closes #5991

Since the Facebook API has changed and additional permissions are required for all users on a pod to cross-post, an additional 'authorized' flag is needed to be set for the Facebook service.
This flag allows either all users, one user or no users to use the cross-posting service.

Clarifies the situation for #5923, #5260 and #5085.

closes #5985

closes #5986

closes #5983

closes #5978

last renamed in 8386179f

closes #5970

closes #5968

closes #5967

- added in a836b06d
- removed in 49ea8c85

closes #5969

closes #5960

closes #5962

closes #5958

It seems ActiveRecord ignores .limit() if .find_each() is used to iterate the query (http://stackoverflow.com/a/6680541/1489738). Using .each() instead. Added a test.

closes #5953

closes #5945

closes #5941

closes #5937

closes #5936

merges #5931

Revert "Merge pull request #5852 from margori/3393-activity-stream-keeping-retracted-participations"

This reverts commit 096fa2dd, reversing
changes made to f7d11051.

- move to contacts.js
- use json
- move to aspects_controller
- add route
- rewrite test
- fix css in chrome

Fix the IE version number extractor to work without space between MSIE and the version number, close #5858

GET requests don't get any CSRF protection by Rails,
thus these sensitive actions should be better protected.

Thanks to @tomekr for the report.

Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.

also use double-quotes in the whole file