Fixed some internal references

Author: javiereguiluz

forms.rst

@@ -189,7 +189,7 @@ That's it! Just three lines are needed to render the complete form:
     Renders the end tag of the form and any fields that have not
     yet been rendered, in case you rendered each field yourself. This is useful
     for rendering hidden fields and taking advantage of the automatic
-    :doc:`CSRF Protection </form/csrf_protection>`.
+    :doc:`CSRF Protection </security/csrf>`.
 
 .. seealso::
 

http_cache/varnish.rst

@@ -62,7 +62,7 @@ If you know for sure that the backend never uses sessions or basic
 authentication, have Varnish remove the corresponding header from requests to
 prevent clients from bypassing the cache. In practice, you will need sessions
 at least for some parts of the site, e.g. when using forms with
-:doc:`CSRF Protection </form/csrf_protection>`. In this situation, make sure to
+:doc:`CSRF Protection </security/csrf>`. In this situation, make sure to
 :doc:`only start a session when actually needed </session/avoid_session_start>`
 and clear the session when it is no longer needed. Alternatively, you can look
 into :doc:`/http_cache/form_csrf_caching`.

security/form_login_setup.rst

@@ -243,8 +243,7 @@ The form can look like anything, but it usually follows some conventions:
 .. caution::
 
     This login form is currently not protected against CSRF attacks. Read
-    :doc:`/security/csrf_in_login_form` on how to protect your login
-    form.
+    :doc:`/security/csrf` on how to protect your login form.
 
 And that's it! When you submit the form, the security system will automatically
 check the user's credentials and either authenticate the user or send the