From 6034adf8912844cc4dbce1564f091d20ba155b3c Mon Sep 17 00:00:00 2001
From: Mariusz Krzaczkowski <m.krzaczkowski@yetiforce.com>
Date: Thu, 16 Nov 2023 14:00:48 +0100
Subject: [PATCH] Csrf.min.js

---
 src/Csrf.min.js     | 228 ++++++++++++++++++++++++++++++++++++++++----
 src/Csrf.min.js.map |   1 -
 2 files changed, 212 insertions(+), 17 deletions(-)
 delete mode 100644 src/Csrf.min.js.map

diff --git a/src/Csrf.min.js b/src/Csrf.min.js
index af196d1..c998f9b 100644
--- a/src/Csrf.min.js
+++ b/src/Csrf.min.js
@@ -1,19 +1,215 @@
-'use strict';
+/**
+ * @file
+ *
+ * Rewrites XMLHttpRequest to automatically send CSRF token with it. In theory
+ * plays nice with other JavaScript libraries, needs testing though.
+ */
 
-function _typeof(o){"@babel/helpers - typeof";return _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(o){return typeof o}:function(o){return o&&"function"==typeof Symbol&&o.constructor===Symbol&&o!==Symbol.prototype?"symbol":typeof o},_typeof(o)}// Sets things up for Mozilla/Opera/nice browsers
+// Here are the basic overloaded method definitions
+// The wrapper must be set BEFORE onreadystatechange is written to, since
+// a bug in ActiveXObject prevents us from properly testing for it.
+CsrfMagic = function (real) {
+	// try to make it ourselves, if you didn't pass it
+	if (!real)
+		try {
+			real = new XMLHttpRequest();
+		} catch (e) {}
+	if (!real)
+		try {
+			real = new ActiveXObject('Msxml2.XMLHTTP');
+		} catch (e) {}
+	if (!real)
+		try {
+			real = new ActiveXObject('Microsoft.XMLHTTP');
+		} catch (e) {}
+	if (!real)
+		try {
+			real = new ActiveXObject('Msxml2.XMLHTTP.4.0');
+		} catch (e) {}
+	this.csrf = real;
+	// properties
+	var csrfMagic = this;
+	real.onreadystatechange = function () {
+		csrfMagic._updateProps();
+		return csrfMagic.onreadystatechange ? csrfMagic.onreadystatechange() : null;
+	};
+	csrfMagic._updateProps();
+};
+
+CsrfMagic.prototype = {
+	open: function (method, url, async, username, password) {
+		if (method == 'POST') this.csrf_isPost = true;
+		this.csrf_url = url;
+		// deal with Opera bug, thanks jQuery
+		if (username) return this.csrf_open(method, url, async, username, password);
+		else return this.csrf_open(method, url, async);
+	},
+	csrf_open: function (method, url, async, username, password) {
+		if (username) return this.csrf.open(method, url, async, username, password);
+		else return this.csrf.open(method, url, async);
+	},
+
+	send: function (data) {
+		let url = null;
+		try {
+			url = new URL(this.csrf_url);
+		} catch (e) {
+			//for internal urls there could be no domain part
+			//in that case it's not a valid url
+		}
+		//don't add token to external requests
+		if (url !== null && typeof csrfMagicDomain !== 'undefined' && url.host !== csrfMagicDomain) {
+			return this.csrf_send(data);
+		}
+
+		if (!this.csrf_isPost) return this.csrf_send(data);
+		delete this.csrf_isPost;
+		if (data instanceof FormData) {
+			data.append(csrfMagicName, csrfMagicToken);
+			return this.csrf_send(data);
+		} else {
+			return this.csrf_send(csrfMagicName + '=' + csrfMagicToken + '&' + data);
+		}
+	},
+	csrf_send: function (data) {
+		return this.csrf.send(data);
+	},
+
+	setRequestHeader: function (header, value) {
+		// We have to auto-set this at the end, since we don't know how long the
+		// nonce is when added to the data.
+		if (this.csrf_isPost && header == 'Content-length') {
+			this.csrf_purportedLength = value;
+			return;
+		}
+		return this.csrf_setRequestHeader(header, value);
+	},
+	csrf_setRequestHeader: function (header, value) {
+		return this.csrf.setRequestHeader(header, value);
+	},
+
+	abort: function () {
+		return this.csrf.abort();
+	},
+	getAllResponseHeaders: function () {
+		return this.csrf.getAllResponseHeaders();
+	},
+	getResponseHeader: function (header) {
+		return this.csrf.getResponseHeader(header);
+	} // ,
+};
+
+// proprietary
+CsrfMagic.prototype._updateProps = function () {
+	this.readyState = this.csrf.readyState;
+	if (this.readyState == 4) {
+		this.responseText = this.csrf.responseText;
+		this.responseXML = this.csrf.responseXML;
+		this.status = this.csrf.status;
+		this.statusText = this.csrf.statusText;
+	}
+};
+CsrfMagic.process = function (base) {
+	if (typeof base == 'object') {
+		base[csrfMagicName] = csrfMagicToken;
+		return base;
+	}
+	var prepend = csrfMagicName + '=' + csrfMagicToken;
+	if (base) return prepend + '&' + base;
+	return prepend;
+};
+// callback function for when everything on the page has loaded
+CsrfMagic.end = function () {
+	// This rewrites forms AGAIN, so in case buffering didn't work this
+	// certainly will.
