Fix community-licenses.xml

Prepare iTop 3.0.3 release
* Increase constants version to 3.0.3 * Increase modules version to 3.0.3 * Update licenses file
2026-02-15 16:34:11 +01:00 · 2023-03-14 12:08:54 +01:00 · 2023-03-14 09:55:18 +01:00 · 2023-03-10 16:24:17 +01:00 · 2023-03-10 16:04:55 +01:00 · 2023-03-08 10:54:55 +01:00
599 changed files with 9959 additions and 7180 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -19,7 +19,7 @@

 # composer reserver directory, from sources, populate/update using "composer install"
 vendor/*
-test/vendor/*
+tests/*/vendor/*

 # all conf but listing prevention
 /conf/**
@@ -46,7 +46,7 @@ test/vendor/*
 !/log/web.config

 # PHPUnit cache file
-/test/.phpunit.result.cache
+/tests/php-unit-tests/.phpunit.result.cache


 # Jetbrains
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -131,7 +131,7 @@ Our tests are located in the `test/` directory, containing a PHPUnit config file

 When your code is working, please:

-* stash as much as possible your commits,
+* squash as much as possible your commits,
 * rebase your branch on our repo last commit,
 * create a pull request.

--- a/8
+++ b/8
@@ -1,6 +1,14 @@
 def infra

 node(){
+    properties([
+            buildDiscarder(
+                    logRotator(
+                            daysToKeepStr: "28",
+                            numToKeepStr: "500")
+            )
+    ])
+
  checkout scm

  infra = load '/var/lib/jenkins/workspace/itop-test-infra_master/src/Infra.groovy'
--- a/application/applicationcontext.class.inc.php
+++ b/application/applicationcontext.class.inc.php
@@ -376,26 +376,19 @@ class ApplicationContext
   {
   	$oAppContext = new ApplicationContext();

-      if (is_null($sUrlMakerClass))
-      {
-			$sUrlMakerClass = self::GetUrlMakerClass();
-		}
+        if (is_null($sUrlMakerClass)) {
+	        $sUrlMakerClass = self::GetUrlMakerClass();
+        }
 		$sUrl = call_user_func(array($sUrlMakerClass, 'MakeObjectUrl'), $sObjClass, $sObjKey);
-		if (strlen($sUrl) > 0)
-		{
-			if ($bWithNavigationContext)
-			{
-				return $sUrl."&".$oAppContext->GetForLink();
-			}
-			else
-			{
-				return $sUrl;
-			}
-		}
-		else
-		{
-			return '';
-		}	
+	   if (utils::StrLen($sUrl) > 0) {
+		   if ($bWithNavigationContext) {
+			   return $sUrl."&".$oAppContext->GetForLink();
+		   } else {
+			   return $sUrl;
+		   }
+	   } else {
+		   return '';
+	   }
 	}

 	/**
--- a/application/applicationextension.inc.php
+++ b/application/applicationextension.inc.php
@@ -30,9 +30,9 @@ require_once(APPROOT.'application/newsroomprovider.class.inc.php');
 * You may implement such interfaces in a module file (e.g. main.mymodule.php)
 *
 * @api
+ * @package     LoginExtensibilityAPI
 * @copyright   Copyright (C) 2010-2021 Combodo SARL
 * @license     http://opensource.org/licenses/AGPL-3.0
- * @package     Extensibility
 * @since       2.7.0
 */
 interface iLoginExtension
@@ -40,12 +40,16 @@ interface iLoginExtension
 	/**
 	 * Return the list of supported login modes for this plugin
 	 *
+	 * @api
+	 *
 	 * @return array of supported login modes
 	 */
 	public function ListSupportedLoginModes();
 }

 /**
+ * @api
+ * @package     LoginExtensibilityAPI
 * @since 2.7.0
 */
 interface iLoginFSMExtension extends iLoginExtension
@@ -57,6 +61,7 @@ interface iLoginFSMExtension extends iLoginExtension
 	 * if LoginWebPage::LOGIN_FSM_RETURN_OK is returned then the login is OK and terminated
 	 * if LoginWebPage::LOGIN_FSM_RETURN_IGNORE is returned then the FSM will proceed to next plugin or state
 	 *
+	 * @api
 	 * @param string $sLoginState (see LoginWebPage::LOGIN_STATE_...)
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
@@ -66,6 +71,8 @@ interface iLoginFSMExtension extends iLoginExtension
 }

 /**
+ * @api
+ * @package     LoginExtensibilityAPI
 * @since 2.7.0
 */
 abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
@@ -112,6 +119,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	/**
 	 * Initialization
 	 *
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -125,6 +133,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	 * Detect login mode explicitly without respecting configured order (legacy mode)
 	 * In most case do nothing here
 	 *
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -141,6 +150,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	 * 1 - display login form
 	 * 2 - read the values posted by the user
 	 *
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -154,6 +164,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	 * Control the validity of the data provided by the user
 	 * Automatic user provisioning can be done here
 	 *
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -164,6 +175,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	}

 	/**
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -174,6 +186,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	}

 	/**
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -184,6 +197,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	}

 	/**
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -194,6 +208,7 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 	}

 	/**
+	 * @api
 	 * @param int $iErrorCode (see LoginWebPage::EXIT_CODE_...)
 	 *
 	 * @return int LoginWebPage::LOGIN_FSM_RETURN_ERROR, LoginWebPage::LOGIN_FSM_RETURN_OK or LoginWebPage::LOGIN_FSM_RETURN_IGNORE
@@ -205,22 +220,28 @@ abstract class AbstractLoginFSMExtension implements iLoginFSMExtension
 }

 /**
+ * @api
+ * @package     LoginExtensibilityAPI
 * @since 2.7.0
 */
 interface iLogoutExtension extends iLoginExtension
 {
 	/**
 	 * Execute all actions to log out properly
+	 * @api
 	 */
 	public function LogoutAction();
 }

 /**
+ * @api
+ * @package     UIExtensibilityAPI
 * @since 2.7.0
 */
 interface iLoginUIExtension extends iLoginExtension
 {
 	/**
+	 * @api
 	 * @return LoginTwigContext
 	 */
 	public function GetTwigContext();
@@ -228,18 +249,20 @@ interface iLoginUIExtension extends iLoginExtension

 /**
 * @api
- * @package     Extensibility
+ * @package     PreferencesExtensibilityAPI
 * @since 2.7.0
 */
 interface iPreferencesExtension
 {
 	/**
+	 * @api
 	 * @param \WebPage $oPage
 	 *
 	 */
 	public function DisplayPreferences(WebPage $oPage);

 	/**
+	 * @api
 	 * @param \WebPage $oPage
 	 * @param string $sOperation
 	 *
@@ -252,7 +275,7 @@ interface iPreferencesExtension
 * Extend this class instead of implementing iPreferencesExtension if you don't need to overload all methods
 *
 * @api
- * @package     Extensibility
+ * @package     PreferencesExtensibilityAPI
 * @since       2.7.0
 */
 abstract class AbstractPreferencesExtension implements iPreferencesExtension
@@ -298,7 +321,7 @@ abstract class AbstractPreferencesExtension implements iPreferencesExtension
 * A recommended pattern is to cache data by the mean of static members.
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 */
 interface iApplicationUIExtension
 {
@@ -320,6 +343,7 @@ interface iApplicationUIExtension
 	 * }
 	 * </code>
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being displayed
 	 * @param WebPage $oPage The output context
 	 * @param boolean $bEditMode True if the edition form is being displayed
@@ -333,6 +357,7 @@ interface iApplicationUIExtension
 	 *
 	 * The method is called rigth after all the tabs have been displayed
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being displayed
 	 * @param WebPage $oPage The output context
 	 * @param boolean $bEditMode True if the edition form is being displayed
@@ -347,6 +372,7 @@ interface iApplicationUIExtension
 	 * The method is called after the changes from the standard form have been
 	 * taken into account, and before saving the changes into the database.
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being edited
 	 * @param string $sFormPrefix Prefix given to the HTML form inputs
 	 *
@@ -361,6 +387,7 @@ interface iApplicationUIExtension
 	 * javascript into the edition form, and if that code requires to store temporary data
 	 * (this is the case when a file must be uploaded).
 	 *
+	 * @api
 	 * @param string $sTempId Unique temporary identifier made of session_id and transaction_id. It identifies the object in a unique way.
 	 *
 	 * @return void
@@ -372,6 +399,7 @@ interface iApplicationUIExtension
 	 *
 	 * Sorry, the verb has been reserved. You must implement it, but it is not called as of now.
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being displayed
 	 *
 	 * @return string[] desc
@@ -383,6 +411,7 @@ interface iApplicationUIExtension
 	 *
 	 * Sorry, the verb has been reserved. You must implement it, but it is not called as of now.
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being displayed
 	 *
 	 * @return string Path of the icon, relative to the modules directory.
@@ -402,6 +431,7 @@ interface iApplicationUIExtension
 	 * * HILIGHT_CLASS_OK
 	 * * HILIGHT_CLASS_NONE
 	 *
+	 * @api
 	 * @param DBObject $oObject The object being displayed
 	 *
 	 * @return integer The value representing the mood of the object
@@ -428,6 +458,7 @@ interface iApplicationUIExtension
 	 *
 	 * See also iPopupMenuExtension for greater flexibility
 	 *
+	 * @api
 	 * @param DBObjectSet $oSet A set of persistent objects (DBObject)
 	 *
 	 * @return array
@@ -439,7 +470,7 @@ interface iApplicationUIExtension
 * Extend this class instead of implementing iApplicationUIExtension if you don't need to overload
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since       2.7.0
 */
 abstract class AbstractApplicationUIExtension implements iApplicationUIExtension
@@ -513,7 +544,7 @@ abstract class AbstractApplicationUIExtension implements iApplicationUIExtension
 * or through the GUI.
 *
 * @api
- * @package     Extensibility
+ * @package     ORMExtensibilityAPI
 */
 interface iApplicationObjectExtension
 {
@@ -526,6 +557,7 @@ interface iApplicationObjectExtension
 	 * If the extension returns false, then the framework will perform the usual evaluation.
 	 * Otherwise, the answer is definitively "yes, the object has changed".
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 *
 	 * @return boolean True if something has changed for the target object
@@ -538,6 +570,7 @@ interface iApplicationObjectExtension
 	 * The GUI calls this verb and reports any issue.
 	 * Anyhow, this API can be called in other contexts such as the CSV import tool.
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 *
 	 * @return string[] A list of errors message. An error message is made of one line and it can be displayed to the end-user.
@@ -551,6 +584,7 @@ interface iApplicationObjectExtension
 	 *
 	 * Please not that it is not possible to cascade deletion by this mean: only stopper issues can be handled.
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 *
 	 * @return string[] A list of errors message. An error message is made of one line and it can be displayed to the end-user.
@@ -566,6 +600,7 @@ interface iApplicationObjectExtension
 	 * * {@see DBObject::ListPreviousValuesForUpdatedAttributes()} : list of changed attributes and their values before the change
 	 * * {@see DBObject::Get()} : for a given attribute the new value that was persisted
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 * @param CMDBChange|null $oChange A change context. Since 2.0 it is fine to ignore it, as the framework does maintain this information
 	 *     once for all the changes made within the current page
@@ -581,6 +616,7 @@ interface iApplicationObjectExtension
 	 *
 	 * The method is called right <b>after</b> the object has been written to the database.
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 * @param CMDBChange|null $oChange A change context. Since 2.0 it is fine to ignore it, as the framework does maintain this information
 	 *     once for all the changes made within the current page
@@ -594,6 +630,7 @@ interface iApplicationObjectExtension
 	 *
 	 * The method is called right <b>before</b> the object will be deleted from the database.
 	 *
+	 * @api
 	 * @param \cmdbAbstractObject $oObject The target object
 	 * @param CMDBChange|null $oChange A change context. Since 2.0 it is fine to ignore it, as the framework does maintain this information
 	 *     once for all the changes made within the current page
@@ -607,7 +644,7 @@ interface iApplicationObjectExtension
 * Extend this class instead of iApplicationObjectExtension if you don't need to overload all methods
 *
 * @api
- * @package     Extensibility
+ * @package     ORMExtensibilityAPI
 * @since       2.7.0
 */
 abstract class AbstractApplicationObjectExtension implements iApplicationObjectExtension
@@ -667,7 +704,7 @@ abstract class AbstractApplicationObjectExtension implements iApplicationObjectE
 * by the application, as long as the class definition is included somewhere in the code
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 interface iPopupMenuExtension
@@ -676,18 +713,21 @@ interface iPopupMenuExtension
 	 * Insert an item into the Actions menu of a list
 	 *
 	 * $param is a DBObjectSet containing the list of objects
+	 * @api
 	 */
 	const MENU_OBJLIST_ACTIONS = 1;
 	/**
 	 * Insert an item into the Toolkit menu of a list
 	 *
 	 * $param is a DBObjectSet containing the list of objects
+	 * @api
 	 */
 	const MENU_OBJLIST_TOOLKIT = 2;
 	/**
 	 * Insert an item into the Actions menu on an object details page
 	 *
 	 * $param is a DBObject instance: the object currently displayed
+	 * @api
 	 */
 	const MENU_OBJDETAILS_ACTIONS = 3;
 	/**
@@ -697,12 +737,14 @@ interface iPopupMenuExtension
 	 * is being displayed.
 	 *
 	 * $param is a Dashboard instance: the dashboard currently displayed
+	 * @api
 	 */
 	const MENU_DASHBOARD_ACTIONS = 4;
 	/**
 	 * Insert an item into the User menu (upper right corner)
 	 *
 	 * $param is null
+	 * @api
 	 */
 	const MENU_USER_ACTIONS = 5;
 	/**
@@ -710,6 +752,7 @@ interface iPopupMenuExtension
 	 *
 	 * $param is an array('portal_id' => $sPortalId, 'object' => $oObject) containing the portal id and a DBObject instance (the object on
 	 * the current line)
+	 * @api
 	 */
 	const PORTAL_OBJLISTITEM_ACTIONS = 7;
 	/**
@@ -717,6 +760,7 @@ interface iPopupMenuExtension
 	 *
 	 * $param is an array('portal_id' => $sPortalId, 'object' => $oObject) containing the portal id and a DBObject instance (the object
 	 * currently displayed)
+	 * @api
 	 */
 	const PORTAL_OBJDETAILS_ACTIONS = 8;

@@ -754,6 +798,7 @@ interface iPopupMenuExtension
 	 * This method is called by the framework for each menu.
 	 * The items will be inserted in the menu in the order of the returned array.
 	 *
+	 * @api
 	 * @param int $iMenuId The identifier of the type of menu, as listed by the constants MENU_xxx
 	 * @param mixed $param Depends on $iMenuId, see the constants defined above
 	 *
@@ -766,7 +811,7 @@ interface iPopupMenuExtension
 * Base class for the various types of custom menus
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 abstract class ApplicationPopupMenuItem
@@ -776,7 +821,7 @@ abstract class ApplicationPopupMenuItem
 	/** @ignore */
 	protected $sLabel;
 	/** @ignore */
-	protected $sTooltip;	
+	protected $sTooltip;
 	/** @ignore */
 	protected $sIconClass;
 	/** @ignore */
@@ -833,6 +878,7 @@ abstract class ApplicationPopupMenuItem
 	}

 	/**
+	 * @api
 	 * @param $aCssClasses
 	 */
 	public function SetCssClasses($aCssClasses)
@@ -843,6 +889,7 @@ abstract class ApplicationPopupMenuItem
 	/**
 	 * Adds a CSS class to the CSS classes that will be put on the menu item
 	 *
+	 * @api
 	 * @param $sCssClass
 	 */
 	public function AddCssClass($sCssClass)
@@ -853,7 +900,7 @@ abstract class ApplicationPopupMenuItem

 	/**
 	 * @param $sTooltip
-	 * 
+	 *
 	 * @since 3.0.0
 	 */
 	public function SetTooltip($sTooltip)
@@ -863,24 +910,24 @@ abstract class ApplicationPopupMenuItem

 	/**
 	 * @return string
-	 * 
+	 *
 	 * @since 3.0.0
 	 */
 	public function GetTooltip()
 	{
 		return $this->sTooltip;
 	}
-	
+
 	/**
 	 * @param $sIconClass
-	 * 
+	 *
 	 * @since 3.0.0
 	 */
 	public function SetIconClass($sIconClass)
 	{
 		$this->sIconClass = $sIconClass;
-	}	
-	
+	}
+
 	/**
 	 * @return string
 	 *
@@ -890,7 +937,7 @@ abstract class ApplicationPopupMenuItem
 	{
 		return $this->sIconClass;
 	}
-	
+
 	/**
 	 * Returns the components to create a popup menu item in HTML
 	 *
@@ -912,7 +959,7 @@ abstract class ApplicationPopupMenuItem
 * Note: This works only in the backoffice, {@see \URLButtonItem} for the end-user portal
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 class URLPopupMenuItem extends ApplicationPopupMenuItem
@@ -925,6 +972,7 @@ class URLPopupMenuItem extends ApplicationPopupMenuItem
 	/**
 	 * Constructor
 	 *
+	 * @api
 	 * @param string $sUID The unique identifier of this menu in iTop... make sure you pass something unique enough
 	 * @param string $sLabel The display label of the menu (must be localized)
 	 * @param string $sUrl If the menu is an hyperlink, provide the absolute hyperlink here
@@ -948,7 +996,7 @@ class URLPopupMenuItem extends ApplicationPopupMenuItem
 			'tooltip' => $this->sTooltip
 		);
 	}
-	
+
 	/** @ignore */
 	public function GetUrl()
 	{
@@ -968,7 +1016,7 @@ class URLPopupMenuItem extends ApplicationPopupMenuItem
 * Note: This works only in the backoffice, {@see \JSButtonItem} for the end-user portal
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 class JSPopupMenuItem extends ApplicationPopupMenuItem
@@ -1018,13 +1066,13 @@ class JSPopupMenuItem extends ApplicationPopupMenuItem
 	{
 		return $this->aIncludeJSFiles;
 	}
-	
+
 	/** @ignore */
 	public function GetJsCode()
 	{
 		return $this->sJsCode;
 	}
-	
+
 	/** @ignore */
 	public function GetUrl()
 	{
@@ -1037,7 +1085,7 @@ class JSPopupMenuItem extends ApplicationPopupMenuItem
 * will automatically reduce several consecutive separators to just one
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 class SeparatorPopupMenuItem extends ApplicationPopupMenuItem
@@ -1046,6 +1094,7 @@ class SeparatorPopupMenuItem extends ApplicationPopupMenuItem

