cache returned objects for next round + add jeffrey test

ci: code style only
ci: fix by create 10 URs in CI env
2026-04-21 17:48:43 +02:00 · 2025-12-31 07:59:21 +01:00 · 2025-12-30 12:42:26 +01:00 · 2025-12-30 12:27:36 +01:00 · 2025-12-30 12:05:32 +01:00 · 2025-12-24 10:43:40 +01:00
1761 changed files with 9456 additions and 144935 deletions
--- a/.doc/developers.md
+++ b/.doc/developers.md
@@ -1,9 +0,0 @@
 # Developers
 ## PHP Code Styles
 We use `PHP CS Fixer` to ensure code formating consistency across PHP codebase.
 You can find the configuration and instructions to run it [here](../tests/php-code-style/README.md).
 ## PHP Static Analysis
 We use `PHPStan` to ensure code quality and to detect potential bugs in our PHP codebase.
 You can find the configuration and instructions to run it [here](../tests/php-static-analysis/README.md).
--- a/.github/workflows/action.yml
+++ b/.github/workflows/action.yml
@@ -26,23 +26,13 @@ jobs:
          fi
-      - name: Add internal tag if member of the organization
+      - name: Add internal tag if member
        if: env.is_member == 'true'
        run: |
          curl -X POST -H "Authorization: token ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}" \
            -H "Accept: application/vnd.github.v3+json" \
            https://api.github.com/repos/Combodo/iTop/issues/${{ github.event.pull_request.number }}/labels \
            -d '{"labels":["internal"]}'
      - name: Set PR author as assignee if member of the organization
        if: env.is_member == 'true'
        run: |
          curl -L \
            -X POST \
            -H "Accept: application/vnd.github+json" \
            -H "Authorization: Bearer ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}" \
            https://api.github.com/repos/Combodo/iTop/issues/${{ github.event.pull_request.number }}/assignees \
            -d '{"assignees":["${{ github.event.pull_request.user.login }}"]}'
        env:
          is_member: ${{ env.is_member }}
--- a/.gitignore
+++ b/.gitignore
@@ -58,9 +58,6 @@ tests/*/vendor/*
 /tests/php-unit-tests/phpunit.xml
 /tests/php-unit-tests/postbuild_integration.xml
 # PHP CS Fixer: Cache file
 /.php-cs-fixer.cache
 # Jetbrains
 /.idea/**
--- a/.phpstorm.meta.php
+++ b/.phpstorm.meta.php
@@ -1,16 +0,0 @@
 <?php
 /*
 * @copyright   Copyright (C) 2010-2025 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 namespace PHPSTORM_META
 {
 	override(\MetaModel::NewObject(0), map([
 		'' => '@',
 	]));
 	override(\MetaModel::GetObject(0), map([
 		'' => '@',
 	]));
 }
--- a/README.md
+++ b/README.md
@@ -73,9 +73,6 @@ iTop development is sponsored, led, and supported by [Combodo][0].
 [0]: https://www.combodo.com
 ## Developers
 You can find information and instructions about our quality tools and how to run them [here](.doc/developers.md).
 ## Contributors
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -819,7 +819,6 @@ HTML
 				foreach ($aNotificationClasses as $sNotifClass) {
 					$aNotifSearches[$sNotifClass] = DBObjectSearch::FromOQL("SELECT $sNotifClass AS Ev WHERE Ev.object_id = :id AND Ev.object_class = :class");
 					$aNotifSearches[$sNotifClass]->SetInternalParams($aParams);
 					$aNotifSearches[$sNotifClass]->AllowAllData();
 					$oNotifSet = new DBObjectSet($aNotifSearches[$sNotifClass], []);
 					$iNotifsCount += $oNotifSet->Count();
 				}
@@ -833,7 +832,6 @@ HTML
 						'menu' => false,
 						'panel_title' => MetaModel::GetName($sNotifClass),
 						'panel_icon' => MetaModel::GetClassIcon($sNotifClass, false),
 						'display_unauthorized_objects' => true,
 					]);
 				}
 			}
@@ -5634,7 +5632,7 @@ JS
 	 * @return void
 	 * @since 3.1.0
 	 */
-	final public function AddAttributeFlags(string $sAttCode, int $iFlags, string $sTargetState = '', ?string $sReason = null): void
+	final public function AddAttributeFlags(string $sAttCode, int $iFlags, string $sTargetState = '', string $sReason = null): void
 	{
 		if (!isset($this->aAttributesFlags[$sTargetState])) {
 			$this->aAttributesFlags[$sTargetState] = [];
@@ -5657,7 +5655,7 @@ JS
 	 * @return void
 	 * @since 3.1.0
 	 */
-	final public function ForceAttributeFlags(string $sAttCode, int $iFlags, string $sTargetState = '', ?string $sReason = null): void
+	final public function ForceAttributeFlags(string $sAttCode, int $iFlags, string $sTargetState = '', string $sReason = null): void
 	{
 		if (!isset($this->aAttributesFlags[$sTargetState])) {
 			$this->aAttributesFlags[$sTargetState] = [];
@@ -5698,7 +5696,7 @@ JS
 	 * @return void
 	 * @since 3.1.0
 	 */
-	final public function AddInitialAttributeFlags(string $sAttCode, int $iFlags, ?string $sReason = null)
+	final public function AddInitialAttributeFlags(string $sAttCode, int $iFlags, string $sReason = null)
 	{
 		if (!isset($this->aInitialAttributesFlags)) {
 			$this->aInitialAttributesFlags = [];
@@ -5720,7 +5718,7 @@ JS
 	 * @return void
 	 * @since 3.1.0
 	 */
-	final public function ForceInitialAttributeFlags(string $sAttCode, int $iFlags, ?string $sReason = null)
+	final public function ForceInitialAttributeFlags(string $sAttCode, int $iFlags, string $sReason = null)
 	{
 		if (!isset($this->aInitialAttributesFlags)) {
 			$this->aInitialAttributesFlags = [];
--- a/application/dashboard.class.inc.php
+++ b/application/dashboard.class.inc.php
@@ -1029,7 +1029,7 @@ EOF
 			    var dashboard = $('.ibo-dashboard#$sDivId')
 				dashboard.block();
 				$.post(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php',
-				   { operation: 'toggle_dashboard', dashboard_id: '$sId', file: '$sFile', extra_params: $sExtraParams, reload_url: $sReloadURL },
+				   { operation: 'toggle_dashboard', dashboard_id: '$sId', file: '$sFile', extra_params: $sExtraParams, reload_url: '$sReloadURL' },
 				   function(data) {
 					 dashboard.html(data);
 					 dashboard.unblock();
--- a/application/datamodel.application.xml
+++ b/application/datamodel.application.xml
@@ -1,12 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.3">
             xsi:noNamespaceSchemaLocation="https://www.combodo.com/itop-schema/3.3"
             version="3.3">
  <classes>
    <class id="AbstractResource" _delta="define">
      <parent>cmdbAbstractObject</parent>
      <properties>
-        <comment>/* Resource access control abstraction. Can be herited by abstract resource access control classes. Generally controlled using UR_ACTION_MODIFY access right. */</comment>
+        <comment>/* Resource access control abstraction. Can be herited by abstract resource access control classes. Generaly controlled using UR_ACTION_MODIFY access right. */</comment>
        <abstract>true</abstract>
      </properties>
      <presentation/>
@@ -851,168 +849,5 @@ Call $this->AddInitialAttributeFlags($sAttCode, $iFlags) for all the initial att
        </methods>
      </class>
    </classes>
    <property_types _delta="define">
      <property_type id="Dashlet" xsi:type="Combodo-AbstractPropertyType"/>
      <property_type id="DashletGroupBy" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <label>UI:DashletGroupBy:Title</label>
          <nodes>
            <node id="title" xsi:type="Combodo-ValueType-Label">
              <label>UI:DashletGroupBy:Prop-Title</label>
            </node>
            <node id="query" xsi:type="Combodo-ValueType-OQL">
              <label>UI:DashletGroupBy:Prop-Query</label>
            </node>
            <node id="group_by" xsi:type="Combodo-ValueType-ClassAttributeGroupBy">
              <label>UI:DashletGroupBy:Prop-GroupBy</label>
              <class>{{query.selected_class}}</class>
            </node>
            <node id="style" xsi:type="Combodo-ValueType-Choice"> <!-- Possible de le cacher, etc celui-ci nous met dedans -->
              <label>UI:DashletGroupBy:Prop-Style</label>
              <values>
                <value id="bars">
                  <label>UI:DashletGroupByBars:Label</label>
                </value>
                <value id="pie">
                  <label>UI:DashletGroupByPie:Label</label>
                </value>
                <value id="table">
                  <label>UI:DashletGroupByTable:Label</label>
                </value>
              </values>
            </node>
            <node id="aggregation_function" xsi:type="Combodo-ValueType-AggregateFunction">
              <label>UI:DashletGroupBy:Prop-Function</label>
              <class>{{query.selected_class}}</class> <!-- pour savoir si il y a des attributs additionnables -->
            </node>
            <node id="aggregation_attribute" xsi:type="Combodo-ValueType-ClassAttribute">
              <label>UI:DashletGroupBy:Prop-FunctionAttribute</label>
              <relevance-condition>{{aggregation_function.value != 'count'}}</relevance-condition>
              <class>{{query.selected_class}}</class>
              <category>numeric</category>
            </node>
            <node id="order_by" xsi:type="Combodo-ValueType-ChoiceFromInput">
              <label>UI:DashletGroupBy:Prop-OrderField</label>
              <values>
                <value id="attribute">
                  <label>{{aggregation_attribute.label}}</label>
                </value>
                <value id="function">
                  <label>{{aggregation_function.label}}</label>
                </value>
              </values>
            </node>
            <node id="limit" xsi:type="Combodo-ValueType-Integer">
              <label>UI:DashletGroupBy:Prop-Limit</label>
              <relevance-condition>{{order_by.value = 'function'}}</relevance-condition>
            </node>
            <node id="order_direction" xsi:type="Combodo-ValueType-Choice">
              <label>UI:DashletGroupBy:Prop-OrderDirection</label>
              <values>
                <value id="asc">
                  <label>UI:DashletGroupBy:Order:asc</label>
                </value>
                <value id="desc">
                  <label>UI:DashletGroupBy:Order:desc</label>
                </value>
              </values>
            </node>
          </nodes>
        </definition>
      </property_type>
      <property_type id="DashletBadge" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <nodes>
            <node id="class" xsi:type="Combodo-ValueType-Class">
              <label>UI:DashletBadge:Prop-Class</label>
              <categories-csv>bizmodel</categories-csv>
            </node>
          </nodes>
        </definition>
      </property_type>
      <property_type id="DashletHeaderDynamic" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <label>UI:DashletHeaderDynamic:Title</label>
          <nodes>
            <node id="title" xsi:type="Combodo-ValueType-Label">
              <label>UI:DashletHeaderDynamic:Prop-Title</label>
            </node>
            <node id="icon" xsi:type="Combodo-ValueType-Icon">
              <label>UI:DashletHeaderDynamic:Prop-Icon</label>
            </node>
            <node id="subtitle" xsi:type="Combodo-ValueType-Label">
              <label>UI:DashletHeaderDynamic:Prop-Subtitle</label>
            </node>
            <node id="query" xsi:type="Combodo-ValueType-OQL">
              <label>UI:DashletHeaderDynamic:Prop-Query</label>
            </node>
            <node id="group_by" xsi:type="Combodo-ValueType-ClassAttribute">
              <label>UI:DashletHeaderDynamic:Prop-GroupBy</label>
              <class>{{query.selected_class}}</class>
              <category>enum</category>
            </node>
            <node id="values" xsi:type="Combodo-ValueType-CollectionOfValues">
              <label>UI:DashletHeaderDynamic:Prop-Values</label>
              <xml-format xsi:type="Combodo-XMLFormat-CSV"/>
              <value-type xsi:type="Combodo-ValueType-ClassAttributeValue">
                <class>{{query.selected_class}}</class>
                <attribute>{{group_by.attribute}}</attribute>
              </value-type>
            </node>
          </nodes>
        </definition>
      </property_type>
      <property_type id="DashletHeaderStatic" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <nodes>
            <node id="title" xsi:type="Combodo-ValueType-Label">
              <label>UI:DashletHeaderStatic:Prop-Title</label>
            </node>
            <node id="icon" xsi:type="Combodo-ValueType-Icon">
              <label>UI:DashletHeaderStatic:Prop-Icon</label>
            </node>
          </nodes>
        </definition>
      </property_type>
      <property_type id="DashletObjectList" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <nodes>
            <node id="title" xsi:type="Combodo-ValueType-Label">
              <label>UI:DashletObjectList:Prop-Title</label>
            </node>
            <node id="query" xsi:type="Combodo-ValueType-OQL">
              <label>UI:DashletObjectList:Prop-Query</label>
            </node>
            <node id="menu" xsi:type="Combodo-ValueType-Boolean">
              <label>UI:DashletObjectList:Prop-Menu</label>
              <on>
                <!-- not so cute, but matches exactly 3.2 implementation of boolean fields -->
                <label>UI:UserManagement:ActionAllowed:Yes</label>
                <value>true</value>
              </on>
              <off>
                <label>UI:UserManagement:ActionAllowed:No</label>
                <value>false</value>
              </off>
            </node>
          </nodes>
        </definition>
      </property_type>
      <property_type id="DashletPlainText" xsi:type="Combodo-PropertyType">
        <extends>Dashlet</extends>
        <definition xsi:type="Combodo-ValueType-PropertyTree">
          <nodes>
            <node id="text" xsi:type="Combodo-ValueType-Text">
              <label>UI:DashletPlainText:Prop-Text</label>
            </node>
          </nodes>
        </definition>
      </property_type>
    </property_types>
  </meta>
 </itop_design>
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -726,10 +726,6 @@ class DisplayBlock
 				}
 			}
 			if (!$this->m_oFilter->IsAllDataAllowed() && ($aExtraParams['display_unauthorized_objects'] ?? false) === true) {
 				$this->m_oFilter->AllowAllData();
 			}
 			$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
 			$this->m_oSet = new CMDBObjectSet($this->m_oFilter, $aOrderBy, $aQueryParams);
 		}
@@ -1383,10 +1379,7 @@ JS
 		// Check the classes that can be read (i.e authorized) by this user...
 		foreach ($aClasses as $sAlias => $sClassName) {
-			if (
+			if (UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) != UR_ALLOWED_NO) {
 				(UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) !== UR_ALLOWED_NO)
 				|| ($aExtraParams['display_unauthorized_objects'] ?? false) === true
 			) {
 				$aAuthorizedClasses[$sAlias] = $sClassName;
 			}
 		}
--- a/application/exceptions/ForgotPasswordApplicationException.php
+++ b/application/exceptions/ForgotPasswordApplicationException.php
@@ -1,10 +0,0 @@
 <?php
 /**
 * @copyright   Copyright (C) 2010-2026 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 class ForgotPasswordApplicationException extends Exception
 {
 }
--- a/application/exceptions/ForgotPasswordUserInputException.php
+++ b/application/exceptions/ForgotPasswordUserInputException.php
@@ -1,10 +0,0 @@
 <?php
 /**
 * @copyright   Copyright (C) 2010-2026 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 class ForgotPasswordUserInputException extends Exception
 {
 }
--- a/application/loginexternal.class.inc.php
+++ b/application/loginexternal.class.inc.php
@@ -75,10 +75,13 @@ class LoginExternal extends AbstractLoginFSMExtension
 	}
 	/**
-	 * @return bool|mixed
+	 * @return bool
 	 */
 	private function GetAuthUser()
 	{
-		return MetaModel::GetConfig()->GetExternalAuthenticationVariable();
+		$sExtAuthVar = MetaModel::GetConfig()->GetExternalAuthenticationVariable(); // In which variable is the info passed ?
 		eval('$sAuthUser = isset('.$sExtAuthVar.') ? '.$sExtAuthVar.' : false;'); // Retrieve the value
 		/** @var string $sAuthUser */
 		return $sAuthUser; // Retrieve the value
 	}
 }
--- a/application/logintwig.class.inc.php
+++ b/application/logintwig.class.inc.php
@@ -243,12 +243,15 @@ class LoginTwigRenderer
 	public function GetDefaultVars()
 	{
 		$sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_APPLICATION, ITOP_VERSION);
 		$sIconUrl = Utils::GetConfig()->Get('app_icon_url');
 		$sDisplayIcon = Branding::GetLoginLogoAbsoluteUrl();
 		$aVars = [
 			'sAppRootUrl' => utils::GetAbsoluteUrlAppRoot(),
 			'aPluginFormData' => $this->GetPluginFormData(),
 			'sItopVersion' => ITOP_VERSION,
 			'sVersionShort' => $sVersionShort,
 			'sIconUrl' => $sIconUrl,
 			'sDisplayIcon' => $sDisplayIcon,
 		];
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -221,15 +221,15 @@ class LoginWebPage extends NiceWebPage
 			if ($oUser != null) {
 				if (!MetaModel::IsValidAttCode(get_class($oUser), 'reset_pwd_token')) {
-					throw new ForgotPasswordUserInputException('External accounts do not allow password reset');
+					throw new Exception(Dict::S('UI:ResetPwd-Error-NotPossible'));
 				}
 				if (!$oUser->CanChangePassword()) {
-					throw new ForgotPasswordUserInputException('The account does not allow password reset');
+					throw new Exception(Dict::S('UI:ResetPwd-Error-FixedPwd'));
 				}
 				$sTo = $oUser->GetResetPasswordEmail(); // throws Exceptions if not allowed
 				if ($sTo == '') {
-					throw new ForgotPasswordUserInputException('Missing email address for this account');
+					throw new Exception(Dict::S('UI:ResetPwd-Error-NoEmail'));
 				}
 				// This token allows the user to change the password without knowing the previous one
@@ -255,21 +255,17 @@ class LoginWebPage extends NiceWebPage
 					case EMAIL_SEND_ERROR:
 					default:
-						throw new ForgotPasswordApplicationException('Failed to send the password reset email for '.$oUser->Get('friendlyname').': '.implode(', ', $aIssues));
+						IssueLog::Error('Failed to send the email with the NEW password for '.$oUser->Get('friendlyname').': '.implode(', ', $aIssues));
 						throw new Exception(Dict::S('UI:ResetPwd-Error-Send'));
 				}
 			}
 		} catch (ForgotPasswordApplicationException $e) {
 			IssueLog::Error('Failed to process the forgot password request for user "'.$sAuthUser.'" [reason='.get_class($e).']: '.$e->getMessage());
 		} catch (ForgotPasswordUserInputException $e) {
 			IssueLog::Info('Failed to process the forgot password request for user "'.$sAuthUser.'" [reason='.get_class($e).']: '.$e->getMessage());
 		} catch (\Throwable $e) {
 			IssueLog::Error('Unexpected error while processing the forgot password request for user "'.$sAuthUser.'": '.$e->getMessage());
 		}
 			$oTwigContext = new LoginTwigRenderer();
 			$aVars = $oTwigContext->GetDefaultVars();
 			$oTwigContext->Render($this, 'forgotpwdsent.html.twig', $aVars);
 		} catch (Exception $e) {
 			$this->DisplayForgotPwdForm(true, $e->getMessage());
 		}
 	}
 	public function DisplayResetPwdForm($sErrorMessage = null)
--- a/application/menunode.class.inc.php
+++ b/application/menunode.class.inc.php
@@ -1423,22 +1423,13 @@ class ShortcutMenuNode extends MenuNode
 	public function GetHyperlink($aExtraParams)
 	{
 		$sContext = $this->oShortcut->Get('context');
-		try {
+		$aContext = unserialize($sContext);
 			$aContext = utils::Unserialize($sContext);
 		if (isset($aContext['menu'])) {
 			unset($aContext['menu']);
 		}
 		foreach ($aContext as $sArgName => $sArgValue) {
 			$aExtraParams[$sArgName] = $sArgValue;
 		}
 		} catch (Exception $e) {
 			IssueLog::Warning("User shortcut corrupted, delete the shortcut", LogChannels::CONSOLE, [
 				'shortcut_name' => $this->oShortcut->GetName(),
 				'root_cause' => $e->getMessage(),
 			]);
 			// delete the shortcut
 			$this->oShortcut->DBDelete();
 		}
 		return parent::GetHyperlink($aExtraParams);
 	}
--- a/application/newsroomprovider.class.inc.php
+++ b/application/newsroomprovider.class.inc.php
@@ -34,7 +34,7 @@ interface iNewsroomProvider
 	 * @param User $oUser The user for who to check if the provider is applicable.
 	 * return bool
 	 */
-	public function IsApplicable(?User $oUser = null);
+	public function IsApplicable(User $oUser = null);
 	/**
 	 * The human readable (localized) label for this provider
@@ -139,7 +139,7 @@ abstract class NewsroomProviderBase implements iNewsroomProvider
 	 */
 	abstract public function GetViewAllURL();
-	public function IsApplicable(?User $oUser = null)
+	public function IsApplicable(User $oUser = null)
 	{
 		return false;
 	}
--- a/application/query.class.inc.php
+++ b/application/query.class.inc.php
@@ -151,7 +151,7 @@ abstract class Query extends cmdbAbstractObject
 	 * @return string|null
 	 * @since 3.1.0
 	 */
-	abstract public function GetExportUrl(?array $aValues = null): ?string;
+	abstract public function GetExportUrl(array $aValues = null): ?string;
 	/**
 	 * Update last export information.
