Security fixes:
* Issue: reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
* Issue: file upload denial of service (CVE-2014-0481)
* Issue: RemoteUserMiddleware session hijacking (CVE-2014-0482)
* Issue: data leakage via querystring manipulation in admin (CVE-2014-0483)
- caching framework may expose private data and/or allow cache poisoning
- stricter checking for valid URLs when redirecting based on user input,
e.g. on the login page
- fix a potential execution of undesired code via reverse()
- avoid leaking the CSRF token via caching of anonymous requests
- fix missing explicit typecasts for MySQL
