Fixes #1834

Preserve the fields indexed keys
Only sort the fields once, after adding missing fields

Reset field content when building a new form

See: http://osticket.com/forum/discussion/85083/osticket-sends-no-html-mails#latest

Looked at crowdin and the term "Add Organization" is already used in the following context:
#: include/staff/templates/org-lookup.tmpl.php:82

So my suggestion is to use it also for this context here, which would not require a new translation ;)

Michael

Fixes #1809

Get all dynamic fields in DynamicFormEntry, not just fields with answers

This partially reverts commit bff191b6.
The hasSpecialSearch() method can be retired in `develop-next` — NOT in the
`develop` branch

If the system receives an email by a collaborator which has not yet been
added to the ticket (a friend of a friend — that is, a collaborator forwards
an email to a third-party), a header is added to the thread body something
like:

Received From: afriendofafriend@mycompany.tld

However, if the thread body is text and the HTML ticket thread is enabled,
then the text formatting hint will be lost and the body will be assumed as
HTML deeper inside the thread entry creation process. Therefore, the
whitespace inside the resulting thread entry will be collapsed.

This patch addresses the issue by maintaining the original format hint with
the thread body.

Allow the staff banner to be set to empty (which is the default).

Also display the update errors back on the dialog for failed updated.

Fixes the missing icon before "Add new filter" in scp at the filters.php page

This allows for multiple priority fields to specify differing defaults, and
it also allows for a selection of 'System Default' in the config, which
renders as 'Default' when rendered.

It also fixes up a couple PHP warnings about include/class.forms.php

If the ticket details form has an extra field of type "Priority Level"
(beyond the one built in), exports of tickets will be empty.

This patch addresses the issue in the exporter which uses an older version
of the custom data materialized view (__cdata table), which created separate
columns for selection and ID values. The current cdata system only creates a
single column and stores the ID value. It also addresses an issue where the
ID column was passed to the PriorityField::to_php() as the first argument.

  * Fix matching of collaborators on return emails. Previously the
    collaborator ID was used instead of the related user ID. Also, the 'C'
    user class (collaborator) was not handled in ::decodeMessageId()
  * Only send a reply separator for email related to a thread
  * Always generate a tag for the email message id. This will allow reply
    from the help desk administrator for the new ticket alert

This patch fixes a vulnerable scenario, where sequential login attempts can
be made without an existing session, and without a valid CSRF token. This
scenario lends itself well for brute force password attempts, because
attackers can avoid using a session and still send requests to determine if
a set of credentials are valid. This vector also avoids the authentication
lockout mechanism, because it requires an ongoing session to shutdown the
requests.

This patch addresses the issue by requiring a session and a valid CSRF token
generated by the server and placed in the session to be submitted with the
credentials. Therefore, an existing session and a Cookie header are required
to process a login attempt. Secondly, the CSRF token will be changed on the
server after each login processed. Therefore, for each session, a subsequent
GET request would be necessary before submitting another login attempt.

References:
https://bugs.php.net/bug.php?id=43200
http://stackoverflow.com/a/22521203

Also try harder to send a relevant In-Reply-To and References header back
to the client with the email message.

This pull request adds a cleanup util for bogus and invalid charsets, mostly
added by a nameless company out of Redmond, WA.