This addresses an issue where Outlook adds weird (and seemingly random)
_MailEndCompose tags to the email body which turns unwanted content into
links. This adds the _MailEndCompose tag to Format::sanitize() so it
will be removed from the email body.

This addresses an issue where some Vimeo videos are not being sent in
Agent’s responses. This adds `player.vimeo` to the sanitize method’s
iframe section so that the iframe tag is not stripped.

Address edge cases where timezone mixups happens on DateTimeField

Allow datetime field to be timezone agnostic (not timezone aware) to display
the timezone used to set the field. The timezone of the last user or agent
that edited the field is used.

thanks @robintoy, @talilon

This patch removes any contents of an html element when scrubbing html
markup. Some markup includes complex namespaces and other information which
does not concern the html processing of osTicket. It also messes up the
htmLawed processing of the htmLawed.

Maybe fixes #2465
Maybe fixes #2272

Encoded entities can be used to bypass safety checks
Don't remove iframe when using xml_dom to balance tags

Encoded entities can be used to bypass safety checks
Don't remove iframe when using xml_dom to balance tags

And two flags, one which signals that stored HTML is correctly balanced and
does not need to be balanced when rendered in the ticket view. The second is
used to signal messages received from collaborators.

Additionally, this patch fixes showing external inline images (via the [Show
Images] button) when clicked.

Reset permissions and change primary department and role

getVar() is now called first, then object properties and array properties
are considered, and then getTag() is considered if none of the other options
work. This allows for more predictable results using the variable
replacement system, and allows ::getVar() to override every other means to
use variables in email templates.

* Fix warning for negative unix timestamps in Misc::db2gmtime
* Fix crash because of parser context passed to getXxx functions
* Fix inability to update email address

This fixes an issue where text scrubbed with the new balancing system would
receive a leading ' <div>' if the text started with a leading whitespace.

9ae01bf2 turned off HTML balancing, however,
quoted response removal will create unbalanced HTML. That HTML will be
stored unbalanced and will require extra processing when displayed on the
ticket thread.

This patch adds balancing support using libxml if enabled, which will
balance HTML without corrupting the HTML like htmLawed will with balancing
enabled.

* Log events for AJAX collaborator list edits
* Avoid extra selects for inline image handling
* Avoid using htmLawed to add target="_blank" and class="no-pjax" to links
  in the ticket thread
* Cache instances of IntlDateFormatter; seems expensive to set up
* Cache filetypes Yaml in APC if available
* Cache I18n::getDefaltLanguage() in the request
* Avoid extraneous usage of Model::_inspect and Model::$meta
* Add aggregated query support to the ORM
* Lazily compile SQL query for InstrumentedLists
* Apply `select_related` setting when setting up InstrumentedList instances
* Slight optimization in SqlCompiler::getField
* Avoid double compiling Sql annotations in the ORDER BY clause
* Cache Thread::getEntries
* Break out event types for ThreadEvent for more legible code
* Eliminate one query from Ticket::loadDynamicData
* Fix ticket number bolding if already answered
* Use dependent subqueries for ticket statistics in the queue page, which is
  significantly faster for large data sets (like hundreds of attachments or
  thread entries)
* Fixup sidebar layout on client knowledge base pages

(Most notably is the mail from Outlook, which embeds block elements inside
of <font> elements.)

Several mail clients do not return the Message-ID header in a In-Reply-To or
References header as they should. The assumption by such mail clients is
that the email be threaded based on the Subject header. However, osTicket
does not require the ticket number to be placed in the Subject header and so
has trouble threading email from such systems. osTicket embeds a copy of the
Message-ID header (or compatible version) in the body of the message in
hopes part of the message will be returned.

Many mail clients (such as osTicket) strip and clean the HTML when
processing HTML email. Previously, the message-id token was embedded in a
@data-mid attribute, which was likely stripped before the HTML email would
be returned back to osTicket.

This patch suggests that the token be placed in a @class attribute, which
has a much better chance of returning to osTicket.

Copy+Pasting images from a ticket thread or from a FAQ article to the HTML
editor and submitting will result in the URL *not* being properly rewritten
for storage in the database. When images are uploaded, a relative URL is
returned from the server and embedded in the HTML editor. However, when
images from the system are copy and pasted into the editor, an absolute URL
with the http:// scheme is included. This URL was not properly handled by
the URL rewriter in Format::localizeInlineImages().

This patch addresses the issue by properly handling both relative URLs from
image uploads and absolute URLs from copy and pasting.

This patch converts the central file and threading classes over to use the
ORM.

This pull request adds a cleanup util for bogus and invalid charsets, mostly
added by a nameless company out of Redmond, WA.

This script adds a single download script, 'file.php', which provides access
to files of all types to all users. It uses a HMAC signature system with an
expires time, which allows signed URLs to be sent to external users.

This also fixes an issue with the Http::cacheable() method, where the
last-modified and Etag headers were not properly compared, which resulted in
permanent cache misses by the client.

Use http::build_query instead of inline urlencode

Stop trampolining links via l.php. It was necessary before in order to avoid
the potential of leaking ticket number & email. The authentication mechanism
in place now redirects on successful login.