* In places where the CGI variable REMOTE_USER is read, support alternatively
REDIRECT_REMOTE_USER, which is used by the Apache HTTPD Server instead, when a
redirect was used.
Note: This alone is not enough yet, to fully support it in DAViCal. An analogous
change (commit 29ddd89baaf65bda2560e51665a2e761abef4147) is necessary in
AWL.
* Updated all addresses of the canonical git upstream repository and the issue
tracker to the new ones.
Conflicts:
po/de.po
po/es_AR.po
po/es_ES.po
po/es_MX.po
po/es_VE.po
po/et.po
po/fr.po
po/hu.po
po/it.po
po/ja.po
po/nb_NO.po
po/nl.po
po/pl.po
po/pt_BR.po
po/pt_PT.po
po/ru.po
po/sv.po
* HTML escape the remotely retrieved version string printed to the HTML in order
to prevent and attacks (if this would have been possible at all in 12
characters).
The version string read from the davical.org webserver might be changed by an
attacker in order to perform XSS.
Even though this is highly unlikley (there are only 12 characters used) it's
better to HTML escape any such string that is printed to HTML.
This was originally reported at:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703290
* Changed the end-of-line encodings of all non-Windows-related and non-autogenerated text files to use UNIX LF (lots of them had mixed LF/CRLF).
Conflicts:
inc/caldav-PUT-functions.php
