Departments without email will use the system default email as the default
outgoing email.

The setting is useful in making sure the staff members with access to the
department can get alerts and available as possible assignees.

Accept desired $format as part of class instantiation. System default is
used when none or an invalid format is provided

Add department setting to limit ticket assignment within department to
department members only. This is necessary for departments with strict
policy on who can access tickets.

The setting doesn't limit team assignment or auto-assignment via help topics
and ticket filters.

Previously, there was a bug in the ORM where magic properties would need to
be declared in the model class.

Provide quick prints options that bypasses the print dialog modal

Disable email alert sent to admin when a warning is logged due to ticket
rejection e.g when banned email or max open limit is reached.

Conflicts:
	include/class.orm.php

The ThreadEntryWidget has a potential cross site scripting (XSS)
vulnerability if data was posted directly to the page hosting the widget

Vulnerable URLs:
view.php, open.php, scp/open.php, scp/tickets.php

The content received in the HTTP POST is now correctly escaped when it is
echoed back to the user agent.

The original logic would read the count of attributes in the stream and then
read the first attribute in the constructor of TnefAttributeStreamReader.
Then the iterator interface would call ::rewind() before iterating to the
first item. rewind() set the @pos attribute to zero, which would cause the
attribute count (4-byte int) to be interpreted incorrectly as part of the
first attribute.

The new logic sets the position at 4 after rewind()ing, and does not read
the first attribute twice. It also properly detects the end of the attribute
stream by the number of attributes advertised as the first four bytes of the
stream (read into the @count attribute initially).

On validation errors, `$faq` will be set to something non-null, like
`false`, but will not be an instance of a Faq article.

For PHP installations that have `mbstring.func_overload` enabled (set to a
value including `2`), the `strlen` function will be overloaded to use the
`mb_strlen` equivalent. Problematically, the internal encoding of `UTF-8`
will be applied to all file content, which will count UTF-8 characters
rather than bytes. This will cause the data to be saved correctly; however,
the `size` recorded in the %file table will be recorded incorrectly.

This patch allows the backend to report the size of the contents saved with
the request and provides a failsafe mechanism which will use the mbstring
equivalent if available, and the mbstring version is coded to use the `8bit`
as the encoding which will prevent reading characters.

References:
https://github.com/osTicket/osTicket-1.8/issues/552

Basic search is now limited to ticket number, email address and name.

Users with edit permission should be able to change ticket owner in line.

Clear ticket routing settings on topic, email or filter tables on department
deletion.

For instance, current this style we be converted as
```
<span style="font-family:'courier new';">
```
to
```
<span style="font-family:&quot;">
```

Also discard Microsoft Office specific style attributes such as `mso-list`
and friends

This stems from a confusing similarity between the + operator for arrays
and array_merge() in php. Adding arrays will ignore items in the RHS where
keys are present in the LHS. Therefore, when adding numerically indexed
arrays together, only items on the RHS that have a key higher than the
greatest key on the LHS will be included.

It is perfectectly fine to have an image cited in an HTML body similar to:

<img width=909 height=302 src=cid:image002.jpg@01CF5426.BF5A72A0 alt=image>

Which may or may not have quoted @src attribute, and may very well have an
at sign (@) somewhere in the attribute text. The previous regular expression
would not match such a @src attribute.

It is the defacto standard to reference an inline image in an email by
referencing the Content-ID header of the referenced attachment in the @src
attribute of the image. For instance, `<imc src="cid:image001.png">` where
the `cid:` scheme of the attribute indicates that the referenced image URL
is a separate content of the email. The image attached to the email would
have an accompanying header like: `Content-Id: <image001.png>`. However,
some mail systems, including a certain fax to email service, do not
correctly indicate the location of the image with the content-id URL.
Instead, the referenced image tag would be `<img src="image001.png">`

This patch addresses the issue by searching the message body for all
references to attached content-id's in all @src attributes with or without
the content-id URL scheme indicator. Previously, such images would not be
displayed inline in the ticket thread.

References:
https://tools.ietf.org/html/rfc2392

Previously only admins and department managers could show assigned tickets
on open queue -even- when the feature is disabled globally. This pull
request extends the same previlege to all agents.

Such images are attached to emails by Lotus Notes. Technically, these images
are valid attachments, although historically osTicket would reject them

This is a regression introduced somewhere along the way in the new storage
API system for osTicket.