From 02c8625411dcb96e1f63d58c47460284e15b2e80 Mon Sep 17 00:00:00 2001
From: oleibman <10341515+oleibman@users.noreply.github.com>
Date: Thu, 26 Dec 2024 21:10:37 -0800
Subject: [PATCH] Backport Html Writer Security Patches

---
 CHANGELOG.md                                  |   3 ++-
 src/PhpSpreadsheet/Writer/Html.php            |   9 ++++---
 .../Writer/Html/BadCustomPropertyTest.php     |  23 ++++++++++++++++++
 .../Writer/Html/BadHyperlinkBaseTest.php      |  23 ++++++++++++++++++
 .../Writer/Html/BadHyperlinkTest.php          |  23 ++++++++++++++++++
 tests/data/Reader/XLSX/sec-j47r.dontuse       | Bin 0 -> 8884 bytes
 tests/data/Reader/XLSX/sec-p66w.dontuse       | Bin 0 -> 8301 bytes
 tests/data/Reader/XLSX/sec-q229.dontuse       | Bin 0 -> 8940 bytes
 8 files changed, 76 insertions(+), 5 deletions(-)
 create mode 100644 tests/PhpSpreadsheetTests/Writer/Html/BadCustomPropertyTest.php
 create mode 100644 tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkBaseTest.php
 create mode 100644 tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php
 create mode 100644 tests/data/Reader/XLSX/sec-j47r.dontuse
 create mode 100644 tests/data/Reader/XLSX/sec-p66w.dontuse
 create mode 100644 tests/data/Reader/XLSX/sec-q229.dontuse
diff --git a/CHANGELOG.md b/CHANGELOG.md
index feed1a0965..4eae723305 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com)
 and this project adheres to [Semantic Versioning](https://semver.org).
 
-# TBD - 1.29.7
+# 2024-12-26 - 1.29.7
 
 ### Deprecated
 
@@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 
 - More context options may be needed for http(s) image. Backport of [PR #4276](https://github.com/PHPOffice/PhpSpreadsheet/pull/4276)
 - Backported security patches for Samples.
+- Backported security patches for Html Writer.
 
 ## 1.29.6 - 2024-12-08
 
diff --git a/src/PhpSpreadsheet/Writer/Html.php b/src/PhpSpreadsheet/Writer/Html.php
index 66a0ec89b6..000ea36b81 100644
--- a/src/PhpSpreadsheet/Writer/Html.php
+++ b/src/PhpSpreadsheet/Writer/Html.php
@@ -407,12 +407,12 @@ public function generateHTMLHeader($includeStyles = false)
                 } else {
                     $propertyValue = (string) $propertyValue;
                 }
-                $html .= self::generateMeta($propertyValue, "custom.$propertyQualifier.$customProperty");
+                $html .= self::generateMeta($propertyValue, htmlspecialchars("custom.$propertyQualifier.$customProperty"));
             }
         }
 
         if (!empty($properties->getHyperlinkBase())) {
-            $html .= '      <base href="' . $properties->getHyperlinkBase() . '" />' . PHP_EOL;
+            $html .= '      <base href="' . htmlspecialchars($properties->getHyperlinkBase()) . '" />' . PHP_EOL;
         }
 
         $html .= $includeStyles ? $this->generateStyles(true) : $this->generatePageDeclarations(true);
@@ -1519,8 +1519,9 @@ private function generateRow(Worksheet $worksheet, array $values, $row, $cellTyp
             // Hyperlink?
             if ($worksheet->hyperlinkExists($coordinate) && !$worksheet->getHyperlink($coordinate)->isInternal()) {
                 $url = $worksheet->getHyperlink($coordinate)->getUrl();
-                $urldecode = strtolower(html_entity_decode(trim($url), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, 'UTF-8'));
-                $parseScheme = preg_match('/^(\\w+):/', $urldecode, $matches);
+                $urlDecode1 = html_entity_decode($url, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
+                $urlTrim = preg_replace('/^\\s+/u', '', $urlDecode1) ?? $urlDecode1;
+                $parseScheme = preg_match('/^([\\w\\s]+):/u', strtolower($urlTrim), $matches);
                 if ($parseScheme === 1 && !in_array($matches[1], ['http', 'https', 'file', 'ftp', 's3'], true)) {
                     $cellData = htmlspecialchars($url, Settings::htmlEntityFlags());
                 } else {
diff --git a/tests/PhpSpreadsheetTests/Writer/Html/BadCustomPropertyTest.php b/tests/PhpSpreadsheetTests/Writer/Html/BadCustomPropertyTest.php
new file mode 100644
index 0000000000..a9ef67b791
--- /dev/null
+++ b/tests/PhpSpreadsheetTests/Writer/Html/BadCustomPropertyTest.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;
+
+use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
+use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
+use PHPUnit\Framework\TestCase;
+
+class BadCustomPropertyTest extends TestCase
+{
+    public function testBadCustomProperty(): void
+    {
+        $reader = new XlsxReader();
+        $infile = 'tests/data/Reader/XLSX/sec-q229.dontuse';
+        $spreadsheet = $reader->load($infile);
+        $writer = new HtmlWriter($spreadsheet);
+        $html = $writer->generateHtmlAll();
+        self::assertStringContainsString('<meta name="custom.string.custom_property&quot;&gt;&lt;img src=1 onerror=alert()&gt;" content="test" />', $html);
+        $spreadsheet->disconnectWorksheets();
+    }
+}
diff --git a/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkBaseTest.php b/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkBaseTest.php
new file mode 100644
index 0000000000..1f12bce570
--- /dev/null
+++ b/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkBaseTest.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;
+
+use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
+use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
+use PHPUnit\Framework\TestCase;
+
+class BadHyperlinkBaseTest extends TestCase
+{
+    public function testBadHyperlinkBase(): void
+    {
+        $reader = new XlsxReader();
+        $infile = 'tests/data/Reader/XLSX/sec-p66w.dontuse';
+        $spreadsheet = $reader->load($infile);
+        $writer = new HtmlWriter($spreadsheet);
+        $html = $writer->generateHtmlAll();
+        self::assertStringContainsString('<base href="&quot;&gt;&lt;img src=1 onerror=alert()&gt;" />', $html);
+        $spreadsheet->disconnectWorksheets();
+    }
+}
diff --git a/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php b/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php
new file mode 100644
index 0000000000..669594bb1c
--- /dev/null
+++ b/tests/PhpSpreadsheetTests/Writer/Html/BadHyperlinkTest.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpOffice\PhpSpreadsheetTests\Writer\Html;
+
+use PhpOffice\PhpSpreadsheet\Reader\Xlsx as XlsxReader;
+use PhpOffice\PhpSpreadsheet\Writer\Html as HtmlWriter;
+use PHPUnit\Framework\TestCase;
+
+class BadHyperlinkTest extends TestCase
+{
+    public function testBadHyperlink(): void
+    {
+        $reader = new XlsxReader();
+        $infile = 'tests/data/Reader/XLSX/sec-j47r.dontuse';
+        $spreadsheet = $reader->load($infile);
+        $writer = new HtmlWriter($spreadsheet);
+        $html = $writer->generateHtmlAll();
+        self::assertStringContainsString("<td class=\"column0 style1 f\">jav\tascript:alert()</td>", $html);
+        $spreadsheet->disconnectWorksheets();
+    }
+}
diff --git a/tests/data/Reader/XLSX/sec-j47r.dontuse b/tests/data/Reader/XLSX/sec-j47r.dontuse
new file mode 100644
index 0000000000000000000000000000000000000000..9914b1ffd12609756e1055090c95380b914dfceb
GIT binary patch
literal 8884
zcmeHN^<Pxm`W{LehEAmsknRo%fuTiGnvrG@1{k`eK|;Dk2`TALLAs?wQa})f2FdT}
zx#ymv_k90?d-r^1tsnM&-p}59z0Z2y^{lM{LO~@4+yP(!0024w&d%DcArb%(h6(@>
z0WgpaWg(7Gup`t&+rtU$V#En^u&2#MMP|tXAS15--|=7k21*h}9FggO-Eh?lJgTyx
zz|&Fw=wkHwdxrR@NGyYma-<kRI!mop=bNMU0t#Hfq*VAB54TvFy@6o~UG71dxvZoq
zn(&vJ=aCUULrVizI;Qbzpq;zg_Sn75YnM%9-c$hWemA`e=DdA+)S^2E;S1<a)sHV{
z`sD`dfigvTPyJ!kI9V?aIRil8ZT=b9F;>mfS?y+rt)pQj)X0*QJ!CPRkCqryEUCTk
z^u(@1we~PGcwKM=nU_&!O>>h+cdzhgHhr{ga>q0VEmdeLnW)SyKE}ihK;X$&)rv77
zlWB#3Q`<=`G~o~oEen)bgMp(#Lz{(;GfZDRg}8#1=xFHXzy~XD#zqLxqxtj0BoUOZ
z>Kgw#PA^gkS)K7B8(Cc!i*wC0;_S}@>=*tMA_Sa5PS(+!O*o9GJQTu$kCqt32;c3L
zN%BB_N@dQ<<!@r5{1D8$y+r|N{KCnaC)^Cjh(uFCP!1cxNfT$Vy$cuTkM@6D{4XZp
z-yXdrURAx58z%&=coo`vHn|uJd<b%vQEZ~q_Vrg<z^{pZ!$`H*cApxkO&Nsp$gjos
zs(*e_JbJsA?sS#EB$AL=jG@-OG$i@rxhpywvvZQd^OBV=0=LPN$<x$F${s9kEir7x
z^@XoNeM<}qpAO_IfFqo`l$b<$)FGr2sR0Jvs`{VJ&&!Y|A3okK4Joe^%GrK3lI}O1
zl>Zf1DojM>+juHTuZy|WY?*hjJ>AK7$|sMlMQqB=vz$fgJxna^+mGbZ+la2cIn*+G
zwdnZ?&v{24^)Tg}_!(659}HxAbO~X07WeM=1xC^oe*Q<2gg=cm0iyr_#Rwh4N4y!B
zJ(oMg+0GmSvHKxfB~Kh6Z-jw2zT?;EUG5P>Aml<Q8WJ>d?n&atoP<qYA~v%gS_WUf
z(vw}kHl7#NizR9ed-CDY5}j*S&+e%YOYNo^c;)6=G~>E@hd`riMY!~u@J^(3Q&+wk
z+*dM;O{?Rd$hIl)YdpWMJK`XV!OxJg1&q4AHdboDRH+(xFc-TQ1+m6XijNFY)QhN@
zbwFj3*VSZ8pQ{F@rQ({EO46gQ65|*ru@_*DT!z#-qY_jz6K=Va%tMI`US%Us0}o~(
zQ5iy1{xDO4S0gBeWda^f4UP@8_yR9lI?HN__A@*18OTe%GIHO&J6Zm8|7G$aPR>x=
zvE~(dDtQ~IV^0{pfKDVoM_pxdzg>Ayve(wFJ*_3s?0CSM{H=gBlmEI8a7e<b>NxT!
