Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, XSS hole in the Index Order page, and added anti-CSRF protection to the empty trash feature and the Index Order page (thanks to Nicholas Carlini for finding all these issues) [CVE-2010-4555]