Add CSRF token to forms generated by fileuploader.

Diaspora added an X-CSRF-Token header to XHR made by fileupload.
Since fileupload doesn't think Opera supports XHR, it builds a form and submits that instead.
By adding a hidden authenticity_token to the form, Opera can submit the form without logging the user out.

public/javascripts/fileuploader-custom.js

@@ -1017,6 +1017,7 @@ qq.extend(qq.UploadHandlerForm.prototype, {
         var iframe = this._createIframe(id);
         var form = this._createForm(iframe, params);
         form.appendChild(input);
+        $(form).append($('<input type="hidden" name="authenticity_token" value="'+$("meta[name='csrf-token']").attr("content")+'"/>'));
 
         var self = this;
         this._attachLoadEvent(iframe, function(){