From 9714d0f03682f33e3c0cee38e1bf510448ea48c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?mr=E2=9D=A4=EF=B8=8F=F0=9F=A4=A2?=
 <99399973+mrilyew@users.noreply.github.com>
Date: Sun, 15 Jun 2025 16:55:27 +0300
Subject: [PATCH 1/2] feat(notes): use whitelist for images sources (#1352)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Переиначенный #942, но в нём картинка скачивалась с сервера, в этом в
конфиге задаётся список разрешённых хостов и затем идёт редирект если
ссылка прошла проверку. Если не прошла то редиректает на заглушку.
Впрочем, это не поможет если в конфиге не указан cdn, но по крайней мере
не будет приколов с автозапуском методов на основном сайте

После мержа в конфиг добавьте kaslana.ovk.to


![image](https://github.com/user-attachments/assets/6f72add7-1d9f-4ca8-8938-3e00be5b61f7)

---------

Co-authored-by: n1rwana <93197434+n1rwana@users.noreply.github.com>
---
 Web/Models/Entities/Note.php                  |  51 ++++++++++++++----
 Web/Presenters/InternalAPIPresenter.php       |  22 ++++++++
 Web/Presenters/templates/About/Version.xml    |   8 +--
 .../templates/components/textArea.xml         |   4 +-
 Web/routes.yml                                |   2 +
 Web/static/img/fn_placeholder.jpg             | Bin 0 -> 14532 bytes
 openvk-example.yml                            |   3 ++
 7 files changed, 76 insertions(+), 14 deletions(-)
 create mode 100644 Web/static/img/fn_placeholder.jpg

diff --git a/Web/Models/Entities/Note.php b/Web/Models/Entities/Note.php
index a44c421b..b9829822 100644
--- a/Web/Models/Entities/Note.php
+++ b/Web/Models/Entities/Note.php
@@ -6,12 +6,42 @@ namespace openvk\Web\Models\Entities;
 
 use HTMLPurifier_Config;
 use HTMLPurifier;
+use HTMLPurifier_Filter;
+
+class SecurityFilter extends HTMLPurifier_Filter
+{
+    public function preFilter($html, $config, $context)
+    {
+        $html = preg_replace_callback(
+            '/<img[^>]*src\s*=\s*["\']([^"\']*)["\'][^>]*>/i',
+            function ($matches) {
+                $originalSrc = $matches[1];
+                $src = $originalSrc;
+
+                if (OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true) {
+                    if (!str_contains($src, "/image.php?url=")) {
+                        $src = '/image.php?url=' . base64_encode($originalSrc);
+                    } /*else {
+                        $src = preg_replace_callback('/(.*)\/image\.php\?url=(.*)/i', function ($matches) {
+                            return base64_decode($matches[2]);
+                        }, $src);
+                    }*/
+                }
+
+                return str_replace($originalSrc, $src, $matches[0]);
+            },
+            $html
+        );
+
+        return $html;
+    }
+}
 
 class Note extends Postable
 {
     protected $tableName = "notes";
 
-    protected function renderHTML(): string
+    protected function renderHTML(?string $content = null): string
     {
         $config = HTMLPurifier_Config::createDefault();
         $config->set("Attr.AllowedClasses", []);
@@ -78,16 +108,19 @@ class Note extends Postable
         $config->set("Attr.AllowedClasses", [
             "underline",
         ]);
+        $config->set('Filter.Custom', [new SecurityFilter()]);
 
-        $source = null;
-        if (is_null($this->getRecord())) {
-            if (isset($this->changes["source"])) {
-                $source = $this->changes["source"];
+        $source = $content;
+        if (!$source) {
+            if (is_null($this->getRecord())) {
+                if (isset($this->changes["source"])) {
+                    $source = $this->changes["source"];
+                } else {
+                    throw new \LogicException("Can't render note without content set.");
+                }
             } else {
-                throw new \LogicException("Can't render note without content set.");
+                $source = $this->getRecord()->source;
             }
-        } else {
-            $source = $this->getRecord()->source;
         }
 
         $purifier = new HTMLPurifier($config);
@@ -117,7 +150,7 @@ class Note extends Postable
             $this->save();
         }
 
-        return $cached;
+        return $this->renderHTML($cached);
     }
 
     public function getSource(): string
diff --git a/Web/Presenters/InternalAPIPresenter.php b/Web/Presenters/InternalAPIPresenter.php
index 464059cb..eb9daac2 100644
--- a/Web/Presenters/InternalAPIPresenter.php
+++ b/Web/Presenters/InternalAPIPresenter.php
@@ -176,4 +176,26 @@ final class InternalAPIPresenter extends OpenVKPresenter
             exit('');
         }
     }
+
+    public function renderImageFilter()
+    {
+        $is_enabled = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["disableHotlinking"] ?? true;
+        $allowed_hosts = OPENVK_ROOT_CONF["openvk"]["preferences"]["notes"]["allowedHosts"] ?? [];
+
+        $url = $this->requestParam("url");
+        $url = base64_decode($url);
+
+        if (!$is_enabled) {
+            $this->redirect($url);
+        }
+
+        $url_parsed = parse_url($url);
+        $host = $url_parsed['host'];
+
+        if (in_array($host, $allowed_hosts)) {
+            $this->redirect($url);
+        } else {
+            $this->redirect('/assets/packages/static/openvk/img/fn_placeholder.jpg');
+        }
+    }
 }
diff --git a/Web/Presenters/templates/About/Version.xml b/Web/Presenters/templates/About/Version.xml
index c4d9c132..8b61d41c 100644
--- a/Web/Presenters/templates/About/Version.xml
+++ b/Web/Presenters/templates/About/Version.xml
@@ -385,8 +385,8 @@
                 <tr>
                     <td class="e">
                         Vladimir Barinov (veselcraft), Celestora, Konstantin Kichulkin (kosfurler),
-                        Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana and
-                        Jillian Österreich (Lumaeris)
+                        Daniel Myslivets, Maxim Leshchenko (maksales / maksalees), n1rwana,
+                        Jillian Österreich (Lumaeris) and MrIlyew (V00d00 M4g1c)
                     </td>
                 </tr>
             </tbody>
@@ -472,7 +472,7 @@
             </tbody>
         </table>
 
-        <table>
+        {*<table>
             <tbody>
                 <tr class="h">
                     <th>OpenVK QA Team</th>
@@ -486,7 +486,7 @@
                     </td>
                 </tr>
             </tbody>
-        </table>
+        </table>*}
 
         <hr/>
 
diff --git a/Web/Presenters/templates/components/textArea.xml b/Web/Presenters/templates/components/textArea.xml
index 2be32280..c516eca2 100644
--- a/Web/Presenters/templates/components/textArea.xml
+++ b/Web/Presenters/templates/components/textArea.xml
@@ -22,6 +22,8 @@
 
