If something fishy, like an Array is received into the password reset system
or any part of the Staff management system, it should be rejected.

References:
http://osticket.com/forum/discussion/76003/sql-attack

Process inline attachments in thread entry and support inline images in
piped emails

Support inline images across the system, with draft support

Migrate to a single attachment table
    That way we don't need a new table for everything we need to attach an
    inline image to (like a signature, for instance)

Add richtext support for internal notes

Implement images on site pages

* Image paste in Redactor
* Make non-local images optional
* Placeholder for non-local images
* Fix local image download hover
* Don't re-attach inline images

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

Also include
  * username validation -- no spaces or weird chars
  * no longer base64 encoded sha1-hex hash for CSRF token
  * refresh login page every two hours to keep session active

Fixes #588

Uses a seven step procedure:
  1. (user) Fails to login twice or more
  2. Clicks the 'Forgot my password' link on the login form
  3. Submits the username or email address and triggers a password-reset
     email
  4. Clicks the link in the email and is directed back to the reset page
  5. Enters the username or email again and is logged in
  6. Password change is forced, but current password is not required
  7. Password is updated, user can continue the session without
     authenticating again

Previously, username and password were required. With this patch, the
email address can be used to authenticate the user with the password

Spelling, grammar and readability in upgrader documents
  - Tweaked spelling, grammar and wording to make the text of the upgrader
    pages more readable.
Fixed spelling regression
  - Higly —> Highly
Spelling and readability fixes for /include/class.* files
  - Fixed some spelling mistakes
A couple more spelling/readability fixes.
  - More fixes

1) Ability to limit who can post a reply
2) Expanded staff's stats view.

Example use case %staff.name  %team.name ... etc.

* Auto rehash MD5 based passwords

- Move access to it's own table.
- Refactor what department membership means in relation to group access

Add ticket class  (just incase the parent doesn't have it included)- required to fetch staff's ticket stats.

Remove LEFT JOIN to time zone table in order to support upgrading from 1.6* to 1.7 + Fix bug on getDepts

Allow staff members the ability to select a default paper size which will be
used in printing tickets via PDF. In the future, this may be overridden per
ticket by a dialog box at print time.

And correct several undefined function errors from several source files. So
while function names in PHP are considered case-insensitive, it still makes
sense to use consistent camel casing for both defining and calling methods.
The lint test searches the code base for method calls, and then searches the
code base again looking for a function definition matching the name of the
function invoked. It's not failsafe, because it doesn't detect the class
from which the method should belong, so it's likely to have false negatives.
Furthermore, it won't work well for PHP 5 where several classes are built
into PHP (and aren't searchable in the osTicket code base).

Remove the include/staff/api.inc.php as it no longer appears to be used (and
contains references to undefined methods).