Names parsed from incoming emails are stored in the database as is. This
pull request addresses potential XSS vulnerability due to improper display
of unsanitized names. Going forward names will be scrubbed on create.

In both the client and staff interfaces, where the URL and request
parameters were echo'd back without any escaping

Consider closed date to determine ticket's last activity date. The net effect is closed tickets queue will be sorted by closed date.

Background: osTicket allows access to assigned open tickets (both personal
and team assignments) regardless of the assigned department or group. This
is necessary to allow staff to work on tickets in an otherwise restricted
department.

When a staff member closes a ticket, they're credited (ticket.staff_id is
set to staff's id) for the purpose of showing who closed the ticket.
osTicket mistakenly allowed continued access to closed tickets even when the
staff doesn't have access to the ticket based on departmental access.

Also removes the fetching of priorities separately and addresses sorting of
priorities by the ID field rather than the urgency field.

Include collaborator tickets on search by user.

Use a union query to avoid using DISTINCT and lots and lots of joins in the
from clause.

Initial tests seem to indicate about a 80% faster (~500ms down from ~800ms)
on querying about 9k tickets).

This patch introduces an automatic materialized view to speed database
performance when querying and displaying the ticket views. This can
eventually be extended to the search and advanced search features to speed
them as well.

The data from the dynamic form entries related to ticket details is copied
to a %ticket__cdata table. The %ticket__cdata table is then joined directly
to the other tables in the query for the ticket view. MySQL is magically
and dramatically faster using this method.

The downside is that the disk usage for the custom data is doubled, and the
time needed to update the dynamic data is at least doubled as the form
entries and the materialized view must both be updated.

This method should also extend well to other database platforms in the
future. It will be likely that most other database query optimizers will
have difficulty joining, scanning, and sorting the table models we have for
custom data fields.

This reverts commit e818fd2c.

Displaying field values on various pages and dialogs could result in cross
site scripting exploits.

Fixes osTicket/osTicket-1.8#296

Change recent activity date as opposed to create date on ticket view

- Tickets will recent replies from the user floats to the top.
- Priority still tops the effective

  * Upgrade to Redactor 9.1.7
  * Use a (x) icon from font-awesome for the dialog

Moved to an initial form which specifies the ticket's priority and issue and
changed the rendering to render things properly. Now the user can decide
where priority shows on the client side, and the priority privacy setting is
placed in the dynamic form wizard.

The standard form is added to every ticket without option. Extra forms can
be defined and associated with help topics which can additionally be added
to tickets upon creation. This allows for standardization of the dynamic
data location for searches and filtering.

Implemented advanced search for dynamic data. Along with reinstating the
basic ticket search on keywords

Implemented ticket filtering on dynamic data for both keyword searches as
well as searches for special fields (drop-down lists, etc.)

Phone number for users is now completely optional

This moves client information like name and email address out of the general
dynamic forms data for a ticket. It really paves the way for the first-class
user of the future.

*This is a major redesign / rework of the osTicket base*

This patch drops the concept of static ticket metadata and allows for an
admin-configurable arbitrary data that is attachable to tickets

The system is architected such that the base osTicket install now comes with
a "default" form that has fields for subject, name, email, and phone number.
This form is editable to allow for the addition of arbitrary other fields;
however, the basic fields must remain in order to be associated with a
help-topic and attached to a ticket.

This concept can be expanded to allow for arbitrary data associated with
registered clients or ticket thread items.

Forms are comprised of sections. Sections have a title and instructions
properties and a list of fields. Fields have various implementations to
represent different data such as text, long answer, phone number, datetime,
yes/no, and selections, and are configurable to define the look and feel and
interpretation of the respective form field.

Dropdown lists are represented as "Dynamic Lists", which are
admin-configurable lists of items. Dropdowns can be optionally represented
as Bootstrap typeahead fields.

This also adds the start of a simple ORM which will hopefully be expanded in
the future to support multiple database platforms. Currently, only MySQL is
implemented.

Drop required usage of MyISAM tables, and drop fulltext indexes as they
are not used in the code currently anyway. Also, use a blob to store
session data so as not to waste space with UTF-8 encoding. Lastly, fix
session_id storage to use VARCHAR(255) which is required for versions
of MySQL < 5.0.3, and use ascii for the storage model for the
session_id as it will contain simple characters only.

Show assigned to column based on flag - which now factors in if assigned tickets are being shown on open queue.

 -> Open - only contains unasssined tickets if 'show assigned tickets' is off.