Update readme.txt for iTop 2.4.3

SVN:2.4[5979]

.gitignore

@@ -0,0 +1,122 @@
+
+/toolkit/
+/conf/*
+/env-*/*
+
+# composer reserver directory, from sources, populate/update using "composer install"
+vendor/*
+test/vendor/*
+
+# all datas but listing prevention
+data/*
+!data/.htaccess
+!data/index.php
+!data/web.config
+
+# iTop extensions
+extensions/*
+!extensions/readme.txt
+
+# all logs but listing prevention
+log/*
+!log/.htaccess
+!log/index.php
+!log/web.config
+
+
+# Jetbrains
+.idea/**
+!.idea/encodings.xml
+!.idea/codeStyles
+!.idea/codeStyles/*
+!.idea/inspectionProfiles
+!.idea/inspectionProfiles/*
+
+
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+### Eclipse template
+
+.metadata
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+.project
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# CDT- autotools
+.autotools
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Annotation Processing
+.apt_generated/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet

application/startup.inc.php

@@ -1,49 +1,62 @@
-<?php
-// Copyright (C) 2010-2016 Combodo SARL
-//
-//   This file is part of iTop.
-//
-//   iTop is free software; you can redistribute it and/or modify	
-//   it under the terms of the GNU Affero General Public License as published by
-//   the Free Software Foundation, either version 3 of the License, or
-//   (at your option) any later version.
-//
-//   iTop is distributed in the hope that it will be useful,
-//   but WITHOUT ANY WARRANTY; without even the implied warranty of
-//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//   GNU Affero General Public License for more details.
-//
-//   You should have received a copy of the GNU Affero General Public License
-//   along with iTop. If not, see <http://www.gnu.org/licenses/>
-
-
-/**
- * File to include to initialize the datamodel in memory
- *
- * @copyright   Copyright (C) 2010-2016 Combodo SARL
- * @license     http://opensource.org/licenses/AGPL-3.0
- */
-
-require_once(APPROOT.'/core/cmdbobject.class.inc.php');
-require_once(APPROOT.'/application/utils.inc.php');
-require_once(APPROOT.'/core/contexttag.class.inc.php');
-session_name('itop-'.md5(APPROOT));
-session_start();
-$sSwitchEnv = utils::ReadParam('switch_env', null);
-if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE)))
-{
-	$_SESSION['itop_env'] = $sSwitchEnv;
-	$sEnv = $sSwitchEnv;
-	// TODO: reset the credentials as well ??
-}
-else if (isset($_SESSION['itop_env']))
-{
-	$sEnv = $_SESSION['itop_env'];
-}
-else
-{
-	$sEnv = ITOP_DEFAULT_ENV;
-	$_SESSION['itop_env'] = ITOP_DEFAULT_ENV;
-}
-$sConfigFile = APPCONF.$sEnv.'/'.ITOP_CONFIG_FILE;
-MetaModel::Startup($sConfigFile, false /* $bModelOnly */, true /* $bAllowCache */, false /* $bTraceSourceFiles */, $sEnv);
+<?php
+// Copyright (C) 2010-2016 Combodo SARL
+//
+//   This file is part of iTop.
+//
+//   iTop is free software; you can redistribute it and/or modify	
+//   it under the terms of the GNU Affero General Public License as published by
+//   the Free Software Foundation, either version 3 of the License, or
+//   (at your option) any later version.
+//
+//   iTop is distributed in the hope that it will be useful,
+//   but WITHOUT ANY WARRANTY; without even the implied warranty of
+//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//   GNU Affero General Public License for more details.
+//
+//   You should have received a copy of the GNU Affero General Public License
+//   along with iTop. If not, see <http://www.gnu.org/licenses/>
+
+
+/**
+ * File to include to initialize the datamodel in memory
+ *
+ * @copyright   Copyright (C) 2010-2016 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+require_once(APPROOT.'/core/cmdbobject.class.inc.php');
+require_once(APPROOT.'/application/utils.inc.php');
+require_once(APPROOT.'/core/contexttag.class.inc.php');
+session_name('itop-'.md5(APPROOT));
+session_start();
+$sSwitchEnv = utils::ReadParam('switch_env', null);
+$bAllowCache = true;
+if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE)) && isset($_SESSION['itop_env']) && ($_SESSION['itop_env'] !== $sSwitchEnv))
+{
+	$_SESSION['itop_env'] = $sSwitchEnv;
+	$sEnv = $sSwitchEnv;
+    $bAllowCache = false;
+    // Reset the opcache since otherwise the PHP "model" files may still be cached !!
+    if (function_exists('opcache_reset'))
+    {
+        // Zend opcode cache
+        opcache_reset();
+    }
+    if (function_exists('apc_clear_cache'))
+    {
+        // APC(u) cache
+        apc_clear_cache();
+    }
+	// TODO: reset the credentials as well ??
+}
+else if (isset($_SESSION['itop_env']))
+{
+	$sEnv = $_SESSION['itop_env'];
+}
+else
+{
+	$sEnv = ITOP_DEFAULT_ENV;
+	$_SESSION['itop_env'] = ITOP_DEFAULT_ENV;
+}
+$sConfigFile = APPCONF.$sEnv.'/'.ITOP_CONFIG_FILE;
+MetaModel::Startup($sConfigFile, false /* $bModelOnly */, $bAllowCache, false /* $bTraceSourceFiles */, $sEnv);

composer.json

@@ -0,0 +1,10 @@
+{
+  "require": {
+    "php": ">=5.3.6 <7.2.0"
+  },
+  "config": {
+    "platform": {
+      "php": "5.3.6"
+    }
+  }
+}

core/valuesetdef.class.inc.php

@@ -210,6 +210,19 @@ class ValueSetObjects extends ValueSetDefinition
 			}
 		}
 
+		$oExpression = DBObjectSearch::GetPolymorphicExpression($oFilter->GetClass(), 'friendlyname');
+		$aFields = $oExpression->ListRequiredFields();
+		$sClass = $oFilter->GetClass();
+		foreach($aFields as $sField)
+		{
+			$aFieldItems = explode('.', $sField);
+			if ($aFieldItems[0] != $sClass)
+			{
+				$sOperation = 'contains';
+				break;
+			}
+		}
+
 		switch ($sOperation)
 		{
 			case 'equals_start_with':

datamodels/2.x/itop-portal-base/portal/src/controllers/browsebrickcontroller.class.inc.php

