🔖 Prepare 2.7.11 version

* N°7306 - Use iTop configuration settings to run unattended installation (instead of XML file settings)

* 7306 - fix infinite loop with db_tls.ca null

* 7306 - complete fields to use from itop configuration instead of XML setup

* fix using default language from conf

* 6365 - temp work

* 6365 - add option to select modules from installation.xml

* 6365-select modules option in unattended install

* 6365 - pass env to service + debug failed test

* 6365 - debug ci again + separate process annotation

* 6365 - fix test + cleanup

* 6365 - ci using use_installation_xml mode

* 6365 - ci using use_installation_xml mode

* 6365 - pass selected_modules to unattended

* N°6365 - Compute selected modules based on selected extensions coming from XML setup

* switch constr parameters and fix call from unattended cli

* 6365 - use use_installation_xml for unattended install only when no selected modules already provided

* test ci XML setup including selected extensions but no modules

* test ci installing iTop without selected modules/extenesions: guess via installation.xml

* same but without even providing XML setup - comment it in ci_description.ini

* 7306 - cleanup requires

* use infra master

* N°6365 - make current unattended CLI work with any iTop version (CLIPage compatibility)

* N°6365 - log which modules will be installed during setup

* N°6365 - unattended documentation + bash helper

* 6365- fix warning due to copies index access

* 6365 - enhance traces feedback to understant which and how modules are computes

* 6365 - enhance bash CLI + doc

* 6365 - fix require clipage compatibility

* 6365 - add return for better cli ouput

* 6365 - enhance ouput messages

* Document the usage and harmonize argument names (still not perfect)

* 6365 - fix use of new param param-file

* 6365 - fix test + vardump cleanup

* N°6365 - use underscore for unattended install options as advices in the PR

* 6365 -enhance test by using PHP_BINARY

---------

Co-authored-by: Romain Quetiez <romain.quetiez@combodo.com>

.github/pull_request_template.md

@@ -0,0 +1,83 @@
+<!--
+
+IMPORTANT: Please follow the guidelines within this PR template before submitting it, it will greatly help us process your PR. 🙏
+
+Any PRs not following the guidelines or with missing information will not be considered.
+
+-->
+
+## Base information
+| Question                                                      | Answer 
+|---------------------------------------------------------------|--------
+| Related to a SourceForge thead / Another PR / Combodo ticket? | <!-- Put the URL -->
+| Type of change?                                               | Bug fix / Enhancement / Translations
+
+
+## Symptom (bug) / Objective (enhancement)
+<!--
+If it's a bug
+  - Explain the symptom in details
+  - If possible put error messages, logs or screenshots (you can paste image directly in this editor).
+
+If it's an enhancement
+  - Describe what is blocking you, what is the objective with as much details as possible.
+  - Add screenshots if it's related to UI.
+-->
+
+
+## Reproduction procedure (bug)
+<!--
+Remove this section only if it's NOT a bug.
+
+Otherwise, explain step by step how to reproduce the issue on a standard iTop Community.
+
+If it requires a custom datamodel, provide the minimal XML delta to reproduce it on a standard iTop Community.
+-->
+
+1. On iTop x.y.z <!-- Put complete iTop version (eg. 3.1.0-2) -->
+2. With PHP x.y.z <!-- Put complete PHP version (eg. 8.1.24) -->
+2. First go there
+2. Then do that
+3. ...
+4. Finally, see that...
+
+
+## Cause (bug)
+<!--
+Remove this section only if it's NOT a bug.
+
+Otherwise, explain what is the cause of the issue (where in the code and why)
+-->
+
+
+## Proposed solution (bug and enhancement)
+<!--
+Explain in details how you are proposing to solve this:
+  - What did you do in the code and why
+  - If you changed something in the UI, put before / after screenshots (you can paste image directly in this editor)
+-->
+
+
+## Checklist before requesting a review
+<!--
+Don't remove these lines, check them once done.
+-->
+- [ ] I have performed a self-review of my code
+- [ ] I have tested all changes I made on an iTop instance
+- [ ] I have added a unit test, otherwise I have explained why I couldn't
+- [ ] Is the PR clear and detailed enough so anyone can understand digging in the code?
+
+## Checklist of things to do before PR is ready to merge
+<!--
+Things that needs to be done in the PR before it can be considered as ready to be merged
+
+Examples:
+- Changes requested in the review
+- Unit test to add
+- Dictionary entries to translate
+- ...
+-->
+
+- [ ] ...
+- [ ] ...
+- [ ] ...

.github/workflows/action.yml

@@ -0,0 +1,16 @@
+name: Add PRs to Combodo PRs Dashboard
+
+on:
+  pull_request_target:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add PR to Combodo Project
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: https://github.com/orgs/Combodo/projects/5
+          github-token: ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}

.make/build/commands/setupCssCompiler.php

@@ -27,7 +27,7 @@ $iTopFolder = __DIR__."/../../../";
 require_once("$iTopFolder/approot.inc.php");
 require_once(APPROOT."/application/utils.inc.php");
 
-if (php_sapi_name() !== 'cli')
+if (PHP_SAPI !== 'cli')
 {
 	throw new \Exception('This script can only run from CLI');
 }

.make/composer/rmDeniedTestDir.php

@@ -26,7 +26,7 @@ $iTopFolder = __DIR__ . "/../../" ;
 require_once ("$iTopFolder/approot.inc.php");
 require_once (APPROOT."/setup/setuputils.class.inc.php");
 
-if  (php_sapi_name() !== 'cli')
+if  (PHP_SAPI !== 'cli')
 {
 	throw new \Exception('This script can only run from CLI');
 }

application/ajaxwebpage.class.inc.php

@@ -42,7 +42,7 @@ class ajax_page extends WebPage implements iTabbedPage
 		$this->m_sReadyScript = "";
 		//$this->add_header("Content-type: text/html; charset=utf-8");
 		$this->no_cache();
-		$this->add_xframe_options();
+		$this->add_http_headers();
 		$this->m_oTabs = new TabManager();
 		$this->sContentType = 'text/html';
 		$this->sContentDisposition = 'inline';
@@ -51,6 +51,16 @@ class ajax_page extends WebPage implements iTabbedPage
 		utils::InitArchiveMode();
 	}
 
+	/**
+	 * Disabling sending the header so that resource won't be blocked by CORB. See parent method documentation.
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation
+	 */
+	public function add_xcontent_type_options()
+	{
+		// Nothing to do !
+	}
+
 	/**
 	 * @inheritDoc
 	 * @throws \Exception

application/applicationextension.inc.php

@@ -1709,8 +1709,16 @@ class RestUtils
 		elseif (is_string($key))
 		{
 			// OQL
-			$oSearch = DBObjectSearch::FromOQL($key);
-		}
+            try {
+                $oSearch = DBObjectSearch::FromOQL($key);
+            } catch (Exception $e) {
+                throw new CoreOqlException('Query failed to execute', [
+                        'query' => $key,
+                        'exception_class' => get_class($e),
+                        'exception_message' => $e->getMessage(),
+                ]);
+            }
+        }
 		else
 		{
 			throw new Exception("Wrong format for key");

application/cmdbabstract.class.inc.php

@@ -3218,13 +3218,13 @@ EOF
 				if ($oAttDef->GetEditClass() == 'Document')
 				{
 					$oDocument = $this->Get($sAttCode);
-					if (!$oDocument->IsEmpty())
+					if (is_object($oDocument) && !$oDocument->IsEmpty())
 					{
 						$sDisplayValue = $this->GetAsHTML($sAttCode);
 						$sDisplayValue .= "<br/>".Dict::Format('UI:OpenDocumentInNewWindow_',
-								$oDocument->GetDisplayLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
+						$oDocument->GetDisplayLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
 						$sDisplayValue .= "<br/>".Dict::Format('UI:DownloadDocument_',
-								$oDocument->GetDownloadLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
+						$oDocument->GetDownloadLink(get_class($this), $this->GetKey(), $sAttCode)).", \n";
 					}
 					else
 					{

application/csvpage.class.inc.php

@@ -33,7 +33,7 @@ class CSVPage extends WebPage
 		parent::__construct($s_title);
 		$this->add_header("Content-type: text/plain; charset=".self::PAGES_CHARSET);
 		$this->no_cache();
-		$this->add_xframe_options();
+		$this->add_http_headers();
 		//$this->add_header("Content-Transfer-Encoding: binary");
 	}
 

application/itopwebpage.class.inc.php

@@ -71,7 +71,7 @@ class iTopWebPage extends NiceWebPage implements iTabbedPage
 		$this->SetRootUrl(utils::GetAbsoluteUrlAppRoot());
 		$this->add_header("Content-type: text/html; charset=".self::PAGES_CHARSET);
 		$this->no_cache();
-		$this->add_xframe_options();
+		$this->add_http_headers();
 		$this->add_linked_stylesheet("../css/jquery.treeview.css");
 		$this->add_linked_stylesheet("../css/jquery.autocomplete.css");
 		$this->add_linked_stylesheet("../css/jquery-ui-timepicker-addon.css");

application/logindefault.class.inc.php

@@ -117,6 +117,11 @@ class LoginDefaultAfter extends AbstractLoginFSMExtension implements iLogoutExte
 	protected function OnConnected(&$iErrorCode)
 	{
 		unset($_SESSION['login_temp_auth_user']);
+		if (is_null(UserRights::GetUserObject())){
+			//N°7085 avoid infinite loop
+			IssueLog::Error("No user logged in. exit");
+			exit(-1);
+		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
 

application/loginwebpage.class.inc.php

@@ -85,7 +85,7 @@ class LoginWebPage extends NiceWebPage
 		parent::__construct($sTitle);
 		$this->SetStyleSheet();
 		$this->no_cache();
-		$this->add_xframe_options();
+		$this->add_http_headers();
 	}
 	
 	public function SetStyleSheet()

application/utils.inc.php

@@ -199,16 +199,8 @@ class utils
 
 	public static function IsModeCLI()
 	{
-		$sSAPIName = php_sapi_name();
-		$sCleanName = strtolower(trim($sSAPIName));
-		if ($sCleanName == 'cli')
-		{
-			return true;
-		}
-		else
-		{
-			return false;
-		}
+		$sCleanName = strtolower(trim(PHP_SAPI));
+		return ($sCleanName === 'cli');
 	}
 
 	protected static $bPageMode = null;

application/webpage.class.inc.php

@@ -483,12 +483,24 @@ class WebPage implements Page
 	}
 
 	/**
-	 * @param string|null $sHeaderValue for example `SAMESITE`. If null will set the header using the config parameter value.
+	 * @param string|null $sXFrameOptionsHeaderValue passed to {@see add_xframe_options}
+	 *
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation, replace {@see add_xframe_options} consumers call
+	 */
+	public function add_http_headers($sXFrameOptionsHeaderValue = null)
+	{
+		$this->add_xframe_options($sXFrameOptionsHeaderValue);
+		$this->add_xcontent_type_options();
+	}
+
+	/**
+	 * @param string|null $sHeaderValue for example `SAMESITE`. If null will set the header using the `security_header_xframe` config parameter value.
 	 *
 	 * @since 2.7.3 3.0.0 N°3416
-	 * @uses security_header_xframe config parameter
 	 * @uses \utils::GetConfig()
-	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+	 *
+	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options HTTP header MDN documentation
 	 */
 	public function add_xframe_options($sHeaderValue = null)
 	{
@@ -499,6 +511,38 @@ class WebPage implements Page
 		$this->add_header('X-Frame-Options: '.$sHeaderValue);
 	}
 
+	/**
+	 * Warning : this header will trigger the Cross-Origin Read Blocking (CORB) protection for some mime types (HTML, XML except SVG, JSON, text/plain)
+	 * In consequence some children pages will override this method.
+	 *
+	 * Sending header can be disabled globally using the `security.enable_header_xcontent_type_options` optional config parameter.
+	 *
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation
+	 *
+	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options HTTP header MDN documentation
+	 * @link https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md#determining-whether-a-response-is-corb_protected "Determining whether a response is CORB-protected"
+	 */
+	public function add_xcontent_type_options()
+	{
+		try {
+			$oConfig = utils::GetConfig();
+		} catch (ConfigException|CoreException $e) {
+			$oConfig = null;
+		}
+		if (is_null($oConfig)) {
+			$bSendXContentTypeOptionsHttpHeader = true;
+		} else {
+			$bSendXContentTypeOptionsHttpHeader = $oConfig->Get('security.enable_header_xcontent_type_options');
+		}
+
+		if ($bSendXContentTypeOptionsHttpHeader === false) {
+			return;
+		}
+
+		$this->add_header('X-Content-Type-Options: nosniff');
+	}
+
 	/**
 	 * Add needed headers to the page so that it will no be cached
 	 */

application/xmlpage.class.inc.php

@@ -44,10 +44,20 @@ class XMLPage extends WebPage
 		$this->m_bHeaderSent = false;
 		$this->add_header("Content-type: text/xml; charset=".self::PAGES_CHARSET);
 		$this->no_cache();
-		$this->add_xframe_options();
+		$this->add_http_headers();
 		$this->add_header("Content-location: export.xml");
 	}
 
+	/**
+	 * Disabling sending the header so that resource won't be blocked by CORB. See parent method documentation.
+	 * @return void
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°4368 method creation
+	 */
+	public function add_xcontent_type_options()
+	{
+		// Nothing to do !
+	}
+
 	public function output()
 	{
 		if (!$this->m_bPassThrough)

approot.inc.php

@@ -14,7 +14,7 @@ define('APPCONF', APPROOT.'conf/');
  * @used-by utils::GetItopVersionWikiSyntax()
  * @used-by iTopModulesPhpVersionIntegrationTest
  */
-define('ITOP_CORE_VERSION', '2.7.9');
+define('ITOP_CORE_VERSION', '2.7.11');
 
 
 require_once APPROOT.'bootstrap.inc.php';

bootstrap.inc.php

@@ -48,7 +48,7 @@ if (file_exists(MAINTENANCE_MODE_FILE) && !$bBypassMaintenance)
 	http_response_code(503);
 	// Display message depending on the request
 	include(APPROOT.'application/maintenancemsg.php');
-	$sSAPIName = strtoupper(trim(php_sapi_name()));
+	$sSAPIName = strtoupper(trim(PHP_SAPI));
 
 	switch (true)
 	{

core/attributedef.class.inc.php

@@ -2695,6 +2695,11 @@ class AttributeObjectKey extends AttributeDBFieldVoid
 		return ($proposedValue == 0);
 	}
 
