"index.php" is still exposed by the Server class

[jtickle]

I have a feeling this is going to require some serious changes but we have got to completely eliminate 'index.php' from URLs the user can see and under every possible circumstance, prevent developers from ever exposing a URL that involves a query string passed directly to index.php.

To reproduce, call \Server::getCurrentUrl() when the current URL is /. It returns /index.php, it should return /.

Additionally, if a request is made directly to index.php.... I'm not sure how we handle this; forcing a redirect to / could confuse some people with misconfigured servers. I think that once we have "modes" implemented: in dev mode, it should report an error, but in production mode, it should 302 to /.

┆Issue is synchronized with this Asana task

[jtickle]

Note that I'm not suggesting we do away with query strings altogether; they have legitimate uses, for example, in Pagers. Of course those have their own AJAX-ey concerns, but the correct way to use a query string in your module is like so: http://mywebsite.com/some/list?start=20&limit=15