+	forms = document.getElementsByTagName('form');
+	for (var i = 0; i < forms.length; i++) {
+		form = forms[i];
+		var method = form.getAttribute('method');
+		if (method && method.toUpperCase() !== 'POST') continue;
+		if (form.elements[csrfMagicName]) continue;
+		var input = document.createElement('input');
+		input.setAttribute('name', csrfMagicName);
+		input.setAttribute('value', csrfMagicToken);
+		input.setAttribute('type', 'hidden');
+		form.appendChild(input);
+	}
+};
+
+// Sets things up for Mozilla/Opera/nice browsers
 // We very specifically match against Internet Explorer, since they haven't
 // implemented prototypes correctly yet.
-if(CsrfMagic=function CsrfMagic(real){// try to make it ourselves, if you didn't pass it
-if(!real)try{real=new XMLHttpRequest;}catch(e){}if(!real)try{real=new ActiveXObject("Msxml2.XMLHTTP");}catch(e){}if(!real)try{real=new ActiveXObject("Microsoft.XMLHTTP");}catch(e){}if(!real)try{real=new ActiveXObject("Msxml2.XMLHTTP.4.0");}catch(e){}this.csrf=real;// properties
-var csrfMagic=this;real.onreadystatechange=function(){return csrfMagic._updateProps(),csrfMagic.onreadystatechange?csrfMagic.onreadystatechange():null},csrfMagic._updateProps();},CsrfMagic.prototype={open:function open(method,url,async,username,password){// deal with Opera bug, thanks jQuery
-return "POST"==method&&(this.csrf_isPost=!0),this.csrf_url=url,username?this.csrf_open(method,url,async,username,password):this.csrf_open(method,url,async)},csrf_open:function csrf_open(method,url,async,username,password){return username?this.csrf.open(method,url,async,username,password):this.csrf.open(method,url,async)},send:function send(data){var url=null;try{url=new URL(this.csrf_url);}catch(e){//for internal urls there could be no domain part
-//in that case it's not a valid url
-}//don't add token to external requests
-return null!==url&&"undefined"!=typeof csrfMagicDomain&&url.host!==csrfMagicDomain?this.csrf_send(data):this.csrf_isPost?(delete this.csrf_isPost,data instanceof FormData?(data.append(csrfMagicName,csrfMagicToken),this.csrf_send(data)):this.csrf_send(csrfMagicName+"="+csrfMagicToken+"&"+data)):this.csrf_send(data)},csrf_send:function csrf_send(data){return this.csrf.send(data)},setRequestHeader:function setRequestHeader(header,value){// We have to auto-set this at the end, since we don't know how long the
-// nonce is when added to the data.
-return this.csrf_isPost&&"Content-length"==header?void(this.csrf_purportedLength=value):this.csrf_setRequestHeader(header,value)},csrf_setRequestHeader:function csrf_setRequestHeader(header,value){return this.csrf.setRequestHeader(header,value)},abort:function abort(){return this.csrf.abort()},getAllResponseHeaders:function getAllResponseHeaders(){return this.csrf.getAllResponseHeaders()},getResponseHeader:function getResponseHeader(header){return this.csrf.getResponseHeader(header)}// ,
-},CsrfMagic.prototype._updateProps=function(){this.readyState=this.csrf.readyState,4==this.readyState&&(this.responseText=this.csrf.responseText,this.responseXML=this.csrf.responseXML,this.status=this.csrf.status,this.statusText=this.csrf.statusText);},CsrfMagic.process=function(base){if("object"==_typeof(base))return base[csrfMagicName]=csrfMagicToken,base;var prepend=csrfMagicName+"="+csrfMagicToken;return base?prepend+"&"+base:prepend},CsrfMagic.end=function(){forms=document.getElementsByTagName("form");for(var i=0;i<forms.length;i++){form=forms[i];var method=form.getAttribute("method");if(!(method&&"POST"!==method.toUpperCase())&&!form.elements[csrfMagicName]){var input=document.createElement("input");input.setAttribute("name",csrfMagicName),input.setAttribute("value",csrfMagicToken),input.setAttribute("type","hidden"),form.appendChild(input);}}},window.XMLHttpRequest&&window.XMLHttpRequest.prototype&&!0){var x=XMLHttpRequest.prototype,c=CsrfMagic.prototype;// Save the original functions
-// Notice that CsrfMagic is itself an instantiatable object, but only
-// open, send and setRequestHeader are necessary as decorators.
