Fix potential XSS vulnerability on user's name

Reviewed-By: Jared Hancock <jared@osticket.com>

Names parsed from incoming emails are stored in the database as is. This
pull request addresses potential XSS vulnerability due to improper display
of unsanitized names. Going forward names will be scrubbed on create.

i18n: Fix timezone adjustment for time display

Reviewed-By: @keawade
Reviewed-By: @urda

Add recipient variable to canned reply context

Reviewed-By: Jared Hancock <jared@osticket.com>

User::fromVars in class ticket was the root. Eventually, in
DynamicForm::getDynamicFields(), isset($this->id) was used to detect
unsaved, new forms that have not been committed to the database; however,
the isset() method was not implemented for the ORM.

Some versions of PHP (5.3.6 on Windows at least) may corrupt `$ost` if it is
closed off as a global variable.

Fixes #917, #969

Conflicts:
	include/class.dynamic_forms.php

Use Unix style line-endings for Windoze mail()

Reviewed-By: Peter Rotich <peter@osticket.com>

Rewrites Mail_Parse::parsePriority function

Reviewed-By: Peter & Jared 

Add signals to enable mail filtering plugins

Reviewed-By: Peter Rotich <peter@osticket.com>

Canned responses revisited

Reviewed-By: Jared Hancock <jared@osticket.com>

Use list properties in ticket filters

Reviewed-By: Peter Rotich <peter@osticket.com>

Allow direct access to tickets with email and num

Reviewed-By: Peter Rotich <peter@osticket.com>

Starting with osTicket 1.8.1, users must receive an email and follow a link
in the email to get access to the ticket. With this new option, the email
verification step can be avoided in osTicket 1.9, because access is now only
granted to exactly one ticket.

signals: pass variable by reference

Reviewed-By: Peter & Jared

Users can visit more than one ticket via link

Reviewed-By: Peter Rotich <peter@osticket.com>

orm: Fix issues surrounding MySQL commands OoS

Reviewed-By: Peter Rotich <peter@osticket.com>

Several places in the code initialize a list of objects from the database
and only fetch one item. In certain instances (which seem almost like a race
condition), MySQL will feel like there are more records available in the
database and will complain with "Commands out of sync, you can't run the
command now".

This patch addresses the issue by utilizing the ::one() method of the
QuerySet where only one record is expected. The ::one() method is further
designed to fetch all one results (which satisfies the MySQL client library)
and return the first item.

topics: Properly sort help topics on faq manage

Reviewed-By: Peter Rotich <peter@osticket.com>

i18n: Format time drop down via config time format

Peter Rotich <peter@osticket.com>

Fix dialog boxes on backward pjax navigation

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix various XSS vulnerabilities

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix various XSS vulnerabilities

Reviewed-By: Peter Rotich <peter@osticket.com>

Use the admin-configured time format for formatting the values in the time
dropdown as opposed to always using 24-hour time.

Previously, they were displayed in seemingly random order, did not honor
proper nesting, or declared sort order.