From c405cd67aa2c7f50bc5eba8a626ffb6c33512f6f Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 13 Jun 2026 11:51:07 -0400 Subject: [PATCH] ... --- protected/docs/INSTALL.txt | 2 + protected/docs/etc/nginx/Chrome.sh | 1 + protected/docs/etc/nginx/fastcgi_params | 26 + protected/docs/etc/nginx/localhost.conf | 49 + .../docs/etc/nginx/make_localhost_CERTs.sh | 5 + protected/docs/etc/nginx/nginx.conf | 88 + .../docs/etc/nginx/sites-available/goals | 41 + protected/docs/etc/nginx/sites-enable.txt | 37 + .../docs/etc/nginx/snippets/error-page.conf | 14 + .../docs/etc/nginx/snippets/general.conf | 27 + .../docs/etc/nginx/snippets/scripts404.conf | 3 + .../docs/etc/nginx/snippets/self-signed.conf | 4 + .../docs/etc/nginx/snippets/ssl-params.conf | 24 + .../docs/etc/php/8.5/fpm/pool.d/www.conf | 491 ++++++ protected/docs/etc/php/8.5/php.ini | 1565 +++++++++++++++++ .../var/www/errors/error_images/404page.jpg | Bin 0 -> 37663 bytes .../docs/var/www/errors/html/en/404.html | 30 + .../docs/var/www/errors/html/en/50x.html | 1 + .../var/www/errors/html/en/forbidden.html | 1 + protected/sql/initGoals.sql | 3 +- protected/src/Classes/BaseController.php | 7 +- protected/src/Classes/Logic/HomeSearch.php | 10 +- .../src/Classes/Models/HomeFetchModel.php | 62 +- .../src/Classes/Models/HomeLoginModel.php | 2 +- protected/src/Configs/on_ErrorCodes.php | 43 + protected/src/Configs/on_HtmlPurifier.php | 16 + protected/src/Configs/on_IOcornerstone.php | 2 +- protected/src/Configs/on_Security | 17 + .../src/Controllers/App/HomeController.php | 18 +- .../src/{Services => LoadServices}/on_App.php | 0 .../{Services => LoadServices}/on_CORs.php | 0 .../src/{Services => LoadServices}/on_Db.php | 9 +- .../on_Debugger.php | 0 protected/src/LoadServices/on_HtmlFilter.php | 20 + .../{Services => LoadServices}/on_Logger.php | 0 .../on_Repository.php | 2 + .../on_Session_Encryption.php | 0 .../on_Sessions.php | 0 .../src/{Services => LoadServices}/on_zDB.php | 0 protected/src/Views/Common/App/Home/Index.php | 11 +- .../src/Views/Common/App/Home/Logout.php | 15 + protected/src/composer.json | 3 +- protected/src/composer.lock | 63 +- public/assets/css/breadcrumbs.css | 9 +- public/assets/css/index.css | 1 + public/assets/images/404page.jpg | Bin 0 -> 37663 bytes public/{index.php => main.page} | 0 47 files changed, 2673 insertions(+), 49 deletions(-) create mode 100644 protected/docs/INSTALL.txt create mode 100755 protected/docs/etc/nginx/Chrome.sh create mode 100644 protected/docs/etc/nginx/fastcgi_params create mode 100644 protected/docs/etc/nginx/localhost.conf create mode 100755 protected/docs/etc/nginx/make_localhost_CERTs.sh create mode 100644 protected/docs/etc/nginx/nginx.conf create mode 100644 protected/docs/etc/nginx/sites-available/goals create mode 100644 protected/docs/etc/nginx/sites-enable.txt create mode 100644 protected/docs/etc/nginx/snippets/error-page.conf create mode 100644 protected/docs/etc/nginx/snippets/general.conf create mode 100644 protected/docs/etc/nginx/snippets/scripts404.conf create mode 100644 protected/docs/etc/nginx/snippets/self-signed.conf create mode 100644 protected/docs/etc/nginx/snippets/ssl-params.conf create mode 100644 protected/docs/etc/php/8.5/fpm/pool.d/www.conf create mode 100644 protected/docs/etc/php/8.5/php.ini create mode 100644 protected/docs/var/www/errors/error_images/404page.jpg create mode 100644 protected/docs/var/www/errors/html/en/404.html create mode 100644 protected/docs/var/www/errors/html/en/50x.html create mode 100644 protected/docs/var/www/errors/html/en/forbidden.html create mode 100644 protected/src/Configs/on_ErrorCodes.php create mode 100644 protected/src/Configs/on_HtmlPurifier.php create mode 100644 protected/src/Configs/on_Security rename protected/src/{Services => LoadServices}/on_App.php (100%) rename protected/src/{Services => LoadServices}/on_CORs.php (100%) rename protected/src/{Services => LoadServices}/on_Db.php (80%) rename protected/src/{Services => LoadServices}/on_Debugger.php (100%) create mode 100644 protected/src/LoadServices/on_HtmlFilter.php rename protected/src/{Services => LoadServices}/on_Logger.php (100%) rename protected/src/{Services => LoadServices}/on_Repository.php (89%) rename protected/src/{Services => LoadServices}/on_Session_Encryption.php (100%) rename protected/src/{Services => LoadServices}/on_Sessions.php (100%) rename protected/src/{Services => LoadServices}/on_zDB.php (100%) create mode 100644 protected/src/Views/Common/App/Home/Logout.php create mode 100644 public/assets/images/404page.jpg rename public/{index.php => main.page} (100%) diff --git a/protected/docs/INSTALL.txt b/protected/docs/INSTALL.txt new file mode 100644 index 0000000..52cda59 --- /dev/null +++ b/protected/docs/INSTALL.txt @@ -0,0 +1,2 @@ +See file: +/var/www/mygoals/protected/docs/etc/nginx/sites-enable.txt diff --git a/protected/docs/etc/nginx/Chrome.sh b/protected/docs/etc/nginx/Chrome.sh new file mode 100755 index 0000000..d673e97 --- /dev/null +++ b/protected/docs/etc/nginx/Chrome.sh @@ -0,0 +1 @@ +certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "localhost" -i localhost.crt diff --git a/protected/docs/etc/nginx/fastcgi_params b/protected/docs/etc/nginx/fastcgi_params new file mode 100644 index 0000000..69c4387 --- /dev/null +++ b/protected/docs/etc/nginx/fastcgi_params @@ -0,0 +1,26 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param REMOTE_USER $remote_user; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/protected/docs/etc/nginx/localhost.conf b/protected/docs/etc/nginx/localhost.conf new file mode 100644 index 0000000..e449682 --- /dev/null +++ b/protected/docs/etc/nginx/localhost.conf @@ -0,0 +1,49 @@ +[req] +default_bits = 2048 +default_keyfile = localhost.key +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_ca + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = US +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = OK +localityName = Locality Name (eg, city) +localityName_default = Here +organizationName = Organization Name (eg, company) +organizationName_default = localhost +organizationalUnitName = organizationalunit +organizationalUnitName_default = Development +commonName = Website Domain +commonName_default = *.home.local +commonName_max = 64 + +[req_ext] +subjectAltName = @alt_names + +[v3_ca] +subjectAltName = @alt_names +basicConstraints = critical, CA:false +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth + +[alt_names] +DNS.1 = *.home.local +DNS.2 = home.local +DNS.3 = localhost +IP.1 = 127.0.0.1 +IP.2 = 127.0.0.2 +IP.3 = 127.0.0.3 +IP.4 = 127.0.0.4 +IP.5 = 127.0.0.5 +IP.6 = 127.0.0.6 +IP.7 = 127.0.0.7 +IP.8 = 127.0.0.8 +IP.9 = 127.0.0.9 +IP.10 = 127.0.0.10 +IP.11 = 127.0.0.11 +IP.12 = 127.0.0.12 +IP.13 = 127.0.0.13 + diff --git a/protected/docs/etc/nginx/make_localhost_CERTs.sh b/protected/docs/etc/nginx/make_localhost_CERTs.sh new file mode 100755 index 0000000..b9c5d0a --- /dev/null +++ b/protected/docs/etc/nginx/make_localhost_CERTs.sh @@ -0,0 +1,5 @@ +#!/bin/bash +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf +cp localhost.crt /etc/ssl/certs/localhost.crt +cp localhost.key /etc/ssl/private/localhost.key +openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 diff --git a/protected/docs/etc/nginx/nginx.conf b/protected/docs/etc/nginx/nginx.conf new file mode 100644 index 0000000..3860af5 --- /dev/null +++ b/protected/docs/etc/nginx/nginx.conf @@ -0,0 +1,88 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +worker_rlimit_nofile 65535; +include /etc/nginx/modules-enabled/*.conf; + +events { +# worker_connections 768; + worker_connections 65535; + multi_accept on; +} + +http { + charset utf-8; + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; + server_tokens off; + + # Limits + limit_req_log_level warn; + limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; + + + ## Start: Size Limits & Buffer Overflows ## + #client_body_buffer_size 1K; + #client_header_buffer_size 1k; + #client_max_body_size 1k; + #large_client_header_buffers 2 1k; + ## END: Size Limits & Buffer Overflows ## + + ## Start: Timeouts ## + client_body_timeout 10; + client_header_timeout 10; + keepalive_timeout 5 5; + send_timeout 10; + ## End: Timeouts ## + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + +# ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log off; + error_log /dev/null; + + ## + # Gzip Settings + ## + + # gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/protected/docs/etc/nginx/sites-available/goals b/protected/docs/etc/nginx/sites-available/goals new file mode 100644 index 0000000..f4da902 --- /dev/null +++ b/protected/docs/etc/nginx/sites-available/goals @@ -0,0 +1,41 @@ +map $http_accept_language $lang { + default en; + ~de de; +#... +} + +server { + listen 80; + server_name goals.dev.local; + return 301 https://$host$request_uri; +} +server { + listen 443 ssl http2; + include snippets/self-signed.conf; + include snippets/ssl-params.conf; + + index main.page; + + error_log /var/log/nginx/goals.log warn; + access_log /var/log/nginx/access.log combined buffer=512k flush=1m; + + server_name goals.dev.local; + + set $base /var/www/mygoals; + root $base/public; + + include snippets/error-page.conf; + include snippets/scripts404.conf; + include snippets/general.conf; + + location / { + try_files $uri /main.page/$is_args$args; + } + + location /main.page { + fastcgi_pass php-fpm85; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + +} diff --git a/protected/docs/etc/nginx/sites-enable.txt b/protected/docs/etc/nginx/sites-enable.txt new file mode 100644 index 0000000..8757718 --- /dev/null +++ b/protected/docs/etc/nginx/sites-enable.txt @@ -0,0 +1,37 @@ +# Install nginx... + +# Backup the etc/nginx folder to another folder... +$ sudo cp -r /etc/nginx/ /etc/nginx_Backups/ + +# Install PHP 8.5... and then Back it up... +$ sudo cp -r /etc/php/8.5/ /etc/php/85_Backups/ + +# Now, Copy the docs folder into the System paths... +$ sudo cp -r /var/www/mygoals/protected/docs/var/www/errors/ /var/www/errors/ +$ sudo cp /var/www/mygoals/protected/docs/etc/php/8.5/php.ini /etc/php/8.5/ +$ sudo cp /var/www/mygoals/protected/docs/etc/php/8.5/fpm/pool.d/www.conf /etc/php/8.5/pool.d/ +$ sudo cp -r /var/www/mygoals/protected/docs/etc/nginx/ /etc/nginx/ + +# Fix PERMS... +$ sudo chown -R $USER:www-data /var/www/errors +$ sudo chown -R root:root /etc/php/ +$ sudo chown -R root:root /etc/nginx/ + +# Setup goals site +$ sudo ln -s /etc/nginx/sites-available/goals /etc/nginx/sites-enabled/ + +$ cd /etc/nginx + +# If on a developers computer NOT Cloud or LIVE, then make local CERTS +$ ./make_localhost_CERTs.sh + +# Test nginx Config files for Errors first: +$ nginx -t + +$ sudo service nginx status +# start or restart +$ sudo service nginx start + +$ sudo service php8.5-fpm status +# start or restart +$ sudo service php8.5-fpm start \ No newline at end of file diff --git a/protected/docs/etc/nginx/snippets/error-page.conf b/protected/docs/etc/nginx/snippets/error-page.conf new file mode 100644 index 0000000..9e0ea22 --- /dev/null +++ b/protected/docs/etc/nginx/snippets/error-page.conf @@ -0,0 +1,14 @@ + error_page 404 /errors/html/$lang/404.html; + error_page 403 /errors/html/$lang/forbidden.html; + error_page 500 502 503 504 /errors/html/$lang/50x.html; + location /errors/ { + alias /var/www/errors/; + allow all; + internal; # Only Intrenal Errors can use this + } + location ~ ^/error_images/.*\.(jpg|jpeg|png|gif)$ { + root /var/www/errors/; + expires 30d; # Cache the image for 30 days + autoindex off; +# access_log /var/log/nginx/404_errors_access.log; + } diff --git a/protected/docs/etc/nginx/snippets/general.conf b/protected/docs/etc/nginx/snippets/general.conf new file mode 100644 index 0000000..0e6115d --- /dev/null +++ b/protected/docs/etc/nginx/snippets/general.conf @@ -0,0 +1,27 @@ +# favicon.ico +location = /favicon.ico { + log_not_found off; +} + +# robots.txt +location = /robots.txt { + log_not_found off; +} + +# assets, media +location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { + expires 7d; +} + +# svg, fonts +location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { + add_header Access-Control-Allow-Origin "*"; + expires 7d; +} + +# gzip +gzip on; +gzip_vary on; +gzip_proxied any; +gzip_comp_level 6; +gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; diff --git a/protected/docs/etc/nginx/snippets/scripts404.conf b/protected/docs/etc/nginx/snippets/scripts404.conf new file mode 100644 index 0000000..e5054a9 --- /dev/null +++ b/protected/docs/etc/nginx/snippets/scripts404.conf @@ -0,0 +1,3 @@ + location ~ \.(asp|aspx|axd|asx|asmx|ashx|cfm|cs|kt|flash|yaws|swf|xhtml|htm|jhtml|java|jsp|wss|do|action|perl|pl|php|php5|php7|php8|php9|phtml|php3|php4|python|py|ruby|rb|rhtml|ssi|shtml|ts|c|cpp|cgi|dll|so)$ { + return 404; + } diff --git a/protected/docs/etc/nginx/snippets/self-signed.conf b/protected/docs/etc/nginx/snippets/self-signed.conf new file mode 100644 index 0000000..bba8c7f --- /dev/null +++ b/protected/docs/etc/nginx/snippets/self-signed.conf @@ -0,0 +1,4 @@ +ssl_certificate /etc/ssl/certs/localhost.crt; +#/etc/ssl/certs/nginx-selfsigned.crt; +ssl_certificate_key /etc/ssl/private/localhost.key; +#/etc/ssl/private/nginx-selfsigned.key; diff --git a/protected/docs/etc/nginx/snippets/ssl-params.conf b/protected/docs/etc/nginx/snippets/ssl-params.conf new file mode 100644 index 0000000..1dcf7fb --- /dev/null +++ b/protected/docs/etc/nginx/snippets/ssl-params.conf @@ -0,0 +1,24 @@ +# from https://cipherli.st/ +# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html +# https://ssl-config.mozilla.org & https://observatory.mozilla.org +# https://securityheaders.com +# TLSv1.2 +ssl_protocols TLSv1.3; # Requires nginx >= 1.13.0 else use TLSv1.2 +ssl_prefer_server_ciphers off; +#ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; +#ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling off; # Turn on Prod systems +ssl_stapling_verify off; +resolver 127.0.0.1 valid=300s; +resolver_timeout 5s; +# Disable preloading HSTS for now. You can use the commented out header line that includes +# the "preload" directive if you understand the implications. +#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; +#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always; + +ssl_dhparam /etc/ssl/certs/dhparam.pem; + +# IMPORTANT: disable HSTS in dev (or explicitly clear it) +add_header Strict-Transport-Security "max-age=0" always; diff --git a/protected/docs/etc/php/8.5/fpm/pool.d/www.conf b/protected/docs/etc/php/8.5/fpm/pool.d/www.conf new file mode 100644 index 0000000..a98d43b --- /dev/null +++ b/protected/docs/etc/php/8.5/fpm/pool.d/www.conf @@ -0,0 +1,491 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of the child processes. This can be used only if the master +; process running user is root. It is set after the child process is created. +; The user and group can be specified either by their name or by their numeric +; IDs. +; Note: If the user is root, the executable needs to be started with +; --allow-to-run-as-root option to work. +; Default Values: The user is set to master process running user by default. +; If the group is not set, the user's group is used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.5-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: Owner is set to the master process running user. If the group +; is not set, the owner's group is used. Mode is set to 0660. +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set the associated the route table (FIB). FreeBSD only +; Default Value: -1 +;listen.setfib = 1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or +; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then information is related to the +; last request the process has served. Otherwise information is related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.5/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: basic auth user if specified in Authorization header +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; A list of request_uri values which should be filtered from the access log. +; +; As a security precaution, this setting will be ignored if: +; - the request method is not GET or HEAD; or +; - there is a request body; or +; - there are query parameters; or +; - the response code is outwith the successful range of 200 to 299 +; +; Note: The paths are matched against the output of the access.format tag "%r". +; On common configurations, this may look more like SCRIPT_NAME than the +; expected pre-rewrite URI. +; +; Default Value: not set +;access.suppress_path[] = /ping +;access.suppress_path[] = /health_check.php + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +security.limit_extensions = .page .php + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' will not overwrite previously +; defined php.ini values, but will append the new value instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/protected/docs/etc/php/8.5/php.ini b/protected/docs/etc/php/8.5/php.ini new file mode 100644 index 0000000..35fb6d6 --- /dev/null +++ b/protected/docs/etc/php/8.5/php.ini @@ -0,0 +1,1565 @@ +[PHP] +open_basedir = /var/www:/var/lib/php/sessions:/usr/share/php/IOcornerstone:/dev/shm:/tmp/tank +disable_functions = phpinfo,apache_child_terminate,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,define_syslog_variables,disk_free_space,diskfreespace,dl,dlopen,escapeshellarg,eval,exec,fp,fput,fsockopen,ftp_connect,ftp_exec,ftp_get,ftp_login,ftp_nb_fput,ftp_put,ftp_raw,ftp_rawlist,highlight_file,ini_alter,ini_get_all,ini_restore,inject_code,leak,mysql_pconnect,openlog,passthru,pcntl_exec,phpAds_XmlRpc,phpAds_remoteInfo,phpAds_xmlrpcDecode,phpAds_xmlrpcEncode,php_uname,popen,posix_getpwuid,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,set_time_limit,shell_exec,show_source,syslog,system,tmpfile,virtual,xmlrpc_entity_decode +disable_classes = ZipArchive,SplFileObject,DirectoryIterator,Socket,Stream +expose_php = Off +; See the PHP docs for more specific information. +; https://php.net/configuration.file +; https://php.net/ini.sections + +; Enable the PHP scripting language engine under Apache. +; https://php.net/engine +engine = On +short_open_tag = Off + +; The number of significant digits displayed in floating point numbers. +; https://php.net/precision +precision = 14 + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; https://php.net/output-buffering +output_buffering = 4096 + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; https://php.net/zlib.output-compression +zlib.output_compression = Off + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; https://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +unserialize_callback_func = + +; The unserialize_max_depth specifies the default depth limit for unserialized +; structures. Setting the depth limit too high may result in stack overflows +; during unserialization. The unserialize_max_depth ini setting can be +; overridden by the max_depth option on individual unserialize() calls. +; A value of 0 disables the depth limit. +;unserialize_max_depth = 4096 + +; When floats & doubles are serialized, store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +; The value is also used for json_encode when encoding double values. +; If -1 is used, then dtoa mode 0 is used which automatically select the best +; precision. +serialize_precision = -1 + +; Enables or disables the circular reference collector. +; https://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; https://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; https://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; https://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; https://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M +max_memory_limit = -1 + +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED +; https://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On +; Development Value: On +; Production Value: Off +; https://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; https://php.net/log-errors +log_errors = On + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; https://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; https://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; This setting is off by default. +;report_zend_debug = 0 + +; Turn off normal error reporting and emit XML-RPC error XML +; https://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; https://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from https://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; https://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; https://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; https://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; https://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +;error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +; This directive controls whether PHP will output the backtrace of fatal errors. +; Default Value: On +; Development Value: On +; Production Value: On +;fatal_error_backtraces = On + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; https://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; https://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; https://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; https://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For security reasons, this feature should be disabled +; for non-CLI SAPIs. +; Note: This directive is ignored for the CLI SAPI +; This directive is deprecated. +; https://php.net/register-argc-argv +;register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; https://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; https://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; https://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; https://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; https://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; https://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; https://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; https://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; https://php.net/extension-dir +;extension_dir = "./" +; On windows: +;extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; https://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; https://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; https://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; https://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; https://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Prevent decoding of SCRIPT_FILENAME when using Apache ProxyPass or +; ProxyPassMatch. This should be used if script file paths are not stored +; in an encoded format on the file system. +; Default is 1. +;fastcgi.script_path_encoded = 0 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; https://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; https://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; https://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; https://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; https://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; https://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; https://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; https://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; https://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename +; +; For example: +; +; extension=mysqli +; +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: +; +; extension=/path/to/extension/mysqli.so +; +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. +; +; Notes for Windows environments : +; +; - Many DLL files are located in the ext/ +; extension folders as well as the separate PECL DLL download. +; Be sure to appropriately set the extension_dir directive. +; +;extension=bz2 +;extension=curl +;extension=exif +;extension=ffi +;extension=ftp +;extension=fileinfo +;extension=gd +;extension=gettext +;extension=gmp +;extension=intl +;extension=ldap +;extension=mbstring +;extension=mysqli +;extension=odbc +;extension=openssl +;extension=pdo_firebird +;extension=pdo_mysql +;extension=pdo_odbc +;extension=pdo_pgsql +;extension=pdo_sqlite +;extension=pgsql +;extension=shmop + +; The MIBS data available in the PHP distribution must be installed. +; See https://www.php.net/manual/en/snmp.installation.php +;extension=snmp + +;extension=soap +;extension=sockets +;extension=sodium +;extension=sqlite3 +;extension=tidy +;extension=xsl +;extension=zip + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; https://php.net/date.timezone +;date.timezone = + +; https://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; https://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 + +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 + +[filter] +; https://php.net/filter.default +;filter.default = unsafe_raw + +; https://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +; This directive is deprecated. +;intl.error_level = E_WARNING +; If enabled this directive indicates that when an error occurs within an +; intl function a IntlException should be thrown. +; Default is Off, which means errors need to be handled manually. +;intl.use_exceptions = On + +[sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + +[Pcre] +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; https://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +pdo_mysql.default_socket= + +[Phar] +; https://php.net/phar.readonly +;phar.readonly = On + +; https://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; https://php.net/smtp +SMTP = localhost +; https://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; https://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; https://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; Use mixed LF and CRLF line separators to keep compatibility with some +; RFC 2822 non conformant MTA. +mail.mixed_lf_and_crlf = Off + +; Control line ending mode for mail messages and headers. +; Possible values: "crlf" (default), "lf", "mixed", "os" +; - crlf: Use CRLF line endings +; - lf: Use LF line endings only (converts CRLF in message to LF) +; - mixed: Same as mail.mixed_lf_and_crlf = On +; - os: Use CRLF on Windows, LF on other systems +mail.cr_lf_mode = crlf + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[ODBC] +; https://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; https://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; https://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; https://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; https://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; https://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; https://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; https://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + +; Allow or prevent persistent links. +; https://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; https://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). +; https://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; https://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect(). +; https://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect(). +; https://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect(). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; https://php.net/mysqli.default-pw +mysqli.default_pw = + +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; Default Value: Off +; Development Value: On +; Production Value: Off +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + +[PostgreSQL] +; Allow or prevent persistent links. +; https://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; https://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; https://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; https://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; https://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; https://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[bcmath] +; Number of decimal digits for all bcmath functions. +; https://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; https://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; https://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; https://php.net/session.save-path +;session.save_path = "/var/lib/php/sessions" + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; https://php.net/session.use-cookies +session.use_cookies = 1 + +; https://php.net/session.cookie-secure +;session.cookie_secure = + +; https://php.net/session.cookie-partitioned +;session.cookie_partitioned = 0 + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; https://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; https://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; https://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; https://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; https://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly +session.cookie_httponly = + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.gc-probability +; Debian Default Value: 0 +; This is disabled in the Debian packages due to the strict permissions +; on /var/lib/php. Instead, GC is performed through /etc/cron.d/php, +; which uses the session.gc_maxlifetime setting. Please, check +; /usr/share/doc/php8.2-common/README.Debian.gz for further reference. +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; https://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; https://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; https://php.net/session.referer-check +session.referer_check = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; https://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; https://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; https://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; https://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; https://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; https://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; https://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; https://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! +; (For turning assertions on and off at run-time, toggle zend.assertions between the values 1 and 0) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; https://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; https://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typelib on com_load() +; https://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; https://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; https://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +; The version of the .NET framework to use. The value of the setting are the first three parts +; of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319". +;com.dotnet_version= + +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; https://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; https://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; Enable strict encoding detection. +;mbstring.strict_detection = Off + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting must not be empty. +; https://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; https://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; https://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; https://php.net/exif.encode-jis +;exif.encode_jis = + +; https://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; https://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; https://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; https://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; https://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; https://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; https://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +;opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=128 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables read-only mode for the second level cache directory. +; It should improve performance for read-only containers, +; when the cache is pre-warmed and packaged alongside the application. +; Best used with `opcache.validate_timestamps=0`, `opcache.enable_file_override=1` +; and `opcache.file_cache_consistency_checks=0`. +; Note: A cache generated with a different build of PHP, a different file path, +; or different settings (including which extensions are loaded), may be ignored. +;opcache.file_cache_read_only=0 + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +;opcache.huge_code_pages=0 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +; The libctx is an OpenSSL library context. OpenSSL defines a default library +; context, but PHP OpenSSL also defines its own library context to avoid +; interference with other libraries using OpenSSL and to provide an independent +; context for each thread in ZTS. Possible values: +; "custom" - use a custom library context (default) +; "default" - use the default OpenSSL library context +;openssl.libctx=custom + +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= diff --git a/protected/docs/var/www/errors/error_images/404page.jpg b/protected/docs/var/www/errors/error_images/404page.