Until we did some more research on compatibility we should stick with
what works, even when the RFC says otherwise.

Should we decide to change line endings to RFC conform CRLF, it should
be done on the whole body, not the signature only.

* master: (406 commits)
  msglint is HTTPS now. fixed failing tests
  URI scheme is only relevant for TLS if not proxy connection #1526
  use SSL if scheme is https
  add conf as global
  translation update
  avoid HTTP Response Splitting attacks via redirects #1513
  translation update
  another tiny tab CSS addition
  minor change to make tabs more flexible
  translation update
  adjusted for scrutinizer hints
  adjusted tests for reflection based method export
  first go at using reflection for remote export
  Fixes for the FR translation
  obfuscate auth passwords in config. fixes #1487
  add support for new Django hashing methods
  usie a strict comparison === instead
  use getNS() call instead of dirname()
  #1477:Search heading still displayed although search disabled
  Fix PHP7 evaluation order incompatibility
  ...

add conf as global in mediamanager.php

TLS fix for HTTPClient

This should fix the test problems errors in #1527. When requesting a
HTTPS URI from a HTTP only proxy, the initial connection is *not* TLS
secured. The URI scheme is only relevant when directly connecting.

This also changes the (wrong) assumption that everything on port 443 is
always TLS secured. Only the URI scheme should decide that.

This is to ensure that we use SSL/TLS if a custom port is defined an no
proxy is used.

Fixes #1526

Form TagCloseElements should conform to expectations of functions inherited from Element

Reflection based method export for remote plugins

make reuse of mediamanager popup easier

add support for new Django hashing methods

obfuscate auth passwords in config. fixes #1487

restoring of mediafiles failed

Translation update (ro)

The header() method of PHP is vulnerable to HTTP Response Splitting
attacks.

This change makes sure the URL passed to send_redirect (and thus to
header()) does not contain any control characters that would be needed
to execute such an attack.

Cleaning input is recommended anyway.

Translation update (pt-br)

missed a line in my last commit

This makes it easier to create tabs with an active tab (no need for
additional markup)

Translation update (ko)

Fixes for the FR translation

A few fixes.

multicheckbox without extra string input

remoteuser - Patch for default setting and improved checking in hasAccess()

we already do it for other passwords, so it makes sense to do it here as
well.

#1477:Search heading still displayed although search disabled

use getNS() call instead of dirname()

New Python Django application default to PBKDF2 with SHA256 as a
password mechanism. This adds support for that mechanism in our
password hasher class. This will be needed in the tests for the new
PDO auth plugin.

Fixes #1480

* master:
  refactor page saving and introduce COMMON_WIKIPAGE_SAVE