 	/**
 	 * Constructor
+	 * @api
 	 */
 	public function __construct()
 	{
@@ -1063,7 +1112,7 @@ class SeparatorPopupMenuItem extends ApplicationPopupMenuItem
 * Class for adding an item as a button that browses to the given URL
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 class URLButtonItem extends URLPopupMenuItem
@@ -1075,7 +1124,7 @@ class URLButtonItem extends URLPopupMenuItem
 * Class for adding an item as a button that runs some JS code
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 */
 class JSButtonItem extends JSPopupMenuItem
@@ -1099,7 +1148,7 @@ class JSButtonItem extends JSPopupMenuItem
 * the specified place and can use the passed iTopWebPage object to add javascript or CSS definitions
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since 2.0
 * @deprecated 3.0.0 If you need to include:
 *   * JS/CSS files/snippets, use {@see \iBackofficeLinkedScriptsExtension}, {@see \iBackofficeLinkedStylesheetsExtension}, etc instead
@@ -1110,6 +1159,7 @@ interface iPageUIExtension
 	/**
 	 * Add content to the header of the page
 	 *
+	 * @api
 	 * @param iTopWebPage $oPage The page to insert stuff into.
 	 *
 	 * @return string The HTML content to add into the page
@@ -1119,6 +1169,7 @@ interface iPageUIExtension
 	/**
 	 * Add content to the footer of the page
 	 *
+	 * @api
 	 * @param iTopWebPage $oPage The page to insert stuff into.
 	 *
 	 * @return string The HTML content to add into the page
@@ -1128,6 +1179,7 @@ interface iPageUIExtension
 	/**
 	 * Add content to the "admin banner"
 	 *
+	 * @api
 	 * @param iTopWebPage $oPage The page to insert stuff into.
 	 *
 	 * @return string The HTML content to add into the page
@@ -1151,7 +1203,7 @@ interface iPageUIExtension
 * the specified place and can use the passed iTopWebPage object to add javascript or CSS definitions
 *
 * @api
- * @package     Extensibility
+ * @package     UIBlockExtensibilityAPI
 * @since 3.0.0
 */
 interface iPageUIBlockExtension
@@ -1182,7 +1234,7 @@ interface iPageUIBlockExtension
 * Extend this class instead of iPageUIExtension if you don't need to overload all methods
 *
 * @api
- * @package     Extensibility
+ * @package     UIExtensibilityAPI
 * @since       2.7.0
 * @deprecated since 3.0.0 use AbstractPageUIBlockExtension instead
 */
@@ -1224,7 +1276,7 @@ abstract class AbstractPageUIExtension implements iPageUIExtension
 * Extend this class instead of iPageUIExtension if you don't need to overload all methods
 *
 * @api
- * @package     Extensibility
+ * @package     UIBlockExtensibilityAPI
 * @since       3.0.0
 */
 abstract class AbstractPageUIBlockExtension implements iPageUIBlockExtension
@@ -1259,6 +1311,7 @@ abstract class AbstractPageUIBlockExtension implements iPageUIBlockExtension
 *
 * @see \iTopWebPage::$a_linked_scripts
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeLinkedScriptsExtension
@@ -1276,6 +1329,7 @@ interface iBackofficeLinkedScriptsExtension
 *
 * @see \iTopWebPage::$a_early_scripts
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeEarlyScriptExtension
@@ -1292,6 +1346,7 @@ interface iBackofficeEarlyScriptExtension
 *
 * @see \iTopWebPage::$a_scripts
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeScriptExtension
@@ -1308,6 +1363,7 @@ interface iBackofficeScriptExtension
 *
 * @see \iTopWebPage::$a_init_scripts
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeInitScriptExtension
@@ -1324,6 +1380,7 @@ interface iBackofficeInitScriptExtension
 *
 * @see \iTopWebPage::$a_ready_scripts
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeReadyScriptExtension
@@ -1340,6 +1397,7 @@ interface iBackofficeReadyScriptExtension
 *
 * @see \iTopWebPage::$a_linked_stylesheets
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeLinkedStylesheetsExtension
@@ -1356,6 +1414,7 @@ interface iBackofficeLinkedStylesheetsExtension
 *
 * @see \iTopWebPage::$a_styles
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeStyleExtension
@@ -1372,6 +1431,7 @@ interface iBackofficeStyleExtension
 *
 * @see \iTopWebPage::$a_dict_entries
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeDictEntriesExtension
@@ -1388,6 +1448,7 @@ interface iBackofficeDictEntriesExtension
 *
 * @see \iTopWebPage::$a_dict_entries_prefixes
 * @api
+ * @package BackofficeUIExtensibilityAPI
 * @since 3.0.0
 */
 interface iBackofficeDictEntriesPrefixesExtension
@@ -1403,7 +1464,7 @@ interface iBackofficeDictEntriesPrefixesExtension
 * Implement this interface to add content to any enhanced portal page
 *
 * @api
- * @package     Extensibility
+ * @package     PortalExtensibilityAPI
 *
 * @since 2.4.0 interface creation
 * @since 2.7.0 change method signatures due to Silex to Symfony migration
@@ -1417,6 +1478,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns an array of CSS file urls
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return array
@@ -1426,6 +1488,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns inline (raw) CSS
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return string
@@ -1435,6 +1498,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns an array of JS file urls
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return array
@@ -1444,6 +1508,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns raw JS code
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return string
@@ -1453,6 +1518,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns raw HTML code to put at the end of the <body> tag
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return string
@@ -1462,6 +1528,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns raw HTML code to put at the end of the #main-wrapper element
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return string
@@ -1471,6 +1538,7 @@ interface iPortalUIExtension
 	/**
 	 * Returns raw HTML code to put at the end of the #topbar and #sidebar elements
 	 *
+	 * @api
 	 * @param \Symfony\Component\DependencyInjection\Container $oContainer
 	 *
 	 * @return string
@@ -1482,7 +1550,7 @@ interface iPortalUIExtension
 * Extend this class instead of iPortalUIExtension if you don't need to overload all methods
 *
 * @api
- * @package     Extensibility
+ * @package     PortalExtensibilityAPI
 * @since       2.4.0
 */
 abstract class AbstractPortalUIExtension implements iPortalUIExtension
@@ -1548,7 +1616,7 @@ abstract class AbstractPortalUIExtension implements iPortalUIExtension
 * Implement this interface to add new operations to the REST/JSON web service
 *
 * @api
- * @package     Extensibility
+ * @package     RESTExtensibilityAPI
 * @since 2.0.1
 */
 interface iRestServiceProvider
@@ -1556,6 +1624,7 @@ interface iRestServiceProvider
 	/**
 	 * Enumerate services delivered by this class
 	 *
+	 * @api
 	 * @param string $sVersion The version (e.g. 1.0) supported by the services
 	 *
 	 * @return array An array of hash 'verb' => verb, 'description' => description
@@ -1565,6 +1634,7 @@ interface iRestServiceProvider
 	/**
 	 * Enumerate services delivered by this class
 	 *
+	 * @api
 	 * @param string $sVersion The version (e.g. 1.0) supported by the services
 	 * @param string $sVerb
 	 * @param array $aParams
@@ -1578,69 +1648,90 @@ interface iRestServiceProvider
 * Minimal REST response structure. Derive this structure to add response data and error codes.
 *
 * @api
- * @package     Extensibility
+ * @package     RESTExtensibilityAPI
 * @since 2.0.1
 */
 class RestResult
 {
 	/**
 	 * Result: no issue has been encountered
+	 * @api
 	 */
 	const OK = 0;
 	/**
 	 * Result: missing/wrong credentials or the user does not have enough rights to perform the requested operation
+	 * @api
 	 */
 	const UNAUTHORIZED = 1;
 	/**
 	 * Result: the parameter 'version' is missing
+	 * @api
 	 */
 	const MISSING_VERSION = 2;
 	/**
 	 * Result: the parameter 'json_data' is missing
+	 * @api
 	 */
 	const MISSING_JSON = 3;
 	/**
 	 * Result: the input structure is not a valid JSON string
+	 * @api
 	 */
 	const INVALID_JSON = 4;
 	/**
 	 * Result: the parameter 'auth_user' is missing, authentication aborted
+	 * @api
 	 */
 	const MISSING_AUTH_USER = 5;
 	/**
 	 * Result: the parameter 'auth_pwd' is missing, authentication aborted
+	 * @api
 	 */
 	const MISSING_AUTH_PWD = 6;
 	/**
 	 * Result: no operation is available for the specified version
+	 * @api
 	 */
 	const UNSUPPORTED_VERSION = 10;
 	/**
 	 * Result: the requested operation is not valid for the specified version
+	 * @api
 	 */
 	const UNKNOWN_OPERATION = 11;
 	/**
 	 * Result: the requested operation cannot be performed because it can cause data (integrity) loss
+	 * @api
 	 */
 	const UNSAFE = 12;
 	/**
 	 * Result: the request page number is not valid. It must be an integer greater than 0
+	 * @api
 	 */
 	const INVALID_PAGE = 13;
 	/**
 	 * Result: the operation could not be performed, see the message for troubleshooting
+	 * @api
 	 */
 	const INTERNAL_ERROR = 100;

 	/**
 	 * Default constructor - ok!
+	 * @api
 	 */
 	public function __construct()
 	{
 		$this->code = RestResult::OK;
 	}

+	/**
+	 * @var int
+	 * @api
+	 */
 	public $code;
+	/**
+	 * @var string
+	 * @api
+	 */
 	public $message;
 }

@@ -1648,7 +1739,7 @@ class RestResult
 * Helpers for implementing REST services
 *
 * @api
- * @package     Extensibility
+ * @package     RESTExtensibilityAPI
 */
 class RestUtils
 {
@@ -1797,6 +1888,7 @@ class RestUtils
 	/**
 	 * Read and interpret object search criteria from a Rest/Json structure
 	 *
+	 * @api
 	 * @param string $sClass Name of the class
 	 * @param StdClass $oCriteria Hash of attribute code => value (can be a substructure or a scalar, depending on the nature of the
 	 *     attriute)
@@ -1906,6 +1998,7 @@ class RestUtils
 	/**
 	 * Search objects from a polymorph search specification (Rest/Json)
 	 *
+	 * @api
 	 * @param string $sClass Name of the class
 	 * @param mixed $key Either search criteria (substructure), or an object or an OQL string.
 	 * @param int $iLimit The limit of results to return
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -3374,13 +3374,14 @@ EOF
 			// Consider only the "expected" fields for the target state
 			if (array_key_exists($sAttCode, $aExpectedAttributes)) {
 				$iExpectCode = $aExpectedAttributes[$sAttCode];
+
 				// Prompt for an attribute if
 				// - the attribute must be changed or must be displayed to the user for confirmation
 				// - or the field is mandatory and currently empty
 				if (($iExpectCode & (OPT_ATT_MUSTCHANGE | OPT_ATT_MUSTPROMPT)) ||
-					(($iExpectCode & OPT_ATT_MANDATORY) && ($this->Get($sAttCode) == ''))) {
-					$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
+					(($iExpectCode & OPT_ATT_MANDATORY) && (false === $this->HasAValue($sAttCode)))) {
 					$aArgs = array('this' => $this);
+					$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
 					// If the field is mandatory, set it to the only possible value
 					if ((!$oAttDef->IsNullAllowed()) || ($iExpectCode & OPT_ATT_MANDATORY)) {
 						if ($oAttDef->IsExternalKey()) {
@@ -3409,32 +3410,35 @@ EOF
 							}
 						}
 					}
+					$sInputType = '';
+					$sInputId   = 'att_'.$iFieldIndex;
 					$sHTMLValue = cmdbAbstractObject::GetFormElementForField($oPage, $sClass, $sAttCode, $oAttDef,
-						$this->Get($sAttCode), $this->GetEditValue($sAttCode), 'att_'.$iFieldIndex, '', $iExpectCode,
-						$aArgs);
-					$aAttrib = array(
+						$this->Get($sAttCode), $this->GetEditValue($sAttCode), $sInputId, '', $iExpectCode,
+						$aArgs, true, $sInputType);
+					$aAttrib    = array(
 						'label' => '<span>'.$oAttDef->GetLabel().'</span>',
 						'value' => "<span id=\"field_att_$iFieldIndex\">$sHTMLValue</span>",
 					);

 					//add attrib for data-attribute
 					// Prepare metadata attributes
-					$sAttCode = $oAttDef->GetCode();
-					$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
+					$sAttCode     = $oAttDef->GetCode();
+					$oAttDef      = MetaModel::GetAttributeDef($sClass, $sAttCode);
 					$sAttDefClass = get_class($oAttDef);
-					$sAttLabel = MetaModel::GetLabel($sClass, $sAttCode);
+					$sAttLabel    = MetaModel::GetLabel($sClass, $sAttCode);

-					$aAttrib['attcode'] = $sAttCode;
-					$aAttrib['atttype'] = $sAttDefClass;
+					$aAttrib['attcode']  = $sAttCode;
+					$aAttrib['atttype']  = $sAttDefClass;
 					$aAttrib['attlabel'] = $sAttLabel;
 					// - Attribute flags
-					$aAttrib['attflags'] = $this->GetFormAttributeFlags($sAttCode) ;
+					$aAttrib['attflags'] = $this->GetFormAttributeFlags($sAttCode);
 					// - How the field should be rendered
-					$aAttrib['layout'] = (in_array($oAttDef->GetEditClass(), static::GetAttEditClassesToRenderAsLargeField())) ? 'large' : 'small';
+					$aAttrib['layout']    = (in_array($oAttDef->GetEditClass(), static::GetAttEditClassesToRenderAsLargeField())) ? 'large' : 'small';
+					$aAttrib['inputid']   = $sInputId;
+					$aAttrib['inputtype'] = $sInputType;
 					// - For simple fields, we get the raw (stored) value as well
 					$bExcludeRawValue = false;
-					foreach (static::GetAttDefClassesToExcludeFromMarkupMetadataRawValue() as $sAttDefClassToExclude)
-					{
+					foreach (static::GetAttDefClassesToExcludeFromMarkupMetadataRawValue() as $sAttDefClassToExclude) {
 						if (is_a($sAttDefClass, $sAttDefClassToExclude, true)) {
 							$bExcludeRawValue = true;
 							break;
@@ -3442,8 +3446,8 @@ EOF
 					}
 					$aAttrib['value_raw'] = ($bExcludeRawValue === false) ? $this->Get($sAttCode) : '';

-					$aDetails[] = $aAttrib;
-					$aFieldsMap[$sAttCode] = 'att_'.$iFieldIndex;
+					$aDetails[]            = $aAttrib;
+					$aFieldsMap[$sAttCode] = $sInputId;
 					$iFieldIndex++;
 					$bExistFieldToDisplay = true;
 				}
@@ -3667,7 +3671,7 @@ HTML;
 					$sDisplayLabel = Dict::S('UI:OpenDocumentInNewWindow_');
 					$sDisplayUrl = $oDocument->GetDisplayURL(get_class($this), $this->GetKey(), $sAttCode);

-					$sDownloadLabel = Dict::Format('UI:DownloadDocument_');
+					$sDownloadLabel = Dict::S('UI:DownloadDocument_');
 					$sDownloadUrl = $oDocument->GetDownloadURL(get_class($this), $this->GetKey(), $sAttCode);

 					$sDisplayValue = <<<HTML
--- a/application/dashboard.class.inc.php
+++ b/application/dashboard.class.inc.php
@@ -1549,6 +1549,29 @@ JS
 		return $this->sDefinitionFile;
 	}

+	/**
+	 * @param string $sDashboardFileRelative can also be an absolute path (compatibility with old URL)
+	 *
+	 * @return string full path to the Dashboard file
+	 * @throws \SecurityException if path isn't under approot
+	 * @uses utils::RealPath()
+	 * @since 2.7.8 3.0.3 3.1.0 N°4449 remove FPD
+	 */
+	public static function GetDashboardFileFromRelativePath($sDashboardFileRelative)
+	{
+		if (utils::RealPath($sDashboardFileRelative, APPROOT)) {
+			// compatibility with old URL containing absolute path !
+			return $sDashboardFileRelative;
+		}
+
+		$sDashboardFile = APPROOT.$sDashboardFileRelative;
+		if (false === utils::RealPath($sDashboardFile, APPROOT)) {
+			throw new SecurityException('Invalid dashboard file !');
+		}
+
+		return $sDashboardFile;
+	}
+
 	/**
 	 * @param string $sDefinitionFile
 	 */
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -1045,9 +1045,19 @@ JS
 			$aCount = $aCounts[$sStateValue];
 			$sHyperlink = $aCount['link'];
 			$sCountLabel = $aCount['label'];
-			$oPill = PillFactory::MakeForState($sClass, $sStateValue)
-				->SetTooltip($sStateLabel)
-				->AddHtml("<span class=\"ibo-dashlet-header-dynamic--count\">$sCountLabel</span><span class=\"ibo-dashlet-header-dynamic--label ibo-text-truncated-with-ellipsis\">".utils::HtmlEntities($sStateLabel)."</span>");
+			
+			$oPill = PillFactory::MakeForState($sClass, $sStateValue);
+			// N°5849 - Unencode label for ExternalKey attribute because friendlyname is already html encoded thanks to DBObject::GetName() in AttributeExternalKey::GetAllowedValues(). (A fix in this function may have too much impact).
+			if ($oAttDef instanceof AttributeExternalKey) {
+				$sPillTooltip = utils::HtmlEntityDecode($sStateLabel);
+				$sPillLabel = $sStateLabel;
+			} else {
+				$sPillTooltip = $sStateLabel;
+				$sPillLabel = utils::HtmlEntities($sStateLabel);
+			}
+			$oPill->SetTooltip($sPillTooltip)
+				->AddHtml("<span class=\"ibo-dashlet-header-dynamic--count\">$sCountLabel</span><span class=\"ibo-dashlet-header-dynamic--label ibo-text-truncated-with-ellipsis\">".$sPillLabel."</span>");
+
 			if ($sHyperlink != '-') {
 				$oPill->SetUrl($sHyperlink);
 			}
--- a/application/exceptions/mysql/MySQLTransactionNotClosedException.php
+++ b/application/exceptions/mysql/MySQLTransactionNotClosedException.php
@@ -0,0 +1,13 @@
+<?php
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+/**
+ * @since 2.7.8 3.0.3 3.1.0 N°5538
+ */
+class MySQLTransactionNotClosedException extends MySQLException
+{
+
+}
--- a/application/loginbasic.class.inc.php
+++ b/application/loginbasic.class.inc.php
@@ -62,6 +62,7 @@ class LoginBasic extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -70,8 +71,7 @@ class LoginBasic extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'basic')
 		{
-			list($sAuthUser) = $this->GetAuthUserAndPassword();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
--- a/application/loginexternal.class.inc.php
+++ b/application/loginexternal.class.inc.php
@@ -45,6 +45,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -53,8 +54,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'external')
 		{
-			$sAuthUser = $this->GetAuthUser();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'external', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'external', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
--- a/application/loginform.class.inc.php
+++ b/application/loginform.class.inc.php
@@ -71,6 +71,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -82,17 +83,8 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	{
 		if (Session::Get('login_mode') == 'form')
 		{
-			if (Session::IsSet('auth_user'))
-			{
-				// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
-				$sAuthUser = Session::Get('auth_user');
-			}
-			else
-			{
-				$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
-			}
 			// Store 'auth_user' in session for further use
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
--- a/application/loginurl.class.inc.php
+++ b/application/loginurl.class.inc.php
@@ -60,6 +60,7 @@ class LoginURL extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -68,8 +69,7 @@ class LoginURL extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'url')
 		{
-			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -112,7 +112,7 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function SynchronizeProfiles(&$oUser, array $aProfiles, $sOrigin)
 	{
-		$oProfilesSet = $oUser->Get(‘profile_list’);
+		$oProfilesSet = $oUser->Get('profile_list');
 		//delete old profiles
 		$aExistingProfiles = [];
 		while ($oProfile = $oProfilesSet->Fetch())
--- a/application/twigextension.class.inc.php
+++ b/application/twigextension.class.inc.php
@@ -6,7 +6,6 @@ use AttributeDate;
 use AttributeDateTime;
 use Dict;
 use Exception;
-use MetaModel;
 use Twig_Environment;
 use Twig_SimpleFilter;
 use Twig_SimpleFunction;
@@ -111,22 +110,6 @@ class TwigExtension
 			return utils::IsDevelopmentEnvironment();
 		}));

-		// Function to get configuration parameter
-		// Usage in twig: {{ get_config_parameter('foo') }}
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_config_parameter', function($sParamName)
-		{
-			$oConfig = MetaModel::GetConfig();
-			return $oConfig->Get($sParamName);
-		}));
-
-		// Function to get a module setting
-		// Usage in twig: {{ get_module_setting(<MODULE_CODE>, <PROPERTY_CODE> [, <DEFAULT_VALUE>]) }}
-		// since 3.0.0, but see N°4034 for upcoming evolutions in the 3.1
-		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_module_setting', function (string $sModuleCode, string $sPropertyCode, $defaultValue = null) {
-			$oConfig = MetaModel::GetConfig();
-			return $oConfig->GetModuleSetting($sModuleCode, $sPropertyCode, $defaultValue);
-		}));
-
 		// Function to get the URL of a static page in a module
 		// Usage in twig: {{ get_static_page_module_url('itop-my-module', 'path-to-my-page') }}
 		$oTwigEnv->addFunction(new Twig_SimpleFunction('get_static_page_module_url', function($sModuleName, $sPage)
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -5,6 +5,7 @@
 */

 use Combodo\iTop\Application\UI\Base\Component\Form\FormUIBlockFactory;
+use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlockUIBlockFactory;
 use Combodo\iTop\Core\MetaModel\FriendlyNameType;