ze)8Bcp-e$AedMiXVv%bpbEXP5vkk$vi{2rJPaWNb>OvJ|Ns^Vm%VM)|?{@`jG!7+`
z0TK+4K=enJvly)EKm~0On*sgTz&b)`eaw!ofRHH{8y?nl(lI;>6N?P{7_H)i;-SAd
zR7g(8fNNXB1l43(#n<PJtTX$?ZH`=g@xDqJWSv{`mi&PRLC4!#Dpr12t4bN|THQM4
zA^sE2)9E8Z!f!ra2S!#&7fBXx_r&?Amjd%w<+I|JyHq#B;R>zScXNSNw3}~}CtLHe
z_$KbMEXRFK`^Jo|ATts%ePl9vV^R1$)U47+H?C;UwP&l=tF+a?w#jRX)SGJij!v47
zZ`%T1x0g;Y)<qs%Z<%-RT4uHpxtp9duaNY0O7KNwCf!J1Zm-j~8Qu&iDa9DQE6xiC
zu~aeZ6<Tp_-X#sn3q}p9XQg+meTqHrhlG?oOEiL!28hZ&C507!J~mL>rmil@?-=Xp
zJxoMj>?>Bo<LeDWlK7Tm{nC5+)m+&MtQ8D<=|F*fzaq!dCce9@C}#Vp<92NKjsW^6
znlN*H0y^Em^_cy-s<&VjQH^nO;Jyz?(5;1hR(h<DI}G!(H*77{qF(7)lS>A>mXH@y
z@dqxc89Q+oSUTZsr-ZhylODS5;AvCnkn_UK^w-5a?4<Di%bQ(4m*(ItJI`DfH}~AN
z)uWT`3%R9Y=*h06*rZ6~%U4^_TkD3X8-qNPe1^en<_T)7vTm9D4aQfIeh9w(r)*6q
zVOAa@&Qu~~ixPl=gka<!%Jp|%{;6U}h>8-y>;LYfBz{D>iyKi<1;T+Fj-Sft>C^XQ
z2u|5fkRFOUe8^Yoi}JfT4T&%$OF9`JXcy}AUgDCiZF=7kiLbJ5uAxD~gn`3c%Xy6T
zIW0LI9oQvWJ=f!p#mqP}IjuXddz^Mes4o=X%Nandw{f7U%u9-{Do@R`u0-}JM`U1P
zKr=mPPt&pg&^W*Co<=q-!l#&acis><#J{nA+hQ>-5;QW_j8A^9@`5qT+t=S3x*bPy
zwMEYtC{EL+&zE(i@1&HSmtp4`{@UQx3ST~ozMQe}OOE)Xb^5`@G;Rg2Bg-0W?7@l?
zF9MIlPumd0K>w970L0?MOfyAalG~S?6Ok=mh{Xpv;);LG;V#x-Fw}+XXUFqnGS5ud
zv76@xwzuJ*N@3tCT+$sd#4u;A#WS(udTBJGe|tlpZNX9dMJXba`?L+d&Zzd9Sh+n$
z?CYMpdt+7SyiryhRsv~dipKjLEo8Lh3YICNi?vH5E4gsNk}!Q{?37UnYfq{cAEGHO
z2Pl>)1|gQj>vufhW#P1fSiZ$XCgS>6iivzdMFwJx+U={|tRvJ*uAyqfax(ZYq+3Gh
zUdcJ7fLe!MbEAg^Mo|o!6y#3aHyAbv8c3b9AHYlY2oFo_eK9Mfq3nE*eL7g%KGAGZ
z?EQ%FENioOvsVGP+qK8rr%p^YDk@}sJsH`_Qf}RNYaB{OAqN*QKw>$r_?s(i{h*{T
z*=8-+W}T$ZVnAqy1nOHRev)Tbvya+b_)e@cZ>$@)R3zLd4tlP~V8VA#y7yLTqCe=F
zhL-Ya#;R;hyip?-JkCb8y_RDRDQ%UxvjDiW&r(s<5btaulw7~ARqcqw{&J-_kiwEe
zt3u^^6WCsdl#%3_G%~iAHs+zh81lk_?}%l`3%E03I^*jut;B~X)0`c&A)HO#I8Rj_
zK9XvtS!k)M{i=X7_1d|)-K&G>Xk*IFHkyiTVN_wolW_6YQ%~I2*!LPL?^m^b-IOVI
z)6TD(%a1f5omy<?c~?}4SZA!l&(+A?qBhjrj*3i_gtYIVJ7NDjV^4hP3ie|=P3w4>
z@wYCr;U5gtE91ZnW|I$Wq6XCsA|3<!ZD&s9lwGvb)*Sq(#{7OQrcX_)W$MuZ00R0S
z3*4VM2DJt|fVqCQKhx`*!B7lU9Z4H{@2&Kp(bV9Umzl_Dfzaum=Srf{x}s7-i1DzK
zv{ustVkE512~YsC%@`=)vnNZ$9c%wP4eK#HrVOgLVdBmTX)6&CEjQBf=I&g46L5)}
zjh3Dsp%|C5SH&r>vFRDVC{1JUo!_JHiyE=1{N}07yrw)atF>bJl0sc^+K}k0k28EN
zW^WaRBrb(ER(&05&ofTzt4s}>6?fE^yIJw5zJ^W&7HD<m`kC0?n4T6oxIS(A(LAc+
z3CrXYk_PNsQ90o{Ul-?DXn5*X6DCmjn1`!v&6UW%U5SrkG$f%gkD@&@!rw?e8o+GO
zx@WG(cK&+j`^HG|=O)9C=ncTfUX~zdi=*U$FUUtnql2tTpLXBgu-H!rmHMKX+L8&`
z?%bA2qO@00h}(4MmGD{fU%RDPfO5W#zi#@3Wh>bFwym~PWQ+gOY;hbSoqBVz$M;g~
zjalahDvc1xw`DKi8TbTyGZOfG1FuzbyXHe&uux9e*t$2_qJ7Q$5Oqs1yRaDagV<31
z66MA|GTK;qG^fPJ!27l)B_Gcz$SeTXw4D*milvV$+xfy)jf?8#WZ52vOy5&}{(%YS
z(hMlQHF@oH31NSUkHM*AXWTBghhrnDIE<?LWZDa0&_cNWMQEuRc5@QBdFyfTk&G+r
z7W?iP_$}{~qy;*)Bya=G%}vkk^@;md+wILfzR68rbTas=*ze|MvTo@*!BfvRnAP~^
zd$F#G-^n4D-}w!ViD>m1YF5$;5hYQ$S}&95pao3Y0xMlAH6mR}g<gdNlRCgLbUQAB
zeYua4kE~4Ho=B1;7W}mRve=4rx=OKx*mdxVJAz}GXR~A^_!9vC<S7%jx=!D?M1x-9
z^BA61ry+^<@Gr|_Y{AFMMr`N=71mk287$3=n3{^W-6NRK#TTs-4BRC0`8t?PSdJ;=
zeN-};Q%B#CC<c$xMR#!7k;ypKfYa9s3P)0R-i5AzQ20>UJ}Be+Fa_Lw3CnZ(rX|wB
z^ML9KqqtZ8(4ONNctMeE|2UrerGg869%v)Zf0IMxnl7Yk1A570*dwUL;<-2O@j`@)
zA@s@{xFYQ8oUf$a?aMYoC&wfDr5{ad;}mP`Y#BY{o9o$QWp?*ANdoZzRNZ`S)UX>c
z6Lo8|dVR~iY5Rci2Ls1)_TcHPoZ+pl_ena|Gz1^^nX-riv%I%WM>pSrj{=W_Fe>}$
zo}*2n*!L8*s)xPcRhkxPVm%B~eqcG$8xLP`X>Lt|O$mor%oKb_ZFUUa({4A1YQVal
zZGx9EgAegnKiVWbB7`OcdR43M*t{rh0WE>to6CZ~v<c~3lyhb;LX84(8Y*xYPlalS
zQ2Fcv=}nnaav5|R(Fg{vgTp@SM$h!K)|HbvtlVLVD)GFZ-?tNyO~j7ccI9E4jjwZ3
zPtpczsp5K1ZCvbpy5bvLGX#7e{}_3`&vCVp!@&_m1;1^ro~=uQV5iLoZq(*HZwd5?
