From 9637e75f974512e0eed0956e6cc8680abc6d0d72 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Wed, 13 Feb 2019 14:07:13 +0100
Subject: [PATCH 01/17] =?UTF-8?q?N=C2=B02011:=20Fix=20Issue=20with=20"Exec?=
 =?UTF-8?q?AsyncTask:=20async=5Ftask=5Fretries"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/asynctask.class.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/asynctask.class.inc.php b/core/asynctask.class.inc.php
index 5c7d8d2c6..6f3ea6bae 100644
--- a/core/asynctask.class.inc.php
+++ b/core/asynctask.class.inc.php
@@ -168,6 +168,7 @@ abstract class AsyncTask extends DBObject
 			$aConfig = $aRetries[get_class($this)];
 			$iMaxRetries = $aConfig['max_retries'];
 		}
+		return $iMaxRetries;
 	}
 
 	/**

From 32f1e97bcd8f1fc5de1c3cf2988c20a6d83c5541 Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen@apinc.org>
Date: Mon, 11 Feb 2019 13:32:32 +0100
Subject: [PATCH 02/17] =?UTF-8?q?(retrofit=20from=20master)=20N=C2=B01148:?=
 =?UTF-8?q?=20Fix=20regression=20on=20export?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 90e128f95141f0b68bd323fe89dd0dcc59b5e31c)
---
 webservices/export.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webservices/export.php b/webservices/export.php
index c2863ad40..0b0855cf0 100644
--- a/webservices/export.php
+++ b/webservices/export.php
@@ -164,6 +164,7 @@ if (!empty($sExpression))
 			}
 			else if($oAttDef instanceof AttributeExternalField && $oAttDef->IsFriendlyName())
 			{
+				$sKeyAttCode = $oAttDef->GetKeyAttCode();
 				$aAliasToFields[$sClassAlias][] = $sKeyAttCode;
 			}
 		}

From 545504c0deff522ce61f7a5a7b3fa8e78c5e6e1c Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen@apinc.org>
Date: Wed, 13 Feb 2019 14:42:39 +0100
Subject: [PATCH 03/17] =?UTF-8?q?(retrofit=20from=20master)=20N=C2=B01443?=
 =?UTF-8?q?=20:=20Add=20table=5Fid=20used=20by=20tables=20paging?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 43b0747b83632da01e29f87fd4e771e35fbb00d0)
---
 application/datatable.class.inc.php | 4 ++--
 js/jquery.tablesorter.pager.js      | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/application/datatable.class.inc.php b/application/datatable.class.inc.php
index 185ccef42..f8f1f0134 100644
--- a/application/datatable.class.inc.php
+++ b/application/datatable.class.inc.php
@@ -431,7 +431,7 @@ EOF;
 						}
 						else
 						{
-							$aRow['form::select'] = "<input type=\"checkBox\" $sDisabled class=\"selectList{$this->iListId}\" name=\"selectObject[]\" value=\"".$aObjects[$sAlias]->GetKey()."\"></input>";
+							$aRow['form::select'] = "<input type=\"checkbox\" $sDisabled class=\"selectList{$this->iListId}\" name=\"selectObject[]\" value=\"".$aObjects[$sAlias]->GetKey()."\"></input>";
 						}
 					}
 					foreach($aColumns[$sAlias] as $sAttCode => $aData)
@@ -565,7 +565,7 @@ EOF;
 <<<EOF
 var oTable = $('#{$this->iListId} table.listResults');
 oTable.tableHover();
-oTable.tablesorter( { $sHeaders widgets: ['myZebra', 'truncatedList']} ).tablesorterPager({container: $('#pager{$this->iListId}'), totalRows:$iCount, size: $iPageSize, filter: '$sOQL', extra_params: '$sExtraParams', select_mode: '$sSelectModeJS', displayKey: $sDisplayKey, columns: $sJSColumns, class_aliases: $sJSClassAliases $sCssCount});
+oTable.tablesorter( { $sHeaders widgets: ['myZebra', 'truncatedList']} ).tablesorterPager({container: $('#pager{$this->iListId}'), totalRows:$iCount, size: $iPageSize, filter: '$sOQL', extra_params: '$sExtraParams', select_mode: '$sSelectModeJS', displayKey: $sDisplayKey, table_id: '{$this->iListId}', columns: $sJSColumns, class_aliases: $sJSClassAliases $sCssCount});
 EOF
 		);
 		if ($sFakeSortList != '')
diff --git a/js/jquery.tablesorter.pager.js b/js/jquery.tablesorter.pager.js
index ebe30949d..458594e1b 100644
--- a/js/jquery.tablesorter.pager.js
+++ b/js/jquery.tablesorter.pager.js
@@ -197,7 +197,8 @@ function sprintf(format, etc) {
 						  end: end,
 						  sort_col: s_col,
 						  sort_order: s_order,
-						  select_mode: c.select_mode,
+						  select_mode: c.select_mode, 
+						  list_id: c.table_id,
 						  display_key: c.displayKey,
 						  columns: c.columns,
 						  class_aliases: c.class_aliases
@@ -443,6 +444,7 @@ function sprintf(format, etc) {
 				filter: '',
 				extra_params: '',
 				select_mode: '',
+				table_id: 0,
 				totalSelected: 0,
 				selectionMode: 'positive',
 				displayKey: true,

