] = match[0].slice( 0, excess );
+				match[2] = unquoted.slice( 0, excess );
+			}
+
+			// Return only captures needed by the pseudo filter method (type and argument)
+			return match.slice( 0, 3 );
+		}
+	},
+
+	filter: {
+
+		"TAG": function( nodeNameSelector ) {
+			var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase();
+			return nodeNameSelector === "*" ?
+				function() { return true; } :
+				function( elem ) {
+					return elem.nodeName && elem.nodeName.toLowerCase() === nodeName;
+				};
+		},
+
+		"CLASS": function( className ) {
+			var pattern = classCache[ className + " " ];
+
+			return pattern ||
+				(pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) &&
+				classCache( className, function( elem ) {
+					return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== strundefined && elem.getAttribute("class") || "" );
+				});
+		},
+
+		"ATTR": function( name, operator, check ) {
+			return function( elem ) {
+				var result = Sizzle.attr( elem, name );
+
+				if ( result == null ) {
+					return operator === "!=";
+				}
+				if ( !operator ) {
+					return true;
+				}
+
+				result += "";
+
+				return operator === "=" ? result === check :
+					operator === "!=" ? result !== check :
+					operator === "^=" ? check && result.indexOf( check ) === 0 :
+					operator === "*=" ? check && result.indexOf( check ) > -1 :
+					operator === "$=" ? check && result.slice( -check.length ) === check :
+					operator === "~=" ? ( " " + result + " " ).indexOf( check ) > -1 :
+					operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" :
+					false;
+			};
+		},
+
+		"CHILD": function( type, what, argument, first, last ) {
+			var simple = type.slice( 0, 3 ) !== "nth",
+				forward = type.slice( -4 ) !== "last",
+				ofType = what === "of-type";
+
+			return first === 1 && last === 0 ?
+
+				// Shortcut for :nth-*(n)
+				function( elem ) {
+					return !!elem.parentNode;
+				} :
+
+				function( elem, context, xml ) {
+					var cache, outerCache, node, diff, nodeIndex, start,
+						dir = simple !== forward ? "nextSibling" : "previousSibling",
+						parent = elem.parentNode,
+						name = ofType && elem.nodeName.toLowerCase(),
+						useCache = !xml && !ofType;
+
+					if ( parent ) {
+
+						// :(first|last|only)-(child|of-type)
+						if ( simple ) {
+							while ( dir ) {
+								node = elem;
+								while ( (node = node[ dir ]) ) {
+									if ( ofType ? node.nodeName.toLowerCase() === name : node.nodeType === 1 ) {
+										return false;
+									}
+								}
+								// Reverse direction for :only-* (if we haven't yet done so)
+								start = dir = type === "only" && !start && "nextSibling";
+							}
+							return true;
+						}
+
+						start = [ forward ? parent.firstChild : parent.lastChild ];
+
+						// non-xml :nth-child(...) stores cache data on `parent`
+						if ( forward && useCache ) {
+							// Seek `elem` from a previously-cached index
+							outerCache = parent[ expando ] || (parent[ expando ] = {});
+							cache = outerCache[ type ] || [];
+							nodeIndex = cache[0] === dirruns && cache[1];
+							diff = cache[0] === dirruns && cache[2];
+							node = nodeIndex && parent.childNodes[ nodeIndex ];
+
+							while ( (node = ++nodeIndex && node && node[ dir ] ||
+
+								// Fallback to seeking `elem` from the start
+								(diff = nodeIndex = 0) || start.pop()) ) {
+
+								// When found, cache indexes on `parent` and break
+								if ( node.nodeType === 1 && ++diff && node === elem ) {
+									outerCache[ type ] = [ dirruns, nodeIndex, diff ];
+									break;
+								}
+							}
+
+						// Use previously-cached element index if available
+						} else if ( useCache && (cache = (elem[ expando ] || (elem[ expando ] = {}))[ type ]) && cache[0] === dirruns ) {
+							diff = cache[1];
+
+						// xml :nth-child(...) or :nth-last-child(...) or :nth(-last)?-of-type(...)
+						} else {
+							// Use the same loop as above to seek `elem` from the start
+							while ( (node = ++nodeIndex && node && node[ dir ] ||
+								(diff = nodeIndex = 0) || start.pop()) ) {
+
+								if ( ( ofType ? node.nodeName.toLowerCase() === name : node.nodeType === 1 ) && ++diff ) {
+									// Cache the index of each encountered element
+									if ( useCache ) {
+										(node[ expando ] || (node[ expando ] = {}))[ type ] = [ dirruns, diff ];
+									}
+
+									if ( node === elem ) {
+										break;
+									}
+								}
+							}
+						}
+
+						// Incorporate the offset, then check against cycle size
+						diff -= last;
+						return diff === first || ( diff % first === 0 && diff / first >= 0 );
+					}
+				};
+		},
+
+		"PSEUDO": function( pseudo, argument ) {
+			// pseudo-class names are case-insensitive
+			// http://www.w3.org/TR/selectors/#pseudo-classes
+			// Prioritize by case sensitivity in case custom pseudos are added with uppercase letters
+			// Remember that setFilters inherits from pseudos
+			var args,
+				fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] ||
+					Sizzle.error( "unsupported pseudo: " + pseudo );
+
+			// The user may use createPseudo to indicate that
+			// arguments are needed to create the filter function
+			// just as Sizzle does
+			if ( fn[ expando ] ) {
+				return fn( argument );
+			}
+
+			// But maintain support for old signatures
+			if ( fn.length > 1 ) {
+				args = [ pseudo, pseudo, "", argument ];
+				return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ?
+					markFunction(function( seed, matches ) {
+						var idx,
+							matched = fn( seed, argument ),
+							i = matched.length;
+						while ( i-- ) {
+							idx = indexOf.call( seed, matched[i] );
+							seed[ idx ] = !( matches[ idx ] = matched[i] );
+						}
+					}) :
+					function( elem ) {
+						return fn( elem, 0, args );
+					};
+			}
+
+			return fn;
+		}
+	},
+
+	pseudos: {
+		// Potentially complex pseudos
+		"not": markFunction(function( selector ) {
+			// Trim the selector passed to compile
+			// to avoid treating leading and trailing
+			// spaces as combinators
+			var input = [],
+				results = [],
+				matcher = compile( selector.replace( rtrim, "$1" ) );
+
+			return matcher[ expando ] ?
+				markFunction(function( seed, matches, context, xml ) {
+					var elem,
+						unmatched = matcher( seed, null, xml, [] ),
+						i = seed.length;
+
+					// Match elements unmatched by `matcher`
+					while ( i-- ) {
+						if ( (elem = unmatched[i]) ) {
+							seed[i] = !(matches[i] = elem);
+						}
+					}
+				}) :
+				function( elem, context, xml ) {
+					input[0] = elem;
+					matcher( input, null, xml, results );
+					return !results.pop();
+				};
+		}),
+
+		"has": markFunction(function( selector ) {
+			return function( elem ) {
+				return Sizzle( selector, elem ).length > 0;
+			};
+		}),
+
+		"contains": markFunction(function( text ) {
+			return function( elem ) {
+				return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1;
+			};
+		}),
+
+		// "Whether an element is represented by a :lang() selector
+		// is based solely on the element's language value
+		// being equal to the identifier C,
+		// or beginning with the identifier C immediately followed by "-".
+		// The matching of C against the element's language value is performed case-insensitively.
+		// The identifier C does not have to be a valid language name."
+		// http://www.w3.org/TR/selectors/#lang-pseudo
+		"lang": markFunction( function( lang ) {
+			// lang value must be a valid identifier
+			if ( !ridentifier.test(lang || "") ) {
+				Sizzle.error( "unsupported lang: " + lang );
+			}
+			lang = lang.replace( runescape, funescape ).toLowerCase();
+			return function( elem ) {
+				var elemLang;
+				do {
+					if ( (elemLang = documentIsHTML ?
+						elem.lang :
+						elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) {
+
+						elemLang = elemLang.toLowerCase();
+						return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0;
+					}
+				} while ( (elem = elem.parentNode) && elem.nodeType === 1 );
+				return false;
+			};
+		}),
+
+		// Miscellaneous
+		"target": function( elem ) {
+			var hash = window.location && window.location.hash;
+			return hash && hash.slice( 1 ) === elem.id;
+		},
+
+		"root": function( elem ) {
+			return elem === docElem;
+		},
+
+		"focus": function( elem ) {
+			return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex);
+		},
+
+		// Boolean properties
+		"enabled": function( elem ) {
+			return elem.disabled === false;
+		},
+
+		"disabled": function( elem ) {
+			return elem.disabled === true;
+		},
+
+		"checked": function( elem ) {
+			// In CSS3, :checked should return both checked and selected elements
+			// http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked
+			var nodeName = elem.nodeName.toLowerCase();
+			return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected);
+		},
+
+		"selected": function( elem ) {
+			// Accessing this property makes selected-by-default
+			// options in Safari work properly
+			if ( elem.parentNode ) {
+				elem.parentNode.selectedIndex;
+			}
+
+			return elem.selected === true;
+		},
+
+		// Contents
+		"empty": function( elem ) {
+			// http://www.w3.org/TR/selectors/#empty-pseudo
+			// :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5),
+			//   but not by others (comment: 8; processing instruction: 7; etc.)
+			// nodeType < 6 works because attributes (2) do not appear as children
+			for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) {
+				if ( elem.nodeType < 6 ) {
+					return false;
+				}
+			}
+			return true;
+		},
+
+		"parent": function( elem ) {
+			return !Expr.pseudos["empty"]( elem );
+		},
+
+		// Element/input types
+		"header": function( elem ) {
+			return rheader.test( elem.nodeName );
+		},
+
+		"input": function( elem ) {
+			return rinputs.test( elem.nodeName );
+		},
+
+		"button": function( elem ) {
+			var name = elem.nodeName.toLowerCase();
+			return name === "input" && elem.type === "button" || name === "button";
+		},
+
+		"text": function( elem ) {
+			var attr;
+			return elem.nodeName.toLowerCase() === "input" &&
+				elem.type === "text" &&
+
+				// Support: IE<8
+				// New HTML5 attribute values (e.g., "search") appear with elem.type === "text"
+				( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" );
+		},
+
+		// Position-in-collection
+		"first": createPositionalPseudo(function() {
+			return [ 0 ];
+		}),
+
+		"last": createPositionalPseudo(function( matchIndexes, length ) {
+			return [ length - 1 ];
+		}),
+
+		"eq": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			return [ argument < 0 ? argument + length : argument ];
+		}),
+
+		"even": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 0;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"odd": createPositionalPseudo(function( matchIndexes, length ) {
+			var i = 1;
+			for ( ; i < length; i += 2 ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"lt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; --i >= 0; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		}),
+
+		"gt": createPositionalPseudo(function( matchIndexes, length, argument ) {
+			var i = argument < 0 ? argument + length : argument;
+			for ( ; ++i < length; ) {
+				matchIndexes.push( i );
+			}
+			return matchIndexes;
+		})
+	}
+};
+
+Expr.pseudos["nth"] = Expr.pseudos["eq"];
+
+// Add button/input type pseudos
+for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) {
+	Expr.pseudos[ i ] = createInputPseudo( i );
+}
+for ( i in { submit: true, reset: true } ) {
+	Expr.pseudos[ i ] = createButtonPseudo( i );
+}
+
+// Easy API for creating new setFilters
+function setFilters() {}
+setFilters.prototype = Expr.filters = Expr.pseudos;
+Expr.setFilters = new setFilters();
+
+tokenize = Sizzle.tokenize = function( selector, parseOnly ) {
+	var matched, match, tokens, type,
+		soFar, groups, preFilters,
+		cached = tokenCache[ selector + " " ];
+
+	if ( cached ) {
+		return parseOnly ? 0 : cached.slice( 0 );
+	}
+
+	soFar = selector;
+	groups = [];
+	preFilters = Expr.preFilter;
+
+	while ( soFar ) {
+
+		// Comma and first run
+		if ( !matched || (match = rcomma.exec( soFar )) ) {
+			if ( match ) {
+				// Don't consume trailing commas as valid
+				soFar = soFar.slice( match[0].length ) || soFar;
+			}
+			groups.push( (tokens = []) );
+		}
+
+		matched = false;
+
+		// Combinators
+		if ( (match = rcombinators.exec( soFar )) ) {
+			matched = match.shift();
+			tokens.push({
+				value: matched,
+				// Cast descendant combinators to space
+				type: match[0].replace( rtrim, " " )
+			});
+			soFar = soFar.slice( matched.length );
+		}
+
+		// Filters
+		for ( type in Expr.filter ) {
+			if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] ||
+				(match = preFilters[ type ]( match ))) ) {
+				matched = match.shift();
+				tokens.push({
+					value: matched,
+					type: type,
+					matches: match
+				});
+				soFar = soFar.slice( matched.length );
+			}
+		}
+
+		if ( !matched ) {
+			break;
+		}
+	}
+
+	// Return the length of the invalid excess
+	// if we're just parsing
+	// Otherwise, throw an error or return tokens
+	return parseOnly ?
+		soFar.length :
+		soFar ?
+			Sizzle.error( selector ) :
+			// Cache the tokens
+			tokenCache( selector, groups ).slice( 0 );
+};
+
+function toSelector( tokens ) {
+	var i = 0,
+		len = tokens.length,
+		selector = "";
+	for ( ; i < len; i++ ) {
+		selector += tokens[i].value;
+	}
+	return selector;
+}
+
+function addCombinator( matcher, combinator, base ) {
+	var dir = combinator.dir,
+		checkNonElements = base && dir === "parentNode",
+		doneName = done++;
+
+	return combinator.first ?
+		// Check against closest ancestor/preceding element
+		function( elem, context, xml ) {
+			while ( (elem = elem[ dir ]) ) {
+				if ( elem.nodeType === 1 || checkNonElements ) {
+					return matcher( elem, context, xml );
+				}
+			}
+		} :
+
+		// Check against all ancestor/preceding elements
+		function( elem, context, xml ) {
+			var oldCache, outerCache,
+				newCache = [ dirruns, doneName ];
+
+			// We can't set arbitrary data on XML nodes, so they don't benefit from dir caching
+			if ( xml ) {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						if ( matcher( elem, context, xml ) ) {
+							return true;
+						}
+					}
+				}
+			} else {
+				while ( (elem = elem[ dir ]) ) {
+					if ( elem.nodeType === 1 || checkNonElements ) {
+						outerCache = elem[ expando ] || (elem[ expando ] = {});
+						if ( (oldCache = outerCache[ dir ]) &&
+							oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) {
+
+							// Assign to newCache so results back-propagate to previous elements
+							return (newCache[ 2 ] = oldCache[ 2 ]);
+						} else {
+							// Reuse newcache so results back-propagate to previous elements
+							outerCache[ dir ] = newCache;
+
+							// A match means we're done; a fail means we have to keep checking
+							if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) {
+								return true;
+							}
+						}
+					}
+				}
+			}
+		};
+}
+
+function elementMatcher( matchers ) {
+	return matchers.length > 1 ?
+		function( elem, context, xml ) {
+			var i = matchers.length;
+			while ( i-- ) {
+				if ( !matchers[i]( elem, context, xml ) ) {
+					return false;
+				}
+			}
+			return true;
+		} :
+		matchers[0];
+}
+
+function multipleContexts( selector, contexts, results ) {
+	var i = 0,
+		len = contexts.length;
+	for ( ; i < len; i++ ) {
+		Sizzle( selector, contexts[i], results );
+	}
+	return results;
+}
+
+function condense( unmatched, map, filter, context, xml ) {
+	var elem,
+		newUnmatched = [],
+		i = 0,
+		len = unmatched.length,
+		mapped = map != null;
+
+	for ( ; i < len; i++ ) {
+		if ( (elem = unmatched[i]) ) {
+			if ( !filter || filter( elem, context, xml ) ) {
+				newUnmatched.push( elem );
+				if ( mapped ) {
+					map.push( i );
+				}
+			}
+		}
+	}
+
+	return newUnmatched;
+}
+
+function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) {
+	if ( postFilter && !postFilter[ expando ] ) {
+		postFilter = setMatcher( postFilter );
+	}
+	if ( postFinder && !postFinder[ expando ] ) {
+		postFinder = setMatcher( postFinder, postSelector );
+	}
+	return markFunction(function( seed, results, context, xml ) {
+		var temp, i, elem,
+			preMap = [],
+			postMap = [],
+			preexisting = results.length,
+
+			// Get initial elements from seed or context
+			elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ),
+
+			// Prefilter to get matcher input, preserving a map for seed-results synchronization
+			matcherIn = preFilter && ( seed || !selector ) ?
+				condense( elems, preMap, preFilter, context, xml ) :
+				elems,
+
+			matcherOut = matcher ?
+				// If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results,
+				postFinder || ( seed ? preFilter : preexisting || postFilter ) ?
+
+					// ...intermediate processing is necessary
+					[] :
+
+					// ...otherwise use results directly
+					results :
+				matcherIn;
+
+		// Find primary matches
+		if ( matcher ) {
+			matcher( matcherIn, matcherOut, context, xml );
+		}
+
+		// Apply postFilter
+		if ( postFilter ) {
+			temp = condense( matcherOut, postMap );
+			postFilter( temp, [], context, xml );
+
+			// Un-match failing elements by moving them back to matcherIn
+			i = temp.length;
+			while ( i-- ) {
+				if ( (elem = temp[i]) ) {
+					matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem);
+				}
+			}
+		}
+
+		if ( seed ) {
+			if ( postFinder || preFilter ) {
+				if ( postFinder ) {
+					// Get the final matcherOut by condensing this intermediate into postFinder contexts
+					temp = [];
+					i = matcherOut.length;
+					while ( i-- ) {
+						if ( (elem = matcherOut[i]) ) {
+							// Restore matcherIn since elem is not yet a final match
+							temp.push( (matcherIn[i] = elem) );
+						}
+					}
+					postFinder( null, (matcherOut = []), temp, xml );
+				}
+
+				// Move matched elements from seed to results to keep them synchronized
+				i = matcherOut.length;
+				while ( i-- ) {
+					if ( (elem = matcherOut[i]) &&
+						(temp = postFinder ? indexOf.call( seed, elem ) : preMap[i]) > -1 ) {
+
+						seed[temp] = !(results[temp] = elem);
+					}
+				}
+			}
+
+		// Add elements to results, through postFinder if defined
+		} else {
+			matcherOut = condense(
+				matcherOut === results ?
+					matcherOut.splice( preexisting, matcherOut.length ) :
+					matcherOut
+			);
+			if ( postFinder ) {
+				postFinder( null, results, matcherOut, xml );
+			} else {
+				push.apply( results, matcherOut );
+			}
+		}
+	});
+}
+
+function matcherFromTokens( tokens ) {
+	var checkContext, matcher, j,
+		len = tokens.length,
+		leadingRelative = Expr.relative[ tokens[0].type ],
+		implicitRelative = leadingRelative || Expr.relative[" "],
+		i = leadingRelative ? 1 : 0,
+
+		// The foundational matcher ensures that elements are reachable from top-level context(s)
+		matchContext = addCombinator( function( elem ) {
+			return elem === checkContext;
+		}, implicitRelative, true ),
+		matchAnyContext = addCombinator( function( elem ) {
+			return indexOf.call( checkContext, elem ) > -1;
+		}, implicitRelative, true ),
+		matchers = [ function( elem, context, xml ) {
+			return ( !leadingRelative && ( xml || context !== outermostContext ) ) || (
+				(checkContext = context).nodeType ?
+					matchContext( elem, context, xml ) :
+					matchAnyContext( elem, context, xml ) );
+		} ];
+
+	for ( ; i < len; i++ ) {
+		if ( (matcher = Expr.relative[ tokens[i].type ]) ) {
+			matchers = [ addCombinator(elementMatcher( matchers ), matcher) ];
+		} else {
+			matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches );
+
+			// Return special upon seeing a positional matcher
+			if ( matcher[ expando ] ) {
+				// Find the next relative operator (if any) for proper handling
+				j = ++i;
+				for ( ; j < len; j++ ) {
+					if ( Expr.relative[ tokens[j].type ] ) {
+						break;
+					}
+				}
+				return setMatcher(
+					i > 1 && elementMatcher( matchers ),
+					i > 1 && toSelector(
+						// If the preceding token was a descendant combinator, insert an implicit any-element `*`
+						tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" })
+					).replace( rtrim, "$1" ),
+					matcher,
+					i < j && matcherFromTokens( tokens.slice( i, j ) ),
+					j < len && matcherFromTokens( (tokens = tokens.slice( j )) ),
+					j < len && toSelector( tokens )
+				);
+			}
+			matchers.push( matcher );
+		}
+	}
+
+	return elementMatcher( matchers );
+}
+
+function matcherFromGroupMatchers( elementMatchers, setMatchers ) {
+	var bySet = setMatchers.length > 0,
+		byElement = elementMatchers.length > 0,
+		superMatcher = function( seed, context, xml, results, outermost ) {
+			var elem, j, matcher,
+				matchedCount = 0,
+				i = "0",
+				unmatched = seed && [],
+				setMatched = [],
+				contextBackup = outermostContext,
+				// We must always have either seed elements or outermost context
+				elems = seed || byElement && Expr.find["TAG"]( "*", outermost ),
+				// Use integer dirruns iff this is the outermost matcher
+				dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1),
+				len = elems.length;
+
+			if ( outermost ) {
+				outermostContext = context !== document && context;
+			}
+
+			// Add elements passing elementMatchers directly to results
+			// Keep `i` a string if there are no elements so `matchedCount` will be "00" below
+			// Support: IE<9, Safari
+			// Tolerate NodeList properties (IE: "length"; Safari: <number>) matching elements by id
+			for ( ; i !== len && (elem = elems[i]) != null; i++ ) {
+				if ( byElement && elem ) {
+					j = 0;
+					while ( (matcher = elementMatchers[j++]) ) {
+						if ( matcher( elem, context, xml ) ) {
+							results.push( elem );
+							break;
+						}
+					}
+					if ( outermost ) {
+						dirruns = dirrunsUnique;
+					}
+				}
+
+				// Track unmatched elements for set filters
+				if ( bySet ) {
+					// They will have gone through all possible matchers
+					if ( (elem = !matcher && elem) ) {
+						matchedCount--;
+					}
+
+					// Lengthen the array for every element, matched or not
+					if ( seed ) {
+						unmatched.push( elem );
+					}
+				}
+			}
+
+			// Apply set filters to unmatched elements
+			matchedCount += i;
+			if ( bySet && i !== matchedCount ) {
+				j = 0;
+				while ( (matcher = setMatchers[j++]) ) {
+					matcher( unmatched, setMatched, context, xml );
+				}
+
+				if ( seed ) {
+					// Reintegrate element matches to eliminate the need for sorting
+					if ( matchedCount > 0 ) {
+						while ( i-- ) {
+							if ( !(unmatched[i] || setMatched[i]) ) {
+								setMatched[i] = pop.call( results );
+							}
+						}
+					}
+
+					// Discard index placeholder values to get only actual matches
+					setMatched = condense( setMatched );
+				}
+
+				// Add matches to results
+				push.apply( results, setMatched );
+
+				// Seedless set matches succeeding multiple successful matchers stipulate sorting
+				if ( outermost && !seed && setMatched.length > 0 &&
+					( matchedCount + setMatchers.length ) > 1 ) {
+
+					Sizzle.uniqueSort( results );
+				}
+			}
+
+			// Override manipulation of globals by nested matchers
+			if ( outermost ) {
+				dirruns = dirrunsUnique;
+				outermostContext = contextBackup;
+			}
+
+			return unmatched;
+		};
+
+	return bySet ?
+		markFunction( superMatcher ) :
+		superMatcher;
+}
+
+compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) {
+	var i,
+		setMatchers = [],
+		elementMatchers = [],
+		cached = compilerCache[ selector + " " ];
+
+	if ( !cached ) {
+		// Generate a function of recursive functions that can be used to check each element
+		if ( !match ) {
+			match = tokenize( selector );
+		}
+		i = match.length;
+		while ( i-- ) {
+			cached = matcherFromTokens( match[i] );
+			if ( cached[ expando ] ) {
+				setMatchers.push( cached );
+			} else {
+				elementMatchers.push( cached );
+			}
+		}
+
+		// Cache the compiled function
+		cached = compilerCache( selector, matcherFromGroupMatchers( elementMatchers, setMatchers ) );
+
+		// Save selector and tokenization
+		cached.selector = selector;
+	}
+	return cached;
+};
+
+/**
+ * A low-level selection function that works with Sizzle's compiled
+ *  selector functions
+ * @param {String|Function} selector A selector or a pre-compiled
+ *  selector function built with Sizzle.compile
+ * @param {Element} context
+ * @param {Array} [results]
+ * @param {Array} [seed] A set of elements to match against
+ */
+select = Sizzle.select = function( selector, context, results, seed ) {
+	var i, tokens, token, type, find,
+		compiled = typeof selector === "function" && selector,
+		match = !seed && tokenize( (selector = compiled.selector || selector) );
+
+	results = results || [];
+
+	// Try to minimize operations if there is no seed and only one group
+	if ( match.length === 1 ) {
+
+		// Take a shortcut and set the context if the root selector is an ID
+		tokens = match[0] = match[0].slice( 0 );
+		if ( tokens.length > 2 && (token = tokens[0]).type === "ID" &&
+				support.getById && context.nodeType === 9 && documentIsHTML &&
+				Expr.relative[ tokens[1].type ] ) {
+
+			context = ( Expr.find["ID"]( token.matches[0].replace(runescape, funescape), context ) || [] )[0];
+			if ( !context ) {
+				return results;
+
+			// Precompiled matchers will still verify ancestry, so step up a level
+			} else if ( compiled ) {
+				context = context.parentNode;
+			}
+
+			selector = selector.slice( tokens.shift().value.length );
+		}
+
+		// Fetch a seed set for right-to-left matching
+		i = matchExpr["needsContext"].test( selector ) ? 0 : tokens.length;
+		while ( i-- ) {
+			token = tokens[i];
+
+			// Abort if we hit a combinator
+			if ( Expr.relative[ (type = token.type) ] ) {
+				break;
+			}
+			if ( (find = Expr.find[ type ]) ) {
+				// Search, expanding context for leading sibling combinators
+				if ( (seed = find(
+					token.matches[0].replace( runescape, funescape ),
+					rsibling.test( tokens[0].type ) && testContext( context.parentNode ) || context
+				)) ) {
+
+					// If seed is empty or no tokens remain, we can return early
+					tokens.splice( i, 1 );
+					selector = seed.length && toSelector( tokens );
+					if ( !selector ) {
+						push.apply( results, seed );
+						return results;
+					}
+
+					break;
+				}
+			}
+		}
+	}
+
+	// Compile and execute a filtering function if one is not provided
+	// Provide `match` to avoid retokenization if we modified the selector above
+	( compiled || compile( selector, match ) )(
+		seed,
+		context,
+		!documentIsHTML,
+		results,
+		rsibling.test( selector ) && testContext( context.parentNode ) || context
+	);
+	return results;
+};
+
+// One-time assignments
+
+// Sort stability
+support.sortStable = expando.split("").sort( sortOrder ).join("") === expando;
+
+// Support: Chrome<14
+// Always assume duplicates if they aren't passed to the comparison function
+support.detectDuplicates = !!hasDuplicate;
+
+// Initialize against the default document
+setDocument();
+
+// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27)
+// Detached nodes confoundingly follow *each other*
+support.sortDetached = assert(function( div1 ) {
+	// Should return 1, but returns 4 (following)
+	return div1.compareDocumentPosition( document.createElement("div") ) & 1;
+});
+
+// Support: IE<8
+// Prevent attribute/property "interpolation"
+// http://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx
+if ( !assert(function( div ) {
+	div.innerHTML = "<a href='#'></a>";
+	return div.firstChild.getAttribute("href") === "#" ;
+}) ) {
+	addHandle( "type|href|height|width", function( elem, name, isXML ) {
+		if ( !isXML ) {
+			return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 );
+		}
+	});
+}
+
+// Support: IE<9
+// Use defaultValue in place of getAttribute("value")
+if ( !support.attributes || !assert(function( div ) {
+	div.innerHTML = "<input/>";
+	div.firstChild.setAttribute( "value", "" );
+	return div.firstChild.getAttribute( "value" ) === "";
+}) ) {
+	addHandle( "value", function( elem, name, isXML ) {
+		if ( !isXML && elem.nodeName.toLowerCase() === "input" ) {
+			return elem.defaultValue;
+		}
+	});
+}
+
+// Support: IE<9
+// Use getAttributeNode to fetch booleans when getAttribute lies
+if ( !assert(function( div ) {
+	return div.getAttribute("disabled") == null;
+}) ) {
+	addHandle( booleans, function( elem, name, isXML ) {
+		var val;
+		if ( !isXML ) {
+			return elem[ name ] === true ? name.toLowerCase() :
+					(val = elem.getAttributeNode( name )) && val.specified ?
+					val.value :
+				null;
+		}
+	});
+}
+
+return Sizzle;
+
+})( window );
+
+
+
+jQuery.find = Sizzle;
+jQuery.expr = Sizzle.selectors;
+jQuery.expr[":"] = jQuery.expr.pseudos;
+jQuery.unique = Sizzle.uniqueSort;
+jQuery.text = Sizzle.getText;
+jQuery.isXMLDoc = Sizzle.isXML;
+jQuery.contains = Sizzle.contains;
+
+
+
+var rneedsContext = jQuery.expr.match.needsContext;
+
+var rsingleTag = (/^<(\w+)\s*\/?>(?:<\/\1>|)$/);
+
+
+
+var risSimple = /^.[^:#\[\.,]*$/;
+
+// Implement the identical functionality for filter and not
+function winnow( elements, qualifier, not ) {
+	if ( jQuery.isFunction( qualifier ) ) {
+		return jQuery.grep( elements, function( elem, i ) {
+			/* jshint -W018 */
+			return !!qualifier.call( elem, i, elem ) !== not;
+		});
+
+	}
+
+	if ( qualifier.nodeType ) {
+		return jQuery.grep( elements, function( elem ) {
+			return ( elem === qualifier ) !== not;
+		});
+
+	}
+
+	if ( typeof qualifier === "string" ) {
+		if ( risSimple.test( qualifier ) ) {
+			return jQuery.filter( qualifier, elements, not );
+		}
+
+		qualifier = jQuery.filter( qualifier, elements );
+	}
+
+	return jQuery.grep( elements, function( elem ) {
+		return ( indexOf.call( qualifier, elem ) >= 0 ) !== not;
+	});
+}
+
+jQuery.filter = function( expr, elems, not ) {
+	var elem = elems[ 0 ];
+
+	if ( not ) {
+		expr = ":not(" + expr + ")";
+	}
+
+	return elems.length === 1 && elem.nodeType === 1 ?
+		jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : [] :
+		jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) {
+			return elem.nodeType === 1;
+		}));
+};
+
+jQuery.fn.extend({
+	find: function( selector ) {
+		var i,
+			len = this.length,
+			ret = [],
+			self = this;
+
+		if ( typeof selector !== "string" ) {
+			return this.pushStack( jQuery( selector ).filter(function() {
+				for ( i = 0; i < len; i++ ) {
+					if ( jQuery.contains( self[ i ], this ) ) {
+						return true;
+					}
+				}
+			}) );
+		}
+
+		for ( i = 0; i < len; i++ ) {
+			jQuery.find( selector, self[ i ], ret );
+		}
+
+		// Needed because $( selector, context ) becomes $( context ).find( selector )
+		ret = this.pushStack( len > 1 ? jQuery.unique( ret ) : ret );
+		ret.selector = this.selector ? this.selector + " " + selector : selector;
+		return ret;
+	},
+	filter: function( selector ) {
+		return this.pushStack( winnow(this, selector || [], false) );
+	},
+	not: function( selector ) {
+		return this.pushStack( winnow(this, selector || [], true) );
+	},
+	is: function( selector ) {
+		return !!winnow(
+			this,
+
+			// If this is a positional/relative selector, check membership in the returned set
+			// so $("p:first").is("p:last") won't return true for a doc with two "p".
+			typeof selector === "string" && rneedsContext.test( selector ) ?
+				jQuery( selector ) :
+				selector || [],
+			false
+		).length;
+	}
+});
+
+
+// Initialize a jQuery object
+
+
+// A central reference to the root jQuery(document)
+var rootjQuery,
+
+	// A simple way to check for HTML strings
+	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
+	// Strict HTML recognition (#11290: must start with <)
+	rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]*))$/,
+
+	init = jQuery.fn.init = function( selector, context ) {
+		var match, elem;
+
+		// HANDLE: $(""), $(null), $(undefined), $(false)
+		if ( !selector ) {
+			return this;
+		}
+
+		// Handle HTML strings
+		if ( typeof selector === "string" ) {
+			if ( selector[0] === "<" && selector[ selector.length - 1 ] === ">" && selector.length >= 3 ) {
+				// Assume that strings that start and end with <> are HTML and skip the regex check
+				match = [ null, selector, null ];
+
+			} else {
+				match = rquickExpr.exec( selector );
+			}
+
+			// Match html or make sure no context is specified for #id
+			if ( match && (match[1] || !context) ) {
+
+				// HANDLE: $(html) -> $(array)
+				if ( match[1] ) {
+					context = context instanceof jQuery ? context[0] : context;
+
+					// scripts is true for back-compat
+					// Intentionally let the error be thrown if parseHTML is not present
+					jQuery.merge( this, jQuery.parseHTML(
+						match[1],
+						context && context.nodeType ? context.ownerDocument || context : document,
+						true
+					) );
+
+					// HANDLE: $(html, props)
+					if ( rsingleTag.test( match[1] ) && jQuery.isPlainObject( context ) ) {
+						for ( match in context ) {
+							// Properties of context are called as methods if possible
+							if ( jQuery.isFunction( this[ match ] ) ) {
+								this[ match ]( context[ match ] );
+
+							// ...and otherwise set as attributes
+							} else {
+								this.attr( match, context[ match ] );
+							}
+						}
+					}
+
+					return this;
+
+				// HANDLE: $(#id)
+				} else {
+					elem = document.getElementById( match[2] );
+
+					// Check parentNode to catch when Blackberry 4.6 returns
+					// nodes that are no longer in the document #6963
+					if ( elem && elem.parentNode ) {
+						// Inject the element directly into the jQuery object
+						this.length = 1;
+						this[0] = elem;
+					}
+
+					this.context = document;
+					this.selector = selector;
+					return this;
+				}
+
+			// HANDLE: $(expr, $(...))
+			} else if ( !context || context.jquery ) {
+				return ( context || rootjQuery ).find( selector );
+
+			// HANDLE: $(expr, context)
+			// (which is just equivalent to: $(context).find(expr)
+			} else {
+				return this.constructor( context ).find( selector );
+			}
+
+		// HANDLE: $(DOMElement)
+		} else if ( selector.nodeType ) {
+			this.context = this[0] = selector;
+			this.length = 1;
+			return this;
+
+		// HANDLE: $(function)
+		// Shortcut for document ready
+		} else if ( jQuery.isFunction( selector ) ) {
+			return typeof rootjQuery.ready !== "undefined" ?
+				rootjQuery.ready( selector ) :
+				// Execute immediately if ready is not present
+				selector( jQuery );
+		}
+
+		if ( selector.selector !== undefined ) {
+			this.selector = selector.selector;
+			this.context = selector.context;
+		}
+
+		return jQuery.makeArray( selector, this );
+	};
+
+// Give the init function the jQuery prototype for later instantiation
+init.prototype = jQuery.fn;
+
+// Initialize central reference
+rootjQuery = jQuery( document );
+
+
+var rparentsprev = /^(?:parents|prev(?:Until|All))/,
+	// methods guaranteed to produce a unique set when starting from a unique set
+	guaranteedUnique = {
+		children: true,
+		contents: true,
+		next: true,
+		prev: true
+	};
+
+jQuery.extend({
+	dir: function( elem, dir, until ) {
+		var matched = [],
+			truncate = until !== undefined;
+
+		while ( (elem = elem[ dir ]) && elem.nodeType !== 9 ) {
+			if ( elem.nodeType === 1 ) {
+				if ( truncate && jQuery( elem ).is( until ) ) {
+					break;
+				}
+				matched.push( elem );
+			}
+		}
+		return matched;
+	},
+
+	sibling: function( n, elem ) {
+		var matched = [];
+
+		for ( ; n; n = n.nextSibling ) {
+			if ( n.nodeType === 1 && n !== elem ) {
+				matched.push( n );
+			}
+		}
+
+		return matched;
+	}
+});
+
+jQuery.fn.extend({
+	has: function( target ) {
+		var targets = jQuery( target, this ),
+			l = targets.length;
+
+		return this.filter(function() {
+			var i = 0;
+			for ( ; i < l; i++ ) {
+				if ( jQuery.contains( this, targets[i] ) ) {
+					return true;
+				}
+			}
+		});
+	},
+
+	closest: function( selectors, context ) {
+		var cur,
+			i = 0,
+			l = this.length,
+			matched = [],
+			pos = rneedsContext.test( selectors ) || typeof selectors !== "string" ?
+				jQuery( selectors, context || this.context ) :
+				0;
+
+		for ( ; i < l; i++ ) {
+			for ( cur = this[i]; cur && cur !== context; cur = cur.parentNode ) {
+				// Always skip document fragments
+				if ( cur.nodeType < 11 && (pos ?
+					pos.index(cur) > -1 :
+
+					// Don't pass non-elements to Sizzle
+					cur.nodeType === 1 &&
+						jQuery.find.matchesSelector(cur, selectors)) ) {
+
+					matched.push( cur );
+					break;
+				}
+			}
+		}
+
+		return this.pushStack( matched.length > 1 ? jQuery.unique( matched ) : matched );
+	},
+
+	// Determine the position of an element within
+	// the matched set of elements
+	index: function( elem ) {
+
+		// No argument, return index in parent
+		if ( !elem ) {
+			return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1;
+		}
+
+		// index in selector
+		if ( typeof elem === "string" ) {
+			return indexOf.call( jQuery( elem ), this[ 0 ] );
+		}
+
+		// Locate the position of the desired element
+		return indexOf.call( this,
+
+			// If it receives a jQuery object, the first element is used
+			elem.jquery ? elem[ 0 ] : elem
+		);
+	},
+
+	add: function( selector, context ) {
+		return this.pushStack(
+			jQuery.unique(
+				jQuery.merge( this.get(), jQuery( selector, context ) )
+			)
+		);
+	},
+
+	addBack: function( selector ) {
+		return this.add( selector == null ?
+			this.prevObject : this.prevObject.filter(selector)
+		);
+	}
+});
+
+function sibling( cur, dir ) {
+	while ( (cur = cur[dir]) && cur.nodeType !== 1 ) {}
+	return cur;
+}
+
+jQuery.each({
+	parent: function( elem ) {
+		var parent = elem.parentNode;
+		return parent && parent.nodeType !== 11 ? parent : null;
+	},
+	parents: function( elem ) {
+		return jQuery.dir( elem, "parentNode" );
+	},
+	parentsUntil: function( elem, i, until ) {
+		return jQuery.dir( elem, "parentNode", until );
+	},
+	next: function( elem ) {
+		return sibling( elem, "nextSibling" );
+	},
+	prev: function( elem ) {
+		return sibling( elem, "previousSibling" );
+	},
+	nextAll: function( elem ) {
+		return jQuery.dir( elem, "nextSibling" );
+	},
+	prevAll: function( elem ) {
+		return jQuery.dir( elem, "previousSibling" );
+	},
+	nextUntil: function( elem, i, until ) {
+		return jQuery.dir( elem, "nextSibling", until );
+	},
+	prevUntil: function( elem, i, until ) {
+		return jQuery.dir( elem, "previousSibling", until );
+	},
+	siblings: function( elem ) {
+		return jQuery.sibling( ( elem.parentNode || {} ).firstChild, elem );
+	},
+	children: function( elem ) {
+		return jQuery.sibling( elem.firstChild );
+	},
+	contents: function( elem ) {
+		return elem.contentDocument || jQuery.merge( [], elem.childNodes );
+	}
+}, function( name, fn ) {
+	jQuery.fn[ name ] = function( until, selector ) {
+		var matched = jQuery.map( this, fn, until );
+
+		if ( name.slice( -5 ) !== "Until" ) {
+			selector = until;
+		}
+
+		if ( selector && typeof selector === "string" ) {
+			matched = jQuery.filter( selector, matched );
+		}
+
+		if ( this.length > 1 ) {
+			// Remove duplicates
+			if ( !guaranteedUnique[ name ] ) {
+				jQuery.unique( matched );
+			}
+
+			// Reverse order for parents* and prev-derivatives
+			if ( rparentsprev.test( name ) ) {
+				matched.reverse();
+			}
+		}
+
+		return this.pushStack( matched );
+	};
+});
+var rnotwhite = (/\S+/g);
+
+
+
+// String to Object options format cache
+var optionsCache = {};
+
+// Convert String-formatted options into Object-formatted ones and store in cache
+function createOptions( options ) {
+	var object = optionsCache[ options ] = {};
+	jQuery.each( options.match( rnotwhite ) || [], function( _, flag ) {
+		object[ flag ] = true;
+	});
+	return object;
+}
+
+/*
+ * Create a callback list using the following parameters:
+ *
+ *	options: an optional list of space-separated options that will change how
+ *			the callback list behaves or a more traditional option object
+ *
+ * By default a callback list will act like an event callback list and can be
+ * "fired" multiple times.
+ *
+ * Possible options:
+ *
+ *	once:			will ensure the callback list can only be fired once (like a Deferred)
+ *
+ *	memory:			will keep track of previous values and will call any callback added
+ *					after the list has been fired right away with the latest "memorized"
+ *					values (like a Deferred)
+ *
+ *	unique:			will ensure a callback can only be added once (no duplicate in the list)
+ *
+ *	stopOnFalse:	interrupt callings when a callback returns false
+ *
+ */
+jQuery.Callbacks = function( options ) {
+
+	// Convert options from String-formatted to Object-formatted if needed
+	// (we check in cache first)
+	options = typeof options === "string" ?
+		( optionsCache[ options ] || createOptions( options ) ) :
+		jQuery.extend( {}, options );
+
+	var // Last fire value (for non-forgettable lists)
+		memory,
+		// Flag to know if list was already fired
+		fired,
+		// Flag to know if list is currently firing
+		firing,
+		// First callback to fire (used internally by add and fireWith)
+		firingStart,
+		// End of the loop when firing
+		firingLength,
+		// Index of currently firing callback (modified by remove if needed)
+		firingIndex,
+		// Actual callback list
+		list = [],
+		// Stack of fire calls for repeatable lists
+		stack = !options.once && [],
+		// Fire callbacks
+		fire = function( data ) {
+			memory = options.memory && data;
+			fired = true;
+			firingIndex = firingStart || 0;
+			firingStart = 0;
+			firingLength = list.length;
+			firing = true;
+			for ( ; list && firingIndex < firingLength; firingIndex++ ) {
+				if ( list[ firingIndex ].apply( data[ 0 ], data[ 1 ] ) === false && options.stopOnFalse ) {
+					memory = false; // To prevent further calls using add
+					break;
+				}
+			}
+			firing = false;
+			if ( list ) {
+				if ( stack ) {
+					if ( stack.length ) {
+						fire( stack.shift() );
+					}
+				} else if ( memory ) {
+					list = [];
+				} else {
+					self.disable();
+				}
+			}
+		},
+		// Actual Callbacks object
+		self = {
+			// Add a callback or a collection of callbacks to the list
+			add: function() {
+				if ( list ) {
+					// First, we save the current length
+					var start = list.length;
+					(function add( args ) {
+						jQuery.each( args, function( _, arg ) {
+							var type = jQuery.type( arg );
+							if ( type === "function" ) {
+								if ( !options.unique || !self.has( arg ) ) {
+									list.push( arg );
+								}
+							} else if ( arg && arg.length && type !== "string" ) {
+								// Inspect recursively
+								add( arg );
+							}
+						});
+					})( arguments );
+					// Do we need to add the callbacks to the
+					// current firing batch?
+					if ( firing ) {
+						firingLength = list.length;
+					// With memory, if we're not firing then
+					// we should call right away
+					} else if ( memory ) {
+						firingStart = start;
+						fire( memory );
+					}
+				}
+				return this;
+			},
+			// Remove a callback from the list
+			remove: function() {
+				if ( list ) {
+					jQuery.each( arguments, function( _, arg ) {
+						var index;
+						while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) {
+							list.splice( index, 1 );
+							// Handle firing indexes
+							if ( firing ) {
+								if ( index <= firingLength ) {
+									firingLength--;
+								}
+								if ( index <= firingIndex ) {
+									firingIndex--;
+								}
+							}
+						}
+					});
+				}
+				return this;
+			},
+			// Check if a given callback is in the list.
+			// If no argument is given, return whether or not list has callbacks attached.
+			has: function( fn ) {
+				return fn ? jQuery.inArray( fn, list ) > -1 : !!( list && list.length );
+			},
+			// Remove all callbacks from the list
+			empty: function() {
+				list = [];
+				firingLength = 0;
+				return this;
+			},
+			// Have the list do nothing anymore
+			disable: function() {
+				list = stack = memory = undefined;
+				return this;
+			},
+			// Is it disabled?
+			disabled: function() {
+				return !list;
+			},
+			// Lock the list in its current state
+			lock: function() {
+				stack = undefined;
+				if ( !memory ) {
+					self.disable();
+				}
+				return this;
+			},
+			// Is it locked?
+			locked: function() {
+				return !stack;
+			},
+			// Call all callbacks with the given context and arguments
+			fireWith: function( context, args ) {
+				if ( list && ( !fired || stack ) ) {
+					args = args || [];
+					args = [ context, args.slice ? args.slice() : args ];
+					if ( firing ) {
+						stack.push( args );
+					} else {
+						fire( args );
+					}
+				}
+				return this;
+			},
+			// Call all the callbacks with the given arguments
+			fire: function() {
+				self.fireWith( this, arguments );
+				return this;
+			},
+			// To know if the callbacks have already been called at least once
+			fired: function() {
+				return !!fired;
+			}
+		};
+
+	return self;
+};
+
+
+jQuery.extend({
+
+	Deferred: function( func ) {
+		var tuples = [
+				// action, add listener, listener list, final state
+				[ "resolve", "done", jQuery.Callbacks("once memory"), "resolved" ],
+				[ "reject", "fail", jQuery.Callbacks("once memory"), "rejected" ],
+				[ "notify", "progress", jQuery.Callbacks("memory") ]
+			],
+			state = "pending",
+			promise = {
+				state: function() {
+					return state;
+				},
+				always: function() {
+					deferred.done( arguments ).fail( arguments );
+					return this;
+				},
+				then: function( /* fnDone, fnFail, fnProgress */ ) {
+					var fns = arguments;
+					return jQuery.Deferred(function( newDefer ) {
+						jQuery.each( tuples, function( i, tuple ) {
+							var fn = jQuery.isFunction( fns[ i ] ) && fns[ i ];
+							// deferred[ done | fail | progress ] for forwarding actions to newDefer
+							deferred[ tuple[1] ](function() {
+								var returned = fn && fn.apply( this, arguments );
+								if ( returned && jQuery.isFunction( returned.promise ) ) {
+									returned.promise()
+										.done( newDefer.resolve )
+										.fail( newDefer.reject )
+										.progress( newDefer.notify );
+								} else {
+									newDefer[ tuple[ 0 ] + "With" ]( this === promise ? newDefer.promise() : this, fn ? [ returned ] : arguments );
+								}
+							});
+						});
+						fns = null;
+					}).promise();
+				},
+				// Get a promise for this deferred
+				// If obj is provided, the promise aspect is added to the object
+				promise: function( obj ) {
+					return obj != null ? jQuery.extend( obj, promise ) : promise;
+				}
+			},
+			deferred = {};
+
+		// Keep pipe for back-compat
+		promise.pipe = promise.then;
+
+		// Add list-specific methods
+		jQuery.each( tuples, function( i, tuple ) {
+			var list = tuple[ 2 ],
+				stateString = tuple[ 3 ];
+
+			// promise[ done | fail | progress ] = list.add
+			promise[ tuple[1] ] = list.add;
+
+			// Handle state
+			if ( stateString ) {
+				list.add(function() {
+					// state = [ resolved | rejected ]
+					state = stateString;
+
+				// [ reject_list | resolve_list ].disable; progress_list.lock
+				}, tuples[ i ^ 1 ][ 2 ].disable, tuples[ 2 ][ 2 ].lock );
+			}
+
+			// deferred[ resolve | reject | notify ]
+			deferred[ tuple[0] ] = function() {
+				deferred[ tuple[0] + "With" ]( this === deferred ? promise : this, arguments );
+				return this;
+			};
+			deferred[ tuple[0] + "With" ] = list.fireWith;
+		});
+
+		// Make the deferred a promise
+		promise.promise( deferred );
+
+		// Call given func if any
+		if ( func ) {
+			func.call( deferred, deferred );
+		}
+
+		// All done!
+		return deferred;
+	},
+
+	// Deferred helper
+	when: function( subordinate /* , ..., subordinateN */ ) {
+		var i = 0,
+			resolveValues = slice.call( arguments ),
+			length = resolveValues.length,
+
+			// the count of uncompleted subordinates
+			remaining = length !== 1 || ( subordinate && jQuery.isFunction( subordinate.promise ) ) ? length : 0,
+
+			// the master Deferred. If resolveValues consist of only a single Deferred, just use that.
+			deferred = remaining === 1 ? subordinate : jQuery.Deferred(),
+
+			// Update function for both resolve and progress values
+			updateFunc = function( i, contexts, values ) {
+				return function( value ) {
+					contexts[ i ] = this;
+					values[ i ] = arguments.length > 1 ? slice.call( arguments ) : value;
+					if ( values === progressValues ) {
+						deferred.notifyWith( contexts, values );
+					} else if ( !( --remaining ) ) {
+						deferred.resolveWith( contexts, values );
+					}
+				};
+			},
+
+			progressValues, progressContexts, resolveContexts;
+
+		// add listeners to Deferred subordinates; treat others as resolved
+		if ( length > 1 ) {
+			progressValues = new Array( length );
+			progressContexts = new Array( length );
+			resolveContexts = new Array( length );
+			for ( ; i < length; i++ ) {
+				if ( resolveValues[ i ] && jQuery.isFunction( resolveValues[ i ].promise ) ) {
+					resolveValues[ i ].promise()
+						.done( updateFunc( i, resolveContexts, resolveValues ) )
+						.fail( deferred.reject )
+						.progress( updateFunc( i, progressContexts, progressValues ) );
+				} else {
+					--remaining;
+				}
+			}
+		}
+
+		// if we're not waiting on anything, resolve the master
+		if ( !remaining ) {
+			deferred.resolveWith( resolveContexts, resolveValues );
+		}
+
+		return deferred.promise();
+	}
+});
+
+
+// The deferred used on DOM ready
+var readyList;
+
+jQuery.fn.ready = function( fn ) {
+	// Add the callback
+	jQuery.ready.promise().done( fn );
+
+	return this;
+};
+
+jQuery.extend({
+	// Is the DOM ready to be used? Set to true once it occurs.
+	isReady: false,
+
+	// A counter to track how many items to wait for before
+	// the ready event fires. See #6781
+	readyWait: 1,
+
+	// Hold (or release) the ready event
+	holdReady: function( hold ) {
+		if ( hold ) {
+			jQuery.readyWait++;
+		} else {
+			jQuery.ready( true );
+		}
+	},
+
+	// Handle when the DOM is ready
+	ready: function( wait ) {
+
+		// Abort if there are pending holds or we're already ready
+		if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) {
+			return;
+		}
+
+		// Remember that the DOM is ready
+		jQuery.isReady = true;
+
+		// If a normal DOM Ready event fired, decrement, and wait if need be
+		if ( wait !== true && --jQuery.readyWait > 0 ) {
+			return;
+		}
+
+		// If there are functions bound, to execute
+		readyList.resolveWith( document, [ jQuery ] );
+
+		// Trigger any bound ready events
+		if ( jQuery.fn.triggerHandler ) {
+			jQuery( document ).triggerHandler( "ready" );
+			jQuery( document ).off( "ready" );
+		}
+	}
+});
+
+/**
+ * The ready event handler and self cleanup method
+ */
+function completed() {
+	document.removeEventListener( "DOMContentLoaded", completed, false );
+	window.removeEventListener( "load", completed, false );
+	jQuery.ready();
+}
+
+jQuery.ready.promise = function( obj ) {
+	if ( !readyList ) {
+
+		readyList = jQuery.Deferred();
+
+		// Catch cases where $(document).ready() is called after the browser event has already occurred.
+		// we once tried to use readyState "interactive" here, but it caused issues like the one
+		// discovered by ChrisS here: http://bugs.jquery.com/ticket/12282#comment:15
+		if ( document.readyState === "complete" ) {
+			// Handle it asynchronously to allow scripts the opportunity to delay ready
+			setTimeout( jQuery.ready );
+
+		} else {
+
+			// Use the handy event callback
+			document.addEventListener( "DOMContentLoaded", completed, false );
+
+			// A fallback to window.onload, that will always work
+			window.addEventListener( "load", completed, false );
+		}
+	}
+	return readyList.promise( obj );
+};
+
+// Kick off the DOM ready check even if the user does not
+jQuery.ready.promise();
+
+
+
+
+// Multifunctional method to get and set values of a collection
+// The value/s can optionally be executed if it's a function
+var access = jQuery.access = function( elems, fn, key, value, chainable, emptyGet, raw ) {
+	var i = 0,
+		len = elems.length,
+		bulk = key == null;
+
+	// Sets many values
+	if ( jQuery.type( key ) === "object" ) {
+		chainable = true;
+		for ( i in key ) {
+			jQuery.access( elems, fn, i, key[i], true, emptyGet, raw );
+		}
+
+	// Sets one value
+	} else if ( value !== undefined ) {
+		chainable = true;
+
+		if ( !jQuery.isFunction( value ) ) {
+			raw = true;
+		}
+
+		if ( bulk ) {
+			// Bulk operations run against the entire set
+			if ( raw ) {
+				fn.call( elems, value );
+				fn = null;
+
+			// ...except when executing function values
+			} else {
+				bulk = fn;
+				fn = function( elem, key, value ) {
+					return bulk.call( jQuery( elem ), value );
+				};
+			}
+		}
+
+		if ( fn ) {
+			for ( ; i < len; i++ ) {
+				fn( elems[i], key, raw ? value : value.call( elems[i], i, fn( elems[i], key ) ) );
+			}
+		}
+	}
+
+	return chainable ?
+		elems :
+
+		// Gets
+		bulk ?
+			fn.call( elems ) :
+			len ? fn( elems[0], key ) : emptyGet;
+};
+
+
+/**
+ * Determines whether an object can have data
+ */
+jQuery.acceptData = function( owner ) {
+	// Accepts only:
+	//  - Node
+	//    - Node.ELEMENT_NODE
+	//    - Node.DOCUMENT_NODE
+	//  - Object
+	//    - Any
+	/* jshint -W018 */
+	return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType );
+};
+
+
+function Data() {
+	// Support: Android < 4,
+	// Old WebKit does not have Object.preventExtensions/freeze method,
+	// return new empty object instead with no [[set]] accessor
+	Object.defineProperty( this.cache = {}, 0, {
+		get: function() {
+			return {};
+		}
+	});
+
+	this.expando = jQuery.expando + Math.random();
+}
+
+Data.uid = 1;
+Data.accepts = jQuery.acceptData;
+
+Data.prototype = {
+	key: function( owner ) {
+		// We can accept data for non-element nodes in modern browsers,
+		// but we should not, see #8335.
+		// Always return the key for a frozen object.
+		if ( !Data.accepts( owner ) ) {
+			return 0;
+		}
+
+		var descriptor = {},
+			// Check if the owner object already has a cache key
+			unlock = owner[ this.expando ];
+
+		// If not, create one
+		if ( !unlock ) {
+			unlock = Data.uid++;
+
+			// Secure it in a non-enumerable, non-writable property
+			try {
+				descriptor[ this.expando ] = { value: unlock };
+				Object.defineProperties( owner, descriptor );
+
+			// Support: Android < 4
+			// Fallback to a less secure definition
+			} catch ( e ) {
+				descriptor[ this.expando ] = unlock;
+				jQuery.extend( owner, descriptor );
+			}
+		}
+
+		// Ensure the cache object
+		if ( !this.cache[ unlock ] ) {
+			this.cache[ unlock ] = {};
+		}
+
+		return unlock;
+	},
+	set: function( owner, data, value ) {
+		var prop,
+			// There may be an unlock assigned to this node,
+			// if there is no entry for this "owner", create one inline
+			// and set the unlock as though an owner entry had always existed
+			unlock = this.key( owner ),
+			cache = this.cache[ unlock ];
+
+		// Handle: [ owner, key, value ] args
+		if ( typeof data === "string" ) {
+			cache[ data ] = value;
+
+		// Handle: [ owner, { properties } ] args
+		} else {
+			// Fresh assignments by object are shallow copied
+			if ( jQuery.isEmptyObject( cache ) ) {
+				jQuery.extend( this.cache[ unlock ], data );
+			// Otherwise, copy the properties one-by-one to the cache object
+			} else {
+				for ( prop in data ) {
+					cache[ prop ] = data[ prop ];
+				}
+			}
+		}
+		return cache;
+	},
+	get: function( owner, key ) {
+		// Either a valid cache is found, or will be created.
+		// New caches will be created and the unlock returned,
+		// allowing direct access to the newly created
+		// empty data object. A valid owner object must be provided.
+		var cache = this.cache[ this.key( owner ) ];
+
+		return key === undefined ?
+			cache : cache[ key ];
+	},
+	access: function( owner, key, value ) {
+		var stored;
+		// In cases where either:
+		//
+		//   1. No key was specified
+		//   2. A string key was specified, but no value provided
+		//
+		// Take the "read" path and allow the get method to determine
+		// which value to return, respectively either:
+		//
+		//   1. The entire cache object
+		//   2. The data stored at the key
+		//
+		if ( key === undefined ||
+				((key && typeof key === "string") && value === undefined) ) {
+
+			stored = this.get( owner, key );
+
+			return stored !== undefined ?
+				stored : this.get( owner, jQuery.camelCase(key) );
+		}
+
+		// [*]When the key is not a string, or both a key and value
+		// are specified, set or extend (existing objects) with either:
+		//
+		//   1. An object of properties
+		//   2. A key and value
+		//
+		this.set( owner, key, value );
+
+		// Since the "set" path can have two possible entry points
+		// return the expected data based on which path was taken[*]
+		return value !== undefined ? value : key;
+	},
+	remove: function( owner, key ) {
+		var i, name, camel,
+			unlock = this.key( owner ),
+			cache = this.cache[ unlock ];
+
+		if ( key === undefined ) {
+			this.cache[ unlock ] = {};
+
+		} else {
+			// Support array or space separated string of keys
+			if ( jQuery.isArray( key ) ) {
+				// If "name" is an array of keys...
+				// When data is initially created, via ("key", "val") signature,
+				// keys will be converted to camelCase.
+				// Since there is no way to tell _how_ a key was added, remove
+				// both plain key and camelCase key. #12786
+				// This will only penalize the array argument path.
+				name = key.concat( key.map( jQuery.camelCase ) );
+			} else {
+				camel = jQuery.camelCase( key );
+				// Try the string as a key before any manipulation
+				if ( key in cache ) {
+					name = [ key, camel ];
+				} else {
+					// If a key with the spaces exists, use it.
+					// Otherwise, create an array by matching non-whitespace
+					name = camel;
+					name = name in cache ?
+						[ name ] : ( name.match( rnotwhite ) || [] );
+				}
+			}
+
+			i = name.length;
+			while ( i-- ) {
+				delete cache[ name[ i ] ];
+			}
+		}
+	},
+	hasData: function( owner ) {
+		return !jQuery.isEmptyObject(
+			this.cache[ owner[ this.expando ] ] || {}
+		);
+	},
+	discard: function( owner ) {
+		if ( owner[ this.expando ] ) {
+			delete this.cache[ owner[ this.expando ] ];
+		}
+	}
+};
+var data_priv = new Data();
+
+var data_user = new Data();
+
+
+
+/*
+	Implementation Summary
+
+	1. Enforce API surface and semantic compatibility with 1.9.x branch
+	2. Improve the module's maintainability by reducing the storage
+		paths to a single mechanism.
+	3. Use the same single mechanism to support "private" and "user" data.
+	4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData)
+	5. Avoid exposing implementation details on user objects (eg. expando properties)
+	6. Provide a clear path for implementation upgrade to WeakMap in 2014
+*/
+var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/,
+	rmultiDash = /([A-Z])/g;
+
+function dataAttr( elem, key, data ) {
+	var name;
+
+	// If nothing was found internally, try to fetch any
+	// data from the HTML5 data-* attribute
+	if ( data === undefined && elem.nodeType === 1 ) {
+		name = "data-" + key.replace( rmultiDash, "-$1" ).toLowerCase();
+		data = elem.getAttribute( name );
+
+		if ( typeof data === "string" ) {
+			try {
+				data = data === "true" ? true :
+					data === "false" ? false :
+					data === "null" ? null :
+					// Only convert to a number if it doesn't change the string
+					+data + "" === data ? +data :
+					rbrace.test( data ) ? jQuery.parseJSON( data ) :
+					data;
+			} catch( e ) {}
+
+			// Make sure we set the data so it isn't changed later
+			data_user.set( elem, key, data );
+		} else {
+			data = undefined;
+		}
+	}
+	return data;
+}
+
+jQuery.extend({
+	hasData: function( elem ) {
+		return data_user.hasData( elem ) || data_priv.hasData( elem );
+	},
+
+	data: function( elem, name, data ) {
+		return data_user.access( elem, name, data );
+	},
+
+	removeData: function( elem, name ) {
+		data_user.remove( elem, name );
+	},
+
+	// TODO: Now that all calls to _data and _removeData have been replaced
+	// with direct calls to data_priv methods, these can be deprecated.
+	_data: function( elem, name, data ) {
+		return data_priv.access( elem, name, data );
+	},
+
+	_removeData: function( elem, name ) {
+		data_priv.remove( elem, name );
+	}
+});
+
+jQuery.fn.extend({
+	data: function( key, value ) {
+		var i, name, data,
+			elem = this[ 0 ],
+			attrs = elem && elem.attributes;
+
+		// Gets all values
+		if ( key === undefined ) {
+			if ( this.length ) {
+				data = data_user.get( elem );
+
+				if ( elem.nodeType === 1 && !data_priv.get( elem, "hasDataAttrs" ) ) {
+					i = attrs.length;
+					while ( i-- ) {
+						name = attrs[ i ].name;
+
+						if ( name.indexOf( "data-" ) === 0 ) {
+							name = jQuery.camelCase( name.slice(5) );
+							dataAttr( elem, name, data[ name ] );
+						}
+					}
+					data_priv.set( elem, "hasDataAttrs", true );
+				}
+			}
+
+			return data;
+		}
+
+		// Sets multiple values
+		if ( typeof key === "object" ) {
+			return this.each(function() {
+				data_user.set( this, key );
+			});
+		}
+
+		return access( this, function( value ) {
+			var data,
+				camelKey = jQuery.camelCase( key );
+
+			// The calling jQuery object (element matches) is not empty
+			// (and therefore has an element appears at this[ 0 ]) and the
+			// `value` parameter was not undefined. An empty jQuery object
+			// will result in `undefined` for elem = this[ 0 ] which will
+			// throw an exception if an attempt to read a data cache is made.
+			if ( elem && value === undefined ) {
+				// Attempt to get data from the cache
+				// with the key as-is
+				data = data_user.get( elem, key );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// Attempt to get data from the cache
+				// with the key camelized
+				data = data_user.get( elem, camelKey );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// Attempt to "discover" the data in
+				// HTML5 custom data-* attrs
+				data = dataAttr( elem, camelKey, undefined );
+				if ( data !== undefined ) {
+					return data;
+				}
+
+				// We tried really hard, but the data doesn't exist.
+				return;
+			}
+
+			// Set the data...
+			this.each(function() {
+				// First, attempt to store a copy or reference of any
+				// data that might've been store with a camelCased key.
+				var data = data_user.get( this, camelKey );
+
+				// For HTML5 data-* attribute interop, we have to
+				// store property names with dashes in a camelCase form.
+				// This might not apply to all properties...*
+				data_user.set( this, camelKey, value );
+
+				// *... In the case of properties that might _actually_
+				// have dashes, we need to also store a copy of that
+				// unchanged property.
+				if ( key.indexOf("-") !== -1 && data !== undefined ) {
+					data_user.set( this, key, value );
+				}
+			});
+		}, null, value, arguments.length > 1, null, true );
+	},
+
+	removeData: function( key ) {
+		return this.each(function() {
+			data_user.remove( this, key );
+		});
+	}
+});
+
+
+jQuery.extend({
+	queue: function( elem, type, data ) {
+		var queue;
+
+		if ( elem ) {
+			type = ( type || "fx" ) + "queue";
+			queue = data_priv.get( elem, type );
+
+			// Speed up dequeue by getting out quickly if this is just a lookup
+			if ( data ) {
+				if ( !queue || jQuery.isArray( data ) ) {
+					queue = data_priv.access( elem, type, jQuery.makeArray(data) );
+				} else {
+					queue.push( data );
+				}
+			}
+			return queue || [];
+		}
+	},
+
+	dequeue: function( elem, type ) {
+		type = type || "fx";
+
+		var queue = jQuery.queue( elem, type ),
+			startLength = queue.length,
+			fn = queue.shift(),
+			hooks = jQuery._queueHooks( elem, type ),
+			next = function() {
+				jQuery.dequeue( elem, type );
+			};
+
+		// If the fx queue is dequeued, always remove the progress sentinel
+		if ( fn === "inprogress" ) {
+			fn = queue.shift();
+			startLength--;
+		}
+
+		if ( fn ) {
+
+			// Add a progress sentinel to prevent the fx queue from being
+			// automatically dequeued
+			if ( type === "fx" ) {
+				queue.unshift( "inprogress" );
+			}
+
+			// clear up the last queue stop function
+			delete hooks.stop;
+			fn.call( elem, next, hooks );
+		}
+
+		if ( !startLength && hooks ) {
+			hooks.empty.fire();
+		}
+	},
+
+	// not intended for public consumption - generates a queueHooks object, or returns the current one
+	_queueHooks: function( elem, type ) {
+		var key = type + "queueHooks";
+		return data_priv.get( elem, key ) || data_priv.access( elem, key, {
+			empty: jQuery.Callbacks("once memory").add(function() {
+				data_priv.remove( elem, [ type + "queue", key ] );
+			})
+		});
+	}
+});
+
+jQuery.fn.extend({
+	queue: function( type, data ) {
+		var setter = 2;
+
+		if ( typeof type !== "string" ) {
+			data = type;
+			type = "fx";
+			setter--;
+		}
+
+		if ( arguments.length < setter ) {
+			return jQuery.queue( this[0], type );
+		}
+
+		return data === undefined ?
+			this :
+			this.each(function() {
+				var queue = jQuery.queue( this, type, data );
+
+				// ensure a hooks for this queue
+				jQuery._queueHooks( this, type );
+
+				if ( type === "fx" && queue[0] !== "inprogress" ) {
+					jQuery.dequeue( this, type );
+				}
+			});
+	},
+	dequeue: function( type ) {
+		return this.each(function() {
+			jQuery.dequeue( this, type );
+		});
+	},
+	clearQueue: function( type ) {
+		return this.queue( type || "fx", [] );
+	},
+	// Get a promise resolved when queues of a certain type
+	// are emptied (fx is the type by default)
+	promise: function( type, obj ) {
+		var tmp,
+			count = 1,
+			defer = jQuery.Deferred(),
+			elements = this,
+			i = this.length,
+			resolve = function() {
+				if ( !( --count ) ) {
+					defer.resolveWith( elements, [ elements ] );
+				}
+			};
+
+		if ( typeof type !== "string" ) {
+			obj = type;
+			type = undefined;
+		}
+		type = type || "fx";
+
+		while ( i-- ) {
+			tmp = data_priv.get( elements[ i ], type + "queueHooks" );
+			if ( tmp && tmp.empty ) {
+				count++;
+				tmp.empty.add( resolve );
+			}
+		}
+		resolve();
+		return defer.promise( obj );
+	}
+});
+var pnum = (/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/).source;
+
+var cssExpand = [ "Top", "Right", "Bottom", "Left" ];
+
+var isHidden = function( elem, el ) {
+		// isHidden might be called from jQuery#filter function;
+		// in that case, element will be second argument
+		elem = el || elem;
+		return jQuery.css( elem, "display" ) === "none" || !jQuery.contains( elem.ownerDocument, elem );
+	};
+
+var rcheckableType = (/^(?:checkbox|radio)$/i);
+
+
+
+(function() {
+	var fragment = document.createDocumentFragment(),
+		div = fragment.appendChild( document.createElement( "div" ) ),
+		input = document.createElement( "input" );
+
+	// #11217 - WebKit loses check when the name is after the checked attribute
+	// Support: Windows Web Apps (WWA)
+	// `name` and `type` need .setAttribute for WWA
+	input.setAttribute( "type", "radio" );
+	input.setAttribute( "checked", "checked" );
+	input.setAttribute( "name", "t" );
+
+	div.appendChild( input );
+
+	// Support: Safari 5.1, iOS 5.1, Android 4.x, Android 2.3
+	// old WebKit doesn't clone checked state correctly in fragments
+	support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked;
+
+	// Make sure textarea (and checkbox) defaultValue is properly cloned
+	// Support: IE9-IE11+
+	div.innerHTML = "<textarea>x</textarea>";
+	support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue;
+})();
+var strundefined = typeof undefined;
+
+
+
+support.focusinBubbles = "onfocusin" in window;
+
+
+var
+	rkeyEvent = /^key/,
+	rmouseEvent = /^(?:mouse|pointer|contextmenu)|click/,
+	rfocusMorph = /^(?:focusinfocus|focusoutblur)$/,
+	rtypenamespace = /^([^.]*)(?:\.(.+)|)$/;
+
+function returnTrue() {
+	return true;
+}
+
+function returnFalse() {
+	return false;
+}
+
+function safeActiveElement() {
+	try {
+		return document.activeElement;
+	} catch ( err ) { }
+}
+
+/*
+ * Helper functions for managing events -- not part of the public interface.
+ * Props to Dean Edwards' addEvent library for many of the ideas.
+ */
+jQuery.event = {
+
+	global: {},
+
+	add: function( elem, types, handler, data, selector ) {
+
+		var handleObjIn, eventHandle, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = data_priv.get( elem );
+
+		// Don't attach events to noData or text/comment nodes (but allow plain objects)
+		if ( !elemData ) {
+			return;
+		}
+
+		// Caller can pass in an object of custom data in lieu of the handler
+		if ( handler.handler ) {
+			handleObjIn = handler;
+			handler = handleObjIn.handler;
+			selector = handleObjIn.selector;
+		}
+
+		// Make sure that the handler has a unique ID, used to find/remove it later
+		if ( !handler.guid ) {
+			handler.guid = jQuery.guid++;
+		}
+
+		// Init the element's event structure and main handler, if this is the first
+		if ( !(events = elemData.events) ) {
+			events = elemData.events = {};
+		}
+		if ( !(eventHandle = elemData.handle) ) {
+			eventHandle = elemData.handle = function( e ) {
+				// Discard the second event of a jQuery.event.trigger() and
+				// when an event is called after a page has unloaded
+				return typeof jQuery !== strundefined && jQuery.event.triggered !== e.type ?
+					jQuery.event.dispatch.apply( elem, arguments ) : undefined;
+			};
+		}
+
+		// Handle multiple events separated by a space
+		types = ( types || "" ).match( rnotwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[t] ) || [];
+			type = origType = tmp[1];
+			namespaces = ( tmp[2] || "" ).split( "." ).sort();
+
+			// There *must* be a type, no attaching namespace-only handlers
+			if ( !type ) {
+				continue;
+			}
+
+			// If event changes its type, use the special event handlers for the changed type
+			special = jQuery.event.special[ type ] || {};
+
+			// If selector defined, determine special event api type, otherwise given type
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+
+			// Update special based on newly reset type
+			special = jQuery.event.special[ type ] || {};
+
+			// handleObj is passed to all event handlers
+			handleObj = jQuery.extend({
+				type: type,
+				origType: origType,
+				data: data,
+				handler: handler,
+				guid: handler.guid,
+				selector: selector,
+				needsContext: selector && jQuery.expr.match.needsContext.test( selector ),
+				namespace: namespaces.join(".")
+			}, handleObjIn );
+
+			// Init the event handler queue if we're the first
+			if ( !(handlers = events[ type ]) ) {
+				handlers = events[ type ] = [];
+				handlers.delegateCount = 0;
+
+				// Only use addEventListener if the special events handler returns false
+				if ( !special.setup || special.setup.call( elem, data, namespaces, eventHandle ) === false ) {
+					if ( elem.addEventListener ) {
+						elem.addEventListener( type, eventHandle, false );
+					}
+				}
+			}
+
+			if ( special.add ) {
+				special.add.call( elem, handleObj );
+
+				if ( !handleObj.handler.guid ) {
+					handleObj.handler.guid = handler.guid;
+				}
+			}
+
+			// Add to the element's handler list, delegates in front
+			if ( selector ) {
+				handlers.splice( handlers.delegateCount++, 0, handleObj );
+			} else {
+				handlers.push( handleObj );
+			}
+
+			// Keep track of which events have ever been used, for event optimization
+			jQuery.event.global[ type ] = true;
+		}
+
+	},
+
+	// Detach an event or set of events from an element
+	remove: function( elem, types, handler, selector, mappedTypes ) {
+
+		var j, origCount, tmp,
+			events, t, handleObj,
+			special, handlers, type, namespaces, origType,
+			elemData = data_priv.hasData( elem ) && data_priv.get( elem );
+
+		if ( !elemData || !(events = elemData.events) ) {
+			return;
+		}
+
+		// Once for each type.namespace in types; type may be omitted
+		types = ( types || "" ).match( rnotwhite ) || [ "" ];
+		t = types.length;
+		while ( t-- ) {
+			tmp = rtypenamespace.exec( types[t] ) || [];
+			type = origType = tmp[1];
+			namespaces = ( tmp[2] || "" ).split( "." ).sort();
+
+			// Unbind all events (on this namespace, if provided) for the element
+			if ( !type ) {
+				for ( type in events ) {
+					jQuery.event.remove( elem, type + types[ t ], handler, selector, true );
+				}
+				continue;
+			}
+
+			special = jQuery.event.special[ type ] || {};
+			type = ( selector ? special.delegateType : special.bindType ) || type;
+			handlers = events[ type ] || [];
+			tmp = tmp[2] && new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" );
+
+			// Remove matching events
+			origCount = j = handlers.length;
+			while ( j-- ) {
+				handleObj = handlers[ j ];
+
+				if ( ( mappedTypes || origType === handleObj.origType ) &&
+					( !handler || handler.guid === handleObj.guid ) &&
+					( !tmp || tmp.test( handleObj.namespace ) ) &&
+					( !selector || selector === handleObj.selector || selector === "**" && handleObj.selector ) ) {
+					handlers.splice( j, 1 );
+
+					if ( handleObj.selector ) {
+						handlers.delegateCount--;
+					}
+					if ( special.remove ) {
+						special.remove.call( elem, handleObj );
+					}
+				}
+			}
+
+			// Remove generic event handler if we removed something and no more handlers exist
+			// (avoids potential for endless recursion during removal of special event handlers)
+			if ( origCount && !handlers.length ) {
+				if ( !special.teardown || special.teardown.call( elem, namespaces, elemData.handle ) === false ) {
+					jQuery.removeEvent( elem, type, elemData.handle );
+				}
+
+				delete events[ type ];
+			}
+		}
+
+		// Remove the expando if it's no longer used
+		if ( jQuery.isEmptyObject( events ) ) {
+			delete elemData.handle;
+			data_priv.remove( elem, "events" );
+		}
+	},
+
+	trigger: function( event, data, elem, onlyHandlers ) {
+
+		var i, cur, tmp, bubbleType, ontype, handle, special,
+			eventPath = [ elem || document ],
+			type = hasOwn.call( event, "type" ) ? event.type : event,
+			namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split(".") : [];
+
+		cur = tmp = elem = elem || document;
+
+		// Don't do events on text and comment nodes
+		if ( elem.nodeType === 3 || elem.nodeType === 8 ) {
+			return;
+		}
+
+		// focus/blur morphs to focusin/out; ensure we're not firing them right now
+		if ( rfocusMorph.test( type + jQuery.event.triggered ) ) {
+			return;
+		}
+
+		if ( type.indexOf(".") >= 0 ) {
+			// Namespaced trigger; create a regexp to match event type in handle()
+			namespaces = type.split(".");
+			type = namespaces.shift();
+			namespaces.sort();
+		}
+		ontype = type.indexOf(":") < 0 && "on" + type;
+
+		// Caller can pass in a jQuery.Event object, Object, or just an event type string
+		event = event[ jQuery.expando ] ?
+			event :
+			new jQuery.Event( type, typeof event === "object" && event );
+
+		// Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true)
+		event.isTrigger = onlyHandlers ? 2 : 3;
+		event.namespace = namespaces.join(".");
+		event.namespace_re = event.namespace ?
+			new RegExp( "(^|\\.)" + namespaces.join("\\.(?:.*\\.|)") + "(\\.|$)" ) :
+			null;
+
+		// Clean up the event in case it is being reused
+		event.result = undefined;
+		if ( !event.target ) {
+			event.target = elem;
+		}
+
+		// Clone any incoming data and prepend the event, creating the handler arg list
+		data = data == null ?
+			[ event ] :
+			jQuery.makeArray( data, [ event ] );
+
+		// Allow special events to draw outside the lines
+		special = jQuery.event.special[ type ] || {};
+		if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) {
+			return;
+		}
+
+		// Determine event propagation path in advance, per W3C events spec (#9951)
+		// Bubble up to document, then to window; watch for a global ownerDocument var (#9724)
+		if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) {
+
+			bubbleType = special.delegateType || type;
+			if ( !rfocusMorph.test( bubbleType + type ) ) {
+				cur = cur.parentNode;
+			}
+			for ( ; cur; cur = cur.parentNode ) {
+				eventPath.push( cur );
+				tmp = cur;
+			}
+
+			// Only add window if we got to document (e.g., not plain obj or detached DOM)
+			if ( tmp === (elem.ownerDocument || document) ) {
+				eventPath.push( tmp.defaultView || tmp.parentWindow || window );
+			}
+		}
+
+		// Fire handlers on the event path
+		i = 0;
+		while ( (cur = eventPath[i++]) && !event.isPropagationStopped() ) {
+
+			event.type = i > 1 ?
+				bubbleType :
+				special.bindType || type;
+
+			// jQuery handler
+			handle = ( data_priv.get( cur, "events" ) || {} )[ event.type ] && data_priv.get( cur, "handle" );
+			if ( handle ) {
+				handle.apply( cur, data );
+			}
+
+			// Native handler
+			handle = ontype && cur[ ontype ];
+			if ( handle && handle.apply && jQuery.acceptData( cur ) ) {
+				event.result = handle.apply( cur, data );
+				if ( event.result === false ) {
+					event.preventDefault();
+				}
+			}
+		}
+		event.type = type;
+
+		// If nobody prevented the default action, do it now
+		if ( !onlyHandlers && !event.isDefaultPrevented() ) {
+
+			if ( (!special._default || special._default.apply( eventPath.pop(), data ) === false) &&
+				jQuery.acceptData( elem ) ) {
+
+				// Call a native DOM method on the target with the same name name as the event.
+				// Don't do default actions on window, that's where global variables be (#6170)
+				if ( ontype && jQuery.isFunction( elem[ type ] ) && !jQuery.isWindow( elem ) ) {
+
+					// Don't re-trigger an onFOO event when we call its FOO() method
+					tmp = elem[ ontype ];
+
+					if ( tmp ) {
+						elem[ ontype ] = null;
+					}
+
+					// Prevent re-triggering of the same event, since we already bubbled it above
+					jQuery.event.triggered = type;
+					elem[ type ]();
+					jQuery.event.triggered = undefined;
+
+					if ( tmp ) {
+						elem[ ontype ] = tmp;
+					}
+				}
+			}
+		}
+
+		return event.result;
+	},
+
+	dispatch: function( event ) {
+
+		// Make a writable jQuery.Event from the native event object
+		event = jQuery.event.fix( event );
+
+		var i, j, ret, matched, handleObj,
+			handlerQueue = [],
+			args = slice.call( arguments ),
+			handlers = ( data_priv.get( this, "events" ) || {} )[ event.type ] || [],
+			special = jQuery.event.special[ event.type ] || {};
+
+		// Use the fix-ed jQuery.Event rather than the (read-only) native event
+		args[0] = event;
+		event.delegateTarget = this;
+
+		// Call the preDispatch hook for the mapped type, and let it bail if desired
+		if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) {
+			return;
+		}
+
+		// Determine handlers
+		handlerQueue = jQuery.event.handlers.call( this, event, handlers );
+
+		// Run delegates first; they may want to stop propagation beneath us
+		i = 0;
+		while ( (matched = handlerQueue[ i++ ]) && !event.isPropagationStopped() ) {
+			event.currentTarget = matched.elem;
+
+			j = 0;
+			while ( (handleObj = matched.handlers[ j++ ]) && !event.isImmediatePropagationStopped() ) {
+
+				// Triggered event must either 1) have no namespace, or
+				// 2) have namespace(s) a subset or equal to those in the bound event (both can have no namespace).
+				if ( !event.namespace_re || event.namespace_re.test( handleObj.namespace ) ) {
+
+					event.handleObj = handleObj;
+					event.data = handleObj.data;
+
+					ret = ( (jQuery.event.special[ handleObj.origType ] || {}).handle || handleObj.handler )
+							.apply( matched.elem, args );
+
+					if ( ret !== undefined ) {
+						if ( (event.result = ret) === false ) {
+							event.preventDefault();
+							event.stopPropagation();
+						}
+					}
+				}
+			}
+		}
+
+		// Call the postDispatch hook for the mapped type
+		if ( special.postDispatch ) {
+			special.postDispatch.call( this, event );
+		}
+
+		return event.result;
+	},
+
+	handlers: function( event, handlers ) {
+		var i, matches, sel, handleObj,
+			handlerQueue = [],
+			delegateCount = handlers.delegateCount,
+			cur = event.target;
+
+		// Find delegate handlers
+		// Black-hole SVG <use> instance trees (#13180)
+		// Avoid non-left-click bubbling in Firefox (#3861)
+		if ( delegateCount && cur.nodeType && (!event.button || event.type !== "click") ) {
+
+			for ( ; cur !== this; cur = cur.parentNode || this ) {
+
+				// Don't process clicks on disabled elements (#6911, #8165, #11382, #11764)
+				if ( cur.disabled !== true || event.type !== "click" ) {
+					matches = [];
+					for ( i = 0; i < delegateCount; i++ ) {
+						handleObj = handlers[ i ];
+
+						// Don't conflict with Object.prototype properties (#13203)
+						sel = handleObj.selector + " ";
+
+						if ( matches[ sel ] === undefined ) {
+							matches[ sel ] = handleObj.needsContext ?
+								jQuery( sel, this ).index( cur ) >= 0 :
+								jQuery.find( sel, this, null, [ cur ] ).length;
+						}
+						if ( matches[ sel ] ) {
+							matches.push( handleObj );
+						}
+					}
+					if ( matches.length ) {
+						handlerQueue.push({ elem: cur, handlers: matches });
+					}
+				}
+			}
+		}
+
+		// Add the remaining (directly-bound) handlers
+		if ( delegateCount < handlers.length ) {
+			handlerQueue.push({ elem: this, handlers: handlers.slice( delegateCount ) });
+		}
+
+		return handlerQueue;
+	},
+
+	// Includes some event props shared by KeyEvent and MouseEvent
+	props: "altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),
+
+	fixHooks: {},
+
+	keyHooks: {
+		props: "char charCode key keyCode".split(" "),
+		filter: function( event, original ) {
+
+			// Add which for key events
+			if ( event.which == null ) {
+				event.which = original.charCode != null ? original.charCode : original.keyCode;
+			}
+
+			return event;
+		}
+	},
+
+	mouseHooks: {
+		props: "button buttons clientX clientY offsetX offsetY pageX pageY screenX screenY toElement".split(" "),
+		filter: function( event, original ) {
+			var eventDoc, doc, body,
+				button = original.button;
+
+			// Calculate pageX/Y if missing and clientX/Y available
+			if ( event.pageX == null && original.clientX != null ) {
+				eventDoc = event.target.ownerDocument || document;
+				doc = eventDoc.documentElement;
+				body = eventDoc.body;
+
+				event.pageX = original.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 );
+				event.pageY = original.clientY + ( doc && doc.scrollTop  || body && body.scrollTop  || 0 ) - ( doc && doc.clientTop  || body && body.clientTop  || 0 );
+			}
+
+			// Add which for click: 1 === left; 2 === middle; 3 === right
+			// Note: button is not normalized, so don't use it
+			if ( !event.which && button !== undefined ) {
+				event.which = ( button & 1 ? 1 : ( button & 2 ? 3 : ( button & 4 ? 2 : 0 ) ) );
+			}
+
+			return event;
+		}
+	},
+
+	fix: function( event ) {
+		if ( event[ jQuery.expando ] ) {
+			return event;
+		}
+
+		// Create a writable copy of the event object and normalize some properties
+		var i, prop, copy,
+			type = event.type,
+			originalEvent = event,
+			fixHook = this.fixHooks[ type ];
+
+		if ( !fixHook ) {
+			this.fixHooks[ type ] = fixHook =
+				rmouseEvent.test( type ) ? this.mouseHooks :
+				rkeyEvent.test( type ) ? this.keyHooks :
+				{};
+		}
+		copy = fixHook.props ? this.props.concat( fixHook.props ) : this.props;
+
+		event = new jQuery.Event( originalEvent );
+
+		i = copy.length;
+		while ( i-- ) {
+			prop = copy[ i ];
+			event[ prop ] = originalEvent[ prop ];
+		}
+
+		// Support: Cordova 2.5 (WebKit) (#13255)
+		// All events should have a target; Cordova deviceready doesn't
+		if ( !event.target ) {
+			event.target = document;
+		}
+
+		// Support: Safari 6.0+, Chrome < 28
+		// Target should not be a text node (#504, #13143)
+		if ( event.target.nodeType === 3 ) {
+			event.target = event.target.parentNode;
+		}
+
+		return fixHook.filter ? fixHook.filter( event, originalEvent ) : event;
+	},
+
+	special: {
+		load: {
+			// Prevent triggered image.load events from bubbling to window.load
+			noBubble: true
+		},
+		focus: {
+			// Fire native event if possible so blur/focus sequence is correct
+			trigger: function() {
+				if ( this !== safeActiveElement() && this.focus ) {
+					this.focus();
+					return false;
+				}
+			},
+			delegateType: "focusin"
+		},
+		blur: {
+			trigger: function() {
+				if ( this === safeActiveElement() && this.blur ) {
+					this.blur();
+					return false;
+				}
+			},
+			delegateType: "focusout"
+		},
+		click: {
+			// For checkbox, fire native event so checked state will be right
+			trigger: function() {
+				if ( this.type === "checkbox" && this.click && jQuery.nodeName( this, "input" ) ) {
+					this.click();
+					return false;
+				}
+			},
+
+			// For cross-browser consistency, don't fire native .click() on links
+			_default: function( event ) {
+				return jQuery.nodeName( event.target, "a" );
+			}
+		},
+
+		beforeunload: {
+			postDispatch: function( event ) {
+
+				// Support: Firefox 20+
+				// Firefox doesn't alert if the returnValue field is not set.
+				if ( event.result !== undefined && event.originalEvent ) {
+					event.originalEvent.returnValue = event.result;
+				}
+			}
+		}
+	},
+
+	simulate: function( type, elem, event, bubble ) {
+		// Piggyback on a donor event to simulate a different one.
+		// Fake originalEvent to avoid donor's stopPropagation, but if the
+		// simulated event prevents default then we do the same on the donor.
+		var e = jQuery.extend(
+			new jQuery.Event(),
+			event,
+			{
+				type: type,
+				isSimulated: true,
+				originalEvent: {}
+			}
+		);
+		if ( bubble ) {
+			jQuery.event.trigger( e, null, elem );
+		} else {
+			jQuery.event.dispatch.call( elem, e );
+		}
+		if ( e.isDefaultPrevented() ) {
+			event.preventDefault();
+		}
+	}
+};
+
+jQuery.removeEvent = function( elem, type, handle ) {
+	if ( elem.removeEventListener ) {
+		elem.removeEventListener( type, handle, false );
+	}
+};
+
+jQuery.Event = function( src, props ) {
+	// Allow instantiation without the 'new' keyword
+	if ( !(this instanceof jQuery.Event) ) {
+		return new jQuery.Event( src, props );
+	}
+
+	// Event object
+	if ( src && src.type ) {
+		this.originalEvent = src;
+		this.type = src.type;
+
+		// Events bubbling up the document may have been marked as prevented
+		// by a handler lower down the tree; reflect the correct value.
+		this.isDefaultPrevented = src.defaultPrevented ||
+				src.defaultPrevented === undefined &&
+				// Support: Android < 4.0
+				src.returnValue === false ?
+			returnTrue :
+			returnFalse;
+
+	// Event type
+	} else {
+		this.type = src;
+	}
+
+	// Put explicitly provided properties onto the event object
+	if ( props ) {
+		jQuery.extend( this, props );
+	}
+
+	// Create a timestamp if incoming event doesn't have one
+	this.timeStamp = src && src.timeStamp || jQuery.now();
+
+	// Mark it as fixed
+	this[ jQuery.expando ] = true;
+};
+
+// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding
+// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html
+jQuery.Event.prototype = {
+	isDefaultPrevented: returnFalse,
+	isPropagationStopped: returnFalse,
+	isImmediatePropagationStopped: returnFalse,
+
+	preventDefault: function() {
+		var e = this.originalEvent;
+
+		this.isDefaultPrevented = returnTrue;
+
+		if ( e && e.preventDefault ) {
+			e.preventDefault();
+		}
+	},
+	stopPropagation: function() {
+		var e = this.originalEvent;
+
+		this.isPropagationStopped = returnTrue;
+
+		if ( e && e.stopPropagation ) {
+			e.stopPropagation();
+		}
+	},
+	stopImmediatePropagation: function() {
+		var e = this.originalEvent;
+
+		this.isImmediatePropagationStopped = returnTrue;
+
+		if ( e && e.stopImmediatePropagation ) {
+			e.stopImmediatePropagation();
+		}
+
+		this.stopPropagation();
+	}
+};
+
+// Create mouseenter/leave events using mouseover/out and event-time checks
+// Support: Chrome 15+
+jQuery.each({
+	mouseenter: "mouseover",
+	mouseleave: "mouseout",
+	pointerenter: "pointerover",
+	pointerleave: "pointerout"
+}, function( orig, fix ) {
+	jQuery.event.special[ orig ] = {
+		delegateType: fix,
+		bindType: fix,
+
+		handle: function( event ) {
+			var ret,
+				target = this,
+				related = event.relatedTarget,
+				handleObj = event.handleObj;
+
+			// For mousenter/leave call the handler if related is outside the target.
+			// NB: No relatedTarget if the mouse left/entered the browser window
+			if ( !related || (related !== target && !jQuery.contains( target, related )) ) {
+				event.type = handleObj.origType;
+				ret = handleObj.handler.apply( this, arguments );
+				event.type = fix;
+			}
+			return ret;
+		}
+	};
+});
+
+// Create "bubbling" focus and blur events
+// Support: Firefox, Chrome, Safari
+if ( !support.focusinBubbles ) {
+	jQuery.each({ focus: "focusin", blur: "focusout" }, function( orig, fix ) {
+
+		// Attach a single capturing handler on the document while someone wants focusin/focusout
+		var handler = function( event ) {
+				jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ), true );
+			};
+
+		jQuery.event.special[ fix ] = {
+			setup: function() {
+				var doc = this.ownerDocument || this,
+					attaches = data_priv.access( doc, fix );
+
+				if ( !attaches ) {
+					doc.addEventListener( orig, handler, true );
+				}
+				data_priv.access( doc, fix, ( attaches || 0 ) + 1 );
+			},
+			teardown: function() {
+				var doc = this.ownerDocument || this,
+					attaches = data_priv.access( doc, fix ) - 1;
+
+				if ( !attaches ) {
+					doc.removeEventListener( orig, handler, true );
+					data_priv.remove( doc, fix );
+
+				} else {
+					data_priv.access( doc, fix, attaches );
+				}
+			}
+		};
+	});
+}
+
+jQuery.fn.extend({
+
+	on: function( types, selector, data, fn, /*INTERNAL*/ one ) {
+		var origFn, type;
+
+		// Types can be a map of types/handlers
+		if ( typeof types === "object" ) {
+			// ( types-Object, selector, data )
+			if ( typeof selector !== "string" ) {
+				// ( types-Object, data )
+				data = data || selector;
+				selector = undefined;
+			}
+			for ( type in types ) {
+				this.on( type, selector, data, types[ type ], one );
+			}
+			return this;
+		}
+
+		if ( data == null && fn == null ) {
+			// ( types, fn )
+			fn = selector;
+			data = selector = undefined;
+		} else if ( fn == null ) {
+			if ( typeof selector === "string" ) {
+				// ( types, selector, fn )
+				fn = data;
+				data = undefined;
+			} else {
+				// ( types, data, fn )
+				fn = data;
+				data = selector;
+				selector = undefined;
+			}
+		}
+		if ( fn === false ) {
+			fn = returnFalse;
+		} else if ( !fn ) {
+			return this;
+		}
+
+		if ( one === 1 ) {
+			origFn = fn;
+			fn = function( event ) {
+				// Can use an empty set, since event contains the info
+				jQuery().off( event );
+				return origFn.apply( this, arguments );
+			};
+			// Use same guid so caller can remove using origFn
+			fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ );
+		}
+		return this.each( function() {
+			jQuery.event.add( this, types, fn, data, selector );
+		});
+	},
+	one: function( types, selector, data, fn ) {
+		return this.on( types, selector, data, fn, 1 );
+	},
+	off: function( types, selector, fn ) {
+		var handleObj, type;
+		if ( types && types.preventDefault && types.handleObj ) {
+			// ( event )  dispatched jQuery.Event
+			handleObj = types.handleObj;
+			jQuery( types.delegateTarget ).off(
+				handleObj.namespace ? handleObj.origType + "." + handleObj.namespace : handleObj.origType,
+				handleObj.selector,
+				handleObj.handler
+			);
+			return this;
+		}
+		if ( typeof types === "object" ) {
+			// ( types-object [, selector] )
+			for ( type in types ) {
+				this.off( type, selector, types[ type ] );
+			}
+			return this;
+		}
+		if ( selector === false || typeof selector === "function" ) {
+			// ( types [, fn] )
+			fn = selector;
+			selector = undefined;
+		}
+		if ( fn === false ) {
+			fn = returnFalse;
+		}
+		return this.each(function() {
+			jQuery.event.remove( this, types, fn, selector );
+		});
+	},
+
+	trigger: function( type, data ) {
+		return this.each(function() {
+			jQuery.event.trigger( type, data, this );
+		});
+	},
+	triggerHandler: function( type, data ) {
+		var elem = this[0];
+		if ( elem ) {
+			return jQuery.event.trigger( type, data, elem, true );
+		}
+	}
+});
+
+
+var
+	rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/gi,
+	rtagName = /<([\w:]+)/,
+	rhtml = /<|&#?\w+;/,
+	rnoInnerhtml = /<(?:script|style|link)/i,
+	// checked="checked" or checked
+	rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
+	rscriptType = /^$|\/(?:java|ecma)script/i,
+	rscriptTypeMasked = /^true\/(.*)/,
+	rcleanScript = /^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,
+
+	// We have to close these tags to support XHTML (#13200)
+	wrapMap = {
+
+		// Support: IE 9
+		option: [ 1, "<select multiple='multiple'>", "</select>" ],
+
+		thead: [ 1, "<table>", "</table>" ],
+		col: [ 2, "<table><colgroup>", "</colgroup></table>" ],
+		tr: [ 2, "<table><tbody>", "</tbody></table>" ],
+		td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ],
+
+		_default: [ 0, "", "" ]
+	};
+
+// Support: IE 9
+wrapMap.optgroup = wrapMap.option;
+
+wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
+wrapMap.th = wrapMap.td;
+
+// Support: 1.x compatibility
+// Manipulating tables requires a tbody
+function manipulationTarget( elem, content ) {
+	return jQuery.nodeName( elem, "table" ) &&
+		jQuery.nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ?
+
+		elem.getElementsByTagName("tbody")[0] ||
+			elem.appendChild( elem.ownerDocument.createElement("tbody") ) :
+		elem;
+}
+
+// Replace/restore the type attribute of script elements for safe DOM manipulation
+function disableScript( elem ) {
+	elem.type = (elem.getAttribute("type") !== null) + "/" + elem.type;
+	return elem;
+}
+function restoreScript( elem ) {
+	var match = rscriptTypeMasked.exec( elem.type );
+
+	if ( match ) {
+		elem.type = match[ 1 ];
+	} else {
+		elem.removeAttribute("type");
+	}
+
+	return elem;
+}
+
+// Mark scripts as having already been evaluated
+function setGlobalEval( elems, refElements ) {
+	var i = 0,
+		l = elems.length;
+
+	for ( ; i < l; i++ ) {
+		data_priv.set(
+			elems[ i ], "globalEval", !refElements || data_priv.get( refElements[ i ], "globalEval" )
+		);
+	}
+}
+
+function cloneCopyEvent( src, dest ) {
+	var i, l, type, pdataOld, pdataCur, udataOld, udataCur, events;
+
+	if ( dest.nodeType !== 1 ) {
+		return;
+	}
+
+	// 1. Copy private data: events, handlers, etc.
+	if ( data_priv.hasData( src ) ) {
+		pdataOld = data_priv.access( src );
+		pdataCur = data_priv.set( dest, pdataOld );
+		events = pdataOld.events;
+
+		if ( events ) {
+			delete pdataCur.handle;
+			pdataCur.events = {};
+
+			for ( type in events ) {
+				for ( i = 0, l = events[ type ].length; i < l; i++ ) {
+					jQuery.event.add( dest, type, events[ type ][ i ] );
+				}
+			}
+		}
+	}
+
+	// 2. Copy user data
+	if ( data_user.hasData( src ) ) {
+		udataOld = data_user.access( src );
+		udataCur = jQuery.extend( {}, udataOld );
+
+		data_user.set( dest, udataCur );
+	}
+}
+
+function getAll( context, tag ) {
+	var ret = context.getElementsByTagName ? context.getElementsByTagName( tag || "*" ) :
+			context.querySelectorAll ? context.querySelectorAll( tag || "*" ) :
+			[];
+
+	return tag === undefined || tag && jQuery.nodeName( context, tag ) ?
+		jQuery.merge( [ context ], ret ) :
+		ret;
+}
+
+// Support: IE >= 9
+function fixInput( src, dest ) {
+	var nodeName = dest.nodeName.toLowerCase();
+
+	// Fails to persist the checked state of a cloned checkbox or radio button.
+	if ( nodeName === "input" && rcheckableType.test( src.type ) ) {
+		dest.checked = src.checked;
+
+	// Fails to return the selected option to the default selected state when cloning options
+	} else if ( nodeName === "input" || nodeName === "textarea" ) {
+		dest.defaultValue = src.defaultValue;
+	}
+}
+
+jQuery.extend({
+	clone: function( elem, dataAndEvents, deepDataAndEvents ) {
+		var i, l, srcElements, destElements,
+			clone = elem.cloneNode( true ),
+			inPage = jQuery.contains( elem.ownerDocument, elem );
+
+		// Support: IE >= 9
+		// Fix Cloning issues
+		if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) &&
+				!jQuery.isXMLDoc( elem ) ) {
+
+			// We eschew Sizzle here for performance reasons: http://jsperf.com/getall-vs-sizzle/2
+			destElements = getAll( clone );
+			srcElements = getAll( elem );
+
+			for ( i = 0, l = srcElements.length; i < l; i++ ) {
+				fixInput( srcElements[ i ], destElements[ i ] );
+			}
+		}
+
+		// Copy the events from the original to the clone
+		if ( dataAndEvents ) {
+			if ( deepDataAndEvents ) {
+				srcElements = srcElements || getAll( elem );
+				destElements = destElements || getAll( clone );
+
+				for ( i = 0, l = srcElements.length; i < l; i++ ) {
+					cloneCopyEvent( srcElements[ i ], destElements[ i ] );
+				}
+			} else {
+				cloneCopyEvent( elem, clone );
+			}
+		}
+
+		// Preserve script evaluation history
+		destElements = getAll( clone, "script" );
+		if ( destElements.length > 0 ) {
+			setGlobalEval( destElements, !inPage && getAll( elem, "script" ) );
+		}
+
+		// Return the cloned set
+		return clone;
+	},
+
+	buildFragment: function( elems, context, scripts, selection ) {
+		var elem, tmp, tag, wrap, contains, j,
+			fragment = context.createDocumentFragment(),
+			nodes = [],
+			i = 0,
+			l = elems.length;
+
+		for ( ; i < l; i++ ) {
+			elem = elems[ i ];
+
+			if ( elem || elem === 0 ) {
+
+				// Add nodes directly
+				if ( jQuery.type( elem ) === "object" ) {
+					// Support: QtWebKit
+					// jQuery.merge because push.apply(_, arraylike) throws
+					jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem );
+
+				// Convert non-html into a text node
+				} else if ( !rhtml.test( elem ) ) {
+					nodes.push( context.createTextNode( elem ) );
+
+				// Convert html into DOM nodes
+				} else {
+					tmp = tmp || fragment.appendChild( context.createElement("div") );
+
+					// Deserialize a standard representation
+					tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase();
+					wrap = wrapMap[ tag ] || wrapMap._default;
+					tmp.innerHTML = wrap[ 1 ] + elem.replace( rxhtmlTag, "<$1></$2>" ) + wrap[ 2 ];
+
+					// Descend through wrappers to the right content
+					j = wrap[ 0 ];
+					while ( j-- ) {
+						tmp = tmp.lastChild;
+					}
+
+					// Support: QtWebKit
+					// jQuery.merge because push.apply(_, arraylike) throws
+					jQuery.merge( nodes, tmp.childNodes );
+
+					// Remember the top-level container
+					tmp = fragment.firstChild;
+
+					// Fixes #12346
+					// Support: Webkit, IE
+					tmp.textContent = "";
+				}
+			}
+		}
+
+		// Remove wrapper from fragment
+		fragment.textContent = "";
+
+		i = 0;
+		while ( (elem = nodes[ i++ ]) ) {
+
+			// #4087 - If origin and destination elements are the same, and this is
+			// that element, do not do anything
+			if ( selection && jQuery.inArray( elem, selection ) !== -1 ) {
+				continue;
+			}
+
+			contains = jQuery.contains( elem.ownerDocument, elem );
+
+			// Append to fragment
+			tmp = getAll( fragment.appendChild( elem ), "script" );
+
+			// Preserve script evaluation history
+			if ( contains ) {
+				setGlobalEval( tmp );
+			}
+
+			// Capture executables
+			if ( scripts ) {
+				j = 0;
+				while ( (elem = tmp[ j++ ]) ) {
+					if ( rscriptType.test( elem.type || "" ) ) {
+						scripts.push( elem );
+					}
+				}
+			}
+		}
+
+		return fragment;
+	},
+
+	cleanData: function( elems ) {
+		var data, elem, type, key,
+			special = jQuery.event.special,
+			i = 0;
+
+		for ( ; (elem = elems[ i ]) !== undefined; i++ ) {
+			if ( jQuery.acceptData( elem ) ) {
+				key = elem[ data_priv.expando ];
+
+				if ( key && (data = data_priv.cache[ key ]) ) {
+					if ( data.events ) {
+						for ( type in data.events ) {
+							if ( special[ type ] ) {
+								jQuery.event.remove( elem, type );
+
+							// This is a shortcut to avoid jQuery.event.remove's overhead
+							} else {
+								jQuery.removeEvent( elem, type, data.handle );
+							}
+						}
+					}
+					if ( data_priv.cache[ key ] ) {
+						// Discard any remaining `private` data
+						delete data_priv.cache[ key ];
+					}
+				}
+			}
+			// Discard any remaining `user` data
+			delete data_user.cache[ elem[ data_user.expando ] ];
+		}
+	}
+});
+
+jQuery.fn.extend({
+	text: function( value ) {
+		return access( this, function( value ) {
+			return value === undefined ?
+				jQuery.text( this ) :
+				this.empty().each(function() {
+					if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+						this.textContent = value;
+					}
+				});
+		}, null, value, arguments.length );
+	},
+
+	append: function() {
+		return this.domManip( arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.appendChild( elem );
+			}
+		});
+	},
+
+	prepend: function() {
+		return this.domManip( arguments, function( elem ) {
+			if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) {
+				var target = manipulationTarget( this, elem );
+				target.insertBefore( elem, target.firstChild );
+			}
+		});
+	},
+
+	before: function() {
+		return this.domManip( arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this );
+			}
+		});
+	},
+
+	after: function() {
+		return this.domManip( arguments, function( elem ) {
+			if ( this.parentNode ) {
+				this.parentNode.insertBefore( elem, this.nextSibling );
+			}
+		});
+	},
+
+	remove: function( selector, keepData /* Internal Use Only */ ) {
+		var elem,
+			elems = selector ? jQuery.filter( selector, this ) : this,
+			i = 0;
+
+		for ( ; (elem = elems[i]) != null; i++ ) {
+			if ( !keepData && elem.nodeType === 1 ) {
+				jQuery.cleanData( getAll( elem ) );
+			}
+
+			if ( elem.parentNode ) {
+				if ( keepData && jQuery.contains( elem.ownerDocument, elem ) ) {
+					setGlobalEval( getAll( elem, "script" ) );
+				}
+				elem.parentNode.removeChild( elem );
+			}
+		}
+
+		return this;
+	},
+
+	empty: function() {
+		var elem,
+			i = 0;
+
+		for ( ; (elem = this[i]) != null; i++ ) {
+			if ( elem.nodeType === 1 ) {
+
+				// Prevent memory leaks
+				jQuery.cleanData( getAll( elem, false ) );
+
+				// Remove any remaining nodes
+				elem.textContent = "";
+			}
+		}
+
+		return this;
+	},
+
+	clone: function( dataAndEvents, deepDataAndEvents ) {
+		dataAndEvents = dataAndEvents == null ? false : dataAndEvents;
+		deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents;
+
+		return this.map(function() {
+			return jQuery.clone( this, dataAndEvents, deepDataAndEvents );
+		});
+	},
+
+	html: function( value ) {
+		return access( this, function( value ) {
+			var elem = this[ 0 ] || {},
+				i = 0,
+				l = this.length;
+
+			if ( value === undefined && elem.nodeType === 1 ) {
+				return elem.innerHTML;
+			}
+
+			// See if we can take a shortcut and just use innerHTML
+			if ( typeof value === "string" && !rnoInnerhtml.test( value ) &&
+				!wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) {
+
+				value = value.replace( rxhtmlTag, "<$1></$2>" );
+
+				try {
+					for ( ; i < l; i++ ) {
+						elem = this[ i ] || {};
+
+						// Remove element nodes and prevent memory leaks
+						if ( elem.nodeType === 1 ) {
+							jQuery.cleanData( getAll( elem, false ) );
+							elem.innerHTML = value;
+						}
+					}
+
+					elem = 0;
+
+				// If using innerHTML throws an exception, use the fallback method
+				} catch( e ) {}
+			}
+
+			if ( elem ) {
+				this.empty().append( value );
+			}
+		}, null, value, arguments.length );
+	},
+
+	replaceWith: function() {
+		var arg = arguments[ 0 ];
+
+		// Make the changes, replacing each context element with the new content
+		this.domManip( arguments, function( elem ) {
+			arg = this.parentNode;
+
+			jQuery.cleanData( getAll( this ) );
+
+			if ( arg ) {
+				arg.replaceChild( elem, this );
+			}
+		});
+
+		// Force removal if there was no new content (e.g., from empty arguments)
+		return arg && (arg.length || arg.nodeType) ? this : this.remove();
+	},
+
+	detach: function( selector ) {
+		return this.remove( selector, true );
+	},
+
+	domManip: function( args, callback ) {
+
+		// Flatten any nested arrays
+		args = concat.apply( [], args );
+
+		var fragment, first, scripts, hasScripts, node, doc,
+			i = 0,
+			l = this.length,
+			set = this,
+			iNoClone = l - 1,
+			value = args[ 0 ],
+			isFunction = jQuery.isFunction( value );
+
+		// We can't cloneNode fragments that contain checked, in WebKit
+		if ( isFunction ||
+				( l > 1 && typeof value === "string" &&
+					!support.checkClone && rchecked.test( value ) ) ) {
+			return this.each(function( index ) {
+				var self = set.eq( index );
+				if ( isFunction ) {
+					args[ 0 ] = value.call( this, index, self.html() );
+				}
+				self.domManip( args, callback );
+			});
+		}
+
+		if ( l ) {
+			fragment = jQuery.buildFragment( args, this[ 0 ].ownerDocument, false, this );
+			first = fragment.firstChild;
+
+			if ( fragment.childNodes.length === 1 ) {
+				fragment = first;
+			}
+
+			if ( first ) {
+				scripts = jQuery.map( getAll( fragment, "script" ), disableScript );
+				hasScripts = scripts.length;
+
+				// Use the original fragment for the last item instead of the first because it can end up
+				// being emptied incorrectly in certain situations (#8070).
+				for ( ; i < l; i++ ) {
+					node = fragment;
+
+					if ( i !== iNoClone ) {
+						node = jQuery.clone( node, true, true );
+
+						// Keep references to cloned scripts for later restoration
+						if ( hasScripts ) {
+							// Support: QtWebKit
+							// jQuery.merge because push.apply(_, arraylike) throws
+							jQuery.merge( scripts, getAll( node, "script" ) );
+						}
+					}
+
+					callback.call( this[ i ], node, i );
+				}
+
+				if ( hasScripts ) {
+					doc = scripts[ scripts.length - 1 ].ownerDocument;
+
+					// Reenable scripts
+					jQuery.map( scripts, restoreScript );
+
+					// Evaluate executable scripts on first document insertion
+					for ( i = 0; i < hasScripts; i++ ) {
+						node = scripts[ i ];
+						if ( rscriptType.test( node.type || "" ) &&
+							!data_priv.access( node, "globalEval" ) && jQuery.contains( doc, node ) ) {
+
+							if ( node.src ) {
+								// Optional AJAX dependency, but won't run scripts if not present
+								if ( jQuery._evalUrl ) {
+									jQuery._evalUrl( node.src );
+								}
+							} else {
+								jQuery.globalEval( node.textContent.replace( rcleanScript, "" ) );
+							}
+						}
+					}
+				}
+			}
+		}
+
+		return this;
+	}
+});
+
+jQuery.each({
+	appendTo: "append",
+	prependTo: "prepend",
+	insertBefore: "before",
+	insertAfter: "after",
+	replaceAll: "replaceWith"
+}, function( name, original ) {
+	jQuery.fn[ name ] = function( selector ) {
+		var elems,
+			ret = [],
+			insert = jQuery( selector ),
+			last = insert.length - 1,
+			i = 0;
+
+		for ( ; i <= last; i++ ) {
+			elems = i === last ? this : this.clone( true );
+			jQuery( insert[ i ] )[ original ]( elems );
+
+			// Support: QtWebKit
+			// .get() because push.apply(_, arraylike) throws
+			push.apply( ret, elems.get() );
+		}
+
+		return this.pushStack( ret );
+	};
+});
+
+
+var iframe,
+	elemdisplay = {};
+
+/**
+ * Retrieve the actual display of a element
+ * @param {String} name nodeName of the element
+ * @param {Object} doc Document object
+ */
+// Called only from within defaultDisplay
+function actualDisplay( name, doc ) {
+	var style,
+		elem = jQuery( doc.createElement( name ) ).appendTo( doc.body ),
+
+		// getDefaultComputedStyle might be reliably used only on attached element
+		display = window.getDefaultComputedStyle && ( style = window.getDefaultComputedStyle( elem[ 0 ] ) ) ?
+
+			// Use of this method is a temporary fix (more like optmization) until something better comes along,
+			// since it was removed from specification and supported only in FF
+			style.display : jQuery.css( elem[ 0 ], "display" );
+
+	// We don't have any data stored on the element,
+	// so use "detach" method as fast way to get rid of the element
+	elem.detach();
+
+	return display;
+}
+
+/**
+ * Try to determine the default display value of an element
+ * @param {String} nodeName
+ */
+function defaultDisplay( nodeName ) {
+	var doc = document,
+		display = elemdisplay[ nodeName ];
+
+	if ( !display ) {
+		display = actualDisplay( nodeName, doc );
+
+		// If the simple way fails, read from inside an iframe
+		if ( display === "none" || !display ) {
+
+			// Use the already-created iframe if possible
+			iframe = (iframe || jQuery( "<iframe frameborder='0' width='0' height='0'/>" )).appendTo( doc.documentElement );
+
+			// Always write a new HTML skeleton so Webkit and Firefox don't choke on reuse
+			doc = iframe[ 0 ].contentDocument;
+
+			// Support: IE
+			doc.write();
+			doc.close();
+
+			display = actualDisplay( nodeName, doc );
+			iframe.detach();
+		}
+
+		// Store the correct default display
+		elemdisplay[ nodeName ] = display;
+	}
+
+	return display;
+}
+var rmargin = (/^margin/);
+
+var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" );
+
+var getStyles = function( elem ) {
+		return elem.ownerDocument.defaultView.getComputedStyle( elem, null );
+	};
+
+
+
+function curCSS( elem, name, computed ) {
+	var width, minWidth, maxWidth, ret,
+		style = elem.style;
+
+	computed = computed || getStyles( elem );
+
+	// Support: IE9
+	// getPropertyValue is only needed for .css('filter') in IE9, see #12537
+	if ( computed ) {
+		ret = computed.getPropertyValue( name ) || computed[ name ];
+	}
+
+	if ( computed ) {
+
+		if ( ret === "" && !jQuery.contains( elem.ownerDocument, elem ) ) {
+			ret = jQuery.style( elem, name );
+		}
+
+		// Support: iOS < 6
+		// A tribute to the "awesome hack by Dean Edwards"
+		// iOS < 6 (at least) returns percentage for a larger set of values, but width seems to be reliably pixels
+		// this is against the CSSOM draft spec: http://dev.w3.org/csswg/cssom/#resolved-values
+		if ( rnumnonpx.test( ret ) && rmargin.test( name ) ) {
+
+			// Remember the original values
+			width = style.width;
+			minWidth = style.minWidth;
+			maxWidth = style.maxWidth;
+
+			// Put in the new values to get a computed value out
+			style.minWidth = style.maxWidth = style.width = ret;
+			ret = computed.width;
+
+			// Revert the changed values
+			style.width = width;
+			style.minWidth = minWidth;
+			style.maxWidth = maxWidth;
+		}
+	}
+
+	return ret !== undefined ?
+		// Support: IE
+		// IE returns zIndex value as an integer.
+		ret + "" :
+		ret;
+}
+
+
+function addGetHookIf( conditionFn, hookFn ) {
+	// Define the hook, we'll check on the first run if it's really needed.
+	return {
+		get: function() {
+			if ( conditionFn() ) {
+				// Hook not needed (or it's not possible to use it due to missing dependency),
+				// remove it.
+				// Since there are no other hooks for marginRight, remove the whole object.
+				delete this.get;
+				return;
+			}
+
+			// Hook needed; redefine it so that the support test is not executed again.
+
+			return (this.get = hookFn).apply( this, arguments );
+		}
+	};
+}
+
+
+(function() {
+	var pixelPositionVal, boxSizingReliableVal,
+		docElem = document.documentElement,
+		container = document.createElement( "div" ),
+		div = document.createElement( "div" );
+
+	if ( !div.style ) {
+		return;
+	}
+
+	div.style.backgroundClip = "content-box";
+	div.cloneNode( true ).style.backgroundClip = "";
+	support.clearCloneStyle = div.style.backgroundClip === "content-box";
+
+	container.style.cssText = "border:0;width:0;height:0;top:0;left:-9999px;margin-top:1px;" +
+		"position:absolute";
+	container.appendChild( div );
+
+	// Executing both pixelPosition & boxSizingReliable tests require only one layout
+	// so they're executed at the same time to save the second computation.
+	function computePixelPositionAndBoxSizingReliable() {
+		div.style.cssText =
+			// Support: Firefox<29, Android 2.3
+			// Vendor-prefix box-sizing
+			"-webkit-box-sizing:border-box;-moz-box-sizing:border-box;" +
+			"box-sizing:border-box;display:block;margin-top:1%;top:1%;" +
+			"border:1px;padding:1px;width:4px;position:absolute";
+		div.innerHTML = "";
+		docElem.appendChild( container );
+
+		var divStyle = window.getComputedStyle( div, null );
+		pixelPositionVal = divStyle.top !== "1%";
+		boxSizingReliableVal = divStyle.width === "4px";
+
+		docElem.removeChild( container );
+	}
+
+	// Support: node.js jsdom
+	// Don't assume that getComputedStyle is a property of the global object
+	if ( window.getComputedStyle ) {
+		jQuery.extend( support, {
+			pixelPosition: function() {
+				// This test is executed only once but we still do memoizing
+				// since we can use the boxSizingReliable pre-computing.
+				// No need to check if the test was already performed, though.
+				computePixelPositionAndBoxSizingReliable();
+				return pixelPositionVal;
+			},
+			boxSizingReliable: function() {
+				if ( boxSizingReliableVal == null ) {
+					computePixelPositionAndBoxSizingReliable();
+				}
+				return boxSizingReliableVal;
+			},
+			reliableMarginRight: function() {
+				// Support: Android 2.3
+				// Check if div with explicit width and no margin-right incorrectly
+				// gets computed margin-right based on width of container. (#3333)
+				// WebKit Bug 13343 - getComputedStyle returns wrong value for margin-right
+				// This support function is only executed once so no memoizing is needed.
+				var ret,
+					marginDiv = div.appendChild( document.createElement( "div" ) );
+
+				// Reset CSS: box-sizing; display; margin; border; padding
+				marginDiv.style.cssText = div.style.cssText =
+					// Support: Firefox<29, Android 2.3
+					// Vendor-prefix box-sizing
+					"-webkit-box-sizing:content-box;-moz-box-sizing:content-box;" +
+					"box-sizing:content-box;display:block;margin:0;border:0;padding:0";
+				marginDiv.style.marginRight = marginDiv.style.width = "0";
+				div.style.width = "1px";
+				docElem.appendChild( container );
+
+				ret = !parseFloat( window.getComputedStyle( marginDiv, null ).marginRight );
+
+				docElem.removeChild( container );
+
+				return ret;
+			}
+		});
+	}
+})();
+
+
+// A method for quickly swapping in/out CSS properties to get correct calculations.
+jQuery.swap = function( elem, options, callback, args ) {
+	var ret, name,
+		old = {};
+
+	// Remember the old values, and insert the new ones
+	for ( name in options ) {
+		old[ name ] = elem.style[ name ];
+		elem.style[ name ] = options[ name ];
+	}
+
+	ret = callback.apply( elem, args || [] );
+
+	// Revert the old values
+	for ( name in options ) {
+		elem.style[ name ] = old[ name ];
+	}
+
+	return ret;
+};
+
+
+var
+	// swappable if display is none or starts with table except "table", "table-cell", or "table-caption"
+	// see here for display values: https://developer.mozilla.org/en-US/docs/CSS/display
+	rdisplayswap = /^(none|table(?!-c[ea]).+)/,
+	rnumsplit = new RegExp( "^(" + pnum + ")(.*)$", "i" ),
+	rrelNum = new RegExp( "^([+-])=(" + pnum + ")", "i" ),
+
+	cssShow = { position: "absolute", visibility: "hidden", display: "block" },
+	cssNormalTransform = {
+		letterSpacing: "0",
+		fontWeight: "400"
+	},
+
+	cssPrefixes = [ "Webkit", "O", "Moz", "ms" ];
+
+// return a css property mapped to a potentially vendor prefixed property
+function vendorPropName( style, name ) {
+
+	// shortcut for names that are not vendor prefixed
+	if ( name in style ) {
+		return name;
+	}
+
+	// check for vendor prefixed names
+	var capName = name[0].toUpperCase() + name.slice(1),
+		origName = name,
+		i = cssPrefixes.length;
+
+	while ( i-- ) {
+		name = cssPrefixes[ i ] + capName;
+		if ( name in style ) {
+			return name;
+		}
+	}
+
+	return origName;
+}
+
+function setPositiveNumber( elem, value, subtract ) {
+	var matches = rnumsplit.exec( value );
+	return matches ?
+		// Guard against undefined "subtract", e.g., when used as in cssHooks
+		Math.max( 0, matches[ 1 ] - ( subtract || 0 ) ) + ( matches[ 2 ] || "px" ) :
+		value;
+}
+
+function augmentWidthOrHeight( elem, name, extra, isBorderBox, styles ) {
+	var i = extra === ( isBorderBox ? "border" : "content" ) ?
+		// If we already have the right measurement, avoid augmentation
+		4 :
+		// Otherwise initialize for horizontal or vertical properties
+		name === "width" ? 1 : 0,
+
+		val = 0;
+
+	for ( ; i < 4; i += 2 ) {
+		// both box models exclude margin, so add it if we want it
+		if ( extra === "margin" ) {
+			val += jQuery.css( elem, extra + cssExpand[ i ], true, styles );
+		}
+
+		if ( isBorderBox ) {
+			// border-box includes padding, so remove it if we want content
+			if ( extra === "content" ) {
+				val -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+			}
+
+			// at this point, extra isn't border nor margin, so remove border
+			if ( extra !== "margin" ) {
+				val -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		} else {
+			// at this point, extra isn't content, so add padding
+			val += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles );
+
+			// at this point, extra isn't content nor padding, so add border
+			if ( extra !== "padding" ) {
+				val += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles );
+			}
+		}
+	}
+
+	return val;
+}
+
+function getWidthOrHeight( elem, name, extra ) {
+
+	// Start with offset property, which is equivalent to the border-box value
+	var valueIsBorderBox = true,
+		val = name === "width" ? elem.offsetWidth : elem.offsetHeight,
+		styles = getStyles( elem ),
+		isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box";
+
+	// some non-html elements return undefined for offsetWidth, so check for null/undefined
+	// svg - https://bugzilla.mozilla.org/show_bug.cgi?id=649285
+	// MathML - https://bugzilla.mozilla.org/show_bug.cgi?id=491668
+	if ( val <= 0 || val == null ) {
+		// Fall back to computed then uncomputed css if necessary
+		val = curCSS( elem, name, styles );
+		if ( val < 0 || val == null ) {
+			val = elem.style[ name ];
+		}
+
+		// Computed unit is not pixels. Stop here and return.
+		if ( rnumnonpx.test(val) ) {
+			return val;
+		}
+
+		// we need the check for style in case a browser which returns unreliable values
+		// for getComputedStyle silently falls back to the reliable elem.style
+		valueIsBorderBox = isBorderBox &&
+			( support.boxSizingReliable() || val === elem.style[ name ] );
+
+		// Normalize "", auto, and prepare for extra
+		val = parseFloat( val ) || 0;
+	}
+
+	// use the active box-sizing model to add/subtract irrelevant styles
+	return ( val +
+		augmentWidthOrHeight(
+			elem,
+			name,
+			extra || ( isBorderBox ? "border" : "content" ),
+			valueIsBorderBox,
+			styles
+		)
+	) + "px";
+}
+
+function showHide( elements, show ) {
+	var display, elem, hidden,
+		values = [],
+		index = 0,
+		length = elements.length;
+
+	for ( ; index < length; index++ ) {
+		elem = elements[ index ];
+		if ( !elem.style ) {
+			continue;
+		}
+
+		values[ index ] = data_priv.get( elem, "olddisplay" );
+		display = elem.style.display;
+		if ( show ) {
+			// Reset the inline display of this element to learn if it is
+			// being hidden by cascaded rules or not
+			if ( !values[ index ] && display === "none" ) {
+				elem.style.display = "";
+			}
+
+			// Set elements which have been overridden with display: none
+			// in a stylesheet to whatever the default browser style is
+			// for such an element
+			if ( elem.style.display === "" && isHidden( elem ) ) {
+				values[ index ] = data_priv.access( elem, "olddisplay", defaultDisplay(elem.nodeName) );
+			}
+		} else {
+			hidden = isHidden( elem );
+
+			if ( display !== "none" || !hidden ) {
+				data_priv.set( elem, "olddisplay", hidden ? display : jQuery.css( elem, "display" ) );
+			}
+		}
+	}
+
+	// Set the display of most of the elements in a second loop
+	// to avoid the constant reflow
+	for ( index = 0; index < length; index++ ) {
+		elem = elements[ index ];
+		if ( !elem.style ) {
+			continue;
+		}
+		if ( !show || elem.style.display === "none" || elem.style.display === "" ) {
+			elem.style.display = show ? values[ index ] || "" : "none";
+		}
+	}
+
+	return elements;
+}
+
+jQuery.extend({
+	// Add in style property hooks for overriding the default
+	// behavior of getting and setting a style property
+	cssHooks: {
+		opacity: {
+			get: function( elem, computed ) {
+				if ( computed ) {
+					// We should always get a number back from opacity
+					var ret = curCSS( elem, "opacity" );
+					return ret === "" ? "1" : ret;
+				}
+			}
+		}
+	},
+
+	// Don't automatically add "px" to these possibly-unitless properties
+	cssNumber: {
+		"columnCount": true,
+		"fillOpacity": true,
+		"flexGrow": true,
+		"flexShrink": true,
+		"fontWeight": true,
+		"lineHeight": true,
+		"opacity": true,
+		"order": true,
+		"orphans": true,
+		"widows": true,
+		"zIndex": true,
+		"zoom": true
+	},
+
+	// Add in properties whose names you wish to fix before
+	// setting or getting the value
+	cssProps: {
+		// normalize float css property
+		"float": "cssFloat"
+	},
+
+	// Get and set the style property on a DOM Node
+	style: function( elem, name, value, extra ) {
+		// Don't set styles on text and comment nodes
+		if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) {
+			return;
+		}
+
+		// Make sure that we're working with the right name
+		var ret, type, hooks,
+			origName = jQuery.camelCase( name ),
+			style = elem.style;
+
+		name = jQuery.cssProps[ origName ] || ( jQuery.cssProps[ origName ] = vendorPropName( style, origName ) );
+
+		// gets hook for the prefixed version
+		// followed by the unprefixed version
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// Check if we're setting a value
+		if ( value !== undefined ) {
+			type = typeof value;
+
+			// convert relative number strings (+= or -=) to relative numbers. #7345
+			if ( type === "string" && (ret = rrelNum.exec( value )) ) {
+				value = ( ret[1] + 1 ) * ret[2] + parseFloat( jQuery.css( elem, name ) );
+				// Fixes bug #9237
+				type = "number";
+			}
+
+			// Make sure that null and NaN values aren't set. See: #7116
+			if ( value == null || value !== value ) {
+				return;
+			}
+
+			// If a number was passed in, add 'px' to the (except for certain CSS properties)
+			if ( type === "number" && !jQuery.cssNumber[ origName ] ) {
+				value += "px";
+			}
+
+			// Fixes #8908, it can be done more correctly by specifying setters in cssHooks,
+			// but it would mean to define eight (for every problematic property) identical functions
+			if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) {
+				style[ name ] = "inherit";
+			}
+
+			// If a hook was provided, use that value, otherwise just set the specified value
+			if ( !hooks || !("set" in hooks) || (value = hooks.set( elem, value, extra )) !== undefined ) {
+				style[ name ] = value;
+			}
+
+		} else {
+			// If a hook was provided get the non-computed value from there
+			if ( hooks && "get" in hooks && (ret = hooks.get( elem, false, extra )) !== undefined ) {
+				return ret;
+			}
+
+			// Otherwise just get the value from the style object
+			return style[ name ];
+		}
+	},
+
+	css: function( elem, name, extra, styles ) {
+		var val, num, hooks,
+			origName = jQuery.camelCase( name );
+
+		// Make sure that we're working with the right name
+		name = jQuery.cssProps[ origName ] || ( jQuery.cssProps[ origName ] = vendorPropName( elem.style, origName ) );
+
+		// gets hook for the prefixed version
+		// followed by the unprefixed version
+		hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ];
+
+		// If a hook was provided get the computed value from there
+		if ( hooks && "get" in hooks ) {
+			val = hooks.get( elem, true, extra );
+		}
+
+		// Otherwise, if a way to get the computed value exists, use that
+		if ( val === undefined ) {
+			val = curCSS( elem, name, styles );
+		}
+
+		//convert "normal" to computed value
+		if ( val === "normal" && name in cssNormalTransform ) {
+			val = cssNormalTransform[ name ];
+		}
+
+		// Return, converting to number if forced or a qualifier was provided and val looks numeric
+		if ( extra === "" || extra ) {
+			num = parseFloat( val );
+			return extra === true || jQuery.isNumeric( num ) ? num || 0 : val;
+		}
+		return val;
+	}
+});
+
+jQuery.each([ "height", "width" ], function( i, name ) {
+	jQuery.cssHooks[ name ] = {
+		get: function( elem, computed, extra ) {
+			if ( computed ) {
+				// certain elements can have dimension info if we invisibly show them
+				// however, it must have a current display style that would benefit from this
+				return rdisplayswap.test( jQuery.css( elem, "display" ) ) && elem.offsetWidth === 0 ?
+					jQuery.swap( elem, cssShow, function() {
+						return getWidthOrHeight( elem, name, extra );
+					}) :
+					getWidthOrHeight( elem, name, extra );
+			}
+		},
+
+		set: function( elem, value, extra ) {
+			var styles = extra && getStyles( elem );
+			return setPositiveNumber( elem, value, extra ?
+				augmentWidthOrHeight(
+					elem,
+					name,
+					extra,
+					jQuery.css( elem, "boxSizing", false, styles ) === "border-box",
+					styles
+				) : 0
+			);
+		}
+	};
+});
+
+// Support: Android 2.3
+jQuery.cssHooks.marginRight = addGetHookIf( support.reliableMarginRight,
+	function( elem, computed ) {
+		if ( computed ) {
+			// WebKit Bug 13343 - getComputedStyle returns wrong value for margin-right
+			// Work around by temporarily setting element display to inline-block
+			return jQuery.swap( elem, { "display": "inline-block" },
+				curCSS, [ elem, "marginRight" ] );
+		}
+	}
+);
+
+// These hooks are used by animate to expand properties
+jQuery.each({
+	margin: "",
+	padding: "",
+	border: "Width"
+}, function( prefix, suffix ) {
+	jQuery.cssHooks[ prefix + suffix ] = {
+		expand: function( value ) {
+			var i = 0,
+				expanded = {},
+
+				// assumes a single number if not a string
+				parts = typeof value === "string" ? value.split(" ") : [ value ];
+
+			for ( ; i < 4; i++ ) {
+				expanded[ prefix + cssExpand[ i ] + suffix ] =
+					parts[ i ] || parts[ i - 2 ] || parts[ 0 ];
+			}
+
+			return expanded;
+		}
+	};
+
+	if ( !rmargin.test( prefix ) ) {
+		jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber;
+	}
+});
+
+jQuery.fn.extend({
+	css: function( name, value ) {
+		return access( this, function( elem, name, value ) {
+			var styles, len,
+				map = {},
+				i = 0;
+
+			if ( jQuery.isArray( name ) ) {
+				styles = getStyles( elem );
+				len = name.length;
+
+				for ( ; i < len; i++ ) {
+					map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles );
+				}
+
+				return map;
+			}
+
+			return value !== undefined ?
+				jQuery.style( elem, name, value ) :
+				jQuery.css( elem, name );
+		}, name, value, arguments.length > 1 );
+	},
+	show: function() {
+		return showHide( this, true );
+	},
+	hide: function() {
+		return showHide( this );
+	},
+	toggle: function( state ) {
+		if ( typeof state === "boolean" ) {
+			return state ? this.show() : this.hide();
+		}
+
+		return this.each(function() {
+			if ( isHidden( this ) ) {
+				jQuery( this ).show();
+			} else {
+				jQuery( this ).hide();
+			}
+		});
+	}
+});
+
+
+function Tween( elem, options, prop, end, easing ) {
+	return new Tween.prototype.init( elem, options, prop, end, easing );
+}
+jQuery.Tween = Tween;
+
+Tween.prototype = {
+	constructor: Tween,
+	init: function( elem, options, prop, end, easing, unit ) {
+		this.elem = elem;
+		this.prop = prop;
+		this.easing = easing || "swing";
+		this.options = options;
+		this.start = this.now = this.cur();
+		this.end = end;
+		this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" );
+	},
+	cur: function() {
+		var hooks = Tween.propHooks[ this.prop ];
+
+		return hooks && hooks.get ?
+			hooks.get( this ) :
+			Tween.propHooks._default.get( this );
+	},
+	run: function( percent ) {
+		var eased,
+			hooks = Tween.propHooks[ this.prop ];
+
+		if ( this.options.duration ) {
+			this.pos = eased = jQuery.easing[ this.easing ](
+				percent, this.options.duration * percent, 0, 1, this.options.duration
+			);
+		} else {
+			this.pos = eased = percent;
+		}
+		this.now = ( this.end - this.start ) * eased + this.start;
+
+		if ( this.options.step ) {
+			this.options.step.call( this.elem, this.now, this );
+		}
+
+		if ( hooks && hooks.set ) {
+			hooks.set( this );
+		} else {
+			Tween.propHooks._default.set( this );
+		}
+		return this;
+	}
+};
+
+Tween.prototype.init.prototype = Tween.prototype;
+
+Tween.propHooks = {
+	_default: {
+		get: function( tween ) {
+			var result;
+
+			if ( tween.elem[ tween.prop ] != null &&
+				(!tween.elem.style || tween.elem.style[ tween.prop ] == null) ) {
+				return tween.elem[ tween.prop ];
+			}
+
+			// passing an empty string as a 3rd parameter to .css will automatically
+			// attempt a parseFloat and fallback to a string if the parse fails
+			// so, simple values such as "10px" are parsed to Float.
+			// complex values such as "rotate(1rad)" are returned as is.
+			result = jQuery.css( tween.elem, tween.prop, "" );
+			// Empty strings, null, undefined and "auto" are converted to 0.
+			return !result || result === "auto" ? 0 : result;
+		},
+		set: function( tween ) {
+			// use step hook for back compat - use cssHook if its there - use .style if its
+			// available and use plain properties where available
+			if ( jQuery.fx.step[ tween.prop ] ) {
+				jQuery.fx.step[ tween.prop ]( tween );
+			} else if ( tween.elem.style && ( tween.elem.style[ jQuery.cssProps[ tween.prop ] ] != null || jQuery.cssHooks[ tween.prop ] ) ) {
+				jQuery.style( tween.elem, tween.prop, tween.now + tween.unit );
+			} else {
+				tween.elem[ tween.prop ] = tween.now;
+			}
+		}
+	}
+};
+
+// Support: IE9
+// Panic based approach to setting things on disconnected nodes
+
+Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = {
+	set: function( tween ) {
+		if ( tween.elem.nodeType && tween.elem.parentNode ) {
+			tween.elem[ tween.prop ] = tween.now;
+		}
+	}
+};
+
+jQuery.easing = {
+	linear: function( p ) {
+		return p;
+	},
+	swing: function( p ) {
+		return 0.5 - Math.cos( p * Math.PI ) / 2;
+	}
+};
+
+jQuery.fx = Tween.prototype.init;
+
+// Back Compat <1.8 extension point
+jQuery.fx.step = {};
+
+
+
+
+var
+	fxNow, timerId,
+	rfxtypes = /^(?:toggle|show|hide)$/,
+	rfxnum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ),
+	rrun = /queueHooks$/,
+	animationPrefilters = [ defaultPrefilter ],
+	tweeners = {
+		"*": [ function( prop, value ) {
+			var tween = this.createTween( prop, value ),
+				target = tween.cur(),
+				parts = rfxnum.exec( value ),
+				unit = parts && parts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ),
+
+				// Starting value computation is required for potential unit mismatches
+				start = ( jQuery.cssNumber[ prop ] || unit !== "px" && +target ) &&
+					rfxnum.exec( jQuery.css( tween.elem, prop ) ),
+				scale = 1,
+				maxIterations = 20;
+
+			if ( start && start[ 3 ] !== unit ) {
+				// Trust units reported by jQuery.css
+				unit = unit || start[ 3 ];
+
+				// Make sure we update the tween properties later on
+				parts = parts || [];
+
+				// Iteratively approximate from a nonzero starting point
+				start = +target || 1;
+
+				do {
+					// If previous iteration zeroed out, double until we get *something*
+					// Use a string for doubling factor so we don't accidentally see scale as unchanged below
+					scale = scale || ".5";
+
+					// Adjust and apply
+					start = start / scale;
+					jQuery.style( tween.elem, prop, start + unit );
+
+				// Update scale, tolerating zero or NaN from tween.cur()
+				// And breaking the loop if scale is unchanged or perfect, or if we've just had enough
+				} while ( scale !== (scale = tween.cur() / target) && scale !== 1 && --maxIterations );
+			}
+
+			// Update tween properties
+			if ( parts ) {
+				start = tween.start = +start || +target || 0;
+				tween.unit = unit;
+				// If a +=/-= token was provided, we're doing a relative animation
+				tween.end = parts[ 1 ] ?
+					start + ( parts[ 1 ] + 1 ) * parts[ 2 ] :
+					+parts[ 2 ];
+			}
+
+			return tween;
+		} ]
+	};
+
+// Animations created synchronously will run synchronously
+function createFxNow() {
+	setTimeout(function() {
+		fxNow = undefined;
+	});
+	return ( fxNow = jQuery.now() );
+}
+
+// Generate parameters to create a standard animation
+function genFx( type, includeWidth ) {
+	var which,
+		i = 0,
+		attrs = { height: type };
+
+	// if we include width, step value is 1 to do all cssExpand values,
+	// if we don't include width, step value is 2 to skip over Left and Right
+	includeWidth = includeWidth ? 1 : 0;
+	for ( ; i < 4 ; i += 2 - includeWidth ) {
+		which = cssExpand[ i ];
+		attrs[ "margin" + which ] = attrs[ "padding" + which ] = type;
+	}
+
+	if ( includeWidth ) {
+		attrs.opacity = attrs.width = type;
+	}
+
+	return attrs;
+}
+
+function createTween( value, prop, animation ) {
+	var tween,
+		collection = ( tweeners[ prop ] || [] ).concat( tweeners[ "*" ] ),
+		index = 0,
+		length = collection.length;
+	for ( ; index < length; index++ ) {
+		if ( (tween = collection[ index ].call( animation, prop, value )) ) {
+
+			// we're done with this property
+			return tween;
+		}
+	}
+}
+
+function defaultPrefilter( elem, props, opts ) {
+	/* jshint validthis: true */
+	var prop, value, toggle, tween, hooks, oldfire, display,
+		anim = this,
+		orig = {},
+		style = elem.style,
+		hidden = elem.nodeType && isHidden( elem ),
+		dataShow = data_priv.get( elem, "fxshow" );
+
+	// handle queue: false promises
+	if ( !opts.queue ) {
+		hooks = jQuery._queueHooks( elem, "fx" );
+		if ( hooks.unqueued == null ) {
+			hooks.unqueued = 0;
+			oldfire = hooks.empty.fire;
+			hooks.empty.fire = function() {
+				if ( !hooks.unqueued ) {
+					oldfire();
+				}
+			};
+		}
+		hooks.unqueued++;
+
+		anim.always(function() {
+			// doing this makes sure that the complete handler will be called
+			// before this completes
+			anim.always(function() {
+				hooks.unqueued--;
+				if ( !jQuery.queue( elem, "fx" ).length ) {
+					hooks.empty.fire();
+				}
+			});
+		});
+	}
+
+	// height/width overflow pass
+	if ( elem.nodeType === 1 && ( "height" in props || "width" in props ) ) {
+		// Make sure that nothing sneaks out
+		// Record all 3 overflow attributes because IE9-10 do not
+		// change the overflow attribute when overflowX and
+		// overflowY are set to the same value
+		opts.overflow = [ style.overflow, style.overflowX, style.overflowY ];
+
+		// Set display property to inline-block for height/width
+		// animations on inline elements that are having width/height animated
+		display = jQuery.css( elem, "display" );
+		// Test default display if display is currently "none"
+		if ( (display === "none" ? defaultDisplay( elem.nodeName ) : display) === "inline" &&
+				jQuery.css( elem, "float" ) === "none" ) {
+
+			style.display = "inline-block";
+		}
+	}
+
+	if ( opts.overflow ) {
+		style.overflow = "hidden";
+		anim.always(function() {
+			style.overflow = opts.overflow[ 0 ];
+			style.overflowX = opts.overflow[ 1 ];
+			style.overflowY = opts.overflow[ 2 ];
+		});
+	}
+
+	// show/hide pass
+	for ( prop in props ) {
+		value = props[ prop ];
+		if ( rfxtypes.exec( value ) ) {
+			delete props[ prop ];
+			toggle = toggle || value === "toggle";
+			if ( value === ( hidden ? "hide" : "show" ) ) {
+
+				// If there is dataShow left over from a stopped hide or show and we are going to proceed with show, we should pretend to be hidden
+				if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) {
+					hidden = true;
+				} else {
+					continue;
+				}
+			}
+			orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop );
+
+		// Any non-fx value stops us from restoring the original display value
+		} else {
+			display = undefined;
+		}
+	}
+
+	if ( !jQuery.isEmptyObject( orig ) ) {
+		if ( dataShow ) {
+			if ( "hidden" in dataShow ) {
+				hidden = dataShow.hidden;
+			}
+		} else {
+			dataShow = data_priv.access( elem, "fxshow", {} );
+		}
+
+		// store state if its toggle - enables .stop().toggle() to "reverse"
+		if ( toggle ) {
+			dataShow.hidden = !hidden;
+		}
+		if ( hidden ) {
+			jQuery( elem ).show();
+		} else {
+			anim.done(function() {
+				jQuery( elem ).hide();
+			});
+		}
+		anim.done(function() {
+			var prop;
+
+			data_priv.remove( elem, "fxshow" );
+			for ( prop in orig ) {
+				jQuery.style( elem, prop, orig[ prop ] );
+			}
+		});
+		for ( prop in orig ) {
+			tween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim );
+
+			if ( !( prop in dataShow ) ) {
+				dataShow[ prop ] = tween.start;
+				if ( hidden ) {
+					tween.end = tween.start;
+					tween.start = prop === "width" || prop === "height" ? 1 : 0;
+				}
+			}
+		}
+
+	// If this is a noop like .hide().hide(), restore an overwritten display value
+	} else if ( (display === "none" ? defaultDisplay( elem.nodeName ) : display) === "inline" ) {
+		style.display = display;
+	}
+}
+
+function propFilter( props, specialEasing ) {
+	var index, name, easing, value, hooks;
+
+	// camelCase, specialEasing and expand cssHook pass
+	for ( index in props ) {
+		name = jQuery.camelCase( index );
+		easing = specialEasing[ name ];
+		value = props[ index ];
+		if ( jQuery.isArray( value ) ) {
+			easing = value[ 1 ];
+			value = props[ index ] = value[ 0 ];
+		}
+
+		if ( index !== name ) {
+			props[ name ] = value;
+			delete props[ index ];
+		}
+
+		hooks = jQuery.cssHooks[ name ];
+		if ( hooks && "expand" in hooks ) {
+			value = hooks.expand( value );
+			delete props[ name ];
+
+			// not quite $.extend, this wont overwrite keys already present.
+			// also - reusing 'index' from above because we have the correct "name"
+			for ( index in value ) {
+				if ( !( index in props ) ) {
+					props[ index ] = value[ index ];
+					specialEasing[ index ] = easing;
+				}
+			}
+		} else {
+			specialEasing[ name ] = easing;
+		}
+	}
+}
+
+function Animation( elem, properties, options ) {
+	var result,
+		stopped,
+		index = 0,
+		length = animationPrefilters.length,
+		deferred = jQuery.Deferred().always( function() {
+			// don't match elem in the :animated selector
+			delete tick.elem;
+		}),
+		tick = function() {
+			if ( stopped ) {
+				return false;
+			}
+			var currentTime = fxNow || createFxNow(),
+				remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ),
+				// archaic crash bug won't allow us to use 1 - ( 0.5 || 0 ) (#12497)
+				temp = remaining / animation.duration || 0,
+				percent = 1 - temp,
+				index = 0,
+				length = animation.tweens.length;
+
+			for ( ; index < length ; index++ ) {
+				animation.tweens[ index ].run( percent );
+			}
+
+			deferred.notifyWith( elem, [ animation, percent, remaining ]);
+
+			if ( percent < 1 && length ) {
+				return remaining;
+			} else {
+				deferred.resolveWith( elem, [ animation ] );
+				return false;
+			}
+		},
+		animation = deferred.promise({
+			elem: elem,
+			props: jQuery.extend( {}, properties ),
+			opts: jQuery.extend( true, { specialEasing: {} }, options ),
+			originalProperties: properties,
+			originalOptions: options,
+			startTime: fxNow || createFxNow(),
+			duration: options.duration,
+			tweens: [],
+			createTween: function( prop, end ) {
+				var tween = jQuery.Tween( elem, animation.opts, prop, end,
+						animation.opts.specialEasing[ prop ] || animation.opts.easing );
+				animation.tweens.push( tween );
+				return tween;
+			},
+			stop: function( gotoEnd ) {
+				var index = 0,
+					// if we are going to the end, we want to run all the tweens
+					// otherwise we skip this part
+					length = gotoEnd ? animation.tweens.length : 0;
+				if ( stopped ) {
+					return this;
+				}
+				stopped = true;
+				for ( ; index < length ; index++ ) {
+					animation.tweens[ index ].run( 1 );
+				}
+
+				// resolve when we played the last frame
+				// otherwise, reject
+				if ( gotoEnd ) {
+					deferred.resolveWith( elem, [ animation, gotoEnd ] );
+				} else {
+					deferred.rejectWith( elem, [ animation, gotoEnd ] );
+				}
+				return this;
+			}
+		}),
+		props = animation.props;
+
+	propFilter( props, animation.opts.specialEasing );
+
+	for ( ; index < length ; index++ ) {
+		result = animationPrefilters[ index ].call( animation, elem, props, animation.opts );
+		if ( result ) {
+			return result;
+		}
+	}
+
+	jQuery.map( props, createTween, animation );
+
+	if ( jQuery.isFunction( animation.opts.start ) ) {
+		animation.opts.start.call( elem, animation );
+	}
+
+	jQuery.fx.timer(
+		jQuery.extend( tick, {
+			elem: elem,
+			anim: animation,
+			queue: animation.opts.queue
+		})
+	);
+
+	// attach callbacks from options
+	return animation.progress( animation.opts.progress )
+		.done( animation.opts.done, animation.opts.complete )
+		.fail( animation.opts.fail )
+		.always( animation.opts.always );
+}
+
+jQuery.Animation = jQuery.extend( Animation, {
+
+	tweener: function( props, callback ) {
+		if ( jQuery.isFunction( props ) ) {
+			callback = props;
+			props = [ "*" ];
+		} else {
+			props = props.split(" ");
+		}
+
+		var prop,
+			index = 0,
+			length = props.length;
+
+		for ( ; index < length ; index++ ) {
+			prop = props[ index ];
+			tweeners[ prop ] = tweeners[ prop ] || [];
+			tweeners[ prop ].unshift( callback );
+		}
+	},
+
+	prefilter: function( callback, prepend ) {
+		if ( prepend ) {
+			animationPrefilters.unshift( callback );
+		} else {
+			animationPrefilters.push( callback );
+		}
+	}
+});
+
+jQuery.speed = function( speed, easing, fn ) {
+	var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : {
+		complete: fn || !fn && easing ||
+			jQuery.isFunction( speed ) && speed,
+		duration: speed,
+		easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing
+	};
+
+	opt.duration = jQuery.fx.off ? 0 : typeof opt.duration === "number" ? opt.duration :
+		opt.duration in jQuery.fx.speeds ? jQuery.fx.speeds[ opt.duration ] : jQuery.fx.speeds._default;
+
+	// normalize opt.queue - true/undefined/null -> "fx"
+	if ( opt.queue == null || opt.queue === true ) {
+		opt.queue = "fx";
+	}
+
+	// Queueing
+	opt.old = opt.complete;
+
+	opt.complete = function() {
+		if ( jQuery.isFunction( opt.old ) ) {
+			opt.old.call( this );
+		}
+
+		if ( opt.queue ) {
+			jQuery.dequeue( this, opt.queue );
+		}
+	};
+
+	return opt;
+};
+
+jQuery.fn.extend({
+	fadeTo: function( speed, to, easing, callback ) {
+
+		// show any hidden elements after setting opacity to 0
+		return this.filter( isHidden ).css( "opacity", 0 ).show()
+
+			// animate to the value specified
+			.end().animate({ opacity: to }, speed, easing, callback );
+	},
+	animate: function( prop, speed, easing, callback ) {
+		var empty = jQuery.isEmptyObject( prop ),
+			optall = jQuery.speed( speed, easing, callback ),
+			doAnimation = function() {
+				// Operate on a copy of prop so per-property easing won't be lost
+				var anim = Animation( this, jQuery.extend( {}, prop ), optall );
+
+				// Empty animations, or finishing resolves immediately
+				if ( empty || data_priv.get( this, "finish" ) ) {
+					anim.stop( true );
+				}
+			};
+			doAnimation.finish = doAnimation;
+
+		return empty || optall.queue === false ?
+			this.each( doAnimation ) :
+			this.queue( optall.queue, doAnimation );
+	},
+	stop: function( type, clearQueue, gotoEnd ) {
+		var stopQueue = function( hooks ) {
+			var stop = hooks.stop;
+			delete hooks.stop;
+			stop( gotoEnd );
+		};
+
+		if ( typeof type !== "string" ) {
+			gotoEnd = clearQueue;
+			clearQueue = type;
+			type = undefined;
+		}
+		if ( clearQueue && type !== false ) {
+			this.queue( type || "fx", [] );
+		}
+
+		return this.each(function() {
+			var dequeue = true,
+				index = type != null && type + "queueHooks",
+				timers = jQuery.timers,
+				data = data_priv.get( this );
+
+			if ( index ) {
+				if ( data[ index ] && data[ index ].stop ) {
+					stopQueue( data[ index ] );
+				}
+			} else {
+				for ( index in data ) {
+					if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) {
+						stopQueue( data[ index ] );
+					}
+				}
+			}
+
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this && (type == null || timers[ index ].queue === type) ) {
+					timers[ index ].anim.stop( gotoEnd );
+					dequeue = false;
+					timers.splice( index, 1 );
+				}
+			}
+
+			// start the next in the queue if the last step wasn't forced
+			// timers currently will call their complete callbacks, which will dequeue
+			// but only if they were gotoEnd
+			if ( dequeue || !gotoEnd ) {
+				jQuery.dequeue( this, type );
+			}
+		});
+	},
+	finish: function( type ) {
+		if ( type !== false ) {
+			type = type || "fx";
+		}
+		return this.each(function() {
+			var index,
+				data = data_priv.get( this ),
+				queue = data[ type + "queue" ],
+				hooks = data[ type + "queueHooks" ],
+				timers = jQuery.timers,
+				length = queue ? queue.length : 0;
+
+			// enable finishing flag on private data
+			data.finish = true;
+
+			// empty the queue first
+			jQuery.queue( this, type, [] );
+
+			if ( hooks && hooks.stop ) {
+				hooks.stop.call( this, true );
+			}
+
+			// look for any active animations, and finish them
+			for ( index = timers.length; index--; ) {
+				if ( timers[ index ].elem === this && timers[ index ].queue === type ) {
+					timers[ index ].anim.stop( true );
+					timers.splice( index, 1 );
+				}
+			}
+
+			// look for any animations in the old queue and finish them
+			for ( index = 0; index < length; index++ ) {
+				if ( queue[ index ] && queue[ index ].finish ) {
+					queue[ index ].finish.call( this );
+				}
+			}
+
+			// turn off finishing flag
+			delete data.finish;
+		});
+	}
+});
+
+jQuery.each([ "toggle", "show", "hide" ], function( i, name ) {
+	var cssFn = jQuery.fn[ name ];
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return speed == null || typeof speed === "boolean" ?
+			cssFn.apply( this, arguments ) :
+			this.animate( genFx( name, true ), speed, easing, callback );
+	};
+});
+
+// Generate shortcuts for custom animations
+jQuery.each({
+	slideDown: genFx("show"),
+	slideUp: genFx("hide"),
+	slideToggle: genFx("toggle"),
+	fadeIn: { opacity: "show" },
+	fadeOut: { opacity: "hide" },
+	fadeToggle: { opacity: "toggle" }
+}, function( name, props ) {
+	jQuery.fn[ name ] = function( speed, easing, callback ) {
+		return this.animate( props, speed, easing, callback );
+	};
+});
+
+jQuery.timers = [];
+jQuery.fx.tick = function() {
+	var timer,
+		i = 0,
+		timers = jQuery.timers;
+
+	fxNow = jQuery.now();
+
+	for ( ; i < timers.length; i++ ) {
+		timer = timers[ i ];
+		// Checks the timer has not already been removed
+		if ( !timer() && timers[ i ] === timer ) {
+			timers.splice( i--, 1 );
+		}
+	}
+
+	if ( !timers.length ) {
+		jQuery.fx.stop();
+	}
+	fxNow = undefined;
+};
+
+jQuery.fx.timer = function( timer ) {
+	jQuery.timers.push( timer );
+	if ( timer() ) {
+		jQuery.fx.start();
+	} else {
+		jQuery.timers.pop();
+	}
+};
+
+jQuery.fx.interval = 13;
+
+jQuery.fx.start = function() {
+	if ( !timerId ) {
+		timerId = setInterval( jQuery.fx.tick, jQuery.fx.interval );
+	}
+};
+
+jQuery.fx.stop = function() {
+	clearInterval( timerId );
+	timerId = null;
+};
+
+jQuery.fx.speeds = {
+	slow: 600,
+	fast: 200,
+	// Default speed
+	_default: 400
+};
+
+
+// Based off of the plugin by Clint Helfers, with permission.
+// http://blindsignals.com/index.php/2009/07/jquery-delay/
+jQuery.fn.delay = function( time, type ) {
+	time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time;
+	type = type || "fx";
+
+	return this.queue( type, function( next, hooks ) {
+		var timeout = setTimeout( next, time );
+		hooks.stop = function() {
+			clearTimeout( timeout );
+		};
+	});
+};
+
+
+(function() {
+	var input = document.createElement( "input" ),
+		select = document.createElement( "select" ),
+		opt = select.appendChild( document.createElement( "option" ) );
+
+	input.type = "checkbox";
+
+	// Support: iOS 5.1, Android 4.x, Android 2.3
+	// Check the default checkbox/radio value ("" on old WebKit; "on" elsewhere)
+	support.checkOn = input.value !== "";
+
+	// Must access the parent to make an option select properly
+	// Support: IE9, IE10
+	support.optSelected = opt.selected;
+
+	// Make sure that the options inside disabled selects aren't marked as disabled
+	// (WebKit marks them as disabled)
+	select.disabled = true;
+	support.optDisabled = !opt.disabled;
+
+	// Check if an input maintains its value after becoming a radio
+	// Support: IE9, IE10
+	input = document.createElement( "input" );
+	input.value = "t";
+	input.type = "radio";
+	support.radioValue = input.value === "t";
+})();
+
+
+var nodeHook, boolHook,
+	attrHandle = jQuery.expr.attrHandle;
+
+jQuery.fn.extend({
+	attr: function( name, value ) {
+		return access( this, jQuery.attr, name, value, arguments.length > 1 );
+	},
+
+	removeAttr: function( name ) {
+		return this.each(function() {
+			jQuery.removeAttr( this, name );
+		});
+	}
+});
+
+jQuery.extend({
+	attr: function( elem, name, value ) {
+		var hooks, ret,
+			nType = elem.nodeType;
+
+		// don't get/set attributes on text, comment and attribute nodes
+		if ( !elem || nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		// Fallback to prop when attributes are not supported
+		if ( typeof elem.getAttribute === strundefined ) {
+			return jQuery.prop( elem, name, value );
+		}
+
+		// All attributes are lowercase
+		// Grab necessary hook if one is defined
+		if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) {
+			name = name.toLowerCase();
+			hooks = jQuery.attrHooks[ name ] ||
+				( jQuery.expr.match.bool.test( name ) ? boolHook : nodeHook );
+		}
+
+		if ( value !== undefined ) {
+
+			if ( value === null ) {
+				jQuery.removeAttr( elem, name );
+
+			} else if ( hooks && "set" in hooks && (ret = hooks.set( elem, value, name )) !== undefined ) {
+				return ret;
+
+			} else {
+				elem.setAttribute( name, value + "" );
+				return value;
+			}
+
+		} else if ( hooks && "get" in hooks && (ret = hooks.get( elem, name )) !== null ) {
+			return ret;
+
+		} else {
+			ret = jQuery.find.attr( elem, name );
+
+			// Non-existent attributes return null, we normalize to undefined
+			return ret == null ?
+				undefined :
+				ret;
+		}
+	},
+
+	removeAttr: function( elem, value ) {
+		var name, propName,
+			i = 0,
+			attrNames = value && value.match( rnotwhite );
+
+		if ( attrNames && elem.nodeType === 1 ) {
+			while ( (name = attrNames[i++]) ) {
+				propName = jQuery.propFix[ name ] || name;
+
+				// Boolean attributes get special treatment (#10870)
+				if ( jQuery.expr.match.bool.test( name ) ) {
+					// Set corresponding property to false
+					elem[ propName ] = false;
+				}
+
+				elem.removeAttribute( name );
+			}
+		}
+	},
+
+	attrHooks: {
+		type: {
+			set: function( elem, value ) {
+				if ( !support.radioValue && value === "radio" &&
+					jQuery.nodeName( elem, "input" ) ) {
+					// Setting the type on a radio button after the value resets the value in IE6-9
+					// Reset value to default in case type is set after value during creation
+					var val = elem.value;
+					elem.setAttribute( "type", value );
+					if ( val ) {
+						elem.value = val;
+					}
+					return value;
+				}
+			}
+		}
+	}
+});
+
+// Hooks for boolean attributes
+boolHook = {
+	set: function( elem, value, name ) {
+		if ( value === false ) {
+			// Remove boolean attributes when set to false
+			jQuery.removeAttr( elem, name );
+		} else {
+			elem.setAttribute( name, name );
+		}
+		return name;
+	}
+};
+jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( i, name ) {
+	var getter = attrHandle[ name ] || jQuery.find.attr;
+
+	attrHandle[ name ] = function( elem, name, isXML ) {
+		var ret, handle;
+		if ( !isXML ) {
+			// Avoid an infinite loop by temporarily removing this function from the getter
+			handle = attrHandle[ name ];
+			attrHandle[ name ] = ret;
+			ret = getter( elem, name, isXML ) != null ?
+				name.toLowerCase() :
+				null;
+			attrHandle[ name ] = handle;
+		}
+		return ret;
+	};
+});
+
+
+
+
+var rfocusable = /^(?:input|select|textarea|button)$/i;
+
+jQuery.fn.extend({
+	prop: function( name, value ) {
+		return access( this, jQuery.prop, name, value, arguments.length > 1 );
+	},
+
+	removeProp: function( name ) {
+		return this.each(function() {
+			delete this[ jQuery.propFix[ name ] || name ];
+		});
+	}
+});
+
+jQuery.extend({
+	propFix: {
+		"for": "htmlFor",
+		"class": "className"
+	},
+
+	prop: function( elem, name, value ) {
+		var ret, hooks, notxml,
+			nType = elem.nodeType;
+
+		// don't get/set properties on text, comment and attribute nodes
+		if ( !elem || nType === 3 || nType === 8 || nType === 2 ) {
+			return;
+		}
+
+		notxml = nType !== 1 || !jQuery.isXMLDoc( elem );
+
+		if ( notxml ) {
+			// Fix name and attach hooks
+			name = jQuery.propFix[ name ] || name;
+			hooks = jQuery.propHooks[ name ];
+		}
+
+		if ( value !== undefined ) {
+			return hooks && "set" in hooks && (ret = hooks.set( elem, value, name )) !== undefined ?
+				ret :
+				( elem[ name ] = value );
+
+		} else {
+			return hooks && "get" in hooks && (ret = hooks.get( elem, name )) !== null ?
+				ret :
+				elem[ name ];
+		}
+	},
+
+	propHooks: {
+		tabIndex: {
+			get: function( elem ) {
+				return elem.hasAttribute( "tabindex" ) || rfocusable.test( elem.nodeName ) || elem.href ?
+					elem.tabIndex :
+					-1;
+			}
+		}
+	}
+});
+
+// Support: IE9+
+// Selectedness for an option in an optgroup can be inaccurate
+if ( !support.optSelected ) {
+	jQuery.propHooks.selected = {
+		get: function( elem ) {
+			var parent = elem.parentNode;
+			if ( parent && parent.parentNode ) {
+				parent.parentNode.selectedIndex;
+			}
+			return null;
+		}
+	};
+}
+
+jQuery.each([
+	"tabIndex",
+	"readOnly",
+	"maxLength",
+	"cellSpacing",
+	"cellPadding",
+	"rowSpan",
+	"colSpan",
+	"useMap",
+	"frameBorder",
+	"contentEditable"
+], function() {
+	jQuery.propFix[ this.toLowerCase() ] = this;
+});
+
+
+
+
+var rclass = /[\t\r\n\f]/g;
+
+jQuery.fn.extend({
+	addClass: function( value ) {
+		var classes, elem, cur, clazz, j, finalValue,
+			proceed = typeof value === "string" && value,
+			i = 0,
+			len = this.length;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each(function( j ) {
+				jQuery( this ).addClass( value.call( this, j, this.className ) );
+			});
+		}
+
+		if ( proceed ) {
+			// The disjunction here is for better compressibility (see removeClass)
+			classes = ( value || "" ).match( rnotwhite ) || [];
+
+			for ( ; i < len; i++ ) {
+				elem = this[ i ];
+				cur = elem.nodeType === 1 && ( elem.className ?
+					( " " + elem.className + " " ).replace( rclass, " " ) :
+					" "
+				);
+
+				if ( cur ) {
+					j = 0;
+					while ( (clazz = classes[j++]) ) {
+						if ( cur.indexOf( " " + clazz + " " ) < 0 ) {
+							cur += clazz + " ";
+						}
+					}
+
+					// only assign if different to avoid unneeded rendering.
+					finalValue = jQuery.trim( cur );
+					if ( elem.className !== finalValue ) {
+						elem.className = finalValue;
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	removeClass: function( value ) {
+		var classes, elem, cur, clazz, j, finalValue,
+			proceed = arguments.length === 0 || typeof value === "string" && value,
+			i = 0,
+			len = this.length;
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each(function( j ) {
+				jQuery( this ).removeClass( value.call( this, j, this.className ) );
+			});
+		}
+		if ( proceed ) {
+			classes = ( value || "" ).match( rnotwhite ) || [];
+
+			for ( ; i < len; i++ ) {
+				elem = this[ i ];
+				// This expression is here for better compressibility (see addClass)
+				cur = elem.nodeType === 1 && ( elem.className ?
+					( " " + elem.className + " " ).replace( rclass, " " ) :
+					""
+				);
+
+				if ( cur ) {
+					j = 0;
+					while ( (clazz = classes[j++]) ) {
+						// Remove *all* instances
+						while ( cur.indexOf( " " + clazz + " " ) >= 0 ) {
+							cur = cur.replace( " " + clazz + " ", " " );
+						}
+					}
+
+					// only assign if different to avoid unneeded rendering.
+					finalValue = value ? jQuery.trim( cur ) : "";
+					if ( elem.className !== finalValue ) {
+						elem.className = finalValue;
+					}
+				}
+			}
+		}
+
+		return this;
+	},
+
+	toggleClass: function( value, stateVal ) {
+		var type = typeof value;
+
+		if ( typeof stateVal === "boolean" && type === "string" ) {
+			return stateVal ? this.addClass( value ) : this.removeClass( value );
+		}
+
+		if ( jQuery.isFunction( value ) ) {
+			return this.each(function( i ) {
+				jQuery( this ).toggleClass( value.call(this, i, this.className, stateVal), stateVal );
+			});
+		}
+
+		return this.each(function() {
+			if ( type === "string" ) {
+				// toggle individual class names
+				var className,
+					i = 0,
+					self = jQuery( this ),
+					classNames = value.match( rnotwhite ) || [];
+
+				while ( (className = classNames[ i++ ]) ) {
+					// check each className given, space separated list
+					if ( self.hasClass( className ) ) {
+						self.removeClass( className );
+					} else {
+						self.addClass( className );
+					}
+				}
+
+			// Toggle whole class name
+			} else if ( type === strundefined || type === "boolean" ) {
+				if ( this.className ) {
+					// store className if set
+					data_priv.set( this, "__className__", this.className );
+				}
+
+				// If the element has a class name or if we're passed "false",
+				// then remove the whole classname (if there was one, the above saved it).
+				// Otherwise bring back whatever was previously saved (if anything),
+				// falling back to the empty string if nothing was stored.
+				this.className = this.className || value === false ? "" : data_priv.get( this, "__className__" ) || "";
+			}
+		});
+	},
+
+	hasClass: function( selector ) {
+		var className = " " + selector + " ",
+			i = 0,
+			l = this.length;
+		for ( ; i < l; i++ ) {
+			if ( this[i].nodeType === 1 && (" " + this[i].className + " ").replace(rclass, " ").indexOf( className ) >= 0 ) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+});
+
+
+
+
+var rreturn = /\r/g;
+
+jQuery.fn.extend({
+	val: function( value ) {
+		var hooks, ret, isFunction,
+			elem = this[0];
+
+		if ( !arguments.length ) {
+			if ( elem ) {
+				hooks = jQuery.valHooks[ elem.type ] || jQuery.valHooks[ elem.nodeName.toLowerCase() ];
+
+				if ( hooks && "get" in hooks && (ret = hooks.get( elem, "value" )) !== undefined ) {
+					return ret;
+				}
+
+				ret = elem.value;
+
+				return typeof ret === "string" ?
+					// handle most common string cases
+					ret.replace(rreturn, "") :
+					// handle cases where value is null/undef or number
+					ret == null ? "" : ret;
+			}
+
+			return;
+		}
+
+		isFunction = jQuery.isFunction( value );
+
+		return this.each(function( i ) {
+			var val;
+
+			if ( this.nodeType !== 1 ) {
+				return;
+			}
+
+			if ( isFunction ) {
+				val = value.call( this, i, jQuery( this ).val() );
+			} else {
+				val = value;
+			}
+
+			// Treat null/undefined as ""; convert numbers to string
+			if ( val == null ) {
+				val = "";
+
+			} else if ( typeof val === "number" ) {
+				val += "";
+
+			} else if ( jQuery.isArray( val ) ) {
+				val = jQuery.map( val, function( value ) {
+					return value == null ? "" : value + "";
+				});
+			}
+
+			hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ];
+
+			// If set returns undefined, fall back to normal setting
+			if ( !hooks || !("set" in hooks) || hooks.set( this, val, "value" ) === undefined ) {
+				this.value = val;
+			}
+		});
+	}
+});
+
+jQuery.extend({
+	valHooks: {
+		option: {
+			get: function( elem ) {
+				var val = jQuery.find.attr( elem, "value" );
+				return val != null ?
+					val :
+					// Support: IE10-11+
+					// option.text throws exceptions (#14686, #14858)
+					jQuery.trim( jQuery.text( elem ) );
+			}
+		},
+		select: {
+			get: function( elem ) {
+				var value, option,
+					options = elem.options,
+					index = elem.selectedIndex,
+					one = elem.type === "select-one" || index < 0,
+					values = one ? null : [],
+					max = one ? index + 1 : options.length,
+					i = index < 0 ?
+						max :
+						one ? index : 0;
+
+				// Loop through all the selected options
+				for ( ; i < max; i++ ) {
+					option = options[ i ];
+
+					// IE6-9 doesn't update selected after form reset (#2551)
+					if ( ( option.selected || i === index ) &&
+							// Don't return options that are disabled or in a disabled optgroup
+							( support.optDisabled ? !option.disabled : option.getAttribute( "disabled" ) === null ) &&
+							( !option.parentNode.disabled || !jQuery.nodeName( option.parentNode, "optgroup" ) ) ) {
+
+						// Get the specific value for the option
+						value = jQuery( option ).val();
+
+						// We don't need an array for one selects
+						if ( one ) {
+							return value;
+						}
+
+						// Multi-Selects return an array
+						values.push( value );
+					}
+				}
+
+				return values;
+			},
+
+			set: function( elem, value ) {
+				var optionSet, option,
+					options = elem.options,
+					values = jQuery.makeArray( value ),
+					i = options.length;
+
+				while ( i-- ) {
+					option = options[ i ];
+					if ( (option.selected = jQuery.inArray( option.value, values ) >= 0) ) {
+						optionSet = true;
+					}
+				}
+
+				// force browsers to behave consistently when non-matching value is set
+				if ( !optionSet ) {
+					elem.selectedIndex = -1;
+				}
+				return values;
+			}
+		}
+	}
+});
+
+// Radios and checkboxes getter/setter
+jQuery.each([ "radio", "checkbox" ], function() {
+	jQuery.valHooks[ this ] = {
+		set: function( elem, value ) {
+			if ( jQuery.isArray( value ) ) {
+				return ( elem.checked = jQuery.inArray( jQuery(elem).val(), value ) >= 0 );
+			}
+		}
+	};
+	if ( !support.checkOn ) {
+		jQuery.valHooks[ this ].get = function( elem ) {
+			// Support: Webkit
+			// "" is returned instead of "on" if a value isn't specified
+			return elem.getAttribute("value") === null ? "on" : elem.value;
+		};
+	}
+});
+
+
+
+
+// Return jQuery for attributes-only inclusion
+
+
+jQuery.each( ("blur focus focusin focusout load resize scroll unload click dblclick " +
+	"mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " +
+	"change select submit keydown keypress keyup error contextmenu").split(" "), function( i, name ) {
+
+	// Handle event binding
+	jQuery.fn[ name ] = function( data, fn ) {
+		return arguments.length > 0 ?
+			this.on( name, null, data, fn ) :
+			this.trigger( name );
+	};
+});
+
+jQuery.fn.extend({
+	hover: function( fnOver, fnOut ) {
+		return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver );
+	},
+
+	bind: function( types, data, fn ) {
+		return this.on( types, null, data, fn );
+	},
+	unbind: function( types, fn ) {
+		return this.off( types, null, fn );
+	},
+
+	delegate: function( selector, types, data, fn ) {
+		return this.on( types, selector, data, fn );
+	},
+	undelegate: function( selector, types, fn ) {
+		// ( namespace ) or ( selector, types [, fn] )
+		return arguments.length === 1 ? this.off( selector, "**" ) : this.off( types, selector || "**", fn );
+	}
+});
+
+
+var nonce = jQuery.now();
+
+var rquery = (/\?/);
+
+
+
+// Support: Android 2.3
+// Workaround failure to string-cast null input
+jQuery.parseJSON = function( data ) {
+	return JSON.parse( data + "" );
+};
+
+
+// Cross-browser xml parsing
+jQuery.parseXML = function( data ) {
+	var xml, tmp;
+	if ( !data || typeof data !== "string" ) {
+		return null;
+	}
+
+	// Support: IE9
+	try {
+		tmp = new DOMParser();
+		xml = tmp.parseFromString( data, "text/xml" );
+	} catch ( e ) {
+		xml = undefined;
+	}
+
+	if ( !xml || xml.getElementsByTagName( "parsererror" ).length ) {
+		jQuery.error( "Invalid XML: " + data );
+	}
+	return xml;
+};
+
+
+var
+	// Document location
+	ajaxLocParts,
+	ajaxLocation,
+
+	rhash = /#.*$/,
+	rts = /([?&])_=[^&]*/,
+	rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg,
+	// #7653, #8125, #8152: local protocol detection
+	rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/,
+	rnoContent = /^(?:GET|HEAD)$/,
+	rprotocol = /^\/\//,
+	rurl = /^([\w.+-]+:)(?:\/\/(?:[^\/?#]*@|)([^\/?#:]*)(?::(\d+)|)|)/,
+
+	/* Prefilters
+	 * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example)
+	 * 2) These are called:
+	 *    - BEFORE asking for a transport
+	 *    - AFTER param serialization (s.data is a string if s.processData is true)
+	 * 3) key is the dataType
+	 * 4) the catchall symbol "*" can be used
+	 * 5) execution will start with transport dataType and THEN continue down to "*" if needed
+	 */
+	prefilters = {},
+
+	/* Transports bindings
+	 * 1) key is the dataType
+	 * 2) the catchall symbol "*" can be used
+	 * 3) selection will start with transport dataType and THEN go to "*" if needed
+	 */
+	transports = {},
+
+	// Avoid comment-prolog char sequence (#10098); must appease lint and evade compression
+	allTypes = "*/".concat("*");
+
+// #8138, IE may throw an exception when accessing
+// a field from window.location if document.domain has been set
+try {
+	ajaxLocation = location.href;
+} catch( e ) {
+	// Use the href attribute of an A element
+	// since IE will modify it given document.location
+	ajaxLocation = document.createElement( "a" );
+	ajaxLocation.href = "";
+	ajaxLocation = ajaxLocation.href;
+}
+
+// Segment location into parts
+ajaxLocParts = rurl.exec( ajaxLocation.toLowerCase() ) || [];
+
+// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
+function addToPrefiltersOrTransports( structure ) {
+
+	// dataTypeExpression is optional and defaults to "*"
+	return function( dataTypeExpression, func ) {
+
+		if ( typeof dataTypeExpression !== "string" ) {
+			func = dataTypeExpression;
+			dataTypeExpression = "*";
+		}
+
+		var dataType,
+			i = 0,
+			dataTypes = dataTypeExpression.toLowerCase().match( rnotwhite ) || [];
+
+		if ( jQuery.isFunction( func ) ) {
+			// For each dataType in the dataTypeExpression
+			while ( (dataType = dataTypes[i++]) ) {
+				// Prepend if requested
+				if ( dataType[0] === "+" ) {
+					dataType = dataType.slice( 1 ) || "*";
+					(structure[ dataType ] = structure[ dataType ] || []).unshift( func );
+
+				// Otherwise append
+				} else {
+					(structure[ dataType ] = structure[ dataType ] || []).push( func );
+				}
+			}
+		}
+	};
+}
+
+// Base inspection function for prefilters and transports
+function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) {
+
+	var inspected = {},
+		seekingTransport = ( structure === transports );
+
+	function inspect( dataType ) {
+		var selected;
+		inspected[ dataType ] = true;
+		jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) {
+			var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR );
+			if ( typeof dataTypeOrTransport === "string" && !seekingTransport && !inspected[ dataTypeOrTransport ] ) {
+				options.dataTypes.unshift( dataTypeOrTransport );
+				inspect( dataTypeOrTransport );
+				return false;
+			} else if ( seekingTransport ) {
+				return !( selected = dataTypeOrTransport );
+			}
+		});
+		return selected;
+	}
+
+	return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" );
+}
+
+// A special extend for ajax options
+// that takes "flat" options (not to be deep extended)
+// Fixes #9887
+function ajaxExtend( target, src ) {
+	var key, deep,
+		flatOptions = jQuery.ajaxSettings.flatOptions || {};
+
+	for ( key in src ) {
+		if ( src[ key ] !== undefined ) {
+			( flatOptions[ key ] ? target : ( deep || (deep = {}) ) )[ key ] = src[ key ];
+		}
+	}
+	if ( deep ) {
+		jQuery.extend( true, target, deep );
+	}
+
+	return target;
+}
+
+/* Handles responses to an ajax request:
+ * - finds the right dataType (mediates between content-type and expected dataType)
+ * - returns the corresponding response
+ */
+function ajaxHandleResponses( s, jqXHR, responses ) {
+
+	var ct, type, finalDataType, firstDataType,
+		contents = s.contents,
+		dataTypes = s.dataTypes;
+
+	// Remove auto dataType and get content-type in the process
+	while ( dataTypes[ 0 ] === "*" ) {
+		dataTypes.shift();
+		if ( ct === undefined ) {
+			ct = s.mimeType || jqXHR.getResponseHeader("Content-Type");
+		}
+	}
+
+	// Check if we're dealing with a known content-type
+	if ( ct ) {
+		for ( type in contents ) {
+			if ( contents[ type ] && contents[ type ].test( ct ) ) {
+				dataTypes.unshift( type );
+				break;
+			}
+		}
+	}
+
+	// Check to see if we have a response for the expected dataType
+	if ( dataTypes[ 0 ] in responses ) {
+		finalDataType = dataTypes[ 0 ];
+	} else {
+		// Try convertible dataTypes
+		for ( type in responses ) {
+			if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[0] ] ) {
+				finalDataType = type;
+				break;
+			}
+			if ( !firstDataType ) {
+				firstDataType = type;
+			}
+		}
+		// Or just use first one
+		finalDataType = finalDataType || firstDataType;
+	}
+
+	// If we found a dataType
+	// We add the dataType to the list if needed
+	// and return the corresponding response
+	if ( finalDataType ) {
+		if ( finalDataType !== dataTypes[ 0 ] ) {
+			dataTypes.unshift( finalDataType );
+		}
+		return responses[ finalDataType ];
+	}
+}
+
+/* Chain conversions given the request and the original response
+ * Also sets the responseXXX fields on the jqXHR instance
+ */
+function ajaxConvert( s, response, jqXHR, isSuccess ) {
+	var conv2, current, conv, tmp, prev,
+		converters = {},
+		// Work with a copy of dataTypes in case we need to modify it for conversion
+		dataTypes = s.dataTypes.slice();
+
+	// Create converters map with lowercased keys
+	if ( dataTypes[ 1 ] ) {
+		for ( conv in s.converters ) {
+			converters[ conv.toLowerCase() ] = s.converters[ conv ];
+		}
+	}
+
+	current = dataTypes.shift();
+
+	// Convert to each sequential dataType
+	while ( current ) {
+
+		if ( s.responseFields[ current ] ) {
+			jqXHR[ s.responseFields[ current ] ] = response;
+		}
+
+		// Apply the dataFilter if provided
+		if ( !prev && isSuccess && s.dataFilter ) {
+			response = s.dataFilter( response, s.dataType );
+		}
+
+		prev = current;
+		current = dataTypes.shift();
+
+		if ( current ) {
+
+		// There's only work to do if current dataType is non-auto
+			if ( current === "*" ) {
+
+				current = prev;
+
+			// Convert response if prev dataType is non-auto and differs from current
+			} else if ( prev !== "*" && prev !== current ) {
+
+				// Seek a direct converter
+				conv = converters[ prev + " " + current ] || converters[ "* " + current ];
+
+				// If none found, seek a pair
+				if ( !conv ) {
+					for ( conv2 in converters ) {
+
+						// If conv2 outputs current
+						tmp = conv2.split( " " );
+						if ( tmp[ 1 ] === current ) {
+
+							// If prev can be converted to accepted input
+							conv = converters[ prev + " " + tmp[ 0 ] ] ||
+								converters[ "* " + tmp[ 0 ] ];
+							if ( conv ) {
+								// Condense equivalence converters
+								if ( conv === true ) {
+									conv = converters[ conv2 ];
+
+								// Otherwise, insert the intermediate dataType
+								} else if ( converters[ conv2 ] !== true ) {
+									current = tmp[ 0 ];
+									dataTypes.unshift( tmp[ 1 ] );
+								}
+								break;
+							}
+						}
+					}
+				}
+
+				// Apply converter (if not an equivalence)
+				if ( conv !== true ) {
+
+					// Unless errors are allowed to bubble, catch and return them
+					if ( conv && s[ "throws" ] ) {
+						response = conv( response );
+					} else {
+						try {
+							response = conv( response );
+						} catch ( e ) {
+							return { state: "parsererror", error: conv ? e : "No conversion from " + prev + " to " + current };
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return { state: "success", data: response };
+}
+
+jQuery.extend({
+
+	// Counter for holding the number of active queries
+	active: 0,
+
+	// Last-Modified header cache for next request
+	lastModified: {},
+	etag: {},
+
+	ajaxSettings: {
+		url: ajaxLocation,
+		type: "GET",
+		isLocal: rlocalProtocol.test( ajaxLocParts[ 1 ] ),
+		global: true,
+		processData: true,
+		async: true,
+		contentType: "application/x-www-form-urlencoded; charset=UTF-8",
+		/*
+		timeout: 0,
+		data: null,
+		dataType: null,
+		username: null,
+		password: null,
+		cache: null,
+		throws: false,
+		traditional: false,
+		headers: {},
+		*/
+
+		accepts: {
+			"*": allTypes,
+			text: "text/plain",
+			html: "text/html",
+			xml: "application/xml, text/xml",
+			json: "application/json, text/javascript"
+		},
+
+		contents: {
+			xml: /xml/,
+			html: /html/,
+			json: /json/
+		},
+
+		responseFields: {
+			xml: "responseXML",
+			text: "responseText",
+			json: "responseJSON"
+		},
+
+		// Data converters
+		// Keys separate source (or catchall "*") and destination types with a single space
+		converters: {
+
+			// Convert anything to text
+			"* text": String,
+
+			// Text to html (true = no transformation)
+			"text html": true,
+
+			// Evaluate text as a json expression
+			"text json": jQuery.parseJSON,
+
+			// Parse text as xml
+			"text xml": jQuery.parseXML
+		},
+
+		// For options that shouldn't be deep extended:
+		// you can add your own custom options here if
+		// and when you create one that shouldn't be
+		// deep extended (see ajaxExtend)
+		flatOptions: {
+			url: true,
+			context: true
+		}
+	},
+
+	// Creates a full fledged settings object into target
+	// with both ajaxSettings and settings fields.
+	// If target is omitted, writes into ajaxSettings.
+	ajaxSetup: function( target, settings ) {
+		return settings ?
+
+			// Building a settings object
+			ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) :
+
+			// Extending ajaxSettings
+			ajaxExtend( jQuery.ajaxSettings, target );
+	},
+
+	ajaxPrefilter: addToPrefiltersOrTransports( prefilters ),
+	ajaxTransport: addToPrefiltersOrTransports( transports ),
+
+	// Main method
+	ajax: function( url, options ) {
+
+		// If url is an object, simulate pre-1.5 signature
+		if ( typeof url === "object" ) {
+			options = url;
+			url = undefined;
+		}
+
+		// Force options to be an object
+		options = options || {};
+
+		var transport,
+			// URL without anti-cache param
+			cacheURL,
+			// Response headers
+			responseHeadersString,
+			responseHeaders,
+			// timeout handle
+			timeoutTimer,
+			// Cross-domain detection vars
+			parts,
+			// To know if global events are to be dispatched
+			fireGlobals,
+			// Loop variable
+			i,
+			// Create the final options object
+			s = jQuery.ajaxSetup( {}, options ),
+			// Callbacks context
+			callbackContext = s.context || s,
+			// Context for global events is callbackContext if it is a DOM node or jQuery collection
+			globalEventContext = s.context && ( callbackContext.nodeType || callbackContext.jquery ) ?
+				jQuery( callbackContext ) :
+				jQuery.event,
+			// Deferreds
+			deferred = jQuery.Deferred(),
+			completeDeferred = jQuery.Callbacks("once memory"),
+			// Status-dependent callbacks
+			statusCode = s.statusCode || {},
+			// Headers (they are sent all at once)
+			requestHeaders = {},
+			requestHeadersNames = {},
+			// The jqXHR state
+			state = 0,
+			// Default abort message
+			strAbort = "canceled",
+			// Fake xhr
+			jqXHR = {
+				readyState: 0,
+
+				// Builds headers hashtable if needed
+				getResponseHeader: function( key ) {
+					var match;
+					if ( state === 2 ) {
+						if ( !responseHeaders ) {
+							responseHeaders = {};
+							while ( (match = rheaders.exec( responseHeadersString )) ) {
+								responseHeaders[ match[1].toLowerCase() ] = match[ 2 ];
+							}
+						}
+						match = responseHeaders[ key.toLowerCase() ];
+					}
+					return match == null ? null : match;
+				},
+
+				// Raw string
+				getAllResponseHeaders: function() {
+					return state === 2 ? responseHeadersString : null;
+				},
+
+				// Caches the header
+				setRequestHeader: function( name, value ) {
+					var lname = name.toLowerCase();
+					if ( !state ) {
+						name = requestHeadersNames[ lname ] = requestHeadersNames[ lname ] || name;
+						requestHeaders[ name ] = value;
+					}
+					return this;
+				},
+
+				// Overrides response content-type header
+				overrideMimeType: function( type ) {
+					if ( !state ) {
+						s.mimeType = type;
+					}
+					return this;
+				},
+
+				// Status-dependent callbacks
+				statusCode: function( map ) {
+					var code;
+					if ( map ) {
+						if ( state < 2 ) {
+							for ( code in map ) {
+								// Lazy-add the new callback in a way that preserves old ones
+								statusCode[ code ] = [ statusCode[ code ], map[ code ] ];
+							}
+						} else {
+							// Execute the appropriate callbacks
+							jqXHR.always( map[ jqXHR.status ] );
+						}
+					}
+					return this;
+				},
+
+				// Cancel the request
+				abort: function( statusText ) {
+					var finalText = statusText || strAbort;
+					if ( transport ) {
+						transport.abort( finalText );
+					}
+					done( 0, finalText );
+					return this;
+				}
+			};
+
+		// Attach deferreds
+		deferred.promise( jqXHR ).complete = completeDeferred.add;
+		jqXHR.success = jqXHR.done;
+		jqXHR.error = jqXHR.fail;
+
+		// Remove hash character (#7531: and string promotion)
+		// Add protocol if not provided (prefilters might expect it)
+		// Handle falsy url in the settings object (#10093: consistency with old signature)
+		// We also use the url parameter if available
+		s.url = ( ( url || s.url || ajaxLocation ) + "" ).replace( rhash, "" )
+			.replace( rprotocol, ajaxLocParts[ 1 ] + "//" );
+
+		// Alias method option to type as per ticket #12004
+		s.type = options.method || options.type || s.method || s.type;
+
+		// Extract dataTypes list
+		s.dataTypes = jQuery.trim( s.dataType || "*" ).toLowerCase().match( rnotwhite ) || [ "" ];
+
+		// A cross-domain request is in order when we have a protocol:host:port mismatch
+		if ( s.crossDomain == null ) {
+			parts = rurl.exec( s.url.toLowerCase() );
+			s.crossDomain = !!( parts &&
+				( parts[ 1 ] !== ajaxLocParts[ 1 ] || parts[ 2 ] !== ajaxLocParts[ 2 ] ||
+					( parts[ 3 ] || ( parts[ 1 ] === "http:" ? "80" : "443" ) ) !==
+						( ajaxLocParts[ 3 ] || ( ajaxLocParts[ 1 ] === "http:" ? "80" : "443" ) ) )
+			);
+		}
+
+		// Convert data if not already a string
+		if ( s.data && s.processData && typeof s.data !== "string" ) {
+			s.data = jQuery.param( s.data, s.traditional );
+		}
+
+		// Apply prefilters
+		inspectPrefiltersOrTransports( prefilters, s, options, jqXHR );
+
+		// If request was aborted inside a prefilter, stop there
+		if ( state === 2 ) {
+			return jqXHR;
+		}
+
+		// We can fire global events as of now if asked to
+		fireGlobals = s.global;
+
+		// Watch for a new set of requests
+		if ( fireGlobals && jQuery.active++ === 0 ) {
+			jQuery.event.trigger("ajaxStart");
+		}
+
+		// Uppercase the type
+		s.type = s.type.toUpperCase();
+
+		// Determine if request has content
+		s.hasContent = !rnoContent.test( s.type );
+
+		// Save the URL in case we're toying with the If-Modified-Since
+		// and/or If-None-Match header later on
+		cacheURL = s.url;
+
+		// More options handling for requests with no content
+		if ( !s.hasContent ) {
+
+			// If data is available, append data to url
+			if ( s.data ) {
+				cacheURL = ( s.url += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data );
+				// #9682: remove data so that it's not used in an eventual retry
+				delete s.data;
+			}
+
+			// Add anti-cache in url if needed
+			if ( s.cache === false ) {
+				s.url = rts.test( cacheURL ) ?
+
+					// If there is already a '_' parameter, set its value
+					cacheURL.replace( rts, "$1_=" + nonce++ ) :
+
+					// Otherwise add one to the end
+					cacheURL + ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + nonce++;
+			}
+		}
+
+		// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+		if ( s.ifModified ) {
+			if ( jQuery.lastModified[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] );
+			}
+			if ( jQuery.etag[ cacheURL ] ) {
+				jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] );
+			}
+		}
+
+		// Set the correct header, if data is being sent
+		if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) {
+			jqXHR.setRequestHeader( "Content-Type", s.contentType );
+		}
+
+		// Set the Accepts header for the server, depending on the dataType
+		jqXHR.setRequestHeader(
+			"Accept",
+			s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[0] ] ?
+				s.accepts[ s.dataTypes[0] ] + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) :
+				s.accepts[ "*" ]
+		);
+
+		// Check for headers option
+		for ( i in s.headers ) {
+			jqXHR.setRequestHeader( i, s.headers[ i ] );
+		}
+
+		// Allow custom headers/mimetypes and early abort
+		if ( s.beforeSend && ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || state === 2 ) ) {
+			// Abort if not done already and return
+			return jqXHR.abort();
+		}
+
+		// aborting is no longer a cancellation
+		strAbort = "abort";
+
+		// Install callbacks on deferreds
+		for ( i in { success: 1, error: 1, complete: 1 } ) {
+			jqXHR[ i ]( s[ i ] );
+		}
+
+		// Get transport
+		transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR );
+
+		// If no transport, we auto-abort
+		if ( !transport ) {
+			done( -1, "No Transport" );
+		} else {
+			jqXHR.readyState = 1;
+
+			// Send global event
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] );
+			}
+			// Timeout
+			if ( s.async && s.timeout > 0 ) {
+				timeoutTimer = setTimeout(function() {
+					jqXHR.abort("timeout");
+				}, s.timeout );
+			}
+
+			try {
+				state = 1;
+				transport.send( requestHeaders, done );
+			} catch ( e ) {
+				// Propagate exception as error if not done
+				if ( state < 2 ) {
+					done( -1, e );
+				// Simply rethrow otherwise
+				} else {
+					throw e;
+				}
+			}
+		}
+
+		// Callback for when everything is done
+		function done( status, nativeStatusText, responses, headers ) {
+			var isSuccess, success, error, response, modified,
+				statusText = nativeStatusText;
+
+			// Called once
+			if ( state === 2 ) {
+				return;
+			}
+
+			// State is "done" now
+			state = 2;
+
+			// Clear timeout if it exists
+			if ( timeoutTimer ) {
+				clearTimeout( timeoutTimer );
+			}
+
+			// Dereference transport for early garbage collection
+			// (no matter how long the jqXHR object will be used)
+			transport = undefined;
+
+			// Cache response headers
+			responseHeadersString = headers || "";
+
+			// Set readyState
+			jqXHR.readyState = status > 0 ? 4 : 0;
+
+			// Determine if successful
+			isSuccess = status >= 200 && status < 300 || status === 304;
+
+			// Get response data
+			if ( responses ) {
+				response = ajaxHandleResponses( s, jqXHR, responses );
+			}
+
+			// Convert no matter what (that way responseXXX fields are always set)
+			response = ajaxConvert( s, response, jqXHR, isSuccess );
+
+			// If successful, handle type chaining
+			if ( isSuccess ) {
+
+				// Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode.
+				if ( s.ifModified ) {
+					modified = jqXHR.getResponseHeader("Last-Modified");
+					if ( modified ) {
+						jQuery.lastModified[ cacheURL ] = modified;
+					}
+					modified = jqXHR.getResponseHeader("etag");
+					if ( modified ) {
+						jQuery.etag[ cacheURL ] = modified;
+					}
+				}
+
+				// if no content
+				if ( status === 204 || s.type === "HEAD" ) {
+					statusText = "nocontent";
+
+				// if not modified
+				} else if ( status === 304 ) {
+					statusText = "notmodified";
+
+				// If we have data, let's convert it
+				} else {
+					statusText = response.state;
+					success = response.data;
+					error = response.error;
+					isSuccess = !error;
+				}
+			} else {
+				// We extract error from statusText
+				// then normalize statusText and status for non-aborts
+				error = statusText;
+				if ( status || !statusText ) {
+					statusText = "error";
+					if ( status < 0 ) {
+						status = 0;
+					}
+				}
+			}
+
+			// Set data for the fake xhr object
+			jqXHR.status = status;
+			jqXHR.statusText = ( nativeStatusText || statusText ) + "";
+
+			// Success/Error
+			if ( isSuccess ) {
+				deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] );
+			} else {
+				deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] );
+			}
+
+			// Status-dependent callbacks
+			jqXHR.statusCode( statusCode );
+			statusCode = undefined;
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError",
+					[ jqXHR, s, isSuccess ? success : error ] );
+			}
+
+			// Complete
+			completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] );
+
+			if ( fireGlobals ) {
+				globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] );
+				// Handle the global AJAX counter
+				if ( !( --jQuery.active ) ) {
+					jQuery.event.trigger("ajaxStop");
+				}
+			}
+		}
+
+		return jqXHR;
+	},
+
+	getJSON: function( url, data, callback ) {
+		return jQuery.get( url, data, callback, "json" );
+	},
+
+	getScript: function( url, callback ) {
+		return jQuery.get( url, undefined, callback, "script" );
+	}
+});
+
+jQuery.each( [ "get", "post" ], function( i, method ) {
+	jQuery[ method ] = function( url, data, callback, type ) {
+		// shift arguments if data argument was omitted
+		if ( jQuery.isFunction( data ) ) {
+			type = type || callback;
+			callback = data;
+			data = undefined;
+		}
+
+		return jQuery.ajax({
+			url: url,
+			type: method,
+			dataType: type,
+			data: data,
+			success: callback
+		});
+	};
+});
+
+// Attach a bunch of functions for handling common AJAX events
+jQuery.each( [ "ajaxStart", "ajaxStop", "ajaxComplete", "ajaxError", "ajaxSuccess", "ajaxSend" ], function( i, type ) {
+	jQuery.fn[ type ] = function( fn ) {
+		return this.on( type, fn );
+	};
+});
+
+
+jQuery._evalUrl = function( url ) {
+	return jQuery.ajax({
+		url: url,
+		type: "GET",
+		dataType: "script",
+		async: false,
+		global: false,
+		"throws": true
+	});
+};
+
+
+jQuery.fn.extend({
+	wrapAll: function( html ) {
+		var wrap;
+
+		if ( jQuery.isFunction( html ) ) {
+			return this.each(function( i ) {
+				jQuery( this ).wrapAll( html.call(this, i) );
+			});
+		}
+
+		if ( this[ 0 ] ) {
+
+			// The elements to wrap the target around
+			wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true );
+
+			if ( this[ 0 ].parentNode ) {
+				wrap.insertBefore( this[ 0 ] );
+			}
+
+			wrap.map(function() {
+				var elem = this;
+
+				while ( elem.firstElementChild ) {
+					elem = elem.firstElementChild;
+				}
+
+				return elem;
+			}).append( this );
+		}
+
+		return this;
+	},
+
+	wrapInner: function( html ) {
+		if ( jQuery.isFunction( html ) ) {
+			return this.each(function( i ) {
+				jQuery( this ).wrapInner( html.call(this, i) );
+			});
+		}
+
+		return this.each(function() {
+			var self = jQuery( this ),
+				contents = self.contents();
+
+			if ( contents.length ) {
+				contents.wrapAll( html );
+
+			} else {
+				self.append( html );
+			}
+		});
+	},
+
+	wrap: function( html ) {
+		var isFunction = jQuery.isFunction( html );
+
+		return this.each(function( i ) {
+			jQuery( this ).wrapAll( isFunction ? html.call(this, i) : html );
+		});
+	},
+
+	unwrap: function() {
+		return this.parent().each(function() {
+			if ( !jQuery.nodeName( this, "body" ) ) {
+				jQuery( this ).replaceWith( this.childNodes );
+			}
+		}).end();
+	}
+});
+
+
+jQuery.expr.filters.hidden = function( elem ) {
+	// Support: Opera <= 12.12
+	// Opera reports offsetWidths and offsetHeights less than zero on some elements
+	return elem.offsetWidth <= 0 && elem.offsetHeight <= 0;
+};
+jQuery.expr.filters.visible = function( elem ) {
+	return !jQuery.expr.filters.hidden( elem );
+};
+
+
+
+
+var r20 = /%20/g,
+	rbracket = /\[\]$/,
+	rCRLF = /\r?\n/g,
+	rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i,
+	rsubmittable = /^(?:input|select|textarea|keygen)/i;
+
+function buildParams( prefix, obj, traditional, add ) {
+	var name;
+
+	if ( jQuery.isArray( obj ) ) {
+		// Serialize array item.
+		jQuery.each( obj, function( i, v ) {
+			if ( traditional || rbracket.test( prefix ) ) {
+				// Treat each array item as a scalar.
+				add( prefix, v );
+
+			} else {
+				// Item is non-scalar (array or object), encode its numeric index.
+				buildParams( prefix + "[" + ( typeof v === "object" ? i : "" ) + "]", v, traditional, add );
+			}
+		});
+
+	} else if ( !traditional && jQuery.type( obj ) === "object" ) {
+		// Serialize object item.
+		for ( name in obj ) {
+			buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add );
+		}
+
+	} else {
+		// Serialize scalar item.
+		add( prefix, obj );
+	}
+}
+
+// Serialize an array of form elements or a set of
+// key/values into a query string
+jQuery.param = function( a, traditional ) {
+	var prefix,
+		s = [],
+		add = function( key, value ) {
+			// If value is a function, invoke it and return its value
+			value = jQuery.isFunction( value ) ? value() : ( value == null ? "" : value );
+			s[ s.length ] = encodeURIComponent( key ) + "=" + encodeURIComponent( value );
+		};
+
+	// Set traditional to true for jQuery <= 1.3.2 behavior.
+	if ( traditional === undefined ) {
+		traditional = jQuery.ajaxSettings && jQuery.ajaxSettings.traditional;
+	}
+
+	// If an array was passed in, assume that it is an array of form elements.
+	if ( jQuery.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) {
+		// Serialize the form elements
+		jQuery.each( a, function() {
+			add( this.name, this.value );
+		});
+
+	} else {
+		// If traditional, encode the "old" way (the way 1.3.2 or older
+		// did it), otherwise encode params recursively.
+		for ( prefix in a ) {
+			buildParams( prefix, a[ prefix ], traditional, add );
+		}
+	}
+
+	// Return the resulting serialization
+	return s.join( "&" ).replace( r20, "+" );
+};
+
+jQuery.fn.extend({
+	serialize: function() {
+		return jQuery.param( this.serializeArray() );
+	},
+	serializeArray: function() {
+		return this.map(function() {
+			// Can add propHook for "elements" to filter or add form elements
+			var elements = jQuery.prop( this, "elements" );
+			return elements ? jQuery.makeArray( elements ) : this;
+		})
+		.filter(function() {
+			var type = this.type;
+
+			// Use .is( ":disabled" ) so that fieldset[disabled] works
+			return this.name && !jQuery( this ).is( ":disabled" ) &&
+				rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) &&
+				( this.checked || !rcheckableType.test( type ) );
+		})
+		.map(function( i, elem ) {
+			var val = jQuery( this ).val();
+
+			return val == null ?
+				null :
+				jQuery.isArray( val ) ?
+					jQuery.map( val, function( val ) {
+						return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+					}) :
+					{ name: elem.name, value: val.replace( rCRLF, "\r\n" ) };
+		}).get();
+	}
+});
+
+
+jQuery.ajaxSettings.xhr = function() {
+	try {
+		return new XMLHttpRequest();
+	} catch( e ) {}
+};
+
+var xhrId = 0,
+	xhrCallbacks = {},
+	xhrSuccessStatus = {
+		// file protocol always yields status code 0, assume 200
+		0: 200,
+		// Support: IE9
+		// #1450: sometimes IE returns 1223 when it should be 204
+		1223: 204
+	},
+	xhrSupported = jQuery.ajaxSettings.xhr();
+
+// Support: IE9
+// Open requests must be manually aborted on unload (#5280)
+if ( window.ActiveXObject ) {
+	jQuery( window ).on( "unload", function() {
+		for ( var key in xhrCallbacks ) {
+			xhrCallbacks[ key ]();
+		}
+	});
+}
+
+support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported );
+support.ajax = xhrSupported = !!xhrSupported;
+
+jQuery.ajaxTransport(function( options ) {
+	var callback;
+
+	// Cross domain only allowed if supported through XMLHttpRequest
+	if ( support.cors || xhrSupported && !options.crossDomain ) {
+		return {
+			send: function( headers, complete ) {
+				var i,
+					xhr = options.xhr(),
+					id = ++xhrId;
+
+				xhr.open( options.type, options.url, options.async, options.username, options.password );
+
+				// Apply custom fields if provided
+				if ( options.xhrFields ) {
+					for ( i in options.xhrFields ) {
+						xhr[ i ] = options.xhrFields[ i ];
+					}
+				}
+
+				// Override mime type if needed
+				if ( options.mimeType && xhr.overrideMimeType ) {
+					xhr.overrideMimeType( options.mimeType );
+				}
+
+				// X-Requested-With header
+				// For cross-domain requests, seeing as conditions for a preflight are
+				// akin to a jigsaw puzzle, we simply never set it to be sure.
+				// (it can always be set on a per-request basis or even using ajaxSetup)
+				// For same-domain requests, won't change header if already provided.
+				if ( !options.crossDomain && !headers["X-Requested-With"] ) {
+					headers["X-Requested-With"] = "XMLHttpRequest";
+				}
+
+				// Set headers
+				for ( i in headers ) {
+					xhr.setRequestHeader( i, headers[ i ] );
+				}
+
+				// Callback
+				callback = function( type ) {
+					return function() {
+						if ( callback ) {
+							delete xhrCallbacks[ id ];
+							callback = xhr.onload = xhr.onerror = null;
+
+							if ( type === "abort" ) {
+								xhr.abort();
+							} else if ( type === "error" ) {
+								complete(
+									// file: protocol always yields status 0; see #8605, #14207
+									xhr.status,
+									xhr.statusText
+								);
+							} else {
+								complete(
+									xhrSuccessStatus[ xhr.status ] || xhr.status,
+									xhr.statusText,
+									// Support: IE9
+									// Accessing binary-data responseText throws an exception
+									// (#11426)
+									typeof xhr.responseText === "string" ? {
+										text: xhr.responseText
+									} : undefined,
+									xhr.getAllResponseHeaders()
+								);
+							}
+						}
+					};
+				};
+
+				// Listen to events
+				xhr.onload = callback();
+				xhr.onerror = callback("error");
+
+				// Create the abort callback
+				callback = xhrCallbacks[ id ] = callback("abort");
+
+				try {
+					// Do send the request (this may raise an exception)
+					xhr.send( options.hasContent && options.data || null );
+				} catch ( e ) {
+					// #14683: Only rethrow if this hasn't been notified as an error yet
+					if ( callback ) {
+						throw e;
+					}
+				}
+			},
+
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+});
+
+
+
+
+// Install script dataType
+jQuery.ajaxSetup({
+	accepts: {
+		script: "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"
+	},
+	contents: {
+		script: /(?:java|ecma)script/
+	},
+	converters: {
+		"text script": function( text ) {
+			jQuery.globalEval( text );
+			return text;
+		}
+	}
+});
+
+// Handle cache's special case and crossDomain
+jQuery.ajaxPrefilter( "script", function( s ) {
+	if ( s.cache === undefined ) {
+		s.cache = false;
+	}
+	if ( s.crossDomain ) {
+		s.type = "GET";
+	}
+});
+
+// Bind script tag hack transport
+jQuery.ajaxTransport( "script", function( s ) {
+	// This transport only deals with cross domain requests
+	if ( s.crossDomain ) {
+		var script, callback;
+		return {
+			send: function( _, complete ) {
+				script = jQuery("<script>").prop({
+					async: true,
+					charset: s.scriptCharset,
+					src: s.url
+				}).on(
+					"load error",
+					callback = function( evt ) {
+						script.remove();
+						callback = null;
+						if ( evt ) {
+							complete( evt.type === "error" ? 404 : 200, evt.type );
+						}
+					}
+				);
+				document.head.appendChild( script[ 0 ] );
+			},
+			abort: function() {
+				if ( callback ) {
+					callback();
+				}
+			}
+		};
+	}
+});
+
+
+
+
+var oldCallbacks = [],
+	rjsonp = /(=)\?(?=&|$)|\?\?/;
+
+// Default jsonp settings
+jQuery.ajaxSetup({
+	jsonp: "callback",
+	jsonpCallback: function() {
+		var callback = oldCallbacks.pop() || ( jQuery.expando + "_" + ( nonce++ ) );
+		this[ callback ] = true;
+		return callback;
+	}
+});
+
+// Detect, normalize options and install callbacks for jsonp requests
+jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) {
+
+	var callbackName, overwritten, responseContainer,
+		jsonProp = s.jsonp !== false && ( rjsonp.test( s.url ) ?
+			"url" :
+			typeof s.data === "string" && !( s.contentType || "" ).indexOf("application/x-www-form-urlencoded") && rjsonp.test( s.data ) && "data"
+		);
+
+	// Handle iff the expected data type is "jsonp" or we have a parameter to set
+	if ( jsonProp || s.dataTypes[ 0 ] === "jsonp" ) {
+
+		// Get callback name, remembering preexisting value associated with it
+		callbackName = s.jsonpCallback = jQuery.isFunction( s.jsonpCallback ) ?
+			s.jsonpCallback() :
+			s.jsonpCallback;
+
+		// Insert callback into url or form data
+		if ( jsonProp ) {
+			s[ jsonProp ] = s[ jsonProp ].replace( rjsonp, "$1" + callbackName );
+		} else if ( s.jsonp !== false ) {
+			s.url += ( rquery.test( s.url ) ? "&" : "?" ) + s.jsonp + "=" + callbackName;
+		}
+
+		// Use data converter to retrieve json after script execution
+		s.converters["script json"] = function() {
+			if ( !responseContainer ) {
+				jQuery.error( callbackName + " was not called" );
+			}
+			return responseContainer[ 0 ];
+		};
+
+		// force json dataType
+		s.dataTypes[ 0 ] = "json";
+
+		// Install callback
+		overwritten = window[ callbackName ];
+		window[ callbackName ] = function() {
+			responseContainer = arguments;
+		};
+
+		// Clean-up function (fires after converters)
+		jqXHR.always(function() {
+			// Restore preexisting value
+			window[ callbackName ] = overwritten;
+
+			// Save back as free
+			if ( s[ callbackName ] ) {
+				// make sure that re-using the options doesn't screw things around
+				s.jsonpCallback = originalSettings.jsonpCallback;
+
+				// save the callback name for future use
+				oldCallbacks.push( callbackName );
+			}
+
+			// Call if it was a function and we have a response
+			if ( responseContainer && jQuery.isFunction( overwritten ) ) {
+				overwritten( responseContainer[ 0 ] );
+			}
+
+			responseContainer = overwritten = undefined;
+		});
+
+		// Delegate to script
+		return "script";
+	}
+});
+
+
+
+
+// data: string of html
+// context (optional): If specified, the fragment will be created in this context, defaults to document
+// keepScripts (optional): If true, will include scripts passed in the html string
+jQuery.parseHTML = function( data, context, keepScripts ) {
+	if ( !data || typeof data !== "string" ) {
+		return null;
+	}
+	if ( typeof context === "boolean" ) {
+		keepScripts = context;
+		context = false;
+	}
+	context = context || document;
+
+	var parsed = rsingleTag.exec( data ),
+		scripts = !keepScripts && [];
+
+	// Single tag
+	if ( parsed ) {
+		return [ context.createElement( parsed[1] ) ];
+	}
+
+	parsed = jQuery.buildFragment( [ data ], context, scripts );
+
+	if ( scripts && scripts.length ) {
+		jQuery( scripts ).remove();
+	}
+
+	return jQuery.merge( [], parsed.childNodes );
+};
+
+
+// Keep a copy of the old load method
+var _load = jQuery.fn.load;
+
+/**
+ * Load a url into a page
+ */
+jQuery.fn.load = function( url, params, callback ) {
+	if ( typeof url !== "string" && _load ) {
+		return _load.apply( this, arguments );
+	}
+
+	var selector, type, response,
+		self = this,
+		off = url.indexOf(" ");
+
+	if ( off >= 0 ) {
+		selector = jQuery.trim( url.slice( off ) );
+		url = url.slice( 0, off );
+	}
+
+	// If it's a function
+	if ( jQuery.isFunction( params ) ) {
+
+		// We assume that it's the callback
+		callback = params;
+		params = undefined;
+
+	// Otherwise, build a param string
+	} else if ( params && typeof params === "object" ) {
+		type = "POST";
+	}
+
+	// If we have elements to modify, make the request
+	if ( self.length > 0 ) {
+		jQuery.ajax({
+			url: url,
+
+			// if "type" variable is undefined, then "GET" method will be used
+			type: type,
+			dataType: "html",
+			data: params
+		}).done(function( responseText ) {
+
+			// Save response for use in complete callback
+			response = arguments;
+
+			self.html( selector ?
+
+				// If a selector was specified, locate the right elements in a dummy div
+				// Exclude scripts to avoid IE 'Permission Denied' errors
+				jQuery("<div>").append( jQuery.parseHTML( responseText ) ).find( selector ) :
+
+				// Otherwise use the full result
+				responseText );
+
+		}).complete( callback && function( jqXHR, status ) {
+			self.each( callback, response || [ jqXHR.responseText, status, jqXHR ] );
+		});
+	}
+
+	return this;
+};
+
+
+
+
+jQuery.expr.filters.animated = function( elem ) {
+	return jQuery.grep(jQuery.timers, function( fn ) {
+		return elem === fn.elem;
+	}).length;
+};
+
+
+
+
+var docElem = window.document.documentElement;
+
+/**
+ * Gets a window from an element
+ */
+function getWindow( elem ) {
+	return jQuery.isWindow( elem ) ? elem : elem.nodeType === 9 && elem.defaultView;
+}
+
+jQuery.offset = {
+	setOffset: function( elem, options, i ) {
+		var curPosition, curLeft, curCSSTop, curTop, curOffset, curCSSLeft, calculatePosition,
+			position = jQuery.css( elem, "position" ),
+			curElem = jQuery( elem ),
+			props = {};
+
+		// Set position first, in-case top/left are set even on static elem
+		if ( position === "static" ) {
+			elem.style.position = "relative";
+		}
+
+		curOffset = curElem.offset();
+		curCSSTop = jQuery.css( elem, "top" );
+		curCSSLeft = jQuery.css( elem, "left" );
+		calculatePosition = ( position === "absolute" || position === "fixed" ) &&
+			( curCSSTop + curCSSLeft ).indexOf("auto") > -1;
+
+		// Need to be able to calculate position if either top or left is auto and position is either absolute or fixed
+		if ( calculatePosition ) {
+			curPosition = curElem.position();
+			curTop = curPosition.top;
+			curLeft = curPosition.left;
+
+		} else {
+			curTop = parseFloat( curCSSTop ) || 0;
+			curLeft = parseFloat( curCSSLeft ) || 0;
+		}
+
+		if ( jQuery.isFunction( options ) ) {
+			options = options.call( elem, i, curOffset );
+		}
+
+		if ( options.top != null ) {
+			props.top = ( options.top - curOffset.top ) + curTop;
+		}
+		if ( options.left != null ) {
+			props.left = ( options.left - curOffset.left ) + curLeft;
+		}
+
+		if ( "using" in options ) {
+			options.using.call( elem, props );
+
+		} else {
+			curElem.css( props );
+		}
+	}
+};
+
+jQuery.fn.extend({
+	offset: function( options ) {
+		if ( arguments.length ) {
+			return options === undefined ?
+				this :
+				this.each(function( i ) {
+					jQuery.offset.setOffset( this, options, i );
+				});
+		}
+
+		var docElem, win,
+			elem = this[ 0 ],
+			box = { top: 0, left: 0 },
+			doc = elem && elem.ownerDocument;
+
+		if ( !doc ) {
+			return;
+		}
+
+		docElem = doc.documentElement;
+
+		// Make sure it's not a disconnected DOM node
+		if ( !jQuery.contains( docElem, elem ) ) {
+			return box;
+		}
+
+		// If we don't have gBCR, just use 0,0 rather than error
+		// BlackBerry 5, iOS 3 (original iPhone)
+		if ( typeof elem.getBoundingClientRect !== strundefined ) {
+			box = elem.getBoundingClientRect();
+		}
+		win = getWindow( doc );
+		return {
+			top: box.top + win.pageYOffset - docElem.clientTop,
+			left: box.left + win.pageXOffset - docElem.clientLeft
+		};
+	},
+
+	position: function() {
+		if ( !this[ 0 ] ) {
+			return;
+		}
+
+		var offsetParent, offset,
+			elem = this[ 0 ],
+			parentOffset = { top: 0, left: 0 };
+
+		// Fixed elements are offset from window (parentOffset = {top:0, left: 0}, because it is its only offset parent
+		if ( jQuery.css( elem, "position" ) === "fixed" ) {
+			// We assume that getBoundingClientRect is available when computed position is fixed
+			offset = elem.getBoundingClientRect();
+
+		} else {
+			// Get *real* offsetParent
+			offsetParent = this.offsetParent();
+
+			// Get correct offsets
+			offset = this.offset();
+			if ( !jQuery.nodeName( offsetParent[ 0 ], "html" ) ) {
+				parentOffset = offsetParent.offset();
+			}
+
+			// Add offsetParent borders
+			parentOffset.top += jQuery.css( offsetParent[ 0 ], "borderTopWidth", true );
+			parentOffset.left += jQuery.css( offsetParent[ 0 ], "borderLeftWidth", true );
+		}
+
+		// Subtract parent offsets and element margins
+		return {
+			top: offset.top - parentOffset.top - jQuery.css( elem, "marginTop", true ),
+			left: offset.left - parentOffset.left - jQuery.css( elem, "marginLeft", true )
+		};
+	},
+
+	offsetParent: function() {
+		return this.map(function() {
+			var offsetParent = this.offsetParent || docElem;
+
+			while ( offsetParent && ( !jQuery.nodeName( offsetParent, "html" ) && jQuery.css( offsetParent, "position" ) === "static" ) ) {
+				offsetParent = offsetParent.offsetParent;
+			}
+
+			return offsetParent || docElem;
+		});
+	}
+});
+
+// Create scrollLeft and scrollTop methods
+jQuery.each( { scrollLeft: "pageXOffset", scrollTop: "pageYOffset" }, function( method, prop ) {
+	var top = "pageYOffset" === prop;
+
+	jQuery.fn[ method ] = function( val ) {
+		return access( this, function( elem, method, val ) {
+			var win = getWindow( elem );
+
+			if ( val === undefined ) {
+				return win ? win[ prop ] : elem[ method ];
+			}
+
+			if ( win ) {
+				win.scrollTo(
+					!top ? val : window.pageXOffset,
+					top ? val : window.pageYOffset
+				);
+
+			} else {
+				elem[ method ] = val;
+			}
+		}, method, val, arguments.length, null );
+	};
+});
+
+// Add the top/left cssHooks using jQuery.fn.position
+// Webkit bug: https://bugs.webkit.org/show_bug.cgi?id=29084
+// getComputedStyle returns percent when specified for top/left/bottom/right
+// rather than make the css module depend on the offset module, we just check for it here
+jQuery.each( [ "top", "left" ], function( i, prop ) {
+	jQuery.cssHooks[ prop ] = addGetHookIf( support.pixelPosition,
+		function( elem, computed ) {
+			if ( computed ) {
+				computed = curCSS( elem, prop );
+				// if curCSS returns percentage, fallback to offset
+				return rnumnonpx.test( computed ) ?
+					jQuery( elem ).position()[ prop ] + "px" :
+					computed;
+			}
+		}
+	);
+});
+
+
+// Create innerHeight, innerWidth, height, width, outerHeight and outerWidth methods
+jQuery.each( { Height: "height", Width: "width" }, function( name, type ) {
+	jQuery.each( { padding: "inner" + name, content: type, "": "outer" + name }, function( defaultExtra, funcName ) {
+		// margin is only for outerHeight, outerWidth
+		jQuery.fn[ funcName ] = function( margin, value ) {
+			var chainable = arguments.length && ( defaultExtra || typeof margin !== "boolean" ),
+				extra = defaultExtra || ( margin === true || value === true ? "margin" : "border" );
+
+			return access( this, function( elem, type, value ) {
+				var doc;
+
+				if ( jQuery.isWindow( elem ) ) {
+					// As of 5/8/2012 this will yield incorrect results for Mobile Safari, but there
+					// isn't a whole lot we can do. See pull request at this URL for discussion:
+					// https://github.com/jquery/jquery/pull/764
+					return elem.document.documentElement[ "client" + name ];
+				}
+
+				// Get document width or height
+				if ( elem.nodeType === 9 ) {
+					doc = elem.documentElement;
+
+					// Either scroll[Width/Height] or offset[Width/Height] or client[Width/Height],
+					// whichever is greatest
+					return Math.max(
+						elem.body[ "scroll" + name ], doc[ "scroll" + name ],
+						elem.body[ "offset" + name ], doc[ "offset" + name ],
+						doc[ "client" + name ]
+					);
+				}
+
+				return value === undefined ?
+					// Get width or height on the element, requesting but not forcing parseFloat
+					jQuery.css( elem, type, extra ) :
+
+					// Set width or height on the element
+					jQuery.style( elem, type, value, extra );
+			}, type, chainable ? margin : undefined, chainable, null );
+		};
+	});
+});
+
+
+// The number of elements contained in the matched element set
+jQuery.fn.size = function() {
+	return this.length;
+};
+
+jQuery.fn.andSelf = jQuery.fn.addBack;
+
+
+
+
+// Register as a named AMD module, since jQuery can be concatenated with other
+// files that may use define, but not via a proper concatenation script that
+// understands anonymous AMD modules. A named AMD is safest and most robust
+// way to register. Lowercase jquery is used because AMD module names are
+// derived from file names, and jQuery is normally delivered in a lowercase
+// file name. Do this after creating the global so that if an AMD module wants
+// to call noConflict to hide this version of jQuery, it will work.
+
+// Note that for maximum portability, libraries that are not jQuery should
+// declare themselves as anonymous modules, and avoid setting a global if an
+// AMD loader is present. jQuery is a special case. For more information, see
+// https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
+
+if ( typeof define === "function" && define.amd ) {
+	define( "jquery", [], function() {
+		return jQuery;
+	});
+}
+
+
+
+
+var
+	// Map over jQuery in case of overwrite
+	_jQuery = window.jQuery,
+
+	// Map over the $ in case of overwrite
+	_$ = window.$;
+
+jQuery.noConflict = function( deep ) {
+	if ( window.$ === jQuery ) {
+		window.$ = _$;
+	}
+
+	if ( deep && window.jQuery === jQuery ) {
+		window.jQuery = _jQuery;
+	}
+
+	return jQuery;
+};
+
+// Expose jQuery and $ identifiers, even in
+// AMD (#7102#comment:10, https://github.com/jquery/jquery/pull/557)
+// and CommonJS for browser emulators (#13566)
+if ( typeof noGlobal === strundefined ) {
+	window.jQuery = window.$ = jQuery;
+}
+
+
+
+
+return jQuery;
+
+}));
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/moxie.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/moxie.js
new file mode 100644
index 0000000..afd0aec
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/moxie.js
@@ -0,0 +1,10684 @@
+/**
+ * mOxie - multi-runtime File API & XMLHttpRequest L2 Polyfill
+ * v1.2.0
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ *
+ * Date: 2014-01-16
+ */
+/**
+ * Compiled inline version. (Library mode)
+ */
+
+/*jshint smarttabs:true, undef:true, latedef:true, curly:true, bitwise:true, camelcase:true */
+/*globals $code */
+
+(function(exports, undefined) {
+	"use strict";
+
+	var modules = {};
+
+	function require(ids, callback) {
+		var module, defs = [];
+
+		for (var i = 0; i < ids.length; ++i) {
+			module = modules[ids[i]] || resolve(ids[i]);
+			if (!module) {
+				throw 'module definition dependecy not found: ' + ids[i];
+			}
+
+			defs.push(module);
+		}
+
+		callback.apply(null, defs);
+	}
+
+	function define(id, dependencies, definition) {
+		if (typeof id !== 'string') {
+			throw 'invalid module definition, module id must be defined and be a string';
+		}
+
+		if (dependencies === undefined) {
+			throw 'invalid module definition, dependencies must be specified';
+		}
+
+		if (definition === undefined) {
+			throw 'invalid module definition, definition function must be specified';
+		}
+
+		require(dependencies, function() {
+			modules[id] = definition.apply(null, arguments);
+		});
+	}
+
+	function defined(id) {
+		return !!modules[id];
+	}
+
+	function resolve(id) {
+		var target = exports;
+		var fragments = id.split(/[.\/]/);
+
+		for (var fi = 0; fi < fragments.length; ++fi) {
+			if (!target[fragments[fi]]) {
+				return;
+			}
+
+			target = target[fragments[fi]];
+		}
+
+		return target;
+	}
+
+	function expose(ids) {
+		for (var i = 0; i < ids.length; i++) {
+			var target = exports;
+			var id = ids[i];
+			var fragments = id.split(/[.\/]/);
+
+			for (var fi = 0; fi < fragments.length - 1; ++fi) {
+				if (target[fragments[fi]] === undefined) {
+					target[fragments[fi]] = {};
+				}
+
+				target = target[fragments[fi]];
+			}
+
+			target[fragments[fragments.length - 1]] = modules[id];
+		}
+	}
+
+// Included from: src/javascript/core/utils/Basic.js
+
+/**
+ * Basic.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/utils/Basic', [], function() {
+	/**
+	Gets the true type of the built-in object (better version of typeof).
+	@author Angus Croll (http://javascriptweblog.wordpress.com/)
+
+	@method typeOf
+	@for Utils
+	@static
+	@param {Object} o Object to check.
+	@return {String} Object [[Class]]
+	*/
+	var typeOf = function(o) {
+		var undef;
+
+		if (o === undef) {
+			return 'undefined';
+		} else if (o === null) {
+			return 'null';
+		} else if (o.nodeType) {
+			return 'node';
+		}
+
+		// the snippet below is awesome, however it fails to detect null, undefined and arguments types in IE lte 8
+		return ({}).toString.call(o).match(/\s([a-z|A-Z]+)/)[1].toLowerCase();
+	};
+		
+	/**
+	Extends the specified object with another object.
+
+	@method extend
+	@static
+	@param {Object} target Object to extend.
+	@param {Object} [obj]* Multiple objects to extend with.
+	@return {Object} Same as target, the extended object.
+	*/
+	var extend = function(target) {
+		var undef;
+
+		each(arguments, function(arg, i) {
+			if (i > 0) {
+				each(arg, function(value, key) {
+					if (value !== undef) {
+						if (typeOf(target[key]) === typeOf(value) && !!~inArray(typeOf(value), ['array', 'object'])) {
+							extend(target[key], value);
+						} else {
+							target[key] = value;
+						}
+					}
+				});
+			}
+		});
+		return target;
+	};
+		
+	/**
+	Executes the callback function for each item in array/object. If you return false in the
+	callback it will break the loop.
+
+	@method each
+	@static
+	@param {Object} obj Object to iterate.
+	@param {function} callback Callback function to execute for each item.
+	*/
+	var each = function(obj, callback) {
+		var length, key, i, undef;
+
+		if (obj) {
+			try {
+				length = obj.length;
+			} catch(ex) {
+				length = undef;
+			}
+
+			if (length === undef) {
+				// Loop object items
+				for (key in obj) {
+					if (obj.hasOwnProperty(key)) {
+						if (callback(obj[key], key) === false) {
+							return;
+						}
+					}
+				}
+			} else {
+				// Loop array items
+				for (i = 0; i < length; i++) {
+					if (callback(obj[i], i) === false) {
+						return;
+					}
+				}
+			}
+		}
+	};
+
+	/**
+	Checks if object is empty.
+	
+	@method isEmptyObj
+	@static
+	@param {Object} o Object to check.
+	@return {Boolean}
+	*/
+	var isEmptyObj = function(obj) {
+		var prop;
+
+		if (!obj || typeOf(obj) !== 'object') {
+			return true;
+		}
+
+		for (prop in obj) {
+			return false;
+		}
+
+		return true;
+	};
+
+	/**
+	Recieve an array of functions (usually async) to call in sequence, each  function
+	receives a callback as first argument that it should call, when it completes. Finally,
+	after everything is complete, main callback is called. Passing truthy value to the
+	callback as a first argument will interrupt the sequence and invoke main callback
+	immediately.
+
+	@method inSeries
+	@static
+	@param {Array} queue Array of functions to call in sequence
+	@param {Function} cb Main callback that is called in the end, or in case of erro
+	*/
+	var inSeries = function(queue, cb) {
+		var i = 0, length = queue.length;
+
+		if (typeOf(cb) !== 'function') {
+			cb = function() {};
+		}
+
+		if (!queue || !queue.length) {
+			cb();
+		}
+
+		function callNext(i) {
+			if (typeOf(queue[i]) === 'function') {
+				queue[i](function(error) {
+					/*jshint expr:true */
+					++i < length && !error ? callNext(i) : cb(error);
+				});
+			}
+		}
+		callNext(i);
+	};
+
+
+	/**
+	Recieve an array of functions (usually async) to call in parallel, each  function
+	receives a callback as first argument that it should call, when it completes. After 
+	everything is complete, main callback is called. Passing truthy value to the
+	callback as a first argument will interrupt the process and invoke main callback
+	immediately.
+
+	@method inParallel
+	@static
+	@param {Array} queue Array of functions to call in sequence
+	@param {Function} cb Main callback that is called in the end, or in case of erro
+	*/
+	var inParallel = function(queue, cb) {
+		var count = 0, num = queue.length, cbArgs = new Array(num);
+
+		each(queue, function(fn, i) {
+			fn(function(error) {
+				if (error) {
+					return cb(error);
+				}
+				
+				var args = [].slice.call(arguments);
+				args.shift(); // strip error - undefined or not
+
+				cbArgs[i] = args;
+				count++;
+
+				if (count === num) {
+					cbArgs.unshift(null);
+					cb.apply(this, cbArgs);
+				} 
+			});
+		});
+	};
+	
+	
+	/**
+	Find an element in array and return it's index if present, otherwise return -1.
+	
+	@method inArray
+	@static
+	@param {Mixed} needle Element to find
+	@param {Array} array
+	@return {Int} Index of the element, or -1 if not found
+	*/
+	var inArray = function(needle, array) {
+		if (array) {
+			if (Array.prototype.indexOf) {
+				return Array.prototype.indexOf.call(array, needle);
+			}
+		
+			for (var i = 0, length = array.length; i < length; i++) {
+				if (array[i] === needle) {
+					return i;
+				}
+			}
+		}
+		return -1;
+	};
+
+
+	/**
+	Returns elements of first array if they are not present in second. And false - otherwise.
+
+	@private
+	@method arrayDiff
+	@param {Array} needles
+	@param {Array} array
+	@return {Array|Boolean}
+	*/
+	var arrayDiff = function(needles, array) {
+		var diff = [];
+
+		if (typeOf(needles) !== 'array') {
+			needles = [needles];
+		}
+
+		if (typeOf(array) !== 'array') {
+			array = [array];
+		}
+
+		for (var i in needles) {
+			if (inArray(needles[i], array) === -1) {
+				diff.push(needles[i]);
+			}	
+		}
+		return diff.length ? diff : false;
+	};
+
+
+	/**
+	Find intersection of two arrays.
+
+	@private
+	@method arrayIntersect
+	@param {Array} array1
+	@param {Array} array2
+	@return {Array} Intersection of two arrays or null if there is none
+	*/
+	var arrayIntersect = function(array1, array2) {
+		var result = [];
+		each(array1, function(item) {
+			if (inArray(item, array2) !== -1) {
+				result.push(item);
+			}
+		});
+		return result.length ? result : null;
+	};
+	
+	
+	/**
+	Forces anything into an array.
+	
+	@method toArray
+	@static
+	@param {Object} obj Object with length field.
+	@return {Array} Array object containing all items.
+	*/
+	var toArray = function(obj) {
+		var i, arr = [];
+
+		for (i = 0; i < obj.length; i++) {
+			arr[i] = obj[i];
+		}
+
+		return arr;
+	};
+	
+			
+	/**
+	Generates an unique ID. This is 99.99% unique since it takes the current time and 5 random numbers.
+	The only way a user would be able to get the same ID is if the two persons at the same exact milisecond manages
+	to get 5 the same random numbers between 0-65535 it also uses a counter so each call will be guaranteed to be page unique.
+	It's more probable for the earth to be hit with an ansteriod. Y
+	
+	@method guid
+	@static
+	@param {String} prefix to prepend (by default 'o' will be prepended).
+	@method guid
+	@return {String} Virtually unique id.
+	*/
+	var guid = (function() {
+		var counter = 0;
+		
+		return function(prefix) {
+			var guid = new Date().getTime().toString(32), i;
+
+			for (i = 0; i < 5; i++) {
+				guid += Math.floor(Math.random() * 65535).toString(32);
+			}
+			
+			return (prefix || 'o_') + guid + (counter++).toString(32);
+		};
+	}());
+	
+
+	/**
+	Trims white spaces around the string
+	
+	@method trim
+	@static
+	@param {String} str
+	@return {String}
+	*/
+	var trim = function(str) {
+		if (!str) {
+			return str;
+		}
+		return String.prototype.trim ? String.prototype.trim.call(str) : str.toString().replace(/^\s*/, '').replace(/\s*$/, '');
+	};
+
+
+	/**
+	Parses the specified size string into a byte value. For example 10kb becomes 10240.
+	
+	@method parseSizeStr
+	@static
+	@param {String/Number} size String to parse or number to just pass through.
+	@return {Number} Size in bytes.
+	*/
+	var parseSizeStr = function(size) {
+		if (typeof(size) !== 'string') {
+			return size;
+		}
+		
+		var muls = {
+				t: 1099511627776,
+				g: 1073741824,
+				m: 1048576,
+				k: 1024
+			},
+			mul;
+
+		size = /^([0-9]+)([mgk]?)$/.exec(size.toLowerCase().replace(/[^0-9mkg]/g, ''));
+		mul = size[2];
+		size = +size[1];
+		
+		if (muls.hasOwnProperty(mul)) {
+			size *= muls[mul];
+		}
+		return size;
+	};
+	
+
+	return {
+		guid: guid,
+		typeOf: typeOf,
+		extend: extend,
+		each: each,
+		isEmptyObj: isEmptyObj,
+		inSeries: inSeries,
+		inParallel: inParallel,
+		inArray: inArray,
+		arrayDiff: arrayDiff,
+		arrayIntersect: arrayIntersect,
+		toArray: toArray,
+		trim: trim,
+		parseSizeStr: parseSizeStr
+	};
+});
+
+// Included from: src/javascript/core/I18n.js
+
+/**
+ * I18n.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/core/I18n", [
+	"moxie/core/utils/Basic"
+], function(Basic) {
+	var i18n = {};
+
+	return {
+		/**
+		 * Extends the language pack object with new items.
+		 *
+		 * @param {Object} pack Language pack items to add.
+		 * @return {Object} Extended language pack object.
+		 */
+		addI18n: function(pack) {
+			return Basic.extend(i18n, pack);
+		},
+
+		/**
+		 * Translates the specified string by checking for the english string in the language pack lookup.
+		 *
+		 * @param {String} str String to look for.
+		 * @return {String} Translated string or the input string if it wasn't found.
+		 */
+		translate: function(str) {
+			return i18n[str] || str;
+		},
+
+		/**
+		 * Shortcut for translate function
+		 *
+		 * @param {String} str String to look for.
+		 * @return {String} Translated string or the input string if it wasn't found.
+		 */
+		_: function(str) {
+			return this.translate(str);
+		},
+
+		/**
+		 * Pseudo sprintf implementation - simple way to replace tokens with specified values.
+		 *
+		 * @param {String} str String with tokens
+		 * @return {String} String with replaced tokens
+		 */
+		sprintf: function(str) {
+			var args = [].slice.call(arguments, 1);
+
+			return str.replace(/%[a-z]/g, function() {
+				var value = args.shift();
+				return Basic.typeOf(value) !== 'undefined' ? value : '';
+			});
+		}
+	};
+});
+
+// Included from: src/javascript/core/utils/Mime.js
+
+/**
+ * Mime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/core/utils/Mime", [
+	"moxie/core/utils/Basic",
+	"moxie/core/I18n"
+], function(Basic, I18n) {
+	
+	var mimeData = "" +
+		"application/msword,doc dot," +
+		"application/pdf,pdf," +
+		"application/pgp-signature,pgp," +
+		"application/postscript,ps ai eps," +
+		"application/rtf,rtf," +
+		"application/vnd.ms-excel,xls xlb," +
+		"application/vnd.ms-powerpoint,ppt pps pot," +
+		"application/zip,zip," +
+		"application/x-shockwave-flash,swf swfl," +
+		"application/vnd.openxmlformats-officedocument.wordprocessingml.document,docx," +
+		"application/vnd.openxmlformats-officedocument.wordprocessingml.template,dotx," +
+		"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,xlsx," +
+		"application/vnd.openxmlformats-officedocument.presentationml.presentation,pptx," +
+		"application/vnd.openxmlformats-officedocument.presentationml.template,potx," +
+		"application/vnd.openxmlformats-officedocument.presentationml.slideshow,ppsx," +
+		"application/x-javascript,js," +
+		"application/json,json," +
+		"audio/mpeg,mp3 mpga mpega mp2," +
+		"audio/x-wav,wav," +
+		"audio/x-m4a,m4a," +
+		"audio/ogg,oga ogg," +
+		"audio/aiff,aiff aif," +
+		"audio/flac,flac," +
+		"audio/aac,aac," +
+		"audio/ac3,ac3," +
+		"audio/x-ms-wma,wma," +
+		"image/bmp,bmp," +
+		"image/gif,gif," +
+		"image/jpeg,jpg jpeg jpe," +
+		"image/photoshop,psd," +
+		"image/png,png," +
+		"image/svg+xml,svg svgz," +
+		"image/tiff,tiff tif," +
+		"text/plain,asc txt text diff log," +
+		"text/html,htm html xhtml," +
+		"text/css,css," +
+		"text/csv,csv," +
+		"text/rtf,rtf," +
+		"video/mpeg,mpeg mpg mpe m2v," +
+		"video/quicktime,qt mov," +
+		"video/mp4,mp4," +
+		"video/x-m4v,m4v," +
+		"video/x-flv,flv," +
+		"video/x-ms-wmv,wmv," +
+		"video/avi,avi," +
+		"video/webm,webm," +
+		"video/3gpp,3gpp 3gp," +
+		"video/3gpp2,3g2," +
+		"video/vnd.rn-realvideo,rv," +
+		"video/ogg,ogv," + 
+		"video/x-matroska,mkv," +
+		"application/vnd.oasis.opendocument.formula-template,otf," +
+		"application/octet-stream,exe";
+	
+	
+	var Mime = {
+
+		mimes: {},
+
+		extensions: {},
+
+		// Parses the default mime types string into a mimes and extensions lookup maps
+		addMimeType: function (mimeData) {
+			var items = mimeData.split(/,/), i, ii, ext;
+			
+			for (i = 0; i < items.length; i += 2) {
+				ext = items[i + 1].split(/ /);
+
+				// extension to mime lookup
+				for (ii = 0; ii < ext.length; ii++) {
+					this.mimes[ext[ii]] = items[i];
+				}
+				// mime to extension lookup
+				this.extensions[items[i]] = ext;
+			}
+		},
+
+
+		extList2mimes: function (filters, addMissingExtensions) {
+			var self = this, ext, i, ii, type, mimes = [];
+			
+			// convert extensions to mime types list
+			for (i = 0; i < filters.length; i++) {
+				ext = filters[i].extensions.split(/\s*,\s*/);
+
+				for (ii = 0; ii < ext.length; ii++) {
+					
+					// if there's an asterisk in the list, then accept attribute is not required
+					if (ext[ii] === '*') {
+						return [];
+					}
+					
+					type = self.mimes[ext[ii]];
+					if (!type) {
+						if (addMissingExtensions && /^\w+$/.test(ext[ii])) {
+							mimes.push('.' + ext[ii]);
+						} else {
+							return []; // accept all
+						}
+					} else if (Basic.inArray(type, mimes) === -1) {
+						mimes.push(type);
+					}
+				}
+			}
+			return mimes;
+		},
+
+
+		mimes2exts: function(mimes) {
+			var self = this, exts = [];
+			
+			Basic.each(mimes, function(mime) {
+				if (mime === '*') {
+					exts = [];
+					return false;
+				}
+
+				// check if this thing looks like mime type
+				var m = mime.match(/^(\w+)\/(\*|\w+)$/);
+				if (m) {
+					if (m[2] === '*') { 
+						// wildcard mime type detected
+						Basic.each(self.extensions, function(arr, mime) {
+							if ((new RegExp('^' + m[1] + '/')).test(mime)) {
+								[].push.apply(exts, self.extensions[mime]);
+							}
+						});
+					} else if (self.extensions[mime]) {
+						[].push.apply(exts, self.extensions[mime]);
+					}
+				}
+			});
+			return exts;
+		},
+
+
+		mimes2extList: function(mimes) {
+			var accept = [], exts = [];
+
+			if (Basic.typeOf(mimes) === 'string') {
+				mimes = Basic.trim(mimes).split(/\s*,\s*/);
+			}
+
+			exts = this.mimes2exts(mimes);
+			
+			accept.push({
+				title: I18n.translate('Files'),
+				extensions: exts.length ? exts.join(',') : '*'
+			});
+			
+			// save original mimes string
+			accept.mimes = mimes;
+
+			return accept;
+		},
+
+
+		getFileExtension: function(fileName) {
+			var matches = fileName && fileName.match(/\.([^.]+)$/);
+			if (matches) {
+				return matches[1].toLowerCase();
+			}
+			return '';
+		},
+
+		getFileMime: function(fileName) {
+			return this.mimes[this.getFileExtension(fileName)] || '';
+		}
+	};
+
+	Mime.addMimeType(mimeData);
+
+	return Mime;
+});
+
+// Included from: src/javascript/core/utils/Env.js
+
+/**
+ * Env.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/core/utils/Env", [
+	"moxie/core/utils/Basic"
+], function(Basic) {
+	
+	// UAParser.js v0.6.2
+	// Lightweight JavaScript-based User-Agent string parser
+	// https://github.com/faisalman/ua-parser-js
+	//
+	// Copyright © 2012-2013 Faisalman <fyzlman@gmail.com>
+	// Dual licensed under GPLv2 & MIT
+
+	var UAParser = (function (undefined) {
+
+	    //////////////
+	    // Constants
+	    /////////////
+
+
+	    var EMPTY       = '',
+	        UNKNOWN     = '?',
+	        FUNC_TYPE   = 'function',
+	        UNDEF_TYPE  = 'undefined',
+	        OBJ_TYPE    = 'object',
+	        MAJOR       = 'major',
+	        MODEL       = 'model',
+	        NAME        = 'name',
+	        TYPE        = 'type',
+	        VENDOR      = 'vendor',
+	        VERSION     = 'version',
+	        ARCHITECTURE= 'architecture',
+	        CONSOLE     = 'console',
+	        MOBILE      = 'mobile',
+	        TABLET      = 'tablet';
+
+
+	    ///////////
+	    // Helper
+	    //////////
+
+
+	    var util = {
+	        has : function (str1, str2) {
+	            return str2.toLowerCase().indexOf(str1.toLowerCase()) !== -1;
+	        },
+	        lowerize : function (str) {
+	            return str.toLowerCase();
+	        }
+	    };
+
+
+	    ///////////////
+	    // Map helper
+	    //////////////
+
+
+	    var mapper = {
+
+	        rgx : function () {
+
+	            // loop through all regexes maps
+	            for (var result, i = 0, j, k, p, q, matches, match, args = arguments; i < args.length; i += 2) {
+
+	                var regex = args[i],       // even sequence (0,2,4,..)
+	                    props = args[i + 1];   // odd sequence (1,3,5,..)
+
+	                // construct object barebones
+	                if (typeof(result) === UNDEF_TYPE) {
+	                    result = {};
+	                    for (p in props) {
+	                        q = props[p];
+	                        if (typeof(q) === OBJ_TYPE) {
+	                            result[q[0]] = undefined;
+	                        } else {
+	                            result[q] = undefined;
+	                        }
+	                    }
+	                }
+
+	                // try matching uastring with regexes
+	                for (j = k = 0; j < regex.length; j++) {
+	                    matches = regex[j].exec(this.getUA());
+	                    if (!!matches) {
+	                        for (p = 0; p < props.length; p++) {
+	                            match = matches[++k];
+	                            q = props[p];
+	                            // check if given property is actually array
+	                            if (typeof(q) === OBJ_TYPE && q.length > 0) {
+	                                if (q.length == 2) {
+	                                    if (typeof(q[1]) == FUNC_TYPE) {
+	                                        // assign modified match
+	                                        result[q[0]] = q[1].call(this, match);
+	                                    } else {
+	                                        // assign given value, ignore regex match
+	                                        result[q[0]] = q[1];
+	                                    }
+	                                } else if (q.length == 3) {
+	                                    // check whether function or regex
+	                                    if (typeof(q[1]) === FUNC_TYPE && !(q[1].exec && q[1].test)) {
+	                                        // call function (usually string mapper)
+	                                        result[q[0]] = match ? q[1].call(this, match, q[2]) : undefined;
+	                                    } else {
+	                                        // sanitize match using given regex
+	                                        result[q[0]] = match ? match.replace(q[1], q[2]) : undefined;
+	                                    }
+	                                } else if (q.length == 4) {
+	                                        result[q[0]] = match ? q[3].call(this, match.replace(q[1], q[2])) : undefined;
+	                                }
+	                            } else {
+	                                result[q] = match ? match : undefined;
+	                            }
+	                        }
+	                        break;
+	                    }
+	                }
+
+	                if(!!matches) break; // break the loop immediately if match found
+	            }
+	            return result;
+	        },
+
+	        str : function (str, map) {
+
+	            for (var i in map) {
+	                // check if array
+	                if (typeof(map[i]) === OBJ_TYPE && map[i].length > 0) {
+	                    for (var j = 0; j < map[i].length; j++) {
+	                        if (util.has(map[i][j], str)) {
+	                            return (i === UNKNOWN) ? undefined : i;
+	                        }
+	                    }
+	                } else if (util.has(map[i], str)) {
+	                    return (i === UNKNOWN) ? undefined : i;
+	                }
+	            }
+	            return str;
+	        }
+	    };
+
+
+	    ///////////////
+	    // String map
+	    //////////////
+
+
+	    var maps = {
+
+	        browser : {
+	            oldsafari : {
+	                major : {
+	                    '1' : ['/8', '/1', '/3'],
+	                    '2' : '/4',
+	                    '?' : '/'
+	                },
+	                version : {
+	                    '1.0'   : '/8',
+	                    '1.2'   : '/1',
+	                    '1.3'   : '/3',
+	                    '2.0'   : '/412',
+	                    '2.0.2' : '/416',
+	                    '2.0.3' : '/417',
+	                    '2.0.4' : '/419',
+	                    '?'     : '/'
+	                }
+	            }
+	        },
+
+	        device : {
+	            sprint : {
+	                model : {
+	                    'Evo Shift 4G' : '7373KT'
+	                },
+	                vendor : {
+	                    'HTC'       : 'APA',
+	                    'Sprint'    : 'Sprint'
+	                }
+	            }
+	        },
+
+	        os : {
+	            windows : {
+	                version : {
+	                    'ME'        : '4.90',
+	                    'NT 3.11'   : 'NT3.51',
+	                    'NT 4.0'    : 'NT4.0',
+	                    '2000'      : 'NT 5.0',
+	                    'XP'        : ['NT 5.1', 'NT 5.2'],
+	                    'Vista'     : 'NT 6.0',
+	                    '7'         : 'NT 6.1',
+	                    '8'         : 'NT 6.2',
+	                    '8.1'       : 'NT 6.3',
+	                    'RT'        : 'ARM'
+	                }
+	            }
+	        }
+	    };
+
+
+	    //////////////
+	    // Regex map
+	    /////////////
+
+
+	    var regexes = {
+
+	        browser : [[
+
+	            // Presto based
+	            /(opera\smini)\/((\d+)?[\w\.-]+)/i,                                 // Opera Mini
+	            /(opera\s[mobiletab]+).+version\/((\d+)?[\w\.-]+)/i,                // Opera Mobi/Tablet
+	            /(opera).+version\/((\d+)?[\w\.]+)/i,                               // Opera > 9.80
+	            /(opera)[\/\s]+((\d+)?[\w\.]+)/i                                    // Opera < 9.80
+	            
+	            ], [NAME, VERSION, MAJOR], [
+
+	            /\s(opr)\/((\d+)?[\w\.]+)/i                                         // Opera Webkit
+	            ], [[NAME, 'Opera'], VERSION, MAJOR], [
+
+	            // Mixed
+	            /(kindle)\/((\d+)?[\w\.]+)/i,                                       // Kindle
+	            /(lunascape|maxthon|netfront|jasmine|blazer)[\/\s]?((\d+)?[\w\.]+)*/i,
+	                                                                                // Lunascape/Maxthon/Netfront/Jasmine/Blazer
+
+	            // Trident based
+	            /(avant\s|iemobile|slim|baidu)(?:browser)?[\/\s]?((\d+)?[\w\.]*)/i,
+	                                                                                // Avant/IEMobile/SlimBrowser/Baidu
+	            /(?:ms|\()(ie)\s((\d+)?[\w\.]+)/i,                                  // Internet Explorer
+
+	            // Webkit/KHTML based
+	            /(rekonq)((?:\/)[\w\.]+)*/i,                                        // Rekonq
+	            /(chromium|flock|rockmelt|midori|epiphany|silk|skyfire|ovibrowser|bolt|iron)\/((\d+)?[\w\.-]+)/i
+	                                                                                // Chromium/Flock/RockMelt/Midori/Epiphany/Silk/Skyfire/Bolt/Iron
+	            ], [NAME, VERSION, MAJOR], [
+
+	            /(trident).+rv[:\s]((\d+)?[\w\.]+).+like\sgecko/i                   // IE11
+	            ], [[NAME, 'IE'], VERSION, MAJOR], [
+
+	            /(yabrowser)\/((\d+)?[\w\.]+)/i                                     // Yandex
+	            ], [[NAME, 'Yandex'], VERSION, MAJOR], [
+
+	            /(comodo_dragon)\/((\d+)?[\w\.]+)/i                                 // Comodo Dragon
+	            ], [[NAME, /_/g, ' '], VERSION, MAJOR], [
+
+	            /(chrome|omniweb|arora|[tizenoka]{5}\s?browser)\/v?((\d+)?[\w\.]+)/i
+	                                                                                // Chrome/OmniWeb/Arora/Tizen/Nokia
+	            ], [NAME, VERSION, MAJOR], [
+
+	            /(dolfin)\/((\d+)?[\w\.]+)/i                                        // Dolphin
+	            ], [[NAME, 'Dolphin'], VERSION, MAJOR], [
+
+	            /((?:android.+)crmo|crios)\/((\d+)?[\w\.]+)/i                       // Chrome for Android/iOS
+	            ], [[NAME, 'Chrome'], VERSION, MAJOR], [
+
+	            /((?:android.+))version\/((\d+)?[\w\.]+)\smobile\ssafari/i          // Android Browser
+	            ], [[NAME, 'Android Browser'], VERSION, MAJOR], [
+
+	            /version\/((\d+)?[\w\.]+).+?mobile\/\w+\s(safari)/i                 // Mobile Safari
+	            ], [VERSION, MAJOR, [NAME, 'Mobile Safari']], [
+
+	            /version\/((\d+)?[\w\.]+).+?(mobile\s?safari|safari)/i              // Safari & Safari Mobile
+	            ], [VERSION, MAJOR, NAME], [
+
+	            /webkit.+?(mobile\s?safari|safari)((\/[\w\.]+))/i                   // Safari < 3.0
+	            ], [NAME, [MAJOR, mapper.str, maps.browser.oldsafari.major], [VERSION, mapper.str, maps.browser.oldsafari.version]], [
+
+	            /(konqueror)\/((\d+)?[\w\.]+)/i,                                    // Konqueror
+	            /(webkit|khtml)\/((\d+)?[\w\.]+)/i
+	            ], [NAME, VERSION, MAJOR], [
+
+	            // Gecko based
+	            /(navigator|netscape)\/((\d+)?[\w\.-]+)/i                           // Netscape
+	            ], [[NAME, 'Netscape'], VERSION, MAJOR], [
+	            /(swiftfox)/i,                                                      // Swiftfox
+	            /(icedragon|iceweasel|camino|chimera|fennec|maemo\sbrowser|minimo|conkeror)[\/\s]?((\d+)?[\w\.\+]+)/i,
+	                                                                                // IceDragon/Iceweasel/Camino/Chimera/Fennec/Maemo/Minimo/Conkeror
+	            /(firefox|seamonkey|k-meleon|icecat|iceape|firebird|phoenix)\/((\d+)?[\w\.-]+)/i,
+	                                                                                // Firefox/SeaMonkey/K-Meleon/IceCat/IceApe/Firebird/Phoenix
+	            /(mozilla)\/((\d+)?[\w\.]+).+rv\:.+gecko\/\d+/i,                    // Mozilla
+
+	            // Other
+	            /(uc\s?browser|polaris|lynx|dillo|icab|doris|amaya|w3m|netsurf|qqbrowser)[\/\s]?((\d+)?[\w\.]+)/i,
+	                                                                                // UCBrowser/Polaris/Lynx/Dillo/iCab/Doris/Amaya/w3m/NetSurf/QQBrowser
+	            /(links)\s\(((\d+)?[\w\.]+)/i,                                      // Links
+	            /(gobrowser)\/?((\d+)?[\w\.]+)*/i,                                  // GoBrowser
+	            /(ice\s?browser)\/v?((\d+)?[\w\._]+)/i,                             // ICE Browser
+	            /(mosaic)[\/\s]((\d+)?[\w\.]+)/i                                    // Mosaic
+	            ], [NAME, VERSION, MAJOR]
+	        ],
+
+	        engine : [[
+
+	            /(presto)\/([\w\.]+)/i,                                             // Presto
+	            /(webkit|trident|netfront|netsurf|amaya|lynx|w3m)\/([\w\.]+)/i,     // WebKit/Trident/NetFront/NetSurf/Amaya/Lynx/w3m
+	            /(khtml|tasman|links)[\/\s]\(?([\w\.]+)/i,                          // KHTML/Tasman/Links
+	            /(icab)[\/\s]([23]\.[\d\.]+)/i                                      // iCab
+	            ], [NAME, VERSION], [
+
+	            /rv\:([\w\.]+).*(gecko)/i                                           // Gecko
+	            ], [VERSION, NAME]
+	        ],
+
+	        os : [[
+
+	            // Windows based
+	            /(windows)\snt\s6\.2;\s(arm)/i,                                     // Windows RT
+	            /(windows\sphone(?:\sos)*|windows\smobile|windows)[\s\/]?([ntce\d\.\s]+\w)/i
+	            ], [NAME, [VERSION, mapper.str, maps.os.windows.version]], [
+	            /(win(?=3|9|n)|win\s9x\s)([nt\d\.]+)/i
+	            ], [[NAME, 'Windows'], [VERSION, mapper.str, maps.os.windows.version]], [
+
+	            // Mobile/Embedded OS
+	            /\((bb)(10);/i                                                      // BlackBerry 10
+	            ], [[NAME, 'BlackBerry'], VERSION], [
+	            /(blackberry)\w*\/?([\w\.]+)*/i,                                    // Blackberry
+	            /(tizen)\/([\w\.]+)/i,                                              // Tizen
+	            /(android|webos|palm\os|qnx|bada|rim\stablet\sos|meego)[\/\s-]?([\w\.]+)*/i
+	                                                                                // Android/WebOS/Palm/QNX/Bada/RIM/MeeGo
+	            ], [NAME, VERSION], [
+	            /(symbian\s?os|symbos|s60(?=;))[\/\s-]?([\w\.]+)*/i                 // Symbian
+	            ], [[NAME, 'Symbian'], VERSION],[
+	            /mozilla.+\(mobile;.+gecko.+firefox/i                               // Firefox OS
+	            ], [[NAME, 'Firefox OS'], VERSION], [
+
+	            // Console
+	            /(nintendo|playstation)\s([wids3portablevu]+)/i,                    // Nintendo/Playstation
+
+	            // GNU/Linux based
+	            /(mint)[\/\s\(]?(\w+)*/i,                                           // Mint
+	            /(joli|[kxln]?ubuntu|debian|[open]*suse|gentoo|arch|slackware|fedora|mandriva|centos|pclinuxos|redhat|zenwalk)[\/\s-]?([\w\.-]+)*/i,
+	                                                                                // Joli/Ubuntu/Debian/SUSE/Gentoo/Arch/Slackware
+	                                                                                // Fedora/Mandriva/CentOS/PCLinuxOS/RedHat/Zenwalk
+	            /(hurd|linux)\s?([\w\.]+)*/i,                                       // Hurd/Linux
+	            /(gnu)\s?([\w\.]+)*/i                                               // GNU
+	            ], [NAME, VERSION], [
+
+	            /(cros)\s[\w]+\s([\w\.]+\w)/i                                       // Chromium OS
+	            ], [[NAME, 'Chromium OS'], VERSION],[
+
+	            // Solaris
+	            /(sunos)\s?([\w\.]+\d)*/i                                           // Solaris
+	            ], [[NAME, 'Solaris'], VERSION], [
+
+	            // BSD based
+	            /\s([frentopc-]{0,4}bsd|dragonfly)\s?([\w\.]+)*/i                   // FreeBSD/NetBSD/OpenBSD/PC-BSD/DragonFly
+	            ], [NAME, VERSION],[
+
+	            /(ip[honead]+)(?:.*os\s*([\w]+)*\slike\smac|;\sopera)/i             // iOS
+	            ], [[NAME, 'iOS'], [VERSION, /_/g, '.']], [
+
+	            /(mac\sos\sx)\s?([\w\s\.]+\w)*/i                                    // Mac OS
+	            ], [NAME, [VERSION, /_/g, '.']], [
+
+	            // Other
+	            /(haiku)\s(\w+)/i,                                                  // Haiku
+	            /(aix)\s((\d)(?=\.|\)|\s)[\w\.]*)*/i,                               // AIX
+	            /(macintosh|mac(?=_powerpc)|plan\s9|minix|beos|os\/2|amigaos|morphos|risc\sos)/i,
+	                                                                                // Plan9/Minix/BeOS/OS2/AmigaOS/MorphOS/RISCOS
+	            /(unix)\s?([\w\.]+)*/i                                              // UNIX
+	            ], [NAME, VERSION]
+	        ]
+	    };
+
+
+	    /////////////////
+	    // Constructor
+	    ////////////////
+
+
+	    var UAParser = function (uastring) {
+
+	        var ua = uastring || ((window && window.navigator && window.navigator.userAgent) ? window.navigator.userAgent : EMPTY);
+
+	        this.getBrowser = function () {
+	            return mapper.rgx.apply(this, regexes.browser);
+	        };
+	        this.getEngine = function () {
+	            return mapper.rgx.apply(this, regexes.engine);
+	        };
+	        this.getOS = function () {
+	            return mapper.rgx.apply(this, regexes.os);
+	        };
+	        this.getResult = function() {
+	            return {
+	                ua      : this.getUA(),
+	                browser : this.getBrowser(),
+	                engine  : this.getEngine(),
+	                os      : this.getOS()
+	            };
+	        };
+	        this.getUA = function () {
+	            return ua;
+	        };
+	        this.setUA = function (uastring) {
+	            ua = uastring;
+	            return this;
+	        };
+	        this.setUA(ua);
+	    };
+
+	    return new UAParser().getResult();
+	})();
+
+
+	function version_compare(v1, v2, operator) {
+	  // From: http://phpjs.org/functions
+	  // +      original by: Philippe Jausions (http://pear.php.net/user/jausions)
+	  // +      original by: Aidan Lister (http://aidanlister.com/)
+	  // + reimplemented by: Kankrelune (http://www.webfaktory.info/)
+	  // +      improved by: Brett Zamir (http://brett-zamir.me)
+	  // +      improved by: Scott Baker
+	  // +      improved by: Theriault
+	  // *        example 1: version_compare('8.2.5rc', '8.2.5a');
+	  // *        returns 1: 1
+	  // *        example 2: version_compare('8.2.50', '8.2.52', '<');
+	  // *        returns 2: true
+	  // *        example 3: version_compare('5.3.0-dev', '5.3.0');
+	  // *        returns 3: -1
+	  // *        example 4: version_compare('4.1.0.52','4.01.0.51');
+	  // *        returns 4: 1
+
+	  // Important: compare must be initialized at 0.
+	  var i = 0,
+	    x = 0,
+	    compare = 0,
+	    // vm maps textual PHP versions to negatives so they're less than 0.
+	    // PHP currently defines these as CASE-SENSITIVE. It is important to
+	    // leave these as negatives so that they can come before numerical versions
+	    // and as if no letters were there to begin with.
+	    // (1alpha is < 1 and < 1.1 but > 1dev1)
+	    // If a non-numerical value can't be mapped to this table, it receives
+	    // -7 as its value.
+	    vm = {
+	      'dev': -6,
+	      'alpha': -5,
+	      'a': -5,
+	      'beta': -4,
+	      'b': -4,
+	      'RC': -3,
+	      'rc': -3,
+	      '#': -2,
+	      'p': 1,
+	      'pl': 1
+	    },
+	    // This function will be called to prepare each version argument.
+	    // It replaces every _, -, and + with a dot.
+	    // It surrounds any nonsequence of numbers/dots with dots.
+	    // It replaces sequences of dots with a single dot.
+	    //    version_compare('4..0', '4.0') == 0
+	    // Important: A string of 0 length needs to be converted into a value
+	    // even less than an unexisting value in vm (-7), hence [-8].
+	    // It's also important to not strip spaces because of this.
+	    //   version_compare('', ' ') == 1
+	    prepVersion = function (v) {
+	      v = ('' + v).replace(/[_\-+]/g, '.');
+	      v = v.replace(/([^.\d]+)/g, '.$1.').replace(/\.{2,}/g, '.');
+	      return (!v.length ? [-8] : v.split('.'));
+	    },
+	    // This converts a version component to a number.
+	    // Empty component becomes 0.
+	    // Non-numerical component becomes a negative number.
+	    // Numerical component becomes itself as an integer.
+	    numVersion = function (v) {
+	      return !v ? 0 : (isNaN(v) ? vm[v] || -7 : parseInt(v, 10));
+	    };
+
+	  v1 = prepVersion(v1);
+	  v2 = prepVersion(v2);
+	  x = Math.max(v1.length, v2.length);
+	  for (i = 0; i < x; i++) {
+	    if (v1[i] == v2[i]) {
+	      continue;
+	    }
+	    v1[i] = numVersion(v1[i]);
+	    v2[i] = numVersion(v2[i]);
+	    if (v1[i] < v2[i]) {
+	      compare = -1;
+	      break;
+	    } else if (v1[i] > v2[i]) {
+	      compare = 1;
+	      break;
+	    }
+	  }
+	  if (!operator) {
+	    return compare;
+	  }
+
+	  // Important: operator is CASE-SENSITIVE.
+	  // "No operator" seems to be treated as "<."
+	  // Any other values seem to make the function return null.
+	  switch (operator) {
+	  case '>':
+	  case 'gt':
+	    return (compare > 0);
+	  case '>=':
+	  case 'ge':
+	    return (compare >= 0);
+	  case '<=':
+	  case 'le':
+	    return (compare <= 0);
+	  case '==':
+	  case '=':
+	  case 'eq':
+	    return (compare === 0);
+	  case '<>':
+	  case '!=':
+	  case 'ne':
+	    return (compare !== 0);
+	  case '':
+	  case '<':
+	  case 'lt':
+	    return (compare < 0);
+	  default:
+	    return null;
+	  }
+	}
+
+
+	var can = (function() {
+		var caps = {
+				define_property: (function() {
+					/* // currently too much extra code required, not exactly worth it
+					try { // as of IE8, getters/setters are supported only on DOM elements
+						var obj = {};
+						if (Object.defineProperty) {
+							Object.defineProperty(obj, 'prop', {
+								enumerable: true,
+								configurable: true
+							});
+							return true;
+						}
+					} catch(ex) {}
+
+					if (Object.prototype.__defineGetter__ && Object.prototype.__defineSetter__) {
+						return true;
+					}*/
+					return false;
+				}()),
+
+				create_canvas: (function() {
+					// On the S60 and BB Storm, getContext exists, but always returns undefined
+					// so we actually have to call getContext() to verify
+					// github.com/Modernizr/Modernizr/issues/issue/97/
+					var el = document.createElement('canvas');
+					return !!(el.getContext && el.getContext('2d'));
+				}()),
+
+				return_response_type: function(responseType) {
+					try {
+						if (Basic.inArray(responseType, ['', 'text', 'document']) !== -1) {
+							return true;
+						} else if (window.XMLHttpRequest) {
+							var xhr = new XMLHttpRequest();
+							xhr.open('get', '/'); // otherwise Gecko throws an exception
+							if ('responseType' in xhr) {
+								xhr.responseType = responseType;
+								// as of 23.0.1271.64, Chrome switched from throwing exception to merely logging it to the console (why? o why?)
+								if (xhr.responseType !== responseType) {
+									return false;
+								}
+								return true;
+							}
+						}
+					} catch (ex) {}
+					return false;
+				},
+
+				// ideas for this heavily come from Modernizr (http://modernizr.com/)
+				use_data_uri: (function() {
+					var du = new Image();
+
+					du.onload = function() {
+						caps.use_data_uri = (du.width === 1 && du.height === 1);
+					};
+					
+					setTimeout(function() {
+						du.src = "data:image/gif;base64,R0lGODlhAQABAIAAAP8AAAAAACH5BAAAAAAALAAAAAABAAEAAAICRAEAOw==";
+					}, 1);
+					return false;
+				}()),
+
+				use_data_uri_over32kb: function() { // IE8
+					return caps.use_data_uri && (Env.browser !== 'IE' || Env.version >= 9);
+				},
+
+				use_data_uri_of: function(bytes) {
+					return (caps.use_data_uri && bytes < 33000 || caps.use_data_uri_over32kb());
+				},
+
+				use_fileinput: function() {
+					var el = document.createElement('input');
+					el.setAttribute('type', 'file');
+					return !el.disabled;
+				}
+			};
+
+		return function(cap) {
+			var args = [].slice.call(arguments);
+			args.shift(); // shift of cap
+			return Basic.typeOf(caps[cap]) === 'function' ? caps[cap].apply(this, args) : !!caps[cap];
+		};
+	}());
+
+
+	var Env = {
+		can: can,
+		
+		browser: UAParser.browser.name,
+		version: parseFloat(UAParser.browser.major),
+		os: UAParser.os.name, // everybody intuitively types it in a lowercase for some reason
+		osVersion: UAParser.os.version,
+
+		verComp: version_compare,
+		
+		swf_url: "../flash/Moxie.swf",
+		xap_url: "../silverlight/Moxie.xap",
+		global_event_dispatcher: "moxie.core.EventTarget.instance.dispatchEvent"
+	};
+
+	// for backward compatibility
+	// @deprecated Use `Env.os` instead
+	Env.OS = Env.os;
+
+	return Env;
+});
+
+// Included from: src/javascript/core/utils/Dom.js
+
+/**
+ * Dom.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/utils/Dom', ['moxie/core/utils/Env'], function(Env) {
+
+	/**
+	Get DOM Element by it's id.
+
+	@method get
+	@for Utils
+	@param {String} id Identifier of the DOM Element
+	@return {DOMElement}
+	*/
+	var get = function(id) {
+		if (typeof id !== 'string') {
+			return id;
+		}
+		return document.getElementById(id);
+	};
+
+	/**
+	Checks if specified DOM element has specified class.
+
+	@method hasClass
+	@static
+	@param {Object} obj DOM element like object to add handler to.
+	@param {String} name Class name
+	*/
+	var hasClass = function(obj, name) {
+		if (!obj.className) {
+			return false;
+		}
+
+		var regExp = new RegExp("(^|\\s+)"+name+"(\\s+|$)");
+		return regExp.test(obj.className);
+	};
+
+	/**
+	Adds specified className to specified DOM element.
+
+	@method addClass
+	@static
+	@param {Object} obj DOM element like object to add handler to.
+	@param {String} name Class name
+	*/
+	var addClass = function(obj, name) {
+		if (!hasClass(obj, name)) {
+			obj.className = !obj.className ? name : obj.className.replace(/\s+$/, '') + ' ' + name;
+		}
+	};
+
+	/**
+	Removes specified className from specified DOM element.
+
+	@method removeClass
+	@static
+	@param {Object} obj DOM element like object to add handler to.
+	@param {String} name Class name
+	*/
+	var removeClass = function(obj, name) {
+		if (obj.className) {
+			var regExp = new RegExp("(^|\\s+)"+name+"(\\s+|$)");
+			obj.className = obj.className.replace(regExp, function($0, $1, $2) {
+				return $1 === ' ' && $2 === ' ' ? ' ' : '';
+			});
+		}
+	};
+
+	/**
+	Returns a given computed style of a DOM element.
+
+	@method getStyle
+	@static
+	@param {Object} obj DOM element like object.
+	@param {String} name Style you want to get from the DOM element
+	*/
+	var getStyle = function(obj, name) {
+		if (obj.currentStyle) {
+			return obj.currentStyle[name];
+		} else if (window.getComputedStyle) {
+			return window.getComputedStyle(obj, null)[name];
+		}
+	};
+
+
+	/**
+	Returns the absolute x, y position of an Element. The position will be returned in a object with x, y fields.
+
+	@method getPos
+	@static
+	@param {Element} node HTML element or element id to get x, y position from.
+	@param {Element} root Optional root element to stop calculations at.
+	@return {object} Absolute position of the specified element object with x, y fields.
+	*/
+	var getPos = function(node, root) {
+		var x = 0, y = 0, parent, doc = document, nodeRect, rootRect;
+
+		node = node;
+		root = root || doc.body;
+
+		// Returns the x, y cordinate for an element on IE 6 and IE 7
+		function getIEPos(node) {
+			var bodyElm, rect, x = 0, y = 0;
+
+			if (node) {
+				rect = node.getBoundingClientRect();
+				bodyElm = doc.compatMode === "CSS1Compat" ? doc.documentElement : doc.body;
+				x = rect.left + bodyElm.scrollLeft;
+				y = rect.top + bodyElm.scrollTop;
+			}
+
+			return {
+				x : x,
+				y : y
+			};
+		}
+
+		// Use getBoundingClientRect on IE 6 and IE 7 but not on IE 8 in standards mode
+		if (node && node.getBoundingClientRect && Env.browser === 'IE' && (!doc.documentMode || doc.documentMode < 8)) {
+			nodeRect = getIEPos(node);
+			rootRect = getIEPos(root);
+
+			return {
+				x : nodeRect.x - rootRect.x,
+				y : nodeRect.y - rootRect.y
+			};
+		}
+
+		parent = node;
+		while (parent && parent != root && parent.nodeType) {
+			x += parent.offsetLeft || 0;
+			y += parent.offsetTop || 0;
+			parent = parent.offsetParent;
+		}
+
+		parent = node.parentNode;
+		while (parent && parent != root && parent.nodeType) {
+			x -= parent.scrollLeft || 0;
+			y -= parent.scrollTop || 0;
+			parent = parent.parentNode;
+		}
+
+		return {
+			x : x,
+			y : y
+		};
+	};
+
+	/**
+	Returns the size of the specified node in pixels.
+
+	@method getSize
+	@static
+	@param {Node} node Node to get the size of.
+	@return {Object} Object with a w and h property.
+	*/
+	var getSize = function(node) {
+		return {
+			w : node.offsetWidth || node.clientWidth,
+			h : node.offsetHeight || node.clientHeight
+		};
+	};
+
+	return {
+		get: get,
+		hasClass: hasClass,
+		addClass: addClass,
+		removeClass: removeClass,
+		getStyle: getStyle,
+		getPos: getPos,
+		getSize: getSize
+	};
+});
+
+// Included from: src/javascript/core/Exceptions.js
+
+/**
+ * Exceptions.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/Exceptions', [
+	'moxie/core/utils/Basic'
+], function(Basic) {
+	function _findKey(obj, value) {
+		var key;
+		for (key in obj) {
+			if (obj[key] === value) {
+				return key;
+			}
+		}
+		return null;
+	}
+
+	return {
+		RuntimeError: (function() {
+			var namecodes = {
+				NOT_INIT_ERR: 1,
+				NOT_SUPPORTED_ERR: 9,
+				JS_ERR: 4
+			};
+
+			function RuntimeError(code) {
+				this.code = code;
+				this.name = _findKey(namecodes, code);
+				this.message = this.name + ": RuntimeError " + this.code;
+			}
+			
+			Basic.extend(RuntimeError, namecodes);
+			RuntimeError.prototype = Error.prototype;
+			return RuntimeError;
+		}()),
+		
+		OperationNotAllowedException: (function() {
+			
+			function OperationNotAllowedException(code) {
+				this.code = code;
+				this.name = 'OperationNotAllowedException';
+			}
+			
+			Basic.extend(OperationNotAllowedException, {
+				NOT_ALLOWED_ERR: 1
+			});
+			
+			OperationNotAllowedException.prototype = Error.prototype;
+			
+			return OperationNotAllowedException;
+		}()),
+
+		ImageError: (function() {
+			var namecodes = {
+				WRONG_FORMAT: 1,
+				MAX_RESOLUTION_ERR: 2
+			};
+
+			function ImageError(code) {
+				this.code = code;
+				this.name = _findKey(namecodes, code);
+				this.message = this.name + ": ImageError " + this.code;
+			}
+			
+			Basic.extend(ImageError, namecodes);
+			ImageError.prototype = Error.prototype;
+
+			return ImageError;
+		}()),
+
+		FileException: (function() {
+			var namecodes = {
+				NOT_FOUND_ERR: 1,
+				SECURITY_ERR: 2,
+				ABORT_ERR: 3,
+				NOT_READABLE_ERR: 4,
+				ENCODING_ERR: 5,
+				NO_MODIFICATION_ALLOWED_ERR: 6,
+				INVALID_STATE_ERR: 7,
+				SYNTAX_ERR: 8
+			};
+
+			function FileException(code) {
+				this.code = code;
+				this.name = _findKey(namecodes, code);
+				this.message = this.name + ": FileException " + this.code;
+			}
+			
+			Basic.extend(FileException, namecodes);
+			FileException.prototype = Error.prototype;
+			return FileException;
+		}()),
+		
+		DOMException: (function() {
+			var namecodes = {
+				INDEX_SIZE_ERR: 1,
+				DOMSTRING_SIZE_ERR: 2,
+				HIERARCHY_REQUEST_ERR: 3,
+				WRONG_DOCUMENT_ERR: 4,
+				INVALID_CHARACTER_ERR: 5,
+				NO_DATA_ALLOWED_ERR: 6,
+				NO_MODIFICATION_ALLOWED_ERR: 7,
+				NOT_FOUND_ERR: 8,
+				NOT_SUPPORTED_ERR: 9,
+				INUSE_ATTRIBUTE_ERR: 10,
+				INVALID_STATE_ERR: 11,
+				SYNTAX_ERR: 12,
+				INVALID_MODIFICATION_ERR: 13,
+				NAMESPACE_ERR: 14,
+				INVALID_ACCESS_ERR: 15,
+				VALIDATION_ERR: 16,
+				TYPE_MISMATCH_ERR: 17,
+				SECURITY_ERR: 18,
+				NETWORK_ERR: 19,
+				ABORT_ERR: 20,
+				URL_MISMATCH_ERR: 21,
+				QUOTA_EXCEEDED_ERR: 22,
+				TIMEOUT_ERR: 23,
+				INVALID_NODE_TYPE_ERR: 24,
+				DATA_CLONE_ERR: 25
+			};
+
+			function DOMException(code) {
+				this.code = code;
+				this.name = _findKey(namecodes, code);
+				this.message = this.name + ": DOMException " + this.code;
+			}
+			
+			Basic.extend(DOMException, namecodes);
+			DOMException.prototype = Error.prototype;
+			return DOMException;
+		}()),
+		
+		EventException: (function() {
+			function EventException(code) {
+				this.code = code;
+				this.name = 'EventException';
+			}
+			
+			Basic.extend(EventException, {
+				UNSPECIFIED_EVENT_TYPE_ERR: 0
+			});
+			
+			EventException.prototype = Error.prototype;
+			
+			return EventException;
+		}())
+	};
+});
+
+// Included from: src/javascript/core/EventTarget.js
+
+/**
+ * EventTarget.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/EventTarget', [
+	'moxie/core/Exceptions',
+	'moxie/core/utils/Basic'
+], function(x, Basic) {
+	/**
+	Parent object for all event dispatching components and objects
+
+	@class EventTarget
+	@constructor EventTarget
+	*/
+	function EventTarget() {
+		// hash of event listeners by object uid
+		var eventpool = {};
+				
+		Basic.extend(this, {
+			
+			/**
+			Unique id of the event dispatcher, usually overriden by children
+
+			@property uid
+			@type String
+			*/
+			uid: null,
+			
+			/**
+			Can be called from within a child  in order to acquire uniqie id in automated manner
+
+			@method init
+			*/
+			init: function() {
+				if (!this.uid) {
+					this.uid = Basic.guid('uid_');
+				}
+			},
+
+			/**
+			Register a handler to a specific event dispatched by the object
+
+			@method addEventListener
+			@param {String} type Type or basically a name of the event to subscribe to
+			@param {Function} fn Callback function that will be called when event happens
+			@param {Number} [priority=0] Priority of the event handler - handlers with higher priorities will be called first
+			@param {Object} [scope=this] A scope to invoke event handler in
+			*/
+			addEventListener: function(type, fn, priority, scope) {
+				var self = this, list;
+				
+				type = Basic.trim(type);
+				
+				if (/\s/.test(type)) {
+					// multiple event types were passed for one handler
+					Basic.each(type.split(/\s+/), function(type) {
+						self.addEventListener(type, fn, priority, scope);
+					});
+					return;
+				}
+				
+				type = type.toLowerCase();
+				priority = parseInt(priority, 10) || 0;
+				
+				list = eventpool[this.uid] && eventpool[this.uid][type] || [];
+				list.push({fn : fn, priority : priority, scope : scope || this});
+				
+				if (!eventpool[this.uid]) {
+					eventpool[this.uid] = {};
+				}
+				eventpool[this.uid][type] = list;
+			},
+			
+			/**
+			Check if any handlers were registered to the specified event
+
+			@method hasEventListener
+			@param {String} type Type or basically a name of the event to check
+			@return {Mixed} Returns a handler if it was found and false, if - not
+			*/
+			hasEventListener: function(type) {
+				return type ? !!(eventpool[this.uid] && eventpool[this.uid][type]) : !!eventpool[this.uid];
+			},
+			
+			/**
+			Unregister the handler from the event, or if former was not specified - unregister all handlers
+
+			@method removeEventListener
+			@param {String} type Type or basically a name of the event
+			@param {Function} [fn] Handler to unregister
+			*/
+			removeEventListener: function(type, fn) {
+				type = type.toLowerCase();
+	
+				var list = eventpool[this.uid] && eventpool[this.uid][type], i;
+	
+				if (list) {
+					if (fn) {
+						for (i = list.length - 1; i >= 0; i--) {
+							if (list[i].fn === fn) {
+								list.splice(i, 1);
+								break;
+							}
+						}
+					} else {
+						list = [];
+					}
+	
+					// delete event list if it has become empty
+					if (!list.length) {
+						delete eventpool[this.uid][type];
+						
+						// and object specific entry in a hash if it has no more listeners attached
+						if (Basic.isEmptyObj(eventpool[this.uid])) {
+							delete eventpool[this.uid];
+						}
+					}
+				}
+			},
+			
+			/**
+			Remove all event handlers from the object
+
+			@method removeAllEventListeners
+			*/
+			removeAllEventListeners: function() {
+				if (eventpool[this.uid]) {
+					delete eventpool[this.uid];
+				}
+			},
+			
+			/**
+			Dispatch the event
+
+			@method dispatchEvent
+			@param {String/Object} Type of event or event object to dispatch
+			@param {Mixed} [...] Variable number of arguments to be passed to a handlers
+			@return {Boolean} true by default and false if any handler returned false
+			*/
+			dispatchEvent: function(type) {
+				var uid, list, args, tmpEvt, evt = {}, result = true, undef;
+				
+				if (Basic.typeOf(type) !== 'string') {
+					// we can't use original object directly (because of Silverlight)
+					tmpEvt = type;
+
+					if (Basic.typeOf(tmpEvt.type) === 'string') {
+						type = tmpEvt.type;
+
+						if (tmpEvt.total !== undef && tmpEvt.loaded !== undef) { // progress event
+							evt.total = tmpEvt.total;
+							evt.loaded = tmpEvt.loaded;
+						}
+						evt.async = tmpEvt.async || false;
+					} else {
+						throw new x.EventException(x.EventException.UNSPECIFIED_EVENT_TYPE_ERR);
+					}
+				}
+				
+				// check if event is meant to be dispatched on an object having specific uid
+				if (type.indexOf('::') !== -1) {
+					(function(arr) {
+						uid = arr[0];
+						type = arr[1];
+					}(type.split('::')));
+				} else {
+					uid = this.uid;
+				}
+				
+				type = type.toLowerCase();
+								
+				list = eventpool[uid] && eventpool[uid][type];
+
+				if (list) {
+					// sort event list by prority
+					list.sort(function(a, b) { return b.priority - a.priority; });
+					
+					args = [].slice.call(arguments);
+					
+					// first argument will be pseudo-event object
+					args.shift();
+					evt.type = type;
+					args.unshift(evt);
+
+					// Dispatch event to all listeners
+					var queue = [];
+					Basic.each(list, function(handler) {
+						// explicitly set the target, otherwise events fired from shims do not get it
+						args[0].target = handler.scope;
+						// if event is marked as async, detach the handler
+						if (evt.async) {
+							queue.push(function(cb) {
+								setTimeout(function() {
+									cb(handler.fn.apply(handler.scope, args) === false);
+								}, 1);
+							});
+						} else {
+							queue.push(function(cb) {
+								cb(handler.fn.apply(handler.scope, args) === false); // if handler returns false stop propagation
+							});
+						}
+					});
+					if (queue.length) {
+						Basic.inSeries(queue, function(err) {
+							result = !err;
+						});
+					}
+				}
+				return result;
+			},
+			
+			/**
+			Alias for addEventListener
+
+			@method bind
+			@protected
+			*/
+			bind: function() {
+				this.addEventListener.apply(this, arguments);
+			},
+			
+			/**
+			Alias for removeEventListener
+
+			@method unbind
+			@protected
+			*/
+			unbind: function() {
+				this.removeEventListener.apply(this, arguments);
+			},
+			
+			/**
+			Alias for removeAllEventListeners
+
+			@method unbindAll
+			@protected
+			*/
+			unbindAll: function() {
+				this.removeAllEventListeners.apply(this, arguments);
+			},
+			
+			/**
+			Alias for dispatchEvent
+
+			@method trigger
+			@protected
+			*/
+			trigger: function() {
+				return this.dispatchEvent.apply(this, arguments);
+			},
+			
+			
+			/**
+			Converts properties of on[event] type to corresponding event handlers,
+			is used to avoid extra hassle around the process of calling them back
+
+			@method convertEventPropsToHandlers
+			@private
+			*/
+			convertEventPropsToHandlers: function(handlers) {
+				var h;
+						
+				if (Basic.typeOf(handlers) !== 'array') {
+					handlers = [handlers];
+				}
+
+				for (var i = 0; i < handlers.length; i++) {
+					h = 'on' + handlers[i];
+					
+					if (Basic.typeOf(this[h]) === 'function') {
+						this.addEventListener(handlers[i], this[h]);
+					} else if (Basic.typeOf(this[h]) === 'undefined') {
+						this[h] = null; // object must have defined event properties, even if it doesn't make use of them
+					}
+				}
+			}
+			
+		});
+	}
+
+	EventTarget.instance = new EventTarget(); 
+
+	return EventTarget;
+});
+
+// Included from: src/javascript/core/utils/Encode.js
+
+/**
+ * Encode.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/utils/Encode', [], function() {
+
+	/**
+	Encode string with UTF-8
+
+	@method utf8_encode
+	@for Utils
+	@static
+	@param {String} str String to encode
+	@return {String} UTF-8 encoded string
+	*/
+	var utf8_encode = function(str) {
+		return unescape(encodeURIComponent(str));
+	};
+	
+	/**
+	Decode UTF-8 encoded string
+
+	@method utf8_decode
+	@static
+	@param {String} str String to decode
+	@return {String} Decoded string
+	*/
+	var utf8_decode = function(str_data) {
+		return decodeURIComponent(escape(str_data));
+	};
+	
+	/**
+	Decode Base64 encoded string (uses browser's default method if available),
+	from: https://raw.github.com/kvz/phpjs/master/functions/url/base64_decode.js
+
+	@method atob
+	@static
+	@param {String} data String to decode
+	@return {String} Decoded string
+	*/
+	var atob = function(data, utf8) {
+		if (typeof(window.atob) === 'function') {
+			return utf8 ? utf8_decode(window.atob(data)) : window.atob(data);
+		}
+
+		// http://kevin.vanzonneveld.net
+		// +   original by: Tyler Akins (http://rumkin.com)
+		// +   improved by: Thunder.m
+		// +      input by: Aman Gupta
+		// +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+		// +   bugfixed by: Onno Marsman
+		// +   bugfixed by: Pellentesque Malesuada
+		// +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+		// +      input by: Brett Zamir (http://brett-zamir.me)
+		// +   bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+		// *     example 1: base64_decode('S2V2aW4gdmFuIFpvbm5ldmVsZA==');
+		// *     returns 1: 'Kevin van Zonneveld'
+		// mozilla has this native
+		// - but breaks in 2.0.0.12!
+		//if (typeof this.window.atob == 'function') {
+		//    return atob(data);
+		//}
+		var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+		var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
+			ac = 0,
+			dec = "",
+			tmp_arr = [];
+
+		if (!data) {
+			return data;
+		}
+
+		data += '';
+
+		do { // unpack four hexets into three octets using index points in b64
+			h1 = b64.indexOf(data.charAt(i++));
+			h2 = b64.indexOf(data.charAt(i++));
+			h3 = b64.indexOf(data.charAt(i++));
+			h4 = b64.indexOf(data.charAt(i++));
+
+			bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
+
+			o1 = bits >> 16 & 0xff;
+			o2 = bits >> 8 & 0xff;
+			o3 = bits & 0xff;
+
+			if (h3 == 64) {
+				tmp_arr[ac++] = String.fromCharCode(o1);
+			} else if (h4 == 64) {
+				tmp_arr[ac++] = String.fromCharCode(o1, o2);
+			} else {
+				tmp_arr[ac++] = String.fromCharCode(o1, o2, o3);
+			}
+		} while (i < data.length);
+
+		dec = tmp_arr.join('');
+
+		return utf8 ? utf8_decode(dec) : dec;
+	};
+	
+	/**
+	Base64 encode string (uses browser's default method if available),
+	from: https://raw.github.com/kvz/phpjs/master/functions/url/base64_encode.js
+
+	@method btoa
+	@static
+	@param {String} data String to encode
+	@return {String} Base64 encoded string
+	*/
+	var btoa = function(data, utf8) {
+		if (utf8) {
+			utf8_encode(data);
+		}
+
+		if (typeof(window.btoa) === 'function') {
+			return window.btoa(data);
+		}
+
+		// http://kevin.vanzonneveld.net
+		// +   original by: Tyler Akins (http://rumkin.com)
+		// +   improved by: Bayron Guevara
+		// +   improved by: Thunder.m
+		// +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+		// +   bugfixed by: Pellentesque Malesuada
+		// +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)
+		// +   improved by: Rafał Kukawski (http://kukawski.pl)
+		// *     example 1: base64_encode('Kevin van Zonneveld');
+		// *     returns 1: 'S2V2aW4gdmFuIFpvbm5ldmVsZA=='
+		// mozilla has this native
+		// - but breaks in 2.0.0.12!
+		var b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+		var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
+			ac = 0,
+			enc = "",
+			tmp_arr = [];
+
+		if (!data) {
+			return data;
+		}
+
+		do { // pack three octets into four hexets
+			o1 = data.charCodeAt(i++);
+			o2 = data.charCodeAt(i++);
+			o3 = data.charCodeAt(i++);
+
+			bits = o1 << 16 | o2 << 8 | o3;
+
+			h1 = bits >> 18 & 0x3f;
+			h2 = bits >> 12 & 0x3f;
+			h3 = bits >> 6 & 0x3f;
+			h4 = bits & 0x3f;
+
+			// use hexets to index into b64, and append result to encoded string
+			tmp_arr[ac++] = b64.charAt(h1) + b64.charAt(h2) + b64.charAt(h3) + b64.charAt(h4);
+		} while (i < data.length);
+
+		enc = tmp_arr.join('');
+
+		var r = data.length % 3;
+
+		return (r ? enc.slice(0, r - 3) : enc) + '==='.slice(r || 3);
+	};
+
+
+	return {
+		utf8_encode: utf8_encode,
+		utf8_decode: utf8_decode,
+		atob: atob,
+		btoa: btoa
+	};
+});
+
+// Included from: src/javascript/runtime/Runtime.js
+
+/**
+ * Runtime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/runtime/Runtime', [
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/EventTarget"
+], function(Basic, Dom, EventTarget) {
+	var runtimeConstructors = {}, runtimes = {};
+
+	/**
+	Common set of methods and properties for every runtime instance
+
+	@class Runtime
+
+	@param {Object} options
+	@param {String} type Sanitized name of the runtime
+	@param {Object} [caps] Set of capabilities that differentiate specified runtime
+	@param {Object} [modeCaps] Set of capabilities that do require specific operational mode
+	@param {String} [preferredMode='browser'] Preferred operational mode to choose if no required capabilities were requested
+	*/
+	function Runtime(options, type, caps, modeCaps, preferredMode) {
+		/**
+		Dispatched when runtime is initialized and ready.
+		Results in RuntimeInit on a connected component.