@@ -54,10 +54,10 @@ class BrowseBrickController extends BrickController
 		// Getting current browse mode (First from router pamater, then default brick value)
 		$sBrowseMode = (!empty($sBrowseMode)) ? $sBrowseMode : $oBrick->GetDefaultBrowseMode();
 		// Getting current dataloading mode (First from router parameter, then query parameter, then default brick value)
-		$sDataLoading = ($sDataLoading !== null) ? $sDataLoading : ( ($oRequest->query->get('sDataLoading') !== null) ? $oRequest->query->get('sDataLoading') : $oBrick->GetDataLoading() );
+		$sDataLoading = ($sDataLoading !== null) ? $sDataLoading : $oApp['request_manipulator']->ReadParam('sDataLoading', $oBrick->GetDataLoading());
 		// Getting search value
-		$sSearchValue = $oRequest->get('sSearchValue', null);
-		if ($sSearchValue !== null)
+		$sSearchValue = $oApp['request_manipulator']->ReadParam('sSearchValue', '');
+		if (!empty($sSearchValue))
 		{
 			$sDataLoading = AbstractBrick::ENUM_DATA_LOADING_LAZY;
 		}
@@ -112,7 +112,7 @@ class BrowseBrickController extends BrickController
 
 				// Adding search clause
 				// Note : For know the search is naive and looks only for the exact match. It doesn't search for words separately
-				if ($sSearchValue !== null)
+				if (!empty($sSearchValue))
 				{
 					// - Cleaning the search value by exploding and trimming spaces
 					$aSearchValues = explode(' ', $sSearchValue);
@@ -185,7 +185,7 @@ class BrowseBrickController extends BrickController
 				{
 					$aLevelsProperties[$aLevelsPropertiesKeys[$i]]['search']->SetSelectedClasses($aLevelsClasses);
 
-					if ($sSearchValue !== null)
+					if (!empty($sSearchValue))
 					{
 						// Note : This could be way more simpler if we had a SetInternalParam($sParam, $value) verb
 						$aQueryParams = $aLevelsProperties[$aLevelsPropertiesKeys[$i]]['search']->GetInternalParams();
@@ -219,8 +219,8 @@ class BrowseBrickController extends BrickController
 			{
 				case BrowseBrick::ENUM_BROWSE_MODE_LIST:
 					// Retrieving parameters
-					$iPageNumber = (int) $oRequest->get('iPageNumber', 1);
-					$iListLength = (int) $oRequest->get('iListLength', BrowseBrick::DEFAULT_LIST_LENGTH);
+					$iPageNumber = (int) $oApp['request_manipulator']->ReadParam('iPageNumber', 1, FILTER_SANITIZE_NUMBER_INT);
+					$iListLength = (int) $oApp['request_manipulator']->ReadParam('iListLength', BrowseBrick::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT);
 
 					// Getting total records number
 					$oCountSet = new DBObjectSet($oQuery);
@@ -235,8 +235,8 @@ class BrowseBrickController extends BrickController
 				case BrowseBrick::ENUM_BROWSE_MODE_TREE:
                 case BrowseBrick::ENUM_BROWSE_MODE_MOSAIC:
 					// Retrieving parameters
-					$sLevelAlias = $oRequest->get('sLevelAlias');
-					$sNodeId = $oRequest->get('sNodeId');
+					$sLevelAlias = $oApp['request_manipulator']->ReadParam('sLevelAlias', '');
+					$sNodeId = $oApp['request_manipulator']->ReadParam('sNodeId', '');
 
 					// If no values for those parameters, we might be loading page in lazy mode for the first time, therefore the URL doesn't have those informations.
 					if (empty($sLevelAlias))
@@ -634,8 +634,9 @@ class BrowseBrickController extends BrickController
                 if ($aLevelsProperties[$key][$sOptionalAttribute] !== null)
                 {
                     $sPropertyName = substr($sOptionalAttribute, 0, -4);
+                    $oAttDef = MetaModel::GetAttributeDef(get_class($value), $aLevelsProperties[$key][$sOptionalAttribute]);
 
-                    $tmpAttValue = $value->Get($aLevelsProperties[$key][$sOptionalAttribute]);
+                    $tmpAttValue = $value->GetAsHTML($aLevelsProperties[$key][$sOptionalAttribute]);
                     if($sOptionalAttribute === 'image_att')
                     {
                         if (is_object($tmpAttValue) && !$tmpAttValue->IsEmpty())
@@ -644,7 +645,7 @@ class BrowseBrickController extends BrickController
                         }
                         else
                         {
-                            $tmpAttValue = MetaModel::GetAttributeDef(get_class($value), $aLevelsProperties[$key][$sOptionalAttribute])->Get('default_image');
+                            $tmpAttValue = $oAttDef->Get('default_image');
                         }
                     }
 
@@ -658,7 +659,7 @@ class BrowseBrickController extends BrickController
 				foreach ($aLevelsProperties[$key]['fields'] as $aField)
 				{
 					$oAttDef = MetaModel::GetAttributeDef(get_class($value), $aField['code']);
-					$aRow[$key]['fields'][$aField['code']] = $oAttDef->GetValueLabel($value->Get($aField['code']));
+					$aRow[$key]['fields'][$aField['code']] = $oAttDef->GetAsHTML($value->Get($aField['code']));
 				}
 			}
 		}
@@ -726,8 +727,9 @@ class BrowseBrickController extends BrickController
                 if ($aLevelsProperties[$aCurrentRowKeys[0]][$sOptionalAttribute] !== null)
                 {
                     $sPropertyName = substr($sOptionalAttribute, 0, -4);
+                    $oAttDef = MetaModel::GetAttributeDef(get_class($aCurrentRowValues[0]), $aLevelsProperties[$aCurrentRowKeys[0]][$sOptionalAttribute]);
 
-                    $tmpAttValue = $aCurrentRowValues[0]->Get($aLevelsProperties[$aCurrentRowKeys[0]][$sOptionalAttribute]);
+                    $tmpAttValue = $aCurrentRowValues[0]->GetAsHTML($aLevelsProperties[$aCurrentRowKeys[0]][$sOptionalAttribute]);
                     if($sOptionalAttribute === 'image_att')
                     {
                         if (is_object($tmpAttValue) && !$tmpAttValue->IsEmpty())
@@ -736,7 +738,7 @@ class BrowseBrickController extends BrickController
                         }
                         else
                         {
-                            $tmpAttValue = MetaModel::GetAttributeDef(get_class($aCurrentRowValues[0]), $aLevelsProperties[$aCurrentRowKeys[0]][$sOptionalAttribute])->Get('default_image');
+                            $tmpAttValue = $oAttDef->Get('default_image');
                         }
                     }
 

datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php

@@ -31,6 +31,7 @@ use \AttributeDate;
 use \AttributeDateTime;
 use \AttributeDuration;
 use \AttributeSubItem;
+use \AttributeImage;
 use \DBSearch;
 use \DBObjectSearch;
 use \DBObjectSet;
@@ -63,9 +64,9 @@ class ManageBrickController extends BrickController
 		$aQueries = array();
 
 		// Getting current dataloading mode (First from router parameter, then query parameter, then default brick value)
-		$sDataLoading = ($sDataLoading !== null) ? $sDataLoading : ( ($oRequest->get('sDataLoading') !== null) ? $oRequest->get('sDataLoading') : $oBrick->GetDataLoading() );
+		$sDataLoading = ($sDataLoading !== null) ? $sDataLoading : $oApp['request_manipulator']->ReadParam('sDataLoading', $oBrick->GetDataLoading());
 		// Getting search value
-		$sSearchValue = $oRequest->get('sSearchValue', null);
+		$sSearchValue = $oApp['request_manipulator']->ReadParam('sSearchValue', '');
 