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4d7fbe817f87d7dfb6bd08214e46e4ca20cd3964 GIT binary patch literal 37663 zcma%i1yq#Z7VkF!%+M|EFbo~iDLTZ!&_gPvAl(fLA_IbifPi#KNrOr&AVWx_w9=uV zfRut5C~wez+`HC&Z@pOy);DKP?6dd&?Kd2_M?uwbscI0Ar{mJk2~{{5VM1nATQ z?A&euAOK2iJ`VsVD-cmZtHzcLQMP|aQ@)nDf(`a{Fb>u?u?u#yQ?N%~ynr}=UGchy zw}*qjE#kU|yQiPxb!Fu5$rXvur_JY(h~HiO-IS3kr>i0^>){Y;UcL?p88LBDJ8@YF zgsilfgtWMVw1NmiQd~m(oP^{#aXC>5aYY$9MR5tlUmqlKHD7y2MI&{Mzt$ptQ%3%^ zsi2@Bu^=fiFJGr~5()|m=fow?NlJ~4 z8Evn51^6o?iIo1?f`|7%)BaCh{YOVVz5jPt506s@{GQg&-^k%#djIFdekM1(9nKj! z_<05R+Bp!r^PCR$R#fwKu=V%yHSzLt|C@_AXD@#*KW8s*gqpF8m;^%4*3QNAwB`2* zJv~J&Pd|TKPdf)Kb!8-R4lx%OdqoM1g1myXxV)5x0!BgtBO$LLCytSmkj03LE2v6{ zWBwki?qwI?;o#~2_gMRX$140^$DS&Khc|I$bq8OUKnHsbUoQ{D?@cSZ{0~~>rPSrc zB{33G7zx?`P0OFL_Wy&Hzs5@bU&o#!5_9fUwErRMznh5qbNcv?;u637qxue>M1A)q zD)z|^K>b@?0eb=wK%kR3AQB*jLZKv3QW6qUI4SXu0!B&-qo5=wrywV%q^11*p{1mz zp{1dwWME)qWMJT6XJ_X)`_BhNMn*6&lExUt{;Zj)5G zlsdb5b$kD!NM4z);)b`fbRgoaU{Vq|DJd8Pg`DyY455P-j?o*DFmX#5hCfm9kxVIK zkYZ%EO-8O7+jXj5^Bw0|A>G@LsFPOnL!Hb5ln@YcXAnBzBJf?!vSvA#C*s!URois` zbaVH`Hjgt&S1dXg?5sAPcEh^X2A#`XYYSKINu961c-V9T3@&{a_;w>9Z=0baaV+%x z4SR52z~ff`=DrSBj^3AFVkbRl+IB@!X*`=1?o|@|`mrm`@*6hLWc|8~FSGU#{2}`N z1aP3Xa|%)4l#N~tN;mzoFRE2Aaq+lvC&F-H&9QqDD7YTp_t|7Rt;;a!mgndw2@pJpe(*k5xN zaXEdn*QN@n)93n+t`|PH)s5Vrt687<*!(N*FY;MF%MJ191$2CRcCYBqI%1Qcb+2^w zg4dQOfZ*Q?84>rnBzm#Wl2g(0t=F;W=(=oBgZ{(W@T07?vafStYhFJYf74zedv{l9 z2*p2FGuUA|8Oo>-m2kQtiFK!R$Ly`^VdG1^5B^$+xS_n?8!|X1E`|ArNnYuf-D>jQ z>Xh>|So}rO*gdJXdf~$@-@X~IGOs9VTRS2@^$LlLXa8o%P}qmUVRtX*Je`Kv&q_lG ztm2mMqp5(ie@&`u^Xv1?`V)X{;L>LH={}#F@>ApH@TXCdFLN$eXMXoQos&qt+>kVp z`hpXnvE$w*an@buJdIJWtmo$R=+~BMx2np|F8pD0JaN|Z^*H5cv#A+%OMQp9-#jUH zzDMjEw^cJ1<}hje<8O^1BQ~Z0uPsp%oBzptsUa!7fM@4EHh%~+{fhxHH*(gJ)n8ja z_*ruT6h({wq4oUmr{M`p_k>wJm0z3xsNRyuSm?7^k1v)#&;Bj@;tP)794~IwOz}Q^ z9=i31riZgUME={Jv2+((5Gx1^__Gp`e;I2*l6it+KmVnIk+6mzHTYXOzZS3dTx6{R5 zJJl_H_y?qC{umAy%$NTHic`94{+!owY4NG@|5nowLs(-Oo9r|Zqe_0+&i?X`S3x694nm^{qa^{EVsY?Da zN9Y?FYlY-8P5mdpi+?%roM>b)U$$IMfV+R&4#Nhrti|8xF}(U8Hu3@yk|tlaLM}R- znu$MlPvX?_gl|tz{wGRkiHN3$6YZu@Xole_Bt?io*BIq;JhgEijl9GOE)j7?!G3Ca z!*1l8SB3;MF8r1Xvs{CIvGZA?RNzEK6=2XQzi?RoS5Gyfs>Z6+Hg$YGHGO|%qDDl& z49{Fm`J*WrqVf1`W~>X&k9_K%uy#LiIaSm@_KaseEFJl5D{Sqw+i&ZxSA4}qE^9BE_SQewNyD%bp3xAL(u?HENJCsf;0=7IeN)2}Bp&%A{cHvNEVvAEgycRJsOd zcQ@mLp@zYXII1rMc zN&1bc67Z(To~{wa(quI|4(Bs2a2eSB%lLqlRSTM6XRx6eh(ZjW?ND#3-nW8JZdk`# zMlMKOKc-5L#i02ZCxv#{ZO%mM;1oz0Z%3=lfkYzdQft^i@O`wp#SW9Ft>hWDLoYn1 z!zBUEO;jqYUWg5urSF<_*3IYgq;sf_w%KAoDE>Uys37@G5CJW`%Te)LY31}Ms%1S->3mXP^pay&um6h=P0J1k(6cpcm z-&U&x9GWsM57xnPILdOpfnOMk!C~DVCiqlCF_8*5dUERU9W69fT}V$9jB)(387NN? zfHR6Zv#c0XqPHA0%hNpZFMW^0M0WI7V zTfht?lL;XcGAE4yj|Oz=cKUu3h{A?Z00r~C2Br*TA@z{X04c@!-frPr*n_9zvfw)^ zEodHldjWK^y4KDdkY_IlfW5(Jj{}07IX8VBjNX2jNZH#3{Sdj_cf<|Q`%B{%DOaKpj7Ftl^Ji{KEZzcpTpj3w- zp`};!N03(_Ap1Y|=-7O-uvAP?Mgj7nW_ujFa}Bp+4S}i42ihjb#8vw;RRy>XMbb%# zt3Qkc%yU_(9!`-pB9L36R6L+94lwj9f`+7=BMuj9lk*%__!T=}ARO7uly}Krh0d!5 zmJHzO%Qe`|aI~^oj-Un#sb;R2^6I&ex%3?PjA<$ul^tIa#rlNbe;JU%rKj9CHnH;Q z0t8GQIn^3Tr|{o-hLF$AKj^`mD<2&m*_Ey=f%8uQ)?lOaFR!+W1{y_oj~5d0=yUe= zrJ#6TgZwL_80G@b7{0raew1_w2GvpHHit1rbC25!JHro5vX~Y~tmb&0aa7V@jurWF zjp8;3gHZ1C$7DA7U*V0l0;5zWAVEPEPdvMa8Vi_7EkV{Rml*$oR8{rs_?$@aw^&r> zP_=6tc#pbOfe3VL$zwdHTN@u7RguYQje{Wq&7cHb{ue;E6lDPx8!wKhieMTarU~d^ zEPYHCN&XP!8!jza2gvp-Sn&7JzsY5F?D$6LR37#tiF1g-J@Tm z8;_vnze5XZm@?*tjtTkT9lPU72Da#XN&wOPZM3vfl?os`!KRufpUc08zDOQ7lL|1P zFcIM{c>I`1l_G0|;uo}Lrz?KcVKc+XxC?xRT}7B%0o3$72C#HCdx~R-d@o2i2TOvJ zTcgVrod89G5l4B0bwM@^(g{_PFp9wz@){x_4lh0_sOZ*dqe;gKjk8M%BJCh|T=q-qO*3o8v6z6SKRd;}ML#Buv9I9M075~PBGf`rOvlhvqFlFGA8nc!-) z+zy|86!d7bK%+LKvjB4vniM@e7H9;>`Y|E!j_*oDlK zBKIsswveQ764}`uVH2*WnGu~{tx3`u~rld^0$8X1+>@f3N} z?hy*ItS6LUc*j`*7j9$0uKO5#x?0+cm$=m&Az`8^gByaQDFp?fBGK3ClT$x55-~rN z8Z}%{WCCXZqUz#6Bp5~;A$rie>rzIXQe(Qzpl5H~l54WkEhd^kbwi5>O|KQYNu#8+ zKK9bF+*OXoomuykK2Ei}^LFfvV+geUwuvhHISNT%kJMz_dgTbN7nLJQG-#&sad1(b znqvs$3#XdFdaa}Bq28GycBwZ)ftd|K*^!*lB$a|ODECVFM*Fgd(8Le;fvgx@+;)aN zD4BqTN0I}|TEH{9rPn02pNg|1UsQ>~#l;%v z)g1a$K?5g>P<9_c_10dm|^QU*0E18wiT z0cM>^-USaRmPGa#y7|k+42oKz@MQjlu-4U&uWX#u%H0z(&Y0q|0=kJ3ur8d8pm1;R zffws;nClZ+eD?9CN?uMP&lIcfml1BFOqyN9ELDGa+WH_IN$p1*lQJ{unAiAu9FQne zBy`$7jl4giU7bMLR3gKBi48ltf+d}vd`g~`EX~3~vXX?FGBsj6@WQi=E+^(&gh#8Q zc|08oD@*!y<7EkabHb_QxC#bILtx1FDLaz-Aa@!EG%rB8Az)e$v<=7uO`QoY7zboi z3tcFrIy`B~?l4A_oU3VLH21`_bS3!k*=Lb_l_hYo;noQyF=-bW!F%1Qqvzj&Z>R0XBZNNodD5Q8CyGjdfm^dlz&Mcl$E!Q8MIRQ z4qp$}I{^-vi}q>$INrQBuOX>|qU0E#57Z`)bgENeS>3DeYNp?xH*t-ft zrNG`hoj5vqQjbU<&hc0UEkU477W4)bXsjOtNNd^i@~C&E;2{t|khk2N(&lWWnj~+i ztJrQF(J$~1EQt8fQZ>b*0T3=W7mOCkDzTUFM4%d2dtj4;-E1a&|ZE1sMH^QPFf-hbz*L1Co1E<)9MZDRRG{@E(92!{k$O`;mMAJga zUglyV_w^Cha-3Hl!levYH#lzDt(v}17iyFAgkJcRN}=`gyqXA=Gf!*IbnX`~ad=bD zr%5cW{asL6*H``4Sl67=(HXe_8q^&;szV@K+Q08%mFXq35sCQ3;-Tl4_7W&8Lt^i2 z9bO%4xj7UBIPR|L_9UB*Vdj@XLHT2FkjShLhrlkR39_qe|R7?{nz#}B& z@4;7cwFl~JC!}yaD!DzbsTPCkA{G7aYG3L^|H5 zBZmpL)5%`(^wy+MjzFzCpM~o;0k?T)d%V8Z7bf8fTy)FD(=V8b1E;vW-z@Kv|2Ya^B@@U$H^3 zPHv7dR60oz7XuDy>Wu<55yH0=^P+uYxJeN(hX_&1(js6mVHY7pIw~;-v~g|VXtBAs zSPH0AnP4Px29tVSdQl_!ITJ$o~sF3 z3kbx~b*YrPD6a#|pXs%-bnDn9E)bKqb^35w+j}l}j=p|MMl#M#s$c{SEKOcVD(-$W z3+N+nqS)cRYS7HH5Cn40f!CxAi-qphKs~wb0rT%h;5y#Spct*&Ms62kD1&C{uM50A zPfHUlBoqRez@VijjQO-I&3F_TEy`cDhqh~LO9Mf0k6cPti$8dYgiUZ#zoId_Ti@5p zDM#~F`snM>cz)r!@6Q>xl;>O-C%}hBYMwpUo&Cs)&)Wrz^jX6_gLX0!!{YW5m9kZ; ztoL-8QbkkV;d~3b8pvAVOJ1tDDD4T4aFeUZkec)ScU~&9?78ojPRW<;v)zm}K zS`7*$Xi2s(s)k>3?!tlW>Y4F|Eh0&=LIhSu5^k`*YGx%tZ-l$3TxDasL}S`Js;*EB zc8=AN+6ru_7>GVcMR?gF%A7>mK>r$>h4VPZ!6fKv9=bly8-=L&@S;71v7{b_swse} zfrA@p>U`U~mBPBkbG1&dy=2@iypJbfy8X`YsXIBzs0Ti3EL=%F482Rc$m3oF;1MvI z{KJ~FZHU+tfC?GlG?YPWrQfo&YOsMkwf;8IBsLYt;enY@C4(z@l%s$$)0 zKKR${pIZ=^hoF_;GvMdA(rZk8%S-d0a+YN%c&QK$RD1IZ7K1r4pOjt&5lF#`xlI;1 zCM%q`%jb(PM;i4FfR z2eW|`fuho~bL?nnfQcbvFWnS*ljJF(eqQo9*}EjBJX=C}%*A@W%4{LyR$uD{63U4A4vr`(Q{MuZrCadfssd__ykh`q{>N~7xH;7X9-Ea-dmGs} zqd?%IE0mH1j7!1#l=Iq=^vNa95J*PpDpS^<7GBZ^TrmP6X007{N16E9z+{Cc5QGh>&MNSQ(VpCS_%}(ZS5=yleV<6(sa=cg-wsGn)fBo$-M^QKIYPm1U zJ*>It{14g){wrA)CeTOMCbbprh~zlbsyd}=U+3=wW!N8OLLY8Xy-ABXSN9r!S2D|+ zo?=hs(v#TK3TkJPo*$#k4Pp*Zd7IYzfo~$v@{LuJo2DA{5vA+>x4Ex;P>49nGHq>L+D;CoChhh*zG%n{!a8)}XdaLiQ*nt)2NQac_ZK4vug%gEj%% zARRxheQ6mFn_c`^nsQKt)~X&sHwg2R!857mk`&InJ!-z|mZ_gI#zj&FJ;ODReNm%a zdYNT*Z$5v1d+I~qrP;?D`=jMVn1KQOGTUhOPan+p^};jX-}iBb{q~8UQhkRHcCep- zrm5l7ZjyO2cd|>Leq@+;e|3Jn*u-8v-N5;=(X6?)RPh3P`kP|cP@y(vc6;~9Qw05i zQU8stjJd9sfzUg5J{;Z+?pD8TtrO1@WU8^6sVUXtySUS4H&(&6;ks_F2M+9Q(G*Fl z!bPUO*G7{tf|V^G_YC96fLfN^iySH$MECnBcFV*0phm3KyZXbJ(R)v@viof1nxUSu zUHzUIMalB9;^JLhM%f@Sw)XW}iK(@Z#;$ppmkPO-PxlDPyV3gXC6ⅆFzcMyj^Af zLB_?s`87UmL->WvF>Yx`RfrHny9HSaS zj7;jt{6EC*qD2b*?(_@YdjU8IXgg{%S&(drQ%bwvm*X5hV?`1=gMz3zJ_&{ zb@UQ#?%Aw@2O@_BCUfIqKbZ@AZc$k;ilrKRG~k|g7*+{RPrl$4j?$yb%X!sX#IJ%^DO@=C!9I#!ZZ+QaZ|e6l8>-la=I z%&Ej!JUeCc9@8M7`4S76NB(F~qG)avsxod6tR57OwB*wsTEWK-hAg=4DA}+<)rEl4 zVJHMa3*_iV8x(ni=}qE$=tM$kx!w!>Oy$qzvk9c9bek z&4|o2UK-diqg!OF2ywYg1=DmY?O>{I;k?iB8%!Mk0am&h`p45 zxoVJ(Hi?|qY2!dMuKkMH3QydA&4uJa_h_=fO3w@tI^#}929=M*3o*>-+pmR>%Sm6Ce7H+Z*%wd zeyZvH)H$4nTTVYpT8(&m1%La)!da4h-oV(6ymC(C=&gqDKRIh0bJy!{6pmOV6zq~} zDCz_upIs~8OtaUp!6Rf|-dZWP9Lm_iH~U|-u*C?vpQR0ZY+#}JqDN$VHvi2A??9cn zDV+Y1#)maSjskG~H{MRVpf6~tNeai0Z#?j6RdVMRJxax&zVfEBbJU4Xf@X~{BOSfN zUn{7ki|*-ByT$wr{q?2r1i1esVP0a^uDpK@Iih?a^>Fi2$64>+h6bVVKF9THC&5rz zy${ne;geVyGHwCgtiTv1NF>m+U5f!@Ir@|6m_KLeX^ctZo!^z~;sObn5q7yiC>GM~ zeGQ!WMt=rPZL5^V!1^N|w4kOKCA{w?P9fmTO#0J_fAj*P zTC@dIr2W7gv>0v0LCkbrt;Koe^u&|!v4^T-6Y`}<&|L@3K>w?nMPM2mKlp`4SejW` z6PUMFw?8r~qynU6H?T|nF;&NNpNTOEmvkwZPMcMPRB0wdoT?~=PwP$lW0njZKS5ZO z3T9JjwU~O#TU0e<2pJ7V7JoP=O8(8MQ080vrQ;t@CcJmU4Z`Bv1vk%0g-s}XT$C&M zFW2M|4K_flif<*_-j$q%GfW5Sdg2E>o#aargm~jI_D`^?CX}QyaFCzXr27+!*2Otm z3pU>*R44NG%`KA4(~d%#A*3U`AiiQ#6$BK>(gp};aBrW4Uf3bfmJ=cwq|*=#YAQn} znFvE(U{X#{45vhZU)o1&W1gn84s?YT>pJs1i$&HGs(ZemWo)T6p{8mRpfdoR&(>KrZUywgJD;I?bzYTdikXi1 zeR_f}kH&r0(yX~FV^t{_6?luTtD#L;#Y?l)RpP#1g4O3Og}LE?bdd?q%u=Q-t^)k$ zygvVn9p;^vbq?o4|YP-+$vyAkn2R}DG3^EjfzViIc> zlqDtD_NhZg{NXbL^rF|4FXu8nI6V;V%YBd1La zFXgi2TUIz|F7?nVuBG1`qT&pACpl-JGtbi}5wtKS6G$yI-TrVGCnv ztam*VL(V2azrba~>Zd!59HEmvK>J@&UAyYov?yBR^lF~sVbgL{0=HD&4&xi1ux?*V ziCv+sPr?BS1cb!(2Ml9-BP82_b?>7~AJ4xER01IMy7+i8t2n{zvPzO!x2|9LQ_B>X zX_=MMVsVrBid;K7dmNgU<7gy&X@%hgpxd=fkYm{_Yv(OgE&wtoV=I{wVA{;B=!I5$ z6HtmUH^%4z6wKY_iZ+$!F9P8cDOCBzqy3>O2zoFpJ_>h$h6?Cnz=Kudt;;N8&eDvA zg6FjG=qE2tx$8>-e>A^12{1v)K!Qgn!J&vl-K3ATUr9A=#!?NnCmQ_GC^R&wKo=UV zO~63z>Y%lG<=#F6C9R~j#O^-m1IcLMb@x$$Sp;-d&La9uyWtqfI9x?q+IM$}_)s#y z$cVh71vOcnK!&<72~ScQ#`;NTTSXR?Zo<)aSB9hX-518w()-K1+n&a?)PVHk0ti7% zA`Cm-=m%q)C&2rK#0SyGY$3-EdCFQhGL47yT(~u(OAK2!Mb%=C*;?Cdg}j9o>edg@ zoGXgc?R3Ku_H$4?G?u=rHDX(w)m_t;Z*my^@yeUHf#yZv=iadlUwR;jr8C$}* zICIm}{y~%#=mk<}%b@_wR_@qHN{ocxQplS(O0teUWQ!OU1__uPpF0mqSnFhrIsdLJ=te#FjW~|O95BjGaEbs zSYQ)-v+Gr#rCv**6ifVxSOi0&T(eIAuW9!$HCl#0-L|mAi#NnnFRl)&#av!=9rlUS zEm^v&Ph=yG=h2ykz~fg4E&@-*N`tNAg(-KsBVr6Yc04haT(UAt_dR6i`IjlnGLMUM zEfZ{s=lsZ#`7?W3&fF7&vd6@0CJ_pId2z`t(6e;-Lj^lC|F+KVU2uXNrjA5%eursO zDEZ*s)=aDJ&*wrPeO?nMM#!H4avM?kuB*E0cC~d|lqZ0eOJacWnq!G?n?~+AlY5-x z={JiJ$@^5TDGDZTI|;YymL@%(ddvlgo#%Xzveelm+or_ZtQ0^jnOF-cBGCK_)h;3Z zZWeGqVu7rJkAdf&Uzk*DX5+HC4+p!(2~gRTFEeKOa^W_am7l`#`}Qi>ft|ME63x%s zdOwXXF3^q59@q_6y%i@S_Q#0-zPxIxfeXT)!sp>zPLrdO25FLpdL_k-;SMs<7;Sz{f#NMFXHQN6!!(^>n7J&8*N= z0N{Q&*+(9-2k*L}os48|oYe)pcwQorF~@pU1BRwr0g(98Fbs<=A2(1}Q0Ut-$wn*j0pB!d-{lf}l-hF!@T0d6HG+1^ERkF$ z^H1V88xaOcf`Ev-7vj52@R%MfxC6CwEKZd-wvdJ3d<+IgF-o;Fg8BfJ??8zV-^&L4 zjaY;t`lV$Mzb=?cd3huIc^xgisNRdA)Vw<&Ju78)RG@YQ;O56o9+tN;1I&-tXK|nL z6b9BC=%r+qBFXgMaT)zwvTf6`cvWldH9Ut5eB<*=s{O-<>w!AgWH%4WRGS56%kkZ- z$Cj9`>jB%h8o!B{lN)*Z#b-~)TfODx3i6!r%&M#{=dg_R5p`l&4U*4qI6hoSAIWYS zDF~@{(fd4Wmpbey)M_?aZ2xKQ1o$qOoS46Iaa&sRb=R$PKGemW$QU95R)Pzj{j^Jp zn%V?$d$)b~1I-w~o{ovs&aj=QKhV>viIpJlr=DTp(qrUl<8$=((Vzx%#jiJ)iqE2n zzS?a)pie3B!!~_F^FzNVVc*rTK%NJ08NP1Zd%{+wS}%nj7KgJ%K`CLK))r=9vnyLc z+255*6vWNax^G%I!Fz)ES`-SqY@$e&oT0?r(sxPRJR`eS8fcbo5~JGu5&z%^-N?Q( z(SG=ff3wT*+RyX5{4m?n`KR6({vs+2wla72!asEt&lh(ULqwi9gs0au$iy=Onx=XZ zy0)A+epWCf=Uddsg_*$jz-ZeKCF(2uq0!Sad!V!5C%(4YY4&{X_@x+f$YbC}kCrJA z(8AfWsm%MIeZ0|8>GY#WN#{!ZjkKGNL{paktxn?>ZO0J{B&ub6|96Oce!wW)x&HDP z`Dl7l-upEDOwt&WtnnzPof*&>Qf{a_$}{~9*rwKopD&mB`U@3)5;2%yJeUazzHexh z1Rxw)L>|-9K>@~LBsh=-WSw&hR$?##49_!P7TFN300D1B#)m`AKjIzQmyL|em6Kq4 z6CZjK%K>TTRE;#%#Wn!2BkU~EYV7PF7Il*39K`V*Lhx6?1CPbr(;AjkAPC9v} z+dQ~3JD%}i2cKlaAJpIDiH8f7*2-9f120uo_)G`+G`-XzerS4njPM(8ydI8`b!8$7 z!JFcWT5dGiprsS_bjUMFQGP=(Xxqf$1=N3dV*wczEve;Hu*LwBZXE8d`Vt69J_1WQ zxE)ElwDw-?%_>{jK9#|(muVvdE=yvo^zgGO!fm}1cO0%gYbvWui^e6!szW^&nq4P$ z7OpqD>YIF}hidmZUfXu~N~xiE<-WLm`=8i?58EclpSOEpriN!;|^S zNqPISX7Sl?apy}LP^D}IPrdKqJ@PGSeuciQkmV{lXp+6jzj{Rd;4d`J7HD)_zWuB8 z=fzt8$BD8hKu^`H3j!52-~a}y!X+;4Z7Y_By->JUrT>>0Z9Wyw#H%Y4Kc6g1@w_1( zfk=F2O5_-SJq#(R8}&8}{B|JXmwR=!?+fvE2ipt@omqW3pA4GHg&Z8=m_%yTKhA3q zWKZVxt)aosFp@t(d?P0rHYT-Uek)$MT}hKz)fdp2m-^G73zD@~e|E4%u_l`g#7 zKS?UtAM{GwY$bTnz6_}hbUAphs!%U#SvOo`7?+izU4hz8be7_U9z~a`l5Zbh{6Zyn zsCxqVYr43N-4lN6w$k`X@)eHVm)$#nt< zrt(hN1A@Br8k9WCqm~`PD{06`85~G3yJ8OmwzZ7?p}AH-?M>llU_nH1vdICCaAAW4 zT#ycc9pVei6F+5X(8%1vB#f zV=9?^?SA;-Yxw6+%$Gq&u(+o+JCO)DbNN@|i9Gg-coNcWx+O3%WcCqils)eF{NPjK|0UcKXzHWU`gXv;Y1I*04PMaBH)a=M%Mt| zN+-bzdQ)~YP;;A#b^))`<7u!uNqM1~g@+Y_ZqP*{wkU51#DiGICEaH-!Q0W>n>>V( zwieXhTXTj)ZyB@KDAyz$ksY{xPFg7TE`kiM>w~YaM>=1vyp^N-UaYW*!1orzqV-K! zs_DYbk$WNfFXhp%pKrAUM@}yQIMODW*xv4>--#rB zd$<3fxAZxKo~iD(0e1ZB5=~?G*WO3bmVUKTx|ip7Fbdms>u3A0vZ21r+|OzZaBQK$WJ;QxZ5WEs@|{jD}PyU5|&v zo%)~8oWsBDoFfM3{B?N_k2s035*x?I6X2&w*!Dgrxf}scUZ}+Z$4_{E^C;^mZ>^l% zr+D2cH-9yFD|^aE`XNLeKf{)jD6RJV1PzKQ@fhZ;9LyHG@-w>HIQV8T z$()UoQCWA+v0@2PKp@&3MxA5A_`kP{l6$Fx(lI}Amn6Jx7lSUv#AorOW4giI8 zRjNGd?tm5Xc>v_e`_<2E@OKkfRRB2hP^6haCIK+%>Ms^00iv@dIGa{tfvJYSx)8b& zgJ%TZ`2dX4GtU4N*H-pjWG0Cf0{q%GVomQ8UR|2cv;xh4E)HA-@)1QSIT8&#8-Zz{R0a@QY|;82H9#uJ0inSNdE!vp}M#Y zsw_wo^j@$V6JW6-Ow@UiUc!_)OZ8{{10ze~#q*!{-I4QkIafDl{SkV4L!M zWpCqQIwpZ=$ZJ}EFJXqGThAVfH5h!Y+Uq3-2H$0F^n32N82&yQ`0JmqzNg?wo8|X8 z{-BT3c4@0uxoUS|>_@20^PW}{de-jkiJLcgM%BIKJ+9B(dmQrQG|!v7**}((tE5%s zY+Tl!`~z}MhX1(fu}0P1x!!rxnF~CsAed?#zgC}ofuu{!7Jhg+TXR#sH;#~FeIu%m zqedt=N%Of`LRD(ttm1K?z-j84y(I%a0WvRfwa*2Q$fO&5B56DUCUyNXw)*7GE*R`_ z3Mmp(t<%8s&p);YS%o(|9(*$k{mix_xEHd*JDh}t$Ow)-Q%IVJv+5aT9um}qW1!?V zp*t-AS^E9(%sD;c1wpEZ8Z2VO6u*sp6p2a)T)~sOUdP^apc2zd5D^R-lzwfEC{Czn1ry&JB`%hp50nx3+_cufgg8ni188jVlUA;lqt!q&9r;om8;@ ztT&SuzY#%Y@HKs%4^Edv?3Ssq6q+)kgyf7tK&6&6VVJY*rU}lH*SkiFq-5hYDEfK| zZlu?P=kaS|YSl6&6l&baY`icBS~{*reRC+}XSb+40j?5Nlk>M~`X8RjTG~i&{oXDb z_UPY$u6pF>s@iBuCcnBLrFpz+eUdclS|KCaVa`R&WjGGU%V3`TnFf>tftrvpY%?AsQI8s=!U-Ty%_tSY z+8}az4hDufV1Aa7&m`Mj8|`UzZ@7&iVnfF4Yr>Iv=vLvdo5#X49L-mcV2!0a>ov2b z*DAWpw%G+fpS?dKlMy!Py8qL}{b}0iTRlBA65q~GnERgq+X2^qRdNjW5?_dFxz~2f zfEYRX9oJUTOsQpECcfkpuem5EU|Zc1Ed8vS_@0Zy>6y?k-2edaP!I1fH&#+M;3Qe^`zD~lD|A~eY-vH(i}LEJC`6O zDk`A5BhhE7J0ZpJnp~woljdd6ed&Z#l76^0fYohrw8%+VDr>n-b_BA%lbYQ+~%yWgk}lv~c_wEVVQB z5&R+hcauu!vTxbfss`elGbXre4~j+ta(prEPa4m*TFsqs#TstqiXaOxc?3xj9w~lib&$jn6Zu-hWQ7 zwd~63_4%0UVnb_jzrecda&J86OcYMVNRLKw(xuvd@Up_|AH&l)? zp|}@5;0^rHs&bKO)No?hO1#&78yJLM*<3Z#bO-w<^;31*q`v`uz@qq&<#!{{CfXI* z^h^!{T6|}0UW1cvpHDbVY!i8Z@puG1PpYNlf!oah^5Vp@(3TYK!!$pp;&bBGu z5h-3=Y!Qa@Xo!}5EkB0*dT`0F#f{#-eV#w@_;KLKq1NJhuxZ)Bm!|H2imV#Tl3i$! zVBE0nX~deMLhgoHnggZJ_s5jzCichm+aU0pD=|x#DbpiSWZIfy3^7&NaNjsqMzv-e z{C%B_Ha^EVhds17=o)|pAy{#5)6BHhBMVrEt+bL#(t;fTZrocr1=@fb8x%W^Nfpv& ziv>t4SsT8W*LTA}K5C=FRyL@~Y^0tZmj5PWHaMrDl5v$916iCn!;I)Eh6=oFQWD-wI z8BX2Uz|S1F!uy8HmM<>3r~FCrGB^>Z9_j9;$L;Fr>U#}K8C%vI*1r!LZ>sjg2FdTK z->8~eyMT}nV}0V&LviVr>&7pNcQl4-XRoLpwYD<6%MYL8sUfN(EnAtaZ}H(H#chaY z1LOX-PDgs;*)IJzlRlJ@^T+H0`KN@y3Y-FM%ydhtreKY-PZ&NZf#F6Z=IU1leEl~_X%n{oNJ?Zf6~ zV|w;m_awn?dG%70sDXzyB#*~}jYSn6;GSrz;tabjC@s|m^v8g*7%vwxM`+9%!(c6> z_e~K@TQPJhTLB()sw&8azJ-Z8NS*UV+ldpv;cAK%|s$)%3Bzl9)&>vN~zO#?