If the file system containing the PHP code is case-insensitive, a
request containing an uppercase file extension will return the
contents of the PHP file to the browser instead of executing it.

E.g. a request for this URL will return the source code:

  https:/sp.example.org/simplesaml/module.php/core/frontpage_welcome.PHP

Fix that by converting the path to lowercase before checking the file
extension.

See the following page for details:

  https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-24m3-w8g9-jwpq

* Migrate assertions to Webmozart

Broken during refactoring in 6607b7fb

Non-file-upload crashed on Symfony request building.
File upload crashed because of not using the actual path.

* Added Kernel class to handle request

* Kernel handle request

Kernel is loaded in SimpleSAML\Module class
Removed Router and ControllerResolver classes

* Added route command (squash)

* Use symfony application and cache

* Updated to today's standards

* Fix for Symfony4 & Catch environment from ENV variable

* Standardize location of routes/services files

* Trying to make slashes work properly in all situations

* Convert XML to YML

* Fix some template-names and endpoints

* Rename Controller-classes

* Update dependencies

* Fix routing files

* TooManyArguments

* Fix TypeCoercion

* PSR-12

* Fix rebase mistake

* Rebase lock-file

* Fix Psalm

* Add strict_types declaration

Co-authored-by: Sergio Gómez <decano@gmail.com>

* Raise minimum PHP version to 7.0

* Remove tests pre-PHP 7.2

* Upgrade dev dependencies

* Ignore tests for deprecated class

* Add typehints; not touching public API

* Remove none-array replacements-param; old behaviour from pre-1.4 release

* Psalm fixes

* Add upgrade notes

* PSR-12

Closes #1227

PSR-12 compliancy

* Ensure getConfig* functions can only return Configuration

* Cleanup after #1189

* Deprecate Configuration::getConfigList

This resolves #1023, resolves #1093 and closes #1095.

Fixes for the remainder of lib/SimpleSAML

This introduces the following:

- The use of Request objects to handle request data to controllers.
- The use of Response objects to model responses that should be sent to the browser.
- The use of "controllers" that are responsible for translating a request into a response.
- The possibility to define your own URLs on each module by specifying them, together with their controllers, in a "routes.yaml" file in the root of a module.
- The new UI is completely separated from the old, so "usenewui" must be set to "true" in the configuration.
- Twigified templates are not used unless we're using the new UI, or the twig template is part of a theme.

Doing so allows us to mock the class. Otherwise, the _autoload_module.php is always called first, and when it tries to register the functions from that class, it automatically autoloads it, making it impossible to mock it afterwards.