+
+		@event Init
+		*/
+
+		/**
+		Dispatched when runtime fails to initialize.
+		Results in RuntimeError on a connected component.
+
+		@event Error
+		*/
+
+		var self = this
+		, _shim
+		, _uid = Basic.guid(type + '_')
+		, defaultMode = preferredMode || 'browser'
+		;
+
+		options = options || {};
+
+		// register runtime in private hash
+		runtimes[_uid] = this;
+
+		/**
+		Default set of capabilities, which can be redifined later by specific runtime
+
+		@private
+		@property caps
+		@type Object
+		*/
+		caps = Basic.extend({
+			// Runtime can: 
+			// provide access to raw binary data of the file
+			access_binary: false,
+			// provide access to raw binary data of the image (image extension is optional) 
+			access_image_binary: false,
+			// display binary data as thumbs for example
+			display_media: false,
+			// make cross-domain requests
+			do_cors: false,
+			// accept files dragged and dropped from the desktop
+			drag_and_drop: false,
+			// filter files in selection dialog by their extensions
+			filter_by_extension: true,
+			// resize image (and manipulate it raw data of any file in general)
+			resize_image: false,
+			// periodically report how many bytes of total in the file were uploaded (loaded)
+			report_upload_progress: false,
+			// provide access to the headers of http response 
+			return_response_headers: false,
+			// support response of specific type, which should be passed as an argument
+			// e.g. runtime.can('return_response_type', 'blob')
+			return_response_type: false,
+			// return http status code of the response
+			return_status_code: true,
+			// send custom http header with the request
+			send_custom_headers: false,
+			// pick up the files from a dialog
+			select_file: false,
+			// select whole folder in file browse dialog
+			select_folder: false,
+			// select multiple files at once in file browse dialog
+			select_multiple: true,
+			// send raw binary data, that is generated after image resizing or manipulation of other kind
+			send_binary_string: false,
+			// send cookies with http request and therefore retain session
+			send_browser_cookies: true,
+			// send data formatted as multipart/form-data
+			send_multipart: true,
+			// slice the file or blob to smaller parts
+			slice_blob: false,
+			// upload file without preloading it to memory, stream it out directly from disk
+			stream_upload: false,
+			// programmatically trigger file browse dialog
+			summon_file_dialog: false,
+			// upload file of specific size, size should be passed as argument
+			// e.g. runtime.can('upload_filesize', '500mb')
+			upload_filesize: true,
+			// initiate http request with specific http method, method should be passed as argument
+			// e.g. runtime.can('use_http_method', 'put')
+			use_http_method: true
+		}, caps);
+			
+	
+		// default to the mode that is compatible with preferred caps
+		if (options.preferred_caps) {
+			defaultMode = Runtime.getMode(modeCaps, options.preferred_caps, defaultMode);
+		}
+		
+		// small extension factory here (is meant to be extended with actual extensions constructors)
+		_shim = (function() {
+			var objpool = {};
+			return {
+				exec: function(uid, comp, fn, args) {
+					if (_shim[comp]) {
+						if (!objpool[uid]) {
+							objpool[uid] = {
+								context: this,
+								instance: new _shim[comp]()
+							};
+						}
+						if (objpool[uid].instance[fn]) {
+							return objpool[uid].instance[fn].apply(this, args);
+						}
+					}
+				},
+
+				removeInstance: function(uid) {
+					delete objpool[uid];
+				},
+
+				removeAllInstances: function() {
+					var self = this;
+					Basic.each(objpool, function(obj, uid) {
+						if (Basic.typeOf(obj.instance.destroy) === 'function') {
+							obj.instance.destroy.call(obj.context);
+						}
+						self.removeInstance(uid);
+					});
+				}
+			};
+		}());
+
+
+		// public methods
+		Basic.extend(this, {
+			/**
+			Specifies whether runtime instance was initialized or not
+
+			@property initialized
+			@type {Boolean}
+			@default false
+			*/
+			initialized: false, // shims require this flag to stop initialization retries
+
+			/**
+			Unique ID of the runtime
+
+			@property uid
+			@type {String}
+			*/
+			uid: _uid,
+
+			/**
+			Runtime type (e.g. flash, html5, etc)
+
+			@property type
+			@type {String}
+			*/
+			type: type,
+
+			/**
+			Runtime (not native one) may operate in browser or client mode.
+
+			@property mode
+			@private
+			@type {String|Boolean} current mode or false, if none possible
+			*/
+			mode: Runtime.getMode(modeCaps, (options.required_caps), defaultMode),
+
+			/**
+			id of the DOM container for the runtime (if available)
+
+			@property shimid
+			@type {String}
+			*/
+			shimid: _uid + '_container',
+
+			/**
+			Number of connected clients. If equal to zero, runtime can be destroyed
+
+			@property clients
+			@type {Number}
+			*/
+			clients: 0,
+
+			/**
+			Runtime initialization options
+
+			@property options
+			@type {Object}
+			*/
+			options: options,
+
+			/**
+			Checks if the runtime has specific capability
+
+			@method can
+			@param {String} cap Name of capability to check
+			@param {Mixed} [value] If passed, capability should somehow correlate to the value
+			@param {Object} [refCaps] Set of capabilities to check the specified cap against (defaults to internal set)
+			@return {Boolean} true if runtime has such capability and false, if - not
+			*/
+			can: function(cap, value) {
+				var refCaps = arguments[2] || caps;
+
+				// if cap var is a comma-separated list of caps, convert it to object (key/value)
+				if (Basic.typeOf(cap) === 'string' && Basic.typeOf(value) === 'undefined') {
+					cap = Runtime.parseCaps(cap);
+				}
+
+				if (Basic.typeOf(cap) === 'object') {
+					for (var key in cap) {
+						if (!this.can(key, cap[key], refCaps)) {
+							return false;
+						}
+					}
+					return true;
+				}
+
+				// check the individual cap
+				if (Basic.typeOf(refCaps[cap]) === 'function') {
+					return refCaps[cap].call(this, value);
+				} else {
+					return (value === refCaps[cap]);
+				}
+			},
+
+			/**
+			Returns container for the runtime as DOM element
+
+			@method getShimContainer
+			@return {DOMElement}
+			*/
+			getShimContainer: function() {
+				var container, shimContainer = Dom.get(this.shimid);
+
+				// if no container for shim, create one
+				if (!shimContainer) {
+					container = this.options.container ? Dom.get(this.options.container) : document.body;
+
+					// create shim container and insert it at an absolute position into the outer container
+					shimContainer = document.createElement('div');
+					shimContainer.id = this.shimid;
+					shimContainer.className = 'moxie-shim moxie-shim-' + this.type;
+
+					Basic.extend(shimContainer.style, {
+						position: 'absolute',
+						top: '0px',
+						left: '0px',
+						width: '1px',
+						height: '1px',
+						overflow: 'hidden'
+					});
+
+					container.appendChild(shimContainer);
+					container = null;
+				}
+
+				return shimContainer;
+			},
+
+			/**
+			Returns runtime as DOM element (if appropriate)
+
+			@method getShim
+			@return {DOMElement}
+			*/
+			getShim: function() {
+				return _shim;
+			},
+
+			/**
+			Invokes a method within the runtime itself (might differ across the runtimes)
+
+			@method shimExec
+			@param {Mixed} []
+			@protected
+			@return {Mixed} Depends on the action and component
+			*/
+			shimExec: function(component, action) {
+				var args = [].slice.call(arguments, 2);
+				return self.getShim().exec.call(this, this.uid, component, action, args);
+			},
+
+			/**
+			Operaional interface that is used by components to invoke specific actions on the runtime
+			(is invoked in the scope of component)
+
+			@method exec
+			@param {Mixed} []*
+			@protected
+			@return {Mixed} Depends on the action and component
+			*/
+			exec: function(component, action) { // this is called in the context of component, not runtime
+				var args = [].slice.call(arguments, 2);
+
+				if (self[component] && self[component][action]) {
+					return self[component][action].apply(this, args);
+				}
+				return self.shimExec.apply(this, arguments);
+			},
+
+			/**
+			Destroys the runtime (removes all events and deletes DOM structures)
+
+			@method destroy
+			*/
+			destroy: function() {
+				if (!self) {
+					return; // obviously already destroyed
+				}
+
+				var shimContainer = Dom.get(this.shimid);
+				if (shimContainer) {
+					shimContainer.parentNode.removeChild(shimContainer);
+				}
+
+				if (_shim) {
+					_shim.removeAllInstances();
+				}
+
+				this.unbindAll();
+				delete runtimes[this.uid];
+				this.uid = null; // mark this runtime as destroyed
+				_uid = self = _shim = shimContainer = null;
+			}
+		});
+
+		// once we got the mode, test against all caps
+		if (this.mode && options.required_caps && !this.can(options.required_caps)) {
+			this.mode = false;
+		}	
+	}
+
+
+	/**
+	Default order to try different runtime types
+
+	@property order
+	@type String
+	@static
+	*/
+	Runtime.order = 'html5,flash,silverlight,html4';
+
+
+	/**
+	Retrieves runtime from private hash by it's uid
+
+	@method getRuntime
+	@private
+	@static
+	@param {String} uid Unique identifier of the runtime
+	@return {Runtime|Boolean} Returns runtime, if it exists and false, if - not
+	*/
+	Runtime.getRuntime = function(uid) {
+		return runtimes[uid] ? runtimes[uid] : false;
+	};
+
+
+	/**
+	Register constructor for the Runtime of new (or perhaps modified) type
+
+	@method addConstructor
+	@static
+	@param {String} type Runtime type (e.g. flash, html5, etc)
+	@param {Function} construct Constructor for the Runtime type
+	*/
+	Runtime.addConstructor = function(type, constructor) {
+		constructor.prototype = EventTarget.instance;
+		runtimeConstructors[type] = constructor;
+	};
+
+
+	/**
+	Get the constructor for the specified type.
+
+	method getConstructor
+	@static
+	@param {String} type Runtime type (e.g. flash, html5, etc)
+	@return {Function} Constructor for the Runtime type
+	*/
+	Runtime.getConstructor = function(type) {
+		return runtimeConstructors[type] || null;
+	};
+
+
+	/**
+	Get info about the runtime (uid, type, capabilities)
+
+	@method getInfo
+	@static
+	@param {String} uid Unique identifier of the runtime
+	@return {Mixed} Info object or null if runtime doesn't exist
+	*/
+	Runtime.getInfo = function(uid) {
+		var runtime = Runtime.getRuntime(uid);
+
+		if (runtime) {
+			return {
+				uid: runtime.uid,
+				type: runtime.type,
+				mode: runtime.mode,
+				can: function() {
+					return runtime.can.apply(runtime, arguments);
+				}
+			};
+		}
+		return null;
+	};
+
+
+	/**
+	Convert caps represented by a comma-separated string to the object representation.
+
+	@method parseCaps
+	@static
+	@param {String} capStr Comma-separated list of capabilities
+	@return {Object}
+	*/
+	Runtime.parseCaps = function(capStr) {
+		var capObj = {};
+
+		if (Basic.typeOf(capStr) !== 'string') {
+			return capStr || {};
+		}
+
+		Basic.each(capStr.split(','), function(key) {
+			capObj[key] = true; // we assume it to be - true
+		});
+
+		return capObj;
+	};
+
+	/**
+	Test the specified runtime for specific capabilities.
+
+	@method can
+	@static
+	@param {String} type Runtime type (e.g. flash, html5, etc)
+	@param {String|Object} caps Set of capabilities to check
+	@return {Boolean} Result of the test
+	*/
+	Runtime.can = function(type, caps) {
+		var runtime
+		, constructor = Runtime.getConstructor(type)
+		, mode
+		;
+		if (constructor) {
+			runtime = new constructor({
+				required_caps: caps
+			});
+			mode = runtime.mode;
+			runtime.destroy();
+			return !!mode;
+		}
+		return false;
+	};
+
+
+	/**
+	Figure out a runtime that supports specified capabilities.
+
+	@method thatCan
+	@static
+	@param {String|Object} caps Set of capabilities to check
+	@param {String} [runtimeOrder] Comma-separated list of runtimes to check against
+	@return {String} Usable runtime identifier or null
+	*/
+	Runtime.thatCan = function(caps, runtimeOrder) {
+		var types = (runtimeOrder || Runtime.order).split(/\s*,\s*/);
+		for (var i in types) {
+			if (Runtime.can(types[i], caps)) {
+				return types[i];
+			}
+		}
+		return null;
+	};
+
+
+	/**
+	Figure out an operational mode for the specified set of capabilities.
+
+	@method getMode
+	@static
+	@param {Object} modeCaps Set of capabilities that depend on particular runtime mode
+	@param {Object} [requiredCaps] Supplied set of capabilities to find operational mode for
+	@param {String|Boolean} [defaultMode='browser'] Default mode to use 
+	@return {String|Boolean} Compatible operational mode
+	*/
+	Runtime.getMode = function(modeCaps, requiredCaps, defaultMode) {
+		var mode = null;
+
+		if (Basic.typeOf(defaultMode) === 'undefined') { // only if not specified
+			defaultMode = 'browser';
+		}
+
+		if (requiredCaps && !Basic.isEmptyObj(modeCaps)) {
+			// loop over required caps and check if they do require the same mode
+			Basic.each(requiredCaps, function(value, cap) {
+				if (modeCaps.hasOwnProperty(cap)) {
+					var capMode = modeCaps[cap](value);
+
+					// make sure we always have an array
+					if (typeof(capMode) === 'string') {
+						capMode = [capMode];
+					}
+					
+					if (!mode) {
+						mode = capMode;
+					} else if (!(mode = Basic.arrayIntersect(mode, capMode))) {
+						// if cap requires conflicting mode - runtime cannot fulfill required caps
+						return (mode = false);
+					}
+				}
+			});
+
+			if (mode) {
+				return Basic.inArray(defaultMode, mode) !== -1 ? defaultMode : mode[0];
+			} else if (mode === false) {
+				return false;
+			}
+		}
+		return defaultMode; 
+	};
+
+
+	/**
+	Capability check that always returns true
+
+	@private
+	@static
+	@return {True}
+	*/
+	Runtime.capTrue = function() {
+		return true;
+	};
+
+	/**
+	Capability check that always returns false
+
+	@private
+	@static
+	@return {False}
+	*/
+	Runtime.capFalse = function() {
+		return false;
+	};
+
+	/**
+	Evaluate the expression to boolean value and create a function that always returns it.
+
+	@private
+	@static
+	@param {Mixed} expr Expression to evaluate
+	@return {Function} Function returning the result of evaluation
+	*/
+	Runtime.capTest = function(expr) {
+		return function() {
+			return !!expr;
+		};
+	};
+
+	return Runtime;
+});
+
+// Included from: src/javascript/runtime/RuntimeClient.js
+
+/**
+ * RuntimeClient.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/runtime/RuntimeClient', [
+	'moxie/core/Exceptions',
+	'moxie/core/utils/Basic',
+	'moxie/runtime/Runtime'
+], function(x, Basic, Runtime) {
+	/**
+	Set of methods and properties, required by a component to acquire ability to connect to a runtime
+
+	@class RuntimeClient
+	*/
+	return function RuntimeClient() {
+		var runtime;
+
+		Basic.extend(this, {
+			/**
+			Connects to the runtime specified by the options. Will either connect to existing runtime or create a new one.
+			Increments number of clients connected to the specified runtime.
+
+			@method connectRuntime
+			@param {Mixed} options Can be a runtme uid or a set of key-value pairs defining requirements and pre-requisites
+			*/
+			connectRuntime: function(options) {
+				var comp = this, ruid;
+
+				function initialize(items) {
+					var type, constructor;
+
+					// if we ran out of runtimes
+					if (!items.length) {
+						comp.trigger('RuntimeError', new x.RuntimeError(x.RuntimeError.NOT_INIT_ERR));
+						runtime = null;
+						return;
+					}
+
+					type = items.shift();
+					constructor = Runtime.getConstructor(type);
+					if (!constructor) {
+						initialize(items);
+						return;
+					}
+
+					// try initializing the runtime
+					runtime = new constructor(options);
+
+					runtime.bind('Init', function() {
+						// mark runtime as initialized
+						runtime.initialized = true;
+
+						// jailbreak ...
+						setTimeout(function() {
+							runtime.clients++;
+							// this will be triggered on component
+							comp.trigger('RuntimeInit', runtime);
+						}, 1);
+					});
+
+					runtime.bind('Error', function() {
+						runtime.destroy(); // runtime cannot destroy itself from inside at a right moment, thus we do it here
+						initialize(items);
+					});
+
+					/*runtime.bind('Exception', function() { });*/
+
+					// check if runtime managed to pick-up operational mode
+					if (!runtime.mode) {
+						runtime.trigger('Error');
+						return;
+					}
+
+					runtime.init();
+				}
+
+				// check if a particular runtime was requested
+				if (Basic.typeOf(options) === 'string') {
+					ruid = options;
+				} else if (Basic.typeOf(options.ruid) === 'string') {
+					ruid = options.ruid;
+				}
+
+				if (ruid) {
+					runtime = Runtime.getRuntime(ruid);
+					if (runtime) {
+						runtime.clients++;
+						return runtime;
+					} else {
+						// there should be a runtime and there's none - weird case
+						throw new x.RuntimeError(x.RuntimeError.NOT_INIT_ERR);
+					}
+				}
+
+				// initialize a fresh one, that fits runtime list and required features best
+				initialize((options.runtime_order || Runtime.order).split(/\s*,\s*/));
+			},
+
+			/**
+			Returns the runtime to which the client is currently connected.
+
+			@method getRuntime
+			@return {Runtime} Runtime or null if client is not connected
+			*/
+			getRuntime: function() {
+				if (runtime && runtime.uid) {
+					return runtime;
+				}
+				runtime = null; // make sure we do not leave zombies rambling around
+				return null;
+			},
+
+			/**
+			Disconnects from the runtime. Decrements number of clients connected to the specified runtime.
+
+			@method disconnectRuntime
+			*/
+			disconnectRuntime: function() {
+				if (runtime && --runtime.clients <= 0) {
+					runtime.destroy();
+					runtime = null;
+				}
+			}
+
+		});
+	};
+
+
+});
+
+// Included from: src/javascript/file/Blob.js
+
+/**
+ * Blob.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/Blob', [
+	'moxie/core/utils/Basic',
+	'moxie/core/utils/Encode',
+	'moxie/runtime/RuntimeClient'
+], function(Basic, Encode, RuntimeClient) {
+	
+	var blobpool = {};
+
+	/**
+	@class Blob
+	@constructor
+	@param {String} ruid Unique id of the runtime, to which this blob belongs to
+	@param {Object} blob Object "Native" blob object, as it is represented in the runtime
+	*/
+	function Blob(ruid, blob) {
+
+		function _sliceDetached(start, end, type) {
+			var blob, data = blobpool[this.uid];
+
+			if (Basic.typeOf(data) !== 'string' || !data.length) {
+				return null; // or throw exception
+			}
+
+			blob = new Blob(null, {
+				type: type,
+				size: end - start
+			});
+			blob.detach(data.substr(start, blob.size));
+
+			return blob;
+		}
+
+		RuntimeClient.call(this);
+
+		if (ruid) {	
+			this.connectRuntime(ruid);
+		}
+
+		if (!blob) {
+			blob = {};
+		} else if (Basic.typeOf(blob) === 'string') { // dataUrl or binary string
+			blob = { data: blob };
+		}
+
+		Basic.extend(this, {
+			
+			/**
+			Unique id of the component
+
+			@property uid
+			@type {String}
+			*/
+			uid: blob.uid || Basic.guid('uid_'),
+			
+			/**
+			Unique id of the connected runtime, if falsy, then runtime will have to be initialized 
+			before this Blob can be used, modified or sent
+
+			@property ruid
+			@type {String}
+			*/
+			ruid: ruid,
+	
+			/**
+			Size of blob
+
+			@property size
+			@type {Number}
+			@default 0
+			*/
+			size: blob.size || 0,
+			
+			/**
+			Mime type of blob
+
+			@property type
+			@type {String}
+			@default ''
+			*/
+			type: blob.type || '',
+			
+			/**
+			@method slice
+			@param {Number} [start=0]
+			*/
+			slice: function(start, end, type) {		
+				if (this.isDetached()) {
+					return _sliceDetached.apply(this, arguments);
+				}
+				return this.getRuntime().exec.call(this, 'Blob', 'slice', this.getSource(), start, end, type);
+			},
+
+			/**
+			Returns "native" blob object (as it is represented in connected runtime) or null if not found
+
+			@method getSource
+			@return {Blob} Returns "native" blob object or null if not found
+			*/
+			getSource: function() {
+				if (!blobpool[this.uid]) {
+					return null;	
+				}
+				return blobpool[this.uid];
+			},
+
+			/** 
+			Detaches blob from any runtime that it depends on and initialize with standalone value
+
+			@method detach
+			@protected
+			@param {DOMString} [data=''] Standalone value
+			*/
+			detach: function(data) {
+				if (this.ruid) {
+					this.getRuntime().exec.call(this, 'Blob', 'destroy', blobpool[this.uid]);
+					this.disconnectRuntime();
+					this.ruid = null;
+				}
+
+				data = data || '';
+
+				// if dataUrl, convert to binary string
+				var matches = data.match(/^data:([^;]*);base64,/);
+				if (matches) {
+					this.type = matches[1];
+					data = Encode.atob(data.substring(data.indexOf('base64,') + 7));
+				}
+
+				this.size = data.length;
+
+				blobpool[this.uid] = data;
+			},
+
+			/**
+			Checks if blob is standalone (detached of any runtime)
+			
+			@method isDetached
+			@protected
+			@return {Boolean}
+			*/
+			isDetached: function() {
+				return !this.ruid && Basic.typeOf(blobpool[this.uid]) === 'string';
+			},
+			
+			/** 
+			Destroy Blob and free any resources it was using
+
+			@method destroy
+			*/
+			destroy: function() {
+				this.detach();
+				delete blobpool[this.uid];
+			}
+		});
+
+		
+		if (blob.data) {
+			this.detach(blob.data); // auto-detach if payload has been passed
+		} else {
+			blobpool[this.uid] = blob;	
+		}
+	}
+	
+	return Blob;
+});
+
+// Included from: src/javascript/file/File.js
+
+/**
+ * File.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/File', [
+	'moxie/core/utils/Basic',
+	'moxie/core/utils/Mime',
+	'moxie/file/Blob'
+], function(Basic, Mime, Blob) {
+	/**
+	@class File
+	@extends Blob
+	@constructor
+	@param {String} ruid Unique id of the runtime, to which this blob belongs to
+	@param {Object} file Object "Native" file object, as it is represented in the runtime
+	*/
+	function File(ruid, file) {
+		var name, type;
+
+		if (!file) { // avoid extra errors in case we overlooked something
+			file = {};
+		}
+
+		// figure out the type
+		if (file.type && file.type !== '') {
+			type = file.type;
+		} else {
+			type = Mime.getFileMime(file.name);
+		}
+
+		// sanitize file name or generate new one
+		if (file.name) {
+			name = file.name.replace(/\\/g, '/');
+			name = name.substr(name.lastIndexOf('/') + 1);
+		} else {
+			var prefix = type.split('/')[0];
+			name = Basic.guid((prefix !== '' ? prefix : 'file') + '_');
+			
+			if (Mime.extensions[type]) {
+				name += '.' + Mime.extensions[type][0]; // append proper extension if possible
+			}
+		}
+
+		Blob.apply(this, arguments);
+		
+		Basic.extend(this, {
+			/**
+			File mime type
+
+			@property type
+			@type {String}
+			@default ''
+			*/
+			type: type || '',
+
+			/**
+			File name
+
+			@property name
+			@type {String}
+			@default UID
+			*/
+			name: name || Basic.guid('file_'),
+			
+			/**
+			Date of last modification
+
+			@property lastModifiedDate
+			@type {String}
+			@default now
+			*/
+			lastModifiedDate: file.lastModifiedDate || (new Date()).toLocaleString() // Thu Aug 23 2012 19:40:00 GMT+0400 (GET)
+		});
+	}
+
+	File.prototype = Blob.prototype;
+
+	return File;
+});
+
+// Included from: src/javascript/file/FileInput.js
+
+/**
+ * FileInput.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/FileInput', [
+	'moxie/core/utils/Basic',
+	'moxie/core/utils/Mime',
+	'moxie/core/utils/Dom',
+	'moxie/core/Exceptions',
+	'moxie/core/EventTarget',
+	'moxie/core/I18n',
+	'moxie/file/File',
+	'moxie/runtime/Runtime',
+	'moxie/runtime/RuntimeClient'
+], function(Basic, Mime, Dom, x, EventTarget, I18n, File, Runtime, RuntimeClient) {
+	/**
+	Provides a convenient way to create cross-browser file-picker. Generates file selection dialog on click,
+	converts selected files to _File_ objects, to be used in conjunction with _Image_, preloaded in memory
+	with _FileReader_ or uploaded to a server through _XMLHttpRequest_.
+
+	@class FileInput
+	@constructor
+	@extends EventTarget
+	@uses RuntimeClient
+	@param {Object|String|DOMElement} options If options is string or node, argument is considered as _browse\_button_.
+		@param {String|DOMElement} options.browse_button DOM Element to turn into file picker.
+		@param {Array} [options.accept] Array of mime types to accept. By default accepts all.
+		@param {String} [options.file='file'] Name of the file field (not the filename).
+		@param {Boolean} [options.multiple=false] Enable selection of multiple files.
+		@param {Boolean} [options.directory=false] Turn file input into the folder input (cannot be both at the same time).
+		@param {String|DOMElement} [options.container] DOM Element to use as a container for file-picker. Defaults to parentNode 
+		for _browse\_button_.
+		@param {Object|String} [options.required_caps] Set of required capabilities, that chosen runtime must support.
+
+	@example
+		<div id="container">
+			<a id="file-picker" href="javascript:;">Browse...</a>
+		</div>
+
+		<script>
+			var fileInput = new mOxie.FileInput({
+				browse_button: 'file-picker', // or document.getElementById('file-picker')
+				container: 'container',
+				accept: [
+					{title: "Image files", extensions: "jpg,gif,png"} // accept only images
+				],
+				multiple: true // allow multiple file selection
+			});
+
+			fileInput.onchange = function(e) {
+				// do something to files array
+				console.info(e.target.files); // or this.files or fileInput.files
+			};
+
+			fileInput.init(); // initialize
+		</script>
+	*/
+	var dispatches = [
+		/**
+		Dispatched when runtime is connected and file-picker is ready to be used.
+
+		@event ready
+		@param {Object} event
+		*/
+		'ready',
+
+		/**
+		Dispatched right after [ready](#event_ready) event, and whenever [refresh()](#method_refresh) is invoked. 
+		Check [corresponding documentation entry](#method_refresh) for more info.
+
+		@event refresh
+		@param {Object} event
+		*/
+
+		/**
+		Dispatched when selection of files in the dialog is complete.
+
+		@event change
+		@param {Object} event
+		*/
+		'change',
+
+		'cancel', // TODO: might be useful
+
+		/**
+		Dispatched when mouse cursor enters file-picker area. Can be used to style element
+		accordingly.
+
+		@event mouseenter
+		@param {Object} event
+		*/
+		'mouseenter',
+
+		/**
+		Dispatched when mouse cursor leaves file-picker area. Can be used to style element
+		accordingly.
+
+		@event mouseleave
+		@param {Object} event
+		*/
+		'mouseleave',
+
+		/**
+		Dispatched when functional mouse button is pressed on top of file-picker area.
+
+		@event mousedown
+		@param {Object} event
+		*/
+		'mousedown',
+
+		/**
+		Dispatched when functional mouse button is released on top of file-picker area.
+
+		@event mouseup
+		@param {Object} event
+		*/
+		'mouseup'
+	];
+
+	function FileInput(options) {
+		var self = this,
+			container, browseButton, defaults;
+
+		// if flat argument passed it should be browse_button id
+		if (Basic.inArray(Basic.typeOf(options), ['string', 'node']) !== -1) {
+			options = { browse_button : options };
+		}
+
+		// this will help us to find proper default container
+		browseButton = Dom.get(options.browse_button);
+		if (!browseButton) {
+			// browse button is required
+			throw new x.DOMException(x.DOMException.NOT_FOUND_ERR);
+		}
+
+		// figure out the options
+		defaults = {
+			accept: [{
+				title: I18n.translate('All Files'),
+				extensions: '*'
+			}],
+			name: 'file',
+			multiple: false,
+			required_caps: false,
+			container: browseButton.parentNode || document.body
+		};
+		
+		options = Basic.extend({}, defaults, options);
+
+		// convert to object representation
+		if (typeof(options.required_caps) === 'string') {
+			options.required_caps = Runtime.parseCaps(options.required_caps);
+		}
+					
+		// normalize accept option (could be list of mime types or array of title/extensions pairs)
+		if (typeof(options.accept) === 'string') {
+			options.accept = Mime.mimes2extList(options.accept);
+		}
+
+		container = Dom.get(options.container);
+		// make sure we have container
+		if (!container) {
+			container = document.body;
+		}
+
+		// make container relative, if it's not
+		if (Dom.getStyle(container, 'position') === 'static') {
+			container.style.position = 'relative';
+		}
+
+		container = browseButton = null; // IE
+						
+		RuntimeClient.call(self);
+		
+		Basic.extend(self, {
+			/**
+			Unique id of the component
+
+			@property uid
+			@protected
+			@readOnly
+			@type {String}
+			@default UID
+			*/
+			uid: Basic.guid('uid_'),
+			
+			/**
+			Unique id of the connected runtime, if any.
+
+			@property ruid
+			@protected
+			@type {String}
+			*/
+			ruid: null,
+
+			/**
+			Unique id of the runtime container. Useful to get hold of it for various manipulations.
+
+			@property shimid
+			@protected
+			@type {String}
+			*/
+			shimid: null,
+			
+			/**
+			Array of selected mOxie.File objects
+
+			@property files
+			@type {Array}
+			@default null
+			*/
+			files: null,
+
+			/**
+			Initializes the file-picker, connects it to runtime and dispatches event ready when done.
+
+			@method init
+			*/
+			init: function() {
+				self.convertEventPropsToHandlers(dispatches);
+
+				self.bind('RuntimeInit', function(e, runtime) {
+					self.ruid = runtime.uid;
+					self.shimid = runtime.shimid;
+
+					self.bind("Ready", function() {
+						self.trigger("Refresh");
+					}, 999);
+
+					self.bind("Change", function() {
+						var files = runtime.exec.call(self, 'FileInput', 'getFiles');
+
+						self.files = [];
+
+						Basic.each(files, function(file) {
+							// ignore empty files (IE10 for example hangs if you try to send them via XHR)
+							if (file.size === 0) {
+								return true; 
+							}
+							self.files.push(new File(self.ruid, file));
+						});
+					}, 999);
+
+					// re-position and resize shim container
+					self.bind('Refresh', function() {
+						var pos, size, browseButton, shimContainer;
+						
+						browseButton = Dom.get(options.browse_button);
+						shimContainer = Dom.get(runtime.shimid); // do not use runtime.getShimContainer(), since it will create container if it doesn't exist
+
+						if (browseButton) {
+							pos = Dom.getPos(browseButton, Dom.get(options.container));
+							size = Dom.getSize(browseButton);
+
+							if (shimContainer) {
+								Basic.extend(shimContainer.style, {
+									top     : pos.y + 'px',
+									left    : pos.x + 'px',
+									width   : size.w + 'px',
+									height  : size.h + 'px'
+								});
+							}
+						}
+						shimContainer = browseButton = null;
+					});
+					
+					runtime.exec.call(self, 'FileInput', 'init', options);
+				});
+
+				// runtime needs: options.required_features, options.runtime_order and options.container
+				self.connectRuntime(Basic.extend({}, options, {
+					required_caps: {
+						select_file: true
+					}
+				}));
+			},
+
+			/**
+			Disables file-picker element, so that it doesn't react to mouse clicks.
+
+			@method disable
+			@param {Boolean} [state=true] Disable component if - true, enable if - false
+			*/
+			disable: function(state) {
+				var runtime = this.getRuntime();
+				if (runtime) {
+					runtime.exec.call(this, 'FileInput', 'disable', Basic.typeOf(state) === 'undefined' ? true : state);
+				}
+			},
+
+
+			/**
+			Reposition and resize dialog trigger to match the position and size of browse_button element.
+
+			@method refresh
+			*/
+			refresh: function() {
+				self.trigger("Refresh");
+			},
+
+
+			/**
+			Destroy component.
+
+			@method destroy
+			*/
+			destroy: function() {
+				var runtime = this.getRuntime();
+				if (runtime) {
+					runtime.exec.call(this, 'FileInput', 'destroy');
+					this.disconnectRuntime();
+				}
+
+				if (Basic.typeOf(this.files) === 'array') {
+					// no sense in leaving associated files behind
+					Basic.each(this.files, function(file) {
+						file.destroy();
+					});
+				} 
+				this.files = null;
+			}
+		});
+	}
+
+	FileInput.prototype = EventTarget.instance;
+
+	return FileInput;
+});
+
+// Included from: src/javascript/file/FileDrop.js
+
+/**
+ * FileDrop.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/FileDrop', [
+	'moxie/core/I18n',
+	'moxie/core/utils/Dom',
+	'moxie/core/Exceptions',
+	'moxie/core/utils/Basic',
+	'moxie/file/File',
+	'moxie/runtime/RuntimeClient',
+	'moxie/core/EventTarget',
+	'moxie/core/utils/Mime'
+], function(I18n, Dom, x, Basic, File, RuntimeClient, EventTarget, Mime) {
+	/**
+	Turn arbitrary DOM element to a drop zone accepting files. Converts selected files to _File_ objects, to be used 
+	in conjunction with _Image_, preloaded in memory with _FileReader_ or uploaded to a server through 
+	_XMLHttpRequest_.
+
+	@example
+		<div id="drop_zone">
+			Drop files here
+		</div>
+		<br />
+		<div id="filelist"></div>
+
+		<script type="text/javascript">
+			var fileDrop = new mOxie.FileDrop('drop_zone'), fileList = mOxie.get('filelist');
+
+			fileDrop.ondrop = function() {
+				mOxie.each(this.files, function(file) {
+					fileList.innerHTML += '<div>' + file.name + '</div>';
+				});
+			};
+
+			fileDrop.init();
+		</script>
+
+	@class FileDrop
+	@constructor
+	@extends EventTarget
+	@uses RuntimeClient
+	@param {Object|String} options If options has typeof string, argument is considered as options.drop_zone
+		@param {String|DOMElement} options.drop_zone DOM Element to turn into a drop zone
+		@param {Array} [options.accept] Array of mime types to accept. By default accepts all
+		@param {Object|String} [options.required_caps] Set of required capabilities, that chosen runtime must support
+	*/
+	var dispatches = [
+		/**
+		Dispatched when runtime is connected and drop zone is ready to accept files.
+
+		@event ready
+		@param {Object} event
+		*/
+		'ready', 
+
+		/**
+		Dispatched when dragging cursor enters the drop zone.
+
+		@event dragenter
+		@param {Object} event
+		*/
+		'dragenter',
+
+		/**
+		Dispatched when dragging cursor leaves the drop zone.
+
+		@event dragleave
+		@param {Object} event
+		*/
+		'dragleave', 
+
+		/**
+		Dispatched when file is dropped onto the drop zone.
+
+		@event drop
+		@param {Object} event
+		*/
+		'drop', 
+
+		/**
+		Dispatched if error occurs.
+
+		@event error
+		@param {Object} event
+		*/
+		'error'
+	];
+
+	function FileDrop(options) {
+		var self = this, defaults;
+
+		// if flat argument passed it should be drop_zone id
+		if (typeof(options) === 'string') {
+			options = { drop_zone : options };
+		}
+
+		// figure out the options
+		defaults = {
+			accept: [{
+				title: I18n.translate('All Files'),
+				extensions: '*'
+			}],
+			required_caps: {
+				drag_and_drop: true
+			}
+		};
+		
+		options = typeof(options) === 'object' ? Basic.extend({}, defaults, options) : defaults;
+
+		// this will help us to find proper default container
+		options.container = Dom.get(options.drop_zone) || document.body;
+
+		// make container relative, if it is not
+		if (Dom.getStyle(options.container, 'position') === 'static') {
+			options.container.style.position = 'relative';
+		}
+					
+		// normalize accept option (could be list of mime types or array of title/extensions pairs)
+		if (typeof(options.accept) === 'string') {
+			options.accept = Mime.mimes2extList(options.accept);
+		}
+
+		RuntimeClient.call(self);
+
+		Basic.extend(self, {
+			uid: Basic.guid('uid_'),
+
+			ruid: null,
+
+			files: null,
+
+			init: function() {
+	
+				self.convertEventPropsToHandlers(dispatches);
+		
+				self.bind('RuntimeInit', function(e, runtime) {
+					self.ruid = runtime.uid;
+
+					self.bind("Drop", function() {
+						var files = runtime.exec.call(self, 'FileDrop', 'getFiles');
+
+						self.files = [];
+
+						Basic.each(files, function(file) {
+							self.files.push(new File(self.ruid, file));
+						});
+					}, 999);
+
+					runtime.exec.call(self, 'FileDrop', 'init', options);
+
+					self.dispatchEvent('ready');
+				});
+							
+				// runtime needs: options.required_features, options.runtime_order and options.container
+				self.connectRuntime(options); // throws RuntimeError
+			},
+
+			destroy: function() {
+				var runtime = this.getRuntime();
+				if (runtime) {
+					runtime.exec.call(this, 'FileDrop', 'destroy');
+					this.disconnectRuntime();
+				}
+				this.files = null;
+			}
+		});
+	}
+
+	FileDrop.prototype = EventTarget.instance;
+
+	return FileDrop;
+});
+
+// Included from: src/javascript/runtime/RuntimeTarget.js
+
+/**
+ * RuntimeTarget.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/runtime/RuntimeTarget', [
+	'moxie/core/utils/Basic',
+	'moxie/runtime/RuntimeClient',
+	"moxie/core/EventTarget"
+], function(Basic, RuntimeClient, EventTarget) {
+	/**
+	Instance of this class can be used as a target for the events dispatched by shims,
+	when allowing them onto components is for either reason inappropriate
+
+	@class RuntimeTarget
+	@constructor
+	@protected
+	@extends EventTarget
+	*/
+	function RuntimeTarget() {
+		this.uid = Basic.guid('uid_');
+		
+		RuntimeClient.call(this);
+
+		this.destroy = function() {
+			this.disconnectRuntime();
+			this.unbindAll();
+		};
+	}
+
+	RuntimeTarget.prototype = EventTarget.instance;
+
+	return RuntimeTarget;
+});
+
+// Included from: src/javascript/file/FileReader.js
+
+/**
+ * FileReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/FileReader', [
+	'moxie/core/utils/Basic',
+	'moxie/core/utils/Encode',
+	'moxie/core/Exceptions',
+	'moxie/core/EventTarget',
+	'moxie/file/Blob',
+	'moxie/file/File',
+	'moxie/runtime/RuntimeTarget'
+], function(Basic, Encode, x, EventTarget, Blob, File, RuntimeTarget) {
+	/**
+	Utility for preloading o.Blob/o.File objects in memory. By design closely follows [W3C FileReader](http://www.w3.org/TR/FileAPI/#dfn-filereader)
+	interface. Where possible uses native FileReader, where - not falls back to shims.
+
+	@class FileReader
+	@constructor FileReader
+	@extends EventTarget
+	@uses RuntimeClient
+	*/
+	var dispatches = [
+
+		/** 
+		Dispatched when the read starts.
+
+		@event loadstart
+		@param {Object} event
+		*/
+		'loadstart', 
+
+		/** 
+		Dispatched while reading (and decoding) blob, and reporting partial Blob data (progess.loaded/progress.total).
+
+		@event progress
+		@param {Object} event
+		*/
+		'progress', 
+
+		/** 
+		Dispatched when the read has successfully completed.
+
+		@event load
+		@param {Object} event
+		*/
+		'load', 
+
+		/** 
+		Dispatched when the read has been aborted. For instance, by invoking the abort() method.
+
+		@event abort
+		@param {Object} event
+		*/
+		'abort', 
+
+		/** 
+		Dispatched when the read has failed.
+
+		@event error
+		@param {Object} event
+		*/
+		'error', 
+
+		/** 
+		Dispatched when the request has completed (either in success or failure).
+
+		@event loadend
+		@param {Object} event
+		*/
+		'loadend'
+	];
+	
+	function FileReader() {
+		var self = this, _fr;
+				
+		Basic.extend(this, {
+			/**
+			UID of the component instance.
+
+			@property uid
+			@type {String}
+			*/
+			uid: Basic.guid('uid_'),
+
+			/**
+			Contains current state of FileReader object. Can take values of FileReader.EMPTY, FileReader.LOADING
+			and FileReader.DONE.
+
+			@property readyState
+			@type {Number}
+			@default FileReader.EMPTY
+			*/
+			readyState: FileReader.EMPTY,
+			
+			/**
+			Result of the successful read operation.
+
+			@property result
+			@type {String}
+			*/
+			result: null,
+			
+			/**
+			Stores the error of failed asynchronous read operation.
+
+			@property error
+			@type {DOMError}
+			*/
+			error: null,
+			
+			/**
+			Initiates reading of File/Blob object contents to binary string.
+
+			@method readAsBinaryString
+			@param {Blob|File} blob Object to preload
+			*/
+			readAsBinaryString: function(blob) {
+				_read.call(this, 'readAsBinaryString', blob);
+			},
+			
+			/**
+			Initiates reading of File/Blob object contents to dataURL string.
+
+			@method readAsDataURL
+			@param {Blob|File} blob Object to preload
+			*/
+			readAsDataURL: function(blob) {
+				_read.call(this, 'readAsDataURL', blob);
+			},
+			
+			/**
+			Initiates reading of File/Blob object contents to string.
+
+			@method readAsText
+			@param {Blob|File} blob Object to preload
+			*/
+			readAsText: function(blob) {
+				_read.call(this, 'readAsText', blob);
+			},
+			
+			/**
+			Aborts preloading process.
+
+			@method abort
+			*/
+			abort: function() {
+				this.result = null;
+				
+				if (Basic.inArray(this.readyState, [FileReader.EMPTY, FileReader.DONE]) !== -1) {
+					return;
+				} else if (this.readyState === FileReader.LOADING) {
+					this.readyState = FileReader.DONE;
+				}
+
+				if (_fr) {
+					_fr.getRuntime().exec.call(this, 'FileReader', 'abort');
+				}
+				
+				this.trigger('abort');
+				this.trigger('loadend');
+			},
+
+			/**
+			Destroy component and release resources.
+
+			@method destroy
+			*/
+			destroy: function() {
+				this.abort();
+
+				if (_fr) {
+					_fr.getRuntime().exec.call(this, 'FileReader', 'destroy');
+					_fr.disconnectRuntime();
+				}
+
+				self = _fr = null;
+			}
+		});
+		
+		
+		function _read(op, blob) {
+			_fr = new RuntimeTarget();
+
+			function error(err) {
+				self.readyState = FileReader.DONE;
+				self.error = err;
+				self.trigger('error');
+				loadEnd();
+			}
+
+			function loadEnd() {
+				_fr.destroy();
+				_fr = null;
+				self.trigger('loadend');
+			}
+
+			function exec(runtime) {
+				_fr.bind('Error', function(e, err) {
+					error(err);
+				});
+
+				_fr.bind('Progress', function(e) {
+					self.result = runtime.exec.call(_fr, 'FileReader', 'getResult');
+					self.trigger(e);
+				});
+				
+				_fr.bind('Load', function(e) {
+					self.readyState = FileReader.DONE;
+					self.result = runtime.exec.call(_fr, 'FileReader', 'getResult');
+					self.trigger(e);
+					loadEnd();
+				});
+
+				runtime.exec.call(_fr, 'FileReader', 'read', op, blob);
+			}
+
+			this.convertEventPropsToHandlers(dispatches);
+
+			if (this.readyState === FileReader.LOADING) {
+				return error(new x.DOMException(x.DOMException.INVALID_STATE_ERR));
+			}
+
+			this.readyState = FileReader.LOADING;
+			this.trigger('loadstart');
+
+			// if source is o.Blob/o.File
+			if (blob instanceof Blob) {
+				if (blob.isDetached()) {
+					var src = blob.getSource();
+					switch (op) {
+						case 'readAsText':
+						case 'readAsBinaryString':
+							this.result = src;
+							break;
+						case 'readAsDataURL':
+							this.result = 'data:' + blob.type + ';base64,' + Encode.btoa(src);
+							break;
+					}
+					this.readyState = FileReader.DONE;
+					this.trigger('load');
+					loadEnd();
+				} else {
+					exec(_fr.connectRuntime(blob.ruid));
+				}
+			} else {
+				error(new x.DOMException(x.DOMException.NOT_FOUND_ERR));
+			}
+		}
+	}
+	
+	/**
+	Initial FileReader state
+
+	@property EMPTY
+	@type {Number}
+	@final
+	@static
+	@default 0
+	*/
+	FileReader.EMPTY = 0;
+
+	/**
+	FileReader switches to this state when it is preloading the source
+
+	@property LOADING
+	@type {Number}
+	@final
+	@static
+	@default 1
+	*/
+	FileReader.LOADING = 1;
+
+	/**
+	Preloading is complete, this is a final state
+
+	@property DONE
+	@type {Number}
+	@final
+	@static
+	@default 2
+	*/
+	FileReader.DONE = 2;
+
+	FileReader.prototype = EventTarget.instance;
+
+	return FileReader;
+});
+
+// Included from: src/javascript/core/utils/Url.js
+
+/**
+ * Url.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/utils/Url', [], function() {
+	/**
+	Parse url into separate components and fill in absent parts with parts from current url,
+	based on https://raw.github.com/kvz/phpjs/master/functions/url/parse_url.js
+
+	@method parseUrl
+	@for Utils
+	@static
+	@param {String} url Url to parse (defaults to empty string if undefined)
+	@return {Object} Hash containing extracted uri components
+	*/
+	var parseUrl = function(url, currentUrl) {
+		var key = ['source', 'scheme', 'authority', 'userInfo', 'user', 'pass', 'host', 'port', 'relative', 'path', 'directory', 'file', 'query', 'fragment']
+		, i = key.length
+		, ports = {
+			http: 80,
+			https: 443
+		}
+		, uri = {}
+		, regex = /^(?:([^:\/?#]+):)?(?:\/\/()(?:(?:()(?:([^:@]*):?([^:@]*))?@)?([^:\/?#]*)(?::(\d*))?))?()(?:(()(?:(?:[^?#\/]*\/)*)()(?:[^?#]*))(?:\\?([^#]*))?(?:#(.*))?)/
+		, m = regex.exec(url || '')
+		;
+					
+		while (i--) {
+			if (m[i]) {
+				uri[key[i]] = m[i];
+			}
+		}
+
+		// when url is relative, we set the origin and the path ourselves
+		if (!uri.scheme) {
+			// come up with defaults
+			if (!currentUrl || typeof(currentUrl) === 'string') {
+				currentUrl = parseUrl(currentUrl || document.location.href);
+			}
+
+			uri.scheme = currentUrl.scheme;
+			uri.host = currentUrl.host;
+			uri.port = currentUrl.port;
+
+			var path = '';
+			// for urls without trailing slash we need to figure out the path
+			if (/^[^\/]/.test(uri.path)) {
+				path = currentUrl.path;
+				// if path ends with a filename, strip it
+				if (!/(\/|\/[^\.]+)$/.test(path)) {
+					path = path.replace(/\/[^\/]+$/, '/');
+				} else {
+					path += '/';
+				}
+			}
+			uri.path = path + (uri.path || ''); // site may reside at domain.com or domain.com/subdir
+		}
+
+		if (!uri.port) {
+			uri.port = ports[uri.scheme] || 80;
+		} 
+		
+		uri.port = parseInt(uri.port, 10);
+
+		if (!uri.path) {
+			uri.path = "/";
+		}
+
+		delete uri.source;
+
+		return uri;
+	};
+
+	/**
+	Resolve url - among other things will turn relative url to absolute
+
+	@method resolveUrl
+	@static
+	@param {String} url Either absolute or relative
+	@return {String} Resolved, absolute url
+	*/
+	var resolveUrl = function(url) {
+		var ports = { // we ignore default ports
+			http: 80,
+			https: 443
+		}
+		, urlp = parseUrl(url)
+		;
+
+		return urlp.scheme + '://' + urlp.host + (urlp.port !== ports[urlp.scheme] ? ':' + urlp.port : '') + urlp.path + (urlp.query ? urlp.query : '');
+	};
+
+	/**
+	Check if specified url has the same origin as the current document
+
+	@method hasSameOrigin
+	@param {String|Object} url
+	@return {Boolean}
+	*/
+	var hasSameOrigin = function(url) {
+		function origin(url) {
+			return [url.scheme, url.host, url.port].join('/');
+		}
+			
+		if (typeof url === 'string') {
+			url = parseUrl(url);
+		}	
+		
+		return origin(parseUrl()) === origin(url);
+	};
+
+	return {
+		parseUrl: parseUrl,
+		resolveUrl: resolveUrl,
+		hasSameOrigin: hasSameOrigin
+	};
+});
+
+// Included from: src/javascript/file/FileReaderSync.js
+
+/**
+ * FileReaderSync.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/file/FileReaderSync', [
+	'moxie/core/utils/Basic',
+	'moxie/runtime/RuntimeClient',
+	'moxie/core/utils/Encode'
+], function(Basic, RuntimeClient, Encode) {
+	/**
+	Synchronous FileReader implementation. Something like this is available in WebWorkers environment, here
+	it can be used to read only preloaded blobs/files and only below certain size (not yet sure what that'd be,
+	but probably < 1mb). Not meant to be used directly by user.
+
+	@class FileReaderSync
+	@private
+	@constructor
+	*/
+	return function() {
+		RuntimeClient.call(this);
+
+		Basic.extend(this, {
+			uid: Basic.guid('uid_'),
+
+			readAsBinaryString: function(blob) {
+				return _read.call(this, 'readAsBinaryString', blob);
+			},
+			
+			readAsDataURL: function(blob) {
+				return _read.call(this, 'readAsDataURL', blob);
+			},
+			
+			/*readAsArrayBuffer: function(blob) {
+				return _read.call(this, 'readAsArrayBuffer', blob);
+			},*/
+			
+			readAsText: function(blob) {
+				return _read.call(this, 'readAsText', blob);
+			}
+		});
+
+		function _read(op, blob) {
+			if (blob.isDetached()) {
+				var src = blob.getSource();
+				switch (op) {
+					case 'readAsBinaryString':
+						return src;
+					case 'readAsDataURL':
+						return 'data:' + blob.type + ';base64,' + Encode.btoa(src);
+					case 'readAsText':
+						var txt = '';
+						for (var i = 0, length = src.length; i < length; i++) {
+							txt += String.fromCharCode(src[i]);
+						}
+						return txt;
+				}
+			} else {
+				var result = this.connectRuntime(blob.ruid).exec.call(this, 'FileReaderSync', 'read', op, blob);
+				this.disconnectRuntime();
+				return result;
+			}
+		}
+	};
+});
+
+// Included from: src/javascript/xhr/FormData.js
+
+/**
+ * FormData.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/xhr/FormData", [
+	"moxie/core/Exceptions",
+	"moxie/core/utils/Basic",
+	"moxie/file/Blob"
+], function(x, Basic, Blob) {
+	/**
+	FormData
+
+	@class FormData
+	@constructor
+	*/
+	function FormData() {
+		var _blob, _fields = [];
+
+		Basic.extend(this, {
+			/**
+			Append another key-value pair to the FormData object
+
+			@method append
+			@param {String} name Name for the new field
+			@param {String|Blob|Array|Object} value Value for the field
+			*/
+			append: function(name, value) {
+				var self = this, valueType = Basic.typeOf(value);
+
+				// according to specs value might be either Blob or String
+				if (value instanceof Blob) {
+					_blob = {
+						name: name,
+						value: value // unfortunately we can only send single Blob in one FormData
+					};
+				} else if ('array' === valueType) {
+					name += '[]';
+
+					Basic.each(value, function(value) {
+						self.append(name, value);
+					});
+				} else if ('object' === valueType) {
+					Basic.each(value, function(value, key) {
+						self.append(name + '[' + key + ']', value);
+					});
+				} else if ('null' === valueType || 'undefined' === valueType || 'number' === valueType && isNaN(value)) {
+					self.append(name, "false");
+				} else {
+					_fields.push({
+						name: name,
+						value: value.toString()
+					});
+				}
+			},
+
+			/**
+			Checks if FormData contains Blob.
+
+			@method hasBlob
+			@return {Boolean}
+			*/
+			hasBlob: function() {
+				return !!this.getBlob();
+			},
+
+			/**
+			Retrieves blob.
+
+			@method getBlob
+			@return {Object} Either Blob if found or null
+			*/
+			getBlob: function() {
+				return _blob && _blob.value || null;
+			},
+
+			/**
+			Retrieves blob field name.
+
+			@method getBlobName
+			@return {String} Either Blob field name or null
+			*/
+			getBlobName: function() {
+				return _blob && _blob.name || null;
+			},
+
+			/**
+			Loop over the fields in FormData and invoke the callback for each of them.
+
+			@method each
+			@param {Function} cb Callback to call for each field
+			*/
+			each: function(cb) {
+				Basic.each(_fields, function(field) {
+					cb(field.value, field.name);
+				});
+
+				if (_blob) {
+					cb(_blob.value, _blob.name);
+				}
+			},
+
+			destroy: function() {
+				_blob = null;
+				_fields = [];
+			}
+		});
+	}
+
+	return FormData;
+});
+
+// Included from: src/javascript/xhr/XMLHttpRequest.js
+
+/**
+ * XMLHttpRequest.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/xhr/XMLHttpRequest", [
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/core/EventTarget",
+	"moxie/core/utils/Encode",
+	"moxie/core/utils/Url",
+	"moxie/runtime/Runtime",
+	"moxie/runtime/RuntimeTarget",
+	"moxie/file/Blob",
+	"moxie/file/FileReaderSync",
+	"moxie/xhr/FormData",
+	"moxie/core/utils/Env",
+	"moxie/core/utils/Mime"
+], function(Basic, x, EventTarget, Encode, Url, Runtime, RuntimeTarget, Blob, FileReaderSync, FormData, Env, Mime) {
+
+	var httpCode = {
+		100: 'Continue',
+		101: 'Switching Protocols',
+		102: 'Processing',
+
+		200: 'OK',
+		201: 'Created',
+		202: 'Accepted',
+		203: 'Non-Authoritative Information',
+		204: 'No Content',
+		205: 'Reset Content',
+		206: 'Partial Content',
+		207: 'Multi-Status',
+		226: 'IM Used',
+
+		300: 'Multiple Choices',
+		301: 'Moved Permanently',
+		302: 'Found',
+		303: 'See Other',
+		304: 'Not Modified',
+		305: 'Use Proxy',
+		306: 'Reserved',
+		307: 'Temporary Redirect',
+
+		400: 'Bad Request',
+		401: 'Unauthorized',
+		402: 'Payment Required',
+		403: 'Forbidden',
+		404: 'Not Found',
+		405: 'Method Not Allowed',
+		406: 'Not Acceptable',
+		407: 'Proxy Authentication Required',
+		408: 'Request Timeout',
+		409: 'Conflict',
+		410: 'Gone',
+		411: 'Length Required',
+		412: 'Precondition Failed',
+		413: 'Request Entity Too Large',
+		414: 'Request-URI Too Long',
+		415: 'Unsupported Media Type',
+		416: 'Requested Range Not Satisfiable',
+		417: 'Expectation Failed',
+		422: 'Unprocessable Entity',
+		423: 'Locked',
+		424: 'Failed Dependency',
+		426: 'Upgrade Required',
+
+		500: 'Internal Server Error',
+		501: 'Not Implemented',
+		502: 'Bad Gateway',
+		503: 'Service Unavailable',
+		504: 'Gateway Timeout',
+		505: 'HTTP Version Not Supported',
+		506: 'Variant Also Negotiates',
+		507: 'Insufficient Storage',
+		510: 'Not Extended'
+	};
+
+	function XMLHttpRequestUpload() {
+		this.uid = Basic.guid('uid_');
+	}
+	
+	XMLHttpRequestUpload.prototype = EventTarget.instance;
+
+	/**
+	Implementation of XMLHttpRequest
+
+	@class XMLHttpRequest
+	@constructor
+	@uses RuntimeClient
+	@extends EventTarget
+	*/
+	var dispatches = ['loadstart', 'progress', 'abort', 'error', 'load', 'timeout', 'loadend']; // & readystatechange (for historical reasons)
+	
+	var NATIVE = 1, RUNTIME = 2;
+					
+	function XMLHttpRequest() {
+		var self = this,
+			// this (together with _p() @see below) is here to gracefully upgrade to setter/getter syntax where possible
+			props = {
+				/**
+				The amount of milliseconds a request can take before being terminated. Initially zero. Zero means there is no timeout.
+
+				@property timeout
+				@type Number
+				@default 0
+				*/
+				timeout: 0,
+
+				/**
+				Current state, can take following values:
+				UNSENT (numeric value 0)
+				The object has been constructed.
+
+				OPENED (numeric value 1)
+				The open() method has been successfully invoked. During this state request headers can be set using setRequestHeader() and the request can be made using the send() method.
+
+				HEADERS_RECEIVED (numeric value 2)
+				All redirects (if any) have been followed and all HTTP headers of the final response have been received. Several response members of the object are now available.
+
+				LOADING (numeric value 3)
+				The response entity body is being received.
+
+				DONE (numeric value 4)
+
+				@property readyState
+				@type Number
+				@default 0 (UNSENT)
+				*/
+				readyState: XMLHttpRequest.UNSENT,
+
+				/**
+				True when user credentials are to be included in a cross-origin request. False when they are to be excluded
+				in a cross-origin request and when cookies are to be ignored in its response. Initially false.
+
+				@property withCredentials
+				@type Boolean
+				@default false
+				*/
+				withCredentials: false,
+
+				/**
+				Returns the HTTP status code.
+
+				@property status
+				@type Number
+				@default 0
+				*/
+				status: 0,
+
+				/**
+				Returns the HTTP status text.
+
+				@property statusText
+				@type String
+				*/
+				statusText: "",
+
+				/**
+				Returns the response type. Can be set to change the response type. Values are:
+				the empty string (default), "arraybuffer", "blob", "document", "json", and "text".
+				
+				@property responseType
+				@type String
+				*/
+				responseType: "",
+
+				/**
+				Returns the document response entity body.
+				
+				Throws an "InvalidStateError" exception if responseType is not the empty string or "document".
+
+				@property responseXML
+				@type Document
+				*/
+				responseXML: null,
+
+				/**
+				Returns the text response entity body.
+				
+				Throws an "InvalidStateError" exception if responseType is not the empty string or "text".
+
+				@property responseText
+				@type String
+				*/
+				responseText: null,
+
+				/**
+				Returns the response entity body (http://www.w3.org/TR/XMLHttpRequest/#response-entity-body).
+				Can become: ArrayBuffer, Blob, Document, JSON, Text
+				
+				@property response
+				@type Mixed
+				*/
+				response: null
+			},
+
+			_async = true,
+			_url,
+			_method,
+			_headers = {},
+			_user,
+			_password,
+			_encoding = null,
+			_mimeType = null,
+
+			// flags
+			_sync_flag = false,
+			_send_flag = false,
+			_upload_events_flag = false,
+			_upload_complete_flag = false,
+			_error_flag = false,
+			_same_origin_flag = false,
+
+			// times
+			_start_time,
+			_timeoutset_time,
+
+			_finalMime = null,
+			_finalCharset = null,
+
+			_options = {},
+			_xhr,
+			_responseHeaders = '',
+			_responseHeadersBag
+			;
+
+		
+		Basic.extend(this, props, {
+			/**
+			Unique id of the component
+
+			@property uid
+			@type String
+			*/
+			uid: Basic.guid('uid_'),
+			
+			/**
+			Target for Upload events
+
+			@property upload
+			@type XMLHttpRequestUpload
+			*/
+			upload: new XMLHttpRequestUpload(),
+			
+
+			/**
+			Sets the request method, request URL, synchronous flag, request username, and request password.
+
+			Throws a "SyntaxError" exception if one of the following is true:
+
+			method is not a valid HTTP method.
+			url cannot be resolved.
+			url contains the "user:password" format in the userinfo production.
+			Throws a "SecurityError" exception if method is a case-insensitive match for CONNECT, TRACE or TRACK.
+
+			Throws an "InvalidAccessError" exception if one of the following is true:
+
+			Either user or password is passed as argument and the origin of url does not match the XMLHttpRequest origin.
+			There is an associated XMLHttpRequest document and either the timeout attribute is not zero,
+			the withCredentials attribute is true, or the responseType attribute is not the empty string.
+
+
+			@method open
+			@param {String} method HTTP method to use on request
+			@param {String} url URL to request
+			@param {Boolean} [async=true] If false request will be done in synchronous manner. Asynchronous by default.
+			@param {String} [user] Username to use in HTTP authentication process on server-side
+			@param {String} [password] Password to use in HTTP authentication process on server-side
+			*/
+			open: function(method, url, async, user, password) {
+				var urlp;
+				
+				// first two arguments are required
+				if (!method || !url) {
+					throw new x.DOMException(x.DOMException.SYNTAX_ERR);
+				}
+				
+				// 2 - check if any code point in method is higher than U+00FF or after deflating method it does not match the method
+				if (/[\u0100-\uffff]/.test(method) || Encode.utf8_encode(method) !== method) {
+					throw new x.DOMException(x.DOMException.SYNTAX_ERR);
+				}
+
+				// 3
+				if (!!~Basic.inArray(method.toUpperCase(), ['CONNECT', 'DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT', 'TRACE', 'TRACK'])) {
+					_method = method.toUpperCase();
+				}
+				
+				
+				// 4 - allowing these methods poses a security risk
+				if (!!~Basic.inArray(_method, ['CONNECT', 'TRACE', 'TRACK'])) {
+					throw new x.DOMException(x.DOMException.SECURITY_ERR);
+				}
+
+				// 5
+				url = Encode.utf8_encode(url);
+				
+				// 6 - Resolve url relative to the XMLHttpRequest base URL. If the algorithm returns an error, throw a "SyntaxError".
+				urlp = Url.parseUrl(url);
+
+				_same_origin_flag = Url.hasSameOrigin(urlp);
+																
+				// 7 - manually build up absolute url
+				_url = Url.resolveUrl(url);
+		
+				// 9-10, 12-13
+				if ((user || password) && !_same_origin_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_ACCESS_ERR);
+				}
+
+				_user = user || urlp.user;
+				_password = password || urlp.pass;
+				
+				// 11
+				_async = async || true;
+				
+				if (_async === false && (_p('timeout') || _p('withCredentials') || _p('responseType') !== "")) {
+					throw new x.DOMException(x.DOMException.INVALID_ACCESS_ERR);
+				}
+				
+				// 14 - terminate abort()
+				
+				// 15 - terminate send()
+
+				// 18
+				_sync_flag = !_async;
+				_send_flag = false;
+				_headers = {};
+				_reset.call(this);
+
+				// 19
+				_p('readyState', XMLHttpRequest.OPENED);
+				
+				// 20
+				this.convertEventPropsToHandlers(['readystatechange']); // unify event handlers
+				this.dispatchEvent('readystatechange');
+			},
+			
+			/**
+			Appends an header to the list of author request headers, or if header is already
+			in the list of author request headers, combines its value with value.
+
+			Throws an "InvalidStateError" exception if the state is not OPENED or if the send() flag is set.
+			Throws a "SyntaxError" exception if header is not a valid HTTP header field name or if value
+			is not a valid HTTP header field value.
+			
+			@method setRequestHeader
+			@param {String} header
+			@param {String|Number} value
+			*/
+			setRequestHeader: function(header, value) {
+				var uaHeaders = [ // these headers are controlled by the user agent
+						"accept-charset",
+						"accept-encoding",
+						"access-control-request-headers",
+						"access-control-request-method",
+						"connection",
+						"content-length",
+						"cookie",
+						"cookie2",
+						"content-transfer-encoding",
+						"date",
+						"expect",
+						"host",
+						"keep-alive",
+						"origin",
+						"referer",
+						"te",
+						"trailer",
+						"transfer-encoding",
+						"upgrade",
+						"user-agent",
+						"via"
+					];
+				
+				// 1-2
+				if (_p('readyState') !== XMLHttpRequest.OPENED || _send_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 3
+				if (/[\u0100-\uffff]/.test(header) || Encode.utf8_encode(header) !== header) {
+					throw new x.DOMException(x.DOMException.SYNTAX_ERR);
+				}
+
+				// 4
+				/* this step is seemingly bypassed in browsers, probably to allow various unicode characters in header values
+				if (/[\u0100-\uffff]/.test(value) || Encode.utf8_encode(value) !== value) {
+					throw new x.DOMException(x.DOMException.SYNTAX_ERR);
+				}*/
+
+				header = Basic.trim(header).toLowerCase();
+				
+				// setting of proxy-* and sec-* headers is prohibited by spec
+				if (!!~Basic.inArray(header, uaHeaders) || /^(proxy\-|sec\-)/.test(header)) {
+					return false;
+				}
+
+				// camelize
+				// browsers lowercase header names (at least for custom ones)
+				// header = header.replace(/\b\w/g, function($1) { return $1.toUpperCase(); });
+				
+				if (!_headers[header]) {
+					_headers[header] = value;
+				} else {
+					// http://tools.ietf.org/html/rfc2616#section-4.2 (last paragraph)
+					_headers[header] += ', ' + value;
+				}
+				return true;
+			},
+
+			/**
+			Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2.
+
+			@method getAllResponseHeaders
+			@return {String} reponse headers or empty string
+			*/
+			getAllResponseHeaders: function() {
+				return _responseHeaders || '';
+			},
+
+			/**
+			Returns the header field value from the response of which the field name matches header, 
+			unless the field name is Set-Cookie or Set-Cookie2.
+
+			@method getResponseHeader
+			@param {String} header
+			@return {String} value(s) for the specified header or null
+			*/
+			getResponseHeader: function(header) {
+				header = header.toLowerCase();
+
+				if (_error_flag || !!~Basic.inArray(header, ['set-cookie', 'set-cookie2'])) {
+					return null;
+				}
+
+				if (_responseHeaders && _responseHeaders !== '') {
+					// if we didn't parse response headers until now, do it and keep for later
+					if (!_responseHeadersBag) {
+						_responseHeadersBag = {};
+						Basic.each(_responseHeaders.split(/\r\n/), function(line) {
+							var pair = line.split(/:\s+/);
+							if (pair.length === 2) { // last line might be empty, omit
+								pair[0] = Basic.trim(pair[0]); // just in case
+								_responseHeadersBag[pair[0].toLowerCase()] = { // simply to retain header name in original form
+									header: pair[0],
+									value: Basic.trim(pair[1])
+								};
+							}
+						});
+					}
+					if (_responseHeadersBag.hasOwnProperty(header)) {
+						return _responseHeadersBag[header].header + ': ' + _responseHeadersBag[header].value;
+					}
+				}
+				return null;
+			},
+			
+			/**
+			Sets the Content-Type header for the response to mime.
+			Throws an "InvalidStateError" exception if the state is LOADING or DONE.
+			Throws a "SyntaxError" exception if mime is not a valid media type.
+
+			@method overrideMimeType
+			@param String mime Mime type to set
+			*/
+			overrideMimeType: function(mime) {
+				var matches, charset;
+			
+				// 1
+				if (!!~Basic.inArray(_p('readyState'), [XMLHttpRequest.LOADING, XMLHttpRequest.DONE])) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 2
+				mime = Basic.trim(mime.toLowerCase());
+
+				if (/;/.test(mime) && (matches = mime.match(/^([^;]+)(?:;\scharset\=)?(.*)$/))) {
+					mime = matches[1];
+					if (matches[2]) {
+						charset = matches[2];
+					}
+				}
+
+				if (!Mime.mimes[mime]) {
+					throw new x.DOMException(x.DOMException.SYNTAX_ERR);
+				}
+
+				// 3-4
+				_finalMime = mime;
+				_finalCharset = charset;
+			},
+			
+			/**
+			Initiates the request. The optional argument provides the request entity body.
+			The argument is ignored if request method is GET or HEAD.
+
+			Throws an "InvalidStateError" exception if the state is not OPENED or if the send() flag is set.
+
+			@method send
+			@param {Blob|Document|String|FormData} [data] Request entity body
+			@param {Object} [options] Set of requirements and pre-requisities for runtime initialization
+			*/
+			send: function(data, options) {					
+				if (Basic.typeOf(options) === 'string') {
+					_options = { ruid: options };
+				} else if (!options) {
+					_options = {};
+				} else {
+					_options = options;
+				}
+													
+				this.convertEventPropsToHandlers(dispatches);
+				this.upload.convertEventPropsToHandlers(dispatches);
+															
+				// 1-2
+				if (this.readyState !== XMLHttpRequest.OPENED || _send_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+				
+				// 3					
+				// sending Blob
+				if (data instanceof Blob) {
+					_options.ruid = data.ruid;
+					_mimeType = data.type || 'application/octet-stream';
+				}
+				
+				// FormData
+				else if (data instanceof FormData) {
+					if (data.hasBlob()) {
+						var blob = data.getBlob();
+						_options.ruid = blob.ruid;
+						_mimeType = blob.type || 'application/octet-stream';
+					}
+				}
+				
+				// DOMString
+				else if (typeof data === 'string') {
+					_encoding = 'UTF-8';
+					_mimeType = 'text/plain;charset=UTF-8';
+					
+					// data should be converted to Unicode and encoded as UTF-8
+					data = Encode.utf8_encode(data);
+				}
+
+				// if withCredentials not set, but requested, set it automatically
+				if (!this.withCredentials) {
+					this.withCredentials = (_options.required_caps && _options.required_caps.send_browser_cookies) && !_same_origin_flag;
+				}
+
+				// 4 - storage mutex
+				// 5
+				_upload_events_flag = (!_sync_flag && this.upload.hasEventListener()); // DSAP
+				// 6
+				_error_flag = false;
+				// 7
+				_upload_complete_flag = !data;
+				// 8 - Asynchronous steps
+				if (!_sync_flag) {
+					// 8.1
+					_send_flag = true;
+					// 8.2
+					// this.dispatchEvent('loadstart'); // will be dispatched either by native or runtime xhr
+					// 8.3
+					//if (!_upload_complete_flag) {
+						// this.upload.dispatchEvent('loadstart');	// will be dispatched either by native or runtime xhr
+					//}
+				}
+				// 8.5 - Return the send() method call, but continue running the steps in this algorithm.
+				_doXHR.call(this, data);
+			},
+			
+			/**
+			Cancels any network activity.
+			
+			@method abort
+			*/
+			abort: function() {
+				_error_flag = true;
+				_sync_flag = false;
+
+				if (!~Basic.inArray(_p('readyState'), [XMLHttpRequest.UNSENT, XMLHttpRequest.OPENED, XMLHttpRequest.DONE])) {
+					_p('readyState', XMLHttpRequest.DONE);
+					_send_flag = false;
+
+					if (_xhr) {
+						_xhr.getRuntime().exec.call(_xhr, 'XMLHttpRequest', 'abort', _upload_complete_flag);
+					} else {
+						throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+					}
+
+					_upload_complete_flag = true;
+				} else {
+					_p('readyState', XMLHttpRequest.UNSENT);
+				}
+			},
+
+			destroy: function() {
+				if (_xhr) {
+					if (Basic.typeOf(_xhr.destroy) === 'function') {
+						_xhr.destroy();
+					}
+					_xhr = null;
+				}
+
+				this.unbindAll();
+
+				if (this.upload) {
+					this.upload.unbindAll();
+					this.upload = null;
+				}
+			}
+		});
+
+		/* this is nice, but maybe too lengthy
+
+		// if supported by JS version, set getters/setters for specific properties
+		o.defineProperty(this, 'readyState', {
+			configurable: false,
+
+			get: function() {
+				return _p('readyState');
+			}
+		});
+
+		o.defineProperty(this, 'timeout', {
+			configurable: false,
+
+			get: function() {
+				return _p('timeout');
+			},
+
+			set: function(value) {
+
+				if (_sync_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_ACCESS_ERR);
+				}
+
+				// timeout still should be measured relative to the start time of request
+				_timeoutset_time = (new Date).getTime();
+
+				_p('timeout', value);
+			}
+		});
+
+		// the withCredentials attribute has no effect when fetching same-origin resources
+		o.defineProperty(this, 'withCredentials', {
+			configurable: false,
+
+			get: function() {
+				return _p('withCredentials');
+			},
+
+			set: function(value) {
+				// 1-2
+				if (!~o.inArray(_p('readyState'), [XMLHttpRequest.UNSENT, XMLHttpRequest.OPENED]) || _send_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 3-4
+				if (_anonymous_flag || _sync_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_ACCESS_ERR);
+				}
+
+				// 5
+				_p('withCredentials', value);
+			}
+		});
+
+		o.defineProperty(this, 'status', {
+			configurable: false,
+
+			get: function() {
+				return _p('status');
+			}
+		});
+
+		o.defineProperty(this, 'statusText', {
+			configurable: false,
+
+			get: function() {
+				return _p('statusText');
+			}
+		});
+
+		o.defineProperty(this, 'responseType', {
+			configurable: false,
+
+			get: function() {
+				return _p('responseType');
+			},
+
+			set: function(value) {
+				// 1
+				if (!!~o.inArray(_p('readyState'), [XMLHttpRequest.LOADING, XMLHttpRequest.DONE])) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 2
+				if (_sync_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_ACCESS_ERR);
+				}
+
+				// 3
+				_p('responseType', value.toLowerCase());
+			}
+		});
+
+		o.defineProperty(this, 'responseText', {
+			configurable: false,
+
+			get: function() {
+				// 1
+				if (!~o.inArray(_p('responseType'), ['', 'text'])) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 2-3
+				if (_p('readyState') !== XMLHttpRequest.DONE && _p('readyState') !== XMLHttpRequest.LOADING || _error_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				return _p('responseText');
+			}
+		});
+
+		o.defineProperty(this, 'responseXML', {
+			configurable: false,
+
+			get: function() {
+				// 1
+				if (!~o.inArray(_p('responseType'), ['', 'document'])) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				// 2-3
+				if (_p('readyState') !== XMLHttpRequest.DONE || _error_flag) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				return _p('responseXML');
+			}
+		});
+
+		o.defineProperty(this, 'response', {
+			configurable: false,
+
+			get: function() {
+				if (!!~o.inArray(_p('responseType'), ['', 'text'])) {
+					if (_p('readyState') !== XMLHttpRequest.DONE && _p('readyState') !== XMLHttpRequest.LOADING || _error_flag) {
+						return '';
+					}
+				}
+
+				if (_p('readyState') !== XMLHttpRequest.DONE || _error_flag) {
+					return null;
+				}
+
+				return _p('response');
+			}
+		});
+
+		*/
+
+		function _p(prop, value) {
+			if (!props.hasOwnProperty(prop)) {
+				return;
+			}
+			if (arguments.length === 1) { // get
+				return Env.can('define_property') ? props[prop] : self[prop];
+			} else { // set
+				if (Env.can('define_property')) {
+					props[prop] = value;
+				} else {
+					self[prop] = value;
+				}
+			}
+		}
+		
+		/*
+		function _toASCII(str, AllowUnassigned, UseSTD3ASCIIRules) {
+			// TODO: http://tools.ietf.org/html/rfc3490#section-4.1
+			return str.toLowerCase();
+		}
+		*/
+		
+		
+		function _doXHR(data) {
+			var self = this;
+			
+			_start_time = new Date().getTime();
+
+			_xhr = new RuntimeTarget();
+
+			function loadEnd() {
+				_xhr.destroy();
+				_xhr = null;
+				self.dispatchEvent('loadend');
+				self = null;
+			}
+
+			function exec(runtime) {
+				_xhr.bind('LoadStart', function(e) {
+					_p('readyState', XMLHttpRequest.LOADING);
+					self.dispatchEvent('readystatechange');
+
+					self.dispatchEvent(e);
+					
+					if (_upload_events_flag) {
+						self.upload.dispatchEvent(e);
+					}
+				});
+				
+				_xhr.bind('Progress', function(e) {
+					if (_p('readyState') !== XMLHttpRequest.LOADING) {
+						_p('readyState', XMLHttpRequest.LOADING); // LoadStart unreliable (in Flash for example)
+						self.dispatchEvent('readystatechange');
+					}
+					self.dispatchEvent(e);
+				});
+				
+				_xhr.bind('UploadProgress', function(e) {
+					if (_upload_events_flag) {
+						self.upload.dispatchEvent({
+							type: 'progress',
+							lengthComputable: false,
+							total: e.total,
+							loaded: e.loaded
+						});
+					}
+				});
+				
+				_xhr.bind('Load', function(e) {
+					_p('readyState', XMLHttpRequest.DONE);
+					_p('status', Number(runtime.exec.call(_xhr, 'XMLHttpRequest', 'getStatus') || 0));
+					_p('statusText', httpCode[_p('status')] || "");
+					
+					_p('response', runtime.exec.call(_xhr, 'XMLHttpRequest', 'getResponse', _p('responseType')));
+
+					if (!!~Basic.inArray(_p('responseType'), ['text', ''])) {
+						_p('responseText', _p('response'));
+					} else if (_p('responseType') === 'document') {
+						_p('responseXML', _p('response'));
+					}
+
+					_responseHeaders = runtime.exec.call(_xhr, 'XMLHttpRequest', 'getAllResponseHeaders');
+
+					self.dispatchEvent('readystatechange');
+					
+					if (_p('status') > 0) { // status 0 usually means that server is unreachable
+						if (_upload_events_flag) {
+							self.upload.dispatchEvent(e);
+						}
+						self.dispatchEvent(e);
+					} else {
+						_error_flag = true;
+						self.dispatchEvent('error');
+					}
+					loadEnd();
+				});
+
+				_xhr.bind('Abort', function(e) {
+					self.dispatchEvent(e);
+					loadEnd();
+				});
+				
+				_xhr.bind('Error', function(e) {
+					_error_flag = true;
+					_p('readyState', XMLHttpRequest.DONE);
+					self.dispatchEvent('readystatechange');
+					_upload_complete_flag = true;
+					self.dispatchEvent(e);
+					loadEnd();
+				});
+
+				runtime.exec.call(_xhr, 'XMLHttpRequest', 'send', {
+					url: _url,
+					method: _method,
+					async: _async,
+					user: _user,
+					password: _password,
+					headers: _headers,
+					mimeType: _mimeType,
+					encoding: _encoding,
+					responseType: self.responseType,
+					withCredentials: self.withCredentials,
+					options: _options
+				}, data);
+			}
+
+			// clarify our requirements
+			if (typeof(_options.required_caps) === 'string') {
+				_options.required_caps = Runtime.parseCaps(_options.required_caps);
+			}
+
+			_options.required_caps = Basic.extend({}, _options.required_caps, {
+				return_response_type: self.responseType
+			});
+
+			if (data instanceof FormData) {
+				_options.required_caps.send_multipart = true;
+			}
+
+			if (!_same_origin_flag) {
+				_options.required_caps.do_cors = true;
+			}
+			
+
+			if (_options.ruid) { // we do not need to wait if we can connect directly
+				exec(_xhr.connectRuntime(_options));
+			} else {
+				_xhr.bind('RuntimeInit', function(e, runtime) {
+					exec(runtime);
+				});
+				_xhr.bind('RuntimeError', function(e, err) {
+					self.dispatchEvent('RuntimeError', err);
+				});
+				_xhr.connectRuntime(_options);
+			}
+		}
+	
+		
+		function _reset() {
+			_p('responseText', "");
+			_p('responseXML', null);
+			_p('response', null);
+			_p('status', 0);
+			_p('statusText', "");
+			_start_time = _timeoutset_time = null;
+		}
+	}
+
+	XMLHttpRequest.UNSENT = 0;
+	XMLHttpRequest.OPENED = 1;
+	XMLHttpRequest.HEADERS_RECEIVED = 2;
+	XMLHttpRequest.LOADING = 3;
+	XMLHttpRequest.DONE = 4;
+	
+	XMLHttpRequest.prototype = EventTarget.instance;
+
+	return XMLHttpRequest;
+});
+
+// Included from: src/javascript/runtime/Transporter.js
+
+/**
+ * Transporter.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/runtime/Transporter", [
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Encode",
+	"moxie/runtime/RuntimeClient",
+	"moxie/core/EventTarget"
+], function(Basic, Encode, RuntimeClient, EventTarget) {
+	function Transporter() {
+		var mod, _runtime, _data, _size, _pos, _chunk_size;
+
+		RuntimeClient.call(this);
+
+		Basic.extend(this, {
+			uid: Basic.guid('uid_'),
+
+			state: Transporter.IDLE,
+
+			result: null,
+
+			transport: function(data, type, options) {
+				var self = this;
+
+				options = Basic.extend({
+					chunk_size: 204798
+				}, options);
+
+				// should divide by three, base64 requires this
+				if ((mod = options.chunk_size % 3)) {
+					options.chunk_size += 3 - mod;
+				}
+
+				_chunk_size = options.chunk_size;
+
+				_reset.call(this);
+				_data = data;
+				_size = data.length;
+
+				if (Basic.typeOf(options) === 'string' || options.ruid) {
+					_run.call(self, type, this.connectRuntime(options));
+				} else {
+					// we require this to run only once
+					var cb = function(e, runtime) {
+						self.unbind("RuntimeInit", cb);
+						_run.call(self, type, runtime);
+					};
+					this.bind("RuntimeInit", cb);
+					this.connectRuntime(options);
+				}
+			},
+
+			abort: function() {
+				var self = this;
+
+				self.state = Transporter.IDLE;
+				if (_runtime) {
+					_runtime.exec.call(self, 'Transporter', 'clear');
+					self.trigger("TransportingAborted");
+				}
+
+				_reset.call(self);
+			},
+
+
+			destroy: function() {
+				this.unbindAll();
+				_runtime = null;
+				this.disconnectRuntime();
+				_reset.call(this);
+			}
+		});
+
+		function _reset() {
+			_size = _pos = 0;
+			_data = this.result = null;
+		}
+
+		function _run(type, runtime) {
+			var self = this;
+
+			_runtime = runtime;
+
+			//self.unbind("RuntimeInit");
+
+			self.bind("TransportingProgress", function(e) {
+				_pos = e.loaded;
+
+				if (_pos < _size && Basic.inArray(self.state, [Transporter.IDLE, Transporter.DONE]) === -1) {
+					_transport.call(self);
+				}
+			}, 999);
+
+			self.bind("TransportingComplete", function() {
+				_pos = _size;
+				self.state = Transporter.DONE;
+				_data = null; // clean a bit
+				self.result = _runtime.exec.call(self, 'Transporter', 'getAsBlob', type || '');
+			}, 999);
+
+			self.state = Transporter.BUSY;
+			self.trigger("TransportingStarted");
+			_transport.call(self);
+		}
+
+		function _transport() {
+			var self = this,
+				chunk,
+				bytesLeft = _size - _pos;
+
+			if (_chunk_size > bytesLeft) {
+				_chunk_size = bytesLeft;
+			}
+
+			chunk = Encode.btoa(_data.substr(_pos, _chunk_size));
+			_runtime.exec.call(self, 'Transporter', 'receive', chunk, _size);
+		}
+	}
+
+	Transporter.IDLE = 0;
+	Transporter.BUSY = 1;
+	Transporter.DONE = 2;
+
+	Transporter.prototype = EventTarget.instance;
+
+	return Transporter;
+});
+
+// Included from: src/javascript/image/Image.js
+
+/**
+ * Image.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define("moxie/image/Image", [
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/Exceptions",
+	"moxie/file/FileReaderSync",
+	"moxie/xhr/XMLHttpRequest",
+	"moxie/runtime/Runtime",
+	"moxie/runtime/RuntimeClient",
+	"moxie/runtime/Transporter",
+	"moxie/core/utils/Env",
+	"moxie/core/EventTarget",
+	"moxie/file/Blob",
+	"moxie/file/File",
+	"moxie/core/utils/Encode"
+], function(Basic, Dom, x, FileReaderSync, XMLHttpRequest, Runtime, RuntimeClient, Transporter, Env, EventTarget, Blob, File, Encode) {
+	/**
+	Image preloading and manipulation utility. Additionally it provides access to image meta info (Exif, GPS) and raw binary data.
+
+	@class Image
+	@constructor
+	@extends EventTarget
+	*/
+	var dispatches = [
+		'progress',
+
+		/**
+		Dispatched when loading is complete.
+
+		@event load
+		@param {Object} event
+		*/
+		'load',
+
+		'error',
+
+		/**
+		Dispatched when resize operation is complete.
+		
+		@event resize
+		@param {Object} event
+		*/
+		'resize',
+
+		/**
+		Dispatched when visual representation of the image is successfully embedded
+		into the corresponsing container.
+
+		@event embedded
+		@param {Object} event
+		*/
+		'embedded'
+	];
+
+	function Image() {
+		RuntimeClient.call(this);
+
+		Basic.extend(this, {
+			/**
+			Unique id of the component
+
+			@property uid
+			@type {String}
+			*/
+			uid: Basic.guid('uid_'),
+
+			/**
+			Unique id of the connected runtime, if any.
+
+			@property ruid
+			@type {String}
+			*/
+			ruid: null,
+
+			/**
+			Name of the file, that was used to create an image, if available. If not equals to empty string.
+
+			@property name
+			@type {String}
+			@default ""
+			*/
+			name: "",
+
+			/**
+			Size of the image in bytes. Actual value is set only after image is preloaded.
+
+			@property size
+			@type {Number}
+			@default 0
+			*/
+			size: 0,
+
+			/**
+			Width of the image. Actual value is set only after image is preloaded.
+
+			@property width
+			@type {Number}
+			@default 0
+			*/
+			width: 0,
+
+			/**
+			Height of the image. Actual value is set only after image is preloaded.
+
+			@property height
+			@type {Number}
+			@default 0
+			*/
+			height: 0,
+
+			/**
+			Mime type of the image. Currently only image/jpeg and image/png are supported. Actual value is set only after image is preloaded.
+
+			@property type
+			@type {String}
+			@default ""
+			*/
+			type: "",
+
+			/**
+			Holds meta info (Exif, GPS). Is populated only for image/jpeg. Actual value is set only after image is preloaded.
+
+			@property meta
+			@type {Object}
+			@default {}
+			*/
+			meta: {},
+
+			/**
+			Alias for load method, that takes another mOxie.Image object as a source (see load).
+
+			@method clone
+			@param {Image} src Source for the image
+			@param {Boolean} [exact=false] Whether to activate in-depth clone mode
+			*/
+			clone: function() {
+				this.load.apply(this, arguments);
+			},
+
+			/**
+			Loads image from various sources. Currently the source for new image can be: mOxie.Image, mOxie.Blob/mOxie.File, 
+			native Blob/File, dataUrl or URL. Depending on the type of the source, arguments - differ. When source is URL, 
+			Image will be downloaded from remote destination and loaded in memory.
+
+			@example
+				var img = new mOxie.Image();
+				img.onload = function() {
+					var blob = img.getAsBlob();
+					
+					var formData = new mOxie.FormData();
+					formData.append('file', blob);
+
+					var xhr = new mOxie.XMLHttpRequest();
+					xhr.onload = function() {
+						// upload complete
+					};
+					xhr.open('post', 'upload.php');
+					xhr.send(formData);
+				};
+				img.load("http://www.moxiecode.com/images/mox-logo.jpg"); // notice file extension (.jpg)
+			
+
+			@method load
+			@param {Image|Blob|File|String} src Source for the image
+			@param {Boolean|Object} [mixed]
+			*/
+			load: function() {
+				// this is here because to bind properly we need an uid first, which is created above
+				this.bind('Load Resize', function() {
+					_updateInfo.call(this);
+				}, 999);
+
+				this.convertEventPropsToHandlers(dispatches);
+
+				_load.apply(this, arguments);
+			},
+
+			/**
+			Downsizes the image to fit the specified width/height. If crop is supplied, image will be cropped to exact dimensions.
+
+			@method downsize
+			@param {Number} width Resulting width
+			@param {Number} [height=width] Resulting height (optional, if not supplied will default to width)
+			@param {Boolean} [crop=false] Whether to crop the image to exact dimensions
+			@param {Boolean} [preserveHeaders=true] Whether to preserve meta headers (on JPEGs after resize)
+			*/
+			downsize: function(width, height, crop, preserveHeaders) {
+				try {
+					if (!this.size) { // only preloaded image objects can be used as source
+						throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+					}
+
+					// no way to reliably intercept the crash due to high resolution, so we simply avoid it
+					if (this.width > Image.MAX_RESIZE_WIDTH || this.height > Image.MAX_RESIZE_HEIGHT) {
+						throw new x.ImageError(x.ImageError.MAX_RESOLUTION_ERR);
+					}
+
+					if (!width && !height || Basic.typeOf(crop) === 'undefined') {
+						crop = false;
+					}
+
+					width = width || this.width;
+					height = height || this.height;
+
+					preserveHeaders = (Basic.typeOf(preserveHeaders) === 'undefined' ? true : !!preserveHeaders);
+
+					this.getRuntime().exec.call(this, 'Image', 'downsize', width, height, crop, preserveHeaders);
+				} catch(ex) {
+					// for now simply trigger error event
+					this.trigger('error', ex);
+				}
+			},
+
+			/**
+			Alias for downsize(width, height, true). (see downsize)
+			
+			@method crop
+			@param {Number} width Resulting width
+			@param {Number} [height=width] Resulting height (optional, if not supplied will default to width)
+			@param {Boolean} [preserveHeaders=true] Whether to preserve meta headers (on JPEGs after resize)
+			*/
+			crop: function(width, height, preserveHeaders) {
+				this.downsize(width, height, true, preserveHeaders);
+			},
+
+			getAsCanvas: function() {
+				if (!Env.can('create_canvas')) {
+					throw new x.RuntimeError(x.RuntimeError.NOT_SUPPORTED_ERR);
+				}
+
+				var runtime = this.connectRuntime(this.ruid);
+				return runtime.exec.call(this, 'Image', 'getAsCanvas');
+			},
+
+			/**
+			Retrieves image in it's current state as mOxie.Blob object. Cannot be run on empty or image in progress (throws
+			DOMException.INVALID_STATE_ERR).
+
+			@method getAsBlob
+			@param {String} [type="image/jpeg"] Mime type of resulting blob. Can either be image/jpeg or image/png
+			@param {Number} [quality=90] Applicable only together with mime type image/jpeg
+			@return {Blob} Image as Blob
+			*/
+			getAsBlob: function(type, quality) {
+				if (!this.size) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+
+				if (!type) {
+					type = 'image/jpeg';
+				}
+
+				if (type === 'image/jpeg' && !quality) {
+					quality = 90;
+				}
+
+				return this.getRuntime().exec.call(this, 'Image', 'getAsBlob', type, quality);
+			},
+
+			/**
+			Retrieves image in it's current state as dataURL string. Cannot be run on empty or image in progress (throws
+			DOMException.INVALID_STATE_ERR).
+
+			@method getAsDataURL
+			@param {String} [type="image/jpeg"] Mime type of resulting blob. Can either be image/jpeg or image/png
+			@param {Number} [quality=90] Applicable only together with mime type image/jpeg
+			@return {String} Image as dataURL string
+			*/
+			getAsDataURL: function(type, quality) {
+				if (!this.size) {
+					throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+				}
+				return this.getRuntime().exec.call(this, 'Image', 'getAsDataURL', type, quality);
+			},
+
+			/**
+			Retrieves image in it's current state as binary string. Cannot be run on empty or image in progress (throws
+			DOMException.INVALID_STATE_ERR).
+
+			@method getAsBinaryString
+			@param {String} [type="image/jpeg"] Mime type of resulting blob. Can either be image/jpeg or image/png
+			@param {Number} [quality=90] Applicable only together with mime type image/jpeg
+			@return {String} Image as binary string
+			*/
+			getAsBinaryString: function(type, quality) {
+				var dataUrl = this.getAsDataURL(type, quality);
+				return Encode.atob(dataUrl.substring(dataUrl.indexOf('base64,') + 7));
+			},
+
+			/**
+			Embeds the image, or better to say, it's visual representation into the specified node. Depending on the runtime
+			in use, might be a canvas, or image (actual ) element or shim object (Flash or SilverLight - very rare, used for
+			legacy browsers that do not have canvas or proper dataURI support).
+
+			@method embed
+			@param {DOMElement} el DOM element to insert the image object into
+			@param {Object} options Set of key/value pairs controlling the mime type, dimensions and cropping factor of resulting
+			representation
+			*/
+			embed: function(el) {
+				var self = this
+				, imgCopy
+				, type, quality, crop
+				, options = arguments[1] || {}
+				, width = this.width
+				, height = this.height
+				, runtime // this has to be outside of all the closures to contain proper runtime
+				;
+
+				function onResize() {
+					// if possible, embed a canvas element directly
+					if (Env.can('create_canvas')) {
+						var canvas = imgCopy.getAsCanvas();
+						if (canvas) {
+							el.appendChild(canvas);
+							canvas = null;
+							imgCopy.destroy();
+							self.trigger('embedded');
+							return;
+						}
+					}
+
+					var dataUrl = imgCopy.getAsDataURL(type, quality);
+					if (!dataUrl) {
+						throw new x.ImageError(x.ImageError.WRONG_FORMAT);
+					}
+
+					if (Env.can('use_data_uri_of', dataUrl.length)) {
+						el.innerHTML = '<img src="' + dataUrl + '" width="' + imgCopy.width + '" height="' + imgCopy.height + '" />';
+						imgCopy.destroy();
+						self.trigger('embedded');
+					} else {
+						var tr = new Transporter();
+
+						tr.bind("TransportingComplete", function() {
+							runtime = self.connectRuntime(this.result.ruid);
+
+							self.bind("Embedded", function() {
+								// position and size properly
+								Basic.extend(runtime.getShimContainer().style, {
+									//position: 'relative',
+									top: '0px',
+									left: '0px',
+									width: imgCopy.width + 'px',
+									height: imgCopy.height + 'px'
+								});
+
+								// some shims (Flash/SilverLight) reinitialize, if parent element is hidden, reordered or it's
+								// position type changes (in Gecko), but since we basically need this only in IEs 6/7 and
+								// sometimes 8 and they do not have this problem, we can comment this for now
+								/*tr.bind("RuntimeInit", function(e, runtime) {
+									tr.destroy();
+									runtime.destroy();
+									onResize.call(self); // re-feed our image data
+								});*/
+
+								runtime = null;
+							}, 999);
+
+							runtime.exec.call(self, "ImageView", "display", this.result.uid, width, height);
+							imgCopy.destroy();
+						});
+
+						tr.transport(Encode.atob(dataUrl.substring(dataUrl.indexOf('base64,') + 7)), type, Basic.extend({}, options, {
+							required_caps: {
+								display_media: true
+							},
+							runtime_order: 'flash,silverlight',
+							container: el
+						}));
+					}
+				}
+
+				try {
+					if (!(el = Dom.get(el))) {
+						throw new x.DOMException(x.DOMException.INVALID_NODE_TYPE_ERR);
+					}
+
+					if (!this.size) { // only preloaded image objects can be used as source
+						throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+					}
+
+					if (this.width > Image.MAX_RESIZE_WIDTH || this.height > Image.MAX_RESIZE_HEIGHT) {
+						throw new x.ImageError(x.ImageError.MAX_RESOLUTION_ERR);
+					}
+
+					type = options.type || this.type || 'image/jpeg';
+					quality = options.quality || 90;
+					crop = Basic.typeOf(options.crop) !== 'undefined' ? options.crop : false;
+
+					// figure out dimensions for the thumb
+					if (options.width) {
+						width = options.width;
+						height = options.height || width;
+					} else {
+						// if container element has > 0 dimensions, take them
+						var dimensions = Dom.getSize(el);
+						if (dimensions.w && dimensions.h) { // both should be > 0
+							width = dimensions.w;
+							height = dimensions.h;
+						}
+					}
+
+					imgCopy = new Image();
+
+					imgCopy.bind("Resize", function() {
+						onResize.call(self);
+					});
+
+					imgCopy.bind("Load", function() {
+						imgCopy.downsize(width, height, crop, false);
+					});
+
+					imgCopy.clone(this, false);
+
+					return imgCopy;
+				} catch(ex) {
+					// for now simply trigger error event
+					this.trigger('error', ex);
+				}
+			},
+
+			/**
+			Properly destroys the image and frees resources in use. If any. Recommended way to dispose mOxie.Image object.
+
+			@method destroy
+			*/
+			destroy: function() {
+				if (this.ruid) {
+					this.getRuntime().exec.call(this, 'Image', 'destroy');
+					this.disconnectRuntime();
+				}
+				this.unbindAll();
+			}
+		});
+
+
+		function _updateInfo(info) {
+			if (!info) {
+				info = this.getRuntime().exec.call(this, 'Image', 'getInfo');
+			}
+
+			this.size = info.size;
+			this.width = info.width;
+			this.height = info.height;
+			this.type = info.type;
+			this.meta = info.meta;
+
+			// update file name, only if empty
+			if (this.name === '') {
+				this.name = info.name;
+			}
+		}
+		
+
+		function _load(src) {
+			var srcType = Basic.typeOf(src);
+
+			try {
+				// if source is Image
+				if (src instanceof Image) {
+					if (!src.size) { // only preloaded image objects can be used as source
+						throw new x.DOMException(x.DOMException.INVALID_STATE_ERR);
+					}
+					_loadFromImage.apply(this, arguments);
+				}
+				// if source is o.Blob/o.File
+				else if (src instanceof Blob) {
+					if (!~Basic.inArray(src.type, ['image/jpeg', 'image/png'])) {
+						throw new x.ImageError(x.ImageError.WRONG_FORMAT);
+					}
+					_loadFromBlob.apply(this, arguments);
+				}
+				// if native blob/file
+				else if (Basic.inArray(srcType, ['blob', 'file']) !== -1) {
+					_load.call(this, new File(null, src), arguments[1]);
+				}
+				// if String
+				else if (srcType === 'string') {
+					// if dataUrl String
+					if (/^data:[^;]*;base64,/.test(src)) {
+						_load.call(this, new Blob(null, { data: src }), arguments[1]);
+					}
+					// else assume Url, either relative or absolute
+					else {
+						_loadFromUrl.apply(this, arguments);
+					}
+				}
+				// if source seems to be an img node
+				else if (srcType === 'node' && src.nodeName.toLowerCase() === 'img') {
+					_load.call(this, src.src, arguments[1]);
+				}
+				else {
+					throw new x.DOMException(x.DOMException.TYPE_MISMATCH_ERR);
+				}
+			} catch(ex) {
+				// for now simply trigger error event
+				this.trigger('error', ex);
+			}
+		}
+
+
+		function _loadFromImage(img, exact) {
+			var runtime = this.connectRuntime(img.ruid);
+			this.ruid = runtime.uid;
+			runtime.exec.call(this, 'Image', 'loadFromImage', img, (Basic.typeOf(exact) === 'undefined' ? true : exact));
+		}
+
+
+		function _loadFromBlob(blob, options) {
+			var self = this;
+
+			self.name = blob.name || '';
+
+			function exec(runtime) {
+				self.ruid = runtime.uid;
+				runtime.exec.call(self, 'Image', 'loadFromBlob', blob);
+			}
+
+			if (blob.isDetached()) {
+				this.bind('RuntimeInit', function(e, runtime) {
+					exec(runtime);
+				});
+
+				// convert to object representation
+				if (options && typeof(options.required_caps) === 'string') {
+					options.required_caps = Runtime.parseCaps(options.required_caps);
+				}
+
+				this.connectRuntime(Basic.extend({
+					required_caps: {
+						access_image_binary: true,
+						resize_image: true
+					}
+				}, options));
+			} else {
+				exec(this.connectRuntime(blob.ruid));
+			}
+		}
+
+
+		function _loadFromUrl(url, options) {
+			var self = this, xhr;
+
+			xhr = new XMLHttpRequest();
+
+			xhr.open('get', url);
+			xhr.responseType = 'blob';
+
+			xhr.onprogress = function(e) {
+				self.trigger(e);
+			};
+
+			xhr.onload = function() {
+				_loadFromBlob.call(self, xhr.response, true);
+			};
+
+			xhr.onerror = function(e) {
+				self.trigger(e);
+			};
+
+			xhr.onloadend = function() {
+				xhr.destroy();
+			};
+
+			xhr.bind('RuntimeError', function(e, err) {
+				self.trigger('RuntimeError', err);
+			});
+
+			xhr.send(null, options);
+		}
+	}
+
+	// virtual world will crash on you if image has a resolution higher than this:
+	Image.MAX_RESIZE_WIDTH = 6500;
+	Image.MAX_RESIZE_HEIGHT = 6500; 
+
+	Image.prototype = EventTarget.instance;
+
+	return Image;
+});
+
+// Included from: src/javascript/runtime/html5/Runtime.js
+
+/**
+ * Runtime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global File:true */
+
+/**
+Defines constructor for HTML5 runtime.
+
+@class moxie/runtime/html5/Runtime
+@private
+*/
+define("moxie/runtime/html5/Runtime", [
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/runtime/Runtime",
+	"moxie/core/utils/Env"
+], function(Basic, x, Runtime, Env) {
+	
+	var type = "html5", extensions = {};
+	
+	function Html5Runtime(options) {
+		var I = this
+		, Test = Runtime.capTest
+		, True = Runtime.capTrue
+		;
+
+		var caps = Basic.extend({
+				access_binary: Test(window.FileReader || window.File && window.File.getAsDataURL),
+				access_image_binary: function() {
+					return I.can('access_binary') && !!extensions.Image;
+				},
+				display_media: Test(Env.can('create_canvas') || Env.can('use_data_uri_over32kb')),
+				do_cors: Test(window.XMLHttpRequest && 'withCredentials' in new XMLHttpRequest()),
+				drag_and_drop: Test(function() {
+					// this comes directly from Modernizr: http://www.modernizr.com/
+					var div = document.createElement('div');
+					// IE has support for drag and drop since version 5, but doesn't support dropping files from desktop
+					return (('draggable' in div) || ('ondragstart' in div && 'ondrop' in div)) && (Env.browser !== 'IE' || Env.version > 9);
+				}()),
+				filter_by_extension: Test(function() { // if you know how to feature-detect this, please suggest
+					return (Env.browser === 'Chrome' && Env.version >= 28) || (Env.browser === 'IE' && Env.version >= 10);
+				}()),
+				return_response_headers: True,
+				return_response_type: function(responseType) {
+					if (responseType === 'json' && !!window.JSON) { // we can fake this one even if it's not supported
+						return true;
+					} 
+					return Env.can('return_response_type', responseType);
+				},
+				return_status_code: True,
+				report_upload_progress: Test(window.XMLHttpRequest && new XMLHttpRequest().upload),
+				resize_image: function() {
+					return I.can('access_binary') && Env.can('create_canvas');
+				},
+				select_file: function() {
+					return Env.can('use_fileinput') && window.File;
+				},
+				select_folder: function() {
+					return I.can('select_file') && Env.browser === 'Chrome' && Env.version >= 21;
+				},
+				select_multiple: function() {
+					// it is buggy on Safari Windows and iOS
+					return I.can('select_file') && 
+						!(Env.browser === 'Safari' && Env.os === 'Windows') && 
+						!(Env.os === 'iOS' && Env.verComp(Env.osVersion, "7.0.4", '<'));
+				},
+				send_binary_string: Test(window.XMLHttpRequest && (new XMLHttpRequest().sendAsBinary || (window.Uint8Array && window.ArrayBuffer))),
+				send_custom_headers: Test(window.XMLHttpRequest),
+				send_multipart: function() {
+					return !!(window.XMLHttpRequest && new XMLHttpRequest().upload && window.FormData) || I.can('send_binary_string');
+				},
+				slice_blob: Test(window.File && (File.prototype.mozSlice || File.prototype.webkitSlice || File.prototype.slice)),
+				stream_upload: function(){
+					return I.can('slice_blob') && I.can('send_multipart');
+				},
+				summon_file_dialog: Test(function() { // yeah... some dirty sniffing here...
+					return (Env.browser === 'Firefox' && Env.version >= 4) ||
+						(Env.browser === 'Opera' && Env.version >= 12) ||
+						(Env.browser === 'IE' && Env.version >= 10) ||
+						!!~Basic.inArray(Env.browser, ['Chrome', 'Safari']);
+				}()),
+				upload_filesize: True
+			}, 
+			arguments[2]
+		);
+
+		Runtime.call(this, options, (arguments[1] || type), caps);
+
+
+		Basic.extend(this, {
+
+			init : function() {
+				this.trigger("Init");
+			},
+
+			destroy: (function(destroy) { // extend default destroy method
+				return function() {
+					destroy.call(I);
+					destroy = I = null;
+				};
+			}(this.destroy))
+		});
+
+		Basic.extend(this.getShim(), extensions);
+	}
+
+	Runtime.addConstructor(type, Html5Runtime);
+
+	return extensions;
+});
+
+// Included from: src/javascript/runtime/html5/file/Blob.js
+
+/**
+ * Blob.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/file/Blob
+@private
+*/
+define("moxie/runtime/html5/file/Blob", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/file/Blob"
+], function(extensions, Blob) {
+
+	function HTML5Blob() {
+		function w3cBlobSlice(blob, start, end) {
+			var blobSlice;
+
+			if (window.File.prototype.slice) {
+				try {
+					blob.slice();	// depricated version will throw WRONG_ARGUMENTS_ERR exception
+					return blob.slice(start, end);
+				} catch (e) {
+					// depricated slice method
+					return blob.slice(start, end - start);
+				}
+			// slice method got prefixed: https://bugzilla.mozilla.org/show_bug.cgi?id=649672
+			} else if ((blobSlice = window.File.prototype.webkitSlice || window.File.prototype.mozSlice)) {
+				return blobSlice.call(blob, start, end);
+			} else {
+				return null; // or throw some exception
+			}
+		}
+
+		this.slice = function() {
+			return new Blob(this.getRuntime().uid, w3cBlobSlice.apply(this, arguments));
+		};
+	}
+
+	return (extensions.Blob = HTML5Blob);
+});
+
+// Included from: src/javascript/core/utils/Events.js
+
+/**
+ * Events.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+define('moxie/core/utils/Events', [
+	'moxie/core/utils/Basic'
+], function(Basic) {
+	var eventhash = {}, uid = 'moxie_' + Basic.guid();
+	
+	// IE W3C like event funcs
+	function preventDefault() {
+		this.returnValue = false;
+	}
+
+	function stopPropagation() {
+		this.cancelBubble = true;
+	}
+
+	/**
+	Adds an event handler to the specified object and store reference to the handler
+	in objects internal Plupload registry (@see removeEvent).
+	
+	@method addEvent
+	@for Utils
+	@static
+	@param {Object} obj DOM element like object to add handler to.
+	@param {String} name Name to add event listener to.
+	@param {Function} callback Function to call when event occurs.
+	@param {String} [key] that might be used to add specifity to the event record.
+	*/
+	var addEvent = function(obj, name, callback, key) {
+		var func, events;
+					
+		name = name.toLowerCase();
+
+		// Add event listener
+		if (obj.addEventListener) {
+			func = callback;
+			
+			obj.addEventListener(name, func, false);
+		} else if (obj.attachEvent) {
+			func = function() {
+				var evt = window.event;
+
+				if (!evt.target) {
+					evt.target = evt.srcElement;
+				}
+
+				evt.preventDefault = preventDefault;
+				evt.stopPropagation = stopPropagation;
+
+				callback(evt);
+			};
+
+			obj.attachEvent('on' + name, func);
+		}
+		
+		// Log event handler to objects internal mOxie registry
+		if (!obj[uid]) {
+			obj[uid] = Basic.guid();
+		}
+		
+		if (!eventhash.hasOwnProperty(obj[uid])) {
+			eventhash[obj[uid]] = {};
+		}
+		
+		events = eventhash[obj[uid]];
+		
+		if (!events.hasOwnProperty(name)) {
+			events[name] = [];
+		}
+				
+		events[name].push({
+			func: func,
+			orig: callback, // store original callback for IE
+			key: key
+		});
+	};
+	
+	
+	/**
+	Remove event handler from the specified object. If third argument (callback)
+	is not specified remove all events with the specified name.
+	
+	@method removeEvent
+	@static
+	@param {Object} obj DOM element to remove event listener(s) from.
+	@param {String} name Name of event listener to remove.
+	@param {Function|String} [callback] might be a callback or unique key to match.
+	*/
+	var removeEvent = function(obj, name, callback) {
+		var type, undef;
+		
+		name = name.toLowerCase();
+		
+		if (obj[uid] && eventhash[obj[uid]] && eventhash[obj[uid]][name]) {
+			type = eventhash[obj[uid]][name];
+		} else {
+			return;
+		}
+			
+		for (var i = type.length - 1; i >= 0; i--) {
+			// undefined or not, key should match
+			if (type[i].orig === callback || type[i].key === callback) {
+				if (obj.removeEventListener) {
+					obj.removeEventListener(name, type[i].func, false);
+				} else if (obj.detachEvent) {
+					obj.detachEvent('on'+name, type[i].func);
+				}
+				
+				type[i].orig = null;
+				type[i].func = null;
+				type.splice(i, 1);
+				
+				// If callback was passed we are done here, otherwise proceed
+				if (callback !== undef) {
+					break;
+				}
+			}
+		}
+		
+		// If event array got empty, remove it
+		if (!type.length) {
+			delete eventhash[obj[uid]][name];
+		}
+		
+		// If mOxie registry has become empty, remove it
+		if (Basic.isEmptyObj(eventhash[obj[uid]])) {
+			delete eventhash[obj[uid]];
+			
+			// IE doesn't let you remove DOM object property with - delete
+			try {
+				delete obj[uid];
+			} catch(e) {
+				obj[uid] = undef;
+			}
+		}
+	};
+	
+	
+	/**
+	Remove all kind of events from the specified object
+	
+	@method removeAllEvents
+	@static
+	@param {Object} obj DOM element to remove event listeners from.
+	@param {String} [key] unique key to match, when removing events.
+	*/
+	var removeAllEvents = function(obj, key) {		
+		if (!obj || !obj[uid]) {
+			return;
+		}
+		
+		Basic.each(eventhash[obj[uid]], function(events, name) {
+			removeEvent(obj, name, key);
+		});
+	};
+
+	return {
+		addEvent: addEvent,
+		removeEvent: removeEvent,
+		removeAllEvents: removeAllEvents
+	};
+});
+
+// Included from: src/javascript/runtime/html5/file/FileInput.js
+
+/**
+ * FileInput.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/file/FileInput
+@private
+*/
+define("moxie/runtime/html5/file/FileInput", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/utils/Events",
+	"moxie/core/utils/Mime",
+	"moxie/core/utils/Env"
+], function(extensions, Basic, Dom, Events, Mime, Env) {
+	
+	function FileInput() {
+		var _files = [], _options;
+
+		Basic.extend(this, {
+			init: function(options) {
+				var comp = this, I = comp.getRuntime(), input, shimContainer, mimes, browseButton, zIndex, top;
+
+				_options = options;
+				_files = [];
+
+				// figure out accept string
+				mimes = _options.accept.mimes || Mime.extList2mimes(_options.accept, I.can('filter_by_extension'));
+
+				shimContainer = I.getShimContainer();
+
+				shimContainer.innerHTML = '<input id="' + I.uid +'" type="file" style="font-size:999px;opacity:0;"' +
+					(_options.multiple && I.can('select_multiple') ? 'multiple' : '') + 
+					(_options.directory && I.can('select_folder') ? 'webkitdirectory directory' : '') + // Chrome 11+
+					(mimes ? ' accept="' + mimes.join(',') + '"' : '') + ' />';
+
+				input = Dom.get(I.uid);
+
+				// prepare file input to be placed underneath the browse_button element
+				Basic.extend(input.style, {
+					position: 'absolute',
+					top: 0,
+					left: 0,
+					width: '100%',
+					height: '100%'
+				});
+
+
+				browseButton = Dom.get(_options.browse_button);
+
+				// Route click event to the input[type=file] element for browsers that support such behavior
+				if (I.can('summon_file_dialog')) {
+					if (Dom.getStyle(browseButton, 'position') === 'static') {
+						browseButton.style.position = 'relative';
+					}
+
+					zIndex = parseInt(Dom.getStyle(browseButton, 'z-index'), 10) || 1;
+
+					browseButton.style.zIndex = zIndex;
+					shimContainer.style.zIndex = zIndex - 1;
+
+					Events.addEvent(browseButton, 'click', function(e) {
+						var input = Dom.get(I.uid);
+						if (input && !input.disabled) { // for some reason FF (up to 8.0.1 so far) lets to click disabled input[type=file]
+							input.click();
+						}
+						e.preventDefault();
+					}, comp.uid);
+				}
+
+				/* Since we have to place input[type=file] on top of the browse_button for some browsers,
+				browse_button loses interactivity, so we restore it here */
+				top = I.can('summon_file_dialog') ? browseButton : shimContainer;
+
+				Events.addEvent(top, 'mouseover', function() {
+					comp.trigger('mouseenter');
+				}, comp.uid);
+
+				Events.addEvent(top, 'mouseout', function() {
+					comp.trigger('mouseleave');
+				}, comp.uid);
+
+				Events.addEvent(top, 'mousedown', function() {
+					comp.trigger('mousedown');
+				}, comp.uid);
+
+				Events.addEvent(Dom.get(_options.container), 'mouseup', function() {
+					comp.trigger('mouseup');
+				}, comp.uid);
+
+
+				input.onchange = function onChange() { // there should be only one handler for this
+					_files = [];
+
+					if (_options.directory) {
+						// folders are represented by dots, filter them out (Chrome 11+)
+						Basic.each(this.files, function(file) {
+							if (file.name !== ".") { // if it doesn't looks like a folder
+								_files.push(file);
+							}
+						});
+					} else {
+						_files = [].slice.call(this.files);
+					}
+
+					// clearing the value enables the user to select the same file again if they want to
+					if (Env.browser !== 'IE') {
+						this.value = '';
+					} else {
+						// in IE input[type="file"] is read-only so the only way to reset it is to re-insert it
+						var clone = this.cloneNode(true);
+						this.parentNode.replaceChild(clone, this);
+						clone.onchange = onChange;
+					}
+					comp.trigger('change');
+				};
+
+				// ready event is perfectly asynchronous
+				comp.trigger({
+					type: 'ready',
+					async: true
+				});
+
+				shimContainer = null;
+			},
+
+			getFiles: function() {
+				return _files;
+			},
+
+			disable: function(state) {
+				var I = this.getRuntime(), input;
+
+				if ((input = Dom.get(I.uid))) {
+					input.disabled = !!state;
+				}
+			},
+
+			destroy: function() {
+				var I = this.getRuntime()
+				, shim = I.getShim()
+				, shimContainer = I.getShimContainer()
+				;
+				
+				Events.removeAllEvents(shimContainer, this.uid);
+				Events.removeAllEvents(_options && Dom.get(_options.container), this.uid);
+				Events.removeAllEvents(_options && Dom.get(_options.browse_button), this.uid);
+				
+				if (shimContainer) {
+					shimContainer.innerHTML = '';
+				}
+
+				shim.removeInstance(this.uid);
+
+				_files = _options = shimContainer = shim = null;
+			}
+		});
+	}
+
+	return (extensions.FileInput = FileInput);
+});
+
+// Included from: src/javascript/runtime/html5/file/FileDrop.js
+
+/**
+ * FileDrop.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/file/FileDrop
+@private
+*/
+define("moxie/runtime/html5/file/FileDrop", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/utils/Events",
+	"moxie/core/utils/Mime"
+], function(extensions, Basic, Dom, Events, Mime) {
+	
+	function FileDrop() {
+		var _files = [], _allowedExts = [], _options;
+
+		Basic.extend(this, {
+			init: function(options) {
+				var comp = this, dropZone;
+
+				_options = options;
+				_allowedExts = _extractExts(_options.accept);
+				dropZone = _options.container;
+
+				Events.addEvent(dropZone, 'dragover', function(e) {
+					e.preventDefault();
+					e.stopPropagation();
+					e.dataTransfer.dropEffect = 'copy';
+				}, comp.uid);
+
+				Events.addEvent(dropZone, 'drop', function(e) {
+					e.preventDefault();
+					e.stopPropagation();
+
+					_files = [];
+
+					// Chrome 21+ accepts folders via Drag'n'Drop
+					if (e.dataTransfer.items && e.dataTransfer.items[0].webkitGetAsEntry) {
+						_readItems(e.dataTransfer.items, function() {
+							comp.trigger("drop");
+						});
+					} else {
+						Basic.each(e.dataTransfer.files, function(file) {
+							if (_isAcceptable(file)) {
+								_files.push(file);
+							}
+						});
+						comp.trigger("drop");
+					}
+				}, comp.uid);
+
+				Events.addEvent(dropZone, 'dragenter', function(e) {
+					e.preventDefault();
+					e.stopPropagation();
+					comp.trigger("dragenter");
+				}, comp.uid);
+
+				Events.addEvent(dropZone, 'dragleave', function(e) {
+					e.preventDefault();
+					e.stopPropagation();
+					comp.trigger("dragleave");
+				}, comp.uid);
+			},
+
+			getFiles: function() {
+				return _files;
+			},
+
+			destroy: function() {
+				Events.removeAllEvents(_options && Dom.get(_options.container), this.uid);
+				_files = _allowedExts = _options = null;
+			}
+		});
+
+		
+		function _extractExts(accept) {
+			var exts = [];
+			for (var i = 0; i < accept.length; i++) {
+				[].push.apply(exts, accept[i].extensions.split(/\s*,\s*/));
+			}
+			return Basic.inArray('*', exts) === -1 ? exts : [];
+		}
+
+
+		function _isAcceptable(file) {
+			var ext = Mime.getFileExtension(file.name);
+			return !ext || !_allowedExts.length || Basic.inArray(ext, _allowedExts) !== -1;
+		}
+
+
+		function _readItems(items, cb) {
+			var entries = [];
+			Basic.each(items, function(item) {
+				var entry = item.webkitGetAsEntry();
+				// Address #998 (https://code.google.com/p/chromium/issues/detail?id=332579)
+				if (entry) {
+					// file() fails on OSX when the filename contains a special character (e.g. umlaut): see #61
+					if (entry.isFile) {
+						var file = item.getAsFile();
+						if (_isAcceptable(file)) {
+							_files.push(file);
+						}
+					} else {
+						entries.push(entry);
+					}
+				}
+			});
+
+			if (entries.length) {
+				_readEntries(entries, cb);
+			} else {
+				cb();
+			}
+		}
+
+
+		function _readEntries(entries, cb) {
+			var queue = [];
+			Basic.each(entries, function(entry) {
+				queue.push(function(cbcb) {
+					_readEntry(entry, cbcb);
+				});
+			});
+			Basic.inSeries(queue, function() {
+				cb();
+			});
+		}
+
+		function _readEntry(entry, cb) {
+			if (entry.isFile) {
+				entry.file(function(file) {
+					if (_isAcceptable(file)) {
+						_files.push(file);
+					}
+					cb();
+				}, function() {
+					// fire an error event maybe
+					cb();
+				});
+			} else if (entry.isDirectory) {
+				_readDirEntry(entry, cb);
+			} else {
+				cb(); // not file, not directory? what then?..
+			}
+		}
+
+		function _readDirEntry(dirEntry, cb) {
+			var entries = [], dirReader = dirEntry.createReader();
+
+			// keep quering recursively till no more entries
+			function getEntries(cbcb) {
+				dirReader.readEntries(function(moreEntries) {
+					if (moreEntries.length) {
+						[].push.apply(entries, moreEntries);
+						getEntries(cbcb);
+					} else {
+						cbcb();
+					}
+				}, cbcb);
+			}
+
+			// ...and you thought FileReader was crazy...
+			getEntries(function() {
+				_readEntries(entries, cb);
+			}); 
+		}
+	}
+
+	return (extensions.FileDrop = FileDrop);
+});
+
+// Included from: src/javascript/runtime/html5/file/FileReader.js
+
+/**
+ * FileReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/file/FileReader
+@private
+*/
+define("moxie/runtime/html5/file/FileReader", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/core/utils/Encode",
+	"moxie/core/utils/Basic"
+], function(extensions, Encode, Basic) {
+	
+	function FileReader() {
+		var _fr, _convertToBinary = false;
+
+		Basic.extend(this, {
+
+			read: function(op, blob) {
+				var target = this;
+
+				_fr = new window.FileReader();
+
+				_fr.addEventListener('progress', function(e) {
+					target.trigger(e);
+				});
+
+				_fr.addEventListener('load', function(e) {
+					target.trigger(e);
+				});
+
+				_fr.addEventListener('error', function(e) {
+					target.trigger(e, _fr.error);
+				});
+
+				_fr.addEventListener('loadend', function() {
+					_fr = null;
+				});
+
+				if (Basic.typeOf(_fr[op]) === 'function') {
+					_convertToBinary = false;
+					_fr[op](blob.getSource());
+				} else if (op === 'readAsBinaryString') { // readAsBinaryString is depricated in general and never existed in IE10+
+					_convertToBinary = true;
+					_fr.readAsDataURL(blob.getSource());
+				}
+			},
+
+			getResult: function() {
+				return _fr && _fr.result ? (_convertToBinary ? _toBinary(_fr.result) : _fr.result) : null;
+			},
+
+			abort: function() {
+				if (_fr) {
+					_fr.abort();
+				}
+			},
+
+			destroy: function() {
+				_fr = null;
+			}
+		});
+
+		function _toBinary(str) {
+			return Encode.atob(str.substring(str.indexOf('base64,') + 7));
+		}
+	}
+
+	return (extensions.FileReader = FileReader);
+});
+
+// Included from: src/javascript/runtime/html5/xhr/XMLHttpRequest.js
+
+/**
+ * XMLHttpRequest.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global ActiveXObject:true */
+
+/**
+@class moxie/runtime/html5/xhr/XMLHttpRequest
+@private
+*/
+define("moxie/runtime/html5/xhr/XMLHttpRequest", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Mime",
+	"moxie/core/utils/Url",
+	"moxie/file/File",
+	"moxie/file/Blob",
+	"moxie/xhr/FormData",
+	"moxie/core/Exceptions",
+	"moxie/core/utils/Env"
+], function(extensions, Basic, Mime, Url, File, Blob, FormData, x, Env) {
+	
+	function XMLHttpRequest() {
+		var self = this
+		, _xhr
+		, _filename
+		;
+
+		Basic.extend(this, {
+			send: function(meta, data) {
+				var target = this
+				, isGecko2_5_6 = (Env.browser === 'Mozilla' && Env.version >= 4 && Env.version < 7)
+				, isAndroidBrowser = Env.browser === 'Android Browser'
+				, mustSendAsBinary = false
+				;
+
+				// extract file name
+				_filename = meta.url.replace(/^.+?\/([\w\-\.]+)$/, '$1').toLowerCase();
+
+				_xhr = _getNativeXHR();
+				_xhr.open(meta.method, meta.url, meta.async, meta.user, meta.password);
+
+
+				// prepare data to be sent
+				if (data instanceof Blob) {
+					if (data.isDetached()) {
+						mustSendAsBinary = true;
+					}
+					data = data.getSource();
+				} else if (data instanceof FormData) {
+
+					if (data.hasBlob()) {
+						if (data.getBlob().isDetached()) {
+							data = _prepareMultipart.call(target, data); // _xhr must be instantiated and be in OPENED state
+							mustSendAsBinary = true;
+						} else if ((isGecko2_5_6 || isAndroidBrowser) && Basic.typeOf(data.getBlob().getSource()) === 'blob' && window.FileReader) {
+							// Gecko 2/5/6 can't send blob in FormData: https://bugzilla.mozilla.org/show_bug.cgi?id=649150
+							// Android browsers (default one and Dolphin) seem to have the same issue, see: #613
+							_preloadAndSend.call(target, meta, data);
+							return; // _preloadAndSend will reinvoke send() with transmutated FormData =%D
+						}	
+					}
+
+					// transfer fields to real FormData
+					if (data instanceof FormData) { // if still a FormData, e.g. not mangled by _prepareMultipart()
+						var fd = new window.FormData();
+						data.each(function(value, name) {
+							if (value instanceof Blob) {
+								fd.append(name, value.getSource());
+							} else {
+								fd.append(name, value);
+							}
+						});
+						data = fd;
+					}
+				}
+
+
+				// if XHR L2
+				if (_xhr.upload) {
+					if (meta.withCredentials) {
+						_xhr.withCredentials = true;
+					}
+
+					_xhr.addEventListener('load', function(e) {
+						target.trigger(e);
+					});
+
+					_xhr.addEventListener('error', function(e) {
+						target.trigger(e);
+					});
+
+					// additionally listen to progress events
+					_xhr.addEventListener('progress', function(e) {
+						target.trigger(e);
+					});
+
+					_xhr.upload.addEventListener('progress', function(e) {
+						target.trigger({
+							type: 'UploadProgress',
+							loaded: e.loaded,
+							total: e.total
+						});
+					});
+				// ... otherwise simulate XHR L2
+				} else {
+					_xhr.onreadystatechange = function onReadyStateChange() {
+						
+						// fake Level 2 events
+						switch (_xhr.readyState) {
+							
+							case 1: // XMLHttpRequest.OPENED
+								// readystatechanged is fired twice for OPENED state (in IE and Mozilla) - neu
+								break;
+							
+							// looks like HEADERS_RECEIVED (state 2) is not reported in Opera (or it's old versions) - neu
+							case 2: // XMLHttpRequest.HEADERS_RECEIVED
+								break;
+								
+							case 3: // XMLHttpRequest.LOADING 
+								// try to fire progress event for not XHR L2
+								var total, loaded;
+								
+								try {
+									if (Url.hasSameOrigin(meta.url)) { // Content-Length not accessible for cross-domain on some browsers
+										total = _xhr.getResponseHeader('Content-Length') || 0; // old Safari throws an exception here
+									}
+
+									if (_xhr.responseText) { // responseText was introduced in IE7
+										loaded = _xhr.responseText.length;
+									}
+								} catch(ex) {
+									total = loaded = 0;
+								}
+
+								target.trigger({
+									type: 'progress',
+									lengthComputable: !!total,
+									total: parseInt(total, 10),
+									loaded: loaded
+								});
+								break;
+								
+							case 4: // XMLHttpRequest.DONE
+								// release readystatechange handler (mostly for IE)
+								_xhr.onreadystatechange = function() {};
+
+								// usually status 0 is returned when server is unreachable, but FF also fails to status 0 for 408 timeout
+								if (_xhr.status === 0) {
+									target.trigger('error');
+								} else {
+									target.trigger('load');
+								}							
+								break;
+						}
+					};
+				}
+				
+
+				// set request headers
+				if (!Basic.isEmptyObj(meta.headers)) {
+					Basic.each(meta.headers, function(value, header) {
+						_xhr.setRequestHeader(header, value);
+					});
+				}
+
+				// request response type
+				if ("" !== meta.responseType && 'responseType' in _xhr) {
+					if ('json' === meta.responseType && !Env.can('return_response_type', 'json')) { // we can fake this one
+						_xhr.responseType = 'text';
+					} else {
+						_xhr.responseType = meta.responseType;
+					}
+				}
+
+				// send ...
+				if (!mustSendAsBinary) {
+					_xhr.send(data);
+				} else {
+					if (_xhr.sendAsBinary) { // Gecko
+						_xhr.sendAsBinary(data);
+					} else { // other browsers having support for typed arrays
+						(function() {
+							// mimic Gecko's sendAsBinary
+							var ui8a = new Uint8Array(data.length);
+							for (var i = 0; i < data.length; i++) {
+								ui8a[i] = (data.charCodeAt(i) & 0xff);
+							}
+							_xhr.send(ui8a.buffer);
+						}());
+					}
+				}
+
+				target.trigger('loadstart');
+			},
+
+			getStatus: function() {
+				// according to W3C spec it should return 0 for readyState < 3, but instead it throws an exception
+				try {
+					if (_xhr) {
+						return _xhr.status;
+					}
+				} catch(ex) {}
+				return 0;
+			},
+
+			getResponse: function(responseType) {
+				var I = this.getRuntime();
+
+				try {
+					switch (responseType) {
+						case 'blob':
+							var file = new File(I.uid, _xhr.response);
+							
+							// try to extract file name from content-disposition if possible (might be - not, if CORS for example)	
+							var disposition = _xhr.getResponseHeader('Content-Disposition');
+							if (disposition) {
+								// extract filename from response header if available
+								var match = disposition.match(/filename=([\'\"'])([^\1]+)\1/);
+								if (match) {
+									_filename = match[2];
+								}
+							}
+							file.name = _filename;
+
+							// pre-webkit Opera doesn't set type property on the blob response
+							if (!file.type) {
+								file.type = Mime.getFileMime(_filename);
+							}
+							return file;
+
+						case 'json':
+							if (!Env.can('return_response_type', 'json')) {
+								return _xhr.status === 200 && !!window.JSON ? JSON.parse(_xhr.responseText) : null;
+							}
+							return _xhr.response;
+
+						case 'document':
+							return _getDocument(_xhr);
+
+						default:
+							return _xhr.responseText !== '' ? _xhr.responseText : null; // against the specs, but for consistency across the runtimes
+					}
+				} catch(ex) {
+					return null;
+				}				
+			},
+
+			getAllResponseHeaders: function() {
+				try {
+					return _xhr.getAllResponseHeaders();
+				} catch(ex) {}
+				return '';
+			},
+
+			abort: function() {
+				if (_xhr) {
+					_xhr.abort();
+				}
+			},
+
+			destroy: function() {
+				self = _filename = null;
+			}
+		});
+
+
+		// here we go... ugly fix for ugly bug
+		function _preloadAndSend(meta, data) {
+			var target = this, blob, fr;
+				
+			// get original blob
+			blob = data.getBlob().getSource();
+			
+			// preload blob in memory to be sent as binary string
+			fr = new window.FileReader();
+			fr.onload = function() {
+				// overwrite original blob
+				data.append(data.getBlobName(), new Blob(null, {
+					type: blob.type,
+					data: fr.result
+				}));
+				// invoke send operation again
+				self.send.call(target, meta, data);
+			};
+			fr.readAsBinaryString(blob);
+		}
+
+		
+		function _getNativeXHR() {
+			if (window.XMLHttpRequest && !(Env.browser === 'IE' && Env.version < 8)) { // IE7 has native XHR but it's buggy
+				return new window.XMLHttpRequest();
+			} else {
+				return (function() {
+					var progIDs = ['Msxml2.XMLHTTP.6.0', 'Microsoft.XMLHTTP']; // if 6.0 available, use it, otherwise failback to default 3.0
+					for (var i = 0; i < progIDs.length; i++) {
+						try {
+							return new ActiveXObject(progIDs[i]);
+						} catch (ex) {}
+					}
+				})();
+			}
+		}
+		
+		// @credits Sergey Ilinsky	(http://www.ilinsky.com/)
+		function _getDocument(xhr) {
+			var rXML = xhr.responseXML;
+			var rText = xhr.responseText;
+			
+			// Try parsing responseText (@see: http://www.ilinsky.com/articles/XMLHttpRequest/#bugs-ie-responseXML-content-type)
+			if (Env.browser === 'IE' && rText && rXML && !rXML.documentElement && /[^\/]+\/[^\+]+\+xml/.test(xhr.getResponseHeader("Content-Type"))) {
+				rXML = new window.ActiveXObject("Microsoft.XMLDOM");
+				rXML.async = false;
+				rXML.validateOnParse = false;
+				rXML.loadXML(rText);
+			}
+	
+			// Check if there is no error in document
+			if (rXML) {
+				if ((Env.browser === 'IE' && rXML.parseError !== 0) || !rXML.documentElement || rXML.documentElement.tagName === "parsererror") {
+					return null;
+				}
+			}
+			return rXML;
+		}
+
+
+		function _prepareMultipart(fd) {
+			var boundary = '----moxieboundary' + new Date().getTime()
+			, dashdash = '--'
+			, crlf = '\r\n'
+			, multipart = ''
+			, I = this.getRuntime()
+			;
+
+			if (!I.can('send_binary_string')) {
+				throw new x.RuntimeError(x.RuntimeError.NOT_SUPPORTED_ERR);
+			}
+
+			_xhr.setRequestHeader('Content-Type', 'multipart/form-data; boundary=' + boundary);
+
+			// append multipart parameters
+			fd.each(function(value, name) {
+				// Firefox 3.6 failed to convert multibyte characters to UTF-8 in sendAsBinary(), 
+				// so we try it here ourselves with: unescape(encodeURIComponent(value))
+				if (value instanceof Blob) {
+					// Build RFC2388 blob
+					multipart += dashdash + boundary + crlf +
+						'Content-Disposition: form-data; name="' + name + '"; filename="' + unescape(encodeURIComponent(value.name || 'blob')) + '"' + crlf +
+						'Content-Type: ' + (value.type || 'application/octet-stream') + crlf + crlf +
+						value.getSource() + crlf;
+				} else {
+					multipart += dashdash + boundary + crlf +
+						'Content-Disposition: form-data; name="' + name + '"' + crlf + crlf +
+						unescape(encodeURIComponent(value)) + crlf;
+				}
+			});
+
+			multipart += dashdash + boundary + dashdash + crlf;
+
+			return multipart;
+		}
+	}
+
+	return (extensions.XMLHttpRequest = XMLHttpRequest);
+});
+
+// Included from: src/javascript/runtime/html5/utils/BinaryReader.js
+
+/**
+ * BinaryReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/utils/BinaryReader
+@private
+*/
+define("moxie/runtime/html5/utils/BinaryReader", [], function() {
+	return function() {
+		var II = false, bin;
+
+		// Private functions
+		function read(idx, size) {
+			var mv = II ? 0 : -8 * (size - 1), sum = 0, i;
+
+			for (i = 0; i < size; i++) {
+				sum |= (bin.charCodeAt(idx + i) << Math.abs(mv + i*8));
+			}
+
+			return sum;
+		}
+
+		function putstr(segment, idx, length) {
+			length = arguments.length === 3 ? length : bin.length - idx - 1;
+			bin = bin.substr(0, idx) + segment + bin.substr(length + idx);
+		}
+
+		function write(idx, num, size) {
+			var str = '', mv = II ? 0 : -8 * (size - 1), i;
+
+			for (i = 0; i < size; i++) {
+				str += String.fromCharCode((num >> Math.abs(mv + i*8)) & 255);
+			}
+
+			putstr(str, idx, size);
+		}
+
+		// Public functions
+		return {
+			II: function(order) {
+				if (order === undefined) {
+					return II;
+				} else {
+					II = order;
+				}
+			},
+
+			init: function(binData) {
+				II = false;
+				bin = binData;
+			},
+
+			SEGMENT: function(idx, length, segment) {
+				switch (arguments.length) {
+					case 1:
+						return bin.substr(idx, bin.length - idx - 1);
+					case 2:
+						return bin.substr(idx, length);
+					case 3:
+						putstr(segment, idx, length);
+						break;
+					default: return bin;
+				}
+			},
+
+			BYTE: function(idx) {
+				return read(idx, 1);
+			},
+
+			SHORT: function(idx) {
+				return read(idx, 2);
+			},
+
+			LONG: function(idx, num) {
+				if (num === undefined) {
+					return read(idx, 4);
+				} else {
+					write(idx, num, 4);
+				}
+			},
+
+			SLONG: function(idx) { // 2's complement notation
+				var num = read(idx, 4);
+
+				return (num > 2147483647 ? num - 4294967296 : num);
+			},
+
+			STRING: function(idx, size) {
+				var str = '';
+
+				for (size += idx; idx < size; idx++) {
+					str += String.fromCharCode(read(idx, 1));
+				}
+
+				return str;
+			}
+		};
+	};
+});
+
+// Included from: src/javascript/runtime/html5/image/JPEGHeaders.js
+
+/**
+ * JPEGHeaders.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+ 
+/**
+@class moxie/runtime/html5/image/JPEGHeaders
+@private
+*/
+define("moxie/runtime/html5/image/JPEGHeaders", [
+	"moxie/runtime/html5/utils/BinaryReader"
+], function(BinaryReader) {
+	
+	return function JPEGHeaders(data) {
+		var headers = [], read, idx, marker, length = 0;
+
+		read = new BinaryReader();
+		read.init(data);
+
+		// Check if data is jpeg
+		if (read.SHORT(0) !== 0xFFD8) {
+			return;
+		}
+
+		idx = 2;
+
+		while (idx <= data.length) {
+			marker = read.SHORT(idx);
+
+			// omit RST (restart) markers
+			if (marker >= 0xFFD0 && marker <= 0xFFD7) {
+				idx += 2;
+				continue;
+			}
+
+			// no headers allowed after SOS marker
+			if (marker === 0xFFDA || marker === 0xFFD9) {
+				break;
+			}
+
+			length = read.SHORT(idx + 2) + 2;
+
+			// APPn marker detected
+			if (marker >= 0xFFE1 && marker <= 0xFFEF) {
+				headers.push({
+					hex: marker,
+					name: 'APP' + (marker & 0x000F),
+					start: idx,
+					length: length,
+					segment: read.SEGMENT(idx, length)
+				});
+			}
+
+			idx += length;
+		}
+
+		read.init(null); // free memory
+
+		return {
+			headers: headers,
+
+			restore: function(data) {
+				var max, i;
+
+				read.init(data);
+
+				idx = read.SHORT(2) == 0xFFE0 ? 4 + read.SHORT(4) : 2;
+
+				for (i = 0, max = headers.length; i < max; i++) {
+					read.SEGMENT(idx, 0, headers[i].segment);
+					idx += headers[i].length;
+				}
+
+				data = read.SEGMENT();
+				read.init(null);
+				return data;
+			},
+
+			strip: function(data) {
+				var headers, jpegHeaders, i;
+
+				jpegHeaders = new JPEGHeaders(data);
+				headers = jpegHeaders.headers;
+				jpegHeaders.purge();
+
+				read.init(data);
+
+				i = headers.length;
+				while (i--) {
+					read.SEGMENT(headers[i].start, headers[i].length, '');
+				}
+				
+				data = read.SEGMENT();
+				read.init(null);
+				return data;
+			},
+
+			get: function(name) {
+				var array = [];
+
+				for (var i = 0, max = headers.length; i < max; i++) {
+					if (headers[i].name === name.toUpperCase()) {
+						array.push(headers[i].segment);
+					}
+				}
+				return array;
+			},
+
+			set: function(name, segment) {
+				var array = [], i, ii, max;
+
+				if (typeof(segment) === 'string') {
+					array.push(segment);
+				} else {
+					array = segment;
+				}
+
+				for (i = ii = 0, max = headers.length; i < max; i++) {
+					if (headers[i].name === name.toUpperCase()) {
+						headers[i].segment = array[ii];
+						headers[i].length = array[ii].length;
+						ii++;
+					}
+					if (ii >= array.length) {
+						break;
+					}
+				}
+			},
+
+			purge: function() {
+				headers = [];
+				read.init(null);
+				read = null;
+			}
+		};
+	};
+});
+
+// Included from: src/javascript/runtime/html5/image/ExifParser.js
+
+/**
+ * ExifParser.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/image/ExifParser
+@private
+*/
+define("moxie/runtime/html5/image/ExifParser", [
+	"moxie/core/utils/Basic",
+	"moxie/runtime/html5/utils/BinaryReader"
+], function(Basic, BinaryReader) {
+	
+	return function ExifParser() {
+		// Private ExifParser fields
+		var data, tags, Tiff, offsets = {}, tagDescs;
+
+		data = new BinaryReader();
+
+		tags = {
+			tiff : {
+				/*
+				The image orientation viewed in terms of rows and columns.
+
+				1 = The 0th row is at the visual top of the image, and the 0th column is the visual left-hand side.
+				2 = The 0th row is at the visual top of the image, and the 0th column is the visual right-hand side.
+				3 = The 0th row is at the visual bottom of the image, and the 0th column is the visual right-hand side.
+				4 = The 0th row is at the visual bottom of the image, and the 0th column is the visual left-hand side.
+				5 = The 0th row is the visual left-hand side of the image, and the 0th column is the visual top.
+				6 = The 0th row is the visual right-hand side of the image, and the 0th column is the visual top.
+				7 = The 0th row is the visual right-hand side of the image, and the 0th column is the visual bottom.
+				8 = The 0th row is the visual left-hand side of the image, and the 0th column is the visual bottom.
