This addresses an issue on the Forum where deleting an Organization causes
the session to fail. This is due to the Organization QuerySet being stored
in the session and not being cleared out when deleted from the system. This
causes the system to try to refetch the object from the database which it's
not there as it's been deleted and therefore causes the session to crash.

In 5120, the reporting party also mentioned that they receive an error of
`script '/xxx/osTicket/kb/ajax.php' not found or unable to stat`.  This is
due to the AJAX call being inside the KB directory, and `/kb/ajax.php` truly
does not exist. This adds `ROOT_PATH` to the beginning of the AJAX call so
that no matter where it is, it will point to the correct location.

This addresses 5120 where main (or Parent) FAQ Category Titles are not
translated even though the child Category titles are translated correctly.
This is due to to the system pulling the Full Name instead of the Local
(translated) Name.

This addresses issue 5095 where installing a Language Pack and visiting the
Dashboard > Information page without OpenSSL installed/configured will throw
a fatal error of `Call to undefined function openssl_pkey_get_public()`.
This is due to no check for the `openssl` extension before the dependant
method is called. This adds a check so that if OpenSSL is not available we
can return a useful error code of `VERIFY_EXT_MISSING` (which is error code
`2`) and continue without disrupting the content.

Make message variable optional for new tickets opened by agents. This is
necessary for help topics with issue details disabled.

This commit addresses an issue where time format in 24 hrs resulted in
double hours.

This addresses an issue where initially saving the ACL will fail. This is
due to the incorrect variable being used to lookup the IP in the ACL. This
updates the variable from `$acl` to the correct variable `$vars['acl']`.

This addresses issue 5084 by partially reverting commit `fefed147`. In said
commit, we updated `THIS_VERSION` to utilize `MAJOR_VERSION` which is fine.
However, we also updated the deploy module to copy the same format. This
interferes with the osTicket Version check by not including the entire
subversion and not starting with a `v` (ie. `v1.12.3`). This reverts the
copied format section of the commit so that `THIS_VERSION` will be the full,
non-git version when deployed/packaged.

This addresses an issue reported on the forum where printing a ticket in
v1.12 and above requires `mbstring`. This updates the print call to check
for the `mbstring` extension and if not loaded will fail with a detailed
error `mbstring extension required to print ticket to PDF`.

This commit addresses two issues related to date / time format.

* 24 hrs format, when selected, is now used system-wide even on thread items
* PHP-to-JS date / time format translation is now down in the backend

This addresses issue 5007 where when using the complete thread variable
there is no padding between thread messages in Outlook desktop app and makes
the thread hard to follow. Outlook does not respect some CSS rules that are
accepted in most (if not all) modern email clients. Since we can’t use
normal CSS the workaround is to add a blank table row (with a single space)
so that it forces "padding" between the end of a message and the start of
another.

Before
(image)

After
(image)

This addresses an issue where upgrading from v1.6 to a release on or after
v1.12 will hang on login and eventually timeout. This is due to the system
not being able to fetch the config which logs a db error which calls the
config and continues the loop. For now, we need the config in the
constructor so that the loop doesn't occur and we can continue to upgrade as
normal.

TODO:
- For a permanent fix, we need to figure out why the loop occurs when not in
the constructor and vice versa.

This commit fixes an issue that allowed Agents to clear the Duedate on a ticket using inline edit. We were saving the value 0000-00-00 00:00:00 to the database which the ticket would then display as 12/1/02 06:09 pm.

Instead, if an Agent clears the Duedate field, we should save the duedate as null and the ticket should continue using the est_duedate.

This addresses an issue reported on the Forum where creating a new Agent and
setting a password hangs when using PHP 7.3. This is due to too few
arguments passed to `PasswordPolicy::checkPassword()`. This updates the call
to include a second argument of `null` so the method is satisfied and we can
continue with checking the password.

This partially reverts commit dda483eb.
Forcing created by sort resulted in queue columns based sorting getting
overridden.