                 {if !is_null($thisUser) && !is_null($club ?? NULL) && $owner < 0}
                     {if $club->canBeModifiedBy($thisUser)}
+                        {var $anonHide = true}
+
                         <script>
                             function onWallAsGroupClick(el) {
                                 document.querySelector("#forceSignOpt").style.display = el.checked ? "block" : "none";
@@ -41,7 +43,7 @@
                     {/if}
                 {/if}
                 
-                <label n:if="$anonEnabled" id="octoberAnonOpt" style="display: none;">
+                <label n:if="$anonEnabled" id="octoberAnonOpt" {if $anonHide}style="display: none;"{/if}>
                     <input type="checkbox" name="anon" /> {_as_anonymous}
                 </label>
                 
diff --git a/Web/routes.yml b/Web/routes.yml
index 9738b740..f1cf2af6 100644
--- a/Web/routes.yml
+++ b/Web/routes.yml
@@ -413,6 +413,8 @@ routes:
       handler: "InternalAPI->getPhotosFromPost"
     - url: "/iapi/getPostTemplate/{num}_{num}"
       handler: "InternalAPI->getPostTemplate"
+    - url: "/image.php"
+      handler: "InternalAPI->imageFilter"
     - url: "/tour"
       handler: "About->tour"
     - url: "/fave"
diff --git a/Web/static/img/fn_placeholder.jpg b/Web/static/img/fn_placeholder.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..cdcaf5c585f483386a6c50b51c1faf276cea8f51
GIT binary patch
literal 14532
zcmbWdcRZV4{5PByr6{$FqODcC_KvErUDV!EwZ*6%yThoN+O=zs2sKliT18R2#EjZ2
zF(L@=e80cvbwB?+e?0en^7@>d>zs34=kw0V^*Nt)^XFy-a9>MJQw?zI)-Awm!Uu4(
z3UF41xHtj;IywM;002M+Ail){AR)AF5eRsT^?$e3ZaoDM{nvk+FenNj)BqX+=@RJQ
z@|r;Z-t*u0TU!?oUttdi-$#<d&xA$A2`eE1DuCOBg>T*Zx4!*vAtw5_CLty!BECa%
z=gxmbdY9}D>0Q!0cgQHn?vnpo2rWtqa>{=%{(Z>*+<KdYh=_!o^bYBNQ~r;tn=Swi
z86X{yPIQYFaGT~95zVceUH}Jydy@ay`xnH2<<@N?Vv;+g1U4uL6B_Rm*e4<)Fik?>
zm@qq(Fb*K5A)$RNs(gn|-<I@=7rof~qyjR|7q#6C2IFWh@i*Qd?vgVyJz!?x=HY$H
z$1fo%B`qT>r}B@gn!1LjmZ6cciK&^ng`K^Fqm#3XtB<dre*h#f=wn1=RP?8q*yNPd
zwDgQGnOTKJ#U-U><rS56^$m?pi0{oUKYDum`Uidv4oyr>P0!5!nVVllt^Hl!*xcIQ
z!5kf*oMO*#=NJFtx&<KmA6SI?{}UGt0oUz+_ki?YT(@oq5QvC|nB=kO9a?35Qd=*&
zCt~l(=wBoi)OO$H6gNOKyzw3<XXKJt<;MIA?LTDy|A2k?ze4uEf&IU@<^hyMw+Nd@
zL<3L)pxHdHm8CgOe~!a%06%%wuA5n|6Z3zJZExcR*PN>jQyU8i{cn)hE#n2BCF8uq
zH{n)52_qnvztKRrP1=MXbC_7BsTK`Y%~OtF)8Q<#av`8o<OR!6(b-Ga;YHbrF2lP-
z6;)JWb}%%IuCS~v0l%X}KAgZzdL`i&=GVZ{;;C~P1y|kV2r4{?aZRs)@nkyAiVSYW
z24|US=xPdSUEBaZCFU&K)pvh^W<vkD0qo9-3QaC(O==-?|D?<AfTg8>_ZwUONe2&S
zXB-PVx=_QUT<@(-6z*ppi|L8aXSO?2)SLEPT)Ir2OAGgtu6*$Mb`d+Y)X}J)lGvwK
zTvWSU^{Gp&NtyXh^9_J}x8&!<0Z4|U*=~Qn$(T-#(^z9Gt@fwngV#YU)o;!}HRjqV
z3jZ1&__FX%S#woBi<3iJ^mO!5Mb5khje)xmB`gk>-AsuP7q30&FZv+6Df59T{ER-U
z$HWds9@2z(2AD+te0L%oq3`%O)qtpO<_7SW&g%wXmB6yvpY%3-JE^(?FSwKcWAxc)
z64B*$?;J!e_#d}jsjmEU@D;z}z1k|voEyNf-nKDy3^Dg%QJv!e*A%Vxp{3R0&jC#1
z_<d!vEvpn9^>w=;rmg4d;pXM?L@i9<fl12vgME>9<G?XHGoPFTb?eobuJO<ISJ*X7
zX$TiOqgN>&v5!7nX-XrxhChsNi7N2R|K|Ml-4AVq4bDM;{QBr+Jc;!vY}cp)CLJ*6
zdVRQkyLU2nUH7nV`f3pv#9|ZP801)X10cS*f;A}e9Z2NI0B>Q0<_A(6GIZM}7}ZXW
zr5EjXn=)qYh67b=(ry3(X{RwymtG~GgKhwt%_w&Msq66|!P$c!vS&QC*Zerkwb`!W
zIgbut$ZZT&WZB&Z!>CXt$C8pq4>JPy2b~SCD)a#ZGSz__G7bV-Rvi@s#~ObtzO1Ig
z^}pW$Vq|LCi(~%Dth6vbt!@T;h8J1)1&~Y#AoV;S`KDQZ9_sl(U0(fZM3a}zP&$51
zBFB1CIEJ*u4@3c^ft;<~`RdylaZQ;Gf-IDb!WE*Bnhmy}RTdc@|6$-ac+B}RzB19(
z+Ew4bqr>9bl&PUCm^WY@h8Ol;@@%dtsP0_J>|_-YdJje206w~{bIRMH_x~19p9O@L
