This addresses an issue where New Tickets will fail for Users with a deleted
ListItem retained in their Contact Information form. This is due to the
system deleting the `list_id` for the ListItem so when we run
`getFilterData()` for the User we can't find the list which causes a fatal
error later down the line. This adds an OR statement to the
`SelectionField::getFilterData()` method to skip said ListItems if no
`list_id` is present.

This updates the variable name that determines if the current PHP version is
5.6+ from `$php56` to `$php56plus`. This will help other understand better
what the variable is/does.

This addresses a typo where we are missing a not operator in class
MailFetcher when checking for no `$body` in the fetched attachments. This
adds the not operator so that the `if()` statement is properly executed and
we correctly set a fake body when there is none.

This addresses an issue where the `package` cli module is leaving out the
permissions on files. This causes the final ZIP archive to contain files
without permissions meaning the files are un-usable until you restore
permissions. This can make life difficult on people trying to install
osTicket with minimal knowledge as they wouldn’t know what is wrong.

This is due to the `setExternalAttributesName` method not shifting 16 bits
on the file "mode" which will not translate to binary. The file "mode" is
the inode protection mode for a file returned by the `stat()` method. It is
essentially a decimal representation of a file's permissions. Since "mode"
is in decimal format we need to shift by 16 bits to translate it to binary
so the archiver understands. Once the mode is translated to binary the
permissions are preserved.

This commit gets rid of PHP warnings. Additionally, it updates the lint tests to be more accurate.

This updates jQuery to the latest stable release of v3.4.0.

This addresses a vulnerability found by [AkkuS CW](https://pentest.com.tr)
where a simple XSS attempt can lead to an LFI (Local File Inclusion) attack.
The issue stems from the system returning the unformatted file contents in
an error message when uploading a CSV to the User Importer. This formats the
contents before uploading so that if the contents are returned in an error
message they will not be executed by the browser which therefore prevents
XSS attempts and the possibility of an LFI attack. This also formats all the
user-created data sent to ImportError to prevent the same issue.

This addresses an issue where `.eml` and `.msg` files on incoming mails are
being dropped. This is due the the mail fetcher that tries to process
`.eml`/`.msg` files and adds them as thread entries rather than adding them
as attachments. This adds a new section that utilizes a new method to fetch
the body of `.eml`/`.msg` files, fetches the subjects of the `.eml`/`.msg`
files as the attachment names, and creates attachments. This preserves the
`.eml` and `.msg` files and adds them to the pertinent thread entries as
attachments.

It's all about the single quotes baby! Apparently I can't read; the single
quotes are only meant for word options such as `'self'` and `'none'`. When
adding single quotes to the `<host-source>` options it takes them
literally…too literally. For example, if your options are `'localhost:80
localhost:8080 localhost:8000'` then `'localhost:80` and `localhost:8000'`
will be seen as "invalid" due to the single quotes. This removes the single
quotes from every line that sets the CSP so all options are valid. This also
adds single quotes around the `self` option so it stays valid as well.

This commit fixes several issues with how we manage FAQs and related objects.

1. When trying to add a Help Topic to an FAQ, we should add the record to the faq_topic table after saving the faq so that we can accurately retrieve the faq_id

2. When deleting a Help Topic, we need to make sure we're using the topic->delete function rather than deleting based on a QuerySet so that the related FAQ Topics will also be deleted.

3. When deleting a FAQ Category, we need to ensure that we delete all related FAQs and FAQ Topics. To do this, we should use the delete function from the FAQ class first to delete all related FAQs and FAQ Topics and then we should use the Category delete function to delete the remaining Category (remove faqs->expunge from the category->delete function since it we now pass through faq->delete as well)

This addresses an issue where entering a collaborator's email to send ticket
email access link throws a fatal error. This is due to the method that
checks for tickets with the User's email equal to the email provided. This
only checks for User's emails not Collaborator emails. This adds a check for
Collaborator emails as well so this will not crash out.

This addresses an issue where Korean text is stripped from the body. This is
due to the strip_emoticons function, as Korean text is in the same unicode
range as some of the emojis.

This addresses an issue where emoticons/emojis cut off the remainder of the
email when being added to a ticket thread.

This addresses issue 4803 where sorting by Users on Organizations does not
sort properly. It sorts by name instead of the User count. This corrects the
value in the `$sortOptions` array from `users` to `user_count`.

not sending new ticket alert to account manager.

This addresses an issue mentioned in the forum where having more than one
custom field on a ticket shows the same title for all forms on the
client-side ticket view (after creation). This adds an array of the form
names indexed by sort order and displays them in the correct order with the
correct names.

Previously, we added a security header to prevent click-jacking called
"X-Frame-Options". This introduced an issue with people using osTicket in
iFrames on their websites. To mitigate the issue, this updates the security
header to allow the site to be framed from specified domains, if none
provided we default to 'self'. This adds a new field to General System
Settings called "Allow iFrames" where you may enter a comma separated list
of domains that the site can be framed on. This also adds a validator for
the field to validate the domains and ensure they fit the <host-source>
syntax from [Mozilla Developer
Docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors#Sources).