@@ -323,12 +324,12 @@ EOF
 EOF
 			);
 			$sHTMLValue .= "<div class=\"ibo-input-select--action-buttons\">";
-			$sHTMLValue .= "	<div class=\"ibo-input-select--action-button ibo-input-select--action-button--clear ibo-is-hidden\"  id=\"mini_clear_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Clear();\" data-tooltip-content='".Dict::S('UI:Button:Clear')."'><i class=\"fas fa-times\"></i></div>";
+			$sHTMLValue .= "	<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--clear ibo-is-hidden\"  id=\"mini_clear_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Clear();\" data-tooltip-content='".Dict::S('UI:Button:Clear')."'><i class=\"fas fa-times\"></i></a>";
 		}
 		if ($bCreate && $bExtensions) {
 			$sCallbackName = (MetaModel::IsAbstract($this->sTargetClass)) ? 'SelectObjectClass' : 'CreateObject';

-			$sHTMLValue .= "<div class=\"ibo-input-select--action-button ibo-input-select--action-button--create\" id=\"mini_add_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.{$sCallbackName}();\" data-tooltip-content='".Dict::S('UI:Button:Create')."'><i class=\"fas fa-plus\"></i></div>";
+			$sHTMLValue .= "<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--create\" id=\"mini_add_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.{$sCallbackName}();\" data-tooltip-content='".Dict::S('UI:Button:Create')."'><i class=\"fas fa-plus\"></i></a>";
 			$oPage->add_ready_script(
 				<<<JS
 		if ($('#ajax_{$this->iId}').length == 0)
@@ -339,7 +340,7 @@ JS
 			);
 		}
 		if ($bExtensions && MetaModel::IsHierarchicalClass($this->sTargetClass) !== false) {
-			$sHTMLValue .= "<div class=\"ibo-input-select--action-button ibo-input-select--action-button--hierarchy\" id=\"mini_tree_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.HKDisplay();\" data-tooltip-content='".Dict::S('UI:Button:SearchInHierarchy')."'><i class=\"fas fa-sitemap\"></i></div>";
+			$sHTMLValue .= "<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--hierarchy\" id=\"mini_tree_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.HKDisplay();\" data-tooltip-content='".Dict::S('UI:Button:SearchInHierarchy')."'><i class=\"fas fa-sitemap\"></i></a>";
 			$oPage->add_ready_script(
 				<<<JS
 			if ($('#ac_tree_{$this->iId}').length == 0)
@@ -350,7 +351,7 @@ JS
 			);
 		}
 		if ($oAllowedValues->CountExceeds($iMaxComboLength)) {
-			$sHTMLValue .= "	<div class=\"ibo-input-select--action-button ibo-input-select--action-button--search\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\" data-tooltip-content='".Dict::S('UI:Button:Search')."'><i class=\"fas fa-search\"></i></div>";
+			$sHTMLValue .= "	<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--search\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\" data-tooltip-content='".Dict::S('UI:Button:Search')."'><i class=\"fas fa-search\"></i></a>";
 		}
 		$sHTMLValue .= "</div>";
 		$sHTMLValue .= "</div>";
@@ -904,7 +905,7 @@ JS
 	{
        // For security reasons: check that the "proposed" class is actually a subclass of the linked class
        // and that the current user is allowed to create objects of this class
-        $aSubClasses = MetaModel::EnumChildClasses($this->sTargetClass);
+        $aSubClasses = MetaModel::EnumChildClasses($this->sTargetClass, ENUM_CHILD_CLASSES_ALL);
        $aPossibleClasses = array();
        foreach($aSubClasses as $sCandidateClass)
        {
@@ -924,6 +925,7 @@ JS
 		$sDialogTitleEscaped = addslashes($sDialogTitle);
        $oPage->add_ready_script("$('#ac_create_$this->iId').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true, title: '$sDialogTitleEscaped'});\n");
        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').removeAttr('onsubmit');");
+        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').find('select').attr('id', 'ac_create_{$this->iId}_select');");
        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoSelectObjectClass);");
 	}

--- a/application/ui.searchformforeignkeys.class.inc.php
+++ b/application/ui.searchformforeignkeys.class.inc.php
@@ -60,7 +60,7 @@ class UISearchFormForeignKeys

 		$oPage->add(<<<HTML
 <form id="ObjectsAddForm_{$this->m_iInputId}">
-    <div id="SearchResultsToAdd_{$this->m_iInputId}" style="vertical-align:top;background: #fff;height:100%;overflow:auto;padding:0;border:0;">
+    <div id="SearchResultsToAdd_{$this->m_iInputId}" style="vertical-align:top;height:100%;overflow:auto;padding:0;border:0;">
        <div style="background: #fff; border:0; text-align:center; vertical-align:middle;"><p>{$sEmptyList}</p></div>
    </div>
    <input type="hidden" id="count_{$this->m_iInputId}" value="0"/>
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -158,7 +158,7 @@ class utils
 			self::$m_aParamsFromFile = array();
 		}

-		$aParamLines = explode("\n", $sParams);
+		$aParamLines = explode("\n", $sParams ?? '');
 		foreach ($aParamLines as $sLine)
 		{
 			$sLine = trim($sLine);
@@ -1467,19 +1467,19 @@ class utils
 				$oDashboard = $param;
 				$sDashboardId = $oDashboard->GetId();
 				$sDashboardFile = $oDashboard->GetDefinitionFile();
+				$sDashboardFileRelative = utils::LocalPath($sDashboardFile);
 				$sDlgTitle = addslashes(Dict::S('UI:ImportDashboardTitle'));
 				$sDlgText = addslashes(Dict::S('UI:ImportDashboardText'));
 				$sCloseBtn = addslashes(Dict::S('UI:Button:Cancel'));
-				$sDashboardFileJS = addslashes($sDashboardFile);
-				$sDashboardFileURL = urlencode($sDashboardFile);
+				$sDashboardFileJS = addslashes($sDashboardFileRelative);
+				$sDashboardFileURL = urlencode($sDashboardFileRelative);
 				$sUploadDashboardTransactId = utils::GetNewTransactionId();
 				$aResult = array(
 					new SeparatorPopupMenuItem(),
 					new URLPopupMenuItem('UI:ExportDashboard', Dict::S('UI:ExportDashBoard'), utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=export_dashboard&id='.$sDashboardId.'&file='.$sDashboardFileURL),
 					new JSPopupMenuItem('UI:ImportDashboard', Dict::S('UI:ImportDashBoard'), "UploadDashboard({dashboard_id: '$sDashboardId', file: '$sDashboardFileJS', title: '$sDlgTitle', text: '$sDlgText', close_btn: '$sCloseBtn', transaction: '$sUploadDashboardTransactId' })"),
 				);
-				if ($oDashboard->GetReloadURL())
-				{
+				if ($oDashboard->GetReloadURL()) {
 					$aResult[] = new SeparatorPopupMenuItem();
 					$aResult[] = new URLPopupMenuItem('UI:Menu:PrintableVersion', Dict::S('UI:Menu:PrintableVersion'), $oDashboard->GetReloadURL().'&printable=1', '_blank');
 				}
@@ -1687,7 +1687,7 @@ class utils
 			// If cURL is available, let's use it, since it provides a greater control over the various HTTP/SSL options
 			// For instance fopen does not allow to work around the bug: http://stackoverflow.com/questions/18191672/php-curl-ssl-routinesssl23-get-server-helloreason1112
 			// by setting the SSLVERSION to 3 as done below.
-			$aHeaders = explode("\n", $sOptionnalHeaders);
+			$aHeaders = explode("\n", $sOptionnalHeaders ?? '');
 			// N°3267 - Webservices: Fix optional headers not being taken into account
 			//          See https://www.php.net/curl_setopt CURLOPT_HTTPHEADER
 			$aHTTPHeaders = array();
@@ -1864,20 +1864,37 @@ class utils
 		return html_entity_decode($sValue, ENT_QUOTES, 'UTF-8');
 	}

+	/**
+	 * @param string $sValue value encoded with {@see self::EscapeHtml()}
+	 *
+	 * @return string decoded value
+	 *
+	 * @uses \htmlspecialchars_decode()
+	 * @link https://www.php.net/manual/en/function.htmlspecialchars-decode.php
+	 * @since 3.0.3 3.1.0 N°6020 method creation
+	 */
+	public static function EscapedHtmlDecode($sValue)
+	{
+		return htmlspecialchars_decode(
+			$sValue,
+			ENT_QUOTES | ENT_DISALLOWED | ENT_HTML5
+		);
+	}
+
 	/**
 	 * Convert a string containing some (valid) HTML markup to plain text
+	 *
 	 * @param string $sHtml
+	 *
 	 * @return string
 	 */
 	public static function HtmlToText($sHtml)
 	{
-		try
-		{
+		try {
 			//return '<?xml encoding="UTF-8">'.$sHtml;
 			return \Html2Text\Html2Text::convert('<?xml encoding="UTF-8">'.$sHtml);
 		}
-		catch(Exception $e)
-		{
+		catch (Exception $e) {
 			return $e->getMessage();
 		}
 	}
@@ -2254,7 +2271,7 @@ class utils
 				$aParams = array();
 				foreach(explode('&', $sQuery) as $sChunk)
 				{
-					$aParts = explode('=', $sChunk);
+					$aParts = explode('=', $sChunk ?? '');
 					if (count($aParts) != 2) continue;
 					$aParams[$aParts[0]] = urldecode($aParts[1]);
 				}
@@ -2401,7 +2418,7 @@ class utils
 		$aCleanHeaders = array();
 		foreach( $aHeaders as $sKey => $sValue )
 		{
-			$aTokens = explode(':', $sValue, 2);
+			$aTokens = explode(':', $sValue ?? '', 2);
 			if(isset($aTokens[1]))
 			{
 				$aCleanHeaders[trim($aTokens[0])] = trim($aTokens[1]);
@@ -2745,12 +2762,18 @@ HTML;
 					$bSkipped = true;
 				}
 				else {
-					foreach ($aExcludedPath as $sExcludedPath) {
-						// Note: We use '#' as delimiters as usual '/' is often used in paths.
-						if ($sExcludedPath !== '' && preg_match('#'.$sExcludedPath.'#', $sPHPFile) === 1) {
-							$bSkipped = true;
-							break;
+					$sPHPFile = self::LocalPath($sPHPFile);
+					if ($sPHPFile !== false) {
+						$sPHPFile = '/'.$sPHPFile; // for regex
+						foreach ($aExcludedPath as $sExcludedPath) {
+							// Note: We use '#' as delimiters as usual '/' is often used in paths.
+							if ($sExcludedPath !== '' && preg_match('#'.$sExcludedPath.'#', $sPHPFile) === 1) {
+								$bSkipped = true;
+								break;
+							}
 						}
+					} else {
+						$bSkipped = true; // file not found
 					}
 				}
 				
@@ -2788,7 +2811,7 @@ HTML;
 		$aResultPref = [];
 		$aShortcutPrefs = appUserPreferences::GetPref('keyboard_shortcuts', []);
 		// Note: Mind the 4 blackslashes, see utils::GetClassesForInterface()
-		$aShortcutClasses = utils::GetClassesForInterface('iKeyboardShortcut', '', array('[\\\\/]lib[\\\\/]', '[\\\\/]node_modules[\\\\/]', '[\\\\/]test[\\\\/]'));
+		$aShortcutClasses = utils::GetClassesForInterface('iKeyboardShortcut', '', array('[\\\\/]lib[\\\\/]', '[\\\\/]node_modules[\\\\/]', '[\\\\/]test[\\\\/]', '[\\\\/]tests[\\\\/]'));

 		foreach ($aShortcutClasses as $cShortcutPlugin) {
 			$sTriggeredElement = $cShortcutPlugin::GetShortcutTriggeredElementSelector();
@@ -2796,7 +2819,7 @@ HTML;
 				$sKey = isset($aShortcutPrefs[$aShortcutKey['id']]) ? $aShortcutPrefs[$aShortcutKey['id']] : $aShortcutKey['key'];

 				// Format key for display
-				$aKeyParts = explode('+', $sKey);
+				$aKeyParts = explode('+', $sKey ?? '');
 				$aFormattedKeyParts = [];
 				foreach ($aKeyParts as $sKeyPart) {
 					$aFormattedKeyParts[] = ucfirst(trim($sKeyPart));
--- a/approot.inc.php
+++ b/approot.inc.php
@@ -23,6 +23,6 @@ define('ITOP_DESIGN_LATEST_VERSION', '3.0');
 * @used-by utils::GetItopVersionWikiSyntax()
 * @used-by iTopModulesPhpVersionIntegrationTest
 */
-define('ITOP_CORE_VERSION', '3.0.2');
+define('ITOP_CORE_VERSION', '3.0.3');

 require_once APPROOT.'bootstrap.inc.php';
--- a/composer.json
+++ b/composer.json
@@ -4,7 +4,7 @@
  "type": "project",
  "license": "AGPL-3.0-only",
  "require": {
-    "php": ">=7.1.3 <8.0.0",
+    "php": ">=7.1.3 <8.1.0",
    "ext-ctype": "*",
    "ext-dom": "*",
    "ext-gd": "*",
@@ -13,6 +13,7 @@
    "ext-mysqli": "*",
    "ext-soap": "*",
    "combodo/tcpdf": "~6.4.4",
+    "firebase/php-jwt": "~6.4.0",
    "guzzlehttp/guzzle": "^6.5.8",
    "laminas/laminas-mail": "^2.11",
    "laminas/laminas-servicemanager": "^3.5",
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "86ca84263f7f271dfc10e5e63bd02385",
+    "content-hash": "bad4899b1df95e6ab4ab2e42e4213acd",
    "packages": [
        {
            "name": "combodo/tcpdf",
@@ -266,25 +266,31 @@
        },
        {
            "name": "firebase/php-jwt",
-            "version": "v5.5.1",
+            "version": "v6.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6"
+                "reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/83b609028194aa042ea33b5af2d41a7427de80e6",
-                "reference": "83b609028194aa042ea33b5af2d41a7427de80e6",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
+                "reference": "4dd1e007f22a927ac77da5a3fbb067b42d3bc224",
                "shasum": ""
            },
            "require": {
-                "php": ">=5.3.0"
+                "php": "^7.1||^8.0"
            },
            "require-dev": {
-                "phpunit/phpunit": ">=4.8 <=9"
+                "guzzlehttp/guzzle": "^6.5||^7.4",
+                "phpspec/prophecy-phpunit": "^1.1",
+                "phpunit/phpunit": "^7.5||^9.5",
+                "psr/cache": "^1.0||^2.0",
+                "psr/http-client": "^1.0",
+                "psr/http-factory": "^1.0"
            },
            "suggest": {
+                "ext-sodium": "Support EdDSA (Ed25519) signatures",
                "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present"
            },
            "type": "library",
@@ -317,9 +323,9 @@
            ],
            "support": {
                "issues": "https://github.com/firebase/php-jwt/issues",
-                "source": "https://github.com/firebase/php-jwt/tree/v5.5.1"
+                "source": "https://github.com/firebase/php-jwt/tree/v6.4.0"
            },
-            "time": "2021-11-08T20:18:51+00:00"
+            "time": "2023-02-09T21:01:23+00:00"
        },
        {
            "name": "guzzlehttp/guzzle",
@@ -4752,7 +4758,7 @@
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
-        "php": ">=7.1.3 <8.0.0",
+        "php": ">=7.1.3 <8.1.0",
        "ext-ctype": "*",
        "ext-dom": "*",
        "ext-gd": "*",
--- a/core/action.class.inc.php
+++ b/core/action.class.inc.php
@@ -566,7 +566,7 @@ class ActionEmail extends ActionNotification
 				// Prefix
 				$sPrefix = sprintf('%s_%s_%d', $sAppName, $sObjClass, $sObjId);
 				if ($sHeaderName === static::ENUM_HEADER_NAME_MESSAGE_ID) {
-					$sPrefix .= sprintf('_%f', microtime(true /* get as float*/));
+					$sPrefix .= sprintf('_%F', microtime(true /* get as float*/));
 				}
 				// Suffix
 				$sSuffix = sprintf('@%s.openitop.org', MetaModel::GetEnvironmentId());
--- a/core/apc-emulation.php
+++ b/core/apc-emulation.php
@@ -110,7 +110,7 @@ class apcFile
 	 */
 	static public function GetCacheFileName($sKey = '')
 	{
-		$sPath = str_replace(array(' ', '/', '\\', '.'), '-', $sKey);
+		$sPath = str_replace(array(' ', '/', '\\', '.'), '-', $sKey ?? '');
 		return utils::GetCachePath().'apc-emul/'.$sPath;
 	}

--- a/core/asynctask.class.inc.php
+++ b/core/asynctask.class.inc.php
@@ -181,7 +181,7 @@ abstract class AsyncTask extends DBObject
 	    if (is_array($aRetries) && array_key_exists(get_class($this), $aRetries))
 	    {
 	        $aConfig = $aRetries[get_class($this)];
-	        $bExponential = (bool)$aConfig['exponential_delay'] ?? $bExponential;
+		    $bExponential = (bool) ($aConfig['exponential_delay'] ?? $bExponential);
 	    }
 	    return $bExponential;
 	}
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -705,6 +705,18 @@ abstract class AttributeDefinition
 		return is_null($proposedValue);
 	}

+	/**
+	 * @param mixed $proposedValue
+	 *
+	 * @return bool True if $proposedValue is an actual value set in the attribute, false is the attribute remains "empty"
+	 * @since 3.0.3, 3.1.0 N°5784
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Default implementation, we don't really know what type $proposedValue will be
+		return is_null($proposedValue);
+	}
+
 	/**
 	 * force an allowed value (type conversion and possibly forces a value as mySQL would do upon writing!
 	 *
@@ -1384,6 +1396,15 @@ class AttributeDashboard extends AttributeDefinition
 	{
 		return '';
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Always return false for now, we don't consider a custom version of a dashboard
+		return false;
+	}
 }

 /**
@@ -2233,6 +2254,22 @@ class AttributeLinkedSet extends AttributeDefinition
 	{
 		return false;
 	}
+
+	/**
+	 * @inheritDoc
+	 * @param \ormLinkSet $proposedValue
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Protection against wrong value type
+		if (false === ($proposedValue instanceof ormLinkSet))
+		{
+			return parent::HasAValue($proposedValue);
+		}
+
+		// We test if there is at least 1 item in the linkset (new or existing), not if an item is being added to it.
+		return $proposedValue->Count() > 0;
+	}
 }

 /**
@@ -2614,6 +2651,14 @@ class AttributeInteger extends AttributeDBField
 		return is_null($proposedValue);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return utils::IsNotNullOrEmptyString($proposedValue);
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -2713,6 +2758,14 @@ class AttributeObjectKey extends AttributeDBFieldVoid
 		return ($proposedValue == 0);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return ((int) $proposedValue) !== 0;
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -2912,6 +2965,14 @@ class AttributeDecimal extends AttributeDBField
 		return is_null($proposedValue);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return utils::IsNotNullOrEmptyString($proposedValue);
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -3323,6 +3384,14 @@ class AttributeString extends AttributeDBField
 		return ($proposedValue == '');
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return utils::IsNotNullOrEmptyString($proposedValue);
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -4478,6 +4547,22 @@ class AttributeCaseLog extends AttributeLongText
 		return ($proposedValue->GetText() == '');
 	}