 		// Getting area columns properties
 		$aColumnsAttrs = $oBrick->GetFields();
@@ -201,7 +202,7 @@ class ManageBrickController extends BrickController
 			}
 		}
 		// - Retrieving the current grouping tab to display and altering the query to do so
-		if ($sGroupingTab === null)
+		if (empty($sGroupingTab))
 		{
 			if ($oBrick->HasGroupingTabs())
 			{
@@ -281,9 +282,9 @@ class ManageBrickController extends BrickController
 			}
 		}
 		// - Retrieving the grouping areas to display
-		$sGroupingArea = $oRequest->get('sGroupingArea');
+		$sGroupingArea = $oApp['request_manipulator']->ReadParam('sGroupingArea');
 		//   - If specified or lazy loading, we trunc the $aGroupingAreasValues to keep only this one
-		if ($sGroupingArea !== null)
+		if (!empty($sGroupingArea))
 		{
 			$aGroupingAreasValues = array($sGroupingArea => $aGroupingAreasValues[$sGroupingArea]);
 		}
@@ -342,8 +343,8 @@ class ManageBrickController extends BrickController
 				if ($sDataLoading === AbstractBrick::ENUM_DATA_LOADING_LAZY)
 				{
 					// Retrieving parameters
-					$iPageNumber = (int) $oRequest->get('iPageNumber', 1);
-					$iListLength = (int) $oRequest->get('iListLength', ManageBrick::DEFAULT_LIST_LENGTH);
+					$iPageNumber = (int) $oApp['request_manipulator']->ReadParam('iPageNumber', 1);
+					$iListLength = (int) $oApp['request_manipulator']->ReadParam('iListLength', ManageBrick::DEFAULT_LIST_LENGTH);
 
 					// Getting total records number
 					$oCountSet = new DBObjectSet($oQuery);
@@ -388,7 +389,7 @@ class ManageBrickController extends BrickController
 		{
 			// Set properties
 			$sCurrentClass = $sKey;
-			
+
 			// Defining which attribute will open the edition form)
 			$sMainActionAttrCode = $aColumnsAttrs[0];
 
@@ -444,36 +445,46 @@ class ManageBrickController extends BrickController
 						}
 					}
 
-					/** @var AttributeDefinition $oAttDef */
-					$oAttDef = MetaModel::GetAttributeDef($sCurrentClass, $sItemAttr);
-					if ($oAttDef->IsExternalKey())
-					{
-						$sValue = $oCurrentRow->Get($sItemAttr . '_friendlyname');
-
-						// Adding a view action on the external keys
-						if ($oCurrentRow->Get($sItemAttr) !== $oAttDef->GetNullValue())
+						/** @var AttributeDefinition $oAttDef */
+						$oAttDef = MetaModel::GetAttributeDef($sCurrentClass, $sItemAttr);
+						if ($oAttDef->IsExternalKey())
 						{
-							// Checking if we can view the object
-							if ((SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $oAttDef->GetTargetClass(), $oCurrentRow->Get($sItemAttr))))
+							$sValue = $oCurrentRow->GetAsHTML($sItemAttr.'_friendlyname');
+
+							// Adding a view action on the external keys
+							if ($oCurrentRow->Get($sItemAttr) !== $oAttDef->GetNullValue())
 							{
-								$aActions[] = array(
-									'type' => ManageBrick::ENUM_ACTION_VIEW,
-									'class' => $oAttDef->GetTargetClass(),
-									'id' => $oCurrentRow->Get($sItemAttr),
-                                    'opening_target' => $oBrick->GetOpeningTarget(),
-								);
+								// Checking if we can view the object
+								if ((SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $oAttDef->GetTargetClass(),
+									$oCurrentRow->Get($sItemAttr))))
+								{
+									$aActions[] = array(
+										'type' => ManageBrick::ENUM_ACTION_VIEW,
+										'class' => $oAttDef->GetTargetClass(),
+										'id' => $oCurrentRow->Get($sItemAttr),
+										'opening_target' => $oBrick->GetOpeningTarget(),
+									);
+								}
 							}
 						}
-					}
-					elseif ($oAttDef instanceof AttributeSubItem || $oAttDef instanceof AttributeDuration)
-					{
-						$sValue = $oAttDef->GetAsHTML($oCurrentRow->Get($sItemAttr));
-					}
-					else
-					{
-						$sValue = $oAttDef->GetValueLabel($oCurrentRow->Get($sItemAttr));
-					}
-					unset($oAttDef);
+						elseif ($oAttDef instanceof AttributeImage)
+                        {
+                            $oOrmDoc = $oCurrentRow->Get($sItemAttr);
+                            if (is_object($oOrmDoc) && !$oOrmDoc->IsEmpty())
+                            {
+                                $sUrl = $oApp['url_generator']->generate('p_object_document_display', array('sObjectClass' => get_class($oCurrentRow), 'sObjectId' => $oCurrentRow->GetKey(), 'sObjectField' => $sItemAttr, 'cache' => 86400));
+                            }
+                            else
+                            {
+                                $sUrl = $oAttDef->Get('default_image');
+                            }
+                            $sValue = '<img src="' . $sUrl . '" />';
+                        }
+						else
+						{
+                            $sValue = $oAttDef->GetAsHTML($oCurrentRow->Get($sItemAttr));
+						}
+						unset($oAttDef);
 
 					$aItemAttrs[$sItemAttr] = array(
 						'att_code' => $sItemAttr,
@@ -501,7 +512,7 @@ class ManageBrickController extends BrickController
                         }
                     }
                 }
-				
+
 				// ... And item's properties
 				$aItems[] = array(
 					'id' => $oCurrentRow->GetKey(),

datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php

@@ -1,6 +1,6 @@
 <?php
 
-// Copyright (C) 2010-2017 Combodo SARL
+// Copyright (C) 2010-2018 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -42,6 +42,7 @@ use \ScalarExpression;
 use \DBObjectSet;
 use \cmdbAbstractObject;
 use \AttributeEnum;
+use \AttributeImage;
 use \AttributeFinalClass;
 use \AttributeFriendlyName;
 use \UserRights;
@@ -63,6 +64,8 @@ class ObjectController extends AbstractController
 	const ENUM_MODE_VIEW = 'view';
 	const ENUM_MODE_EDIT = 'edit';
 	const ENUM_MODE_CREATE = 'create';
+
+	const DEFAULT_PAGE_NUMBER = 1;
 	const DEFAULT_LIST_LENGTH = 10;
 
 	/**
@@ -99,6 +102,8 @@ class ObjectController extends AbstractController
 			$oApp->abort(404, Dict::S('UI:ObjectDoesNotExist'));
 		}
 
