This patch sends updated session cookies to the browser when the session is
refreshed on the server. This allows the session cookie to expire on the
browser at the same time the session timeout occurs at the server. In the
event the session timeout is configured in osTicket not to expire, the
cookie will expire after seven days on the client browser, and will expire
in PHP when it is garbage collected sometime after 86400 seconds after the
time last refresh time.

Using this method, the session will never expire if the session timeout in
osTicket is configured to 0, and the session is refreshed at least daily.

Tested with 1.9.4 - found no other / related / new issues due to this change of the z-index.

Fixes: https://github.com/osTicket/osTicket-1.8/issues/980
Fixes: https://github.com/osTicket/osTicket-1.8/issues/1411

This fixes a slight issue where the team members would never be included on
the new message alert. Now, the system will send to either the assigned
staff member, if any, or the members of the assigned team, again, if any.

Files upgraded from versions of osTicket prior to 1.9.1 did not have a
`signature` field in the database. For caching purposes in generating the
Etag HTTP header, the getSignature function cascades through the getKey
method. This may be inconsistent in the signed URL creation.

This patch adds a cascade flag to the getSignature method so the cascading
will not happen unless specifically requested.

Don't add to endTime if not already set

forms: Use form's name as the heading.

Reviewed-By: Jared Hancock <jared@osticket.com>

filter: Implement ban on reply-to email address

Reviewed-By: Peter Rotich <peter@osticket.com>

Show the form title on edit instead of "Custom Form" - which can be
misleading since the user might be editing a built-in form.

If a new ticket is assigned to both an individual agent and a team, do not
send the email alert to the team lead or the team members.

email: Send staff alerts from the department email

Reviewed-By: Peter Rotich <peter@osticket.com>

Properly escape text bodies for canned responses

Reviewed-By: Peter Rotich <peter@osticket.com>

files: Provide unified download script

Reviewed-By: Peter Rotich <peter@osticket.com>

This patch changes the ticket filter system so that it can be recursively
looped to allow for banning and matching on the reply-to address and name.

This script adds a single download script, 'file.php', which provides access
to files of all types to all users. It uses a HMAC signature system with an
expires time, which allows signed URLs to be sent to external users.

This also fixes an issue with the Http::cacheable() method, where the
last-modified and Etag headers were not properly compared, which resulted in
permanent cache misses by the client.

Sanitize query strings

Reviewed-By: Jared Hancock <jared@osticket.com>

Use http::build_query instead of inline urlencode

Retire l.php

Reviewed-By: Jared Hancock <jared@osticket.com>

filters: Fix several small, major issues

Reviewed-By: Peter Rotich <peter@osticket.com>

  * Fix incorrect mapping to user email address
  * Fix early rejecting of tickets — even if a filter earlier in the
    matching filter list had "stop on match" set
  * Fix ::stopOnMatch referring to incorrect db field

The new logic abandons the early rejection logic in ticket create. Instead,
the normal validation is completed as usual. Thereafter, the filter is
initialized and applied to the ticket. Upon rejection, a RejectedException
is thrown by the ::apply() method of the TicketFilter. The Ticket::create()
method will handle the exception and reject the ticket.

Stop trampolining links via l.php. It was necessary before in order to avoid
the potential of leaking ticket number & email. The authentication mechanism
in place now redirects on successful login.

This is necessary so we can sanitize/encode inputs.