z4a_ez%V}mckjOtEg703kvshT!4)w<Im(pOq7dYa<Ny|#GQE|NVw?R$5@GwQjt|Ol5
zrR|u66h;iwXFT*{;Wiq~8+^jWq}=eLHjYB@TH9H*&PK9y)k1P)E;GMv-HJIuk7Ugk
zg;IT1xVlI?#Ig2JW(Xp?SZ<W2vlHT<)Pfm4ZYda^79?lKcTP#z=yK|-2c>48Gq~=4
zB9;%ZHGJRhB@|e9QZ`*^6_vw)E^zVmlGWv;yJ=1YKKbb~s;{2_Q2NnG-JO5BC8i*o
z6T3!ezgqr-FcbEJ^cM$-toxRzkWLS1(&e5MiIdQYYk|`{dG&PjDoQNM($moW8a4W9
zXB1F>Y9P}V;S>xba#)rx!>tAFIC_OwjSlwK_w0i`W+)dQQzgl*;5#M~E!>JI-pKTl
zSKsgFM__bWFPt17K{^ANn8PjCMa!Xn@75o-Ec@E5x9`*@_nFH)EBbae9##u=!)BEP
zkq(<gpU(%?Fq#B3jpTl3N~=tSMbULpmP&iMt1(g2pr#gY5)XIQrj~@Y*@->Qx-OM1
zqo=V*QV?F!>Yo)4O2-9*dKMfUG#Ur8DR3I?K77@Jm&2QPTYcY8B|SLpQLC^qu#tzP
z@7Z6hxP2!qHYcmm12<fH4)5B>-$gBQNr#=aw8@pG4Cdxjz&Fe?tB*9(=e$ZVl$+FD
zVis%DUwk5jG@S%3oD@!qb>)}y2SD(K2dw73FL2^}fNBJ~>|(pmFc(tCc_m1?>mEy*
zY$mHb3uiuR;8d>CzDZ#RW}3LRj6M<B2<`C@XeX3TPb1Tr(HYg>oelJ?8j!C-Ya$u$
zpRqeB;%H8sp{{ZaR<#?GH#Blkn{X|4d^UwQkTv(#%!0Lku7<w44=rR|L~L-#nQJ}u
zL89)QQ?O2;Tg%c#w6PCR@D54aBKec;nnn{FA<r7+_hW@<ZxojCFIP6D)#aa$_O^PH
zciI3AH<zSR4l*IMt3v_PnG`X_3*KuQ0-uGJq)}IHAhhjq(hsQ7PRhyf*n-SPOC~za
zs>U5BJriYSs6!-Xs?*m#Z{BO<Ue1xCe%TXUK28lN+dHF7G;R|t<ez`zD~zXb@*02H
z`?4Xhjy%)F#jrhZ#TEYOmtyiyCp$kB=7@(d1O^adkNbzvyFfkc!7hK;0ZWj1VH{s6
z)7zjNcimd5&G>e=F@6C-Q(a<f{F!3&fp;3$+?EY4g5Uh4lxwNZYUgoxjS0hv`(myX
zMO(J=q}2zjpBCdhvZ7N^No-u*j$LVkN16s}+Py0(9E|{<_ZoP|wOuke>}r-bp?9+*
zlNAl^2h|LP#MXM7#@AXknql$R2*w-Kr=i$Tby`n~GO#LAhk)o=bz%GEabMmG$4!X4
zscP8HY7Cq`b@DoH<&OWd(J5midxo5IIu@8z7?Z@T(2^Pm`|AFjkt^EK)nTNaYs_^B
zbSkkRpig9wB_6Oj?GZsp*v;h(A9^6c5oV^oFcx}LJ=I@ZIFVUN@e--<LC1#X*O4M8
zHdB~)V!<xiu^gHry~<(r#6v2}0MWvXWEQsB{ng5fMtPwL^6S}_(s%2t!dvF|_Y-1b
zn9z|kVuiU;-iq%o6lbI2WPXH1Y@yTvQ?Yp-bkp`e-l80cVv~;SKDw?5C?VlL2T*I@
zUS61P@kG2zMLIw_g1%QpLlGETW|Is%)GnWUm>WWKZ=r1x_iC@EW)$jS@Z57W0!z2K
z&s<zul!<6{7<aMYLSDxwTKhh>jg&S;$bl<3`(<n|jQR?fZ2#6ofner#24gIrpeJ2z
zFO~I5<<i=C+t#De!RMynGH)53Db-HNe-qa+y0)a+cN4bVC*DLiEmRPGal!E&Z_1Zg
zT(q5!VFe9sWI4`m1*a|4mp8EZQHpd7Qhy`7zWk|(+yf~mqRcl#(Z%mlaB?*Gg8ULO
zoV2gsVKz@SW^T@}QBa&0>ZyvE!Lt)7Br|W#N#Kn3;Rll(e&bV3z58FU#!hUjp|Sc9
zsao#w{TR_szN-_@%S}&rqpl9Ng|fhpBA`Im%0;xkRokX{k{xcm_pL*MaH`X?TMg+o
zg-F#0ref(lvjkU*N=YlTV1IZ4vFS*~`!z5uRnAN!BUH0oZ~RHQLDqelIJpDIh8g4g
z^1Pi{&CXJxj1eKK@b>#u1580vDfMaOX`lec`Wr?}ULF}Wla(u)e<ThAHI+#s;><h5
zANU7xEX?dJWUb9?9Di^}{G|*QG7k_H9_WYR;%+q^6vn78w~uz=AA47oHkCb<_QGrJ
zBS>~kW6{%h^R2Nq6R99KE(43XNm8#m%GtcDJ1W!A!K#)S?>=3?tfSCe(>hm&yv|~~
zIc;@q7Vsl_zgkEo;n{|!ty`&uPi{%#0)0T?mlv1M#ZC8+%jb%1m&F4ju2Bk)LDiJE
z45!$CUr7GR{l<0cx`zlm!3MFIBtTdXmJkaKXNZ#vmj%Qb{NouAzWM(g2gKM$#cQf}
z(h>(Rsb1mZ!a4E`^XVLt3uix(s%DIxhd9*{U^Dr<U7n4*6;FO&X2@`n8g8J=hCd<k
zLFDTc8og2k{b)0(76kja+PG_)#W~BSqsTxu0B?D;xw*Nw;dOKEzNsC`6v#=F*5*+I
z>*%nTERUNvdPD=GFcc_M^JFme&7yhdx!64N@HjMt1jd|VRgc#Fj5e1+Yahu*(tZ*N
zwMQcWdG{_eX2+5-zD|P_x+r*Edz?mP3mPT%4Eu9rkQaR2)IN>bhS?}8HhVdF^01<q
z612D%fx_m}!CKeu?J#h82U?B#JwIjmK+!r`k7rZYY>5hUbz^_Ps|?*y_f2R}*hB8Q
zX<^opSMyCL$cg%CsuuAdXQ8TPHlFf*$2C4TJ>FE+Z5lnm+xvI6?B&Ff`l+*hULO8q
z;+ZL70>crBM}QC>;NKI^%*pA0d51{2e;pa|GLU(0oM1T01r5$3mB^w7PC$vdqV93I
z84^MsRr4)gS2Bi`#C@BNsU4e`_1unL_kvx>DJ@cqnjFWDebfm5l1q$+N@YiOnh2X&
zH1Z`ui^r@v;E`r}>A$LA;;ofVO=RipkM;<)L=Kdoqm}FMny=neq<p+<fnrq<4z{PX
zS`nN}#zXEau53<nqQwxHNd8L9lHc`2od&n`&E50;=k6*vC6jdt%~c`iNf!lGBIfpm
z=f363i5Za*Uu#WGD&M@}Ow6dWwTliFK;P+xp)xJq*}gYeULF0MqGsD>GAJ(v8|nvh
z(9Jz}0N%+^K4ump3ahv?KM_@<uBb2d@hXY~@H*Z;CB#DHY}oEhp6d|`*=9GLDYDrL
z_4CbMlp9+?=1*c>10n~#+y`pH^8pZ1mti5}RP~GdUU!=;5$om0C!N7o-il2yI}GD#
z4@vF$Da*p|Xlgr>xDyf(-b*^m#kBI!i^-!lZt<J7<Ia;qPfcIW??zU9OiMSFH~&sw
zBxDZ2|F{4D=WzYm|HIb+8lYbT{JL5BC-6s~fZ)X6wl04M{=R|p7qsEdzpcPOw{w06
z|LQgW1qA>=SU<u4kMsN^juhhY|Ji|L{8u1aMDK(1@0<7!KN1V@;|c)6z$OQPm4Vz`
zI`jYGW&eK1zxz->1N>}O@cz-2`aQt!_3d8)`bmEV_^aCe9s0Y%{{=;%{0aR<?|(=C
xDz1NF0f24<`ah)hclfVU<lo^^cmD?e*MzA7LPLx`0Dy(~<sj7j=10u}_&<(0iERJ?