+    /**
+     * @inheritDoc
+     *
+     * @param int|DBObject $proposedValue Object key or valid ({@see MetaModel::IsValidObject()}) datamodel object
+     */
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -2707,7 +2712,6 @@ class AttributeObjectKey extends AttributeDBFieldVoid
 		}
 		if (MetaModel::IsValidObject($proposedValue))
 		{
-			/** @var \DBObject $proposedValue */
 			return $proposedValue->GetKey();
 		}
 
@@ -5940,6 +5944,11 @@ class AttributeDateTime extends AttributeDBField
 		}
 	}
 
+    /**
+     * @inheritDoc
+     *
+     * @param int|string $proposedValue timestamp ({@see DateTime::getTimestamp()) or date as string, following the {@see GetInternalFormat} format.
+     */
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -7655,9 +7664,9 @@ class AttributeBlob extends AttributeDefinition
 	}
 
 	/**
-	 * Users can provide the document from an URL (including an URL on iTop itself)
-	 * for CSV import. Administrators can even provide the path to a local file
-	 * {@inheritDoc}
+     * {@inheritDoc}
+     *
+     * @param string $proposedValue Can be an URL (including an URL to iTop itself), or a local path (CSV import)
 	 *
 	 * @see AttributeDefinition::MakeRealValue()
 	 */

core/cmdbsource.class.inc.php

@@ -95,7 +95,7 @@ class MySQLHasGoneAwayException extends MySQLException
 	{
 		return array(
 			2006,
-			2013
+			2013,
 		);
 	}
 
@@ -134,6 +134,12 @@ class CMDBSource
 	const ENUM_DB_VENDOR_MARIADB = 'MariaDB';
 	const ENUM_DB_VENDOR_PERCONA = 'Percona';
 
+	/**
+	 * @since 2.7.10 3.0.4 3.1.2 3.0.2 N°6889 constant creation
+	 * @internal will be removed in a future version
+	 */
+	const MYSQL_DEFAULT_PORT = 3306;
+
 	/**
 	 * Error: 1205 SQLSTATE: HY000 (ER_LOCK_WAIT_TIMEOUT)
 	 *   Message: Lock wait timeout exceeded; try restarting transaction
@@ -319,16 +325,19 @@ class CMDBSource
 	/**
 	 * @param string $sDbHost initial value ("p:domain:port" syntax)
 	 * @param string $sServer server variable to update
-	 * @param int $iPort port variable to update
+	 * @param int|null $iPort port variable to update, will return null if nothing is specified in $sDbHost
+	 *
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°6889 will return null in $iPort if port isn't present in $sDbHost. Use {@see MYSQL_DEFAULT_PORT} if needed
+	 *
+	 * @link http://php.net/manual/en/mysqli.persistconns.php documentation for the "p:" prefix (persistent connexion)
 	 */
 	public static function InitServerAndPort($sDbHost, &$sServer, &$iPort)
 	{
 		$aConnectInfo = explode(':', $sDbHost);
 
 		$bUsePersistentConnection = false;
-		if (strcasecmp($aConnectInfo[0], 'p') == 0)
+		if (strcasecmp($aConnectInfo[0], 'p') === 0)
 		{
-			// we might have "p:" prefix to use persistent connections (see http://php.net/manual/en/mysqli.persistconns.php)
 			$bUsePersistentConnection = true;
 			$sServer = $aConnectInfo[0].':'.$aConnectInfo[1];
 		}
@@ -346,10 +355,6 @@ class CMDBSource
 		{
 			$iPort = (int)($aConnectInfo[1]);
 		}
-		else
-		{
-			$iPort = 3306;
-		}
 	}
 
 	/**
@@ -669,10 +674,9 @@ class CMDBSource
 	/**
 	 * @param string $sSQLQuery
 	 *
-	 * @return \mysqli_result|null
-	 * @throws \MySQLException
-	 * @throws \MySQLHasGoneAwayException
-	 * @throws \CoreException
+     * @return mysqli_result|null
+     * @throws MySQLException
+     * @throws MySQLHasGoneAwayException
 	 *
 	 * @since 2.7.0 N°679 handles nested transactions
 	 */
@@ -1292,8 +1296,8 @@ class CMDBSource
 	 */
 	public static function IsSameFieldTypes($sItopGeneratedFieldType, $sDbFieldType)
 	{
-		list($sItopFieldDataType, $sItopFieldTypeOptions, $sItopFieldOtherOptions) = static::GetFieldDataTypeAndOptions($sItopGeneratedFieldType);
-		list($sDbFieldDataType, $sDbFieldTypeOptions, $sDbFieldOtherOptions) = static::GetFieldDataTypeAndOptions($sDbFieldType);
+		[$sItopFieldDataType, $sItopFieldTypeOptions, $sItopFieldOtherOptions] = static::GetFieldDataTypeAndOptions($sItopGeneratedFieldType);
+		[$sDbFieldDataType, $sDbFieldTypeOptions, $sDbFieldOtherOptions] = static::GetFieldDataTypeAndOptions($sDbFieldType);
 
 		if (strcasecmp($sItopFieldDataType, $sDbFieldDataType) !== 0)
 		{
@@ -1730,8 +1734,20 @@ class CMDBSource
 		return false;
 	}
 
-	/**
-	 * @return string query to upgrade database charset and collation if needed, null if not
+    public static function GetClusterNb()
+    {
+        $result = 0;
+        $sSql = "SHOW STATUS LIKE 'wsrep_cluster_size';";
+        $aRows = self::QueryToArray($sSql);
+        if (count($aRows) > 0)
+        {
+            $result = $aRows[0]['Value'];
+        }
+        return intval($result);
+    }
+
+    /**
+     * @return string query to upgrade database charset and collation if needed, null if not
 	 * @throws \MySQLException
 	 *
 	 * @since 2.5.0 N°1001 switch to utf8mb4

core/config.class.inc.php

@@ -1320,6 +1320,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'security.enable_header_xcontent_type_options' => [
+			'type' => 'bool',
+			'description' => 'If set to false, iTop will stop sending the X-Content-Type-Options HTTP header. This header could trigger CORB protection on certain resources (JSON, XML, HTML, text) therefore blocking them.',
+			'default' => true,
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'behind_reverse_proxy' => [
 			'type' => 'bool',
 			'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)',
@@ -1901,6 +1909,24 @@ class Config
 		$this->m_sAllowedLoginTypes = implode('|', $aAllowedLoginTypes);
 	}
 
+	/**
+	 * @since 2.7.11 N°7085
+	 * Add login mode if not configured already
+	 * @param string $sLoginMode
+	 *
+	 * @return void
+	 */
+	public function AddAllowedLoginTypes($sLoginMode)
+	{
+		$aAllowedLoginTypes = $this->GetAllowedLoginTypes();
+		if (in_array($sLoginMode, $aAllowedLoginTypes)){
+			return;
+		}
+
+		$aAllowedLoginTypes[] = $sLoginMode;
+		$this->SetAllowedLoginTypes($aAllowedLoginTypes);
+	}
+
 	public function SetExternalAuthenticationVariable($sExtAuthVariable)
 	{
 		$this->m_sExtAuthVariable = $sExtAuthVariable;

core/dbobject.class.php

@@ -532,11 +532,10 @@ abstract class DBObject implements iDisplay
      * Attributes setter
      *
      * Set $sAttCode to $value.
-     * The value must be valid according to the type of attribute.
+     * The value must be valid according to the type of attribute : see the different {@see AttributeDefinition::MakeRealValue()} implementations
      * The value will not be recorded into the DB until DBObject::DBWrite() is called.
      *
      * @api
-     * @see DBWrite()
      *
      * @param string $sAttCode
      * @param mixed $value
@@ -544,6 +543,8 @@ abstract class DBObject implements iDisplay
      * @return bool
      * @throws CoreException
      * @throws CoreUnexpectedValue
+     *
+     * @see DBWrite()
      */
 	public function Set($sAttCode, $value)
 	{
@@ -2084,16 +2085,17 @@ abstract class DBObject implements iDisplay
 	}
 
 	/**
+     * @param array $aUniquenessRuleProperties uniqueness rule properties
+	 *
+     * @param string $sUniquenessRuleId uniqueness rule ID
+	 * @return \DBSearch
+	 * @throws \OQLException
+     * @throws \CoreException
+     *
      * @internal
      *
-	 * @param string $sUniquenessRuleId uniqueness rule ID
-	 * @param array $aUniquenessRuleProperties uniqueness rule properties
-	 *
-	 * @return \DBSearch
-	 * @throws \CoreException
-	 * @throws \OQLException
-	 * @since 2.6.0 N°659 uniqueness constraint
-	 * @api
+     * @since 2.6.0 N°659 uniqueness constraint
+     * @since 2.7.11 3.1.2 3.2.0 N°4314 Fix Uniqueness rules not working with Silo
 	 */
 	protected function GetSearchForUniquenessRule($sUniquenessRuleId, $aUniquenessRuleProperties)
 	{
@@ -2123,8 +2125,10 @@ abstract class DBObject implements iDisplay
 			$oUniquenessQuery->AddConditionForInOperatorUsingParam('finalclass', $aChildClassesWithRuleDisabled, false);
 		}
 
-		return $oUniquenessQuery;
-	}
+        $oUniquenessQuery->AllowAllData();
+
+        return $oUniquenessQuery;
+    }
 
 	/**
 	 * Check integrity rules (before inserting or updating the object)

core/dbsearch.class.php

@@ -866,11 +866,11 @@ abstract class DBSearch
 			return;
 		}
 
-		if (count($aColumns) == 0)
-		{
-			$aColumns = array_keys(MetaModel::ListAttributeDefs($this->GetClass()));
-			// Add the standard id (as first column)
-			array_unshift($aColumns, 'id');
+        if (count($aColumns) == 0)
+        {
+            $aColumns = array_keys(MetaModel::ListAttributeDefs($this->GetClass()));
+            // Add the standard id (as first column)
+            array_unshift($aColumns, 'id');
 		}
 
 		$aQueryCols = CMDBSource::GetColumns($resQuery, $sSQL);
@@ -900,6 +900,55 @@ abstract class DBSearch
 		return $aRes;
 	}
 
+    /**
+     * Selects a column ($sAttCode) from the specified class ($sClassAlias - default main class) of the DBsearch object and gives the result as an array
+     * @param string $sAttCode
+     * @param string|null $sClassAlias
+     *
+     * @return array
+     * @throws ConfigException
+     * @throws CoreException
+     * @throws MissingQueryArgument
+     * @throws MySQLException
+     * @throws MySQLHasGoneAwayException
+     */
+    public function SelectAttributeToArray(string $sAttCode, ?string $sClassAlias = null):array
+    {
+       if(is_null($sClassAlias)) {
+           $sClassAlias = $this->GetClassAlias();
+       }
+
+       $sClass = $this->GetClass();
+       if($sAttCode === 'id'){
+           $aAttToLoad[$sClassAlias]=[];
+       } else {
+           $aAttToLoad[$sClassAlias][$sAttCode] = MetaModel::GetAttributeDef($sClass, $sAttCode);
+       }
+
+        $sSQL = $this->MakeSelectQuery([], [], $aAttToLoad);
+        $resQuery = CMDBSource::Query($sSQL);
+        if (!$resQuery)
+        {
+            return [];
+        }
+
+        $sColName = $sClassAlias.$sAttCode;
+
+        $aRes = [];
+        while ($aRow = CMDBSource::FetchArray($resQuery))
+        {
+            $aMappedRow = array();
+            if($sAttCode === 'id') {
+                $aMappedRow[$sAttCode] = $aRow[$sColName];
+            } else {
+                $aMappedRow[$sAttCode] = $aAttToLoad[$sClassAlias][$sAttCode]->FromSQLToValue($aRow, $sColName);
+            }
+            $aRes[] = $aMappedRow;
+        }
+        CMDBSource::FreeResult($resQuery);
+        return $aRes;
+    }
+
 	////////////////////////////////////////////////////////////////////////////
 	//
 	// Construction of the SQL queries

core/simplegraph.class.inc.php

@@ -537,7 +537,7 @@ EOF
 		}
 		else
 		{
-			throw new Exception('graphviz not found (executable path: '.$sDotExecutable.')');
+            throw new Exception('graphviz not found');
 		}
 		return $sHtml;
 	}
@@ -592,7 +592,7 @@ EOF
 		}
 		else
 		{
-			throw new Exception('graphviz not found (executable path: '.$sDotExecutable.')');
+            throw new Exception('graphviz not found');
 		}
 		return $sHtml;
 	}

core/userrights.class.inc.php

@@ -110,7 +110,7 @@ abstract class UserRightsAddOnAPI
 				$oSearchSharers->AllowAllData();
 				$oSearchSharers->AddCondition_ReferencedBy($oShareSearch, 'sharing_org_id');
 				$aSharers = array();
-				foreach($oSearchSharers->ToDataArray(array('id')) as $aRow)
+				foreach($oSearchSharers->SelectAttributeToArray('id') as $aRow)
 				{
 					$aSharers[] = $aRow['id'];
 				}
@@ -135,7 +135,7 @@ abstract class UserRightsAddOnAPI
 				$oOrgField = new FieldExpression('org_id', $sShareClass);
 				$oSearchShares->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr));
 				$aShared = array();
-				foreach($oSearchShares->ToDataArray(array($sShareAttCode)) as $aRow)
+				foreach($oSearchShares->SelectAttributeToArray($sShareAttCode) as $aRow)
 				{
 					$aShared[] = $aRow[$sShareAttCode];
 				}

css/css-variables.scss

@@ -17,7 +17,7 @@
  */
 
 // Beware the version number MUST be enclosed with quotes otherwise v2.3.0 becomes v2 0.3 .0
-$version: "v2.7.9";
+$version: "v2.7.11";
 $approot-relative: "../../../../../" !default; // relative to env-***/branding/themes/***/main.css
 
