Merge branch 'develop' into odain

application/cmdbabstract.class.inc.php

@@ -819,6 +819,7 @@ HTML
 				foreach ($aNotificationClasses as $sNotifClass) {
 					$aNotifSearches[$sNotifClass] = DBObjectSearch::FromOQL("SELECT $sNotifClass AS Ev WHERE Ev.object_id = :id AND Ev.object_class = :class");
 					$aNotifSearches[$sNotifClass]->SetInternalParams($aParams);
+					$aNotifSearches[$sNotifClass]->AllowAllData();
 					$oNotifSet = new DBObjectSet($aNotifSearches[$sNotifClass], []);
 					$iNotifsCount += $oNotifSet->Count();
 				}
@@ -832,6 +833,7 @@ HTML
 						'menu' => false,
 						'panel_title' => MetaModel::GetName($sNotifClass),
 						'panel_icon' => MetaModel::GetClassIcon($sNotifClass, false),
+						'display_unauthorized_objects' => true,
 					]);
 				}
 			}

application/displayblock.class.inc.php

@@ -726,6 +726,10 @@ class DisplayBlock
 				}
 			}
 
+			if (!$this->m_oFilter->IsAllDataAllowed() && ($aExtraParams['display_unauthorized_objects'] ?? false) === true) {
+				$this->m_oFilter->AllowAllData();
+			}
+
 			$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
 			$this->m_oSet = new CMDBObjectSet($this->m_oFilter, $aOrderBy, $aQueryParams);
 		}
@@ -1379,7 +1383,10 @@ JS
 
 		// Check the classes that can be read (i.e authorized) by this user...
 		foreach ($aClasses as $sAlias => $sClassName) {
-			if (UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) != UR_ALLOWED_NO) {
+			if (
+				(UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) !== UR_ALLOWED_NO)
+				|| ($aExtraParams['display_unauthorized_objects'] ?? false) === true
+			) {
 				$aAuthorizedClasses[$sAlias] = $sClassName;
 			}
 		}

application/loginexternal.class.inc.php

@@ -75,13 +75,10 @@ class LoginExternal extends AbstractLoginFSMExtension
 	}
 
 	/**
-	 * @return bool
+	 * @return bool|mixed
 	 */
 	private function GetAuthUser()
 	{
-		$sExtAuthVar = MetaModel::GetConfig()->GetExternalAuthenticationVariable(); // In which variable is the info passed ?
-		eval('$sAuthUser = isset('.$sExtAuthVar.') ? '.$sExtAuthVar.' : false;'); // Retrieve the value
-		/** @var string $sAuthUser */
-		return $sAuthUser; // Retrieve the value
+		return MetaModel::GetConfig()->GetExternalAuthenticationVariable();
 	}
 }

application/themehandler.class.inc.php

@@ -924,11 +924,6 @@ CSS;
 	public static function CloneThemeParameterAndIncludeVersion($aThemeParameters, $bSetupCompilationTimestamp, $aImportsPaths)
 	{
 		$aThemeParametersVariable = [];
-		if (array_key_exists('variables', $aThemeParameters)) {
-			if (is_array($aThemeParameters['variables'])) {
-				$aThemeParametersVariable = array_merge([], $aThemeParameters['variables']);
-			}
-		}
 
 		if (array_key_exists('variable_imports', $aThemeParameters)) {
 			if (is_array($aThemeParameters['variable_imports'])) {
@@ -936,6 +931,14 @@ CSS;
 			}
 		}
 
+		// Variables defined in theme XML have the priority over variables defined in XML imports files
+		// They're defined after so they overwrite previous parameters
+		if (array_key_exists('variables', $aThemeParameters)) {
+			if (is_array($aThemeParameters['variables'])) {
+				$aThemeParametersVariable = array_merge($aThemeParametersVariable, $aThemeParameters['variables']);
+			}
+		}
+
 		$aThemeParametersVariable['$version'] = $bSetupCompilationTimestamp;
 		return $aThemeParametersVariable;
 	}

application/ui.linksdirectwidget.class.inc.php

@@ -228,7 +228,7 @@ JS
 			<<<HTML
 <form id="ObjectsAddForm_{$this->sInputid}">
     <div id="SearchResultsToAdd_{$this->sInputid}">
-        <div style="background: #fff; border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
+        <div style="border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
     </div>
     <input type="hidden" id="count_{$this->sInputid}" value="0"/>
 </form>

application/ui.searchformforeignkeys.class.inc.php

@@ -27,6 +27,9 @@ require_once(APPROOT.'/application/displayblock.class.inc.php');
 
 class UISearchFormForeignKeys
 {
+	private $m_sRemoteClass;
+	private $m_iInputId;
+
 	public function __construct($sTargetClass, $iInputId = null)
 	{
 		$this->m_sRemoteClass = $sTargetClass;
@@ -40,7 +43,7 @@ class UISearchFormForeignKeys
 	 *
 	 * @throws \Exception
 	 */
-	public function ShowModalSearchForeignKeys($oPage, $sTitle)
+	public function ShowModalSearchForeignKeys($oPage)
 	{
 
 		$oFilter = new DBObjectSearch($this->m_sRemoteClass);
@@ -60,52 +63,17 @@ class UISearchFormForeignKeys
 			]
 		));
 		$sEmptyList = Dict::S('UI:Message:EmptyList:UseSearchForm');
-		$sCancel = Dict::S('UI:Button:Cancel');
-		$sAdd = Dict::S('UI:Button:Add');
 