literal 0
HcmV?d00001

diff --git a/tests/data/Reader/XLSX/sec-p66w.dontuse b/tests/data/Reader/XLSX/sec-p66w.dontuse
new file mode 100644
index 0000000000000000000000000000000000000000..7257bfc9d33a0013851f1abc3d63ccb2d2442fbd
GIT binary patch
literal 8301
zcmeHM1y@|j)@@va6Rd+bf#4D(&_Hm9;DI0k8fe@-xCep;4Uz;68r&LpcXv;42yS0z
z-n=(6nfZRfd(~^*yL#2#XWi~P`|MM@ROFG6i2$eobN~QA1ISYA7*aw20ML;E073vd
zqOQ2DjT6Mi$w1xR4&tcC=4Ne0{RtV7F%y6YfBt{tzxW?0jO$Zs<G_<Vm$?yNXANH{
z6GeZz=ifz8$4F(kDr+>s?mj<y2PQoKD*BPwg72%*(7Yp<JH4NGlE^YN4^}Xp6s3(&
zd?r_4Wt8!@`Z$I-DNAkC4UKpXv25nYnQ7THYO{aYBh5m2CLs(zXEaUPa|B=-kFZYi
zHeVHOw+E9h-udT|fIOJ|vTCx&1KzX-Q93OK;u4D4MS(EGXyT#z=5!5CGXIfEg?079
zv@1!bb7ZAt0aU?9hwrR7IAyk#?@)J7g!6b_Ff(p)<+wt7f~QH3_STO3u0bNKT+5?;
zk;Tt1Js|mrKyl>!QY4wl!v+WDO2G@^mZ28LW3I-sm^<&67ZFhsx2Q2qiMrifX1+;P
zsE4zVp-;Kp<0bAt5TFipHyPff1H$##^vIl0ew;0pxG0H~tG6XsxAm%-sMEAfYu|9;
z8FYV-1W@@44J$P`=zhRw6yPkwg458z0b=FI&i3>AKl=R_bM8++y)af$xs3xm_(0|+
zr2BkgAsSCi-u1amJ&n4zuk1W-W#ngiiiM`fKs<Hw03>N2nD<TZ+=5W#_imcARi47P
z1Vn;#Rjx(BiC6Z{Xipd%5~S=4SK9GiCQc{LlBMO`8C_sePYP=CKFaqj(MgRRNqof{
zV$&kWAj}2^KLjWH>2xZ-Tr|2UMwk#&+baq#t>(-89ygTgGnJ6@?SV+BfWq!*GI6(~
zk=abKSGN_-=_R>_nz;b9)F|EI8Lhj4iB<E7L~0Y^trx4(hi+9`9)b(5A?Yqq=BbZP
z1<z4mntMARMq5GmVUPb?s=P(GBK@5ta{326W=H@)0bII%(#Xw<-PP8?(#Y1<@~2J}
zYFOKT=EuA99=%0tcO^*$AdEXnx{YX9XlbNao@c$+WaDpnviyNl@r%X%btFyJo~d)M
zGrOGCE*Yf=_lcXs9aKxJlQ52zWT2nkY??<q?yW!HPV(gzmv|$zBAgecNTSVjliPAY
znWX97rIGmf=y|9#5+KFJG(pZ<tk2>kcA^4INHOUP0huTgvuw;-@WqaNVkJ{^hRl$9
zYAU)L<Dh>OLJ=?26fz6zu1|St0f;I5gt=V}TB@MaNy|XgQoEeCR$=@8Kvd{3ykLuR
zoaehx!z(_q(GbkmMf|C0*$a<DI#N_mAq)j+=?S64PsGg5sKb+@SB&2NtYVAVhOQq1
z#-f4pWsi$3-3&o6+_GaF?L}tNmZk_PQ5~43n9L&D$UG9?Tm!$sQTW1x(Wl#{C&`m_
zs_&ud6&lbMVrJ7#q6DM9MeA-G?gKXz&AIBme5f99-HR^LzsOuGAB656h$d~N%rTix
z9g(N1z^ndMn+MaWCTd6P>6CF-HXw)s>&&$a6z~@1%3u3+mb(nqEX5bO&v6s|5p5-w
z#f^<4G~kD~J}R^W&TbFe`Rqv3eIkhSy6x2GB4bg73>dVck94n)FGHS?T<^GJV4O9<
zBy0j<^rtF7LR^8ERN4$TM;_%**m2aMarD<XFJ##JQTEhpOY%EEB;ybrb~`D$ehykL
zUF+DnWOuuN?s4~;)OyJ|tIl)5zRKF5pd_(#Kb<dVdQd^4!Zc%vy&86uPVyztn~a~g
z2HVqzqmj*zvqgugPSV_z`y@!=6Main2yJXfcd`k_vD%WfA7A8{?5a`&5kaQoeX#1%
zV?P}c3dNE=-337m9ux4+ZfiOADcNxuHMsRcN2vf<QJA~PNj;5Ifi{<4pn1yO9ct-;
z^Dc+q4o~SZo5M}BR3rD-7rXQ>-<8Jb)9UMl>xM$^rK@))fbV>$Qy{Y0I&vu@txJRc
zMVl2Upa%#DOVuV@#UfpVncF7x;y4%_DMMhiT3KHET>3DzYLYQg&5))m!;+(-J8LNo
zv~v}M7Vk&jIp+>2d9~U)8<h^&^lD_B7SC<(Q`cA}489VkmDdwKS{s_`+aY{YGP+TH
zy{o>pO<sKX?QX;f|F%-0DMDIXL@{rI<W&?*q38tz$vvELf9GUm$gJHme1;V+T;u?B
z1UM)ErCon!=D&3e0p3Q!nf>2A3S;^#eruzG?gEnDfL$=N<GW|##i}}P0W?um?FoUV
zv6DUqEB*_jGQ2bB#i$F8^wzE-Yne(!wdYFWF&mlPFAdI%Ck{2<2*Lb~IE#4$T(e%&
z2J2m3l-_2w$UJM;qtecP*hT&<<}kRs>hp-*CQ>aA)C(AyMXHP4NvR-T({n-+aW9xD
zw4;8lBR)Shl=+2;{&>%3i3gVLY8yo-Q0pt20F@z8c^}3a7Toj!B;DM1F#tY_O%Kw%
z0@~}pwZ!QFKWcm<WG78u&{fvKul$fq=z9H_<e&1RI|_kK6`mWc@cjiTeBpnu*^cHA