 // Base colors

css/setup.css

@@ -15,10 +15,14 @@
  *
  * You should have received a copy of the GNU Affero General Public License
  */
+/* integrityCheck: begin (do not remove/edit) */
 /* Helpers classes */
 .center {
   text-align: center;
 }
+.hidden {
+  display: none;
+}
 /* Animations */
 @keyframes progress_bar_color_ongoing {
   from {
@@ -265,4 +269,4 @@ fieldset > legend {
   font-weight: bold;
   color: #e60000b8;
 }
-
+/* integrityCheck: end (do not remove/edit) */

css/setup.scss

@@ -56,6 +56,9 @@ $progress-bar-error-bg-color: #F56565 !default;
 .center {
 	text-align: center;
 }
+.hidden {
+  display: none;
+}
 
 /* Animations */
 @keyframes progress_bar_color_ongoing {

datamodels/2.x/authent-cas/module.authent-cas.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-cas/2.7.9',
+	'authent-cas/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-external/module.authent-external.php

@@ -27,7 +27,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-external/2.7.9',
+	'authent-external/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-ldap/module.authent-ldap.php

@@ -9,7 +9,7 @@ if (function_exists('ldap_connect'))
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-ldap/2.7.9',
+	'authent-ldap/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-local/module.authent-local.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-local/2.7.9',
+	'authent-local/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'combodo-db-tools/2.7.9',
+	'combodo-db-tools/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-attachments/module.itop-attachments.php

@@ -19,7 +19,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-attachments/2.7.9',
+	'itop-attachments/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-backup/module.itop-backup.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-backup/2.7.9',
+	'itop-backup/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-virtualization-storage/2.7.9',
+	'itop-bridge-virtualization-storage/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt-itil/2.7.9',
+	'itop-change-mgmt-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt/2.7.9',
+	'itop-change-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config-mgmt/2.7.9',
+	'itop-config-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-config/module.itop-config.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config/2.7.9',
+	'itop-config/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-core-update/module.itop-core-update.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-core-update/2.7.9',
+	'itop-core-update/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php

@@ -18,7 +18,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-datacenter-mgmt/2.7.9',
+	'itop-datacenter-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php

@@ -25,7 +25,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-endusers-devices/2.7.9',
+	'itop-endusers-devices/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-files-information/module.itop-files-information.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-files-information/2.7.9',
+	'itop-files-information/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-full-itil/module.itop-full-itil.php

@@ -6,7 +6,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-full-itil/2.7.9',
+	'itop-full-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-hub-connector/TokenValidation.php

@@ -0,0 +1,19 @@
+<?php
+
+class TokenValidation
+{
+	// construct function
+	public function __construct()
+	{
+	}
+	public function isSetupTokenValid($sParamToken) : bool
+	{
+		if (!file_exists(APPROOT.'data/.setup')) {
+			return false;
+		}
+		$sSetupToken = trim(file_get_contents(APPROOT.'data/.setup'));
+		unlink(APPROOT.'data/.setup');
+		return $sParamToken === $sSetupToken;
+	}
+
+}

datamodels/2.x/itop-hub-connector/hubconnectorpage.class.inc.php

@@ -7,7 +7,7 @@ class HubConnectorPage extends NiceWebPage
 	    parent::__construct($sTitle);
 
 	    $this->no_cache();
-	    $this->add_xframe_options();
+	    $this->add_http_headers();
 
 	    $sImagesDir = utils::GetAbsoluteUrlAppRoot().'images';
 	    $sModuleImagesDir = utils::GetAbsoluteUrlModulesRoot().'itop-hub-connector/images';

datamodels/2.x/itop-hub-connector/launch.php

@@ -280,6 +280,7 @@ try
 	require_once ('hubconnectorpage.class.inc.php');
 	
 	require_once (APPROOT.'/application/startup.inc.php');
+    require_once('TokenValidation.php');
 	
 	$sTargetRoute = utils::ReadParam('target', ''); // ||browse_extensions|deploy_extensions|
 	
@@ -299,11 +300,20 @@ try
 		case 'inform_after_setup':
 		// Hidden IFRAME at the end of the setup
 		require_once (APPROOT.'/application/ajaxwebpage.class.inc.php');
-		$oPage = new NiceWebPage('');
-		$aDataToPost = MakeDataToPost($sTargetRoute);
-		$oPage->add('<form id="hub_launch_form" action="'.$sHubUrlStateless.'" method="post">');
-		$oPage->add('<input type="hidden" name="json" value="'.htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8').'">');
-		$oPage->add_ready_script('$("#hub_launch_form").submit();');
+
+            $sParamToken = utils::ReadParam('setup_token');
+            $oTokenValidation = new TokenValidation();
+            $bIsTokenValid = $oTokenValidation->isSetupTokenValid($sParamToken);
+            if (UserRights::IsAdministrator() || $bIsTokenValid) {
+                $oPage = new NiceWebPage('');
+                $aDataToPost = MakeDataToPost($sTargetRoute);
+                $oPage->add('<form id="hub_launch_form" action="' . $sHubUrlStateless . '" method="post">');
+                $oPage->add('<input type="hidden" name="json" value="' . htmlentities(json_encode($aDataToPost), ENT_QUOTES, 'UTF-8') . '">');
+                $oPage->add_ready_script('$("#hub_launch_form").submit();');
+            } else {
+                IssueLog::Error('TokenValidation failed on inform_after_setup page');
+                throw new Exception("Not allowed");
+            }
 		break;
 		
 		default:

datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-hub-connector/2.7.9',
+	'itop-hub-connector/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-incident-mgmt-itil/2.7.9',
+	'itop-incident-mgmt-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-knownerror-mgmt/2.7.9',
+	'itop-knownerror-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-oauth-client/assets/js/oauth_connect.js

@@ -92,6 +92,8 @@ const OAuthConnect = function(sClass, sId, sAjaxUri) {
 		function (oData) {
 			if (oData.status === 'success') {
 				oOpenSignInWindow(oData.data.authorization_url, 'OAuth authorization')
+			} else {
+				alert(oData.error_description);
 			}
 		}
 	);

datamodels/2.x/itop-oauth-client/datamodel.itop-oauth-client.xml

@@ -339,6 +339,11 @@
           <default_value>no</default_value>
           <is_null_allowed>true</is_null_allowed>
         </field>
+        <field id="tenant" xsi:type="AttributeString">
+          <sql>tenant</sql>
+          <default_value>common</default_value>
+          <is_null_allowed>false</is_null_allowed>
+        </field>
       </fields>
       <presentation>
         <details>
@@ -364,15 +369,18 @@
                     <item id="redirect_url">
                       <rank>50</rank>
                     </item>
-                    <item id="client_id">
+                    <item id="tenant">
                       <rank>60</rank>
                     </item>
-                    <item id="client_secret">
+                    <item id="client_id">
                       <rank>70</rank>
                     </item>
-                    <item id="mailbox_list">
+                    <item id="client_secret">
                       <rank>80</rank>
                     </item>
+                    <item id="mailbox_list">
+                      <rank>90</rank>
+                    </item>
                   </items>
                 </item>
               </items>

datamodels/2.x/itop-oauth-client/en.dict.itop-oauth-client.php

@@ -93,6 +93,8 @@ Dict::Add('EN US', 'English', 'English', array(
 	'Class:OAuthClientAzure/Attribute:used_for_smtp+' => 'At least one OAuth client must have this flag to “Yes”, if you want iTop to use it for sending mails',
 	'Class:OAuthClientAzure/Attribute:used_for_smtp/Value:yes' => 'Yes',
 	'Class:OAuthClientAzure/Attribute:used_for_smtp/Value:no' => 'No',
+    'Class:OAuthClientAzure/Attribute:tenant' => 'Tenant',
+    'Class:OAuthClientAzure/Attribute:tenant+' => 'Tenant ID of the configured application. For multi-tenant application, use common.',
 ));
 
 //

datamodels/2.x/itop-oauth-client/module.itop-oauth-client.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-oauth-client/2.7.9',
+	'itop-oauth-client/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php

@@ -10,6 +10,7 @@ use cmdbAbstractObject;
 use Combodo\iTop\Application\TwigBase\Controller\Controller;
 use Combodo\iTop\Core\Authentication\Client\OAuth\OAuthClientProviderFactory;
 use Dict;
+use Exception;
 use IssueLog;
 use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
 use MetaModel;
@@ -31,8 +32,13 @@ class AjaxOauthClientController extends Controller
 
 		$aResult = ['status' => 'success', 'data' => []];
 
-		$sAuthorizationUrl = OAuthClientProviderFactory::GetAuthorizationUrl($oOAuthClient);
-		$aResult['data']['authorization_url'] = $sAuthorizationUrl;
+        try {
+            $sAuthorizationUrl = OAuthClientProviderFactory::GetAuthorizationUrl($oOAuthClient);
+            $aResult['data']['authorization_url'] = $sAuthorizationUrl;
+        } catch (Exception $oException) {
+            $aResult['status'] = 'error';
+            $aResult['error_description'] = $oException->getMessage();
+        }
 
 		$this->DisplayJSONPage($aResult);
 	}

datamodels/2.x/itop-portal-base/module.itop-portal-base.php

@@ -20,7 +20,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-portal-base/2.7.9', array(
+	'itop-portal-base/2.7.11', array(
 	// Identification
 	'label' => 'Portal Development Library',
 		'category' => 'Portal',

datamodels/2.x/itop-portal-base/portal/src/EventListener/UserProvider.php

@@ -29,6 +29,7 @@ use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use UserRights;
+use utils;
 
 /**
  * Class UserProvider
@@ -91,6 +92,9 @@ class UserProvider implements ContainerAwareInterface
 		}
 		$this->oContainer->set('combodo.current_user', $oUser);
 
+        // User allowed to log off or not
+        $this->oContainer->set('combodo.current_user.can_logoff', utils::CanLogOff());
+
 		// Allowed portals
 		$aAllowedPortals = UserRights::GetAllowedPortals();
 

datamodels/2.x/itop-portal-base/portal/templates/layout.html.twig

@@ -3,11 +3,13 @@
 
 {% if app['combodo.current_user'] is defined and app['combodo.current_user'] is not null %}
 	{% set bUserConnected = true %}
+    {% set bUserCanLogOff = app['combodo.current_user.can_logoff'] %}
 	{% set sUserFullname = app['combodo.current_user'].Get('first_name') ~ ' ' ~ app['combodo.current_user'].Get('last_name') %}
 	{% set sUserEmail = app['combodo.current_user'].Get('email') %}
 	{% set sUserPhotoUrl = app['combodo.current_contact.photo_url'] %}
 {% else %}
 	{% set bUserConnected = false %}
+    {% set bUserCanLogOff = false %}
 	{% set sUserFullname = '' %}
 	{% set sUserEmail = '' %}
 	{% set sUserPhotoUrl = app['combodo.portal.base.absolute_url'] ~ 'img/user-profile-default-256px.png' %}
@@ -62,12 +64,12 @@
         {% endif %}
 		{# Custom CSS that is supposed to do adjustments to the portal #}
 		{% if app['combodo.portal.instance.conf'].properties.themes.custom is defined %}
-			<link href="{{ app['combodo.portal.instance.conf'].properties.themes.custom|add_itop_version }}" rel="stylesheet">
+			<link href="{{ app['combodo.absolute_url'] ~ app['combodo.portal.instance.conf'].properties.themes.custom|add_itop_version }}" rel="stylesheet">
 		{% endif %}
 		{# Others CSS that will come after the theme/portal/custom, in an undefined order #}
 		{% if app['combodo.portal.instance.conf'].properties.themes.others is defined %}
 			{% for theme in app['combodo.portal.instance.conf'].properties.themes.others %}
-				<link href="{{ theme|add_itop_version }}" rel="stylesheet">
+				<link href="{{ app['combodo.absolute_url'] ~ theme|add_itop_version }}" rel="stylesheet">
 			{% endfor %}
 		{% endif %}
 	{% endblock %}
@@ -230,11 +232,13 @@
 											<li><a href="{{ aPortal.url }}" target="_blank"><span class="brick_icon {{ sIconClass }} fa-2x fa-fw"></span>{{ aPortal.label|dict_s }}</a></li>
 										{% endif %}
 									{% endfor %}
-									{# We display the separator only if the user has more then 1 portal. Meaning default portal + console or several portal at least #}
-									{% if app['combodo.current_user.allowed_portals']|length > 1 %}
-										<li role="separator" class="divider"></li>
-									{% endif %}
-									<li><a href="{{ app['combodo.absolute_url'] }}pages/logoff.php"><span class="brick_icon fas fa-sign-out-alt fa-2x fa-fw"></span>{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:Logout'|dict_s }}</a></li>
+                                    {% if bUserCanLogOff %}
+                                        {# We display the separator only if the user has more then 1 portal. Meaning default portal + console or several portal at least #}
+                                        {% if app['combodo.current_user.allowed_portals']|length > 1 %}
+                                            <li role="separator" class="divider"></li>
+                                        {% endif %}
+									    <li><a href="{{ app['combodo.absolute_url'] }}pages/logoff.php"><span class="brick_icon fas fa-sign-out-alt fa-2x fa-fw"></span>{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:Logout'|dict_s }}</a></li>
+                                    {% endif %}
 								{% endif %}
 							</ul>
 						</div>
@@ -269,11 +273,13 @@
 											<li><a href="{{ aPortal.url }}" {% if app['combodo.portal.instance.conf'].properties.allowed_portals.opening_mode == 'tab' %}target="_blank"{% endif %} title="{{ aPortal.label|dict_s }}"><span class="brick_icon {{ sGlyphiconClass }} fa-lg fa-fw"></span>{{ aPortal.label|dict_s }}</a></li>
 										{% endif %}
 									{% endfor %}
-									{# We display the separator only if the user has more then 1 portal. Meaning default portal + console or several portal at least #}
-									{% if app['combodo.current_user.allowed_portals']|length > 1 %}
-										<li role="separator" class="divider"></li>
-									{% endif %}
-									<li><a href="{{ app['combodo.absolute_url'] }}pages/logoff.php"><span class="brick_icon fas fa-sign-out-alt fa-lg fa-fw"></span>{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:Logout'|dict_s }}</a></li>
+                                    {% if bUserCanLogOff %}
+                                        {# We display the separator only if the user has more then 1 portal. Meaning default portal + console or several portal at least #}
+                                        {% if app['combodo.current_user.allowed_portals']|length > 1 %}
+                                            <li role="separator" class="divider"></li>
+                                        {% endif %}
+									    <li><a href="{{ app['combodo.absolute_url'] }}pages/logoff.php"><span class="brick_icon fas fa-sign-out-alt fa-lg fa-fw"></span>{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:Logout'|dict_s }}</a></li>
+                                    {% endif %}
 								</ul>
 							</div>
 						</div>
@@ -458,8 +464,8 @@
                         sBody = '{{ 'Error:XHR:Fail'|dict_format(constant('ITOP_APPLICATION_SHORT'))|escape('js') }}';
 					}
 					var oModalElem = $('#modal-for-alert');
-                    oModalElem.find('.modal-content .modal-header .modal-title').html(sTitle);
-                    oModalElem.find('.modal-content .modal-body .alert').addClass('alert-danger').html(sBody);
+                    oModalElem.find('.modal-content .modal-header .modal-title').text(sTitle);
+                    oModalElem.find('.modal-content .modal-body .alert').addClass('alert-danger').text(sBody);
                     oModalElem.modal('show');
 				};
 			{% endblock %}

