This commit addresses an SQL injection vulnerability in ORM lookup
function.

* ORM implementation failed to properly quote fields, used in SQL
statements, that might originate from unsanitized user input.

* AttachmentFile lookup allowed for key based SQL injection by blindly
delegating non-string lookup to ORM.

forms: Proper Field Deletion

Orphaned Tasks on Dept. Deletion

i18n: Fix getPrimaryLanguage() on non-object

Chunk long text body

Add TimezoneField

This addresses issue where upon deletion of a form field and all its
entry values, the field record wouldn't be deleted from the `form_field`
table. This links another issue where you can't delete a list if its
been a field before. This is due to the list delete() function that
checks for list field records in the `form_field` table.

This is necessary to force a particular timezone on a DateTimeField entry.
If timezone is not set then user's timezone is assumed.

Address edge cases where timezone mixups happens on DateTimeField

Allow datetime field to be timezone agnostic (not timezone aware) to display
the timezone used to set the field. The timezone of the last user or agent
that edited the field is used.

This addresses issues #1964 & #3668 where $cfg might be null and cause a
non-object error. Check if $cfg is set, if not return the default
en_US language.

Update README.md

Syntax Errors Hotfix

Fixes syntax error introduced with commit 71a6b2a0 & 6e0ddf2e

minor change fix the translation page url

Typo error missing a parenteses

Changes 'Permisions' to the correct spelling 'Permissions'.

i18n v1.10 translation issues

Fixes issue #3620. is_numeric changed in 7.0.0 causing causing the contact form and sometimes login to break. is_string works on any version. The upstream Spyc now uses regex to verify instead of is_numeric, in a way similar to this commit. Waiting on upstream to merge other customizations we've made.

Thanks @rayfoss  

Now sold exclusively without Crowdin commits.

issue template

Move orphaned tasks on department deletion to the default department

List Item Abbreviation

Loading Overlay

Display Loading Overlay when posting a response or a note to a ticket.

Can not update list item abbreviation because update() method is
expecting 'abbrev' key so this corrects the key.

* HTTP Option: TRUSTED_PROXIES (default: <none>
To support running osTicket installation on a web servers that sit behind a
load balancer, HTTP cache, or other intermediary (reverse) proxy; it's
necessary to define trusted proxies to protect against forged http headers.

* HTTP Option: LOCAL_NETWORKS (default: 127.0.0.0/24)
When running osTicket as part of a cluster it might become necessary to
white list local/virtual networks that can bypass some authentication
checks.

* Validate CLIENT_IP to make sure it's a valid IP address.

Encode html chars on helpdesk title

Ticket Filter Memory Leak

Task Duedate Timezone 

Defer to agent's timezone on due date `datetime` selection instead of
defaulting to GMT.