When using an background image in themes of type JPG, the current setting of owncloud's htaccess file does not allow to deliver these kinds of images as static content. Adding the file extensions as done in this commit, it works flawlessly.

In case Apache is configured with an `Alias` such as with the ownCloud packages the rewrite rules will fail when no valid RewriteBase is configured.

Otherwise `localhost/ocs-provider/` cannot be accessed if mod_rewrite is install
ed. Only affects master.

Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---

😢 Seems like Apache is inconsistent fun between versions. Let's remove it thus for now.

Some httpd versions have problem with the old logic leading to resourced served with multiple headers.

This can now be achieved using the new code signing.

When `DirectorySlash off` is set then Apache will not lookup folders anymore. This is required for example when we use the rewrite directives on an existing path such as  `/core/search`. By default Apache would load `/core/search/` instead `/core/search` so the redirect would fail here.

This leads however to the problem that URLs such as `localhost/owncloud` would not load anymore while `localhost/owncloud/` would. This has caused problems such as https://github.com/owncloud/core/pull/21015

With this change we add the `DirectorySlash off` directive only when the `.htaccess` is writable to the dynamic part of it. This would also make `localhost/owncloud` work again as it would trigger the 404 directive which triggers the redirect in base.php.

Makes `/core/img/favicon.ico` accessible again via web.

Fixes https://github.com/owncloud/core/issues/16164

See https://letsencrypt.readthedocs.org/en/latest/using.html#webroot

Required for routes that might otherwise collide with existing folders on the system

mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.

This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)

This reverts commit 68321efd.

This reverts commit d831c255.

Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.

Apparently a boolean in php.ini is according to the documentation "on" or "off"…

Fixes itself.

Fixes https://github.com/owncloud/core/issues/13657

PHP 5.6 otherwise throws notices for perfectly valid code which results in broken endpoints.

Fixes https://github.com/owncloud/core/issues/13592

Currently if a user does not replace the .htaccess file with the new update this can lead to serious problems in case Apache is used as webserver.

This commit adds the version to the .htaccess file and the update routine fails in case not the newest version is specified in there. This obviously means that every release has to update the version specified in .htaccess as well. But I see no better solution for it.

Conflicts:
	lib/private/updater.php