Update README.md

issue: ACL Move To Inc Files

issue: sendAccessLink On NULL v1.11

Conflicts:
	include/client/header.inc.php

feature: ACL (Access Control List)

This moves ACL enforcement from the header files to the `client.inc.php` &
`staff.inc.php` files so that AJAX/PJAX may bypass ACL.

This adds a new feature called ACL that offers the ability to control what
IP addresses are allowed to access the system. This adds a new textfield to
the System Settings to add a comma separated list of IPs. This also adds a
dropdown labeled "Apply To:" that gives you the option to choose which
panel(s) the ACL will apply to. Lastly, this adds a validator for a simple
comma-separated list of IP addresses. (eg. `192.168.1.1, 192.168.2.2,
192.168.3.3`)

If the requester's IP is not in the ACL the system will show an "Access
Denied" page. If the requester's IP is in the ACL they will be able to
access the system as usual. If the ACL field is set to Disabled, anyone will
be able to access the system.

This adds an initial failsafe where if the Admin's current IP address is not
in the ACL upon saving the system will refuse to save the setting to prevent
the Admin from being locked out. This also adds another failsafe where if
there is an "Apply To:" option set but there are no IPs provided the system
will return an error letting the Admin know they have to insert an IP
address to continue.

issue: sendAccessLink On NULL

issue: iFrame Single Quotes

issue: Choice Validation Accept Punctuation

This addresses issue mentioned in 4071 where the choice field validation is
not accepting punctuations. This updates the regex to accept anything the
user inputs. This introduces another issue that if the choice contains `:`
in the value then it will truncate everything after. This is due to the
explode method that explodes on any `:` character. This updates the explode
method to return only 2 values which only explodes on one `:` character
which returns the full value.

It's all about the single quotes baby! Apparently I can't read; the single
quotes are only meant for word options such as `'self'` and `'none'`. When
adding single quotes to the `<host-source>` options it takes them
literally…too literally. For example, if your options are `'localhost:80
localhost:8080 localhost:8000'` then `'localhost:80` and `localhost:8000'`
will be seen as "invalid" due to the single quotes. This removes the single
quotes from every line that sets the CSP so all options are valid. This also
adds single quotes around the `self` option so it stays valid as well.

This addresses an issue in v1.11 where sending an Access Link via email to a
Collaborator fails with fatal error. This is due to the type of User class
that is sent to the `Mailer::send()` function. The ClientSession User class
is not appropriate for this method, rather, TicketOwner or Collaborator User
classes are appropriate. This adds a function called `getSessionUser()` to
the ClientSession class so we can retrieve the TicketOwner/Collaborator User
class from the session.

issue: Organization Ticket Export No Filename

This addresses an issue where entering a collaborator's email to send ticket
email access link throws a fatal error. This is due to the method that
checks for tickets with the User's email equal to the email provided. This
only checks for User's emails not Collaborator emails. This adds a check for
Collaborator emails as well so this will not crash out.

MPDF Issues

1. Task Exports: This commit fixes the contructor for printing Tasks using MPDF

2. PDF Formatting: This commit fixes an issue where the header of each thread entry did not stretch across the page correctly. This was an unintentional side effect of trying to fix the way HTML tables printed in PDFs.

3. FAQ PDFs: This commit passes the correct values to mPDFWithLocalImages when printing FAQs

This addresses an issue where clicking Export on an Organization's Tickets
will export a file with the filename of 'csv' and no extension. This is due
to the variables we are passing to the `saveTickets` function. We are
missing a variable called '$fields' that contains a list of fields.

issue: iFrame On Install

Issue: Ticket Export Headers

This commit fixes an issue where custom export headings were being set to numeric values rather than field labels.

For exports that are already saved, we can get the heading directly using getHeading. To get the heading for fields that are not already saved as exports, we can use getExportableFields, which will return path => heading.

Issue: Choosing Fields to Export

This addresses the "Call to getAllowIframes() on NULL" error on installation
pages. This is due to 4781 that introduced the concept of allowing multiple
iFrames, where we are not checking for `$cfg` before calling the method.
This adds a check for `$cfg` so the errors do not occur.

oops: Thread Variable Fatal Error

oops: Emojis Strip Korean

This addresses an issue where Korean text is stripped from the body. This is
due to the strip_emoticons function, as Korean text is in the same unicode
range as some of the emojis.

This addresses an issue introduced with 4737 where using `%{ticket.thread}`
causes a fatal error. This is because `ObjectThread->asVar()` returns an
object which cannot be converted to a string. This adds a `__tostring()`
function to class ThreadEntries so it can be converted to a string properly.

iframe: Allow Multiple iFrame Domains

This commit fixes an issue where only the saved export fields would export, whether you checked more fields to export or unchecked some of the saved fields.

For any fields not saved that need to be exported, we need to find their label and then put it in the fields array. For any saved export fields that are unchecked, we need to compare what was checked vs what is saved and then unset the fields that were unchecked.

issue: Maxfilesize Comma Crash