While DokuWiki suppresses PHP Notices they are still a code smell and
should be fixed. This fixes some PHP Notices that occurred.

Some of these fixes could be refactored into nicer code once we move to
PHP 7 and get access to the `??` operator.

The HTML-spec[0] specifies:

> If the element has no label attribute and is not a child of a datalist element: Text that is not inter-element whitespace.

So a non-breaking space is valid solution.

[0] https://html.spec.whatwg.org/multipage/form-elements.html#the-option-element

$regex initialization added to clearify that it is passed by reference and filled from subroutines

When a page is marked as hidden (through the hidepages option) it should
not be indexed by search engines.

the new version of the validator is static. But it makes sense to use a
single point of entry anyway, so instead of adjusting the use of the new
class, prefer the function.

Various plugins access the form members directly currently.

Adjusted pattern for matching media links to properly handle a single '}' in the link text. Fixes #1587.

If an entry in the loop at `_tpl_metaheaders_action` has no content, skip this entry.

There are still some left in the DifferenceEngine code

This should fix some tests on PHP 7.1. The work is far from done, we
still have a lot of variables without proper accessibility defined.

This change breaks compatibility with php 5.3.7, but a standing
requirement for at least php 5.6 is declared in composer.json.

If the php documentation is to be believed, this change increases
security against pass-the-hash type attacks. (I do not have the knowledge
to assess the security differences between $2a$ and $2y$).

As a Sidenote: htpasswd shipped with apache2 2.4.10 (and probably,
other versions), when used with the -B (=bcrypt) option, produces hashes
marked with $2y$.

Nonewithstanding the actual support or non-support of $2a$ by the
apache2 'AuthUserFile' directive, the apache 2.4 documentation only
asserts support for the $2y$ bcrypt variant.
Therefore, this commit would make it possible for dokuwiki and apache2
basic authentication to share the same password file, in the case when
bcrypt is used.