Security update

• by Marty2081, anon: Fixed output of entity title.
• #2363681 by MiroslavBanov: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'weight' in 'order clause'
• #2158107 by stefan.r, dsnopek, gmclelland, anon, MiroslavBanov, fabsor: files: link inserted does not point to download but to entity page ("/file/FID" instead of "/system/files/FILEPATH")
• #2133725 by skylord: No search results appearing

• by Marty2081, anon: Fixed output of entity title.
• #1969500 - Links disappearing on node edit (ACF problem).

SA-CONTRIB-2014-009 - Linkit - Cross Site Scripting (XSS).

Updates callbacks for debugging or removing a batch job to better protect them.

This is a security release. SA-CONTRIB-2015-007 - Htaccess - Cross Site Request Forgery (CSRF).

Some administration links were not properly protected. A malicious user could trick an administrator into deploying and deleting .htaccess files by getting them to request certain URLs, thereby leading to a Cross Site Request Forgery (CSRF) vulnerability.

No database change.

See SA-CONTRIB-2015-004 - Context - Open Redirect

• Use confirmation forms to prevent CSRF.
• Make some debug logs about who is receiving what emailed reports.
• Group log messages including their message variables so things like failed login attempts can be separated between different attempts to separate accounts.
• #1491032: logwatcher should not creates report and send email when report is empty