Fixed being bypassable of CVE-2019-6257 SSRF.

Changes form previous version All previous changes is here. [js:core] Fixed #2863 cssAutoLoad Array option is not working [js:core] Fixed #2862 stop autoSync when browser tab turn to background [cmd:search] Fixed #2867 support incremental search other than filename [VD:abstract] Fixed #2873 correct MIME-Type detection of “*.java” [js:extras:editors] Fixed #2879 adjustment save type of Photopea [js:resources:mixin] Fixed #2880 error “Uncaught TypeError” [VD:MySQL] Fixed #2883 problem that not uses tmpPath on _fopen() [js:extras:editors] Fixed problem of Online Convert by tag [ui:dialog] Fixed problem of dialog height by CSS percentage max-height [ui:cwd] Fixed #2865 add an option uiOptions.cwd.matekeyDragout [Security,php:core] Fixed being bypassable of CVE-2019-6257 SSRF And some minor bug fixes