+	/**
+	 * @inheritDoc
+	 * @param \ormCaseLog $proposedValue
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Protection against wrong value type
+		if (false === ($proposedValue instanceof ormCaseLog)) {
+			return parent::HasAValue($proposedValue);
+		}
+
+		// We test if there is at least 1 entry in the log, not if the user is adding one
+		return $proposedValue->GetEntryCount() > 0;
+	}
+
+
 	public function ScalarToSQL($value)
 	{
 		if (!is_string($value) && !is_null($value))
@@ -6798,6 +6883,14 @@ class AttributeExternalKey extends AttributeDBFieldVoid
 		return ($proposedValue == 0);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return ((int) $proposedValue) !== 0;
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		if (is_null($proposedValue))
@@ -7530,6 +7623,16 @@ class AttributeExternalField extends AttributeDefinition
 		return $oExtAttDef->IsNull($proposedValue);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		$oExtAttDef = $this->GetExtAttDef();
+
+		return $oExtAttDef->HasAValue($proposedValue);
+	}
+
 	public function MakeRealValue($proposedValue, $oHostObj)
 	{
 		$oExtAttDef = $this->GetExtAttDef();
@@ -7664,6 +7767,17 @@ class AttributeExternalField extends AttributeDefinition
 */
 class AttributeURL extends AttributeString
 {
+	/**
+	 * @var string
+	 * SCHEME....... USER....................... PASSWORD.......................... HOST/IP........... PORT.......... PATH......................... GET............................................ ANCHOR..........................
+	 * Example: http://User:passWord@127.0.0.1:8888/patH/Page.php?arrayArgument[2]=something:blah20#myAnchor
+	 * @link http://www.php.net/manual/fr/function.preg-match.php#93824 regexp source
+	 * @since 3.0.1 N°4515 handle Alfresco and Sharepoint URLs
+	 * @since 3.0.3 moved from Config to AttributeURL constant
+	 */
+	public const DEFAULT_VALIDATION_PATTERN = /** @lang RegExp */
+		'(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9:%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.,-]*)?(#[a-zA-Z0-9_.-][a-zA-Z0-9+\$_.-]*)?';
+
 	/**
 	 * Useless constructor, but if not present PHP 7.4.0/7.4.1 is crashing :( (N°2329)
 	 *
@@ -8105,6 +8219,20 @@ class AttributeBlob extends AttributeDefinition
 		return $oFormField;
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		if (false === ($proposedValue instanceof ormDocument)) {
+			return parent::HasAValue($proposedValue);
+		}
+
+		// Empty file (no content, just a filename) are supported since PR {@link https://github.com/Combodo/combodo-email-synchro/pull/17}, so we check for both empty content and empty filename to determine that a document has no value
+		return utils::IsNotNullOrEmptyString($proposedValue->GetData()) && utils::IsNotNullOrEmptyString($proposedValue->GetFileName());
+	}
+
+
 }

 /**
@@ -9131,6 +9259,17 @@ class AttributeStopWatch extends AttributeDefinition

 		return $sRet;
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// A stopwatch always has a value
+		return true;
+	}
+
+
 }

 /**
@@ -9616,6 +9755,23 @@ class AttributeOneWayPassword extends AttributeDefinition implements iAttributeN
 		return '*****';
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Protection against wrong value type
+		if (false === ($proposedValue instanceof ormPassword)) {
+			// On object creation, the attribute value is "" instead of an ormPassword...
+			if (is_string($proposedValue)) {
+				return utils::IsNotNullOrEmptyString($proposedValue);
+			}
+			return parent::HasAValue($proposedValue);
+		}
+
+		return $proposedValue->IsEmpty() === false;
+	}
+
 }

 // Indexed array having two dimensions
@@ -9665,6 +9821,15 @@ class AttributeTable extends AttributeDBField
 		return (count($proposedValue) == 0);
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		return count($proposedValue) > 0;
+	}
+
+
 	public function GetEditValue($sValue, $oHostObj = null)
 	{
 		return '';
@@ -10186,6 +10351,18 @@ abstract class AttributeSet extends AttributeDBFieldVoid
 		return $proposedValue->Count() == 0;
 	}

+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		if (false === ($proposedValue instanceof ormSet)) {
+			return parent::HasAValue($proposedValue);
+		}
+
+		return $proposedValue->Count() > 0;
+	}
+
 	/**
 	 * To be overloaded for localized enums
 	 *
@@ -12893,6 +13070,21 @@ class AttributeCustomFields extends AttributeDefinition

 		return $bEquals;
 	}
+
+	/**
+	 * @inheritDoc
+	 */
+	public function HasAValue($proposedValue): bool
+	{
+		// Protection against wrong value type
+		if (false === ($proposedValue instanceof ormCustomFieldsValue)) {
+			return parent::HasAValue($proposedValue);
+		}
+
+		return count($proposedValue->GetValues()) > 0;
+	}
+
+
 }

 class AttributeArchiveFlag extends AttributeBoolean
--- a/core/bulkchange.class.inc.php
+++ b/core/bulkchange.class.inc.php
@@ -11,7 +11,7 @@ define('UTF8_BOM', chr(239).chr(187).chr(191)); // 0xEF, 0xBB, 0xBF

 /**
 * CellChangeSpec
- * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?
 *
 * @package     iTopORM
 */
@@ -144,7 +144,7 @@ class CellStatus_Ambiguous extends CellStatus_Issue

 /**
 * RowStatus
- * A series of classes, keeping the information about a given row: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given row: could it be changed or not (and why)?
 *
 * @package     iTopORM
 */
@@ -220,7 +220,7 @@ class RowStatus_Issue extends RowStatus
 */
 class BulkChange
 {
-	protected $m_sClass; 
+	protected $m_sClass;
 	protected $m_aData; // Note: hereafter, iCol maybe actually be any acceptable key (string)
 	// #@# todo: rename the variables to sColIndex
 	protected $m_aAttList; // attcode => iCol
@@ -261,7 +261,7 @@ class BulkChange
 		$this->m_sReportCsvSep = $sSeparator;
 		$this->m_sReportCsvDelimiter = $sDelimiter;
 	}
-   
+
 	protected function ResolveExternalKey($aRowData, $sAttCode, &$aResults)
 	{
 		$oExtKey = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
@@ -318,7 +318,7 @@ class BulkChange
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys reconciliation
 		//
 		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
@@ -408,12 +408,12 @@ class BulkChange
 					$aErrors[$sAttCode] = Dict::S('UI:CSVReport-Value-Issue-NotFound');
 					$aResults[$sAttCode]= new CellStatus_SearchIssue();
 					break;
-					
+
 					case 1:
 					// Do change the external key attribute
 					$oTargetObj->Set($sAttCode, $iForeignKey);
 					break;
-					
+
 					default:
 					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-FoundMany', $iCount);
 					$aResults[$sAttCode]= new CellStatus_Ambiguous($oTargetObj->Get($sAttCode), $iCount, $sOQL);
@@ -446,7 +446,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Set the object attributes
 		//
 		foreach ($this->m_aAttList as $sAttCode => $iCol)
@@ -467,30 +467,21 @@ class BulkChange
 			$iFlags = ($oTargetObj->IsNew())
 				? $oTargetObj->GetInitialStateAttributeFlags($sAttCode, $aReasons)
 				: $oTargetObj->GetAttributeFlags($sAttCode, $aReasons);
-			if ( (($iFlags & OPT_ATT_READONLY) == OPT_ATT_READONLY) && ( $oTargetObj->Get($sAttCode) != $aRowData[$iCol]) ) {
+			if ((($iFlags & OPT_ATT_READONLY) == OPT_ATT_READONLY) && ($oTargetObj->Get($sAttCode) != $oAttDef->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues))) {
 				$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-Readonly', $sAttCode, $oTargetObj->Get($sAttCode), $aRowData[$iCol]);
-			}
-			else if ($oAttDef->IsLinkSet() && $oAttDef->IsIndirect())
-			{
-				try
-				{
+			} else if ($oAttDef->IsLinkSet() && $oAttDef->IsIndirect()) {
+				try {
 					$oSet = $oAttDef->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 					$oTargetObj->Set($sAttCode, $oSet);
 				}
-				catch(CoreException $e)
-				{
+				catch (CoreException $e) {
 					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-Format', $e->getMessage());
 				}
-			}
-			else
-			{
+			} else {
 				$value = $oAttDef->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
-				if (is_null($value) && (strlen($aRowData[$iCol]) > 0))
-				{
+				if (is_null($value) && (strlen($aRowData[$iCol]) > 0)) {
 					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-NoMatch', $sAttCode);
-				}
-				else
-				{
+				} else {
 					$res = $oTargetObj->CheckValue($sAttCode, $value);
 					if ($res === true)
 					{
@@ -504,7 +495,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -556,7 +547,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -567,12 +558,12 @@ class BulkChange
 		}
 		return $aResults;
 	}
-	
+
 	protected function PrepareMissingObject(&$oTargetObj, &$aErrors)
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys
 		//
 		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
@@ -585,7 +576,7 @@ class BulkChange
 				$aResults[$iCol] = new CellStatus_Void('?');
 			}
 		}
-	
+
 		// Update attributes
 		//
 		foreach($this->m_aOnDisappear as $sAttCode => $value)
@@ -596,7 +587,7 @@ class BulkChange
 			}
 			$oTargetObj->Set($sAttCode, $value);
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -616,7 +607,7 @@ class BulkChange
 				$aResults[$iCol]= new CellStatus_Void($oTargetObj->Get($sAttCode));
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -674,14 +665,14 @@ class BulkChange
 		}

 		$aResult[$iRow] = $this->PrepareObject($oTargetObj, $aRowData, $aErrors);
-	
+
 		if (count($aErrors) > 0)
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
 			return $oTargetObj;
 		}
-	
+
 		// Check that any external key will have a value proposed
 		$aMissingKeys = array();
 		foreach (MetaModel::GetExternalKeys($this->m_sClass) as $sExtKeyAttCode => $oExtKey)
@@ -689,7 +680,7 @@ class BulkChange
 			if (!$oExtKey->IsNullAllowed())
 			{
 				if (!array_key_exists($sExtKeyAttCode, $this->m_aExtKeys) && !array_key_exists($sExtKeyAttCode, $this->m_aAttList))
-				{ 
+				{
 					$aMissingKeys[] = $oExtKey->GetLabel();
 				}
 			}
@@ -747,12 +738,12 @@ class BulkChange
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Modify(count($aChangedFields));
-	
+
 			// Optionaly record the results
 			//
 			if ($oChange)
@@ -796,7 +787,7 @@ class BulkChange
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
@@ -821,7 +812,7 @@ class BulkChange
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Disappeared(0);
 		}
 	}
-	
+
 	public function Process(CMDBChange $oChange = null)
 	{
 		if ($oChange)
@@ -866,7 +857,7 @@ class BulkChange
 			foreach ($this->m_aAttList as $sAttCode => $iCol)
 			{
 				if ($sAttCode == 'id') continue;
-				
+
 				$oAttDef = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
 				if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 				{
@@ -953,22 +944,22 @@ class BulkChange
 						{
 							// The value has to be found or verified
 							list($sQuery, $aMatches) = $this->ResolveExternalKey($aRowData, $sAttCode, $aResult[$iRow]);
-		
+
 							if (count($aMatches) == 1)
 							{
 								$oRemoteObj = reset($aMatches); // first item
 								$valuecondition = $oRemoteObj->GetKey();
 								$aResult[$iRow][$sAttCode] = new CellStatus_Void($oRemoteObj->GetKey());
-							} 					
+							}
 							elseif (count($aMatches) == 0)
 							{
 								$aResult[$iRow][$sAttCode] = new CellStatus_SearchIssue();
-							} 					
+							}
 							else
 							{
 								$aResult[$iRow][$sAttCode] = new CellStatus_Ambiguous(null, count($aMatches), $sQuery);
 							}
-						} 					
+						}
 					}
 					else
 					{
@@ -990,7 +981,7 @@ class BulkChange
 					}
 					else
 					{
-						$oReconciliationFilter->AddCondition($sAttCode, $valuecondition, '=');
+						$oReconciliationFilter->AddCondition($sAttCode, $valuecondition, '=', true);
 					}
 				}
 				if ($bSkipQuery)
@@ -1110,7 +1101,7 @@ class BulkChange
 			}
 		}
 		$oBulkChanges->Seek(0);
-	
+
 		$aDetails = array();
 		while ($oChange = $oBulkChanges->Fetch())
 		{
@@ -1274,7 +1265,7 @@ EOF
 							$oOldTarget = MetaModel::GetObject($oAttDef->GetTargetClass(), $oOperation->Get('oldvalue'));
 							$sOldValue = $oOldTarget->GetHyperlink();
 						}
-						
+
 						$sNewValue = Dict::S('UI:UndefinedObject');
 						if ($oOperation->Get('newvalue') != 0)
 						{
@@ -1300,11 +1291,11 @@ EOF
 				}
 				else
 				{
-					$aAttributes[$sAttCode] = 1;				
+					$aAttributes[$sAttCode] = 1;
 				}
 			}
 		}
-		
+
 		$aDetails = array();
 		foreach($aObjects as $iUId => $aObjData)
 		{
@@ -1356,6 +1347,6 @@ EOF
 			$aConfig[$sAttCode] = array('label' => MetaModel::GetLabel($sClass, $sAttCode), 'description' => MetaModel::GetDescription($sClass, $sAttCode));
 		}
 		$oPage->table($aConfig, $aDetails);
-	}	
+	}
 }

--- a/core/cmdbchangeop.class.inc.php
+++ b/core/cmdbchangeop.class.inc.php
@@ -350,21 +350,30 @@ class CMDBChangeOpSetAttributeURL extends CMDBChangeOpSetAttribute
 	{
 		$aParams = array
 		(
-			"category" => "core/cmdb",
-			"key_type" => "",
-			"name_attcode" => "change",
-			"state_attcode" => "",
-			"reconc_keys" => array(),
-			"db_table" => "priv_changeop_setatt_url",
-			"db_key_field" => "id",
+			"category"            => "core/cmdb",
+			"key_type"            => "",
+			"name_attcode"        => "change",
+			"state_attcode"       => "",
+			"reconc_keys"         => array(),
+			"db_table"            => "priv_changeop_setatt_url",
+			"db_key_field"        => "id",
 			"db_finalclass_field" => "",
 		);
 		MetaModel::Init_Params($aParams);
 		MetaModel::Init_InheritAttributes();
-		//old value can have an old validation pattern -> force it to anything
-		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values"=>null, "sql"=>"oldvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array(), "validation_pattern" => '.*')));
-		MetaModel::Init_AddAttribute(new AttributeURL("newvalue", array("allowed_values"=>null, "sql"=>"newvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
-		
+
+		// N°4910 (oldvalue), N°5423 (newvalue)
+		// We cannot have validation here, as AttributeUrl validation is field dependant.
+		// The validation will be done when editing the iTop object, it isn't the history API responsibility
+		//
+		// Pattern is retrieved using this order :
+		// 1.  try to get the pattern from the field definition (datamodel)
+		// 2. from the iTop config
+		// 3. config parameter default value
+		// see \AttributeURL::GetValidationPattern
+		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values" => null, "sql" => "oldvalue", "target" => '_blank', "default_value" => null, "is_null_allowed" => true, "depends_on" => array(), "validation_pattern" => '.*')));
+		MetaModel::Init_AddAttribute(new AttributeURL("newvalue", array("allowed_values" => null, "sql" => "newvalue", "target" => '_blank', "default_value" => null, "is_null_allowed" => true, "depends_on" => array(), "validation_pattern" => '.*')));
+
 		// Display lists
 		MetaModel::Init_SetZListItems('details', array('date', 'userinfo', 'attcode', 'oldvalue', 'newvalue')); // Attributes to be displayed for the complete details
 		MetaModel::Init_SetZListItems('list', array('date', 'userinfo', 'attcode', 'oldvalue', 'newvalue')); // Attributes to be displayed for a list
@@ -463,7 +472,7 @@ class CMDBChangeOpSetAttributeBlob extends CMDBChangeOpSetAttribute
 				$sDisplayLabel = Dict::S('UI:OpenDocumentInNewWindow_');
 				$sDisplayUrl = $oPrevDoc->GetDisplayURL(get_class($this), $this->GetKey(), 'prevdata');

-				$sDownloadLabel = Dict::Format('UI:DownloadDocument_');
+				$sDownloadLabel = Dict::S('UI:DownloadDocument_');
 				$sDownloadUrl = $oPrevDoc->GetDownloadURL(get_class($this), $this->GetKey(), 'prevdata');

 				$sDocView = <<<HTML
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -29,7 +29,7 @@ define('ITOP_APPLICATION_SHORT', 'iTop');
 *
 * @see ITOP_CORE_VERSION to get iTop core version
 */
-define('ITOP_VERSION', '3.0.1-dev');
+define('ITOP_VERSION', '3.0.3-dev');

 define('ITOP_VERSION_NAME', 'Fullmoon');
 define('ITOP_REVISION', 'svn');
@@ -576,13 +576,29 @@ class Config
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_css'                                => [
-			'type'                => 'string',
-			'description'         => 'CSS that will override the standard stylesheet used for the notifications',
-			'default'             => "",
-			'value'               => "",
+		'email_transport_smtp.allow_self_signed' => array(
+			'type'                => 'bool',
+			'description'         => 'Allow self signed peer certificates',
+			'default'             => false,
+			'value'               => false,
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
+		),
+		'email_transport_smtp.verify_peer' => array(
+			'type'                => 'bool',
+			'description'         => 'Verify peer certificate',
+			'default'             => true,
+			'value'               => true,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		),
+		'email_css' => [
+			'type' => 'string',
+			'description' => 'CSS that will override the standard stylesheet used for the notifications',
+			'default' => "",
+			'value' => "",
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
 		],
 		'email_default_sender_address' => [
 			'type' => 'string',
@@ -883,16 +899,11 @@ class Config
 			'show_in_conf_sample' => false,
 		],
 		'url_validation_pattern' => [
-			'type' => 'string',
-			'description' => 'Regular expression to validate/detect the format of an URL (URL attributes and Wiki formatting for Text attributes)',
-			'default' => /** @lang RegExp */
-			'(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9:%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.-]*)?(#[a-zA-Z0-9_.-][a-zA-Z0-9+\$_.-]*)?',
-			// SCHEME....... USER....................... PASSWORD.......................... HOST/IP........... PORT.......... PATH......................... GET............................................ ANCHOR..........................
-			// Example: http://User:passWord@127.0.0.1:8888/patH/Page.php?arrayArgument[2]=something:blah20#myAnchor
-			// RegExp source: http://www.php.net/manual/fr/function.preg-match.php#93824
-			// Update with N°4515
-			'value' => '',
-			'source_of_value' => '',
+			'type'                => 'string',
+			'description'         => 'Regular expression to validate/detect the format of an URL (URL attributes and Wiki formatting for Text attributes)',
+			'default'             => AttributeURL::DEFAULT_VALIDATION_PATTERN,
+			'value'               => '',
+			'source_of_value'     => '',
 			'show_in_conf_sample' => true,
 		],
 		'email_validation_pattern' => [
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -396,6 +396,8 @@ abstract class DBObject implements iDisplay
 		$this->m_aOrigValues = array();
 		$this->m_aLoadedAtt = array();
 		$this->m_bCheckStatus = true;
+		$this->m_aCheckIssues = [];
+		$this->m_bSecurityIssue = [];

 		// Get the key
 		//
@@ -2790,12 +2792,6 @@ abstract class DBObject implements iDisplay
 		$this->DoComputeValues();
 		$this->OnInsert();

-		if ($this->m_iKey < 0)
-		{
-			// This was a temporary "memory" key: discard it so that DBInsertSingleTable will not try to use it!
-			$this->m_iKey = null; 
-		}
-
 		// If not automatically computed, then check that the key is given by the caller
 		if (!MetaModel::IsAutoIncrementKey($sRootClass))
 		{
@@ -2812,6 +2808,12 @@ abstract class DBObject implements iDisplay
 			throw new CoreCannotSaveObjectException(array('issues' => $aIssues, 'class' => get_class($this), 'id' => $this->GetKey()));
 		}