-x.csrf_open=x.open,x.csrf_send=x.send,x.csrf_setRequestHeader=x.setRequestHeader,x.open=c.open,x.send=c.send,x.setRequestHeader=c.setRequestHeader;}else window.jQuery&&(jQuery.csrf_ajax=jQuery.ajax,jQuery.ajax=function(s){return s.type&&"POST"==s.type.toUpperCase()&&(s=jQuery.extend(!0,s,jQuery.extend(!0,{},jQuery.ajaxSettings,s)),s.data&&s.processData&&"string"!=typeof s.data&&(s.data=jQuery.param(s.data)),s.data=CsrfMagic.process(s.data)),jQuery.csrf_ajax(s)}),window.Prototype&&(Ajax.csrf_getTransport=Ajax.getTransport,Ajax.getTransport=function(){return new CsrfMagic(Ajax.csrf_getTransport())}),window.MooTools&&(Browser.csrf_Request=Browser.Request,Browser.Request=function(){return new CsrfMagic(Browser.csrf_Request())}),window.YAHOO&&(YAHOO.util.Connect.csrf_createXhrObject=YAHOO.util.Connect.createXhrObject,YAHOO.util.Connect.createXhrObject=function(transaction){return obj=YAHOO.util.Connect.csrf_createXhrObject(transaction),obj.conn=new CsrfMagic(obj.conn),obj}),window.Ext&&(Ext.lib.Ajax.csrf_createXhrObject=Ext.lib.Ajax.createXhrObject,Ext.lib.Ajax.createXhrObject=function(transaction){return obj=Ext.lib.Ajax.csrf_createXhrObject(transaction),obj.conn=new CsrfMagic(obj.conn),obj}),window.dojo&&(dojo.csrf__xhrObj=dojo._xhrObj,dojo._xhrObj=function(){return new CsrfMagic(dojo.csrf__xhrObj())});
-//# sourceMappingURL=Csrf.min.js.map
+if (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\v' != 'v') {
+	var x = XMLHttpRequest.prototype;
+	var c = CsrfMagic.prototype;
+
+	// Save the original functions
+	x.csrf_open = x.open;
+	x.csrf_send = x.send;
+	x.csrf_setRequestHeader = x.setRequestHeader;
+
+	// Notice that CsrfMagic is itself an instantiatable object, but only
+	// open, send and setRequestHeader are necessary as decorators.
+	x.open = c.open;
+	x.send = c.send;
+	x.setRequestHeader = c.setRequestHeader;
+} else {
+	// The only way we can do this is by modifying a library you have been
+	// using. We support YUI, script.aculo.us, prototype, MooTools,
+	// jQuery, Ext and Dojo.
+	if (window.jQuery) {
+		// jQuery didn't implement a new XMLHttpRequest function, so we have
+		// to do this the hard way.
+		jQuery.csrf_ajax = jQuery.ajax;
+		jQuery.ajax = function (s) {
+			if (s.type && s.type.toUpperCase() == 'POST') {
+				s = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s));
+				if (s.data && s.processData && typeof s.data != 'string') {
+					s.data = jQuery.param(s.data);
+				}
+				s.data = CsrfMagic.process(s.data);
+			}
+			return jQuery.csrf_ajax(s);
+		};
+	}
+	if (window.Prototype) {
+		// This works for script.aculo.us too
+		Ajax.csrf_getTransport = Ajax.getTransport;
+		Ajax.getTransport = function () {
+			return new CsrfMagic(Ajax.csrf_getTransport());
+		};
+	}
+	if (window.MooTools) {
+		Browser.csrf_Request = Browser.Request;
+		Browser.Request = function () {
+			return new CsrfMagic(Browser.csrf_Request());
+		};
+	}
+	if (window.YAHOO) {
+		// old YUI API
+		YAHOO.util.Connect.csrf_createXhrObject = YAHOO.util.Connect.createXhrObject;
+		YAHOO.util.Connect.createXhrObject = function (transaction) {
+			obj = YAHOO.util.Connect.csrf_createXhrObject(transaction);
+			obj.conn = new CsrfMagic(obj.conn);
+			return obj;
+		};
+	}
+	if (window.Ext) {
+		// Ext can use other js libraries as loaders, so it has to come last
+		// Ext's implementation is pretty identical to Yahoo's, but we duplicate
+		// it for comprehensiveness's sake.