datamodels/2.x/itop-portal/module.itop-portal.php

@@ -20,7 +20,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-portal/2.7.9', array(
+	'itop-portal/2.7.11', array(
 	// Identification
 	'label' => 'Enhanced Customer Portal',
 	'category' => 'Portal',

datamodels/2.x/itop-problem-mgmt/module.itop-problem-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-problem-mgmt/2.7.9',
+	'itop-problem-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-profiles-itil/module.itop-profiles-itil.php

@@ -19,7 +19,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-profiles-itil/2.7.9',
+	'itop-profiles-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-request-mgmt-itil/module.itop-request-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-request-mgmt-itil/2.7.9',
+	'itop-request-mgmt-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-request-mgmt/module.itop-request-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-request-mgmt/2.7.9',
+	'itop-request-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-service-mgmt-provider/module.itop-service-mgmt-provider.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-service-mgmt-provider/2.7.9',
+	'itop-service-mgmt-provider/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-service-mgmt/module.itop-service-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-service-mgmt/2.7.9',
+	'itop-service-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-sla-computation/module.itop-sla-computation.php

@@ -18,7 +18,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-sla-computation/2.7.9',
+	'itop-sla-computation/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-storage-mgmt/module.itop-storage-mgmt.php

@@ -25,7 +25,7 @@
  
  SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	 'itop-storage-mgmt/2.7.9',
+	 'itop-storage-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-tickets/module.itop-tickets.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__,
-	'itop-tickets/2.7.9',
+	'itop-tickets/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-virtualization-mgmt/module.itop-virtualization-mgmt.php

@@ -16,7 +16,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-virtualization-mgmt/2.7.9',
+	'itop-virtualization-mgmt/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-welcome-itil/module.itop-welcome-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-welcome-itil/2.7.9',
+	'itop-welcome-itil/2.7.11',
 	array(
 		// Identification
 		//

datamodels/2.x/version.xml

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <information>
-  <version>2.7.9</version>
+  <version>2.7.11</version>
 </information>

pages/ajax.document.php

@@ -67,7 +67,7 @@ try
 
 					// X-Frame http header : set in page constructor, but we need to allow frame integration for this specific page
 					// so we're resetting its value ! (see N°3416)
-					$oPage->add_xframe_options('');
+					$oPage->add_http_headers('');
 
 					$oPage->add_header("Last-Modified: Wed, 15 Jun 2015 13:21:15 GMT"); // An arbitrary date in the past is ok
 				}
@@ -88,7 +88,7 @@ try
 
 				// X-Frame http header : set in page constructor, but we need to allow frame integration for this specific page
 				// so we're resetting its value ! (see N°3416)
-				$oPage->add_xframe_options('');
+				$oPage->add_http_headers('');
 
 				$oPage->add_header("Last-Modified: Wed, 15 Jun 2016 13:21:15 GMT"); // An arbitrary date in the past is ok
 			}
@@ -103,7 +103,7 @@ try
 
 			// X-Frame http header : set in page constructor, but we need to allow frame integration for this specific page
 			// so we're resetting its value ! (see N°3416)
-			$oPage->add_xframe_options('');
+			$oPage->add_http_headers('');
 
 			$oPage->add(file_get_contents(Utils::GetCachePath().$sSignature.'.js'));
 			break;

pages/ajax.render.php

@@ -1036,7 +1036,7 @@ try
 
 				// X-Frame http header : set in page constructor, but we need to allow frame integration for this specific page
 				// so we're resetting its value ! (see N°3416)
-				$oPage->add_xframe_options('');
+				$oPage->add_http_headers('');
 
 				// N°4129 - Prevent XSS attacks & other script executions
 				if (utils::GetConfig()->Get('security.disable_inline_documents_sandbox') === false) {

pages/audit.php

@@ -1,20 +1,7 @@
 <?php
-/**
- * Copyright (C) 2013-2019 Combodo SARL
- *
- * This file is part of iTop.
- *
- * iTop is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * iTop is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
+/*
+ * @copyright   Copyright (C) 2010-2023 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
 /**
@@ -113,7 +100,7 @@ function GetRuleResultFilter($iRuleId, $oDefinitionFilter, $oAppContext)
 	{
 		// The query returns only the valid elements, all the others are invalid
 		// Warning : we're generating a `WHERE ID IN`... query, and this could be very slow if there are lots of id !
-		$aValidRows = $oRuleFilter->ToDataArray(array('id'));
+      	$aValidRows = $oRuleFilter->ToDataArray(array('id'));
 		$aValidIds = array();
 		foreach($aValidRows as $aRow)
 		{
@@ -317,7 +304,7 @@ try
 						try
 						{
 							$oFilter = GetRuleResultFilter($oAuditRule->GetKey(), $oDefinitionFilter, $oAppContext);
-							$aErrors = $oFilter->ToDataArray(array('id'));
+							$aErrors = $oFilter->SelectAttributeToArray('id');
 							$iErrorsCount = count($aErrors);
 							foreach($aErrors as $aErrorRow)
 							{

pages/preferences.php

@@ -81,7 +81,7 @@ function DisplayPreferences($oP)
 	$oP->add('<fieldset><legend>'.Dict::S('UI:FavoriteOtherSettings').'</legend>');
 	$oP->add('<form method="post" onsubmit="return ValidateOtherSettings()">');
 
-	$iDefaultPageSize = appUserPreferences::GetPref('default_page_size', MetaModel::GetConfig()->GetMinDisplayLimit());
+	$iDefaultPageSize = (int)appUserPreferences::GetPref('default_page_size', MetaModel::GetConfig()->GetMinDisplayLimit());
 	$oP->add('<p>'.Dict::Format('UI:Favorites:Default_X_ItemsPerPage', '<input id="default_page_size" name="default_page_size" type="text" size="3" value="'.$iDefaultPageSize.'"/><span id="v_default_page_size"></span>').'</p>');
 
 	$bShow = utils::IsArchiveMode() || appUserPreferences::GetPref('show_obsolete_data', MetaModel::GetConfig()->Get('obsolescence.show_obsolete_data'));

setup/applicationinstaller.class.inc.php

@@ -225,7 +225,7 @@ class ApplicationInstaller
 
 				case 'copy':
 					$aPreinstall = $this->oParams->Get('preinstall');
-					$aCopies = $aPreinstall['copies'];
+					$aCopies = $aPreinstall['copies'] ?? [];
 
 					self::DoCopy($aCopies);
 					$sReport = "Copying...";

setup/backup.class.inc.php

@@ -305,9 +305,8 @@ class DBBackup
 		// Store the results in a temporary file
 		$sTmpFileName = self::EscapeShellArg($sBackupFileName);
 
-		$sPortOption = self::GetMysqliCliSingleOption('port', $this->iDBPort);
+		$sPortAndTransportOptions = self::GetMysqlCliPortAndTransportOptions($this->sDBHost, $this->iDBPort);
 		$sTlsOptions = self::GetMysqlCliTlsOptions($this->oConfig);
-		$sProtocolOption = self::GetMysqlCliTransportOption($this->sDBHost);
 
 		$sMysqlVersion = CMDBSource::GetDBVersion();
 		$bIsMysqlSupportUtf8mb4 = (version_compare($sMysqlVersion, self::MYSQL_VERSION_WITH_UTF8MB4_IN_PROGRAMS) === -1);
@@ -326,10 +325,10 @@ EOF;
 		chmod($sMySQLDumpCnfFile, 0600);
 		file_put_contents($sMySQLDumpCnfFile, $sMySQLDumpCnf, LOCK_EX);
 
-			// Note: opt implicitely sets lock-tables... which cancels the benefit of single-transaction!
+		// Note: opt implicitly sets lock-tables... which cancels the benefit of single-transaction!
 			//       skip-lock-tables compensates and allows for writes during a backup
-			$sCommand = "$sMySQLDump --defaults-extra-file=\"$sMySQLDumpCnfFile\" --opt --skip-lock-tables --default-character-set=".$sMysqldumpCharset." --add-drop-database --single-transaction --host=$sHost $sPortOption $sProtocolOption --user=$sUser $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables 2>&1";
-			$sCommandDisplay = "$sMySQLDump --defaults-extra-file=\"$sMySQLDumpCnfFile\" --opt --skip-lock-tables --default-character-set=".$sMysqldumpCharset." --add-drop-database --single-transaction --host=$sHost $sPortOption $sProtocolOption --user=xxxxx $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables";
+		$sCommand = "$sMySQLDump --defaults-extra-file=\"$sMySQLDumpCnfFile\" --opt --skip-lock-tables --default-character-set=" . $sMysqldumpCharset . " --add-drop-database --single-transaction --host=$sHost $sPortAndTransportOptions --user=$sUser $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables 2>&1";
+		$sCommandDisplay = "$sMySQLDump --defaults-extra-file=\"$sMySQLDumpCnfFile\" --opt --skip-lock-tables --default-character-set=" . $sMysqldumpCharset . " --add-drop-database --single-transaction --host=$sHost $sPortAndTransportOptions --user=xxxxx $sTlsOptions --result-file=$sTmpFileName $sDBName $sTables";
 
 		// Now run the command for real
 		$this->LogInfo("backup: generate data file with command: $sCommandDisplay");
@@ -523,25 +522,37 @@ EOF;
 	}
 
 	/**
-	 * Define if we should force a transport option
+	 * @return string CLI options for port and protocol
 	 *
-	 * @param string $sHost
+	 * @since 2.7.9 3.0.4 3.1.1 N°6123 method creation
+	 * @since 2.7.10 3.0.4 3.1.2 3.2.0 N°6889 rename method to return both port and transport options. Keep default socket connexion if we are on localhost with no port
 	 *
-	 * @return string .
-
-	 * @since 2.7.9 3.0.4 3.1.1 N°6123
+	 * @link https://bugs.mysql.com/bug.php?id=55796 MySQL CLI tools will ignore `--port` option on localhost
+	 * @link https://jira.mariadb.org/browse/MDEV-14974 Since 10.6.1 the MariaDB CLI tools will use the `--port` option on host=localhost
 	 */
-	public static function GetMysqlCliTransportOption(string $sHost)
+	private static function GetMysqlCliPortAndTransportOptions(string $sHost, ?int $iPort): string
 	{
-		$sTransportOptions = '';
+		if (strtolower($sHost) === 'localhost') {
+			/**
+			 * Since MariaDB 10.6.1 if we have host=localhost, and only the --port option we will get a warning
+			 * To avoid this warning if we want to set --port option we must set --protocol=tcp
+			 **/
+			if (is_null($iPort)) {
+				// no port specified => no option to return, this will mean using socket protocol (unix socket)
+				return '';
+			}
 
-		/** N°6123 As we're using a --port option, if we use localhost as host,
-		 * MariaDB > 10.6 will implicitly change its protocol from socket to tcp and throw a warning **/
-		if($sHost === 'localhost'){
-			$sTransportOptions = '--protocol=tcp';
+			$sPortOption = self::GetMysqliCliSingleOption('port', $iPort);
+			$sTransportOptions = ' --protocol=tcp';
+			return $sPortOption . $sTransportOptions;
 		}
 
-		return $sTransportOptions;
+		if (is_null($iPort)) {
+			$iPort = CMDBSource::MYSQL_DEFAULT_PORT;
+		}
+		$sPortOption = self::GetMysqliCliSingleOption('port', $iPort);
+
+		return $sPortOption;
 	}
 
