+ i18n: added French translation placeholder
* i18n: updated Norwegian Bokmål translation with changes from weblate (thank you kingu)
+ i18n: added some new strings
* list webget: return empty string when element field date_to_display has no value
* feeds, file.class: try using cURL first instead of file_get_contents
* events: trigger an event with multiple binds now return an array of identified results
+ events: added "tinymce_add_content_event" to allow extensions add custom content (or nv tags) in the tinymce editor
+ navigate.js: adding content to tinymce now opens a dialog when multiple options are available
+ extensions: additional security checks for extension package uploads
* filter some order variables used on application lists
+ added csrf protection on all application forms, including the login page
* setup: filter APP_OWNER contents to prevent XSS attacks
* cfg/globals: prevent running the file on direct access
+ themes: additional security checks for theme package uploads
+ added library HTML Purifier v4.12.0
+ added csrf protection on file uploads
+ added CSRF protection on some ajax requests
+ HTML Purify some fields to prevent XSS attacks
* nvweb object: relative theme path files were not processed correctly after security measures added
+ added security token in GET requests that modify or remove items
* extensions: preinit events were ignored
+ included library URLify for PHP v1.2 (and its dependencies) using composer
* templates: added security checks and transliteration (PHP >= 7) when using manual file path location
* apply new security protocol for all cookies used: samesite=Lax