Security update

See SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF).

• Now requires elFinder 1.2 library
• Display unwanted files removal warning under watchdog
• %name and %language macro replacement fix
• CSRF fix

See SA-CONTRIB-2013-044 - elFinder file manager - Cross Site Request Forgery (CSRF).

• Now requires elFinder 1.2 library
• Display unwanted files removal warning under watchdog
• %name and %language macro replacement fix
• CSRF fix

• #44314 by bleen18 | CashWilliams: Fixed access bypass in Node access user reference Autocomplete Widgets for Text and Number Fields. - SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass.

• Issue #44314 by CashWilliams: Fixed access bypass in Node access user reference Autocomplete Widgets for Text and Number Fields.- SA-CONTRIB-2013-045 - Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) - Access bypass.

See SA-CONTRIB-2013-042

Consumers should not issue GET requests to /@entity_type/@id with HTTP Accept headers set to the expected format aynmore, since that could interfere with Drupal's page cache. HTML might be returned from that URLs that could break clients.

Example of URLs that are deprecated and should not be used anymore:

See SA-CONTRIB-2013-042

Consumers should not issue GET requests to /@entity_type/@id with HTTP Accept headers set to the expected format aynmore, since that could interfere with Drupal's page cache. HTML might be returned from that URLs that could break clients.

Example of URLs that are deprecated and should not be used anymore: