Merge remote-tracking branch 'origin/develop' into feature/4157

# Conflicts:
#	application/ui.linkswidget.class.inc.php
#	core/dbobject.class.php

.doc/itop-version-history.md

@@ -0,0 +1,61 @@
+# iTop version history
+
+```mermaid
+%%{init: { 'logLevel': 'debug', 'theme': 'base', 'gitGraph': {'showBranches': true,'mainBranchName': 'develop','rotateCommitLabel': true}} }%%
+gitGraph
+    commit id: "2016-07-06" tag: "2.3.0"
+    branch support/2.3 order: 900
+    commit id: "2016-07-08" tag: "2.3.1"
+    commit id: "2016-12-22" tag: "2.3.3"
+    commit id: "2017-04-14" tag: "2.3.4"
+    checkout develop
+    commit id: "2017-07-12" tag: "2.4.0-beta" type: REVERSE
+    commit id: "2017-11-16" tag: "2.4.0"
+    branch support/2.4 order: 890
+    commit id: "2018-02-14" tag: "2.4.1"
+    checkout develop
+    commit id: "2018-04-25" tag: "2.5.0-beta" type: REVERSE
+    checkout support/2.4
+    commit id: "2018-06-14" tag: "2.4.2"
+    checkout develop
+    commit id: "2018-06-27" tag: "2.5.0"
+    branch support/2.5 order: 880
+    checkout develop
+    commit id: "2019-01-09" tag: "2.6.0"
+    branch support/2.6 order: 870
+    commit id: "2019-03-28" tag: "2.6.1"
+    checkout develop
+    commit id: "2019-12-18" tag: "2.7.0-beta" type: REVERSE
+    checkout support/2.5
+    commit id: "2020-01-22" tag: "2.5.4"
+    checkout support/2.6
+    commit id: "2020-01-23" tag: "2.6.3"
+    checkout develop
+    commit id: "2020-01-29" tag: "2.7.0-beta2" type: REVERSE
+    branch support/2.7 order: 860
+    commit id: "2020-04-01" tag: "2.7.0-1"
+    checkout support/2.6
+    commit id: "2020-04-22" tag: "2.6.4"
+    checkout support/2.7
+    commit id: "2020-06-26" tag: "2.7.1"
+    checkout support/2.7
+    commit id: "2020-12-09" tag: "2.7.3"
+    commit id: "2021-03-31" tag: "2.7.4"
+    checkout develop
+    commit id: "2021-04-06" tag: "3.0.0-beta" type: REVERSE
+    checkout support/2.7
+    commit id: "2021-07-05" tag: "2.7.5"
+    checkout develop
+    commit id: "2021-07-05." tag: "3.0.0-beta2" type: REVERSE
+    checkout support/2.7
+    commit id: "2021-12-17" tag: "2.7.6"
+    checkout develop
+    commit id: "2022-01-04" tag: "3.0.0"
+    branch support/3.0 order: 850
+    commit id: "2022-04-08" tag: "3.0.1"
+    checkout support/2.7
+    commit id: "2022-07-11" tag: "2.7.7"
+    checkout support/3.0
+    commit id: "2022-09-12" tag: "3.0.2-1"
+    checkout develop
+```

.editorconfig

@@ -11,7 +11,7 @@ tab_width = 4
 ij_continuation_indent_size = 8
 ij_formatter_off_tag = @formatter:off
 ij_formatter_on_tag = @formatter:on
-ij_formatter_tags_enabled = false
+ij_formatter_tags_enabled = true
 ij_smart_tabs = false
 ij_visual_guides = 300
 ij_wrap_on_typing = true
@@ -78,7 +78,7 @@ ij_editorconfig_space_before_colon = false
 ij_editorconfig_space_before_comma = false
 ij_editorconfig_spaces_around_assignment_operators = true
 
-[{*.ant, *.fxml, *.jhm, *.jnlp, *.jrxml, *.rng, *.tld, *.wsdl, *.xml, *.xsd, *.xsl, *.xslt, *.xul, phpunit.xml.dist}]
+[{*.ant,*.fxml,*.jhm,*.jnlp,*.jrxml,*.rng,*.tld,*.wsdl,*.xml,*.xsd,*.xsl,*.xslt,*.xul,phpunit.xml.dist}]
 indent_size = 2
 tab_width = 2
 ij_smart_tabs = true
@@ -280,16 +280,17 @@ ij_javascript_while_brace_force = always
 ij_javascript_while_on_new_line = false
 ij_javascript_wrap_comments = false
 
-[{*.ctp, *.hphp, *.inc, *.module, *.php, *.php4, *.php5, *.phtml}]
+[{*.ctp,*.hphp,*.inc,*.module,*.php,*.php4,*.php5,*.phtml}]
 indent_style = tab
 ij_continuation_indent_size = 4
 ij_smart_tabs = true
 ij_wrap_on_typing = false
 ij_php_align_assignments = false
-ij_php_align_class_constants = false
+ij_php_align_class_constants = true
 ij_php_align_group_field_declarations = false
 ij_php_align_inline_comments = false
 ij_php_align_key_value_pairs = true
+ij_php_align_match_arm_bodies = false
 ij_php_align_multiline_array_initializer_expression = true
 ij_php_align_multiline_binary_operation = false
 ij_php_align_multiline_chained_methods = false
@@ -298,6 +299,7 @@ ij_php_align_multiline_for = true
 ij_php_align_multiline_parameters = false
 ij_php_align_multiline_parameters_in_calls = false
 ij_php_align_multiline_ternary_operation = false
+ij_php_align_named_arguments = false
 ij_php_align_phpdoc_comments = false
 ij_php_align_phpdoc_param_names = false
 ij_php_anonymous_brace_style = end_of_line
@@ -417,6 +419,7 @@ ij_php_see_weight = 3
 ij_php_since_weight = 28
 ij_php_sort_phpdoc_elements = true
 ij_php_space_after_colon = true
+ij_php_space_after_colon_in_enum_backed_type = true
 ij_php_space_after_colon_in_named_argument = true
 ij_php_space_after_colon_in_return_type = true
 ij_php_space_after_comma = true
@@ -431,6 +434,7 @@ ij_php_space_before_catch_parentheses = true
 ij_php_space_before_class_left_brace = true
 ij_php_space_before_closure_left_parenthesis = true
 ij_php_space_before_colon = true
+ij_php_space_before_colon_in_enum_backed_type = false
 ij_php_space_before_colon_in_named_argument = false
 ij_php_space_before_colon_in_return_type = false
 ij_php_space_before_comma = false
@@ -466,6 +470,7 @@ ij_php_spaces_around_equality_operators = true
 ij_php_spaces_around_logical_operators = true
 ij_php_spaces_around_multiplicative_operators = true
 ij_php_spaces_around_null_coalesce_operator = true
+ij_php_spaces_around_pipe_in_union_type = false
 ij_php_spaces_around_relational_operators = true
 ij_php_spaces_around_shift_operators = true
 ij_php_spaces_around_unary_operator = false
@@ -540,7 +545,6 @@ ij_html_space_after_tag_name = false
 ij_html_space_around_equality_in_attribute = false
 ij_html_space_inside_empty_tag = false
 ij_html_text_wrap = normal
-ij_html_uniform_ident = false
 
 [{*.markdown,*.md}]
 ij_visual_guides = none

.gitattributes

@@ -0,0 +1,48 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+*.bash text eol=lf
+*.bat text eol=lf
+*.cmd text eol=lf
+*.css text eol=lf
+*.scss text eol=lf
+*.dist text eol=lf
+.editorconfig text eol=lf
+.env* text eol=lf
+.gitignore text eol=lf
+.htaccess text eol=lf
+*.htm text eol=lf
+*.html text eol=lf
+*.ini text eol=lf
+*.js text eol=lf
+*.json text eol=lf
+*.lock text eol=lf
+*.md text eol=lf
+*.php text eol=lf
+*.php_cs text eol=lf
+*.php8 text eol=lf
+*.plex text eol=lf
+*.sh text eol=lf
+*.svg text eol=lf
+*.ts text eol=lf
+*.twig text eol=lf
+*.txt text eol=lf
+*.xml text eol=lf
+*.xsd text eol=lf
+*.yaml text eol=lf
+*.yml text eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpeg binary
+*.jpg binary
+*.gif binary
+*.ico binary
+*.pdf binary
+*.swf binary
+*.zip binary
+*.ttf binary
+*.woff binary
+*.woff2 binary

.gitignore

@@ -45,9 +45,13 @@ test/vendor/*
 !/log/index.php
 !/log/web.config
 
+# PHPUnit cache file
+/test/.phpunit.result.cache
+
 
 # Jetbrains
 /.idea/**
+!/.idea/IntelliLang.xml
 
 # doc. generation
 /.doc/vendor

.idea/IntelliLang.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="LanguageInjectionConfiguration">
+    <injection language="InjectablePHP" injector-id="xml">
+      <display-name>iTop - Class method code</display-name>
+      <place><![CDATA[xmlTag().withLocalName(string().equalTo("code"))]]></place>
+      <xpath-condition>name(..) = 'method' and count(/itop_design) = 1</xpath-condition>
+    </injection>
+    <injection language="InjectablePHP" injector-id="xml">
+      <display-name>iTop - Snippet code</display-name>
+      <place><![CDATA[xmlTag().withLocalName(string().equalTo("snippet"))]]></place>
+      <xpath-condition>name(..) = 'snippets' and count(/itop_design) = 1</xpath-condition>
+    </injection>
+  </component>
+</project>

.make/composer/listOutdated.php

@@ -19,16 +19,23 @@
  *
  */
 
-$iTopFolder = __DIR__ . "/../../" ;
+/**
+ * Alias for `composer show -loD`
+ * You can also use `composer outdated -D`
+ *
+ * @link https://getcomposer.org/doc/03-cli.md#show
+ */
 
-require_once ("$iTopFolder/approot.inc.php");
+$iTopFolder = __DIR__."/../../";
+
+require_once("$iTopFolder/approot.inc.php");
 $sApproot = APPROOT;
 $aTrace = array();
 
 $aParamsConfig = array(
 	'composer-path' => array(
-		'default' => 'composer.phar',
-	)
+		'default' => 'composer',
+	),
 );
 $aParamsConfigNotFound = array_flip(array_keys($aParamsConfig));
 $aGivenArgs = $argv;

.make/composer/rmDeniedTestDir.php

@@ -36,22 +36,38 @@ clearstatcache();
 $oiTopComposer = new iTopComposer();
 $aDeniedButStillPresent = $oiTopComposer->ListDeniedButStillPresent();
 
+echo "\n";
 foreach ($aDeniedButStillPresent as $sDir)
 {
-	if (! preg_match('#[tT]ests?/?$#', $sDir))
+	if (false === iTopComposer::IsTestDir($sDir))
 	{
-		echo "\nfound INVALID denied test dir: '$sDir'\n";
+		echo "ERROR found INVALID denied test dir: '$sDir'\n";
 		throw new \Exception("$sDir must end with /Test/ or /test/");
 	}
 
-	try
-	{
-		SetupUtils::rrmdir($sDir);
-		echo "Remove denied test dir: '$sDir'\n";
-	}
-	catch (\Exception $e)
-	{
-		echo "\nFAILED to remove denied test dir: '$sDir'\n";
+	if (false === file_exists($sDir)) {
+		echo "INFO $sDir is in denied list, but not existing on disk => skipping !\n";
+		continue;
 	}
 
+	try {
+		SetupUtils::rrmdir($sDir);
+		echo "OK Remove denied test dir: '$sDir'\n";
+	}
+	catch (\Exception $e) {
+		echo "\nFAILED to remove denied test dir: '$sDir'\n";
+	}
+}
+
+
+$aAllowedAndDeniedDirs = array_merge(
+	$oiTopComposer->ListAllowedTestDir(),
+	$oiTopComposer->ListDeniedTestDir()
+);
+$aExistingDirs = $oiTopComposer->ListAllTestDir();
+$aMissing = array_diff($aExistingDirs, $aAllowedAndDeniedDirs);
+if (false === empty($aMissing)) {
+	echo "Some new tests dirs exists !\n"
+		.'  They must be declared either in the allowed or denied list in '.iTopComposer::class." (see N°2651).\n"
+		.'  List of dirs:'."\n".var_export($aMissing, true);
 }

.make/git-hooks/README.md

@@ -0,0 +1,13 @@
+# Git hooks for iTop
+
+## ❓ Goal
+
+Those [git hooks](https://git-scm.com/docs/githooks) aims to ease developing on [iTop](https://github.com/Combodo/iTop).
+
+## ☑ Available hooks
+
+* pre-commit : rejects commit if you have at least one SCSS file staged, and no CSS file
+
+## ⚙ Install
+
+Just run install.php !

.make/git-hooks/install.php

@@ -0,0 +1,26 @@
+<?php
+$aHooks = [
+	'pre-commit.php',
+];
+
+$sAppRoot = dirname(__DIR__, 2);
+
+
+foreach ($aHooks as $sSourceHookFileName) {
+	echo "Processing for `{$sSourceHookFileName}`...\n";
+	$sSourceHookPath = __DIR__.DIRECTORY_SEPARATOR.$sSourceHookFileName;
+
+	$aPathParts = pathinfo($sSourceHookFileName);
+	$sTargetHookPath = $sAppRoot.DIRECTORY_SEPARATOR.'.git'.DIRECTORY_SEPARATOR.'hooks'.DIRECTORY_SEPARATOR.$aPathParts['filename'];
+
+	if (file_exists($sTargetHookPath) || is_link($sTargetHookPath)) {
+		echo "Existing $sTargetHookPath ! Removing...";
+		unlink($sTargetHookPath);
+		echo "OK !\n";
+	}
+
+	echo "Creating symlink for hook in $sTargetHookPath...";
+	symlink($sSourceHookPath, $sTargetHookPath);
+	echo "OK !\n";
+}
+

.make/git-hooks/pre-commit.php

@@ -0,0 +1,49 @@
+#!/usr/bin/php
+<?php
+/**
+ * Reject any commit containing .scss files, but no .css file !
+ */
+
+echo "Checking files staged...\n";
+$sFilesToCommit = shell_exec('git diff --cached --name-only --diff-filter=ACMRT');
+$aFilesToCommit = explode("\n", $sFilesToCommit);
+
+$aScssFiles = GetFilesWithExtension('scss', $aFilesToCommit);
+if (count($aScssFiles) === 0) {
+    echo "No scss file : OK to go !\n";
+    exit(0);
+}
+
+$aCssFiles = GetFilesWithExtension('css', $aFilesToCommit);
+if (count($aCssFiles) === 0) {
+    echo "There are SCSS files staged but no CSS file : REJECTING commit.\n";
+	echo "You must add the compiled SCSS files by running the setup !\n";
+    exit(1);
+}
+
+echo "We have SCSS but also CSS => OK to commit !\n";
+exit(0);
+
+
+
+function GetFilesWithExtension($sExtension, $aFiles) {
+    return array_filter(
+        $aFiles,
+        function($item) use ($sExtension) {
+            return (endsWith($item, '.'.$sExtension));
+        }
+    );
+}
+
+function endsWith( $haystack, $needle ) {
+    $length = strlen( $needle );
+    if( !$length ) {
+        return true;
+    }
+    return substr( $haystack, -$length ) === $needle;
+}
+
+function exitWithMessage($sMessage, $iCode) {
+    echo $sMessage;
+    exit($iCode);
+}

.make/release/update-versions.php

@@ -25,8 +25,8 @@ require_once (__DIR__.DIRECTORY_SEPARATOR.'update.classes.inc.php');
 /** @var \FileVersionUpdater[] $aFilesUpdaters */
 $aFilesUpdaters = array(
 	new iTopVersionFileUpdater(),
-	new CssVariablesFileUpdater(),
 	new DatamodelsModulesFiles(),
+	new ConstantFileUpdater('ITOP_CORE_VERSION', 'approot.inc.php'),
 );
 
 if (count($argv) === 1)

.make/release/update.classes.inc.php

@@ -69,6 +69,40 @@ abstract class AbstractSingleFileVersionUpdater extends FileVersionUpdater
 	}
 }
 
+/**
+ * @since 2.7.7 3.0.1 3.1.0 N°4714
+ */
+class ConstantFileUpdater extends AbstractSingleFileVersionUpdater {
+	/** @var string */
+	private $sConstantName;
+
+	/**
+	 * @param $sConstantName constant to search, for example `ITOP_CORE_VERSION`
+	 * @param $sFileToUpdate file containing constant definition
+	 */
+	public function __construct($sConstantName, $sFileToUpdate)
+	{
+		$this->sConstantName = $sConstantName;
+		parent::__construct($sFileToUpdate);
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
+	{
+		$sConstantSearchPattern = <<<REGEXP
+/define\('{$this->sConstantName}', ?'[^']+'\);/
+REGEXP;
+
+		return preg_replace(
+			$sConstantSearchPattern,
+			"define('{$this->sConstantName}', '{$sVersionLabel}');",
+			$sFileContent
+		);
+	}
+}
+
 class iTopVersionFileUpdater extends AbstractSingleFileVersionUpdater
 {
 	public function __construct()
@@ -89,26 +123,6 @@ class iTopVersionFileUpdater extends AbstractSingleFileVersionUpdater
 	}
 }
 
-class CssVariablesFileUpdater extends AbstractSingleFileVersionUpdater
-{
-	public function __construct()
-	{
-		parent::__construct('css/css-variables.scss');
-	}
-
-	/**
-	 * @inheritDoc
-	 */
-	public function UpdateFileContent($sVersionLabel, $sFileContent, $sFileFullPath)
-	{
-		return preg_replace(
-			'/(\$version: "v)[^"]*(";)/',
-			'${1}'.$sVersionLabel.'${2}',
-			$sFileContent
-		);
-	}
-}
-
 abstract class AbstractGlobFileVersionUpdater extends FileVersionUpdater
 {
 	protected $sGlobPattern;

CONTRIBUTING.md

@@ -27,11 +27,14 @@ If you have an idea you're sure would benefit to all of iTop users, you may
 [create a corresponding ticket](https://sourceforge.net/p/itop/tickets/new/) to submit it, but be warned that there are lots of good 
 reasons to refuse such changes.
 
-### 📄 License
-iTop is distributed under the AGPL-3.0 license (see the [license.txt] file),
-your code must comply with this license.
+### 📄 License and copyright
+iTop is distributed under the AGPL-3.0 license (see the [license.txt] file).
 
-If you want to use another license, you may [create an extension][wiki new ext].
+The iTop repository is divided in three parts: iTop (mainly PHP/JS/XML sources and dictionaries), images, and third-party libraries.
+Combodo has the copyright on most of the source files in the iTop part of the repository: please do not modify the existing file copyrights.  
+Anyhow, you are encouraged to signal your contribution by the mean of `@author` annotations.
+
+If you want to use another license or keep the code ownership (copyright), you may [create an extension][wiki new ext].
 
 [license.txt]: https://github.com/Combodo/iTop/blob/develop/license.txt
 [wiki new ext]: https://www.itophub.io/wiki/page?id=latest%3Acustomization%3Astart#by_writing_your_own_extension
@@ -52,26 +55,26 @@ Here are the branches we use and their meaning :
 
 For example, if no version is currently prepared for shipping we could have:
 
-- `develop` containing future 3.0.0 version
+- `develop` containing future 3.1.0 version
+- `support/3.0`: 3.0.x maintenance version
 - `support/2.7`: 2.7.x maintenance version
 - `support/2.6`: 2.6.x maintenance version
-- `support/2.5`: 2.5.x maintenance version
 
-In this example, when 3.0.0-beta is shipped that will become:
+In this example, when 3.1.0-beta is shipped that will become:
 
-- `develop`: future 3.1.0 version
-- `release/3.0.0`: 3.0.0-beta
+- `develop`: future 3.2.0 version
+- `release/3.1.0`: 3.1.0-beta
+- `support/3.0`: 3.0.x maintenance version
 - `support/2.7`: 2.7.x maintenance version
 - `support/2.6`: 2.6.x maintenance version
-- `support/2.5`: 2.5.x maintenance version
 
-And when 3.0.0 final will be out:
+And when 3.1.0 final will be out:
 
-- `develop`: future 3.1.0 version
-- `support/3.0`: 3.0.x maintenance version (will host developments for 3.0.1)
+- `develop`: future 3.2.0 version
+- `support/3.1`: 3.1.x maintenance version (will host developments for 3.1.1)
+- `support/3.0`: 3.0.x maintenance version
 - `support/2.7`: 2.7.x maintenance version
 - `support/2.6`: 2.6.x maintenance version
-- `support/2.5`: 2.5.x maintenance version
 
 Also note that we have a "micro-version" concept : each of those versions have a very small amount of modifications. They are made from
  `support/*` branches as well. For example 2.6.2-1 and 2.6.2-2 were made from the `support/2.6.2` branch. 
@@ -111,9 +114,9 @@ Our tests are located in the `test/` directory, containing a PHPUnit config file
 * Use the present tense ("Add feature" not "Added feature")
 * Use the imperative mood ("Move cursor to..." not "Moves cursor to...")
 * Limit the first line to 72 characters or less
-* Please start the commit message with an applicable emoji code (following the [Gitmoji guide](https://gitmoji.carloscuesta.me/)).  
- Beware to use the code (for example `:bug:`) and not the character (🐛) as Unicode support in git clients is very poor for now...  
- Emoji examples :
+* Please start the commit message with an applicable emoji code (following the [Gitmoji guide](https://gitmoji.dev/)).  
+  Beware to use the code (for example `:bug:`) and not the character (🐛) as Unicode support in git clients is very poor for now...  
+  Emoji examples :
     * 🌐 `:globe_with_meridians:` for translations
     * 🎨 `:art:` when improving the format/structure of the code
     * ⚡️ `:zap:` when improving performance
@@ -133,24 +136,28 @@ When your code is working, please:
 
 * stash as much as possible your commits,
 * rebase your branch on our repo last commit,
-* create a pull request.
+* create a pull request
+* mind to check the "[Allow edits from maintainers](https://docs.github.com/en/github-ae@latest/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork)" option !
 
 Detailed procedure to work on fork and create PR is available [in GitHub help pages](https://help.github.com/articles/creating-a-pull-request-from-a-fork/).
 
-You might check the ["Allow edits from maintainers" PR checkbox][allow_edits_checkbox] to ease review.
-
-[allow_edits_checkbox]: https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork#enabling-repository-maintainer-permissions-on-existing-pull-requests
 
 ### 🙏 We are thankful
 
-We are thankful for all your contributions to the iTop universe! As a thank you gift, we will send stickers to every iTop (& extensions) contributors! 
+We are thankful for all your contributions to the iTop universe! As a thank you gift, we will send stickers to every iTop (& extensions) contributors!
 
-Stickers' design might change from one year to another. For the first year we wanted to try a "craft beer label" look, see examples below: 
+We have one sticker per contribution type. You might get multiple stickers with one contribution though :)
 
 * Bug hunter: Fix a bug
 * Translator: Add/update translations
 * White hat: Find and/or fix a vulnerability
 * Contributor: Contribute by finding a bug, making an extension or any other way
 * Partner: For Combodo's official partners
+* Graduated: Follow a Combodo's iTop training
+* Ambassador: Outstanding community contributors
+* Beta tester: Test and give feedback on beta releases
+* Extension developer: Develop and publish an extension
 
-![](documentation/contributing-guide/contributing-stickers-side-by-side.png)
+Here is the design of each stickers for year 2022:
+
+![iTop stickers 2022](.doc/contributing-guide/2022.contributing-stickers-side-by-side.png)

README.md

@@ -1,13 +1,11 @@
 <p align="center"><a href="https://www.combodo.com/itop-193" target="_blank">
-    <img src="https://www.combodo.com/logos/logo-itop.svg">
+    <img src="https://www.combodo.com/logos/logo-itop-baseline.svg" width=350>
 </a></p>
 
 
-# iTop - ITSM & CMDB
- 
-iTop stands for *IT Operations Portal*.
-It is a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. 
-iTop also offers mass import tools and web services to integrate with your IT
+iTop stands for IT Operations Portal. It is a complete open source and web based IT service management platform including a fully customizable CMDB, a helpdesk system and a document management tool. It is ITIL compliant and easily customizable and extensible thanks to a high number of adds-on and web services to integrate with your IT.
+
+iTop also offers mass import tools to help you being even more efficient.
 
 ## Features
 - Fully configurable [Configuration Management (CMDB)][10]
@@ -42,6 +40,7 @@ iTop also offers mass import tools and web services to integrate with your IT
  - [Software requirements][4]
  - [Documentation][5] covering both iTop and its official extensions
  - [iTop Hub][6] : discover and install extensions !
+ - [iTop versions history][7]
 
 
 [1]: https://sourceforge.net/p/itop/discussion/
@@ -50,6 +49,7 @@ iTop also offers mass import tools and web services to integrate with your IT
 [4]: https://www.itophub.io/wiki/page?id=latest:install:upgrading_itop
 [5]: https://www.itophub.io/wiki
 [6]: https://store.itophub.io/en_US/
+[7]: .doc/itop-version-history.md
 
 [10]: https://www.itophub.io/wiki/page?id=latest%3Adatamodel%3Astart#configuration_management_cmdb
 [11]: https://www.itophub.io/wiki/page?id=latest%3Adatamodel%3Astart#ticketing
@@ -78,18 +78,19 @@ We would like to give a special thank you 🤗 to the people from the community
 
 - Alves, David
 - Beck, Pedro
+- Beer, Christian (a.k.a [@ChristianBeer](https://www.github.com/ChristianBeer))
 - Bilger, Jean-François
-- Bostoen, Jeffrey (a.k.a @jbostoen)
+- Bostoen, Jeffrey (a.k.a [@jbostoen](https://www.github.com/jbostoen))
 - Cardoso, Anderson
 - Cassaro, Bruno
-- Casteleyn, Thomas (a.k.a @Hipska)
+- Casteleyn, Thomas (a.k.a [@Hipska](https://www.github.com/Hipska))
 - Castro, Randall Badilla
 - Colantoni, Maria Laura
 - Couronné, Guy
 - Dvořák, Lukáš
 - Goethals, Stefan
 - Gumble, David
-- Kaltefleiter, Lars (a.k.a @larhip)
+- Kaltefleiter, Lars (a.k.a [@larhip](https://www.github.com/larhip))
 - Khamit, Shamil
 - Kincel, Martin
 - Konečný, Kamil
@@ -98,10 +99,15 @@ We would like to give a special thank you 🤗 to the people from the community
 - Lazcano, Federico
 - Lucas, Jonathan
 - Malik, Remie
-- Mindêllo de Andrade, Lucas (a.k.a @rokam)
+- Mindêllo de Andrade, Lucas (a.k.a [@rokam](https://www.github.com/rokam))
+- Mozart de Oliveira, Eduardo (a.k.a [@eduardomozart](https://github.com/eduardomozart))
+- Raenker, Martin
+- Roháč, Richard (a.k.a [@RohacRichard](https://github.com/RohacRichard))
 - Rosenke, Stephan
+- Rudner, Björn (a.k.a [@rudnerbjoern](https://github.com/rudnerbjoern))
 - Seki, Shoji
 - Shilov, Vladimir
+- Stukalov, Ilya (a.k.a [@ilya](https://www.github.com/ilya)-stukalov)
 - Tulio, Marco
 - Turrubiates, Miguel
 
@@ -112,6 +118,7 @@ We would like to give a special thank you 🤗 to the people from the community
 - DudekArtur
 - Karkoff1212
 - Laura
+- nv35
 - Purple Grape
 - Schlobinux
 - theBigOne

addons/userrights/userrightsmatrix.class.inc.php

@@ -121,7 +121,6 @@ class UserRightsMatrix extends UserRightsAddOnAPI
 	public function CreateAdministrator($sAdminUser, $sAdminPwd, $sLanguage = 'EN US')
 	{
 		// Maybe we should check that no other user with userid == 0 exists
-		CMDBObject::SetTrackInfo('Initialization');
 		$oUser = new UserLocal();
 		$oUser->Set('login', $sAdminUser);
 		$oUser->Set('password', $sAdminPwd);

addons/userrights/userrightsprofile.class.inc.php

@@ -10,7 +10,7 @@ define('PORTAL_PROFILE_NAME', 'Portal user');
 class UserRightsBaseClassGUI extends cmdbAbstractObject
 {
 	// Whenever something changes, reload the privileges
-	
+
 	protected function AfterInsert()
 	{
 		UserRights::FlushPrivileges();
@@ -34,7 +34,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	{
 		$aParams = array
 		(
-			"category" => "addon/userrights,grant_by_profile",
+			"category" => "addon/userrights,grant_by_profile,filter",
 			"key_type" => "autoincrement",
 			"name_attcode" => "name",
 			"state_attcode" => "",
@@ -59,7 +59,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	}
 
 	protected static $m_aCacheProfiles = null;
-	
+
 	public static function DoCreateProfile($sName, $sDescription)
 	{
 		if (is_null(self::$m_aCacheProfiles))
@@ -71,7 +71,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				self::$m_aCacheProfiles[$oProfile->Get('name')] = $oProfile->GetKey();
 			}
-		}	
+		}
 
 		$sCacheKey = $sName;
 		if (isset(self::$m_aCacheProfiles[$sCacheKey]))
@@ -82,10 +82,10 @@ class URP_Profiles extends UserRightsBaseClassGUI
 		$oNewObj->Set('name', $sName);
 		$oNewObj->Set('description', $sDescription);
 		$iId = $oNewObj->DBInsertNoReload();
-		self::$m_aCacheProfiles[$sCacheKey] = $iId;	
+		self::$m_aCacheProfiles[$sCacheKey] = $iId;
 		return $iId;
 	}
-	
+
 	function GetGrantAsHtml($oUserRights, $sClass, $sAction)
 	{
 		$bGrant = $oUserRights->GetProfileActionGrant($this->GetKey(), $sClass, $sAction);
@@ -102,7 +102,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			return '<span style="background-color: #ffdddd;">'.Dict::S('UI:UserManagement:ActionAllowed:No').'</span>';
 		}
 	}
-	
+
 	function DoShowGrantSumary($oPage)
 	{
 		if ($this->GetRawName() == "Administrator")
@@ -114,7 +114,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 
 		// Note: for sure, we assume that the instance is derived from UserRightsProfile
 		$oUserRights = UserRights::GetModuleInstance();
-	
+
 		$aDisplayData = array();
 		foreach (MetaModel::GetClasses('bizmodel,grant_by_profile') as $sClass)
 		{
@@ -123,12 +123,12 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				$bGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if ($bGrant === true)
-				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+				{
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
-			
+
 			$aDisplayData[] = array(
 				'class' => MetaModel::GetName($sClass),
 				'read' => $this->GetGrantAsHtml($oUserRights, $sClass, 'r'),
@@ -140,7 +140,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 				'stimuli' => $sStimuli,
 			);
 		}
-	
+
 		$aDisplayConfig = array();
 		$aDisplayConfig['class'] = array('label' => Dict::S('UI:UserManagement:Class'), 'description' => Dict::S('UI:UserManagement:Class+'));
 		$aDisplayConfig['read'] = array('label' => Dict::S('UI:UserManagement:Action:Read'), 'description' => Dict::S('UI:UserManagement:Action:Read+'));
@@ -198,7 +198,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	 * @param $aReasons array To store the reasons why the attribute is read-only (info about the synchro replicas)
 	 * @param $sTargetState string The target state in which to evalutate the flags, if empty the current state will be used
 	 * @return integer Flags: the binary combination of the flags applicable to this attribute
-	 */	 	  	 	
+	 */
 	public function GetAttributeFlags($sAttCode, &$aReasons = array(), $sTargetState = '')
 	{
 		$iFlags = parent::GetAttributeFlags($sAttCode, $aReasons, $sTargetState);
@@ -219,7 +219,7 @@ class URP_UserProfile extends UserRightsBaseClassGUI
 	{
 		$aParams = array
 		(
-			"category" => "addon/userrights,grant_by_profile",
+			"category" => "addon/userrights,grant_by_profile,filter",
 			"key_type" => "autoincrement",
 			"name_attcode" => array("userlogin", "profile"),
 			"state_attcode" => "",
@@ -404,7 +404,7 @@ class URP_UserOrg extends UserRightsBaseClassGUI
 	{
 		if (!UserRights::IsLoggedIn() || UserRights::IsAdministrator()) { return; }
 
-		$oUser = UserRights::GetUserObject();		
+		$oUser = UserRights::GetUserObject();
 		$oAddon = UserRights::GetModuleInstance();
 		$aOrgs = $oAddon->GetUserOrgs($oUser, '');
 		if (count($aOrgs) > 0)
@@ -435,20 +435,18 @@ class UserRightsProfile extends UserRightsAddOnAPI
 	// Installation: create the very first user
 	public function CreateAdministrator($sAdminUser, $sAdminPwd, $sLanguage = 'EN US')
 	{
-		CMDBObject::SetTrackInfo('Initialization');
+		CMDBObject::SetCurrentChangeFromParams('Initialization create administrator');
 
 		$iContactId = 0;
 		// Support drastic data model changes: no organization class (or not writable)!
-		if (MetaModel::IsValidClass('Organization') && !MetaModel::IsAbstract('Organization'))
-		{
+		if (MetaModel::IsValidClass('Organization') && !MetaModel::IsAbstract('Organization')) {
 			$oOrg = MetaModel::NewObject('Organization');
 			$oOrg->Set('name', 'My Company/Department');
 			$oOrg->Set('code', 'SOMECODE');
 			$iOrgId = $oOrg->DBInsertNoReload();
 
 			// Support drastic data model changes: no Person class  (or not writable)!
-			if (MetaModel::IsValidClass('Person') && !MetaModel::IsAbstract('Person'))
-			{
+			if (MetaModel::IsValidClass('Person') && !MetaModel::IsAbstract('Person')) {
 				$oContact = MetaModel::NewObject('Person');
 				$oContact->Set('name', 'My last name');
 				$oContact->Set('first_name', 'My first name');
@@ -528,7 +526,7 @@ class UserRightsProfile extends UserRightsAddOnAPI
 				$oSearch->AllowAllData();
 				$oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
 				$oSearch->AddConditionExpression($oCondition);
-				
+
 				$oUserOrgSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
 				while ($oUserOrg = $oUserOrgSet->Fetch())
 				{
@@ -610,30 +608,115 @@ class UserRightsProfile extends UserRightsAddOnAPI
 	{
 		$this->LoadCache();
 
-		$aObjectPermissions = $this->GetUserActionGrant($oUser, $sClass, UR_ACTION_READ);
-		if ($aObjectPermissions['permission'] == UR_ALLOWED_NO)
+		// Let us pass an administrator for bypassing the grant matrix check in order to test this method without the need to set up a complex profile
+		// In the nominal case Administrators never end up here (since they completely bypass GetSelectFilter)
+		if (!static::IsAdministrator($oUser) && (MetaModel::HasCategory($sClass, 'silo') || MetaModel::HasCategory($sClass, 'bizmodel')))
 		{
-			return false;
+			// N°4354 - Categories 'silo' and 'bizmodel' do check the grant matrix. Whereas 'filter' always allows to read (but the result can be filtered)
+			$aObjectPermissions = $this->GetUserActionGrant($oUser, $sClass, UR_ACTION_READ);
+			if ($aObjectPermissions['permission'] == UR_ALLOWED_NO)
+			{
+				return false;
+			}
 		}
 
-		// Determine how to position the objects of this class
-		//
+		$oFilter = true;
+		$aConditions =  array();
+
+		// Determine if this class is part of a silo and build the filter for it
 		$sAttCode = self::GetOwnerOrganizationAttCode($sClass);
-		if (is_null($sAttCode))
+		if (!is_null($sAttCode))
 		{
-			// No filtering for this object
-			return true;
+			$aUserOrgs = $this->GetUserOrgs($oUser, $sClass);
+			if (count($aUserOrgs) > 0)
+			{
+				$oFilter = $this->MakeSelectFilter($sClass, $aUserOrgs, $aSettings, $sAttCode);
+			}
+			// else: No org means 'any org'
 		}
-		// Position the user
-		//
-		$aUserOrgs = $this->GetUserOrgs($oUser, $sClass);
-		if (count($aUserOrgs) == 0)
+		// else: No silo for this class
+
+		// Specific conditions to hide, for non-administrators, the Administrator Users, the Administrator Profile and related links
+		// Note: when logged as an administrator, GetSelectFilter is completely bypassed.
+		if ($this->AdministratorsAreHidden())
 		{
-			// No org means 'any org'
-			return true;
+			if ($sClass == 'URP_Profiles')
+			{
+				$oExpression = new FieldExpression('id', $sClass);
+				$oScalarExpr = new ScalarExpression(1);
+
+				$aConditions[] = new BinaryExpression($oExpression, '!=', $oScalarExpr);
+			}
+			else if (($sClass == 'URP_UserProfile') || ($sClass == 'User') || (is_subclass_of($sClass, 'User')))
+			{
+				$aAdministrators = $this->GetAdministrators();
+				if (count($aAdministrators) > 0)
+				{
+					$sAttCode = ($sClass == 'URP_UserProfile') ? 'userid' : 'id';
+					$oExpression = new FieldExpression($sAttCode, $sClass);
+					$oListExpr = ListExpression::FromScalars($aAdministrators);
+					$aConditions[] = new BinaryExpression($oExpression, 'NOT IN', $oListExpr);
+				}
+			}
 		}
 
-		return $this->MakeSelectFilter($sClass, $aUserOrgs, $aSettings, $sAttCode);
+		// Handling of the added conditions
+		if (count($aConditions) > 0)
+		{
+			if($oFilter === true)
+			{
+				// No 'silo' filter, let's build a clean one
+				$oFilter = new DBObjectSearch($sClass);
+			}
+
+			// Add the conditions to the filter
+			foreach($aConditions as $oCondition)
+			{
+				$oFilter->AddConditionExpression($oCondition);
+			}
+		}
+
+		return $oFilter;
+	}
+
+	/**
+	 * Retrieve (and memoize) the list of administrator accounts.
+	 * Note that there should always be at least one administrator account
+	 * @return number[]
+	 */
+	private function GetAdministrators()
+	{
+		static $aAdministrators = null;
+
+		if ($aAdministrators === null)
+		{
+			// Find all administrators
+			$aAdministrators = array();
+			$oAdministratorsFilter = new DBObjectSearch('User');
+			$oLnkFilter = new DBObjectSearch('URP_UserProfile');
+			$oExpression = new FieldExpression('profileid', 'URP_UserProfile');
+			$oScalarExpr = new ScalarExpression(1);
+			$oCondition = new BinaryExpression($oExpression, '=', $oScalarExpr);
+			$oLnkFilter->AddConditionExpression($oCondition);
+			$oAdministratorsFilter->AddCondition_ReferencedBy($oLnkFilter, 'userid');
+			$oAdministratorsFilter->AllowAllData(true); // Mandatory to prevent infinite recursion !!
+			$oSet = new DBObjectSet($oAdministratorsFilter);
+			$oSet->OptimizeColumnLoad(array('User' => array('login')));
+			while($oUser = $oSet->Fetch())
+			{
+				$aAdministrators[] = $oUser->GetKey();
+			}
+		}
+		return $aAdministrators;
+	}
+
+	/**
+	 * Whether or not to hide the 'Administrator' profile and the administrator accounts
+	 * @return boolean
+	 */
+	private function AdministratorsAreHidden()
+	{
+		return ((bool)MetaModel::GetConfig()->Get('security.hide_administrators'));
 	}
 
 
@@ -653,8 +736,10 @@ class UserRightsProfile extends UserRightsAddOnAPI
 		// load and cache permissions for the current user on the given class
 		//
 		$iUser = $oUser->GetKey();
-		$aTest = @$this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode];
-		if (is_array($aTest)) return $aTest;
+		if (isset($this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode])){
+			$aTest = $this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode];
+			if (is_array($aTest)) return $aTest;
+		}
 
 		$sAction = self::$m_aActionCodes[$iActionCode];
 
@@ -820,8 +905,8 @@ class UserRightsProfile extends UserRightsAddOnAPI
 
 	/**
 	 * Find out which attribute is corresponding the the dimension 'owner org'
-	 * returns null if no such attribute has been found (no filtering should occur)	 
-	 */	 	
+	 * returns null if no such attribute has been found (no filtering should occur)
+	 */
 	public static function GetOwnerOrganizationAttCode($sClass)
 	{
 		$sAttCode = null;

addons/userrights/userrightsprofile.db.class.inc.php

@@ -278,8 +278,8 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
-				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+				{
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
@@ -508,24 +508,18 @@ class UserRightsProfile extends UserRightsAddOnAPI
 	public function CreateAdministrator($sAdminUser, $sAdminPwd, $sLanguage = 'EN US')
 	{
 		// Create a change to record the history of the User object
-		/** @var \CMDBChange $oChange */
-		$oChange = MetaModel::NewObject("CMDBChange");
-		$oChange->Set("date", time());
-		$oChange->Set("userinfo", "Initialization");
+		CMDBObject::SetCurrentChangeFromParams('Initialization : create first user admin profile');
 
 		$iContactId = 0;
 		// Support drastic data model changes: no organization class (or not writable)!
-		if (MetaModel::IsValidClass('Organization') && !MetaModel::IsAbstract('Organization'))
-		{
+		if (MetaModel::IsValidClass('Organization') && !MetaModel::IsAbstract('Organization')) {
 			$oOrg = MetaModel::NewObject('Organization');
 			$oOrg->Set('name', 'My Company/Department');
 			$oOrg->Set('code', 'SOMECODE');
-			$oOrg::SetCurrentChange($oChange);
 			$iOrgId = $oOrg->DBInsertNoReload();
 
 			// Support drastic data model changes: no Person class  (or not writable)!
-			if (MetaModel::IsValidClass('Person') && !MetaModel::IsAbstract('Person'))
-			{
+			if (MetaModel::IsValidClass('Person') && !MetaModel::IsAbstract('Person')) {
 				$oContact = MetaModel::NewObject('Person');
 				$oContact->Set('name', 'My last name');
 				$oContact->Set('first_name', 'My first name');
@@ -534,7 +528,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
 					$oContact->Set('org_id', $iOrgId);
 				}
 				$oContact->Set('email', 'my.email@foo.org');
-				$oContact::SetCurrentChange($oChange);
 				$iContactId = $oContact->DBInsertNoReload();
 			}
 		}
@@ -543,24 +536,22 @@ class UserRightsProfile extends UserRightsAddOnAPI
 		$oUser = new UserLocal();
 		$oUser->Set('login', $sAdminUser);
 		$oUser->Set('password', $sAdminPwd);
-		if (MetaModel::IsValidAttCode('UserLocal', 'contactid') && ($iContactId != 0))
-		{
+		if (MetaModel::IsValidAttCode('UserLocal', 'contactid') && ($iContactId != 0)) {
 			$oUser->Set('contactid', $iContactId);
 		}
 		$oUser->Set('language', $sLanguage); // Language was chosen during the installation
 
 		// Add this user to the very specific 'admin' profile
 		$oAdminProfile = MetaModel::GetObjectFromOQL("SELECT URP_Profiles WHERE name = :name", array('name' => ADMIN_PROFILE_NAME), true /*all data*/);
-		if (is_object($oAdminProfile))
-		{
+		if (is_object($oAdminProfile)) {
 			$oUserProfile = new URP_UserProfile();
 			$oUserProfile->Set('profileid', $oAdminProfile->GetKey());
 			$oUserProfile->Set('reason', 'By definition, the administrator must have the administrator profile');
 			$oSet = DBObjectSet::FromObject($oUserProfile);
 			$oUser->Set('profile_list', $oSet);
 		}
-		$oUser::SetCurrentChange($oChange);
-		$iUserId = $oUser->DBInsertNoReload();
+		$oUser->DBInsertNoReload();
+
 		return true;
 	}
 

addons/userrights/userrightsprojection.class.inc.php

@@ -110,8 +110,8 @@ class URP_Profiles extends UserRightsBaseClass
 			{
 				$oGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if (is_object($oGrant) && ($oGrant->Get('permission') == 'yes'))
-				{ 
-					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
+				{
+					$aStimuli[] = '<span title="'.$sStimulusCode.': '.utils::EscapeHtml($oStimulus->GetDescription()).'">'.utils::EscapeHtml($oStimulus->GetLabel()).'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
@@ -568,14 +568,11 @@ class UserRightsProjection extends UserRightsAddOnAPI
 	public function CreateAdministrator($sAdminUser, $sAdminPwd, $sLanguage = 'EN US')
 	{
 		// Create a change to record the history of the User object
-		$oChange = MetaModel::NewObject("CMDBChange");
-		$oChange->Set("date", time());
-		$oChange->Set("userinfo", "Initialization");
+		CMDBObject::SetCurrentChangeFromParams('Initialization : create first user admin');
 
 		$oOrg = new Organization();
 		$oOrg->Set('name', 'My Company/Department');
 		$oOrg->Set('code', 'SOMECODE');
-		$oOrg::SetCurrentChange($oChange);
 		$iOrgId = $oOrg->DBInsertNoReload();
 
 		$oContact = new Person();
@@ -584,7 +581,6 @@ class UserRightsProjection extends UserRightsAddOnAPI
 		//$oContact->Set('status', 'available');
 		$oContact->Set('org_id', $iOrgId);
 		$oContact->Set('email', 'my.email@foo.org');
-		$oContact::SetCurrentChange($oChange);
 		$iContactId = $oContact->DBInsertNoReload();
 		
 		$oUser = new UserLocal();
@@ -592,7 +588,6 @@ class UserRightsProjection extends UserRightsAddOnAPI
 		$oUser->Set('password', $sAdminPwd);
 		$oUser->Set('contactid', $iContactId);
 		$oUser->Set('language', $sLanguage); // Language was chosen during the installation
-		$oUser::SetCurrentChange($oChange);
 		$iUserId = $oUser->DBInsertNoReload();
 		
 		// Add this user to the very specific 'admin' profile
@@ -600,7 +595,6 @@ class UserRightsProjection extends UserRightsAddOnAPI
 		$oUserProfile->Set('userid', $iUserId);
 		$oUserProfile->Set('profileid', ADMIN_PROFILE_ID);
 		$oUserProfile->Set('reason', 'By definition, the administrator must have the administrator profile');
-		$oUserProfile::SetCurrentChange($oChange);
 		$oUserProfile->DBInsertNoReload();
 		return true;
 	}

application/ajaxwebpage.class.inc.php

@@ -1,20 +1,24 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/AjaxPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/AjaxPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-// cannot notify depreciation for now as this is still MASSIVELY used in iTop core !
-//DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/AjaxPage.php, now loadable using autoloader');
+// cannot notify depreciation for now as this is still load in autoloader
+//DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/AjaxPage.php, now loadable using autoloader');
 
 /**
  * Class ajax_page
  *
- * @deprecated will be removed in 3.1.0 - moved to AjaxPage
+ * @deprecated 3.0.0 will be removed in 3.1.0 - moved to AjaxPage
  */
 class ajax_page extends AjaxPage
 {
-
+	function __construct($s_title)
+	{
+		DeprecatedCallsLog::NotifyDeprecatedPhpMethod('ajax_page is deprecated. Please use AjaxPage instead');
+		parent::__construct($s_title);
+	}
 }
 

application/applicationcontext.class.inc.php

@@ -24,6 +24,7 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\Session;
 use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlock;
 use Combodo\iTop\Application\UI\Base\UIBlock;
@@ -223,10 +224,24 @@ class ApplicationContext
 	{
 		$sContext = "";
 		foreach ($this->aValues as $sName => $sValue) {
-			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"".htmlentities($sValue, ENT_QUOTES, 'UTF-8')."\" />\n";
+			$sContext .= "<input type=\"hidden\" name=\"c[$sName]\" value=\"".utils::EscapeHtml($sValue)."\" />\n";
 		}
 		return $sContext;
 	}
+	/**
+	 * Returns the context an array of input blocks
+	 *
+	 * @return array The context as a sequence of <input type="hidden" /> tags
+	 * @since 3.0.0
+	 */
+	public function GetForUIForm()
+	{
+		$aContextInputBlocks = [];
+		foreach ($this->aValues as $sName => $sValue) {
+			$aContextInputBlocks[] = InputUIBlockFactory::MakeForHidden("c[$sName]", utils::EscapeHtml($sValue));
+		}
+		return $aContextInputBlocks;
+	}
 
 	/**
 	 * Returns the context as sequence of input tags to be inserted inside a <form> tag
@@ -321,7 +336,7 @@ class ApplicationContext
 		$sPrevious = self::GetUrlMakerClass();
 
 		self::$m_sUrlMakerClass = $sClass;
-		$_SESSION['UrlMakerClass'] = $sClass;
+		Session::Set('UrlMakerClass', $sClass);
 
 		return $sPrevious;
 	}
@@ -334,9 +349,9 @@ class ApplicationContext
 	{
 		if (is_null(self::$m_sUrlMakerClass))
 		{
-			if (isset($_SESSION['UrlMakerClass']))
+			if (Session::IsSet('UrlMakerClass'))
 			{
-				self::$m_sUrlMakerClass = $_SESSION['UrlMakerClass'];
+				self::$m_sUrlMakerClass = Session::Get('UrlMakerClass');
 			}
 			else
 			{
@@ -389,9 +404,9 @@ class ApplicationContext
 	 */
 	protected static function LoadPluginProperties()
 	{
-		if (isset($_SESSION['PluginProperties']))
+		if (Session::IsSet('PluginProperties'))
 		{
-			self::$m_aPluginProperties = $_SESSION['PluginProperties'];
+			self::$m_aPluginProperties = Session::Get('PluginProperties');
 		}
 		else
 		{
@@ -411,7 +426,7 @@ class ApplicationContext
 		if (is_null(self::$m_aPluginProperties)) self::LoadPluginProperties();
 
 		self::$m_aPluginProperties[$sPluginClass][$sProperty] = $value;
-		$_SESSION['PluginProperties'][$sPluginClass][$sProperty] = $value;
+		Session::Set(['PluginProperties', $sPluginClass, $sProperty], $value);
 	}
 
 	/**

application/applicationextension.inc.php

@@ -299,6 +299,7 @@ abstract class AbstractPreferencesExtension implements iPreferencesExtension
  *
  * @api
  * @package     Extensibility
+ * @deprecated
  */
 interface iApplicationUIExtension
 {
@@ -441,6 +442,7 @@ interface iApplicationUIExtension
  * @api
  * @package     Extensibility
  * @since       2.7.0
+ * @deprecated
  */
 abstract class AbstractApplicationUIExtension implements iApplicationUIExtension
 {
@@ -909,6 +911,8 @@ abstract class ApplicationPopupMenuItem
 /**
  * Class for adding an item into a popup menu that browses to the given URL
  *
+ * Note: This works only in the backoffice, {@see \URLButtonItem} for the end-user portal
+ *
  * @api
  * @package     Extensibility
  * @since 2.0
@@ -963,6 +967,8 @@ class URLPopupMenuItem extends ApplicationPopupMenuItem
 /**
  * Class for adding an item into a popup menu that triggers some Javascript code
  *
+ * Note: This works only in the backoffice, {@see \JSButtonItem} for the end-user portal
+ *
  * @api
  * @package     Extensibility
  * @since 2.0
@@ -1097,7 +1103,9 @@ class JSButtonItem extends JSPopupMenuItem
  * @api
  * @package     Extensibility
  * @since 2.0
- * @deprecated since 3.0.0 use iPageUIBlockExtension instead
+ * @deprecated 3.0.0 If you need to include:
+ *   * JS/CSS files/snippets, use {@see \iBackofficeLinkedScriptsExtension}, {@see \iBackofficeLinkedStylesheetsExtension}, etc instead
+ *   * HTML (and optionally JS/CSS), use {@see \iPageUIBlockExtension} to manipulate {@see \Combodo\iTop\Application\UI\Base\UIBlock} instead
  */
 interface iPageUIExtension
 {
@@ -1178,7 +1186,7 @@ interface iPageUIBlockExtension
  * @api
  * @package     Extensibility
  * @since       2.7.0
- * @deprecated since 3.0.0 use AbstractPageUIBlockExtension instead
+ * @deprecated 3.0.0 use AbstractPageUIBlockExtension instead
  */
 abstract class AbstractPageUIExtension implements iPageUIExtension
 {
@@ -1249,13 +1257,158 @@ abstract class AbstractPageUIBlockExtension implements iPageUIBlockExtension
 }
 
 /**
- * Implement this interface to add content to any enhanced portal page
+ * Implement this interface to add script (JS) files to the backoffice pages
  *
- * IMPORTANT! Experimental API, may be removed at anytime, we don't recommend to use it just now!
+ * @see \iTopWebPage::$a_linked_scripts
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeLinkedScriptsExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_linked_scripts Each script will be included using this property
+	 * @return array An array of absolute URLs to the files to include
+	 */
+	public function GetLinkedScriptsAbsUrls(): array;
+}
+
+/**
+ * Implement this interface to add inline script (JS) to the backoffice pages' head.
+ * Will be executed first, BEFORE the DOM interpretation.
+ *
+ * @see \iTopWebPage::$a_early_scripts
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeEarlyScriptExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_early_scripts
+	 * @return string
+	 */
+	public function GetEarlyScript(): string;
+}
+
+/**
+ * Implement this interface to add inline script (JS) to the backoffice pages that will be executed immediately, without waiting for the DOM to be ready.
+ *
+ * @see \iTopWebPage::$a_scripts
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeScriptExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_scripts
+	 * @return string
+	 */
+	public function GetScript(): string;
+}
+
+/**
+ * Implement this interface to add inline script (JS) to the backoffice pages that will be executed right when the DOM is ready.
+ *
+ * @see \iTopWebPage::$a_init_scripts
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeInitScriptExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_init_scripts
+	 * @return string
+	 */
+	public function GetInitScript(): string;
+}
+
+/**
+ * Implement this interface to add inline script (JS) to the backoffice pages that will be executed slightly AFTER the DOM is ready (just after the init. scripts).
+ *
+ * @see \iTopWebPage::$a_ready_scripts
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeReadyScriptExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_ready_scripts
+	 * @return string
+	 */
+	public function GetReadyScript(): string;
+}
+
+/**
+ * Implement this interface to add stylesheets (CSS) to the backoffice pages
+ *
+ * @see \iTopWebPage::$a_linked_stylesheets
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeLinkedStylesheetsExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_linked_stylesheets
+	 * @return array An array of absolute URLs to the files to include
+	 */
+	public function GetLinkedStylesheetsAbsUrls(): array;
+}
+
+/**
+ * Implement this interface to add inline style (CSS) to the backoffice pages' head.
+ *
+ * @see \iTopWebPage::$a_styles
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeStyleExtension
+{
+	/**
+	 * @see \iTopWebPage::$a_styles
+	 * @return string
+	 */
+	public function GetStyle(): string;
+}
+
+/**
+ * Implement this interface to add Dict entries
+ *
+ * @see \iTopWebPage::$a_dict_entries
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeDictEntriesExtension
+{
+	/**
+	 * @see \iTopWebPage::a_dict_entries
+	 * @return array
+	 */
+	public function GetDictEntries(): array;
+}
+
+/**
+ * Implement this interface to add Dict entries prefixes
+ *
+ * @see \iTopWebPage::$a_dict_entries_prefixes
+ * @api
+ * @since 3.0.0
+ */
+interface iBackofficeDictEntriesPrefixesExtension
+{
+	/**
+	 * @see \iTopWebPage::a_dict_entries_prefixes
+	 * @return array
+	 */
+	public function GetDictEntriesPrefixes(): array;
+}
+
+/**
+ * Implement this interface to add content to any enhanced portal page
  *
  * @api
  * @package     Extensibility
- * @since 2.4.0
+ *
+ * @since 2.4.0 interface creation
+ * @since 2.7.0 change method signatures due to Silex to Symfony migration
  */
 interface iPortalUIExtension
 {
@@ -1328,7 +1481,11 @@ interface iPortalUIExtension
 }
 