+		Ext.lib.Ajax.csrf_createXhrObject = Ext.lib.Ajax.createXhrObject;
+		Ext.lib.Ajax.createXhrObject = function (transaction) {
+			obj = Ext.lib.Ajax.csrf_createXhrObject(transaction);
+			obj.conn = new CsrfMagic(obj.conn);
+			return obj;
+		};
+	}
+	if (window.dojo) {
+		// NOTE: this doesn't work with latest dojo
+		dojo.csrf__xhrObj = dojo._xhrObj;
+		dojo._xhrObj = function () {
+			return new CsrfMagic(dojo.csrf__xhrObj());
+		};
+	}
+}
diff --git a/src/Csrf.min.js.map b/src/Csrf.min.js.map
deleted file mode 100644
index b89179d..0000000
--- a/src/Csrf.min.js.map
+++ /dev/null
@@ -1 +0,0 @@
-{"version":3,"file":"Csrf.min.js","sources":["Csrf.js"],"sourcesContent":["/**\n * @file\n *\n * Rewrites XMLHttpRequest to automatically send CSRF token with it. In theory\n * plays nice with other JavaScript libraries, needs testing though.\n */\n\n// Here are the basic overloaded method definitions\n// The wrapper must be set BEFORE onreadystatechange is written to, since\n// a bug in ActiveXObject prevents us from properly testing for it.\nCsrfMagic = function (real) {\n\t// try to make it ourselves, if you didn't pass it\n\tif (!real)\n\t\ttry {\n\t\t\treal = new XMLHttpRequest();\n\t\t} catch (e) {}\n\tif (!real)\n\t\ttry {\n\t\t\treal = new ActiveXObject('Msxml2.XMLHTTP');\n\t\t} catch (e) {}\n\tif (!real)\n\t\ttry {\n\t\t\treal = new ActiveXObject('Microsoft.XMLHTTP');\n\t\t} catch (e) {}\n\tif (!real)\n\t\ttry {\n\t\t\treal = new ActiveXObject('Msxml2.XMLHTTP.4.0');\n\t\t} catch (e) {}\n\tthis.csrf = real;\n\t// properties\n\tvar csrfMagic = this;\n\treal.onreadystatechange = function () {\n\t\tcsrfMagic._updateProps();\n\t\treturn csrfMagic.onreadystatechange ? csrfMagic.onreadystatechange() : null;\n\t};\n\tcsrfMagic._updateProps();\n};\n\nCsrfMagic.prototype = {\n\topen: function (method, url, async, username, password) {\n\t\tif (method == 'POST') this.csrf_isPost = true;\n\t\tthis.csrf_url = url;\n\t\t// deal with Opera bug, thanks jQuery\n\t\tif (username) return this.csrf_open(method, url, async, username, password);\n\t\telse return this.csrf_open(method, url, async);\n\t},\n\tcsrf_open: function (method, url, async, username, password) {\n\t\tif (username) return this.csrf.open(method, url, async, username, password);\n\t\telse return this.csrf.open(method, url, async);\n\t},\n\n\tsend: function (data) {\n\t\tlet url = null;\n\t\ttry {\n\t\t\turl = new URL(this.csrf_url);\n\t\t} catch (e) {\n\t\t\t//for internal urls there could be no domain part\n\t\t\t//in that case it's not a valid url\n\t\t}\n\t\t//don't add token to external requests\n\t\tif (url !== null && typeof csrfMagicDomain !== 'undefined' && url.host !== csrfMagicDomain) {\n\t\t\treturn this.csrf_send(data);\n\t\t}\n\n\t\tif (!this.csrf_isPost) return this.csrf_send(data);\n\t\tdelete this.csrf_isPost;\n\t\tif (data instanceof FormData) {\n\t\t\tdata.append(csrfMagicName, csrfMagicToken);\n\t\t\treturn this.csrf_send(data);\n\t\t} else {\n\t\t\treturn this.csrf_send(csrfMagicName + '=' + csrfMagicToken + '&' + data);\n\t\t}\n\t},\n\tcsrf_send: function (data) {\n\t\treturn this.csrf.send(data);\n\t},\n\n\tsetRequestHeader: function (header, value) {\n\t\t// We have to auto-set this at the end, since we don't know how long the\n\t\t// nonce is when added to the data.