Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.

Maintenance mode message might be misleading

Disable the cache updater when doing the encryption migration

Cleanup config.sample.php

Don't swallow errors in console.php

fix files external test run and add common-tests option

Add detection for invalid CLI configuration for settings page

Shares should have a least read permission

* Throw 400 when a share is created or updated without read permissions
* Added unit tests

Show time difference of last cron run instead of absolute time

Disable some server checks when running on HHVM

Ref https://github.com/owncloud/core/issues/10837#issuecomment-76516839

This change will log all failures that prevent the CLI cronjob from happening to the database and display a warning to administrators when an error happened.

To test:

1. Configure some invalid CLI php.ini settings
2. Enable the CLI cronjob and run php cron.php
3. See the errors printed and also in the admin page
4. Configure the CLI settings correctly
5. Errors should be gone.

Fixes https://github.com/owncloud/core/issues/13994

Use custom attribute instead of the div identifier

Otherwise problems arrive when a username contains characters such as an `@`

Fixes https://github.com/owncloud/user_shibboleth/issues/38

Fix cache update when doing a rename that overwrites the target

AppFramework StreamResponse

First stab at the StreamResponse, see #12988

The idea is to use an interface ICallbackResponse (I'm not 100% happy with the name yet, suggestions?) that allow the response to output things in its own way, for instance stream the file using readfile

Unittests are atm lacking, plan is to

check if a mock of ICallbackResponse will be used by calling its callback (also unhappy with this name) method
Usage is:

$response = new StreamResponse('path/to/file');

rename io to output, add additional methods and handle error and not modified cases when using StreamResponse

fix indention and uppercasing, also handle forbidden cases

fix indention

fix indention

no forbidden, figuring out if a file is really readable is too complicated to get to work across OSes and streams

remove useless import

remove useless import

fix intendation

Fix avatars in master