@@ -227,7 +227,7 @@ class QueryOQL extends Query
 	}
 	/** @inheritdoc */
-	public function GetExportUrl(?array $aValues = null): ?string
+	public function GetExportUrl(array $aValues = null): ?string
 	{
 		try {
 			// retrieve attributes
--- a/application/themehandler.class.inc.php
+++ b/application/themehandler.class.inc.php
@@ -924,6 +924,11 @@ CSS;
 	public static function CloneThemeParameterAndIncludeVersion($aThemeParameters, $bSetupCompilationTimestamp, $aImportsPaths)
 	{
 		$aThemeParametersVariable = [];
 		if (array_key_exists('variables', $aThemeParameters)) {
 			if (is_array($aThemeParameters['variables'])) {
 				$aThemeParametersVariable = array_merge([], $aThemeParameters['variables']);
 			}
 		}
 		if (array_key_exists('variable_imports', $aThemeParameters)) {
 			if (is_array($aThemeParameters['variable_imports'])) {
@@ -931,14 +936,6 @@ CSS;
 			}
 		}
 		// Variables defined in theme XML have the priority over variables defined in XML imports files
 		// They're defined after so they overwrite previous parameters
 		if (array_key_exists('variables', $aThemeParameters)) {
 			if (is_array($aThemeParameters['variables'])) {
 				$aThemeParametersVariable = array_merge($aThemeParametersVariable, $aThemeParameters['variables']);
 			}
 		}
 		$aThemeParametersVariable['$version'] = $bSetupCompilationTimestamp;
 		return $aThemeParametersVariable;
 	}
@@ -970,9 +967,7 @@ CSS;
 				}
 			}
 		}
-		array_map(function ($sVariableValue) {
+		array_map(function ($sVariableValue) { return ltrim($sVariableValue); }, $aVariablesResults);
 			return ltrim($sVariableValue);
 		}, $aVariablesResults);
 		return $aVariablesResults;
 	}
--- a/application/ui.linksdirectwidget.class.inc.php
+++ b/application/ui.linksdirectwidget.class.inc.php
@@ -228,7 +228,7 @@ JS
 			<<<HTML
 <form id="ObjectsAddForm_{$this->sInputid}">
    <div id="SearchResultsToAdd_{$this->sInputid}">
-        <div style="border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
+        <div style="background: #fff; border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
    </div>
    <input type="hidden" id="count_{$this->sInputid}" value="0"/>
 </form>
--- a/application/ui.searchformforeignkeys.class.inc.php
+++ b/application/ui.searchformforeignkeys.class.inc.php
@@ -27,9 +27,6 @@ require_once(APPROOT.'/application/displayblock.class.inc.php');
 class UISearchFormForeignKeys
 {
 	private $m_sRemoteClass;
 	private $m_iInputId;
 	public function __construct($sTargetClass, $iInputId = null)
 	{
 		$this->m_sRemoteClass = $sTargetClass;
@@ -43,7 +40,7 @@ class UISearchFormForeignKeys
 	 *
 	 * @throws \Exception
 	 */
-	public function ShowModalSearchForeignKeys($oPage)
+	public function ShowModalSearchForeignKeys($oPage, $sTitle)
 	{
 		$oFilter = new DBObjectSearch($this->m_sRemoteClass);
@@ -63,17 +60,52 @@ class UISearchFormForeignKeys
 			]
 		));
 		$sEmptyList = Dict::S('UI:Message:EmptyList:UseSearchForm');
 		$sCancel = Dict::S('UI:Button:Cancel');
 		$sAdd = Dict::S('UI:Button:Add');
 		$oPage->add(
 			<<<HTML
 <form id="ObjectsAddForm_{$this->m_iInputId}">
    <div id="SearchResultsToAdd_{$this->m_iInputId}" style="vertical-align:top;height:100%;overflow:auto;padding:0;border:0;">
-        <div style="border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
+        <div style="background: #fff; border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
    </div>
    <input type="hidden" id="count_{$this->m_iInputId}" value="0"/>
 </form>
 HTML
 		);
 		$oPage->add_ready_script(
 			<<<JS
 $('#dlg_{$this->m_iInputId}').dialog({ 
 			width: $(window).width()*0.8, 
 			height: $(window).height()*0.8, 
 			autoOpen: false, 
 			modal: true, 
 			resizeStop: oForeignKeysWidget{$this->m_iInputId}.UpdateSizes,
            buttons: [
 				{
 					text: Dict.S('UI:Button:Cancel'),
 					class: "cancel ibo-is-alternative ibo-is-neutral",
 					click: function() {
 						$('#dlg_{$this->m_iInputId}').dialog('close');
 					}
 				},
 				{
 					text:  Dict.S('UI:Button:Add'),
 					id: 'btn_ok_{$this->m_iInputId}',
 					class: "ok ibo-is-regular ibo-is-primary",
 					click: function() {
 						oForeignKeysWidget{$this->m_iInputId}.DoAddObjects(this.id);							
 					}
 				},
 			],
 });
 $('#dlg_{$this->m_iInputId}').dialog('option', {title:'$sTitle'});
 $('#SearchFormToAdd_{$this->m_iInputId} form').on('submit.uilinksWizard', oForeignKeysWidget{$this->m_iInputId}.SearchObjectsToAdd);
 $('#SearchFormToAdd_{$this->m_iInputId}').on('resize', oForeignKeysWidget{$this->m_iInputId}.UpdateSizes);
 JS
 		);
 	}
 	public function GetFullListForeignKeysFromSelection($oPage, $oFullSetFilter)
@@ -87,4 +119,31 @@ HTML
 			IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 		}
 	}
 	/**
 	 * Search for objects to be linked to the current object (i.e "remote" objects)
 	 *
 	 * @param WebPage $oP The page used for the output (usually an AjaxWebPage)
 	 * @param string $sRemoteClass Name of the "remote" class to perform the search on, must be a derived class of m_sRemoteClass
 	 *
 	 * @throws \Exception
 	 */
 	public function ListResultsSearchForeignKeys(WebPage $oP, $sRemoteClass = '')
 	{
 		if ($sRemoteClass != '') {
 			// assert(MetaModel::IsParentClass($this->m_sRemoteClass, $sRemoteClass));
 			$oFilter = new DBObjectSearch($sRemoteClass);
 		} else {
 			// No remote class specified use the one defined in the linkedset
 			$oFilter = new DBObjectSearch($this->m_sRemoteClass);
 		}
 		$oBlock = new DisplayBlock($oFilter, 'list', false);
 		$oBlock->Display(
 			$oP,
 			"ResultsToAdd_{$this->m_iInputId}",
 			['menu' => false, 'cssCount' => "#count_{$this->m_iInputId}", 'selection_mode' => true, 'table_id' => "add_{$this->m_iInputId}"]
 		);
 	}
 }
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -122,11 +122,6 @@ class utils
 	 * @since 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_VARIABLE_NAME = 'variable_name';
 	/**
 	 * @var string For module codes (e.g. `itop-portal-base`, `combodo-webhook-integration`, `some-module-code-x.y`, ...)
 	 * @since 3.2.3 3.3.0 N°8554
 	 */
 	public const ENUM_SANITIZATION_FILTER_MODULE_CODE = 'module_code';
 	/**
 	 * @var string
 	 * @since 2.7.10 3.0.0
@@ -186,9 +181,6 @@ class utils
 	protected static function LoadParamFile($sParamFile)
 	{
 		if (utils::RealPath($sParamFile, APPROOT) !== false) {
 			throw new Exception("File '".utils::HtmlEntities($sParamFile)."' should be outside iTop");
 		}
 		if (!file_exists($sParamFile)) {
 			throw new Exception("Could not find the parameter file: '".utils::HtmlEntities($sParamFile)."'");
 		}
@@ -398,7 +390,6 @@ class utils
 	 * @since 2.7.10 N°6606 use the utils::ENUM_SANITIZATION_* const
 	 * @since 2.7.10 N°6606 new case for ENUM_SANITIZATION_FILTER_PHP_CLASS
 	 * @since 3.2.1-1 N°8242 Allow value to be an array for every filter
 	 * @since 3.2.3 3.3.0 N°8554 new case for ENUM_SANITIZATION_FILTER_MODULE_CODE
 	 *
 	 * @link https://www.php.net/manual/en/filter.filters.sanitize.php PHP sanitization filters
 	 */
@@ -486,7 +477,7 @@ class utils
 				);
 				break;
-				// For XML / HTML node selector
+				// For XML / HTML node id selector
 			case static::ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR:
 				$retValue = filter_var(
 					$value,
@@ -499,15 +490,6 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;
 			case static::ENUM_SANITIZATION_FILTER_MODULE_CODE:
 				// Module codes allow all alphabets letters, numbers, dash and dot characters
 				$retValue = filter_var(
 					$value,
 					FILTER_VALIDATE_REGEXP,
 					['options' => ['regexp' => '/^[\p{L}\d.-]+$/u']]
 				);
 				break;
 				// For URL
 			case static::ENUM_SANITIZATION_FILTER_URL:
 				$retValue = filter_var($value, FILTER_SANITIZE_URL);
@@ -1302,7 +1284,7 @@ class utils
 	 * @throws \CoreException
 	 * @throws \Exception
 	 */
-	public static function ExecITopScript(string $sScriptName, array $aArguments, ?string $sAuthUser = null, ?string $sAuthPwd = null)
+	public static function ExecITopScript(string $sScriptName, array $aArguments, string $sAuthUser = null, string $sAuthPwd = null)
 	{
 		$aDisabled = explode(', ', ini_get('disable_functions'));
 		if (in_array('exec', $aDisabled)) {
@@ -1392,7 +1374,7 @@ class utils
 	 * @return string A path to a folder into which any module can store cache data
 	 * The corresponding folder is created or cleaned upon code compilation
 	 */
-	public static function GetCachePath(?string $sEnvironment = null): string
+	public static function GetCachePath(string $sEnvironment = null): string
 	{
 		if (is_null($sEnvironment)) {
 			$sEnvironment = MetaModel::GetEnvironment();
@@ -1455,12 +1437,6 @@ class utils
 			case iPopupMenuExtension::MENU_OBJLIST_TOOLKIT:
 				/** @var \DBObjectSet $param */
 				// Check if the user has the right to read the objects of this list, otherwise do not propose any action (eg. configure this list, export, etc.)
 				if (UserRights::IsActionAllowed($param->GetFilter()->GetClass(), UR_ACTION_READ, $param) !== UR_ALLOWED_YES) {
 					break;
 				}
 				$oAppContext = new ApplicationContext();
 				$sContext = $oAppContext->GetForLink(true);
 				$sDataTableId = is_null($sDataTableId) ? '' : $sDataTableId;
@@ -1924,12 +1900,6 @@ SQL;
 		return $response;
 	}
 	public static function QuoteForPHP(string $sValue): string
 	{
 		$sEscaped = str_replace(['\\', "'"], ['\\\\', "\\'"], $sValue);
 		return "'$sEscaped'";
 	}
 	/**
 	 * Get a standard list of character sets
 	 *
@@ -2105,9 +2075,7 @@ SQL;
 			}
 			// Remove any remaining nulls (for positions that weren't referenced)
-			$aReplacements = array_filter($aReplacements, static function ($val) {
+			$aReplacements = array_filter($aReplacements, static function ($val) { return $val !== null; });
 				return $val !== null;
 			});
 		} else {
 			// For non-positional, we need to map each position
 			$aReplacements = [];
@@ -3146,50 +3114,4 @@ TXT
 		return $aTrace;
 	}
 	/**
 	 * PHP unserialize encapsulation, allow throwing exception when not allowed object class is detected (for security hardening)
 	 *
 	 * @param string $data data to unserialize
 	 * @param array $aOptions PHP @unserialise options
 	 * @param bool $bThrowNotAllowedObjectClassException flag to throw exception
 	 *
 	 * @return mixed PHP @unserialise return
 	 * @throws Exception
 	 */
 	public static function Unserialize(string $data, array $aOptions = ['allowed_classes' => false], bool $bThrowNotAllowedObjectClassException = true): mixed
 	{
 		$data = unserialize($data, $aOptions);
 		if ($bThrowNotAllowedObjectClassException) {
 			try {
 				self::AssertNoIncompleteClassDetected($data);
 			} catch (Exception $e) {
 				throw new CoreException('Unserialization failed because an incomplete class was detected.', [], '', $e);
 			}
 		}
 		return $data;
 	}
 	/**
 	 * Assert that data provided doesn't contain any incomplete class.
 	 *
 	 * @throws Exception
 	 */
 	public static function AssertNoIncompleteClassDetected(mixed $data): void
 	{
 		if (is_object($data)) {
 			if ($data instanceof __PHP_Incomplete_Class) {
 				throw new Exception('__PHP_Incomplete_Class_Name object detected');
 			}
 			foreach (get_object_vars($data) as $property) {
 				self::AssertNoIncompleteClassDetected($property);
 			}
 		} elseif (is_array($data)) {
 			foreach ($data as $value) {
 				self::AssertNoIncompleteClassDetected($value);
 			}
 		}
 	}
 }
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,7 @@
  "type": "project",
  "license": "AGPL-3.0-only",
  "require": {
-    "php": ">=8.2.0 <8.5.0",
+    "php": ">=8.1.0 <8.4.0",
    "ext-ctype": "*",
    "ext-dom": "*",
    "ext-gd": "*",
@@ -12,50 +12,37 @@
    "ext-json": "*",
    "ext-mysqli": "*",
    "ext-soap": "*",
-    "apereo/phpcas": "dev-master",
+    "apereo/phpcas": "~1.6.0",
    "firebase/php-jwt": "^6.4.0",
    "guzzlehttp/guzzle": "^7.5.1",
    "league/oauth2-google": "^4.0.1",
    "nikic/php-parser": "dev-master",
    "pear/archive_tar": "~1.4.14",
    "pelago/emogrifier": "^7.2.0",
    "psr/log": "^3.0.0",
-    "scssphp/scssphp": "dev-combodo/1.x",
+    "scssphp/scssphp": "^1.12.1",
    "soundasleep/html2text": "~2.1",
    "symfony/console": "~6.4.0",
    "symfony/dotenv": "~6.4.0",
    "symfony/form": "^6.4",
    "symfony/framework-bundle": "~6.4.0",
    "symfony/http-foundation": "~6.4.0",
    "symfony/http-kernel": "~6.4.0",
-    "symfony/runtime": "~6.4.0",
+    "symfony/mailer": "^6.4",
-    "symfony/security-csrf": "~6.4.0",
+    "symfony/security-csrf": "^6.4",
    "symfony/twig-bundle": "~6.4.0",
    "symfony/validator" : "~6.4.0",
    "symfony/var-dumper": "~6.4.0",
    "symfony/yaml": "~6.4.0",
    "symfony/mailer": "~6.4.0",
    "tecnickcom/tcpdf": "^6.6.0",
-    "thenetworg/oauth2-azure": "^2.0",
+    "thenetworg/oauth2-azure": "^2.0"
    "soundasleep/html2text": "~2.1"
  },
  "require-dev": {
    "symfony/debug-bundle": "~6.4.0",
    "symfony/stopwatch": "~6.4.0",
    "symfony/web-profiler-bundle": "~6.4.0"
  },
-  "repositories": [
+  "repositories": [{
    {
    "type": "vcs",
    "url": "https://github.com/Combodo/PHP-Parser"
-    },
+  }],
    {
      "type": "vcs",
      "url": "https://github.com/EsupPortail/phpCAS"
    },
    {
      "type": "vcs",
      "url": "https://github.com/combodo-itop-libs/scssphp"
    }
  ],
  "suggest": {
    "ext-libsodium": "Required to use the AttributeEncryptedString.",
    "ext-openssl": "Can be used as a polyfill if libsodium is not installed",
@@ -67,7 +54,7 @@
  },
  "config": {
    "platform": {
-      "php": "8.2.0"
+      "php": "8.1.0"
    },
    "vendor-dir": "lib",
    "preferred-install": {
@@ -75,10 +62,7 @@
    },
    "sort-packages": true,
    "classmap-authoritative": true,
-    "platform-check": true,
+    "platform-check": true
    "allow-plugins": {
      "symfony/runtime": true
    }
  },
  "autoload": {
    "classmap": [
--- a/composer.lock
+++ b/composer.lock
--- a/core/action.class.inc.php
+++ b/core/action.class.inc.php
@@ -234,11 +234,10 @@ abstract class Action extends cmdbAbstractObject
 		}
 		$oActionFilter = DBObjectSearch::FromOQL($sActionQueryOql, $aActionQueryParams);
 		$oActionFilter->AllowAllData();
 		$oSet = new DBObjectSet($oActionFilter, ['date' => false]);
 		$sPanelTitle = Dict::Format('Action:last_executions_tab_panel_title', $sActionQueryLimit);
-		$oExecutionsListBlock = DataTableUIBlockFactory::MakeForResult($oPage, 'action_executions_list', $oSet, ['panel_title' => $sPanelTitle, 'display_unauthorized_objects' => true]);
+		$oExecutionsListBlock = DataTableUIBlockFactory::MakeForResult($oPage, 'action_executions_list', $oSet, ['panel_title' => $sPanelTitle]);
 		$oPage->AddUiBlock($oExecutionsListBlock);
 	}
--- a/core/bulkchange.class.inc.php
+++ b/core/bulkchange.class.inc.php
@@ -199,7 +199,7 @@ class CellStatus_SearchIssue extends CellStatus_Issue
 	 * @param null $sAllowedValues : used for additional message that provides allowed values $sAllowedValues for current class
 	 * @param string|null $sAllowedValuesSearch : used to search all allowed values
 	 */
-	public function __construct($sSerializedSearch, $sReason, $sClass = null, $sAllowedValues = null, ?string $sAllowedValuesSearch = null)
+	public function __construct($sSerializedSearch, $sReason, $sClass = null, $sAllowedValues = null, string $sAllowedValuesSearch = null)
 	{
 		parent::__construct(null, null, $sReason);
 		$this->sSerializedSearch = $sSerializedSearch;
@@ -876,7 +876,7 @@ class BulkChange
 		return $aResults;
 	}
-	protected function CreateObject(&$aResult, $iRow, $aRowData, ?CMDBChange $oChange = null)
+	protected function CreateObject(&$aResult, $iRow, $aRowData, CMDBChange $oChange = null)
 	{
 		$oTargetObj = MetaModel::NewObject($this->m_sClass);
@@ -965,7 +965,7 @@ class BulkChange
 	 * @throws \MySQLException
 	 * @throws \MySQLHasGoneAwayException
 	 */
-	protected function UpdateObject(&$aResult, $iRow, $oTargetObj, $aRowData, ?CMDBChange $oChange = null)
+	protected function UpdateObject(&$aResult, $iRow, $oTargetObj, $aRowData, CMDBChange $oChange = null)
 	{
 		$aResult[$iRow] = $this->PrepareObject($oTargetObj, $aRowData, $aErrors);
@@ -1008,7 +1008,7 @@ class BulkChange
 	 *
 	 * @throws \BulkChangeException
 	 */
-	protected function UpdateMissingObject(&$aResult, $iRow, $oTargetObj, ?CMDBChange $oChange = null)
+	protected function UpdateMissingObject(&$aResult, $iRow, $oTargetObj, CMDBChange $oChange = null)
 	{
 		$aResult[$iRow] = $this->PrepareMissingObject($oTargetObj, $aErrors);
@@ -1043,7 +1043,7 @@ class BulkChange
 		}
 	}
-	public function Process(?CMDBChange $oChange = null)
+	public function Process(CMDBChange $oChange = null)
 	{
 		if ($oChange) {
 			CMDBObject::SetCurrentChange($oChange);
--- a/core/cmdbsource.class.inc.php
+++ b/core/cmdbsource.class.inc.php
@@ -537,6 +537,12 @@ class CMDBSource
 	 */
 	public static function Query($sSQLQuery)
 	{
 		if (self::$sRaisesExceptionMsgWhenSqlQuery) {
 			$e = new \Exception(self::$sRaisesExceptionMsgWhenSqlQuery);
 			\IssueLog::Error(__METHOD__, null, [$e->getTraceAsString()]);
 			throw $e;
 		}
 		if (preg_match('/^START TRANSACTION;?$/i', $sSQLQuery)) {
 			self::StartTransaction();
@@ -556,6 +562,13 @@ class CMDBSource
 		return self::DBQuery($sSQLQuery);
 	}
 	public static ?string $sRaisesExceptionMsgWhenSqlQuery = null;
 	public static function TriggerExceptionWhenSqlQuery(?string $sMsg)
 	{
 		self::$sRaisesExceptionMsgWhenSqlQuery = $sMsg;
 	}
 	/**
 	 * Send the query directly to the DB. **Be extra cautious with this !**
 	 *
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -78,7 +78,6 @@ define('DEFAULT_EXT_AUTH_VARIABLE', '$_SERVER[\'REMOTE_USER\']');
 define('DEFAULT_ENCRYPTION_KEY', '@iT0pEncr1pti0n!'); // We'll use a random generated key later (if possible)
 define('DEFAULT_ENCRYPTION_LIB', 'Mcrypt'); // We'll define the best encryption available later
 define('DEFAULT_HASH_ALGO', PASSWORD_DEFAULT);
 /**
 * Config
 * configuration data (this class cannot not be localized, because it is responsible for loading the dictionaries)
@@ -872,14 +871,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
 		'ext_auth_variable' => [
 			'type' => 'string',
 			'description' => 'External authentication expression (allowed: $_SERVER[\'key\'], $_COOKIE[\'key\'], $_REQUEST[\'key\'], getallheaders()[\'Header-Name\'])',
 			'default' => '$_SERVER[\'REMOTE_USER\']',
 			'value' => '$_SERVER[\'REMOTE_USER\']',
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
 		'login_debug' => [
 			'type' => 'bool',
 			'description' => 'Activate the login FSM debug',
@@ -937,7 +928,7 @@ class Config
 			'type' => 'string',
 			'description' => 'Actions that are available as direct buttons next to the "Actions" menu',
 			// examples... not used
-			'default' => 'UI:Menu:Modify,UI:Menu:New,UI:Menu:impacts_down,UI:Menu:impacts_up',
+			'default' => 'UI:Menu:Modify,UI:Menu:New',
 			'value' => 'UI:Menu:Modify',
 			'source_of_value' => '',
 			'show_in_conf_sample' => true,
@@ -1622,7 +1613,7 @@ class Config
 			'show_in_conf_sample' => false,
 		],
 		'search_manual_submit' => [
-			'type' => 'bool',
+			'type' => 'array',
 			'description' => 'Force manual submit of search all requests',
 			'default' => false,
 			'value' => true,
@@ -1749,14 +1740,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
 		'security.disable_joined_classes_filter' => [
 			'type'                => 'bool',
 			'description'         => 'If true, scope filters aren\'t applied to joined classes or union classes not directly listed in the SELECT clause.',
 			'default'             => true,
 			'value'               => true,
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'security.hide_administrators' => [
 			'type'                => 'bool',
 			'description'         => 'If true, non-administrator users will not be able to see the administrator accounts, the Administrator profile and the links between the administrator accounts and their profiles.',
@@ -1765,14 +1748,6 @@ class Config
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'security.disable_exec_forced_login_for_all_enpoints' => [
 			'type'                => 'bool',
 			'description'         => 'If true, when no delegated authentication module is defined, no login will be forced on modules exec endpoints',
 			'default'             => true,
 			'value'               => true,
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'behind_reverse_proxy' => [
 			'type' => 'bool',
 			'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)',
@@ -1979,6 +1954,16 @@ class Config
 	 */
 	protected $m_sDefaultLanguage;
 	/**
 	 * @var string Type of login process allowed: form|basic|url|external
 	 */
 	protected $m_sAllowedLoginTypes;
 	/**
 	 * @var string Name of the PHP variable in which external authentication information is passed by the web server
 	 */
 	protected $m_sExtAuthVariable;
 	/**
 	 * @var string Encryption key used for all attributes of type "encrypted string". Can be set to a random value
 	 *             unless you want to import a database from another iTop instance, in which case you must use
@@ -2047,6 +2032,8 @@ class Config
 		$this->m_iFastReloadInterval = DEFAULT_FAST_RELOAD_INTERVAL;
 		$this->m_bSecureConnectionRequired = DEFAULT_SECURE_CONNECTION_REQUIRED;
 		$this->m_sDefaultLanguage = 'EN US';
 		$this->m_sAllowedLoginTypes = DEFAULT_ALLOWED_LOGIN_TYPES;
 		$this->m_sExtAuthVariable = DEFAULT_EXT_AUTH_VARIABLE;
 		$this->m_aCharsets = [];
 		$this->m_bQueryCacheEnabled = DEFAULT_QUERY_CACHE_ENABLED;
 		$this->m_iPasswordHashAlgo = DEFAULT_HASH_ALGO;
@@ -2192,6 +2179,8 @@ class Config
 		$this->m_aModuleSettings = isset($MyModuleSettings) ? $MyModuleSettings : [];
 		$this->m_sDefaultLanguage = isset($MySettings['default_language']) ? trim($MySettings['default_language']) : 'EN US';
 		$this->m_sAllowedLoginTypes = isset($MySettings['allowed_login_types']) ? trim($MySettings['allowed_login_types']) : DEFAULT_ALLOWED_LOGIN_TYPES;
 		$this->m_sExtAuthVariable = isset($MySettings['ext_auth_variable']) ? trim($MySettings['ext_auth_variable']) : DEFAULT_EXT_AUTH_VARIABLE;
 		$this->m_sEncryptionKey = isset($MySettings['encryption_key']) ? trim($MySettings['encryption_key']) : $this->m_sEncryptionKey;
 		$this->m_sEncryptionLibrary = isset($MySettings['encryption_library']) ? trim($MySettings['encryption_library']) : $this->m_sEncryptionLibrary;
 		$this->m_aCharsets = isset($MySettings['csv_import_charsets']) ? $MySettings['csv_import_charsets'] : [];
@@ -2350,76 +2339,12 @@ class Config
 	public function GetAllowedLoginTypes()
 	{
-		return explode('|', $this->m_aSettings['allowed_login_types']['value']);
+		return explode('|', $this->m_sAllowedLoginTypes);
 	}
 	/**
 	 * @return bool|mixed
 	 * @since 3.2.3 return the parsed value instead of an unsecured variable name
 	 */
 	public function GetExternalAuthenticationVariable()
 	{
-		$sExpression = $this->Get('ext_auth_variable');
+		return $this->m_sExtAuthVariable;
 		$aParsed = $this->ParseExternalAuthVariableExpression($sExpression);
 		if ($aParsed === null) {
 			return false;
 		}
 		$sKey = $aParsed['key'];
 		switch ($aParsed['type']) {
 			case 'server':
 				return $_SERVER[$sKey] ?? false;
 			case 'cookie':
 				return $_COOKIE[$sKey] ?? false;
 			case 'request':
 				return $_REQUEST[$sKey] ?? false;
 			case 'header':
 				if (!function_exists('getallheaders')) {
 					return false;
 				}
 				$aHeaders = getallheaders();
 				if (!is_array($aHeaders)) {
 					return false;
 				}
 				return $aHeaders[$sKey] ?? false;
 		}
 		return false;
 	}
 	/**
 	 * @param $sExpression
 	 * @return array|null
 	 */
 	private function ParseExternalAuthVariableExpression($sExpression)
 	{
 		// If it's a configuration parameter it's probably already trimmed, but just in case
 		$sExpression = trim((string) $sExpression);
 		if ($sExpression === '') {
 			return null;
 		}
 		// Match $_SERVER/$_COOKIE/$_REQUEST['key'] with optional whitespace and single/double quotes.