 		$oPage->add(
 			<<<HTML
 <form id="ObjectsAddForm_{$this->m_iInputId}">
     <div id="SearchResultsToAdd_{$this->m_iInputId}" style="vertical-align:top;height:100%;overflow:auto;padding:0;border:0;">
-        <div style="background: #fff; border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
+        <div style="border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
     </div>
     <input type="hidden" id="count_{$this->m_iInputId}" value="0"/>
 </form>
 HTML
 		);
-
-		$oPage->add_ready_script(
-			<<<JS
- $('#dlg_{$this->m_iInputId}').dialog({ 
- 			width: $(window).width()*0.8, 
- 			height: $(window).height()*0.8, 
- 			autoOpen: false, 
- 			modal: true, 
- 			resizeStop: oForeignKeysWidget{$this->m_iInputId}.UpdateSizes,
-            buttons: [
-				{
-					text: Dict.S('UI:Button:Cancel'),
-					class: "cancel ibo-is-alternative ibo-is-neutral",
-					click: function() {
-						$('#dlg_{$this->m_iInputId}').dialog('close');
-					}
-				},
-				{
-					text:  Dict.S('UI:Button:Add'),
-					id: 'btn_ok_{$this->m_iInputId}',
-					class: "ok ibo-is-regular ibo-is-primary",
-					click: function() {
-						oForeignKeysWidget{$this->m_iInputId}.DoAddObjects(this.id);							
-					}
-				},
-			],
-
- });
-$('#dlg_{$this->m_iInputId}').dialog('option', {title:'$sTitle'});
-$('#SearchFormToAdd_{$this->m_iInputId} form').on('submit.uilinksWizard', oForeignKeysWidget{$this->m_iInputId}.SearchObjectsToAdd);
-$('#SearchFormToAdd_{$this->m_iInputId}').on('resize', oForeignKeysWidget{$this->m_iInputId}.UpdateSizes);
-JS
-		);
 	}
 
 	public function GetFullListForeignKeysFromSelection($oPage, $oFullSetFilter)
@@ -119,31 +87,4 @@ JS
 			IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 		}
 	}
-
-	/**
-	 * Search for objects to be linked to the current object (i.e "remote" objects)
-	 *
-	 * @param WebPage $oP The page used for the output (usually an AjaxWebPage)
-	 * @param string $sRemoteClass Name of the "remote" class to perform the search on, must be a derived class of m_sRemoteClass
-	 *
-	 * @throws \Exception
-	 */
-	public function ListResultsSearchForeignKeys(WebPage $oP, $sRemoteClass = '')
-	{
-		if ($sRemoteClass != '') {
-			// assert(MetaModel::IsParentClass($this->m_sRemoteClass, $sRemoteClass));
-			$oFilter = new DBObjectSearch($sRemoteClass);
-		} else {
-			// No remote class specified use the one defined in the linkedset
-			$oFilter = new DBObjectSearch($this->m_sRemoteClass);
-		}
-
-		$oBlock = new DisplayBlock($oFilter, 'list', false);
-		$oBlock->Display(
-			$oP,
-			"ResultsToAdd_{$this->m_iInputId}",
-			['menu' => false, 'cssCount' => "#count_{$this->m_iInputId}", 'selection_mode' => true, 'table_id' => "add_{$this->m_iInputId}"]
-		);
-	}
-
 }

application/utils.inc.php

@@ -122,6 +122,11 @@ class utils
 	 * @since 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_VARIABLE_NAME = 'variable_name';
+	/**
+	 * @var string For module codes (e.g. `itop-portal-base`, `combodo-webhook-integration`, `some-module-code-x.y`, ...)
+	 * @since 3.2.3 3.3.0 N°8554
+	 */
+	public const ENUM_SANITIZATION_FILTER_MODULE_CODE = 'module_code';
 	/**
 	 * @var string
 	 * @since 2.7.10 3.0.0
@@ -393,6 +398,7 @@ class utils
 	 * @since 2.7.10 N°6606 use the utils::ENUM_SANITIZATION_* const
 	 * @since 2.7.10 N°6606 new case for ENUM_SANITIZATION_FILTER_PHP_CLASS
 	 * @since 3.2.1-1 N°8242 Allow value to be an array for every filter
+	 * @since 3.2.3 3.3.0 N°8554 new case for ENUM_SANITIZATION_FILTER_MODULE_CODE
 	 *
 	 * @link https://www.php.net/manual/en/filter.filters.sanitize.php PHP sanitization filters
 	 */
@@ -480,7 +486,7 @@ class utils
 				);
 				break;
 
-				// For XML / HTML node id selector
+				// For XML / HTML node selector
 			case static::ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR:
 				$retValue = filter_var(
 					$value,
@@ -493,6 +499,15 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;
 
+			case static::ENUM_SANITIZATION_FILTER_MODULE_CODE:
+				// Module codes allow all alphabets letters, numbers, dash and dot characters
+				$retValue = filter_var(
+					$value,
+					FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[\p{L}\d.-]+$/u']]
+				);
+				break;
+
 				// For URL
 			case static::ENUM_SANITIZATION_FILTER_URL:
 				$retValue = filter_var($value, FILTER_SANITIZE_URL);
@@ -1440,6 +1455,12 @@ class utils
 
 			case iPopupMenuExtension::MENU_OBJLIST_TOOLKIT:
 				/** @var \DBObjectSet $param */
+
+				// Check if the user has the right to read the objects of this list, otherwise do not propose any action (eg. configure this list, export, etc.)
+				if (UserRights::IsActionAllowed($param->GetFilter()->GetClass(), UR_ACTION_READ, $param) !== UR_ALLOWED_YES) {
+					break;
+				}
+
 				$oAppContext = new ApplicationContext();
 				$sContext = $oAppContext->GetForLink(true);
 				$sDataTableId = is_null($sDataTableId) ? '' : $sDataTableId;