From b8fb1fa78a2790ba13e3c2954f6808fa228a0eca Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Fri, 15 Feb 2019 17:28:55 +0100
Subject: [PATCH 04/17] =?UTF-8?q?N=C2=B01884=20-=20Admin=20Tools=20Manager?=
 =?UTF-8?q?=20no=20longer=20has=20access=20to=20'Schedule=20Backup'=20and?=
 =?UTF-8?q?=20'Configuration'=20menus?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 818b4d08dabae9cd5958ed76da0b8a9b13f07e0d)
---
 datamodels/2.x/itop-backup/datamodel.itop-backup.xml | 2 +-
 datamodels/2.x/itop-config/datamodel.itop-config.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/datamodels/2.x/itop-backup/datamodel.itop-backup.xml b/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
index 2a89ca50a..426c21e50 100644
--- a/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
+++ b/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
@@ -5,7 +5,7 @@
       <rank>15</rank>
       <parent>AdminTools</parent>
       <url>status.php</url>
-      <enable_class>ResourceAdminMenu</enable_class>
+      <enable_admin_only>1</enable_admin_only>
       <enable_action>UR_ACTION_MODIFY</enable_action>
     </menu>
   </menus>
diff --git a/datamodels/2.x/itop-config/datamodel.itop-config.xml b/datamodels/2.x/itop-config/datamodel.itop-config.xml
index 3b3224180..9a3fff682 100644
--- a/datamodels/2.x/itop-config/datamodel.itop-config.xml
+++ b/datamodels/2.x/itop-config/datamodel.itop-config.xml
@@ -5,7 +5,7 @@
       <rank>50</rank>
       <parent>AdminTools</parent>
       <url>config.php</url>
-      <enable_class>ResourceAdminMenu</enable_class>
+      <enable_admin_only>1</enable_admin_only>
       <enable_action>UR_ACTION_MODIFY</enable_action>
     </menu>
   </menus>

From bf62b63173da67f10c72b3664493a2a941e5a972 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Fri, 15 Feb 2019 17:28:55 +0100
Subject: [PATCH 05/17] =?UTF-8?q?N=C2=B01884=20-=20Admin=20Tools=20Manager?=
 =?UTF-8?q?=20no=20longer=20has=20access=20to=20'Schedule=20Backup'=20and?=
 =?UTF-8?q?=20'Configuration'=20menus?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 datamodels/2.x/itop-backup/datamodel.itop-backup.xml | 1 -
 datamodels/2.x/itop-config/datamodel.itop-config.xml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/datamodels/2.x/itop-backup/datamodel.itop-backup.xml b/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
index 426c21e50..f9d22d798 100644
--- a/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
+++ b/datamodels/2.x/itop-backup/datamodel.itop-backup.xml
@@ -6,7 +6,6 @@
       <parent>AdminTools</parent>
       <url>status.php</url>
       <enable_admin_only>1</enable_admin_only>
-      <enable_action>UR_ACTION_MODIFY</enable_action>
     </menu>
   </menus>
 </itop_design>
diff --git a/datamodels/2.x/itop-config/datamodel.itop-config.xml b/datamodels/2.x/itop-config/datamodel.itop-config.xml
index 9a3fff682..009b1ee19 100644
--- a/datamodels/2.x/itop-config/datamodel.itop-config.xml
+++ b/datamodels/2.x/itop-config/datamodel.itop-config.xml
@@ -6,7 +6,6 @@
       <parent>AdminTools</parent>
       <url>config.php</url>
       <enable_admin_only>1</enable_admin_only>
-      <enable_action>UR_ACTION_MODIFY</enable_action>
     </menu>
   </menus>
 </itop_design>

From 6b5cc7ca4b8999324fbb1ed37570accaad0ea65a Mon Sep 17 00:00:00 2001
From: Stephen Abello <stephen@apinc.org>
Date: Mon, 18 Feb 2019 10:39:57 +0100
Subject: [PATCH 06/17] =?UTF-8?q?N=C2=B01877=20&=20N=C2=B02012:=20Fix=20re?=
 =?UTF-8?q?gression=20backup=20link=20on=20setup,=20security=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup/ajax.dataloader.php       |  6 ++++--
 setup/setup.js                  | 11 ++++++-----
 setup/wizardsteps.class.inc.php | 29 +++++++++++++++++++++++------
 3 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/setup/ajax.dataloader.php b/setup/ajax.dataloader.php
index 381a3dcc6..0d03fc365 100644
--- a/setup/ajax.dataloader.php
+++ b/setup/ajax.dataloader.php
@@ -121,9 +121,11 @@ header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
 $sOperation = Utils::ReadParam('operation', '');
 try
 {
-	if (is_file(utils::GetConfigFilePath()) && !is_writable(utils::GetConfigFilePath()))
+	$sAuthent = utils::ReadParam('authent', '', false, 'raw_data');
+	if (!file_exists(APPROOT.'data/setup/authent') || $sAuthent !== file_get_contents(APPROOT.'data/setup/authent'))
 	{
-		throw new Exception('Setup operations are not allowed outside of the setup');
+		throw new SecurityException('Setup operations are not allowed outside of the setup');
+		SetupPage::log_error("Setup operations are not allowed outside of the setup");
 	}
 
 	switch($sOperation)
diff --git a/setup/setup.js b/setup/setup.js
index d81e013fe..1144936e9 100644
--- a/setup/setup.js
+++ b/setup/setup.js
@@ -2,8 +2,9 @@ function WizardAsyncAction(sActionCode, oParams, OnErrorFunction)
 {
 	var sStepClass = $('#_class').val();
 	var sStepState = $('#_state').val();
+	var sAuthent = $('#authent_token').val();
 	
-	var oMap = { operation: 'async_action', step_class: sStepClass, step_state: sStepState, code: sActionCode, params: oParams };
+	var oMap = { operation: 'async_action', step_class: sStepClass, step_state: sStepState, code: sActionCode, authent : sAuthent, params: oParams };
 	
 	var ErrorFn = OnErrorFunction;
 	$(document).ajaxError(function(event, request, settings) {
@@ -23,20 +24,20 @@ function WizardUpdateButtons()
 {
 	if (CanMoveForward())
 	{
-		$("#btn_next").removeAttr("disabled");
+		$("#btn_next").prop("disabled", false);
 	}
 	else
 	{
-		$("#btn_next").attr("disabled", "disabled");		
+		$("#btn_next").prop("disabled", true);		
 	}
 
 	if (CanMoveBackward())
 	{
-		$("#btn_back").removeAttr("disabled");
+		$("#btn_back").prop("disabled", false);
 	}
 	else
 	{
-		$("#btn_back").attr("disabled", "disabled");		
+		$("#btn_back").prop("disabled", true);		
 	}
 }
 
diff --git a/setup/wizardsteps.class.inc.php b/setup/wizardsteps.class.inc.php
index e2fb58cd6..cd75dfd6b 100644
--- a/setup/wizardsteps.class.inc.php
+++ b/setup/wizardsteps.class.inc.php
@@ -57,6 +57,13 @@ class WizStepWelcome extends WizardStep
 	
 	public function ProcessParams($bMoveForward = true)
 	{
+		if (!file_exists(APPROOT.'data/setup'))
+		{
+			mkdir(APPROOT.'data/setup');
+		}
+		$sUID = hash('sha256', rand());
+		file_put_contents(APPROOT.'data/setup/authent', $sUID);
+		$this->oWizard->SetParameter('authent', $sUID);
 		return array('class' => 'WizStepInstallOrUpgrade', 'state' => '');
 	}
 	