z1Oz!z<b7v*iruZ}KfX2zIo`O;8pm~_5vb0+V-x~C)~`e%lvb4pE5_vwsqkb}9E{R9
zyrvX?>qGfYnpx!uewu<wb2uFv769@)J7*4cOwQ-Z&Ci`(482w*^C<pcoW;vO<XtvV
zUedq940?3(1hMJZw%fcV=UBmB<d~tK-}bEM_Zh=4h`JG^=3dI+k%rjUym+OH={Ejl
zHD5#cNWts~L*t%}&Xm9tx}0a_PqJ$z%fuWP1~XnKKINoA_LmnGmUoq-GL|aDQmiQ`
zYsZ*ljVP<04Fyjcw|+DpS!g|z)v?rb7dwTI`m@{FEtslTy7;%WIcE@8sC*ut-8LV}
z3M%3=+>^JqyGnYic>_pS%Y-NUW)uF^V|1pxkh+bl8Lx=He<$tTC{0EC=j_x|u6Y@6
z0H>1|EYTX?lEGo&>t!brsqHKA?SK8ehm+re<;`YJ+F2OBPd7dlvI``3KBJAG+$@Yg
z<(;VX<7DvPv)WN3Kk^rAbAKDMMW;aWMoH9sNpwcAblP@Ous9iu=CsqB{2H8{z6FVT
zGzvMf*nnH)*wldn2W=W9CcL#bY#}gEMo%7F`)t8vSzGeNTygB^9EIlFm5|!6Z06bI
zfCKOj^`9E7AO`xW&9Dsbgj-uRmq_4!`TbHYdNtSJ78W)fVYhCzpyvG~fs9t2`Fz;T
z@h-yUZ?5_DM<eU(U3aFuR(yw(BJ9nhX*LmT)_CA<XIjHSDDx#do~-FASIG%Vg_llZ
zXw(N|4{5ERK3a6mARTE*-OOQT`w)+>tSovbP^lNYM3RmA81gXAG*IDrmiZJ{qqaFY
z*W*;SiO8cK{8mUE68p{V^+wu*-(S-nC<YvdB2RZl_avVEG5U5g-!d~hedY;sKNy7)
zEgu)QP!%O(p#3+12q5Lm8+1U7g4b)mxL+lm(fd{l%T`{=jPs8sp7m><zrCZ`1s_Jb
zGxeBQKtI7Hh6MscDug}C_&=Y=m+NkGt$kbnf)?NlHaf`Cp11*2ism=zG)&keT*FR*
z2Dn;+yy%+*iiFr^_X8=XqkBZ|S*0~kON`JM1WX^qc?ix_cRJOp$%;iRO&-WMy*{{z
zUX6yHc*cfPON4*Q;|Q7G!O|=|Nfu|NiB71+YjvkyR#ZDg{FphL-n*1aIn|myUqD@t
zb-f7>YSgo4jSZ`m>Kxt7gvhJoPA|og+hKIAvBLzE)V_<dg~9v0YK-&yAB88XvA>h<
zEjXP;wnZc=r%})y+e}*wP*x!428&y4b}_A&S#pmf5?J{SytGRWI$1lLi^PAhi=)e+
z4KjG`m60H%eqGWWF?PZUT){v7Z6~pc%>FgA#-n$tZy@<A(06$C>Os`5nTW5ow_9M#
za&*n#y6<1!M;?dN(XQP3tyN80;u19Mo4<+!pJy%8uuX&|)bxOUEnosZw(+jr0H_ur
z>H|QQ+8GJh)ZKtGSCa|}ae(rzq;68;+cGQfTs^6`5iP(NaEYtj{!E2p8^yzxgdMed
zt8drRH2jb3mR-wFZo^9q7?aP%7VJzIa{{(bZvgMY-dz6%QG_U><*}bJh#xlqQfHGa
zlQ@RcrlJBDlV??4mKF>1{eAlM02nr+xr+!ueqnb_&UVQSIYvpf+G5UDW}_#KX9Oim
zC-IsE>S6<4<#TE_W?b(&7&c;-jA`nh`sH@G4^;*}>ZmZ#*Io#M3FR9*)a`~MklN>T
zMS^TD-UDae)8=mbm34FS)`~U3NNqf{c=3}Y8IQuPr(>IDKvqn2benQ0cV2e+`v4cE
zjL_1B{@;rh8fBEpKUNgns7cIj3sj~*NwantR8sdYM?IYmDC4?f8#9Rt>zy{Ue{_s9
z^-kL2%lbAH#8TtQqv~AjTI{0A<N5$3Sr{N;AoMX$RjtaayVRWO`|}CmyElM5wan@!
z-|UY!fR_m`J7}HI^|5K~F3AYyYR6HY1MbGF>Rd?1*(@LB{X5Bl#cuphDg=A60Lp9n
zMHVG8Yh0&F9WJ3FG`dF|Y_isi*xRXaf6eMU^4NpeUU)z;?GGkC(e*T!-vfM2I#ze^
zOTfg}_7~z9xp5)9cPWphzseSBlU-fK?4tCdZUCsV+0RW0p5>24id^DJGgyjlt?N9!
zZLTYg-(}`f6WG!bHyiiU;b8--O~I=Lc_K7P7ON`J4UnG>4l)9XsJaNcv%d$IH-HR>
zEBX4$1Tyty&n&%~bAKC9=u#<F>zXG8M5VvQ>BGqgNp<65_^%vGml+JKq|MUAvSQ&g
zqofdveX@C`vGV>%*r@+9I(>d;xxuEc(gW`!rdeEXcg3m_QTOLXne!t#@rAk^ls1C-
z5&3AErfG(PZ**AQ@d+NEj!~<^&~8S3-ntkb@rOFKZaaYY@hZ3!R6B*m$8HdH2g{D!
zL2aPNgnEFOWJiYMGo%G->jPlu>Sxd3<T~@677z_2?gcvWV*o0gZs)hz_RM{Wvy2Qe
zlEep7_O(0><t3ex8N<hpjYf#g_1F{q;ut?pAAPa*9Jl*c(*5;LP*d9KpooHc6*nS<
z4O>z%nmM1zP5V>=SCl{@Y8L;x{$a{^$en1=)L)EKFZF$#w*L5XZyql=S8mz(sW3~w
zfV0qwe}Z}Z<A|3ismBAE$NaVYvgnhQogo+J2Fu;)_JEGqtEAzG5>gA}H&yAeXS0s$
z0kGCOy}I8g<VA%pAlfiV$QJ(YRgT1`Q_lx_Oc(C>T4squ$`^k)+^4MW(*wGb|2)fD
z`A~j4hARPeOvy+tY`pXI-0xgyAaO(t-$G>;8w)g@z7Seo@CDsgazsLrhS+zFICU8D
z4Inanl?V(E(H43b;c7qFF`!Cp>;G%KVHQw()vL|=*z#-7i9FW+Dl3dFY$%`NHO>x=
z5q4U9dzLlRSfR7Aw99m4H`4k&1(*8`pdXRIz^Q7as(*gq*^7%0I6&_vbHttQA6<?O
z9WROXIhvM4>E<foGcT|wpul6(eMy2GAH!UALL2pB^Xo_sqwShzt62`MaN#J{7(qDW
zNhGzOoe!n=RrW7(3k?>YgujHhFSGa<I9tO@n(GL8a5P@NKeyA#)}bE#4n?^p1QjBO
ztJl|q684X3ah3V>9kTO~dSk-ll;*0f#d}$}d%9uHreT6j+O0fPL&+M6urFNXHnK%a
ziER~%0;h)9qN_w8RoDy*<ueFsXzeBDP8ReAKz5cOA@+GEO9cVqH!(4d|190j-zN6j
zQ>|-Y{Pp*a!UiwRi~i*lP|eSaU!72Xm^v%d_0yvpz_w861s*zlcy~+bfuA024{9t1
z$X`3T|1~la5g8)KqCxbnJ2<YwNU>Z0>;>1;yIj%o8d#;c&N`)iuS*4mv#`hLTez6j
