Misc::randCode does not generate significantly random data for Windows
platforms with a local database. This stems from the random seed using the
milliseconds from the current time of day and the database connection time,
in microseconds. Because Windows has especially poor sub-second time
resolution via the microtime() function, the seed does not have many
variations.

This patch addresses the issue by using the included Crypto::random()
function as a source of random data rather than the mt_rand() function, as
it uses native cryptographic random data generators if possible to generate
the data, and uses microtime() as a fallback if no other source of random
data is available on the platform.

This fixes a slight issue where the team members would never be included on
the new message alert. Now, the system will send to either the assigned
staff member, if any, or the members of the assigned team, again, if any.

Files upgraded from versions of osTicket prior to 1.9.1 did not have a
`signature` field in the database. For caching purposes in generating the
Etag HTTP header, the getSignature function cascades through the getKey
method. This may be inconsistent in the signed URL creation.

This patch adds a cascade flag to the getSignature method so the cascading
will not happen unless specifically requested.

Don't add to endTime if not already set

Show the form title on edit instead of "Custom Form" - which can be
misleading since the user might be editing a built-in form.

If a new ticket is assigned to both an individual agent and a team, do not
send the email alert to the team lead or the team members.

This patch changes the ticket filter system so that it can be recursively
looped to allow for banning and matching on the reply-to address and name.

This script adds a single download script, 'file.php', which provides access
to files of all types to all users. It uses a HMAC signature system with an
expires time, which allows signed URLs to be sent to external users.

This also fixes an issue with the Http::cacheable() method, where the
last-modified and Etag headers were not properly compared, which resulted in
permanent cache misses by the client.

Use http::build_query instead of inline urlencode

  * Fix incorrect mapping to user email address
  * Fix early rejecting of tickets — even if a filter earlier in the
    matching filter list had "stop on match" set
  * Fix ::stopOnMatch referring to incorrect db field

The new logic abandons the early rejection logic in ticket create. Instead,
the normal validation is completed as usual. Thereafter, the filter is
initialized and applied to the ticket. Upon rejection, a RejectedException
is thrown by the ::apply() method of the TicketFilter. The Ticket::create()
method will handle the exception and reject the ticket.

Stop trampolining links via l.php. It was necessary before in order to avoid
the potential of leaking ticket number & email. The authentication mechanism
in place now redirects on successful login.

This is necessary so we can sanitize/encode inputs.

This patch changes the default formatting for text bodies used in emails,
ticket thread, and canned response quoting so that white-space in text
bodies is properly preserved. Previously, the text was treated as raw HTML
and was not properly escaped, nor was the original whitespace preserved.

This patch adds a ::getAlertEmail() method to the Department class, which
allows administrators to use the department email address (normally for
replies) as the alert email address. If not specified, the system alert
email address is retrieved instead, automatically.

This affects new ticket by staff as well as honoring the influence of ticket
filters on new ticket, where the status may be set to something other than
the system default. Even the system default may be influenced if it were set
to a closed state derivative.

So the concept is simple: the new status should be set using the standard
logic so that the closed_by staff member, date, events, and other
information is set as normally is when a ticket is closed.

This resolves #1570

This patch removes the selection of canned responses as well as the canned
responses navigation page from the ui when the canned responses feature is
disabled.

Allow usage of something like `%{ticket.user.organization.var}`

Faq articles should be viewed in the .thread-body div in the client portal
like they are in the staff portal.

Since the automatic lock was being acquired but not passed to the autoLock
system, the automatically acquired lock was not being release on away
navigation.

This patch addresses the issue by passing the automatically acquired lock id
to the autoLock system on ticket-view page load and change the ::Init()
method so that the lock id is not cleared with the ::Init() method is called
by the page load.

Ensure that when generating the list of acceptable file extensions, that the list is lower cased, because the extension from the filename will be lower-cased before attempting to find the extension in the list of acceptable extensions.

Do not reopen closed ticket, if the system can reliably determine that the new message is an
auto-response/reply from the end user.

- Allows the string "false" to be used in the XML payload as the documentation demonstrates, and have that be interpreted as a boolean false.
- Switching $alert/$autorespond to use isset(), and forcing those variables to be type-casted to booleans.