@@ -284,6 +291,8 @@ class WizStepInstallOrUpgrade extends WizardStep
 		$oPage->add('<tr><td colspan="2">');
 		$oPage->add($sMySQLDumpMessage.'<br/><span id="backup_info" style="font-size:small;color:#696969;">'.$sMessage.'</span></td></tr>');
 		$oPage->add('</table>');
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		//$oPage->add('</fieldset>');
 		$oPage->add_ready_script(
 <<<EOF
@@ -790,15 +799,17 @@ class WizStepDBParams extends WizardStep
 		$oPage->add('<table>');
 		SetupUtils::DisplayDBParameters($oPage, true, $sDBServer, $sDBUser, $sDBPwd, $sDBName, $sDBPrefix, $sTlsEnabled,
 			$sTlsCA, $sNewDBName);
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add('</table>');
 		$sCreateDB = $this->oWizard->GetParameter('create_db', 'yes');
 		if ($sCreateDB == 'no')
 		{
-			$oPage->add_ready_script('$("#existing_db").attr("checked", "checked");');
+			$oPage->add_ready_script('$("#existing_db").prop("checked", true);');
 		}
 		else
 		{
-			$oPage->add_ready_script('$("#create_db").attr("checked", "checked");');
+			$oPage->add_ready_script('$("#create_db").prop("checked", true);');
 		}		
 	}
 	
@@ -984,6 +995,8 @@ class WizStepMiscParams extends WizardStep
         $sChecked = ($sSampleData == 'no') ? 'checked ' : '';
         $oPage->p('<input id="sample_data_no" name="sample_data" type="radio" value="no" '.$sChecked.'><label for="sample_data_no">&nbsp;I am installing a <b>production</b> instance, create an empty database to start from.');
 		$oPage->add('</fieldset>');
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
 		$oPage->add_ready_script(
 <<<EOF
 		$('#application_url').bind('change keyup', function() { WizardUpdateButtons(); } );
@@ -2227,7 +2240,10 @@ EOF
 		
 		$sJSONData = json_encode($aInstallParams);
 		$oPage->add('<input type="hidden" id="installer_parameters" value="'.htmlentities($sJSONData, ENT_QUOTES, 'UTF-8').'"/>');
-
+		
+		$sAuthentToken = $this->oWizard->GetParameter('authent', '');
+		$oPage->add('<input type="hidden" id="authent_token" value="'.$sAuthentToken.'"/>');
+		
 		if (!$this->CheckDependencies())
 		{
 			$oPage->error($this->sDependencyIssue);
@@ -2240,7 +2256,8 @@ EOF
 	$("#btn_next").bind("click.install", function(event) {
 			$('#summary').hide();
 			$('#installation_progress').show();
-			$(this).attr("disabled", "disabled"); event.preventDefault(); ExecuteStep("");
+			$(this).prop("disabled", true);
+			 event.preventDefault(); ExecuteStep("");
 	});
 	$("#wiz_form").data("installation_status", "not started")
 EOF
@@ -2482,14 +2499,14 @@ class WizStepDone extends WizardStep
 			$oPage->ok("The installation completed successfully.");
 		}
 
-		if (($this->oWizard->GetParameter('mode', '') == 'upgrade') && $this->oWizard->GetParameter('db_backup', false))
+		if (($this->oWizard->GetParameter('mode', '') == 'upgrade') && $this->oWizard->GetParameter('db_backup', false) && $this->oWizard->GetParameter('authent', false))
 		{
 			$sBackupDestination = $this->oWizard->GetParameter('db_backup_path', '');
 			if (file_exists($sBackupDestination.'.tar.gz'))
 			{
 				// To mitigate security risks: pass only the filename without the extension, the download will add the extension itself
 				$oPage->p('Your backup is ready');
-				$oPage->p('<a style="background:transparent;" href="'.utils::GetAbsoluteUrlAppRoot().'setup/ajax.dataloader.php?operation=async_action&step_class=WizStepDone&params[backup]='.urlencode($sBackupDestination).'" target="_blank"><img src="../images/tar.png" style="border:0;vertical-align:middle;">&nbsp;Download '.basename($sBackupDestination).'</a>');
+				$oPage->p('<a style="background:transparent;" href="'.utils::GetAbsoluteUrlAppRoot().'setup/ajax.dataloader.php?operation=async_action&step_class=WizStepDone&params[backup]='.urlencode($sBackupDestination).'&authent='.$this->oWizard->GetParameter('authent','').'" target="_blank"><img src="../images/tar.png" style="border:0;vertical-align:middle;">&nbsp;Download '.basename($sBackupDestination).'</a>');
 			}
 			else
 			{

From 5067c867b855d7c4744d966f5c11be1f8530bac2 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Mon, 18 Feb 2019 15:41:06 +0100
Subject: [PATCH 07/17] =?UTF-8?q?N=C2=B02014=20-=20Fix=20Object=20modifica?=
 =?UTF-8?q?tion=20refused=20when=20a=20n-n=20relation=20is=20locked=20by?=
 =?UTF-8?q?=20datasynchro?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/dbobject.class.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/dbobject.class.php b/core/dbobject.class.php
index c42eb89a0..1adadf279 100644
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -1224,6 +1224,10 @@ abstract class DBObject implements iDisplay
 		if ($this->InSyncScope())
 		{
 			$iSynchroFlags = $this->GetSynchroReplicaFlags($sAttCode, $aReasons);
+			if ($iSynchroFlags & OPT_ATT_SLAVE)
+			{
+				$iSynchroFlags |= OPT_ATT_READONLY;
+			}
 		}
 		return $iFlags | $iSynchroFlags; // Combine both sets of flags
 	}