 		if (preg_match('/^\$_(SERVER|COOKIE|REQUEST)\s*\[\s*(["\'])\s*([^"\']+)\2\s*\]\s*$/', $sExpression, $aMatches) === 1) {
 			$sContext = strtoupper($aMatches[1]);
 			$sKey = $aMatches[3];
 			return [
 				'type' => strtolower($sContext),
 				'key' => $sKey,
 				'normalized' => '$_'.$sContext.'[\''.$sKey.'\']',
 			];
 		}
 		// Match getallheaders()['Header-Name'] in a case-insensitive way.
 		if (preg_match('/^getallheaders\(\)\s*\[\s*(["\'])\s*([^"\']+)\1\s*\]\s*$/i', $sExpression, $aMatches) === 1) {
 			$sKey = $aMatches[2];
 			return [
 				'type' => 'header',
 				'key' => $sKey,
 				'normalized' => 'getallheaders()[\''.$sKey.'\']',
 			];
 		}
 		return null;
 	}
 	public function GetCSVImportCharsets()
@@ -2492,6 +2417,7 @@ class Config
 	public function SetAllowedLoginTypes($aAllowedLoginTypes)
 	{
 		$this->m_sAllowedLoginTypes = implode('|', $aAllowedLoginTypes);
 		$this->Set('allowed_login_types', implode('|', $aAllowedLoginTypes));
 	}
@@ -2515,7 +2441,7 @@ class Config
 	public function SetExternalAuthenticationVariable($sExtAuthVariable)
 	{
-		$this->Set('ext_auth_variable', $sExtAuthVariable);
+		$this->m_sExtAuthVariable = $sExtAuthVariable;
 	}
 	public function SetEncryptionKey($sKey)
@@ -2569,6 +2495,8 @@ class Config
 		$aSettings['fast_reload_interval'] = $this->m_iFastReloadInterval;
 		$aSettings['secure_connection_required'] = $this->m_bSecureConnectionRequired;
 		$aSettings['default_language'] = $this->m_sDefaultLanguage;
 		$aSettings['allowed_login_types'] = $this->m_sAllowedLoginTypes;
 		$aSettings['ext_auth_variable'] = $this->m_sExtAuthVariable;
 		$aSettings['encryption_key'] = $this->m_sEncryptionKey;
 		$aSettings['encryption_library'] = $this->m_sEncryptionLibrary;
 		$aSettings['csv_import_charsets'] = $this->m_aCharsets;
@@ -2671,6 +2599,8 @@ class Config
 			// Old fashioned remaining values
 			$aOtherValues = [
 				'default_language' => $this->m_sDefaultLanguage,
 				'allowed_login_types' => $this->m_sAllowedLoginTypes,
 				'ext_auth_variable' => $this->m_sExtAuthVariable,
 				'encryption_key' => $this->m_sEncryptionKey,
 				'encryption_library' => $this->m_sEncryptionLibrary,
 				'csv_import_charsets' => $this->m_aCharsets,
--- a/core/csvbulkexport.class.inc.php
+++ b/core/csvbulkexport.class.inc.php
@@ -5,7 +5,6 @@
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\UI\Base\Component\FieldSet\FieldSetUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
 use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
@@ -14,6 +13,7 @@ use Combodo\iTop\Application\UI\Base\Component\Input\Select\SelectUIBlockFactory
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
 use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\WebPage\Page;
 use Combodo\iTop\Application\WebPage\WebPage;
@@ -55,8 +55,6 @@ class CSVBulkExport extends TabularBulkExport
 		$this->aStatusInfo['charset'] = strtoupper(utils::ReadParam('charset', 'UTF-8', true, 'raw_data'));
 		$this->aStatusInfo['formatted_text'] = (bool)utils::ReadParam('formatted_text', 0, true);
 		$this->aStatusInfo['ignore_excel_sanitization'] = (bool)utils::ReadParam('ignore_excel_sanitization', 0, true, utils::ENUM_SANITIZATION_FILTER_INTEGER);
 		$sDateFormatRadio = utils::ReadParam('csv_date_format_radio', '');
 		switch ($sDateFormatRadio) {
 			case 'default':
@@ -225,10 +223,6 @@ class CSVBulkExport extends TabularBulkExport
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 				$oFieldSetSecurity = FieldSetUIBlockFactory::MakeStandard(Dict::S('Core:BulkExport:Security'));
 				$oMulticolumn->AddColumn(ColumnUIBlockFactory::MakeForBlock($oFieldSetSecurity));
 				$oFieldSetSecurity->AddSubBlock(ExportHelper::GetInputForSanitizeExcelExport());
 				$oP->add_ready_script(
 					<<<EOF
 $('#form_part_csv_options').on('preview_updated', function() { FormatDatesInPreview('csv', 'csv'); });
@@ -270,13 +264,6 @@ EOF
 			default:
 				$sRet = trim($oObj->GetAsCSV($sAttCode), '"');
 		}
 		// If the option to ignore Excel sanitization is not set or explicitly set to false, apply sanitization
 		if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
 			return ExportHelper::SanitizeField($sRet, $this->aStatusInfo['text_qualifier'] ?? '');
 		}
 		// The option to ignore Excel sanitization is explicitly set to true: return the raw value without sanitization
 		return $sRet;
 	}
@@ -350,12 +337,6 @@ EOF
 							$sField = $oObj->GetAsCSV($sAttCode, $this->aStatusInfo['separator'], $this->aStatusInfo['text_qualifier'], $this->bLocalizeOutput, !$this->aStatusInfo['formatted_text']);
 					}
 				}
 				// If the option to ignore Excel sanitization is not set or absent, sanitize the field
 				if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
 					$sField = ExportHelper::SanitizeField($sField, $this->aStatusInfo['text_qualifier']);
 				}
 				if ($this->aStatusInfo['charset'] != 'UTF-8') {
 					// Note: due to bugs in the glibc library it's safer to call iconv on the smallest possible string
 					// and thus to convert field by field and not the whole row or file at once (see ticket N°991)
--- a/core/datamodel.core.xml
+++ b/core/datamodel.core.xml
@@ -425,7 +425,7 @@
      </php_parent>
      <parent>cmdbAbstractObject</parent>
      <properties>
-        <category>core/cmdb,grant_by_profile,silo</category>
+        <category>core/cmdb,view_in_gui</category>
        <abstract>false</abstract>
        <key_type>autoincrement</key_type>
        <db_table>priv_event_newsroom</db_table>
@@ -904,7 +904,7 @@
        <!-- Generated by toolkit/export-class-to-meta.php -->
        <parent>Event</parent>
        <properties>
-          <category>core/cmdb,grant_by_profile,silo</category>
+          <category>core/cmdb,view_in_gui</category>
        </properties>
        <fields>
          <field id="message" xsi:type="AttributeText"/>
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -2567,7 +2567,7 @@ abstract class DBObject implements iDisplay
 	 *
 	 * @see \RestUtils::FindObjectFromKey for the same check in the REST endpoint
 	 */
-	final public function CheckChangedExtKeysValues(?callable $oIsObjectLoadableCallback = null)
+	final public function CheckChangedExtKeysValues(callable $oIsObjectLoadableCallback = null)
 	{
 		if (is_null($oIsObjectLoadableCallback)) {
 			$oIsObjectLoadableCallback = function ($sClass, $sId) {
@@ -3727,7 +3727,7 @@ abstract class DBObject implements iDisplay
 	 * @throws \MySQLException
 	 * @throws \OQLException
 	 */
-	private function ActivateOnObjectUpdateTriggers(?DBObject $oObject, ?array $aAttributes = null): void
+	private function ActivateOnObjectUpdateTriggers(?DBObject $oObject, array $aAttributes = null): void
 	{
 		if (is_null($oObject)) {
 			return;
--- a/core/dbobjectsearch.class.php
+++ b/core/dbobjectsearch.class.php
@@ -1932,37 +1932,4 @@ class DBObjectSearch extends DBSearch
 	{
 		return $this->GetCriteria()->ListParameters();
 	}
 	/**
 	 * @inheritDoc
 	 * @return DBObjectSearch
 	 */
 	protected function ApplyDataFilters(): DBObjectSearch
 	{
 		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
 			return $this;
 		}
 		$oSearch = $this;
 		$aClassesToFilter = $this->GetSelectedClasses();
 		// Opt-in for joined classes filtering, otherwise only filter the selected class(es)
 		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === false) {
 			$aClassesToFilter = $this->GetJoinedClasses();
 		}
 		// Apply filter (this is similar to the one in DBSearch but the factorization could make it less readable)
 		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
 			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
 			if ($oVisibleObjects === false) {
 				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
 			}
 			if (is_object($oVisibleObjects)) {
 				$oVisibleObjects->AllowAllData();
 				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
 				$oSearch->SetDataFiltered();
 			}
 		}
 		return $oSearch;
 	}
 }
--- a/core/dbobjectset.class.php
+++ b/core/dbobjectset.class.php
@@ -122,9 +122,7 @@ class DBObjectSet implements iDBObjectSetIterator
 	 */
 	public function __destruct()
 	{
-		if (is_object($this->m_oSQLResult)) {
+		$this->Free();
 			$this->m_oSQLResult->free();
 		}
 	}
 	/**
@@ -711,11 +709,8 @@ class DBObjectSet implements iDBObjectSetIterator
 		$sSQL = $this->_makeSelectQuery($this->m_aAttToLoad);
 		if (is_object($this->m_oSQLResult)) {
 		// Free previous resultset if any
-			$this->m_oSQLResult->free();
+		$this->Free();
 			$this->m_oSQLResult = null;
 		}
 		try {
 			$oKPI = new ExecutionKPI();
@@ -871,23 +866,7 @@ class DBObjectSet implements iDBObjectSetIterator
 	 */
 	public function CountExceeds($iLimit)
 	{
-		if (is_null($this->m_iNumTotalDBRows)) {
+		$iCount = $this->CountWithLimit($iLimit);
 			$oKPI = new ExecutionKPI();
 			$sSQL = $this->m_oFilter->MakeSelectQuery([], $this->m_aArgs, null, null, $iLimit + 2, 0, true);
 			$resQuery = CMDBSource::Query($sSQL);
 			$sOQL = $this->GetPseudoOQL($this->m_oFilter, [], $iLimit + 2, 0, true);
 			$oKPI->ComputeStats('OQL Query Exec', $sOQL);
 			if ($resQuery) {
 				$aRow = CMDBSource::FetchArray($resQuery);
 				$iCount = intval($aRow['COUNT']);
 				CMDBSource::FreeResult($resQuery);
 			} else {
 				$iCount = 0;
 			}
 		} else {
 			$iCount = $this->m_iNumTotalDBRows;
 		}
 		return ($iCount > $iLimit);
 	}
@@ -913,8 +892,8 @@ class DBObjectSet implements iDBObjectSetIterator
 			$oKPI->ComputeStats('OQL Query Exec', $sOQL);
 			if ($resQuery) {
 				$aRow = CMDBSource::FetchArray($resQuery);
 				CMDBSource::FreeResult($resQuery);
 				$iCount = intval($aRow['COUNT']);
 				CMDBSource::FreeResult($resQuery);
 			} else {
 				$iCount = 0;
 			}
@@ -935,6 +914,14 @@ class DBObjectSet implements iDBObjectSetIterator
 		return $this->m_iNumLoadedDBRows + count($this->m_aAddedObjects);
 	}
 	private function Free()
 	{
 		if (is_object($this->m_oSQLResult)) {
 			CMDBSource::FreeResult($this->m_oSQLResult);
 			$this->m_oSQLResult = null;
 		}
 	}
 	/**
 	 * Fetch an object (with the given class alias) at the current position in the set and move the cursor to the next position.
 	 *
@@ -955,6 +942,7 @@ class DBObjectSet implements iDBObjectSetIterator
 		}
 		if ($this->m_iCurrRow >= $this->CountLoaded()) {
 			$this->Free();
 			return null;
 		}
@@ -962,7 +950,9 @@ class DBObjectSet implements iDBObjectSetIterator
 			$sRequestedClassAlias = $this->m_oFilter->GetClassAlias();
 		}
-		if ($this->m_iCurrRow < $this->m_iNumLoadedDBRows) {
+		if ($this->m_iCurrRow < count($this->m_aCacheObj)) {
 			$oRetObj = $this->m_aCacheObj[$this->m_iCurrRow][$sRequestedClassAlias];
 		} else if ($this->m_iCurrRow < $this->m_iNumLoadedDBRows) {
 			// Pick the row from the database
 			$aRow = CMDBSource::FetchArray($this->m_oSQLResult);
 			foreach ($this->m_oFilter->GetSelectedClasses() as $sClassAlias => $sClass) {
@@ -972,6 +962,7 @@ class DBObjectSet implements iDBObjectSetIterator
 					} else {
 						try {
 							$oRetObj = MetaModel::GetObjectByRow($sClass, $aRow, $sClassAlias, $this->m_aAttToLoad, $this->m_aExtendedDataSpec);
 							$this->m_aCacheObj[$this->m_iCurrRow] = [$sRequestedClassAlias => $oRetObj];
 						} catch (CoreException $e) {
 							$this->m_iCurrRow++;
 							$oRetObj = $this->Fetch($sRequestedClassAlias);
@@ -988,6 +979,8 @@ class DBObjectSet implements iDBObjectSetIterator
 		return $oRetObj;
 	}
 	private $m_aCacheObj = [];
 	/**
 	 * Fetch the whole row of objects (if several classes have been specified in the query) and move the cursor to the next position
 	 *
@@ -1006,21 +999,29 @@ class DBObjectSet implements iDBObjectSetIterator
 		}
 		if ($this->m_iCurrRow >= $this->CountLoaded()) {
 			$this->Free();
 			return null;
 		}
-		if ($this->m_iCurrRow < $this->m_iNumLoadedDBRows) {
+		if ($this->m_iCurrRow < count($this->m_aCacheObj)) {
 			$aRetObjects = $this->m_aCacheObj[$this->m_iCurrRow];
 		} else if ($this->m_iCurrRow < $this->m_iNumLoadedDBRows) {
 			// Pick the row from the database
 			$aRow = CMDBSource::FetchArray($this->m_oSQLResult);
 			$aRetObjects = [];
 			foreach ($this->m_oFilter->GetSelectedClasses() as $sClassAlias => $sClass) {
 				if (is_null($aRow[$sClassAlias.'id'])) {
 				$oObj = null;
-				} else {
+				if (!is_null($aRow[$sClassAlias.'id'])) {
 					try {
 						$oObj = MetaModel::GetObjectByRow($sClass, $aRow, $sClassAlias, $this->m_aAttToLoad, $this->m_aExtendedDataSpec);
 					}
 					catch (CoreException $e) {
 					}
 				}
 				$aRetObjects[$sClassAlias] = $oObj;
 			}
 			$this->m_aCacheObj[$this->m_iCurrRow] = $aRetObjects;
 		} else {
 			// Pick the row from the objects added *in memory*
 			$aRetObjects = [];
@@ -1063,6 +1064,10 @@ class DBObjectSet implements iDBObjectSetIterator
 			$this->Load();
 		}
 		if (is_null($this->m_oSQLResult)) {
 			return;
 		}
 		$this->m_iCurrRow = min($iRow, $this->Count());
 		if ($this->m_iCurrRow < $this->m_iNumLoadedDBRows) {
 			$this->m_oSQLResult->data_seek($this->m_iCurrRow);
@@ -1236,7 +1241,7 @@ class DBObjectSet implements iDBObjectSetIterator
 	 *
 	 * @throws \CoreException
 	 */
-	public function HasSameContents(DBObjectSet $oObjectSet, $aExcludeColumns = [])
+	public function HasSameContents(DBObjectSet $oObjectSet, $aExcludeColumns = []): bool
 	{
 		$oComparator = new DBObjectSetComparator($this, $oObjectSet, $aExcludeColumns);
 		return $oComparator->SetsAreEquivalent();
--- a/core/dbsearch.class.php
+++ b/core/dbsearch.class.php
@@ -650,7 +650,7 @@ abstract class DBSearch
 	 *
 	 * @throws OQLException
 	 */
-	public static function FromOQL($sQuery, $aParams = null, ?ModelReflection $oMetaModel = null)
+	public static function FromOQL($sQuery, $aParams = null, ModelReflection $oMetaModel = null)
 	{
 		if (empty($sQuery)) {
 			return null;
@@ -1048,7 +1048,21 @@ abstract class DBSearch
 	 */
 	protected function GetSQLQuery($aOrderBy, $aArgs, $aAttToLoad, $aExtendedDataSpec, $iLimitCount, $iLimitStart, $bGetCount, $aGroupByExpr = null, $aSelectExpr = null)
 	{
-		$oSearch = $this->ApplyDataFilters();
+		$oSearch = $this;
 		if (!$this->IsAllDataAllowed() && !$this->IsDataFiltered()) {
 			foreach ($this->GetSelectedClasses() as $sClassAlias => $sClass) {
 				$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
 				if ($oVisibleObjects === false) {
 					// Make sure this is a valid search object, saying NO for all
 					$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
 				}
 				if (is_object($oVisibleObjects)) {
 					$oVisibleObjects->AllowAllData();
 					$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
 					$oSearch->SetDataFiltered();
 				}
 			}
 		}
 		if (is_array($aGroupByExpr)) {
 			foreach ($aGroupByExpr as $sAlias => $oGroupByExp) {
@@ -1510,33 +1524,4 @@ abstract class DBSearch
 	 * @return array{\VariableExpression}
 	 */
 	abstract public function GetExpectedArguments(): array;
 	/**
 	 * Apply data filters to the search, if needed
 	 *
 	 * @return DBSearch
 	 * @throws CoreException
 	 */
 	protected function ApplyDataFilters(): DBSearch
 	{
 		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
 			return $this;
 		}
 		$oSearch = $this;
 		$aClassesToFilter = $this->GetSelectedClasses();
 		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
 			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
 			if ($oVisibleObjects === false) {
 				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
 			}
 			if (is_object($oVisibleObjects)) {
 				$oVisibleObjects->AllowAllData();
 				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
 				$oSearch->SetDataFiltered();
 			}
 		}
 		return $oSearch;
 	}
 }
--- a/core/dbunionsearch.class.php
+++ b/core/dbunionsearch.class.php
@@ -59,7 +59,7 @@ class DBUnionSearch extends DBSearch
 	public function AllowAllData($bAllowAllData = true)
 	{
 		foreach ($this->aSearches as $oSearch) {
-			$oSearch->AllowAllData($bAllowAllData);
+			$oSearch->AllowAllData();
 		}
 	}
@@ -673,30 +673,4 @@ class DBUnionSearch extends DBSearch
 		return $aVariableCriteria;
 	}
 	/**
 	 * @inheritDoc
 	 * @return DBUnionSearch
 	 */
 	protected function ApplyDataFilters(): DBUnionSearch
 	{
 		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
 			return $this;
 		}
 		// Opt-in for joined classes filtering, otherwise fallback on DBSearch filtering
 		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === true) {
 			return parent::ApplyDataFilters();
 		}
 		// Apply filters per sub-search
 		$aFilteredSearches = [];
 		foreach ($this->GetSearches() as $oSubSearch) {
 			// Recursively call ApplyDataFilters on sub-searches
 			$aFilteredSearches[] = $oSubSearch->ApplyDataFilters();
 		}
 		$oSearch = new DBUnionSearch($aFilteredSearches);
 		return $oSearch;
 	}
 }
--- a/core/designdocument.class.inc.php
+++ b/core/designdocument.class.inc.php
@@ -41,7 +41,7 @@ use utils;
 /**
 * Class \Combodo\iTop\DesignDocument
 *
- * A design document is the DOM tree that models behaviors. One of its
+ * A design document is the DOM tree that modelize behaviors. One of its
 * characteristics is that it can be altered by the mean of the same kind of document.
 *
 */
@@ -453,7 +453,7 @@ class DesignElement extends \DOMElement
 	 * @throws Exception
 	 * @since 3.1.2 3.2.0 N°6974
 	 */
-	public static function _FindNode(DOMNode $oParent, DesignElement $oRefNode, ?string $sSearchId = null): ?DesignElement
+	public static function _FindNode(DOMNode $oParent, DesignElement $oRefNode, string $sSearchId = null): ?DesignElement
 	{
 		$oNodes = self::_FindNodes($oParent, $oRefNode, $sSearchId);
 		if ($oNodes instanceof DOMNodeList) {
@@ -477,7 +477,7 @@ class DesignElement extends \DOMElement
 	 * @return \DOMNodeList|false|mixed
 	 * @since 3.1.2 3.2.0 N°6974
 	 */
-	public static function _FindNodes(DOMNode $oParent, DesignElement $oRefNode, ?string $sSearchId = null)
+	public static function _FindNodes(DOMNode $oParent, DesignElement $oRefNode, string $sSearchId = null)
 	{
 		if ($oParent instanceof DOMDocument) {
 			$oDoc = $oParent->firstChild->ownerDocument;
--- a/core/displayablegraph.class.inc.php
+++ b/core/displayablegraph.class.inc.php
@@ -632,7 +632,7 @@ class DisplayableGroupNode extends DisplayableNode
 		$this->aObjects = [];
 	}
-	public function AddObject(?DBObject $oObj = null)
+	public function AddObject(DBObject $oObj = null)
 	{
 		if (is_object($oObj)) {
 			$sPrevClass = $this->GetObjectClass();
--- a/core/event.class.inc.php
+++ b/core/event.class.inc.php
@@ -26,7 +26,7 @@ class Event extends DBObject implements iDisplay
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -120,7 +120,7 @@ class EventNotification extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -156,7 +156,7 @@ class EventNotificationEmail extends EventNotification
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -192,7 +192,7 @@ class EventIssue extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -286,7 +286,7 @@ class EventWebService extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -321,7 +321,7 @@ class EventRestService extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -356,7 +356,7 @@ class EventLoginUsage extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -394,7 +394,7 @@ class EventOnObject extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,grant_by_profile,silo",
+			"category" => "core/cmdb,view_in_gui",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
--- a/core/excelbulkexport.class.inc.php
+++ b/core/excelbulkexport.class.inc.php
@@ -5,13 +5,13 @@
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\UI\Base\Component\FieldSet\FieldSetUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
 use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
 use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\WebPage\Page;
 use Combodo\iTop\Application\WebPage\WebPage;
@@ -63,8 +63,6 @@ class ExcelBulkExport extends TabularBulkExport
 				// Export from the command line (or scripted) => default format is SQL, as in previous versions of iTop, unless specified otherwise
 				$this->aStatusInfo['date_format'] = utils::ReadParam('date_format', (string)AttributeDateTime::GetSQLFormat(), true, 'raw_data');
 		}
 		$this->aStatusInfo['ignore_excel_sanitization'] = (bool)utils::ReadParam('ignore_excel_sanitization', 0, true, utils::ENUM_SANITIZATION_FILTER_INTEGER);
 	}
 	public function EnumFormParts()
@@ -123,10 +121,6 @@ class ExcelBulkExport extends TabularBulkExport
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 				$oFieldSetSecurity = FieldSetUIBlockFactory::MakeStandard(Dict::S('Core:BulkExport:Security'));
 				$oMulticolumn->AddColumn(ColumnUIBlockFactory::MakeForBlock($oFieldSetSecurity));
 				$oFieldSetSecurity->AddSubBlock(ExportHelper::GetInputForSanitizeExcelExport());
 				$oP->add_ready_script(
 					<<<EOF
 $('#form_part_xlsx_options').on('preview_updated', function() { FormatDatesInPreview('excel', 'xlsx'); });
@@ -222,12 +216,6 @@ EOF
 					}
 				}
 		}
 		// If the option to ignore Excel sanitization is not set or absent, sanitize the field
 		if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
 			return ExportHelper::SanitizeField($sRet, '');
 		}
 		return $sRet;
 	}
--- a/core/inlineimage.class.inc.php
+++ b/core/inlineimage.class.inc.php
@@ -259,18 +259,13 @@ class InlineImage extends DBObject
 	 * that refer to an InlineImage (detected via the attribute data-img-id="") so that
 	 * the URL is consistent with the current URL of the application.
