Add ability to disable use of authentication tokens on ticket links

Due to MySQL FULLTEXT min-word-lenn requirements (which various from
installation to installation), fulltext-based searches require at least two
characters.

Conflicts:
	include/class.ticket.php

UI: Assignment alerts do NOT include teams

Reviewed-By: Peter Rotich <peter@osticket.com>

bounce: Avoid a loop on new message alert to staff

Reviewed-By: Peter Rotich <peter@osticket.com>

Properly initialize array. Fixes #2593 

Reviewed-By: Peter Rotich <peter@osticket.com>

Upgrade pear Mail libraries, use header charset for attachment filenames

Reviewed-By: Peter Rotich <peter@osticket.com>

Option to disable auto-claim at department level

Reviewed-By: Self

Form style browser fix.

Reviewed-By: Peter Rotich <peter@osticket.com>

Fix several search related issues

Reviewed-By: Peter Rotich <peter@osticket.com>

End user avatar fix for #2557 #2580 

Reviewed-By: Peter Rotich <peter@osticket.com>

User Directory Tickets

Include collaborated tickets
Pagenate user and org tickets listing
Add ability to export tickets

Merge develop to develop-next

Reviewed-By: Peter Rotich <peter@osticket.com>

forms: Avoid dropping the CDATA table

Reviewed-By: Peter Rotich <peter@osticket.com>

Uploaded image preview fix

Reviewed-By: Peter Rotich <peter@osticket.com>

Fixes bare header redirect

Reviewed-By: Peter Rotich <peter@osticket.com>

locks: Exclude expired locks via constrain

This fixes a bug where the browser will fail to redirect away from
the login page if the client's browser doesn't allow for location
mutations with the 422 response code.

This issue only impacts SSO auth plugins.

If a new message alert bounced to a staff member and the postmaster sent
back a bounce notice, which was threaded, then the agent might receive
another new message alert, which would continue a bounce loop.

MySql 5.6 and MariaDB 10 will return affected_rows == 0 if updating a row to
its current values. Therefore, if an object is "edited", but none of the
CDATA is modified, then the CDATA table might be dropped and rebuilt.

Conflicts:
	include/class.forms.php

files: Verify files attached to a FileUploadField

Reviewed-By: Peter Rotich <peter@osticket.com>

Hi guys,

had this issue in my mind from before my vacation. Someone over in the forum had the issue that even though he checked "Assigned Agent / Team" the team never got notified. After some research and a closer look I guess Neil found out that he needed to check "Team Lead" and/or "Team members" to enable alerts for the team as well.

So in this case the wording "Assigned Agent / Team" is a bit misleading and I suggest to change it to just "Assigned Agent" or whatever  you prefer ;)

Just made this pull request, so that you don't need to search long and it's (hopefully) easier to understand which "Assigned Agent / Team" is meant since it's there several times at the alert settings page.

Cheers,
Michael

PS: Also I don't know why the first line appears as "removed" and "added" ... didn't change anything here, but anyway, line 126 is the important one ;)

This fixes a security issue where, by crafting a special POST request to the
client open.php page, an (unauthenticated) user could get a URL link to
access to any attachment already uploaded in the system by guessing or
brute-forcing the file's ID number.

This patch addresses the issue by registering the uploaded file's ID in the
current user's session. When processing the list of file ID's attached to
the FileUploadField, the files must already have been attached to the field
or have been newly attached in the current session.

Fixes #2615

References:
"Security issue - Download attachments submitted by others"
https://github.com/osTicket/osTicket-1.8/issues/2615

Fixes a bug where a lock icon is shown on tickets listing even when the lock
in question is expired.

Sets a static height to the row since it truncates it shouldn’t have
any odd behavior. Content in the span is centered on the row and sets
image height to fit inside the row.

Older browser height fix for the end user avatar. Changing the height
100% property to height auto; corrects the avatar size on older
browsers, in this case Safari 5. The fix will keep the image from
stretching 100% for the end user.

Otherwise we might end up with a search term like '"some junk"*' which is
invalid.

Instead of using distinct alone, change to add the relevance of related
items when searching for tickets. In other words, when performing a full
text search for 'xyz', add the relevance of matched user, organization, and
thread objects.

search: Try harder to match MySQL full text boolean query

Reviewed-By: Peter Rotich <peter@osticket.com>

orm: Avoid crashing when building a model with select_related

Reviewed-By: Peter Rotich <peter@osticket.com>

Add a checkbox option within the department setting to disable the "Claim on
Response"

Feature must be enabled globally in order to be disabled locally (duh!)

As currently written, if a full text query is attempted in BOOLEAN mode and
the query cannot be compiled by MySQL, it causes an OrmException and a
crash. This patch adds a more straight-forward and comprehensive
grammer-based approach to checking for valid boolean syntax.