Merge remote-tracking branch 'origin/support/2.5' into support/2.6

N°4478 Fix linkedset widget in portal when adding new items with already selected ones
Was already committed to develop with e59d472c
2026-02-13 23:44:11 +01:00 · 2023-07-26 12:06:32 +02:00 · 2021-12-10 15:56:33 +01:00 · 2021-12-10 15:24:16 +01:00 · 2021-12-10 13:38:24 +01:00 · 2021-12-10 12:30:33 +01:00
169 changed files with 28931 additions and 1582 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,556 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = false
+max_line_length = 140
+tab_width = 4
+ij_continuation_indent_size = 8
+ij_formatter_off_tag = @formatter:off
+ij_formatter_on_tag = @formatter:on
+ij_formatter_tags_enabled = false
+ij_smart_tabs = false
+ij_visual_guides = 80,120
+ij_wrap_on_typing = true
+
+[*.css]
+indent_style = tab
+ij_smart_tabs = true
+ij_visual_guides = none
+ij_css_align_closing_brace_with_properties = false
+ij_css_blank_lines_around_nested_selector = 1
+ij_css_blank_lines_between_blocks = 1
+ij_css_brace_placement = end_of_line
+ij_css_enforce_quotes_on_format = false
+ij_css_hex_color_long_format = false
+ij_css_hex_color_lower_case = false
+ij_css_hex_color_short_format = false
+ij_css_hex_color_upper_case = false
+ij_css_keep_blank_lines_in_code = 2
+ij_css_keep_indents_on_empty_lines = false
+ij_css_keep_single_line_blocks = false
+ij_css_properties_order = font,font-family,font-size,font-weight,font-style,font-variant,font-size-adjust,font-stretch,line-height,position,z-index,top,right,bottom,left,display,visibility,float,clear,overflow,overflow-x,overflow-y,clip,zoom,align-content,align-items,align-self,flex,flex-flow,flex-basis,flex-direction,flex-grow,flex-shrink,flex-wrap,justify-content,order,box-sizing,width,min-width,max-width,height,min-height,max-height,margin,margin-top,margin-right,margin-bottom,margin-left,padding,padding-top,padding-right,padding-bottom,padding-left,table-layout,empty-cells,caption-side,border-spacing,border-collapse,list-style,list-style-position,list-style-type,list-style-image,content,quotes,counter-reset,counter-increment,resize,cursor,user-select,nav-index,nav-up,nav-right,nav-down,nav-left,transition,transition-delay,transition-timing-function,transition-duration,transition-property,transform,transform-origin,animation,animation-name,animation-duration,animation-play-state,animation-timing-function,animation-delay,animation-iteration-count,animation-direction,text-align,text-align-last,vertical-align,white-space,text-decoration,text-emphasis,text-emphasis-color,text-emphasis-style,text-emphasis-position,text-indent,text-justify,letter-spacing,word-spacing,text-outline,text-transform,text-wrap,text-overflow,text-overflow-ellipsis,text-overflow-mode,word-wrap,word-break,tab-size,hyphens,pointer-events,opacity,color,border,border-width,border-style,border-color,border-top,border-top-width,border-top-style,border-top-color,border-right,border-right-width,border-right-style,border-right-color,border-bottom,border-bottom-width,border-bottom-style,border-bottom-color,border-left,border-left-width,border-left-style,border-left-color,border-radius,border-top-left-radius,border-top-right-radius,border-bottom-right-radius,border-bottom-left-radius,border-image,border-image-source,border-image-slice,border-image-width,border-image-outset,border-image-repeat,outline,outline-width,outline-style,outline-color,outline-offset,background,background-color,background-image,background-repeat,background-attachment,background-position,background-position-x,background-position-y,background-clip,background-origin,background-size,box-decoration-break,box-shadow,text-shadow
+ij_css_space_after_colon = true
+ij_css_space_before_opening_brace = true
+ij_css_use_double_quotes = true
+ij_css_value_alignment = do_not_align
+
+[*.scss]
+indent_size = 2
+tab_width = 2
+ij_visual_guides = none
+ij_scss_align_closing_brace_with_properties = false
+ij_scss_blank_lines_around_nested_selector = 1
+ij_scss_blank_lines_between_blocks = 1
+ij_scss_brace_placement = 0
+ij_scss_enforce_quotes_on_format = false
+ij_scss_hex_color_long_format = false
+ij_scss_hex_color_lower_case = false
+ij_scss_hex_color_short_format = false
+ij_scss_hex_color_upper_case = false
+ij_scss_keep_blank_lines_in_code = 2
+ij_scss_keep_indents_on_empty_lines = false
+ij_scss_keep_single_line_blocks = false
+ij_scss_properties_order = font,font-family,font-size,font-weight,font-style,font-variant,font-size-adjust,font-stretch,line-height,position,z-index,top,right,bottom,left,display,visibility,float,clear,overflow,overflow-x,overflow-y,clip,zoom,align-content,align-items,align-self,flex,flex-flow,flex-basis,flex-direction,flex-grow,flex-shrink,flex-wrap,justify-content,order,box-sizing,width,min-width,max-width,height,min-height,max-height,margin,margin-top,margin-right,margin-bottom,margin-left,padding,padding-top,padding-right,padding-bottom,padding-left,table-layout,empty-cells,caption-side,border-spacing,border-collapse,list-style,list-style-position,list-style-type,list-style-image,content,quotes,counter-reset,counter-increment,resize,cursor,user-select,nav-index,nav-up,nav-right,nav-down,nav-left,transition,transition-delay,transition-timing-function,transition-duration,transition-property,transform,transform-origin,animation,animation-name,animation-duration,animation-play-state,animation-timing-function,animation-delay,animation-iteration-count,animation-direction,text-align,text-align-last,vertical-align,white-space,text-decoration,text-emphasis,text-emphasis-color,text-emphasis-style,text-emphasis-position,text-indent,text-justify,letter-spacing,word-spacing,text-outline,text-transform,text-wrap,text-overflow,text-overflow-ellipsis,text-overflow-mode,word-wrap,word-break,tab-size,hyphens,pointer-events,opacity,color,border,border-width,border-style,border-color,border-top,border-top-width,border-top-style,border-top-color,border-right,border-right-width,border-right-style,border-right-color,border-bottom,border-bottom-width,border-bottom-style,border-bottom-color,border-left,border-left-width,border-left-style,border-left-color,border-radius,border-top-left-radius,border-top-right-radius,border-bottom-right-radius,border-bottom-left-radius,border-image,border-image-source,border-image-slice,border-image-width,border-image-outset,border-image-repeat,outline,outline-width,outline-style,outline-color,outline-offset,background,background-color,background-image,background-repeat,background-attachment,background-position,background-position-x,background-position-y,background-clip,background-origin,background-size,box-decoration-break,box-shadow,text-shadow
+ij_scss_space_after_colon = true
+ij_scss_space_before_opening_brace = true
+ij_scss_use_double_quotes = true
+ij_scss_value_alignment = 0
+
+[*.twig]
+ij_smart_tabs = true
+ij_visual_guides = none
+ij_wrap_on_typing = false
+ij_twig_keep_indents_on_empty_lines = false
+ij_twig_spaces_inside_comments_delimiters = true
+ij_twig_spaces_inside_delimiters = true
+ij_twig_spaces_inside_variable_delimiters = true
+
+[.editorconfig]
+ij_visual_guides = none
+ij_editorconfig_align_group_field_declarations = false
+ij_editorconfig_space_after_colon = false
+ij_editorconfig_space_after_comma = true
+ij_editorconfig_space_before_colon = false
+ij_editorconfig_space_before_comma = false
+ij_editorconfig_spaces_around_assignment_operators = true
+
+[{*.ant, *.fxml, *.jhm, *.jnlp, *.jrxml, *.rng, *.tld, *.wsdl, *.xml, *.xsd, *.xsl, *.xslt, *.xul, phpunit.xml.dist}]
+indent_size = 2
+tab_width = 2
+ij_smart_tabs = true
+ij_visual_guides = none
+ij_wrap_on_typing = false
+ij_xml_align_attributes = true
+ij_xml_align_text = false
+ij_xml_attribute_wrap = normal
+ij_xml_block_comment_at_first_column = true
+ij_xml_keep_blank_lines = 2
+ij_xml_keep_indents_on_empty_lines = false
+ij_xml_keep_line_breaks = false
+ij_xml_keep_line_breaks_in_text = true
+ij_xml_keep_whitespaces = false
+ij_xml_keep_whitespaces_around_cdata = preserve
+ij_xml_keep_whitespaces_inside_cdata = true
+ij_xml_line_comment_at_first_column = true
+ij_xml_space_after_tag_name = false
+ij_xml_space_around_equals_in_attribute = false
+ij_xml_space_inside_empty_tag = false
+ij_xml_text_wrap = off
+
+[{*.bash,*.sh,*.zsh}]
+indent_size = 2
+tab_width = 2
+ij_visual_guides = none
+ij_shell_binary_ops_start_line = false
+ij_shell_keep_column_alignment_padding = false
+ij_shell_minify_program = false
+ij_shell_redirect_followed_by_space = false
+ij_shell_switch_cases_indented = false
+
+[{*.cjs,*.js}]
+indent_style = tab
+ij_continuation_indent_size = 4
+ij_smart_tabs = true
+ij_visual_guides = none
+ij_javascript_align_imports = false
+ij_javascript_align_multiline_array_initializer_expression = false
+ij_javascript_align_multiline_binary_operation = false
+ij_javascript_align_multiline_chained_methods = false
+ij_javascript_align_multiline_extends_list = false
+ij_javascript_align_multiline_for = true
+ij_javascript_align_multiline_parameters = true
+ij_javascript_align_multiline_parameters_in_calls = false
+ij_javascript_align_multiline_ternary_operation = false
+ij_javascript_align_object_properties = 0
+ij_javascript_align_union_types = false
+ij_javascript_align_var_statements = 0
+ij_javascript_array_initializer_new_line_after_left_brace = false
+ij_javascript_array_initializer_right_brace_on_new_line = false
+ij_javascript_array_initializer_wrap = off
+ij_javascript_assignment_wrap = off
+ij_javascript_binary_operation_sign_on_next_line = false
+ij_javascript_binary_operation_wrap = off
+ij_javascript_blacklist_imports = rxjs/Rx,node_modules/**,**/node_modules/**,@angular/material,@angular/material/typings/**
+ij_javascript_blank_lines_after_imports = 1
+ij_javascript_blank_lines_around_class = 1
+ij_javascript_blank_lines_around_field = 0
+ij_javascript_blank_lines_around_function = 1
+ij_javascript_blank_lines_around_method = 1
+ij_javascript_block_brace_style = end_of_line
+ij_javascript_call_parameters_new_line_after_left_paren = false
+ij_javascript_call_parameters_right_paren_on_new_line = false
+ij_javascript_call_parameters_wrap = off
+ij_javascript_catch_on_new_line = false
+ij_javascript_chained_call_dot_on_new_line = true
+ij_javascript_class_brace_style = end_of_line
+ij_javascript_comma_on_new_line = false
+ij_javascript_do_while_brace_force = always
+ij_javascript_else_on_new_line = false
+ij_javascript_enforce_trailing_comma = keep
+ij_javascript_extends_keyword_wrap = off
+ij_javascript_extends_list_wrap = off
+ij_javascript_field_prefix = _
+ij_javascript_file_name_style = relaxed
+ij_javascript_finally_on_new_line = false
+ij_javascript_for_brace_force = always
+ij_javascript_for_statement_new_line_after_left_paren = false
+ij_javascript_for_statement_right_paren_on_new_line = false
+ij_javascript_for_statement_wrap = off
+ij_javascript_force_quote_style = false
+ij_javascript_force_semicolon_style = false
+ij_javascript_function_expression_brace_style = end_of_line
+ij_javascript_if_brace_force = always
+ij_javascript_import_merge_members = global
+ij_javascript_import_prefer_absolute_path = global
+ij_javascript_import_sort_members = true
+ij_javascript_import_sort_module_name = false
+ij_javascript_import_use_node_resolution = true
+ij_javascript_imports_wrap = on_every_item
+ij_javascript_indent_case_from_switch = true
+ij_javascript_indent_chained_calls = true
+ij_javascript_indent_package_children = 0
+ij_javascript_jsx_attribute_value = braces
+ij_javascript_keep_blank_lines_in_code = 2
+ij_javascript_keep_first_column_comment = true
+ij_javascript_keep_indents_on_empty_lines = false
+ij_javascript_keep_line_breaks = true
+ij_javascript_keep_simple_blocks_in_one_line = false
+ij_javascript_keep_simple_methods_in_one_line = false
+ij_javascript_line_comment_add_space = true
+ij_javascript_line_comment_at_first_column = false
+ij_javascript_method_brace_style = end_of_line
+ij_javascript_method_call_chain_wrap = off
+ij_javascript_method_parameters_new_line_after_left_paren = false
+ij_javascript_method_parameters_right_paren_on_new_line = false
+ij_javascript_method_parameters_wrap = off
+ij_javascript_object_literal_wrap = on_every_item
+ij_javascript_parentheses_expression_new_line_after_left_paren = false
+ij_javascript_parentheses_expression_right_paren_on_new_line = false
+ij_javascript_place_assignment_sign_on_next_line = false
+ij_javascript_prefer_as_type_cast = false
+ij_javascript_prefer_explicit_types_function_expression_returns = false
+ij_javascript_prefer_explicit_types_function_returns = false
+ij_javascript_prefer_explicit_types_vars_fields = false
+ij_javascript_prefer_parameters_wrap = false
+ij_javascript_reformat_c_style_comments = false
+ij_javascript_space_after_colon = true
+ij_javascript_space_after_comma = true
+ij_javascript_space_after_dots_in_rest_parameter = false
+ij_javascript_space_after_generator_mult = true
+ij_javascript_space_after_property_colon = true
+ij_javascript_space_after_quest = true
+ij_javascript_space_after_type_colon = true
+ij_javascript_space_after_unary_not = false
+ij_javascript_space_before_async_arrow_lparen = true
+ij_javascript_space_before_catch_keyword = true
+ij_javascript_space_before_catch_left_brace = true
+ij_javascript_space_before_catch_parentheses = true
+ij_javascript_space_before_class_lbrace = true
+ij_javascript_space_before_class_left_brace = true
+ij_javascript_space_before_colon = true
+ij_javascript_space_before_comma = false
+ij_javascript_space_before_do_left_brace = true
+ij_javascript_space_before_else_keyword = true
+ij_javascript_space_before_else_left_brace = true
+ij_javascript_space_before_finally_keyword = true
+ij_javascript_space_before_finally_left_brace = true
+ij_javascript_space_before_for_left_brace = true
+ij_javascript_space_before_for_parentheses = true
+ij_javascript_space_before_for_semicolon = false
+ij_javascript_space_before_function_left_parenth = true
+ij_javascript_space_before_generator_mult = false
+ij_javascript_space_before_if_left_brace = true
+ij_javascript_space_before_if_parentheses = true
+ij_javascript_space_before_method_call_parentheses = false
+ij_javascript_space_before_method_left_brace = true
+ij_javascript_space_before_method_parentheses = false
+ij_javascript_space_before_property_colon = false
+ij_javascript_space_before_quest = true
+ij_javascript_space_before_switch_left_brace = true
+ij_javascript_space_before_switch_parentheses = true
+ij_javascript_space_before_try_left_brace = true
+ij_javascript_space_before_type_colon = false
+ij_javascript_space_before_unary_not = false
+ij_javascript_space_before_while_keyword = true
+ij_javascript_space_before_while_left_brace = true
+ij_javascript_space_before_while_parentheses = true
+ij_javascript_spaces_around_additive_operators = false
+ij_javascript_spaces_around_arrow_function_operator = true
+ij_javascript_spaces_around_assignment_operators = true
+ij_javascript_spaces_around_bitwise_operators = true
+ij_javascript_spaces_around_equality_operators = true
+ij_javascript_spaces_around_logical_operators = true
+ij_javascript_spaces_around_multiplicative_operators = true
+ij_javascript_spaces_around_relational_operators = true
+ij_javascript_spaces_around_shift_operators = true
+ij_javascript_spaces_around_unary_operator = false
+ij_javascript_spaces_within_array_initializer_brackets = false
+ij_javascript_spaces_within_brackets = false
+ij_javascript_spaces_within_catch_parentheses = false
+ij_javascript_spaces_within_for_parentheses = false
+ij_javascript_spaces_within_if_parentheses = false
+ij_javascript_spaces_within_imports = false
+ij_javascript_spaces_within_interpolation_expressions = false
+ij_javascript_spaces_within_method_call_parentheses = false
+ij_javascript_spaces_within_method_parentheses = false
+ij_javascript_spaces_within_object_literal_braces = false
+ij_javascript_spaces_within_object_type_braces = true
+ij_javascript_spaces_within_parentheses = false
+ij_javascript_spaces_within_switch_parentheses = false
+ij_javascript_spaces_within_type_assertion = false
+ij_javascript_spaces_within_union_types = true
+ij_javascript_spaces_within_while_parentheses = false
+ij_javascript_special_else_if_treatment = true
+ij_javascript_ternary_operation_signs_on_next_line = false
+ij_javascript_ternary_operation_wrap = off
+ij_javascript_union_types_wrap = on_every_item
+ij_javascript_use_chained_calls_group_indents = true
+ij_javascript_use_double_quotes = true
+ij_javascript_use_explicit_js_extension = global
+ij_javascript_use_path_mapping = always
+ij_javascript_use_public_modifier = false
+ij_javascript_use_semicolon_after_statement = true
+ij_javascript_var_declaration_wrap = normal
+ij_javascript_while_brace_force = always
+ij_javascript_while_on_new_line = false
+ij_javascript_wrap_comments = false
+
+[{*.ctp,*.hphp,*.inc,*.module,*.php,*.php4,*.php5,*.phtml}]
+indent_style = tab
+ij_continuation_indent_size = 4
+ij_smart_tabs = true
+ij_wrap_on_typing = false
+ij_php_align_assignments = false
+ij_php_align_class_constants = false
+ij_php_align_group_field_declarations = false
+ij_php_align_inline_comments = false
+ij_php_align_key_value_pairs = false
+ij_php_align_multiline_array_initializer_expression = false
+ij_php_align_multiline_binary_operation = false
+ij_php_align_multiline_chained_methods = false
+ij_php_align_multiline_extends_list = false
+ij_php_align_multiline_for = true
+ij_php_align_multiline_parameters = false
+ij_php_align_multiline_parameters_in_calls = false
+ij_php_align_multiline_ternary_operation = false
+ij_php_align_phpdoc_comments = false
+ij_php_align_phpdoc_param_names = false
+ij_php_anonymous_brace_style = end_of_line
+ij_php_api_weight = 1
+ij_php_array_initializer_new_line_after_left_brace = true
+ij_php_array_initializer_right_brace_on_new_line = true
+ij_php_array_initializer_wrap = on_every_item
+ij_php_assignment_wrap = off
+ij_php_attributes_wrap = off
+ij_php_author_weight = 8
+ij_php_binary_operation_sign_on_next_line = false
+ij_php_binary_operation_wrap = off
+ij_php_blank_lines_after_class_header = 0
+ij_php_blank_lines_after_function = 1
+ij_php_blank_lines_after_imports = 1
+ij_php_blank_lines_after_opening_tag = 0
+ij_php_blank_lines_after_package = 1
+ij_php_blank_lines_around_class = 1
+ij_php_blank_lines_around_constants = 0
+ij_php_blank_lines_around_field = 0
+ij_php_blank_lines_around_method = 1
+ij_php_blank_lines_before_class_end = 0
+ij_php_blank_lines_before_imports = 1
+ij_php_blank_lines_before_method_body = 0
+ij_php_blank_lines_before_package = 1
+ij_php_blank_lines_before_return_statement = 1
+ij_php_blank_lines_between_imports = 0
+ij_php_block_brace_style = end_of_line
+ij_php_call_parameters_new_line_after_left_paren = false
+ij_php_call_parameters_right_paren_on_new_line = false
+ij_php_call_parameters_wrap = normal
+ij_php_catch_on_new_line = true
+ij_php_category_weight = 28
+ij_php_class_brace_style = next_line
+ij_php_comma_after_last_array_element = true
+ij_php_concat_spaces = false
+ij_php_copyright_weight = 28
+ij_php_deprecated_weight = 2
+ij_php_do_while_brace_force = always
+ij_php_else_if_style = as_is
+ij_php_else_on_new_line = false
+ij_php_example_weight = 4
+ij_php_extends_keyword_wrap = off
+ij_php_extends_list_wrap = off
+ij_php_fields_default_visibility = private
+ij_php_filesource_weight = 28
+ij_php_finally_on_new_line = true
+ij_php_for_brace_force = always
+ij_php_for_statement_new_line_after_left_paren = false
+ij_php_for_statement_right_paren_on_new_line = false
+ij_php_for_statement_wrap = off
+ij_php_force_short_declaration_array_style = false
+ij_php_getters_setters_naming_style = camel_case
+ij_php_getters_setters_order_style = getters_first
+ij_php_global_weight = 28
+ij_php_group_use_wrap = on_every_item
+ij_php_if_brace_force = always
+ij_php_if_lparen_on_next_line = false
+ij_php_if_rparen_on_next_line = false
+ij_php_ignore_weight = 28
+ij_php_import_sorting = alphabetic
+ij_php_indent_break_from_case = true
+ij_php_indent_case_from_switch = true
+ij_php_indent_code_in_php_tags = false
+ij_php_internal_weight = 0
+ij_php_keep_blank_lines_after_lbrace = 2
+ij_php_keep_blank_lines_before_right_brace = 2
+ij_php_keep_blank_lines_in_code = 2
+ij_php_keep_blank_lines_in_declarations = 2
+ij_php_keep_control_statement_in_one_line = true
+ij_php_keep_first_column_comment = true
+ij_php_keep_indents_on_empty_lines = false
+ij_php_keep_line_breaks = true
+ij_php_keep_rparen_and_lbrace_on_one_line = false
+ij_php_keep_simple_classes_in_one_line = false
+ij_php_keep_simple_methods_in_one_line = false
+ij_php_lambda_brace_style = end_of_line
+ij_php_license_weight = 28
+ij_php_line_comment_add_space = false
+ij_php_line_comment_at_first_column = true
+ij_php_link_weight = 28
+ij_php_lower_case_boolean_const = true
+ij_php_lower_case_keywords = true
+ij_php_lower_case_null_const = true
+ij_php_method_brace_style = next_line
+ij_php_method_call_chain_wrap = off
+ij_php_method_parameters_new_line_after_left_paren = true
+ij_php_method_parameters_right_paren_on_new_line = true
+ij_php_method_parameters_wrap = normal
+ij_php_method_weight = 28
+ij_php_modifier_list_wrap = false
+ij_php_multiline_chained_calls_semicolon_on_new_line = false
+ij_php_namespace_brace_style = 1
+ij_php_new_line_after_php_opening_tag = false
+ij_php_null_type_position = in_the_end
+ij_php_package_weight = 28
+ij_php_param_weight = 5
+ij_php_parameters_attributes_wrap = off
+ij_php_parentheses_expression_new_line_after_left_paren = false
+ij_php_parentheses_expression_right_paren_on_new_line = false
+ij_php_phpdoc_blank_line_before_tags = true
+ij_php_phpdoc_blank_lines_around_parameters = true
+ij_php_phpdoc_keep_blank_lines = true
+ij_php_phpdoc_param_spaces_between_name_and_description = 1
+ij_php_phpdoc_param_spaces_between_tag_and_type = 1
+ij_php_phpdoc_param_spaces_between_type_and_name = 1
+ij_php_phpdoc_use_fqcn = true
+ij_php_phpdoc_wrap_long_lines = true
+ij_php_place_assignment_sign_on_next_line = false
+ij_php_place_parens_for_constructor = 0
+ij_php_property_read_weight = 28
+ij_php_property_weight = 28
+ij_php_property_write_weight = 28
+ij_php_return_type_on_new_line = false
+ij_php_return_weight = 6
+ij_php_see_weight = 3
+ij_php_since_weight = 28
+ij_php_sort_phpdoc_elements = true
+ij_php_space_after_colon = true
+ij_php_space_after_colon_in_named_argument = true
+ij_php_space_after_colon_in_return_type = true
+ij_php_space_after_comma = true
+ij_php_space_after_for_semicolon = true
+ij_php_space_after_quest = true
+ij_php_space_after_type_cast = false
+ij_php_space_after_unary_not = false
+ij_php_space_before_array_initializer_left_brace = false
+ij_php_space_before_catch_keyword = true
+ij_php_space_before_catch_left_brace = true
+ij_php_space_before_catch_parentheses = true
+ij_php_space_before_class_left_brace = true
+ij_php_space_before_closure_left_parenthesis = true
+ij_php_space_before_colon = true
+ij_php_space_before_colon_in_named_argument = false
+ij_php_space_before_colon_in_return_type = false
+ij_php_space_before_comma = false
+ij_php_space_before_do_left_brace = true
+ij_php_space_before_else_keyword = true
+ij_php_space_before_else_left_brace = true
+ij_php_space_before_finally_keyword = true
+ij_php_space_before_finally_left_brace = true
+ij_php_space_before_for_left_brace = true
+ij_php_space_before_for_parentheses = true
+ij_php_space_before_for_semicolon = false
+ij_php_space_before_if_left_brace = true
+ij_php_space_before_if_parentheses = true
+ij_php_space_before_method_call_parentheses = false
+ij_php_space_before_method_left_brace = true
+ij_php_space_before_method_parentheses = false
+ij_php_space_before_quest = true
+ij_php_space_before_short_closure_left_parenthesis = false
+ij_php_space_before_switch_left_brace = true
+ij_php_space_before_switch_parentheses = true
+ij_php_space_before_try_left_brace = true
+ij_php_space_before_unary_not = false
+ij_php_space_before_while_keyword = true
+ij_php_space_before_while_left_brace = true
+ij_php_space_before_while_parentheses = true
+ij_php_space_between_ternary_quest_and_colon = false
+ij_php_spaces_around_additive_operators = true
+ij_php_spaces_around_arrow = false
+ij_php_spaces_around_assignment_in_declare = false
+ij_php_spaces_around_assignment_operators = true
+ij_php_spaces_around_bitwise_operators = true
+ij_php_spaces_around_equality_operators = true
+ij_php_spaces_around_logical_operators = true
+ij_php_spaces_around_multiplicative_operators = true
+ij_php_spaces_around_null_coalesce_operator = true
+ij_php_spaces_around_relational_operators = true
+ij_php_spaces_around_shift_operators = true
+ij_php_spaces_around_unary_operator = false
+ij_php_spaces_around_var_within_brackets = false
+ij_php_spaces_within_array_initializer_braces = false
+ij_php_spaces_within_brackets = false
+ij_php_spaces_within_catch_parentheses = false
+ij_php_spaces_within_for_parentheses = false
+ij_php_spaces_within_if_parentheses = false
+ij_php_spaces_within_method_call_parentheses = false
+ij_php_spaces_within_method_parentheses = false
+ij_php_spaces_within_parentheses = false
+ij_php_spaces_within_short_echo_tags = true
+ij_php_spaces_within_switch_parentheses = false
+ij_php_spaces_within_while_parentheses = false
+ij_php_special_else_if_treatment = true
+ij_php_subpackage_weight = 28
+ij_php_ternary_operation_signs_on_next_line = false
+ij_php_ternary_operation_wrap = off
+ij_php_throws_weight = 7
+ij_php_todo_weight = 28
+ij_php_unknown_tag_weight = 28
+ij_php_upper_case_boolean_const = false
+ij_php_upper_case_null_const = false
+ij_php_uses_weight = 28
+ij_php_var_weight = 28
+ij_php_variable_naming_style = mixed
+ij_php_version_weight = 28
+ij_php_while_brace_force = always
+ij_php_while_on_new_line = false
+
+[{*.har,*.jsb2,*.jsb3,*.json,.babelrc,.eslintrc,.stylelintrc,bowerrc,composer.lock,jest.config}]
+indent_size = 2
+ij_visual_guides = none
+ij_json_keep_blank_lines_in_code = 0
+ij_json_keep_indents_on_empty_lines = false
+ij_json_keep_line_breaks = true
+ij_json_space_after_colon = true
+ij_json_space_after_comma = true
+ij_json_space_before_colon = true
+ij_json_space_before_comma = false
+ij_json_spaces_within_braces = false
+ij_json_spaces_within_brackets = false
+ij_json_wrap_long_lines = false
+
+[{*.htm,*.html,*.sht,*.shtm,*.shtml}]
+indent_style = tab
+ij_smart_tabs = true
+ij_visual_guides = none
+ij_html_add_new_line_before_tags = body, div, p, form, h1, h2, h3
+ij_html_align_attributes = true
+ij_html_align_text = false
+ij_html_attribute_wrap = normal
+ij_html_block_comment_at_first_column = true
+ij_html_do_not_align_children_of_min_lines = 0
+ij_html_do_not_break_if_inline_tags = title,h1,h2,h3,h4,h5,h6,p
+ij_html_do_not_indent_children_of_tags = html,body,thead,tbody,tfoot,style,script,head
+ij_html_enforce_quotes = false
+ij_html_inline_tags = a,abbr,acronym,b,basefont,bdo,big,br,cite,cite,code,dfn,em,font,i,img,input,kbd,label,q,s,samp,select,small,span,strike,strong,sub,sup,textarea,tt,u,var
+ij_html_keep_blank_lines = 2
+ij_html_keep_indents_on_empty_lines = false
+ij_html_keep_line_breaks = true
+ij_html_keep_line_breaks_in_text = true
+ij_html_keep_whitespaces = false
+ij_html_keep_whitespaces_inside = span,pre,textarea
+ij_html_line_comment_at_first_column = true
+ij_html_new_line_after_last_attribute = never
+ij_html_new_line_before_first_attribute = never
+ij_html_quote_style = none
+ij_html_remove_new_line_before_tags = br
+ij_html_space_after_tag_name = false
+ij_html_space_around_equality_in_attribute = false
+ij_html_space_inside_empty_tag = false
+ij_html_text_wrap = normal
+ij_html_uniform_ident = false
+
+[{*.yaml, *.yml}]
+indent_size = 2
+ij_visual_guides = none
+ij_yaml_align_values_properties = do_not_align
+ij_yaml_autoinsert_sequence_marker = true
+ij_yaml_block_mapping_on_new_line = false
+ij_yaml_indent_sequence_value = true
+ij_yaml_keep_indents_on_empty_lines = false
+ij_yaml_keep_line_breaks = true
+ij_yaml_sequence_on_new_line = false
+ij_yaml_space_before_colon = false
+ij_yaml_spaces_within_braces = true
+ij_yaml_spaces_within_brackets = true
--- a/.gitflow
+++ b/.gitflow
@@ -1,9 +0,0 @@
-[gitflow "branch"]
-master = master
-develop = develop
-[gitflow "prefix"]
-feature = feature/
-release = release/
-hotfix = hotfix/
-versiontag =
-support = support/
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,17 @@

