And also fixup custom data fields used in conditions

The filter concept will allow for more sophisticated concepts including date
formatting, and will also allow plugin interaction.

And add options for custom data form fields

CVE-2017-14396

xss: Cached forms data

Encode html entities of cached form data

Format the advanced search title so that it will not allow javascript

Fix crash editing thread entry with inline image

This commit addresses an SQL injection vulnerability in ORM lookup
function.

* ORM implementation failed to properly quote fields, used in SQL
statements, that might originate from unsanitized user input.

* AttachmentFile lookup allowed for key based SQL injection by blindly
delegating non-string lookup to ORM.

forms: Proper Field Deletion

Orphaned Tasks on Dept. Deletion

i18n: Fix getPrimaryLanguage() on non-object

Chunk long text body

Add TimezoneField

This addresses issue where upon deletion of a form field and all its
entry values, the field record wouldn't be deleted from the `form_field`
table. This links another issue where you can't delete a list if its
been a field before. This is due to the list delete() function that
checks for list field records in the `form_field` table.

This is necessary to force a particular timezone on a DateTimeField entry.
If timezone is not set then user's timezone is assumed.

Address edge cases where timezone mixups happens on DateTimeField

Allow datetime field to be timezone agnostic (not timezone aware) to display
the timezone used to set the field. The timezone of the last user or agent
that edited the field is used.