Merge branch 'install_34_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_34_STABLE

Private files uploaded by email will now honour the file quota limit,
because the filesize is set correctly and checked against users'
remaining personal quota limit. Previously, attachment size was always
set to zero, and quota was checked against the draft area (this is
not valid for email uploads, because each file is moved out of the
draft area as it is processed, so multiple files totalling greater
than the remaining quota would still pass the check).

Merge branch 'install_34_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_34_STABLE

Use blanktarget option on all comments to prevent malicious links.

This fixes an exploit where you could alter the 'Content-Type' of the
request and bypass the case-sensitive check 'strstr'. For example,
setting it to 'application/x-www-FORM-urlencoded'. However, changing
this to use 'stristr' was also not an acceptable approach as you
could also bypass it by setting the value to 'multipart/form-data'.

Stop a "logged in as" session from accessing the user's dashboard
to prevent user JavaScript from being executed in the logged in
as session

There are possibly some further improvements that can be made to:
- export_discussion_data
- export_all_posts

This is a back-port of MDL-63260

This fix is based on some original code written by Bo Pierce.

Merge branch 'install_34_STABLE' of https://git.in.moodle.com/amosbot/moodle-install into MOODLE_34_STABLE