Remaining mysqli_ install problems were fixed.
mysqli_real_escape_string() no longer expects the
first parameter to be link. install.php no longer
assumes the mysql extension, nor does it fail with
the mysqli extension. A parse error which occurred
while saving a new filter was fixed.
This release fixes a file upload vulnerability, injection vulnerabilities in filters, an SQL injection in the "manage user" page, HTTP header CRLF injection, and port XSS vulnerability in filters.