From 7cf7e55454be42d4ad2e8342d57c9efcb54c723d Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Tue, 19 Feb 2019 10:16:45 +0100
Subject: [PATCH 08/17] =?UTF-8?q?N=C2=B01823=20-=20Fix=20tags=20not=20save?=
 =?UTF-8?q?d=20in=20case=20of=20error?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/cmdbabstract.class.inc.php |  1 +
 core/attributedef.class.inc.php        | 19 ++++-
 core/ormtagset.class.inc.php           | 96 ++++++++++++++++++++++++++
 3 files changed, 113 insertions(+), 3 deletions(-)

diff --git a/application/cmdbabstract.class.inc.php b/application/cmdbabstract.class.inc.php
index d09cae003..9955bc4c3 100644
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -4221,6 +4221,7 @@ EOF
 								$oDummyObj->Set($sAttCode, $currValue);
 								/** @var ormTagSet $oTagSet */
 								$oTagSet = $oDummyObj->Get($sAttCode);
+								$oTagSet->SetDisplayPartial(true);
 								foreach($aKeys as $iIndex => $sValues)
 								{
 									if ($iIndex == 0)
diff --git a/core/attributedef.class.inc.php b/core/attributedef.class.inc.php
index 93ffacaaa..287215967 100644
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -9655,14 +9655,27 @@ class AttributeTagSet extends AttributeSet
 		{
 			$aJson['partial_values'] = array();
 			$aJson['orig_value'] = array();
+			$aJson['added'] = array();
+			$aJson['removed'] = array();
 		}
 		else
 		{
-			$aJson['partial_values'] = $oValue->GetModified();
 			$aJson['orig_value'] = array_merge($oValue->GetValues(), $oValue->GetModified());
+			$aJson['added'] = $oValue->GetAdded();
+			$aJson['removed'] = $oValue->GetRemoved();
+
+			if ($oValue->DisplayPartial())
+			{
+				// For bulk updates
+				$aJson['partial_values'] = $oValue->GetModified();
+			}
+			else
+			{
+				// For simple updates
+				$aJson['partial_values'] = array();
+			}
 		}
-		$aJson['added'] = array();
-		$aJson['removed'] = array();
+
 
 		$iMaxTags = $this->GetMaxItems();
 		$aJson['max_items_allowed'] = $iMaxTags;
diff --git a/core/ormtagset.class.inc.php b/core/ormtagset.class.inc.php
index 46dc7e04f..b8f9a1481 100644
--- a/core/ormtagset.class.inc.php
+++ b/core/ormtagset.class.inc.php
@@ -26,6 +26,9 @@
  */
 final class ormTagSet extends ormSet
 {
+	private $m_bDisplayPartial = false;
+
+
 	/**
 	 * ormTagSet constructor.
 	 *
@@ -299,6 +302,82 @@ final class ormTagSet extends ormSet
 		return $aModifiedTagCodes;
 	}
 
+	/**
+	 * @return string[] list of codes for added entries
+	 */
+	public function GetAdded()
+	{
+		$aAddedTagCodes = array_keys($this->aAdded);
+		sort($aAddedTagCodes);
+
+		return $aAddedTagCodes;
+	}
+
+	/**
+	 * @return string[] list of codes for removed entries
+	 */
+	public function GetRemoved()
+	{
+		$aRemovedTagCodes = array_keys($this->aRemoved);
+		sort($aRemovedTagCodes);
+
+		return $aRemovedTagCodes;
+	}
+
+	/**
+	 * Apply a delta to the current ItemSet
+	 *  $aDelta['added] = array of added items
+	 *  $aDelta['removed'] = array of removed items
+	 *
+	 * @param $aDelta
+	 *
+	 * @throws \CoreException
+	 */
+	public function ApplyDelta($aDelta)
+	{
+		if (isset($aDelta['removed']))
+		{
+			foreach($aDelta['removed'] as $oItem)
+			{
+				$this->Remove($oItem);
+			}
+		}
+		if (isset($aDelta['added']))
+		{
+			foreach($aDelta['added'] as $oItem)
+			{
+				$this->Add($oItem);
+			}
+		}
+	}
+
+	/**
+	 * Populates the added and removed arrays for bulk edit
+	 *
+	 * @param string[] $aItems
+	 *
+	 * @throws \CoreException
+	 */
+	public function GenerateDiffFromArray($aItems)
+	{
+		foreach($this->GetValues() as $oCurrentItem)
+		{
+			if (!in_array($oCurrentItem, $aItems))
+			{
+				$this->Remove($oCurrentItem);
+			}
+		}
+
+		foreach($aItems as $oNewItem)
+		{
+			$this->Add($oNewItem);
+		}
+
+		// Keep only the aModified list
+		$this->aRemoved = array();
+		$this->aAdded = array();
+	}
+
 	/**
 	 * Check whether a tag code is valid or not for this TagSet
 	 *
@@ -479,4 +558,21 @@ final class ormTagSet extends ormSet
 		return TagSetFieldData::GetTagDataClassName($this->sClass, $this->sAttCode);
 	}
 
+
+	/**
+	 * @return bool
+	 */
+	public function DisplayPartial()
+	{
+		return $this->m_bDisplayPartial;
+	}
+
+	/**
+	 * @param bool $m_bDisplayPartial
+	 */
+	public function SetDisplayPartial($m_bDisplayPartial)
+	{
+		$this->m_bDisplayPartial = $m_bDisplayPartial;
+	}
+
 }
\ No newline at end of file

From 02617e8976b567f55fdab89d0db81d19c25d099d Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Tue, 19 Feb 2019 12:21:53 +0100
Subject: [PATCH 09/17] :loud_sound: itop-backup : add some more logs

---
 setup/backup.class.inc.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/setup/backup.class.inc.php b/setup/backup.class.inc.php
index 75d2ef439..63861f380 100644
--- a/setup/backup.class.inc.php
+++ b/setup/backup.class.inc.php
@@ -313,8 +313,11 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			$sTmpFolder = APPROOT.'data/tmp-backup-'.rand(10000, getrandmax());
 			$aFiles = $this->PrepareFilesToBackup($sSourceConfigFile, $sTmpFolder);
 