 	 *
-N°8681	 * @param string|null $sHtml The HTML fragment to process
+	 * @param string $sHtml The HTML fragment to process
 	 *
 	 * @return string The modified HTML
 	 * @throws \Exception
 	 *
 	 * @since 3.3.0 N°8681 Add type hint for parameters and return value
 	 */
-	public static function FixUrls(string|null $sHtml): string
+	public static function FixUrls($sHtml)
 	{
 		// N°8681 - Ensure to have a string value
 		$sHtml = $sHtml ?? '';
 		$aNeedles = [];
 		$aReplacements = [];
 		// Find img tags with an attribute data-img-id
@@ -298,46 +293,6 @@ N°8681	 * @param string|null $sHtml The HTML fragment to process
 		return $sHtml;
 	}
 	/**
 	 * Replace <img> tags with a data-img-id attribute by the actual image in base64 representation
 	 * so that the image can be displayed even if the download URL is not accessible (e.g. in unauthenticated approval templates)
 	 *
 	 * @param string $sHtml The HTML fragment to process
 	 *
 	 * @return String The modified HTML
 	 * @since 3.2.3
 	 */
 	public static function ReplaceInlineImagesWithBase64Representation(string $sHtml): String
 	{
 		return preg_replace_callback(
 			'/<img\s+[^>]*'.static::DOM_ATTR_ID.'="(\d+)"[^>]*>/i',
 			function ($matches) {
 				// Extract inline image ID from the tag
 				$id = $matches[1];
 				try {
 					// Retrieve inline image
 					$oInline = MetaModel::GetObject(InlineImage::class, $id, true, true);
 					$oOrmDocument = $oInline->Get('contents');
 					// Replace src image by the base64 representation
 					$sInlineImageAsBase64 = base64_encode($oOrmDocument->GetData());
 					$sDataUri = 'data:'.$oOrmDocument->GetMimeType().';base64,'.$sInlineImageAsBase64;
 					$sImage = preg_replace('/src=["\'][^"\']+["\']/', 'src="'.$sDataUri.'"', $matches[0]);
 					// Remove sensitive information (the image ID and secret) from the tag
 					$sImage = preg_replace('/'.static::DOM_ATTR_ID.'="\d+"\s+'.static::DOM_ATTR_SECRET.'="\w+"/', '', $sImage);
 				} catch (Exception $e) {
 					$sImage = '<img src="" alt="'.Dict::S('UI:MissingInlineImage').'">';
 				}
 				return $sImage;
 			},
 			$sHtml
 		);
 	}
 	/**
 	 * Add an extra attribute data-img-id for images which are based on an actual InlineImage
 	 * so that we can later reconstruct the full "src" URL when needed
@@ -434,7 +389,7 @@ JS
 	 * Resize an image so that it fits the maximum width/height defined in the config file
 	 * @param ormDocument $oImage The original image stored as an array (content / mimetype / filename)
 	 * @return ormDocument The resampled image (or the original one if it already fit)
-	 * @deprecated since 3.3.0 Replaced by ormDocument::ResizeImageToFit
+	 * @deprecated Replaced by ormDocument::ResizeImageToFit
 	 */
 	public static function ResizeImageToFit(ormDocument $oImage, &$aDimensions = null)
 	{
--- a/core/kpi.class.inc.php
+++ b/core/kpi.class.inc.php
@@ -1,20 +1,18 @@
 <?php
 /**
- * @copyright   Copyright (C) 2010-2026 Combodo SAS
+ * @copyright   Copyright (C) 2010-2024 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 use Combodo\iTop\Application\EventRegister\ApplicationEvents;
 use Combodo\iTop\Core\Kpi\KpiLogData;
 use Combodo\iTop\Service\Events\EventService;
 use Combodo\iTop\Service\Events\iEventServiceSetup;
 use Combodo\iTop\Service\Module\ModuleService;
 /**
 * Measures operations duration, memory usage, etc. (and some other KPIs)
 */
-class ExecutionKPI implements iEventServiceSetup
+
 class ExecutionKPI
 {
 	protected static $m_bEnabled_Duration = false;
 	protected static $m_bEnabled_Memory = false;
@@ -25,18 +23,15 @@ class ExecutionKPI implements iEventServiceSetup
 	protected static $m_aStats = []; // Recurrent operations
 	protected static $m_aExecData = []; // One shot operations
-	/** @var true */
+	/**
-	private static bool $bMetamodelStarted = false;
+	 * @var array[ExecutionKPI]
 	 */
 	protected static $m_aExecutionStack = []; // embedded execution stats
 	private static ?float $fLastReportTime = null;
 	private static ?float $iLastReportMemory = null;
 	// For stats
 	protected $m_fStarted = null;
 	protected $m_fChildrenDuration = 0; // Count embedded
 	protected $m_iInitialMemory = null;
 	private static array $aBootstrapOperations = [];
 	public static function EnableDuration($iLevel)
 	{
 		if ($iLevel > 0) {
@@ -76,7 +71,6 @@ class ExecutionKPI implements iEventServiceSetup
 				return true;
 			}
 		}
 		return false;
 	}
@@ -103,7 +97,7 @@ class ExecutionKPI implements iEventServiceSetup
 		$sFor = self::$m_sAllowedUser == '*' ? 'EVERYBODY' : "'".trim(self::$m_sAllowedUser)."'";
 		$sSlowQueries = '';
 		if (self::$m_fSlowQueries > 0) {
-			$sSlowQueries = '. Slow Queries: '.self::$m_fSlowQueries.'s';
+			$sSlowQueries = ". Slow Queries: ".self::$m_fSlowQueries."s";
 		}
 		$aExtensions = [];
@@ -133,7 +127,7 @@ class ExecutionKPI implements iEventServiceSetup
 			$sRequest .= ' operation: '.$_POST['operation'];
 		}
-		$fStop = microtime(true);
+		$fStop = MyHelpers::getmicrotime();
 		if (($fStop - $fItopStarted) > self::$m_fSlowQueries) {
 			// Invoke extensions to log the KPI operation
 			/** @var \iKPILoggerExtension $oExtensionInstance */
@@ -157,17 +151,17 @@ class ExecutionKPI implements iEventServiceSetup
 		$sTableStyle = 'background-color: #ccc; margin: 10px;';
-		$sHtml = '<hr/>';
+		$sHtml = "<hr/>";
 		$sHtml .= "<div style=\"background-color: grey; padding: 10px;\">";
 		$sHtml .= "<h3><a name=\"".md5($sExecId)."\">KPIs</a> - $sRequest</h3>";
 		$oStarted = DateTime::createFromFormat('U.u', $fItopStarted);
 		$sHtml .= '<p>'.$oStarted->format('Y-m-d H:i:s.u').'</p>';
-		$sHtml .= '<p>log_kpi_user_id: '.UserRights::GetUserId().'</p>';
+		$sHtml .= "<p>log_kpi_user_id: ".UserRights::GetUserId()."</p>";
-		$sHtml .= '<div>';
+		$sHtml .= "<div>";
 		$sHtml .= "<table border=\"1\" style=\"$sTableStyle\">";
-		$sHtml .= '<thead>';
+		$sHtml .= "<thead>";
-		$sHtml .= '   <th>Operation</th><th>Begin</th><th>End</th><th>Duration</th><th>Memory start</th><th>Memory end</th><th>Memory peak</th>';
+		$sHtml .= "   <th>Operation</th><th>Begin</th><th>End</th><th>Duration</th><th>Memory start</th><th>Memory end</th><th>Memory peak</th>";
-		$sHtml .= '</thead>';
+		$sHtml .= "</thead>";
 		foreach (self::$m_aExecData as $aOpStats) {
 			$sOperation = $aOpStats['op'];
 			$sBegin = round($aOpStats['time_begin'], 3);
@@ -186,12 +180,12 @@ class ExecutionKPI implements iEventServiceSetup
 				}
 			}
-			$sHtml .= '<tr>';
+			$sHtml .= "<tr>";
 			$sHtml .= "   <td>$sOperation</td><td>$sBegin</td><td>$sEnd</td><td>$sDuration</td><td>$sMemBegin</td><td>$sMemEnd</td><td>$sMemPeak</td>";
-			$sHtml .= '</tr>';
+			$sHtml .= "</tr>";
 		}
-		$sHtml .= '</table>';
+		$sHtml .= "</table>";
-		$sHtml .= '</div>';
+		$sHtml .= "</div>";
 		$aConsolidatedStats = [];
 		foreach (self::$m_aStats as $sOperation => $aOpStats) {
@@ -223,11 +217,11 @@ class ExecutionKPI implements iEventServiceSetup
 			];
 		}
-		$sHtml .= '<div>';
+		$sHtml .= "<div>";
 		$sHtml .= "<table border=\"1\" style=\"$sTableStyle\">";
-		$sHtml .= '<thead>';
+		$sHtml .= "<thead>";
-		$sHtml .= '   <th>Operation</th><th>Count</th><th>Duration</th><th>Min</th><th>Max</th><th>Avg</th>';
+		$sHtml .= "   <th>Operation</th><th>Count</th><th>Duration</th><th>Min</th><th>Max</th><th>Avg</th>";
-		$sHtml .= '</thead>';
+		$sHtml .= "</thead>";
 		foreach ($aConsolidatedStats as $sOperation => $aOpStats) {
 			$sOperation = '<a href="#'.md5($sExecId.$sOperation).'">'.$sOperation.'</a>';
 			$sCount = $aOpStats['count'];
@@ -236,14 +230,14 @@ class ExecutionKPI implements iEventServiceSetup
 			$sMax = '<a href="#'.md5($sExecId.$aOpStats['max_args']).'">'.round($aOpStats['max'], 3).'</a>';
 			$sAvg = round($aOpStats['avg'], 3);
-			$sHtml .= '<tr>';
+			$sHtml .= "<tr>";
 			$sHtml .= "   <td>$sOperation</td><td>$sCount</td><td>$sDuration</td><td>$sMin</td><td>$sMax</td><td>$sAvg</td>";
-			$sHtml .= '</tr>';
+			$sHtml .= "</tr>";
 		}
-		$sHtml .= '</table>';
+		$sHtml .= "</table>";
-		$sHtml .= '</div>';
+		$sHtml .= "</div>";
-		$sHtml .= '</div>';
+		$sHtml .= "</div>";
 		$sHtml .= "<p><a href=\"#end-".md5($sExecId)."\">Next page stats</a></p>";
@@ -293,18 +287,18 @@ class ExecutionKPI implements iEventServiceSetup
 						$sOperationHtml = '<a name="'.md5($sExecId.$sOperation).'">'.$sOperation.'</a>';
 						$sHtml .= "<h4>$sOperationHtml</h4>";
 						$sHtml .= "<table border=\"1\" style=\"$sTableStyle\">";
-						$sHtml .= '<thead>';
+						$sHtml .= "<thead>";
-						$sHtml .= '   <th>Operation details (+ blame caller if log_kpi_duration = 2)</th><th>Count</th><th>Duration</th><th>Min</th><th>Max</th>';
+						$sHtml .= "   <th>Operation details (+ blame caller if log_kpi_duration = 2)</th><th>Count</th><th>Duration</th><th>Min</th><th>Max</th>";
-						$sHtml .= '</thead>';
+						$sHtml .= "</thead>";
 						$bDisplayHeader = false;
 					}
-					$sHtml .= '<tr>';
+					$sHtml .= "<tr>";
 					$sHtml .= "   <td>$sHtmlArguments</td><td>$iCountInter</td><td>$sTotalInter</td><td>$sMinInter</td><td>$sMaxInter</td>";
-					$sHtml .= '</tr>';
+					$sHtml .= "</tr>";
 				}
 			}
 			if (!$bDisplayHeader) {
-				$sHtml .= '</table>';
+				$sHtml .= "</table>";
 				$sHtml .= "<p><a href=\"#".md5($sExecId)."\">Back to page stats</a></p>";
 			}
 			self::Report($sHtml);
@@ -339,50 +333,39 @@ class ExecutionKPI implements iEventServiceSetup
 		$aNewEntry = null;
-		if (is_null(static::$fLastReportTime)) {
+		$fStarted = $this->m_fStarted;
-			static::$fLastReportTime = $fItopStarted;
+		$fStopped = $this->m_fStarted;
 		}
 		if (is_null(static::$iLastReportMemory)) {
 			global $iItopInitialMemory;
 			static::$iLastReportMemory = $iItopInitialMemory;
 		}
 		$fStarted = static::$fLastReportTime;
 		$fStopped = microtime(true);
 		if (self::$m_bEnabled_Duration) {
 			$fStopped = MyHelpers::getmicrotime();
 			$aNewEntry = [
 				'op'         => $sOperationDesc,
-				'time_begin' => $fStarted - $fItopStarted,
+				'time_begin' => $this->m_fStarted - $fItopStarted,
 				'time_end'   => $fStopped - $fItopStarted,
 			];
 			// Reset for the next operation (if the object is recycled)
 			$this->m_fStarted = $fStopped;
 		}
 		static::$fLastReportTime = $fStopped;
-		$iInitialMemory = static::$iLastReportMemory;
+		$iInitialMemory = is_null($this->m_iInitialMemory) ? 0 : $this->m_iInitialMemory;
-		$iCurrentMemory = $iInitialMemory;
+		$iCurrentMemory = 0;
-		$iPeakMemory = $iInitialMemory;
+		$iPeakMemory = 0;
 		if (self::$m_bEnabled_Memory) {
 			$iCurrentMemory = self::memory_get_usage();
 			if (is_null($aNewEntry)) {
 				$aNewEntry = ['op' => $sOperationDesc];
 			}
-			$aNewEntry['mem_begin'] = $iInitialMemory;
+			$aNewEntry['mem_begin'] = $this->m_iInitialMemory;
 			$aNewEntry['mem_end'] = $iCurrentMemory;
 			$iPeakMemory = self::memory_get_peak_usage();
 			$aNewEntry['mem_peak'] = $iPeakMemory;
 			// Reset for the next operation (if the object is recycled)
-			static::$iLastReportMemory = $iCurrentMemory;
+			$this->m_iInitialMemory = $iCurrentMemory;
 		}
 		if (self::$m_bEnabled_Duration || self::$m_bEnabled_Memory) {
 			$aCallstack = ['callstack' => $this->GetCallStack()];
 			if (static::$bMetamodelStarted) {
 				foreach (static::$aBootstrapOperations as $oLog) {
 					$this->LogOperation($oLog);
 				}
 				static::$aBootstrapOperations = [];
 			// Invoke extensions to log the KPI operation
 			/** @var \iKPILoggerExtension $oExtensionInstance */
 			foreach (MetaModel::EnumPlugins('iKPILoggerExtension') as $oExtensionInstance) {
 				$sExtension = ModuleService::GetInstance()->GetModuleNameFromCallStack(1);
 				$oKPILogData = new KpiLogData(
 					KpiLogData::TYPE_REPORT,
@@ -393,24 +376,9 @@ class ExecutionKPI implements iEventServiceSetup
 					$sExtension,
 					$iInitialMemory,
 					$iCurrentMemory,
-					$iPeakMemory,
+					$iPeakMemory
 					$aCallstack
 				);
-				$this->LogOperation($oKPILogData);
+				$oExtensionInstance->LogOperation($oKPILogData);
 			} else {
 				$oKPILogData = new KpiLogData(
 					KpiLogData::TYPE_REPORT,
 					'Step',
 					$sOperationDesc,
 					$fStarted,
 					$fStopped,
 					'',
 					$iInitialMemory,
 					$iCurrentMemory,
 					$iPeakMemory,
 					$aCallstack
 				);
 				static::$aBootstrapOperations[] = $oKPILogData;
 			}
 		}
@@ -420,14 +388,6 @@ class ExecutionKPI implements iEventServiceSetup
 		$this->ResetCounters();
 	}
 	private function LogOperation(KpiLogData $oKPILogData): void
 	{
 		/** @var \iKPILoggerExtension $oExtensionInstance */
 		foreach (MetaModel::EnumPlugins('iKPILoggerExtension') as $oExtensionInstance) {
 			$oExtensionInstance->LogOperation($oKPILogData);
 		}
 	}
 	/**
 	 * Compute statistics for a call to an extension
 	 * Note: not working in dev mode (with links to env-production)
@@ -463,7 +423,7 @@ class ExecutionKPI implements iEventServiceSetup
 		$fDuration = 0;
 		if (self::$m_bEnabled_Duration) {
-			$fStopped = microtime(true);
+			$fStopped = MyHelpers::getmicrotime();
 			$fDuration = $fStopped - $this->m_fStarted;
 			$aCallstack = [];
 			if (self::$m_bGenerateLegacyReport) {
@@ -478,8 +438,6 @@ class ExecutionKPI implements iEventServiceSetup
 							'time' => $fDuration,
 					];
 				}
 			} else {
 				$aCallstack = ['callstack' => $this->GetCallStack()];
 			}
 			$iInitialMemory = is_null($this->m_iInitialMemory) ? 0 : $this->m_iInitialMemory;
@@ -490,45 +448,33 @@ class ExecutionKPI implements iEventServiceSetup
 				$iPeakMemory = self::memory_get_peak_usage();
 			}
-			if (static::$bMetamodelStarted) {
+			// Invoke extensions to log the KPI operation
-				foreach (static::$aBootstrapOperations as $oLog) {
+			/** @var \iKPILoggerExtension $oExtensionInstance */
-					$this->LogOperation($oLog);
+			foreach (MetaModel::EnumPlugins('iKPILoggerExtension') as $oExtensionInstance) {
-				}
+				//$sExtension = ModuleService::GetInstance()->GetModuleNameFromCallStack(1);
-				static::$aBootstrapOperations = [];
+				$sExtension = '';
 				$oKPILogData = new KpiLogData(
 					KpiLogData::TYPE_STATS,
 					$sOperation,
 					$sArguments,
 					$this->m_fStarted,
 					$fStopped,
-					'',
+					$sExtension,
 					$iInitialMemory,
 					$iCurrentMemory,
 					$iPeakMemory,
 					$aCallstack
 				);
-				$this->LogOperation($oKPILogData);
+				$oExtensionInstance->LogOperation($oKPILogData);
 			} else {
 				$oKPILogData = new KpiLogData(
 					KpiLogData::TYPE_STATS,
 					$sOperation,
 					$sArguments,
 					$this->m_fStarted,
 					$fStopped,
 					'',
 					$iInitialMemory,
 					$iCurrentMemory,
 					$iPeakMemory,
 					$aCallstack
 				);
 				static::$aBootstrapOperations[] = $oKPILogData;
 			}
 		}
 	}
 	protected function ResetCounters()
 	{
 		if (self::$m_bEnabled_Duration) {
 			$this->m_fStarted = microtime(true);
 		}
 		if (self::$m_bEnabled_Memory) {
 			$this->m_iInitialMemory = self::memory_get_usage();
@@ -557,33 +503,7 @@ class ExecutionKPI implements iEventServiceSetup
 		if (function_exists('memory_get_peak_usage')) {
 			return memory_get_peak_usage($bRealUsage);
 		}
 		// PHP > 5.2.1 - this verb depends on a compilation option
 		return 0;
 	}
 	/*
 	 * ModuleHandlerApiInterface methods
 	 */
 	public static function OnMetaModelStarted()
 	{
 		static::$bMetamodelStarted = true;
 	}
 	public function RegisterEventsAndListeners()
 	{
 		EventService::RegisterListener(ApplicationEvents::APPLICATION_EVENT_METAMODEL_STARTED, [$this, 'OnMetaModelStarted']);
 	}
 	private function GetCallStack(): string
 	{
 		$aCallStack = MyHelpers::get_callstack(2);
 		$sCallStack = "Call stack:\n";
 		foreach ($aCallStack as $index => $aLine) {
 			$sCallStack .= "#$index ".$aLine['File'].'('.$aLine['Line'].'): '.$aLine['Function']."\n";
 		}
 		return $sCallStack;
 	}
 }
--- a/core/log.class.inc.php
+++ b/core/log.class.inc.php
@@ -691,28 +691,6 @@ abstract class LogAPI
 		static::$m_oMockMetaModelConfig = $oMetaModelConfig;
 	}
 	public static function Exception(string $sMessage, throwable $oException, ?string $sChannel = null, array $aContext = []): void
 	{
 		$aErrorLogs = [];
 		$aErrorLogs[] = static::PrepareErrorLog($sMessage, $oException, $aContext);
 		$oException = $oException->getPrevious();
 		while ($oException !== null) {
 			$aErrorLogs[] = static::PrepareErrorLog($oException->getMessage(), $oException, $aContext, true);
 			$oException = $oException->getPrevious();
 		}
 		$aErrorLogs = array_reverse($aErrorLogs);
 		foreach ($aErrorLogs as $aErrorLog) {
 			static::Error($aErrorLog['message'], $sChannel, $aErrorLog['context']);
 		}
 	}
 	private static function PrepareErrorLog(string $sMessage, throwable $oException, array $aContext, bool $isPrevious = false): array
 	{
 		$aContext['Error Message'] = $oException->getMessage();
 		$aContext['Stack Trace'] = $oException->getTraceAsString();
 		return ['message' => ($isPrevious ? "Previous " : '')."Exception: $sMessage", 'context' => $aContext];
 	}
 	public static function Error($sMessage, $sChannel = null, $aContext = [])
 	{
 		static::Log(self::LEVEL_ERROR, $sMessage, $sChannel, $aContext);
--- a/core/modelreflection.class.inc.php
+++ b/core/modelreflection.class.inc.php
@@ -55,11 +55,6 @@ abstract class ModelReflection
 	abstract public function GetFiltersList($sClass);
 	abstract public function IsValidFilterCode($sClass, $sFilterCode);
 	/**
 	 * @since 3.3.0
 	 */
 	abstract public function IsAbstract($sClass): bool;
 	/**
 	 * @param string $sOQL
 	 *
@@ -153,7 +148,7 @@ class ModelReflectionRuntime extends ModelReflection
 			$sAttributeClass = get_class($oAttDef);
 			if ($aScope != null) {
 				foreach ($aScope as $sScopeClass) {
-					if (is_a($sAttributeClass, $sScopeClass, true)) {
+					if (($sAttributeClass == $sScopeClass) || is_subclass_of($sAttributeClass, $sScopeClass)) {
 						$aAttributes[$sAttCode] = $sAttributeClass;
 						break;
 					}
@@ -235,11 +230,6 @@ class ModelReflectionRuntime extends ModelReflection
 		return MetaModel::IsValidFilterCode($sClass, $sFilterCode);
 	}
 	public function IsAbstract($sClass): bool
 	{
 		return MetaModel::IsAbstract($sClass);
 	}
 	public function GetQuery($sOQL)
 	{
 		return new QueryReflectionRuntime($sOQL, $this);
--- a/core/oql/expression.class.inc.php
+++ b/core/oql/expression.class.inc.php
@@ -2103,18 +2103,12 @@ class VariableExpression extends UnaryExpression
 	/**
 	 * Evaluate the value of the expression
 	 *
 	 * @param array $aArgs
-	 *
+	 * @throws \Exception if terms cannot be evaluated as scalars
 	 * @return mixed
 	 * @throws \MissingQueryArgument
 */
 	public function Evaluate(array $aArgs)
 	{
-		if (!isset($aArgs[$this->m_sName])) {
+		throw new Exception('not implemented yet');
 			throw new MissingQueryArgument('Missing variable expression argument', array('expecting'=>$this->m_sName));
 		}
 		return $aArgs[$this->m_sName];
 	}
 	/**
--- a/core/oql/oqlexception.class.inc.php
+++ b/core/oql/oqlexception.class.inc.php
@@ -72,15 +72,9 @@ class OQLException extends CoreException
 		}
 		else
 		{
 			$sMessage = "$sIssue - found '{$this->m_sUnexpected}' at $iCol in '$sInput'";
 			if (count($this->m_aExpecting) < 30) {
 			$sExpectations = '{'.implode(', ', $this->m_aExpecting).'}';
 				$sMessage .= ', expecting '.json_encode($sExpectations);
 			}
 			$sSuggest = self::FindClosestString($this->m_sUnexpected, $this->m_aExpecting);
-			if (strlen($sSuggest) > 0) {
+			$sMessage = "$sIssue - found '{$this->m_sUnexpected}' at $iCol in '$sInput', expecting $sExpectations, I would suggest to use '$sSuggest'";
 				$sMessage .= ", I would suggest to use ".json_encode($sSuggest);
 			}
 		}
 		// make sure everything is assigned properly
@@ -161,3 +155,5 @@ class OQLException extends CoreException
 		return $sRet;
 	}
 }
 ?>
--- a/core/oql/oqlquery.class.inc.php
+++ b/core/oql/oqlquery.class.inc.php
@@ -109,7 +109,6 @@ class OqlJoinSpec
 	{
 		return $this->m_oClass->GetValue();
 	}
 	public function GetClassAlias()
 	{
 		return $this->m_oClassAlias->GetValue();
@@ -119,7 +118,6 @@ class OqlJoinSpec
 	{
 		return $this->m_oClass;
 	}
 	public function GetClassAliasDetails()
 	{
 		return $this->m_oClassAlias;
@@ -129,12 +127,10 @@ class OqlJoinSpec
 	{
 		return $this->m_oLeftField;
 	}
 	public function GetRightField()
 	{
 		return $this->m_oRightField;
 	}
 	public function GetOperator()
 	{
 		return $this->m_sOperator;
@@ -150,7 +146,6 @@ interface CheckableExpression
 	 * @param ModelReflection $oModelReflection MetaModel to consider
 	 * @param array $aAliases Aliases to class names (for the current query)
 	 * @param string $sSourceQuery For the reporting
 	 *
 	 * @throws OqlNormalizeException
 	 */	 	
 	public function Check(ModelReflection $oModelReflection, $aAliases, $sSourceQuery);
@@ -173,11 +168,13 @@ class MatchOqlExpression extends MatchExpression implements CheckableExpression
 		$this->m_oRightExpr->Check($oModelReflection, $aAliases, $sSourceQuery);
 		// Only field MATCHES scalar is allowed
-		if (!$this->m_oLeftExpr instanceof FieldExpression) {
+		if (!$this->m_oLeftExpr instanceof FieldExpression)
 		{
 			throw new OqlNormalizeException('Only "field MATCHES string" syntax is allowed', $sSourceQuery, new OqlName($this->m_oLeftExpr->RenderExpression(true), 0));
 		}
 		// Only field MATCHES scalar is allowed
-		if (!$this->m_oRightExpr instanceof ScalarExpression && !$this->m_oRightExpr instanceof VariableOqlExpression) {
+		if (!$this->m_oRightExpr instanceof ScalarExpression && !$this->m_oRightExpr instanceof VariableOqlExpression)
 		{
 			throw new OqlNormalizeException('Only "field MATCHES string" syntax is allowed', $sSourceQuery, new OqlName($this->m_oRightExpr->RenderExpression(true), 0));
 		}
 	}