+				*/
+				0x0112: 'Orientation',
+				0x010E: 'ImageDescription',
+				0x010F: 'Make',
+				0x0110: 'Model',
+				0x0131: 'Software',
+				0x8769: 'ExifIFDPointer',
+				0x8825:	'GPSInfoIFDPointer'
+			},
+			exif : {
+				0x9000: 'ExifVersion',
+				0xA001: 'ColorSpace',
+				0xA002: 'PixelXDimension',
+				0xA003: 'PixelYDimension',
+				0x9003: 'DateTimeOriginal',
+				0x829A: 'ExposureTime',
+				0x829D: 'FNumber',
+				0x8827: 'ISOSpeedRatings',
+				0x9201: 'ShutterSpeedValue',
+				0x9202: 'ApertureValue'	,
+				0x9207: 'MeteringMode',
+				0x9208: 'LightSource',
+				0x9209: 'Flash',
+				0x920A: 'FocalLength',
+				0xA402: 'ExposureMode',
+				0xA403: 'WhiteBalance',
+				0xA406: 'SceneCaptureType',
+				0xA404: 'DigitalZoomRatio',
+				0xA408: 'Contrast',
+				0xA409: 'Saturation',
+				0xA40A: 'Sharpness'
+			},
+			gps : {
+				0x0000: 'GPSVersionID',
+				0x0001: 'GPSLatitudeRef',
+				0x0002: 'GPSLatitude',
+				0x0003: 'GPSLongitudeRef',
+				0x0004: 'GPSLongitude'
+			}
+		};
+
+		tagDescs = {
+			'ColorSpace': {
+				1: 'sRGB',
+				0: 'Uncalibrated'
+			},
+
+			'MeteringMode': {
+				0: 'Unknown',
+				1: 'Average',
+				2: 'CenterWeightedAverage',
+				3: 'Spot',
+				4: 'MultiSpot',
+				5: 'Pattern',
+				6: 'Partial',
+				255: 'Other'
+			},
+
+			'LightSource': {
+				1: 'Daylight',
+				2: 'Fliorescent',
+				3: 'Tungsten',
+				4: 'Flash',
+				9: 'Fine weather',
+				10: 'Cloudy weather',
+				11: 'Shade',
+				12: 'Daylight fluorescent (D 5700 - 7100K)',
+				13: 'Day white fluorescent (N 4600 -5400K)',
+				14: 'Cool white fluorescent (W 3900 - 4500K)',
+				15: 'White fluorescent (WW 3200 - 3700K)',
+				17: 'Standard light A',
+				18: 'Standard light B',
+				19: 'Standard light C',
+				20: 'D55',
+				21: 'D65',
+				22: 'D75',
+				23: 'D50',
+				24: 'ISO studio tungsten',
+				255: 'Other'
+			},
+
+			'Flash': {
+				0x0000: 'Flash did not fire.',
+				0x0001: 'Flash fired.',
+				0x0005: 'Strobe return light not detected.',
+				0x0007: 'Strobe return light detected.',
+				0x0009: 'Flash fired, compulsory flash mode',
+				0x000D: 'Flash fired, compulsory flash mode, return light not detected',
+				0x000F: 'Flash fired, compulsory flash mode, return light detected',
+				0x0010: 'Flash did not fire, compulsory flash mode',
+				0x0018: 'Flash did not fire, auto mode',
+				0x0019: 'Flash fired, auto mode',
+				0x001D: 'Flash fired, auto mode, return light not detected',
+				0x001F: 'Flash fired, auto mode, return light detected',
+				0x0020: 'No flash function',
+				0x0041: 'Flash fired, red-eye reduction mode',
+				0x0045: 'Flash fired, red-eye reduction mode, return light not detected',
+				0x0047: 'Flash fired, red-eye reduction mode, return light detected',
+				0x0049: 'Flash fired, compulsory flash mode, red-eye reduction mode',
+				0x004D: 'Flash fired, compulsory flash mode, red-eye reduction mode, return light not detected',
+				0x004F: 'Flash fired, compulsory flash mode, red-eye reduction mode, return light detected',
+				0x0059: 'Flash fired, auto mode, red-eye reduction mode',
+				0x005D: 'Flash fired, auto mode, return light not detected, red-eye reduction mode',
+				0x005F: 'Flash fired, auto mode, return light detected, red-eye reduction mode'
+			},
+
+			'ExposureMode': {
+				0: 'Auto exposure',
+				1: 'Manual exposure',
+				2: 'Auto bracket'
+			},
+
+			'WhiteBalance': {
+				0: 'Auto white balance',
+				1: 'Manual white balance'
+			},
+
+			'SceneCaptureType': {
+				0: 'Standard',
+				1: 'Landscape',
+				2: 'Portrait',
+				3: 'Night scene'
+			},
+
+			'Contrast': {
+				0: 'Normal',
+				1: 'Soft',
+				2: 'Hard'
+			},
+
+			'Saturation': {
+				0: 'Normal',
+				1: 'Low saturation',
+				2: 'High saturation'
+			},
+
+			'Sharpness': {
+				0: 'Normal',
+				1: 'Soft',
+				2: 'Hard'
+			},
+
+			// GPS related
+			'GPSLatitudeRef': {
+				N: 'North latitude',
+				S: 'South latitude'
+			},
+
+			'GPSLongitudeRef': {
+				E: 'East longitude',
+				W: 'West longitude'
+			}
+		};
+
+		function extractTags(IFD_offset, tags2extract) {
+			var length = data.SHORT(IFD_offset), i, ii,
+				tag, type, count, tagOffset, offset, value, values = [], hash = {};
+
+			for (i = 0; i < length; i++) {
+				// Set binary reader pointer to beginning of the next tag
+				offset = tagOffset = IFD_offset + 12 * i + 2;
+
+				tag = tags2extract[data.SHORT(offset)];
+
+				if (tag === undefined) {
+					continue; // Not the tag we requested
+				}
+
+				type = data.SHORT(offset+=2);
+				count = data.LONG(offset+=2);
+
+				offset += 4;
+				values = [];
+
+				switch (type) {
+					case 1: // BYTE
+					case 7: // UNDEFINED
+						if (count > 4) {
+							offset = data.LONG(offset) + offsets.tiffHeader;
+						}
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.BYTE(offset + ii);
+						}
+
+						break;
+
+					case 2: // STRING
+						if (count > 4) {
+							offset = data.LONG(offset) + offsets.tiffHeader;
+						}
+
+						hash[tag] = data.STRING(offset, count - 1);
+
+						continue;
+
+					case 3: // SHORT
+						if (count > 2) {
+							offset = data.LONG(offset) + offsets.tiffHeader;
+						}
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.SHORT(offset + ii*2);
+						}
+
+						break;
+
+					case 4: // LONG
+						if (count > 1) {
+							offset = data.LONG(offset) + offsets.tiffHeader;
+						}
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.LONG(offset + ii*4);
+						}
+
+						break;
+
+					case 5: // RATIONAL
+						offset = data.LONG(offset) + offsets.tiffHeader;
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.LONG(offset + ii*4) / data.LONG(offset + ii*4 + 4);
+						}
+
+						break;
+
+					case 9: // SLONG
+						offset = data.LONG(offset) + offsets.tiffHeader;
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.SLONG(offset + ii*4);
+						}
+
+						break;
+
+					case 10: // SRATIONAL
+						offset = data.LONG(offset) + offsets.tiffHeader;
+
+						for (ii = 0; ii < count; ii++) {
+							values[ii] = data.SLONG(offset + ii*4) / data.SLONG(offset + ii*4 + 4);
+						}
+
+						break;
+
+					default:
+						continue;
+				}
+
+				value = (count == 1 ? values[0] : values);
+
+				if (tagDescs.hasOwnProperty(tag) && typeof value != 'object') {
+					hash[tag] = tagDescs[tag][value];
+				} else {
+					hash[tag] = value;
+				}
+			}
+
+			return hash;
+		}
+
+		function getIFDOffsets() {
+			var idx = offsets.tiffHeader;
+
+			// Set read order of multi-byte data
+			data.II(data.SHORT(idx) == 0x4949);
+
+			// Check if always present bytes are indeed present
+			if (data.SHORT(idx+=2) !== 0x002A) {
+				return false;
+			}
+
+			offsets.IFD0 = offsets.tiffHeader + data.LONG(idx += 2);
+			Tiff = extractTags(offsets.IFD0, tags.tiff);
+
+			if ('ExifIFDPointer' in Tiff) {
+				offsets.exifIFD = offsets.tiffHeader + Tiff.ExifIFDPointer;
+				delete Tiff.ExifIFDPointer;
+			}
+
+			if ('GPSInfoIFDPointer' in Tiff) {
+				offsets.gpsIFD = offsets.tiffHeader + Tiff.GPSInfoIFDPointer;
+				delete Tiff.GPSInfoIFDPointer;
+			}
+			return true;
+		}
+
+		// At the moment only setting of simple (LONG) values, that do not require offset recalculation, is supported
+		function setTag(ifd, tag, value) {
+			var offset, length, tagOffset, valueOffset = 0;
+
+			// If tag name passed translate into hex key
+			if (typeof(tag) === 'string') {
+				var tmpTags = tags[ifd.toLowerCase()];
+				for (var hex in tmpTags) {
+					if (tmpTags[hex] === tag) {
+						tag = hex;
+						break;
+					}
+				}
+			}
+			offset = offsets[ifd.toLowerCase() + 'IFD'];
+			length = data.SHORT(offset);
+
+			for (var i = 0; i < length; i++) {
+				tagOffset = offset + 12 * i + 2;
+
+				if (data.SHORT(tagOffset) == tag) {
+					valueOffset = tagOffset + 8;
+					break;
+				}
+			}
+
+			if (!valueOffset) {
+				return false;
+			}
+
+			data.LONG(valueOffset, value);
+			return true;
+		}
+
+
+		// Public functions
+		return {
+			init: function(segment) {
+				// Reset internal data
+				offsets = {
+					tiffHeader: 10
+				};
+
+				if (segment === undefined || !segment.length) {
+					return false;
+				}
+
+				data.init(segment);
+
+				// Check if that's APP1 and that it has EXIF
+				if (data.SHORT(0) === 0xFFE1 && data.STRING(4, 5).toUpperCase() === "EXIF\0") {
+					return getIFDOffsets();
+				}
+				return false;
+			},
+
+			TIFF: function() {
+				return Tiff;
+			},
+
+			EXIF: function() {
+				var Exif;
+
+				// Populate EXIF hash
+				Exif = extractTags(offsets.exifIFD, tags.exif);
+
+				// Fix formatting of some tags
+				if (Exif.ExifVersion && Basic.typeOf(Exif.ExifVersion) === 'array') {
+					for (var i = 0, exifVersion = ''; i < Exif.ExifVersion.length; i++) {
+						exifVersion += String.fromCharCode(Exif.ExifVersion[i]);
+					}
+					Exif.ExifVersion = exifVersion;
+				}
+
+				return Exif;
+			},
+
+			GPS: function() {
+				var GPS;
+
+				GPS = extractTags(offsets.gpsIFD, tags.gps);
+
+				// iOS devices (and probably some others) do not put in GPSVersionID tag (why?..)
+				if (GPS.GPSVersionID && Basic.typeOf(GPS.GPSVersionID) === 'array') {
+					GPS.GPSVersionID = GPS.GPSVersionID.join('.');
+				}
+
+				return GPS;
+			},
+
+			setExif: function(tag, value) {
+				// Right now only setting of width/height is possible
+				if (tag !== 'PixelXDimension' && tag !== 'PixelYDimension') {return false;}
+
+				return setTag('exif', tag, value);
+			},
+
+
+			getBinary: function() {
+				return data.SEGMENT();
+			},
+
+			purge: function() {
+				data.init(null);
+				data = Tiff = null;
+				offsets = {};
+			}
+		};
+	};
+});
+
+// Included from: src/javascript/runtime/html5/image/JPEG.js
+
+/**
+ * JPEG.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/image/JPEG
+@private
+*/
+define("moxie/runtime/html5/image/JPEG", [
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/runtime/html5/image/JPEGHeaders",
+	"moxie/runtime/html5/utils/BinaryReader",
+	"moxie/runtime/html5/image/ExifParser"
+], function(Basic, x, JPEGHeaders, BinaryReader, ExifParser) {
+	
+	function JPEG(binstr) {
+		var _binstr, _br, _hm, _ep, _info, hasExif;
+
+		function _getDimensions() {
+			var idx = 0, marker, length;
+
+			// examine all through the end, since some images might have very large APP segments
+			while (idx <= _binstr.length) {
+				marker = _br.SHORT(idx += 2);
+
+				if (marker >= 0xFFC0 && marker <= 0xFFC3) { // SOFn
+					idx += 5; // marker (2 bytes) + length (2 bytes) + Sample precision (1 byte)
+					return {
+						height: _br.SHORT(idx),
+						width: _br.SHORT(idx += 2)
+					};
+				}
+				length = _br.SHORT(idx += 2);
+				idx += length - 2;
+			}
+			return null;
+		}
+
+		_binstr = binstr;
+
+		_br = new BinaryReader();
+		_br.init(_binstr);
+
+		// check if it is jpeg
+		if (_br.SHORT(0) !== 0xFFD8) {
+			throw new x.ImageError(x.ImageError.WRONG_FORMAT);
+		}
+
+		// backup headers
+		_hm = new JPEGHeaders(binstr);
+
+		// extract exif info
+		_ep = new ExifParser();
+		hasExif = !!_ep.init(_hm.get('app1')[0]);
+
+		// get dimensions
+		_info = _getDimensions.call(this);
+
+		Basic.extend(this, {
+			type: 'image/jpeg',
+
+			size: _binstr.length,
+
+			width: _info && _info.width || 0,
+
+			height: _info && _info.height || 0,
+
+			setExif: function(tag, value) {
+				if (!hasExif) {
+					return false; // or throw an exception
+				}
+
+				if (Basic.typeOf(tag) === 'object') {
+					Basic.each(tag, function(value, tag) {
+						_ep.setExif(tag, value);
+					});
+				} else {
+					_ep.setExif(tag, value);
+				}
+
+				// update internal headers
+				_hm.set('app1', _ep.getBinary());
+			},
+
+			writeHeaders: function() {
+				if (!arguments.length) {
+					// if no arguments passed, update headers internally
+					return (_binstr = _hm.restore(_binstr));
+				}
+				return _hm.restore(arguments[0]);
+			},
+
+			stripHeaders: function(binstr) {
+				return _hm.strip(binstr);
+			},
+
+			purge: function() {
+				_purge.call(this);
+			}
+		});
+
+		if (hasExif) {
+			this.meta = {
+				tiff: _ep.TIFF(),
+				exif: _ep.EXIF(),
+				gps: _ep.GPS()
+			};
+		}
+
+		function _purge() {
+			if (!_ep || !_hm || !_br) { 
+				return; // ignore any repeating purge requests
+			}
+			_ep.purge();
+			_hm.purge();
+			_br.init(null);
+			_binstr = _info = _hm = _ep = _br = null;
+		}
+	}
+
+	return JPEG;
+});
+
+// Included from: src/javascript/runtime/html5/image/PNG.js
+
+/**
+ * PNG.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/image/PNG
+@private
+*/
+define("moxie/runtime/html5/image/PNG", [
+	"moxie/core/Exceptions",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/html5/utils/BinaryReader"
+], function(x, Basic, BinaryReader) {
+	
+	function PNG(binstr) {
+		var _binstr, _br, _hm, _ep, _info;
+
+		_binstr = binstr;
+
+		_br = new BinaryReader();
+		_br.init(_binstr);
+
+		// check if it's png
+		(function() {
+			var idx = 0, i = 0
+			, signature = [0x8950, 0x4E47, 0x0D0A, 0x1A0A]
+			;
+
+			for (i = 0; i < signature.length; i++, idx += 2) {
+				if (signature[i] != _br.SHORT(idx)) {
+					throw new x.ImageError(x.ImageError.WRONG_FORMAT);
+				}
+			}
+		}());
+
+		function _getDimensions() {
+			var chunk, idx;
+
+			chunk = _getChunkAt.call(this, 8);
+
+			if (chunk.type == 'IHDR') {
+				idx = chunk.start;
+				return {
+					width: _br.LONG(idx),
+					height: _br.LONG(idx += 4)
+				};
+			}
+			return null;
+		}
+
+		function _purge() {
+			if (!_br) {
+				return; // ignore any repeating purge requests
+			}
+			_br.init(null);
+			_binstr = _info = _hm = _ep = _br = null;
+		}
+
+		_info = _getDimensions.call(this);
+
+		Basic.extend(this, {
+			type: 'image/png',
+
+			size: _binstr.length,
+
+			width: _info.width,
+
+			height: _info.height,
+
+			purge: function() {
+				_purge.call(this);
+			}
+		});
+
+		// for PNG we can safely trigger purge automatically, as we do not keep any data for later
+		_purge.call(this);
+
+		function _getChunkAt(idx) {
+			var length, type, start, CRC;
+
+			length = _br.LONG(idx);
+			type = _br.STRING(idx += 4, 4);
+			start = idx += 4;
+			CRC = _br.LONG(idx + length);
+
+			return {
+				length: length,
+				type: type,
+				start: start,
+				CRC: CRC
+			};
+		}
+	}
+
+	return PNG;
+});
+
+// Included from: src/javascript/runtime/html5/image/ImageInfo.js
+
+/**
+ * ImageInfo.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/image/ImageInfo
+@private
+*/
+define("moxie/runtime/html5/image/ImageInfo", [
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/runtime/html5/image/JPEG",
+	"moxie/runtime/html5/image/PNG"
+], function(Basic, x, JPEG, PNG) {
+	/**
+	Optional image investigation tool for HTML5 runtime. Provides the following features:
+	- ability to distinguish image type (JPEG or PNG) by signature
+	- ability to extract image width/height directly from it's internals, without preloading in memory (fast)
+	- ability to extract APP headers from JPEGs (Exif, GPS, etc)
+	- ability to replace width/height tags in extracted JPEG headers
+	- ability to restore APP headers, that were for example stripped during image manipulation
+
+	@class ImageInfo
+	@constructor
+	@param {String} binstr Image source as binary string
+	*/
+	return function(binstr) {
+		var _cs = [JPEG, PNG], _img;
+
+		// figure out the format, throw: ImageError.WRONG_FORMAT if not supported
+		_img = (function() {
+			for (var i = 0; i < _cs.length; i++) {
+				try {
+					return new _cs[i](binstr);
+				} catch (ex) {
+					// console.info(ex);
+				}
+			}
+			throw new x.ImageError(x.ImageError.WRONG_FORMAT);
+		}());
+
+		Basic.extend(this, {
+			/**
+			Image Mime Type extracted from it's depths
+
+			@property type
+			@type {String}
+			@default ''
+			*/
+			type: '',
+
+			/**
+			Image size in bytes
+
+			@property size
+			@type {Number}
+			@default 0
+			*/
+			size: 0,
+
+			/**
+			Image width extracted from image source
+
+			@property width
+			@type {Number}
+			@default 0
+			*/
+			width: 0,
+
+			/**
+			Image height extracted from image source
+
+			@property height
+			@type {Number}
+			@default 0
+			*/
+			height: 0,
+
+			/**
+			Sets Exif tag. Currently applicable only for width and height tags. Obviously works only with JPEGs.
+
+			@method setExif
+			@param {String} tag Tag to set
+			@param {Mixed} value Value to assign to the tag
+			*/
+			setExif: function() {},
+
+			/**
+			Restores headers to the source.
+
+			@method writeHeaders
+			@param {String} data Image source as binary string
+			@return {String} Updated binary string
+			*/
+			writeHeaders: function(data) {
+				return data;
+			},
+
+			/**
+			Strip all headers from the source.
+
+			@method stripHeaders
+			@param {String} data Image source as binary string
+			@return {String} Updated binary string
+			*/
+			stripHeaders: function(data) {
+				return data;
+			},
+
+			/**
+			Dispose resources.
+
+			@method purge
+			*/
+			purge: function() {}
+		});
+
+		Basic.extend(this, _img);
+
+		this.purge = function() {
+			_img.purge();
+			_img = null;
+		};
+	};
+});
+
+// Included from: src/javascript/runtime/html5/image/MegaPixel.js
+
+/**
+(The MIT License)
+
+Copyright (c) 2012 Shinichi Tomita <shinichi.tomita@gmail.com>;
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+/**
+ * Mega pixel image rendering library for iOS6 Safari
+ *
+ * Fixes iOS6 Safari's image file rendering issue for large size image (over mega-pixel),
+ * which causes unexpected subsampling when drawing it in canvas.
+ * By using this library, you can safely render the image with proper stretching.
+ *
+ * Copyright (c) 2012 Shinichi Tomita <shinichi.tomita@gmail.com>
+ * Released under the MIT license
+ */
+
+/**
+@class moxie/runtime/html5/image/MegaPixel
+@private
+*/
+define("moxie/runtime/html5/image/MegaPixel", [], function() {
+
+	/**
+	 * Rendering image element (with resizing) into the canvas element
+	 */
+	function renderImageToCanvas(img, canvas, options) {
+		var iw = img.naturalWidth, ih = img.naturalHeight;
+		var width = options.width, height = options.height;
+		var x = options.x || 0, y = options.y || 0;
+		var ctx = canvas.getContext('2d');
+		if (detectSubsampling(img)) {
+			iw /= 2;
+			ih /= 2;
+		}
+		var d = 1024; // size of tiling canvas
+		var tmpCanvas = document.createElement('canvas');
+		tmpCanvas.width = tmpCanvas.height = d;
+		var tmpCtx = tmpCanvas.getContext('2d');
+		var vertSquashRatio = detectVerticalSquash(img, iw, ih);
+		var sy = 0;
+		while (sy < ih) {
+			var sh = sy + d > ih ? ih - sy : d;
+			var sx = 0;
+			while (sx < iw) {
+				var sw = sx + d > iw ? iw - sx : d;
+				tmpCtx.clearRect(0, 0, d, d);
+				tmpCtx.drawImage(img, -sx, -sy);
+				var dx = (sx * width / iw + x) << 0;
+				var dw = Math.ceil(sw * width / iw);
+				var dy = (sy * height / ih / vertSquashRatio + y) << 0;
+				var dh = Math.ceil(sh * height / ih / vertSquashRatio);
+				ctx.drawImage(tmpCanvas, 0, 0, sw, sh, dx, dy, dw, dh);
+				sx += d;
+			}
+			sy += d;
+		}
+		tmpCanvas = tmpCtx = null;
+	}
+
+	/**
+	 * Detect subsampling in loaded image.
+	 * In iOS, larger images than 2M pixels may be subsampled in rendering.
+	 */
+	function detectSubsampling(img) {
+		var iw = img.naturalWidth, ih = img.naturalHeight;
+		if (iw * ih > 1024 * 1024) { // subsampling may happen over megapixel image
+			var canvas = document.createElement('canvas');
+			canvas.width = canvas.height = 1;
+			var ctx = canvas.getContext('2d');
+			ctx.drawImage(img, -iw + 1, 0);
+			// subsampled image becomes half smaller in rendering size.
+			// check alpha channel value to confirm image is covering edge pixel or not.
+			// if alpha value is 0 image is not covering, hence subsampled.
+			return ctx.getImageData(0, 0, 1, 1).data[3] === 0;
+		} else {
+			return false;
+		}
+	}
+
+
+	/**
+	 * Detecting vertical squash in loaded image.
+	 * Fixes a bug which squash image vertically while drawing into canvas for some images.
+	 */
+	function detectVerticalSquash(img, iw, ih) {
+		var canvas = document.createElement('canvas');
+		canvas.width = 1;
+		canvas.height = ih;
+		var ctx = canvas.getContext('2d');
+		ctx.drawImage(img, 0, 0);
+		var data = ctx.getImageData(0, 0, 1, ih).data;
+		// search image edge pixel position in case it is squashed vertically.
+		var sy = 0;
+		var ey = ih;
+		var py = ih;
+		while (py > sy) {
+			var alpha = data[(py - 1) * 4 + 3];
+			if (alpha === 0) {
+				ey = py;
+			} else {
+			sy = py;
+			}
+			py = (ey + sy) >> 1;
+		}
+		canvas = null;
+		var ratio = (py / ih);
+		return (ratio === 0) ? 1 : ratio;
+	}
+
+	return {
+		isSubsampled: detectSubsampling,
+		renderTo: renderImageToCanvas
+	};
+});
+
+// Included from: src/javascript/runtime/html5/image/Image.js
+
+/**
+ * Image.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html5/image/Image
+@private
+*/
+define("moxie/runtime/html5/image/Image", [
+	"moxie/runtime/html5/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/core/utils/Encode",
+	"moxie/file/File",
+	"moxie/runtime/html5/image/ImageInfo",
+	"moxie/runtime/html5/image/MegaPixel",
+	"moxie/core/utils/Mime",
+	"moxie/core/utils/Env"
+], function(extensions, Basic, x, Encode, File, ImageInfo, MegaPixel, Mime, Env) {
+	
+	function HTML5Image() {
+		var me = this
+		, _img, _imgInfo, _canvas, _binStr, _blob
+		, _modified = false // is set true whenever image is modified
+		, _preserveHeaders = true
+		;
+
+		Basic.extend(this, {
+			loadFromBlob: function(blob) {
+				var comp = this, I = comp.getRuntime()
+				, asBinary = arguments.length > 1 ? arguments[1] : true
+				;
+
+				if (!I.can('access_binary')) {
+					throw new x.RuntimeError(x.RuntimeError.NOT_SUPPORTED_ERR);
+				}
+
+				_blob = blob;
+
+				if (blob.isDetached()) {
+					_binStr = blob.getSource();
+					_preload.call(this, _binStr);
+					return;
+				} else {
+					_readAsDataUrl.call(this, blob.getSource(), function(dataUrl) {
+						if (asBinary) {
+							_binStr = _toBinary(dataUrl);
+						}
+						_preload.call(comp, dataUrl);
+					});
+				}
+			},
+
+			loadFromImage: function(img, exact) {
+				this.meta = img.meta;
+
+				_blob = new File(null, {
+					name: img.name,
+					size: img.size,
+					type: img.type
+				});
+
+				_preload.call(this, exact ? (_binStr = img.getAsBinaryString()) : img.getAsDataURL());
+			},
+
+			getInfo: function() {
+				var I = this.getRuntime(), info;
+
+				if (!_imgInfo && _binStr && I.can('access_image_binary')) {
+					_imgInfo = new ImageInfo(_binStr);
+				}
+
+				info = {
+					width: _getImg().width || 0,
+					height: _getImg().height || 0,
+					type: _blob.type || Mime.getFileMime(_blob.name),
+					size: _binStr && _binStr.length || _blob.size || 0,
+					name: _blob.name || '',
+					meta: _imgInfo && _imgInfo.meta || this.meta || {}
+				};
+
+				return info;
+			},
+
+			downsize: function() {
+				_downsize.apply(this, arguments);
+			},
+
+			getAsCanvas: function() {
+				if (_canvas) {
+					_canvas.id = this.uid + '_canvas';
+				}
+				return _canvas;
+			},
+
+			getAsBlob: function(type, quality) {
+				if (type !== this.type) {
+					// if different mime type requested prepare image for conversion
+					_downsize.call(this, this.width, this.height, false);
+				}
+				return new File(null, {
+					name: _blob.name || '',
+					type: type,
+					data: me.getAsBinaryString.call(this, type, quality)
+				});
+			},
+
+			getAsDataURL: function(type) {
+				var quality = arguments[1] || 90;
+
+				// if image has not been modified, return the source right away
+				if (!_modified) {
+					return _img.src;
+				}
+
+				if ('image/jpeg' !== type) {
+					return _canvas.toDataURL('image/png');
+				} else {
+					try {
+						// older Geckos used to result in an exception on quality argument
+						return _canvas.toDataURL('image/jpeg', quality/100);
+					} catch (ex) {
+						return _canvas.toDataURL('image/jpeg');
+					}
+				}
+			},
+
+			getAsBinaryString: function(type, quality) {
+				// if image has not been modified, return the source right away
+				if (!_modified) {
+					// if image was not loaded from binary string
+					if (!_binStr) {
+						_binStr = _toBinary(me.getAsDataURL(type, quality));
+					}
+					return _binStr;
+				}
+
+				if ('image/jpeg' !== type) {
+					_binStr = _toBinary(me.getAsDataURL(type, quality));
+				} else {
+					var dataUrl;
+
+					// if jpeg
+					if (!quality) {
+						quality = 90;
+					}
+
+					try {
+						// older Geckos used to result in an exception on quality argument
+						dataUrl = _canvas.toDataURL('image/jpeg', quality/100);
+					} catch (ex) {
+						dataUrl = _canvas.toDataURL('image/jpeg');
+					}
+
+					_binStr = _toBinary(dataUrl);
+
+					if (_imgInfo) {
+						_binStr = _imgInfo.stripHeaders(_binStr);
+
+						if (_preserveHeaders) {
+							// update dimensions info in exif
+							if (_imgInfo.meta && _imgInfo.meta.exif) {
+								_imgInfo.setExif({
+									PixelXDimension: this.width,
+									PixelYDimension: this.height
+								});
+							}
+
+							// re-inject the headers
+							_binStr = _imgInfo.writeHeaders(_binStr);
+						}
+
+						// will be re-created from fresh on next getInfo call
+						_imgInfo.purge();
+						_imgInfo = null;
+					}
+				}
+
+				_modified = false;
+
+				return _binStr;
+			},
+
+			destroy: function() {
+				me = null;
+				_purge.call(this);
+				this.getRuntime().getShim().removeInstance(this.uid);
+			}
+		});
+
+
+		function _getImg() {
+			if (!_canvas && !_img) {
+				throw new x.ImageError(x.DOMException.INVALID_STATE_ERR);
+			}
+			return _canvas || _img;
+		}
+
+
+		function _toBinary(str) {
+			return Encode.atob(str.substring(str.indexOf('base64,') + 7));
+		}
+
+
+		function _toDataUrl(str, type) {
+			return 'data:' + (type || '') + ';base64,' + Encode.btoa(str);
+		}
+
+
+		function _preload(str) {
+			var comp = this;
+
+			_img = new Image();
+			_img.onerror = function() {
+				_purge.call(this);
+				comp.trigger('error', new x.ImageError(x.ImageError.WRONG_FORMAT));
+			};
+			_img.onload = function() {
+				comp.trigger('load');
+			};
+
+			_img.src = /^data:[^;]*;base64,/.test(str) ? str : _toDataUrl(str, _blob.type);
+		}
+
+
+		function _readAsDataUrl(file, callback) {
+			var comp = this, fr;
+
+			// use FileReader if it's available
+			if (window.FileReader) {
+				fr = new FileReader();
+				fr.onload = function() {
+					callback(this.result);
+				};
+				fr.onerror = function() {
+					comp.trigger('error', new x.FileException(x.FileException.NOT_READABLE_ERR));
+				};
+				fr.readAsDataURL(file);
+			} else {
+				return callback(file.getAsDataURL());
+			}
+		}
+
+		function _downsize(width, height, crop, preserveHeaders) {
+			var self = this
+			, scale
+			, mathFn
+			, x = 0
+			, y = 0
+			, img
+			, destWidth
+			, destHeight
+			, orientation
+			;
+
+			_preserveHeaders = preserveHeaders; // we will need to check this on export (see getAsBinaryString())
+
+			// take into account orientation tag
+			orientation = (this.meta && this.meta.tiff && this.meta.tiff.Orientation) || 1;
+
+			if (Basic.inArray(orientation, [5,6,7,8]) !== -1) { // values that require 90 degree rotation
+				// swap dimensions
+				var tmp = width;
+				width = height;
+				height = tmp;
+			}
+
+			img = _getImg();
+
+			// unify dimensions
+			mathFn = !crop ? Math.min : Math.max;
+			scale = mathFn(width/img.width, height/img.height);
+		
+			// we only downsize here
+			if (scale > 1 && (!crop || preserveHeaders)) { // when cropping one of dimensions may still exceed max, so process it anyway
+				this.trigger('Resize');
+				return;
+			}
+
+			// prepare canvas if necessary
+			if (!_canvas) {
+				_canvas = document.createElement("canvas");
+			}
+
+			// calculate dimensions of proportionally resized image
+			destWidth = Math.round(img.width * scale);	
+			destHeight = Math.round(img.height * scale);
+
+
+			// scale image and canvas
+			if (crop) {
+				_canvas.width = width;
+				_canvas.height = height;
+
+				// if dimensions of the resulting image still larger than canvas, center it
+				if (destWidth > width) {
+					x = Math.round((destWidth - width) / 2);
+				}
+
+				if (destHeight > height) {
+					y = Math.round((destHeight - height) / 2);
+				}
+			} else {
+				_canvas.width = destWidth;
+				_canvas.height = destHeight;
+			}
+
+			// rotate if required, according to orientation tag
+			if (!_preserveHeaders) {
+				_rotateToOrientaion(_canvas.width, _canvas.height, orientation);
+			}
+
+			_drawToCanvas.call(this, img, _canvas, -x, -y, destWidth, destHeight);
+
+			this.width = _canvas.width;
+			this.height = _canvas.height;
+
+			_modified = true;
+			self.trigger('Resize');
+		}
+
+
+		function _drawToCanvas(img, canvas, x, y, w, h) {
+			if (Env.OS === 'iOS') { 
+				// avoid squish bug in iOS6
+				MegaPixel.renderTo(img, canvas, { width: w, height: h, x: x, y: y });
+			} else {
+				var ctx = canvas.getContext('2d');
+				ctx.drawImage(img, x, y, w, h);
+			}
+		}
+
+
+		/**
+		* Transform canvas coordination according to specified frame size and orientation
+		* Orientation value is from EXIF tag
+		* @author Shinichi Tomita <shinichi.tomita@gmail.com>
+		*/
+		function _rotateToOrientaion(width, height, orientation) {
+			switch (orientation) {
+				case 5:
+				case 6:
+				case 7:
+				case 8:
+					_canvas.width = height;
+					_canvas.height = width;
+					break;
+				default:
+					_canvas.width = width;
+					_canvas.height = height;
+			}
+
+			/**
+			1 = The 0th row is at the visual top of the image, and the 0th column is the visual left-hand side.
+			2 = The 0th row is at the visual top of the image, and the 0th column is the visual right-hand side.
+			3 = The 0th row is at the visual bottom of the image, and the 0th column is the visual right-hand side.
+			4 = The 0th row is at the visual bottom of the image, and the 0th column is the visual left-hand side.
+			5 = The 0th row is the visual left-hand side of the image, and the 0th column is the visual top.
+			6 = The 0th row is the visual right-hand side of the image, and the 0th column is the visual top.
+			7 = The 0th row is the visual right-hand side of the image, and the 0th column is the visual bottom.
+			8 = The 0th row is the visual left-hand side of the image, and the 0th column is the visual bottom.
+			*/
+
+			var ctx = _canvas.getContext('2d');
+			switch (orientation) {
+				case 2:
+					// horizontal flip
+					ctx.translate(width, 0);
+					ctx.scale(-1, 1);
+					break;
+				case 3:
+					// 180 rotate left
+					ctx.translate(width, height);
+					ctx.rotate(Math.PI);
+					break;
+				case 4:
+					// vertical flip
+					ctx.translate(0, height);
+					ctx.scale(1, -1);
+					break;
+				case 5:
+					// vertical flip + 90 rotate right
+					ctx.rotate(0.5 * Math.PI);
+					ctx.scale(1, -1);
+					break;
+				case 6:
+					// 90 rotate right
+					ctx.rotate(0.5 * Math.PI);
+					ctx.translate(0, -height);
+					break;
+				case 7:
+					// horizontal flip + 90 rotate right
+					ctx.rotate(0.5 * Math.PI);
+					ctx.translate(width, -height);
+					ctx.scale(-1, 1);
+					break;
+				case 8:
+					// 90 rotate left
+					ctx.rotate(-0.5 * Math.PI);
+					ctx.translate(-width, 0);
+					break;
+			}
+		}
+
+
+		function _purge() {
+			if (_imgInfo) {
+				_imgInfo.purge();
+				_imgInfo = null;
+			}
+			_binStr = _img = _canvas = _blob = null;
+			_modified = false;
+		}
+	}
+
+	return (extensions.Image = HTML5Image);
+});
+
+// Included from: src/javascript/runtime/flash/Runtime.js
+
+/**
+ * Runtime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global ActiveXObject:true */
+
+/**
+Defines constructor for Flash runtime.
+
+@class moxie/runtime/flash/Runtime
+@private
+*/
+define("moxie/runtime/flash/Runtime", [
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Env",
+	"moxie/core/utils/Dom",
+	"moxie/core/Exceptions",
+	"moxie/runtime/Runtime"
+], function(Basic, Env, Dom, x, Runtime) {
+	
+	var type = 'flash', extensions = {};
+
+	/**
+	Get the version of the Flash Player
+
+	@method getShimVersion
+	@private
+	@return {Number} Flash Player version
+	*/
+	function getShimVersion() {
+		var version;
+
+		try {
+			version = navigator.plugins['Shockwave Flash'];
+			version = version.description;
+		} catch (e1) {
+			try {
+				version = new ActiveXObject('ShockwaveFlash.ShockwaveFlash').GetVariable('$version');
+			} catch (e2) {
+				version = '0.0';
+			}
+		}
+		version = version.match(/\d+/g);
+		return parseFloat(version[0] + '.' + version[1]);
+	}
+
+	/**
+	Constructor for the Flash Runtime
+
+	@class FlashRuntime
+	@extends Runtime
+	*/
+	function FlashRuntime(options) {
+		var I = this, initTimer;
+
+		options = Basic.extend({ swf_url: Env.swf_url }, options);
+
+		Runtime.call(this, options, type, {
+			access_binary: function(value) {
+				return value && I.mode === 'browser';
+			},
+			access_image_binary: function(value) {
+				return value && I.mode === 'browser';
+			},
+			display_media: Runtime.capTrue,
+			do_cors: Runtime.capTrue,
+			drag_and_drop: false,
+			report_upload_progress: function() {
+				return I.mode === 'client';
+			},
+			resize_image: Runtime.capTrue,
+			return_response_headers: false,
+			return_response_type: function(responseType) {
+				if (responseType === 'json' && !!window.JSON) {
+					return true;
+				} 
+				return !Basic.arrayDiff(responseType, ['', 'text', 'document']) || I.mode === 'browser';
+			},
+			return_status_code: function(code) {
+				return I.mode === 'browser' || !Basic.arrayDiff(code, [200, 404]);
+			},
+			select_file: Runtime.capTrue,
+			select_multiple: Runtime.capTrue,
+			send_binary_string: function(value) {
+				return value && I.mode === 'browser';
+			},
+			send_browser_cookies: function(value) {
+				return value && I.mode === 'browser';
+			},
+			send_custom_headers: function(value) {
+				return value && I.mode === 'browser';
+			},
+			send_multipart: Runtime.capTrue,
+			slice_blob: Runtime.capTrue,
+			stream_upload: function(value) {
+				return value && I.mode === 'browser';
+			},
+			summon_file_dialog: false,
+			upload_filesize: function(size) {
+				return Basic.parseSizeStr(size) <= 2097152 || I.mode === 'client';
+			},
+			use_http_method: function(methods) {
+				return !Basic.arrayDiff(methods, ['GET', 'POST']);
+			}
+		}, { 
+			// capabilities that require specific mode
+			access_binary: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			access_image_binary: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			report_upload_progress: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			return_response_type: function(responseType) {
+				return Basic.arrayDiff(responseType, ['', 'text', 'json', 'document']) ? 'browser' : ['client', 'browser'];
+			},
+			return_status_code: function(code) {
+				return Basic.arrayDiff(code, [200, 404]) ? 'browser' : ['client', 'browser'];
+			},
+			send_binary_string: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			send_browser_cookies: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			send_custom_headers: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			stream_upload: function(value) {
+				return value ? 'client' : 'browser';
+			},
+			upload_filesize: function(size) {
+				return Basic.parseSizeStr(size) >= 2097152 ? 'client' : 'browser';
+			}
+		}, 'client');
+
+
+		// minimal requirement for Flash Player version
+		if (getShimVersion() < 10) {
+			this.mode = false; // with falsy mode, runtime won't operable, no matter what the mode was before
+		}
+
+
+		Basic.extend(this, {
+
+			getShim: function() {
+				return Dom.get(this.uid);
+			},
+
+			shimExec: function(component, action) {
+				var args = [].slice.call(arguments, 2);
+				return I.getShim().exec(this.uid, component, action, args);
+			},
+
+			init: function() {
+				var html, el, container;
+
+				container = this.getShimContainer();
+
+				// if not the minimal height, shims are not initialized in older browsers (e.g FF3.6, IE6,7,8, Safari 4.0,5.0, etc)
+				Basic.extend(container.style, {
+					position: 'absolute',
+					top: '-8px',
+					left: '-8px',
+					width: '9px',
+					height: '9px',
+					overflow: 'hidden'
+				});
+
+				// insert flash object
+				html = '<object id="' + this.uid + '" type="application/x-shockwave-flash" data="' +  options.swf_url + '" ';
+
+				if (Env.browser === 'IE') {
+					html += 'classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" ';
+				}
+
+				html += 'width="100%" height="100%" style="outline:0">'  +
+					'<param name="movie" value="' + options.swf_url + '" />' +
+					'<param name="flashvars" value="uid=' + escape(this.uid) + '&target=' + Env.global_event_dispatcher + '" />' +
+					'<param name="wmode" value="transparent" />' +
+					'<param name="allowscriptaccess" value="always" />' +
+				'</object>';
+
+				if (Env.browser === 'IE') {
+					el = document.createElement('div');
+					container.appendChild(el);
+					el.outerHTML = html;
+					el = container = null; // just in case
+				} else {
+					container.innerHTML = html;
+				}
+
+				// Init is dispatched by the shim
+				initTimer = setTimeout(function() {
+					if (I && !I.initialized) { // runtime might be already destroyed by this moment
+						I.trigger("Error", new x.RuntimeError(x.RuntimeError.NOT_INIT_ERR));
+					}
+				}, 5000);
+			},
+
+			destroy: (function(destroy) { // extend default destroy method
+				return function() {
+					destroy.call(I);
+					clearTimeout(initTimer); // initialization check might be still onwait
+					options = initTimer = destroy = I = null;
+				};
+			}(this.destroy))
+
+		}, extensions);
+	}
+
+	Runtime.addConstructor(type, FlashRuntime);
+
+	return extensions;
+});
+
+// Included from: src/javascript/runtime/flash/file/Blob.js
+
+/**
+ * Blob.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/file/Blob
+@private
+*/
+define("moxie/runtime/flash/file/Blob", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/file/Blob"
+], function(extensions, Blob) {
+
+	var FlashBlob = {
+		slice: function(blob, start, end, type) {
+			var self = this.getRuntime();
+
+			if (start < 0) {
+				start = Math.max(blob.size + start, 0);
+			} else if (start > 0) {
+				start = Math.min(start, blob.size);
+			}
+
+			if (end < 0) {
+				end = Math.max(blob.size + end, 0);
+			} else if (end > 0) {
+				end = Math.min(end, blob.size);
+			}
+
+			blob = self.shimExec.call(this, 'Blob', 'slice', start, end, type || '');
+
+			if (blob) {
+				blob = new Blob(self.uid, blob);
+			}
+			return blob;
+		}
+	};
+
+	return (extensions.Blob = FlashBlob);
+});
+
+// Included from: src/javascript/runtime/flash/file/FileInput.js
+
+/**
+ * FileInput.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/file/FileInput
+@private
+*/
+define("moxie/runtime/flash/file/FileInput", [
+	"moxie/runtime/flash/Runtime"
+], function(extensions) {
+	
+	var FileInput = {		
+		init: function(options) {
+			this.getRuntime().shimExec.call(this, 'FileInput', 'init', {
+				name: options.name,
+				accept: options.accept,
+				multiple: options.multiple
+			});
+			this.trigger('ready');
+		}
+	};
+
+	return (extensions.FileInput = FileInput);
+});
+
+// Included from: src/javascript/runtime/flash/file/FileReader.js
+
+/**
+ * FileReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/file/FileReader
+@private
+*/
+define("moxie/runtime/flash/file/FileReader", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/core/utils/Encode"
+], function(extensions, Encode) {
+
+	var _result = '';
+
+	function _formatData(data, op) {
+		switch (op) {
+			case 'readAsText':
+				return Encode.atob(data, 'utf8');
+			case 'readAsBinaryString':
+				return Encode.atob(data);
+			case 'readAsDataURL':
+				return data;
+		}
+		return null;
+	}
+
+	var FileReader = {
+		read: function(op, blob) {
+			var target = this, self = target.getRuntime();
+
+			// special prefix for DataURL read mode
+			if (op === 'readAsDataURL') {
+				_result = 'data:' + (blob.type || '') + ';base64,';
+			}
+
+			target.bind('Progress', function(e, data) {
+				if (data) {
+					_result += _formatData(data, op);
+				}
+			});
+
+			return self.shimExec.call(this, 'FileReader', 'readAsBase64', blob.uid);
+		},
+
+		getResult: function() {
+			return _result;
+		},
+
+		destroy: function() {
+			_result = null;
+		}
+	};
+
+	return (extensions.FileReader = FileReader);
+});
+
+// Included from: src/javascript/runtime/flash/file/FileReaderSync.js
+
+/**
+ * FileReaderSync.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/file/FileReaderSync
+@private
+*/
+define("moxie/runtime/flash/file/FileReaderSync", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/core/utils/Encode"
+], function(extensions, Encode) {
+	
+	function _formatData(data, op) {
+		switch (op) {
+			case 'readAsText':
+				return Encode.atob(data, 'utf8');
+			case 'readAsBinaryString':
+				return Encode.atob(data);
+			case 'readAsDataURL':
+				return data;
+		}
+		return null;
+	}
+
+	var FileReaderSync = {
+		read: function(op, blob) {
+			var result, self = this.getRuntime();
+
+			result = self.shimExec.call(this, 'FileReaderSync', 'readAsBase64', blob.uid);
+			if (!result) {
+				return null; // or throw ex
+			}
+
+			// special prefix for DataURL read mode
+			if (op === 'readAsDataURL') {
+				result = 'data:' + (blob.type || '') + ';base64,' + result;
+			}
+
+			return _formatData(result, op, blob.type);
+		}
+	};
+
+	return (extensions.FileReaderSync = FileReaderSync);
+});
+
+// Included from: src/javascript/runtime/flash/xhr/XMLHttpRequest.js
+
+/**
+ * XMLHttpRequest.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/xhr/XMLHttpRequest
+@private
+*/
+define("moxie/runtime/flash/xhr/XMLHttpRequest", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/file/Blob",
+	"moxie/file/File",
+	"moxie/file/FileReaderSync",
+	"moxie/xhr/FormData",
+	"moxie/runtime/Transporter"
+], function(extensions, Basic, Blob, File, FileReaderSync, FormData, Transporter) {
+	
+	var XMLHttpRequest = {
+
+		send: function(meta, data) {
+			var target = this, self = target.getRuntime();
+
+			function send() {
+				meta.transport = self.mode;
+				self.shimExec.call(target, 'XMLHttpRequest', 'send', meta, data);
+			}
+
+
+			function appendBlob(name, blob) {
+				self.shimExec.call(target, 'XMLHttpRequest', 'appendBlob', name, blob.uid);
+				data = null;
+				send();
+			}
+
+
+			function attachBlob(blob, cb) {
+				var tr = new Transporter();
+
+				tr.bind("TransportingComplete", function() {
+					cb(this.result);
+				});
+
+				tr.transport(blob.getSource(), blob.type, {
+					ruid: self.uid
+				});
+			}
+
+			// copy over the headers if any
+			if (!Basic.isEmptyObj(meta.headers)) {
+				Basic.each(meta.headers, function(value, header) {
+					self.shimExec.call(target, 'XMLHttpRequest', 'setRequestHeader', header, value.toString()); // Silverlight doesn't accept integers into the arguments of type object
+				});
+			}
+
+			// transfer over multipart params and blob itself
+			if (data instanceof FormData) {
+				var blobField;
+				data.each(function(value, name) {
+					if (value instanceof Blob) {
+						blobField = name;
+					} else {
+						self.shimExec.call(target, 'XMLHttpRequest', 'append', name, value);
+					}
+				});
+
+				if (!data.hasBlob()) {
+					data = null;
+					send();
+				} else {
+					var blob = data.getBlob();
+					if (blob.isDetached()) {
+						attachBlob(blob, function(attachedBlob) {
+							blob.destroy();
+							appendBlob(blobField, attachedBlob);		
+						});
+					} else {
+						appendBlob(blobField, blob);
+					}
+				}
+			} else if (data instanceof Blob) {
+				if (data.isDetached()) {
+					attachBlob(data, function(attachedBlob) {
+						data.destroy();
+						data = attachedBlob.uid;
+						send();
+					});
+				} else {
+					data = data.uid;
+					send();
+				}
+			} else {
+				send();
+			}
+		},
+
+		getResponse: function(responseType) {
+			var frs, blob, self = this.getRuntime();
+
+			blob = self.shimExec.call(this, 'XMLHttpRequest', 'getResponseAsBlob');
+
+			if (blob) {
+				blob = new File(self.uid, blob);
+
+				if ('blob' === responseType) {
+					return blob;
+				}
+
+				try { 
+					frs = new FileReaderSync();
+
+					if (!!~Basic.inArray(responseType, ["", "text"])) {
+						return frs.readAsText(blob);
+					} else if ('json' === responseType && !!window.JSON) {
+						return JSON.parse(frs.readAsText(blob));
+					}
+				} finally {
+					blob.destroy();
+				}
+			}
+			return null;
+		},
+
+		abort: function(upload_complete_flag) {
+			var self = this.getRuntime();
+
+			self.shimExec.call(this, 'XMLHttpRequest', 'abort');
+
+			this.dispatchEvent('readystatechange');
+			// this.dispatchEvent('progress');
+			this.dispatchEvent('abort');
+
+			//if (!upload_complete_flag) {
+				// this.dispatchEvent('uploadprogress');
+			//}
+		}
+	};
+
+	return (extensions.XMLHttpRequest = XMLHttpRequest);
+});
+
+// Included from: src/javascript/runtime/flash/runtime/Transporter.js
+
+/**
+ * Transporter.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/runtime/Transporter
+@private
+*/
+define("moxie/runtime/flash/runtime/Transporter", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/file/Blob"
+], function(extensions, Blob) {
+
+	var Transporter = {
+		getAsBlob: function(type) {
+			var self = this.getRuntime()
+			, blob = self.shimExec.call(this, 'Transporter', 'getAsBlob', type)
+			;
+			if (blob) {
+				return new Blob(self.uid, blob);
+			}
+			return null;
+		}
+	};
+
+	return (extensions.Transporter = Transporter);
+});
+
+// Included from: src/javascript/runtime/flash/image/Image.js
+
+/**
+ * Image.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/flash/image/Image
+@private
+*/
+define("moxie/runtime/flash/image/Image", [
+	"moxie/runtime/flash/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/Transporter",
+	"moxie/file/Blob",
+	"moxie/file/FileReaderSync"
+], function(extensions, Basic, Transporter, Blob, FileReaderSync) {
+	
+	var Image = {
+		loadFromBlob: function(blob) {
+			var comp = this, self = comp.getRuntime();
+
+			function exec(srcBlob) {
+				self.shimExec.call(comp, 'Image', 'loadFromBlob', srcBlob.uid);
+				comp = self = null;
+			}
+
+			if (blob.isDetached()) { // binary string
+				var tr = new Transporter();
+				tr.bind("TransportingComplete", function() {
+					exec(tr.result.getSource());
+				});
+				tr.transport(blob.getSource(), blob.type, { ruid: self.uid });
+			} else {
+				exec(blob.getSource());
+			}
+		},
+
+		loadFromImage: function(img) {
+			var self = this.getRuntime();
+			return self.shimExec.call(this, 'Image', 'loadFromImage', img.uid);
+		},
+
+		getAsBlob: function(type, quality) {
+			var self = this.getRuntime()
+			, blob = self.shimExec.call(this, 'Image', 'getAsBlob', type, quality)
+			;
+			if (blob) {
+				return new Blob(self.uid, blob);
+			}
+			return null;
+		},
+
+		getAsDataURL: function() {
+			var self = this.getRuntime()
+			, blob = self.Image.getAsBlob.apply(this, arguments)
+			, frs
+			;
+			if (!blob) {
+				return null;
+			}
+			frs = new FileReaderSync();
+			return frs.readAsDataURL(blob);
+		}
+	};
+
+	return (extensions.Image = Image);
+});
+
+// Included from: src/javascript/runtime/silverlight/Runtime.js
+
+/**
+ * RunTime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global ActiveXObject:true */
+
+/**
+Defines constructor for Silverlight runtime.
+
+@class moxie/runtime/silverlight/Runtime
+@private
+*/
+define("moxie/runtime/silverlight/Runtime", [
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Env",
+	"moxie/core/utils/Dom",
+	"moxie/core/Exceptions",
+	"moxie/runtime/Runtime"
+], function(Basic, Env, Dom, x, Runtime) {
+	
+	var type = "silverlight", extensions = {};
+
+	function isInstalled(version) {
+		var isVersionSupported = false, control = null, actualVer,
+			actualVerArray, reqVerArray, requiredVersionPart, actualVersionPart, index = 0;
+
+		try {
+			try {
+				control = new ActiveXObject('AgControl.AgControl');
+
+				if (control.IsVersionSupported(version)) {
+					isVersionSupported = true;
+				}
+
+				control = null;
+			} catch (e) {
+				var plugin = navigator.plugins["Silverlight Plug-In"];
+
+				if (plugin) {
+					actualVer = plugin.description;
+
+					if (actualVer === "1.0.30226.2") {
+						actualVer = "2.0.30226.2";
+					}
+
+					actualVerArray = actualVer.split(".");
+
+					while (actualVerArray.length > 3) {
+						actualVerArray.pop();
+					}
+
+					while ( actualVerArray.length < 4) {
+						actualVerArray.push(0);
+					}
+
+					reqVerArray = version.split(".");
+
+					while (reqVerArray.length > 4) {
+						reqVerArray.pop();
+					}
+
+					do {
+						requiredVersionPart = parseInt(reqVerArray[index], 10);
+						actualVersionPart = parseInt(actualVerArray[index], 10);
+						index++;
+					} while (index < reqVerArray.length && requiredVersionPart === actualVersionPart);
+
+					if (requiredVersionPart <= actualVersionPart && !isNaN(requiredVersionPart)) {
+						isVersionSupported = true;
+					}
+				}
+			}
+		} catch (e2) {
+			isVersionSupported = false;
+		}
+
+		return isVersionSupported;
+	}
+
+	/**
+	Constructor for the Silverlight Runtime
+
+	@class SilverlightRuntime
+	@extends Runtime
+	*/
+	function SilverlightRuntime(options) {
+		var I = this, initTimer;
+
+		options = Basic.extend({ xap_url: Env.xap_url }, options);
+
+		Runtime.call(this, options, type, {
+			access_binary: Runtime.capTrue,
+			access_image_binary: Runtime.capTrue,
+			display_media: Runtime.capTrue,
+			do_cors: Runtime.capTrue,
+			drag_and_drop: false,
+			report_upload_progress: Runtime.capTrue,
+			resize_image: Runtime.capTrue,
+			return_response_headers: function(value) {
+				return value && I.mode === 'client';
+			},
+			return_response_type: function(responseType) {
+				if (responseType !== 'json') {
+					return true;
+				} else {
+					return !!window.JSON;
+				}
+			},
+			return_status_code: function(code) {
+				return I.mode === 'client' || !Basic.arrayDiff(code, [200, 404]);
+			},
+			select_file: Runtime.capTrue,
+			select_multiple: Runtime.capTrue,
+			send_binary_string: Runtime.capTrue,
+			send_browser_cookies: function(value) {
+				return value && I.mode === 'browser';
+			},
+			send_custom_headers: function(value) {
+				return value && I.mode === 'client';
+			},
+			send_multipart: Runtime.capTrue,
+			slice_blob: Runtime.capTrue,
+			stream_upload: true,
+			summon_file_dialog: false,
+			upload_filesize: Runtime.capTrue,
+			use_http_method: function(methods) {
+				return I.mode === 'client' || !Basic.arrayDiff(methods, ['GET', 'POST']);
+			}
+		}, { 
+			// capabilities that require specific mode
+			return_response_headers: function(value) {
+				return value ? 'client' : 'browser';
+			},
+			return_status_code: function(code) {
+				return Basic.arrayDiff(code, [200, 404]) ? 'client' : ['client', 'browser'];
+			},
+			send_browser_cookies: function(value) {
+				return value ? 'browser' : 'client';
+			},
+			send_custom_headers: function(value) {
+				return value ? 'client' : 'browser';
+			},
+			use_http_method: function(methods) {
+				return Basic.arrayDiff(methods, ['GET', 'POST']) ? 'client' : ['client', 'browser'];
+			}
+		});
+
+
+		// minimal requirement
+		if (!isInstalled('2.0.31005.0') || Env.browser === 'Opera') {
+			this.mode = false;
+		}
+
+
+		Basic.extend(this, {
+			getShim: function() {
+				return Dom.get(this.uid).content.Moxie;
+			},
+
+			shimExec: function(component, action) {
+				var args = [].slice.call(arguments, 2);
+				return I.getShim().exec(this.uid, component, action, args);
+			},
+
+			init : function() {
+				var container;
+
+				container = this.getShimContainer();
+
+				container.innerHTML = '<object id="' + this.uid + '" data="data:application/x-silverlight," type="application/x-silverlight-2" width="100%" height="100%" style="outline:none;">' +
+					'<param name="source" value="' + options.xap_url + '"/>' +
+					'<param name="background" value="Transparent"/>' +
+					'<param name="windowless" value="true"/>' +
+					'<param name="enablehtmlaccess" value="true"/>' +
+					'<param name="initParams" value="uid=' + this.uid + ',target=' + Env.global_event_dispatcher + '"/>' +
+				'</object>';
+
+				// Init is dispatched by the shim
+				initTimer = setTimeout(function() {
+					if (I && !I.initialized) { // runtime might be already destroyed by this moment
+						I.trigger("Error", new x.RuntimeError(x.RuntimeError.NOT_INIT_ERR));
+					}
+				}, Env.OS !== 'Windows'? 10000 : 5000); // give it more time to initialize in non Windows OS (like Mac)
+			},
+
+			destroy: (function(destroy) { // extend default destroy method
+				return function() {
+					destroy.call(I);
+					clearTimeout(initTimer); // initialization check might be still onwait
+					options = initTimer = destroy = I = null;
+				};
+			}(this.destroy))
+
+		}, extensions);
+	}
+
+	Runtime.addConstructor(type, SilverlightRuntime); 
+
+	return extensions;
+});
+
+// Included from: src/javascript/runtime/silverlight/file/Blob.js
+
+/**
+ * Blob.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/file/Blob
+@private
+*/
+define("moxie/runtime/silverlight/file/Blob", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/file/Blob"
+], function(extensions, Basic, Blob) {
+	return (extensions.Blob = Basic.extend({}, Blob));
+});
+
+// Included from: src/javascript/runtime/silverlight/file/FileInput.js
+
+/**
+ * FileInput.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/file/FileInput
+@private
+*/
+define("moxie/runtime/silverlight/file/FileInput", [
+	"moxie/runtime/silverlight/Runtime"
+], function(extensions) {
+	
+	var FileInput = {
+		init: function(options) {
+
+			function toFilters(accept) {
+				var filter = '';
+				for (var i = 0; i < accept.length; i++) {
+					filter += (filter !== '' ? '|' : '') + accept[i].title + " | *." + accept[i].extensions.replace(/,/g, ';*.');
+				}
+				return filter;
+			}
+			
+			this.getRuntime().shimExec.call(this, 'FileInput', 'init', toFilters(options.accept), options.name, options.multiple);
+			this.trigger('ready');
+		}
+	};
+
+	return (extensions.FileInput = FileInput);
+});
+
+// Included from: src/javascript/runtime/silverlight/file/FileDrop.js
+
+/**
+ * FileDrop.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/file/FileDrop
+@private
+*/
+define("moxie/runtime/silverlight/file/FileDrop", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Dom", 
+	"moxie/core/utils/Events"
+], function(extensions, Dom, Events) {
+
+	// not exactly useful, since works only in safari (...crickets...)
+	var FileDrop = {
+		init: function() {
+			var comp = this, self = comp.getRuntime(), dropZone;
+
+			dropZone = self.getShimContainer();
+
+			Events.addEvent(dropZone, 'dragover', function(e) {
+				e.preventDefault();
+				e.stopPropagation();
+				e.dataTransfer.dropEffect = 'copy';
+			}, comp.uid);
+
+			Events.addEvent(dropZone, 'dragenter', function(e) {
+				e.preventDefault();
+				var flag = Dom.get(self.uid).dragEnter(e);
+				// If handled, then stop propagation of event in DOM
+				if (flag) {
+					e.stopPropagation();
+				}
+			}, comp.uid);
+
+			Events.addEvent(dropZone, 'drop', function(e) {
+				e.preventDefault();
+				var flag = Dom.get(self.uid).dragDrop(e);
+				// If handled, then stop propagation of event in DOM
+				if (flag) {
+					e.stopPropagation();
+				}
+			}, comp.uid);
+
+			return self.shimExec.call(this, 'FileDrop', 'init');
+		}
+	};
+
+	return (extensions.FileDrop = FileDrop);
+});
+
+// Included from: src/javascript/runtime/silverlight/file/FileReader.js
+
+/**
+ * FileReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/file/FileReader
+@private
+*/
+define("moxie/runtime/silverlight/file/FileReader", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/file/FileReader"
+], function(extensions, Basic, FileReader) {
+	return (extensions.FileReader = Basic.extend({}, FileReader));
+});
+
+// Included from: src/javascript/runtime/silverlight/file/FileReaderSync.js
+
+/**
+ * FileReaderSync.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/file/FileReaderSync
+@private
+*/
+define("moxie/runtime/silverlight/file/FileReaderSync", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/file/FileReaderSync"
+], function(extensions, Basic, FileReaderSync) {
+	return (extensions.FileReaderSync = Basic.extend({}, FileReaderSync));
+});
+
+// Included from: src/javascript/runtime/silverlight/xhr/XMLHttpRequest.js
+
+/**
+ * XMLHttpRequest.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/xhr/XMLHttpRequest
+@private
+*/
+define("moxie/runtime/silverlight/xhr/XMLHttpRequest", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/xhr/XMLHttpRequest"
+], function(extensions, Basic, XMLHttpRequest) {
+	return (extensions.XMLHttpRequest = Basic.extend({}, XMLHttpRequest));
+});
+
+// Included from: src/javascript/runtime/silverlight/runtime/Transporter.js
+
+/**
+ * Transporter.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/silverlight/runtime/Transporter
+@private
+*/
+define("moxie/runtime/silverlight/runtime/Transporter", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/runtime/Transporter"
+], function(extensions, Basic, Transporter) {
+	return (extensions.Transporter = Basic.extend({}, Transporter));
+});
+
+// Included from: src/javascript/runtime/silverlight/image/Image.js
+
+/**
+ * Image.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+ 
+/**
+@class moxie/runtime/silverlight/image/Image
+@private
+*/
+define("moxie/runtime/silverlight/image/Image", [
+	"moxie/runtime/silverlight/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/runtime/flash/image/Image"
+], function(extensions, Basic, Image) {
+	return (extensions.Image = Basic.extend({}, Image, {
+
+		getInfo: function() {
+			var self = this.getRuntime()
+			, grps = ['tiff', 'exif', 'gps']
+			, info = { meta: {} }
+			, rawInfo = self.shimExec.call(this, 'Image', 'getInfo')
+			;
+
+			if (rawInfo.meta) {
+				Basic.each(grps, function(grp) {
+					var meta = rawInfo.meta[grp]
+					, tag
+					, i
+					, length
+					, value
+					;
+					if (meta && meta.keys) {
+						info.meta[grp] = {};
+						for (i = 0, length = meta.keys.length; i < length; i++) {
+							tag = meta.keys[i];
+							value = meta[tag];
+							if (value) {
+								// convert numbers
+								if (/^(\d|[1-9]\d+)$/.test(value)) { // integer (make sure doesn't start with zero)
+									value = parseInt(value, 10);
+								} else if (/^\d*\.\d+$/.test(value)) { // double
+									value = parseFloat(value);
+								}
+								info.meta[grp][tag] = value;
+							}
+						}
+					}
+				});
+			}
+
+			info.width = parseInt(rawInfo.width, 10);
+			info.height = parseInt(rawInfo.height, 10);
+			info.size = parseInt(rawInfo.size, 10);
+			info.type = rawInfo.type;
+			info.name = rawInfo.name;
+
+			return info;
+		}
+	}));
+});
+
+// Included from: src/javascript/runtime/html4/Runtime.js
+
+/**
+ * Runtime.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global File:true */
+
+/**
+Defines constructor for HTML4 runtime.
+
+@class moxie/runtime/html4/Runtime
+@private
+*/
+define("moxie/runtime/html4/Runtime", [
+	"moxie/core/utils/Basic",
+	"moxie/core/Exceptions",
+	"moxie/runtime/Runtime",
+	"moxie/core/utils/Env"
+], function(Basic, x, Runtime, Env) {
+	
+	var type = 'html4', extensions = {};
+
+	function Html4Runtime(options) {
+		var I = this
+		, Test = Runtime.capTest
+		, True = Runtime.capTrue
+		;
+
+		Runtime.call(this, options, type, {
+			access_binary: Test(window.FileReader || window.File && File.getAsDataURL),
+			access_image_binary: false,
+			display_media: Test(extensions.Image && (Env.can('create_canvas') || Env.can('use_data_uri_over32kb'))),
+			do_cors: false,
+			drag_and_drop: false,
+			filter_by_extension: Test(function() { // if you know how to feature-detect this, please suggest
+				return (Env.browser === 'Chrome' && Env.version >= 28) || (Env.browser === 'IE' && Env.version >= 10);
+			}()),
+			resize_image: function() {
+				return extensions.Image && I.can('access_binary') && Env.can('create_canvas');
+			},
+			report_upload_progress: false,
+			return_response_headers: false,
+			return_response_type: function(responseType) {
+				if (responseType === 'json' && !!window.JSON) {
+					return true;
+				} 
+				return !!~Basic.inArray(responseType, ['text', 'document', '']);
+			},
+			return_status_code: function(code) {
+				return !Basic.arrayDiff(code, [200, 404]);
+			},
+			select_file: function() {
+				return Env.can('use_fileinput');
+			},
+			select_multiple: false,
+			send_binary_string: false,
+			send_custom_headers: false,
+			send_multipart: true,
+			slice_blob: false,
+			stream_upload: function() {
+				return I.can('select_file');
+			},
+			summon_file_dialog: Test(function() { // yeah... some dirty sniffing here...
+				return (Env.browser === 'Firefox' && Env.version >= 4) ||
+					(Env.browser === 'Opera' && Env.version >= 12) ||
+					!!~Basic.inArray(Env.browser, ['Chrome', 'Safari']);
+			}()),
+			upload_filesize: True,
+			use_http_method: function(methods) {
+				return !Basic.arrayDiff(methods, ['GET', 'POST']);
+			}
+		});
+
+
+		Basic.extend(this, {
+			init : function() {
+				this.trigger("Init");
+			},
+
+			destroy: (function(destroy) { // extend default destroy method
+				return function() {
+					destroy.call(I);
+					destroy = I = null;
+				};
+			}(this.destroy))
+		});
+
+		Basic.extend(this.getShim(), extensions);
+	}
+
+	Runtime.addConstructor(type, Html4Runtime);
+
+	return extensions;
+});
+
+// Included from: src/javascript/runtime/html4/file/FileInput.js
+
+/**
+ * FileInput.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html4/file/FileInput
+@private
+*/
+define("moxie/runtime/html4/file/FileInput", [
+	"moxie/runtime/html4/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/utils/Events",
+	"moxie/core/utils/Mime",
+	"moxie/core/utils/Env"
+], function(extensions, Basic, Dom, Events, Mime, Env) {
+	
+	function FileInput() {
+		var _uid, _files = [], _mimes = [], _options;
+
+		function addInput() {
+			var comp = this, I = comp.getRuntime(), shimContainer, browseButton, currForm, form, input, uid;
+
+			uid = Basic.guid('uid_');
+
+			shimContainer = I.getShimContainer(); // we get new ref everytime to avoid memory leaks in IE
+
+			if (_uid) { // move previous form out of the view
+				currForm = Dom.get(_uid + '_form');
+				if (currForm) {
+					Basic.extend(currForm.style, { top: '100%' });
+				}
+			}
+
+			// build form in DOM, since innerHTML version not able to submit file for some reason
+			form = document.createElement('form');
+			form.setAttribute('id', uid + '_form');
+			form.setAttribute('method', 'post');
+			form.setAttribute('enctype', 'multipart/form-data');
+			form.setAttribute('encoding', 'multipart/form-data');
+
+			Basic.extend(form.style, {
+				overflow: 'hidden',
+				position: 'absolute',
+				top: 0,
+				left: 0,
+				width: '100%',
+				height: '100%'
+			});
+
+			input = document.createElement('input');
+			input.setAttribute('id', uid);
+			input.setAttribute('type', 'file');
+			input.setAttribute('name', _options.name || 'Filedata');
+			input.setAttribute('accept', _mimes.join(','));
+
+			Basic.extend(input.style, {
+				fontSize: '999px',
+				opacity: 0
+			});
+
+			form.appendChild(input);
+			shimContainer.appendChild(form);
+
+			// prepare file input to be placed underneath the browse_button element
+			Basic.extend(input.style, {
+				position: 'absolute',
+				top: 0,
+				left: 0,
+				width: '100%',
+				height: '100%'
+			});
+
+			if (Env.browser === 'IE' && Env.version < 10) {
+				Basic.extend(input.style, {
+					filter : "progid:DXImageTransform.Microsoft.Alpha(opacity=0)"
+				});
+			}
+
+			input.onchange = function() { // there should be only one handler for this
+				var file;
+
+				if (!this.value) {
+					return;
+				}
+
+				if (this.files) {
+					file = this.files[0];
+				} else {
+					file = {
+						name: this.value
+					};
+				}
+
+				_files = [file];
+
+				this.onchange = function() {}; // clear event handler
+				addInput.call(comp);
+
+				// after file is initialized as o.File, we need to update form and input ids
+				comp.bind('change', function onChange() {
+					var input = Dom.get(uid), form = Dom.get(uid + '_form'), file;
+
+					comp.unbind('change', onChange);
+
+					if (comp.files.length && input && form) {
+						file = comp.files[0];
+
+						input.setAttribute('id', file.uid);
+						form.setAttribute('id', file.uid + '_form');
+
+						// set upload target
+						form.setAttribute('target', file.uid + '_iframe');
+					}
+					input = form = null;
+				}, 998);
+
+				input = form = null;
+				comp.trigger('change');
+			};
+
+
+			// route click event to the input
+			if (I.can('summon_file_dialog')) {
+				browseButton = Dom.get(_options.browse_button);
+				Events.removeEvent(browseButton, 'click', comp.uid);
+				Events.addEvent(browseButton, 'click', function(e) {
+					if (input && !input.disabled) { // for some reason FF (up to 8.0.1 so far) lets to click disabled input[type=file]
+						input.click();
+					}
+					e.preventDefault();
+				}, comp.uid);
+			}
+
+			_uid = uid;
+
+			shimContainer = currForm = browseButton = null;
+		}
+
+		Basic.extend(this, {
+			init: function(options) {
+				var comp = this, I = comp.getRuntime(), shimContainer;
+
+				// figure out accept string
+				_options = options;
+				_mimes = options.accept.mimes || Mime.extList2mimes(options.accept, I.can('filter_by_extension'));
+
+				shimContainer = I.getShimContainer();
+
+				(function() {
+					var browseButton, zIndex, top;
+
+					browseButton = Dom.get(options.browse_button);
+
+					// Route click event to the input[type=file] element for browsers that support such behavior
+					if (I.can('summon_file_dialog')) {
+						if (Dom.getStyle(browseButton, 'position') === 'static') {
+							browseButton.style.position = 'relative';
+						}
+
+						zIndex = parseInt(Dom.getStyle(browseButton, 'z-index'), 10) || 1;
+
+						browseButton.style.zIndex = zIndex;
+						shimContainer.style.zIndex = zIndex - 1;
+					}
+
+					/* Since we have to place input[type=file] on top of the browse_button for some browsers,
+					browse_button loses interactivity, so we restore it here */
+					top = I.can('summon_file_dialog') ? browseButton : shimContainer;
+
+					Events.addEvent(top, 'mouseover', function() {
+						comp.trigger('mouseenter');
+					}, comp.uid);
+
+					Events.addEvent(top, 'mouseout', function() {
+						comp.trigger('mouseleave');
+					}, comp.uid);
+
+					Events.addEvent(top, 'mousedown', function() {
+						comp.trigger('mousedown');
+					}, comp.uid);
+
+					Events.addEvent(Dom.get(options.container), 'mouseup', function() {
+						comp.trigger('mouseup');
+					}, comp.uid);
+
+					browseButton = null;
+				}());
+
+				addInput.call(this);
+
+				shimContainer = null;
+
+				// trigger ready event asynchronously
+				comp.trigger({
+					type: 'ready',
+					async: true
+				});
+			},
+
+			getFiles: function() {
+				return _files;
+			},
+
+			disable: function(state) {
+				var input;
+
+				if ((input = Dom.get(_uid))) {
+					input.disabled = !!state;
+				}
+			},
+
+			destroy: function() {
+				var I = this.getRuntime()
+				, shim = I.getShim()
+				, shimContainer = I.getShimContainer()
+				;
+				
+				Events.removeAllEvents(shimContainer, this.uid);
+				Events.removeAllEvents(_options && Dom.get(_options.container), this.uid);
+				Events.removeAllEvents(_options && Dom.get(_options.browse_button), this.uid);
+				
+				if (shimContainer) {
+					shimContainer.innerHTML = '';
+				}
+
+				shim.removeInstance(this.uid);
+
+				_uid = _files = _mimes = _options = shimContainer = shim = null;
+			}
+		});
+	}
+
+	return (extensions.FileInput = FileInput);
+});
+
+// Included from: src/javascript/runtime/html4/file/FileReader.js
+
+/**
+ * FileReader.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html4/file/FileReader
+@private
+*/
+define("moxie/runtime/html4/file/FileReader", [
+	"moxie/runtime/html4/Runtime",
+	"moxie/runtime/html5/file/FileReader"
+], function(extensions, FileReader) {
+	return (extensions.FileReader = FileReader);
+});
+
+// Included from: src/javascript/runtime/html4/xhr/XMLHttpRequest.js
+
+/**
+ * XMLHttpRequest.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html4/xhr/XMLHttpRequest
+@private
+*/
+define("moxie/runtime/html4/xhr/XMLHttpRequest", [
+	"moxie/runtime/html4/Runtime",
+	"moxie/core/utils/Basic",
+	"moxie/core/utils/Dom",
+	"moxie/core/utils/Url",
+	"moxie/core/Exceptions",
+	"moxie/core/utils/Events",
+	"moxie/file/Blob",
+	"moxie/xhr/FormData"
+], function(extensions, Basic, Dom, Url, x, Events, Blob, FormData) {
+	
+	function XMLHttpRequest() {
+		var _status, _response, _iframe;
+
+		function cleanup(cb) {
+			var target = this, uid, form, inputs, i, hasFile = false;
+
+			if (!_iframe) {
+				return;
+			}
+
+			uid = _iframe.id.replace(/_iframe$/, '');
+
+			form = Dom.get(uid + '_form');
+			if (form) {
+				inputs = form.getElementsByTagName('input');
+				i = inputs.length;
+
+				while (i--) {
+					switch (inputs[i].getAttribute('type')) {
+						case 'hidden':
+							inputs[i].parentNode.removeChild(inputs[i]);
+							break;
+						case 'file':
+							hasFile = true; // flag the case for later
+							break;
+					}
+				}
+				inputs = [];
+
+				if (!hasFile) { // we need to keep the form for sake of possible retries
+					form.parentNode.removeChild(form);
+				}
+				form = null;
+			}
+
+			// without timeout, request is marked as canceled (in console)
+			setTimeout(function() {
+				Events.removeEvent(_iframe, 'load', target.uid);
+				if (_iframe.parentNode) { // #382
+					_iframe.parentNode.removeChild(_iframe);
+				}
+
+				// check if shim container has any other children, if - not, remove it as well
+				var shimContainer = target.getRuntime().getShimContainer();
+				if (!shimContainer.children.length) {
+					shimContainer.parentNode.removeChild(shimContainer);
+				}
+
+				shimContainer = _iframe = null;
+				cb();
+			}, 1);
+		}
+
+		Basic.extend(this, {
+			send: function(meta, data) {
+				var target = this, I = target.getRuntime(), uid, form, input, blob;
+
+				_status = _response = null;
+
+				function createIframe() {
+					var container = I.getShimContainer() || document.body
+					, temp = document.createElement('div')
+					;
+
+					// IE 6 won't be able to set the name using setAttribute or iframe.name
+					temp.innerHTML = '<iframe id="' + uid + '_iframe" name="' + uid + '_iframe" src="javascript:&quot;&quot;" style="display:none"></iframe>';
+					_iframe = temp.firstChild;
+					container.appendChild(_iframe);
+
+					/* _iframe.onreadystatechange = function() {
+						console.info(_iframe.readyState);
+					};*/
+
+					Events.addEvent(_iframe, 'load', function() { // _iframe.onload doesn't work in IE lte 8
+						var el;
+
+						try {
+							el = _iframe.contentWindow.document || _iframe.contentDocument || window.frames[_iframe.id].document;
+
+							// try to detect some standard error pages
+							if (/^4(0[0-9]|1[0-7]|2[2346])\s/.test(el.title)) { // test if title starts with 4xx HTTP error
+								_status = el.title.replace(/^(\d+).*$/, '$1');
+							} else {
+								_status = 200;
+								// get result
+								_response = Basic.trim(el.body.innerHTML);
+
+								// we need to fire these at least once
+								target.trigger({
+									type: 'progress',
+									loaded: _response.length,
+									total: _response.length
+								});
+
+								if (blob) { // if we were uploading a file
+									target.trigger({
+										type: 'uploadprogress',
+										loaded: blob.size || 1025,
+										total: blob.size || 1025
+									});
+								}
+							}
+						} catch (ex) {
+							if (Url.hasSameOrigin(meta.url)) {
+								// if response is sent with error code, iframe in IE gets redirected to res://ieframe.dll/http_x.htm
+								// which obviously results to cross domain error (wtf?)
+								_status = 404;
+							} else {
+								cleanup.call(target, function() {
+									target.trigger('error');
+								});
+								return;
+							}
+						}	
+					
+						cleanup.call(target, function() {
+							target.trigger('load');
+						});
+					}, target.uid);
+				} // end createIframe
+
+				// prepare data to be sent and convert if required
+				if (data instanceof FormData && data.hasBlob()) {
+					blob = data.getBlob();
+					uid = blob.uid;
+					input = Dom.get(uid);
+					form = Dom.get(uid + '_form');
+					if (!form) {
+						throw new x.DOMException(x.DOMException.NOT_FOUND_ERR);
+					}
+				} else {
+					uid = Basic.guid('uid_');
+
+					form = document.createElement('form');
+					form.setAttribute('id', uid + '_form');
+					form.setAttribute('method', meta.method);
+					form.setAttribute('enctype', 'multipart/form-data');
+					form.setAttribute('encoding', 'multipart/form-data');
+					form.setAttribute('target', uid + '_iframe');
+
+					I.getShimContainer().appendChild(form);
+				}
+
+				if (data instanceof FormData) {
+					data.each(function(value, name) {
+						if (value instanceof Blob) {
+							if (input) {
+								input.setAttribute('name', name);
+							}
+						} else {
+							var hidden = document.createElement('input');
+
+							Basic.extend(hidden, {
+								type : 'hidden',
+								name : name,
+								value : value
+							});
+
+							// make sure that input[type="file"], if it's there, comes last
+							if (input) {
+								form.insertBefore(hidden, input);
+							} else {
+								form.appendChild(hidden);
+							}
+						}
+					});
+				}
+
+				// set destination url
+				form.setAttribute("action", meta.url);
+
+				createIframe();
+				form.submit();
+				target.trigger('loadstart');
+			},
+
+			getStatus: function() {
+				return _status;
+			},
+
+			getResponse: function(responseType) {
+				if ('json' === responseType) {
+					// strip off <pre>..</pre> tags that might be enclosing the response
+					if (Basic.typeOf(_response) === 'string' && !!window.JSON) {
+						try {
+							return JSON.parse(_response.replace(/^\s*<pre[^>]*>/, '').replace(/<\/pre>\s*$/, ''));
+						} catch (ex) {
+							return null;
+						}
+					} 
+				} else if ('document' === responseType) {
+
+				}
+				return _response;
+			},
+
+			abort: function() {
+				var target = this;
+
+				if (_iframe && _iframe.contentWindow) {
+					if (_iframe.contentWindow.stop) { // FireFox/Safari/Chrome
+						_iframe.contentWindow.stop();
+					} else if (_iframe.contentWindow.document.execCommand) { // IE
+						_iframe.contentWindow.document.execCommand('Stop');
+					} else {
+						_iframe.src = "about:blank";
+					}
+				}
+
+				cleanup.call(this, function() {
+					// target.dispatchEvent('readystatechange');
+					target.dispatchEvent('abort');
+				});
+			}
+		});
+	}
+
+	return (extensions.XMLHttpRequest = XMLHttpRequest);
+});
+
+// Included from: src/javascript/runtime/html4/image/Image.js
+
+/**
+ * Image.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/**
+@class moxie/runtime/html4/image/Image
+@private
+*/
+define("moxie/runtime/html4/image/Image", [
+	"moxie/runtime/html4/Runtime",
+	"moxie/runtime/html5/image/Image"
+], function(extensions, Image) {
+	return (extensions.Image = Image);
+});
+
+expose(["moxie/core/utils/Basic","moxie/core/I18n","moxie/core/utils/Mime","moxie/core/utils/Env","moxie/core/utils/Dom","moxie/core/Exceptions","moxie/core/EventTarget","moxie/core/utils/Encode","moxie/runtime/Runtime","moxie/runtime/RuntimeClient","moxie/file/Blob","moxie/file/File","moxie/file/FileInput","moxie/file/FileDrop","moxie/runtime/RuntimeTarget","moxie/file/FileReader","moxie/core/utils/Url","moxie/file/FileReaderSync","moxie/xhr/FormData","moxie/xhr/XMLHttpRequest","moxie/runtime/Transporter","moxie/image/Image","moxie/core/utils/Events"]);
+})(this);/**
+ * o.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global moxie:true */
+
+/**
+Globally exposed namespace with the most frequently used public classes and handy methods.
+
+@class o
+@static
+@private
+*/
+(function() {
+	"use strict";
+
+	var o = {}, inArray = moxie.core.utils.Basic.inArray;
+
+	// directly add some public classes
+	// (we do it dynamically here, since for custom builds we cannot know beforehand what modules were included)
+	(function addAlias(ns) {
+		var name, itemType;
+		for (name in ns) {
+			itemType = typeof(ns[name]);
+			if (itemType === 'object' && !~inArray(name, ['Exceptions', 'Env', 'Mime'])) {
+				addAlias(ns[name]);
+			} else if (itemType === 'function') {
+				o[name] = ns[name];
+			}
+		}
+	})(window.moxie);
+
+	// add some manually
+	o.Env = window.moxie.core.utils.Env;
+	o.Mime = window.moxie.core.utils.Mime;
+	o.Exceptions = window.moxie.core.Exceptions;
+
+	// expose globally
+	window.mOxie = o;
+	if (!window.o) {
+		window.o = o;
+	}
+	return o;
+})();
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/pagedown.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/pagedown.js
new file mode 100644
index 0000000..180c1d7
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/pagedown.js
@@ -0,0 +1,2644 @@
+var Markdown;
+
+if (typeof exports === "object" && typeof require === "function") // we're in a CommonJS (e.g. Node.js) module
+    Markdown = exports;
+else
+    Markdown = {};
+    
+// The following text is included for historical reasons, but should
+// be taken with a pinch of salt; it's not all true anymore.
+
+//
+// Wherever possible, Showdown is a straight, line-by-line port
+// of the Perl version of Markdown.
+//
+// This is not a normal parser design; it's basically just a
+// series of string substitutions.  It's hard to read and
+// maintain this way,  but keeping Showdown close to the original
+// design makes it easier to port new features.
+//
+// More importantly, Showdown behaves like markdown.pl in most
+// edge cases.  So web applications can do client-side preview
+// in Javascript, and then build identical HTML on the server.
+//
+// This port needs the new RegExp functionality of ECMA 262,
+// 3rd Edition (i.e. Javascript 1.5).  Most modern web browsers
+// should do fine.  Even with the new regular expression features,
+// We do a lot of work to emulate Perl's regex functionality.
+// The tricky changes in this file mostly have the "attacklab:"
+// label.  Major or self-explanatory changes don't.
+//
+// Smart diff tools like Araxis Merge will be able to match up
+// this file with markdown.pl in a useful way.  A little tweaking
+// helps: in a copy of markdown.pl, replace "#" with "//" and
+// replace "$text" with "text".  Be sure to ignore whitespace
+// and line endings.
+//
+
+
+//
+// Usage:
+//
+//   var text = "Markdown *rocks*.";
+//
+//   var converter = new Markdown.Converter();
+//   var html = converter.makeHtml(text);
+//
+//   alert(html);
+//
+// Note: move the sample code to the bottom of this
+// file before uncommenting it.
+//
+
+(function () {
+
+    function identity(x) { return x; }
+    function returnFalse(x) { return false; }
+
+    function HookCollection() { }
+
+    HookCollection.prototype = {
+
+        chain: function (hookname, func) {
+            var original = this[hookname];
+            if (!original)
+                throw new Error("unknown hook " + hookname);
+
+            if (original === identity)
+                this[hookname] = func;
+            else
+                this[hookname] = function (text) {
+                    var args = Array.prototype.slice.call(arguments, 0);
+                    args[0] = original.apply(null, args);
+                    return func.apply(null, args);
+                };
+        },
+        set: function (hookname, func) {
+            if (!this[hookname])
+                throw new Error("unknown hook " + hookname);
+            this[hookname] = func;
+        },
+        addNoop: function (hookname) {
+            this[hookname] = identity;
+        },
+        addFalse: function (hookname) {
+            this[hookname] = returnFalse;
+        }
+    };
+
+    Markdown.HookCollection = HookCollection;
+
+    // g_urls and g_titles allow arbitrary user-entered strings as keys. This
+    // caused an exception (and hence stopped the rendering) when the user entered
+    // e.g. [push] or [__proto__]. Adding a prefix to the actual key prevents this
+    // (since no builtin property starts with "s_"). See
+    // http://meta.stackoverflow.com/questions/64655/strange-wmd-bug
+    // (granted, switching from Array() to Object() alone would have left only __proto__
+    // to be a problem)
+    function SaveHash() { }
+    SaveHash.prototype = {
+        set: function (key, value) {
+            this["s_" + key] = value;
+        },
+        get: function (key) {
+            return this["s_" + key];
+        }
+    };
+})();
+
+(function () {
+
+    var util = {},
+        position = {},
+        ui = {},
+        doc = window.document,
+        re = window.RegExp,
+        nav = window.navigator,
+        SETTINGS = { lineLength: 72 },
+
+    // Used to work around some browser bugs where we can't use feature testing.
+        uaSniffed = {
+            isIE: /msie/.test(nav.userAgent.toLowerCase()),
+            isIE_5or6: /msie 6/.test(nav.userAgent.toLowerCase()) || /msie 5/.test(nav.userAgent.toLowerCase()),
+            isOpera: /opera/.test(nav.userAgent.toLowerCase())
+        };
+
+    var defaultsStrings = {
+        bold: "Strong <strong> Ctrl+B",
+        boldexample: "strong text",
+
+        italic: "Emphasis <em> Ctrl+I",
+        italicexample: "emphasized text",
+
+        link: "Hyperlink <a> Ctrl+L",
+        linkdescription: "enter link description here",
+        linkdialog: "<p><b>Insert Hyperlink</b></p><p>http://example.com/ \"optional title\"</p>",
+        linkname: null,
+
+        quote: "Blockquote <blockquote> Ctrl+Q",
+        quoteexample: "Blockquote",
+
+        code: "Code Sample <pre><code> Ctrl+K",
+        codeexample: "enter code here",
+
+        image: "Image <img> Ctrl+G",
+        imagedescription: "enter image description here",
+        imagedialog: "<p><b>Insert Image</b></p><p>http://example.com/images/diagram.jpg \"optional title\"<br>Need <a href='http://www.google.com/search?q=free+image+hosting' target='_blank'>free image hosting?</a></p>",
+        imagename: null,
+
+        olist: "Numbered List <ol> Ctrl+O",
+        ulist: "Bulleted List <ul> Ctrl+U",
+        litem: "List item",
+
+        heading: "Heading <h1>/<h2> Ctrl+H",
+        headingexample: "Heading",
+        more: "More contents <!--more--> Ctrl+M",
+
+        fullscreen: 'FullScreen Ctrl+J',
+        exitFullscreen: 'Exit FullScreen Ctrl+E',
+        fullscreenUnsupport: 'Sorry, the browser dont support fullscreen api',
+
+        hr: "Horizontal Rule <hr> Ctrl+R",
+
+        undo: "Undo - Ctrl+Z",
+        redo: "Redo - Ctrl+Y",
+        redomac: "Redo - Ctrl+Shift+Z",
+
+        ok: "OK",
+        cancel: "Cancel",
+
+        help: "Markdown Editing Help"
+    };
+
+
+    // -------------------------------------------------------------------
+    //  YOUR CHANGES GO HERE
+    //
+    // I've tried to localize the things you are likely to change to
+    // this area.
+    // -------------------------------------------------------------------
+
+    // The default text that appears in the dialog input box when entering
+    // links.
+    var imageDefaultText = "http://";
+    var linkDefaultText = "http://";
+
+    // -------------------------------------------------------------------
+    //  END OF YOUR CHANGES
+    // -------------------------------------------------------------------
+
+    // options, if given, can have the following properties:
+    //   options.helpButton = { handler: yourEventHandler }
+    //   options.strings = { italicexample: "slanted text" }
+    // `yourEventHandler` is the click handler for the help button.
+    // If `options.helpButton` isn't given, not help button is created.
+    // `options.strings` can have any or all of the same properties as
+    // `defaultStrings` above, so you can just override some string displayed
+    // to the user on a case-by-case basis, or translate all strings to
+    // a different language.
+    //
+    // For backwards compatibility reasons, the `options` argument can also
+    // be just the `helpButton` object, and `strings.help` can also be set via
+    // `helpButton.title`. This should be considered legacy.
+    //
+    // The constructed editor object has the methods:
+    // - getConverter() returns the markdown converter object that was passed to the constructor
+    // - run() actually starts the editor; should be called after all necessary plugins are registered. Calling this more than once is a no-op.
+    // - refreshPreview() forces the preview to be updated. This method is only available after run() was called.
+    Markdown.Editor = function (markdownConverter, idPostfix, options) {
+
+        options = options || {};
+
+        if (typeof options.handler === "function") { //backwards compatible behavior
+            options = { helpButton: options };
+        }
+        options.strings = options.strings || {};
+        if (options.helpButton) {
+            options.strings.help = options.strings.help || options.helpButton.title;
+        }
+        var getString = function (identifier) {
+            var string = options.strings[identifier] || defaultsStrings[identifier];
+
+            if ('imagename' == identifier || 'linkname' == identifier) {
+                options.strings[identifier] = null;
+            }
+
+            return string;
+        }
+
+        idPostfix = idPostfix || "";
+
+        var hooks = this.hooks = new Markdown.HookCollection();
+        hooks.addNoop("onPreviewRefresh");       // called with no arguments after the preview has been refreshed
+        hooks.addNoop("postBlockquoteCreation"); // called with the user's selection *after* the blockquote was created; should return the actual to-be-inserted text
+        hooks.addFalse("insertImageDialog");     /* called with one parameter: a callback to be called with the URL of the image. If the application creates
+                                                  * its own image insertion dialog, this hook should return true, and the callback should be called with the chosen
+                                                  * image url (or null if the user cancelled). If this hook returns false, the default dialog will be used.
+                                                  */
+        hooks.addFalse("insertLinkDialog");     /* called with one parameter: a callback to be called with the URL of the image. If the application creates
+                                                  * its own image insertion dialog, this hook should return true, and the callback should be called with the chosen
+                                                  * image url (or null if the user cancelled). If this hook returns false, the default dialog will be used.
+                                                  */
+
+        hooks.addNoop("makeButton");
+
+        hooks.addNoop("enterFullScreen");
+        hooks.addNoop("enterFakeFullScreen");
+        hooks.addNoop("exitFullScreen");
+
+        this.getConverter = function () { return markdownConverter; }
+
+        var that = this,
+            panels;
+
+        this.run = function () {
+            if (panels)
+                return; // already initialized
+
+            panels = new PanelCollection(idPostfix);
+            var commandManager = new CommandManager(hooks, getString);
+            var previewManager = new PreviewManager(markdownConverter, panels, function () { hooks.onPreviewRefresh(); });
+            var undoManager, uiManager;
+
+            if (!/\?noundo/.test(doc.location.href)) {
+                undoManager = new UndoManager(function () {
+                    previewManager.refresh();
+                    if (uiManager) // not available on the first call
+                        uiManager.setUndoRedoButtonStates();
+                }, panels);
+                this.textOperation = function (f) {
+                    undoManager.setCommandMode();
+                    f();
+                    that.refreshPreview();
+                }
+            }
+            
+            fullScreenManager = new FullScreenManager(hooks, getString);
+            uiManager = new UIManager(idPostfix, panels, hooks, undoManager, previewManager, commandManager, fullScreenManager, options.helpButton, getString);
+            uiManager.setUndoRedoButtonStates();
+
+            var forceRefresh = that.refreshPreview = function () { previewManager.refresh(true); };
+
+            forceRefresh();
+        };
+
+    }
+
+    // before: contains all the text in the input box BEFORE the selection.
+    // after: contains all the text in the input box AFTER the selection.
+    function Chunks() { }
+
+    // startRegex: a regular expression to find the start tag
+    // endRegex: a regular expresssion to find the end tag
+    Chunks.prototype.findTags = function (startRegex, endRegex) {
+
+        var chunkObj = this;
+        var regex;
+
+        if (startRegex) {
+
+            regex = util.extendRegExp(startRegex, "", "$");
+
+            this.before = this.before.replace(regex,
+                function (match) {
+                    chunkObj.startTag = chunkObj.startTag + match;
+                    return "";
+                });
+
+            regex = util.extendRegExp(startRegex, "^", "");
+
+            this.selection = this.selection.replace(regex,
+                function (match) {
+                    chunkObj.startTag = chunkObj.startTag + match;
+                    return "";
+                });
+        }
+
+        if (endRegex) {
+
+            regex = util.extendRegExp(endRegex, "", "$");
+
+            this.selection = this.selection.replace(regex,
+                function (match) {
+                    chunkObj.endTag = match + chunkObj.endTag;
+                    return "";
+                });
+
+            regex = util.extendRegExp(endRegex, "^", "");
+
+            this.after = this.after.replace(regex,
+                function (match) {
+                    chunkObj.endTag = match + chunkObj.endTag;
+                    return "";
+                });
+        }
+    };
+
+    // If remove is false, the whitespace is transferred
+    // to the before/after regions.
+    //
+    // If remove is true, the whitespace disappears.
+    Chunks.prototype.trimWhitespace = function (remove) {
+        var beforeReplacer, afterReplacer, that = this;
+        if (remove) {
+            beforeReplacer = afterReplacer = "";
+        } else {
+            beforeReplacer = function (s) { that.before += s; return ""; }
+            afterReplacer = function (s) { that.after = s + that.after; return ""; }
+        }
+
+        this.selection = this.selection.replace(/^(\s*)/, beforeReplacer).replace(/(\s*)$/, afterReplacer);
+    };
+
+
+    Chunks.prototype.skipLines = function (nLinesBefore, nLinesAfter, findExtraNewlines) {
+
+        if (nLinesBefore === undefined) {
+            nLinesBefore = 1;
+        }
+
+        if (nLinesAfter === undefined) {
+            nLinesAfter = 1;
+        }
+
+        nLinesBefore++;
+        nLinesAfter++;
+
+        var regexText;
+        var replacementText;
+
+        // chrome bug ... documented at: http://meta.stackexchange.com/questions/63307/blockquote-glitch-in-editor-in-chrome-6-and-7/65985#65985
+        if (navigator.userAgent.match(/Chrome/)) {
+            "X".match(/()./);
+        }
+
+        this.selection = this.selection.replace(/(^\n*)/, "");
+
+        this.startTag = this.startTag + re.$1;
+
+        this.selection = this.selection.replace(/(\n*$)/, "");
+        this.endTag = this.endTag + re.$1;
+        this.startTag = this.startTag.replace(/(^\n*)/, "");
+        this.before = this.before + re.$1;
+        this.endTag = this.endTag.replace(/(\n*$)/, "");
+        this.after = this.after + re.$1;
+
+        if (this.before) {
+
+            regexText = replacementText = "";
+
+            while (nLinesBefore--) {
+                regexText += "\\n?";
+                replacementText += "\n";
+            }
+
+            if (findExtraNewlines) {
+                regexText = "\\n*";
+            }
+            this.before = this.before.replace(new re(regexText + "$", ""), replacementText);
+        }
+
+        if (this.after) {
+
+            regexText = replacementText = "";
+
+            while (nLinesAfter--) {
+                regexText += "\\n?";
+                replacementText += "\n";
+            }
+            if (findExtraNewlines) {
+                regexText = "\\n*";
+            }
+
+            this.after = this.after.replace(new re(regexText, ""), replacementText);
+        }
+    };
+
+    // end of Chunks
+
+    // A collection of the important regions on the page.
+    // Cached so we don't have to keep traversing the DOM.
+    // Also holds ieCachedRange and ieCachedScrollTop, where necessary; working around
+    // this issue:
+    // Internet explorer has problems with CSS sprite buttons that use HTML
+    // lists.  When you click on the background image "button", IE will
+    // select the non-existent link text and discard the selection in the
+    // textarea.  The solution to this is to cache the textarea selection
+    // on the button's mousedown event and set a flag.  In the part of the
+    // code where we need to grab the selection, we check for the flag
+    // and, if it's set, use the cached area instead of querying the
+    // textarea.
+    //
+    // This ONLY affects Internet Explorer (tested on versions 6, 7
+    // and 8) and ONLY on button clicks.  Keyboard shortcuts work
+    // normally since the focus never leaves the textarea.
+    function PanelCollection(postfix) {
+        this.buttonBar = doc.getElementById("wmd-button-bar" + postfix);
+        this.preview = doc.getElementById("wmd-preview" + postfix);
+        this.input = doc.getElementById("text");
+    };
+
+    // Returns true if the DOM element is visible, false if it's hidden.
+    // Checks if display is anything other than none.
+    util.isVisible = function (elem) {
+
+        if (window.getComputedStyle) {
+            // Most browsers
+            return window.getComputedStyle(elem, null).getPropertyValue("display") !== "none";
+        }
+        else if (elem.currentStyle) {
+            // IE
+            return elem.currentStyle["display"] !== "none";
+        }
+    };
+
+
+    // Adds a listener callback to a DOM element which is fired on a specified
+    // event.
+    util.addEvent = function (elem, event, listener) {
+        if (elem.attachEvent) {
+            // IE only.  The "on" is mandatory.
+            elem.attachEvent("on" + event, listener);
+        }
+        else {
+            // Other browsers.
+            elem.addEventListener(event, listener, false);
+        }
+    };
+
+
+    // Removes a listener callback from a DOM element which is fired on a specified
+    // event.
+    util.removeEvent = function (elem, event, listener) {
+        if (elem.detachEvent) {
+            // IE only.  The "on" is mandatory.
+            elem.detachEvent("on" + event, listener);
+        }
+        else {
+            // Other browsers.
+            elem.removeEventListener(event, listener, false);
+        }
+    };
+
+    // Converts \r\n and \r to \n.
+    util.fixEolChars = function (text) {
+        text = text.replace(/\r\n/g, "\n");
+        text = text.replace(/\r/g, "\n");
+        return text;
+    };
+
+    // Extends a regular expression.  Returns a new RegExp
+    // using pre + regex + post as the expression.
+    // Used in a few functions where we have a base
+    // expression and we want to pre- or append some
+    // conditions to it (e.g. adding "$" to the end).
+    // The flags are unchanged.
+    //
+    // regex is a RegExp, pre and post are strings.
+    util.extendRegExp = function (regex, pre, post) {
+
+        if (pre === null || pre === undefined) {
+            pre = "";
+        }
+        if (post === null || post === undefined) {
+            post = "";
+        }
+
+        var pattern = regex.toString();
+        var flags;
+
+        // Replace the flags with empty space and store them.
+        pattern = pattern.replace(/\/([gim]*)$/, function (wholeMatch, flagsPart) {
+            flags = flagsPart;
+            return "";
+        });
+
+        // Remove the slash delimiters on the regular expression.
+        pattern = pattern.replace(/(^\/|\/$)/g, "");
+        pattern = pre + pattern + post;
+
+        return new re(pattern, flags);
+    }
+
+    // UNFINISHED
+    // The assignment in the while loop makes jslint cranky.
+    // I'll change it to a better loop later.
+    position.getTop = function (elem, isInner) {
+        var result = elem.offsetTop;
+        if (!isInner) {
+            while (elem = elem.offsetParent) {
+                result += elem.offsetTop;
+            }
+        }
+        return result;
+    };
+
+    position.getHeight = function (elem) {
+        return elem.offsetHeight || elem.scrollHeight;
+    };
+
+    position.getWidth = function (elem) {
+        return elem.offsetWidth || elem.scrollWidth;
+    };
+
+    position.getPageSize = function () {
+
+        var scrollWidth, scrollHeight;
+        var innerWidth, innerHeight;
+
+        // It's not very clear which blocks work with which browsers.
+        if (self.innerHeight && self.scrollMaxY) {
+            scrollWidth = doc.body.scrollWidth;
+            scrollHeight = self.innerHeight + self.scrollMaxY;
+        }
+        else if (doc.body.scrollHeight > doc.body.offsetHeight) {
+            scrollWidth = doc.body.scrollWidth;
+            scrollHeight = doc.body.scrollHeight;
+        }
+        else {
+            scrollWidth = doc.body.offsetWidth;
+            scrollHeight = doc.body.offsetHeight;
+        }
+
+        if (self.innerHeight) {
+            // Non-IE browser
+            innerWidth = self.innerWidth;
+            innerHeight = self.innerHeight;
+        }
+        else if (doc.documentElement && doc.documentElement.clientHeight) {
+            // Some versions of IE (IE 6 w/ a DOCTYPE declaration)
+            innerWidth = doc.documentElement.clientWidth;
+            innerHeight = doc.documentElement.clientHeight;
+        }
+        else if (doc.body) {
+            // Other versions of IE
+            innerWidth = doc.body.clientWidth;
+            innerHeight = doc.body.clientHeight;
+        }
+
+        var maxWidth = Math.max(scrollWidth, innerWidth);
+        var maxHeight = Math.max(scrollHeight, innerHeight);
+        return [maxWidth, maxHeight, innerWidth, innerHeight];
+    };
+
+    // Handles pushing and popping TextareaStates for undo/redo commands.
+    // I should rename the stack variables to list.
+    function UndoManager(callback, panels) {
+
+        var undoObj = this;
+        var undoStack = []; // A stack of undo states
+        var stackPtr = 0; // The index of the current state
+        var mode = "none";
+        var lastState; // The last state
+        var timer; // The setTimeout handle for cancelling the timer
+        var inputStateObj;
+
+        // Set the mode for later logic steps.
+        var setMode = function (newMode, noSave) {
+            if (mode != newMode) {
+                mode = newMode;
+                if (!noSave) {
+                    saveState();
+                }
+            }
+
+            if (!uaSniffed.isIE || mode != "moving") {
+                timer = setTimeout(refreshState, 1);
+            }
+            else {
+                inputStateObj = null;
+            }
+        };
+
+        var refreshState = function (isInitialState) {
+            inputStateObj = new TextareaState(panels, isInitialState);
+            timer = undefined;
+        };
+
+        this.setCommandMode = function () {
+            mode = "command";
+            saveState();
+            timer = setTimeout(refreshState, 0);
+        };
+
+        this.canUndo = function () {
+            return stackPtr > 1;
+        };
+
+        this.canRedo = function () {
+            if (undoStack[stackPtr + 1]) {
+                return true;
+            }
+            return false;
+        };
+
+        // Removes the last state and restores it.
+        this.undo = function () {
+
+            if (undoObj.canUndo()) {
+                if (lastState) {
+                    // What about setting state -1 to null or checking for undefined?
+                    lastState.restore();
+                    lastState = null;
+                }
+                else {
+                    undoStack[stackPtr] = new TextareaState(panels);
+                    undoStack[--stackPtr].restore();
+
+                    if (callback) {
+                        callback();
+                    }
+                }
+            }
+
+            mode = "none";
+            panels.input.focus();
+            refreshState();
+        };
+
+        // Redo an action.
+        this.redo = function () {
+
+            if (undoObj.canRedo()) {
+
+                undoStack[++stackPtr].restore();
+
+                if (callback) {
+                    callback();
+                }
+            }
+
+            mode = "none";
+            panels.input.focus();
+            refreshState();
+        };
+
+        // Push the input area state to the stack.
+        var saveState = function () {
+            var currState = inputStateObj || new TextareaState(panels);
+
+            if (!currState) {
+                return false;
+            }
+            if (mode == "moving") {
+                if (!lastState) {
+                    lastState = currState;
+                }
+                return;
+            }
+            if (lastState) {
+                if (undoStack[stackPtr - 1].text != lastState.text) {
+                    undoStack[stackPtr++] = lastState;
+                }
+                lastState = null;
+            }
+            undoStack[stackPtr++] = currState;
+            undoStack[stackPtr + 1] = null;
+            if (callback) {
+                callback();
+            }
+        };
+
+        var handleCtrlYZ = function (event) {
+
+            var handled = false;
+
+            if ((event.ctrlKey || event.metaKey) && !event.altKey) {
+
+                // IE and Opera do not support charCode.
+                var keyCode = event.charCode || event.keyCode;
+                var keyCodeChar = String.fromCharCode(keyCode);
+
+                switch (keyCodeChar.toLowerCase()) {
+
+                    case "y":
+                        undoObj.redo();
+                        handled = true;
+                        break;
+
+                    case "z":
+                        if (!event.shiftKey) {
+                            undoObj.undo();
+                        }
+                        else {
+                            undoObj.redo();
+                        }
+                        handled = true;
+                        break;
+                }
+            }
+
+            if (handled) {
+                if (event.preventDefault) {
+                    event.preventDefault();
+                }
+                if (window.event) {
+                    window.event.returnValue = false;
+                }
+                return;
+            }
+        };
+
+        // Set the mode depending on what is going on in the input area.
+        var handleModeChange = function (event) {
+
+            if (!event.ctrlKey && !event.metaKey) {
+
+                var keyCode = event.keyCode;
+
+                if ((keyCode >= 33 && keyCode <= 40) || (keyCode >= 63232 && keyCode <= 63235)) {
+                    // 33 - 40: page up/dn and arrow keys
+                    // 63232 - 63235: page up/dn and arrow keys on safari
+                    setMode("moving");
+                }
+                else if (keyCode == 8 || keyCode == 46 || keyCode == 127) {
+                    // 8: backspace
+                    // 46: delete
+                    // 127: delete
+                    setMode("deleting");
+                }
+                else if (keyCode == 13) {
+                    // 13: Enter
+                    setMode("newlines");
+                }
+                else if (keyCode == 27) {
+                    // 27: escape
+                    setMode("escape");
+                }
+                else if ((keyCode < 16 || keyCode > 20) && keyCode != 91) {
+                    // 16-20 are shift, etc.
+                    // 91: left window key
+                    // I think this might be a little messed up since there are
+                    // a lot of nonprinting keys above 20.
+                    setMode("typing");
+                }
+            }
+        };
+
+        var setEventHandlers = function () {
+            util.addEvent(panels.input, "keypress", function (event) {
+                // keyCode 89: y
+                // keyCode 90: z
+                if ((event.ctrlKey || event.metaKey) && !event.altKey && (event.keyCode == 89 || event.keyCode == 90)) {
+                    event.preventDefault();
+                }
+            });
+
+            var handlePaste = function () {
+                if (uaSniffed.isIE || (inputStateObj && inputStateObj.text != panels.input.value)) {
+                    if (timer == undefined) {
+                        mode = "paste";
+                        saveState();
+                        refreshState();
+                    }
+                }
+            };
+
+            util.addEvent(panels.input, "keydown", handleCtrlYZ);
+            util.addEvent(panels.input, "keydown", handleModeChange);
+            util.addEvent(panels.input, "mousedown", function () {
+                setMode("moving");
+            });
+
+            panels.input.onpaste = handlePaste;
+            panels.input.ondrop = handlePaste;
+        };
+
+        var init = function () {
+            setEventHandlers();
+            refreshState(true);
+            saveState();
+        };
+
+        init();
+    }
+
+    // end of UndoManager
+
+    // The input textarea state/contents.
+    // This is used to implement undo/redo by the undo manager.
+    function TextareaState(panels, isInitialState) {
+
+        // Aliases
+        var stateObj = this;
+        var inputArea = panels.input;
+        this.init = function () {
+            if (!util.isVisible(inputArea)) {
+                return;
+            }
+            if (!isInitialState && doc.activeElement && doc.activeElement !== inputArea) { // this happens when tabbing out of the input box
+                return;
+            }
+
+            this.setInputAreaSelectionStartEnd();
+            this.scrollTop = inputArea.scrollTop;
+            if (!this.text && inputArea.selectionStart || inputArea.selectionStart === 0) {
+                this.text = inputArea.value;
+            }
+
+        }
+
+        // Sets the selected text in the input box after we've performed an
+        // operation.
+        this.setInputAreaSelection = function () {
+
+            if (!util.isVisible(inputArea)) {
+                return;
+            }
+
+            if (inputArea.selectionStart !== undefined && !uaSniffed.isOpera) {
+
+                inputArea.focus();
+                inputArea.selectionStart = stateObj.start;
+                inputArea.selectionEnd = stateObj.end;
+                inputArea.scrollTop = stateObj.scrollTop;
+            }
+            else if (doc.selection) {
+
+                if (doc.activeElement && doc.activeElement !== inputArea) {
+                    return;
+                }
+
+                inputArea.focus();
+                var range = inputArea.createTextRange();
+                range.moveStart("character", -inputArea.value.length);
+                range.moveEnd("character", -inputArea.value.length);
+                range.moveEnd("character", stateObj.end);
+                range.moveStart("character", stateObj.start);
+                range.select();
+            }
+        };
+
+        this.setInputAreaSelectionStartEnd = function () {
+
+            if (!panels.ieCachedRange && (inputArea.selectionStart || inputArea.selectionStart === 0)) {
+
+                stateObj.start = inputArea.selectionStart;
+                stateObj.end = inputArea.selectionEnd;
+            }
+            else if (doc.selection) {
+
+                stateObj.text = util.fixEolChars(inputArea.value);
+
+                // IE loses the selection in the textarea when buttons are
+                // clicked.  On IE we cache the selection. Here, if something is cached,
+                // we take it.
+                var range = panels.ieCachedRange || doc.selection.createRange();
+
+                var fixedRange = util.fixEolChars(range.text);
+                var marker = "\x07";
+                var markedRange = marker + fixedRange + marker;
+                range.text = markedRange;
+                var inputText = util.fixEolChars(inputArea.value);
+
+                range.moveStart("character", -markedRange.length);
+                range.text = fixedRange;
+
+                stateObj.start = inputText.indexOf(marker);
+                stateObj.end = inputText.lastIndexOf(marker) - marker.length;
+
+                var len = stateObj.text.length - util.fixEolChars(inputArea.value).length;
+
+                if (len) {
+                    range.moveStart("character", -fixedRange.length);
+                    while (len--) {
+                        fixedRange += "\n";
+                        stateObj.end += 1;
+                    }
+                    range.text = fixedRange;
+                }
+
+                if (panels.ieCachedRange)
+                    stateObj.scrollTop = panels.ieCachedScrollTop; // this is set alongside with ieCachedRange
+
+                panels.ieCachedRange = null;
+
+                this.setInputAreaSelection();
+            }
+        };
+
+        // Restore this state into the input area.
+        this.restore = function () {
+
+            if (stateObj.text != undefined && stateObj.text != inputArea.value) {
+                inputArea.value = stateObj.text;
+            }
+            this.setInputAreaSelection();
+            inputArea.scrollTop = stateObj.scrollTop;
+        };
+
+        // Gets a collection of HTML chunks from the inptut textarea.
+        this.getChunks = function () {
+
+            var chunk = new Chunks();
+            chunk.before = util.fixEolChars(stateObj.text.substring(0, stateObj.start));
+            chunk.startTag = "";
+            chunk.selection = util.fixEolChars(stateObj.text.substring(stateObj.start, stateObj.end));
+            chunk.endTag = "";
+            chunk.after = util.fixEolChars(stateObj.text.substring(stateObj.end));
+            chunk.scrollTop = stateObj.scrollTop;
+
+            return chunk;
+        };
+
+        // Sets the TextareaState properties given a chunk of markdown.
+        this.setChunks = function (chunk) {
+
+            chunk.before = chunk.before + chunk.startTag;
+            chunk.after = chunk.endTag + chunk.after;
+
+            this.start = chunk.before.length;
+            this.end = chunk.before.length + chunk.selection.length;
+            this.text = chunk.before + chunk.selection + chunk.after;
+            this.scrollTop = chunk.scrollTop;
+        };
+        this.init();
+    };
+
+    function PreviewManager(converter, panels, previewRefreshCallback) {
+
+        var managerObj = this;
+        var timeout;
+        var elapsedTime;
+        var oldInputText;
+        var maxDelay = 3000;
+        var startType = "delayed"; // The other legal value is "manual"
+
+        // Adds event listeners to elements
+        var setupEvents = function (inputElem, listener) {
+
+            util.addEvent(inputElem, "input", listener);
+            inputElem.onpaste = listener;
+            inputElem.ondrop = listener;
+
+            util.addEvent(inputElem, "keypress", listener);
+            util.addEvent(inputElem, "keydown", listener);
+        };
+
+        var getDocScrollTop = function () {
+
+            var result = 0;
+
+            if (window.innerHeight) {
+                result = window.pageYOffset;
+            }
+            else
+                if (doc.documentElement && doc.documentElement.scrollTop) {
+                    result = doc.documentElement.scrollTop;
+                }
+                else
+                    if (doc.body) {
+                        result = doc.body.scrollTop;
+                    }
+
+            return result;
+        };
+
+        var makePreviewHtml = function () {
+
+            // If there is no registered preview panel
+            // there is nothing to do.
+            if (!panels.preview)
+                return;
+
+
+            var text = panels.input.value;
+            if (text && text == oldInputText) {
+                return; // Input text hasn't changed.
+            }
+            else {
+                oldInputText = text;
+            }
+
+            var prevTime = new Date().getTime();
+
+            text = converter.makeHtml(text);
+
+            // Calculate the processing time of the HTML creation.
+            // It's used as the delay time in the event listener.
+            var currTime = new Date().getTime();
+            elapsedTime = currTime - prevTime;
+
+            pushPreviewHtml(text);
+        };
+
+        // setTimeout is already used.  Used as an event listener.
+        var applyTimeout = function () {
+
+            if (timeout) {
+                clearTimeout(timeout);
+                timeout = undefined;
+            }
+
+            if (startType !== "manual") {
+
+                var delay = 0;
+
+                if (startType === "delayed") {
+                    delay = elapsedTime;
+                }
+
+                if (delay > maxDelay) {
+                    delay = maxDelay;
+                }
+                timeout = setTimeout(makePreviewHtml, delay);
+            }
+        };
+
+        var getScaleFactor = function (panel) {
+            if (panel.scrollHeight <= panel.clientHeight) {
+                return 1;
+            }
+            return panel.scrollTop / (panel.scrollHeight - panel.clientHeight);
+        };
+
+        var setPanelScrollTops = function () {
+            if (panels.preview) {
+                panels.preview.scrollTop = (panels.preview.scrollHeight - panels.preview.clientHeight) * getScaleFactor(panels.preview);
+            }
+        };
+
+        this.refresh = function (requiresRefresh) {
+
+            if (requiresRefresh) {
+                oldInputText = "";
+                makePreviewHtml();
+            }
+            else {
+                applyTimeout();
+            }
+        };
+
+        this.processingTime = function () {
+            return elapsedTime;
+        };
+
+        var isFirstTimeFilled = true;
+
+        // IE doesn't let you use innerHTML if the element is contained somewhere in a table
+        // (which is the case for inline editing) -- in that case, detach the element, set the
+        // value, and reattach. Yes, that *is* ridiculous.
+        var ieSafePreviewSet = function (text) {
+            var preview = panels.preview;
+            var parent = preview.parentNode;
+            var sibling = preview.nextSibling;
+            parent.removeChild(preview);
+            preview.innerHTML = text;
+            if (!sibling)
+                parent.appendChild(preview);
+            else
+                parent.insertBefore(preview, sibling);
+        }
+
+        var nonSuckyBrowserPreviewSet = function (text) {
+            panels.preview.innerHTML = text;
+        }
+
+        var previewSetter;
+
+        var previewSet = function (text) {
+            if (previewSetter)
+                return previewSetter(text);
+
+            try {
+                nonSuckyBrowserPreviewSet(text);
+                previewSetter = nonSuckyBrowserPreviewSet;
+            } catch (e) {
+                previewSetter = ieSafePreviewSet;
+                previewSetter(text);
+            }
+        };
+
+        var pushPreviewHtml = function (text) {
+
+            var emptyTop = position.getTop(panels.input) - getDocScrollTop();
+
+            if (panels.preview) {
+                previewSet(text);
+                previewRefreshCallback();
+            }
+
+            setPanelScrollTops();
+
+            if (isFirstTimeFilled) {
+                isFirstTimeFilled = false;
+                return;
+            }
+
+            var fullTop = position.getTop(panels.input) - getDocScrollTop();
+
+            if (uaSniffed.isIE) {
+                setTimeout(function () {
+                    window.scrollBy(0, fullTop - emptyTop);
+                }, 0);
+            }
+            else {
+                window.scrollBy(0, fullTop - emptyTop);
+            }
+        };
+
+        var init = function () {
+
+            setupEvents(panels.input, applyTimeout);
+            makePreviewHtml();
+
+            if (panels.preview) {
+                panels.preview.scrollTop = 0;
+            }
+        };
+
+        init();
+    };
+
+    // Creates the background behind the hyperlink text entry box.
+    // And download dialog
+    // Most of this has been moved to CSS but the div creation and
+    // browser-specific hacks remain here.
+    ui.createBackground = function () {
+
+        var background = doc.createElement("div"),
+            style = background.style;
+        
+        background.className = "wmd-prompt-background";
+        
+        style.position = "absolute";
+        style.top = "0";
+
+        style.zIndex = "1000";
+
+        if (uaSniffed.isIE) {
+            style.filter = "alpha(opacity=50)";
+        }
+        else {
+            style.opacity = "0.5";
+        }
+
+        var pageSize = position.getPageSize();
+        style.height = pageSize[1] + "px";
+
+        if (uaSniffed.isIE) {
+            style.left = doc.documentElement.scrollLeft;
+            style.width = doc.documentElement.clientWidth;
+        }
+        else {
+            style.left = "0";
+            style.width = "100%";
+        }
+
+        doc.body.appendChild(background);
+        return background;
+    };
+
+    // 扩展了原来ui的功能
+    // 允许创建一个自定义html的对话框
+    ui.dialog = function (html, callback, ok, cancel) {
+
+        // These variables need to be declared at this level since they are used
+        // in multiple functions.
+        var dialog;         // The dialog box.
+
+        // Used as a keydown event handler. Esc dismisses the prompt.
+        // Key code 27 is ESC.
+        var checkEscape = function (key) {
+            var code = (key.charCode || key.keyCode);
+            if (code === 27) {
+                close(true);
+            }
+        };
+
+        // Dismisses the hyperlink input box.
+        // isCancel is true if we don't care about the input text.
+        // isCancel is false if we are going to keep the text.
+        var close = function (isCancel) {
+            util.removeEvent(doc.body, "keydown", checkEscape);
+            dialog.parentNode.removeChild(dialog);
+
+            callback(isCancel);
+            return false;
+        };
+
+
+
+        // Create the text input box form/window.
+        var createDialog = function () {
+
+            // The main dialog box.
+            dialog = doc.createElement("div");
+            dialog.className = "wmd-prompt-dialog";
+            dialog.setAttribute("role", "dialog");
+            /*
+            dialog.style.padding = "10px;";
+            dialog.style.position = "fixed";
+            dialog.style.width = "400px";
+            dialog.style.zIndex = "1001";
+            */
+
+            // The dialog text.
+            var question = doc.createElement("div");
+
+            // The web form container for the text box and buttons.
+            var form = doc.createElement("form"),
+                style = form.style;
+            form.onsubmit = function () { return close(false); };
+            /*
+            style.padding = "0";
+            style.margin = "0";
+            style.cssFloat = "left";
+            style.width = "100%";
+            style.textAlign = "center";
+            style.position = "relative";
+            */
+            dialog.appendChild(form);
+            form.appendChild(question);
+
+            if ('function' == typeof(html)) {
+                html.call(this, question);
+            } else {
+                question.innerHTML = html;
+            }
+
+            // The ok button
+            var okButton = doc.createElement("button");
+            okButton.type = "button";
+            okButton.className = "btn btn-s primary";
+            okButton.onclick = function () { return close(false); };
+            okButton.innerHTML = ok;
+            /*
+            style = okButton.style;
+            style.margin = "10px";
+            style.display = "inline";
+            style.width = "7em";
+            */
+
+            // The cancel button
+            var cancelButton = doc.createElement("button");
+            cancelButton.type = "button";
+            cancelButton.className = "btn btn-s";
+            cancelButton.onclick = function () { return close(true); };
+            cancelButton.innerHTML = cancel;
+            /*
+            style = cancelButton.style;
+            style.margin = "10px";
+            style.display = "inline";
+            style.width = "7em";
+            */
+
+            form.appendChild(okButton);
+            form.appendChild(cancelButton);
+
+            util.addEvent(doc.body, "keydown", checkEscape);
+            /*
+            dialog.style.top = "50%";
+            dialog.style.left = "50%";
+            dialog.style.display = "block";
+            if (uaSniffed.isIE_5or6) {
+                dialog.style.position = "absolute";
+                dialog.style.top = doc.documentElement.scrollTop + 200 + "px";
+                dialog.style.left = "50%";
+            }
+            */
+            doc.body.appendChild(dialog);
+
+            // This has to be done AFTER adding the dialog to the form if you
+            // want it to be centered.
+            /*
+            dialog.style.marginTop = -(position.getHeight(dialog) / 2) + "px";
+            dialog.style.marginLeft = -(position.getWidth(dialog) / 2) + "px";
+            */
+
+        };
+
+        // Why is this in a zero-length timeout?
+        // Is it working around a browser bug?
+        setTimeout(function () {
+            createDialog();
+        }, 0);
+    }
+
+    // This simulates a modal dialog box and asks for the URL when you
+    // click the hyperlink or image buttons.
+    //
+    // text: The html for the input box.
+    // defaultInputText: The default value that appears in the input box.
+    // callback: The function which is executed when the prompt is dismissed, either via OK or Cancel.
+    //      It receives a single argument; either the entered text (if OK was chosen) or null (if Cancel
+    //      was chosen).
+    ui.prompt = function (text, defaultInputText, callback, ok, cancel) {
+
+        // These variables need to be declared at this level since they are used
+        // in multiple functions.
+        var dialog;         // The dialog box.
+        var input;         // The text box where you enter the hyperlink.
+
+
+        if (defaultInputText === undefined) {
+            defaultInputText = "";
+        }
+
+        // Used as a keydown event handler. Esc dismisses the prompt.
+        // Key code 27 is ESC.
+        var checkEscape = function (key) {
+            var code = (key.charCode || key.keyCode);
+            if (code === 27) {
+                close(true);
+            }
+        };
+
+        // Dismisses the hyperlink input box.
+        // isCancel is true if we don't care about the input text.
+        // isCancel is false if we are going to keep the text.
+        var close = function (isCancel) {
+            util.removeEvent(doc.body, "keydown", checkEscape);
+            var text = input.value;
+
+            if (isCancel) {
+                text = null;
+            }
+            else {
+                // Fixes common pasting errors.
+                text = text.replace(/^http:\/\/(https?|ftp):\/\//, '$1://');
+                if (!/^(?:https?|ftp):\/\//.test(text))
+                    text = 'http://' + text;
+            }
+
+            dialog.parentNode.removeChild(dialog);
+
+            callback(text);
+            return false;
+        };
+
+
+
+        // Create the text input box form/window.
+        var createDialog = function () {
+
+            // The main dialog box.
+            dialog = doc.createElement("div");
+            dialog.className = "wmd-prompt-dialog";
+            dialog.setAttribute("role", "dialog");
+            /*
+            dialog.style.padding = "10px;";
+            dialog.style.position = "fixed";
+            dialog.style.width = "400px";
+            dialog.style.zIndex = "1001";
+            */
+
+            // The dialog text.
+            var question = doc.createElement("div");
+            question.innerHTML = text;
+            // question.style.padding = "5px";
+            dialog.appendChild(question);
+
+            // The web form container for the text box and buttons.
+            var form = doc.createElement("form"),
+                style = form.style;
+            form.onsubmit = function () { return close(false); };
+            /*
+            style.padding = "0";
+            style.margin = "0";
+            style.cssFloat = "left";
+            style.width = "100%";
+            style.textAlign = "center";
+            style.position = "relative";
+            */
+            dialog.appendChild(form);
+
+            // The input text box
+            input = doc.createElement("input");
+            input.type = "text";
+            input.value = defaultInputText;
+            /*
+            style = input.style;
+            style.display = "block";
+            style.width = "80%";
+            style.marginLeft = style.marginRight = "auto";
+            */
+            form.appendChild(input);
+
+            // The ok button
+            var okButton = doc.createElement("button");
+            okButton.type = "button";
+            okButton.className = "btn btn-s primary";
+            okButton.onclick = function () { return close(false); };
+            okButton.innerHTML = ok;
+            /*
+            style = okButton.style;
+            style.margin = "10px";
+            style.display = "inline";
+            style.width = "7em";
+            */
+
+            // The cancel button
+            var cancelButton = doc.createElement("button");
+            cancelButton.type = "button";
+            cancelButton.className = "btn btn-s";
+            cancelButton.onclick = function () { return close(true); };
+            cancelButton.innerHTML = cancel;
+            /*
+            style = cancelButton.style;
+            style.margin = "10px";
+            style.display = "inline";
+            style.width = "7em";
+            */
+
+            form.appendChild(okButton);
+            form.appendChild(cancelButton);
+
+            util.addEvent(doc.body, "keydown", checkEscape);
+            /*
+            dialog.style.top = "50%";
+            dialog.style.left = "50%";
+            dialog.style.display = "block";
+            if (uaSniffed.isIE_5or6) {
+                dialog.style.position = "absolute";
+                dialog.style.top = doc.documentElement.scrollTop + 200 + "px";
+                dialog.style.left = "50%";
+            }
+            */
+            doc.body.appendChild(dialog);
+
+            // This has to be done AFTER adding the dialog to the form if you
+            // want it to be centered.
+            /*
+            dialog.style.marginTop = -(position.getHeight(dialog) / 2) + "px";
+            dialog.style.marginLeft = -(position.getWidth(dialog) / 2) + "px";
+            */
+
+        };
+
+        // Why is this in a zero-length timeout?
+        // Is it working around a browser bug?
+        setTimeout(function () {
+
+            createDialog();
+
+            var defTextLen = defaultInputText.length;
+            if (input.selectionStart !== undefined) {
+                input.selectionStart = 0;
+                input.selectionEnd = defTextLen;
+            }
+            else if (input.createTextRange) {
+                var range = input.createTextRange();
+                range.collapse(false);
+                range.moveStart("character", -defTextLen);
+                range.moveEnd("character", defTextLen);
+                range.select();
+            }
+
+            input.focus();
+        }, 0);
+    };
+
+    function UIManager(postfix, panels, hooks, undoManager, previewManager, commandManager, fullScreenManager, helpOptions, getString) {
+
+        var inputBox = panels.input,
+            buttons = {}; // buttons.undo, buttons.link, etc. The actual DOM elements.
+
+        makeSpritedButtonRow();
+
+        var keyEvent = "keydown";
+        if (uaSniffed.isOpera) {
+            keyEvent = "keypress";
+        }
+
+        util.addEvent(inputBox, keyEvent, function (key) {
+            // Check to see if we have a button key and, if so execute the callback.
+            if ((key.ctrlKey || key.metaKey) && !key.altKey && !key.shiftKey) {
+
+                var keyCode = key.charCode || key.keyCode;
+                var keyCodeStr = String.fromCharCode(keyCode).toLowerCase();
+
+                switch (keyCodeStr) {
+                    case "b":
+                        doClick(buttons.bold);
+                        break;
+                    case "i":
+                        doClick(buttons.italic);
+                        break;
+                    case "l":
+                        doClick(buttons.link);
+                        break;
+                    case "q":
+                        doClick(buttons.quote);
+                        break;
+                    case "k":
+                        doClick(buttons.code);
+                        break;
+                    case "g":
+                        doClick(buttons.image);
+                        break;
+                    case "o":
+                        doClick(buttons.olist);
+                        break;
+                    case "u":
+                        doClick(buttons.ulist);
+                        break;
+                    case 'm':
+                        doClick(buttons.more);
+                        break;
+                    case 'j':
+                        doClick(buttons.fullscreen);
+                        break;
+                    case 'e':
+                        doClick(buttons.exitFullscreen);
+                        break;
+                    case "h":
+                        doClick(buttons.heading);
+                        break;
+                    case "r":
+                        doClick(buttons.hr);
+                        break;
+                    case "y":
+                        doClick(buttons.redo);
+                        break;
+                    case "z":
+                        if (key.shiftKey) {
+                            doClick(buttons.redo);
+                        }
+                        else {
+                            doClick(buttons.undo);
+                        }
+                        break;
+                    default:
+                        return;
+                }
+
+
+                if (key.preventDefault) {
+                    key.preventDefault();
+                }
+
+                if (window.event) {
+                    window.event.returnValue = false;
+                }
+            }else if(key.keyCode==9){
+                var tab = {};
+                tab.textOp = bindCommand("doTab");
+                doClick(tab);
+
+                if (key.preventDefault) {
+                    key.preventDefault();
+                }
+                if (window.event) {
+                    window.event.returnValue = false;
+                }
+            }
+        });
+
+        // Auto-indent on shift-enter
+        util.addEvent(inputBox, "keyup", function (key) {
+            if (key.shiftKey && !key.ctrlKey && !key.metaKey) {
+                var keyCode = key.charCode || key.keyCode;
+                // Character 13 is Enter
+                if (keyCode === 13) {
+                    var fakeButton = {};
+                    fakeButton.textOp = bindCommand("doAutoindent");
+                    doClick(fakeButton);
+                }
+            }
+        });
+
+        // special handler because IE clears the context of the textbox on ESC
+        if (uaSniffed.isIE) {
+            util.addEvent(inputBox, "keydown", function (key) {
+                var code = key.keyCode;
+                if (code === 27) {
+                    return false;
+                }
+            });
+        }
+
+
+        // Perform the button's action.
+        function doClick(button) {
+
+            inputBox.focus();
+
+            if (button.textOp) {
+
+                if (undoManager) {
+                    undoManager.setCommandMode();
+                }
+
+                var state = new TextareaState(panels);
+
+                if (!state) {
+                    return;
+                }
+
+                var chunks = state.getChunks();
+
+                // Some commands launch a "modal" prompt dialog.  Javascript
+                // can't really make a modal dialog box and the WMD code
+                // will continue to execute while the dialog is displayed.
+                // This prevents the dialog pattern I'm used to and means
+                // I can't do something like this:
+                //
+                // var link = CreateLinkDialog();
+                // makeMarkdownLink(link);
+                //
+                // Instead of this straightforward method of handling a
+                // dialog I have to pass any code which would execute
+                // after the dialog is dismissed (e.g. link creation)
+                // in a function parameter.
+                //
+                // Yes this is awkward and I think it sucks, but there's
+                // no real workaround.  Only the image and link code
+                // create dialogs and require the function pointers.
+                var fixupInputArea = function () {
+
+                    inputBox.focus();
+
+                    if (chunks) {
+                        state.setChunks(chunks);
+                    }
+
+                    state.restore();
+                    previewManager.refresh();
+                };
+
+                var noCleanup = button.textOp(chunks, fixupInputArea);
+
+                if (!noCleanup) {
+                    fixupInputArea();
+                }
+
+            }
+
+            if (button.execute) {
+                button.execute(undoManager);
+            }
+        };
+
+        function setupButton(button, isEnabled) {
+
+            var normalYShift = "0px";
+            var disabledYShift = "-20px";
+            var highlightYShift = "-40px";
+            var image = button.getElementsByTagName("span")[0];
+            if (isEnabled) {
+                image.style.backgroundPosition = button.XShift + " " + normalYShift;
+                button.onmouseover = function () {
+                    image.style.backgroundPosition = this.XShift + " " + highlightYShift;
+                };
+
+                button.onmouseout = function () {
+                    image.style.backgroundPosition = this.XShift + " " + normalYShift;
+                };
+
+                // IE tries to select the background image "button" text (it's
+                // implemented in a list item) so we have to cache the selection
+                // on mousedown.
+                if (uaSniffed.isIE) {
+                    button.onmousedown = function () {
+                        if (doc.activeElement && doc.activeElement !== panels.input) { // we're not even in the input box, so there's no selection
+                            return;
+                        }
+                        panels.ieCachedRange = document.selection.createRange();
+                        panels.ieCachedScrollTop = panels.input.scrollTop;
+                    };
+                }
+
+                if (!button.isHelp) {
+                    button.onclick = function () {
+                        if (this.onmouseout) {
+                            this.onmouseout();
+                        }
+                        doClick(this);
+                        return false;
+                    }
+                }
+            }
+            else {
+                image.style.backgroundPosition = button.XShift + " " + disabledYShift;
+                button.onmouseover = button.onmouseout = button.onclick = function () { };
+            }
+        }
+
+        function bindCommand(method) {
+            if (typeof method === "string")
+                method = commandManager[method];
+            return function () { method.apply(commandManager, arguments); }
+        }
+
+        function makeSpritedButtonRow() {
+
+            var buttonBar = panels.buttonBar;
+
+            var normalYShift = "0px";
+            var disabledYShift = "-20px";
+            var highlightYShift = "-40px";
+
+            var buttonRow = document.createElement("ul");
+            buttonRow.id = "wmd-button-row" + postfix;
+            buttonRow.className = 'wmd-button-row';
+            buttonRow = buttonBar.appendChild(buttonRow);
+            var xPosition = 0;
+            var makeButton = function (id, title, XShift, textOp) {
+                var button = document.createElement("li");
+                button.className = "wmd-button";
+                button.style.left = xPosition + "px";
+                xPosition += 25;
+                var buttonImage = document.createElement("span");
+                button.id = id + postfix;
+                button.appendChild(buttonImage);
+                button.title = title;
+                button.XShift = XShift;
+                if (textOp)
+                    button.textOp = textOp;
+                setupButton(button, true);
+                buttonRow.appendChild(button);
+                return button;
+            };
+            var makeSpacer = function (num) {
+                var spacer = document.createElement("li");
+                spacer.className = "wmd-spacer wmd-spacer" + num;
+                spacer.id = "wmd-spacer" + num + postfix;
+                buttonRow.appendChild(spacer);
+                xPosition += 25;
+            }
+
+            buttons.bold = makeButton("wmd-bold-button", getString("bold"), "0px", bindCommand("doBold"));
+            buttons.italic = makeButton("wmd-italic-button", getString("italic"), "-20px", bindCommand("doItalic"));
+            makeSpacer(1);
+            buttons.link = makeButton("wmd-link-button", getString("link"), "-40px", bindCommand(function (chunk, postProcessing) {
+                return this.doLinkOrImage(chunk, postProcessing, false);
+            }));
+            buttons.quote = makeButton("wmd-quote-button", getString("quote"), "-60px", bindCommand("doBlockquote"));
+            buttons.code = makeButton("wmd-code-button", getString("code"), "-80px", bindCommand("doCode"));
+            buttons.image = makeButton("wmd-image-button", getString("image"), "-100px", bindCommand(function (chunk, postProcessing) {
+                return this.doLinkOrImage(chunk, postProcessing, true);
+            }));
+            makeSpacer(2);
+            buttons.olist = makeButton("wmd-olist-button", getString("olist"), "-120px", bindCommand(function (chunk, postProcessing) {
+                this.doList(chunk, postProcessing, true);
+            }));
+            buttons.ulist = makeButton("wmd-ulist-button", getString("ulist"), "-140px", bindCommand(function (chunk, postProcessing) {
+                this.doList(chunk, postProcessing, false);
+            }));
+            buttons.heading = makeButton("wmd-heading-button", getString("heading"), "-160px", bindCommand("doHeading"));
+            buttons.hr = makeButton("wmd-hr-button", getString("hr"), "-180px", bindCommand("doHorizontalRule"));
+            buttons.more = makeButton("wmd-more-button", getString("more"), "-280px", bindCommand("doMore"));
+            makeSpacer(3);
+            buttons.undo = makeButton("wmd-undo-button", getString("undo"), "-200px", null);
+            buttons.undo.execute = function (manager) { if (manager) manager.undo(); };
+
+            var redoTitle = /win/.test(nav.platform.toLowerCase()) ?
+                getString("redo") :
+                getString("redomac"); // mac and other non-Windows platforms
+
+            buttons.redo = makeButton("wmd-redo-button", redoTitle, "-220px", null);
+            buttons.redo.execute = function (manager) { if (manager) manager.redo(); };
+            makeSpacer(4);
+            buttons.fullscreen = makeButton("wmd-fullscreen-button", getString("fullscreen"), "-240px", null);
+            buttons.fullscreen.execute = function () { fullScreenManager.doFullScreen(buttons, true); };
+            buttons.exitFullscreen = makeButton("wmd-exit-fullscreen-button", getString("exitFullscreen"), "-260px", null);
+            buttons.exitFullscreen.style.display = 'none';
+            buttons.exitFullscreen.execute = function () { fullScreenManager.doFullScreen(buttons, false); };
+
+            // button hooks
+            hooks.makeButton(buttons, makeButton, bindCommand, ui);
+
+            if (helpOptions) {
+                var helpButton = document.createElement("li");
+                var helpButtonImage = document.createElement("span");
+                helpButton.appendChild(helpButtonImage);
+                helpButton.className = "wmd-button wmd-help-button";
+                helpButton.id = "wmd-help-button" + postfix;
+                helpButton.XShift = "-300px";
+                helpButton.isHelp = true;
+                helpButton.style.right = "0px";
+                helpButton.title = getString("help");
+                helpButton.onclick = helpOptions.handler;
+
+                setupButton(helpButton, true);
+                buttonRow.appendChild(helpButton);
+                buttons.help = helpButton;
+            }
+
+            setUndoRedoButtonStates();
+        }
+
+        function setUndoRedoButtonStates() {
+            if (undoManager) {
+                setupButton(buttons.undo, undoManager.canUndo());
+                setupButton(buttons.redo, undoManager.canRedo());
+            }
+        };
+
+        this.setUndoRedoButtonStates = setUndoRedoButtonStates;
+
+    }
+
+    function CommandManager(pluginHooks, getString) {
+        this.hooks = pluginHooks;
+        this.getString = getString;
+    }
+
+    var commandProto = CommandManager.prototype;
+
+    // The markdown symbols - 4 spaces = code, > = blockquote, etc.
+    commandProto.prefixes = "(?:\\s{4,}|\\s*>|\\s*-\\s+|\\s*\\d+\\.|=|\\+|-|_|\\*|#|\\s*\\[[^\n]]+\\]:)";
+
+    // Remove markdown symbols from the chunk selection.
+    commandProto.unwrap = function (chunk) {
+        var txt = new re("([^\\n])\\n(?!(\\n|" + this.prefixes + "))", "g");
+        chunk.selection = chunk.selection.replace(txt, "$1 $2");
+    };
+
+    commandProto.wrap = function (chunk, len) {
+        this.unwrap(chunk);
+        var regex = new re("(.{1," + len + "})( +|$\\n?)", "gm"),
+            that = this;
+
+        chunk.selection = chunk.selection.replace(regex, function (line, marked) {
+            if (new re("^" + that.prefixes, "").test(line)) {
+                return line;
+            }
+            return marked + "\n";
+        });
+
+        chunk.selection = chunk.selection.replace(/\s+$/, "");
+    };
+
+    commandProto.doBold = function (chunk, postProcessing) {
+        return this.doBorI(chunk, postProcessing, 2, this.getString("boldexample"));
+    };
+
+    commandProto.doItalic = function (chunk, postProcessing) {
+        return this.doBorI(chunk, postProcessing, 1, this.getString("italicexample"));
+    };
+
+    // chunk: The selected region that will be enclosed with */**
+    // nStars: 1 for italics, 2 for bold
+    // insertText: If you just click the button without highlighting text, this gets inserted
+    commandProto.doBorI = function (chunk, postProcessing, nStars, insertText) {
+
+        // Get rid of whitespace and fixup newlines.
+        chunk.trimWhitespace();
+        chunk.selection = chunk.selection.replace(/\n{2,}/g, "\n");
+
+        // Look for stars before and after.  Is the chunk already marked up?
+        // note that these regex matches cannot fail
+        var starsBefore = /(\**$)/.exec(chunk.before)[0];
+        var starsAfter = /(^\**)/.exec(chunk.after)[0];
+
+        var prevStars = Math.min(starsBefore.length, starsAfter.length);
+
+        // Remove stars if we have to since the button acts as a toggle.
+        if ((prevStars >= nStars) && (prevStars != 2 || nStars != 1)) {
+            chunk.before = chunk.before.replace(re("[*]{" + nStars + "}$", ""), "");
+            chunk.after = chunk.after.replace(re("^[*]{" + nStars + "}", ""), "");
+        }
+        else if (!chunk.selection && starsAfter) {
+            // It's not really clear why this code is necessary.  It just moves
+            // some arbitrary stuff around.
+            chunk.after = chunk.after.replace(/^([*_]*)/, "");
+            chunk.before = chunk.before.replace(/(\s?)$/, "");
+            var whitespace = re.$1;
+            chunk.before = chunk.before + starsAfter + whitespace;
+        }
+        else {
+
+            // In most cases, if you don't have any selected text and click the button
+            // you'll get a selected, marked up region with the default text inserted.
+            if (!chunk.selection && !starsAfter) {
+                chunk.selection = insertText;
+            }
+
+            // Add the true markup.
+            var markup = nStars <= 1 ? "*" : "**"; // shouldn't the test be = ?
+            chunk.before = chunk.before + markup;
+            chunk.after = markup + chunk.after;
+        }
+
+        return;
+    };
+
+    commandProto.stripLinkDefs = function (text, defsToAdd) {
+
+        text = text.replace(/^[ ]{0,3}\[(\d+)\]:[ \t]*\n?[ \t]*<?(\S+?)>?[ \t]*\n?[ \t]*(?:(\n*)["(](.+?)[")][ \t]*)?(?:\n+|$)/gm,
+            function (totalMatch, id, link, newlines, title) {
+                defsToAdd[id] = totalMatch.replace(/\s*$/, "");
+                if (newlines) {
+                    // Strip the title and return that separately.
+                    defsToAdd[id] = totalMatch.replace(/["(](.+?)[")]$/, "");
+                    return newlines + title;
+                }
+                return "";
+            });
+
+        return text;
+    };
+
+    commandProto.addLinkDef = function (chunk, linkDef) {
+
+        var refNumber = 0; // The current reference number
+        var defsToAdd = {}; //
+        // Start with a clean slate by removing all previous link definitions.
+        chunk.before = this.stripLinkDefs(chunk.before, defsToAdd);
+        chunk.selection = this.stripLinkDefs(chunk.selection, defsToAdd);
+        chunk.after = this.stripLinkDefs(chunk.after, defsToAdd);
+
+        var defs = "";
+        var regex = /(\[)((?:\[[^\]]*\]|[^\[\]])*)(\][ ]?(?:\n[ ]*)?\[)(\d+)(\])/g;
+
+        var addDefNumber = function (def) {
+            refNumber++;
+            def = def.replace(/^[ ]{0,3}\[(\d+)\]:/, "  [" + refNumber + "]:");
+            defs += "\n" + def;
+        };
+
+        // note that
+        // a) the recursive call to getLink cannot go infinite, because by definition
+        //    of regex, inner is always a proper substring of wholeMatch, and
+        // b) more than one level of nesting is neither supported by the regex
+        //    nor making a lot of sense (the only use case for nesting is a linked image)
+        var getLink = function (wholeMatch, before, inner, afterInner, id, end) {
+            inner = inner.replace(regex, getLink);
+            if (defsToAdd[id]) {
+                addDefNumber(defsToAdd[id]);
+                return before + inner + afterInner + refNumber + end;
+            }
+            return wholeMatch;
+        };
+
+        chunk.before = chunk.before.replace(regex, getLink);
+
+        if (linkDef) {
+            addDefNumber(linkDef);
+        }
+        else {
+            chunk.selection = chunk.selection.replace(regex, getLink);
+        }
+
+        var refOut = refNumber;
+
+        chunk.after = chunk.after.replace(regex, getLink);
+
+        if (chunk.after) {
+            chunk.after = chunk.after.replace(/\n*$/, "");
+        }
+        if (!chunk.after) {
+            chunk.selection = chunk.selection.replace(/\n*$/, "");
+        }
+
+        chunk.after += "\n\n" + defs;
+
+        return refOut;
+    };
+
+    // takes the line as entered into the add link/as image dialog and makes
+    // sure the URL and the optinal title are "nice".
+    function properlyEncoded(linkdef) {
+        return linkdef.replace(/^\s*(.*?)(?:\s+"(.+)")?\s*$/, function (wholematch, link, title) {
+            
+            var inQueryString = false;
+
+            // The last alternative, `[^\w\d-./]`, is just a shortcut that lets us skip
+            // the most common characters in URLs. Replacing it with `.` would not change
+            // the result, because encodeURI returns those characters unchanged, but it
+            // would mean lots of unnecessary replacement calls
+            link = link.replace(/%(?:[\da-fA-F]{2})|\?|\+|[^\w\d-./]/g, function (match) {
+                // Valid percent encoding. Could just return it as is, but we follow RFC3986
+                // Section 2.1 which says "For consistency, URI producers and normalizers
+                // should use uppercase hexadecimal digits for all percent-encodings."
