Signed-off-by: Guy Brand <gb@unistra.fr>

don't use form_makeTag() for blank.gif as empty attributes are not passed on (which resulted in a missing alt attribute)

These regular files were executable for no reason. They needed a special
rule for the Debian package, better to fix it upstream.

This functionality broke in recent updates to the cookie handling. This
patch makes it work again.
Binding to the session is now a functionality of auth_cookiesalt()

Note, any filenames encoded with the previous SafeFN scheme will need to
be converted to the new scheme.  Users of the old SafeFN scheme should
not use this new scheme until after converting their filenames.

Before this patch with a .htaccess file on a higher level in the
hierarchy with "Satisfy Any" it has been possible that the directory
protection didn't work as expected.

This was broken in 3a48618a

as discussed at
http://www.freelists.org/post/dokuwiki/tokenizer-cmd-in-indexer,1

This avoids having the blowfish encrypted pass stored together with the
decryption key on the same server.

When a plugin is installed in the wrong directory, the class loading
will fail. This patch tries to find the correct directory from the
plugin.info.txt (using the base key) and give a hint to the user on how
to fix this.

This merges the INDEXER_PAGE_ADD and INDEXER_METADATA_INDEX events and
introduces the new string keys 'page', 'body' and 'metadata' in the
event data. All plugins that use INDEXER_PAGE_ADD need to be adjusted to
use the key 'page' instead of 0 and 'body' instead of 1.