+			$sFilesList = var_export($aFiles, true);
+			$this->LogInfo("backup: adding to archive files '$sFilesList'");
 			$oArchive->createModify($aFiles, '', $sTmpFolder);
 
+			$this->LogInfo("backup: removing tmp folder '$sTmpFolder'");
 			SetupUtils::rrmdir($sTmpFolder);
 		}
 
@@ -334,6 +337,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			{
 				SetupUtils::rrmdir($sTmpFolder);
 			}
+			$this->LogInfo("backup: creating tmp dir '$sTmpFolder'");
 			@mkdir($sTmpFolder, 0777, true);
 			if (is_null($sSourceConfigFile))
 			{
@@ -342,6 +346,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			if (!empty($sSourceConfigFile))
 			{
 				$sFile = $sTmpFolder.'/config-itop.php';
+				$this->LogInfo("backup: adding resource '$sSourceConfigFile'");
 				copy($sSourceConfigFile, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -350,6 +355,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			if (file_exists($sDeltaFile))
 			{
 				$sFile = $sTmpFolder.'/delta.xml';
+				$this->LogInfo("backup: adding resource '$sDeltaFile'");
 				copy($sDeltaFile, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -358,6 +364,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			{
 				$sModules = utils::GetCurrentEnvironment().'-modules';
 				$sFile = $sTmpFolder.'/'.$sModules;
+				$this->LogInfo("backup: adding resource '$sExtraDir'");
 				SetupUtils::copydir($sExtraDir, $sFile);
 				$aRet[] = $sFile;
 			}
@@ -434,7 +441,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the "
 			$sCommandDisplay = "$sMySQLDump --opt --skip-lock-tables --default-character-set=".$sMysqldumpCharset." --add-drop-database --single-transaction --host=$sHost $sPortOption --user=xxxxx --password=xxxxx $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables";
 
 			// Now run the command for real
-			$this->LogInfo("Executing command: $sCommandDisplay");
+			$this->LogInfo("backup: generate data file with command: $sCommandDisplay");
 			$aOutput = array();
 			$iRetCode = 0;
 			exec($sCommand, $aOutput, $iRetCode);

From 63a36fd0f610e2c2e067139f910d158ffbdd8628 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Tue, 19 Feb 2019 14:09:14 +0100
Subject: [PATCH 10/17] =?UTF-8?q?N=C2=B02030=20-=20Fix=20function=20CopyAt?=
 =?UTF-8?q?tribute=20for=20external=20fields?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/dbobject.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/dbobject.class.php b/core/dbobject.class.php
index 1adadf279..656cc5dee 100644
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -3868,7 +3868,7 @@ abstract class DBObject implements iDisplay
 				foreach(MetaModel::ListAttributeDefs($sLinkClass) as $sAttCode => $oAttDef)
 				{
 					// As of now, ignore other attribute (do not attempt to recurse!)
-					if ($oAttDef->IsScalar())
+					if ($oAttDef->IsScalar() && $oAttDef->IsWritable())
 					{
 						$oLinkClone->Set($sAttCode, $oSourceLink->Get($sAttCode));
 					}
@@ -3931,7 +3931,7 @@ abstract class DBObject implements iDisplay
 				$oObjectToRead = $aSourceObjects['source'];
 				foreach(MetaModel::ListAttributeDefs(get_class($this)) as $sAttCode => $oAttDef)
 				{
-					if ($oAttDef->IsScalar())
+					if ($oAttDef->IsScalar() && $oAttDef->IsWritable())
 					{
 						$this->CopyAttribute($oObjectToRead, $sAttCode, $sAttCode);
 					}

From 23ec21e4943e338dff193679ded2d9b3643bd4db Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Tue, 19 Feb 2019 14:46:44 +0100
Subject: [PATCH 11/17] =?UTF-8?q?N=C2=B02031=20backup=20:=20now=20logs=20u?=
 =?UTF-8?q?sing=20IssueLog,=20and=20remove=20debug=20config=20property?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../2.x/itop-backup/main.itop-backup.php      | 23 +++----------------
 .../2.x/itop-backup/module.itop-backup.php    |  1 -
 2 files changed, 3 insertions(+), 21 deletions(-)

diff --git a/datamodels/2.x/itop-backup/main.itop-backup.php b/datamodels/2.x/itop-backup/main.itop-backup.php
index 44029672c..ed0a93b83 100644
--- a/datamodels/2.x/itop-backup/main.itop-backup.php
+++ b/datamodels/2.x/itop-backup/main.itop-backup.php
@@ -47,31 +47,14 @@ class DBBackupScheduled extends DBBackup
 {
 	protected function LogInfo($sMsg)
 	{
-		static $bDebug = null;
-		if ($bDebug == null)
-		{
-			$bDebug = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'debug', false);
-		}
-
-		if ($bDebug)
-		{
-			echo $sMsg."\n";
-		}
+		echo $sMsg."\n";
+		IssueLog::Info($sMsg);
 	}
 
 	protected function LogError($sMsg)
 	{
-		static $bDebug = null;
-		if ($bDebug == null)
-		{
-			$bDebug = MetaModel::GetConfig()->GetModuleSetting('itop-backup', 'debug', false);
-		}
-
 		IssueLog::Error($sMsg);
-		if ($bDebug)
-		{
-			echo 'Error: '.$sMsg."\n";
-		}
+		echo 'Error: '.$sMsg."\n";
 	}
 
 	/**
diff --git a/datamodels/2.x/itop-backup/module.itop-backup.php b/datamodels/2.x/itop-backup/module.itop-backup.php
index 789ef7b5b..32f1fd22f 100644
--- a/datamodels/2.x/itop-backup/module.itop-backup.php
+++ b/datamodels/2.x/itop-backup/module.itop-backup.php
@@ -52,7 +52,6 @@ SetupWebPage::AddModule(
 			//'file_name_format' => '__DB__-%Y-%m-%d_%H_%M',
 			'retention_count' => 5, 
 			'enabled' => true,
-			'debug' => false,
 			'itop_root' => '',
 		),
 	)

