fix problem when ldap returns no groups FS#2788

fix ldap deref option FS2798

Do not pass timelimit and deref settings to ldap_search. These values
should be set globally via ldap_set_option() instead (as we do for
deref).

treat empty AD credentials as NULL values FS#2781

Korean language update

we now require PHP 5.2.0 at least

moved X-UA-Compatible from meta tag to be sent by http header instead

make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (rando

make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.

show more ...

use HMAC in password reset token FS#2794

use HMAC for CSRF security tokens FS#2794

use hmac for external ressource hash FS#2794

use HMAC in media_token FS#2794

added HMAC support to PassHash class FS#2794

fixed references from old mysql authtype to new mysql plugin in mysql.conf example

fixed wrong use of quotes in authtype warning message

fixed broken default config options (FS#2789)

apply media_isexternal

tests for media_isexternal

Added media_isexternal()

fix some minor typos in fetch_imagetoken.test.php

Add check for token when resizing and caching external images

tests for fetch.php of external files

Update phpdocs of checkFileStatus

Support handle of images from ftp.
ml() can built url to these images, either fetch didn't accept them.

Add some tests about handling of semicolons
Informative as sample implementation too

Clean internal ids in ml(), that it matches with fetch.php
The resize token was broken because fetch.php cleans the id before the token calculation, while ml() uses the raw id