&ejjrw1K zMvB~xWkMpF+#Ob_WltN2ZsJC($FYPsxvRy@_`#^~vq^$>T09 z;iJX`!Q`|-c9A3ogKUM2sTOS7;0(Gni*Nykz}XiXGT+-ADi|M>)k2uxmSy5li9qG> zPK0;>Ig3*JiqyD7m%#3#d043h-IMIc?QD06<;}kfE5)D1&!q>iG%aQXZTu4*dQ&)1 z#-Izb4g85dxCuSTm{nAxQed(mK-sFRJfWTf7Ou0VV@i5Km24G^CkBVy4~+vSXOTkF zX}o2wRW>4ILNYA}VCqABiqqABWHMK($B?wb2A+4@D)p71?=ulvJyj}c-dp&~5R+N~ z*H$OsGr~~P)&8Lkduo$Yn`$=k26jI@r8I;-Bv2jKRqp6r`z>UY9*6*h(6frms5KKZ z*JFw)5CUyId3+7DCM6K(qEI*od{CdbnDNXChr&sB*q1aOO1Y?1=V>(;L2neQ3FLWx=e-F*9p}o%#Oly>`x}Gdd3&9XB0b z_Tr80i)}ToEHETU(D8^VhZAwYbz^OZ^u0o#n*GyvPx}yAK1K#w_ws$yOMS9!{9d{~ zaqJU!t-jne7g$4ai?ay;E6!n)-s^z3&lPLWW*;@!UPu%8@^<&%D3PNh>w3p-zSxiH+-IW5nekkXOYg;~ zDpjev6s~Y*9W^T|vjum=SD#-UC<@REwp%vA`jFG7r1_)}FfXVa1u50DVeqlwdeIiW#0nbqqkg#8RFDjSh^Bz(pxNPE|>rB4M+qqB{d;5#~N2qgg8V zU^{yOdpLs>Qk#?y2M2tz(yTjfLOXqeI;Af|$D&+odp?$6SQA|%au~4$-O5O^Lgq$V z60NMt@3LNa4{EbDN%qM>u&quSoq?&WCl;s(Ag3hWyCrBbwv6!=GUo&%DjLh7Jt+Z_ zcpG|v2^A87mT-s1ft_dr#56L*F4G^@8s$GtEWUG-Wp|(J!2M6I0~&r>4H{uveK2Nl zDB7#w$-n=;wbS<9o%LN09M6^N#WRm4_kLQ+n9 zbI|oAZ&1C~@uixcF1BomNl%SM|B#M?)7oud!9J^xkQ#(P+ThK%GsJon~my<6G#pYw5uP`YzNY zmlot<8BFH>-L!aaMLN)|18Dn`9eSOe|EnBuv0vixN*I^YF}*dHV(MS%TXW{tm(WNp z8ChcfwkW(8vg{WP*3DR1y1cF`+a<(SP^J#W0zv`6nL1EVT~;cgUu)EyLnkmbT#;+}(BX0Rmxg3GVJ1Ah-q#5+r!A!QI^l zcMHKGc!1y%B)AhCl6R#2|)m5zS>ie$N5Pm0uP=b(w^j0l(84xw* z)gfxhs-=OE1Y$;<1E3^Os1b0is272wLpW?DmCzSG@JSU)nIH!W0OaH{40>%VgtIWv z4%=KULYrVnDbu&`*C24aLJ@&a7qrLd z^$gLB`XE#w*lDJbf@Hx0{QjW{eK+l+<6*CDZ%*0Mu74=1K4ZBMkLZ!FGE5!H=NqC(UTA7e@oRdzSfyOj$0E&MpjmeEf>d>kRTB z7vS+`bSFxBtXz^d{lZT#?Q1DrFc4I|LRv6s7F_h5-O5}k(=qo=i1)%BvriW7oP$)0 z{F%D_8+yhsjo1$AE~Y;A)i3wh{A%!;9A0ld*FB+|6h)Go$||ZDW+9W=0m1+CzLJl< zsHGC?sI+d&*PGpIKMO~8JBi0!&i4An+H1dNnmQdy z)c;9_I6i62M-p!isoCy9{fsICN@`;A$`27rM3_bDpHx)+PKBgiCEJIsm+OkQO9w#a z&n!DYOG`_VhdGLk_R5)!|0rY%>YaI4CKrS3^^hi6mG@;Vfv#M?=1vSg}v#v8b5h zjLn*lva=wDeFQQVCdY)9udqx62YZac0~~BU0>hV@ru5W0!qt~)Ey?&8Zm6!tj%Ur)45?vLS5m?lZ8bhZ;>>b^u5>$bQalz;iLbk%3`Vxr&mXsE4409l8@ul~BNpM%gcOY{M43Cab zl#2jE0*MHAMvWOmwC*y<;aIOx6|_$3Ai4Qk0#hS?%P);mi>!VWt4YwgUz5M2kNNO4 z3C#iUJ}xZ$TL$9`qg0^a>D>$d@@B>q*Qx@ zG3Zg5FAFX=PtE0-sI%UE*w+=TzIgH9!=JWjbzez6d+G{{M}?^EiCJ+|$)2j;8+jf- zw2yhG{yN34=!<_J<>q&yye6&biYEztK!%W9MP613c-3~65A^myCq-M?LnYiYy_mdm zEcg4gFx)6f>H!2mVlD;bRLL|R5o>@I_mIX5fTT$%?Ff*nTb5aL9S=cZfq*Z+%L6a> zs9eG%QAUGvhn0YifStr3Iu#q|+i7$Q9i?8%dnH`U^u zpc)i2Z0*@3F7#e{#1}H926Ps3+-LwiJXbm*dUfKA69XjeZr!Z%As{O6W6vn4NJWA^ zrk6Og0HPs8(N)Syzu?b>hn<9^M2v2d(M#yjrx?H{ArpjDB9VmCjuz8Phty2L^0t5& z9i*a5S_EKI2?=6EIf1_errOe7mGZx@2>pggA7)i`*{gM7^aDlOoEyI1j=Nxv)KgR( zMZ%Bw5Vo-*C&kOVheGN?m_u0!bQAi~`n<=a<-QrSS;Rf!KFN z`J4D6ctm4EcQtKPkw=r({Dx*$i%NcTetidBJ7@(7F|%*#K^lumaF48M2~$mHVxNe( zcV`~Y%BTQT!0QRB&UW%(d1m{yJM6z3mKu92kaftZmV!ZRXe@4~%)#Mhh|TlJ^)lPtXZ6qhqJHQn;3Q zRqmxBIe>;vjFh0sj;spX7MR32K>7AAXhqd6l9>!0$@A$e0i6y4(Tijcq%6GMjbewQ zJ}nR(qZ)#A=e5k+1ppmIp+5Bt(h4}4_#nuKz>goJSCPbCyzesxqH*praX&CT>I;Wf zJ#LYd<0_Uk-FTC|0ZI^_=!g|CO_|{%;o<>M&P_wJjnq_j%Jb~a}UB#XPXfoQ!%^VA^?>L zGk$C4OyS|Vfsz%o=yKrvG)G+$C`*g3MN!kM7Qs{AIxA$maLcanzR!r{o5EH^Me$J} zhzk-Z?n)(z&|}d`$I_HsQU{&6I+o2A$=pT23guKz#H5rY6~N2aWkT0v&bAee6iuQU;Y zISfO(b1Oon2onH^($l@iLXLG%#$OsbL1IQZ0cf8!8lO{D3t}$;4%y%a8DkznEdGINR-B)Xk^nrJr1nHW&T^)6 z_0$qtRzceCFj-`(YHs6k2)*Pvq3Kc)Q;n=iqga$0!b_x-WqR!oNXn{Ss^i&V4&2Y{r!)gO`G=wqlN6$L@ac2YsmU)Fu)7RYe0X+anWPhhMm2r2+6 zPRH0XKw~mutuOn6BJ*+Yo0LRu_ zpyBpwdud(5d?&LQ!DDoPBgs7j1xiZ;#U1|n$BL|mY6ZB#))3Iin`45n>^bKY&LUoVDX{B~ zAV>1N_*6Nj5);Ly)`xG%VHqR|vI6Jg>23FQN|MU#`VON?PDhc`@iiHR_NUJYEl#<0T zBw6F&Z^zY8SzOi$G{N#RkUPD(UbZc;^k)y=;$eGfL;1J$rniSn#;Y!VlFU2b60j|+ zHVqy1Urfxa@~JJR(SJxd?K$>Q*5|%a_0ZNioi>(vV0EnB$$9$+u;^f9`=}3#-<3Q6 z@zz=MXrOR+*=4SHzFh0g=ldxw(a(=j0iMTnE$?L>C@E8X>))NU9nKsL7yo(~mZIID zNU~G-bQL{&@F6yKOw>Tg>-F`)jitt~yWuR-yYLdI+Raen;q}1ZlKaLRzn9BbQAC_i z@#>aGIw&P6nRW!1nqTn?fN#wHX*E_(aG#Rr_Ll+x?=#21MdZK4YX1HM*a`b07+z)- z`g2mIduJwE)M=eNn}kq*$P4>!FMf_g0fDy8?nqsC!8zTsiH zJ|8Ik`tRY`a=DGsFu-^)e=ZW8WR-0F|2lO}Jw_OL1l8X^ds|+Eo7m7HUxms!9*|2@ z?SQ?rW*6m#tqEpyG3Hh+gv+Icj}l(``>#^kp8J!Y2M#5G`hG3lo81>;a>Khc)l^*^ zj~>1a73(AIU&Vi=mF$*Jo5(QS|F=&)f2p`copvWu{hV5>)p5s|xWE42f)&^N;)BE= zs5Qq(e=ZVZ`~hIlGFZNg*TXSM|0OJH@J&A6?bG@OQzdhLeuubtU$~U|L#=)T+OxA8w@Za#``;9f9}bDrzj9^7_riKe*jb(CW9?( zau(^exc*E3o!)+YoppwpCgLRjM{}L3tk(f_HeSO1amMGyg!nF#UmZo+{ID(|6h}8g?($spIBt>lJ3OS z?Wg^qN!z`pc`O#_}?9c>EtxQrDPWIBG~%K(jFo4ToSDAp${DDk;u1E^npRa_z>r z8R?@Yy{}meOFHkaD`OOHXf1f49sO)gw@z}fNRs+|T>W}gmhqum>*V>@`u_#~OP(j- z{E(Z*H`%k}H@8KXf9G8y7UT$pyjYGUv=Mx|9Iv-psX&vE0f*=gyhX7tYsb@SB-`q; zhA*Mz+>vlc*+OZ3>Fdk^dxp=YcW9Vd;0WZ(tPD)xSgD;Yy%t7&nSB@^8a`L41+cL2 z3z522zXXI^@?B`GtQonGahZ&T0352yoKDOv3x|r&0X8_T+$^PQadik{Pst-=DkC!w zkE~^6rqyNm{N-Oc@Gd$VbPp&ybEUO=H=kO0khBvEutF<4V$`pH+iKeWZc`nzfI08L z(R=E9^5vMXBnTf1Tzzou<}zM5i~*vY7C)A9KI zg+rkC;^)3G?0GyjKP@t`d&@`N&Dnm0b|~I9iJBDc%X3R*F?HQgydI6h&szwUQ8Jj{ zBX-~F?Q7i?YMiz={+<5B*`2Yn-?fIy#CFzX#!&XSf#y8;3xDNqjfIu5#w{QC$|pU1 zp?Bq^M?(o152$=L7}?NX#m&yx?a_)i%5~wq$zE^~o_}&~^Ieu-^;7Wn>POQg7lS!K zi^+1#4IINHfDnX|F|5!WghY84CV^gNWM)Sw#dQXX1UOj|q8+aTSP#7)KriSACZM~? zwIgdlmO#i!LK-QoZ~`~-iU~=Z&Rv_L#qR!!d56bqb00^t%)FC=0>DJSEei2kSq^_0 z15I4sJQ`*cha&5;Adk^HP3=wgO16>h`rKi!z*$S_L@QJ`dTn z{_37iLBgzV%`={jRl+O*EXuk;0w)zAlx zzOvjXZw7YKowJ^XQ;l#urucq4_Q68xw9~(G71?1~0$^dxg;-~lZv`o7LW%)AK=xI@ zPrz4)CAUIwmAdFG1j}jHzXBV$2qLwqT`$`zPs7otJOZ%3n3Un zVN{VtGO|%axqPykgw$G?imqu|Rw|>REKOxUZI`YWnx(@?pLi%OhlFD~K0#6gc{Q~X z$87{T*T-P10~BSxpTCR5PX;df@2*s>4meci%eQ_w3EtbY4>;TqYiPRB+^0f({FVRU z{p;mZ-t?a8X9uC-4-hU|F@4)>za8)&KwaRQrib{_KLGdT=h3!Fgl+Y+86o7JKY)kf zH)_A(-VH6C~sepgh%(koZX+}ug=N%K$U<4qbsWGqntm)a{qF)e;ha) z6?xleG9Y`!#oj+_zPB33$IW#$o!wG7XI#^!Cd*+p|D_!5uo2d8y=dYSZPT@pH}F3V zhl<|mh`g5{zQ=bJN`p#VPl2PXDnEvwwbP@RO?gV57X;Bdm825`HGsNY=#p|VGEt|? zz}KPCiA5e9hMTTIH3z#IHX0sk2-zQl*8216hmh%uqANr`f{FQ#))lZEYXgkHgY?L& zf($svMrW5`nTh%m6yiI)LuBv5oC|`x?c&cqHu~eL`00B$I_3LkBbo!Bk^frIXVBQ- zy=q#h{_Ud7_-1b9pQEQf?O-^f7wpCcLC|F!;Tk$HbO_QB)U(`H7&7GV&DArv!q7Gg z8Z~2Nmlz~@CJJdJQ&lvgQ_(L%7!Hwjlhy&U09`AMHs8}{N@@W&5nwwsWEV=hTj1IrJRJG%GYH6)OSas(1yUSfg@>+Yzz|XOzb3L6riu?6m9Jh+Y1*7~@ z_s5m==!7IPse==N!gA{m`Ee9KE%yThKx>3UQ7WL9b#F=KFb3(Js1CBdRFUbkq;$W6 zfEY3h&wVkuoahCjh6b2t#L8z(nPk&Z2`s|Tgyl0%?ni|zn!3yAOu_a=z{+pw$ZzGy zmkgkYAop7TL-F#_%B$w~y`R%aUzABM2p9>_TtR1$eZQHsrdSy@t^LfdexmfMGjUW7+4WzDDG1B^(&Sf;#dNHX*AsKHRBIp438A1- z=W@li1#DZ&R=wzgC%;|lG23r>H{Z9`)f!Vu)}=#rrWTK>loLJ0Sr`Rm5wp!A%tL^xH-Oe z9_qBHsf@}TDYnI#e?^#*J1FQs#Xi{5>Mf7je2#YPDeJx_Ufej$UMuJv{q972X4luI z{p0Iejv1A;4)Jjs^;ZuhmjSBQaRk31{obj0eEl`;ujd_jPu)2U+)KWbjL%Fu#^Nk# z`ZBxbMVY5>zt$IBAG28>J&HQY=WQuc&MI;mRtS%#smb=ZdavQ}d}@BXrU1{oV#8*G z-TWqXRjT!sJ599WAAngA+t~D-_V&o$8Ro$EqB(bcptC9B5UOu4n@3g=kJ!L$D2el0 zG>5*Z_QLhnGHknYeB-{^=Y8dsZVdBq?B;~vurh^f2 zmnSx#9MqJXoY(4s#=m6qDEmF^_+BZ))7;{W(^!#V5ZvXDB5uYjr(2}YXHU=ASmZEw zrFv?szxf?6wNG!~vcUOfx0bJLN8jV*lJnrSbuVATfbGfa4CmgNl}z^jY8W>wkDXT+ z-xrQ{@GW!A^4k;6OHauXC6`$5-Lj0FxoC zytvxYt4~R2ZcZ4*iO6gMa+-plzvP&flWYojyI^lobjuai1(LKr-Cj>jnXamMN$iim z^v-SgXdDGIzcQE{T1}n77eCI330Ul^yjs*OvW`{9-w~$9MgO+cR55o+IpzNP{SbLr zm)D#~&R3$bC>r;SxT*9$bqeTZ8I&Ei%LCyZNydFKt%u7VdlgU~Zs&BV%HO0q)UJ9Q zKF-%EPs-P(`9Y)xB)r-H81^uMcD|~sVjpDfGM?d`m;Dms<#2KuH@Eq!xN1A=_2X0e ziR%V_8C~0bc*EX$!oK=|1%l}xz-BxY?)CZtgWx6|O?mhN3bc-}-MIfaE5Mr@OlS^AwcXh-pORqY!l z6Z>TcK_IuISTVUIR$1_sQNe_;fqV(K=|YD{q2xv-d2bd;3j|Jt(^Vt}5TwcUgE4h} z^qL#F1fjF0sAUs)E1U;4P7XN#e92(4m6jH9m!)O56&d4L?vNR`Knh+dvme1S5edHR zrX`-`yZ!C_6T!H?361Mbl4a<$m1Bb*;T(-(fXkq_r;o!$UY0E^@aNd|yIneb7M^y- z4;=5hg6Lov@BsXZqnWOl)#mq=+!tRF0UwZ8R z!wPU!<^)(5>#0^!+EaCrSSM{qdZk=T8me&UAf+Ib6?)xjfkrK}wrjnt3NjP&@O1l5 zaX3+&&thu#wldcYTZdg8U1DuP z6`^U!h0R5->1!99CLa^)lB$045CJpGwyn(bjAHWmA!`5lulMr!4^`e1=DMQ(@r=zZ zKC7!CocN7SQ3WU;1w-60tN~N=l)C;$5|UG56^yaPn?W*n@4jZ@&$ZICzLydq;;Dti z#ON2;Jtu%=cBV9=-Bgm>-If~mUsxYsNcblmYDu)qE$`Zw{J)ifGaUv+s90Vw&9vV5 zZXs%3JHN3fHm8UZ+0X8Sal_%j$8_P_Qr<^1HX z_MWk^p?CYR;LS%U%fq*R6uCj!QU)ABLSk8!I*x+ew$Rc7 zCK{>XmBr_NDw?m(%_@uR&$4jHTR!*8k&nB2kG3tGhd=OOv+#L1?)dtyW##zp!|U_b z?UC+S8@*Kw4C|A4VXvdZ5!3-&j;wAOpsjL3zuoeoF7c)CNW(?B zoySYB%xMASF4M0&snf3dyco$JEnR4bRvzAYtVNS&M6J|0e9o)3wJ!geTg&2-)4tjs zZE{+>VCtUpm~Fk^Hx|gyKc4R4yA-+XbZ=|BhJ846|*rwwt`cvrb>8}hJhuoy5j*6vCnM~9_#$uwa=^Rh_XkiTz79v}gMHSbCR)7>gmJ*r_Pb}S zPOaYIY4TviF3h9rH)@-aX2~QcML-6xNI4xg*!!G{j*K)P*L8!!< zB}}B#s$gA{M(>w!RxP>sDSUr>@*CX;9(~juTQL5)Ww<+ucv_!{=(>gra&m3`>Pu%M zPHgJ2IYWDv|FWm}d4L6i>UH5+p z1ZS-9yTm#W~_g>k?y{i&E9$Kda|KvJyP>C5-9>x@et2UFvl6Aohv*g@l z+OFIyOb0Q8p^@)`B(6P%bZ!as?I1E`MIPF$nG%xKb~>(_N7tu8t&?rWpI3ncd?P3= zQ$kYhC2RI%i^lLItPf&B=`s%Xy^Ry4UzM)`Vm4fqFKfPdGX`TE}84^-ftVkd!HG+PCTP4Ri;~ssa z4O4HCO=8K!BYz*_(@wz$kxe#VfKm`Tae@l`7<>6B37*fVTZ8Nz!Kx%)DOiw!=17GA z2U7@?iy)!t_7E&jr&Y?*ny3lAI4RT!Vbu5-)ZczY%J`!o!E132>3t7J&zvgSvWxB? zfbfauE0IlYIEi+rl9q?`Y}z>W;=1SO|G}(Pg}H(lv2~OT=4RmE+t+BiNR=39OI3JQ ztFHE1`0b;%&^|*I&;-bpP(=Xh(WlQxqkxQ1azu}5;EvFYkxk6sYXoptPV)p|+!BRU zVe_>h&1lXOa66`Je7XQ5g zUq13p;=soE$fnD%e01aE7$*>XIVnJTD_I?o&~bYrw*L`x+?YZ+i^{LeBgR>~g-lH4 z*2rZg+xz6y$9KbIysqor?&=rkH6Q=pc|?&Z%T!@=SwT5mSe8XbWIX*OGwe2A+fmni zH~sqD`bl5b=vGju1l$`rW=SFdh8|`)9A)&s)~n0)an$#J{AJ5}cz&53A-Y%Xdx3Cii!sPeolkGQxWcN)}<zx2wRz(N@{zDO4me_r& z@p0{rmyo#PfKY^%v)gZ`I*LC43%Y7y6XI-~7N+zw7dmY5#H-=!{A`C${2 zUY5UfG@Dwwb*6accD>gqvrp~Y-<$-fry9Rah{?J&f-BQH}~2(!!0bR_eWAeD zevw9VJi3)$d8ai3QLd{_ZR^hJc)PfhDQvAKn)_Z+Fs_K9ywT?&d^r(F3!%6(jeNAj zSL@c-;2LtBsl3y~967uv>w5pD#hzrBtDz^3`NPTM_ss&vcYG`FAzNo-6gXZ973gSH zG@eG!nmT;*t}6jHFXu$~%s&p_7VrLc>FRIRZ?|cZcZ_y*JSXM6IF*h@bf))Ct8MGH zKV%{^C+YIO9+9bai5OZb+9g))YIvSmUWV+3TTgj^y*Sp-9{YrxL;KpZY_+{+UHT>~ z+R0nqPteb3+*v)9M%%fwoAuzsbK~xEd`8DPYy58Ha@5b;hdf%2%Nljy_KGuIF}D9W zjw}D!UA9{rh0*QW3Kf-}XxW;o$jcsq)Usb4ZTd3mw#iK>`m{SaxF!zswWQ;%?Lv;9 zl<%C5>Kv#pQ(}Va94UsYzrL`PvpzrHp$MVehs0ab|D_+)m8gwEDAY# z%4_Y(Fsa$3Vh?Fj8W#?rc)F{7GiCa;=t5*%0>7!`oSnw>%(`}@^fa8-03=80L>z&yIfm{xTbw;^|7E=Lt)k#Z3U*q1)=>4)!b3L3R!=bpXvLd zoG){M=)?B4`EnJ<@%N_@Frm4ii^W|1m+x9~Nr{1P9d3-OI)@G1(j4_n7f=OtYu)-^ zm938+WFCBQA8=WV&0Z{ny=qW}sEPSF-10q34fotd&40RlNx9vo-~OSl`kt2Mu}vBq-gZm)INK&Ev8 z=ir=dY`wDVjhu9Zc3Rf0LuOeu3;OBRl$f!>^YqB~;hPo5jfr*UY{{ZI*Hix7I?sL% z`%q}d4}RyD5U15Fn}EeyW!5uR7-S`@Dyw{Sj-~%0YEAs3+h@v?nr}_f22MrF>n;Nw z_8UxX6^_x3ojz{S?_#UDuE=xpyE~lQbC}l+9xji=^@018pI*xPg&lkF3-+LVI>&#+ zmX79L1M;l2e>HL1ZDhod`rBAPHGL4@m?s6poYvxED^5-_uDat$_X5wH>8zi7#vh$Y z3#_LJUza%@r=K6m>GMKXvTO8sNo^20D6OHL@ zoNS}kdJp=?I}TLRa6SzIh?JI;+qEW{jI&l~G<0QBtX;+BIyrRyyUdk`ZXP*kfY9IgM8nz2+0gU=yEj_*QbFbsXe zW{9vFj>u_J?-Iq(9{6XY?){&QdVmeVtENS!52Bpk4^Q9zmpFnYx+$umt7_XQ8%z7V?ObM&B?^gVQn5GrWh-I8xt%E$6rqkZW$UpFG^uetOK zHF(#>s3~mp_$Y4r`NX?`U=|N0^UO$Yxl>7IF9A)Fni>ypqQCY#sHg}S22?!9*U}HT z$Cy{M)FK*3UdPjRh38761V}mGGmy*id_||wu6?yj)}}0rEcdAQYB#1k5Ab>TLg~X{ z9{hr@k?y$i?!5A%*}Ud2Yy^Q=exeF#g2|cK*kE4}nUq9Ie055q0-(?iI9mW4Zv-G4 z6J$VnuO;ZMGj>={)0VKhX-Rj4m7Q(kqa2#O){g~LeNWTcDfXP&_S!oe@7jS2w0M=%=bqoK~Mj)NycywZ9N=ZD5l zY9txff)fDPj4AyQ-Wz6kC>7EQy2I}hgRGGbhR3P=AA7lnBaj(uupv5>n-n4t?be95 zoAg@@8SFvu3somZRqWL5gK~|E?W7JZ??HGR8bIlzshU#ntYy(DqM?>Nizx$DMf5UBW-031*4Mrj)S7}=2*yq^a4;%2}y~w zT@5sr5)WA*51>U+%GV6KW<}-iH0-YxR5?hPZ4Q{yUIuFSWh6mc+m&>nF@EV(QCh+H zGKauukFL*$m0EK~)L-TJww2ynH4Z75>H68{Gn+fOt!5w>*fEEFF!o41}o@*z6FVXd)6GUx8`a!jB=j2 zvJwMB$0u7$CiH!Q$i^dlMnrqXa%58ox9i9f32O6&18C6hbjnnXoJMJxgfu)t#|V|( z9)x^_iB}dVTX)kHb-f+mfX%y^h`R27c=OSCYb7Tg$B$E-&mEPo zMCmoM<)<&Ul@ppVo+HNMvRi9%F_UB?vYLz3F(l0%zcuJ{D`_1qd?fQ>gx1LXy#Rt` z_ULRyG&B)%@{qC+G+7Cuvi6rfcv{lZiOhEJwY-((D^cMea`^k;p?1Xy_PHh)+}WE1 z1xV-Y&hCxItsnJ;jBgbuz)*2E&C5Oi+v!Kxaz3wl8O8G{c?_h%bmCS;X7Jagptr!2 zF{*6M){bF8=gY%0bkQ)W7&KlHJ-4Z~?T0b8epr1zpKwm;8DD;z-lVQMFBi3}fe<86J;1k?w!Jto8GG?+>6!t@w%a5Co>1s)IKo|4&85PYtdrysTWqU9((q{=UGk zEKky9+vKaH7Oww&hTAyBY?h=lxb@GF#Qq*TWb6*0Qi^dp{IA#Xci&GMsmFV*2PqiauBHE1dt#Gf zS~oUa>;EfKi*q+SbxcQ-^9i_$<7n%mjV*AAI zoR0gdI-7hx!Kv`Oh_!9fdf2WXZ=jRlbmM&1o#o7jx=5p`K=kY_KaJ@boT;+ z=iZnI(r~#`Vnar5$EOqB`JjpL7%cAX)hp3$1xb2p>%();fvQTK$4OwqUmlRcBBsG=C(U16#+5RylVsBSQVU>;pyhlO=wwtBLJL6QksSt zLzP(B5(r5VR6Z)AqiesFGSn`2R#*A~(vFZyHzkqwn^i%1_2%C92n$@C ze(%_r&sO9Yr{CV{7Qa4z%zoMRW}Ws&!A19LG_6^zqX2wz_i@owy9IyM^!2*4_$!8i z8!+O9;`CO8NYk=jtm6&;8?T;D@ljMeJ|y2B{O_c>h9^~WO-FA(p9XpaCQ_pm;(8h2 zdeXaB{jU_sH6EjF%@7ZoEduY!+OcLwv9j^A#XI>2)>o89oA$z~?B{ZXL#JN4#YX=SN+H4x(qJXI>Ibnk__d z6znp8Vt~^(Bs*!YBzV(;C4^P@`%cmjW(|}m&9RwkdatFO;m^||Me$Zqn_iP~e(@W{ zI;eR|{&BFd6`tz%In#;gdf+WHJbP-CI27LiC2a;-7GHlS;uGdF2Z43W<5nwe!_rtq z7yrOpnS+x*0HiD+b_1zBN0GJ4d)Za__#tmcTBk|u6u;GWUQVl)DS_tw2)kOtnTreV z9)=ChH3Wrys|4{R;RSv}_=-bBS7y=_J5TDj(e!pL8?1-doWiK(v+DN3^oJFY!sPeK z*vVIF-@M>?viULB`WEb+}yRHN3+aeHl&T>M(RlKZLUucFLe!B9!g zanW6TVFtnN+b*`5nt+mj%!b1jb&;2zKPi)CBc?cJ`ELs}{@VhR7B1GcRD&h@13t!d z%;&*P?M>yozvanoP*!RvsFpY#Mo(44t>5rJrVJV2Ba11wX2N-I+gL*}UD^0|bwwQF z8rO*$-AttMB2A&)za;&~XyJ+AT1tWL2wKi{8c~0H(tl<7e>U7^qvABOuQAblg=F~( zp4c6tzfLh5c+%k$!<_Z|;17U#t3MvEt=y4sD879ZGloey@MD2IM-FUKcgKO5HJ=fV z0m*#lvvQ(q%5PCo_8~b!KD*2`D8Mq)i=L)Zek6K_1vZiCyh@~Jx=5tMof7LB0-|Ng zX+425e8+%du)P&kCeouSMrEv*;D@Qh(BdP%entAMt!NbG1O*FV#sQ1FWv@LYiPFKC z-0iCT#0o`iLi<0a3aBtL`^fH0=Y(tsBvPo^6)Fb(x|UOsLii+~xrhXIiKV!RR}wX^ zNz?jXwar-m^!+ErR~+R9>)+YuUco8GDmSw%d(Dlsi!0HCpZ~fEMCaimJOU8>I+ndr zIp*C7fm82tm?JSl1+!xKeaP@9f{#=0#Lx$h{;^bUs9yXsyp>he?EO&4oZD5v%*jWAK(9c2tp=($$;pwBMN(@{k$g!k zr_Epb{)~MY*?@{0i2*N{Wiyg6jsSG3)g%eFV82)>YQ(6JNToj|EAn{3!l}zf3VXf% zH1u*k*1a*Iip{gs{2VE}-|4diBP_%{qFZAF-`eUc(;Hu!Yt>IQz2_)jERDSe@A?Bf zns=#^2^i-ZSw7?5iPj@D7W!(r-VL+l=q4P*(;vxLb$qL6g8q&{`B-{-B?!1EZKiA4AP{VCAbKBy%;4a&JURl9P<3#Y zETeck1&!#8;FxkND(e2@dx>)q=fQO>74;#Fg4!!lyum@rFmx9`%lhv+;ml0ibZFUQ zE(hVv%&XC2x$FL}gHa6bFMc5V!|P#Y@VqZ4v#>~e+l$VgJ|}2Vava1DG#ea6^+x zus5ikcc6`SU5@uVvz#$-6tzlk0(X+%W%_4`{!`XisT7OOn-3PYp+*?oRS`yc6@FWU zeWwHpwr-ALnifwxM1k&xy5ku!uC#G9k187PQJX6aA(D-e^iMw!Kk}f2NiMMB`j&WG zvaD<1dpSjPOL*`PA)q2pWV0Li4G?9QIckm|18(#h_~(eL?UBcj`gggjRb-<3vXx>0 z1&AIhDjM#Ws!883hX(cb8~lw+o~|VlHBp61N4o37)G7+SVc{hz&f0T8{iqP4A`3N$ zreUX?SEZIPi$PIWI{$TQ9^r`rhViCSj)N3lCAgw+F|}Enql$-Zj1By0Qzj&Z_1S^E zR}1d3>{0|(bHsR}yBugK%u2}wN5kMp#Br;qwwWAdKKa&P>zChLm;L}`MSs6kI1=an zLSy9Uu01dtBKPzk;6IakJ{31CIjscU>sFq#cYZfBng8gK9gpP8S&|NZV}(AMLPHqK zF)uk|6uY4ks5{;0D-khS5))sI1zYbWb5t|2WQ3t87oqj0gKaP>w-;GBJEdEVk5DSg zP}zeF#9+VE30Z=U6fp_{(clE2<)S4>39Aqi7adEge)-0iHy_zvo)^UUm0+vwgEZ05 zaIg?PYz_!wAS90YjK7@o5d-F|KvwNEs3!;`W}Lw_y&oYYde$(W=}=Bzk5SPldX@`u zpFlM2c)El@44l7J{-7w<~Mky{PBt&MI6B1_y zb!}9DiTSg@C}d^KoB*S3ZF{g7kdTllcKK@%dftIWd#FbxGCsSpI2POsJHBh`eYL0` zqE|6?R@~IVe-loY5&WStiS8Uc7{k&@mMy;>fuJL}Xcag0B_mtH)QwdNUuoX|-ogoG z4S+>~mZfkLY0&_Bg^GkOE(3v(5Bn&Clgo`#3@j`X{=cfOJS@p{i({6VV=ifz94*vb z(o*cYG**IzmXu^>X@x~$T3J|-nOzskCAX=kA`vxXqOwv+lhnxV<}!(h3$}o0HVQQu zYD1=>g7bdledf9Up68tNJMTH~@AtvCJn!?X?j6hG%}|-o8MG%U0pwQ(ofLUimZ#47 z08CoJvt5})lJ0pJdD-%CM?)M7ZshAH2w7%?$|Oc~FB1HgH`-!>F*8pW>hE>bX{f!> z+S2ED$o6>his{Gz1|$DDX3IU_g7%2$&=ri-ILhPSmY2PCb?Av_`}u>n`?rzTdu1M? zbXb&B)8wY)^-Jsf+Z}vMaG^!JTe2@V7{|AnI*m@<&3d+|Q*Qmuev8;JFnEJQ6xJQ{ z0;p8o9t_qeeL;69NEmhg7&_f)sMaQ%xOEus_Sk-tSNn=GtY!N-GmQ1t;#u1vk||e7 zr#i6$uAFUY)r~cy;UmKmlQ;HN zUjD7*EmH>_7N(;u0v=~`{&PS051o=Ai(&KD1F>0a{4$s8ug8Eqh$P$+guR5^R)@0-WNI()A=ff=>>z%l6up?;DrAQJQwWr8||wwub(n?)7iJ%X=EhZne0IH z>pAPo33ybd$GVY!pA~w%c#VIloq_nHBrnq1*5Hzf(@L3L+0Zq$tbCfpT9d}v8&a$m zjl`d(7K2lp;SZ4K!tQ;j3ro3X*^+}i8B^I^f2@C{3@{-h)TXl&TTJ7TMbkv7MYKAUo3K<;&*Y{E- z$h!9m@kPm;_&HdD8C|4>_fjs-yIM>a6=-@BM$|;(ZjcAB9L-hN?ik}^QfLT{5ou#oPF&o zu178P4kcU&{Oopl((?Mgq=LTmIoRXct5mF6u51eGi6LdX%|e_HcXtAA@P3A~7OZ21 z^bTgxwxVqCv}BY3;3!%+7$wXmr9nWVDqYofyF%y#y`da%>%Oq<_iC3rMgAb%i60{` zJ-~q}sjF|{|J7y&8*z1x0BEsH^|s40+!3 z(nSId8xqyWLS6%fw@Sq%f#)f=lo=P^rSeqLi3Xo`YK@UL0q7@R8BO~j37Lbf`V=Gs ziv(Q)TU;E2(_9&x9M>f7ns+n`mG(?K*y!KsA)^O#cuGk@^jpwkHjhPTtXH!>qWKw) z{Fsxa2h!l;!#MM*)6_9nD$0uK!YyV;b?CPDGpJiTnJ2gtg?D+CP;jkVM6Svs`TtQ? zg-L}b;_4J8)N)Wc)S{-J6y**B)^W~^!cjM^3fI;apJ!~j z7Aoz|iV|Tp$xt~C?OJXTBE4M+>tpt+W|&>`whrUUI>xEUTS0x$xKP@0rOY_;PTX0< z%|)XrNj|D(nydyI7`n19U%j-xk;x@Y{sC4E5!ghA+KISZvkzKz8MJDM!YCdkY{HP0 z+(TjZVdjI8m78y7#!j}0hx>z6*JTzYt$c`$u$mNc|9Mb2659VDcsosHJqPQREb)6C zzUo^W!~j5bT?N(7`MV)uHi!9xJsUf0%y@}8$WnZ+S#T`%q7g(>pmGQz*VIJLzELsa z${YuT)>a7@-SPA6bsOJUSSlIvmw9W!e^Q`rY!f^yHblo{Ybvcuk=ni`U6GmxMb>DD z<3dbsB%~brh@+buJ%tB-HUj3t=WTvUcwUQ*u%cWo_(!@>FE1u;O|XB)O2A1Kf6a?m znyJ(n8Q6KVZw@AXFJcOtf9R3EF8DWvT;xHYPAZ;)j58hpYWvt%{xfvQu{qdSdBn7+ zj)N2z2U<6b)jjw1$?o%F9?;6{CJ$bkuIybN`UCr0^cmyvqx^MoCu#b~TB?g&0X{Gg z5T^InRlkbL_d1e6e~({a{1hJ?#0Ex+WM#pzCLN`OPYe^0$~EA + + + + + + 404 Page not found! + + + +
+ 404 Error Page not found. +

