Issue: SQL Error Unknown column '__relevance__' in 'order clause'

Update class.forms.php

Update class.list.php

Feature: canned response rendered using select2

This addresses an issue that was introduced by a previous attempt to
address the orphaned file query. The previous attempt addressed the
original issue but slowed database performance so this addresses the
performance issue.

This addresses an issue where osTicket did not ensure associated items exist
before saving to the database. This also addresses an issue where the Parent
Topic error was not displayed on page.

It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.

This addresses an issue on the Forums where the Auto-Assignment Thread
Event (configurable via Help Topic) uses the Email of the User rather than
the User’s Name. This adds the correct function to retrieve the User’s
Name if the User has an Account.

This addresses an issue where disabling Ticket Locks but setting a time
for the Lock Timeout will always throw a "lock required" error. This adds
a check to see if locks are enabled AND there is a time set. If locks are
disabled it will not throw the error.

This addresses issue 4329 where you can import a User with no email
address via CSV file. Once the User is added and you try to update them
with an email address it fails due to no default email. This updates the
check for email address from `!isset()` to `empty()` which will correctly
check for empty string.

This addresses issue 4322 where deploying via CLI is missing
`bootstrap.php`. This is due to the `get_include_dir()` function that
tries to include a file from the destination which doesn’t exist yet,
causing a fatal error. This updates the function to use `$this->source`
instead of `$this->destination` to correctly find and include
`bootstrap.php`.

This addresses issue 4325 where the Language Pack Locales are mismatched.
The Locale for the first language is displayed on the second language,
etc. This updates the `$manifest` variable to be set before we display
data so the correct `MANIFEST` file is included and all language data is
displayed correctly.

Address Security Issues On #4331

issue: Auto-Assignment Log

issue: Ticket Lock On Disable

issue: User Import No Email

This addresses an issue where disabling Ticket Locks but setting a time
for the Lock Timeout will always throw a "lock required" error. This adds
a check to see if locks are enabled AND there is a time set. If locks are
disabled it will not throw the error.

This addresses issue 4329 where you can import a User with no email
address via CSV file. Once the User is added and you try to update them
with an email address it fails due to no default email. This updates the
check for email address from `!isset()` to `empty()` which will correctly
check for empty string.

issue: CLI Deploy Missing Bootstrap

issue: Language Pack Locale Mismatch

This addresses an issue where osTicket did not ensure associated items exist
before saving to the database. This also addresses an issue where the Parent
Topic error was not displayed on page.

It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.

This addresses issue 4322 where deploying via CLI is missing
`bootstrap.php`. This is due to the `get_include_dir()` function that
tries to include a file from the destination which doesn’t exist yet,
causing a fatal error. This updates the function to use `$this->source`
instead of `$this->destination` to correctly find and include
`bootstrap.php`.

This addresses issue 4325 where the Language Pack Locales are mismatched.
The Locale for the first language is displayed on the second language,
etc. This updates the `$manifest` variable to be set before we display
data so the correct `MANIFEST` file is included and all language data is
displayed correctly.

This addresses an issue on the Forums where the Auto-Assignment Thread
Event (configurable via Help Topic) uses the Email of the User rather than
the User’s Name. This adds the correct function to retrieve the User’s
Name if the User has an Account.

This addresses an issue where the Help Text for Section Break fields does
not display custom Redactor styling correctly. Instead of displaying the
properly formatted Redactor content with it's styling it displays the
entire html for the Redactor content. This was due to the format method
used for the Section Break Field's Help Text. This updates the method from
`Format::htmlchars()` to `Format::display()` which displays the properly
formatted content. The content is also sanitized by `Format::sanitize()`
before saving to the database to avoid any chance of XSS.

This fixes an error where the ModelInstanceManager maintained a reference to
the QuerySet instance, and the QuerySet instance managed a reference to the
ModelInstanceManager instance (if it's the iterator for the query). Because
of the circular reference, if the iterator is not exhausted, then the
resource is not closed and the query remains open. This wastes memory and
prevents some other queries from running after such a situation happens.

This addresses the issue by removing the circular reference between the
QuerySet and the ModelInstanceManager.

Don't display the Close Task option if the current user can't close it...

This addresses an issue where some Vimeo videos are not being sent in
Agent’s responses. This adds `player.vimeo` to the sanitize method’s
iframe section so that the iframe tag is not stripped.

This addresses an issue where the 'DISABLE_AUTHENTICATOR' args were not
properly added to the `imap_open` params. This changes the `+=` operator
to `array_merge()` to successufully add the params.

This addresses a vulnerability where there was no `X-Frame-Options` header
which could potentially allow click jacking. This adds the
`X-Frame-Options: SAMEORIGIN` header so it will remove any chance of click
jacking. According to Mozilla Developer Docs:
```
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page
itself.
```