zpA=%aqAn@7*`!`+soh+@%u-5#ezwW?h2GqxMAAuHpSHYK9h2G1k($xr17IgfZ{Qv7
z3U!*AGbD6npY?)WaV7kL4Q^<&7j&=9&*5HmebLC@C3Oe!!o@$Mtb1ok52IC+R4TfM
zv?*in&ObQLDobqR_QDMRSbB!u`~*L+ZH+qaky~ugX##6k+_tuW|I&$$fGI23S{r{{
zcn{5H*!oeqshyoA)}EgaK0P{dKCPIAHtKH}L>xL5&7ON8T9D&qp_DfO4u}ZoD!Yw2
z7z0{`_HxiHZg)KVmV9iEu8Hx>Y}D|h(CBhesHiqSc$BMeX?ItO_U)E8bEt|MCOitS
z33FXyoAm6>$dVjF?xZKH8KZ>X|K5Ks%_;D9jsI=e!-`ui67#Mp>tKZXMpL+0Np#86
zLH&?A>lP)My({L8aF%d8y*Vdrb?YRM6EfR9ZndM|3oXOJdRlVQO_RHnpNRXo4Ndf_
z&^08t{WWaUUj2CkaMYs_=^cx1QBhfmyNsbu3{kXWZLshP9lL^q$^Y_jDQ(jfzT17A
zeW<qN=*Ov^tJN+Umb|o7JqyanOmMbc*Vksy0va?<ocgzgi-`YSo>y7{^(@crV&4NP
zaW3pN43V=R_YQ?Qr~P(eN0V2T+Z0jXlZKKjzeaYgcv(B`Z=*P<TyFpk*SYS+uJ^~}
zLlo+pMehCho_tqCIHU}~PQUs|kyXK0vXuFS%yv0)H4g7kk!q`!XDg{YgpR8_O)twt
zN=up?VfF;=TU1F>Lke2#b4<%~la_MR<|<SAXj23$zxt%RnKGUkF1_^d0QuDZ%_=c+
ztx5U~&f`o}wG0(|qv6)}@%;(IdzJD(x#r?c)8m_yPEn83oj(BrBssrr-E-TUPK-Vj
zcu2WN|1ig{(O=vWDc%sZB&KKh&Bsh8Fy|mYvs>o_)e4omZ1oUI;2)EKC`n`DT7Cf0
zO#RzQA3nof@3OsG3@J+Q2b&#=_gxsfwtwEej8&?3_@awuic`tXvk0@Y2w#NQIked{
zTA<ZKr50O*<8_KsV6B174lvCx$8fsa^|9Y?_%PNZ;L5t!BB1y)@!(A}`DC*{*}7gj
z=g<e85PXFpJhuGX(fS#Se`9v~=#t4Y{OmWT;#Fjbwb^RfP&3QKOlnC3JS;uzw6WuY
z<2f#RCFlAPI$n;cmm^N;HQFQ1-R&YQv*@|RX^i`f)cXUEm+=#ymL%T7*8BUO`}qy!
z?e^H*`8E;8wjE9#@_ZYvY+GV!Zlzsr35)CGm$W`eNJ=)6lHF*hw!J%P3RNv~FS&3I
z4mXL^;?t6wb4I!-X(M&h&)Gc*B5?~1>N~^<a1211Ak@7!ypwH0t2OVAU1pg~m;WUA
zaU`4uf7-m{{vD+b9jsIRv{23(r|?+}$T@gHaZQ%8MqL};t={R%acf5|SoNx+5Tbhn
zP-_;xy`T>El#mv!T&r^T^3Y^P`Hjkqbz$x(iFdC}aq1tz8%#Raf~`G}Q~1tUafMBh
zU(+%sA+_}u0-)-%R!z92CrErrL4?3xLWX5C?^@?RH;k|X6YW+W*<|Op347ajP``~4
zU(vxu%5P0xKes_I!^Y=H`#`k#dl<D$wD>>@4&2YFmItETLC-0Bb9VeAL_SErwS^In
zG_|_JKL8f6js9pVHv$t0YUt2iPJ?E{du2B`HBsD0{`e}Fkf%6Bbo~nGqtG=wo*jKB
zZMB_oE^}@2BwIC-qIUS_pY^|X$)mmXw3=Kwvm2gW%Q*fTJU#94s!0ZHI23&Y==*3f
z@w&NT8n6F#VY?;j%i;Zn3`Q(;-KwQo7GQbbsDf=^{07hqM9q&UXc;kR4DysPcbDd8
zCo2hM#3*nw56Q%<M4;xqQu%#&a&z~Yt~|nErkm<`x_a!ltEv#yOTQbyk6PRnW+I%$
zB~JmZR#vHA7H(&0Hs{PVAA;3l{PFbj&(GRy$SCuT+#VHX>SL)8{AGks2WydTwbWg{
zMFCBD$#LYcwQ$=(P#`ta-w<t!5<%jH9Kl7@3{)F-1L(;wJU!mTGw2y%)T6^!@;mA9
z)~lA|M9yJsp?ZdVJ^`NcE;9#pOG0f}pKis*vAGElkA3*!5KZiN66&$ltv1~!^eLKy
zB>{z|{?l0CM;Z$mH-%kIslx2K=~jWQmX4nnRGpGQf~@X-bpvptjsUVZp+UW%Th8H(
z?m|K{^3;ra)d_T_nM}9BkhGSX?g}M=E(Q1Rc%Hv$9tkz!d<SX0C!l?ocaw=(q`Ng_
zFC?9#SD31|AJf-oS)5vQUJ{-*HqnBgLUZ8hIj}vr?n|!_4g_WsOC6;^1Bd+B)J*9D
zGPmcsaJxt#x8Jn1O+8e{!lOu@%-JSBGE1IFeIYAObszN*CVX)q9L+6X0!uhWYA>VZ
z#SX+)+mK=xiBv7Q+R}w-4a-ZeV>-T0(@N-9%YRZ<r1u>z<stoJ1e=Yb0h~{7iE}*)
zr+~mEaFa$8l4Pq+i0@6UuehWBNqQBfPHYDcChfaKx=XK0$4asy)1p|zsg?#MM*kQY
zzaM-P47dZ{d~D#mEMc8_`l`YpwfXDbSYHD5iq-sn`g=_MYFS@Ctp(VwXI$!Y%k&KZ
z>CTPFGyv5vM1z13=yQt~Tbd4!>+=p*Y*x|Q-9y{889!QrTAbv~EY-+>D;S*V{<i`x
zulRi@k1URH3G@^%+31YFMd@_MDv&)yon0z6oC;Uplk9Bsq@G8}@Of)0a20wwb3{pz
z9Y89;|9%!+DOV?47O!x3RfPSIa6YP?QNAQTz3Gd%x?(*|0!AxBLGOCv8Su2w_zgVx
zV*6a=_ncY-L(Rx;(d7hU1sWUfmOmG+kCQKegrn-VEEKUBE2fRVC31t73>nLPEt@0T
zOqfJ-xKJ~u?~Aen?O2DTNQX6BF+C`z2)q);Qu~S^H^U|@mcGC+YCm-xP;6>*U#)2b
zb&Keuz%c(~6}?;UGCp_yQVZLzc~Z4)yQ@5DRd1kg>E3FwJ2bP%(4ao{#v!`EhCFM%
zytuG2AsLrjQzMYDU#H{Tic7Ee<eIk{?~nWfc+TG67!q87Q(q0}Ywe88W5QJDS8X$i
z4wge+V8_g&_KUwQ6ny<$#7O&mw06DUMx4&WaT&2#6jNk<WHYgUQN4TN?^L7PE;oU7
zpSSKbUJSg#20g6K|GJa$iCz8;Y)T^90}PKoG_`VpvFVr5Wweb;3J5a0$B-8BK502Q
zG}`X<NY(i3Mrq^$>C<;lZzEX^r5@;H^aTMRttht5D2aVXzORi_d;5=5fd#40lsR8k
z)kcG4_y&X-yeXc#>2P)_F?8@O<0_YXIw%@3?9jsbxyFNpvcVewokXnd<4djnUcvE$
zgjrXbCtoyQt-k|_Fqms0o}}pVUj<r(f!z_vsblc8LCsLMF8^VeNq!d6eJOkEBGi4A