 /**
- * IMPORTANT! Experimental API, may be removed at anytime, we don't recommend to use it just now!
+ * Extend this class instead of iPortalUIExtension if you don't need to overload all methods
+ *
+ * @api
+ * @package     Extensibility
+ * @since       2.4.0
  */
 abstract class AbstractPortalUIExtension implements iPortalUIExtension
 {
@@ -1937,4 +2094,4 @@ class RestUtils
 interface iModuleExtension
 {
 	public function __construct();
-}
+}

application/capturewebpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/CaptureWebPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/CaptureWebPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/CaptureWebPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/CaptureWebPage.php, now loadable using autoloader');

application/clipage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/CLIPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/CLIPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/CLIPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/CLIPage.php, now loadable using autoloader');

application/csvpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/CSVPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/CSVPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/CSVPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/CSVPage.php, now loadable using autoloader');

application/dashboard.class.inc.php

@@ -543,7 +543,7 @@ EOF
 
 		if ($bFromDasboardPage) {
 			$sTitleForHTML = utils::HtmlEntities(Dict::S($this->sTitle));
-			$sHtml = "<div class=\"ibo-top-bar--toolbar-dashboard-title\">{$sTitleForHTML}</div>";
+			$sHtml = "<div class=\"ibo-top-bar--toolbar-dashboard-title\" title=\"{$sTitleForHTML}\">{$sTitleForHTML}</div>";
 			if ($oPage instanceof iTopWebPage) {
 				$oTopBar = $oPage->GetTopBarLayout();
 				$oToolbar = ToolbarUIBlockFactory::MakeStandard();
@@ -552,7 +552,7 @@ EOF
 				$oToolbar->AddHtml($sHtml);
 			} else {
 				$oPage->add_script(<<<JS
-$(".ibo-top-bar--toolbar-dashboard-title").html("$sTitleForHTML");
+$(".ibo-top-bar--toolbar-dashboard-title").html("$sTitleForHTML").attr("title",  $('<div>').html("$sTitleForHTML").text());
 JS
 				);
 			}
@@ -583,7 +583,7 @@ JS
 		$oPage->add('<div id="select_dashlet" class="ibo-dashboard--available-dashlets--list" data-role="ibo-dashboard--available-dashlets--list">');
 		$aAvailableDashlets = $this->GetAvailableDashlets();
 		foreach ($aAvailableDashlets as $sDashletClass => $aInfo) {
-			$oPage->add('<span dashlet_class="'.$sDashletClass.'" class="ibo-dashboard-editor--available-dashlet-icon dashlet_icon ui-widget-content ui-corner-all" data-role="ibo-dashboard-editor--available-dashlet-icon" id="dashlet_'.$sDashletClass.'" title="'.$aInfo['label'].'"><img src="'.$sUrl.$aInfo['icon'].'" /></span>');
+			$oPage->add('<span dashlet_class="'.$sDashletClass.'" class="ibo-dashboard-editor--available-dashlet-icon dashlet_icon ui-widget-content ui-corner-all" data-role="ibo-dashboard-editor--available-dashlet-icon" id="dashlet_'.$sDashletClass.'" data-tooltip-content="'.$aInfo['label'].'"  title="'.$aInfo['label'].'"><img src="'.$sUrl.$aInfo['icon'].'" /></span>');
 		}
 		$oPage->add('</div>');
 
@@ -789,6 +789,7 @@ class RuntimeDashboard extends Dashboard
 
 	/**
 	 * @inheritDoc
+	 * @return bool $bIsNew
 	 * @throws \Exception
 	 */
 	public function Save()
@@ -798,6 +799,7 @@ class RuntimeDashboard extends Dashboard
 		$oUDSearch->AddCondition('user_id', UserRights::GetUserId(), '=');
 		$oUDSearch->AddCondition('menu_code', $this->sId, '=');
 		$oUDSet = new DBObjectSet($oUDSearch);
+		$bIsNew = false;
 		if ($oUDSet->Count() > 0)
 		{
 			// Assuming there is at most one couple {user, menu}!
@@ -811,10 +813,12 @@ class RuntimeDashboard extends Dashboard
 			$oUserDashboard->Set('user_id', UserRights::GetUserId());
 			$oUserDashboard->Set('menu_code', $this->sId);
 			$oUserDashboard->Set('contents', $sXml);
+			$bIsNew = true;
 		}
 		utils::PushArchiveMode(false);
 		$oUserDashboard->DBWrite();
 		utils::PopArchiveMode();
+		return $bIsNew;
 	}
 
 	/**
@@ -860,28 +864,29 @@ class RuntimeDashboard extends Dashboard
 	{
 		$bCustomized = false;
 
-		if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false))
-		{
+		$sDashboardFileSanitized = utils::RealPath($sDashboardFile, APPROOT);
+		if (false === $sDashboardFileSanitized) {
+			throw new SecurityException('Invalid dashboard file !');
+		}
+
+		if (!appUserPreferences::GetPref('display_original_dashboard_'.$sDashBoardId, false)) {
 			// Search for an eventual user defined dashboard
 			$oUDSearch = new DBObjectSearch('UserDashboard');
 			$oUDSearch->AddCondition('user_id', UserRights::GetUserId(), '=');
 			$oUDSearch->AddCondition('menu_code', $sDashBoardId, '=');
 			$oUDSet = new DBObjectSet($oUDSearch);
-			if ($oUDSet->Count() > 0)
-			{
+			if ($oUDSet->Count() > 0) {
 				// Assuming there is at most one couple {user, menu}!
 				$oUserDashboard = $oUDSet->Fetch();
 				$sDashboardDefinition = $oUserDashboard->Get('contents');
 				$bCustomized = true;
-			}
-			else
-			{
-				$sDashboardDefinition = @file_get_contents($sDashboardFile);
+			} else {
+				$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
 			}
 		}
 		else
 		{
-			$sDashboardDefinition = @file_get_contents($sDashboardFile);
+			$sDashboardDefinition = @file_get_contents($sDashboardFileSanitized);
 		}
 
 		if ($sDashboardDefinition !== false)
@@ -889,7 +894,7 @@ class RuntimeDashboard extends Dashboard
 			$oDashboard = new RuntimeDashboard($sDashBoardId);
 			$oDashboard->FromXml($sDashboardDefinition);
 			$oDashboard->SetCustomFlag($bCustomized);
-			$oDashboard->SetDefinitionFile($sDashboardFile);
+			$oDashboard->SetDefinitionFile($sDashboardFileSanitized);
 		} else {
 			$oDashboard = null;
 		}
@@ -1065,11 +1070,11 @@ EOF
 					 dashboard.html(data);
 					 dashboard.unblock();
 					 if ($('#ibo-dashboard-selector$sDivId input').prop("checked")) {
-					 	$('#ibo-dashboard-selector$sDivId').data('tooltip-content', '$sSwitchToStandard');
+					 	$('#ibo-dashboard-selector$sDivId').attr('data-tooltip-content', '$sSwitchToStandard');
 					 } else {
-					    $('#ibo-dashboard-selector$sDivId').data('tooltip-content', '$sSwitchToCustom');
+					    $('#ibo-dashboard-selector$sDivId').attr('data-tooltip-content', '$sSwitchToCustom');
 					 }
-					 CombodoTooltip.InitAllNonInstantiatedTooltips($('#ibo-dashboard-selector$sDivId').parent());
+					 CombodoTooltip.InitAllNonInstantiatedTooltips($('#ibo-dashboard-selector$sDivId').parent(), true);
 					}
 				 );
 			}

application/dashlet.class.inc.php

@@ -16,6 +16,7 @@
 //   You should have received a copy of the GNU Affero General Public License
 //   along with iTop. If not, see <http://www.gnu.org/licenses/>
 
+use Combodo\iTop\Application\Helper\WebResourcesHelper;
 use Combodo\iTop\Application\UI\Base\Component\Dashlet\DashletContainer;
 use Combodo\iTop\Application\UI\Base\Component\Dashlet\DashletFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
@@ -202,6 +203,24 @@ abstract class Dashlet
 		$this->OnUpdate();
 	}
 
+	/**
+	 * @return array Rel. path to the app. root of the JS files required by the dashlet
+	 * @since 3.0.0
+	 */
+	public function GetJSFilesRelPaths(): array
+	{
+		return [];
+	}
+
+	/**
+	 * @return array Rel. path to the app. root of the CSS files required by the dashlet
+	 * @since 3.0.0
+	 */
+	public function GetCSSFilesRelPaths(): array
+	{
+		return [];
+	}
+
 	/**
 	 * @param \WebPage $oPage
 	 * @param bool $bEditMode
@@ -224,6 +243,9 @@ abstract class Dashlet
 			$oDashletContainer->AddCSSClasses($this->aCSSClasses);
 		}
 
+		$oDashletContainer->AddMultipleJsFilesRelPaths($this->GetJSFilesRelPaths());
+		$oDashletContainer->AddMultipleCssFilesRelPaths($this->GetCSSFilesRelPaths());
+
 		try {
 			if (get_class($this->oModelReflection) == 'ModelReflectionRuntime') {
 				$oBlock = $this->Render($oPage, $bEditMode, $aExtraParams);
@@ -240,7 +262,7 @@ abstract class Dashlet
 			}
 		} catch (OqlException $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
-			$oDashletContainer->AddHtml('<p>'.$e->GetUserFriendlyDescription().'</p>');
+			$oDashletContainer->AddHtml('<p>'.utils::HtmlEntities($e->GetUserFriendlyDescription()).'</p>');
 		} catch (Exception $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
 			$oDashletContainer->AddHtml('<p>'.$e->getMessage().'</p>');
@@ -604,8 +626,7 @@ class DashletUnknown extends Dashlet
 
 		$oDashletContainer = new DashletContainer(null, ['dashlet-content']);
 
-		$oDashletContainer->AddHtml('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
-		$oDashletContainer->AddHtml('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');
+		$oDashletContainer->AddHtml('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div><div class="dashlet-ukn-text">'.$sExplainText.'</div>');
 
 		return $oDashletContainer;
 	}
@@ -624,8 +645,7 @@ class DashletUnknown extends Dashlet
 
 		$oDashletContainer = new DashletContainer(null, ['dashlet-content']);
 
-		$oDashletContainer->AddHtml('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div>');
-		$oDashletContainer->AddHtml('<div class="dashlet-ukn-text">'.$sExplainText.'</div>');
+		$oDashletContainer->AddHtml('<div class="dashlet-ukn-image"><img src="'.$sIconUrl.'" /></div><div class="dashlet-ukn-text">'.$sExplainText.'</div>');
 
 		return $oDashletContainer;
 	}
@@ -988,7 +1008,8 @@ HTML;
 
 		$oField = new DesignerLongTextField('query', Dict::S('UI:DashletObjectList:Prop-Query'), $this->aProperties['query']);
 		$oField->SetMandatory();
-		$oField->AddCSSClass("ibo-queryoql");
+		$oField->AddCSSClass("ibo-query-oql");
+		$oField->AddCSSClass("ibo-is-code");
 		$oForm->AddField($oField);
 
 		$oField = new DesignerBooleanField('menu', Dict::S('UI:DashletObjectList:Prop-Menu'), $this->aProperties['menu']);
@@ -1025,7 +1046,8 @@ HTML;
 
 		$oField = new DesignerHiddenField('query', Dict::S('UI:DashletObjectList:Prop-Query'), $sOQL);
 		$oField->SetMandatory();
-		$oField->AddCSSClass("ibo-queryoql");
+		$oField->AddCSSClass("ibo-query-oql");
+		$oField->AddCSSClass("ibo-is-code");
 		$oForm->AddField($oField);
 
 		$oField = new DesignerBooleanField('menu', Dict::S('UI:DashletObjectList:Prop-Menu'), $this->aProperties['menu']);
@@ -1375,7 +1397,8 @@ abstract class DashletGroupBy extends Dashlet
 
 		$oField = new DesignerLongTextField('query', Dict::S('UI:DashletGroupBy:Prop-Query'), $this->aProperties['query']);
 		$oField->SetMandatory();
-		$oField->AddCSSClass("ibo-queryoql");
+		$oField->AddCSSClass("ibo-query-oql");
+		$oField->AddCSSClass("ibo-is-code");
 		$oForm->AddField($oField);
 
 		try {
@@ -1632,7 +1655,8 @@ abstract class DashletGroupBy extends Dashlet
 
 		$oField = new DesignerHiddenField('query', Dict::S('UI:DashletGroupBy:Prop-Query'), $sOQL);
 		$oField->SetMandatory();
-		$oField->AddCSSClass("ibo-queryoql");
+		$oField->AddCSSClass("ibo-query-oql");
+		$oField->AddCSSClass("ibo-is-code");
 		$oForm->AddField($oField);
 
 		if (!is_null($sOQL)) {
@@ -1676,6 +1700,28 @@ class DashletGroupByPie extends DashletGroupBy
 		);
 	}
 
+	/**
+	 * @inheritDoc
+	 */
+	public function GetJSFilesRelPaths(): array
+	{
+		return array_merge(
+			parent::GetJSFilesRelPaths(),
+			WebResourcesHelper::GetJSFilesRelPathsForC3JS()
+		);
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetCSSFilesRelPaths(): array
+	{
+		return array_merge(
+			parent::GetCSSFilesRelPaths(),
+			WebResourcesHelper::GetCSSFilesRelPathsForC3JS()
+		);
+	}
+
 	/**
 	 * @inheritdoc
 	 */
@@ -2183,7 +2229,8 @@ class DashletHeaderDynamic extends Dashlet
 
 		$oField = new DesignerLongTextField('query', Dict::S('UI:DashletHeaderDynamic:Prop-Query'), $this->aProperties['query']);
 		$oField->SetMandatory();
-		$oField->AddCSSClass("ibo-queryoql");
+		$oField->AddCSSClass("ibo-query-oql");
+		$oField->AddCSSClass("ibo-is-code");
 		$oForm->AddField($oField);
 
 		try

application/datamodel.application.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0">
+<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.1">
   <classes>
     <class id="AbstractResource" _delta="define">
       <parent>cmdbAbstractObject</parent>
@@ -185,6 +185,384 @@
 	    </style>
     </menu>
   </menus>
+  <events>
+    <event id="EVENT_SERVICE_DB_INSERT_REQUESTED" _delta="define">
+      <description>An object insert in the database has been requested. All changes to the object will be persisted automatically.</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::OnInsert</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object inserted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_ABOUT_TO_INSERT" _delta="define">
+      <description>An object is about to be inserted in the database (no change possible)</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::OnInsert</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object inserted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_INSERT_DONE" _delta="define">
+      <description>An object has been inserted into the database (but not reloaded). All changes to the object will be persisted automatically.</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::AfterInsert</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object inserted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_UPDATE_REQUESTED" _delta="define">
+      <description>An object update has been requested. All changes to the object will be persisted automatically.</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::OnUpdate, DBObject::DoComputeValues</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object updated</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_ABOUT_TO_UPDATE" _delta="define">
+      <description>An object is about to be updated in the database (no change possible)</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::OnUpdate</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object updated</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_UPDATE_DONE" _delta="define">
+      <description>An object has been updated into the database and reloaded. All changes to the object will be persisted automatically.</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::AfterUpdate</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object updated</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_ABOUT_TO_DELETE" _delta="define">
+      <description>An object is about to be deleted in the database</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::OnDelete</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object deleted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_DELETE_DONE" _delta="define">
+      <description>An object has been deleted into the database</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::AfterDelete</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object deleted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_BEFORE_APPLY_STIMULUS" _delta="define">
+      <description>A stimulus is about to be applied to an object</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object where the stimulus is targeted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="stimulus">
+          <description>Current stimulus applied</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="previous_state">
+          <description>Object previous state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="new_state">
+          <description>Object new state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="save_object">
+          <description>The object must be saved in the database</description>
+          <type>boolean</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_AFTER_APPLY_STIMULUS" _delta="define">
+      <description>A stimulus has been applied to an object</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object where the stimulus is targeted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="stimulus">
+          <description>Current stimulus applied</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="previous_state">
+          <description>Object previous state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="new_state">
+          <description>Object new state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="save_object">
+          <description>The object is asked to be saved in the database</description>
+          <type>boolean</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_APPLY_STIMULUS_FAILED" _delta="define">
+      <description>A stimulus has failed</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="action">
+          <description>The action that failed to apply the stimulus</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="object">
+          <description>The object where the stimulus is targeted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="stimulus">
+          <description>Current stimulus applied</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="previous_state">
+          <description>Object previous state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="new_state">
+          <description>Object new state</description>
+          <type>string</type>
+        </event_datum>
+        <event_datum id="save_object">
+          <description>The object must be saved in the database</description>
+          <type>boolean</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_OBJECT_RELOAD" _delta="define">
+      <description>An object has been re-loaded from the database</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object re-loaded</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_COMPUTE_VALUES" _delta="define">
+      <description>An object needs to be recomputed after changes</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>DBObject::ComputeValues</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object inserted</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_CHECK_TO_WRITE" _delta="define">
+      <description>Check an object before it is written into the database (no change possible)</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>cmdbAbstractObject::DoCheckToWrite</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object to check</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="error_messages">
+          <description>Array of strings where all the errors found during the object checking are added</description>
+          <type>array</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_CHECK_TO_DELETE" _delta="define">
+      <description>Check an object before it is deleted from the database (no change possible)</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <replaces>cmdbAbstractObject::DoCheckToDelete</replaces>
+      <event_data>
+        <event_datum id="object">
+          <description>The object to check</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="error_messages">
+          <description>Array of strings where all the errors found during the object checking are added</description>
+          <type>array</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_ARCHIVE" _delta="define">
+      <description>An object has been archived</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object archived</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DB_UNARCHIVE" _delta="define">
+      <description>An object has been unarchived</description>
+      <sources>
+        <source id="cmdbAbstractObject">cmdbAbstractObject</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object unarchived</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_DOWNLOAD_DOCUMENT" _delta="define">
+      <description>A document has been downloaded from the GUI</description>
+      <sources>
+        <source id="Document">Document</source>
+      </sources>
+      <event_data>
+        <event_datum id="object">
+          <description>The object containing the document</description>
+          <type>DBObject</type>
+        </event_datum>
+        <event_datum id="document">
+          <description>The document downloaded</description>
+          <type>ormDocument</type>
+        </event_datum>
+        <event_datum id="debug_info">
+          <description>Debug string</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+    <event id="EVENT_SERVICE_LOGIN" _delta="define">
+      <description>Inform the listeners about the connection states</description>
+      <event_data>
+        <event_datum id="code">
+          <description>The login step result code (LoginWebPage::EXIT_CODE_...) </description>
+          <type>integer</type>
+        </event_datum>
+        <event_datum id="state">
+          <description>Current login state (LoginWebPage::LOGIN_STATE_CONNECTED...)</description>
+          <type>string</type>
+        </event_datum>
+      </event_data>
+    </event>
+  </events>
   <meta>
     <classes>
       <class id="cmdbAbstractObject" _delta="define">
@@ -258,6 +636,66 @@
               </argument>
             </arguments>
           </method>
+          <method id="SetComputedDate">
+            <arguments>
+              <argument id="1">
+                <type>attcode</type>
+                <mandatory>true</mandatory>
+                <type_restrictions>
+                  <operation>allow</operation>
+                  <types>
+                    <type id="AttributeDate"/>
+                    <type id="AttributeDateTime"/>
+                  </types>
+                </type_restrictions>
+              </argument>
+              <argument id="2">
+                <type>string</type>
+                <mandatory>false</mandatory>
+              </argument>
+              <argument id="3">
+                <type>attcode</type>
+                <mandatory>false</mandatory>
+                <type_restrictions>
+                  <operation>allow</operation>
+                  <types>
+                    <type id="AttributeDate"/>
+                    <type id="AttributeDateTime"/>
+                  </types>
+                </type_restrictions>
+              </argument>
+            </arguments>
+          </method>
+          <method id="SetComputedDateIfNull">
+            <arguments>
+              <argument id="1">
+                <type>attcode</type>
+                <mandatory>true</mandatory>
+                <type_restrictions>
+                  <operation>allow</operation>
+                  <types>
+                    <type id="AttributeDate"/>
+                    <type id="AttributeDateTime"/>
+                  </types>
+                </type_restrictions>
+              </argument>
+              <argument id="2">
+                <type>string</type>
+                <mandatory>false</mandatory>
+              </argument>
+              <argument id="3">
+                <type>attcode</type>
+                <mandatory>false</mandatory>
+                <type_restrictions>
+                  <operation>allow</operation>
+                  <types>
+                    <type id="AttributeDate"/>
+                    <type id="AttributeDateTime"/>
+                  </types>
+                </type_restrictions>
+              </argument>
+            </arguments>
+          </method>
           <method id="SetCurrentDate">
             <arguments>
               <argument id="1">
@@ -409,30 +847,6 @@
               </argument>
             </arguments>
           </method>
-          <method id="PrefillCreationForm">
-            <arguments>
-              <argument id="1">
-                <type>reference</type>
-                <mandatory>true</mandatory>
-              </argument>
-            </arguments>
-          </method>
-          <method id="PrefillTransitionForm">
-            <arguments>
-              <argument id="1">
-                <type>reference</type>
-                <mandatory>true</mandatory>
-              </argument>
-            </arguments>
-          </method>
-          <method id="PrefillSearchForm">
-            <arguments>
-              <argument id="1">
-                <type>reference</type>
-                <mandatory>true</mandatory>
-              </argument>
-            </arguments>
-          </method>
         </methods>
       </class>
     </classes>

application/datatable.class.inc.php

@@ -19,7 +19,7 @@ use Combodo\iTop\Renderer\Console\ConsoleBlockRenderer;
  *
  * You should have received a copy of the GNU Affero General Public License
  *
- * @deprecated since 3.0.0 use Combodo\iTop\Application\UI\Base\Component\DataTable\Datatable
+ * @deprecated 3.0.0 use Combodo\iTop\Application\UI\Base\Component\DataTable\Datatable
  */
 
 class DataTable

application/displayblock.class.inc.php

@@ -174,6 +174,8 @@ class DisplayBlock
 				/** string Max. height of the list, if not specified will occupy all the available height no matter the pagination */
 				'localize_values',
 				/** param for export.php */
+				'refresh_action',
+				/**to add refresh button in datatable*/
 			], DataTableUIBlockFactory::GetAllowedParams()),
 			'list_search' => array_merge([
 				'update_history',
@@ -268,8 +270,12 @@ class DisplayBlock
 			'surround_with_panel',
 			/** string title of panel block */
 			'panel_title',
+			/** string true if panel title should be displayed as html */
+			'panel_title_is_html',
 			/** string class for panel block style */
 			'panel_class',
+			/** string class for panel block style */
+			'panel_icon',
 		];
 
 		if (isset($aAllowedParams[$sStyle])) {
@@ -465,14 +471,12 @@ class DisplayBlock
 				$oHtml->AddSubBlock($this->GetRenderContent($oPage, $aExtraParams, $sId));
 			} catch (Exception $e) {
 				if (UserRights::IsAdministrator()) {
-					$sExceptionContent = <<<HTML
-Exception thrown:<br>
-<code>{$e->getMessage()}</code>
-HTML;
+					$sExceptionContent = 'Exception thrown:<br><code>'.utils::Sanitize($e->getMessage(), '', utils::ENUM_SANITIZATION_FILTER_STRING).'</code>';
+
 					$oExceptionAlert = AlertUIBlockFactory::MakeForFailure('Cannot display results', $sExceptionContent);
 					$oHtml->AddSubBlock($oExceptionAlert);
 				}
-				IssueLog::Error('Exception during GetDisplay: '.$e->getMessage());
+				ExceptionLog::LogException($e);
 			}
 		} else {
 			// render it as an Ajax (asynchronous) call
@@ -535,8 +539,10 @@ HTML;
 	 * @throws DictExceptionMissingString
 	 * @throws MySQLException
 	 * @throws Exception
+	 *
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 add type hinting to $aExtraParams
 	 */
-	public function GetRenderContent(WebPage $oPage, array $aExtraParams = [], string $sId = null)
+	public function GetRenderContent(WebPage $oPage, array $aExtraParams, string $sId)
 	{
 		$sHtml = '';
 		$oBlock = null;
@@ -560,7 +566,7 @@ HTML;
 			if (($this->m_sStyle != 'links') && ($this->m_sStyle != 'search') && ($this->m_sStyle != 'list_search')) {
 				$oAppContext = new ApplicationContext();
 				$sClass = $this->m_oFilter->GetClass();
-				$aFilterCodes = array_keys(MetaModel::GetClassFilterDefs($sClass));
+				$aFilterCodes = MetaModel::GetFiltersList($sClass);
 				$aCallSpec = array($sClass, 'MapContextParam');
 				if (is_callable($aCallSpec)) {
 					foreach ($oAppContext->GetNames() as $sContextParam) {
@@ -849,7 +855,7 @@ JS
 	{
 		$oField = new FieldExpression($sFilterCode,  $oFilter->GetClassAlias());
 		$sListExpr = '('.implode(', ', CMDBSource::Quote($condition)).')';
-		$sOQLCondition = $oField->Render()." IN $sListExpr";
+		$sOQLCondition = $oField->RenderExpression()." IN $sListExpr";
 		$oNewCondition = Expression::FromOQL($sOQLCondition);
 		return $oNewCondition;		
 	}
@@ -1010,9 +1016,10 @@ JS
 				$aCountsQueryResults[$aCountGroupBySingleResult[0]] = $aCountGroupBySingleResult[1];
 			}
 
+			$oAttDef = MetaModel::GetAttributeDef($sClass, $sStateAttrCode);
+			$aValues = $oAttDef->GetAllowedValues();
 			foreach ($aStates as $sStateValue) {
-				$oAttDef = MetaModel::GetAttributeDef($sClass, $sStateAttrCode);
-				$aStateLabels[$sStateValue] = $oAttDef->GetAsPlainText($sStateValue);
+				$aStateLabels[$sStateValue] = $aValues[$sStateValue] ?? '';
 				$aCounts[$sStateValue] = (array_key_exists($sStateValue, $aCountsQueryResults))
 					? $aCountsQueryResults[$sStateValue]
 					: 0;
@@ -1040,14 +1047,18 @@ JS
 			$sCountLabel = $aCount['label'];
 			$oPill = PillFactory::MakeForState($sClass, $sStateValue)
 				->SetTooltip($sStateLabel)
-				->AddHtml("<span class=\"ibo-dashlet-header-dynamic--count\">$sCountLabel</span>")
-				->AddHtml("<span class=\"ibo-dashlet-header-dynamic--label ibo-text-truncated-with-ellipsis\">$sStateLabel</span>");
+				->AddHtml("<span class=\"ibo-dashlet-header-dynamic--count\">$sCountLabel</span><span class=\"ibo-dashlet-header-dynamic--label ibo-text-truncated-with-ellipsis\">".utils::HtmlEntities($sStateLabel)."</span>");
 			if ($sHyperlink != '-') {
 				$oPill->SetUrl($sHyperlink);
 			}
 			$oBlock->AddSubBlock($oPill);
 		}
 		$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
+		if(isset($aExtraParams['query_params']['this->object()'])){
+			$aExtraParams['query_params']['this->class'] = get_class($aExtraParams['query_params']['this->object()']);
+			$aExtraParams['query_params']['this->id'] = 	$aExtraParams['query_params']['this->object()']->GetKey();
+			unset($aExtraParams['query_params']['this->object()']);
+		}
 		$aRefreshParams = ['filter' => $this->m_oFilter->ToOQL(), "extra_params" => json_encode($aExtraParams)];
 		$oBlock->SetJSRefresh(
 			"$('#".$oBlock->GetId()."').block();
@@ -1196,6 +1207,10 @@ JS
 				$sTitle = Dict::Format($sFormat, $iTotalCount);
 				$oBlock = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
 				$oBlock->AddSubTitleBlock(new Html($sTitle));
+				$oBlock->AddCSSClass('ibo-datatable-panel');
+				if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
+					$oBlock->SetIcon($aExtraParams["panel_icon"]);
+				}
 				$oDataTable = DataTableUIBlockFactory::MakeForStaticData("", $aAttribs, $aData, null, $aExtraParams, $this->m_oFilter->ToOQL(), $aOption);
 				$oBlock->AddSubBlock($oDataTable);
 			} else {
@@ -1212,6 +1227,9 @@ JS
 			}
 			if (isset($aExtraParams["surround_with_panel"]) && $aExtraParams["surround_with_panel"]) {
 				$oBlock = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
+				if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
+					$oBlock->SetIcon($aExtraParams["panel_icon"]);
+				}
 				$oBlock->AddSubBlock(new Html('<p>'.Dict::Format($sFormat, $iCount).'</p>'));
 			} else {
 				$oBlock = new Html('<p>'.Dict::Format($sFormat, $iCount).'</p>');
@@ -1347,6 +1365,9 @@ JS
 
 				if (isset($aExtraParams["surround_with_panel"]) && $aExtraParams["surround_with_panel"]) {
 					$oPanel = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
+					if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
+						$oPanel->SetIcon($aExtraParams["panel_icon"]);
+					}
 					$oPanel->AddSubBlock($oBlock);
 
 					return $oPanel;
@@ -1544,6 +1565,9 @@ JS
 
 		if (isset($aExtraParams["surround_with_panel"]) && $aExtraParams["surround_with_panel"]) {
 			$oPanel = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
+			if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
+				$oPanel->SetIcon($aExtraParams["panel_icon"]);
+			}
 			$oPanel->AddSubBlock($oBlock);
 
 			return $oPanel;
@@ -1632,6 +1656,9 @@ JS
 		}
 		if (isset($aExtraParams["surround_with_panel"]) && $aExtraParams["surround_with_panel"]) {
 			$oPanel = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
+			if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
+				$oPanel->SetIcon($aExtraParams["panel_icon"]);
+			}
 			$oPanel->AddSubBlock($oBlock);
 
 			return $oPanel;
@@ -1679,145 +1706,6 @@ JS
 
 }
 
-/**
- * Helper class to manage 'blocks' of HTML pieces that are parts of a page and contain some list of cmdb objects
- *
- * Each block is actually rendered as a <div></div> tag that can be rendered synchronously
- * or as a piece of Javascript/JQuery/Ajax that will get its content from another page (ajax.render.php).
- * The list of cmdbObjects to be displayed into the block is defined by a filter
- * Right now the type of display is either: list, count or details
- * - list produces a table listing the objects
- * - count produces a paragraphs with a sentence saying 'cont' objects found
- * - details display (as  table) the details of each object found (best if only one)
- *
- * @deprecated 3.0.0 will be removed in 3.1, see N°3824
- */
-class HistoryBlock extends DisplayBlock
-{
-	protected $iLimitCount;
-	protected $iLimitStart;
-	
-	public function __construct(DBSearch $oFilter, $sStyle = 'list', $bAsynchronous = false, $aParams = array(), $oSet = null)
-	{
-		DeprecatedCallsLog::NotifyDeprecatedPhpMethod();
-		parent::__construct($oFilter, $sStyle, $bAsynchronous, $aParams, $oSet);
-		$this->iLimitStart = 0;
-		$this->iLimitCount = 0;
-	}
-
-	public function SetLimit($iCount, $iStart = 0)
-	{
-		$this->iLimitStart = $iStart;
-		$this->iLimitCount = $iCount;
-	}
-
-	public function GetRenderContent(WebPage $oPage, array $aExtraParams = [], string $sId = null)
-	{
-		$sHtml = '';
-		$bTruncated = false;
-		$oSet = new CMDBObjectSet($this->m_oFilter, array('date' => false));
-		if (!$oPage->IsPrintableVersion()) {
-			if (($this->iLimitStart > 0) || ($this->iLimitCount > 0)) {
-				$oSet->SetLimit($this->iLimitCount, $this->iLimitStart);
-				if (($this->iLimitCount - $this->iLimitStart) < $oSet->Count()) {
-					$bTruncated = true;
-				}
-			}
-		}
-		$sHtml .= "<!-- filter: ".($this->m_oFilter->ToOQL())."-->\n";
-		switch ($this->m_sStyle) {
-			case 'toggle':
-				// First the latest change that the user is allowed to see
-				do {
-					$oLatestChangeOp = $oSet->Fetch();
-				} while (is_object($oLatestChangeOp) && ($oLatestChangeOp->GetDescription() == ''));
-
-				if (is_object($oLatestChangeOp)) {
-					// There is one change in the list... only when the object has been created !
-					$sDate = $oLatestChangeOp->GetAsHTML('date');
-					$oChange = MetaModel::GetObject('CMDBChange', $oLatestChangeOp->Get('change'));
-					$sUserInfo = $oChange->GetAsHTML('userinfo');
-					$sHtml .= $oPage->GetStartCollapsibleSection(Dict::Format('UI:History:LastModified_On_By', $sDate, $sUserInfo));
-					$sHtml .= $this->GetHistoryTable($oPage, $oSet);
-					$sHtml .= $oPage->GetEndCollapsibleSection();
-				}
-				break;
-
-			case 'table':
-			default:
-			if ($bTruncated)
-			{
-				$sFilter = htmlentities($this->m_oFilter->serialize(), ENT_QUOTES, 'UTF-8');
-				$sHtml .= '<div id="history_container"><p>';
-				$sHtml .= Dict::Format('UI:TruncatedResults', $this->iLimitCount, $oSet->Count());
-				$sHtml .= ' ';
-				$sHtml .= '<a href="#" onclick="DisplayHistory(\'#history_container\', \''.$sFilter.'\', 0, 0); return false;">'.Dict::S('UI:DisplayAll').'</a>';
-				$sHtml .= $this->GetHistoryTable($oPage, $oSet);
-				$sHtml .= '</p></div>';
-				$oPage->add_ready_script("$('#{$sId} table.listResults tr:last td').addClass('truncated');");
-			}
-			else
-			{
-				$sHtml .= $this->GetHistoryTable($oPage, $oSet);
-			}
-			$oPage->add_ready_script(InlineImage::FixImagesWidth());
-		
-			$oPage->add_ready_script("$('.case-log-history-entry-toggle').on('click', function () { $(this).closest('.case-log-history-entry').toggleClass('expanded');});");
-			$oPage->add_ready_script(
-<<<EOF
-$('.history_entry').each(function() {
-	var jMe = $(this);
-	var oContent = $(this).find('.history_html_content');
-	if (jMe.height() < oContent.height())
-	{
-			jMe.prepend('<span class="history_truncated_toggler"></span>');
-			jMe.find('.history_truncated_toggler').on('click', function() {
-				jMe.toggleClass('history_entry_truncated');
-			});
-	}
-});
-EOF
-			);
-		}
-		return new Html($sHtml);
-	}
-	
-	protected function GetHistoryTable(WebPage $oPage, DBObjectSet $oSet)
-	{
-		$sHtml = '';
-		// First the latest change that the user is allowed to see
-		$oSet->Rewind(); // Reset the pointer to the beginning of the set
-		$aChanges = array();
-		while($oChangeOp = $oSet->Fetch())
-		{
-			$sChangeDescription = $oChangeOp->GetDescription();
-			if ($sChangeDescription != '')
-			{
-				// The change is visible for the current user
-				$changeId = $oChangeOp->Get('change');
-				$aChanges[$changeId]['date'] = $oChangeOp->Get('date');
-				$aChanges[$changeId]['userinfo'] = $oChangeOp->Get('userinfo');
-				if (!isset($aChanges[$changeId]['log']))
-				{
-					$aChanges[$changeId]['log'] = array();
-				}
-				$aChanges[$changeId]['log'][] = $sChangeDescription;
-			}
-		}
-		$aAttribs = array('date' => array('label' => Dict::S('UI:History:Date'), 'description' => Dict::S('UI:History:Date+')),
-						  'userinfo' => array('label' => Dict::S('UI:History:User'), 'description' => Dict::S('UI:History:User+')),
-						  'log' => array('label' => Dict::S('UI:History:Changes') , 'description' => Dict::S('UI:History:Changes+')),
-						 );
-		$aValues = array();
-		foreach($aChanges as $aChange)
-		{
-			$aValues[] = array('date' => AttributeDateTime::GetFormat()->Format($aChange['date']), 'userinfo' => htmlentities($aChange['userinfo'], ENT_QUOTES, 'UTF-8'), 'log' => "<ul><li>".implode('</li><li>', $aChange['log'])."</li></ul>");
-		}
-		$sHtml .= $oPage->GetTable($aAttribs, $aValues);
-		return $sHtml;
-	}
-}
-
 /**
  * Displays the 'Actions' menu for a given (list of) object(s)
  * The 'style' of the list (see constructor of DisplayBlock) can be either 'list' or 'details'
@@ -1852,11 +1740,10 @@ class MenuBlock extends DisplayBlock
 	 * @throws \DictExceptionMissingString
 	 * @throws \MissingQueryArgument
 	 * @throws \MySQLException
-	 * @throws \MySQLHasGoneAwayException
-	 * @throws \OQLException
-	 * @throws \ReflectionException
+	 *
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value and add type hinting on $aExtraParams for PHP 8.0 compatibility
 	 */
-	public function GetRenderContent(WebPage $oPage, array $aExtraParams = [], string $sId = null)
+	public function GetRenderContent(WebPage $oPage, array $aExtraParams, string $sId)
 	{
 		$oRenderBlock = new UIContentBlock();
 
@@ -1867,7 +1754,7 @@ class MenuBlock extends DisplayBlock
 
 		$sClass = $this->m_oFilter->GetClass();
 		$oSet = new CMDBObjectSet($this->m_oFilter);
-		$sRefreshAction = $aExtraParams['sRefreshAction'] ?? '';
+		$sRefreshAction = $aExtraParams['refresh_action'] ?? '';
 
 		/** @var array $aRegularActions Any action other than a transition */
 		$aRegularActions = [];
@@ -2203,8 +2090,14 @@ class MenuBlock extends DisplayBlock
 		}
 		if ($oPopupMenuItemsBlock->HasSubBlocks()) {
 			$oRenderBlock->AddSubBlock($oPopupMenuItemsBlock);
+		} else {
+			foreach ($oPopupMenuItemsBlock->GetJsFilesRelPaths() as $sJsPath) {
+				$oRenderBlock->AddJsFileRelPath($sJsPath);
+			}
+			foreach ($oPopupMenuItemsBlock->GetCssFilesRelPaths() as $sCssPath) {
+				$oRenderBlock->AddCssFileRelPath($sCssPath);
+			}
 		}
-
 		// Extract favorite actions from their menus
 		$aFavoriteRegularActions = [];
 		$aFavoriteTransitionActions = [];
@@ -2305,13 +2198,25 @@ class MenuBlock extends DisplayBlock
 						$sIconClass = 'fas fa-share-alt';
 						$sLabel = '';
 						break;
+
+					default:
+						if (isset($aAction['icon_class']) && (strlen($aAction['icon_class']) > 0)) {
+							$sIconClass = $aAction['icon_class'];
+							$sLabel = '';
+						}
 				}
 
 				$sTarget = isset($aAction['target']) ? $aAction['target'] : '';
-				$oActionButton = ButtonUIBlockFactory::MakeLinkNeutral($sUrl, $sLabel, $sIconClass, $sTarget, $sActionId);
+				$oActionButton = ButtonUIBlockFactory::MakeLinkNeutral($sUrl, $sLabel, $sIconClass, $sTarget, utils::Sanitize($sActionId, '', utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER));
+				// ResourceId should not be sanitized
+				$oActionButton->AddDataAttribute('resource-id', $sActionId);
 				$oActionButton->AddCSSClasses(['ibo-action-button', 'ibo-regular-action-button']);
 				if (empty($sLabel)) {
-					$oActionButton->SetTooltip(Dict::S($sActionId));
+					if (empty($aAction['tooltip'])) {
+						$oActionButton->SetTooltip(Dict::S($sActionId));
+					} else {
+						$oActionButton->SetTooltip($aAction['tooltip']);
+					}
 				}
 				$oActionsToolbar->AddSubBlock($oActionButton);
 			}
@@ -2319,7 +2224,7 @@ class MenuBlock extends DisplayBlock
 			// - Refresh
 			if ($sRefreshAction != '') {
 				$oActionButton = ButtonUIBlockFactory::MakeAlternativeNeutral('', 'UI:Button:Refresh');
-				$oActionButton->SetIconClass('fas fa-sync')
+				$oActionButton->SetIconClass('fas fa-sync-alt')
 					->SetOnClickJsCode($sRefreshAction)
 					->SetTooltip(Dict::S('UI:Button:Refresh'))
 					->AddCSSClasses(['ibo-action-button', 'ibo-regular-action-button']);

application/errorpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/ErrorPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/ErrorPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/ErrorPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/ErrorPage.php, now loadable using autoloader');

application/exceptions/CoreCannotSaveObjectException.php

@@ -44,15 +44,15 @@ class CoreCannotSaveObjectException extends CoreException
 	public function getHtmlMessage()
 	{
 		$sTitle = Dict::S('UI:Error:SaveFailed');
-		$sContent = "<span><strong>{$sTitle}</strong></span>";
+		$sContent = "<span><strong>".utils::HtmlEntities($sTitle)."</strong></span>";
 
 		if (count($this->aIssues) == 1) {
 			$sIssue = reset($this->aIssues);
-			$sContent .= " <span>{$sIssue}</span>";
+			$sContent .= " <span>".utils::HtmlEntities($sIssue)."</span>";
 		} else {
 			$sContent .= '<ul>';
 			foreach ($this->aIssues as $sError) {
-				$sContent .= "<li>$sError</li>";
+				$sContent .= "<li>".utils::HtmlEntities($sError)."</li>";
 			}
 			$sContent .= '</ul>';
 		}

application/exceptions/mysql/MySQLTransactionNotClosedException.php

@@ -0,0 +1,13 @@
+<?php
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+/**
+ * @since 2.7.8 3.0.3 3.1.0 N°5538
+ */
+class MySQLTransactionNotClosedException extends MySQLException
+{
+
+}

application/forms.class.inc.php

@@ -102,12 +102,20 @@ class DesignerForm
 				$sReturn .= '<fieldset>';
 				$sReturn .= '<legend>'.$sLabel.'</legend>';
 			}
+			/** @var \DesignerFormField $oField */
 			foreach($aFields as $oField) {
 				$aRow = $oField->Render($oP, $sFormId);
 				if ($oField->IsVisible()) {
 					$sValidation = '<span class="prop_apply ibo-prop--apply ibo-button ibo-is-alternative">'.$this->GetValidationArea($oField->GetFieldId()).'</span>';
 					$sField = $aRow['value'].$sValidation;
-					$aDetails[] = array('label' => $aRow['label'], 'value' => $sField);
+					$aDetails[] = array(
+						'label' => $aRow['label'],
+						'value' => $sField,
+						'attcode' => $oField->GetCode(),
+						'attlabel' => $aRow['label'],
+						'inputid' => $this->GetFieldId($oField->GetCode()),
+						'inputtype' => $oField->GetInputType(),
+					);
 				} else {
 					$sHiddenFields .= $aRow['value'];
 				}
@@ -221,14 +229,14 @@ class DesignerForm
 				$aRow = $oField->Render($oP, $sFormId, 'property');
 				if ($oField->IsVisible()) {
 					$sFieldId = $this->GetFieldId($oField->GetCode());
-					$sValidation = $this->GetValidationArea($sFieldId, '<span data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Apply').'"><i class="fas fa-check"></i></span>');
-					$sValidationFields = '</td><td class="prop_icon prop_apply ibo-prop--apply ibo-button ibo-is-alternative" >'.$sValidation.'</td><td  class="prop_icon prop_cancel ibo-prop--cancel ibo-button ibo-is-alternative"><span data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Revert').'"><i class="fas fa-times"></i></span></td>'
+					$sValidation = $this->GetValidationArea($sFieldId, '<div class="ibo-button ibo-is-alternative ibo-is-success" data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Apply').'"><i class="fas fa-check"></i></div>');
+					$sValidationFields = '</td><td class="prop_icon prop_apply ibo-prop--apply" >'.$sValidation.'</td><td  class="prop_icon prop_cancel ibo-prop--cancel"><span><div class="ibo-button ibo-is-alternative ibo-is-neutral" data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Revert').'"><i class="fas fa-undo"></i></div></span></td>'
 						.$this->EndRow();
 
 					if (is_null($aRow['label'])) {
-						$sReturn .= $this->StartRow($sFieldId).'<td class="prop_value ibo-field--value" colspan="2">'.$aRow['value'];
+						$sReturn .= $this->StartRow($sFieldId).'<td class="prop_value" colspan="2">'.$aRow['value'];
 					} else {
-						$sReturn .= $this->StartRow($sFieldId).'<td class="prop_label ibo-field--label">'.$aRow['label'].'</td><td class="prop_value ibo-field--value">'.$aRow['value'];
+						$sReturn .= $this->StartRow($sFieldId).'<td class="prop_label">'.$aRow['label'].'</td><td class="prop_value">'.$aRow['value'];
 					}
 					if (!($oField instanceof DesignerFormSelectorField) && !($oField instanceof DesignerMultipleSubFormField)) {
 						$sReturn .= $sValidationFields;
@@ -346,7 +354,7 @@ EOF
 <<<EOF
 $('#$sDialogId').dialog({
 		height: 'auto',
-		maxHeight: $(window).height() - 8,
+		maxHeight: $(window).height() * 0.9,
 		width: $iDialogWidth,
 		modal: true,
 		autoOpen: $sAutoOpen,
@@ -702,11 +710,27 @@ class DesignerFormField
 		$this->bMandatory = false;
 		$this->bReadOnly = false;
 		$this->bAutoApply = false;
-		$this->aCSSClasses = array('ibo-input');
+		$this->aCSSClasses = [];
+		if (ContextTag::Check(ContextTag::TAG_CONSOLE)) {
+			$this->aCSSClasses[] = 'ibo-input';
+		}
 		$this->bDisplayed = true;
 		$this->aWidgetExtraParams = array();
 	}
 
+	/**
+	 * Important, for now we use constants from the \cmdbAbstractObject class, introducing a coupling that should not exist.
+	 * This has been traced under N°4241 and will be discussed during the next modernization batch.
+	 *
+	 * @return string|null Return the input type of the field
+	 * @see \cmdbAbstractObject::ENUM_INPUT_TYPE_XXX
+	 * @since 3.0.0
+	 */
+	public function GetInputType(): ?string
+	{
+		return cmdbAbstractObject::ENUM_INPUT_TYPE_SINGLE_INPUT;
+	}
+
 	/**
 	 * @return string
 	 */
@@ -814,7 +838,8 @@ class DesignerFormField
 	{
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		return array('label' => $this->sLabel, 'value' => "<input type=\"text\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">");
+
+		return array('label' => $this->sLabel, 'value' => "<input type=\"text\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">");
 	}
 
 	/**
@@ -988,9 +1013,8 @@ class DesignerTextField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		if ($this->IsReadOnly())
-		{
-			$sHtmlValue = "<span>".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+		if ($this->IsReadOnly()) {
+			$sHtmlValue = "<span>".utils::EscapeHtml($this->defaultValue)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1014,11 +1038,10 @@ $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId',
 EOF
 			);
 			$sCSSClasses = '';
-			if (count($this->aCSSClasses) > 0)
-			{
+			if (count($this->aCSSClasses) > 0) {
 				$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 			}
-			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">";
+			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">";
 		}
 		return array('label' => $this->sLabel, 'value' => $sHtmlValue);
 	}
@@ -1044,7 +1067,18 @@ class DesignerLongTextField extends DesignerTextField
 	public function __construct($sCode, $sLabel = '', $defaultValue = '')
 	{
 		parent::__construct($sCode, $sLabel, $defaultValue);
-		$this->aCSSClasses[] = 'ibo-input-text';
+
+		if (ContextTag::Check(ContextTag::TAG_CONSOLE)) {
+			$this->aCSSClasses[] = 'ibo-input-text';
+		}
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): string
+	{
+		return cmdbAbstractObject::ENUM_INPUT_TYPE_TEXTAREA;
 	}
 
 	public function Render(WebPage $oP, $sFormId, $sRenderMode='dialog')
@@ -1066,10 +1100,9 @@ class DesignerLongTextField extends DesignerTextField
 		{
 			$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 		}
-		if (!$this->IsReadOnly())
-		{
+		if (!$this->IsReadOnly()) {
 			$oP->add_ready_script(
-<<<EOF
+				<<<EOF
 $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId', $sMandatory, '$sPattern',  $(this).closest('form').attr('id'), $sForbiddenValues); } );
 {
 	var myTimer = null;
@@ -1077,11 +1110,10 @@ $('#$sId').on('change keyup validate', function() { ValidateWithPattern('$sId',
 }
 EOF
 			);
-			$sValue = "<textarea $sCSSClasses id=\"$sId\" name=\"$sName\">".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."</textarea>";
+			$sValue = "<textarea $sCSSClasses id=\"$sId\" name=\"$sName\">".utils::EscapeHtml($this->defaultValue)."</textarea>";
 		}
-		else
-		{
-			$sValue = "<div $sCSSClasses id=\"$sId\">".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."</div>";
+		else {
+			$sValue = "<div $sCSSClasses id=\"$sId\">".utils::EscapeHtml($this->defaultValue)."</div>";
 		}
 		return array('label' => $this->sLabel, 'value' => $sValue);
 	}
@@ -1110,9 +1142,8 @@ class DesignerIntegerField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		if ($this->IsReadOnly())
-		{
-			$sHtmlValue = "<span>".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+		if ($this->IsReadOnly()) {
+			$sHtmlValue = "<span>".utils::EscapeHtml($this->defaultValue)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1129,11 +1160,10 @@ $('#$sId').on('change keyup validate', function() { ValidateInteger('$sId', $sMa
 EOF
 			);
 			$sCSSClasses = '';
-			if (count($this->aCSSClasses) > 0)
-			{
+			if (count($this->aCSSClasses) > 0) {
 				$sCSSClasses = 'class="'.implode(' ', $this->aCSSClasses).'"';
 			}
-			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">";
+			$sHtmlValue = "<input type=\"text\" $sCSSClasses id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">";
 		}
 		return array('label' => $this->sLabel, 'value' => $sHtmlValue);
 	}
@@ -1170,14 +1200,35 @@ class DesignerComboField extends DesignerFormField
 		$this->bMultipleSelection = false;
 		$this->bOtherChoices = false;
 		$this->sNullLabel = Dict::S('UI:SelectOne');
-		$this->aCSSClasses[] = 'ibo-input-select';
+
+		if (ContextTag::Check(ContextTag::TAG_CONSOLE)) {
+			$this->aCSSClasses[] = 'ibo-input-select';
+		}
 
 		$this->bAutoApply = true;
 		$this->bSorted = true; // Sorted by default
 	}
-	
-	public function SetAllowedValues($aAllowedValues)
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
 	{
+		if ($this->bMultipleSelection) {
+			return cmdbAbstractObject::ENUM_INPUT_TYPE_DROPDOWN_MULTIPLE_CHOICES;
+		}
+		else {
+			return cmdbAbstractObject::ENUM_INPUT_TYPE_DROPDOWN_RAW;
+		}
+	}
+
+	public function SetAllowedValues(?array $aAllowedValues)
+	{
+		// Make sure to have an actual array for values
+		if (is_null($aAllowedValues)) {
+			$aAllowedValues = [];
+		}
+
 		$this->aAllowedValues = $aAllowedValues;
 	}
 	
@@ -1216,7 +1267,7 @@ class DesignerComboField extends DesignerFormField
 		$sChecked = $this->defaultValue ? 'checked' : '';
 		$sMandatory = $this->bMandatory ? 'true' :  'false';
 		$sReadOnly = $this->IsReadOnly() ? 'disabled="disabled"' :  '';
-		if ($this->IsSorted())
+		if ($this->IsSorted() )
 		{
 			asort($this->aAllowedValues);
 		}
@@ -1233,52 +1284,44 @@ class DesignerComboField extends DesignerFormField
 			{
 				if ($this->bMultipleSelection)
 				{
-					if(in_array($sKey, $this->defaultValue))
-					{
+					if(in_array($sKey, $this->defaultValue)) {
 						$aSelected[] = $sDisplayValue;
-						$aHiddenValues[] = "<input type=\"hidden\" name=\"{$sName}[]\" value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\"/>";
+						$aHiddenValues[] = "<input type=\"hidden\" name=\"{$sName}[]\" value=\"".utils::EscapeHtml($sKey)."\"/>";
 					}
-				}
-				else
-				{
-					if ($sKey == $this->defaultValue)
-					{
+				} else {
+					if ($sKey == $this->defaultValue) {
 						$aSelected[] = $sDisplayValue;
-						$aHiddenValues[] = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\"/>";
+						$aHiddenValues[] = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($sKey)."\"/>";
 					}
 				}
 			}
-			$sHtml = "<span $sCSSClasses>".htmlentities(implode(', ', $aSelected), ENT_QUOTES, 'UTF-8').implode($aHiddenValues)."</span>";
+			$sHtml = "<span $sCSSClasses>".utils::EscapeHtml(implode(', ', $aSelected)).implode($aHiddenValues)."</span>";
 		}
 		else
 		{
 			if ($this->bMultipleSelection)
 			{
-				$sHtml = "<select $sCSSClasses multiple size=\"8\"id=\"$sId\" name=\"$sName\">";
+				$sHtml = "<span><select $sCSSClasses multiple size=\"8\"id=\"$sId\" name=\"$sName\">";
 			}
 			else
 			{
-				$sHtml = "<select $sCSSClasses id=\"$sId\" name=\"$sName\">";
+				$sHtml = "<span class=\"ibo-input-select-wrapper\"><select $sCSSClasses id=\"$sId\" name=\"$sName\">";
 				if ($this->sNullLabel != '')
 				{
 					$sHtml .= "<option value=\"\">".$this->sNullLabel."</option>";
 				}
 			}
-			foreach($this->aAllowedValues as $sKey => $sDisplayValue)
-			{
-				if ($this->bMultipleSelection)
-				{
+			foreach ($this->aAllowedValues as $sKey => $sDisplayValue) {
+				if ($this->bMultipleSelection) {
 					$sSelected = in_array($sKey, $this->defaultValue) ? 'selected' : '';
-				}
-				else
-				{
+				} else {
 					$sSelected = ($sKey == $this->defaultValue) ? 'selected' : '';
 				}
 				// Quick and dirty: display the menu parents as a tree
-				$sHtmlValue = str_replace(' ', '&nbsp;', htmlentities($sDisplayValue, ENT_QUOTES, 'UTF-8'));
-				$sHtml .= "<option value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\" $sSelected>$sHtmlValue</option>";
+				$sHtmlValue = str_replace(' ', '&nbsp;', $sDisplayValue);
+				$sHtml .= "<option value=\"".utils::EscapeHtml($sKey)."\" $sSelected>$sHtmlValue</option>";
 			}
-			$sHtml .= "</select>";
+			$sHtml .= "</select></span>";
 			if ($this->bOtherChoices)
 			{
 				$sHtml .= '<br/><input type="checkbox" id="other_chk_'.$sId.'"><label for="other_chk_'.$sId.'">&nbsp;Other:</label>&nbsp;<input type="text" id="other_'.$sId.'" name="other_'.$sName.'" size="30"/>'; 
@@ -1309,7 +1352,17 @@ class DesignerBooleanField extends DesignerFormField
 	{
 		parent::__construct($sCode, $sLabel, $defaultValue);
 		$this->bAutoApply = true;
-		$this->aCSSClasses[] = 'ibo-input-checkbox';
+		if (ContextTag::Check(ContextTag::TAG_CONSOLE)) {
+			$this->aCSSClasses[] = 'ibo-input-checkbox';
+		}
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return cmdbAbstractObject::ENUM_INPUT_TYPE_CHECKBOX;
 	}
 	
 	public function Render(WebPage $oP, $sFormId, $sRenderMode='dialog')
@@ -1317,10 +1370,9 @@ class DesignerBooleanField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
 		$sChecked = $this->defaultValue ? 'checked' : '';
-		if ($this->IsReadOnly())
-		{
+		if ($this->IsReadOnly()) {
 			$sLabel = $this->defaultValue ? Dict::S('UI:UserManagement:ActionAllowed:Yes') : Dict::S('UI:UserManagement:ActionAllowed:No'); //TODO use our own yes/no translations
-			$sHtmlValue = "<span>".htmlentities($sLabel)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\"/></span>";
+			$sHtmlValue = "<span>".utils::EscapeHtml($sLabel)."<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\"/></span>";
 		}
 		else
 		{
@@ -1370,6 +1422,14 @@ class DesignerHiddenField extends DesignerFormField
 	{
 		parent::__construct($sCode, $sLabel, $defaultValue);
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return null;
+	}
 	
 	public function IsVisible()
 	{
@@ -1380,8 +1440,8 @@ class DesignerHiddenField extends DesignerFormField
 	{
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
-		$sChecked = $this->defaultValue ? 'checked' : '';
-		return array('label' =>'', 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">");
+
+		return array('label' => '', 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($this->defaultValue)."\">");
 	}
 }
 
