Merge remote-tracking branch 'origin/support/2.7' into develop

# Conflicts:
#	application/ajaxwebpage.class.inc.php
#	application/csvpage.class.inc.php
#	application/itopwebpage.class.inc.php
#	application/webpage.class.inc.php
#	application/xmlpage.class.inc.php
#	core/config.class.inc.php
#	css/css-variables.scss
#	datamodels/2.x/version.xml
#	pages/ajax.document.php
#	pages/ajax.render.php
#	pages/ajax.searchform.php
#	sources/application/TwigBase/Controller/Controller.php

setup/email.test.php

@@ -33,10 +33,14 @@ LoginWebPage::DoLogin(true); // Check user rights and prompt if needed (must be
 $sOperation = Utils::ReadParam('operation', 'step1');
 $oP = new SetupPage('iTop email test utility');
 
+// Although this page doesn't expose sensitive info, with it we can send multiple emails
+// So we're adding this http header to reduce CSRF exposure...
+$oP->add_xframe_options('DENY');
+
 
 /**
  * Helper to check server setting required to send an email
- */  
+ */
 function CheckEmailSetting($oP)
 {
 	$bRet = true;
@@ -255,11 +259,11 @@ try
 		break;
 		
 		case 'step2':
-		$oP->no_cache();
-		$sTo = Utils::ReadParam('to', '', false, 'raw_data');
-		$sFrom = Utils::ReadParam('from', '', false, 'raw_data');
-		DisplayStep2($oP, $sFrom, $sTo);
-		break;
+			$oP->no_cache();
+			$sTo = Utils::ReadParam('to', '', false, 'raw_data');
+			$sFrom = Utils::ReadParam('from', '', false, 'raw_data');
+			DisplayStep2($oP, $sFrom, $sTo);
+			break;
 
 		default:
 		$oP->error("Error: unsupported operation '$sOperation'");

setup/wizardsteps.class.inc.php

@@ -707,7 +707,7 @@ class WizStepLicense extends WizardStep
         $aLicenses = SetupUtils::GetLicenses();
 		$oPage->add_style(
 <<<EOF
-fieldset {
+fieldset ul{
 	max-height: 18em;
 	overflow: auto;
 }