z1IJ6<eUD#Rx|c1y*G9CPYaVP`K?1XX4eNGI5{!ecro6@02w$aix{tAJSv2PNfMUZQ
zH_f&IQ&_!Fin>l84ad8f%{<oryu_^rd{0z;uuPChqx_Q6I{5R9jT-<fi$OX|b)r)6
z1}JnMB+miDsdw8@q3^^|N8u?}b)?lM_kVLST39D5(>{Gb2y)3($`QmbG%Ak?y$2MW
zRq!cQvGx5rH!7SqGXCav6@Rl!W(<J;cJF5ZPh&g3Xj4q+fWy}BXpNd=^%ojMTq{(?
zvzgW|OLDjyfK0>eN%jqZ5_13RrCP2(u|@tTv9Q0DccuKlUykSK2=7-tF?L8+gr$Er
z#WO8mn{pzXU37)c_d3ox2gRsAaIiXErG>j%`(S^Lx5-H^%Ky0L27?%S%H~;N&3L|w
z?I82ktY4fCdCYtJ)!1_XWO+?HRgouaoGYF2Ws{xGhje%W3>DO_)Kz5lGSKwpWTAkE
zZA0d2Eb38^x=;hQOGMu0ZVIm>xUb&<XEi(j3Rc{Z9BNpnH|=t)r?TmFZbKpO_jVd-
z(2@-H-77o^hBKw;ZZ8{O2CpnLL-bI*5e;MPIJ#bci~bn6nQCzHPK)1<Vb4H!e$qs<
zMNO*s;`{2vEciH%M(O?T%iDOlsr9Qw2@y(MPj}ON=xI-gB<7zHS6`QSH`JQ;_vbJA
zxrQ54KMubc7>0N&6HGEnM~E~;Jx_7%f)Kco+z9i_eCzM?F6Aw>0SY-hPTXDh+t9@L
zbOmvAFVD}ek#=|9UFrrxOCe*ImO6<`FHi%QCQFKH!O~p0)fsf7t4dLPtAJave}RnM
z4?Ae0`+OjkgcFqMnmeg+#Hlx^{-9;LM)(F0D)j3+fbY#8vnk@3|FICS9(QE|9g_dv
zFNm)!U8>bKCTk6@IGs7T1UnSIyk=h8TN4_^#X{oQc!@Ivv&V<D&QhRrTkzJ##cby@
zJseMO$KBei8U>e2W!xp<$5M(8V<Z?<s!OdEpkl_iOFL(;7BneZpXu`}mm#I7AA76~
zEHj^U;yCkrp&yxS0Mp@ihYum1S_sTpWQb)2E^k8d#gO9llltb?z?B*IxnX992rKTK
zUu2LxhI0ei*Fw0lnDc(8#L;vnI@O6tfg_&7(cJdSy-AbCn&C>1Gi~e``B4arC|SXV
zr4D8QZ{EiWg?l4Qa}R@koG0pZF4gxRV^px<tC|~t(+z;-dhjB=KaNd`;GY3SG>T9;
zAG^NNa}*X9hI1wSb5HKcXpjH?C-YB+??KOZTBM*g78Lh<w3^!AX(fO1STVmZ_srMr
z87F_&Geu=UqG}kJS!PgTZ~P)yOS7~(6W6)AXxZB&M>u+ZjKu;erWAzMp!Za6L$Z71
zN?JL)tTi-Oyl)fyUj};oD6yZH%-(ElOba)Fm9jk6xED8o4{_=!<xn4ST*?YIuawz=
zN8a<>PC(BY7%zW~Og|NchrfjQ^_@r48Njt46pd(S7-h8tOz%veY<sGl2lwVt56f6I
zl7HdTnr=Qx(Oqb3mFM*ghF_Wg3>#3QQqaf1uovh%kp-?6j=2u#Ekr_NW+U^%v2xYF
zi!PY?d9@<SAKFP=b>g>J&RrSezm_G0_{@g!ga9Wcpz+~EzM&@JED%$xhUN)j1$qAJ
zl85&cz&;Q850ZXy#k)fsJo#qRNng`La?>}y?4@K=8=iU1yjpi3T=bqRo<|IV{U_8q
z=<MD~KoVsFU-{ISE=Hu_JcFxECIXJyT2!U>!oCu8AHxurf~^}sZ9v>L)3S|L7PNOn
z&Xd%6e13F%WCNta<^8L~+>Fc}fBvU}^!{hrC!IjnK2XEvzBp!d7h7`$mvnAu#ZGeQ
zqV;<2F&PFYi2slh6O$+@J~!F9uzMKhcKQ5OhgG<+c9>Ag+kPInpCL25nJ_e9-6O7@
zunqZ0E2Zx5Ex0sG4k`<<rQ+X9%fiE8Aada+&J;}ALx^i$^Wap;15LyNEzY8g=5JTg
zT_0?4pYr*zYAof0Et)YYJvNU?wQ(gYib6F6os>eGD`|VY4z`mn_D;C!qZGi2Jefxe
zDn(ZJBE6>5Wp!hn;h=qD>#}6-6k#2lU-rFCNc}0S`yfMoQFyG<+V8;sv}?EX!M=j=
zN;WS}pz4p!?h+?L>Cb%|dsaVMvd!ka+r~eTj6i!Q7plT1#$QYl8ztH84@2SbD<!yG
zw%kc7eIelr7M4GqVYpU<<2#EghGIXW&j#|z=P7cDdJz6W9KDvE5)vk+2>$KY$lyBo
zpr$OV>SFDqcV5_p&aO@X;s?dphpekO*A`uvodV0>j1`HN_>=?j1+C|Rp9jDGzI&$8
z1pvtM+rp+`EZg(?LBi0%bEIR_v1w=ar>-}m40bW`%}#9T7%*6SbY!k3`f}(De_c0O
zCB!XeX{Jn<-!|S`sW<iBU<nco!g;NQf>*{8szXM6dYEoAJH8<TSpan!(GMPKKiDL4
z9jg1vYg=QHVBuFYTx3}do4u&t^8XFfEpl<;ZrN!MSFhi)h)SpF2bXXEGdL0XKwsxT
z-$ohwqcn>y{=Gr&Pu&efcW2DNif3QD5-JC=aZl3jk~$_Sk=9yvfibDM>zNeKy*U$O
zj<Dv-ILJoK*E~sIKmMV$$M1K@s@>E$=I8bOljp9XEuo!;<Wp8zIo8EZ;YA1eo>^0u
zV<_sq?Mo&6>!~*w>fZ1O;KSJ(Mg`S!o9(1QJ{9DzepI_Ws>9(bFWjw$7Egl<<n0M(
zg{bRe6sr^ULnK2z!)X^-#g;MKB3VX^k&uMJ^WXfnlqK0INm5tEk~XH7xt%NLv?W>r
zelGLcLpK1QCK%=bTGmE!DUZL4bEr^-hbZAxSFd=mOFXel*hw8_3DG8sCmPBQhVRpe
z$&Up@aC}UA7uY8{U{y?dF2snYOmkIp^UVP6pQdYjrI@#hJ8#NW7X_5Gm4?>U%w)7P
zx$;Z$*L{|E*Fg`%yEUssUa~N~4`bVv<F_7q(}I!yWcz+n??oAHADFoMOql9fyq%4=
zX8)varKM_T%9UHRpfPuy`-Rd-aR)XyVkTC}1s1&f)R+Q7Wi(a%M_gFM?owv#QkD?H
z?-&W`?L-?;lWZ$7oI+_KO5HZRn6$>GNT-7Bi}sPe_IU9TqG9e|brp}IT<ndwA9p=#
zl98$6loT{f%Zo)y!w=o%!<bHG?P5v<!Ff&kO(VO6P{h)5<dxpPLbU*5syhuNcLoZz
zPSx0@sACdR_2*R}<K6xlZtnJ)X?lkMbBgl4pVTjB$2gd-<wK0GDkSd-nBn5F7P`<P
z8_Ai>Rcl6dNZ4dU;h2|vBsl8TNUgtGtXXbVw;5Q@pjV5X5HC5zBWB${(xwY_KXuMM
