This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.

Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...

Fixes https://github.com/owncloud/core/issues/14228

This is not relevant anymore since we require PHP 5.4

Still not correct but it is a small step

Makes my IDE happier.

implement php code checker to detect usage of not allowed private APIs - including console command to check local code to be used by developers

In line 161, "SQLite" has now the same capitalisation as in line 159.

Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".

We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.