 # no slash at the end to handle also symlinks
 /toolkit
-/conf
 /env-*

 # composer reserver directory, from sources, populate/update using "composer install"
 vendor/*
 test/vendor/*

+# all conf but listing prevention
+/conf/**
+!/conf/.htaccess
+!/conf/web.config
+
 # all datas but listing prevention
 /data/**
 !/data/.htaccess
--- a/.jenkins/bin/archive/gather_external_files.sh
+++ b/.jenkins/bin/archive/gather_external_files.sh
--- a/.jenkins/bin/init/append_files.sh
+++ b/.jenkins/bin/init/append_files.sh
@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-# create target dirs
-mkdir -p var
-mkdir -p toolkit
-
-# cleanup target dirs
-rm -rf toolkit/*
-
-# fill target dirs
-curl http://www.combodo.com/documentation/iTopDataModelToolkit-2.3.zip | tar xvz --directory toolkit
-cp -r .jenkins/configuration/default-environment/unattended_install/* toolkit
--- a/.jenkins/bin/init/composer_install.sh
+++ b/.jenkins/bin/init/composer_install.sh
@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-# on the root dir
-composer install
-
-
-# under the test dir
-cd test
-composer install
--- a/.jenkins/bin/init/debug.sh
+++ b/.jenkins/bin/init/debug.sh
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-whoami
-pwd
-ls
-
-echo "$BRANCH_NAME:${BRANCH_NAME}"
-
-echo "printenv :"
-printenv
-
--- a/.jenkins/bin/tests/phpunit.sh
+++ b/.jenkins/bin/tests/phpunit.sh
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -x
-
-cd test
-
-export DEBUG_UNIT_TEST="0"
-
-php vendor/bin/phpunit  --log-junit ../var/test/phpunit-log.junit.xml --teamcity
--- a/.jenkins/bin/unattended_install/default_env.sh
+++ b/.jenkins/bin/unattended_install/default_env.sh
@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-cd toolkit
-php unattended_install.php default-params.xml
--- a/.jenkins/configuration/default-environment/unattended_install/default-config-itop.php
+++ b/.jenkins/configuration/default-environment/unattended_install/default-config-itop.php
@@ -1,285 +0,0 @@
-<?php
-
-/**
- *
- * Configuration file, generated by the iTop configuration wizard
- *
- * The file is used in MetaModel::LoadConfig() which does all the necessary initialization job
- *
- */
-$MySettings = array(
-
-	// access_message: Message displayed to the users when there is any access restriction
-	//	default: 'iTop is temporarily frozen, please wait... (the admin team)'
-	'access_message' => 'iTop is temporarily frozen, please wait... (the admin team)',
-
-	// access_mode: Access mode: ACCESS_READONLY = 0, ACCESS_ADMIN_WRITE = 2, ACCESS_FULL = 3
-	//	default: 3
-	'access_mode' => 3,
-
-	'allowed_login_types' => 'form|basic|external',
-
-	// apc_cache.enabled: If set, the APC cache is allowed (the PHP extension must also be active)
-	//	default: true
-	'apc_cache.enabled' => true,
-
-	// apc_cache.query_ttl: Time to live set in APC for the prepared queries (seconds - 0 means no timeout)
-	//	default: 3600
-	'apc_cache.query_ttl' => 3600,
-
-	// app_root_url: Root URL used for navigating within the application, or from an email to the application (you can put $SERVER_NAME$ as a placeholder for the server's name)
-	//	default: ''
-	'app_root_url' => 'http://127.0.0.1/itop/svn/trunk/',
-
-	// buttons_position: Position of the forms buttons: bottom | top | both
-	//	default: 'both'
-	'buttons_position' => 'both',
-
-	// cas_include_path: The path where to find the phpCAS library
-	//	default: '/usr/share/php'
-	'cas_include_path' => '/usr/share/php',
-
-	// cron_max_execution_time: Duration (seconds) of the page cron.php, must be shorter than php setting max_execution_time and shorter than the web server response timeout
-	//	default: 600
-	'cron_max_execution_time' => 600,
-
-	// csv_file_default_charset: Character set used by default for downloading and uploading data as a CSV file. Warning: it is case sensitive (uppercase is preferable).
-	//	default: 'ISO-8859-1'
-	'csv_file_default_charset' => 'ISO-8859-1',
-
-	'csv_import_charsets' => array (
-	),
-
-	// csv_import_history_display: Display the history tab in the import wizard
-	//	default: false
-	'csv_import_history_display' => false,
-
-	// date_and_time_format: Format for date and time display (per language)
-	//	default: array (
-	//		  'default' =>
-	//		  array (
-	//		    'date' => 'Y-m-d',
-	//		    'time' => 'H:i:s',
-	//		    'date_time' => '$date $time',
-	//		  ),
-	//		)
-	'date_and_time_format' => array (
-		'default' =>
-			array (
-				'date' => 'Y-m-d',
-				'time' => 'H:i:s',
-				'date_time' => '$date $time',
-			),
-		'FR FR' =>
-			array (
-				'date' => 'd/m/Y',
-				'time' => 'H:i:s',
-				'date_time' => '$date $time',
-			),
-	),
-
-	'db_host' => '',
-
-	'db_name' => 'itop_ci_main',
-
-	'db_pwd' => 'IKnowYouSeeMeInJenkinsConf',
-
-	'db_subname' => '',
-
-	'db_user' => 'jenkins_itop',
-
-	// deadline_format: The format used for displaying "deadline" attributes: any string with the following placeholders: $date$, $difference$
-	//	default: '$difference$'
-	'deadline_format' => '$difference$',
-
-	'default_language' => 'EN US',
-
-	// disable_attachments_download_legacy_portal: Disable attachments download from legacy portal
-	//	default: true
-	'disable_attachments_download_legacy_portal' => true,
-
-	// draft_attachments_lifetime: Lifetime (in seconds) of drafts' attachments and inline images: after this duration, the garbage collector will delete them.
-	//	default: 3600
-	'draft_attachments_lifetime' => 3600,
-
-	// email_asynchronous: If set, the emails are sent off line, which requires cron.php to be activated. Exception: some features like the email test utility will force the serialized mode
-	//	default: false
-	'email_asynchronous' => false,
-
-	// email_default_sender_address: Default address provided in the email from header field.
-	//	default: ''
-	'email_default_sender_address' => '',
-
-	// email_default_sender_label: Default label provided in the email from header field.
-	//	default: ''
-	'email_default_sender_label' => '',
-
-	// email_transport: Mean to send emails: PHPMail (uses the function mail()) or SMTP (implements the client protocole)
-	//	default: 'PHPMail'
-	'email_transport' => 'SMTP',
-
-	// email_transport_smtp.host: host name or IP address (optional)
-	//	default: 'localhost'
-	'email_transport_smtp.host' => 'smtp.combodo.com',
-
-	// email_transport_smtp.password: Authentication password (optional)
-	//	default: ''
-	'email_transport_smtp.password' => 'IDoNotWork',
-
-	// email_transport_smtp.port: port number (optional)
-	//	default: 25
-	'email_transport_smtp.port' => 25,
-
-	// email_transport_smtp.username: Authentication user (optional)
-	//	default: ''
-	'email_transport_smtp.username' => 'test2@combodo.com',
-
-	// email_validation_pattern: Regular expression to validate/detect the format of an eMail address
-	//	default: '[a-zA-Z0-9._&\'-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z0-9-]{2,}'
-	'email_validation_pattern' => '[a-zA-Z0-9._&\'-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z0-9-]{2,}',
-
-	'encryption_key' => '@iT0pEncr1pti0n!',
-
-	'ext_auth_variable' => '$_SERVER[\'REMOTE_USER\']',
-
-	'fast_reload_interval' => '60',
-
-	// graphviz_path: Path to the Graphviz "dot" executable for graphing objects lifecycle
-	//	default: '/usr/bin/dot'
-	'graphviz_path' => '/usr/bin/dot',
-
-	// inline_image_max_display_width: The maximum width (in pixels) when displaying images inside an HTML formatted attribute. Images will be displayed using this this maximum width.
-	//	default: '250'
-	'inline_image_max_display_width' => 250,
-
-	// inline_image_max_storage_width: The maximum width (in pixels) when uploading images to be used inside an HTML formatted attribute. Images larger than the given size will be downsampled before storing them in the database.
-	//	default: '1600'
-	'inline_image_max_storage_width' => 1600,
-
-	// link_set_attribute_qualifier: Link set from string: attribute qualifier (encloses both the attcode and the value)
-	//	default: '\''
-	'link_set_attribute_qualifier' => '\'',
-
-	// link_set_attribute_separator: Link set from string: attribute separator
-	//	default: ';'
-	'link_set_attribute_separator' => ';',
-
-	// link_set_item_separator: Link set from string: line separator
-	//	default: '|'
-	'link_set_item_separator' => '|',
-
-	// link_set_value_separator: Link set from string: value separator (between the attcode and the value itself
-	//	default: ':'
-	'link_set_value_separator' => ':',
-
-	'log_global' => true,
-
-	'log_issue' => true,
-
-	'log_notification' => true,
-
-	'log_web_service' => true,
-
-	// max_combo_length: The maximum number of elements in a drop-down list. If more then an autocomplete will be used
-	//	default: 50
-	'max_combo_length' => 50,
-
-	'max_display_limit' => '15',
-
-	// max_linkset_output: Maximum number of items shown when getting a list of related items in an email, using the form $this->some_list$. 0 means no limit.
-	//	default: 100
-	'max_linkset_output' => 100,
-
-	'min_display_limit' => '10',
-
-	// online_help: Hyperlink to the online-help web page
-	//	default: 'http://www.combodo.com/itop-help'
-	'online_help' => 'http://www.combodo.com/itop-help',
-
-	// php_path: Path to the php executable in CLI mode
-	//	default: 'php'
-	'php_path' => 'php',
-
-	// portal_tickets: CSV list of classes supported in the portal
-	//	default: 'UserRequest'
-	'portal_tickets' => 'UserRequest',
-
-	'query_cache_enabled' => true,
-
-	// search_manual_submit: Force manual submit of search requests (class => true)
-	//	default: false
-	'search_manual_submit' => array (
-		'Person' => true,
-	),
-
-	'secure_connection_required' => false,
-
-	// session_name: The name of the cookie used to store the PHP session id
-	//	default: 'iTop'
-	'session_name' => 'iTop',
-
-	// shortcut_actions: Actions that are available as direct buttons next to the "Actions" menu
-	//	default: 'UI:Menu:Modify,UI:Menu:New'
-	'shortcut_actions' => 'UI:Menu:Modify,UI:Menu:New',
-
-	// source_dir: Source directory for the datamodel files. (which gets compiled to env-production).
-	//	default: ''
-	'source_dir' => 'datamodels/2.x/',
-
-	'standard_reload_interval' => '300',
-
-	// synchro_trace: Synchronization details: none, display, save (includes 'display')
-	//	default: 'none'
-	'synchro_trace' => 'none',
-
-	// timezone: Timezone (reference: http://php.net/manual/en/timezones.php). If empty, it will be left unchanged and MUST be explicitely configured in PHP
-	//	default: 'Europe/Paris'
-	'timezone' => 'Europe/Paris',
-
-	// tracking_level_linked_set_default: Default tracking level if not explicitely set at the attribute level, for AttributeLinkedSet (defaults to NONE in case of a fresh install, LIST otherwise - this to preserve backward compatibility while upgrading from a version older than 2.0.3 - see TRAC #936)
-	//	default: 1
-	'tracking_level_linked_set_default' => 0,
-
-	// url_validation_pattern: Regular expression to validate/detect the format of an URL (URL attributes and Wiki formatting for Text attributes)
-	//	default: '(https?|ftp)\\://([a-zA-Z0-9+!*(),;?&=\\$_.-]+(\\:[a-zA-Z0-9+!*(),;?&=\\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\\:[0-9]{2,5})?(/([a-zA-Z0-9%+\\$_-]\\.?)+)*/?(\\?[a-zA-Z+&\\$_.-][a-zA-Z0-9;:[\\]@&%=+/\\$_.-]*)?(#[a-zA-Z_.-][a-zA-Z0-9+\\$_.-]*)?'
-	'url_validation_pattern' => '(https?|ftp)\\://([a-zA-Z0-9+!*(),;?&=\\$_.-]+(\\:[a-zA-Z0-9+!*(),;?&=\\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\\:[0-9]{2,5})?(/([a-zA-Z0-9%+\\$_-]\\.?)+)*/?(\\?[a-zA-Z+&\\$_.-][a-zA-Z0-9;:[\\]@&%=+/\\$_.-]*)?(#[a-zA-Z_.-][a-zA-Z0-9+\\$_.-]*)?',
-);
-
-/**
- *
- * Modules specific settings
- *
- */
-$MyModuleSettings = array(
-	'itop-attachments' => array (
-		'allowed_classes' => array (
-			0 => 'Ticket',
-		),
-		'position' => 'relations',
-		'preview_max_width' => 290,
-	),
-	'itop-backup' => array (
-		'mysql_bindir' => '',
-		'week_days' => 'monday, tuesday, wednesday, thursday, friday',
-		'time' => '23:30',
-		'retention_count' => 5,
-		'enabled' => true,
-		'debug' => false,
-	),
-	'molkobain-console-tooltips' => array (
-		'decoration_class' => 'fas fa-question',
-		'enabled' => true,
-	),
-);
-
-/**
- *
- * Data model modules to be loaded. Names are specified as relative paths
- *
- */
-$MyModules = array(
-	'addons' => array (
-		'user rights' => 'addons/userrights/userrightsprofile.class.inc.php',
-	),
-);
-?>
--- a/.jenkins/configuration/default-environment/unattended_install/unattended_install.php
+++ b/.jenkins/configuration/default-environment/unattended_install/unattended_install.php
@@ -1,190 +0,0 @@
-<?php
-//this scrit will be run under the ./toolkit directory, relatively to the document root
-
-require_once('../approot.inc.php');
-require_once(APPROOT.'/application/utils.inc.php');
-require_once(APPROOT.'/application/clipage.class.inc.php');
-require_once(APPROOT.'/core/config.class.inc.php');
-require_once(APPROOT.'/core/log.class.inc.php');
-require_once(APPROOT.'/core/kpi.class.inc.php');
-require_once(APPROOT.'/core/cmdbsource.class.inc.php');
-require_once(APPROOT.'/setup/setuppage.class.inc.php');
-require_once(APPROOT.'/setup/wizardcontroller.class.inc.php');
-require_once(APPROOT.'/setup/wizardsteps.class.inc.php');
-require_once(APPROOT.'/setup/applicationinstaller.class.inc.php');
-
-
-
-/////////////////////////////////////////////////
-$sParamFile = utils::ReadParam('response_file', 'default-params.xml', true /* CLI allowed */, 'raw_data');
-$bCheckConsistency = (utils::ReadParam('check_consistency', '0', true /* CLI allowed */) == '1');
-
-$oParams = new XMLParameters($sParamFile);
-$sMode = $oParams->Get('mode');
-
-if ($sMode == 'install')
-{
-	echo "Installation mode detected.\n";
-	$bClean = utils::ReadParam('clean', false, true /* CLI allowed */);
-	if ($bClean)
-	{
-		echo "Cleanup mode detected.\n";
-		$sTargetEnvironment = $oParams->Get('target_env', '');
-		if ($sTargetEnvironment == '')
-		{
-			$sTargetEnvironment = 'production';
-		}
-		$sTargetDir = APPROOT.'env-'.$sTargetEnvironment;
-
-		// Configuration file
-		$sConfigFile = APPCONF.$sTargetEnvironment.'/'.ITOP_CONFIG_FILE;
-		if (file_exists($sConfigFile))
-		{
-			echo "Trying to delete the configuration file: '$sConfigFile'.\n";
-			@chmod($sConfigFile, 0770); // RWX for owner and group, nothing for others
-			unlink($sConfigFile);
-		}
-		else
-		{
-			echo "No config file to delete ($sConfigFile does not exist).\n";
-		}
-
-		// env-xxx directory
-		if (file_exists($sTargetDir))
-		{
-			if (is_dir($sTargetDir))
-			{
-				echo "Emptying the target directory '$sTargetDir'.\n";
-				SetupUtils::tidydir($sTargetDir);
-			}
-			else
-			{
-				die("ERROR the target dir '$sTargetDir' exists, but is NOT a directory !!!\nExiting.\n");
-			}
-		}
-		else
-		{
-			echo "No target directory to delete ($sTargetDir does not exist).\n";
-		}
-
-		// Database
-		$aDBSettings = $oParams->Get('database', array());
-		$sDBServer = $aDBSettings['server'];
-		$sDBUser = $aDBSettings['user'];
-		$sDBPwd = $aDBSettings['pwd'];
-		$sDBName = $aDBSettings['name'];
-		$sDBPrefix = $aDBSettings['prefix'];
-
-		if ($sDBPrefix != '')
-		{
-			die("Cleanup not implemented for a partial database (prefix= '$sDBPrefix')\nExiting.");
-		}
-
-		$oMysqli = new mysqli($sDBServer, $sDBUser, $sDBPwd);
-		if ($oMysqli->connect_errno)
-		{
-			die("Cannot connect to the MySQL server (".$mysqli->connect_errno . ") ".$mysqli->connect_error."\nExiting");
-		}
-		else
-		{
-			if ($oMysqli->select_db($sDBName))
-			{
-				echo "Deleting database '$sDBName'\n";
-				$oMysqli->query("DROP DATABASE `$sDBName`");
-			}
-			else
-			{
-				echo "The database '$sDBName' does not seem to exist. Nothing to cleanup.\n";
-			}
-		}
-	}
-}
-
-$bHasErrors = false;
-$aChecks = SetupUtils::CheckBackupPrerequisites(APPROOT.'data'); // mmm should be the backup destination dir
-
-$aSelectedModules = $oParams->Get('selected_modules');
-$sSourceDir = $oParams->Get('source_dir', 'datamodels/latest');
-$sExtensionDir = $oParams->Get('extensions_dir', 'extensions');
-$aChecks = array_merge($aChecks, SetupUtils::CheckSelectedModules($sSourceDir, $sExtensionDir, $aSelectedModules));
-
-
-foreach($aChecks as $oCheckResult)
-{
-	switch($oCheckResult->iSeverity)
-	{
-		case CheckResult::ERROR:
-			$bHasErrors = true;
-			$sHeader = "Error";
-			break;
-
-		case CheckResult::WARNING:
-			$sHeader = "Warning";
-			break;
-
-		case CheckResult::INFO:
-		default:
-			$sHeader = "Info";
-			break;
-	}
-	echo $sHeader.": ".$oCheckResult->sLabel;
-	if (strlen($oCheckResult->sDescription))
-	{
-		echo ' - '.$oCheckResult->sDescription;
-	}
-	echo "\n";
-}
-
-if ($bHasErrors)
-{
-	echo "Encountered stopper issues. Aborting...\n";
-	die;
-}
-
-$bFoundIssues = false;
-
-$bInstall = utils::ReadParam('install', true, true /* CLI allowed */);
-if ($bInstall)
-{
-	echo "Starting the unattended installation...\n";
-	$oWizard = new ApplicationInstaller($oParams);
-	$bRes = $oWizard->ExecuteAllSteps();
-	if (!$bRes)
-	{
-		echo "\nencountered installation issues!";
-		$bFoundIssues = true;
-	}
-}
-else
-{
-	echo "No installation requested.\n";
-}
-if (!$bFoundIssues && $bCheckConsistency)
-{
-	echo "Checking data model consistency.\n";
-	ob_start();
-	$sCheckRes = '';
-	try
-	{
-		MetaModel::CheckDefinitions(false);
-		$sCheckRes = ob_get_clean();
-	}
-	catch(Exception $e)
-	{
-		$sCheckRes = ob_get_clean()."\nException: ".$e->getMessage();
-	}
-	if (strlen($sCheckRes) > 0)
-	{
-		echo $sCheckRes;
-		echo "\nfound consistency issues!";
-		$bFoundIssues = true;
-	}
-}
-
-if (!$bFoundIssues)
-{
-	// last line: used to check the install
-	// the only way to track issues in case of Fatal error or even parsing error!
-	echo "\ninstalled!";
-	exit;
-}
--- a/.make/release/update-versions.php
+++ b/.make/release/update-versions.php
@@ -0,0 +1,47 @@
+<?php
+
+/*******************************************************************************
+ * Tool to automate version update before release
+ *
+ * Will update version in the following files :
+ *
+ * * datamodels/2.x/.../module.*.php
+ * * datamodels/2.x/version.xml
+ * * css/css-variables.scss $version
+ *
+ * Usage :
+ * `php .make\release\update-versions.php "2.7.0-rc"`
+ *
+ * @since 2.7.0
+ ******************************************************************************/
+
+
+
+require_once (__DIR__.'/../../approot.inc.php');
+require_once (__DIR__.DIRECTORY_SEPARATOR.'update.classes.inc.php');
+
+
+
+/** @var \FileVersionUpdater[] $aFilesUpdaters */
+$aFilesUpdaters = array(
+	new iTopVersionFileUpdater(),
+	new CssVariablesFileUpdater(),
+	new DatamodelsModulesFiles(),
+);
+
+if (count($argv) === 1)
+{
+	echo '/!\ You must pass the new version as parameter';
+	exit(1);
+}
+$sVersionLabel = $argv[1];
+if (empty($sVersionLabel))
+{
+	echo 'Version passed as parameter is empty !';
+	exit(2);
+}
+
+foreach ($aFilesUpdaters as $oFileVersionUpdater)
+{
+	$oFileVersionUpdater->UpdateAllFiles($sVersionLabel);
+}
--- a/.make/release/update-xml.php
+++ b/.make/release/update-xml.php
@@ -0,0 +1,36 @@
+<?php
+
+/*******************************************************************************
+ * Tool to automate datamodel version update in XML
+ *
+ * Will update version in the following files :
+ *
+ * datamodels/2.x/.../datamodel.*.xml
+ *
+ * Usage :
+ * `php .make\release\update-xml.php "1.7"`
+ *
+ * @since 2.7.0
+ ******************************************************************************/
+
+
+
+require_once (__DIR__.'/../../approot.inc.php');
+require_once (__DIR__.DIRECTORY_SEPARATOR.'update.classes.inc.php');
+
+
+
+if (count($argv) === 1)
+{
+	echo '/!\ You must pass the new version as parameter';
+	exit(1);
+}
+$sVersionLabel = $argv[1];
+if (empty($sVersionLabel))
+{
+	echo 'Version passed as parameter is empty !';
+	exit(2);
+}
+
+$oFileVersionUpdater = new DatamodelsXmlFiles();
+$oFileVersionUpdater->UpdateAllFiles($sVersionLabel);
--- a/.make/release/update.classes.inc.php
+++ b/.make/release/update.classes.inc.php
@@ -0,0 +1,169 @@
+<?php
+
+/*******************************************************************************
+ * Classes for updater tools
+ *
+ * @see update-versions.php
+ * @see update-xml.php
+ ******************************************************************************/
+
+
+
+require_once (__DIR__.'/../../approot.inc.php');
+
+
+
+
+abstract class FileVersionUpdater
+{
+	/**
+	 * @return string[] full path of files to modify
+	 */
+	abstract public function GetFiles();
+
+	/**
+	 * Warnign : will consume lots of memory on larger files !
+	 *
+	 * @param string $sVersionLabel
+	 * @param string $sFileContent
+	 * @param string $sFileFullPath
+	 *
+	 * @return string file content with replaced values
+	 */
+	abstract public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath);
+
+	public function UpdateAllFiles($sVersionLabel)
+	{
+		$aFilesToUpdate = $this->GetFiles();
+		$sFileUpdaterName = get_class($this);
+		echo "# Updater : $sFileUpdaterName\n";
+		foreach ($aFilesToUpdate as $sFileToUpdateFullPath)
+		{
+			try
+			{
+				$sCurrentFileContent = file_get_contents($sFileToUpdateFullPath);
+				$sNewFileContent = $this->UpdateFileContent($sVersionLabel, $sCurrentFileContent, $sFileToUpdateFullPath);
+				file_put_contents($sFileToUpdateFullPath, $sNewFileContent);
+				echo "   - $sFileToUpdateFullPath : OK !\n";
+			}
+			catch (Exception $e)
+			{
+				echo "   - $sFileToUpdateFullPath : Error :(\n";
+			}
+		}
+	}
+}
+
+abstract class AbstractSingleFileVersionUpdater extends FileVersionUpdater
+{
+	private $sFileToUpdate;
+
+	public function __construct($sFileToUpdate)
+	{
+		$this->sFileToUpdate = $sFileToUpdate;
+	}
+
+	public function GetFiles()
+	{
+		return array(APPROOT.$this->sFileToUpdate);
+	}
+}
+
+class iTopVersionFileUpdater extends AbstractSingleFileVersionUpdater
+{
+	public function __construct()
+	{
+		parent::__construct('datamodels/2.x/version.xml');
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
+	{
+		return preg_replace(
+			'/(<version>)[^<]*(<\/version>)/',
+			'${1}'.$sVersionLabel.'${2}',
+			$sFileContent
+		);
+	}
+}
+
+class CssVariablesFileUpdater extends AbstractSingleFileVersionUpdater
+{
+	public function __construct()
+	{
+		parent::__construct('css/css-variables.scss');
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
+	{
+		return preg_replace(
+			'/(\$version: "v)[^"]*(";)/',
+			'${1}'.$sVersionLabel.'${2}',
+			$sFileContent
+		);
+	}
+}
+
+abstract class AbstractGlobFileVersionUpdater extends FileVersionUpdater
+{
+	protected $sGlobPattern;
+
+	public function __construct($sGlobPattern)
+	{
+		$this->sGlobPattern = $sGlobPattern;
+	}
+
+	public function GetFiles()
+	{
+		return glob($this->sGlobPattern);
+	}
+}
+
+class DatamodelsModulesFiles extends AbstractGlobFileVersionUpdater
+{
+	public function __construct()
+	{
+		parent::__construct(APPROOT.'datamodels/2.x/*/module.*.php');
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
+	{
+		$sModulePath = realpath($sFileFullPath);
+		$sModuleFileName = basename($sModulePath, 1);
+		$sModuleName = preg_replace('/[^.]+\.([^.]+)\.php/', '$1', $sModuleFileName);
+
+		return preg_replace(
+			"/('$sModuleName\/)[^']+(')/",
+			'${1}'.$sVersionLabel.'${2}',
+			$sFileContent
+		);
+	}
+}
+
+class DatamodelsXmlFiles extends AbstractGlobFileVersionUpdater
+{
+	public function __construct()
+	{
+		parent::__construct(APPROOT.'datamodels/2.x/*/datamodel.*.xml');
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
+	{
+		return preg_replace(
+			'/(<itop_design .* version=")[^"]+(">)/',
+			'${1}'.$sVersionLabel.'${2}',
+			$sFileContent
+		);
+	}
+}
--- a/11
+++ b/11
@@ -0,0 +1,11 @@
+def infra
+
+node(){
+  checkout scm
+
+  infra = load '/var/lib/jenkins/workspace/itop-test-infra_master/src/Infra.groovy'
+}
+
+
+infra.call()
+
--- a/README.md
+++ b/README.md
@@ -21,6 +21,19 @@ iTop also offers mass import tools and web services to integrate with your IT
 - [Data synchronization][18] (for data federation)


+## Latest release
+
+- [Changes since the previous version][62]
+- [New features][63]
+- [Installation notes][64]
+- [Download][65]
+
+[62]: https://www.itophub.io/wiki/page?id=latest:release:change_log
+[63]: https://www.itophub.io/wiki/page?id=latest:release:start
+[64]: https://www.itophub.io/wiki/page?id=latest:install:start
+[65]: https://sourceforge.net/projects/itop/files/latest/download
+
+
 ## Resources

 - [iTop Forums][1]: for support request
@@ -30,28 +43,6 @@ iTop also offers mass import tools and web services to integrate with your IT
 - [iTop extensions][5] for discovering and installing extensions

 
-## Releases
-### Version 2.6  
- - [Changes since the previous version][58]
- - [New features][59]
- - [Migration notes][60]
- - [Download iTop 2.6.1][61]
-
-
-### Version 2.5  
- - [Changes since the previous version][54]
- - [New features][55]
- - [Migration notes][56]
- - [Download iTop 2.5.1][57]
- 
-
-### Version 2.4  
- - [Changes since the previous version][50]
- - [New features][51]
- - [Migration notes][52]
- - [Download iTop 2.4.1][53]
-
-
 # About Us

 iTop development is sponsored, led and supported by [Combodo][0].
@@ -138,4 +129,4 @@ We would like to give a special thank you to the people from the community who c
 [58]: https://www.itophub.io/wiki/page?id=2_6_0:release:change_log
 [59]: https://www.itophub.io/wiki/page?id=2_6_0:release:2_6_whats_new
 [60]: https://www.itophub.io/wiki/page?id=2_6_0:install:250_to_260_migration_notes
-[61]: https://sourceforge.net/projects/itop/files/itop/2.6.1
+[61]: https://sourceforge.net/projects/itop/files/itop/2.6.3
--- a/application/ajaxwebpage.class.inc.php
+++ b/application/ajaxwebpage.class.inc.php
@@ -30,32 +30,35 @@ class ajax_page extends WebPage implements iTabbedPage
 {
    /**
     * Jquery style ready script
-     * @var Hash     
-     */	  
+     * @var Hash
+     */
 	protected $m_sReadyScript;
 	protected $m_oTabs;
 	private $m_sMenu; // If set, then the menu will be updated
-	
-    /**
-     * constructor for the web page
-     * @param string $s_title Not used
-     */	  
-	function __construct($s_title)
-    {
+
+	/**
+	 * constructor for the web page
+	 *
+	 * @param string $s_title Not used
+	 */
+	function __construct($s_title) {
 		$sPrintable = utils::ReadParam('printable', '0');
 		$bPrintable = ($sPrintable == '1');

-        parent::__construct($s_title, $bPrintable);
-        $this->m_sReadyScript = "";
+		parent::__construct($s_title, $bPrintable);
+		$this->m_sReadyScript = "";
 		//$this->add_header("Content-type: text/html; charset=utf-8");
-		$this->add_header("Cache-control: no-cache");
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 		$this->m_oTabs = new TabManager();
 		$this->sContentType = 'text/html';
 		$this->sContentDisposition = 'inline';
 		$this->m_sMenu = "";

 		utils::InitArchiveMode();
-    }
+	}

 	public function AddTabContainer($sTabContainer, $sPrefix = '')
 	{
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -2966,7 +2966,6 @@ EOF
 				$data = $oDoc->GetData();
 				switch ($oDoc->GetMimeType())
 				{
-					case 'text/html':
 					case 'text/xml':
 						$oPage->add("<iframe id='preview_$sAttCode' src=\"".utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=display_document&class=$sClass&id=$Id&field=$sAttCode\" width=\"100%\" height=\"400\">Loading...</iframe>\n");
 						break;
--- a/application/csvpage.class.inc.php
+++ b/application/csvpage.class.inc.php
@@ -29,13 +29,15 @@ require_once(APPROOT."/application/webpage.class.inc.php");

 class CSVPage extends WebPage
 {
-    function __construct($s_title)
-    {
-        parent::__construct($s_title);
+	function __construct($s_title) {
+		parent::__construct($s_title);
 		$this->add_header("Content-type: text/plain; charset=utf-8");
-		$this->add_header("Cache-control: no-cache");
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 		//$this->add_header("Content-Transfer-Encoding: binary");
-    }	
+	}

    public function output()
    {
--- a/application/dashboard.class.inc.php
+++ b/application/dashboard.class.inc.php
@@ -674,28 +674,29 @@ class RuntimeDashboard extends Dashboard
 	{
 		$bCustomized = false;

-		if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false))
-		{
+		$sDashboardFileSanitized = utils::RealPath($sDashboardFile, APPROOT);
+		if (false === $sDashboardFileSanitized) {
+			throw new SecurityException('Invalid dashboard file !');
+		}
+
+		if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false)) {
 			// Search for an eventual user defined dashboard
 			$oUDSearch = new DBObjectSearch('UserDashboard');
 			$oUDSearch->AddCondition('user_id', UserRights::GetUserId(), '=');
 			$oUDSearch->AddCondition('menu_code', $sDashBoardId, '=');
 			$oUDSet = new DBObjectSet($oUDSearch);
-			if ($oUDSet->Count() > 0)
-			{
+			if ($oUDSet->Count() > 0) {
 				// Assuming there is at most one couple {user, menu}!
 				$oUserDashboard = $oUDSet->Fetch();
 				$sDashboardDefinition = $oUserDashboard->Get('contents');
 				$bCustomized = true;
-			}
-			else
-			{
-				$sDashboardDefinition = @file_get_contents($sDashboardFile);
+			} else {
+				$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
 			}
 		}
 		else
 		{
-			$sDashboardDefinition = @file_get_contents($sDashboardFile);
+			$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
 		}

 		if ($sDashboardDefinition !== false)
@@ -703,7 +704,7 @@ class RuntimeDashboard extends Dashboard
 			$oDashboard = new RuntimeDashboard($sDashBoardId);
 			$oDashboard->FromXml($sDashboardDefinition);
 			$oDashboard->SetCustomFlag($bCustomized);
-			$oDashboard->SetDefinitionFile($sDashboardFile);
+			$oDashboard->SetDefinitionFile($sDashboardFileSanitized);
 		}
 		else
 		{
--- a/application/dashlet.class.inc.php
+++ b/application/dashlet.class.inc.php
@@ -445,14 +445,16 @@ EOF
 			foreach($this->oModelReflection->ListAttributes($sClass) as $sAttCode => $sAttType)
 			{
 				// For external fields, find the real type of the target
+				$sExtFieldAttCode = $sAttCode;
 				$sTargetClass = $sClass;
 				while (is_a($sAttType, 'AttributeExternalField', true))
 				{
-					$sExtKeyAttCode = $this->oModelReflection->GetAttributeProperty($sTargetClass, $sAttCode, 'extkey_attcode');
-					$sTargetAttCode = $this->oModelReflection->GetAttributeProperty($sTargetClass, $sAttCode, 'target_attcode');
+					$sExtKeyAttCode = $this->oModelReflection->GetAttributeProperty($sTargetClass, $sExtFieldAttCode, 'extkey_attcode');
+					$sTargetAttCode = $this->oModelReflection->GetAttributeProperty($sTargetClass, $sExtFieldAttCode, 'target_attcode');
 					$sTargetClass = $this->oModelReflection->GetAttributeProperty($sTargetClass, $sExtKeyAttCode, 'targetclass');
 					$aTargetAttCodes = $this->oModelReflection->ListAttributes($sTargetClass);
 					$sAttType = $aTargetAttCodes[$sTargetAttCode];
+					$sExtFieldAttCode = $sTargetAttCode;
 				}
 				if (is_a($sAttType, 'AttributeLinkedSet', true))
 				{
@@ -611,12 +613,12 @@ class DashletUnknown extends Dashlet
 	{
 		$aInfos = static::GetInfo();

-		$sIconUrl = utils::GetAbsoluteUrlAppRoot().$aInfos['icon'];
+		$sIconUrl = utils::HtmlEntities(utils::GetAbsoluteUrlAppRoot().$aInfos['icon']);
 		$sExplainText = ($bEditMode) ? Dict::Format('UI:DashletUnknown:RenderText:Edit', $this->GetDashletType()) : Dict::S('UI:DashletUnknown:RenderText:View');

 		$oPage->add('<div class="dashlet-content">');

-		$oPage->add('<div class="dashlet-ukn-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
+		$oPage->add('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
 		$oPage->add('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');

 		$oPage->add('</div>');
@@ -631,12 +633,12 @@ class DashletUnknown extends Dashlet
 	{
 		$aInfos = static::GetInfo();

-		$sIconUrl = utils::GetAbsoluteUrlAppRoot().$aInfos['icon'];
+		$sIconUrl = utils::HtmlEntities(utils::GetAbsoluteUrlAppRoot().$aInfos['icon']);
 		$sExplainText = Dict::Format('UI:DashletUnknown:RenderNoDataText:Edit', $this->GetDashletType());

 		$oPage->add('<div class="dashlet-content">');

-		$oPage->add('<div class="dashlet-ukn-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
+		$oPage->add('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
 		$oPage->add('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');

 		$oPage->add('</div>');
@@ -772,12 +774,12 @@ class DashletProxy extends DashletUnknown
 	{
 		$aInfos = static::GetInfo();

-		$sIconUrl = utils::GetAbsoluteUrlAppRoot().$aInfos['icon'];
+		$sIconUrl = utils::HtmlEntities(utils::GetAbsoluteUrlAppRoot().$aInfos['icon']);
 		$sExplainText = Dict::Format('UI:DashletProxy:RenderNoDataText:Edit', $this->GetDashletType());

 		$oPage->add('<div class="dashlet-content">');

-		$oPage->add('<div class="dashlet-pxy-image"><img src="'.utils::HtmlEntities($sIconUrl).'" /></div>');
+		$oPage->add('<div class="dashlet-pxy-image"><img src="'.$sIconUrl.'" /></div>');
 		$oPage->add('<div class="dashlet-pxy-text">'.$sExplainText.'</div>');

 		$oPage->add('</div>');
@@ -858,7 +860,7 @@ class DashletPlainText extends Dashlet
 	 */
 	public function Render($oPage, $bEditMode = false, $aExtraParams = array())
 	{
-		$sText = htmlentities($this->aProperties['text'], ENT_QUOTES, 'UTF-8');
+		$sText = utils::HtmlEntities($this->aProperties['text']);
 		$sText = str_replace(array("\r\n", "\n", "\r"), "<br/>", $sText);

 		$sId = 'plaintext_'.($bEditMode? 'edit_' : '').$this->sId;
@@ -915,7 +917,7 @@ class DashletObjectList extends Dashlet
 		$sShowMenu = $this->aProperties['menu'] ? '1' : '0';

 		$oPage->add('<div class="dashlet-content">');
-		$sHtmlTitle = htmlentities(Dict::S($sTitle), ENT_QUOTES, 'UTF-8'); // done in the itop block
+		$sHtmlTitle = utils::HtmlEntities(Dict::S($sTitle)); // done in the itop block
 		if ($sHtmlTitle != '')
 		{
 			$oPage->add('<h1>'.$sHtmlTitle.'</h1>');
@@ -954,7 +956,7 @@ class DashletObjectList extends Dashlet
 		$bShowMenu = $this->aProperties['menu'];