404 Page not found!

+

Our apologies for the temporary inconvenience.

+
+ + diff --git a/protected/docs/var/www/errors/html/en/50x.html b/protected/docs/var/www/errors/html/en/50x.html new file mode 100644 index 0000000..e28b285 --- /dev/null +++ b/protected/docs/var/www/errors/html/en/50x.html @@ -0,0 +1 @@ +50x Server Error...Sorry, we had a processing error on our end. diff --git a/protected/docs/var/www/errors/html/en/forbidden.html b/protected/docs/var/www/errors/html/en/forbidden.html new file mode 100644 index 0000000..4d49f2f --- /dev/null +++ b/protected/docs/var/www/errors/html/en/forbidden.html @@ -0,0 +1 @@ +Dude, get out.... diff --git a/protected/sql/initGoals.sql b/protected/sql/initGoals.sql index 2213bea..5e70c9e 100644 --- a/protected/sql/initGoals.sql +++ b/protected/sql/initGoals.sql @@ -40,7 +40,8 @@ CREATE TABLE goals ( title VARCHAR(255) NOT NULL, description TEXT, approved TINYINT UNSIGNED DEFAULT 0, - youtube TINYINT UNSIGNED DEFAULT 0 + youtube TINYINT UNSIGNED DEFAULT 0, + created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE tags ( diff --git a/protected/src/Classes/BaseController.php b/protected/src/Classes/BaseController.php index e11af09..29efef8 100644 --- a/protected/src/Classes/BaseController.php +++ b/protected/src/Classes/BaseController.php @@ -14,16 +14,18 @@ use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ResponseInterface; use IOcornerstone\Framework\{ HtmlDocument, - View + View, + SaferOutput, }; class BaseController { public string $pageOutput = ''; // To keep views working...without Dynamic Variable Error! public static $params; // To keep Routes working... - private $http; + public $http; public $view; public $html; + public $outputHTML; protected string $footer = ""; protected string $authors = ""; @@ -33,6 +35,7 @@ class BaseController $this->http = new HttpFactory(); $this->view = new View(); $this->html = new HtmlDocument(); + $this->outputHTML = SaferOutput::class; // If the child controller has an init() method, call it automatically if (method_exists($this, 'init')) { diff --git a/protected/src/Classes/Logic/HomeSearch.php b/protected/src/Classes/Logic/HomeSearch.php index b4c4b7d..28dd143 100644 --- a/protected/src/Classes/Logic/HomeSearch.php +++ b/protected/src/Classes/Logic/HomeSearch.php @@ -17,10 +17,10 @@ namespace Project\Classes\Logic; class HomeSearch { - public static function Tags(): array + public static function Tags(object $request): array { - $a['search'] = $_GET['search'] ?? false; - $a['tag'] = $_GET['tag'] ?? false; + $a['search'] = $request->getVar()->get('search', false); + $a['tag'] = $request->getVar()->get('tag', false); if (empty($a['search'])) { $a['search'] = false; @@ -33,9 +33,9 @@ class HomeSearch return $a; } - public static function MyUUID(): array + public static function MyUUID(object $request): array { - $a['MyUUID'] = $_GET['g'] ?? false; + $a['MyUUID'] = $request->getVar()->get('g', false); return $a; } diff --git a/protected/src/Classes/Models/HomeFetchModel.php b/protected/src/Classes/Models/HomeFetchModel.php index 9e3ef63..9ae0bd4 100644 --- a/protected/src/Classes/Models/HomeFetchModel.php +++ b/protected/src/Classes/Models/HomeFetchModel.php @@ -17,9 +17,10 @@ namespace Project\Classes\Models; */ class HomeFetchModel { - + public function __construct(private \PDO $pdo) { + } public function GetGoals(array $a) @@ -48,35 +49,58 @@ LEFT JOIN tags t ON gt.tag_id=t.id"; } $sql .= " ORDER BY g.created_at DESC"; - $stmt = $this->pdo->prepare($sql); - $stmt->execute($params); - return $stmt->fetchAll(\PDO::FETCH_ASSOC); + try { + $stmt = $this->pdo->prepare($sql); + $stmt->execute($params); + return $stmt->fetchAll(\PDO::FETCH_ASSOC); + } catch (\PDOException $e) { + echo $e->getMessage(); + } + return []; } - + public function GetTags(array $g) { - $pdo = \IOcornerstone\Framework\Configure::get('db'); - - $tags=$pdo->prepare("SELECT name FROM tags t JOIN goal_tags gt ON t.id=gt.tag_id WHERE gt.goal_id=?"); - return $tags->execute([$g['id']]); + try { + $tags = $this->pdo->prepare("SELECT name FROM tags t JOIN goal_tags gt ON t.id=gt.tag_id WHERE gt.goal_id=?"); + return $tags->execute([$g['id']]); + } catch (\PDOException $e) { + echo $e->getMessage(); + } + return []; } - + public function GetGoal(array $a) { - $stmt= $this->pdo->prepare("SELECT id,title,description FROM goals WHERE uuid=? AND approved=1"); - $stmt->execute([$a['MyUUID']]); - return $stmt->fetch(\PDO::FETCH_ASSOC); + try { + $stmt = $this->pdo->prepare("SELECT id,title,description FROM goals WHERE uuid=? AND approved=1"); + $stmt->execute([$a['MyUUID']]); + return $stmt->fetch(\PDO::FETCH_ASSOC); + } catch (\PDOException $e) { + echo $e->getMessage(); + } + return []; } - + public function GetVotes(array $a) { - $stmt= $this->pdo->prepare("SELECT id,content,votes FROM advice WHERE goal_id=? AND approved=1 ORDER BY votes DESC"); - return $stmt->execute([$a['id']]); + try { + $stmt = $this->pdo->prepare("SELECT id,content,votes FROM advice WHERE goal_id=? AND approved=1 ORDER BY votes DESC"); + return $stmt->execute([$a['id']]); + } catch (\PDOException $e) { + echo $e->getMessage(); + } + return []; } - + public function GetComments(array $a) { - $comments=$this->pdo->prepare("SELECT content FROM advice_comments WHERE advice_id=? AND approved=1"); - return $comments->execute([$a['id']]); + try { + $comments = $this->pdo->prepare("SELECT content FROM advice_comments WHERE advice_id=? AND approved=1"); + return $comments->execute([$a['id']]); + } catch (\PDOException $e) { + echo $e->getMessage(); + } + return []; } } diff --git a/protected/src/Classes/Models/HomeLoginModel.php b/protected/src/Classes/Models/HomeLoginModel.php index cf32d91..49b06f0 100644 --- a/protected/src/Classes/Models/HomeLoginModel.php +++ b/protected/src/Classes/Models/HomeLoginModel.php @@ -42,7 +42,7 @@ class HomeLoginModel $name = $email_row['first_name'] ?? ""; $_SESSION['first_name'] = $name; - return $user_row['pwd']; + return $user_row['pwd'] ?? ""; } catch (\PDOException $e) { echo $e->getMessage(); } diff --git a/protected/src/Configs/on_ErrorCodes.php b/protected/src/Configs/on_ErrorCodes.php new file mode 100644 index 0000000..b0aa0bd --- /dev/null +++ b/protected/src/Configs/on_ErrorCodes.php @@ -0,0 +1,43 @@ + "Error Code# " . $codeNumber->value, + false => "[".$codeNumber->name . "]; Code# " . $codeNumber->value . PHP_EOL . "Error Message: " . $err->getMessage(), + default => "UnKnown Error", + }; + + if ($throwMe) { + Throw new \Exception( + "[" . $codeNumber->name . "]; " . $err->getMessage(), + $codeNumber->value + ); + } + + return $returnMessage; + } +} diff --git a/protected/src/Configs/on_HtmlPurifier.php b/protected/src/Configs/on_HtmlPurifier.php new file mode 100644 index 0000000..d5bb734 --- /dev/null +++ b/protected/src/Configs/on_HtmlPurifier.php @@ -0,0 +1,16 @@ + false +]); \ No newline at end of file diff --git a/protected/src/Configs/on_IOcornerstone.php b/protected/src/Configs/on_IOcornerstone.php index 8c3ad4b..cf3c98b 100644 --- a/protected/src/Configs/on_IOcornerstone.php +++ b/protected/src/Configs/on_IOcornerstone.php @@ -27,7 +27,7 @@ use IOcornerstone\Framework\{ * * When in Doubt, just make live false, below here!!! */ -// SiteHelper::setLocalSiteDomains('pc1'); +SiteHelper::setLocalSiteDomains('goals.dev.local'); // SiteHelper::setAllowedPrivateIPs(['192.168.32.2', '192.168.32.3']); // SiteHelper::setAllowedPublicIPs('12.x.x.x'); diff --git a/protected/src/Configs/on_Security b/protected/src/Configs/on_Security new file mode 100644 index 0000000..2dca813 --- /dev/null +++ b/protected/src/Configs/on_Security @@ -0,0 +1,17 @@ + 172800, // 2 Days Login + 'max_token_age' => 7200, // 2 Hours + 'token_life' => 7300, +]); \ No newline at end of file diff --git a/protected/src/Controllers/App/HomeController.php b/protected/src/Controllers/App/HomeController.php index 32594ad..0323bf0 100644 --- a/protected/src/Controllers/App/HomeController.php +++ b/protected/src/Controllers/App/HomeController.php @@ -35,8 +35,8 @@ class HomeController extends BaseController public function Index(): ResponseInterface { Security::initSessions(); - - $this->html->setActiveCrumb("Main Page"); + + $this->html->setActiveCrumb("Home Page"); $this->html->addCss("css/index.css"); $this->html->addToJavascript("function filterTag(tag){ \r\n window.location='?tag='+encodeURIComponent(tag); \r\n }"); @@ -50,13 +50,13 @@ class HomeController extends BaseController $this->view->setView("App/Home/Index"); $this->view->set("Model", $model); - $inputs = HomeSearch::Tags(); + $inputs = HomeSearch::Tags($this->request); $goals = $model->GetGoals($inputs); $this->view->set("Goals", $goals); IndexAuthContainer::Logins($this); - $uid = HomeSearch::MyUUID(); + $uid = HomeSearch::MyUUID($this->request); $this->view->set("Uid", $uid); $bb = new BbCodeParser(); @@ -70,11 +70,11 @@ class HomeController extends BaseController public function Register(): ResponseInterface { $this->html->setActiveCrumb("Registion"); - $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]); + $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]); $this->html->addCss("css/registration.css"); $this->html->addJS("js/registration.js"); - $this->html->setTitleAndHeader("Register"); + $this->html->setTitleAndHeader("Register"); $this->view->set('html', $this->html); $this->view->setPhpTemplate('main'); @@ -89,7 +89,7 @@ class HomeController extends BaseController public function Login(): ResponseInterface { $this->html->setActiveCrumb("LogIn"); - $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]); + $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]); Security::initSessions(); @@ -110,7 +110,7 @@ class HomeController extends BaseController public function Logout(): ResponseInterface { $this->html->setActiveCrumb("LogOut"); - $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Main Page"]); + $this->html->setBreadcrumbs(['/App/Home/Index.html'=>"Home Page"]); $this->html->setTitleAndHeader("Logged Out"); @@ -118,11 +118,11 @@ class HomeController extends BaseController $_SESSION = []; unset($_SESSION); - session_destroy(); $this->view->set('html', $this->html); $this->view->setPhpTemplate('main'); + $this->view->setView("App/Home/Logout"); $myView = $this->view->fetch($this); return $this->returnResponse($myView); diff --git a/protected/src/Services/on_App.php b/protected/src/LoadServices/on_App.php similarity index 100% rename from protected/src/Services/on_App.php rename to protected/src/LoadServices/on_App.php diff --git a/protected/src/Services/on_CORs.php b/protected/src/LoadServices/on_CORs.php similarity index 100% rename from protected/src/Services/on_CORs.php rename to protected/src/LoadServices/on_CORs.php diff --git a/protected/src/Services/on_Db.php b/protected/src/LoadServices/on_Db.php similarity index 80% rename from protected/src/Services/on_Db.php rename to protected/src/LoadServices/on_Db.php index 5bfc4a5..372ea2a 100644 --- a/protected/src/Services/on_Db.php +++ b/protected/src/LoadServices/on_Db.php @@ -12,6 +12,7 @@ namespace IOcornerstone; use IOcornerstone\Framework\Configure; use IOcornerstone\Framework\Common; +use IOcornerstone\ErrorCodes; class Database { @@ -31,10 +32,12 @@ class Database $pdo = new \PDO($dsn, $this->user, $this->password, [\PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION]); } catch (\PDOException $e) { - die('DB Connection failed'); + echo ErrorCodes::getErrorCodeFor(ErrorCodes::DB_Connection_Error, $e, throwMe: true); + } + + if (isset($pdo)) { + Configure::set('db', $pdo); } - - Configure::set('db', $pdo); Common::wipe($_ENV['DB_PASSWORD']); Common::wipe($this->password); diff --git a/protected/src/Services/on_Debugger.php b/protected/src/LoadServices/on_Debugger.php similarity index 100% rename from protected/src/Services/on_Debugger.php rename to protected/src/LoadServices/on_Debugger.php diff --git a/protected/src/LoadServices/on_HtmlFilter.php b/protected/src/LoadServices/on_HtmlFilter.php new file mode 100644 index 0000000..cf15b81 --- /dev/null +++ b/protected/src/LoadServices/on_HtmlFilter.php @@ -0,0 +1,20 @@ +register('html_filter', function() { + + $use_file_cache = Config::get('html_purifier', "enable_file_caching") ?? false; + return new IOcornerstone\Framework\Services\HtmlFilter( + $use_file_cache + ); +}); \ No newline at end of file diff --git a/protected/src/Services/on_Logger.php b/protected/src/LoadServices/on_Logger.php similarity index 100% rename from protected/src/Services/on_Logger.php rename to protected/src/LoadServices/on_Logger.php diff --git a/protected/src/Services/on_Repository.php b/protected/src/LoadServices/on_Repository.php similarity index 89% rename from protected/src/Services/on_Repository.php rename to protected/src/LoadServices/on_Repository.php index d44e2af..2f316f7 100644 --- a/protected/src/Services/on_Repository.php +++ b/protected/src/LoadServices/on_Repository.php @@ -6,6 +6,8 @@ declare(strict_types=1); * @author Robert Strutts * @copyright (c) 2026, Robert Strutts * @license MIT + * + * Used for Database Connections... */ namespace IOcornerstone; diff --git a/protected/src/Services/on_Session_Encryption.php b/protected/src/LoadServices/on_Session_Encryption.php similarity index 100% rename from protected/src/Services/on_Session_Encryption.php rename to protected/src/LoadServices/on_Session_Encryption.php diff --git a/protected/src/Services/on_Sessions.php b/protected/src/LoadServices/on_Sessions.php similarity index 100% rename from protected/src/Services/on_Sessions.php rename to protected/src/LoadServices/on_Sessions.php diff --git a/protected/src/Services/on_zDB.php b/protected/src/LoadServices/on_zDB.php similarity index 100% rename from protected/src/Services/on_zDB.php rename to protected/src/LoadServices/on_zDB.php diff --git a/protected/src/Views/Common/App/Home/Index.php b/protected/src/Views/Common/App/Home/Index.php index d87a4aa..a6a844a 100644 --- a/protected/src/Views/Common/App/Home/Index.php +++ b/protected/src/Views/Common/App/Home/Index.php @@ -24,9 +24,10 @@ function end_of_the_line(): void

All Goals

+
- +outputHTML::get($g['title']) ?> GetTags($g); @@ -48,15 +49,15 @@ if ($goal === false) { end_of_the_line(); } else { ?>
-

-

parse(nl2br(htmlspecialchars($goal['description']))) ?>

+

outputHTML::get($goal['title']) ?>

+

parse(nl2br($local->outputHTML::get($goal['description']))) ?>

GetVotes($goal); foreach($stmt as $a): ?>
-

parse(htmlspecialchars($a['content'])) ?>

+

parse($local->outputHTML::get($a['content'])) ?>

👍
@@ -66,7 +67,7 @@ foreach($stmt as $a): ?> GetComments($a); foreach($comments as $c): ?> -
parse(htmlspecialchars($c['content'])) ?>
+
parse($local->outputHTML::get($c['content'])) ?>
diff --git a/protected/src/Views/Common/App/Home/Logout.php b/protected/src/Views/Common/App/Home/Logout.php new file mode 100644 index 0000000..5035b0a --- /dev/null +++ b/protected/src/Views/Common/App/Home/Logout.php @@ -0,0 +1,15 @@ + + +

getHeader(); ?>

+ +

Thanks, for using the StickingToGoals.com site. I hope you enjoyed your stay...