+		if ($this->m_iKey < 0)
+		{
+			// This was a temporary "memory" key: discard it so that DBInsertSingleTable will not try to use it!
+			$this->m_iKey = null;
+		}
+
 		// Stop watches
 		$sState = $this->GetState();
 		if ($sState != '')
@@ -2923,13 +2925,14 @@ abstract class DBObject implements iDisplay
 		$oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT TriggerOnObjectCreate AS t WHERE t.target_class IN (:class_list)"), array(), $aParams);
 		while ($oTrigger = $oSet->Fetch())
 		{
-			/** @var \Trigger $oTrigger */
+			/** @var \TriggerOnObjectCreate $oTrigger */
 			try
 			{
 				$oTrigger->DoActivate($this->ToArgs('this'));
 			}
 			catch(Exception $e)
 			{
+				$oTrigger->LogException($e, $this);
 				utils::EnrichRaisedException($oTrigger, $e);
 			}
 		}
@@ -3394,6 +3397,7 @@ abstract class DBObject implements iDisplay
 						$oTrigger->DoActivate($this->ToArgs('this'));
 					}
 					catch (Exception $e) {
+						$oTrigger->LogException($e, $this);
 						utils::EnrichRaisedException($oTrigger, $e);
 					}
 				}
@@ -3573,13 +3577,13 @@ abstract class DBObject implements iDisplay
 			$aParams);
 		while ($oTrigger = $oSet->Fetch())
 		{
-			/** @var \Trigger $oTrigger */
+			/** @var \TriggerOnObjectDelete $oTrigger */
 			try
 			{
 				$oTrigger->DoActivate($this->ToArgs('this'));
 			}
-			catch(Exception $e)
-			{
+			catch(Exception $e) {
+				$oTrigger->LogException($e, $this);
 				utils::EnrichRaisedException($oTrigger, $e);
 			}
 		}
@@ -3968,6 +3972,7 @@ abstract class DBObject implements iDisplay
 					$oTrigger->DoActivate($this->ToArgs('this'));
 				}
 				catch (Exception $e) {
+					$oTrigger->LogException($e, $this);
 					utils::EnrichRaisedException($oTrigger, $e);
 				}
 			}
@@ -3979,6 +3984,7 @@ abstract class DBObject implements iDisplay
 					$oTrigger->DoActivate($this->ToArgs('this'));
 				}
 				catch (Exception $e) {
+					$oTrigger->LogException($e, $this);
 					utils::EnrichRaisedException($oTrigger, $e);
 				}
 			}
@@ -3995,6 +4001,20 @@ abstract class DBObject implements iDisplay
 		return $bSuccess;
 	}

+	/**
+	 * @param string $sAttCode
+	 *
+	 * @return bool True if $sAttCode has an actual value set, false is the attribute remains "empty"
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @since 3.0.3, 3.1.0 N°5784
+	 */
+	public function HasAValue(string $sAttCode): bool
+	{
+		$oAttDef = MetaModel::GetAttributeDef(get_class($this), $sAttCode);
+		return $oAttDef->HasAValue($this->Get($sAttCode));
+	}
+
 	/**
 	 * Helper to recover the default value (aka when an object is being created)
     * Suitable for use as a lifecycle action
--- a/core/dbobjectset.class.php
+++ b/core/dbobjectset.class.php
@@ -141,7 +141,7 @@ class DBObjectSet implements iDBObjectSetIterator
 	{
 		$sRet = '';
 		$this->Rewind();
-		$sRet .= "Set (".$this->m_oFilter->ToOQL().")<br/>\n";
+		$sRet .= "Set (".$this->m_oFilter->ToOQL(true).")<br/>\n";
        $sRet .= "Query: <pre style=\"font-size: smaller; display:inline;\">".$this->m_oFilter->MakeSelectQuery().")</pre>\n";
 		
 		$sRet .= $this->Count()." records<br/>\n";
@@ -154,6 +154,7 @@ class DBObjectSet implements iDBObjectSetIterator
 			}
 			$sRet .= "</ul>\n";
 		}
+		$this->Rewind();
 		return $sRet;
 	}

--- a/core/dbsearch.class.php
+++ b/core/dbsearch.class.php
@@ -773,14 +773,14 @@ abstract class DBSearch
     * @see DBSearch::ToOQL()
     *
 	 * @param string $sQuery The OQL to convert to a DBSearch
-	 * @param mixed[string]  $aParams array of <mixed> params index by <string> name
+	 * @param array $aParams array of <mixed> params index by <string> name
 	 * @param ModelReflection|null $oMetaModel The MetaModel to use when checking the consistency of the OQL
     *
 	 * @return DBObjectSearch|DBUnionSearch
     *
 	 * @throws OQLException
 	 */
-	static public function FromOQL($sQuery, $aParams = null, ModelReflection $oMetaModel=null)
+	public static function FromOQL($sQuery, $aParams = null, ModelReflection $oMetaModel=null)
 	{
 		if (empty($sQuery))
 		{
@@ -1717,6 +1717,6 @@ abstract class DBSearch
 	 */
 	public function __toString()
 	{
-		return $this->ToOQL();
+		return $this->ToOQL(true);
 	}
 }
--- a/core/email.class.inc.php
+++ b/core/email.class.inc.php
@@ -36,6 +36,13 @@ define ('EMAIL_SEND_ERROR', 2);

 class EMail implements iEMail
 {
+	/**
+	 * @see self::LoadConfig()
+	 * @var Config
+	 * @since 2.7.7 3.0.2 3.1.0 N°3169 N°5102 Move attribute to children classes
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 pull up the attribute back to the Email class as config init is done here
+	 */
+	protected static $m_oConfig = null;
 	protected $oMailer;

 	// Serialization formats
@@ -48,6 +55,42 @@ class EMail implements iEMail
 		$this->oMailer = EmailFactory::GetMailer();
 	}

+	/**
+	 * Sets {@see m_oConfig} if current attribute is null
+	 *
+	 * @returns \Config the current {@see m_oConfig} value
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 *
+	 * @uses utils::GetConfig()
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3169 N°5102 Move method to children classes
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 Pull up to the parent class, and remove `$sConfigFile` param
+	 */
+	public function LoadConfig()
+	{
+		if (is_null(static::$m_oConfig)) {
+			static::$m_oConfig = utils::GetConfig();
+		}
+
+		return static::$m_oConfig;
+	}
+
+	/**
+	 * @return void
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 * @since 2.7.8 3.0.3 3.1.0 N°4947 Method creation, to factorize same code in children classes
+	 */
+	protected function InitRecipientFrom()
+	{
+		$oConfig = $this->LoadConfig();
+		$this->SetRecipientFrom(
+			$oConfig->Get('email_default_sender_address'),
+			$oConfig->Get('email_default_sender_label')
+		);
+	}
+
 	/**
 	 * Custom serialization method
 	 * No longer use the brute force "serialize" method since
@@ -162,5 +205,4 @@ class EMail implements iEMail
 	{
 		$this->oMailer->SetRecipientReplyTo($sAddress);
 	}
-
 }
--- a/core/htmlsanitizer.class.inc.php
+++ b/core/htmlsanitizer.class.inc.php
@@ -34,32 +34,36 @@ abstract class HTMLSanitizer

 	/**
 	 * Sanitize an HTML string with the configured sanitizer, falling back to HTMLDOMSanitizer in case of Exception or invalid configuration
+	 *
 	 * @param string $sHTML
+	 * @param string $sConfigKey eg. 'html_sanitizer', 'svg_sanitizer'
+	 *
 	 * @return string
 	 */
-	public static function Sanitize($sHTML)
+	public static function Sanitize($sHTML, $sConfigKey = 'html_sanitizer')
 	{
-		$sSanitizerClass = MetaModel::GetConfig()->Get('html_sanitizer');
-		if(!class_exists($sSanitizerClass))
-		{
-			IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.');
-			$sSanitizerClass = 'HTMLDOMSanitizer';
-		}
-		else if(!is_subclass_of($sSanitizerClass, 'HTMLSanitizer'))
-		{
-			IssueLog::Warning('The configured "html_sanitizer" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.');
+		$sSanitizerClass = utils::GetConfig()->Get($sConfigKey);
+		if (!class_exists($sSanitizerClass)) {
+			IssueLog::Warning('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a valid class. Will use HTMLDOMSanitizer as the default sanitizer.');
 			$sSanitizerClass = 'HTMLDOMSanitizer';
+		} else if (!is_subclass_of($sSanitizerClass, 'HTMLSanitizer')) {
+			if ($sConfigKey === 'html_sanitizer') {
+				IssueLog::Warning('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of HTMLSanitizer. Will use HTMLDOMSanitizer as the default sanitizer.');
+				$sSanitizerClass = 'HTMLDOMSanitizer';
+			}
+			if ($sConfigKey === 'svg_sanitizer') {
+				IssueLog::Error('The configured "'.$sConfigKey.'" class "'.$sSanitizerClass.'" is not a subclass of '.HTMLSanitizer::class.' ! Won\'t sanitize string.');
+
+				return $sHTML;
+			}
 		}

-		try
-		{
+		try {
 			$oSanitizer = new $sSanitizerClass();
 			$sCleanHTML = $oSanitizer->DoSanitize($sHTML);
 		}
-		catch(Exception $e)
-		{
-			if($sSanitizerClass != 'HTMLDOMSanitizer')
-			{
+		catch (Exception $e) {
+			if ($sSanitizerClass != 'HTMLDOMSanitizer') {
 				IssueLog::Warning('Failed to sanitize an HTML string with "'.$sSanitizerClass.'". The following exception occured: '.$e->getMessage());
 				IssueLog::Warning('Will try to sanitize with HTMLDOMSanitizer.');
 				// try again with the HTMLDOMSanitizer
--- a/core/inlineimage.class.inc.php
+++ b/core/inlineimage.class.inc.php
@@ -242,7 +242,7 @@ class InlineImage extends DBObject
 	public static function OnFormCancel($sTempId): bool
 	{
 		// Protection against unfortunate massive delete of inline images when a null temp ID is passed
-		if (strlen($sTempId) === 0) {
+		if (utils::IsNullOrEmptyString($sTempId)) {
 			IssueLog::Trace('OnFormCancel "error" $sTempId is null or empty', LogChannels::INLINE_IMAGE, array(
 				'$sTempId' => $sTempId,
 				'$sUser' => UserRights::GetUser(),
--- a/core/log.class.inc.php
+++ b/core/log.class.inc.php
@@ -545,12 +545,8 @@ class LogChannels
 	public const APC = 'apc';

 	/**
-	 * @var string
-	 * @since 3.0.1 N°4849
-	 * @since 2.7.7 N°4635
+	 * @since 3.0.0
 	 */
-	public const NOTIFICATIONS = 'notifications';
-
 	public const CLI = 'CLI';

 	/**
@@ -560,15 +556,31 @@ class LogChannels
 	 */
 	public const CMDB_SOURCE = 'cmdbsource';

-	public const CONSOLE      = 'console';
+	/**
+	 * @since 3.0.0
+	 */
+	public const CONSOLE = 'console';

-	public const CORE         = 'core';
+	public const CORE = 'core';

-	public const DEADLOCK     = 'DeadLock';
+	public const DEADLOCK = 'DeadLock';
+
+	/**
+	 * @var string
+	 * @since 2.7.9 3.0.3 3.1.0 N°5588
+	 */
+	public const EXPORT = 'export';

 	public const INLINE_IMAGE = 'InlineImage';

-	public const PORTAL       = 'portal';
+	/**
+	 * @var string
+	 * @since 3.0.1 N°4849
+	 * @since 2.7.7 N°4635
+	 */
+	public const NOTIFICATIONS = 'notifications';
+
+	public const PORTAL = 'portal';
 }


@@ -1016,6 +1028,7 @@ class DeprecatedCallsLog extends LogAPI
 	public const ENUM_CHANNEL_FILE = 'deprecated-file';
 	public const CHANNEL_DEFAULT = self::ENUM_CHANNEL_PHP_METHOD;

+	/** @var string Warning this constant won't be used directly ! To see the real default level check {@see GetLevelDefault()} */
 	public const LEVEL_DEFAULT = self::LEVEL_ERROR;

 	/** @var \FileLog we want our own instance ! */
@@ -1090,7 +1103,12 @@ class DeprecatedCallsLog extends LogAPI
 		}

 		$aStack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 4);
-		$iStackDeprecatedMethodLevel = 2; // level 0 = current method, level 1 = @trigger_error, level 2 = method containing the `trigger_error` call
+		$iStackDeprecatedMethodLevel = 2; // level 0 = current method, level 1 = @trigger_error, level 2 = method containing the `trigger_error` call (can be either 'trigger_deprecation' or the faulty method), level 3 = In some cases, method containing the 'trigger_deprecation' call
+		// In case current level is actually a 'trigger_deprecation' call, try to go one level further to get the real deprecated method
+		if (array_key_exists($iStackDeprecatedMethodLevel, $aStack) && ($aStack[$iStackDeprecatedMethodLevel]['function'] === 'trigger_deprecation') && array_key_exists($iStackDeprecatedMethodLevel + 1, $aStack)) {
+			$iStackDeprecatedMethodLevel++;
+		}
+
 		$sDeprecatedObject = $aStack[$iStackDeprecatedMethodLevel]['class'];
 		$sDeprecatedMethod = $aStack[$iStackDeprecatedMethodLevel]['function'];
 		if (($sDeprecatedObject === __CLASS__) && ($sDeprecatedMethod === 'Log')) {
@@ -1135,7 +1153,6 @@ class DeprecatedCallsLog extends LogAPI
 	 * - else call parent method
 	 *
 	 * In other words, when in dev mode all deprecated calls will be logged to file
-	 *
 	 */
 	protected static function GetLevelDefault(string $sConfigKey)
 	{
--- a/core/metamodel.class.php
+++ b/core/metamodel.class.php
@@ -7503,14 +7503,11 @@ abstract class MetaModel

 		$aSearches = array();
 		$aReplacements = array();
-		foreach ($aParams as $sSearch => $replace)
-		{
+		foreach ($aParams as $sSearch => $replace) {
 			// Some environment parameters are objects, we just need scalars
-			if (is_object($replace))
-			{
+			if (is_object($replace)) {
 				$iPos = strpos($sSearch, '->object()');
-				if ($iPos !== false)
-				{
+				if ($iPos !== false) {
 					// Expand the parameters for the object
 					$sName = substr($sSearch, 0, $iPos);
 					// Note: Capturing
@@ -7518,63 +7515,67 @@ abstract class MetaModel
 					// 2 - The arrow
 					// 3 - The attribute code
 					$aRegExps = array(
-                        '/(\\$)'.$sName.'-(>|&gt;)([^\\$]+)\\$/', // Support both syntaxes: $this->xxx$ or $this-&gt;xxx$ for HTML compatibility
-                        '/(%24)'.$sName.'-(>|&gt;)([^%24]+)%24/', // Support for urlencoded in HTML attributes (%20this-&gt;xxx%20)
-                    );
-					foreach($aRegExps as $sRegExp)
-                    {
-                        if(preg_match_all($sRegExp, $sInput, $aMatches))
-                        {
-                            foreach($aMatches[3] as $idx => $sPlaceholderAttCode)
-                            {
-                                try
-                                {
-                                    $sReplacement = $replace->GetForTemplate($sPlaceholderAttCode);
-                                    if($sReplacement !== null)
-                                    {
-                                        $aReplacements[] = $sReplacement;
-                                        $aSearches[] = $aMatches[1][$idx] . $sName . '-' . $aMatches[2][$idx] . $sPlaceholderAttCode . $aMatches[1][$idx];
-                                    }
-                                }
-                                catch(Exception $e)
-                                {
-                                    // No replacement will occur
-                                }
-                            }
-                        }
-                    }
-				}
-				else
-				{
+						'/(\\$)'.$sName.'-(>|&gt;)([^\\$]+)\\$/', // Support both syntaxes: $this->xxx$ or $this-&gt;xxx$ for HTML compatibility
+						'/(%24)'.$sName.'-(>|&gt;)([^%24]+)%24/', // Support for urlencoded in HTML attributes (%20this-&gt;xxx%20)
+					);
+					foreach ($aRegExps as $sRegExp) {
+						if (preg_match_all($sRegExp, $sInput, $aMatches)) {
+							foreach ($aMatches[3] as $idx => $sPlaceholderAttCode) {
+								try {
+									$sReplacement = $replace->GetForTemplate($sPlaceholderAttCode);
+									if ($sReplacement !== null) {
+										$aReplacements[] = $sReplacement;
+										$aSearches[] = $aMatches[1][$idx].$sName.'-'.$aMatches[2][$idx].$sPlaceholderAttCode.$aMatches[1][$idx];
+									}
+								}
+								catch (Exception $e) {
+									$aContext = [
+										'placeholder'   => $sPlaceholderAttCode,
+										'replace class' => get_class($replace),
+									];
+									if ($replace instanceof DBObject) {
+										$aContext['replace id'] = $replace->GetKey();
+									}
+									IssueLog::Debug(
+										'Invalid placeholder in notification, no replacement will occur!',
+										LogChannels::NOTIFICATIONS,
+										$aContext
+									);
+								}
+							}
+						}
+					}
+				} else {
 					continue; // Ignore this non-scalar value
 				}
-			}
-			else
-			{
+			} else {
 				$aRegExps = array(
 					'/(\$)'.$sSearch.'\$/',   // Support for regular placeholders (eg. $APP_URL$)
 					'/(%24)'.$sSearch.'%24/', // Support for urlencoded in HTML attributes (eg. %24APP_URL%24)
 				);
-				foreach($aRegExps as $sRegExp)
-				{
-					if(preg_match_all($sRegExp, $sInput, $aMatches))
-					{
-						foreach($aMatches[1] as $idx => $sDelimiter)
-						{
-							try
-							{
-								$aReplacements[] = (string) $replace;
-								$aSearches[] = $aMatches[1][$idx] . $sSearch . $aMatches[1][$idx];
+				foreach ($aRegExps as $sRegExp) {
+					if (preg_match_all($sRegExp, $sInput, $aMatches)) {
+						foreach ($aMatches[1] as $idx => $sDelimiter) {
+							try {
+								$aReplacements[] = (string)$replace;
+								$aSearches[] = $aMatches[1][$idx].$sSearch.$aMatches[1][$idx];
 							}
-							catch(Exception $e)
-							{
-								// No replacement will occur
+							catch (Exception $e) {
+								IssueLog::Debug(
+									'Invalid placeholder in notification, no replacement will occur !',
+									LogChannels::NOTIFICATIONS,
+									[
+										'placeholder' => $sPlaceholderAttCode,
+										'replace'     => $replace,
+									]
+								);
 							}
 						}
 					}
 				}
 			}
 		}
+
 		return str_replace($aSearches, $aReplacements, $sInput);
 	}

--- a/core/ormcaselog.class.inc.php
+++ b/core/ormcaselog.class.inc.php
@@ -702,30 +702,25 @@ class ormCaseLog {
 	{
 		$sRes = '';
 		$aLastEntry = end($this->m_aIndex);
-		$sRaw = substr($this->m_sLog, $aLastEntry['separator_length'], $aLastEntry['text_length']);
-		switch($sFormat)
-		{
-			case static::ENUM_FORMAT_TEXT:
-			if ($aLastEntry['format'] == static::ENUM_FORMAT_TEXT)
-			{
-				$sRes = $sRaw;
+		if ($aLastEntry !== false) {
+			$sRaw = substr($this->m_sLog, $aLastEntry['separator_length'], $aLastEntry['text_length']);
+			switch ($sFormat) {
+				case static::ENUM_FORMAT_TEXT:
+					if ($aLastEntry['format'] == static::ENUM_FORMAT_TEXT) {
+						$sRes = $sRaw;
+					} else {
+						$sRes = utils::HtmlToText($sRaw);
+					}
+					break;
+
+				case static::ENUM_FORMAT_HTML:
+					if ($aLastEntry['format'] == static::ENUM_FORMAT_TEXT) {
+						$sRes = utils::TextToHtml($sRaw);
+					} else {
+						$sRes = InlineImage::FixUrls($sRaw);
+					}
+					break;
 			}
-			else
-			{
-				$sRes = utils::HtmlToText($sRaw);
-			}
-			break;
-			
-			case static::ENUM_FORMAT_HTML:
-			if ($aLastEntry['format'] == static::ENUM_FORMAT_TEXT)
-			{
-				$sRes = utils::TextToHtml($sRaw);
-			}
-			else
-			{
-				$sRes = InlineImage::FixUrls($sRaw);
-			}
-			break;
 		}
 		return $sRes;
 	}
--- a/core/ormpassword.class.inc.php
+++ b/core/ormpassword.class.inc.php
@@ -66,7 +66,7 @@ class ormPassword

 	public function IsEmpty()
 	{
-		return ($this->m_hashed == null);
+		return utils::IsNullOrEmptyString($this->m_sHashed);
 	}
 	
 	public function GetHash()
--- a/core/pdfbulkexport.class.inc.php
+++ b/core/pdfbulkexport.class.inc.php
@@ -21,6 +21,19 @@ use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactor
 */
 class PDFBulkExport extends HTMLBulkExport
 {
+	/**
+	 * @var string For sample purposes
+	 * @internal
+	 * @since 2.7.8
+	 */
+	const ENUM_OUTPUT_TYPE_SAMPLE = 'sample';
+	/**
+	 * @var string For the real export
+	 * @internal
+	 * @since 2.7.8
+	 */
+	const ENUM_OUTPUT_TYPE_REAL = 'real';
+
 	public function DisplayUsage(Page $oP)
 	{
 		$oP->p(" * pdf format options:");
@@ -197,46 +210,46 @@ EOF
 		return $sPDF;
 	}

