PHP can't discern the difference between d/m/Y and m/d/Y when just the date
is submitted to strtotime(). Unfortunately, strptime() is not available
until PHP 5.1.0. This patch forces datepickers to change their values to
YYYY-MM-DD upon submission to disambiguate parsing issues.

Fixes #832

Make sure SLA plan is 'active' when marking tickets overdue.

Protect againts cross-site request forgery attacks by requiring a special
form-field or header to be sent with requests that modify ticket system
data.

This meant a slight change to the AJAX ticket locking mechanism. It was
defined to lock with a GET request; however, GET requests are defined as
safe methods and should not modify backend data (such as a lock
acquisition). Therefore, the the lock acquire AJAX method was changed to
require a POST method.

Also remove old, no-longer-used staff panel include files