This addresses an issue reported on the Forum where creating a new FAQ and
not filling out required information returns the correct error but returns
the incorrect template (FAQ View Template). This is due to the check for an
FAQ when determining the template to return. This adds a check for the FAQ
ID to determine if it’s an actual FAQ or just a model instance.

This addresses an issue reported on the forum where searching for a keyword
in FAQ search brings back more results than it should. This is due to the
format of the query selecting the results, essentially, the `WHERE NOT`
statement is not properly formatted so the `OR` statements take precedence
over the `WHERE NOT` causing non-public results to be shown to the client.
The `WHERE NOT` statement contains the bit to select from only public faqs
and since the `OR` takes precedence it will return the non-public results
too.

This addresses issue 4756 where the `%{recipient.ticket_link}` variable is
not being replaced when the canned response is loaded in the reply box; all
other link variables work. This is due to the recipient object not being
passed to the variableReplacer which means the ticket_link is not available.
This adds the recipient object to the variableReplacer so the ticket_link
variable is properly replaced like the others on load.

This addresses issue 4716 where updating a Ticket Status throws a fatal
error of "Too few arguments" when using PHP 7.2. This is due to `$errors`
not being passed to the `update()` function causing PHP 7.2 to freak out.
This creates an `$errors` array and passes it to `update()` so PHP 7.2 is
happy and we are all happy. :)

This addresses issue 4738 where the Upgrade and Migration Guide link is
incorrect. This updates the link to the new Documentation site.

This pull request is wayyyy overdue. This updates jQuery and all related
files to the latest jQuery release (3.3.1). This also adds a new script
called jQuery-Migrate that maintains older functions needed for a few things
(eg. `filedrop.field.js`).

This addresses an issue where the Loading overlay on Tasks will not
disappear after the request was submitted. This adds two lines to first hide
the "Loading" modal and then toggle the overlay.

This commit addresses issues we had with viewing Task(s) within a Ticket:

1. When viewing the table of all Tasks on a Ticket, the Options dropdown should only allow the Agent to Reopen or Close the Tasks based on the status of the Tasks.
Ex: If there is only 1 Open Task, you should only see the 'Close' Option
    If there are 2 Closed Tasks, you should only see the 'Reopen' Option
    If there are multiple Tasks in which some are Open and some are Closed, you should see both the 'Reopen' and 'Close' options

2. When viewing an individual Task within a Ticket, the status options were the opposite of what they should have been. Now, if the Task is Open, the Agent will see the option to 'Close' the Task. If the Task is Closded, the Agent will see the option to 'Reopen' the Task.

This addresses an issue where exporting statistics via the dashboard within
a certain timeframe (eg. 07/01/2018 -> One Quarter) will always export the
statistics from the selected date up to today. This is due to the Period
option always being set to "Up to today" when the Export button is clicked
which in return exports the stats from the selected start date to today.
This adds JS to set the period the Agent selects so the Export will return
the stats from the selected date to the selected period.

This addresses an issue where Users updating their profile will throw an SQL
error in the system logs. This is due to a line of code trying to set a
value for the `dst` column which no longer exists as of `1.10.0`.

This addresses an issue introduced with 4426 that references an undefined
class.

This improves accessibility by adding screen readable labels to ticket
actions that don’t already have them.

This addresses issue 4470 where Users creating tickets via Client Portal and
failing to fill out a required field makes disabled fields by Help Topic
appear on the page. When the disabled fields appear they allow Users to
populate and save data that they were not meant to submit.

This addresses an issue where people who do not have a phone field on the
contact information form go to search for a User in the User Directory and
the system crashes. This is due to the search query that always contains the
phone field variable. This only adds the phone variable to the search query
if the field actually exists.

Allow ticket assignee to see tasks associated with the ticket.

This addresses an issue where `SetAutoFont()` was making the Thai PDFs
break. This adds the `AUTOFONT_RTL` flag to only autodetect RTL languages
and nothing else.

This addresses an issue where creating an advanced search with selection
field "does not have a value" throws a fatal error. This was due to an
improperly named search method "notset".

This adds functionality to clean expired password reset tokens on cron runs.

This adds a Signal to clean Agent and User sessions upon setting/resetting
their password. If an Agent/User resets their own password and has multiple
sessions open it will log them out of every session except the one they’re
on.

This commit addresses the root cause of an issue commit 96892beb (now
        reverted) attempted to solve - by providing consistency between
getFiles and getAttachments

This addresses issue 4449 where using an Arabic language pack and trying to
print a ticket returns a PDF with either squares for text or no text at all.

This addresses an issue where searching for a Task by title returns all
Tasks in the search. This is due to the visibility filtering methods used to
filter tickets by staff's visibility.