@@ -235,7 +232,8 @@ class FieldOqlExpression extends FieldExpression implements CheckableExpression
 	public function __construct($oName, $oParent = null)
 	{
-		if (is_null($oParent)) {
+		if (is_null($oParent))
 		{
 			$oParent = new OqlName('', 0);
 		}
 		$this->m_oParent = $oParent;
@@ -258,28 +256,37 @@ class FieldOqlExpression extends FieldExpression implements CheckableExpression
 	{
 		$sClassAlias = $this->GetParent();
 		$sFltCode = $this->GetName();
-		if (empty($sClassAlias)) {
+		if (empty($sClassAlias))
 		{
 			// Try to find an alias
 			// Build an array of field => array of aliases
 			$aFieldClasses = array();
-			foreach ($aAliases as $sAlias => $sReal) {
+			foreach($aAliases as $sAlias => $sReal)
-				foreach ($oModelReflection->GetFiltersList($sReal) as $sAnFltCode) {
+			{
 				foreach($oModelReflection->GetFiltersList($sReal) as $sAnFltCode)
 				{
 					$aFieldClasses[$sAnFltCode][] = $sAlias;
 				}
 			}
-			if (!array_key_exists($sFltCode, $aFieldClasses)) {
+			if (!array_key_exists($sFltCode, $aFieldClasses))
 			{
 				throw new OqlNormalizeException('Unknown filter code', $sSourceQuery, $this->GetNameDetails(), array_keys($aFieldClasses));
 			}
-			if (count($aFieldClasses[$sFltCode]) > 1) {
+			if (count($aFieldClasses[$sFltCode]) > 1)
 			{
 				throw new OqlNormalizeException('Ambiguous filter code', $sSourceQuery, $this->GetNameDetails());
 			}
 			$sClassAlias = $aFieldClasses[$sFltCode][0];
-		} else {
+		}
-			if (!array_key_exists($sClassAlias, $aAliases)) {
+		else
 		{
 			if (!array_key_exists($sClassAlias, $aAliases))
 			{
 				throw new OqlNormalizeException('Unknown class [alias]', $sSourceQuery, $this->GetParentDetails(), array_keys($aAliases));
 			}
 			$sClass = $aAliases[$sClassAlias];
-			if (!$oModelReflection->IsValidFilterCode($sClass, $sFltCode)) {
+			if (!$oModelReflection->IsValidFilterCode($sClass, $sFltCode))
 			{
 				throw new OqlNormalizeException('Unknown filter code', $sSourceQuery, $this->GetNameDetails(), $oModelReflection->GetFiltersList($sClass));
 			}
 		}
@@ -298,7 +305,8 @@ class ListOqlExpression extends ListExpression implements CheckableExpression
 {
 	public function Check(ModelReflection $oModelReflection, $aAliases, $sSourceQuery)
 	{
-		foreach ($this->GetItems() as $oItemExpression) {
+		foreach ($this->GetItems() as $oItemExpression)
 		{
 			$oItemExpression->Check($oModelReflection, $aAliases, $sSourceQuery);
 		}
 	}
@@ -308,7 +316,8 @@ class FunctionOqlExpression extends FunctionExpression implements CheckableExpre
 {
 	public function Check(ModelReflection $oModelReflection, $aAliases, $sSourceQuery)
 	{
-		foreach ($this->GetArgs() as $oArgExpression) {
+		foreach ($this->GetArgs() as $oArgExpression)
 		{
 			$oArgExpression->Check($oModelReflection, $aAliases, $sSourceQuery);
 		}
 	}
@@ -341,7 +350,6 @@ abstract class OqlQuery
 	 * Determine the class
 	 *
 	 * @param ModelReflection $oModelReflection MetaModel to consider
 	 *
 	 * @return string
 	 * @throws Exception
 	 */
@@ -384,7 +392,6 @@ class OqlObjectQuery extends OqlQuery
 	 * Determine the class
 	 *
 	 * @param ModelReflection $oModelReflection MetaModel to consider
 	 *
 	 * @return string
 	 * @throws Exception
 	 */
@@ -408,7 +415,6 @@ class OqlObjectQuery extends OqlQuery
 	{
 		return $this->m_oClass;
 	}
 	public function GetClassAliasDetails()
 	{
 		return $this->m_oClassAlias;
@@ -418,7 +424,6 @@ class OqlObjectQuery extends OqlQuery
 	{
 		return $this->m_aJoins;
 	}
 	public function GetCondition()
 	{
 		return $this->m_oCondition;
@@ -429,7 +434,6 @@ class OqlObjectQuery extends OqlQuery
 	 * and the query in which it is used
 	 * 	 	 
 	 * @param ModelReflection $oModelReflection MetaModel to consider	 	
 	 *
 	 * @throws OqlNormalizeException
 	 */	 	
 	public function Check(ModelReflection $oModelReflection, $sSourceQuery, $aParentAliases = array())
@@ -437,24 +441,32 @@ class OqlObjectQuery extends OqlQuery
 		$sClass = $this->GetClass($oModelReflection);
 		$sClassAlias = $this->GetClassAlias();
-		if (!$oModelReflection->IsValidClass($sClass)) {
+		if (!$oModelReflection->IsValidClass($sClass))
 		{
 			throw new UnknownClassOqlException($sSourceQuery, $this->GetClassDetails(), $oModelReflection->GetClasses());
 		}
 		$aAliases = array_merge(array($sClassAlias => $sClass),$aParentAliases);
 		$aJoinSpecs = $this->GetJoins();
-		if (is_array($aJoinSpecs)) {
+		if (is_array($aJoinSpecs))
-			foreach ($aJoinSpecs as $oJoinSpec) {
+		{
 			foreach ($aJoinSpecs as $oJoinSpec)
 			{
 				$sJoinClass = $oJoinSpec->GetClass();
 				$sJoinClassAlias = $oJoinSpec->GetClassAlias();
-				if (!$oModelReflection->IsValidClass($sJoinClass)) {
+				if (!$oModelReflection->IsValidClass($sJoinClass))
 				{
 					throw new UnknownClassOqlException($sSourceQuery, $oJoinSpec->GetClassDetails(), $oModelReflection->GetClasses());
 				}
-				if (array_key_exists($sJoinClassAlias, $aAliases)) {
+				if (array_key_exists($sJoinClassAlias, $aAliases))
-					if ($sJoinClassAlias != $sJoinClass) {
+				{
 					if ($sJoinClassAlias != $sJoinClass)
 					{
 						throw new OqlNormalizeException('Duplicate class alias', $sSourceQuery, $oJoinSpec->GetClassAliasDetails());
-					} else {
+					}
 					else
 					{
 						throw new OqlNormalizeException('Duplicate class name', $sSourceQuery, $oJoinSpec->GetClassDetails());
 					}
 				} 
@@ -468,36 +480,45 @@ class OqlObjectQuery extends OqlQuery
 				$oRightField = $oJoinSpec->GetRightField();
 				$sToClass = $oRightField->GetParent();
 				$sPKeyDescriptor = $oRightField->GetName();
-				if ($sPKeyDescriptor != 'id') {
+				if ($sPKeyDescriptor != 'id')
 				{
 					throw new OqlNormalizeException('Wrong format for Join clause (right hand), expecting an id', $sSourceQuery, $oRightField->GetNameDetails(), array('id'));
 				}
 				$aAliases[$sJoinClassAlias] = $sJoinClass;
-				if (!array_key_exists($sFromClass, $aAliases)) {
+				if (!array_key_exists($sFromClass, $aAliases))
 				{
 					throw new OqlNormalizeException('Unknown class in join condition (left expression)', $sSourceQuery, $oLeftField->GetParentDetails(), array_keys($aAliases));
 				}
-				if (!array_key_exists($sToClass, $aAliases)) {
+				if (!array_key_exists($sToClass, $aAliases))
 				{
 					throw new OqlNormalizeException('Unknown class in join condition (right expression)', $sSourceQuery, $oRightField->GetParentDetails(), array_keys($aAliases));
 				}
 				$aExtKeys = $oModelReflection->ListAttributes($aAliases[$sFromClass], \Combodo\iTop\Core\AttributeDefinition\AttributeExternalKey::class);
 				$aObjKeys = $oModelReflection->ListAttributes($aAliases[$sFromClass], \Combodo\iTop\Core\AttributeDefinition\AttributeObjectKey::class);
 				$aAllKeys = array_merge($aExtKeys, $aObjKeys);
-				if (!array_key_exists($sExtKeyAttCode, $aAllKeys)) {
+				if (!array_key_exists($sExtKeyAttCode, $aAllKeys))
 				{
 					throw new OqlNormalizeException('Unknown key in join condition (left expression)', $sSourceQuery, $oLeftField->GetNameDetails(), array_keys($aAllKeys));
 				}
-				if ($sFromClass == $sJoinClassAlias) {
+				if ($sFromClass == $sJoinClassAlias)
 				{
 					if (array_key_exists($sExtKeyAttCode, $aExtKeys)) // Skip that check for object keys
 					{
 						$sTargetClass = $oModelReflection->GetAttributeProperty($aAliases[$sFromClass], $sExtKeyAttCode, 'targetclass');
-						if (!$oModelReflection->IsSameFamilyBranch($aAliases[$sToClass], $sTargetClass)) {
+						if(!$oModelReflection->IsSameFamilyBranch($aAliases[$sToClass], $sTargetClass))
 						{
 							throw new OqlNormalizeException("The joined class ($aAliases[$sFromClass]) is not compatible with the external key, which is pointing to $sTargetClass", $sSourceQuery, $oLeftField->GetNameDetails());
 						}
 					}
-				} else {
+				}
 				else
 				{
 					$sOperator = $oJoinSpec->GetOperator();
-					switch ($sOperator) {
+					switch($sOperator)
 					{
 						case '=':
 						$iOperatorCode = TREE_OPERATOR_EQUALS;
 						break;
@@ -529,13 +550,15 @@ class OqlObjectQuery extends OqlQuery
 					if (array_key_exists($sExtKeyAttCode, $aExtKeys)) // Skip that check for object keys
 					{
 						$sTargetClass = $oModelReflection->GetAttributeProperty($aAliases[$sFromClass], $sExtKeyAttCode, 'targetclass');
-						if (!$oModelReflection->IsSameFamilyBranch($aAliases[$sToClass], $sTargetClass)) {
+						if(!$oModelReflection->IsSameFamilyBranch($aAliases[$sToClass], $sTargetClass))
 						{
 							throw new OqlNormalizeException("The joined class ($aAliases[$sToClass]) is not compatible with the external key, which is pointing to $sTargetClass", $sSourceQuery, $oLeftField->GetNameDetails());
 						}
 					}
 					$aAttList = $oModelReflection->ListAttributes($aAliases[$sFromClass]);
 					$sAttType = $aAttList[$sExtKeyAttCode];
-					if (($iOperatorCode != TREE_OPERATOR_EQUALS) && !is_a($sAttType, \Combodo\iTop\Core\AttributeDefinition\AttributeHierarchicalKey::class, true)) {
+					if(($iOperatorCode != TREE_OPERATOR_EQUALS) && !is_subclass_of($sAttType, \Combodo\iTop\Core\AttributeDefinition\AttributeHierarchicalKey::class) && ($sAttType != \Combodo\iTop\Core\AttributeDefinition\AttributeHierarchicalKey::class))
 					{
 						throw new OqlNormalizeException("The specified tree operator $sOperator is not applicable to the key", $sSourceQuery, $oLeftField->GetNameDetails());
 					}
 				}
@@ -544,16 +567,19 @@ class OqlObjectQuery extends OqlQuery
 		// Check the select information
 		//
-		foreach ($this->GetSelectedClasses() as $oClassDetails) {
+		foreach ($this->GetSelectedClasses() as $oClassDetails)
 		{
 			$sClassToSelect = $oClassDetails->GetValue();
-			if (!array_key_exists($sClassToSelect, $aAliases)) {
+			if (!array_key_exists($sClassToSelect, $aAliases))
 			{
 				throw new OqlNormalizeException('Unknown class [alias]', $sSourceQuery, $oClassDetails, array_keys($aAliases));
 			}
 		}
 		// Check the condition tree
 		//
-		if ($this->m_oCondition instanceof Expression) {
+		if ($this->m_oCondition instanceof Expression)
 		{
 			$this->m_oCondition->Check($oModelReflection, $aAliases, $sSourceQuery);
 		}
 	}
@@ -568,7 +594,6 @@ class OqlObjectQuery extends OqlQuery
 		$oSearch = new DBObjectSearch($sClass, $sClassAlias);
 		$oSearch->InitFromOqlQuery($this, $sQuery);
 		return $oSearch;
 	}
 }
@@ -581,11 +606,15 @@ class OqlUnionQuery extends OqlQuery
 	{
 		parent::__construct();
 		$this->aQueries[] = $oLeftQuery;
-		if ($oRightQueryOrUnion instanceof OqlUnionQuery) {
+		if ($oRightQueryOrUnion instanceof OqlUnionQuery)
-			foreach ($oRightQueryOrUnion->GetQueries() as $oSingleQuery) {
+		{
 			foreach ($oRightQueryOrUnion->GetQueries() as $oSingleQuery)
 			{
 				$this->aQueries[] = $oSingleQuery;
 			}
-		} else {
+		}
 		else
 		{
 			$this->aQueries[] = $oRightQueryOrUnion;
 		}
 	}
@@ -600,35 +629,41 @@ class OqlUnionQuery extends OqlQuery
 	 * and the query in which it is used
 	 * 	 	 
 	 * @param ModelReflection $oModelReflection MetaModel to consider	 	
 	 *
 	 * @throws OqlNormalizeException
 	 */	 	
 	public function Check(ModelReflection $oModelReflection, $sSourceQuery)
 	{
 		$aColumnToClasses = array();
-		foreach ($this->aQueries as $iQuery => $oQuery) {
+		foreach ($this->aQueries as $iQuery => $oQuery)
 		{
 			$oQuery->Check($oModelReflection, $sSourceQuery);
 			$aAliasToClass = array($oQuery->GetClassAlias() => $oQuery->GetClass($oModelReflection));
 			$aJoinSpecs = $oQuery->GetJoins();
-			if (is_array($aJoinSpecs)) {
+			if (is_array($aJoinSpecs))
-				foreach ($aJoinSpecs as $oJoinSpec) {
+			{
 				foreach ($aJoinSpecs as $oJoinSpec)
 				{
 					$aAliasToClass[$oJoinSpec->GetClassAlias()] = $oJoinSpec->GetClass();
 				}
 			}
 			$aSelectedClasses = $oQuery->GetSelectedClasses();
-			if ($iQuery != 0) {
+			if ($iQuery != 0)
-				if (count($aSelectedClasses) < count($aColumnToClasses)) {
+			{
 				if (count($aSelectedClasses) < count($aColumnToClasses))
 				{
 					$oLastClass = end($aSelectedClasses);
 					throw new OqlNormalizeException('Too few selected classes in the subquery', $sSourceQuery, $oLastClass);
 				}
-				if (count($aSelectedClasses) > count($aColumnToClasses)) {
+				if (count($aSelectedClasses) > count($aColumnToClasses))
 				{
 					$oLastClass = end($aSelectedClasses);
 					throw new OqlNormalizeException('Too many selected classes in the subquery', $sSourceQuery, $oLastClass);
 				}
 			}
-			foreach ($aSelectedClasses as $iColumn => $oClassDetails) {
+			foreach ($aSelectedClasses as $iColumn => $oClassDetails)
 			{
 				$sAlias = $oClassDetails->GetValue();
 				$sClass = $aAliasToClass[$sAlias];
 				$aColumnToClasses[$iColumn][] = array(
@@ -638,14 +673,20 @@ class OqlUnionQuery extends OqlQuery
 				);
 			}
 		}
-		foreach ($aColumnToClasses as $iColumn => $aClasses) {
+		foreach ($aColumnToClasses as $iColumn => $aClasses)
 		{
 			$sRootClass = null;
-			foreach ($aClasses as $iQuery => $aData) {
+			foreach ($aClasses as $iQuery => $aData)
-				if ($iQuery == 0) {
+			{
 				if ($iQuery == 0)
 				{
 					// Establish the reference
 					$sRootClass = $oModelReflection->GetRootClass($aData['class']);
-				} else {
+				}
-					if ($oModelReflection->GetRootClass($aData['class']) != $sRootClass) {
+				else
 				{
 					if ($oModelReflection->GetRootClass($aData['class']) != $sRootClass)
 					{
 						$aSubclasses = $oModelReflection->EnumChildClasses($sRootClass, ENUM_CHILD_CLASSES_ALL);
 						throw new OqlNormalizeException('Incompatible classes: could not find a common ancestor', $sSourceQuery, $aData['class_name'], $aSubclasses);
 					}
@@ -658,21 +699,21 @@ class OqlUnionQuery extends OqlQuery
 	 * Determine the class
 	 *
 	 * @param ModelReflection $oModelReflection MetaModel to consider
 	 *
 	 * @return string
 	 * @throws Exception
 	 */
 	public function GetClass(ModelReflection $oModelReflection)
 	{
 		$aFirstColClasses = array();
-		foreach ($this->aQueries as $iQuery => $oQuery) {
+		foreach ($this->aQueries as $iQuery => $oQuery)
 		{
 			$aFirstColClasses[] = $oQuery->GetClass($oModelReflection);
 		}
 		$sClass = self::GetLowestCommonAncestor($oModelReflection, $aFirstColClasses);
-		if (is_null($sClass)) {
+		if (is_null($sClass))
 		{
 			throw new Exception('Could not determine the class of the union query. This issue should have been detected earlier by calling OqlQuery::Check()');
 		}
 		return $sClass;
 	}
@@ -685,7 +726,6 @@ class OqlUnionQuery extends OqlQuery
 	public function GetClassAlias()
 	{
 		$sAlias = $this->aQueries[0]->GetClassAlias();
 		return $sAlias;
 	}
@@ -695,25 +735,29 @@ class OqlUnionQuery extends OqlQuery
 	 *
 	 * @param ModelReflection $oModelReflection MetaModel to consider
 	 * @param array $aClasses Flat list of classes
 	 *
 	 * @return string the lowest common ancestor amongst classes, null if none has been found
 	 * @throws Exception
 	 */
 	public static function GetLowestCommonAncestor(ModelReflection $oModelReflection, $aClasses)
 	{
 		$sAncestor = null;
-		foreach ($aClasses as $sClass) {
+		foreach($aClasses as $sClass)
-			if (is_null($sAncestor)) {
+		{
 			if (is_null($sAncestor))
 			{
 				// first loop
 				$sAncestor = $sClass;
-			} elseif ($oModelReflection->GetRootClass($sClass) != $oModelReflection->GetRootClass($sAncestor)) {
+			}
 			elseif ($oModelReflection->GetRootClass($sClass) != $oModelReflection->GetRootClass($sAncestor))
 			{
 				$sAncestor = null;
 				break;
-			} else {
+			}
 			else
 			{
 				$sAncestor = self::LowestCommonAncestor($oModelReflection, $sAncestor, $sClass);
 			}
 		}
 		return $sAncestor;
 	}
@@ -722,32 +766,37 @@ class OqlUnionQuery extends OqlQuery
 	 */
 	protected static function LowestCommonAncestor(ModelReflection $oModelReflection, $sClassA, $sClassB)
 	{
-		if ($sClassA == $sClassB) {
+		if ($sClassA == $sClassB)
 		{
 			$sRet = $sClassA;
-		} elseif (in_array($sClassA, $oModelReflection->EnumChildClasses($sClassB))) {
+		}
 		elseif (in_array($sClassA, $oModelReflection->EnumChildClasses($sClassB)))
 		{
 			$sRet = $sClassB;
-		} elseif (in_array($sClassB, $oModelReflection->EnumChildClasses($sClassA))) {
+		}
 		elseif (in_array($sClassB, $oModelReflection->EnumChildClasses($sClassA)))
 		{
 			$sRet = $sClassA;
-		} else {
+		}
 		else
 		{
 			// Recurse
 			$sRet = self::LowestCommonAncestor($oModelReflection, $sClassA, $oModelReflection->GetParentClass($sClassB));
 		}
 		return $sRet;
 	}
 	/**
 	 * Make the relevant DBSearch instance (FromOQL)
 	 */	 	
 	public function ToDBSearch($sQuery)
 	{
 		$aSearches = array();
-		foreach ($this->aQueries as $oQuery) {
+		foreach ($this->aQueries as $oQuery)
 		{
 			$aSearches[] = $oQuery->ToDBSearch($sQuery);
 		}
 		$oSearch = new DBUnionSearch($aSearches);
 		return $oSearch;
 	}
 }
--- a/core/ormcaselog.class.inc.php
+++ b/core/ormcaselog.class.inc.php
@@ -370,7 +370,7 @@ class ormCaseLog
 	/**
 	 * Produces an HTML representation, aimed at being used within the iTop framework
 	 */
-	public function GetAsHTML(?WebPage $oP = null, $bEditMode = false, $aTransfoHandler = null)
+	public function GetAsHTML(WebPage $oP = null, $bEditMode = false, $aTransfoHandler = null)
 	{
 		$bPrintableVersion = (utils::ReadParam('printable', '0') == '1');
--- a/core/ormdocument.class.inc.php
+++ b/core/ormdocument.class.inc.php
@@ -350,22 +350,20 @@ class ormDocument
 			if (!is_object($oObj)) {
 				// If access to the document is not granted, check if the access to the host object is allowed
 				$oObj = MetaModel::GetObject($sClass, $id, false, true);
 				$bHasHostRights = false;
 				if ($oObj instanceof Attachment) {
 					$sItemClass = $oObj->Get('item_class');
 					$sItemId = $oObj->Get('item_id');
 					$oHost = MetaModel::GetObject($sItemClass, $sItemId, false, false);
-					if (is_object($oHost)) {
+					if (!is_object($oHost)) {
-						$bHasHostRights = true;
+						$oObj = null;
 					}
 				}
-
+				if (!is_object($oObj)) {
 				// We could neither read the object nor get a host object matching our rights
 				if ($bHasHostRights !== true) {
 					throw new Exception("Invalid id ($id) for class '$sClass' - the object does not exist or you are not allowed to view it");
 				}
 			}
-			if (($sSecretField != null) && !hash_equals($oObj->Get($sSecretField), $sSecretValue)) {
+			if (($sSecretField != null) && ($oObj->Get($sSecretField) != $sSecretValue)) {
 				usleep(200);
 				throw new Exception("Invalid secret for class '$sClass' - the object does not exist or you are not allowed to view it");
 			}
 			/** @var \ormDocument $oDocument */
--- a/core/ormlinkset.class.inc.php
+++ b/core/ormlinkset.class.inc.php
@@ -93,7 +93,7 @@ class ormLinkSet implements iDBObjectSetIterator, Iterator, SeekableIterator
 	 * @param DBObjectSet|null $oOriginalSet
 	 * @throws Exception
 	 */
-	public function __construct($sHostClass, $sAttCode, ?DBObjectSet $oOriginalSet = null)
+	public function __construct($sHostClass, $sAttCode, DBObjectSet $oOriginalSet = null)
 	{
 		$this->sHostClass = $sHostClass;
 		$this->sAttCode = $sAttCode;
@@ -470,6 +470,17 @@ class ormLinkSet implements iDBObjectSetIterator, Iterator, SeekableIterator
 				|| ($this->oOriginalSet->GetFilter()->ToOQL() == $oFellow->oOriginalSet->GetFilter()->ToOQL())) {
 				$bUpdateFromDelta = true;
 			}
 		} else {
 			//@since 3.2.2 N°2364 - API : remove old linkedset persistance
 			/* Goo pattern to use:
 			* $oCISet = $oTicket->Get(‘functioncis_list’);
 			* $oCISet->AddItem(MetaModel::NewObject(‘lnkFunctionCIToTicket’, array(‘ci_id’=> 12345));
 			* $oCISet->RemoveItem(123456);
 			* $oTicket->Set(‘functionalcis_list’, $oCISet);
 			 */
 			if (!ContextTag::Check(ContextTag::TAG_SETUP)) {
 				DeprecatedCallsLog::NotifyDeprecatedPhpMethod('old pattern - please get previous value of the linked set, modify it and set it back to the host object');
 			}
 		}
 		if ($bUpdateFromDelta) {
--- a/core/ormpassword.class.inc.php
+++ b/core/ormpassword.class.inc.php
@@ -98,9 +98,9 @@ class ormPassword
 		$bResult = false;
 		$aInfo = password_get_info($this->m_sHashed);
 		if (is_null($aInfo["algo"]) || $aInfo["algo"] === 0) {
-			// - Unknown algorithm, assume it's a legacy password
+			//unknown, assume it's a legacy password
 			$sHashedPwd = $this->ComputeHash($sClearTextPassword);
-			$bResult = hash_equals($this->m_sHashed, $sHashedPwd);
+			$bResult = ($this->m_sHashed == $sHashedPwd);
 		} else {
 			$bResult = password_verify($sClearTextPassword, $this->m_sHashed);
 		}
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -1182,7 +1182,7 @@ class UserRights
 			return self::$m_oUser->GetKey();
 		} else {
 			// find the id out of the login string
-			$oUser = self::FindUser($sLogin, bAllowDisabledUsers: true);
+			$oUser = self::FindUser($sLogin);
 			if (is_null($oUser)) {
 				return null;
 			}
@@ -1375,7 +1375,7 @@ class UserRights
 		if (empty($sLogin)) {
 			$oUser = self::$m_oUser;
 		} else {
-			$oUser = self::FindUser($sLogin, bAllowDisabledUsers: true);
+			$oUser = self::FindUser($sLogin);
 		}
 		if (is_null($oUser)) {
 			return '';
--- a/css/backoffice/_shame.scss
+++ b/css/backoffice/_shame.scss
@@ -56,8 +56,6 @@ $ibo-shame--slider--is-round--border-radius: 20px !default;
 $ibo-shame--slider--is-round--before--border-radius: 7px !default;
 $ibo-blockquote--color: $ibo-body-text-color !default;
 // N°2847 - Recolor svg illustrations with iTop's primary color
 .ibo-svg-illustration--container > svg *[fill="#6c63ff"]{
 	fill: $ibo-svg-illustration--fill;
@@ -128,11 +126,3 @@ input:checked + .slider:before {
 .slider.round:before {
  border-radius: $ibo-shame--slider--is-round--before--border-radius;
 }
 /*
  Bulma sets blockquote background color through a variable, it affects ckeditor and html display.