\n\t\tif (this.csrf_isPost && header == 'Content-length') {\n\t\t\tthis.csrf_purportedLength = value;\n\t\t\treturn;\n\t\t}\n\t\treturn this.csrf_setRequestHeader(header, value);\n\t},\n\tcsrf_setRequestHeader: function (header, value) {\n\t\treturn this.csrf.setRequestHeader(header, value);\n\t},\n\n\tabort: function () {\n\t\treturn this.csrf.abort();\n\t},\n\tgetAllResponseHeaders: function () {\n\t\treturn this.csrf.getAllResponseHeaders();\n\t},\n\tgetResponseHeader: function (header) {\n\t\treturn this.csrf.getResponseHeader(header);\n\t} // ,\n};\n\n// proprietary\nCsrfMagic.prototype._updateProps = function () {\n\tthis.readyState = this.csrf.readyState;\n\tif (this.readyState == 4) {\n\t\tthis.responseText = this.csrf.responseText;\n\t\tthis.responseXML = this.csrf.responseXML;\n\t\tthis.status = this.csrf.status;\n\t\tthis.statusText = this.csrf.statusText;\n\t}\n};\nCsrfMagic.process = function (base) {\n\tif (typeof base == 'object') {\n\t\tbase[csrfMagicName] = csrfMagicToken;\n\t\treturn base;\n\t}\n\tvar prepend = csrfMagicName + '=' + csrfMagicToken;\n\tif (base) return prepend + '&' + base;\n\treturn prepend;\n};\n// callback function for when everything on the page has loaded\nCsrfMagic.end = function () {\n\t// This rewrites forms AGAIN, so in case buffering didn't work this\n\t// certainly will.\n\tforms = document.getElementsByTagName('form');\n\tfor (var i = 0; i < forms.length; i++) {\n\t\tform = forms[i];\n\t\tvar method = form.getAttribute('method');\n\t\tif (method && method.toUpperCase() !== 'POST') continue;\n\t\tif (form.elements[csrfMagicName]) continue;\n\t\tvar input = document.createElement('input');\n\t\tinput.setAttribute('name', csrfMagicName);\n\t\tinput.setAttribute('value', csrfMagicToken);\n\t\tinput.setAttribute('type', 'hidden');\n\t\tform.appendChild(input);\n\t}\n};\n\n// Sets things up for Mozilla/Opera/nice browsers\n// We very specifically match against Internet Explorer, since they haven't\n// implemented prototypes correctly yet.\nif (window.XMLHttpRequest && window.XMLHttpRequest.prototype && '\\v' != 'v') {\n\tvar x = XMLHttpRequest.prototype;\n\tvar c = CsrfMagic.prototype;\n\n\t// Save the original functions\n\tx.csrf_open = x.open;\n\tx.csrf_send = x.send;\n\tx.csrf_setRequestHeader = x.setRequestHeader;\n\n\t// Notice that CsrfMagic is itself an instantiatable object, but only\n\t// open, send and setRequestHeader are necessary as decorators.\n\tx.open = c.open;\n\tx.send = c.send;\n\tx.setRequestHeader = c.setRequestHeader;\n} else {\n\t// The only way we can do this is by modifying a library you have been\n\t// using. We support YUI, script.aculo.us, prototype, MooTools,\n\t// jQuery, Ext and Dojo.\n\tif (window.jQuery) {\n\t\t// jQuery didn't implement a new XMLHttpRequest function, so we have\n\t\t// to do this the hard way.