 		$oPage->add('<div class="dashlet-content">');
-		$sHtmlTitle = htmlentities($this->oModelReflection->DictString($sTitle), ENT_QUOTES, 'UTF-8'); // done in the itop block
+		$sHtmlTitle = utils::HtmlEntities($this->oModelReflection->DictString($sTitle)); // done in the itop block
 		if ($sHtmlTitle != '')
 		{
 			$oPage->add('<h1>'.$sHtmlTitle.'</h1>');
@@ -1247,7 +1249,7 @@ abstract class DashletGroupBy extends Dashlet

 				case 'table':
 				default:
-					$sHtmlTitle = htmlentities(Dict::S($sTitle), ENT_QUOTES, 'UTF-8'); // done in the itop block
+					$sHtmlTitle = utils::HtmlEntities(Dict::S($sTitle)); // done in the itop block
 					$sType = 'count';
 					$aParams = array(
 						'group_by' => $this->sGroupByExpr,
@@ -1684,7 +1686,7 @@ class DashletGroupByPie extends DashletGroupBy

 		$sBlockId = 'block_fake_'.$this->sId.($bEditMode ? '_edit' : ''); // make a unique id (edition occuring in the same DOM)

-		$HTMLsTitle = ($sTitle != '') ? '<h1 style="text-align:center">'.htmlentities($sTitle, ENT_QUOTES, 'UTF-8').'</h1>' : '';
+		$HTMLsTitle = ($sTitle != '') ? '<h1 style="text-align:center">'.utils::HtmlEntities($sTitle).'</h1>' : '';
 		$oPage->add("<div style=\"background-color:#fff;padding:0.25em;\">$HTMLsTitle<div id=\"$sBlockId\" style=\"background-color:#fff;\"></div></div>");

 		$aDisplayValues = $this->MakeSimulatedData();
@@ -1756,7 +1758,7 @@ class DashletGroupByBars extends DashletGroupBy

 		$sBlockId = 'block_fake_'.$this->sId.($bEditMode ? '_edit' : ''); // make a unique id (edition occuring in the same DOM)

-		$HTMLsTitle = ($sTitle != '') ? '<h1 style="text-align:center">'.htmlentities($sTitle, ENT_QUOTES, 'UTF-8').'</h1>' : '';
+		$HTMLsTitle = ($sTitle != '') ? '<h1 style="text-align:center">'.utils::HtmlEntities($sTitle).'</h1>' : '';
 		$oPage->add("<div style=\"background-color:#fff;padding:0.25em;\">$HTMLsTitle<div id=\"$sBlockId\" style=\"background-color:#fff;\"></div></div>");

 		$aDisplayValues = $this->MakeSimulatedData();
@@ -1905,16 +1907,16 @@ class DashletHeaderStatic extends Dashlet
 	 */
 	public function Render($oPage, $bEditMode = false, $aExtraParams = array())
 	{
-		$sTitle = $this->aProperties['title'];
+		$sTitle = utils::HtmlEntities($this->aProperties['title']);
 		$sIcon = $this->aProperties['icon'];

 		$oIconSelect = $this->oModelReflection->GetIconSelectionField('icon');
-		$sIconPath = $oIconSelect->MakeFileUrl($sIcon);
+		$sIconPath = utils::HtmlEntities($oIconSelect->MakeFileUrl($sIcon));

 		$oPage->add('<div class="dashlet-content">');
 		$oPage->add('<div class="main_header">');

-		$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
+		$oPage->add('<img src="'.$sIconPath.'">');
 		$oPage->add('<h1>'.$this->oModelReflection->DictString($sTitle).'</h1>');

 		$oPage->add('</div>');
@@ -2035,14 +2037,14 @@ class DashletHeaderDynamic extends Dashlet
 	 */
 	public function Render($oPage, $bEditMode = false, $aExtraParams = array())
 	{
-		$sTitle = $this->aProperties['title'];
+		$sTitle = utils::HtmlEntities($this->aProperties['title']);
 		$sIcon = $this->aProperties['icon'];
-		$sSubtitle = $this->aProperties['subtitle'];
+		$sSubtitle = utils::HtmlEntities($this->aProperties['subtitle']);
 		$sQuery = $this->aProperties['query'];
 		$sGroupBy = $this->aProperties['group_by'];

 		$oIconSelect = $this->oModelReflection->GetIconSelectionField('icon');
-		$sIconPath = $oIconSelect->MakeFileUrl($sIcon);
+		$sIconPath = utils::HtmlEntities($oIconSelect->MakeFileUrl($sIcon));

 		$aValues = $this->GetValues();
 		if (count($aValues) > 0)
@@ -2070,7 +2072,7 @@ class DashletHeaderDynamic extends Dashlet
 		$oPage->add('<div class="dashlet-content">');
 		$oPage->add('<div class="main_header">');

-		$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
+		$oPage->add('<img src="'.$sIconPath.'">');

 		if (isset($aExtraParams['query_params']))
 		{
@@ -2099,9 +2101,9 @@ class DashletHeaderDynamic extends Dashlet
 	 */
 	public function RenderNoData($oPage, $bEditMode = false, $aExtraParams = array())
 	{
-		$sTitle = $this->aProperties['title'];
+		$sTitle = utils::HtmlEntities($this->aProperties['title']);
 		$sIcon = $this->aProperties['icon'];
-		$sSubtitle = $this->aProperties['subtitle'];
+		$sSubtitle = utils::HtmlEntities($this->aProperties['subtitle']);
 		$sQuery = $this->aProperties['query'];
 		$sGroupBy = $this->aProperties['group_by'];

@@ -2109,12 +2111,12 @@ class DashletHeaderDynamic extends Dashlet
 		$sClass = $oQuery->GetClass();

 		$oIconSelect = $this->oModelReflection->GetIconSelectionField('icon');
-		$sIconPath = $oIconSelect->MakeFileUrl($sIcon);
+		$sIconPath = utils::HtmlEntities($oIconSelect->MakeFileUrl($sIcon));

 		$oPage->add('<div class="dashlet-content">');
 		$oPage->add('<div class="main_header">');

-		$oPage->add('<img src="'.utils::HtmlEntities($sIconPath).'">');
+		$oPage->add('<img src="'.$sIconPath.'">');

 		$sBlockId = 'block_fake_'.$this->sId.($bEditMode ? '_edit' : ''); // make a unique id (edition occuring in the same DOM)

@@ -2145,8 +2147,8 @@ class DashletHeaderDynamic extends Dashlet
 		$sTitle = $this->oModelReflection->DictString($sTitle);
 		$sSubtitle = $this->oModelReflection->DictFormat($sSubtitle, $iTotal);

-		$oPage->add('<h1>'.$sTitle.'</h1>');
-		$oPage->add('<a class="summary">'.$sSubtitle.'</a>');
+		$oPage->add('<h1>'.utils::HtmlEntities($sTitle).'</h1>');
+		$oPage->add('<a class="summary">'.utils::HtmlEntities($sSubtitle).'</a>');
 		$oPage->add('</div>');

 		$oPage->add('</div>');
--- a/application/itopwebpage.class.inc.php
+++ b/application/itopwebpage.class.inc.php
@@ -3,7 +3,7 @@
 //
 //   This file is part of iTop.
 //
-//   iTop is free software; you can redistribute it and/or modify	
+//   iTop is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU Affero General Public License as published by
 //   the Free Software Foundation, either version 3 of the License, or
 //   (at your option) any later version.
@@ -72,7 +72,10 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage
 		$this->m_aMessages = array();
 		$this->SetRootUrl(utils::GetAbsoluteUrlAppRoot());
 		$this->add_header("Content-type: text/html; charset=utf-8");
-		$this->add_header("Cache-control: no-cache");
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 		$this->add_linked_stylesheet("../css/jquery.treeview.css");
 		$this->add_linked_stylesheet("../css/jquery.autocomplete.css");
 		$this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css");
@@ -337,7 +340,7 @@ EOF
 		.magnificPopup({type: 'image', closeOnContentClick: true });
 EOF
 		);
-		
+
 		$this->add_init_script(
 			<<< EOF
 	try
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -62,14 +62,16 @@ class LoginWebPage extends NiceWebPage
 	
 	public function __construct($sTitle = null)
 	{
-	    if($sTitle === null)
-        {
-            $sTitle = Dict::S('UI:Login:Title');
-        }
+		if ($sTitle === null) {
+			$sTitle = Dict::S('UI:Login:Title');
+		}

 		parent::__construct($sTitle);
 		$this->SetStyleSheet();
-		$this->add_header("Cache-control: no-cache");
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 	}
 	
 	public function SetStyleSheet()
@@ -156,7 +158,7 @@ class LoginWebPage extends NiceWebPage
 			$this->add("<table>\n");
 			$sForgotPwd = $this->EnableResetPassword() ? $this->ForgotPwdLink() : '';
 			$this->add("<tr><td style=\"text-align:right\"><label for=\"user\">".Dict::S('UI:Login:UserNamePrompt').":</label></td><td style=\"text-align:left\"><input id=\"user\" type=\"text\" name=\"auth_user\" value=\"".htmlentities($sAuthUser, ENT_QUOTES, 'UTF-8')."\" /></td></tr>\n");
-			$this->add("<tr><td style=\"text-align:right\"><label for=\"pwd\">".Dict::S('UI:Login:PasswordPrompt').":</label></td><td style=\"text-align:left\"><input id=\"pwd\" type=\"password\" name=\"auth_pwd\" value=\"".htmlentities($sAuthPwd, ENT_QUOTES, 'UTF-8')."\" /></td></tr>\n");
+			$this->add("<tr><td style=\"text-align:right\"><label for=\"pwd\">".Dict::S('UI:Login:PasswordPrompt').":</label></td><td style=\"text-align:left\"><input id=\"pwd\" type=\"password\" autocomplete=\"off\" name=\"auth_pwd\" value=\"".htmlentities($sAuthPwd, ENT_QUOTES, 'UTF-8')."\" /></td></tr>\n");
 			$this->add("<tr><td colspan=\"2\" class=\"center v-spacer\"><span class=\"btn_border\"><input type=\"submit\" value=\"".Dict::S('UI:Button:Login')."\" /></span></td></tr>\n");
 			if (strlen($sForgotPwd) > 0)
 			{
@@ -384,7 +386,7 @@ EOF
 			else
 			{
 				// Trash the token and change the password
-				$oUser->Set('reset_pwd_token', '');
+				$oUser->Set('reset_pwd_token', new ormPassword());
 				$oUser->AllowWrite(true);
 				$oUser->SetPassword($sNewPwd); // Does record the change into the DB
 	
@@ -707,6 +709,7 @@ EOF
 			{
 				// No rights to be here, redirect to the portal
 				header('Location: '.$ret);
+				die();
 			}
 		}
 	}
--- a/application/menunode.class.inc.php
+++ b/application/menunode.class.inc.php
@@ -3,7 +3,7 @@
 //
 //   This file is part of iTop.
 //
-//   iTop is free software; you can redistribute it and/or modify	
+//   iTop is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU Affero General Public License as published by
 //   the Free Software Foundation, either version 3 of the License, or
 //   (at your option) any later version.
@@ -293,7 +293,8 @@ EOF
 				$sHyperlink = $oMenu->GetHyperlink($aExtraParams);
 				if ($sHyperlink != '')
 				{
-					$oPage->AddToMenu('<li id="'.utils::GetSafeId('AccordionMenu_'.$oMenu->GetMenuID()).'" '.$sCSSClass.'><a href="'.$oMenu->GetHyperlink($aExtraParams).'">'.$oMenu->GetTitle().'</a></li>');
+					$sTitle = utils::HtmlEntities($oMenu->GetTitle());
+					$oPage->AddToMenu('<li id="'.utils::GetSafeId('AccordionMenu_'.$oMenu->GetMenuID()).'" '.$sCSSClass.'><a href="'.$oMenu->GetHyperlink($aExtraParams).'">'.$sTitle.'</a></li>');
 				}
 				else
 				{
@@ -905,7 +906,7 @@ class OQLMenuNode extends MenuNode
 			$oBlock->Display($oPage, 0);
 		}
 		
-		$oPage->add("<p class=\"page-header\">$sIcon ".Dict::S($sTitle)."</p>");
+		$oPage->add("<p class=\"page-header\">$sIcon ".utils::HtmlEntities(Dict::S($sTitle))."</p>");
 		
 		$aParams = array_merge(array('table_id' => $sUsageId), $aExtraParams);
 		$oBlock = new DisplayBlock($oSearch, 'list', false /* Asynchronous */, $aParams);
--- a/application/transaction.class.inc.php
+++ b/application/transaction.class.inc.php
@@ -26,8 +26,6 @@
 * @copyright   Copyright (C) 2010-2012 Combodo SARL
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
-
-
 class privUITransaction
 {
 	/**
@@ -99,9 +97,10 @@ class privUITransaction
 }

 /**
- * The original (and by default) mechanism for storing transaction information
- * as an array in the $_SESSION variable
+ * The original mechanism for storing transaction information as an array in the $_SESSION variable
 *
+ * Warning, since 2.6.0 the session is regenerated on each login (see PR #20) !
+ * Also, we saw some problems when using memcached as the PHP session implementation (see N°1835)
 */
 class privUITransactionSession
 {
@@ -194,10 +193,35 @@ class privUITransactionSession
 */
 class privUITransactionFile
 {
+	/** @var int Value to use when no user logged */
+	const UNAUTHENTICATED_USER_ID = -666;
+
+	/**
+	 * @return int current user id, or {@see self::UNAUTHENTICATED_USER_ID} if no user logged
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation
+	 */
+	private static function GetCurrentUserId()
+	{
+		$iCurrentUserId = UserRights::GetConnectedUserId();
+		if ('' === $iCurrentUserId) {
+			$iCurrentUserId = static::UNAUTHENTICATED_USER_ID;
+		}
+
+		return $iCurrentUserId;
+	}
+
 	/**
 	 * Create a new transaction id, store it in the session and return its id
+	 *
 	 * @param void
+	 *
 	 * @return int The identifier of the new transaction
+	 *
+	 * @throws \SecurityException
+	 * @throws \Exception
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 security hardening + throws SecurityException if no user logged
 	 */
 	public static function GetNewTransactionId()
 	{
@@ -207,82 +231,102 @@ class privUITransactionFile
 			{
 				throw new Exception('The directory "'.APPROOT.'data" must be writable to the application.');
 			}
+			/** @noinspection MkdirRaceConditionInspection */
 			if (!@mkdir(APPROOT.'data/transactions'))
 			{
 				throw new Exception('Failed to create the directory "'.APPROOT.'data/transactions". Ajust the rights on the parent directory or let an administrator create the transactions directory and give the web sever enough rights to write into it.');
 			}
 		}
+
 		if (!is_writable(APPROOT.'data/transactions'))
 		{
 			throw new Exception('The directory "'.APPROOT.'data/transactions" must be writable to the application.');
 		}
-		self::CleanupOldTransactions();
-		$id = basename(tempnam(APPROOT.'data/transactions', static::GetUserPrefix()));
-		self::Info('GetNewTransactionId: Created transaction: '.$id);

-		return (string)$id;
+		$iCurrentUserId = static::GetCurrentUserId();
+
+		self::CleanupOldTransactions();
+
+		$sTransactionIdFullPath = tempnam(APPROOT.'data/transactions', static::GetUserPrefix());
+		file_put_contents($sTransactionIdFullPath, $iCurrentUserId, LOCK_EX);
+
+		$sTransactionIdFileName = basename($sTransactionIdFullPath);
+		self::Info('GetNewTransactionId: Created transaction: '.$sTransactionIdFileName);
+
+		return $sTransactionIdFileName;
 	}

 	/**
 	 * Check whether a transaction is valid or not and (optionally) remove the valid transaction from
 	 * the session so that another call to IsTransactionValid for the same transaction id
 	 * will return false
+	 *
 	 * @param int $id Identifier of the transaction, as returned by GetNewTransactionId
 	 * @param bool $bRemoveTransaction True if the transaction must be removed
+	 *
 	 * @return bool True if the transaction is valid, false otherwise
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 security hardening
 	 */
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
-		$sFilepath = APPROOT.'data/transactions/'.$id;
+		// Constraint the transaction file within APPROOT.'data/transactions'
+		$sTransactionDir = realpath(APPROOT.'data/transactions');
+		$sFilepath = utils::RealPath($sTransactionDir.'/'.$id, $sTransactionDir);
+		if (($sFilepath === false) || (strlen($sTransactionDir) == strlen($sFilepath)))
+		{
+			return false;
+		}
+
 		clearstatcache(true, $sFilepath);
 		$bResult = file_exists($sFilepath);
-		if ($bResult)
+
+		if (false === $bResult) {
+			self::Info("IsTransactionValid: Transaction '$id' not found. Pending transactions:\n".implode("\n", self::GetPendingTransactions()));
+			return false;
+		}
+
+		$iCurrentUserId = static::GetCurrentUserId();
+		$sTransactionIdUserId = file_get_contents($sFilepath);
+		if ($iCurrentUserId != $sTransactionIdUserId) {
+			self::Info("IsTransactionValid: Transaction '$id' not existing for current user. Pending transactions:\n".implode("\n", self::GetPendingTransactions()));
+			return false;
+		}
+
+		if ($bRemoveTransaction)
 		{
-			if ($bRemoveTransaction)
+			$bResult = @unlink($sFilepath);
+			if (!$bResult)
 			{
-				$bResult = @unlink($sFilepath);
-				if (!$bResult)
-				{
-					self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
-				}
-				else
-				{
-					self::Info('IsTransactionValid: OK. Removed transaction: '.$id);
-				}
+				self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
+			}
+			else
+			{
+				self::Info('IsTransactionValid: OK. Removed transaction: '.$id);
 			}
 		}
-		else
-		{
-			self::Info("IsTransactionValid: Transaction '$id' not found. Pending transactions for this user:\n".implode("\n", self::GetPendingTransactions()));
-		}
+
 		return $bResult;
 	}

 	/**
 	 * Removes the transaction specified by its id
 	 * @param int $id The Identifier (as returned by GetNewTransactionId) of the transaction to be removed.
-	 * @return void
+	 * @return bool true if the token can be removed
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 security hardening
 	 */
 	public static function RemoveTransaction($id)
 	{
-		$bSuccess = true;
-		$sFilepath = APPROOT.'data/transactions/'.$id;
-		clearstatcache(true, $sFilepath);
-		if(!file_exists($sFilepath))
-		{
-			$bSuccess = false;
-			self::Error("RemoveTransaction: Transaction '$id' not found. Pending transactions for this user:\n".implode("\n", self::GetPendingTransactions()));
+		/** @noinspection PhpRedundantOptionalArgumentInspection */
+		$bResult = static::IsTransactionValid($id, true);
+		if (false === $bResult) {
+			self::Error("RemoveTransaction: Transaction '$id' is invalid. Pending transactions:\n"
+				.implode("\n", self::GetPendingTransactions()));
+			return false;
 		}
-		$bSuccess = @unlink($sFilepath);
-		if (!$bSuccess)
-		{
-			self::Error('RemoveTransaction: FAILED to remove transaction '.$id);
-		}
-		else
-		{
-			self::Info('RemoveTransaction: OK '.$id);
-		}
-		return $bSuccess;
+
+		return true;
 	}

 	/**
@@ -347,22 +391,35 @@ class privUITransactionFile
 	{
 		self::Write('Error | '.$sText);
 	}
-	
+
+	protected static function IsLogEnabled() {
+		$oConfig = MetaModel::GetConfig();
+		if (is_null($oConfig)) {
+			return false;
+		}
+
+		$bLogTransactions = $oConfig->Get('log_transactions');
+		if (true === $bLogTransactions) {
+			return true;
+		}
+
+		return false;
+	}
+
 	protected static function Write($sText)
 	{
-		$bLogEnabled = MetaModel::GetConfig()->Get('log_transactions');
-		if ($bLogEnabled)
-		{
+		if (false === static::IsLogEnabled()) {
+			return;
+		}
+
 		$hLogFile = @fopen(APPROOT.'log/transactions.log', 'a');
-		if ($hLogFile !== false)
-		{
+		if ($hLogFile !== false) {
 			flock($hLogFile, LOCK_EX);
 			$sDate = date('Y-m-d H:i:s');
 			fwrite($hLogFile, "$sDate | $sText\n");
 			fflush($hLogFile);
 			flock($hLogFile, LOCK_UN);
 			fclose($hLogFile);
-			}
 		}
 	}
 }
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -373,10 +373,10 @@ EOF
 		$sHTML .= "</form>\n";
 		$sHTML .= '</div></div>';

-		$sDialogTitle = addslashes($sTitle);
+		$sDialogTitleSanitized = addslashes(utils::HtmlToText($sTitle));
 		$oPage->add_ready_script(
 <<<EOF
-		$('#ac_dlg_{$this->iId}').dialog({ width: $(window).width()*0.8, height: $(window).height()*0.8, autoOpen: false, modal: true, title: '$sDialogTitle', resizeStop: oACWidget_{$this->iId}.UpdateSizes, close: oACWidget_{$this->iId}.OnClose });
+		$('#ac_dlg_{$this->iId}').dialog({ width: $(window).width()*0.8, height: $(window).height()*0.8, autoOpen: false, modal: true, title: '$sDialogTitleSanitized', resizeStop: oACWidget_{$this->iId}.UpdateSizes, close: oACWidget_{$this->iId}.OnClose });
 		$('#fs_{$this->iId}').bind('submit.uiAutocomplete', oACWidget_{$this->iId}.DoSearchObjects);
 		$('#dc_{$this->iId}').resize(oACWidget_{$this->iId}.UpdateSizes);
 EOF
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -308,6 +308,7 @@ class utils
 			case 'context_param':
 			case 'parameter':
 			case 'field_name':
+			case 'transaction_id':
 				if (is_array($value))
 				{
 					$retValue = array();
@@ -351,6 +352,11 @@ class utils

 					}
 				}
+			break;
+
+			// For XML / HTML node identifiers
+			case 'element_identifier':
+				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;

 			default:
@@ -1473,6 +1479,17 @@ class utils
 		return htmlentities($sValue, ENT_QUOTES, 'UTF-8');
 	}

+	/**
+	 * Helper to encapsulation iTop's html_entity_decode
+	 * @param string $sValue
+	 * @return string
+	 * @since 2.7.0
+	 */
+	public static function HtmlEntityDecode($sValue)
+	{
+		return html_entity_decode($sValue, ENT_QUOTES, 'UTF-8');
+	}
+
 	/**
 	 * Convert a string containing some (valid) HTML markup to plain text
 	 * @param string $sHtml
@@ -2032,4 +2049,66 @@ class utils
 	{
 		return ITOP_REVISION  === 'svn';
 	}
+
+	/**
+	 * helper to test if a string starts with another
+	 * @param $haystack
+	 * @param $needle
+	 *
+	 * @return bool
+	 */
+	final public static function StartsWith($haystack, $needle)
+	{
+		if (strlen($needle) > strlen($haystack))
+		{
+			return false;
+		}
+
+		return substr_compare($haystack, $needle, 0, strlen($needle)) === 0;
+	}
+
+	/**
+	 * helper to test if a string ends with another
+	 * @param $haystack
+	 * @param $needle
+	 *
+	 * @return bool
+	 */
+	final public static function EndsWith($haystack, $needle) {
+		if (strlen($needle) > strlen($haystack))
+		{
+			return false;
+		}
+
+		return substr_compare($haystack, $needle, -strlen($needle)) === 0;
+	}
+
+	/**
+	 * @param string $sPath for example '/var/www/html/itop/data/backups/manual/itop_27-2019-10-03_15_35.tar.gz'
+	 * @param string $sBasePath for example '/var/www/html/itop/data/'
+	 *
+	 * @return bool|string false if path :
+	 *      * invalid
+	 *      * not allowed
+	 *      * not contained in base path
+	 *    Otherwise return the real path (see realpath())
+	 *
+	 * @since 2.6.5 2.7.0 N°2538
+	 */
+	final public static function RealPath($sPath, $sBasePath)
+	{
+		$sFileRealPath = realpath($sPath);
+		if ($sFileRealPath === false)
+		{
+			return false;
+		}
+
+		$sRealBasePath = realpath($sBasePath); // avoid problems when having '/' on Windows for example
+		if (!self::StartsWith($sFileRealPath, $sRealBasePath))
+		{
+			return false;
+		}
+
+		return $sFileRealPath;
+	}
 }
--- a/application/webpage.class.inc.php
+++ b/application/webpage.class.inc.php
@@ -355,8 +355,10 @@ class WebPage implements Page
 	 */
 	public function no_cache()
 	{
-		$this->add_header("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
-		$this->add_header("Expires: Fri, 17 Jul 1970 05:00:00 GMT");    // Date in the past
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 	}

 	/**
--- a/application/xlsxwriter.class.php
+++ b/application/xlsxwriter.class.php
@@ -174,7 +174,7 @@ Class XLSXWriter
 			fwrite($fd,'<c r="'.$cell.'" s="'.$s.'" t="n"><v>'.self::convert_date_time($value).'</v></c>');
 		} else if ($value==''){
 			fwrite($fd,'<c r="'.$cell.'" s="'.$s.'"/>');
-		} else if ($value{0}=='='){
+		} else if ($value[0]=='='){
 			fwrite($fd,'<c r="'.$cell.'" s="'.$s.'" t="s"><f>'.self::xmlspecialchars($value).'</f></c>');
 		} else if ($value!==''){
 			fwrite($fd,'<c r="'.$cell.'" s="'.$s.'" t="s"><v>'.self::xmlspecialchars($this->setSharedString($value)).'</v></c>');
--- a/application/xmlpage.class.inc.php
+++ b/application/xmlpage.class.inc.php
@@ -43,9 +43,12 @@ class XMLPage extends WebPage
 		$this->m_bPassThrough = $bPassThrough;
 		$this->m_bHeaderSent = false;
 		$this->add_header("Content-type: text/xml; charset=utf-8");
-		$this->add_header("Cache-control: no-cache");
+		$this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+		$this->add_header('Pragma: no-cache');
+		$this->add_header('Expires: 0');
+		$this->add_header('X-Frame-Options: deny');
 		$this->add_header("Content-location: export.xml");
-	}	
+	}

 	public function output()
 	{
@@ -53,7 +56,7 @@ class XMLPage extends WebPage
 		{
 			// Get the unexpected output but do nothing with it
 			$sTrash = $this->ob_get_clean_safe();
-					
+
 			$this->s_content = "<?xml version=\"1.0\" encoding=\"UTF-8\"?".">\n".trim($this->s_content);
 			$this->add_header("Content-Length: ".strlen($this->s_content));
 			foreach($this->a_headers as $s_header)
--- a/conf/.htaccess
+++ b/conf/.htaccess
@@ -0,0 +1,13 @@
+# Apache 2.4
+<ifModule mod_authz_core.c>
+Require all denied
+</ifModule>
+
+# Apache 2.2
+<ifModule !mod_authz_core.c>
+deny from all
+Satisfy All
+</ifModule>
+
+# Apache 2.2 and 2.4
+IndexIgnore *
--- a/conf/web.config
+++ b/conf/web.config
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <security>
+      <requestFiltering>
+         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
+      </requestFiltering>
+      <authorization>
+        <deny users="*" /> <!-- Denies all users -->
+      </authorization>
+    </security>
+  </system.webServer>
+</configuration>
--- a/core/action.class.inc.php
+++ b/core/action.class.inc.php
@@ -314,42 +314,54 @@ class ActionEmail extends ActionNotification
 		{
 			$this->m_iRecipients = 0;
 			$this->m_aMailErrors = array();
-			$bRes = false; // until we do succeed in sending the email
-	
+
 			// Determine recicipients
 			//
 			$sTo = $this->FindRecipients('to', $aContextArgs);
 			$sCC = $this->FindRecipients('cc', $aContextArgs);
 			$sBCC = $this->FindRecipients('bcc', $aContextArgs);
-	
+
 			$sFrom = MetaModel::ApplyParams($this->Get('from'), $aContextArgs);
 			$sReplyTo = MetaModel::ApplyParams($this->Get('reply_to'), $aContextArgs);
-	
+
 			$sSubject = MetaModel::ApplyParams($this->Get('subject'), $aContextArgs);
 			$sBody = MetaModel::ApplyParams($this->Get('body'), $aContextArgs);
-			
+
 			$oObj = $aContextArgs['this->object()'];
-			$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/), MetaModel::GetEnvironmentId());
+			$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/),
+				MetaModel::GetEnvironmentId());
 			$sReference = '<'.$sMessageId.'>';
 		}
-		catch(Exception $e)
-		{
-  			ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
-  			throw $e;
-  		}
-		ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
-		
-		if (!is_null($oLog))
-		{
+		catch (Exception $e) {
+			/** @noinspection PhpUnhandledExceptionInspection */
+			throw $e;
+		}
+		finally {
+			ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
+		}
+
+		if (!is_null($oLog)) {
 			// Note: we have to secure this because those values are calculated
 			// inside the try statement, and we would like to keep track of as
 			// many data as we could while some variables may still be undefined
-			if (isset($sTo))       $oLog->Set('to', $sTo);
-			if (isset($sCC))       $oLog->Set('cc', $sCC);
-			if (isset($sBCC))      $oLog->Set('bcc', $sBCC);
-			if (isset($sFrom))     $oLog->Set('from', $sFrom);
-			if (isset($sSubject))  $oLog->Set('subject', $sSubject);
-			if (isset($sBody))     $oLog->Set('body', $sBody);
+			if (isset($sTo)) {
+				$oLog->Set('to', $sTo);
+			}
+			if (isset($sCC)) {
+				$oLog->Set('cc', $sCC);
+			}
+			if (isset($sBCC)) {
+				$oLog->Set('bcc', $sBCC);
+			}
+			if (isset($sFrom)) {
+				$oLog->Set('from', $sFrom);
+			}
+			if (isset($sSubject)) {
+				$oLog->Set('subject', $sSubject);
+			}
+			if (isset($sBody)) {
+				$oLog->Set('body', $sBody);
+			}
 		}
 		$sStyles = file_get_contents(APPROOT.'css/email.css');
 		$sStyles .= MetaModel::GetConfig()->Get('email_css');
@@ -439,4 +451,3 @@ class ActionEmail extends ActionNotification
 		}
 	}
 }
-?>
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -7337,6 +7337,13 @@ class AttributeImage extends AttributeBlob
 	{
 		$oDoc = parent::MakeRealValue($proposedValue, $oHostObj);

+		if (($oDoc instanceof ormDocument)
+			&& (false === $oDoc->IsEmpty())
+			&& ($oDoc->GetMimeType() === 'image/svg+xml')) {
+			$sCleanSvg = HTMLSanitizer::Sanitize($oDoc->GetData(), 'svg_sanitizer');
+			$oDoc = new ormDocument($sCleanSvg, $oDoc->GetMimeType(), $oDoc->GetFileName());
+		}
+
 		// The validation of the MIME Type is done by CheckFormat below
 		return $oDoc;
 	}
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -1049,6 +1049,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		),
+		'svg_sanitizer' => array(
+			'type' => 'string',
+			'description' => 'The class to use for SVG sanitization : allow to provide a custom made sanitizer',
+			'default' => 'SVGDOMSanitizer',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		),
 		'inline_image_max_display_width' => array(
 			'type' => 'integer',
 			'description' => 'The maximum width (in pixels) when displaying images inside an HTML formatted attribute. Images will be displayed using this this maximum width.',
@@ -1161,6 +1169,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		),
+		'security.disable_inline_documents_sandbox' => array(
+			'type' => 'bool',
+			'description' => 'If true then the sandbox for documents displayed in a browser tab will be disabled; enabling scripts and other interactive content. Note that setting this to true will open the application to potential XSS attacks!',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		),
 	);

 	public function IsProperty($sPropCode)
--- a/core/htmlsanitizer.class.inc.php
+++ b/core/htmlsanitizer.class.inc.php
@@ -34,43 +34,51 @@ abstract class HTMLSanitizer
 	
 	/**
 	 * Sanitize an HTML string with the configured sanitizer, falling back to HTMLDOMSanitizer in case of Exception or invalid configuration
+	 *
 	 * @param string $sHTML
+	 * @param string $sConfigKey
+	 *
 	 * @return string
+	 * @noinspection SelfClassReferencingInspection
 	 */
-	public static function Sanitize($sHTML)
+	public static function Sanitize($sHTML, $sConfigKey = 'html_sanitizer')
 	{
-		$sSanitizerClass = MetaModel::GetConfig()->Get('html_sanitizer');
-		if(!class_exists($sSanitizerClass))
-		{
-			IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.');
+		$sSanitizerClass = MetaModel::GetConfig()->Get($sConfigKey);
+		if (!class_exists($sSanitizerClass)) {
+			IssueLog::Warning('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.');
 			$sSanitizerClass = 'HTMLDOMSanitizer';
+		} else if (false === is_subclass_of($sSanitizerClass, HTMLSanitizer::class)) {
+			if ($sConfigKey === 'html_sanitizer') {
+				IssueLog::Warning('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.');
+				$sSanitizerClass = 'HTMLDOMSanitizer';
+			}
+			if ($sConfigKey === 'svg_sanitizer') {
+				IssueLog::Error('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of '.HTMLSanitizer::class.' ! Won\'t sanitize string.');
+
+				return $sHTML;
+			}
 		}
-		else if(!is_subclass_of($sSanitizerClass, 'HTMLSanitizer'))
-		{
-			IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.');
-			$sSanitizerClass = 'HTMLDOMSanitizer';
-		}
-		
-		try
-		{
+
+		try {
 			$oSanitizer = new $sSanitizerClass();
 			$sCleanHTML = $oSanitizer->DoSanitize($sHTML);
 		}
-		catch(Exception $e)
-		{
-			if($sSanitizerClass != 'HTMLDOMSanitizer')
-			{
-				IssueLog::Warning('Failed to sanitize an HTML string with "'.$sSanitizerClass.'". The following exception occured: '.$e->getMessage());
-				IssueLog::Warning('Will try to sanitize with HTMLDOMSanitizer.');
-				// try again with the HTMLDOMSanitizer
-				$oSanitizer = new HTMLDOMSanitizer();
-				$sCleanHTML = $oSanitizer->DoSanitize($sHTML);
-			}
-			else
-			{
-				IssueLog::Error('Failed to sanitize an HTML string with "HTMLDOMSanitizer". The following exception occured: '.$e->getMessage());
-				IssueLog::Error('The HTML will NOT be sanitized.');
-				$sCleanHTML = $sHTML;	
+		catch(Exception $e) {
+			if ($sConfigKey === 'html_sanitizer') {
+				if ($sSanitizerClass !== HTMLDOMSanitizer::class) {
+					IssueLog::Warning('Failed to sanitize an HTML string with "'.$sSanitizerClass.'". The following exception occured: '.$e->getMessage());
+					IssueLog::Warning('Will try to sanitize with HTMLDOMSanitizer.');
+					// try again with the HTMLDOMSanitizer
+					$oSanitizer = new HTMLDOMSanitizer();
+					$sCleanHTML = $oSanitizer->DoSanitize($sHTML);
+				} else {
+					IssueLog::Error('Failed to sanitize an HTML string with "HTMLDOMSanitizer". The following exception occured: '.$e->getMessage());
+					IssueLog::Error('The HTML will NOT be sanitized.');
+					$sCleanHTML = $sHTML;
+				}
+			} else {
+				IssueLog::Error('Failed to sanitize string with "'.$sSanitizerClass.'", will return original value ! Exception: '.$e->getMessage());
+				$sCleanHTML = $sHTML;
 			}
 		}
 		return $sCleanHTML;
@@ -94,67 +102,167 @@ class HTMLNullSanitizer extends HTMLSanitizer
 	{
 		return $sHTML;
 	}
-	
+
 }