From a89bca4626b350951e01efffa8c491eb3bbeda65 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Wed, 20 Feb 2019 14:57:39 +0100
Subject: [PATCH 12/17] =?UTF-8?q?N=C2=B01975=20-=20Fix:=20Change=20Menu=20?=
 =?UTF-8?q?rights=20to=20"Admin=20only"=20leads=20in=20crash=20test?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/expressioncache.class.inc.php |  1 +
 setup/compiler.class.inc.php       | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/core/expressioncache.class.inc.php b/core/expressioncache.class.inc.php
index d15d477c1..37814442f 100644
--- a/core/expressioncache.class.inc.php
+++ b/core/expressioncache.class.inc.php
@@ -78,6 +78,7 @@ EOF;
 }
 EOF;
 
+			SetupUtils::builddir(dirname($sFilePath));
 			file_put_contents($sFilePath, $content);
 		}
 	}
diff --git a/setup/compiler.class.inc.php b/setup/compiler.class.inc.php
index c7f1477c2..13d75c8cb 100644
--- a/setup/compiler.class.inc.php
+++ b/setup/compiler.class.inc.php
@@ -333,8 +333,9 @@ EOF;
 					$aMenusToLoad[] = $sMenuId;
 				}
 				$aMenusToLoad = array_unique($aMenusToLoad);
-				$aMenusForAll = array();
-				$aMenusForAdmins = array();
+				$aMenuLinesForAll = array();
+				$aMenuLinesForAdmins = array();
+				$aAdminMenus = array();
 				foreach($aMenusToLoad as $sMenuId)
 				{
 					$oMenuNode = $aMenuNodes[$sMenuId];
@@ -365,25 +366,27 @@ EOF;
 					{
 						throw new Exception("Failed to process menu '$sMenuId', from '$sModuleRootDir': ".$e->getMessage());
 					}
-					if ($oMenuNode->GetChildText('enable_admin_only') == '1')
+					$sParent = $oMenuNode->GetChildText('parent', null);
+					if (($oMenuNode->GetChildText('enable_admin_only') == '1') || isset($aAdminMenus[$sParent]))
 					{
-						$aMenusForAdmins = array_merge($aMenusForAdmins, $aMenuLines);
+						$aMenuLinesForAdmins = array_merge($aMenuLinesForAdmins, $aMenuLines);
+						$aAdminMenus[$oMenuNode->getAttribute("id")] = true;
 					}
 					else
 					{
-						$aMenusForAll = array_merge($aMenusForAll, $aMenuLines);
+						$aMenuLinesForAll = array_merge($aMenuLinesForAll, $aMenuLines);
 					}
 				}
 				$sIndent = "\t\t";
-				foreach ($aMenusForAll as $sPHPLine)
+				foreach ($aMenuLinesForAll as $sPHPLine)
 				{
 					$sCompiledCode .= $sIndent.$sPHPLine."\n";
 				}
-				if (count($aMenusForAdmins) > 0)
+				if (count($aMenuLinesForAdmins) > 0)
 				{
 					$sCompiledCode .= $sIndent."if (UserRights::IsAdministrator())\n";
 					$sCompiledCode .= $sIndent."{\n";
-					foreach ($aMenusForAdmins as $sPHPLine)
+					foreach ($aMenuLinesForAdmins as $sPHPLine)
 					{
 						$sCompiledCode .= $sIndent."\t".$sPHPLine."\n";
 					}

From d0a766d424d6bbb6f2b717b257e97429956e909d Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Wed, 20 Feb 2019 14:57:39 +0100
Subject: [PATCH 13/17] =?UTF-8?q?N=C2=B01975=20-=20Fix:=20Change=20Menu=20?=
 =?UTF-8?q?rights=20to=20"Admin=20only"=20leads=20in=20crash=20test?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit a89bca4626b350951e01efffa8c491eb3bbeda65)
---
 core/expressioncache.class.inc.php |  1 +
 setup/compiler.class.inc.php       | 19 +++++++++++--------
 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/core/expressioncache.class.inc.php b/core/expressioncache.class.inc.php
index d15d477c1..37814442f 100644
--- a/core/expressioncache.class.inc.php
+++ b/core/expressioncache.class.inc.php
@@ -78,6 +78,7 @@ EOF;
 }
 EOF;
 
+			SetupUtils::builddir(dirname($sFilePath));
 			file_put_contents($sFilePath, $content);
 		}
 	}
diff --git a/setup/compiler.class.inc.php b/setup/compiler.class.inc.php
index 7d6c36a85..d4bd7e317 100644
--- a/setup/compiler.class.inc.php
+++ b/setup/compiler.class.inc.php
@@ -330,8 +330,9 @@ EOF;
 					$aMenusToLoad[] = $sMenuId;
 				}
 				$aMenusToLoad = array_unique($aMenusToLoad);
-				$aMenusForAll = array();
-				$aMenusForAdmins = array();
+				$aMenuLinesForAll = array();
+				$aMenuLinesForAdmins = array();
+				$aAdminMenus = array();
 				foreach($aMenusToLoad as $sMenuId)
 				{
 					$oMenuNode = $aMenuNodes[$sMenuId];
@@ -362,25 +363,27 @@ EOF;
 					{
 						throw new Exception("Failed to process menu '$sMenuId', from '$sModuleRootDir': ".$e->getMessage());
 					}
-					if ($oMenuNode->GetChildText('enable_admin_only') == '1')
+					$sParent = $oMenuNode->GetChildText('parent', null);
+					if (($oMenuNode->GetChildText('enable_admin_only') == '1') || isset($aAdminMenus[$sParent]))
 					{
-						$aMenusForAdmins = array_merge($aMenusForAdmins, $aMenuLines);
+						$aMenuLinesForAdmins = array_merge($aMenuLinesForAdmins, $aMenuLines);
+						$aAdminMenus[$oMenuNode->getAttribute("id")] = true;
 					}
 					else
 					{
-						$aMenusForAll = array_merge($aMenusForAll, $aMenuLines);
+						$aMenuLinesForAll = array_merge($aMenuLinesForAll, $aMenuLines);
 					}
 				}
 				$sIndent = "\t\t";
-				foreach ($aMenusForAll as $sPHPLine)
+				foreach ($aMenuLinesForAll as $sPHPLine)
 				{
 					$sCompiledCode .= $sIndent.$sPHPLine."\n";
 				}
-				if (count($aMenusForAdmins) > 0)
+				if (count($aMenuLinesForAdmins) > 0)
 				{
 					$sCompiledCode .= $sIndent."if (UserRights::IsAdministrator())\n";
 					$sCompiledCode .= $sIndent."{\n";
-					foreach ($aMenusForAdmins as $sPHPLine)
+					foreach ($aMenuLinesForAdmins as $sPHPLine)
 					{
 						$sCompiledCode .= $sIndent."\t".$sPHPLine."\n";
 					}

