otherwise /foo/bar would be detected as a subfolder of /bar

THX @icewind1991

isSubDirectory() checks if a specified $sub is a subdirectory of the
$parent, this is needed to prevent file inclusions.

Actually, the current code is more kind of a "hack" which I always
struggle over if browsing through source. So this should be a much
better implementation.

The implementation is really straightforward:
- [realpath()](http://php.net/manual/function.realpath.php) expands all
symbolic links and resolves references to '/./', '/../' and extra '/'
characters in the input path and return the canonicalized absolute
pathname.
- [strpos()](php.net/manual/function.strpos.php) returns FALSE if the
substring wasn't found.

Since this is an absolutely critical piece of code, I'd like to ensure
that this is absolutely safe!

Update CONTRIBUTING.md

Thanks @eMerzh, could be especially needed as there are some platform specific issues like filename encoding under MS Windows

:oops:

Makes it at least better readable for me.

Move openid.php to apps repo

Conflicts:
	settings/routes.php

Add contribution file

Enhanced multiSelect

Add security section to admin settings to enable the HTTPS enforcement

Remove setContentTypeHeader()

Remove uneeded file 

This belongs to the apps repo.

`OC_JSON::success` and `OC_JSON::error` are calling
`OC_JSON::encodedPrint`, which already sets these headers. So this two
calls are uneeded duplicates.

logout.php is a legacy file, which isn't used anymore in the ownCloud
code.

Currently it only allows the admin to enable or disable the HTTPS
enforcement, but in the future it could be expanded to further options.

The HTTPS enforcement only allows the admin to enforce it, if he is
connected via HTTPS. (To prevent admins to enable it without a proper
SSL setup)

add more linebreaks, replace SQL LIMIT with param