Security update

This release addresses the following issues compared to the latest stable release in this branch (6.x-2.2).

#1398900: Trying to get property of non-object when editing user with no FCKeditor access

Contains a fix for SA-CONTRIB-2012-040 - (F)CKeditor XSS, arbitrary code execution.

• Prevents XSS in output. See SA-CONTRIB-2012-038 - Views Language Switcher Cross Site Scripting (XSS) for details.
• Added ability to override output via theme layer
• Better handling of multi-display Views
• Better caching

This release fixes an access bypass vulnerability due to insufficient use of node_access(). See SA-CONTRIB-2012-037 - Slidebox - access bypass for details.

Notice: this is a security update. If you are running any earlier version of Language icons from the 6.x-2.x branch (e.g., 6.x-2.0), you're potentially vulnerable. Please upgrade to this version immediately. See SA-CONTRIB-2012-039 - Language Icons - Cross Site Scripting (XSS) for more details.

Changes since 6.x-2.0:

Notice: This is a security update. If you are running any earlier version of Language icons from the 7.x-1.x branch, you're potentially vulnerable. Please upgrade to this version immediately. See SA-CONTRIB-2012-039 - Language Icons - Cross Site Scripting (XSS) for more details.

• Fixed js bugs for Internet Explorer versions < 9.
• Values are now properly removed from the selection list.
• Issue #1302636 by reujwils: Fixed Autocomplete Deluxe for core numeric field types.
• Issue #1326512: Fixed problem with similar terms.
• Removed the limit on how many terms can be entered.
• Issue #1324120: Fixed bug, where values would disappear when pressing enter on a widget with single values.
• Fixed DOM-based security issue, which occurred when using a field with multiple values.