This bug occurs on systems where writing a zero-length string to an
empty file does not update the file's modification timestamp.

This leads to the messages.txt being downloaded almost endlessly, causing
long delays for logged-in users. Visitors are not affected, because the
messages.txt is only updated for logged-in users.

When a plugin file exists, we can assume it is the correct file and load
it without error supression. This makes it much easier to detect and
debug problematic plugins.

In some circumstances the username was set in latin1.

This prevents an "Illegal string offset" error in PHP 5.4 in the test
cases (the integration tests failed here with PHP 5.4).

Previously when in an event handler the same event was triggered again,
only the handlers for the second event invocation were all executed, the
handling of the "outer" event stopped after the handling of the inner
event as they both used the same iterator of the hooks array. This
caused caching bugs e.g. when both the include and the indexmenu plugin
were enabled as both of them load metadata in the cache handler which
triggers another renderer cache event.

This allows easier identifying of which version has been restored. (FS#2522)

This was fixed in upstream and the upstream tests caught this :-)

Input iteration counts are squared in the function and passing something
above 30 is giving integer overflows on 32 bit systems (and causes insane
iteration counts on 64bit systems).

this fixes the HTTP tests which do test the base class directly instead
of the DokuHTTPClient subclass

The error message when a non-existant editor was tried to load wasn't
escaped correctly, allowing to introduce arbitrary JavaScript to the
output, leading to a XSS vulnerability.

Note: the reported second XCRF vulnerability is the same bug, the xploit
code simply uses JavaScript to extract a valid CSRF token from the site

This allows us to distribute plugins that are disabled by default. We'll
may want to do that for a special unit test plugin

fixes passing null to event hook registration

This error hasn't anything to do with the rest of the -32600 errors.