This reverts commit 1ca2719c as it is
now superseeded by a6b82e436e3d68a42a6556165d6aaf9249db44cd

This fixes a problem where JavaScript could be introduced through
specially crafted RSS feeds on a lower level than the commit from
yesterday (1ca2719c)

This also fixes a problem where JavaScript links could be introduced by
specifying it as an RSS URL: the resulting error message displays a
link to the broken feed URL. This patch makes sure there's no working
link for unknown protocols.

On certain PHP installations (it has been reproduced with PHP version
5.2.0-8+etch11) the indexer failed to lowercase words in the indexer
so the fulltext search was partially broken.

This fixes a security vulnerability where an attacker could introduce
JavaScript links into wiki pages by including a prepared RSS feed.

These now simply wrap around jQuery

JavaScript functions adding behaviours based on IDs or class names where
moved to their own object into behaviour.js and where jQueryized.

Bug fix in email subject encoding

This fixes a problem with running the minified jQuery through the
compressor.

This patch adds a simple shell script to easily update the
jQuery/jQuery-UI+theme bundle to the latest available version.

The jQuery-UI CSS theme is now loaded in lib/exe/css.php (before plugin
and template styles - 3rd party authors can override the styles).

This avoids problems when the files are concatenated later.

Fix display in popularity plugin

This adds a DEPRECATED() JavaScript function. This function will print a
warning to the Browser's debug console if available (Chrome and Firefox
with Firebug extension) when ever it is called.

The DEPRECATED() function was also added to the $() function which
should no longer be used and be replaced with JQuery calls.

Other deprecated functions need to be identified and marked.

This was broken by the JQuery port. This patch makes the page search
work again and also removes the anonymous wrapper function around
ajax_quicksearch again.

Conflicts:
	lib/scripts/edit.js
	lib/scripts/locktimer.js

Some whitespace (at end of line) cleanup

The security token here doesn't improve the security as the other
requests that allow you to do the same thing aren't protected and I
don't see why locking or draft creation should be subject of XSRF
attacks.

This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.

Since the password is no longer stored in the session, we need to use the login
cookie instead.

Users with names like foo.bar still didn't receive the mail when user
foo edited the page. Now the two possibilities (space and end of line)
are tested instead of just a word boundary.