Conflicts:
	include/class.forms.php

files: Verify files attached to a FileUploadField

Reviewed-By: Peter Rotich <peter@osticket.com>

This fixes a security issue where, by crafting a special POST request to the
client open.php page, an (unauthenticated) user could get a URL link to
access to any attachment already uploaded in the system by guessing or
brute-forcing the file's ID number.

This patch addresses the issue by registering the uploaded file's ID in the
current user's session. When processing the list of file ID's attached to
the FileUploadField, the files must already have been attached to the field
or have been newly attached in the current session.

Fixes #2615

References:
"Security issue - Download attachments submitted by others"
https://github.com/osTicket/osTicket-1.8/issues/2615

search: Try harder to match MySQL full text boolean query

Reviewed-By: Peter Rotich <peter@osticket.com>

orm: Avoid crashing when building a model with select_related

Reviewed-By: Peter Rotich <peter@osticket.com>

As currently written, if a full text query is attempted in BOOLEAN mode and
the query cannot be compiled by MySQL, it causes an OrmException and a
crash. This patch adds a more straight-forward and comprehensive
grammer-based approach to checking for valid boolean syntax.

... and some of the related models are null.

Stabilize v1.10 release

Reviewed-By: Peter Rotich <peter@osticket.com>

Disable sorting on ThreadEntry::email_info__mid lookups for email processing
which results in an on-disk temporary table.

Load and cache all the attachments on a thread prior to rendering the items.
That removes the need to run a query per thread item to check for- and fetch
attachments.

This patch changes the automatic GROUP BY clause for annotations in the ORM
including aggregate queries (like COUNT), by allowing the query to specify
"distinct" fields. If distinct fields are specified, then no other fields
are automatically added to the GROUP BY clause of the compiled query.

This will likely only be supported by MySQL, as other engines and the ANSI
standard require all non-aggregate fields in the SELECT clause to be present
in the GROUP BY clause.

If the configuration for the file backend is set to something invalid, do a
better job of falling back to database-backed attachments.

reduce memory usage when decoding files

Reviewed-By: Peter Rotich <peter@osticket.com>

i18n: Use horizontal, alt tabs for translatable content tabs

Reviewed-By: Peter Rotich <peter@osticket.com>

orgs: Add ticket sharing feature

Reviewed-By: Peter Rotich <peter@osticket.com>

This feature allows (by option) an organization to allow its members to see
tickets from other members. It can be used beside or instead of the
automated collaboration feature. Now, collaborators retain access to tickets
on which they participate; however, sharing can be used to enable access to
other tickets owned by their organization.

Conflicts:
	WHATSNEW.md
	include/class.ticket.php
	include/class.topic.php
	include/staff/faq-view.inc.php
	include/staff/helptopics.inc.php