\ No newline at end of file diff --git a/protected/src/composer.json b/protected/src/composer.json index f597eef..e6d71ee 100644 --- a/protected/src/composer.json +++ b/protected/src/composer.json @@ -12,6 +12,7 @@ } }, "require": { - "vlucas/phpdotenv": "^5.6" + "vlucas/phpdotenv": "^5.6", + "ezyang/htmlpurifier": "^4.19" } } diff --git a/protected/src/composer.lock b/protected/src/composer.lock index 76e4970..cda9243 100644 --- a/protected/src/composer.lock +++ b/protected/src/composer.lock @@ -4,8 +4,69 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "1f06c8427699f747776f24f4389f751e", + "content-hash": "20810c164fd612d2733ce60863e76b0f", "packages": [ + { + "name": "ezyang/htmlpurifier", + "version": "v4.19.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "b287d2a16aceffbf6e0295559b39662612b77fcf" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/b287d2a16aceffbf6e0295559b39662612b77fcf", + "reference": "b287d2a16aceffbf6e0295559b39662612b77fcf", + "shasum": "" + }, + "require": { + "php": "~5.6.0 || ~7.0.0 || ~7.1.0 || ~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0" + }, + "require-dev": { + "cerdic/css-tidy": "^1.7 || ^2.0", + "simpletest/simpletest": "dev-master" + }, + "suggest": { + "cerdic/css-tidy": "If you want to use the filter 'Filter.ExtractStyleBlocks'.", + "ext-bcmath": "Used for unit conversion and imagecrash protection", + "ext-iconv": "Converts text to and from non-UTF-8 encodings", + "ext-tidy": "Used for pretty-printing HTML" + }, + "type": "library", + "autoload": { + "files": [ + "library/HTMLPurifier.composer.php" + ], + "psr-0": { + "HTMLPurifier": "library/" + }, + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "support": { + "issues": "https://github.com/ezyang/htmlpurifier/issues", + "source": "https://github.com/ezyang/htmlpurifier/tree/v4.19.0" + }, + "time": "2025-10-17T16:34:55+00:00" + }, { "name": "graham-campbell/result-type", "version": "v1.1.4", diff --git a/public/assets/css/breadcrumbs.css b/public/assets/css/breadcrumbs.css index 825aad8..934119a 100644 --- a/public/assets/css/breadcrumbs.css +++ b/public/assets/css/breadcrumbs.css @@ -1,6 +1,6 @@ /* Style the list */ ul.breadcrumb { - padding: 10px 16px; + padding: 6px 8px; list-style: none; background-color: #eee; } @@ -28,4 +28,11 @@ ul.breadcrumb li a { ul.breadcrumb li a:hover { color: #01447e; text-decoration: underline; +} + +.homecrumb { + color: black; + width: 14px; + height: 14px; + padding-right: 5px; } \ No newline at end of file diff --git a/public/assets/css/index.css b/public/assets/css/index.css index f165325..bb2f040 100644 --- a/public/assets/css/index.css +++ b/public/assets/css/index.css @@ -53,6 +53,7 @@ input,textarea{ } .auth-container { + float: right; display: flex; gap: 20px; } \ No newline at end of file diff --git a/public/assets/images/404page.jpg b/public/assets/images/404page.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4d7fbe817f87d7dfb6bd08214e46e4ca20cd3964 GIT binary patch literal 37663 zcma%i1yq#Z7VkF!%+M|EFbo~iDLTZ!&_gPvAl(fLA_IbifPi#KNrOr&AVWx_w9=uV zfRut5C~wez+`HC&Z@pOy);DKP?6dd&?Kd2_M?uwbscI0Ar{mJk2~{{5VM1nATQ z?A&euAOK2iJ`VsVD-cmZtHzcLQMP|aQ@)nDf(`a{Fb>u?u?u#yQ?N%~ynr}=UGchy zw}*qjE#kU|yQiPxb!Fu5$rXvur_JY(h~HiO-IS3kr>i0^>){Y;UcL?p88LBDJ8@YF zgsilfgtWMVw1NmiQd~m(oP^{#aXC>5aYY$9MR5tlUmqlKHD7y2MI&{Mzt$ptQ%3%^ zsi2@Bu^=fiFJGr~5()|m=fow?NlJ~4 z8Evn51^6o?iIo1?f`|7%)BaCh{YOVVz5jPt506s@{GQg&-^k%#djIFdekM1(9nKj! z_<05R+Bp!r^PCR$R#fwKu=V%yHSzLt|C@_AXD@#*KW8s*gqpF8m;^%4*3QNAwB`2* zJv~J&Pd|TKPdf)Kb!8-R4lx%OdqoM1g1myXxV)5x0!BgtBO$LLCytSmkj03LE2v6{ zWBwki?qwI?;o#~2_gMRX$140^$DS&Khc|I$bq8OUKnHsbUoQ{D?@cSZ{0~~>rPSrc zB{33G7zx?`P0OFL_Wy&Hzs5@bU&o#!5_9fUwErRMznh5qbNcv?;u637qxue>M1A)q zD)z|^K>b@?0eb=wK%kR3AQB*jLZKv3QW6qUI4SXu0!B&-qo5=wrywV%q^11*p{1mz zp{1dwWME)qWMJT6XJ_X)`_BhNMn*6&lExUt{;Zj)5G zlsdb5b$kD!NM4z);)b`fbRgoaU{Vq|DJd8Pg`DyY455P-j?o*DFmX#5hCfm9kxVIK zkYZ%EO-8O7+jXj5^Bw0|A>G@LsFPOnL!Hb5ln@YcXAnBzBJf?!vSvA#C*s!URois` zbaVH`Hjgt&S1dXg?5sAPcEh^X2A#`XYYSKINu961c-V9T3@&{a_;w>9Z=0baaV+%x z4SR52z~ff`=DrSBj^3AFVkbRl+IB@!X*`=1?o|@|`mrm`@*6hLWc|8~FSGU#{2}`N z1aP3Xa|%)4l#N~tN;mzoFRE2Aaq+lvC&F-H&9QqDD7YTp_t|7Rt;;a!mgndw2@pJpe(*k5xN zaXEdn*QN@n)93n+t`|PH)s5Vrt687<*!(N*FY;MF%MJ191$2CRcCYBqI%1Qcb+2^w zg4dQOfZ*Q?84>rnBzm#Wl2g(0t=F;W=(=oBgZ{(W@T07?vafStYhFJYf74zedv{l9 z2*p2FGuUA|8Oo>-m2kQtiFK!R$Ly`^VdG1^5B^$+xS_n?8!|X1E`|ArNnYuf-D>jQ z>Xh>|So}rO*gdJXdf~$@-@X~IGOs9VTRS2@^$LlLXa8o%P}qmUVRtX*Je`Kv&q_lG ztm2mMqp5(ie@&`u^Xv1?`V)X{;L>LH={}#F@>ApH@TXCdFLN$eXMXoQos&qt+>kVp z`hpXnvE$w*an@buJdIJWtmo$R=+~BMx2np|F8pD0JaN|Z^*H5cv#A+%OMQp9-#jUH zzDMjEw^cJ1<}hje<8O^1BQ~Z0uPsp%oBzptsUa!7fM@4EHh%~+{fhxHH*(gJ)n8ja z_*ruT6h({wq4oUmr{M`p_k>wJm0z3xsNRyuSm?7^k1v)#&;Bj@;tP)794~IwOz}Q^ z9=i31riZgUME={Jv2+((5Gx1^__Gp`e;I2*l6it+KmVnIk+6mzHTYXOzZS3dTx6{R5 zJJl_H_y?qC{umAy%$NTHic`94{+!owY4NG@|5nowLs(-Oo9r|Zqe_0+&i?X`S3x694nm^{qa^{EVsY?Da zN9Y?FYlY-8P5mdpi+?%roM>b)U$$IMfV+R&4#Nhrti|8xF}(U8Hu3@yk|tlaLM}R- znu$MlPvX?_gl|tz{wGRkiHN3$6YZu@Xole_Bt?io*BIq;JhgEijl9GOE)j7?!G3Ca z!*1l8SB3;MF8r1Xvs{CIvGZA?RNzEK6=2XQzi?RoS5Gyfs>Z6+Hg$YGHGO|%qDDl& z49{Fm`J*WrqVf1`W~>X&k9_K%uy#LiIaSm@_KaseEFJl5D{Sqw+i&ZxSA4}qE^9BE_SQewNyD%bp3xAL(u?HENJCsf;0=7IeN)2}Bp&%A{cHvNEVvAEgycRJsOd zcQ@mLp@zYXII1rMc zN&1bc67Z(To~{wa(quI|4(Bs2a2eSB%lLqlRSTM6XRx6eh(ZjW?ND#3-nW8JZdk`# zMlMKOKc-5L#i02ZCxv#{ZO%mM;1oz0Z%3=lfkYzdQft^i@O`wp#SW9Ft>hWDLoYn1 z!zBUEO;jqYUWg5urSF<_*3IYgq;sf_w%KAoDE>Uys37@G5CJW`%Te)LY31}Ms%1S->3mXP^pay&um6h=P0J1k(6cpcm z-&U&x9GWsM57xnPILdOpfnOMk!C~DVCiqlCF_8*5dUERU9W69fT}V$9jB)(387NN? zfHR6Zv#c0XqPHA0%hNpZFMW^0M0WI7V zTfht?lL;XcGAE4yj|Oz=cKUu3h{A?Z00r~C2Br*TA@z{X04c@!-frPr*n_9zvfw)^ zEodHldjWK^y4KDdkY_IlfW5(Jj{}07IX8VBjNX2jNZH#3{Sdj_cf<|Q`%B{%DOaKpj7Ftl^Ji{KEZzcpTpj3w- zp`};!N03(_Ap1Y|=-7O-uvAP?Mgj7nW_ujFa}Bp+4S}i42ihjb#8vw;RRy>XMbb%# zt3Qkc%yU_(9!`-pB9L36R6L+94lwj9f`+7=BMuj9lk*%__!T=}ARO7uly}Krh0d!5 zmJHzO%Qe`|aI~^oj-Un#sb;R2^6I&ex%3?PjA<$ul^tIa#rlNbe;JU%rKj9CHnH;Q z0t8GQIn^3Tr|{o-hLF$AKj^`mD<2&m*_Ey=f%8uQ)?lOaFR!+W1{y_oj~5d0=yUe= zrJ#6TgZwL_80G@b7{0raew1_w2GvpHHit1rbC25!JHro5vX~Y~tmb&0aa7V@jurWF zjp8;3gHZ1C$7DA7U*V0l0;5zWAVEPEPdvMa8Vi_7EkV{Rml*$oR8{rs_?$@aw^&r> zP_=6tc#pbOfe3VL$zwdHTN@u7RguYQje{Wq&7cHb{ue;E6lDPx8!wKhieMTarU~d^ zEPYHCN&XP!8!jza2gvp-Sn&7JzsY5F?D$6LR37#tiF1g-J@Tm z8;_vnze5XZm@?*tjtTkT9lPU72Da#XN&wOPZM3vfl?os`!KRufpUc08zDOQ7lL|1P zFcIM{c>I`1l_G0|;uo}Lrz?KcVKc+XxC?xRT}7B%0o3$72C#HCdx~R-d@o2i2TOvJ zTcgVrod89G5l4B0bwM@^(g{_PFp9wz@){x_4lh0_sOZ*dqe;gKjk8M%BJCh|T=q-qO*3o8v6z6SKRd;}ML#Buv9I9M075~PBGf`rOvlhvqFlFGA8nc!-) z+zy|86!d7bK%+LKvjB4vniM@e7H9;>`Y|E!j_*oDlK zBKIsswveQ764}`uVH2*WnGu~{tx3`u~rld^0$8X1+>@f3N} z?hy*ItS6LUc*j`*7j9$0uKO5#x?0+cm$=m&Az`8^gByaQDFp?fBGK3ClT$x55-~rN z8Z}%{WCCXZqUz#6Bp5~;A$rie>rzIXQe(Qzpl5H~l54WkEhd^kbwi5>O|KQYNu#8+ zKK9bF+*OXoomuykK2Ei}^LFfvV+geUwuvhHISNT%kJMz_dgTbN7nLJQG-#&sad1(b znqvs$3#XdFdaa}Bq28GycBwZ)ftd|K*^!*lB$a|ODECVFM*Fgd(8Le;fvgx@+;)aN zD4BqTN0I}|TEH{9rPn02pNg|1UsQ>~#l;%v z)g1a$K?5g>P<9_c_10dm|^QU*0E18wiT z0cM>^-USaRmPGa#y7|k+42oKz@MQjlu-4U&uWX#u%H0z(&Y0q|0=kJ3ur8d8pm1;R zffws;nClZ+eD?9CN?uMP&lIcfml1BFOqyN9ELDGa+WH_IN$p1*lQJ{unAiAu9FQne zBy`$7jl4giU7bMLR3gKBi48ltf+d}vd`g~`EX~3~vXX?FGBsj6@WQi=E+^(&gh#8Q zc|08oD@*!y<7EkabHb_QxC#bILtx1FDLaz-Aa@!EG%rB8Az)e$v<=7uO`QoY7zboi z3tcFrIy`B~?l4A_oU3VLH21`_bS3!k*=Lb_l_hYo;noQyF=-bW!F%1Qqvzj&Z>R0XBZNNodD5Q8CyGjdfm^dlz&Mcl$E!Q8MIRQ z4qp$}I{^-vi}q>$INrQBuOX>|qU0E#57Z`)bgENeS>3DeYNp?xH*t-ft zrNG`hoj5vqQjbU<&hc0UEkU477W4)bXsjOtNNd^i@~C&E;2{t|khk2N(&lWWnj~+i ztJrQF(J$~1EQt8fQZ>b*0T3=W7mOCkDzTUFM4%d2dtj4;-E1a&|ZE1sMH^QPFf-hbz*L1Co1E<)9MZDRRG{@E(92!{k$O`;mMAJga zUglyV_w^Cha-3Hl!levYH#lzDt(v}17iyFAgkJcRN}=`gyqXA=Gf!*IbnX`~ad=bD zr%5cW{asL6*H``4Sl67=(HXe_8q^&;szV@K+Q08%mFXq35sCQ3;-Tl4_7W&8Lt^i2 z9bO%4xj7UBIPR|L_9UB*Vdj@XLHT2FkjShLhrlkR39_qe|R7?{nz#}B& z@4;7cwFl~JC!}yaD!DzbsTPCkA{G7aYG3L^|H5 zBZmpL)5%`(^wy+MjzFzCpM~o;0k?T)d%V8Z7bf8fTy)FD(=V8b1E;vW-z@Kv|2Ya^B@@U$H^3 zPHv7dR60oz7XuDy>Wu<55yH0=^P+uYxJeN(hX_&1(js6mVHY7pIw~;-v~g|VXtBAs zSPH0AnP4Px29tVSdQl_!ITJ$o~sF3 z3kbx~b*YrPD6a#|pXs%-bnDn9E)bKqb^35w+j}l}j=p|MMl#M#s$c{SEKOcVD(-$W z3+N+nqS)cRYS7HH5Cn40f!CxAi-qphKs~wb0rT%h;5y#Spct*&Ms62kD1&C{uM50A zPfHUlBoqRez@VijjQO-I&3F_TEy`cDhqh~LO9Mf0k6cPti$8dYgiUZ#zoId_Ti@5p zDM#~F`snM>cz)r!@6Q>xl;>O-C%}hBYMwpUo&Cs)&)Wrz^jX6_gLX0!!{YW5m9kZ; ztoL-8QbkkV;d~3b8pvAVOJ1tDDD4T4aFeUZkec)ScU~&9?78ojPRW<;v)zm}K zS`7*$Xi2s(s)k>3?!tlW>Y4F|Eh0&=LIhSu5^k`*YGx%tZ-l$3TxDasL}S`Js;*EB zc8=AN+6ru_7>GVcMR?gF%A7>mK>r$>h4VPZ!6fKv9=bly8-=L&@S;71v7{b_swse} zfrA@p>U`U~mBPBkbG1&dy=2@iypJbfy8X`YsXIBzs0Ti3EL=%F482Rc$m3oF;1MvI z{KJ~FZHU+tfC?GlG?YPWrQfo&YOsMkwf;8IBsLYt;enY@C4(z@l%s$$)0 zKKR${pIZ=^hoF_;GvMdA(rZk8%S-d0a+YN%c&QK$RD1IZ7K1r4pOjt&5lF#`xlI;1 zCM%q`%jb(PM;i4FfR z2eW|`fuho~bL?nnfQcbvFWnS*ljJF(eqQo9*}EjBJX=C}%*A@W%4{LyR$uD{63U4A4vr`(Q{MuZrCadfssd__ykh`q{>N~7xH;7X9-Ea-dmGs} zqd?%IE0mH1j7!1#l=Iq=^vNa95J*PpDpS^<7GBZ^TrmP6X007{N16E9z+{Cc5QGh>&MNSQ(VpCS_%}(ZS5=yleV<6(sa=cg-wsGn)fBo$-M^QKIYPm1U zJ*>It{14g){wrA)CeTOMCbbprh~zlbsyd}=U+3=wW!N8OLLY8Xy-ABXSN9r!S2D|+ zo?=hs(v#TK3TkJPo*$#k4Pp*Zd7IYzfo~$v@{LuJo2DA{5vA+>x4Ex;P>49nGHq>L+D;CoChhh*zG%n{!a8)}XdaLiQ*nt)2NQac_ZK4vug%gEj%% zARRxheQ6mFn_c`^nsQKt)~X&sHwg2R!857mk`&InJ!-z|mZ_gI#zj&FJ;ODReNm%a zdYNT*Z$5v1d+I~qrP;?D`=jMVn1KQOGTUhOPan+p^};jX-}iBb{q~8UQhkRHcCep- zrm5l7ZjyO2cd|>Leq@+;e|3Jn*u-8v-N5;=(X6?)RPh3P`kP|cP@y(vc6;~9Qw05i zQU8stjJd9sfzUg5J{;Z+?pD8TtrO1@WU8^6sVUXtySUS4H&(&6;ks_F2M+9Q(G*Fl z!bPUO*G7{tf|V^G_YC96fLfN^iySH$MECnBcFV*0phm3KyZXbJ(R)v@viof1nxUSu zUHzUIMalB9;^JLhM%f@Sw)XW}iK(@Z#;$ppmkPO-PxlDPyV3gXC6ⅆFzcMyj^Af zLB_?s`87UmL->WvF>Yx`RfrHny9HSaS zj7;jt{6EC*qD2b*?(_@YdjU8IXgg{%S&(drQ%bwvm*X5hV?`1=gMz3zJ_&{ zb@UQ#?%Aw@2O@_BCUfIqKbZ@AZc$k;ilrKRG~k|g7*+{RPrl$4j?$yb%X!sX#IJ%^DO@=C!9I#!ZZ+QaZ|e6l8>-la=I z%&Ej!JUeCc9@8M7`4S76NB(F~qG)avsxod6tR57OwB*wsTEWK-hAg=4DA}+<)rEl4 zVJHMa3*_iV8x(ni=}qE$=tM$kx!w!>Oy$qzvk9c9bek z&4|o2UK-diqg!OF2ywYg1=DmY?O>{I;k?iB8%!Mk0am&h`p45 zxoVJ(Hi?|qY2!dMuKkMH3QydA&4uJa_h_=fO3w@tI^#}929=M*3o*>-+pmR>%Sm6Ce7H+Z*%wd zeyZvH)H$4nTTVYpT8(&m1%La)!da4h-oV(6ymC(C=&gqDKRIh0bJy!{6pmOV6zq~} zDCz_upIs~8OtaUp!6Rf|-dZWP9Lm_iH~U|-u*C?vpQR0ZY+#}JqDN$VHvi2A??9cn zDV+Y1#)maSjskG~H{MRVpf6~tNeai0Z#?j6RdVMRJxax&zVfEBbJU4Xf@X~{BOSfN zUn{7ki|*-ByT$wr{q?2r1i1esVP0a^uDpK@Iih?a^>Fi2$64>+h6bVVKF9THC&5rz zy${ne;geVyGHwCgtiTv1NF>m+U5f!@Ir@|6m_KLeX^ctZo!^z~;sObn5q7yiC>GM~ zeGQ!WMt=rPZL5^V!1^N|w4kOKCA{w?P9fmTO#0J_fAj*P zTC@dIr2W7gv>0v0LCkbrt;Koe^u&|!v4^T-6Y`}<&|L@3K>w?nMPM2mKlp`4SejW` z6PUMFw?8r~qynU6H?T|nF;&NNpNTOEmvkwZPMcMPRB0wdoT?~=PwP$lW0njZKS5ZO z3T9JjwU~O#TU0e<2pJ7V7JoP=O8(8MQ080vrQ;t@CcJmU4Z`Bv1vk%0g-s}XT$C&M zFW2M|4K_flif<*_-j$q%GfW5Sdg2E>o#aargm~jI_D`^?CX}QyaFCzXr27+!*2Otm z3pU>*R44NG%`KA4(~d%#A*3U`AiiQ#6$BK>(gp};aBrW4Uf3bfmJ=cwq|*=#YAQn} znFvE(U{X#{45vhZU)o1&W1gn84s?YT>pJs1i$&HGs(ZemWo)T6p{8mRpfdoR&(>KrZUywgJD;I?bzYTdikXi1 zeR_f}kH&r0(yX~FV^t{_6?luTtD#L;#Y?l)RpP#1g4O3Og}LE?bdd?q%u=Q-t^)k$ zygvVn9p;^vbq?o4|YP-+$vyAkn2R}DG3^EjfzViIc> zlqDtD_NhZg{NXbL^rF|4FXu8nI6V;V%YBd1La zFXgi2TUIz|F7?nVuBG1`qT&pACpl-JGtbi}5wtKS6G$yI-TrVGCnv ztam*VL(V2azrba~>Zd!59HEmvK>J@&UAyYov?yBR^lF~sVbgL{0=HD&4&xi1ux?