@@ -1397,6 +1457,14 @@ class DesignerIconSelectionField extends DesignerFormField
 		$this->bAutoApply = true;
 		$this->sUploadUrl = null;
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return cmdbAbstractObject::ENUM_INPUT_TYPE_DROPDOWN_DECORATED;
+	}
 	
 	public function SetAllowedValues($aAllowedValues)
 	{
@@ -1432,14 +1500,15 @@ class DesignerIconSelectionField extends DesignerFormField
 		$sPostUploadTo = ($this->sUploadUrl == null) ? 'null' : "'{$this->sUploadUrl}'";
 		if (!$this->IsReadOnly()) {
 			$sDefaultValue = ($this->defaultValue !== '') ? $this->defaultValue : $this->aAllowedValues[$idx]['value'];
-			$sValue = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"{$sDefaultValue}\"/>";
+			$sCSSClasses = ContextTag::Check(ContextTag::TAG_CONSOLE) ? 'class="ibo-input-select-wrapper"' : '';
+			$sValue = "<span $sCSSClasses><input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"{$sDefaultValue}\"/></span>";
 			$oP->add_ready_script(
 				<<<EOF
 	$('#$sId').icon_select({current_idx: $idx, items: $sJSItems, post_upload_to: $sPostUploadTo});
 EOF
 			);
 		} else {
-			$sValue = '<span style="display:inline-block;line-height:48px;height:48px;"><span><img style="vertical-align:middle" src="'.$this->aAllowedValues[$idx]['icon'].'" />&nbsp;'.htmlentities($this->aAllowedValues[$idx]['label'], ENT_QUOTES, 'UTF-8').'</span></span>';
+			$sValue = '<span style="display:inline-block;line-height:48px;height:48px;"><span><img style="vertical-align:middle" src="'.$this->aAllowedValues[$idx]['icon'].'" />&nbsp;'.utils::EscapeHtml($this->aAllowedValues[$idx]['label']).'</span></span>';
 		}
 		$sReadOnly = $this->IsReadOnly() ? 'disabled' : '';
 		return array('label' => $this->sLabel, 'value' => $sValue);
@@ -1566,6 +1635,14 @@ class DesignerSortableField extends DesignerFormField
 		parent::__construct($sCode, $sLabel, $defaultValue);
 		$this->aAllowedValues = array();
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return null;
+	}
 	
 	public function SetAllowedValues($aAllowedValues)
 	{
@@ -1578,14 +1655,14 @@ class DesignerSortableField extends DesignerFormField
 		$sId = $this->oForm->GetFieldId($this->sCode);
 		$sName = $this->oForm->GetFieldName($this->sCode);
 		$sReadOnly = $this->IsReadOnly() ? 'readonly="readonly"' : '';
-		$aResult = array('label' => $this->sLabel, 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" $sReadOnly value=\"".htmlentities($this->defaultValue, ENT_QUOTES, 'UTF-8')."\">");
-		
+		$aResult = array('label' => $this->sLabel, 'value' => "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" $sReadOnly value=\"".utils::EscapeHtml($this->defaultValue)."\">");
+
 
 		$sJSFields = json_encode(array_keys($this->aAllowedValues));
 		$oP->add_ready_script(
 			"$('#$sId').sortable_field({aAvailableFields: $sJSFields});"
 		);
-		
+
 		return $aResult;
 	}
 }
@@ -1602,7 +1679,17 @@ class DesignerFormSelectorField extends DesignerFormField
 		$this->defaultRealValue = $defaultValue;
 		$this->aSubForms = array();
 		$this->bSorted = true;
-		$this->aCSSClasses[] = 'ibo-input-select';
+		if (ContextTag::Check(ContextTag::TAG_CONSOLE)) {
+			$this->aCSSClasses[] = 'ibo-input-select';
+		}
+	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return null;
 	}
 
 	public function IsSorted()
@@ -1664,25 +1751,25 @@ class DesignerFormSelectorField extends DesignerFormField
 			foreach ($this->aSubForms as $iKey => $aFormData) {
 				if ($iKey == $this->defaultValue) // Default value is actually the index
 				{
-					$sDisplayValue = htmlentities($aFormData['label'], ENT_QUOTES, 'UTF-8');
-					$sHiddenValue = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".htmlentities($iKey, ENT_QUOTES, 'UTF-8')."\"/>";
+					$sDisplayValue = utils::EscapeHtml($aFormData['label']);
+					$sHiddenValue = "<input type=\"hidden\" id=\"$sId\" name=\"$sName\" value=\"".utils::EscapeHtml($iKey)."\"/>";
 					break;
 				}
 			}
 			$sHtml = "<span $sCSSClasses>".$sDisplayValue.$sHiddenValue."</span>";
 		} else {
-			$sHtml = "<select $sCSSClasses id=\"$sId\" name=\"$sName\" $sReadOnly>";
+			$sHtml = "<span class=\"ibo-input-select-wrapper\"><select $sCSSClasses id=\"$sId\" name=\"$sName\" $sReadOnly>";
 			foreach ($this->aSubForms as $iKey => $aFormData) {
-				$sDisplayValue = htmlentities($aFormData['label'], ENT_QUOTES, 'UTF-8');
-				$sValue = htmlentities($aFormData['value'], ENT_QUOTES, 'UTF-8');
+				$sDisplayValue = utils::EscapeHtml($aFormData['label']);
+				$sValue = utils::EscapeHtml($aFormData['value']);
 				$sSelected = ($iKey == $this->defaultValue) ? 'selected' : '';
 				$sHtml .= "<option data-value=\"$sValue\" value=\"$iKey\" $sSelected>".$sDisplayValue."</option>";
 			}
-			$sHtml .= "</select>";
+			$sHtml .= "</select></span>";
 		}
 
 		if ($sRenderMode == 'property') {
-			$sHtml .= '</td><td class="prop_icon prop_apply ibo-prop--apply ibo-button ibo-is-alternative"><span data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Apply').'"><i class="fas fa-check"></i></span></td><td  class="prop_icon prop_cancel ibo-prop--cancel ibo-button ibo-is-alternative"><span data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Revert').'"><i class="fas fa-times"></i></span></td></tr>';
+			$sHtml .= '</td><td class="prop_icon prop_apply ibo-prop--apply"><span><button class="ibo-button ibo-is-alternative ibo-is-success" data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Apply').'"><i class="fas fa-check"></i></button></span></td><td class="prop_icon prop_cancel ibo-prop--cancel"><span><button class="ibo-button ibo-is-alternative ibo-is-neutral" data-tooltip-content="'.Dict::Format('UI:DashboardEdit:Revert').'"><i class="fas fa-times"></i></button></span></td></tr>';
 		}
 		foreach ($this->aSubForms as $sKey => $aFormData) {
 			$sId = $this->oForm->GetFieldId($this->sCode);
@@ -1790,6 +1877,14 @@ class DesignerSubFormField extends DesignerFormField
 		parent::__construct('', $sLabel, '');
 		$this->oSubForm = $oSubForm;
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return null;
+	}
 	
 	public function Render(WebPage $oP, $sFormId, $sRenderMode='dialog')
 	{
@@ -1834,6 +1929,14 @@ class DesignerStaticTextField extends DesignerFormField
 		parent::__construct($sCode, $sLabel, $defaultValue);
 	}
 
+	/**
+	 * @inheritDoc
+	 */
+	public function GetInputType(): ?string
+	{
+		return null;
+	}
+
 	public function Render(WebPage $oP, $sFormId, $sRenderMode='dialog')
 	{
 		return array('label' => $this->sLabel, 'value' => $this->defaultValue);

application/itopwebpage.class.inc.php

@@ -1,9 +1,9 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/iTopWebPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/iTopWebPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
 // cannot notify depreciation for now as this is still MASSIVELY used in iTop core !
-//DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/iTopWebPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/iTopWebPage.php, now loadable using autoloader');

application/itopwizardwebpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/iTopWizardWebPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/iTopWizardWebPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/iTopWizardWebPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/iTopWizardWebPage.php, now loadable using autoloader');

application/loginbasic.class.inc.php

@@ -1,4 +1,7 @@
 <?php
+
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Class LoginBasic
  *
@@ -20,19 +23,19 @@ class LoginBasic extends AbstractLoginFSMExtension
 
 	protected function OnModeDetection(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']))
+		if (!Session::IsSet('login_mode'))
 		{
 			if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION']))
 			{
-				$_SESSION['login_mode'] = 'basic';
+				Session::Set('login_mode', 'basic');
 			}
 			elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && !empty($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))
 			{
-				$_SESSION['login_mode'] = 'basic';
+				Session::Set('login_mode', 'basic');
 			}
 			elseif (isset($_SERVER['PHP_AUTH_USER']))
 			{
-				$_SESSION['login_mode'] = 'basic';
+				Session::Set('login_mode', 'basic');
 			}
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -40,10 +43,10 @@ class LoginBasic extends AbstractLoginFSMExtension
 
 	protected function OnReadCredentials(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']) || $_SESSION['login_mode'] == 'basic')
+		if (!Session::IsSet('login_mode') || Session::Get('login_mode') == 'basic')
 		{
-			list($sAuthUser, $sAuthPwd) = $this->GetAuthUserAndPassword();
-			$_SESSION['login_temp_auth_user'] =  $sAuthUser;
+			list($sAuthUser) = $this->GetAuthUserAndPassword();
+			Session::Set('login_temp_auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -51,31 +54,32 @@ class LoginBasic extends AbstractLoginFSMExtension
 
 	protected function OnCheckCredentials(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'basic')
+		if (Session::Get('login_mode') == 'basic')
 		{
 			list($sAuthUser, $sAuthPwd) = $this->GetAuthUserAndPassword();
-			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $_SESSION['login_mode'], 'internal'))
+			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
 			{
+				$_SESSION['auth_user'] = $sAuthUser;
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnCredentialsOK(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'basic')
+		if (Session::Get('login_mode') == 'basic')
 		{
-			list($sAuthUser) = $this->GetAuthUserAndPassword();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']);
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnError(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'basic')
+		if (Session::Get('login_mode') == 'basic')
 		{
 			LoginWebPage::HTTP401Error();
 		}
@@ -84,9 +88,9 @@ class LoginBasic extends AbstractLoginFSMExtension
 
 	protected function OnConnected(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'basic')
+		if (Session::Get('login_mode') == 'basic')
 		{
-			$_SESSION['can_logoff'] = true;
+			Session::Set('can_logoff', true);
 			return LoginWebPage::CheckLoggedUser($iErrorCode);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;

application/logindefault.class.inc.php

@@ -4,6 +4,8 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Class LoginDefaultBefore
  */
@@ -23,7 +25,7 @@ class LoginDefaultBefore extends AbstractLoginFSMExtension
 	{
 		$iErrorCode = LoginWebPage::EXIT_CODE_OK;
 
-		unset($_SESSION['login_temp_auth_user']);
+		Session::Unset('login_temp_auth_user');
 
 		// Check if proposed login mode is present and allowed
 		$aAllowedLoginTypes = MetaModel::GetConfig()->GetAllowedLoginTypes();
@@ -32,11 +34,11 @@ class LoginDefaultBefore extends AbstractLoginFSMExtension
 		if ($index !== false)
 		{
 			// Force login mode
-			$_SESSION['login_mode'] = $sProposedLoginMode;
+			Session::Set('login_mode', $sProposedLoginMode);
 		}
 		else
 		{
-			unset($_SESSION['login_mode']);
+			Session::Unset('login_mode');
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -91,7 +93,7 @@ class LoginDefaultAfter extends AbstractLoginFSMExtension implements iLogoutExte
 
 	protected function OnCredentialsOk(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']))
+		if (!Session::IsSet('login_mode'))
 		{
 			// If no plugin validated the user, exit
 			self::ResetLoginSession();
@@ -110,7 +112,7 @@ class LoginDefaultAfter extends AbstractLoginFSMExtension implements iLogoutExte
 
 	protected function OnConnected(&$iErrorCode)
 	{
-		unset($_SESSION['login_temp_auth_user']);
+		Session::Unset('login_temp_auth_user');
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
@@ -118,11 +120,11 @@ class LoginDefaultAfter extends AbstractLoginFSMExtension implements iLogoutExte
 	private static function ResetLoginSession()
 	{
 		LoginWebPage::ResetSession();
-		foreach (array_keys($_SESSION) as $sKey)
+		foreach (Session::ListVariables() as $sKey)
 		{
 			if (utils::StartsWith($sKey, 'login_'))
 			{
-				unset($_SESSION[$sKey]);
+				Session::Unset($sKey);
 			}
 		}
 	}

application/loginexternal.class.inc.php

@@ -1,5 +1,7 @@
 <?php
 
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Class LoginExternal
  *
@@ -22,12 +24,12 @@ class LoginExternal extends AbstractLoginFSMExtension
 
 	protected function OnModeDetection(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']))
+		if (!Session::IsSet('login_mode'))
 		{
 			$sAuthUser = $this->GetAuthUser();
 			if ($sAuthUser && (strlen($sAuthUser) > 0))
 			{
-				$_SESSION['login_mode'] = 'external';
+				Session::Set('login_mode', 'external');
 			}
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -35,33 +37,34 @@ class LoginExternal extends AbstractLoginFSMExtension
 
 	protected function OnCheckCredentials(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'external')
+		if (Session::Get('login_mode') == 'external')
 		{
 			$sAuthUser = $this->GetAuthUser();
-			if (!UserRights::CheckCredentials($sAuthUser, '', $_SESSION['login_mode'], 'external'))
+			if (!UserRights::CheckCredentials($sAuthUser, '', Session::Get('login_mode'), 'external'))
 			{
+				$_SESSION['auth_user'] = $sAuthUser;
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnCredentialsOK(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'external')
+		if (Session::Get('login_mode') == 'external')
 		{
-			$sAuthUser = $this->GetAuthUser();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']);
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'external', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnConnected(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'external')
+		if (Session::Get('login_mode') == 'external')
 		{
-			$_SESSION['can_logoff'] = false;
+			Session::Set('can_logoff', false);
 			return LoginWebPage::CheckLoggedUser($iErrorCode);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -69,7 +72,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 
 	protected function OnError(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'external')
+		if (Session::Get('login_mode') == 'external')
 		{
 			LoginWebPage::HTTP401Error();
 		}
@@ -86,4 +89,4 @@ class LoginExternal extends AbstractLoginFSMExtension
 		/** @var string $sAuthUser */
 		return $sAuthUser; // Retrieve the value
 	}
-}
+}

application/loginform.class.inc.php

@@ -5,6 +5,8 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Class LoginForm
  *
@@ -29,8 +31,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	 */
 	protected function OnReadCredentials(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']) || ($_SESSION['login_mode'] == 'form'))
-		{
+		if (!Session::IsSet('login_mode') || Session::Get('login_mode') == 'form') {
 			$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
 			$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
 			if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd))
@@ -50,9 +51,8 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 				$this->bForceFormOnError = false;
 				exit;
 			}
-
-			$_SESSION['login_temp_auth_user'] =  $sAuthUser;
-			$_SESSION['login_mode'] = 'form';
+			Session::Set('login_temp_auth_user', $sAuthUser);
+			Session::Set('login_mode', 'form');
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -62,15 +62,17 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	 */
 	protected function OnCheckCredentials(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'form')
+		if (Session::Get('login_mode') == 'form')
 		{
 			$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
 			$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
-			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $_SESSION['login_mode'], 'internal'))
+			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
 			{
+				$_SESSION['auth_user'] = $sAuthUser;
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -80,19 +82,10 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	 */
 	protected function OnCredentialsOK(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'form')
+		if (Session::Get('login_mode') == 'form')
 		{
-			if (isset($_SESSION['auth_user']))
-			{
-				// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
-				$sAuthUser = $_SESSION['auth_user'];
-			}
-			else
-			{
-				$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
-			}
 			// Store 'auth_user' in session for further use
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']);
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -102,7 +95,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	 */
 	protected function OnError(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'form')
+		if (Session::Get('login_mode') == 'form')
 		{
 			$this->bForceFormOnError = true;
 		}
@@ -114,9 +107,9 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	 */
 	protected function OnConnected(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'form')
+		if (Session::Get('login_mode') == 'form')
 		{
-			$_SESSION['can_logoff'] = true;
+			Session::Set('can_logoff', true);
 			return LoginWebPage::CheckLoggedUser($iErrorCode);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;

application/logintwig.class.inc.php

@@ -7,7 +7,11 @@
  */
 
 
-use Combodo\iTop\TwigExtension;
+use Combodo\iTop\Application\Branding;
+use Combodo\iTop\Application\TwigBase\Twig\Extension;
+use Twig\Environment;
+use Twig\Loader\ChainLoader;
+use Twig\Loader\FilesystemLoader;
 
 /**
  * Twig context for modules extending the login screen
@@ -216,14 +220,14 @@ class LoginTwigRenderer
 			$sTwigLoaderPath = $oLoginContext->GetTwigLoaderPath();
 			if ($sTwigLoaderPath != null)
 			{
-				$oExtensionLoader = new Twig_Loader_Filesystem();
+				$oExtensionLoader = new FilesystemLoader();
 				$oExtensionLoader->setPaths($sTwigLoaderPath);
 				$aTwigLoaders[] = $oExtensionLoader;
 			}
 			$this->aPostedVars = array_merge($this->aPostedVars, $oLoginContext->GetPostedVars());
 		}
 
-		$oCoreLoader = new Twig_Loader_Filesystem(array(), APPROOT.'templates');
+		$oCoreLoader = new FilesystemLoader(array(), APPROOT.'templates');
 		$aCoreTemplatesPaths = array('pages/login', 'pages/login/password');
 		// Having this path declared after the plugins let the plugins replace the core templates
 		$oCoreLoader->setPaths($aCoreTemplatesPaths);
@@ -231,23 +235,16 @@ class LoginTwigRenderer
 		$oCoreLoader->setPaths($aCoreTemplatesPaths, 'ItopCore');
 		$aTwigLoaders[] = $oCoreLoader;
 
-		$oLoader = new Twig_Loader_Chain($aTwigLoaders);
-		$this->oTwig = new Twig_Environment($oLoader);
-		TwigExtension::RegisterTwigExtensions($this->oTwig);
+		$oLoader = new ChainLoader($aTwigLoaders);
+		$this->oTwig = new Environment($oLoader);
+		Extension::RegisterTwigExtensions($this->oTwig);
 	}
 
 	public function GetDefaultVars()
 	{
-		$sLogo = 'itop-logo-external.png';
-		$sBrandingLogo = 'login-logo.png';
-
 		$sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_APPLICATION, ITOP_VERSION);
 		$sIconUrl = Utils::GetConfig()->Get('app_icon_url');
-		$sDisplayIcon = utils::GetAbsoluteUrlAppRoot().'images/'.$sLogo.'?t='.utils::GetCacheBusterTimestamp();
-		if (file_exists(MODULESROOT.'branding/'.$sBrandingLogo))
-		{
-			$sDisplayIcon = utils::GetAbsoluteUrlModulesRoot().'branding/'.$sBrandingLogo.'?t='.utils::GetCacheBusterTimestamp();
-		}
+		$sDisplayIcon = Branding::GetLoginLogoAbsoluteUrl();
 
 		$aVars = array(
 			'sAppRootUrl' => utils::GetAbsoluteUrlAppRoot(),
@@ -312,7 +309,7 @@ class LoginTwigRenderer
 	}
 
 	/**
-	 * @return \Twig_Environment
+	 * @return \Twig\Environment
 	 */
 	public function GetTwig()
 	{

application/loginurl.class.inc.php

@@ -1,5 +1,7 @@
 <?php
 
+use Combodo\iTop\Application\Helper\Session;
+
 /**
  * Class LoginURL
  *
@@ -26,13 +28,13 @@ class LoginURL extends AbstractLoginFSMExtension
 
 	protected function OnModeDetection(&$iErrorCode)
 	{
-		if (!isset($_SESSION['login_mode']) && !$this->bErrorOccurred)
+		if (!Session::IsSet('login_mode') && !$this->bErrorOccurred)
 		{
 			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
 			$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
 			if (!empty($sAuthUser) && !empty($sAuthPwd))
 			{
-				$_SESSION['login_mode'] = 'url';
+				Session::Set('login_mode', 'url');
 			}
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
@@ -40,41 +42,42 @@ class LoginURL extends AbstractLoginFSMExtension
 
 	protected function OnReadCredentials(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'url')
+		if (Session::Get('login_mode') == 'url')
 		{
-			$_SESSION['login_temp_auth_user'] =  utils::ReadParam('auth_user', '', false, 'raw_data');
+			Session::Set('login_temp_auth_user', utils::ReadParam('auth_user', '', false, 'raw_data'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnCheckCredentials(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'url')
+		if (Session::Get('login_mode') == 'url')
 		{
 			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
 			$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
-			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, $_SESSION['login_mode'], 'internal'))
+			if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
 			{
+				$_SESSION['auth_user'] = $sAuthUser;
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnCredentialsOK(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'url')
+		if (Session::Get('login_mode') == 'url')
 		{
-			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']);
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 
 	protected function OnError(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'url')
+		if (Session::Get('login_mode') == 'url')
 		{
 			$this->bErrorOccurred = true;
 		}
@@ -83,11 +86,11 @@ class LoginURL extends AbstractLoginFSMExtension
 
 	protected function OnConnected(&$iErrorCode)
 	{
-		if ($_SESSION['login_mode'] == 'url')
+		if (Session::Get('login_mode') == 'url')
 		{
-			$_SESSION['can_logoff'] = true;
+			Session::Set('can_logoff', true);
 			return LoginWebPage::CheckLoggedUser($iErrorCode);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
-}
+}

application/loginwebpage.class.inc.php

@@ -24,6 +24,11 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Branding;
+use Combodo\iTop\Application\Helper\Session;
+use Combodo\iTop\Service\EventData;
+use Combodo\iTop\Service\EventService;
+
 /**
  * Web page used for displaying the login form
  */
@@ -109,7 +114,7 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function SynchronizeProfiles(&$oUser, array $aProfiles, $sOrigin)
 	{
-		$oProfilesSet = $oUser->Get(‘profile_list’);
+		$oProfilesSet = $oUser->Get('profile_list');
 		//delete old profiles
 		$aExistingProfiles = [];
 		while ($oProfile = $oProfilesSet->Fetch())
@@ -128,10 +133,6 @@ class LoginWebPage extends NiceWebPage
 		//add profiles not already linked with user
 		foreach ($aProfiles as $iProfileId)
 		{
-			$oLink = new URP_UserProfile();
-			$oLink->Set('profileid', $iProfileId);
-			$oLink->Set('reason', $sOrigin);
-
 			$oProfilesSet->AddItem(MetaModel::NewObject('URP_UserProfile', array('profileid' => $iProfileId, 'reason' => $sOrigin)));
 		}
 		$oUser->Set('profile_list', $oProfilesSet);
@@ -139,16 +140,9 @@ class LoginWebPage extends NiceWebPage
 
 	public function DisplayLoginHeader($bMainAppLogo = false)
 	{
-		$sLogo = 'itop-logo-external.png';
-		$sBrandingLogo = 'login-logo.png';
-
 		$sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_APPLICATION, ITOP_VERSION);
 		$sIconUrl = Utils::GetConfig()->Get('app_icon_url');
-		$sDisplayIcon = utils::GetAbsoluteUrlAppRoot().'images/'.$sLogo.'?t='.utils::GetCacheBusterTimestamp();
-		if (file_exists(MODULESROOT.'branding/'.$sBrandingLogo))
-		{
-			$sDisplayIcon = utils::GetAbsoluteUrlModulesRoot().'branding/'.$sBrandingLogo.'?t='.utils::GetCacheBusterTimestamp();
-		}
+		$sDisplayIcon = Branding::GetLoginLogoAbsoluteUrl();
 		$this->add("<div id=\"login-logo\"><a href=\"".htmlentities($sIconUrl, ENT_QUOTES,
 				self::PAGES_CHARSET)."\"><img title=\"$sVersionShort\" src=\"$sDisplayIcon\"></a></div>\n");
 	}
@@ -245,7 +239,7 @@ class LoginWebPage extends NiceWebPage
 				}
 
 				// This token allows the user to change the password without knowing the previous one
-				$sToken = substr(md5(APPROOT.uniqid()), 0, 16);
+				$sToken = bin2hex(random_bytes(32));
 				$oUser->Set('reset_pwd_token', $sToken);
 				CMDBObject::SetTrackInfo('Reset password');
 				$oUser->AllowWrite(true);
@@ -392,11 +386,11 @@ class LoginWebPage extends NiceWebPage
 	public static function ResetSession()
 	{
 		// Unset all of the session variables.
-		unset($_SESSION['auth_user']);
-		unset($_SESSION['login_state']);
-		unset($_SESSION['can_logoff']);
-		unset($_SESSION['archive_mode']);
-		unset($_SESSION['impersonate_user']);
+		Session::Unset('auth_user');
+		Session::Unset('login_state');
+		Session::Unset('can_logoff');
+		Session::Unset('archive_mode');
+		Session::Unset('impersonate_user');
 		UserRights::_ResetSessionCache();
 		// If it's desired to kill the session, also delete the session cookie.
 		// Note: This will destroy the session, and not just the session data!
@@ -442,11 +436,11 @@ class LoginWebPage extends NiceWebPage
 		}
 		$bLoginDebug = MetaModel::GetConfig()->Get('login_debug');
 
-		if (!isset($_SESSION['login_state']) || ($_SESSION['login_state'] == self::LOGIN_STATE_ERROR))
+		if (Session::Get('login_state') == self::LOGIN_STATE_ERROR)
 		{
-			$_SESSION['login_state'] = self::LOGIN_STATE_START;
+			Session::Set('login_state', self::LOGIN_STATE_START);
 		}
-		$sLoginState = $_SESSION['login_state'];
+		$sLoginState = Session::Get('login_state');
 
 		$sSessionLog = '';
 		if ($bLoginDebug)
@@ -487,10 +481,13 @@ class LoginWebPage extends NiceWebPage
 					$iResponse = $oLoginFSMExtensionInstance->LoginAction($sLoginState, $iErrorCode);
 					if ($iResponse == self::LOGIN_FSM_RETURN)
 					{
+						EventService::FireEvent(new EventData(EVENT_SERVICE_LOGIN, null, ['code' => $iErrorCode, 'state' => $sLoginState]));
+						Session::WriteClose();
 						return $iErrorCode; // Asked to exit FSM, generally login OK
 					}
 					if ($iResponse == self::LOGIN_FSM_ERROR)
 					{
+						EventService::FireEvent(new EventData(EVENT_SERVICE_LOGIN, null, ['code' => $iErrorCode, 'state' => $sLoginState]));
 						$sLoginState = self::LOGIN_STATE_SET_ERROR; // Next state will be error
 						// An error was detected, skip the other plugins turn
 						break;
@@ -500,10 +497,11 @@ class LoginWebPage extends NiceWebPage
 
 				// Every plugin has nothing else to do in this state, go forward
 				$sLoginState = self::AdvanceLoginFSMState($sLoginState);
-				$_SESSION['login_state'] = $sLoginState;
+				Session::Set('login_state', $sLoginState);
 			}
 			catch (Exception $e)
 			{
+				EventService::FireEvent(new EventData(EVENT_SERVICE_LOGIN, null, ['state' => $_SESSION['login_state']]));
 				IssueLog::Error($e->getTraceAsString());
 				static::ResetSession();
 				die($e->getMessage());
@@ -526,7 +524,7 @@ class LoginWebPage extends NiceWebPage
 
 		if ($bFilterWithMode)
 		{
-			$sCurrentLoginMode = isset($_SESSION['login_mode']) ? $_SESSION['login_mode'] : '';
+			$sCurrentLoginMode = Session::Get('login_mode', '');
 		}
 		else
 		{
@@ -665,8 +663,8 @@ class LoginWebPage extends NiceWebPage
 			$oLog->DBInsertNoReload();
 		}
 
-		$_SESSION['auth_user'] = $sAuthUser;
-		$_SESSION['login_mode'] = $sLoginMode;
+		Session::Set('auth_user', $sAuthUser);
+		Session::Set('login_mode', $sLoginMode);
 		UserRights::_InitSessionCache();
 	}
 
@@ -681,10 +679,10 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function CheckLoggedUser(&$iErrorCode)
 	{
-		if (isset($_SESSION['auth_user']))
+		if (Session::IsSet('auth_user'))
 		{
 			// Already authenticated
-			$bRet = UserRights::Login($_SESSION['auth_user']); // Login & set the user's language
+			$bRet = UserRights::Login(Session::Get('auth_user')); // Login & set the user's language
 			if ($bRet)
 			{
 				$iErrorCode = self::EXIT_CODE_OK;
@@ -712,11 +710,11 @@ class LoginWebPage extends NiceWebPage
 
 	public static function SetLoginModeAndReload($sNewLoginMode)
 	{
-		if (isset($_SESSION['login_mode']) && ($_SESSION['login_mode'] == $sNewLoginMode))
+		if (Session::Get('login_mode') == $sNewLoginMode)
 		{
 			return;
 		}
-		$_SESSION['login_mode'] = $sNewLoginMode;
+		Session::Set('login_mode', $sNewLoginMode);
 		self::HTTPReload();
 	}
 
@@ -829,9 +827,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);
 
@@ -883,9 +881,9 @@ class LoginWebPage extends NiceWebPage
 		{
 			CMDBObject::SetTrackOrigin('custom-extension');
 			$sInfo = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sInfo .= " ({$_SESSION['login_mode']})";
+				$sInfo .= " (".Session::Get('login_mode').")";
 			}
 			CMDBObject::SetTrackInfo($sInfo);
 
@@ -924,9 +922,9 @@ class LoginWebPage extends NiceWebPage
 
 			// Now synchronize the profiles
 			$sOrigin = 'External User provisioning';
-			if (isset($_SESSION['login_mode']))
+			if (Session::IsSet('login_mode'))
 			{
-				$sOrigin .= " ({$_SESSION['login_mode']})";
+				$sOrigin .= " (".Session::Get('login_mode').")";
 			}
 			$aExistingProfiles = self::SynchronizeProfiles($oUser, $aProfiles, $sOrigin);
 			if ($oUser->IsModified())
@@ -1011,7 +1009,6 @@ class LoginWebPage extends NiceWebPage
 		$sMessage = self::HandleOperations($operation); // May exit directly
 	
 		$iRet = self::Login($iOnExit);
-	
 		if ($iRet == self::EXIT_CODE_OK)
 		{
 			if ($bMustBeAdmin && !UserRights::IsAdministrator())
@@ -1091,11 +1088,11 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
-				$sIssue = $_SESSION['pwd_issue'] ?? null;
-				unset($_SESSION['pwd_issue']);
+				$sAuthUser = Session::Get('auth_user');
+				$sIssue = Session::Get('pwd_issue');
+				Session::Unset('pwd_issue');
 				$bFailedLogin = ($sIssue != null); // Force the "failed login" flag to display the "issue" message
 
 				UserRights::Login($sAuthUser); // Set the user's language
@@ -1107,7 +1104,7 @@ class LoginWebPage extends NiceWebPage
 		}
 		else if ($operation == 'check_pwd_policy')
 		{
-			$sAuthUser = $_SESSION['auth_user'];
+			$sAuthUser = Session::Get('auth_user');
 			UserRights::Login($sAuthUser); // Set the user's language
 
 			$aPwdMap = array();
@@ -1125,9 +1122,9 @@ class LoginWebPage extends NiceWebPage
 		}
 		if ($operation == 'do_change_pwd')
 		{
-			if (isset($_SESSION['auth_user']))
+			if (Session::IsSet('auth_user'))
 			{
-				$sAuthUser = $_SESSION['auth_user'];
+				$sAuthUser = Session::Get('auth_user');
 				UserRights::Login($sAuthUser); // Set the user's language
 				$sOldPwd = utils::ReadPostedParam('old_pwd', '', 'raw_data');
 				$sNewPwd = utils::ReadPostedParam('new_pwd', '', 'raw_data');

application/maintenancemsg.php

@@ -77,17 +77,28 @@ function _MaintenanceHtmlMessage($sMessage)
  */
 function _MaintenanceJsonMessage($sTitle, $sMessage)
 {
-	@include_once(APPROOT."/application/ajaxwebpage.class.inc.php");
-	if (class_exists('ajax_page'))
+	if (class_exists('JsonPage'))
 	{
-		$oP = new ajax_page($sTitle);
+		$oP = new JsonPage($sTitle);
 		$oP->add_header('Access-Control-Allow-Origin: *');
-		$oP->SetContentType('application/json');
-		$oP->add('{"code":100, "message":"'.$sMessage.'"}');
+
+		$aMessage = [
+			'code' => 100,
+			'message' =>$sMessage
+		];
+
+		$oP->AddData($aMessage);
 		$oP->Output();
-	}
-	else
-	{
-		_MaintenanceTextMessage($sMessage);
+	} else {
+		@include_once(APPROOT."/application/ajaxwebpage.class.inc.php");
+		if (class_exists('ajax_page')) {
+			$oP = new ajax_page($sTitle);
+			$oP->add_header('Access-Control-Allow-Origin: *');
+			$oP->SetContentType('application/json');
+			$oP->add('{"code":100, "message":"'.$sMessage.'"}');
+			$oP->Output();
+		} else {
+			_MaintenanceTextMessage($sMessage);
+		}
 	}
 }

application/menunode.class.inc.php

@@ -4,7 +4,7 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
-use Combodo\iTop\Application\UI\Base\Component\Title\TitleUIBlockFactory;
+use Combodo\iTop\Application\Helper\WebResourcesHelper;
 
 require_once(APPROOT.'/application/utils.inc.php');
 require_once(APPROOT.'/application/template.class.inc.php');
@@ -58,6 +58,10 @@ class ApplicationMenu
 	 * @var array
 	 */
 	static $aMenusIndex = array();
+	/**
+	 * @var array
+	 */
+	static $aMenusById = [];
 	/**
 	 * @var string
 	 */
@@ -166,6 +170,7 @@ class ApplicationMenu
 			$aBacktrace = debug_backtrace();
 			$sFile = isset($aBacktrace[2]["file"]) ? $aBacktrace[2]["file"] : $aBacktrace[1]["file"];
 			self::$aMenusIndex[$index] = array('node' => $oMenuNode, 'children' => array(), 'parent' => $sParentId, 'rank' => $fRank, 'source_file' => $sFile);
+			self::$aMenusById[$oMenuNode->GetMenuId()] = $index;
 		}
 		else
 		{
@@ -260,6 +265,14 @@ class ApplicationMenu
 			/** @var \MenuGroup $oMenuNode */
 			$oMenuNode = static::GetMenuNode($sMenuGroupIdx);
 
+			if (!($oMenuNode instanceof MenuGroup)) {
+				IssueLog::Error('Menu node was not displayed as a menu group as it is actually not a menu group', LogChannels::CONSOLE, [
+					'menu_node_class' => get_class($oMenuNode),
+					'menu_node_label' => $oMenuNode->GetLabel(),
+				]);
+				continue;
+			}
+
 			$aMenuGroups[] = [
 				'sId' => $oMenuNode->GetMenuID(),
 				'sIconCssClasses' => $oMenuNode->GetDecorationClasses(),
@@ -506,17 +519,11 @@ EOF
 	 */
 	public static function GetMenuIndexById($sTitle)
 	{
-		$index = -1;
-		/** @var MenuNode[] $aMenu */
-		foreach(self::$aMenusIndex as $aMenu)
-		{
-			if ($aMenu['node']->GetMenuId() == $sTitle)
-			{
-				$index = $aMenu['node']->GetIndex();
-				break;
-			}
+		if (isset(self::$aMenusById[$sTitle])) {
+			return self::$aMenusById[$sTitle];
 		}
-		return $index;
+
+		return -1;
 	}
 	
 	/**
@@ -654,8 +661,7 @@ abstract class MenuNode
 		$this->sMenuId = $sMenuId;
 		$this->iParentIndex = $iParentIndex;
 		$this->aReflectionProperties = array();
-		if (strlen($sEnableClass) > 0)
-		{
+		if (utils::IsNotNullOrEmptyString($sEnableClass)) {
 			$this->aReflectionProperties['enable_class'] = $sEnableClass;
 			$this->aReflectionProperties['enable_action'] = $iActionCode;
 			$this->aReflectionProperties['enable_permission'] = $iAllowedResults;
@@ -715,9 +721,10 @@ abstract class MenuNode
 	{
 		// Count the entries up to 99
 		$oSearch = DBSearch::FromOQL($sOQL);
-
+		$oSearch->SetShowObsoleteData(utils::ShowObsoleteData());
 		DBSearchHelper::AddContextFilter($oSearch);
 
+
 		$oSet = new DBObjectSet($oSearch);
 		$iCount = $oSet->CountWithLimit(99);
 		if ($iCount > 99) {
@@ -1125,13 +1132,26 @@ class OQLMenuNode extends MenuNode
 	{
 		$sUsageId = utils::GetSafeId($sUsageId);
 		$oSearch = DBObjectSearch::FromOQL($sOql);
-		//$sIcon = MetaModel::GetClassIcon($oSearch->GetClass(), false);
-
+		$sClass= 	$oSearch->GetClass();
+		$sIcon = MetaModel::GetClassIcon($sClass, false);
 		if ($bSearchPane) {
-			$aParams = array_merge(['open' => $bSearchOpen, 'table_id' => $sUsageId, 'submit_on_load' => true], $aExtraParams);
+			$aParams = array_merge(['open' => $bSearchOpen, 'table_id' => $sUsageId, 'submit_on_load' => false], $aExtraParams);
 			$oBlock = new DisplayBlock($oSearch, 'search', false /* Asynchronous */, $aParams);
 			$oBlock->Display($oPage, 0);
+			$oPage->add("<div class='sf_results_area ibo-add-margin-top-250' data-target='search_results'>");
 		}
+		else {
+			$oPage->add("<div class='sf_results_area' data-target='search_results'>");
+		}
+		$aExtraParams['panel_class'] =$sClass;
+		$aExtraParams['panel_title'] = $sTitle;
+		$aExtraParams['panel_icon'] = $sIcon;
+
+		$aParams = array_merge(array('table_id' => $sUsageId), $aExtraParams);
+		$oBlock = new DisplayBlock($oSearch, 'list', false /* Asynchronous */, $aParams);
+		$oBlock->Display($oPage, $sUsageId);
+
+		$oPage->add("</div>");
 
 		if ($bEnableBreadcrumb && ($oPage instanceof iTopWebPage)) {
 			// Breadcrumb
@@ -1405,6 +1425,8 @@ class DashboardMenuNode extends MenuNode
 		$oDashboard = $this->GetDashboard();
 		if ($oDashboard != null)
 		{
+			WebResourcesHelper::EnableC3JSToWebPage($oPage);
+
 			$sDivId = utils::Sanitize($this->sMenuId, '', 'element_identifier');
 			$oPage->add('<div id="'.$sDivId.'" class="ibo-dashboard" data-role="ibo-dashboard">');
 			$aExtraParams['dashboard_div_id'] = $sDivId;

application/nicewebpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/NiceWebPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/NiceWebPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/NiceWebPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/NiceWebPage.php, now loadable using autoloader');

application/pdfpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/PDFPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/PDFPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/PDFPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/PDFPage.php, now loadable using autoloader');

application/query.class.inc.php

@@ -18,8 +18,7 @@
  */
 
 use Combodo\iTop\Application\UI\Base\Component\Alert\AlertUIBlockFactory;
-use Combodo\iTop\Application\UI\Base\Component\Field\Field;
-use Combodo\iTop\Application\UI\Base\Component\Field\FieldUIBlockFactory;
+use Combodo\iTop\Application\UI\Base\Component\FieldSet\FieldSetUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
 use Combodo\iTop\Application\UI\Base\Component\Input\TextArea;
 
@@ -51,6 +50,7 @@ abstract class Query extends cmdbAbstractObject
 			"is_null_allowed" => false,
 			"depends_on" => array(),
 		)));
+
 		MetaModel::Init_AddAttribute(new AttributeText("description", array(
 			"allowed_values" => null,
 			"sql" => "description",
@@ -68,6 +68,41 @@ abstract class Query extends cmdbAbstractObject
 			'display_style' => 'radio_horizontal',
 		)));
 
+		MetaModel::Init_AddAttribute(new AttributeInteger("export_count", array(
+			"allowed_values" => null,
+			"sql" => "export_count",
+			"default_value" => 0,
+			"is_null_allowed" => false,
+			"depends_on" => array(),
+		)));
+
+		MetaModel::Init_AddAttribute(new AttributeDateTime("export_last_date", array(
+			"allowed_values" => null,
+			"sql" => "export_last_date",
+			"default_value" => null,
+			"is_null_allowed" => true,
+			"depends_on" => array(),
+		)));
+
+		MetaModel::Init_AddAttribute(new AttributeExternalKey("export_last_user_id",
+			array(
+				"targetclass"=>'User',
+				"allowed_values"=>null,
+				"sql"=>'user_id',
+				"is_null_allowed"=>true,
+				"depends_on"=>array(),
+				"display_style"=>'select',
+				"always_load_in_tables"=>false,
+				"on_target_delete"=>DEL_SILENT
+			)));
+
+		MetaModel::Init_AddAttribute(new AttributeExternalField("export_last_user_contact",
+			array(
+				"allowed_values"=>null,
+				"extkey_attcode"=> "export_last_user_id",
+				"target_attcode"=>"contactid"
+			)));
+
 		// Display lists
 		MetaModel::Init_SetZListItems('details',
 			array('name', 'is_template', 'description')); // Attributes to be displayed for the complete details
@@ -78,6 +113,54 @@ abstract class Query extends cmdbAbstractObject
 			array('name', 'description', 'is_template')); // Criteria of the default search form
 		// MetaModel::Init_SetZListItems('advanced_search', array('name')); // Criteria of the advanced search form
 	}
+
+
+	/**
+	 * @inheritdoc
+	 *
+	 * @since 3.1.0
+	 */
+	public function GetAttributeFlags($sAttCode, &$aReasons = array(), $sTargetState = '')
+	{
+		// read only attribute
+		if (in_array($sAttCode, ['export_count', 'export_last_date', 'export_last_user_id'])){
+			return OPT_ATT_READONLY;
+		}
+
+		return parent::GetAttributeFlags($sAttCode, $aReasons, $sTargetState);
+	}
+
+
+	/**
+	 * Return export url.
+	 *
+	 * @param array|null $aValues optional values for the query
+	 *
+	 * @return string|null
+	 * @since 3.1.0
+	 */
+	abstract public function GetExportUrl(array $aValues = null) : ?string;
+
+	/**
+	 * Update last export information.
+	 *
+	 * @return void
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \CoreUnexpectedValue
+	 * @throws \MySQLException
+	 * @since 3.1.0
+	 */
+	public function UpdateLastExportInformation() : void
+	{
+		// last export information
+		$this->Set('export_last_date', date(AttributeDateTime::GetSQLFormat()));
+		$this->Set('export_last_user_id', UserRights::GetUserObject());
+		$this->DBUpdate();
+
+		// increment usage counter
+		$this->DBIncrement('export_count');
+	}
 }
 
 class QueryOQL extends Query
@@ -116,17 +199,55 @@ class QueryOQL extends Query
 
 		// Display lists
 		MetaModel::Init_SetZListItems('details',
-			array('name', 'is_template', 'description', 'oql', 'fields')); // Attributes to be displayed for the complete details
+			array(
+				'col:col1' => array('fieldset:Query:baseinfo' => array('name', 'is_template', 'description', 'oql', 'fields')),
+				'col:col2' => array('fieldset:Query:exportInfo' => array('export_count', 'export_last_date', 'export_last_user_id', 'export_last_user_contact'))
+			)
+		); // Attributes to be displayed for the complete details
 		MetaModel::Init_SetZListItems('list', array('description')); // Attributes to be displayed for a list
 		// Search criteria
 		MetaModel::Init_SetZListItems('standard_search',
 			array('name', 'description', 'is_template', 'fields', 'oql')); // Criteria of the std search form
 	}
 
+	/** @inheritdoc */
+	public function GetExportUrl(array $aValues = null) : ?string
+	{
+		try{
+			// retrieve attributes
+			$sFields = trim($this->Get('fields'));
+			$sOql = $this->Get('oql');
+
+			// construct base url depending on version
+			$bExportV1Recommended = ($sFields == '');
+			if ($bExportV1Recommended) {
+				$sUrl = utils::GetAbsoluteUrlAppRoot().'webservices/export.php?format=spreadsheet&login_mode=basic&query='.$this->GetKey();
+			}
+			else{
+				$sUrl = utils::GetAbsoluteUrlAppRoot().'webservices/export-v2.php?format=spreadsheet&login_mode=basic&date_format='.urlencode((string)AttributeDateTime::GetFormat()).'&query='.$this->GetKey();
+			}
+
+			// search object from OQL
+			$oSearch = DBObjectSearch::FromOQL($sOql);
+
+			// inject parameters
+			$aParameters = $oSearch->GetQueryParams();
+			foreach ($aParameters as $sParam => $val) {
+				$paramValue = ($aValues === null || $aValues[$sParam] === null) ? $sParam : $aValues[$sParam];
+				$sUrl .= '&arg_' . $sParam . '=' . $paramValue;
+			}
+
+			return $sUrl;
+		}
+		catch(Exception $e){
+			return null;
+		}
+	}
+
 	function DisplayBareProperties(WebPage $oPage, $bEditMode = false, $sPrefix = '', $aExtraParams = array())
 	{
 		$aFieldsMap = parent::DisplayBareProperties($oPage, $bEditMode, $sPrefix, $aExtraParams);
-		$oPage->add_script("$('[name=\"attr_oql\"]').addClass('ibo-queryoql'); $('[data-attribute-code=\"oql\"]').addClass('ibo-queryoql');");
+		$oPage->add_script("$('[name=\"attr_oql\"]').addClass('ibo-query-oql ibo-is-code'); $('[data-attribute-code=\"oql\"]').addClass('ibo-query-oql ibo-is-code');");
 
 		if (!$bEditMode) {
 			$sFields = trim($this->Get('fields'));
@@ -152,9 +273,11 @@ class QueryOQL extends Query
 					$sUrl .= '&arg_'.$sParam.'=["'.$sParam.'"]';
 				}
 
+				// add text area inside field set
+				$oFieldSet = FieldSetUIBlockFactory::MakeStandard(Dict::S('UI:Query:UrlForExcel'));
 				$oTextArea = new TextArea("", $sUrl, null, 80, 3);
-				$oFieldUrl = FieldUIBlockFactory::MakeFromObject(Dict::S('UI:Query:UrlForExcel'), $oTextArea, Field::ENUM_FIELD_LAYOUT_LARGE);
-				$oPage->AddSubBlock($oFieldUrl);
+				$oFieldSet->AddSubBlock($oTextArea);
+				$oPage->AddSubBlock($oFieldSet);
 
 				if (count($aParameters) == 0) {
 					$oBlock = new DisplayBlock($oSearch, 'list');
@@ -178,6 +301,7 @@ class QueryOQL extends Query
 		return $aFieldsMap;
 	}
 
+
 // Rolled back until 'fields' can be properly managed by AttributeQueryAttCodeSet
 //
 //	public function ComputeValues()

application/shortcut.class.inc.php

@@ -288,7 +288,8 @@ class ShortcutOQL extends Shortcut
 		$oPage->add_ready_script(
 <<<JS
 // Note: the title gets deleted by the validation mechanism
-$("#attr_auto_reload_sec").tooltip({items: 'input', content: '$sRateTitle'});
+$("#attr_auto_reload_sec").attr('data-tooltip-content', '$sRateTitle');
+CombodoTooltip.InitTooltipFromMarkup($("#attr_auto_reload_sec"));
 $("#attr_auto_reload_sec").prop('disabled', !$('#attr_auto_reload').is(':checked'));
 
 $('#attr_auto_reload').change( function(ev) {

application/startup.inc.php

@@ -15,9 +15,12 @@
 //
 //   You should have received a copy of the GNU Affero General Public License
 //   along with iTop. If not, see <http://www.gnu.org/licenses/>
+use Combodo\iTop\Application\Helper\Session;
+
 require_once(APPROOT.'/core/cmdbobject.class.inc.php');
 require_once(APPROOT.'/application/utils.inc.php');
 require_once(APPROOT.'/core/contexttag.class.inc.php');
+require_once(APPROOT.'/core/kpi.class.inc.php');
 
 
 /**
@@ -27,6 +30,9 @@ require_once(APPROOT.'/core/contexttag.class.inc.php');
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+ExecutionKPI::EnableDuration(1);
+ExecutionKPI::EnableMemory(1);
+
 // This storage is freed on error (case of allowed memory exhausted)
 $sReservedMemory = str_repeat('*', 1024 * 1024);
 register_shutdown_function(function()
@@ -35,41 +41,38 @@ register_shutdown_function(function()
 	$sReservedMemory = null;
 	if (!is_null($err = error_get_last()) && ($err['type'] == E_ERROR))
 	{
-		// Remove stack trace from MySQLException
+		// Remove stack trace from MySQLException (since 2.7.2 see N°3174)
 		$sMessage = $err['message'];
-		if (strpos($sMessage, 'MySQLException') !== false)
-		{
+		if (strpos($sMessage, 'MySQLException') !== false) {
 			$iStackTracePos = strpos($sMessage, 'Stack trace:');
-			if ($iStackTracePos !== false)
-			{
+			if ($iStackTracePos !== false) {
 				$sMessage = substr($sMessage, 0, $iStackTracePos);
 			}
 		}
-		IssueLog::error($sMessage, null, $err);
-		if (strpos($err['message'], 'Allowed memory size of') !== false)
-		{
+		// Log additional info but message from $err (since 2.7.6 N°4174)
+		$aErrToLog = $err;
+		unset($aErrToLog['message']);
+		IssueLog::error($sMessage, null, $aErrToLog);
+		if (strpos($err['message'], 'Allowed memory size of') !== false) {
 			$sLimit = ini_get('memory_limit');
 			echo "<p>iTop: Allowed memory size of $sLimit exhausted, contact your administrator to increase 'memory_limit' in php.ini</p>\n";
-		}
-		elseif (strpos($err['message'], 'Maximum execution time') !== false)
-		{
+		} elseif (strpos($err['message'], 'Maximum execution time') !== false) {
 			$sLimit = ini_get('max_execution_time');
 			echo "<p>iTop: Maximum execution time of $sLimit exceeded, contact your administrator to increase 'max_execution_time' in php.ini</p>\n";
-		}
-		else
-		{
+		} else {
 			echo "<p>iTop: An error occurred, check server error log for more information.</p>\n";
 		}
 	}
 });
+$oKPI = new ExecutionKPI();
+Session::Start();
+$oKPI->ComputeAndReport("Session Start");
 
-session_name('itop-'.md5(APPROOT));
-session_start();
 $sSwitchEnv = utils::ReadParam('switch_env', null);
 $bAllowCache = true;
-if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE)) && isset($_SESSION['itop_env']) && ($_SESSION['itop_env'] !== $sSwitchEnv))
+if (($sSwitchEnv != null) && file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FILE) &&( Session::Get('itop_env') !== $sSwitchEnv))
 {
-	$_SESSION['itop_env'] = $sSwitchEnv;
+	Session::Set('itop_env', $sSwitchEnv);
 	$sEnv = $sSwitchEnv;
     $bAllowCache = false;
     // Reset the opcache since otherwise the PHP "model" files may still be cached !!
@@ -85,14 +88,14 @@ if (($sSwitchEnv != null) && (file_exists(APPCONF.$sSwitchEnv.'/'.ITOP_CONFIG_FI
     }
 	// TODO: reset the credentials as well ??
 }
-else if (isset($_SESSION['itop_env']))
+else if (Session::IsSet('itop_env'))
 {
-	$sEnv = $_SESSION['itop_env'];
+	$sEnv = Session::Get('itop_env');
 }
 else
 {
 	$sEnv = ITOP_DEFAULT_ENV;
-	$_SESSION['itop_env'] = ITOP_DEFAULT_ENV;
+	Session::Set('itop_env', ITOP_DEFAULT_ENV);
 }
 $sConfigFile = APPCONF.$sEnv.'/'.ITOP_CONFIG_FILE;
 MetaModel::Startup($sConfigFile, false /* $bModelOnly */, $bAllowCache, false /* $bTraceSourceFiles */, $sEnv);

application/template.class.inc.php

@@ -229,12 +229,10 @@ class DisplayTemplate
 	static public function UnitTest()
 	{
 		require_once(APPROOT.'/application/startup.inc.php');
-		require_once(APPROOT."/application/itopwebpage.class.inc.php");
 		
 		$sTemplate = '<div class="page_header">
 		<div class="actions_details"><a href="#"><span>Actions</span></a></div>
 		<h1>$class$: <span class="hilite">$name$</span></h1>
-		<itopblock blockclass="HistoryBlock" type="toggle" encoding="text/oql">SELECT CMDBChangeOp WHERE objkey = $id$ AND objclass = \'$class$\'</itopblock>
 		</div>
 		<img src="../../images/connect_to_network.png" style="margin-top:-10px; margin-right:10px; float:right">
 		<itoptabs>
@@ -353,7 +351,7 @@ class ObjectDetailsTemplate extends DisplayTemplate
 							$sTip = '';
 							foreach($aReasons as $aRow)
 							{
-								$sDescription = htmlentities($aRow['description'], ENT_QUOTES, 'UTF-8');
+								$sDescription = utils::EscapeHtml($aRow['description']);
 								$sDescription = str_replace(array("\r\n", "\n"), "<br/>", $sDescription);
 								$sTip .= "<div class='synchro-source'>";
 								$sTip .= "<div class='synchro-source-title'>Synchronized with {$aRow['name']}</div>";
@@ -361,10 +359,10 @@ class ObjectDetailsTemplate extends DisplayTemplate
 							}
 							$oPage->add_ready_script("$('#synchro_$iInputId').qtip( { content: '$sTip', show: 'mouseover', hide: 'mouseout', style: { name: 'dark', tip: 'leftTop' }, position: { corner: { target: 'rightMiddle', tooltip: 'leftTop' }} } );");
 						}
-	
+
 						// Attribute is read-only
 						$sHTMLValue = "<span id=\"field_{$iInputId}\">".$this->m_oObj->GetAsHTML($sAttCode);
-						$sHTMLValue .= '<input type="hidden" id="'.$iInputId.'" name="attr_'.$sAttCode.'" value="'.htmlentities($this->m_oObj->Get($sAttCode), ENT_QUOTES, 'UTF-8').'"/></span>';
+						$sHTMLValue .= '<input type="hidden" id="'.$iInputId.'" name="attr_'.$sAttCode.'" value="'.utils::EscapeHtml($this->m_oObj->Get($sAttCode)).'"/></span>';
 						$aFieldsMap[$sAttCode] = $iInputId;
 						$aParams['this->comments('.$sAttCode.')'] = $sSynchroIcon;
 					}

application/templates/audit_category.html

@@ -1,7 +1,6 @@
 <div class="page_header">
 	<itopblock blockclass="MenuBlock" type="popup" encoding="text/oql" label="Actions">SELECT $class$ WHERE id = $id$</itopblock>
 	<h1>$class$: <span class="hilite">$name$</span></h1>
-	<itopblock blockclass="HistoryBlock" type="toggle" encoding="text/oql">SELECT CMDBChangeOp WHERE objkey = $id$ AND objclass = '$class$'</itopblock>
 </div>
 <img src="../../images/clean.png" style="margin-top:-20px; margin-right:10px; float:right">
 <itopblock blockclass="DisplayBlock" asynchronous="false" type="bare_details" encoding="text/oql">SELECT $class$ WHERE id = $id$</itopblock>

application/themehandler.class.inc.php

@@ -906,7 +906,8 @@ CSS;
 
 		foreach($aImportsPaths as $sPath)
 		{
-			$sFilePath = $sPath.'/'.$sFileURI;
+			$sAlterableFileURI = $sFileURI;
+			$sFilePath = $sPath.'/'.$sAlterableFileURI;
 			$sImportedFile = realpath($sFilePath);
 			if ($sImportedFile === false){
 				// Handle shortcut syntax : @import "typo" ;
@@ -914,7 +915,7 @@ CSS;
 				$sFilePath2 = "$sFilePath.scss";
 				$sImportedFile = realpath($sFilePath2);
 				if ($sImportedFile){
-					self::FindStylesheetFile("$sFileURI.scss", [ $sPath ], $oFindStylesheetObject, $bImports);
+					self::FindStylesheetFile("$sAlterableFileURI.scss", [ $sPath ], $oFindStylesheetObject, $bImports);
 					$sImportedFile = false;
 				}
 			}
@@ -924,7 +925,7 @@ CSS;
 				// file matched: _typo.scss
 				$sShortCut = substr($sFilePath, strrpos($sFilePath, '/') + 1);
 				$sFilePath = static::ReplaceLastOccurrence($sShortCut, "_$sShortCut.scss", $sFilePath);
-				$sFileURI = static::ReplaceLastOccurrence($sShortCut, "_$sShortCut.scss", $sFileURI);
+				$sAlterableFileURI = static::ReplaceLastOccurrence($sShortCut, "_$sShortCut.scss", $sAlterableFileURI);
 				$sImportedFile = realpath($sFilePath);
 			}
 
@@ -932,14 +933,14 @@ CSS;
 				&& (!$oFindStylesheetObject->AlreadyFetched($sImportedFile)))
 			{
 				if ($bImports){
-					$oFindStylesheetObject->AddImport($sFileURI, $sImportedFile);
+					$oFindStylesheetObject->AddImport($sAlterableFileURI, $sImportedFile);
 				}else{
-					$oFindStylesheetObject->AddStylesheet($sFileURI, $sImportedFile);
+					$oFindStylesheetObject->AddStylesheet($sAlterableFileURI, $sImportedFile);
 				}
 				$oFindStylesheetObject->UpdateLastModified($sImportedFile);
 
