1. Added session-update.tcl, a small utility which somewhat safely allows you to put up a link that changes a session_property, for instance to change the number of items displayed or that sort of thing. The caller must sign their values and URL, which are verified by the callee via ad_page_contract. If the referrer doesn't match the signed expected referrer, you get bounced. I think this is reasonably secure (though permissions should always be rigorously checked on all pages, of course)
2. acs_events had an html_p flag in the datamodel but no way to set it. Fixed. It should really be a mime-type but since it's not using the CR, and since I'm extremely busy with other stuff, I didn't fix it.
3. While doing #1 above I learned that signing and verifying arrays didn't quite work. Fixed.
4. Found and fixed a small problem with my earlier work on the currency widget.