zh?67xZ#T}L#rs37yyY4PQP4TkEv}fSu6K@osM@Sss}r9SrKe=$J4u!vIwtnu%LB)~
z=!$4XMw!el*Zr8mn{Ro~%FuSQMnI8mp#;ON<EplDS36rzl2liPrk)-|1jnW~kK}f=
zC0@2n7g-_*J@<D3S;G#@A_PYKSJ`;L=JU`9jrp~4o1`7qLyv~6X9*G`flO>q!Gxw~
zl)+GPrc5rQT+wUpcCjw-<blpiJ(gmar(O8mUNLUq3oz|uS==3u7}E=*v$~PaW9N{@
zDEm$n0UaxhvmdnF#Y>D#OojG2M>MfBwVS%vD9ofJTBAkx^&Iw{EV~<reg}E$j-Zaq
z_wO6pMwMF`w5AVVxm3kD%ic4%|KNYaR%Tcm9!{<6orcOT`yQ=>UUBr|Yl^zYaTMET
zWjht+D|{?P*$m^}hbNpuO(5WW2<MU4Ez&bQN)_rHlkUygq&>Ss;zZi^+M{OQwbni`
z%g3GQaNdQCa#1ey(t_5mBT4J0IhXaIr#xO$mwb*Fs19Qu@dK?uJsi&DiCoMN&0e3J
zk~X_<;X-@=FY1>u4az98+RL)YR+KaKvTHGxX>h5lGP23^GozLj`tD+i$F-Xj#LFd)
zuda_b5a@!Cz{YAI!BmrI9cgjug8sp7siyuxDG{<zzhHoDVE)fC@So5!3d*O7EOJBr
z%$nV@ip*a%xQ4m4R2h2}hJ3%uA7eFt%8|pAy##?SYdQ3#ER5tV@I%cCv!W9+3=r40
z=VrDOw@4r)W?4B2(?1K$-|N(wVa4+rGynjf_UAtLw>)$*hgd_{f4lycg1b5cQ54n0
zO=#WsqWyZ4{o9_e1%`9^&h|Z4-s`Q)$i@fj588>U)-w|!U~Y}e`yoO{<oy;s7{gJ`
zeNk)Iqc{!e6z@ZY9HdfK!oy*AqOnG<?A+rA;JZy&R~KKD<9S>`(nl;>`VHABto;j0
z+Mb9ZXxXlZGQ*nOoVe<W$vZM-nJHbuZ*Lq9)}r=Tk%(iGsH2tF5%xV|RKGp1d}78C
zvGFK97TH_Z4&NB1+UR8(mKTPHvF3v}O)n!k6@}uLNymkCShgcF!!*Aw%rR1N)+ol0
zBXKhfR#+IxlJ4FJ4Wrj4ATbQ1nCjtfCZF_S)T&Y%X+OF6xO2HVRIpgD+ksY#r{-xQ
z?_hkA*tdarax&b{lrXlJb;oEm6;R}jWN1OcXR&i%B#hKtP9_BH%r4|M=ec!BGM3NW
z9sO88hH1gunAKF(Ca}$O{d!^4Ry6tUYM=X^;OEzEtrRN3w!6!o-qQ!;EDZ>di%pzH
z;qR5LF+qHpp(E>FBnwuRa|1wF5DUMcQ>)-W&Jy|NAtK61X(SuC!~d~`L1D)Q8Hq8#
zoVqQXL8eHpteHD>RsTzkg!mJ+;3-Nu`&JP4^=mxQ?TK5vYg?9gxae%Mmio;S``A!n
znL%VljVVun4vb)ZgKw$9?e6sL*1h{t2MK%nJ=UWUNEVky!aR*q0;HDe?yl?p_SAK|
z>HcmG*Wj)vG7)l9;B$93QN45<@1boG#H4?BS)gU$b9&6~b8$yy@T}q-IXz*8keo0~
zsT<_cZ|o*&jF~Eu9G)txK&!xt0ray8`5qI_vfM+?O;W6EMJP-h4SCgkU10Wbs$8a!
z$hrT9Bb;@abE|MDXbgaR`U-@ltl2XPuGM~TAH~^dHvn!9+gKiX67)k(?+F_ISMzkP
z4~z};7%yb*JBKjrg%-@>bzHzX+$|sj#vf#oZxqrPl85t&WrBujB3sxkNuJwPLQ>aq
z^M;al@<Y~JrCQ6H`=5J@B|$o`-Lma=RRvl&nJI423%VtbtyoPV^D<8kf5dXUlX9fZ
zmfwu=-C`BEr3r4|bh_r$?c!Bs^w=MD4-{ah3%T*aTj6(h$dOg=^nNl#Bf<G>qZdVF
z^9*z3d>QS-uJgH?9E)p{Fusr<vQ~~da_Aid1Z-?ju7OcbS^0%A_x+Htf=s1n4sLIk
zBxssb;kO=w(h2?3y}la`Z{<Ty{C@<Xm-W)vqf8=Mb$w}64h`gzoqAf&bQ~(jY%<gx
zd$8iz(3s#h$shK0I`<N}!6s;5z1he~#jV|R3$lz6bd0;&0gaa?aEkZ$tWe&81{T5O
zm*ia=ii0+q_+A>9vSlnd>G@;Ve#NFg<Et7#=C<^wHDpNoM5k4Ug5P%=6uPJtIo-=t
zT}ooTg31_C=<ztGXD2*^kOjHv#@!+VSM#)nxJe#X&Rzo4FK{?p@eZmSz$=MWL!9fe
zS*>HWwvneexNoeOsZOxPN}2QDtje^9`M-(w&&hk8*}$X&&N(7H*t=$7G&Zvs=#Jqj
zqQWS7dcujFk{%CLu(|eyA}3zC8zN#=6HRwhw@ldPg%8qx5c6T=(Cg3c*I)<9)dp6@
zkn!HCJ1AB|g^N~=g@<O-a+=o77~-{w*SwL)m1p=XzNiP=R2@GbuoYh@)l1Rb3HD8Z
zVT6sE@P?%XNLX@TkQ3B7o_T9K0a<2sZaXyua{v~)CC#3E{?(_&Q+Z|)nRIARuU=g<
zIi7ab&k7t&j9o|c^x^}GI`ouXd8S}dxfyI&m3)U4lCAt8Eaud}qxVdQCdjsJ?oJ8U
z`y#}4e5cO2cKMRZsYd1GnB+xgA%~Spv{Md9^1aFaplyOlH}toI;@lrxU?@K#SGbgD
z+_JpSTdgoc*ttPv#P_`UAY#=AUn98QrWVFsKF$e8Z#SPm{c&R3<_BU3Gg*ID>g1EZ
zE(TlnhORg7R3-KpJvaTbdp;Uk<>Z3JBrN}M&>-?+E})X$z^{Jj(<LaS?7dqAO*?s!
