Hi guys,

here is a catch from the forum: http://osticket.com/forum/discussion/78661/invalid-sla-link-on-popup-help-tips

Since scp/ seems automatically added before slas.php just changed
scp/slas.php to slas.php

Quickly tested it and link works correctly after that little change.

oops: Fix incorrectly placed header line

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix XSS Vulnerability In "tpl.inc.php"

Reviewed-By: Peter Rotich <peter@osticket.com>

oops: Allow filter to set help topic

Reviewed-By: Peter Rotich <peter@osticket.com>

Handle Macintosh style line endings for CSV import

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix applied to where the value is directly output to browser instead of where fetched in case special chars are allowed in `code_name`, which may break logic prior to output.

redactor: No more link shortening

Reviewed-By: Peter Rotich <peter@osticket.com>

Also add a drop-down list of common links include ticket links and login
pages for both agents and end users.

Fix potential XSS vulnerability on user's name

Reviewed-By: Peter Rotich <peter@osticket.com>

Add other locations as well a failsafe for the htmlentities() call

Fix spelling error in Markdown document

Reviewed-By: Peter Rotich <peter@osticket.com>

Update class.ticket.php

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix typo in suggested permissions for config file

Reviewed-By: Peter Rotich <peter@osticket.com>

email: No bounces for system alerts

Reviewed-By: Peter Rotich <peter@osticket.com>

lists: Don't crash rendering a selection

Reviewed-By: Peter Rotich <peter@osticket.com>

email: Setting default for priority and department

Reviewed-By: Peter Rotich <peter@osticket.com>

forms: Preserve data for help topic fields

Reviewed-By: Peter Rotich <peter@osticket.com>

Properly tag source and topic for emails

Reviewed-By: Peter Rotich <peter@osticket.com>

session: Override PHP default for session lifetime

Reviewed-By: Peter Rotich <peter@osticket.com>

Previously, the characters would be removed and the data would be considered
empty which would bypass validation and clear the phone number on save
rather than triggering a validation error.

Fix potential XSS vulnerability on user's name

Reviewed-By: Jared Hancock <jared@osticket.com>

Send an empty return-path envelope when sending out system alerts. If they
should happen to bounce for any reason, they should not return to the system
and create tickets.

Previously, osTicket introduced the ability to cascade defaults for the
department and priority to the email mail boxes. However, the validation
checks and display fall-backs were never added.

This patch fixes an issue where a fatal error would be triggered if the
current value of a selection field on a custom form was a custom list item
that has since been deleted.

The PHP.ini default is 1440 seconds (24 minutes). This should be configured
to something significantly higher so that the settings in the admin panel
concerning session timeouts are relevant.

Ideally, the settings from the control panel would be used, but currently
there is an inter-dependency between session and config startups.

Names parsed from incoming emails are stored in the database as is. This
pull request addresses potential XSS vulnerability due to improper display
of unsanitized names. Going forward names will be scrubbed on create.