* Fix selector in subtree loading callback
  * Remove HTML inconsistencies between AJAX and plain PHP lists
  * Unify icon and CSS class switching in dw_tree and dw_mediamanager

  * Increase HTTP cache time since the resources are timestamped on request
    anyway
  * Check userscript.js only once for JS cache validation
  * Use cache class

Empty to, cc or bcc fields could lead to an Internal Server Error:
malformed header from script. Bad header=No recipient addresses found...

This ignores warnings because of the (intentionally) missing url
parameter for the constructor of SimplePie_File.

This increases the indexer version in order to force a rebuild of the
search index in order to "repair" the search index that might contain
uppercase words

This reverts commit 1ca2719c as it is
now superseeded by a6b82e436e3d68a42a6556165d6aaf9249db44cd

This fixes a problem where JavaScript could be introduced through
specially crafted RSS feeds on a lower level than the commit from
yesterday (1ca2719c)

This also fixes a problem where JavaScript links could be introduced by
specifying it as an RSS URL: the resulting error message displays a
link to the broken feed URL. This patch makes sure there's no working
link for unknown protocols.

On certain PHP installations (it has been reproduced with PHP version
5.2.0-8+etch11) the indexer failed to lowercase words in the indexer
so the fulltext search was partially broken.

This fixes a security vulnerability where an attacker could introduce
JavaScript links into wiki pages by including a prepared RSS feed.

This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.

Since the password is no longer stored in the session, we need to use the login
cookie instead.

Users with names like foo.bar still didn't receive the mail when user
foo edited the page. Now the two possibilities (space and end of line)
are tested instead of just a word boundary.

This fixes the subscription user regex to really only not to match the
author of the change but to still match users who have that username as
substring in their username.

This adds a new rendering limit of currently 5 pages to the
p_get_metadata function. This means that in one request not more than 3
pages will be parsed/rendered. Pages for which the cache can be used
aren't counted. This should make the new cache modes safe to use and
should provide backwards compatibility while keeping the advantage of
rendering metadata on demand (i.e. imagine one included page out of 10
is updated, then the metadata for that page can be rendered, but when
you request a purge of the cache not 10 pages are rendered).

In this commit most of the changes to the p_get_first_heading function
are reverted and the title index is no longer used. This makes the first
heading functionality no longer depends on the search index of DokuWiki.
Maybe it can be added again later when the indexer provides a proper API
for getting metadata values for all or selected pages. The performance
of the p_get_first_heading function should be almost back to the
performance in Anteater as the simple cache of p_get_metadata is used
and also the limit of p_get_metadata is of course applied.

This changes the cache logic for metadata. It introduces a new mode that
tries to avoid rendering the page again for simple requests but still
updates the metadata when the page has been changed (but not when the
cache timeout has been reached or purge is used). It simply compares the
time of the last rendering with the last modified time of the page.

The old boolean $render parameter has been changed into an int with
three possible values. Compatibility for the old parameter is provided
using a check with is_numeric using the following mapping:
- false is still don't render (0 is the new value for that)
- true is using that new render logic which means that many plugins will
  still work unchanged even if they request a lot of data using
  $render=true (1 is the new value for that providing full compatibility
  in the case 1 has been used instead of true)

The default value for p_get_first_heading is now that new simple cache
logic, the default value for getting metadata is the cache logic which
should be used with care but is the only way to request (rendered)
metadata that can change because of plugin installations or upgrades.