Make is_ssl and baseurl use proper proxy checks

This should not only address #4455 but also ensures that the related
headers are only used when they come from a trusted reverse proxy chain.

reorder the init process

This makes autoloading and $INPUT available earlier

Remove check for deprecated E_STRICT

fix is_ssl() check

There was a global statement missing? This seems to have to been
broken in one of the recent merges.

Tests have been cleaned up but not changes in logic.

�� Rector and PHPCS fixes

Merge pull request #4104 from m-martin-78/xfhsupport

Add support for X-Forwarded-Host proxy header

fall back to empty (root) dir for base dir detection

When a basedir could not be detected, the default previously was '.'
resulting in a valid but weird URL (http://example.com/./doku.php). We
now d

fall back to empty (root) dir for base dir detection

When a basedir could not be detected, the default previously was '.'
resulting in a valid but weird URL (http://example.com/./doku.php). We
now default to an empty dir, resulting in a more sensible URL of
http://example.com/doku.php

This should not matter in real web server setups but will be in effect
while testing.

show more ...

coding style

Fixed bad copy/paste, sorry...

Check if trustedproxy is empty + changed behavior in is_ssl to match the same behavior

bugfix: trustedproxy is not a delimited pcre

Codestyle + check trustedproxies

Adjust code style to match dokuwiki's.

Secure the use of `X-Forwarded-Host` by checking against the https://www.dokuwiki.org/config:trustedproxy property.

Add support for X-Forwarded-Host proxy header

X-Forwarded-From and X-Forwarded-Proto are already used, so should X-Forwarded-Host.

Refactor autoloading, fix #4048

This refactors the auto loading stuff into an anonymous class and cleans
it up a bit.

It also ensures that plugin classes are not autoloaded when the plugin
is disab

Refactor autoloading, fix #4048

This refactors the auto loading stuff into an anonymous class and cleans
it up a bit.

It also ensures that plugin classes are not autoloaded when the plugin
is disabled. This however only works after the plugin controller has
been initialized.

We currently reference some classes of the config plugin in out
deprecated.php file resulting in these classes being loaded before the
plugin controller. Not a big deal I guess.

show more ...

Remove unnecessary parentheses

Use str_starts_with/str_ends_with

simplify is_ssl()

some simplification in getBaseURL after cleanup

code style: line breaks

code style: operator spacing

code style: indent fixes

coding style: control flow line breaks

coding style: control flow whitespaces

coding style: function call spacing

codestyle adjustments: EOF new lines