 				//Regexp matching on all included scss files : @import 'XXX.scss';
-				$sDirUri = dirname($sFileURI);
+				$sDirUri = dirname($sAlterableFileURI);
 				preg_match_all('/@import \s*[\"\']([^\"\']*)\s*[\"\']\s*;/', file_get_contents($sImportedFile), $aMatches);
 				if ( (is_array($aMatches)) && (count($aMatches)!==0) ){
 					foreach ($aMatches[1] as $sImportedFile){

application/themehandlerservice.class.inc.php

@@ -29,7 +29,7 @@ class ThemeHandlerService
 	{
 	}
 
-	public function CompileTheme($sThemeId, $bSetup = false, $sSetupCompilationTimestamp="", $aThemeParameters = null, $aImportsPaths = null, $sWorkingPath = null){
-		return ThemeHandler::CompileTheme($sThemeId, $bSetup, $sSetupCompilationTimestamp="", $aThemeParameters, $aImportsPaths, $sWorkingPath);
+	public function CompileTheme($sThemeId, $bSetup = false, $sSetupCompilationTimestamp = "", $aThemeParameters = null, $aImportsPaths = null, $sWorkingPath = null){
+		return ThemeHandler::CompileTheme($sThemeId, $bSetup, $sSetupCompilationTimestamp, $aThemeParameters, $aImportsPaths, $sWorkingPath);
 	}
 }

application/transaction.class.inc.php

@@ -15,6 +15,7 @@
 //
 //   You should have received a copy of the GNU Affero General Public License
 //   along with iTop. If not, see <http://www.gnu.org/licenses/>
+use Combodo\iTop\Application\Helper\Session;
 
 /**
  * This class records the pending "transactions" corresponding to forms that have not been
@@ -26,8 +27,6 @@
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
-
-
 class privUITransaction
 {
 	/**
@@ -99,9 +98,12 @@ class privUITransaction
 }
 
 /**
- * The original (and by default) mechanism for storing transaction information
- * as an array in the $_SESSION variable
+ * The original mechanism for storing transaction information as an array in the $_SESSION variable
  *
+ * Warning, since 2.6.0 the session is regenerated on each login (see PR #20) !
+ * Also, we saw some problems when using memcached as the PHP session implementation (see N°1835)
+ *
+ * @see \Combodo\iTop\Application\Helper\Session
  */
 class privUITransactionSession
 {
@@ -112,15 +114,15 @@ class privUITransactionSession
 	 */
 	public static function GetNewTransactionId()
 	{
-		if (!isset($_SESSION['transactions']))
+		if (!Session::IsSet('transactions'))
 		{
-				$_SESSION['transactions'] = array();
+			Session::Set('transactions', []);
 		}
 		// Strictly speaking, the two lines below should be grouped together
 		// by a critical section
 		// sem_acquire($rSemIdentified);
-		$id = static::GetUserPrefix() . str_replace(array('.', ' '), '', microtime()); //1 + count($_SESSION['transactions']);
-		$_SESSION['transactions'][$id] = true;
+		$id = static::GetUserPrefix() . str_replace(array('.', ' '), '', microtime());
+		Session::Set(['transactions', $id], true);
 		// sem_release($rSemIdentified);
 		
 		return (string)$id;
@@ -137,17 +139,17 @@ class privUITransactionSession
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
 		$bResult = false;
-		if (isset($_SESSION['transactions']))
+		if (Session::IsSet('transactions'))
 		{
 			// Strictly speaking, the eight lines below should be grouped together
 			// inside the same critical section as above
 			// sem_acquire($rSemIdentified);
-			if (isset($_SESSION['transactions'][$id]))
+			if (Session::IsSet(['transactions', $id]))
 			{
 				$bResult = true;
 				if ($bRemoveTransaction)
 				{
-					unset($_SESSION['transactions'][$id]);
+					Session::Unset(['transactions', $id]);
 				}
 			}
 			// sem_release($rSemIdentified);
@@ -162,14 +164,14 @@ class privUITransactionSession
 	 */
 	public static function RemoveTransaction($id)
 	{
-		if (isset($_SESSION['transactions']))
+		if (Session::IsSet('transactions'))
 		{
 			// Strictly speaking, the three lines below should be grouped together
 			// inside the same critical section as above
 			// sem_acquire($rSemIdentified);
-			if (isset($_SESSION['transactions'][$id]))
+			if (Session::IsSet(['transactions', $id]))
 			{
-				unset($_SESSION['transactions'][$id]);
+				Session::Unset(['transactions', $id]);
 			}
 			// sem_release($rSemIdentified);
 		}		
@@ -194,9 +196,35 @@ class privUITransactionSession
  */
 class privUITransactionFile
 {
+	/** @var int Value to use when no user logged */
+	const UNAUTHENTICATED_USER_ID = -666;
+
 	/**
+	 * @return int current user id, or {@see self::UNAUTHENTICATED_USER_ID} if no user logged
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 method creation
+	 */
+	private static function GetCurrentUserId()
+	{
+		$iCurrentUserId = UserRights::GetConnectedUserId();
+		if ('' === $iCurrentUserId) {
+			$iCurrentUserId = static::UNAUTHENTICATED_USER_ID;
+		}
+
+		return $iCurrentUserId;
+	}
+
+	/**
+	 * Create a new transaction id, store it in the session and return its id
+	 *
+	 * @param void
+	 *
 	 * @return int The new transaction identifier
+	 *
+	 * @throws \SecurityException
 	 * @throws \Exception
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 security hardening + throws SecurityException if no user logged
 	 */
 	public static function GetNewTransactionId()
 	{
@@ -213,24 +241,36 @@ class privUITransactionFile
 				throw new Exception('Failed to create the directory "'.APPROOT.'data/transactions". Ajust the rights on the parent directory or let an administrator create the transactions directory and give the web sever enough rights to write into it.');
 			}
 		}
+
 		if (!is_writable(APPROOT.'data/transactions'))
 		{
 			throw new Exception('The directory "'.APPROOT.'data/transactions" must be writable to the application.');
 		}
-		self::CleanupOldTransactions();
-		$id = basename(tempnam(APPROOT.'data/transactions', static::GetUserPrefix()));
-		self::Info('GetNewTransactionId: Created transaction: '.$id);
 
-		return (string)$id;
+		$iCurrentUserId = static::GetCurrentUserId();
+
+		self::CleanupOldTransactions();
+
+		$sTransactionIdFullPath = tempnam(APPROOT.'data/transactions', static::GetUserPrefix());
+		file_put_contents($sTransactionIdFullPath, $iCurrentUserId, LOCK_EX);
+
+		$sTransactionIdFileName = basename($sTransactionIdFullPath);
+		self::Info('GetNewTransactionId: Created transaction: '.$sTransactionIdFileName);
+
+		return $sTransactionIdFileName;
 	}
 
 	/**
 	 * Check whether a transaction is valid or not and (optionally) remove the valid transaction from
 	 * the session so that another call to IsTransactionValid for the same transaction id
 	 * will return false
+	 *
 	 * @param int $id Identifier of the transaction, as returned by GetNewTransactionId
 	 * @param bool $bRemoveTransaction True if the transaction must be removed
+	 *
 	 * @return bool True if the transaction is valid, false otherwise
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 security hardening
 	 */
 	public static function IsTransactionValid($id, $bRemoveTransaction = true)
 	{
@@ -244,53 +284,53 @@ class privUITransactionFile
 
 		clearstatcache(true, $sFilepath);
 		$bResult = file_exists($sFilepath);
-		if ($bResult)
+
+		if (false === $bResult) {
+			self::Info("IsTransactionValid: Transaction '$id' not found. Pending transactions:\n".implode("\n", self::GetPendingTransactions()));
+			return false;
+		}
+
+		$iCurrentUserId = static::GetCurrentUserId();
+		$sTransactionIdUserId = file_get_contents($sFilepath);
+		if ($iCurrentUserId != $sTransactionIdUserId) {
+			self::Info("IsTransactionValid: Transaction '$id' not existing for current user. Pending transactions:\n".implode("\n", self::GetPendingTransactions()));
+			return false;
+		}
+
+		if ($bRemoveTransaction)
 		{
-			if ($bRemoveTransaction)
+			$bResult = @unlink($sFilepath);
+			if (!$bResult)
 			{
-				$bResult = @unlink($sFilepath);
-				if (!$bResult)
-				{
-					self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
-				}
-				else
-				{
-					self::Info('IsTransactionValid: OK. Removed transaction: '.$id);
-				}
+				self::Error('IsTransactionValid: FAILED to remove transaction '.$id);
+			}
+			else
+			{
+				self::Info('IsTransactionValid: OK. Removed transaction: '.$id);
 			}
 		}
-		else
-		{
-			self::Info("IsTransactionValid: Transaction '$id' not found. Pending transactions for this user:\n".implode("\n", self::GetPendingTransactions()));
-		}
+
 		return $bResult;
 	}
 
 	/**
 	 * Removes the transaction specified by its id
 	 * @param int $id The Identifier (as returned by GetNewTransactionId) of the transaction to be removed.
-	 * @return void
+	 * @return bool true if the token can be removed
+	 *
+	 * @since 2.6.5 2.7.6 3.0.0 N°4289 security hardening
 	 */
 	public static function RemoveTransaction($id)
 	{
-		$bSuccess = true;
-		$sFilepath = APPROOT.'data/transactions/'.$id;
-		clearstatcache(true, $sFilepath);
-		if(!file_exists($sFilepath))
-		{
-			$bSuccess = false;
-			self::Error("RemoveTransaction: Transaction '$id' not found. Pending transactions for this user:\n".implode("\n", self::GetPendingTransactions()));
+		/** @noinspection PhpRedundantOptionalArgumentInspection */
+		$bResult = static::IsTransactionValid($id, true);
+		if (false === $bResult) {
+			self::Error("RemoveTransaction: Transaction '$id' is invalid. Pending transactions:\n"
+				.implode("\n", self::GetPendingTransactions()));
+			return false;
 		}
-		$bSuccess = @unlink($sFilepath);
-		if (!$bSuccess)
-		{
-			self::Error('RemoveTransaction: FAILED to remove transaction '.$id);
-		}
-		else
-		{
-			self::Info('RemoveTransaction: OK '.$id);
-		}
-		return $bSuccess;
+
+		return true;
 	}
 
 	/**
@@ -363,22 +403,35 @@ class privUITransactionFile
 	{
 		self::Write('Error | '.$sText);
 	}
-	
+
+	protected static function IsLogEnabled() {
+		$oConfig = MetaModel::GetConfig();
+		if (is_null($oConfig)) {
+			return false;
+		}
+
+		$bLogTransactions = $oConfig->Get('log_transactions');
+		if (true === $bLogTransactions) {
+			return true;
+		}
+
+		return false;
+	}
+
 	protected static function Write($sText)
 	{
-		$bLogEnabled = MetaModel::GetConfig()->Get('log_transactions');
-		if ($bLogEnabled)
-		{
+		if (false === static::IsLogEnabled()) {
+			return;
+		}
+
 		$hLogFile = @fopen(APPROOT.'log/transactions.log', 'a');
-		if ($hLogFile !== false)
-		{
+		if ($hLogFile !== false) {
 			flock($hLogFile, LOCK_EX);
 			$sDate = date('Y-m-d H:i:s');
 			fwrite($hLogFile, "$sDate | $sText\n");
 			fflush($hLogFile);
 			flock($hLogFile, LOCK_UN);
 			fclose($hLogFile);
-			}
 		}
 	}
 }

application/twigextension.class.inc.php

@@ -2,28 +2,39 @@
 
 namespace Combodo\iTop;
 
+use AttributeDate;
 use AttributeDateTime;
+use DeprecatedCallsLog;
 use Dict;
 use Exception;
 use MetaModel;
-use Twig_Environment;
-use Twig_SimpleFilter;
-use Twig_SimpleFunction;
+use Twig\Environment;
+use Twig\TwigFilter;
+use Twig\TwigFunction;
 use utils;
 
+DeprecatedCallsLog::NotifyDeprecatedFile('instead use sources/Application/TwigBase/Twig/Extension.php, which is loaded by the autoloader');
+
+/**
+ * Class TwigExtension
+ *
+ * @author Guillaume Lajarige <guillaume.lajarige@combodo.com>
+ * @package Combodo\iTop
+ * @deprecated 3.1.0 N°4034
+ */
 class TwigExtension
 {
 	/**
 	 * Registers Twig extensions such as filters or functions.
 	 * It allows us to access some stuff directly in twig.
 	 *
-	 * @param \Twig_Environment $oTwigEnv
+	 * @param Environment $oTwigEnv
 	 */
-	public static function RegisterTwigExtensions(Twig_Environment &$oTwigEnv)
+	public static function RegisterTwigExtensions(Environment &$oTwigEnv)
 	{
 		// Filter to translate a string via the Dict::S function
 		// Usage in twig: {{ 'String:ToTranslate'|dict_s }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('dict_s',
+		$oTwigEnv->addFilter(new TwigFilter('dict_s',
 				function ($sStringCode, $sDefault = null, $bUserLanguageOnly = false) {
 					return Dict::S($sStringCode, $sDefault, $bUserLanguageOnly);
 				})
@@ -31,7 +42,7 @@ class TwigExtension
 
 		// Filter to format a string via the Dict::Format function
 		// Usage in twig: {{ 'String:ToTranslate'|dict_format() }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('dict_format',
+		$oTwigEnv->addFilter(new TwigFilter('dict_format',
 				function ($sStringCode, $sParam01 = null, $sParam02 = null, $sParam03 = null, $sParam04 = null) {
 					return Dict::Format($sStringCode, $sParam01, $sParam02, $sParam03, $sParam04);
 				})
@@ -40,14 +51,15 @@ class TwigExtension
 		// Filter to format output
 		// example a DateTime is converted to user format
 		// Usage in twig: {{ 'String:ToFormat'|output_format }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('date_format',
+		$oTwigEnv->addFilter(new TwigFilter('date_format',
 				function ($sDate) {
-					try
-					{
-						if (preg_match('@^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$@', trim($sDate)))
-						{
+					try {
+						if (preg_match('@^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$@', trim($sDate))) {
 							return AttributeDateTime::GetFormat()->Format($sDate);
 						}
+						if (preg_match('@^\d\d\d\d-\d\d-\d\d$@', trim($sDate))) {
+							return AttributeDate::GetFormat()->Format($sDate);
+						}
 					}
 					catch (Exception $e)
 					{
@@ -60,7 +72,7 @@ class TwigExtension
 		// Filter to format output
 		// example a DateTime is converted to user format
 		// Usage in twig: {{ 'String:ToFormat'|output_format }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('size_format',
+		$oTwigEnv->addFilter(new TwigFilter('size_format',
 				function ($sSize) {
 					return utils::BytesToFriendlyFormat($sSize);
 				})
@@ -68,73 +80,65 @@ class TwigExtension
 
 		// Filter to enable base64 encode/decode
 		// Usage in twig: {{ 'String to encode'|base64_encode }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('base64_encode', 'base64_encode'));
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('base64_decode', 'base64_decode'));
+		$oTwigEnv->addFilter(new TwigFilter('base64_encode', 'base64_encode'));
+		$oTwigEnv->addFilter(new TwigFilter('base64_decode', 'base64_decode'));
 
 		// Filter to enable json decode  (encode already exists)
 		// Usage in twig: {{ aSomeArray|json_decode }}
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('json_decode', function ($sJsonString, $bAssoc = false) {
+		$oTwigEnv->addFilter(new TwigFilter('json_decode', function ($sJsonString, $bAssoc = false) {
 				return json_decode($sJsonString, $bAssoc);
 			})
 		);
 
 		// Filter to add itopversion to an url
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('add_itop_version', function ($sUrl) {
-			if (strpos($sUrl, '?') === false)
-			{
-				$sUrl = $sUrl."?itopversion=".ITOP_VERSION;
-			}
-			else
-			{
-				$sUrl = $sUrl."&itopversion=".ITOP_VERSION;
-			}
+		$oTwigEnv->addFilter(new TwigFilter('add_itop_version', function ($sUrl) {
+			$sUrl = utils::AddParameterToUrl($sUrl, 'itopversion', ITOP_VERSION);
 
 			return $sUrl;
 		}));
 
 		// Filter to add a module's version to an url
-		$oTwigEnv->addFilter(new Twig_SimpleFilter('add_module_version', function ($sUrl, $sModuleName) {
+		$oTwigEnv->addFilter(new TwigFilter('add_module_version', function ($sUrl, $sModuleName) {
 			$sModuleVersion = utils::GetCompiledModuleVersion($sModuleName);
-
-			if (strpos($sUrl, '?') === false)
-			{
-				$sUrl = $sUrl."?moduleversion=".$sModuleVersion;
-			}
-			else
-			{
-				$sUrl = $sUrl."&moduleversion=".$sModuleVersion;
-			}
+			$sUrl = utils::AddParameterToUrl($sUrl, 'moduleversion', $sModuleVersion);
 
 			return $sUrl;
 		}));
 
 		// Function to check our current environment
 		// Usage in twig:   {% if is_development_environment() %}
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('is_development_environment', function()
-		{
+		$oTwigEnv->addFunction(new TwigFunction('is_development_environment', function () {
 			return utils::IsDevelopmentEnvironment();
 		}));
 
 		// Function to get configuration parameter
 		// Usage in twig: {{ get_config_parameter('foo') }}
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_config_parameter', function($sParamName)
-		{
+		$oTwigEnv->addFunction(new TwigFunction('get_config_parameter', function ($sParamName) {
 			$oConfig = MetaModel::GetConfig();
+
 			return $oConfig->Get($sParamName);
 		}));
 
+		// Function to get a module setting
+		// Usage in twig: {{ get_module_setting(<MODULE_CODE>, <PROPERTY_CODE> [, <DEFAULT_VALUE>]) }}
+		// since 3.0.0, but see N°4034 for upcoming evolutions in the 3.1
+		$oTwigEnv->addFunction(new TwigFunction('get_module_setting', function (string $sModuleCode, string $sPropertyCode, $defaultValue = null) {
+			$oConfig = MetaModel::GetConfig();
+
+			return $oConfig->GetModuleSetting($sModuleCode, $sPropertyCode, $defaultValue);
+		}));
+
 		// Function to get the URL of a static page in a module
 		// Usage in twig: {{ get_static_page_module_url('itop-my-module', 'path-to-my-page') }}
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_static_page_module_url', function($sModuleName, $sPage)
-		{
+		$oTwigEnv->addFunction(new TwigFunction('get_static_page_module_url', function ($sModuleName, $sPage) {
 			return utils::GetAbsoluteUrlModulesRoot().$sModuleName.'/'.$sPage;
 		}));
 
 		// Function to get the URL of a php page in a module
 		// Usage in twig: {{ get_page_module_url('itop-my-module', 'path-to-my-my-page.php') }}
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_page_module_url', function($sModuleName, $sPage)
-		{
+		$oTwigEnv->addFunction(new TwigFunction('get_page_module_url', function ($sModuleName, $sPage) {
 			return utils::GetAbsoluteUrlModulePage($sModuleName, $sPage);
 		}));
 	}
+
 }

application/ui.extkeywidget.class.inc.php

@@ -4,6 +4,10 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\UI\Base\Component\Form\FormUIBlockFactory;
+use Combodo\iTop\Application\UI\Base\Layout\UIContentBlockUIBlockFactory;
+use Combodo\iTop\Core\MetaModel\FriendlyNameType;
+
 require_once(APPROOT.'/application/displayblock.class.inc.php');
 
 /**
@@ -57,6 +61,8 @@ class UIExtKeyWidget
 	protected $sAttCode;
 	protected $bSearchMode;
 
+	//public function __construct($sAttCode, $sClass, $sTitle, $oAllowedValues, $value, $iInputId, $bMandatory, $sNameSuffix = '', $sFieldPrefix = '', $sFormPrefix = '')
+
 	/**
 	 * @param \WebPage $oPage
 	 * @param string $sAttCode
@@ -76,18 +82,13 @@ class UIExtKeyWidget
 	 * @throws \Exception
 	 *
 	 * @since 3.0.0 N°3750 new $sInputType parameter
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 Add default value for $aArgs for PHP 8.0 compat
 	 */
 	public static function DisplayFromAttCode(
 		$oPage, $sAttCode, $sClass, $sTitle, $oAllowedValues, $value, $iInputId, $bMandatory, $sFieldName = '', $sFormPrefix = '',
 		$aArgs = [], $bSearchMode = false, &$sInputType = ''
 	)
 	{
-		// we will only use key & name, so let's reduce fields loaded !
-		$aAttToLoad = [
-			$sClass => [], // nothing, id and friendlyname are automatically added by the API
-		];
-		$oAllowedValues->OptimizeColumnLoad($aAttToLoad);
-
 		$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
 		$sTargetClass = $oAttDef->GetTargetClass();
 		$iMaxComboLength = $oAttDef->GetMaximumComboLength();
@@ -192,7 +193,7 @@ class UIExtKeyWidget
 
 		$bIsAutocomplete = $oAllowedValues->CountExceeds($iMaxComboLength);
 		$sWrapperCssClass = $bIsAutocomplete ? 'ibo-input-select-autocomplete-wrapper' : 'ibo-input-select-wrapper';
-		$sHTMLValue = "<div class=\"field_input_zone field_input_extkey ibo-input-wrapper ibo-input-select-wrapper--with-buttons $sWrapperCssClass\" data-attcode=\"".$this->sAttCode."\"  data-validation=\"untouched\">";
+		$sHTMLValue = "<div class=\"field_input_zone field_input_extkey ibo-input-wrapper ibo-input-select-wrapper--with-buttons $sWrapperCssClass\" data-attcode=\"".$this->sAttCode."\"  data-validation=\"untouched\"  data-accessibility-selectize-label=\"$sTitle\">";
 		
 		// We just need to compare the number of entries with MaxComboLength, so no need to get the real count.
 		if (!$bIsAutocomplete) {
@@ -200,42 +201,45 @@ class UIExtKeyWidget
 			$sHelpText = ''; //$this->oAttDef->GetHelpOnEdition();
 			//$sHTMLValue .= "<div class=\"field_select_wrapper\">\n";
 			$aOptions = [];
-			$sDisplayValue = "";
 
 			$aOption = [];
 			$aOption['value'] = "";
 			$aOption['label'] = Dict::S('UI:SelectOne');
-			array_push($aOptions,$aOption);
+			array_push($aOptions, $aOption);
 
 			$oAllowedValues->Rewind();
-			$bAddingValue=false;
+			$sClassAllowed = $oAllowedValues->GetClass();
+			$bAddingValue = false;
 
-			$aComplementAttributeSpec = MetaModel::GetComplementAttributeSpec($oAllowedValues->GetClass());
+			// N°4792 - load only the required fields
+			$aFieldsToLoad = [];
+
+			$aComplementAttributeSpec = MetaModel::GetNameSpec($oAllowedValues->GetClass(), FriendlyNameType::COMPLEMENTARY);
 			$sFormatAdditionalField = $aComplementAttributeSpec[0];
 			$aAdditionalField = $aComplementAttributeSpec[1];
 
-			if (count($aAdditionalField)>0)
-			{
-				$bAddingValue=true;
+			if (count($aAdditionalField) > 0) {
+				$bAddingValue = true;
+				$aFieldsToLoad[$sClassAllowed] = $aAdditionalField;
 			}
-			while($oObj = $oAllowedValues->Fetch())
-			{
-				$aOption=[];
+			$sObjectImageAttCode = MetaModel::GetImageAttributeCode($sClassAllowed);
+			if (!empty($sObjectImageAttCode)) {
+				$aFieldsToLoad[$sClassAllowed][] = $sObjectImageAttCode;
+			}
+			$aFieldsToLoad[$sClassAllowed][] = 'friendlyname';
+			$oAllowedValues->OptimizeColumnLoad($aFieldsToLoad);
+			$bInitValue = false;
+			while ($oObj = $oAllowedValues->Fetch()) {
+				$aOption = [];
 				$aOption['value'] = $oObj->GetKey();
-				$aOption['label'] = $oObj->GetName();//.'<span class=\"object-ref-icon fas fa-eye-slash object-obsolete fa-1x fa-fw\"></span>';
+				$aOption['label'] = $oObj->GetName();
+				$aOption['search_label'] = utils::HtmlEntityDecode($oObj->GetName());
 
-				if (($oAllowedValues->Count() == 1) && ($bMandatory == 'true') )
-				{
+				if (($oAllowedValues->Count() == 1) && ($bMandatory == 'true')) {
 					// When there is only once choice, select it by default
-					$sDisplayValue=$oObj->GetName();
-					if($value != $oObj->GetKey())
-					{
-						$value=$oObj->GetKey();
-					}
-				}
-				else {
-					if ((is_array($value) && in_array($oObj->GetKey(), $value)) || ($value == $oObj->GetKey())) {
-						$sDisplayValue = $oObj->GetName();
+					if ($value != $oObj->GetKey()) {
+						$value = $oObj->GetKey();
+						$bInitValue = true;
 					}
 				}
 				if ($oObj->IsObsolete()) {
@@ -246,23 +250,36 @@ class UIExtKeyWidget
 					foreach ($aAdditionalField as $sAdditionalField) {
 						array_push($aArguments, $oObj->Get($sAdditionalField));
 					}
-					$aOption['additional_field'] = vsprintf($sFormatAdditionalField, $aArguments);
+					$aOption['additional_field'] = utils::HtmlEntities(vsprintf($sFormatAdditionalField, $aArguments));
+				}
+				if (!empty($sObjectImageAttCode)) {
+					// Try to retrieve image for contact
+					/** @var \ormDocument $oImage */
+					$oImage = $oObj->Get($sObjectImageAttCode);
+					if (!$oImage->IsEmpty()) {
+						$aOption['picture_url'] = $oImage->GetDisplayURL($sClassAllowed, $oObj->GetKey(), $sObjectImageAttCode);
+						$aOption['initials'] = '';
+					} else {
+						$aOption['initials'] = utils::FormatInitialsForMedallion(utils::ToAcronym($oObj->Get('friendlyname')));
+					}
 				}
 				array_push($aOptions, $aOption);
 			}
 			$sInputType = CmdbAbstractObject::ENUM_INPUT_TYPE_DROPDOWN_DECORATED;
-			$sHTMLValue .= "<select title=\"$sHelpText\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" id=\"$this->iId\"  tabindex=\"0\"></select>";
-			$sJsonOptions = str_replace('\\', '\\\\', json_encode($aOptions));
+			$sHTMLValue .= "<select class=\"ibo-input-select-placeholder\" title=\"$sHelpText\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" id=\"$this->iId\"  tabindex=\"0\"></select>";
+			$sJsonOptions = str_replace("'", "\'", str_replace('\\', '\\\\', json_encode($aOptions)));
 			$oPage->add_ready_script(
 				<<<EOF
 		oACWidget_{$this->iId} = new ExtKeyWidget('{$this->iId}', '{$this->sTargetClass}', '$sFilter', '$sTitle', true, $sWizHelper, '{$this->sAttCode}', $sJSSearchMode, $sJSDoSearch);
 		oACWidget_{$this->iId}.emptyHtml = "<div style=\"background: #fff; border:0; text-align:center; vertical-align:middle;\"><p>$sMessage</p></div>";
 		oACWidget_{$this->iId}.AddSelectize('$sJsonOptions','$value');
 		$('#$this->iId').on('update', function() { oACWidget_{$this->iId}.Update(); } );
-		$('#$this->iId').on('change', function() { $(this).trigger('extkeychange') } );
-
+		$('#$this->iId').on('change', function() { $(this).trigger('extkeychange'); } );
 EOF
 			);
+			if ($bInitValue) {
+				$oPage->add_ready_script("$('#$this->iId').one('validate', function() { $(this).trigger('change'); } );");
+			}
 			$sHTMLValue .= "<div class=\"ibo-input-select--action-buttons\">";
 		}
 		else
@@ -290,7 +307,7 @@ EOF
 			$sHTMLValue .= "<input class=\"field_autocomplete ibo-input ibo-input-select ibo-input-select-autocomplete\" type=\"text\"  id=\"label_$this->iId\" value=\"$sDisplayValue\" placeholder='...'/>";
 
 			// another hidden input to store & pass the object's Id
-			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" />\n";
+			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".utils::HtmlEntities($value)."\" />\n";
 
 			$JSSearchMode = $this->bSearchMode ? 'true' : 'false';
 			// Scripts to start the autocomplete and bind some events to it
@@ -527,7 +544,7 @@ JS
 							$sHTMLValue .= "<option value=\"\">$sDisplayValue</option>\n";
 						}
 					} else {
-						$sHTMLValue .= "<select title=\"$sHelpText\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" id=\"$this->iId\">\n";
+						$sHTMLValue .= "<select class=\"ibo-input-select-placeholder\" title=\"$sHelpText\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" id=\"$this->iId\">\n";
 						$sHTMLValue .= "<option value=\"\">".Dict::S('UI:SelectOne')."</option>\n";
 					}
 
@@ -599,10 +616,10 @@ EOF
 
 			// the input for the auto-complete
 			$sHTMLValue .= "<input class=\"field_autocomplete ibo-input-select\" type=\"text\"  id=\"label_$this->iId\" value=\"$sDisplayValue\"/>";
-			$sHTMLValue .= "<span class=\"field_input_btn\"><div class=\"mini_button\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\"><i class=\"fas fa-search\"></i></div></span>";
+			$sHTMLValue .= "<div class=\"ibo-input-select--action-buttons\"><span class=\"field_input_btn\"><div class=\"mini_button ibo-input-select--action-button\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\"><i class=\"fas fa-search\"></i></div></span></div>";
 
 			// another hidden input to store & pass the object's Id
-			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".htmlentities($value, ENT_QUOTES, 'UTF-8')."\" />\n";
+			$sHTMLValue .= "<input type=\"hidden\" id=\"$this->iId\" name=\"{$sAttrFieldPrefix}{$sFieldName}\" value=\"".utils::EscapeHtml($value)."\" />\n";
 
 			$JSSearchMode = $this->bSearchMode ? 'true' : 'false';
 			// Scripts to start the autocomplete and bind some events to it
@@ -693,14 +710,14 @@ JS
 HTML
 		);
 
-		$sDialogTitle = addslashes($sTitle);
+		$sDialogTitleSanitized = addslashes(utils::HtmlToText($sTitle));
 		$oPage->add_ready_script(<<<JS
 		$('#ac_dlg_{$this->iId}').dialog({ 
 				width: $(window).width()*0.8, 
 				height: $(window).height()*0.8, 
 				autoOpen: false, 
 				modal: true, 
-				title: '$sDialogTitle', 
+				title: '$sDialogTitleSanitized', 
 				resizeStop: oACWidget_{$this->iId}.UpdateSizes, 
 				close: oACWidget_{$this->iId}.OnClose,
 				buttons: [
@@ -761,14 +778,14 @@ JS
      * @param DBObject $oObj The current object for the OQL context
      * @param string $sContains The text of the autocomplete to filter the results
      * @param string $sOutputFormat
-     * @param null $sOperation for the values @see ValueSetObjects->LoadValues()
+     * @param null $sOperation for the values @see ValueSetObjects->LoadValues() not used since 3.0.0
      *
      * @throws CoreException
      * @throws OQLException
+     *
+     * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value for $oObj for PHP 8.0 compatibility
      */
-	public function AutoComplete(
-		WebPage $oP, $sFilter, $oObj = null, $sContains = '', $sOutputFormat = self::ENUM_OUTPUT_FORMAT_CSV, $sOperation = null
-	)
+	public function AutoComplete(WebPage $oP, $sFilter, $oObj, $sContains, $sOutputFormat = self::ENUM_OUTPUT_FORMAT_CSV, $sOperation = null	)
 	{
 		if (is_null($sFilter)) {
 			throw new Exception('Implementation: null value for allowed values definition');
@@ -782,13 +799,13 @@ JS
 		$oValuesSet->SetSort(false);
 		$oValuesSet->SetModifierProperty('UserRightsGetSelectFilter', 'bSearchMode', $this->bSearchMode);
 		$oValuesSet->SetLimit($iMax);
-		$aValuesContains = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'start_with');
-		asort($aValuesContains);
-		$aValues = $aValuesContains;
+		$aValuesStartWith = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'start_with');
+		asort($aValuesStartWith);
+		$aValues = $aValuesStartWith;
 		if (sizeof($aValues) < $iMax) {
 			$aValuesContains = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'contains');
 			asort($aValuesContains);
-			$iSize = sizeof($aValuesContains);
+			$iSize = sizeof($aValues);
 			foreach ($aValuesContains as $sKey => $sFriendlyName)
 			{
 				if (!isset($aValues[$sKey]))
@@ -804,28 +821,33 @@ JS
 		elseif (!in_array($sContains, $aValues))
 		{
 			$aValuesEquals = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains,	'equals');
-			$aValues = array_merge($aValuesEquals, $aValues);
+			// Note: Here we cannot use array_merge as it would reindex the numeric keys starting from 0 when keys are actually the objects ID.
+			// As a workaround we use array_replace as it does preserve numeric keys. It's ok if some values from $aValuesEquals are replaced with values from $aValues as they contain the same data.
+			$aValues = array_replace($aValuesEquals, $aValues);
 		}
 
 		switch($sOutputFormat)
 		{
 			case static::ENUM_OUTPUT_FORMAT_JSON:
 
-			    $aJsonMap = array();
-			    foreach ($aValues as $sKey => $aValue)
-                {
-                    if ($aValue['additional_field'] != '')
-                    {
-	                    $aJsonMap[] = array('value' => $sKey, 'label' => $aValue['label'], 'obsolescence_flag' => $aValue['obsolescence_flag'], 'additional_field' => $aValue['additional_field']);
-                    }
-                    else
-                    {
-	                    $aJsonMap[] = array('value' => $sKey, 'label' => $aValue['label'], 'obsolescence_flag' => $aValue['obsolescence_flag']);
-                    }
-                }
+				$aJsonMap = array();
+				foreach ($aValues as $sKey => $aValue) {
+					$aElt = ['value' => $sKey, 'label' => utils::EscapeHtml($aValue['label']), 'obsolescence_flag' => $aValue['obsolescence_flag']];
+					if ($aValue['additional_field'] != '') {
+						$aElt['additional_field'] = utils::EscapeHtml($aValue['additional_field']);
+					}
 
-			    $oP->SetContentType('application/json');
-                $oP->add(json_encode($aJsonMap));
+					if (array_key_exists('initials', $aValue)) {
+						$aElt['initials'] = utils::FormatInitialsForMedallion($aValue['initials']);
+						if (array_key_exists('picture_url', $aValue)) {
+							$aElt['picture_url'] = $aValue['picture_url'];
+						}
+					}
+					$aJsonMap[] = $aElt;
+				}
+
+				$oP->SetContentType('application/json');
+				$oP->add(json_encode($aJsonMap));
 				break;
 
 			case static::ENUM_OUTPUT_FORMAT_CSV:
@@ -892,26 +914,17 @@ JS
             }
         }
 
-        $sDialogTitle = '';
-        $oPage->add('<div id="ac_create_'.$this->iId.'"><div class="wizContainer" style="vertical-align:top;"><div id="dcr_'.$this->iId.'">');
-        $oPage->add('<form>');
-
 		$sClassLabel = MetaModel::GetName($this->sTargetClass);
-		$oPage->add('<p>'.Dict::Format('UI:SelectTheTypeOf_Class_ToCreate', $sClassLabel));
-		$oPage->add('<nobr><select name="class">');
-		asort($aPossibleClasses);
-		foreach($aPossibleClasses as $sClassName => $sClassLabel)
-		{
-			$oPage->add("<option value=\"$sClassName\">$sClassLabel</option>");
-		}
-		$oPage->add('</select>');
-		$oPage->add('&nbsp; <button type="submit" class="action" style="margin-top:15px;"><span>' . Dict::S('UI:Button:Ok') . '</span></button></nobr></p>');
-
-        $oPage->add('</form>');
-        $oPage->add('</div></div></div>');
-        $oPage->add_ready_script("\$('#ac_create_$this->iId').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true, title: '$sDialogTitle'});\n");
-        $oPage->add_ready_script("$('#dcr_{$this->iId} form').removeAttr('onsubmit');");
-        $oPage->add_ready_script("$('#dcr_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoSelectObjectClass);");
+        $sDialogTitle = Dict::Format('UI:CreationTitle_Class', $sClassLabel);;
+        $oBlock = UIContentBlockUIBlockFactory::MakeStandard('ac_create_'.$this->iId,['ibo-is-visible']);
+		$oPage->AddSubBlock($oBlock);
+		$oClassForm = FormUIBlockFactory::MakeStandard();
+		$oBlock->AddSubBlock($oClassForm);
+		$oClassForm->AddSubBlock(cmdbAbstractObject::DisplayBlockSelectClassToCreate( $sClassLabel, $this->sTargetClass,   $aPossibleClasses));
+		$sDialogTitleEscaped = addslashes($sDialogTitle);
+        $oPage->add_ready_script("$('#ac_create_$this->iId').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true, title: '$sDialogTitleEscaped'});\n");
+        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').removeAttr('onsubmit');");
+        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoSelectObjectClass);");
 	}
 
 	/**
@@ -958,7 +971,7 @@ HTML
 		foreach (MetaModel::ListAttributeDefs($this->sTargetClass) as $sAttCode => $oAttDef) {
 			if (($oAttDef instanceof AttributeBlob) || (false)) {
 				$aFieldsFlags[$sAttCode] = OPT_ATT_READONLY;
-				$aFieldsComments[$sAttCode] = '&nbsp;<img src="../images/transp-lock.png" style="vertical-align:middle" title="'.htmlentities(Dict::S('UI:UploadNotSupportedInThisMode')).'"/>';
+				$aFieldsComments[$sAttCode] = '&nbsp;<img src="../images/transp-lock.png" style="vertical-align:middle" title="'.utils::EscapeHtml(Dict::S('UI:UploadNotSupportedInThisMode')).'"/>';
 			}
 		}
 		cmdbAbstractObject::DisplayCreationForm($oPage, $this->sTargetClass, $oNewObj, array(), array('formPrefix' => $this->iId, 'noRelations' => true, 'fieldsFlags' => $aFieldsFlags, 'fieldsComments' => $aFieldsComments));
@@ -969,9 +982,9 @@ HTML
 		);
 
 		$oPage->add_ready_script(<<<JS
-$('#ac_create_{$this->iId}').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true});
+$('#ac_create_{$this->iId}').dialog({ width: $(window).width() * 0.6, height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true});
 $('#dcr_{$this->iId} form').removeAttr('onsubmit');
-$('#dcr_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoCreateObject);
+$('#dcr_{$this->iId} form').find('button[type="submit"]').on('click', oACWidget_{$this->iId}.DoCreateObject);
 JS
 		);
 	}
@@ -1003,16 +1016,46 @@ JS
 
 		if ($bHasChildLeafs)
 		{
-			$oPage->add('<div class="treecontrol" id="treecontrolid"><a href="?#">'.Dict::S("UI:Treeview:CollapseAll").'</a> | <a href="?#">'.Dict::S("UI:Treeview:ExpandAll").'</a></div>');
+			$oPage->add('<span class="treecontrol ibo-button-group" id="treecontrolid"><a class="ibo-button ibo-is-regular ibo-is-neutral" href="?#">'.Dict::S("UI:Treeview:CollapseAll").'</a><a class="ibo-button ibo-is-regular ibo-is-neutral" href="?#">'.Dict::S("UI:Treeview:ExpandAll").'</a></span>');
 		}
-
-		$oPage->add("<input type=\"button\" class=\"ibo-button ibo-is-regular ibo-is-neutral\" id=\"btn_cancel_{$this->iId}\" value=\"".Dict::S('UI:Button:Cancel')."\" onClick=\"$('#dlg_tree_{$this->iId}').dialog('close');\">&nbsp;&nbsp;");
-		$oPage->add("<input type=\"button\" class=\"ibo-button ibo-is-regular ibo-is-primary\" id=\"btn_ok_{$this->iId}\" value=\"".Dict::S('UI:Button:Ok')."\"  onClick=\"oACWidget_{$this->iId}.DoHKOk();\">");
-
+		
 		$oPage->add('</div></div>');
-
+		
+		$sOkButtonLabel = Dict::S('UI:Button:Ok');
+		$sCancelButtonLabel = Dict::S('UI:Button:Cancel');
 		$oPage->add_ready_script("\$('#tree_$this->iId ul').treeview({ control: '#treecontrolid',	persist: 'false'});\n");
-		$oPage->add_ready_script("\$('#dlg_tree_$this->iId').dialog({ width: 'auto', height: 'auto', autoOpen: true, modal: true, title: '$sDialogTitle', resizeStop: oACWidget_{$this->iId}.OnHKResize, close: oACWidget_{$this->iId}.OnHKClose });\n");
+		$oPage->add_ready_script(<<<JS
+$('#dlg_tree_$this->iId').dialog({
+	width: 'auto',
+	height: 'auto',
+	autoOpen: true,
+	modal: true,
+	title: '$sDialogTitle',
+    open: function() {
+        $(this).css("max-height", parseInt($(window).height()*0.7)+'px');        
+    },
+	buttons: [
+		{ 
+			text: "$sCancelButtonLabel", 
+			click: function() { $(this).dialog( "close" ); } 
+		},
+		{ 
+			text: "$sOkButtonLabel",
+		   	class: "ibo-is-primary",
+			click: function() {
+				oACWidget_{$this->iId}.DoHKOk();
+			},
+		},
+		],
+
+	resizeStop: oACWidget_{$this->iId}.OnHKResize,
+	close: oACWidget_{$this->iId}.OnHKClose 
+});
+
+$('#dlg_tree_$this->iId + .ui-dialog-buttonpane .ui-dialog-buttonset').prepend($('#treecontrolid'));
+
+JS
+		);
 	}
 
 	/**

application/ui.htmleditorwidget.class.inc.php

@@ -15,6 +15,7 @@
 //
 //   You should have received a copy of the GNU Affero General Public License
 //   along with iTop. If not, see <http://www.gnu.org/licenses/>
+use Combodo\iTop\Application\Helper\WebResourcesHelper;
 
 /**
  * Class UIHTMLEditorWidget
@@ -64,7 +65,7 @@ class UIHTMLEditorWidget
 		$sHelpText = $this->m_sHelpText;
 		$sValidationField = $this->m_sValidationField;
 
-		$sHtmlValue = "<div class=\"field_input_zone field_input_html\"><textarea class=\"htmlEditor\" title=\"$sHelpText\" name=\"attr_{$this->m_sFieldPrefix}{$sCode}\" rows=\"10\" cols=\"10\" id=\"$iId\">$sValue</textarea></div>$sValidationField";
+		$sHtmlValue = "<div class=\"field_input_zone field_input_html ibo-input-wrapper\"><textarea class=\"htmlEditor ibo-input-richtext-placeholder\" title=\"$sHelpText\" name=\"attr_{$this->m_sFieldPrefix}{$sCode}\" id=\"$iId\">$sValue</textarea></div>$sValidationField";
 
 		// Replace the text area with CKEditor
 		// To change the default settings of the editor,
@@ -83,6 +84,7 @@ class UIHTMLEditorWidget
 		}
 		$sConfigJS = json_encode($aConfig);
 
+		WebResourcesHelper::EnableCKEditorToWebPage($oPage);
 		$oPage->add_ready_script("$('#$iId').ckeditor(function() { /* callback code */ }, $sConfigJS);"); // Transform $iId into a CKEdit
 
 		// Please read...

application/ui.linksdirectwidget.class.inc.php

@@ -75,9 +75,15 @@ class UILinksWidgetDirect
 	 * @param array $aArgs
 	 * @param string $sFormPrefix
 	 * @param DBObject $oCurrentObj
+	 *
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value for $aArgs for PHP 8.0 compatibility (handling wrong values at method start)
 	 */
-	public function Display(WebPage $oPage, $oValue, $aArgs = array(), $sFormPrefix, $oCurrentObj)
+	public function Display(WebPage $oPage, $oValue, $aArgs, $sFormPrefix, $oCurrentObj)
 	{
+		if (empty($aArgs)) {
+			$aArgs = [];
+		}
+
 		$oLinksetDef = MetaModel::GetAttributeDef($this->sClass, $this->sAttCode);
 		switch($oLinksetDef->GetEditMode())
 		{
@@ -127,8 +133,10 @@ class UILinksWidgetDirect
 	 * @param string $sFormPrefix
 	 * @param DBObject $oCurrentObj
 	 * @param bool $bDisplayMenu
+	 *
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value for $aArgs for PHP 8.0 compatibility (protected method, always called with default value)
 	 */
-	protected function DisplayAsBlock(WebPage $oPage, $oValue, $aArgs = array(), $sFormPrefix, $oCurrentObj, $bDisplayMenu)
+	protected function DisplayAsBlock(WebPage $oPage, $oValue, $aArgs, $sFormPrefix, $oCurrentObj, $bDisplayMenu)
 	{
 		$oLinksetDef = MetaModel::GetAttributeDef($this->sClass, $this->sAttCode);
 		$sTargetClass = $oLinksetDef->GetLinkedClass();
@@ -197,7 +205,6 @@ class UILinksWidgetDirect
 
 		if ($sRealClass != '')
 		{
-			$oPage->add("<h1>".MetaModel::GetClassIcon($sRealClass)."&nbsp;".Dict::Format('UI:CreationTitle_Class', MetaModel::GetName($sRealClass))."</h1>\n");
 			$oLinksetDef = MetaModel::GetAttributeDef($this->sClass, $this->sAttCode);
 			$sExtKeyToMe = $oLinksetDef->GetExtKeyToMe();
 			$aFieldFlags = array( $sExtKeyToMe => OPT_ATT_HIDDEN);
@@ -229,8 +236,10 @@ class UILinksWidgetDirect
 	 * @param string $sFormPrefix
 	 * @param DBObject $oCurrentObj
 	 * @param array $aButtons
+	 *
+	 * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value for $aArgs for PHP 8.0 compatibility (protected method, caller already handles it)
 	 */
-	protected function DisplayEditInPlace(WebPage $oPage, $oValue, $aArgs = array(), $sFormPrefix, $oCurrentObj, $aButtons = array('create', 'delete'))
+	protected function DisplayEditInPlace(WebPage $oPage, $oValue, $aArgs, $sFormPrefix, $oCurrentObj, $aButtons = array('create', 'delete'))
 	{
 		$aAttribs = $this->GetTableConfig();
 		$oValue->Rewind();
@@ -246,7 +255,7 @@ class UILinksWidgetDirect
 		$oDiv = UIContentBlockUIBlockFactory::MakeStandard($this->sInputid, ['listContainer']);
 		$oPage->AddSubBlock($oDiv);
 		$oDatatable = DataTableUIBlockFactory::MakeForForm($this->sInputid, $aAttribs, $aData);
-		$oDatatable->SetOptions(['select_mode' => 'custom']);
+		$oDatatable->SetOptions(['select_mode' => 'custom', 'disable_hyperlinks' => true]);
 		$oDiv->AddSubBlock($oDatatable);
 		$sInputName = $sFormPrefix.'attr_'.$this->sAttCode;
 		$aLabels = array(
@@ -297,7 +306,7 @@ class UILinksWidgetDirect
 		}
 		$oHiddenCriteria = $oHiddenFilter->GetCriteria();
 		$aArgs = $oHiddenFilter->GetInternalParams();
-		$sHiddenCriteria = $oHiddenCriteria->Render($aArgs);
+		$sHiddenCriteria = $oHiddenCriteria->RenderExpression(false, $aArgs);
 
 		$oLinkSetDef = MetaModel::GetAttributeDef($this->sClass, $this->sAttCode);
 		$valuesDef = $oLinkSetDef->GetValuesDef();
@@ -474,6 +483,33 @@ HTML
 		}
 		return $oPage->GetTableRow($aRow, $aAttribs);		
 	}
+
+	/**
+	 * @param WebPage $oPage
+	 * @param $sRealClass
+	 * @param $aValues
+	 * @param int $iTempId
+	 *
+	 * @return array
+	 */
+	public function GetFormRow($oPage, $sRealClass, $aValues, $iTempId)
+	{
+		if ($sRealClass == '')
+		{
+			$sRealClass = $this->sLinkedClass;
+		}
+		$oLinkObj = new $sRealClass();
+		$oLinkObj->UpdateObjectFromPostedForm($this->sInputid);
+
+		$aAttribs = $this->GetTableConfig();
+		$aRow = array();
+		$aRow[] = '<input type="checkbox" class="selectList'.$this->sInputid.'" value="'.($iTempId).'"/>';
+		foreach($this->aZlist as $sLinkedAttCode)
+		{
+			$aRow[] = $oLinkObj->GetAsHTML($sLinkedAttCode);
+		}
+		return $aRow;
+	}
 	
 	/**
 	 * Initializes the default search parameters based on 1) a 'current' object and 2) the silos defined by the context

application/ui.linkswidget.class.inc.php

@@ -108,15 +108,14 @@ class UILinksWidget
 	 * @throws \CoreUnexpectedValue
 	 * @throws \Exception
 	 */
-	protected function GetFormRow(WebPage $oP, DBObject $oLinkedObj, $linkObjOrId, $aArgs, $oCurrentObj, $iUniqueId, $bReadOnly = false)
+	protected function GetFormRow(WebPage $oP, DBObject $oLinkedObj, $linkObjOrId, $aArgs, $oCurrentObj, $iUniqueId, $bReadOnly = false, $bModified = false)
 	{
 		$sPrefix = "$this->m_sAttCode{$this->m_sNameSuffix}";
 		$aRow = array();
 		$aFieldsMap = array();
 		$iKey = 0;
 
-		if (is_object($linkObjOrId) && (!$linkObjOrId->IsNew()))
-		{
+		if (is_object($linkObjOrId) && (!$linkObjOrId->IsNew())) {
 			$iKey = $linkObjOrId->GetKey();
 			$iRemoteObjKey = $linkObjOrId->Get($this->m_sExtKeyToRemote);
 			$sPrefix .= "[$iKey][";
@@ -125,49 +124,44 @@ class UILinksWidget
 			$aArgs['wizHelper'] = "oWizardHelper{$this->m_iInputId}{$iKey}";
 			$aArgs['this'] = $linkObjOrId;
 
-			if ($bReadOnly)
-			{
+			if ($bReadOnly) {
 				$aRow['form::checkbox'] = "";
-				foreach ($this->m_aEditableFields as $sFieldCode)
-				{
+				foreach ($this->m_aEditableFields as $sFieldCode) {
 					$sDisplayValue = $linkObjOrId->GetEditValue($sFieldCode);
 					$aRow[$sFieldCode] = $sDisplayValue;
 				}
-			}
-			else
-			{
+			} else {
 				$aRow['form::checkbox'] = "<input class=\"selection\" data-remote-id=\"$iRemoteObjKey\" data-link-id=\"$iKey\" data-unique-id=\"$iUniqueId\" type=\"checkbox\" onClick=\"oWidget".$this->m_iInputId.".OnSelectChange();\" value=\"$iKey\">";
-				foreach ($this->m_aEditableFields as $sFieldCode)
-				{
+				foreach ($this->m_aEditableFields as $sFieldCode) {
 					$sSafeFieldId = $this->GetFieldId($linkObjOrId->GetKey(), $sFieldCode);
 					$this->AddRowForFieldCode($aRow, $sFieldCode, $aArgs, $linkObjOrId, $oP, $sNameSuffix, $sSafeFieldId);
 					$aFieldsMap[$sFieldCode] = $sSafeFieldId;
+
+					if ($bModified) {
+						$oP->add_ready_script(
+							<<<EOF
+oWidget{$this->m_iInputId}.AddModified($iUniqueId, {$this->m_iInputId},  $sFieldCode, {$linkObjOrId->Get($sFieldCode)});
+EOF
+						);
+					}
 				}
 			}
 
 			$sState = $linkObjOrId->GetState();
 			$sRemoteKeySafeFieldId = $this->GetFieldId($aArgs['this']->GetKey(), $this->m_sExtKeyToRemote);;
-		}
-		else
-		{
+		} else {
 			// form for creating a new record
-			if (is_object($linkObjOrId))
-			{
+			if (is_object($linkObjOrId)) {
 				// New link existing only in memory
 				$oNewLinkObj = $linkObjOrId;
 				$iRemoteObjKey = $oNewLinkObj->Get($this->m_sExtKeyToRemote);
-				$oNewLinkObj->Set($this->m_sExtKeyToMe,
-					$oCurrentObj); // Setting the extkey with the object also fills the related external fields
-			}
-			else
-			{
+				$oNewLinkObj->Set($this->m_sExtKeyToMe, $oCurrentObj); // Setting the extkey with the object also fills the related external fields
+			} else {
 				$iRemoteObjKey = $linkObjOrId;
 				$oNewLinkObj = MetaModel::NewObject($this->m_sLinkedClass);
 				$oRemoteObj = MetaModel::GetObject($this->m_sRemoteClass, $iRemoteObjKey);
-				$oNewLinkObj->Set($this->m_sExtKeyToRemote,
-					$oRemoteObj); // Setting the extkey with the object alsoo fills the related external fields
-				$oNewLinkObj->Set($this->m_sExtKeyToMe,
-					$oCurrentObj); // Setting the extkey with the object also fills the related external fields
+				$oNewLinkObj->Set($this->m_sExtKeyToRemote, $oRemoteObj); // Setting the extkey with the object alsoo fills the related external fields
+				$oNewLinkObj->Set($this->m_sExtKeyToMe, $oCurrentObj); // Setting the extkey with the object also fills the related external fields
 			}
 			$sPrefix .= "[-$iUniqueId][";
 			$sNameSuffix = "]"; // To make a tabular form
@@ -177,8 +171,7 @@ class UILinksWidget
 			$sInputValue = $iUniqueId > 0 ? "-$iUniqueId" : "$iUniqueId";
 			$aRow['form::checkbox'] = "<input class=\"selection\" data-remote-id=\"$iRemoteObjKey\" data-link-id=\"0\" data-unique-id=\"$iUniqueId\" type=\"checkbox\" onClick=\"oWidget".$this->m_iInputId.".OnSelectChange();\" value=\"$sInputValue\">";
 
-			if ($iUniqueId > 0)
-			{
+			if ($iUniqueId > 0) {
 				// Rows created with ajax call need OnLinkAdded call.
 				//
 				$oP->add_ready_script(
@@ -187,9 +180,7 @@ PrepareWidgets();
 oWidget{$this->m_iInputId}.OnLinkAdded($iUniqueId, $iRemoteObjKey);
 EOF
 				);
-			}
-			else
-			{
+			} else {
 				// Rows added before loading the form don't have to call OnLinkAdded.
 				// Listeners are already present and DOM is not recreated
 				$iPositiveUniqueId = -$iUniqueId;
@@ -375,30 +366,44 @@ JS
 
 		$oValue->Rewind();
 		$aForm = array();
+		$iMaxAddedId = 0;
 		$iAddedId = -1; // Unique id for new links
-		while ($oCurrentLink = $oValue->Fetch())
-		{
+		$oBlock->aRemoved = json_decode(utils::ReadPostedParam("attr_{$sFormPrefix}{$this->m_sAttCode}_tbd", '[]', 'raw_data'));
+		$oModified = $oValue->GetModified($this->m_sExtKeyToRemote);
+		while ($oCurrentLink = $oValue->Fetch()) {
 			// We try to retrieve the remote object as usual
-			$oLinkedObj = MetaModel::GetObject($this->m_sRemoteClass, $oCurrentLink->Get($this->m_sExtKeyToRemote),
-				false /* Must not be found */);
-			// If successful, it means that we can edit its link
-			if ($oLinkedObj !== null) {
-				$bReadOnly = false;
-			} // Else we retrieve it without restrictions (silos) and will display its link as readonly
-			else {
-				$bReadOnly = true;
-				$oLinkedObj = MetaModel::GetObject($this->m_sRemoteClass, $oCurrentLink->Get($this->m_sExtKeyToRemote), false /* Must not be found */, true);
-			}
+			if (!in_array($oCurrentLink->GetKey(), $oBlock->aRemoved)) {
+				$bModified = false;
+				if (array_key_exists($oCurrentLink->GetKey(), $oModified)) {
+					$oLinkedObj = MetaModel::GetObject($this->m_sRemoteClass, $oModified[$oCurrentLink->GetKey()], false /* Must not be found */);
+					$bModified = true;
+				} else {
+					$oLinkedObj = MetaModel::GetObject($this->m_sRemoteClass, $oCurrentLink->Get($this->m_sExtKeyToRemote), false /* Must not be found */);
+				}
+				// If successful, it means that we can edit its link
+				if ($oLinkedObj !== null) {
+					$bReadOnly = false;
+				} // Else we retrieve it without restrictions (silos) and will display its link as readonly
+				else {
+					$bReadOnly = true;
+					$oLinkedObj = MetaModel::GetObject($this->m_sRemoteClass, $oCurrentLink->Get($this->m_sExtKeyToRemote), false /* Must not be found */, true);
+				}
 