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', '');
+
 		$aData = array('sMode' => 'view');
 		$aData['form'] = $this->HandleForm($oRequest, $oApp, $aData['sMode'], $sObjectClass, $sObjectId);
 		$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:View:Title', MetaModel::GetName($sObjectClass), $oObject->GetName());
@@ -119,7 +124,7 @@ class ObjectController extends AbstractController
 		if ($oRequest->isXmlHttpRequest())
 		{
 			// We have to check whether the 'operation' parameter is defined or not in order to know if the form is required via ajax (to be displayed as a modal dialog) or if it's a lifecycle call from a existing form.
-			if ($oRequest->request->get('operation') === null)
+			if (empty($sOperation))
 			{
 				$oResponse = $oApp['twig']->render('itop-portal-base/portal/src/views/bricks/object/modal.html.twig', $aData);
 			}
@@ -131,8 +136,8 @@ class ObjectController extends AbstractController
 		else
 		{
 			// Adding brick if it was passed
-			$sBrickId = $oRequest->get('sBrickId');
-			if ($sBrickId !== null)
+			$sBrickId = $oApp['request_manipulator']->ReadParam('sBrickId', '');
+			if (!empty($sBrickId))
 			{
 				$oBrick = ApplicationHelper::GetLoadedBrickFromId($oApp, $sBrickId);
 				if ($oBrick !== null)
@@ -174,6 +179,8 @@ class ObjectController extends AbstractController
 			$oApp->abort(404, Dict::S('UI:ObjectDoesNotExist'));
 		}
 
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', '');
+
 		$aData = array('sMode' => 'edit');
 		$aData['form'] = $this->HandleForm($oRequest, $oApp, $aData['sMode'], $sObjectClass, $sObjectId);
 		$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Edit:Title', MetaModel::GetName($sObjectClass), $aData['form']['object_name']);
@@ -182,7 +189,7 @@ class ObjectController extends AbstractController
 		if ($oRequest->isXmlHttpRequest())
 		{
 			// We have to check whether the 'operation' parameter is defined or not in order to know if the form is required via ajax (to be displayed as a modal dialog) or if it's a lifecycle call from a existing form.
-			if ($oRequest->request->get('operation') === null)
+			if (empty($sOperation))
 			{
 				$oResponse = $oApp['twig']->render('itop-portal-base/portal/src/views/bricks/object/modal.html.twig', $aData);
 			}
@@ -194,8 +201,8 @@ class ObjectController extends AbstractController
 		else
 		{
 			// Adding brick if it was passed
-			$sBrickId = $oRequest->get('sBrickId');
-			if ($sBrickId !== null)
+			$sBrickId = $oApp['request_manipulator']->ReadParam('sBrickId', '');
+			if (!empty($sBrickId))
 			{
 				$oBrick = ApplicationHelper::GetLoadedBrickFromId($oApp, $sBrickId);
 				if ($oBrick !== null)
@@ -227,6 +234,8 @@ class ObjectController extends AbstractController
 			$oApp->abort(404, Dict::S('UI:ObjectDoesNotExist'));
 		}
 
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', '');
+
 		$aData = array('sMode' => 'create');
 		$aData['form'] = $this->HandleForm($oRequest, $oApp, $aData['sMode'], $sObjectClass);
 		$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Create:Title', MetaModel::GetName($sObjectClass));
@@ -235,7 +244,7 @@ class ObjectController extends AbstractController
 		if ($oRequest->isXmlHttpRequest())
 		{
 			// We have to check whether the 'operation' parameter is defined or not in order to know if the form is required via ajax (to be displayed as a modal dialog) or if it's a lifecycle call from a existing form.
-			if ($oRequest->request->get('operation') === null)
+			if (empty($sOperation))
 			{
 				$oResponse = $oApp['twig']->render('itop-portal-base/portal/src/views/bricks/object/modal.html.twig', $aData);
 			}
@@ -247,8 +256,8 @@ class ObjectController extends AbstractController
 		else
 		{
 			// Adding brick if it was passed
-			$sBrickId = $oRequest->get('sBrickId');
-			if ($sBrickId !== null)
+			$sBrickId = $oApp['request_manipulator']->ReadParam('sBrickId', '');
+			if (!empty($sBrickId))
 			{
 				$oBrick = ApplicationHelper::GetLoadedBrickFromId($oApp, $sBrickId);
 				if ($oBrick !== null)
@@ -349,7 +358,7 @@ class ObjectController extends AbstractController
 		}
 
 		// Retrieving request parameters
-		$sOperation = $oRequest->request->get('operation');
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', '');
 
 		// Retrieving form properties
         $aStimuliForms = ApplicationHelper::GetLoadedFormFromClass($oApp, $sObjectClass, 'apply_stimulus');
@@ -384,7 +393,7 @@ class ObjectController extends AbstractController
 
 		// TODO : This is a ugly patch to avoid showing a modal with a readonly form to the user as it would prevent user from finishing the transition.
 		// Instead, we apply the stimulus directly here and then go to the edited object.
-		if ($sOperation === null)
+		if (empty($sOperation))
 		{
 			if (isset($aData['form']['editable_fields_count']) && $aData['form']['editable_fields_count'] === 0)
 			{
@@ -392,7 +401,7 @@ class ObjectController extends AbstractController
 
 				$oSubRequest = $oRequest;
 				$oSubRequest->request->set('operation', 'submit');
-				$oSubRequest->request->set('stimulus_code', null);
+				$oSubRequest->request->set('stimulus_code', '');
 				
 				$aData = array('sMode' => 'apply_stimulus');
 				$aData['form'] = $this->HandleForm($oSubRequest, $oApp, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties);
@@ -407,7 +416,7 @@ class ObjectController extends AbstractController
 		if ($oRequest->isXmlHttpRequest())
 		{
 			// We have to check whether the 'operation' parameter is defined or not in order to know if the form is required via ajax (to be displayed as a modal dialog) or if it's a lifecycle call from a existing form.
-			if ($sOperation === null)
+			if (empty($sOperation))
 			{
 				$oResponse = $oApp['twig']->render('itop-portal-base/portal/src/views/bricks/object/modal.html.twig', $aData);
 			}
@@ -431,9 +440,8 @@ class ObjectController extends AbstractController
 	public static function HandleForm(Request $oRequest, Application $oApp, $sMode, $sObjectClass, $sObjectId = null, $aFormProperties = null)
 	{
 		$aFormData = array();
-		$oRequestParams = $oRequest->request;
-		$sOperation = $oRequestParams->get('operation');
-		$bModal = ($oRequest->isXmlHttpRequest() && ($oRequest->request->get('operation') === null) );
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', '');
+		$bModal = ($oRequest->isXmlHttpRequest() && empty($sOperation));
 
 		// - Retrieve form properties
 		if ($aFormProperties === null)
@@ -442,14 +450,14 @@ class ObjectController extends AbstractController
 		}
 