+	/**
+	 * @inheritDoc
+	 * @since 2.7.8
+	 */
+	protected function GetSampleData($oObj, $sAttCode)
+	{
+		if ($sAttCode !== 'id')
+		{
+			$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
+
+			// As sample data will be displayed in the web browser, AttributeImage needs to be rendered with a regular HTML format, meaning its "src" looking like "data:image/png;base64,iVBORw0KGgoAAAANSUh..."
+			// Whereas for the PDF generation it needs to be rendered with a TCPPDF-compatible format, meaning its "src" looking like "@iVBORw0KGgoAAAANSUh..."
+			if ($oAttDef instanceof AttributeImage) {
+				return $this->GetAttributeImageValue($oObj, $sAttCode, static::ENUM_OUTPUT_TYPE_SAMPLE);
+			}
+		}
+		return parent::GetSampleData($oObj, $sAttCode);
+	}
+
+	/**
+	 * @param \DBObject $oObj
+	 * @param string $sAttCode
+	 *
+	 * @return int|string
+	 * @throws \Exception
+	 */
 	protected function GetValue($oObj, $sAttCode)
 	{
-		switch($sAttCode)
-		{
+		switch ($sAttCode) {
 			case 'id':
 				$sRet = parent::GetValue($oObj, $sAttCode);
 				break;

 			default:
 				$value = $oObj->Get($sAttCode);
-				if ($value instanceof ormDocument)
-				{
+				if ($value instanceof ormDocument) {
 					$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
 					if ($oAttDef instanceof AttributeImage)
 					{
-						// To limit the image size in the PDF output, we have to enforce the size as height/width because max-width/max-height have no effect
-						//
-						$iDefaultMaxWidthPx = 48;
-						$iDefaultMaxHeightPx = 48;
-						if ($value->IsEmpty())
-						{
-							$iNewWidth = $iDefaultMaxWidthPx;
-							$iNewHeight = $iDefaultMaxHeightPx;
-
-							$sUrl = $oAttDef->Get('default_image');
-						}
-						else
-						{
-							list($iWidth, $iHeight) = utils::GetImageSize($value->GetData());
-							$iMaxWidthPx = min($iDefaultMaxWidthPx, $oAttDef->Get('display_max_width'));
-							$iMaxHeightPx = min($iDefaultMaxHeightPx, $oAttDef->Get('display_max_height'));
-
-							$fScale = min($iMaxWidthPx / $iWidth, $iMaxHeightPx / $iHeight);
-							$iNewWidth = $iWidth * $fScale;
-							$iNewHeight = $iHeight * $fScale;
-
-							$sUrl = 'data:'.$value->GetMimeType().';base64,'.base64_encode($value->GetData());
-						}
-						$sRet = ($sUrl !== null) ? '<img src="'.$sUrl.'" style="width: '.$iNewWidth.'px; height: '.$iNewHeight.'px">' : '';
-						$sRet = '<div class="ibo-input-image--image-view">'.$sRet.'</div>';
+						$sRet = $this->GetAttributeImageValue($oObj, $sAttCode, static::ENUM_OUTPUT_TYPE_REAL);
 					}
 					else
 					{
@@ -251,6 +264,76 @@ EOF
 		return $sRet;
 	}

+	/**
+	 * @param \DBObject $oObj
+	 * @param string $sAttCode
+	 * @param string $sOutputType {@see \PDFBulkExport::ENUM_OUTPUT_TYPE_SAMPLE}, {@see \PDFBulkExport::ENUM_OUTPUT_TYPE_REAL}
+	 *
+	 * @return string Rendered value of $oAttDef / $oValue according to the desired $sOutputType
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 *
+	 * @since 2.7.8 N°2244 method creation
+	 * @since 2.7.9 N°5588 signature change to get the object so that we can log all the needed information
+	 */
+	protected function GetAttributeImageValue(DBObject $oObj, string $sAttCode, string $sOutputType)
+	{
+		$oValue = $oObj->Get($sAttCode);
+		$oAttDef = MetaModel::GetAttributeDef(get_class($oObj), $sAttCode);
+
+		// To limit the image size in the PDF output, we have to enforce the size as height/width because max-width/max-height have no effect
+		//
+		$iDefaultMaxWidthPx = 48;
+		$iDefaultMaxHeightPx = 48;
+		if ($oValue->IsEmpty()) {
+			$iNewWidth = $iDefaultMaxWidthPx;
+			$iNewHeight = $iDefaultMaxHeightPx;
+
+			$sUrl = $oAttDef->Get('default_image');
+		} else {
+			$iMaxWidthPx = min($iDefaultMaxWidthPx, $oAttDef->Get('display_max_width'));
+			$iMaxHeightPx = min($iDefaultMaxHeightPx, $oAttDef->Get('display_max_height'));
+
+			list($iWidth, $iHeight) = utils::GetImageSize($oValue->GetData());
+			if ((is_null($iWidth)) || (is_null($iHeight)) || ($iWidth === 0) || ($iHeight === 0)) {
+				// Avoid division by zero exception (SVGs, corrupted images, ...)
+				$iNewWidth = $iDefaultMaxWidthPx;
+				$iNewHeight = $iDefaultMaxHeightPx;
+
+				$sAttCode = $oAttDef->GetCode();
+				IssueLog::Warning('AttributeImage: Cannot read image size', LogChannels::EXPORT, [
+					'ObjClass'        => get_class($oObj),
+					'ObjKey'          => $oObj->GetKey(),
+					'ObjFriendlyName' => $oObj->GetName(),
+					'AttCode'         => $sAttCode,
+				]);
+			} else {
+				$fScale = min($iMaxWidthPx / $iWidth, $iMaxHeightPx / $iHeight);
+				$iNewWidth = $iWidth * $fScale;
+				$iNewHeight = $iHeight * $fScale;
+			}
+
+			$sValueAsBase64 = base64_encode($oValue->GetData());
+			switch ($sOutputType) {
+				case static::ENUM_OUTPUT_TYPE_SAMPLE:
+					$sUrl = 'data:'.$oValue->GetMimeType().';base64,'.$sValueAsBase64;
+					break;
+
+				case static::ENUM_OUTPUT_TYPE_REAL:
+				default:
+					// TCPDF requires base64-encoded images to be rendered without the usual "data:<MIMETYPE>;base64" header but with an "@"
+					// @link https://tcpdf.org/examples/example_009/
+					$sUrl = '@'.$sValueAsBase64;
+					break;
+			}
+		}
+
+		$sRet = ($sUrl !== null) ? '<img src="'.$sUrl.'" style="width: '.$iNewWidth.'px; height: '.$iNewHeight.'px;">' : '';
+		$sRet = '<div class="ibo-input-image--image-view">'.$sRet.'</div>';
+
+		return $sRet;
+	}
+
 	public function GetSupportedFormats()
 	{
 		return array('pdf' => Dict::S('Core:BulkExport:PDFFormat'));
--- a/core/restservices.class.inc.php
+++ b/core/restservices.class.inc.php
@@ -30,18 +30,40 @@
 /**
 * Element of the response formed by RestResultWithObjects
 *
- * @package     REST Services
+ * @package     RESTExtensibilityAPI
+ * @api
 */
 class ObjectResult
 {
+	/**
+	 * @var int
+	 * @api
+	 */
 	public $code;
+	/**
+	 * @var string
+	 * @api
+	 */
 	public $message;
+	/**
+	 * @var mixed|null
+	 * @api
+	 */
 	public $class;
+	/**
+	 * @var mixed|null
+	 * @api
+	 */
 	public $key;
+	/**
+	 * @var array
+	 * @api
+	 */
 	public $fields;
 	
 	/**
 	 * Default constructor
+	 * @api
 	 */
 	public function __construct($sClass = null, $iId = null)
 	{
@@ -54,11 +76,17 @@ class ObjectResult

 	/**
 	 * Helper to make an output value for a given attribute
-	 * 	 
+	 *
+	 * @api
 	 * @param DBObject $oObject The object being reported
 	 * @param string $sAttCode The attribute code (must be valid)
 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
+	 *
 	 * @return string A scalar representation of the value
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \CoreUnexpectedValue
+	 * @throws \MySQLException
 	 */
 	protected function MakeResultValue(DBObject $oObject, $sAttCode, $bExtendedOutput = false)
 	{
@@ -112,11 +140,17 @@ class ObjectResult

 	/**
 	 * Report the value for the given object attribute
-	 * 	 
+	 *
+	 * @api
 	 * @param DBObject $oObject The object being reported
 	 * @param string $sAttCode The attribute code (must be valid)
 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
+	 *
 	 * @return void
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \CoreUnexpectedValue
+	 * @throws \MySQLException
 	 */
 	public function AddField(DBObject $oObject, $sAttCode, $bExtendedOutput = false)
 	{
@@ -129,8 +163,7 @@ class ObjectResult
 /**
 * REST response for services managing objects. Derive this structure to add information and/or constants
 *
- * @package     Extensibility
- * @package     REST Services
+ * @package RESTExtensibilityAPI
 * @api
 */
 class RestResultWithObjects extends RestResult
@@ -139,13 +172,19 @@ class RestResultWithObjects extends RestResult

 	/**
 	 * Report the given object
-	 * 	 
-	 * @param int An error code (RestResult::OK is no issue has been found)
+	 *
+	 * @api
+	 * @param int $iCode An error code (RestResult::OK is no issue has been found)
 	 * @param string $sMessage Description of the error if any, an empty string otherwise
 	 * @param DBObject $oObject The object being reported
-	 * @param array $aFieldSpec An array of class => attribute codes (Cf. RestUtils::GetFieldList). List of the attributes to be reported.
+	 * @param array|null $aFieldSpec An array of class => attribute codes (Cf. RestUtils::GetFieldList). List of the attributes to be reported.
 	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
+	 *
 	 * @return void
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \CoreUnexpectedValue
+	 * @throws \MySQLException
 	 */
 	public function AddObject($iCode, $sMessage, $oObject, $aFieldSpec = null, $bExtendedOutput = false)
 	{
@@ -183,16 +222,30 @@ class RestResultWithObjects extends RestResult
 	}
 }

+/**
+ * @package RESTExtensibilityAPI
+ * @api
+ */
 class RestResultWithRelations extends RestResultWithObjects
 {
 	public $relations;
-	
+
+	/**
+	 * @api
+	 */
 	public function __construct()
 	{
 		parent::__construct();
 		$this->relations = array();
 	}
-	
+
+	/**
+	 * @param $sSrcKey
+	 * @param $sDestKey
+	 *
+	 * @return void
+	 * @api
+	 */
 	public function AddRelation($sSrcKey, $sDestKey)
 	{
 		if (!array_key_exists($sSrcKey, $this->relations))
@@ -206,7 +259,7 @@ class RestResultWithRelations extends RestResultWithObjects
 /**
 * Deletion result codes for a target object (either deleted or updated)
 *
- * @package     Extensibility
+ * @package     RESTExtensibilityAPI
 * @api
 * @since 2.0.1  
 */
@@ -214,30 +267,37 @@ class RestDelete
 {
 	/**
 	 * Result: Object deleted as per the initial request
+	 * @api
 	 */
 	const OK = 0;
 	/**
-	 * Result: general issue (user rights or ... ?) 
+	 * Result: general issue (user rights or ... ?)
+	 * @api
 	 */
 	const ISSUE = 1;
 	/**
-	 * Result: Must be deleted to preserve database integrity 
+	 * Result: Must be deleted to preserve database integrity
+	 * @api
 	 */
 	const AUTO_DELETE = 2;
 	/**
-	 * Result: Must be deleted to preserve database integrity, but that is NOT possible 
+	 * Result: Must be deleted to preserve database integrity, but that is NOT possible
+	 * @api
 	 */
 	const AUTO_DELETE_ISSUE = 3;
 	/**
-	 * Result: Must be deleted to preserve database integrity, but this must be requested explicitely 
+	 * Result: Must be deleted to preserve database integrity, but this must be requested explicitly
+	 * @api
 	 */
 	const REQUEST_EXPLICITELY = 4;
 	/**
 	 * Result: Must be updated to preserve database integrity
+	 * @api
 	 */
 	const AUTO_UPDATE = 5;
 	/**
 	 * Result: Must be updated to preserve database integrity, but that is NOT possible
+	 * @api
 	 */
 	const AUTO_UPDATE_ISSUE = 6;
 }
@@ -574,7 +634,7 @@ class CoreServices implements iRestServiceProvider
 					$oObject = $oElement->GetProperty('object');
 					if ($oObject)
 					{
-						if ($bEnableRedundancy)
+						if ($bEnableRedundancy && $sDirection == 'down')
 						{
 							// Add only the "reached" objects
 							if ($oElement->GetProperty('is_reached'))
--- a/core/trigger.class.inc.php
+++ b/core/trigger.class.inc.php
@@ -250,21 +250,48 @@ abstract class TriggerOnObject extends Trigger
 	public function IsTargetObject($iObjectId, $aChanges = array())
 	{
 		$sFilter = trim($this->Get('filter'));
-		if (strlen($sFilter) > 0)
-		{
+		if (strlen($sFilter) > 0) {
 			$oSearch = DBObjectSearch::FromOQL($sFilter);
 			$oSearch->AddCondition('id', $iObjectId, '=');
 			$oSearch->AllowAllData();
 			$oSet = new DBObjectSet($oSearch);
 			$bRet = ($oSet->Count() > 0);
-		}
-		else
-		{
+		} else {
 			$bRet = true;
 		}

 		return $bRet;
 	}
+
+	/**
+	 * @param Exception $oException
+	 * @param \DBObject $oObject
+	 *
+	 * @return void
+	 *
+	 * @uses \IssueLog::Error()
+	 *
+	 * @since 2.7.9 3.0.3 3.1.0 N°5893
+	 */
+	public function LogException($oException, $oObject)
+	{
+		$sObjectKey = $oObject->GetKey(); // if object wasn't persisted yet, then we'll have a negative value
+
+		$aContext = [
+			'exception.class'      => get_class($oException),
+			'exception.message'    => $oException->getMessage(),
+			'trigger.class'        => get_class($this),
+			'trigger.id'           => $this->GetKey(),
+			'trigger.friendlyname' => $this->GetRawName(),
+			'object.class'         => get_class($oObject),
+			'object.id'            => $sObjectKey,
+			'object.friendlyname'  => $oObject->GetRawName(),
+			'current_user'         => UserRights::GetUser(),
+			'exception.stack'      => $oException->getTraceAsString(),
+		];
+
+		IssueLog::Error('A trigger did throw an exception', null, $aContext);
+	}
 }

 /**
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -1936,7 +1936,7 @@ class UserRights
 			// The bug has been fixed in PHP 7.2, but in case session_regenerate_id()
 			// fails we just silently ignore the error and keep the same session id...
 			$old_error_handler = set_error_handler(array(__CLASS__, 'VoidErrorHandler'));
-			session_regenerate_id(true);
+			Session::RegenerateId(true);
 			if ($old_error_handler !== null) {
 				set_error_handler($old_error_handler);
 			}
--- a/core/valuesetdef.class.inc.php
+++ b/core/valuesetdef.class.inc.php
@@ -225,108 +225,106 @@ class ValueSetObjects extends ValueSetDefinition

 		$this->m_aValues = array();

-		if ($this->m_bAllowAllData)
-		{
-			$oFilter = DBObjectSearch::FromOQL_AllData($this->m_sFilterExpr);
+		$oFilter = $this->GetFilter($sOperation, $sContains);
+
+		$oObjects = new DBObjectSet($oFilter, $this->m_aOrderBy, $aArgs, null, $this->m_iLimit, 0, $this->m_bSort);
+		if (empty($this->m_sValueAttCode)) {
+			$aAttToLoad = array($oFilter->GetClassAlias() => array('friendlyname'));
+		} else {
+			$aAttToLoad = array($oFilter->GetClassAlias() => array($this->m_sValueAttCode));
 		}
-		else
-		{
+		$oObjects->OptimizeColumnLoad($aAttToLoad);
+		while ($oObject = $oObjects->Fetch()) {
+			if (empty($this->m_sValueAttCode)) {
+				$this->m_aValues[$oObject->GetKey()] = $oObject->GetName();
+			} else {
+				$this->m_aValues[$oObject->GetKey()] = $oObject->Get($this->m_sValueAttCode);
+			}
+		}
+
+		return true;
+	}
+
+
+	/**
+	 * Get filter for functions LoadValues and LoadValuesForAutocomplete
+	 *
+	 * @param $sOperation
+	 * @param $sContains
+	 *
+	 * @return \DBObjectSearch|\DBSearch|\DBUnionSearch|false|mixed
+	 * @throws \CoreException
+	 * @throws \OQLException
+	 * @since 3.0.3 3.1.0
+	 */
+	protected function GetFilter($sOperation, $sContains)
+	{
+		$this->m_sContains = $sContains;
+		$this->m_sOperation = $sOperation;
+
+		if ($this->m_bAllowAllData) {
+			$oFilter = DBObjectSearch::FromOQL_AllData($this->m_sFilterExpr);
+		} else {
 			$oFilter = DBObjectSearch::FromOQL($this->m_sFilterExpr);
 			$oFilter->SetShowObsoleteData(utils::ShowObsoleteData());
 		}
-		if (!$oFilter) return false;
-		if (!is_null($this->m_oExtraCondition))
-		{
+		if (!$oFilter) {
+			return false;
+		}
+		if (!is_null($this->m_oExtraCondition)) {
 			$oFilter = $oFilter->Intersect($this->m_oExtraCondition);
 		}
-		foreach($this->m_aModifierProperties as $sPluginClass => $aProperties)
-		{
-			foreach ($aProperties as $sProperty => $value)
-			{
+		foreach ($this->m_aModifierProperties as $sPluginClass => $aProperties) {
+			foreach ($aProperties as $sProperty => $value) {
 				$oFilter->SetModifierProperty($sPluginClass, $sProperty, $value);
 			}
 		}

-		$oExpression = DBObjectSearch::GetPolymorphicExpression($oFilter->GetClass(), 'friendlyname');
-		$aFields = $oExpression->ListRequiredFields();
 		$sClass = $oFilter->GetClass();
-		/*foreach($aFields as $sField)
-		{
-			$aFieldItems = explode('.', $sField);
-			if ($aFieldItems[0] != $sClass)
-			{
-				$sOperation = 'contains';
-				break;
-			}
-		}*/