From 48f15d7781edde7bf88c412c6790fa0dadda5aa8 Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Wed, 20 Feb 2019 16:11:49 +0100
Subject: [PATCH 14/17] =?UTF-8?q?N=C2=B01974=20-=20Fix:=20Stimuli=20can=20?=
 =?UTF-8?q?be=20applied=20through=20URL=20even=20if=20the=20access=20right?=
 =?UTF-8?q?s=20are=20set=20to=20deny?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dictionaries/en.dictionary.itop.ui.php |  2 +-
 dictionaries/fr.dictionary.itop.ui.php |  1 +
 pages/UI.php                           | 17 ++++++++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/dictionaries/en.dictionary.itop.ui.php b/dictionaries/en.dictionary.itop.ui.php
index dd811c5d8..f28d0c3e0 100644
--- a/dictionaries/en.dictionary.itop.ui.php
+++ b/dictionaries/en.dictionary.itop.ui.php
@@ -775,7 +775,7 @@ Dict::Add('EN US', 'English', 'English', array(
 	'UI:Title:DeletionOf_Object' => 'Deletion of %1$s',
 	'UI:Title:BulkDeletionOf_Count_ObjectsOf_Class' => 'Bulk deletion of %1$d objects of class %2$s',
 	'UI:Delete:NotAllowedToDelete' => 'You are not allowed to delete this object',
-	'UI:Delete:NotAllowedToUpdate_Fields' => 'You are not allowed to update the following field(s): %1$s',
+	'UI:Error:ActionNotAllowed' => 'You are not allowed to do this action',
 	'UI:Error:NotEnoughRightsToDelete' => 'This object could not be deleted because the current user do not have sufficient rights',
 	'UI:Error:CannotDeleteBecause' => 'This object could not be deleted because: %1$s',
 	'UI:Error:CannotDeleteBecauseOfDepencies' => 'This object could not be deleted because some manual operations must be performed prior to that',
diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php
index 3d4c86cdc..49acc5b77 100644
--- a/dictionaries/fr.dictionary.itop.ui.php
+++ b/dictionaries/fr.dictionary.itop.ui.php
@@ -758,6 +758,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'UI:Title:BulkDeletionOf_Count_ObjectsOf_Class' => 'Suppression massive de %1$d objets de type %2$s',
 	'UI:Delete:NotAllowedToDelete' => 'Vous n\'êtes pas autorisé à supprimer cet objet',
 	'UI:Delete:NotAllowedToUpdate_Fields' => 'Vous n\'êtes pas autorisé à mettre à jour les champs suivants : %1$s',
+	'UI:Error:ActionNotAllowed' => 'Vous n\'êtes pas autorisé à effectuer cette action',
 	'UI:Error:NotEnoughRightsToDelete' => 'Cet objet ne peut pas être supprimé car l\'utilisateur courant n\'a pas les droits nécessaires.',
 	'UI:Error:CannotDeleteBecause' => 'Cet objet ne peut pas être effacé. Raison: %1$s',
 	'UI:Error:CannotDeleteBecauseOfDepencies' => 'Cet objet ne peut pas être supprimé, des opérations manuelles sont nécessaire avant sa suppression.',
diff --git a/pages/UI.php b/pages/UI.php
index 3fcc41c10..4568aee3b 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -1497,7 +1497,15 @@ EOF
 		{
 			throw new ApplicationException(Dict::Format('UI:Error:3ParametersMissing', 'class', 'id', 'stimulus'));
 		}
-		$oObj = MetaModel::GetObject($sClass, $id, false);
+		$aStimuli = MetaModel::EnumStimuli($sClass);
+		if ((get_class($aStimuli[$sStimulus]) !== 'StimulusUserAction') || (UserRights::IsStimulusAllowed($sClass, $sStimulus) === UR_ALLOWED_NO))
+		{
+			$sUser = UserRights::GetUser();
+			IssueLog::Error("UI.php '$operation' : Stimulus '$sStimulus' not allowed ! data: user='$sUser', class='$sClass'");
+			throw new ApplicationException(Dict::S('UI:Error:ActionNotAllowed'));
+		}
+
+			$oObj = MetaModel::GetObject($sClass, $id, false);
 		if ($oObj != null)
 		{
 			$aPrefillFormParam = array( 'user' => $_SESSION["auth_user"],
@@ -1545,6 +1553,13 @@ EOF
 				$sMessage = Dict::S('UI:Error:ObjectAlreadyUpdated');
 				$sSeverity = 'info';
 			}
+			elseif ((get_class($aStimuli[$sStimulus]) !== 'StimulusUserAction') || (UserRights::IsStimulusAllowed($sClass, $sStimulus) === UR_ALLOWED_NO))
+			{
+				$sUser = UserRights::GetUser();
+				IssueLog::Error("UI.php '$operation' : Stimulus '$sStimulus' not allowed ! data: user='$sUser', class='$sClass'");
+				$sMessage = Dict::S('UI:Error:ActionNotAllowed');
+				$sSeverity = 'error';
+			}
 			else
 			{
 				$sActionLabel = $aStimuli[$sStimulus]->GetLabel();