 		// - Create and
-		if ($sOperation === null)
+		if (empty($sOperation))
 		{
 			// Retrieving action rules
 			//
 			// Note : The action rules must be a base64-encoded JSON object, this is just so users are tempted to changes values.
 			// But it would not be a security issue as it only presets values in the form.
-			$sActionRulesToken = $oRequest->get('ar_token');
-			$aActionRules = ($sActionRulesToken !== null) ? ContextManipulatorHelper::DecodeRulesToken($sActionRulesToken) : array();
+            $sActionRulesToken = $oApp['request_manipulator']->ReadParam('ar_token', '');
+			$aActionRules = (!empty($sActionRulesToken)) ? ContextManipulatorHelper::DecodeRulesToken($sActionRulesToken) : array();
 			
 			// Preparing object
 			if ($sObjectId === null)
@@ -552,9 +560,9 @@ class ObjectController extends AbstractController
 		else
 		{
 			// Update / Submit / Cancel
-			$sFormManagerClass = $oRequestParams->get('formmanager_class');
-			$sFormManagerData = $oRequestParams->get('formmanager_data');
-			if ($sFormManagerClass === null || $sFormManagerData === null)
+			$sFormManagerClass = $oApp['request_manipulator']->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW);
+			$sFormManagerData = $oApp['request_manipulator']->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW);
+			if ( empty($sFormManagerClass) || empty($sFormManagerData) )
 			{
 				IssueLog::Error(__METHOD__ . ' at line ' . __LINE__ . ' : Parameters formmanager_class and formamanager_data must be defined.');
 				$oApp->abort(500, 'Parameters formmanager_class and formmanager_data must be defined.');
@@ -576,13 +584,13 @@ class ObjectController extends AbstractController
 			{
 				case 'submit':
 					// Applying modification to object
-					$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oRequestParams->get('current_values'), 'attachmentIds' => $oRequest->get('attachment_ids'), 'formProperties' => $aFormProperties, 'applyStimulus' => $oRequestParams->get('apply_stimulus')));
+					$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW), 'attachmentIds' => $oApp['request_manipulator']->ReadParam('attachment_ids', array(), FILTER_UNSAFE_RAW), 'formProperties' => $aFormProperties, 'applyStimulus' => $oApp['request_manipulator']->ReadParam('apply_stimulus', null)));
 					if ($aFormData['validation']['valid'] === true)
 					{
 						// Note : We don't use $sObjectId there as it can be null if we are creating a new one. Instead we use the id from the created object once it has been seralized
 						// Check if stimulus has to be applied
-						$sStimulusCode = ($oRequestParams->get('stimulus_code') !== null && $oRequestParams->get('stimulus_code') !== '') ? $oRequestParams->get('stimulus_code') : null;
-						if ($sStimulusCode !== null)
+                        $sStimulusCode = $oApp['request_manipulator']->ReadParam('stimulus_code', '');
+						if (!empty($sStimulusCode))
 						{
 							$aFormData['validation']['redirection'] = array(
 								'url' => $oApp['url_generator']->generate('p_object_apply_stimulus', array('sObjectClass' => $sObjectClass, 'sObjectId' => $oFormManager->GetObject()->GetKey(), 'sStimulusCode' => $sStimulusCode)),
@@ -600,7 +608,7 @@ class ObjectController extends AbstractController
 					break;
 
 				case 'update':
-					$oFormManager->OnUpdate(array('currentValues' => $oRequestParams->get('current_values'), 'formProperties' => $aFormProperties));
+					$oFormManager->OnUpdate(array('currentValues' => $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW), 'formProperties' => $aFormProperties));
 					break;
 
 				case 'cancel':
@@ -619,11 +627,11 @@ class ObjectController extends AbstractController
 		// Preparing fields list regarding the operation
 		if ($sOperation === 'update')
 		{
-			$aRequestedFields = $oRequestParams->get('requested_fields');
-			$sFormPath = $oRequestParams->get('form_path');
+			$aRequestedFields = $oApp['request_manipulator']->ReadParam('requested_fields', array(), FILTER_UNSAFE_RAW);
+			$sFormPath = $oApp['request_manipulator']->ReadParam('form_path', '');
 
 			// Checking if the update was on a subform, if so we need to make the rendering for that part only
-			if ($sFormPath !== null && $sFormPath !== $oFormManager->GetForm()->GetId())
+			if ( !empty($sFormPath) && $sFormPath !== $oFormManager->GetForm()->GetId() )
 			{
 				$oSubForm = $oFormManager->GetForm()->FindSubForm($sFormPath);
 				$oSubFormRenderer = new BsFormRenderer($oSubForm);
@@ -708,8 +716,8 @@ class ObjectController extends AbstractController
 			//
 			// Note : The action rules must be a base64-encoded JSON object, this is just so users are tempted to changes values.
 			// But it would not be a security issue as it only presets values in the form.
-			$sActionRulesToken = $oRequest->get('ar_token');
-			$aActionRules = ($sActionRulesToken !== null) ? ContextManipulatorHelper::DecodeRulesToken($sActionRulesToken) : array();
+            $sActionRulesToken = $oApp['request_manipulator']->ReadParam('ar_token', '');
+			$aActionRules = (!empty($sActionRulesToken)) ? ContextManipulatorHelper::DecodeRulesToken($sActionRulesToken) : array();
 			// Preparing object
 			$oApp['context_manipulator']->PrepareObject($aActionRules, $oHostObject);
 		}
@@ -717,7 +725,7 @@ class ObjectController extends AbstractController
 		// Updating host object with form data / values
 		$sFormManagerClass = $aRequestContent['formmanager_class'];
 		$sFormManagerData = $aRequestContent['formmanager_data'];
-		if ($sFormManagerClass !== null && $sFormManagerData !== null)
+		if (!empty($sFormManagerClass) && !empty($sFormManagerData))
 		{
 			$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
 			$oFormManager->SetApplication($oApp);
@@ -829,7 +837,7 @@ class ObjectController extends AbstractController
 			'sTargetAttCode' => $sTargetAttCode,
 			'sHostObjectClass' => $sHostObjectClass,
 			'sHostObjectId' => $sHostObjectId,
-			'sActionRulesToken' => $oRequest->get('ar_token')
+			'sActionRulesToken' => $oApp['request_manipulator']->ReadParam('ar_token', ''),
 		);
 
 		// Checking security layers
@@ -852,16 +860,15 @@ class ObjectController extends AbstractController
 			//
 			// Note : The action rules must be a base64-encoded JSON object, this is just so users are tempted to changes values.
 			// But it would not be a security issue as it only presets values in the form.
-			$aActionRules = ($aData['sActionRulesToken'] !== null) ? ContextManipulatorHelper::DecodeRulesToken($aData['sActionRulesToken']) : array();
+			$aActionRules = !empty($aData['sActionRulesToken']) ? ContextManipulatorHelper::DecodeRulesToken($aData['sActionRulesToken']) : array();
 			// Preparing object
 			$oApp['context_manipulator']->PrepareObject($aActionRules, $oHostObject);
 		}
 
