server (pages): impleted CSRF protection: A basic CSRF protection has been implemented using CSRF token. The token is created on session creation, and checked on data post. The process should be fully automatic, and a hidden field is added in forms in sat_templates when csrf_token is present in template data (require to import input/form.html with context). If token is wrong on absent, an unauthorized error page is returned (and client ip is logged). Also don't use anymore inlineCallbacks in _on_data_post, as StopIteration exception are catched by inlineCallbacks, resulting in bad behaviour. As a further security, getPostedDate raise a KeyError instead of StopIteration is a specific key is looked for and missing. Added HTTP_SEE_OTHER status code in constants.

include MANIFEST.in ez_setup.py
global-include *.py
global-include *.ini
global-include *.po *.mo
global-include CHANGELOG COPYING* INSTALL README*
global-include *.sh
include src/browser/public
include themes
recursive-include src *.js
exclude *.sh
global-exclude *.un~
global-exclude *.pyc
prune output
prune html