* naderman/ticket/7057:
[ticket/7057] Use GET for quicksearch and add session id to hidden fields
[ticket/7057] Remove trailing whitespace in functions.php
* ticket/bantu/10042:
[ticket/10042] GD CAPTCHA: Call phpbb_mt_rand() where required.
[ticket/10042] GD CAPTCHA: Round offset to the next pixel.
[ticket/10042] Add mt_rand() wrapper which allows swapping $min and $max.
Calling flush() when output buffering is enabled causes output to be
duplicated. Besides phpBB enabling output buffering for gzip compression,
output buffering may be enabled externally to phpBB via output_handler
or output_buffering directives in php.ini.
Use ob_get_level to determine whether output buffering is active and
call ob_flush in that case.
PHPBB3-10191
Output buffering may be enabled via various approaches, among them:
* output_buffering in php.ini;
* output_handler in php.ini enables output_buffering;
* ob_start call.
ob_get_level allows us to query php runtime for the actual output buffering
status.
PHPBB3-10188
phpass (the hashing library we use) adds a hash identifier to every
hash. By default this identifier is '$P$'. For some reason we have
changed it to '$H$'.
This patch allows both of them to be used for authentication, so that a
third party system could create users with '$P$' hashes.
PHPBB3-10101
Update $config['rand_seed_last_update'] before updating $config['rand_seed'] in
unique_id() to mitigate a race condition and unnecessary updates on heavily
busy boards.
PHPBB3-10100
* ticket/bantu/9859:
[ticket/9859] Remove the years from the copyright statements in docs files.
[ticket/9859] Remove the year from the copyright meta tag in docs/*.html
[ticket/9859] Remove the meta copyright tag as well.
[ticket/9859] Remove the credit line comment from all html files.
[ticket/9859] Remove years in credit line from some more files.
Rename $unicode to $unicode_support, pass in $use_unicode defaulting to true.
In unit tests we can now pass in $use_unicode as false and also test the code
path that is taken when PCRE does not support unicode.
PHPBB3-9933
Since unread posts search can produce a high server load in certain
circumstances, we implement a switch for ACP "Load settings" to have an option
to disable this type of search.
PHPBB3-9613
style.php takes a session ID to ensure it gets the right language for a user,
but that session ID is always passed in GET. This allows change allows the SID
to be read from the cookie, and theoretically makes it friendlier for caching
engines like Varnish.
PHPBB3-9629
Introduce new function gen_rand_string_friendly() for user friendly random
strings like passwords and captcha codes. Strings generated by
gen_rand_string_friendly() will not contain the characters 0 and O.
By adding a new function we can increase the entropy of strings
generated by gen_rand_string() by putting 0 and O back in.
PHPBB3-9612
