Merge remote-tracking branch 'origin/support/2.7' into develop

# Conflicts:
#	application/cmdbabstract.class.inc.php
#	application/utils.inc.php
#	dictionaries/en.dictionary.itop.core.php
#	dictionaries/fr.dictionary.itop.core.php
#	setup/setuputils.class.inc.php

sources/Form/FormManager.php

@@ -160,9 +160,45 @@ abstract class FormManager
 	/**
 	 * @param array|null $aArgs
 	 *
-	 * @return mixed
+	 * @return array
+	 *
+	 * @since 2.7.4 3.0.0 N°3430
 	 */
-	abstract public function OnSubmit($aArgs = null);
+	public function OnSubmit($aArgs = null)
+	{
+		$aData = array(
+			'valid' => true,
+			'messages' => array(
+				'success' => array(),
+				'warnings' => array(), // Not used as of today, just to show that the structure is ready for change like this.
+				'error' => array(),
+			),
+		);
+
+		$aData = $this->CheckTransaction($aData);
+
+		return $aData;
+	}
+
+	/**
+	 * @param array $aData
+	 *
+	 * @return array
+	 *
+	 * @since 2.7.4 3.0.0 N°3430
+	 */
+	public function CheckTransaction($aData)
+	{
+		$isTransactionValid = \utils::IsTransactionValid($this->oForm->GetTransactionId(), false); //The transaction token is kept in order to preserve BC with ajax forms (the second call would fail if the token is deleted). (The GC will take care of cleaning the token for us later on)
+		if (!$isTransactionValid) {
+			$aData['messages']['error'] += [
+				'_main' => [\Dict::S('UI:Error:InvalidToken')] //This message is generic, if you override this method you should use a more precise message. @see \Combodo\iTop\Portal\Form\ObjectFormManager::CheckTransaction
+			];
+			$aData['valid'] = false;
+		}
+
+		return $aData;
+	}
 
 	/**
 	 * @param array|null $aArgs