\n\t\tjQuery.csrf_ajax = jQuery.ajax;\n\t\tjQuery.ajax = function (s) {\n\t\t\tif (s.type && s.type.toUpperCase() == 'POST') {\n\t\t\t\ts = jQuery.extend(true, s, jQuery.extend(true, {}, jQuery.ajaxSettings, s));\n\t\t\t\tif (s.data && s.processData && typeof s.data != 'string') {\n\t\t\t\t\ts.data = jQuery.param(s.data);\n\t\t\t\t}\n\t\t\t\ts.data = CsrfMagic.process(s.data);\n\t\t\t}\n\t\t\treturn jQuery.csrf_ajax(s);\n\t\t};\n\t}\n\tif (window.Prototype) {\n\t\t// This works for script.aculo.us too\n\t\tAjax.csrf_getTransport = Ajax.getTransport;\n\t\tAjax.getTransport = function () {\n\t\t\treturn new CsrfMagic(Ajax.csrf_getTransport());\n\t\t};\n\t}\n\tif (window.MooTools) {\n\t\tBrowser.csrf_Request = Browser.Request;\n\t\tBrowser.Request = function () {\n\t\t\treturn new CsrfMagic(Browser.csrf_Request());\n\t\t};\n\t}\n\tif (window.YAHOO) {\n\t\t// old YUI API\n\t\tYAHOO.util.Connect.csrf_createXhrObject = YAHOO.util.Connect.createXhrObject;\n\t\tYAHOO.util.Connect.createXhrObject = function (transaction) {\n\t\t\tobj = YAHOO.util.Connect.csrf_createXhrObject(transaction);\n\t\t\tobj.conn = new CsrfMagic(obj.conn);\n\t\t\treturn obj;\n\t\t};\n\t}\n\tif (window.Ext) {\n\t\t// Ext can use other js libraries as loaders, so it has to come last\n\t\t// Ext's implementation is pretty identical to Yahoo's, but we duplicate\n\t\t// it for comprehensiveness's sake.\n\t\tExt.lib.Ajax.csrf_createXhrObject = Ext.lib.Ajax.createXhrObject;\n\t\tExt.lib.Ajax.createXhrObject = function (transaction) {\n\t\t\tobj = Ext.lib.Ajax.csrf_createXhrObject(transaction);\n\t\t\tobj.conn = new CsrfMagic(obj.conn);\n\t\t\treturn obj;\n\t\t};\n\t}\n\tif (window.dojo) {\n\t\t// NOTE: this doesn't work with latest dojo\n\t\tdojo.csrf__xhrObj = dojo._xhrObj;\n\t\tdojo._xhrObj = function () {\n\t\t\treturn new CsrfMagic(dojo.csrf__xhrObj());\n\t\t};\n\t}\n}\n"],"names":["CsrfMagic","real","XMLHttpRequest","e","ActiveXObject","csrf","csrfMagic","onreadystatechange","_updateProps","prototype","open","method","url","async","username","password","csrf_isPost","csrf_url","csrf_open","send","data","URL","csrfMagicDomain","host","csrf_send","FormData","append","csrfMagicName","csrfMagicToken","setRequestHeader","header","value","csrf_purportedLength","csrf_setRequestHeader","abort","getAllResponseHeaders","getResponseHeader","readyState","responseText","responseXML","status","statusText","process","base","_typeof","prepend","end","forms","document","getElementsByTagName","i","length","form","getAttribute","toUpperCase","elements","input","createElement","setAttribute","appendChild","window","x","c","jQuery","csrf_ajax","ajax","s","type","extend","ajaxSettings","processData","param","Prototype","Ajax","csrf_getTransport","getTransport","MooTools","Browser","csrf_Request","Request","YAHOO","util","Connect","csrf_createXhrObject","createXhrObject","transaction","obj","conn","Ext","lib","dojo","csrf__xhrObj","_xhrObj"],"mappings":";;AA0IA,SAAA,OAAA,CAAA,CAAA,CAAA,CAAA,yBAAA,CAAA,OAAA,OAAA,CAAA,UAAA,EAAA,OAAA,MAAA,EAAA,QAAA,EAAA,OAAA,MAAA,CAAA,QAAA,CAAA,SAAA,CAAA,CAAA,CAAA,OAAA,OAAA,CAAA,CAAA,CAAA,SAAA,CAAA,CAAA,CAAA,OAAA,CAAA,EAAA,UAAA,EAAA,OAAA,MAAA,EAAA,CAAA,CAAA,WAAA,GAAA,MAAA,EAAA,CAAA,GAAA,MAAA,CAAA,SAAA,CAAA,QAAA,CAAA,OAAA,CAAA,CAAA,CAAA,OAAA,CAAA,CAAA,CAAA,CAAA;AACA;AACA;AACA,GAnIAA,SAAS,CAAG,SAAAA,SAAUC,CAAAA,IAAI,CAAE;AAE3B,GAAI,CAACA,IAAI,CACR,GAAI,CACHA,IAAI,CAAG,IAAIC,eACZ,CAAE,MAAOC,CAAC,CAAE,EACb,GAAI,CAACF,IAAI,CACR,GAAI,CACHA,IAAI,CAAG,IAAIG,aAAa,CAAC,gBAAgB,EAC1C,CAAE,MAAOD,CAAC,CAAE,EACb,GAAI,CAACF,IAAI,CACR,GAAI,CACHA,IAAI,CAAG,IAAIG,aAAa,CAAC,mBAAmB,EAC7C,CAAE,MAAOD,CAAC,CAAE,EACb,GAAI,CAACF,IAAI,CACR,GAAI,CACHA,IAAI,CAAG,IAAIG,aAAa,CAAC,oBAAoB,EAC9C,CAAE,MAAOD,CAAC,CAAE,EACb,IAAI,CAACE,IAAI,CAAGJ,IAAI,CAChB;AACA,IAAIK,SAAS,CAAG,IAAI,CACpBL,IAAI,CAACM,kBAAkB,CAAG,UAAY,CAErC,OADAD,SAAS,CAACE,YAAY,EAAE,CACjBF,SAAS,CAACC,kBAAkB,CAAGD,SAAS,CAACC,kBAAkB,EAAE,CAAG,IACxE,CAAC,CACDD,SAAS,CAACE,YAAY,GACvB,CAAC,CAEDR,SAAS,CAACS,SAAS,CAAG,CACrBC,IAAI,CAAE,SAAAA,IAAAA,CAAUC,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAAEC,QAAQ,CAAEC,QAAQ,CAAE;AAGvD,OAFc,MAAM,EAAhBJ,MAAgB,GAAE,IAAI,CAACK,WAAW,CAAO,CAAA,CAAA,CAAA,CAC7C,IAAI,CAACC,QAAQ,CAAGL,GAAG,CAEfE,QAAQ,CAAS,IAAI,CAACI,SAAS,CAACP,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAAEC,QAAQ,CAAEC,QAAQ,CAAC,CAC/D,IAAI,CAACG,SAAS,CAACP,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAC9C,CAAC,CACDK,SAAS,CAAE,SAAAA,SAAUP,CAAAA,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAAEC,QAAQ,CAAEC,QAAQ,CAAE,CAAA,OACxDD,QAAQ,CAAS,IAAI,CAACT,IAAI,CAACK,IAAI,CAACC,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAAEC,QAAQ,CAAEC,QAAQ,CAAC,CAC/D,IAAI,CAACV,IAAI,CAACK,IAAI,CAACC,MAAM,CAAEC,GAAG,CAAEC,KAAK,CAC9C,CAAC,CAEDM,IAAI,CAAE,SAAAA,IAAUC,CAAAA,IAAI,CAAE,CACrB,IAAIR,GAAG,CAAG,IAAI,CACd,GAAI,CACHA,GAAG,CAAG,IAAIS,GAAG,CAAC,IAAI,CAACJ,QAAQ,EAC5B,CAAE,MAAOd,CAAC,CAAE;AAEX;AAAA,CAED;AAAA,OACY,IAAI,GAAZS,GAAY,EAA+B,WAAW,EAAtC,OAAOU,eAA+B,EAAIV,GAAG,CAACW,IAAI,GAAKD,eAAe,CAClF,IAAI,CAACE,SAAS,CAACJ,IAAI,CAAC,CAGvB,IAAI,CAACJ,WAAW,EACrB,OAAW,IAAA,CAACA,WAAW,CACnBI,IAAI,YAAYK,QAAQ,EAC3BL,IAAI,CAACM,MAAM,CAACC,aAAa,CAAEC,cAAc,CAAC,CACnC,IAAI,CAACJ,SAAS,CAACJ,IAAI,CAAC,EAEpB,IAAI,CAACI,SAAS,CAACG,aAAa,CAAG,GAAG,CAAGC,cAAc,CAAG,GAAG,CAAGR,IAAI,CAAC,EAN3C,IAAI,CAACI,SAAS,CAACJ,IAAI,CAQlD,CAAC,CACDI,SAAS,CAAE,SAAAA,SAAAA,CAAUJ,IAAI,CAAE,CAC1B,OAAW,IAAA,CAACf,IAAI,CAACc,IAAI,CAACC,IAAI,CAC3B,CAAC,CAEDS,gBAAgB,CAAE,SAAAA,iBAAUC,MAAM,CAAEC,KAAK,CAAE;AAE1C;AAAA,OACI,IAAI,CAACf,WAAW,EAAc,gBAAgB,EAA1Bc,MAA0B,MACjD,IAAI,CAACE,oBAAoB,CAAGD,KAAK,EAG3B,IAAI,CAACE,qBAAqB,CAACH,MAAM,CAAEC,KAAK,CAChD,CAAC,CACDE,qBAAqB,CAAE,SAAAA,qBAAAA,CAAUH,MAAM,CAAEC,KAAK,CAAE,CAC/C,WAAW,CAAC1B,IAAI,CAACwB,gBAAgB,CAACC,MAAM,CAAEC,KAAK,CAChD,CAAC,CAEDG,KAAK,CAAE,SAAAA,KAAAA,EAAY,CAClB,WAAW,CAAC7B,IAAI,CAAC6B,KAAK,EACvB,CAAC,CACDC,qBAAqB,CAAE,SAAAA,uBAAY,CAClC,OAAW,IAAA,CAAC9B,IAAI,CAAC8B,qBAAqB,EACvC,CAAC,CACDC,iBAAiB,CAAE,SAAAA,iBAAUN,CAAAA,MAAM,CAAE,CACpC,WAAW,CAACzB,IAAI,CAAC+B,iBAAiB,CAACN,MAAM,CAC1C,CAAE;AACH,CAAC,CAGD9B,SAAS,CAACS,SAAS,CAACD,YAAY,CAAG,UAAY,CAC9C,IAAI,CAAC6B,UAAU,CAAG,IAAI,CAAChC,IAAI,CAACgC,UAAU,CACf,CAAC,EAApB,IAAI,CAACA,UAAe,GACvB,IAAI,CAACC,YAAY,CAAG,IAAI,CAACjC,IAAI,CAACiC,YAAY,CAC1C,IAAI,CAACC,WAAW,CAAG,IAAI,CAAClC,IAAI,CAACkC,WAAW,CACxC,IAAI,CAACC,MAAM,CAAG,IAAI,CAACnC,IAAI,CAACmC,MAAM,CAC9B,IAAI,CAACC,UAAU,CAAG,IAAI,CAACpC,IAAI,CAACoC,UAAU,EAExC,CAAC,CACDzC,SAAS,CAAC0C,OAAO,CAAG,SAAUC,IAAI,CAAE,CACnC,GAAmB,QAAQ,EAAAC,OAAA,CAAhBD,IAAI,CAAY,CAE1