 	/**

setup/csp-detection.js

@@ -0,0 +1,121 @@
+/**
+ * Detects the current server's Content-Security-Policy to stop the setup if any directive doesn't meet the application's requirements
+ *
+ * @type {{_FindItopVersionInURI: (function(): string|string), aFlags: {bUnsafeInlineScriptOk: boolean, bUnsafeEvalScriptOk: boolean, bUnsafeInlineStyleOk: boolean}, _TestUnsafeEvalScript: SetupCSPDetection._TestUnsafeEvalScript, _HideContinueButtonIfPolicyNotOk: SetupCSPDetection._HideContinueButtonIfPolicyNotOk, _TestUnsafeInlineStyle: SetupCSPDetection._TestUnsafeInlineStyle, Run: SetupCSPDetection.Run, _TestUnSafeInlineScript: SetupCSPDetection._TestUnSafeInlineScript, _AddErrorAlert: SetupCSPDetection._AddErrorAlert}}
+ * @since 2.7.11 3.0.5 3.1.2 3.2.0 N°7075
+ */
+SetupCSPDetection = {
+	aFlags: {
+		bUnsafeInlineScriptOk: false,
+		bUnsafeEvalScriptOk: false,
+		bUnsafeInlineStyleOk: false,
+	},
+	Run: function () {
+		this._TestUnSafeInlineScript();
+		this._TestUnsafeEvalScript();
+		this._TestUnsafeInlineStyle();
+		this._HideContinueButtonIfPolicyNotOk();
+	},
+	/**
+	 * Test if the CSP "unsafe-inline" directive for script-src if enabled, otherwise it forbids the setup to go further
+	 * @private
+	 */
+	_TestUnSafeInlineScript: function() {
+		var sBaitElemID = "csp-detection--unsafe-inline-script-bait";
+
+		// Add inline script that should add an element in the DOM
+		var sAddedScript = '<script>$("body").append(\'<div id="' + sBaitElemID + '" class="hidden">If this is present in the DOM, then unsafe-inline for scripts policy is allowed</div>\')</script>';
+		$("body").append(sAddedScript);
+
+		// Check if element has been added to the DOM
+		if ($("#" + sBaitElemID).length === 1) {
+			this.aFlags.bUnsafeInlineScriptOk = true;
+		} else {
+			this._AddErrorAlert("unsafe-inline", "script");
+		}
+	},
+	/**
+	 * Test if the CSP "unsafe-eval" directive for script-src if enabled, otherwise it forbids the setup to go further
+	 * @private
+	 */
+	_TestUnsafeEvalScript: function() {
+		var sBaitElemID = "csp-detection--unsafe-eval-script-bait";
+
+		// Add inline eval script that should add an element in the DOM
+		var sAddedScript = '<script>eval(\'$("body").append(\\\'<div id="' + sBaitElemID + '" class="hidden">If this is present in the DOM, then unsafe-eval for scripts policy is allowed</div>\\\')\')</script>';
+		$("body").append(sAddedScript);
+
+		// Check if element has been added to the DOM
+		if ($("#" + sBaitElemID).length === 1) {
+			this.aFlags.bUnsafeEvalScriptOk = true;
+		} else {
+			this._AddErrorAlert("unsafe-eval", "script");
+		}
+	},
+	/**
+	 * Test if the CSP "unsafe-inline" directive for style-src if enabled, otherwise it forbids the setup to go further
+	 * @private
+	 */
+	_TestUnsafeInlineStyle: function() {
+		var sBaitElemID = "csp-detection--unsafe-inline-style-bait";
+
+		// Add inline eval script that should add an element in the DOM
+		$("body").append("<div id=\"" + sBaitElemID + "\">If this is present in the DOM and visible, then unsafe-inline for styles policy must be allowed</div>");
+		$("body").append("<style>#" + sBaitElemID + " { display: none; }</style>");
+
+		// Check if style has been applied
+		if ($("#" + sBaitElemID).is(":visible") === false) {
+			this.aFlags.bUnsafeInlineStyleOk = true;
+		} else {
+			// Remove bait div to avoid polluting the screen
+			$("#" + sBaitElemID).remove();
+			this._AddErrorAlert("unsafe-inline", "style");
+		}
+	},
+	/**
+	 * Hide continue button to prevent setup from going further if any policy is not OK
+	 * @private
+	 */
+	_HideContinueButtonIfPolicyNotOk: function() {
+		if (false === this.aFlags.bUnsafeInlineScriptOk || false === this.aFlags.bUnsafeEvalScriptOk || false === this.aFlags.bUnsafeInlineStyleOk) {
+			// Hide next button to prevent user from going forward.
+			// Note that we don't remove it completely to be able to by-pass it.
+			$("#btn_next").addClass("hidden");
+		}
+	},
+	/**
+	 * Internal helper to add an error alert in case of failure
+	 * @param {String} sPolicyOption e.g. "unsafe-inline", "unsafe-eval", ...
+	 * @param {String} sResourceType script|style
+	 * @private
+	 */
+	_AddErrorAlert: function(sPolicyOption, sResourceType) {
+		var sFilesType = sResourceType === "script" ? "scripts" : "styles";
+
+		// Add alert in the DOM
+		$("<div class=\"message message-error\"><span class=\"message-title\">Error:</span>Your server Content-Security-Policy header doesn't allow <b>" + sPolicyOption + " " + sFilesType + "</b>. Therefore, the application cannot be installed (<a" +
+			" href=\"https://www.itophub.io/wiki/page?id=" + this._FindItopVersionInURI() + ":install:security#content-security-policy\" target=\"_blank\">see documentation</a>).</div>")
+			.insertAfter(
+				$("#wiz_form h1:first")
+			);
+
+	},
+	/**
+	 * Internal helper to find the iTop version as wiki syntax from the script URI
+	 * @returns {string|string}
+	 * @private
+	 */
+	_FindItopVersionInURI: function() {
+		// First find script tag for the current file
+		var sScriptURI = $('script[src*="setup/csp-detection.js"]').attr("src");
+
+		// Extract parameter value from URI
+		var regex = new RegExp('[\\?&]' + 'itop_version_wiki_syntax' + '=([^&#]*)');
+		var results = regex.exec(sScriptURI);
+		return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' '));
+	}
+};
+
+$(document).ready(function() {
+	SetupCSPDetection.Run();
+});

setup/email.test.php

@@ -38,7 +38,7 @@ $oP = new SetupPage('iTop email test utility');
 
 // Although this page doesn't expose sensitive info, with it we can send multiple emails
 // So we're adding this http header to reduce CSRF exposure...
-$oP->add_xframe_options('DENY');
+$oP->add_http_headers('DENY');
 
 
 /**

setup/modelfactory.class.inc.php

@@ -932,10 +932,12 @@ class ModelFactory
 						$this->aDictKeys[$sLanguageCode][$sCode] = $oXmlEntry;
 					}
 				}
-			}
-			catch (Exception $e)
+            } catch (Exception|Error $e) // Error can occurs on eval() calls
 			{
-				throw new Exception('Failed to load dictionary file "'.$sPHPFile.'", reason: '.$e->getMessage());
+                throw new DictException('Failed to load dictionary file "' . $sPHPFile . '"', [
+                        'exception_class' => get_class($e),
+                        'exception_msg' => $e->getMessage(),
+                ]);
 			}
 
 		}

setup/runtimeenv.class.inc.php

@@ -139,7 +139,7 @@ class RunTimeEnvironment
 	/**
 	 * Analyzes the current installation and the possibilities
 	 *
-	 * @param Config $oConfig Defines the target environment (DB)
+	 * @param null|Config $oConfig Defines the target environment (DB)
 	 * @param mixed $modulesPath Either a single string or an array of absolute paths
 	 * @param bool $bAbortOnMissingDependency ...
 	 * @param array $aModulesToLoad List of modules to search for, defaults to all if omitted
@@ -226,13 +226,15 @@ class RunTimeEnvironment
 
 		try
 		{
-			CMDBSource::InitFromConfig($oConfig);
-			$aSelectInstall = CMDBSource::QueryToArray("SELECT * FROM ".$oConfig->Get('db_subname')."priv_module_install");
+			$aSelectInstall = array();
+			if (! is_null($oConfig)) {
+				CMDBSource::InitFromConfig($oConfig);
+				$aSelectInstall = CMDBSource::QueryToArray("SELECT * FROM ".$oConfig->Get('db_subname')."priv_module_install");
+			}
 		}
 		catch (MySQLException $e)
 		{
 			// No database or erroneous information
-			$aSelectInstall = array();
 		}
 
 		// Build the list of installed module (get the latest installation)
@@ -1080,12 +1082,13 @@ class RunTimeEnvironment
 		}
 	}
 
-	/**
-	 * Call the given handler method for all selected modules having an installation handler
-	 * @param array[] $aAvailableModules
-	 * @param string[] $aSelectedModules
-	 * @param string $sHandlerName
-	 */
+    /**
+     * Call the given handler method for all selected modules having an installation handler
+     * @param array[] $aAvailableModules
+     * @param string[] $aSelectedModules
+     * @param string $sHandlerName
+     * @throws CoreException
+     */
 	public function CallInstallerHandlers($aAvailableModules, $aSelectedModules, $sHandlerName)
 	{
 	    foreach($aAvailableModules as $sModuleId => $aModule)
@@ -1098,8 +1101,20 @@ class RunTimeEnvironment
 	            $aCallSpec = array($sModuleInstallerClass, $sHandlerName);
 	            if (is_callable($aCallSpec))
 	            {
-	               call_user_func_array($aCallSpec, array(MetaModel::GetConfig(), $aModule['version_db'], $aModule['version_code']));
-	            }
+                    try {
+                        call_user_func_array($aCallSpec, array(MetaModel::GetConfig(), $aModule['version_db'], $aModule['version_code']));
+                    } catch (Exception $e) {
+                        $sErrorMessage = "Module $sModuleId : error when calling module installer class $sModuleInstallerClass for $sHandlerName handler";
+                        $aExceptionContextData = [
+                                'ModulelId' => $sModuleId,
+                                'ModuleInstallerClass' => $sModuleInstallerClass,
+                                'ModuleInstallerHandler' => $sHandlerName,
+                                'ExceptionClass' => get_class($e),
+                                'ExceptionMessage' => $e->getMessage(),
+                        ];
+                        throw new CoreException($sErrorMessage, $aExceptionContextData, '', $e);
+                    }
+                }
 	        }
 	    }
 	}

setup/setuppage.class.inc.php

@@ -35,6 +35,7 @@ class SetupPage extends NiceWebPage
 		parent::__construct($sTitle);
 		$this->add_linked_script("../js/jquery.blockUI.js");
 		$this->add_linked_script("../setup/setup.js");
+		$this->add_linked_script("../setup/csp-detection.js?itop_version_wiki_syntax=" . utils::GetItopVersionWikiSyntax());
 		$this->add_saas("css/setup.scss");
 	}
 

setup/setuputils.class.inc.php

@@ -897,16 +897,29 @@ class SetupUtils
 		return $f;
 	}
 
+    /**
+     * @param float $fBytes size in raw bytes, for example 162594750464.0
+     * @return string formatted string, for example "161.62 GB"
+     *
+     * @link https://en.wiktionary.org/wiki/byte byte and not Byte
+     * @link https://en.wikipedia.org/wiki/Kilobyte kB and not KB (IEC 80000-13)
+     * @link https://en.wiktionary.org/wiki/petabyte petabyte PB
+     * @link https://en.wiktionary.org/wiki/exabyte exabyte EB
+     */
 	public static function HumanReadableSize($fBytes)
 	{
-		$aSizes = array('bytes', 'Kb', 'Mb', 'Gb', 'Tb', 'Pb', 'Hb');
+		$aSizes = array('bytes', 'kB', 'MB', 'GB', 'TB', 'PB', 'EB');
 		$index = 0;
-		while (($fBytes > 1000) && ($index < count($aSizes)))
-		{
+		while (($fBytes > 1000) && ($index < count($aSizes))) {
 			$index++;
 			$fBytes = $fBytes / 1000;
 		}
 
+		if ($index == 0) {
+			// display int for bytes
+			return sprintf('%d %s', $fBytes, $aSizes[$index]);
+		}
+
 		return sprintf('%.2f %s', $fBytes, $aSizes[$index]);
 	}
 
@@ -1217,6 +1230,12 @@ EOF
 				$aResult['checks'][] = new CheckResult(CheckResult::INFO, "MySQL server's max_connections is set to $iMaxConnections.");
 			}
 
+            $iClusters = $oDBSource->GetClusterNb();
+            if ($iClusters > 0) {
+                SetupLog::Warning('Warning - Using Galera will cause malfunctions and data corruptions. Combodo does not support this type of infrastructure.');
+                $aResult['checks'][] = new CheckResult(CheckResult::WARNING, 'Using Galera will cause malfunctions and data corruptions. Combodo does not support this type of infrastructure.');
+            }
+
 			try {
 				$aResult['databases'] = $oDBSource->ListDB();
 			}

setup/unattended-install/.htaccess

@@ -0,0 +1,13 @@
+# Apache 2.4
+<ifModule mod_authz_core.c>
+Require all denied
+</ifModule>
+
+# Apache 2.2
+<ifModule !mod_authz_core.c>
+deny from all
+Satisfy All
+</ifModule>
+
+# Apache 2.2 and 2.4
+IndexIgnore *