+
 /**
- * A standard-compliant HTMLSanitizer based on the HTMLPurifier library by Edward Z. Yang
- * Complete but quite slow
- * http://htmlpurifier.org
+ * Common implementation for sanitizer using DOM parsing
 */
-/*
-class HTMLPurifierSanitizer extends HTMLSanitizer
+abstract class DOMSanitizer extends HTMLSanitizer
 {
-	protected static $oPurifier = null;
-	
-	public function __construct()
-	{
-		if (self::$oPurifier == null)
-		{
-			$sLibPath = APPROOT.'lib/htmlpurifier/HTMLPurifier.auto.php';
-			if (!file_exists($sLibPath))
-			{
-				throw new Exception("Missing library '$sLibPath', cannot use HTMLPurifierSanitizer.");
-			}
-			require_once($sLibPath);
-			
-			$oPurifierConfig = HTMLPurifier_Config::createDefault();
-			$oPurifierConfig->set('Core.Encoding', 'UTF-8'); // defaults to 'UTF-8'
-			$oPurifierConfig->set('HTML.Doctype', 'XHTML 1.0 Strict'); // defaults to 'XHTML 1.0 Transitional'
-			$oPurifierConfig->set('URI.AllowedSchemes', array (
-				'http' => true,
-				'https' => true,
-				'data' => true, // This one is not present by default
-			));
-			$sPurifierCache = APPROOT.'data/HTMLPurifier';
-			if (!is_dir($sPurifierCache))
-			{
-				mkdir($sPurifierCache);
-			}
-			if (!is_dir($sPurifierCache))
-			{
-				throw new Exception("Could not create the cache directory '$sPurifierCache'");
-			}
-			$oPurifierConfig->set('Cache.SerializerPath', $sPurifierCache); // no trailing slash
-			self::$oPurifier = new HTMLPurifier($oPurifierConfig);
-		}
-	}
-	
+	/** @var DOMDocument */
+	protected $oDoc;
+
+	abstract public function GetTagsWhiteList();
+
+	abstract public function GetTagsBlackList();
+
+	abstract public function GetAttrsWhiteList();
+
+	abstract public function GetAttrsBlackList();
+
+	abstract public function GetStylesWhiteList();
+
 	public function DoSanitize($sHTML)
 	{
-		$sCleanHtml = self::$oPurifier->purify($sHTML);
-		return $sCleanHtml;		
+		$this->oDoc = new DOMDocument();
+		$this->oDoc->preserveWhitespace = true;
+
+		// MS outlook implements empty lines by the mean of <p><o:p></o:p></p>
+		// We have to transform that into <p><br></p> (which is how Thunderbird implements empty lines)
+		// Unfortunately, DOMDocument::loadHTML does not take the tag namespaces into account (once loaded there is no way to know if the tag did have a namespace)
+		// therefore we have to do the transformation upfront
+		$sHTML = preg_replace('@<o:p>(\s|&nbsp;)*</o:p>@', '<br>', $sHTML);
+
+		$this->LoadDoc($sHTML);
+
+		$this->CleanNode($this->oDoc);
+
+		$sCleanHtml = $this->PrintDoc();
+
+		return $sCleanHtml;
+	}
+
+	abstract public function LoadDoc($sHTML);
+
+	/**
+	 * @return string cleaned source
+	 * @uses \DOMSanitizer::oDoc
+	 */
+	abstract public function PrintDoc();
+
+	protected function CleanNode(DOMNode $oElement)
+	{
+		$aAttrToRemove = array();
+		// Gather the attributes to remove
+		if ($oElement->hasAttributes()) {
+			foreach ($oElement->attributes as $oAttr) {
+				$sAttr = strtolower($oAttr->name);
+				if ((false === empty($this->GetAttrsBlackList()))
+					&& (in_array($sAttr, $this->GetAttrsBlackList(), true))) {
+					$aAttrToRemove[] = $oAttr->name;
+				} else if ((false === empty($this->GetTagsWhiteList()))
+					&& (false === in_array($sAttr, $this->GetTagsWhiteList()[strtolower($oElement->tagName)]))) {
+					$aAttrToRemove[] = $oAttr->name;
+				} else if (!$this->IsValidAttributeContent($sAttr, $oAttr->value)) {
+					// Invalid content
+					$aAttrToRemove[] = $oAttr->name;
+				} else if ($sAttr == 'style') {
+					// Special processing for style tags
+					$sCleanStyle = $this->CleanStyle($oAttr->value);
+					if ($sCleanStyle == '') {
+						// Invalid content
+						$aAttrToRemove[] = $oAttr->name;
+					} else {
+						$oElement->setAttribute($oAttr->name, $sCleanStyle);
+					}
+				}
+			}
+			// Now remove them
+			foreach($aAttrToRemove as $sName)
+			{
+				$oElement->removeAttribute($sName);
+			}
+		}
+		
+		if ($oElement->hasChildNodes())
+		{
+			$aChildElementsToRemove = array();
+			// Gather the child noes to remove
+			foreach($oElement->childNodes as $oNode) {
+				if ($oNode instanceof DOMElement) {
+					$sNodeTagName = strtolower($oNode->tagName);
+				}
+				if (($oNode instanceof DOMElement)
+					&& (false === empty($this->GetTagsBlackList()))
+					&& (in_array($sNodeTagName, $this->GetTagsBlackList(), true))) {
+					$aChildElementsToRemove[] = $oNode;
+				} else if (($oNode instanceof DOMElement)
+					&& (false === empty($this->GetTagsWhiteList()))
+					&& (false === array_key_exists($sNodeTagName, $this->GetTagsWhiteList()))) {
+					$aChildElementsToRemove[] = $oNode;
+				} else if ($oNode instanceof DOMComment) {
+					$aChildElementsToRemove[] = $oNode;
+				} else {
+					// Recurse
+					$this->CleanNode($oNode);
+					if (($oNode instanceof DOMElement) && (strtolower($oNode->tagName) == 'img')) {
+						InlineImage::ProcessImageTag($oNode);
+					}
+				}
+			}
+			// Now remove them
+			foreach($aChildElementsToRemove as $oDomElement)
+			{
+				$oElement->removeChild($oDomElement);
+			}
+		}
+	}
+
+	protected function IsValidAttributeContent($sAttributeName, $sValue)
+	{
+		if ((false === empty($this->GetAttrsBlackList()))
+			&& (in_array($sAttributeName, $this->GetAttrsBlackList(), true))) {
+			return true;
+		}
+
+		if (array_key_exists($sAttributeName, $this->GetAttrsWhiteList())) {
+			return preg_match($this->GetAttrsWhiteList()[$sAttributeName], $sValue);
+		}
+
+		return true;
+	}
+
+	protected function CleanStyle($sStyle)
+	{
+		if (empty($this->GetStylesWhiteList())) {
+			return $sStyle;
+		}
+
+		$aAllowedStyles = array();
+		$aItems = explode(';', $sStyle);
+		{
+			foreach ($aItems as $sItem) {
+				$aElements = explode(':', trim($sItem));
+				if (in_array(trim(strtolower($aElements[0])), $this->GetStylesWhiteList())) {
+					$aAllowedStyles[] = trim($sItem);
+				}
+			}
+		}
+
+		return implode(';', $aAllowedStyles);
 	}
 }
-*/

-class HTMLDOMSanitizer extends HTMLSanitizer
+
+class HTMLDOMSanitizer extends DOMSanitizer
 {
 	protected $oDoc;

 	/**
-	 * @var array
 	 * @see https://www.itophub.io/wiki/page?id=2_6_0%3Aadmin%3Arich_text_limitations
+	 * @var array
 	 */
 	protected static $aTagsWhiteList = array(
 		'html' => array(),
@@ -203,6 +311,7 @@ class HTMLDOMSanitizer extends HTMLSanitizer
 		'q' => array(),
 		'hr' => array('style'),
 		'pre' => array(),
+		'center' => array(),
 	);

 	protected static $aAttrsWhiteList = array(
@@ -210,8 +319,8 @@ class HTMLDOMSanitizer extends HTMLSanitizer
 	);

 	/**
-	 * @var array
 	 * @see https://www.itophub.io/wiki/page?id=2_6_0%3Aadmin%3Arich_text_limitations
+	 * @var array
 	 */
 	protected static $aStylesWhiteList = array(
 		'background-color',
@@ -235,160 +344,199 @@ class HTMLDOMSanitizer extends HTMLSanitizer
 		'white-space',
 	);

+	public function GetTagsWhiteList()
+	{
+		return static::$aTagsWhiteList;
+	}
+
+	public function GetTagsBlackList()
+	{
+		return [];
+	}
+
+	public function GetAttrsWhiteList()
+	{
+		return static::$aAttrsWhiteList;
+	}
+
+	public function GetAttrsBlackList()
+	{
+		return [];
+	}
+
+	public function GetStylesWhiteList()
+	{
+		return static::$aStylesWhiteList;
+	}
+
 	public function __construct()
 	{
+		parent::__construct();
+
 		// Building href validation pattern from url and email validation patterns as the patterns are not used the same way in HTML content than in standard attributes value.
 		// eg. "foo@bar.com" vs "mailto:foo@bar.com?subject=Title&body=Hello%20world"
-		if (!array_key_exists('href', self::$aAttrsWhiteList))
-		{
+		if (!array_key_exists('href', self::$aAttrsWhiteList)) {
 			// Regular urls
 			$sUrlPattern = utils::GetConfig()->Get('url_validation_pattern');

 			// Mailto urls
-			$sMailtoPattern = '(mailto:(' . utils::GetConfig()->Get('email_validation_pattern') . ')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';
+			$sMailtoPattern = '(mailto:('.utils::GetConfig()->Get('email_validation_pattern').')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';

 			// Notification placeholders
 			// eg. $this->caller_id$, $this->hyperlink()$, $this->hyperlink(portal)$, $APP_URL$, $MODULES_URL$, ...
 			// Note: Authorize both $xxx$ and %24xxx%24 as the latter one is encoded when used in HTML attributes (eg. a[href])
 			$sPlaceholderPattern = '(\$|%24)[\w-]*(->[\w]*(\([\w-]*?\))?)?(\$|%24)';

-			$sPattern = $sUrlPattern . '|' . $sMailtoPattern . '|' . $sPlaceholderPattern;
+			$sPattern = $sUrlPattern.'|'.$sMailtoPattern.'|'.$sPlaceholderPattern;
 			$sPattern = '/'.str_replace('/', '\/', $sPattern).'/i';
 			self::$aAttrsWhiteList['href'] = $sPattern;
 		}
 	}

-	public function DoSanitize($sHTML)
+	public function LoadDoc($sHTML)
 	{
-		$this->oDoc = new DOMDocument();
-		$this->oDoc->preserveWhitespace = true;
-
-		// MS outlook implements empty lines by the mean of <p><o:p></o:p></p>
-		// We have to transform that into <p><br></p> (which is how Thunderbird implements empty lines)
-		// Unfortunately, DOMDocument::loadHTML does not take the tag namespaces into account (once loaded there is no way to know if the tag did have a namespace)
-		// therefore we have to do the transformation upfront
-		$sHTML = preg_replace('@<o:p>(\s|&nbsp;)*</o:p>@', '<br>', $sHTML);
-
 		@$this->oDoc->loadHTML('<?xml encoding="UTF-8"?>'.$sHTML); // For loading HTML chunks where the character set is not specified
-		
-		$this->CleanNode($this->oDoc);
-		
+	}
+
+	public function PrintDoc()
+	{
 		$oXPath = new DOMXPath($this->oDoc);
 		$sXPath = "//body";
 		$oNodesList = $oXPath->query($sXPath);
-		
-		if ($oNodesList->length == 0)
-		{
+
+		if ($oNodesList->length == 0) {
 			// No body, save the whole document
 			$sCleanHtml = $this->oDoc->saveHTML();
-		}
-		else
-		{
+		} else {
 			// Export only the content of the body tag
 			$sCleanHtml = $this->oDoc->saveHTML($oNodesList->item(0));
 			// remove the body tag itself
-			$sCleanHtml = str_replace( array('<body>', '</body>'), '', $sCleanHtml);
+			$sCleanHtml = str_replace(array('<body>', '</body>'), '', $sCleanHtml);
 		}
-		
+
 		return $sCleanHtml;
 	}
-	
-	protected function CleanNode(DOMNode $oElement)
+}
+
+
+/**
+ * @since 2.6.5 2.7.6 3.0.0 N°4360
+ */
+class SVGDOMSanitizer extends DOMSanitizer
+{
+	public function GetTagsWhiteList()
 	{
-		$aAttrToRemove = array();
-		// Gather the attributes to remove
-		if ($oElement->hasAttributes())
-		{
-			foreach($oElement->attributes as $oAttr)
-			{
-				$sAttr = strtolower($oAttr->name);
-				if (!in_array($sAttr, self::$aTagsWhiteList[strtolower($oElement->tagName)]))
-				{
-					// Forbidden (or unknown) attribute
-					$aAttrToRemove[] = $oAttr->name;
-				}
-				else if (!$this->IsValidAttributeContent($sAttr, $oAttr->value))
-				{
-					// Invalid content
-					$aAttrToRemove[] = $oAttr->name;
-				}
-				else if ($sAttr == 'style')
-				{
-					// Special processing for style tags
-					$sCleanStyle = $this->CleanStyle($oAttr->value);
-					if ($sCleanStyle == '')
-					{
-						// Invalid content
-						$aAttrToRemove[] = $oAttr->name;
-					}
-					else
-					{
-						$oElement->setAttribute($oAttr->name, $sCleanStyle);
-					}
-				}
-			}
-			// Now remove them
-			foreach($aAttrToRemove as $sName)
-			{
-				$oElement->removeAttribute($sName);
-			}
-		}
-		
-		if ($oElement->hasChildNodes())
-		{
-			$aChildElementsToRemove = array();
-			// Gather the child noes to remove
-			foreach($oElement->childNodes as $oNode)
-			{
-				if (($oNode instanceof DOMElement) && (!array_key_exists(strtolower($oNode->tagName), self::$aTagsWhiteList)))
-				{
-					$aChildElementsToRemove[] = $oNode;
-				}
-				else if ($oNode instanceof DOMComment)
-				{
-					$aChildElementsToRemove[] = $oNode;
-				}
-				else
-				{
-					// Recurse
-					$this->CleanNode($oNode);
-					if (($oNode instanceof DOMElement) && (strtolower($oNode->tagName) == 'img'))
-					{
-						InlineImage::ProcessImageTag($oNode);
-					}
-				}
-			}
-			// Now remove them
-			foreach($aChildElementsToRemove as $oDomElement)
-			{
-				$oElement->removeChild($oDomElement);
-			}
-		}
+		return [];
 	}

-	protected function CleanStyle($sStyle)
+	/**
+	 * @return string[]
+	 * @link https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script
+	 */
+	public function GetTagsBlackList()
 	{
-		$aAllowedStyles = array();
-		$aItems = explode(';', $sStyle);
-		{
-			foreach($aItems as $sItem)
-			{
-				$aElements = explode(':', trim($sItem));
-				if (in_array(trim(strtolower($aElements[0])), static::$aStylesWhiteList))
-				{
-					$aAllowedStyles[] = trim($sItem);
-				}
-			}
-		}
-		return implode(';', $aAllowedStyles);
+		return [
+			'script',
+		];
 	}
-	
-	protected function IsValidAttributeContent($sAttributeName, $sValue)
+
+	public function GetAttrsWhiteList()
 	{
-		if (array_key_exists($sAttributeName, self::$aAttrsWhiteList))
-		{
-			return preg_match(self::$aAttrsWhiteList[$sAttributeName], $sValue);
-		}
-		return true;
+		return [];
 	}
-}
+
+	/**
+	 * @return string[]
+	 * @link https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/Events#document_event_attributes
+	 */
+	public function GetAttrsBlackList()
+	{
+		return [
+			'onbegin',
+			'onbegin',
+			'onrepeat',
+			'onabort',
+			'onerror',
+			'onerror',
+			'onscroll',
+			'onunload',
+			'oncopy',
+			'oncut',
+			'onpaste',
+			'oncancel',
+			'oncanplay',
+			'oncanplaythrough',
+			'onchange',
+			'onclick',
+			'onclose',
+			'oncuechange',
+			'ondblclick',
+			'ondrag',
+			'ondragend',
+			'ondragenter',
+			'ondragleave',
+			'ondragover',
+			'ondragstart',
+			'ondrop',
+			'ondurationchange',
+			'onemptied',
+			'onended',
+			'onerror',
+			'onfocus',
+			'oninput',
+			'oninvalid',
+			'onkeydown',
+			'onkeypress',
+			'onkeyup',
+			'onload',
+			'onloadeddata',
+			'onloadedmetadata',
+			'onloadstart',
+			'onmousedown',
+			'onmouseenter',
+			'onmouseleave',
+			'onmousemove',
+			'onmouseout',
+			'onmouseover',
+			'onmouseup',
+			'onmousewheel',
+			'onpause',
+			'onplay',
+			'onplaying',
+			'onprogress',
+			'onratechange',
+			'onreset',
+			'onresize',
+			'onscroll',
+			'onseeked',
+			'onseeking',
+			'onselect',
+			'onshow',
+			'onstalled',
+			'onsubmit',
+			'onsuspend',
+			'ontimeupdate',
+			'ontoggle',
+			'onvolumechange',
+			'onwaiting',
+			'onactivate',
+			'onfocusin',
+			'onfocusout',
+		];
+	}
+
+	public function GetStylesWhiteList()
+	{
+		return [];
+	}
+
+	public function LoadDoc($sHTML)
+	{
+		@$this->oDoc->loadXml($sHTML, LIBXML_NOBLANKS);
+	}
+
+	public function PrintDoc()
+	{
+		return $this->oDoc->saveXML();
+	}
+}
--- a/core/metamodel.class.php
+++ b/core/metamodel.class.php
@@ -7222,9 +7222,11 @@ abstract class MetaModel
 	 * @param string $sInput
 	 * @param array $aParams
 	 *
-	 * @return mixed
+	 * @return string
+	 *
+	 * @throws \Exception
 	 */
-	static public function ApplyParams($sInput, $aParams)
+	public static function ApplyParams($sInput, $aParams)
 	{
 		$aParams = static::AddMagicPlaceholders($aParams);

@@ -7234,7 +7236,7 @@ abstract class MetaModel

 		$aSearches = array();
 		$aReplacements = array();
-		foreach($aParams as $sSearch => $replace)
+		foreach ($aParams as $sSearch => $replace)
 		{
 			// Some environment parameters are objects, we just need scalars
 			if (is_object($replace))
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -951,6 +951,21 @@ class UserRights
 		return self::$m_oRealUser;
 	}

+	/**
+	 * @return int|string ID of the connected user : if impersonate then use {@see m_oRealUser}, else {@see m_oUser}. If no user set then return ''
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation
+	 */
+	public static function GetConnectedUserId() {
+		if (false === is_null(static::$m_oRealUser)) {
+			return static::$m_oRealUser->GetKey();
+		}
+		if (false === is_null(static::$m_oUser)) {
+			return static::$m_oUser->GetKey();
+		}
+
+		return '';
+	}
+
 	public static function GetRealUserId()
 	{
 		if (is_null(self::$m_oRealUser))
@@ -1211,7 +1226,7 @@ class UserRights
 		elseif ((self::$m_oUser !== null) && ($oUser->GetKey() == self::$m_oUser->GetKey()))
 		{
 			// Data about the current user can be found into the session data
-			if (array_key_exists('profile_list', $_SESSION))
+			if ((false === utils::IsModeCLI()) && array_key_exists('profile_list', $_SESSION))
 			{
 				$aProfiles = $_SESSION['profile_list'];
 			}
@@ -1343,9 +1358,8 @@ class UserRights
 			// The bug has been fixed in PHP 7.2, but in case session_regenerate_id()
 			// fails we just silently ignore the error and keep the same session id...
 			$old_error_handler = set_error_handler(array(__CLASS__, 'VoidErrorHandler'));
-			session_regenerate_id();
-			if ($old_error_handler !== null)
-			{
+			session_regenerate_id(true);
+			if ($old_error_handler !== null) {
 				set_error_handler($old_error_handler);
 			}
 		}
--- a/css/css-variables.scss
+++ b/css/css-variables.scss
@@ -1,5 +1,5 @@
 // Beware the version number MUST be enclosed with quotes otherwise v2.3.0 becomes v2 0.3 .0
-$version: "v2.6.2";
+$version: "v2.6.4";

 // Base colors
 $gray-base:              #000 !default;
--- a/css/light-grey.css
+++ b/css/light-grey.css
@@ -343,10 +343,10 @@ a.small_action {
  padding-left: 5px;
  padding-top: 2px;
  padding-bottom: 2px;
-  background: #ea7d1e url(../images/actions_left.png?v=v2.6.2) no-repeat left;
+  background: #ea7d1e url(../images/actions_left.png?v=v2.6.3) no-repeat left;
 }
 .actions_details span {
-  background: url(../images/actions_right.png?v=v2.6.2) no-repeat right;
+  background: url(../images/actions_right.png?v=v2.6.3) no-repeat right;
  color: #fff;
  font-weight: bold;
  padding-top: 2px;
@@ -520,7 +520,7 @@ div.actions_menu > ul {
  nowidth: 70px;
  padding-left: 5px;
  /* Nasty work-around for IE... en attendant mieux */
-  background: #ea7d1e url(../images/actions_left.png?v=v2.6.2) no-repeat top left;
+  background: #ea7d1e url(../images/actions_left.png?v=v2.6.3) no-repeat top left;
  cursor: pointer;
  margin: 0;
 }
@@ -532,7 +532,7 @@ div.actions_menu > ul > li {
  height: 17px;
  padding-right: 16px;
  padding-left: 4px;
-  background: url(../images/actions_right.png?v=v2.6.2) no-repeat top right transparent;
+  background: url(../images/actions_right.png?v=v2.6.3) no-repeat top right transparent;
  font-weight: bold;
  color: #fff;
  vertical-align: middle;
@@ -678,7 +678,7 @@ td a.dp-choose-date, a.dp-choose-date, td a.dp-choose-date:hover, a.dp-choose-da
  display: block;
  text-indent: -2000px;
  overflow: hidden;
-  background: url(../images/calendar.png?v=v2.6.2) no-repeat;
+  background: url(../images/calendar.png?v=v2.6.3) no-repeat;
 }
 td a.dp-choose-date.dp-disabled, a.dp-choose-date.dp-disabled {
  background-position: 0 -20px;
@@ -1332,19 +1332,19 @@ input.dp-applied {
 }
 /* Beware: IE6 does not support multiple selector with multiple classes, only the last class is used */
 table.listResults tr.odd td.truncated, table.listResults tr td.truncated, .wizContainer table.listResults tr.odd td.truncated, .wizContainer table.listResults tr td.truncated {
-  background: url(../images/truncated.png?v=v2.6.2) bottom repeat-x;
+  background: url(../images/truncated.png?v=v2.6.3) bottom repeat-x;
 }
 /* Beware: IE6 does not support multiple selector with multiple classes, only the last class is used */
 table.listResults tr.even td.truncated, .wizContainer table.listResults tr.even td.truncated {
-  background: #f9f9f1 url(../images/truncated.png?v=v2.6.2) bottom repeat-x;
+  background: #f9f9f1 url(../images/truncated.png?v=v2.6.3) bottom repeat-x;
 }
 /* Beware: IE6 does not support multiple selector with multiple classes, only the last class is used */
 table.listResults tr.even td.hover.truncated, .wizContainer table.listResults tr.even td.hover.truncated {
-  background: #fdf5d0 url(../images/truncated.png?v=v2.6.2) bottom repeat-x;
+  background: #fdf5d0 url(../images/truncated.png?v=v2.6.3) bottom repeat-x;
 }
 /* Beware: IE6 does not support multiple selector with multiple classes, only the last class is used */
 table.listResults tr.odd td.hover.truncated, table.listResults tr td.hover.truncated, .wizContainer table.listResults tr.odd td.hover.truncated, .wizContainer table.listResults tr td.hover.truncated {
-  background: #fdf5d0 url(../images/truncated.png?v=v2.6.2) bottom repeat-x;
+  background: #fdf5d0 url(../images/truncated.png?v=v2.6.3) bottom repeat-x;
 }
 table.listResults.truncated {
  border-bottom: 0;
@@ -1452,7 +1452,7 @@ div#logo {
 div#logo div {
  height: 88px;
  width: 244px;
-  background: url(../images/itop-logo-2.png?v=v2.6.2) left no-repeat;
+  background: url(../images/itop-logo-2.png?v=v2.6.3) left no-repeat;
 }
 #left-pane .ui-layout-north {
  overflow: hidden;
@@ -1544,7 +1544,7 @@ div#logo div {
 }
 #global-search-image {
  vertical-align: middle;
-  background: url(../images/search.png?v=v2.6.2) center center no-repeat;
+  background: url(../images/search.png?v=v2.6.3) center center no-repeat;
  display: inline-block;
  width: 28px;
  height: 30px;
@@ -1573,7 +1573,7 @@ span.ui-icon {
  margin: 0 2px;
 }
 .ui-layout-button-pin-down {
-  background: url(../images/splitter-bkg.png?v=v2.6.2) transparent;
+  background: url(../images/splitter-bkg.png?v=v2.6.3) transparent;
  width: 16px;
  background-position: -144px -144px;
 }
@@ -2092,7 +2092,7 @@ img.prev, img.first, img.next, img.last {
 }
 div.actions_button {
  float: right;
-  background: #ea7d1e url("../images/actions_left.png?v=v2.6.2") no-repeat scroll left top;
+  background: #ea7d1e url("../images/actions_left.png?v=v2.6.3") no-repeat scroll left top;
  padding-left: 5px;
  margin-top: 0;
  margin-right: 10px;
@@ -2100,7 +2100,7 @@ div.actions_button {
  vertical-align: middle;
 }
 div.actions_button a, .actions_button a:hover, .actions_button a:visited {
-  background: #ea7d1e url(../images/actions_bkg.png?v=v2.6.2) no-repeat scroll right top;
+  background: #ea7d1e url(../images/actions_bkg.png?v=v2.6.3) no-repeat scroll right top;
  color: #fff;
  padding-right: 8px;
  cursor: pointer;
@@ -2124,10 +2124,10 @@ select#org_id {
  cursor: not-allowed;
 }
 .dragHover {
-  background: url(./ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png?v=v2.6.2);
+  background: url(./ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png?v=v2.6.3);
 }
 .edit_mode .dashlet {
-  background: url(./ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png?v=v2.6.2);
+  background: url(./ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png?v=v2.6.3);
  padding: 5px;
  margin: 0;
  position: relative;
@@ -2172,7 +2172,7 @@ table.prop_table {
  top: 0;
  right: 0;
  z-index: 10;
-  background: transparent url(../images/delete.png?v=v2.6.2) no-repeat center;
+  background: transparent url(../images/delete.png?v=v2.6.3) no-repeat center;
 }
 td.prop_value {
  text-align: left;
@@ -2393,17 +2393,17 @@ a.summary, a.summary:hover {
 }
 .message_info {
  border: 1px solid #993;
-  background: url(../images/info-mini.png?v=v2.6.2) 1em 1em no-repeat #ffc;
+  background: url(../images/info-mini.png?v=v2.6.3) 1em 1em no-repeat #ffc;
  padding-left: 3em;
 }
 .message_ok {
  border: 1px solid #393;
-  background: url(../images/ok.png?v=v2.6.2) 1em 1em no-repeat #cfc;
+  background: url(../images/ok.png?v=v2.6.3) 1em 1em no-repeat #cfc;
  padding-left: 3em;
 }
 .message_error {
  border: 1px solid #933;
-  background: url(../images/error.png?v=v2.6.2) 1em 1em no-repeat #fcc;
+  background: url(../images/error.png?v=v2.6.3) 1em 1em no-repeat #fcc;
  padding-left: 3em;
 }
 .fg-menu a img {
@@ -2534,18 +2534,18 @@ div.explain-printable {
 }
 #hiddeable_chapters .ui-tabs .ui-tabs-nav li.hideable-chapter span {
  padding-left: 20px;
-  background: url(../images/eye-open-555.png?v=v2.6.2) 2px center no-repeat;
+  background: url(../images/eye-open-555.png?v=v2.6.3) 2px center no-repeat;
 }
 #hiddeable_chapters .ui-tabs .ui-tabs-nav li.hideable-chapter.strikethrough span {
  text-decoration: line-through;
-  background: url(../images/eye-closed-555.png?v=v2.6.2) 2px center no-repeat;
+  background: url(../images/eye-closed-555.png?v=v2.6.3) 2px center no-repeat;
 }
 .printable-version legend {
  padding-left: 26px;
-  background: #1c94c4 url(../images/eye-open-fff.png?v=v2.6.2) 8px center no-repeat;
+  background: #1c94c4 url(../images/eye-open-fff.png?v=v2.6.3) 8px center no-repeat;
 }
 .printable-version .strikethrough legend {
-  background: #1c94c4 url(../images/eye-closed-fff.png?v=v2.6.2) 8px center no-repeat;
+  background: #1c94c4 url(../images/eye-closed-fff.png?v=v2.6.3) 8px center no-repeat;
 }
 .printable-version fieldset.strikethrough span {
  display: none;
@@ -2696,7 +2696,7 @@ span.search-button, span.refresh-button {
 #itop-breadcrumb .breadcrumb-item a::after {
  content: '';
  position: absolute;
-  background-image: url(../images/breadcrumb-separator.png?v=v2.6.2);
+  background-image: url(../images/breadcrumb-separator.png?v=v2.6.3);
  background-repeat: no-repeat;
  width: 8px;
  height: 16px;
--- a/data/index.php
+++ b/data/index.php
@@ -1,2 +1,20 @@
 <?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
 echo 'Access denied';
--- a/data/web.config
+++ b/data/web.config
@@ -1,8 +1,13 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
-  <system.web>
-          <authorization>
-                  <deny users="*" /> <!-- Denies all users -->
-          </authorization>
-  </system.web>
+  <system.webServer>
+    <security>
+      <requestFiltering>
+         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
+      </requestFiltering>
+      <authorization>
+        <deny users="*" /> <!-- Denies all users -->
+      </authorization>
+    </security>
+  </system.webServer>
 </configuration>
--- a/datamodels/2.x/authent-external/module.authent-external.php
+++ b/datamodels/2.x/authent-external/module.authent-external.php
@@ -27,7 +27,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-external/2.6.2',
+	'authent-external/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/authent-ldap/module.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/module.authent-ldap.php
@@ -9,7 +9,7 @@ if (function_exists('ldap_connect'))

