Function get_plugin_components() moved to extantion manager

As we need to keep all core meta files anyway (the only core file that
had been deleted but shouldn't be deleted is the .indexed file) and
plugins can keep care of their own metadata files using the
IO_WIKIPAGE_WRITE event there is no reason for using the expensive
metaFiles() function during the deletion of pages.

Sometimes pages aren't deleted from the index (that should be fixed,
too) and appear in the backlinks although they don't exist anymore.
This change hides them and hidden pages that shouldn't appear at all as
the backlinks view is an automatic listing. Hidden pages had been hidden
before the transition to the metadata index, too.

  * Fix selector in subtree loading callback
  * Remove HTML inconsistencies between AJAX and plain PHP lists
  * Unify icon and CSS class switching in dw_tree and dw_mediamanager

  * Increase HTTP cache time since the resources are timestamped on request
    anyway
  * Check userscript.js only once for JS cache validation
  * Use cache class

Empty to, cc or bcc fields could lead to an Internal Server Error:
malformed header from script. Bad header=No recipient addresses found...

This ignores warnings because of the (intentionally) missing url
parameter for the constructor of SimplePie_File.

This increases the indexer version in order to force a rebuild of the
search index in order to "repair" the search index that might contain
uppercase words

This reverts commit 1ca2719c as it is
now superseeded by a6b82e436e3d68a42a6556165d6aaf9249db44cd

This fixes a problem where JavaScript could be introduced through
specially crafted RSS feeds on a lower level than the commit from
yesterday (1ca2719c)

This also fixes a problem where JavaScript links could be introduced by
specifying it as an RSS URL: the resulting error message displays a
link to the broken feed URL. This patch makes sure there's no working
link for unknown protocols.

On certain PHP installations (it has been reproduced with PHP version
5.2.0-8+etch11) the indexer failed to lowercase words in the indexer
so the fulltext search was partially broken.

This fixes a security vulnerability where an attacker could introduce
JavaScript links into wiki pages by including a prepared RSS feed.

This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.

Since the password is no longer stored in the session, we need to use the login
cookie instead.