*V ziCv+sPr?BS1cb!(2Ml9-BP82_b?>7~AJ4xER01IMy7+i8t2n{zvPzO!x2|9LQ_B>X zX_=MMVsVrBid;K7dmNgU<7gy&X@%hgpxd=fkYm{_Yv(OgE&wtoV=I{wVA{;B=!I5$ z6HtmUH^%4z6wKY_iZ+$!F9P8cDOCBzqy3>O2zoFpJ_>h$h6?Cnz=Kudt;;N8&eDvA zg6FjG=qE2tx$8>-e>A^12{1v)K!Qgn!J&vl-K3ATUr9A=#!?NnCmQ_GC^R&wKo=UV zO~63z>Y%lG<=#F6C9R~j#O^-m1IcLMb@x$$Sp;-d&La9uyWtqfI9x?q+IM$}_)s#y z$cVh71vOcnK!&<72~ScQ#`;NTTSXR?Zo<)aSB9hX-518w()-K1+n&a?)PVHk0ti7% zA`Cm-=m%q)C&2rK#0SyGY$3-EdCFQhGL47yT(~u(OAK2!Mb%=C*;?Cdg}j9o>edg@ zoGXgc?R3Ku_H$4?G?u=rHDX(w)m_t;Z*my^@yeUHf#yZv=iadlUwR;jr8C$}* zICIm}{y~%#=mk<}%b@_wR_@qHN{ocxQplS(O0teUWQ!OU1__uPpF0mqSnFhrIsdLJ=te#FjW~|O95BjGaEbs zSYQ)-v+Gr#rCv**6ifVxSOi0&T(eIAuW9!$HCl#0-L|mAi#NnnFRl)&#av!=9rlUS zEm^v&Ph=yG=h2ykz~fg4E&@-*N`tNAg(-KsBVr6Yc04haT(UAt_dR6i`IjlnGLMUM zEfZ{s=lsZ#`7?W3&fF7&vd6@0CJ_pId2z`t(6e;-Lj^lC|F+KVU2uXNrjA5%eursO zDEZ*s)=aDJ&*wrPeO?nMM#!H4avM?kuB*E0cC~d|lqZ0eOJacWnq!G?n?~+AlY5-x z={JiJ$@^5TDGDZTI|;YymL@%(ddvlgo#%Xzveelm+or_ZtQ0^jnOF-cBGCK_)h;3Z zZWeGqVu7rJkAdf&Uzk*DX5+HC4+p!(2~gRTFEeKOa^W_am7l`#`}Qi>ft|ME63x%s zdOwXXF3^q59@q_6y%i@S_Q#0-zPxIxfeXT)!sp>zPLrdO25FLpdL_k-;SMs<7;Sz{f#NMFXHQN6!!(^>n7J&8*N= z0N{Q&*+(9-2k*L}os48|oYe)pcwQorF~@pU1BRwr0g(98Fbs<=A2(1}Q0Ut-$wn*j0pB!d-{lf}l-hF!@T0d6HG+1^ERkF$ z^H1V88xaOcf`Ev-7vj52@R%MfxC6CwEKZd-wvdJ3d<+IgF-o;Fg8BfJ??8zV-^&L4 zjaY;t`lV$Mzb=?cd3huIc^xgisNRdA)Vw<&Ju78)RG@YQ;O56o9+tN;1I&-tXK|nL z6b9BC=%r+qBFXgMaT)zwvTf6`cvWldH9Ut5eB<*=s{O-<>w!AgWH%4WRGS56%kkZ- z$Cj9`>jB%h8o!B{lN)*Z#b-~)TfODx3i6!r%&M#{=dg_R5p`l&4U*4qI6hoSAIWYS zDF~@{(fd4Wmpbey)M_?aZ2xKQ1o$qOoS46Iaa&sRb=R$PKGemW$QU95R)Pzj{j^Jp zn%V?$d$)b~1I-w~o{ovs&aj=QKhV>viIpJlr=DTp(qrUl<8$=((Vzx%#jiJ)iqE2n zzS?a)pie3B!!~_F^FzNVVc*rTK%NJ08NP1Zd%{+wS}%nj7KgJ%K`CLK))r=9vnyLc z+255*6vWNax^G%I!Fz)ES`-SqY@$e&oT0?r(sxPRJR`eS8fcbo5~JGu5&z%^-N?Q( z(SG=ff3wT*+RyX5{4m?n`KR6({vs+2wla72!asEt&lh(ULqwi9gs0au$iy=Onx=XZ zy0)A+epWCf=Uddsg_*$jz-ZeKCF(2uq0!Sad!V!5C%(4YY4&{X_@x+f$YbC}kCrJA z(8AfWsm%MIeZ0|8>GY#WN#{!ZjkKGNL{paktxn?>ZO0J{B&ub6|96Oce!wW)x&HDP z`Dl7l-upEDOwt&WtnnzPof*&>Qf{a_$}{~9*rwKopD&mB`U@3)5;2%yJeUazzHexh z1Rxw)L>|-9K>@~LBsh=-WSw&hR$?##49_!P7TFN300D1B#)m`AKjIzQmyL|em6Kq4 z6CZjK%K>TTRE;#%#Wn!2BkU~EYV7PF7Il*39K`V*Lhx6?1CPbr(;AjkAPC9v} z+dQ~3JD%}i2cKlaAJpIDiH8f7*2-9f120uo_)G`+G`-XzerS4njPM(8ydI8`b!8$7 z!JFcWT5dGiprsS_bjUMFQGP=(Xxqf$1=N3dV*wczEve;Hu*LwBZXE8d`Vt69J_1WQ zxE)ElwDw-?%_>{jK9#|(muVvdE=yvo^zgGO!fm}1cO0%gYbvWui^e6!szW^&nq4P$ z7OpqD>YIF}hidmZUfXu~N~xiE<-WLm`=8i?58EclpSOEpriN!;|^S zNqPISX7Sl?apy}LP^D}IPrdKqJ@PGSeuciQkmV{lXp+6jzj{Rd;4d`J7HD)_zWuB8 z=fzt8$BD8hKu^`H3j!52-~a}y!X+;4Z7Y_By->JUrT>>0Z9Wyw#H%Y4Kc6g1@w_1( zfk=F2O5_-SJq#(R8}&8}{B|JXmwR=!?+fvE2ipt@omqW3pA4GHg&Z8=m_%yTKhA3q zWKZVxt)aosFp@t(d?P0rHYT-Uek)$MT}hKz)fdp2m-^G73zD@~e|E4%u_l`g#7 zKS?UtAM{GwY$bTnz6_}hbUAphs!%U#SvOo`7?+izU4hz8be7_U9z~a`l5Zbh{6Zyn zsCxqVYr43N-4lN6w$k`X@)eHVm)$#nt< zrt(hN1A@Br8k9WCqm~`PD{06`85~G3yJ8OmwzZ7?p}AH-?M>llU_nH1vdICCaAAW4 zT#ycc9pVei6F+5X(8%1vB#f zV=9?^?SA;-Yxw6+%$Gq&u(+o+JCO)DbNN@|i9Gg-coNcWx+O3%WcCqils)eF{NPjK|0UcKXzHWU`gXv;Y1I*04PMaBH)a=M%Mt| zN+-bzdQ)~YP;;A#b^))`<7u!uNqM1~g@+Y_ZqP*{wkU51#DiGICEaH-!Q0W>n>>V( zwieXhTXTj)ZyB@KDAyz$ksY{xPFg7TE`kiM>w~YaM>=1vyp^N-UaYW*!1orzqV-K! zs_DYbk$WNfFXhp%pKrAUM@}yQIMODW*xv4>--#rB zd$<3fxAZxKo~iD(0e1ZB5=~?G*WO3bmVUKTx|ip7Fbdms>u3A0vZ21r+|OzZaBQK$WJ;QxZ5WEs@|{jD}PyU5|&v zo%)~8oWsBDoFfM3{B?N_k2s035*x?I6X2&w*!Dgrxf}scUZ}+Z$4_{E^C;^mZ>^l% zr+D2cH-9yFD|^aE`XNLeKf{)jD6RJV1PzKQ@fhZ;9LyHG@-w>HIQV8T z$()UoQCWA+v0@2PKp@&3MxA5A_`kP{l6$Fx(lI}Amn6Jx7lSUv#AorOW4giI8 zRjNGd?tm5Xc>v_e`_<2E@OKkfRRB2hP^6haCIK+%>Ms^00iv@dIGa{tfvJYSx)8b& zgJ%TZ`2dX4GtU4N*H-pjWG0Cf0{q%GVomQ8UR|2cv;xh4E)HA-@)1QSIT8&#8-Zz{R0a@QY|;82H9#uJ0inSNdE!vp}M#Y zsw_wo^j@$V6JW6-Ow@UiUc!_)OZ8{{10ze~#q*!{-I4QkIafDl{SkV4L!M zWpCqQIwpZ=$ZJ}EFJXqGThAVfH5h!Y+Uq3-2H$0F^n32N82&yQ`0JmqzNg?wo8|X8 z{-BT3c4@0uxoUS|>_@20^PW}{de-jkiJLcgM%BIKJ+9B(dmQrQG|!v7**}((tE5%s zY+Tl!`~z}MhX1(fu}0P1x!!rxnF~CsAed?#zgC}ofuu{!7Jhg+TXR#sH;#~FeIu%m zqedt=N%Of`LRD(ttm1K?z-j84y(I%a0WvRfwa*2Q$fO&5B56DUCUyNXw)*7GE*R`_ z3Mmp(t<%8s&p);YS%o(|9(*$k{mix_xEHd*JDh}t$Ow)-Q%IVJv+5aT9um}qW1!?V zp*t-AS^E9(%sD;c1wpEZ8Z2VO6u*sp6p2a)T)~sOUdP^apc2zd5D^R-lzwfEC{Czn1ry&JB`%hp50nx3+_cufgg8ni188jVlUA;lqt!q&9r;om8;@ ztT&SuzY#%Y@HKs%4^Edv?3Ssq6q+)kgyf7tK&6&6VVJY*rU}lH*SkiFq-5hYDEfK| zZlu?P=kaS|YSl6&6l&baY`icBS~{*reRC+}XSb+40j?5Nlk>M~`X8RjTG~i&{oXDb z_UPY$u6pF>s@iBuCcnBLrFpz+eUdclS|KCaVa`R&WjGGU%V3`TnFf>tftrvpY%?AsQI8s=!U-Ty%_tSY z+8}az4hDufV1Aa7&m`Mj8|`UzZ@7&iVnfF4Yr>Iv=vLvdo5#X49L-mcV2!0a>ov2b z*DAWpw%G+fpS?dKlMy!Py8qL}{b}0iTRlBA65q~GnERgq+X2^qRdNjW5?_dFxz~2f zfEYRX9oJUTOsQpECcfkpuem5EU|Zc1Ed8vS_@0Zy>6y?k-2edaP!I1fH&#+M;3Qe^`zD~lD|A~eY-vH(i}LEJC`6O zDk`A5BhhE7J0ZpJnp~woljdd6ed&Z#l76^0fYohrw8%+VDr>n-b_BA%lbYQ+~%yWgk}lv~c_wEVVQB z5&R+hcauu!vTxbfss`elGbXre4~j+ta(prEPa4m*TFsqs#TstqiXaOxc?3xj9w~lib&$jn6Zu-hWQ7 zwd~63_4%0UVnb_jzrecda&J86OcYMVNRLKw(xuvd@Up_|AH&l)? zp|}@5;0^rHs&bKO)No?hO1#&78yJLM*<3Z#bO-w<^;31*q`v`uz@qq&<#!{{CfXI* z^h^!{T6|}0UW1cvpHDbVY!i8Z@puG1PpYNlf!oah^5Vp@(3TYK!!$pp;&bBGu z5h-3=Y!Qa@Xo!}5EkB0*dT`0F#f{#-eV#w@_;KLKq1NJhuxZ)Bm!|H2imV#Tl3i$! zVBE0nX~deMLhgoHnggZJ_s5jzCichm+aU0pD=|x#DbpiSWZIfy3^7&NaNjsqMzv-e z{C%B_Ha^EVhds17=o)|pAy{#5)6BHhBMVrEt+bL#(t;fTZrocr1=@fb8x%W^Nfpv& ziv>t4SsT8W*LTA}K5C=FRyL@~Y^0tZmj5PWHaMrDl5v$916iCn!;I)Eh6=oFQWD-wI z8BX2Uz|S1F!uy8HmM<>3r~FCrGB^>Z9_j9;$L;Fr>U#}K8C%vI*1r!LZ>sjg2FdTK z->8~eyMT}nV}0V&LviVr>&7pNcQl4-XRoLpwYD<6%MYL8sUfN(EnAtaZ}H(H#chaY z1LOX-PDgs;*)IJzlRlJ@^T+H0`KN@y3Y-FM%ydhtreKY-PZ&NZf#F6Z=IU1leEl~_X%n{oNJ?Zf6~ zV|w;m_awn?dG%70sDXzyB#*~}jYSn6;GSrz;tabjC@s|m^v8g*7%vwxM`+9%!(c6> z_e~K@TQPJhTLB()sw&8azJ-Z8NS*UV+ldpv;cAK%|s$)%3Bzl9)&>vN~zO#?&ejjrw1K zMvB~xWkMpF+#Ob_WltN2ZsJC($FYPsxvRy@_`#^~vq^$>T09 z;iJX`!Q`|-c9A3ogKUM2sTOS7;0(Gni*Nykz}XiXGT+-ADi|M>)k2uxmSy5li9qG> zPK0;>Ig3*JiqyD7m%#3#d043h-IMIc?QD06<;}kfE5)D1&!q>iG%aQXZTu4*dQ&)1 z#-Izb4g85dxCuSTm{nAxQed(mK-sFRJfWTf7Ou0VV@i5Km24G^CkBVy4~+vSXOTkF zX}o2wRW>4ILNYA}VCqABiqqABWHMK($B?wb2A+4@D)p71?=ulvJyj}c-dp&~5R+N~ z*H$OsGr~~P)&8Lkduo$Yn`$=k26jI@r8I;-Bv2jKRqp6r`z>UY9*6*h(6frms5KKZ z*JFw)5CUyId3+7DCM6K(qEI*od{CdbnDNXChr&sB*q1aOO1Y?1=V>(;L2neQ3FLWx=e-F*9p}o%#Oly>`x}Gdd3&9XB0b z_Tr80i)}ToEHETU(D8^VhZAwYbz^OZ^u0o#n*GyvPx}yAK1K#w_ws$yOMS9!{9d{~ zaqJU!t-jne7g$4ai?ay;E6!n)-s^z3&lPLWW*;@!UPu%8@^<&%D3PNh>w3p-zSxiH+-IW5nekkXOYg;~ zDpjev6s~Y*9W^T|vjum=SD#-UC<@REwp%vA`jFG7r1_)}FfXVa1u50DVeqlwdeIiW#0nbqqkg#8RFDjSh^Bz(pxNPE|>rB4M+qqB{d;5#~N2qgg8V zU^{yOdpLs>Qk#?y2M2tz(yTjfLOXqeI;Af|$D&+odp?$6SQA|%au~4$-O5O^Lgq$V z60NMt@3LNa4{EbDN%qM>u&quSoq?&WCl;s(Ag3hWyCrBbwv6!=GUo&%DjLh7Jt+Z_ zcpG|v2^A87mT-s1ft_dr#56L*F4G^@8s$GtEWUG-Wp|(J!2M6I0~&r>4H{uveK2Nl zDB7#w$-n=;wbS<9o%LN09M6^N#WRm4_kLQ+n9 zbI|oAZ&1C~@uixcF1BomNl%SM|B#M?)7oud!9J^xkQ#(P+ThK%GsJon~my<6G#pYw5uP`YzNY zmlot<8BFH>-L!aaMLN)|18Dn`9eSOe|EnBuv0vixN*I^YF}*dHV(MS%TXW{tm(WNp z8ChcfwkW(8vg{WP*3DR1y1cF`+a<(SP^J#W0zv`6nL1EVT~;cgUu)EyLnkmbT#;+}(BX0Rmxg3GVJ1Ah-q#5+r!A!QI^l zcMHKGc!1y%B)AhCl6R#2|)m5zS>ie$N5Pm0uP=b(w^j0l(84xw* z)gfxhs-=OE1Y$;<1E3^Os1b0is272wLpW?DmCzSG@JSU)nIH!W0OaH{40>%VgtIWv z4%=KULYrVnDbu&`*C24aLJ@&a7qrLd z^$gLB`XE#w*lDJbf@Hx0{QjW{eK+l+<6*CDZ%*0Mu74=1K4ZBMkLZ!FGE5!H=NqC(UTA7e@oRdzSfyOj$0E&MpjmeEf>d>kRTB z7vS+`bSFxBtXz^d{lZT#?Q1DrFc4I|LRv6s7F_h5-O5}k(=qo=i1)%BvriW7oP$)0 z{F%D_8+yhsjo1$AE~Y;A)i3wh{A%!;9A0ld*FB+|6h)Go$||ZDW+9W=0m1+CzLJl< zsHGC?sI+d&*PGpIKMO~8JBi0!&i4An+H1dNnmQdy z)c;9_I6i62M-p!isoCy9{fsICN@`;A$`27rM3_bDpHx)+PKBgiCEJIsm+OkQO9w#a z&n!DYOG`_VhdGLk_R5)!|0rY%>YaI4CKrS3^^hi6mG@;Vfv#M?=1vSg}v#v8b5h zjLn*lva=wDeFQQVCdY)9udqx62YZac0~~BU0>hV@ru5W0!qt~)Ey?&8Zm6!tj%Ur)45?vLS5m?lZ8bhZ;>>b^u5>$bQalz;iLbk%3`Vxr&mXsE4409l8@ul~BNpM%gcOY{M43Cab zl#2jE0*MHAMvWOmwC*y<;aIOx6|_$3Ai4Qk0#hS?%P);mi>!VWt4YwgUz5M2kNNO4 z3C#iUJ}xZ$TL$9`qg0^a>D>$d@@B>q*Qx@ zG3Zg5FAFX=PtE0-sI%UE*w+=TzIgH9!=JWjbzez6d+G{{M}?^EiCJ+|$)2j;8+jf- zw2yhG{yN34=!<_J<>q&yye6&biYEztK!%W9MP613c-3~65A^myCq-M?LnYiYy_mdm zEcg4gFx)6f>H!2mVlD;bRLL|R5o>@I_mIX5fTT$%?Ff*nTb5aL9S=cZfq*Z+%L6a> zs9eG%QAUGvhn0YifStr3Iu#q|+i7$Q9i?8%dnH`U^u zpc)i2Z0*@3F7#e{#1}H926Ps3+-LwiJXbm*dUfKA69XjeZr!Z%As{O6W6vn4NJWA^ zrk6Og0HPs8(N)Syzu?b>hn<9^M2v2d(M#yjrx?H{ArpjDB9VmCjuz8Phty2L^0t5& z9i*a5S_EKI2?=6EIf1_errOe7mGZx@2>pggA7)i`*{gM7^aDlOoEyI1j=Nxv)KgR( zMZ%Bw5Vo-*C&kOVheGN?m_u0!bQAi~`n<=a<-QrSS;Rf!KFN z`J4D6ctm4EcQtKPkw=r({Dx*$i%NcTetidBJ7@(7F|%*#K^lumaF48M2~$mHVxNe( zcV`~Y%BTQT!0QRB&UW%(d1m{yJM6z3mKu92kaftZmV!ZRXe@4~%)#Mhh|TlJ^)lPtXZ6qhqJHQn;3Q zRqmxBIe>;vjFh0sj;spX7MR32K>7AAXhqd6l9>!0$@A$e0i6y4(Tijcq%6GMjbewQ zJ}nR(qZ)#A=e5k+1ppmIp+5Bt(h4}4_#nuKz>goJSCPbCyzesxqH*praX&CT>I;Wf zJ#LYd<0_Uk-FTC|0ZI^_=!g|CO_|{%;o<>M&P_wJjnq_j%Jb~a}UB#XPXfoQ!%^VA^?>L zGk$C4OyS|Vfsz%o=yKrvG)G+$C`*g3MN!kM7Qs{AIxA$maLcanzR!r{o5EH^Me$J} zhzk-Z?n)(z&|}d`$I_HsQU{&6I+o2A$=pT23guKz#H5rY6~N2aWkT0v&bAee6iuQU;Y zISfO(b1Oon2onH^($l@iLXLG%#$OsbL1IQZ0cf8!8lO{D3t}$;4%y%a8DkznEdGINR-B)Xk^nrJr1nHW&T^)6 z_0$qtRzceCFj-`(YHs6k2)*Pvq3Kc)Q;n=iqga$0!b_x-WqR!oNXn{Ss^i&V4&2Y{r!)gO`G=wqlN6$L@ac2YsmU)Fu)7RYe0X+anWPhhMm2r2+6 zPRH0XKw~mutuOn6BJ*+Yo0LRu_ zpyBpwdud(5d?&LQ!DDoPBgs7j1xiZ;#U1|n$BL|mY6ZB#))3Iin`45n>^bKY&LUoVDX{B~ zAV>1N_*6Nj5);Ly)`xG%VHqR|vI6Jg>23FQN|MU#`VON?PDhc`@iiHR_NUJYEl#<0T zBw6F&Z^zY8SzOi$G{N#RkUPD(UbZc;^k)y=;$eGfL;1J$rniSn#;Y!VlFU2b60j|+ zHVqy1Urfxa@~JJR(SJxd?K$>Q*5|%a_0ZNioi>(vV0EnB$$9$+u;^f9`=}3#-<3Q6 z@zz=MXrOR+*=4SHzFh0g=ldxw(a(=j0iMTnE$?L>C@E8X>))NU9nKsL7yo(~mZIID zNU~G-bQL{&@F6yKOw>Tg>-F`)jitt~yWuR-yYLdI+Raen;q}1ZlKaLRzn9BbQAC_i z@#>aGIw&P6nRW!1nqTn?fN#wHX*E_(aG#Rr_Ll+x?=#21MdZK4YX1HM*a`b07+z)- z`g2mIduJwE)M=eNn}kq*$P4>!FMf_g0fDy8?nqsC!8zTsiH zJ|8Ik`tRY`a=DGsFu-^)e=ZW8WR-0F|2lO}Jw_OL1l8X^ds|+Eo7m7HUxms!9*|2@ z?SQ?rW*6m#tqEpyG3Hh+gv+Icj}l(``>#^kp8J!Y2M#5G`hG3lo81>;a>Khc)l^*^ zj~>1a73(AIU&Vi=mF$*Jo5(QS|F=&)f2p`copvWu{hV5>)p5s|xWE42f)&^N;)BE= zs5Qq(e=ZVZ`~hIlGFZNg*TXSM|0OJH@J&A6?bG@OQzdhLeuubtU$~U|L#=)T+OxA8w@Za#``;9f9}bDrzj9^7_riKe*jb(CW9?( zau(^exc*E3o!)+YoppwpCgLRjM{}L3tk(f_HeSO1amMGyg!nF#UmZo+{ID(|6h}8g?($spIBt>lJ3OS z?Wg^qN!z`pc`O#_}?9c>EtxQrDPWIBG~%K(jFo4ToSDAp${DDk;u1E^npRa_z>r z8R?@Yy{}meOFHkaD`OOHXf1f49sO)gw@z}fNRs+|T>W}gmhqum>*V>@`u_#~OP(j- z{E(Z*H`%k}H@8KXf9G8y7UT$pyjYGUv=Mx|9Iv-psX&vE0f*=gyhX7tYsb@SB-`q; zhA*Mz+>vlc*+OZ3>Fdk^dxp=YcW9Vd;0WZ(tPD)xSgD;Yy%t7&nSB@^8a`L41+cL2 z3z522zXXI^@?B`GtQonGahZ&T0352yoKDOv3x|r&0X8_T+$^PQadik{Pst-=DkC!w zkE~^6rqyNm{N-Oc@Gd$VbPp&ybEUO=H=kO0khBvEutF<4V$`pH+iKeWZc`nzfI08L z(R=E9^5vMXBnTf1Tzzou<}zM5i~*vY7C)A9KI zg+rkC;^)3G?0GyjKP@t`d&@`N&Dnm0b|~I9iJBDc%X3R*F?HQgydI6h&szwUQ8Jj{ zBX-~F?Q7i?YMiz={+<5B*`2Yn-?fIy#CFzX#!&XSf#y8;3xDNqjfIu5#w{QC$|pU1 zp?Bq^M?