This addresses an issue where Piping email to osTicket and having Umlauts in
the Subject line causes the Subject to be malformed. This is due to the
`mimedecode()` method for class Format which is used by the API to transcode
the Subject line in emails. This adds a check to see if the
`mb_detect_encoding()` method exists so we can detect the value's encoding.
If it exists and we can detect the value's encoding the system will
transcode the text from the detected encoding to UTF-8. If we cannot detect
the encoding the text will continue through the other encoding checks.

This commit addresses an issue where time format in 24 hrs resulted in
double hours.

This commit addresses two issues related to date / time format.

* 24 hrs format, when selected, is now used system-wide even on thread items
* PHP-to-JS date / time format translation is now down in the backend

This corrects the spelling of `deposition` to `disposition` so that it's
correctly utilized.

This addresses an issue reported by Vincent Monier (Xenos) where posting a
single `</div>` tag as a message or response via the UI will break the HTML
Thread Tree view. This is due to the `html_balance()` method not cleaning
empty div tags. This adds `'div'=>1` to the empty tag array so that any
rogue div tag + any empty div tags are properly removed.

This addresses an issue where Korean text is stripped from the body. This is
due to the strip_emoticons function, as Korean text is in the same unicode
range as some of the emojis.

This addresses an issue where emoticons/emojis cut off the remainder of the
email when being added to a ticket thread.

This commit includes several final fixes in general that needed to be made.

This addresses an issue where the create_date variable is showing as Unix
timestamp instead of formatted date. This was due to a typo introduced in
commit `8623ed60` where the `$format` argument was forgotten for
`Format::datetime()` in the `FormattedLocalDate::getVar()` method.

This adds a setting in the Ticket Settings to give the option of showing the
ticket counts on Top-Level queues. If enabled, this will populate the ticket
counts next to the Top-Level queue names like they used to be. The only
caveat is the counts are triggered by mousing-over any of the queue names as
we only load the counts when we need to display the sub-queues (for better
performance).

This also adds a new format function called `number` (Phase 1). As of now it
will format any integer to a comma separated number (eg. `1337 -> 1,337`).

This commit adds the ability for DatetimeField to specify format string -
this is useful when the field display requires specific format different
from the system defined formats. For example during export.

This addresses an issue where images in email signatures containing a
`data-cid` attribute will either crash the ticket page or not show the image
in the signature.

This commit removes the logic that was used for time within 2 days which would give a result of either today or tomorrow when something could actually be in 2 days instead.

It also rounds relative time that is within 29 days so that the result will be more accurate.
Ex: 1.99 will round to 2 instead of showing 1

It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.

It may be possible to steal or manipulate customer session and cookies,
which might be used to impersonate a legitimate user, allowing the hacker to
view or alter user records, and to perform transactions as that user.
Sanitation of hazardous characters was not performed correctly on user
input.

osTicket did not properly sanitize array values in `Format::htmlchars()`.
Some values in the Admin Interface were not properly sanitized and returned
to the response.

This addresses an issue where some Vimeo videos are not being sent in
Agent’s responses. This adds `player.vimeo` to the sanitize method’s
iframe section so that the iframe tag is not stripped.

This addresses an issue where Outlook adds weird (and seemingly random)
_MailEndCompose tags to the email body which turns unwanted content into
links. This adds the _MailEndCompose tag to Format::sanitize() so it
will be removed from the email body.

This addresses an issue where the New Activity Notice Template was not
keeping the CSS styling for the %{message} variable. This was due to Gmail
adding `<div dir="ltr">` tags around some text in the body causing the CSS
styling to break. This adds RegEx to the formatter so we can remove the
`<div dir="ltr">` tags from the email body before the New Activity Notice
Template is sent preserving the CSS styling.

This addresses an issue where Outlook adds weird (and seemingly random)
_MailEndCompose tags to the email body which turns unwanted content into
links. This adds the _MailEndCompose tag to Format::sanitize() so it
will be removed from the email body.

Commit c4579277 introduced an extra administrative security feature to
restrict files access to signed in users only, even  if a user has a valid
& signed download URL. The feature, however, did not take into account
public images & files associated with FAQs and pages such as
landing/thank-you pages.

This commit addresses the shortcoming by adding a reference ID (attachment ID)
to the download/access URL, that can be used to deduce the model/object type
that the file request is associated with. The technique will allow us in the
future to enforce ACL at the file level depending on privacy settings and
the security clearance of the user (agent).

This addresses an issue where some Vimeo videos are not being sent in
Agent’s responses. This adds `player.vimeo` to the sanitize method’s
iframe section so that the iframe tag is not stripped.

* Due date vs. SLA due date
* Misc. datetime fixes

This addresses an issue where there is no fullscreen option for embedded
videos. This adds the allowfullscreen parameter to the formatter for
iframe tags.

This addresses an issue where the text formatter only allows 2-4
characters in email domain TLDs. This causes an issue if you have a TLD
with more than 4 characters, where the full email address will not be
converted into the link. This increases the allowed characters to 2-63
characters allowing all modern TLDs to be converted correctly. Why 63
chars? Have a look at the 2.3.4 Size Limts section here:
http://www.ietf.org/rfc/rfc1035.txt

Example (using user@domain.testing):
Before
<a href="mailto:user@domain.test">user@domain.test</a>ing
After
<a href="mailto:user@domain.testing">user@domain.testing</a>

This addresses issue #3842 where special characters in a Page name causes a
403 or 404 error. This adds a method to convert the special characters to
html entities and then removes the entity suffixes leaving only
un-accented characters behind. (e.g. 'ã' => 'ã' => 'a')

Address edge cases where timezone mixups happens on DateTimeField

Allow datetime field to be timezone agnostic (not timezone aware) to display
the timezone used to set the field. The timezone of the last user or agent
that edited the field is used.

thanks @robintoy, @talilon

This patch removes any contents of an html element when scrubbing html
markup. Some markup includes complex namespaces and other information which
does not concern the html processing of osTicket. It also messes up the
htmLawed processing of the htmLawed.

Maybe fixes #2465
Maybe fixes #2272

Encoded entities can be used to bypass safety checks
Don't remove iframe when using xml_dom to balance tags

Encoded entities can be used to bypass safety checks
Don't remove iframe when using xml_dom to balance tags

And two flags, one which signals that stored HTML is correctly balanced and
does not need to be balanced when rendered in the ticket view. The second is
used to signal messages received from collaborators.

Additionally, this patch fixes showing external inline images (via the [Show
Images] button) when clicked.

Reset permissions and change primary department and role

getVar() is now called first, then object properties and array properties
are considered, and then getTag() is considered if none of the other options
work. This allows for more predictable results using the variable
replacement system, and allows ::getVar() to override every other means to
use variables in email templates.

* Fix warning for negative unix timestamps in Misc::db2gmtime
* Fix crash because of parser context passed to getXxx functions
* Fix inability to update email address