-		switch ($sOperation)
-		{
+		switch ($this->m_sOperation) {
 			case 'equals':
-				$aAttributes = MetaModel::GetFriendlyNameAttributeCodeList($sClass);
-				$sClassAlias = $oFilter->GetClassAlias();
-				$aFilters = array();
-				$oValueExpr = new ScalarExpression($sContains);
-				foreach($aAttributes as $sAttribute)
-				{
-					$oNewFilter = $oFilter->DeepClone();
-					$oNameExpr = new FieldExpression($sAttribute, $sClassAlias);
-					$oCondition = new BinaryExpression($oNameExpr, '=', $oValueExpr);
-					$oNewFilter->AddConditionExpression($oCondition);
-					$aFilters[] = $oNewFilter;
+			case 'start_with':
+				if ($this->m_sOperation === 'start_with') {
+					$this->m_sContains .= '%';
+					$sOperator = 'LIKE';
+				} else {
+					$sOperator = '=';
+				}
+
+				$aAttributes = MetaModel::GetFriendlyNameAttributeCodeList($sClass);
+				if (count($aAttributes) > 0) {
+					$sClassAlias = $oFilter->GetClassAlias();
+					$aFilters = array();
+					$oValueExpr = new ScalarExpression($this->m_sContains);
+					foreach ($aAttributes as $sAttribute) {
+						$oNewFilter = $oFilter->DeepClone();
+						$oNameExpr = new FieldExpression($sAttribute, $sClassAlias);
+						$oCondition = new BinaryExpression($oNameExpr, $sOperator, $oValueExpr);
+						$oNewFilter->AddConditionExpression($oCondition);
+						$aFilters[] = $oNewFilter;
+					}
+					// Unions are much faster than OR conditions
+					$oFilter = new DBUnionSearch($aFilters);
+				} else {
+					$oValueExpr = new ScalarExpression($this->m_sContains);
+					$oNameExpr = new FieldExpression('friendlyname', $oFilter->GetClassAlias());
+					$oNewCondition = new BinaryExpression($oNameExpr, $sOperator, $oValueExpr);
+					$oFilter->AddConditionExpression($oNewCondition);
 				}
-                // Unions are much faster than OR conditions
-				$oFilter = new DBUnionSearch($aFilters);
 				break;
-            case 'start_with':
-                $aAttributes = MetaModel::GetFriendlyNameAttributeCodeList($sClass);
-                $sClassAlias = $oFilter->GetClassAlias();
-                $aFilters = array();
-                $oValueExpr = new ScalarExpression($sContains.'%');
-                foreach($aAttributes as $sAttribute)
-                {
-                    $oNewFilter = $oFilter->DeepClone();
-                    $oNameExpr = new FieldExpression($sAttribute, $sClassAlias);
-                    $oCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr);
-                    $oNewFilter->AddConditionExpression($oCondition);
-                    $aFilters[] = $oNewFilter;
-                }
-                // Unions are much faster than OR conditions
-                $oFilter = new DBUnionSearch($aFilters);
-                break;

 			default:
-				$oValueExpr = new ScalarExpression('%'.$sContains.'%');
+				$oValueExpr = new ScalarExpression('%'.$this->m_sContains.'%');
 				$oNameExpr = new FieldExpression('friendlyname', $oFilter->GetClassAlias());
 				$oNewCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr);
 				$oFilter->AddConditionExpression($oNewCondition);
 				break;
 		}

-		$oObjects = new DBObjectSet($oFilter, $this->m_aOrderBy, $aArgs, null, $this->m_iLimit, 0, $this->m_bSort);
-		if (empty($this->m_sValueAttCode))
-		{
-			$aAttToLoad = array($oFilter->GetClassAlias() => array('friendlyname'));
-		}
-		else
-		{
-			$aAttToLoad = array($oFilter->GetClassAlias() => array($this->m_sValueAttCode));
-		}
-		$oObjects->OptimizeColumnLoad($aAttToLoad);
-		while ($oObject = $oObjects->Fetch())
-		{
-			if (empty($this->m_sValueAttCode))
-			{
-				$this->m_aValues[$oObject->GetKey()] = $oObject->GetName();
-			}
-			else
-			{
-				$this->m_aValues[$oObject->GetKey()] = $oObject->Get($this->m_sValueAttCode);
-			}
-		}
-		return true;
+		return $oFilter;
 	}
-	
+
 	public function GetValuesDescription()
 	{
 		return 'Filter: '.$this->m_sFilterExpr;
@@ -376,73 +374,12 @@ class ValueSetObjects extends ValueSetDefinition
 	 */
 	protected function LoadValuesForAutocomplete($aArgs, $sContains = '', $sOperation = 'contains')
 	{
-		$this->m_sContains = $sContains;
-		$this->m_sOperation = $sOperation;
-
 		$this->m_aValues = array();

-		if ($this->m_bAllowAllData) {
-			$oFilter = DBObjectSearch::FromOQL_AllData($this->m_sFilterExpr);
-		} else {
-			$oFilter = DBObjectSearch::FromOQL($this->m_sFilterExpr);
-			$oFilter->SetShowObsoleteData(utils::ShowObsoleteData());
-		}
-
-		if (!$oFilter) {
-			return false;
-		}
-		if (!is_null($this->m_oExtraCondition)) {
-			$oFilter = $oFilter->Intersect($this->m_oExtraCondition);
-		}
-		foreach ($this->m_aModifierProperties as $sPluginClass => $aProperties) {
-			foreach ($aProperties as $sProperty => $value) {
-				$oFilter->SetModifierProperty($sPluginClass, $sProperty, $value);
-			}
-		}
-
-		//$oExpression = DBObjectSearch::GetPolymorphicExpression($oFilter->GetClass(), 'friendlyname');
+		$oFilter = $this->GetFilter($sOperation, $sContains);
 		$sClass = $oFilter->GetClass();
 		$sClassAlias = $oFilter->GetClassAlias();

-		switch ($sOperation) {
-			case 'equals':
-				$aAttributes = MetaModel::GetFriendlyNameAttributeCodeList($sClass);
-				$aFilters = array();
-				$oValueExpr = new ScalarExpression($sContains);
-				foreach ($aAttributes as $sAttribute) {
-					$oNewFilter = $oFilter->DeepClone();
-					$oNameExpr = new FieldExpression($sAttribute, $sClassAlias);
-					$oCondition = new BinaryExpression($oNameExpr, '=', $oValueExpr);
-					$oNewFilter->AddConditionExpression($oCondition);
-					$aFilters[] = $oNewFilter;
-				}
-				// Unions are much faster than OR conditions
-				$oFilter = new DBUnionSearch($aFilters);
-				break;
-			case 'start_with':
-				$aAttributes = MetaModel::GetFriendlyNameAttributeCodeList($sClass);
-				$aFilters = array();
-				$oValueExpr = new ScalarExpression($sContains.'%');
-				foreach($aAttributes as $sAttribute)
-				{
-					$oNewFilter = $oFilter->DeepClone();
-					$oNameExpr = new FieldExpression($sAttribute, $sClassAlias);
-					$oCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr);
-					$oNewFilter->AddConditionExpression($oCondition);
-					$aFilters[] = $oNewFilter;
-				}
-				// Unions are much faster than OR conditions
-				$oFilter = new DBUnionSearch($aFilters);
-				break;
-
-			default:
-				$oValueExpr = new ScalarExpression('%'.$sContains.'%');
-				$oNameExpr = new FieldExpression('friendlyname', $sClassAlias);
-				$oNewCondition = new BinaryExpression($oNameExpr, 'LIKE', $oValueExpr);
-				$oFilter->AddConditionExpression($oNewCondition);
-				break;
-		}
-
 		$oObjects = new DBObjectSet($oFilter, $this->m_aOrderBy, $aArgs, null, $this->m_iLimit, 0, $this->m_bSort);
 		if (empty($this->m_sValueAttCode)) {
 			$aAttToLoad = ['friendlyname'];
--- a/css/backoffice/application/tabular-fields/_tabular-fields-selector.scss
+++ b/css/backoffice/application/tabular-fields/_tabular-fields-selector.scss
@@ -1,46 +1,60 @@
 /*
- * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @copyright   Copyright (C) 2010-2023 Combodo SARL
 * @license     http://opensource.org/licenses/AGPL-3.0
 */

+$ibo-table-preview--header-cell--padding: $ibo-spacing-200 $ibo-spacing-600 $ibo-spacing-200 $ibo-spacing-200 !default;
+$ibo-table-preview--header-cell--background-color: $ibo-color-white-200 !default;
+$ibo-table-preview--header-cell--border-width:  1px 1px 0 !default;
+
+$ibo-table-preview--body-cell--padding-x: $ibo-spacing-200 !default;
+$ibo-table-preview--body-cell--border-width: 0 1px !default;
+$ibo-table-preview--body-cell--last--border-bottom-width: 1px !default;
+
+$ibo-preview-header--margin-bottom: $ibo-spacing-200 !default;
+$ibo-table-preview--remove-column--top: $ibo-spacing-300 !default;
+$ibo-table-preview--remove-column--right: $ibo-spacing-300 !default;
+$ibo-table-preview--remove-column--font-size: 8px !default;
+
+$ibo-form-part-interactive-fields--margin-top: $ibo-spacing-600 !default;
+
 .ibo-table-preview {
  margin-top: 20px;
  overflow-x: auto;

  th {
    position: relative;
-    padding: 5px;
-    padding-right: $ibo-spacing-600;
-    border-width: 1px 1px 0;
+    padding: $ibo-table-preview--header-cell--padding;
+    border-width: $ibo-table-preview--header-cell--border-width;
    border-style: groove groove none;
-    background: $ibo-color-white-200;
+    background: $ibo-table-preview--header-cell--background-color;
  }

  td {
-    padding-right: 5px;
-    padding-left: 5px;
-    border-width: 0 1px;
+    padding-right: $ibo-table-preview--body-cell--padding-x;
+    padding-left: $ibo-table-preview--body-cell--padding-x;
+    border-width: $ibo-table-preview--body-cell--border-width;
    border-style: none groove;
  }

  tr:last-child td {
-    border-bottom-width: 1px;
+    border-bottom-width: $ibo-table-preview--body-cell--last--border-bottom-width;
    border-bottom-style: groove;
  }
 }

 .ibo-preview-header {
-  margin-bottom: 5px;
+  margin-bottom: $ibo-preview-header--margin-bottom;
 }
 .ibo-table-preview--remove-column {
  position: absolute;
-  top: $ibo-spacing-300;
-  right: $ibo-spacing-300;
+  top: $ibo-table-preview--remove-column--top;
+  right: $ibo-table-preview--remove-column--right;
  display: inline-block;
  cursor: pointer;
-  font-size: 8px;
+  font-size: $ibo-table-preview--remove-column--font-size;
 }

 #form_part_interactive_fields_xlsx, #form_part_interactive_fields_csv, #form_part_interactive_fields_pdf {
-  margin-top: $ibo-spacing-600;
+  margin-top: $ibo-form-part-interactive-fields--margin-top;
 }
--- a/css/backoffice/components/_datatable.scss
+++ b/css/backoffice/components/_datatable.scss
@@ -20,7 +20,7 @@ $ibo-datatable--row--background-color--is-selected: $ibo-color-primary-300 !defa
 $ibo-datatable--selection-validation-buttons-toolbar--margin-top: 10px !default;
 $ibo-list-column--max-height: 150px !default;

-$ibo-datatable--sort-order--color: $ibo-color-orange-600 !default;
+$ibo-datatable--sort-order--color: $ibo-color-primary-600 !default;

 $ibo-fieldsorter--selected--background-color: $ibo-color-blue-200 !default;

--- a/css/backoffice/components/_field.scss
+++ b/css/backoffice/components/_field.scss
@@ -253,3 +253,6 @@ $ibo-field--enable-bulk--checkbox--margin-left: $ibo-spacing-300 !default;
  margin-left: $ibo-field--enable-bulk--checkbox--margin-left;
 }

+.ibo-input-select--action-buttons a  {
+  @extend %ibo-hyperlink-inherited-colors;
+}
--- a/css/backoffice/pages/_csv-import.scss
+++ b/css/backoffice/pages/_csv-import.scss
@@ -3,7 +3,14 @@
 * @license     http://opensource.org/licenses/AGPL-3.0
 */

-$ibo-csv-import--cell-message-padding:3px;
+$ibo-csv-import--cell-message--padding-top: 3px !default;
+$ibo-csv-import--cell-modified--color: $ibo-color-blue-700 !default;
+$ibo-csv-import--cell-error--color: $ibo-color-red-700 !default;
+$ibo-csv-import--row--border-color: $ibo-color-grey-400 !default;
+$ibo-csv-import--row-error--background-color: $ibo-color-red-200 !default;
+$ibo-csv-import--download-file--color: $ibo-color-primary-400 !default;
+$ibo-csv-import--download-file--font-size: 4em !default;
+$ibo-csv-import--download-file--margin: 20px !default;

 #tabs1-import .ibo-field--label {
  max-width: 50%;
@@ -11,37 +18,37 @@ $ibo-csv-import--cell-message-padding:3px;

 div.ibo-csv-import--cell-modified {
  font-weight: bold;
-  color: $ibo-color-blue-700;
+  color: $ibo-csv-import--cell-modified--color;
 }

 div.ibo-csv-import--cell-error {
  font-weight: bold;
-  color: $ibo-color-red-700;
+  color: $ibo-csv-import--cell-error--color;
 }

 div.ibo-csv-import--cell-message {
-  padding-top: $ibo-csv-import--cell-message-padding;
+  padding-top: $ibo-csv-import--cell-message--padding-top;
 }

 tr.ibo-csv-import--row-unchanged td {
-  border-bottom: 1px $ibo-color-grey-400 solid;
+  border-bottom: 1px $ibo-csv-import--row--border-color solid;
 }

 .wizContainer table tr.ibo-csv-import--row-error td {
-  border-bottom: 1px $ibo-color-grey-400 solid;
-  background-color: $ibo-color-red-200;
+  border-bottom: 1px $ibo-csv-import--row--border-color solid;
+  background-color: $ibo-csv-import--row-error--background-color;
 }

 tr.ibo-csv-import--row-modified td {
-  border-bottom: 1px $ibo-color-grey-400 solid;
+  border-bottom: 1px $ibo-csv-import--row--border-color solid;
 }

 tr.ibo-csv-import--row-added td {
-  border-bottom: 1px $ibo-color-grey-400 solid;
+  border-bottom: 1px $ibo-csv-import--row--border-color solid;
 }

 .ibo-csv-import--download-file {
-  font-size: 4em;
-  color: $ibo-color-primary-400;
-  margin: 20px;
+  font-size: $ibo-csv-import--download-file--font-size;
+  color: $ibo-csv-import--download-file--color;
+  margin: $ibo-csv-import--download-file--margin;
 }
--- a/css/backoffice/pages/_datamodel-viewer.scss
+++ b/css/backoffice/pages/_datamodel-viewer.scss
@@ -6,6 +6,10 @@
 $ibo-datamodel-viewer--parent--spacer--padding-y: $ibo-spacing-0 !default;
 $ibo-datamodel-viewer--parent--spacer--padding-x: $ibo-spacing-300 !default;

+$ibo-datamodel-viewer--classes-list--selectize-input--background-color: $ibo-color-white-100 !default;
+$ibo-datamodel-viewer--classes-list--selectize-input--color: $ibo-color-grey-800 !default;
+$ibo-datamodel-viewer--classes-list--selectize-input--border-color: $ibo-color-grey-500 !default;
+
 $ibo-datamodel-viewer--attributes-table--first-column--width: 3px !default;

 $ibo-datamodel-viewer--origin-cell--diameter: 8px !default;
@@ -45,6 +49,15 @@ $ibo-datamodel-viewer--lifecycle-image--margin-bottom: $ibo-spacing-500 !default
  padding: $ibo-datamodel-viewer--parent--spacer--padding-y $ibo-datamodel-viewer--parent--spacer--padding-x;
 }

+// Overwrite selectize rules with !important
+.ibo-datamodel-viewer--classes-list .selectize-input{
+  background-color: $ibo-datamodel-viewer--classes-list--selectize-input--background-color !important;
+  background-image: none !important;
+  color: $ibo-datamodel-viewer--classes-list--selectize-input--color;
+  box-shadow: none !important;
+  border-color: $ibo-datamodel-viewer--classes-list--selectize-input--border-color !important;
+}
+
 #ibo-datamodel-viewer--attributes-table{
  > tbody tr td:first-child{
    width: $ibo-datamodel-viewer--attributes-table--first-column--width;
--- a/css/backoffice/utils/helpers/_misc.scss
+++ b/css/backoffice/utils/helpers/_misc.scss
@@ -159,6 +159,16 @@ body.ibo-has-fullscreen-descendant {
    border-spacing: 2px;
  }

+  /*
+   * N°5317 - Handle overlapping tables when table cells have fixed widths
+   * Force table cell NOT to have a fixed width and to wrap when necessary
+   */
+  td {
+    width: unset !important;
+    word-break: break-word !important;
+    white-space: unset !important;
+  }
+
  /* Preserve original text color in code blocks, except for the Highlight.js blocks which have their own colors */
  & > code,
  code:not(.hljs)  {
--- a/css/backoffice/utils/variables/colors/_all.scss
+++ b/css/backoffice/utils/variables/colors/_all.scss
@@ -6,4 +6,5 @@
@import "base";
@import "base-palette";
@import "semantic-palette";
-@import "lifecycle-palette";
+@import "lifecycle-palette";
+@import "skeleton-palette";
--- a/css/backoffice/utils/variables/colors/_skeleton-palette.scss
+++ b/css/backoffice/utils/variables/colors/_skeleton-palette.scss
@@ -0,0 +1,17 @@
+/*
+ * @copyright   Copyright (C) 2010-2023 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+/* Skeleton palette */
+/* - Colors used by skeletons svg to display placeholders */
+
+$ibo-skeleton-start-color: $ibo-color-grey-200 !default;
+$ibo-skeleton-stop-color: $ibo-color-blue-grey-100 !default;
+
+/* CSS variables */
+/* Skeleton CSS3 variables are not ibo prefixed as they are not iTop backoffice exclusives*/
+:root {
+  --skeleton-start-color: #{$ibo-skeleton-start-color};
+  --skeleton-stop-color: #{$ibo-skeleton-stop-color};
+}
--- a/css/css-variables.scss
+++ b/css/css-variables.scss
@@ -25,6 +25,8 @@
 // Beware the version number MUST be enclosed with quotes otherwise v2.3.0 becomes v2 0.3 .0
 $version: "v2.7.7";
 $approot-relative: "../../../../" !default; // relative to env-***/branding/themes/***/main.css
+$version: "v2.7.8";
+$approot-relative: "../../../../../" !default; // relative to env-***/branding/themes/***/main.css

