On some setups, IE v10 on Windows 7 at least, text added to the Redactor
editor after an image is inserted (via the image popup dialog for instance),
will not be retrieved via the ::get() method and so will not be submitted
with the form submit button.

This patch introduces a workaround by manually calling ::sync() for the
Redactor when the submit button is pressed — just before the form is
submitted.

Turns out the canned response selections for the original message and the
last message were swapped.

Another area was also outputting the unsanitized value.

Fix applied to where the value is directly output to browser instead of where fetched in case special chars are allowed in `code_name`, which may break logic prior to output.

Add other locations as well a failsafe for the htmlentities() call

Previously, osTicket introduced the ability to cascade defaults for the
department and priority to the email mail boxes. However, the validation
checks and display fall-backs were never added.

Names parsed from incoming emails are stored in the database as is. This
pull request addresses potential XSS vulnerability due to improper display
of unsanitized names. Going forward names will be scrubbed on create.

Starting with osTicket 1.8.1, users must receive an email and follow a link
in the email to get access to the ticket. With this new option, the email
verification step can be avoided in osTicket 1.9, because access is now only
granted to exactly one ticket.

Previously, they were displayed in seemingly random order, did not honor
proper nesting, or declared sort order.

In both the client and staff interfaces, where the URL and request
parameters were echo'd back without any escaping

In both the client and staff interfaces, where the URL and request
parameters were echo'd back without any escaping

Add original and last message quotes to canned responses

As previously implemented, only "Department and group members" could be set

Otherwise, no column will be added to the %ticket__cdata table and the
ticket queue pages will be crashed (empty).

Use the topic associated with the email if any, and the topic defined as the
system default as the last resort. In either case, the form associated with
the help topic will be added to the ticket, but no data will be put into the
form fields.

The default mode going forward will be to insert when Rich Text support is
enabled and append otherwise. To clear the draft the user can simply click
reset or delete draft icon on the bar.

Enable delete draft option on reply & internal note boxes for consistency.

The user preview tool tip and edit dialog use the same user template.
Editing on preview mode resulted in partially hidden edit form. This fix
adds ability to popup a dialog modal on edit while on preview mode.

On the user profile page, the link to view the organization now triggers a
popup dialog which allows for changing and editing the organization directly
from the user profile page. An additional [Manage] button is added to the
dialog to allow redirect access to the organization page.