-			if ($oCurrentLink->IsNew()) {
-				$key = $iAddedId--;
-			} else {
-				$key = $oCurrentLink->GetKey();
+				if ($oCurrentLink->IsNew()) {
+					$key = $iAddedId--;
+				} else {
+					$key = $oCurrentLink->GetKey();
+				}
+
+				$iMaxAddedId = max($iMaxAddedId, $key);
+				$aForm[$key] = $this->GetFormRow($oPage, $oLinkedObj, $oCurrentLink, $aArgs, $oCurrentObj, $key, $bReadOnly, $bModified);
 			}
-			$aForm[$key] = $this->GetFormRow($oPage, $oLinkedObj, $oCurrentLink, $aArgs, $oCurrentObj, $key, $bReadOnly);
 		}
+		$oBlock->iMaxAddedId = (int)$iMaxAddedId;
+
+
 		$oDataTable = DataTableUIBlockFactory::MakeForForm("{$this->m_sAttCode}{$this->m_sNameSuffix}", $this->m_aTableConfig, $aForm);
-		$oDataTable->SetOptions(['select_mode' => 'custom']);
+		$oDataTable->SetOptions(['select_mode' => 'custom', 'disable_hyperlinks' => true]);
 		$oBlock->AddSubBlock($oDataTable);
 
 		$oBlock->AddControls();

application/ui.passwordwidget.class.inc.php

@@ -49,6 +49,8 @@ class UIPasswordWidget
 	 */
 	public function Display(WebPage $oPage, $aArgs = array())
 	{
+		$oPage->add_dict_entry('UI:Component:Input:Password:DoesNotMatch');
+
 		$sCode = $this->sAttCode.$this->sNameSuffix;
 		$iWidgetIndex = self::$iWidgetIndex;
 
@@ -57,11 +59,12 @@ class UIPasswordWidget
 		$sConfirmPasswordValue = $aPasswordValues ? $aPasswordValues['confirm'] : '*****';
 		$sChangedValue = (($sPasswordValue != '*****') || ($sConfirmPasswordValue != '*****')) ? 1 : 0;
 		$sHtmlValue = '';
-		$sHtmlValue .= '<div class="field_input_zone field_input_onewaypassword">';
-		$sHtmlValue .= '<input type="password" maxlength="255" name="attr_'.$sCode.'[value]" id="'.$this->iId.'" value="'.htmlentities($sPasswordValue, ENT_QUOTES, 'UTF-8').'"/>';
-		$sHtmlValue .= '<input type="password" maxlength="255" id="'.$this->iId.'_confirm" value="'.htmlentities($sConfirmPasswordValue, ENT_QUOTES, 'UTF-8').'" name="attr_'.$sCode.'[confirm]"/>';
-		$sHtmlValue .= '<span>'.Dict::S('UI:PasswordConfirm').'</span>';
-		$sHtmlValue .= '<input id="'.$this->iId.'_reset" type="button" value="'.Dict::S('UI:Button:ResetPassword').'" onClick="ResetPwd(\''.$this->iId.'\');">';
+		$sHtmlValue .= '<div class="field_input_zone field_input_onewaypassword ibo-input-wrapper ibo-input-one-way-password-wrapper">';
+		$sHtmlValue .= '<input class="ibo-input" type="password" maxlength="255" name="attr_'.$sCode.'[value]" id="'.$this->iId.'" value="'.utils::EscapeHtml($sPasswordValue).'"/>';
+		$sHtmlValue .= '<div class="ibo-input-wrapper ibo-input-wrapper--with-buttons"><input class="ibo-input" type="password" maxlength="255" id="'.$this->iId.'_confirm" value="'.utils::EscapeHtml($sConfirmPasswordValue).'" name="attr_'.$sCode.'[confirm]"/>';
+		$sHtmlValue .= '<div class="ibo-input-select--action-buttons"><div class="ibo-input-select--action-button ibo-input-select--action-button--create" data-tooltip-content="'.Dict::S('UI:PasswordConfirm').'"><i class="fas fa-question-circle"></i></div></div></div>';
+		$sHtmlValue .= '<button id="'.$this->iId.'_reset" class="ibo-button ibo-is-regular ibo-is-neutral" onClick="ResetPwd(\''.$this->iId.'\');">';
+		$sHtmlValue .= '<span class="ibo-button--icon fas fa-undo"></span><span class="ibo-button--label">'.Dict::S('UI:Button:ResetPassword').'</span></button>';
 		$sHtmlValue .= '<input type="hidden" id="'.$this->iId.'_changed" name="attr_'.$sCode.'[changed]" value="'.$sChangedValue.'"/>';
 		$sHtmlValue .= '</div>';
 

application/utils.inc.php

@@ -17,9 +17,12 @@
  * You should have received a copy of the GNU Affero General Public License
  */
 
+use Combodo\iTop\Application\Helper\Session;
 use Combodo\iTop\Application\UI\Base\iUIBlock;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlock;
 use ScssPhp\ScssPhp\Compiler;
+use ScssPhp\ScssPhp\OutputStyle;
+use ScssPhp\ScssPhp\ValueConverter;
 
 
 /**
@@ -96,6 +99,11 @@ class utils
 	 * @since 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_RAW_DATA = 'raw_data';
+	/**
+	 * @var string
+	 * @since 3.0.2, 3.1.0 N°4899
+	 */
+	public const ENUM_SANITIZATION_FILTER_URL = 'url';
 
 	/**
 	 * @var string
@@ -239,9 +247,9 @@ class utils
 
 	public static function InitArchiveMode()
 	{
-		if (isset($_SESSION['archive_mode']))
+		if (Session::IsSet('archive_mode'))
 		{
-			$iDefault = $_SESSION['archive_mode'];
+			$iDefault = Session::Get('archive_mode');
 		}
 		else
 		{
@@ -249,9 +257,9 @@ class utils
 		}
 		// Read and record the value for switching the archive mode
 		$iCurrent = self::ReadParam('with-archive', $iDefault);
-		if (isset($_SESSION))
+		if (Session::IsInitialized())
 		{
-			$_SESSION['archive_mode'] = $iCurrent;
+			Session::Set('archive_mode', $iCurrent);
 		}
 		// Read and use the value for the current page (web services)
 		$iCurrent = self::ReadParam('with_archive', $iCurrent, true);
@@ -376,6 +384,7 @@ class utils
 	 * @since 2.5.2 2.6.0 new 'transaction_id' filter
 	 * @since 2.7.0 new 'element_identifier' filter
 	 * @since 3.0.0 new utils::ENUM_SANITIZATION_* const
+	 * @since 2.7.7, 3.0.2, 3.1.0 N°4899 - new 'url' filter
 	 */
 	protected static function Sanitize_Internal($value, $sSanitizationFilter)
 	{
@@ -453,6 +462,11 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;
 
+			// For URL
+			case static::ENUM_SANITIZATION_FILTER_URL:
+				$retValue = filter_var($value, FILTER_SANITIZE_URL);
+				break;
+
 			default:
 			case static::ENUM_SANITIZATION_FILTER_RAW_DATA:
 				$retValue = $value;
@@ -799,21 +813,20 @@ class utils
 	 */
 	public static function StringToTime($sDate, $sFormat)
 	{
-	   // Source: http://php.net/manual/fr/function.strftime.php
+		// Source: http://php.net/manual/fr/function.strftime.php
 		// (alternative: http://www.php.net/manual/fr/datetime.formats.date.php)
 		static $aDateTokens = null;
 		static $aDateRegexps = null;
-		if (is_null($aDateTokens))
-		{
-		   $aSpec = array(
-				'%d' =>'(?<day>[0-9]{2})',
+		if (is_null($aDateTokens)) {
+			$aSpec = array(
+				'%d' => '(?<day>[0-9]{2})',
 				'%m' => '(?<month>[0-9]{2})',
 				'%y' => '(?<year>[0-9]{2})',
 				'%Y' => '(?<year>[0-9]{4})',
 				'%H' => '(?<hour>[0-2][0-9])',
 				'%i' => '(?<minute>[0-5][0-9])',
 				'%s' => '(?<second>[0-5][0-9])',
-				);
+			);
 			$aDateTokens = array_keys($aSpec);
 			$aDateRegexps = array_values($aSpec);
 		}
@@ -860,6 +873,8 @@ class utils
 	}
 
 	/**
+	 * @param boolean $bForceGetFromDisk if true then will always read from disk without using instances in memory
+	 *
 	 * @return \Config Get object in the following order :
 	 * <ol>
 	 * <li>from {@link MetaModel::GetConfig} if loaded
@@ -872,25 +887,26 @@ class utils
 	 * @throws \CoreException
 	 *
 	 * @since 2.7.0 N°2478 this method will now always call {@link MetaModel::GetConfig} first, and cache in this class is only set when loading from disk
+	 * @since 3.0.0 N°4158 new $bReadFromDisk parameter
 	 */
-	public static function GetConfig()
+	public static function GetConfig($bForceGetFromDisk = false)
 	{
-		$oMetaModelConfig = MetaModel::GetConfig();
-		if ($oMetaModelConfig !== null)
-		{
-			return $oMetaModelConfig;
-		}
+		if (!$bForceGetFromDisk) {
+			$oMetaModelConfig = MetaModel::GetConfig();
+			if ($oMetaModelConfig !== null) {
+				return $oMetaModelConfig;
+			}
 
-		if (self::$oConfig !== null)
-		{
-			return self::$oConfig;
+			if (self::$oConfig !== null) {
+				return self::$oConfig;
+			}
 		}
 
 		$sCurrentEnvConfigPath = self::GetConfigFilePath();
-		if (file_exists($sCurrentEnvConfigPath))
-		{
+		if (file_exists($sCurrentEnvConfigPath)) {
 			$oCurrentEnvDiskConfig = new Config($sCurrentEnvConfigPath);
 			self::SetConfig($oCurrentEnvDiskConfig);
+
 			return self::$oConfig;
 		}
 
@@ -1210,7 +1226,7 @@ class utils
 	 */
 	static function CanLogOff()
 	{
-		return (isset($_SESSION['can_logoff']) ? $_SESSION['can_logoff'] : false);
+		return Session::Get('can_logoff', false);
 	}
 
 	/**
@@ -1219,7 +1235,7 @@ class utils
 	 */
 	public static function GetSessionLog()
 	{
-		return print_r($_SESSION, true);
+		return Session::GetLog();
 	}
 
 	 static function DebugBacktrace($iLimit = 5)
@@ -1312,14 +1328,17 @@ class utils
 	 */
 	public static function GetCurrentEnvironment()
 	{
-		if (isset($_SESSION['itop_env']))
-		{
-			return $_SESSION['itop_env'];
-		}
-		else
-		{
-			return ITOP_DEFAULT_ENV;
-		}
+		return Session::Get('itop_env', ITOP_DEFAULT_ENV);
+	}
+
+	/**
+	 * @return string Absolute path to the folder into which the current environment has been compiled.
+	 *                The corresponding folder is created or cleaned upon code compilation
+	 * @since 3.0.0
+	 */
+	public static function GetCompiledEnvironmentPath(): string
+	{
+		return APPROOT . 'env-' . MetaModel::GetEnvironment() . '/';
 	}
 
 	/**
@@ -1330,6 +1349,7 @@ class utils
 	{
 		return APPROOT.'data/cache-'.MetaModel::GetEnvironment().'/';
 	}
+
 	/**
 	 * @return string A path to a folder into which any module can store log
 	 * @since 2.7.0
@@ -1806,7 +1826,7 @@ class utils
 	 */
 	public static function HtmlEntities($sValue)
 	{
-		return htmlentities($sValue, ENT_QUOTES, 'UTF-8');
+		return htmlentities($sValue ?? '', ENT_QUOTES, 'UTF-8');
 	}
 
 	/**
@@ -1822,7 +1842,7 @@ class utils
 	public static function EscapeHtml($sValue)
 	{
 		return htmlspecialchars(
-			$sValue,
+			$sValue ?? '',
 			ENT_QUOTES | ENT_DISALLOWED | ENT_HTML5,
 			WebPage::PAGES_CHARSET,
 			false
@@ -1871,7 +1891,8 @@ class utils
 	{
 		$sText = str_replace("\r\n", "\n", $sText);
 		$sText = str_replace("\r", "\n", $sText);
-		return str_replace("\n", '<br/>', htmlentities($sText, ENT_QUOTES, 'UTF-8'));
+
+		return str_replace("\n", '<br/>', utils::EscapeHtml($sText));
 	}
 	
 	/**
@@ -1922,42 +1943,36 @@ class utils
 	public static function CompileCSSFromSASS($sSassContent, $aImportPaths = array(), $aVariables = array())
 	{
 		$oSass = new Compiler();
-		$oSass->setFormatter('ScssPhp\\ScssPhp\\Formatter\\Expanded');
+		$oSass->setOutputStyle(OutputStyle::COMPRESSED);
 		// Setting our variables
-		$oSass->setVariables($aVariables);
+		$aScssVariables = [];
+		foreach ($aVariables as $entry => $value) {
+			$aScssVariables[$entry] = ValueConverter::parseValue($value);
+		}
+		$oSass->addVariables($aScssVariables);
 		// Setting our imports paths
 		$oSass->setImportPaths($aImportPaths);
 		// Temporary disabling max exec time while compiling
 		$iCurrentMaxExecTime = (int) ini_get('max_execution_time');
 		set_time_limit(0);
 		// Compiling SASS
-		$sCss = $oSass->compile($sSassContent);
+		$oCompilationRes = $oSass->compileString($sSassContent);
 		set_time_limit(intval($iCurrentMaxExecTime));
 
-		return $sCss;
+		return $oCompilationRes->getCss();
 	}
-	
+
+	/**
+	 * Get the size of an image from a string.
+	 *
+	 * @see \getimagesizefromstring()
+	 * @param $sImageData string The image data, as a string.
+	 *
+	 * @return array|false
+	 */
 	public static function GetImageSize($sImageData)
 	{
-		if (function_exists('getimagesizefromstring')) // PHP 5.4.0 or higher
-		{
-			$aRet = @getimagesizefromstring($sImageData);
-		}
-		else if(ini_get('allow_url_fopen'))
-		{
-			// work around to avoid creating a tmp file
-			$sUri = 'data://application/octet-stream;base64,'.base64_encode($sImageData);
-			$aRet = @getimagesize($sUri);
-		}
-		else
-		{
-			// Damned, need to create a tmp file
-			$sTempFile = tempnam(SetupUtils::GetTmpDir(), 'img-');
-			@file_put_contents($sTempFile, $sImageData);
-			$aRet = @getimagesize($sTempFile);
-			@unlink($sTempFile);
-		}
-		return $aRet;
+		return @getimagesizefromstring($sImageData);
 	}
 
 	/**
@@ -2110,11 +2125,21 @@ class utils
 	}
 	
 	/**
-	 * Returns the relative (to MODULESROOT) path of the root directory of the module containing the file where the call to
-	 * this function is made
-	 * or an empty string if no such module is found (or not called within a module file)
-	 * @param number $iCallDepth The depth of the module in the callstack. Zero when called directly from within the module
-	 * @return string
+	 * **Warning** : returned result can be invalid as we're using backtrace to find the module dir name
+	 *
+	 * @param int $iCallDepth The depth of the module in the callstack. Zero when called directly from within the module
+	 *
+	 * @return string the relative (to MODULESROOT) path of the root directory of the module containing the file where the call to
+	 *     this function is made
+	 *     or an empty string if no such module is found (or not called within a module file)
+	 *
+	 * @uses \debug_backtrace()
+	 *
+	 * @since 3.0.0 Before writing model.*.php file, compiler will now always delete it.
+	 *      If you have symlinks enabled, base dir will be original module dir, but since this behavior change this won't be true anymore for model.*.php
+	 *      In consequence the backtrace analysis won't be possible for this file
+	 *      See N°4854
+	 * @link https://www.itophub.io/wiki/page?id=3_0_0%3Arelease%3A3_0_whats_new#compiler_always_generate_new_model_php compiler behavior change documentation
 	 */
 	public static function GetCurrentModuleDir($iCallDepth)
 	{
@@ -2139,9 +2164,14 @@ class utils
 	}
 
 	/**
+	 * **Warning** : as this method uses {@see GetCurrentModuleDir} it produces hazardous results.
+	 * You should better uses directly {@see GetAbsoluteUrlModulesRoot} and add the module dir name yourself ! See N°4573
+	 *
 	 * @return string the base URL for all files in the current module from which this method is called
 	 * or an empty string if no such module is found (or not called within a module file)
 	 * @throws \Exception
+	 *
+	 * @uses GetCurrentModuleDir
 	 */
 	public static function GetCurrentModuleUrl()
 	{
@@ -2396,43 +2426,19 @@ class utils
 	}
 
 	/**
-	 * @return string eg : '2_7_0' ITOP_VERSION is '2.7.1-dev'
+	 * @return string eg : '2_7_0' if iTop core version is '2.7.5-2'
+	 * @throws \ApplicationException if constant value is invalid
+	 * @uses ITOP_CORE_VERSION
 	 */
-	public static function GetItopVersionWikiSyntax() {
-		$sMinorVersion = self::GetItopMinorVersion();
+	public static function GetItopVersionWikiSyntax($sItopVersion = ITOP_CORE_VERSION)
+	{
+		$aExplodedVersion = explode('.', $sItopVersion);
 
-		return str_replace('.', '_', $sMinorVersion).'_0';
-	}
-
-	/**
-	 * @param string $sPatchVersion if non provided, will call GetItopPatchVersion
-	 *
-	 * @return string eg 2.7 if ITOP_VERSION is '2.7.0-dev'
-	 * @throws \Exception
-	 */
-	public static function GetItopMinorVersion($sPatchVersion = null) {
-		if (is_null($sPatchVersion)) {
-			$sPatchVersion = self::GetItopPatchVersion();
-		}
-		$aExplodedVersion = explode('.', $sPatchVersion);
-
-		if (count($aExplodedVersion) < 2) {
-			throw new Exception('iTop version is wrongfully configured!');
-		}
-		if (($aExplodedVersion[0] == '') || ($aExplodedVersion[1] == '')) {
-			throw new Exception('iTop version is wrongfully configured!');
+		if ((false === isset($aExplodedVersion[0])) || (false === isset($aExplodedVersion[1]))) {
+			throw new ApplicationException('iTop version is wrongfully configured!');
 		}
 
-		return sprintf('%d.%d', $aExplodedVersion[0], $aExplodedVersion[1]);
-	}
-
-	/**
-	 * @return string eg '2.7.0' if ITOP_VERSION is '2.7.0-dev'
-	 */
-	public static function GetItopPatchVersion() {
-		$aExplodedVersion = explode('-', ITOP_VERSION);
-
-		return $aExplodedVersion[0];
+		return "{$aExplodedVersion[0]}_{$aExplodedVersion[1]}_0";
 	}
 
 	/**
@@ -2630,7 +2636,9 @@ class utils
 		$aDefaultConf = array(
 			'language'=> $sLanguage,
 			'contentsLanguage' => $sLanguage,
-			'extraPlugins' => 'disabler,codesnippet,mentions,objectshortcut',
+			'extraPlugins' => 'disabler,codesnippet,mentions,objectshortcut,font,uploadimage',
+			'uploadUrl' => utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php',
+			'contentsCss' => array(utils::GetAbsoluteUrlAppRoot().'js/ckeditor/contents.css', utils::GetAbsoluteUrlAppRoot().'css/ckeditor/contents.css'),
 		);
 
 		// Mentions
@@ -2652,11 +2660,11 @@ class utils
 				}
 
 				// Note: Endpoints are defaults only and should be overloaded by other GUIs such as the end-users portal
-				$sMentionEndpoint = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=cke_mentions&marker='.$sMentionMarker.'&needle={encodedQuery}';
+				$sMentionEndpoint = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=cke_mentions&marker='.urlencode($sMentionMarker).'&needle={encodedQuery}';
 				$sMentionItemUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=details&class='.$sMentionClass.'&id={id}';
 
 				$sMentionItemPictureTemplate = (empty(MetaModel::GetImageAttributeCode($sMentionClass))) ? '' : <<<HTML
-<span class="ibo-vendors-ckeditor--autocomplete-item-image" style="background-image: url('{picture_url}');">{initials}</span>
+<span class="ibo-vendors-ckeditor--autocomplete-item-image" style="{picture_style}">{initials}</span>
 HTML;
 				$sMentionItemTemplate = <<<HTML
 <li class="ibo-vendors-ckeditor--autocomplete-item" data-id="{id}">{$sMentionItemPictureTemplate}<span class="ibo-vendors-ckeditor--autocomplete-item-title">{friendlyname}</span></li>
@@ -2710,10 +2718,24 @@ HTML;
 			$aAutoloadClassMaps = array_merge($aAutoloadClassMaps, glob(APPROOT.'env-'.utils::GetCurrentEnvironment().'/*/vendor/composer/autoload_classmap.php'));
 
 			$aClassMap = [];
+			$aAutoloaderErrors = [];
 			foreach ($aAutoloadClassMaps as $sAutoloadFile) {
+				if (false === static::RealPath($sAutoloadFile, APPROOT)) {
+					// can happen when we still have the autoloader symlink in env-*, but it points to a file that no longer exists
+					$aAutoloaderErrors[] = $sAutoloadFile;
+					continue;
+				}
 				$aTmpClassMap = include $sAutoloadFile;
+				/** @noinspection SlowArrayOperationsInLoopInspection we are getting an associative array so the documented workarounds cannot be used */
 				$aClassMap = array_merge($aClassMap, $aTmpClassMap);
 			}
+			if (count($aAutoloaderErrors) > 0) {
+				IssueLog::Debug(
+					"\utils::GetClassesForInterface cannot load some of the autoloader files",
+					LogChannels::CORE,
+					['autoloader_errors' => $aAutoloaderErrors]
+				);
+			}
 
 			// Add already loaded classes
 			$aCurrentClasses = array_fill_keys(get_declared_classes(), '');
@@ -2721,7 +2743,7 @@ HTML;
 
 			foreach ($aClassMap as $sPHPClass => $sPHPFile) {
 				$bSkipped = false;
-				
+
 				// Check if our class matches name filter, or is in an excluded path
 				if ($sClassNameFilter !== '' && strpos($sPHPClass, $sClassNameFilter) === false) {
 					$bSkipped = true;
@@ -2818,25 +2840,72 @@ HTML;
 		return $aPrefs[$sShortcutId];
 	}
 
+	//----------------------------------------------
+	// PHP function helpers
+	//----------------------------------------------
+
+	/**
+	 * Helper around the native strlen() PHP method to keep allowing usage of null value when computing the length of a string as null value is no longer allowed with PHP 8.1+
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return int Length of $sString, 0 if null
+	 * @since 3.0.2 N°5172
+	 */
+	public static function StrLen(?string $sString): int
+	{
+		return strlen($sString ?? '');
+	}
+
+	/**
+	 * Helper around the native strlen() PHP method to test a string for null or empty value
+	 *
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return bool if string null or empty
+	 * @since 3.0.2 N°5302
+	 */
+	public static function IsNullOrEmptyString(?string $sString): bool
+	{
+		return $sString === null || strlen($sString) === 0;
+	}
+
+	/**
+	 * Helper around the native strlen() PHP method to test a string not null or empty value
+	 *
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return bool if string is not null and not empty
+	 * @since 3.0.2 N°5302
+	 */
+	public static function IsNotNullOrEmptyString(?string $sString): bool
+	{
+		return !static::IsNullOrEmptyString($sString);
+	}
+
 	//----------------------------------------------
 	// Environment helpers
 	//----------------------------------------------
 
 	/**
-	 * Check if iTop is in a development environment (VCS vs build number)
+	 * Check if iTop is in a development environment
 	 *
-	 * @return bool
+	 * @return bool true if development environment
 	 *
 	 * @since 2.6.0 method creation
 	 * @since 3.0.0 add the `developer_mode.enabled` config parameter
 	 *
-	 * @use `developer_mode.enabled` config parameter
-	 * @use ITOP_REVISION
+	 * @uses GetDeveloperModeParam
+	 * @uses ITOP_REVISION constant (check 'svn' value)
 	 */
 	public static function IsDevelopmentEnvironment()
 	{
-		$oConfig = utils::GetConfig();
-		$bIsDevEnvInConfig = $oConfig->Get('developer_mode.enabled');
+		$bIsDevEnvInConfig = static::GetDeveloperModeParam();
 		if ($bIsDevEnvInConfig === true) {
 			return true;
 		}
@@ -2854,7 +2923,36 @@ HTML;
 	}
 
 	/**
-	 * @return bool : indicate whether we run under a windows environnement or not
+	 * In the setup there are times when the MetaModel config attribute is loaded but partially (only setup parameters are set, others have the default value)
+	 * So we need to load from disk then !
+	 *
+	 * But in other scenario we want to read from memory : for example when changing the option in a PHPUnit setUp method
+	 *
+	 * This method will first try to get the `developer_mode.enabled` config parameter the standard way (call to GetConfig without modification).
+	 * If we are getting null (not defined parameter), then we will load config from disk only (GetConfig(true))
+	 *
+	 * @return bool|null
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 *
+	 * @uses developer_mode.enabled config parameter
+	 */
+	private static function GetDeveloperModeParam(): ?bool
+	{
+		$oConfig = static::GetConfig(false);
+		$bIsDevEnvInConfig = $oConfig->Get('developer_mode.enabled');
+
+		if (!is_null($bIsDevEnvInConfig)) {
+			return $bIsDevEnvInConfig;
+		}
+
+		$oConfigFromDisk = static::GetConfig(true);
+
+		return $oConfigFromDisk->Get('developer_mode.enabled');
+	}
+
+	/**
+	 * @return bool true if we are running under a Windows environment
 	 * @since 2.7.4 : N°3412
 	 */
 	public static function IsWindowsEnvironment()
@@ -3020,4 +3118,80 @@ HTML;
 
 		return $aMentionedObjects;
 	}
+
+	/**
+	 * Note: This method is not ideal, but other solutions seemed even less ideal:
+	 *   * Add a "$sMaxLength" param. to utils::ToAcronym(): Does not work for every use cases (see corresponding ticket) as in some parts utils::ToAcronym isn't necessarly meant to be used in a medallion.
+	 *
+	 * @param string $sInitials
+	 *
+	 * @return string Truncates $sInitials so it can fit in medallions
+	 * @since 3.0.1 N°4913
+	 */
+	public static function FormatInitialsForMedallion(string $sInitials): string
+	{
+		return mb_substr($sInitials, 0, 3);
+	}
+
+	/**
+	 * @param $sUrl
+	 * @param string $sParamName
+	 * @param string $sParamValue
+	 *
+	 * @return string
+	 * @since 3.0.0
+	 */
+	public static function AddParameterToUrl(string $sUrl, string $sParamName, string $sParamValue): string
+	{
+		if (strpos($sUrl, '?') === false) {
+			$sUrl = $sUrl.'?'.urlencode($sParamName).'='.urlencode($sParamValue);
+		} else {
+			$sUrl = $sUrl.'&'.urlencode($sParamName).'='.urlencode($sParamValue);
+		}
+
+		return $sUrl;
+	}
+
+	/**
+	 * Return traits array used by a class and by parent classes hierarchy.
+	 *
+	 * @see https://www.php.net/manual/en/function.class-uses.php#110752
+	 *
+	 * @param string $sClass Class to scan
+	 * @param bool $bAutoload Autoload flag
+	 *
+	 * @return array traits used
+	 * @since 3.1.0
+	 */
+	public static function TraitsUsedByClass(string $sClass, bool $bAutoload = true): array
+	{
+		$aTraits = [];
+		do {
+			$aTraits = array_merge(class_uses($sClass, $bAutoload), $aTraits);
+		} while ($sClass = get_parent_class($sClass));
+		foreach ($aTraits as $sTrait => $same) {
+			$aTraits = array_merge(class_uses($sTrait, $bAutoload), $aTraits);
+		}
+
+		return array_unique($aTraits);
+	}
+
+	/**
+	 * Test trait usage by a class or by parent classes hierarchy.
+	 *
+	 * @param string $sTrait Trait to search for
+	 * @param string $sClass Class to check
+	 *
+	 * @return bool
+	 * @since 3.1.0
+	 */
+	public static function IsTraitUsedByClass(string $sTrait, string $sClass): bool
+	{
+		return in_array($sTrait, self::TraitsUsedByClass($sClass, true));
+	}
+  
+	public static function GetUniqId()
+	{
+		return hash('sha256', uniqid(sprintf('%x', rand()), true).sprintf('%x', rand()));
+	}
 }

application/webpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/WebPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/WebPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/WebPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/WebPage.php, now loadable using autoloader');

application/wizardhelper.class.inc.php

@@ -350,7 +350,7 @@ class WizardHelper
 	 */
 	public function GetJsForUpdateFields()
 	{
-		$sWizardHelperJsVar = ($this->m_aData['m_sWizHelperJsVarName']) ?? 'oWizardHelper'.$this->GetFormPrefix();
+		$sWizardHelperJsVar = (!is_null($this->m_aData['m_sWizHelperJsVarName'])) ? utils::Sanitize($this->m_aData['m_sWizHelperJsVarName'], '', utils::ENUM_SANITIZATION_FILTER_PARAMETER) : 'oWizardHelper'.$this->GetFormPrefix();
 		$sWizardHelperJson = $this->ToJSON();
 
 		return <<<JS
@@ -359,6 +359,10 @@ class WizardHelper
 JS;
 	}
 
+	/*
+	 * Function with an old pattern of code
+	 * @deprecated 3.1.0
+	*/
 	static function ParseJsonSet($oMe, $sLinkClass, $sExtKeyToMe, $sJsonSet)
 	{
 		$aSet = json_decode($sJsonSet, true); // true means hash array instead of object

application/xmlpage.class.inc.php

@@ -1,8 +1,8 @@
 <?php
 /**
- * @deprecated  will be removed in 3.1.0 - moved to sources/application/WebPage/XMLPage.php, now loadable using autoloader
+ * @deprecated  will be removed in 3.1.0 - moved to sources/Application/WebPage/XMLPage.php, now loadable using autoloader
  * @license     http://opensource.org/licenses/AGPL-3.0
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  */
 
-DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/application/WebPage/XMLPage.php, now loadable using autoloader');
+DeprecatedCallsLog::NotifyDeprecatedFile('moved to sources/Application/WebPage/XMLPage.php, now loadable using autoloader');

approot.inc.php

@@ -3,4 +3,26 @@
 define('APPROOT', dirname(__FILE__).'/');
 define('APPCONF', APPROOT.'conf/');
 
+/**
+ * iTop Datamodel XML format version
+ *
+ * It was also used in iTop 3.0.0 to get iTop core version (instead of {@see ITOP_VERSION} which gives the application version).
+ * To address this need you should now use {@see ITOP_CORE_VERSION}
+ *
+ * @see ITOP_CORE_VERSION to get full iTop core version
+ */
+define('ITOP_DESIGN_LATEST_VERSION', '3.1');
+
+/**
+ * Constant containing the iTop core version, whatever application was built
+ *
+ * Note that in iTop 3.0.0 we used {@see ITOP_DESIGN_LATEST_VERSION} to get core version.
+ * When releasing, both constants should be updated : see `.make/release/update-versions.php` for that !
+ *
+ * @since 2.7.7 3.0.1 3.1.0 N°4714 constant creation
+ * @used-by utils::GetItopVersionWikiSyntax()
+ * @used-by iTopModulesPhpVersionIntegrationTest
+ */
+define('ITOP_CORE_VERSION', '3.1.0');
+
 require_once APPROOT.'bootstrap.inc.php';

bootstrap.inc.php

@@ -44,11 +44,7 @@ define('ITOP_DEFAULT_ENV', 'production');
 define('MAINTENANCE_MODE_FILE', APPROOT.'data/.maintenance');
 define('READONLY_MODE_FILE', APPROOT.'data/.readonly');
 
-if (function_exists('microtime')) {
-	$fItopStarted = microtime(true);
-} else {
-	$fItopStarted = 1000 * time();
-}
+$fItopStarted = microtime(true);
 
 if (!isset($GLOBALS['bBypassAutoload']) || $GLOBALS['bBypassAutoload'] == false) {
 	require_once APPROOT.'/lib/autoload.php';

composer.json

@@ -1,8 +1,10 @@
 {
+  "name": "combodo/itop",
+  "description": "IT Operations Portal",
   "type": "project",
-  "license": "AGPLv3",
+  "license": "AGPL-3.0-only",
   "require": {
-    "php": ">=7.1.3",
+    "php": ">=7.4.0 <8.2.0",
     "ext-ctype": "*",
     "ext-dom": "*",
     "ext-gd": "*",
@@ -10,22 +12,26 @@
     "ext-json": "*",
     "ext-mysqli": "*",
     "ext-soap": "*",
-    "combodo/tcpdf": "6.3.5",
-    "nikic/php-parser": "^4.12.0",
-    "pear/archive_tar": "1.4.13",
-    "pelago/emogrifier": "2.1.0",
-    "scssphp/scssphp": "1.0.6",
-    "swiftmailer/swiftmailer": "5.4.12",
-    "symfony/console": "3.4.*",
-    "symfony/dotenv": "3.4.*",
-    "symfony/framework-bundle": "3.4.*",
-    "symfony/polyfill-php70": "1.*",
-    "symfony/twig-bundle": "3.4.*",
-    "symfony/yaml": "3.4.*"
+    "apereo/phpcas" : "~1.3",
+    "combodo/tcpdf": "~6.4.4",
+    "guzzlehttp/guzzle": "^7.4.5",
+    "laminas/laminas-mail": "^2.11",
+    "laminas/laminas-servicemanager": "^3.5",
+    "league/oauth2-google": "^3.0",
+    "nikic/php-parser": "~4.14.0",
+    "pear/archive_tar": "~1.4.14",
+    "pelago/emogrifier": "^6.0.0",
+    "scssphp/scssphp": "^1.10.3",
+    "symfony/console": "5.4.*",
+    "symfony/dotenv": "5.4.*",
+    "symfony/framework-bundle": "5.4.*",
+    "symfony/twig-bundle": "5.4.*",
+    "symfony/yaml": "5.4.*",
+    "thenetworg/oauth2-azure": "^2.0"
   },
   "require-dev": {
-    "symfony/stopwatch": "3.4.*",
-    "symfony/web-profiler-bundle": "3.4.*"
+    "symfony/stopwatch": "5.4.*",
+    "symfony/web-profiler-bundle": "5.4.*"
   },
   "suggest": {
     "ext-libsodium": "Required to use the AttributeEncryptedString.",
@@ -37,14 +43,15 @@
   },
   "config": {
     "platform": {
-      "php": "7.2.0"
+      "php": "7.4.0"
     },
     "vendor-dir": "lib",
     "preferred-install": {
       "*": "dist"
     },
     "sort-packages": true,
-    "classmap-authoritative": true
+    "classmap-authoritative": true,
+    "platform-check": true
   },
   "autoload": {
     "classmap": [
@@ -53,12 +60,7 @@
       "sources"
     ],
     "exclude-from-classmap": [
-      "core/dbobjectsearch.class.php",
-      "core/legacy/dbobjectsearchlegacy.class.php",
-      "core/querybuildercontext.class.inc.php",
-      "core/legacy/querybuildercontextlegacy.class.inc.php",
-      "core/querybuilderexpressions.class.inc.php",
-      "core/legacy/querybuilderexpressionslegacy.class.inc.php",
+      "application/twigextension.class.inc.php",
       "core/oql/build/PHP/",
       "core/apc-emulation.php",
       "application/startup.inc.php",

core/DbConnectionWrapper.php

@@ -0,0 +1,67 @@
+<?php
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+namespace Combodo\iTop\Core;
+
+use mysqli;
+
+/**
+ * mysqli object is really hard to mock as it contains lots of attributes & methods ! Thought we need to mock it to test transactions !
+ *
+ * To solve this, a new attribute exists and is only used in specific use cases, so there are just few things to mock.
+ *
+ * This object adds more readability than previous model with 2 attributes in {@see CMDBSource}.
+ *
+ * @used-by \CMDBSource
+ *
+ * @since 3.0.0 N°4325 Object creation
+ *          This wrapper handles the 2 {@mysqli myqsli} attributes that were previously in {@see CMDBSource}
+ *          To allow testing we added a second mysqli object (N°3513 in 2.7.5) and code became a bit confusing :/
+ *          With this wrapper everything is in the same place, and we can express the intention more clearly !
+ */
+class DbConnectionWrapper
+{
+	/** @var mysqli */
+	protected static $oDbCnxStandard;
+
+	/**
+	 * Can contain a genuine mysqli object, or a mock that would emulate {@see mysqli::query()}
+	 *
+	 * @var mysqli
+	 * @used-by \Combodo\iTop\Test\UnitTest\Core\TransactionsTest
+	 */
+	protected static $oDbCnxMockableForQuery;
+
+	/**
+	 * @param bool $bIsForQuery set to true if using {@see mysqli::query()}
+	 *
+	 * @return \mysqli|null
+	 */
+	public static function GetDbConnection(bool $bIsForQuery = false): ?mysqli
+	{
+		if ($bIsForQuery) {
+			return static::$oDbCnxMockableForQuery;
+		}
+
+		return static::$oDbCnxStandard;
+	}
+
+	public static function SetDbConnection(?mysqli $oMysqli): void
+	{
+		static::$oDbCnxStandard = $oMysqli;
+		static::SetDbConnectionMockForQuery($oMysqli);
+	}
+
+	/**
+	 * Use this to register a mock that will handle {@see mysqli::query()}
+	 *
+	 * @param \mysqli|null $oMysqli
+	 */
+	public static function SetDbConnectionMockForQuery(?mysqli $oMysqli): void
+	{
+		static::$oDbCnxMockableForQuery = $oMysqli;
+	}
+}

core/MyHelpers.class.inc.php

@@ -66,9 +66,8 @@ class MyHelpers
 	// getmicrotime()
 	// format sss.mmmuuupppnnn 
 	public static function getmicrotime()
-	{ 
-		list($usec, $sec) = explode(" ",microtime()); 
-		return ((float)$usec + (float)$sec); 
+	{
+		return microtime(true);
 	}
 
 	/*
@@ -471,9 +470,9 @@ class Str
 	public static function pure2html($pure, $maxLength = false)
 	{
 		// Check for HTML entities, but be careful the DB is in UTF-8
-		return $maxLength                                         
-			? htmlentities(substr($pure, 0, $maxLength), ENT_QUOTES, 'UTF-8')
-			: htmlentities($pure, ENT_QUOTES, 'UTF-8');
+		return $maxLength
+			? utils::EscapeHtml(substr($pure, 0, $maxLength))
+			: utils::EscapeHtml($pure);
 	}
 	public static function pure2sql($pure, $maxLength = false)
 	{

core/action.class.inc.php

@@ -51,6 +51,7 @@ abstract class Action extends cmdbAbstractObject
 			"db_table" => "priv_action",
 			"db_key_field" => "id",
 			"db_finalclass_field" => "realclass",
+			'style' =>  new ormStyle(null, null, null, null, null, '../images/icons/icons8-in-transit.svg'),
 		);
 		MetaModel::Init_Params($aParams);
 		//MetaModel::Init_InheritAttributes();
@@ -117,6 +118,39 @@ abstract class Action extends cmdbAbstractObject
 				return false;
 		}
 	}
+
+	/**
+	 * @inheritDoc
+	 * @since 3.0.0
+	 */
+	public function AfterInsert()
+	{
+		parent::AfterInsert();
+		$this->DoCheckIfHasTrigger();
+	}
+
+	/**
+	 * @inheritDoc
+	 * @since 3.0.0
+	 */
+	public function AfterUpdate()
+	{
+		parent::AfterUpdate();
+		$this->DoCheckIfHasTrigger();
+	}
+
+	/**
+	 * Check if the Action has at least 1 trigger linked. Otherwise, it adds a warning.
+	 * @return void
+	 * @since 3.0.0
+	 */
+	protected function DoCheckIfHasTrigger()
+	{
+		$oTriggersSet = $this->Get('trigger_list');
+		if ($oTriggersSet->Count() === 0) {
+			$this->m_aCheckWarnings[] = Dict::S('Action:WarningNoTriggerLinked');
+		}
+	}
 }
 
 /**
@@ -166,6 +200,17 @@ abstract class ActionNotification extends Action
  */
 class ActionEmail extends ActionNotification
 {
+	/**
+	 * @var string
+	 * @since 3.0.1
+	 */
+	const ENUM_HEADER_NAME_MESSAGE_ID = 'Message-ID';
+	/**
+	 * @var string
+	 * @since 3.0.1
+	 */
+	const ENUM_HEADER_NAME_REFERENCES = 'References';
+
 	/**
 	 * @inheritDoc
 	 */
@@ -173,13 +218,13 @@ class ActionEmail extends ActionNotification
 	{
 		$aParams = array
 		(
-			"category" => "grant_by_profile,core/cmdb,application",
-			"key_type" => "autoincrement",
-			"name_attcode" => "name",
-			"state_attcode" => "",
-			"reconc_keys" => array('name'),
-			"db_table" => "priv_action_email",
-			"db_key_field" => "id",
+			"category"            => "grant_by_profile,core/cmdb,application",
+			"key_type"            => "autoincrement",
+			"name_attcode"        => "name",
+			"state_attcode"       => "",
+			"reconc_keys"         => array('name'),
+			"db_table"            => "priv_action_email",
+			"db_key_field"        => "id",
 			"db_finalclass_field" => "",
 		);
 		MetaModel::Init_Params($aParams);
@@ -232,7 +277,7 @@ class ActionEmail extends ActionNotification
 	protected function FindRecipients($sRecipAttCode, $aArgs)
 	{
 		$sOQL = $this->Get($sRecipAttCode);
-		if (strlen($sOQL) == '') return '';
+		if (strlen($sOQL) === 0) return '';
 
 		try
 		{
@@ -366,8 +411,7 @@ class ActionEmail extends ActionNotification
 		{
 			$this->m_iRecipients = 0;
 			$this->m_aMailErrors = array();
-			$bRes = false; // until we do succeed in sending the email
-	
+
 			// Determine recipients
 			//
 			$sTo = $this->FindRecipients('to', $aContextArgs);
@@ -381,37 +425,48 @@ class ActionEmail extends ActionNotification
 
 			$sSubject = MetaModel::ApplyParams($this->Get('subject'), $aContextArgs);
 			$sBody = MetaModel::ApplyParams($this->Get('body'), $aContextArgs);
-			
+
 			$oObj = $aContextArgs['this->object()'];
-			$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/), MetaModel::GetEnvironmentId());
-			$sReference = '<'.$sMessageId.'>';
+			$sMessageId = $this->GenerateIdentifierForHeaders($oObj, static::ENUM_HEADER_NAME_MESSAGE_ID);
+			$sReference = $this->GenerateIdentifierForHeaders($oObj, static::ENUM_HEADER_NAME_REFERENCES);
 		}
-		catch(Exception $e)
-		{
-  			ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
-  			throw $e;
-  		}
-		ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
-		
-		if (!is_null($oLog))
-		{
+		catch (Exception $e) {
+			/** @noinspection PhpUnhandledExceptionInspection */
+			throw $e;
+		}
+		finally {
+			ApplicationContext::SetUrlMakerClass($sPreviousUrlMaker);
+		}
+
+		if (!is_null($oLog)) {
 			// Note: we have to secure this because those values are calculated
 			// inside the try statement, and we would like to keep track of as
 			// many data as we could while some variables may still be undefined
-			if (isset($sTo))       $oLog->Set('to', $sTo);
-			if (isset($sCC))       $oLog->Set('cc', $sCC);
-			if (isset($sBCC))      $oLog->Set('bcc', $sBCC);
-			if (isset($sFrom))     $oLog->Set('from', empty($sFromLabel) ? $sFrom : "$sFromLabel <$sFrom>");
-			if (isset($sSubject))  $oLog->Set('subject', $sSubject);
-			if (isset($sBody))     $oLog->Set('body', $sBody);
+			if (isset($sTo)) {
+				$oLog->Set('to', $sTo);
+			}
+			if (isset($sCC)) {
+				$oLog->Set('cc', $sCC);
+			}
+			if (isset($sBCC)) {
+				$oLog->Set('bcc', $sBCC);
+			}
+			if (isset($sFrom)) {
+				$oLog->Set('from', $sFrom);
+			}
+			if (isset($sSubject)) {
+				$oLog->Set('subject', $sSubject);
+			}
+			if (isset($sBody)) {
+				$oLog->Set('body', $sBody);
+			}
 		}
 		$sStyles = file_get_contents(APPROOT.'css/email.css');
 		$sStyles .= MetaModel::GetConfig()->Get('email_css');
 
 		$oEmail = new EMail();
 
-		if ($this->IsBeingTested())
-		{
+		if ($this->IsBeingTested()) {
 			$oEmail->SetSubject('TEST['.$sSubject.']');
 			$sTestBody = $sBody;
 			$sTestBody .= "<div style=\"border: dashed;\">\n";
@@ -421,8 +476,8 @@ class ActionEmail extends ActionNotification
 			$sTestBody .= "<li>TO: $sTo</li>\n";
 			$sTestBody .= "<li>CC: $sCC</li>\n";
 			$sTestBody .= "<li>BCC: $sBCC</li>\n";
-			$sTestBody .= empty($sFromLabel) ? "<li>From: $sFrom</li>\n": "<li>From: $sFromLabel &lt;$sFrom&gt;</li>\n";
-			$sTestBody .= empty($sReplyToLabel) ? "<li>Reply-To: $sReplyTo</li>\n": "<li>Reply-To: $sReplyToLabel &lt;$sReplyTo&gt;</li>\n";
+			$sTestBody .= empty($sFromLabel) ? "<li>From: $sFrom</li>\n" : "<li>From: $sFromLabel &lt;$sFrom&gt;</li>\n";
+			$sTestBody .= empty($sReplyToLabel) ? "<li>Reply-To: $sReplyTo</li>\n" : "<li>Reply-To: $sReplyToLabel &lt;$sReplyTo&gt;</li>\n";
 			$sTestBody .= "<li>References: $sReference</li>\n";
 			$sTestBody .= "</ul>\n";
 			$sTestBody .= "</p>\n";
@@ -432,9 +487,9 @@ class ActionEmail extends ActionNotification
 			$oEmail->SetRecipientFrom($sFrom, $sFromLabel);
 			$oEmail->SetReferences($sReference);
 			$oEmail->SetMessageId($sMessageId);
-		}
-		else
-		{
+			// Note: N°4849 We pass the "References" identifier instead of the "Message-ID" on purpose as we want notifications emails to group around the triggering iTop object, not just the users' replies to the notification
+			$oEmail->SetInReplyTo($sReference);
+		} else {
 			$oEmail->SetSubject($sSubject);
 			$oEmail->SetBody($sBody, 'text/html', $sStyles);
 			$oEmail->SetRecipientTO($sTo);
@@ -444,6 +499,8 @@ class ActionEmail extends ActionNotification
 			$oEmail->SetRecipientReplyTo($sReplyTo, $sReplyToLabel);
 			$oEmail->SetReferences($sReference);
 			$oEmail->SetMessageId($sMessageId);
+			// Note: N°4849 We pass the "References" identifier instead of the "Message-ID" on purpose as we want notifications emails to group around the triggering iTop object, not just the users' replies to the notification
+			$oEmail->SetInReplyTo($sReference);
 		}
 
 		if (isset($aContextArgs['attachments']))
@@ -470,26 +527,64 @@ class ActionEmail extends ActionNotification
 				{
 					case EMAIL_SEND_OK:
 						return "Sent";
-	
+
 					case EMAIL_SEND_PENDING:
 						return "Pending";
-	
+
 					case EMAIL_SEND_ERROR:
 						return "Errors: ".implode(', ', $aErrors);
 				}
 			}
-		}
-		else
-		{
-			if (is_array($this->m_aMailErrors) && count($this->m_aMailErrors) > 0)
-			{
+		} else {
+			if (is_array($this->m_aMailErrors) && count($this->m_aMailErrors) > 0) {
 				$sError = implode(', ', $this->m_aMailErrors);
-			}
-			else
-			{
+			} else {
 				$sError = 'Unknown reason';
 			}
+
 			return 'Notification was not sent: '.$sError;
 		}
 	}
+
+	/**
+	 * @param \DBObject $oObject
+	 * @param string $sHeaderName {@see \ActionEmail::ENUM_HEADER_NAME_REFERENCES}, {@see \ActionEmail::ENUM_HEADER_NAME_MESSAGE_ID}
+	 *
+	 * @return string The formatted identifier for $sHeaderName based on $oObject
+	 * @throws \Exception
+	 * @since 3.0.1 N°4849
+	 */
+	protected function GenerateIdentifierForHeaders(DBObject $oObject, string $sHeaderName): string
+	{
+		$sObjClass = get_class($oObject);
+		$sObjId = $oObject->GetKey();
+		$sAppName = utils::Sanitize(ITOP_APPLICATION_SHORT, '', utils::ENUM_SANITIZATION_FILTER_VARIABLE_NAME);
+
+		switch ($sHeaderName) {
+			case static::ENUM_HEADER_NAME_MESSAGE_ID:
+			case static::ENUM_HEADER_NAME_REFERENCES:
+				// Prefix
+				$sPrefix = sprintf('%s_%s_%d', $sAppName, $sObjClass, $sObjId);
+				if ($sHeaderName === static::ENUM_HEADER_NAME_MESSAGE_ID) {
+					$sPrefix .= sprintf('_%F', microtime(true /* get as float*/));
+				}
+				// Suffix
+				$sSuffix = sprintf('@%s.openitop.org', MetaModel::GetEnvironmentId());
+				// Identifier
+				$sIdentifier = $sPrefix.$sSuffix;
+				if ($sHeaderName === static::ENUM_HEADER_NAME_REFERENCES) {
+					$sIdentifier = "<$sIdentifier>";
+				}
+
+				return $sIdentifier;
+		}
+
+		// Requested header name invalid
+		$sErrorMessage = sprintf('%s: Could not generate identifier for header "%s", only %s are supported', static::class, $sHeaderName, implode(' / ', [static::ENUM_HEADER_NAME_MESSAGE_ID, static::ENUM_HEADER_NAME_REFERENCES]));
+		IssueLog::Error($sErrorMessage, LogChannels::NOTIFICATIONS, [
+			'Object' => $sObjClass.'::'.$sObjId.' ('.$oObject->GetRawName().')',
+			'Action' => get_class($this).'::'.$this->GetKey().' ('.$this->GetRawName().')',
+		]);
+		throw new Exception($sErrorMessage);
+	}
 }

core/apc-service.class.inc.php

@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * Class ApcService
+ * @since 2.7.6 N°4125
+ */
+class ApcService {
+	public function __construct() {
+	}
+
+	/**
+	 * @param string $function_name
+	 * @return bool
+	 * @see function_exists()
+	 */
+	public function function_exists($function_name) {
+		return function_exists($function_name);
+	}
+
+	/**
+	 * @param string|array $key
+	 * @return mixed
+	 * @see apc_fetch()
+	 */
+	function apc_fetch($key)
+	{
+		return apc_fetch($key);
+	}
+
+	/**
+	 * @param array|string $key
+	 * @param $var
+	 * @param int $ttl
+	 * @return array|bool
+	 * @see apc_store()
+	 */
+	function apc_store($key, $var = NULL, $ttl = 0)
+	{
+		return apc_store($key, $var, $ttl);
+	}
+}
+?>

core/asynctask.class.inc.php

@@ -157,7 +157,7 @@ abstract class AsyncTask extends DBObject
 		if (is_array($aRetries) && array_key_exists(get_class($this), $aRetries))
 		{
 			$aConfig = $aRetries[get_class($this)];
-			$iRetryDelay = $aConfig['retry_delay'];
+			$iRetryDelay = $aConfig['retry_delay'] ?? $iRetryDelay;
 		}
 		return $iRetryDelay;
 	}
@@ -169,11 +169,71 @@ abstract class AsyncTask extends DBObject
 		if (is_array($aRetries) && array_key_exists(get_class($this), $aRetries))
 		{
 			$aConfig = $aRetries[get_class($this)];
-			$iMaxRetries = $aConfig['max_retries'];
+			$iMaxRetries = $aConfig['max_retries'] ?? $iMaxRetries;
 		}
 		return $iMaxRetries;
 	}
 
+	public function IsRetryDelayExponential()
+	{
+	    $bExponential = false;
+	    $aRetries = MetaModel::GetConfig()->Get('async_task_retries');
+	    if (is_array($aRetries) && array_key_exists(get_class($this), $aRetries))
+	    {
+	        $aConfig = $aRetries[get_class($this)];
+	        $bExponential = (bool)$aConfig['exponential_delay'] ?? $bExponential;
+	    }
+	    return $bExponential;
+	}
+
+	public static function CheckRetryConfig(Config $oConfig, $sAsyncTaskClass)
+	{
+	    $aMessages = [];
+	    $aRetries = $oConfig->Get('async_task_retries');
+	    if (is_array($aRetries) && array_key_exists($sAsyncTaskClass, $aRetries))
+	    {
+	        $aValidKeys = array("retry_delay", "max_retries", "exponential_delay");
+	        $aConfig = $aRetries[$sAsyncTaskClass];
+	        if (!is_array($aConfig))
+	        {
+	            $aMessages[] = Dict::Format('Class:AsyncTask:InvalidConfig_Class_Keys', $sAsyncTaskClass, implode(', ', $aValidKeys));
+	        }
+	        else
+	        {
+	            foreach($aConfig as $key => $value)
+	            {
+	                if (!in_array($key, $aValidKeys))
+	                {
+	                    $aMessages[] = Dict::Format('Class:AsyncTask:InvalidConfig_Class_InvalidKey_Keys', $sAsyncTaskClass, $key, implode(', ', $aValidKeys));
+	                }
+	            }
+	        }
+	    }
+	    return $aMessages;
+	}
+
+	/**
+	 * Compute the delay to wait for the "next retry", based on the given parameters
+	 * @param bool $bIsExponential
+	 * @param int $iRetryDelay
+	 * @param int $iMaxRetries
+	 * @param int $iRemainingRetries
+	 * @return int
+	 */
+	public static function GetNextRetryDelay($bIsExponential, $iRetryDelay, $iMaxRetries, $iRemainingRetries)
+	{
+	    if ($bIsExponential)
+	    {
+	        $iExponent = $iMaxRetries - $iRemainingRetries;
+	        if ($iExponent < 0) $iExponent = 0; // Safety net in case on configuration change in the middle of retries
+	        return $iRetryDelay * (2 ** $iExponent);
+	    }
+	    else
+	    {
+	        return $iRetryDelay;
+	    }
+	}
+
 	/**
 	 * Override to notify people that a task cannot be performed
 	 */
@@ -233,7 +293,7 @@ abstract class AsyncTask extends DBObject
 			$this->Set('remaining_retries', $this->GetMaxRetries($iErrorCode));
 		}
 
-		$this->Set('last_error', $sErrorMessage);
+		$this->SetTrim('last_error', $sErrorMessage);
 		$this->Set('last_error_code', $iErrorCode); // Note: can be ZERO !!!
 		$this->Set('last_attempt', time());
 
@@ -241,25 +301,26 @@ abstract class AsyncTask extends DBObject
 		if ($iRemaining > 0)
 		{
 			$iRetryDelay = $this->GetRetryDelay($iErrorCode);
-			IssueLog::Info('Failed to process async task #'.$this->GetKey().' - reason: '.$sErrorMessage.' - remaining retries: '.$iRemaining.' - next retry in '.$iRetryDelay.'s');
+			$iNextRetryDelay = static::GetNextRetryDelay($this->IsRetryDelayExponential(), $iRetryDelay, $this->GetMaxRetries($iErrorCode), $iRemaining);
+			IssueLog::Info('Failed to process async task #'.$this->GetKey().' - reason: '.$sErrorMessage.' - remaining retries: '.$iRemaining.' - next retry in '.$iNextRetryDelay.'s');
 			if ($this->Get('event_id') != 0)
 			{
 				$oEventLog = MetaModel::GetObject('Event', $this->Get('event_id'));
-				$oEventLog->Set('message', "$sErrorMessage\nFailed to process async task. Remaining retries: '.$iRemaining.'. Next retry in '.$iRetryDelay.'s'");
+				$oEventLog->Set('message', "$sErrorMessage\nFailed to process async task. Remaining retries: $iRemaining. Next retry in {$iNextRetryDelay}s");
                 try
                 {
                     $oEventLog->DBUpdate();
                 }
                 catch (Exception $e)
                 {
-                    $oEventLog->Set('message', "Failed to process async task. Remaining retries: '.$iRemaining.'. Next retry in '.$iRetryDelay.'s', more details in the log");
+                    $oEventLog->Set('message', "Failed to process async task. Remaining retries: $iRemaining. Next retry in {$iNextRetryDelay}s, more details in the log");
                     $oEventLog->DBUpdate();
                 }
 			}
 			$this->Set('remaining_retries', $iRemaining - 1);
 			$this->Set('status', 'planned');
 			$this->Set('started', null);
-			$this->Set('planned', time() + $iRetryDelay);
+			$this->Set('planned', time() + $iNextRetryDelay);
 		}
 		else
 		{
@@ -348,8 +409,6 @@ class AsyncSendEmail extends AsyncTask
 		$oNew->Set('to', $oEMail->GetRecipientTO(true /* string */));
 		$oNew->Set('subject', $oEMail->GetSubject());
 