  This rule is needed harmonize the blockquote text color in both contexts.
 */
 .ibo-is-html-content blockquote {
  color: $ibo-blockquote--color;
 }
--- a/css/backoffice/application/bulk/_all.scss
+++ b/css/backoffice/application/bulk/_all.scss
@@ -4,4 +4,3 @@
 */
@import "bulk-modify";
@import "bulk-export";
--- a/css/backoffice/application/bulk/_bulk-export.scss
+++ b/css/backoffice/application/bulk/_bulk-export.scss
@@ -1,10 +0,0 @@
 /*
 * @copyright   Copyright (C) 2010-2026 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 #form_part_csv_options:has(#ibo-sanitize-excel-export--input:checked), #form_part_xlsx_options:has(#ibo-sanitize-excel-export--input:checked){
  #ibo-sanitize-excel-export--alert {
    display: none;
  }
 }
--- a/css/backoffice/blocks-integrations/field/_field-with-field.scss
+++ b/css/backoffice/blocks-integrations/field/_field-with-field.scss
@@ -4,7 +4,7 @@
 */
 $ibo-field--spacing-top--with-same-block: $ibo-spacing-500 !default;
-.ibo-field + .ibo-field:not(:empty) {
+.ibo-field + .ibo-field {
  margin-top: $ibo-field--spacing-top--with-same-block;
 }
--- a/css/backoffice/components/_form.scss
+++ b/css/backoffice/components/_form.scss
@@ -7,71 +7,3 @@
  @extend %ibo-font-size-150;
  padding-bottom: 14px;
 }
 .help-text{
  padding: 1px 5px;
  background-color: #d7e3f8;
  border: 1px solid #c6e7f5;
  border-radius: 5px;
  margin: 5px 0;
  font-size: 0.9em;
 }
 .form-error ul{
  padding: 1px 5px;
  background-color: #f8d7da;
  border: 1px solid #f5c6cb;
  border-radius: 5px;
  margin: 5px 0;
  font-size: 0.9em;
 }
 .subform{
  background-color: #efefef;
  border-radius: 5px;
  padding: 10px;
 }
 .form-buttons{
  margin: 20px 0;
 }
 .form select{
  padding: 0;
  overflow-y: auto;
 }
 .form select option{
  height: 30px;
  display: flex;
  align-items: center;
 }
 .turbo-refreshing{
  opacity: .5;
 }
 .ibo-field legend{
  margin-top: 24px;
 }
 collection-entry-element {
  margin-top: 8px;
  display: block;
  padding: 10px 10px;
  background-color: #f5f5f5;
  border-radius: 5px;
 }
 .ts-control{
  height: auto;
  min-height: 30px;
 }
 .ibo-form-actions > .ibo-button > span{
  margin-right: 5px;
 }
 .ibo-form textarea{
  resize: vertical;
 }
--- a/css/backoffice/components/_panel.scss
+++ b/css/backoffice/components/_panel.scss
@@ -72,12 +72,9 @@ $ibo-panel--icon--spacing--as-medallion--is-sticking: $ibo-panel--icon--spacing-
 $ibo-panel--icon--bottom--as-medallion--is-sticking: -12px !default;
 $ibo-panel--icon--border--as-medallion--is-sticking: 1px $ibo-panel--base-border-style $ibo-panel--base-border-color !default;
-$ibo-panel--icon-background--size--must-contain: contain !default; // deprecated, to be removed in favor of $ibo-panel--icon-img--size--must-contain
+$ibo-panel--icon-background--size--must-contain: contain !default;
-$ibo-panel--icon-background--size--must-cover: cover !default; // deprecated, to be removed in favor of $ibo-panel--icon-img--size--must-cover
+$ibo-panel--icon-background--size--must-cover: cover !default;
-$ibo-panel--icon-background--size--must-zoomout: 66.67% !default; // deprecated, to be removed in favor of $ibo-panel--icon-img--size--must-zoomout
+$ibo-panel--icon-background--size--must-zoomout: 66.67% !default;
 $ibo-panel--icon-img--size--must-contain: $ibo-panel--icon-background--size--must-contain !default; // TODO remove when dealing with N°9317
 $ibo-panel--icon-img--size--must-cover: $ibo-panel--icon-background--size--must-cover !default; // TODO remove when dealing with N°9317
 $ibo-panel--icon-img--size--must-zoomout: $ibo-panel--icon-background--size--must-zoomout !default; // TODO remove when dealing with N°9317
 $ibo-panel--title--font-size--is-sticking: $ibo-font-size-150 !default;
 $ibo-panel--title--color: $ibo-color-grey-900 !default;
@@ -182,29 +179,24 @@ $ibo-panel--is-selectable--body--after--font-size: $ibo-font-size-700 !default;
  min-height: $ibo-panel--icon--size;
 }
-.ibo-panel--icon-img, .ibo-panel--icon-background { // second class is deprecated, remove it when dealing with N°9317
+.ibo-panel--icon-background {
  width: 100%;
  height: 100%;
  object-position: center;
  object-fit: $ibo-panel--icon-img--size--must-contain;
  background-position: center;
  background-repeat: no-repeat;
-  background-size: $ibo-panel--icon-img--size--must-contain;
+  background-size: $ibo-panel--icon-background--size--must-contain;
 }
-.ibo-panel--icon-img--must-contain, .ibo-panel--icon-background--must-contain { // second class is deprecated, remove it when dealing with N°9317
+.ibo-panel--icon-background--must-contain {
-  object-fit: $ibo-panel--icon-img--size--must-contain;
+  background-size: $ibo-panel--icon-background--size--must-contain;
  background-size: $ibo-panel--icon-img--size--must-contain;
 }
-.ibo-panel--icon-img--must-cover, .ibo-panel--icon-background--must-cover { // second class is deprecated, remove it when dealing with N°9317
+.ibo-panel--icon-background--must-cover {
-  object-fit: $ibo-panel--icon-img--size--must-cover;
+  background-size: $ibo-panel--icon-background--size--must-cover;
  background-size: $ibo-panel--icon-img--size--must-cover;
 }
-.ibo-panel--icon-img--must-zoomout, .ibo-panel--icon-background--must-zoomout { // second class is deprecated, remove it when dealing with N°9317
+.ibo-panel--icon-background--must-zoomout {
-  width: $ibo-panel--icon-img--size--must-zoomout;
+  background-size: $ibo-panel--icon-background--size--must-zoomout;
  height: $ibo-panel--icon-img--size--must-zoomout;
 }
 .ibo-panel--title {
--- a/css/backoffice/components/_search-form.scss
+++ b/css/backoffice/components/_search-form.scss
@@ -21,8 +21,6 @@ $ibo-search-form-panel--more-criteria--color: $ibo-color-blue-grey-800 !default;
 $ibo-search-form-panel--more-criteria--background-color: $ibo-color-white-100 !default;
 $ibo-search-form-panel--more-criteria--icon--color: $ibo-color-primary-600 !default;
 $ibo-search-form-panel--more-criteria--border-color: $ibo-search-form-panel--criteria--border-color !default;
 // calc is redundant but avoid SCSS min() from being used instead of CSS min()
 $ibo-search-form-panel--criteria--max-height: calc(min(#{$ibo-size-750}, 50vh)) !default;
 $ibo-search-form-panel--items--hover--color: $ibo-color-grey-200 !default;
@@ -280,8 +278,7 @@ $ibo-search-results-area--datatable-scrollhead--border--is-sticking: $ibo-search
 				}
 				.sfc_form_group {
-                  display: flex;
+          display: block;
                  flex-direction: column;
          margin-top: -1px;
          z-index: -1;
        }
@@ -349,15 +346,11 @@ $ibo-search-results-area--datatable-scrollhead--border--is-sticking: $ibo-search
        display: none;
        max-width: 450px;
        width: max-content;
-        max-height: $ibo-search-form-panel--criteria--max-height;
+        max-height: 520px;
        overflow-x: auto;
        overflow-y: hidden;
 				.sfc_fg_operators {
                    display: flex;
                    flex-direction: column;
                    overflow: auto;
                    min-height: 0;
 					font-size: 12px;
 					.sfc_fg_operator {
@@ -394,9 +387,6 @@ $ibo-search-results-area--datatable-scrollhead--border--is-sticking: $ibo-search
 						}
 						.sfc_opc_multichoices {
                            display: flex;
                            flex-direction: column;
                            height: 100%;
 							label > input {
 								vertical-align: text-top;
 								margin-left: $ibo-spacing-0;
@@ -408,6 +398,7 @@ $ibo-search-results-area--datatable-scrollhead--border--is-sticking: $ibo-search
 							}
 							.sfc_opc_mc_items_wrapper {
 								max-height: 415px; /* Must be less than .sfc_form_group:max-height - .sfc_opc_mc_toggler:height - .sfc_opc_mc_filter:height */
 								overflow-y: auto;
 								margin: $ibo-spacing-0 -8px; /* Compensate .sfc_opc_multichoices side padding so the hover style can take the full with */
@@ -569,14 +560,8 @@ $ibo-search-results-area--datatable-scrollhead--border--is-sticking: $ibo-search
 			&.search_form_criteria_enum {
 				.sfc_form_group {
 					.sfc_fg_operator_in {
                        display: flex;
                        flex-direction: column;
                        height: 100%;
                        min-height: 0;
 						> label {
-							display: flex;
+							display: inline-block;
                            height: 100%;
                            min-height: 0;
 							width: 100%;
 							line-height: initial;
 							white-space: nowrap;
--- a/css/backoffice/components/_title.scss
+++ b/css/backoffice/components/_title.scss
@@ -11,12 +11,9 @@ $ibo-title--icon--size: 90px !default;
 $ibo-title--icon--size-2: 80px !default;
 $ibo-title--icon--size-3: 70px !default;
-$ibo-title--icon-background--size--must-contain: contain !default; // deprecated, to be removed in favor of $ibo-title--icon-img--size--must-contain
+$ibo-title--icon-background--size--must-contain: contain !default;
-$ibo-title--icon-background--size--must-cover: cover !default; // deprecated, to be removed in favor of $ibo-title--icon-img--size--must-cover
+$ibo-title--icon-background--size--must-cover: cover !default;
-$ibo-title--icon-background--size--must-zoomout: 66.67% !default; // deprecated, to be removed in favor of $ibo-title--icon-img--size--must-zoomout
+$ibo-title--icon-background--size--must-zoomout: 66.67% !default;
 $ibo-title--icon-img--size--must-contain: $ibo-title--icon-background--size--must-contain !default; // TODO remove when dealing with N°9317
 $ibo-title--icon-img--size--must-cover: $ibo-title--icon-background--size--must-cover !default; // TODO remove when dealing with N°9317
 $ibo-title--icon-img--size--must-zoomout: $ibo-title--icon-background--size--must-zoomout !default; // TODO remove when dealing with N°9317
 .ibo-title {
@@ -47,27 +44,24 @@ $ibo-title--icon-img--size--must-zoomout: $ibo-title--icon-background--size--mus
  min-height: $ibo-title--icon--size-3;
 }
-.ibo-title--icon-img, .ibo-title--icon-background { // second class is deprecated, remove it when dealing with N°9317
+.ibo-title--icon-background {
  width: 100%;
  height: 100%;
-  object-position: center;
+  background-position: center;
-  object-fit: $ibo-title--icon-img--size--must-contain;
+  background-repeat: no-repeat;
-  background-size: $ibo-title--icon-img--size--must-contain;
+  background-size: $ibo-title--icon-background--size--must-contain;
 }
-.ibo-title--icon-img--must-contain, .ibo-title--icon-background--must-contain { // second class is deprecated, remove it when dealing with N°9317
+.ibo-title--icon-background--must-contain {
-  object-fit: $ibo-title--icon-img--size--must-contain;
+  background-size: $ibo-title--icon-background--size--must-contain;
  background-size: $ibo-title--icon-img--size--must-contain;
 }
-.ibo-title--icon-img--must-cover, .ibo-title--icon-background--must-cover { // second class is deprecated, remove it when dealing with N°9317
+.ibo-title--icon-background--must-cover {
-  object-fit: $ibo-title--icon-img--size--must-cover;
+  background-size: $ibo-title--icon-background--size--must-cover;
  background-size: $ibo-title--icon-img--size--must-cover;
 }
-.ibo-title--icon-img--must-zoomout, .ibo-title--icon-background--must-zoomout { // second class is deprecated, remove it when dealing with N°9317
+.ibo-title--icon-background--must-zoomout {
-  width: $ibo-title--icon-img--size--must-zoomout;
+  background-size: $ibo-title--icon-background--size--must-zoomout;
  height: $ibo-title--icon-img--size--must-zoomout;
 }
 .ibo-title--for-object-details {
--- a/css/backoffice/components/input/_input-select.scss
+++ b/css/backoffice/components/input/_input-select.scss
@@ -203,9 +203,8 @@ $ibo-input-select--autocomplete-item-image--border: 1px solid $ibo-color-grey-60
 }
 // N°7982 Default selectize stylesheet override
 // N°9468 Dropdown content needs to be a few pixel shorter than the dropdown itself to avoid double scrollbar
 .selectize-dropdown-content{
-  max-height: calc(#{$ibo-input-select-selectize--dropdown--max-height} - 4px);
+  max-height: $ibo-input-select-selectize--dropdown--max-height;
 }
 .selectize-dropdown.ui-menu .ui-state-active {
--- a/css/backoffice/layout/multi-column/_multi-column.scss
+++ b/css/backoffice/layout/multi-column/_multi-column.scss
@@ -5,11 +5,9 @@
 $ibo-multi-column--margin-x: -$ibo-spacing-500 !default; /* This is to compensate columns padding and make the whole multicolumn align with the parent borders (cf. Bootstrap rows / cols) */
 $ibo-multi-column--margin-y: $ibo-spacing-0 !default;
 $ibo-multi-column--row-gap: $ibo-spacing-800 !default;
 .ibo-multi-column {
  display: flex;
  flex-wrap: wrap;
  margin: $ibo-multi-column--margin-y $ibo-multi-column--margin-x;
  row-gap: $ibo-multi-column--row-gap;
 }
--- a/css/backoffice/vendors/_bulma-variables-overload.scss
+++ b/css/backoffice/vendors/_bulma-variables-overload.scss
@@ -21,7 +21,6 @@ $text-strong: inherit !default;
 * See https://bulma.io/documentation/elements/content/
 */
 $content-block-margin-bottom: 0 !default;
 $content-blockquote-background-color: $ibo-color-grey-200 !default;
 /* Table: Reset style as much as possible to match rich text editor preview, which is the browser's default stylesheet.
 * As there is no way to avoid bulma rules, we simply make them invalid by setting an invalid variable value, the rules will then be ignored by the browser.