zsHdwE2uOvTT(Ctn*jANX7}{hhsFr?PBwkEQWt<?zzognbBNUMO03zQtZ*8qo*Ox(t
zU1!<)P4%Gkpkc4kyJRwf`K(LnD^v$6X`8xlb+zJhNl;)!QmGB8z4jQ~vx<F${KYZV
z?Htx5QIypGDTnM}^L1Lq$&1uk&q8#$dS%C`g{suRF#_BA(}4NYya~bfoKhY?Tb#i@
zvpKIT?AR_mC44Ow!97!q`Q%Y9FmY$Kny|rEqJn7{!$~chT)FyP5({3MfirAaLtrzc
z%l&CHfoN(9iRQHC@XNg!e~<D$$#Rr>;=$f&%hNBc4ezIc<u*ZzmLrn7de%zg&P6t+
zlQ@0pvstf=nQCS$X)AhAf=2}e`v)A@*OQswYt7mPY5KdsmaZc8-{A405;rZ7YJ9J(
zGl24WRLYf%<e_|)TE@Lz*%DQjv>)zn^dfD8;^}TJi6kAR*;20#_)VpeMHS3@t*Ja+
z<XaL&Ub(ZSZjKRU2BMsnlHfcEcs*P=-uAkD)Mmot{qt#HFnGEmb!~BrvW{apQv~>~
zE3$MH2q@k^Cx5Ts#GA)6_t~2tN9yz=?y}c)t$#IXnxms`bM}h!f%HELz4963Xg<8*
z)ItRS9{fw_9i7~*AdWw~%q$IS%Q+6bJK<>`ysQ0Qmo*lQD*3T-mF?clN4o_^ePMa}
z5m{M-op+wfF8aV{RU_VE%DH2XLko0zqXn9n6_8GcA}*j_AStKD_wWLZ;3g5`7G%1e
zyf1mf;Sjejmd0KYAGxAAjI$ckei~mD-Zsmv6f&BsSKP9DK{iSLX*v|Lk5~r6r#m@x
zUi!#j5`?TI$@CKM<C~V<P~piAoaA80u~K}$h{f7>dGt`K?88D)Jg*azuLVV<dDyJE
zmC<;Lc<kUcL)3cqi00HjqFq?ArG8npQ?7}exw{zR`Z<jx2F6<XtnP_Y7Cxs{AIyti
z*|O+^WcDH>ni1lQCI6Z7QT8u~x{EW?8~L|kRqDQvTj`bMSu397WCaX5Q%Zt%=!z+F
zSv@j4w@IjU)p|OLm)^oY$9Yk)2%s;gwa3l)umD%ZfcYKiDE!AnJWl<2h!4$eMfS*-
zGnea5IrQd5K4}H-f8r+tQtPz}=~<|?oC-hPSngG8u|Sh}U{G{B^$pcKaaN!P(Ot*B
zZZsUzKn~Y|C-Xxr#?f|0bJP`feNoJ8w^&{MleWVoFG3s!qB1_u2Je-l5OeTZ$m<un
z8EZ(ZzGr0Lj6K#RhYkaL$`Ol)C=prtUhx;-iIQ>@oQ?YrGcVs<@1!{PBc|nPEAq91
zAMtT}l{J-x+nRVqTy<8@I^&TE&z$S$o9{Z7PA=%y=pRZ_v~l0;xZFYNYFJkd2?igx
zY{!CHc#_%uO`Nz5Si+&CA$(0}YRgF6nG`zim?f5`C<>V6>@EhYYdwi8EuV6i7G7k6
z*M%dyR-6ffp4*d2wU{eBZZYvnMwTS#cza~-ol4Z>>v=r*5<iyld+xi(8U4US1v}^A
z@0r8HShOw2?2^#|1nWPdqMP8E`}gLxh?<5`0^Zj`;j{SgO}2@xv5JGOog=%ktpnuu
zBbxv1t>I*kh}BbWqb3bHP`tr?aL$^Y>Ij`>dr@A%n!^A22xnzMiX|Q}ySF4SqFHd#
z8c4w(65_ZR&5BcoE!?90A|DvTD22eNY5&nhz+;xBO#rj-bNE=9YV>D1?FvRVcCH*X
zO)@u*_o!>g)6H@5iphf`ivnpzRx_0Jl`*c2>^97F`6s&NZ7F50bx0rDkFe$K;?<<>
zk+4riCBU)e2>BukGl=|cD*nhDEDZQ9OZsS1vm)#jz1>Vff)-2pQG%w9lVJhZh8>25
zJI}s6w#LrLSWZ0s{<Vl4bD}>S;R)BEs;O^XFVXqaJVTUKMb-B!F~itjvnGpf8>$g6
z296TXU!BiaNui-pUKm2P*0O|@Z4P+l)#>fI9>@|fj6JAT%Jm-5Pu=pFxAk{HE5kkV
zSrvlO(yd~sm|W~S5*hrZoWf580bNQ-FAuJxvUB07rwjL8@!(JVC-q+2+5ODCG_{s@
zV;p!ex+B~eTxNc&G#2xqx_4T`D0>JJ*)ECY_6(7g?;Z(_<!$UFJ3+@DDtU(fFkS3B
zDF<s-r%sxI>76*^KP9cx1{fM|w0<GN?PE`*k_a{tgLq-9gtKPWOq3YpyN5rbckm_C
zMP`u{A6Lwlm=m?MYjrZrd6)mR9ir2tJvG>>SF!UDv8O<&DWQ}Gomf3_p+!YVP|4FH
zA4<FzjZ2j{_wKghYT9}6rFet<?Z6BX=VbhwMeRd5%DC{zhlW!<Bbr-sl!+FvBSXk2
zc4pm>L0!RhXxzZr`I<nTQ=YvRRRyxTB`+&2+G{8tKMn~@b`Y6BaAwIU<V{HYkEo>d
zQUq%C<6+=(9=L5E#-`2T%l%OZ`L!3h{kLu;?~*Ns5g!7Qt}s`!_7|NU(IuoOX+=((
z;J4OhtqEaBSKnI+g`N7`%+Sxe+-KF_cGBlvpq|}KtDJvecAxZFjlNo)dNw-H5iX+4
zSF8s~vU+JERL0bye#{E;IB~&abidl!4lM5sBv!wkxTA3~{&8`m>0}S?S=tbyF^)Rt
zYs9=oQ;|nNWCi?x$G-4&{mb}=L*QQn{Pn=<&*%_%ru^yn>Q~^eCjKALLbzi8V(I@1
z{;S*g2NVDh#rzHY|9FqT#`)Ei`XiDd_J3aDZywdJQGWFl{)n=T^N$Y0uK|ATRsIMt
z^6<9+e{?RtLjNiWe*gi1Y_dPG^xp#U6D|T@|9_@6{qJ~c_?;T~C;0Cq#{~SG0l>Xm
kQh;Wr#T1L?+)tO~FGEEh1-^a&00#VH1lOt4M?b&)A1&MY4FCWD

literal 0
HcmV?d00001

diff --git a/tests/data/Reader/XLSX/sec-q229.dontuse b/tests/data/Reader/XLSX/sec-q229.dontuse
new file mode 100644
index 0000000000000000000000000000000000000000..edb902498776b741084eb98330e431b4d97f7f48
GIT binary patch
literal 8940
zcmeHNg<DkH-X6LeB$ZH*9=b~q92!AFkY<3PhLjYL20=o)ySuwPhEz(V1tgWO;Tz9A
z=bm%C=lcupUGvOd&pdm-zi0N^@B6E@)f7=sNdf2pOaK5t4{$*C;MYL{00L0~01^Nu
zvYrgo&KYdyZ1}?69_*yg>1Jy~myL?doC!ciT>roEU%UdPu_JcfT!gacaaRP<4Vos~
z*~P5LI18M5_fAk=c}lb2#8_k=ox6;hKF^~=P0<OpIA}^wa^suV(I}<QJ}WoxvFgOO
zpJLm;$A6vNkuY8=MXZ9get*UWXOL<Ax@FRf8t^W5ztWuJx!WoY7)Q%!6Q!|s`oa<|
zZ?<ve$zYxiz=sAmz47FI=X3cqbm~ZhEFw0UzD1@tUxY)AqR6K8jRuO7FuN>Sn1wg3
z3*c(Q;#mqw!svSUkLc%(S`#MrZwThL-sDd`Ez3*{1<`ghQG1zQL`IH44--B@q8}u*
zLuyesH;41FUr;b$266yiYHZe3OSkwRlHAaQivfG6sdr!rf#VmMGtiYw_qITGC-jh7
ze%}U8&wJvsD!0k9v|P$|0V6xXlY7-8Q2}%@LF@Ks{Ffjl4WCnotm_KWLdAK<z>WQn
z7imfasauL>H#h*m-5m-*?Qeo4F=z)PBLumO&>IdykcN(68z&&=&*T4u_+PBPzubCh
zjItsMH(}7B-yQvEo9H4d!;}qBc3au(7KuCQ)<`fZD!2LeT<(c;R{aBy)C$*h_oP$v
z>KwNmLeJO4@v>NcspiuyTHT7bjg1&Y9~|W(_CVcl8ElGoOHO$sSU0ogP9?%h*RlgR