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-ldap/2.6.2',
+	'authent-ldap/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/authent-local/module.authent-local.php
+++ b/datamodels/2.x/authent-local/module.authent-local.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-local/2.6.2',
+	'authent-local/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/combodo-db-tools/cs.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/cs.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/da.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/da.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/datamodel.combodo-db-tools.xml
+++ b/datamodels/2.x/combodo-db-tools/datamodel.combodo-db-tools.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.0">
+  <menus>
+    <menu id="AdminTools" xsi:type="MenuGroup" _delta="define_if_not_exists">
+      <rank>80</rank>
+      <enable_admin_only>1</enable_admin_only>
+    </menu>
+    <menu id="DBToolsMenu" xsi:type="WebPageMenuNode" _delta="define">
+      <rank>15</rank>
+      <parent>AdminTools</parent>
+      <url>$pages/exec.php?exec_module=combodo-db-tools&amp;exec_page=dbtools.php&amp;c[menu]=DBToolsMenu</url>
+      <enable_admin_only>1</enable_admin_only>
+    </menu>
+  </menus>
+</itop_design>
--- a/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php
+++ b/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php
@@ -0,0 +1,355 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+class DatabaseAnalyzer
+{
+	var $iTimeLimitPerOperation;
+
+	public function __construct($iTimeLimitPerOperation = null)
+	{
+		$this->iTimeLimitPerOperation = $iTimeLimitPerOperation;
+	}
+
+	/**
+	 * @param $sSelWrongRecs
+	 * @param $sFixitRequest
+	 * @param $sErrorDesc
+	 * @param $sClass
+	 * @param $aErrorsAndFixes
+	 *
+	 * @throws \MySQLException
+	 */
+	private function ExecQuery($sSelWrongRecs, $sFixitRequest, $sErrorDesc, $sClass, &$aErrorsAndFixes, $aValueNames = array())
+	{
+		if (!is_null($this->iTimeLimitPerOperation))
+		{
+			set_time_limit($this->iTimeLimitPerOperation);
+		}
+
+		$aWrongRecords = CMDBSource::QueryToArray($sSelWrongRecs);
+		if (count($aWrongRecords) > 0)
+		{
+			foreach($aWrongRecords as $aRes)
+			{
+				if (!isset($aErrorsAndFixes[$sClass][$sErrorDesc]))
+				{
+					$aErrorsAndFixes[$sClass][$sErrorDesc] = array(
+						'count' => 1,
+						'query' => $sSelWrongRecs,
+					);
+					if (!empty($sFixitRequest))
+					{
+						$aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'] = array($sFixitRequest);
+					}
+				}
+				else
+				{
+					$aErrorsAndFixes[$sClass][$sErrorDesc]['count'] += 1;
+				}
+				if (empty($aValueNames))
+				{
+					$aValues = array('id' => $aRes['id']);
+				}
+				else
+				{
+					$aValues = array();
+					foreach ($aValueNames as $sValueName)
+					{
+						$aValues[$sValueName] = $aRes[$sValueName];
+					}
+				}
+
+				if (isset($aRes['value']))
+				{
+					$value = $aRes['value'];
+					$aValues['value'] = $value;
+					if (!isset($aErrorsAndFixes[$sClass][$sErrorDesc]['values'][$value]))
+					{
+						$aErrorsAndFixes[$sClass][$sErrorDesc]['values'][$value] = 1;
+					}
+					else
+					{
+						$aErrorsAndFixes[$sClass][$sErrorDesc]['values'][$value] += 1;
+					}
+				}
+				$aErrorsAndFixes[$sClass][$sErrorDesc]['res'][] = $aValues;
+			}
+		}
+	}
+
+	/**
+	 * @param $aClassSelection
+	 * @param $iShowId
+	 * @return array
+	 * @throws CoreException
+	 * @throws DictExceptionMissingString
+	 * @throws MySQLException
+	 * @throws Exception
+	 */
+	public function CheckIntegrity($aClassSelection, $iShowId)
+	{
+		// Getting and setting time limit are not symetric:
+		// www.php.net/manual/fr/function.set-time-limit.php#72305
+		$iPreviousTimeLimit = ini_get('max_execution_time');
+
+		$aErrorsAndFixes = array();
+
+		if (empty($aClassSelection))
+		{
+			$aClassSelection = MetaModel::GetClasses();
+		}
+		else
+		{
+			$aClasses = $aClassSelection;
+			foreach($aClasses as $sClass)
+			{
+				$aExpectedClasses = MetaModel::EnumChildClasses($sClass, ENUM_CHILD_CLASSES_ALL);
+				$aClassSelection = array_merge($aClassSelection, $aExpectedClasses);
+			}
+			$aClassSelection = array_unique($aClassSelection);
+		}
+
+		foreach($aClassSelection as $sClass)
+		{
+			// Check uniqueness rules
+			if (method_exists('MetaModel', 'GetUniquenessRules'))
+			{
+				$aUniquenessRules = MetaModel::GetUniquenessRules($sClass);
+				foreach ($aUniquenessRules as $sUniquenessRuleId => $aUniquenessRuleProperties)
+				{
+					if ($aUniquenessRuleProperties['disabled'] === true)
+					{
+						continue;
+					}
+					$this->CheckUniquenessRule($sClass, $sUniquenessRuleId, $aUniquenessRuleProperties, $aErrorsAndFixes);
+				}
+			}
+
+			if (!MetaModel::HasTable($sClass))
+			{
+				continue;
+			}
+			$sRootClass = MetaModel::GetRootClass($sClass);
+			$sTable = MetaModel::DBGetTable($sClass);
+			$sKeyField = MetaModel::DBGetKey($sClass);
+
+
+			if (!MetaModel::IsStandaloneClass($sClass))
+			{
+				if (!MetaModel::IsRootClass($sClass))
+				{
+					$sRootTable = MetaModel::DBGetTable($sRootClass);
+					$sRootKey = MetaModel::DBGetKey($sRootClass);
+					$sFinalClassField = MetaModel::DBGetClassField($sRootClass);
+
+					$aExpectedClasses = MetaModel::EnumChildClasses($sClass, ENUM_CHILD_CLASSES_ALL);
+					$sExpectedClasses = implode(",", CMDBSource::Quote($aExpectedClasses, true));
+
+					// Check that any record found here has its counterpart in the root table
+					//
+					$sSelect = "SELECT DISTINCT `$sTable`.`$sKeyField` AS id";
+					$sDelete = "DELETE `$sTable`";
+					$sFilter = "FROM `$sTable` LEFT JOIN `$sRootTable` ON `$sTable`.`$sKeyField` = `$sRootTable`.`$sRootKey` WHERE `$sRootTable`.`$sRootKey` IS NULL";
+					$sSelWrongRecs = "$sSelect $sFilter";
+					$sFixitRequest = "$sDelete $sFilter";
+					$this->ExecQuery($sSelWrongRecs, $sFixitRequest, Dict::Format('DBAnalyzer-Integrity-OrphanRecord', $sTable, $sRootTable), $sClass, $aErrorsAndFixes);
+
+					// Check that any record found in the root table and referring to a child class
+					// has its counterpart here (detect orphan nodes -root or in the middle of the hierarchy)
+					//
+					$sSelect = "SELECT DISTINCT `$sRootTable`.`$sRootKey` AS id";
+					$sDelete = "DELETE `$sRootTable`";
+					$sFilter = "FROM `$sRootTable` LEFT JOIN `$sTable` ON `$sRootTable`.`$sRootKey` = `$sTable`.`$sKeyField` WHERE `$sTable`.`$sKeyField` IS NULL AND `$sRootTable`.`$sFinalClassField` IN ($sExpectedClasses)";
+					$sSelWrongRecs = "$sSelect $sFilter";
+					$sFixitRequest = "$sDelete $sFilter";
+					$this->ExecQuery($sSelWrongRecs, $sFixitRequest, Dict::Format('DBAnalyzer-Integrity-OrphanRecord', $sRootTable, $sTable), $sRootClass, $aErrorsAndFixes);
+				}
+			}
+
+			foreach(MetaModel::ListAttributeDefs($sClass) as $sAttCode => $oAttDef)
+			{
+				// Skip this attribute if not defined in this table
+				if (!MetaModel::IsAttributeOrigin($sClass, $sAttCode))
+				{
+					continue;
+				}
+
+				if ($oAttDef->IsExternalKey())
+				{
+					// Check that any external field is pointing to an existing object
+					//
+					$sRemoteClass = $oAttDef->GetTargetClass();
+					$sRemoteTable = MetaModel::DBGetTable($sRemoteClass);
+					$sRemoteKey = MetaModel::DBGetKey($sRemoteClass);
+
+					$aCols = $oAttDef->GetSQLExpressions(); // Workaround a PHP bug: sometimes issuing a Notice if invoking current(somefunc())
+					$sExtKeyField = current($aCols); // get the first column for an external key
+
+					// Note: a class/table may have an external key on itself
+					$sSelect = "SELECT DISTINCT `$sTable`.`$sKeyField` AS id, `$sTable`.`$sExtKeyField` AS value";
+					$sFilter = "FROM `$sTable` LEFT JOIN `$sRemoteTable` AS `{$sRemoteTable}_1` ON `$sTable`.`$sExtKeyField` = `{$sRemoteTable}_1`.`$sRemoteKey`";
+
+					$sFilter = $sFilter." WHERE `{$sRemoteTable}_1`.`$sRemoteKey` IS NULL";
+					// Exclude the records pointing to 0/null from the errors (separate test below)
+					$sFilter .= " AND `$sTable`.`$sExtKeyField` IS NOT NULL";
+					$sFilter .= " AND `$sTable`.`$sExtKeyField` != 0";
+
+					$sSelWrongRecs = "$sSelect $sFilter";
+
+					$sErrorDesc = Dict::Format('DBAnalyzer-Integrity-InvalidExtKey', $sAttCode, $sTable, $sExtKeyField);
+					$this->ExecQuery($sSelWrongRecs, '', $sErrorDesc, $sClass, $aErrorsAndFixes);
+					// Fix it request needs the values of the enum to generate the requests
+					if (isset($aErrorsAndFixes[$sClass][$sErrorDesc]['values']))
+					{
+						$aFixit = array();
+						$aFixit[] = "-- Remove inconsistant entries:";
+						$sIds = implode(', ', array_keys($aErrorsAndFixes[$sClass][$sErrorDesc]['values']));
+						$aFixit[] = "DELETE `$sTable` FROM `$sTable` WHERE `$sTable`.`$sExtKeyField` IN ($sIds)";
+						$aFixit[] = "";
+						$aFixit[] = "-- Or fix inconsistant values: Replace XXX with the appropriate value";
+						foreach (array_keys($aErrorsAndFixes[$sClass][$sErrorDesc]['values']) as $sKey)
+						{
+							$aFixit[] = "UPDATE `$sTable` SET `$sTable`.`$sExtKeyField` = XXX WHERE `$sTable`.`$sExtKeyField` = '$sKey'";
+						}
+						$aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'] = $aFixit;
+					}
+
+					if (!$oAttDef->IsNullAllowed())
+					{
+						$sSelect = "SELECT DISTINCT `$sTable`.`$sKeyField` AS id";
+						$sDelete = "DELETE `$sTable`";
+						$sFilter = "FROM `$sTable` WHERE `$sTable`.`$sExtKeyField` IS NULL OR `$sTable`.`$sExtKeyField` = 0";
+						$sSelWrongRecs = "$sSelect $sFilter";
+						$sFixitRequest = "$sDelete $sFilter";
+						$sErrorDesc = Dict::Format('DBAnalyzer-Integrity-MissingExtKey', $sAttCode, $sTable, $sExtKeyField);
+						$this->ExecQuery($sSelWrongRecs, $sFixitRequest, $sErrorDesc, $sClass, $aErrorsAndFixes);
+						if (isset($aErrorsAndFixes[$sClass][$sErrorDesc]['count']) && ($aErrorsAndFixes[$sClass][$sErrorDesc]['count'] > 0))
+						{
+							$aFixit = $aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'];
+							$aFixit[] = "-- Alternate fix";
+							$aFixit[] = "-- Replace XXX with the appropriate value";
+							$aFixit[] = "UPDATE `$sTable` SET `$sTable`.`$sExtKeyField` = XXX WHERE `$sTable`.`$sExtKeyField` IS NULL OR `$sTable`.`$sExtKeyField` = 0";
+							$aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'] = $aFixit;
+						}
+					}
+				}
+				elseif ($oAttDef->IsDirectField() && !($oAttDef instanceof AttributeTagSet))
+				{
+					// Check that the values fit the allowed values
+					//
+					$aAllowedValues = MetaModel::GetAllowedValues_att($sClass, $sAttCode);
+					if (!is_null($aAllowedValues) && count($aAllowedValues) > 0)
+					{
+						$sExpectedValues = implode(",", CMDBSource::Quote(array_keys($aAllowedValues), true));
+
+						$aCols = $oAttDef->GetSQLExpressions(); // Workaround a PHP bug: sometimes issuing a Notice if invoking current(somefunc())
+						$sMyAttributeField = current($aCols); // get the first column for the moment
+						$sSelWrongRecs = "SELECT DISTINCT `$sTable`.`$sKeyField` AS id, `$sTable`.`$sMyAttributeField` AS value FROM `$sTable` WHERE `$sTable`.`$sMyAttributeField` NOT IN ($sExpectedValues)";
+						$sErrorDesc = Dict::Format('DBAnalyzer-Integrity-InvalidValue', $sAttCode, $sTable, $sMyAttributeField);
+						$this->ExecQuery($sSelWrongRecs, '', $sErrorDesc, $sClass, $aErrorsAndFixes);
+						// Fix it request needs the values of the enum to generate the requests
+						if (isset($aErrorsAndFixes[$sClass][$sErrorDesc]['values']))
+						{
+							if (isset($aErrorsAndFixes[$sClass][$sErrorDesc]['fixit']))
+							{
+								$aFixit = $aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'];
+							}
+							else
+							{
+								$aFixit = array("-- Replace 'XXX' with the appropriate value");
+							}
+							foreach (array_keys($aErrorsAndFixes[$sClass][$sErrorDesc]['values']) as $sKey)
+							{
+								$aFixit[] = "UPDATE `$sTable` SET `$sTable`.`$sMyAttributeField` = 'XXX' WHERE `$sTable`.`$sMyAttributeField` = '$sKey'";
+							}
+							$aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'] = $aFixit;
+						}
+					}
+				}
+			}
+		}
+
+		// Check user accounts without profile
+		$sUserTable = MetaModel::DBGetTable('User');
+		$sLinkTable = MetaModel::DBGetTable('URP_UserProfile');
+		$sSelect = "SELECT DISTINCT u.id AS id, u.`login` AS value";
+		$sFilter = "FROM `$sUserTable` AS u LEFT JOIN `$sLinkTable` AS l ON l.userid = u.id WHERE l.id IS NULL";
+		$sSelWrongRecs = "$sSelect $sFilter";
+		$sFixit = "-- Remove the corresponding user(s)";
+		$this->ExecQuery($sSelWrongRecs, $sFixit, Dict::S('DBAnalyzer-Integrity-UsersWithoutProfile'), 'User', $aErrorsAndFixes);
+
+		if (!is_null($this->iTimeLimitPerOperation))
+		{
+			set_time_limit($iPreviousTimeLimit);
+		}
+		return $aErrorsAndFixes;
+	}
+
+	private function CheckUniquenessRule($sClass, $sUniquenessRuleId, $aUniquenessRuleProperties, &$aErrorsAndFixes)
+	{
+		$sOqlUniquenessQuery = "SELECT $sClass";
+		if (!(empty($sUniquenessFilter = $aUniquenessRuleProperties['filter'])))
+		{
+			$sOqlUniquenessQuery .= ' WHERE '.$sUniquenessFilter;
+		}
+		$oUniquenessQuery = DBObjectSearch::FromOQL($sOqlUniquenessQuery);
+
+		$aValueNames = array();
+		$aGroupByExpr = array();
+		foreach ($aUniquenessRuleProperties['attributes'] as $sAttributeCode)
+		{
+			$oExpr = Expression::FromOQL("$sClass.$sAttributeCode");
+			$aGroupByExpr[$sAttributeCode] = $oExpr;
+			$aValueNames[] = $sAttributeCode;
+		}
+
+		$aSelectExpr = array();
+
+		$sSQLUniquenessQuery = $oUniquenessQuery->MakeGroupByQuery(array(), $aGroupByExpr, false, $aSelectExpr);
+
+		$sSQLUniquenessQuery .= ' having count(*) > 1';
+
+		$sErrorDesc = $this->GetUniquenessRuleMessage($sClass, $sUniquenessRuleId);
+
+		$this->ExecQuery($sSQLUniquenessQuery, '', $sErrorDesc, $sClass, $aErrorsAndFixes, $aValueNames);
+		if (isset($aErrorsAndFixes[$sClass][$sErrorDesc]['res']))
+		{
+			$aFixit = array("-- In order to get the duplicates, run the following queries:");
+			foreach ($aErrorsAndFixes[$sClass][$sErrorDesc]['res'] as $aValues)
+			{
+				$oFixSearch = new DBObjectSearch($sClass);
+				foreach ($aValues as $sAttCode => $sValue)
+				{
+					$oFixSearch->AddCondition($sAttCode, $sValue, '=');
+				}
+				$aFixit[] = $oFixSearch->MakeSelectQuery().';';
+				$aFixit[] = "";
+			}
+			$aErrorsAndFixes[$sClass][$sErrorDesc]['fixit'] = $aFixit;
+		}
+
+		return;
+	}
+
+	private function GetUniquenessRuleMessage($sCurrentClass, $sUniquenessRuleId)
+	{
+		// we could add also a specific message if user is admin ("dict key is missing")
+		return Dict::Format('Core:UniquenessDefaultError', $sUniquenessRuleId);
+	}
+}
--- a/datamodels/2.x/combodo-db-tools/dbtools.php
+++ b/datamodels/2.x/combodo-db-tools/dbtools.php
@@ -0,0 +1,602 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+@include_once('../../approot.inc.php');
+@include_once('../approot.inc.php');
+require_once(APPROOT.'application/application.inc.php');
+require_once(APPROOT.'application/itopwebpage.class.inc.php');
+require_once(APPROOT.'application/ajaxwebpage.class.inc.php');
+require_once(APPROOT.'application/startup.inc.php');
+require_once(APPROOT.'application/loginwebpage.class.inc.php');
+
+require_once('db_analyzer.class.inc.php');
+
+const MAX_RESULTS = 10;
+
+/**
+ * @param iTopWebPage $oP
+ * @param ApplicationContext $oAppContext
+ *
+ * @return \iTopWebPage
+ * @throws CoreException
+ * @throws DictExceptionMissingString
+ * @throws MySQLException
+ */
+function DisplayDBInconsistencies(iTopWebPage &$oP, ApplicationContext &$oAppContext)
+{
+	$iShowId = intval(utils::ReadParam('show_id', '0'));
+	$sErrorLabelSelection = utils::ReadParam('error_selection', '');
+	$sClassSelection = utils::ReadParam('class_selection', '');
+	if (!empty($sClassSelection))
+	{
+		$aClassSelection = explode(",", $sClassSelection);
+	}
+	else
+	{
+		$aClassSelection = array();
+	}
+	$sClassSelection = utils::ReadParam('class_selection', '');
+
+	$oP->SetCurrentTab(Dict::S('DBTools:Inconsistencies'));
+
+	$bRunAnalysis = intval(utils::ReadParam('run_analysis', '0'));
+	if ($bRunAnalysis)
+	{
+		$oDBAnalyzer = new DatabaseAnalyzer();
+		$aResults = $oDBAnalyzer->CheckIntegrity($aClassSelection, $iShowId);
+		if (empty($aResults))
+		{
+			$oP->p('<div class="header_message message_ok">'.Dict::S('DBTools:NoError').'</div>');
+		}
+	}
+
+	$oP->add('<div style="padding: 15px; background: #ddd;">');
+	$oP->add("<form>");
+	$oP->add("<table border=0>");
+
+	$oP->add("<tr><td>");
+	$sChecked = ($iShowId == 0) ? 'checked' : '';
+	$oP->add("<label><input type=\"radio\" $sChecked name=\"show_id\" value=\"0\">".Dict::S('DBTools:HideIds').'</label>');
+	$oP->add("</td><td>");
+	$sChecked = ($iShowId == 1) ? 'checked' : '';
+	$oP->add("<label><input type=\"radio\" $sChecked name=\"show_id\" value=\"1\">".Dict::S('DBTools:ShowIds').'</label>');
+	$oP->add("</td><td>");
+	$sChecked = ($iShowId == 3) ? 'checked' : '';
+	$oP->add("<label><input type=\"radio\" $sChecked name=\"show_id\" value=\"3\">".Dict::S('DBTools:ShowReport').'</label>');
+	$oP->add("</td></tr>\n");
+
+	$oP->add("</table><br>\n");
+
+	$oP->add("<input type=\"submit\" value=\"".Dict::S('DBTools:Analyze')."\">\n");
+	$oP->add('<input type="hidden" name="class_selection" value="'.$sClassSelection.'"/>');
+	$oP->add('<input type="hidden" name="error_selection" value="'.$sErrorLabelSelection.'"/>');
+	$oP->add('<input type="hidden" name="run_analysis" value="1"/>');
+	$oP->add('<input type="hidden" name="exec_module" value="combodo-db-tools"/>');
+	$oP->add('<input type="hidden" name="exec_page" value="dbtools.php"/>');
+	$oP->add($oAppContext->GetForForm());
+	$oP->add("</form>\n");
+	$oP->add('</div>');
+
+
+	if (!empty($sErrorLabelSelection) || !empty($sClassSelection))
+	{
+		$oP->add("<br>");
+		$oP->add("<form>");
+		$oP->add('<input type="hidden" name="show_id" value="0"/>');
+		$oP->add('<input type="hidden" name="class_selection" value=""/>');
+		$oP->add('<input type="hidden" name="error_selection" value=""/>');
+		$oP->add('<input type="hidden" name="exec_module" value="combodo-db-tools"/>');
+		$oP->add('<input type="hidden" name="exec_page" value="dbtools.php"/>');
+		$oP->add("<input type=\"submit\" value=\"".Dict::S('DBTools:ShowAll')."\">\n");
+		$oP->add("</form>\n");
+	}
+
+	if (!empty($aResults))
+	{
+
+		if ($iShowId == 3)
+		{
+			DisplayInconsistenciesReport($aResults);
+		}
+
+		$oP->p(Dict::S('DBTools:ErrorsFound'));
+
+		$oP->add('<table class="listResults"><tr><th>'.Dict::S('DBTools:Class').'</th><th>'.Dict::S('DBTools:Count').'</th><th>'.Dict::S('DBTools:Error').'</th></tr>');
+		$bTable = true;
+		foreach($aResults as $sClass => $aErrorList)
+		{
+			foreach($aErrorList as $sErrorLabel => $aError)
+			{
+				if (!empty($sErrorLabelSelection) && ($sErrorLabel != $sErrorLabelSelection))
+				{
+					continue;
+				}
+
+				if (!$bTable)
+				{
+					$oP->add('<br>');
+					$oP->add('<table class="listResults"><tr><th></th><th>Class</th><th>Count</th><th>Error</th></tr>');
+					$bTable = true;
+				}
+
+				$oP->add('<tr>');
+
+
+				$oP->add('<td>'.MetaModel::GetName($sClass).' ('.$sClass.')</td>');
+				$iCount = $aError['count'];
+				$oP->add('<td>'.$iCount.'</td>');
+				$oP->add('<td>'.$sErrorLabel.'</td>');
+				$oP->add('</tr>');
+
+				if ($iShowId > 0)
+				{
+					$oP->add('</table>');
+					$bTable = false;
+					$oP->p(Dict::S('DBTools:SQLquery'));
+					$sQuery = $aError['query'];
+					$oP->add('<div style="padding: 15px; background: #f1f1f1;">');
+					$oP->add('<code>'.$sQuery.'</code>');
+					$oP->add('</div>');
+
+					if (isset($aError['fixit']))
+					{
+						$oP->p(Dict::S('DBTools:FixitSQLquery'));
+						$aQueries = $aError['fixit'];
+						$oP->add('<div style="padding: 15px; background: #f1f1f1;">');
+						foreach($aQueries as $sFixQuery)
+						{
+							$oP->add('<pre>'.$sFixQuery.'</pre>');
+						}
+						$oP->add('<br></div>');
+					}
+
+					$oP->p(Dict::S('DBTools:SQLresult'));
+					$sQueryResult = '';
+					$iCount = count($aError['res']);
+					$iMaxCount = MAX_RESULTS;
+					foreach($aError['res'] as $aRes)
+					{
+						$iMaxCount--;
+						if ($iMaxCount < 0)
+						{
+							$sQueryResult .= 'Displayed '.MAX_RESULTS."/$iCount results.<br>";
+							break;
+						}
+						foreach($aRes as $sKey => $sValue)
+						{
+							$sQueryResult .= "'$sKey'='$sValue'&nbsp;";
+						}
+						$sQueryResult .= '<br>';
+					}
+					$oP->add('<div style="padding: 15px; background: #f1f1f1;">');
+					$oP->add('<code>'.$sQueryResult.'</code>');
+					$oP->add('</div>');
+				}
+			}
+		}
+		$oP->add('</table>');
+	}
+	return $oP;
+}
+
+/**
+ * @param $aResults
+ *
+ * @return mixed
+ * @throws CoreException
+ * @throws DictExceptionMissingString
+ */
+function DisplayInconsistenciesReport($aResults)
+{
+	$sDBToolsFolder = str_replace("\\", '/', APPROOT.'log/');
+	$sReportFile = 'dbtools-report-'.date('Y-m-d-H-i-s');
+
+	$fReport = fopen($sDBToolsFolder.$sReportFile.'.txt', 'w');
+	fwrite($fReport, 'Database Maintenance tools: '.date('Y-m-d H:i:s')."\r\n");
+	foreach($aResults as $sClass => $aErrorList)
+	{
+		fwrite($fReport, '');
+		foreach($aErrorList as $sErrorLabel => $aError)
+		{
+			fwrite($fReport, "\r\n----------\r\n");
+			fwrite($fReport, 'Class: '.MetaModel::GetName($sClass).' ('.$sClass.")\r\n");
+			$iCount = $aError['count'];
+			fwrite($fReport, 'Count: '.$iCount."\r\n");
+			fwrite($fReport, 'Error: '.$sErrorLabel."\r\n");
+			$sQuery = $aError['query'];
+			fwrite($fReport, 'Query: '.$sQuery."\r\n");
+
+			if (isset($aError['fixit']))
+			{
+				fwrite($fReport, "\r\nFix it (indication):\r\n\r\n");
+				$aFixitQueries = $aError['fixit'];
+				foreach($aFixitQueries as $sFixitQuery)
+				{
+					fwrite($fReport, "$sFixitQuery\r\n");
+				}
+				fwrite($fReport, "\r\n");
+			}
+
+			$sQueryResult = '';
+			$aIdList = array();
+			foreach($aError['res'] as $aRes)
+			{
+				foreach($aRes as $sKey => $sValue)
+				{
+					$sQueryResult .= "'$sKey'='$sValue' ";
+					if ($sKey == 'id')
+					{
+						$aIdList[] = $sValue;
+					}
+				}
+				$sQueryResult .= "\r\n";
+
+			}
+			fwrite($fReport, "Result: \r\n".$sQueryResult);
+			$sIdList = '('.implode(',', $aIdList).')';
+			fwrite($fReport, 'Ids: '.$sIdList."\r\n");
+		}
+	}
+	fclose($fReport);
+
+	$oArchive = new ZipArchive();
+	$oArchive->open($sDBToolsFolder.$sReportFile.'.zip', ZipArchive::CREATE);
+	$oArchive->addFile($sDBToolsFolder.$sReportFile.'.txt', $sReportFile.'.txt');
+	$oArchive->close();
+	unlink($sDBToolsFolder.$sReportFile.'.txt');
+	$sReportFile = $sDBToolsFolder.$sReportFile.'.zip';
+
+
+	header('Content-Description: File Transfer');
+	header('Content-Type: multipart/x-zip');
+	header('Content-Disposition: inline; filename="'.basename($sReportFile).'"');
+	header('Expires: 0');
+	header('Cache-Control: must-revalidate');
+	header('Pragma: public');
+	header('Content-Length: '.filesize($sReportFile));
+	readfile($sReportFile);
+	unlink($sReportFile);
+	exit(0);
+}
+
+/**
+ * @return float
+ * @throws MySQLException
+ * @throws MySQLHasGoneAwayException
+ */
+function GetDatabaseSize()
+{
+	$sShema = CMDBSource::DBName();
+
+	$sReq = <<<EOF
+SELECT round(sum(data_length+index_length)/1024/1024,2) AS sz
+FROM information_schema.tables 
+WHERE table_schema = '$sShema';
+EOF;
+
+	$oResult = CMDBSource::Query($sReq);
+	if ($oResult !== false)
+	{
+		$aRow = $oResult->fetch_assoc();
+		$sSize = $aRow['sz'];
+		return $sSize;
+	}
+
+	return 0;
+}
+
+/**
+ * @param iTopWebPage $oP
+ * @param ApplicationContext $oAppContext
+ *
+ * @return \iTopWebPage
+ * @throws \MySQLException
+ * @throws \MySQLHasGoneAwayException
+ */
+function DisplayDatabaseInfo(iTopWebPage &$oP, ApplicationContext &$oAppContext)
+{
+	// Build HTML
+	$oP->SetCurrentTab(Dict::S('DBTools:DatabaseInfo'));
+
+	$oP->add('<div style="padding: 15px; background: #ddd;">');
+	$oP->add('<table class="listResults"><tr><th>'.Dict::S('DBTools:Base').'</th><th>'.Dict::S('DBTools:Size').'</th></tr>');
+
+	$oP->add('<tr>');
+	$oP->add('<td>');
+	$oP->add(CMDBSource::DBName());
+	$oP->add('</td>');
+	$oP->add('<td>');
+	$fSize = GetDatabaseSize();
+	$oP->add("$fSize MB");
+	$oP->add('</td>');
+	$oP->add('</tr>');
+	$oP->add('</table>');
+
+	$oP->add('</div>');
+
+	return $oP;
+}
+
+/**
+ * @param iTopWebPage $oP
+ * @param ApplicationContext $oAppContext
+ *
+ * @return \iTopWebPage
+ * @throws CoreException
+ * @throws MySQLException
+ * @throws \Exception
+ */
+function DisplayLostAttachments(iTopWebPage &$oP, ApplicationContext &$oAppContext)
+{
+	// Retrieve parameters
+	$sStepName = utils::ReadParam('step_name');
+	$aRecordsToClean = utils::ReadParam('dbt-cbx', array(), false, 'raw_data');
+
+	$iRestoredItemsCount = 0;
+	$iRecordsToCleanCount = count($aRecordsToClean);
+	$aErrorsReport = array();
+
+	$bDoAnalyze = in_array($sStepName, array('analyze', 'restore'));
+	$bDoRestore = in_array($sStepName, array('restore'));
+
+	// Build HTML
+	$oP->SetCurrentTab(Dict::S('DBTools:LostAttachments'));
+
+	$oP->add('<div class="db-tools-tab-content">');
+	$oP->add('<div class="dbt-lostattachments">');
+
+	$oP->add('<div class="header_message message_info">'.Dict::S('DBTools:LostAttachments:Disclaimer').'</div>');
+	$oP->add('<div class="dbt-steps">');
+	$oP->add('<form>');
+	$oP->add('<input type="hidden" name="exec_module" value="combodo-db-tools"/>');
+	$oP->add('<input type="hidden" name="exec_page" value="dbtools.php"/>');
+
+	// Step 1: Analyze DB
+	$oP->add('<div class="dbt-step"><p class="dbt-step-description"><span class="dbt-step-number">1.</span><span>'.Dict::S('DBTools:LostAttachments:Step:Analyze').'</span></p><button type="submit" name="step_name" value="analyze">'.Dict::S('DBTools:LostAttachments:Button:Analyze') .'</button></div>');
+
+	// Step 2: Display results
+	if($bDoAnalyze)
+	{
+		// Check if we have to restore some items first
+		if($bDoRestore)
+		{
+			foreach($aRecordsToClean as $sRecordToClean)
+			{
+				utils::PushArchiveMode(false);  // For iTop < 2.5, the application can be wrongly set to archive mode true when it fails from retrieving an object. See r5340.
+				try
+				{
+					// Retrieve attachment
+					$aLocationParts = explode('::', $sRecordToClean);
+					/** @var \DBObject $oOriginObject */
+					$oOriginObject = MetaModel::GetObject($aLocationParts[0], $aLocationParts[1], true, true);
+					/** @var \ormDocument $oOrmDocument */
+					$oOrmDocument = $oOriginObject->Get('contents');
+
+					// Retrieve target object
+					$sTargetClass = $oOriginObject->Get('item_class');
+					$sTargetId = $oOriginObject->Get('item_id');
+					/** @var \DBObject $oTargetObject */
+					$oTargetObject = MetaModel::GetObject($sTargetClass, $sTargetId, true, true);
+
+					// Put it on the target object
+					/** @var \Attachment $oAttachment */
+					$oAttachment = MetaModel::NewObject('Attachment');
+					$oAttachment->Set('item_class', $sTargetClass);
+					$oAttachment->Set('item_id', $sTargetId);
+					$oAttachment->Set('item_org_id', $oTargetObject->Get('org_id'));
+					$oAttachment->Set('contents', $oOrmDocument);
+					$oAttachment->DBInsert();
+
+					// Put history entry
+					$sHistoryEntry = Dict::Format('DBTools:LostAttachments:History', $oOrmDocument->GetFileName());
+					CMDBObject::SetTrackInfo(UserRights::GetUserFriendlyName());
+					$oChangeOp = MetaModel::NewObject('CMDBChangeOpPlugin');
+					/** @var \Change $oChange */
+					$oChange = CMDBObject::GetCurrentChange();
+					$oChangeOp->Set('change', $oChange->GetKey());
+					$oChangeOp->Set('objclass', $sTargetClass);
+					$oChangeOp->Set('objkey', $sTargetId);
+					$oChangeOp->Set('description', $sHistoryEntry);
+					$oChangeOp->DBInsert();
+
+					// Remove origin object (should only be done for InlineImage)
+					$oOriginObject->DBDelete();
+
+					$iRestoredItemsCount++;
+				}
+				catch(Exception $e)
+				{
+					$aErrorsReport[] = 'Could not restore attachment from '.$sRecordToClean.', cause: '.$e->getMessage();
+				}
+				utils::PopArchiveMode();
+			}
+		}
+
+		// Search attachments stored as inline images
+		$sInlineImageDBTable = MetaModel::DBGetTable('InlineImage');
+		$sSelWrongRecs = 'SELECT id, secret, "InlineImage" AS current_class, id AS current_id, item_class AS target_class, item_id AS target_id, contents_filename AS filename FROM '.$sInlineImageDBTable.' WHERE contents_mimetype NOT LIKE "image/%"';
+		$aWrongRecords = CMDBSource::QueryToArray($sSelWrongRecs);
+
+		$oP->add('<div class="dbt-step">');
+		$oP->add('<p class="dbt-step-description"><span class="dbt-step-number">2.</span><span>'.Dict::S('DBTools:LostAttachments:Step:AnalyzeResults').'</span></p>');
+
+		if(empty($aWrongRecords))
+		{
+			$oP->add('<div class="header_message message_ok">'.Dict::S('DBTools:LostAttachments:Step:AnalyzeResults:None').'</div>');
+		}
+		else
+		{
+			$oP->add('<div class="header_message message_error">'.Dict::Format('DBTools:LostAttachments:Step:AnalyzeResults:Some', count($aWrongRecords)).'</div>');
+
+			// Display errors as table
+			$oP->add('<table class="listResults">');
+			$oP->add('<tr><th><input type="checkbox" class="dbt-toggler-cbx" /></th><th>'.Dict::S('DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename').'</th><th>'.Dict::S('DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation').'</th><th>'.Dict::S('DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation').'</th></tr>');
+
+			foreach($aWrongRecords as $iIndex => $aWrongRecord)
+			{
+
+				$sCurrentClass = $aWrongRecord['current_class'];
+				$sCurrentId = $aWrongRecord['current_id'];
+				$sRecordToClean = Dict::S('DBTools:LostAttachments:StoredAsInlineImage');
+
+				$sTargetClass = $aWrongRecord['target_class'];
+				$sTargetId = $aWrongRecord['target_id'];
+				$sTargetLocation = '<a href="'.ApplicationContext::MakeObjectUrl($sTargetClass, $sTargetId).'" target="_blank">'.$sTargetClass.'::'.$sTargetId.'</a>';
+
+				$sFilename = '<a href="'.utils::GetAbsoluteUrlAppRoot().INLINEIMAGE_DOWNLOAD_URL.$aWrongRecord['id'].'&s='.$aWrongRecord['secret'].'" target="_blank">'.$aWrongRecord['filename'].'</a>';
+
+				$sRowClass = ($iIndex % 2 === 0) ? 'odd' : 'even'; // (Starts at 0, not 1)
+				$oP->add('<tr class="'.$sRowClass.'"><td><input type="checkbox" class="dbt-cbx" name="dbt-cbx[]" value="'.$sCurrentClass.'::'.$sCurrentId.'" /></td><td>'.$sFilename.'</td><td>'.$sRecordToClean.'</td><td>'.$sTargetLocation.'</td></tr>');
+			}
+
+			$oP->add('</table>');
+			$oP->add('<div><button type="submit" name="step_name" value="restore" disabled>'.Dict::S('DBTools:LostAttachments:Button:Restore').'</button></div>');
+
+			// JS to handle checkboxes and button
+			$oP->add_ready_script(
+<<<EOF
+	// Check all / none checkboxes
+	$('.dbt-lostattachments .dbt-toggler-cbx').on('click', function(){
+		$('.dbt-lostattachments .dbt-cbx').prop('checked', $(this).prop('checked'));
+		
+		// Disable restore button if at lest one checkbox clicked
+		var bDisableButton = ($('.dbt-lostattachments .dbt-cbx:checked').length === 0)
+		$('.dbt-lostattachments button[name="step_name"][value="restore"]').prop('disabled', bDisableButton);
+	});
+
+	// Click on a checkbox
+	$('.dbt-lostattachments .dbt-cbx').on('click', function(){
+		// Disable restore button if at lest one checkbox clicked
+		var bDisableButton = ($('.dbt-lostattachments .dbt-cbx:checked').length === 0)
+		$('.dbt-lostattachments button[name="step_name"][value="restore"]').prop('disabled', bDisableButton);
+		
+		// Uncheck global checkbox
+		if( $('.dbt-lostattachments .dbt-cbx:not(:checked)').length > 0 )
+		{
+			$('.dbt-lostattachments .dbt-toggler-cbx').prop('checked', false);
+		}
+	});
+EOF
+			);
+		}
+
+		$oP->add('</div>');
+	}
+
+	// Step 3: Restore results
+	if($bDoRestore)
+	{
+		$oP->add('<div class="dbt-step">');
+		$oP->add('<p class="dbt-step-description"><span class="dbt-step-number">3.</span><span>'.Dict::S('DBTools:LostAttachments:Step:RestoreResults').'</span></p>');
+
+		$oP->add('<div class="header_message message_info">'.Dict::Format('DBTools:LostAttachments:Step:RestoreResults:Results', $iRestoredItemsCount, $iRecordsToCleanCount).'</div>');
+
+		if(!empty($aErrorsReport))
+		{
+			foreach($aErrorsReport as $sErrorReport)
+			{
+				$oP->add('<div class="header_message message_error">'.$sErrorReport.'</div>');
+			}
+		}
+
+		$oP->add('</div>');
+	}
+
+	$oP->add($oAppContext->GetForForm());
+	$oP->add('</form>');
+	$oP->add('</div>');
+
+	$oP->add('</div>');
+	$oP->add('</div>');
+
+	// Buttons disabling on click
+	$sConfirmText = Dict::S('DBTools:LostAttachments:Button:Restore:Confirm');
+	$sButtonBusyText = Dict::S('DBTools:LostAttachments:Button:Busy');
+	$oP->add_ready_script(
+<<<EOF
+	$('.dbt-lostattachments button[name="step_name"]').on('click', function(){
+	
+		if($(this).val() === 'restore')
+		{
+			if(!confirm('{$sConfirmText}'))
+			{
+				return false;
+			}		
+		}
+		//$(this).prop('disabled', true);
+		$(this).text('{$sButtonBusyText}');
+	});
+EOF
+	);
+
+	return $oP;
+}
+
+/////////////////////////////////////////////////////////////////////
+// Main program
+//
+try
+{
+	if (method_exists('ApplicationMenu', 'CheckMenuIdEnabled'))
+	{
+		LoginWebPage::DoLogin(); // Check user rights and prompt if needed
+		ApplicationMenu::CheckMenuIdEnabled('DBToolsMenu');
+	}
+	else
+	{
+		LoginWebPage::DoLogin(true); // Check user rights and prompt if needed
+	}
+
+	$oAppContext = new ApplicationContext();
+
+
+	$sPageTitle = Dict::S('DBTools:Title');
+	$sPageId = 'db-tools';
+
+	$oP = new iTopWebPage($sPageTitle);
+	$oP->add_saas('env-'.utils::GetCurrentEnvironment().'/combodo-db-tools/default.scss');
+
+	$oP->add(
+<<<EOF
+<div class="page_header">
+  	<h1>$sPageTitle</h1>
+</div>
+EOF
+	);
+	$oP->AddTabContainer('db-tools');
+	$oP->SetCurrentTabContainer('db-tools');
+
+	// Database Info
+	$oP = DisplayDatabaseInfo($oP, $oAppContext);
+
+	// DB Inconsistences
+	$oP = DisplayDBInconsistencies($oP, $oAppContext);
+
+	// Lost attachments
+	$oP = DisplayLostAttachments($oP, $oAppContext);
+}
+catch (Exception $e)
+{
+	$oP->p('<b>'.$e->getMessage().'</b>');
+}
+
+if (isset($oP))
+{
+	$oP->output();
+}
--- a/datamodels/2.x/combodo-db-tools/de.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/de.dict.combodo-db-tools.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+Dict::Add('DE DE', 'German', 'Deutsch', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools',
+	'DBTools:Class' => 'Klasse',
+	'DBTools:Title' => 'Datenbank-Pflege-Tools',
+	'DBTools:ErrorsFound' => 'Fehler gefunden',
+	'DBTools:Error' => 'Fehler',
+	'DBTools:Count' => 'Anzahl',
+	'DBTools:SQLquery' => 'SQL Query',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL Ergebnis',
+	'DBTools:NoError' => 'Die Datenbank ist OK',
+	'DBTools:HideIds' => 'Fehler',
+	'DBTools:ShowIds' => 'Fehler und Werte',
+	'DBTools:ShowReport' => 'Report',
+	'DBTools:IntegrityCheck' => 'Integritätscheck',
+	'DBTools:FetchCheck' => 'Fetch Check (dauert länger)',
+
+	'DBTools:Analyze' => 'Analysiere',
+	'DBTools:Details' => 'Details anzeigen',
+	'DBTools:ShowAll' => 'Alle Fehler anzeigen',
+
+	'DBTools:Inconsistencies' => 'Datenbank-Inkonsistenzen',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Verwaister Eintrag in `%1$s`, er sollte eine Entsprechung in Tabelle `%2$s` haben',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Ungültiger Externer Key %1$s (Spalte: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Fehlender Externer Key %1$s (Spalte: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Ungültiger Wert für %1$s (Spalte: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Manche Benutzerkonten haben keinerlei zugewiesenes Profi',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch-Count-Fehler in `%1$s`, %2$d Einträge geholt (fetched) / %3$d gezählt',
+));
+
+// Database Info
+Dict::Add('DE DE', 'German', 'Deutsch', array(
+	'DBTools:DatabaseInfo' => 'Datenbank-Information',
+	'DBTools:Base' => 'Datenbank',
+	'DBTools:Size' => 'Größe',
+));
+
+// Lost attachments
+Dict::Add('DE DE', 'German', 'Deutsch', array(
+	'DBTools:LostAttachments' => 'Verlorene Attachments',
+	'DBTools:LostAttachments:Disclaimer' => 'Hier können Sie Ihre Datenbank nach verlorenen oder falsch platzierten Attachments durchsuchen. Dies ist kein Recovery-Tool - es stellt keine gelöschten Daten wieder her.',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analysieren',
+	'DBTools:LostAttachments:Button:Restore' => 'Wiederherstellen',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'Diese Aktion kann nicht rückgängig gemacht werden, bitte bestätigen Sie dass Sie die ausgewählten Dateien wiederherstellen möchten.',
+	'DBTools:LostAttachments:Button:Busy' => 'Bitte warten...',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'Suche zunächst nach verlorenen / falsch platzierten Attachments, mittels einer Analyse der Datenbank',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyseergebnisse:',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Toll! Alles scheint am richtigen Ort zu sein.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Manche Attachments scheinen am falschen Ort zu sein. Werfen Sie einen Blick auf die folgende Liste und wählen Sie diejenigen aus, die Sie gerne verschieben möchten.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Dateiname',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Derzeitiger Ort',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Verschieben nach...',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore-Ergebnisse:',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d Attachments wurden wiederhergestellt.',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Als Inline-Bild gespeichert',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" mit DB-Tools wiederhergestellt'
+));
--- a/datamodels/2.x/combodo-db-tools/default.css
+++ b/datamodels/2.x/combodo-db-tools/default.css
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+.db-tools-tab-content .dbt-lostattachments .dbt-steps .dbt-step {
+  margin-top: 30px;
+  /* This is to avoid long exception message on restore errors */
+}
+.db-tools-tab-content .dbt-lostattachments .dbt-steps .dbt-step .dbt-step-description {
+  padding: 0;
+  margin: 0px 0px 5px 0px;
+}
+.db-tools-tab-content .dbt-lostattachments .dbt-steps .dbt-step .dbt-step-number {
+  margin-right: 0.3em;
+}
+.db-tools-tab-content .dbt-lostattachments .dbt-steps .dbt-step .listResults tr > *:first-child {
+  text-align: center;
+}
+.db-tools-tab-content .dbt-lostattachments .dbt-steps .dbt-step .message_error {
+  max-height: 150px;
+  overflow-y: auto;
+}
--- a/datamodels/2.x/combodo-db-tools/default.scss
+++ b/datamodels/2.x/combodo-db-tools/default.scss
@@ -0,0 +1,48 @@
+/*!
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+.db-tools-tab-content{
+  .dbt-lostattachments{
+    .dbt-steps{
+      .dbt-step{
+        margin-top: 30px;
+
+        .dbt-step-description{
+          padding: 0;
+          margin: 0px 0px 5px 0px;
+        }
+
+        .dbt-step-number{
+          margin-right: 0.3em;
+        }
+
+        .listResults{
+          tr>*:first-child{
+            text-align: center;
+          }
+        }
+
+        /* This is to avoid long exception message on restore errors */
+        .message_error{
+          max-height: 150px;
+          overflow-y: auto;
+        }
+      }
+    }
+  }
+}
--- a/datamodels/2.x/combodo-db-tools/en.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/en.dict.combodo-db-tools.php
@@ -0,0 +1,84 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+// Database inconsistencies
+Dict::Add('EN US', 'English', 'English', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools',
+	'DBTools:Class' => 'Class',
+	'DBTools:Title' => 'Database Maintenance Tools',
+	'DBTools:ErrorsFound' => 'Errors Found',
+	'DBTools:Error' => 'Error',
+	'DBTools:Count' => 'Count',
+	'DBTools:SQLquery' => 'SQL query',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)',
+	'DBTools:SQLresult' => 'SQL result',
+	'DBTools:NoError' => 'The database is OK',
+	'DBTools:HideIds' => 'Error List',
+	'DBTools:ShowIds' => 'Detailed view',
+	'DBTools:ShowReport' => 'Report',
+	'DBTools:IntegrityCheck' => 'Integrity check',
+	'DBTools:FetchCheck' => 'Fetch Check (long)',
+
+	'DBTools:Analyze' => 'Analyze',
+	'DBTools:Details' => 'Show Details',
+	'DBTools:ShowAll' => 'Show All Errors',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted',
+));
+
+// Database Info
+Dict::Add('EN US', 'English', 'English', array(
+	'DBTools:DatabaseInfo' => 'Database Information',
+	'DBTools:Base' => 'Base',
+	'DBTools:Size' => 'Size',
+));
+
+// Lost attachments
+Dict::Add('EN US', 'English', 'English', array(
+	'DBTools:LostAttachments' => 'Lost attachments',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools'
+));
--- a/datamodels/2.x/combodo-db-tools/es_cr.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/es_cr.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('ES CR', 'Spanish', 'Español, Castellaño', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('ES CR', 'Spanish', 'Español, Castellaño', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('ES CR', 'Spanish', 'Español, Castellaño', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/fr.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/fr.dict.combodo-db-tools.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+Dict::Add('FR FR', 'French', 'Français', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'Outils BDD',
+	'DBTools:Class' => 'Classe',
+	'DBTools:Title' => 'Outils maintenance base de données',
+	'DBTools:ErrorsFound' => 'Erreurs trouvées',
+	'DBTools:Error' => 'Erreur',
+	'DBTools:Count' => 'Nombre',
+	'DBTools:SQLquery' => 'Requête SQL',
+	'DBTools:FixitSQLquery' => 'Requête SQL pour nettoyer la base (indication)',
+	'DBTools:SQLresult' => 'Résultat SQL',
+	'DBTools:NoError' => 'La base de données est OK',
+	'DBTools:HideIds' => 'Erreurs',
+	'DBTools:ShowIds' => 'Détails des erreurs',
+	'DBTools:ShowReport' => 'Rapport',
+	'DBTools:IntegrityCheck' => 'Contrôle d\'intégrité',
+	'DBTools:FetchCheck' => 'Contrôle de récupération (long)',
+
+	'DBTools:Analyze' => 'Analyser',
+	'DBTools:Details' => 'Afficher détails',
+	'DBTools:ShowAll' => 'Afficher toutes les erreurs',
+
+	'DBTools:Inconsistencies' => 'Incohérences de base de données',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Enregistrement orphelin dans `%1$s`, il devrait avoir son équivalent dans la tableit  `%2$s`',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Clef externe invalide %1$s (colonne: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Clef externe manquante %1$s (colonne: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Valeur invalide pour %1$s (colonne: `%2$s.%3$s`)',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Certains comptes utilisateurs n\'ont aucun profile',
+	'DBAnalyzer-Fetch-Count-Error' => 'Erreur de récupération dans `%1$s`, %2$d enregistrements récupérés / %3$d comptés',
+));
+
+// Database Info
+Dict::Add('FR FR', 'French', 'Français', array(
+	'DBTools:DatabaseInfo' => 'Information Base de Données',
+	'DBTools:Base' => 'Base',
+	'DBTools:Size' => 'Taille',
+));
+
+// Lost attachments
+Dict::Add('FR FR', 'French', 'Français', array(
+	'DBTools:LostAttachments' => 'Pièces jointes perdues',
+	'DBTools:LostAttachments:Disclaimer' => 'Ici vous pouvez retrouver des pièces jointes perdues ou égarées dans votre base de données. Ceci n\'est PAS un outil de récupération des données, il ne récupère pas les données effacées.',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyser',
+	'DBTools:LostAttachments:Button:Restore' => 'Restaurer',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'Cet action ne peut être annuler, veuillez confirmer que vous voulez restaurer les fichiers sélectionnés.',
+	'DBTools:LostAttachments:Button:Busy' => 'Patientez ...',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'Tout d\'abord, scannez la base de données à la recherche de pièces jointes perdues/égarées.',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Résultat de l\'analyse :',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Parfait ! Il semble que tout soit en ordre.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Certaines pièces jointes (%1$d) semblent être au mauvais endroit. Examinez la liste suivante et cochez celles que vous souhaitez déplacer.',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Nom de fichier',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Emplacement actuel',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Déplacer vers ...',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Résultats de la restauration :',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d pièces jointes ont été restaurées.',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stockée comme "InlineImage"',
+	'DBTools:LostAttachments:History' => 'Pièce jointe "%1$s" restaurée avec l\'outil de BDD'
+));
--- a/datamodels/2.x/combodo-db-tools/hu.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/hu.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/it.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/it.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/ja.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/ja.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('JA JP', 'Japanese', '日本語', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('JA JP', 'Japanese', '日本語', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('JA JP', 'Japanese', '日本語', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+
+//
+// iTop module definition file
+//
+
+SetupWebPage::AddModule(
+	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
+	'combodo-db-tools/2.6.4',
+	array(
+		// Identification
+		//
+		'label' => 'Database maintenance tools',
+		'category' => 'business',
+
+		// Setup
+		//
+		'dependencies' => array(),
+		'mandatory' => true,
+		'visible' => false,
+
+		// Components
+		//
+		'datamodel' => array(
+			'model.combodo-db-tools.php',
+		),
+		'webservice' => array(),
+		'data.struct' => array(),
+		'data.sample' => array(),
+
+		// Documentation
+		//
+		'doc.manual_setup' => '', // hyperlink to manual setup documentation, if any
+		'doc.more_information' => '', // hyperlink to more information, if any
+
+		// Default settings
+		//
+		'settings' => array(),
+	)
+);
--- a/datamodels/2.x/combodo-db-tools/nl.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/nl.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/pt_br.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/pt_br.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/ru.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/ru.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('RU RU', 'Russian', 'Русский', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('RU RU', 'Russian', 'Русский', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('RU RU', 'Russian', 'Русский', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/tr.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/tr.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/combodo-db-tools/zh_cn.dict.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/zh_cn.dict.combodo-db-tools.php
@@ -0,0 +1,83 @@
+<?php
+/**
+ * Copyright (C) 2013-2020 Combodo SARL
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ */
+// Database inconsistencies
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
+	// Dictionary entries go here
+	'Menu:DBToolsMenu' => 'DB Tools~~',
+	'DBTools:Class' => 'Class~~',
+	'DBTools:Title' => 'Database Maintenance Tools~~',
+	'DBTools:ErrorsFound' => 'Errors Found~~',
+	'DBTools:Error' => 'Error~~',
+	'DBTools:Count' => 'Count~~',
+	'DBTools:SQLquery' => 'SQL query~~',
+	'DBTools:FixitSQLquery' => 'SQL query To Fix it (indication)~~',
+	'DBTools:SQLresult' => 'SQL result~~',
+	'DBTools:NoError' => 'The database is OK~~',
+	'DBTools:HideIds' => 'Error List~~',
+	'DBTools:ShowIds' => 'Detailed view~~',
+	'DBTools:ShowReport' => 'Report~~',
+	'DBTools:IntegrityCheck' => 'Integrity check~~',
+	'DBTools:FetchCheck' => 'Fetch Check (long)~~',
+
+	'DBTools:Analyze' => 'Analyze~~',
+	'DBTools:Details' => 'Show Details~~',
+	'DBTools:ShowAll' => 'Show All Errors~~',
+
+	'DBTools:Inconsistencies' => 'Database inconsistencies~~',
+
+	'DBAnalyzer-Integrity-OrphanRecord' => 'Orphan record in `%1$s`, it should have its counterpart in table `%2$s`~~',
+	'DBAnalyzer-Integrity-InvalidExtKey' => 'Invalid external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-MissingExtKey' => 'Missing external key %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-InvalidValue' => 'Invalid value for %1$s (column: `%2$s.%3$s`)~~',
+	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Some user accounts have no profile at all~~',
+	'DBAnalyzer-Fetch-Count-Error' => 'Fetch count error in `%1$s`, %2$d entries fetched / %3$d counted~~',
+));
+
+// Database Info
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
+	'DBTools:DatabaseInfo' => 'Database Information~~',
+	'DBTools:Base' => 'Base~~',
+	'DBTools:Size' => 'Size~~',
+));
+
+// Lost attachments
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
+	'DBTools:LostAttachments' => 'Lost attachments~~',
+	'DBTools:LostAttachments:Disclaimer' => 'Here you can search your database for lost or misplaced attachments. This is NOT a data recovery tool, is does not retrieve deleted data.~~',
+
+	'DBTools:LostAttachments:Button:Analyze' => 'Analyze~~',
+	'DBTools:LostAttachments:Button:Restore' => 'Restore~~',
+	'DBTools:LostAttachments:Button:Restore:Confirm' => 'This action cannot be undone, please confirm that you want to restore the selected files.~~',
+	'DBTools:LostAttachments:Button:Busy' => 'Please wait...~~',
+
+	'DBTools:LostAttachments:Step:Analyze' => 'First, search for lost/misplaced attachments by analyzing the database.~~',
+
+	'DBTools:LostAttachments:Step:AnalyzeResults' => 'Analyze results:~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:None' => 'Great! Every thing seems to be at the right place.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Some' => 'Some attachments (%1$d) seem to be misplaced. Take a look at the following list and check the ones you would like to move.~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:Filename' => 'Filename~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:CurrentLocation' => 'Current location~~',
+	'DBTools:LostAttachments:Step:AnalyzeResults:Item:TargetLocation' => 'Move to...~~',
+
+	'DBTools:LostAttachments:Step:RestoreResults' => 'Restore results:~~',
+	'DBTools:LostAttachments:Step:RestoreResults:Results' => '%1$d/%2$d attachments were restored.~~',
+
+	'DBTools:LostAttachments:StoredAsInlineImage' => 'Stored as inline image~~',
+	'DBTools:LostAttachments:History' => 'Attachment "%1$s" restored with DB tools~~'
+));
--- a/datamodels/2.x/exclude.txt
+++ b/datamodels/2.x/exclude.txt
@@ -0,0 +1,5 @@
+#
+# The following source files are not re-distributed with the "build" of the application
+# since they are used solely for constructing other files during the build process
+#
+combodo-db-tools
--- a/datamodels/2.x/itop-attachments/module.attachments.php
+++ b/datamodels/2.x/itop-attachments/module.attachments.php
@@ -19,7 +19,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-attachments/2.6.2',
+	'itop-attachments/2.6.3',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-backup/ajax.backup.php
+++ b/datamodels/2.x/itop-backup/ajax.backup.php
@@ -1,26 +1,20 @@
 <?php
-// Copyright (C) 2013-2017 Combodo SARL
-//
-//   This file is part of iTop.
-//
-//   iTop is free software; you can redistribute it and/or modify	
-//   it under the terms of the GNU Affero General Public License as published by
-//   the Free Software Foundation, either version 3 of the License, or
-//   (at your option) any later version.
-//
-//   iTop is distributed in the hope that it will be useful,
-//   but WITHOUT ANY WARRANTY; without even the implied warranty of
-//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//   GNU Affero General Public License for more details.
-//
-//   You should have received a copy of the GNU Affero General Public License
-//   along with iTop. If not, see <http://www.gnu.org/licenses/>
-
 /**
- * Backup from an interactive session
+ * Copyright (C) 2010-2020 Combodo SARL
 *
- * @copyright   Copyright (C) 2013-2017 Combodo SARL
- * @license     http://opensource.org/licenses/AGPL-3.0
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
 */