This addresses an issue where the previous CSV security patch causes an
error when creating an Advanced Search with criteria like `User / Email
Address => contains => @domain.tld`. The system tries to validate the field
and since `is_formula` is the default validation for TextboxFields the
system sees `@domain.tld` criteria as a formula and throws the `Content
cannot start with the following characters: = - + @` error. Advanced
Searches do not need the `is_forumal` validation as the fields are not
exportable. This adds a check to see if the field's form is
`AdvancedSearchForm` and if there is no `validator` set it gets set to `adv`
which bypasses the validation.

This commit fixes an issue where if you were to change a Ticket to the Resolved status and then to Closed, the dashboard statistics would show that you had closed 2 Tickets even though both events were done on the same Ticket.

We should only count one closed event per Ticket.

This was reported in Issue #5018.

This addresses an issue where a User sending an email message with a
different Department as CC to the system will not refer the CC'ed Department
until the email is fetched a second time. The old thinking was that since
the User CC'ed the other Department the other Department should receive a
copy of the email in their mailbox. When the system fetches the User's
message from the original Department email it gets added to the thread but
doesn't refer just yet. When the system fetches the copy of the message from
the User in the other Department's email it will then refer the other
Department. This is a problem especially when you are not fetching or
forwarding from the other Department's email address. This updates
`Thread::postEmail()` to include the check for `$mailinfo['system_emails']`
and if set we refer the Department immediately.

This commit fixes an issue where date range boundaries didn't consider
user's timezone resulting in UTC times being used.

This addresses issue 4965 where the register.inc.php file for clients was
missing translations for the action buttons.

For the is_a function, the class name should be in quotation marks to avoid the warning in PHP 7.3

This addresses an issue where the system cannot successfully authenticate to
an Exchange server using shared mailbox auth credentials (eg. Username:
`main-user@domain.com\shared-mailbox@domain.com`). The system passes the
entire Username value as the `username` parameter for `imap_open()` and
Exchange fails to authenticate. This adds two new variables called
`authuser` and `username` to class MailFetcher. This also updates the
`MailFetcher::__construct()` method to explode the Username value at the
backslash giving us two parts: the Authentication Username and the Mailbox
Username. If there are in fact two parts we will assign the first part to
the new `authuser` variable and assign the second part to the new `username`
variable. If we detect an `authuser` we will add it to the `imap_open()`
flag called `authuser` and append it to the `srvstr`. In addition this
updates the `MailFetcher::getUsername()` method to return the new `username`
variable instead of the hash table data.

Within a Ticket, if you click the Assign dropdown and choose Agent or Team, the possible assignees are filtered based on who can be assigned to the Department, however, the inline Assigned To option did not filter the possible assignees. This commit ensures that we do filter possible assignees when assigning via inline edit.

This addresses an issue reported on the Forum where visiting the Agent
Dashboard with no Help Topics in the system completely breaks the Dashboard
view and throws a database error `You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near ') GROUP BY A1.topic_id' at line 1`. This is due to the
statistics code assuming we will always have `$topics` but this is not
always the case, as some people rock their helpdesk without a single Help
Topic. This adds a check to see if `$topics` is empty and if so, we return
the appropriate headers with an empty array as the plot data. This will
avoid the database error and show the appropriate Dashboard view with no
statistics listed under "Topics" tab.

This commit addresses an issue where updating (editing) organization from
User's page resulted in ALL settings getting cleared. The change makes sure
the update is routed to the proper routine.

This addresses an issue where conducting an Advanced Search will show the
results in ASC order (from oldest to most recent) by default. If there are
no keywords the search is supposed to show the results in DESC order (from
most recent to oldest) by default. If there are keywords the search is
supposed to show the results sorted by `relevance`. This adds additional
`select` options to the search criteria for keyword searches so that we can
use `relevance` in the outer query. This also adds an `order_by` to the
tickets to order them by the `relevance` in `DESC` order. In addition this
adds a new `order_by` to sort the results by `created` in DESC if there are
no keywords.

This updates the Installer PHP Requirements from `5.4` to `5.6`. This
updates the `$prereq` variable to be protected and updates depending methods
so they can use the static variable.

This updates all the old, outdated osTicket links in the software. This
includes things like the forum URL, the support URL, the Installation Guide
URL, etc.

