Web browsers don't appreciate a cookie domain without any dots. This patch
detects the originally-requested domain for the request. If the domain does
not contain dots (such as 'localhost' or the name of a local server on your
network defined in your hosts file), no cookie domain is sent.

The greatest symptom of this issue what the illustrious 'Invalid CSRF token'
seen repeatedly on the scp login page. The reason is that the browser was
rejecting the cookie from the server.

Fixes #677, #672, #653

Fixup for the message-id tracking feature

Reviewed-By: Peter Rotich <peter@osticket.com>

Define ROOT_PATH in chrooted environments too

Reviewed-By: Peter Rotich <peter@osticket.com>

Previously, filenames saved in the database had the spaces changed for
underbars; however, other characters (such as commas and non-ascii
characters) presented issues with user agents downloading the attachments.

This patch handles the filename encoding for two special cases -- internet
explorer and safari, and provides the semi-standard RFC5987 method of
encoding the filename for the remaining browsers.

Attachments are no longer forced to be downloaded. It is up to the browser
to decide if the attachment should be shown in the browser or downloaded.

This patch also fixes a slight bug in the caching mechanism for downloads
concerning the last-modified time. The date sent to the browser was not
properly converted to GMT time, although the server claimed that it was.

Include setup/tips.html in download package

Reviewed-By: Peter Rotich <peter@osticket.com>

Handle attachment filenames better

Reviewed-By: Peter Rotich <peter@osticket.com>

Historically, ROOT_PATH and ROOT_DIR contained the same value; however,
ROOT_PATH now points to the URL path where osTicket is installed, whereas
ROOT_DIR points to the file system location where osTicket is installed.

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

Some security inspection appliances and load balancers don't appreciate
something in the HTTP headers that is not a valid HTTP header. Furthermore,
the browser needs the Content-Type header to identify that the image is not
the PHP default of text/html

Previously, filenames saved in the database had the spaces changed for
underbars; however, other characters (such as commas and non-ascii
characters) presented issues with user agents downloading the attachments.

This patch handles the filename encoding for two special cases -- internet
explorer and safari, and provides the semi-standard RFC5987 method of
encoding the filename for the remaining browsers.

Attachments are no longer forced to be downloaded. It is up to the browser
to decide if the attachment should be shown in the browser or downloaded.

This patch also fixes a slight bug in the caching mechanism for downloads
concerning the last-modified time. The date sent to the browser was not
properly converted to GMT time, although the server claimed that it was.

Make phone ext optional for XML API

Reviewed-By: Peter Rotich <peter@osticket.com>

Use the correct Content-Type header for CAPTCHA

Reviewed-By: Peter Rotich <peter@osticket.com>

ROOT_DIR should be used to identify filesystem paths

Reviewed-By: Peter Rotich <peter@osticket.com>

Don't send emails for non-existent table

Reviewed-By: Peter Rotich <peter@osticket.com>

Some security inspection appliances and load balancers don't appreciate
something in the HTTP headers that is not a valid HTTP header. Furthermore,
the browser needs the Content-Type header to identify that the image is not
the PHP default of text/html

Historically, ROOT_PATH and ROOT_DIR contained the same value; however,
ROOT_PATH now points to the URL path where osTicket is installed, whereas
ROOT_DIR points to the file system location where osTicket is installed.

When an admin logs in to upgrade to 1.7.1 and further from a version
pervious to 1.7.1, the system will attempt to clear password reset tokens
from the config table, which hasn't been upgraded yet to the namespaced
version from 1.7.1

The mainly comes in when a MIME header which might contain a list of email
addresses (like Reply-To) is to be parsed, but is empty. The Mail_RFC822
class would return an empty mailbox @ localhost (where 'localhost' is the
default default_domain for mail address list parsing).

Remove requirement of external-ticket-id in subject line

Reviewed-With: Peter Rotich <peter@osticket.com>

This patch affords an administrator the ability to remove the
[#%{ticket.number}] from the email template subject line for the new ticket
autoresponse and the new message autoresponse. Previously, the ticket number
with a prefixed hash in brackets was used to identify which ticket thread an
email was in reference to.

With this patch, the email message-id (which was already kept on file) is
sent in the MIME "References" header. When a user responds to and
autoresponse email, the "References" will include this message-id in the
return email. The ticket thread is then matched up with the email based on
the message-id rather than the subject line.

Ticket numbers are still supported in the subject line, in the event that
non-compliant email clients do not properly include the References header.

Files _MUST_ be readable by Apache or IIS in order for the attachment
migration to complete and properly keep all attachments between osTicket 1.6
and 1.7

With ./, if called from knowledge base, it searches incorrectly offline.php in that folder.