B,OADAA,IAAI,CAAChB,aAAa,CAAC,CAAGC,cAAc,CAC7Be,IAAI,CAEZ,IAAIE,OAAO,CAAGlB,aAAa,CAAG,GAAG,CAAGC,cAAc,CAAC,OAC/Ce,IAAI,CAASE,OAAO,CAAG,GAAG,CAAGF,IAAI,CAC9BE,OACR,CAAC,CAED7C,SAAS,CAAC8C,GAAG,CAAG,UAAY,CAG3BC,KAAK,CAAGC,QAAQ,CAACC,oBAAoB,CAAC,MAAM,CAAC,CAC7C,IAAK,IAAIC,CAAC,CAAG,CAAC,CAAEA,CAAC,CAAGH,KAAK,CAACI,MAAM,CAAED,CAAC,EAAE,CAAE,CACtCE,IAAI,CAAGL,KAAK,CAACG,CAAC,CAAC,CACf,IAAIvC,MAAM,CAAGyC,IAAI,CAACC,YAAY,CAAC,QAAQ,CAAC,CACxC,GAAA,EAAI1C,MAAM,EAA6B,MAAM,GAA/BA,MAAM,CAAC2C,WAAW,EAAa,CAAA,EAAA,CACzCF,IAAI,CAACG,QAAQ,CAAC5B,aAAa,CAAC,CAChC,CAAA,IAAI6B,KAAK,CAAGR,QAAQ,CAACS,aAAa,CAAC,OAAO,CAAC,CAC3CD,KAAK,CAACE,YAAY,CAAC,MAAM,CAAE/B,aAAa,CAAC,CACzC6B,KAAK,CAACE,YAAY,CAAC,OAAO,CAAE9B,cAAc,CAAC,CAC3C4B,KAAK,CAACE,YAAY,CAAC,MAAM,CAAE,QAAQ,CAAC,CACpCN,IAAI,CAACO,WAAW,CAACH,KAAK,EAAC,CACxB,CACD,CAAC,CAKGI,MAAM,CAAC1D,cAAc,EAAI0D,MAAM,CAAC1D,cAAc,CAACO,SAAS,EAAe,CAAA,CAAA,CAAE,CACxE,IAAAoD,CAAC,CAAG3D,cAAc,CAACO,SAAS,CAC5BqD,CAAC,CAAG9D,SAAS,CAACS,SAAS,CAE3B;AAKA;AACA;AALAoD,CAAC,CAAC3C,SAAS,CAAG2C,CAAC,CAACnD,IAAI,CACpBmD,CAAC,CAACrC,SAAS,CAAGqC,CAAC,CAAC1C,IAAI,CACpB0C,CAAC,CAAC5B,qBAAqB,CAAG4B,CAAC,CAAChC,gBAAgB,CAI5CgC,CAAC,CAACnD,IAAI,CAAGoD,CAAC,CAACpD,IAAI,CACfmD,CAAC,CAAC1C,IAAI,CAAG2C,CAAC,CAAC3C,IAAI,CACf0C,CAAC,CAAChC,gBAAgB,CAAGiC,CAAC,CAACjC,iBACxB,CAAC,KAII+B,MAAM,CAACG,MAAM,GAGhBA,MAAM,CAACC,SAAS,CAAGD,MAAM,CAACE,IAAI,CAC9BF,MAAM,CAACE,IAAI,CAAG,SAAUC,CAAC,CAAE,CAQ1B,OAPIA,CAAC,CAACC,IAAI,EAA4B,MAAM,EAA9BD,CAAC,CAACC,IAAI,CAACb,WAAW,EAAY,GAC3CY,CAAC,CAAGH,MAAM,CAACK,MAAM,CAAOF,CAAAA,CAAAA,CAAAA,CAAC,CAAEH,MAAM,CAACK,MAAM,CAAA,CAAA,CAAA,CAAO,EAAE,CAAEL,MAAM,CAACM,YAAY,CAAEH,CAAC,CAAC,CAAC,CACvEA,CAAC,CAAC9C,IAAI,EAAI8C,CAAC,CAACI,WAAW,EAAqB,QAAQ,EAAzB,OAAOJ,CAAC,CAAC9C,IAAgB,GACvD8C,CAAC,CAAC9C,IAAI,CAAG2C,MAAM,CAACQ,KAAK,CAACL,CAAC,CAAC9C,IAAI,CAAC,EAE9B8C,CAAC,CAAC9C,IAAI,CAAGpB,SAAS,CAAC0C,OAAO,CAACwB,CAAC,CAAC9C,IAAI,CAAC,CAE5B2C,CAAAA,MAAM,CAACC,SAAS,CAACE,CAAC,CAC1B,CAAC,EAEEN,MAAM,CAACY,SAAS,GAEnBC,IAAI,CAACC,iBAAiB,CAAGD,IAAI,CAACE,YAAY,CAC1CF,IAAI,CAACE,YAAY,CAAG,UAAY,CAC/B,OAAO,IAAI3E,SAAS,CAACyE,IAAI,CAACC,iBAAiB,EAAE,CAC9C,CAAC,CAAA,CAEEd,MAAM,CAACgB,QAAQ,GAClBC,OAAO,CAACC,YAAY,CAAGD,OAAO,CAACE,OAAO,CACtCF,OAAO,CAACE,OAAO,CAAG,UAAY,CAC7B,OAAW,IAAA/E,SAAS,CAAC6E,OAAO,CAACC,YAAY,EAAE,CAC5C,CAAC,EAEElB,MAAM,CAACoB,KAAK,GAEfA,KAAK,CAACC,IAAI,CAACC,OAAO,CAACC,oBAAoB,CAAGH,KAAK,CAACC,IAAI,CAACC,OAAO,CAACE,eAAe,CAC5EJ,KAAK,CAACC,IAAI,CAACC,OAAO,CAACE,eAAe,CAAG,SAAUC,WAAW,CAAE,CAG3D,OAFAC,GAAG,CAAGN,KAAK,CAACC,IAAI,CAACC,OAAO,CAACC,oBAAoB,CAACE,WAAW,CAAC,CAC1DC,GAAG,CAACC,IAAI,CAAG,IAAIvF,SAAS,CAACsF,GAAG,CAACC,IAAI,CAAC,CAC3BD,GACR,CAAC,CAEE1B,CAAAA,MAAM,CAAC4B,GAAG,GAIbA,GAAG,CAACC,GAAG,CAAChB,IAAI,CAACU,oBAAoB,CAAGK,GAAG,CAACC,GAAG,CAAChB,IAAI,CAACW,eAAe,CAChEI,GAAG,CAACC,GAAG,CAAChB,IAAI,CAACW,eAAe,CAAG,SAAUC,WAAW,CAAE,CAGrD,OAFAC,GAAG,CAAGE,GAAG,CAACC,GAAG,CAAChB,IAAI,CAACU,oBAAoB,CAACE,WAAW,CAAC,CACpDC,GAAG,CAACC,IAAI,CAAG,IAAIvF,SAAS,CAACsF,GAAG,CAACC,IAAI,CAAC,CAC3BD,GACR,CAAC,CAEE1B,CAAAA,MAAM,CAAC8B,IAAI,GAEdA,IAAI,CAACC,YAAY,CAAGD,IAAI,CAACE,OAAO,CAChCF,IAAI,CAACE,OAAO,CAAG,UAAY,CAC1B,WAAW5F,SAAS,CAAC0F,IAAI,CAACC,YAAY,EAAE,CACzC,CAAC,CAAA;;"}
\ No newline at end of file