Issue: Ticket Alerts vs Dept Recipients

task: Implement edit of task thread

If an alert is enabled for only the Department Manager and the Department Recipients field is set to No one, the Department Manager still receives a notification.

If the recipients field is set to no one, nobody should receive an alert regardless of what is checked on the New Ticket Alert selections.

To fix this, we can do a count of what the getMembersForAlerts function returns. This function compares what is set for a Department's group_membership in the database to the ALERTS_DISABLED constant to return a query set of members that should receive an alert. If the count is 0, we know that alerts should be disabled.

This fixes an issue where, for task threads, if an agent has the thread edit
permission, the agent was neither able to edit his or her own entries, nor the
entries of other agents.

Conflicts:
	include/class.dynamic_forms.php
	include/class.mailparse.php
	include/client/open.inc.php
	include/staff/templates/user-lookup.tmpl.php
	setup/test/tests/stubs.php

cli: Package Better Wording

FAQ Issues

cli: Package No File Permissions

Issue: Tickets Visibility

This commit ensures that an Agent with the 'See all tickets in search results, regardless of access' permission checked can see all Tickets in a search or a saved search, but does NOT see all Tickets within queues.

oops: .eml/.msg Missing Not Operator

Lint Fixes

issue: API Unexpected Data Warnings

issue: Queue Sort Title No Validation Error

This updates the variable name that determines if the current PHP version is
5.6+ from `$php56` to `$php56plus`. This will help other understand better
what the variable is/does.

This addresses an issue reported on the Forum where adding a new Sort Option
for Queues without a title fails without error. This is due to the
queue-sorting template that uses a new instance of the
`QueueSortDataConfigForm` form from a new instance of `QueueSort` rather
than the existing form with existing POST data/errors when a POST is
submitted. This updates the queue-sorting template to use the already
available `$data_form` form instance. This also adds an if statement to set
the `$data_form` if one doesn’t exist (this only applies to new modals
without a POST).

This addresses a typo where we are missing a not operator in class
MailFetcher when checking for no `$body` in the fetched attachments. This
adds the not operator so that the `if()` statement is properly executed and
we correctly set a fake body when there is none.

This addresses an issue where the `package` cli module is leaving out the
permissions on files. This causes the final ZIP archive to contain files
without permissions meaning the files are un-usable until you restore
permissions. This can make life difficult on people trying to install
osTicket with minimal knowledge as they wouldn’t know what is wrong.

This is due to the `setExternalAttributesName` method not shifting 16 bits
on the file "mode" which will not translate to binary. The file "mode" is
the inode protection mode for a file returned by the `stat()` method. It is
essentially a decimal representation of a file's permissions. Since "mode"
is in decimal format we need to shift by 16 bits to translate it to binary
so the archiver understands. Once the mode is translated to binary the
permissions are preserved.

This commit gets rid of PHP warnings. Additionally, it updates the lint tests to be more accurate.

Conflicts:
	WHATSNEW.md
	include/client/header.inc.php

This updates jQuery to the latest stable release of v3.4.0.

xss: XSS To LFI Vulnerability

This addresses a vulnerability found by [AkkuS CW](https://pentest.com.tr)
where a simple XSS attempt can lead to an LFI (Local File Inclusion) attack.
The issue stems from the system returning the unformatted file contents in
an error message when uploading a CSV to the User Importer. This formats the
contents before uploading so that if the contents are returned in an error
message they will not be executed by the browser which therefore prevents
XSS attempts and the possibility of an LFI attack. This also formats all the
user-created data sent to ImportError to prevent the same issue.

This addresses an issue reported on the Forum where `API Unexpected Data`
warnings are appearing in the system logs for the `thread_entry_recipients`
and `system_emails` keys for piped emails. This is due to the API request
validator that checks the keys of the API data; if a key's data is an array
itself it loops through the validator again to check the key(s) inside the
data array. This is fine for most keys but for the `thread_entry_recipients`
and `system_emails` keys the request structure does not contain the
necessary sub-keys to validate the data keys. This adds the necessary
sub-keys to the request structure so that `thread_entry_recipients` and
`system_emails` data keys can be validated.

issue: .eml/.msg Attachments

Ticket Link: Always return a link

Mailer: Allow for ability to pass -f option as from_address

Bug fixes and enhancements for v1.11

issue: Task EstDueDate

This addresses an issue where having the `%{task.due_date}` variable in a
Task alert template whilst creating a Task with an Assignee causes a fatal
error in the backend leaving the Create Task modal spinning forever. This is
due to the `getVar()` method for Tasks where the `due_date` case references
a non-existing method. This updates the referenced method to an existing
method so it gets the correct value and does not cause a fatal error.

jquery: Update Again