Add generic 3way merge capability

Show change of file sizes in the revision log

add rel=noopener to links opening in new window

Textareas use CRLF, but internally we use LF.

Add an ACL check in page_findnearest, fix #1369

Translation update (es)

@scrutinizer-notifier noticed that the $pageid might be false when
page_findnearest looks for it.

Make cleaning optional in mediaFN, keep as default

reusing the diff colors as suggested by @selfthinker

As in wikiFN cleaning the id should be optional, but still the default, in mediaFN as well.

when a form was submitted with an empty input, that data should still
overwrite the preset value.

This is a security measurement supported in Chrome and Opera (and
probably other browsers soonish)

See http://mathiasbynens.github.io/rel-noopener/ for rationale

add conf as global in mediamanager.php

This adds 3way merge functionality to our DifferenceEngine stack. The
code was taken from the PEAR Text_Diff3 package and adapted to work with
our implementation.

For the curious:
Here's a short Origin tree of the different versions of the Diff code to
make clear how our implementation is related to the PEAR package.

-- original code Geoffrey T. Dairiki
   `-- Adaption for the Horde project
       |-- Adaption for phpwiki
       |   `-- Adaption for MediaWiki
       |       `-- Adaption for DokuWiki
       `-- Creation of PEAR Text_Diff

TLS fix for HTTPClient

This should fix the test problems errors in #1527. When requesting a
HTTPS URI from a HTTP only proxy, the initial connection is *not* TLS
secured. The URI scheme is only relevant when directly connecting.

This also changes the (wrong) assumption that everything on port 443 is
always TLS secured. Only the URI scheme should decide that.

This is to ensure that we use SSL/TLS if a custom port is defined an no
proxy is used.

Fixes #1526

Form TagCloseElements should conform to expectations of functions inherited from Element

Reflection based method export for remote plugins

make reuse of mediamanager popup easier

add support for new Django hashing methods

obfuscate auth passwords in config. fixes #1487

restoring of mediafiles failed

Translation update (ro)

The header() method of PHP is vulnerable to HTTP Response Splitting
attacks.

This change makes sure the URL passed to send_redirect (and thus to
header()) does not contain any control characters that would be needed
to execute such an attack.

Cleaning input is recommended anyway.

Translation update (pt-br)

missed a line in my last commit

This makes it easier to create tabs with an active tab (no need for
additional markup)