apply media_isexternal in ml()

fixed syntax fuckup

AUTH_PASSWORD_GENERATE event added

This is needed to replace the password generator by a plugin
implementation. Related to PR #166 and FS#2147

Korean language update

we now require PHP 5.2.0 at least

make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (rando

make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.

show more ...

use HMAC in password reset token FS#2794

use HMAC for CSRF security tokens FS#2794

use hmac for external ressource hash FS#2794

use HMAC in media_token FS#2794

added HMAC support to PassHash class FS#2794

fixed wrong use of quotes in authtype warning message

apply media_isexternal

Added media_isexternal()

Add check for token when resizing and caching external images

Update phpdocs of checkFileStatus

Support handle of images from ftp.
ml() can built url to these images, either fetch didn't accept them.

Clean internal ids in ml(), that it matches with fetch.php
The resize token was broken because fetch.php cleans the id before the token calculation, while ml() uses the raw id

Added comment to DiffFormatter _escape() method

Clarify use of _escape() method in base class.

Fix wrong config key in deprecated auth message

tar library: another fix for lone zero blocks

ensure security token is included in media url when resize parameter is passed in string form, e.g. 'w=80'

Indexer: Remove broken and dead readdircache code FS#2771

The code that is removed in this commit has either never been used
(listIndexLenghts) or was completely broken (cacheIndexDir) and was
intro

Indexer: Remove broken and dead readdircache code FS#2771

The code that is removed in this commit has either never been used
(listIndexLenghts) or was completely broken (cacheIndexDir) and was
introduced in the indexer rewrite in 2010. The idea of the rewrite was
to update the readdir cache after every index change instead of on demand.
What the code actually did was removing every updated index from the
cache as it used a wrong if condition. Simply fixing the condition
wouldn't fix the problem as then only updated indexes would be added to
the cache and furthermore the rewrite simply ignored the readdircache
setting. For now the safest solution seems to be removing the code. It
could be added again in a changed form in a future version.

show more ...

Indexer: Fix wrong suffix parameter

The suffix parameter is only for the word length in the word index and
not for the metadata index.

Japanese language update