setup/unattended-install/InstallationFileService.php

@@ -0,0 +1,365 @@
+<?php
+
+require_once(APPROOT.'/application/utils.inc.php');
+require_once(APPROOT.'/setup/setuppage.class.inc.php');
+require_once(APPROOT.'/setup/wizardcontroller.class.inc.php');
+require_once(APPROOT.'/setup/wizardsteps.class.inc.php');
+
+if (version_compare(ITOP_DESIGN_LATEST_VERSION, '2.7', '<=')) {
+	require_once(APPROOT.'/core/config.class.inc.php');
+	require_once(APPROOT.'/core/log.class.inc.php');
+	require_once(APPROOT.'/core/kpi.class.inc.php');
+	require_once(APPROOT.'/core/cmdbsource.class.inc.php');
+	require_once(APPROOT.'/application/clipage.class.inc.php');
+}
+
+class InstallationFileService {
+	/** @var \RunTimeEnvironment $oProductionEnv */
+	private $oProductionEnv;
+
+	/** @var \ItopExtensionsMap $oProductionEnv */
+	private $oItopExtensionsMap;
+
+	private $sTargetEnvironment;
+	private $sInstallationPath;
+	private $aSelectedModules;
+	private $aSelectedExtensions;
+	private $aAfterComputationSelectedExtensions;
+	private $aUnSelectedModules;
+	private $aAutoSelectModules;
+	private $bInstallationOptionalChoicesChecked;
+
+	/**
+	 * @param string $sInstallationPath
+	 * @param string $sTargetEnvironment
+	 * @param array $aSelectedExtensions
+	 * @param bool $bInstallationOptionalChoicesChecked : this option is used only when no extensions are selected (ie empty
+	 *     $aSelectedExtensions)
+	 */
+	public function __construct(string $sInstallationPath, string $sTargetEnvironment='production', array $aSelectedExtensions = [], bool $bInstallationOptionalChoicesChecked=true) {
+		$this->sInstallationPath = $sInstallationPath;
+		$this->aSelectedModules = [];
+		$this->aUnSelectedModules = [];
+		$this->sTargetEnvironment = $sTargetEnvironment;
+		$this->aSelectedExtensions = $aSelectedExtensions;
+		$this->aAfterComputationSelectedExtensions = (count($aSelectedExtensions)==0) ? [] : $aSelectedExtensions;
+		$this->bInstallationOptionalChoicesChecked = $bInstallationOptionalChoicesChecked;
+	}
+
+	public function Init(): void {
+		clearstatcache();
+
+		$this->ProcessDefaultModules();
+		$this->ProcessInstallationChoices();
+		$this->ProcessExtensionModulesNotSpecifiedInChoices();
+		$this->ProcessAutoSelectModules();
+	}
+
+	public function GetProductionEnv(): RunTimeEnvironment {
+		if (is_null($this->oProductionEnv)){
+			$this->oProductionEnv = new RunTimeEnvironment();
+		}
+		return $this->oProductionEnv;
+	}
+
+	public function SetProductionEnv(RunTimeEnvironment $oProductionEnv): void {
+		$this->oProductionEnv = $oProductionEnv;
+	}
+
+	public function GetAfterComputationSelectedExtensions(): array {
+		return $this->aAfterComputationSelectedExtensions;
+	}
+
+	public function SetItopExtensionsMap(ItopExtensionsMap $oItopExtensionsMap): void {
+		$this->oItopExtensionsMap = $oItopExtensionsMap;
+	}
+
+	public function GetItopExtensionsMap(): ItopExtensionsMap {
+		if (is_null($this->oItopExtensionsMap)){
+			$this->oItopExtensionsMap = new iTopExtensionsMap($this->sTargetEnvironment, true);
+		}
+		return $this->oItopExtensionsMap;
+	}
+
+	public function GetAutoSelectModules(): array {
+		return $this->aAutoSelectModules;
+	}
+
+	public function GetSelectedModules(): array {
+		return $this->aSelectedModules;
+	}
+
+	public function GetUnSelectedModules(): array {
+		return $this->aUnSelectedModules;
+	}
+
+	public function ProcessInstallationChoices(): void {
+		$oXMLParameters = new XMLParameters($this->sInstallationPath);
+		$aSteps = $oXMLParameters->Get('steps', []);
+		if (! is_array($aSteps)) {
+			return;
+		}
+
+		foreach ($aSteps as $aStepInfo) {
+			$aOptions = $aStepInfo["options"] ?? null;
+			if (! is_null($aOptions) && is_array($aOptions)) {
+				foreach ($aOptions as $aChoiceInfo) {
+					$this->ProcessSelectedChoice($aChoiceInfo, $this->bInstallationOptionalChoicesChecked);
+				}
+			}
+			$aOptions = $aStepInfo["alternatives"] ?? null;
+			if (! is_null($aOptions) && is_array($aOptions)) {
+				foreach ($aOptions as $aChoiceInfo) {
+					$this->ProcessSelectedChoice($aChoiceInfo, false);
+				}
+			}
+		}
+
+		foreach ($this->aSelectedModules as $sModuleId => $sVal){
+			if (array_key_exists($sModuleId, $this->aUnSelectedModules)){
+				unset($this->aUnSelectedModules[$sModuleId]);
+			}
+		}
+	}
+
+	private function ProcessUnSelectedChoice($aChoiceInfo) {
+		if (!is_array($aChoiceInfo)) {
+			return;
+		}
+
+		$aCurrentModules = $aChoiceInfo["modules"] ?? [];
+		foreach ($aCurrentModules as $sModuleId){
+			$this->aUnSelectedModules[$sModuleId] = true;
+		}
+
+		$aAlternatives = $aChoiceInfo["alternatives"] ?? null;
+		if (!is_null($aAlternatives) && is_array($aAlternatives)) {
+			foreach ($aAlternatives as $aSubChoiceInfo) {
+				$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+			}
+		}
+
+		if (array_key_exists('sub_options', $aChoiceInfo)) {
+			if (array_key_exists('options', $aChoiceInfo['sub_options'])) {
+				$aSubOptions = $aChoiceInfo['sub_options']['options'];
+				if (!is_null($aSubOptions) && is_array($aSubOptions)) {
+					foreach ($aSubOptions as $aSubChoiceInfo) {
+						$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+					}
+				}
+			}
+			if (array_key_exists('alternatives', $aChoiceInfo['sub_options'])) {
+				$aSubAlternatives = $aChoiceInfo['sub_options']['alternatives'];
+				if (!is_null($aSubAlternatives) && is_array($aSubAlternatives)) {
+					foreach ($aSubAlternatives as $aSubChoiceInfo) {
+						$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+					}
+				}
+			}
+		}
+	}
+
+	private function ProcessSelectedChoice($aChoiceInfo, bool $bAllChecked) {
+		if (!is_array($aChoiceInfo)) {
+			return;
+		}
+
+		$sDefault = $aChoiceInfo["default"] ?? "false";
+		$sMandatory = $aChoiceInfo["mandatory"] ?? "false";
+
+		$aCurrentModules = $aChoiceInfo["modules"] ?? [];
+		$sExtensionCode = $aChoiceInfo["extension_code"] ?? null;
+		if (0 === count($this->aSelectedExtensions)){
+			$bSelected = $bAllChecked || $sDefault === "true" || $sMandatory === "true";
+			if ($bSelected){
+				$this->aAfterComputationSelectedExtensions[]= $sExtensionCode;
+			}
+		} else {
+			$bSelected = $sMandatory === "true" ||
+				(null !== $sExtensionCode && in_array($sExtensionCode, $this->aSelectedExtensions));
+		}
+
+		foreach ($aCurrentModules as $sModuleId){
+			if ($bSelected) {
+				$this->aSelectedModules[$sModuleId] = true;
+			} else {
+				$this->aUnSelectedModules[$sModuleId] = true;
+			}
+		}
+
+		$aAlternatives = $aChoiceInfo["alternatives"] ?? null;
+		if (!is_null($aAlternatives) && is_array($aAlternatives)) {
+			foreach ($aAlternatives as $aSubChoiceInfo) {
+				if ($bSelected) {
+					$this->ProcessSelectedChoice($aSubChoiceInfo, $bAllChecked);
+				} else {
+					$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+				}
+			}
+		}
+
+		if (array_key_exists('sub_options', $aChoiceInfo)) {
+			if (array_key_exists('options', $aChoiceInfo['sub_options'])) {
+				$aSubOptions = $aChoiceInfo['sub_options']['options'];
+				if (!is_null($aSubOptions) && is_array($aSubOptions)) {
+					foreach ($aSubOptions as $aSubChoiceInfo) {
+						if ($bSelected) {
+							$this->ProcessSelectedChoice($aSubChoiceInfo, $bAllChecked);
+						} else {
+							$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+						}
+					}
+				}
+			}
+			if (array_key_exists('alternatives', $aChoiceInfo['sub_options'])) {
+				$aSubAlternatives = $aChoiceInfo['sub_options']['alternatives'];
+				if (!is_null($aSubAlternatives) && is_array($aSubAlternatives)) {
+					foreach ($aSubAlternatives as $aSubChoiceInfo) {
+						if ($bSelected) {
+							$this->ProcessSelectedChoice($aSubChoiceInfo, false);
+						} else {
+							$this->ProcessUnSelectedChoice($aSubChoiceInfo);
+						}
+					}
+				}
+			}
+		}
+	}
+
+	private function GetExtraDirs() : array {
+		$aSearchDirs = [];
+
+		$aDirs = [
+			'/datamodels/1.x',
+			'/datamodels/2.x',
+			'data/' . $this->sTargetEnvironment . '-modules',
+			'extensions',
+		];
+		foreach ($aDirs as $sRelativeDir){
+			$sDirPath = APPROOT.$sRelativeDir;
+			if (is_dir($sDirPath))
+			{
+				$aSearchDirs[] = $sDirPath;
+			}
+		}
+
+		return $aSearchDirs;
+	}
+
+	public function ProcessDefaultModules() : void {
+		$sProductionModuleDir = APPROOT.'data/' . $this->sTargetEnvironment . '-modules/';
+
+		$aAvailableModules = $this->GetProductionEnv()->AnalyzeInstallation(MetaModel::GetConfig(), $this->GetExtraDirs(), false, null);
+
+		$this->aAutoSelectModules = [];
+		foreach ($aAvailableModules as $sModuleId => $aModule) {
+			if (($sModuleId != ROOT_MODULE)) {
+				if (isset($aModule['auto_select'])) {
+					$this->aAutoSelectModules[$sModuleId] = $aModule;
+					continue;
+				}
+
+				if (($aModule['category'] == 'authentication') || (!$aModule['visible'])) {
+					$this->aSelectedModules[$sModuleId] = true;
+					continue;
+				}
+				$bIsExtra = (array_key_exists('root_dir', $aModule) && (strpos($aModule['root_dir'],
+							$sProductionModuleDir) !== false)); // Some modules (root, datamodel) have no 'root_dir'
+				if ($bIsExtra) {
+					// Modules in data/production-modules/ are considered as mandatory and always installed
+					$this->aSelectedModules[$sModuleId] = true;
+				}
+			}
+		}
+	}
+
+	public function ProcessAutoSelectModules() : void {
+		foreach($this->GetAutoSelectModules() as $sModuleId => $aModule)
+		{
+			try {
+				$bSelected = false;
+				SetupInfo::SetSelectedModules($this->aSelectedModules);
+				eval('$bSelected = ('.$aModule['auto_select'].');');
+				if ($bSelected)
+				{
+					// Modules in data/production-modules/ are considered as mandatory and always installed
+					$this->aSelectedModules[$sModuleId] = true;
+				}
+			}
+			catch (Exception $e) {
+			}
+		}
+	}
+
+	public function CanChooseUnpackageExtension(iTopExtension $oExtension) : bool {
+		if ($oExtension->sSource === iTopExtension::SOURCE_REMOTE){
+			SetupLog::Info("Data Extension can be selected", null, ['extension' => $oExtension->sCode]);
+			return true;
+		}
+
+		$bSelectable = $this->bInstallationOptionalChoicesChecked && ($oExtension->sSource === iTopExtension::SOURCE_MANUAL);
+		if ($bSelectable){
+			SetupLog::Info("Manual Extension can be selected", null, ['extension' => $oExtension->sCode]);
+		} else {
+			SetupLog::Debug("Manual Extension can NOT be selected", null, ['extension' => $oExtension->sCode]);
+		}
+
+		return $bSelectable;
+	}
+
+	public function ProcessExtensionModulesNotSpecifiedInChoices() {
+		/** @var \iTopExtension $oExtension */
+		foreach($this->GetItopExtensionsMap()->GetAllExtensions() as $oExtension) {
+			if (in_array($oExtension->sCode, $this->aAfterComputationSelectedExtensions)){
+				//extension already processed in installation.xml
+				SetupLog::Info("Extension already processed via installation choices", null,
+					[
+						'extension' => $oExtension->sCode,
+					])      ;
+				continue;
+			}
+			if ($this->CanChooseUnpackageExtension($oExtension)){
+				if (($oExtension->bVisible) && (count($oExtension->aMissingDependencies) === 0)) {
+					$aCurrentModules = [];
+					$aUnselectableModules = [];
+					$bIsExtensionSelectable = true;
+					foreach ($oExtension->aModules as $sModuleId) {
+						if (array_key_exists($sModuleId, $this->aSelectedModules)) {
+							//already selected
+							continue;
+						}
+
+						if (array_key_exists($sModuleId, $this->aUnSelectedModules)) {
+							$aUnselectableModules[] = $sModuleId;
+
+							//already unselected
+							$bIsExtensionSelectable = false;
+						} else {
+							$aCurrentModules[$sModuleId] = true;
+						}
+					}
+
+					if ($bIsExtensionSelectable) {
+						SetupLog::Debug("Add modules from unpackaged extension", null,
+							[
+								'extension' => $oExtension->sCode,
+								'source' => $oExtension->sSource,
+								'modules to add' => array_keys($aCurrentModules),
+							]);
+						$this->aSelectedModules = array_merge($this->aSelectedModules, $aCurrentModules);
+						$this->aAfterComputationSelectedExtensions[] = $oExtension->sCode;
+					} else {
+						SetupLog::Warning("Unpackaged extension can not be selected due to modules incompatible with installation choices",
+							null,
+							[
+								'extension' => $oExtension->sCode,
+								'source' => $oExtension->sSource,
+								'modules' => array_keys($aCurrentModules),
+								'unselectable modules' => $aUnselectableModules,
+							]);
+					}
+				}
+			}
+		}
+	}
+}

setup/unattended-install/README.md

@@ -0,0 +1,25 @@
+# Unattended-install
+
+This script allows to install and update iTop via CLI.
+
+For more information, see the official Wiki : [Automated installation [iTop Documentation]](https://www.itophub.io/wiki/page?id=latest:advancedtopics:automatic_install) 
+
+
+#install-itop.sh
+You can install your iTop by only using config-itop.php settings and run either
+
+- a non-ITIL iTop fresh installation (use itil-fresh-install.xml to have ITIL modules instead)
+```
+./install-itop.sh ./xml_setup/fresh-install.xml
+```
+
+- a non-ITIL iTop upgrade (use itil-upgrade.xml to have ITIL modules instead)
+```
+./install-itop.sh ./xml_setup/upgrade.xml
+```
+
+- a specific iTop installation by providing both xml setup file
+in below example file provided is the one generated by iTop during last setup.
+```
+./install-itop.sh ../../log/install-2024-04-03.xml
+```

