When scanning the file_chunk table for orphaned file chunks that can be
deleted, apparently, MySQL will read (at least part of) the blob data from
the disk. For databases with lots of large attachments, this can take
considerable time. Considering that it is triggered from the autocron and
will run everytime the cron is run, the database will spend considerable
time scanning for rows to be cleaned.

This patch changes the orphan cleanup into two phases. The first will search
just for the pk's of file chunks to be deleted. If any are found, then the
chunks are deleted by the file_id and chunk_id, which is the primary key of
the table.

The SELECT query seems to run at least 20 times faster than the delete
statement, and DELETEing against the primary key of the blob table should
be the fastest possible operation. Somehow, both queries required a full
table scan; however, because the SELECT statement is explictly only
interested in two fields, it is more clear to the query optimizer that the
blob data should not be scanned.

References:
http://stackoverflow.com/q/9511476

Fix email address comparison issue

Reviewed-By: Peter Rotich <peter@osticket.com>

When comparing the From address of incoming email. If the ticket owner sent
an email back into the system and the email address did not match exactly,
case-wise, the email would not be considered from the ticket owner.

Fix bug detecting emails from system email addresses

Reviewed-With: Peter Rotich <peter@osticket.com>

Show correct description for template edits

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix ROOT_PATH detection on Windows

Reviewed-By: Peter Rotich <peter@osticket.com>

Avoid double-encoding thread titles

Reviewed-By: Peter Rotich <peter@osticket.com>

Fixes cookie domain specification

Reviewed-By: Peter Rotich <peter@osticket.com>

Also converts ROOT_DIR detection to always use forward slashes. And it fixes
the removal of the leading double-backslash on Windows UNC names (fixes #649)

This is safe now, because the title is appropriately encoded in
class.thread.php/ThreadEntry::create()

Fixes #567, #718

if the domain given in HTTP_HOST variable happens to have a port
specification. Technically, the port specification should not be included in
the domain spec given in the cookie.

(And for the record, that makes no sense to me, seeing as a cookie would
otherwise be valid for all servers on any ports at a particular domain).

The previous implementation did not work correctly for symlinked folders.
The new approach uses debug_backtrace() and ROOT_DIR to determine the
difference between ROOT_DIR and the osTicket installation path.

This thing is like a turd that won't flush

Forbid message loops for alert messages

Reviewed-By: Peter Rotich <peter@osticket.com>

Turn off display_errors for releases

Reviewed-By: Peter Rotich <peter@osticket.com>

Add random string generator to Crypto

Reviewed-By: Jared Hancock <jared@osticket.com>

and restarts PHP SESSION

Remove "Howdy" as the salutation - no sense of humor in this world!

Reviewed-By: Jared Hancock <jared@osticket.com>

Feature/root path revisited -- hopefully this issue will die here

Reviewed-By: Jared Hancock <jared@osticket.com>

Also, allow for the administrator to manually define the ROOT_PATH in the
config file (the very last mile).

If an alert message manages to loop back into the ticketing system, refuse
posting to the ticket thread. Technically, the message should be marked as
an auto-response message; however, auto-response messages should usually be
allowed to be appended to the ticket thread.

This patch will check if the From email header cites an email address that
is a system email address (visible in the Emails section of the Admin
Panel). If it is, the email is completely ignored.

Conflicts:
	include/class.misc.php

Fix cookie domain for localhost

Reviewed-By: Peter Rotich <peter@osticket.com>

Fetch attachments in mail fetch
Reviewed-By: Peter Rotich <peter@osticket.com>

Provide a fallback ROOT_PATH

Reviewed-By: Peter Rotich <peter@osticket.com>

Web browsers don't appreciate a cookie domain without any dots. This patch
detects the originally-requested domain for the request. If the domain does
not contain dots (such as 'localhost' or the name of a local server on your
network defined in your hosts file), no cookie domain is sent.

The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
seen repeatedly on the scp login page. The reason is that the browser was
rejecting the cookie from the server.

Fixes #677, #672, #653

This code was lost when the message-id tracking feature was implemented

Web browsers don't appreciate a cookie domain without any dots. This patch
detects the originally-requested domain for the request. If the domain does
not contain dots (such as 'localhost' or the name of a local server on your
network defined in your hosts file), no cookie domain is sent.

The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
seen repeatedly on the scp login page. The reason is that the browser was
rejecting the cookie from the server.

Fixes #677, #672, #653

If unable to detect the root path, provide a fallback ROOT_PATH setting to
'./'. This is likely to happen if run from the commandline (like for crons)
or if DOCUMENT_ROOT and the folder of main.inc.php seem to have nothing in
common

Fixes #704