This enhances security patch (33ed10) to allow image attachments to be
opened in a new tab if the setting is enabled. This adds a new setting to
the Agent Profile labeled "Image Attachment View" that determines how image
attachments are handled. The two options are "Download" and "Inline" with
"Download" being the default. If the option is set to "Download" all image
attachments will be forced to download. If the option is set to "Inline" all
image attachments will open in a new tab when you right click + open in new
tab.

This addresses an issue reported on the Forum where clicking the "Reset
Permissions" action in the Agent Directory shows a blank popup. Inspecting
the console shows 500 error and checking the error logs shows `Too few
arguments to function` error. This is due to the
`RolePermission::__construct()` method expecting 1 parameter but in
`ajax.staff.php` we are not passing anything to it. This updates
`resetPermissions()` to pass `null` to `RolePermission::__construct()` so
that it doesn't complain and error out.

This addresses an issue where clicking on Config next to a Queue Sort will
show a blank popup. Upon viewing the error logs you receive the error `Call
to a member function asTable() on null`. This is due to defining
`$data_form` inside of the `if ($_POST)` block instead of defining it
outside the block. This updates `SearchAjaxAPI::editSort()` to define
`$data_form` outside of the `if ($_POST)` block so that `$data_form` is
always set.

This commit fixes an issue where trying to save the value '0' to a required short answer field would not save because it did not register that the field contained a value.

This commit fixes an issue where alerts are not sent out to the Admin Email if a Department does not have any primary or extended members.

Now, if the Admin Email is checked for the New Ticket Alert and a Department does not have any members at all, an Alert will still go out to the Admin unless the Department recipients field is set to 'No one (diable Alerts and Notices)'

To make things more clear, an option has been added to have the 'Admin Only' as the recipient, so the Alert will go out ONLY to the Admin if  selected and the New Ticket Alert is enabled for the Admin Email.

If 'No one (diable Alerts and Notices)' is selected, no alert will go out at all, regardless of what is checked in Settings | Tickets | Alerts and Notices

This addresses an issue reported on the Forum where setting a password for
an Agent upon creation doesn't save the password in the backend. This means
if you set a password, click Create, and then try to login as the agent you
will be denied access (as there is no password saved). We store the
PasswordResetForm data in the session for later use but we do not actually
use the form data anywhere in the `Staff::update()` method. This updates the
`Staff::update()` method to include a check for the form data and if exists
sets the password and saves it in the backend. This maintains current
functionality where if `Send the agent a password reset email` is enabled
then we do not set the password, instead we send the Agent a registration
email.

In addition, this updates the `StaffAjaxAPI::setPassword()` to include
password validation so if a password is not valid we do not save it.
Instead, we will keep the modal open and throw validation errors until a
valid password is given. This means the form data will not be stored in the
session until we have a valid password.

This addresses an issue where using osTicket from git would show the
incorrect git version in `Admin Panel > Dashboard > Information`. This is
due to a hardcoded git version of `1.8-git`. This updates `THIS_VERSION` to
utilize `MAJOR_VERSION` so that it sets the correct git version. This also
updates the `deploy` CLI module to match the same format (example:
`1.12-git`).

This addresses an issue where creating a ticket with a Due Date set fails
with an error of `Select a time from the list`. This is due to unused
variables in the `Ticket::create()` function. This also improves the
datetime conversion to GMT by using `Format::parseDateTime()` instead of
trying to create a DateTime object directly which also provides a fallback
if an incorrect time. This can correctly determine the timezone (if present)
and return a proper DateTime object.

This addresses an issue reported by Aishwarya Iyer where attached HTML files
are executed in the browser instead of forcing download in Firefox and IE
for Windows specifically. This is caused by an incorrect
`Content-Disposition` set in the `AttachmentFile::download` function.
Instead of attachments having a disposition of `attachment` (which forces
download) they have a disposition of `inline` (which displays the file
contents in the browser). This updates the download function to use whatever
disposition is passed (for S3 plugin), if none it defaults to `attachment`.
In addition, this overwrites the disposition and sets it to `attachment`
after the `$bk->sendRedirectURL()` so that S3 attachments still work and the
issue of an attacker passing their own disposition is mitigated.