+                // Note that we also handle (illegal) stand-alone percent characters by
+                // replacing them with "%25"
+                if (match.length === 3 && match.charAt(0) == "%") {
+                    return match.toUpperCase();
+                }
+                switch (match) {
+                    case "?":
+                        inQueryString = true;
+                        return "?";
+                        break;
+                    
+                    // In the query string, a plus and a space are identical -- normalize.
+                    // Not strictly necessary, but identical behavior to the previous version
+                    // of this function.
+                    case "+":
+                        if (inQueryString)
+                            return "%20";
+                        break;
+                }
+                return encodeURI(match);
+            })
+            
+            if (title) {
+                title = title.trim ? title.trim() : title.replace(/^\s*/, "").replace(/\s*$/, "");
+                title = title.replace(/"/g, "quot;").replace(/\(/g, "&#40;").replace(/\)/g, "&#41;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+            }
+            return title ? link + ' "' + title + '"' : link;
+        });
+    }
+
+    commandProto.doLinkOrImage = function (chunk, postProcessing, isImage) {
+
+        chunk.trimWhitespace();
+        chunk.findTags(/\s*!?\[/, /\][ ]?(?:\n[ ]*)?(\[.*?\])?/);
+        var background;
+
+        if (chunk.endTag.length > 1 && chunk.startTag.length > 0) {
+
+            chunk.startTag = chunk.startTag.replace(/!?\[/, "");
+            chunk.endTag = "";
+            this.addLinkDef(chunk, null);
+
+        }
+        else {
+            
+            // We're moving start and end tag back into the selection, since (as we're in the else block) we're not
+            // *removing* a link, but *adding* one, so whatever findTags() found is now back to being part of the
+            // link text. linkEnteredCallback takes care of escaping any brackets.
+            chunk.selection = chunk.startTag + chunk.selection + chunk.endTag;
+            chunk.startTag = chunk.endTag = "";
+
+            if (/\n\n/.test(chunk.selection)) {
+                this.addLinkDef(chunk, null);
+                return;
+            }
+            var that = this;
+            // The function to be executed when you enter a link and press OK or Cancel.
+            // Marks up the link and adds the ref.
+            var linkEnteredCallback = function (link) {
+
+                background.parentNode.removeChild(background);
+
+                if (link !== null) {
+                    // (                          $1
+                    //     [^\\]                  anything that's not a backslash
+                    //     (?:\\\\)*              an even number (this includes zero) of backslashes
+                    // )
+                    // (?=                        followed by
+                    //     [[\]]                  an opening or closing bracket
+                    // )
+                    //
+                    // In other words, a non-escaped bracket. These have to be escaped now to make sure they
+                    // don't count as the end of the link or similar.
+                    // Note that the actual bracket has to be a lookahead, because (in case of to subsequent brackets),
+                    // the bracket in one match may be the "not a backslash" character in the next match, so it
+                    // should not be consumed by the first match.
+                    // The "prepend a space and finally remove it" steps makes sure there is a "not a backslash" at the
+                    // start of the string, so this also works if the selection begins with a bracket. We cannot solve
+                    // this by anchoring with ^, because in the case that the selection starts with two brackets, this
+                    // would mean a zero-width match at the start. Since zero-width matches advance the string position,
+                    // the first bracket could then not act as the "not a backslash" for the second.
+                    chunk.selection = (" " + chunk.selection).replace(/([^\\](?:\\\\)*)(?=[[\]])/g, "$1\\").substr(1);
+                    
+                    var linkDef = " [999]: " + properlyEncoded(link);
+
+                    var num = that.addLinkDef(chunk, linkDef);
+                    chunk.startTag = isImage ? "![" : "[";
+                    chunk.endTag = "][" + num + "]";
+
+                    if (!chunk.selection) {
+                        if (isImage) {
+                            var imagename = that.getString("imagename");
+                            chunk.selection = imagename || that.getString("imagedescription");
+                        }
+                        else {
+                            var linkname = that.getString("linkname");
+                            chunk.selection = linkname || that.getString("linkdescription");
+                        }
+                    }
+                }
+                postProcessing();
+            };
+
+            background = ui.createBackground();
+
+            if (isImage) {
+                if (!this.hooks.insertImageDialog(linkEnteredCallback))
+                    ui.prompt(this.getString("imagedialog"), imageDefaultText, linkEnteredCallback, this.getString("ok"), this.getString("cancel"));
+            }
+            else {
+                if (!this.hooks.insertLinkDialog(linkEnteredCallback))
+                    ui.prompt(this.getString("linkdialog"), linkDefaultText, linkEnteredCallback, this.getString("ok"), this.getString("cancel"));
+            }
+            return true;
+        }
+    };
+
+    // When making a list, hitting shift-enter will put your cursor on the next line
+    // at the current indent level.
+    commandProto.doAutoindent = function (chunk, postProcessing) {
+
+        var commandMgr = this,
+            fakeSelection = false;
+
+        chunk.before = chunk.before.replace(/(\n|^)[ ]{0,3}([*+-]|\d+[.])[ \t]*\n$/, "\n\n");
+        chunk.before = chunk.before.replace(/(\n|^)[ ]{0,3}>[ \t]*\n$/, "\n\n");
+        chunk.before = chunk.before.replace(/(\n|^)[ \t]+\n$/, "\n\n");
+        
+        // There's no selection, end the cursor wasn't at the end of the line:
+        // The user wants to split the current list item / code line / blockquote line
+        // (for the latter it doesn't really matter) in two. Temporarily select the
+        // (rest of the) line to achieve this.
+        if (!chunk.selection && !/^[ \t]*(?:\n|$)/.test(chunk.after)) {
+            chunk.after = chunk.after.replace(/^[^\n]*/, function (wholeMatch) {
+                chunk.selection = wholeMatch;
+                return "";
+            });
+            fakeSelection = true;
+        }
+
+        if (/(\n|^)[ ]{0,3}([*+-]|\d+[.])[ \t]+.*\n$/.test(chunk.before)) {
+            if (commandMgr.doList) {
+                commandMgr.doList(chunk);
+            }
+        }
+        if (/(\n|^)[ ]{0,3}>[ \t]+.*\n$/.test(chunk.before)) {
+            if (commandMgr.doBlockquote) {
+                commandMgr.doBlockquote(chunk);
+            }
+        }
+        if (/(\n|^)(\t|[ ]{4,}).*\n$/.test(chunk.before)) {
+            if (commandMgr.doCode) {
+                commandMgr.doCode(chunk);
+            }
+        }
+        
+        if (fakeSelection) {
+            chunk.after = chunk.selection + chunk.after;
+            chunk.selection = "";
+        }
+    };
+
+    commandProto.doBlockquote = function (chunk, postProcessing) {
+
+        chunk.selection = chunk.selection.replace(/^(\n*)([^\r]+?)(\n*)$/,
+            function (totalMatch, newlinesBefore, text, newlinesAfter) {
+                chunk.before += newlinesBefore;
+                chunk.after = newlinesAfter + chunk.after;
+                return text;
+            });
+
+        chunk.before = chunk.before.replace(/(>[ \t]*)$/,
+            function (totalMatch, blankLine) {
+                chunk.selection = blankLine + chunk.selection;
+                return "";
+            });
+
+        chunk.selection = chunk.selection.replace(/^(\s|>)+$/, "");
+        chunk.selection = chunk.selection || this.getString("quoteexample");
+
+        // The original code uses a regular expression to find out how much of the
+        // text *directly before* the selection already was a blockquote:
+
+        /*
+        if (chunk.before) {
+        chunk.before = chunk.before.replace(/\n?$/, "\n");
+        }
+        chunk.before = chunk.before.replace(/(((\n|^)(\n[ \t]*)*>(.+\n)*.*)+(\n[ \t]*)*$)/,
+        function (totalMatch) {
+        chunk.startTag = totalMatch;
+        return "";
+        });
+        */
+
+        // This comes down to:
+        // Go backwards as many lines a possible, such that each line
+        //  a) starts with ">", or
+        //  b) is almost empty, except for whitespace, or
+        //  c) is preceeded by an unbroken chain of non-empty lines
+        //     leading up to a line that starts with ">" and at least one more character
+        // and in addition
+        //  d) at least one line fulfills a)
+        //
+        // Since this is essentially a backwards-moving regex, it's susceptible to
+        // catstrophic backtracking and can cause the browser to hang;
+        // see e.g. http://meta.stackexchange.com/questions/9807.
+        //
+        // Hence we replaced this by a simple state machine that just goes through the
+        // lines and checks for a), b), and c).
+
+        var match = "",
+            leftOver = "",
+            line;
+        if (chunk.before) {
+            var lines = chunk.before.replace(/\n$/, "").split("\n");
+            var inChain = false;
+            for (var i = 0; i < lines.length; i++) {
+                var good = false;
+                line = lines[i];
+                inChain = inChain && line.length > 0; // c) any non-empty line continues the chain
+                if (/^>/.test(line)) {                // a)
+                    good = true;
+                    if (!inChain && line.length > 1)  // c) any line that starts with ">" and has at least one more character starts the chain
+                        inChain = true;
+                } else if (/^[ \t]*$/.test(line)) {   // b)
+                    good = true;
+                } else {
+                    good = inChain;                   // c) the line is not empty and does not start with ">", so it matches if and only if we're in the chain
+                }
+                if (good) {
+                    match += line + "\n";
+                } else {
+                    leftOver += match + line;
+                    match = "\n";
+                }
+            }
+            if (!/(^|\n)>/.test(match)) {             // d)
+                leftOver += match;
+                match = "";
+            }
+        }
+
+        chunk.startTag = match;
+        chunk.before = leftOver;
+
+        // end of change
+
+        if (chunk.after) {
+            chunk.after = chunk.after.replace(/^\n?/, "\n");
+        }
+
+        chunk.after = chunk.after.replace(/^(((\n|^)(\n[ \t]*)*>(.+\n)*.*)+(\n[ \t]*)*)/,
+            function (totalMatch) {
+                chunk.endTag = totalMatch;
+                return "";
+            }
+        );
+
+        var replaceBlanksInTags = function (useBracket) {
+
+            var replacement = useBracket ? "> " : "";
+
+            if (chunk.startTag) {
+                chunk.startTag = chunk.startTag.replace(/\n((>|\s)*)\n$/,
+                    function (totalMatch, markdown) {
+                        return "\n" + markdown.replace(/^[ ]{0,3}>?[ \t]*$/gm, replacement) + "\n";
+                    });
+            }
+            if (chunk.endTag) {
+                chunk.endTag = chunk.endTag.replace(/^\n((>|\s)*)\n/,
+                    function (totalMatch, markdown) {
+                        return "\n" + markdown.replace(/^[ ]{0,3}>?[ \t]*$/gm, replacement) + "\n";
+                    });
+            }
+        };
+
+        if (/^(?![ ]{0,3}>)/m.test(chunk.selection)) {
+            this.wrap(chunk, SETTINGS.lineLength - 2);
+            chunk.selection = chunk.selection.replace(/^/gm, "> ");
+            replaceBlanksInTags(true);
+            chunk.skipLines();
+        } else {
+            chunk.selection = chunk.selection.replace(/^[ ]{0,3}> ?/gm, "");
+            this.unwrap(chunk);
+            replaceBlanksInTags(false);
+
+            if (!/^(\n|^)[ ]{0,3}>/.test(chunk.selection) && chunk.startTag) {
+                chunk.startTag = chunk.startTag.replace(/\n{0,2}$/, "\n\n");
+            }
+
+            if (!/(\n|^)[ ]{0,3}>.*$/.test(chunk.selection) && chunk.endTag) {
+                chunk.endTag = chunk.endTag.replace(/^\n{0,2}/, "\n\n");
+            }
+        }
+
+        chunk.selection = this.hooks.postBlockquoteCreation(chunk.selection);
+
+        if (!/\n/.test(chunk.selection)) {
+            chunk.selection = chunk.selection.replace(/^(> *)/,
+            function (wholeMatch, blanks) {
+                chunk.startTag += blanks;
+                return "";
+            });
+        }
+    };
+
+    commandProto.doCode = function (chunk, postProcessing) {
+
+        var hasTextBefore = /\S[ ]*$/.test(chunk.before);
+        var hasTextAfter = /^[ ]*\S/.test(chunk.after);
+
+        // Use 'four space' markdown if the selection is on its own
+        // line or is multiline.
+        if ((!hasTextAfter && !hasTextBefore) || /\n/.test(chunk.selection)) {
+
+            chunk.before = chunk.before.replace(/[ ]{4}$/,
+                function (totalMatch) {
+                    chunk.selection = totalMatch + chunk.selection;
+                    return "";
+                });
+
+            var nLinesBack = 1;
+            var nLinesForward = 1;
+
+            if (/(\n|^)(\t|[ ]{4,}).*\n$/.test(chunk.before)) {
+                nLinesBack = 0;
+            }
+            if (/^\n(\t|[ ]{4,})/.test(chunk.after)) {
+                nLinesForward = 0;
+            }
+
+            chunk.skipLines(nLinesBack, nLinesForward);
+
+            if (!chunk.selection) {
+                chunk.startTag = "    ";
+                chunk.selection = this.getString("codeexample");
+            }
+            else {
+                if (/^[ ]{0,3}\S/m.test(chunk.selection)) {
+                    if (/\n/.test(chunk.selection))
+                        chunk.selection = chunk.selection.replace(/^/gm, "    ");
+                    else // if it's not multiline, do not select the four added spaces; this is more consistent with the doList behavior
+                        chunk.before += "    ";
+                }
+                else {
+                    chunk.selection = chunk.selection.replace(/^(?:[ ]{4}|[ ]{0,3}\t)/gm, "");
+                }
+            }
+        }
+        else {
+            // Use backticks (`) to delimit the code block.
+
+            chunk.trimWhitespace();
+            chunk.findTags(/`/, /`/);
+
+            if (!chunk.startTag && !chunk.endTag) {
+                chunk.startTag = chunk.endTag = "`";
+                if (!chunk.selection) {
+                    chunk.selection = this.getString("codeexample");
+                }
+            }
+            else if (chunk.endTag && !chunk.startTag) {
+                chunk.before += chunk.endTag;
+                chunk.endTag = "";
+            }
+            else {
+                chunk.startTag = chunk.endTag = "";
+            }
+        }
+    };
+
+    commandProto.doList = function (chunk, postProcessing, isNumberedList) {
+
+        // These are identical except at the very beginning and end.
+        // Should probably use the regex extension function to make this clearer.
+        var previousItemsRegex = /(\n|^)(([ ]{0,3}([*+-]|\d+[.])[ \t]+.*)(\n.+|\n{2,}([*+-].*|\d+[.])[ \t]+.*|\n{2,}[ \t]+\S.*)*)\n*$/;
+        var nextItemsRegex = /^\n*(([ ]{0,3}([*+-]|\d+[.])[ \t]+.*)(\n.+|\n{2,}([*+-].*|\d+[.])[ \t]+.*|\n{2,}[ \t]+\S.*)*)\n*/;
+
+        // The default bullet is a dash but others are possible.
+        // This has nothing to do with the particular HTML bullet,
+        // it's just a markdown bullet.
+        var bullet = "-";
+
+        // The number in a numbered list.
+        var num = 1;
+
+        // Get the item prefix - e.g. " 1. " for a numbered list, " - " for a bulleted list.
+        var getItemPrefix = function () {
+            var prefix;
+            if (isNumberedList) {
+                prefix = " " + num + ". ";
+                num++;
+            }
+            else {
+                prefix = " " + bullet + " ";
+            }
+            return prefix;
+        };
+
+        // Fixes the prefixes of the other list items.
+        var getPrefixedItem = function (itemText) {
+
+            // The numbering flag is unset when called by autoindent.
+            if (isNumberedList === undefined) {
+                isNumberedList = /^\s*\d/.test(itemText);
+            }
+
+            // Renumber/bullet the list element.
+            itemText = itemText.replace(/^[ ]{0,3}([*+-]|\d+[.])\s/gm,
+                function (_) {
+                    return getItemPrefix();
+                });
+
+            return itemText;
+        };
+
+        chunk.findTags(/(\n|^)*[ ]{0,3}([*+-]|\d+[.])\s+/, null);
+
+        if (chunk.before && !/\n$/.test(chunk.before) && !/^\n/.test(chunk.startTag)) {
+            chunk.before += chunk.startTag;
+            chunk.startTag = "";
+        }
+
+        if (chunk.startTag) {
+
+            var hasDigits = /\d+[.]/.test(chunk.startTag);
+            chunk.startTag = "";
+            chunk.selection = chunk.selection.replace(/\n[ ]{4}/g, "\n");
+            this.unwrap(chunk);
+            chunk.skipLines();
+
+            if (hasDigits) {
+                // Have to renumber the bullet points if this is a numbered list.
+                chunk.after = chunk.after.replace(nextItemsRegex, getPrefixedItem);
+            }
+            if (isNumberedList == hasDigits) {
+                return;
+            }
+        }
+
+        var nLinesUp = 1;
+
+        chunk.before = chunk.before.replace(previousItemsRegex,
+            function (itemText) {
+                if (/^\s*([*+-])/.test(itemText)) {
+                    bullet = re.$1;
+                }
+                nLinesUp = /[^\n]\n\n[^\n]/.test(itemText) ? 1 : 0;
+                return getPrefixedItem(itemText);
+            });
+
+        if (!chunk.selection) {
+            chunk.selection = this.getString("litem");
+        }
+
+        var prefix = getItemPrefix();
+
+        var nLinesDown = 1;
+
+        chunk.after = chunk.after.replace(nextItemsRegex,
+            function (itemText) {
+                nLinesDown = /[^\n]\n\n[^\n]/.test(itemText) ? 1 : 0;
+                return getPrefixedItem(itemText);
+            });
+
+        chunk.trimWhitespace(true);
+        chunk.skipLines(nLinesUp, nLinesDown, true);
+        chunk.startTag = prefix;
+        var spaces = prefix.replace(/./g, " ");
+        this.wrap(chunk, SETTINGS.lineLength - spaces.length);
+        chunk.selection = chunk.selection.replace(/\n/g, "\n" + spaces);
+
+    };
+
+    commandProto.doHeading = function (chunk, postProcessing) {
+
+        // Remove leading/trailing whitespace and reduce internal spaces to single spaces.
+        chunk.selection = chunk.selection.replace(/\s+/g, " ");
+        chunk.selection = chunk.selection.replace(/(^\s+|\s+$)/g, "");
+
+        // If we clicked the button with no selected text, we just
+        // make a level 2 hash header around some default text.
+        if (!chunk.selection) {
+            chunk.startTag = "## ";
+            chunk.selection = this.getString("headingexample");
+            chunk.endTag = " ##";
+            return;
+        }
+
+        var headerLevel = 0;     // The existing header level of the selected text.
+
+        // Remove any existing hash heading markdown and save the header level.
+        chunk.findTags(/#+[ ]*/, /[ ]*#+/);
+        if (/#+/.test(chunk.startTag)) {
+            headerLevel = re.lastMatch.length;
+        }
+        chunk.startTag = chunk.endTag = "";
+
+        // Try to get the current header level by looking for - and = in the line
+        // below the selection.
+        chunk.findTags(null, /\s?(-+|=+)/);
+        if (/=+/.test(chunk.endTag)) {
+            headerLevel = 1;
+        }
+        if (/-+/.test(chunk.endTag)) {
+            headerLevel = 2;
+        }
+
+        // Skip to the next line so we can create the header markdown.
+        chunk.startTag = chunk.endTag = "";
+        chunk.skipLines(1, 1);
+
+        // We make a level 2 header if there is no current header.
+        // If there is a header level, we substract one from the header level.
+        // If it's already a level 1 header, it's removed.
+        var headerLevelToCreate = headerLevel == 0 ? 2 : headerLevel - 1;
+
+        if (headerLevelToCreate > 0) {
+
+            // The button only creates level 1 and 2 underline headers.
+            // Why not have it iterate over hash header levels?  Wouldn't that be easier and cleaner?
+            var headerChar = headerLevelToCreate >= 2 ? "-" : "=";
+            var len = chunk.selection.length;
+            if (len > SETTINGS.lineLength) {
+                len = SETTINGS.lineLength;
+            }
+            chunk.endTag = "\n";
+            while (len--) {
+                chunk.endTag += headerChar;
+            }
+        }
+    };
+
+    commandProto.doHorizontalRule = function (chunk, postProcessing) {
+        chunk.startTag = "----------\n";
+        chunk.selection = "";
+        chunk.skipLines(2, 1, true);
+    }
+
+    commandProto.doMore = function (chunk, postProcessing) {
+        chunk.startTag = "<!--more-->\n\n";
+        chunk.selection = "";
+        chunk.skipLines(2, 0, true);
+    }
+
+    commandProto.doTab = function (chunk, postProcessing) {
+        chunk.startTag = "    ";
+        chunk.selection = "";
+    }
+
+    function FullScreenManager (hooks, getString) {
+        this.fullScreenBind = false;
+        this.hooks = hooks;
+        this.getString = getString;
+        this.isFakeFullScreen = false;
+    }
+
+    function getFullScreenAdapter () {
+        var selector = {
+            fullScreenChange : ['onfullscreenchange', 'onwebkitfullscreenchange', 'onmozfullscreenchange', 'onmsfullscreenchange'],
+            requestFullscreen : ['requestFullscreen', 'webkitRequestFullScreen', 'mozRequestFullScreen', 'msRequestFullScreen'],
+            cancelFullscreen : ['cancelFullscreen', 'exitFullScreen', 'webkitCancelFullScreen', 'mozCancelFullScreen', 'msCancelFullScreen']
+        }, adapter = {};
+
+        for (var name in selector) {
+            var len = selector[name].length, found = false;
+
+            for (var i = 0; i < len; i ++) {
+                var method = selector[name][i];
+
+                if ('undefined' != typeof(document[method]) || 'undefined' != typeof(document.body[method])) {
+                    adapter[name] = method;
+                    found = true;
+                    break;
+                }
+            }
+
+            if (!found) {
+                return false;
+            }
+        }
+
+        return adapter;
+    };
+
+    function isFullScreen () {
+        return document.fullScreen || 
+            document.mozFullScreen || 
+            document.webkitIsFullScreen ||
+            document.msIsFullScreen;
+    };
+
+    // fullscreen
+    FullScreenManager.prototype.doFullScreen = function (buttons, enter) {
+        var adapter = getFullScreenAdapter(), self = this;
+
+        if (!adapter) {
+            alert(self.getString('fullscreenUnsupport'));
+            return false;
+        }
+
+        if (!this.fullScreenBind) {
+            util.addEvent(document, adapter.fullScreenChange.substring(2), function () {
+                if (!isFullScreen()) {
+                    buttons.fullscreen.style.display = '';
+                    buttons.exitFullscreen.style.display = 'none';
+                    self.hooks.exitFullScreen();
+                } else {
+                    buttons.fullscreen.style.display = 'none';
+                    buttons.exitFullscreen.style.display = '';
+                    self.hooks.enterFullScreen();
+                }
+            });
+
+            this.fullScreenBind = true;
+        }
+
+        if (enter) {
+            if (self.isFakeFullScreen) {
+                document.body[adapter.requestFullscreen]('webkitRequestFullScreen' == adapter.requestFullscreen 
+                    ? Element.ALLOW_KEYBOARD_INPUT : null);
+                self.isFakeFullScreen = false;
+            } else if (!isFullScreen()) {
+                buttons.exitFullscreen.style.display = '';
+                self.hooks.enterFakeFullScreen();
+                self.isFakeFullScreen = true;
+            }
+        } else {
+            if (self.isFakeFullScreen) {
+                buttons.exitFullscreen.style.display = 'none';
+                self.hooks.exitFullScreen();
+            } else if (isFullScreen()) {
+                document[adapter.cancelFullscreen]();
+            }
+            
+            self.isFakeFullScreen = false;
+        }
+    };
+})();
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/plupload.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/plupload.js
new file mode 100644
index 0000000..9531989
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/plupload.js
@@ -0,0 +1,2273 @@
+/**
+ * Plupload - multi-runtime File Uploader
+ * v2.1.1
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ *
+ * Date: 2014-01-16
+ */
+/**
+ * Plupload.js
+ *
+ * Copyright 2013, Moxiecode Systems AB
+ * Released under GPL License.
+ *
+ * License: http://www.plupload.com/license
+ * Contributing: http://www.plupload.com/contributing
+ */
+
+/*global mOxie:true */
+
+;(function(window, o, undef) {
+
+var delay = window.setTimeout
+, fileFilters = {}
+;
+
+// convert plupload features to caps acceptable by mOxie
+function normalizeCaps(settings) {		
+	var features = settings.required_features, caps = {};
+
+	function resolve(feature, value, strict) {
+		// Feature notation is deprecated, use caps (this thing here is required for backward compatibility)
+		var map = { 
+			chunks: 'slice_blob',
+			jpgresize: 'send_binary_string',
+			pngresize: 'send_binary_string',
+			progress: 'report_upload_progress',
+			multi_selection: 'select_multiple',
+			dragdrop: 'drag_and_drop',
+			drop_element: 'drag_and_drop',
+			headers: 'send_custom_headers',
+			canSendBinary: 'send_binary',
+			triggerDialog: 'summon_file_dialog'
+		};
+
+		if (map[feature]) {
+			caps[map[feature]] = value;
+		} else if (!strict) {
+			caps[feature] = value;
+		}
+	}
+
+	if (typeof(features) === 'string') {
+		plupload.each(features.split(/\s*,\s*/), function(feature) {
+			resolve(feature, true);
+		});
+	} else if (typeof(features) === 'object') {
+		plupload.each(features, function(value, feature) {
+			resolve(feature, value);
+		});
+	} else if (features === true) {
+		// check settings for required features
+		if (!settings.multipart) { // special care for multipart: false
+			caps.send_binary_string = true;
+		}
+
+		if (settings.chunk_size > 0) {
+			caps.slice_blob = true;
+		}
+
+		if (settings.resize.enabled) {
+			caps.send_binary_string = true;
+		}
+		
+		plupload.each(settings, function(value, feature) {
+			resolve(feature, !!value, true); // strict check
+		});
+	}
+	
+	return caps;
+}
+
+/** 
+ * @module plupload	
+ * @static
+ */
+var plupload = {
+	/**
+	 * Plupload version will be replaced on build.
+	 *
+	 * @property VERSION
+	 * @for Plupload
+	 * @static
+	 * @final
+	 */
+	VERSION : '2.1.1',
+
+	/**
+	 * Inital state of the queue and also the state ones it's finished all it's uploads.
+	 *
+	 * @property STOPPED
+	 * @static
+	 * @final
+	 */
+	STOPPED : 1,
+
+	/**
+	 * Upload process is running
+	 *
+	 * @property STARTED
+	 * @static
+	 * @final
+	 */
+	STARTED : 2,
+
+	/**
+	 * File is queued for upload
+	 *
+	 * @property QUEUED
+	 * @static
+	 * @final
+	 */
+	QUEUED : 1,
+
+	/**
+	 * File is being uploaded
+	 *
+	 * @property UPLOADING
+	 * @static
+	 * @final
+	 */
+	UPLOADING : 2,
+
+	/**
+	 * File has failed to be uploaded
+	 *
+	 * @property FAILED
+	 * @static
+	 * @final
+	 */
+	FAILED : 4,
+
+	/**
+	 * File has been uploaded successfully
+	 *
+	 * @property DONE
+	 * @static
+	 * @final
+	 */
+	DONE : 5,
+
+	// Error constants used by the Error event
+
+	/**
+	 * Generic error for example if an exception is thrown inside Silverlight.
+	 *
+	 * @property GENERIC_ERROR
+	 * @static
+	 * @final
+	 */
+	GENERIC_ERROR : -100,
+
+	/**
+	 * HTTP transport error. For example if the server produces a HTTP status other than 200.
+	 *
+	 * @property HTTP_ERROR
+	 * @static
+	 * @final
+	 */
+	HTTP_ERROR : -200,
+
+	/**
+	 * Generic I/O error. For exampe if it wasn't possible to open the file stream on local machine.
+	 *
+	 * @property IO_ERROR
+	 * @static
+	 * @final
+	 */
+	IO_ERROR : -300,
+
+	/**
+	 * Generic I/O error. For exampe if it wasn't possible to open the file stream on local machine.
+	 *
+	 * @property SECURITY_ERROR
+	 * @static
+	 * @final
+	 */
+	SECURITY_ERROR : -400,
+
+	/**
+	 * Initialization error. Will be triggered if no runtime was initialized.
+	 *
+	 * @property INIT_ERROR
+	 * @static
+	 * @final
+	 */
+	INIT_ERROR : -500,
+
+	/**
+	 * File size error. If the user selects a file that is too large it will be blocked and an error of this type will be triggered.
+	 *
+	 * @property FILE_SIZE_ERROR
+	 * @static
+	 * @final
+	 */
+	FILE_SIZE_ERROR : -600,
+
+	/**
+	 * File extension error. If the user selects a file that isn't valid according to the filters setting.
+	 *
+	 * @property FILE_EXTENSION_ERROR
+	 * @static
+	 * @final
+	 */
+	FILE_EXTENSION_ERROR : -601,
+
+	/**
+	 * Duplicate file error. If prevent_duplicates is set to true and user selects the same file again.
+	 *
+	 * @property FILE_DUPLICATE_ERROR
+	 * @static
+	 * @final
+	 */
+	FILE_DUPLICATE_ERROR : -602,
+
+	/**
+	 * Runtime will try to detect if image is proper one. Otherwise will throw this error.
+	 *
+	 * @property IMAGE_FORMAT_ERROR
+	 * @static
+	 * @final
+	 */
+	IMAGE_FORMAT_ERROR : -700,
+
+	/**
+	 * While working on the image runtime will try to detect if the operation may potentially run out of memeory and will throw this error.
+	 *
+	 * @property IMAGE_MEMORY_ERROR
+	 * @static
+	 * @final
+	 */
+	IMAGE_MEMORY_ERROR : -701,
+
+	/**
+	 * Each runtime has an upper limit on a dimension of the image it can handle. If bigger, will throw this error.
+	 *
+	 * @property IMAGE_DIMENSIONS_ERROR
+	 * @static
+	 * @final
+	 */
+	IMAGE_DIMENSIONS_ERROR : -702,
+
+	/**
+	 * Mime type lookup table.
+	 *
+	 * @property mimeTypes
+	 * @type Object
+	 * @final
+	 */
+	mimeTypes : o.mimes,
+
+	/**
+	 * In some cases sniffing is the only way around :(
+	 */
+	ua: o.ua,
+
+	/**
+	 * Gets the true type of the built-in object (better version of typeof).
+	 * @credits Angus Croll (http://javascriptweblog.wordpress.com/)
+	 *
+	 * @method typeOf
+	 * @static
+	 * @param {Object} o Object to check.
+	 * @return {String} Object [[Class]]
+	 */
+	typeOf: o.typeOf,
+
+	/**
+	 * Extends the specified object with another object.
+	 *
+	 * @method extend
+	 * @static
+	 * @param {Object} target Object to extend.
+	 * @param {Object..} obj Multiple objects to extend with.
+	 * @return {Object} Same as target, the extended object.
+	 */
+	extend : o.extend,
+
+	/**
+	 * Generates an unique ID. This is 99.99% unique since it takes the current time and 5 random numbers.
+	 * The only way a user would be able to get the same ID is if the two persons at the same exact milisecond manages
+	 * to get 5 the same random numbers between 0-65535 it also uses a counter so each call will be guaranteed to be page unique.
+	 * It's more probable for the earth to be hit with an ansteriod. You can also if you want to be 100% sure set the plupload.guidPrefix property
+	 * to an user unique key.
+	 *
+	 * @method guid
+	 * @static
+	 * @return {String} Virtually unique id.
+	 */
+	guid : o.guid,
+
+	/**
+	 * Get array of DOM Elements by their ids.
+	 * 
+	 * @method get
+	 * @for Utils
+	 * @param {String} id Identifier of the DOM Element
+	 * @return {Array}
+	*/
+	get : function get(ids) {
+		var els = [], el;
+
+		if (o.typeOf(ids) !== 'array') {
+			ids = [ids];
+		}
+
+		var i = ids.length;
+		while (i--) {
+			el = o.get(ids[i]);
+			if (el) {
+				els.push(el);
+			}
+		}
+
+		return els.length ? els : null;
+	},
+
+	/**
+	 * Executes the callback function for each item in array/object. If you return false in the
+	 * callback it will break the loop.
+	 *
+	 * @method each
+	 * @static
+	 * @param {Object} obj Object to iterate.
+	 * @param {function} callback Callback function to execute for each item.
+	 */
+	each : o.each,
+
+	/**
+	 * Returns the absolute x, y position of an Element. The position will be returned in a object with x, y fields.
+	 *
+	 * @method getPos
+	 * @static
+	 * @param {Element} node HTML element or element id to get x, y position from.
+	 * @param {Element} root Optional root element to stop calculations at.
+	 * @return {object} Absolute position of the specified element object with x, y fields.
+	 */
+	getPos : o.getPos,
+
+	/**
+	 * Returns the size of the specified node in pixels.
+	 *
+	 * @method getSize
+	 * @static
+	 * @param {Node} node Node to get the size of.
+	 * @return {Object} Object with a w and h property.
+	 */
+	getSize : o.getSize,
+
+	/**
+	 * Encodes the specified string.
+	 *
+	 * @method xmlEncode
+	 * @static
+	 * @param {String} s String to encode.
+	 * @return {String} Encoded string.
+	 */
+	xmlEncode : function(str) {
+		var xmlEncodeChars = {'<' : 'lt', '>' : 'gt', '&' : 'amp', '"' : 'quot', '\'' : '#39'}, xmlEncodeRegExp = /[<>&\"\']/g;
+
+		return str ? ('' + str).replace(xmlEncodeRegExp, function(chr) {
+			return xmlEncodeChars[chr] ? '&' + xmlEncodeChars[chr] + ';' : chr;
+		}) : str;
+	},
+
+	/**
+	 * Forces anything into an array.
+	 *
+	 * @method toArray
+	 * @static
+	 * @param {Object} obj Object with length field.
+	 * @return {Array} Array object containing all items.
+	 */
+	toArray : o.toArray,
+
+	/**
+	 * Find an element in array and return it's index if present, otherwise return -1.
+	 *
+	 * @method inArray
+	 * @static
+	 * @param {mixed} needle Element to find
+	 * @param {Array} array
+	 * @return {Int} Index of the element, or -1 if not found
+	 */
+	inArray : o.inArray,
+
+	/**
+	 * Extends the language pack object with new items.
+	 *
+	 * @method addI18n
+	 * @static
+	 * @param {Object} pack Language pack items to add.
+	 * @return {Object} Extended language pack object.
+	 */
+	addI18n : o.addI18n,
+
+	/**
+	 * Translates the specified string by checking for the english string in the language pack lookup.
+	 *
+	 * @method translate
+	 * @static
+	 * @param {String} str String to look for.
+	 * @return {String} Translated string or the input string if it wasn't found.
+	 */
+	translate : o.translate,
+
+	/**
+	 * Checks if object is empty.
+	 *
+	 * @method isEmptyObj
+	 * @static
+	 * @param {Object} obj Object to check.
+	 * @return {Boolean}
+	 */
+	isEmptyObj : o.isEmptyObj,
+
+	/**
+	 * Checks if specified DOM element has specified class.
+	 *
+	 * @method hasClass
+	 * @static
+	 * @param {Object} obj DOM element like object to add handler to.
+	 * @param {String} name Class name
+	 */
+	hasClass : o.hasClass,
+
+	/**
+	 * Adds specified className to specified DOM element.
+	 *
+	 * @method addClass
+	 * @static
+	 * @param {Object} obj DOM element like object to add handler to.
+	 * @param {String} name Class name
+	 */
+	addClass : o.addClass,
+
+	/**
+	 * Removes specified className from specified DOM element.
+	 *
+	 * @method removeClass
+	 * @static
+	 * @param {Object} obj DOM element like object to add handler to.
+	 * @param {String} name Class name
+	 */
+	removeClass : o.removeClass,
+
+	/**
+	 * Returns a given computed style of a DOM element.
+	 *
+	 * @method getStyle
+	 * @static
+	 * @param {Object} obj DOM element like object.
+	 * @param {String} name Style you want to get from the DOM element
+	 */
+	getStyle : o.getStyle,
+
+	/**
+	 * Adds an event handler to the specified object and store reference to the handler
+	 * in objects internal Plupload registry (@see removeEvent).
+	 *
+	 * @method addEvent
+	 * @static
+	 * @param {Object} obj DOM element like object to add handler to.
+	 * @param {String} name Name to add event listener to.
+	 * @param {Function} callback Function to call when event occurs.
+	 * @param {String} (optional) key that might be used to add specifity to the event record.
+	 */
+	addEvent : o.addEvent,
+
+	/**
+	 * Remove event handler from the specified object. If third argument (callback)
+	 * is not specified remove all events with the specified name.
+	 *
+	 * @method removeEvent
+	 * @static
+	 * @param {Object} obj DOM element to remove event listener(s) from.
+	 * @param {String} name Name of event listener to remove.
+	 * @param {Function|String} (optional) might be a callback or unique key to match.
+	 */
+	removeEvent: o.removeEvent,
+
+	/**
+	 * Remove all kind of events from the specified object
+	 *
+	 * @method removeAllEvents
+	 * @static
+	 * @param {Object} obj DOM element to remove event listeners from.
+	 * @param {String} (optional) unique key to match, when removing events.
+	 */
+	removeAllEvents: o.removeAllEvents,
+
+	/**
+	 * Cleans the specified name from national characters (diacritics). The result will be a name with only a-z, 0-9 and _.
+	 *
+	 * @method cleanName
+	 * @static
+	 * @param {String} s String to clean up.
+	 * @return {String} Cleaned string.
+	 */
+	cleanName : function(name) {
+		var i, lookup;
+
+		// Replace diacritics
+		lookup = [
+			/[\300-\306]/g, 'A', /[\340-\346]/g, 'a',
+			/\307/g, 'C', /\347/g, 'c',
+			/[\310-\313]/g, 'E', /[\350-\353]/g, 'e',
+			/[\314-\317]/g, 'I', /[\354-\357]/g, 'i',
+			/\321/g, 'N', /\361/g, 'n',
+			/[\322-\330]/g, 'O', /[\362-\370]/g, 'o',
+			/[\331-\334]/g, 'U', /[\371-\374]/g, 'u'
+		];
+
+		for (i = 0; i < lookup.length; i += 2) {
+			name = name.replace(lookup[i], lookup[i + 1]);
+		}
+
+		// Replace whitespace
+		name = name.replace(/\s+/g, '_');
+
+		// Remove anything else
+		name = name.replace(/[^a-z0-9_\-\.]+/gi, '');
+
+		return name;
+	},
+
+	/**
+	 * Builds a full url out of a base URL and an object with items to append as query string items.
+	 *
+	 * @method buildUrl
+	 * @static
+	 * @param {String} url Base URL to append query string items to.
+	 * @param {Object} items Name/value object to serialize as a querystring.
+	 * @return {String} String with url + serialized query string items.
+	 */
+	buildUrl : function(url, items) {
+		var query = '';
+
+		plupload.each(items, function(value, name) {
+			query += (query ? '&' : '') + encodeURIComponent(name) + '=' + encodeURIComponent(value);
+		});
+
+		if (query) {
+			url += (url.indexOf('?') > 0 ? '&' : '?') + query;
+		}
+
+		return url;
+	},
+
+	/**
+	 * Formats the specified number as a size string for example 1024 becomes 1 KB.
+	 *
+	 * @method formatSize
+	 * @static
+	 * @param {Number} size Size to format as string.
+	 * @return {String} Formatted size string.
+	 */
+	formatSize : function(size) {
+
+		if (size === undef || /\D/.test(size)) {
+			return plupload.translate('N/A');
+		}
+
+		function round(num, precision) {
+			return Math.round(num * Math.pow(10, precision)) / Math.pow(10, precision);
+		}
+
+		var boundary = Math.pow(1024, 4);
+
+		// TB
+		if (size > boundary) {
+			return round(size / boundary, 1) + " " + plupload.translate('tb');
+		}
+
+		// GB
+		if (size > (boundary/=1024)) {
+			return round(size / boundary, 1) + " " + plupload.translate('gb');
+		}
+
+		// MB
+		if (size > (boundary/=1024)) {
+			return round(size / boundary, 1) + " " + plupload.translate('mb');
+		}
+
+		// KB
+		if (size > 1024) {
+			return Math.round(size / 1024) + " " + plupload.translate('kb');
+		}
+
+		return size + " " + plupload.translate('b');
+	},
+
+
+	/**
+	 * Parses the specified size string into a byte value. For example 10kb becomes 10240.
+	 *
+	 * @method parseSize
+	 * @static
+	 * @param {String|Number} size String to parse or number to just pass through.
+	 * @return {Number} Size in bytes.
+	 */
+	parseSize : o.parseSizeStr,
+
+
+	/**
+	 * A way to predict what runtime will be choosen in the current environment with the
+	 * specified settings.
+	 *
+	 * @method predictRuntime
+	 * @static
+	 * @param {Object|String} config Plupload settings to check
+	 * @param {String} [runtimes] Comma-separated list of runtimes to check against
+	 * @return {String} Type of compatible runtime
+	 */
+	predictRuntime : function(config, runtimes) {
+		var up, runtime;
+
+		up = new plupload.Uploader(config);
+		runtime = o.Runtime.thatCan(up.getOption().required_features, runtimes || config.runtimes);
+		up.destroy();
+		return runtime;
+	},
+
+	/**
+	 * Registers a filter that will be executed for each file added to the queue.
+	 * If callback returns false, file will not be added.
+	 *
+	 * Callback receives two arguments: a value for the filter as it was specified in settings.filters
+	 * and a file to be filtered. Callback is executed in the context of uploader instance.
+	 *
+	 * @method addFileFilter
+	 * @static
+	 * @param {String} name Name of the filter by which it can be referenced in settings.filters
+	 * @param {String} cb Callback - the actual routine that every added file must pass
+	 */
+	addFileFilter: function(name, cb) {
+		fileFilters[name] = cb;
+	}
+};
+
+
+plupload.addFileFilter('mime_types', function(filters, file, cb) {
+	if (filters.length && !filters.regexp.test(file.name)) {
+		this.trigger('Error', {
+			code : plupload.FILE_EXTENSION_ERROR,
+			message : plupload.translate('File extension error.'),
+			file : file
+		});
+		cb(false);
+	} else {
+		cb(true);
+	}
+});
+
+
+plupload.addFileFilter('max_file_size', function(maxSize, file, cb) {
+	var undef;
+
+	maxSize = plupload.parseSize(maxSize);
+
+	// Invalid file size
+	if (file.size !== undef && maxSize && file.size > maxSize) {
+		this.trigger('Error', {
+			code : plupload.FILE_SIZE_ERROR,
+			message : plupload.translate('File size error.'),
+			file : file
+		});
+		cb(false);
+	} else {
+		cb(true);
+	}
+});
+
+
+plupload.addFileFilter('prevent_duplicates', function(value, file, cb) {
+	if (value) {
+		var ii = this.files.length;
+		while (ii--) {
+			// Compare by name and size (size might be 0 or undefined, but still equivalent for both)
+			if (file.name === this.files[ii].name && file.size === this.files[ii].size) {
+				this.trigger('Error', {
+					code : plupload.FILE_DUPLICATE_ERROR,
+					message : plupload.translate('Duplicate file error.'),
+					file : file
+				});
+				cb(false);
+				return;
+			}
+		}
+	}
+	cb(true);
+});
+
+
+/**
+@class Uploader
+@constructor
+
+@param {Object} settings For detailed information about each option check documentation.
+	@param {String|DOMElement} settings.browse_button id of the DOM element or DOM element itself to use as file dialog trigger.
+	@param {String} settings.url URL of the server-side upload handler.
+	@param {Number|String} [settings.chunk_size=0] Chunk size in bytes to slice the file into. Shorcuts with b, kb, mb, gb, tb suffixes also supported. `e.g. 204800 or "204800b" or "200kb"`. By default - disabled.
+	@param {String} [settings.container] id of the DOM element to use as a container for uploader structures. Defaults to document.body.
+	@param {String|DOMElement} [settings.drop_element] id of the DOM element or DOM element itself to use as a drop zone for Drag-n-Drop.
+	@param {String} [settings.file_data_name="file"] Name for the file field in Multipart formated message.
+	@param {Object} [settings.filters={}] Set of file type filters.
+		@param {Array} [settings.filters.mime_types=[]] List of file types to accept, each one defined by title and list of extensions. `e.g. {title : "Image files", extensions : "jpg,jpeg,gif,png"}`. Dispatches `plupload.FILE_EXTENSION_ERROR`
+		@param {String|Number} [settings.filters.max_file_size=0] Maximum file size that the user can pick, in bytes. Optionally supports b, kb, mb, gb, tb suffixes. `e.g. "10mb" or "1gb"`. By default - not set. Dispatches `plupload.FILE_SIZE_ERROR`.
+		@param {Boolean} [settings.filters.prevent_duplicates=false] Do not let duplicates into the queue. Dispatches `plupload.FILE_DUPLICATE_ERROR`.
+	@param {String} [settings.flash_swf_url] URL of the Flash swf.
+	@param {Object} [settings.headers] Custom headers to send with the upload. Hash of name/value pairs.
+	@param {Number} [settings.max_retries=0] How many times to retry the chunk or file, before triggering Error event.
+	@param {Boolean} [settings.multipart=true] Whether to send file and additional parameters as Multipart formated message.
+	@param {Object} [settings.multipart_params] Hash of key/value pairs to send with every file upload.
+	@param {Boolean} [settings.multi_selection=true] Enable ability to select multiple files at once in file dialog.
+	@param {String|Object} [settings.required_features] Either comma-separated list or hash of required features that chosen runtime should absolutely possess.
+	@param {Object} [settings.resize] Enable resizng of images on client-side. Applies to `image/jpeg` and `image/png` only. `e.g. {width : 200, height : 200, quality : 90, crop: true}`
+		@param {Number} [settings.resize.width] If image is bigger, it will be resized.
+		@param {Number} [settings.resize.height] If image is bigger, it will be resized.
+		@param {Number} [settings.resize.quality=90] Compression quality for jpegs (1-100).
+		@param {Boolean} [settings.resize.crop=false] Whether to crop images to exact dimensions. By default they will be resized proportionally.
+	@param {String} [settings.runtimes="html5,flash,silverlight,html4"] Comma separated list of runtimes, that Plupload will try in turn, moving to the next if previous fails.
+	@param {String} [settings.silverlight_xap_url] URL of the Silverlight xap.
+	@param {Boolean} [settings.unique_names=false] If true will generate unique filenames for uploaded files.
+*/
+plupload.Uploader = function(options) {
+	/**
+	 * Fires when the current RunTime has been initialized.
+	 *
+	 * @event Init
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+
+	/**
+	 * Fires after the init event incase you need to perform actions there.
+	 *
+	 * @event PostInit
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+
+	/**
+	 * Fires when the option is changed in via uploader.setOption().
+	 *
+	 * @event OptionChanged
+	 * @since 2.1
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {String} name Name of the option that was changed
+	 * @param {Mixed} value New value for the specified option
+	 * @param {Mixed} oldValue Previous value of the option
+	 */
+
+	/**
+	 * Fires when the silverlight/flash or other shim needs to move.
+	 *
+	 * @event Refresh
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+
+	/**
+	 * Fires when the overall state is being changed for the upload queue.
+	 *
+	 * @event StateChanged
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+
+	/**
+	 * Fires when a file is to be uploaded by the runtime.
+	 *
+	 * @event UploadFile
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file File to be uploaded.
+	 */
+
+	/**
+	 * Fires when just before a file is uploaded. This event enables you to override settings
+	 * on the uploader instance before the file is uploaded.
+	 *
+	 * @event BeforeUpload
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file File to be uploaded.
+	 */
+
+	/**
+	 * Fires when the file queue is changed. In other words when files are added/removed to the files array of the uploader instance.
+	 *
+	 * @event QueueChanged
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+
+	/**
+	 * Fires while a file is being uploaded. Use this event to update the current file upload progress.
+	 *
+	 * @event UploadProgress
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file File that is currently being uploaded.
+	 */
+
+	/**
+	 * Fires when file is removed from the queue.
+	 *
+	 * @event FilesRemoved
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {Array} files Array of files that got removed.
+	 */
+
+	/**
+	 * Fires for every filtered file before it is added to the queue.
+	 * 
+	 * @event FileFiltered
+	 * @since 2.1
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file Another file that has to be added to the queue.
+	 */
+
+	/**
+	 * Fires after files were filtered and added to the queue.
+	 *
+	 * @event FilesAdded
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {Array} files Array of file objects that were added to queue by the user.
+	 */
+
+	/**
+	 * Fires when a file is successfully uploaded.
+	 *
+	 * @event FileUploaded
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file File that was uploaded.
+	 * @param {Object} response Object with response properties.
+	 */
+
+	/**
+	 * Fires when file chunk is uploaded.
+	 *
+	 * @event ChunkUploaded
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {plupload.File} file File that the chunk was uploaded for.
+	 * @param {Object} response Object with response properties.
+	 */
+
+	/**
+	 * Fires when all files in a queue are uploaded.
+	 *
+	 * @event UploadComplete
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {Array} files Array of file objects that was added to queue/selected by the user.
+	 */
+
+	/**
+	 * Fires when a error occurs.
+	 *
+	 * @event Error
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 * @param {Object} error Contains code, message and sometimes file and other details.
+	 */
+
+	/**
+	 * Fires when destroy method is called.
+	 *
+	 * @event Destroy
+	 * @param {plupload.Uploader} uploader Uploader instance sending the event.
+	 */
+	var uid = plupload.guid()
+	, settings
+	, files = []
+	, preferred_caps = {}
+	, fileInputs = []
+	, fileDrops = []
+	, startTime
+	, total
+	, disabled = false
+	, xhr
+	;
+
+
+	// Private methods
+	function uploadNext() {
+		var file, count = 0, i;
+
+		if (this.state == plupload.STARTED) {
+			// Find first QUEUED file
+			for (i = 0; i < files.length; i++) {
+				if (!file && files[i].status == plupload.QUEUED) {
+					file = files[i];
+					if (this.trigger("BeforeUpload", file)) {
+						file.status = plupload.UPLOADING;
+						this.trigger("UploadFile", file);
+					}
+				} else {
+					count++;
+				}
+			}
+
+			// All files are DONE or FAILED
+			if (count == files.length) {
+				if (this.state !== plupload.STOPPED) {
+					this.state = plupload.STOPPED;
+					this.trigger("StateChanged");
+				}
+				this.trigger("UploadComplete", files);
+			}
+		}
+	}
+
+
+	function calcFile(file) {
+		file.percent = file.size > 0 ? Math.ceil(file.loaded / file.size * 100) : 100;
+		calc();
+	}
+
+
+	function calc() {
+		var i, file;
+
+		// Reset stats
+		total.reset();
+
+		// Check status, size, loaded etc on all files
+		for (i = 0; i < files.length; i++) {
+			file = files[i];
+
+			if (file.size !== undef) {
+				// We calculate totals based on original file size
+				total.size += file.origSize;
+
+				// Since we cannot predict file size after resize, we do opposite and
+				// interpolate loaded amount to match magnitude of total
+				total.loaded += file.loaded * file.origSize / file.size;
+			} else {
+				total.size = undef;
+			}
+
+			if (file.status == plupload.DONE) {
+				total.uploaded++;
+			} else if (file.status == plupload.FAILED) {
+				total.failed++;
+			} else {
+				total.queued++;
+			}
+		}
+
+		// If we couldn't calculate a total file size then use the number of files to calc percent
+		if (total.size === undef) {
+			total.percent = files.length > 0 ? Math.ceil(total.uploaded / files.length * 100) : 0;
+		} else {
+			total.bytesPerSec = Math.ceil(total.loaded / ((+new Date() - startTime || 1) / 1000.0));
+			total.percent = total.size > 0 ? Math.ceil(total.loaded / total.size * 100) : 0;
+		}
+	}
+
+
+	function getRUID() {
+		var ctrl = fileInputs[0] || fileDrops[0];
+		if (ctrl) {
+			return ctrl.getRuntime().uid;
+		}
+		return false;
+	}
+
+
+	function runtimeCan(file, cap) {
+		if (file.ruid) {
+			var info = o.Runtime.getInfo(file.ruid);
+			if (info) {
+				return info.can(cap);
+			}
+		}
+		return false;
+	}
+
+
+	function bindEventListeners() {
+		this.bind('FilesAdded', onFilesAdded);
+
+		this.bind('CancelUpload', onCancelUpload);
+		
+		this.bind('BeforeUpload', onBeforeUpload);
+
+		this.bind('UploadFile', onUploadFile);
+
+		this.bind('UploadProgress', onUploadProgress);
+
+		this.bind('StateChanged', onStateChanged);
+
+		this.bind('QueueChanged', calc);
+
+		this.bind('Error', onError);
+
+		this.bind('FileUploaded', onFileUploaded);
+
+		this.bind('Destroy', onDestroy);
+	}
+
+
+	function initControls(settings, cb) {
+		var self = this, inited = 0, queue = [];
+
+		// common settings
+		var options = {
+			accept: settings.filters.mime_types,
+			runtime_order: settings.runtimes,
+			required_caps: settings.required_features,
+			preferred_caps: preferred_caps,
+			swf_url: settings.flash_swf_url,
+			xap_url: settings.silverlight_xap_url
+		};
+
+		// add runtime specific options if any
+		plupload.each(settings.runtimes.split(/\s*,\s*/), function(runtime) {
+			if (settings[runtime]) {
+				options[runtime] = settings[runtime];
+			}
+		});
+
+		// initialize file pickers - there can be many
+		if (settings.browse_button) {
+			plupload.each(settings.browse_button, function(el) {
+				queue.push(function(cb) {
+					var fileInput = new o.FileInput(plupload.extend({}, options, {
+						name: settings.file_data_name,
+						multiple: settings.multi_selection,
+						container: settings.container,
+						browse_button: el
+					}));
+
+					fileInput.onready = function() {
+						var info = o.Runtime.getInfo(this.ruid);
+
+						// for backward compatibility
+						o.extend(self.features, {
+							chunks: info.can('slice_blob'),
+							multipart: info.can('send_multipart'),
+							multi_selection: info.can('select_multiple')
+						});
+
+						inited++;
+						fileInputs.push(this);
+						cb();
+					};
+
+					fileInput.onchange = function() {
+						self.addFile(this.files);
+					};
+
+					fileInput.bind('mouseenter mouseleave mousedown mouseup', function(e) {
+						if (!disabled) {
+							if (settings.browse_button_hover) {
+								if ('mouseenter' === e.type) {
+									o.addClass(el, settings.browse_button_hover);
+								} else if ('mouseleave' === e.type) {
+									o.removeClass(el, settings.browse_button_hover);
+								}
+							}
+
+							if (settings.browse_button_active) {
+								if ('mousedown' === e.type) {
+									o.addClass(el, settings.browse_button_active);
+								} else if ('mouseup' === e.type) {
+									o.removeClass(el, settings.browse_button_active);
+								}
+							}
+						}
+					});
+
+					fileInput.bind('error runtimeerror', function() {
+						fileInput = null;
+						cb();
+					});
+
+					fileInput.init();
+				});
+			});
+		}
+
+		// initialize drop zones
+		if (settings.drop_element) {
+			plupload.each(settings.drop_element, function(el) {
+				queue.push(function(cb) {
+					var fileDrop = new o.FileDrop(plupload.extend({}, options, {
+						drop_zone: el
+					}));
+
+					fileDrop.onready = function() {
+						var info = o.Runtime.getInfo(this.ruid);
+
+						self.features.dragdrop = info.can('drag_and_drop'); // for backward compatibility
+
+						inited++;
+						fileDrops.push(this);
+						cb();
+					};
+
+					fileDrop.ondrop = function() {
+						self.addFile(this.files);
+					};
+
+					fileDrop.bind('error runtimeerror', function() {
+						fileDrop = null;
+						cb();
+					});
+
+					fileDrop.init();
+				});
+			});
+		}
+
+
+		o.inSeries(queue, function() {
+			if (typeof(cb) === 'function') {
+				cb(inited);
+			}
+		});
+	}
+
+
+	function resizeImage(blob, params, cb) {
+		var img = new o.Image();
+
+		try {
+			img.onload = function() {
+				img.downsize(params.width, params.height, params.crop, params.preserve_headers);
+			};
+
+			img.onresize = function() {
+				cb(this.getAsBlob(blob.type, params.quality));
+				this.destroy();
+			};
+
+			img.onerror = function() {
+				cb(blob);
+			};
+
+			img.load(blob);
+		} catch(ex) {
+			cb(blob);
+		}
+	}
+
+
+	function setOption(option, value, init) {
+		var self = this, reinitRequired = false;
+
+		function _setOption(option, value, init) {
+			var oldValue = settings[option];
+
+			switch (option) {
+				case 'max_file_size':
+					if (option === 'max_file_size') {
+						settings.max_file_size = settings.filters.max_file_size = value;
+					}
+					break;
+
+				case 'chunk_size':
+					if (value = plupload.parseSize(value)) {
+						settings[option] = value;
+					}
+					break;
+
+				case 'filters':
+					// for sake of backward compatibility
+					if (plupload.typeOf(value) === 'array') {
+						value = {
+							mime_types: value
+						};
+					}
+
+					if (init) {
+						plupload.extend(settings.filters, value);
+					} else {
+						settings.filters = value;
+					}
+
+					// if file format filters are being updated, regenerate the matching expressions
+					if (value.mime_types) {
+						settings.filters.mime_types.regexp = (function(filters) {
+							var extensionsRegExp = [];
+
+							plupload.each(filters, function(filter) {
+								plupload.each(filter.extensions.split(/,/), function(ext) {
+									if (/^\s*\*\s*$/.test(ext)) {
+										extensionsRegExp.push('\\.*');
+									} else {
+										extensionsRegExp.push('\\.' + ext.replace(new RegExp('[' + ('/^$.*+?|()[]{}\\'.replace(/./g, '\\$&')) + ']', 'g'), '\\$&'));
+									}
+								});
+							});
+
+							return new RegExp('(' + extensionsRegExp.join('|') + ')$', 'i');
+						}(settings.filters.mime_types));
+					}
+					break;
+	
+				case 'resize':
+					if (init) {
+						plupload.extend(settings.resize, value, {
+							enabled: true
+						});
+					} else {
+						settings.resize = value;
+					}
+					break;
+
+				case 'prevent_duplicates':
+					settings.prevent_duplicates = settings.filters.prevent_duplicates = !!value;
+					break;
+
+				case 'browse_button':
+				case 'drop_element':
+						value = plupload.get(value);
+
+				case 'container':
+				case 'runtimes':
+				case 'multi_selection':
+				case 'flash_swf_url':
+				case 'silverlight_xap_url':
+					settings[option] = value;
+					if (!init) {
+						reinitRequired = true;
+					}
+					break;
+
+				default:
+					settings[option] = value;
+			}
+
+			if (!init) {
+				self.trigger('OptionChanged', option, value, oldValue);
+			}
+		}
+
+		if (typeof(option) === 'object') {
+			plupload.each(option, function(value, option) {
+				_setOption(option, value, init);
+			});
+		} else {
+			_setOption(option, value, init);
+		}
+
+		if (init) {
+			// Normalize the list of required capabilities
+			settings.required_features = normalizeCaps(plupload.extend({}, settings));
+
+			// Come up with the list of capabilities that can affect default mode in a multi-mode runtimes
+			preferred_caps = normalizeCaps(plupload.extend({}, settings, {
+				required_features: true
+			}));
+		} else if (reinitRequired) {
+			self.trigger('Destroy');
+			
+			initControls.call(self, settings, function(inited) {
+				if (inited) {
+					self.runtime = o.Runtime.getInfo(getRUID()).type;
+					self.trigger('Init', { runtime: self.runtime });
+					self.trigger('PostInit');
+				} else {
+					self.trigger('Error', {
+						code : plupload.INIT_ERROR,
+						message : plupload.translate('Init error.')
+					});
+				}
+			});
+		}
+	}
+
+
+	// Internal event handlers
+	function onFilesAdded(up, filteredFiles) {
+		// Add files to queue				
+		[].push.apply(files, filteredFiles);
+
+		up.trigger('QueueChanged');
+		up.refresh();
+	}
+
+
+	function onBeforeUpload(up, file) {
+		// Generate unique target filenames
+		if (settings.unique_names) {
+			var matches = file.name.match(/\.([^.]+)$/), ext = "part";
+			if (matches) {
+				ext = matches[1];
+			}
+			file.target_name = file.id + '.' + ext;
+		}
+	}
+
+
+	function onUploadFile(up, file) {
+		var url = up.settings.url
+		, chunkSize = up.settings.chunk_size
+		, retries = up.settings.max_retries
+		, features = up.features
+		, offset = 0
+		, blob
+		;
+
+		// make sure we start at a predictable offset
+		if (file.loaded) {
+			offset = file.loaded = chunkSize * Math.floor(file.loaded / chunkSize);
+		}
+
+		function handleError() {
+			if (retries-- > 0) {
+				delay(uploadNextChunk, 1000);
+			} else {
+				file.loaded = offset; // reset all progress
+
+				up.trigger('Error', {
+					code : plupload.HTTP_ERROR,
+					message : plupload.translate('HTTP Error.'),
+					file : file,
+					response : xhr.responseText,
+					status : xhr.status,
+					responseHeaders: xhr.getAllResponseHeaders()
+				});
+			}
+		}
+
+		function uploadNextChunk() {
+			var chunkBlob, formData, args, curChunkSize;
+
+			// File upload finished
+			if (file.status == plupload.DONE || file.status == plupload.FAILED || up.state == plupload.STOPPED) {
+				return;
+			}
+
+			// Standard arguments
+			args = {name : file.target_name || file.name};
+
+			if (chunkSize && features.chunks && blob.size > chunkSize) { // blob will be of type string if it was loaded in memory 
+				curChunkSize = Math.min(chunkSize, blob.size - offset);
+				chunkBlob = blob.slice(offset, offset + curChunkSize);
+			} else {
+				curChunkSize = blob.size;
+				chunkBlob = blob;
+			}
+
+			// If chunking is enabled add corresponding args, no matter if file is bigger than chunk or smaller
+			if (chunkSize && features.chunks) {
+				// Setup query string arguments
+				if (up.settings.send_chunk_number) {
+					args.chunk = Math.ceil(offset / chunkSize);
+					args.chunks = Math.ceil(blob.size / chunkSize);
+				} else { // keep support for experimental chunk format, just in case
+					args.offset = offset;
+					args.total = blob.size;
+				}
+			}
+
+			xhr = new o.XMLHttpRequest();
+
+			// Do we have upload progress support
+			if (xhr.upload) {
+				xhr.upload.onprogress = function(e) {
+					file.loaded = Math.min(file.size, offset + e.loaded);
+					up.trigger('UploadProgress', file);
+				};
+			}
+
+			xhr.onload = function() {
+				// check if upload made itself through
+				if (xhr.status >= 400) {
+					handleError();
+					return;
+				}
+
+				retries = up.settings.max_retries; // reset the counter
+
+				// Handle chunk response
+				if (curChunkSize < blob.size) {
+					chunkBlob.destroy();
+
+					offset += curChunkSize;
+					file.loaded = Math.min(offset, blob.size);
+
+					up.trigger('ChunkUploaded', file, {
+						offset : file.loaded,
+						total : blob.size,
+						response : xhr.responseText,
+						status : xhr.status,
+						responseHeaders: xhr.getAllResponseHeaders()
+					});
+
+					// stock Android browser doesn't fire upload progress events, but in chunking mode we can fake them
+					if (o.Env.browser === 'Android Browser') {
+						// doesn't harm in general, but is not required anywhere else
+						up.trigger('UploadProgress', file);
+					} 
+				} else {
+					file.loaded = file.size;
+				}
+
+				chunkBlob = formData = null; // Free memory
+
+				// Check if file is uploaded
+				if (!offset || offset >= blob.size) {
+					// If file was modified, destory the copy
+					if (file.size != file.origSize) {
+						blob.destroy();
+						blob = null;
+					}
+
+					up.trigger('UploadProgress', file);
+
+					file.status = plupload.DONE;
+
+					up.trigger('FileUploaded', file, {
+						response : xhr.responseText,
+						status : xhr.status,
+						responseHeaders: xhr.getAllResponseHeaders()
+					});
+				} else {
+					// Still chunks left
+					delay(uploadNextChunk, 1); // run detached, otherwise event handlers interfere
+				}
+			};
+
+			xhr.onerror = function() {
+				handleError();
+			};
+
+			xhr.onloadend = function() {
+				this.destroy();
+				xhr = null;
+			};
+
+			// Build multipart request
+			if (up.settings.multipart && features.multipart) {
+
+				args.name = file.target_name || file.name;
+
+				xhr.open("post", url, true);
+
+				// Set custom headers
+				plupload.each(up.settings.headers, function(value, name) {
+					xhr.setRequestHeader(name, value);
+				});
+
+				formData = new o.FormData();
+
+				// Add multipart params
+				plupload.each(plupload.extend(args, up.settings.multipart_params), function(value, name) {
+					formData.append(name, value);
+				});
+
+				// Add file and send it
+				formData.append(up.settings.file_data_name, chunkBlob);
+				xhr.send(formData, {
+					runtime_order: up.settings.runtimes,
+					required_caps: up.settings.required_features,
+					preferred_caps: preferred_caps,
+					swf_url: up.settings.flash_swf_url,
+					xap_url: up.settings.silverlight_xap_url
+				});
+			} else {
+				// if no multipart, send as binary stream
+				url = plupload.buildUrl(up.settings.url, plupload.extend(args, up.settings.multipart_params));
+
+				xhr.open("post", url, true);
+
+				xhr.setRequestHeader('Content-Type', 'application/octet-stream'); // Binary stream header
+
+				// Set custom headers
+				plupload.each(up.settings.headers, function(value, name) {
+					xhr.setRequestHeader(name, value);
+				});
+
+				xhr.send(chunkBlob, {
+					runtime_order: up.settings.runtimes,
+					required_caps: up.settings.required_features,
+					preferred_caps: preferred_caps,
+					swf_url: up.settings.flash_swf_url,
+					xap_url: up.settings.silverlight_xap_url
+				});
+			}
+		}
+
+		blob = file.getSource();
+
+		// Start uploading chunks
+		if (up.settings.resize.enabled && runtimeCan(blob, 'send_binary_string') && !!~o.inArray(blob.type, ['image/jpeg', 'image/png'])) {
+			// Resize if required
+			resizeImage.call(this, blob, up.settings.resize, function(resizedBlob) {
+				blob = resizedBlob;
+				file.size = resizedBlob.size;
+				uploadNextChunk();
+			});
+		} else {
+			uploadNextChunk();
+		}
+	}
+
+
+	function onUploadProgress(up, file) {
+		calcFile(file);
+	}
+
+
+	function onStateChanged(up) {
+		if (up.state == plupload.STARTED) {
+			// Get start time to calculate bps
+			startTime = (+new Date());
+		} else if (up.state == plupload.STOPPED) {
+			// Reset currently uploading files
+			for (var i = up.files.length - 1; i >= 0; i--) {
+				if (up.files[i].status == plupload.UPLOADING) {
+					up.files[i].status = plupload.QUEUED;
+					calc();
+				}
+			}
+		}
+	}
+
+
+	function onCancelUpload() {
+		if (xhr) {
+			xhr.abort();
+		}
+	}
+
+
+	function onFileUploaded(up) {
+		calc();
+
+		// Upload next file but detach it from the error event
+		// since other custom listeners might want to stop the queue
+		delay(function() {
+			uploadNext.call(up);
+		}, 1);
+	}
+
+
+	function onError(up, err) {
+		// Set failed status if an error occured on a file
+		if (err.file) {
+			err.file.status = plupload.FAILED;
+			calcFile(err.file);
+
+			// Upload next file but detach it from the error event
+			// since other custom listeners might want to stop the queue
+			if (up.state == plupload.STARTED) { // upload in progress
+				up.trigger('CancelUpload');
+				delay(function() {
+					uploadNext.call(up);
+				}, 1);
+			}
+		}
+	}
+
+
+	function onDestroy(up) {
+		up.stop();
+
+		// Purge the queue
+		plupload.each(files, function(file) {
+			file.destroy();
+		});
+		files = [];
+
+		if (fileInputs.length) {
+			plupload.each(fileInputs, function(fileInput) {
+				fileInput.destroy();
+			});
+			fileInputs = [];
+		}
+
+		if (fileDrops.length) {
+			plupload.each(fileDrops, function(fileDrop) {
+				fileDrop.destroy();
+			});
+			fileDrops = [];
+		}
+
+		preferred_caps = {};
+		disabled = false;
+		startTime = xhr = null;
+		total.reset();
+	}
+
+
+	// Default settings
+	settings = {
+		runtimes: o.Runtime.order,
+		max_retries: 0,
+		chunk_size: 0,
+		multipart: true,
+		multi_selection: true,
+		file_data_name: 'file',
+		flash_swf_url: 'js/Moxie.swf',
+		silverlight_xap_url: 'js/Moxie.xap',
+		filters: {
+			mime_types: [],
+			prevent_duplicates: false,
+			max_file_size: 0
+		},
+		resize: {
+			enabled: false,
+			preserve_headers: true,
+			crop: false
+		},
+		send_chunk_number: true // whether to send chunks and chunk numbers, or total and offset bytes
+	};
+
+	
+	setOption.call(this, options, null, true);
+
+	// Inital total state
+	total = new plupload.QueueProgress(); 
+
+	// Add public methods
+	plupload.extend(this, {
+
+		/**
+		 * Unique id for the Uploader instance.
+		 *
+		 * @property id
+		 * @type String
+		 */
+		id : uid,
+		uid : uid, // mOxie uses this to differentiate between event targets
+
+		/**
+		 * Current state of the total uploading progress. This one can either be plupload.STARTED or plupload.STOPPED.
+		 * These states are controlled by the stop/start methods. The default value is STOPPED.
+		 *
+		 * @property state
+		 * @type Number
+		 */
+		state : plupload.STOPPED,
+
+		/**
+		 * Map of features that are available for the uploader runtime. Features will be filled
+		 * before the init event is called, these features can then be used to alter the UI for the end user.
+		 * Some of the current features that might be in this map is: dragdrop, chunks, jpgresize, pngresize.
+		 *
+		 * @property features
+		 * @type Object
+		 */
+		features : {},
+
+		/**
+		 * Current runtime name.
+		 *
+		 * @property runtime
+		 * @type String
+		 */
+		runtime : null,
+
+		/**
+		 * Current upload queue, an array of File instances.
+		 *
+		 * @property files
+		 * @type Array
+		 * @see plupload.File
+		 */
+		files : files,
+
+		/**
+		 * Object with name/value settings.
+		 *
+		 * @property settings
+		 * @type Object
+		 */
+		settings : settings,
+
+		/**
+		 * Total progess information. How many files has been uploaded, total percent etc.
+		 *
+		 * @property total
+		 * @type plupload.QueueProgress
+		 */
+		total : total,
+
+
+		/**
+		 * Initializes the Uploader instance and adds internal event listeners.
+		 *
+		 * @method init
+		 */
+		init : function() {
+			var self = this;
+
+			if (typeof(settings.preinit) == "function") {
+				settings.preinit(self);
+			} else {
+				plupload.each(settings.preinit, function(func, name) {
+					self.bind(name, func);
+				});
+			}
+
+			// Check for required options
+			if (!settings.browse_button || !settings.url) {
+				this.trigger('Error', {
+					code : plupload.INIT_ERROR,
+					message : plupload.translate('Init error.')
+				});
+				return;
+			}
+
+			bindEventListeners.call(this);
+
+			initControls.call(this, settings, function(inited) {
+				if (typeof(settings.init) == "function") {
+					settings.init(self);
+				} else {
+					plupload.each(settings.init, function(func, name) {
+						self.bind(name, func);
+					});
+				}
+
+				if (inited) {
+					self.runtime = o.Runtime.getInfo(getRUID()).type;
+					self.trigger('Init', { runtime: self.runtime });
+					self.trigger('PostInit');
+				} else {
+					self.trigger('Error', {
+						code : plupload.INIT_ERROR,
+						message : plupload.translate('Init error.')
+					});
+				}
+			});
+		},
+
+		/**
+		 * Set the value for the specified option(s).
+		 *
+		 * @method setOption
+		 * @since 2.1
+		 * @param {String|Object} option Name of the option to change or the set of key/value pairs
+		 * @param {Mixed} [value] Value for the option (is ignored, if first argument is object)
+		 */
+		setOption: function(option, value) {
+			setOption.call(this, option, value, !this.runtime); // until runtime not set we do not need to reinitialize
+		},
+
+		/**
+		 * Get the value for the specified option or the whole configuration, if not specified.
+		 * 
+		 * @method getOption
+		 * @since 2.1
+		 * @param {String} [option] Name of the option to get
+		 * @return {Mixed} Value for the option or the whole set
+		 */
+		getOption: function(option) {
+			if (!option) {
+				return settings;
+			}
+			return settings[option];
+		},
+
+		/**
+		 * Refreshes the upload instance by dispatching out a refresh event to all runtimes.
+		 * This would for example reposition flash/silverlight shims on the page.
+		 *
+		 * @method refresh
+		 */
+		refresh : function() {
+			if (fileInputs.length) {
+				plupload.each(fileInputs, function(fileInput) {
+					fileInput.trigger('Refresh');
+				});
+			}
+			this.trigger('Refresh');
+		},
+
+		/**
+		 * Starts uploading the queued files.
+		 *
+		 * @method start
+		 */
+		start : function() {
+			if (this.state != plupload.STARTED) {
+				this.state = plupload.STARTED;
+				this.trigger('StateChanged');
+
+				uploadNext.call(this);
+			}
+		},
+
+		/**
+		 * Stops the upload of the queued files.
+		 *
+		 * @method stop
+		 */
+		stop : function() {
+			if (this.state != plupload.STOPPED) {
+				this.state = plupload.STOPPED;
+				this.trigger('StateChanged');
+				this.trigger('CancelUpload');
+			}
+		},
+
+
+		/**
+		 * Disables/enables browse button on request.
+		 *
+		 * @method disableBrowse
+		 * @param {Boolean} disable Whether to disable or enable (default: true)
+		 */
+		disableBrowse : function() {
+			disabled = arguments[0] !== undef ? arguments[0] : true;
+
+			if (fileInputs.length) {
+				plupload.each(fileInputs, function(fileInput) {
+					fileInput.disable(disabled);
+				});
+			}
+
+			this.trigger('DisableBrowse', disabled);
+		},
+
+		/**
+		 * Returns the specified file object by id.
+		 *
+		 * @method getFile
+		 * @param {String} id File id to look for.
+		 * @return {plupload.File} File object or undefined if it wasn't found;
+		 */
+		getFile : function(id) {
+			var i;
+			for (i = files.length - 1; i >= 0; i--) {
+				if (files[i].id === id) {
+					return files[i];
+				}
+			}
+		},
+
+		/**
+		 * Adds file to the queue programmatically. Can be native file, instance of Plupload.File,
+		 * instance of mOxie.File, input[type="file"] element, or array of these. Fires FilesAdded, 
+		 * if any files were added to the queue. Otherwise nothing happens.
+		 *
+		 * @method addFile
+		 * @since 2.0
+		 * @param {plupload.File|mOxie.File|File|Node|Array} file File or files to add to the queue.
+		 * @param {String} [fileName] If specified, will be used as a name for the file
+		 */
+		addFile : function(file, fileName) {
+			var self = this
+			, queue = [] 
+			, files = []
+			, ruid
+			;
+
+			function filterFile(file, cb) {
+				var queue = [];
+				o.each(self.settings.filters, function(rule, name) {
+					if (fileFilters[name]) {
+						queue.push(function(cb) {
+							fileFilters[name].call(self, rule, file, function(res) {
+								cb(!res);
+							});
+						});
+					}
+				});
+				o.inSeries(queue, cb);
+			}
+
+			/**
+			 * @method resolveFile
+			 * @private
+			 * @param {o.File|o.Blob|plupload.File|File|Blob|input[type="file"]} file
+			 */
+			function resolveFile(file) {
+				var type = o.typeOf(file);
+
+				// o.File
+				if (file instanceof o.File) { 
+					if (!file.ruid && !file.isDetached()) {
+						if (!ruid) { // weird case
+							return false;
+						}
+						file.ruid = ruid;
+						file.connectRuntime(ruid);
+					}
+					resolveFile(new plupload.File(file));
+				}
+				// o.Blob 
+				else if (file instanceof o.Blob) {
+					resolveFile(file.getSource());
+					file.destroy();
+				} 
+				// plupload.File - final step for other branches
+				else if (file instanceof plupload.File) {
+					if (fileName) {
+						file.name = fileName;
+					}
+					
+					queue.push(function(cb) {
+						// run through the internal and user-defined filters, if any
+						filterFile(file, function(err) {
+							if (!err) {
+								files.push(file);
+								self.trigger("FileFiltered", file);
+							}
+							delay(cb, 1); // do not build up recursions or eventually we might hit the limits
+						});
+					});
+				} 
+				// native File or blob
+				else if (o.inArray(type, ['file', 'blob']) !== -1) {
+					resolveFile(new o.File(null, file));
+				} 
+				// input[type="file"]
+				else if (type === 'node' && o.typeOf(file.files) === 'filelist') {
+					// if we are dealing with input[type="file"]
+					o.each(file.files, resolveFile);
+				} 
+				// mixed array of any supported types (see above)
+				else if (type === 'array') {
+					fileName = null; // should never happen, but unset anyway to avoid funny situations
+					o.each(file, resolveFile);
+				}
+			}
+
+			ruid = getRUID();
+			
+			resolveFile(file);
+
+			if (queue.length) {
+				o.inSeries(queue, function() {
+					// if any files left after filtration, trigger FilesAdded
+					if (files.length) {
+						self.trigger("FilesAdded", files);
+					}
+				});
+			}
+		},
+
+		/**
+		 * Removes a specific file.
+		 *
+		 * @method removeFile
+		 * @param {plupload.File|String} file File to remove from queue.
+		 */
+		removeFile : function(file) {
+			var id = typeof(file) === 'string' ? file : file.id;
+
+			for (var i = files.length - 1; i >= 0; i--) {
+				if (files[i].id === id) {
+					return this.splice(i, 1)[0];
+				}
+			}
+		},
+
+		/**
+		 * Removes part of the queue and returns the files removed. This will also trigger the FilesRemoved and QueueChanged events.
+		 *
+		 * @method splice
+		 * @param {Number} start (Optional) Start index to remove from.
+		 * @param {Number} length (Optional) Lengh of items to remove.
+		 * @return {Array} Array of files that was removed.
+		 */
+		splice : function(start, length) {
+			// Splice and trigger events
+			var removed = files.splice(start === undef ? 0 : start, length === undef ? files.length : length);
+
+			// if upload is in progress we need to stop it and restart after files are removed
+			var restartRequired = false;
+			if (this.state == plupload.STARTED) { // upload in progress
+				restartRequired = true;
+				this.stop();
+			}
+
+			this.trigger("FilesRemoved", removed);
+
+			// Dispose any resources allocated by those files
+			plupload.each(removed, function(file) {
+				file.destroy();
+			});
+
+			this.trigger("QueueChanged");
+			this.refresh();
+
+			if (restartRequired) {
+				this.start();
+			}
+
+			return removed;
+		},
+
+		/**
+		 * Dispatches the specified event name and it's arguments to all listeners.
+		 *
+		 *
+		 * @method trigger
+		 * @param {String} name Event name to fire.
+		 * @param {Object..} Multiple arguments to pass along to the listener functions.
+		 */
+
+		/**
+		 * Check whether uploader has any listeners to the specified event.
+		 *
+		 * @method hasEventListener
+		 * @param {String} name Event name to check for.
+		 */
+
+
+		/**
+		 * Adds an event listener by name.
+		 *
+		 * @method bind
+		 * @param {String} name Event name to listen for.
+		 * @param {function} func Function to call ones the event gets fired.
+		 * @param {Object} scope Optional scope to execute the specified function in.
+		 */
+		bind : function(name, func, scope) {
+			var self = this;
+			// adapt moxie EventTarget style to Plupload-like
+			plupload.Uploader.prototype.bind.call(this, name, function() {
+				var args = [].slice.call(arguments);
+				args.splice(0, 1, self); // replace event object with uploader instance
+				return func.apply(this, args);
+			}, 0, scope);
+		},
+
+		/**
+		 * Removes the specified event listener.
+		 *
+		 * @method unbind
+		 * @param {String} name Name of event to remove.
+		 * @param {function} func Function to remove from listener.
+		 */
+
+		/**
+		 * Removes all event listeners.
+		 *
+		 * @method unbindAll
+		 */
+
+
+		/**
+		 * Destroys Plupload instance and cleans after itself.
+		 *
+		 * @method destroy
+		 */
+		destroy : function() {
+			this.trigger('Destroy');
+			settings = total = null; // purge these exclusively
+			this.unbindAll();
+		}
+	});
+};
+
+plupload.Uploader.prototype = o.EventTarget.instance;
+
+/**
+ * Constructs a new file instance.
+ *
+ * @class File
+ * @constructor
+ * 
+ * @param {Object} file Object containing file properties
+ * @param {String} file.name Name of the file.
+ * @param {Number} file.size File size.
+ */
+plupload.File = (function() {
+	var filepool = {};
+
+	function PluploadFile(file) {
+
+		plupload.extend(this, {
+
+			/**
+			 * File id this is a globally unique id for the specific file.
+			 *
+			 * @property id
+			 * @type String
+			 */
+			id: plupload.guid(),
+
+			/**
+			 * File name for example "myfile.gif".
+			 *
+			 * @property name
+			 * @type String
+			 */
+			name: file.name || file.fileName,
+
+			/**
+			 * File type, `e.g image/jpeg`
+			 *
+			 * @property type
+			 * @type String
+			 */
+			type: file.type || '',
+
+			/**
+			 * File size in bytes (may change after client-side manupilation).
+			 *
+			 * @property size
+			 * @type Number
+			 */
+			size: file.size || file.fileSize,
+
+			/**
+			 * Original file size in bytes.
+			 *
+			 * @property origSize
+			 * @type Number
+			 */
+			origSize: file.size || file.fileSize,
+
+			/**
+			 * Number of bytes uploaded of the files total size.
+			 *
+			 * @property loaded
+			 * @type Number
+			 */
+			loaded: 0,
+
+			/**
+			 * Number of percentage uploaded of the file.
+			 *
+			 * @property percent
+			 * @type Number
+			 */
+			percent: 0,
+
+			/**
+			 * Status constant matching the plupload states QUEUED, UPLOADING, FAILED, DONE.
+			 *
+			 * @property status
+			 * @type Number
+			 * @see plupload
+			 */
+			status: plupload.QUEUED,
+
+			/**
+			 * Date of last modification.
+			 *
+			 * @property lastModifiedDate
+			 * @type {String}
+			 */
+			lastModifiedDate: file.lastModifiedDate || (new Date()).toLocaleString(), // Thu Aug 23 2012 19:40:00 GMT+0400 (GET)
+
+			/**
+			 * Returns native window.File object, when it's available.
+			 *
+			 * @method getNative
+			 * @return {window.File} or null, if plupload.File is of different origin
+			 */
+			getNative: function() {
+				var file = this.getSource().getSource();
+				return o.inArray(o.typeOf(file), ['blob', 'file']) !== -1 ? file : null;
+			},
+
+			/**
+			 * Returns mOxie.File - unified wrapper object that can be used across runtimes.
+			 *
+			 * @method getSource
+			 * @return {mOxie.File} or null
+			 */
+			getSource: function() {
+				if (!filepool[this.id]) {
+					return null;
+				}
+				return filepool[this.id];
+			},
+
+			/**
+			 * Destroys plupload.File object.
+			 *
+			 * @method destroy
+			 */
+			destroy: function() {
+				var src = this.getSource();
+				if (src) {
+					src.destroy();
+					delete filepool[this.id];
+				}
+			}
+		});
+
+		filepool[this.id] = file;
+	}
+
+	return PluploadFile;
+}());
+
+
+/**
+ * Constructs a queue progress.
+ *
+ * @class QueueProgress
+ * @constructor
+ */
+ plupload.QueueProgress = function() {
+	var self = this; // Setup alias for self to reduce code size when it's compressed
+
+	/**
+	 * Total queue file size.
+	 *
+	 * @property size
+	 * @type Number
+	 */
+	self.size = 0;
+
+	/**
+	 * Total bytes uploaded.
+	 *
+	 * @property loaded
+	 * @type Number
+	 */
+	self.loaded = 0;
+
+	/**
+	 * Number of files uploaded.
+	 *
+	 * @property uploaded
+	 * @type Number
+	 */
+	self.uploaded = 0;
+
+	/**
+	 * Number of files failed to upload.
+	 *
+	 * @property failed
+	 * @type Number
+	 */
+	self.failed = 0;
+
+	/**
+	 * Number of files yet to be uploaded.
+	 *
+	 * @property queued
+	 * @type Number
+	 */
+	self.queued = 0;
+
+	/**
+	 * Total percent of the uploaded bytes.
+	 *
+	 * @property percent
+	 * @type Number
+	 */
+	self.percent = 0;
+
+	/**
+	 * Bytes uploaded per second.
+	 *
+	 * @property bytesPerSec
+	 * @type Number
+	 */
+	self.bytesPerSec = 0;
+
+	/**
+	 * Resets the progress to it's initial values.
+	 *
+	 * @method reset
+	 */
+	self.reset = function() {
+		self.size = self.loaded = self.uploaded = self.failed = self.queued = self.percent = self.bytesPerSec = 0;
+	};
+};
+
+window.plupload = plupload;
+
+}(window, mOxie));
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/respond.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/respond.js
new file mode 100644
index 0000000..7b2b759
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/respond.js
@@ -0,0 +1,237 @@
+/*! Respond.js v1.4.2: min/max-width media query polyfill
+ * Copyright 2013 Scott Jehl
+ * Licensed under MIT
+ * http://j.mp/respondjs */
+
+/*! matchMedia() polyfill - Test a CSS media type/query in JS. Authors & copyright (c) 2012: Scott Jehl, Paul Irish, Nicholas Zakas. Dual MIT/BSD license */
+/*! NOTE: If you're already including a window.matchMedia polyfill via Modernizr or otherwise, you don't need this part */
+(function(w) {
+  "use strict";
+  w.matchMedia = w.matchMedia || function(doc, undefined) {
+    var bool, docElem = doc.documentElement, refNode = docElem.firstElementChild || docElem.firstChild, fakeBody = doc.createElement("body"), div = doc.createElement("div");
+    div.id = "mq-test-1";
+    div.style.cssText = "position:absolute;top:-100em";
+    fakeBody.style.background = "none";
+    fakeBody.appendChild(div);
+    return function(q) {
+      div.innerHTML = '&shy;<style media="' + q + '"> #mq-test-1 { width: 42px; }</style>';
+      docElem.insertBefore(fakeBody, refNode);
+      bool = div.offsetWidth === 42;
+      docElem.removeChild(fakeBody);
+      return {
+        matches: bool,
+        media: q
+      };
+    };
+  }(w.document);
+})(this);
+
+(function(w) {
+  "use strict";
+  var respond = {};
+  w.respond = respond;
+  respond.update = function() {};
+  var requestQueue = [], xmlHttp = function() {
+    var xmlhttpmethod = false;
+    try {
+      xmlhttpmethod = new w.XMLHttpRequest();
+    } catch (e) {
+      xmlhttpmethod = new w.ActiveXObject("Microsoft.XMLHTTP");
+    }
+    return function() {
+      return xmlhttpmethod;
+    };
+  }(), ajax = function(url, callback) {
+    var req = xmlHttp();
+    if (!req) {
+      return;
+    }
+    req.open("GET", url, true);
+    req.onreadystatechange = function() {
+      if (req.readyState !== 4 || req.status !== 200 && req.status !== 304) {
+        return;
+      }
+      callback(req.responseText);
+    };
+    if (req.readyState === 4) {
+      return;
+    }
+    req.send(null);
+  }, isUnsupportedMediaQuery = function(query) {
+    return query.replace(respond.regex.minmaxwh, "").match(respond.regex.other);
+  };
+  respond.ajax = ajax;
+  respond.queue = requestQueue;
+  respond.unsupportedmq = isUnsupportedMediaQuery;
+  respond.regex = {
+    media: /@media[^\{]+\{([^\{\}]*\{[^\}\{]*\})+/gi,
+    keyframes: /@(?:\-(?:o|moz|webkit)\-)?keyframes[^\{]+\{(?:[^\{\}]*\{[^\}\{]*\})+[^\}]*\}/gi,
+    comments: /\/\*[^*]*\*+([^/][^*]*\*+)*\//gi,
+    urls: /(url\()['"]?([^\/\)'"][^:\)'"]+)['"]?(\))/g,
+    findStyles: /@media *([^\{]+)\{([\S\s]+?)$/,
+    only: /(only\s+)?([a-zA-Z]+)\s?/,
+    minw: /\(\s*min\-width\s*:\s*(\s*[0-9\.]+)(px|em)\s*\)/,
+    maxw: /\(\s*max\-width\s*:\s*(\s*[0-9\.]+)(px|em)\s*\)/,
+    minmaxwh: /\(\s*m(in|ax)\-(height|width)\s*:\s*(\s*[0-9\.]+)(px|em)\s*\)/gi,
+    other: /\([^\)]*\)/g
+  };
+  respond.mediaQueriesSupported = w.matchMedia && w.matchMedia("only all") !== null && w.matchMedia("only all").matches;
+  if (respond.mediaQueriesSupported) {
+    return;
+  }
+  var doc = w.document, docElem = doc.documentElement, mediastyles = [], rules = [], appendedEls = [], parsedSheets = {}, resizeThrottle = 30, head = doc.getElementsByTagName("head")[0] || docElem, base = doc.getElementsByTagName("base")[0], links = head.getElementsByTagName("link"), lastCall, resizeDefer, eminpx, getEmValue = function() {
+    var ret, div = doc.createElement("div"), body = doc.body, originalHTMLFontSize = docElem.style.fontSize, originalBodyFontSize = body && body.style.fontSize, fakeUsed = false;
+    div.style.cssText = "position:absolute;font-size:1em;width:1em";
+    if (!body) {
+      body = fakeUsed = doc.createElement("body");
+      body.style.background = "none";
+    }
+    docElem.style.fontSize = "100%";
+    body.style.fontSize = "100%";
+    body.appendChild(div);
+    if (fakeUsed) {
+      docElem.insertBefore(body, docElem.firstChild);
+    }
+    ret = div.offsetWidth;
+    if (fakeUsed) {
+      docElem.removeChild(body);
+    } else {
+      body.removeChild(div);
+    }
+    docElem.style.fontSize = originalHTMLFontSize;
+    if (originalBodyFontSize) {
+      body.style.fontSize = originalBodyFontSize;
+    }
+    ret = eminpx = parseFloat(ret);
+    return ret;
+  }, applyMedia = function(fromResize) {
+    var name = "clientWidth", docElemProp = docElem[name], currWidth = doc.compatMode === "CSS1Compat" && docElemProp || doc.body[name] || docElemProp, styleBlocks = {}, lastLink = links[links.length - 1], now = new Date().getTime();
+    if (fromResize && lastCall && now - lastCall < resizeThrottle) {
+      w.clearTimeout(resizeDefer);
+      resizeDefer = w.setTimeout(applyMedia, resizeThrottle);
+      return;
+    } else {
+      lastCall = now;
+    }
+    for (var i in mediastyles) {
+      if (mediastyles.hasOwnProperty(i)) {
+        var thisstyle = mediastyles[i], min = thisstyle.minw, max = thisstyle.maxw, minnull = min === null, maxnull = max === null, em = "em";
+        if (!!min) {
+          min = parseFloat(min) * (min.indexOf(em) > -1 ? eminpx || getEmValue() : 1);
+        }
+        if (!!max) {
+          max = parseFloat(max) * (max.indexOf(em) > -1 ? eminpx || getEmValue() : 1);
+        }
+        if (!thisstyle.hasquery || (!minnull || !maxnull) && (minnull || currWidth >= min) && (maxnull || currWidth <= max)) {
+          if (!styleBlocks[thisstyle.media]) {
+            styleBlocks[thisstyle.media] = [];
+          }
+          styleBlocks[thisstyle.media].push(rules[thisstyle.rules]);
+        }
+      }
+    }
+    for (var j in appendedEls) {
+      if (appendedEls.hasOwnProperty(j)) {
+        if (appendedEls[j] && appendedEls[j].parentNode === head) {
+          head.removeChild(appendedEls[j]);
+        }
+      }
+    }
+    appendedEls.length = 0;
+    for (var k in styleBlocks) {
+      if (styleBlocks.hasOwnProperty(k)) {
+        var ss = doc.createElement("style"), css = styleBlocks[k].join("\n");
+        ss.type = "text/css";
+        ss.media = k;
+        head.insertBefore(ss, lastLink.nextSibling);
+        if (ss.styleSheet) {
+          ss.styleSheet.cssText = css;
+        } else {
+          ss.appendChild(doc.createTextNode(css));
+        }
+        appendedEls.push(ss);
+      }
+    }
+  }, translate = function(styles, href, media) {
+    var qs = styles.replace(respond.regex.comments, "").replace(respond.regex.keyframes, "").match(respond.regex.media), ql = qs && qs.length || 0;
+    href = href.substring(0, href.lastIndexOf("/"));
+    var repUrls = function(css) {
+      return css.replace(respond.regex.urls, "$1" + href + "$2$3");
+    }, useMedia = !ql && media;
+    if (href.length) {
+      href += "/";
+    }
+    if (useMedia) {
+      ql = 1;
+    }
+    for (var i = 0; i < ql; i++) {
+      var fullq, thisq, eachq, eql;
+      if (useMedia) {
+        fullq = media;
+        rules.push(repUrls(styles));
+      } else {
+        fullq = qs[i].match(respond.regex.findStyles) && RegExp.$1;
+        rules.push(RegExp.$2 && repUrls(RegExp.$2));
+      }
+      eachq = fullq.split(",");
+      eql = eachq.length;
+      for (var j = 0; j < eql; j++) {
+        thisq = eachq[j];
+        if (isUnsupportedMediaQuery(thisq)) {
+          continue;
+        }
+        mediastyles.push({
+          media: thisq.split("(")[0].match(respond.regex.only) && RegExp.$2 || "all",
+          rules: rules.length - 1,
+          hasquery: thisq.indexOf("(") > -1,
+          minw: thisq.match(respond.regex.minw) && parseFloat(RegExp.$1) + (RegExp.$2 || ""),
+          maxw: thisq.match(respond.regex.maxw) && parseFloat(RegExp.$1) + (RegExp.$2 || "")
+        });
+      }
+    }
+    applyMedia();
+  }, makeRequests = function() {
+    if (requestQueue.length) {
+      var thisRequest = requestQueue.shift();
+      ajax(thisRequest.href, function(styles) {
+        translate(styles, thisRequest.href, thisRequest.media);
+        parsedSheets[thisRequest.href] = true;
+        w.setTimeout(function() {
+          makeRequests();
+        }, 0);
+      });
+    }
+  }, ripCSS = function() {
+    for (var i = 0; i < links.length; i++) {
+      var sheet = links[i], href = sheet.href, media = sheet.media, isCSS = sheet.rel && sheet.rel.toLowerCase() === "stylesheet";
+      if (!!href && isCSS && !parsedSheets[href]) {
+        if (sheet.styleSheet && sheet.styleSheet.rawCssText) {
+          translate(sheet.styleSheet.rawCssText, href, media);
+          parsedSheets[href] = true;
+        } else {
+          if (!/^([a-zA-Z:]*\/\/)/.test(href) && !base || href.replace(RegExp.$1, "").split("/")[0] === w.location.host) {
+            if (href.substring(0, 2) === "//") {
+              href = w.location.protocol + href;
+            }
+            requestQueue.push({
+              href: href,
+              media: media
+            });
+          }
+        }
+      }
+    }
+    makeRequests();
+  };
+  ripCSS();
+  respond.update = ripCSS;
+  respond.getEmValue = getEmValue;
+  function callMedia() {
+    applyMedia(true);
+  }
+  if (w.addEventListener) {
+    w.addEventListener("resize", callMedia, false);
+  } else if (w.attachEvent) {
+    w.attachEvent("onresize", callMedia);
+  }
+})(this);
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/stmd.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/stmd.js
new file mode 100644
index 0000000..f7f48fd
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/stmd.js
@@ -0,0 +1,1547 @@
+// stmd.js - CommonMark in javascript
+// Copyright (C) 2014 John MacFarlane
+// License: BSD3.
+
+// Basic usage:
+//
+// var stmd = require('stmd');
+// var parser = new stmd.DocParser();
+// var renderer = new stmd.HtmlRenderer();
+// console.log(renderer.render(parser.parse('Hello *world*')));
+
+(function(exports) {
+
+// Some regexps used in inline parser:
+
+var ESCAPABLE = '[!"#$%&\'()*+,./:;<=>?@[\\\\\\]^_`{|}~-]';
+var ESCAPED_CHAR = '\\\\' + ESCAPABLE;
+var IN_DOUBLE_QUOTES = '"(' + ESCAPED_CHAR + '|[^"\\x00])*"';
+var IN_SINGLE_QUOTES = '\'(' + ESCAPED_CHAR + '|[^\'\\x00])*\'';
+var IN_PARENS = '\\((' + ESCAPED_CHAR + '|[^)\\x00])*\\)';
+var REG_CHAR = '[^\\\\()\\x00-\\x20]';
+var IN_PARENS_NOSP = '\\((' + REG_CHAR + '|' + ESCAPED_CHAR + ')*\\)';
+var TAGNAME = '[A-Za-z][A-Za-z0-9]*';
+var BLOCKTAGNAME = '(?:article|header|aside|hgroup|iframe|blockquote|hr|body|li|map|button|object|canvas|ol|caption|output|col|p|colgroup|pre|dd|progress|div|section|dl|table|td|dt|tbody|embed|textarea|fieldset|tfoot|figcaption|th|figure|thead|footer|footer|tr|form|ul|h1|h2|h3|h4|h5|h6|video|script|style)';
+var ATTRIBUTENAME = '[a-zA-Z_:][a-zA-Z0-9:._-]*';
+var UNQUOTEDVALUE = "[^\"'=<>`\\x00-\\x20]+";
+var SINGLEQUOTEDVALUE = "'[^']*'";
+var DOUBLEQUOTEDVALUE = '"[^"]*"';
+var ATTRIBUTEVALUE = "(?:" + UNQUOTEDVALUE + "|" + SINGLEQUOTEDVALUE + "|" + DOUBLEQUOTEDVALUE + ")";
+var ATTRIBUTEVALUESPEC = "(?:" + "\\s*=" + "\\s*" + ATTRIBUTEVALUE + ")";
+var ATTRIBUTE = "(?:" + "\\s+" + ATTRIBUTENAME + ATTRIBUTEVALUESPEC + "?)";
+var OPENTAG = "<" + TAGNAME + ATTRIBUTE + "*" + "\\s*/?>";
+var CLOSETAG = "</" + TAGNAME + "\\s*[>]";
+var OPENBLOCKTAG = "<" + BLOCKTAGNAME + ATTRIBUTE + "*" + "\\s*/?>";
+var CLOSEBLOCKTAG = "</" + BLOCKTAGNAME + "\\s*[>]";
+var HTMLCOMMENT = "<!--([^-]+|[-][^-]+)*-->";
+var PROCESSINGINSTRUCTION = "[<][?].*?[?][>]";
+var DECLARATION = "<![A-Z]+" + "\\s+[^>]*>";
+var CDATA = "<!\\[CDATA\\[([^\\]]+|\\][^\\]]|\\]\\][^>])*\\]\\]>";
+var HTMLTAG = "(?:" + OPENTAG + "|" + CLOSETAG + "|" + HTMLCOMMENT + "|" +
+           PROCESSINGINSTRUCTION + "|" + DECLARATION + "|" + CDATA + ")";
+var HTMLBLOCKOPEN = "<(?:" + BLOCKTAGNAME + "[\\s/>]" + "|" +
+    "/" + BLOCKTAGNAME + "[\\s>]" + "|" + "[?!])";
+
+var reHtmlTag = new RegExp('^' + HTMLTAG, 'i');
+
+var reHtmlBlockOpen = new RegExp('^' + HTMLBLOCKOPEN, 'i');
+
+var reLinkTitle = new RegExp(
+    '^(?:"(' + ESCAPED_CHAR + '|[^"\\x00])*"' +
+    '|' +
+    '\'(' + ESCAPED_CHAR + '|[^\'\\x00])*\'' +
+    '|' +
+    '\\((' + ESCAPED_CHAR + '|[^)\\x00])*\\))');
+
+var reLinkDestinationBraces = new RegExp(
+    '^(?:[<](?:[^<>\\n\\\\\\x00]' + '|' + ESCAPED_CHAR + '|' + '\\\\)*[>])');
+
+var reLinkDestination = new RegExp(
+    '^(?:' + REG_CHAR + '+|' + ESCAPED_CHAR + '|' + IN_PARENS_NOSP + ')*');
+
+var reEscapable = new RegExp(ESCAPABLE);
+
+var reAllEscapedChar = new RegExp('\\\\(' + ESCAPABLE + ')', 'g');
+
+var reEscapedChar = new RegExp('^\\\\(' + ESCAPABLE + ')');
+
+var reAllTab = /\t/g;
+
+var reHrule = /^(?:(?:\* *){3,}|(?:_ *){3,}|(?:- *){3,}) *$/;
+
+// Matches a character with a special meaning in markdown,
+// or a string of non-special characters.
+var reMain = /^(?:[\n`\[\]\\!<&*_]|[^\n`\[\]\\!<&*_]+)/m;
+
+// UTILITY FUNCTIONS
+
+// Replace backslash escapes with literal characters.
+var unescape = function(s) {
+  return s.replace(reAllEscapedChar, '$1');
+};
+
+// Returns true if string contains only space characters.
+var isBlank = function(s) {
+  return /^\s*$/.test(s);
+};
+
+// Normalize reference label: collapse internal whitespace
+// to single space, remove leading/trailing whitespace, case fold.
+var normalizeReference = function(s) {
+  return s.trim()
+          .replace(/\s+/,' ')
+          .toUpperCase();
+};
+
+// Attempt to match a regex in string s at offset offset.
+// Return index of match or null.
+var matchAt = function(re, s, offset) {
+  var res = s.slice(offset).match(re);
+  if (res) {
+    return offset + res.index;
+  } else {
+    return null;
+  }
+};
+
+// Convert tabs to spaces on each line using a 4-space tab stop.
+var detabLine = function(text) {
+  if (text.indexOf('\t') == -1) {
+    return text;
+  } else {
+    var lastStop = 0;
+    return text.replace(reAllTab, function(match, offset) {
+      var result = '    '.slice((offset - lastStop) % 4);
+      lastStop = offset + 1;
+      return result;
+    });
+  }
+};
+
+// INLINE PARSER
+
+// These are methods of an InlineParser object, defined below.
+// An InlineParser keeps track of a subject (a string to be
+// parsed) and a position in that subject.
+
+// If re matches at current position in the subject, advance
+// position in subject and return the match; otherwise return null.
+var match = function(re) {
+  var match = re.exec(this.subject.slice(this.pos));
+  if (match) {
+    this.pos += match.index + match[0].length;
+    return match[0];
+  } else {
+    return null;
+  }
+};
+
+// Returns the character at the current subject position, or null if
+// there are no more characters.
+var peek = function() {
+  return this.subject.charAt(this.pos) || null;
+};
+
+// Parse zero or more space characters, including at most one newline
+var spnl = function() {
+  this.match(/^ *(?:\n *)?/);
+  return 1;
+};
+
+// All of the parsers below try to match something at the current position
+// in the subject.  If they succeed in matching anything, they
+// push an inline element onto the 'inlines' list.  They return the
+// number of characters parsed (possibly 0).
+
+// Attempt to parse backticks, adding either a backtick code span or a
+// literal sequence of backticks to the 'inlines' list.
+var parseBackticks = function(inlines) {
+  var startpos = this.pos;
+  var ticks = this.match(/^`+/);
+  if (!ticks) {
+    return 0;
+  }
+  var afterOpenTicks = this.pos;
+  var foundCode = false;
+  var match;
+  while (!foundCode && (match = this.match(/`+/m))) {
+    if (match == ticks) {
+      inlines.push({ t: 'Code', c: this.subject.slice(afterOpenTicks,
+                                   this.pos - ticks.length)
+             .replace(/[ \n]+/g,' ')
+             .trim() });
+      return (this.pos - startpos);
+    }
+  }
+  // If we got here, we didn't match a closing backtick sequence.
+  inlines.push({ t: 'Str', c: ticks });
+  this.pos = afterOpenTicks;
+  return (this.pos - startpos);
+};
+
+// Parse a backslash-escaped special character, adding either the escaped
+// character, a hard line break (if the backslash is followed by a newline),
+// or a literal backslash to the 'inlines' list.
+var parseEscaped = function(inlines) {
+  var subj = this.subject,
+      pos  = this.pos;
+  if (subj.charAt(pos) === '\\') {
+    if (subj.charAt(pos + 1) === '\n') {
+      inlines.push({ t: 'Hardbreak' });
+      this.pos = this.pos + 2;
+      return 2;
+    } else if (reEscapable.test(subj.charAt(pos + 1))) {
+      inlines.push({ t: 'Str', c: subj.charAt(pos + 1) });
+      this.pos = this.pos + 2;
+      return 2;
+    } else {
+      this.pos++;
+      inlines.push({t: 'Str', c: '\\'});
+      return 1;
+    }
+  } else {
+    return 0;
+  }
+};
+
+// Attempt to parse an autolink (URL or email in pointy brackets).
+var parseAutolink = function(inlines) {
+  var m;
+  var dest;
+  if ((m = this.match(/^<([a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*)>/))) {  // email autolink
+    dest = m.slice(1,-1);
+    inlines.push({ t: 'Link', label: [{ t: 'Str', c: dest }],
+                   destination: 'mailto:' + dest });
+    return m.length;
+  } else if ((m = this.match(/^<(?:coap|doi|javascript|aaa|aaas|about|acap|cap|cid|crid|data|dav|dict|dns|file|ftp|geo|go|gopher|h323|http|https|iax|icap|im|imap|info|ipp|iris|iris.beep|iris.xpc|iris.xpcs|iris.lwz|ldap|mailto|mid|msrp|msrps|mtqp|mupdate|news|nfs|ni|nih|nntp|opaquelocktoken|pop|pres|rtsp|service|session|shttp|sieve|sip|sips|sms|snmp|soap.beep|soap.beeps|tag|tel|telnet|tftp|thismessage|tn3270|tip|tv|urn|vemmi|ws|wss|xcon|xcon-userid|xmlrpc.beep|xmlrpc.beeps|xmpp|z39.50r|z39.50s|adiumxtra|afp|afs|aim|apt|attachment|aw|beshare|bitcoin|bolo|callto|chrome|chrome-extension|com-eventbrite-attendee|content|cvs|dlna-playsingle|dlna-playcontainer|dtn|dvb|ed2k|facetime|feed|finger|fish|gg|git|gizmoproject|gtalk|hcp|icon|ipn|irc|irc6|ircs|itms|jar|jms|keyparc|lastfm|ldaps|magnet|maps|market|message|mms|ms-help|msnim|mumble|mvn|notes|oid|palm|paparazzi|platform|proxy|psyc|query|res|resource|rmi|rsync|rtmp|secondlife|sftp|sgn|skype|smb|soldat|spotify|ssh|steam|svn|teamspeak|things|udp|unreal|ut2004|ventrilo|view-source|webcal|wtai|wyciwyg|xfire|xri|ymsgr):[^<>\x00-\x20]*>/i))) {
+    dest = m.slice(1,-1);
+    inlines.push({ t: 'Link', label: [{ t: 'Str', c: dest }],
+                   destination: dest });
+    return m.length;
+  } else {
+    return 0;
+  }
+};
+
+// Attempt to parse a raw HTML tag.
+var parseHtmlTag = function(inlines) {
+  var m = this.match(reHtmlTag);
+  if (m) {
+    inlines.push({ t: 'Html', c: m });
+    return m.length;
+  } else {
+    return 0;
+  }
+};
+
+// Scan a sequence of characters == c, and return information about
+// the number of delimiters and whether they are positioned such that
+// they can open and/or close emphasis or strong emphasis.  A utility
+// function for strong/emph parsing.
+var scanDelims = function(c) {
+  var numdelims = 0;
+  var first_close_delims = 0;
+  var char_before, char_after;
+  var startpos = this.pos;
+
+  char_before = this.pos === 0 ? '\n' :
+    this.subject.charAt(this.pos - 1);
+
+  while (this.peek() === c) {
+    numdelims++;
+    this.pos++;
+  }
+
+  char_after = this.peek() || '\n';
+
+  var can_open = numdelims > 0 && numdelims <= 3 && !(/\s/.test(char_after));
+  var can_close = numdelims > 0 && numdelims <= 3 && !(/\s/.test(char_before));
+  if (c === '_') {
+    can_open = can_open && !((/[a-z0-9]/i).test(char_before));
+    can_close = can_close && !((/[a-z0-9]/i).test(char_after));
+  }
+  this.pos = startpos;
+  return { numdelims: numdelims,
+           can_open: can_open,
+           can_close: can_close };
+};
+
+// Attempt to parse emphasis or strong emphasis in an efficient way,
+// with no backtracking.
+var parseEmphasis = function(inlines) {
+  var startpos = this.pos;
+  var c ;
+  var first_close = 0;
+  var nxt = this.peek();
+  if (nxt == '*' || nxt == '_') {
+    c = nxt;
+  } else {
+    return 0;
+  }
+
+  var numdelims;
+  var delimpos;
+
+  // Get opening delimiters.
+  res = this.scanDelims(c);
+  numdelims = res.numdelims;
+  this.pos += numdelims;
+  // We provisionally add a literal string.  If we match appropriate
+  // closing delimiters, we'll change this to Strong or Emph.
+  inlines.push({t: 'Str',
+               c: this.subject.substr(this.pos - numdelims, numdelims)});
+  // Record the position of this opening delimiter:
+  delimpos = inlines.length - 1;
+
+  if (!res.can_open || numdelims === 0) {
+    return 0;
+  }
+
+  var first_close_delims = 0;
+
+  switch (numdelims) {
+  case 1:  // we started with * or _
+    while (true) {
+      res = this.scanDelims(c);
+      if (res.numdelims >= 1 && res.can_close) {
+        this.pos += 1;
+        // Convert the inline at delimpos, currently a string with the delim,
+        // into an Emph whose contents are the succeeding inlines
+        inlines[delimpos].t = 'Emph';
+        inlines[delimpos].c = inlines.slice(delimpos + 1);
+        inlines.splice(delimpos + 1, inlines.length - delimpos - 1);
+        break;
+      } else {
+        if (this.parseInline(inlines) === 0) {
+          break;
+        }
+      }
+    }
+    return (this.pos - startpos);
+
+  case 2:  // We started with ** or __
+    while (true) {
+      res = this.scanDelims(c);
+      if (res.numdelims >= 2 && res.can_close) {
+        this.pos += 2;
+        inlines[delimpos].t = 'Strong';
+        inlines[delimpos].c = inlines.slice(delimpos + 1);
+        inlines.splice(delimpos + 1, inlines.length - delimpos - 1);
+        break;
+      } else {
+        if (this.parseInline(inlines) === 0) {
+          break;
+        }
+      }
+    }
+    return (this.pos - startpos);
+
+  case 3:  // We started with *** or ___
+    while (true) {
+      res = this.scanDelims(c);
+      if (res.numdelims >= 1 && res.numdelims <= 3 && res.can_close &&
+            res.numdelims != first_close_delims) {
+
+        if (first_close_delims === 1 && numdelims > 2) {
+          res.numdelims = 2;
+        } else if (first_close_delims === 2) {
+          res.numdelims = 1;
+        } else if (res.numdelims === 3) {
+          // If we opened with ***, then we interpret *** as ** followed by *
+          // giving us <strong><em>
+          res.numdelims = 1;
+        }
+
+        this.pos += res.numdelims;
+
+        if (first_close > 0) { // if we've already passed the first closer:
+          inlines[delimpos].t = first_close_delims === 1 ? 'Strong' : 'Emph';
+          inlines[delimpos].c = [
+             { t: first_close_delims === 1 ? 'Emph' : 'Strong',
+               c: inlines.slice(delimpos + 1, first_close)}
+            ].concat(inlines.slice(first_close + 1));
+          inlines.splice(delimpos + 1);
+          break;
+        } else {  // this is the first closer; for now, add literal string;
+                  // we'll change this when he hit the second closer
+          inlines.push({t: 'Str',
+                        c: this.subject.slice(this.pos - res.numdelims,
+                                              this.pos) });
+          first_close = inlines.length - 1;
+          first_close_delims = res.numdelims;
+        }
+      } else {  // parse another inline element, til we hit the end
+        if (this.parseInline(inlines) === 0) {
+          break;
+        }
+      }
+    }
+    return (this.pos - startpos);
+
+  default:
+    return res;
+  }
+
+  return 0;
+};
+
+// Attempt to parse link title (sans quotes), returning the string
+// or null if no match.
+var parseLinkTitle = function() {
+  var title = this.match(reLinkTitle);
+  if (title) {
+    // chop off quotes from title and unescape:
+    return unescape(title.substr(1, title.length - 2));
+  } else {
+    return null;
+  }
+};
+
+// Attempt to parse link destination, returning the string or
+// null if no match.
+var parseLinkDestination = function() {
+  var res = this.match(reLinkDestinationBraces);
+  if (res) {  // chop off surrounding <..>:
+    return unescape(res.substr(1, res.length - 2));
+  } else {
+    res = this.match(reLinkDestination);
+    if (res !== null) {
+      return unescape(res);
+    } else {
+      return null;
+    }
+  }
+};
+
+// Attempt to parse a link label, returning number of characters parsed.
+var parseLinkLabel = function() {
+  if (this.peek() != '[') {
+    return 0;
+  }
+  var startpos = this.pos;
+  var nest_level = 0;
+  if (this.label_nest_level > 0) {
+    // If we've already checked to the end of this subject
+    // for a label, even with a different starting [, we
+    // know we won't find one here and we can just return.
+    // This avoids lots of backtracking.
+    // Note:  nest level 1 would be: [foo [bar]
+    //        nest level 2 would be: [foo [bar [baz]
+    this.label_nest_level--;
+    return 0;
+  }
+  this.pos++;  // advance past [
+  var c;
+  while ((c = this.peek()) && (c != ']' || nest_level > 0)) {
+    switch (c) {
+      case '`':
+        this.parseBackticks([]);
+        break;
+      case '<':
+        this.parseAutolink([]) || this.parseHtmlTag([]) || this.parseString([]);
+        break;
+      case '[':  // nested []
+        nest_level++;
+        this.pos++;
+        break;
+      case ']':  // nested []
+        nest_level--;
+        this.pos++;
+        break;
+      case '\\':
+        this.parseEscaped([]);
+        break;
+      default:
+        this.parseString([]);
+    }
+  }
+  if (c === ']') {
+    this.label_nest_level = 0;
+    this.pos++; // advance past ]
+    return this.pos - startpos;
+  } else {
+    if (!c) {
+      this.label_nest_level = nest_level;
+    }
+    this.pos = startpos;
+    return 0;
+  }
+};
+
+// Parse raw link label, including surrounding [], and return
+// inline contents.  (Note:  this is not a method of InlineParser.)
+var parseRawLabel = function(s) {
+  // note:  parse without a refmap; we don't want links to resolve
+  // in nested brackets!
+  return new InlineParser().parse(s.substr(1, s.length - 2), {});
+};
+
+// Attempt to parse a link.  If successful, add the link to
+// inlines.
+var parseLink = function(inlines) {
+  var startpos = this.pos;
+  var reflabel;
+  var n;
+  var dest;
+  var title;
+
+  n = this.parseLinkLabel();
+  if (n === 0) {
+    return 0;
+  }
+  var afterlabel = this.pos;
+  var rawlabel = this.subject.substr(startpos, n);
+
+  // if we got this far, we've parsed a label.
+  // Try to parse an explicit link: [label](url "title")
+  if (this.peek() == '(') {
+    this.pos++;
+    if (this.spnl() &&
+        ((dest = this.parseLinkDestination()) !== null) &&
+        this.spnl() &&
+        // make sure there's a space before the title:
+        (/^\s/.test(this.subject.charAt(this.pos - 1)) &&
+         (title = this.parseLinkTitle() || '') || true) &&
+        this.spnl() &&
+        this.match(/^\)/)) {
+        inlines.push({ t: 'Link',
+                       destination: dest,
+                       title: title,
+                       label: parseRawLabel(rawlabel) });
+        return this.pos - startpos;
+     } else {
+        this.pos = startpos;
+        return 0;
+     }
+  }
+  // If we're here, it wasn't an explicit link. Try to parse a reference link.
+  // first, see if there's another label
+  var savepos = this.pos;
+  this.spnl();
+  var beforelabel = this.pos;
+  n = this.parseLinkLabel();
+  if (n == 2) {
+    // empty second label
+    reflabel = rawlabel;
+  } else if (n > 0) {
+    reflabel = this.subject.slice(beforelabel, beforelabel + n);
+  } else {
+    this.pos = savepos;
+    reflabel = rawlabel;
+  }
+  // lookup rawlabel in refmap
+  var link = this.refmap[normalizeReference(reflabel)];
+  if (link) {
+    inlines.push({t: 'Link',
+                  destination: link.destination,
+                  title: link.title,
+                  label: parseRawLabel(rawlabel) });
+    return this.pos - startpos;
+  } else {
+    this.pos = startpos;
+    return 0;
+  }
+  // Nothing worked, rewind:
+  this.pos = startpos;
+  return 0;
+};
+
+// Attempt to parse an entity, adding to inlines if successful.
+var parseEntity = function(inlines) {
+  var m;
+  if ((m = this.match(/^&(?:#x[a-f0-9]{1,8}|#[0-9]{1,8}|[a-z][a-z0-9]{1,31});/i))) {
+      inlines.push({ t: 'Entity', c: m });
+      return m.length;
+  } else {
+      return  0;
+  }
+};
+
+// Parse a run of ordinary characters, or a single character with
+// a special meaning in markdown, as a plain string, adding to inlines.
+var parseString = function(inlines) {
+  var m;
+  if ((m = this.match(reMain))) {
+    inlines.push({ t: 'Str', c: m });
+    return m.length;
+  } else {
+    return 0;
+  }
+};
+
+// Parse a newline.  If it was preceded by two spaces, return a hard
+// line break; otherwise a soft line break.
+var parseNewline = function(inlines) {
+  if (this.peek() == '\n') {
+    this.pos++;
+    var last = inlines[inlines.length - 1];
+    if (last && last.t == 'Str' && last.c.slice(-2) == '  ') {
+      last.c = last.c.replace(/ *$/,'');
+      inlines.push({ t: 'Hardbreak' });
+    } else {
+      if (last && last.t == 'Str' && last.c.slice(-1) == ' ') {
+        last.c = last.c.slice(0, -1);
+      }
+      inlines.push({ t: 'Softbreak' });
+    }
+    return 1;
+  } else {
+    return 0;
+  }
+};
+
+// Attempt to parse an image.  If the opening '!' is not followed
+// by a link, add a literal '!' to inlines.
+var parseImage = function(inlines) {
+  if (this.match(/^!/)) {
+    var n = this.parseLink(inlines);
+    if (n === 0) {
+      inlines.push({ t: 'Str', c: '!' });
+      return 1;
+    } else if (inlines[inlines.length - 1] &&
+               inlines[inlines.length - 1].t == 'Link') {
+      inlines[inlines.length - 1].t = 'Image';
+      return n+1;
+    } else {
+      throw "Shouldn't happen";
+    }
+  } else {
+    return 0;
+  }
+};
+
+// Attempt to parse a link reference, modifying refmap.
+var parseReference = function(s, refmap) {
+  this.subject = s;
+  this.pos = 0;
+  var rawlabel;
+  var dest;
+  var title;
+  var matchChars;
+  var startpos = this.pos;
+  var match;
+
+  // label:
+  matchChars = this.parseLinkLabel();
+  if (matchChars === 0) {
+    return 0;
+  } else {
+    rawlabel = this.subject.substr(0, matchChars);
+  }
+
+  // colon:
+  if (this.peek() === ':') {
+    this.pos++;
+  } else {
+    this.pos = startpos;
+    return 0;
+  }
+
+  //  link url
+  this.spnl();
+
+  dest = this.parseLinkDestination();
+  if (dest === null || dest.length === 0) {
+    this.pos = startpos;
+    return 0;
+  }
+
+  var beforetitle = this.pos;
+  this.spnl();
+  title = this.parseLinkTitle();
+  if (title === null) {
+    title = '';
+    // rewind before spaces
+    this.pos = beforetitle;
+  }
+
+  // make sure we're at line end:
+  if (this.match(/^ *(?:\n|$)/) === null) {
+    this.pos = startpos;
+    return 0;
+  }
+
+  var normlabel = normalizeReference(rawlabel);
+
+  if (!refmap[normlabel]) {
+    refmap[normlabel] = { destination: dest, title: title };
+  }
+  return this.pos - startpos;
+};
+
+// Parse the next inline element in subject, advancing subject position
+// and adding the result to 'inlines'.
+var parseInline = function(inlines) {
+  var c = this.peek();
+  var res;
+  switch(c) {
+  case '\n':
+    res = this.parseNewline(inlines);
+    break;
+  case '\\':
+    res = this.parseEscaped(inlines);
+    break;
+  case '`':
+    res = this.parseBackticks(inlines);
+    break;
+  case '*':
+  case '_':
+    res = this.parseEmphasis(inlines);
+    break;
+  case '[':
+    res = this.parseLink(inlines);
+    break;
+  case '!':
+    res = this.parseImage(inlines);
+    break;
+  case '<':
+    res = this.parseAutolink(inlines) ||
+      this.parseHtmlTag(inlines);
+    break;
+  case '&':
+    res = this.parseEntity(inlines);
+    break;
+  default:
+  }
+  return res || this.parseString(inlines);
+};
+
+// Parse s as a list of inlines, using refmap to resolve references.
+var parseInlines = function(s, refmap) {
+  this.subject = s;
+  this.pos = 0;
+  this.refmap = refmap || {};
+  var inlines = [];
+  while (this.parseInline(inlines)) ;
+  return inlines;
+};
+
+// The InlineParser object.
+function InlineParser(){
+  return {
+    subject: '',
+    label_nest_level: 0, // used by parseLinkLabel method
+    pos: 0,
+    refmap: {},
+    match: match,
+    peek: peek,
+    spnl: spnl,
+    parseBackticks: parseBackticks,
+    parseEscaped: parseEscaped,
+    parseAutolink: parseAutolink,
+    parseHtmlTag: parseHtmlTag,
+    scanDelims: scanDelims,
+    parseEmphasis: parseEmphasis,
+    parseLinkTitle: parseLinkTitle,
+    parseLinkDestination: parseLinkDestination,
+    parseLinkLabel: parseLinkLabel,
+    parseLink: parseLink,
+    parseEntity: parseEntity,
+    parseString: parseString,
+    parseNewline: parseNewline,
+    parseImage: parseImage,
+    parseReference: parseReference,
+    parseInline: parseInline,
+    parse: parseInlines
+  };
+}
+
+// DOC PARSER
+
+// These are methods of a DocParser object, defined below.
+
+var makeBlock = function(tag, start_line, start_column) {
+  return { t: tag,
+           open: true,
+           last_line_blank: false,
+           start_line: start_line,
+           start_column: start_column,
+           end_line: start_line,
+           children: [],
+           parent: null,
+           // string_content is formed by concatenating strings, in finalize:
+           string_content: "",
+           strings: [],
+           inline_content: []
+        };
+};
+
+// Returns true if parent block can contain child block.
+var canContain = function(parent_type, child_type) {
+  return ( parent_type == 'Document' ||
+           parent_type == 'BlockQuote' ||
+           parent_type == 'ListItem' ||
+           (parent_type == 'List' && child_type == 'ListItem') );
+};
+
+// Returns true if block type can accept lines of text.
+var acceptsLines = function(block_type) {
+  return ( block_type == 'Paragraph' ||
+           block_type == 'IndentedCode' ||
+           block_type == 'FencedCode' );
+};
+
+// Returns true if block ends with a blank line, descending if needed
+// into lists and sublists.
+var endsWithBlankLine = function(block) {
+  if (block.last_line_blank) {
+    return true;
+  }
+  if ((block.t == 'List' || block.t == 'ListItem') && block.children.length > 0) {
+    return endsWithBlankLine(block.children[block.children.length - 1]);
+  } else {
+    return false;
+  }
+};
+
+// Break out of all containing lists, resetting the tip of the
+// document to the parent of the highest list, and finalizing
+// all the lists.  (This is used to implement the "two blank lines
+// break of of all lists" feature.)
+var breakOutOfLists = function(block, line_number) {
+  var b = block;
+  var last_list = null;
+  do {
+    if (b.t === 'List') {
+      last_list = b;
+    }
+    b = b.parent;
+  } while (b);
+
+  if (last_list) {
+    while (block != last_list) {
+      this.finalize(block, line_number);
+      block = block.parent;
+    }
+    this.finalize(last_list, line_number);
+    this.tip = last_list.parent;
+  }
+};
+
+// Add a line to the block at the tip.  We assume the tip
+// can accept lines -- that check should be done before calling this.
+var addLine = function(ln, offset) {
+  var s = ln.slice(offset);
+  if (!(this.tip.open)) {
+    throw({ msg: "Attempted to add line (" + ln + ") to closed container." });
+  }
+  this.tip.strings.push(s);
+};
+
+// Add block of type tag as a child of the tip.  If the tip can't
+// accept children, close and finalize it and try its parent,
+// and so on til we find a block that can accept children.
+var addChild = function(tag, line_number, offset) {
+  while (!canContain(this.tip.t, tag)) {
+    this.finalize(this.tip, line_number);
+  }
+
+  var column_number = offset + 1; // offset 0 = column 1
+  var newBlock = makeBlock(tag, line_number, column_number);
+  this.tip.children.push(newBlock);
+  newBlock.parent = this.tip;
+  this.tip = newBlock;
+  return newBlock;
+};
+
+// Parse a list marker and return data on the marker (type,
+// start, delimiter, bullet character, padding) or null.
+var parseListMarker = function(ln, offset) {
+  var rest = ln.slice(offset);
+  var match;
+  var spaces_after_marker;
+  var data = {};
+  if (rest.match(reHrule)) {
+    return null;
+  }
+  if ((match = rest.match(/^[*+-]( +|$)/))) {
+    spaces_after_marker = match[1].length;
+    data.type = 'Bullet';
+    data.bullet_char = match[0].charAt(0);
+
+  } else if ((match = rest.match(/^(\d+)([.)])( +|$)/))) {
+    spaces_after_marker = match[3].length;
+    data.type = 'Ordered';
+    data.start = parseInt(match[1]);
+    data.delimiter = match[2];
+  } else {
+    return null;
+  }
+  var blank_item = match[0].length === rest.length;
+  if (spaces_after_marker >= 5 ||
+      spaces_after_marker < 1 ||
+      blank_item) {
+        data.padding = match[0].length - spaces_after_marker + 1;
+  } else {
+        data.padding = match[0].length;
+  }
+  return data;
+};
+
+// Returns true if the two list items are of the same type,
+// with the same delimiter and bullet character.  This is used
+// in agglomerating list items into lists.
+var listsMatch = function(list_data, item_data) {
+  return (list_data.type === item_data.type &&
+          list_data.delimiter === item_data.delimiter &&
+          list_data.bullet_char === item_data.bullet_char);
+};
+
+// Analyze a line of text and update the document appropriately.
+// We parse markdown text by calling this on each line of input,
+// then finalizing the document.
+var incorporateLine = function(ln, line_number) {
+
+  var all_matched = true;
+  var last_child;
+  var first_nonspace;
+  var offset = 0;
+  var match;
+  var data;
+  var blank;
+  var indent;
+  var last_matched_container;
+  var i;
+  var CODE_INDENT = 4;
+
+  var container = this.doc;
+  var oldtip = this.tip;
+
+  // Convert tabs to spaces:
+  ln = detabLine(ln);
+
+  // For each containing block, try to parse the associated line start.
+  // Bail out on failure: container will point to the last matching block.
+  // Set all_matched to false if not all containers match.
+  while (container.children.length > 0) {
+    last_child = container.children[container.children.length - 1];
+    if (!last_child.open) {
+      break;
+    }
+    container = last_child;
+
+    match = matchAt(/[^ ]/, ln, offset);
+    if (match === null) {
+      first_nonspace = ln.length;
+      blank = true;
+    } else {
+      first_nonspace = match;
+      blank = false;
+    }
+    indent = first_nonspace - offset;
+
+    switch (container.t) {
+      case 'BlockQuote':
+        var matched = indent <= 3 && ln.charAt(first_nonspace) === '>';
+        if (matched) {
+          offset = first_nonspace + 1;
+          if (ln.charAt(offset) === ' ') {
+            offset++;
+          }
+        } else {
+          all_matched = false;
+        }
+        break;
+
+      case 'ListItem':
+        if (indent >= container.list_data.marker_offset +
+                      container.list_data.padding) {
+          offset += container.list_data.marker_offset +
+                    container.list_data.padding;
+        } else if (blank) {
+          offset = first_nonspace;
+        } else {
+          all_matched = false;
+        }
+        break;
+
+      case 'IndentedCode':
+        if (indent >= CODE_INDENT) {
+          offset += CODE_INDENT;
+        } else if (blank) {
+          offset = first_nonspace;
+        } else {
+          all_matched = false;
+        }
+        break;
+
+      case 'ATXHeader':
+      case 'SetextHeader':
+      case 'HorizontalRule':
+        // a header can never container > 1 line, so fail to match:
+        all_matched = false;
+        break;
+
+      case 'FencedCode':
+        // skip optional spaces of fence offset
+        i = container.fence_offset;
+        while (i > 0 && ln.charAt(offset) === ' ') {
+          offset++;
+          i--;
+        }
+        break;
+
+      case 'HtmlBlock':
+        if (blank) {
+          all_matched = false;
+        }
+        break;
+
+      case 'Paragraph':
+        if (blank) {
+          container.last_line_blank = true;
+          all_matched = false;
+        }
+        break;
+
+      default:
+    }
+
+    if (!all_matched) {
+      container = container.parent; // back up to last matching block
+      break;
+    }
+  }
+
+  last_matched_container = container;
+
+  // This function is used to finalize and close any unmatched
+  // blocks.  We aren't ready to do this now, because we might
+  // have a lazy paragraph continuation, in which case we don't
+  // want to close unmatched blocks.  So we store this closure for
+  // use later, when we have more information.
+  var closeUnmatchedBlocks = function(mythis) {
+    // finalize any blocks not matched
+    while (!already_done && oldtip != last_matched_container) {
+      mythis.finalize(oldtip, line_number);
+      oldtip = oldtip.parent;
+    }
+    var already_done = true;
+  };
+
+  // Check to see if we've hit 2nd blank line; if so break out of list:
+  if (blank && container.last_line_blank) {
+    this.breakOutOfLists(container, line_number);
+  }
+
+  // Unless last matched container is a code block, try new container starts,
+  // adding children to the last matched container:
+  while (container.t != 'FencedCode' &&
+         container.t != 'IndentedCode' &&
+         container.t != 'HtmlBlock' &&
+         // this is a little performance optimization:
+         matchAt(/^[ #`~*+_=<>0-9-]/,ln,offset) !== null) {
+
+    match = matchAt(/[^ ]/, ln, offset);
+    if (match === null) {
+      first_nonspace = ln.length;
+      blank = true;
+    } else {
+      first_nonspace = match;
+      blank = false;
+    }
+    indent = first_nonspace - offset;
+
+    if (indent >= CODE_INDENT) {
+      // indented code
+      if (this.tip.t != 'Paragraph' && !blank) {
+        offset += CODE_INDENT;
+        closeUnmatchedBlocks(this);
+        container = this.addChild('IndentedCode', line_number, offset);
+      } else { // indent > 4 in a lazy paragraph continuation
+        break;
+      }
+
+    } else if (ln.charAt(first_nonspace) === '>') {
+      // blockquote
+      offset = first_nonspace + 1;
+      // optional following space
+      if (ln.charAt(offset) === ' ') {
+        offset++;
+      }
+      closeUnmatchedBlocks(this);
+      container = this.addChild('BlockQuote', line_number, offset);
+
+    } else if ((match = ln.slice(first_nonspace).match(/^#{1,6}(?: +|$)/))) {
+      // ATX header
+      offset = first_nonspace + match[0].length;
+      closeUnmatchedBlocks(this);
+      container = this.addChild('ATXHeader', line_number, first_nonspace);
+      container.level = match[0].trim().length; // number of #s
+      // remove trailing ###s:
+      container.strings =
+            [ln.slice(offset).replace(/(?:(\\#) *#*| *#+) *$/,'$1')];
+      break;
+
+    } else if ((match = ln.slice(first_nonspace).match(/^`{3,}(?!.*`)|^~{3,}(?!.*~)/))) {
+      // fenced code block
+      var fence_length = match[0].length;
+      closeUnmatchedBlocks(this);
+      container = this.addChild('FencedCode', line_number, first_nonspace);
+      container.fence_length = fence_length;
+      container.fence_char = match[0].charAt(0);
+      container.fence_offset = first_nonspace - offset;
+      offset = first_nonspace + fence_length;
+      break;
+
+    } else if (matchAt(reHtmlBlockOpen, ln, first_nonspace) !== null) {
+      // html block
+      closeUnmatchedBlocks(this);
+      container = this.addChild('HtmlBlock', line_number, first_nonspace);
+      // note, we don't adjust offset because the tag is part of the text
+      break;
+
+    } else if (container.t == 'Paragraph' &&
+               container.strings.length === 1 &&
+               ((match = ln.slice(first_nonspace).match(/^(?:=+|-+) *$/)))) {
+      // setext header line
+      closeUnmatchedBlocks(this);
+      container.t = 'SetextHeader'; // convert Paragraph to SetextHeader
+      container.level = match[0].charAt(0) === '=' ? 1 : 2;
+      offset = ln.length;
+
+    } else if (matchAt(reHrule, ln, first_nonspace) !== null) {
+      // hrule
+      closeUnmatchedBlocks(this);
+      container = this.addChild('HorizontalRule', line_number, first_nonspace);
+      offset = ln.length - 1;
+      break;
+
+    } else if ((data = parseListMarker(ln, first_nonspace))) {
+      // list item
+      closeUnmatchedBlocks(this);
+      data.marker_offset = indent;
+      offset = first_nonspace + data.padding;
+
+      // add the list if needed
+      if (container.t !== 'List' ||
+          !(listsMatch(container.list_data, data))) {
+           container = this.addChild('List', line_number, first_nonspace);
+           container.list_data = data;
+      }
+
+      // add the list item
+      container = this.addChild('ListItem', line_number, first_nonspace);
+      container.list_data = data;
+
+    } else {
+      break;
+
+    }
+
+    if (acceptsLines(container.t)) {
+      // if it's a line container, it can't contain other containers
+      break;
+    }
+  }
+
+  // What remains at the offset is a text line.  Add the text to the
+  // appropriate container.
+
+  match = matchAt(/[^ ]/, ln, offset);
+  if (match === null) {
+    first_nonspace = ln.length;
+    blank = true;
+  } else {
+    first_nonspace = match;
+    blank = false;
+  }
+  indent = first_nonspace - offset;
+
+  // First check for a lazy paragraph continuation:
+  if (this.tip !== last_matched_container &&
+      !blank &&
+      this.tip.t == 'Paragraph' &&
+      this.tip.strings.length > 0) {
+     // lazy paragraph continuation
+
+    this.last_line_blank = false;
+    this.addLine(ln, offset);
+
+  } else { // not a lazy continuation
+
+    // finalize any blocks not matched
+    closeUnmatchedBlocks(this);
+
+    // Block quote lines are never blank as they start with >
+    // and we don't count blanks in fenced code for purposes of tight/loose
+    // lists or breaking out of lists.  We also don't set last_line_blank
+    // on an empty list item.
+    container.last_line_blank = blank &&
+      !(container.t == 'BlockQuote' ||
+        container.t == 'FencedCode' ||
+        (container.t == 'ListItem' &&
+         container.children.length === 0 &&
+         container.start_line == line_number));
+
+    var cont = container;
+    while (cont.parent) {
+      cont.parent.last_line_blank = false;
+      cont = cont.parent;
+    }
+
+    switch (container.t) {
+    case 'IndentedCode':
+    case 'HtmlBlock':
+      this.addLine(ln, offset);
+      break;
+
+    case 'FencedCode':
+      // check for closing code fence:
+      match = (indent <= 3 &&
+               ln.charAt(first_nonspace) == container.fence_char &&
+               ln.slice(first_nonspace).match(/^(?:`{3,}|~{3,})(?= *$)/));
+      if (match && match[0].length >= container.fence_length) {
+        // don't add closing fence to container; instead, close it:
+        this.finalize(container, line_number);
+      } else {
+        this.addLine(ln, offset);
+      }
+      break;
+
+    case 'ATXHeader':
+    case 'SetextHeader':
+    case 'HorizontalRule':
+      // nothing to do; we already added the contents.
+      break;
+
+    default:
+      if (acceptsLines(container.t)) {
+        this.addLine(ln, first_nonspace);
+      } else if (blank) {
+        // do nothing
+      } else if (container.t != 'HorizontalRule' &&
+                 container.t != 'SetextHeader') {
+        // create paragraph container for line
+        container = this.addChild('Paragraph', line_number, first_nonspace);
+        this.addLine(ln, first_nonspace);
+      } else {
+        console.log("Line " + line_number.toString() +
+                     " with container type " + container.t +
+                     " did not match any condition.");
+
+      }
+    }
+  }
+};
+
+// Finalize a block.  Close it and do any necessary postprocessing,
+// e.g. creating string_content from strings, setting the 'tight'
+// or 'loose' status of a list, and parsing the beginnings
+// of paragraphs for reference definitions.  Reset the tip to the
+// parent of the closed block.
+var finalize = function(block, line_number) {
+  var pos;
+  // don't do anything if the block is already closed
+  if (!block.open) {
+    return 0;
+  }
+  block.open = false;
+  if (line_number > block.start_line) {
+    block.end_line = line_number - 1;
+  } else {
+    block.end_line = line_number;
+  }
+
+  switch (block.t) {
+  case 'Paragraph':
+    block.string_content = block.strings.join('\n').replace(/^  */m,'');
+
+    // try parsing the beginning as link reference definitions:
+    while (block.string_content.charAt(0) === '[' &&
+           (pos = this.inlineParser.parseReference(block.string_content,
+                                                   this.refmap))) {
+      block.string_content = block.string_content.slice(pos);
+      if (isBlank(block.string_content)) {
+        block.t = 'ReferenceDef';
+        break;
+      }
+    }
+    break;
+
+  case 'ATXHeader':
+  case 'SetextHeader':
+  case 'HtmlBlock':
+    block.string_content = block.strings.join('\n');
+    break;
+
+  case 'IndentedCode':
+    block.string_content = block.strings.join('\n').replace(/(\n *)*$/,'\n');
+    break;
+
+  case 'FencedCode':
+    // first line becomes info string
+    block.info = unescape(block.strings[0].trim());
+    if (block.strings.length == 1) {
+      block.string_content = '';
+    } else {
+      block.string_content = block.strings.slice(1).join('\n') + '\n';
+    }
+    break;
+
+  case 'List':
+    block.tight = true; // tight by default
+
+    var numitems = block.children.length;
+    var i = 0;
+    while (i < numitems) {
+      var item = block.children[i];
+      // check for non-final list item ending with blank line:
+      var last_item = i == numitems - 1;
+      if (endsWithBlankLine(item) && !last_item) {
+        block.tight = false;
+        break;
+      }
+      // recurse into children of list item, to see if there are
+      // spaces between any of them:
+      var numsubitems = item.children.length;
+      var j = 0;
+      while (j < numsubitems) {
+        var subitem = item.children[j];
+        var last_subitem = j == numsubitems - 1;
+        if (endsWithBlankLine(subitem) && !(last_item && last_subitem)) {
+          block.tight = false;
+          break;
+        }
+        j++;
+      }
+      i++;
+    }
+    break;
+
+  default:
+    break;
+  }
+
+  this.tip = block.parent || this.top;
+};
+
+// Walk through a block & children recursively, parsing string content
+// into inline content where appropriate.
+var processInlines = function(block) {
+  switch(block.t) {
+    case 'Paragraph':
+    case 'SetextHeader':
+    case 'ATXHeader':
+      block.inline_content =
+        this.inlineParser.parse(block.string_content.trim(), this.refmap);
+      block.string_content = "";
+      break;
+    default:
+      break;
+  }
+
+  if (block.children) {
+    for (var i = 0; i < block.children.length; i++) {
+      this.processInlines(block.children[i]);
+    }
+  }
+
+};
+
+// The main parsing function.  Returns a parsed document AST.
+var parse = function(input) {
+  this.doc = makeBlock('Document', 1, 1);
+  this.tip = this.doc;
+  this.refmap = {};
+  var lines = input.replace(/\n$/,'').split(/\r\n|\n|\r/);
+  var len = lines.length;
+  for (var i = 0; i < len; i++) {
+    this.incorporateLine(lines[i], i+1);
+  }
+  while (this.tip) {
+    this.finalize(this.tip, len - 1);
+  }
+  this.processInlines(this.doc);
+  return this.doc;
+};
+
+
+// The DocParser object.
+function DocParser(){
+  return {
+    doc: makeBlock('Document', 1, 1),
+    tip: this.doc,
+    refmap: {},
+    inlineParser: new InlineParser(),
+    breakOutOfLists: breakOutOfLists,
+    addLine: addLine,
+    addChild: addChild,
+    incorporateLine: incorporateLine,
+    finalize: finalize,
+    processInlines: processInlines,
+    parse: parse
+  };
+}
+
+// HTML RENDERER
+
+// Helper function to produce content in a pair of HTML tags.
+var inTags = function(tag, attribs, contents, selfclosing) {
+  var result = '<' + tag;
+  if (attribs) {
+    var i = 0;
+    var attrib;
+    while ((attrib = attribs[i]) !== undefined) {
+      result = result.concat(' ', attrib[0], '="', attrib[1], '"');
+      i++;
+    }
+  }
+  if (contents) {
+    result = result.concat('>', contents, '</', tag, '>');
+  } else if (selfclosing) {
+    result = result + ' />';
+  } else {
+    result = result.concat('></', tag, '>');
+  }
+  return result;
+};
+
+// Render an inline element as HTML.
