fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to

fix(auth): scope media ACL checks to the namespace

Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.

Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.

fixes: #4647

show more ...

updated rector and applied it

API: code style fixes

API: ApiCore tests fixed and extended

API: make responses sortable

All responses now need to implement __toString() so they can be easily
sorted or printed.

API: initialize responses explicitly

Instead of passing unknown arrays, explicit parameters are passed.
Revision handling should now work correctly since we can pass revision=0
but a mtime.

Reworked API definition

This cleans up the API:

* no more compatibility with obsolete wiki API
* no more difference between wiki.* and dokuwiki.* calls -> core.*
* use of optional parameters avoids

Reworked API definition

This cleans up the API:

* no more compatibility with obsolete wiki API
* no more difference between wiki.* and dokuwiki.* calls -> core.*
* use of optional parameters avoids double definitions
* use Response objects for complex results
* always use named primitives as input
* major cleanup of docblock descriptions

show more ...