This addresses issue 4073 where Disabling the 'Excessive failed login
attempts' option in the Ticket Alert settings will still send the Admin
Excessive failed login alerts. This is due to the method that checks if
the setting is Enabled returns `0` or `1` not `TRUE` or `FALSE`. So this
updates the section of code to return `FALSE` for `0` and `TRUE` for `1`
so that it properly disables/enables the alerts.

cron: Delete Expired Sessions

oops: Fix Task Print

tasks: Fix Task Updated Time

oops: User Phone Search

CVE-2017-14396

xss: Cached forms data

Encode html entities of cached form data

Format the advanced search title so that it will not allow javascript

Fix crash editing thread entry with inline image

This commit addresses an SQL injection vulnerability in ORM lookup
function.

* ORM implementation failed to properly quote fields, used in SQL
statements, that might originate from unsanitized user input.

* AttachmentFile lookup allowed for key based SQL injection by blindly
delegating non-string lookup to ORM.

This addresses an issue where updating a Task does not change the
`updated` column in the database. This adds a line to change the `update`
column when updating a Task.

This addresses issue 3782 where clicking Print on a Task gives you a blank
popup that hangs. This is because the Print button was being treated as a
Task action when it is actually not one. This adds a ternary operator to
give the proper Task Actions the `task-action` class and gives the Print
button no class.

This addresses issue 3815 where searching by User's phone number doesn't
work in v1.10. This adds phone number search capabilities for the User
Directory and User Search popup in v1.10.

This addresses an issue where expired sessions would not be removed from
the database. This caused the session table to fill up and create
unnecessary issues. This adds a cleanup method to remove all expired
sessions from the database.

forms: Proper Field Deletion

Orphaned Tasks on Dept. Deletion

i18n: Fix getPrimaryLanguage() on non-object

Chunk long text body

Add TimezoneField

This addresses issue where upon deletion of a form field and all its
entry values, the field record wouldn't be deleted from the `form_field`
table. This links another issue where you can't delete a list if its
been a field before. This is due to the list delete() function that
checks for list field records in the `form_field` table.

This is necessary to force a particular timezone on a DateTimeField entry.
If timezone is not set then user's timezone is assumed.

Address edge cases where timezone mixups happens on DateTimeField

Allow datetime field to be timezone agnostic (not timezone aware) to display
the timezone used to set the field. The timezone of the last user or agent
that edited the field is used.

This fixes an InconsistentModelException error when editing thread
entries with inline images. The fix assumes that inline images are
re-attached when a new ThreadEntry is created and the body is copied
from the previous entry. Only the non-inline attachments need to be
moved in the update query.

This addresses issues #1964 & #3668 where $cfg might be null and cause a
non-object error. Check if $cfg is set, if not return the default
en_US language.

Update README.md

Syntax Errors Hotfix

Fixes syntax error introduced with commit 71a6b2a0 & 6e0ddf2e

minor change fix the translation page url

Typo error missing a parenteses

Changes 'Permisions' to the correct spelling 'Permissions'.

i18n v1.10 translation issues

Fixes issue #3620. is_numeric changed in 7.0.0 causing causing the contact form and sometimes login to break. is_string works on any version. The upstream Spyc now uses regex to verify instead of is_numeric, in a way similar to this commit. Waiting on upstream to merge other customizations we've made.

Thanks @rayfoss