From cdba1e0d365418de796323e1f612ff6748e67176 Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Wed, 20 Feb 2019 17:25:34 +0100
Subject: [PATCH 15/17] =?UTF-8?q?N=C2=B02033=20backup=20:=20fix=20corrupte?=
 =?UTF-8?q?d=20archive=20for=20files=20which=20size=20is=20a=20multiple=20?=
 =?UTF-8?q?of=201024=20bytes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 3356856a5fad6f38086f77cdeee74d2c905029d9)
---
 setup/tar.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/tar.php b/setup/tar.php
index 7d39682a1..4178f2b01 100644
--- a/setup/tar.php
+++ b/setup/tar.php
@@ -1214,7 +1214,7 @@ class ArchiveTar
 				$iBufferLen = strlen("$v_buffer");
 				if ($iBufferLen != $iLen)
 				{
-					$iPack = ((int)($iBufferLen / 512) + 1) * 512;
+					$iPack = ((int)(($iBufferLen - 1) / 512) + 1) * 512;
 					$sPack = sprintf('a%d', $iPack);
 				}
 				else

From a2d34d1779b01dbe22494e558572f3ffa6014efe Mon Sep 17 00:00:00 2001
From: Eric <eric.espie@combodo.com>
Date: Thu, 21 Feb 2019 09:41:36 +0100
Subject: [PATCH 16/17] =?UTF-8?q?N=C2=B01954=20-=20Fix=20recent=20change?=
 =?UTF-8?q?=20on=20impact=20analysis?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../datamodel.itop-change-mgmt-itil.xml                | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/datamodels/2.x/itop-change-mgmt-itil/datamodel.itop-change-mgmt-itil.xml b/datamodels/2.x/itop-change-mgmt-itil/datamodel.itop-change-mgmt-itil.xml
index 622756a15..4b765f69c 100755
--- a/datamodels/2.x/itop-change-mgmt-itil/datamodel.itop-change-mgmt-itil.xml
+++ b/datamodels/2.x/itop-change-mgmt-itil/datamodel.itop-change-mgmt-itil.xml
@@ -4561,7 +4561,7 @@
                   <icon>itop-change-mgmt-itil/images/change-ongoing.png</icon>
                 </item>
                 <item id="recent_changes" _delta="define">
-                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (DATE_ADD(C.end_date, INTERVAL 3 DAY) < NOW())]]></oql>
+                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (C.end_date < NOW() AND C.end_date > DATE_SUB(NOW(), INTERVAL 3 DAY ))]]></oql>
                   <dict>Tickets:Related:RecentChanges</dict>
                   <icon>itop-change-mgmt-itil/images/change-done.png</icon>
                 </item>
@@ -4579,7 +4579,7 @@
                   <icon>itop-change-mgmt-itil/images/change-ongoing.png</icon>
                 </item>
                 <item id="recent_changes" _delta="define">
-                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (DATE_ADD(C.end_date, INTERVAL 3 DAY) < NOW())]]></oql>
+                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (C.end_date < NOW() AND C.end_date > DATE_SUB(NOW(), INTERVAL 3 DAY ))]]></oql>
                   <dict>Tickets:Related:RecentChanges</dict>
                   <icon>itop-change-mgmt-itil/images/change-done.png</icon>
                 </item>
@@ -4597,7 +4597,7 @@
                   <icon>itop-change-mgmt-itil/images/change-ongoing.png</icon>
                 </item>
                 <item id="recent_changes" _delta="define">
-                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (DATE_ADD(C.end_date, INTERVAL 3 DAY) < NOW())]]></oql>
+                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status NOT IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.id != :this->id) AND (C.end_date < NOW() AND C.end_date > DATE_SUB(NOW(), INTERVAL 3 DAY ))]]></oql>
                   <dict>Tickets:Related:RecentChanges</dict>
                   <icon>itop-change-mgmt-itil/images/change-done.png</icon>
                 </item>
@@ -4619,7 +4619,7 @@
                   <icon>itop-change-mgmt-itil/images/change-ongoing.png</icon>
                 </item>
                 <item id="recent_changes" _delta="define">
-                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status IN ('closed')) AND (L.impact_code != 'not_impacted') AND (DATE_ADD(C.end_date, INTERVAL 3 DAY) < NOW())]]></oql>
+                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.end_date < NOW() AND C.end_date > DATE_SUB(NOW(), INTERVAL 3 DAY ))]]></oql>
                   <dict>Tickets:Related:RecentChanges</dict>
                   <icon>itop-change-mgmt-itil/images/change-done.png</icon>
                 </item>
@@ -4633,7 +4633,7 @@
                   <icon>itop-change-mgmt-itil/images/change-ongoing.png</icon>
                 </item>
                 <item id="recent_changes" _delta="define">
-                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status IN ('closed')) AND (L.impact_code != 'not_impacted') AND (DATE_ADD(C.end_date, INTERVAL 3 DAY) < NOW())]]></oql>
+                  <oql><![CDATA[SELECT FCI, C FROM FunctionalCI AS FCI JOIN lnkFunctionalCIToTicket AS L ON L.functionalci_id = FCI.id JOIN Change AS C ON L.ticket_id = C.id WHERE (C.outage = 'yes') AND (C.status IN ('closed')) AND (L.impact_code != 'not_impacted') AND (C.end_date < NOW() AND C.end_date > DATE_SUB(NOW(), INTERVAL 3 DAY ))]]></oql>
                   <dict>Tickets:Related:RecentChanges</dict>
                   <icon>itop-change-mgmt-itil/images/change-done.png</icon>
                 </item>

From 2f15bbdaf3a783e9bebba3411d2420ad897be59b Mon Sep 17 00:00:00 2001
From: Pierre Goiffon <pierre.goiffon@combodo.com>
Date: Thu, 21 Feb 2019 17:10:16 +0100
Subject: [PATCH 17/17] =?UTF-8?q?N=C2=B02033=20backup=20:=20tar=20generati?=
 =?UTF-8?q?on=20simplify=20buffer=20size=20computation?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 5b4664478629ed4da16191a14b0b0d1fb28407e5)
---
 setup/tar.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/tar.php b/setup/tar.php
index 4178f2b01..dee7088a8 100644
--- a/setup/tar.php
+++ b/setup/tar.php
@@ -1214,7 +1214,7 @@ class ArchiveTar
 				$iBufferLen = strlen("$v_buffer");
 				if ($iBufferLen != $iLen)
 				{
-					$iPack = ((int)(($iBufferLen - 1) / 512) + 1) * 512;
+					$iPack = (ceil($iBufferLen / 512)) * 512;
 					$sPack = sprintf('a%d', $iPack);
 				}
 				else