+var renderInline = function(inline) {
+  var attrs;
+  switch (inline.t) {
+    case 'Str':
+      return this.escape(inline.c);
+    case 'Softbreak':
+      return this.softbreak;
+    case 'Hardbreak':
+      return inTags('br',[],"",true) + '\n';
+    case 'Emph':
+      return inTags('em', [], this.renderInlines(inline.c));
+    case 'Strong':
+      return inTags('strong', [], this.renderInlines(inline.c));
+    case 'Html':
+      return inline.c;
+    case 'Entity':
+      return inline.c;
+    case 'Link':
+      attrs = [['href', this.escape(inline.destination, true)]];
+      if (inline.title) {
+        attrs.push(['title', this.escape(inline.title, true)]);
+      }
+      return inTags('a', attrs, this.renderInlines(inline.label));
+    case 'Image':
+      attrs = [['src', this.escape(inline.destination, true)],
+                   ['alt', this.escape(this.renderInlines(inline.label))]];
+      if (inline.title) {
+        attrs.push(['title', this.escape(inline.title, true)]);
+      }
+      return inTags('img', attrs, "", true);
+    case 'Code':
+      return inTags('code', [], this.escape(inline.c));
+    default:
+      console.log("Uknown inline type " + inline.t);
+      return "";
+  }
+};
+
+// Render a list of inlines.
+var renderInlines = function(inlines) {
+  var result = '';
+  for (var i=0; i < inlines.length; i++) {
+    result = result + this.renderInline(inlines[i]);
+  }
+  return result;
+};
+
+// Render a single block element.
+var renderBlock = function(block, in_tight_list) {
+  var tag;
+  var attr;
+  var info_words;
+  switch (block.t) {
+    case 'Document':
+      var whole_doc = this.renderBlocks(block.children);
+      return (whole_doc === '' ? '' : whole_doc + '\n');
+    case 'Paragraph':
+      if (in_tight_list) {
+        return this.renderInlines(block.inline_content);
+      } else {
+        return inTags('p', [], this.renderInlines(block.inline_content));
+      }
+      break;
+    case 'BlockQuote':
+      var filling = this.renderBlocks(block.children);
+      return inTags('blockquote', [], filling === '' ? this.innersep :
+          this.innersep + this.renderBlocks(block.children) + this.innersep);
+    case 'ListItem':
+      return inTags('li', [], this.renderBlocks(block.children, in_tight_list).trim());
+    case 'List':
+      tag = block.list_data.type == 'Bullet' ? 'ul' : 'ol';
+      attr = (!block.list_data.start || block.list_data.start == 1) ?
+              [] : [['start', block.list_data.start.toString()]];
+      return inTags(tag, attr, this.innersep +
+                    this.renderBlocks(block.children, block.tight) +
+                    this.innersep);
+    case 'ATXHeader':
+    case 'SetextHeader':
+      tag = 'h' + block.level;
+      return inTags(tag, [], this.renderInlines(block.inline_content));
+    case 'IndentedCode':
+      return inTags('pre', [],
+              inTags('code', [], this.escape(block.string_content)));
+    case 'FencedCode':
+      info_words = block.info.split(/ +/);
+      attr = info_words.length === 0 || info_words[0].length === 0 ?
+                   [] : [['class','language-' +
+                                   this.escape(info_words[0],true)]];
+      return inTags('pre', [],
+              inTags('code', attr, this.escape(block.string_content)));
+    case 'HtmlBlock':
+      return block.string_content;
+    case 'ReferenceDef':
+      return "";
+    case 'HorizontalRule':
+      return inTags('hr',[],"",true);
+    default:
+      console.log("Uknown block type " + block.t);
+      return "";
+  }
+};
+
+// Render a list of block elements, separated by this.blocksep.
+var renderBlocks = function(blocks, in_tight_list) {
+  var result = [];
+  for (var i=0; i < blocks.length; i++) {
+    if (blocks[i].t !== 'ReferenceDef') {
+      result.push(this.renderBlock(blocks[i], in_tight_list));
+    }
+  }
+  return result.join(this.blocksep);
+};
+
+// The HtmlRenderer object.
+function HtmlRenderer(){
+  return {
+    // default options:
+    blocksep: '\n',  // space between blocks
+    innersep: '\n',  // space between block container tag and contents
+    softbreak: '\n', // by default, soft breaks are rendered as newlines in HTML
+                     // set to "<br />" to make them hard breaks
+                     // set to " " if you want to ignore line wrapping in source
+    escape: function(s, preserve_entities) {
+      if (preserve_entities) {
+      return s.replace(/[&](?![#](x[a-f0-9]{1,8}|[0-9]{1,8});|[a-z][a-z0-9]{1,31};)/gi,'&amp;')
+              .replace(/[<]/g,'&lt;')
+              .replace(/[>]/g,'&gt;')
+              .replace(/["]/g,'&quot;');
+      } else {
+      return s.replace(/[&]/g,'&amp;')
+              .replace(/[<]/g,'&lt;')
+              .replace(/[>]/g,'&gt;')
+              .replace(/["]/g,'&quot;');
+      }
+    },
+    renderInline: renderInline,
+    renderInlines: renderInlines,
+    renderBlock: renderBlock,
+    renderBlocks: renderBlocks,
+    render: renderBlock
+  };
+}
+
+exports.DocParser = DocParser;
+exports.HtmlRenderer = HtmlRenderer;
+
+})(typeof exports === 'undefined' ? this.stmd = {} : exports);
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/timepicker.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/timepicker.js
new file mode 100644
index 0000000..644703f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/timepicker.js
@@ -0,0 +1,2134 @@
+/*! jQuery Timepicker Addon - v1.4 - 2013-08-11
+* http://trentrichardson.com/examples/timepicker
+* Copyright (c) 2013 Trent Richardson; Licensed MIT */
+(function ($) {
+
+	/*
+	* Lets not redefine timepicker, Prevent "Uncaught RangeError: Maximum call stack size exceeded"
+	*/
+	$.ui.timepicker = $.ui.timepicker || {};
+	if ($.ui.timepicker.version) {
+		return;
+	}
+
+	/*
+	* Extend jQueryUI, get it started with our version number
+	*/
+	$.extend($.ui, {
+		timepicker: {
+			version: "1.4"
+		}
+	});
+
+	/* 
+	* Timepicker manager.
+	* Use the singleton instance of this class, $.timepicker, to interact with the time picker.
+	* Settings for (groups of) time pickers are maintained in an instance object,
+	* allowing multiple different settings on the same page.
+	*/
+	var Timepicker = function () {
+		this.regional = []; // Available regional settings, indexed by language code
+		this.regional[''] = { // Default regional settings
+			currentText: 'Now',
+			closeText: 'Done',
+			amNames: ['AM', 'A'],
+			pmNames: ['PM', 'P'],
+			timeFormat: 'HH:mm',
+			timeSuffix: '',
+			timeOnlyTitle: 'Choose Time',
+			timeText: 'Time',
+			hourText: 'Hour',
+			minuteText: 'Minute',
+			secondText: 'Second',
+			millisecText: 'Millisecond',
+			microsecText: 'Microsecond',
+			timezoneText: 'Time Zone',
+			isRTL: false
+		};
+		this._defaults = { // Global defaults for all the datetime picker instances
+			showButtonPanel: true,
+			timeOnly: false,
+			showHour: null,
+			showMinute: null,
+			showSecond: null,
+			showMillisec: null,
+			showMicrosec: null,
+			showTimezone: null,
+			showTime: true,
+			stepHour: 1,
+			stepMinute: 1,
+			stepSecond: 1,
+			stepMillisec: 1,
+			stepMicrosec: 1,
+			hour: 0,
+			minute: 0,
+			second: 0,
+			millisec: 0,
+			microsec: 0,
+			timezone: null,
+			hourMin: 0,
+			minuteMin: 0,
+			secondMin: 0,
+			millisecMin: 0,
+			microsecMin: 0,
+			hourMax: 23,
+			minuteMax: 59,
+			secondMax: 59,
+			millisecMax: 999,
+			microsecMax: 999,
+			minDateTime: null,
+			maxDateTime: null,
+			onSelect: null,
+			hourGrid: 0,
+			minuteGrid: 0,
+			secondGrid: 0,
+			millisecGrid: 0,
+			microsecGrid: 0,
+			alwaysSetTime: true,
+			separator: ' ',
+			altFieldTimeOnly: true,
+			altTimeFormat: null,
+			altSeparator: null,
+			altTimeSuffix: null,
+			pickerTimeFormat: null,
+			pickerTimeSuffix: null,
+			showTimepicker: true,
+			timezoneList: null,
+			addSliderAccess: false,
+			sliderAccessArgs: null,
+			controlType: 'slider',
+			defaultValue: null,
+			parse: 'strict'
+		};
+		$.extend(this._defaults, this.regional['']);
+	};
+
+	$.extend(Timepicker.prototype, {
+		$input: null,
+		$altInput: null,
+		$timeObj: null,
+		inst: null,
+		hour_slider: null,
+		minute_slider: null,
+		second_slider: null,
+		millisec_slider: null,
+		microsec_slider: null,
+		timezone_select: null,
+		hour: 0,
+		minute: 0,
+		second: 0,
+		millisec: 0,
+		microsec: 0,
+		timezone: null,
+		hourMinOriginal: null,
+		minuteMinOriginal: null,
+		secondMinOriginal: null,
+		millisecMinOriginal: null,
+		microsecMinOriginal: null,
+		hourMaxOriginal: null,
+		minuteMaxOriginal: null,
+		secondMaxOriginal: null,
+		millisecMaxOriginal: null,
+		microsecMaxOriginal: null,
+		ampm: '',
+		formattedDate: '',
+		formattedTime: '',
+		formattedDateTime: '',
+		timezoneList: null,
+		units: ['hour', 'minute', 'second', 'millisec', 'microsec'],
+		support: {},
+		control: null,
+
+		/* 
+		* Override the default settings for all instances of the time picker.
+		* @param  {Object} settings  object - the new settings to use as defaults (anonymous object)
+		* @return {Object} the manager object
+		*/
+		setDefaults: function (settings) {
+			extendRemove(this._defaults, settings || {});
+			return this;
+		},
+
+		/*
+		* Create a new Timepicker instance
+		*/
+		_newInst: function ($input, opts) {
+			var tp_inst = new Timepicker(),
+				inlineSettings = {},
+				fns = {},
+				overrides, i;
+
+			for (var attrName in this._defaults) {
+				if (this._defaults.hasOwnProperty(attrName)) {
+					var attrValue = $input.attr('time:' + attrName);
+					if (attrValue) {
+						try {
+							inlineSettings[attrName] = eval(attrValue);
+						} catch (err) {
+							inlineSettings[attrName] = attrValue;
+						}
+					}
+				}
+			}
+
+			overrides = {
+				beforeShow: function (input, dp_inst) {
+					if ($.isFunction(tp_inst._defaults.evnts.beforeShow)) {
+						return tp_inst._defaults.evnts.beforeShow.call($input[0], input, dp_inst, tp_inst);
+					}
+				},
+				onChangeMonthYear: function (year, month, dp_inst) {
+					// Update the time as well : this prevents the time from disappearing from the $input field.
+					tp_inst._updateDateTime(dp_inst);
+					if ($.isFunction(tp_inst._defaults.evnts.onChangeMonthYear)) {
+						tp_inst._defaults.evnts.onChangeMonthYear.call($input[0], year, month, dp_inst, tp_inst);
+					}
+				},
+				onClose: function (dateText, dp_inst) {
+					if (tp_inst.timeDefined === true && $input.val() !== '') {
+						tp_inst._updateDateTime(dp_inst);
+					}
+					if ($.isFunction(tp_inst._defaults.evnts.onClose)) {
+						tp_inst._defaults.evnts.onClose.call($input[0], dateText, dp_inst, tp_inst);
+					}
+				}
+			};
+			for (i in overrides) {
+				if (overrides.hasOwnProperty(i)) {
+					fns[i] = opts[i] || null;
+				}
+			}
+
+			tp_inst._defaults = $.extend({}, this._defaults, inlineSettings, opts, overrides, {
+				evnts: fns,
+				timepicker: tp_inst // add timepicker as a property of datepicker: $.datepicker._get(dp_inst, 'timepicker');
+			});
+			tp_inst.amNames = $.map(tp_inst._defaults.amNames, function (val) {
+				return val.toUpperCase();
+			});
+			tp_inst.pmNames = $.map(tp_inst._defaults.pmNames, function (val) {
+				return val.toUpperCase();
+			});
+
+			// detect which units are supported
+			tp_inst.support = detectSupport(
+					tp_inst._defaults.timeFormat + 
+					(tp_inst._defaults.pickerTimeFormat ? tp_inst._defaults.pickerTimeFormat : '') +
+					(tp_inst._defaults.altTimeFormat ? tp_inst._defaults.altTimeFormat : ''));
+
+			// controlType is string - key to our this._controls
+			if (typeof(tp_inst._defaults.controlType) === 'string') {
+				if (tp_inst._defaults.controlType === 'slider' && typeof($.ui.slider) === 'undefined') {
+					tp_inst._defaults.controlType = 'select';
+				}
+				tp_inst.control = tp_inst._controls[tp_inst._defaults.controlType];
+			}
+			// controlType is an object and must implement create, options, value methods
+			else {
+				tp_inst.control = tp_inst._defaults.controlType;
+			}
+
+			// prep the timezone options
+			var timezoneList = [-720, -660, -600, -570, -540, -480, -420, -360, -300, -270, -240, -210, -180, -120, -60,
+					0, 60, 120, 180, 210, 240, 270, 300, 330, 345, 360, 390, 420, 480, 525, 540, 570, 600, 630, 660, 690, 720, 765, 780, 840];
+			if (tp_inst._defaults.timezoneList !== null) {
+				timezoneList = tp_inst._defaults.timezoneList;
+			}
+			var tzl = timezoneList.length, tzi = 0, tzv = null;
+			if (tzl > 0 && typeof timezoneList[0] !== 'object') {
+				for (; tzi < tzl; tzi++) {
+					tzv = timezoneList[tzi];
+					timezoneList[tzi] = { value: tzv, label: $.timepicker.timezoneOffsetString(tzv, tp_inst.support.iso8601) };
+				}
+			}
+			tp_inst._defaults.timezoneList = timezoneList;
+
+			// set the default units
+			tp_inst.timezone = tp_inst._defaults.timezone !== null ? $.timepicker.timezoneOffsetNumber(tp_inst._defaults.timezone) :
+							((new Date()).getTimezoneOffset() * -1);
+			tp_inst.hour = tp_inst._defaults.hour < tp_inst._defaults.hourMin ? tp_inst._defaults.hourMin :
+							tp_inst._defaults.hour > tp_inst._defaults.hourMax ? tp_inst._defaults.hourMax : tp_inst._defaults.hour;
+			tp_inst.minute = tp_inst._defaults.minute < tp_inst._defaults.minuteMin ? tp_inst._defaults.minuteMin :
+							tp_inst._defaults.minute > tp_inst._defaults.minuteMax ? tp_inst._defaults.minuteMax : tp_inst._defaults.minute;
+			tp_inst.second = tp_inst._defaults.second < tp_inst._defaults.secondMin ? tp_inst._defaults.secondMin :
+							tp_inst._defaults.second > tp_inst._defaults.secondMax ? tp_inst._defaults.secondMax : tp_inst._defaults.second;
+			tp_inst.millisec = tp_inst._defaults.millisec < tp_inst._defaults.millisecMin ? tp_inst._defaults.millisecMin :
+							tp_inst._defaults.millisec > tp_inst._defaults.millisecMax ? tp_inst._defaults.millisecMax : tp_inst._defaults.millisec;
+			tp_inst.microsec = tp_inst._defaults.microsec < tp_inst._defaults.microsecMin ? tp_inst._defaults.microsecMin :
+							tp_inst._defaults.microsec > tp_inst._defaults.microsecMax ? tp_inst._defaults.microsecMax : tp_inst._defaults.microsec;
+			tp_inst.ampm = '';
+			tp_inst.$input = $input;
+
+			if (tp_inst._defaults.altField) {
+				tp_inst.$altInput = $(tp_inst._defaults.altField).css({
+					cursor: 'pointer'
+				}).focus(function () {
+					$input.trigger("focus");
+				});
+			}
+
+			if (tp_inst._defaults.minDate === 0 || tp_inst._defaults.minDateTime === 0) {
+				tp_inst._defaults.minDate = new Date();
+			}
+			if (tp_inst._defaults.maxDate === 0 || tp_inst._defaults.maxDateTime === 0) {
+				tp_inst._defaults.maxDate = new Date();
+			}
+
+			// datepicker needs minDate/maxDate, timepicker needs minDateTime/maxDateTime..
+			if (tp_inst._defaults.minDate !== undefined && tp_inst._defaults.minDate instanceof Date) {
+				tp_inst._defaults.minDateTime = new Date(tp_inst._defaults.minDate.getTime());
+			}
+			if (tp_inst._defaults.minDateTime !== undefined && tp_inst._defaults.minDateTime instanceof Date) {
+				tp_inst._defaults.minDate = new Date(tp_inst._defaults.minDateTime.getTime());
+			}
+			if (tp_inst._defaults.maxDate !== undefined && tp_inst._defaults.maxDate instanceof Date) {
+				tp_inst._defaults.maxDateTime = new Date(tp_inst._defaults.maxDate.getTime());
+			}
+			if (tp_inst._defaults.maxDateTime !== undefined && tp_inst._defaults.maxDateTime instanceof Date) {
+				tp_inst._defaults.maxDate = new Date(tp_inst._defaults.maxDateTime.getTime());
+			}
+			tp_inst.$input.bind('focus', function () {
+				tp_inst._onFocus();
+			});
+
+			return tp_inst;
+		},
+
+		/*
+		* add our sliders to the calendar
+		*/
+		_addTimePicker: function (dp_inst) {
+			var currDT = (this.$altInput && this._defaults.altFieldTimeOnly) ? this.$input.val() + ' ' + this.$altInput.val() : this.$input.val();
+
+			this.timeDefined = this._parseTime(currDT);
+			this._limitMinMaxDateTime(dp_inst, false);
+			this._injectTimePicker();
+		},
+
+		/*
+		* parse the time string from input value or _setTime
+		*/
+		_parseTime: function (timeString, withDate) {
+			if (!this.inst) {
+				this.inst = $.datepicker._getInst(this.$input[0]);
+			}
+
+			if (withDate || !this._defaults.timeOnly) {
+				var dp_dateFormat = $.datepicker._get(this.inst, 'dateFormat');
+				try {
+					var parseRes = parseDateTimeInternal(dp_dateFormat, this._defaults.timeFormat, timeString, $.datepicker._getFormatConfig(this.inst), this._defaults);
+					if (!parseRes.timeObj) {
+						return false;
+					}
+					$.extend(this, parseRes.timeObj);
+				} catch (err) {
+					$.timepicker.log("Error parsing the date/time string: " + err +
+									"\ndate/time string = " + timeString +
+									"\ntimeFormat = " + this._defaults.timeFormat +
+									"\ndateFormat = " + dp_dateFormat);
+					return false;
+				}
+				return true;
+			} else {
+				var timeObj = $.datepicker.parseTime(this._defaults.timeFormat, timeString, this._defaults);
+				if (!timeObj) {
+					return false;
+				}
+				$.extend(this, timeObj);
+				return true;
+			}
+		},
+
+		/*
+		* generate and inject html for timepicker into ui datepicker
+		*/
+		_injectTimePicker: function () {
+			var $dp = this.inst.dpDiv,
+				o = this.inst.settings,
+				tp_inst = this,
+				litem = '',
+				uitem = '',
+				show = null,
+				max = {},
+				gridSize = {},
+				size = null,
+				i = 0,
+				l = 0;
+
+			// Prevent displaying twice
+			if ($dp.find("div.ui-timepicker-div").length === 0 && o.showTimepicker) {
+				var noDisplay = ' style="display:none;"',
+					html = '<div class="ui-timepicker-div' + (o.isRTL ? ' ui-timepicker-rtl' : '') + '"><dl>' + '<dt class="ui_tpicker_time_label"' + ((o.showTime) ? '' : noDisplay) + '>' + o.timeText + '</dt>' +
+								'<dd class="ui_tpicker_time"' + ((o.showTime) ? '' : noDisplay) + '></dd>';
+
+				// Create the markup
+				for (i = 0, l = this.units.length; i < l; i++) {
+					litem = this.units[i];
+					uitem = litem.substr(0, 1).toUpperCase() + litem.substr(1);
+					show = o['show' + uitem] !== null ? o['show' + uitem] : this.support[litem];
+
+					// Added by Peter Medeiros:
+					// - Figure out what the hour/minute/second max should be based on the step values.
+					// - Example: if stepMinute is 15, then minMax is 45.
+					max[litem] = parseInt((o[litem + 'Max'] - ((o[litem + 'Max'] - o[litem + 'Min']) % o['step' + uitem])), 10);
+					gridSize[litem] = 0;
+
+					html += '<dt class="ui_tpicker_' + litem + '_label"' + (show ? '' : noDisplay) + '>' + o[litem + 'Text'] + '</dt>' +
+								'<dd class="ui_tpicker_' + litem + '"><div class="ui_tpicker_' + litem + '_slider"' + (show ? '' : noDisplay) + '></div>';
+
+					if (show && o[litem + 'Grid'] > 0) {
+						html += '<div style="padding-left: 1px"><table class="ui-tpicker-grid-label"><tr>';
+
+						if (litem === 'hour') {
+							for (var h = o[litem + 'Min']; h <= max[litem]; h += parseInt(o[litem + 'Grid'], 10)) {
+								gridSize[litem]++;
+								var tmph = $.datepicker.formatTime(this.support.ampm ? 'hht' : 'HH', {hour: h}, o);
+								html += '<td data-for="' + litem + '">' + tmph + '</td>';
+							}
+						}
+						else {
+							for (var m = o[litem + 'Min']; m <= max[litem]; m += parseInt(o[litem + 'Grid'], 10)) {
+								gridSize[litem]++;
+								html += '<td data-for="' + litem + '">' + ((m < 10) ? '0' : '') + m + '</td>';
+							}
+						}
+
+						html += '</tr></table></div>';
+					}
+					html += '</dd>';
+				}
+				
+				// Timezone
+				var showTz = o.showTimezone !== null ? o.showTimezone : this.support.timezone;
+				html += '<dt class="ui_tpicker_timezone_label"' + (showTz ? '' : noDisplay) + '>' + o.timezoneText + '</dt>';
+				html += '<dd class="ui_tpicker_timezone" ' + (showTz ? '' : noDisplay) + '></dd>';
+
+				// Create the elements from string
+				html += '</dl></div>';
+				var $tp = $(html);
+
+				// if we only want time picker...
+				if (o.timeOnly === true) {
+					$tp.prepend('<div class="ui-widget-header ui-helper-clearfix ui-corner-all">' + '<div class="ui-datepicker-title">' + o.timeOnlyTitle + '</div>' + '</div>');
+					$dp.find('.ui-datepicker-header, .ui-datepicker-calendar').hide();
+				}
+				
+				// add sliders, adjust grids, add events
+				for (i = 0, l = tp_inst.units.length; i < l; i++) {
+					litem = tp_inst.units[i];
+					uitem = litem.substr(0, 1).toUpperCase() + litem.substr(1);
+					show = o['show' + uitem] !== null ? o['show' + uitem] : this.support[litem];
+
+					// add the slider
+					tp_inst[litem + '_slider'] = tp_inst.control.create(tp_inst, $tp.find('.ui_tpicker_' + litem + '_slider'), litem, tp_inst[litem], o[litem + 'Min'], max[litem], o['step' + uitem]);
+
+					// adjust the grid and add click event
+					if (show && o[litem + 'Grid'] > 0) {
+						size = 100 * gridSize[litem] * o[litem + 'Grid'] / (max[litem] - o[litem + 'Min']);
+						$tp.find('.ui_tpicker_' + litem + ' table').css({
+							width: size + "%",
+							marginLeft: o.isRTL ? '0' : ((size / (-2 * gridSize[litem])) + "%"),
+							marginRight: o.isRTL ? ((size / (-2 * gridSize[litem])) + "%") : '0',
+							borderCollapse: 'collapse'
+						}).find("td").click(function (e) {
+								var $t = $(this),
+									h = $t.html(),
+									n = parseInt(h.replace(/[^0-9]/g), 10),
+									ap = h.replace(/[^apm]/ig),
+									f = $t.data('for'); // loses scope, so we use data-for
+
+								if (f === 'hour') {
+									if (ap.indexOf('p') !== -1 && n < 12) {
+										n += 12;
+									}
+									else {
+										if (ap.indexOf('a') !== -1 && n === 12) {
+											n = 0;
+										}
+									}
+								}
+								
+								tp_inst.control.value(tp_inst, tp_inst[f + '_slider'], litem, n);
+
+								tp_inst._onTimeChange();
+								tp_inst._onSelectHandler();
+							}).css({
+								cursor: 'pointer',
+								width: (100 / gridSize[litem]) + '%',
+								textAlign: 'center',
+								overflow: 'hidden'
+							});
+					} // end if grid > 0
+				} // end for loop
+
+				// Add timezone options
+				this.timezone_select = $tp.find('.ui_tpicker_timezone').append('<select></select>').find("select");
+				$.fn.append.apply(this.timezone_select,
+				$.map(o.timezoneList, function (val, idx) {
+					return $("<option />").val(typeof val === "object" ? val.value : val).text(typeof val === "object" ? val.label : val);
+				}));
+				if (typeof(this.timezone) !== "undefined" && this.timezone !== null && this.timezone !== "") {
+					var local_timezone = (new Date(this.inst.selectedYear, this.inst.selectedMonth, this.inst.selectedDay, 12)).getTimezoneOffset() * -1;
+					if (local_timezone === this.timezone) {
+						selectLocalTimezone(tp_inst);
+					} else {
+						this.timezone_select.val(this.timezone);
+					}
+				} else {
+					if (typeof(this.hour) !== "undefined" && this.hour !== null && this.hour !== "") {
+						this.timezone_select.val(o.timezone);
+					} else {
+						selectLocalTimezone(tp_inst);
+					}
+				}
+				this.timezone_select.change(function () {
+					tp_inst._onTimeChange();
+					tp_inst._onSelectHandler();
+				});
+				// End timezone options
+				
+				// inject timepicker into datepicker
+				var $buttonPanel = $dp.find('.ui-datepicker-buttonpane');
+				if ($buttonPanel.length) {
+					$buttonPanel.before($tp);
+				} else {
+					$dp.append($tp);
+				}
+
+				this.$timeObj = $tp.find('.ui_tpicker_time');
+
+				if (this.inst !== null) {
+					var timeDefined = this.timeDefined;
+					this._onTimeChange();
+					this.timeDefined = timeDefined;
+				}
+
+				// slideAccess integration: http://trentrichardson.com/2011/11/11/jquery-ui-sliders-and-touch-accessibility/
+				if (this._defaults.addSliderAccess) {
+					var sliderAccessArgs = this._defaults.sliderAccessArgs,
+						rtl = this._defaults.isRTL;
+					sliderAccessArgs.isRTL = rtl;
+						
+					setTimeout(function () { // fix for inline mode
+						if ($tp.find('.ui-slider-access').length === 0) {
+							$tp.find('.ui-slider:visible').sliderAccess(sliderAccessArgs);
+
+							// fix any grids since sliders are shorter
+							var sliderAccessWidth = $tp.find('.ui-slider-access:eq(0)').outerWidth(true);
+							if (sliderAccessWidth) {
+								$tp.find('table:visible').each(function () {
+									var $g = $(this),
+										oldWidth = $g.outerWidth(),
+										oldMarginLeft = $g.css(rtl ? 'marginRight' : 'marginLeft').toString().replace('%', ''),
+										newWidth = oldWidth - sliderAccessWidth,
+										newMarginLeft = ((oldMarginLeft * newWidth) / oldWidth) + '%',
+										css = { width: newWidth, marginRight: 0, marginLeft: 0 };
+									css[rtl ? 'marginRight' : 'marginLeft'] = newMarginLeft;
+									$g.css(css);
+								});
+							}
+						}
+					}, 10);
+				}
+				// end slideAccess integration
+
+				tp_inst._limitMinMaxDateTime(this.inst, true);
+			}
+		},
+
+		/*
+		* This function tries to limit the ability to go outside the
+		* min/max date range
+		*/
+		_limitMinMaxDateTime: function (dp_inst, adjustSliders) {
+			var o = this._defaults,
+				dp_date = new Date(dp_inst.selectedYear, dp_inst.selectedMonth, dp_inst.selectedDay);
+
+			if (!this._defaults.showTimepicker) {
+				return;
+			} // No time so nothing to check here
+
+			if ($.datepicker._get(dp_inst, 'minDateTime') !== null && $.datepicker._get(dp_inst, 'minDateTime') !== undefined && dp_date) {
+				var minDateTime = $.datepicker._get(dp_inst, 'minDateTime'),
+					minDateTimeDate = new Date(minDateTime.getFullYear(), minDateTime.getMonth(), minDateTime.getDate(), 0, 0, 0, 0);
+
+				if (this.hourMinOriginal === null || this.minuteMinOriginal === null || this.secondMinOriginal === null || this.millisecMinOriginal === null || this.microsecMinOriginal === null) {
+					this.hourMinOriginal = o.hourMin;
+					this.minuteMinOriginal = o.minuteMin;
+					this.secondMinOriginal = o.secondMin;
+					this.millisecMinOriginal = o.millisecMin;
+					this.microsecMinOriginal = o.microsecMin;
+				}
+
+				if (dp_inst.settings.timeOnly || minDateTimeDate.getTime() === dp_date.getTime()) {
+					this._defaults.hourMin = minDateTime.getHours();
+					if (this.hour <= this._defaults.hourMin) {
+						this.hour = this._defaults.hourMin;
+						this._defaults.minuteMin = minDateTime.getMinutes();
+						if (this.minute <= this._defaults.minuteMin) {
+							this.minute = this._defaults.minuteMin;
+							this._defaults.secondMin = minDateTime.getSeconds();
+							if (this.second <= this._defaults.secondMin) {
+								this.second = this._defaults.secondMin;
+								this._defaults.millisecMin = minDateTime.getMilliseconds();
+								if (this.millisec <= this._defaults.millisecMin) {
+									this.millisec = this._defaults.millisecMin;
+									this._defaults.microsecMin = minDateTime.getMicroseconds();
+								} else {
+									if (this.microsec < this._defaults.microsecMin) {
+										this.microsec = this._defaults.microsecMin;
+									}
+									this._defaults.microsecMin = this.microsecMinOriginal;
+								}
+							} else {
+								this._defaults.millisecMin = this.millisecMinOriginal;
+								this._defaults.microsecMin = this.microsecMinOriginal;
+							}
+						} else {
+							this._defaults.secondMin = this.secondMinOriginal;
+							this._defaults.millisecMin = this.millisecMinOriginal;
+							this._defaults.microsecMin = this.microsecMinOriginal;
+						}
+					} else {
+						this._defaults.minuteMin = this.minuteMinOriginal;
+						this._defaults.secondMin = this.secondMinOriginal;
+						this._defaults.millisecMin = this.millisecMinOriginal;
+						this._defaults.microsecMin = this.microsecMinOriginal;
+					}
+				} else {
+					this._defaults.hourMin = this.hourMinOriginal;
+					this._defaults.minuteMin = this.minuteMinOriginal;
+					this._defaults.secondMin = this.secondMinOriginal;
+					this._defaults.millisecMin = this.millisecMinOriginal;
+					this._defaults.microsecMin = this.microsecMinOriginal;
+				}
+			}
+
+			if ($.datepicker._get(dp_inst, 'maxDateTime') !== null && $.datepicker._get(dp_inst, 'maxDateTime') !== undefined && dp_date) {
+				var maxDateTime = $.datepicker._get(dp_inst, 'maxDateTime'),
+					maxDateTimeDate = new Date(maxDateTime.getFullYear(), maxDateTime.getMonth(), maxDateTime.getDate(), 0, 0, 0, 0);
+
+				if (this.hourMaxOriginal === null || this.minuteMaxOriginal === null || this.secondMaxOriginal === null || this.millisecMaxOriginal === null) {
+					this.hourMaxOriginal = o.hourMax;
+					this.minuteMaxOriginal = o.minuteMax;
+					this.secondMaxOriginal = o.secondMax;
+					this.millisecMaxOriginal = o.millisecMax;
+					this.microsecMaxOriginal = o.microsecMax;
+				}
+
+				if (dp_inst.settings.timeOnly || maxDateTimeDate.getTime() === dp_date.getTime()) {
+					this._defaults.hourMax = maxDateTime.getHours();
+					if (this.hour >= this._defaults.hourMax) {
+						this.hour = this._defaults.hourMax;
+						this._defaults.minuteMax = maxDateTime.getMinutes();
+						if (this.minute >= this._defaults.minuteMax) {
+							this.minute = this._defaults.minuteMax;
+							this._defaults.secondMax = maxDateTime.getSeconds();
+							if (this.second >= this._defaults.secondMax) {
+								this.second = this._defaults.secondMax;
+								this._defaults.millisecMax = maxDateTime.getMilliseconds();
+								if (this.millisec >= this._defaults.millisecMax) {
+									this.millisec = this._defaults.millisecMax;
+									this._defaults.microsecMax = maxDateTime.getMicroseconds();
+								} else {
+									if (this.microsec > this._defaults.microsecMax) {
+										this.microsec = this._defaults.microsecMax;
+									}
+									this._defaults.microsecMax = this.microsecMaxOriginal;
+								}
+							} else {
+								this._defaults.millisecMax = this.millisecMaxOriginal;
+								this._defaults.microsecMax = this.microsecMaxOriginal;
+							}
+						} else {
+							this._defaults.secondMax = this.secondMaxOriginal;
+							this._defaults.millisecMax = this.millisecMaxOriginal;
+							this._defaults.microsecMax = this.microsecMaxOriginal;
+						}
+					} else {
+						this._defaults.minuteMax = this.minuteMaxOriginal;
+						this._defaults.secondMax = this.secondMaxOriginal;
+						this._defaults.millisecMax = this.millisecMaxOriginal;
+						this._defaults.microsecMax = this.microsecMaxOriginal;
+					}
+				} else {
+					this._defaults.hourMax = this.hourMaxOriginal;
+					this._defaults.minuteMax = this.minuteMaxOriginal;
+					this._defaults.secondMax = this.secondMaxOriginal;
+					this._defaults.millisecMax = this.millisecMaxOriginal;
+					this._defaults.microsecMax = this.microsecMaxOriginal;
+				}
+			}
+
+			if (adjustSliders !== undefined && adjustSliders === true) {
+				var hourMax = parseInt((this._defaults.hourMax - ((this._defaults.hourMax - this._defaults.hourMin) % this._defaults.stepHour)), 10),
+					minMax = parseInt((this._defaults.minuteMax - ((this._defaults.minuteMax - this._defaults.minuteMin) % this._defaults.stepMinute)), 10),
+					secMax = parseInt((this._defaults.secondMax - ((this._defaults.secondMax - this._defaults.secondMin) % this._defaults.stepSecond)), 10),
+					millisecMax = parseInt((this._defaults.millisecMax - ((this._defaults.millisecMax - this._defaults.millisecMin) % this._defaults.stepMillisec)), 10),
+					microsecMax = parseInt((this._defaults.microsecMax - ((this._defaults.microsecMax - this._defaults.microsecMin) % this._defaults.stepMicrosec)), 10);
+
+				if (this.hour_slider) {
+					this.control.options(this, this.hour_slider, 'hour', { min: this._defaults.hourMin, max: hourMax });
+					this.control.value(this, this.hour_slider, 'hour', this.hour - (this.hour % this._defaults.stepHour));
+				}
+				if (this.minute_slider) {
+					this.control.options(this, this.minute_slider, 'minute', { min: this._defaults.minuteMin, max: minMax });
+					this.control.value(this, this.minute_slider, 'minute', this.minute - (this.minute % this._defaults.stepMinute));
+				}
+				if (this.second_slider) {
+					this.control.options(this, this.second_slider, 'second', { min: this._defaults.secondMin, max: secMax });
+					this.control.value(this, this.second_slider, 'second', this.second - (this.second % this._defaults.stepSecond));
+				}
+				if (this.millisec_slider) {
+					this.control.options(this, this.millisec_slider, 'millisec', { min: this._defaults.millisecMin, max: millisecMax });
+					this.control.value(this, this.millisec_slider, 'millisec', this.millisec - (this.millisec % this._defaults.stepMillisec));
+				}
+				if (this.microsec_slider) {
+					this.control.options(this, this.microsec_slider, 'microsec', { min: this._defaults.microsecMin, max: microsecMax });
+					this.control.value(this, this.microsec_slider, 'microsec', this.microsec - (this.microsec % this._defaults.stepMicrosec));
+				}
+			}
+
+		},
+
+		/*
+		* when a slider moves, set the internal time...
+		* on time change is also called when the time is updated in the text field
+		*/
+		_onTimeChange: function () {
+			if (!this._defaults.showTimepicker) {
+                                return;
+			}
+			var hour = (this.hour_slider) ? this.control.value(this, this.hour_slider, 'hour') : false,
+				minute = (this.minute_slider) ? this.control.value(this, this.minute_slider, 'minute') : false,
+				second = (this.second_slider) ? this.control.value(this, this.second_slider, 'second') : false,
+				millisec = (this.millisec_slider) ? this.control.value(this, this.millisec_slider, 'millisec') : false,
+				microsec = (this.microsec_slider) ? this.control.value(this, this.microsec_slider, 'microsec') : false,
+				timezone = (this.timezone_select) ? this.timezone_select.val() : false,
+				o = this._defaults,
+				pickerTimeFormat = o.pickerTimeFormat || o.timeFormat,
+				pickerTimeSuffix = o.pickerTimeSuffix || o.timeSuffix;
+
+			if (typeof(hour) === 'object') {
+				hour = false;
+			}
+			if (typeof(minute) === 'object') {
+				minute = false;
+			}
+			if (typeof(second) === 'object') {
+				second = false;
+			}
+			if (typeof(millisec) === 'object') {
+				millisec = false;
+			}
+			if (typeof(microsec) === 'object') {
+				microsec = false;
+			}
+			if (typeof(timezone) === 'object') {
+				timezone = false;
+			}
+
+			if (hour !== false) {
+				hour = parseInt(hour, 10);
+			}
+			if (minute !== false) {
+				minute = parseInt(minute, 10);
+			}
+			if (second !== false) {
+				second = parseInt(second, 10);
+			}
+			if (millisec !== false) {
+				millisec = parseInt(millisec, 10);
+			}
+			if (microsec !== false) {
+				microsec = parseInt(microsec, 10);
+			}
+
+			var ampm = o[hour < 12 ? 'amNames' : 'pmNames'][0];
+
+			// If the update was done in the input field, the input field should not be updated.
+			// If the update was done using the sliders, update the input field.
+			var hasChanged = (hour !== this.hour || minute !== this.minute || second !== this.second || millisec !== this.millisec || microsec !== this.microsec || 
+					(this.ampm.length > 0 && (hour < 12) !== ($.inArray(this.ampm.toUpperCase(), this.amNames) !== -1)) || (this.timezone !== null && timezone !== this.timezone));
+
+			if (hasChanged) {
+
+				if (hour !== false) {
+					this.hour = hour;
+				}
+				if (minute !== false) {
+					this.minute = minute;
+				}
+				if (second !== false) {
+					this.second = second;
+				}
+				if (millisec !== false) {
+					this.millisec = millisec;
+				}
+				if (microsec !== false) {
+					this.microsec = microsec;
+				}
+				if (timezone !== false) {
+					this.timezone = timezone;
+				}
+
+				if (!this.inst) {
+					this.inst = $.datepicker._getInst(this.$input[0]);
+				}
+
+				this._limitMinMaxDateTime(this.inst, true);
+			}
+			if (this.support.ampm) {
+				this.ampm = ampm;
+			}
+
+			// Updates the time within the timepicker
+			this.formattedTime = $.datepicker.formatTime(o.timeFormat, this, o);
+			if (this.$timeObj) {
+				if (pickerTimeFormat === o.timeFormat) {
+					this.$timeObj.text(this.formattedTime + pickerTimeSuffix);
+				}
+				else {
+					this.$timeObj.text($.datepicker.formatTime(pickerTimeFormat, this, o) + pickerTimeSuffix);
+				}
+			}
+
+			this.timeDefined = true;
+			if (hasChanged) {
+				this._updateDateTime();
+			}
+		},
+
+		/*
+		* call custom onSelect.
+		* bind to sliders slidestop, and grid click.
+		*/
+		_onSelectHandler: function () {
+			var onSelect = this._defaults.onSelect || this.inst.settings.onSelect;
+			var inputEl = this.$input ? this.$input[0] : null;
+			if (onSelect && inputEl) {
+				onSelect.apply(inputEl, [this.formattedDateTime, this]);
+			}
+		},
+
+		/*
+		* update our input with the new date time..
+		*/
+		_updateDateTime: function (dp_inst) {
+			dp_inst = this.inst || dp_inst;
+			var dtTmp = (dp_inst.currentYear > 0? 
+							new Date(dp_inst.currentYear, dp_inst.currentMonth, dp_inst.currentDay) : 
+							new Date(dp_inst.selectedYear, dp_inst.selectedMonth, dp_inst.selectedDay)),
+				dt = $.datepicker._daylightSavingAdjust(dtTmp),
+				//dt = $.datepicker._daylightSavingAdjust(new Date(dp_inst.selectedYear, dp_inst.selectedMonth, dp_inst.selectedDay)),
+				//dt = $.datepicker._daylightSavingAdjust(new Date(dp_inst.currentYear, dp_inst.currentMonth, dp_inst.currentDay)),
+				dateFmt = $.datepicker._get(dp_inst, 'dateFormat'),
+				formatCfg = $.datepicker._getFormatConfig(dp_inst),
+				timeAvailable = dt !== null && this.timeDefined;
+			this.formattedDate = $.datepicker.formatDate(dateFmt, (dt === null ? new Date() : dt), formatCfg);
+			var formattedDateTime = this.formattedDate;
+			
+			// if a slider was changed but datepicker doesn't have a value yet, set it
+			if (dp_inst.lastVa === "") {
+                dp_inst.currentYear = dp_inst.selectedYear;
+                dp_inst.currentMonth = dp_inst.selectedMonth;
+                dp_inst.currentDay = dp_inst.selectedDay;
+            }
+
+			/*
+			* remove following lines to force every changes in date picker to change the input value
+			* Bug descriptions: when an input field has a default value, and click on the field to pop up the date picker. 
+			* If the user manually empty the value in the input field, the date picker will never change selected value.
+			*/
+			//if (dp_inst.lastVal !== undefined && (dp_inst.lastVal.length > 0 && this.$input.val().length === 0)) {
+			//	return;
+			//}
+
+			if (this._defaults.timeOnly === true) {
+				formattedDateTime = this.formattedTime;
+			} else if (this._defaults.timeOnly !== true && (this._defaults.alwaysSetTime || timeAvailable)) {
+				formattedDateTime += this._defaults.separator + this.formattedTime + this._defaults.timeSuffix;
+			}
+
+			this.formattedDateTime = formattedDateTime;
+
+			if (!this._defaults.showTimepicker) {
+				this.$input.val(this.formattedDate);
+			} else if (this.$altInput && this._defaults.timeOnly === false && this._defaults.altFieldTimeOnly === true) {
+				this.$altInput.val(this.formattedTime);
+				this.$input.val(this.formattedDate);
+			} else if (this.$altInput) {
+				this.$input.val(formattedDateTime);
+				var altFormattedDateTime = '',
+					altSeparator = this._defaults.altSeparator ? this._defaults.altSeparator : this._defaults.separator,
+					altTimeSuffix = this._defaults.altTimeSuffix ? this._defaults.altTimeSuffix : this._defaults.timeSuffix;
+				
+				if (!this._defaults.timeOnly) {
+					if (this._defaults.altFormat) {
+						altFormattedDateTime = $.datepicker.formatDate(this._defaults.altFormat, (dt === null ? new Date() : dt), formatCfg);
+					}
+					else {
+						altFormattedDateTime = this.formattedDate;
+					}
+
+					if (altFormattedDateTime) {
+						altFormattedDateTime += altSeparator;
+					}
+				}
+
+				if (this._defaults.altTimeFormat) {
+					altFormattedDateTime += $.datepicker.formatTime(this._defaults.altTimeFormat, this, this._defaults) + altTimeSuffix;
+				}
+				else {
+					altFormattedDateTime += this.formattedTime + altTimeSuffix;
+				}
+				this.$altInput.val(altFormattedDateTime);
+			} else {
+				this.$input.val(formattedDateTime);
+			}
+
+			this.$input.trigger("change");
+		},
+
+		_onFocus: function () {
+			if (!this.$input.val() && this._defaults.defaultValue) {
+				this.$input.val(this._defaults.defaultValue);
+				var inst = $.datepicker._getInst(this.$input.get(0)),
+					tp_inst = $.datepicker._get(inst, 'timepicker');
+				if (tp_inst) {
+					if (tp_inst._defaults.timeOnly && (inst.input.val() !== inst.lastVal)) {
+						try {
+							$.datepicker._updateDatepicker(inst);
+						} catch (err) {
+							$.timepicker.log(err);
+						}
+					}
+				}
+			}
+		},
+
+		/*
+		* Small abstraction to control types
+		* We can add more, just be sure to follow the pattern: create, options, value
+		*/
+		_controls: {
+			// slider methods
+			slider: {
+				create: function (tp_inst, obj, unit, val, min, max, step) {
+					var rtl = tp_inst._defaults.isRTL; // if rtl go -60->0 instead of 0->60
+					return obj.prop('slide', null).slider({
+						orientation: "horizontal",
+						value: rtl ? val * -1 : val,
+						min: rtl ? max * -1 : min,
+						max: rtl ? min * -1 : max,
+						step: step,
+						slide: function (event, ui) {
+							tp_inst.control.value(tp_inst, $(this), unit, rtl ? ui.value * -1 : ui.value);
+							tp_inst._onTimeChange();
+						},
+						stop: function (event, ui) {
+							tp_inst._onSelectHandler();
+						}
+					});	
+				},
+				options: function (tp_inst, obj, unit, opts, val) {
+					if (tp_inst._defaults.isRTL) {
+						if (typeof(opts) === 'string') {
+							if (opts === 'min' || opts === 'max') {
+								if (val !== undefined) {
+									return obj.slider(opts, val * -1);
+								}
+								return Math.abs(obj.slider(opts));
+							}
+							return obj.slider(opts);
+						}
+						var min = opts.min, 
+							max = opts.max;
+						opts.min = opts.max = null;
+						if (min !== undefined) {
+							opts.max = min * -1;
+						}
+						if (max !== undefined) {
+							opts.min = max * -1;
+						}
+						return obj.slider(opts);
+					}
+					if (typeof(opts) === 'string' && val !== undefined) {
+						return obj.slider(opts, val);
+					}
+					return obj.slider(opts);
+				},
+				value: function (tp_inst, obj, unit, val) {
+					if (tp_inst._defaults.isRTL) {
+						if (val !== undefined) {
+							return obj.slider('value', val * -1);
+						}
+						return Math.abs(obj.slider('value'));
+					}
+					if (val !== undefined) {
+						return obj.slider('value', val);
+					}
+					return obj.slider('value');
+				}
+			},
+			// select methods
+			select: {
+				create: function (tp_inst, obj, unit, val, min, max, step) {
+					var sel = '<select class="ui-timepicker-select" data-unit="' + unit + '" data-min="' + min + '" data-max="' + max + '" data-step="' + step + '">',
+						format = tp_inst._defaults.pickerTimeFormat || tp_inst._defaults.timeFormat;
+
+					for (var i = min; i <= max; i += step) {
+						sel += '<option value="' + i + '"' + (i === val ? ' selected' : '') + '>';
+						if (unit === 'hour') {
+							sel += $.datepicker.formatTime($.trim(format.replace(/[^ht ]/ig, '')), {hour: i}, tp_inst._defaults);
+						}
+						else if (unit === 'millisec' || unit === 'microsec' || i >= 10) { sel += i; }
+						else {sel += '0' + i.toString(); }
+						sel += '</option>';
+					}
+					sel += '</select>';
+
+					obj.children('select').remove();
+
+					$(sel).appendTo(obj).change(function (e) {
+						tp_inst._onTimeChange();
+						tp_inst._onSelectHandler();
+					});
+
+					return obj;
+				},
+				options: function (tp_inst, obj, unit, opts, val) {
+					var o = {},
+						$t = obj.children('select');
+					if (typeof(opts) === 'string') {
+						if (val === undefined) {
+							return $t.data(opts);
+						}
+						o[opts] = val;	
+					}
+					else { o = opts; }
+					return tp_inst.control.create(tp_inst, obj, $t.data('unit'), $t.val(), o.min || $t.data('min'), o.max || $t.data('max'), o.step || $t.data('step'));
+				},
+				value: function (tp_inst, obj, unit, val) {
+					var $t = obj.children('select');
+					if (val !== undefined) {
+						return $t.val(val);
+					}
+					return $t.val();
+				}
+			}
+		} // end _controls
+
+	});
+
+	$.fn.extend({
+		/*
+		* shorthand just to use timepicker.
+		*/
+		timepicker: function (o) {
+			o = o || {};
+			var tmp_args = Array.prototype.slice.call(arguments);
+
+			if (typeof o === 'object') {
+				tmp_args[0] = $.extend(o, {
+					timeOnly: true
+				});
+			}
+
+			return $(this).each(function () {
+				$.fn.datetimepicker.apply($(this), tmp_args);
+			});
+		},
+
+		/*
+		* extend timepicker to datepicker
+		*/
+		datetimepicker: function (o) {
+			o = o || {};
+			var tmp_args = arguments;
+
+			if (typeof(o) === 'string') {
+				if (o === 'getDate') {
+					return $.fn.datepicker.apply($(this[0]), tmp_args);
+				} else {
+					return this.each(function () {
+						var $t = $(this);
+						$t.datepicker.apply($t, tmp_args);
+					});
+				}
+			} else {
+				return this.each(function () {
+					var $t = $(this);
+					$t.datepicker($.timepicker._newInst($t, o)._defaults);
+				});
+			}
+		}
+	});
+
+	/*
+	* Public Utility to parse date and time
+	*/
+	$.datepicker.parseDateTime = function (dateFormat, timeFormat, dateTimeString, dateSettings, timeSettings) {
+		var parseRes = parseDateTimeInternal(dateFormat, timeFormat, dateTimeString, dateSettings, timeSettings);
+		if (parseRes.timeObj) {
+			var t = parseRes.timeObj;
+			parseRes.date.setHours(t.hour, t.minute, t.second, t.millisec);
+			parseRes.date.setMicroseconds(t.microsec);
+		}
+
+		return parseRes.date;
+	};
+
+	/*
+	* Public utility to parse time
+	*/
+	$.datepicker.parseTime = function (timeFormat, timeString, options) {
+		var o = extendRemove(extendRemove({}, $.timepicker._defaults), options || {}),
+			iso8601 = (timeFormat.replace(/\'.*?\'/g, '').indexOf('Z') !== -1);
+
+		// Strict parse requires the timeString to match the timeFormat exactly
+		var strictParse = function (f, s, o) {
+
+			// pattern for standard and localized AM/PM markers
+			var getPatternAmpm = function (amNames, pmNames) {
+				var markers = [];
+				if (amNames) {
+					$.merge(markers, amNames);
+				}
+				if (pmNames) {
+					$.merge(markers, pmNames);
+				}
+				markers = $.map(markers, function (val) {
+					return val.replace(/[.*+?|()\[\]{}\\]/g, '\\$&');
+				});
+				return '(' + markers.join('|') + ')?';
+			};
+
+			// figure out position of time elements.. cause js cant do named captures
+			var getFormatPositions = function (timeFormat) {
+				var finds = timeFormat.toLowerCase().match(/(h{1,2}|m{1,2}|s{1,2}|l{1}|c{1}|t{1,2}|z|'.*?')/g),
+					orders = {
+						h: -1,
+						m: -1,
+						s: -1,
+						l: -1,
+						c: -1,
+						t: -1,
+						z: -1
+					};
+
+				if (finds) {
+					for (var i = 0; i < finds.length; i++) {
+						if (orders[finds[i].toString().charAt(0)] === -1) {
+							orders[finds[i].toString().charAt(0)] = i + 1;
+						}
+					}
+				}
+				return orders;
+			};
+
+			var regstr = '^' + f.toString()
+					.replace(/([hH]{1,2}|mm?|ss?|[tT]{1,2}|[zZ]|[lc]|'.*?')/g, function (match) {
+							var ml = match.length;
+							switch (match.charAt(0).toLowerCase()) {
+							case 'h':
+								return ml === 1 ? '(\\d?\\d)' : '(\\d{' + ml + '})';
+							case 'm':
+								return ml === 1 ? '(\\d?\\d)' : '(\\d{' + ml + '})';
+							case 's':
+								return ml === 1 ? '(\\d?\\d)' : '(\\d{' + ml + '})';
+							case 'l':
+								return '(\\d?\\d?\\d)';
+							case 'c':
+								return '(\\d?\\d?\\d)';
+							case 'z':
+								return '(z|[-+]\\d\\d:?\\d\\d|\\S+)?';
+							case 't':
+								return getPatternAmpm(o.amNames, o.pmNames);
+							default:    // literal escaped in quotes
+								return '(' + match.replace(/\'/g, "").replace(/(\.|\$|\^|\\|\/|\(|\)|\[|\]|\?|\+|\*)/g, function (m) { return "\\" + m; }) + ')?';
+							}
+						})
+					.replace(/\s/g, '\\s?') +
+					o.timeSuffix + '$',
+				order = getFormatPositions(f),
+				ampm = '',
+				treg;
+
+			treg = s.match(new RegExp(regstr, 'i'));
+
+			var resTime = {
+				hour: 0,
+				minute: 0,
+				second: 0,
+				millisec: 0,
+				microsec: 0
+			};
+
+			if (treg) {
+				if (order.t !== -1) {
+					if (treg[order.t] === undefined || treg[order.t].length === 0) {
+						ampm = '';
+						resTime.ampm = '';
+					} else {
+						ampm = $.inArray(treg[order.t].toUpperCase(), o.amNames) !== -1 ? 'AM' : 'PM';
+						resTime.ampm = o[ampm === 'AM' ? 'amNames' : 'pmNames'][0];
+					}
+				}
+
+				if (order.h !== -1) {
+					if (ampm === 'AM' && treg[order.h] === '12') {
+						resTime.hour = 0; // 12am = 0 hour
+					} else {
+						if (ampm === 'PM' && treg[order.h] !== '12') {
+							resTime.hour = parseInt(treg[order.h], 10) + 12; // 12pm = 12 hour, any other pm = hour + 12
+						} else {
+							resTime.hour = Number(treg[order.h]);
+						}
+					}
+				}
+
+				if (order.m !== -1) {
+					resTime.minute = Number(treg[order.m]);
+				}
+				if (order.s !== -1) {
+					resTime.second = Number(treg[order.s]);
+				}
+				if (order.l !== -1) {
+					resTime.millisec = Number(treg[order.l]);
+				}
+				if (order.c !== -1) {
+					resTime.microsec = Number(treg[order.c]);
+				}
+				if (order.z !== -1 && treg[order.z] !== undefined) {
+					resTime.timezone = $.timepicker.timezoneOffsetNumber(treg[order.z]);
+				}
+
+
+				return resTime;
+			}
+			return false;
+		};// end strictParse
+
+		// First try JS Date, if that fails, use strictParse
+		var looseParse = function (f, s, o) {
+			try {
+				var d = new Date('2012-01-01 ' + s);
+				if (isNaN(d.getTime())) {
+					d = new Date('2012-01-01T' + s);
+					if (isNaN(d.getTime())) {
+						d = new Date('01/01/2012 ' + s);
+						if (isNaN(d.getTime())) {
+							throw "Unable to parse time with native Date: " + s;
+						}
+					}
+				}
+
+				return {
+					hour: d.getHours(),
+					minute: d.getMinutes(),
+					second: d.getSeconds(),
+					millisec: d.getMilliseconds(),
+					microsec: d.getMicroseconds(),
+					timezone: d.getTimezoneOffset() * -1
+				};
+			}
+			catch (err) {
+				try {
+					return strictParse(f, s, o);
+				}
+				catch (err2) {
+					$.timepicker.log("Unable to parse \ntimeString: " + s + "\ntimeFormat: " + f);
+				}				
+			}
+			return false;
+		}; // end looseParse
+		
+		if (typeof o.parse === "function") {
+			return o.parse(timeFormat, timeString, o);
+		}
+		if (o.parse === 'loose') {
+			return looseParse(timeFormat, timeString, o);
+		}
+		return strictParse(timeFormat, timeString, o);
+	};
+
+	/**
+	 * Public utility to format the time
+	 * @param {string} format format of the time
+	 * @param {Object} time Object not a Date for timezones
+	 * @param {Object} [options] essentially the regional[].. amNames, pmNames, ampm
+	 * @returns {string} the formatted time
+	 */
+	$.datepicker.formatTime = function (format, time, options) {
+		options = options || {};
+		options = $.extend({}, $.timepicker._defaults, options);
+		time = $.extend({
+			hour: 0,
+			minute: 0,
+			second: 0,
+			millisec: 0,
+			microsec: 0,
+			timezone: null
+		}, time);
+
+		var tmptime = format,
+			ampmName = options.amNames[0],
+			hour = parseInt(time.hour, 10);
+
+		if (hour > 11) {
+			ampmName = options.pmNames[0];
+		}
+
+		tmptime = tmptime.replace(/(?:HH?|hh?|mm?|ss?|[tT]{1,2}|[zZ]|[lc]|'.*?')/g, function (match) {
+			switch (match) {
+			case 'HH':
+				return ('0' + hour).slice(-2);
+			case 'H':
+				return hour;
+			case 'hh':
+				return ('0' + convert24to12(hour)).slice(-2);
+			case 'h':
+				return convert24to12(hour);
+			case 'mm':
+				return ('0' + time.minute).slice(-2);
+			case 'm':
+				return time.minute;
+			case 'ss':
+				return ('0' + time.second).slice(-2);
+			case 's':
+				return time.second;
+			case 'l':
+				return ('00' + time.millisec).slice(-3);
+			case 'c':
+				return ('00' + time.microsec).slice(-3);
+			case 'z':
+				return $.timepicker.timezoneOffsetString(time.timezone === null ? options.timezone : time.timezone, false);
+			case 'Z':
+				return $.timepicker.timezoneOffsetString(time.timezone === null ? options.timezone : time.timezone, true);
+			case 'T':
+				return ampmName.charAt(0).toUpperCase();
+			case 'TT':
+				return ampmName.toUpperCase();
+			case 't':
+				return ampmName.charAt(0).toLowerCase();
+			case 'tt':
+				return ampmName.toLowerCase();
+			default:
+				return match.replace(/'/g, "");
+			}
+		});
+
+		return tmptime;
+	};
+
+	/*
+	* the bad hack :/ override datepicker so it doesn't close on select
+	// inspired: http://stackoverflow.com/questions/1252512/jquery-datepicker-prevent-closing-picker-when-clicking-a-date/1762378#1762378
+	*/
+	$.datepicker._base_selectDate = $.datepicker._selectDate;
+	$.datepicker._selectDate = function (id, dateStr) {
+		var inst = this._getInst($(id)[0]),
+			tp_inst = this._get(inst, 'timepicker');
+
+		if (tp_inst) {
+			tp_inst._limitMinMaxDateTime(inst, true);
+			inst.inline = inst.stay_open = true;
+			//This way the onSelect handler called from calendarpicker get the full dateTime
+			this._base_selectDate(id, dateStr);
+			inst.inline = inst.stay_open = false;
+			this._notifyChange(inst);
+			this._updateDatepicker(inst);
+		} else {
+			this._base_selectDate(id, dateStr);
+		}
+	};
+
+	/*
+	* second bad hack :/ override datepicker so it triggers an event when changing the input field
+	* and does not redraw the datepicker on every selectDate event
+	*/
+	$.datepicker._base_updateDatepicker = $.datepicker._updateDatepicker;
+	$.datepicker._updateDatepicker = function (inst) {
+
+		// don't popup the datepicker if there is another instance already opened
+		var input = inst.input[0];
+		if ($.datepicker._curInst && $.datepicker._curInst !== inst && $.datepicker._datepickerShowing && $.datepicker._lastInput !== input) {
+			return;
+		}
+
+		if (typeof(inst.stay_open) !== 'boolean' || inst.stay_open === false) {
+
+			this._base_updateDatepicker(inst);
+
+			// Reload the time control when changing something in the input text field.
+			var tp_inst = this._get(inst, 'timepicker');
+			if (tp_inst) {
+				tp_inst._addTimePicker(inst);
+			}
+		}
+	};
+
+	/*
+	* third bad hack :/ override datepicker so it allows spaces and colon in the input field
+	*/
+	$.datepicker._base_doKeyPress = $.datepicker._doKeyPress;
+	$.datepicker._doKeyPress = function (event) {
+		var inst = $.datepicker._getInst(event.target),
+			tp_inst = $.datepicker._get(inst, 'timepicker');
+
+		if (tp_inst) {
+			if ($.datepicker._get(inst, 'constrainInput')) {
+				var ampm = tp_inst.support.ampm,
+					tz = tp_inst._defaults.showTimezone !== null ? tp_inst._defaults.showTimezone : tp_inst.support.timezone,
+					dateChars = $.datepicker._possibleChars($.datepicker._get(inst, 'dateFormat')),
+					datetimeChars = tp_inst._defaults.timeFormat.toString()
+											.replace(/[hms]/g, '')
+											.replace(/TT/g, ampm ? 'APM' : '')
+											.replace(/Tt/g, ampm ? 'AaPpMm' : '')
+											.replace(/tT/g, ampm ? 'AaPpMm' : '')
+											.replace(/T/g, ampm ? 'AP' : '')
+											.replace(/tt/g, ampm ? 'apm' : '')
+											.replace(/t/g, ampm ? 'ap' : '') + 
+											" " + tp_inst._defaults.separator + 
+											tp_inst._defaults.timeSuffix + 
+											(tz ? tp_inst._defaults.timezoneList.join('') : '') + 
+											(tp_inst._defaults.amNames.join('')) + (tp_inst._defaults.pmNames.join('')) + 
+											dateChars,
+					chr = String.fromCharCode(event.charCode === undefined ? event.keyCode : event.charCode);
+				return event.ctrlKey || (chr < ' ' || !dateChars || datetimeChars.indexOf(chr) > -1);
+			}
+		}
+
+		return $.datepicker._base_doKeyPress(event);
+	};
+
+	/*
+	* Fourth bad hack :/ override _updateAlternate function used in inline mode to init altField
+	* Update any alternate field to synchronise with the main field.
+	*/
+	$.datepicker._base_updateAlternate = $.datepicker._updateAlternate;
+	$.datepicker._updateAlternate = function (inst) {
+		var tp_inst = this._get(inst, 'timepicker');
+		if (tp_inst) {
+			var altField = tp_inst._defaults.altField;
+			if (altField) { // update alternate field too
+				var altFormat = tp_inst._defaults.altFormat || tp_inst._defaults.dateFormat,
+					date = this._getDate(inst),
+					formatCfg = $.datepicker._getFormatConfig(inst),
+					altFormattedDateTime = '', 
+					altSeparator = tp_inst._defaults.altSeparator ? tp_inst._defaults.altSeparator : tp_inst._defaults.separator, 
+					altTimeSuffix = tp_inst._defaults.altTimeSuffix ? tp_inst._defaults.altTimeSuffix : tp_inst._defaults.timeSuffix,
+					altTimeFormat = tp_inst._defaults.altTimeFormat !== null ? tp_inst._defaults.altTimeFormat : tp_inst._defaults.timeFormat;
+				
+				altFormattedDateTime += $.datepicker.formatTime(altTimeFormat, tp_inst, tp_inst._defaults) + altTimeSuffix;
+				if (!tp_inst._defaults.timeOnly && !tp_inst._defaults.altFieldTimeOnly && date !== null) {
+					if (tp_inst._defaults.altFormat) {
+						altFormattedDateTime = $.datepicker.formatDate(tp_inst._defaults.altFormat, date, formatCfg) + altSeparator + altFormattedDateTime;
+					}
+					else {
+						altFormattedDateTime = tp_inst.formattedDate + altSeparator + altFormattedDateTime;
+					}
+				}
+				$(altField).val(altFormattedDateTime);
+			}
+		}
+		else {
+			$.datepicker._base_updateAlternate(inst);
+		}
+	};
+
+	/*
+	* Override key up event to sync manual input changes.
+	*/
+	$.datepicker._base_doKeyUp = $.datepicker._doKeyUp;
+	$.datepicker._doKeyUp = function (event) {
+		var inst = $.datepicker._getInst(event.target),
+			tp_inst = $.datepicker._get(inst, 'timepicker');
+
+		if (tp_inst) {
+			if (tp_inst._defaults.timeOnly && (inst.input.val() !== inst.lastVal)) {
+				try {
+					$.datepicker._updateDatepicker(inst);
+				} catch (err) {
+					$.timepicker.log(err);
+				}
+			}
+		}
+
+		return $.datepicker._base_doKeyUp(event);
+	};
+
+	/*
+	* override "Today" button to also grab the time.
+	*/
+	$.datepicker._base_gotoToday = $.datepicker._gotoToday;
+	$.datepicker._gotoToday = function (id) {
+		var inst = this._getInst($(id)[0]),
+			$dp = inst.dpDiv;
+		this._base_gotoToday(id);
+		var tp_inst = this._get(inst, 'timepicker');
+		selectLocalTimezone(tp_inst);
+		var now = new Date();
+		this._setTime(inst, now);
+		$('.ui-datepicker-today', $dp).click();
+	};
+
+	/*
+	* Disable & enable the Time in the datetimepicker
+	*/
+	$.datepicker._disableTimepickerDatepicker = function (target) {
+		var inst = this._getInst(target);
+		if (!inst) {
+			return;
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+		$(target).datepicker('getDate'); // Init selected[Year|Month|Day]
+		if (tp_inst) {
+			inst.settings.showTimepicker = false;
+			tp_inst._defaults.showTimepicker = false;
+			tp_inst._updateDateTime(inst);
+		}
+	};
+
+	$.datepicker._enableTimepickerDatepicker = function (target) {
+		var inst = this._getInst(target);
+		if (!inst) {
+			return;
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+		$(target).datepicker('getDate'); // Init selected[Year|Month|Day]
+		if (tp_inst) {
+			inst.settings.showTimepicker = true;
+			tp_inst._defaults.showTimepicker = true;
+			tp_inst._addTimePicker(inst); // Could be disabled on page load
+			tp_inst._updateDateTime(inst);
+		}
+	};
+
+	/*
+	* Create our own set time function
+	*/
+	$.datepicker._setTime = function (inst, date) {
+		var tp_inst = this._get(inst, 'timepicker');
+		if (tp_inst) {
+			var defaults = tp_inst._defaults;
+
+			// calling _setTime with no date sets time to defaults
+			tp_inst.hour = date ? date.getHours() : defaults.hour;
+			tp_inst.minute = date ? date.getMinutes() : defaults.minute;
+			tp_inst.second = date ? date.getSeconds() : defaults.second;
+			tp_inst.millisec = date ? date.getMilliseconds() : defaults.millisec;
+			tp_inst.microsec = date ? date.getMicroseconds() : defaults.microsec;
+
+			//check if within min/max times.. 
+			tp_inst._limitMinMaxDateTime(inst, true);
+
+			tp_inst._onTimeChange();
+			tp_inst._updateDateTime(inst);
+		}
+	};
+
+	/*
+	* Create new public method to set only time, callable as $().datepicker('setTime', date)
+	*/
+	$.datepicker._setTimeDatepicker = function (target, date, withDate) {
+		var inst = this._getInst(target);
+		if (!inst) {
+			return;
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+
+		if (tp_inst) {
+			this._setDateFromField(inst);
+			var tp_date;
+			if (date) {
+				if (typeof date === "string") {
+					tp_inst._parseTime(date, withDate);
+					tp_date = new Date();
+					tp_date.setHours(tp_inst.hour, tp_inst.minute, tp_inst.second, tp_inst.millisec);
+					tp_date.setMicroseconds(tp_inst.microsec);
+				} else {
+					tp_date = new Date(date.getTime());
+					tp_date.setMicroseconds(date.getMicroseconds());
+				}
+				if (tp_date.toString() === 'Invalid Date') {
+					tp_date = undefined;
+				}
+				this._setTime(inst, tp_date);
+			}
+		}
+
+	};
+
+	/*
+	* override setDate() to allow setting time too within Date object
+	*/
+	$.datepicker._base_setDateDatepicker = $.datepicker._setDateDatepicker;
+	$.datepicker._setDateDatepicker = function (target, date) {
+		var inst = this._getInst(target);
+		if (!inst) {
+			return;
+		}
+
+		if (typeof(date) === 'string') {
+			date = new Date(date);
+			if (!date.getTime()) {
+				$.timepicker.log("Error creating Date object from string.");
+			}
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+		var tp_date;
+		if (date instanceof Date) {
+			tp_date = new Date(date.getTime());
+			tp_date.setMicroseconds(date.getMicroseconds());
+		} else {
+			tp_date = date;
+		}
+		
+		// This is important if you are using the timezone option, javascript's Date 
+		// object will only return the timezone offset for the current locale, so we 
+		// adjust it accordingly.  If not using timezone option this won't matter..
+		// If a timezone is different in tp, keep the timezone as is
+		if (tp_inst) {
+			// look out for DST if tz wasn't specified
+			if (!tp_inst.support.timezone && tp_inst._defaults.timezone === null) {
+				tp_inst.timezone = tp_date.getTimezoneOffset() * -1;
+			}
+			date = $.timepicker.timezoneAdjust(date, tp_inst.timezone);
+			tp_date = $.timepicker.timezoneAdjust(tp_date, tp_inst.timezone);
+		}
+
+		this._updateDatepicker(inst);
+		this._base_setDateDatepicker.apply(this, arguments);
+		this._setTimeDatepicker(target, tp_date, true);
+	};
+
+	/*
+	* override getDate() to allow getting time too within Date object
+	*/
+	$.datepicker._base_getDateDatepicker = $.datepicker._getDateDatepicker;
+	$.datepicker._getDateDatepicker = function (target, noDefault) {
+		var inst = this._getInst(target);
+		if (!inst) {
+			return;
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+
+		if (tp_inst) {
+			// if it hasn't yet been defined, grab from field
+			if (inst.lastVal === undefined) {
+				this._setDateFromField(inst, noDefault);
+			}
+
+			var date = this._getDate(inst);
+			if (date && tp_inst._parseTime($(target).val(), tp_inst.timeOnly)) {
+				date.setHours(tp_inst.hour, tp_inst.minute, tp_inst.second, tp_inst.millisec);
+				date.setMicroseconds(tp_inst.microsec);
+
+				// This is important if you are using the timezone option, javascript's Date 
+				// object will only return the timezone offset for the current locale, so we 
+				// adjust it accordingly.  If not using timezone option this won't matter..
+				if (tp_inst.timezone != null) {
+					// look out for DST if tz wasn't specified
+					if (!tp_inst.support.timezone && tp_inst._defaults.timezone === null) {
+						tp_inst.timezone = date.getTimezoneOffset() * -1;
+					}
+					date = $.timepicker.timezoneAdjust(date, tp_inst.timezone);
+				}
+			}
+			return date;
+		}
+		return this._base_getDateDatepicker(target, noDefault);
+	};
+
+	/*
+	* override parseDate() because UI 1.8.14 throws an error about "Extra characters"
+	* An option in datapicker to ignore extra format characters would be nicer.
+	*/
+	$.datepicker._base_parseDate = $.datepicker.parseDate;
+	$.datepicker.parseDate = function (format, value, settings) {
+		var date;
+		try {
+			date = this._base_parseDate(format, value, settings);
+		} catch (err) {
+			// Hack!  The error message ends with a colon, a space, and
+			// the "extra" characters.  We rely on that instead of
+			// attempting to perfectly reproduce the parsing algorithm.
+			if (err.indexOf(":") >= 0) {
+				date = this._base_parseDate(format, value.substring(0, value.length - (err.length - err.indexOf(':') - 2)), settings);
+				$.timepicker.log("Error parsing the date string: " + err + "\ndate string = " + value + "\ndate format = " + format);
+			} else {
+				throw err;
+			}
+		}
+		return date;
+	};
+
+	/*
+	* override formatDate to set date with time to the input
+	*/
+	$.datepicker._base_formatDate = $.datepicker._formatDate;
+	$.datepicker._formatDate = function (inst, day, month, year) {
+		var tp_inst = this._get(inst, 'timepicker');
+		if (tp_inst) {
+			tp_inst._updateDateTime(inst);
+			return tp_inst.$input.val();
+		}
+		return this._base_formatDate(inst);
+	};
+
+	/*
+	* override options setter to add time to maxDate(Time) and minDate(Time). MaxDate
+	*/
+	$.datepicker._base_optionDatepicker = $.datepicker._optionDatepicker;
+	$.datepicker._optionDatepicker = function (target, name, value) {
+		var inst = this._getInst(target),
+			name_clone;
+		if (!inst) {
+			return null;
+		}
+
+		var tp_inst = this._get(inst, 'timepicker');
+		if (tp_inst) {
+			var min = null,
+				max = null,
+				onselect = null,
+				overrides = tp_inst._defaults.evnts,
+				fns = {},
+				prop;
+			if (typeof name === 'string') { // if min/max was set with the string
+				if (name === 'minDate' || name === 'minDateTime') {
+					min = value;
+				} else if (name === 'maxDate' || name === 'maxDateTime') {
+					max = value;
+				} else if (name === 'onSelect') {
+					onselect = value;
+				} else if (overrides.hasOwnProperty(name)) {
+					if (typeof (value) === 'undefined') {
+						return overrides[name];
+					}
+					fns[name] = value;
+					name_clone = {}; //empty results in exiting function after overrides updated
+				}
+			} else if (typeof name === 'object') { //if min/max was set with the JSON
+				if (name.minDate) {
+					min = name.minDate;
+				} else if (name.minDateTime) {
+					min = name.minDateTime;
+				} else if (name.maxDate) {
+					max = name.maxDate;
+				} else if (name.maxDateTime) {
+					max = name.maxDateTime;
+				}
+				for (prop in overrides) {
+					if (overrides.hasOwnProperty(prop) && name[prop]) {
+						fns[prop] = name[prop];
+					}
+				}
+			}
+			for (prop in fns) {
+				if (fns.hasOwnProperty(prop)) {
+					overrides[prop] = fns[prop];
+					if (!name_clone) { name_clone = $.extend({}, name); }
+					delete name_clone[prop];
+				}
+			}
+			if (name_clone && isEmptyObject(name_clone)) { return; }
+			if (min) { //if min was set
+				if (min === 0) {
+					min = new Date();
+				} else {
+					min = new Date(min);
+				}
+				tp_inst._defaults.minDate = min;
+				tp_inst._defaults.minDateTime = min;
+			} else if (max) { //if max was set
+				if (max === 0) {
+					max = new Date();
+				} else {
+					max = new Date(max);
+				}
+				tp_inst._defaults.maxDate = max;
+				tp_inst._defaults.maxDateTime = max;
+			} else if (onselect) {
+				tp_inst._defaults.onSelect = onselect;
+			}
+		}
+		if (value === undefined) {
+			return this._base_optionDatepicker.call($.datepicker, target, name);
+		}
+		return this._base_optionDatepicker.call($.datepicker, target, name_clone || name, value);
+	};
+	
+	/*
+	* jQuery isEmptyObject does not check hasOwnProperty - if someone has added to the object prototype,
+	* it will return false for all objects
+	*/
+	var isEmptyObject = function (obj) {
+		var prop;
+		for (prop in obj) {
+			if (obj.hasOwnProperty(prop)) {
+				return false;
+			}
+		}
+		return true;
+	};
+
+	/*
+	* jQuery extend now ignores nulls!
+	*/
+	var extendRemove = function (target, props) {
+		$.extend(target, props);
+		for (var name in props) {
+			if (props[name] === null || props[name] === undefined) {
+				target[name] = props[name];
+			}
+		}
+		return target;
+	};
+
+	/*
+	* Determine by the time format which units are supported
+	* Returns an object of booleans for each unit
+	*/
+	var detectSupport = function (timeFormat) {
+		var tf = timeFormat.replace(/'.*?'/g, '').toLowerCase(), // removes literals
+			isIn = function (f, t) { // does the format contain the token?
+					return f.indexOf(t) !== -1 ? true : false;
+				};
+		return {
+				hour: isIn(tf, 'h'),
+				minute: isIn(tf, 'm'),
+				second: isIn(tf, 's'),
+				millisec: isIn(tf, 'l'),
+				microsec: isIn(tf, 'c'),
+				timezone: isIn(tf, 'z'),
+				ampm: isIn(tf, 't') && isIn(timeFormat, 'h'),
+				iso8601: isIn(timeFormat, 'Z')
+			};
+	};
+
+	/*
+	* Converts 24 hour format into 12 hour
+	* Returns 12 hour without leading 0
+	*/
+	var convert24to12 = function (hour) {
+		hour %= 12;
+
+		if (hour === 0) {
+			hour = 12;
+		}
+
+		return String(hour);
+	};
+
+	var computeEffectiveSetting = function (settings, property) {
+		return settings && settings[property] ? settings[property] : $.timepicker._defaults[property];
+	};
+
+	/*
+	* Splits datetime string into date and time substrings.
+	* Throws exception when date can't be parsed
+	* Returns {dateString: dateString, timeString: timeString}
+	*/
+	var splitDateTime = function (dateTimeString, timeSettings) {
+		// The idea is to get the number separator occurrences in datetime and the time format requested (since time has
+		// fewer unknowns, mostly numbers and am/pm). We will use the time pattern to split.
+		var separator = computeEffectiveSetting(timeSettings, 'separator'),
+			format = computeEffectiveSetting(timeSettings, 'timeFormat'),
+			timeParts = format.split(separator), // how many occurrences of separator may be in our format?
+			timePartsLen = timeParts.length,
+			allParts = dateTimeString.split(separator),
+			allPartsLen = allParts.length;
+
+		if (allPartsLen > 1) {
+			return {
+				dateString: allParts.splice(0, allPartsLen - timePartsLen).join(separator),
+				timeString: allParts.splice(0, timePartsLen).join(separator)
+			};
+		}
+
+		return {
+			dateString: dateTimeString,
+			timeString: ''
+		};
+	};
+
+	/*
+	* Internal function to parse datetime interval
+	* Returns: {date: Date, timeObj: Object}, where
+	*   date - parsed date without time (type Date)
+	*   timeObj = {hour: , minute: , second: , millisec: , microsec: } - parsed time. Optional
+	*/
+	var parseDateTimeInternal = function (dateFormat, timeFormat, dateTimeString, dateSettings, timeSettings) {
+		var date,
+			parts,
+			parsedTime;
+
+		parts = splitDateTime(dateTimeString, timeSettings);
+		date = $.datepicker._base_parseDate(dateFormat, parts.dateString, dateSettings);
+
+		if (parts.timeString === '') {
+			return {
+				date: date
+			};
+		}
+
+		parsedTime = $.datepicker.parseTime(timeFormat, parts.timeString, timeSettings);
+
+		if (!parsedTime) {
+			throw 'Wrong time format';
+		}
+
+		return {
+			date: date,
+			timeObj: parsedTime
+		};
+	};
+
+	/*
+	* Internal function to set timezone_select to the local timezone
+	*/
+	var selectLocalTimezone = function (tp_inst, date) {
+		if (tp_inst && tp_inst.timezone_select) {
+			var now = date || new Date();
+			tp_inst.timezone_select.val(-now.getTimezoneOffset());
+		}
+	};
+
+	/*
+	* Create a Singleton Instance
+	*/
+	$.timepicker = new Timepicker();
+
+	/**
+	 * Get the timezone offset as string from a date object (eg '+0530' for UTC+5.5)
+	 * @param {number} tzMinutes if not a number, less than -720 (-1200), or greater than 840 (+1400) this value is returned
+	 * @param {boolean} iso8601 if true formats in accordance to iso8601 "+12:45"
+	 * @return {string}
+	 */
+	$.timepicker.timezoneOffsetString = function (tzMinutes, iso8601) {
+		if (isNaN(tzMinutes) || tzMinutes > 840 || tzMinutes < -720) {
+			return tzMinutes;
+		}
+
+		var off = tzMinutes,
+			minutes = off % 60,
+			hours = (off - minutes) / 60,
+			iso = iso8601 ? ':' : '',
+			tz = (off >= 0 ? '+' : '-') + ('0' + Math.abs(hours)).slice(-2) + iso + ('0' + Math.abs(minutes)).slice(-2);
+		
+		if (tz === '+00:00') {
+			return 'Z';
+		}
+		return tz;
+	};
+
+	/**
+	 * Get the number in minutes that represents a timezone string
+	 * @param  {string} tzString formatted like "+0500", "-1245", "Z"
+	 * @return {number} the offset minutes or the original string if it doesn't match expectations
+	 */
+	$.timepicker.timezoneOffsetNumber = function (tzString) {
+		var normalized = tzString.toString().replace(':', ''); // excuse any iso8601, end up with "+1245"
+
+		if (normalized.toUpperCase() === 'Z') { // if iso8601 with Z, its 0 minute offset
+			return 0;
+		}
+
+		if (!/^(\-|\+)\d{4}$/.test(normalized)) { // possibly a user defined tz, so just give it back
+			return tzString;
+		}
+
+		return ((normalized.substr(0, 1) === '-' ? -1 : 1) * // plus or minus
+					((parseInt(normalized.substr(1, 2), 10) * 60) + // hours (converted to minutes)
+					parseInt(normalized.substr(3, 2), 10))); // minutes
+	};
+
+	/**
+	 * No way to set timezone in js Date, so we must adjust the minutes to compensate. (think setDate, getDate)
+	 * @param  {Date} date
+	 * @param  {string} toTimezone formatted like "+0500", "-1245"
+	 * @return {Date}
+	 */
+	$.timepicker.timezoneAdjust = function (date, toTimezone) {
+		var toTz = $.timepicker.timezoneOffsetNumber(toTimezone);
+		if (!isNaN(toTz)) {
+			date.setMinutes(date.getMinutes() + -date.getTimezoneOffset() - toTz);
+		}
+		return date;
+	};
+
+	/**
+	 * Calls `timepicker()` on the `startTime` and `endTime` elements, and configures them to
+	 * enforce date range limits.
+	 * n.b. The input value must be correctly formatted (reformatting is not supported)
+	 * @param  {Element} startTime
+	 * @param  {Element} endTime
+	 * @param  {Object} options Options for the timepicker() call
+	 * @return {jQuery}
+	 */
+	$.timepicker.timeRange = function (startTime, endTime, options) {
+		return $.timepicker.handleRange('timepicker', startTime, endTime, options);
+	};
+
+	/**
+	 * Calls `datetimepicker` on the `startTime` and `endTime` elements, and configures them to
+	 * enforce date range limits.
+	 * @param  {Element} startTime
+	 * @param  {Element} endTime
+	 * @param  {Object} options Options for the `timepicker()` call. Also supports `reformat`,
+	 *   a boolean value that can be used to reformat the input values to the `dateFormat`.
+	 * @param  {string} method Can be used to specify the type of picker to be added
+	 * @return {jQuery}
+	 */
+	$.timepicker.datetimeRange = function (startTime, endTime, options) {
+		$.timepicker.handleRange('datetimepicker', startTime, endTime, options);
+	};
+
+	/**
+	 * Calls `datepicker` on the `startTime` and `endTime` elements, and configures them to
+	 * enforce date range limits.
+	 * @param  {Element} startTime
+	 * @param  {Element} endTime
+	 * @param  {Object} options Options for the `timepicker()` call. Also supports `reformat`,
+	 *   a boolean value that can be used to reformat the input values to the `dateFormat`.
+	 * @return {jQuery}
+	 */
+	$.timepicker.dateRange = function (startTime, endTime, options) {
+		$.timepicker.handleRange('datepicker', startTime, endTime, options);
+	};
+
+	/**
+	 * Calls `method` on the `startTime` and `endTime` elements, and configures them to
+	 * enforce date range limits.
+	 * @param  {string} method Can be used to specify the type of picker to be added
+	 * @param  {Element} startTime
+	 * @param  {Element} endTime
+	 * @param  {Object} options Options for the `timepicker()` call. Also supports `reformat`,
+	 *   a boolean value that can be used to reformat the input values to the `dateFormat`.
+	 * @return {jQuery}
+	 */
+	$.timepicker.handleRange = function (method, startTime, endTime, options) {
+		options = $.extend({}, {
+			minInterval: 0, // min allowed interval in milliseconds
+			maxInterval: 0, // max allowed interval in milliseconds
+			start: {},      // options for start picker
+			end: {}         // options for end picker
+		}, options);
+
+		function checkDates(changed, other) {
+			var startdt = startTime[method]('getDate'),
+				enddt = endTime[method]('getDate'),
+				changeddt = changed[method]('getDate');
+
+			if (startdt !== null) {
+				var minDate = new Date(startdt.getTime()),
+					maxDate = new Date(startdt.getTime());
+
+				minDate.setMilliseconds(minDate.getMilliseconds() + options.minInterval);
+				maxDate.setMilliseconds(maxDate.getMilliseconds() + options.maxInterval);
+
+				if (options.minInterval > 0 && minDate > enddt) { // minInterval check
+					endTime[method]('setDate', minDate);
+				}
+				else if (options.maxInterval > 0 && maxDate < enddt) { // max interval check
+					endTime[method]('setDate', maxDate);
+				}
+				else if (startdt > enddt) {
+					other[method]('setDate', changeddt);
+				}
+			}
+		}
+
+		function selected(changed, other, option) {
+			if (!changed.val()) {
+				return;
+			}
+			var date = changed[method].call(changed, 'getDate');
+			if (date !== null && options.minInterval > 0) {
+				if (option === 'minDate') {
+					date.setMilliseconds(date.getMilliseconds() + options.minInterval);
+				}
+				if (option === 'maxDate') {
+					date.setMilliseconds(date.getMilliseconds() - options.minInterval);
+				}
+			}
+			if (date.getTime) {
+				other[method].call(other, 'option', option, date);
+			}
+		}
+
+		$.fn[method].call(startTime, $.extend({
+			onClose: function (dateText, inst) {
+				checkDates($(this), endTime);
+			},
+			onSelect: function (selectedDateTime) {
+				selected($(this), endTime, 'minDate');
+			}
+		}, options, options.start));
+		$.fn[method].call(endTime, $.extend({
+			onClose: function (dateText, inst) {
+				checkDates($(this), startTime);
+			},
+			onSelect: function (selectedDateTime) {
+				selected($(this), startTime, 'maxDate');
+			}
+		}, options, options.end));
+
+		checkDates(startTime, endTime);
+		selected(startTime, endTime, 'minDate');
+		selected(endTime, startTime, 'maxDate');
+		return $([startTime.get(0), endTime.get(0)]);
+	};
+
+	/**
+	 * Log error or data to the console during error or debugging
+	 * @param  {Object} err pass any type object to log to the console during error or debugging
+	 * @return {void}
+	 */
+	$.timepicker.log = function (err) {
+		if (window.console) {
+			window.console.log(err);
+		}
+	};
+
+	/*
+	 * Add util object to allow access to private methods for testability.
+	 */
+	$.timepicker._util = {
+		_extendRemove: extendRemove,
+		_isEmptyObject: isEmptyObject,
+		_convert24to12: convert24to12,
+		_detectSupport: detectSupport,
+		_selectLocalTimezone: selectLocalTimezone,
+		_computeEffectiveSetting: computeEffectiveSetting,
+		_splitDateTime: splitDateTime,
+		_parseDateTimeInternal: parseDateTimeInternal
+	};
+
+	/*
+	* Microsecond support
+	*/
+	if (!Date.prototype.getMicroseconds) {
+		Date.prototype.microseconds = 0;
+		Date.prototype.getMicroseconds = function () { return this.microseconds; };
+		Date.prototype.setMicroseconds = function (m) {
+			this.setMilliseconds(this.getMilliseconds() + Math.floor(m / 1000));
+			this.microseconds = m % 1000;
+			return this;
+		};
+	}
+
+	/*
+	* Keep up with the version
+	*/
+	$.timepicker.version = "1.4";
+
+})(jQuery);
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/tokeninput.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/tokeninput.js
new file mode 100644
index 0000000..c571299
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/tokeninput.js
@@ -0,0 +1,877 @@
+/*
+ * jQuery Plugin: Tokenizing Autocomplete Text Entry
+ * Version 1.6.0
+ *
+ * Copyright (c) 2009 James Smith (http://loopj.com)
+ * Licensed jointly under the GPL and MIT licenses,
+ * choose which one suits your project best!
+ *
+ */
+
+(function ($) {
+// Default settings
+var DEFAULT_SETTINGS = {
+	// Search settings
+    method: "GET",
+    contentType: "json",
+    queryParam: "q",
+    searchDelay: 300,
+    minChars: 1,
+    propertyToSearch: "name",
+    jsonContainer: null,
+
+	// Display settings
+    hintText: "Type in a search term",
+    noResultsText: "No results",
+    searchingText: "Searching...",
+    deleteText: "&times;",
+    animateDropdown: true,
+
+	// Tokenization settings
+    tokenLimit: null,
+    tokenDelimiter: ",",
+    preventDuplicates: false,
+
+	// Output settings
+    tokenValue: "id",
+
+	// Prepopulation settings
+    prePopulate: null,
+    processPrePopulate: false,
+
+	// Manipulation settings
+    idPrefix: "token-input-",
+
+	// Formatters
+    resultsFormatter: function(item){ return "<li>" + item[this.propertyToSearch]+ "</li>" },
+    tokenFormatter: function(item) { return "<li><p>" + item[this.propertyToSearch] + "</p></li>" },
+
+	// Callbacks
+    onResult: null,
+    onAdd: null,
+    onDelete: null,
+    onReady: null
+};
+
+// Default classes to use when theming
+var DEFAULT_CLASSES = {
+    tokenList: "token-input-list",
+    token: "token-input-token",
+    tokenDelete: "token-input-delete-token",
+    selectedToken: "token-input-selected-token",
+    highlightedToken: "token-input-highlighted-token",
+    dropdown: "token-input-dropdown",
+    dropdownItem: "token-input-dropdown-item",
+    dropdownItem2: "token-input-dropdown-item2",
+    selectedDropdownItem: "token-input-selected-dropdown-item",
+    inputToken: "token-input-input-token"
+};
+
+// Input box position "enum"
+var POSITION = {
+    BEFORE: 0,
+    AFTER: 1,
+    END: 2
+};
+
+// Keys "enum"
+var KEY = {
+    BACKSPACE: 8,
+    TAB: 9,
+    ENTER: 13,
+    ESCAPE: 27,
+    SPACE: 32,
+    PAGE_UP: 33,
+    PAGE_DOWN: 34,
+    END: 35,
+    HOME: 36,
+    LEFT: 37,
+    UP: 38,
+    RIGHT: 39,
+    DOWN: 40,
+    NUMPAD_ENTER: 108,
+    COMMA: 188
+};
+
+// Additional public (exposed) methods
+var methods = {
+    init: function(url_or_data_or_function, options) {
+        var settings = $.extend({}, DEFAULT_SETTINGS, options || {});
+
+        return this.each(function () {
+            $(this).data("tokenInputObject", new $.TokenList(this, url_or_data_or_function, settings));
+        });
+    },
+    clear: function() {
+        this.data("tokenInputObject").clear();
+        return this;
+    },
+    add: function(item) {
+        this.data("tokenInputObject").add(item);
+        return this;
+    },
+    remove: function(item) {
+        this.data("tokenInputObject").remove(item);
+        return this;
+    },
+    get: function() {
+    	return this.data("tokenInputObject").getTokens();
+   	}
+}
+
+// Expose the .tokenInput function to jQuery as a plugin
+$.fn.tokenInput = function (method) {
+    // Method calling and initialization logic
+    if(methods[method]) {
+        return methods[method].apply(this, Array.prototype.slice.call(arguments, 1));
+    } else {
+        return methods.init.apply(this, arguments);
+    }
+};
+
+// TokenList class for each input
+$.TokenList = function (input, url_or_data, settings) {
+    //
+    // Initialization
+    //
+
+    // Configure the data source
+    if($.type(url_or_data) === "string" || $.type(url_or_data) === "function") {
+        // Set the url to query against
+        settings.url = url_or_data;
+
+        // If the URL is a function, evaluate it here to do our initalization work
+        var url = computeURL();
+
+        // Make a smart guess about cross-domain if it wasn't explicitly specified
+        if(settings.crossDomain === undefined) {
+            if(url.indexOf("://") === -1) {
+                settings.crossDomain = false;
+            } else {
+                settings.crossDomain = (location.href.split(/\/+/g)[1] !== url.split(/\/+/g)[1]);
+            }
+        }
+    } else if(typeof(url_or_data) === "object") {
+        // Set the local data to search through
+        settings.local_data = url_or_data;
+    }
+
+    // Build class names
+    if(settings.classes) {
+        // Use custom class names
+        settings.classes = $.extend({}, DEFAULT_CLASSES, settings.classes);
+    } else if(settings.theme) {
+        // Use theme-suffixed default class names
+        settings.classes = {};
+        $.each(DEFAULT_CLASSES, function(key, value) {
+            settings.classes[key] = value + "-" + settings.theme;
+        });
+    } else {
+        settings.classes = DEFAULT_CLASSES;
+    }
+
+
+    // Save the tokens
+    var saved_tokens = [];
+
+    // Keep track of the number of tokens in the list
+    var token_count = 0;
+
+    // Basic cache to save on db hits
+    var cache = new $.TokenList.Cache();
+
+    // Keep track of the timeout, old vals
+    var timeout;
+    var input_val;
+
+    // Create a new text input an attach keyup events
+    var input_box = $("<input type=\"text\"  autocomplete=\"off\">")
+        .css({
+            outline: "none"
+        })
+        .attr("id", settings.idPrefix + input.id)
+        .focus(function () {
+            if (settings.tokenLimit === null || settings.tokenLimit !== token_count) {
+                show_dropdown_hint();
+            }
+        })
+        .blur(function () {
+            hide_dropdown();
+            $(this).val("");
+        })
+    //    .bind("keyup keydown blur update", resize_input)
+        .keydown(function (event) {
+            var previous_token;
+            var next_token;
+
+            switch(event.keyCode) {
+                case KEY.LEFT:
+                case KEY.RIGHT:
+                case KEY.UP:
+                case KEY.DOWN:
+                    if(!$(this).val()) {
+                        previous_token = input_token.prev();
+                        next_token = input_token.next();
+
+                        if((previous_token.length && previous_token.get(0) === selected_token) || (next_token.length && next_token.get(0) === selected_token)) {
+                            // Check if there is a previous/next token and it is selected
+                            if(event.keyCode === KEY.LEFT || event.keyCode === KEY.UP) {
+                                deselect_token($(selected_token), POSITION.BEFORE);
+                            } else {
+                                deselect_token($(selected_token), POSITION.AFTER);
+                            }
+                        } else if((event.keyCode === KEY.LEFT || event.keyCode === KEY.UP) && previous_token.length) {
+                            // We are moving left, select the previous token if it exists
+                            select_token($(previous_token.get(0)));
+                        } else if((event.keyCode === KEY.RIGHT || event.keyCode === KEY.DOWN) && next_token.length) {
+                            // We are moving right, select the next token if it exists
+                            select_token($(next_token.get(0)));
+                        }
+                    } else {
+                        var dropdown_item = null;
+
+                        if(event.keyCode === KEY.DOWN || event.keyCode === KEY.RIGHT) {
+                            dropdown_item = $(selected_dropdown_item).next();
+                        } else {
+                            dropdown_item = $(selected_dropdown_item).prev();
+                        }
+
+                        if(dropdown_item.length) {
+                            select_dropdown_item(dropdown_item);
+                        }
+                        return false;
+                    }
+                    break;
+
+                case KEY.BACKSPACE:
+                    previous_token = input_token.prev();
+
+                    if(!$(this).val().length) {
+                        if(selected_token) {
+                            delete_token($(selected_token));
+                            hidden_input.change();
+                        } else if(previous_token.length) {
+                            select_token($(previous_token.get(0)));
+                        }
+
+                        return false;
+                    } else if($(this).val().length === 1) {
+                        hide_dropdown();
+                    } else {
+                        // set a timeout just long enough to let this function finish.
+                        setTimeout(function(){do_search();}, 5);
+                    }
+                    break;
+
+                case KEY.TAB:
+                case KEY.ENTER:
+                case KEY.NUMPAD_ENTER:
+                case KEY.COMMA:
+                  if(selected_dropdown_item) {
+                    add_token($(selected_dropdown_item).data("tokeninput"));
+                    hidden_input.change();
+                    return false;
+                  } else {
+                    add_token(null);
+                    return false;
+                  }
+                    
+                  break;
+
+                case KEY.ESCAPE:
+                  hide_dropdown();
+                  return true;
+
+                default:
+                    if(String.fromCharCode(event.which)) {
+                        // set a timeout just long enough to let this function finish.
+                        setTimeout(function(){do_search();}, 5);
+                    }
+                    break;
+            }
+        });
+
+    // Keep a reference to the original input box
+    var hidden_input = $(input)
+                           .hide()
+                           .val("")
+                           .focus(function () {
+                               input_box.focus();
+                           })
+                           .blur(function () {
+                               input_box.blur();
+                           });
+
+    // Keep a reference to the selected token and dropdown item
+    var selected_token = null;
+    var selected_token_index = 0;
+    var selected_dropdown_item = null;
+
+    // The list to store the token items in
+    var token_list = $("<ul />")
+        .addClass(settings.classes.tokenList)
+        .click(function (event) {
+            var li = $(event.target).closest("li");
+            if(li && li.get(0) && $.data(li.get(0), "tokeninput")) {
+                toggle_select_token(li);
+            } else {
+                // Deselect selected token
+                if(selected_token) {
+                    deselect_token($(selected_token), POSITION.END);
+                }
+
+                // Focus input box
+                input_box.focus();
+            }
+        })
+        .mouseover(function (event) {
+            var li = $(event.target).closest("li");
+            if(li && selected_token !== this) {
+                li.addClass(settings.classes.highlightedToken);
+            }
+        })
+        .mouseout(function (event) {
+            var li = $(event.target).closest("li");
+            if(li && selected_token !== this) {
+                li.removeClass(settings.classes.highlightedToken);
+            }
+        })
+        .insertBefore(hidden_input);
+
+    // The token holding the input box
+    var input_token = $("<li />")
+        .addClass(settings.classes.inputToken)
+        .appendTo(token_list)
+        .append(input_box);
+
+    // The list to store the dropdown items in
+    var dropdown = $("<div>")
+        .addClass(settings.classes.dropdown)
+        .appendTo("body")
+        .hide();
+
+    // Magic element to help us resize the text input
+    var input_resizer = $("<tester/>")
+        .insertAfter(input_box)
+        .css({
+            position: "absolute",
+            top: -9999,
+            left: -9999,
+            width: "auto",
+            fontSize: input_box.css("fontSize"),
+            fontFamily: input_box.css("fontFamily"),
+            fontWeight: input_box.css("fontWeight"),
+            letterSpacing: input_box.css("letterSpacing"),
+            whiteSpace: "nowrap"
+        });
+
+    // Pre-populate list if items exist
+    hidden_input.val("");
+    var li_data = settings.prePopulate || hidden_input.data("pre");
+    if(settings.processPrePopulate && $.isFunction(settings.onResult)) {
+        li_data = settings.onResult.call(hidden_input, li_data);
+    }
+    if(li_data && li_data.length) {
+        $.each(li_data, function (index, value) {
+            insert_token(value);
+            checkTokenLimit();
+        });
+    }
+
+    // Initialization is done
+    if($.isFunction(settings.onReady)) {
+        settings.onReady.call();
+    }
+
+    //
+    // Public functions
+    //
+
+    this.clear = function() {
+        token_list.children("li").each(function() {
+            if ($(this).children("input").length === 0) {
+                delete_token($(this));
+            }
+        });
+    }
+
+    this.add = function(item) {
+        add_token(item);
+    }
+
+    this.remove = function(item) {
+        token_list.children("li").each(function() {
+            if ($(this).children("input").length === 0) {
+                var currToken = $(this).data("tokeninput");
+                var match = true;
+                for (var prop in item) {
+                    if (item[prop] !== currToken[prop]) {
+                        match = false;
+                        break;
+                    }
+                }
+                if (match) {
+                    delete_token($(this));
+                }
+            }
+        });
+    }
+    
+    this.getTokens = function() {
+   		return saved_tokens;
+   	}
+
+    //
+    // Private functions
+    //
+
+    function checkTokenLimit() {
+        if(settings.tokenLimit !== null && token_count >= settings.tokenLimit) {
+            input_box.hide();
+            hide_dropdown();
+            return;
+        }
+    }
+
+    function resize_input() {
+        if(input_val === (input_val = input_box.val())) {return;}
+
+        // Enter new content into resizer and resize input accordingly
+        var escaped = input_val.replace(/&/g, '&amp;').replace(/\s/g,' ').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+        input_resizer.html(escaped);
+        input_box.width(input_resizer.width() + 30);
+    }
+
+    function is_printable_character(keycode) {
+        return ((keycode >= 48 && keycode <= 90) ||     // 0-1a-z
+                (keycode >= 96 && keycode <= 111) ||    // numpad 0-9 + - / * .
+                (keycode >= 186 && keycode <= 192) ||   // ; = , - . / ^
+                (keycode >= 219 && keycode <= 222));    // ( \ ) '
+    }
+
+    // Inner function to a token to the list
+    function insert_token(item) {
+        var this_token = settings.tokenFormatter(item);
+        this_token = $(this_token)
+          .addClass(settings.classes.token)
+          .insertBefore(input_token);
+
+        // The 'delete token' button
+        $("<span>" + settings.deleteText + "</span>")
+            .addClass(settings.classes.tokenDelete)
+            .appendTo(this_token)
+            .click(function () {
+                delete_token($(this).parent());
+                hidden_input.change();
+                return false;
+            });
+
+        // Store data on the token
+        var token_data = {"id": item.id};
+        token_data[settings.propertyToSearch] = item[settings.propertyToSearch];
+        $.data(this_token.get(0), "tokeninput", item);
+
+        // Save this token for duplicate checking
+        saved_tokens = saved_tokens.slice(0,selected_token_index).concat([token_data]).concat(saved_tokens.slice(selected_token_index));
+        selected_token_index++;
+
+        // Update the hidden input
+        update_hidden_input(saved_tokens, hidden_input);
+
+        token_count += 1;
+
+        // Check the token limit
+        if(settings.tokenLimit !== null && token_count >= settings.tokenLimit) {
+            input_box.hide();
+            hide_dropdown();
+        }
+
+        return this_token;
+    }
+
+    // Add a token to the token list based on user input
+    function add_token (item) {
+        var callback = settings.onAdd;
+
+        // fix null bug
+        if (!item && input_box.val().length > 0) {
+            item = {
+                id  :   input_box.val()
+            };
+
+            item[settings.propertyToSearch] = input_box.val();
+        }
+
+        if (!item) {
+            return false;
+        }
+
+        // See if the token already exists and select it if we don't want duplicates
+        if(token_count > 0 && settings.preventDuplicates) {
+            var found_existing_token = null;
+            token_list.children().each(function () {
+                var existing_token = $(this);
+                var existing_data = $.data(existing_token.get(0), "tokeninput");
+                if(existing_data && existing_data.id === item.id) {
+                    found_existing_token = existing_token;
+                    return false;
+                }
+            });
+
+            if(found_existing_token) {
+                select_token(found_existing_token);
+                input_token.insertAfter(found_existing_token);
+                input_box.focus();
+                return;
+            }
+        }
+
+        // Insert the new tokens
+        if(settings.tokenLimit == null || token_count < settings.tokenLimit) {
+            insert_token(item);
+            checkTokenLimit();
+        }
+
+        // Clear input box
+        input_box.val("");
+
+        // Don't show the help dropdown, they've got the idea
+        hide_dropdown();
+
+        // Execute the onAdd callback if defined
+        if($.isFunction(callback)) {
+            callback.call(hidden_input,item);
+        }
+    }
+
+    // Select a token in the token list
+    function select_token (token) {
+        token.addClass(settings.classes.selectedToken);
+        selected_token = token.get(0);
+
+        // Hide input box
+        input_box.val("");
+
+        // Hide dropdown if it is visible (eg if we clicked to select token)
+        hide_dropdown();
+    }
+
+    // Deselect a token in the token list
+    function deselect_token (token, position) {
+        token.removeClass(settings.classes.selectedToken);
+        selected_token = null;
+
+        if(position === POSITION.BEFORE) {
+            input_token.insertBefore(token);
+            selected_token_index--;
+        } else if(position === POSITION.AFTER) {
+            input_token.insertAfter(token);
+            selected_token_index++;
+        } else {
+            input_token.appendTo(token_list);
+            selected_token_index = token_count;
+        }
+
+        // Show the input box and give it focus again
+        input_box.focus();
+    }
+
+    // Toggle selection of a token in the token list
+    function toggle_select_token(token) {
+        var previous_selected_token = selected_token;
+
+        if(selected_token) {
+            deselect_token($(selected_token), POSITION.END);
+        }
+
+        if(previous_selected_token === token.get(0)) {
+            deselect_token(token, POSITION.END);
+        } else {
+            select_token(token);
+        }
+    }
+
+    // Delete a token from the token list
+    function delete_token (token) {
+        // Remove the id from the saved list
+        var token_data = $.data(token.get(0), "tokeninput");
+        var callback = settings.onDelete;
+
+        var index = token.prevAll().length;
+        if(index > selected_token_index) index--;
+
+        // Delete the token
+        token.remove();
+        selected_token = null;
+
+        // Show the input box and give it focus again
+        input_box.focus();
+
+        // Remove this token from the saved list
+        saved_tokens = saved_tokens.slice(0,index).concat(saved_tokens.slice(index+1));
+        if(index < selected_token_index) selected_token_index--;
+
+        // Update the hidden input
+        update_hidden_input(saved_tokens, hidden_input);
+
+        token_count -= 1;
+
+        if(settings.tokenLimit !== null) {
+            input_box
+                .show()
+                .val("")
+                .focus();
+        }
+
+        // Execute the onDelete callback if defined
+        if($.isFunction(callback)) {
+            callback.call(hidden_input,token_data);
+        }
+    }
+
+    // Update the hidden input box value
+    function update_hidden_input(saved_tokens, hidden_input) {
+        var token_values = $.map(saved_tokens, function (el) {
+            return el[settings.tokenValue];
+        });
+        hidden_input.val(token_values.join(settings.tokenDelimiter));
+
+    }
+
+    // Hide and clear the results dropdown
+    function hide_dropdown () {
+        dropdown.hide().empty();
+        selected_dropdown_item = null;
+    }
+
+    function show_dropdown() {
+        dropdown
+            .css({
+                position: "absolute",
+                top: $(token_list).offset().top + $(token_list).outerHeight(),
+                left: $(token_list).offset().left,
+                zindex: 999
+            })
+            .show();
+    }
+
+    function show_dropdown_searching () {
+        if(settings.searchingText) {
+            dropdown.html("<p>"+settings.searchingText+"</p>");
+            show_dropdown();
+        }
+    }
+
+    function show_dropdown_hint () {
+        if(settings.hintText) {
+            dropdown.html("<p>"+settings.hintText+"</p>");
+            show_dropdown();
+        }
+    }
+
+    // Highlight the query part of the search term
+    function highlight_term(value, term) {
+        return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term + ")(?![^<>]*>)(?![^&;]+;)", "gi"), "<b>$1</b>");
+    }
+    
+    function find_value_and_highlight_term(template, value, term) {
+        return template.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + value + ")(?![^<>]*>)(?![^&;]+;)", "g"), highlight_term(value, term));
+    }
+
+    // Populate the results dropdown with some results
+    function populate_dropdown (query, results) {
+        if(results && results.length) {
+            dropdown.empty();
+            var dropdown_ul = $("<ul>")
+                .appendTo(dropdown)
+                .mouseover(function (event) {
+                    select_dropdown_item($(event.target).closest("li"));
+                })
+                .mousedown(function (event) {
+                    add_token($(event.target).closest("li").data("tokeninput"));
+                    hidden_input.change();
+                    return false;
+                })
+                .hide();
+
+            $.each(results, function(index, value) {
+                var this_li = settings.resultsFormatter(value);
+                
+                this_li = find_value_and_highlight_term(this_li ,value[settings.propertyToSearch], query);            
+                
+                this_li = $(this_li).appendTo(dropdown_ul);
+                
+                if(index % 2) {
+                    this_li.addClass(settings.classes.dropdownItem);
+                } else {
+                    this_li.addClass(settings.classes.dropdownItem2);
+                }
+
+                if(index === 0) {
+                    select_dropdown_item(this_li);
+                }
+
+                $.data(this_li.get(0), "tokeninput", value);
+            });
+
+            show_dropdown();
+
+            if(settings.animateDropdown) {
+                dropdown_ul.slideDown("fast");
+            } else {
+                dropdown_ul.show();
+            }
+        } else {
+            if(settings.noResultsText) {
+                dropdown.html("<p>"+settings.noResultsText+"</p>");
+                show_dropdown();
+            }
+        }
+    }
+
+    // Highlight an item in the results dropdown
+    function select_dropdown_item (item) {
+        if(item) {
+            if(selected_dropdown_item) {
+                deselect_dropdown_item($(selected_dropdown_item));
+            }
+
+            item.addClass(settings.classes.selectedDropdownItem);
+            selected_dropdown_item = item.get(0);
+        }
+    }
+
+    // Remove highlighting from an item in the results dropdown
+    function deselect_dropdown_item (item) {
+        item.removeClass(settings.classes.selectedDropdownItem);
+        selected_dropdown_item = null;
+    }
+
+    // Do a search and show the "searching" dropdown if the input is longer
+    // than settings.minChars
+    function do_search() {
+        var query = input_box.val().toLowerCase();
+
+        if(query && query.length) {
+            if(selected_token) {
+                deselect_token($(selected_token), POSITION.AFTER);
+            }
+
+            if(query.length >= settings.minChars) {
+                show_dropdown_searching();
+                clearTimeout(timeout);
+
+                timeout = setTimeout(function(){
+                    run_search(query);
+                }, settings.searchDelay);
+            } else {
+                hide_dropdown();
+            }
+        }
+    }
+
+    // Do the actual search
+    function run_search(query) {
+        var cache_key = query + computeURL();
+        var cached_results = cache.get(cache_key);
+        if(cached_results) {
+            populate_dropdown(query, cached_results);
+        } else {
+            // Are we doing an ajax search or local data search?
+            if(settings.url) {
+                var url = computeURL();
+                // Extract exisiting get params
+                var ajax_params = {};
+                ajax_params.data = {};
+                if(url.indexOf("?") > -1) {
+                    var parts = url.split("?");
+                    ajax_params.url = parts[0];
+
+                    var param_array = parts[1].split("&");
+                    $.each(param_array, function (index, value) {
+                        var kv = value.split("=");
+                        ajax_params.data[kv[0]] = kv[1];
+                    });
+                } else {
+                    ajax_params.url = url;
+                }
+
+                // Prepare the request
+                ajax_params.data[settings.queryParam] = query;
+                ajax_params.type = settings.method;
+                ajax_params.dataType = settings.contentType;
+                if(settings.crossDomain) {
+                    ajax_params.dataType = "jsonp";
+                }
+
+                // Attach the success callback
+                ajax_params.success = function(results) {
+                  if($.isFunction(settings.onResult)) {
+                      results = settings.onResult.call(hidden_input, results, query);
+                  }
+                  cache.add(cache_key, settings.jsonContainer ? results[settings.jsonContainer] : results);
+
+                  // only populate the dropdown if the results are associated with the active search query
+                  if(input_box.val().toLowerCase() === query) {
+                      populate_dropdown(query, settings.jsonContainer ? results[settings.jsonContainer] : results);
+                  }
+                };
+
+                // Make the request
+                $.ajax(ajax_params);
+            } else if(settings.local_data) {
+                // Do the search through local data
+                var results = $.grep(settings.local_data, function (row) {
+                    return row[settings.propertyToSearch].toLowerCase().indexOf(query.toLowerCase()) > -1;
+                });
+
+                if($.isFunction(settings.onResult)) {
+                    results = settings.onResult.call(hidden_input, results, query);
+                }
+                cache.add(cache_key, results);
+                populate_dropdown(query, results);
+            }
+        }
+    }
+
+    // compute the dynamic URL
+    function computeURL() {
+        var url = settings.url;
+        if(typeof settings.url == 'function') {
+            url = settings.url.call();
+        }
+        return url;
+    }
+};
+
+// Really basic cache for the results
+$.TokenList.Cache = function (options) {
+    var settings = $.extend({
+        max_size: 500
+    }, options);
+
+    var data = {};
+    var size = 0;
+
+    var flush = function () {
+        data = {};
+        size = 0;
+    };
+
+    this.add = function (query, results) {
+        if(size > settings.max_size) {
+            flush();
+        }
+
+        if(!data[query]) {
+            size += 1;
+        }
+
+        data[query] = results;
+    };
+
+    this.get = function (query) {
+        return data[query];
+    };
+};
+}(jQuery));
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/typecho.js b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/typecho.js
new file mode 100644
index 0000000..d27e43d
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/js/typecho.js
@@ -0,0 +1,1257 @@
+(function (w) {
+    w.Typecho = {
+        insertFileToEditor  :   function (file, url, isImage) {},
+        editorResize        :   function (id, url) {
+            $('#' + id).resizeable({
+                minHeight   :   100,
+                afterResize :   function (h) {
+                    $.post(url, {size : h});
+                }
+            })
+        },
+        uploadComplete      :   function (file) {}
+    };
+})(window);
+
+(function ($) {
+    // 下拉菜单插件
+    $.fn.dropdownMenu = function (options) {
+        this.each(function () {
+            var menu = this, s = $.extend({
+                menuEl      :   null,
+                btnEl       :   null
+            }, options);
+
+            $(s.btnEl, menu).click(function () {
+                var t = $(this);
+
+                t.toggleClass('active');
+                $(s.menuEl, menu).toggle();
+                return false;
+            });
+        });
+    };
+
+    $.fn.resizeable = function (options) {
+        var s = $.extend({
+            minHeight   :   100,
+            afterResize :   null
+        }, options);
+
+        return this.each(function () {
+            var r = $('<span class="resize"><i></i></span>').insertAfter(this),
+                staticOffset, iLastMousePos = 0, iMin = s.minHeight, t = this;
+
+            function startDrag(e) {
+                textarea = $(e.data.el);
+                textarea.blur();
+                iLastMousePos = mousePosition(e).y;
+
+                staticOffset = textarea.height() - iLastMousePos;
+                textarea.css('opacity', 0.25);
+
+                $(document).mousemove(performDrag).mouseup(endDrag);
+                return false;
+            }
+
+            function performDrag(e) {
+                var iThisMousePos = mousePosition(e).y,
+                iMousePos = staticOffset + iThisMousePos;
+                if (iLastMousePos >= (iThisMousePos)) {
+                    iMousePos -= 5;
+                }
+
+                iLastMousePos = iThisMousePos;
+                iMousePos = Math.max(iMin, iMousePos);
+                textarea.height(iMousePos + 'px');
+
+                if (iMousePos < iMin) {
+                    endDrag(e);
+                }
+                return false;
+            }
+
+            function endDrag(e) {
+                var h = textarea.outerHeight();
+                $(document).unbind('mousemove', performDrag).unbind('mouseup', endDrag);
+
+                textarea.css('opacity', 1);
+                textarea.focus();
+                textarea = null;
+
+                staticOffset = null;
+                iLastMousePos = 0;
+
+                if (s.afterResize) {
+                    s.afterResize.call(t, h);
+                }
+            }
+
+            function mousePosition(e) {
+                return { x: e.clientX + document.documentElement.scrollLeft, y: e.clientY + document.documentElement.scrollTop };
+            }
+
+            r.bind('mousedown', {el : this}, startDrag);
+        });
+    };
+
+    // 表格选择插件
+    $.fn.tableSelectable = function (options) {
+        var table = this, s = $.extend({
+            checkEl     :   null,
+            rowEl       :   null,
+            selectAllEl :   null,
+            actionEl    :   null
+        }, options);
+
+        function clickRow (t) {
+            var t = $(t), check = $(s.checkEl, t), checked = check.prop('checked');
+
+            if (!check.length) {
+                return;
+            }
+
+            check.prop('checked', !checked);
+            
+            if (checked) {
+                t.removeClass('checked');
+            } else {
+                t.addClass('checked');
+            }
+        }
+
+        $(s.rowEl, this).each(function () {
+            $(s.checkEl, this).click(function (e) {
+                clickRow($(this).parents(s.rowEl));
+            });
+        }).click(function (e) {
+            var target = $(e.toElement ? e.toElement : e.target),
+                tagName = target.prop('tagName').toLowerCase();
+            
+            if ($.inArray(tagName, ['input', 'textarea', 'a', 'button']) >= 0
+                && 'checkbox' != target.attr('type')) {
+                e.stopPropagation();
+            } else {
+                clickRow(this);
+            }
+        });
+
+        $(s.selectAllEl).click(function () {
+            var t = $(this), checked = t.prop('checked');
+            
+            if (checked) {
+                $(s.rowEl, table).each(function () {
+                    var t = $(this), el = $(s.checkEl, this).prop('checked', true);
+                    if (el.length > 0) {
+                        t.addClass('checked');
+                    }
+                });
+            } else {
+                $(s.rowEl, table).each(function () {
+                    var t = $(this), el = $(s.checkEl, this).prop('checked', false);
+                    if (el.length > 0) {
+                        t.removeClass('checked');
+                    }
+                });
+            }
+        });
+
+        $(s.actionEl).click(function () {
+            var t = $(this), lang = t.attr('lang');
+
+            if (!lang || confirm(lang)) {
+                table.parents('form').attr('action', t.attr('href')).submit();
+            }
+
+            return false;
+        });
+    };
+})($);
+
+(function () { 
+
+    Typecho.Markdown = function () {
+        this.writer = new stmd.HtmlRenderer();
+        this.reader = new stmd.DocParser();
+
+
+        /* begin hardbreak hack */
+        var w = this.writer, r = w.renderInline; 
+        w.renderInline = function (inline) {
+            if (inline.t == 'Softbreak') inline.t = 'Hardbreak';
+            return r.call(w, inline);
+        };
+        /* end hardbreak hack */
+
+        this.hooks = new Markdown.HookCollection()
+        this.hooks.addNoop('postConversion');
+    };
+
+    Typecho.Markdown.prototype.makeHtml = function (text) {
+        var doc = this.reader.parse(text),
+            html = this.writer.renderBlock(doc);
+
+        return this.hooks.postConversion(html);
+    };
+
+})();
+
+
+/**
+ * TableDnD plug-in for JQuery, allows you to drag and drop table rows
+ * You can set up various options to control how the system will work
+ * Copyright © Denis Howlett <denish@isocra.com>
+ * Licensed like jQuery, see http://docs.jquery.com/License.
+ *
+ * Configuration options:
+ * 
+ * onDragStyle
+ *     This is the style that is assigned to the row during drag. There are limitations to the styles that can be
+ *     associated with a row (such as you can't assign a border—well you can, but it won't be
+ *     displayed). (So instead consider using onDragClass.) The CSS style to apply is specified as
+ *     a map (as used in the jQuery css(...) function).
+ * onDropStyle
+ *     This is the style that is assigned to the row when it is dropped. As for onDragStyle, there are limitations
+ *     to what you can do. Also this replaces the original style, so again consider using onDragClass which
+ *     is simply added and then removed on drop.
+ * onDragClass
+ *     This class is added for the duration of the drag and then removed when the row is dropped. It is more
+ *     flexible than using onDragStyle since it can be inherited by the row cells and other content. The default
+ *     is class is tDnD_whileDrag. So to use the default, simply customise this CSS class in your
+ *     stylesheet.
+ * onDrop
+ *     Pass a function that will be called when the row is dropped. The function takes 2 parameters: the table
+ *     and the row that was dropped. You can work out the new order of the rows by using
+ *     table.rows.
+ * onDragStart
+ *     Pass a function that will be called when the user starts dragging. The function takes 2 parameters: the
+ *     table and the row which the user has started to drag.
+ * onAllowDrop
+ *     Pass a function that will be called as a row is over another row. If the function returns true, allow 
+ *     dropping on that row, otherwise not. The function takes 2 parameters: the dragged row and the row under
+ *     the cursor. It returns a boolean: true allows the drop, false doesn't allow it.
+ * scrollAmount
+ *     This is the number of pixels to scroll if the user moves the mouse cursor to the top or bottom of the
+ *     window. The page should automatically scroll up or down as appropriate (tested in IE6, IE7, Safari, FF2,
+ *     FF3 beta)
+ * 
+ * Other ways to control behaviour:
+ *
+ * Add class="nodrop" to any rows for which you don't want to allow dropping, and class="nodrag" to any rows
+ * that you don't want to be draggable.
+ *
+ * Inside the onDrop method you can also call $.tableDnD.serialize() this returns a string of the form
+ * <tableID>[]=<rowID1>&<tableID>[]=<rowID2> so that you can send this back to the server. The table must have
+ * an ID as must all the rows.
+ *
+ * Known problems:
+ * - Auto-scoll has some problems with IE7  (it scrolls even when it shouldn't), work-around: set scrollAmount to 0
+ * 
+ * Version 0.2: 2008-02-20 First public version
+ * Version 0.3: 2008-02-07 Added onDragStart option
+ *                         Made the scroll amount configurable (default is 5 as before)
+ * Version 0.4: 2008-03-15 Changed the noDrag/noDrop attributes to nodrag/nodrop classes
+ *                         Added onAllowDrop to control dropping
+ *                         Fixed a bug which meant that you couldn't set the scroll amount in both directions
+ *                         Added serialise method
+ */
+(function (jQuery) {
+jQuery.tableDnD = {
+    /** Keep hold of the current table being dragged */
+    currentTable : null,
+    /** Keep hold of the current drag object if any */
+    dragObject: null,
+    /** The current mouse offset */
+    mouseOffset: null,
+    /** Remember the old value of Y so that we don't do too much processing */
+    oldY: 0,
+
+    /** Actually build the structure */
+    build: function(options) {
+        // Make sure options exists
+        options = options || {};
+        // Set up the defaults if any
+
+        this.each(function() {
+            // Remember the options
+            this.tableDnDConfig = {
+                onDragStyle: options.onDragStyle,
+                onDropStyle: options.onDropStyle,
+				// Add in the default class for whileDragging
+				onDragClass: options.onDragClass ? options.onDragClass : "tDnD_whileDrag",
+                onDrop: options.onDrop,
+                onDragStart: options.onDragStart,
+                scrollAmount: options.scrollAmount ? options.scrollAmount : 5
+            };
+            // Now make the rows draggable
+            jQuery.tableDnD.makeDraggable(this);
+
+            // fix chrome border bug
+            if (0 == $('tfoot', this).length
+                && 0 < $('thead', this).length) {
+                var h = $('thead', this), count = $('th', h).length,
+                    f = $('<tfoot><tr><td style="padding:0;height:0;line-height:0;border:none" colspan="' + count 
+                    + '"></td></tr></tfoot>').insertAfter(h),
+                    l = $('tr:last', this);
+
+                if (l.parent().prop('tagName').toLowerCase() != 'tfoot') {
+                    var td = $('td', l), dh = td.height();
+                    td.height(dh - f.outerHeight());
+                }
+            }
+        });
+
+        // Now we need to capture the mouse up and mouse move event
+        // We can use bind so that we don't interfere with other event handlers
+        jQuery(document)
+            .bind('mousemove', jQuery.tableDnD.mousemove)
+            .bind('mouseup', jQuery.tableDnD.mouseup);
+
+        // Don't break the chain
+        return this;
+    },
+
+    /** This function makes all the rows on the table draggable apart from those marked as "NoDrag" */
+    makeDraggable: function(table) {
+        // Now initialise the rows
+        var rows = table.rows; //getElementsByTagName("tr")
+        var config = table.tableDnDConfig;
+        for (var i=0; i<rows.length; i++) {
+            // To make non-draggable rows, add the nodrag class (eg for Category and Header rows) 
+			// inspired by John Tarr and Famic
+            var nodrag = $(rows[i]).hasClass("nodrag");
+            if (! nodrag) { //There is no NoDnD attribute on rows I want to drag
+                jQuery(rows[i]).mousedown(function(ev) {
+                    if (ev.target.tagName == "TD") {
+                        jQuery.tableDnD.dragObject = this;
+                        jQuery.tableDnD.currentTable = table;
+                        jQuery.tableDnD.mouseOffset = jQuery.tableDnD.getMouseOffset(this, ev);
+                        if (config.onDragStart) {
+                            // Call the onDrop method if there is one
+                            config.onDragStart(table, this);
+                        }
+                        return false;
+                    }
+                }).css("cursor", "move"); // Store the tableDnD object
+            }
+        }
+    },
+
+    /** Get the mouse coordinates from the event (allowing for browser differences) */
+    mouseCoords: function(ev){
+        if(ev.pageX || ev.pageY){
+            return {x:ev.pageX, y:ev.pageY};
+        }
+        return {
+            x:ev.clientX + document.body.scrollLeft - document.body.clientLeft,
+            y:ev.clientY + document.body.scrollTop  - document.body.clientTop
+        };
+    },
+
+    /** Given a target element and a mouse event, get the mouse offset from that element.
+        To do this we need the element's position and the mouse position */
+    getMouseOffset: function(target, ev) {
+        ev = ev || window.event;
+
+        var docPos    = this.getPosition(target);
+        var mousePos  = this.mouseCoords(ev);
+        return {x:mousePos.x - docPos.x, y:mousePos.y - docPos.y};
+    },
+
+    /** Get the position of an element by going up the DOM tree and adding up all the offsets */
+    getPosition: function(e){
+        var left = 0;
+        var top  = 0;
+        /** Safari fix -- thanks to Luis Chato for this! */
+        if (e.offsetHeight == 0) {
+            /** Safari 2 doesn't correctly grab the offsetTop of a table row
+            this is detailed here:
+            http://jacob.peargrove.com/blog/2006/technical/table-row-offsettop-bug-in-safari/
+            the solution is likewise noted there, grab the offset of a table cell in the row - the firstChild.
+            note that firefox will return a text node as a first child, so designing a more thorough
+            solution may need to take that into account, for now this seems to work in firefox, safari, ie */
+            e = e.firstChild; // a table cell
+        }
+
+        while (e.offsetParent){
+            left += e.offsetLeft;
+            top  += e.offsetTop;
+            e     = e.offsetParent;
+        }
+
+        left += e.offsetLeft;
+        top  += e.offsetTop;
+
+        return {x:left, y:top};
+    },
+
+    mousemove: function(ev) {
+        if (jQuery.tableDnD.dragObject == null) {
+            return;
+        }
+
+        var dragObj = jQuery(jQuery.tableDnD.dragObject);
+        var config = jQuery.tableDnD.currentTable.tableDnDConfig;
+        var mousePos = jQuery.tableDnD.mouseCoords(ev);
+        var y = mousePos.y - jQuery.tableDnD.mouseOffset.y;
+        //auto scroll the window
+	    var yOffset = window.pageYOffset;
+	 	if (document.all) {
+	        // Windows version
+	        //yOffset=document.body.scrollTop;
+	        if (typeof document.compatMode != 'undefined' &&
+	             document.compatMode != 'BackCompat') {
+	           yOffset = document.documentElement.scrollTop;
+	        }
+	        else if (typeof document.body != 'undefined') {
+	           yOffset=document.body.scrollTop;
+	        }
+
+	    }
+		    
+		if (mousePos.y-yOffset < config.scrollAmount) {
+	    	window.scrollBy(0, -config.scrollAmount);
+	    } else {
+            var windowHeight = window.innerHeight ? window.innerHeight
+                    : document.documentElement.clientHeight ? document.documentElement.clientHeight : document.body.clientHeight;
+            if (windowHeight-(mousePos.y-yOffset) < config.scrollAmount) {
+                window.scrollBy(0, config.scrollAmount);
+            }
+        }
+
+
+        if (y != jQuery.tableDnD.oldY) {
+            // work out if we're going up or down...
+            var movingDown = y > jQuery.tableDnD.oldY;
+            // update the old value
+            jQuery.tableDnD.oldY = y;
+            // update the style to show we're dragging
+			if (config.onDragClass) {
+				dragObj.addClass(config.onDragClass);
+			} else {
+	            dragObj.css(config.onDragStyle);
+			}
+            // If we're over a row then move the dragged row to there so that the user sees the
+            // effect dynamically
+            var currentRow = jQuery.tableDnD.findDropTargetRow(dragObj, y);
+            if (currentRow) {
+                // TODO worry about what happens when there are multiple TBODIES
+                if (movingDown && jQuery.tableDnD.dragObject != currentRow) {
+                    jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow.nextSibling);
+                } else if (! movingDown && jQuery.tableDnD.dragObject != currentRow) {
+                    jQuery.tableDnD.dragObject.parentNode.insertBefore(jQuery.tableDnD.dragObject, currentRow);
+                }
+            }
+        }
+
+        return false;
+    },
+
+    /** We're only worried about the y position really, because we can only move rows up and down */
+    findDropTargetRow: function(draggedRow, y) {
+        var rows = jQuery.tableDnD.currentTable.rows;
+        for (var i=0; i<rows.length; i++) {
+            var row = rows[i];
+            var rowY    = this.getPosition(row).y;
+            var rowHeight = parseInt(row.offsetHeight)/2;
+            if (row.offsetHeight == 0) {
+                rowY = this.getPosition(row.firstChild).y;
+                rowHeight = parseInt(row.firstChild.offsetHeight)/2;
+            }
+            // Because we always have to insert before, we need to offset the height a bit
+            if ((y > rowY - rowHeight) && (y < (rowY + rowHeight))) {
+                // that's the row we're over
+				// If it's the same as the current row, ignore it
+				if (row == draggedRow) {return null;}
+                var config = jQuery.tableDnD.currentTable.tableDnDConfig;
+                if (config.onAllowDrop) {
+                    if (config.onAllowDrop(draggedRow, row)) {
+                        return row;
+                    } else {
+                        return null;
+                    }
+                } else {
+					// If a row has nodrop class, then don't allow dropping (inspired by John Tarr and Famic)
+                    var nodrop = $(row).hasClass("nodrop");
+                    if (! nodrop) {
+                        return row;
+                    } else {
+                        return null;
+                    }
+                }
+                return row;
+            }
+        }
+        return null;
+    },
+
+    mouseup: function(e) {
+        if (jQuery.tableDnD.currentTable && jQuery.tableDnD.dragObject) {
+            var droppedRow = jQuery.tableDnD.dragObject;
+            var config = jQuery.tableDnD.currentTable.tableDnDConfig;
+            // If we have a dragObject, then we need to release it,
+            // The row will already have been moved to the right place so we just reset stuff
+			if (config.onDragClass) {
+	            jQuery(droppedRow).removeClass(config.onDragClass);
+			} else {
+	            jQuery(droppedRow).css(config.onDropStyle);
+			}
+            jQuery.tableDnD.dragObject   = null;
+            if (config.onDrop) {
+                // Call the onDrop method if there is one
+                config.onDrop(jQuery.tableDnD.currentTable, droppedRow);
+            }
+            jQuery.tableDnD.currentTable = null; // let go of the table too
+        }
+    },
+
+    serialize: function() {
+        if (jQuery.tableDnD.currentTable) {
+            var result = "";
+            var tableId = jQuery.tableDnD.currentTable.id;
+            var rows = jQuery.tableDnD.currentTable.rows;
+            for (var i=0; i<rows.length; i++) {
+                if (result.length > 0) result += "&";
+                result += tableId + '[]=' + rows[i].id;
+            }
+            return result;
+        } else {
+            return "Error: No Table id set, you need to set an id on your table and every row";
+        }
+    }
+}
+
+jQuery.fn.extend(
+	{
+		tableDnD : jQuery.tableDnD.build
+	}
+);
+})($);
+
+/*
+	Masked Input plugin for jQuery
+	Copyright (c) 2007-2013 Josh Bush (digitalbush.com)
+	Licensed under the MIT license (http://digitalbush.com/projects/masked-input-plugin/#license)
+	Version: 1.3.1
+*/
+(function($) {
+	function getPasteEvent() {
+    var el = document.createElement('input'),
+        name = 'onpaste';
+    el.setAttribute(name, '');
+    return (typeof el[name] === 'function')?'paste':'input';             
+}
+
+var pasteEventName = getPasteEvent() + ".mask",
+	ua = navigator.userAgent,
+	iPhone = /iphone/i.test(ua),
+	android=/android/i.test(ua),
+	caretTimeoutId;
+
+$.mask = {
+	//Predefined character definitions
+	definitions: {
+		'9': "[0-9]",
+		'a': "[A-Za-z]",
+		'*': "[A-Za-z0-9]"
+	},
+	dataName: "rawMaskFn",
+	placeholder: '_',
+};
+
+$.fn.extend({
+	//Helper Function for Caret positioning
+	caret: function(begin, end) {
+		var range;
+
+		if (this.length === 0 || this.is(":hidden")) {
+			return;
+		}
+
+		if (typeof begin == 'number') {
+			end = (typeof end === 'number') ? end : begin;
+			return this.each(function() {
+				if (this.setSelectionRange) {
+					this.setSelectionRange(begin, end);
+				} else if (this.createTextRange) {
+					range = this.createTextRange();
+					range.collapse(true);
+					range.moveEnd('character', end);
+					range.moveStart('character', begin);
+					range.select();
+				}
+			});
+		} else {
+			if (this[0].setSelectionRange) {
+				begin = this[0].selectionStart;
+				end = this[0].selectionEnd;
+			} else if (document.selection && document.selection.createRange) {
+				range = document.selection.createRange();
+				begin = 0 - range.duplicate().moveStart('character', -100000);
+				end = begin + range.text.length;
+			}
+			return { begin: begin, end: end };
+		}
+	},
+	unmask: function() {
+		return this.trigger("unmask");
+	},
+	mask: function(mask, settings) {
+		var input,
+			defs,
+			tests,
+			partialPosition,
+			firstNonMaskPos,
+			len;
+
+		if (!mask && this.length > 0) {
+			input = $(this[0]);
+			return input.data($.mask.dataName)();
+		}
+		settings = $.extend({
+			placeholder: $.mask.placeholder, // Load default placeholder
+			completed: null
+		}, settings);
+
+
+		defs = $.mask.definitions;
+		tests = [];
+		partialPosition = len = mask.length;
+		firstNonMaskPos = null;
+
+		$.each(mask.split(""), function(i, c) {
+			if (c == '?') {
+				len--;
+				partialPosition = i;
+			} else if (defs[c]) {
+				tests.push(new RegExp(defs[c]));
+				if (firstNonMaskPos === null) {
+					firstNonMaskPos = tests.length - 1;
+				}
+			} else {
+				tests.push(null);
+			}
+		});
+
+		return this.trigger("unmask").each(function() {
+			var input = $(this),
+				buffer = $.map(
+				mask.split(""),
+				function(c, i) {
+					if (c != '?') {
+						return defs[c] ? settings.placeholder : c;
+					}
+				}),
+				focusText = input.val();
+
+			function seekNext(pos) {
+				while (++pos < len && !tests[pos]);
+				return pos;
+			}
+
+			function seekPrev(pos) {
+				while (--pos >= 0 && !tests[pos]);
+				return pos;
+			}
+
+			function shiftL(begin,end) {
+				var i,
+					j;
+
+				if (begin<0) {
+					return;
+				}
+
+				for (i = begin, j = seekNext(end); i < len; i++) {
+					if (tests[i]) {
+						if (j < len && tests[i].test(buffer[j])) {
+							buffer[i] = buffer[j];
+							buffer[j] = settings.placeholder;
+						} else {
+							break;
+						}
+
+						j = seekNext(j);
+					}
+				}
+				writeBuffer();
+				input.caret(Math.max(firstNonMaskPos, begin));
+			}
+
+			function shiftR(pos) {
+				var i,
+					c,
+					j,
+					t;
+
+				for (i = pos, c = settings.placeholder; i < len; i++) {
+					if (tests[i]) {
+						j = seekNext(i);
+						t = buffer[i];
+						buffer[i] = c;
+						if (j < len && tests[j].test(t)) {
+							c = t;
+						} else {
+							break;
+						}
+					}
+				}
+			}
+
+			function keydownEvent(e) {
+				var k = e.which,
+					pos,
+					begin,
+					end;
+
+				//backspace, delete, and escape get special treatment
+				if (k === 8 || k === 46 || (iPhone && k === 127)) {
+					pos = input.caret();
+					begin = pos.begin;
+					end = pos.end;
+
+					if (end - begin === 0) {
+						begin=k!==46?seekPrev(begin):(end=seekNext(begin-1));
+						end=k===46?seekNext(end):end;
+					}
+					clearBuffer(begin, end);
+					shiftL(begin, end - 1);
+
+					e.preventDefault();
+				} else if (k == 27) {//escape
+					input.val(focusText);
+					input.caret(0, checkVal());
+					e.preventDefault();
+				}
+			}
+
+			function keypressEvent(e) {
+				var k = e.which,
+					pos = input.caret(),
+					p,
+					c,
+					next;
+
+				if (e.ctrlKey || e.altKey || e.metaKey || k < 32) {//Ignore
+					return;
+				} else if (k) {
+					if (pos.end - pos.begin !== 0){
+						clearBuffer(pos.begin, pos.end);
+						shiftL(pos.begin, pos.end-1);
+					}
+
+					p = seekNext(pos.begin - 1);
+					if (p < len) {
+						c = String.fromCharCode(k);
+						if (tests[p].test(c)) {
+							shiftR(p);
+
+							buffer[p] = c;
+							writeBuffer();
+							next = seekNext(p);
+
+							if(android){
+								setTimeout($.proxy($.fn.caret,input,next),0);
+							}else{
+								input.caret(next);
+							}
+
+							if (settings.completed && next >= len) {
+								settings.completed.call(input);
+							}
+						}
+					}
+					e.preventDefault();
+				}
+			}
+
+			function clearBuffer(start, end) {
+				var i;
+				for (i = start; i < end && i < len; i++) {
+					if (tests[i]) {
+						buffer[i] = settings.placeholder;
+					}
+				}
+			}
+
+			function writeBuffer() { input.val(buffer.join('')); }
+
+			function checkVal(allow) {
+				//try to place characters where they belong
+				var test = input.val(),
+					lastMatch = -1,
+					i,
+					c;
+
+				for (i = 0, pos = 0; i < len; i++) {
+					if (tests[i]) {
+						buffer[i] = settings.placeholder;
+						while (pos++ < test.length) {
+							c = test.charAt(pos - 1);
+							if (tests[i].test(c)) {
+								buffer[i] = c;
+								lastMatch = i;
+								break;
+							}
+						}
+						if (pos > test.length) {
+							break;
+						}
+					} else if (buffer[i] === test.charAt(pos) && i !== partialPosition) {
+						pos++;
+						lastMatch = i;
+					}
+				}
+				if (allow) {
+					writeBuffer();
+				} else if (lastMatch + 1 < partialPosition) {
+					input.val("");
+					clearBuffer(0, len);
+				} else {
+					writeBuffer();
+					input.val(input.val().substring(0, lastMatch + 1));
+				}
+				return (partialPosition ? i : firstNonMaskPos);
+			}
+
+			input.data($.mask.dataName,function(){
+				return $.map(buffer, function(c, i) {
+					return tests[i]&&c!=settings.placeholder ? c : null;
+				}).join('');
+			});
+
+			if (!input.attr("readonly"))
+				input
+				.one("unmask", function() {
+					input
+						.unbind(".mask")
+						.removeData($.mask.dataName);
+				})
+				.bind("focus.mask", function() {
+					clearTimeout(caretTimeoutId);
+					var pos,
+						moveCaret;
+
+					focusText = input.val();
+					pos = checkVal();
+					
+					caretTimeoutId = setTimeout(function(){
+						writeBuffer();
+						if (pos == mask.length) {
+							input.caret(0, pos);
+						} else {
+							input.caret(pos);
+						}
+					}, 10);
+				})
+				.bind("blur.mask", function() {
+					checkVal();
+					if (input.val() != focusText)
+						input.change();
+				})
+				.bind("keydown.mask", keydownEvent)
+				.bind("keypress.mask", keypressEvent)
+				.bind(pasteEventName, function() {
+					setTimeout(function() { 
+						var pos=checkVal(true);
+						input.caret(pos); 
+						if (settings.completed && pos == input.val().length)
+							settings.completed.call(input);
+					}, 0);
+				});
+			checkVal(); //Perform initial check for existing values
+		});
+	}
+});
+
+
+})(jQuery);
+
+/*
+ * jQuery plugin: fieldSelection - v0.1.1 - last change: 2006-12-16
+ * (c) 2006 Alex Brem <alex@0xab.cd> - http://blog.0xab.cd
+ */
+
+jQuery.fn.extend({
+    getSelection: function () {
+
+        var e = this.get(0);
+        if (!e) {
+            return null;
+        }
+
+        return (
+
+            /* mozilla / dom 3.0 */
+            ('selectionStart' in e && function() {
+            var l = e.selectionEnd - e.selectionStart;
+                return { start: e.selectionStart, end: e.selectionEnd, length: l, text: e.value.substr(e.selectionStart, l) };
+            }) ||
+
+            /* other */
+            (window.getSelection() && function () {
+                var selection = window.getSelection(), range = selection.getRangeAt(0);
+
+                return { start: range.startOffset, end: range.endOffset, length: range.endOffset - range.startOffset, text: range.toString()};
+
+            }) ||
+
+            /* exploder */
+            (document.selection && function() {
+
+                e.focus();
+
+                var r = document.selection.createRange();
+                if (r === null) {
+                    return { start: 0, end: e.value.length, length: 0 }
+                }
+
+                var re = e.createTextRange();
+                var rc = re.duplicate();
+                re.moveToBookmark(r.getBookmark());
+                rc.setEndPoint('EndToStart', re);
+
+                return { start: rc.text.length, end: rc.text.length + r.text.length, length: r.text.length, text: r.text };
+            }) || 
+
+            /* browser not supported */
+            function() { return null; }
+
+        )();
+    },
+
+    setSelection: function (start, end) {
+        var e = this.get(0);
+        if (!e) {
+            return;
+        }
+
+        if (e.setSelectionRange) {
+            e.focus();
+            e.setSelectionRange(start, end);
+        } else if (e.createTextRange) {
+            var range = e.createTextRange();
+            range.collapse(true);
+            range.moveEnd('character', end);
+            range.moveStart('character', start);
+            range.select();
+        }
+    },
+
+    replaceSelection: function () {
+
+        var e = this.get(0);
+        if (!e) {
+            return null;
+        }
+
+        var text = arguments[0] || '';
+
+        return (
+
+            /* mozilla / dom 3.0 */
+            ('selectionStart' in e && function() {
+                e.value = e.value.substr(0, e.selectionStart) + text + e.value.substr(e.selectionEnd, e.value.length);
+                return this;
+            }) ||
+
+            /* exploder */
+            (document.selection && function() {
+                e.focus();
+                document.selection.createRange().text = text;
+                return this;
+            }) ||
+
+            /* browser not supported */
+            function() {
+                e.value += text;
+                return jQuery(e);
+            }
+
+        )();
+    }
+});
+
+/**
+ * jQuery Cookie plugin
+ *
+ * Copyright (c) 2010 Klaus Hartl (stilbuero.de)
+ * Dual licensed under the MIT and GPL licenses:
+ * http://www.opensource.org/licenses/mit-license.php
+ * http://www.gnu.org/licenses/gpl.html
+ *
+ */
+jQuery.cookie = function (key, value, options) {
+
+    // key and at least value given, set cookie...