zxRR_}I&?SSB<L;qiAu!yTY*eJV7SB4>{1QiTvB7`C?en=?kCI+zN7$386rgiX84g*
zp7M^sbQCAER!SsGa#Z@6HGF$gH;esFK)01ZuhHLnN(TPqWQ2GbspK|Kw#jzI#qmn#
z9254RtFi_m4%FBlL3<_PK#aGk7n}!Nv(GjNw2SSW^<*W*!=$+SjbIH1D*W_G6apWp
z1TcnuHq?_O=;UK9MDByI?b1j~=L1=W<GE4_=@IA4hq_V*(Jn7&&*4@0nGUC}RRzY?
zmoWO;2lU&Tewv8w;x)g&({0eLqHAV#Y=grwDV~vc0LLlIPKr)cIzfU)H75n96>6Q>
ze?J4*h;D<P;rKvTgfJM_4PYPYhvx6R9Jto#Jm)-wA~&(0W|bVmaeV1Tt7G#ZY$9f?
zUx&PBwJBMmlU}*Vd8b8bUf9!S<F0$dFvP;|*L}oLokqzytHwarOiO5PgpF!s)mxsu
zz1U|(!0&9kTVht#P5+dlPuBx2_Jxg0_I-1guC9dO7cOsw)%^q=SRgU#t9~vow4|4Y
ztVV2xu*vO77q5WQ5b3^ojt^nNArCSA*_AkL0}Q{*JbX0o=lD+qIa)POESY=!y;crQ
z`+J7-krh2!$j4RBPabWmE3LucPmMzP$UL^rJfm;ZSUEX~IGQ^Gk)j2O+oYMy#+P00
zz;sTUM3|G*-^qhhYmfY`rLu9`XONe50y_{_->MtH`hpRiwPCDw>5O+kJwoNQhEm4%
zeD-I4EfW+^efa|SvA;zQl09&Jf41SuVhOBA0m5CN0&VMqWo{*tB%3pWecsliUNjH#
zcY8HBsnhT3zS5sj6sewV&$3|eXXQA}N{O(mvZ=h-sR@?Ig;wuw>XC2dHz`3Sb9Ikb
zI|p`kq<_#rGEozf;k4V&c1#gXulRf9$Y?3Nn8B$z#r>uvx7nioRT6~;8(F;l{kJ{a
z8`|2n5@knqUZm#cR>M7wkeVe;xw`)bWr<Hk?%=I&08tq@r83E->K1!!*dugi^U=!8
zqjU}HjgMY;Nzg}hRBuxNv<A<T)z=9gRz}#RV+ies%RU6?p|D6Be@2p}&}nD1FRrXf
ztUuDpXZ^d`KYazVRv*Tb{SR#87nMB2ot_SRxHDoWgO#$5EOJgARNu%h^1ZP132t{U
znl1~M?1(d*cDO>^0PM5x-h+PXbf%_so{vygJ%CobCe7Q-$ub|6eR#pnOzQWVdPTWr
z>|VI)%)#|z*KisICseMf<*Z+XYR9ynz`K`QnRA!lr#Y>^uC2d%3)r@Pl_;KBF(;fQ
zkDuPhWxZ%pnwR9JZ*e|6Hbtx*0h_PN+k7r>T~DyH#~G$zv(V|es9Y94rByZzFr~8i
zc%E^WGKQH4wfNH-okvB)XKHMF<fiq!-*r7IO)V#@Wp1vtokQ}saT))NPvgw!h~(CJ
zb%$En`|C$+0h-6Bi&EOMMc>nDH>B>$sPps0KcnJ&D_y;AGT-xvoj+Ds7hD(J7$L;x
z1H|3{ID@FF9=i-@5>&^;ytO_H`$vJ?CA@XjqUW<R_s=8|@=}{lkT+{eqh$?I;Oz3f
zm6+mWa|X@?HSO9*Bt*?z?{O2UfyR9@-qjwFeDJio=he%o*$-{X4j5MR#s(ZG45B9E
zXJ<zU&<w*zma%?AKdP{KzHu#@&nR2<MjGoAzOwWuIGAK*`L}dzZ#Qi>o=MrgXaE}+
z>du-@m(3tcXBU>20`cj;<n2vTgFFg++$HxrGJOOY=Pq@6P4>pS6LqmfcX3G;O^1%|
z{<)cnGi%?UG?*-pG=G@j5|RA1P15kRIk3c^JgG9#JoD2nb*|4ON}mIMZ{k%~G1c32
z+etQq?t-;-eSWkb(6z**0JO$vAgU!nug79E2DShRHvfGnBuSx3ustbYril=H!zlHH
zcMi56KdY(nbJSN*^KM=wU*(zwD((6t{O(|bfP3ccS=92uyh-l&6S)I5W!MIHG<P)r
zChPdw>3ms$e{D?tbwoCCi+O2O_jcrtSu)_kAWzO?t@{ne$z+B_Wb=Gn@vS;iOG7lC
z?u=8!pT+YxEwgH({6=nXnM0zVPf5%TkuqMSMWi1w$lm(!v(l@3^TEor>Lgf2qs2YA
zYT!~vvD2bsrrXr#86cqSAaPtwq#@h=1(By0qtVGJ>6A&1fV*Go-Ynl^!>B)9YrC-q
z+T|q=N-73yAnd0Pv(1fXzuA4XhNe8s>0iO*QM;`veNjqtT%{w`C8cKi;796t5}m;G
z=kK*KQZh-gQ}or^?LfYw>{|4CUQU22<0i+^c)#8az@p`@V7i0|A9)c>w2S^~`djd)
z^)~&2Wve+hyB?@eQ*&97PLV5PhJmFX@ybJzEJpMD(u*>$$=*<@Gn{1XtzS|>^06@!
zcp(%U?*OBmA2bHYsq}Hfu|BY5vieRg_mS=nvkGU#(T@*Q8>BL*HoT*VNNEZAk=FP|
zkbFs)C7i=_;yPUc?;$Q!Tt<GR*{?9B?#FoU(GW0=)b7|BkVmUy@tCl*6-5!v2?f4F
zYnLX*3NTxFtahNgKcJKuzzeQ;AZxYBby~xTiT;6Y!f>x&M^>=$+BD>8o7Zs0`I_F5
z7N|o#d7h?h`0?}Z=!{j){+(6g)WEccru?X7=+B)J8#uoU_Xw+tyTo?UB<7sMMCI}=
zUJNt(K44WTR*Ax6B&x&}J0Dpm5%5ZnuEJE!WM1pDM*qE#v4TDrFrN-Qla5|oqvI~_
z*ErrONz<jaq8ZQ)nrVvEz{>$Qu95R9#zkA>nQIBG1iuc(D2(EFo3URxF6csq@UnHl
z%6oTxJjWPK1#bXBsvO=guTRyL<dTsVrI97O^Y-&<wYF@1RohL@_RPfLDtXEeKZx-?
zHTuvfUFLM5IJ>rGH*CPsgRDpXJp;w=CE9HMuo!{4YkNwDx6_PmTLP&j8%G{#7Q3=P
zi8iWJ&XwCRQF1lIopUR454gy1*}dfz^ef}*jFoasU0BETm0kJY0HTkcQRN0xRC&)0
zRqaQRQ1ku{nw<sJj%Jj(a@3#gOZo)c5>L$GIX`I2a(@zkegp6XW!_~r?E3o}EkJ1_
zY3oJLC$l_1oPLIM_n!^t%x6k4d#TGFmvGh4>=|rH=nHKC>NTP_;Jy?T1|Mfs5R!iw
z$p5&Wq|zyxO~k2f_Qc)w?BIb|j4F8K_p!KXh0Y&vUpMBGbjKQJ@iDVK5R;Q4|Ljf1
zSwPzEV65xwKr$_PRvHhh7>(a9!Kl_~m)79&D?p9^dI<!u?l@A+EGnZr&`n4|M`WLy
zC$nUiY38oiRi5R`dfK0#Rw^7dUWQ;l&u$2v#p10iTqa#u^5YwWVe;8yO;&S@uJzjV
zvoc6*wAz~*VVPqxkwkHjXvFFey%&9%c}4&I_4>qw#n!o|mc4_JJc_8dC!!Lrri7H1
