Security update

Changes since DRUPAL-6--1-3:

SA-CONTRIB-2010-067: Fix CSRF vulnerability in Views UI.

• #770006 by macdee: Taxonomy term default plugin mysteriously broken.
• #767146 by bangpound: Validation not passed down into row style plugin.
• #513396 by yhager and jcisio: Views trim was not multibyte safe.
• #550420 by blauerberg: Views RSS did not properly pass readmore flag from node to RSS item.
• #781296 by dereine: Node: Type "link to its node" option broken.
• #769010 by andrea.gariboldi: Overuse of query substitutions fails on some databases.
• #607418: Fix queries broken with "ambiguous nid" due to uncommon relationships.
• #768162: Revert inadvertant change to grid style behavior.
• #815392 by killes and dereine: Incorrect construction of $account caused accidental non-permanent change to $user->roles.
• #723454 by dereine: Upgrade from 5.0 could cause blocks for views with long names to lose configuration.

This release fixes an XSS security hole regarding FileField tokens.

This release of FileField fixes an XSS security hole and fixes permission handling in several areas. On the feature side of things, FileField now includes a more flexible API for better integration with 3rd party modules like IMCE and FileField Sources. FileField Meta now stores and exposes ID3 tags (Artist, Album, etc.) through Views and Token support.

This release fixes a security vulnerability with how some attributes are rendered.

See SA-CONTRIB-2010-063 - Studio theme pack - Cross Site Scripting