 		// Updating host object with form data / values
-		$oRequestParams = $oRequest->request;
-		$sFormManagerClass = $oRequestParams->get('formmanager_class');
-		$sFormManagerData = $oRequestParams->get('formmanager_data');
-		if ($sFormManagerClass !== null && $sFormManagerData !== null)
+		$sFormManagerClass = $oApp['request_manipulator']->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW);
+		$sFormManagerData = $oApp['request_manipulator']->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW);
+		if ( !empty($sFormManagerClass) && !empty($sFormManagerData) )
 		{
 			$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
 			$oFormManager->SetApplication($oApp);
@@ -877,18 +884,18 @@ class ObjectController extends AbstractController
 			}
 			
 			// Updating host object
-			$oFormManager->OnUpdate(array('currentValues' => $oRequestParams->get('current_values')));
+			$oFormManager->OnUpdate(array('currentValues' => $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW)));
 			$oHostObject = $oFormManager->GetObject();
 		}
 		
 		// Retrieving request parameters
-		$iPageNumber = ($oRequest->get('iPageNumber') !== null) ? $oRequest->get('iPageNumber') : 1;
-		$iListLength = ($oRequest->get('iListLength') !== null) ? $oRequest->get('iListLength') : static::DEFAULT_LIST_LENGTH;
-		$bInitalPass = ($oRequest->get('draw') === null) ? true : false;
-		$sQuery = $oRequest->get('sSearchValue');
-		$sFormPath = $oRequest->get('sFormPath');
-		$sFieldId = $oRequest->get('sFieldId');
-		$aObjectIdsToIgnore = $oRequest->get('aObjectIdsToIgnore');
+		$iPageNumber = $oApp['request_manipulator']->ReadParam('iPageNumber', static::DEFAULT_PAGE_NUMBER, FILTER_SANITIZE_NUMBER_INT);
+		$iListLength = $oApp['request_manipulator']->ReadParam('iListLength', static::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT);
+		$bInitalPass = $oApp['request_manipulator']->HasParam('draw') ? false : true;
+		$sQuery = $oApp['request_manipulator']->ReadParam('sSearchValue', '');
+		$sFormPath = $oApp['request_manipulator']->ReadParam('sFormPath', '');
+		$sFieldId = $oApp['request_manipulator']->ReadParam('sFieldId', '');
+		$aObjectIdsToIgnore = $oApp['request_manipulator']->ReadParam('aObjectIdsToIgnore', null, FILTER_UNSAFE_RAW);
 
 		// Building search query
 		// - Retrieving target object class from attcode
@@ -969,7 +976,7 @@ class ObjectController extends AbstractController
 		
 		// - Adding query condition
 		$aInternalParams['this'] = $oHostObject;
-		if ($sQuery !== null)
+		if (!empty($sQuery))
 		{
 			$oFullExpr = null;
 			for ($i = 0; $i < count($aAttCodes); $i++)
@@ -1344,9 +1351,9 @@ class ObjectController extends AbstractController
         }
 
         // Retrieving ormDocument's host object
-        $sObjectClass = $oRequest->get('sObjectClass');
-        $sObjectId = $oRequest->get('sObjectId');
-        $sObjectField = $oRequest->get('sObjectField');
+        $sObjectClass = $oApp['request_manipulator']->ReadParam('sObjectClass', '');
+        $sObjectId = $oApp['request_manipulator']->ReadParam('sObjectId', '');
+        $sObjectField = $oApp['request_manipulator']->ReadParam('sObjectField', '');
 
         // When reaching to an Attachment, we have to check security on its host object instead of the Attachment itself
         if($sObjectClass === 'Attachment')
@@ -1386,8 +1393,7 @@ class ObjectController extends AbstractController
         }
         else
         {
-            $sCache = $oRequest->get('cache');
-            $iCacheSec = ($sCache !== null) ? (int) $sCache : 0;
+            $iCacheSec = $oApp['request_manipulator']->ReadParam('cache', 0, FILTER_SANITIZE_NUMBER_INT);
         }
 
         $aHeaders = array();
@@ -1413,7 +1419,7 @@ class ObjectController extends AbstractController
 	 * Handles attachment add/remove on an object
 	 *
 	 * Note: This is inspired from itop-attachment/ajax.attachment.php
-	 * 
+	 *
 	 * @param Request $oRequest
 	 * @param Application $oApp
 	 */
@@ -1428,16 +1434,16 @@ class ObjectController extends AbstractController
 		// Retrieving sOperation from request only if it wasn't forced (determined by the route)
 		if ($sOperation === null)
 		{
-			$sOperation = $oRequest->get('operation');
+			$sOperation = $oApp['request_manipulator']->ReadParam('operation', null);
 		}
 		switch ($sOperation)
 		{
 			case 'add':
-				$sFieldName = $oRequest->get('field_name');
-				$sObjectClass = $oRequest->get('object_class');
-				$sTempId = $oRequest->get('temp_id');
+				$sFieldName = $oApp['request_manipulator']->ReadParam('field_name', '');
+				$sObjectClass = $oApp['request_manipulator']->ReadParam('object_class', '');
+				$sTempId = $oApp['request_manipulator']->ReadParam('temp_id', '');
 
-				if (($sObjectClass === null) || ($sTempId === null))
+				if (empty($sObjectClass) || empty($sTempId))
 				{
 					$aData['error'] = Dict::Format('UI:Error:2ParametersMissing', 'object_class', 'temp_id');
 				}
@@ -1476,7 +1482,7 @@ class ObjectController extends AbstractController
                 // - Route
                 $aRouteParams = array(
                     'sObjectClass' => 'Attachment',
-                    'sObjectId' => $oRequest->get('sAttachmentId'),
+                    'sObjectId' => $oApp['request_manipulator']->ReadParam('sAttachmentId', null),
                     'sObjectField' => 'contents',
                 );
                 $sRedirectRoute = $oApp['url_generator']->generate('p_object_document_download', $aRouteParams);
@@ -1511,10 +1517,10 @@ class ObjectController extends AbstractController
 		$aData = array();
 
 		// Retrieving parameters
-		$sObjectClass = $oRequest->Get('sObjectClass');
-		$aObjectIds = $oRequest->Get('aObjectIds');
-		$aObjectAttCodes = $oRequest->Get('aObjectAttCodes');
-		if ($sObjectClass === null || $aObjectIds === null || $aObjectAttCodes === null)
+		$sObjectClass = $oApp['request_manipulator']->ReadParam('sObjectClass', '');
+		$aObjectIds = $oApp['request_manipulator']->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW);
+		$aObjectAttCodes = $oApp['request_manipulator']->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
+		if ( empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes) )
 		{
 			IssueLog::Info(__METHOD__ . ' at line ' . __LINE__ . ' : sObjectClass, sObjectId and aObjectAttCodes expected, "' . $sObjectClass . '", "' . $sObjectId . '" given.');
 			$oApp->abort(500, 'Invalid request data, some informations are missing');
@@ -1582,7 +1588,7 @@ class ObjectController extends AbstractController
 
 			if ($oAttDef->IsExternalKey())
 			{
-				$aAttData['value'] = $oObject->Get($oAttDef->GetCode() . '_friendlyname');
+				$aAttData['value'] = $oObject->GetAsHTML($oAttDef->GetCode() . '_friendlyname');
 
