Fixed #11119 - Country picker sort order;
Fixed #12218 - File upload as attachment errors if no file is uploaded;
Fixed #12256 - Handling with Attachments incorrect;
Fixed #12362 - a smarty conflict with Gallery when both modules are in the same page or template;
Fixed a XSS vulnerability on POST and GET requests;
Fixed #11915 - XSS vulnerability on all form fields;
Fields are sanitised by default (see previous);
Added an advanced option for fields sanitization (see previous);
Fixed a vulnerability allowing to render any form knowing it's id or alias;
Added a new CSRF field to prevent Cross Site attacks;