 if (!defined('__DIR__')) define('__DIR__', dirname(__FILE__));
@@ -31,77 +25,140 @@ require_once(APPROOT.'/application/ajaxwebpage.class.inc.php');

 require_once(APPROOT.'core/mutex.class.inc.php');

+
+/**
+ * @param WebPage $oPage
+ * @param string $sHtmlErrorMessage the whole HTML error, cinluding div/p/...
+ * @param int|string $exitCode
+ *
+ * @uses \die() https://www.php.net/manual/fr/function.die.php
+ *
+ * @since 2.6.5 2.7.1 N°2989
+ */
+function DisplayErrorAndDie($oPage, $sHtmlErrorMessage, $exitCode = null)
+{
+	$oPage->add($sHtmlErrorMessage);
+	$oPage->output();
+
+	die($exitCode);
+}
+
+
+
+
+
+
+$sOperation = utils::ReadParam('operation', '');
+
+$oPage = new ajax_page('');
+$oPage->no_cache();
+$oPage->SetContentType('text/html');
+
+
+
+/**
+ * Check security
+ */
+switch ($sOperation)
+{
+	/**
+	 * Can't use normal check methods (DoLogin for ex) as the datamodel can't be loaded here
+	 * So we're only using a token generated in the restore_token operation
+	 */
+	case 'restore_exec':
+		IssueLog::Enable(APPROOT.'log/error.log');
+		if (utils::GetConfig()->Get('demo_mode'))
+		{
+			DisplayErrorAndDie($oPage, '<div data-error-stimulus="Error">Sorry, '.ITOP_APPLICATION_SHORT.' is in <b>demonstration mode</b>: the feature is disabled.</div>');
+		}
+
+		$sToken = utils::ReadParam('token', '', false, 'raw_data');
+		$sBasePath = APPROOT.'/data/';
+		$sTokenFile = $sBasePath.'restore.'.$sToken.'.tok';
+		$tokenRealPath = utils::RealPath($sTokenFile, $sBasePath);
+		if (($tokenRealPath === false) || (!is_file($tokenRealPath)))
+		{
+			IssueLog::Error("ajax.backup.php operation=$sOperation ERROR = inexisting token $sToken");
+			$sEscapedToken = utils::HtmlEntities($sToken);
+			DisplayErrorAndDie($oPage, "<p>Error: missing token file: '$sEscapedToken'</p>");
+		}
+
+		break;
+
+	default:
+		require_once(APPROOT.'/application/startup.inc.php');
+		require_once(APPROOT.'/application/loginwebpage.class.inc.php');
+
+		LoginWebPage::DoLogin();
+
+		$sTransactionId = utils::ReadParam('transaction_id', '', true, 'transaction_id');
+		// the consumer page is not reloaded after download, we need to keep the transaction_id
+		$bRemoveTransactionId = ($sOperation !== 'download');
+		if (!utils::IsTransactionValid($sTransactionId, $bRemoveTransactionId))
+		{
+			$sEscapedOperation = utils::HtmlEntities($sOperation);
+			DisplayErrorAndDie($oPage, "<div data-error-stimulus=\"Error\">Error: invalid Transaction ID. The operation '$sEscapedOperation' was NOT performed!</div>");
+		}
+
+		ApplicationMenu::CheckMenuIdEnabled('BackupStatus');
+
+		if (utils::GetConfig()->Get('demo_mode'))
+		{
+			DisplayErrorAndDie($oPage, '<div data-error-stimulus="Error">Sorry, '.ITOP_APPLICATION_SHORT.' is in <b>demonstration mode</b>: the feature is disabled.</div>');
+		}
+		break;
+}
+
+
+/**
+ * Backup from an interactive session
+ */
 try
 {
-	$sOperation = utils::ReadParam('operation', '');
-
 	switch ($sOperation)
 	{
 		case 'backup':
-			require_once(APPROOT.'/application/startup.inc.php');
-			require_once(APPROOT.'/application/loginwebpage.class.inc.php');
-			LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-			ApplicationMenu::CheckMenuIdEnabled('BackupStatus');
-			$oPage = new ajax_page("");
-			$oPage->no_cache();
-			$oPage->SetContentType('text/html');
+			try
+			{
+				set_time_limit(0);
+				$oBB = new BackupExec(APPROOT.'data/backups/manual/', 0 /*iRetentionCount*/);
+				$sRes = $oBB->Process(time() + 36000); // 10 hours to complete should be sufficient!
+			}
+			catch (Exception $e)
+			{
+				$oPage->p('Error: '.$e->getMessage());
+				IssueLog::Error($sOperation.' - '.$e->getMessage());
+			}

-			if (utils::GetConfig()->Get('demo_mode'))
-			{
-				$oPage->add("<div data-error-stimulus=\"Error\">Sorry, iTop is in <b>demonstration mode</b>: the feature is disabled.</div>");
-			}
-			else
-			{
-				try
-				{
-					set_time_limit(0);
-					$oBB = new BackupExec(APPROOT.'data/backups/manual/', 0 /*iRetentionCount*/);
-					$sRes = $oBB->Process(time() + 36000); // 10 hours to complete should be sufficient!
-				}
-				catch (Exception $e)
-				{
-					$oPage->p('Error: '.$e->getMessage());
-					IssueLog::Error($sOperation.' - '.$e->getMessage());
-				}
-			}
 			$oPage->output();
 			break;

 		/*
-		 * Fix a token :
+		 * Fix a specific token :
 		 *  We can't load the MetaModel because in DBRestore, after restore is done we're launching a compile !
-		 *  So as \LoginWebPage::DoLogin needs a loaded DataModel, we can't use it
+		 *  So as LoginWebPage::DoLogin needs a loaded DataModel, we can't use it
+		 *  Also, we can't use \utils::IsTransactionValid as it uses \MetaModel::GetConfig
 		 *  As a result we're setting a token file to make sure the restore is called by an authenticated user with the correct rights !
 		 */
 		case 'restore_get_token':
-			require_once(APPROOT.'/application/startup.inc.php');
-			require_once(APPROOT.'/application/loginwebpage.class.inc.php');
-			LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-			ApplicationMenu::CheckMenuIdEnabled('BackupStatus');
-
-			$oPage = new ajax_page("");
-			$oPage->no_cache();
-			$oPage->SetContentType('text/html');
-
 			$sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data');
 			$oRestoreMutex = new iTopMutex('restore.'.$sEnvironment);
-			if (!$oRestoreMutex->IsLocked())
+			if ($oRestoreMutex->IsLocked())
 			{
-				$sFile = utils::ReadParam('file', '', false, 'raw_data');
-				$sToken = str_replace(' ', '', (string)microtime());
-				$sTokenFile = APPROOT.'/data/restore.'.$sToken.'.tok';
-				file_put_contents($sTokenFile, $sFile);
+				DisplayErrorAndDie($oPage, '<p>'.Dict::S('bkp-restore-running').'</p>');
+			}
+
+			$sFile = utils::ReadParam('file', '', false, 'raw_data');
+			$sToken = str_replace(' ', '', (string)microtime()).$sTransactionId;
+			$sTokenFile = APPROOT.'/data/restore.'.$sToken.'.tok';
+			file_put_contents($sTokenFile, $sFile);
+
+			$oPage->add_ready_script(
+				<<<JS
+$("#restore_token").val('$sToken');
+JS
+			);

-				$oPage->add_ready_script(
-					<<<EOF
-	$("#restore_token").val('$sToken');
-EOF
-				);
-			}
-			else
-			{
-				$oPage->p(Dict::S('bkp-restore-running'));
-			}
 			$oPage->output();
 			break;

@@ -115,84 +172,56 @@ EOF
 			require_once(APPROOT.'/setup/backup.class.inc.php');
 			require_once(dirname(__FILE__).'/dbrestore.class.inc.php');

-			IssueLog::Enable(APPROOT.'log/error.log');
-
-			$oPage = new ajax_page("");
-			$oPage->no_cache();
-			$oPage->SetContentType('text/html');
-
-			if (utils::GetConfig()->Get('demo_mode'))
+			$sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data');
+			$oRestoreMutex = new iTopMutex('restore.'.$sEnvironment);
+			IssueLog::Info("Backup Restore - Acquiring the LOCK 'restore.$sEnvironment'");
+			$oRestoreMutex->Lock();
+			IssueLog::Info('Backup Restore - LOCK acquired, executing...');
+			try
 			{
-				$oPage->add("<div data-error-stimulus=\"Error\">Sorry, iTop is in <b>demonstration mode</b>: the feature is disabled.</div>");
+				set_time_limit(0);
+
+				// Get the file and destroy the token (single usage)
+				$sFile = file_get_contents($tokenRealPath);
+
+				// Loading config file : we don't have the MetaModel but we have the current env !
+				$sConfigFilePath = utils::GetConfigFilePath($sEnvironment);
+				$oItopConfig = new Config($sConfigFilePath, true);
+				$sMySQLBinDir = $oItopConfig->GetModuleSetting('itop-backup', 'mysql_bindir', '');
+
+				$oDBRS = new DBRestore($oItopConfig);
+				$oDBRS->SetMySQLBinDir($sMySQLBinDir);
+
+				$sBackupDir = APPROOT.'data/backups/';
+				$sBackupFile = $sBackupDir.$sFile;
+				$sRes = $oDBRS->RestoreFromCompressedBackup($sBackupFile, $sEnvironment);
+
+				IssueLog::Info('Backup Restore - Done, releasing the LOCK');
 			}
-			else
+			catch (Exception $e)
 			{
-				$sEnvironment = utils::ReadParam('environment', 'production', false, 'raw_data');
-				$oRestoreMutex = new iTopMutex('restore.'.$sEnvironment);
-				IssueLog::Info("Backup Restore - Acquiring the LOCK 'restore.$sEnvironment'");
-				$oRestoreMutex->Lock();
-				IssueLog::Info('Backup Restore - LOCK acquired, executing...');
-				try
-				{
-					set_time_limit(0);
-
-					// Get the file and destroy the token (single usage)
-					$sToken = utils::ReadParam('token', '', false, 'raw_data');
-					$sTokenFile = APPROOT.'/data/restore.'.$sToken.'.tok';
-					if (!is_file($sTokenFile))
-					{
-						throw new Exception("Error: missing token file: '$sTokenFile'");
-					}
-					$sFile = file_get_contents($sTokenFile);
-					unlink($sTokenFile);
-
-					// Loading config file : we don't have the MetaModel but we have the current env !
-					$sConfigFilePath = utils::GetConfigFilePath($sEnvironment);
-					$oItopConfig = new Config($sConfigFilePath, true);
-					$sMySQLBinDir = $oItopConfig->GetModuleSetting('itop-backup', 'mysql_bindir', '');
-
-					$oDBRS = new DBRestore($oItopConfig);
-					$oDBRS->SetMySQLBinDir($sMySQLBinDir);
-
-					$sBackupDir = APPROOT.'data/backups/';
-					$sBackupFile = $sBackupDir.$sFile;
-					$sRes = $oDBRS->RestoreFromCompressedBackup($sBackupFile, $sEnvironment);
-
-					IssueLog::Info('Backup Restore - Done, releasing the LOCK');
-					$oRestoreMutex->Unlock();
-				}
-				catch (Exception $e)
-				{
-					$oRestoreMutex->Unlock();
-					$oPage->p('Error: '.$e->getMessage());
-					IssueLog::Error($sOperation.' - '.$e->getMessage());
-				}
+				$oPage->p('Error: '.$e->getMessage());
+				IssueLog::Error($sOperation.' - '.$e->getMessage());
 			}
+			finally
+			{
+				unlink($tokenRealPath);
+				$oRestoreMutex->Unlock();
+			}
+
 			$oPage->output();
 			break;

 		case 'download':
-			require_once(APPROOT.'/application/startup.inc.php');
-			require_once(APPROOT.'/application/loginwebpage.class.inc.php');
-			LoginWebPage::DoLogin(); // Check user rights and prompt if needed
-			ApplicationMenu::CheckMenuIdEnabled('BackupStatus');
-
-			if (utils::GetConfig()->Get('demo_mode'))
-			{
-				throw new Exception('iTop is in demonstration mode: the feature is disabled');
-			}
 			$sFile = utils::ReadParam('file', '', false, 'raw_data');
 			$oBackup = new DBBackupScheduled();
 			$sBackupDir = APPROOT.'data/backups/';
 			$sPathNoDotDotPattern = "/^((?![\/\\\\]\.\.[\/\\\\]).)*$/";
-			if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) == 1)
-			{
-				$oBackup->DownloadBackup($sBackupDir.$sFile);
-			}
-			else
+			if(preg_match($sPathNoDotDotPattern, $sBackupDir.$sFile) != 1)
 			{
 				throw new InvalidParameterException('Invalid file path');
 			}
+			$oBackup->DownloadBackup($sBackupDir.$sFile);
 			break;
 	}
 }
--- a/datamodels/2.x/itop-backup/main.itop-backup.php
+++ b/datamodels/2.x/itop-backup/main.itop-backup.php
@@ -161,7 +161,14 @@ class BackupExec implements iScheduledProcess
 			}
 			$sBackupFile = $this->sBackupDir.$sName;
 			$sSourceConfigFile = APPCONF.utils::GetCurrentEnvironment().'/'.ITOP_CONFIG_FILE;
-			$oBackup->CreateCompressedBackup($sBackupFile, $sSourceConfigFile);
+			try
+			{
+				$oBackup->CreateCompressedBackup($sBackupFile, $sSourceConfigFile);
+			}
+			catch (BackupException $e)
+			{
+				throw new ProcessFatalException($e->getMessage());
+			}
 		}
 		catch (Exception $e)
 		{
--- a/datamodels/2.x/itop-backup/module.itop-backup.php
+++ b/datamodels/2.x/itop-backup/module.itop-backup.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-backup/2.6.2',
+	'itop-backup/2.6.4',
 	array(
 		// Identification
 		//
@@ -52,7 +52,6 @@ SetupWebPage::AddModule(
 			//'file_name_format' => '__DB__-%Y-%m-%d_%H_%M',
 			'retention_count' => 5, 
 			'enabled' => true,
-			'itop_root' => '',
 			'itop_backup_incident' => '',
 		),
 	)
--- a/datamodels/2.x/itop-backup/status.php
+++ b/datamodels/2.x/itop-backup/status.php
@@ -1,27 +1,20 @@
 <?php
-// Copyright (C) 2016-2018 Combodo SARL
-//
-//   This file is part of iTop.
-//
-//   iTop is free software; you can redistribute it and/or modify	
-//   it under the terms of the GNU Affero General Public License as published by
-//   the Free Software Foundation, either version 3 of the License, or
-//   (at your option) any later version.
-//
-//   iTop is distributed in the hope that it will be useful,
-//   but WITHOUT ANY WARRANTY; without even the implied warranty of
-//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//   GNU Affero General Public License for more details.
-//
-//   You should have received a copy of the GNU Affero General Public License
-//   along with iTop. If not, see <http://www.gnu.org/licenses/>
-
-
 /**
- * Monitor the backup
+ * Copyright (C) 2010-2020 Combodo SARL
 *
- * @copyright   Copyright (C) 2016-2018 Combodo SARL
- * @license     http://opensource.org/licenses/AGPL-3.0
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
 */

 if (!defined('__DIR__')) define('__DIR__', dirname(__FILE__));
@@ -40,13 +33,9 @@ require_once(APPROOT.'application/loginwebpage.class.inc.php');
 LoginWebPage::DoLogin(); // Check user rights and prompt if needed
 ApplicationMenu::CheckMenuIdEnabled('BackupStatus');

