This addresses issue 4325 where the Language Pack Locales are mismatched.
The Locale for the first language is displayed on the second language,
etc. This updates the `$manifest` variable to be set before we display
data so the correct `MANIFEST` file is included and all language data is
displayed correctly.

This addresses an issue on the forums where the query to determine the
size of the `file_chunk` table is making the page load really slow for
people with large tables. This updates the query to improve the
performance of the page load time.

This addresses a vulnerability where there was no `X-Frame-Options` header
which could potentially allow click jacking. This adds the
`X-Frame-Options: SAMEORIGIN` header so it will remove any chance of click
jacking. According to Mozilla Developer Docs:
```
SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page
itself.
```

This addresses an issue where the User’s account status is always 'Active'
in the Organization list no matter what their actual status is. This adds the
account status to the user query which adds the correct status to the Users’
account.

This addresses an issue where the CSRF Token is displayed in the URL
when you preform a search in the Users Tab. This removes the token from the
request which removes it from the URL.

This addresses a vulnerability where an Agent can perform XSS via the
Agent Directory’s REQUEST query string. This sanitizes the request params
so the code will be escaped and not executed in the browser.

Don't display the Close Task option if the current user can't close it...

This addresses issue 3782 where clicking Print on a Task gives you a blank
popup that hangs. This is because the Print button was being treated as a
Task action when it is actually not one. This adds a ternary operator to
give the proper Task Actions the `task-action` class and gives the Print
button no class.

This addresses issue 3815 where searching by User's phone number doesn't
work in v1.10. This adds phone number search capabilities for the User
Directory and User Search popup in v1.10.

Fixes syntax error introduced with commit 71a6b2a0 & 6e0ddf2e

Changes 'Permisions' to the correct spelling 'Permissions'.

Display Loading Overlay when posting a response or a note to a ticket.

* HTTP Option: TRUSTED_PROXIES (default: <none>
To support running osTicket installation on a web servers that sit behind a
load balancer, HTTP cache, or other intermediary (reverse) proxy; it's
necessary to define trusted proxies to protect against forged http headers.

* HTTP Option: LOCAL_NETWORKS (default: 127.0.0.0/24)
When running osTicket as part of a cluster it might become necessary to
white list local/virtual networks that can bypass some authentication
checks.

* Validate CLIENT_IP to make sure it's a valid IP address.

Encode html chars on helpdesk title

Use class instead of id on form element that triggers overlay on submit.

Account for agents' name format setting when sorting agents.

Fixes #3194

This is important to show custom statuses with properties.

Add a preview tool tip to show list item properties on mouse-over.

Corrected "over-W-ridden" and removed the unnecessary "w" from the word "overridden"

Fix a bug where it was impossible to disable ALL collaborators
Change recipients active/total count on update

In addition to 71a6b2a0 splitted "this department" here.

This feature adds a setting to the control panel to require signing in to
view attachments. This is in addition to the security already provided in
the download URLs. Currently, download URLs are signed for a specific help
desk, and automatically expire after about 24 hours. The exact timing is the
following midnight allowing for at least 12 hours cache time.

Administrators can impose this extra security feature to refuse serving
attachment files if the user is not currently signed in. This could prevent
third-party users from viewing an attachment if they were able to get access
to the download URL before it expired.

* Separate primary from extended access members when listing department
  access.

* Add ability to update primary department members role

* Quick staff add - inherit role of the primary department as default role

Use org_id to filter users to update on organization delete

Within this commit, several files got updated to split up strings like "Disable for this team" / "Disable for this department" into "Disable for" and "this team"/"this department".
So a) a little bit less translations and b) all strings of "this (ticket|task|API|canned|FAQ|depart|email|group|site|SLA|agent|team|template|help|ban|category|custom|end user|role)" can match already existing "this ..." translations now.
PS: Didn't remove all that whitespaces in include/staff/tpl.inc.php - seems like my php editor app has done that automatically :/

One s too much here - it's singular and not plural when editing a task

This partially reverts a change in the ORM changing the QuerySet::all()
method to return an Iterator rather than an array. I spent a while proposing
a patch to replace usage of all() with iterations; however, I cannot propose
a valid reason to abandon the previous methodology.

This reintroduces the previous behavior: calling all() will yield an array
of results from the QuerySet's iteration system.