--- a/css/backoffice/vendors/_tomselect.scss
+++ b/css/backoffice/vendors/_tomselect.scss
@@ -1,3 +0,0 @@
@import "../../../node_modules/tom-select/dist/scss/tom-select.scss";
 $select-color-item-active-border: $ibo-input--focus--border-color;
--- a/css/setup.css
+++ b/css/setup.css
--- a/data/.compilation-symlinks
+++ b/data/.compilation-symlinks
--- a/datamodels/2.x/authent-local/datamodel.authent-local.xml
+++ b/datamodels/2.x/authent-local/datamodel.authent-local.xml
@@ -2,7 +2,7 @@
 <itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.3">
  <module_parameters>
    <parameters id="authent-local" _delta="define">
-      <password_validation.pattern>^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\da-zA-Z]).{12,}$</password_validation.pattern>
+      <password_validation.pattern>^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^\da-zA-Z]).{8,}$</password_validation.pattern>
      <password_validation.message type="hash"/>
    </parameters>
  </module_parameters>
--- a/datamodels/2.x/authent-local/dictionaries/cs.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/cs.dict.authent-local.php
@@ -29,7 +29,7 @@ Dict::Add('CS CZ', 'Czech', 'Čeština', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Heslo nemůže uživatel změnit.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Heslo bylo obnoveno',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Termín, kdy bylo heslo změneno',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Heslo musí obsahovat minimálně 12 znaků a musí obsahovat minimálně jedno velké písmeno, jedno malé písmeno, jedno číslo a speciální znak.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Heslo musí obsahovat minimálně 8 znaků a musí obsahovat minimálně jedno velké písmeno, jedno malé písmeno, jedno číslo a speciální znak.',
 	'UserLocal:password:expiration' => 'Níže uvedená pole vyžadují rozšíření',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Nastavení exspirace "Jednorázového hesla" nelze u vlastního účtu uživatele.',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/da.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/da.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('DA DA', 'Danish', 'Dansk', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.~~',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/de.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/de.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('DE DE', 'German', 'Deutsch', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Letzte Passworterneuerung',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Letztes Änderungsdatum',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Das Passwort muss mindestens 12 Zeichen lang sein und Großbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Das Passwort entspricht nicht dem in den Konfigurationsregeln hinterlegten RegEx-Ausdruck',
 	'UserLocal:password:expiration' => 'Die folgenden Felder benötigen eine '.ITOP_APPLICATION_SHORT.' Erweiterung',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Das setzen des Passwortablaufs auf "Einmalpasswort" ist für den eigenen Benutzer nicht erlaubt.',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/en.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/en.dict.authent-local.php
@@ -55,7 +55,7 @@ Dict::Add('EN US', 'English', 'English', [
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.',
 	'UserLocal:password:expiration' => 'The fields below require an extension',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/en_gb.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/en_gb.dict.authent-local.php
@@ -55,7 +55,7 @@ Dict::Add('EN GB', 'British English', 'British English', [
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.',
 	'UserLocal:password:expiration' => 'The fields below require an extension',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/es_cr.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/es_cr.dict.authent-local.php
@@ -25,7 +25,7 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'El usuario no puede cambiar la contraseña.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Renovación de contraseña',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Cuando fue el último cambio de contraseña',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La contraseña debe ser de al menos 12 caracteres e incluir mayúsculas, minúsculas, números y caracteres especiales.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La contraseña debe ser de al menos 8 caracteres e incluír mayúsculas, minúsculas, números y caracteres especiales.',
 	'UserLocal:password:expiration' => 'El siguiente campo requiere una extensión',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Configurar expiración de contraseña para "ontraseña de un solo uso" no está permitido para su propio Usuario',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/fr.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/fr.dict.authent-local.php
@@ -27,7 +27,7 @@ Dict::Add('FR FR', 'French', 'Français', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Mot de passe changé le',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Dernière date à laquelle le mot de passe a été changé',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Le mot de passe doit contenir au moins 12 caractères, avec minuscule, majuscule, nombre et caractère spécial.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Le mot de passe doit contenir au moins 8 caractères, avec minuscule, majuscule, nombre et caractère spécial.',
 	'UserLocal:password:expiration' => 'Les champs ci-dessous nécessitent une extension',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impossible de mettre "Usage unique" comme validité du mot de passe pour son propre utilisateur.',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/hu.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/hu.dict.authent-local.php
@@ -27,7 +27,7 @@ Dict::Add('HU HU', 'Hungarian', 'Magyar', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'A felhasználó nem változtathat jelszót.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Jelszó megújítás ideje',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'A jelszó legutóbbi módosításának időpontja',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'A jelszónak legalább 12 karakterből kell állnia, és tartalmaznia kell nagybetűket, kisbetűket, numerikus és speciális karaktereket.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'A jelszónak legalább 8 karakterből kell állnia, és tartalmaznia kell nagybetűket, kisbetűket, numerikus és speciális karaktereket.',
 	'UserLocal:password:expiration' => 'Az alábbi mezőkhöz egy bővítmény szükséges',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'A jelszó lejárati idejének beállítása "Egyszeri jelszóra" nem engedélyezett a saját Felhasználó számára.',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/it.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/it.dict.authent-local.php
@@ -27,7 +27,7 @@ Dict::Add('IT IT', 'Italian', 'Italiano', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'La password non può essere cambiata dall\'utente.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Rinnovo della password',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Quando è stata cambiata l\'ultima volta la password',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La password deve essere di almeno 12 caratteri e includere lettere maiuscole, minuscole, numeri e caratteri speciali.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La password deve essere di almeno 8 caratteri e includere lettere maiuscole, minuscole, numeri e caratteri speciali.',
 	'UserLocal:password:expiration' => 'I campi sottostanti richiedono un\'estensione',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impostare la scadenza della password su "Password monouso" non è consentito per il proprio utente',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/ja.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/ja.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('JA JP', 'Japanese', '日本語', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.~~',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/nl.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/nl.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('NL NL', 'Dutch', 'Nederlands', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'De gebruiker kan dit wachtwoord niet veranderen.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Wachtwoord laatst aangepast',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Tijdstip waarop het wachtwoord het laatst aangepast werd.',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Het wachtwoord bestaat uit minstens 12 tekens en bestaat uit een mix van minstens 1 hoofdletter, kleine letter, cijfer en speciaal teken.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Het wachtwoord bestaat uit minstens 8 tekens en bestaat uit een mix van minstens 1 hoofdletter, kleine letter, cijfer en speciaal teken.',
 	'UserLocal:password:expiration' => 'De velden hieronder vereisen een extensie.',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Je kan geen eenmalig wachtwoord instellen voor je eigen gebruiker.',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/pl.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/pl.dict.authent-local.php
@@ -27,7 +27,7 @@ Dict::Add('PL PL', 'Polish', 'Polski', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Hasło nie może być zmienione przez użytkownika.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Odnowienie hasła',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Kiedy ostatnio zmieniano hasło',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Hasło musi mieć co najmniej 12 znaków i zawierać duże, małe litery, cyfry i znaki specjalne.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Hasło musi mieć co najmniej 8 znaków i zawierać duże, małe litery, cyfry i znaki specjalne.',
 	'UserLocal:password:expiration' => 'Poniższe pola wymagają rozszerzenia',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Ustawienie wygaśnięcia hasła "Hasło jednorazowe" nie jest dozwolone dla własnego użytkownika',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/ru.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/ru.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('RU RU', 'Russian', 'Русский', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Дата изменения пароля',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Когда пароль был изменен в последний раз',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Пароль должен содержать не менее 12 символов и включать прописные, строчные, числовые и специальные символы.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Пароль должен содержать не менее 8 символов и включать прописные, строчные, числовые и специальные символы.',
 	'UserLocal:password:expiration' => 'Поля требуют наличия доп. расширения',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/sk.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/sk.dict.authent-local.php
@@ -27,7 +27,7 @@ Dict::Add('SK SK', 'Slovak', 'Slovenčina', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.~~',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/tr.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/tr.dict.authent-local.php
@@ -28,7 +28,7 @@ Dict::Add('TR TR', 'Turkish', 'Türkçe', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 12 characters and include uppercase, lowercase, numeric and special characters.~~',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 ]);
--- a/datamodels/2.x/authent-local/dictionaries/zh_cn.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/zh_cn.dict.authent-local.php
@@ -51,7 +51,7 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', [
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => '用户不允许修改密码.',
 	'Class:UserLocal/Attribute:password_renewed_date' => '密码更新',
 	'Class:UserLocal/Attribute:password_renewed_date+' => '上次修改密码的时间',
-	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => '密码必须至少12个字符, 包含大小写, 数字和特殊字符.',
+	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => '密码必须至少8个字符, 包含大小写, 数字和特殊字符.',
 	'UserLocal:password:expiration' => '下面的区域需要插件扩展',
 	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => '不允许用户为自己设置 "一次性密码" 的失效期限',
 ]);
--- a/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss
+++ b/datamodels/2.x/combodo-backoffice-darkmoon-theme/scss/scss-variables.scss
--- a/datamodels/2.x/combodo-backoffice-fullmoon-high-contrast-theme/scss/scss-variables.scss
+++ b/datamodels/2.x/combodo-backoffice-fullmoon-high-contrast-theme/scss/scss-variables.scss
--- a/datamodels/2.x/combodo-backoffice-fullmoon-protanopia-deuteranopia-theme/scss/scss-variables.scss
+++ b/datamodels/2.x/combodo-backoffice-fullmoon-protanopia-deuteranopia-theme/scss/scss-variables.scss
@@ -68,47 +68,47 @@ $ibo-color-information-900: #0f172a !default;
 $ibo-color-information-950: #020617 !default;
-$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-waiting-state-primary-color: $ibo-color-yellow-700 !default;
+$ibo-lifecycle-waiting-state-primary-color: $ibo-color-yellow-700;
-$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-failure-state-primary-color: $ibo-color-orange-800 !default;
+$ibo-lifecycle-failure-state-primary-color: $ibo-color-orange-800;
-$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200 !default;
+$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200;
-$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700 !default;
+$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700;
-$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-inactive-state-primary-color: $ibo-color-yellow-700 !default;
+$ibo-lifecycle-inactive-state-primary-color: $ibo-color-yellow-700;
-$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100;
-$ibo-caselog-highlight-color-1: $ibo-color-blue-700 !default;
+$ibo-caselog-highlight-color-1: $ibo-color-blue-700;
-$ibo-caselog-highlight-color-2: $ibo-color-yellow-700 !default;
+$ibo-caselog-highlight-color-2: $ibo-color-yellow-700;
-$ibo-caselog-highlight-color-3: $ibo-color-information-600 !default;
+$ibo-caselog-highlight-color-3: $ibo-color-information-600;
-$ibo-caselog-highlight-color-4: $ibo-color-yellow-500 !default;
+$ibo-caselog-highlight-color-4: $ibo-color-yellow-500;
-$ibo-caselog-highlight-color-5: $ibo-color-blue-500 !default;
+$ibo-caselog-highlight-color-5: $ibo-color-blue-500;
-$ibo-caselog-highlight-color-6: $ibo-color-yellow-300 !default;
+$ibo-caselog-highlight-color-6: $ibo-color-yellow-300;
-$ibo-caselog-highlight-color-7: $ibo-color-blue-300 !default;
+$ibo-caselog-highlight-color-7: $ibo-color-blue-300;
-$ibo-input-wrapper--is-error--border-color: $ibo-color-warning-700 !default;
+$ibo-input-wrapper--is-error--border-color: $ibo-color-warning-700;
-$ibo-field-validation: $ibo-color-warning-800 !default;
+$ibo-field-validation: $ibo-color-warning-800;
-$ibo-navigation-menu--visual-hint--background-color: $ibo-color-blue-400 !default;
+$ibo-navigation-menu--visual-hint--background-color: $ibo-color-blue-400;
-$ibo-wizard-container--background-color: $ibo-color-information-200 !default;
+$ibo-wizard-container--background-color: $ibo-color-information-200;
-$ibo-wizard-container--border-color: $ibo-color-information-600 !default;
+$ibo-wizard-container--border-color: $ibo-color-information-600;
-$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-danger-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-danger-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-danger-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-danger-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500;
-$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-blue-600 !default;
+$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-blue-600;
--- a/datamodels/2.x/combodo-backoffice-fullmoon-tritanopia-theme/scss/scss-variables.scss
+++ b/datamodels/2.x/combodo-backoffice-fullmoon-tritanopia-theme/scss/scss-variables.scss
@@ -32,47 +32,47 @@ $ibo-color-information-900: #0f172a !default;
 $ibo-color-information-950: #020617 !default;
-$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-waiting-state-primary-color: $ibo-color-red-200 !default;
+$ibo-lifecycle-waiting-state-primary-color: $ibo-color-red-200;
-$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-red-800 !default;
+$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-red-800;
-$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-failure-state-primary-color: $ibo-color-red-800 !default;
+$ibo-lifecycle-failure-state-primary-color: $ibo-color-red-800;
-$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200 !default;
+$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200;
-$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700 !default;
+$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700;
-$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-inactive-state-primary-color: $ibo-color-red-700 !default;
+$ibo-lifecycle-inactive-state-primary-color: $ibo-color-red-700;
-$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100;
-$ibo-caselog-highlight-color-1: $ibo-color-blue-700 !default;
+$ibo-caselog-highlight-color-1: $ibo-color-blue-700;
-$ibo-caselog-highlight-color-2: $ibo-color-red-700 !default;
+$ibo-caselog-highlight-color-2: $ibo-color-red-700;
-$ibo-caselog-highlight-color-3: $ibo-color-information-600 !default;
+$ibo-caselog-highlight-color-3: $ibo-color-information-600;
-$ibo-caselog-highlight-color-4: $ibo-color-red-500 !default;
+$ibo-caselog-highlight-color-4: $ibo-color-red-500;
-$ibo-caselog-highlight-color-5: $ibo-color-blue-500 !default;
+$ibo-caselog-highlight-color-5: $ibo-color-blue-500;
-$ibo-caselog-highlight-color-6: $ibo-color-red-300 !default;
+$ibo-caselog-highlight-color-6: $ibo-color-red-300;
-$ibo-caselog-highlight-color-7: $ibo-color-blue-300 !default;
+$ibo-caselog-highlight-color-7: $ibo-color-blue-300;
-$ibo-input-wrapper--is-error--border-color: $ibo-color-pink-700 !default;
+$ibo-input-wrapper--is-error--border-color: $ibo-color-pink-700;
-$ibo-field-validation: $ibo-color-pink-800 !default;
+$ibo-field-validation: $ibo-color-pink-800;
-$ibo-navigation-menu--visual-hint--background-color: $ibo-color-pink-600 !default;
+$ibo-navigation-menu--visual-hint--background-color: $ibo-color-pink-600;
-$ibo-wizard-container--background-color: $ibo-color-information-200 !default;
+$ibo-wizard-container--background-color: $ibo-color-information-200;
-$ibo-wizard-container--border-color: $ibo-color-information-600 !default;
+$ibo-wizard-container--border-color: $ibo-color-information-600;
-$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-pink-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-pink-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-pink-600 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-pink-600;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-400 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-400;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500;
-$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-pink-500 !default;
+$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-pink-500;
--- a/datamodels/2.x/combodo-db-tools/bin/rebuildhk.php
+++ b/datamodels/2.x/combodo-db-tools/bin/rebuildhk.php
@@ -10,65 +10,10 @@
 */
 use Combodo\iTop\Core\MetaModel\HierarchicalKey;
 use Combodo\iTop\DBTools\Enum\BinExitCode;
 use Combodo\iTop\DBTools\Exception\AuthenticationException;
-// env-xxx folders
+require_once('../../../approot.inc.php');
 if (file_exists(__DIR__.'/../../../approot.inc.php')) {
 	require_once __DIR__.'/../../../approot.inc.php';
 }
 // datamodel/2.x and data/xxx-modules folders
 elseif (file_exists(__DIR__.'/../../../../approot.inc.php')) {
 	require_once __DIR__.'/../../../../approot.inc.php';
 }
 require_once APPROOT.'application/startup.inc.php';
 // Prepare output page
 $sPageTitle = "Database maintenance tools - Report";
 $bIsModeCLI = utils::IsModeCLI();
 if ($bIsModeCLI) {
 	$oP = new CLIPage($sPageTitle);
 	SetupUtils::CheckPhpAndExtensionsForCli($oP, BinExitCode::FATAL->value);
 } else {
 	$oP = new WebPage($sPageTitle);
 }
 // Authentication logic
 try {
 	utils::UseParamFile();
 	if ($bIsModeCLI) {
 		$sAuthUser = utils::ReadParam('auth_user', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
 		$sAuthPwd = utils::ReadParam('auth_pwd', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
 		if (utils::IsNullOrEmptyString($sAuthUser) || utils::IsNullOrEmptyString($sAuthPwd)) {
 			throw new AuthenticationException("Access credentials not provided, usage: php rebuildhk.php --auth_user=<login> --auth_pwd=<password> [--param_file=<file_path>]");
 		}
 		if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
 			UserRights::Login($sAuthUser);
 		} else {
 			throw new AuthenticationException("Access wrong credentials ('$sAuthUser')");
 		}
 	} else {
 		// Check user rights and prompt if needed
 		LoginWebPage::DoLoginEx(null, true);
 	}
 	if (!UserRights::IsAdministrator()) {
 		throw new AuthenticationException("Access restricted to administrators");
 	}
 } catch (AuthenticationException $oException) {
 	$oP->p($oException->getMessage());
 	$oP->output();
 	exit(BinExitCode::ERROR->value);
 } catch (Exception $oException) {
 	$oP->p("Error: ".$oException->GetMessage());
 	$oP->output();
 	exit(BinExitCode::FATAL->value);
 }
 // Business logic
 try {
 foreach (MetaModel::GetClasses() as $sClass) {
 	if (!MetaModel::HasTable($sClass)) {
 		continue;
@@ -77,20 +22,10 @@ try {
 	foreach (MetaModel::ListAttributeDefs($sClass) as $sAttCode => $oAttDef) {
 		// Check (once) all the attributes that are hierarchical keys
 		if ((MetaModel::GetAttributeOrigin($sClass, $sAttCode) == $sClass) && $oAttDef->IsHierarchicalKey()) {
-				$oP->p("Rebuild hierarchical key $sAttCode from $sClass.");
+			echo "Rebuild hierarchical key $sAttCode from $sClass.\n";
 			HierarchicalKey::Rebuild($sClass, $sAttCode, $oAttDef);
 		}
 	}
 }
-	$oP->p("Done");
+echo "Done\n";
 	$oP->output();
 } catch (AuthenticationException $oException) {
 	$oP->p($oException->getMessage());
 	$oP->output();
 	exit(BinExitCode::ERROR->value);
 } catch (Exception $oException) {
 	$oP->p("Error: ".$oException->GetMessage());
 	$oP->output();
 	exit(BinExitCode::FATAL->value);
 }
--- a/datamodels/2.x/combodo-db-tools/bin/report.php
+++ b/datamodels/2.x/combodo-db-tools/bin/report.php
@@ -5,93 +5,22 @@
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 use Combodo\iTop\DBTools\Enum\BinExitCode;
 use Combodo\iTop\DBTools\Exception\AuthenticationException;
 use Combodo\iTop\DBTools\Service\DBAnalyzerUtils;
-// env-xxx folders
+require_once('../../../approot.inc.php');
-if (file_exists(__DIR__.'/../../../approot.inc.php')) {
+require_once(APPROOT.'application/startup.inc.php');
 	require_once __DIR__.'/../../../approot.inc.php';
 }
 // datamodel/2.x and data/xxx-modules folders
 elseif (file_exists(__DIR__.'/../../../../approot.inc.php')) {
 	require_once __DIR__.'/../../../../approot.inc.php';
 }
-require_once APPROOT.'application/startup.inc.php';
+require_once('../db_analyzer.class.inc.php');
-require_once APPROOT.'application/loginwebpage.class.inc.php';
+require_once('../src/Service/DBAnalyzerUtils.php');
 require_once __DIR__.'/../db_analyzer.class.inc.php';
 // Prepare output page
 $sPageTitle = "Database maintenance tools - Report";
 $bIsModeCLI = utils::IsModeCLI();
 if ($bIsModeCLI) {
 	$oP = new CLIPage($sPageTitle);
 	SetupUtils::CheckPhpAndExtensionsForCli($oP, BinExitCode::FATAL->value);
 } else {
 	$oP = new WebPage($sPageTitle);
 }
 // Authentication logic
 try {
 	utils::UseParamFile();
 	if ($bIsModeCLI) {
 		$sAuthUser = utils::ReadParam('auth_user', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
 		$sAuthPwd = utils::ReadParam('auth_pwd', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
 		if (utils::IsNullOrEmptyString($sAuthUser) || utils::IsNullOrEmptyString($sAuthPwd)) {
 			throw new AuthenticationException("Access credentials not provided, usage: php report.php --auth_user=<login> --auth_pwd=<password> [--param_file=<file_path>]");
 		}
 		if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
 			UserRights::Login($sAuthUser);
 		} else {
 			throw new AuthenticationException("Access wrong credentials ('$sAuthUser')");
 		}
 	} else {
 		// Check user rights and prompt if needed
 		LoginWebPage::DoLoginEx(null, true);
 	}
 	if (!UserRights::IsAdministrator()) {
 		throw new AuthenticationException("Access restricted to administrators");
 	}
 } catch (AuthenticationException $oException) {
 	$sExceptionMessage = $oP instanceof WebPage ? utils::EscapeHtml($oException->getMessage()) : $oException->getMessage();
 	$oP->p($sExceptionMessage);
 	$oP->output();
 	exit(BinExitCode::ERROR->value);
 } catch (Exception $oException) {
 	$sExceptionMessage = $oP instanceof WebPage ? utils::EscapeHtml($oException->getMessage()) : $oException->getMessage();
 	$oP->p("Error: ".$sExceptionMessage);
 	$oP->output();
 	exit(BinExitCode::FATAL->value);
 }
 // Business logic
 try {
 $oDBAnalyzer = new DatabaseAnalyzer(0);
 $aResults = $oDBAnalyzer->CheckIntegrity([]);
 if (empty($aResults)) {
-		$oP->p("Database OK");
+	echo "Database OK\n";
-		$oP->output();
+	exit(0);
 		exit(BinExitCode::SUCCESS->value);
 }
 $sReportFile = DBAnalyzerUtils::GenerateReport($aResults);
-	$oP->p("Report generated: {$sReportFile}.log");
+echo "Report generated: {$sReportFile}.log\n";
 	$oP->output();
 } catch (AuthenticationException $oException) {
 	$sExceptionMessage = $oP instanceof WebPage ? utils::EscapeHtml($oException->getMessage()) : $oException->getMessage();
 	$oP->p($sExceptionMessage);
 	$oP->output();
 	exit(BinExitCode::ERROR->value);
 } catch (Exception $oException) {
 	$sExceptionMessage = $oP instanceof WebPage ? utils::EscapeHtml($oException->getMessage()) : $oException->getMessage();
 	$oP->p("Error: ".$sExceptionMessage);
 	$oP->output();
 	exit(BinExitCode::FATAL->value);
 }
--- a/datamodels/2.x/combodo-db-tools/composer.json
+++ b/datamodels/2.x/combodo-db-tools/composer.json
@@ -1,9 +0,0 @@
 {
  "name": "combodo/combodo-db-tools",
  "license": "AGPL-3.0-only",
  "autoload": {
    "psr-4": {
      "Combodo\\iTop\\DBTools\\": "src/"
    }
  }
 }
--- a/datamodels/2.x/combodo-db-tools/composer.lock
+++ b/datamodels/2.x/combodo-db-tools/composer.lock
@@ -1,18 +0,0 @@
 {
    "_readme": [
        "This file locks the dependencies of your project to a known state",
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
    "content-hash": "38292b9b3a56c6c8776285a17c58034e",
    "packages": [],
    "packages-dev": [],
    "aliases": [],
    "minimum-stability": "stable",
    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {},
    "platform-dev": {},
    "plugin-api-version": "2.6.0"
 }
--- a/datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php
+++ b/datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php
@@ -30,7 +30,7 @@ SetupWebPage::AddModule(
 		// Identification
 		//
 		'label' => 'Database maintenance tools',
-		'category' => 'Application management',
+		'category' => 'business',
 		// Setup
 		//
@@ -43,7 +43,6 @@ SetupWebPage::AddModule(
 		// Components
 		//
 		'datamodel' => [
 			'vendor/autoload.php',
 			'src/Service/DBToolsUtils.php',
 			'src/Service/DBAnalyzerUtils.php',
 		],
--- a/datamodels/2.x/combodo-db-tools/src/Enum/BinExitCode.php
+++ b/datamodels/2.x/combodo-db-tools/src/Enum/BinExitCode.php
@@ -1,18 +0,0 @@
 <?php
 /*
 * @copyright   Copyright (C) 2010-2026 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 namespace Combodo\iTop\DBTools\Enum;
 /**
 * Enum for the exit codes of the bin scripts
 */
 enum BinExitCode: int
 {
 	case SUCCESS = 0;
 	case ERROR = -1;
 	case FATAL = -2;
 }
--- a/datamodels/2.x/combodo-db-tools/src/Exception/AuthenticationException.php
+++ b/datamodels/2.x/combodo-db-tools/src/Exception/AuthenticationException.php
@@ -1,12 +0,0 @@
 <?php
 /*
 * @copyright   Copyright (C) 2010-2026 Combodo SAS
 * @license     http://opensource.org/licenses/AGPL-3.0
 */
 namespace Combodo\iTop\DBTools\Exception;
 class AuthenticationException extends \Exception
 {
 }
--- a/datamodels/2.x/combodo-db-tools/vendor/autoload.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/autoload.php
@@ -1,22 +0,0 @@
 <?php
 // autoload.php @generated by Composer
 if (PHP_VERSION_ID < 50600) {
    if (!headers_sent()) {
        header('HTTP/1.1 500 Internal Server Error');
    }
    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
    if (!ini_get('display_errors')) {
        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
            fwrite(STDERR, $err);
        } elseif (!headers_sent()) {
            echo $err;
        }
    }
    throw new RuntimeException($err);
 }
 require_once __DIR__ . '/composer/autoload_real.php';
 return ComposerAutoloaderInit38292b9b3a56c6c8776285a17c58034e::getLoader();
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/ClassLoader.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/ClassLoader.php
@@ -1,579 +0,0 @@
 <?php
 /*
 * This file is part of Composer.
 *
 * (c) Nils Adermann <naderman@naderman.de>
 *     Jordi Boggiano <j.boggiano@seld.be>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */
 namespace Composer\Autoload;
 /**
 * ClassLoader implements a PSR-0, PSR-4 and classmap class loader.
 *
 *     $loader = new \Composer\Autoload\ClassLoader();
 *
 *     // register classes with namespaces
 *     $loader->add('Symfony\Component', __DIR__.'/component');
 *     $loader->add('Symfony',           __DIR__.'/framework');
 *
 *     // activate the autoloader
 *     $loader->register();
 *
 *     // to enable searching the include path (eg. for PEAR packages)
 *     $loader->setUseIncludePath(true);
 *
 * In this example, if you try to use a class in the Symfony\Component
 * namespace or one of its children (Symfony\Component\Console for instance),
 * the autoloader will first look for the class under the component/
 * directory, and it will then fallback to the framework/ directory if not
 * found before giving up.
 *
 * This class is loosely based on the Symfony UniversalClassLoader.
 *
 * @author Fabien Potencier <fabien@symfony.com>
 * @author Jordi Boggiano <j.boggiano@seld.be>
 * @see    https://www.php-fig.org/psr/psr-0/
 * @see    https://www.php-fig.org/psr/psr-4/
 */
 class ClassLoader
 {
    /** @var \Closure(string):void */
    private static $includeFile;
    /** @var string|null */
    private $vendorDir;
    // PSR-4
    /**
     * @var array<string, array<string, int>>
     */
    private $prefixLengthsPsr4 = array();
    /**
     * @var array<string, list<string>>
     */
    private $prefixDirsPsr4 = array();
    /**
     * @var list<string>
     */
    private $fallbackDirsPsr4 = array();
    // PSR-0
    /**
     * List of PSR-0 prefixes
     *
     * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))
     *
     * @var array<string, array<string, list<string>>>
     */
    private $prefixesPsr0 = array();
    /**
     * @var list<string>
     */
    private $fallbackDirsPsr0 = array();
    /** @var bool */
    private $useIncludePath = false;
    /**
     * @var array<string, string>
     */
    private $classMap = array();
    /** @var bool */
    private $classMapAuthoritative = false;
    /**
     * @var array<string, bool>
     */
    private $missingClasses = array();
    /** @var string|null */
    private $apcuPrefix;
    /**
     * @var array<string, self>
     */
    private static $registeredLoaders = array();
    /**
     * @param string|null $vendorDir
     */
    public function __construct($vendorDir = null)
    {
        $this->vendorDir = $vendorDir;
        self::initializeIncludeClosure();
    }
    /**
     * @return array<string, list<string>>
     */
    public function getPrefixes()
    {
        if (!empty($this->prefixesPsr0)) {
            return call_user_func_array('array_merge', array_values($this->prefixesPsr0));
        }
        return array();
    }
    /**
     * @return array<string, list<string>>
     */
    public function getPrefixesPsr4()
    {
        return $this->prefixDirsPsr4;
    }
    /**
     * @return list<string>
     */
    public function getFallbackDirs()
    {
        return $this->fallbackDirsPsr0;
    }
    /**
     * @return list<string>
     */
    public function getFallbackDirsPsr4()
    {
        return $this->fallbackDirsPsr4;
    }
    /**
     * @return array<string, string> Array of classname => path
     */
    public function getClassMap()
    {
        return $this->classMap;
    }
    /**
     * @param array<string, string> $classMap Class to filename map
     *
     * @return void
     */
    public function addClassMap(array $classMap)
    {
        if ($this->classMap) {
            $this->classMap = array_merge($this->classMap, $classMap);
        } else {
            $this->classMap = $classMap;
        }
    }
    /**
     * Registers a set of PSR-0 directories for a given prefix, either
     * appending or prepending to the ones previously set for this prefix.