+    if (arguments.length > 1 && String(value) !== "[object Object]") {
+        options = jQuery.extend({}, options);
+
+        if (value === null || value === undefined) {
+            options.expires = -1;
+        }
+
+        if (typeof options.expires === 'number') {
+            var days = options.expires, t = options.expires = new Date();
+            t.setDate(t.getDate() + days);
+        }
+
+        value = String(value);
+
+        return (document.cookie = [
+            encodeURIComponent(key), '=',
+            options.raw ? value : encodeURIComponent(value),
+            options.expires ? '; expires=' + options.expires.toUTCString() : '', // use expires attribute, max-age is not supported by IE
+            options.path ? '; path=' + options.path : '',
+            options.domain ? '; domain=' + options.domain : '',
+            options.secure ? '; secure' : ''
+        ].join(''));
+    }
+
+    // key and possibly options given, get cookie...
+    options = value || {};
+    var result, decode = options.raw ? function (s) { return s; } : decodeURIComponent;
+    return (result = new RegExp('(?:^|; )' + encodeURIComponent(key) + '=([^;]*)').exec(document.cookie)) ? decode(result[1]) : null;
+};
+
+/*!
+ * jQuery.ScrollTo
+ * Copyright (c) 2007-2012 Ariel Flesler - aflesler(at)gmail(dot)com | http://flesler.blogspot.com
+ * Dual licensed under MIT and GPL.
+ * Date: 4/09/2012
+ *
+ * @projectDescription Easy element scrolling using jQuery.
+ * http://flesler.blogspot.com/2007/10/jqueryscrollto.html
+ * @author Ariel Flesler
+ * @version 1.4.3.1
+ *
+ * @id jQuery.scrollTo
+ * @id jQuery.fn.scrollTo
+ * @param {String, Number, DOMElement, jQuery, Object} target Where to scroll the matched elements.
+ *	  The different options for target are:
+ *		- A number position (will be applied to all axes).
+ *		- A string position ('44', '100px', '+=90', etc ) will be applied to all axes
+ *		- A jQuery/DOM element ( logically, child of the element to scroll )
+ *		- A string selector, that will be relative to the element to scroll ( 'li:eq(2)', etc )
+ *		- A hash { top:x, left:y }, x and y can be any kind of number/string like above.
+ *		- A percentage of the container's dimension/s, for example: 50% to go to the middle.
+ *		- The string 'max' for go-to-end. 
+ * @param {Number, Function} duration The OVERALL length of the animation, this argument can be the settings object instead.
+ * @param {Object,Function} settings Optional set of settings or the onAfter callback.
+ *	 @option {String} axis Which axis must be scrolled, use 'x', 'y', 'xy' or 'yx'.
+ *	 @option {Number, Function} duration The OVERALL length of the animation.
+ *	 @option {String} easing The easing method for the animation.
+ *	 @option {Boolean} margin If true, the margin of the target element will be deducted from the final position.
+ *	 @option {Object, Number} offset Add/deduct from the end position. One number for both axes or { top:x, left:y }.
+ *	 @option {Object, Number} over Add/deduct the height/width multiplied by 'over', can be { top:x, left:y } when using both axes.
+ *	 @option {Boolean} queue If true, and both axis are given, the 2nd axis will only be animated after the first one ends.
+ *	 @option {Function} onAfter Function to be called after the scrolling ends. 
+ *	 @option {Function} onAfterFirst If queuing is activated, this function will be called after the first scrolling ends.
+ * @return {jQuery} Returns the same jQuery object, for chaining.
+ *
+ * @desc Scroll to a fixed position
+ * @example $('div').scrollTo( 340 );
+ *
+ * @desc Scroll relatively to the actual position
+ * @example $('div').scrollTo( '+=340px', { axis:'y' } );
+ *
+ * @desc Scroll using a selector (relative to the scrolled element)
+ * @example $('div').scrollTo( 'p.paragraph:eq(2)', 500, { easing:'swing', queue:true, axis:'xy' } );
+ *
+ * @desc Scroll to a DOM element (same for jQuery object)
+ * @example var second_child = document.getElementById('container').firstChild.nextSibling;
+ *			$('#container').scrollTo( second_child, { duration:500, axis:'x', onAfter:function(){
+ *				alert('scrolled!!');																   
+ *			}});
+ *
+ * @desc Scroll on both axes, to different values
+ * @example $('div').scrollTo( { top: 300, left:'+=200' }, { axis:'xy', offset:-20 } );
+ */
+
+;(function( $ ){
+	
+	var $scrollTo = $.scrollTo = function( target, duration, settings ){
+		$(window).scrollTo( target, duration, settings );
+	};
+
+	$scrollTo.defaults = {
+		axis:'xy',
+		duration: parseFloat($.fn.jquery) >= 1.3 ? 0 : 1,
+		limit:true
+	};
+
+	// Returns the element that needs to be animated to scroll the window.
+	// Kept for backwards compatibility (specially for localScroll & serialScroll)
+	$scrollTo.window = function( scope ){
+		return $(window)._scrollable();
+	};
+
+	// Hack, hack, hack :)
+	// Returns the real elements to scroll (supports window/iframes, documents and regular nodes)
+	$.fn._scrollable = function(){
+		return this.map(function(){
+			var elem = this,
+				isWin = !elem.nodeName || $.inArray( elem.nodeName.toLowerCase(), ['iframe','#document','html','body'] ) != -1;
+
+				if( !isWin )
+					return elem;
+
+			var doc = (elem.contentWindow || elem).document || elem.ownerDocument || elem;
+			
+			return /webkit/i.test(navigator.userAgent) || doc.compatMode == 'BackCompat' ?
+				doc.body : 
+				doc.documentElement;
+		});
+	};
+
+	$.fn.scrollTo = function( target, duration, settings ){
+		if( typeof duration == 'object' ){
+			settings = duration;
+			duration = 0;
+		}
+		if( typeof settings == 'function' )
+			settings = { onAfter:settings };
+			
+		if( target == 'max' )
+			target = 9e9;
+			
+		settings = $.extend( {}, $scrollTo.defaults, settings );
+		// Speed is still recognized for backwards compatibility
+		duration = duration || settings.duration;
+		// Make sure the settings are given right
+		settings.queue = settings.queue && settings.axis.length > 1;
+		
+		if( settings.queue )
+			// Let's keep the overall duration
+			duration /= 2;
+		settings.offset = both( settings.offset );
+		settings.over = both( settings.over );
+
+		return this._scrollable().each(function(){
+			// Null target yields nothing, just like jQuery does
+			if (target == null) return;
+
+			var elem = this,
+				$elem = $(elem),
+				targ = target, toff, attr = {},
+				win = $elem.is('html,body');
+
+			switch( typeof targ ){
+				// A number will pass the regex
+				case 'number':
+				case 'string':
+					if( /^([+-]=)?\d+(\.\d+)?(px|%)?$/.test(targ) ){
+						targ = both( targ );
+						// We are done
+						break;
+					}
+					// Relative selector, no break!
+					targ = $(targ,this);
+					if (!targ.length) return;
+				case 'object':
+					// DOMElement / jQuery
+					if( targ.is || targ.style )
+						// Get the real position of the target 
+						toff = (targ = $(targ)).offset();
+			}
+			$.each( settings.axis.split(''), function( i, axis ){
+				var Pos	= axis == 'x' ? 'Left' : 'Top',
+					pos = Pos.toLowerCase(),
+					key = 'scroll' + Pos,
+					old = elem[key],
+					max = $scrollTo.max(elem, axis);
+
+				if( toff ){// jQuery / DOMElement
+					attr[key] = toff[pos] + ( win ? 0 : old - $elem.offset()[pos] );
+
+					// If it's a dom element, reduce the margin
+					if( settings.margin ){
+						attr[key] -= parseInt(targ.css('margin'+Pos)) || 0;
+						attr[key] -= parseInt(targ.css('border'+Pos+'Width')) || 0;
+					}
+					
+					attr[key] += settings.offset[pos] || 0;
+					
+					if( settings.over[pos] )
+						// Scroll to a fraction of its width/height
+						attr[key] += targ[axis=='x'?'width':'height']() * settings.over[pos];
+				}else{ 
+					var val = targ[pos];
+					// Handle percentage values
+					attr[key] = val.slice && val.slice(-1) == '%' ? 
+						parseFloat(val) / 100 * max
+						: val;
+				}
+
+				// Number or 'number'
+				if( settings.limit && /^\d+$/.test(attr[key]) )
+					// Check the limits
+					attr[key] = attr[key] <= 0 ? 0 : Math.min( attr[key], max );
+
+				// Queueing axes
+				if( !i && settings.queue ){
+					// Don't waste time animating, if there's no need.
+					if( old != attr[key] )
+						// Intermediate animation
+						animate( settings.onAfterFirst );
+					// Don't animate this axis again in the next iteration.
+					delete attr[key];
+				}
+			});
+
+			animate( settings.onAfter );			
+
+			function animate( callback ){
+				$elem.animate( attr, duration, settings.easing, callback && function(){
+					callback.call(this, target, settings);
+				});
+			};
+
+		}).end();
+	};
+	
+	// Max scrolling position, works on quirks mode
+	// It only fails (not too badly) on IE, quirks mode.
+	$scrollTo.max = function( elem, axis ){
+		var Dim = axis == 'x' ? 'Width' : 'Height',
+			scroll = 'scroll'+Dim;
+		
+		if( !$(elem).is('html,body') )
+			return elem[scroll] - $(elem)[Dim.toLowerCase()]();
+		
+		var size = 'client' + Dim,
+			html = elem.ownerDocument.documentElement,
+			body = elem.ownerDocument.body;
+
+		return Math.max( html[scroll], body[scroll] ) 
+			 - Math.min( html[size]  , body[size]   );
+	};
+
+	function both( val ){
+		return typeof val == 'object' ? val : { top:val, left:val };
+	};
+
+})( jQuery );
+
+jQuery.fn.css2 = jQuery.fn.css;
+jQuery.fn.css = function() {
+    if (arguments.length) return jQuery.fn.css2.apply(this, arguments);
+    var attr = ['font-family','font-size','font-weight','font-style','color', 'box-sizing',
+        'text-transform','text-decoration','letter-spacing', 'box-shadow',
+        'line-height','text-align','vertical-align','direction','background-color',
+        'background-image','background-repeat','background-position',
+        'background-attachment','opacity','width','height','top','right','bottom',
+        'left','margin-top','margin-right','margin-bottom','margin-left',
+        'padding-top','padding-right','padding-bottom','padding-left',
+        'border-top-width','border-right-width','border-bottom-width',
+        'border-left-width','border-top-color','border-right-color',
+        'border-bottom-color','border-left-color','border-top-style',
+        'border-right-style','border-bottom-style','border-left-style','position',
+        'display','visibility','z-index','overflow-x','overflow-y','white-space',
+        'clip','float','clear','cursor','list-style-image','list-style-position',
+        'list-style-type','marker-offset'];
+    var len = attr.length, obj = {};
+    for (var i = 0; i < len; i++) 
+        obj[attr[i]] = jQuery.fn.css2.call(this, attr[i]);
+    return obj;
+};
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/login.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/login.php
new file mode 100644
index 0000000..119f674
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/login.php
@@ -0,0 +1,54 @@
+<?php
+include 'common.php';
+
+if ($user->hasLogin()) {
+    $response->redirect($options->adminUrl);
+}
+$rememberName = htmlspecialchars(Typecho_Cookie::get('__typecho_remember_name'));
+Typecho_Cookie::delete('__typecho_remember_name');
+
+$bodyClass = 'body-100';
+
+include 'header.php';
+?>
+<div class="typecho-login-wrap">
+    <div class="typecho-login">
+        <h1><a href="http://typecho.org" class="i-logo">Typecho</a></h1>
+        <form action="<?php $options->loginAction(); ?>" method="post" name="login" role="form">
+            <p>
+                <label for="name" class="sr-only"><?php _e('用户名'); ?></label>
+                <input type="text" id="name" name="name" value="<?php echo $rememberName; ?>" placeholder="<?php _e('用户名'); ?>" class="text-l w-100" autofocus />
+            </p>
+            <p>
+                <label for="password" class="sr-only"><?php _e('密码'); ?></label>
+                <input type="password" id="password" name="password" class="text-l w-100" placeholder="<?php _e('密码'); ?>" />
+            </p>
+            <p class="submit">
+                <button type="submit" class="btn btn-l w-100 primary"><?php _e('登录'); ?></button>
+                <input type="hidden" name="referer" value="<?php echo htmlspecialchars($request->get('referer')); ?>" />
+            </p>
+            <p>
+                <label for="remember"><input type="checkbox" name="remember" class="checkbox" value="1" id="remember" /> <?php _e('下次自动登录'); ?></label>
+            </p>
+        </form>
+        
+        <p class="more-link">
+            <a href="<?php $options->siteUrl(); ?>"><?php _e('返回首页'); ?></a>
+            <?php if($options->allowRegister): ?>
+            &bull;
+            <a href="<?php $options->registerUrl(); ?>"><?php _e('用户注册'); ?></a>
+            <?php endif; ?>
+        </p>
+    </div>
+</div>
+<?php 
+include 'common-js.php';
+?>
+<script>
+$(document).ready(function () {
+    $('#name').focus();
+});
+</script>
+<?php
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-categories.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-categories.php
new file mode 100644
index 0000000..8124eac
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-categories.php
@@ -0,0 +1,154 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+Typecho_Widget::widget('Widget_Metas_Category_Admin')->to($categories);
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main manage-metas">
+            
+                <div class="col-mb-12" role="main">
+                    
+                    <form method="post" name="manage_categories" class="operate-form">
+                    <div class="typecho-list-operate clearfix">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                                <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                                <ul class="dropdown-menu">
+                                    <li><a lang="<?php _e('此分类下的所有内容将被删除, 你确认要删除这些分类吗?'); ?>" href="<?php $security->index('/action/metas-category-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                                    <li><a lang="<?php _e('刷新分类可能需要等待较长时间, 你确认要刷新这些分类吗?'); ?>" href="<?php $security->index('/action/metas-category-edit?do=refresh'); ?>"><?php _e('刷新'); ?></a></li>
+                                    <li class="multiline">
+                                        <button type="button" class="btn merge btn-s" rel="<?php $security->index('/action/metas-category-edit?do=merge'); ?>"><?php _e('合并到'); ?></button>
+                                        <select name="merge">
+                                            <?php $categories->parse('<option value="{mid}">{name}</option>'); ?>
+                                        </select>
+                                    </li>
+                                </ul>
+                            </div>
+                        </div>
+                        <div class="search" role="search">
+                            <?php $categories->backLink(); ?>
+                        </div>
+                    </div>
+
+                    <div class="typecho-table-wrap">
+                        <table class="typecho-list-table">
+                            <colgroup>
+                                <col width="20"/>
+                                <col width="30%"/>
+                                <col width="15%"/>
+                                <col width="25%"/>
+                                <col width=""/>
+                                <col width="10%"/>
+                            </colgroup>
+                            <thead>
+                                <tr class="nodrag">
+                                    <th> </th>
+                                    <th><?php _e('名称'); ?></th>
+                                    <th><?php _e('子分类'); ?></th>
+                                    <th><?php _e('缩略名'); ?></th>
+                                    <th> </th>
+                                    <th><?php _e('文章数'); ?></th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                <?php if($categories->have()): ?>
+                                <?php while ($categories->next()): ?>
+                                <tr id="mid-<?php $categories->theId(); ?>">
+                                    <td><input type="checkbox" value="<?php $categories->mid(); ?>" name="mid[]"/></td>
+                                    <td><a href="<?php $options->adminUrl('category.php?mid=' . $categories->mid); ?>"><?php $categories->name(); ?></a> 
+                                    <a href="<?php $categories->permalink(); ?>" title="<?php _e('浏览 %s', $categories->name); ?>"><i class="i-exlink"></i></a>
+                                    </td>
+                                    <td>
+                                    
+                                    <?php if (count($categories->children) > 0): ?>
+                                    <a href="<?php $options->adminUrl('manage-categories.php?parent=' . $categories->mid); ?>"><?php echo _n('一个分类', '%d个分类', count($categories->children)); ?></a>
+                                    <?php else: ?>
+                                    <a href="<?php $options->adminUrl('category.php?parent=' . $categories->mid); ?>"><?php echo _e('新增'); ?></a>
+                                    <?php endif; ?>
+                                    </td>
+                                    <td><?php $categories->slug(); ?></td>
+                                    <td>
+                                    <?php if ($options->defaultCategory == $categories->mid): ?>
+                                    <?php _e('默认'); ?>
+                                    <?php else: ?>
+                                    <a class="hidden-by-mouse" href="<?php $security->index('/action/metas-category-edit?do=default&mid=' . $categories->mid); ?>" title="<?php _e('设为默认'); ?>"><?php _e('默认'); ?></a>
+                                    <?php endif; ?>
+                                    </td>
+                                    <td><a class="balloon-button left size-<?php echo Typecho_Common::splitByCount($categories->count, 1, 10, 20, 50, 100); ?>" href="<?php $options->adminUrl('manage-posts.php?category=' . $categories->mid); ?>"><?php $categories->count(); ?></a></td>
+                                </tr>
+                                <?php endwhile; ?>
+                                <?php else: ?>
+                                <tr>
+                                    <td colspan="6"><h6 class="typecho-list-table-title"><?php _e('没有任何分类'); ?></h6></td>
+                                </tr>
+                                <?php endif; ?>
+                            </tbody>
+                        </table>
+                    </div>
+                    </form>
+                    
+                </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+?>
+
+<script type="text/javascript">
+(function () {
+    $(document).ready(function () {
+        var table = $('.typecho-list-table').tableDnD({
+            onDrop : function () {
+                var ids = [];
+
+                $('input[type=checkbox]', table).each(function () {
+                    ids.push($(this).val());
+                });
+
+                $.post('<?php $security->index('/action/metas-category-edit?do=sort'); ?>',
+                    $.param({mid : ids}));
+
+                $('tr', table).each(function (i) {
+                    if (i % 2) {
+                        $(this).addClass('even');
+                    } else {
+                        $(this).removeClass('even');
+                    }
+                });
+            }
+        });
+
+        table.tableSelectable({
+            checkEl     :   'input[type=checkbox]',
+            rowEl       :   'tr',
+            selectAllEl :   '.typecho-table-select-all',
+            actionEl    :   '.dropdown-menu a'
+        });
+
+        $('.btn-drop').dropdownMenu({
+            btnEl       :   '.dropdown-toggle',
+            menuEl      :   '.dropdown-menu'
+        });
+
+        $('.dropdown-menu button.merge').click(function () {
+            var btn = $(this);
+            btn.parents('form').attr('action', btn.attr('rel')).submit();
+        });
+
+        <?php if (isset($request->mid)): ?>
+        $('.typecho-mini-panel').effect('highlight', '#AACB36');
+        <?php endif; ?>
+    });
+})();
+</script>
+<?php include 'footer.php'; ?>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-comments.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-comments.php
new file mode 100644
index 0000000..9dfeb46
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-comments.php
@@ -0,0 +1,373 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+$comments = Typecho_Widget::widget('Widget_Comments_Admin');
+$isAllComments = ('on' == $request->get('__typecho_all_comments') || 'on' == Typecho_Cookie::get('__typecho_all_comments'));
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12 typecho-list">
+                <div class="clearfix">
+                    <ul class="typecho-option-tabs right">
+                    <?php if($user->pass('editor', true) && !isset($request->cid)): ?>
+                        <li class="<?php if($isAllComments): ?> current<?php endif; ?>"><a href="<?php echo $request->makeUriByRequest('__typecho_all_comments=on'); ?>"><?php _e('所有'); ?></a></li>
+                        <li class="<?php if(!$isAllComments): ?> current<?php endif; ?>"><a href="<?php echo $request->makeUriByRequest('__typecho_all_comments=off'); ?>"><?php _e('我的'); ?></a></li>
+                    <?php endif; ?>
+                    </ul>
+                    <ul class="typecho-option-tabs">
+                        <li<?php if(!isset($request->status) || 'approved' == $request->get('status')): ?> class="current"<?php endif; ?>><a href="<?php $options->adminUrl('manage-comments.php'
+                        . (isset($request->cid) ? '?cid=' . $request->cid : '')); ?>"><?php _e('已通过'); ?></a></li>
+                        <li<?php if('waiting' == $request->get('status')): ?> class="current"<?php endif; ?>><a href="<?php $options->adminUrl('manage-comments.php?status=waiting'
+                        . (isset($request->cid) ? '&cid=' . $request->cid : '')); ?>"><?php _e('待审核'); ?>
+                        <?php if(!$isAllComments && $stat->myWaitingCommentsNum > 0 && !isset($request->cid)): ?> 
+                            <span class="balloon"><?php $stat->myWaitingCommentsNum(); ?></span>
+                        <?php elseif($isAllComments && $stat->waitingCommentsNum > 0 && !isset($request->cid)): ?>
+                            <span class="balloon"><?php $stat->waitingCommentsNum(); ?></span>
+                        <?php elseif(isset($request->cid) && $stat->currentWaitingCommentsNum > 0): ?>
+                            <span class="balloon"><?php $stat->currentWaitingCommentsNum(); ?></span>
+                        <?php endif; ?>
+                        </a></li>
+                        <li<?php if('spam' == $request->get('status')): ?> class="current"<?php endif; ?>><a href="<?php $options->adminUrl('manage-comments.php?status=spam'
+                        . (isset($request->cid) ? '&cid=' . $request->cid : '')); ?>"><?php _e('垃圾'); ?>
+                        <?php if(!$isAllComments && $stat->mySpamCommentsNum > 0 && !isset($request->cid)): ?> 
+                            <span class="balloon"><?php $stat->mySpamCommentsNum(); ?></span>
+                        <?php elseif($isAllComments && $stat->spamCommentsNum > 0 && !isset($request->cid)): ?>
+                            <span class="balloon"><?php $stat->spamCommentsNum(); ?></span>
+                        <?php elseif(isset($request->cid) && $stat->currentSpamCommentsNum > 0): ?>
+                            <span class="balloon"><?php $stat->currentSpamCommentsNum(); ?></span>
+                        <?php endif; ?>
+                        </a></li>
+                    </ul>
+                </div>
+            
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a href="<?php $security->index('/action/comments-edit?do=approved'); ?>"><?php _e('通过'); ?></a></li>
+                                <li><a href="<?php $security->index('/action/comments-edit?do=waiting'); ?>"><?php _e('待审核'); ?></a></li>
+                                <li><a href="<?php $security->index('/action/comments-edit?do=spam'); ?>"><?php _e('标记垃圾'); ?></a></li>
+                                <li><a lang="<?php _e('你确认要删除这些评论吗?'); ?>" href="<?php $security->index('/action/comments-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            <?php if('spam' == $request->get('status')): ?>
+                                <button lang="<?php _e('你确认要删除所有垃圾评论吗?'); ?>" class="btn btn-s btn-warn btn-operate" href="<?php $security->index('/action/comments-edit?do=delete-spam'); ?>"><?php _e('删除所有垃圾评论'); ?></button>
+                            <?php endif; ?>
+                            </div>
+                        </div>
+                        <div class="search" role="search">
+                            <?php if ('' != $request->keywords || '' != $request->category): ?>
+                            <a href="<?php $options->adminUrl('manage-comments.php' 
+                            . (isset($request->status) || isset($request->cid) ? '?' .
+                            (isset($request->status) ? 'status=' . htmlspecialchars($request->get('status')) : '') .
+                            (isset($request->cid) ? (isset($request->status) ? '&' : '') . 'cid=' . htmlspecialchars($request->get('cid')) : '') : '')); ?>"><?php _e('&laquo; 取消筛选'); ?></a>
+                            <?php endif; ?>
+                            <input type="text" class="text-s" placeholder="<?php _e('请输入关键字'); ?>" value="<?php echo htmlspecialchars($request->keywords); ?>"<?php if ('' == $request->keywords): ?> onclick="value='';name='keywords';" <?php else: ?> name="keywords"<?php endif; ?>/>
+                            <?php if(isset($request->status)): ?>
+                                <input type="hidden" value="<?php echo htmlspecialchars($request->get('status')); ?>" name="status" />
+                            <?php endif; ?>
+                            <?php if(isset($request->cid)): ?>
+                                <input type="hidden" value="<?php echo htmlspecialchars($request->get('cid')); ?>" name="cid" />
+                            <?php endif; ?>
+                            <button type="submit" class="btn btn-s"><?php _e('筛选'); ?></button>
+                        </div>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+                
+                <form method="post" name="manage_comments" class="operate-form">
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table">
+                        <colgroup>
+                            <col width="3%"/>
+                            <col width="6%" />
+                            <col width="20%"/>
+                            <col width="71%"/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th> </th>
+                                <th><?php _e('作者'); ?></th>
+                                <th> </th>
+                                <th><?php _e('内容'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+
+                        <?php if($comments->have()): ?>
+                        <?php while($comments->next()): ?>
+                        <tr id="<?php $comments->theId(); ?>" data-comment="<?php
+                        $comment = array(
+                            'author'    =>  $comments->author,
+                            'mail'      =>  $comments->mail,
+                            'url'       =>  $comments->url,
+                            'ip'        =>  $comments->ip,
+                            'type'        =>  $comments->type,
+                            'text'      =>  $comments->text
+                        );
+
+                        echo htmlspecialchars(Json::encode($comment));
+                        ?>">
+                            <td valign="top">
+                                <input type="checkbox" value="<?php $comments->coid(); ?>" name="coid[]"/>
+                            </td>
+                            <td valign="top">
+                                <div class="comment-avatar">
+                                    <?php if ('comment' == $comments->type): ?>
+                                    <?php $comments->gravatar(40); ?>
+                                    <?php endif; ?>
+                                    <?php if ('comment' != $comments->type): ?>
+                                    <?php _e('引用'); ?>
+                                    <?php endif; ?>
+                                </div>
+                            </td>
+                            <td valign="top" class="comment-head">
+                                <div class="comment-meta">
+                                    <strong class="comment-author"><?php $comments->author(true); ?></strong>
+                                    <?php if($comments->mail): ?>
+                                    <br /><span><a href="mailto:<?php $comments->mail(); ?>"><?php $comments->mail(); ?></a></span>
+                                    <?php endif; ?>
+                                    <?php if($comments->ip): ?>
+                                    <br /><span><?php $comments->ip(); ?></span>
+                                    <?php endif; ?>
+                                </div>
+                            </td>
+                            <td valign="top" class="comment-body">
+                                <div class="comment-date"><?php $comments->dateWord(); ?> 于 <a href="<?php $comments->permalink(); ?>"><?php $comments->title(); ?></a></div>
+                                <div class="comment-content">
+                                    <?php $comments->content(); ?>
+                                </div> 
+                                <div class="comment-action hidden-by-mouse">
+                                    <?php if('approved' == $comments->status): ?>
+                                    <span class="weak"><?php _e('通过'); ?></span>
+                                    <?php else: ?>
+                                    <a href="<?php $security->index('/action/comments-edit?do=approved&coid=' . $comments->coid); ?>" class="operate-approved"><?php _e('通过'); ?></a>
+                                    <?php endif; ?>
+                                    
+                                    <?php if('waiting' == $comments->status): ?>
+                                    <span class="weak"><?php _e('待审核'); ?></span>
+                                    <?php else: ?>
+                                    <a href="<?php $security->index('/action/comments-edit?do=waiting&coid=' . $comments->coid); ?>" class="operate-waiting"><?php _e('待审核'); ?></a>
+                                    <?php endif; ?>
+                                    
+                                    <?php if('spam' == $comments->status): ?>
+                                    <span class="weak"><?php _e('垃圾'); ?></span>
+                                    <?php else: ?>
+                                    <a href="<?php $security->index('/action/comments-edit?do=spam&coid=' . $comments->coid); ?>" class="operate-spam"><?php _e('垃圾'); ?></a>
+                                    <?php endif; ?>
+                                    
+                                    <a href="#<?php $comments->theId(); ?>" rel="<?php $security->index('/action/comments-edit?do=edit&coid=' . $comments->coid); ?>" class="operate-edit"><?php _e('编辑'); ?></a>
+
+                                    <?php if('approved' == $comments->status && 'comment' == $comments->type): ?>
+                                    <a href="#<?php $comments->theId(); ?>" rel="<?php $security->index('/action/comments-edit?do=reply&coid=' . $comments->coid); ?>" class="operate-reply"><?php _e('回复'); ?></a>
+                                    <?php endif; ?>
+                                    
+                                    <a lang="<?php _e('你确认要删除%s的评论吗?', htmlspecialchars($comments->author)); ?>" href="<?php $security->index('/action/comments-edit?do=delete&coid=' . $comments->coid); ?>" class="operate-delete"><?php _e('删除'); ?></a>
+                                </div>
+                            </td>
+                        </tr>
+                        <?php endwhile; ?>
+                        <?php else: ?>
+                        <tr>
+                            <td colspan="4"><h6 class="typecho-list-table-title"><?php _e('没有评论') ?></h6></td>
+                        </tr>
+                        <?php endif; ?>
+                        </tbody>
+                    </table><!-- end .typecho-list-table -->
+                </div><!-- end .typecho-table-wrap -->
+
+                <?php if(isset($request->cid)): ?>
+                <input type="hidden" value="<?php echo htmlspecialchars($request->get('cid')); ?>" name="cid" />
+                <?php endif; ?>
+                </form><!-- end .operate-form -->
+
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a href="<?php $security->index('/action/comments-edit?do=approved'); ?>"><?php _e('通过'); ?></a></li>
+                                <li><a href="<?php $security->index('/action/comments-edit?do=waiting'); ?>"><?php _e('待审核'); ?></a></li>
+                                <li><a href="<?php $security->index('/action/comments-edit?do=spam'); ?>"><?php _e('标记垃圾'); ?></a></li>
+                                <li><a lang="<?php _e('你确认要删除这些评论吗?'); ?>" href="<?php $security->index('/action/comments-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            <?php if('spam' == $request->get('status')): ?>
+                                <button lang="<?php _e('你确认要删除所有垃圾评论吗?'); ?>" class="btn btn-s btn-warn btn-operate" href="<?php $security->index('/action/comments-edit?do=delete-spam'); ?>"><?php _e('删除所有垃圾评论'); ?></button>
+                            <?php endif; ?>
+                            </div>
+                        </div>
+                        <?php if($comments->have()): ?>
+                        <ul class="typecho-pager">
+                            <?php $comments->pageNav(); ?>
+                        </ul>
+                        <?php endif; ?>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            </div><!-- end .typecho-list -->
+        </div><!-- end .typecho-page-main -->
+    </div>
+</div>
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'table-js.php';
+?>
+<script type="text/javascript">
+$(document).ready(function () {
+    // 记住滚动条
+    function rememberScroll () {
+        $(window).bind('beforeunload', function () {
+            $.cookie('__typecho_comments_scroll', $('body').scrollTop());
+        });
+    }
+
+    // 自动滚动
+    (function () {
+        var scroll = $.cookie('__typecho_comments_scroll');
+
+        if (scroll) {
+            $.cookie('__typecho_comments_scroll', null);
+            $('html, body').scrollTop(scroll);
+        }
+    })();
+
+    $('.operate-delete').click(function () {
+        var t = $(this), href = t.attr('href'), tr = t.parents('tr');
+
+        if (confirm(t.attr('lang'))) {
+            tr.fadeOut(function () {
+                rememberScroll();
+                window.location.href = href;
+            });
+        }
+
+        return false;
+    });
+
+    $('.operate-approved, .operate-waiting, .operate-spam').click(function () {
+        rememberScroll();
+        window.location.href = $(this).attr('href');
+        return false;
+    });
+
+    $('.operate-reply').click(function () {
+        var td = $(this).parents('td'), t = $(this);
+
+        if ($('.comment-reply', td).length > 0) {
+            $('.comment-reply').remove();
+        } else {
+            var form = $('<form method="post" action="'
+                + t.attr('rel') + '" class="comment-reply">'
+                + '<p><label for="text" class="sr-only"><?php _e('内容'); ?></label><textarea id="text" name="text" class="w-90 mono" rows="3"></textarea></p>'
+                + '<p><button type="submit" class="btn btn-s primary"><?php _e('回复'); ?></button> <button type="button" class="btn btn-s cancel"><?php _e('取消'); ?></button></p>'
+                + '</form>').insertBefore($('.comment-action', td));
+
+            $('.cancel', form).click(function () {
+                $(this).parents('.comment-reply').remove();
+            });
+
+            var textarea = $('textarea', form).focus();
+
+            form.submit(function () {
+                var t = $(this), tr = t.parents('tr'), 
+                    reply = $('<div class="comment-reply-content"></div>').insertAfter($('.comment-content', tr));
+                
+                reply.html('<p>' + textarea.val() + '</p>');
+                $.post(t.attr('action'), t.serialize(), function (o) {
+                    reply.html(o.comment.content)
+                        .effect('highlight');
+                }, 'json');
+
+                t.remove();
+                return false;
+            });
+        }
+
+        return false;
+    });
+
+    $('.operate-edit').click(function () {
+        var tr = $(this).parents('tr'), t = $(this), id = tr.attr('id'), comment = tr.data('comment');
+        tr.hide();
+
+        var edit = $('<tr class="comment-edit"><td> </td>'
+                        + '<td colspan="2" valign="top"><form method="post" action="'
+                        + t.attr('rel') + '" class="comment-edit-info">'
+                        + '<p><label for="' + id + '-author"><?php _e('用户名'); ?></label><input class="text-s w-100" id="'
+                        + id + '-author" name="author" type="text"></p>'
+                        + '<p><label for="' + id + '-mail"><?php _e('电子邮箱'); ?></label>'
+                        + '<input class="text-s w-100" type="email" name="mail" id="' + id + '-mail"></p>'
+                        + '<p><label for="' + id + '-url"><?php _e('个人主页'); ?></label>'
+                        + '<input class="text-s w-100" type="text" name="url" id="' + id + '-url"></p></form></td>'
+                        + '<td valign="top"><form method="post" action="'
+                        + t.attr('rel') + '" class="comment-edit-content"><p><label for="' + id + '-text"><?php _e('内容'); ?></label>'
+                        + '<textarea name="text" id="' + id + '-text" rows="6" class="w-90 mono"></textarea></p>'
+                        + '<p><button type="submit" class="btn btn-s primary"><?php _e('提交'); ?></button> '
+                        + '<button type="button" class="btn btn-s cancel"><?php _e('取消'); ?></button></p></form></td></tr>')
+                        .data('id', id).data('comment', comment).insertAfter(tr);
+
+        $('input[name=author]', edit).val(comment.author);
+        $('input[name=mail]', edit).val(comment.mail);
+        $('input[name=url]', edit).val(comment.url);
+        $('textarea[name=text]', edit).val(comment.text).focus();
+
+        $('.cancel', edit).click(function () {
+            var tr = $(this).parents('tr');
+
+            $('#' + tr.data('id')).show();
+            tr.remove();
+        });
+
+        $('form', edit).submit(function () {
+            var t = $(this), tr = t.parents('tr'),
+                oldTr = $('#' + tr.data('id')),
+                comment = oldTr.data('comment');
+
+            $('form', tr).each(function () {
+                var items  = $(this).serializeArray();
+
+                for (var i = 0; i < items.length; i ++) {
+                    var item = items[i];
+                    comment[item.name] = item.value;
+                }
+            });
+
+            var html = '<strong class="comment-author">'
+                + (comment.url ? '<a target="_blank" href="' + comment.url + '">'
+                + comment.author + '</a>' : comment.author) + '</strong>'
+                + ('comment' != comment.type ? '<small><?php _e('引用'); ?></small>' : '')
+                + (comment.mail ? '<br /><span><a href="mailto:' + comment.mail + '">'
+                + comment.mail + '</a></span>' : '')
+                + (comment.ip ? '<br /><span>' + comment.ip + '</span>' : '');
+
+            $('.comment-meta', oldTr).html(html)
+                .effect('highlight');
+            $('.comment-content', oldTr).html('<p>' + comment.text + '</p>');
+            oldTr.data('comment', comment);
+
+            $.post(t.attr('action'), comment, function (o) {
+                $('.comment-content', oldTr).html(o.comment.content)
+                    .effect('highlight');
+            }, 'json');
+            
+            oldTr.show();
+            tr.remove();
+
+            return false;
+        });
+
+        return false;
+    });
+});
+</script>
+<?php
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-medias.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-medias.php
new file mode 100644
index 0000000..1c08f79
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-medias.php
@@ -0,0 +1,122 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+?>
+
+<?php Typecho_Widget::widget('Widget_Contents_Attachment_Admin')->to($attachments); ?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a lang="<?php _e('你确认要删除这些文件吗?'); ?>" href="<?php $security->index('/action/contents-attachment-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            <button class="btn btn-s btn-warn btn-operate" href="<?php $security->index('/action/contents-attachment-edit?do=clear'); ?>" lang="<?php _e('您确认要清理未归档的文件吗?'); ?>"><?php _e('清理未归档文件'); ?></button>
+                            </div>
+                        </div>
+                        <div class="search" role="search">
+                            <?php if ('' != $request->keywords): ?>
+                            <a href="<?php $options->adminUrl('manage-medias.php'); ?>"><?php _e('&laquo; 取消筛选'); ?></a>
+                            <?php endif; ?>
+                            <input type="text" class="text-s" placeholder="<?php _e('请输入关键字'); ?>" value="<?php echo htmlspecialchars($request->keywords); ?>"<?php if ('' == $request->keywords): ?> onclick="value='';name='keywords';" <?php else: ?> name="keywords"<?php endif; ?>/>
+                            <button type="submit" class="btn btn-s"><?php _e('筛选'); ?></button>
+                        </div>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            
+                <form method="post" name="manage_medias" class="operate-form">
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table draggable">
+                        <colgroup>
+                            <col width="20"/>
+                            <col width="6%"/>
+                            <col width="30%"/>
+                            <col width=""/>
+                            <col width="30%"/>
+                            <col width="16%"/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th> </th>
+                                <th> </th>
+                                <th><?php _e('文件名'); ?></th>
+                                <th><?php _e('上传者'); ?></th>
+                                <th><?php _e('所属文章'); ?></th>
+                                <th><?php _e('发布日期'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        	<?php if($attachments->have()): ?>
+                            <?php while($attachments->next()): ?>
+                            <?php $mime = Typecho_Common::mimeIconType($attachments->attachment->mime); ?>
+                            <tr id="<?php $attachments->theId(); ?>">
+                                <td><input type="checkbox" value="<?php $attachments->cid(); ?>" name="cid[]"/></td>
+                                <td><a href="<?php $options->adminUrl('manage-comments.php?cid=' . $attachments->cid); ?>" class="balloon-button size-<?php echo Typecho_Common::splitByCount($attachments->commentsNum, 1, 10, 20, 50, 100); ?>"><?php $attachments->commentsNum(); ?></a></td>
+                                <td>
+                                <i class="mime-<?php echo $mime; ?>"></i>
+                                <a href="<?php $options->adminUrl('media.php?cid=' . $attachments->cid); ?>"><?php $attachments->title(); ?></a>
+                                <a href="<?php $attachments->permalink(); ?>" title="<?php _e('浏览 %s', $attachments->title); ?>"><i class="i-exlink"></i></a>
+                                </td>
+                                <td><?php $attachments->author(); ?></td>
+                                <td>
+                                <?php if ($attachments->parentPost->cid): ?>
+                                <a href="<?php $options->adminUrl('write-' . (0 === strpos($attachments->parentPost->type, 'post') ? 'post' : 'page') . '.php?cid=' . $attachments->parentPost->cid); ?>"><?php $attachments->parentPost->title(); ?></a>
+                                <?php else: ?>
+                                <span class="description"><?php _e('未归档'); ?></span>
+                                <?php endif; ?>
+                                </td>
+                                <td><?php $attachments->dateWord(); ?></td>
+                            </tr>
+                            <?php endwhile; ?>
+                            <?php else: ?>
+                            <tr>
+                            	<td colspan="6"><h6 class="typecho-list-table-title"><?php _e('没有任何文件'); ?></h6></td>
+                            </tr>
+                            <?php endif; ?>
+                        </tbody>
+                    </table><!-- end .typecho-list-table -->
+                </div><!-- end .typecho-table-wrap -->
+                </form><!-- end .operate-form -->
+
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                                <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                                <ul class="dropdown-menu">
+                                    <li><a lang="<?php _e('你确认要删除这些文件吗?'); ?>" href="<?php $security->index('/action/contents-attachment-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                                </ul>
+                            </div>
+                            <button class="btn btn-s btn-warn btn-operate" href="<?php $security->index('/action/contents-attachment-edit?do=clear'); ?>" lang="<?php _e('您确认要清理未归档的文件吗?'); ?>"><?php _e('清理未归档文件'); ?></button>
+                        </div>
+                        <?php if($attachments->have()): ?>
+                        <ul class="typecho-pager">
+                            <?php $attachments->pageNav(); ?>
+                        </ul>
+                        <?php endif; ?>  
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+                
+            </div>
+        </div><!-- end .typecho-page-main -->
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'table-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-pages.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-pages.php
new file mode 100644
index 0000000..423770f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-pages.php
@@ -0,0 +1,131 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12 typecho-list">
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a lang="<?php _e('你确认要删除这些页面吗?'); ?>" href="<?php $security->index('/action/contents-page-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            </div>
+                        </div>
+
+                        <div class="search" role="search">
+                            <?php if ('' != $request->keywords): ?>
+                            <a href="<?php $options->adminUrl('manage-pages.php'); ?>"><?php _e('&laquo; 取消筛选'); ?></a>
+                            <?php endif; ?>
+                            <input type="text" class="text-s" placeholder="<?php _e('请输入关键字'); ?>" value="<?php echo htmlspecialchars($request->keywords); ?>" name="keywords" />
+                            <button type="submit" class="btn btn-s"><?php _e('筛选'); ?></button>
+                        </div>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            
+                <form method="post" name="manage_pages" class="operate-form">
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table">
+                        <colgroup>
+                            <col width="20"/>
+                            <col width="6%"/>
+                            <col width="30%"/>
+                            <col width="30%"/>
+                            <col width=""/>
+                            <col width="16%"/>
+                        </colgroup>
+                        <thead>
+                            <tr class="nodrag">
+                                <th> </th>
+                                <th> </th>
+                                <th><?php _e('标题'); ?></th>
+                                <th><?php _e('缩略名'); ?></th>
+                                <th><?php _e('作者'); ?></th>
+                                <th><?php _e('日期'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        	<?php Typecho_Widget::widget('Widget_Contents_Page_Admin')->to($pages); ?>
+                        	<?php if($pages->have()): ?>
+                            <?php while($pages->next()): ?>
+                            <tr id="<?php $pages->theId(); ?>">
+                                <td><input type="checkbox" value="<?php $pages->cid(); ?>" name="cid[]"/></td>
+                                <td><a href="<?php $options->adminUrl('manage-comments.php?cid=' . $pages->cid); ?>" class="balloon-button size-<?php echo Typecho_Common::splitByCount($pages->commentsNum, 1, 10, 20, 50, 100); ?>"><?php $pages->commentsNum(); ?></a></td>
+                                <td>
+                                <a href="<?php $options->adminUrl('write-page.php?cid=' . $pages->cid); ?>"><?php $pages->title(); ?></a>
+                                <?php 
+                                if ($pages->hasSaved || 'page_draft' == $pages->type) {
+                                    echo '<em class="status">' . _t('草稿') . '</em>';
+                                } else if ('hidden' == $pages->status) {
+                                    echo '<em class="status">' . _t('隐藏') . '</em>';
+                                }
+                                ?>
+                                <?php if ('page_draft' != $pages->type): ?>
+                                <a href="<?php $pages->permalink(); ?>" title="<?php _e('浏览 %s', htmlspecialchars($pages->title)); ?>"><i class="i-exlink"></i></a>
+                                <?php endif; ?>
+                                </td>
+                                <td><?php $pages->slug(); ?></td>
+                                <td><?php $pages->author(); ?></td>
+                                <td>
+                                <?php if ($pages->hasSaved): ?>
+                                <span class="description">
+                                <?php $modifyDate = new Typecho_Date($pages->modified); ?>
+                                <?php _e('保存于 %s', $modifyDate->word()); ?>
+                                </span>
+                                <?php else: ?>
+                                <?php $pages->dateWord(); ?>
+                                <?php endif; ?>
+                                </td>
+                            </tr>
+                            <?php endwhile; ?>
+                            <?php else: ?>
+                            <tr>
+                            	<td colspan="6"><h6 class="typecho-list-table-title"><?php _e('没有任何页面'); ?></h6></td>
+                            </tr>
+                            <?php endif; ?>
+                        </tbody>
+                    </table>
+                </div><!-- end .typecho-table-wrap -->
+                </form><!-- end .operate-form -->
+            </div><!-- end .typecho-list -->
+        </div><!-- end .typecho-page-main -->
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'table-js.php';
+?>
+
+<?php if(!isset($request->status) || 'publish' == $request->get('status')): ?>
+<script type="text/javascript">
+(function () {
+    $(document).ready(function () {
+        var table = $('.typecho-list-table').tableDnD({
+            onDrop : function () {
+                var ids = [];
+
+                $('input[type=checkbox]', table).each(function () {
+                    ids.push($(this).val());
+                });
+
+                $.post('<?php $security->index('/action/contents-page-edit?do=sort'); ?>',
+                    $.param({cid : ids}));
+            }
+        });
+    });
+})();
+</script>
+<?php endif; ?>
+
+<?php include 'footer.php'; ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-posts.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-posts.php
new file mode 100644
index 0000000..c8f2f4a
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-posts.php
@@ -0,0 +1,152 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12 typecho-list">
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                                <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                                <ul class="dropdown-menu">
+                                    <li><a lang="<?php _e('你确认要删除这些文章吗?'); ?>" href="<?php $security->index('/action/contents-post-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                                </ul>
+                            </div>  
+                        </div>
+                        <div class="search" role="search">
+                            <?php if ('' != $request->keywords || '' != $request->category): ?>
+                            <a href="<?php $options->adminUrl('manage-posts.php' . (isset($request->uid) ? '?uid=' . htmlspecialchars($request->get('uid')) : '')); ?>"><?php _e('&laquo; 取消筛选'); ?></a>
+                            <?php endif; ?>
+                            <input type="text" class="text-s" placeholder="<?php _e('请输入关键字'); ?>" value="<?php echo htmlspecialchars($request->keywords); ?>" name="keywords" />
+                            <select name="category">
+                            	<option value=""><?php _e('所有分类'); ?></option>
+                            	<?php Typecho_Widget::widget('Widget_Metas_Category_List')->to($category); ?>
+                            	<?php while($category->next()): ?>
+                            	<option value="<?php $category->mid(); ?>"<?php if($request->get('category') == $category->mid): ?> selected="true"<?php endif; ?>><?php $category->name(); ?></option>
+                            	<?php endwhile; ?>
+                            </select>
+                            <button type="submit" class="btn btn-s"><?php _e('筛选'); ?></button>
+                            <?php if(isset($request->uid)): ?>
+                            <input type="hidden" value="<?php echo htmlspecialchars($request->get('uid')); ?>" name="uid" />
+                            <?php endif; ?>
+                        </div>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            
+                <form method="post" name="manage_posts" class="operate-form">
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table">
+                        <colgroup>
+                            <col width="20"/>
+                            <col width="6%"/>
+                            <col width="45%"/>
+                            <col width=""/>
+                            <col width="18%"/>
+                            <col width="16%"/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th> </th>
+                                <th> </th>
+                                <th><?php _e('标题'); ?></th>
+                                <th><?php _e('作者'); ?></th>
+                                <th><?php _e('分类'); ?></th>
+                                <th><?php _e('日期'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        	<?php Typecho_Widget::widget('Widget_Contents_Post_Admin')->to($posts); ?>
+                        	<?php if($posts->have()): ?>
+                            <?php while($posts->next()): ?>
+                            <tr id="<?php $posts->theId(); ?>">
+                                <td><input type="checkbox" value="<?php $posts->cid(); ?>" name="cid[]"/></td>
+                                <td><a href="<?php $options->adminUrl('manage-comments.php?cid=' . $posts->cid); ?>" class="balloon-button size-<?php echo Typecho_Common::splitByCount($posts->commentsNum, 1, 10, 20, 50, 100); ?>"><?php $posts->commentsNum(); ?></a></td>
+                                <td>
+                                <a href="<?php $options->adminUrl('write-post.php?cid=' . $posts->cid); ?>"><?php $posts->title(); ?></a>
+                                <?php 
+                                if ($posts->hasSaved || 'post_draft' == $posts->type) {
+                                    echo '<em class="status">' . _t('草稿') . '</em>';
+                                } else if ('hidden' == $posts->status) {
+                                    echo '<em class="status">' . _t('隐藏') . '</em>';
+                                } else if ('waiting' == $posts->status) {
+                                    echo '<em class="status">' . _t('待审核') . '</em>';
+                                } else if ('private' == $posts->status) {
+                                    echo '<em class="status">' . _t('私密') . '</em>';
+                                } else if ($posts->password) {
+                                    echo '<em class="status">' . _t('密码保护') . '</em>';
+                                }
+                                ?>
+                                <?php if ('post_draft' != $posts->type): ?>
+                                <a href="<?php $posts->permalink(); ?>" title="<?php _e('浏览 %s', htmlspecialchars($posts->title)); ?>"><i class="i-exlink"></i></a>
+                                <?php endif; ?>
+                                </td>
+                                <td><a href="<?php $options->adminUrl('manage-posts.php?uid=' . $posts->author->uid); ?>"><?php $posts->author(); ?></a></td>
+                                <td><?php $categories = $posts->categories; $length = count($categories); ?>
+                                <?php foreach ($categories as $key => $val): ?>
+                                    <?php echo '<a href="';
+                                    $options->adminUrl('manage-posts.php?category=' . $val['mid']
+                                    . (isset($request->uid) ? '&uid=' . $request->uid : '')
+                                    . (isset($request->status) ? '&status=' . $request->status : ''));
+                                    echo '">' . $val['name'] . '</a>' . ($key < $length - 1 ? ', ' : ''); ?>
+                                <?php endforeach; ?>
+                                </td>
+                                <td>
+                                <?php if ($posts->hasSaved): ?>
+                                <span class="description">
+                                <?php $modifyDate = new Typecho_Date($posts->modified); ?>
+                                <?php _e('保存于 %s', $modifyDate->word()); ?>
+                                </span>
+                                <?php else: ?>
+                                <?php $posts->dateWord(); ?>
+                                <?php endif; ?>
+                                </td>
+                            </tr>
+                            <?php endwhile; ?>
+                            <?php else: ?>
+                            <tr>
+                            	<td colspan="6"><h6 class="typecho-list-table-title"><?php _e('没有任何文章'); ?></h6></td>
+                            </tr>
+                            <?php endif; ?>
+                        </tbody>
+                    </table>
+                </div>
+                </form><!-- end .operate-form -->
+
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                                <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                                <ul class="dropdown-menu">
+                                    <li><a lang="<?php _e('你确认要删除这些文章吗?'); ?>" href="<?php $security->index('/action/contents-post-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                                </ul>
+                            </div>  
+                        </div>
+
+                        <?php if($posts->have()): ?>
+                        <ul class="typecho-pager">
+                            <?php $posts->pageNav(); ?>
+                        </ul>
+                        <?php endif; ?>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            </div><!-- end .typecho-list -->
+        </div><!-- end .typecho-page-main -->
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'table-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-tags.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-tags.php
new file mode 100644
index 0000000..b0f6ffd
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-tags.php
@@ -0,0 +1,91 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+Typecho_Widget::widget('Widget_Metas_Tag_Admin')->to($tags);
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main manage-metas">
+            
+                <div class="col-mb-12 col-tb-8" role="main">
+                    
+                    <form method="post" name="manage_tags" class="operate-form">
+                    <div class="typecho-list-operate clearfix">
+                        <div class="operate">
+                        <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                        <div class="btn-group btn-drop">
+                        <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                        <ul class="dropdown-menu">
+                            <li><a lang="<?php _e('你确认要删除这些标签吗?'); ?>" href="<?php $security->index('/action/metas-tag-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            <li><a lang="<?php _e('刷新标签可能需要等待较长时间, 你确认要刷新这些标签吗?'); ?>" href="<?php $security->index('/action/metas-tag-edit?do=refresh'); ?>"><?php _e('刷新'); ?></a></li>
+                            <li class="multiline">
+                                <button type="button" class="btn btn-s merge" rel="<?php $security->index('/action/metas-tag-edit?do=merge'); ?>"><?php _e('合并到'); ?></button>
+                                <input type="text" name="merge" class="text-s" />
+                            </li>
+                        </ul>
+                        </div>
+                        </div>
+                    </div>
+                    
+                    <ul class="typecho-list-notable tag-list clearfix">
+                        <?php if($tags->have()): ?>
+                        <?php while ($tags->next()): ?>
+                        <li class="size-<?php $tags->split(5, 10, 20, 30); ?>" id="<?php $tags->theId(); ?>">
+                        <input type="checkbox" value="<?php $tags->mid(); ?>" name="mid[]"/>
+                        <span rel="<?php echo $request->makeUriByRequest('mid=' . $tags->mid); ?>"><?php $tags->name(); ?></span>
+                        <a class="tag-edit-link" href="<?php echo $request->makeUriByRequest('mid=' . $tags->mid); ?>"><i class="i-edit"></i></a>
+                        </li>
+                        <?php endwhile; ?>
+                        <?php else: ?>
+                        <h6 class="typecho-list-table-title"><?php _e('没有任何标签'); ?></h6>
+                        <?php endif; ?>
+                    </ul>
+                    <input type="hidden" name="do" value="delete" />
+                    </form>
+                    
+                </div>
+                <div class="col-mb-12 col-tb-4" role="form">
+                    <?php Typecho_Widget::widget('Widget_Metas_Tag_Edit')->form()->render(); ?>
+                </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+?>
+
+<script type="text/javascript">
+(function () {
+    $(document).ready(function () {
+
+        $('.typecho-list-notable').tableSelectable({
+            checkEl     :   'input[type=checkbox]',
+            rowEl       :   'li',
+            selectAllEl :   '.typecho-table-select-all',
+            actionEl    :   '.dropdown-menu a'
+        });
+
+        $('.btn-drop').dropdownMenu({
+            btnEl       :   '.dropdown-toggle',
+            menuEl      :   '.dropdown-menu'
+        });
+
+        $('.dropdown-menu button.merge').click(function () {
+            var btn = $(this);
+            btn.parents('form').attr('action', btn.attr('rel')).submit();
+        });
+
+        <?php if (isset($request->mid)): ?>
+        $('.typecho-mini-panel').effect('highlight', '#AACB36');
+        <?php endif; ?>
+    });
+})();
+</script>
+<?php include 'footer.php'; ?>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-users.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-users.php
new file mode 100644
index 0000000..5bfe7bf
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/manage-users.php
@@ -0,0 +1,118 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12 typecho-list">
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a lang="<?php _e('你确认要删除这些用户吗?'); ?>" href="<?php $security->index('/action/users-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            </div>  
+                        </div>
+                        <div class="search" role="search">
+                            <?php if ('' != $request->keywords): ?>
+                            <a href="<?php $options->adminUrl('manage-users.php'); ?>"><?php _e('&laquo; 取消筛选'); ?></a>
+                            <?php endif; ?>
+                            <input type="text" class="text-s" placeholder="<?php _e('请输入关键字'); ?>" value="<?php echo htmlspecialchars($request->keywords); ?>" name="keywords" />
+                            <button type="submit" class="btn btn-s"><?php _e('筛选'); ?></button>
+                        </div>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+
+                <form method="post" name="manage_users" class="operate-form">
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table">
+                        <colgroup>
+                            <col width="20"/>
+                            <col width="6%"/>
+                            <col width="30%"/>
+                            <col width=""/>
+                            <col width="25%"/>
+                            <col width="15%"/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th> </th>
+                                <th> </th>
+                                <th><?php _e('用户名'); ?></th>
+                                <th><?php _e('昵称'); ?></th>
+                                <th><?php _e('电子邮件'); ?></th>
+                                <th><?php _e('用户组'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                        	<?php Typecho_Widget::widget('Widget_Users_Admin')->to($users); ?>
+                            <?php while($users->next()): ?>
+                            <tr id="user-<?php $users->uid(); ?>">
+                                <td><input type="checkbox" value="<?php $users->uid(); ?>" name="uid[]"/></td>
+                                <td><a href="<?php $options->adminUrl('manage-posts.php?uid=' . $users->uid); ?>" class="balloon-button left size-<?php echo Typecho_Common::splitByCount($users->postsNum, 1, 10, 20, 50, 100); ?>"><?php $users->postsNum(); ?></a></td>
+                                <td><a href="<?php $options->adminUrl('user.php?uid=' . $users->uid); ?>"><?php $users->name(); ?></a>
+                                <a href="<?php $users->permalink(); ?>" title="<?php _e('浏览 %s', $users->screenName); ?>"><i class="i-exlink"></i></a>
+                                </td>
+                                <td><?php $users->screenName(); ?></td>
+                                <td><?php if($users->mail): ?><a href="mailto:<?php $users->mail(); ?>"><?php $users->mail(); ?></a><?php else: _e('暂无'); endif; ?></td>
+                                <td><?php switch ($users->group) {
+                                    case 'administrator':
+                                        _e('管理员');
+                                        break;
+                                    case 'editor':
+                                        _e('编辑');
+                                        break;
+                                    case 'contributor':
+                                        _e('贡献者');
+                                        break;
+                                    case 'subscriber':
+                                        _e('关注者');
+                                        break;
+                                    case 'visitor':
+                                        _e('访问者');
+                                        break;
+                                    default:
+                                        break;
+                                } ?></td>
+                            </tr>
+                            <?php endwhile; ?>
+                        </tbody>
+                    </table><!-- end .typecho-list-table -->
+                </div><!-- end .typecho-table-wrap -->
+                </form><!-- end .operate-form -->
+
+                <div class="typecho-list-operate clearfix">
+                    <form method="get">
+                        <div class="operate">
+                            <label><i class="sr-only"><?php _e('全选'); ?></i><input type="checkbox" class="typecho-table-select-all" /></label>
+                            <div class="btn-group btn-drop">
+                            <button class="btn dropdown-toggle btn-s" type="button"><i class="sr-only"><?php _e('操作'); ?></i><?php _e('选中项'); ?> <i class="i-caret-down"></i></button>
+                            <ul class="dropdown-menu">
+                                <li><a lang="<?php _e('你确认要删除这些用户吗?'); ?>" href="<?php $security->index('/action/users-edit?do=delete'); ?>"><?php _e('删除'); ?></a></li>
+                            </ul>
+                            </div>  
+                        </div>
+                        <?php if($users->have()): ?>
+                        <ul class="typecho-pager">
+                            <?php $users->pageNav(); ?>
+                        </ul>
+                        <?php endif; ?>
+                    </form>
+                </div><!-- end .typecho-list-operate -->
+            </div><!-- end .typecho-list -->
+        </div><!-- end .typecho-page-main -->
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'table-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/media.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/media.php
new file mode 100644
index 0000000..34b6de8
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/media.php
@@ -0,0 +1,194 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$phpMaxFilesize = function_exists('ini_get') ? trim(ini_get('upload_max_filesize')) : 0;
+
+if (preg_match("/^([0-9]+)([a-z]{1,2})$/i", $phpMaxFilesize, $matches)) {
+    $phpMaxFilesize = strtolower($matches[1] . $matches[2] . (1 == strlen($matches[2]) ? 'b' : ''));
+}
+
+Typecho_Widget::widget('Widget_Contents_Attachment_Edit')->to($attachment);
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main">
+            <div class="col-mb-12 col-tb-8" role="main">
+                <?php if ($attachment->attachment->isImage): ?>
+                <p><img src="<?php $attachment->attachment->url(); ?>" alt="<?php $attachment->attachment->name(); ?>" class="typecho-attachment-photo" /></p>
+                <?php endif; ?>
+                
+                <p>
+                    <?php $mime = Typecho_Common::mimeIconType($attachment->attachment->mime); ?>
+                    <i class="mime-<?php echo $mime; ?>"></i>
+                    <a href=""><strong><?php $attachment->attachment->name(); ?></strong></a>
+                    <span><?php echo number_format(ceil($attachment->attachment->size / 1024)); ?> Kb</span>
+                </p>
+
+                <p>
+                    <input id="attachment-url" type="text" class="mono w-100" value="<?php $attachment->attachment->url(); ?>" readonly />
+                </p>
+
+                <div id="upload-panel" class="p">
+                    <div class="upload-area" draggable="true"><?php _e('拖放文件到这里<br>或者 %s选择文件上传%s', '<a href="###" class="upload-file">', '</a>'); ?></div>
+                    <ul id="file-list"></ul>
+                </div>
+            </div>
+            <div class="col-mb-12 col-tb-4 edit-media" role="form">
+                <?php $attachment->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+?>
+<script src="<?php $options->adminStaticUrl('js', 'moxie.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'plupload.js?v=' . $suffixVersion); ?>"></script>
+<script type="text/javascript">
+$(document).ready(function() {
+    $('#attachment-url').click(function () {
+        $(this).select();
+    });
+    
+    $('.operate-delete').click(function () {
+        var t = $(this), href = t.attr('href');
+
+        if (confirm(t.attr('lang'))) {
+            window.location.href = href;
+        }
+
+        return false;
+    });
+
+    $('.upload-area').bind({
+        dragenter   :   function () {
+            $(this).parent().addClass('drag');
+        },
+
+        dragover    :   function (e) {
+            $(this).parent().addClass('drag');
+        },
+
+        drop        :   function () {
+            $(this).parent().removeClass('drag');
+        },
+        
+        dragend     :   function () {
+            $(this).parent().removeClass('drag');
+        },
+
+        dragleave   :   function () {
+            $(this).parent().removeClass('drag');
+        }
+    });
+
+    function fileUploadStart (file) {
+        $('<ul id="file-list"></ul>').appendTo('#upload-panel');
+        $('<li id="' + file.id + '" class="loading">'
+            + file.name + '</li>').prependTo('#file-list');
+    }
+
+    function fileUploadError (error) {
+        var file = error.file, code = error.code, word; 
+        
+        switch (code) {
+            case plupload.FILE_SIZE_ERROR:
+                word = '<?php _e('文件大小超过限制'); ?>';
+                break;
+            case plupload.FILE_EXTENSION_ERROR:
+                word = '<?php _e('文件扩展名不被支持'); ?>';
+                break;
+            case plupload.FILE_DUPLICATE_ERROR:
+                word = '<?php _e('文件已经上传过'); ?>';
+                break;
+            case plupload.HTTP_ERROR:
+            default:
+                word = '<?php _e('上传出现错误'); ?>';
+                break;
+        }
+
+        var fileError = '<?php _e('%s 上传失败'); ?>'.replace('%s', file.name),
+            li, exist = $('#' + file.id);
+
+        if (exist.length > 0) {
+            li = exist.removeClass('loading').html(fileError);
+        } else {
+            $('<ul id="file-list"></ul>').appendTo('#upload-panel');
+            li = $('<li>' + fileError + '<br />' + word + '</li>').prependTo('#file-list');
+        }
+
+        li.effect('highlight', {color : '#FBC2C4'}, 2000, function () {
+            $(this).remove();
+        });
+    }
+
+    function fileUploadComplete (id, url, data) {
+        var img = $('.typecho-attachment-photo');
+
+        if (img.length > 0) {
+            img.get(0).src = '<?php $attachment->attachment->url(); ?>?' + Math.random();
+        }
+        
+        $('#' + id).html('<?php _e('文件 %s 已经替换'); ?>'.replace('%s', data.title))
+        .effect('highlight', 1000, function () {
+            $(this).remove();
+            $('#file-list').remove();
+        });
+    }
+
+    var uploader = new plupload.Uploader({
+        browse_button   :   $('.upload-file').get(0),
+        url             :   '<?php $security->index('/action/upload?do=modify&cid=' . $attachment->cid); ?>',
+        runtimes        :   'html5,flash,html4',
+        flash_swf_url   :   '<?php $options->adminStaticUrl('js', 'Moxie.swf'); ?>',
+        drop_element    :   $('.upload-area').get(0),
+        filters         :   {
+            max_file_size       :   '<?php echo $phpMaxFilesize ?>',
+            mime_types          :   [{'title' : '<?php _e('允许上传的文件'); ?>', 'extensions' : '<?php $attachment->attachment->type(); ?>'}],
+            prevent_duplicates  :   true
+        },
+        multi_selection :   false,
+
+        init            :   {
+            FilesAdded      :   function (up, files) {
+                plupload.each(files, function(file) {
+                    fileUploadStart(file);
+                });
+
+                uploader.start();
+            },
+
+            FileUploaded    :   function (up, file, result) {
+                if (200 == result.status) {
+                    var data = $.parseJSON(result.response);
+
+                    if (data) {
+                        fileUploadComplete(file.id, data[0], data[1]);
+                        return;
+                    }
+                }
+
+                fileUploadError({
+                    code : plupload.HTTP_ERROR,
+                    file : file
+                });
+            },
+
+            Error           :   function (up, error) {
+                fileUploadError(error);
+            }
+        }
+    });
+
+    uploader.init();
+});
+</script>
+<?php
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/menu.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/menu.php
new file mode 100644
index 0000000..88376da
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/menu.php
@@ -0,0 +1,15 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<div class="typecho-head-nav clearfix" role="navigation">
+    <nav id="typecho-nav-list">
+        <?php $menu->output(); ?>
+    </nav>
+    <div class="operate">
+        <?php Typecho_Plugin::factory('admin/menu.php')->navBar(); ?>
+        <a title="<?php 
+                    if ($user->logged > 0) {
+                        _e('最后登录: %s', Typecho_I18n::dateWord($user->logged  + $options->timezone, $options->gmtTime + $options->timezone));
+                    }
+                    ?>" href="<?php $options->adminUrl('profile.php'); ?>" class="author"><?php $user->screenName(); ?></a><a class="exit" href="<?php $options->logoutUrl(); ?>"><?php _e('登出'); ?></a><a href="<?php $options->siteUrl(); ?>"><?php _e('网站'); ?></a>
+    </div>
+</div>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-discussion.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-discussion.php
new file mode 100644
index 0000000..5468985
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-discussion.php
@@ -0,0 +1,23 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+                <?php Typecho_Widget::widget('Widget_Options_Discussion')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-general.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-general.php
new file mode 100644
index 0000000..062018a
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-general.php
@@ -0,0 +1,23 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+                <?php Typecho_Widget::widget('Widget_Options_General')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-permalink.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-permalink.php
new file mode 100644
index 0000000..b715d6d
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-permalink.php
@@ -0,0 +1,24 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+                <?php Typecho_Widget::widget('Widget_Options_Permalink')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+?>
+
+<?php include 'footer.php'; ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-plugin.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-plugin.php
new file mode 100644
index 0000000..f74c249
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-plugin.php
@@ -0,0 +1,23 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+                <?php Typecho_Widget::widget('Widget_Plugins_Config')->config()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-reading.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-reading.php
new file mode 100644
index 0000000..6c871bd
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-reading.php
@@ -0,0 +1,37 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+                <?php Typecho_Widget::widget('Widget_Options_Reading')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+?>
+<script>
+$('#frontPage-recent,#frontPage-page,#frontPage-file').change(function () {
+    var t = $(this);
+    if (t.prop('checked')) {
+        if ('frontPage-recent' == t.attr('id')) {
+            $('.front-archive').addClass('hidden');
+        } else {
+            $('.front-archive').insertAfter(t.parent()).removeClass('hidden');
+        }
+    }
+});
+</script>
+<?php
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-theme.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-theme.php
new file mode 100644
index 0000000..d5fdb46
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/options-theme.php
@@ -0,0 +1,32 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                <ul class="typecho-option-tabs fix-tabs clearfix">
+                    <li><a href="<?php $options->adminUrl('themes.php'); ?>"><?php _e('可以使用的外观'); ?></a></li>
+                    <?php if (!defined('__TYPECHO_THEME_WRITEABLE__') || __TYPECHO_THEME_WRITEABLE__): ?>
+                        <li><a href="<?php $options->adminUrl('theme-editor.php'); ?>"><?php _e('编辑当前外观'); ?></a></li>
+                    <?php endif; ?>
+                    <li class="current"><a href="<?php $options->adminUrl('options-theme.php'); ?>"><?php _e('设置外观'); ?></a></li>
+                </ul>
+            </div>
+            <div class="col-mb-12 col-tb-8 col-tb-offset-2" role="form">
+                <?php Typecho_Widget::widget('Widget_Themes_Config')->config()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/page-title.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/page-title.php
new file mode 100644
index 0000000..af25b8d
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/page-title.php
@@ -0,0 +1,8 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<div class="typecho-page-title">
+    <h2><?php echo $menu->title; ?><?php 
+    if (!empty($menu->addLink)) {
+        echo "<a href=\"{$menu->addLink}\">" . _t("新增") . "</a>";
+    }
+    ?></h2>
+</div>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/plugins.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/plugins.php
new file mode 100644
index 0000000..e77d203
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/plugins.php
@@ -0,0 +1,127 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12 typecho-list">
+                <?php Typecho_Widget::widget('Widget_Plugins_List@activated', 'activated=1')->to($activatedPlugins); ?>
+                <?php if ($activatedPlugins->have() || !empty($activatedPlugins->activatedPlugins)): ?>
+                <h4 class="typecho-list-table-title"><?php _e('启用的插件'); ?></h4>
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table">
+                        <colgroup>
+                            <col width="25%"/>
+                            <col width="45%"/>
+                            <col width="8%"/>
+                            <col width="10%"/>
+                            <col width=""/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th><?php _e('名称'); ?></th>
+                                <th><?php _e('描述'); ?></th>
+                                <th><?php _e('版本'); ?></th>
+                                <th><?php _e('作者'); ?></th>
+                                <th><?php _e('操作'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php while ($activatedPlugins->next()): ?>
+                            <tr id="plugin-<?php $activatedPlugins->name(); ?>">
+                                <td><?php $activatedPlugins->title(); ?>
+                                <?php if (!$activatedPlugins->dependence): ?>
+                                <img src="<?php $options->adminUrl('images/notice.gif'); ?>" title="<?php _e('%s 无法在此版本的typecho下正常工作', $activatedPlugins->title); ?>" alt="<?php _e('%s 无法在此版本的typecho下正常工作', $activatedPlugins->title); ?>" class="tiny" />
+                                <?php endif; ?>
+                                </td>
+                                <td><?php $activatedPlugins->description(); ?></td>
+                                <td><?php $activatedPlugins->version(); ?></td>
+                                <td><?php echo empty($activatedPlugins->homepage) ? $activatedPlugins->author : '<a href="' . $activatedPlugins->homepage
+                                . '">' . $activatedPlugins->author . '</a>'; ?></td>
+                                <td>
+                                    <?php if ($activatedPlugins->activate || $activatedPlugins->deactivate || $activatedPlugins->config || $activatedPlugins->personalConfig): ?>
+                                        <?php if ($activatedPlugins->config): ?>
+                                            <a href="<?php $options->adminUrl('options-plugin.php?config=' . $activatedPlugins->name); ?>"><?php _e('设置'); ?></a>
+                                            &bull;
+                                        <?php endif; ?>
+                                        <a lang="<?php _e('你确认要禁用插件 %s 吗?', $activatedPlugins->name); ?>" href="<?php $security->index('/action/plugins-edit?deactivate=' . $activatedPlugins->name); ?>"><?php _e('禁用'); ?></a>
+                                    <?php else: ?>
+                                        <span class="important"><?php _e('即插即用'); ?></span>
+                                    <?php endif; ?>
+                                </td>
+                            </tr>
+                            <?php endwhile; ?>
+                            
+                            <?php if (!empty($activatedPlugins->activatedPlugins)): ?>
+                            <?php foreach ($activatedPlugins->activatedPlugins as $key => $val): ?>
+                            <tr>
+                            <td><?php echo $key; ?></td>
+                            <td colspan="3"><span class="warning"><?php _e('此插件文件已经损坏或者被不安全移除, 强烈建议你禁用它'); ?></span></td>
+                            <td><a lang="<?php _e('你确认要禁用插件 %s 吗?', $key); ?>" href="<?php $security->index('/action/plugins-edit?deactivate=' . $key); ?>"><?php _e('禁用'); ?></a></td>
+                            </tr>
+                            <?php endforeach; ?>
+                            <?php endif; ?>
+                            
+                        </tbody>
+                    </table>
+                </div>
+                <?php endif; ?>
+                
+                <?php Typecho_Widget::widget('Widget_Plugins_List@unactivated', 'activated=0')->to($deactivatedPlugins); ?>
+                <?php if ($deactivatedPlugins->have() || !$activatedPlugins->have()): ?>
+                <h4 class="typecho-list-table-title"><?php _e('禁用的插件'); ?></h4>
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table deactivate">
+                        <colgroup>
+                            <col width="25%"/>
+                            <col width="45%"/>
+                            <col width="8%"/>
+                            <col width="10%"/>
+                            <col width=""/>
+                        </colgroup>
+                        <thead>
+                            <tr>
+                                <th><?php _e('名称'); ?></th>
+                                <th><?php _e('描述'); ?></th>
+                                <th><?php _e('版本'); ?></th>
+                                <th><?php _e('作者'); ?></th>
+                                <th class="typecho-radius-topright"><?php _e('操作'); ?></th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <?php if ($deactivatedPlugins->have()): ?>
+                            <?php while ($deactivatedPlugins->next()): ?>
+                            <tr id="plugin-<?php $deactivatedPlugins->name(); ?>">
+                                <td><?php $deactivatedPlugins->title(); ?></td>
+                                <td><?php $deactivatedPlugins->description(); ?></td>
+                                <td><?php $deactivatedPlugins->version(); ?></td>
+                                <td><?php echo empty($deactivatedPlugins->homepage) ? $deactivatedPlugins->author : '<a href="' . $deactivatedPlugins->homepage
+                                . '">' . $deactivatedPlugins->author . '</a>'; ?></td>
+                                <td>
+                                    <a href="<?php $security->index('/action/plugins-edit?activate=' . $deactivatedPlugins->name); ?>"><?php _e('启用'); ?></a>
+                                </td>
+                            </tr>
+                            <?php endwhile; ?>
+                            <?php else: ?>
+                            <tr>
+                            	<td colspan="5"><h6 class="typecho-list-table-title"><?php _e('没有安装插件'); ?></h6></td>
+                            </tr>
+                            <?php endif; ?>
+                        </tbody>
+                    </table>
+                </div>
+                <?php endif; ?>
+                
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/profile.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/profile.php
new file mode 100644
index 0000000..d65eb03
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/profile.php
@@ -0,0 +1,58 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+$stat = Typecho_Widget::widget('Widget_Stat');
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main">
+            <div class="col-mb-12 col-tb-3">
+                <p><a href="http://gravatar.com/emails/" title="<?php _e('在 Gravatar 上修改头像'); ?>"><?php echo '<img class="profile-avatar" src="' . Typecho_Common::gravatarUrl($user->mail, 220, 'X', 'mm', $request->isSecure()) . '" alt="' . $user->screenName . '" />'; ?></a></p>
+                <h2><?php $user->screenName(); ?></h2>
+                <p><?php $user->name(); ?></p>
+                <p><?php _e('目前有 <em>%s</em> 篇日志, 并有 <em>%s</em> 条关于你的评论在 <em>%s</em> 个分类中.', 
+                $stat->myPublishedPostsNum, $stat->myPublishedCommentsNum, $stat->categoriesNum); ?></p>
+                <p><?php
+                if ($user->logged > 0) {
+                    _e('最后登录: %s', Typecho_I18n::dateWord($user->logged  + $options->timezone, $options->gmtTime + $options->timezone));
+                }
+                ?></p>
+            </div>
+
+            <div class="col-mb-12 col-tb-6 col-tb-offset-1 typecho-content-panel" role="form">
+                <section>
+                    <h3><?php _e('个人资料'); ?></h3>
+                    <?php Typecho_Widget::widget('Widget_Users_Profile')->profileForm()->render(); ?>
+                </section>
+
+                <?php if($user->pass('contributor', true)): ?>
+                <br>
+                <section id="writing-option">
+                    <h3><?php _e('撰写设置'); ?></h3>
+                    <?php Typecho_Widget::widget('Widget_Users_Profile')->optionsForm()->render(); ?>
+                </section>
+                <?php endif; ?>
+
+                <br>
+
+                <section id="change-password">
+                    <h3><?php _e('密码修改'); ?></h3>
+                    <?php Typecho_Widget::widget('Widget_Users_Profile')->personalFormList(); ?>
+                    <?php Typecho_Widget::widget('Widget_Users_Profile')->passwordForm()->render(); ?>
+                </section>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+Typecho_Plugin::factory('admin/profile.php')->bottom();
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/register.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/register.php
new file mode 100644
index 0000000..5c8a11c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/register.php
@@ -0,0 +1,50 @@
+<?php
+include 'common.php';
+
+if ($user->hasLogin() || !$options->allowRegister) {
+    $response->redirect($options->siteUrl);
+}
+$rememberName = htmlspecialchars(Typecho_Cookie::get('__typecho_remember_name'));
+$rememberMail = htmlspecialchars(Typecho_Cookie::get('__typecho_remember_mail'));
+Typecho_Cookie::delete('__typecho_remember_name');
+Typecho_Cookie::delete('__typecho_remember_mail');
+
+$bodyClass = 'body-100';
+
+include 'header.php';
+?>
+<div class="typecho-login-wrap">
+    <div class="typecho-login">
+        <h1><a href="http://typecho.org" class="i-logo">Typecho</a></h1>
+        <form action="<?php $options->registerAction(); ?>" method="post" name="register" role="form">
+            <p>
+                <label for="name" class="sr-only"><?php _e('用户名'); ?></label>
+                <input type="text" id="name" name="name" placeholder="<?php _e('用户名'); ?>" value="<?php echo $rememberName; ?>" class="text-l w-100" autofocus />
+            </p>
+            <p>
+                <label for="mail" class="sr-only"><?php _e('Email'); ?></label>
+                <input type="email" id="mail" name="mail" placeholder="<?php _e('Email'); ?>" value="<?php echo $rememberMail; ?>" class="text-l w-100" />
+            </p>
+            <p class="submit">
+                <button type="submit" class="btn btn-l w-100 primary"><?php _e('注册'); ?></button>
+            </p>
+        </form>
+        
+        <p class="more-link">
+            <a href="<?php $options->siteUrl(); ?>"><?php _e('返回首页'); ?></a>
+            &bull;
+            <a href="<?php $options->adminUrl('login.php'); ?>"><?php _e('用户登录'); ?></a>
+        </p>
+    </div>
+</div>
+<?php 
+include 'common-js.php';
+?>
+<script>
+$(document).ready(function () {
+    $('#name').focus();
+});
+</script>
+<?php
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_buttons.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_buttons.scss
new file mode 100644
index 0000000..3c7292f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_buttons.scss
@@ -0,0 +1,113 @@
+@import "compass";
+
+/**
+* Buttons
+*/
+
+@mixin button($color) {
+  border: none;
+  background-color: $color;
+  cursor: pointer;
+
+  @include border-radius(2px);
+  // @include transition-property(background-color);
+
+  &:hover {
+    @include transition-duration(.4s);
+    background-color: darken($color, 6%);
+  }
+  &:active, &.active {
+    background-color: darken($color, 8%);
+  }
+  &:disabled {
+    background-color: lighten($color, 6%);
+    cursor: default;
+  }
+}
+
+.btn {
+  @include button(#E9E9E6);
+
+  display: inline-block;
+  padding: 0 12px;
+  height: 32px;
+  color: #666;
+  vertical-align: middle;
+  zoom: 1;
+
+  &:disabled {
+    color: #999;
+  }
+}
+
+.btn-xs {
+  padding: 0 10px;
+  height: 25px;
+  font-size: 13px;
+}
+.btn-s { height: 28px; }
+.btn-l {
+  height: 40px;
+  font-size: 1.14286em;
+  font-weight: bold;
+}
+
+.primary {
+  @include button(#467B96);
+  color: #FFF;
+}
+
+.btn-group {
+  display: inline-block; 
+}
+
+.btn-warn {
+  @include button(#B94A48);
+  color: #FFF;
+}
+
+.btn-link,
+.btn-link:hover,
+.btn-link:focus,
+.btn-link:active,
+.btn-link.active {
+  background-color: transparent;
+}
+
+/* 下拉菜单 */
+.btn-drop {
+  position: relative;
+}
+.dropdown-toggle {
+  padding-right: 8px;
+}
+.dropdown-menu {
+  list-style: none;
+  position: absolute;
+  z-index: 2;
+  left: 0;
+  margin: 0;
+  padding: 0;
+  border: 1px solid #D9D9D6; 
+  background: #FFF;
+  text-align: left;
+  min-width: 108px;
+  display: none;
+
+  li {
+    white-space: nowrap;
+    &.multiline {
+      padding: 5px 12px 12px;
+    }
+  }
+
+  a {
+    display: block;
+    padding: 5px 12px;
+    color: #666;
+    &:hover {
+      background: #F6F6F3;
+      text-decoration: none !important;
+    }
+  }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_components.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_components.scss
new file mode 100644
index 0000000..d27c1d8
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_components.scss
@@ -0,0 +1,3 @@
+@import "components/editor";
+@import "components/timepicker";
+@import "components/tokeninput";
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_footer.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_footer.scss
new file mode 100644
index 0000000..9e31a9a
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_footer.scss
@@ -0,0 +1,20 @@
+/**
+* 注脚
+*/
+.typecho-foot {
+  padding: 4em 0 3em;
+  color: #999;
+  line-height: 1.8;
+  text-align: center;
+
+  .copyright p {
+    margin: 10px 0 0;
+  }
+  .resource {
+    color: #CCC;
+  }
+  .resource a {
+    margin: 0 3px;
+    color: #999;
+  }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_forms.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_forms.scss
new file mode 100644
index 0000000..efdd524
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_forms.scss
@@ -0,0 +1,47 @@
+/**
+* Forms
+*/
+
+input[type=text], input[type=password], input[type=email],
+textarea {
+  background: #FFF;
+  border: 1px solid #D9D9D6;
+  padding: 7px;
+
+  border-radius: 2px;
+
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+
+textarea {
+  resize: vertical;
+  line-height: 1.5;
+}
+
+input[type="radio"], input[type="checkbox"] { margin-right: 3px; }
+
+input, textarea {
+  &.text-s { padding: 5px; }
+  &.text-l {
+    padding: 10px;
+    font-size: 1.14286em;
+  }
+}
+
+.w-10 { width: 10%; }
+.w-20 { width: 20%; }
+.w-30 { width: 30%; }
+.w-40 { width: 40%;}
+.w-50 { width: 50%;}
+.w-60 { width: 60%;}
+.w-70 { width: 70%;}
+.w-80 { width: 80%;}
+.w-90 { width: 90%;}
+.w-100 { width: 100%;}
+
+select {
+  border: 1px solid #CCC;
+  height: 28px;
+}
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_header.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_header.scss
new file mode 100644
index 0000000..d72380c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_header.scss
@@ -0,0 +1,109 @@
+/**
+* 后台头部导航
+*/
+.typecho-head-nav {
+  padding: 0 10px;
+  background: #292D33;
+}
+
+.typecho-head-nav a {
+  color: #BBB;
+}
+.typecho-head-nav a:hover,
+.typecho-head-nav a:focus {
+  color: #FFF;
+  text-decoration: none;
+}
+
+#typecho-nav-list {
+  float: left;
+  ul {
+    list-style: none;
+    margin: 0;
+    padding: 0;
+  }
+}
+
+#typecho-nav-list ul:first-child {
+  border-left: 1px solid #383D45;
+}
+
+#typecho-nav-list .root {
+  position: relative;
+  float: left;
+}
+
+#typecho-nav-list .parent a {
+  display: block;
+  float: left;
+  padding: 0 20px;
+  border-right: 1px solid #383D45;
+  height: 36px;
+  line-height: 36px;
+  color: #BBB;
+}
+
+#typecho-nav-list .parent a:hover,
+#typecho-nav-list .focus .parent a,
+#typecho-nav-list .root:hover .parent a {
+  background: #202328;
+  color: #FFF;
+  text-decoration: none;
+}
+
+#typecho-nav-list .focus .parent a {
+  font-weight: bold;
+}
+
+#typecho-nav-list .child {
+  position: absolute;
+  top: 36px;
+  display: none;
+  margin: 0;
+  min-width: 160px; 
+  max-width: 240px;
+  background: #202328;
+  z-index: 250;
+}
+
+#typecho-nav-list .root:hover .child {
+  display: block;
+}
+
+#typecho-nav-list .child li a {
+  color: #BBB;
+  display: block;
+  padding: 0 20px;
+  overflow: hidden;
+  text-overflow : ellipsis;
+  white-space: nowrap;
+  height: 36px;
+  line-height: 36px;
+}
+
+#typecho-nav-list .child li a:hover,
+#typecho-nav-list .child li a:focus {
+  background: #292D33;
+  color: #FFF;
+}
+#typecho-nav-list .child li.focus a {
+  color: #6DA1BB;
+  font-weight: bold;
+}
+
+.typecho-head-nav .operate {
+  float: right;
+}
+.typecho-head-nav .operate a {
+  display: inline-block;
+  margin-left: -1px;
+  padding: 0 20px;
+  border: 1px solid #383D45;
+  border-width: 0 1px;
+  line-height: 36px;
+  color: #BBB;
+}
+.typecho-head-nav .operate a:hover {
+  background-color: #202328;
+  color: #FFF;
+}
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_hidden.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_hidden.scss
new file mode 100644
index 0000000..0f5ac4a
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_hidden.scss
@@ -0,0 +1,46 @@
+/*
+* Hide from both screenreaders and browsers: h5bp.com/u
+*/
+
+.hidden {
+  display: none;
+  // display: none !important;
+  // visibility: hidden;
+}
+
+/*
+* Hide only visually, but have it available for screenreaders: h5bp.com/v
+*/
+
+.sr-only {
+  border: 0;
+  height: 1px;
+  margin: -1px;
+  overflow: hidden;
+  padding: 0;
+  position: absolute;
+  width: 1px;
+}
+
+/*
+* Extends the .sr-only class to allow the element to be focusable
+* when navigated to via the keyboard: h5bp.com/p
+*/
+
+.sr-only.focusable:active,
+.sr-only.focusable:focus {
+  clip: auto;
+  height: auto;
+  margin: 0;
+  overflow: visible;
+  position: static;
+  width: auto;
+}
+
+/*
+* Hide visually and from screenreaders, but maintain layout
+*/
+
+.invisible {
+  visibility: hidden;
+}
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_icons.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_icons.scss
new file mode 100644
index 0000000..1992149
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_icons.scss
@@ -0,0 +1,178 @@
+/**
+ * icons
+ */
+$sprites: sprite-map("icons/*.png");
+$sprites-retina: sprite-map("icons-2x/*.png");
+
+@mixin sprite-background($name) {
+  // background-image: sprite-url($sprites);
+  background-position: sprite-position($sprites, $name);
+  // background-repeat: no-repeat;
+  // display: block;
+  // height: image-height(sprite-file($sprites, $name));
+  // width: image-width(sprite-file($sprites, $name));
+  @media 
+  (-webkit-min-device-pixel-ratio: 2), 
+  (min-resolution: 192dpi) {
+    // Workaround for https://gist.github.com/2140082
+    @if (sprite-position($sprites, $name) != sprite-position($sprites-retina, $name)) {
+      $ypos: round(nth(sprite-position($sprites-retina, $name), 2) / 2);
+      background-position: 0 $ypos;
+    }
+    // Hard coded width of the normal sprite image. There must be a smarter way to do this.
+    // @include background-size(auto 256px);
+    // background-image: sprite-url($sprites-retina);
+  }
+}
+
+
+%i-base {
+  display: inline-block;
+  vertical-align: text-bottom;
+  text-indent: -9999em;
+  background-image: sprite-url($sprites);
+  background-repeat: no-repeat;
+  &:hover {
+    @include opacity(0.75);
+  }
+  @media
+  (-webkit-min-device-pixel-ratio: 2), 
+  (min-resolution: 192dpi) {
+    // Hard coded width of the normal sprite image. There must be a smarter way to do this.
+    @include background-size(auto 256px);
+    background-image: sprite-url($sprites-retina);
+  }
+}
+
+%i-16 {
+  @extend %i-base;
+  width: 16px;
+  height: 16px;
+}
+
+%i-24 {
+  @extend %i-base;
+  width: 24px;
+  height: 24px;
+}
+
+.i-edit {
+  @extend %i-16;
+  @include sprite-background(icon-edit);
+}
+.i-delete {
+  @extend %i-16;
+  @include sprite-background(icon-delete);
+}
+
+
+// 大号上传按钮
+
+.i-upload {
+  @extend %i-24;
+  @include sprite-background(icon-upload);
+}
+
+.i-upload-active {
+  @extend %i-24;
+  @include sprite-background(icon-upload-active);
+}
+
+// 小箭头
+.i-caret-up, .i-caret-down, .i-caret-left, .i-caret-right {
+  display: inline-block;
+  border-style: solid;
+  border-color: transparent transparent #BBB transparent;
+  border-width: 3px 4px 5px;
+}
+.i-caret-down {
+  border-color: #BBB transparent transparent transparent;
+  border-width: 5px 4px 3px;
+}
+.i-caret-left {
+  border-color: transparent #BBB transparent transparent;
+  border-width: 4px 5px 4px 3px;
+}
+.i-caret-right {
+  border-color: transparent transparent transparent #BBB;
+  border-width: 4px 3px 4px 5px;
+}
+
+.i-exlink {
+  @extend %i-16;
+  @include sprite-background(icon-exlink);
+}
+
+
+/* 文件类型图标 */
+
+.mime-office {
+  @extend %i-16;
+  @include sprite-background(mime-office);
+}
+
+.mime-text {
+  @extend %i-16;
+  @include sprite-background(mime-text);
+}
+
+.mime-image {
+  @extend %i-16;
+  @include sprite-background(mime-image);
+}
+
+.mime-html {
+  @extend %i-16;
+  @include sprite-background(mime-html);
+}
+
+.mime-archive {
+  @extend %i-16;
+  @include sprite-background(mime-archive);
+}
+
+.mime-application {
+  @extend %i-16;
+  @include sprite-background(mime-application);
+}
+
+.mime-audio {
+  @extend %i-16;
+  @include sprite-background(mime-audio);
+}
+
+.mime-script {
+  @extend %i-16;
+  @include sprite-background(mime-script);
+}
+
+.mime-video {
+  @extend %i-16;
+  @include sprite-background(mime-video);
+}
+
+.mime-unknow {
+  @extend %i-16;
+  @include sprite-background(mime-unknow);
+}
+
+
+/* Logo 图标 */
+.i-logo, .i-logo-s {
+  width: 169px;
+  height: 40px;
+  display: inline-block;
+  background: url("../img/typecho-logo.svg") no-repeat;
+  text-indent: -9999em;
+  @include background-size(auto 40px);
+  @include opacity(.15);
+  &:hover {
+    @include opacity(.2);
+  }
+}
+.i-logo-s {
+  width: 26px;
+  height: 26px;
+  @include background-size(auto 26px);
+}
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_messages.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_messages.scss
new file mode 100644
index 0000000..c241a21
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_messages.scss
@@ -0,0 +1,51 @@
+@import "compass";
+
+/**
+* 提示信息框
+*/
+.message {
+  padding: 8px 10px;
+  @include border-radius(2px);
+}
+
+.message a {
+  font-weight: bold;
+  text-decoration: underline;
+}
+
+.error {
+  background: #FBE3E4;
+  color: #8A1F11;
+}
+.error a { color: #8A1F11; }
+
+.notice {
+  background: #FFF6BF;
+  color: #8A6D3B;
+}
+.notice a { color: #8A6D3B; }
+
+.success {
+  background: #E6EFC2;
+  color: #264409;
+}
+.success a { color: #264409; }
+
+
+// 气泡
+.balloon {
+  display: inline-block;
+  padding: 0 4px;
+  min-width: 10px;
+  height: 14px;
+  line-height: 14px;
+  background: #B9B9B6;
+  vertical-align: text-top;
+  text-align: center;
+  font-size: 12px;
+  color: #FFF;
+
+  @include border-radius(20px);
+
+}
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_pagenavi.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_pagenavi.scss
new file mode 100644
index 0000000..30e7589
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/_pagenavi.scss
@@ -0,0 +1,36 @@
+/**
+* 后台分页
+*/
+
+.typecho-pager {
+  list-style: none;
+  float: right;
+  margin: 0;
+  padding: 0;
+  line-height: 1;
+  text-align: center;
+  zoom: 1;
+}
+
+.typecho-pager li {
+  display: inline-block;
+  margin: 0 3px;
+  height: 28px;
+  line-height: 28px;
+}
+
+.typecho-pager a {
+  display: block;
+  padding: 0 10px;
+  @include border-radius(2px);
+}
+
+.typecho-pager a:hover {
+  text-decoration: none;
+  background: #E9E9E6;
+}
+
+.typecho-pager li.current a {
+  background: #E9E9E6;
+  color: #444;
+}
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_editor.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_editor.scss
new file mode 100644
index 0000000..3d2ce29
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_editor.scss
@@ -0,0 +1,248 @@
+/*
+* Editor
+*/
+.editor {
+  margin-bottom: -0.5em;
+}
+
+.wmd-button-row {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  height: 26px;
+  line-height: 1;
+
+  li {
+    display: inline-block;
+    margin-right: 4px;
+    padding: 3px;
+    cursor: pointer;
+    vertical-align: middle;
+    @include border-radius(2px);
+    &:hover {
+      background-color: #E9E9E6;
+    }
+    &.wmd-spacer {
+      height: 20px;
+      margin: 0 10px 0 6px;
+      padding: 0;
+      width: 1px;
+      background: #E9E9E6;
+      cursor: default;
+    }
+  }
+}
+
+#wmd-button-row span {
+  display: block;
+  width: 20px;
+  height: 20px;
+  background: transparent url(../img/editor.png) no-repeat;
+}
+
+@media 
+(-webkit-min-device-pixel-ratio: 2), 
+(min-resolution: 192dpi) {
+  #wmd-button-row span {
+    background-image: url(../img/editor@2x.png);
+    @include background-size(320px auto);
+  }
+}
+
+// 撰写预览切换 tab
+.wmd-edittab {
+  float: right;
+  margin-top: 3px;
+  font-size: .92857em;
+  a {
+    display: inline-block;
+    padding: 0 8px;
+    margin-left: 5px;
+    height: 20px;
+    line-height: 20px;
+    &:hover {
+      text-decoration: none;
+    }
+    &.active {
+      background: #E9E9E6;
+      color: #999;
+    }
+  }
+}
+
+// 控制被隐藏的 tab，全屏时显示
+.wmd-hidetab {
+  display: none;
+}
+// 隐藏编辑器，但占位
+.wmd-visualhide {
+  visibility: hidden;
+}
+
+/* 对话框 */
+.wmd-prompt-background {
+  background-color: #000;
+}
+.wmd-prompt-dialog {
+  position: fixed;
+  z-index: 1001;
+  top: 50%;
+  left: 50%;
+  margin-top: -95px;
+  margin-left: -200px;
+  padding: 20px;
+  width: 360px;
+  background: #F6F6F3;
+
+  p { margin: 0 0 5px; }
+  form { margin-top: 10px; }
+  input[type="text"] {
+    margin-bottom: 10px;
+    width: 100%;
+  }
+  button { margin-right: 10px; }
+}
+
+/* 预览 */
+#wmd-preview {
+  background: #FFF;
+  margin: 1em 0;
+  padding: 0 15px;
+  word-wrap: break-word;
+  overflow: auto;
+  @include border-radius(2px);
+  img { max-width: 100%; }
+  code, pre {
+    padding: 2px 4px;
+    background: #F3F3F0;
+    font-size: .92857em;
+  }
+  code { color: #C13; }
+  pre {
+    padding: 1em;
+    code {
+      padding: 0;
+      color: #444;
+    }
+  }
+  blockquote {
+    margin: 1em 1.5em;
+    padding-left: 1.5em;
+    border-left: 4px solid #E9E9E6;
+    color: #777;
+  }
+  hr {
+    margin: 2em auto;
+    width: 100px;
+    border: 1px solid #E9E9E6;
+    border-width: 2px 0 0 0;
+  }
+  .summary:after {
+    display: block;
+    margin: 2em 0;
+    background: #FFF9E8;
+    color: darken(#FFF9E8, 55%);
+    font-size: .85714em;
+    text-align: center;
+    content: "- more -";
+  }
+}
+
+/* 上传面板动画效果 */
+@keyframes fullscreen-upload {
+  0%   { right: -280px; }
+  100% { right: -1px; }
+}
+
+@-moz-keyframes fullscreen-upload {
+  0%   { right: -280px; }
+  100% { right: -1px; }
+}
+
+@-webkit-keyframes fullscreen-upload {
+  0%   { right: -280px; }
+  100% { right: -1px; }
+}
+
+@-o-keyframes fullscreen-upload {
+  0%   { right: -280px; }
+  100% { right: -1px; }
+}
+
+/* 编辑器全屏 */
+.fullscreen {
+  #wmd-button-bar, #text, #wmd-preview, .submit {
+    // position: fixed;
+    position: absolute;
+    top: 0;
+    width: 50%;
+    background: #FFF;
+    z-index: 999;
+    @include box-sizing(border-box);
+    @include border-radius(0);
+  }
+  #wmd-button-bar {
+    left: 0;
+    padding: 13px 20px;
+    border-bottom: 1px solid #F3F3F0;
+    z-index: 1000;
+  }
+  #text {
+    top: 53px;
+    left: 0;
+    padding: 20px;
+    border: none;
+    outline: none;
+  }
+  #wmd-preview {
+    top: 53px;
+    right: 0;
+    margin: 0;
+    padding: 5px 20px;
+    border: none;
+    border-left: 1px solid #F3F3F0;
+    background: #F6F6F3;
+    overflow: auto;
+    code, pre {
+      background: #F0F0EC;
+    }
+  }
+  .submit {
+    right: 0;
+    margin: 0;
+    padding: 10px 20px;
+    border-bottom: 1px solid #F3F3F0;
+  }
+  #upload-panel {
+    -webkit-box-shadow: 0 4px 16px rgba(0,0,0,0.225);
+    box-shadow: 0 4px 16px rgba(0,0,0,0.225);
+    border-style: solid;
+  }
+
+  // 全屏附件上传
+  #tab-files {
+    position: absolute;
+    top: 52px;
+    right: -1px;
+    width: 280px;
+    z-index: 1001;
+
+    animation: fullscreen-upload 0.5s;
+    -moz-animation: fullscreen-upload 0.5s;
+    -webkit-animation: fullscreen-upload 0.5s;
+    -o-animation: fullscreen-upload 0.5s;
+  }
+
+  .wmd-edittab,
+  .typecho-post-option,
+  .title,
+  .url-slug,
+  .typecho-page-title,
+  .typecho-head-nav,
+  .message { display: none; }
+  .wmd-hidetab { display: block; }
+  .wmd-visualhide,
+  #btn-fullscreen-upload {
+    visibility: visible;
+  }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_retina.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_retina.scss
new file mode 100644
index 0000000..76f848e
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_retina.scss
@@ -0,0 +1,12 @@
+@import "compass/css3/background-size";
+
+@mixin image-2x($image, $width, $height) {
+  @media (-webkit-min-device-pixel-ratio: 1.3),
+         (min-resolution: 124.8dpi),
+         (min-resolution: 1.3dppx) {
+      & {
+        background-image: url($image);
+        @include background-size($width $height);
+      }
+  }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_timepicker.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_timepicker.scss
new file mode 100644
index 0000000..3e088a6
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_timepicker.scss
@@ -0,0 +1,84 @@
+/**
+* Jquery Timepicker
+*/
+
+#ui-datepicker-div {
+  display: none;
+  margin-top: -1px;
+  padding: 10px;
+  border: 1px solid #D9D9D6;
+  background: #FFF;
+}
+.ui-timepicker-div .ui-widget-header { margin-bottom: 8px; }
+.ui-timepicker-div dl { text-align: left; }
+.ui-timepicker-div dl dt { float: left; clear:left; }
+.ui-timepicker-div dl dd { margin: 0 0 10px 40%; }
+.ui-tpicker-grid-label { background: none; border: none; margin: 0; padding: 0; }
+
+#ui-datepicker-div .ui-datepicker-header {
+  margin-bottom: 10px;
+  padding-bottom: 10px;
+  border-bottom: 1px solid #EEE;
+}
+#ui-datepicker-div .ui-datepicker-prev { float: left; cursor: pointer; }
+#ui-datepicker-div .ui-datepicker-next { float: right; cursor: pointer; }
+#ui-datepicker-div .ui-datepicker-title {
+  font-weight: bold;
+  text-align: center;
+}
+#ui-datepicker-div .ui-datepicker-calendar th { line-height: 24px; }
+#ui-datepicker-div .ui-datepicker-calendar a {
+  display: block;
+  width: 30px;
+  background-color: #F3F3F0;
+  line-height: 24px;
+  text-align: center;
+}
+#ui-datepicker-div .ui-datepicker-calendar a:hover {
+  background-color: #E9E9E6;
+  text-decoration: none;
+}
+#ui-datepicker-div .ui-datepicker-today a {
+  background-color: #E9E9E6;
+  color: #444;
+}
+#ui-datepicker-div .ui-datepicker-current-day a {
+  background-color: #467B96 !important;
+  color: #FFF;
+}
+#ui-datepicker-div .ui-timepicker-div {
+  margin-top: 20px;
+  border-top: 1px solid #EEE;
+}
+#ui-datepicker-div .ui-slider {
+  position: relative;
+  margin-top: 18px;
+  border: 1px solid #E9E9E6;
+  background-color: #F6F6F3;
+  height: 4px;
+}
+#ui-datepicker-div .ui-slider .ui-slider-handle {
+  position: absolute;
+  top: -7px;
+  margin-left: -5px;
+  z-index: 2;
+  width: 10px;
+  height: 16px;
+  background-color: #467B96;
+}
+
+#ui-datepicker-div .ui-datepicker-buttonpane {
+  padding-top: 10px;
+  border-top: 1px solid #EEE;
+}
+#ui-datepicker-div .ui-datepicker-current,
+#ui-datepicker-div .ui-datepicker-close {
+  float: left;
+  @extend .btn;
+  @extend .btn-xs;
+}
+#ui-datepicker-div .ui-datepicker-close {
+  float: right;
+}
+
+.ui-effects-transfer { border: 2px dotted #ccc; }
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_tokeninput.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_tokeninput.scss
new file mode 100644
index 0000000..b33c5dc
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/components/_tokeninput.scss
@@ -0,0 +1,106 @@
+/**
+* Jquery Tokeninput
+*/
+
+ul.token-input-list {
+  list-style: none;
+  margin: 0;
+  padding: 0 4px;
+  min-height: 32px;
+  border: 1px solid #D9D9D6;
+  cursor: text;
+  z-index: 999;
+  background-color: #FFF;
+  clear: left;
+
+  border-radius: 2px;
+
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+
+  li {
+      margin: 4px 0;
+  }
+}
+
+
+ul.token-input-list li input {
+  padding: 0;
+  border: 0;
+  width: 100%;
+  -webkit-appearance: caret;
+}
+
+li.token-input-token {
+  padding: 0 6px;
+  height: 27px;
+  line-height: 27px; 
+  background-color: #F3F3F0;
+  cursor: default;
+  font-size: .92857em;
+  text-align: right;
+  white-space: nowrap;
+  p {
+      float: left;
+      display: inline;
+      margin: 0;
+  }
+  span {
+      color: #BBB;
+      font-weight: bold;
+      cursor: pointer;
+  }
+}
+
+
+
+li.token-input-selected-token {
+  background-color: #E9E9E6;
+}
+
+li.token-input-input-token {
+  padding: 0 4px;
+}
+
+div.token-input-dropdown {
+  position: absolute;
+  background-color: #FFF;
+  overflow: hidden;
+  border: 1px solid #D9D9D6;
+  border-top-width: 0;
+  cursor: default;
+  z-index: 1;
+  font-size: .92857em;
+}
+
+div.token-input-dropdown p {
+  margin: 0;
+  padding: 5px 10px;
+  color: #777;
+  font-weight: bold;
+}
+
+div.token-input-dropdown ul {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+}
+
+div.token-input-dropdown ul li {
+  padding: 4px 10px;
+  background-color: #FFF;
+}
+
+div.token-input-dropdown ul li.token-input-dropdown-item {
+  background-color: #FFF;
+}
+
+div.token-input-dropdown ul li em {
+  font-style: normal;
+}
+
+div.token-input-dropdown ul li.token-input-selected-dropdown-item {
+  background-color: #467B96;
+  color: #FFF;
+}
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/grid.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/grid.scss
new file mode 100644
index 0000000..a9363ba
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/grid.scss
@@ -0,0 +1,226 @@
+/*
+ * Bento Grid System
+ * Source: https://github.com/fenbox/bento
+ * Version: 1.2.8
+ * Update: 2013.11.25
+ */
+
+//
+// Config
+//
+$columns: 12;
+$column-width: 100% / $columns;
+$gutter-width: 20px;
+
+
+// Break point
+$screen-tablet:  768px;
+$screen-desktop: 992px;
+$screen-wide: 1200px;
+
+
+// Mixins
+%box-sizing {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+
+
+// Container
+.container {
+  margin-left: auto;
+  margin-right: auto;
+  padding-left: $gutter-width / 2;
+  padding-right: $gutter-width / 2;
+  @extend %box-sizing;
+}
+
+// Column group
+.row {
+  margin-right: $gutter-width / -2;
+  margin-left: $gutter-width / -2;
+  @extend .clearfix;
+}
+
+.row [class*="col-"] {
+  float: left;
+  min-height: 1px;
+  padding-right: $gutter-width / 2;
+  padding-left: $gutter-width / 2;
+  @extend %box-sizing;
+}
+
+.row [class*="-push-"],
+.row [class*="-pull-"] {
+  position: relative;
+}
+
+
+/*
+ * Mobile and up
+ */
+
+@for $index from 1 through $columns {
+  .col-mb-#{$index} {
+    width: $column-width * $index;
+  }
+}
+
+
+/*
+ * Tablet and up
+ */
+
+@media (min-width: $screen-tablet) {
+  .container {
+    max-width: $screen-tablet - ($gutter-width * 2);
+  }
+
+  // Colunms
+  @for $index from 1 through $columns {
+    .col-tb-#{$index} {
+      width: $column-width * $index;
+    }
+  }
+
+  // Offset
+  @for $index from 0 through $columns {
+    .col-tb-offset-#{$index} {
+      margin-left: $column-width * $index;
+    }
+  }
+
+  // Pull
+  @for $index from 0 through $columns {
+    .col-tb-pull-#{$index} {
+      right: $column-width * $index;
+    }
+  }
+
+  // Push
+  @for $index from 0 through $columns {
+    .col-tb-push-#{$index} {
+      left: $column-width * $index;
+    }
+  }
+}
+
+
+/*
+ * Desktop and up
+ */
+
+@media (min-width: $screen-desktop) {
+  .container {
+    max-width: $screen-desktop - ($gutter-width * 2);
+  }
+
+  // Colunms
+  @for $index from 1 through $columns {
+    .col-#{$index} {
+      width: $column-width * $index;
+    }
+  }
+
+  // Offset
+  @for $index from 0 through $columns {
+    .col-offset-#{$index} {
+      margin-left: $column-width * $index;
+    }
+  }
+
+  // Pull
+  @for $index from 0 through $columns {
+    .col-pull-#{$index} {
+      right: $column-width * $index;
+    }
+  }
+
+  // Push
+  @for $index from 0 through $columns {
+    .col-push-#{$index} {
+      left: $column-width * $index;
+    }
+  }
+}
+
+
+/*
+ * Widescreen and up
+ */
+
+@media (min-width: $screen-wide) {
+  .container {
+    max-width: $screen-wide - ($gutter-width * 2);
+  }
+
+  // Colunms
+  @for $index from 1 through $columns {
+    .col-wd-#{$index} {
+      width: $column-width * $index;
+    }
+  }
+
+  // Offset
+  @for $index from 0 through $columns {
+    .col-wd-offset-#{$index} {
+      margin-left: $column-width * $index;
+    }
+  }
+
+  // Pull
+  @for $index from 0 through $columns {
+    .col-wd-pull-#{$index} {
+      right: $column-width * $index;
+    }
+  }
+
+  // Push
+  @for $index from 0 through $columns {
+    .col-wd-push-#{$index} {
+      left: $column-width * $index;
+    }
+  }
+}
+
+
+/*
+ * Responsive kit
+ */
+
+// Hidden in mobile and down
+@media (max-width: $screen-tablet - 1px) {
+  .kit-hidden-mb {
+    display: none;
+  }
+}
+
+// Hidden in tablet and down
+@media (max-width: $screen-desktop - 1px) {
+  .kit-hidden-tb {
+    display: none;
+  }
+}
+
+// Hidden in descktop and down
+@media (max-width: $screen-wide - 1px) {
+  .kit-hidden {
+    display: none;
+  }
+}
+
+
+/*
+ * Clearfix
+ */
+.clearfix {
+  zoom: 1;
+  &:before, &:after {
+    content: " ";
+    display: table;
+  }
+  &:after {
+    clear: both;
+  }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/style.scss b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/style.scss
new file mode 100644
index 0000000..254cee5
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/scss/style.scss
@@ -0,0 +1,947 @@
+/* vim: set et sw=2 ts=2 sts=2 fdm=marker ff=unix fenc=utf8 */
+/**
+* Typecho 后台样式
+*
+* @author  Typecho Team
+* @since   2008-09-26
+* @update  2013-11-02
+* @link    http://www.typecho.org/
+* @version 0.9
+*/
+
+@import "compass";
+
+/**
+* Typecho 全局样式
+*/
+
+html {
+  height: 100%;
+}
+
+body {
+  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+  background: #F6F6F3;
+  color: #444;
+  font-size: 87.5%;
+  line-height: 1.5;
+}
+
+a {
+  color: #467B96;
+  text-decoration: none;
+  &:hover {
+    color: #499BC3;
+    text-decoration: underline;
+  }
+}
+
+code, pre, .mono { 
+  font-family: Menlo, Monaco, Consolas, "Courier New", monospace;
+}
+
+.p { margin: 1em 0; }
+
+.body-100 {
+  height: 100%;
+}
+
+a.balloon-button {
+  display: inline-block;
+  padding: 0 6px;
+  min-width: 12px;
+  height: 18px;
+  line-height: 18px;
+  background: #D8E7EE;
+  font-size: .85714em;
+  text-align: center;
+  text-decoration: none;
+  
+  /** 修正ie中文不对齐 */
+  zoom:1;
+  
+  -moz-border-radius: 30px;
+  -webkit-border-radius: 30px;
+  border-radius: 30px;
+}
+
+a.button:hover, a.balloon-button:hover {
+  background-color: #A5CADC;
+  color: #FFF;
+  text-decoration: none;
+}
+
+
+@import "forms";
+@import "buttons";
+@import "messages";
+@import "pagenavi";
+
+@import "header";
+@import "footer";
+
+/* 低版本浏览器升级提示 */
+.browsehappy {
+  border: none;
+  text-align: center;
+}
+
+/** 顶部消息样式 by 70 */
+.popup {
+  display: none;
+  position: absolute;
+  top: 0;
+  left: 0;
+  margin: 0;
+  padding: 8px 0;
+  border: none;
+  width: 100%;
+  z-index: 10;
+  text-align: center;
+
+  -moz-border-radius: 0;
+  -webkit-border-radius: 0;
+  border-radius: 0;
+}
+
+.popup ul {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+  text-align: center;
+}
+
+.popup ul li {
+  display: inline-block;
+  margin-right: 10px;
+}
+
+/**
+* logo 的样式
+*/
+.logo {
+}
+
+/**
+* 载入状态
+*/
+.loading {
+  padding-left: 20px !important;
+  background: transparent url(../img/ajax-loader.gif) no-repeat left center;
+}
+
+
+/**
+* 典型配置选项
+*/
+.typecho-option {
+  list-style: none;
+  margin: 1em 0;
+  padding: 0;
+}
+
+.typecho-option li {
+}
+
+.typecho-option-submit li {
+  border-bottom: none;
+}
+
+.typecho-option label.typecho-label {
+  display: block;
+  margin-bottom: .5em;
+  font-weight: bold;
+}
+.typecho-option label.required:after {
+  content: " *";
+  color: #B94A48;
+}
+.typecho-option label.typecho-label+input {
+}
+.typecho-option span { margin-right: 15px; }
+.typecho-option .description {
+  margin: .5em 0 0;
+  color: #999;
+  font-size: .92857em;
+}
+
+.front-archive {
+  padding-left: 1.5em;
+}
+
+.profile-avatar {
+  border: 1px dashed #D9D9D6;
+  max-width: 100%;
+}
+
+/** 增加配置面板内部的错误样式 by 70 */
+
+
+/** 
+* 安装样式
+* 
+* @author mingcheng
+* @date   2008-09-06
+*/
+
+/**
+* 安装向导
+*/
+.typecho-install {
+  padding-bottom: 2em;
+}
+.typecho-install-patch {
+  margin-bottom: 2em;
+  padding: 2em 0;
+  background-color: #292D33;
+  color: #FFF;
+  text-align: center;
+}
+
+.typecho-install-patch ol {
+  list-style: none;
+  margin: 3em 0 1em;
+  padding: 0;
+  color: #999;
+}
+.typecho-install-patch li {
+  display: inline-block;
+  margin: 0 .8em;
+}
+.typecho-install-patch span {
+  display: inline-block;
+  margin-right: 5px;
+  width: 20px;
+  height: 20px;
+  line-height: 20px;
+  border: 2px solid #999;
+  text-align: center;
+  border-radius: 2em;
+}
+.typecho-install-patch li.current {
+  color: #FFF;
+  font-weight: bold;
+}
+.typecho-install-patch li.current span {
+  border-color: #FFF;
+}
+
+
+/**
+* 安装主体内容
+*/
+
+.typecho-install .typecho-install-body input {
+  width: 100%;
+}
+.typecho-install-body .typecho-option li {
+  margin: 1em 0;
+}
+
+
+/**
+* 欢迎界面
+*/
+
+#typecho-welcome {
+  margin: 1em 0;
+  padding: 1em 2em;
+  background-color: #E9E9E6;
+}
+
+.welcome-board {
+  color: #999;
+  font-size: 1.15em;
+  em {
+    color: #444;
+    font-size: 2em;
+    font-style: normal;
+    font-family: Georgia, serif;
+  }
+}
+
+#start-link {
+  margin-bottom: 25px;
+  padding: 0 0 35px;
+  border-bottom: 1px solid #ECECEC;
+  li {
+    float: left;
+    margin-right: 1.5em;
+  }
+  .balloon {
+    margin-top: 2px;
+  }
+}
+
+.latest-link {
+  li {
+    white-space: nowrap;
+    overflow: hidden; 
+    text-overflow: ellipsis;
+  }
+  span {
+    display: inline-block;
+    margin-right: 4px;
+    padding-right: 8px;
+    border-right: 1px solid #ECECEC;
+    width: 37px;
+    text-align: right;
+    color: #999;
+  }
+}
+
+.update-check {
+  font-size: 14px;
+}
+
+/**
+* 登录框
+*/
+.typecho-login-wrap {
+  display: table;
+  margin: 0 auto;
+  height: 100%;
+}
+.typecho-login {
+  display: table-cell;
+  padding: 30px 0 100px;
+  width: 280px;
+  text-align: center;
+  vertical-align: middle;
+  h1 {
+    margin: 0 0 1em; 
+  }
+}
+
+.typecho-login .more-link {
+  margin-top: 2em;
+  color: #CCC;
+}
+.typecho-login .more-link a { margin: 0 3px; }
+
+/**
+* 标题
+*/
+.typecho-page-title {
+}
+.typecho-page-title h2 {
+  margin: 25px 0 10px;
+  font-size: 1.28571em;
+}
+.typecho-page-title h2 a {
+  margin-left: 10px;
+  padding: 3px 8px;
+  background: #E9E9E6;
+  font-size: .8em;
+
+  border-radius: 2px;
+}
+.typecho-page-title h2 a:hover {
+  text-decoration: none;
+}
+
+/**
+* 后台页面主体
+*/
+
+
+/**
+* 主页主体
+*/
+.typecho-dashboard {
+}
+.typecho-dashboard ul {
+  list-style: none;
+  padding: 0;
+}
+.typecho-dashboard li {
+  margin-bottom: 5px;
+}
+
+
+/**
+* 标签页
+*/
+.typecho-option-tabs {
+  list-style: none;
+  margin: 1em 0 0;
+  padding: 0;
+  font-size: 13px;
+  text-align: center;
+  &.fix-tabs {
+    margin-bottom: 1em;
+  }
+}
+
+.typecho-option-tabs a {
+  display: block;
+  margin-right: -1px;
+  border: 1px solid #D9D9D6;
+  padding: 0 15px;
+  height: 26px;
+  line-height: 26px;
+  color: #666;
+  @include box-sizing(border-box);
+  
+}
+.typecho-option-tabs a:hover {
+  background-color: #E9E9E6;
+  color: #666;
+  text-decoration: none;
+}
+
+.typecho-option-tabs li {
+  float: left;
+  &:first-child a {
+    @include border-radius(2px 0 0 2px);
+  }
+  &:last-child a {
+    @include border-radius(0 2px 2px 0);
+  }
+}
+
+.typecho-option-tabs.right {
+  float: right;
+}
+
+.typecho-option-tabs li.current a,
+.typecho-option-tabs li.active a {
+  background-color: #E9E9E6;
+}
+
+
+/**
+* 表格列表页
+*/
+
+/**
+* 列表页选项
+*/
+.typecho-list .typecho-pager {
+}
+
+.typecho-list-operate {
+  margin: 1em 0;
+}
+
+.typecho-list-operate input,
+.typecho-list-operate button,
+.typecho-list-operate select {
+  vertical-align: bottom;
+}
+
+.typecho-list-operate input[type="checkbox"] {
+  vertical-align: text-top;
+}
+
+.typecho-list-operate .operate {
+  float: left;
+}
+
+.typecho-list-operate .search {
+  float: right;
+}
+
+.typecho-list-operate span.operate-delete, a.operate-delete,
+.typecho-list-operate span.operate-button-delete, a.operate-button-delete {
+  color: #B94A48;
+}
+
+a.operate-edit {
+  color: #007700;
+}
+
+a.operate-reply {
+  color: #545c30;
+}
+
+.typecho-list-operate a:hover {
+  text-decoration: none;
+}
+
+/**
+* 列表表格
+*/
+/** 增加表格标题 by 70 */
+.typecho-list-table-title {
+  margin: 1em 0;
+  color: #999;
+  text-align: center;
+}
+.typecho-table-wrap {
+  padding: 30px;
+  background: #FFF;
+}
+.typecho-list-table {
+  width: 100%;
+}
+
+.typecho-list-table.deactivate {
+  color: #999;
+}
+
+.typecho-list-table .right {
+  text-align: right;
+}
+
+.typecho-list-table th {
+  padding: 0 10px 10px;
+  border-bottom: 2px solid #F0F0EC;
+  text-align: left;
+}
+
+.typecho-list-table td {
+  padding: 10px;
+  border-top: 1px solid #F0F0EC;
+  word-break: break-all;
+}
+.typecho-list-table .status {
+  margin-left: 5px;
+  color: #999;
+  font-size: .92857em;
+  font-style: normal;
+}
+.typecho-list-table tbody tr:hover td {
+  background-color: #F6F6F3;
+}
+
+.typecho-list-table tbody tr.checked td {
+  background-color: #FFF9E8;
+}
+
+.warning {
+  color: #B94A48;
+}
+
+
+.typecho-list-table tr td .hidden-by-mouse {
+  @include opacity(0); 
+}
+
+.typecho-list-table tr:hover td .hidden-by-mouse {
+  @include opacity(1);
+}
+
+
+/**
+* 评论管理
+*/
+
+.comment-reply-content {
+  position: relative;
+  margin: 1em 0;
+  padding: 0 1em;
+  border: 1px solid transparent;
+  background-color: #F0F0EC;
+}
+.comment-reply-content:after {
+  position: absolute;
+  right: 1em;
+  border: 8px solid #F0F0EC;
+  border-color: #F0F0EC #F0F0EC transparent transparent;
+  content: " ";
+}
+
+.comment-meta span,
+.comment-date {
+  font-size: .92857em;
+  color: #999;
+}
+
+.comment-action a, .comment-action span { margin-right: 4px; }
+
+.comment-edit label {
+  display: block;
+}
+
+
+/**
+* 评论回复
+*/
+#typecho-respond {
+  padding: 10px;
+  display: none;
+}
+
+
+/**
+* 模板列表
+*/
+.typecho-theme-list {
+}
+
+.typecho-theme-list .theme-item {
+}
+
+.typecho-theme-list td {
+}
+
+.typecho-theme-list img {
+  margin: 1em 0;
+  max-width: 100%;
+  max-height: 240px;
+}
+
+.typecho-theme-list cite {
+  font-style: normal;
+  color: #999;
+}
+
+.typecho-theme-list tbody tr.current td {
+  background-color: #FFF9E8;
+}
+
+
+/**
+* 后台配置项
+*/
+
+.typecho-page-main .typecho-option input.text {
+  width: 100%;
+}
+
+.typecho-page-main .typecho-option input.num {
+  width: 40px;
+}
+
+.typecho-page-main .typecho-option textarea {
+  width: 100%;
+  height: 100px;
+}
+
+.typecho-page-main .typecho-option .multiline {
+  display: block;
+  margin: .3em 0;
+  &.hidden {
+    display: none;
+  }
+}
+
+
+/**
+* 编辑模板
+*/
+.typecho-select-theme {
+  height: 25px;
+  line-height: 25px;
+  margin: 15px 0px;
+}
+
+.typecho-select-theme h5 {
+  color: #E47E00;
+  font-weight: bold;
+  float: left;
+  font-size: 14px;
+  width: 120px;
+  margin-right: 10px;
+}
+
+.typecho-select-theme select {
+  width: 150px;
+}
+
+/**
+* 编辑模板（编辑详情）
+*/
+
+.typecho-edit-theme ul {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+}
+
+.typecho-edit-theme li {
+  padding: 3px 10px;
+}
+
+.typecho-edit-theme .current {
+  background-color: #E6E6E3;
+}
+.typecho-edit-theme .current a {
+  color: #444;
+}
+
+.typecho-edit-theme textarea {
+  font-size: .92857em;
+  line-height: 1.2;
+  height: 500px;
+}
+
+/**
+* 编写页面
+*/
+
+.typecho-post-area .edit-draft-notice {
+  color: #999;
+  font-size: .92857em;
+}
+.typecho-post-area .edit-draft-notice a { color: #B94A48; }
+
+.typecho-post-area .typecho-label {
+  display: block;
+  margin: 1em 0 -0.5em;
+  font-weight: bold;
+}
+
+.typecho-post-area #auto-save-message {
+  display: block;
+  margin-top: 0.5em;
+  color: #999;
+  font-size: .92857em;
+}
+
+.typecho-post-area .submit .right button {
+  margin-left: 5px;
+}
+
+.typecho-post-area .right {
+  float: right;
+  padding-left: 24px;
+}
+
+.typecho-post-area .left {
+  float: left;
+}
+
+.typecho-post-area input.text {
+}
+
+.typecho-post-area .out-date {
+  border: 1px solid #D3DBB3;
+  padding: 3px;
+  background: #fff;
+}
+
+.typecho-post-area input.title {
+  font-size: 1.17em;
+  font-weight: bold;
+}
+.typecho-post-area .url-slug {
+  margin-top: -0.5em;
+  color: #AAA;
+  font-size: .92857em;
+  word-break: break-word;
+}
+.typecho-post-area #slug {
+  padding: 2px;
+  border: none;
+  background: #FFFBCC;
+  color: #666;
+}
+
+.typecho-post-area #text {
+  resize: none;
+}
+
+#advance-panel {
+  display: none;
+}
+
+#custom-field {
+  margin: 1em 0;
+  padding: 10px 15px;
+  background: #FFF;
+  &.fold {
+    table, .description { display: none; }
+  }
+
+  .description {
+    margin-top: 10px;
+    text-align: right;
+    button {
+      float: left;
+    }
+  }
+
+  p.description {
+    text-align: left;
+  }
+
+  .typecho-label {
+    margin: 0;
+    a {
+      display: block;
+      color: #444;
+      &:hover {
+        color: #467B96;
+        text-decoration: none;
+      }
+    }
+  }
+  table {
+    margin-top: 10px;
+  }
+  td {
+    padding: 10px 5px;
+    font-size: .92857em;
+    border-bottom: 1px solid #F0F0EC;
+    vertical-align: top;
+    label {
+      font-size: 1em;
+      font-weight: normal;
+    }
+  }
+  select { height: 27px; }
+}
+
+.typecho-post-area .is-draft {
+background: #FFF1A8;
+}
+
+.typecho-post-option .description {
+  margin-top: -0.5em;
+  color: #999;
+  font-size: .92857em;
+}
+
+.category-option ul {
+  list-style: none;
+  border: 1px solid #D9D9D6;
+  padding: 6px 12px;
+  max-height: 240px;
+  overflow: auto;
+  background-color: #FFF;
+  border-radius: 2px;
+}
+.category-option li {
+  margin: 3px 0;
+}
+
+.visibility-option ul,
+.allow-option ul {
+  list-style: none;
+  padding: 0;
+}
+
+
+/**
+* 标签列表
+*/
+
+.typecho-page-main ul.tag-list {
+  list-style: none;
+  margin: 0;
+  padding: 20px;
+  background-color: #FFF;
+}
+
+.typecho-page-main ul.tag-list li {
+  display: inline-block;
+  margin: 0 0 5px 0;
+  padding: 5px 5px 5px 10px;
+  cursor: pointer;
+}
+.typecho-page-main ul.tag-list li:hover {
+  background-color: #E9E9E6;
+}
+
+.typecho-page-main ul.tag-list li input {
+  display: none;
+}
+
+
+.typecho-page-main ul.tag-list li.checked {
+  background-color: #FFFBCC;
+}
+
+.typecho-page-main ul.tag-list li.size-5 { font-size: 1em; }
+.typecho-page-main ul.tag-list li.size-10 { font-size: 1.2em; }
+.typecho-page-main ul.tag-list li.size-20 { font-size: 1.4em; }
+.typecho-page-main ul.tag-list li.size-30 { font-size: 1.6em; }
+.typecho-page-main ul.tag-list li.size-0 { font-size: 1.8em; }
+
+.typecho-page-main .tag-edit-link { visibility: hidden; }
+.typecho-page-main li:hover .tag-edit-link { visibility: visible; }
+
+.typecho-attachment-photo {
+  border: 1px solid #E6E6E3;
+  max-width: 100%;
+}
+
+
+/*
+* Upload
+*/
+#upload-panel {
+  border: 1px dashed #D9D9D6;
+  background-color: #FFF;
+  color: #999;
+  font-size: .92857em;
+  &.drag {
+    background-color: #FFFBCC;
+  }
+}
+
+.upload-area {
+  padding: 15px;
+  text-align: center;
+}
+
+#file-list {
+  list-style: none;
+  margin: 0 10px;
+  padding: 0;
+  max-height: 450px;
+  overflow: auto;
+  word-break: break-all;
+  li,
+  .insert {
+    overflow: hidden;
+    white-space: nowrap;
+    text-overflow: ellipsis;
+  }
+  li {
+    padding: 8px 0;
+    border-top: 1px dashed #D9D9D6;
+  }
+  .insert {
+    display: block;
+    max-width: 100%;
+  }
+  .file {
+    margin-left: 5px;
+  }
+  .info {
+    text-transform: uppercase;
+  }
+}
+
+#btn-fullscreen-upload {
+  visibility: hidden;
+}
+
+
+/**
+* 附件管理
+*/
+.edit-media button { margin-right: 6px; }
+
+/* 拖动调整 textarea 大小 */
+.resize {
+  display: block;
+  margin: 2px auto 0;
+  padding: 2px 0;
+  border: 1px solid #D9D9D6;
+  border-width: 1px 0;
+  width: 60px;
+  cursor: row-resize;
+  i {
+    display: block;
+    height: 1px;
+    background-color: #D9D9D6;
+  }
+}
+
+/* 拖动排序 */
+.tDnD_whileDrag {
+  background-color: #FFFBCC;
+}
+
+
+/**
+* 导入扩展样式
+*/
+
+@import "icons";
+@import "components";
+@import "hidden";
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/table-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/table-js.php
new file mode 100644
index 0000000..13ac1c3
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/table-js.php
@@ -0,0 +1,18 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<script>
+(function () {
+    $(document).ready(function () {
+        $('.typecho-list-table').tableSelectable({
+            checkEl     :   'input[type=checkbox]',
+            rowEl       :   'tr',
+            selectAllEl :   '.typecho-table-select-all',
+            actionEl    :   '.dropdown-menu a,button.btn-operate'
+        });
+
+        $('.btn-drop').dropdownMenu({
+            btnEl       :   '.dropdown-toggle',
+            menuEl      :   '.dropdown-menu'
+        });
+    });
+})();
+</script>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/theme-editor.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/theme-editor.php
new file mode 100644
index 0000000..a042d00
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/theme-editor.php
@@ -0,0 +1,62 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+
+Typecho_Widget::widget('Widget_Themes_Files')->to($files);
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                <ul class="typecho-option-tabs fix-tabs clearfix">
+                    <li><a href="<?php $options->adminUrl('themes.php'); ?>"><?php _e('可以使用的外观'); ?></a></li>
+                    <li class="current"><a href="<?php $options->adminUrl('theme-editor.php'); ?>">
+                    <?php if ($options->theme == $files->theme): ?>
+                    <?php _e('编辑当前外观'); ?>
+                    <?php else: ?>
+                    <?php _e('编辑%s外观', ' <cite>' . $files->theme . '</cite> '); ?>
+                    <?php endif; ?>
+                    </a></li>
+                    <?php if (Widget_Themes_Config::isExists()): ?>
+                    <li><a href="<?php $options->adminUrl('options-theme.php'); ?>"><?php _e('设置外观'); ?></a></li>
+                    <?php endif; ?>
+                </ul>
+            </div>
+                
+            <div class="typecho-edit-theme">
+                <div class="col-mb-12 col-tb-8 col-9 content">
+                    <form method="post" name="theme" id="theme" action="<?php $security->index('/action/themes-edit'); ?>">
+                        <label for="content" class="sr-only"><?php _e('编辑源码'); ?></label>
+                        <textarea name="content" id="content" class="w-100 mono" <?php if(!$files->currentIsWriteable()): ?>readonly<?php endif; ?>><?php echo $files->currentContent(); ?></textarea>
+                        <p class="submit">
+                            <?php if($files->currentIsWriteable()): ?>
+                            <input type="hidden" name="theme" value="<?php echo $files->currentTheme(); ?>" />
+                            <input type="hidden" name="edit" value="<?php echo $files->currentFile(); ?>" />
+                            <button type="submit" class="btn primary"><?php _e('保存文件'); ?></button>
+                            <?php else: ?>
+                                <em><?php _e('此文件无法写入'); ?></em>
+                            <?php endif; ?>
+                        </p>
+                    </form>
+                </div>
+                <ul class="col-mb-12 col-tb-4 col-3">
+                    <li><strong>模板文件</strong></li>
+                    <?php while($files->next()): ?>
+                    <li<?php if($files->current): ?> class="current"<?php endif; ?>>
+                    <a href="<?php $options->adminUrl('theme-editor.php?theme=' . $files->currentTheme() . '&file=' . $files->file); ?>"><?php $files->file(); ?></a></li>
+                    <?php endwhile; ?>
+                </ul>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+Typecho_Plugin::factory('admin/theme-editor.php')->bottom($files);
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/themes.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/themes.php
new file mode 100644
index 0000000..a2d0a00
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/themes.php
@@ -0,0 +1,69 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                <ul class="typecho-option-tabs fix-tabs clearfix">
+                    <li class="current"><a href="<?php $options->adminUrl('themes.php'); ?>"><?php _e('可以使用的外观'); ?></a></li>
+                    <?php if (!defined('__TYPECHO_THEME_WRITEABLE__') || __TYPECHO_THEME_WRITEABLE__): ?>
+                    <li><a href="<?php $options->adminUrl('theme-editor.php'); ?>"><?php _e('编辑当前外观'); ?></a></li>
+                    <?php endif; ?>
+                    <?php if (Widget_Themes_Config::isExists()): ?>
+                    <li><a href="<?php $options->adminUrl('options-theme.php'); ?>"><?php _e('设置外观'); ?></a></li>
+                    <?php endif; ?>
+                </ul>
+                
+                <div class="typecho-table-wrap">
+                    <table class="typecho-list-table typecho-theme-list">
+                        <colgroup>
+                            <col width="35%" />
+                            <col />
+                        </colgroup>
+                        
+                        <thead>
+                            <th>截图</th>
+                            <th>详情</th>
+                        </thead>
+
+                        <tbody>
+                            <?php Typecho_Widget::widget('Widget_Themes_List')->to($themes); ?>
+                            <?php while($themes->next()): ?>
+                            <tr id="theme-<?php $themes->name(); ?>" class="<?php if($themes->activated): ?>current<?php endif; ?>">
+                                <td valign="top"><img src="<?php $themes->screen(); ?>" alt="<?php $themes->name(); ?>" /></td>
+                                <td valign="top">
+                                    <h3><?php '' != $themes->title ? $themes->title() : $themes->name(); ?></h3>
+                                    <cite>
+                                        <?php if($themes->author): ?><?php _e('作者'); ?>: <?php if($themes->homepage): ?><a href="<?php $themes->homepage() ?>"><?php endif; ?><?php $themes->author(); ?><?php if($themes->homepage): ?></a><?php endif; ?> &nbsp;&nbsp;<?php endif; ?>
+                                        <?php if($themes->version): ?><?php _e('版本'); ?>: <?php $themes->version() ?><?php endif; ?>
+                                    </cite>
+                                    <p><?php echo nl2br($themes->description); ?></p>
+                                    <?php if($options->theme != $themes->name): ?>
+                                        <p>
+                                            <?php if (!defined('__TYPECHO_THEME_WRITEABLE__') || __TYPECHO_THEME_WRITEABLE__): ?>
+                                            <a class="edit" href="<?php $options->adminUrl('theme-editor.php?theme=' . $themes->name); ?>"><?php _e('编辑'); ?></a> &nbsp;
+                                            <?php endif; ?>
+                                            <a class="activate" href="<?php $security->index('/action/themes-edit?change=' . $themes->name); ?>"><?php _e('启用'); ?></a>
+                                        </p>
+                                    <?php endif; ?>
+                                </td>
+                            </tr>
+                            <?php endwhile; ?>
+                        </tbody>
+                    </table>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/upgrade.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/upgrade.php
new file mode 100644
index 0000000..718d47a
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/upgrade.php
@@ -0,0 +1,41 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                <div id="typecho-welcome">
+                    <form action="<?php echo $security->getTokenUrl(
+                        Typecho_Router::url('do', array('action' => 'upgrade', 'widget' => 'Upgrade'),
+                        Typecho_Common::url('index.php', $options->rootUrl))); ?>" method="post">
+                    <h3><?php _e('检测到新版本!'); ?></h3>
+                    <ul>
+                        <li><?php _e('您已经更新了系统程序, 我们还需要执行一些后续步骤来完成升级'); ?></li>
+                        <li><?php _e('此程序将把您的系统从 <strong>%s</strong> 升级到 <strong>%s</strong>', $options->version, Typecho_Common::VERSION); ?></li>
+                        <li><strong class="warning"><?php _e('在升级之前强烈建议先备份您的数据'); ?></strong></li>
+                    </ul>
+                    <p><button class="btn primary" type="submit"><?php _e('完成升级 &raquo;'); ?></button></p>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+?>
+<script>
+(function () {
+    if (window.sessionStorage) {
+        sessionStorage.removeItem('update');
+    }
+})();
+</script>
+<?php include 'footer.php'; ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/user.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/user.php
new file mode 100644
index 0000000..f6cb957
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/user.php
@@ -0,0 +1,23 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="form">
+            <div class="col-mb-12 col-tb-6 col-tb-offset-3">
+                <?php Typecho_Widget::widget('Widget_Users_Edit')->form()->render(); ?>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/welcome.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/welcome.php
new file mode 100644
index 0000000..6c26136
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/welcome.php
@@ -0,0 +1,36 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+?>
+
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main" role="main">
+            <div class="col-mb-12">
+                <div id="typecho-welcome" class="message">
+                    <form action="<?php $options->adminUrl(); ?>" method="get">
+                    <h3><?php _e('欢迎您使用 "%s" 管理后台: ', $options->title); ?></h3>
+                    <ol>
+                        <li><a class="operate-delete" href="<?php $options->adminUrl('profile.php#change-password'); ?>"><?php _e('强烈建议更改你的默认密码'); ?></a></li>
+                        <?php if($user->pass('contributor', true)): ?>
+                        <li><a href="<?php $options->adminUrl('write-post.php'); ?>"><?php _e('撰写第一篇日志'); ?></a></li>
+                        <li><a href="<?php $options->siteUrl(); ?>"><?php _e('查看我的站点'); ?></a></li>
+                        <?php else: ?>
+                        <li><a href="<?php $options->siteUrl(); ?>"><?php _e('查看我的站点'); ?></a></li>
+                        <?php endif; ?>
+                    </ol>
+                    <p><button type="submit" class="btn primary"><?php _e('让我直接开始使用吧 &raquo;'); ?></button></p>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-js.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-js.php
new file mode 100644
index 0000000..958635f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-js.php
@@ -0,0 +1,260 @@
+<?php if(!defined('__TYPECHO_ADMIN__')) exit; ?>
+<?php Typecho_Plugin::factory('admin/write-js.php')->write(); ?>
+<?php Typecho_Widget::widget('Widget_Metas_Tag_Cloud', 'sort=count&desc=1&limit=200')->to($tags); ?>
+
+<script src="<?php $options->adminStaticUrl('js', 'timepicker.js?v=' . $suffixVersion); ?>"></script>
+<script src="<?php $options->adminStaticUrl('js', 'tokeninput.js?v=' . $suffixVersion); ?>"></script>
+<script>
+$(document).ready(function() {
+    // 日期时间控件
+    $('#date').mask('9999-99-99 99:99').datetimepicker({
+        currentText     :   '<?php _e('现在'); ?>',
+        prevText        :   '<?php _e('上一月'); ?>',
+        nextText        :   '<?php _e('下一月'); ?>',
+        monthNames      :   ['<?php _e('一月'); ?>', '<?php _e('二月'); ?>', '<?php _e('三月'); ?>', '<?php _e('四月'); ?>',
+            '<?php _e('五月'); ?>', '<?php _e('六月'); ?>', '<?php _e('七月'); ?>', '<?php _e('八月'); ?>',
+            '<?php _e('九月'); ?>', '<?php _e('十月'); ?>', '<?php _e('十一月'); ?>', '<?php _e('十二月'); ?>'],
+        dayNames        :   ['<?php _e('星期日'); ?>', '<?php _e('星期一'); ?>', '<?php _e('星期二'); ?>',
+            '<?php _e('星期三'); ?>', '<?php _e('星期四'); ?>', '<?php _e('星期五'); ?>', '<?php _e('星期六'); ?>'],
+        dayNamesShort   :   ['<?php _e('周日'); ?>', '<?php _e('周一'); ?>', '<?php _e('周二'); ?>', '<?php _e('周三'); ?>',
+            '<?php _e('周四'); ?>', '<?php _e('周五'); ?>', '<?php _e('周六'); ?>'],
+        dayNamesMin     :   ['<?php _e('日'); ?>', '<?php _e('一'); ?>', '<?php _e('二'); ?>', '<?php _e('三'); ?>',
+            '<?php _e('四'); ?>', '<?php _e('五'); ?>', '<?php _e('六'); ?>'],
+        closeText       :   '<?php _e('完成'); ?>',
+        timeOnlyTitle   :   '<?php _e('选择时间'); ?>',
+        timeText        :   '<?php _e('时间'); ?>',
+        hourText        :   '<?php _e('时'); ?>',
+        amNames         :   ['<?php _e('上午'); ?>', 'A'],
+        pmNames         :   ['<?php _e('下午'); ?>', 'P'],
+        minuteText      :   '<?php _e('分'); ?>',
+        secondText      :   '<?php _e('秒'); ?>',
+
+        dateFormat      :   'yy-mm-dd',
+        hour            :   (new Date()).getHours(),
+        minute          :   (new Date()).getMinutes()
+    });
+
+    // 聚焦
+    $('#title').select();
+
+    // text 自动拉伸
+    Typecho.editorResize('text', '<?php $security->index('/action/ajax?do=editorResize'); ?>');
+
+    // tag autocomplete 提示
+    var tags = $('#tags'), tagsPre = [];
+    
+    if (tags.length > 0) {
+        var items = tags.val().split(','), result = [];
+        for (var i = 0; i < items.length; i ++) {
+            var tag = items[i];
+
+            if (!tag) {
+                continue;
+            }
+
+            tagsPre.push({
+                id      :   tag,
+                tags    :   tag
+            });
+        }
+
+        tags.tokenInput(<?php 
+        $data = array();
+        while ($tags->next()) {
+            $data[] = array(
+                'id'    =>  $tags->name,
+                'tags'  =>  $tags->name
+            );
+        }
+        echo Json::encode($data);
+        ?>, {
+            propertyToSearch:   'tags',
+            tokenValue      :   'tags',
+            searchDelay     :   0,
+            preventDuplicates   :   true,
+            animateDropdown :   false,
+            hintText        :   '<?php _e('请输入标签名'); ?>',
+            noResultsText   :   '<?php _e('此标签不存在, 按回车创建'); ?>',
+            prePopulate     :   tagsPre,
+
+            onResult        :   function (result, query) {
+                if (!query) {
+                    return result;
+                }
+
+                if (!result) {
+                    result = [];
+                }
+
+                if (!result[0] || result[0]['id'] != query) {
+                    result.unshift({
+                        id      :   query,
+                        tags    :   query
+                    });
+                }
+
+                return result.slice(0, 5);
+            }
+        });
+
+        // tag autocomplete 提示宽度设置
+        $('#token-input-tags').focus(function() {
+            var t = $('.token-input-dropdown'),
+                offset = t.outerWidth() - t.width();
+            t.width($('.token-input-list').outerWidth() - offset);
+        });
+    }
+
+    // 缩略名自适应宽度
+    var slug = $('#slug');
+
+    if (slug.length > 0) {
+        var wrap = $('<div />').css({
+            'position'  :   'relative',
+            'display'   :   'inline-block'
+        }),
+        justifySlug = $('<pre />').css({
+            'display'   :   'block',
+            'visibility':   'hidden',
+            'height'    :   slug.height(),
+            'padding'   :   '0 2px',
+            'margin'    :   0
+        }).insertAfter(slug.wrap(wrap).css({
+            'left'      :   0,
+            'top'       :   0,
+            'minWidth'  :   '5px',
+            'position'  :   'absolute',
+            'width'     :   '100%'
+        })), originalWidth = slug.width();
+
+        function justifySlugWidth() {
+            var val = slug.val();
+            justifySlug.text(val.length > 0 ? val : '     ');
+        }
+
+        slug.bind('input propertychange', justifySlugWidth);
+        justifySlugWidth();
+    }
+
+    // 原始的插入图片和文件
+    Typecho.insertFileToEditor = function (file, url, isImage) {
+        var textarea = $('#text'), sel = textarea.getSelection(),
+            html = isImage ? '<img src="' + url + '" alt="' + file + '" />'
+                : '<a href="' + url + '">' + file + '</a>',
+            offset = (sel ? sel.start : 0) + html.length;
+
+        textarea.replaceSelection(html);
+        textarea.setSelection(offset, offset);
+    };
+
+    var submitted = false, form = $('form[name=write_post],form[name=write_page]').submit(function () {
+        submitted = true;
+    }), savedData = null;
+
+    // 自动保存
+<?php if ($options->autoSave): ?>
+    var locked = false,
+        formAction = form.attr('action'),
+        idInput = $('input[name=cid]'),
+        cid = idInput.val(),
+        autoSave = $('<span id="auto-save-message" class="left"></span>').prependTo('.submit'),
+        autoSaveOnce = !!cid,
+        lastSaveTime = null;
+
+    function autoSaveListener () {
+        setInterval(function () {
+            idInput.val(cid);
+            var data = form.serialize();
+                
+            if (savedData != data && !locked) {
+                locked = true;
+
+                autoSave.text('<?php _e('正在保存'); ?>');
+                $.post(formAction, data + '&do=save', function (o) {
+                    savedData = data;
+                    lastSaveTime = o.time;
+                    cid = o.cid;
+                    autoSave.text('<?php _e('已保存'); ?>' + ' (' + o.time + ')').effect('highlight', 1000);
+                    locked = false;
+                }, 'json');
+            }
+        }, 10000);
+    }
+
+    if (autoSaveOnce) {
+        savedData = form.serialize();
+        autoSaveListener();
+    }
+
+    $('#text').bind('input propertychange', function () {
+        if (!locked) {
+            autoSave.text('<?php _e('尚未保存'); ?>' + (lastSaveTime ? ' (<?php _e('上次保存时间'); ?>: ' + lastSaveTime + ')' : ''));
+        }
+
+        if (!autoSaveOnce) {
+            autoSaveOnce = true;
+            autoSaveListener();
+        }
+    });
+<?php endif; ?>
+
+    // 自动检测离开页
+    var lastData = form.serialize();
+
+    $(window).bind('beforeunload', function () {
+        if (!!savedData) {
+            lastData = savedData;
+        }
+
+        if (form.serialize() != lastData && !submitted) {
+            return '<?php _e('内容已经改变尚未保存, 您确认要离开此页面吗?'); ?>';
+        }
+    });
+
+    // 控制选项和附件的切换
+    var fileUploadInit = false;
+    $('#edit-secondary .typecho-option-tabs li').click(function() {
+        $('#edit-secondary .typecho-option-tabs li').removeClass('active');
+        $(this).addClass('active');
+        $('.tab-content').addClass('hidden');
+        
+        var selected_tab = $(this).find('a').attr('href'),
+            selected_el = $(selected_tab).removeClass('hidden');
+
+        if (!fileUploadInit) {
+            selected_el.trigger('init');
+            fileUploadInit = true;
+        }
+
+        return false;
+    });
+
+    // 高级选项控制
+    $('#advance-panel-btn').click(function() {
+        $('#advance-panel').toggle();
+        return false;
+    });
+
+    // 自动隐藏密码框
+    $('#visibility').change(function () {
+        var val = $(this).val(), password = $('#post-password');
+        console.log(val);
+
+        if ('password' == val) {
+            password.removeClass('hidden');
+        } else {
+            password.addClass('hidden');
+        }
+    });
+    
+    // 草稿删除确认
+    $('.edit-draft-notice a').click(function () {
+        if (confirm('<?php _e('您确认要删除这份草稿吗?'); ?>')) {
+            window.location.href = $(this).attr('href');
+        }
+
+        return false;
+    });
+});
+</script>
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-page.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-page.php
new file mode 100644
index 0000000..2b50bf2
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-page.php
@@ -0,0 +1,151 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+Typecho_Widget::widget('Widget_Contents_Page_Edit')->to($page);
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main typecho-post-area" role="form">
+            <form action="<?php $security->index('/action/contents-page-edit'); ?>" method="post" name="write_page">
+                <div class="col-mb-12 col-tb-9" role="main">
+                    <?php if ($page->draft && $page->draft['cid'] != $page->cid): ?>
+                    <?php $pageModifyDate = new Typecho_Date($page->draft['modified']); ?>
+                        <cite class="edit-draft-notice"><?php _e('当前正在编辑的是保存于%s的草稿, 你可以<a href="%s">删除它</a>', $pageModifyDate->word(), 
+                        $security->getIndex('/action/contents-page-edit?do=deleteDraft&cid=' . $page->cid)); ?></cite>
+                    <?php endif; ?>
+
+                    <p class="title">
+                        <label for="title" class="sr-only"><?php _e('标题'); ?></label>
+                        <input type="text" id="title" name="title" autocomplete="off" value="<?php $page->title(); ?>" placeholder="<?php _e('标题'); ?>" class="w-100 text title" />
+                    </p>
+                    <?php $permalink = Typecho_Common::url($options->routingTable['page']['url'], $options->index);
+                    list ($scheme, $permalink) = explode(':', $permalink, 2);
+                    $permalink = ltrim($permalink, '/');
+                    $permalink = preg_replace("/\[([_a-z0-9-]+)[^\]]*\]/i", "{\\1}", $permalink);
+                    if ($page->have()) {
+                        $permalink = str_replace('{cid}', $page->cid, $permalink);
+                    }
+                    $input = '<input type="text" id="slug" name="slug" autocomplete="off" value="' . htmlspecialchars($page->slug) . '" class="mono" />';
+                    ?>
+                    <p class="mono url-slug">
+                        <label for="slug" class="sr-only"><?php _e('网址缩略名'); ?></label>
+                        <?php echo preg_replace("/\{slug\}/i", $input, $permalink); ?>
+                    </p>
+                    <p>
+                        <label for="text" class="sr-only"><?php _e('页面内容'); ?></label>
+                        <textarea style="height: <?php $options->editorSize(); ?>px" autocomplete="off" id="text" name="text" class="w-100 mono"><?php echo htmlspecialchars($page->text); ?></textarea>
+                    </p>
+                        
+                    <?php include 'custom-fields.php'; ?>
+                    <p class="submit clearfix">
+                        <span class="right"> 
+                            <input type="hidden" name="cid" value="<?php $page->cid(); ?>" />
+                            <button type="submit" name="do" value="save" id="btn-save" class="btn"><?php _e('保存草稿'); ?></button>
+                            <button type="submit" name="do" value="publish" class="btn primary" id="btn-submit"><?php _e('发布页面'); ?></button>
+                            <?php if ($options->markdown && (!$page->have() || $page->isMarkdown)): ?>
+                            <input type="hidden" name="markdown" value="1" />
+                            <?php endif; ?>
+                        </span>
+                    </p>
+                    
+                    <?php Typecho_Plugin::factory('admin/write-page.php')->content($page); ?>
+                </div>
+                <div id="edit-secondary" class="col-mb-12 col-tb-3" role="complementary">
+                    <ul class="typecho-option-tabs clearfix">
+                        <li class="active w-50"><a href="#tab-advance"><?php _e('选项'); ?></a></li>
+                        <li class="w-50"><a href="#tab-files" id="tab-files-btn"><?php _e('附件'); ?></a></li>
+                    </ul>
+
+                    <div id="tab-advance" class="tab-content">
+                        <section  class="typecho-post-option" role="application">
+                            <label for="date" class="typecho-label"><?php _e('发布日期'); ?></label>
+                            <p><input class="typecho-date w-100" type="text" name="date" id="date" value="<?php $page->have() ? $page->date('Y-m-d H:i') : ''; ?>" /></p>
+                        </section>
+
+                        <section class="typecho-post-option">
+                            <label for="order" class="typecho-label"><?php _e('页面顺序'); ?></label>
+                            <p><input type="text" id="order" name="order" value="<?php $page->order(); ?>" class="w-100" /></p>
+                            <p class="description"><?php _e('为你的自定义页面设定一个序列值以后, 能够使得它们按此值从小到大排列'); ?></p>
+                        </section>
+
+                        <section  class="typecho-post-option">
+                            <label for="template" class="typecho-label"><?php _e('自定义模板'); ?></label>
+                                <p>
+                                    <select name="template" id="template">
+                                        <option value=""><?php _e('不选择'); ?></option>
+                                        <?php $templates = $page->getTemplates(); foreach ($templates as $template => $name): ?>
+                                        <option value="<?php echo $template; ?>"<?php if($template == $page->template): ?> selected="true"<?php endif; ?>><?php echo $name; ?></option>
+                                        <?php endforeach; ?>
+                                    </select>
+                                </p>
+                                <p class="description"><?php _e('如果你为此页面选择了一个自定义模板, 系统将按照你选择的模板文件展现它'); ?></p>
+                        </section>
+
+                        <?php Typecho_Plugin::factory('admin/write-page.php')->option($page); ?>
+
+                        <button type="button" id="advance-panel-btn" class="btn btn-xs"><?php _e('高级选项'); ?> <i class="i-caret-down"></i></button>
+                        <div id="advance-panel">
+                            <section class="typecho-post-option visibility-option">
+                                <label for="visibility" class="typecho-label"><?php _e('公开度'); ?></label>
+                                <p>
+                                <select id="visibility" name="visibility">
+                                    <option value="publish"<?php if ($page->status == 'publish' || !$page->status): ?> selected<?php endif; ?>><?php _e('公开'); ?></option>
+                                    <option value="hidden"<?php if ($page->status == 'hidden'): ?> selected<?php endif; ?>><?php _e('隐藏'); ?></option>
+                                </select>
+                                </p>
+                            </section>
+
+                            <section class="typecho-post-option allow-option">
+                                <label class="typecho-label"><?php _e('权限控制'); ?></label>
+                                <ul>
+                                    <li><input id="allowComment" name="allowComment" type="checkbox" value="1" <?php if($page->allow('comment')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowComment"><?php _e('允许评论'); ?></label></li>
+                                    <li><input id="allowPing" name="allowPing" type="checkbox" value="1" <?php if($page->allow('ping')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowPing"><?php _e('允许被引用'); ?></label></li>
+                                    <li><input id="allowFeed" name="allowFeed" type="checkbox" value="1" <?php if($page->allow('feed')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowFeed"><?php _e('允许在聚合中出现'); ?></label></li>
+                                </ul>
+                            </section>
+                            
+                            <?php Typecho_Plugin::factory('admin/write-page.php')->advanceOption($page); ?>
+                        </div>
+                        <?php if($page->have()): ?>
+                        <?php $modified = new Typecho_Date($page->modified); ?>
+                        <section class="typecho-post-option">
+                        <p class="description">
+                            <br>&mdash;<br>
+                            <?php _e('本页面由 <a href="%s">%s</a> 创建',
+                            Typecho_Common::url('manage-pages.php?uid=' . $page->author->uid, $options->adminUrl), $page->author->screenName); ?><br>
+                            <?php _e('最后更新于 %s', $modified->word()); ?>
+                        </p>
+                        </section>
+                        <?php endif; ?>
+                    </div><!-- end #tab-advance -->
+
+                    <div id="tab-files" class="tab-content hidden">
+                        <?php include 'file-upload.php'; ?>
+                    </div><!-- end #tab-files -->
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'write-js.php';
+
+Typecho_Plugin::factory('admin/write-page.php')->trigger($plugged)->richEditor($page);
+if (!$plugged) {
+    include 'editor-js.php';
+}
+
+include 'file-upload-js.php';
+include 'custom-fields-js.php';
+Typecho_Plugin::factory('admin/write-page.php')->bottom($page);
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-post.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-post.php
new file mode 100644
index 0000000..d8ad69f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/admin/write-post.php
@@ -0,0 +1,180 @@
+<?php
+include 'common.php';
+include 'header.php';
+include 'menu.php';
+Typecho_Widget::widget('Widget_Contents_Post_Edit')->to($post);
+?>
+<div class="main">
+    <div class="body container">
+        <?php include 'page-title.php'; ?>
+        <div class="row typecho-page-main typecho-post-area" role="form">
+            <form action="<?php $security->index('/action/contents-post-edit'); ?>" method="post" name="write_post">
+                <div class="col-mb-12 col-tb-9" role="main">
+                    <?php if ($post->draft && $post->draft['cid'] != $post->cid): ?>
+                    <?php $postModifyDate = new Typecho_Date($post->draft['modified']); ?>
+                    <cite class="edit-draft-notice"><?php _e('你正在编辑的是保存于 %s 的草稿, 你也可以 <a href="%s">删除它</a>', $postModifyDate->word(), 
+                    $security->getIndex('/action/contents-post-edit?do=deleteDraft&cid=' . $post->cid)); ?></cite>
+                    <?php endif; ?>
+
+                    <p class="title">
+                        <label for="title" class="sr-only"><?php _e('标题'); ?></label>
+                        <input type="text" id="title" name="title" autocomplete="off" value="<?php $post->title(); ?>" placeholder="<?php _e('标题'); ?>" class="w-100 text title" />
+                    </p>
+                    <?php $permalink = Typecho_Common::url($options->routingTable['post']['url'], $options->index);
+                    list ($scheme, $permalink) = explode(':', $permalink, 2);
+                    $permalink = ltrim($permalink, '/');
+                    $permalink = preg_replace("/\[([_a-z0-9-]+)[^\]]*\]/i", "{\\1}", $permalink);
+                    if ($post->have()) {
+                        $permalink = str_replace(array(
+                            '{cid}', '{category}', '{year}', '{month}', '{day}'
+                        ), array(
+                            $post->cid, $post->category, $post->year, $post->month, $post->day
+                        ), $permalink);
+                    }
+                    $input = '<input type="text" id="slug" name="slug" autocomplete="off" value="' . htmlspecialchars($post->slug) . '" class="mono" />';
+                    ?>
+                    <p class="mono url-slug">
+                        <label for="slug" class="sr-only"><?php _e('网址缩略名'); ?></label>
+                        <?php echo preg_replace("/\{slug\}/i", $input, $permalink); ?>
+                    </p>
+                    <p>
+                        <label for="text" class="sr-only"><?php _e('文章内容'); ?></label>
+                        <textarea style="height: <?php $options->editorSize(); ?>px" autocomplete="off" id="text" name="text" class="w-100 mono"><?php echo htmlspecialchars($post->text); ?></textarea>
+                    </p>
+                    
+                    <?php include 'custom-fields.php'; ?>
+
+                    <p class="submit clearfix">
+                        <span class="right">
+                            <input type="hidden" name="cid" value="<?php $post->cid(); ?>" />
+                            <button type="submit" name="do" value="save" id="btn-save" class="btn"><?php _e('保存草稿'); ?></button>
+                            <button type="submit" name="do" value="publish" class="btn primary" id="btn-submit"><?php _e('发布文章'); ?></button>
+                            <?php if ($options->markdown && (!$post->have() || $post->isMarkdown)): ?>
+                            <input type="hidden" name="markdown" value="1" />
+                            <?php endif; ?>
+                        </span>
+                    </p>
+
+                    <?php Typecho_Plugin::factory('admin/write-post.php')->content($post); ?>
+                </div>
+
+                <div id="edit-secondary" class="col-mb-12 col-tb-3" role="complementary">
+                    <ul class="typecho-option-tabs clearfix">
+                        <li class="active w-50"><a href="#tab-advance"><?php _e('选项'); ?></a></li>
+                        <li class="w-50"><a href="#tab-files" id="tab-files-btn"><?php _e('附件'); ?></a></li>
+                    </ul>
+
+
+                    <div id="tab-advance" class="tab-content">
+                        <section class="typecho-post-option" role="application">
+                            <label for="date" class="typecho-label"><?php _e('发布日期'); ?></label>
+                            <p><input class="typecho-date w-100" type="text" name="date" id="date" value="<?php $post->have() ? $post->date('Y-m-d H:i') : ''; ?>" /></p>
+                        </section>
+
+                        <section class="typecho-post-option category-option">
+                            <label class="typecho-label"><?php _e('分类'); ?></label>
+                            <?php Typecho_Widget::widget('Widget_Metas_Category_List')->to($category); ?>
+                            <ul>
+                                <?php
+                                if ($post->have()) {
+                                    $categories = Typecho_Common::arrayFlatten($post->categories, 'mid');
+                                } else {
+                                    $categories = array();
+                                }
+                                ?>
+                                <?php while($category->next()): ?>
+                                <li><?php echo str_repeat('&nbsp;&nbsp;&nbsp;&nbsp;', $category->levels); ?><input type="checkbox" id="category-<?php $category->mid(); ?>" value="<?php $category->mid(); ?>" name="category[]" <?php if(in_array($category->mid, $categories)): ?>checked="true"<?php endif; ?>/>
+                                <label for="category-<?php $category->mid(); ?>"><?php $category->name(); ?></label></li>
+                                <?php endwhile; ?>
+                            </ul>
+                        </section>
+
+                        <section class="typecho-post-option">
+                            <label for="token-input-tags" class="typecho-label"><?php _e('标签'); ?></label>
+                            <p><input id="tags" name="tags" type="text" value="<?php $post->tags(',', false); ?>" class="w-100 text" /></p>
+                        </section>
+
+                        <?php Typecho_Plugin::factory('admin/write-post.php')->option($post); ?>
+
+                        <button type="button" id="advance-panel-btn" class="btn btn-xs"><?php _e('高级选项'); ?> <i class="i-caret-down"></i></button>
+                        <div id="advance-panel">
+                            <?php if($user->pass('editor', true)): ?>
+                            <section class="typecho-post-option visibility-option">
+                                <label for="visibility" class="typecho-label"><?php _e('公开度'); ?></label>
+                                <p>
+                                <select id="visibility" name="visibility">
+                                    <?php if ($user->pass('editor', true)): ?>
+                                    <option value="publish"<?php if (($post->status == 'publish' && !$post->password) || !$post->status): ?> selected<?php endif; ?>><?php _e('公开'); ?></option>
+                                    <option value="hidden"<?php if ($post->status == 'hidden'): ?> selected<?php endif; ?>><?php _e('隐藏'); ?></option>
+                                    <option value="password"<?php if (strlen($post->password) > 0): ?> selected<?php endif; ?>><?php _e('密码保护'); ?></option>
+                                    <option value="private"<?php if ($post->status == 'private'): ?> selected<?php endif; ?>><?php _e('私密'); ?></option>
+                                    <?php endif; ?>
+                                    <option value="waiting"<?php if (!$user->pass('editor', true) || $post->status == 'waiting'): ?> selected<?php endif; ?>><?php _e('待审核'); ?></option>
+                                </select>
+                                </p>
+                                <p id="post-password"<?php if (strlen($post->password) == 0): ?> class="hidden"<?php endif; ?>>
+                                    <label for="protect-pwd" class="sr-only">内容密码</label>
+                                    <input type="text" name="password" id="protect-pwd" class="text-s" value="<?php $post->password(); ?>" size="16" placeholder="<?php _e('内容密码'); ?>" />
+                                </p>
+                            </section>
+                            <?php endif; ?>
+
+                            <section class="typecho-post-option allow-option">
+                                <label class="typecho-label"><?php _e('权限控制'); ?></label>
+                                <ul>
+                                    <li><input id="allowComment" name="allowComment" type="checkbox" value="1" <?php if($post->allow('comment')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowComment"><?php _e('允许评论'); ?></label></li>
+                                    <li><input id="allowPing" name="allowPing" type="checkbox" value="1" <?php if($post->allow('ping')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowPing"><?php _e('允许被引用'); ?></label></li>
+                                    <li><input id="allowFeed" name="allowFeed" type="checkbox" value="1" <?php if($post->allow('feed')): ?>checked="true"<?php endif; ?> />
+                                    <label for="allowFeed"><?php _e('允许在聚合中出现'); ?></label></li>
+                                </ul>
+                            </section>
+                            
+                            <section class="typecho-post-option">
+                                <label for="trackback" class="typecho-label"><?php _e('引用通告'); ?></label>
+                                <p><textarea id="trackback" class="w-100 mono" name="trackback" rows="2"></textarea></p>
+                                <p class="description"><?php _e('每一行一个引用地址, 用回车隔开'); ?></p>
+                            </section>
+
+                            <?php Typecho_Plugin::factory('admin/write-post.php')->advanceOption($post); ?>
+                        </div><!-- end #advance-panel -->
+
+                        <?php if($post->have()): ?>
+                        <?php $modified = new Typecho_Date($post->modified); ?>
+                        <section class="typecho-post-option">
+                            <p class="description">
+                                <br>&mdash;<br>
+                                <?php _e('本文由 <a href="%s">%s</a> 撰写',
+                                Typecho_Common::url('manage-posts.php?uid=' . $post->author->uid, $options->adminUrl), $post->author->screenName); ?><br>
+                                <?php _e('最后更新于 %s', $modified->word()); ?>
+                            </p>
+                        </section>
+                        <?php endif; ?>
+                    </div><!-- end #tab-advance -->
+
+                    <div id="tab-files" class="tab-content hidden">
+                        <?php include 'file-upload.php'; ?>
+                    </div><!-- end #tab-files -->
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+
+<?php
+include 'copyright.php';
+include 'common-js.php';
+include 'form-js.php';
+include 'write-js.php';
+
+Typecho_Plugin::factory('admin/write-post.php')->trigger($plugged)->richEditor($post);
+if (!$plugged) {
+    include 'editor-js.php';
+}
+
+include 'file-upload-js.php';
+include 'custom-fields-js.php';
+Typecho_Plugin::factory('admin/write-post.php')->bottom($post);
+include 'footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/changelog.txt b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/changelog.txt
new file mode 100644
index 0000000..769e526
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/changelog.txt
@@ -0,0 +1,52 @@
+Version 0.8.1/12.4.1
+
+修复同级子目录下安装多个站点引起的登录失效
+增加评论黑名单插件
+修复评论接口重用导致启用评论验证插件后，后台无法评论的bug
+修正年份路由的bug
+修正由于flash的cookie丢失bug导致的文件无法上传bug
+增加对ini_get的判断
+提交对Sina App Engine的兼容性判断
+增加对Sina App Engine环境的支持
+增加对ini_get的判断
+修正新注册用户登录后跳转错误bug
+修正对ssl的支持
+fix issue 510
+修复使用多层代理时, 获取ip地址错误
+修正修改文章时上传控件无法载入的问题
+修改后台错别字
+修正错别字
+兼容server不支持http 1.1的情况，典型问题如 sae环境404页面乱码
+修正由于SAE更改常用导致的数据库信息无法自动读入的问题
+增加上传插件接口
+提交Sina App Engine专用的文件上传插件，
+使用SAE的Storage做持久化存储。
+修正SaeUpload插件的说明地址
+new version library
+只是一些小修正
+fix bug report on segmentfault
+fix issue 536
+fix Issue 541
+fix Issue 544
+fix Issue 544
+fix Issue 540
+fix Issue 537
+fix Issue 529
+fix Issue 532
+fix issue 526
+文章增加待审核功能，下一步给文章增加private属性
+更新后台表单样式, 新增文章预览功能
+css细节微调
+文章增加private属性显示
+修正插件显示空白问题, 预览框box修正
+修改预览内容样式，修改预览选项位置，高级选项->权限控制增加“允许游客访问”选项，用于私密浏览
+fix Issue 545
+实现文章公开度：公开、密码保护、私有、未审核
+little change
+实现功能：1,当用户之前有审核通过的评论，再次发评论会直接为通过审核（可关闭）；2,未通过审核的评论，评论作者可以在前台看到（他人不可见）；3,隐藏功能；
+修正后台修改或添加页面状态错误的问题；修正保存私密、审核日志时会新增一篇同样日志的问题
+简单增强搜索功能 Issue 480
+添加有密码和未发布图标
+fix Issue 551
+将文章管理页的公开度草稿等信息改为文字
+接受插件返回的header
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/index.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/index.php
new file mode 100644
index 0000000..79efa8b
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/index.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Typecho Blog Platform
+ *
+ * @copyright  Copyright (c) 2008 Typecho team (http://www.typecho.org)
+ * @license    GNU General Public License 2.0
+ * @version    $Id: index.php 1153 2009-07-02 10:53:22Z magike.net $
+ */
+
+/** 载入配置支持 */
+if (!defined('__TYPECHO_ROOT_DIR__') && !@include_once 'config.inc.php') {
+    file_exists('./install.php') ? header('Location: install.php') : print('Missing Config File');
+    exit;
+}
+
+/** 初始化组件 */
+Typecho_Widget::widget('Widget_Init');
+
+/** 注册一个初始化插件 */
+Typecho_Plugin::factory('index.php')->begin();
+
+/** 开始路由分发 */
+Typecho_Router::dispatch();
+
+/** 注册一个结束插件 */
+Typecho_Plugin::factory('index.php')->end();
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install.php
new file mode 100644
index 0000000..ce361a3
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install.php
@@ -0,0 +1,666 @@
+<?php
+/**
+ * Typecho Blog Platform
+ *
+ * @copyright  Copyright (c) 2008 Typecho team (http://www.typecho.org)
+ * @license    GNU General Public License 2.0
+ * @version    $Id$
+ */
+
+/** 定义根目录 */
+define('__TYPECHO_ROOT_DIR__', dirname(__FILE__));
+
+/** 定义插件目录(相对路径) */
+define('__TYPECHO_PLUGIN_DIR__', '/usr/plugins');
+
+/** 定义模板目录(相对路径) */
+define('__TYPECHO_THEME_DIR__', '/usr/themes');
+
+/** 后台路径(相对路径) */
+define('__TYPECHO_ADMIN_DIR__', '/admin/');
+
+/** 设置包含路径 */
+@set_include_path(get_include_path() . PATH_SEPARATOR .
