Fixup for the message-id tracking feature

Reviewed-By: Peter Rotich <peter@osticket.com>

Define ROOT_PATH in chrooted environments too

Reviewed-By: Peter Rotich <peter@osticket.com>

Include setup/tips.html in download package

Reviewed-By: Peter Rotich <peter@osticket.com>

Handle attachment filenames better

Reviewed-By: Peter Rotich <peter@osticket.com>

Previously, filenames saved in the database had the spaces changed for
underbars; however, other characters (such as commas and non-ascii
characters) presented issues with user agents downloading the attachments.

This patch handles the filename encoding for two special cases -- internet
explorer and safari, and provides the semi-standard RFC5987 method of
encoding the filename for the remaining browsers.

Attachments are no longer forced to be downloaded. It is up to the browser
to decide if the attachment should be shown in the browser or downloaded.

This patch also fixes a slight bug in the caching mechanism for downloads
concerning the last-modified time. The date sent to the browser was not
properly converted to GMT time, although the server claimed that it was.

Make phone ext optional for XML API

Reviewed-By: Peter Rotich <peter@osticket.com>

Use the correct Content-Type header for CAPTCHA

Reviewed-By: Peter Rotich <peter@osticket.com>

ROOT_DIR should be used to identify filesystem paths

Reviewed-By: Peter Rotich <peter@osticket.com>

Don't send emails for non-existent table

Reviewed-By: Peter Rotich <peter@osticket.com>

Some security inspection appliances and load balancers don't appreciate
something in the HTTP headers that is not a valid HTTP header. Furthermore,
the browser needs the Content-Type header to identify that the image is not
the PHP default of text/html

Historically, ROOT_PATH and ROOT_DIR contained the same value; however,
ROOT_PATH now points to the URL path where osTicket is installed, whereas
ROOT_DIR points to the file system location where osTicket is installed.

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

The mainly comes in when a MIME header which might contain a list of email
addresses (like Reply-To) is to be parsed, but is empty. The Mail_RFC822
class would return an empty mailbox @ localhost (where 'localhost' is the
default default_domain for mail address list parsing).

Remove requirement of external-ticket-id in subject line

Reviewed-With: Peter Rotich <peter@osticket.com>

This patch affords an administrator the ability to remove the
[#%{ticket.number}] from the email template subject line for the new ticket
autoresponse and the new message autoresponse. Previously, the ticket number
with a prefixed hash in brackets was used to identify which ticket thread an
email was in reference to.

With this patch, the email message-id (which was already kept on file) is
sent in the MIME "References" header. When a user responds to and
autoresponse email, the "References" will include this message-id in the
return email. The ticket thread is then matched up with the email based on
the message-id rather than the subject line.

Ticket numbers are still supported in the subject line, in the event that
non-compliant email clients do not properly include the References header.

Files _MUST_ be readable by Apache or IIS in order for the attachment
migration to complete and properly keep all attachments between osTicket 1.6
and 1.7

Don't leak private FAQ titles

Reviewed-By: Peter Rotich <peter@osticket.com>

Encourage sign-ups on the mailing list

Reviewed-By: Peter Rotich <peter@osticket.com>

Don't log the user out after changing account info

Reviewed-By: Peter Rotich <peter@osticket.com>

Require encryption.

Fixes #683

Search results on the client interface for knowledgebase articles would
previous show hits for the internal (private) knowledgebase articles. The
subjects were shown but the articles were not viewable.

This addresses the SQL logic issue causing the private hits to be shown.

overwrite vs. override

Reviewed-By: Jared Hancock <jared@osticket.com>

Also raise awareness of the hosted platform for osTicket

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

Support Reply-To headers in ticket filters

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix incorrect file attachment if filetype is rejected
Reviewed-By: Peter Rotich <peter@osticket.com>

Add files new to 1.7.1 to the download package

Reviewed-By: Peter Rotich <peter@osticket.com>

Copy typo on the site-pages management

Reviewed-By: Jared Hancock <jared@osticket.com>

 * web.config
 * pages/{.htaccess,index.php}

Fixes #667

Previously, the @ext attribute for the phone number field was assumed to be
included. An XML payload without the @ext attribute would have been
corrupted to include only the first digit of the phone number, which would
fail validation.

This patch correctly handles the XML payload without the @ext attribute for
the phone number. Subsequently, the <phone_ext> element is now also valid
(and optional as well).

Fixes #670