 				// Checking if user can access object's external key
 				if (SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $oAttDef->GetTargetClass()))
@@ -1595,9 +1601,22 @@ class ObjectController extends AbstractController
 				// We skip it
 				continue;
 			}
+			elseif ($oAttDef instanceof AttributeImage)
+            {
+                $oOrmDoc = $oObject->Get($oAttDef->GetCode());
+                if (is_object($oOrmDoc) && !$oOrmDoc->IsEmpty())
+                {
+                    $sUrl = $oApp['url_generator']->generate('p_object_document_display', array('sObjectClass' => get_class($oObject), 'sObjectId' => $oObject->GetKey(), 'sObjectField' => $oAttDef->GetCode(), 'cache' => 86400));
+                }
+                else
+                {
+                    $sUrl = $oAttDef->Get('default_image');
+                }
+                $aAttData['value'] = '<img src="' . $sUrl . '" />';
+            }
 			else
 			{
-				$aAttData['value'] = $oAttDef->GetValueLabel($oObject->Get($oAttDef->GetCode()));
+				$aAttData['value'] = $oAttDef->GetAsHTML($oObject->Get($oAttDef->GetCode()));
 
 				if ($oAttDef instanceof AttributeFriendlyName)
 				{

datamodels/2.x/itop-portal-base/portal/src/controllers/userprofilebrickcontroller.class.inc.php

@@ -71,7 +71,7 @@ class UserProfileBrickController extends BrickController
 		// If this is ajax call, we are just submiting preferences or password forms
 		if ($oRequest->isXmlHttpRequest())
 		{
-			$aCurrentValues = $oRequest->request->get('current_values');
+			$aCurrentValues = $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW);
 			$sFormType = $aCurrentValues['form_type'];
 			if ($sFormType === PreferencesFormManager::FORM_TYPE)
 			{
@@ -120,10 +120,9 @@ class UserProfileBrickController extends BrickController
 	public function HandlePreferencesForm(Request $oRequest, Application $oApp, $sFormMode)
 	{
 		$aFormData = array();
-		$oRequestParams = $oRequest->request;
 
 		// Handling form
-		$sOperation = $oRequestParams->get('operation');
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', null);
 		// - Create
 		if ($sOperation === null)
 		{
@@ -143,8 +142,8 @@ class UserProfileBrickController extends BrickController
 		// - Submit
 		else if ($sOperation === 'submit')
 		{
-			$sFormManagerClass = $oRequestParams->get('formmanager_class');
-			$sFormManagerData = $oRequestParams->get('formmanager_data');
+			$sFormManagerClass = $oApp['request_manipulator']->ReadParam('formmanager_class', null, FILTER_UNSAFE_RAW);
+			$sFormManagerData = $oApp['request_manipulator']->ReadParam('formmanager_data', null, FILTER_UNSAFE_RAW);
 			if ($sFormManagerClass === null || $sFormManagerData === null)
 			{
 				IssueLog::Error(__METHOD__ . ' at line ' . __LINE__ . ' : Parameters formmanager_class and formamanager_data must be defined.');
@@ -154,7 +153,7 @@ class UserProfileBrickController extends BrickController
 			// Rebuilding manager from json
 			$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
 			// Applying modification to object
-			$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oRequestParams->get('current_values')));
+			$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW)));
 			// Reloading page only if preferences were changed
 			if (($aFormData['validation']['valid'] === true) && !empty($aFormData['validation']['messages']['success']))
 			{
@@ -188,10 +187,9 @@ class UserProfileBrickController extends BrickController
 	public function HandlePasswordForm(Request $oRequest, Application $oApp)
 	{
 		$aFormData = array();
-		$oRequestParams = $oRequest->request;
 
 		// Handling form
-		$sOperation = $oRequestParams->get('operation');
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', null);
 		// - Create
 		if ($sOperation === null)
 		{
@@ -206,8 +204,8 @@ class UserProfileBrickController extends BrickController
 		// - Submit
 		else if ($sOperation === 'submit')
 		{
-			$sFormManagerClass = $oRequestParams->get('formmanager_class');
-			$sFormManagerData = $oRequestParams->get('formmanager_data');
+			$sFormManagerClass = $oApp['request_manipulator']->ReadParam('formmanager_class', null, FILTER_UNSAFE_RAW);
+			$sFormManagerData = $oApp['request_manipulator']->ReadParam('formmanager_data', null, FILTER_UNSAFE_RAW);
 			if ($sFormManagerClass === null || $sFormManagerData === null)
 			{
 				IssueLog::Error(__METHOD__ . ' at line ' . __LINE__ . ' : Parameters formmanager_class and formamanager_data must be defined.');
@@ -217,7 +215,7 @@ class UserProfileBrickController extends BrickController
 			// Rebuilding manager from json
 			$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
 			// Applying modification to object
-			$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oRequestParams->get('current_values')));
+			$aFormData['validation'] = $oFormManager->OnSubmit(array('currentValues' => $oApp['request_manipulator']->ReadParam('current_values', array(), FILTER_UNSAFE_RAW)));
 		}
 		else
 		{
@@ -244,11 +242,10 @@ class UserProfileBrickController extends BrickController
 	public function HandlePictureForm(Request $oRequest, Application $oApp, $sFormMode)
 	{
 		$aFormData = array();
-		$oRequestParams = $oRequest->request;
 		$sPictureAttCode = 'picture';
 
 		// Handling form
-		$sOperation = $oRequestParams->get('operation');
+		$sOperation = $oApp['request_manipulator']->ReadParam('operation', null);
 		// - No operation specified
 		if ($sOperation === null)
 		{

datamodels/2.x/itop-portal-base/portal/src/helpers/requestmanipulatorhelper.class.inc.php