setup/unattended-install/install-itop.sh

@@ -0,0 +1,50 @@
+#! /bin/bash
+
+CLI_NAME=$(basename $0)
+DIR=$(dirname $0)
+ITOP_DIR="$DIR/../.."
+
+HELP="Syntax: $CLI_NAME XML_SETUP [INSTALLATION_XML]"
+
+function HELP {
+	echo $HELP
+	exit 1
+}
+
+if [ $# -lt 1 ]
+then
+	echo "Missing parameters passed."
+	HELP
+fi
+
+if [ $# -gt 2 ]
+then
+	echo "Too much parameters passed ($#) : $*."
+	HELP
+fi
+
+XML_SETUP=$1
+if [ ! -f $XML_SETUP ]
+then
+  echo "XML_SETUP file ($XML_SETUP) not found."
+	HELP
+fi
+
+if [ $# -eq 2 ]
+then
+	INSTALLATION_XML=$2
+	if [ ! -f $INSTALLATION_XML ]
+	then
+		echo "INSTALLATION_XML file ($INSTALLATION_XML) not found."
+	  HELP
+	fi
+else
+  INSTALLATION_XML="$ITOP_DIR/datamodels/2.x/installation.xml"
+fi
+
+echo "$CLI_NAME: Using XML_SETUP ($XML_SETUP) and INSTALLATION_XML ($INSTALLATION_XML) files during unattended itop installation."
+
+rm -rf $ITOP_DIR/data/.maintenance;
+echo php $DIR/unattended-install.php --use_itop_config --installation_xml="$INSTALLATION_XML" --param-file="$XML_SETUP"
+
+php $DIR/unattended-install.php --use_itop_config --installation_xml="$INSTALLATION_XML" --param-file="$XML_SETUP"

setup/unattended-install/unattended-install.php

@@ -0,0 +1,406 @@
+<?php
+
+require_once(dirname(__FILE__, 3) . '/approot.inc.php');
+require_once(__DIR__ . '/InstallationFileService.php');
+
+function PrintUsageAndExit()
+{
+    echo <<<EOF
+Usage: php unattended-install.php --param-file=<path_to_response_file> [--installation_xml=<path_to_installation_xml>] [--use_itop_config]
+
+Options:
+    --param-file=<path_to_response_file>  Path to the file (XML) to use for the unattended installation. That file (generated by the setup into log directory) must contain the following sections:
+                                            - target_env: the target environment (production, test, dev)
+                                            - database: the database settings (server, user, pwd, name, prefix)
+                                            - selected_modules: the list of modules to install
+    --response_file                         DEPRECATED: use `--param-file` instead
+    --installation_xml=<path_to_installation_xml>  Use an installation.xml file to compute the modules to install depending on the selected extensions listed in the param file
+    --use_itop_config                       Use the iTop configuration file to get the database settings, otherwise use the database settings from the parameters file
+
+Advanced options:
+    --check-consistency=1                   Check the data model consistency after the installation (default: 0)
+    --clean=1                               In case of a first installation, cleanup the environment before proceeding: delete the configuration file, the cache directory, the target directory, the database (default: 0)
+    --install=0                             Set to 0 to perform a dry-run (default: 1)
+EOF;
+    exit(-1);
+}
+/////////////////////////////////////////////////
+
+$sCleanName = strtolower(trim(PHP_SAPI));
+if ($sCleanName !== 'cli')
+{
+	echo "Mode CLI only";
+	exit(-1);
+}
+
+if (in_array('--help', $argv)) {
+    PrintUsageAndExit();
+}
+
+$sParamFile = utils::ReadParam('param-file', null, true /* CLI allowed */, 'raw_data') ?? utils::ReadParam('response_file', null, true /* CLI allowed */, 'raw_data');
+if (is_null($sParamFile)) {
+	echo "Missing mandatory argument `--param-file`.\n";
+    PrintUsageAndExit();
+}
+$bCheckConsistency = (utils::ReadParam('check-consistency', '0', true /* CLI allowed */) == '1');
+
+if (false === file_exists($sParamFile)) {
+	echo "Param file `$sParamFile` doesn't exist! Exiting...\n";
+	exit(-1);
+}
+
+$oParams = new XMLParameters($sParamFile);
+
+$sMode = $oParams->Get('mode');
+
+$sTargetEnvironment = $oParams->Get('target_env', '');
+if ($sTargetEnvironment == '')
+{
+	$sTargetEnvironment = 'production';
+}
+
+$sXmlSetupBaseName = basename($sParamFile);
+$sInstallationXmlPath = utils::ReadParam('installation_xml', null, true /* CLI allowed */, 'raw_data');
+if (! is_null($sInstallationXmlPath) && is_file($sInstallationXmlPath)) {
+	$sInstallationBaseName = basename($sInstallationXmlPath);
+
+	$aSelectedExtensionsFromXmlSetup = $oParams->Get('selected_extensions', []);
+	$bInstallationChoicesProvided = count($aSelectedExtensionsFromXmlSetup) !== 0;
+	if ($bInstallationChoicesProvided) {
+		$sMsg = "Modules to install computed based on $sInstallationBaseName file and installation choices (listed in section `selected_extensions` of $sXmlSetupBaseName file)";
+		echo "$sMsg:\n".implode(',', $aSelectedExtensionsFromXmlSetup)."\n\n";
+		SetupLog::Info($sMsg, null, $aSelectedExtensionsFromXmlSetup);
+	} else {
+		$sMsg = "Modules to install computed based on default installation choices inside $sInstallationBaseName (no choice specified in section `selected_extensions` of $sXmlSetupBaseName file).";
+		echo "$sMsg\n\n";
+		SetupLog::Info($sMsg);
+	}
+
+	$oInstallationFileService = new InstallationFileService($sInstallationXmlPath, $sTargetEnvironment, $aSelectedExtensionsFromXmlSetup);
+	$oInstallationFileService->Init();
+
+	$aComputedExtensions = $oInstallationFileService->GetAfterComputationSelectedExtensions();
+	if (! $bInstallationChoicesProvided) {
+		$sMsg = "Computed installation choices";
+		echo "$sMsg:\n".implode(',', $aComputedExtensions)."\n\n";
+		SetupLog::Info($sMsg, null, $aComputedExtensions);
+		$oParams->Set('selected_extensions', $aComputedExtensions);
+	}
+
+	$aComputedModules = $oInstallationFileService->GetSelectedModules();
+	$aSelectedModules = array_keys($aComputedModules);
+	$oParams->Set('selected_modules', $aSelectedModules);
+
+	$sMsg = "Computed modules to install";
+} else {
+	$aSelectedModules = $oParams->Get('selected_modules', []);
+	$sMsg = "Modules to install listed in $sXmlSetupBaseName (selected_modules section)";
+}
+
+sort($aSelectedModules);
+echo "$sMsg:\n".implode(',', $aSelectedModules)."\n\n";
+SetupLog::Info($sMsg, null, $aSelectedModules);
+
+// Configuration file
+$sConfigFile = APPCONF.$sTargetEnvironment.'/'.ITOP_CONFIG_FILE;
+$bUseItopConfig = in_array('--use_itop_config', $argv);
+if ($bUseItopConfig && file_exists($sConfigFile)){
+	//unattended run based on db settings coming from itop configuration
+	copy($sConfigFile, "$sConfigFile.backup");
+
+	$oConfig = new Config($sConfigFile);
+	$aDBXmlSettings = $oParams->Get('database', array());
+	$aDBXmlSettings ['server'] = $oConfig->Get('db_host');
+	$aDBXmlSettings ['user'] = $oConfig->Get('db_user');
+	$aDBXmlSettings ['pwd'] = $oConfig->Get('db_pwd');
+	$aDBXmlSettings ['name'] = $oConfig->Get('db_name');
+	$aDBXmlSettings ['prefix'] = $oConfig->Get('db_subname');
+	$aDBXmlSettings ['db_tls_enabled'] = $oConfig->Get('db_tls.enabled');
+	//cannot be null or infinite loop triggered!
+	$aDBXmlSettings ['db_tls_ca'] = $oConfig->Get('db_tls.ca') ?? "";
+	$oParams->Set('database', $aDBXmlSettings);
+
+	$aFields = [
+		'url' => 'app_root_url',
+		'source_dir' => 'source_dir',
+		'graphviz_path' => 'graphviz_path',
+	];
+	foreach($aFields as $sSetupField => $sConfField){
+		$oParams->Set($sSetupField, $oConfig->Get($sConfField));
+	}
+
+	$oParams->Set('mysql_bindir', $oConfig->GetModuleSetting('itop-backup', 'mysql_bindir', ""));
+	$oParams->Set('language', $oConfig->GetDefaultLanguage());
+} else {
+	//unattended run based on db settings coming from response_file (XML file)
+	$aDBXmlSettings = $oParams->Get('database', array());
+}
+
+$sDBServer = $aDBXmlSettings['server'];
+$sDBUser = $aDBXmlSettings['user'];
+$sDBPwd = $aDBXmlSettings['pwd'];
+$sDBName = $aDBXmlSettings['name'];
+$sDBPrefix = $aDBXmlSettings['prefix'];
+
+if ($sMode == 'install')
+{
+	echo "Installation mode detected.\n";
+
+	$bClean = utils::ReadParam('clean', false, true /* CLI allowed */);
+	if ($bClean)
+	{
+		echo "Cleanup mode detected.\n";
+
+		if (file_exists($sConfigFile))
+		{
+			echo "Trying to delete the configuration file: '$sConfigFile'.\n";
+			@chmod($sConfigFile, 0770); // RWX for owner and group, nothing for others
+			unlink($sConfigFile);
+		}
+		else
+		{
+			echo "No config file to delete ($sConfigFile does not exist).\n";
+		}
+
+		// Starting with iTop 2.7.0, a failed setup leaves some lock files, let's remove them
+		$aLockFiles = array(
+			'data/.readonly' => 'read-only lock file',
+			'data/.maintenance' => 'maintenance mode lock file',
+		);
+		foreach($aLockFiles as $sFile => $sDescription)
+		{
+	 		$sLockFile = APPROOT.$sFile;
+			if (file_exists($sLockFile))
+			{
+				echo "Trying to delete the $sDescription: '$sLockFile'.\n";
+				unlink($sLockFile);
+			}
+		}
+
+		// Starting with iTop 2.6.0, let's remove the cache directory as well
+		// Can cause some strange issues in the setup (apparently due to the Dict class being automatically loaded ??)
+		$sCacheDir = APPROOT.'data/cache-'.$sTargetEnvironment;
+		if (file_exists($sCacheDir))
+		{
+			if (is_dir($sCacheDir))
+			{
+			 	echo "Emptying the cache directory '$sCacheDir'.\n";
+			 	SetupUtils::tidydir($sCacheDir);
+			}
+			else
+			{
+				die("ERROR the cache directory '$sCacheDir' exists, but is NOT a directory !!!\nExiting.\n");
+			}
+		}
+
+		// env-xxx directory
+		$sTargetDir = APPROOT.'env-'.$sTargetEnvironment;
+		if (file_exists($sTargetDir))
+		{
+			if (is_dir($sTargetDir))
+			{
+			 	echo "Emptying the target directory '$sTargetDir'.\n";
+			 	SetupUtils::tidydir($sTargetDir);
+			}
+			else
+			{
+				die("ERROR the target dir '$sTargetDir' exists, but is NOT a directory !!!\nExiting.\n");
+			}
+		}
+		else
+		{
+			echo "No target directory to delete ($sTargetDir does not exist).\n";
+		}
+
+		if ($sDBPrefix != '')
+		{
+			die("Cleanup not implemented for a partial database (prefix= '$sDBPrefix')\nExiting.");
+		}
+
+		$oMysqli = new mysqli($sDBServer, $sDBUser, $sDBPwd);
+		if ($oMysqli->connect_errno)
+		{
+		    die("Cannot connect to the MySQL server (".$oMysqli->connect_errno . ") ".$oMysqli->connect_error."\nExiting");
+		}
+		else
+		{
+			if ($oMysqli->select_db($sDBName))
+			{
+				echo "Deleting database '$sDBName'\n";
+				$oMysqli->query("DROP DATABASE `$sDBName`");
+			}
+			else
+			{
+				echo "The database '$sDBName' does not seem to exist. Nothing to cleanup.\n";
+			}
+		}
+	}
+}
+else
+{
+	//use settings from itop conf
+	$sTargetEnvironment = $oParams->Get('target_env', '');
+	if ($sTargetEnvironment == '')
+	{
+		$sTargetEnvironment = 'production';
+	}
+	$sTargetDir = APPROOT.'env-'.$sTargetEnvironment;
+}
+
+$bHasErrors = false;
+$aChecks = SetupUtils::CheckBackupPrerequisites(APPROOT.'data'); // mmm should be the backup destination dir
+
+$aSelectedModules = $oParams->Get('selected_modules');
+$sSourceDir = $oParams->Get('source_dir', 'datamodels/latest');
+$sExtensionDir = $oParams->Get('extensions_dir', 'extensions');
+$aChecks = array_merge($aChecks, SetupUtils::CheckSelectedModules($sSourceDir, $sExtensionDir, $aSelectedModules));
+
+foreach($aChecks as $oCheckResult)
+{
+	switch ($oCheckResult->iSeverity)
+	{
+		case CheckResult::ERROR:
+			$bHasErrors = true;
+			$sHeader = "Error";
+			break;
+
+		case CheckResult::WARNING:
+			$sHeader = "Warning";
+			break;
+
+		case 3: // CheckResult::TRACE added in iTop 3.0.0
+			// does nothing : those are old debug traces, see N°2214
+			$sHeader = 'Trace';
+			break;
+
+		case CheckResult::INFO:
+		default:
+			$sHeader = "Info";
+			break;
+	}
+	echo $sHeader.": ".$oCheckResult->sLabel;
+	if (strlen($oCheckResult->sDescription))
+	{
+		echo ' - '.$oCheckResult->sDescription;
+	}
+	echo "\n";
+}
+
+if ($bHasErrors)
+{
+	echo "Encountered stopper issues. Aborting...\n";
+	$sLogMsg = "Encountered stopper issues. Aborting...";
+	echo "$sLogMsg\n";
+	SetupLog::Error($sLogMsg);
+	exit(-1);
+}
+
+$bFoundIssues = false;
+
+$bInstall = utils::ReadParam('install', true, true /* CLI allowed */);
+if ($bInstall)
+{
+	echo "Starting the unattended installation...\n";
+	$oWizard = new ApplicationInstaller($oParams);
+	$bRes = $oWizard->ExecuteAllSteps();
+	if (!$bRes)
+	{
+		echo "\nencountered installation issues!";
+		$bFoundIssues = true;
+	}
+	else
+	{
+		$oMysqli = new mysqli($sDBServer, $sDBUser, $sDBPwd);
+		if (!$oMysqli->connect_errno)
+		{
+			if ($oMysqli->select_db($sDBName))
+			{
+				// Check the presence of a table to record information about the MTP (from the Designer)
+				$sDesignerUpdatesTable = $sDBPrefix.'priv_designer_update';
+				$sSQL = "SELECT id FROM `$sDesignerUpdatesTable`";
+				if ($oMysqli->query($sSQL) !== false)
+				{
+					// Record the Designer Udpates in the priv_designer_update table
+					$sDeltaFile = APPROOT.'data/'.$sTargetEnvironment.'.delta.xml';
+					if (is_readable($sDeltaFile))
+					{
+						// Retrieve the revision
+						$oDoc = new DOMDocument();
+						$oDoc->load($sDeltaFile);
+						$iRevision = 0;
+						$iRevision = $oDoc->firstChild->getAttribute('revision_id');
+						if ($iRevision > 0) // Safety net, just in case...
+						{
+							$sDate = date('Y-m-d H:i:s');
+							$sSQL = "INSERT INTO `$sDesignerUpdatesTable` (revision_id, compilation_date, comment) VALUES ($iRevision, '$sDate', 'Deployed using unattended.php.')";
+							if ($oMysqli->query($sSQL) !== false)
+							{
+								echo "\nDesigner update (MTP at revision $iRevision) successfully recorded.\n";
+							}
+							else
+							{
+								echo "\nFailed to record designer updates(".$oMysqli->error.").\n";
+							}
+						}
+						else
+						{
+							echo "\nFailed to read the revision from $sDeltaFile file. No designer update information will be recorded.\n";
+
+						}
+					}
+					else
+					{
+						echo "\nNo $sDeltaFile file (or the file is not accessible). No designer update information to record.\n";
+					}
+				}
+			}
+		}
+	}
+}
+else
+{
+	echo "No installation requested.\n";
+}
+if (!$bFoundIssues && $bCheckConsistency)
+{
+	echo "Checking data model consistency.\n";
+	ob_start();
+	$sCheckRes = '';
+	try
+	{
+		MetaModel::CheckDefinitions(false);
+		$sCheckRes = ob_get_clean();
+	}
+	catch(Exception $e)
+	{
+		$sCheckRes = ob_get_clean()."\nException: ".$e->getMessage();
+	}
+	if (strlen($sCheckRes) > 0)
+	{
+		echo $sCheckRes;
+		echo "\nfound consistency issues!";
+		$bFoundIssues = true;
+	}
+}
+
+if (! $bFoundIssues)
+{
+	// last line: used to check the install
+	// the only way to track issues in case of Fatal error or even parsing error!
+	$sLogMsg = "installed!";
+
+	if ($bUseItopConfig && is_file("$sConfigFile.backup"))
+	{
+		echo "\nuse config file provided by backup in $sConfigFile.";
+		copy("$sConfigFile.backup", $sConfigFile);
+	}
+
+	SetupLog::Info($sLogMsg);
+	echo "\n$sLogMsg";
+	exit(0);
+}
+
+$sLogMsg = "installation failed!";
+SetupLog::Error($sLogMsg);
+echo "\n$sLogMsg\n";
+exit(-1);

