fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mai

fix(mail): keep '&' intact in mailto links with multiple query params

Move the email-handling helpers (obfuscate, mail_isvalid,
mail_quotedprintable_encode, mail_setup) out of the procedural
inc/mail.php into a namespaced dokuwiki\MailUtils class plus a new
Mailer::configInit(), and add a separate MailUtils::obfuscateUrl() for
the mailto-href context.

The xhtml renderer and PluginTrait now build the link label and the
href separately: the address half is run through the mailguard
obfuscation, the query string is preserved verbatim with only HTML
escaping applied. This fixes #1690 — in 'visible' mode the previous
code rawurlencoded the entire address+query, turning '?' into '%3F' and
breaking multi-parameter mailto links; in all modes the query string is
no longer mangled by the [at]/[dot] substitution.

Core call sites (Mailer, auth, LegacyApiCore, common, the xhtml
renderer, the parser, the bundled config/styling/usermanager plugins)
are migrated to MailUtils directly. The old top-level functions and
PREG_PATTERN_VALID_EMAIL constant remain as deprecated shims with
rector mappings.

Tests for obfuscate / mail_isvalid / mail_quotedprintable_encode are
consolidated into a single _test/tests/MailUtilsTest.php and extended
with regression coverage for the multi-parameter, double-escape and
URL-shape cases.

Closes #1690
Replaces #1964

show more ...

updated rector and applied it

�� Rector and PHPCS fixes

Give explanation if no $conf could be loaded

Give explanation if no $conf could be loaded (i. e. DOKU_CONF pointing elsewhere)

Make is_ssl and baseurl use proper proxy checks

This should not only address #4455 but also ensures that the related
headers are only used when they come from a trusted reverse proxy chain.

reorder the init process

This makes autoloading and $INPUT available earlier

Remove check for deprecated E_STRICT

fix is_ssl() check

There was a global statement missing? This seems to have to been
broken in one of the recent merges.

Tests have been cleaned up but not changes in logic.

�� Rector and PHPCS fixes

Merge pull request #4104 from m-martin-78/xfhsupport

Add support for X-Forwarded-Host proxy header

fall back to empty (root) dir for base dir detection

When a basedir could not be detected, the default previously was '.'
resulting in a valid but weird URL (http://example.com/./doku.php). We
now d

fall back to empty (root) dir for base dir detection

When a basedir could not be detected, the default previously was '.'
resulting in a valid but weird URL (http://example.com/./doku.php). We
now default to an empty dir, resulting in a more sensible URL of
http://example.com/doku.php

This should not matter in real web server setups but will be in effect
while testing.

show more ...

coding style

Fixed bad copy/paste, sorry...

Check if trustedproxy is empty + changed behavior in is_ssl to match the same behavior

bugfix: trustedproxy is not a delimited pcre

Codestyle + check trustedproxies

Adjust code style to match dokuwiki's.

Secure the use of `X-Forwarded-Host` by checking against the https://www.dokuwiki.org/config:trustedproxy property.

Add support for X-Forwarded-Host proxy header

X-Forwarded-From and X-Forwarded-Proto are already used, so should X-Forwarded-Host.

Refactor autoloading, fix #4048

This refactors the auto loading stuff into an anonymous class and cleans
it up a bit.

It also ensures that plugin classes are not autoloaded when the plugin
is disab

Refactor autoloading, fix #4048

This refactors the auto loading stuff into an anonymous class and cleans
it up a bit.

It also ensures that plugin classes are not autoloaded when the plugin
is disabled. This however only works after the plugin controller has
been initialized.

We currently reference some classes of the config plugin in out
deprecated.php file resulting in these classes being loaded before the
plugin controller. Not a big deal I guess.

show more ...

Remove unnecessary parentheses

Use str_starts_with/str_ends_with

simplify is_ssl()

some simplification in getBaseURL after cleanup

code style: line breaks

code style: operator spacing

code style: indent fixes