-//		$oNew->Set('version', 1);
-//		$sMessage = serialize($oEMail);
 		$oNew->Set('version', 2);
 		$sMessage = $oEMail->SerializeV2();
 		$oNew->Set('message', $sMessage);

core/attributedef.class.inc.php

@@ -854,6 +854,11 @@ abstract class AttributeDefinition
 	//abstract protected GetBasicFilterHTMLInput();
 	abstract public function GetBasicFilterSQLExpr($sOpCode, $value);
 
+	/**
+	 *  since 3.1.0 return has changed (N°4690 - Deprecate "FilterCodes")
+	 *
+	 * @return array filtercode => attributecode
+	 */
 	public function GetFilterDefinitions()
 	{
 		return array();
@@ -1685,7 +1690,7 @@ class AttributeLinkedSet extends AttributeDefinition
 					{
 						if ($sObjClass == $this->GetLinkedClass())
 						{
-							// Simplify the output if the exact class could be determined implicitely 
+							// Simplify the output if the exact class could be determined implicitely
 							continue;
 						}
 					}
@@ -1793,7 +1798,7 @@ class AttributeLinkedSet extends AttributeDefinition
 	public function GetImportColumns()
 	{
 		$aColumns = array();
-		$aColumns[$this->GetCode()] = 'TEXT';
+		$aColumns[$this->GetCode()] = 'TEXT'.CMDBSource::GetSqlStringColumnDefinition();
 
 		return $aColumns;
 	}
@@ -2007,7 +2012,7 @@ class AttributeLinkedSet extends AttributeDefinition
 					{
 						if ($sObjClass == $this->GetLinkedClass())
 						{
-							// Simplify the output if the exact class could be determined implicitely 
+							// Simplify the output if the exact class could be determined implicitely
 							continue;
 						}
 					}
@@ -2412,7 +2417,7 @@ class AttributeDBFieldVoid extends AttributeDefinition
 		return false;
 	}
 
-	// 
+	//
 	protected function ScalarToSQL($value)
 	{
 		return $value;
@@ -2452,7 +2457,7 @@ class AttributeDBFieldVoid extends AttributeDefinition
 
 	public function GetFilterDefinitions()
 	{
-		return array($this->GetCode() => new FilterFromAttribute($this));
+		return array($this->GetCode() => $this->GetCode());
 	}
 
 	public function GetBasicFilterOperators()
@@ -4123,7 +4128,8 @@ class AttributeText extends AttributeString
 					{
 						// Propose a std link to the object
 						$sClassLabel = MetaModel::GetName($sClass);
-						$sReplacement = "<span class=\"wiki_broken_link\">$sClassLabel:$sName" . (!empty($sLabel) ? " ($sLabel)" : "") . "</span>";
+						$sToolTipForHtml = utils::EscapeHtml(Dict::Format('Core:UnknownObjectLabel', $sClass, $sName));
+						$sReplacement = "<span class=\"wiki_broken_link ibo-is-broken-hyperlink\" data-tooltip-content=\"$sToolTipForHtml\">$sClassLabel:$sName" . (!empty($sLabel) ? " ($sLabel)" : "") . "</span>";
 						$sText = str_replace($aMatches[0], $sReplacement, $sText);
 						// Later: propose a link to create a new object
 						// Anyhow... there is no easy way to suggest default values based on the given FRIENDLY name
@@ -4158,6 +4164,7 @@ class AttributeText extends AttributeString
 		{
 			$sValue = parent::GetAsHTML($sValue, $oHostObject, $bLocalize);
 			$sValue = self::RenderWikiHtml($sValue);
+			$sValue = nl2br($sValue);
 
 			return "<div $sStyle>$sValue</div>";
 		}
@@ -4172,20 +4179,21 @@ class AttributeText extends AttributeString
 
 	public function GetEditValue($sValue, $oHostObj = null)
 	{
-		if ($this->GetFormat() == 'text')
-		{
-			if (preg_match_all(WIKI_OBJECT_REGEXP, $sValue, $aAllMatches, PREG_SET_ORDER))
-			{
-				foreach($aAllMatches as $iPos => $aMatches)
-				{
+		// N°4517 - PHP 8.1 compatibility: str_replace call with null cause deprecated message
+		if ($sValue == null) {
+			return '';
+		}
+
+		if ($this->GetFormat() == 'text') {
+			if (preg_match_all(WIKI_OBJECT_REGEXP, $sValue, $aAllMatches, PREG_SET_ORDER)) {
+				foreach ($aAllMatches as $iPos => $aMatches) {
 					$sClass = trim($aMatches[1]);
 					$sName = trim($aMatches[2]);
 					$sLabel = (!empty($aMatches[4])) ? trim($aMatches[4]) : null;
 
-					if (MetaModel::IsValidClass($sClass))
-					{
+					if (MetaModel::IsValidClass($sClass)) {
 						$sClassLabel = MetaModel::GetName($sClass);
-						$sReplacement = "[[$sClassLabel:$sName" . (!empty($sLabel) ? " | $sLabel" : "") . "]]";
+						$sReplacement = "[[$sClassLabel:$sName".(!empty($sLabel) ? " | $sLabel" : "")."]]";
 						$sValue = str_replace($aMatches[0], $sReplacement, $sValue);
 					}
 				}
@@ -4222,31 +4230,31 @@ class AttributeText extends AttributeString
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		$sValue = $proposedValue;
-		switch ($this->GetFormat())
-		{
+
+		// N°4517 - PHP 8.1 compatibility: str_replace call with null cause deprecated message
+		if ($sValue == null) {
+			return '';
+		}
+
+		switch ($this->GetFormat()) {
 			case 'html':
-				if (($sValue !== null) && ($sValue !== ''))
-				{
+				if (($sValue !== null) && ($sValue !== '')) {
 					$sValue = HTMLSanitizer::Sanitize($sValue);
 				}
 				break;
 
 			case 'text':
 			default:
-				if (preg_match_all(WIKI_OBJECT_REGEXP, $sValue, $aAllMatches, PREG_SET_ORDER))
-				{
-					foreach($aAllMatches as $iPos => $aMatches)
-					{
+				if (preg_match_all(WIKI_OBJECT_REGEXP, $sValue, $aAllMatches, PREG_SET_ORDER)) {
+					foreach ($aAllMatches as $iPos => $aMatches) {
 						$sClassLabel = trim($aMatches[1]);
 						$sName = trim($aMatches[2]);
-                        $sLabel = (!empty($aMatches[4])) ? trim($aMatches[4]) : null;
+						$sLabel = (!empty($aMatches[4])) ? trim($aMatches[4]) : null;
 
-						if (!MetaModel::IsValidClass($sClassLabel))
-						{
+						if (!MetaModel::IsValidClass($sClassLabel)) {
 							$sClass = MetaModel::GetClassFromLabel($sClassLabel);
-							if ($sClass)
-							{
-                                $sReplacement = "[[$sClassLabel:$sName" . (!empty($sLabel) ? " | $sLabel" : "") . "]]";
+							if ($sClass) {
+								$sReplacement = "[[$sClassLabel:$sName".(!empty($sLabel) ? " | $sLabel" : "")."]]";
 								$sValue = str_replace($aMatches[0], $sReplacement, $sValue);
 							}
 						}
@@ -4585,7 +4593,13 @@ class AttributeCaseLog extends AttributeLongText
 			{
 				if (strlen($proposedValue) > 0)
 				{
-					$oCaseLog->AddLogEntry($proposedValue);
+					//N°5135 - add impersonation information in caselog
+					if (UserRights::IsImpersonated()){
+						$sOnBehalfOf = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUserFriendlyName(), UserRights::GetUserFriendlyName());
+						$oCaseLog->AddLogEntry($proposedValue, $sOnBehalfOf, UserRights::GetConnectedUserId());
+					} else {
+						$oCaseLog->AddLogEntry($proposedValue);
+					}
 				}
 			}
 			$ret = $oCaseLog;
@@ -5392,7 +5406,7 @@ class AttributeEnum extends AttributeString
 	{
 		if (is_null($sValue))
 		{
-			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label		
+			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label
 			$sLabel = Dict::S('Class:'.$this->GetHostClass().'/Attribute:'.$this->GetCode().'/Value:'.$sValue,
 				Dict::S('Enum:Undefined'));
 		}
@@ -5414,7 +5428,7 @@ class AttributeEnum extends AttributeString
 	{
 		if (is_null($sValue))
 		{
-			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label		
+			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label
 			$sDescription = Dict::S('Class:'.$this->GetHostClass().'/Attribute:'.$this->GetCode().'/Value:'.$sValue.'+',
 				Dict::S('Enum:Undefined'));
 		}
@@ -5715,7 +5729,7 @@ class AttributeMetaEnum extends AttributeEnum
 		$aLocalizedValues = array();
 		foreach($aRawValues as $sKey => $sValue)
 		{
-			$aLocalizedValues[$sKey] = Str::pure2html($this->GetValueLabel($sKey));
+			$aLocalizedValues[$sKey] = $this->GetValueLabel($sKey);
 		}
 
 		return $aLocalizedValues;
@@ -5993,7 +6007,7 @@ class AttributeDateTime extends AttributeDBField
 	{
 		// Allow an empty string to be a valid value (synonym for "reset")
 		$aColumns = array();
-		$aColumns[$this->GetCode()] = 'VARCHAR(19)';
+		$aColumns[$this->GetCode()] = 'VARCHAR(19)'.CMDBSource::GetSqlStringColumnDefinition();
 
 		return $aColumns;
 	}
@@ -6008,7 +6022,9 @@ class AttributeDateTime extends AttributeDBField
 
 	public function GetDefaultValue(DBObject $oHostObject = null)
 	{
-		// null value will be replaced by the current date, if not already set, in DoComputeValues
+		if (!$this->IsNullAllowed()) {
+			return date($this->GetInternalFormat());
+		}
 		return $this->GetNullValue();
 	}
 
@@ -6481,7 +6497,7 @@ class AttributeDate extends AttributeDateTime
 	{
 		// Allow an empty string to be a valid value (synonym for "reset")
 		$aColumns = array();
-		$aColumns[$this->GetCode()] = 'VARCHAR(10)';
+		$aColumns[$this->GetCode()] = 'VARCHAR(10)'.CMDBSource::GetSqlStringColumnDefinition();
 
 		return $aColumns;
 	}
@@ -7211,7 +7227,7 @@ class AttributeExternalField extends AttributeDefinition
 
 	protected function GetSQLCol($bFullSpec = false)
 	{
-		// throw new CoreException("external attribute: does it make any sense to request its type ?");  
+		// throw new CoreException("external attribute: does it make any sense to request its type ?");
 		$oExtAttDef = $this->GetExtAttDef();
 
 		return $oExtAttDef->GetSQLCol($bFullSpec);
@@ -7484,7 +7500,7 @@ class AttributeExternalField extends AttributeDefinition
 
 	public function GetFilterDefinitions()
 	{
-		return array($this->GetCode() => new FilterFromAttribute($this));
+		return array($this->GetCode() => $this->GetCode());
 	}
 
 	public function GetBasicFilterOperators()
@@ -7798,7 +7814,7 @@ class AttributeBlob extends AttributeDefinition
 
 	public function GetDefaultValue(DBObject $oHostObject = null)
 	{
-		return "";
+		return new ormDocument('', '', '');
 	}
 
 	public function IsNullAllowed(DBObject $oHostObject = null)
@@ -8128,6 +8144,30 @@ class AttributeImage extends AttributeBlob
 		return "Image";
 	}
 
+	/**
+	 * {@inheritDoc}
+	 * @see AttributeBlob::MakeRealValue()
+	 */
+	public function MakeRealValue($proposedValue, $oHostObj)
+	{
+		$oDoc = parent::MakeRealValue($proposedValue, $oHostObj);
+
+		if (($oDoc instanceof ormDocument)
+			&& (false === $oDoc->IsEmpty())
+			&& ($oDoc->GetMimeType() === 'image/svg+xml')) {
+			$sCleanSvg = HTMLSanitizer::Sanitize($oDoc->GetData(), 'svg_sanitizer');
+			$oDoc = new ormDocument($sCleanSvg, $oDoc->GetMimeType(), $oDoc->GetFileName());
+		}
+
+		// The validation of the MIME Type is done by CheckFormat below
+		return $oDoc;
+	}
+
+	public function GetDefaultValue(DBObject $oHostObject = null)
+	{
+		return new ormDocument('', '', '');
+	}
+
 	/**
 	 * Check that the supplied ormDocument actually contains an image
 	 * {@inheritDoc}
@@ -8158,24 +8198,27 @@ class AttributeImage extends AttributeBlob
 		$sRet = '';
 		$bIsCustomImage = false;
 
-		$iMaxWidthPx = $this->Get('display_max_width').'px';
-		$iMaxHeightPx = $this->Get('display_max_height').'px';
+		$iMaxWidth = $this->Get('display_max_width');
+		$sMaxWidthPx = $iMaxWidth.'px';
+		$iMaxHeight = $this->Get('display_max_height');
+		$sMaxHeightPx = $iMaxHeight.'px';
 
 		$sDefaultImageUrl = $this->Get('default_image');
 		if ($sDefaultImageUrl !== null) {
-			$sRet = $this->GetHtmlForImageUrl($sDefaultImageUrl, $iMaxWidthPx, $iMaxHeightPx);
+			$sRet = $this->GetHtmlForImageUrl($sDefaultImageUrl, $sMaxWidthPx, $sMaxHeightPx);
 		}
 
 		$sCustomImageUrl = $this->GetAttributeImageFileUrl($value, $oHostObject);
 		if ($sCustomImageUrl !== null) {
 			$bIsCustomImage = true;
-			$sRet = $this->GetHtmlForImageUrl($sCustomImageUrl, $iMaxWidthPx, $iMaxHeightPx);
+			$sRet = $this->GetHtmlForImageUrl($sCustomImageUrl, $sMaxWidthPx, $sMaxHeightPx);
 		}
 
 		$sCssClasses = 'ibo-input-image--image-view attribute-image';
 		$sCssClasses .= ' '.(($bIsCustomImage) ? 'attribute-image-custom' : 'attribute-image-default');
 
-		return '<div class="'.$sCssClasses.'" style="width: '.$iMaxWidthPx.'; height: '.$iMaxHeightPx.';">'.$sRet.'</div>';
+		// Important: If you change this, mind updating edit_image.js as well
+		return '<div class="'.$sCssClasses.'" style="max-width: '.$sMaxWidthPx.'; max-height: '.$sMaxHeightPx.'; aspect-ratio: '.$iMaxWidth.' / '.$iMaxHeight.'">'.$sRet.'</div>';
 	}
 
 	/**
@@ -8499,18 +8542,17 @@ class AttributeStopWatch extends AttributeDefinition
 	public function GetFilterDefinitions()
 	{
 		$aRes = array(
-			$this->GetCode() => new FilterFromAttribute($this),
-			$this->GetCode().'_started' => new FilterFromAttribute($this, '_started'),
-			$this->GetCode().'_laststart' => new FilterFromAttribute($this, '_laststart'),
-			$this->GetCode().'_stopped' => new FilterFromAttribute($this, '_stopped')
+			$this->GetCode()              => $this->GetCode(),
+			$this->GetCode().'_started'   => $this->GetCode(),
+			$this->GetCode().'_laststart' => $this->GetCode(),
+			$this->GetCode().'_stopped'   => $this->GetCode(),
 		);
-		foreach($this->ListThresholds() as $iThreshold => $aFoo)
-		{
+		foreach ($this->ListThresholds() as $iThreshold => $aFoo) {
 			$sPrefix = $this->GetCode().'_'.$iThreshold;
-			$aRes[$sPrefix.'_deadline'] = new FilterFromAttribute($this, '_deadline');
-			$aRes[$sPrefix.'_passed'] = new FilterFromAttribute($this, '_passed');
-			$aRes[$sPrefix.'_triggered'] = new FilterFromAttribute($this, '_triggered');
-			$aRes[$sPrefix.'_overrun'] = new FilterFromAttribute($this, '_overrun');
+			$aRes[$sPrefix.'_deadline'] = $this->GetCode();
+			$aRes[$sPrefix.'_passed'] = $this->GetCode();
+			$aRes[$sPrefix.'_triggered'] = $this->GetCode();
+			$aRes[$sPrefix.'_overrun'] = $this->GetCode();
 		}
 
 		return $aRes;
@@ -9238,7 +9280,7 @@ class AttributeSubItem extends AttributeDefinition
 		return $res;
 	}
 
-	// 
+	//
 //	protected function ScalarToSQL($value) {return $value;} // format value as a valuable SQL literal (quoted outside)
 
 	public function FromSQLToValue($aCols, $sPrefix = '')
@@ -9252,7 +9294,7 @@ class AttributeSubItem extends AttributeDefinition
 
 	public function GetFilterDefinitions()
 	{
-		return array($this->GetCode() => new FilterFromAttribute($this));
+		return array($this->GetCode() => $this->GetCode());
 	}
 
 	public function GetBasicFilterOperators()
@@ -10282,7 +10324,6 @@ abstract class AttributeSet extends AttributeDBFieldVoid
 			} else {
 				$sTooltipContent = <<<HTML
 <h4>$sLabel</h4>
-<br>
 <div>$sDescription</div>
 HTML;
 				$sTooltipHtmlEnabled = 'true';
@@ -10829,7 +10870,7 @@ class AttributeClassAttCodeSet extends AttributeSet
 							}
 						}
 
-						$sLabelForHtmlAttribute = MetaModel::GetLabel($sAttClass, $sAttCode)." ($sAttCode)";
+						$sLabelForHtmlAttribute = utils::HtmlEntities(MetaModel::GetLabel($sAttClass, $sAttCode)." ($sAttCode)");
 						$aLocalizedValues[] = '<span class="attribute-set-item" data-code="'.$sAttCode.'" data-label="'.$sLabelForHtmlAttribute.'" data-description="" data-tooltip-content="'.$sLabelForHtmlAttribute.'">'.$sAttCode.'</span>';
 					} catch (Exception $e)
 					{
@@ -11022,7 +11063,7 @@ class AttributeQueryAttCodeSet extends AttributeSet
 				$aLocalizedValues = array();
 				foreach ($value as $sAttCode) {
 					if (isset($aAllowedAttributes[$sAttCode])) {
-						$sLabelForHtmlAttribute = $aAllowedAttributes[$sAttCode];
+						$sLabelForHtmlAttribute = utils::HtmlEntities($aAllowedAttributes[$sAttCode]);
 						$aLocalizedValues[] = '<span class="attribute-set-item" data-code="'.$sAttCode.'" data-label="'.$sLabelForHtmlAttribute.'" data-description="" data-tooltip-content="'.$sLabelForHtmlAttribute.'">'.$sAttCode.'</span>';
 					}
 				}
@@ -11318,6 +11359,13 @@ class AttributeTagSet extends AttributeSet
 		return new ormTagSet(MetaModel::GetAttributeOrigin($this->GetHostClass(), $this->GetCode()), $this->GetCode(), $this->GetMaxItems());
 	}
 
+	public function GetDefaultValue(DBObject $oHostObject = null)
+	{
+		$oTagSet =  new ormTagSet(MetaModel::GetAttributeOrigin($this->GetHostClass(), $this->GetCode()), $this->GetCode(), $this->GetMaxItems());
+		$oTagSet->SetValues([]);
+		return $oTagSet;
+	}
+
 	public function IsNull($proposedValue)
 	{
 		if (is_null($proposedValue))
@@ -11571,20 +11619,20 @@ class AttributeTagSet extends AttributeSet
 					$sTooltipContent = $sTagLabel;
 					$sTooltipHtmlEnabled = 'false';
 				} else {
+					$sTagLabelEscaped = utils::EscapeHtml($sTagLabel);
 					$sTooltipContent = <<<HTML
-<h4>$sTagLabel</h4>
-<br>
+<h4>$sTagLabelEscaped</h4>
 <div>$sTagDescription</div>
 HTML;
 					$sTooltipHtmlEnabled = 'true';
 				}
-				$sTooltipContent = utils::EscapeHtml($sTooltipContent);
+				$sTooltipContent = utils::HtmlEntities($sTooltipContent);
 
 				$sHtml .= '<a'.$sLink.' class="attribute-set-item attribute-set-item-'.$sTagCode.'" data-code="'.$sTagCode.'" data-label="'.$sLabelForHtml.'" data-description="'.$sDescriptionForHtml.'" data-tooltip-content="'.$sTooltipContent.'" data-tooltip-html-enabled="'.$sTooltipHtmlEnabled.'">'.$sLabelForHtml.'</a>';
 			}
 			else
 			{
-				$sHtml .= '<span class="attribute-set-item">'.$oTag.'</span>';
+				$sHtml .= '<span class="attribute-set-item">'.utils::EscapeHtml($oTag).'</span>';
 			}
 		}
 		$sHtml .= '</span>';
@@ -11912,7 +11960,7 @@ class AttributeFriendlyName extends AttributeDefinition
 
 	public function GetFilterDefinitions()
 	{
-		return array($this->GetCode() => new FilterFromAttribute($this));
+		return array($this->GetCode() => $this->GetCode());
 	}
 
 	public function GetBasicFilterOperators()
@@ -12544,10 +12592,12 @@ class AttributeCustomFields extends AttributeDefinition
 	 */
 	public function ReadValueFromPostedForm($oHostObject, $sFormPrefix)
 	{
-		$aRawData = json_decode(utils::ReadPostedParam("attr_{$sFormPrefix}{$this->GetCode()}", '{}', 'raw_data'),
-			true);
-
-		return new ormCustomFieldsValue($oHostObject, $this->GetCode(), $aRawData);
+		$aRawData = json_decode(utils::ReadPostedParam("attr_{$sFormPrefix}{$this->GetCode()}", '{}', 'raw_data'),	true);
+		if ($aRawData != null) {
+			return new ormCustomFieldsValue($oHostObject, $this->GetCode(), $aRawData);
+		} else{
+			return null;
+		}
 	}
 
 	public function MakeRealValue($proposedValue, $oHostObject)
@@ -12747,7 +12797,7 @@ class AttributeCustomFields extends AttributeDefinition
 			$sRet = $value->GetAsHTML($bLocalize);
 		} catch (Exception $e)
 		{
-			$sRet = 'Custom field error: '.htmlentities($e->getMessage(), ENT_QUOTES, 'UTF-8');
+			$sRet = 'Custom field error: '.utils::EscapeHtml($e->getMessage());
 		}
 
 		return $sRet;
@@ -13047,7 +13097,7 @@ class AttributeObsolescenceFlag extends AttributeBoolean
 
 	public function GetDefaultValue(DBObject $oHostObject = null)
 	{
-		return $this->MakeRealValue("", $oHostObject);
+		return $this->MakeRealValue(false, $oHostObject);
 	}
 
 	public function IsNullAllowed()

core/bulkchange.class.inc.php

@@ -11,7 +11,7 @@ define('UTF8_BOM', chr(239).chr(187).chr(191)); // 0xEF, 0xBB, 0xBF
 
 /**
  * CellChangeSpec
- * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?
  *
  * @package     iTopORM
  */
@@ -42,6 +42,17 @@ abstract class CellChangeSpec
 		return $this->m_sOql;
 	}
 
+	/**
+	 * @since 3.1.0 N°5305
+	 */
+	public function GetDisplayableValueAndDescription(): string
+	{
+		return sprintf("%s%s",
+			$this->GetDisplayableValue(),
+			$this->GetDescription()
+		);
+	}
+
 	abstract public function GetDescription();
 }
 
@@ -86,26 +97,90 @@ class CellStatus_Issue extends CellStatus_Modify
 		parent::__construct($proposedValue, $previousValue);
 	}
 
-	public function GetDescription()
+	public function GetDisplayableValue()
 	{
 		if (is_null($this->m_proposedValue))
 		{
-			return Dict::Format('UI:CSVReport-Value-SetIssue', $this->m_sReason);
+			return Dict::Format('UI:CSVReport-Value-SetIssue');
 		}
-		return Dict::Format('UI:CSVReport-Value-ChangeIssue', $this->m_proposedValue, $this->m_sReason);
+		return Dict::Format('UI:CSVReport-Value-ChangeIssue', \utils::EscapeHtml($this->m_proposedValue));
+	}
+
+	public function GetDescription()
+	{
+		return $this->m_sReason;
+	}
+	/*
+	 * @since 3.1.0 N°5305
+	 */
+	public function GetDisplayableValueAndDescription(): string
+	{
+		return sprintf("%s. %s",
+			$this->GetDisplayableValue(),
+			$this->GetDescription()
+		);
 	}
 }
 
 class CellStatus_SearchIssue extends CellStatus_Issue
 {
-	public function __construct()
+	/** @var string|null $m_sAllowedValues */
+	private $m_sAllowedValues;
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @var string $sSerializedSearch
+	 */
+	private $sSerializedSearch;
+
+	/** @var string|null $m_sTargetClass */
+	private $m_sTargetClass;
+
+	/**
+	 * CellStatus_SearchIssue constructor.
+	 * @since 3.1.0 N°5305
+	 *
+	 * @param string $sOql : main message
+	 * @param string $sReason : main message
+	 * @param null $sClass : used for additional message that provides allowed values for current class $sClass
+	 * @param null $sAllowedValues : used for additional message that provides allowed values $sAllowedValues for current class
+	 */
+	public function __construct($sSerializedSearch, $sReason, $sClass=null, $sAllowedValues=null)
 	{
-		parent::__construct(null, null, null);
+		parent::__construct(null, null, $sReason);
+		$this->sSerializedSearch = $sSerializedSearch;
+		$this->m_sAllowedValues = $sAllowedValues;
+		$this->m_sTargetClass = $sClass;
+	}
+
+	public function GetDisplayableValue()
+	{
+		if (null === $this->m_sReason) {
+			return Dict::Format('UI:CSVReport-Value-NoMatch', '');
+		}
+
+		return $this->m_sReason;
 	}
 
 	public function GetDescription()
 	{
-		return Dict::S('UI:CSVReport-Value-NoMatch');
+		if (\utils::IsNullOrEmptyString($this->m_sAllowedValues) ||
+			\utils::IsNullOrEmptyString($this->m_sTargetClass)) {
+			return '';
+		}
+
+		return Dict::Format('UI:CSVReport-Value-NoMatch-PossibleValues', $this->m_sTargetClass, $this->m_sAllowedValues);
+	}
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @return string
+	 */
+	public function GetSearchLinkUrl()
+	{
+		return sprintf("UI.php?operation=search&filter=%s",
+			rawurlencode($this->sSerializedSearch)
+		);
 	}
 }
 
@@ -126,11 +201,24 @@ class CellStatus_NullIssue extends CellStatus_Issue
 class CellStatus_Ambiguous extends CellStatus_Issue
 {
 	protected $m_iCount;
+	/**
+	 * @since 3.1.0 N°5305
+	 * @var string
+	 */
+	protected $sSerializedSearch;
 
-	public function __construct($previousValue, $iCount, $sOql)
+	/**
+	 * @since 3.1.0 N°5305
+	 *
+	 * @param $previousValue
+	 * @param int $iCount
+	 * @param string $sSerializedSearch
+	 *
+	 */
+	public function __construct($previousValue, $iCount, $sSerializedSearch)
 	{
 		$this->m_iCount = $iCount;
-		$this->m_sQuery = $sOql;
+		$this->sSerializedSearch = $sSerializedSearch;
 		parent::__construct(null, $previousValue, '');
 	}
 
@@ -139,12 +227,23 @@ class CellStatus_Ambiguous extends CellStatus_Issue
 		$sCount = $this->m_iCount;
 		return Dict::Format('UI:CSVReport-Value-Ambiguous', $sCount);
 	}
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @return string
+	 */
+	public function GetSearchLinkUrl()
+	{
+		return sprintf("UI.php?operation=search&filter=%s",
+			rawurlencode($this->sSerializedSearch)
+		);
+	}
 }
 
 
 /**
  * RowStatus
- * A series of classes, keeping the information about a given row: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given row: could it be changed or not (and why)?
  *
  * @package     iTopORM
  */
@@ -211,6 +310,26 @@ class RowStatus_Issue extends RowStatus
 	}
 }
 
+/**
+ * class dedicated to testability
+ * not used/ignored in csv imports UI/CLI
+ * @since 3.1.0 N°5305
+ */
+class RowStatus_Error extends RowStatus
+{
+	/** @var string */
+	protected $m_sError;
+
+	public function __construct($sError)
+	{
+		$this->m_sError = $sError;
+	}
+
+	public function GetDescription()
+	{
+		return $this->m_sError;
+	}
+}
 
 /**
  * BulkChange
@@ -220,17 +339,35 @@ class RowStatus_Issue extends RowStatus
  */
 class BulkChange
 {
-	protected $m_sClass; 
+	/** @var string */
+	protected $m_sClass;
 	protected $m_aData; // Note: hereafter, iCol maybe actually be any acceptable key (string)
 	// #@# todo: rename the variables to sColIndex
-	protected $m_aAttList; // attcode => iCol
-	protected $m_aExtKeys; // aExtKeys[sExtKeyAttCode][sExtReconcKeyAttCode] = iCol;
-	protected $m_aReconcilKeys; // attcode (attcode = 'id' for the pkey)
-	protected $m_sSynchroScope; // OQL - if specified, then the missing items will be reported
-	protected $m_aOnDisappear; // array of attcode => value, values to be set when an object gets out of scope (ignored if no scope has been defined)
-	protected $m_sDateFormat; // Date format specification, see DateTime::createFromFormat
-	protected $m_bLocalizedValues; // Values in the data set are localized (see AttributeEnum)
-	protected $m_aExtKeysMappingCache; // Cache for resolving external keys based on the given search criterias
+	/** @var array<string, string> attcode as key, iCol as value */
+	protected $m_aAttList;
+	/** @var array<string, array<string, string>> sExtKeyAttCode as key, array of sExtReconcKeyAttCode/iCol as value */
+	protected $m_aExtKeys;
+	/** @var string[] list of attcode (attcode = 'id' for the pkey) */
+	protected $m_aReconcilKeys;
+	/** @var string OQL - if specified, then the missing items will be reported */
+	protected $m_sSynchroScope;
+	/**
+	 * @var array<string, mixed> attcode as key, attvalue as value. Values to be set when an object gets out of scope
+	 *                          (ignored if no scope has been defined)
+	 */
+	protected $m_aOnDisappear;
+	/**
+	 * @see DateTime::createFromFormat
+	 * @var string Date format specification
+	 */
+	protected $m_sDateFormat;
+	/**
+	 * @see AttributeEnum
+	 * @var boolean true if Values in the data set are localized
+	 */
+	protected $m_bLocalizedValues;
+	/** @var array Cache for resolving external keys based on the given search criterias */
+	protected $m_aExtKeysMappingCache;
 
 	public function __construct($sClass, $aData, $aAttList, $aExtKeys, $aReconcilKeys, $sSynchroScope = null, $aOnDisappear = null, $sDateFormat = null, $bLocalize = false)
 	{
@@ -261,30 +398,30 @@ class BulkChange
 		$this->m_sReportCsvSep = $sSeparator;
 		$this->m_sReportCsvDelimiter = $sDelimiter;
 	}
-   
+
 	protected function ResolveExternalKey($aRowData, $sAttCode, &$aResults)
 	{
 		$oExtKey = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
 		$oReconFilter = new DBObjectSearch($oExtKey->GetTargetClass());
-		foreach ($this->m_aExtKeys[$sAttCode] as $sForeignAttCode => $iCol)
+		foreach ($this->m_aExtKeys[$sAttCode] as $sReconKeyAttCode => $iCol)
 		{
-			if ($sForeignAttCode == 'id')
+			if ($sReconKeyAttCode == 'id')
 			{
 				$value = (int) $aRowData[$iCol];
 			}
 			else
 			{
 				// The foreign attribute is one of our reconciliation key
-				$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sForeignAttCode);
+				$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sReconKeyAttCode);
 				$value = $oForeignAtt->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 			}
-			$oReconFilter->AddCondition($sForeignAttCode, $value, '=');
+			$oReconFilter->AddCondition($sReconKeyAttCode, $value, '=');
 			$aResults[$iCol] = new CellStatus_Void(utils::HtmlEntities($aRowData[$iCol]));
 		}
 
 		$oExtObjects = new CMDBObjectSet($oReconFilter);
 		$aKeys = $oExtObjects->ToArray();
-		return array($oReconFilter->ToOql(), $aKeys);
+		return array($oReconFilter, $aKeys);
 	}
 
 	// Returns true if the CSV data specifies that the external key must be left undefined
@@ -318,10 +455,10 @@ class BulkChange
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys reconciliation
 		//
-		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
+		foreach($this->m_aExtKeys as $sAttCode => $aReconKeys)
 		{
 			// Skip external keys used for the reconciliation process
 			// if (!array_key_exists($sAttCode, $this->m_aAttList)) continue;
@@ -330,7 +467,7 @@ class BulkChange
 
 			if ($this->IsNullExternalKeySpec($aRowData, $sAttCode))
 			{
-				foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+				foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 				{
 					// Default reporting
 					// $aRowData[$iCol] is always null
@@ -352,25 +489,24 @@ class BulkChange
 				$oReconFilter = new DBObjectSearch($oExtKey->GetTargetClass());
 
 				$aCacheKeys = array();
-				foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+				foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 				{
 					// The foreign attribute is one of our reconciliation key
-					if ($sForeignAttCode == 'id')
+					if ($sReconKeyAttCode == 'id')
 					{
 						$value = $aRowData[$iCol];
 					}
 					else
 					{
-						$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sForeignAttCode);
+						$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sReconKeyAttCode);
 						$value = $oForeignAtt->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 					}
 					$aCacheKeys[] = $value;
-					$oReconFilter->AddCondition($sForeignAttCode, $value, '=');
+					$oReconFilter->AddCondition($sReconKeyAttCode, $value, '=');
 					$aResults[$iCol] = new CellStatus_Void(utils::HtmlEntities($aRowData[$iCol]));
 				}
 				$sCacheKey = implode('_|_', $aCacheKeys); // Unique key for this query...
 				$iForeignKey = null;
-				$sOQL = '';
 				// TODO: check if *too long* keys can lead to collisions... and skip the cache in such a case...
 				if (!array_key_exists($sAttCode, $this->m_aExtKeysMappingCache))
 				{
@@ -379,9 +515,8 @@ class BulkChange
 				if (array_key_exists($sCacheKey, $this->m_aExtKeysMappingCache[$sAttCode]))
 				{
 					// Cache hit
-					$iCount = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['c'];
+					$iObjectFoundCount = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['c'];
 					$iForeignKey = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['k'];
-					$sOQL = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['oql'];
 					// Record the hit
 					$this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['h']++;
 				}
@@ -389,34 +524,35 @@ class BulkChange
 				{
 					// Cache miss, let's initialize it
 					$oExtObjects = new CMDBObjectSet($oReconFilter);
-					$iCount = $oExtObjects->Count();
-					if ($iCount == 1)
+					$iObjectFoundCount = $oExtObjects->Count();
+					if ($iObjectFoundCount == 1)
 					{
 						$oForeignObj = $oExtObjects->Fetch();
 						$iForeignKey = $oForeignObj->GetKey();
 					}
 					$this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey] = array(
-						'c' => $iCount,
+						'c' => $iObjectFoundCount,
 						'k' => $iForeignKey,
 						'oql' => $oReconFilter->ToOql(),
 						'h' => 0, // number of hits on this cache entry
 					);
 				}
-				switch($iCount)
+				switch($iObjectFoundCount)
 				{
 					case 0:
-					$aErrors[$sAttCode] = Dict::S('UI:CSVReport-Value-Issue-NotFound');
-					$aResults[$sAttCode]= new CellStatus_SearchIssue();
-					break;
-					
+						$oCellStatus_SearchIssue = $this->GetCellSearchIssue($oReconFilter);
+						$aResults[$sAttCode] = $oCellStatus_SearchIssue;
+						$aErrors[$sAttCode] = Dict::S('UI:CSVReport-Value-Issue-NotFound');
+						break;
+
 					case 1:
-					// Do change the external key attribute
-					$oTargetObj->Set($sAttCode, $iForeignKey);
-					break;
-					
+						// Do change the external key attribute
+						$oTargetObj->Set($sAttCode, $iForeignKey);
+						break;
+
 					default:
-					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-FoundMany', $iCount);
-					$aResults[$sAttCode]= new CellStatus_Ambiguous($oTargetObj->Get($sAttCode), $iCount, $sOQL);
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-FoundMany', $iObjectFoundCount);
+						$aResults[$sAttCode]= new CellStatus_Ambiguous($oTargetObj->Get($sAttCode), $iObjectFoundCount, $oReconFilter->serialize());
 				}
 			}
 
@@ -433,7 +569,7 @@ class BulkChange
 					else
 					{
 						$aResults[$sAttCode]= new CellStatus_Modify($iForeignObj, $oTargetObj->GetOriginal($sAttCode));
-						foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+						foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 						{
 							// Report the change on reconciliation values as well
 							$aResults[$iCol] = new CellStatus_Modify(utils::HtmlEntities($aRowData[$iCol]));
@@ -446,7 +582,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Set the object attributes
 		//
 		foreach ($this->m_aAttList as $sAttCode => $iCol)
@@ -487,7 +623,13 @@ class BulkChange
 				$value = $oAttDef->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 				if (is_null($value) && (strlen($aRowData[$iCol]) > 0))
 				{
-					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-NoMatch', $sAttCode);
+					if ($oAttDef instanceof AttributeEnum || $oAttDef instanceof AttributeTagSet){
+						/** @var AttributeDefinition $oAttributeDefinition */
+						$oAttributeDefinition = $oAttDef;
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-AllowedValues', $sAttCode, implode(',', $oAttributeDefinition->GetAllowedValues()));
+					} else {
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-NoMatch', $sAttCode);
+					}
 				}
 				else
 				{
@@ -504,7 +646,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -556,7 +698,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -567,12 +709,101 @@ class BulkChange
 		}
 		return $aResults;
 	}
-	
+
+	/**
+	 * search with current permissions did not match
+	 * let's search why and give some more feedbacks to the user through proper labels
+	 *
+	 * @param DBObjectSearch $oDbSearchWithConditions search used to find external key
+	 *
+	 * @return \CellStatus_SearchIssue
+	 * @throws \CoreException
+	 * @throws \MissingQueryArgument
+	 * @throws \MySQLException
+	 * @throws \MySQLHasGoneAwayException
+	 *
+	 * @since 3.1.0 N°5305
+	 */
+	protected function GetCellSearchIssue($oDbSearchWithConditions) : CellStatus_SearchIssue {
+		//current search with current permissions did not match
+		//let's search why and give some more feedback to the user
+
+		$sSerializedSearch = $oDbSearchWithConditions->serialize();
+
+		// Count all objects with all permissions without any condition
+		$oDbSearchWithoutAnyCondition = new DBObjectSearch($oDbSearchWithConditions->GetClass());
+		$oDbSearchWithoutAnyCondition->AllowAllData(true);
+		$oExtObjectSet = new CMDBObjectSet($oDbSearchWithoutAnyCondition);
+		$iAllowAllDataObjectCount = $oExtObjectSet->Count();
+
+		if ($iAllowAllDataObjectCount === 0) {
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		// Count all objects with current user permissions
+		$oDbSearchWithoutAnyCondition->AllowAllData(false);
+		$oExtObjectSetWithCurrentUserPermissions = new CMDBObjectSet($oDbSearchWithoutAnyCondition);
+		$iCurrentUserRightsObjectCount = $oExtObjectSetWithCurrentUserPermissions->Count();
+
+		if ($iCurrentUserRightsObjectCount === 0){
+			// No objects visible by current user
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject-ForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		try{
+			$aDisplayedAllowedValues = [];
+			// Possibles values are displayed to UI user. we have to limit the amount of displayed values
+			$oExtObjectSetWithCurrentUserPermissions->SetLimit(4);
+			for($i = 0; $i < 3; $i++){
+				/** @var \DBObject $oVisibleObject */
+				$oVisibleObject = $oExtObjectSetWithCurrentUserPermissions->Fetch();
+				if (is_null($oVisibleObject)){
+					break;
+				}
+
+				$aCurrentAllowedValueFields = [];
+				foreach ($oDbSearchWithConditions->GetInternalParams() as $sForeignAttCode => $sValue){
+					$aCurrentAllowedValueFields[] = $oVisibleObject->Get($sForeignAttCode);
+				}
+				$aDisplayedAllowedValues[] = implode(" ", $aCurrentAllowedValueFields);
+
+			}
+			$allowedValues = implode(", ", $aDisplayedAllowedValues);
+			if ($oExtObjectSetWithCurrentUserPermissions->Count() > 3){
+				$allowedValues .= "...";
+			}
+		} catch(Exception $e) {
+			IssueLog::Error("failure during CSV import when fetching few visible objects: ", null,
+				[ 'target_class' => $oDbSearchWithConditions->GetClass(), 'criteria' => $oDbSearchWithConditions->GetCriteria(), 'message' => $e->getMessage()]
+			);
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject-ForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		if ($iAllowAllDataObjectCount != $iCurrentUserRightsObjectCount) {
+			// No match and some objects NOT visible by current user. including current search maybe...
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-SomeObjectNotVisibleForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason, $oDbSearchWithConditions->GetClass(), $allowedValues);
+		}
+
+		// No match. This is not linked to any right issue
+		// Possible values: DD,DD
+		$aCurrentValueFields = [];
+		foreach ($oDbSearchWithConditions->GetInternalParams() as $sValue){
+			$aCurrentValueFields[] = $sValue;
+		}
+		$value =implode(" ", $aCurrentValueFields);
+		$sReason = Dict::Format('UI:CSVReport-Value-NoMatch', $value);
+		return new CellStatus_SearchIssue($sSerializedSearch, $sReason, $oDbSearchWithConditions->GetClass(), $allowedValues);
+	}
+
 	protected function PrepareMissingObject(&$oTargetObj, &$aErrors)
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys
 		//
 		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
@@ -585,7 +816,7 @@ class BulkChange
 				$aResults[$iCol] = new CellStatus_Void('?');
 			}
 		}
-	
+
 		// Update attributes
 		//
 		foreach($this->m_aOnDisappear as $sAttCode => $value)
@@ -596,7 +827,7 @@ class BulkChange
 			}
 			$oTargetObj->Set($sAttCode, $value);
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -616,7 +847,7 @@ class BulkChange
 				$aResults[$iCol]= new CellStatus_Void($oTargetObj->Get($sAttCode));
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -674,14 +905,16 @@ class BulkChange
 		}
 
 		$aResult[$iRow] = $this->PrepareObject($oTargetObj, $aRowData, $aErrors);
-	
+
 		if (count($aErrors) > 0)
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return $oTargetObj;
 		}
-	
+
 		// Check that any external key will have a value proposed
 		$aMissingKeys = array();
 		foreach (MetaModel::GetExternalKeys($this->m_sClass) as $sExtKeyAttCode => $oExtKey)
@@ -689,7 +922,7 @@ class BulkChange
 			if (!$oExtKey->IsNullAllowed())
 			{
 				if (!array_key_exists($sExtKeyAttCode, $this->m_aExtKeys) && !array_key_exists($sExtKeyAttCode, $this->m_aAttList))
-				{ 
+				{
 					$aMissingKeys[] = $oExtKey->GetLabel();
 				}
 			}
@@ -745,14 +978,16 @@ class BulkChange
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Modify(count($aChangedFields));
-	
+
 			// Optionaly record the results
 			//
 			if ($oChange)
@@ -794,9 +1029,11 @@ class BulkChange
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
@@ -821,7 +1058,7 @@ class BulkChange
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Disappeared(0);
 		}
 	}
-	
+
 	public function Process(CMDBChange $oChange = null)
 	{
 		if ($oChange)
@@ -866,7 +1103,7 @@ class BulkChange
 			foreach ($this->m_aAttList as $sAttCode => $iCol)
 			{
 				if ($sAttCode == 'id') continue;
-				
+
 				$oAttDef = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
 				if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 				{
@@ -881,14 +1118,18 @@ class BulkChange
 								$sFormat = $sDateFormat;
 							}
 							$oFormat = new DateTimeFormat($sFormat);
+							$sDateExample = $oFormat->Format(new DateTime('2022-10-23 16:25:33'));
 							$sRegExp = $oFormat->ToRegExpr('/');
-							if (!preg_match($sRegExp, $this->m_aData[$iRow][$iCol]))
+							$sErrorMsg = Dict::Format('UI:CSVReport-Row-Issue-ExpectedDateFormat', $sDateExample);
+							if (!preg_match($sRegExp, $sValue))
 							{
 								$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
+								$aResult[$iRow][$iCol] = new CellStatus_Issue(utils::HtmlEntities($sValue), null, $sErrorMsg);
+
 							}
 							else
 							{
-								$oDate = DateTime::createFromFormat($sFormat, $this->m_aData[$iRow][$iCol]);
+								$oDate = DateTime::createFromFormat($sFormat, $sValue);
 								if ($oDate !== false)
 								{
 									$sNewDate = $oDate->format($oAttDef->GetInternalFormat());
@@ -898,7 +1139,7 @@ class BulkChange
 								{
 									// Leave the cell unchanged
 									$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
-									$aResult[$iRow][$sAttCode] = new CellStatus_Issue(null, utils::HtmlEntities($this->m_aData[$iRow][$iCol]), Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
+									$aResult[$iRow][$iCol] = new CellStatus_Issue($sValue, null, $sErrorMsg);
 								}
 							}
 						}
@@ -952,23 +1193,26 @@ class BulkChange
 						else
 						{
 							// The value has to be found or verified
-							list($sQuery, $aMatches) = $this->ResolveExternalKey($aRowData, $sAttCode, $aResult[$iRow]);
-		
+
+							/** var DBObjectSearch $oReconFilter */
+							list($oReconFilter, $aMatches) = $this->ResolveExternalKey($aRowData, $sAttCode, $aResult[$iRow]);
+
 							if (count($aMatches) == 1)
 							{
 								$oRemoteObj = reset($aMatches); // first item
 								$valuecondition = $oRemoteObj->GetKey();
 								$aResult[$iRow][$sAttCode] = new CellStatus_Void($oRemoteObj->GetKey());
-							} 					
+							}
 							elseif (count($aMatches) == 0)
 							{
-								$aResult[$iRow][$sAttCode] = new CellStatus_SearchIssue();
-							} 					
+								$oCellStatus_SearchIssue = $this->GetCellSearchIssue($oReconFilter);
+								$aResult[$iRow][$sAttCode] = $oCellStatus_SearchIssue;
+							}
 							else
 							{
-								$aResult[$iRow][$sAttCode] = new CellStatus_Ambiguous(null, count($aMatches), $sQuery);
+								$aResult[$iRow][$sAttCode] = new CellStatus_Ambiguous(null, count($aMatches), $oReconFilter->serialize());
 							}
-						} 					
+						}
 					}
 					else
 					{
@@ -1019,7 +1263,7 @@ class BulkChange
 					default:
 						// Found several matches, ambiguous
 						$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Ambiguous'));
-						$aResult[$iRow]["id"]= new CellStatus_Ambiguous(0, $oReconciliationSet->Count(), $oReconciliationFilter->ToOql());
+						$aResult[$iRow]["id"]= new CellStatus_Ambiguous(0, $oReconciliationSet->Count(), $oReconciliationFilter->serialize());
 						$aResult[$iRow]["finalclass"]= 'n/a';
 					}
 				}
@@ -1110,7 +1354,7 @@ class BulkChange
 			}
 		}
 		$oBulkChanges->Seek(0);
-	
+
 		$aDetails = array();
 		while ($oChange = $oBulkChanges->Fetch())
 		{
@@ -1199,9 +1443,6 @@ EOF
 		$.get(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php?{$sAppContext}', {operation: 'displayCSVHistory', showall: bShowAll}, function(data)
 			{
 				$('#$sAjaxDivId').html(data);
-				var table = $('#$sAjaxDivId .listResults');
-				table.tableHover(); // hover tables
-				table.tablesorter( { widgets: ['myZebra', 'truncatedList']} ); // sortable and zebra tables
 			}
 		);
 	}
@@ -1277,7 +1518,7 @@ EOF
 							$oOldTarget = MetaModel::GetObject($oAttDef->GetTargetClass(), $oOperation->Get('oldvalue'));
 							$sOldValue = $oOldTarget->GetHyperlink();
 						}
-						
+
 						$sNewValue = Dict::S('UI:UndefinedObject');
 						if ($oOperation->Get('newvalue') != 0)
 						{
@@ -1303,11 +1544,11 @@ EOF
 				}
 				else
 				{
-					$aAttributes[$sAttCode] = 1;				
+					$aAttributes[$sAttCode] = 1;
 				}
 			}
 		}
-		
+
 		$aDetails = array();
 		foreach($aObjects as $iUId => $aObjData)
 		{
@@ -1359,6 +1600,6 @@ EOF
 			$aConfig[$sAttCode] = array('label' => MetaModel::GetLabel($sClass, $sAttCode), 'description' => MetaModel::GetDescription($sClass, $sAttCode));
 		}
 		$oPage->table($aConfig, $aDetails);
-	}	
+	}
 }
 

core/cmdbchangeop.class.inc.php

@@ -79,22 +79,30 @@ class CMDBChangeOp extends DBObject implements iCMDBChangeOp
 
 	/**
 	 * @inheritDoc
-	 */	 
+	 */
 	public function GetDescription()
 	{
 		return '';
 	}
 
 	/**
-	 * Safety net: in case the change is not given, let's guarantee that it will
-	 * be set to the current ongoing change (or create a new one)	
-	 */	
+	 * Safety net:
+	 * * if change isn't persisted yet, use the current change and persist it if needed
+	 * * in case the change is not given, let's guarantee that it will be set to the current ongoing change (or create a new one)
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 do persist the current change if needed
+	 */
 	protected function OnInsert()
 	{
-		if ($this->Get('change') <= 0)
-		{
-			$this->Set('change', CMDBObject::GetCurrentChange());
+		$iChange = $this->Get('change');
+		if (($iChange <= 0) || (is_null($iChange))) {
+			$oChange = CMDBObject::GetCurrentChange();
+			if ($oChange->IsNew()) {
+				$oChange->DBWrite();
+			}
+			$this->Set('change', $oChange);
 		}
+
 		parent::OnInsert();
 	}
 }
@@ -342,20 +350,30 @@ class CMDBChangeOpSetAttributeURL extends CMDBChangeOpSetAttribute
 	{
 		$aParams = array
 		(
-			"category" => "core/cmdb",
-			"key_type" => "",
-			"name_attcode" => "change",
-			"state_attcode" => "",
-			"reconc_keys" => array(),
-			"db_table" => "priv_changeop_setatt_url",
-			"db_key_field" => "id",
+			"category"            => "core/cmdb",
+			"key_type"            => "",
+			"name_attcode"        => "change",
+			"state_attcode"       => "",
+			"reconc_keys"         => array(),
+			"db_table"            => "priv_changeop_setatt_url",
+			"db_key_field"        => "id",
 			"db_finalclass_field" => "",
 		);
 		MetaModel::Init_Params($aParams);
 		MetaModel::Init_InheritAttributes();
-		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values"=>null, "sql"=>"oldvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
-		MetaModel::Init_AddAttribute(new AttributeURL("newvalue", array("allowed_values"=>null, "sql"=>"newvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
-		
+
+		// N°4910 (oldvalue), N°5423 (newvalue)
+		// We cannot have validation here, as AttributeUrl validation is field dependant.
+		// The validation will be done when editing the iTop object, it isn't the history API responsibility
+		//
+		// Pattern is retrieved using this order :
+		// 1.  try to get the pattern from the field definition (datamodel)
+		// 2. from the iTop config
+		// 3. config parameter default value
+		// see \AttributeURL::GetValidationPattern
+		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values" => null, "sql" => "oldvalue", "target" => '_blank', "default_value" => null, "is_null_allowed" => true, "depends_on" => array(), "validation_pattern" => '.*')));
+		MetaModel::Init_AddAttribute(new AttributeURL("newvalue", array("allowed_values" => null, "sql" => "newvalue", "target" => '_blank', "default_value" => null, "is_null_allowed" => true, "depends_on" => array(), "validation_pattern" => '.*')));
+
 		// Display lists
 		MetaModel::Init_SetZListItems('details', array('date', 'userinfo', 'attcode', 'oldvalue', 'newvalue')); // Attributes to be displayed for the complete details
 		MetaModel::Init_SetZListItems('list', array('date', 'userinfo', 'attcode', 'oldvalue', 'newvalue')); // Attributes to be displayed for a list
@@ -867,7 +885,7 @@ class CMDBChangeOpSetAttributeCaseLog extends CMDBChangeOpSetAttribute
 	 */
 	protected function ToHtml($sRawText)
 	{
-		return str_replace(array("\r\n", "\n", "\r"), "<br/>", htmlentities($sRawText, ENT_QUOTES, 'UTF-8'));
+		return str_replace(array("\r\n", "\n", "\r"), "<br/>", utils::EscapeHtml($sRawText));
 	}
 }
 
@@ -1077,7 +1095,7 @@ class CMDBChangeOpSetAttributeLinksTune extends CMDBChangeOpSetAttributeLinks
 			{
 				$oField = new FieldExpression('objclass',  $oSearch->GetClassAlias());
 				$sListExpr = '('.implode(', ', CMDBSource::Quote($aLinkClasses)).')';
-				$sOQLCondition = $oField->Render()." IN $sListExpr";
+				$sOQLCondition = $oField->RenderExpression()." IN $sListExpr";
 				$oNewCondition = Expression::FromOQL($sOQLCondition);
 				$oSearch->AddConditionExpression($oNewCondition);
 			}
@@ -1159,9 +1177,8 @@ class CMDBChangeOpSetAttributeCustomFields extends CMDBChangeOpSetAttribute
 					$oHandler = $oAttDef->GetHandler($aValues);
 					$sValueDesc = $oHandler->GetAsHTML($aValues);
 				}
-				catch (Exception $e)
-				{
-					$sValueDesc = 'Custom field error: '.htmlentities($e->getMessage(), ENT_QUOTES, 'UTF-8');
+				catch (Exception $e) {
+					$sValueDesc = 'Custom field error: '.utils::EscapeHtml($e->getMessage());
 				}
 				$sTextView = '<div>'.$sValueDesc.'</div>';
 

core/cmdbobject.class.inc.php

@@ -3,7 +3,7 @@
 //
 //   This file is part of iTop.
 //
-//   iTop is free software; you can redistribute it and/or modify	
+//   iTop is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU Affero General Public License as published by
 //   the Free Software Foundation, either version 3 of the License, or
 //   (at your option) any later version.
@@ -113,6 +113,26 @@ abstract class CMDBObject extends DBObject
 		self::$m_oCurrChange = $oChange;
 	}
 
+	/**
+	 * @param string $sUserInfo
+	 * @param string $sOrigin
+	 * @param \DateTime $oDate
+	 *
+	 * @throws \CoreException
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 new method to reset current change
+	 */
+	public static function SetCurrentChangeFromParams($sUserInfo, $sOrigin = null, $oDate = null)
+	{
+		static::SetTrackInfo($sUserInfo);
+		static::SetTrackOrigin($sOrigin);
+		static::CreateChange();
+
+		if (!is_null($oDate)) {
+			static::$m_oCurrChange->Set("date", $oDate);
+		}
+	}
+
 	//
 	// Todo: simplify the APIs and do not pass the current change as an argument anymore
 	//       SetTrackInfo to be invoked in very few cases (UI.php, CSV import, Data synchro)
@@ -144,6 +164,8 @@ abstract class CMDBObject extends DBObject
 	 *    $oMyChange->Set("userinfo", 'this is done by ... for ...');
 	 *    $iChangeId = $oMyChange->DBInsert();
 	 *
+	 * **warning** : this will do nothing if current change already exists !
+	 *
 	 * @see SetCurrentChange to specify a CMDBObject instance instead
 	 *
 	 * @param string $sInfo
@@ -161,7 +183,7 @@ abstract class CMDBObject extends DBObject
 	 *
 	 * @param string $sId ID of the user doing the change, null if not done by a user (eg. background task)
 	 *
-	 * @since 3.0.0
+	 * @since 3.0.0 N°2847 following the addition of CMDBChange.user_id
 	 */
 	public static function SetTrackUserId($sId)
 	{
@@ -171,6 +193,8 @@ abstract class CMDBObject extends DBObject
 	/**
 	 * Provides information about the origin of the change
 	 *
+	 * **warning** : this will do nothing if current change already exists !
+	 *
 	 * @see SetTrackInfo
 	 * @see SetCurrentChange to specify a CMDBObject instance instead
 	 *
@@ -181,19 +205,21 @@ abstract class CMDBObject extends DBObject
 	{
 		self::$m_sOrigin = $sOrigin;
 	}
-	
+
 	/**
 	 * Get the additional information (defaulting to user name)
-	 */	 	
-	protected static function GetTrackInfo()
+	 */
+	public static function GetTrackInfo()
 	{
-		if (is_null(self::$m_sInfo))
-		{
+		if (is_null(self::$m_sInfo)) {
 			return CMDBChange::GetCurrentUserName();
-		}
-		else
-		{
-			return self::$m_sInfo;
+		} else {
+			//N°5135 - add impersonation information in activity log/current cmdb change
+			if (UserRights::IsImpersonated()){
+				return sprintf("%s (%s)", CMDBChange::GetCurrentUserName(), self::$m_sInfo);
+			} else {
+				return self::$m_sInfo;
+			}
 		}
 	}
 