+__TYPECHO_ROOT_DIR__ . '/var' . PATH_SEPARATOR .
+__TYPECHO_ROOT_DIR__ . __TYPECHO_PLUGIN_DIR__);
+
+/** 载入API支持 */
+require_once 'Typecho/Common.php';
+
+/** 载入Response支持 */
+require_once 'Typecho/Response.php';
+
+/** 载入配置支持 */
+require_once 'Typecho/Config.php';
+
+/** 载入异常支持 */
+require_once 'Typecho/Exception.php';
+
+/** 载入插件支持 */
+require_once 'Typecho/Plugin.php';
+
+/** 载入国际化支持 */
+require_once 'Typecho/I18n.php';
+
+/** 载入数据库支持 */
+require_once 'Typecho/Db.php';
+
+/** 载入路由器支持 */
+require_once 'Typecho/Router.php';
+
+/** 程序初始化 */
+Typecho_Common::init();
+
+ob_start();
+
+session_start();
+
+//判断是否已经安装
+if (!isset($_GET['finish']) && file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.php') && empty($_SESSION['typecho'])) {
+    exit;
+}
+
+// 挡掉可能的跨站请求
+if (!empty($_GET) || !empty($_POST)) {
+    if (empty($_SERVER['HTTP_REFERER'])) {
+        exit;
+    }
+
+    $parts = parse_url($_SERVER['HTTP_REFERER']);
+	if (!empty($parts['port']) && $parts['port'] != 80 && !Typecho_Common::isAppEngine()) {
+        $parts['host'] = "{$parts['host']}:{$parts['port']}";
+    }
+
+    if (empty($parts['host']) || $_SERVER['HTTP_HOST'] != $parts['host']) {
+        exit;
+    }
+}
+
+/**
+ * 获取传递参数
+ *
+ * @param string $name 参数名称
+ * @param string $default 默认值
+ * @return string
+ */
+function _r($name, $default = NULL) {
+    return isset($_REQUEST[$name]) ?
+        (is_array($_REQUEST[$name]) ? $default : $_REQUEST[$name]) : $default;
+}
+
+/**
+ * 获取多个传递参数
+ *
+ * @return array
+ */
+function _rFrom() {
+    $result = array();
+    $params = func_get_args();
+
+    foreach ($params as $param) {
+        $result[$param] = isset($_REQUEST[$param]) ?
+            (is_array($_REQUEST[$param]) ? NULL : $_REQUEST[$param]) : NULL;
+    }
+
+    return $result;
+}
+
+/**
+ * 输出传递参数
+ *
+ * @param string $name 参数名称
+ * @param string $default 默认值
+ * @return string
+ */
+function _v($name, $default = '') {
+    echo _r($name, $default);
+}
+
+/**
+ * 判断是否兼容某个环境(perform)
+ *
+ * @param string $adapter 适配器
+ * @return boolean
+ */
+function _p($adapter) {
+    switch ($adapter) {
+        case 'Mysql':
+            return Typecho_Db_Adapter_Mysql::isAvailable();
+        case 'Pdo_Mysql':
+            return Typecho_Db_Adapter_Pdo_Mysql::isAvailable();
+        case 'SQLite':
+            return Typecho_Db_Adapter_SQLite::isAvailable();
+        case 'Pdo_SQLite':
+            return Typecho_Db_Adapter_Pdo_SQLite::isAvailable();
+        case 'Pgsql':
+            return Typecho_Db_Adapter_Pgsql::isAvailable();
+        case 'Pdo_Pgsql':
+            return Typecho_Db_Adapter_Pdo_Pgsql::isAvailable();
+        default:
+            return false;
+    }
+}
+
+/**
+ * 获取url地址
+ *
+ * @return string
+ */
+function _u() {
+    $url = Typecho_Request::getUrlPrefix() . $_SERVER['REQUEST_URI'];
+    if (isset($_SERVER['QUERY_STRING'])) {
+        $url = str_replace('?' . $_SERVER['QUERY_STRING'], '', $url);
+    }
+
+    return dirname($url);
+}
+
+$options = new stdClass();
+$options->generator = 'Typecho ' . Typecho_Common::VERSION;
+list($soft, $currentVersion) = explode(' ', $options->generator);
+
+$options->software = $soft;
+$options->version = $currentVersion;
+
+list($prefixVersion, $suffixVersion) = explode('/', $currentVersion);
+
+/** 获取语言 */
+$lang = _r('lang', Typecho_Cookie::get('__typecho_lang'));
+$langs = Widget_Options_General::getLangs();
+
+if (empty($lang) && count($langs) > 1) {
+    foreach ($langs as $lang) {
+        if ('zh_CN' != $lang) {
+            break;
+        }
+    }
+}
+
+if (empty($lang)) {
+    $lang = 'zh_CN';
+}
+
+if ('zh_CN' != $lang) {
+    $dir = defined('__TYPECHO_LANG_DIR__') ? __TYPECHO_LANG_DIR__ : __TYPECHO_ROOT_DIR__ . '/usr/langs';
+    Typecho_I18n::setLang($dir . '/' . $lang . '.mo');
+}
+
+Typecho_Cookie::set('__typecho_lang', $lang);
+
+?><!DOCTYPE HTML>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head lang="zh-CN">
+    <meta charset="<?php _e('UTF-8'); ?>" />
+	<title><?php _e('Typecho 安装程序'); ?></title>
+    <link rel="stylesheet" type="text/css" href="admin/css/normalize.css" />
+    <link rel="stylesheet" type="text/css" href="admin/css/grid.css" />
+    <link rel="stylesheet" type="text/css" href="admin/css/style.css" />
+</head>
+<body>
+<div class="typecho-install-patch">
+    <h1>Typecho</h1>
+    <ol class="path">
+        <li<?php if (!isset($_GET['finish']) && !isset($_GET['config'])) : ?> class="current"<?php endif; ?>><span>1</span><?php _e('欢迎使用'); ?></li>
+        <li<?php if (isset($_GET['config'])) : ?> class="current"<?php endif; ?>><span>2</span><?php _e('初始化配置'); ?></li>
+        <li<?php if (isset($_GET['start'])) : ?> class="current"<?php endif; ?>><span>3</span><?php _e('开始安装'); ?></li>
+        <li<?php if (isset($_GET['finish'])) : ?> class="current"<?php endif; ?>><span>4</span><?php _e('安装成功'); ?></li>
+    </ol>
+</div>
+<div class="container">
+    <div class="row">
+        <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+            <div class="column-14 start-06 typecho-install">
+            <?php if (isset($_GET['finish'])) : ?>
+                <?php if (!@file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.php')) : ?>
+                <h1 class="typecho-install-title"><?php _e('安装失败!'); ?></h1>
+                <div class="typecho-install-body">
+                    <form method="post" action="?config" name="config">
+                    <p class="message error"><?php _e('您没有上传 config.inc.php 文件，请您重新安装！'); ?> <button class="btn primary" type="submit"><?php _e('重新安装 &raquo;'); ?></button></p>
+                    </form>
+                </div>
+                <?php elseif (!Typecho_Cookie::get('__typecho_config')): ?>
+                <h1 class="typecho-install-title"><?php _e('没有安装!'); ?></h1>
+                <div class="typecho-install-body">
+                    <form method="post" action="?config" name="config">
+                    <p class="message error"><?php _e('您没有执行安装步骤，请您重新安装！'); ?> <button class="btn primary" type="submit"><?php _e('重新安装 &raquo;'); ?></button></p>
+                    </form>
+                </div>
+                <?php else : ?>
+                    <?php
+                    $config = unserialize(base64_decode(Typecho_Cookie::get('__typecho_config')));
+                    Typecho_Cookie::delete('__typecho_config');
+                    $db = new Typecho_Db($config['adapter'], $config['prefix']);
+                    $db->addServer($config, Typecho_Db::READ | Typecho_Db::WRITE);
+                    Typecho_Db::set($db);
+                    ?>
+                <h1 class="typecho-install-title"><?php _e('安装成功!'); ?></h1>
+                <div class="typecho-install-body">
+                    <div class="message success">
+                    <?php if(isset($_GET['use_old']) ) : ?>
+                    <?php _e('您选择了使用原有的数据, 您的用户名和密码和原来的一致'); ?>
+                    <?php else : ?>
+                        <?php if (isset($_REQUEST['user']) && isset($_REQUEST['password'])): ?>
+                            <?php _e('您的用户名是'); ?>: <strong class="mono"><?php echo htmlspecialchars(_r('user')); ?></strong><br>
+                            <?php _e('您的密码是'); ?>: <strong class="mono"><?php echo htmlspecialchars(_r('password')); ?></strong>
+                        <?php endif;?>
+                    <?php endif;?>
+                    </div>
+
+                    <div class="p message notice">
+                    <a target="_blank" href="http://spreadsheets.google.com/viewform?key=pd1Gl4Ur_pbniqgebs5JRIg&hl=en">参与用户调查, 帮助我们完善产品</a>
+                    </div>
+
+                    <div class="session">
+                    <p><?php _e('您可以将下面两个链接保存到您的收藏夹'); ?>:</p>
+                    <ul>
+                    <?php
+                        if (isset($_REQUEST['user']) && isset($_REQUEST['password'])) {
+                            $loginUrl = _u() . '/index.php/action/login?name=' . urlencode(_r('user')) . '&password='
+                            . urlencode(_r('password')) . '&referer=' . _u() . '/admin/index.php';
+                            $loginUrl = Typecho_Widget::widget('Widget_Security')->getTokenUrl($loginUrl);
+                        } else {
+                            $loginUrl = _u() . '/admin/index.php';
+                        }
+                    ?>
+                        <li><a href="<?php echo $loginUrl; ?>"><?php _e('点击这里访问您的控制面板'); ?></a></li>
+                        <li><a href="<?php echo _u(); ?>/index.php"><?php _e('点击这里查看您的 Blog'); ?></a></li>
+                    </ul>
+                    </div>
+
+                    <p><?php _e('希望您能尽情享用 Typecho 带来的乐趣!'); ?></p>
+                </div>
+                <?php endif;?>
+            <?php elseif (isset($_GET['start'])): ?>
+                <?php if (!@file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.php')) : ?>
+                <h1 class="typecho-install-title"><?php _e('安装失败!'); ?></h1>
+                <div class="typecho-install-body">
+                    <form method="post" action="?config" name="config">
+                    <p class="message error"><?php _e('您没有上传 config.inc.php 文件，请您重新安装！'); ?> <button class="btn primary" type="submit"><?php _e('重新安装 &raquo;'); ?></button></p>
+                    </form>
+                </div>
+                <?php else : ?>
+            <?php
+                                    $config = unserialize(base64_decode(Typecho_Cookie::get('__typecho_config')));
+                                    $type = explode('_', $config['adapter']);
+                                    $type = array_pop($type);
+
+                                    try {
+                                        $installDb = new Typecho_Db($config['adapter'], $config['prefix']);
+                                        $installDb->addServer($config, Typecho_Db::READ | Typecho_Db::WRITE);
+
+                                        /** 初始化数据库结构 */
+                                        $scripts = file_get_contents ('./install/' . $type . '.sql');
+                                        $scripts = str_replace('typecho_', $config['prefix'], $scripts);
+
+                                        if (isset($config['charset'])) {
+                                            $scripts = str_replace('%charset%', $config['charset'], $scripts);
+                                        }
+
+                                        $scripts = explode(';', $scripts);
+                                        foreach ($scripts as $script) {
+                                            $script = trim($script);
+                                            if ($script) {
+                                                $installDb->query($script, Typecho_Db::WRITE);
+                                            }
+                                        }
+
+                                        /** 全局变量 */
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'theme', 'user' => 0, 'value' => 'default')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'theme:default', 'user' => 0, 'value' => 'a:2:{s:7:"logoUrl";N;s:12:"sidebarBlock";a:5:{i:0;s:15:"ShowRecentPosts";i:1;s:18:"ShowRecentComments";i:2;s:12:"ShowCategory";i:3;s:11:"ShowArchive";i:4;s:9:"ShowOther";}}')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'timezone', 'user' => 0, 'value' => _t('28800'))));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'lang', 'user' => 0, 'value' => $lang)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'charset', 'user' => 0, 'value' => _t('UTF-8'))));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'contentType', 'user' => 0, 'value' => 'text/html')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'gzip', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'generator', 'user' => 0, 'value' => $options->generator)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'title', 'user' => 0, 'value' => 'Hello World')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'description', 'user' => 0, 'value' => 'Just So So ...')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'keywords', 'user' => 0, 'value' => 'typecho,php,blog')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'rewrite', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'frontPage', 'user' => 0, 'value' => 'recent')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'frontArchive', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsRequireMail', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsWhitelist', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsRequireURL', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsRequireModeration', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'plugins', 'user' => 0, 'value' => 'a:0:{}')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentDateFormat', 'user' => 0, 'value' => 'F jS, Y \a\t h:i a')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'siteUrl', 'user' => 0, 'value' => $config['siteUrl'])));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'defaultCategory', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'allowRegister', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'defaultAllowComment', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'defaultAllowPing', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'defaultAllowFeed', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'pageSize', 'user' => 0, 'value' => 5)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'postsListSize', 'user' => 0, 'value' => 10)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsListSize', 'user' => 0, 'value' => 10)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsHTMLTagAllowed', 'user' => 0, 'value' => NULL)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'postDateFormat', 'user' => 0, 'value' => 'Y-m-d')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'feedFullText', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'editorSize', 'user' => 0, 'value' => 350)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'autoSave', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'markdown', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsMaxNestingLevels', 'user' => 0, 'value' => 5)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPostTimeout', 'user' => 0, 'value' => 24 * 3600 * 30)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsUrlNofollow', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsShowUrl', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsMarkdown', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPageBreak', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsThreaded', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPageSize', 'user' => 0, 'value' => 20)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPageDisplay', 'user' => 0, 'value' => 'last')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsOrder', 'user' => 0, 'value' => 'ASC')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsCheckReferer', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsAutoClose', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPostIntervalEnable', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsPostInterval', 'user' => 0, 'value' => 60)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsShowCommentOnly', 'user' => 0, 'value' => 0)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsAvatar', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsAvatarRating', 'user' => 0, 'value' => 'G')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'commentsAntiSpam', 'user' => 0, 'value' => 1)));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'routingTable', 'user' => 0, 'value' => 'a:25:{s:5:"index";a:3:{s:3:"url";s:1:"/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:7:"archive";a:3:{s:3:"url";s:6:"/blog/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:2:"do";a:3:{s:3:"url";s:22:"/action/[action:alpha]";s:6:"widget";s:9:"Widget_Do";s:6:"action";s:6:"action";}s:4:"post";a:3:{s:3:"url";s:24:"/archives/[cid:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:10:"attachment";a:3:{s:3:"url";s:26:"/attachment/[cid:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:8:"category";a:3:{s:3:"url";s:17:"/category/[slug]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:3:"tag";a:3:{s:3:"url";s:12:"/tag/[slug]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:6:"author";a:3:{s:3:"url";s:22:"/author/[uid:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:6:"search";a:3:{s:3:"url";s:19:"/search/[keywords]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:10:"index_page";a:3:{s:3:"url";s:21:"/page/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:12:"archive_page";a:3:{s:3:"url";s:26:"/blog/page/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:13:"category_page";a:3:{s:3:"url";s:32:"/category/[slug]/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:8:"tag_page";a:3:{s:3:"url";s:27:"/tag/[slug]/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:11:"author_page";a:3:{s:3:"url";s:37:"/author/[uid:digital]/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:11:"search_page";a:3:{s:3:"url";s:34:"/search/[keywords]/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:12:"archive_year";a:3:{s:3:"url";s:18:"/[year:digital:4]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:13:"archive_month";a:3:{s:3:"url";s:36:"/[year:digital:4]/[month:digital:2]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:11:"archive_day";a:3:{s:3:"url";s:52:"/[year:digital:4]/[month:digital:2]/[day:digital:2]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:17:"archive_year_page";a:3:{s:3:"url";s:38:"/[year:digital:4]/page/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:18:"archive_month_page";a:3:{s:3:"url";s:56:"/[year:digital:4]/[month:digital:2]/page/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:16:"archive_day_page";a:3:{s:3:"url";s:72:"/[year:digital:4]/[month:digital:2]/[day:digital:2]/page/[page:digital]/";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:12:"comment_page";a:3:{s:3:"url";s:53:"[permalink:string]/comment-page-[commentPage:digital]";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}s:4:"feed";a:3:{s:3:"url";s:20:"/feed[feed:string:0]";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:4:"feed";}s:8:"feedback";a:3:{s:3:"url";s:31:"[permalink:string]/[type:alpha]";s:6:"widget";s:15:"Widget_Feedback";s:6:"action";s:6:"action";}s:4:"page";a:3:{s:3:"url";s:12:"/[slug].html";s:6:"widget";s:14:"Widget_Archive";s:6:"action";s:6:"render";}}')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'actionTable', 'user' => 0, 'value' => 'a:0:{}')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'panelTable', 'user' => 0, 'value' => 'a:0:{}')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'attachmentTypes', 'user' => 0, 'value' => '@image@')));
+                                        $installDb->query($installDb->insert('table.options')->rows(array('name' => 'secret', 'user' => 0, 'value' => Typecho_Common::randString(32, true))));
+
+                                        /** 初始分类 */
+                                        $installDb->query($installDb->insert('table.metas')->rows(array('name' => _t('默认分类'), 'slug' => 'default', 'type' => 'category', 'description' => _t('只是一个默认分类'),
+                                        'count' => 1, 'order' => 1)));
+
+                                        /** 初始关系 */
+                                        $installDb->query($installDb->insert('table.relationships')->rows(array('cid' => 1, 'mid' => 1)));
+
+                                        /** 初始内容 */
+                                        $installDb->query($installDb->insert('table.contents')->rows(array('title' => _t('欢迎使用 Typecho'), 'slug' => 'start', 'created' => Typecho_Date::gmtTime(), 'modified' => Typecho_Date::gmtTime(),
+                                        'text' => '<!--markdown-->' . _t('如果您看到这篇文章,表示您的 blog 已经安装成功.'), 'authorId' => 1, 'type' => 'post', 'status' => 'publish', 'commentsNum' => 1, 'allowComment' => 1,
+                                        'allowPing' => 1, 'allowFeed' => 1, 'parent' => 0)));
+
+                                        $installDb->query($installDb->insert('table.contents')->rows(array('title' => _t('关于'), 'slug' => 'start-page', 'created' => Typecho_Date::gmtTime(), 'modified' => Typecho_Date::gmtTime(),
+                                        'text' => '<!--markdown-->' . _t('本页面由 Typecho 创建, 这只是个测试页面.'), 'authorId' => 1, 'order' => 0, 'type' => 'page', 'status' => 'publish', 'commentsNum' => 0, 'allowComment' => 1,
+                                        'allowPing' => 1, 'allowFeed' => 1, 'parent' => 0)));
+
+                                        /** 初始评论 */
+                                        $installDb->query($installDb->insert('table.comments')->rows(array('cid' => 1, 'created' => Typecho_Date::gmtTime(), 'author' => 'Typecho', 'ownerId' => 1, 'url' => 'http://typecho.org',
+                                        'ip' => '127.0.0.1', 'agent' => $options->generator, 'text' => '欢迎加入 Typecho 大家族', 'type' => 'comment', 'status' => 'approved', 'parent' => 0)));
+
+                                        /** 初始用户 */
+                                        $password = empty($config['userPassword']) ? substr(uniqid(), 7) : $config['userPassword'];
+                                        $hasher = new PasswordHash(8, true);
+
+                                        $installDb->query($installDb->insert('table.users')->rows(array('name' => $config['userName'], 'password' => $hasher->HashPassword($password), 'mail' => $config['userMail'],
+                                        'url' => 'http://www.typecho.org', 'screenName' => $config['userName'], 'group' => 'administrator', 'created' => Typecho_Date::gmtTime())));
+
+                                        unset($_SESSION['typecho']);
+                                        header('Location: ./install.php?finish&user=' . urlencode($config['userName'])
+                                            . '&password=' . urlencode($password));
+                                    } catch (Typecho_Db_Exception $e) {
+                                        $success = false;
+                                        $code = $e->getCode();
+?>
+<h1 class="typecho-install-title"><?php _e('安装失败!'); ?></h1>
+                <div class="typecho-install-body">
+                    <form method="post" action="?start" name="check">
+<?php
+                                        if(('Mysql' == $type && (1050 == $code || '42S01' == $code)) ||
+                                        ('SQLite' == $type && ('HY000' == $code || 1 == $code)) ||
+                                        ('Pgsql' == $type && '42P07' == $code)) {
+                                            if(_r('delete')) {
+                                                //删除原有数据
+                                                $dbPrefix = $config['prefix'];
+                                                $tableArray = array($dbPrefix . 'comments', $dbPrefix . 'contents', $dbPrefix . 'fields', $dbPrefix . 'metas', $dbPrefix . 'options', $dbPrefix . 'relationships', $dbPrefix . 'users',);
+                                                foreach($tableArray as $table) {
+                                                    if($type == 'Mysql') {
+                                                        $installDb->query("DROP TABLE IF EXISTS `{$table}`");
+                                                    } elseif($type == 'Pgsql') {
+                                                        $installDb->query("DROP TABLE {$table}");
+                                                    } elseif($type == 'SQLite') {
+                                                        $installDb->query("DROP TABLE {$table}");
+                                                    }
+                                                }
+                                                echo '<p class="message success">' . _t('已经删除完原有数据') . '<br /><br /><button class="btn primary" type="submit" class="primary">'
+                                                    . _t('继续安装 &raquo;') . '</button></p>';
+                                            } elseif (_r('goahead')) {
+                                                //使用原有数据
+                                                //但是要更新用户网站
+                                                $installDb->query($installDb->update('table.options')->rows(array('value' => $config['siteUrl']))->where('name = ?', 'siteUrl'));
+                                                unset($_SESSION['typecho']);
+                                                header('Location: ./install.php?finish&use_old');
+                                                exit;
+                                            } else {
+                                                 echo '<p class="message error">' . _t('安装程序检查到原有数据表已经存在.')
+                                                    . '<br /><br />' . '<button type="submit" name="delete" value="1" class="btn btn-warn">' . _t('删除原有数据') . '</button> '
+                                                    . _t('或者') . ' <button type="submit" name="goahead" value="1" class="btn primary">' . _t('使用原有数据') . '</button></p>';
+                                            }
+                                        } else {
+                                            echo '<p class="message error">' . _t('安装程序捕捉到以下错误: "%s". 程序被终止, 请检查您的配置信息.',$e->getMessage()) . '</p>';
+                                        }
+                                        ?>
+                    </form>
+                </div>
+                                        <?php
+                                    }
+            ?>
+                <?php endif;?>
+            <?php elseif (isset($_GET['config'])): ?>
+            <?php
+                    $adapters = array('Mysql', 'Pdo_Mysql', 'SQLite', 'Pdo_SQLite', 'Pgsql', 'Pdo_Pgsql');
+                    foreach ($adapters as $firstAdapter) {
+                        if (_p($firstAdapter)) {
+                            break;
+                        }
+                    }
+                    $adapter = _r('dbAdapter', $firstAdapter);
+                    $type = explode('_', $adapter);
+                    $type = array_pop($type);
+            ?>
+                <form method="post" action="?config" name="config">
+                    <h1 class="typecho-install-title"><?php _e('确认您的配置'); ?></h1>
+                    <div class="typecho-install-body">
+                        <h2><?php _e('数据库配置'); ?></h2>
+                        <?php
+                            if ('config' == _r('action')) {
+                                $success = true;
+
+                                if (_r('created') && !file_exists('./config.inc.php')) {
+                                    echo '<p class="message error">' . _t('没有检测到您手动创建的配置文件, 请检查后再次创建') . '</p>';
+                                    $success = false;
+                                } else {
+                                    if (NULL == _r('userUrl')) {
+                                        $success = false;
+                                        echo '<p class="message error">' . _t('请填写您的网站地址') . '</p>';
+                                    } else if (NULL == _r('userName')) {
+                                        $success = false;
+                                        echo '<p class="message error">' . _t('请填写您的用户名') . '</p>';
+                                    } else if (NULL == _r('userMail')) {
+                                        $success = false;
+                                        echo '<p class="message error">' . _t('请填写您的邮箱地址') . '</p>';
+                                    } else if (32 < strlen(_r('userName'))) {
+                                        $success = false;
+                                        echo '<p class="message error">' . _t('用户名长度超过限制, 请不要超过 32 个字符') . '</p>';
+                                    } else if (200 < strlen(_r('userMail'))) {
+                                        $success = false;
+                                        echo '<p class="message error">' . _t('邮箱长度超过限制, 请不要超过 200 个字符') . '</p>';
+                                    }
+                                }
+
+                                $_dbConfig = _rFrom('dbHost', 'dbUser', 'dbPassword', 'dbCharset', 'dbPort', 'dbDatabase', 'dbFile', 'dbDsn');
+
+                                $_dbConfig = array_filter($_dbConfig);
+                                $dbConfig = array();
+                                foreach ($_dbConfig as $key => $val) {
+                                    $dbConfig[strtolower (substr($key, 2))] = $val;
+                                }
+
+                                // 在特殊服务器上的特殊安装过程处理
+                                if (_r('config')) {
+                                    $replace = array_keys($dbConfig);
+                                    foreach ($replace as &$key) {
+                                        $key = '{' . $key . '}';
+                                    }
+
+                                    if (!empty($_dbConfig['dbDsn'])) {
+                                        $dbConfig['dsn'] = str_replace($replace, array_values($dbConfig), $dbConfig['dsn']);
+                                    }
+                                    $config = str_replace($replace, array_values($dbConfig), _r('config'));
+                                }
+
+                                if (!isset($config) && $success && !_r('created')) {
+                                    $installDb = new Typecho_Db($adapter, _r('dbPrefix'));
+                                    $installDb->addServer($dbConfig, Typecho_Db::READ | Typecho_Db::WRITE);
+
+
+                                    /** 检测数据库配置 */
+                                    try {
+                                        $installDb->query('SELECT 1=1');
+                                    } catch (Typecho_Db_Adapter_Exception $e) {
+                                        $success = false;
+                                        echo '<p class="message error">'
+                                        . _t('对不起，无法连接数据库，请先检查数据库配置再继续进行安装') . '</p>';
+                                    } catch (Typecho_Db_Exception $e) {
+                                        $success = false;
+                                        echo '<p class="message error">'
+                                        . _t('安装程序捕捉到以下错误: " %s ". 程序被终止, 请检查您的配置信息.',$e->getMessage()) . '</p>';
+                                    }
+                                }
+
+                                if($success) {
+                                    Typecho_Cookie::set('__typecho_config', base64_encode(serialize(array_merge(array(
+                                        'prefix'    =>  _r('dbPrefix'),
+                                        'userName'  =>  _r('userName'),
+                                        'userPassword'  =>  _r('userPassword'),
+                                        'userMail'  =>  _r('userMail'),
+                                        'adapter'   =>  $adapter,
+                                        'siteUrl'   =>  _r('userUrl')
+                                    ), $dbConfig))));
+
+                                    if (_r('created')) {
+                                        header('Location: ./install.php?start');
+                                        exit;
+                                    }
+
+                                    /** 初始化配置文件 */
+                                    $lines = array_slice(file(__FILE__), 0, 52);
+                                    $lines[] = "
+/** 定义数据库参数 */
+\$db = new Typecho_Db('{$adapter}', '" . _r('dbPrefix') . "');
+\$db->addServer(" . (empty($config) ? var_export($dbConfig, true) : $config) . ", Typecho_Db::READ | Typecho_Db::WRITE);
+Typecho_Db::set(\$db);
+";
+                                    $contents = implode('', $lines);
+                                    if (!Typecho_Common::isAppEngine()) {
+                                        @file_put_contents('./config.inc.php', $contents);
+                                    }
+
+                                    // 创建一个用于标识的临时文件
+                                    $_SESSION['typecho'] = 1;
+
+                                    if (!file_exists('./config.inc.php')) {
+                                    ?>
+<div class="message notice"><p><?php _e('安装程序无法自动创建 <strong>config.inc.php</strong> 文件'); ?><br />
+<?php _e('您可以在网站根目录下手动创建 <strong>config.inc.php</strong> 文件, 并复制如下代码至其中'); ?></p>
+<p><textarea rows="5" onmouseover="this.select();" class="w-100 mono" readonly><?php echo htmlspecialchars($contents); ?></textarea></p>
+<p><button name="created" value="1" type="submit" class="btn primary">创建完毕, 继续安装 &raquo;</button></p></div>
+                                    <?php
+                                    } else {
+                                        header('Location: ./install.php?start');
+                                        exit;
+                                    }
+                                }
+
+                                // 安装不成功删除配置文件
+                                if($success != true && file_exists(__TYPECHO_ROOT_DIR__ . '/config.inc.php')) {
+                                    unlink(__TYPECHO_ROOT_DIR__ . '/config.inc.php');
+                                }
+                            }
+                        ?>
+                        <ul class="typecho-option">
+                            <li>
+                            <label for="dbAdapter" class="typecho-label"><?php _e('数据库适配器'); ?></label>
+                            <select name="dbAdapter" id="dbAdapter">
+                                <?php if (_p('Mysql')): ?><option value="Mysql"<?php if('Mysql' == $adapter): ?> selected=true<?php endif; ?>><?php _e('Mysql 原生函数适配器') ?></option><?php endif; ?>
+                                <?php if (_p('SQLite')): ?><option value="SQLite"<?php if('SQLite' == $adapter): ?> selected=true<?php endif; ?>><?php _e('SQLite 原生函数适配器 (SQLite 2.x)') ?></option><?php endif; ?>
+                                <?php if (_p('Pgsql')): ?><option value="Pgsql"<?php if('Pgsql' == $adapter): ?> selected=true<?php endif; ?>><?php _e('Pgsql 原生函数适配器') ?></option><?php endif; ?>
+                                <?php if (_p('Pdo_Mysql')): ?><option value="Pdo_Mysql"<?php if('Pdo_Mysql' == $adapter): ?> selected=true<?php endif; ?>><?php _e('Pdo 驱动 Mysql 适配器') ?></option><?php endif; ?>
+                                <?php if (_p('Pdo_SQLite')): ?><option value="Pdo_SQLite"<?php if('Pdo_SQLite' == $adapter): ?> selected=true<?php endif; ?>><?php _e('Pdo 驱动 SQLite 适配器 (SQLite 3.x)') ?></option><?php endif; ?>
+                                <?php if (_p('Pdo_Pgsql')): ?><option value="Pdo_Pgsql"<?php if('Pdo_Pgsql' == $adapter): ?> selected=true<?php endif; ?>><?php _e('Pdo 驱动 PostgreSql 适配器') ?></option><?php endif; ?>
+                            </select>
+                            <p class="description"><?php _e('请根据您的数据库类型选择合适的适配器'); ?></p>
+                            </li>
+                            <?php require_once './install/' . $type . '.php'; ?>
+                            <li>
+                            <label class="typecho-label" for="dbPrefix"><?php _e('数据库前缀'); ?></label>
+                            <input type="text" class="text" name="dbPrefix" id="dbPrefix" value="<?php _v('dbPrefix', 'typecho_'); ?>" />
+                            <p class="description"><?php _e('默认前缀是 "typecho_"'); ?></p>
+                            </li>
+                        </ul>
+
+                        <script>
+                        var _select = document.config.dbAdapter;
+                        _select.onchange = function() {
+                            setTimeout("window.location.href = 'install.php?config&dbAdapter=" + this.value + "'; ",0);
+                        }
+                        </script>
+
+                        <h2><?php _e('创建您的管理员帐号'); ?></h2>
+                        <ul class="typecho-option">
+                            <li>
+                            <label class="typecho-label" for="userUrl"><?php _e('网站地址'); ?></label>
+                            <input type="text" name="userUrl" id="userUrl" class="text" value="<?php _v('userUrl', _u()); ?>" />
+                            <p class="description"><?php _e('这是程序自动匹配的网站路径, 如果不正确请修改它'); ?></p>
+                            </li>
+                            <li>
+                            <label class="typecho-label" for="userName"><?php _e('用户名'); ?></label>
+                            <input type="text" name="userName" id="userName" class="text" value="<?php _v('userName', 'admin'); ?>" />
+                            <p class="description"><?php _e('请填写您的用户名'); ?></p>
+                            </li>
+                            <li>
+                            <label class="typecho-label" for="userPassword"><?php _e('登录密码'); ?></label>
+                            <input type="password" name="userPassword" id="userPassword" class="text" value="<?php _v('userPassword'); ?>" />
+                            <p class="description"><?php _e('请填写您的登录密码, 如果留空系统将为您随机生成一个'); ?></p>
+                            </li>
+                            <li>
+                            <label class="typecho-label" for="userMail"><?php _e('邮件地址'); ?></label>
+                            <input type="text" name="userMail" id="userMail" class="text" value="<?php _v('userMail', 'webmaster@yourdomain.com'); ?>" />
+                            <p class="description"><?php _e('请填写一个您的常用邮箱'); ?></p>
+                            </li>
+                        </ul>
+                    </div>
+                    <input type="hidden" name="action" value="config" />
+                    <p class="submit"><button type="submit" class="btn primary"><?php _e('确认, 开始安装 &raquo;'); ?></button></p>
+                </form>
+            <?php  else: ?>
+                <form method="post" action="?config">
+                <h1 class="typecho-install-title"><?php _e('欢迎使用 Typecho'); ?></h1>
+                <div class="typecho-install-body">
+                <h2><?php _e('安装说明'); ?></h2>
+                <p><strong><?php _e('本安装程序将自动检测服务器环境是否符合最低配置需求. 如果不符合, 将在上方出现提示信息, 请按照提示信息检查您的主机配置. 如果服务器环境符合要求, 将在下方出现 "开始下一步" 的按钮, 点击此按钮即可一步完成安装.'); ?></strong></p>
+                <h2><?php _e('许可及协议'); ?></h2>
+                <p><?php _e('Typecho 基于 <a href="http://www.gnu.org/copyleft/gpl.html">GPL</a> 协议发布, 我们允许用户在 GPL 协议许可的范围内使用, 拷贝, 修改和分发此程序.'); ?>
+                <?php _e('在GPL许可的范围内，您可以自由地将其用于商业以及非商业用途.'); ?></p>
+                <p><?php _e('Typecho 软件由其社区提供支持, 核心开发团队负责维护程序日常开发工作以及新特性的制定.'); ?>
+                <?php _e('如果您遇到使用上的问题, 程序中的 BUG, 以及期许的新功能, 欢迎您在社区中交流或者直接向我们贡献代码.'); ?>
+                <?php _e('对于贡献突出者, 他的名字将出现在贡献者名单中.'); ?></p>
+                </div>
+                <p class="submit">
+                    <button type="submit" class="btn primary"><?php _e('我准备好了, 开始下一步 &raquo;'); ?></button>
+
+                    <?php if (count($langs) > 1): ?>
+                    <select style="float: right" onchange="window.location.href='install.php?lang=' + this.value">
+                        <?php foreach ($langs as $key => $val): ?>
+                        <option value="<?php echo $key; ?>"<?php if ($lang == $val): ?> selected<?php endif; ?>><?php echo $val; ?></option>
+                        <?php endforeach; ?>
+                    </select>
+                    <?php endif; ?>
+                </p>
+                </form>
+            <?php endif; ?>
+
+            </div>
+        </div>
+    </div>
+</div>
+<?php
+include 'admin/copyright.php';
+include 'admin/footer.php';
+?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.php
new file mode 100644
index 0000000..dac6899
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.php
@@ -0,0 +1,175 @@
+<?php if(!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+
+<?php
+$engine = '';
+
+if (defined('SAE_MYSQL_DB')) {
+    $engine = 'SAE';
+} else if (!!getenv('HTTP_BAE_ENV_ADDR_SQL_IP')) {
+    $engine = 'BAE';
+} else if (ini_get('acl.app_id') && class_exists('Alibaba')) {
+    $engine = 'ACE';
+} else if (isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'],'Google App Engine') !== false) {
+    $engine = 'GAE';
+}
+?>
+
+<?php if (!empty($engine)): ?>
+<h3 class="warning"><?php _e('系统将为您自动匹配 %s 环境的安装选项', $engine); ?></h3>
+<?php endif; ?>
+
+<?php if ('SAE' == $engine): ?>
+<!-- SAE -->
+    <input type="hidden" name="config" value="array (
+    'host'      =>  SAE_MYSQL_HOST_M,
+    'user'      =>  SAE_MYSQL_USER,
+    'password'  =>  SAE_MYSQL_PASS,
+    'charset'   =>  '<?php _e('utf8'); ?>',
+    'port'      =>  SAE_MYSQL_PORT,
+    'database'  =>  SAE_MYSQL_DB
+)" />
+    <input type="hidden" name="dbHost" value="<?php echo SAE_MYSQL_HOST_M; ?>" />
+    <input type="hidden" name="dbPort" value="<?php echo SAE_MYSQL_PORT; ?>" />
+    <input type="hidden" name="dbUser" value="<?php echo SAE_MYSQL_USER; ?>" />
+    <input type="hidden" name="dbPassword" value="<?php echo SAE_MYSQL_PASS; ?>" />
+    <input type="hidden" name="dbDatabase" value="<?php echo SAE_MYSQL_DB; ?>" />
+<?php elseif ('BAE' == $engine):
+$baeDbUser = "getenv('HTTP_BAE_ENV_AK')";
+$baeDbPassword = "getenv('HTTP_BAE_ENV_SK')";
+?>
+<!-- BAE -->
+    <?php if (!getenv('HTTP_BAE_ENV_AK')): $baeDbUser = "'{user}'"; ?>
+    <li>
+        <label class="typecho-label" for="dbUser"><?php _e('应用API Key'); ?></label>
+        <input type="text" class="text" name="dbUser" id="dbUser" value="<?php _v('dbUser'); ?>" />
+    </li>
+    <?php else: ?>
+    <input type="hidden" name="dbUser" value="<?php echo getenv('HTTP_BAE_ENV_AK'); ?>" />
+    <?php endif; ?>
+
+    <?php if (!getenv('HTTP_BAE_ENV_SK')): $baeDbPassword = "'{password}'"; ?>
+    <li>
+        <label class="typecho-label" for="dbPassword"><?php _e('应用Secret Key'); ?></label>
+        <input type="text" class="text" name="dbPassword" id="dbPassword" value="<?php _v('dbPassword'); ?>" />
+    </li>
+    <?php else: ?>
+    <input type="hidden" name="dbPassword" value="<?php echo getenv('HTTP_BAE_ENV_SK'); ?>" />
+    <?php endif; ?>
+
+    <li>
+        <label class="typecho-label" for="dbDatabase"><?php _e('数据库名'); ?></label>
+        <input type="text" class="text" id="dbDatabase" name="dbDatabase" value="<?php _v('dbDatabase'); ?>" />
+        <p class="description"><?php _e('可以在MySQL服务的管理页面看到您创建的数据库名称'); ?></p>
+    </li>
+    <input type="hidden" name="config" value="array (
+    'host'      =>  getenv('HTTP_BAE_ENV_ADDR_SQL_IP'),
+    'user'      =>  <?php echo $baeDbUser; ?>,
+    'password'  =>  <?php echo $baeDbPassword; ?>,
+    'charset'   =>  '<?php _e('utf8'); ?>',
+    'port'      =>  getenv('HTTP_BAE_ENV_ADDR_SQL_PORT'),
+    'database'  =>  '{database}'
+)" />
+    <input type="hidden" name="dbHost" value="<?php echo getenv('HTTP_BAE_ENV_ADDR_SQL_IP'); ?>" />
+    <input type="hidden" name="dbPort" value="<?php echo getenv('HTTP_BAE_ENV_ADDR_SQL_PORT'); ?>" />
+<?php elseif ('ACE' == $engine): ?>
+<!-- ACE -->
+
+    <li>
+        <label class="typecho-label" for="dbHost"><?php _e('数据库地址'); ?></label>
+        <input type="text" class="text" name="dbHost" id="dbHost" value="<?php _v('dbHost', 'localhost'); ?>"/>
+        <p class="description"><?php _e('您可以访问 RDS 控制台获取详细信息'); ?></p>
+    </li>
+    <li>
+        <label class="typecho-label" for="dbPort"><?php _e('数据库端口'); ?></label>
+        <input type="text" class="text" name="dbPort" id="dbPort" value="<?php _v('dbPort', 3306); ?>"/>
+    </li>
+    <li>
+        <label class="typecho-label" for="dbUser"><?php _e('数据库用户名'); ?></label>
+        <input type="text" class="text" name="dbUser" id="dbUser" value="<?php _v('dbUser'); ?>" />
+    </li>
+    <li>
+        <label class="typecho-label" for="dbPassword"><?php _e('数据库密码'); ?></label>
+        <input type="password" class="text" name="dbPassword" id="dbPassword" value="<?php _v('dbPassword'); ?>" />
+    </li>
+    <li>
+        <label class="typecho-label" for="dbDatabase"><?php _e('数据库名'); ?></label>
+        <input type="text" class="text" name="dbDatabase" id="dbDatabase" value="<?php _v('dbDatabase', 'typecho'); ?>" />
+    </li>
+
+<?php elseif ('GAE' == $engine): ?>
+<!-- GAE -->
+    <h3 class="warning"><?php _e('系统将为您自动匹配 %s 环境的安装选项', 'GAE'); ?></h3>
+<?php if (0 === strpos($adapter, 'Pdo_')): ?>
+    <li>
+        <label class="typecho-label" for="dbHost"><?php _e('数据库实例名'); ?></label>
+        <input type="text" class="text" name="dbHost" id="dbHost" value="<?php _v('dbHost'); ?>"/>
+        <p class="description"><?php _e('请填入您在Cloud SQL面板中创建的数据库实例名称, 示例: %s', '<em class="warning">/cloudsql/typecho-gae:typecho</em>'); ?></p>
+    </li>
+<?php else: ?>
+    <li>
+        <label class="typecho-label" for="dbHost"><?php _e('数据库实例名'); ?></label>
+        <input type="text" class="text" name="dbHost" id="dbHost" value="<?php _v('dbHost'); ?>"/>
+        <p class="description"><?php _e('请填入您在Cloud SQL面板中创建的数据库实例名称, 示例: %s', '<em class="warning">:/cloudsql/typecho-gae:typecho</em>'); ?></p>
+    </li>
+<?php endif; ?>
+
+    <li>
+        <label class="typecho-label" for="dbUser"><?php _e('数据库用户名'); ?></label>
+        <input type="text" class="text" name="dbUser" id="dbUser" value="<?php _v('dbUser'); ?>" />
+    </li>
+    <li>
+        <label class="typecho-label" for="dbPassword"><?php _e('数据库密码'); ?></label>
+        <input type="password" class="text" name="dbPassword" id="dbPassword" value="<?php _v('dbPassword'); ?>" />
+    </li>
+    <li>
+        <label class="typecho-label" for="dbDatabase"><?php _e('数据库名'); ?></label>
+        <input type="text" class="text" name="dbDatabase" id="dbDatabase" value="<?php _v('dbDatabase', 'typecho'); ?>" />
+        <p class="description"><?php _e('请填入您在Cloud SQL的实例中创建的数据库名称'); ?></p>
+    </li>
+
+<?php if (0 === strpos($adapter, 'Pdo_')): ?>
+    <input type="hidden" name="dbDsn" value="mysql:dbname={database};unix_socket={host};charset=<?php _e('utf8'); ?>" />
+    <input type="hidden" name="config" value="array (
+    'dsn'       =>  '{dsn}',
+    'user'      =>  '{user}',
+    'password'  =>  '{password}'
+)" />
+<?php else: ?>
+    <input type="hidden" name="config" value="array (
+    'host'      =>  '{host}',
+    'database'  =>  '{database}',
+    'user'      =>  '{user}',
+    'password'  =>  '{password}'
+)" />
+<?php endif; ?>
+
+
+<?php  else: ?>
+    <li>
+        <label class="typecho-label" for="dbHost"><?php _e('数据库地址'); ?></label>
+        <input type="text" class="text" name="dbHost" id="dbHost" value="<?php _v('dbHost', 'localhost'); ?>"/>
+        <p class="description"><?php _e('您可能会使用 "%s"', 'localhost'); ?></p>
+    </li>
+    <li>
+        <label class="typecho-label" for="dbPort"><?php _e('数据库端口'); ?></label>
+        <input type="text" class="text" name="dbPort" id="dbPort" value="<?php _v('dbPort', '3306'); ?>"/>
+        <p class="description"><?php _e('如果您不知道此选项的意义, 请保留默认设置'); ?></p>
+    </li>
+    <li>
+        <label class="typecho-label" for="dbUser"><?php _e('数据库用户名'); ?></label>
+        <input type="text" class="text" name="dbUser" id="dbUser" value="<?php _v('dbUser', 'root'); ?>" />
+        <p class="description"><?php _e('您可能会使用 "%s"', 'root'); ?></p>
+    </li>
+    <li>
+        <label class="typecho-label" for="dbPassword"><?php _e('数据库密码'); ?></label>
+        <input type="password" class="text" name="dbPassword" id="dbPassword" value="<?php _v('dbPassword'); ?>" />
+    </li>
+    <li>
+        <label class="typecho-label" for="dbDatabase"><?php _e('数据库名'); ?></label>
+        <input type="text" class="text" name="dbDatabase" id="dbDatabase" value="<?php _v('dbDatabase', 'typecho'); ?>" />
+        <p class="description"><?php _e('请您指定数据库名称'); ?></p>
+    </li>
+
+<?php  endif; ?>
+<input type="hidden" name="dbCharset" value="<?php _e('utf8'); ?>" />
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.sql b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.sql
new file mode 100644
index 0000000..78f2ad6
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Mysql.sql
@@ -0,0 +1,152 @@
+-- phpMyAdmin SQL Dump
+-- version 2.11.5
+-- http://www.phpmyadmin.net
+--
+-- 主机: localhost
+-- 生成日期: 2008 年 07 月 06 日 18:00
+-- 服务器版本: 5.0.51
+-- PHP 版本: 5.2.5
+
+--
+-- 数据库: `typecho`
+--
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_comments`
+--
+
+CREATE TABLE `typecho_comments` (
+  `coid` int(10) unsigned NOT NULL auto_increment,
+  `cid` int(10) unsigned default '0',
+  `created` int(10) unsigned default '0',
+  `author` varchar(200) default NULL,
+  `authorId` int(10) unsigned default '0',
+  `ownerId` int(10) unsigned default '0',
+  `mail` varchar(200) default NULL,
+  `url` varchar(200) default NULL,
+  `ip` varchar(64) default NULL,
+  `agent` varchar(200) default NULL,
+  `text` text,
+  `type` varchar(16) default 'comment',
+  `status` varchar(16) default 'approved',
+  `parent` int(10) unsigned default '0',
+  PRIMARY KEY  (`coid`),
+  KEY `cid` (`cid`),
+  KEY `created` (`created`)
+) ENGINE=MyISAM  DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_contents`
+--
+
+CREATE TABLE `typecho_contents` (
+  `cid` int(10) unsigned NOT NULL auto_increment,
+  `title` varchar(200) default NULL,
+  `slug` varchar(200) default NULL,
+  `created` int(10) unsigned default '0',
+  `modified` int(10) unsigned default '0',
+  `text` text,
+  `order` int(10) unsigned default '0',
+  `authorId` int(10) unsigned default '0',
+  `template` varchar(32) default NULL,
+  `type` varchar(16) default 'post',
+  `status` varchar(16) default 'publish',
+  `password` varchar(32) default NULL,
+  `commentsNum` int(10) unsigned default '0',
+  `allowComment` char(1) default '0',
+  `allowPing` char(1) default '0',
+  `allowFeed` char(1) default '0',
+  `parent` int(10) unsigned default '0',
+  PRIMARY KEY  (`cid`),
+  UNIQUE KEY `slug` (`slug`),
+  KEY `created` (`created`)
+) ENGINE=MyISAM  DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_fields`
+--
+
+CREATE TABLE `typecho_fields` (
+  `cid` int(10) unsigned NOT NULL,
+  `name` varchar(200) NOT NULL,
+  `type` varchar(8) default 'str',
+  `str_value` text,
+  `int_value` int(10) default '0',
+  `float_value` float default '0',
+  PRIMARY KEY  (`cid`,`name`),
+  KEY `int_value` (`int_value`),
+  KEY `float_value` (`float_value`)
+) ENGINE=MyISAM  DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_metas`
+--
+
+CREATE TABLE `typecho_metas` (
+  `mid` int(10) unsigned NOT NULL auto_increment,
+  `name` varchar(200) default NULL,
+  `slug` varchar(200) default NULL,
+  `type` varchar(32) NOT NULL,
+  `description` varchar(200) default NULL,
+  `count` int(10) unsigned default '0',
+  `order` int(10) unsigned default '0',
+  `parent` int(10) unsigned default '0',
+  PRIMARY KEY  (`mid`),
+  KEY `slug` (`slug`)
+) ENGINE=MyISAM  DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_options`
+--
+
+CREATE TABLE `typecho_options` (
+  `name` varchar(32) NOT NULL,
+  `user` int(10) unsigned NOT NULL default '0',
+  `value` text,
+  PRIMARY KEY  (`name`,`user`)
+) ENGINE=MyISAM DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_relationships`
+--
+
+CREATE TABLE `typecho_relationships` (
+  `cid` int(10) unsigned NOT NULL,
+  `mid` int(10) unsigned NOT NULL,
+  PRIMARY KEY  (`cid`,`mid`)
+) ENGINE=MyISAM DEFAULT CHARSET=%charset%;
+
+-- --------------------------------------------------------
+
+--
+-- 表的结构 `typecho_users`
+--
+
+CREATE TABLE `typecho_users` (
+  `uid` int(10) unsigned NOT NULL auto_increment,
+  `name` varchar(32) default NULL,
+  `password` varchar(64) default NULL,
+  `mail` varchar(200) default NULL,
+  `url` varchar(200) default NULL,
+  `screenName` varchar(32) default NULL,
+  `created` int(10) unsigned default '0',
+  `activated` int(10) unsigned default '0',
+  `logged` int(10) unsigned default '0',
+  `group` varchar(16) default 'visitor',
+  `authCode` varchar(64) default NULL,
+  PRIMARY KEY  (`uid`),
+  UNIQUE KEY `name` (`name`),
+  UNIQUE KEY `mail` (`mail`)
+) ENGINE=MyISAM  DEFAULT CHARSET=%charset%;
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.php
new file mode 100644
index 0000000..b6fc203
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.php
@@ -0,0 +1,26 @@
+<?php if(!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<li>
+<label class="typecho-label" for="dbHost"><?php _e('数据库地址'); ?></label>
+<input type="text" class="text" name="dbHost" id="dbHost" value="<?php _v('dbHost', 'localhost'); ?>"/>
+<p class="description"><?php _e('您可能会使用 "%s"', 'localhost'); ?></p>
+</li>
+<li>
+<label class="typecho-label" for="dbPort"><?php _e('数据库端口'); ?></label>
+<input type="text" class="text" name="dbPort" id="dbPort" value="<?php _v('dbPort', '5432'); ?>"/>
+<p class="description"><?php _e('如果您不知道此选项的意义, 请保留默认设置'); ?></p>
+</li>
+<li>
+<label class="typecho-label" for="dbUser"><?php _e('数据库用户名'); ?></label>
+<input type="text" class="text" name="dbUser" id="dbUser" value="<?php _v('dbUser', 'postgres'); ?>" />
+<p class="description"><?php _e('您可能会使用 "%s"', 'postgres'); ?></p>
+</li>
+<li>
+<label class="typecho-label" for="dbPassword"><?php _e('数据库密码'); ?></label>
+<input type="password" class="text" name="dbPassword" id="dbPassword" value="<?php _v('dbPassword'); ?>" />
+</li>
+<li>
+<label class="typecho-label" for="dbDatabase"><?php _e('数据库名'); ?></label>
+<input type="text" class="text" name="dbDatabase" id="dbDatabase" value="<?php _v('dbDatabase', 'typecho'); ?>" />
+<p class="description"><?php _e('请您指定数据库名称'); ?></p>
+</li>
+<input type="hidden" name="dbCharset" value="<?php _e('utf8'); ?>" />
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.sql b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.sql
new file mode 100644
index 0000000..d612bd6
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/Pgsql.sql
@@ -0,0 +1,130 @@
+--
+-- Table structure for table "typecho_comments"
+--
+CREATE SEQUENCE "typecho_comments_seq";
+
+CREATE TABLE "typecho_comments" (  "coid" INT NOT NULL DEFAULT nextval('typecho_comments_seq'),
+  "cid" INT NULL DEFAULT '0',
+  "created" INT NULL DEFAULT '0',
+  "author" VARCHAR(200) NULL DEFAULT NULL,
+  "authorId" INT NULL DEFAULT '0',
+  "ownerId" INT NULL DEFAULT '0',
+  "mail" VARCHAR(200) NULL DEFAULT NULL,
+  "url" VARCHAR(200) NULL DEFAULT NULL,
+  "ip" VARCHAR(64) NULL DEFAULT NULL,
+  "agent" VARCHAR(200) NULL DEFAULT NULL,
+  "text" TEXT NULL DEFAULT NULL,
+  "type" VARCHAR(16) NULL DEFAULT 'comment',
+  "status" VARCHAR(16) NULL DEFAULT 'approved',
+  "parent" INT NULL DEFAULT '0',
+  PRIMARY KEY ("coid")
+);
+
+CREATE INDEX "typecho_comments_cid" ON "typecho_comments" ("cid");
+CREATE INDEX "typecho_comments_created" ON "typecho_comments" ("created");
+
+
+--
+-- Table structure for table "typecho_contents"
+--
+
+CREATE SEQUENCE "typecho_contents_seq";
+
+CREATE TABLE "typecho_contents" (  "cid" INT NOT NULL DEFAULT nextval('typecho_contents_seq'),
+  "title" VARCHAR(200) NULL DEFAULT NULL,
+  "slug" VARCHAR(200) NULL DEFAULT NULL,
+  "created" INT NULL DEFAULT '0',
+  "modified" INT NULL DEFAULT '0',
+  "text" TEXT NULL DEFAULT NULL,
+  "order" INT NULL DEFAULT '0',
+  "authorId" INT NULL DEFAULT '0',
+  "template" VARCHAR(32) NULL DEFAULT NULL,
+  "type" VARCHAR(16) NULL DEFAULT 'post',
+  "status" VARCHAR(16) NULL DEFAULT 'publish',
+  "password" VARCHAR(32) NULL DEFAULT NULL,
+  "commentsNum" INT NULL DEFAULT '0',
+  "allowComment" CHAR(1) NULL DEFAULT '0',
+  "allowPing" CHAR(1) NULL DEFAULT '0',
+  "allowFeed" CHAR(1) NULL DEFAULT '0',
+  "parent" INT NULL DEFAULT '0',
+  PRIMARY KEY ("cid"),
+  UNIQUE ("slug")
+);
+
+CREATE INDEX "typecho_contents_created" ON "typecho_contents" ("created");
+
+--
+-- Table structure for table "typecho_fields"
+--
+
+CREATE TABLE "typecho_fields" ("cid" INT NOT NULL,
+  "name" VARCHAR(200) NOT NULL,
+  "type" VARCHAR(8) NULL DEFAULT 'str',
+  "str_value" TEXT NULL DEFAULT NULL,
+  "int_value" INT NULL DEFAULT '0',
+  "float_value" REAL NULL DEFAULT '0',
+  PRIMARY KEY  ("cid","name")
+);
+
+CREATE INDEX "typecho_fields_int_value" ON "typecho_fields" ("int_value");
+CREATE INDEX "typecho_fields_float_value" ON "typecho_fields" ("float_value");
+
+--
+-- Table structure for table "typecho_metas"
+--
+
+CREATE SEQUENCE "typecho_metas_seq";
+
+CREATE TABLE "typecho_metas" (  "mid" INT NOT NULL DEFAULT nextval('typecho_metas_seq'),
+  "name" VARCHAR(200) NULL DEFAULT NULL,
+  "slug" VARCHAR(200) NULL DEFAULT NULL,
+  "type" VARCHAR(16) NOT NULL DEFAULT '',
+  "description" VARCHAR(200) NULL DEFAULT NULL,
+  "count" INT NULL DEFAULT '0',
+  "order" INT NULL DEFAULT '0',
+  "parent" INT NULL DEFAULT '0',
+  PRIMARY KEY ("mid")
+);
+
+CREATE INDEX "typecho_metas_slug" ON "typecho_metas" ("slug");
+
+
+--
+-- Table structure for table "typecho_options"
+--
+
+CREATE TABLE "typecho_options" (  "name" VARCHAR(32) NOT NULL DEFAULT '',
+  "user" INT NOT NULL DEFAULT '0',
+  "value" TEXT NULL DEFAULT NULL,
+  PRIMARY KEY ("name","user")
+);
+
+--
+-- Table structure for table "typecho_relationships"
+--
+
+CREATE TABLE "typecho_relationships" (  "cid" INT NOT NULL DEFAULT '0',
+  "mid" INT NOT NULL DEFAULT '0',
+  PRIMARY KEY ("cid","mid")
+); 
+
+--
+-- Table structure for table "typecho_users"
+--
+CREATE SEQUENCE "typecho_users_seq";
+
+CREATE TABLE "typecho_users" (  "uid" INT NOT NULL DEFAULT nextval('typecho_users_seq') ,
+  "name" VARCHAR(32) NULL DEFAULT NULL,
+  "password" VARCHAR(64) NULL DEFAULT NULL,
+  "mail" VARCHAR(200) NULL DEFAULT NULL,
+  "url" VARCHAR(200) NULL DEFAULT NULL,
+  "screenName" VARCHAR(32) NULL DEFAULT NULL,
+  "created" INT NULL DEFAULT '0',
+  "activated" INT NULL DEFAULT '0',
+  "logged" INT NULL DEFAULT '0',
+  "group" VARCHAR(16) NULL DEFAULT 'visitor',
+  "authCode" VARCHAR(64) NULL DEFAULT NULL,
+  PRIMARY KEY ("uid"),
+  UNIQUE ("name"),
+  UNIQUE ("mail")
+);
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.php
new file mode 100644
index 0000000..ec0fa66
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.php
@@ -0,0 +1,7 @@
+<?php if(!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<?php $defaultDir = dirname($_SERVER['SCRIPT_FILENAME']) . '/usr/' . uniqid() . '.db'; ?>
+<li>
+<label class="typecho-label" for="dbFile"><?php _e('数据库文件路径'); ?></label>
+<input type="text" class="text" name="dbFile" id="dbFile" value="<?php _v('dbFile', $defaultDir); ?>"/>
+<p class="description"><?php _e('"%s" 是我们为您自动生成的地址', $defaultDir); ?></p>
+</li>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.sql b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.sql
new file mode 100644
index 0000000..80d53d6
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/install/SQLite.sql
@@ -0,0 +1,87 @@
+CREATE TABLE typecho_comments ( "coid" INTEGER NOT NULL PRIMARY KEY,
+"cid" int(10) default '0' ,
+"created" int(10) default '0' ,
+"author" varchar(200) default NULL ,
+"authorId" int(10) default '0' ,
+"ownerId" int(10) default '0' ,
+"mail" varchar(200) default NULL , 
+"url" varchar(200) default NULL , 
+"ip" varchar(64) default NULL , 
+"agent" varchar(200) default NULL , 
+"text" text , 
+"type" varchar(16) default 'comment' , 
+"status" varchar(16) default 'approved' , 
+"parent" int(10) default '0' );
+
+CREATE INDEX typecho_comments_cid ON typecho_comments ("cid");
+CREATE INDEX typecho_comments_created ON typecho_comments ("created");
+
+CREATE TABLE typecho_contents ( "cid" INTEGER NOT NULL PRIMARY KEY, 
+"title" varchar(200) default NULL , 
+"slug" varchar(200) default NULL , 
+"created" int(10) default '0' , 
+"modified" int(10) default '0' , 
+"text" text , 
+"order" int(10) default '0' , 
+"authorId" int(10) default '0' , 
+"template" varchar(32) default NULL , 
+"type" varchar(16) default 'post' , 
+"status" varchar(16) default 'publish' , 
+"password" varchar(32) default NULL , 
+"commentsNum" int(10) default '0' , 
+"allowComment" char(1) default '0' , 
+"allowPing" char(1) default '0' , 
+"allowFeed" char(1) default '0' ,
+"parent" int(10) default '0' );
+
+CREATE UNIQUE INDEX typecho_contents_slug ON typecho_contents ("slug");
+CREATE INDEX typecho_contents_created ON typecho_contents ("created");
+
+CREATE TABLE "typecho_fields" ("cid" INTEGER NOT NULL,
+  "name" varchar(200) NOT NULL,
+  "type" varchar(8) default 'str',
+  "str_value" text,
+  "int_value" int(10) default '0',
+  "float_value" real default '0'
+);
+
+CREATE UNIQUE INDEX typecho_fields_cid_name ON typecho_fields ("cid", "name");
+CREATE INDEX typecho_fields_int_value ON typecho_fields ("int_value");
+CREATE INDEX typecho_fields_float_value ON typecho_fields ("float_value");
+
+CREATE TABLE typecho_metas ( "mid" INTEGER NOT NULL PRIMARY KEY, 
+"name" varchar(200) default NULL , 
+"slug" varchar(200) default NULL , 
+"type" varchar(32) NOT NULL , 
+"description" varchar(200) default NULL , 
+"count" int(10) default '0' , 
+"order" int(10) default '0' ,
+"parent" int(10) default '0');
+
+CREATE INDEX typecho_metas_slug ON typecho_metas ("slug");
+
+CREATE TABLE typecho_options ( "name" varchar(32) NOT NULL , 
+"user" int(10) NOT NULL default '0' , 
+"value" text );
+
+CREATE UNIQUE INDEX typecho_options_name_user ON typecho_options ("name", "user");
+
+CREATE TABLE typecho_relationships ( "cid" int(10) NOT NULL , 
+"mid" int(10) NOT NULL );
+
+CREATE UNIQUE INDEX typecho_relationships_cid_mid ON typecho_relationships ("cid", "mid");
+
+CREATE TABLE typecho_users ( "uid" INTEGER NOT NULL PRIMARY KEY, 
+"name" varchar(32) default NULL , 
+"password" varchar(64) default NULL , 
+"mail" varchar(200) default NULL , 
+"url" varchar(200) default NULL , 
+"screenName" varchar(32) default NULL , 
+"created" int(10) default '0' , 
+"activated" int(10) default '0' , 
+"logged" int(10) default '0' , 
+"group" varchar(16) default 'visitor' , 
+"authCode" varchar(64) default NULL);
+
+CREATE UNIQUE INDEX typecho_users_name ON typecho_users ("name");
+CREATE UNIQUE INDEX typecho_users_mail ON typecho_users ("mail");
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/license.txt b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/license.txt
new file mode 100644
index 0000000..0e77e74
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/license.txt
@@ -0,0 +1,282 @@
+The GNU General Public License (GPL)
+Version 2, June 1991
+
+Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+
+59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+Everyone is permitted to copy and distribute verbatim copies
+
+of this license document, but changing it is not allowed.
+
+Preamble
+
+The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License. (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code. (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+NO WARRANTY
+
+11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+END OF TERMS AND CONDITIONS
\ No newline at end of file
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/todo.txt b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/todo.txt
new file mode 100644
index 0000000..7949f9c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/todo.txt
@@ -0,0 +1,7 @@
+0.9 版
+
+1. 干掉mootools，上jquery
+2. 后台UI更新
+3. 撰写页面更新，加入markdown支持
+4. 增加bae支持
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/Makefile b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/Makefile
new file mode 100644
index 0000000..f9bf98e
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/Makefile
@@ -0,0 +1,115 @@
+
+
+#define root directory
+DIR=../
+
+#update subversion
+update:
+	@echo 'git update'
+	rm -Rf build/
+	git clone https://github.com/typecho/typecho.git build
+	rm -Rf build/.git
+	rm -f build/.gitignore
+	rm -f build/.gitattributes
+	for i in `find build/ -name '*.css'`; do echo $$i && java -Xmx32m -jar yuicompressor-2.4.2.jar $$i --charset UTF-8 -o $$i; done;
+	for i in `find build/admin/js/ -name '*.js'`; do echo $$i && java -Xmx32m -jar yuicompressor-2.4.2.jar $$i --charset UTF-8 -o $$i; done;
+	for i in `find build/ -name '*.php'`; do php -l $$i; done;
+
+
+package:
+	@echo 'package'
+	rm -Rf build/tools/
+	rm -f build/todo.txt
+	rm -f build/changelog.txt
+	rm -f build/.travis.yml
+	rm -f build/README.md
+	rm -Rf build/admin/scss
+	rm -Rf build/admin/img/editor
+	rm -Rf build/admin/img/icons
+	rm -Rf build/admin/img/icons-2x
+	rm -Rf build/usr/langs/*
+	mkdir build/usr/uploads/
+	chmod 777 build/usr/uploads/
+	tar -cvvzf build.tar.gz build/
+
+
+commonmark-php:
+	rm -rf ../var/CommonMark
+	git clone https://github.com/joyqi/commonmark-php.git commonmark
+	php transfer.php commonmark/src CommonMark ColinODell/CommonMark
+	rm -f commonmark/src/CommonMarkConverter.php
+	mv commonmark/src ../var/CommonMark
+	rm -rf commonmark
+
+
+commonmark-js:
+	rm -rf ../admin/js/stmd.js
+	git clone https://github.com/jgm/stmd.git
+	cp stmd/js/stmd.js ../admin/js/
+	rm -rf stmd
+
+
+clear:
+	rm -Rf build/
+
+
+upgrade:
+	make update
+	rm -Rf ${DIR}/admin/
+	cp -Rf build/admin/ ${DIR}
+	rm -Rf ${DIR}/var/
+	cp -Rf build/var/ ${DIR}
+	rm -Rf ${DIR}/index.php
+	cp build/index.php ${DIR}
+	make clear
+
+langs:
+	rm -rf ../usr/langs
+	mkdir ../usr/langs
+	git clone https://github.com/typecho/languages.git
+	#for i in `find . -name '*.po'`; do echo $$i && php msgfmt.php $$i; done;
+	cd languages/ && for i in `find . -name '*.po'`; do echo `basename $$i` && msgfmt -o `basename $$i .po`.mo `basename $$i`; done;
+	cp languages/*.mo ../usr/langs/
+	rm -rf languages
+
+
+theme:
+	make update
+	rm -Rf ${DIR}/usr/themes/default/
+	cp -Rf build/usr/themes/default/ ${DIR}/usr/themes/
+	make clear
+
+
+install:
+	make update
+	rm -Rf build/tools/
+	rm -f build/todo.txt
+	rm -f build/changelog.txt
+	rm -f build/.travis.yml
+	rm -f build/README.md
+	rm -Rf build/admin/scss
+	rm -Rf build/admin/img/editor
+	rm -Rf build/admin/img/icons
+	rm -Rf build/admin/img/icons-2x
+	mkdir build/usr/uploads/
+	chmod 777 build/usr/uploads/
+	cp -Rf build/* ${DIR}
+	make clear
+
+
+pot:
+	cd ../ && php tools/list.php ./ > tools/files.txt	
+	cd ../ && xgettext --files-from=tools/files.txt -Lphp --from-code=UTF-8 --keyword=_t --keyword=_e --keyword=_n:1,2 --no-location --copyright-holder=Typecho --package-name=Typecho --package-version=`grep -E "VERSION = '(.*)'" ./var/Typecho/Common.php | cut -d "'" -f 2` --no-wrap --output=tools/messages.pot	
+	rm -f files.txt
+
+
+test:
+	for i in `find ../var/ -name '*.php'`; do php -l $$i || exit 1; done;
+	for i in `find ../usr/ -name '*.php'`; do php -l $$i || exit 1; done;
+	for i in `find ../admin/ -name '*.php'`; do php -l $$i || exit 1; done;
+
+
+all:
+	make update
+	make package
+	make clear
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/list.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/list.php
new file mode 100644
index 0000000..35f7b71
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/list.php
@@ -0,0 +1,36 @@
+<?php
+
+/** 参数不存在则退出 */
+if (!isset($argv[1])) {
+    echo 'no args';
+    exit(1);
+}
+
+/**
+ * 获取所有文件
+ * 
+ * @param string $dir
+ * @param string $pattern
+ * @return array
+ */
+function all_files($dir, $pattern = '*') {
+    $result = array();
+
+    $items = glob($dir . '/' . $pattern, GLOB_BRACE);
+    foreach ($items as $item) {
+        if (is_file($item)) {
+            $result[] = $item;
+        } 
+    }
+
+    $items = glob($dir . '/*', GLOB_ONLYDIR);
+    foreach ($items as $item) {
+        if (is_dir($item)) {
+            $result = array_merge($result, all_files($item, $pattern));
+        }
+    }
+
+    return $result;
+}
+
+echo implode("\n", all_files($argv[1], '*.php'));
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/tc.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/tc.php
new file mode 100644
index 0000000..885bd1c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/tc.php
@@ -0,0 +1,28 @@
+<?php
+
+/** 参数不存在则退出 */
+if (!isset($argv[1])) {
+    echo 'no args';
+    exit(1);
+}
+
+/** 解析所有的参数 */
+parse_str($argv[1], $options);
+
+/** 必要参数检测 */
+if (!isset($options['in']) || !isset($options['out'])) {
+    echo 'no input or output file';
+    exit(1);
+}
+
+$str = php_strip_whitespace($options['in']);
+$str = preg_replace("/require_once\s+('|\")[_0-9a-z-\/\.]+\\1\s*;/is", '', $str);
+$str = trim(ltrim($str, '<?php'));
+
+if (file_exists($options['out'])) {
+    $str = file_get_contents($options['out']) . $str;
+} else {
+    $str = '<?php ' . $str;
+}
+
+file_put_contents($options['out'], $str);
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/transfer.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/transfer.php
new file mode 100644
index 0000000..af0b614
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/transfer.php
@@ -0,0 +1,110 @@
+<?php
+
+// transfer namespace based php class to dashed
+$dir = $argv[1];
+$ns = $argv[2];
+$fake = $argv[3];
+
+$files = $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($dir,
+        FilesystemIterator::KEY_AS_PATHNAME
+        | FilesystemIterator::CURRENT_AS_FILEINFO | FilesystemIterator::SKIP_DOTS));
+
+$map = [];
+$lists = [];
+$offset = strlen($dir);
+
+foreach ($files as $file) {
+    $path = $file->getPathname();
+    $file = $file->getFilename();
+    $lists[] = $path;
+
+    $dir = dirname($path);
+
+    if ($file[0] == '.') {
+        continue;
+    }
+
+    $path = ltrim(substr($path, $offset), '/\\');
+    list($class) = explode('.', $path);
+    
+    $name = str_replace(['/', '\\'], '\\', $fake . '\\' . $class);
+    $class = str_replace(['/', '\\'], '_', $ns . '_' . $class);
+    
+    $map[$name] = $class;
+}
+
+foreach ($lists as $file) {
+    $dir = dirname($file);
+    $source = file_get_contents($file);
+    $replace = [];
+    $current = '';
+
+    $source = preg_replace_callback("/\nnamespace\s*([a-z_\\\]+);/is", function ($matches) use ($map, $file, &$replace, &$current) {
+        $matches[1] .= '\\' . pathinfo($file, PATHINFO_FILENAME);
+        $parts = explode('\\', $matches[1]);
+        $last = array_pop($parts);
+
+        if (isset($map[$matches[1]])) {
+            $replace[$last] = $map[$matches[1]];
+            $current = $matches[1];
+        }
+
+        return "if (!defined('__TYPECHO_ROOT_DIR__')) exit;";
+    }, $source);
+
+    $source = preg_replace_callback("/\nuse\s*([a-z_\\\]+)(?:\s+as\s+([a-z_\\\]+))?;/is", function ($matches) use ($map, &$replace) {
+        $parts = explode('\\', $matches[1]);
+        $last = array_pop($parts);
+
+        if (isset($map[$matches[1]])) {
+            $replace[$last] = $map[$matches[1]];
+        }
+
+        return '';
+    }, $source);
+
+    foreach ($map as $key => $val) {
+        if (count(explode('\\', $key)) == count(explode('\\', $current))) {
+            $parts = explode('_', $val);
+            $last = array_pop($parts);
+
+            if (!isset($replace[$last])) {
+                $replace[$last] = $val;
+            }
+        }
+    }
+
+    $source = str_replace(array('mb_strtoupper', 'mb_strlen'), 
+        array('Typecho_Common::strToUpper', 'Typecho_Common::strLen'), $source);
+
+    $tokens = token_get_all($source);
+    $source = '';
+
+    $last = false;
+    foreach ($tokens as $key => $token) {
+        if (!is_array($token)) {
+            $source .= $token;
+            $last = false;
+            continue;
+        }
+
+        list ($name, $str) = $token;
+
+        if (T_STRING == $name) {
+            $str = isset($replace[$str]) ? $replace[$str] : $str;
+        } else if (T_NS_SEPARATOR == $name) {
+            if (T_STRING == $last) {
+                $source = substr($source, 0, - strlen($tokens[$key - 1][1]));
+            }
+            
+            $str = '';
+        }
+
+        $last = $name;
+        $source .= $str;
+    }
+
+    file_put_contents($file, $source);
+}
+
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/updateForkTypecho.sh b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/updateForkTypecho.sh
new file mode 100644
index 0000000..ee45275
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/updateForkTypecho.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+#更新fork之后的Typecho至最新代码
+
+#切换到主目录
+cd ..
+
+#增加Typecho源分支地址到本地项目远程分支列表
+git remote add official https://github.com/typecho/typecho.git
+
+#查看远程分支列表
+#git remote -v
+
+#更新Typecho源分支的新版本到本地
+git fetch official
+
+#合并Typecho源分支的代码
+git merge official/master
+
+#将合并后的代码push到你自己fork的Tyepcho项目上去
+git push origin master
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/yuicompressor-2.4.2.jar b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/yuicompressor-2.4.2.jar
new file mode 100644
index 0000000..c29470b
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/tools/yuicompressor-2.4.2.jar differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/plugins/HelloWorld/Plugin.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/plugins/HelloWorld/Plugin.php
new file mode 100644
index 0000000..6425858
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/plugins/HelloWorld/Plugin.php
@@ -0,0 +1,70 @@
+<?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
+/**
+ * Hello World
+ * 
+ * @package HelloWorld 
+ * @author qining
+ * @version 1.0.0
+ * @link http://typecho.org
+ */
+class HelloWorld_Plugin implements Typecho_Plugin_Interface
+{
+    /**
+     * 激活插件方法,如果激活失败,直接抛出异常
+     * 
+     * @access public
+     * @return void
+     * @throws Typecho_Plugin_Exception
+     */
+    public static function activate()
+    {
+        Typecho_Plugin::factory('admin/menu.php')->navBar = array('HelloWorld_Plugin', 'render');
+    }
+    
+    /**
+     * 禁用插件方法,如果禁用失败,直接抛出异常
+     * 
+     * @static
+     * @access public
+     * @return void
+     * @throws Typecho_Plugin_Exception
+     */
+    public static function deactivate(){}
+    
+    /**
+     * 获取插件配置面板
+     * 
+     * @access public
+     * @param Typecho_Widget_Helper_Form $form 配置面板
+     * @return void
+     */
+    public static function config(Typecho_Widget_Helper_Form $form)
+    {
+        /** 分类名称 */
+        $name = new Typecho_Widget_Helper_Form_Element_Text('word', NULL, 'Hello World', _t('说点什么'));
+        $form->addInput($name);
+    }
+    
+    /**
+     * 个人用户的配置面板
+     * 
+     * @access public
+     * @param Typecho_Widget_Helper_Form $form
+     * @return void
+     */
+    public static function personalConfig(Typecho_Widget_Helper_Form $form){}
+    
+    /**
+     * 插件实现方法
+     * 
+     * @access public
+     * @return void
+     */
+    public static function render()
+    {
+        echo '<span class="message success">'
+            . htmlspecialchars(Typecho_Widget::widget('Widget_Options')->plugin('HelloWorld')->word)
+            . '</span>';
+    }
+}
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/404.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/404.php
new file mode 100644
index 0000000..6a2a210
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/404.php
@@ -0,0 +1,16 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<?php $this->need('header.php'); ?>
+
+    <div class="col-mb-12 col-tb-8 col-tb-offset-2">
+
+        <div class="error-page">
+            <h2 class="post-title">404 - <?php _e('页面没找到'); ?></h2>
+            <p><?php _e('你想查看的页面已被转移或删除了, 要不要搜索看看: '); ?></p>
+            <form method="post">
+                <p><input type="text" name="s" class="text" autofocus /></p>
+                <p><button type="submit" class="submit"><?php _e('搜索'); ?></button></p>
+            </form>
+        </div>
+
+    </div><!-- end #content-->
+	<?php $this->need('footer.php'); ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/archive.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/archive.php
new file mode 100644
index 0000000..cc5f991
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/archive.php
@@ -0,0 +1,36 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<?php $this->need('header.php'); ?>
+
+    <div class="col-mb-12 col-8" id="main" role="main">
+        <h3 class="archive-title"><?php $this->archiveTitle(array(
+            'category'  =>  _t('分类 %s 下的文章'),
+            'search'    =>  _t('包含关键字 %s 的文章'),
+            'tag'       =>  _t('标签 %s 下的文章'),
+            'author'    =>  _t('%s 发布的文章')
+        ), '', ''); ?></h3>
+        <?php if ($this->have()): ?>
+    	<?php while($this->next()): ?>
+            <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
+    			<h2 class="post-title" itemprop="name headline"><a itemtype="url" href="<?php $this->permalink() ?>"><?php $this->title() ?></a></h2>
+    			<ul class="post-meta">
+    				<li itemprop="author" itemscope itemtype="http://schema.org/Person"><?php _e('作者: '); ?><a itemprop="name" href="<?php $this->author->permalink(); ?>" rel="author"><?php $this->author(); ?></a></li>
+    				<li><?php _e('时间: '); ?><time datetime="<?php $this->date('c'); ?>" itemprop="datePublished"><?php $this->date('F j, Y'); ?></time></li>
+    				<li><?php _e('分类: '); ?><?php $this->category(','); ?></li>
+                    <li itemprop="interactionCount"><a href="<?php $this->permalink() ?>#comments"><?php $this->commentsNum('评论', '1 条评论', '%d 条评论'); ?></a></li>
+    			</ul>
+                <div class="post-content" itemprop="articleBody">
+        			<?php $this->content('- 阅读剩余部分 -'); ?>
+                </div>
+    		</article>
+    	<?php endwhile; ?>
+        <?php else: ?>
+            <article class="post">
+                <h2 class="post-title"><?php _e('没有找到内容'); ?></h2>
+            </article>
+        <?php endif; ?>
+
+        <?php $this->pageNav('&laquo; 前一页', '后一页 &raquo;'); ?>
+    </div><!-- end #main -->
+
+	<?php $this->need('sidebar.php'); ?>
+	<?php $this->need('footer.php'); ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/comments.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/comments.php
new file mode 100644
index 0000000..709d0b9
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/comments.php
@@ -0,0 +1,49 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<div id="comments">
+    <?php $this->comments()->to($comments); ?>
+    <?php if ($comments->have()): ?>
+	<h3><?php $this->commentsNum(_t('暂无评论'), _t('仅有一条评论'), _t('已有 %d 条评论')); ?></h3>
+    
+    <?php $comments->listComments(); ?>
+
+    <?php $comments->pageNav('&laquo; 前一页', '后一页 &raquo;'); ?>
+    
+    <?php endif; ?>
+
+    <?php if($this->allow('comment')): ?>
+    <div id="<?php $this->respondId(); ?>" class="respond">
+        <div class="cancel-comment-reply">
+        <?php $comments->cancelReply(); ?>
+        </div>
+    
+    	<h3 id="response"><?php _e('添加新评论'); ?></h3>
+    	<form method="post" action="<?php $this->commentUrl() ?>" id="comment-form" role="form">
+            <?php if($this->user->hasLogin()): ?>
+    		<p><?php _e('登录身份: '); ?><a href="<?php $this->options->profileUrl(); ?>"><?php $this->user->screenName(); ?></a>. <a href="<?php $this->options->logoutUrl(); ?>" title="Logout"><?php _e('退出'); ?> &raquo;</a></p>
+            <?php else: ?>
+    		<p>
+                <label for="author" class="required"><?php _e('称呼'); ?></label>
+    			<input type="text" name="author" id="author" class="text" value="<?php $this->remember('author'); ?>" required />
+    		</p>
+    		<p>
+                <label for="mail"<?php if ($this->options->commentsRequireMail): ?> class="required"<?php endif; ?>><?php _e('Email'); ?></label>
+    			<input type="email" name="mail" id="mail" class="text" value="<?php $this->remember('mail'); ?>"<?php if ($this->options->commentsRequireMail): ?> required<?php endif; ?> />
+    		</p>
+    		<p>
+                <label for="url"<?php if ($this->options->commentsRequireURL): ?> class="required"<?php endif; ?>><?php _e('网站'); ?></label>
+    			<input type="url" name="url" id="url" class="text" placeholder="<?php _e('http://'); ?>" value="<?php $this->remember('url'); ?>"<?php if ($this->options->commentsRequireURL): ?> required<?php endif; ?> />
+    		</p>
+            <?php endif; ?>
+    		<p>
+                <label for="textarea" class="required"><?php _e('内容'); ?></label>
+                <textarea rows="8" cols="50" name="text" id="textarea" class="textarea" required ><?php $this->remember('text'); ?></textarea>
+            </p>
+    		<p>
+                <button type="submit" class="submit"><?php _e('提交评论'); ?></button>
+            </p>
+    	</form>
+    </div>
+    <?php else: ?>
+    <h3><?php _e('评论已关闭'); ?></h3>
+    <?php endif; ?>
+</div>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/footer.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/footer.php
new file mode 100644
index 0000000..347cd19
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/footer.php
@@ -0,0 +1,14 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+
+        </div><!-- end .row -->
+    </div>
+</div><!-- end #body -->
+
+<footer id="footer" role="contentinfo">
+    &copy; <?php echo date('Y'); ?> <a href="<?php $this->options->siteUrl(); ?>"><?php $this->options->title(); ?></a>.
+    <?php _e('由 <a href="http://www.typecho.org">Typecho</a> 强力驱动'); ?>.
+</footer><!-- end #footer -->
+
+<?php $this->footer(); ?>
+</body>
+</html>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/functions.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/functions.php
new file mode 100644
index 0000000..77b4855
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/functions.php
@@ -0,0 +1,26 @@
+<?php
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
+
+function themeConfig($form) {
+    $logoUrl = new Typecho_Widget_Helper_Form_Element_Text('logoUrl', NULL, NULL, _t('站点LOGO地址'), _t('在这里填入一个图片URL地址, 以在网站标题前加上一个LOGO'));
+    $form->addInput($logoUrl);
+    
+    $sidebarBlock = new Typecho_Widget_Helper_Form_Element_Checkbox('sidebarBlock', 
+    array('ShowRecentPosts' => _t('显示最新文章'),
+    'ShowRecentComments' => _t('显示最近回复'),
+    'ShowCategory' => _t('显示分类'),
+    'ShowArchive' => _t('显示归档'),
+    'ShowOther' => _t('显示其它杂项')),
+    array('ShowRecentPosts', 'ShowRecentComments', 'ShowCategory', 'ShowArchive', 'ShowOther'), _t('侧边栏显示'));
+    
+    $form->addInput($sidebarBlock->multiMode());
+}
+
+
+/*
+function themeFields($layout) {
+    $logoUrl = new Typecho_Widget_Helper_Form_Element_Text('logoUrl', NULL, NULL, _t('站点LOGO地址'), _t('在这里填入一个图片URL地址, 以在网站标题前加上一个LOGO'));
+    $layout->addItem($logoUrl);
+}
+*/
+
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/grid.css b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/grid.css
new file mode 100644
index 0000000..e8c959c
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/grid.css
@@ -0,0 +1,569 @@
+/*
+ * Bento Grid System
+ * Source: https://github.com/fenbox/bento
+ * Version: 1.2.8
+ * Update: 2013.11.25
+ */
+.container, .row [class*="col-"] {
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box; }
+
+.container {
+  margin-left: auto;
+  margin-right: auto;
+  padding-left: 10px;
+  padding-right: 10px; }
+
+.row {
+  margin-right: -10px;
+  margin-left: -10px; }
+
+.row [class*="col-"] {
+  float: left;
+  min-height: 1px;
+  padding-right: 10px;
+  padding-left: 10px; }
+
+.row [class*="-push-"],
+.row [class*="-pull-"] {
+  position: relative; }
+
+/*
+ * Mobile and up
+ */
+.col-mb-1 {
+  width: 8.33333%; }
+
+.col-mb-2 {
+  width: 16.66667%; }
+
+.col-mb-3 {
+  width: 25%; }
+
+.col-mb-4 {
+  width: 33.33333%; }
+
+.col-mb-5 {
+  width: 41.66667%; }
+
+.col-mb-6 {
+  width: 50%; }
+
+.col-mb-7 {
+  width: 58.33333%; }
+
+.col-mb-8 {
+  width: 66.66667%; }
+
+.col-mb-9 {
+  width: 75%; }
+
+.col-mb-10 {
+  width: 83.33333%; }
+
+.col-mb-11 {
+  width: 91.66667%; }
+
+.col-mb-12 {
+  width: 100%; }
+
+/*
+ * Tablet and up
+ */
+@media (min-width: 768px) {
+  .container {
+    max-width: 728px; }
+
+  .col-tb-1 {
+    width: 8.33333%; }
+
+  .col-tb-2 {
+    width: 16.66667%; }
+
+  .col-tb-3 {
+    width: 25%; }
+
+  .col-tb-4 {
+    width: 33.33333%; }
+
+  .col-tb-5 {
+    width: 41.66667%; }
+
+  .col-tb-6 {
+    width: 50%; }
+
+  .col-tb-7 {
+    width: 58.33333%; }
+
+  .col-tb-8 {
+    width: 66.66667%; }
+
+  .col-tb-9 {
+    width: 75%; }
+
+  .col-tb-10 {
+    width: 83.33333%; }
+
+  .col-tb-11 {
+    width: 91.66667%; }
+
+  .col-tb-12 {
+    width: 100%; }
+
+  .col-tb-offset-0 {
+    margin-left: 0%; }
+
+  .col-tb-offset-1 {
+    margin-left: 8.33333%; }
+
+  .col-tb-offset-2 {
+    margin-left: 16.66667%; }
+
+  .col-tb-offset-3 {
+    margin-left: 25%; }
+
+  .col-tb-offset-4 {
+    margin-left: 33.33333%; }
+
+  .col-tb-offset-5 {
+    margin-left: 41.66667%; }
+
+  .col-tb-offset-6 {
+    margin-left: 50%; }
+
+  .col-tb-offset-7 {
+    margin-left: 58.33333%; }
+
+  .col-tb-offset-8 {
+    margin-left: 66.66667%; }
+
+  .col-tb-offset-9 {
+    margin-left: 75%; }
+
+  .col-tb-offset-10 {
+    margin-left: 83.33333%; }
+
+  .col-tb-offset-11 {
+    margin-left: 91.66667%; }
+
+  .col-tb-offset-12 {
+    margin-left: 100%; }
+
+  .col-tb-pull-0 {
+    right: 0%; }
+
+  .col-tb-pull-1 {
+    right: 8.33333%; }
+
+  .col-tb-pull-2 {
+    right: 16.66667%; }
+
+  .col-tb-pull-3 {
+    right: 25%; }
+
+  .col-tb-pull-4 {
+    right: 33.33333%; }
+
+  .col-tb-pull-5 {
+    right: 41.66667%; }
+
+  .col-tb-pull-6 {
+    right: 50%; }
+
+  .col-tb-pull-7 {
+    right: 58.33333%; }
+
+  .col-tb-pull-8 {
+    right: 66.66667%; }
+
+  .col-tb-pull-9 {
+    right: 75%; }
+
+  .col-tb-pull-10 {
+    right: 83.33333%; }
+
+  .col-tb-pull-11 {
+    right: 91.66667%; }
+
+  .col-tb-pull-12 {
+    right: 100%; }
+
+  .col-tb-push-0 {
+    left: 0%; }
+
+  .col-tb-push-1 {
+    left: 8.33333%; }
+
+  .col-tb-push-2 {
+    left: 16.66667%; }
+
+  .col-tb-push-3 {
+    left: 25%; }
+
+  .col-tb-push-4 {
+    left: 33.33333%; }
+
+  .col-tb-push-5 {
+    left: 41.66667%; }
+
+  .col-tb-push-6 {
+    left: 50%; }
+
+  .col-tb-push-7 {
+    left: 58.33333%; }
+
+  .col-tb-push-8 {
+    left: 66.66667%; }
+
+  .col-tb-push-9 {
+    left: 75%; }
+
+  .col-tb-push-10 {
+    left: 83.33333%; }
+
+  .col-tb-push-11 {
+    left: 91.66667%; }
+
+  .col-tb-push-12 {
+    left: 100%; } }
+/*
+ * Desktop and up
+ */
+@media (min-width: 992px) {
+  .container {
+    max-width: 952px; }
+
+  .col-1 {
+    width: 8.33333%; }
+
+  .col-2 {
+    width: 16.66667%; }
+
+  .col-3 {
+    width: 25%; }
+
+  .col-4 {
+    width: 33.33333%; }
+
+  .col-5 {
+    width: 41.66667%; }
+
+  .col-6 {
+    width: 50%; }
+
+  .col-7 {
+    width: 58.33333%; }
+
+  .col-8 {
+    width: 66.66667%; }
+
+  .col-9 {
+    width: 75%; }
+
+  .col-10 {
+    width: 83.33333%; }
+
+  .col-11 {
+    width: 91.66667%; }
+
+  .col-12 {
+    width: 100%; }
+
+  .col-offset-0 {
+    margin-left: 0%; }
+
+  .col-offset-1 {
+    margin-left: 8.33333%; }
+
+  .col-offset-2 {
+    margin-left: 16.66667%; }
+
+  .col-offset-3 {
+    margin-left: 25%; }
+
+  .col-offset-4 {
+    margin-left: 33.33333%; }
+
+  .col-offset-5 {
+    margin-left: 41.66667%; }
+
+  .col-offset-6 {
+    margin-left: 50%; }
+
+  .col-offset-7 {
+    margin-left: 58.33333%; }
+
+  .col-offset-8 {
+    margin-left: 66.66667%; }
+
+  .col-offset-9 {
+    margin-left: 75%; }
+
+  .col-offset-10 {
+    margin-left: 83.33333%; }
+
+  .col-offset-11 {
+    margin-left: 91.66667%; }
+
+  .col-offset-12 {
+    margin-left: 100%; }
+
+  .col-pull-0 {
+    right: 0%; }
+
+  .col-pull-1 {
+    right: 8.33333%; }
+
+  .col-pull-2 {
+    right: 16.66667%; }
+
+  .col-pull-3 {
+    right: 25%; }
+
+  .col-pull-4 {
+    right: 33.33333%; }
+
+  .col-pull-5 {
+    right: 41.66667%; }
+
+  .col-pull-6 {
+    right: 50%; }
+
+  .col-pull-7 {
+    right: 58.33333%; }
+
+  .col-pull-8 {
+    right: 66.66667%; }
+
+  .col-pull-9 {
+    right: 75%; }
+
+  .col-pull-10 {
+    right: 83.33333%; }
+
+  .col-pull-11 {
+    right: 91.66667%; }
+
+  .col-pull-12 {
+    right: 100%; }
+
+  .col-push-0 {
+    left: 0%; }
+
+  .col-push-1 {
+    left: 8.33333%; }
+
+  .col-push-2 {
+    left: 16.66667%; }
+
+  .col-push-3 {
+    left: 25%; }
+
+  .col-push-4 {
+    left: 33.33333%; }
+
+  .col-push-5 {
+    left: 41.66667%; }
+
+  .col-push-6 {
+    left: 50%; }
+
+  .col-push-7 {
+    left: 58.33333%; }
+
+  .col-push-8 {
+    left: 66.66667%; }
+
+  .col-push-9 {
+    left: 75%; }
+
+  .col-push-10 {
+    left: 83.33333%; }
+
+  .col-push-11 {
+    left: 91.66667%; }
+
+  .col-push-12 {
+    left: 100%; } }
+/*
+ * Widescreen and up
+ */
+@media (min-width: 1200px) {
+  .container {
+    max-width: 1160px; }
+
+  .col-wd-1 {
+    width: 8.33333%; }
+
+  .col-wd-2 {
+    width: 16.66667%; }
+
+  .col-wd-3 {
+    width: 25%; }
+
+  .col-wd-4 {
+    width: 33.33333%; }
+
+  .col-wd-5 {
+    width: 41.66667%; }
+
+  .col-wd-6 {
+    width: 50%; }
+
+  .col-wd-7 {
+    width: 58.33333%; }
+
+  .col-wd-8 {
+    width: 66.66667%; }
+
+  .col-wd-9 {
+    width: 75%; }
+
+  .col-wd-10 {
+    width: 83.33333%; }
+
+  .col-wd-11 {
+    width: 91.66667%; }
+
+  .col-wd-12 {
+    width: 100%; }
+
+  .col-wd-offset-0 {
+    margin-left: 0%; }
+
+  .col-wd-offset-1 {
+    margin-left: 8.33333%; }
+
+  .col-wd-offset-2 {
+    margin-left: 16.66667%; }
+
+  .col-wd-offset-3 {
+    margin-left: 25%; }
+
+  .col-wd-offset-4 {
+    margin-left: 33.33333%; }
+
+  .col-wd-offset-5 {
+    margin-left: 41.66667%; }
+
+  .col-wd-offset-6 {
+    margin-left: 50%; }
+
+  .col-wd-offset-7 {
+    margin-left: 58.33333%; }
+
+  .col-wd-offset-8 {
+    margin-left: 66.66667%; }
+
+  .col-wd-offset-9 {
+    margin-left: 75%; }
+
+  .col-wd-offset-10 {
+    margin-left: 83.33333%; }
+
+  .col-wd-offset-11 {
+    margin-left: 91.66667%; }
+
+  .col-wd-offset-12 {
+    margin-left: 100%; }
+
+  .col-wd-pull-0 {
+    right: 0%; }
+
+  .col-wd-pull-1 {
+    right: 8.33333%; }
+
+  .col-wd-pull-2 {
+    right: 16.66667%; }
+
+  .col-wd-pull-3 {
+    right: 25%; }
+
+  .col-wd-pull-4 {
+    right: 33.33333%; }
+
+  .col-wd-pull-5 {
+    right: 41.66667%; }
+
+  .col-wd-pull-6 {
+    right: 50%; }
+
+  .col-wd-pull-7 {
+    right: 58.33333%; }
+
+  .col-wd-pull-8 {
+    right: 66.66667%; }
+
+  .col-wd-pull-9 {
+    right: 75%; }
+
+  .col-wd-pull-10 {
+    right: 83.33333%; }
+
+  .col-wd-pull-11 {
+    right: 91.66667%; }
+
+  .col-wd-pull-12 {
+    right: 100%; }
+
+  .col-wd-push-0 {
+    left: 0%; }
+
+  .col-wd-push-1 {
+    left: 8.33333%; }
+
+  .col-wd-push-2 {
+    left: 16.66667%; }
+
+  .col-wd-push-3 {
+    left: 25%; }
+
+  .col-wd-push-4 {
+    left: 33.33333%; }
+
+  .col-wd-push-5 {
+    left: 41.66667%; }
+
+  .col-wd-push-6 {
+    left: 50%; }
+
+  .col-wd-push-7 {
+    left: 58.33333%; }
+
+  .col-wd-push-8 {
+    left: 66.66667%; }
+
+  .col-wd-push-9 {
+    left: 75%; }
+
+  .col-wd-push-10 {
+    left: 83.33333%; }
+
+  .col-wd-push-11 {
+    left: 91.66667%; }
+
+  .col-wd-push-12 {
+    left: 100%; } }
+/*
+ * Responsive kit
+ */
+@media (max-width: 767px) {
+  .kit-hidden-mb {
+    display: none; } }
+@media (max-width: 991px) {
+  .kit-hidden-tb {
+    display: none; } }
+@media (max-width: 1199px) {
+  .kit-hidden {
+    display: none; } }
+/*
+ * Clearfix
+ */
+.clearfix, .row {
+  zoom: 1; }
+  .clearfix:before, .row:before, .clearfix:after, .row:after {
+    content: " ";
+    display: table; }
+  .clearfix:after, .row:after {
+    clear: both; }
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/header.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/header.php
new file mode 100644
index 0000000..efabbed
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/header.php
@@ -0,0 +1,70 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<!DOCTYPE HTML>
+<html class="no-js">
+<head>
+    <meta charset="<?php $this->options->charset(); ?>">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge, chrome=1">
+    <meta name="renderer" content="webkit">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <title><?php $this->archiveTitle(array(
+            'category'  =>  _t('分类 %s 下的文章'),
+            'search'    =>  _t('包含关键字 %s 的文章'),
+            'tag'       =>  _t('标签 %s 下的文章'),
+            'author'    =>  _t('%s 发布的文章')
+        ), '', ' - '); ?><?php $this->options->title(); ?></title>
+
+    <!-- 使用url函数转换相关路径 -->
+    <link rel="stylesheet" href="http://cdn.staticfile.org/normalize/2.1.3/normalize.min.css">
+    <link rel="stylesheet" href="<?php $this->options->themeUrl('grid.css'); ?>">
+    <link rel="stylesheet" href="<?php $this->options->themeUrl('style.css'); ?>">
+
+    <!--[if lt IE 9]>
+    <script src="http://cdn.staticfile.org/html5shiv/r29/html5.min.js"></script>
+    <script src="http://cdn.staticfile.org/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+
+    <!-- 通过自有函数输出HTML头部信息 -->
+    <?php $this->header(); ?>
+</head>
+<body>
+<!--[if lt IE 8]>
+    <div class="browsehappy" role="dialog"><?php _e('当前网页 <strong>不支持</strong> 你正在使用的浏览器. 为了正常的访问, 请 <a href="http://browsehappy.com/">升级你的浏览器</a>'); ?>.</div>
+<![endif]-->
+
+<header id="header" class="clearfix">
+    <div class="container">
+        <div class="row">
+            <div class="site-name col-mb-12 col-9">
+                <a id="logo" href="<?php $this->options->siteUrl(); ?>">
+                    <?php if ($this->options->logoUrl): ?>
+                    <img src="<?php $this->options->logoUrl() ?>" alt="<?php $this->options->title() ?>" />
+                    <?php endif; ?>
+                    <?php $this->options->title() ?>
+                </a>
+        	    <p class="description"><?php $this->options->description() ?></p>
+            </div>
+            <div class="site-search col-3 kit-hidden-tb">
+                <form id="search" method="post" action="./" role="search">
+                    <label for="s" class="sr-only"><?php _e('搜索关键字'); ?></label>
+                    <input type="text" name="s" class="text" placeholder="<?php _e('输入关键字搜索'); ?>" />
+                    <button type="submit" class="submit"><?php _e('搜索'); ?></button>
+                </form>
+            </div>
+            <div class="col-mb-12">
+                <nav id="nav-menu" class="clearfix" role="navigation">
+                    <a<?php if($this->is('index')): ?> class="current"<?php endif; ?> href="<?php $this->options->siteUrl(); ?>"><?php _e('首页'); ?></a>
+                    <?php $this->widget('Widget_Contents_Page_List')->to($pages); ?>
+                    <?php while($pages->next()): ?>
+                    <a<?php if($this->is('page', $pages->slug)): ?> class="current"<?php endif; ?> href="<?php $pages->permalink(); ?>" title="<?php $pages->title(); ?>"><?php $pages->title(); ?></a>
+                    <?php endwhile; ?>
+                </nav>
+            </div>
+        </div><!-- end .row -->
+    </div>
+</header><!-- end #header -->
+<div id="body">
+    <div class="container">
+        <div class="row">
+
+    
+    
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search.png
new file mode 100644
index 0000000..6ab0619
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search@2x.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search@2x.png
new file mode 100644
index 0000000..243b408
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/img/icon-search@2x.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/index.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/index.php
new file mode 100644
index 0000000..495d426
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/index.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * 这是 Typecho 0.9 系统的一套默认皮肤
+ * 
+ * @package Typecho Replica Theme 
+ * @author Typecho Team
+ * @version 1.2
+ * @link http://typecho.org
+ */
+
+if (!defined('__TYPECHO_ROOT_DIR__')) exit;
+ $this->need('header.php');
+ ?>
+
+<div class="col-mb-12 col-8" id="main" role="main">
+	<?php while($this->next()): ?>
+        <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
+			<h2 class="post-title" itemprop="name headline"><a itemtype="url" href="<?php $this->permalink() ?>"><?php $this->title() ?></a></h2>
+			<ul class="post-meta">
+				<li itemprop="author" itemscope itemtype="http://schema.org/Person"><?php _e('作者: '); ?><a itemprop="name" href="<?php $this->author->permalink(); ?>" rel="author"><?php $this->author(); ?></a></li>
+				<li><?php _e('时间: '); ?><time datetime="<?php $this->date('c'); ?>" itemprop="datePublished"><?php $this->date('F j, Y'); ?></time></li>
+				<li><?php _e('分类: '); ?><?php $this->category(','); ?></li>
+				<li itemprop="interactionCount"><a itemprop="discussionUrl" href="<?php $this->permalink() ?>#comments"><?php $this->commentsNum('评论', '1 条评论', '%d 条评论'); ?></a></li>
+			</ul>
+            <div class="post-content" itemprop="articleBody">
+    			<?php $this->content('- 阅读剩余部分 -'); ?>
+            </div>
+        </article>
+	<?php endwhile; ?>
+
+    <?php $this->pageNav('&laquo; 前一页', '后一页 &raquo;'); ?>
+</div><!-- end #main-->
+
+<?php $this->need('sidebar.php'); ?>
+<?php $this->need('footer.php'); ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/page.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/page.php
new file mode 100644
index 0000000..8f1cd6f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/page.php
@@ -0,0 +1,15 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<?php $this->need('header.php'); ?>
+
+<div class="col-mb-12 col-8" id="main" role="main">
+    <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
+        <h1 class="post-title" itemprop="name headline"><a itemtype="url" href="<?php $this->permalink() ?>"><?php $this->title() ?></a></h1>
+        <div class="post-content" itemprop="articleBody">
+            <?php $this->content(); ?>
+        </div>
+    </article>
+    <?php $this->need('comments.php'); ?>
+</div><!-- end #main-->
+
+<?php $this->need('sidebar.php'); ?>
+<?php $this->need('footer.php'); ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/post.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/post.php
new file mode 100644
index 0000000..3732c9f
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/post.php
@@ -0,0 +1,27 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<?php $this->need('header.php'); ?>
+
+<div class="col-mb-12 col-8" id="main" role="main">
+    <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
+        <h1 class="post-title" itemprop="name headline"><a itemtype="url" href="<?php $this->permalink() ?>"><?php $this->title() ?></a></h1>
+        <ul class="post-meta">
+            <li itemprop="author" itemscope itemtype="http://schema.org/Person"><?php _e('作者: '); ?><a itemprop="name" href="<?php $this->author->permalink(); ?>" rel="author"><?php $this->author(); ?></a></li>
+            <li><?php _e('时间: '); ?><time datetime="<?php $this->date('c'); ?>" itemprop="datePublished"><?php $this->date('F j, Y'); ?></time></li>
+            <li><?php _e('分类: '); ?><?php $this->category(','); ?></li>
+        </ul>
+        <div class="post-content" itemprop="articleBody">
+            <?php $this->content(); ?>
+        </div>
+        <p itemprop="keywords" class="tags"><?php _e('标签: '); ?><?php $this->tags(', ', true, 'none'); ?></p>
+    </article>
+
+    <?php $this->need('comments.php'); ?>
+
+    <ul class="post-near">
+        <li>上一篇: <?php $this->thePrev('%s','没有了'); ?></li>
+        <li>下一篇: <?php $this->theNext('%s','没有了'); ?></li>
+    </ul>
+</div><!-- end #main-->
+
+<?php $this->need('sidebar.php'); ?>
+<?php $this->need('footer.php'); ?>
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/screenshot.png b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/screenshot.png
new file mode 100644
index 0000000..8aa2987
Binary files /dev/null and b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/screenshot.png differ
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/sidebar.php b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/sidebar.php
new file mode 100644
index 0000000..d546eb6
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/sidebar.php
@@ -0,0 +1,59 @@
+<?php if (!defined('__TYPECHO_ROOT_DIR__')) exit; ?>
+<div class="col-mb-12 col-offset-1 col-3 kit-hidden-tb" id="secondary" role="complementary">
+    <?php if (!empty($this->options->sidebarBlock) && in_array('ShowRecentPosts', $this->options->sidebarBlock)): ?>
+    <section class="widget">
+		<h3 class="widget-title"><?php _e('最新文章'); ?></h3>
+        <ul class="widget-list">
+            <?php $this->widget('Widget_Contents_Post_Recent')
+            ->parse('<li><a href="{permalink}">{title}</a></li>'); ?>
+        </ul>
+    </section>
+    <?php endif; ?>
+
+    <?php if (!empty($this->options->sidebarBlock) && in_array('ShowRecentComments', $this->options->sidebarBlock)): ?>
+    <section class="widget">
+		<h3 class="widget-title"><?php _e('最近回复'); ?></h3>
+        <ul class="widget-list">
+        <?php $this->widget('Widget_Comments_Recent')->to($comments); ?>
+        <?php while($comments->next()): ?>
+            <li><a href="<?php $comments->permalink(); ?>"><?php $comments->author(false); ?></a>: <?php $comments->excerpt(35, '...'); ?></li>
+        <?php endwhile; ?>
+        </ul>
+    </section>
+    <?php endif; ?>
+
+    <?php if (!empty($this->options->sidebarBlock) && in_array('ShowCategory', $this->options->sidebarBlock)): ?>
+    <section class="widget">
+		<h3 class="widget-title"><?php _e('分类'); ?></h3>
+        <?php $this->widget('Widget_Metas_Category_List')->listCategories('wrapClass=widget-list'); ?>
+	</section>
+    <?php endif; ?>
+
+    <?php if (!empty($this->options->sidebarBlock) && in_array('ShowArchive', $this->options->sidebarBlock)): ?>
+    <section class="widget">
+		<h3 class="widget-title"><?php _e('归档'); ?></h3>
+        <ul class="widget-list">
+            <?php $this->widget('Widget_Contents_Post_Date', 'type=month&format=F Y')
+            ->parse('<li><a href="{permalink}">{date}</a></li>'); ?>
+        </ul>
+	</section>
+    <?php endif; ?>
+
+    <?php if (!empty($this->options->sidebarBlock) && in_array('ShowOther', $this->options->sidebarBlock)): ?>
+	<section class="widget">
+		<h3 class="widget-title"><?php _e('其它'); ?></h3>
+        <ul class="widget-list">
+            <?php if($this->user->hasLogin()): ?>
+				<li class="last"><a href="<?php $this->options->adminUrl(); ?>"><?php _e('进入后台'); ?> (<?php $this->user->screenName(); ?>)</a></li>
+                <li><a href="<?php $this->options->logoutUrl(); ?>"><?php _e('退出'); ?></a></li>
+            <?php else: ?>
+                <li class="last"><a href="<?php $this->options->adminUrl('login.php'); ?>"><?php _e('登录'); ?></a></li>
+            <?php endif; ?>
+            <li><a href="<?php $this->options->feedUrl(); ?>"><?php _e('文章 RSS'); ?></a></li>
+            <li><a href="<?php $this->options->commentsFeedUrl(); ?>"><?php _e('评论 RSS'); ?></a></li>
+            <li><a href="http://www.typecho.org">Typecho</a></li>
+        </ul>
+	</section>
+    <?php endif; ?>
+
+</div><!-- end #sidebar -->
diff --git a/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/style.css b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/style.css
new file mode 100644
index 0000000..8f775b3
--- /dev/null
+++ b/PHP安全/PHP反序列化漏洞复现/Typecho-1.0-14.10.10/源码/typecho/usr/themes/default/style.css
@@ -0,0 +1,499 @@
+/* ------------------------------------
+ * Typecho Default Theme
+ *
+ * @author  Typecho Team
+ * @link  http: //typecho.org/
+ * @update  2013-10-28
+ * --------------------------------- */
+
+/* ------------------
+ * Global style
+ * --------------- */
+body {
+  background-color: #FFF;
+  color: #444;
+  /*font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;*/
+  font-family: "Droid Serif", Georgia, "Times New Roman", STHeiti, serif;
+  font-size: 87.5%;
+}
+
+a {
+  color: #3354AA;
+  text-decoration: none;
+}
+a:hover, a:active {
+  color: #444;
+}
+pre, code { 
+  background: #F3F3F0;
+  font-family: Menlo, Monaco, Consolas, "Lucida Console", "Courier New", monospace;
+  font-size: .92857em;
+}
+code { padding: 2px 4px; color: #B94A48; }
+pre {
+  padding: 0;
+  border: 1px solid #ccc;
+  overflow: auto;
+  max-height: 400px;
+}
+pre code {
+  padding: 3px;
+  color: #444;
+}
+
+blockquote {
+  margin: 1em 1.5em;
+  padding-left: 1.5em;
+  border-left: 4px solid #F3F3F0;
+}
+
+h1, h2, h3, h4, h5, h6 {
+  font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+}
+
+input[type="text"],
+input[type="email"],
+input[type="url"],
+input[type="password"],
+textarea {
+  padding: 5px;
+  border: 1px solid #E9E9E9;
+  width: 100%;
+
+  border-radius: 2px;
+  -webkit-box-sizing: border-box;
+  -moz-box-sizing: border-box;
+  box-sizing: border-box;
+}
+textarea {
+  resize: vertical;
+}
+
+
+/* Special link style */
+.post-meta a,
+.post-content a,
+.widget a,
+.comment-content a {
+  border-bottom: 1px solid #EEE;
+}
+
+.post-meta a:hover,
+.post-content a:hover,
+.widget a:hover,
+.comment-content a:hover {
+  border-bottom-color: transparent;
+}
+
+.browsehappy {
+  padding: 8px 0;
+  background: #FBE3E4;
+  color: #8A1F11;
+  text-align: center;
+}
+.browsehappy a {
+  color: #8A1F11;
+  text-decoration: underline;
+  font-weight: bold;
+}
+
+/* ------------------
+ * Header
+ * --------------- */
+
+#header {
+  padding-top: 35px;
+  border-bottom: 1px solid #EEE;
+}
+
+#logo {
+  color: #333;
+  font-size: 2.5em;
+}
+.description {
+  margin: .5em 0 0;
+  color: #999;
+  font-style: italic;
+}
+
+/* Navigation menu */
+#nav-menu {
+  margin: 25px 0 0;
+  padding: 0;
+}
+#nav-menu a {
+  display: block;
+  margin-right: -1px;
+  padding: 0 20px;
+  border: 1px solid #EEE;
+  border-bottom: none;
+  height: 32px;
+  line-height: 32px;
+  color: #444;
+  float: left;
+}
+#nav-menu a:hover,
+#nav-menu .current {
+  background: #F6F6F6;
+}
+
+/* Search */
+#search {
+  position: relative;
+  margin-top: 15px;
+}
+#search input {
+  padding-right: 30px;
+}
+#search button {
+  position: absolute;
+  right: 4px;
+  top: 2px;
+  border: none;
+  padding: 0;
+  width: 24px;
+  height: 24px;
+  background: transparent url(img/icon-search.png) no-repeat center center;
+  direction: ltr; /* fix RTL language */
+  text-indent: -9999em;
+}
+
+@media 
+(-webkit-min-device-pixel-ratio: 2), 
+(min-resolution: 192dpi) {
+  #search button {
+    background-image: url(img/icon-search@2x.png);
+    -webkit-background-size: 24px 24px;
+    -moz-background-size: 24px 24px;
+    -o-background-size: 24px 24px;
+    background-size: 24px 24px;
+  }
+}
+
+
+/* ------------------
+ * Main
+ * --------------- */
+
+.post {
+  padding: 15px 0 20px;
+  border-bottom: 1px solid #EEE;
+}
+.post-title {
+  margin: .83em 0;
+  font-size: 1.4em;
+}
+.post-meta {
+  margin-top: -0.5em;
+  padding: 0;
+  color: #999;
+  font-size: .92857em;
+}
+.post-meta li {
+  display: inline-block;
+  margin: 0 8px 0 0;
+  padding-left: 12px;
+  border-left: 1px solid #EEE;
+}
+.post-meta li:first-child {
+  margin-left: 0;
+  padding-left: 0;
+  border: none;
+}
+.post-content {
+  line-height: 1.5;
+}
+.post .tags {
+  clear: both;
+}
+
+.post-near {
+  list-style: none;
+  margin: 30px 0;
+  padding: 0;
+  color: #999;
+}
+.post-near li {
+  margin: 10px 0;
+}
+
+.archive-title {
+  margin: 1em 0 -1em;
+  padding-top: 20px;
+  color: #999;
+  font-size: 1em;
+}
+.more {
+  text-align: center;
+}
+.more a {
+  border: none;
+}
+.protected .text {
+  width: 50%;
+}
+
+/* Page nav */
+
+.page-navigator {
+  list-style: none;
+  margin: 25px 0;
+  padding: 0;
+  text-align: center;
+}
+.page-navigator li {
+  display: inline-block;
+  margin: 0 4px;
+}
+.page-navigator a {
+  display: inline-block;
+  padding: 0 10px;
+  height: 30px;
+  line-height: 30px;
+}
+.page-navigator a:hover {
+  background: #EEE;
+  text-decoration: none;
+}
+
+.page-navigator .current a {
+  color: #444;
+  background: #EEE;
+}
+
+/* ------------------
+ * Comment list
+ * --------------- */
+#comments {
+  padding-top: 15px;
+}
+.comment-list, .comment-list ol {
+  list-style: none;
+  margin: 0;
+  padding: 0;
+}
+.comment-list li {
+  padding: 14px;
+  margin-top: 10px;
+  border: 1px solid #EEE;
+}
+.comment-list li.comment-level-odd {
+  background: #F6F6F3;
+}
+.comment-list li.comment-level-even {
+  background: #FFF;
+}
+.comment-list li.comment-by-author {
+  background: #FFF9E8;
+}
+.comment-list li .comment-reply {
+  text-align: right;
+  font-size: .92857em;
+}
+.comment-meta a {
+  color: #999;
+  font-size: .92857em;
+}
+.comment-author {
+  display: block;
+  margin-bottom: 3px;
+  color: #444;
+}
+.comment-author .avatar {
+  float: left;
+  margin-right: 10px;
+}
+.comment-author cite {
+  font-weight: bold;
+  font-style: normal;
+}
+
+/* Comment reply */
+.comment-list .respond {
+  margin-top: 15px;
+  border-top: 1px solid #EEE;
+}
+.respond .cancel-comment-reply {
+  float: right;
+  margin-top: 15px;
+  font-size: .92857em;
+}
+#comment-form label {
+  display: block;
+  margin-bottom: .5em;
+  font-weight: bold;
+}
+#comment-form .required:after {
+  content: " *";
+  color: #C00;
+}
+
+/* ------------------
+ * secondary
+ * --------------- */
+#secondary {
+  padding-top: 15px;
+  word-wrap: break-word;
+}
+.widget {
+  margin-bottom: 30px;
+}
+.widget-title {
+}
+.widget-list {
+  list-style: none;
+  padding: 0;
+}
+.widget-list li {
+  margin: 5px 0;
+  line-height: 1.5;
+}
+
+.widget-list li ul {
+  margin-left: 15px;
+}
+
+.widget-list a:hover {
+}
+
+
+/* ------------------
+ * Footer 
+ * --------------- */
+#footer {
+  padding: 3em 0;
+  line-height: 1.5;
+  text-align: center;
+  color: #999;
+}
+
+
+/* -----------------
+ * Error page
+ * -------------- */
+.error-page {
+  margin-top: 100px;
+  margin-bottom: 100px;
+}
+
+
+/* -----------------
+ * Content format
+ *--------------- */
+.post-content, .comment-content {
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+.post-content h2, .comment-content h2 {
+  font-size: 1.28571em;
+}
+.post-content img, .comment-content img,
+.post-content video, .comment-content video {
+  max-width: 100%;
+}
+.post-content a img,
+.comment-content a img {
+  background: #FFF;
+  position: relative;
+  bottom: -4px;  /* hidden img parent link border  */
+}
+.post-content hr, .comment-content hr {
+  margin: 2em auto;
+  width: 100px;
+  border: 1px solid #E9E9E9;
+  border-width: 2px 0 0 0;
+}
+
+
+/* -----------------
+ * Misc
+ *--------------- */
+.aligncenter, div.aligncenter {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+.alignleft {
+  float: left;
+}
+.alignright {
+  float: right;
+}
+img.alignleft {
+  margin: 0 15px 0 0;
+}
+img.alignright {
+  margin: 0 0 0 15px;
+}
+
+
+/* -----------------
+ * Responsive
+ *--------------- */
+@media (max-width: 767px) {
+  body {
+    font-size: 81.25%;
+  }
+  #nav-menu a {
+    float: none;
+    display: inline-block;
+    margin: 0 -2px;
+  }
+}
+
+@media (max-width: 768px) {
+  #header,
+  .post-title,
+  .post-meta {
+    text-align: center;
+  }
+}
+
+@media (min-width: 992px) {
+
+}
+
+@media (min-width: 1200px) {
+  .container {
+    max-width: 952px;
+  }
+}
+
+
+/*
+* Hide from both screenreaders and browsers: h5bp.com/u
+*/
+.hidden {
+  display: none !important;
+  visibility: hidden; }
+
+/*
+* Hide only visually, but have it available for screenreaders: h5bp.com/v
+*/
+.sr-only {
+  border: 0;
+  height: 1px;
+  margin: -1px;
+  overflow: hidden;
+  padding: 0;
+  position: absolute;
+  width: 1px; }
+
+/*
+* Extends the .sr-only class to allow the element to be focusable
+* when navigated to via the keyboard: h5bp.com/p
+*/
+.sr-only.focusable:active,
+.sr-only.focusable:focus {
+  clip: auto;
+  height: auto;
+  margin: 0;
+  overflow: visible;
+  position: static;
+  width: auto; }
+
+/*
+* Hide visually and from screenreaders, but maintain layout
+*/
+.invisible {
+  visibility: hidden; }