z8Si{4T%Kw5`H45Zf(YrvIa27JC=e7gzKYwtAGA!RHpbTn17V6fp=3*3v|hFf2r5@V
zMm(THc@Np5@}I(@US34aOMg4&&(_Myd(>6wJ-ib#e9d5r^5C)VZN~PY^`yGG9AjWI
zO4`@UJt4H()?8U95}(gWa$Z|ptvmz;I(ERJ>~roaaZ{M~xF9j?OZ63E75-B)KOFma
z%uoP;5=2NNKwRNw19XKtTAM(j)<5G{sirYBM~Lv&d+HXW*ELKT7iq>B4aqrfK{M{_
zf;c2E4o9UDTgXD`L-E3$w<#v1<z<@V(mP^m&!8<q-tiB|sx8et>4`Q?mgY<nGWlJ}
zuSi>8j*m(vByFb1l~`&_DDc^sOVoV2asGY{-O{6{r44Z717t!h%!_82YWD?zFO?U0
ztBmn<w4^`1=u$7=fBle>V<CoHQ@h?j%3?NF@T)K3um)GJRi9IQNNdT<9CX4V)?#08
zy&uY=*&i=i?D^v&m->fg+mJ#q3>;2B`zOn#1t;vvfv(h^%!%$%iDDTNcvEz(gg<_}
zvt5|HrCw{22LmiT0MYhEMn`;aA>DiLWKTt0#pt=#9E71Ybxp^1=)2kGXM8eZNs;@}
znlWJG4dIx$z0>HsW3r05B|3e7JAn*H8JlL3oUC5ly;oHx<|@W4^?OS}djbvvY?UJI
z>q^SkYjj)G5K<f276pzcgAc`o7%cpv&QOh?#+g)Sg^kJPNCjUvdTTm~pS6-^+M9O4
z4;szvtE3DG*~0k<c4RzdG$GE_$w|jYyU8ULP-jr2>>X_^$mxDM-gi8jpe<TcG*%v(
zkFRrbk;W5-$jolyC7!^uhWp?i2GV}FP+<CQ3zD>k^_pzEtXQxPQ79(6Jn<zGlQ-8T
z{&Ns;6m9=SQ$<mKY7#28n^|*y%cS4)x$kSIH{`W<Iv#Li3fpCu+-A=uhk9GXl8S`>
zgLJ{bIhYcT^_WD5p`GWtIPeA5Ee{=jBd(_pS3BohZaH0+W?4&f-eX3^hZgC=Z{vg^
zHqp$XWkMlUn@l8Y1!g?Tp|iZz%WB`QAF1tH<m}YFDe-(96jW-FrtcP?B_U&Qud(9G
zg|12oO>Jqx7w*nMtXho4q7toB-oX$QaV0fAS)?j85eJUKAk#~;H65oIp(0V`4}7m(
z-Z*Cv+(p{WmI%|_N%4)uDAdLB`2=*Nq3QM2qA}tjAuTtUna)N|qB6(eTHNbGs$QFW
z7&T(ErsBY(y0jNpitlsUWw5?@yBJ=Ke~{JgcPlbuTE8rAQyvuYChd!Uvwie->)|q7
za6m7l-Q=-|h3jJxn4}@FLiMCgAz}HTMk6g}S145FJo4VV?F#S}Sgackk=}1#@z?`f
zMe;OVVEmIHBZ3#~R}ezvK*TUA045SbkpBu}f0gAQAq@$UTO#7!fA=Vj9<l2AnOg<I
z{S)7azsAms9h{GquJ5}A&_~kt#s`?keDX0|^;?nx3Cv@bqc1r<vUQbQ&r~68I#-d2
z-pm|)X?R}#@ksNHSeu^-ce#MSYpyXvkpAUG<!x>kNTgSvRwwV?0F_AeQP5z0&ZPZU
zlqNoi7fnPig&uDI10}`Ap=0v!JJC$B-51xoGM{J1GmBXs{n)o#=4;Dyg+@LUZt|6i
zhk(e{;zBt>gE~?fpLLF0jER4bNe|SzqH!>IXN}({e!u;VnEkUyB?HxcLaO&D#jZDg
zkpB}uh#Hb$>IiOdAc_tO#Do9cVLMrZ!Ol*=-zM&#o;x*0@!cX9X&_=%FtXY>BxOw2
zaM#VGEwn{!&%?a#ztf3fV*x7Mc~;zyp&Vqw1!Zoz9z?@#c5+1=0lT@Aj1fH{#1q{!
z>QKe2-7S$s^)<0s{=@K~nDnm6g1%YcaZZ)!EV7#)>b}B)$1-`i@TA`wC!e_GXGpl_
z=k*!8q+O09kJem~_@|QrES&spgxJ@ZJ$w<Ql{_XDQr9@W(gWh34t3{S*px$`*@rDI
zwG#w97iSQt{s0$~W_h0Nwq#{`nJ=?kAhhn6%3hD^=@Cacdl(x_`blW|f^cY0{kZLx
zGKHJdF4yypz<4eErO@Ci%JTD}ErqaSYBu-ayo>;4yUNujo2mpC`8%!Y1U?Ugysi-*
zUG(`!s(!5FkGt4)wI}%$wRVfIo{=Bxt`QKFhXm&5j&p<GT~eek6Td&`Npx#>_s0*w
zAPr%mtZw2q7o_p(%focA6XRNGJo*7p+!o2rRzBZih{8qQ%Rh4P($tHD!0qJm@RnWS
z!NT4sO}660=Em<igA++l-O*HxB%X^XIc>myQ$6Cr-Q88Qz(C3z4)W~swKXimKyBt~
zO`aF(%$%T6HuUOJ-#u)Z54~n3u?h(@Ya27I#CnV<;-(smqA6xky3b_jN=9K5avh^E
zIZ4Wpw?P2;fTEvn;O_2s(;y|)Q)PCA@liIdL3w4iDovgVUTt;eVWn~3D#af-o!R*c
z*z%W*jF(MZ269#=3RXlR7NxmS@fn85>)VU-+X-9bU~-Gx{P?+_4(2}-hclzvCyj`E
zA!7Jh{Qky6XG^dx82H=qHwy0Qjzv;8kab`T-bsz>e;VEPG!~vH5Ij5ZSdG))0LjM&
z8NlqN)LYm{k+8RB6yG94CKca)@n8-^xAaAC+KA*fdZ>ICBIYQUyc!nP2A7I4aRu_u
z9E!ugwhasjMmn8;C`ru1VR*DDKZ|p4@ql3{d>m4}=b_59uCOShzH0WKQWZ3-N3!$A
z@o+uzU=4*VI*~3)bpz?ZBU*juNgb;NSNP`r^cYlcJ$oWkv<8!xX*gb39;RA&Z#rH^
za4U<&u29TK=(2BzXNGF+EG;tAayKf+&Y<uz!D_8c<SF)U#3nGC;!&6;(9HD-z9t=y
zU^S^fFwtSX$lAU9I$rXnMXwK|iBQASOwrNwIALTH`S^HZlqG(8KNrqyGwWaGjbda)
zE@-uTS0;hdSwkrX>CY?WwdA{fooK3<xi^*7GL3B|(4N~--y^)ucWt~h1(iyIUmfti
z7tJy5>84f-g6^$&de0rsu(u+CFTUcpOMI*Ajt&&e44K^UB44tpTO6Z7)LKHK&fTJ8
z`O8#akC4$OD<e3?`}`hT8J6~4P?DPhEa`f}m_TJ3)t$T{YX-%QPi0s&f@U8mICL}O
zUK<liZGXJAzlO5EC&1*Cw>Ic}dVmX&0Krg|HD^5mx^2W8n}W-&Zt&B0TX*i?`^bUm
zcR2Sa!MQw|@t^5c;=xU{aQML8?WyZ_#~pl;zz{wZkpR9a@qxoXHZ0%9dgxdMvKYWG
zOSBDrPJaM>F5t9=BDLqJ>G7*1R3xD)gNz=drfyQE*eQ}pVJY%T3`!hWG;i&KzeR_!
zuMAP~l9#L6kVue4fnRlAmss4JtpSyix{Tg%g>kHKZ<US*P6G%|UoqmSY7I?^H|fMV
zL~^&=kBN7NZmvwS2A(MBvtkfcS*G)(GPgd$dJeklAIEYKTe67NeJ!5P+r?<ed_pPv
zMk$RcX`+Y>6gWX2(FL?7e_~$;PFXJ~98cOU3f}0J>#pt`ec~;h2=2dj%d_887w+O_
zqrSl`8I=8D!(k5o3}QVxiQ#%L=fsew_%+&hi$nO9KB)Jr^EJ2LfPgx)$HA0)fH3f3
z@QoMYs*sCgzWj@RZ`N`8r`#f&!)TIU&#))YS1?ldT+THV*j+m$h{WEaYUjT|4S|Ch
zY1&&=8`~bt+Pn>A8##Gu1D;LKgl%tE#A{j75_KOjrjz)kdwnyS*eU`a`<?h>Ru9uV
zpnXEI87OX74GG|ppXG01`4OVPW;Q+;bGYi%+8*!rNhq{xuHX{2)h_VhMW>0gnp>~=
z7I+0K@CU(KA0+k}v2(1SXRYckB%rKKaaqx|wLEaML-3_(C1=Kxv%Vj0Qx)!`Gr{^X
zR9<U81|z1#?1$RTXhb8ofgxYCBj$!#8Y;<cSJ9cnOFbUv5AB9!kg%h6+_+n15NMq?