@@ -0,0 +1,119 @@
+<?php
+
+/**
+ * Copyright (C) 2012-2018 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with iTop. If not, see <http://www.gnu.org/licenses/>
+ */
+
+namespace Combodo\iTop\Portal\Helper;
+
+use Symfony\Component\HttpFoundation\RequestStack;
+
+/**
+ * RequestManipulatorHelper class
+ *
+ * Handle basic requests manipulation.
+ *
+ * @author Guillaume Lajarige <guillaume.lajarige@combodo.com>
+ * @since 2.5.1
+ */
+class RequestManipulatorHelper
+{
+    /** @var \Symfony\Component\HttpFoundation\RequestStack $oRequestStack */
+    protected $oRequestStack;
+
+    /**
+     * RequestManipulatorHelper constructor.
+     *
+     * @param \Symfony\Component\HttpFoundation\RequestStack $oRequestStack
+     */
+    public function __construct(RequestStack &$oRequestStack)
+    {
+        $this->oRequestStack = $oRequestStack;
+    }
+
+    /**
+     * @return \Symfony\Component\HttpFoundation\Request
+     */
+    public function GetCurrentRequest()
+    {
+        return $this->oRequestStack->getCurrentRequest();
+    }
+
+    /**
+     * Returns if the request has a $sKey parameter.
+     * This looks in the GET arguments first, then PATH and finally the POST data.
+     *
+     * @param string $sKey
+     *
+     * @return bool
+     */
+    public function HasParam($sKey)
+    {
+        if ($this->GetCurrentRequest()->query->has($sKey))
+        {
+            return true;
+        }
+
+        if ($this->GetCurrentRequest()->attributes->has($sKey))
+        {
+            return true;
+        }
+
+        if ($this->GetCurrentRequest()->request->has($sKey))
+        {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Returns the $sKey parameter from the request filtered with $iFilter.
+     * This looks in the GET arguments first, then the PATH and finally the POST data.
+     *
+     * Note: It is inspired by the \Symfony\Component\HttpFoundation\ParameterBag::filter() function and was necessary as we sometimes have parameters that can be either in the GET/PATH/POST arguments and need to be filtered. Silex only offer the possibility to filter parameter from a single ParameterBag, so we created this helper.
+     *
+     * @param string $sKey
+     * @param mixed $default
+     * @param int $iFilter Default is FILTER_SANITIZE_STRING
+     *
+     * @return mixed|null
+     *
+     * @since 2.5.1
+     */
+    public function ReadParam($sKey, $default = null, $iFilter = FILTER_SANITIZE_STRING)
+    {
+        if ($this->GetCurrentRequest()->query->has($sKey))
+        {
+            return $this->GetCurrentRequest()->query->filter($sKey, $default, $iFilter);
+        }
+
+        if ($this->GetCurrentRequest()->attributes->has($sKey))
+        {
+            return $this->GetCurrentRequest()->attributes->filter($sKey, $default, $iFilter);
+        }
+
+        if ($this->GetCurrentRequest()->request->has($sKey))
+        {
+            return $this->GetCurrentRequest()->request->filter($sKey, $default, $iFilter);
+        }
+
+        return $default;
+    }
+
+}

datamodels/2.x/itop-portal-base/portal/src/providers/requestmanipulatorserviceprovider.class.inc.php

@@ -0,0 +1,60 @@
+<?php
+
+/**
+ * Copyright (C) 2012-2018 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with iTop. If not, see <http://www.gnu.org/licenses/>
+ */
+
+namespace Combodo\iTop\Portal\Provider;
+
+use Silex\Application;
+use Silex\ServiceProviderInterface;
+use Combodo\iTop\Portal\Helper\RequestManipulatorHelper;
+
+/**
+ * RequestManipulatorHelper service provider
+ *
+ * @author Guillaume Lajarige <guillaume.lajarige@combodo.com>
+ * @since 2.4.3
+ */
+class RequestManipulatorServiceProvider implements ServiceProviderInterface
+{
+
+    /**
+     * @param \Silex\Application $oApp
+     */
+	public function register(Application $oApp)
+	{
+		$oApp['request_manipulator'] = $oApp->share(function ($oApp)
+		{
+			$oApp->flush();
+
+			$oRequestManipulatorHelper = new RequestManipulatorHelper($oApp['request_stack']);
+
+			return $oRequestManipulatorHelper;
+		});
+	}
+
+    /**
+     * @param \Silex\Application $oApp
+     */
+	public function boot(Application $oApp)
+	{
+
+	}
+
+}

datamodels/2.x/itop-portal-base/portal/web/index.php

@@ -36,6 +36,8 @@ require_once __DIR__ . '/../src/providers/urlgeneratorserviceprovider.class.inc.
 require_once __DIR__ . '/../src/helpers/urlgeneratorhelper.class.inc.php';
 require_once __DIR__ . '/../src/providers/contextmanipulatorserviceprovider.class.inc.php';
 require_once __DIR__ . '/../src/helpers/contextmanipulatorhelper.class.inc.php';
+require_once __DIR__ . '/../src/providers/requestmanipulatorserviceprovider.class.inc.php';
+require_once __DIR__ . '/../src/helpers/requestmanipulatorhelper.class.inc.php';
 require_once __DIR__ . '/../src/providers/scopevalidatorserviceprovider.class.inc.php';
 require_once __DIR__ . '/../src/helpers/scopevalidatorhelper.class.inc.php';
 require_once __DIR__ . '/../src/providers/lifecyclevalidatorserviceprovider.class.inc.php';
@@ -97,6 +99,9 @@ $oApp->before(function(Symfony\Component\HttpFoundation\Request $oRequest, Silex
         $oApp->abort(500, Dict::S('Portal:ErrorNoContactForThisUser'));
     }
 
+    // Register request manipulator now that the request has been created.
+    $oApp->register(new Combodo\iTop\Portal\Provider\RequestManipulatorServiceProvider());
+
 	// Enable archived data
 	utils::InitArchiveMode();
 

readme.txt

@@ -1,7 +1,7 @@
-iTop - version 2.4.2 - 14-Jun-2018
+iTop - version 2.4.3 - 10-Oct-2018
 Readme file
 
-iTop 2.4.2 is the 32nd release of iTop.
+iTop 2.4.3 is the 34th release of iTop.
 
 Changes since the previous version
 -------------------------------------------------------------------

sources/form/field/textareafield.class.inc.php

@@ -29,6 +29,8 @@ use \Combodo\iTop\Form\Field\TextField;
  * Description of TextAreaField
  *
  * @author Guillaume Lajarige <guillaume.lajarige@combodo.com>
+ * @package \Combodo\iTop\Form\Field
+ * @since 2.3.0
  */
 class TextAreaField extends TextField
 {
@@ -113,7 +115,7 @@ class TextAreaField extends TextField
 	{
 		if ($this->GetFormat() == TextAreaField::ENUM_FORMAT_TEXT)
 		{
-			$sValue = $this->GetCurrentValue();
+		    $sValue = \Str::pure2html($this->GetCurrentValue());
 			$sValue = AttributeText::RenderWikiHtml($sValue);
 			return "<div>".str_replace("\n", "<br>\n", $sValue).'</div>';			
 		}

sources/renderer/bootstrap/fieldrenderer/bslinkedsetfieldrenderer.class.inc.php

@@ -576,6 +576,7 @@ EOF
 			);
 
 			// Target object others attributes
+            // TODO: Support for AttriubteImage, AttributeBlob
 			foreach ($this->oField->GetAttributesToDisplay(true) as $sAttCode)
 			{
 				if ($sAttCode !== 'id')
@@ -598,7 +599,7 @@ EOF
 					}
 					else
 					{
-						$aAttProperties['value'] = $oAttDef->GetValueLabel($oRemoteItem->Get($sAttCode));
+						$aAttProperties['value'] = $oAttDef->GetAsHTML($oRemoteItem->Get($sAttCode));
 
 						if ($oAttDef instanceof AttributeFriendlyName)
 						{