zo{Y2swS&byq_w|GenBS{!4@qw#JgT0I%x2mI5sEnS3D3SPz9nnaY8RPXv24zOlI%=
z9ZVH`rM(UqQak>h0}l&;c=obCMtgn|Y_nWtbKTULme@`EK6y&P=dbO~p93qRil+{m
zsiAVX0qDbC#G6Vqr8as^OFDsz;qG$4(&_I`!selFie%M+`+Tlzl`g#h4Jdkqo)HfA
zW1N09UJ7mV5fi>j-2-PbY{O9ZyBiQZ&vA`U;R&4|+C)kgG}tAN6WvF;ppduHZVt?=
zW+B9qV>JAre_HmB1}f#H$|wVp`E6)5c^nLg+mgdx2TczAJ*}NMtK?-OVU<`G(Dcy)
z9$8J)&uGqH__Et2&;H^)oYEDhNyzd{D^4xp2;}9HI8FBN$QB5TFvBxn6?QO({SI$H
z#D}rtf^{Z<{E%MFK(va<jHHl6M_HL>h3J&98%rRI*f0gs=@$`ksoK4eb~K2Px0zXe
zJx0(E>OJ>$(3dt1q&9KJ6Jd{V!u>;=MlpuaZyJbL|L#G~Va~&c@6VvzR-JS@zYC0g
z3`^=?ZNyE?<j5W@J65H)$Zrpr3ilaYbg)+iR!q#5`>0u1OqPxLUrO3HjxXyWs>9eI
zPMTMB3V|3{uc>Lmns)x&rpj!aQsAl%%dE*%RU=^1+!c||I3Q|mrS`3-;T^$Y*93C{
zhv;0YUQg!T%QwO4mxc`zT(}7m!Jr76`|fnA7~MuesTTOSOF-0<Kl}fvp5I23IkG<A
zjbi2Po9$MR&k%H(@=lmeMeP?QHfh3&r{DoavgkQs;SQ43oMu~HSgLGV>Y9Md(+)7#
zG%72tIWK;jpj1I;Iaq)UIL;o#^&MP$xYugCHz99;4)_e`eGhnM6zfYR_~!mUF}40N
zQaLhzWE8S6p0Nb=4Ky&8SZj{NyW&PrBJ_P_t%~t-GsP1Fg!~EzU3$@n9{pbZUN#$+
z843*MW61)U+y@AF8~j0yQFZXSqZyi^O#j8dolS?H!e)Iz<;#aogxqT4-;E8O1k3FM
zo@=sZZ!L?tP47`M-z%|ijM6$Es7XIlui7Yo#l=~mOA%m{Ck5Cv%dx~xB-^3f<xGzf
zd-y?`>yrv!H|L`>$>~g6?!@8B)wQCmy3j_wliIn=m38Q_fNfDxmL_oND7>V@2{}u*
zy^QdT0y6UsgtDqm7Di*s+tC{B;}So8G3@Vrw>^@(Bwl-UJXoU)b8Av2p6wNbL|bLQ
zyzWiuW!f0tCwS%e9I<-5`}XeAtm24~0d_}eyZBj3@8}oC?CdsUS;<jx`=$B7%Z98&
zSU~gU0FN)X{%U^xW^us*ytFvKVc9>$blK$4=R~`ANoG1kr)X@gW*&)sJt@(y)Sch3
zl(5<vDaY7Y(2<07XLr&LFw1=*`OE8R;xWPdDk{ru3Vp8-iU~%I^##k{Q$j`eDbYZZ
z@9~R>yo|P<DQmSf?x*S&ct|V5Tk(+2>f}gXd#QnQZ-IkXY{TOkpF8O;9c;Y}MyjNz
zKW}c|eE}SqbbUCSr+bZG{C|dywt{By^q1W%W09S%hqMbim$Eu5_kf4iQ);=8unAj?
zFf!d~>ea|mg{P=@Qpm?gHvk3*A#Cfg=E<zsN=OvQI%smgUy?a<njJS*U(j!&B#V44
z!%Xq+t)jrh@H4+>4~*43vjzn&7ZoiLg>^@YFUv?3TFJ^sD$KdVgUfIw0zqoSKQB42
z?`mH1;CL<D(MtPlYn?>6l-{$fv0h6!bx(Sb0_({lqkJ%*&DyJ}(H~N@FZGM=Q#3eL
zkc4TW1Nx!y`Bc6!cqQ~9>M-Vnl_InEOiE6;-3v@v7ay{h^xa^YKRziLzy^z!8umJm
zOMPsZPQ_<w?Bt8|$2HAuAr>FX_M1b0Ev%BaHLTOaE9+a_TSH8nVzv;C<EOKG>V?Y?
zj@1;Lx7kL+_wi159XdT<NR|}T{<feyCqHu#(X^Sr<k3KEr_1uZ$bj50;1f)A{}_!c
z6ZRq!j+ZtBxjVErk+>g_Jtxw6z$F;LIA8!)urZ7s(9tc5bxkQNSwzleJ9tXMTcjKk
z25SQ&)(i;!ab-mw`%UMKu}v2+d0)57H)~ih2L(_9!l{BT+XEHgb)l$?-q7Gz7(#M=
zBOyIhuR^70djdS6a<75*!{a(pWMK8LK*yJ#eL(ju!U*yA29x~K#jTd`fld~rIY>`o
zHr>C2zcrD$I5TtOP23}^R&jB!!8dw_uj=Ca#?xe{4BG4-bOw5R4`eKAmV_Y|+b=%X
zS&fXR$)y=($J;TUXFQ1y44uj{-3@@b9>T8^COd6AqX^3g*A_uMvEg;vU{7+q1BN3y
z?CH*DtC)LvQ6l!=Yo`{!tPN_*<Sp70-Ld|9AS-!flR(HGg!oTf>Y@)niJV-98jS4)
z<uEeUy~s#EA4?G{xUF$K+COw@>Q=Y+gUJYNnI#(MZCW3TQ1BaXYzffWZC+NW7mb`I
z$8N;i@p1>t6gRI`C%c~MZX-g+5MlITy&&RnC%t*?9;N#HeeL3TNL)Wq5wjEiL%K{Q
zDB03^iK9Nx9M#hD_W5zmF9FhI<#P&3ZyyZFQf>84(C3*(Ht!46xjD0EwWocuA74U*
z#xFC5F67wo`}jA7fhOWKQK?|l5Nv~$VXQS$b4dq&uvb&~kI|6m_jthq%lqf&fp1Vb
z2J`#Hhdk4ht#z$+>WdtW(3mzA%*WMk95t-0mtr_K7&V%TkUL8R(k77V;JiGAel}=R
z1g^y}Zd;hA5ea<8l%LnlDLsMQ0I=~_1=j*NM`SmMzC#{@=(SMHE<(Cw^|wl(i=LjF
z!9<sO>ZLRkK4#@m=_zn~x<E<`QCXJO&U;1lr?X2wp5RmQ;Umoz*rgGw_$w+)TN}>7
zA8%McecX&_yvTPBd484Car>HJ?*lqrI`2S~v~gb$Gd5I{3gV%t8dhcSolN+$wQll@
zEbo8b|Lu0Gr!`g{;GzYJ;4&{Yu74{rE6A5ZR8X`1P#Q>z*7z5xjIy1J_v!NfcfU!A
zX1s2;J~02Lr;wEcG=%2yM_O6ic-k*CcrJxXxIBedryVYsxn+yy2}im)c!d8qkfFn(
z#pmK%6L$4Ih2@=?_-S!kOutM`Ny1oVLhozR5mh5|eY><T_D&`AI*+oRJJ`#N(3?vL
zn>E&Q1yIVx3dp`tjCayy`V*LBSvhX@y*U1%!HYXDybvdaX_2p;)5^>Iqe{4^T;BOh
z7;Yq49UnZ7CyF08^#>_L)$JEn$Y-f8-c@z62ir@2AxaFFds;{F_}MQRH+`eROf6AL
zdPN^qTCG*C>Zjh2+p${wDE)*1f(F*E3KG;>|MbQ4@H$oB9%w}Rc0lp!Y4OCjEE8JY
NDI@haoV7P|{|myYD<1#=