setup/unattended-install/web.config

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <system.webServer>
+    <security>
+      <requestFiltering>
+         <fileExtensions applyToWebDAV="false" allowUnlisted="false"></fileExtensions>
+      </requestFiltering>
+      <authorization>
+        <deny users="*" /> <!-- Denies all users -->
+      </authorization>
+    </security>
+  </system.webServer>
+</configuration>

setup/unattended-install/xml_setup/fresh-install.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installation>
+  <mode>install</mode>
+  <preinstall>
+  </preinstall>
+  <source_dir>datamodels/2.x/</source_dir>
+  <datamodel_version>2.7.0</datamodel_version>
+  <previous_configuration_file>/var/www/html/iTop/conf/production/config-itop.php</previous_configuration_file>
+  <extensions_dir>extensions</extensions_dir>
+  <target_env>production</target_env>
+  <workspace_dir></workspace_dir>
+  <database>
+    <server></server>
+    <user></user>
+    <pwd></pwd>
+    <name></name>
+    <db_tls_enabled></db_tls_enabled>
+    <db_tls_ca></db_tls_ca>
+    <prefix></prefix>
+  </database>
+  <url></url>
+  <graphviz_path>/usr/bin/dot</graphviz_path>
+  <admin_account>
+    <user></user>
+    <pwd></pwd>
+    <language></language>
+  </admin_account>
+  <language></language>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+  <sample_data>1</sample_data>
+  <old_addon></old_addon>
+  <options type="array"/>
+  <mysql_bindir></mysql_bindir>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+</installation>

setup/unattended-install/xml_setup/itil-fresh-install.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installation>
+  <mode>install</mode>
+  <preinstall>
+  </preinstall>
+  <source_dir>datamodels/2.x/</source_dir>
+  <datamodel_version>2.7.0</datamodel_version>
+  <previous_configuration_file>/var/www/html/iTop/conf/production/config-itop.php</previous_configuration_file>
+  <extensions_dir>extensions</extensions_dir>
+  <target_env>production</target_env>
+  <workspace_dir></workspace_dir>
+  <database>
+    <server></server>
+    <user></user>
+    <pwd></pwd>
+    <name></name>
+    <db_tls_enabled></db_tls_enabled>
+    <db_tls_ca></db_tls_ca>
+    <prefix></prefix>
+  </database>
+  <url></url>
+  <graphviz_path>/usr/bin/dot</graphviz_path>
+  <admin_account>
+    <user></user>
+    <pwd></pwd>
+    <language></language>
+  </admin_account>
+  <language></language>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+  <sample_data>1</sample_data>
+  <old_addon></old_addon>
+  <options type="array"/>
+  <mysql_bindir></mysql_bindir>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+    <item>itop-config-mgmt-datacenter</item>
+    <item>itop-config-mgmt-end-user</item>
+    <item>itop-config-mgmt-storage</item>
+    <item>itop-config-mgmt-virtualization</item>
+    <item>itop-service-mgmt-enterprise</item>
+    <item>itop-ticket-mgmt-itil</item>
+    <item>itop-ticket-mgmt-itil-user-request</item>
+    <item>itop-ticket-mgmt-itil-incident</item>
+    <item>itop-ticket-mgmt-itil-enhanced-portal</item>
+    <item>itop-change-mgmt-itil</item>
+    <item>itop-config-mgmt-core</item>
+    <item>itop-kown-error-mgmt</item>
+  </selected_extensions>
+</installation>

setup/unattended-install/xml_setup/itil-upgrade.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installation>
+  <mode>upgrade</mode>
+  <preinstall>
+  </preinstall>
+  <source_dir>datamodels/2.x/</source_dir>
+  <datamodel_version>2.7.0</datamodel_version>
+  <previous_configuration_file>/var/www/html/iTop/conf/production/config-itop.php</previous_configuration_file>
+  <extensions_dir>extensions</extensions_dir>
+  <target_env>production</target_env>
+  <workspace_dir></workspace_dir>
+  <database>
+    <server></server>
+    <user></user>
+    <pwd></pwd>
+    <name></name>
+    <db_tls_enabled></db_tls_enabled>
+    <db_tls_ca></db_tls_ca>
+    <prefix></prefix>
+  </database>
+  <url></url>
+  <graphviz_path>/usr/bin/dot</graphviz_path>
+  <admin_account>
+    <user></user>
+    <pwd></pwd>
+    <language></language>
+  </admin_account>
+  <language></language>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+  <sample_data>1</sample_data>
+  <old_addon></old_addon>
+  <options type="array"/>
+  <mysql_bindir></mysql_bindir>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+    <item>itop-config-mgmt-datacenter</item>
+    <item>itop-config-mgmt-end-user</item>
+    <item>itop-config-mgmt-storage</item>
+    <item>itop-config-mgmt-virtualization</item>
+    <item>itop-service-mgmt-enterprise</item>
+    <item>itop-ticket-mgmt-itil</item>
+    <item>itop-ticket-mgmt-itil-user-request</item>
+    <item>itop-ticket-mgmt-itil-incident</item>
+    <item>itop-ticket-mgmt-itil-enhanced-portal</item>
+    <item>itop-change-mgmt-itil</item>
+    <item>itop-config-mgmt-core</item>
+    <item>itop-kown-error-mgmt</item>
+  </selected_extensions>
+</installation>

setup/unattended-install/xml_setup/upgrade.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<installation>
+  <mode>upgrade</mode>
+  <preinstall>
+  </preinstall>
+  <source_dir>datamodels/2.x/</source_dir>
+  <datamodel_version>2.7.0</datamodel_version>
+  <previous_configuration_file>/var/www/html/iTop/conf/production/config-itop.php</previous_configuration_file>
+  <extensions_dir>extensions</extensions_dir>
+  <target_env>production</target_env>
+  <workspace_dir></workspace_dir>
+  <database>
+    <server></server>
+    <user></user>
+    <pwd></pwd>
+    <name></name>
+    <db_tls_enabled></db_tls_enabled>
+    <db_tls_ca></db_tls_ca>
+    <prefix></prefix>
+  </database>
+  <url></url>
+  <graphviz_path>/usr/bin/dot</graphviz_path>
+  <admin_account>
+    <user></user>
+    <pwd></pwd>
+    <language></language>
+  </admin_account>
+  <language></language>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+  <sample_data>1</sample_data>
+  <old_addon></old_addon>
+  <options type="array"/>
+  <mysql_bindir></mysql_bindir>
+  <selected_modules type="array">
+  </selected_modules>
+  <selected_extensions type="array">
+  </selected_extensions>
+</installation>

setup/wizardsteps.class.inc.php

@@ -2607,6 +2607,11 @@ class WizStepDone extends WizardStep
 		$oProductionEnv->InitDataModel($oConfig, true);
 		$sIframeUrl = $oConfig->GetModuleSetting('itop-hub-connector', 'setup_url', '');
 
+        $sSetupTokenFile = APPROOT.'data/.setup';
+        $sSetupToken = bin2hex(random_bytes(12));
+        file_put_contents($sSetupTokenFile, $sSetupToken);
+        $sIframeUrl.= "&setup_token=$sSetupToken";
+
 		if ($sIframeUrl != '')
 		{
 			$oPage->add('<iframe id="fresh_content" style="border:0; width:100%; display:none;" src="'.$sIframeUrl.'"></iframe>');

sources/Core/Authentication/Client/OAuth/OAuthClientProviderAzure.php

@@ -20,6 +20,7 @@ class OAuthClientProviderAzure extends OAuthClientProviderAbstract
 			'clientId'               => $oOAuthClient->Get('client_id'),
 			'clientSecret'           => $oOAuthClient->Get('client_secret'),
 			'redirectUri'            => $oOAuthClient->Get('redirect_url'),
+            'tenant'                 => $oOAuthClient->Get('tenant'),
 		];
 
 		$this->oVendorProvider = new Azure($aOptions, $collaborators);

sources/application/TwigBase/Controller/Controller.php

@@ -576,7 +576,7 @@ abstract class Controller
 		{
 			case 'html':
 				$this->m_oPage = new iTopWebPage($this->GetOperationTitle());
-				$this->m_oPage->add_xframe_options();
+				$this->m_oPage->add_http_headers();
 
 				if ($this->m_bIsBreadCrumbEnabled) {
 					if (count($this->m_aBreadCrumbEntry) > 0) {

sources/form/formmanager.class.inc.php

@@ -21,6 +21,7 @@
 namespace Combodo\iTop\Form;
 
 use Combodo\iTop\Renderer\FormRenderer;
+use CoreException;
 
 /**
  * Description of formmanager
@@ -59,6 +60,12 @@ abstract class FormManager
 		$oFormManager = new static();
 
 		$sFormRendererClass = $aJson['formrenderer_class'];
+        // N°7455 - Ensure form renderer class extends FormRenderer
+        if (false === is_a($sFormRendererClass, FormRenderer::class, true))
+        {
+            throw new CoreException('Form renderer class must extend '.FormRenderer::class);
+        }
+
 		/** @var \Combodo\iTop\Renderer\FormRenderer $oFormRenderer */
 		$oFormRenderer = new $sFormRendererClass();
 		$oFormRenderer->SetEndpoint($aJson['formrenderer_endpoint']);

synchro/synchrodatasource.class.inc.php

@@ -2077,7 +2077,7 @@ class SynchroReplica extends DBObject implements iDisplay
 			'class_category' => '',
 			'more_values' => '',
 			'sql' => 'dest_class',
-			'default_value' => 'Organization',
+            'default_value' => '',
 			'is_null_allowed' => true,
 			'depends_on' => array(),
 		)));

templates/login/password/resetpwddone.html.twig

@@ -7,7 +7,7 @@
 	<div id="login-content">
 		<h1>{{ 'UI:ResetPwd-Title'|dict_s }}</h1>
 		{% if bNoUser %}
-			<p>{{ 'UI:ResetPwd-Error-WrongLogin'|dict_format(sAuthUser) }}</p>
+			<p>{{ 'UI:ResetPwd-EmailSent'|dict_s }}</p>
 		{% elseif bBadToken %}
 			<p>{{ 'UI:ResetPwd-Error-InvalidToken'|dict_s }}</p>
 		{% else %}