I also adjusted the coding style to match our other JS classes

As discussed on the mailing list [1] this patch replaces the
COMMON_PAGE_FROMTEMPLATE with a more flexible event to better intercept page
template use.

Plugin authors need to change their plugins. Details on the event are
available at [2]

[1] http://www.freelists.org/post/dokuwiki/COMMON-PAGE-FROMTEMPLATE-event
[2] http://www.dokuwiki.org/devel:event:common_pagetpl_load

When a <select> tag has the class "quickselect", this script will
automatically submit its parent form when the select value changes.
It also hides the submit button of the form.

This patch allows to use the placeholders in the search intro message that
will be replaced with the search term.

@SEARCH@ will be replaced with the search query
@QUERY@  will be replaced with the URL encoded search query for use in URL
         parameters

Please note that the replacement is don't on the XHTML *after* parsing and
rendering the intro wiki text. This means you can not use the query where
an ID would be expected.

Examples:

  This will work:
    [[http://www.google.com/search?q=@QUERY@|Google for @SEARCH@]].

  This will not work and will link to the page "search" instead:
    [[@SEARCH@|Your page]].

  You could use this instead:
    [[this>doku.php?id=@QUERY@|Your page]].

This patch supresses a warning in the adLDAP library when a password
change is attempted but fails due to the configured Active Directory
Password Policy. Instead of the error an Exception is thrown.

This change probably needs to be replicated in the user modification
function.

Patch sent to upstream.

this splits the long auth_cryptPassword() function into many member
functions of a new class PassHash which should make it more
maintainable and reusable for other projects.

This also adds two new methods djangomd5 and djangosha1 as used by the
popular python framework Django.

Maybe the auth_cryptPassword() and auth_verifyPassword() functions
should be deprecated in favor of using the class directly?

This reverts commit fa7c70ff.

For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which means that many acl rules that should be applied weren't applied.
So e.g. when you have read permissions for the root namespace but not
for a subnamespace you could add a leading ":" and the permissions for
the root namespace will be used instead of the permissions for the
subnamespace. This did not apply to writing pages and reading media
files, but writing and deleting media files have been concerned as well
as reading both plain and html versions of pages.

This only concerns installations where XML-RPC is enabled (default is
disabled) and XML-RPC is allowed for all or untrusted users.

This reverts commit 58a22bd0.

It was accidentally pushed to the repo.

This removes headers that are sent by PHP/the webserver anyway as they
are possibly wrong as e.g. when gzip compression is enabled in
inc/init.php (which does happen when the client supports gzip) the
content size is smaller than the one that was specified by the
content-length header and thus e.g. the Python XML-RPC client fails with
an error message because of the size mismatch. Additionally the content
encoding is now set to utf-8 in the http headers.

Sometimes (when using rewriting with the workaround for CGI mode
described at
http://www.besthostratings.com/articles/http-auth-php-cgi.html) the
HTTP_AUTHORIZATION variable is renamed, this change detects this
renaming and uses the renamed variable.