-//$sOperation = utils::ReadParam('operation', 'menu');
-//$oAppContext = new ApplicationContext();
-
-
-
 try
 {
+	$sTransactionId = utils::GetNewTransactionId();
 	$oP = new iTopWebPage(Dict::S('bkp-status-title'));
 	$oP->set_base(utils::GetAbsoluteUrlAppRoot().'pages/');

@@ -193,7 +182,13 @@ try
 		}
 		else
 		{
-			$sAjax = utils::GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php', array('operation' => 'download', 'file' => $sFilePath));
+			$sAjax = utils::GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php',
+				array(
+					'operation' => 'download',
+					'file' => $sFilePath,
+					'transaction_id' => $sTransactionId,
+				)
+			);
 			$sName = "<a href=\"$sAjax\">".$sFileName.'</a>';
 		}
 		$sSize = SetupUtils::HumanReadableSize(filesize($sBackupFile));
@@ -241,7 +236,13 @@ try
 		}
 		else
 		{
-			$sAjax = utils::GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php', array('operation' => 'download', 'file' => $sFilePath));
+			$sAjax = utils::GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php',
+				array(
+					'operation' => 'download',
+					'file' => $sFilePath,
+					'transaction_id' => $sTransactionId,
+				)
+			);
 			$sName = "<a href=\"$sAjax\">".$sFileName.'</a>';
 		}
 		$sSize = SetupUtils::HumanReadableSize(filesize($sBackupFile));
@@ -305,9 +306,9 @@ try
 	$sDBSubName = addslashes(MetaModel::GetConfig()->Get('db_subname'));

 	$sEnvironment = addslashes(utils::GetCurrentEnvironment());
-	
+
 	$oP->add_script(
-<<<EOF
+<<<JS
 function LaunchBackupNow()
 {
 	$('#backup_success').hide();
@@ -319,6 +320,7 @@ function LaunchBackupNow()

 		var oParams = {};
 		oParams.operation = 'backup';
+		oParams.transaction_id = "$sTransactionId";
 		$.post(GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php'), oParams, function(data){
 			if (data.search(/error|exceptio|notice|warning/i) != -1)
 			{
@@ -344,7 +346,8 @@ function LaunchRestoreNow(sBackupFile, sConfirmationMessage)

 		var oParams = {};
 		oParams.operation = 'restore_get_token';
-		oParams.file = sBackupFile;
+		oParams.file = sBackupFile;		
+		oParams.transaction_id = "$sTransactionId";
 		$.post(GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php'), oParams, function(data){

 			// Get the value of restore_token
@@ -354,6 +357,7 @@ function LaunchRestoreNow(sBackupFile, sConfirmationMessage)
 			oParams.operation = 'restore_exec';
 			oParams.token = $("#restore_token").val(); // token to check auth + rights without loading MetaModel
 			oParams.environment = '$sEnvironment'; // needed to load the config
+			oParams.transaction_id = "$sTransactionId";
 			if (oParams.token.length > 0)
 			{
 				$.post(GetAbsoluteUrlModulePage('itop-backup', 'ajax.backup.php'), oParams, function(data){
@@ -380,7 +384,7 @@ function LaunchRestoreNow(sBackupFile, sConfirmationMessage)
 		});
 	}
 }
-EOF
+JS
 	);

 	if (MetaModel::GetConfig()->Get('demo_mode'))
--- a/datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php
+++ b/datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-virtualization-storage/2.6.2',
+	'itop-bridge-virtualization-storage/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php
+++ b/datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt-itil/2.6.2',
+	'itop-change-mgmt-itil/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php
+++ b/datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt/2.6.2',
+	'itop-change-mgmt/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php
+++ b/datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config-mgmt/2.6.2',
+	'itop-config-mgmt/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-config/module.itop-config.php
+++ b/datamodels/2.x/itop-config/module.itop-config.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config/2.6.2',
+	'itop-config/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php
+++ b/datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php
@@ -18,7 +18,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-datacenter-mgmt/2.6.2',
+	'itop-datacenter-mgmt/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php
+++ b/datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php
@@ -25,7 +25,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-endusers-devices/2.6.2',
+	'itop-endusers-devices/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-full-itil/module.itop-full-itil.php
+++ b/datamodels/2.x/itop-full-itil/module.itop-full-itil.php
@@ -6,7 +6,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-full-itil/2.6.2',
+	'itop-full-itil/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php
+++ b/datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php
@@ -5,9 +5,12 @@ class HubConnectorPage extends NiceWebPage
    public function __construct($sTitle)
    {
        parent::__construct($sTitle);
-        
-        $this->add_header("Cache-control: no-cache");
-        
+
+	    $this->add_header('Cache-control: no-cache, no-store, must-revalidate');
+	    $this->add_header('Pragma: no-cache');
+	    $this->add_header('Expires: 0');
+	    $this->add_header('X-Frame-Options: deny');
+
        $sImagesDir = utils::GetAbsoluteUrlAppRoot().'images';
        $sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images';
        
--- a/datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php
+++ b/datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php
@@ -5,7 +5,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-hub-connector/2.6.2',
+	'itop-hub-connector/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php
+++ b/datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-incident-mgmt-itil/2.6.2',
+	'itop-incident-mgmt-itil/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php
+++ b/datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php
@@ -3,7 +3,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-knownerror-mgmt/2.6.2',
+	'itop-knownerror-mgmt/2.6.4',
 	array(
 		// Identification
 		//
--- a/datamodels/2.x/itop-portal-base/module.itop-portal-base.php
+++ b/datamodels/2.x/itop-portal-base/module.itop-portal-base.php
@@ -2,7 +2,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-portal-base/2.6.2',
+	'itop-portal-base/2.6.4',
 	array(
 		// Identification
 		'label' => 'Portal Development Library',
--- a/datamodels/2.x/itop-portal-base/portal/.env.local
+++ b/datamodels/2.x/itop-portal-base/portal/.env.local
@@ -0,0 +1,21 @@
+# In all environments, the following files are loaded if they exist,
+# the later taking precedence over the former:
+#
+#  * .env                contains default values for the environment variables needed by the app
+#  * .env.local          uncommitted file with local overrides
+#  * .env.$APP_ENV       committed environment-specific defaults
+#  * .env.$APP_ENV.local uncommitted environment-specific overrides
+#
+# Real environment variables win over .env files.
+#
+# DO NOT DEFINE PRODUCTION SECRETS IN THIS FILE NOR IN ANY OTHER COMMITTED FILES.
+#
+# Run "composer dump-env prod" to compile .env files for production use (requires symfony/flex >=1.2).
+# https://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
+
+###> symfony/framework-bundle ###
+APP_ENV=dev
+#APP_SECRET=40ef8b29be00df19cec62edf08f73808
+#TRUSTED_PROXIES=127.0.0.1,127.0.0.2
+#TRUSTED_HOSTS='^localhost|example\.com$'
+###< symfony/framework-bundle ###
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/aggregatepagebrickcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/aggregatepagebrickcontroller.class.inc.php
@@ -21,6 +21,7 @@
 namespace Combodo\iTop\Portal\Controller;

 use Combodo\iTop\Portal\Helper\ApplicationHelper;
+use IssueLog;
 use Silex\Application;
 use Symfony\Component\HttpFoundation\Request;

@@ -81,7 +82,8 @@ class AggregatePageBrickController
 			$oPortalBrick = $this->GetBrickFromId($aPortalInstanceBricks, $sBrickId);
 			if (!isset($oPortalBrick))
 			{
-				throw new \Exception("AggregatePageBrick : non existing brick '$sBrickId'");
+				IssueLog::Warning('AggregatePageBrick: Could not display "'.$sBrickId.'", either wrong id or user profile not allowed');
+				continue;
 			}
 			$aAggregatePageBricks[] = $oPortalBrick;
 		}
@@ -144,4 +146,4 @@ class AggregatePageBrickController

 		return $aTilesRendering;
 	}
-}
+}
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php
@@ -1295,6 +1295,11 @@ class ObjectController extends AbstractController
        $aHeaders['Content-Type'] = $oDocument->GetMimeType();
        $aHeaders['Content-Disposition'] = (($sOperation === 'display') ? 'inline' : 'attachment') . ';filename="'.$oDocument->GetFileName().'"';

+	    // N°4129 - Prevent XSS attacks & other script executions
+	    if (utils::GetConfig()->Get('security.disable_inline_documents_sandbox') === false) {
+		    $aHeaders['Content-Security-Policy'] = 'sandbox';
+	    }
+
        return new Response($oDocument->GetData(), Response::HTTP_OK, $aHeaders);
    }

--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/userprofilebrickcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/userprofilebrickcontroller.class.inc.php
@@ -19,19 +19,19 @@

 namespace Combodo\iTop\Portal\Controller;

+use Combodo\iTop\Portal\Brick\UserProfileBrick;
+use Combodo\iTop\Portal\Form\PasswordFormManager;
+use Combodo\iTop\Portal\Form\PreferencesFormManager;
+use Combodo\iTop\Portal\Helper\ApplicationHelper;
+use Combodo\iTop\Renderer\Bootstrap\BsFormRenderer;
 use Exception;
 use FileUploadException;
 use IssueLog;
-use utils;
 use MetaModel;
-use UserRights;
 use Silex\Application;
 use Symfony\Component\HttpFoundation\Request;
-use Combodo\iTop\Portal\Helper\ApplicationHelper;
-use Combodo\iTop\Portal\Brick\UserProfileBrick;
-use Combodo\iTop\Portal\Form\PreferencesFormManager;
-use Combodo\iTop\Portal\Form\PasswordFormManager;
-use Combodo\iTop\Renderer\Bootstrap\BsFormRenderer;
+use UserRights;
+use utils;

 /**
 * Class UserProfileBrickController
@@ -159,7 +159,7 @@ class UserProfileBrickController extends BrickController
 		{
 			// - Creating renderer
 			$oFormRenderer = new BsFormRenderer();
-			$oFormRenderer->SetEndpoint($_SERVER['REQUEST_URI']);
+			$oFormRenderer->SetEndpoint($oApp['url_generator']->generate('p_user_profile_brick'));
 			// - Creating manager
 			$oFormManager = new PreferencesFormManager();
 			$oFormManager->SetRenderer($oFormRenderer)
@@ -232,7 +232,7 @@ class UserProfileBrickController extends BrickController
 		{
 			// - Creating renderer
 			$oFormRenderer = new BsFormRenderer();
-			$oFormRenderer->SetEndpoint($_SERVER['REQUEST_URI']);
+			$oFormRenderer->SetEndpoint($oApp['url_generator']->generate('p_user_profile_brick'));
 			// - Creating manager
 			$oFormManager = new PasswordFormManager();
 			$oFormManager->SetRenderer($oFormRenderer)
@@ -331,7 +331,7 @@ class UserProfileBrickController extends BrickController
 				$aFormData['error'] = $e->GetMessage();
 			}

-			// TODO: This should be changed when refactoring the ormDocument GetDisplayUrl() and GetDownloadUrl() in iTop 2.8
+			// TODO: This should be changed when refactoring the ormDocument GetDisplayUrl() and GetDownloadUrl() in iTop 3.0
 			$aFormData['picture_url'] = $oApp['url_generator']->generate('p_object_document_display', array('sObjectClass' => get_class($oCurContact), 'sObjectId' => $oCurContact->GetKey(), 'sObjectField' => $sPictureAttCode, 'cache' => 86400, 't' => time()));
 			$aFormData['validation'] = array(
 				'valid' => true,
--- a/datamodels/2.x/itop-portal-base/portal/src/helpers/applicationhelper.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/helpers/applicationhelper.class.inc.php
@@ -650,7 +650,7 @@ class ApplicationHelper
 				{
 					// Note: At this stage of runtime, the UrlGenerator context is not properly initialized (lacks the baseurl among other things).
 					// The Context is set later by the RouterListener during an event, so we manually put the base url with utils::GetAbsoluteUrlExecPage()
-					// TODO: This should be changed when refactoring the ormDocument GetDisplayUrl() and GetDownloadUrl() in iTop 2.8
+					// TODO: This should be changed when refactoring the ormDocument GetDisplayUrl() and GetDownloadUrl() in iTop 3.0
 					$sContactPhotoUrl = utils::GetAbsoluteUrlExecPage().$oApp['url_generator']->generate('p_object_document_display', array('sObjectClass' => get_class($oContact), 'sObjectId' => $oContact->GetKey(), 'sObjectField' => 'picture', 'cache' => 86400));
 				}
 				else
--- a/datamodels/2.x/itop-portal-base/portal/src/views/bricks/manage/popup-export-excel.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/src/views/bricks/manage/popup-export-excel.html.twig
@@ -27,7 +27,7 @@

 <script type="text/javascript">
    var sDataState = 'not-yet-started';
-    var sOQL = "{{ sOQL|raw }}";
+    var sOQL = {{ sOQL|json_encode|raw }};
    var sFormat = 'xlsx';
    var sFields = "{{ sFields }}";

--- a/datamodels/2.x/itop-portal-base/portal/src/views/bricks/object/mode_search_regular.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/src/views/bricks/object/mode_search_regular.html.twig
@@ -52,7 +52,7 @@
 				"sortable": false,
 				"title": "",
 				"type": "html",
-				"data": "",
+				"data": "id",
 				"render": function(data, type, row){ return '<span class="row_input"><input type="{{ (bMultipleSelect) ? 'checkbox' : 'radio' }}" name="{{ sTargetAttCode }}" /></span>'; }
 		});

@@ -122,7 +122,7 @@
 			"dom": '<"row"<"col-sm-6"l><"col-sm-6"<f><"visible-xs"p>>>t<"row"<"col-sm-6"i><"col-sm-6"p>>',
 			"columns": getColumnsDefinition(),
 			"select": {
-				"style": "{{ (bMultipleSelect) ? 'multi' : 'os' }}"
+				"style": "{{ (bMultipleSelect) ? 'multi' : 'single' }}"
 			},
 			"rowId": "id",
 			"rowCallback": function(oRow, oData){
@@ -228,7 +228,7 @@
 			var aData = oTable.rows(indexes).data().toArray();
 			
 			// Checking input
-			$('#{{ sTableId }} tr[role="row"].selected td:first-child input').prop('checked', true);
+			$('#{{ sTableId }} tr[id].selected td:first-child input').prop('checked', true);
 			// Saving values in temp array
 			for(var i in aData)
 			{
@@ -243,7 +243,7 @@
 			var aData = oTable.rows(indexes).data().toArray();
 			
