This addresses an issue reported by Vincent Monier (Xenos) where posting a
single `</div>` tag as a message or response via the UI will break the HTML
Thread Tree view. This is due to the `html_balance()` method not cleaning
empty div tags. This adds `'div'=>1` to the empty tag array so that any
rogue div tag + any empty div tags are properly removed.

Issue/file type override

This commit adds ability to make sure images are indeed images by checking
image type.

issue: Search Reindexing Thread Entries

issue: ISO-8859-8-i Charset Issues

This addresses an issue where `IndexOldStuff()` doesn't reindex everything
it's supposed to. The reindex leaves out all of the Thread Entries with
empty titles or bodies. This is due to the SQL statement that retrieves
thread entries. In the SQL statement, we check if the sum of the Thread
Entry Title length and the Thread Entry Body length is greater than 0. If so
we reindex the entry, otherwise we exclude it. The problem is both
```LENGTH(A1.`title`)``` and ```LENGTH(A1.`body`)``` can return `NULL` and
you cannot add `NULL` (a string) to an integer. This updates the SQL to add
`IFNULL()` statements around the possible `NULL` values so that if `NULL` we
typecast to integer of 0 which can be added to integers successfully.

This addresses an issue where emails with `ISO-8859-8-i` character-sets
appear as "(empty)" in the system. This is due to `ISO-8859-8-i` not being a
valid character-set for `iconv()`. When you pass `ISO-8859-8-i` to `iconv()`
you will receive an error similar to `iconv(): Wrong charset, conversion
from 'ISO-8859-8-i' to 'UTF-8//IGNORE' is not allowed`. I don’t know why
it's not a valid character-set for `iconv()` but the trailing `-i` is used
to say "keep the text in logical order instead of visual order". Logical
order just means to keep the text in true right-to-left format instead of
transcoding the characters to left-to-right format.

This adds a new case to the `Charset::normalize()` switch statement to match
against `ISO-XXXX-X-i`. If a character set matches the criteria we will
remove the trailing `-i` and set the charset to `ISO-XXXX-X`. This charset
format is valid in `iconv()` which will return the correctly formatted email
instead of "(empty)".

issue: Account Registration Throws Errors

issue: Retained Deleted ListItem Errors

Remove file type overwrite previously used to force downloads. This
addresses potential XSS where an attacker could pass "image" resulting in
the file being displayed in line.

This addresses issue 4898 where a User that clicks the ticket link in an
email alert to view the ticket, in that ticket view clicks the link to
register for an account, fills out the registration form, and clicks Create
will throw a an "Unable to register account. See messages below." error.
When the Users get this error there are no messages below so they can't see
anything to fix which prevents them from creating an account. This is due to
the email field being disabled which means the value is not sent in POST so
the system thinks the User sent no email address which throws a hidden
"Email field required." error. We disabled the email field to prevent an
attacker from accessing the user’s guest login and registering the user with
a different email (possibly his own). This sets a POST value called 'email'
to the client's email so that the registration process acknowledges and
validates the email allowing registration to continue.

This addresses an issue where New Tickets will fail for Users with a deleted
ListItem retained in their Contact Information form. This is due to the
system deleting the `list_id` for the ListItem so when we run
`getFilterData()` for the User we can't find the list which causes a fatal
error later down the line. This adds an OR statement to the
`SelectionField::getFilterData()` method to skip said ListItems if no
`list_id` is present.

cli: Package Better Wording

FAQ Issues

cli: Package No File Permissions

oops: .eml/.msg Missing Not Operator

Lint Fixes

This updates the variable name that determines if the current PHP version is
5.6+ from `$php56` to `$php56plus`. This will help other understand better
what the variable is/does.

This addresses a typo where we are missing a not operator in class
MailFetcher when checking for no `$body` in the fetched attachments. This
adds the not operator so that the `if()` statement is properly executed and
we correctly set a fake body when there is none.

This addresses an issue where the `package` cli module is leaving out the
permissions on files. This causes the final ZIP archive to contain files
without permissions meaning the files are un-usable until you restore
permissions. This can make life difficult on people trying to install
osTicket with minimal knowledge as they wouldn’t know what is wrong.

This is due to the `setExternalAttributesName` method not shifting 16 bits
on the file "mode" which will not translate to binary. The file "mode" is
the inode protection mode for a file returned by the `stat()` method. It is
essentially a decimal representation of a file's permissions. Since "mode"
is in decimal format we need to shift by 16 bits to translate it to binary
so the archiver understands. Once the mode is translated to binary the
permissions are preserved.

This commit gets rid of PHP warnings. Additionally, it updates the lint tests to be more accurate.

This updates jQuery to the latest stable release of v3.4.0.

xss: XSS To LFI Vulnerability

This addresses a vulnerability found by [AkkuS CW](https://pentest.com.tr)
where a simple XSS attempt can lead to an LFI (Local File Inclusion) attack.
The issue stems from the system returning the unformatted file contents in
an error message when uploading a CSV to the User Importer. This formats the
contents before uploading so that if the contents are returned in an error
message they will not be executed by the browser which therefore prevents
XSS attempts and the possibility of an LFI attack. This also formats all the
user-created data sent to ImportError to prevent the same issue.

issue: .eml/.msg Attachments

This addresses an issue where `.eml` and `.msg` files on incoming mails are
being dropped. This is due the the mail fetcher that tries to process
`.eml`/`.msg` files and adds them as thread entries rather than adding them
as attachments. This adds a new section that utilizes a new method to fetch
the body of `.eml`/`.msg` files, fetches the subjects of the `.eml`/`.msg`
files as the attachment names, and creates attachments. This preserves the
`.eml` and `.msg` files and adds them to the pertinent thread entries as
attachments.

Update README.md

issue: sendAccessLink On NULL

issue: iFrame Single Quotes

It's all about the single quotes baby! Apparently I can't read; the single
quotes are only meant for word options such as `'self'` and `'none'`. When
adding single quotes to the `<host-source>` options it takes them
literally…too literally. For example, if your options are `'localhost:80
localhost:8080 localhost:8000'` then `'localhost:80` and `localhost:8000'`
will be seen as "invalid" due to the single quotes. This removes the single
quotes from every line that sets the CSP so all options are valid. This also
adds single quotes around the `self` option so it stays valid as well.

This commit fixes several issues with how we manage FAQs and related objects.

1. When trying to add a Help Topic to an FAQ, we should add the record to the faq_topic table after saving the faq so that we can accurately retrieve the faq_id

2. When deleting a Help Topic, we need to make sure we're using the topic->delete function rather than deleting based on a QuerySet so that the related FAQ Topics will also be deleted.

3. When deleting a FAQ Category, we need to ensure that we delete all related FAQs and FAQ Topics. To do this, we should use the delete function from the FAQ class first to delete all related FAQs and FAQ Topics and then we should use the Category delete function to delete the remaining Category (remove faqs->expunge from the category->delete function since it we now pass through faq->delete as well)

This addresses an issue where entering a collaborator's email to send ticket
email access link throws a fatal error. This is due to the method that
checks for tickets with the User's email equal to the email provided. This
only checks for User's emails not Collaborator emails. This adds a check for
Collaborator emails as well so this will not crash out.

issue: iFrame On Install