(o152$=L7}?NX#m&yx?a_)i%5~wq$zE^~o_}&~^Ieu-^;7Wn>POQg7lS!K zi^+1#4IINHfDnX|F|5!WghY84CV^gNWM)Sw#dQXX1UOj|q8+aTSP#7)KriSACZM~? zwIgdlmO#i!LK-QoZ~`~-iU~=Z&Rv_L#qR!!d56bqb00^t%)FC=0>DJSEei2kSq^_0 z15I4sJQ`*cha&5;Adk^HP3=wgO16>h`rKi!z*$S_L@QJ`dTn z{_37iLBgzV%`={jRl+O*EXuk;0w)zAlx zzOvjXZw7YKowJ^XQ;l#urucq4_Q68xw9~(G71?1~0$^dxg;-~lZv`o7LW%)AK=xI@ zPrz4)CAUIwmAdFG1j}jHzXBV$2qLwqT`$`zPs7otJOZ%3n3Un zVN{VtGO|%axqPykgw$G?imqu|Rw|>REKOxUZI`YWnx(@?pLi%OhlFD~K0#6gc{Q~X z$87{T*T-P10~BSxpTCR5PX;df@2*s>4meci%eQ_w3EtbY4>;TqYiPRB+^0f({FVRU z{p;mZ-t?a8X9uC-4-hU|F@4)>za8)&KwaRQrib{_KLGdT=h3!Fgl+Y+86o7JKY)kf zH)_A(-VH6C~sepgh%(koZX+}ug=N%K$U<4qbsWGqntm)a{qF)e;ha) z6?xleG9Y`!#oj+_zPB33$IW#$o!wG7XI#^!Cd*+p|D_!5uo2d8y=dYSZPT@pH}F3V zhl<|mh`g5{zQ=bJN`p#VPl2PXDnEvwwbP@RO?gV57X;Bdm825`HGsNY=#p|VGEt|? zz}KPCiA5e9hMTTIH3z#IHX0sk2-zQl*8216hmh%uqANr`f{FQ#))lZEYXgkHgY?L& zf($svMrW5`nTh%m6yiI)LuBv5oC|`x?c&cqHu~eL`00B$I_3LkBbo!Bk^frIXVBQ- zy=q#h{_Ud7_-1b9pQEQf?O-^f7wpCcLC|F!;Tk$HbO_QB)U(`H7&7GV&DArv!q7Gg z8Z~2Nmlz~@CJJdJQ&lvgQ_(L%7!Hwjlhy&U09`AMHs8}{N@@W&5nwwsWEV=hTj1IrJRJG%GYH6)OSas(1yUSfg@>+Yzz|XOzb3L6riu?6m9Jh+Y1*7~@ z_s5m==!7IPse==N!gA{m`Ee9KE%yThKx>3UQ7WL9b#F=KFb3(Js1CBdRFUbkq;$W6 zfEY3h&wVkuoahCjh6b2t#L8z(nPk&Z2`s|Tgyl0%?ni|zn!3yAOu_a=z{+pw$ZzGy zmkgkYAop7TL-F#_%B$w~y`R%aUzABM2p9>_TtR1$eZQHsrdSy@t^LfdexmfMGjUW7+4WzDDG1B^(&Sf;#dNHX*AsKHRBIp438A1- z=W@li1#DZ&R=wzgC%;|lG23r>H{Z9`)f!Vu)}=#rrWTK>loLJ0Sr`Rm5wp!A%tL^xH-Oe z9_qBHsf@}TDYnI#e?^#*J1FQs#Xi{5>Mf7je2#YPDeJx_Ufej$UMuJv{q972X4luI z{p0Iejv1A;4)Jjs^;ZuhmjSBQaRk31{obj0eEl`;ujd_jPu)2U+)KWbjL%Fu#^Nk# z`ZBxbMVY5>zt$IBAG28>J&HQY=WQuc&MI;mRtS%#smb=ZdavQ}d}@BXrU1{oV#8*G z-TWqXRjT!sJ599WAAngA+t~D-_V&o$8Ro$EqB(bcptC9B5UOu4n@3g=kJ!L$D2el0 zG>5*Z_QLhnGHknYeB-{^=Y8dsZVdBq?B;~vurh^f2 zmnSx#9MqJXoY(4s#=m6qDEmF^_+BZ))7;{W(^!#V5ZvXDB5uYjr(2}YXHU=ASmZEw zrFv?szxf?6wNG!~vcUOfx0bJLN8jV*lJnrSbuVATfbGfa4CmgNl}z^jY8W>wkDXT+ z-xrQ{@GW!A^4k;6OHauXC6`$5-Lj0FxoC zytvxYt4~R2ZcZ4*iO6gMa+-plzvP&flWYojyI^lobjuai1(LKr-Cj>jnXamMN$iim z^v-SgXdDGIzcQE{T1}n77eCI330Ul^yjs*OvW`{9-w~$9MgO+cR55o+IpzNP{SbLr zm)D#~&R3$bC>r;SxT*9$bqeTZ8I&Ei%LCyZNydFKt%u7VdlgU~Zs&BV%HO0q)UJ9Q zKF-%EPs-P(`9Y)xB)r-H81^uMcD|~sVjpDfGM?d`m;Dms<#2KuH@Eq!xN1A=_2X0e ziR%V_8C~0bc*EX$!oK=|1%l}xz-BxY?)CZtgWx6|O?mhN3bc-}-MIfaE5Mr@OlS^AwcXh-pORqY!l z6Z>TcK_IuISTVUIR$1_sQNe_;fqV(K=|YD{q2xv-d2bd;3j|Jt(^Vt}5TwcUgE4h} z^qL#F1fjF0sAUs)E1U;4P7XN#e92(4m6jH9m!)O56&d4L?vNR`Knh+dvme1S5edHR zrX`-`yZ!C_6T!H?361Mbl4a<$m1Bb*;T(-(fXkq_r;o!$UY0E^@aNd|yIneb7M^y- z4;=5hg6Lov@BsXZqnWOl)#mq=+!tRF0UwZ8R z!wPU!<^)(5>#0^!+EaCrSSM{qdZk=T8me&UAf+Ib6?)xjfkrK}wrjnt3NjP&@O1l5 zaX3+&&thu#wldcYTZdg8U1DuP z6`^U!h0R5->1!99CLa^)lB$045CJpGwyn(bjAHWmA!`5lulMr!4^`e1=DMQ(@r=zZ zKC7!CocN7SQ3WU;1w-60tN~N=l)C;$5|UG56^yaPn?W*n@4jZ@&$ZICzLydq;;Dti z#ON2;Jtu%=cBV9=-Bgm>-If~mUsxYsNcblmYDu)qE$`Zw{J)ifGaUv+s90Vw&9vV5 zZXs%3JHN3fHm8UZ+0X8Sal_%j$8_P_Qr<^1HX z_MWk^p?CYR;LS%U%fq*R6uCj!QU)ABLSk8!I*x+ew$Rc7 zCK{>XmBr_NDw?m(%_@uR&$4jHTR!*8k&nB2kG3tGhd=OOv+#L1?)dtyW##zp!|U_b z?UC+S8@*Kw4C|A4VXvdZ5!3-&j;wAOpsjL3zuoeoF7c)CNW(?B zoySYB%xMASF4M0&snf3dyco$JEnR4bRvzAYtVNS&M6J|0e9o)3wJ!geTg&2-)4tjs zZE{+>VCtUpm~Fk^Hx|gyKc4R4yA-+XbZ=|BhJ846|*rwwt`cvrb>8}hJhuoy5j*6vCnM~9_#$uwa=^Rh_XkiTz79v}gMHSbCR)7>gmJ*r_Pb}S zPOaYIY4TviF3h9rH)@-aX2~QcML-6xNI4xg*!!G{j*K)P*L8!!< zB}}B#s$gA{M(>w!RxP>sDSUr>@*CX;9(~juTQL5)Ww<+ucv_!{=(>gra&m3`>Pu%M zPHgJ2IYWDv|FWm}d4L6i>UH5+p z1ZS-9yTm#W~_g>k?y{i&E9$Kda|KvJyP>C5-9>x@et2UFvl6Aohv*g@l z+OFIyOb0Q8p^@)`B(6P%bZ!as?I1E`MIPF$nG%xKb~>(_N7tu8t&?rWpI3ncd?P3= zQ$kYhC2RI%i^lLItPf&B=`s%Xy^Ry4UzM)`Vm4fqFKfPdGX`TE}84^-ftVkd!HG+PCTP4Ri;~ssa z4O4HCO=8K!BYz*_(@wz$kxe#VfKm`Tae@l`7<>6B37*fVTZ8Nz!Kx%)DOiw!=17GA z2U7@?iy)!t_7E&jr&Y?*ny3lAI4RT!Vbu5-)ZczY%J`!o!E132>3t7J&zvgSvWxB? zfbfauE0IlYIEi+rl9q?`Y}z>W;=1SO|G}(Pg}H(lv2~OT=4RmE+t+BiNR=39OI3JQ ztFHE1`0b;%&^|*I&;-bpP(=Xh(WlQxqkxQ1azu}5;EvFYkxk6sYXoptPV)p|+!BRU zVe_>h&1lXOa66`Je7XQ5g zUq13p;=soE$fnD%e01aE7$*>XIVnJTD_I?o&~bYrw*L`x+?YZ+i^{LeBgR>~g-lH4 z*2rZg+xz6y$9KbIysqor?&=rkH6Q=pc|?&Z%T!@=SwT5mSe8XbWIX*OGwe2A+fmni zH~sqD`bl5b=vGju1l$`rW=SFdh8|`)9A)&s)~n0)an$#J{AJ5}cz&53A-Y%Xdx3Cii!sPeolkGQxWcN)}<zx2wRz(N@{zDO4me_r& z@p0{rmyo#PfKY^%v)gZ`I*LC43%Y7y6XI-~7N+zw7dmY5#H-=!{A`C${2 zUY5UfG@Dwwb*6accD>gqvrp~Y-<$-fry9Rah{?J&f-BQH}~2(!!0bR_eWAeD zevw9VJi3)$d8ai3QLd{_ZR^hJc)PfhDQvAKn)_Z+Fs_K9ywT?&d^r(F3!%6(jeNAj zSL@c-;2LtBsl3y~967uv>w5pD#hzrBtDz^3`NPTM_ss&vcYG`FAzNo-6gXZ973gSH zG@eG!nmT;*t}6jHFXu$~%s&p_7VrLc>FRIRZ?|cZcZ_y*JSXM6IF*h@bf))Ct8MGH zKV%{^C+YIO9+9bai5OZb+9g))YIvSmUWV+3TTgj^y*Sp-9{YrxL;KpZY_+{+UHT>~ z+R0nqPteb3+*v)9M%%fwoAuzsbK~xEd`8DPYy58Ha@5b;hdf%2%Nljy_KGuIF}D9W zjw}D!UA9{rh0*QW3Kf-}XxW;o$jcsq)Usb4ZTd3mw#iK>`m{SaxF!zswWQ;%?Lv;9 zl<%C5>Kv#pQ(}Va94UsYzrL`PvpzrHp$MVehs0ab|D_+)m8gwEDAY# z%4_Y(Fsa$3Vh?Fj8W#?rc)F{7GiCa;=t5*%0>7!`oSnw>%(`}@^fa8-03=80L>z&yIfm{xTbw;^|7E=Lt)k#Z3U*q1)=>4)!b3L3R!=bpXvLd zoG){M=)?B4`EnJ<@%N_@Frm4ii^W|1m+x9~Nr{1P9d3-OI)@G1(j4_n7f=OtYu)-^ zm938+WFCBQA8=WV&0Z{ny=qW}sEPSF-10q34fotd&40RlNx9vo-~OSl`kt2Mu}vBq-gZm)INK&Ev8 z=ir=dY`wDVjhu9Zc3Rf0LuOeu3;OBRl$f!>^YqB~;hPo5jfr*UY{{ZI*Hix7I?sL% z`%q}d4}RyD5U15Fn}EeyW!5uR7-S`@Dyw{Sj-~%0YEAs3+h@v?nr}_f22MrF>n;Nw z_8UxX6^_x3ojz{S?_#UDuE=xpyE~lQbC}l+9xji=^@018pI*xPg&lkF3-+LVI>&#+ zmX79L1M;l2e>HL1ZDhod`rBAPHGL4@m?s6poYvxED^5-_uDat$_X5wH>8zi7#vh$Y z3#_LJUza%@r=K6m>GMKXvTO8sNo^20D6OHL@ zoNS}kdJp=?I}TLRa6SzIh?JI;+qEW{jI&l~G<0QBtX;+BIyrRyyUdk`ZXP*kfY9IgM8nz2+0gU=yEj_*QbFbsXe zW{9vFj>u_J?-Iq(9{6XY?){&QdVmeVtENS!52Bpk4^Q9zmpFnYx+$umt7_XQ8%z7V?ObM&B?^gVQn5GrWh-I8xt%E$6rqkZW$UpFG^uetOK zHF(#>s3~mp_$Y4r`NX?`U=|N0^UO$Yxl>7IF9A)Fni>ypqQCY#sHg}S22?!9*U}HT z$Cy{M)FK*3UdPjRh38761V}mGGmy*id_||wu6?yj)}}0rEcdAQYB#1k5Ab>TLg~X{ z9{hr@k?y$i?!5A%*}Ud2Yy^Q=exeF#g2|cK*kE4}nUq9Ie055q0-(?iI9mW4Zv-G4 z6J$VnuO;ZMGj>={)0VKhX-Rj4m7Q(kqa2#O){g~LeNWTcDfXP&_S!oe@7jS2w0M=%=bqoK~Mj)NycywZ9N=ZD5l zY9txff)fDPj4AyQ-Wz6kC>7EQy2I}hgRGGbhR3P=AA7lnBaj(uupv5>n-n4t?be95 zoAg@@8SFvu3somZRqWL5gK~|E?W7JZ??HGR8bIlzshU#ntYy(DqM?>Nizx$DMf5UBW-031*4Mrj)S7}=2*yq^a4;%2}y~w zT@5sr5)WA*51>U+%GV6KW<}-iH0-YxR5?hPZ4Q{yUIuFSWh6mc+m&>nF@EV(QCh+H zGKauukFL*$m0EK~)L-TJww2ynH4Z75>H68{Gn+fOt!5w>*fEEFF!o41}o@*z6FVXd)6GUx8`a!jB=j2 zvJwMB$0u7$CiH!Q$i^dlMnrqXa%58ox9i9f32O6&18C6hbjnnXoJMJxgfu)t#|V|( z9)x^_iB}dVTX)kHb-f+mfX%y^h`R27c=OSCYb7Tg$B$E-&mEPo zMCmoM<)<&Ul@ppVo+HNMvRi9%F_UB?vYLz3F(l0%zcuJ{D`_1qd?fQ>gx1LXy#Rt` z_ULRyG&B)%@{qC+G+7Cuvi6rfcv{lZiOhEJwY-((D^cMea`^k;p?1Xy_PHh)+}WE1 z1xV-Y&hCxItsnJ;jBgbuz)*2E&C5Oi+v!Kxaz3wl8O8G{c?_h%bmCS;X7Jagptr!2 zF{*6M){bF8=gY%0bkQ)W7&KlHJ-4Z~?T0b8epr1zpKwm;8DD;z-lVQMFBi3}fe<86J;1k?w!Jto8GG?+>6!t@w%a5Co>1s)IKo|4&85PYtdrysTWqU9((q{=UGk zEKky9+vKaH7Oww&hTAyBY?h=lxb@GF#Qq*TWb6*0Qi^dp{IA#Xci&GMsmFV*2PqiauBHE1dt#Gf zS~oUa>;EfKi*q+SbxcQ-^9i_$<7n%mjV*AAI zoR0gdI-7hx!Kv`Oh_!9fdf2WXZ=jRlbmM&1o#o7jx=5p`K=kY_KaJ@boT;+ z=iZnI(r~#`Vnar5$EOqB`JjpL7%cAX)hp3$1xb2p>%();fvQTK$4OwqUmlRcBBsG=C(U16#+5RylVsBSQVU>;pyhlO=wwtBLJL6QksSt zLzP(B5(r5VR6Z)AqiesFGSn`2R#*A~(vFZyHzkqwn^i%1_2%C92n$@C ze(%_r&sO9Yr{CV{7Qa4z%zoMRW}Ws&!A19LG_6^zqX2wz_i@owy9IyM^!2*4_$!8i z8!+O9;`CO8NYk=jtm6&;8?T;D@ljMeJ|y2B{O_c>h9^~WO-FA(p9XpaCQ_pm;(8h2 zdeXaB{jU_sH6EjF%@7ZoEduY!+OcLwv9j^A#XI>2)>o89oA$z~?B{ZXL#JN4#YX=SN+H4x(qJXI>Ibnk__d z6znp8Vt~^(Bs*!YBzV(;C4^P@`%cmjW(|}m&9RwkdatFO;m^||Me$Zqn_iP~e(@W{ zI;eR|{&BFd6`tz%In#;gdf+WHJbP-CI27LiC2a;-7GHlS;uGdF2Z43W<5nwe!_rtq z7yrOpnS+x*0HiD+b_1zBN0GJ4d)Za__#tmcTBk|u6u;GWUQVl)DS_tw2)kOtnTreV z9)=ChH3Wrys|4{R;RSv}_=-bBS7y=_J5TDj(e!pL8?1-doWiK(v+DN3^oJFY!sPeK z*vVIF-@M>?viULB`WEb+}yRHN3+aeHl&T>M(RlKZLUucFLe!B9!g zanW6TVFtnN+b*`5nt+mj%!b1jb&;2zKPi)CBc?cJ`ELs}{@VhR7B1GcRD&h@13t!d z%;&*P?M>yozvanoP*!RvsFpY#Mo(44t>5rJrVJV2Ba11wX2N-I+gL*}UD^0|bwwQF z8rO*$-AttMB2A&)za;&~XyJ+AT1tWL2wKi{8c~0H(tl<7e>U7^qvABOuQAblg=F~( zp4c6tzfLh5c+%k$!<_Z|;17U#t3MvEt=y4sD879ZGloey@MD2IM-FUKcgKO5HJ=fV z0m*#lvvQ(q%5PCo_8~b!KD*2`D8Mq)i=L)Zek6K_1vZiCyh@~Jx=5tMof7LB0-|Ng zX+425e8+%du)P&kCeouSMrEv*;D@Qh(BdP%entAMt!NbG1O*FV#sQ1FWv@LYiPFKC z-0iCT#0o`iLi<0a3aBtL`^fH0=Y(tsBvPo^6)Fb(x|UOsLii+~xrhXIiKV!RR}wX^ zNz?jXwar-m^!+ErR~+R9>)+YuUco8GDmSw%d(Dlsi!0HCpZ~fEMCaimJOU8>I+ndr zIp*C7fm82tm?JSl1+!xKeaP@9f{#=0#Lx$h{;^bUs9yXsyp>he?EO&4oZD5v%*jWAK(9c2tp=($$;pwBMN(@{k$g!k zr_Epb{)~MY*?@{0i2*N{Wiyg6jsSG3)g%eFV82)>YQ(6JNToj|EAn{3!l}zf3VXf% zH1u*k*1a*Iip{gs{2VE}-|4diBP_%{qFZAF-`eUc(;Hu!Yt>IQz2_)jERDSe@A?Bf zns=#^2^i-ZSw7?5iPj@D7W!(r-VL+l=q4P*(;vxLb$qL6g8q&{`B-{-B?!1EZKiA4AP{VCAbKBy%;4a&JURl9P<3#Y zETeck1&!#8;FxkND(e2@dx>)q=fQO>74;#Fg4!!lyum@rFmx9`%lhv+;ml0ibZFUQ zE(hVv%&XC2x$FL}gHa6bFMc5V!|P#Y@VqZ4v#>~e+l$VgJ|}2Vava1DG#ea6^+x zus5ikcc6`SU5@uVvz#$-6tzlk0(X+%W%_4`{!`XisT7OOn-3PYp+*?oRS`yc6@FWU zeWwHpwr-ALnifwxM1k&xy5ku!uC#G9k187PQJX6aA(D-e^iMw!Kk}f2NiMMB`j&WG zvaD<1dpSjPOL*`PA)q2pWV0Li4G?9QIckm|18(#h_~(eL?UBcj`gggjRb-<3vXx>0 z1&AIhDjM#Ws!883hX(cb8~lw+o~|VlHBp61N4o37)G7+SVc{hz&f0T8{iqP4A`3N$ zreUX?SEZIPi$PIWI{$TQ9^r`rhViCSj)N3lCAgw+F|}Enql$-Zj1By0Qzj&Z_1S^E zR}1d3>{0|(bHsR}yBugK%u2}wN5kMp#Br;qwwWAdKKa&P>zChLm;L}`MSs6kI1=an zLSy9Uu01dtBKPzk;6IakJ{31CIjscU>sFq#cYZfBng8gK9gpP8S&|NZV}(AMLPHqK zF)uk|6uY4ks5{;0D-khS5))sI1zYbWb5t|2WQ3t87oqj0gKaP>w-;GBJEdEVk5DSg zP}zeF#9+VE30Z=U6fp_{(clE2<)S4>39Aqi7adEge)-0iHy_zvo)^UUm0+vwgEZ05 zaIg?PYz_!wAS90YjK7@o5d-F|KvwNEs3!;`W}Lw_y&oYYde$(W=}=Bzk5SPldX@`u zpFlM2c)El@44l7J{-7w<~Mky{PBt&MI6B1_y zb!}9DiTSg@C}d^KoB*S3ZF{g7kdTllcKK@%dftIWd#FbxGCsSpI2POsJHBh`eYL0` zqE|6?R@~IVe-loY5&WStiS8Uc7{k&@mMy;>fuJL}Xcag0B_mtH)QwdNUuoX|-ogoG z4S+>~mZfkLY0&_Bg^GkOE(3v(5Bn&Clgo`#3@j`X{=cfOJS@p{i({6VV=ifz94*vb z(o*cYG**IzmXu^>X@x~$T3J|-nOzskCAX=kA`vxXqOwv+lhnxV<}!(h3$}o0HVQQu zYD1=>g7bdledf9Up68tNJMTH~@AtvCJn!?X?j6hG%}|-o8MG%U0pwQ(ofLUimZ#47 z08CoJvt5})lJ0pJdD-%CM?)M7ZshAH2w7%?$|Oc~FB1HgH`-!>F*8pW>hE>bX{f!> z+S2ED$o6>his{Gz1|$DDX3IU_g7%2$&=ri-ILhPSmY2PCb?Av_`}u>n`?rzTdu1M? zbXb&B)8wY)^-Jsf+Z}vMaG^!JTe2@V7{|AnI*m@<&3d+|Q*Qmuev8;JFnEJQ6xJQ{ z0;p8o9t_qeeL;69NEmhg7&_f)sMaQ%xOEus_Sk-tSNn=GtY!N-GmQ1t;#u1vk||e7 zr#i6$uAFUY)r~cy;UmKmlQ;HN zUjD7*EmH>_7N(;u0v=~`{&PS051o=Ai(&KD1F>0a{4$s8ug8Eqh$P$+guR5^R)@0-WNI()A=ff=>>z%l6up?;DrAQJQwWr8||wwub(n?)7iJ%X=EhZne0IH z>pAPo33ybd$GVY!pA~w%c#VIloq_nHBrnq1*5Hzf(@L3L+0Zq$tbCfpT9d}v8&a$m zjl`d(7K2lp;SZ4K!tQ;j3ro3X*^+}i8B^I^f2@C{3@{-h)TXl&TTJ7TMbkv7MYKAUo3K<;&*Y{E- z$h!9m@kPm;_&HdD8C|4>_fjs-yIM>a6=-@BM$|;(ZjcAB9L-hN?ik}^QfLT{5ou#oPF&o zu178P4kcU&{Oopl((?Mgq=LTmIoRXct5mF6u51eGi6LdX%|e_HcXtAA@P3A~7OZ21 z^bTgxwxVqCv}BY3;3!%+7$wXmr9nWVDqYofyF%y#y`da%>%Oq<_iC3rMgAb%i60{` zJ-~q}sjF|{|J7y&8*z1x0BEsH^|s40+!3 z(nSId8xqyWLS6%fw@Sq%f#)f=lo=P^rSeqLi3Xo`YK@UL0q7@R8BO~j37Lbf`V=Gs ziv(Q)TU;E2(_9&x9M>f7ns+n`mG(?K*y!KsA)^O#cuGk@^jpwkHjhPTtXH!>qWKw) z{Fsxa2h!l;!#MM*)6_9nD$0uK!YyV;b?CPDGpJiTnJ2gtg?D+CP;jkVM6Svs`TtQ? zg-L}b;_4J8)N)Wc)S{-J6y**B)^W~^!cjM^3fI;apJ!~j z7Aoz|iV|Tp$xt~C?OJXTBE4M+>tpt+W|&>`whrUUI>xEUTS0x$xKP@0rOY_;PTX0< z%|)XrNj|D(nydyI7`n19U%j-xk;x@Y{sC4E5!ghA+KISZvkzKz8MJDM!YCdkY{HP0 z+(TjZVdjI8m78y7#!j}0hx>z6*JTzYt$c`$u$mNc|9Mb2659VDcsosHJqPQREb)6C zzUo^W!~j5bT?N(7`MV)uHi!9xJsUf0%y@}8$WnZ+S#T`%q7g(>pmGQz*VIJLzELsa z${YuT)>a7@-SPA6bsOJUSSlIvmw9W!e^Q`rY!f^yHblo{Ybvcuk=ni`U6GmxMb>DD z<3dbsB%~brh@+buJ%tB-HUj3t=WTvUcwUQ*u%cWo_(!@>FE1u;O|XB)O2A1Kf6a?m znyJ(n8Q6KVZw@AXFJcOtf9R3EF8DWvT;xHYPAZ;)j58hpYWvt%{xfvQu{qdSdBn7+ zj)N2z2U<6b)jjw1$?o%F9?;6{CJ$bkuIybN`UCr0^cmyvqx^MoCu#b~TB?g&0X{Gg z5T^InRlkbL_d1e6e~({a{1hJ?#0Ex+WM#pzCLN`OPYe^0$~EA