 			// Checking input
-			$('#{{ sTableId }} tr[role="row"]:not(.selected) td:first-child input').prop('checked', false);
+			$('#{{ sTableId }} tr[id]:not(.selected) td:first-child input').prop('checked', false);
 			// Saving values in temp array
 			for(var i in aData)
 			{
--- a/datamodels/2.x/itop-portal-base/portal/src/views/layout.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/src/views/layout.html.twig
@@ -103,12 +103,12 @@
 		{# Moment.js with locales#}
 		<script type="text/javascript" src="{{ app['combodo.absolute_url'] ~ 'js/moment-with-locales.min.js'|add_itop_version }}"></script>
 		{# Datatables #}
-		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/jquery.dataTables.min.js'|add_itop_version }}"></script>
+		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables.net/js/jquery.dataTables.min.js'|add_itop_version }}"></script>
 		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/dataTables.bootstrap.min.js'|add_itop_version }}"></script>
-		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/dataTables.fixedHeader.min.js'|add_itop_version }}"></script>
-		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/dataTables.responsive.min.js'|add_itop_version }}"></script>
-		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/dataTables.scroller.min.js'|add_itop_version }}"></script>
-		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/dataTables.select.min.js'|add_itop_version }}"></script>
+		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables.net-fixedheader/js/dataTables.fixedHeader.min.js'|add_itop_version }}"></script>
+		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables.net-responsive/js/dataTables.responsive.min.js'|add_itop_version }}"></script>
+		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables.net-scroller/js/dataTables.scroller.min.js'|add_itop_version }}"></script>
+		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables.net-select/js/dataTables.select.min.js'|add_itop_version }}"></script>
 		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'lib/datatables/js/datetime-moment.js'|add_itop_version }}"></script>
 		<script type="text/javascript" src="{{ app['combodo.portal.base.absolute_url'] ~ 'js/dataTables.accentNeutraliseForFilter.js'|add_itop_version }}"></script>
        {# Export for Datatables #}
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/License.txt
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/License.txt
@@ -0,0 +1,20 @@
+Copyright SpryMedia Limited and other contributors
+http://datatables.net
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/Readme.md
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/Readme.md
@@ -0,0 +1,50 @@
+# FixedHeader for DataTables 
+
+This package contains distribution files for the [FixedHeader extension](https://datatables.net/extensions/fixedheader) for [DataTables](https://datatables.net/). Only the core software for this library is contained in this package - to be correctly styled, a styling package for FixedHeader must also be included. Styling options include DataTable's native styling, [Bootstrap](http://getbootstrap.com) and [Foundation](http://foundation.zurb.com/).
+
+When displaying large amounts of data in a table, it can often be useful for the end user to have the column titles always visible. This is particularly true if using DataTables with pagination disabled, or the display length is set to a high value. The FixedHeader extension provides this ability.
+
+
+## Installation
+
+### Browser
+
+For inclusion of this library using a standard `<script>` tag, rather than using this package, it is recommended that you use the [DataTables download builder](//datatables.net/download) which can create CDN or locally hosted packages for you, will all dependencies satisfied.
+
+### npm
+
+```
+npm install datatables.net-fixedheader
+```
+
+```
+var $ = require( 'jquery' );
+require( 'datatables.net-fixedheader' )( window, $ );
+```
+
+### bower
+
+```
+bower install --save datatables.net-fixedheader
+```
+
+
+
+## Documentation
+
+Full documentation of the DataTables options, API and plug-in interface are available on the DOCS_LINK. The site also contains information on the wide variety of plug-ins that are available for DataTables, which can be used to enhance and customise your table even further.
+
+
+## Bug / Support
+
+Support for DataTables is available through the [DataTables forums](//datatables.net/forums) and [commercial support options](//datatables.net/support) are available.
+
+
+### Contributing
+
+If you are thinking of contributing code to DataTables, first of all, thank you! All fixes, patches and enhancements to DataTables are very warmly welcomed. This repository is a distribution repo, so patches and issues sent to this repo will not be accepted. Instead, please direct pull requests to the [DataTables/FixedHeader](http://github.com/DataTables/FixedHeader). For issues / bugs, please direct your questions to the [DataTables forums](//datatables.net/forums).
+
+
+## License
+
+This software is released under the [MIT license](//datatables.net/license). You are free to use, modify and distribute this software, but all copyright information must remain.
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/js/dataTables.fixedHeader.js
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/js/dataTables.fixedHeader.js
@@ -0,0 +1,736 @@
+/*! FixedHeader 3.1.8
+ * ©2009-2021 SpryMedia Ltd - datatables.net/license
+ */
+
+/**
+ * @summary     FixedHeader
+ * @description Fix a table's header or footer, so it is always visible while
+ *              scrolling
+ * @version     3.1.8
+ * @file        dataTables.fixedHeader.js
+ * @author      SpryMedia Ltd (www.sprymedia.co.uk)
+ * @contact     www.sprymedia.co.uk/contact
+ * @copyright   Copyright 2009-2021 SpryMedia Ltd.
+ *
+ * This source file is free software, available under the following license:
+ *   MIT license - http://datatables.net/license/mit
+ *
+ * This source file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the license files for details.
+ *
+ * For details please refer to: http://www.datatables.net
+ */
+
+(function( factory ){
+	if ( typeof define === 'function' && define.amd ) {
+		// AMD
+		define( ['jquery', 'datatables.net'], function ( $ ) {
+			return factory( $, window, document );
+		} );
+	}
+	else if ( typeof exports === 'object' ) {
+		// CommonJS
+		module.exports = function (root, $) {
+			if ( ! root ) {
+				root = window;
+			}
+
+			if ( ! $ || ! $.fn.dataTable ) {
+				$ = require('datatables.net')(root, $).$;
+			}
+
+			return factory( $, root, root.document );
+		};
+	}
+	else {
+		// Browser
+		factory( jQuery, window, document );
+	}
+}(function( $, window, document, undefined ) {
+'use strict';
+var DataTable = $.fn.dataTable;
+
+
+var _instCounter = 0;
+
+var FixedHeader = function ( dt, config ) {
+	// Sanity check - you just know it will happen
+	if ( ! (this instanceof FixedHeader) ) {
+		throw "FixedHeader must be initialised with the 'new' keyword.";
+	}
+
+	// Allow a boolean true for defaults
+	if ( config === true ) {
+		config = {};
+	}
+
+	dt = new DataTable.Api( dt );
+
+	this.c = $.extend( true, {}, FixedHeader.defaults, config );
+
+	this.s = {
+		dt: dt,
+		position: {
+			theadTop: 0,
+			tbodyTop: 0,
+			tfootTop: 0,
+			tfootBottom: 0,
+			width: 0,
+			left: 0,
+			tfootHeight: 0,
+			theadHeight: 0,
+			windowHeight: $(window).height(),
+			visible: true
+		},
+		headerMode: null,
+		footerMode: null,
+		autoWidth: dt.settings()[0].oFeatures.bAutoWidth,
+		namespace: '.dtfc'+(_instCounter++),
+		scrollLeft: {
+			header: -1,
+			footer: -1
+		},
+		enable: true
+	};
+
+	this.dom = {
+		floatingHeader: null,
+		thead: $(dt.table().header()),
+		tbody: $(dt.table().body()),
+		tfoot: $(dt.table().footer()),
+		header: {
+			host: null,
+			floating: null,
+			placeholder: null
+		},
+		footer: {
+			host: null,
+			floating: null,
+			placeholder: null
+		}
+	};
+
+	this.dom.header.host = this.dom.thead.parent();
+	this.dom.footer.host = this.dom.tfoot.parent();
+
+	var dtSettings = dt.settings()[0];
+	if ( dtSettings._fixedHeader ) {
+		throw "FixedHeader already initialised on table "+dtSettings.nTable.id;
+	}
+
+	dtSettings._fixedHeader = this;
+
+	this._constructor();
+};
+
+
+/*
+ * Variable: FixedHeader
+ * Purpose:  Prototype for FixedHeader
+ * Scope:    global
+ */
+$.extend( FixedHeader.prototype, {
+	/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+	 * API methods
+	 */
+
+	/**
+	 * Kill off FH and any events
+	 */
+	destroy: function () {
+		this.s.dt.off( '.dtfc' );
+		$(window).off( this.s.namespace );
+
+		if ( this.c.header ) {
+			this._modeChange( 'in-place', 'header', true );
+		}
+
+		if ( this.c.footer && this.dom.tfoot.length ) {
+			this._modeChange( 'in-place', 'footer', true );
+		}
+	},
+
+	/**
+	 * Enable / disable the fixed elements
+	 *
+	 * @param  {boolean} enable `true` to enable, `false` to disable
+	 */
+	enable: function ( enable, update )
+	{
+		this.s.enable = enable;
+
+		if ( update || update === undefined ) {
+			this._positions();
+			this._scroll( true );
+		}
+	},
+
+	/**
+	 * Get enabled status
+	 */
+	enabled: function ()
+	{
+		return this.s.enable;
+	},
+	
+	/**
+	 * Set header offset 
+	 *
+	 * @param  {int} new value for headerOffset
+	 */
+	headerOffset: function ( offset )
+	{
+		if ( offset !== undefined ) {
+			this.c.headerOffset = offset;
+			this.update();
+		}
+
+		return this.c.headerOffset;
+	},
+	
+	/**
+	 * Set footer offset
+	 *
+	 * @param  {int} new value for footerOffset
+	 */
+	footerOffset: function ( offset )
+	{
+		if ( offset !== undefined ) {
+			this.c.footerOffset = offset;
+			this.update();
+		}
+
+		return this.c.footerOffset;
+	},
+
+	
+	/**
+	 * Recalculate the position of the fixed elements and force them into place
+	 */
+	update: function ()
+	{
+		var table = this.s.dt.table().node();
+
+		if ( $(table).is(':visible') ) {
+			this.enable( true, false );
+		}
+		else {
+			this.enable( false, false );
+		}
+
+		this._positions();
+		this._scroll( true );
+	},
+
+
+	/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+	 * Constructor
+	 */
+	
+	/**
+	 * FixedHeader constructor - adding the required event listeners and
+	 * simple initialisation
+	 *
+	 * @private
+	 */
+	_constructor: function ()
+	{
+		var that = this;
+		var dt = this.s.dt;
+
+		$(window)
+			.on( 'scroll'+this.s.namespace, function () {
+				that._scroll();
+			} )
+			.on( 'resize'+this.s.namespace, DataTable.util.throttle( function () {
+				that.s.position.windowHeight = $(window).height();
+				that.update();
+			}, 50 ) );
+
+		var autoHeader = $('.fh-fixedHeader');
+		if ( ! this.c.headerOffset && autoHeader.length ) {
+			this.c.headerOffset = autoHeader.outerHeight();
+		}
+
+		var autoFooter = $('.fh-fixedFooter');
+		if ( ! this.c.footerOffset && autoFooter.length ) {
+			this.c.footerOffset = autoFooter.outerHeight();
+		}
+
+		dt.on( 'column-reorder.dt.dtfc column-visibility.dt.dtfc draw.dt.dtfc column-sizing.dt.dtfc responsive-display.dt.dtfc', function () {
+			that.update();
+		} );
+
+		dt.on( 'destroy.dtfc', function () {
+			that.destroy();
+		} );
+
+		this._positions();
+		this._scroll();
+	},
+
+
+	/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+	 * Private methods
+	 */
+
+	/**
+	 * Clone a fixed item to act as a place holder for the original element
+	 * which is moved into a clone of the table element, and moved around the
+	 * document to give the fixed effect.
+	 *
+	 * @param  {string}  item  'header' or 'footer'
+	 * @param  {boolean} force Force the clone to happen, or allow automatic
+	 *   decision (reuse existing if available)
+	 * @private
+	 */
+	_clone: function ( item, force )
+	{
+		var dt = this.s.dt;
+		var itemDom = this.dom[ item ];
+		var itemElement = item === 'header' ?
+			this.dom.thead :
+			this.dom.tfoot;
+
+		if ( ! force && itemDom.floating ) {
+			// existing floating element - reuse it
+			itemDom.floating.removeClass( 'fixedHeader-floating fixedHeader-locked' );
+		}
+		else {
+			if ( itemDom.floating ) {
+				itemDom.placeholder.remove();
+				this._unsize( item );
+				itemDom.floating.children().detach();
+				itemDom.floating.remove();
+			}
+
+			itemDom.floating = $( dt.table().node().cloneNode( false ) )
+				.css( 'table-layout', 'fixed' )
+				.attr( 'aria-hidden', 'true' )
+				.removeAttr( 'id' )
+				.append( itemElement )
+				.appendTo( 'body' );
+
+			// Insert a fake thead/tfoot into the DataTable to stop it jumping around
+			itemDom.placeholder = itemElement.clone( false );
+			itemDom.placeholder
+				.find( '*[id]' )
+				.removeAttr( 'id' );
+
+			itemDom.host.prepend( itemDom.placeholder );
+
+			// Clone widths
+			this._matchWidths( itemDom.placeholder, itemDom.floating );
+		}
+	},
+
+	/**
+	 * Copy widths from the cells in one element to another. This is required
+	 * for the footer as the footer in the main table takes its sizes from the
+	 * header columns. That isn't present in the footer so to have it still
+	 * align correctly, the sizes need to be copied over. It is also required
+	 * for the header when auto width is not enabled
+	 *
+	 * @param  {jQuery} from Copy widths from
+	 * @param  {jQuery} to   Copy widths to
+	 * @private
+	 */
+	_matchWidths: function ( from, to ) {
+		var get = function ( name ) {
+			return $(name, from)
+				.map( function () {
+					return $(this).css('width').replace(/[^\d\.]/g, '') * 1;
+				} ).toArray();
+		};
+
+		var set = function ( name, toWidths ) {
+			$(name, to).each( function ( i ) {
+				$(this).css( {
+					width: toWidths[i],
+					minWidth: toWidths[i]
+				} );
+			} );
+		};
+
+		var thWidths = get( 'th' );
+		var tdWidths = get( 'td' );
+
+		set( 'th', thWidths );
+		set( 'td', tdWidths );
+	},
+
+	/**
+	 * Remove assigned widths from the cells in an element. This is required
+	 * when inserting the footer back into the main table so the size is defined
+	 * by the header columns and also when auto width is disabled in the
+	 * DataTable.
+	 *
+	 * @param  {string} item The `header` or `footer`
+	 * @private
+	 */
+	_unsize: function ( item ) {
+		var el = this.dom[ item ].floating;
+
+		if ( el && (item === 'footer' || (item === 'header' && ! this.s.autoWidth)) ) {
+			$('th, td', el).css( {
+				width: '',
+				minWidth: ''
+			} );
+		}
+		else if ( el && item === 'header' ) {
+			$('th, td', el).css( 'min-width', '' );
+		}
+	},
+
+	/**
+	 * Reposition the floating elements to take account of horizontal page
+	 * scroll
+	 *
+	 * @param  {string} item       The `header` or `footer`
+	 * @param  {int}    scrollLeft Document scrollLeft
+	 * @private
+	 */
+	_horizontal: function ( item, scrollLeft )
+	{
+		var itemDom = this.dom[ item ];
+		var position = this.s.position;
+		var lastScrollLeft = this.s.scrollLeft;
+
+		if ( itemDom.floating && lastScrollLeft[ item ] !== scrollLeft ) {
+			itemDom.floating.css( 'left', position.left - scrollLeft );
+
+			lastScrollLeft[ item ] = scrollLeft;
+		}
+	},
+
+	/**
+	 * Change from one display mode to another. Each fixed item can be in one
+	 * of:
+	 *
+	 * * `in-place` - In the main DataTable
+	 * * `in` - Floating over the DataTable
+	 * * `below` - (Header only) Fixed to the bottom of the table body
+	 * * `above` - (Footer only) Fixed to the top of the table body
+	 * 
+	 * @param  {string}  mode        Mode that the item should be shown in
+	 * @param  {string}  item        'header' or 'footer'
+	 * @param  {boolean} forceChange Force a redraw of the mode, even if already
+	 *     in that mode.
+	 * @private
+	 */
+	_modeChange: function ( mode, item, forceChange )
+	{
+		var dt = this.s.dt;
+		var itemDom = this.dom[ item ];
+		var position = this.s.position;
+
+		// It isn't trivial to add a !important css attribute...
+		var importantWidth = function (w) {
+			itemDom.floating.attr('style', function(i,s) {
+				return (s || '') + 'width: '+w+'px !important;';
+			});
+		};
+
+		// Record focus. Browser's will cause input elements to loose focus if
+		// they are inserted else where in the doc
+		var tablePart = this.dom[ item==='footer' ? 'tfoot' : 'thead' ];
+		var focus = $.contains( tablePart[0], document.activeElement ) ?
+			document.activeElement :
+			null;
+		
+		if ( focus ) {
+			focus.blur();
+		}
+
+		if ( mode === 'in-place' ) {
+			// Insert the header back into the table's real header
+			if ( itemDom.placeholder ) {
+				itemDom.placeholder.remove();
+				itemDom.placeholder = null;
+			}
+
+			this._unsize( item );
+
+			if ( item === 'header' ) {
+				itemDom.host.prepend( tablePart );
+			}
+			else {
+				itemDom.host.append( tablePart );
+			}
+
+			if ( itemDom.floating ) {
+				itemDom.floating.remove();
+				itemDom.floating = null;
+			}
+		}
+		else if ( mode === 'in' ) {
+			// Remove the header from the read header and insert into a fixed
+			// positioned floating table clone
+			this._clone( item, forceChange );
+
+			itemDom.floating
+				.addClass( 'fixedHeader-floating' )
+				.css( item === 'header' ? 'top' : 'bottom', this.c[item+'Offset'] )
+				.css( 'left', position.left+'px' );
+
+			importantWidth(position.width);
+
+			if ( item === 'footer' ) {
+				itemDom.floating.css( 'top', '' );
+			}
+		}
+		else if ( mode === 'below' ) { // only used for the header
+			// Fix the position of the floating header at base of the table body
+			this._clone( item, forceChange );
+
+			itemDom.floating
+				.addClass( 'fixedHeader-locked' )
+				.css( 'top', position.tfootTop - position.theadHeight )
+				.css( 'left', position.left+'px' );
+
+			importantWidth(position.width);
+		}
+		else if ( mode === 'above' ) { // only used for the footer
+			// Fix the position of the floating footer at top of the table body
+			this._clone( item, forceChange );
+
+			itemDom.floating
+				.addClass( 'fixedHeader-locked' )
+				.css( 'top', position.tbodyTop )
+				.css( 'left', position.left+'px' );
+
+			importantWidth(position.width);
+		}
+
+		// Restore focus if it was lost
+		if ( focus && focus !== document.activeElement ) {
+			setTimeout( function () {
+				focus.focus();
+			}, 10 );
+		}
+
+		this.s.scrollLeft.header = -1;
+		this.s.scrollLeft.footer = -1;
+		this.s[item+'Mode'] = mode;
+	},
+
+	/**
+	 * Cache the positional information that is required for the mode
+	 * calculations that FixedHeader performs.
+	 *
+	 * @private
+	 */
+	_positions: function ()
+	{
+		var dt = this.s.dt;
+		var table = dt.table();
+		var position = this.s.position;
+		var dom = this.dom;
+		var tableNode = $(table.node());
+
+		// Need to use the header and footer that are in the main table,
+		// regardless of if they are clones, since they hold the positions we
+		// want to measure from
+		var thead = tableNode.children('thead');
+		var tfoot = tableNode.children('tfoot');
+		var tbody = dom.tbody;
+
+		position.visible = tableNode.is(':visible');
+		position.width = tableNode.outerWidth();
+		position.left = tableNode.offset().left;
+		position.theadTop = thead.offset().top;
+		position.tbodyTop = tbody.offset().top;
+		position.tbodyHeight = tbody.outerHeight();
+		position.theadHeight = position.tbodyTop - position.theadTop;
+
+		if ( tfoot.length ) {
+			position.tfootTop = tfoot.offset().top;
+			position.tfootBottom = position.tfootTop + tfoot.outerHeight();
+			position.tfootHeight = position.tfootBottom - position.tfootTop;
+		}
+		else {
+			position.tfootTop = position.tbodyTop + tbody.outerHeight();
+			position.tfootBottom = position.tfootTop;
+			position.tfootHeight = position.tfootTop;
+		}
+	},
+
+
+	/**
+	 * Mode calculation - determine what mode the fixed items should be placed
+	 * into.
+	 *
+	 * @param  {boolean} forceChange Force a redraw of the mode, even if already
+	 *     in that mode.
+	 * @private
+	 */
+	_scroll: function ( forceChange )
+	{
+		var windowTop = $(document).scrollTop();
+		var windowLeft = $(document).scrollLeft();
+		var position = this.s.position;
+		var headerMode, footerMode;
+
+		if ( this.c.header ) {
+			if ( ! this.s.enable ) {
+				headerMode = 'in-place';
+			}
+			else if ( ! position.visible || windowTop <= position.theadTop - this.c.headerOffset ) {
+				headerMode = 'in-place';
+			}
+			else if ( windowTop <= position.tfootTop - position.theadHeight - this.c.headerOffset ) {
+				headerMode = 'in';
+			}
+			else {
+				headerMode = 'below';
+			}
+
+			if ( forceChange || headerMode !== this.s.headerMode ) {
+				this._modeChange( headerMode, 'header', forceChange );
+			}
+
+			this._horizontal( 'header', windowLeft );
+		}
+
+		if ( this.c.footer && this.dom.tfoot.length ) {
+			if ( ! this.s.enable ) {
+				footerMode = 'in-place';
+			}
+			else if ( ! position.visible || windowTop + position.windowHeight >= position.tfootBottom + this.c.footerOffset ) {
+				footerMode = 'in-place';
+			}
+			else if ( position.windowHeight + windowTop > position.tbodyTop + position.tfootHeight + this.c.footerOffset ) {
+				footerMode = 'in';
+			}
+			else {
+				footerMode = 'above';
+			}
+
+			if ( forceChange || footerMode !== this.s.footerMode ) {
+				this._modeChange( footerMode, 'footer', forceChange );
+			}
+
+			this._horizontal( 'footer', windowLeft );
+		}
+	}
+} );
+
+
+/**
+ * Version
+ * @type {String}
+ * @static
+ */
+FixedHeader.version = "3.1.8";
+
+/**
+ * Defaults
+ * @type {Object}
+ * @static
+ */
+FixedHeader.defaults = {
+	header: true,
+	footer: false,
+	headerOffset: 0,
+	footerOffset: 0
+};
+
+
+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
+ * DataTables interfaces
+ */
+
+// Attach for constructor access
+$.fn.dataTable.FixedHeader = FixedHeader;
+$.fn.DataTable.FixedHeader = FixedHeader;
+
+
+// DataTables creation - check if the FixedHeader option has been defined on the
+// table and if so, initialise
+$(document).on( 'init.dt.dtfh', function (e, settings, json) {
+	if ( e.namespace !== 'dt' ) {
+		return;
+	}
+
+	var init = settings.oInit.fixedHeader;
+	var defaults = DataTable.defaults.fixedHeader;
+
+	if ( (init || defaults) && ! settings._fixedHeader ) {
+		var opts = $.extend( {}, defaults, init );
+
+		if ( init !== false ) {
+			new FixedHeader( settings, opts );
+		}
+	}
+} );
+
+// DataTables API methods
+DataTable.Api.register( 'fixedHeader()', function () {} );
+
+DataTable.Api.register( 'fixedHeader.adjust()', function () {
+	return this.iterator( 'table', function ( ctx ) {
+		var fh = ctx._fixedHeader;
+
+		if ( fh ) {
+			fh.update();
+		}
+	} );
+} );
+
+DataTable.Api.register( 'fixedHeader.enable()', function ( flag ) {
+	return this.iterator( 'table', function ( ctx ) {
+		var fh = ctx._fixedHeader;
+
+		flag = ( flag !== undefined ? flag : true );
+		if ( fh && flag !== fh.enabled() ) {
+			fh.enable( flag );
+		}
+	} );
+} );
+
+DataTable.Api.register( 'fixedHeader.enabled()', function () {
+	if ( this.context.length ) {
+		var fh = this.context[0]._fixedHeader;
+
+		if ( fh ) {
+			return fh.enabled();
+		}
+	}
+
+	return false;
+} );
+
+DataTable.Api.register( 'fixedHeader.disable()', function ( ) {
+	return this.iterator( 'table', function ( ctx ) {
+		var fh = ctx._fixedHeader;
+
+		if ( fh && fh.enabled() ) {
+			fh.enable( false );
+		}
+	} );
+} );
+
+$.each( ['header', 'footer'], function ( i, el ) {
+	DataTable.Api.register( 'fixedHeader.'+el+'Offset()', function ( offset ) {
+		var ctx = this.context;
+
+		if ( offset === undefined ) {
+			return ctx.length && ctx[0]._fixedHeader ?
+				ctx[0]._fixedHeader[el +'Offset']() :
+				undefined;
+		}
+
+		return this.iterator( 'table', function ( ctx ) {
+			var fh = ctx._fixedHeader;
+
+			if ( fh ) {
+				fh[ el +'Offset' ]( offset );
+			}
+		} );
+	} );
+} );
+
+
+return FixedHeader;
+}));
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/js/dataTables.fixedHeader.min.js
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/js/dataTables.fixedHeader.min.js
@@ -0,0 +1,19 @@
+/*!
+ FixedHeader 3.1.8
+ ©2009-2021 SpryMedia Ltd - datatables.net/license
+*/
+(function(d){"function"===typeof define&&define.amd?define(["jquery","datatables.net"],function(g){return d(g,window,document)}):"object"===typeof exports?module.exports=function(g,j){g||(g=window);if(!j||!j.fn.dataTable)j=require("datatables.net")(g,j).$;return d(j,g,g.document)}:d(jQuery,window,document)})(function(d,g,j,k){var i=d.fn.dataTable,l=0,h=function(a,b){if(!(this instanceof h))throw"FixedHeader must be initialised with the 'new' keyword.";!0===b&&(b={});a=new i.Api(a);this.c=d.extend(!0,
+{},h.defaults,b);this.s={dt:a,position:{theadTop:0,tbodyTop:0,tfootTop:0,tfootBottom:0,width:0,left:0,tfootHeight:0,theadHeight:0,windowHeight:d(g).height(),visible:!0},headerMode:null,footerMode:null,autoWidth:a.settings()[0].oFeatures.bAutoWidth,namespace:".dtfc"+l++,scrollLeft:{header:-1,footer:-1},enable:!0};this.dom={floatingHeader:null,thead:d(a.table().header()),tbody:d(a.table().body()),tfoot:d(a.table().footer()),header:{host:null,floating:null,placeholder:null},footer:{host:null,floating:null,
+placeholder:null}};this.dom.header.host=this.dom.thead.parent();this.dom.footer.host=this.dom.tfoot.parent();var e=a.settings()[0];if(e._fixedHeader)throw"FixedHeader already initialised on table "+e.nTable.id;e._fixedHeader=this;this._constructor()};d.extend(h.prototype,{destroy:function(){this.s.dt.off(".dtfc");d(g).off(this.s.namespace);this.c.header&&this._modeChange("in-place","header",!0);this.c.footer&&this.dom.tfoot.length&&this._modeChange("in-place","footer",!0)},enable:function(a,b){this.s.enable=
+a;if(b||b===k)this._positions(),this._scroll(!0)},enabled:function(){return this.s.enable},headerOffset:function(a){a!==k&&(this.c.headerOffset=a,this.update());return this.c.headerOffset},footerOffset:function(a){a!==k&&(this.c.footerOffset=a,this.update());return this.c.footerOffset},update:function(){var a=this.s.dt.table().node();d(a).is(":visible")?this.enable(!0,!1):this.enable(!1,!1);this._positions();this._scroll(!0)},_constructor:function(){var a=this,b=this.s.dt;d(g).on("scroll"+this.s.namespace,
+function(){a._scroll()}).on("resize"+this.s.namespace,i.util.throttle(function(){a.s.position.windowHeight=d(g).height();a.update()},50));var e=d(".fh-fixedHeader");!this.c.headerOffset&&e.length&&(this.c.headerOffset=e.outerHeight());e=d(".fh-fixedFooter");!this.c.footerOffset&&e.length&&(this.c.footerOffset=e.outerHeight());b.on("column-reorder.dt.dtfc column-visibility.dt.dtfc draw.dt.dtfc column-sizing.dt.dtfc responsive-display.dt.dtfc",function(){a.update()});b.on("destroy.dtfc",function(){a.destroy()});
+this._positions();this._scroll()},_clone:function(a,b){var e=this.s.dt,c=this.dom[a],f="header"===a?this.dom.thead:this.dom.tfoot;!b&&c.floating?c.floating.removeClass("fixedHeader-floating fixedHeader-locked"):(c.floating&&(c.placeholder.remove(),this._unsize(a),c.floating.children().detach(),c.floating.remove()),c.floating=d(e.table().node().cloneNode(!1)).css("table-layout","fixed").attr("aria-hidden","true").removeAttr("id").append(f).appendTo("body"),c.placeholder=f.clone(!1),c.placeholder.find("*[id]").removeAttr("id"),
+c.host.prepend(c.placeholder),this._matchWidths(c.placeholder,c.floating))},_matchWidths:function(a,b){var e=function(b){return d(b,a).map(function(){return 1*d(this).css("width").replace(/[^\d\.]/g,"")}).toArray()},c=function(a,c){d(a,b).each(function(a){d(this).css({width:c[a],minWidth:c[a]})})},f=e("th"),e=e("td");c("th",f);c("td",e)},_unsize:function(a){var b=this.dom[a].floating;b&&("footer"===a||"header"===a&&!this.s.autoWidth)?d("th, td",b).css({width:"",minWidth:""}):b&&"header"===a&&d("th, td",
+b).css("min-width","")},_horizontal:function(a,b){var e=this.dom[a],c=this.s.position,d=this.s.scrollLeft;e.floating&&d[a]!==b&&(e.floating.css("left",c.left-b),d[a]=b)},_modeChange:function(a,b,e){var c=this.dom[b],f=this.s.position,g=function(a){c.floating.attr("style",function(b,c){return(c||"")+"width: "+a+"px !important;"})},i=this.dom["footer"===b?"tfoot":"thead"],h=d.contains(i[0],j.activeElement)?j.activeElement:null;h&&h.blur();if("in-place"===a){if(c.placeholder&&(c.placeholder.remove(),
+c.placeholder=null),this._unsize(b),"header"===b?c.host.prepend(i):c.host.append(i),c.floating)c.floating.remove(),c.floating=null}else"in"===a?(this._clone(b,e),c.floating.addClass("fixedHeader-floating").css("header"===b?"top":"bottom",this.c[b+"Offset"]).css("left",f.left+"px"),g(f.width),"footer"===b&&c.floating.css("top","")):"below"===a?(this._clone(b,e),c.floating.addClass("fixedHeader-locked").css("top",f.tfootTop-f.theadHeight).css("left",f.left+"px"),g(f.width)):"above"===a&&(this._clone(b,
+e),c.floating.addClass("fixedHeader-locked").css("top",f.tbodyTop).css("left",f.left+"px"),g(f.width));h&&h!==j.activeElement&&setTimeout(function(){h.focus()},10);this.s.scrollLeft.header=-1;this.s.scrollLeft.footer=-1;this.s[b+"Mode"]=a},_positions:function(){var a=this.s.dt.table(),b=this.s.position,e=this.dom,a=d(a.node()),c=a.children("thead"),f=a.children("tfoot"),e=e.tbody;b.visible=a.is(":visible");b.width=a.outerWidth();b.left=a.offset().left;b.theadTop=c.offset().top;b.tbodyTop=e.offset().top;
+b.tbodyHeight=e.outerHeight();b.theadHeight=b.tbodyTop-b.theadTop;f.length?(b.tfootTop=f.offset().top,b.tfootBottom=b.tfootTop+f.outerHeight(),b.tfootHeight=b.tfootBottom-b.tfootTop):(b.tfootTop=b.tbodyTop+e.outerHeight(),b.tfootBottom=b.tfootTop,b.tfootHeight=b.tfootTop)},_scroll:function(a){var b=d(j).scrollTop(),e=d(j).scrollLeft(),c=this.s.position,f;this.c.header&&(f=this.s.enable?!c.visible||b<=c.theadTop-this.c.headerOffset?"in-place":b<=c.tfootTop-c.theadHeight-this.c.headerOffset?"in":"below":
+"in-place",(a||f!==this.s.headerMode)&&this._modeChange(f,"header",a),this._horizontal("header",e));this.c.footer&&this.dom.tfoot.length&&(b=this.s.enable?!c.visible||b+c.windowHeight>=c.tfootBottom+this.c.footerOffset?"in-place":c.windowHeight+b>c.tbodyTop+c.tfootHeight+this.c.footerOffset?"in":"above":"in-place",(a||b!==this.s.footerMode)&&this._modeChange(b,"footer",a),this._horizontal("footer",e))}});h.version="3.1.8";h.defaults={header:!0,footer:!1,headerOffset:0,footerOffset:0};d.fn.dataTable.FixedHeader=
+h;d.fn.DataTable.FixedHeader=h;d(j).on("init.dt.dtfh",function(a,b){if("dt"===a.namespace){var e=b.oInit.fixedHeader,c=i.defaults.fixedHeader;if((e||c)&&!b._fixedHeader)c=d.extend({},c,e),!1!==e&&new h(b,c)}});i.Api.register("fixedHeader()",function(){});i.Api.register("fixedHeader.adjust()",function(){return this.iterator("table",function(a){(a=a._fixedHeader)&&a.update()})});i.Api.register("fixedHeader.enable()",function(a){return this.iterator("table",function(b){b=b._fixedHeader;a=a!==k?a:!0;
+b&&a!==b.enabled()&&b.enable(a)})});i.Api.register("fixedHeader.enabled()",function(){if(this.context.length){var a=this.context[0]._fixedHeader;if(a)return a.enabled()}return!1});i.Api.register("fixedHeader.disable()",function(){return this.iterator("table",function(a){(a=a._fixedHeader)&&a.enabled()&&a.enable(!1)})});d.each(["header","footer"],function(a,b){i.Api.register("fixedHeader."+b+"Offset()",function(a){var c=this.context;return a===k?c.length&&c[0]._fixedHeader?c[0]._fixedHeader[b+"Offset"]():
+k:this.iterator("table",function(c){if(c=c._fixedHeader)c[b+"Offset"](a)})})});return h});
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/package.json
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-fixedheader/package.json
@@ -0,0 +1,36 @@
+{
+    "name": "datatables.net-fixedheader",
+    "version": "3.1.8",
+    "description": "FixedHeader for DataTables ",
+    "files": [
+        "js/**/*.js"
+    ],
+    "main": "js/dataTables.fixedHeader.js",
+    "type": "types.d.ts",
+    "keywords": [
+        "fixed headers",
+        "sticky",
+        "DataTables",
+        "jQuery",
+        "table",
+        "DataTables"
+    ],
+    "homepage": "https://datatables.net",
+    "bugs": "https://datatables.net/forums",
+    "license": "MIT",
+    "author": {
+        "name": "SpryMedia Ltd",
+        "url": "http://datatables.net"
+    },
+    "dependencies": {
+        "jquery": ">=1.7",
+        "datatables.net": "^1.10.15"
+    },
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/DataTables/Dist-DataTables-FixedHeader.git"
+    },
+    "devDependencies": {
+        "@types/jquery": "^3.5.1"
+    }
+}
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/License.txt
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/License.txt
@@ -0,0 +1,20 @@
+Copyright SpryMedia Limited and other contributors
+http://datatables.net
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/Readme.md
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/Readme.md
@@ -0,0 +1,50 @@
+# Responsive for DataTables 
+
+This package contains distribution files for the [Responsive extension](https://datatables.net/extensions/responsive) for [DataTables](https://datatables.net/). Only the core software for this library is contained in this package - to be correctly styled, a styling package for Responsive must also be included. Styling options include DataTable's native styling, [Bootstrap](http://getbootstrap.com) and [Foundation](http://foundation.zurb.com/).
+
+In the modern world of responsive web design tables can often cause a particular problem for designers due to their row based layout. Responsive is an extension for DataTables that resolves that problem by optimising the table's layout for different screen sizes through the dynamic insertion and removal of columns from the table.
+
+
+## Installation
+
+### Browser
+
+For inclusion of this library using a standard `<script>` tag, rather than using this package, it is recommended that you use the [DataTables download builder](//datatables.net/download) which can create CDN or locally hosted packages for you, will all dependencies satisfied.
+
+### npm
+
+```
+npm install datatables.net-responsive
+```
+
+```
+var $ = require( 'jquery' );
+require( 'datatables.net-responsive' )( window, $ );
+```
+
+### bower
+
+```
+bower install --save datatables.net-responsive
+```
+
+
+
+## Documentation
+
+Full documentation of the DataTables options, API and plug-in interface are available on the DOCS_LINK. The site also contains information on the wide variety of plug-ins that are available for DataTables, which can be used to enhance and customise your table even further.
+
+
+## Bug / Support
+
+Support for DataTables is available through the [DataTables forums](//datatables.net/forums) and [commercial support options](//datatables.net/support) are available.
+
+
+### Contributing
+
+If you are thinking of contributing code to DataTables, first of all, thank you! All fixes, patches and enhancements to DataTables are very warmly welcomed. This repository is a distribution repo, so patches and issues sent to this repo will not be accepted. Instead, please direct pull requests to the [DataTables/Responsive](http://github.com/DataTables/Responsive). For issues / bugs, please direct your questions to the [DataTables forums](//datatables.net/forums).
+
+
+## License
+
+This software is released under the [MIT license](//datatables.net/license). You are free to use, modify and distribute this software, but all copyright information must remain.
--- a/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/js/dataTables.responsive.js
+++ b/datamodels/2.x/itop-portal-base/portal/web/lib/datatables.net-responsive/js/dataTables.responsive.js
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pierre Goiffon	8295eaed90	Merge remote-tracking branch 'origin/support/2.5' into support/2.6	2023-07-26 12:06:32 +02:00
Pierre Goiffon	219b970703	N°4478 Fix linkedset widget in portal when adding new items with already selected ones Was already committed to develop with `e59d472c`	2021-12-10 15:56:33 +01:00
Pierre Goiffon	76c139253e	🎨 Fix language injection	2021-12-10 15:24:16 +01:00
Pierre Goiffon	10cfb373f2	N°4481 Fix badly escaped dialog tooltip Was commited to develop first (`99a0e0c5` and `4f27f3ac`)	2021-12-10 13:38:24 +01:00
Pierre Goiffon	97d6d413bb	N°4502 Fix dashboard page not refreshed after saving customm dashboard	2021-12-10 12:30:33 +01:00
Pierre Goiffon	3f8f57fa9a	N°4502 Fix cannot create new or edit existing custom dashboard Regression brought by `dbaf9241`	2021-12-10 09:15:43 +01:00
Pierre Goiffon	f916f9cde8	N°4289 Allow to use privUITransactionFile when no user logged Before we were throwing a SecurityException, which was blocking for combodo-unauthenticated-form for example	2021-12-08 17:16:12 +01:00
Molkobain	8a65a592f3	N°4360 - Rename class to match other classes convention	2021-11-26 13:47:05 +01:00
Pierre Goiffon	5e48400cb1	N°4478 Fix line selection (global and unique) not checking checkbox anymore	2021-11-26 11:44:32 +01:00
Pierre Goiffon	252562ace9	N°4478 Fix "Requested unknown parameter '' for row 0, column 0" when opening search on related object Forgotten file :/	2021-11-26 11:08:25 +01:00
Pierre Goiffon	770ac8ffe5	N°4478 Fix "Requested unknown parameter '' for row 0, column 0" when opening search on related object	2021-11-26 10:58:17 +01:00
Pierre Goiffon	ed3c387712	N°4478 Update Datatables lib	2021-11-25 10:55:48 +01:00
Pierre Goiffon	81a2a9278c	✅ N°4360 Fix SvgDOMSanitizer expected data	2021-11-23 17:38:30 +01:00
Pierre Goiffon	e15d4bfab6	N°4360 Security hardening	2021-11-23 17:25:50 +01:00
Pierre Goiffon	3e8dd2f4a5	N°4286 Setup : fix loop in first steps Setup token wasn't removed at the right place :/	2021-11-18 08:54:10 +01:00
Pierre Goiffon	51a49dfce8	Remove warnings, use finally block, formatting	2021-11-17 16:10:50 +01:00
Pierre Goiffon	066b71686d	N°4286 Setup : restore backup download on WizStepDone Setup token was put with N°2016 (`6b5cc7c`) But later on we refactored the token handling in SetupUtils methods, and we had token removal in WizStepDone (`43daa2ef`) : so the backup download cannot be done :/	2021-11-17 14:39:44 +01:00
Pierre Goiffon	be633001a5	Revert "N°4360 Security hardening" This reverts commit `8adf743cc7`. We will implement a different solution later (hopefully for 2.6.5 / 2.7.6 / 3.0.0 as well)	2021-11-17 11:13:29 +01:00
Pierre Goiffon	84426c6634	N°4365 Security hardening	2021-11-17 10:15:12 +01:00
Pierre Goiffon	dbaf924171	N°4363 Security hardening	2021-11-16 17:19:19 +01:00
Pierre Goiffon	8adf743cc7	N°4360 Security hardening	2021-11-16 12:01:16 +01:00
Pierre Goiffon	75450ded1d	N°4359 Security hardening	2021-11-15 16:38:11 +01:00
Pierre Goiffon	2beb795f9a	N°4304 Security hardening	2021-11-09 11:32:53 +01:00
Pierre Goiffon	e8d314e1f6	✅ N°4367 Fix \privUITransactionFileTest::testIsTransactionValid * change user name for when password policy is active * admin user doesn't exist on Jenkins : create a second user * test UserRights::Login return value * document that we depend on the sample data	2021-11-03 10:50:25 +01:00
Pierre Goiffon	e29f1825be	N°4367 Fix "redeclaration of const CombodoSanitizer" The utils.js can be included more than once in old iTop branches :( This is fixed in 3.0.0 (develop branch) Also add missing ";"	2021-11-02 17:14:16 +01:00
Pierre Goiffon	9b854dbcc7	N°4289 skip test (not working on Jenkins)	2021-10-21 14:52:59 +02:00
Pierre Goiffon	7757f1f2d2	N°4289 Security hardening	2021-10-21 12:43:03 +02:00
Pierre Goiffon	a353317746	N°4289 Fix privUITransactionFile generating error if MetaModel not loaded	2021-10-20 17:26:32 +02:00
Pierre Goiffon	723eb90160	N°4289 privUITransactionSession phpDoc	2021-10-20 17:25:58 +02:00
Pierre Goiffon	b3f827ed5e	N°4367 Security hardening	2021-10-18 14:27:58 +02:00
Pierre Goiffon	eaf8a187aa	N°3332 report function rename The method was renamed in `18d52319` but only on support/2.7 and above	2021-10-18 11:36:17 +02:00
Pierre Goiffon	34f64c61f6	privUITransaction fix inspections errors + formatting	2021-10-18 11:32:38 +02:00
Molkobain	92a9a8c65f	N°4129 - Security hardening	2021-08-18 15:57:18 +02:00
Pierre Goiffon	834ac00d37	📝 README : update latest releases Was made in #143 but on develop only, but we are still maintaining older branches !	2021-07-21 12:15:22 +02:00
Eric	5691ca0327	✅ Fix CI	2021-05-28 08:48:47 +02:00
Eric	86f649affc	N°4002 - code hardening	2021-05-27 16:13:27 +02:00
Eric	4f5c987d8b	N°4002 - code hardening	2021-05-27 15:57:04 +02:00
Eric	e441e5e78a	documentation	2021-05-27 11:49:32 +02:00
Eric	43daa2ef08	N°3952 - code hardening	2021-05-27 09:29:50 +02:00
acognet	db6e813cba	N°3945 - Password database is visible in the setup process	2021-05-18 17:34:57 +02:00
Pierre Goiffon	066a6d8b36	🔧 Use same .editorconfig in all supported branches	2021-01-25 09:12:38 +01:00
Pierre Goiffon	b9ca2ac13d	N°3416 Fix DocumentFile preview not working anymore Was caused by X-Frame-Options http header added with N°3317 (cherry picked from commit `35d77ff642`) # Conflicts: # pages/ajax.render.php	2020-12-03 08:20:51 +01:00
Pierre Goiffon	65e43e8d04	🔧 remove .gitflow as we don't have any master branch anymore	2020-10-22 10:10:15 +02:00
Pierre Goiffon	5fee2438ab	Fix comments : iTop 2.8.0 renamed to 3.0.0	2020-10-14 09:06:07 +02:00
Pierre Goiffon	8b1c20cc11	N°3332 Security hardening	2020-10-12 12:40:51 +02:00
odain	0001e8ffc4	💚 use new ci validation	2020-10-09 10:13:51 +02:00
odain	df5aacca42	💚 use new ci validation	2020-10-09 10:08:31 +02:00
Eric	1f53757318	N°3248 - code hardening (cherry picked from commit `6a25933744`) (cherry picked from commit `f74c78d61c`)	2020-10-05 14:54:17 +02:00
Pierre Goiffon	090119147c	🎨 PHP formatting	2020-10-05 14:42:03 +02:00
Pierre Goiffon	1551694198	N°3317 Security hardening	2020-10-05 14:42:03 +02:00
Eric	bef1832ac7	N°3317 - Add http headers	2020-09-29 14:07:24 +02:00
Pierre Goiffon	45e366745d	N°3333 Security hardening	2020-09-24 17:34:57 +02:00
Pierre Goiffon	1e634a8bba	N°3332 Security hardening	2020-09-23 17:17:05 +02:00
Pierre Goiffon	228a945da9	N°2984 Security hardening	2020-05-14 11:26:35 +02:00
Pierre Goiffon	834297e675	N°2985 Security hardening (#140 ) Thanks @bruno-ds for the review !	2020-05-13 10:04:40 +02:00
Pierre Goiffon	3c9318d56a	N°2990 Fix count warning on audit OQL error	2020-05-12 09:41:24 +02:00
Pierre Goiffon	30d10b6f11	N°2990 Security hardening	2020-05-12 09:40:58 +02:00
Pierre Goiffon	f8e39877b3	N°2988 Security hardening	2020-05-07 11:49:58 +02:00
Pierre Goiffon	0a3f7d7ef7	N°2989 ajax.backup small updates * update copyright * in messages replace iTop by constant	2020-05-07 11:18:21 +02:00
Pierre Goiffon	222eb47bd2	N°2989 ajax.backup : refactor exit conditions Adding a die() call so that we are sure to exit on errors !	2020-05-07 10:49:05 +02:00
Pierre Goiffon	c5b1f02d2b	🔖 Update versions to 2.6.4	2020-04-21 08:52:42 +02:00
Pierre Goiffon	f81ab4d71a	🚀 Release tool to update versions Was already comitted in 2.7 branch (`fd1e17cc`)	2020-04-21 08:50:25 +02:00
Eric	b88b9dabdb	N°2919 - Dashboard - Fix dashboard not saved The sanitization was too strong. Some names can contain ':'	2020-04-09 17:59:52 +02:00
Eric	06b17e82db	N°2755 - Security hardening	2020-04-09 11:03:07 +02:00
Eric	2add79a473	N°2853 - Security hardening	2020-04-09 10:55:17 +02:00
Eric	3a37e24496	N°2306 - Security hardening	2020-04-08 09:28:20 +02:00
Eric	b1d703bff3	N°1671 Portal: Fix Aggregate Brick when user profile is not allowed to see one of the sub-brick	2020-04-06 14:07:42 +02:00
Eric	a3a34a94e7	N°1355 - Security hardening	2020-04-06 11:47:57 +02:00
Stephen Abello	6edc365685	N°2742 - HTML files preview are now raw text only	2020-04-06 09:47:24 +02:00
Stephen Abello	4b7f736af0	N°2755 - Security hardening	2020-04-06 09:42:41 +02:00
Stephen Abello	016fbaed36	N°2755 - Security hardening	2020-04-06 09:42:15 +02:00
Stephen Abello	bfcd137e52	N°2853 - Security hardening (cherry picked from commit `d01caaf4e4`)	2020-04-06 09:37:58 +02:00
Stephen Abello	f9af8fc912	N°2855 - Security hardening (cherry picked from commit `c5c7fd5c85`)	2020-04-06 09:20:02 +02:00
Stephen Abello	bd083d632f	Update readme for 2.6.3 release	2020-02-05 11:22:39 +01:00
Molkobain	bd9da07734	Merge branch 'support/2.5'	2020-01-22 09:55:50 +01:00
Molkobain	3dbbf296b8	Exclude combodo-db-tools module from packages by default	2020-01-22 09:10:54 +01:00
Stephen Abello	50a8af4082	Update version number for 2.6.3	2020-01-20 16:30:51 +01:00
Stephen Abello	6a1125875b	Merge branch 'support/2.5' # Conflicts: # css/css-variables.scss # css/light-grey.css # datamodels/2.x/authent-external/module.authent-external.php # datamodels/2.x/authent-ldap/module.authent-ldap.php # datamodels/2.x/authent-local/module.authent-local.php # datamodels/2.x/itop-attachments/module.attachments.php # datamodels/2.x/itop-backup/module.itop-backup.php # datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php # datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php # datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php # datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php # datamodels/2.x/itop-config/module.itop-config.php # datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php # datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php # datamodels/2.x/itop-full-itil/module.itop-full-itil.php # datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php # datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php # datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php # datamodels/2.x/itop-portal-base/module.itop-portal-base.php # datamodels/2.x/itop-portal/module.itop-portal.php # datamodels/2.x/itop-problem-mgmt/module.itop-problem-mgmt.php # datamodels/2.x/itop-profiles-itil/module.itop-profiles-itil.php # datamodels/2.x/itop-request-mgmt-itil/module.itop-request-mgmt-itil.php # datamodels/2.x/itop-request-mgmt/module.itop-request-mgmt.php # datamodels/2.x/itop-service-mgmt-provider/module.itop-service-mgmt-provider.php # datamodels/2.x/itop-service-mgmt/module.itop-service-mgmt.php # datamodels/2.x/itop-sla-computation/module.itop-sla-computation.php # datamodels/2.x/itop-storage-mgmt/module.itop-storage-mgmt.php # datamodels/2.x/itop-tickets/module.itop-tickets.php # datamodels/2.x/itop-virtualization-mgmt/module.itop-virtualization-mgmt.php # datamodels/2.x/itop-welcome-itil/module.itop-welcome-itil.php # datamodels/2.x/version.xml	2020-01-20 16:10:21 +01:00
Stephen Abello	878c23892d	Update version number for 2.5.4	2020-01-20 15:59:08 +01:00
Stephen Abello	248dab9289	N°2633 - Security hardening	2020-01-20 15:46:04 +01:00
Molkobain	4f0e3430c0	Merge remote-tracking branch 'origin/support/2.5'	2020-01-08 11:58:15 +01:00
Molkobain	3347f400b8	Internal: Revert files deleted by mistake 🙈	2020-01-08 11:57:29 +01:00
Molkobain	6082308e20	Add combodo-db-tools/1.0.7 module as a default module	2020-01-08 11:40:35 +01:00
Pierre Goiffon	5fce2a2c1c	Setup : fix MySQL TLS wiki URL	2019-12-23 11:27:56 +01:00
Pierre Goiffon	03b8ed5ce4	Merge branch 'support/2.6.2'	2019-10-07 09:41:08 +02:00
Pierre Goiffon	a625733885	👷 Jenkins : fix jenkinsfile filename case	2019-09-10 14:23:36 +02:00
Stephen Abello	d7fad4b646	Merge branch 'support/2.6.2'	2019-07-25 17:07:49 +02:00
Pierre Goiffon	aadb605dec	Merge remote-tracking branch 'origin/support/2.6.0'	2019-07-22 15:58:58 +02:00
Pierre Goiffon	f63f2bd445	N°1802 backup : remove old itop_root config parameter Was renamed to itop_backup_incident in 2.6.0	2019-07-22 15:57:30 +02:00
Pierre Goiffon	fefd9aae95	N°2399 backup : throw exception and log error if cannot create archive (before error was silently ignored)	2019-07-16 17:44:56 +02:00
Pierre Goiffon	878b87b68c	N°2349 fix GroupBy dashlet on classes with ExternalField to ExternalField	2019-07-05 12:10:04 +02:00
Pierre Goiffon	14ae9f0809	Merge remote-tracking branch 'origin/support/2.5' # Conflicts: # css/css-variables.scss # datamodels/2.x/authent-external/module.authent-external.php # datamodels/2.x/authent-ldap/module.authent-ldap.php # datamodels/2.x/authent-local/module.authent-local.php # datamodels/2.x/itop-attachments/module.attachments.php # datamodels/2.x/itop-backup/module.itop-backup.php # datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php # datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php # datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php # datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php # datamodels/2.x/itop-config/module.itop-config.php # datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php # datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php # datamodels/2.x/itop-full-itil/module.itop-full-itil.php # datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php # datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php # datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php # datamodels/2.x/itop-portal-base/module.itop-portal-base.php # datamodels/2.x/itop-portal/module.itop-portal.php # datamodels/2.x/itop-problem-mgmt/module.itop-problem-mgmt.php # datamodels/2.x/itop-profiles-itil/module.itop-profiles-itil.php # datamodels/2.x/itop-request-mgmt-itil/module.itop-request-mgmt-itil.php # datamodels/2.x/itop-request-mgmt/module.itop-request-mgmt.php # datamodels/2.x/itop-service-mgmt-provider/module.itop-service-mgmt-provider.php # datamodels/2.x/itop-service-mgmt/module.itop-service-mgmt.php # datamodels/2.x/itop-sla-computation/module.itop-sla-computation.php # datamodels/2.x/itop-storage-mgmt/module.itop-storage-mgmt.php # datamodels/2.x/itop-tickets/module.itop-tickets.php # datamodels/2.x/itop-virtualization-mgmt/module.itop-virtualization-mgmt.php # datamodels/2.x/itop-welcome-itil/module.itop-welcome-itil.php # datamodels/2.x/version.xml	2019-07-02 15:09:11 +02:00
Pierre Goiffon	b3369c8b0e	Update version number for 2.5.3 beta	2019-07-02 14:54:36 +02:00
Pierre Goiffon	bc841dd239	N°1921 Process InlineImage from another iTop as external images * Notifications : do not embed InlineImage with wrong secret * HtmlSanitizer : remove data-img-* attributes if not the same iTop (using approot from Config) * move \HTMLDOMSanitizer::ProcessImage to \InlineImage::ProcessImageTag * data-img-* attributes name are now InlineImage class constants (cherry picked from commit `0aab80917a`)	2019-03-04 14:59:38 +01:00