@@ -206,7 +232,10 @@ abstract class CMDBObject extends DBObject
 	 */
 	protected static function GetTrackUserId()
 	{
-		if (is_null(self::$m_sUserId))
+		if (is_null(self::$m_sUserId)
+			//N°5135 - indicate impersonation inside changelogs
+			&& (false === UserRights::IsImpersonated())
+		)
 		{
 			return CMDBChange::GetCurrentUserId();
 		}
@@ -215,10 +244,10 @@ abstract class CMDBObject extends DBObject
 			return self::$m_sUserId;
 		}
 	}
-	
+
 	/**
 	 * Get the 'origin' information (defaulting to 'interactive')
-	 */	 	
+	 */
 	protected static function GetTrackOrigin()
 	{
 		if (is_null(self::$m_sOrigin))
@@ -243,15 +272,17 @@ abstract class CMDBObject extends DBObject
 	 * @throws \CoreWarning
 	 * @throws \MySQLException
 	 * @throws \OQLException
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 {@see CMDBChange} **will be persisted later** in {@see \CMDBChangeOp::OnInsert} (was done previously directly here)
+	 *     This will avoid creating in DB CMDBChange lines without any corresponding CMDBChangeOp
 	 */
-	protected static function CreateChange()
+	public static function CreateChange()
 	{
 		self::$m_oCurrChange = MetaModel::NewObject("CMDBChange");
 		self::$m_oCurrChange->Set("date", time());
 		self::$m_oCurrChange->Set("userinfo", self::GetTrackInfo());
 		self::$m_oCurrChange->Set("user_id", self::GetTrackUserId());
 		self::$m_oCurrChange->Set("origin", self::GetTrackOrigin());
-		self::$m_oCurrChange->DBInsert();
 	}
 
 	/**
@@ -468,7 +499,7 @@ abstract class CMDBObject extends DBObject
 			$oMyChangeOp->Set("objkey", $this->GetKey());
 			$oMyChangeOp->Set("attcode", $sAttCode);
 			$oMyChangeOp->Set("oldvalue", $original);
-			$oMyChangeOp->Set("newvalue", $value[$sAttCode]);
+			$oMyChangeOp->Set("newvalue", $value);
 			$iId = $oMyChangeOp->DBInsertNoReload();
 		}
 		elseif ($oAttDef instanceOf AttributeCustomFields)
@@ -592,6 +623,9 @@ abstract class CMDBObject extends DBObject
 		return $this->DBCloneTracked_Internal();
 	}
 
+	/**
+	 * @deprecated 3.1.0 N°5232 not used
+	 */
 	public function DBCloneTracked(CMDBChange $oChange, $newKey = null)
 	{
 		self::SetCurrentChange($oChange);
@@ -601,25 +635,11 @@ abstract class CMDBObject extends DBObject
 	protected function DBCloneTracked_Internal($newKey = null)
 	{
 		$newKey = parent::DBClone($newKey);
-		$oClone = MetaModel::GetObject(get_class($this), $newKey); 
+		$oClone = MetaModel::GetObject(get_class($this), $newKey);
 
 		return $newKey;
 	}
 
-	public function DBUpdate()
-	{
-		// Copy the changes list before the update (the list should be reset afterwards)
-		$aChanges = $this->ListChanges();
-		if (count($aChanges) == 0)
-		{
-			return;
-		}
-		
-		$ret = parent::DBUpdate();
-		return $ret;
-	}
-
-
 	/**
 	 * @param null $oDeletionPlan
 	 *
@@ -654,46 +674,7 @@ abstract class CMDBObject extends DBObject
 	protected function DBDeleteTracked_Internal(&$oDeletionPlan = null)
 	{
 		$ret = parent::DBDelete($oDeletionPlan);
-		return $ret;
-	}
 
-	public static function BulkUpdate(DBSearch $oFilter, array $aValues)
-	{
-		return static::BulkUpdateTracked_Internal($oFilter, $aValues);
-	}
-
-	public static function BulkUpdateTracked(CMDBChange $oChange, DBSearch $oFilter, array $aValues)
-	{
-		self::SetCurrentChange($oChange);
-		static::BulkUpdateTracked_Internal($oFilter, $aValues);
-	}
-
-	protected static function BulkUpdateTracked_Internal(DBSearch $oFilter, array $aValues)
-	{
-		// $aValues is an array of $sAttCode => $value
-
-		// Get the list of objects to update (and load it before doing the change)
-		$oObjSet = new CMDBObjectSet($oFilter);
-		$oObjSet->Load();
-
-		// Keep track of the previous values (will be overwritten when the objects are synchronized with the DB)
-		$aOriginalValues = array();
-		$oObjSet->Rewind();
-		while ($oItem = $oObjSet->Fetch())
-		{
-			$aOriginalValues[$oItem->GetKey()] = $oItem->m_aOrigValues;
-		}
-
-		// Update in one single efficient query
-		$ret = parent::BulkUpdate($oFilter, $aValues);
-
-		// Record... in many queries !!!
-		$oObjSet->Rewind();
-		while ($oItem = $oObjSet->Fetch())
-		{
-			$aChangedValues = $oItem->ListChangedValues($aValues);
-			$oItem->RecordAttChanges($aChangedValues, $aOriginalValues[$oItem->GetKey()]);
-		}
 		return $ret;
 	}
 
@@ -738,11 +719,11 @@ abstract class CMDBObject extends DBObject
 class CMDBObjectSet extends DBObjectSet
 {
 	// this is the public interface (?)
-	
+
 	// I have to define those constructors here... :-(
 	// just to get the right object class in return.
 	// I have to think again to those things: maybe it will work fine if a have a constructor define here (?)
-	
+
 	static public function FromScratch($sClass)
 	{
 		$oFilter = new DBObjectSearch($sClass);
@@ -751,7 +732,7 @@ class CMDBObjectSet extends DBObjectSet
 		// NOTE: THIS DOES NOT WORK IF m_bLoaded is private in the base class (and you will not get any error message)
 		$oRetSet->m_bLoaded = true; // no DB load
 		return $oRetSet;
-	} 
+	}
 
 	// create an object set ex nihilo
 	// input = array of objects
@@ -760,7 +741,7 @@ class CMDBObjectSet extends DBObjectSet
 		$oRetSet = self::FromScratch($sClass);
 		$oRetSet->AddObjectArray($aObjects, $sClass);
 		return $oRetSet;
-	} 
+	}
 
 	static public function FromArrayAssoc($aClasses, $aObjects)
 	{

core/cmdbsource.class.inc.php

@@ -24,13 +24,15 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Core\DbConnectionWrapper;
+
 require_once('MyHelpers.class.inc.php');
 require_once(APPROOT.'core/kpi.class.inc.php');
 
 
 /**
  * CMDBSource
- * database access wrapper 
+ * database access wrapper
  *
  * @package     iTopORM
  */
@@ -66,11 +68,6 @@ class CMDBSource
 	 */
 	protected static $m_sDBTlsCA;
 
-	/** @var mysqli $m_oMysqli */
-	protected static $m_oMysqli;
-	/** @var mysqli or mock used for test purpose, only used in query() method */
-	protected static $oMySQLiForQuery;
-
 	/**
 	 * @var int number of level for nested transactions : 0 if no transaction was ever opened, +1 for each 'START TRANSACTION' sent
 	 * @since 2.7.0 N°679
@@ -135,8 +132,8 @@ class CMDBSource
 		self::$m_bDBTlsEnabled = empty($bTlsEnabled) ? false : $bTlsEnabled;
 		self::$m_sDBTlsCA = empty($sTlsCA) ? null : $sTlsCA;
 
-		self::$m_oMysqli = self::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $bTlsEnabled, $sTlsCA, true);
-		self::SetMySQLiForQuery(self::$m_oMysqli);
+		$oMysqli = self::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $bTlsEnabled, $sTlsCA, true);
+		DbConnectionWrapper::SetDbConnection($oMysqli);
 	}
 
 	/**
@@ -150,6 +147,8 @@ class CMDBSource
 	 *
 	 * @return \mysqli
 	 * @throws \MySQLException
+	 *
+	 * @uses IsOpenedDbConnectionUsingTls when asking for a TLS connection, to check if it was really opened using TLS
 	 */
 	public static function GetMysqliInstance(
 		$sDbHost, $sUser, $sPwd, $sSource = '', $bTlsEnabled = false, $sTlsCa = null, $bCheckTlsAfterConnection = false
@@ -158,7 +157,7 @@ class CMDBSource
 		$iPort = null;
 		self::InitServerAndPort($sDbHost, $sServer, $iPort);
 
-		$iFlags = null;
+		$iFlags = 0;
 
 		// *some* errors (like connection errors) will throw mysqli_sql_exception instead of generating warnings printed to the output
 		// but some other errors will still cause the query() method to return false !!!
@@ -167,7 +166,6 @@ class CMDBSource
 		try
 		{
 			$oMysqli = new mysqli();
-			$oMysqli->init();
 
 			if ($bTlsEnabled)
 			{
@@ -252,41 +250,41 @@ class CMDBSource
 	 * parameters were used.<br>
 	 * This method can be called to ensure that the DB connection really uses TLS.
 	 *
-	 * <p>We're using this object connection : {@link self::$m_oMysqli}
+	 * <p>We're using our own mysqli instance to do the check as this check is done when creating the mysqli instance : the consumer
+	 * might want a dedicated object, and if so we don't want to overwrite the one saved in CMDBSource !<br>
+	 * This is the case for example with {@see \iTopMutex} !
 	 *
 	 * @param \mysqli $oMysqli
 	 *
-	 * @return boolean true if the connection was really established using TLS
+	 * @return boolean true if the connection was really established using TLS, false otherwise
 	 * @throws \MySQLException
 	 *
+	 * @used-by GetMysqliInstance
 	 * @uses IsMySqlVarNonEmpty
+	 * @uses 'ssl_version' MySQL var
+	 * @uses 'ssl_cipher' MySQL var
 	 */
 	private static function IsOpenedDbConnectionUsingTls($oMysqli)
 	{
-		if (self::$m_oMysqli == null)
-		{
-			self::$m_oMysqli = $oMysqli;
-		}
-
-		$bNonEmptySslVersionVar = self::IsMySqlVarNonEmpty('ssl_version');
-		$bNonEmptySslCipherVar = self::IsMySqlVarNonEmpty('ssl_cipher');
+		$bNonEmptySslVersionVar = self::IsMySqlVarNonEmpty('ssl_version', $oMysqli);
+		$bNonEmptySslCipherVar = self::IsMySqlVarNonEmpty('ssl_cipher', $oMysqli);
 
 		return ($bNonEmptySslVersionVar && $bNonEmptySslCipherVar);
 	}
 
 	/**
 	 * @param string $sVarName
+	 * @param mysqli $oMysqli connection to use for the query
 	 *
 	 * @return bool
 	 * @throws \MySQLException
-	 *
-	 * @uses SHOW STATUS queries
+	 * @uses 'SHOW SESSION STATUS' queries
 	 */
-	private static function IsMySqlVarNonEmpty($sVarName)
+	private static function IsMySqlVarNonEmpty($sVarName, $oMysqli)
 	{
 		try
 		{
-			$sResult = self::QueryToScalar("SHOW SESSION STATUS LIKE '$sVarName'", 1);
+			$sResult = self::QueryToScalar("SHOW SESSION STATUS LIKE '$sVarName'", 1, $oMysqli);
 		}
 		catch (MySQLQueryHasNoResultException $e)
 		{
@@ -345,30 +343,41 @@ class CMDBSource
 		{
 			// In case we don't have rights to enumerate the databases
 			// Let's try to connect directly
-			return @((bool)self::$m_oMysqli->query("USE `$sSource`"));
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			return @((bool)DbConnectionWrapper::GetDbConnection(true)->query("USE `$sSource`"));
 		}
 
 	}
 
+	/**
+	 * Get the version of the database server.
+	 *
+	 * @return string
+	 * @throws \MySQLException
+	 *
+	 * @uses \CMDBSource::QueryToScalar() so needs a connection opened !
+	 */
 	public static function GetDBVersion()
 	{
-		$aVersions = self::QueryToCol('SELECT Version() as version', 'version');
-		return $aVersions[0];
+		return static::QueryToScalar('SELECT VERSION()', 0);
 	}
 
 	/**
-	 * @return string
+	 * @deprecated Use `CMDBSource::GetDBVersion` instead.
+	 * @uses mysqli_get_server_info
 	 */
 	public static function GetServerInfo()
 	{
-		return mysqli_get_server_info ( self::$m_oMysqli );
+		return mysqli_get_server_info(DbConnectionWrapper::GetDbConnection());
 	}
 
 	/**
 	 * Get the DB vendor between MySQL and its main forks
 	 * @return string
+	 *
+	 * @uses \CMDBSource::GetServerVariable() so needs a connection opened !
 	 */
-	static public function GetDBVendor()
+	public static function GetDBVendor()
 	{
 		$sDBVendor = static::ENUM_DB_VENDOR_MYSQL;
 		
@@ -392,9 +401,9 @@ class CMDBSource
 	 */
 	public static function SelectDB($sSource)
 	{
-		if (!((bool)self::$m_oMysqli->query("USE `$sSource`")))
-		{
-			throw new MySQLException('Could not select DB', array('db_name'=>$sSource));
+		/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+		if (!((bool)DbConnectionWrapper::GetDbConnection(true)->query("USE `$sSource`"))) {
+			throw new MySQLException('Could not select DB', array('db_name' => $sSource));
 		}
 		self::$m_sDBName = $sSource;
 	}
@@ -445,51 +454,29 @@ class CMDBSource
 
 	/**
 	 * @return \mysqli
+	 *
+	 * @since 2.5.0 N°1260
 	 */
 	public static function GetMysqli()
 	{
-		return self::$m_oMysqli;
-	}
-
-	/**
-	 * @return
-	 */
-	private static function GetMySQLiForQuery()
-	{
-		return self::$oMySQLiForQuery;
-	}
-
-
-	/**
-	 * Used for test purpose (mysqli mock)
-	 * @param $oMySQLi
-	 */
-	private static function SetMySQLiForQuery($oMySQLi)
-	{
-		self::$oMySQLiForQuery = $oMySQLi;
+		return DbConnectionWrapper::GetDbConnection(false);
 	}
 
 	public static function GetErrNo()
 	{
-		if (self::$m_oMysqli->errno != 0)
-		{
-			return self::$m_oMysqli->errno;
-		}
-		else
-		{
-			return self::$m_oMysqli->connect_errno;
+		if (DbConnectionWrapper::GetDbConnection()->errno != 0) {
+			return DbConnectionWrapper::GetDbConnection()->errno;
+		} else {
+			return DbConnectionWrapper::GetDbConnection()->connect_errno;
 		}
 	}
 
 	public static function GetError()
 	{
-		if (self::$m_oMysqli->error != '')
-		{
-			return self::$m_oMysqli->error;
-		}
-		else
-		{
-			return self::$m_oMysqli->connect_error;
+		if (DbConnectionWrapper::GetDbConnection()->error != '') {
+			return DbConnectionWrapper::GetDbConnection()->error;
+		} else {
+			return DbConnectionWrapper::GetDbConnection()->connect_error;
 		}
 	}
 
@@ -529,7 +516,8 @@ class CMDBSource
 		// Quote if not a number or a numeric string
 		if ($bAlways || is_string($value))
 		{
-			$value = $cQuoteStyle . self::$m_oMysqli->real_escape_string($value) . $cQuoteStyle;
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$value = $cQuoteStyle.DbConnectionWrapper::GetDbConnection()->real_escape_string($value).$cQuoteStyle;
 		}
 		return $value;
 	}
@@ -590,7 +578,7 @@ class CMDBSource
 	/**
 	 * Send the query directly to the DB. **Be extra cautious with this !**
 	 *
-	 * Use {@link Query} if you're not sure.
+	 * Use {@see Query} if you're not sure.
 	 *
 	 * @internal
 	 *
@@ -612,26 +600,25 @@ class CMDBSource
 		$oKPI = new ExecutionKPI();
 		try
 		{
-			$oResult = self::GetMySQLiForQuery()->query($sSql);
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$oResult = DbConnectionWrapper::GetDbConnection(true)->query($sSql);
 		}
 		catch (mysqli_sql_exception $e)
 		{
-			self::LogDeadLock($e);
+			self::LogDeadLock($e, true);
 			throw new MySQLException('Failed to issue SQL query', array('query' => $sSql, $e));
 		}
 		$oKPI->ComputeStats('Query exec (mySQL)', $sSql);
-		if ($oResult === false)
-		{
+		if ($oResult === false) {
 			$aContext = array('query' => $sSql);
 
-			$iMySqlErrorNo = self::$m_oMysqli->errno;
+			$iMySqlErrorNo = DbConnectionWrapper::GetDbConnection(true)->errno;
 			$aMySqlHasGoneAwayErrorCodes = MySQLHasGoneAwayException::getErrorCodes();
-			if (in_array($iMySqlErrorNo, $aMySqlHasGoneAwayErrorCodes))
-			{
+			if (in_array($iMySqlErrorNo, $aMySqlHasGoneAwayErrorCodes)) {
 				throw new MySQLHasGoneAwayException(self::GetError(), $aContext);
 			}
 			$e = new MySQLException('Failed to issue SQL query', $aContext);
-			self::LogDeadLock($e);
+			self::LogDeadLock($e, true);
 			throw $e;
 		}
 
@@ -640,23 +627,24 @@ class CMDBSource
 
 	/**
 	 * @param \Exception $e
+	 * @param bool $bForQuery to get the proper DB connection
 	 *
 	 * @since 2.7.1
+	 * @since 3.0.0 N°4325 add new optional parameter to use the correct DB connection
 	 */
-	private static function LogDeadLock(Exception $e)
+	private static function LogDeadLock(Exception $e, $bForQuery = false)
 	{
 		// checks MySQL error code
-		$iMySqlErrorNo = self::$m_oMysqli->errno;
-		if (!in_array($iMySqlErrorNo, array(self::MYSQL_ERRNO_WAIT_TIMEOUT, self::MYSQL_ERRNO_DEADLOCK)))
-		{
+		$iMySqlErrorNo = DbConnectionWrapper::GetDbConnection($bForQuery)->errno;
+		if (!in_array($iMySqlErrorNo, array(self::MYSQL_ERRNO_WAIT_TIMEOUT, self::MYSQL_ERRNO_DEADLOCK))) {
 			return;
 		}
 
 		// Get error info
 		$sUser = UserRights::GetUser();
-		$oError = self::$m_oMysqli->query('SHOW ENGINE INNODB STATUS');
-		if ($oError !== false)
-		{
+		/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+		$oError = DbConnectionWrapper::GetDbConnection(true)->query('SHOW ENGINE INNODB STATUS');
+		if ($oError !== false) {
 			$aData = $oError->fetch_all(MYSQLI_ASSOC);
 			$sInnodbStatus = $aData[0];
 		}
@@ -693,13 +681,13 @@ class CMDBSource
 	private static function StartTransaction()
 	{
 		$aStackTrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT , 3);
-		$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+
 		$bHasExistingTransactions = self::IsInsideTransaction();
 		if (!$bHasExistingTransactions) {
-			IssueLog::Trace("START TRANSACTION $sCaller", LogChannels::CMDB_SOURCE);
+			IssueLog::Trace("START TRANSACTION was sent to the DB", LogChannels::CMDB_SOURCE, ['stacktrace' => $aStackTrace]);
 			self::DBQuery('START TRANSACTION');
 		} else {
-			IssueLog::Trace("Ignore nested (".self::$m_iTransactionLevel.") START TRANSACTION $sCaller", LogChannels::CMDB_SOURCE);
+			IssueLog::Trace("START TRANSACTION ignored as a transaction is already opened", LogChannels::CMDB_SOURCE, ['stacktrace' => $aStackTrace]);
 		}
 
 		self::AddTransactionLevel();
@@ -718,7 +706,11 @@ class CMDBSource
 	private static function Commit()
 	{
 		$aStackTrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT , 3);
-		$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		if(isset($aStackTrace[2]['class']) && isset($aStackTrace[2]['function'])) {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		} else {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].') ';
+		}
 		if (!self::IsInsideTransaction()) {
 			// should not happen !
 			IssueLog::Error("No Transaction COMMIT $sCaller", LogChannels::CMDB_SOURCE);
@@ -752,7 +744,11 @@ class CMDBSource
 	private static function Rollback()
 	{
 		$aStackTrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT , 3);
-		$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		if(isset($aStackTrace[2]['class']) && isset($aStackTrace[2]['function'])) {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		} else {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].') ';
+		}
 		if (!self::IsInsideTransaction()) {
 			// should not happen !
 			IssueLog::Error("No Transaction ROLLBACK $sCaller", LogChannels::CMDB_SOURCE);
@@ -829,7 +825,7 @@ class CMDBSource
 
 	public static function GetInsertId()
 	{
-		$iRes = self::$m_oMysqli->insert_id;
+		$iRes = DbConnectionWrapper::GetDbConnection()->insert_id;
 		if (is_null($iRes))
 		{
 			return 0;
@@ -861,26 +857,28 @@ class CMDBSource
 	/**
 	 * @param string $sSql
 	 * @param int $iCol beginning at 0
+	 * @param mysqli $oMysqli if not null will query using this connection, otherwise will use {@see GetMySQLiForQuery}
 	 *
 	 * @return string corresponding cell content on the first line
 	 * @throws \MySQLException
 	 * @throws \MySQLQueryHasNoResultException
+	 * @since 2.7.5-2 2.7.6 3.0.0 N°4215 new optional mysqli param
 	 */
-	public static function QueryToScalar($sSql, $iCol = 0)
+	public static function QueryToScalar($sSql, $iCol = 0, $oMysqli = null)
 	{
+		$oMysqliForQuery = $oMysqli ?: DbConnectionWrapper::GetDbConnection(true);
+
 		$oKPI = new ExecutionKPI();
-		try
-		{
-			$oResult = self::GetMySQLiForQuery()->query($sSql);
+		try {
+			/** @noinspection NullPointerExceptionInspection this shouldn't happen : either cnx is passed or the DB was init */
+			$oResult = $oMysqliForQuery->query($sSql);
 		}
-		catch(mysqli_sql_exception $e)
-		{
+		catch (mysqli_sql_exception $e) {
 			$oKPI->ComputeStats('Query exec (mySQL)', $sSql);
 			throw new MySQLException('Failed to issue SQL query', array('query' => $sSql, $e));
 		}
 		$oKPI->ComputeStats('Query exec (mySQL)', $sSql);
-		if ($oResult === false)
-		{
+		if ($oResult === false) {
 			throw new MySQLException('Failed to issue SQL query', array('query' => $sSql));
 		}
 
@@ -912,7 +910,8 @@ class CMDBSource
 		$oKPI = new ExecutionKPI();
 		try
 		{
-			$oResult = self::GetMySQLiForQuery()->query($sSql);
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$oResult = DbConnectionWrapper::GetDbConnection(true)->query($sSql);
 		}
 		catch(mysqli_sql_exception $e)
 		{
@@ -962,7 +961,8 @@ class CMDBSource
 		$aData = array();
 		try
 		{
-			$oResult = self::$m_oMysqli->query($sSql);
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$oResult = DbConnectionWrapper::GetDbConnection(true)->query($sSql);
 		}
 		catch(mysqli_sql_exception $e)
 		{
@@ -994,7 +994,8 @@ class CMDBSource
 	{
 		try
 		{
-			$oResult = self::GetMySQLiForQuery()->query($sSql);
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$oResult = DbConnectionWrapper::GetDbConnection(true)->query($sSql);
 		}
 		catch(mysqli_sql_exception $e)
 		{
@@ -1019,7 +1020,7 @@ class CMDBSource
 
 	public static function AffectedRows()
 	{
-		return self::$m_oMysqli->affected_rows;
+		return DbConnectionWrapper::GetDbConnection()->affected_rows;
 	}
 
 	public static function FetchArray($oResult)
@@ -1137,7 +1138,7 @@ class CMDBSource
 	 *
 	 * We still need to do a case sensitive comparison for enum values !
 	 *
-	 * A better solution would be to generate SQL field definitions ({@link GetFieldSpec} method) based on the DB used... But for
+	 * A better solution would be to generate SQL field definitions ({@see GetFieldSpec} method) based on the DB used... But for
 	 * now (N°2490 / SF #1756 / PR #91) we did implement this simpler solution
 	 *
 	 * @see GetFieldDataTypeAndOptions extracts all info from the SQL field definition
@@ -1482,7 +1483,8 @@ class CMDBSource
 		$sSql = "SELECT * FROM `$sTable`";
 		try
 		{
-			$oResult = self::GetMySQLiForQuery()->query($sSql);
+			/** @noinspection NullPointerExceptionInspection this shouldn't be called with un-init DB */
+			$oResult = DbConnectionWrapper::GetDbConnection(true)->query($sSql);
 		}
 		catch(mysqli_sql_exception $e)
 		{
@@ -1506,20 +1508,14 @@ class CMDBSource
 	 * Returns the value of the specified server variable
 	 * @param string $sVarName Name of the server variable
 	 * @return mixed Current value of the variable
-	 */	   	
+	 * @throws \MySQLQueryHasNoResultException|\MySQLException
+	 */
 	public static function GetServerVariable($sVarName)
 	{
-		$result = '';
-		$sSql = "SELECT @@$sVarName as theVar";
-		$aRows = self::QueryToArray($sSql);
-		if (count($aRows) > 0)
-		{
-			$result = $aRows[0]['theVar'];
-		}
-		return $result;
+		$sSql = 'SELECT @@'.$sVarName;
+		return static::QueryToScalar($sSql, 0) ?: '';
 	}
 
-
 	/**
 	 * Returns the privileges of the current user
 	 * @return string privileges in a raw format

core/config.class.inc.php

@@ -22,7 +22,15 @@
 
 define('ITOP_APPLICATION', 'iTop');
 define('ITOP_APPLICATION_SHORT', 'iTop');
-define('ITOP_VERSION', '3.0.0-dev');
+
+/**
+ * Constant containing the application version
+ * Warning: this might be different from iTop core version!
+ *
+ * @see ITOP_CORE_VERSION to get iTop core version
+ */
+define('ITOP_VERSION', '3.1.0-dev');
+
 define('ITOP_VERSION_NAME', 'Fullmoon');
 define('ITOP_REVISION', 'svn');
 define('ITOP_BUILD_DATE', '$WCNOW$');
@@ -107,7 +115,31 @@ class Config
 	protected $m_aSettings = [
 		'log_level_min' => [
 			'type' => 'array',
-			'description' => 'Optional min log level per channel',
+			'description' => 'Optional min log level, per channel.',
+			'default' => '',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'log_level_min.write_in_db' => [
+			'type' => 'array',
+			'description' => 'Optional min log level IN DB, per channel.',
+			'default' => '',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'event_service.debug.filter_events' => [
+			'type' => 'array',
+			'description' => 'Filter Event Service debug by events',
+			'default' => '',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'event_service.debug.filter_sources' => [
+			'type' => 'array',
+			'description' => 'Filter Event Service debug by event sources',
 			'default' => '',
 			'value' => '',
 			'source_of_value' => '',
@@ -473,13 +505,21 @@ class Config
 			'show_in_conf_sample' => true,
 		],
 		'cron_max_execution_time' => [
-			'type' => 'integer',
-			'description' => 'Duration (seconds) of the page cron.php, must be shorter than php setting max_execution_time and shorter than the web server response timeout',
-			'default' => 600,
-			'value' => 600,
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'Duration (seconds) of the cron.php script : if exceeded the script will exit even if there are remaining tasks to process. Must be shorter than php max_execution_time setting (note than when using CLI, this is set to 0 by default which means unlimited). If cron.php is ran via web, it must be shorter than the web server response timeout.',
+			'default'             => 600,
+			'value'               => 600,
+			'source_of_value'     => '',
 			'show_in_conf_sample' => true,
 		],
+		'cron_task_max_execution_time' => [
+			'type' => 'integer',
+			'description' => 'Background tasks will use this value (integer) multiplicated by its periodicity (in seconds) as max duration per cron execution. 0 is unlimited time',
+			'default' => 0,
+			'value' => 0,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'cron_sleep' => [
 			'type' => 'integer',
 			'description' => 'Duration (seconds) before cron.php checks again if something must be done',
@@ -506,7 +546,7 @@ class Config
 		],
 		'email_transport' => [
 			'type' => 'string',
-			'description' => 'Mean to send emails: PHPMail (uses the function mail()) or SMTP (implements the client protocol)',
+			'description' => 'Mean to send emails: PHPMail (uses the function mail()), SMTP (implements the client protocol) or SMTP_OAuth (connect to the server using OAuth 2.0)',
 			'default' => "PHPMail",
 			'value' => "PHPMail",
 			'source_of_value' => '',
@@ -528,7 +568,7 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.encryption' => [
+		'email_transport_smtp.encryption'          => [
 			'type' => 'string',
 			'description' => 'tls or ssl (optional)',
 			'default' => "",
@@ -536,28 +576,28 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.username' => [
-			'type' => 'string',
-			'description' => 'Authentication user (optional)',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_transport_smtp.username'            => [
+			'type'                => 'string',
+			'description'         => 'Authentication user (optional)',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.password' => [
-			'type' => 'string',
-			'description' => 'Authentication password (optional)',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_transport_smtp.password'            => [
+			'type'                => 'string',
+			'description'         => 'Authentication password (optional)',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_css' => [
-			'type' => 'string',
-			'description' => 'CSS that will override the standard stylesheet used for the notifications',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_css'                                => [
+			'type'                => 'string',
+			'description'         => 'CSS that will override the standard stylesheet used for the notifications',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'email_default_sender_address' => [
@@ -600,6 +640,13 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		/**
+		 * The timezone is automatically set using this parameter in \utils::InitTimeZone
+		 * This method is called almost everywhere, cause it's called in \MetaModel::LoadConfig and exec.php... but you might
+		 * need to get it yourself !
+		 *
+		 * @used-by utils::InitTimeZone()
+		 */
 		'timezone' => [
 			'type' => 'string',
 			'description' => 'Timezone (reference: http://php.net/manual/en/timezones.php). If empty, it will be left unchanged and MUST be explicitly configured in PHP',
@@ -843,13 +890,23 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'impact_analysis_lazy_loading' => [
+			'type'                => 'bool',
+			'description'         => 'In the impact analysis view: display the analysis or filter before display',
+			'default'             => false,
+			'value'               => '',
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
 		'url_validation_pattern' => [
 			'type' => 'string',
 			'description' => 'Regular expression to validate/detect the format of an URL (URL attributes and Wiki formatting for Text attributes)',
-			'default' => '(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.-]*)?(#[a-zA-Z_.-][a-zA-Z0-9+\$_.-]*)?',
-			//            SHEME.......... USER....................... PASSWORD.......................... HOST/IP........... PORT.......... PATH........................ GET............................................ ANCHOR............................
+			'default' => /** @lang RegExp */
+			'(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9:%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.-]*)?(#[a-zA-Z0-9_.-][a-zA-Z0-9+\$_.-]*)?',
+			// SCHEME....... USER....................... PASSWORD.......................... HOST/IP........... PORT.......... PATH......................... GET............................................ ANCHOR..........................
 			// Example: http://User:passWord@127.0.0.1:8888/patH/Page.php?arrayArgument[2]=something:blah20#myAnchor
-			// Origin of this regexp: http://www.php.net/manual/fr/function.preg-match.php#93824
+			// RegExp source: http://www.php.net/manual/fr/function.preg-match.php#93824
+			// Update with N°4515
 			'value' => '',
 			'source_of_value' => '',
 			'show_in_conf_sample' => true,
@@ -967,8 +1024,8 @@ class Config
 			'type' => 'integer',
 			'description' => 'Maximum length of the history table (in the "History" tab on each object) before it gets truncated. Latest modifications are displayed first.',
 			// examples... not used
-			'default' => 50,
-			'value' => 50,
+			'default' => 200,
+			'value' => 200,
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
@@ -1062,72 +1119,88 @@ class Config
 			'show_in_conf_sample' => false,
 		],
 		'transactions_gc_threshold' => [
-			'type' => 'integer',
-			'description' => 'probability in percent for the garbage collector to be triggered (100 mean always)',
-			'default' => 10, // added in itop 2.7.4, before the GC was always called
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'probability in percent for the garbage collector to be triggered (100 mean always)',
+			'default'             => 10, // added in itop 2.7.4, before the GC was always called
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'log_transactions' => [
-			'type' => 'bool',
-			'description' => 'Whether or not to enable the debug log for the transactions.',
-			'default' => false,
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'bool',
+			'description'         => 'Whether or not to enable the debug log for the transactions.',
+			'default'             => false,
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'concurrent_lock_enabled' => [
-			'type' => 'bool',
-			'description' => 'Whether or not to activate the locking mechanism in order to prevent concurrent edition of the same object.',
-			'default' => false,
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'bool',
+			'description'         => 'Whether or not to activate the locking mechanism in order to prevent concurrent edition of the same object.',
+			'default'             => false,
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'concurrent_lock_expiration_delay' => [
-			'type' => 'integer',
-			'description' => 'Delay (in seconds) for a concurrent lock to expire',
-			'default' => 120,
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'Delay (in seconds) for a concurrent lock to expire',
+			'default'             => 120,
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'concurrent_lock_override_profiles' => [
-			'type' => 'array',
-			'description' => 'The list of profiles allowed to "kill" a lock',
-			'default' => ['Administrator'],
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'array',
+			'description'         => 'The list of profiles allowed to "kill" a lock',
+			'default'             => ['Administrator'],
+			'value'               => '',
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
+		'force_transition_confirmation' => [
+			'type'                => 'bool',
+			'description'         => 'If set to true force confirmation in all transition even if there is no field to complete',
+			'default'             => false,
+			'value'               => false,
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'html_sanitizer' => [
+			'type'                => 'string',
+			'description'         => 'The class to use for HTML sanitization: HTMLDOMSanitizer, HTMLPurifierSanitizer or HTMLNullSanitizer',
+			'default'             => 'HTMLDOMSanitizer',
+			'value'               => '',
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
+		'svg_sanitizer' => [
 			'type' => 'string',
-			'description' => 'The class to use for HTML sanitization: HTMLDOMSanitizer, HTMLPurifierSanitizer or HTMLNullSanitizer',
-			'default' => 'HTMLDOMSanitizer',
+			'description' => 'The class to use for SVG sanitization : allow to provide a custom made sanitizer',
+			'default' => 'SVGDOMSanitizer',
 			'value' => '',
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
 		'inline_image_max_display_width' => [
-			'type' => 'integer',
-			'description' => 'The maximum width (in pixels) when displaying images inside an HTML formatted attribute. Images will be displayed using this this maximum width.',
-			'default' => '250',
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'The maximum width (in pixels) when displaying images inside an HTML formatted attribute. Images will be displayed using this this maximum width.',
+			'default'             => '250',
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => true,
 		],
 		'inline_image_max_storage_width' => [
-			'type' => 'integer',
-			'description' => 'The maximum width (in pixels) when uploading images to be used inside an HTML formatted attribute. Images larger than the given size will be downsampled before storing them in the database.',
-			'default' => '1600',
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'The maximum width (in pixels) when uploading images to be used inside an HTML formatted attribute. Images larger than the given size will be downsampled before storing them in the database.',
+			'default'             => '1600',
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => true,
 		],
 		'draft_attachments_lifetime' => [
-			'type' => 'integer',
-			'description' => 'Lifetime (in seconds) of drafts\' attachments and inline images: after this duration, the garbage collector will delete them.',
+			'type'                => 'integer',
+			'description'         => 'Lifetime (in seconds) of drafts\' attachments and inline images: after this duration, the garbage collector will delete them.',
 			'default' => 86400,
 			'value' => '',
 			'source_of_value' => '',
@@ -1141,6 +1214,38 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => true,
 		],
+		'compatibility.include_moved_js_files' => [
+			'type' => 'bool',
+			'description' => 'Include back JS files which are now only included when necessary to ease usage of not migrated extensions',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'compatibility.include_deprecated_js_files' => [
+			'type' => 'bool',
+			'description' => 'Include the deprecated JS files (in iTop previous version) to ease usage of not migrated extensions',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'compatibility.include_moved_css_files' => [
+			'type' => 'bool',
+			'description' => 'Include back CSS files which are now only included when necessary to ease usage of not migrated extensions',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'compatibility.include_deprecated_css_files' => [
+			'type' => 'bool',
+			'description' => 'Include the deprecated CSS files (in iTop previous version) to ease usage of not migrated extensions',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'navigation_menu.show_menus_count' => [
 			'type' => 'bool',
 			'description' => 'Display count badges for OQL menu entries',
@@ -1287,9 +1392,9 @@ class Config
 		],
 		'mentions.allowed_classes' => [
 			'type' => 'array',
-			'description' => 'Classes which can be mentioned through the autocomplete in the caselogs. Key of the array must be a single character that will trigger the autocomplete, value can be either a DM class or a valid OQL (eg. "@" => "Person", "?" => "SELECT FAQ WHERE status = \'published\'")',
+			'description' => 'Classes which can be mentioned through the autocomplete in the caselogs. Key of the array must be a single character that will trigger the autocomplete, value must be a DM class (eg. "@" => "Person", "?" => "FAQ")',
 			'default' => [
-				'@' => 'SELECT Person WHERE status = \'active\'',
+				'@' => 'Person',
 			],
 			'value' => false,
 			'source_of_value' => '',
@@ -1367,14 +1472,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'use_legacy_dbsearch' => [
-			'type' => 'bool',
-			'description' => 'If set, DBSearch will use legacy SQL query generation',
-			'default' => false,
-			'value' => false,
-			'source_of_value' => '',
-			'show_in_conf_sample' => false,
-		],
 		'query_cache_enabled' => [
 			'type' => 'bool',
 			'description' => 'If set, DBSearch will use cache for query generation',
@@ -1415,6 +1512,22 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'security.disable_inline_documents_sandbox' => [
+			'type' => 'bool',
+			'description' => 'If true then the sandbox for documents displayed in a browser tab will be disabled; enabling scripts and other interactive content. Note that setting this to true will open the application to potential XSS attacks!',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
+		'security.hide_administrators' => [
+			'type' => 'bool',
+			'description' => 'If true, non-administrator users will not be able to see the administrator accounts, the Administrator profile and the links between the administrator accounts and their profiles.',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'behind_reverse_proxy' => [
 			'type' => 'bool',
 			'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)',
@@ -1447,6 +1560,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'setup.launch_button.enabled' => [
+			'type'                => 'bool',
+			'description'         => 'If true displays in the Application Upgrade screen a button allowing to launch the setup in a single click (no more manual config file permission change needed)',
+			'default'             => null,
+			'value'               => false,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
 	];
 
 	public function IsProperty($sPropCode)
@@ -1528,6 +1649,16 @@ class Config
 		return $this->m_aSettings[$sPropCode]['value'];
 	}
 
+	/**
+	 * @return mixed
+	 *
+	 * @since 3.0.1 N°4515
+	 */
+	public function GetDefault(string $sPropCode)
+	{
+		return $this->m_aSettings[$sPropCode]['default'];
+	}
+
 	/**
 	 * Whether the $sPropCode parameter has a custom value or the default one.
 	 *
@@ -1756,7 +1887,7 @@ class Config
 		{
 			// Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack) 
 			throw new ConfigException('Syntax error in configuration file',
-				array('file' => $sConfigFile, 'error' => '<tt>'.htmlentities($sNoise, ENT_QUOTES, 'UTF-8').'</tt>'));
+				array('file' => $sConfigFile, 'error' => '<tt>'.utils::EscapeHtml($sNoise, ENT_QUOTES).'</tt>'));
 		}
 
 		if (!isset($MySettings) || !is_array($MySettings))

core/csvbulkexport.class.inc.php

@@ -125,8 +125,8 @@ class CSVBulkExport extends TabularBulkExport
 				$sRawSeparator = utils::ReadParam('separator', ',', true, 'raw_data');
 				$sCustomDateTimeFormat = utils::ReadParam('', ',', true, 'raw_data');
 				$aSep = array(
-					';' => Dict::S('UI:CSVImport:SeparatorSemicolon+'),
-					',' => Dict::S('UI:CSVImport:SeparatorComma+'),
+					';'   => Dict::S('UI:CSVImport:SeparatorSemicolon+'),
+					','   => Dict::S('UI:CSVImport:SeparatorComma+'),
 					'tab' => Dict::S('UI:CSVImport:SeparatorTab+'),
 				);
 				$sOtherSeparator = '';
@@ -134,10 +134,10 @@ class CSVBulkExport extends TabularBulkExport
 					$sOtherSeparator = $sRawSeparator;
 					$sRawSeparator = 'other';
 				}
-				$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" name="other-separator" value="'.htmlentities($sOtherSeparator, ENT_QUOTES, 'UTF-8').'"/>';
+				$aSep['other'] = Dict::S('UI:CSVImport:SeparatorOther').' <input type="text" size="3" name="other-separator" value="'.utils::EscapeHtml($sOtherSeparator).'"/>';
 
 				foreach ($aSep as $sVal => $sLabel) {
-					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "separator", utils::EscapeHtml($sVal), $sLabel, "radio");
 					$oRadio->GetInput()->SetIsChecked(($sVal == $sRawSeparator));
 					$oRadio->SetBeforeInput(false);
 					$oRadio->GetInput()->AddCSSClass('ibo-input--label-right');
@@ -152,7 +152,7 @@ class CSVBulkExport extends TabularBulkExport
 
 				$sRawQualifier = utils::ReadParam('text-qualifier', '"', true, 'raw_data');
 				$aQualifiers = array(
-					'"' => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
+					'"'  => Dict::S('UI:CSVImport:QualifierDoubleQuote+'),
 					'\'' => Dict::S('UI:CSVImport:QualifierSimpleQuote+'),
 				);
 				$sOtherQualifier = '';
@@ -160,10 +160,10 @@ class CSVBulkExport extends TabularBulkExport
 					$sOtherQualifier = $sRawQualifier;
 					$sRawQualifier = 'other';
 				}
-				$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" name="other-text-qualifier" value="'.htmlentities($sOtherQualifier, ENT_QUOTES, 'UTF-8').'"/>';
+				$aQualifiers['other'] = Dict::S('UI:CSVImport:QualifierOther').' <input type="text" size="3" name="other-text-qualifier" value="'.utils::EscapeHtml($sOtherQualifier).'"/>';
 
 				foreach ($aQualifiers as $sVal => $sLabel) {
-					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text-qualifier", htmlentities($sVal, ENT_QUOTES, 'UTF-8'), $sLabel, "radio");
+					$oRadio = InputUIBlockFactory::MakeForInputWithLabel($sLabel, "text-qualifier", utils::EscapeHtml($sVal), $sLabel, "radio");
 					$oRadio->GetInput()->SetIsChecked(($sVal == $sRawSeparator));
 					$oRadio->SetBeforeInput(false);
 					$oRadio->GetInput()->AddCSSClass('ibo-input--label-right');
@@ -209,8 +209,8 @@ class CSVBulkExport extends TabularBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "csv_date_format_radio", "default", "csv_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->SetBeforeInput(false);
@@ -218,18 +218,17 @@ class CSVBulkExport extends TabularBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="csv_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="csv_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "csv_date_format_radio", "custom", "csv_date_time_format_custom", "radio");
+				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
 				$oRadioCustom->SetBeforeInput(false);
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 
-				$sJSTooltip = json_encode('<div class="date_format_tooltip">'.Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip').'</div>');
 
 				$oP->add_ready_script(
 					<<<EOF
-$('#csv_custom_date_time_format').tooltip({content: function() { return $sJSTooltip; } });
 $('#form_part_csv_options').on('preview_updated', function() { FormatDatesInPreview('csv', 'csv'); });
 $('#csv_date_time_format_default').on('click', function() { FormatDatesInPreview('csv', 'csv'); });
 $('#csv_date_time_format_custom').on('click', function() { FormatDatesInPreview('csv', 'csv'); });
@@ -247,17 +246,18 @@ EOF
 	}
 
 	protected function GetSampleData($oObj, $sAttCode)
-	{	
-		if ($sAttCode != 'id')
-		{
+	{
+		if ($sAttCode != 'id') {
 			$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
-		return '<div class="text-preview">'.htmlentities($this->GetValue($oObj, $sAttCode), ENT_QUOTES, 'UTF-8').'</div>';
+
+		return '<div class="text-preview">'.utils::EscapeHtml($this->GetValue($oObj, $sAttCode)).'</div>';
 	}
 
 	protected function GetValue($oObj, $sAttCode)

core/datamodel.core.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0">
+<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.1">
   <user_rights>
     <profiles>
       <profile id="1024" _delta="define">
@@ -270,4 +270,4 @@
       </class>
     </classes>
   </meta>
-</itop_design>
+</itop_design>

core/dbobjectiterator.php

@@ -38,7 +38,7 @@ interface iDBObjectSetIterator extends Countable
 	 *
 	 * @return int
 	 */
-	public function Count();
+	public function Count(): int;
 
 	/**
 	 * Reset the cursor to the first item in the collection. Equivalent to Seek(0)
@@ -52,7 +52,7 @@ interface iDBObjectSetIterator extends Countable
 	 *
 	 * @param int $iRow
 	 */
-	public function Seek($iPosition);
+	public function Seek($iPosition): void;
 
 	/**
 	 * Fetch the object at the current position in the collection and move the cursor to the next position.

core/dbobjectsearch.class.php

@@ -413,28 +413,30 @@ class DBObjectSearch extends DBSearch
 	}
 
 	/**
+	 * Important: If you need to add a condition on the same $sFilterCode several times with different $value values; do not use this method as the previous $value occurences will be replaced by the last. Instead use:
+	 *  * {@see \DBObjectSearch::AddConditionExpression()} in loops to add conditions one by one
+	 *  * {@see \DBObjectSearch::AddConditionForInOperatorUsingParam()} for IN/NOT IN queries with lots of params at once
+	 *
 	 * @param string $sFilterCode
 	 * @param mixed $value
 	 * @param string $sOpCode operator to use : 'IN', 'NOT IN', 'Contains',' Begins with', 'Finishes with', ...
+	 *   If no operator is specified then :
+	 *     * for id field we will use "="
+	 *     * for other fields we will call the corresponding {@link AttributeDefinition::GetSmartConditionExpression} method impl
+	 *       to generate the expression
 	 * @param bool $bParseSearchString
 	 *
 	 * @throws \CoreException
-	 *
-	 * @see AddConditionForInOperatorUsingParam for IN/NOT IN queries with lots of params
 	 */
 	public function AddCondition($sFilterCode, $value, $sOpCode = null, $bParseSearchString = false)
 	{
-		MyHelpers::CheckKeyInArray('filter code in class: '.$this->GetClass(), $sFilterCode, MetaModel::GetClassFilterDefs($this->GetClass()));
+		MyHelpers::CheckKeyInArray('filter code in class: '.$this->GetClass(), $sFilterCode, MetaModel::GetFilterAttribList($this->GetClass()));
 
 		$oField = new FieldExpression($sFilterCode, $this->GetClassAlias());
-		if (empty($sOpCode))
-		{
-			if ($sFilterCode == 'id')
-			{
+		if (empty($sOpCode)) {
+			if ($sFilterCode == 'id') {
 				$sOpCode = '=';
-			}
-			else
-			{
+			} else {
 				$oAttDef = MetaModel::GetAttributeDef($this->GetClass(), $sFilterCode);
 				$oNewCondition = $oAttDef->GetSmartConditionExpression($value, $oField, $this->m_aParams);
 				$this->AddConditionExpression($oNewCondition);
@@ -465,14 +467,14 @@ class DBObjectSearch extends DBSearch
 			if (!is_array($value)) $value = array($value);
 			if (count($value) === 0) throw new Exception('AddCondition '.$sOpCode.': Value cannot be an empty array.');
 			$sListExpr = '('.implode(', ', CMDBSource::Quote($value)).')';
-			$sOQLCondition = $oField->Render()." IN $sListExpr";
+			$sOQLCondition = $oField->RenderExpression()." IN $sListExpr";
 			break;
 
 		case 'NOTIN':
 			if (!is_array($value)) $value = array($value);
             if (count($value) === 0) throw new Exception('AddCondition '.$sOpCode.': Value cannot be an empty array.');
 			$sListExpr = '('.implode(', ', CMDBSource::Quote($value)).')';
-			$sOQLCondition = $oField->Render()." NOT IN $sListExpr";
+			$sOQLCondition = $oField->RenderExpression()." NOT IN $sListExpr";
 			break;
 
 		case 'Contains':
@@ -1232,7 +1234,7 @@ class DBObjectSearch extends DBSearch
 				elseif (MetaModel::IsParentClass($oRightFilter->GetFirstJoinedClass(), $oLeftFilter->GetClass()))
 				{
 					// Specialize $oRightFilter
-					$oRightFilter->ChangeClass($oLeftFilter->GetClass());
+					$oRightFilter->ChangeClass($oLeftFilter->GetFirstJoinedClass());
 				}
 				else
 				{
@@ -1368,7 +1370,7 @@ class DBObjectSearch extends DBSearch
 	public function GetQueryParams($bExcludeMagicParams = true)
 	{
 		$aParams = array();
-		$this->m_oSearchCondition->Render($aParams, true);
+		$this->m_oSearchCondition->RenderExpression(false, $aParams, true);
 
 		if ($bExcludeMagicParams)
 		{
@@ -1457,7 +1459,7 @@ class DBObjectSearch extends DBSearch
 
 		$sRes .= ' ' . $this->GetFirstJoinedClass() . ' AS `' . $this->GetFirstJoinedClassAlias() . '`';
 		$sRes .= $this->ToOQL_Joins();
-		$sRes .= " WHERE ".$this->m_oSearchCondition->Render($aParams, $bRetrofitParams);
+		$sRes .= " WHERE ".$this->m_oSearchCondition->RenderExpression(false, $aParams, $bRetrofitParams);
 
 		if ($bWithAllowAllFlag && $this->m_bAllowAllData)
 		{
@@ -1896,16 +1898,13 @@ class DBObjectSearch extends DBSearch
 		// Hide objects that are not visible to the current user
 		//
 		$oSearch = $this;
-		if (!$this->IsAllDataAllowed() && !$this->IsDataFiltered())
-		{
+		if (!$this->IsAllDataAllowed() && !$this->IsDataFiltered()) {
 			$oVisibleObjects = UserRights::GetSelectFilter($this->GetClass(), $this->GetModifierProperties('UserRightsGetSelectFilter'));
-			if ($oVisibleObjects === false)
-			{
+			if ($oVisibleObjects === false) {
 				// Make sure this is a valid search object, saying NO for all
 				$oVisibleObjects = DBObjectSearch::FromEmptySet($this->GetClass());
 			}
-			if (is_object($oVisibleObjects))
-			{
+			if (is_object($oVisibleObjects)) {
 				$oVisibleObjects->AllowAllData();
 				$oSearch = $this->Intersect($oVisibleObjects);
 				$oSearch->SetDataFiltered();
@@ -1925,63 +1924,49 @@ class DBObjectSearch extends DBSearch
 			if (isset($_SERVER['REQUEST_URI']))
 			{
 				$aContextData['sRequestUri'] = $_SERVER['REQUEST_URI'];
-			}
-			else if (isset($_SERVER['SCRIPT_NAME']))
-			{
+			} else if (isset($_SERVER['SCRIPT_NAME'])) {
 				$aContextData['sRequestUri'] = $_SERVER['SCRIPT_NAME'];
-			}
-			else
-			{
+			} else {
 				$aContextData['sRequestUri'] = '';
 			}
 
 			// Need to identify the query
 			$sOqlQuery = $oSearch->ToOql(false, null, true);
-			if ((strpos($sOqlQuery, '`id` IN (') !== false) || (strpos($sOqlQuery, '`id` NOT IN (') !== false))
-			{
+			if ((strpos($sOqlQuery, '`id` IN (') !== false) || (strpos($sOqlQuery, '`id` NOT IN (') !== false)) {
 				// Requests containing "id IN" are not worth caching
 				$bCanCache = false;
 			}
 
 			$aContextData['sOqlQuery'] = $sOqlQuery;
 
-			if (count($aModifierProperties))
-			{
+			if (count($aModifierProperties)) {
 				array_multisort($aModifierProperties);
 				$sModifierProperties = json_encode($aModifierProperties);
-			}
-			else
-			{
+			} else {
 				$sModifierProperties = '';
 			}
 			$aContextData['sModifierProperties'] = $sModifierProperties;
 
 			$sRawId = Dict::GetUserLanguage().'-'.$sOqlQuery.$sModifierProperties;
-			if (!is_null($aAttToLoad))
-			{
+			if (!is_null($aAttToLoad)) {
 				$sRawId .= json_encode($aAttToLoad);
 			}
 			$aContextData['aAttToLoad'] = $aAttToLoad;
-			if (!is_null($aGroupByExpr))
-			{
-				foreach($aGroupByExpr as $sAlias => $oExpr)
-				{
-					$sRawId .= 'g:'.$sAlias.'!'.$oExpr->Render();
+			if (!is_null($aGroupByExpr)) {
+				foreach ($aGroupByExpr as $sAlias => $oExpr) {
+					$sRawId .= 'g:'.$sAlias.'!'.$oExpr->RenderExpression();
 				}
 			}
-			if (!is_null($aSelectExpr))
-			{
-				foreach($aSelectExpr as $sAlias => $oExpr)
-				{
-					$sRawId .= 'se:'.$sAlias.'!'.$oExpr->Render();
+			if (!is_null($aSelectExpr)) {
+				foreach ($aSelectExpr as $sAlias => $oExpr) {
+					$sRawId .= 'se:'.$sAlias.'!'.$oExpr->RenderExpression();
 				}
 			}
 			$aContextData['aGroupByExpr'] = $aGroupByExpr;
 			$aContextData['aSelectExpr'] = $aSelectExpr;
 			$sRawId .= $bGetCount;
 			$aContextData['bGetCount'] = $bGetCount;
-			if (is_array($aSelectedClasses))
-			{
+			if (is_array($aSelectedClasses)) {
 				$sRawId .= implode(',', $aSelectedClasses); // Unions may alter the list of selected columns
 			}
 			$aContextData['aSelectedClasses'] = $aSelectedClasses;
@@ -2092,17 +2077,13 @@ class DBObjectSearch extends DBSearch
 			// 3rd step - position the attributes in the hierarchy of classes
 			//
 			$oSubClassExp->Browse(function($oNode) use ($sSubClass) {
-				if ($oNode instanceof FieldExpression)
-				{
+				if ($oNode instanceof FieldExpression) {
 					$sAttCode = $oNode->GetName();
 					$oAttDef = MetaModel::GetAttributeDef($sSubClass, $sAttCode);
-					if ($oAttDef->IsExternalField())
-					{
+					if ($oAttDef->IsExternalField()) {
 						$sKeyAttCode = $oAttDef->GetKeyAttCode();
 						$sClassOfAttribute = MetaModel::GetAttributeOrigin($sSubClass, $sKeyAttCode);
-					}
-					else
-					{
+					} else {
 						$sClassOfAttribute = MetaModel::GetAttributeOrigin($sSubClass, $sAttCode);
 					}
 					$sParent = MetaModel::GetAttributeOrigin($sClassOfAttribute, $oNode->GetName());
@@ -2110,12 +2091,11 @@ class DBObjectSearch extends DBSearch
 				}
 			});
 
-			$sSignature = $oSubClassExp->Render();
-			if (!array_key_exists($sSignature, $aExpressions))
-			{
+			$sSignature = $oSubClassExp->RenderExpression();
+			if (!array_key_exists($sSignature, $aExpressions)) {
 				$aExpressions[$sSignature] = array(
 					'expression' => $oSubClassExp,
-					'classes' => array(),
+					'classes'    => array(),
 				);
 			}
 			$aExpressions[$sSignature]['classes'][] = $sSubClass;

core/dbobjectset.class.php

@@ -842,7 +842,7 @@ class DBObjectSet implements iDBObjectSetIterator
      * @throws \MySQLException
      * @throws \MySQLHasGoneAwayException
      */
-	public function Count()
+	public function Count(): int
 	{
 		if (is_null($this->m_iNumTotalDBRows))
 		{
@@ -1077,14 +1077,13 @@ class DBObjectSet implements iDBObjectSetIterator
      *
      * @param int $iRow
      *
-     * @return int|mixed
-     *
      * @throws \CoreException
      * @throws \MissingQueryArgument
      * @throws \MySQLException
      * @throws \MySQLHasGoneAwayException
+     * @since 3.1.0 N°4517 Now returns void for return type to match parent class and be compatible with PHP 8.1
      */
-	public function Seek($iRow)
+	public function Seek($iRow): void
 	{
 		if (!$this->m_bLoaded) $this->Load();
 
