msgPool always returns escaped string because it may be used from
 smarty.
htmlescape now calls htmlspecialchars instead of htmlentities, allowing
 to escape strings with % without losing sprintf capability.

issue #6071

issue #6071

issue #6065

issue #6057

Also global_is_set to is_set.

issue #6024

issue #5997

Now $interactive parameter is used to indicate if standAlonePage
 instance should take care of config and session setup or not.
The webservice uses this to use password recovery programatically.

issue #5996

issue #5955

Basic fixes like identation

issue #5955

issue #5956

issue #5854

This is a work-around to avoid javascript injection. The better way
 would be for msg_dialog to escape error text but that would cause
 problem elsewhere, so in the mean time we escape here.

issue #5918

It will be the same as headline when available. It’s also set in login
 and recovery pages.

issue #5898

This should fix CSRF crashes with recovery

issue #5854

issue #5854

Resolve "Security: Missing Security Headers"

See merge request fusiondirectory/fd!303

(cherry picked from commit 7d9a58d9)

4a182d01  feat(core) Add header to forbid framing

For PHP<7.0, we fall back on openssl_random_pseudo_bytes from openssl module.

issue #5843

issue #5831

This also fix the workflow to make sure the language in the header is
 correct in all cases.
A PHP error is triggered if setlocale fails or if the wrong language
 header was sent.

issue #5820

There are some left in datepicker.js because of a bug in the sniffer,
 I did not find a way to fix that yet.

issue #5690

- Add copyright
- Remove odd looking icon and version
- Add a way to navigate back from password recovery
- Add icons to password recovery fields

Conflicts:
	html/class_passwordRecovery.inc

Used in webservice

Used in webservice

Conflicts:
	html/class_passwordRecovery.inc