Also add a drop-down list of common links include ticket links and login
pages for both agents and end users.

Add other locations as well a failsafe for the htmlentities() call

Previously, the characters would be removed and the data would be considered
empty which would bypass validation and clear the phone number on save
rather than triggering a validation error.

Send an empty return-path envelope when sending out system alerts. If they
should happen to bounce for any reason, they should not return to the system
and create tickets.

Previously, osTicket introduced the ability to cascade defaults for the
department and priority to the email mail boxes. However, the validation
checks and display fall-backs were never added.

This patch fixes an issue where a fatal error would be triggered if the
current value of a selection field on a custom form was a custom list item
that has since been deleted.

The PHP.ini default is 1440 seconds (24 minutes). This should be configured
to something significantly higher so that the settings in the admin panel
concerning session timeouts are relevant.

Ideally, the settings from the control panel would be used, but currently
there is an inter-dependency between session and config startups.

Names parsed from incoming emails are stored in the database as is. This
pull request addresses potential XSS vulnerability due to improper display
of unsanitized names. Going forward names will be scrubbed on create.

This patch fixes a glitch in the dynamic forms processing system preventing
the validation and capture of data for help topic custom fields. Now the
`$vars` managed inside of `Ticket::create` is connected directly to the
`DynamicFormEntry` created for the data rather than using the magical
connection to `$_POST`.

I think this is a mistake, however not sure.
Tested it my self, works fine.

User::fromVars in class ticket was the root. Eventually, in
DynamicForm::getDynamicFields(), isset($this->id) was used to detect
unsaved, new forms that have not been committed to the database; however,
the isset() method was not implemented for the ORM.

Some versions of PHP (5.3.6 on Windows at least) may corrupt `$ost` if it is
closed off as a global variable.

Fixes #917, #969

Starting with osTicket 1.8.1, users must receive an email and follow a link
in the email to get access to the ticket. With this new option, the email
verification step can be avoided in osTicket 1.9, because access is now only
granted to exactly one ticket.

Several places in the code initialize a list of objects from the database
and only fetch one item. In certain instances (which seem almost like a race
condition), MySQL will feel like there are more records available in the
database and will complain with "Commands out of sync, you can't run the
command now".

This patch addresses the issue by utilizing the ::one() method of the
QuerySet where only one record is expected. The ::one() method is further
designed to fetch all one results (which satisfies the MySQL client library)
and return the first item.

Use the admin-configured time format for formatting the values in the time
dropdown as opposed to always using 24-hour time.

Previously, they were displayed in seemingly random order, did not honor
proper nesting, or declared sort order.

In both the client and staff interfaces, where the URL and request
parameters were echo'd back without any escaping

In both the client and staff interfaces, where the URL and request
parameters were echo'd back without any escaping

Auto assign tickets to organization's account manager only if the flag is set and as
the last resort i.e topic or filters assignment takes precedence.