If an attachment is submitted via the API and the filetype is rejected, the
file would be attached anyway. However, if the file was encoded base64, the
content would not be decoded.

If reading the remote_addr from X-Forwarded-For header, ensure that there is
no leading or trailing whitespace. If ip_binding is enabled for staff
sessions, this could cause unnecessary logouts

And ensure that the email address is trimmed to help matching against email
registered for previous tickets.

Anything that would happen after the last patch was applied would never be
logged, because the system would immediately indicate that no upgrade was
pending.

Conflicts:
	include/client/view.inc.php
	include/staff/ticket-view.inc.php

Fixes #575

Fixes #588

And include the new location of the install SQL script

Introduced with the multi-stream upgrader

Crypto wrapper - implements tag based en/decryption utils

Reviewed-By: Jared Hancock <jared@osticket.com>

Add password-reset signals for auditing

Reviewed-By: Peter Rotich <peter@osticket.com>

Avoid extra db query for schema signature

Reviewed-By: Peter Rotich <peter@osticket.com>

Ensure cookie path is set for the session cookie

Reviewed-By: Peter Rotich <peter@osticket.com>

Drop old mcrypt class

Which will help against clobbering session cookies against other PHP
applications shared on a parent domain of the domain hosting osTicket or in
a parent folder or virtual folder.

* Move migration scripted tasks to the stream folder naming them .task.php.
* Add a MigrationTask abstract class to server as the base of migration
  tasks.
* Move the migration tasks from class.upgrader to the new task files

Add web.config for IIS to serve the API

Reviewed-By: Peter Rotich <peter@osticket.com>

Sanitize log entries

Reviewed-With: Jared Hancock <jared@osticket.com>

Inline Attachments

Reviewed-With: Jared Hancock <jared@osticket.com>