@@ -1093,7 +1092,6 @@ class DBObjectSet implements iDBObjectSetIterator
 		{
 			$this->m_oSQLResult->data_seek($this->m_iCurrRow);
 		}
-		return $this->m_iCurrRow;
 	}
 
     /**

core/dbsearch.class.php

@@ -18,23 +18,6 @@
  */
 
 
-$bUseLegacyDBSearch = utils::GetConfig()->Get('use_legacy_dbsearch');
-
-if ($bUseLegacyDBSearch)
-{
-	// excluded from autoload
-	require_once (APPROOT.'core/legacy/querybuilderexpressionslegacy.class.inc.php');
-	require_once (APPROOT.'core/legacy/querybuildercontextlegacy.class.inc.php');
-	require_once(APPROOT.'core/legacy/dbobjectsearchlegacy.class.php');
-}
-else
-{
-	// excluded from autoload
-	require_once (APPROOT.'core/querybuilderexpressions.class.inc.php');
-	require_once (APPROOT.'core/querybuildercontext.class.inc.php');
-	require_once(APPROOT.'core/dbobjectsearch.class.php');
-}
-
 /**
  * An object search
  *
@@ -1659,7 +1642,7 @@ abstract class DBSearch
 		$oSet = new DBObjectSet($this);
 		if (MetaModel::IsStandaloneClass($sClass))
 		{
-			$oSet->OptimizeColumnLoad(array($this->GetClassAlias() => array('')));
+			$oSet->OptimizeColumnLoad(array($this->GetClassAlias() => array()));
 			$aIds = array($sClass => $oSet->GetColumnAsArray('id'));
 		}
 		else
@@ -1724,4 +1707,16 @@ abstract class DBSearch
 	{
 		$this->SetShowObsoleteData(utils::ShowObsoleteData());
 	}
+
+	/**
+	 * To ease the debug of filters
+	 * @internal
+	 *
+	 * @return string
+	 *
+	 */
+	public function __toString()
+	{
+		return $this->ToOQL();
+	}
 }

core/dbunionsearch.class.php

@@ -416,7 +416,11 @@ class DBUnionSearch extends DBSearch
 		$aSearches = array();
 		foreach ($this->aSearches as $oSearch)
 		{
-			$aSearches[] = $oSearch->Filter($sClassAlias, $oFilter);
+			if (!$oSearch->IsAllDataAllowed()) {
+				$aSearches[] = $oSearch->Filter($sClassAlias, $oFilter);
+			} else {
+				$aSearches[] = $oSearch;
+			}
 		}
 		return new DBUnionSearch($aSearches);
 	}

core/designdocument.class.inc.php

@@ -26,8 +26,10 @@
 
 namespace Combodo\iTop;
 
-use \DOMDocument;
-use \DOMFormatException;
+use DOMDocument;
+use DOMFormatException;
+use IssueLog;
+use LogAPI;
 
 /**
  * Class \Combodo\iTop\DesignDocument
@@ -64,9 +66,13 @@ class DesignDocument extends DOMDocument
 	 * @param $filename
 	 * @param int $options
 	 */
-	public function load($filename, $options = 0)
+	public function load($filename, $options = null)
 	{
-		parent::load($filename, LIBXML_NOBLANKS);
+		libxml_clear_errors();
+		if (parent::load($filename, LIBXML_NOBLANKS) === false) {
+			$aErrors = libxml_get_errors();
+			IssueLog::Error("Error loading $filename", LogAPI::CHANNEL_DEFAULT, $aErrors);
+		}
 	}
 
 	/**
@@ -77,10 +83,12 @@ class DesignDocument extends DOMDocument
 	 *
 	 * @return int
 	 */
-	public function save($filename, $options = 0)
+	// Return type union is not supported by PHP 7.4, we can remove the following PHP attribute and add the return type once iTop min PHP version is PHP 8.0+
+	#[\ReturnTypeWillChange]
+	public function save($filename, $options = null)
 	{
 		$this->documentElement->setAttribute('xmlns:xsi', "http://www.w3.org/2001/XMLSchema-instance");
-		return parent::save($filename, LIBXML_NOBLANKS);
+		return parent::save($filename);
 	}
 
 	/**
@@ -91,13 +99,12 @@ class DesignDocument extends DOMDocument
 	public function Dump($bReturnRes = false)
 	{
 		$sXml = $this->saveXML();
-		if ($bReturnRes)
-		{
+		if ($bReturnRes) {
 			return $sXml;
 		}
 
 		echo "<pre>\n";
-		echo htmlentities($sXml);
+		echo utils::EscapeHtml($sXml);
 		echo "</pre>\n";
 
 		return '';
@@ -175,6 +182,26 @@ class DesignElement extends \DOMElement
 		return $this->ownerDocument->GetNodes($sXPath, $this);
 	}
 
+	public static function ToArray(DesignElement $oNode)
+	{
+		$aRes = [];
+
+		if ($oNode->GetNodes('./*')->length == 0) {
+			return $oNode->GetText('');
+		}
+		foreach ($oNode->GetNodes('./*') as $oSubNode) {
+			/** @var \Combodo\iTop\DesignElement $oSubNode */
+			$aSubArray = DesignElement::ToArray($oSubNode);
+			if ($oSubNode->hasAttribute('id')) {
+				$aRes[$oSubNode->getAttribute('id')] = $aSubArray;
+			} else {
+				$aRes[$oSubNode->tagName] = $aSubArray;
+			}
+		}
+
+		return $aRes;
+	}
+
 	/**
 	 * Create an HTML representation of the DOM, for debugging purposes
 	 *
@@ -190,13 +217,13 @@ class DesignElement extends \DOMElement
 		$oDoc->appendChild($oClone);
 
 		$sXml = $oDoc->saveXML($oClone);
-		if ($bReturnRes)
-		{
+		if ($bReturnRes) {
 			return $sXml;
 		}
 		echo "<pre>\n";
-		echo htmlentities($sXml);
+		echo utils::EscapeHtml($sXml);
 		echo "</pre>\n";
+
 		return '';
 	}
 	/**

core/dict.class.inc.php

@@ -35,6 +35,8 @@ class Dict
 	protected static $m_aLanguages = array(); // array( code => array( 'description' => '...', 'localized_description' => '...') ...)
 	protected static $m_aData = array();
 	protected static $m_sApplicationPrefix = null;
+	/** @var \ApcService $m_oApcService  */
+	protected static $m_oApcService = null;
 
 	/**
 	 * @param $sLanguageCode
@@ -116,15 +118,17 @@ class Dict
 	{
 		// Attempt to find the string in the user language
 		//
-		self::InitLangIfNeeded(self::GetUserLanguage());
+		$sLangCode = self::GetUserLanguage();
+		self::InitLangIfNeeded($sLangCode);
 
-		if (!array_key_exists(self::GetUserLanguage(), self::$m_aData))
+		if (!array_key_exists($sLangCode, self::$m_aData))
 		{
+			IssueLog::Warning("Cannot find $sLangCode in dictionnaries. default labels displayed");
 			// It may happen, when something happens before the dictionaries get loaded
 			return $sStringCode;
 		}
-		$aCurrentDictionary = self::$m_aData[self::GetUserLanguage()];
-		if (array_key_exists($sStringCode, $aCurrentDictionary))
+		$aCurrentDictionary = self::$m_aData[$sLangCode];
+		if (is_array($aCurrentDictionary) && array_key_exists($sStringCode, $aCurrentDictionary))
 		{
 			return $aCurrentDictionary[$sStringCode];
 		}
@@ -135,7 +139,7 @@ class Dict
 			self::InitLangIfNeeded(self::$m_sDefaultLanguage);
 			
 			$aDefaultDictionary = self::$m_aData[self::$m_sDefaultLanguage];
-			if (array_key_exists($sStringCode, $aDefaultDictionary))
+			if (is_array($aDefaultDictionary) && array_key_exists($sStringCode, $aDefaultDictionary))
 			{
 				return $aDefaultDictionary[$sStringCode];
 			}
@@ -144,7 +148,7 @@ class Dict
 			self::InitLangIfNeeded('EN US');
 
 			$aDefaultDictionary = self::$m_aData['EN US'];
-			if (array_key_exists($sStringCode, $aDefaultDictionary))
+			if (is_array($aDefaultDictionary) && array_key_exists($sStringCode, $aDefaultDictionary))
 			{
 				return $aDefaultDictionary[$sStringCode];
 			}
@@ -203,7 +207,26 @@ class Dict
 	{
 		self::$m_aLanguages = $aLanguagesList;
 	}
-	
+
+	/**
+	 * @since 2.7.6 N°4125
+	 * @return \ApcService
+	 */
+	public static function GetApcService() {
+		if (self::$m_oApcService === null){
+			self::$m_oApcService = new ApcService();
+		}
+		return self::$m_oApcService;
+	}
+
+	/**
+	 * @since 2.7.6 N°4125
+	 * @param \ApcService $m_oApcService
+	 */
+	public static function SetApcService($oApcService) {
+		self::$m_oApcService = $oApcService;
+	}
+
 	/**
 	 * Load a language from the language dictionary, if not already loaded
 	 * @param string $sLangCode Language code
@@ -212,20 +235,23 @@ class Dict
 	public static function InitLangIfNeeded($sLangCode)
 	{
 		if (array_key_exists($sLangCode, self::$m_aData)) return true;
-		
+
 		$bResult = false;
-		
-		if (function_exists('apc_fetch') && (self::$m_sApplicationPrefix !== null))
+
+		if (self::GetApcService()->function_exists('apc_fetch')
+			&& (self::$m_sApplicationPrefix !== null))
 		{
 			// Note: For versions of APC older than 3.0.17, fetch() accepts only one parameter
 			//
-			self::$m_aData[$sLangCode] = apc_fetch(self::$m_sApplicationPrefix.'-dict-'.$sLangCode);
-			if (self::$m_aData[$sLangCode] === false)
-			{
+			self::$m_aData[$sLangCode] = self::GetApcService()->apc_fetch(self::$m_sApplicationPrefix.'-dict-'.$sLangCode);
+			if (self::$m_aData[$sLangCode] === false) {
 				unset(self::$m_aData[$sLangCode]);
-			}
-			else
-			{
+			} else if (! is_array(self::$m_aData[$sLangCode])) {
+				// N°4125: we dont fix dictionnary corrupted cache (on iTop side).
+				// but we log an error in a dedicated channel to let itop administrator be aware of a potential APCu issue to fix.
+				IssueLog::Error("APCu corrupted data (with $sLangCode dictionnary). APCu configuration and running version should be troubleshooted...", LogChannels::APC);
+				$bResult = true;
+			} else {
 				$bResult = true;
 			}
 		}
@@ -234,9 +260,10 @@ class Dict
 			$sDictFile = APPROOT.'env-'.utils::GetCurrentEnvironment().'/dictionaries/'.str_replace(' ', '-', strtolower($sLangCode)).'.dict.php';
 			require_once($sDictFile);
 			
-			if (function_exists('apc_store') && (self::$m_sApplicationPrefix !== null))
+			if (self::GetApcService()->function_exists('apc_store')
+				&& (self::$m_sApplicationPrefix !== null))
 			{
-				apc_store(self::$m_sApplicationPrefix.'-dict-'.$sLangCode, self::$m_aData[$sLangCode]);
+				self::GetApcService()->apc_store(self::$m_sApplicationPrefix.'-dict-'.$sLangCode, self::$m_aData[$sLangCode]);
 			}
 			$bResult = true;
 		}
@@ -275,13 +302,12 @@ class Dict
 	 *
 	 * @param $sSourceCode
 	 * @param $sDestCode
+	 * @since 3.0.1 Not clone sSourceCode entry if sDestCode entry already exist
 	 */
 	public static function CloneString($sSourceCode, $sDestCode)
 	{
-		foreach(self::$m_aLanguages as $sLanguageCode => $foo)
-		{
-			if (isset(self::$m_aData[$sLanguageCode][$sSourceCode]))
-			{
+		foreach(self::$m_aLanguages as $sLanguageCode => $foo) {
+			if (isset(self::$m_aData[$sLanguageCode][$sSourceCode]) && !isset(self::$m_aData[$sLanguageCode][$sDestCode] ))	{
 				self::$m_aData[$sLanguageCode][$sDestCode] = self::$m_aData[$sLanguageCode][$sSourceCode];
 			}
 		}

core/email.class.inc.php

@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2021 Combodo SARL
+// Copyright (C) 2010-2022 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -20,42 +20,72 @@
 /**
  * Send an email (abstraction for synchronous/asynchronous modes)
  *
- * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @copyright   Copyright (C) 2010-2022 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
-Swift_Preferences::getInstance()->setCharset('UTF-8');
-
+use Combodo\iTop\Core\Email\EmailFactory;
+use Combodo\iTop\Core\Email\iEMail;
 
 define ('EMAIL_SEND_OK', 0);
 define ('EMAIL_SEND_PENDING', 1);
 define ('EMAIL_SEND_ERROR', 2);
 
-class EMail
+class EMail implements iEMail
 {
+	/**
+	 * @see self::LoadConfig()
+	 * @var Config
+	 * @since 2.7.7 3.0.2 3.1.0 N°3169 N°5102 Move attribute to children classes
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 pull up the attribute back to the Email class as config init is done here
+	 */
+	protected static $m_oConfig = null;
+	protected $oMailer;
+
 	// Serialization formats
 	const ORIGINAL_FORMAT = 1; // Original format, consisting in serializing the whole object, inculding the Swift Mailer's object.
-							   // Did not work with attachements since their binary representation cannot be stored as a valid UTF-8 string
+	// Did not work with attachements since their binary representation cannot be stored as a valid UTF-8 string
 	const FORMAT_V2 = 2; // New format, only the raw data are serialized (base64 encoded if needed)
-	
-	protected static $m_oConfig = null;
-	protected $m_aData; // For storing data to serialize
-
-	public function LoadConfig($sConfigFile = ITOP_DEFAULT_CONFIG_FILE)
-	{
-		if (is_null(self::$m_oConfig))
-		{
-			self::$m_oConfig = new Config($sConfigFile);
-		}
-	}
-
-	protected $m_oMessage;
 
 	public function __construct()
 	{
-		$this->m_aData = array();
-		$this->m_oMessage = Swift_Message::newInstance();
-		$this->SetRecipientFrom(MetaModel::GetConfig()->Get('email_default_sender_address'), MetaModel::GetConfig()->Get('email_default_sender_label'));
+		$this->oMailer = EmailFactory::GetMailer();
+	}
+
+	/**
+	 * Sets {@see m_oConfig} if current attribute is null
+	 *
+	 * @returns \Config the current {@see m_oConfig} value
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 *
+	 * @uses utils::GetConfig()
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3169 N°5102 Move method to children classes
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 Pull up to the parent class, and remove `$sConfigFile` param
+	 */
+	public function LoadConfig()
+	{
+		if (is_null(static::$m_oConfig)) {
+			static::$m_oConfig = utils::GetConfig();
+		}
+
+		return static::$m_oConfig;
+	}
+
+	/**
+	 * @return void
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 Method creation, to factorize same code in children classes
+	 */
+	protected function InitRecipientFrom()
+	{
+		$oConfig = $this->LoadConfig();
+		$this->SetRecipientFrom(
+			$oConfig->Get('email_default_sender_address'),
+			$oConfig->Get('email_default_sender_label')
+		);
 	}
 
 	/**
@@ -66,489 +96,110 @@ class EMail
 	 */
 	public function SerializeV2()
 	{
-		return serialize($this->m_aData);
+		return $this->oMailer->SerializeV2();
 	}
-	
+
 	/**
 	 * Custom de-serialization method
+	 *
 	 * @param string $sSerializedMessage The serialized representation of the message
+	 *
+	 * @return \Email
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \Symfony\Component\CssSelector\Exception\SyntaxErrorException
 	 */
-	static public function UnSerializeV2($sSerializedMessage)
+	public static function UnSerializeV2($sSerializedMessage)
 	{
-		$aData = unserialize($sSerializedMessage);
-		$oMessage = new Email();
-		
-		if (array_key_exists('body', $aData))
-		{
-			$oMessage->SetBody($aData['body']['body'], $aData['body']['mimeType']);
-		}
-		if (array_key_exists('message_id', $aData))
-		{
-			$oMessage->SetMessageId($aData['message_id']);
-		}
-		if (array_key_exists('bcc', $aData))
-		{
-			$oMessage->SetRecipientBCC($aData['bcc']);
-		}
-		if (array_key_exists('cc', $aData))
-		{
-			$oMessage->SetRecipientCC($aData['cc']);
-		}
-		if (array_key_exists('from', $aData))
-		{
-			$oMessage->SetRecipientFrom($aData['from']['address'], $aData['from']['label']);
-		}
-		if (array_key_exists('reply_to', $aData))
-		{
-			$oMessage->SetRecipientReplyTo($aData['reply_to']['address'], $aData['reply_to']['label']);
-		}
-		if (array_key_exists('to', $aData))
-		{
-			$oMessage->SetRecipientTO($aData['to']);
-		}
-		if (array_key_exists('subject', $aData))
-		{
-			$oMessage->SetSubject($aData['subject']);
-		}
-		
-		
-		if (array_key_exists('headers', $aData))
-		{
-			foreach($aData['headers'] as $sKey => $sValue)
-			{
-				$oMessage->AddToHeader($sKey, $sValue);
-			}
-		}
-		if (array_key_exists('parts', $aData))
-		{
-			foreach($aData['parts'] as $aPart)
-			{
-				$oMessage->AddPart($aPart['text'], $aPart['mimeType']);
-			}
-		}
-		if (array_key_exists('attachments', $aData))
-		{
-			foreach($aData['attachments'] as $aAttachment)
-			{
-				$oMessage->AddAttachment(base64_decode($aAttachment['data']), $aAttachment['filename'], $aAttachment['mimeType']);
-			}
-		}
-		return $oMessage;
-	}
-	
-  	protected function SendAsynchronous(&$aIssues, $oLog = null)
-	{
-		try
-		{
-			AsyncSendEmail::AddToQueue($this, $oLog);
-		}
-		catch(Exception $e)
-		{
-			$aIssues = array($e->GetMessage());
-			return EMAIL_SEND_ERROR;
-		}
-		$aIssues = array();
-		return EMAIL_SEND_PENDING;
-	}
-
-	protected function SendSynchronous(&$aIssues, $oLog = null)
-	{
-		// If the body of the message is in HTML, embed all images based on attachments
-		$this->EmbedInlineImages();
-		
-		$this->LoadConfig();
-
-		$sTransport = self::$m_oConfig->Get('email_transport');
-		switch ($sTransport)
-		{
-		case 'SMTP':
-			$sHost = self::$m_oConfig->Get('email_transport_smtp.host');
-			$sPort = self::$m_oConfig->Get('email_transport_smtp.port');
-			$sEncryption = self::$m_oConfig->Get('email_transport_smtp.encryption');
-			$sUserName = self::$m_oConfig->Get('email_transport_smtp.username');
-			$sPassword = self::$m_oConfig->Get('email_transport_smtp.password');
-
-			$oTransport = Swift_SmtpTransport::newInstance($sHost, $sPort, $sEncryption);
-			if (strlen($sUserName) > 0)
-			{
-				$oTransport->setUsername($sUserName);
-				$oTransport->setPassword($sPassword);
-			}
-			break;
-
-		case 'Null':
-			$oTransport = Swift_NullTransport::newInstance();
-			break;
-		
-		case 'LogFile':
-			$oTransport = Swift_LogFileTransport::newInstance();
-			$oTransport->setLogFile(APPROOT.'log/mail.log');
-			break;
-			
-		case 'PHPMail':
-		default:
-			$oTransport = Swift_MailTransport::newInstance();
-		}
-
-		$oMailer = Swift_Mailer::newInstance($oTransport);
-
-		$aFailedRecipients = array();
-		$this->m_oMessage->setMaxLineLength(0);
-		$oKPI = new ExecutionKPI();
-		try
-		{
-			$iSent = $oMailer->send($this->m_oMessage, $aFailedRecipients);
-			if ($iSent === 0)
-			{
-				// Beware: it seems that $aFailedRecipients sometimes contains the recipients that actually received the message !!!
-				IssueLog::Warning('Email sending failed: Some recipients were invalid, aFailedRecipients contains: '.implode(', ', $aFailedRecipients));
-				$aIssues = array('Some recipients were invalid.');
-				$oKPI->ComputeStats('Email Sent', 'Error received');
-				return EMAIL_SEND_ERROR;
-			}
-			else
-			{
-				$aIssues = array();
-				$oKPI->ComputeStats('Email Sent', 'Succeded');
-				return EMAIL_SEND_OK;
-			}
-		}
-		catch (Exception $e)
-		{
-			$oKPI->ComputeStats('Email Sent', 'Error received');
-			throw $e;
-		}
-	}
-	
-	/**
-	 * Reprocess the body of the message (if it is an HTML message)
-	 * to replace the URL of images based on attachments by a link
-	 * to an embedded image (i.e. cid:....)
-	 */
-	protected function EmbedInlineImages()
-	{
-		if ($this->m_aData['body']['mimeType'] == 'text/html')
-		{
-			$oDOMDoc = new DOMDocument();
-			$oDOMDoc->preserveWhitespace = true;
-			@$oDOMDoc->loadHTML('<?xml encoding="UTF-8"?>'.$this->m_aData['body']['body']); // For loading HTML chunks where the character set is not specified
-
-			$oXPath = new DOMXPath($oDOMDoc);
-			$sXPath = '//img[@'.InlineImage::DOM_ATTR_ID.']';
-			$oImagesList = $oXPath->query($sXPath);
-
-			if ($oImagesList->length != 0)
-			{
-				foreach($oImagesList as $oImg)
-				{
-					$iAttId = $oImg->getAttribute(InlineImage::DOM_ATTR_ID);
-					$oAttachment = MetaModel::GetObject('InlineImage', $iAttId, false, true /* Allow All Data */);
-					if ($oAttachment)
-					{
-						$sImageSecret = $oImg->getAttribute('data-img-secret');
-						$sAttachmentSecret = $oAttachment->Get('secret');
-						if ($sImageSecret !== $sAttachmentSecret)
-						{
-							// @see N°1921
-							// If copying from another iTop we could get an IMG pointing to an InlineImage with wrong secret
-							continue;
-						}
-
-						$oDoc = $oAttachment->Get('contents');
-						$oSwiftImage = new Swift_Image($oDoc->GetData(), $oDoc->GetFileName(), $oDoc->GetMimeType());
-						$sCid = $this->m_oMessage->embed($oSwiftImage);
-						$oImg->setAttribute('src', $sCid);
-					}
-				}
-			}
-			$sHtmlBody = $oDOMDoc->saveHTML();
-			$this->m_oMessage->setBody($sHtmlBody, 'text/html', 'UTF-8');
-		}
+		return EmailFactory::GetMailer()::UnSerializeV2($sSerializedMessage);
 	}
 
 	public function Send(&$aIssues, $bForceSynchronous = false, $oLog = null)
 	{
-		//select a default sender if none is provided.
-		if(empty($this->m_aData['from']['address']) && !empty($this->m_aData['to'])){
-			$this->SetRecipientFrom($this->m_aData['to']);
-		}
-
-		if ($bForceSynchronous)
-		{
-			return $this->SendSynchronous($aIssues, $oLog);
-		}
-		else
-		{
-			$bConfigASYNC = MetaModel::GetConfig()->Get('email_asynchronous');
-			if ($bConfigASYNC)
-			{
-				return $this->SendAsynchronous($aIssues, $oLog);
-			}
-			else
-			{
-				return $this->SendSynchronous($aIssues, $oLog);
-			}
-		}
+		return $this->oMailer->Send($aIssues, $bForceSynchronous, $oLog);
 	}
 
 	public function AddToHeader($sKey, $sValue)
 	{
-		if (!array_key_exists('headers', $this->m_aData))
-		{
-			$this->m_aData['headers'] = array();
-		}
-		$this->m_aData['headers'][$sKey] = $sValue;
-		
-		if (strlen($sValue) > 0)
-		{
-			$oHeaders = $this->m_oMessage->getHeaders();
-			switch(strtolower($sKey))
-			{
-				case 'return-path':
-					$this->m_oMessage->setReturnPath($sValue);
-					break;
-
-				default:
-					$oHeaders->addTextHeader($sKey, $sValue);
-			}
-		}
+		$this->oMailer->AddToHeader($sKey, $sValue);
 	}
 
 	public function SetMessageId($sId)
 	{
-		$this->m_aData['message_id'] = $sId;
-		
-		// Note: Swift will add the angle brackets for you
-		// so let's remove the angle brackets if present, for historical reasons
-		$sId = str_replace(array('<', '>'), '', $sId);
-		
-		$oMsgId = $this->m_oMessage->getHeaders()->get('Message-ID');
-		$oMsgId->SetId($sId);
+		$this->oMailer->SetMessageId($sId);
 	}
-	
+
 	public function SetReferences($sReferences)
 	{
-		$this->AddToHeader('References', $sReferences);
+		$this->oMailer->SetReferences($sReferences);
+	}
+
+	/**
+	 * Set the "In-Reply-To" header to allow emails to group as a conversation in modern mail clients (GMail, Outlook 2016+, ...)
+	 *
+	 * @link https://en.wikipedia.org/wiki/Email#Header_fields
+	 *
+	 * @param string $sMessageId
+	 *
+	 * @since 3.0.1 N°4849
+	 */
+	public function SetInReplyTo(string $sMessageId)
+	{
+		$this->AddToHeader('In-Reply-To', $sMessageId);
 	}
 
 	public function SetBody($sBody, $sMimeType = 'text/html', $sCustomStyles = null)
 	{
-		if (($sMimeType === 'text/html') && ($sCustomStyles !== null))
-		{
-			$emogrifier = new \Pelago\Emogrifier($sBody, $sCustomStyles);
-			$sBody = $emogrifier->emogrify(); // Adds html/body tags if not already present
+		$this->oMailer->SetBody($sBody, $sMimeType, $sCustomStyles);
 		}
-		$this->m_aData['body'] = array('body' => $sBody, 'mimeType' => $sMimeType);
-		$this->m_oMessage->setBody($sBody, $sMimeType);
-	}
 
 	public function AddPart($sText, $sMimeType = 'text/html')
 	{
-		if (!array_key_exists('parts', $this->m_aData))
-		{
-			$this->m_aData['parts'] = array();
-		}
-		$this->m_aData['parts'][] = array('text' => $sText, 'mimeType' => $sMimeType);
-		$this->m_oMessage->addPart($sText, $sMimeType);
+		$this->oMailer->AddPart($sText, $sMimeType);
 	}
 
 	public function AddAttachment($data, $sFileName, $sMimeType)
 	{
-		if (!array_key_exists('attachments', $this->m_aData))
-		{
-			$this->m_aData['attachments'] = array();
-		}
-		$this->m_aData['attachments'][] = array('data' => base64_encode($data), 'filename' => $sFileName, 'mimeType' => $sMimeType);
-		$this->m_oMessage->attach(Swift_Attachment::newInstance($data, $sFileName, $sMimeType));
+		$this->oMailer->AddAttachment($data, $sFileName, $sMimeType);
 	}
 
 	public function SetSubject($sSubject)
 	{
-		$this->m_aData['subject'] = $sSubject;
-		$this->m_oMessage->setSubject($sSubject);
+		$this->oMailer->SetSubject($sSubject);
 	}
 
 	public function GetSubject()
 	{
-		return $this->m_oMessage->getSubject();
+		return $this->oMailer->GetSubject();
 	}
 
-	/**
-	 * Helper to transform and sanitize addresses
-	 * - get rid of empty addresses	 
-	 */	 	
-	protected function AddressStringToArray($sAddressCSVList)
-	{
-		$aAddresses = array();
-		foreach(explode(',', $sAddressCSVList) as $sAddress)
-		{
-			$sAddress = trim($sAddress);
-			if (strlen($sAddress) > 0)
-			{
-				$aAddresses[] = $sAddress;
-			}
-		}
-		return $aAddresses;
-	}
-	
 	public function SetRecipientTO($sAddress)
 	{
-		$this->m_aData['to'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setTo($aAddresses);
-		}
+		$this->oMailer->SetRecipientTO($sAddress);
 	}
 
 	public function GetRecipientTO($bAsString = false)
 	{
-		$aRes = $this->m_oMessage->getTo();
-		if ($aRes === null)
-		{
-			// There is no "To" header field
-			$aRes = array();
-		}
-		if ($bAsString)
-		{
-			$aStrings = array();
-			foreach ($aRes as $sEmail => $sName)
-			{
-				if (is_null($sName))
-				{
-					$aStrings[] = $sEmail;
-				}
-				else
-				{
-					$sName = str_replace(array('<', '>'), '', $sName);
-					$aStrings[] = "$sName <$sEmail>";
-				}
-			}
-			return implode(', ', $aStrings);
-		}
-		else
-		{
-			return $aRes;
-		}
+		return $this->oMailer->GetRecipientTO($bAsString);
 	}
 
 	public function SetRecipientCC($sAddress)
 	{
-		$this->m_aData['cc'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setCc($aAddresses);
-		}
+		$this->oMailer->SetRecipientCC($sAddress);
 	}
 
 	public function SetRecipientBCC($sAddress)
 	{
-		$this->m_aData['bcc'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setBcc($aAddresses);
-		}
+		$this->oMailer->SetRecipientBCC($sAddress);
 	}
 
 	public function SetRecipientFrom($sAddress, $sLabel = '')
 	{
-		$this->m_aData['from'] = array('address' => $sAddress, 'label' => $sLabel);
-		if ($sLabel != '')
-		{
-			$this->m_oMessage->setFrom(array($sAddress => $sLabel));		
-		}
-		else if (!empty($sAddress))
-		{
-			$this->m_oMessage->setFrom($sAddress);
-		}
+		$this->oMailer->SetRecipientFrom($sAddress, $sLabel);
 	}
 
 	public function SetRecipientReplyTo($sAddress, $sLabel = '')
 	{
-		$this->m_aData['reply_to'] = array('address' => $sAddress, 'label' => $sLabel);
-		if ($sLabel != '')
-		{
-			$this->m_oMessage->setReplyTo(array($sAddress => $sLabel));
-		}
-		else if (!empty($sAddress))
-		{
-			$this->m_oMessage->setReplyTo($sAddress);
-		}
-	}
-
-}
-
-/////////////////////////////////////////////////////////////////////////////////////
-
-/**
- * Extension to SwiftMailer: "debug" transport that pretends messages have been sent,
- * but just log them to a file.
- *
- * @package Swift
- * @author  Denis Flaven
- */
-class Swift_Transport_LogFileTransport extends Swift_Transport_NullTransport
-{
-	protected $sLogFile;
-	
-	/**
-	 * Sends the given message.
-	 *
-	 * @param Swift_Mime_Message $message
-	 * @param string[]           $failedRecipients An array of failures by-reference
-	 *
-	 * @return int     The number of sent emails
-	 */
-	public function send(Swift_Mime_Message $message, &$failedRecipients = null)
-	{
-		$hFile = @fopen($this->sLogFile, 'a');
-		if ($hFile)
-		{
-			$sTxt = "================== ".date('Y-m-d H:i:s')." ==================\n";
-			$sTxt .= $message->toString()."\n";
-		
-			@fwrite($hFile, $sTxt);
-			@fclose($hFile);
-		}
-		
-		return parent::send($message, $failedRecipients);
-	}
-	
-	public function setLogFile($sFilename)
-	{
-		$this->sLogFile = $sFilename;
-	}
-}
-
-/**
- * Pretends messages have been sent, but just log them to a file.
- *
- * @package Swift
- * @author  Denis Flaven
- */
-class Swift_LogFileTransport extends Swift_Transport_LogFileTransport
-{
-	/**
-	 * Create a new LogFileTransport.
-	 */
-	public function __construct()
-	{
-		call_user_func_array(
-		array($this, 'Swift_Transport_LogFileTransport::__construct'),
-		Swift_DependencyContainer::getInstance()
-		->createDependenciesFor('transport.null')
-		);
-	}
-
-	/**
-	 * Create a new LogFileTransport instance.
-	 *
-	 * @return Swift_LogFileTransport
-	 */
-	public static function newInstance()
-	{
-		return new self();
+		$this->oMailer->SetRecipientReplyTo($sAddress);
 	}
 }

core/event.class.inc.php

@@ -222,6 +222,10 @@ class EventIssue extends Event
 		//
 		$this->Set('page', @$GLOBALS['_SERVER']['SCRIPT_NAME']);
 
+		if (strlen($this->Get('userinfo')) == 0) {
+			$this->Set('userinfo', UserRights::GetUserId());
+		}
+
 		if (array_key_exists('_GET', $GLOBALS) && is_array($GLOBALS['_GET']))
 		{
 			$this->Set('arguments_get', $GLOBALS['_GET']);

core/excelbulkexport.class.inc.php

@@ -100,8 +100,8 @@ class ExcelBulkExport extends TabularBulkExport
 
 				$sDateTimeFormat = utils::ReadParam('date_format', (string)AttributeDateTime::GetFormat(), true, 'raw_data');
 
-				$sDefaultFormat = htmlentities((string)AttributeDateTime::GetFormat(), ENT_QUOTES, 'UTF-8');
-				$sExample = htmlentities(date((string)AttributeDateTime::GetFormat()), ENT_QUOTES, 'UTF-8');
+				$sDefaultFormat = utils::EscapeHtml((string)AttributeDateTime::GetFormat());
+				$sExample = utils::EscapeHtml(date((string)AttributeDateTime::GetFormat()));
 				$oRadioDefault = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatDefault_Example', $sDefaultFormat, $sExample), "excel_date_format_radio", "default", "excel_date_time_format_default", "radio");
 				$oRadioDefault->GetInput()->SetIsChecked(($sDateTimeFormat == (string)AttributeDateTime::GetFormat()));
 				$oRadioDefault->SetBeforeInput(false);
@@ -109,18 +109,17 @@ class ExcelBulkExport extends TabularBulkExport
 				$oFieldSetDate->AddSubBlock($oRadioDefault);
 				$oFieldSetDate->AddSubBlock(new Html('</br>'));
 
-				$sFormatInput = '<input type="text" size="15" name="date_format" id="excel_custom_date_time_format" title="" value="'.htmlentities($sDateTimeFormat, ENT_QUOTES, 'UTF-8').'"/>';
+				$sFormatInput = '<input type="text" size="15" name="date_format" id="excel_custom_date_time_format" title="" value="'.utils::EscapeHtml($sDateTimeFormat).'"/>';
 				$oRadioCustom = InputUIBlockFactory::MakeForInputWithLabel(Dict::Format('Core:BulkExport:DateTimeFormatCustom_Format', $sFormatInput), "excel_date_format_radio", "custom", "excel_date_time_format_custom", "radio");
+				$oRadioCustom->SetDescription(Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip'));
 				$oRadioCustom->GetInput()->SetIsChecked($sDateTimeFormat !== (string)AttributeDateTime::GetFormat());
 				$oRadioCustom->SetBeforeInput(false);
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 
 
-				$sJSTooltip = json_encode('<div class="date_format_tooltip">'.Dict::S('UI:CSVImport:CustomDateTimeFormatTooltip').'</div>');
 				$oP->add_ready_script(
 					<<<EOF
-$('#excel_custom_date_time_format').tooltip({content: function() { return $sJSTooltip; } });
 $('#form_part_xlsx_options').on('preview_updated', function() { FormatDatesInPreview('excel', 'xlsx'); });
 $('#excel_date_time_format_default').on('click', function() { FormatDatesInPreview('excel', 'xlsx'); });
 $('#excel_date_time_format_custom').on('click', function() { FormatDatesInPreview('excel', 'xlsx'); });
@@ -157,16 +156,17 @@ EOF
 
 	protected function GetSampleData($oObj, $sAttCode)
 	{
-		if ($sAttCode != 'id')
-		{
+		if ($sAttCode != 'id') {
 			$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
-		return '<div class="text-preview">'.htmlentities($this->GetValue($oObj, $sAttCode), ENT_QUOTES, 'UTF-8').'</div>';
+
+		return '<div class="text-preview">'.utils::EscapeHtml($this->GetValue($oObj, $sAttCode)).'</div>';
 	}
 
 	protected function GetValue($oObj, $sAttCode)

core/expression.class.inc.php

@@ -1,4 +1,8 @@
 <?php
 // The file has been moved in iTop 2.2.0+ (revision 3803)
 // Preserve backward compatibility with some external tools (Cf. toolkit)
+
+// @deprecated 3.1.0
+DeprecatedCallsLog::NotifyDeprecatedPhpMethod('use core/oql/expression.class.inc.php instead');
+
 require_once(APPROOT.'core/oql/expression.class.inc.php');

core/filterdef.class.inc.php

@@ -31,8 +31,9 @@ require_once('MyHelpers.class.inc.php');
 
 
 /**
- * Definition of a filter (could be made out of an existing attribute, or from an expression) 
+ * Definition of a filter (could be made out of an existing attribute, or from an expression)
  *
+ * @deprecated  3.1.0 not used N°4690 - Deprecate "FilterCodes"
  * @package     iTopORM
  */
 abstract class FilterDefinition
@@ -46,6 +47,7 @@ abstract class FilterDefinition
 	
 	public function __construct($sCode, $aParams = array())
 	{
+		DeprecatedCallsLog::NotifyDeprecatedPhpMethod("Deprecated class ".$this->GetClass().". Do not use. Will be removed in next version.");
 		$this->m_sCode = $sCode;
 		$this->m_aParams = $aParams;
 		$this->ConsistencyCheck();
@@ -98,8 +100,9 @@ abstract class FilterDefinition
 }
 
 /**
- * Match against the object unique identifier 
+ * Match against the object unique identifier
  *
+ * @deprecated 3.1.0 N°4690 - Deprecate "FilterCodes"
  * @package     iTopORM
  */
 class FilterPrivateKey extends FilterDefinition
@@ -145,8 +148,9 @@ class FilterPrivateKey extends FilterDefinition
 }
 
 /**
- * Match against an existing attribute (the attribute type will determine the available operators) 
+ * Match against an existing attribute (the attribute type will determine the available operators)
  *
+ * @deprecated 3.1.0 N°4690 - Deprecate "FilterCodes"
  * @package     iTopORM
  */
 class FilterFromAttribute extends FilterDefinition

core/htmlbulkexport.class.inc.php

@@ -62,7 +62,8 @@ class HTMLBulkExport extends TabularBulkExport
 			if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 			{
 				$sClass = (get_class($oAttDef) == 'AttributeDateTime') ? 'user-formatted-date-time' : 'user-formatted-date';
-				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.htmlentities($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj), ENT_QUOTES, 'UTF-8').'</div>';
+
+				return '<div class="'.$sClass.'" data-date="'.$oObj->Get($sAttCode).'">'.utils::EscapeHtml($oAttDef->GetEditValue($oObj->Get($sAttCode), $oObj)).'</div>';
 			}
 		}
 		return $this->GetValue($oObj, $sAttCode);

core/htmlsanitizer.class.inc.php

@@ -97,64 +97,175 @@ class HTMLNullSanitizer extends HTMLSanitizer
 	{
 		return $sHTML;
 	}
-
 }
 
+
+
 /**
- * A standard-compliant HTMLSanitizer based on the HTMLPurifier library by Edward Z. Yang
- * Complete but quite slow
- * http://htmlpurifier.org
+ * Common implementation for sanitizer using DOM parsing
  */
-/*
-class HTMLPurifierSanitizer extends HTMLSanitizer
+abstract class DOMSanitizer extends HTMLSanitizer
 {
-	protected static $oPurifier = null;
+	/** @var DOMDocument */
+	protected $oDoc;
+	/**
+	 * @var string Class to use for InlineImage static method calls
+	 * @used-by \Combodo\iTop\Test\UnitTest\Core\Sanitizer\HTMLDOMSanitizerTest::testDoSanitizeCallInlineImageProcessImageTag
+	 */
+	protected $sInlineImageClassName;
 
-	public function __construct()
+	public function __construct($sInlineImageClassName = InlineImage::class)
 	{
-		if (self::$oPurifier == null)
-		{
-			$sLibPath = APPROOT.'lib/htmlpurifier/HTMLPurifier.auto.php';
-			if (!file_exists($sLibPath))
-			{
-				throw new Exception("Missing library '$sLibPath', cannot use HTMLPurifierSanitizer.");
-			}
-			require_once($sLibPath);
+		parent::__construct();
 
-			$oPurifierConfig = HTMLPurifier_Config::createDefault();
-			$oPurifierConfig->set('Core.Encoding', 'UTF-8'); // defaults to 'UTF-8'
-			$oPurifierConfig->set('HTML.Doctype', 'XHTML 1.0 Strict'); // defaults to 'XHTML 1.0 Transitional'
-			$oPurifierConfig->set('URI.AllowedSchemes', array (
-				'http' => true,
-				'https' => true,
-				'data' => true, // This one is not present by default
-			));
-			$sPurifierCache = APPROOT.'data/HTMLPurifier';
-			if (!is_dir($sPurifierCache))
-			{
-				mkdir($sPurifierCache);
-			}
-			if (!is_dir($sPurifierCache))
-			{
-				throw new Exception("Could not create the cache directory '$sPurifierCache'");
-			}
-			$oPurifierConfig->set('Cache.SerializerPath', $sPurifierCache); // no trailing slash
-			self::$oPurifier = new HTMLPurifier($oPurifierConfig);
-		}
+		$this->sInlineImageClassName = $sInlineImageClassName;
 	}
 
+	abstract public function GetTagsWhiteList();
+
+	abstract public function GetTagsBlackList();
+
+	abstract public function GetAttrsWhiteList();
+
+	abstract public function GetAttrsBlackList();
+
+	abstract public function GetStylesWhiteList();
+
 	public function DoSanitize($sHTML)
 	{
-		$sCleanHtml = self::$oPurifier->purify($sHTML);
+		$this->oDoc = new DOMDocument();
+		$this->oDoc->preserveWhitespace = true;
+
+		// MS outlook implements empty lines by the mean of <p><o:p></o:p></p>
+		// We have to transform that into <p><br></p> (which is how Thunderbird implements empty lines)
+		// Unfortunately, DOMDocument::loadHTML does not take the tag namespaces into account (once loaded there is no way to know if the tag did have a namespace)
+		// therefore we have to do the transformation upfront
+		$sHTML = preg_replace('@<o:p>(\s|&nbsp;)*</o:p>@', '<br>', $sHTML);
+
+		$this->LoadDoc($sHTML);
+
+		$this->CleanNode($this->oDoc);
+
+		$sCleanHtml = $this->PrintDoc();
+
 		return $sCleanHtml;
 	}
+
+	abstract public function LoadDoc($sHTML);
+
+	/**
+	 * @return string cleaned source
+	 * @uses \DOMSanitizer::oDoc
+	 */
+	abstract public function PrintDoc();
+
+	protected function CleanNode(DOMNode $oElement)
+	{
+		$aAttrToRemove = array();
+		// Gather the attributes to remove
+		if ($oElement->hasAttributes()) {
+			foreach ($oElement->attributes as $oAttr) {
+				$sAttr = strtolower($oAttr->name);
+				if ((false === empty($this->GetAttrsBlackList()))
+					&& (in_array($sAttr, $this->GetAttrsBlackList(), true))) {
+					$aAttrToRemove[] = $oAttr->name;
+				} else if ((false === empty($this->GetTagsWhiteList()))
+					&& (false === in_array($sAttr, $this->GetTagsWhiteList()[strtolower($oElement->tagName)]))) {
+					$aAttrToRemove[] = $oAttr->name;
+				} else if (!$this->IsValidAttributeContent($sAttr, $oAttr->value)) {
+					// Invalid content
+					$aAttrToRemove[] = $oAttr->name;
+				} else if ($sAttr == 'style') {
+					// Special processing for style tags
+					$sCleanStyle = $this->CleanStyle($oAttr->value);
+					if ($sCleanStyle == '') {
+						// Invalid content
+						$aAttrToRemove[] = $oAttr->name;
+					} else {
+						$oElement->setAttribute($oAttr->name, $sCleanStyle);
+					}
+				}
+			}
+			// Now remove them
+			foreach($aAttrToRemove as $sName)
+			{
+				$oElement->removeAttribute($sName);
+			}
+		}
+
+		if ($oElement->hasChildNodes())
+		{
+			$aChildElementsToRemove = array();
+			// Gather the child noes to remove
+			foreach($oElement->childNodes as $oNode) {
+				if ($oNode instanceof DOMElement) {
+					$sNodeTagName = strtolower($oNode->tagName);
+				}
+				if (($oNode instanceof DOMElement)
+					&& (false === empty($this->GetTagsBlackList()))
+					&& (in_array($sNodeTagName, $this->GetTagsBlackList(), true))) {
+					$aChildElementsToRemove[] = $oNode;
+				} else if (($oNode instanceof DOMElement)
+					&& (false === empty($this->GetTagsWhiteList()))
+					&& (false === array_key_exists($sNodeTagName, $this->GetTagsWhiteList()))) {
+					$aChildElementsToRemove[] = $oNode;
+				} else if ($oNode instanceof DOMComment) {
+					$aChildElementsToRemove[] = $oNode;
+				} else {
+					// Recurse
+					$this->CleanNode($oNode);
+					if (($oNode instanceof DOMElement) && (strtolower($oNode->tagName) == 'img')) {
+						$this->sInlineImageClassName::ProcessImageTag($oNode);
+					}
+				}
+			}
+			// Now remove them
+			foreach($aChildElementsToRemove as $oDomElement)
+			{
+				$oElement->removeChild($oDomElement);
+			}
+		}
+	}
+
+	protected function IsValidAttributeContent($sAttributeName, $sValue)
+	{
+		if ((false === empty($this->GetAttrsBlackList()))
+			&& (in_array($sAttributeName, $this->GetAttrsBlackList(), true))) {
+			return true;
+		}
+
+		if (array_key_exists($sAttributeName, $this->GetAttrsWhiteList())) {
+			return preg_match($this->GetAttrsWhiteList()[$sAttributeName], $sValue);
+		}
+
+		return true;
+	}
+
+	protected function CleanStyle($sStyle)
+	{
+		if (empty($this->GetStylesWhiteList())) {
+			return $sStyle;
+		}
+
+		$aAllowedStyles = array();
+		$aItems = explode(';', $sStyle);
+		{
+			foreach ($aItems as $sItem) {
+				$aElements = explode(':', trim($sItem));
+				if (in_array(trim(strtolower($aElements[0])), $this->GetStylesWhiteList())) {
+					$aAllowedStyles[] = trim($sItem);
+				}
+			}
+		}
+
+		return implode(';', $aAllowedStyles);
+	}
 }
-*/
 
-class HTMLDOMSanitizer extends HTMLSanitizer
+
+
+class HTMLDOMSanitizer extends DOMSanitizer
 {
-	protected $oDoc;
-
 	/**
 	 * @var array
 	 * @see https://www.itophub.io/wiki/page?id=2_6_0%3Aadmin%3Arich_text_limitations
@@ -239,164 +350,201 @@ class HTMLDOMSanitizer extends HTMLSanitizer
 		'white-space',
 	);
 
-	public function __construct()
+	public function __construct($sInlineImageClassName = InlineImage::class)
 	{
-		parent::__construct();
+		parent::__construct($sInlineImageClassName);
 
 		// Building href validation pattern from url and email validation patterns as the patterns are not used the same way in HTML content than in standard attributes value.
 		// eg. "foo@bar.com" vs "mailto:foo@bar.com?subject=Title&body=Hello%20world"
-		if (!array_key_exists('href', self::$aAttrsWhiteList))
-		{
+		if (!array_key_exists('href', self::$aAttrsWhiteList)) {
 			// Regular urls
 			$sUrlPattern = utils::GetConfig()->Get('url_validation_pattern');
 
 			// Mailto urls
-			$sMailtoPattern = '(mailto:(' . utils::GetConfig()->Get('email_validation_pattern') . ')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';
+			$sMailtoPattern = '(mailto:('.utils::GetConfig()->Get('email_validation_pattern').')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';
 
 			// Notification placeholders
 			// eg. $this->caller_id$, $this->hyperlink()$, $this->hyperlink(portal)$, $APP_URL$, $MODULES_URL$, ...
 			// Note: Authorize both $xxx$ and %24xxx%24 as the latter one is encoded when used in HTML attributes (eg. a[href])
 			$sPlaceholderPattern = '(\$|%24)[\w-]*(->[\w]*(\([\w-]*?\))?)?(\$|%24)';
 
-			$sPattern = $sUrlPattern . '|' . $sMailtoPattern . '|' . $sPlaceholderPattern;
+			$sPattern = $sUrlPattern.'|'.$sMailtoPattern.'|'.$sPlaceholderPattern;
 			$sPattern = '/'.str_replace('/', '\/', $sPattern).'/i';
 			self::$aAttrsWhiteList['href'] = $sPattern;
 		}
 	}
 
-	public function DoSanitize($sHTML)
+	public function GetTagsWhiteList()
 	{
-		$this->oDoc = new DOMDocument();
-		$this->oDoc->preserveWhitespace = true;
+		return static::$aTagsWhiteList;
+	}
 
-		// MS outlook implements empty lines by the mean of <p><o:p></o:p></p>
-		// We have to transform that into <p><br></p> (which is how Thunderbird implements empty lines)
-		// Unfortunately, DOMDocument::loadHTML does not take the tag namespaces into account (once loaded there is no way to know if the tag did have a namespace)
-		// therefore we have to do the transformation upfront
-		$sHTML = preg_replace('@<o:p>(\s|&nbsp;)*</o:p>@', '<br>', $sHTML);
-		// Replace badly encoded non breaking space
-		$sHTML = preg_replace('~\xc2\xa0~', ' ', $sHTML);
+	public function GetTagsBlackList()
+	{
+		return [];
+	}
 
+	public function GetAttrsWhiteList()
+	{
+		return static::$aAttrsWhiteList;
+	}
+
+	public function GetAttrsBlackList()
+	{
+		return [];
+	}
+
+	public function GetStylesWhiteList()
+	{
+		return static::$aStylesWhiteList;
+	}
+
+	public function LoadDoc($sHTML)
+	{
 		@$this->oDoc->loadHTML('<?xml encoding="UTF-8"?>'.$sHTML); // For loading HTML chunks where the character set is not specified
+		$this->oDoc->preserveWhitespace = true;
+	}
 
-		$this->CleanNode($this->oDoc);
-
+	public function PrintDoc()
+	{
 		$oXPath = new DOMXPath($this->oDoc);
 		$sXPath = "//body";
 		$oNodesList = $oXPath->query($sXPath);
 
-		if ($oNodesList->length == 0)
-		{
+		if ($oNodesList->length == 0) {
 			// No body, save the whole document
 			$sCleanHtml = $this->oDoc->saveHTML();
-		}
-		else
-		{
+		} else {
 			// Export only the content of the body tag
 			$sCleanHtml = $this->oDoc->saveHTML($oNodesList->item(0));
 			// remove the body tag itself
-			$sCleanHtml = str_replace( array('<body>', '</body>'), '', $sCleanHtml);
+			$sCleanHtml = str_replace(array('<body>', '</body>'), '', $sCleanHtml);
 		}
 
 		return $sCleanHtml;
 	}
+}
 
-	protected function CleanNode(DOMNode $oElement)
+
+
+/**
+ * @since 2.6.5 2.7.6 3.0.0 N°4360
+ */
+class SVGDOMSanitizer extends DOMSanitizer
+{
+	public function GetTagsWhiteList()
 	{
-		$aAttrToRemove = array();
-		// Gather the attributes to remove
-		if ($oElement->hasAttributes())
-		{
-			foreach($oElement->attributes as $oAttr)
-			{
-				$sAttr = strtolower($oAttr->name);
-				if (!in_array($sAttr, self::$aTagsWhiteList[strtolower($oElement->tagName)]))
-				{
-					// Forbidden (or unknown) attribute
-					$aAttrToRemove[] = $oAttr->name;
-				}
-				else if (!$this->IsValidAttributeContent($sAttr, $oAttr->value))
-				{
-					// Invalid content
-					$aAttrToRemove[] = $oAttr->name;
-				}
-				else if ($sAttr == 'style')
-				{
-					// Special processing for style tags
-					$sCleanStyle = $this->CleanStyle($oAttr->value);
-					if ($sCleanStyle == '')
-					{
-						// Invalid content
-						$aAttrToRemove[] = $oAttr->name;
-					}
-					else
-					{
-						$oElement->setAttribute($oAttr->name, $sCleanStyle);
-					}
-				}
-			}
-			// Now remove them
-			foreach($aAttrToRemove as $sName)
-			{
-				$oElement->removeAttribute($sName);
-			}
-		}
-
-		if ($oElement->hasChildNodes())
-		{
-			$aChildElementsToRemove = array();
-			// Gather the child noes to remove
-			foreach($oElement->childNodes as $oNode)
-			{
-				if (($oNode instanceof DOMElement) && (!array_key_exists(strtolower($oNode->tagName), self::$aTagsWhiteList)))
-				{
-					$aChildElementsToRemove[] = $oNode;
-				}
-				else if ($oNode instanceof DOMComment)
-				{
-					$aChildElementsToRemove[] = $oNode;
-				}
-				else
-				{
-					// Recurse
-					$this->CleanNode($oNode);
-					if (($oNode instanceof DOMElement) && (strtolower($oNode->tagName) == 'img'))
-					{
-						InlineImage::ProcessImageTag($oNode);
-					}
-				}
-			}
-			// Now remove them
-			foreach($aChildElementsToRemove as $oDomElement)
-			{
-				$oElement->removeChild($oDomElement);
-			}
-		}
+		return [];
 	}
 
-	protected function CleanStyle($sStyle)
+	/**
+	 * @return string[]
+	 * @link https://developer.mozilla.org/en-US/docs/Web/SVG/Element/script
+	 */
+	public function GetTagsBlackList()
 	{
-		$aAllowedStyles = array();
-		$aItems = explode(';', $sStyle);
-		{
-			foreach($aItems as $sItem)
-			{
-				$aElements = explode(':', trim($sItem));
-				if (in_array(trim(strtolower($aElements[0])), static::$aStylesWhiteList))
-				{
-					$aAllowedStyles[] = trim($sItem);
-				}
-			}
-		}
-		return implode(';', $aAllowedStyles);
+		return [
+			'script',
+		];
 	}
 
-	protected function IsValidAttributeContent($sAttributeName, $sValue)
+	public function GetAttrsWhiteList()
 	{
-		if (array_key_exists($sAttributeName, self::$aAttrsWhiteList))
-		{
-			return preg_match(self::$aAttrsWhiteList[$sAttributeName], $sValue);
-		}
-		return true;
+		return [];
+	}
+
+	/**
+	 * @return string[]
+	 * @link https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/Events#document_event_attributes
+	 */
+	public function GetAttrsBlackList()
+	{
+		return [
+			'onbegin',
+			'onbegin',
+			'onrepeat',
+			'onabort',
+			'onerror',
+			'onerror',
+			'onscroll',
+			'onunload',
+			'oncopy',
+			'oncut',
+			'onpaste',
+			'oncancel',
+			'oncanplay',
+			'oncanplaythrough',
+			'onchange',
+			'onclick',
+			'onclose',
+			'oncuechange',
+			'ondblclick',
+			'ondrag',
+			'ondragend',
+			'ondragenter',
+			'ondragleave',
+			'ondragover',
+			'ondragstart',
+			'ondrop',
+			'ondurationchange',
+			'onemptied',
+			'onended',
+			'onerror',
+			'onfocus',
+			'oninput',
+			'oninvalid',
+			'onkeydown',
+			'onkeypress',
+			'onkeyup',
+			'onload',
+			'onloadeddata',
+			'onloadedmetadata',
+			'onloadstart',
+			'onmousedown',
+			'onmouseenter',
+			'onmouseleave',
+			'onmousemove',
+			'onmouseout',
+			'onmouseover',
+			'onmouseup',
+			'onmousewheel',
+			'onpause',
+			'onplay',
+			'onplaying',
+			'onprogress',
+			'onratechange',
+			'onreset',
+			'onresize',
+			'onscroll',
+			'onseeked',
+			'onseeking',
+			'onselect',
+			'onshow',
+			'onstalled',
+			'onsubmit',
+			'onsuspend',
+			'ontimeupdate',
+			'ontoggle',
+			'onvolumechange',
+			'onwaiting',
+			'onactivate',
+			'onfocusin',
+			'onfocusout',
+		];
+	}
+
+	public function GetStylesWhiteList()
+	{
+		return [];
+	}
+
+	public function LoadDoc($sHTML)
+	{
+		@$this->oDoc->loadXml($sHTML, LIBXML_NOBLANKS);
+	}
+
+	public function PrintDoc()
+	{
+		return $this->oDoc->saveXML();
 	}
 }