     *
     * @param string              $prefix  The prefix
     * @param list<string>|string $paths   The PSR-0 root directories
     * @param bool                $prepend Whether to prepend the directories
     *
     * @return void
     */
    public function add($prefix, $paths, $prepend = false)
    {
        $paths = (array) $paths;
        if (!$prefix) {
            if ($prepend) {
                $this->fallbackDirsPsr0 = array_merge(
                    $paths,
                    $this->fallbackDirsPsr0
                );
            } else {
                $this->fallbackDirsPsr0 = array_merge(
                    $this->fallbackDirsPsr0,
                    $paths
                );
            }
            return;
        }
        $first = $prefix[0];
        if (!isset($this->prefixesPsr0[$first][$prefix])) {
            $this->prefixesPsr0[$first][$prefix] = $paths;
            return;
        }
        if ($prepend) {
            $this->prefixesPsr0[$first][$prefix] = array_merge(
                $paths,
                $this->prefixesPsr0[$first][$prefix]
            );
        } else {
            $this->prefixesPsr0[$first][$prefix] = array_merge(
                $this->prefixesPsr0[$first][$prefix],
                $paths
            );
        }
    }
    /**
     * Registers a set of PSR-4 directories for a given namespace, either
     * appending or prepending to the ones previously set for this namespace.
     *
     * @param string              $prefix  The prefix/namespace, with trailing '\\'
     * @param list<string>|string $paths   The PSR-4 base directories
     * @param bool                $prepend Whether to prepend the directories
     *
     * @throws \InvalidArgumentException
     *
     * @return void
     */
    public function addPsr4($prefix, $paths, $prepend = false)
    {
        $paths = (array) $paths;
        if (!$prefix) {
            // Register directories for the root namespace.
            if ($prepend) {
                $this->fallbackDirsPsr4 = array_merge(
                    $paths,
                    $this->fallbackDirsPsr4
                );
            } else {
                $this->fallbackDirsPsr4 = array_merge(
                    $this->fallbackDirsPsr4,
                    $paths
                );
            }
        } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
            // Register directories for a new namespace.
            $length = strlen($prefix);
            if ('\\' !== $prefix[$length - 1]) {
                throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
            }
            $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
            $this->prefixDirsPsr4[$prefix] = $paths;
        } elseif ($prepend) {
            // Prepend directories for an already registered namespace.
            $this->prefixDirsPsr4[$prefix] = array_merge(
                $paths,
                $this->prefixDirsPsr4[$prefix]
            );
        } else {
            // Append directories for an already registered namespace.
            $this->prefixDirsPsr4[$prefix] = array_merge(
                $this->prefixDirsPsr4[$prefix],
                $paths
            );
        }
    }
    /**
     * Registers a set of PSR-0 directories for a given prefix,
     * replacing any others previously set for this prefix.
     *
     * @param string              $prefix The prefix
     * @param list<string>|string $paths  The PSR-0 base directories
     *
     * @return void
     */
    public function set($prefix, $paths)
    {
        if (!$prefix) {
            $this->fallbackDirsPsr0 = (array) $paths;
        } else {
            $this->prefixesPsr0[$prefix[0]][$prefix] = (array) $paths;
        }
    }
    /**
     * Registers a set of PSR-4 directories for a given namespace,
     * replacing any others previously set for this namespace.
     *
     * @param string              $prefix The prefix/namespace, with trailing '\\'
     * @param list<string>|string $paths  The PSR-4 base directories
     *
     * @throws \InvalidArgumentException
     *
     * @return void
     */
    public function setPsr4($prefix, $paths)
    {
        if (!$prefix) {
            $this->fallbackDirsPsr4 = (array) $paths;
        } else {
            $length = strlen($prefix);
            if ('\\' !== $prefix[$length - 1]) {
                throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
            }
            $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
            $this->prefixDirsPsr4[$prefix] = (array) $paths;
        }
    }
    /**
     * Turns on searching the include path for class files.
     *
     * @param bool $useIncludePath
     *
     * @return void
     */
    public function setUseIncludePath($useIncludePath)
    {
        $this->useIncludePath = $useIncludePath;
    }
    /**
     * Can be used to check if the autoloader uses the include path to check
     * for classes.
     *
     * @return bool
     */
    public function getUseIncludePath()
    {
        return $this->useIncludePath;
    }
    /**
     * Turns off searching the prefix and fallback directories for classes
     * that have not been registered with the class map.
     *
     * @param bool $classMapAuthoritative
     *
     * @return void
     */
    public function setClassMapAuthoritative($classMapAuthoritative)
    {
        $this->classMapAuthoritative = $classMapAuthoritative;
    }
    /**
     * Should class lookup fail if not found in the current class map?
     *
     * @return bool
     */
    public function isClassMapAuthoritative()
    {
        return $this->classMapAuthoritative;
    }
    /**
     * APCu prefix to use to cache found/not-found classes, if the extension is enabled.
     *
     * @param string|null $apcuPrefix
     *
     * @return void
     */
    public function setApcuPrefix($apcuPrefix)
    {
        $this->apcuPrefix = function_exists('apcu_fetch') && filter_var(ini_get('apc.enabled'), FILTER_VALIDATE_BOOLEAN) ? $apcuPrefix : null;
    }
    /**
     * The APCu prefix in use, or null if APCu caching is not enabled.
     *
     * @return string|null
     */
    public function getApcuPrefix()
    {
        return $this->apcuPrefix;
    }
    /**
     * Registers this instance as an autoloader.
     *
     * @param bool $prepend Whether to prepend the autoloader or not
     *
     * @return void
     */
    public function register($prepend = false)
    {
        spl_autoload_register(array($this, 'loadClass'), true, $prepend);
        if (null === $this->vendorDir) {
            return;
        }
        if ($prepend) {
            self::$registeredLoaders = array($this->vendorDir => $this) + self::$registeredLoaders;
        } else {
            unset(self::$registeredLoaders[$this->vendorDir]);
            self::$registeredLoaders[$this->vendorDir] = $this;
        }
    }
    /**
     * Unregisters this instance as an autoloader.
     *
     * @return void
     */
    public function unregister()
    {
        spl_autoload_unregister(array($this, 'loadClass'));
        if (null !== $this->vendorDir) {
            unset(self::$registeredLoaders[$this->vendorDir]);
        }
    }
    /**
     * Loads the given class or interface.
     *
     * @param  string    $class The name of the class
     * @return true|null True if loaded, null otherwise
     */
    public function loadClass($class)
    {
        if ($file = $this->findFile($class)) {
            $includeFile = self::$includeFile;
            $includeFile($file);
            return true;
        }
        return null;
    }
    /**
     * Finds the path to the file where the class is defined.
     *
     * @param string $class The name of the class
     *
     * @return string|false The path if found, false otherwise
     */
    public function findFile($class)
    {
        // class map lookup
        if (isset($this->classMap[$class])) {
            return $this->classMap[$class];
        }
        if ($this->classMapAuthoritative || isset($this->missingClasses[$class])) {
            return false;
        }
        if (null !== $this->apcuPrefix) {
            $file = apcu_fetch($this->apcuPrefix.$class, $hit);
            if ($hit) {
                return $file;
            }
        }
        $file = $this->findFileWithExtension($class, '.php');
        // Search for Hack files if we are running on HHVM
        if (false === $file && defined('HHVM_VERSION')) {
            $file = $this->findFileWithExtension($class, '.hh');
        }
        if (null !== $this->apcuPrefix) {
            apcu_add($this->apcuPrefix.$class, $file);
        }
        if (false === $file) {
            // Remember that this class does not exist.
            $this->missingClasses[$class] = true;
        }
        return $file;
    }
    /**
     * Returns the currently registered loaders keyed by their corresponding vendor directories.
     *
     * @return array<string, self>
     */
    public static function getRegisteredLoaders()
    {
        return self::$registeredLoaders;
    }
    /**
     * @param  string       $class
     * @param  string       $ext
     * @return string|false
     */
    private function findFileWithExtension($class, $ext)
    {
        // PSR-4 lookup
        $logicalPathPsr4 = strtr($class, '\\', DIRECTORY_SEPARATOR) . $ext;
        $first = $class[0];
        if (isset($this->prefixLengthsPsr4[$first])) {
            $subPath = $class;
            while (false !== $lastPos = strrpos($subPath, '\\')) {
                $subPath = substr($subPath, 0, $lastPos);
                $search = $subPath . '\\';
                if (isset($this->prefixDirsPsr4[$search])) {
                    $pathEnd = DIRECTORY_SEPARATOR . substr($logicalPathPsr4, $lastPos + 1);
                    foreach ($this->prefixDirsPsr4[$search] as $dir) {
                        if (file_exists($file = $dir . $pathEnd)) {
                            return $file;
                        }
                    }
                }
            }
        }
        // PSR-4 fallback dirs
        foreach ($this->fallbackDirsPsr4 as $dir) {
            if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr4)) {
                return $file;
            }
        }
        // PSR-0 lookup
        if (false !== $pos = strrpos($class, '\\')) {
            // namespaced class name
            $logicalPathPsr0 = substr($logicalPathPsr4, 0, $pos + 1)
                . strtr(substr($logicalPathPsr4, $pos + 1), '_', DIRECTORY_SEPARATOR);
        } else {
            // PEAR-like class name
            $logicalPathPsr0 = strtr($class, '_', DIRECTORY_SEPARATOR) . $ext;
        }
        if (isset($this->prefixesPsr0[$first])) {
            foreach ($this->prefixesPsr0[$first] as $prefix => $dirs) {
                if (0 === strpos($class, $prefix)) {
                    foreach ($dirs as $dir) {
                        if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
                            return $file;
                        }
                    }
                }
            }
        }
        // PSR-0 fallback dirs
        foreach ($this->fallbackDirsPsr0 as $dir) {
            if (file_exists($file = $dir . DIRECTORY_SEPARATOR . $logicalPathPsr0)) {
                return $file;
            }
        }
        // PSR-0 include paths.
        if ($this->useIncludePath && $file = stream_resolve_include_path($logicalPathPsr0)) {
            return $file;
        }
        return false;
    }
    /**
     * @return void
     */
    private static function initializeIncludeClosure()
    {
        if (self::$includeFile !== null) {
            return;
        }
        /**
         * Scope isolated include.
         *
         * Prevents access to $this/self from included files.
         *
         * @param  string $file
         * @return void
         */
        self::$includeFile = \Closure::bind(static function($file) {
            include $file;
        }, null, null);
    }
 }
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/InstalledVersions.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/InstalledVersions.php
@@ -1,378 +0,0 @@
 <?php
 /*
 * This file is part of Composer.
 *
 * (c) Nils Adermann <naderman@naderman.de>
 *     Jordi Boggiano <j.boggiano@seld.be>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */
 namespace Composer;
 use Composer\Autoload\ClassLoader;
 use Composer\Semver\VersionParser;
 /**
 * This class is copied in every Composer installed project and available to all
 *
 * See also https://getcomposer.org/doc/07-runtime.md#installed-versions
 *
 * To require its presence, you can require `composer-runtime-api ^2.0`
 *
 * @final
 */
 class InstalledVersions
 {
    /**
     * @var mixed[]|null
     * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
     */
    private static $installed;
    /**
     * @var bool
     */
    private static $installedIsLocalDir;
    /**
     * @var bool|null
     */
    private static $canGetVendors;
    /**
     * @var array[]
     * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
     */
    private static $installedByVendor = array();
    /**
     * Returns a list of all package names which are present, either by being installed, replaced or provided
     *
     * @return string[]
     * @psalm-return list<string>
     */
    public static function getInstalledPackages()
    {
        $packages = array();
        foreach (self::getInstalled() as $installed) {
            $packages[] = array_keys($installed['versions']);
        }
        if (1 === \count($packages)) {
            return $packages[0];
        }
        return array_keys(array_flip(\call_user_func_array('array_merge', $packages)));
    }
    /**
     * Returns a list of all package names with a specific type e.g. 'library'
     *
     * @param  string   $type
     * @return string[]
     * @psalm-return list<string>
     */
    public static function getInstalledPackagesByType($type)
    {
        $packagesByType = array();
        foreach (self::getInstalled() as $installed) {
            foreach ($installed['versions'] as $name => $package) {
                if (isset($package['type']) && $package['type'] === $type) {
                    $packagesByType[] = $name;
                }
            }
        }
        return $packagesByType;
    }
    /**
     * Checks whether the given package is installed
     *
     * This also returns true if the package name is provided or replaced by another package
     *
     * @param  string $packageName
     * @param  bool   $includeDevRequirements
     * @return bool
     */
    public static function isInstalled($packageName, $includeDevRequirements = true)
    {
        foreach (self::getInstalled() as $installed) {
            if (isset($installed['versions'][$packageName])) {
                return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
            }
        }
        return false;
    }
    /**
     * Checks whether the given package satisfies a version constraint
     *
     * e.g. If you want to know whether version 2.3+ of package foo/bar is installed, you would call:
     *
     *   Composer\InstalledVersions::satisfies(new VersionParser, 'foo/bar', '^2.3')
     *
     * @param  VersionParser $parser      Install composer/semver to have access to this class and functionality
     * @param  string        $packageName
     * @param  string|null   $constraint  A version constraint to check for, if you pass one you have to make sure composer/semver is required by your package
     * @return bool
     */
    public static function satisfies(VersionParser $parser, $packageName, $constraint)
    {
        $constraint = $parser->parseConstraints((string) $constraint);
        $provided = $parser->parseConstraints(self::getVersionRanges($packageName));
        return $provided->matches($constraint);
    }
    /**
     * Returns a version constraint representing all the range(s) which are installed for a given package
     *
     * It is easier to use this via isInstalled() with the $constraint argument if you need to check
     * whether a given version of a package is installed, and not just whether it exists
     *
     * @param  string $packageName
     * @return string Version constraint usable with composer/semver
     */
    public static function getVersionRanges($packageName)
    {
        foreach (self::getInstalled() as $installed) {
            if (!isset($installed['versions'][$packageName])) {
                continue;
            }
            $ranges = array();
            if (isset($installed['versions'][$packageName]['pretty_version'])) {
                $ranges[] = $installed['versions'][$packageName]['pretty_version'];
            }
            if (array_key_exists('aliases', $installed['versions'][$packageName])) {
                $ranges = array_merge($ranges, $installed['versions'][$packageName]['aliases']);
            }
            if (array_key_exists('replaced', $installed['versions'][$packageName])) {
                $ranges = array_merge($ranges, $installed['versions'][$packageName]['replaced']);
            }
            if (array_key_exists('provided', $installed['versions'][$packageName])) {
                $ranges = array_merge($ranges, $installed['versions'][$packageName]['provided']);
            }
            return implode(' || ', $ranges);
        }
        throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
    }
    /**
     * @param  string      $packageName
     * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present
     */
    public static function getVersion($packageName)
    {
        foreach (self::getInstalled() as $installed) {
            if (!isset($installed['versions'][$packageName])) {
                continue;
            }
            if (!isset($installed['versions'][$packageName]['version'])) {
                return null;
            }
            return $installed['versions'][$packageName]['version'];
        }
        throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
    }
    /**
     * @param  string      $packageName
     * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as version, use satisfies or getVersionRanges if you need to know if a given version is present
     */
    public static function getPrettyVersion($packageName)
    {
        foreach (self::getInstalled() as $installed) {
            if (!isset($installed['versions'][$packageName])) {
                continue;
            }
            if (!isset($installed['versions'][$packageName]['pretty_version'])) {
                return null;
            }
            return $installed['versions'][$packageName]['pretty_version'];
        }
        throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
    }
    /**
     * @param  string      $packageName
     * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as reference
     */
    public static function getReference($packageName)
    {
        foreach (self::getInstalled() as $installed) {
            if (!isset($installed['versions'][$packageName])) {
                continue;
            }
            if (!isset($installed['versions'][$packageName]['reference'])) {
                return null;
            }
            return $installed['versions'][$packageName]['reference'];
        }
        throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
    }
    /**
     * @param  string      $packageName
     * @return string|null If the package is being replaced or provided but is not really installed, null will be returned as install path. Packages of type metapackages also have a null install path.
     */
    public static function getInstallPath($packageName)
    {
        foreach (self::getInstalled() as $installed) {
            if (!isset($installed['versions'][$packageName])) {
                continue;
            }
            return isset($installed['versions'][$packageName]['install_path']) ? $installed['versions'][$packageName]['install_path'] : null;
        }
        throw new \OutOfBoundsException('Package "' . $packageName . '" is not installed');
    }
    /**
     * @return array
     * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}
     */
    public static function getRootPackage()
    {
        $installed = self::getInstalled();
        return $installed[0]['root'];
    }
    /**
     * Returns the raw installed.php data for custom implementations
     *
     * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect.
     * @return array[]
     * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}
     */
    public static function getRawData()
    {
        @trigger_error('getRawData only returns the first dataset loaded, which may not be what you expect. Use getAllRawData() instead which returns all datasets for all autoloaders present in the process.', E_USER_DEPRECATED);
        if (null === self::$installed) {
            // only require the installed.php file if this file is loaded from its dumped location,
            // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
            if (substr(__DIR__, -8, 1) !== 'C') {
                self::$installed = include __DIR__ . '/installed.php';
            } else {
                self::$installed = array();
            }
        }
        return self::$installed;
    }
    /**
     * Returns the raw data of all installed.php which are currently loaded for custom implementations
     *
     * @return array[]
     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
     */
    public static function getAllRawData()
    {
        return self::getInstalled();
    }
    /**
     * Lets you reload the static array from another file
     *
     * This is only useful for complex integrations in which a project needs to use
     * this class but then also needs to execute another project's autoloader in process,
     * and wants to ensure both projects have access to their version of installed.php.
     *
     * A typical case would be PHPUnit, where it would need to make sure it reads all
     * the data it needs from this class, then call reload() with
     * `require $CWD/vendor/composer/installed.php` (or similar) as input to make sure
     * the project in which it runs can then also use this class safely, without
     * interference between PHPUnit's dependencies and the project's dependencies.
     *
     * @param  array[] $data A vendor/composer/installed.php data set
     * @return void
     *
     * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data
     */
    public static function reload($data)
    {
        self::$installed = $data;
        self::$installedByVendor = array();
        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
        // so we have to assume it does not, and that may result in duplicate data being returned when listing
        // all installed packages for example
        self::$installedIsLocalDir = false;
    }
    /**
     * @return array[]
     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
     */
    private static function getInstalled()
    {
        if (null === self::$canGetVendors) {
            self::$canGetVendors = method_exists('Composer\Autoload\ClassLoader', 'getRegisteredLoaders');
        }
        $installed = array();
        $copiedLocalDir = false;
        if (self::$canGetVendors) {
            $selfDir = strtr(__DIR__, '\\', '/');
            foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
                $vendorDir = strtr($vendorDir, '\\', '/');
                if (isset(self::$installedByVendor[$vendorDir])) {
                    $installed[] = self::$installedByVendor[$vendorDir];
                } elseif (is_file($vendorDir.'/composer/installed.php')) {
                    /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                    $required = require $vendorDir.'/composer/installed.php';
                    self::$installedByVendor[$vendorDir] = $required;
                    $installed[] = $required;
                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
                        self::$installed = $required;
                        self::$installedIsLocalDir = true;
                    }
                }
                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
                    $copiedLocalDir = true;
                }
            }
        }
        if (null === self::$installed) {
            // only require the installed.php file if this file is loaded from its dumped location,
            // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
            if (substr(__DIR__, -8, 1) !== 'C') {
                /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
                $required = require __DIR__ . '/installed.php';
                self::$installed = $required;
            } else {
                self::$installed = array();
            }
        }
        if (self::$installed !== array() && !$copiedLocalDir) {
            $installed[] = self::$installed;
        }
        return $installed;
    }
 }
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/LICENSE
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/LICENSE
@@ -1,21 +0,0 @@
 Copyright (c) Nils Adermann, Jordi Boggiano
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is furnished
 to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_classmap.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_classmap.php
@@ -1,15 +0,0 @@
 <?php
 // autoload_classmap.php @generated by Composer
 $vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 return array(
    'Combodo\\iTop\\DBTools\\Enum\\BinExitCode' => $baseDir . '/src/Enum/BinExitCode.php',
    'Combodo\\iTop\\DBTools\\Exception\\AuthenticationException' => $baseDir . '/src/Exception/AuthenticationException.php',
    'Combodo\\iTop\\DBTools\\Service\\BinUtils' => $baseDir . '/src/Service/BinUtils.php',
    'Combodo\\iTop\\DBTools\\Service\\DBAnalyzerUtils' => $baseDir . '/src/Service/DBAnalyzerUtils.php',
    'Combodo\\iTop\\DBTools\\Service\\DBToolsUtils' => $baseDir . '/src/Service/DBToolsUtils.php',
    'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
 );
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_namespaces.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_namespaces.php
@@ -1,9 +0,0 @@
 <?php
 // autoload_namespaces.php @generated by Composer
 $vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 return array(
 );
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_psr4.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_psr4.php
@@ -1,10 +0,0 @@
 <?php
 // autoload_psr4.php @generated by Composer
 $vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);
 return array(
    'Combodo\\iTop\\DBTools\\' => array($baseDir . '/src'),
 );
--- a/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_real.php
+++ b/datamodels/2.x/combodo-db-tools/vendor/composer/autoload_real.php
@@ -1,37 +0,0 @@
 <?php
 // autoload_real.php @generated by Composer
 class ComposerAutoloaderInit38292b9b3a56c6c8776285a17c58034e
 {
    private static $loader;
    public static function loadClassLoader($class)
    {
        if ('Composer\Autoload\ClassLoader' === $class) {
            require __DIR__ . '/ClassLoader.php';
        }
    }
    /**
     * @return \Composer\Autoload\ClassLoader
     */
    public static function getLoader()
    {
        if (null !== self::$loader) {
            return self::$loader;
        }
        spl_autoload_register(array('ComposerAutoloaderInit38292b9b3a56c6c8776285a17c58034e', 'loadClassLoader'), true, true);
        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
        spl_autoload_unregister(array('ComposerAutoloaderInit38292b9b3a56c6c8776285a17c58034e', 'loadClassLoader'));
        require __DIR__ . '/autoload_static.php';
        call_user_func(\Composer\Autoload\ComposerStaticInit38292b9b3a56c6c8776285a17c58034e::getInitializer($loader));
        $loader->setClassMapAuthoritative(true);
        $loader->register(true);
        return $loader;
    }
 }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
odain	fc2901a5d3	cache returned objects for next round + add jeffrey test	2025-12-31 07:59:21 +01:00
odain	5ced223426	ci: code style only	2025-12-30 12:42:26 +01:00
odain	346daa3ccc	ci: fix by create 10 URs in CI env	2025-12-30 12:27:36 +01:00
odain	afdfb2acf1	dbobjectset : check cache use via phpunit tests	2025-12-30 12:05:32 +01:00
odain	e58e699288	(Jeffrey Boesten): Rewind enhancement when data already loaded	2025-12-24 10:43:40 +01:00
		`@@ -1,3 +0,0 @@`
			`@import "../../../node_modules/tom-select/dist/scss/tom-select.scss";`

			`$select-color-item-active-border: $ibo-input--focus--border-color;`