Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.

The constants are required by the class constructor, which effectively
means before the autoloader is triggered.  This change fixes that issue.

  * Syntax error fixed
  * lock refresh event is now attached to the whole edit form since it bubbles
    up and we cannot be sure that the wikitext input exists on all edit forms
  * Updated findPos(X|Y)
  * Easier and less error-prone way of getting the section edit button in the
    highlight mouseover event handler

The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.

partly reverts previous patches to keep matching styles with other
DokuWiki buttons