Issue #12545: Enforce XHTML strict output for all pages served

We should be using XHTML strict for the pages served up by MantisBT so
that browsers can quickly ensure that the MantisBT pages are valid/don't
contain errors.

This will require quite a fair bit of trial and error testing from the
developer end to ensure that the XHTML markup is valid on all pages.

Note: this WILL cause breakages - it's meant to. This is the only way to
really discover errors in the output we're sending to clients. Plugins
are affected too and need to be sending XHTML strict output as well.

core/html_api.php

@@ -301,8 +301,9 @@ function html_page_bottom1a( $p_file = null ) {
  * @return null
  */
 function html_begin() {
-	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">', "\n";
-	echo '<html xmlns="http://www.w3.org/1999/xhtml">', "\n";
+	echo '<?xml version="1.0" encoding="utf-8"?>';
+	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">';
+	echo '<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" >';
 }
 
 /**
@@ -318,7 +319,7 @@ function html_head_begin() {
  * @return null
  */
 function html_content_type() {
-	echo "\t", '<meta http-equiv="Content-type" content="text/html; charset=utf-8" />', "\n";
+	echo "\t", '<meta http-equiv="Content-type" content="application/xhtml+xml; charset=UTF-8" />', "\n";
 }
 
 /**

core/http_api.php

@@ -120,7 +120,7 @@ function http_caching_headers( $p_allow_caching=false ) {
  */
 function http_content_headers() {
 	if ( !headers_sent() ) {
-		header( 'Content-Type: text/html; charset=UTF-8' );
+		header( 'Content-Type: application/xhtml+xml; charset=UTF-8' );
 		// Disallow Internet Explorer from attempting to second guess the Content-Type
 		// header as per http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
 		header( 'X-Content-Type-Options: nosniff' );