1. Added session-update.tcl, a small utility which somewhat safely allows
you to put up a link that changes a session_property, for instance to
change the number of items displayed or that sort of thing. The caller
must sign their values and URL, which are verified by the callee via
ad_page_contract. If the referrer doesn't match the signed expected
referrer, you get bounced. I think this is reasonably secure (though
permissions should always be rigorously checked on all pages, of course)
2. acs_events had an html_p flag in the datamodel but no way to set it.
Fixed. It should really be a mime-type but since it's not using the
CR, and since I'm extremely busy with other stuff, I didn't fix it.
3. While doing #1 above I learned that signing and verifying arrays didn't
quite work. Fixed.
4. Found and fixed a small problem with my earlier work on the currency widget.