literal 0
HcmV?d00001

diff --git a/openvk-example.yml b/openvk-example.yml
index 6f26803b..525d7cf8 100644
--- a/openvk-example.yml
+++ b/openvk-example.yml
@@ -60,6 +60,9 @@ openvk:
             exposeOriginalURLs: true
         newsfeed:
             ignoredSourcesLimit: 50
+        notes:
+            disableHotlinking: true
+            allowedHosts: []
         wall:
             christian: false
             anonymousPosting:

From a3634c19cf43ceef9d52c58ffa421e8b7d9f5933 Mon Sep 17 00:00:00 2001
From: ZAZiOs <85897688+ZAZiOs@users.noreply.github.com>
Date: Sun, 15 Jun 2025 17:14:02 +0300
Subject: [PATCH 2/2] =?UTF-8?q?=D0=94=D0=B5=D0=BF=D1=80=D0=B8=D0=B2=D0=B0?=
 =?UTF-8?q?=D1=82=D0=B8=D0=B7=D0=B0=D1=86=D0=B8=D1=8F=20=D0=BC=D0=B5=D1=82?=
 =?UTF-8?q?=D0=BE=D0=B4=D0=B0=20audio.get?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 VKAPI/Handlers/Audio.php | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/VKAPI/Handlers/Audio.php b/VKAPI/Handlers/Audio.php
index df9cf935..3e133ffa 100644
--- a/VKAPI/Handlers/Audio.php
+++ b/VKAPI/Handlers/Audio.php
@@ -21,13 +21,7 @@ final class Audio extends VKAPIRequestHandler
             $this->fail(201, "Access denied to audio(" . $audio->getId() . ")");
         }
 
-        # рофлан ебало
-        $privApi  = $hash && $GLOBALS["csrfCheck"];
         $audioObj = $audio->toVkApiStruct($this->getUser());
-        if (!$privApi) {
-            $audioObj->manifest = false;
-            $audioObj->keys     = false;
-        }
 
         if ($need_user) {
             $user = (new \openvk\Web\Models\Repositories\Users())->get($audio->getOwner()->getId());