zl65Gy)c`AK3`!i&R=or3#t187G>{jE?ADq&Z0!`O5AWJ*=NsaoILV8CU+Xg++Wg)`
z`Q;ZHXSTBFisyePIo!WyXEwF48XJt}E2G7#;6LWZO-_%6DA`^6LQoT~+>MZN8c62`
z>AF5b3&UUxsnR~oT>7JVqnbcQg{FY|Xi9<G7mmse5Q(xiQ;G3~wET_@3#M2dvUP71
zD%E+R+Ts^McJ)7=j6r3VD)p1Kc7uH5+pt2X%mhM{{hwO%UQiJ?JDqv!IMc8%=-&2g
zisl2X^eQ?%1^pUM%V!HM!ZROY@L#>UW^p?0Z&?sN{5X9bJ~T`ODC^T#b>*9Fi!8|C
z#HkZJs+H{)V#Hxf3HTnza%6@I?QwUGzdn#8vll#dDX=e+RZTIep~9vrI}1LlQ(>5O
zL{S`0@?+d4{^W-F4kp8!`nnD6Bx03Eh2AaK`@Gu*D;UVjSWR{(P{c^4j#m}V^Dd?I
z!{y`rFw9=d&!;EH(4M!9Ord5QB9+cQMH|v>E8dWe&fWTiA(JQO#e3&dA@$C$aabf2
z@4*ZsE*Aak9vQxE8PC3COs<Y|3#ad;DwFbbRbix|MNKN%B8BzTCzXbDSc__;-<HXg
zGtipG%Ly&356_GFr{IAV2R_@{sx^;fP~tXQckielRvxzQw|iH7if20;P^p6GLS&&S
z2R2u$uP=#9OvvkWz)ja4uzj1D`>4fEDQ@R&9Z$;=N3-)O55F3x)gC`jS@0~yRA^Ck
zid?Es3795^ww(HZJ}vwx+M8d=_ZEr|8?jjQy26baAXFjJW*6Nz$NHQ!#UoDE-=HC3
zxRsz}9?Epw#Hmp80-nfDm}cnGHlZo}HF&_Czmr%hC7E1nPHW=j{=A<@&4_FbS_>I$
zc+UE?n4>jrj;6*gP}zD?R!`qnWyYn<&ioVpNcuvqu_;UALLEcx5L(cbu;}QRBXA>$
zElzvEK2Xc=b=&e)guxp^0d%sCB?`@Nb<KtlL616xipfH>9Jv*O>(wnORau9L!FDf-
z9tfe{*0N;c_cSQo+SuFKG|I@5&tB_l{9go@rBGMlP`b`&DK;9k(@JuDR)6D((wQFP
znkl=F9&u0RXoAG&YE#y~Y&~e^TFI28c|Q<QIYk2~KRBm~Gw2W~<Xg<~7Q&Z1%_3Ow
zx^D7oph$Ca((BAybvb<YkAYtGjCraEk#K6G0|0pc3iM9S?lxejpIK(ErmgiN7a?3?
z&WG^oVEFYqJ665o^o-i}aOVBJ5|fe8LWA(!Tv$KcQ}wk0jY$2Zcc^N?wA1*~L;a}|
zE$muwzhfB>jeY<Hx8}F763w6vNwO}~hr5Nvg%e?5w*mI{VM!l_vPG=3M)Og6Up0Xq
z>#bx;`ubPA^80~yiGFFi)bjV)$HM0NxpZIpfUt>!R}(?QWCuj%)i<<+@?*#OSPC4}
z-!5Ws4qo5CCs&=iR2D1X%;IZB9bp-|U}<AAlPnVhyJm{q$eYxfJwUb(Ew?tPZg4Iz
zQ?PWGM&3B5m&L+buUXJLR>>vewi#*j5>mA;OO?(0!i-^p{CwGOzGezoe5Chf{@G^H
zZD{=q-^bmLR24aDpWx^E!(1N7GVVSsr!L^|$n4)Hr`6LK>MLJ<*Ov3ai<Vs&b0w|!
z!@LhW&6+e#QC~Wm&<|2R=g~ssdzMhieX5nrmF80}{m+uw+Cc}|LX<Rg`rTssRvKNW
z68xJh!x~*y7*FvG%Wh|P(7h8Dgd36Fbsd_g!mte$2pst`Q)95cZ)bEyUg5TsMK26W
zH@C3%93^^@;4_g{3wpMCuYM1<6h8|#ey*3Xj<V)^M!93^u^~Ht<nL31Tt5B)nM3fE
zP&r(Rf~(|g#&3dc<>q=f*=ZCxtx!i<uv`4TAg@<-M|Bv~%q#q=zhS|JkWym)+@Q#E
z&#Cg$l3t_1kt}r&@6GOOIJmiyW6g*d_PA?1hOvt;3Fv3$%xlOV2B8QR?7+}iLE+7$
z)^*3Our^0i!ma_nHe6dDN?7g6E?8cAo+-W|5izjpLLB(Sfl{u^Qt5G*nO733EOFnv
z@0Q*vq(i=*KVUD3Vwk@bynmcAN|T^u?=tZ%b7BIAq3Z`wHp-uP<0LYw1Hs(?OkV5i
zE*zdB@>&SuED@r}HiMd~IYRB7fTmDK@K0VN+Qt8?tr21mk1<s3p(E{ER=&Z<JLIr!
zxC*Y-&o)=p<8zQ(r|w>oV~+(a>@O-VmT7JIN7}<~9bkBuHjhhINW#hLSk;L8m;rrO
zoHO}SswM7jfyldsYqiB>q?QEt#)gk;QX$<|C<OVRj8XyAZZXvXJIJ<a)2OB+^>jrM
ztupQo`qc7ilF4|VV%w(iR`}inD^Z^byO1_?su4VOmU0xJI}I)p0a#G5MrEe<$;Ylh
zD^MQpXP~6<I4Z23Ex3yG-mekf?dxi*G2s$WCgK0U88n`;lCZf}RYHaR@gNL|)d_~l
zE2VEce2xC167Zd=X!twGGC}A0ZoK!hHPVgw-H2zgr=50AFbaVe*VL>K>-dMomX9=X
zkW`hPM|jgatV19H`j=-55_hKUcngMuG9h;)KzT=Th6hOC_o@=lF46vpddBitgrNxP
z5h0qcgny-;vAzBOn1`U;?;|zl33QPQH}DYUiWYZ?T6jqf_id>ONc*JH7%8USLOI_w
ztNKw$Y4qM~Wc}pKyvMhQ4NteLr}9fQB8DeXlYMHTo7tpjsMOZvXK`+GOZwhqXfarI
z-?^n2-}|n~8G5Ow(2$rp`l3BUEq$sOtEHZ8o5kB`BwRVw`<Zf0;1Fy>Ww9!-kbsXo
zR8rj<Z%>EGKa;RS%ADV;sY;7imUI8&$iY<!xAbE}Y->%>Mf_Dkjj)ML;e~hQN?hu@
zu$_7%!|I$I&bZVDE9;10evI9IH&n)D^luMFD{CVhDC@pKKKkb+;yC-b*=lEB*b<_r
zDx5Hhl7v*DFV2M5se)cg_T7YY0J36i5`#>I&tcZ*vcP93<XippM##piG!9#XC~zwQ
zrfJdM5#jHHT;ElM7T-ceoM3_mNvc<mJ@2=eAu2(Q)1E*JFHnn{HKxI=yTpsdPiBRe
zXezrBcr)Tqo@;uurR2)stB=PWTw?I`lb+Kb9?!iwFZC^W8JFSJ@V{-b0T6rMS#pUl
zU-^14<0I&sh4}s~`~UQuE>6x++n)?hi{gg*a}fr*=H6h8$jspP289U_D$PjoxPn@=
z1}XdkY^`W(3%~hPJWqBWx1UP;GF{*bT=E{mkLaG$Vhi#o>jN>DmuT_hc03?}Q$57V
zD;`#1>pFVG{>2;z_=dZg99`EqT84S#2rE++v+CxN8AMw}OQonTnz3=3@9C_|h-}s+
zT_7^C`W5KH=!s%S$J$X+LbyF!^^}*2#qxWNL${;^_~hdkik56a9q*WdVIgwfjgd~0
znO(3*+O@|S<t%uv#@-<r=aLksHNw3(s&P}|KCmnAEDlL@ycF<yzP~aXwHclTlA|nT
z4j!B6R&z@Ro?E$1K<=(2M<Q-OVC*YsLe#6wWB9V|8IGDF5;6zi|9ffR54Qg?|HCT;
zzZ&@aCg&f(pK~<ArTk^f^H<=nTRne5dl9MKFB?C<g8$x@{u2rSXkz~c{(qX(zuNh=
zefg&)7u<jUiT`M3{%Ymd=F^{6Zt?%I74@ruUz6HD4Sc=#n}I)5++U%8&mH~*0szgF
zf7Qe9nZ&Q~zx)5c!ue_b0{=Z4{6tG4*z?cwd-OY;4l$oR_zT+f-(tiD{5%Oj>=IA_
iK#>m>A89Qjl>7Igrig|h004lE_~almB3`<mzy1$|kB-Rz

literal 0
HcmV?d00001