 // Base colors
 $gray-base: #000 !default;
--- a/css/ui-lightness/jqueryui.scss
+++ b/css/ui-lightness/jqueryui.scss
@@ -7,6 +7,16 @@
 *
 * Other modification done : replaced the `Alpha(` by `alpha(` to avoid warnings generated by SCSSPHP
 */
+
+
+/********************************************************************************/
+/*                                                                              */
+/* @deprecated 3.0.0 N°3558 now we are using /css/backoffice/vendors/_jquery*   */
+/*                                                                              */
+/********************************************************************************/
+
+
+
 .ui-draggable-handle {
    -ms-touch-action: none;
    touch-action: none;
--- a/datamodels/2.x/authent-cas/composer.json
+++ b/datamodels/2.x/authent-cas/composer.json
@@ -1,5 +1,13 @@
 {
-	"require" : {
-		"apereo/phpcas" : "~1.3"
-	}
+  "config" : {
+    "classmap-authoritative" : true
+  },
+  "autoload" : {
+    "psr-4" : {
+      "Combodo\\iTop\\Cas\\" : "src"
+    }
+  },
+  "require" : {
+    "apereo/phpcas" : "~1.6.0"
+  }
 }
--- a/datamodels/2.x/authent-cas/composer.lock
+++ b/datamodels/2.x/authent-cas/composer.lock
@@ -4,28 +4,32 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "4db4df78154f0de344ba35a27fe766b7",
+    "content-hash": "46afbbe7e92c2ccfe403f366ef1877e5",
    "packages": [
        {
            "name": "apereo/phpcas",
-            "version": "1.3.7",
+            "version": "1.6.0",
            "source": {
                "type": "git",
                "url": "https://github.com/apereo/phpCAS.git",
-                "reference": "b5b29102c3a42f570c4a3e852f3cf67cae6d6082"
+                "reference": "f817c72a961484afef95ac64a9257c8e31f063b9"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/apereo/phpCAS/zipball/b5b29102c3a42f570c4a3e852f3cf67cae6d6082",
-                "reference": "b5b29102c3a42f570c4a3e852f3cf67cae6d6082",
+                "url": "https://api.github.com/repos/apereo/phpCAS/zipball/f817c72a961484afef95ac64a9257c8e31f063b9",
+                "reference": "f817c72a961484afef95ac64a9257c8e31f063b9",
                "shasum": ""
            },
            "require": {
                "ext-curl": "*",
-                "php": ">=5.4.0"
+                "ext-dom": "*",
+                "php": ">=7.1.0",
+                "psr/log": "^1.0 || ^2.0 || ^3.0"
            },
            "require-dev": {
-                "phpunit/phpunit": "~3.7.10"
+                "monolog/monolog": "^1.0.0 || ^2.0.0",
+                "phpstan/phpstan": "^1.5",
+                "phpunit/phpunit": ">=7.5"
            },
            "type": "library",
            "extra": {
@@ -45,11 +49,16 @@
            "authors": [
                {
                    "name": "Joachim Fritschi",
-                    "homepage": "https://wiki.jasig.org/display/~fritschi"
+                    "email": "jfritschi@freenet.de",
+                    "homepage": "https://github.com/jfritschi"
                },
                {
                    "name": "Adam Franco",
-                    "homepage": "https://wiki.jasig.org/display/~adamfranco"
+                    "homepage": "https://github.com/adamfranco"
+                },
+                {
+                    "name": "Henry Pan",
+                    "homepage": "https://github.com/phy25"
                }
            ],
            "description": "Provides a simple API for authenticating users against a CAS server",
@@ -59,7 +68,61 @@
                "cas",
                "jasig"
            ],
-            "time": "2019-04-22T19:48:16+00:00"
+            "support": {
+                "issues": "https://github.com/apereo/phpCAS/issues",
+                "source": "https://github.com/apereo/phpCAS/tree/1.6.0"
+            },
+            "time": "2022-10-31T20:39:27+00:00"
+        },
+        {
+            "name": "psr/log",
+            "version": "1.1.4",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/php-fig/log.git",
+                "reference": "d49695b909c3b7628b6289db5479a1c204601f11"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/d49695b909c3b7628b6289db5479a1c204601f11",
+                "reference": "d49695b909c3b7628b6289db5479a1c204601f11",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Psr\\Log\\": "Psr/Log/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "PHP-FIG",
+                    "homepage": "https://www.php-fig.org/"
+                }
+            ],
+            "description": "Common interface for logging libraries",
+            "homepage": "https://github.com/php-fig/log",
+            "keywords": [
+                "log",
+                "psr",
+                "psr-3"
+            ],
+            "support": {
+                "source": "https://github.com/php-fig/log/tree/1.1.4"
+            },
+            "time": "2021-05-03T11:20:27+00:00"
        }
    ],
    "packages-dev": [],
@@ -69,5 +132,6 @@
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": [],
-    "platform-dev": []
+    "platform-dev": [],
+    "plugin-api-version": "2.1.0"
 }
--- a/datamodels/2.x/authent-cas/main.php
+++ b/datamodels/2.x/authent-cas/main.php
@@ -1,4 +0,0 @@
-<?php
-require_once __DIR__.'/vendor/autoload.php';
-require_once __DIR__.'/src/Config.php';
-require_once __DIR__.'/src/CASLoginExtension.php';
--- a/datamodels/2.x/authent-cas/module.authent-cas.php
+++ b/datamodels/2.x/authent-cas/module.authent-cas.php
@@ -5,7 +5,7 @@

 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-cas/3.0.2',
+	'authent-cas/3.0.3',
 	array(
 		// Identification
 		//
@@ -24,7 +24,8 @@ SetupWebPage::AddModule(
 		//
 		'datamodel' => array(
 			'model.authent-cas.php',
-			'main.php'
+			'vendor/autoload.php',
+			'src/CASLoginExtension.php',
 		),
 		'webservice' => array(
 			
@@ -50,6 +51,7 @@ SetupWebPage::AddModule(
 			'cas_port' => '',
 			'cas_context' => '',
 			'cas_version' => '',
+			'service_base_url' => '',
 		),
 	)
 );
--- a/datamodels/2.x/authent-cas/src/CASLog.php
+++ b/datamodels/2.x/authent-cas/src/CASLog.php
@@ -0,0 +1,17 @@
+<?php
+/**
+ * @copyright   Copyright (C) 2010-2022 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+namespace Combodo\iTop\Cas;
+
+use LogAPI;
+
+class CASLog extends LogAPI
+{
+	const CHANNEL_DEFAULT = 'CASLog';
+
+	protected static $m_oFileLog = null;
+}
+
--- a/datamodels/2.x/authent-cas/src/CASLogger.php
+++ b/datamodels/2.x/authent-cas/src/CASLogger.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * @copyright   Copyright (C) 2010-2022 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+namespace Combodo\iTop\Cas;
+
+use IssueLog;
+use LogAPI;
+use Psr\Log\LoggerInterface;
+use Psr\Log\LogLevel;
+
+class CASLogger implements LoggerInterface
+{
+	public function __construct($sDebugFile)
+	{
+		CASLog::Enable($sDebugFile);
+	}
+
+	const LEVEL_COMPAT = [
+		LogLevel::EMERGENCY => LogAPI::LEVEL_ERROR,
+		LogLevel::ALERT => LogAPI::LEVEL_ERROR,
+		LogLevel::CRITICAL => LogAPI::LEVEL_ERROR,
+		LogLevel::ERROR => LogAPI::LEVEL_ERROR,
+		LogLevel::WARNING => LogAPI::LEVEL_WARNING,
+		LogLevel::NOTICE => LogAPI::LEVEL_INFO,
+		LogLevel::INFO => LogAPI::LEVEL_INFO,
+		LogLevel::DEBUG => LogAPI::LEVEL_DEBUG,
+	];
+
+	public function emergency($message, array $context = array())
+	{
+		CASLog::Error('EMERGENCY: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+		IssueLog::Error('EMERGENCY: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function alert($message, array $context = array())
+	{
+		CASLog::Error('ALERT: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+		IssueLog::Error('ALERT: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function critical($message, array $context = array())
+	{
+		CASLog::Error('CRITICAL: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+		IssueLog::Error('CRITICAL: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function error($message, array $context = array())
+	{
+		CASLog::Error('ERROR: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+		IssueLog::Error('ERROR: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function warning($message, array $context = array())
+	{
+		CASLog::Warning('WARNING: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function notice($message, array $context = array())
+	{
+		CASLog::Info('NOTICE: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function info($message, array $context = array())
+	{
+		CASLog::Info('INFO: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function debug($message, array $context = array())
+	{
+		CASLog::Debug('DEBUG: '.$message, CASLog::CHANNEL_DEFAULT, $context);
+	}
+
+	public function log($level, $message, array $context = array())
+	{
+		$sLevel = self::LEVEL_COMPAT[$level] ?? LogAPI::LEVEL_ERROR;
+		CASLog::Log($sLevel, strtoupper($level).": $message", CASLog::CHANNEL_DEFAULT, $context);
+	}
+}
--- a/datamodels/2.x/authent-cas/src/CASLoginExtension.php
+++ b/datamodels/2.x/authent-cas/src/CASLoginExtension.php
@@ -153,7 +153,7 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
 		$bCASDebug = Config::Get('cas_debug');
 		if ($bCASDebug)
 		{
-			phpCAS::setDebug(APPROOT.'log/cas.log');
+			phpCAS::setLogger(new CASLogger(APPROOT.'log/cas.log'));
 		}

 		// Initialize phpCAS
@@ -161,7 +161,8 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
 		$sCASHost = Config::Get('cas_host');
 		$iCASPort = Config::Get('cas_port');
 		$sCASContext = Config::Get('cas_context');
-		phpCAS::client($sCASVersion, $sCASHost, $iCASPort, $sCASContext, false /* session already started */);
+		$sServiceBaseURL = Config::Get('service_base_url', self::GetServiceBaseURL());
+		phpCAS::client($sCASVersion, $sCASHost, $iCASPort, $sCASContext, $sServiceBaseURL, false /* session already started */);
 		$sCASCACertPath = Config::Get('cas_server_ca_cert_path');
 		if (empty($sCASCACertPath))
 		{
@@ -177,6 +178,38 @@ class CASLoginExtension extends AbstractLoginFSMExtension implements iLogoutExte
 		}
 	}

+	private static function GetServiceBaseURL()
+	{
+		$protocol = $_SERVER['REQUEST_SCHEME'];
+		$protocol .= '://';
+		if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+			// explode the host list separated by comma and use the first host
+			$hosts = explode(',', $_SERVER['HTTP_X_FORWARDED_HOST']);
+			// see rfc7239#5.3 and rfc7230#2.7.1: port is in HTTP_X_FORWARDED_HOST if non default
+			return $protocol . $hosts[0];
+		} else if (!empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
+			$server_url = $_SERVER['HTTP_X_FORWARDED_SERVER'];
+		} else {
+			if (empty($_SERVER['SERVER_NAME'])) {
+				$server_url = $_SERVER['HTTP_HOST'];
+			} else {
+				$server_url = $_SERVER['SERVER_NAME'];
+			}
+		}
+		if (!strpos($server_url, ':')) {
+			if (empty($_SERVER['HTTP_X_FORWARDED_PORT'])) {
+				$server_port = $_SERVER['SERVER_PORT'];
+			} else {
+				$ports = explode(',', $_SERVER['HTTP_X_FORWARDED_PORT']);
+				$server_port = $ports[0];
+			}
+
+			$server_url .= ':';
+			$server_url .= $server_port;
+		}
+		return $protocol . $server_url;
+	}
+
 	private function DoUserProvisioning($sLogin)
 	{
 		$bCASUserSynchro = Config::Get('cas_user_synchro');
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/CAS.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/CAS.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- *  PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS.php
 * @category Authentication
@@ -27,4 +27,6 @@
 * @link     https://wiki.jasig.org/display/CASC/phpCAS
 */

-require_once dirname(__FILE__).'/source/CAS.php';
+require_once __DIR__.'/source/CAS.php';
+
+trigger_error('Including CAS.php is deprecated. Install phpCAS using composer instead.', E_USER_DEPRECATED);
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/README.md
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/README.md
@@ -6,22 +6,21 @@ users via a Central Authentication Service (CAS) server.

 Please see the wiki website for more information:

-https://wiki.jasig.org/display/CASC/phpCAS
+https://apereo.github.io/phpCAS/

 Api documentation can be found here:

-https://apereo.github.io/phpCAS/
+https://apereo.github.io/phpCAS/api/


-[![Build Status](https://travis-ci.org/apereo/phpCAS.png)](https://travis-ci.org/apereo/phpCAS)
-
+[![Test](https://github.com/apereo/phpCAS/actions/workflows/test.yml/badge.svg)](https://github.com/apereo/phpCAS/actions/workflows/test.yml)

 LICENSE
 -------

-Copyright 2007-2015, JA-SIG, Inc.
-This project includes software developed by Jasig.
-http://www.jasig.org/
+Copyright 2007-2020, Apereo Foundation.
+This project includes software developed by Apereo Foundation.
+http://www.apereo.org/

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this software except in compliance with the License.
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/composer.json
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/composer.json
@@ -1,29 +1,55 @@
 {
-    "name": "apereo/phpcas",
-    "description": "Provides a simple API for authenticating users against a CAS server",
-    "keywords": ["cas", "jasig", "apereo"],
-    "homepage": "https://wiki.jasig.org/display/CASC/phpCAS",
-    "type": "library",
-    "license": "Apache-2.0",
-    "authors": [
-        {"name": "Joachim Fritschi", "homepage": "https://wiki.jasig.org/display/~fritschi"},
-        {"name": "Adam Franco", "homepage": "https://wiki.jasig.org/display/~adamfranco"}
-    ],
-    "require": {
-        "php": ">=5.4.0",
-        "ext-curl": "*"
+	"name" : "apereo/phpcas",
+	"description" : "Provides a simple API for authenticating users against a CAS server",
+	"keywords" : [
+		"cas",
+		"jasig",
+		"apereo"
+	],
+	"homepage" : "https://wiki.jasig.org/display/CASC/phpCAS",
+	"type" : "library",
+	"license" : "Apache-2.0",
+	"authors" : [{
+			"name" : "Joachim Fritschi",
+			"homepage" : "https://github.com/jfritschi",
+			"email" : "jfritschi@freenet.de"
+		}, {
+			"name" : "Adam Franco",
+			"homepage" : "https://github.com/adamfranco"
+		}, {
+			"name" : "Henry Pan",
+			"homepage" : "https://github.com/phy25"
+		}
+	],
+	"require" : {
+		"php" : ">=7.1.0",
+		"ext-curl" : "*",
+		"ext-dom"  : "*",
+		"psr/log" : "^1.0 || ^2.0 || ^3.0"
    },
-    "require-dev": {
-        "phpunit/phpunit": "~3.7.10"
-    },
-    "autoload": {
-        "classmap": [
-            "source/"
-        ]
-    },
-    "extra": {
-        "branch-alias": {
-            "dev-master": "1.3.x-dev"
-        }
-    }
+	"require-dev" : {
+		"monolog/monolog" : "^1.0.0 || ^2.0.0",
+		"phpunit/phpunit" : ">=7.5", 
+		"phpstan/phpstan" : "^1.5"
+	},
+	"autoload" : {
+		"classmap" : [
+			"source/"
+		]
+	},
+	"autoload-dev" : {
+		"files": ["source/CAS.php"],
+		"psr-4" : {
+			"PhpCas\\" : "test/CAS/"
+		}
+	},
+	"scripts" : {
+		"test" : "phpunit", 
+		"phpstan" : "phpstan"
+	},
+	"extra" : {
+		"branch-alias" : {
+			"dev-master" : "1.3.x-dev"
+		}
+	}
 }
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS.php
@@ -20,7 +20,7 @@
 *
 *
 * Interface class of the phpCAS library
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/CAS.php
 * @category Authentication
@@ -35,6 +35,7 @@
 * @ingroup public
 */

+use Psr\Log\LoggerInterface;

 //
 // hack by Vangelis Haniotakis to handle the absence of $_SERVER['REQUEST_URI']
@@ -44,11 +45,6 @@ if (!isset($_SERVER['REQUEST_URI']) && isset($_SERVER['SCRIPT_NAME']) && isset($
    $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME'] . '?' . $_SERVER['QUERY_STRING'];
 }

-// Add a E_USER_DEPRECATED for php versions <= 5.2
-if (!defined('E_USER_DEPRECATED')) {
-    define('E_USER_DEPRECATED', E_USER_NOTICE);
-}
-

 // ########################################################################
 //  CONSTANTS
@@ -61,7 +57,7 @@ if (!defined('E_USER_DEPRECATED')) {
 /**
 * phpCAS version. accessible for the user by phpCAS::getVersion().
 */
-define('PHPCAS_VERSION', '1.3.7');
+define('PHPCAS_VERSION', '1.6.0');

 /**
 * @addtogroup public
@@ -140,11 +136,6 @@ define("SAML_SOAP_ENV_CLOSE", '</SOAP-ENV:Envelope>');
 */
 define("SAML_ATTRIBUTES", 'SAMLATTRIBS');

-/**
- * SAML Attributes
- */
-define("DEFAULT_ERROR", 'Internal script failure');
-
 /** @} */
 /**
 * @addtogroup publicPGTStorage
@@ -224,6 +215,8 @@ define("PHPCAS_LANG_JAPANESE", 'CAS_Languages_Japanese');
 define("PHPCAS_LANG_SPANISH", 'CAS_Languages_Spanish');
 define("PHPCAS_LANG_CATALAN", 'CAS_Languages_Catalan');
 define("PHPCAS_LANG_CHINESE_SIMPLIFIED", 'CAS_Languages_ChineseSimplified');
+define("PHPCAS_LANG_GALEGO", 'CAS_Languages_Galego');
+define("PHPCAS_LANG_PORTUGUESE", 'CAS_Languages_Portuguese');

 /** @} */

@@ -261,7 +254,7 @@ define('DEFAULT_DEBUG_DIR', gettmpdir()."/");
 /** @} */

 // include the class autoloader
-require_once dirname(__FILE__) . '/CAS/Autoload.php';
+require_once __DIR__ . '/CAS/Autoload.php';

 /**
 * The phpCAS class is a simple container for the phpCAS library. It provides CAS
@@ -330,12 +323,22 @@ class phpCAS
    /**
     * phpCAS client initializer.
     *
-     * @param string $server_version  the version of the CAS server
-     * @param string $server_hostname the hostname of the CAS server
-     * @param int    $server_port     the port the CAS server is running on
-     * @param string $server_uri      the URI the CAS server is responding on
-     * @param bool   $changeSessionID Allow phpCAS to change the session_id (Single
-     * Sign Out/handleLogoutRequests is based on that change)
+     * @param string                   $server_version  the version of the CAS server
+     * @param string                   $server_hostname the hostname of the CAS server
+     * @param int                      $server_port     the port the CAS server is running on
+     * @param string                   $server_uri      the URI the CAS server is responding on
+     * @param string|string[]|CAS_ServiceBaseUrl_Interface
+     *                                 $service_base_url the base URL (protocol, host and the
+     *                                                  optional port) of the CAS client; pass
+     *                                                  in an array to use auto discovery with
+     *                                                  an allowlist; pass in
+     *                                                  CAS_ServiceBaseUrl_Interface for custom
+     *                                                  behavior. Added in 1.6.0. Similar to
+     *                                                  serverName config in other CAS clients.
+     * @param bool                     $changeSessionID Allow phpCAS to change the session_id
+     *                                                  (Single Sign Out/handleLogoutRequests
+     *                                                  is based on that change)
+     * @param \SessionHandlerInterface $sessionHandler  the session handler
     *
     * @return void a newly created CAS_Client object
     * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -343,7 +346,8 @@ class phpCAS
     * and phpCAS::setDebug()).
     */
    public static function client($server_version, $server_hostname,
-        $server_port, $server_uri, $changeSessionID = true
+        $server_port, $server_uri, $service_base_url,
+        $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null
    ) {
        phpCAS :: traceBegin();
        if (is_object(self::$_PHPCAS_CLIENT)) {
@@ -362,8 +366,8 @@ class phpCAS
        // initialize the object $_PHPCAS_CLIENT
        try {
            self::$_PHPCAS_CLIENT = new CAS_Client(
-                $server_version, false, $server_hostname, $server_port, $server_uri,
-                $changeSessionID
+                $server_version, false, $server_hostname, $server_port, $server_uri, $service_base_url,
+                $changeSessionID, $sessionHandler
            );
        } catch (Exception $e) {
            phpCAS :: error(get_class($e) . ': ' . $e->getMessage());
@@ -374,12 +378,22 @@ class phpCAS
    /**
     * phpCAS proxy initializer.
     *
-     * @param string $server_version  the version of the CAS server
-     * @param string $server_hostname the hostname of the CAS server
-     * @param int    $server_port     the port the CAS server is running on
-     * @param string $server_uri      the URI the CAS server is responding on
-     * @param bool   $changeSessionID Allow phpCAS to change the session_id (Single
-     * Sign Out/handleLogoutRequests is based on that change)
+     * @param string                   $server_version  the version of the CAS server
+     * @param string                   $server_hostname the hostname of the CAS server
+     * @param string                   $server_port     the port the CAS server is running on
+     * @param string                   $server_uri      the URI the CAS server is responding on
+     * @param string|string[]|CAS_ServiceBaseUrl_Interface
+     *                                 $service_base_url the base URL (protocol, host and the
+     *                                                  optional port) of the CAS client; pass
+     *                                                  in an array to use auto discovery with
+     *                                                  an allowlist; pass in
+     *                                                  CAS_ServiceBaseUrl_Interface for custom
+     *                                                  behavior. Added in 1.6.0. Similar to
+     *                                                  serverName config in other CAS clients.
+     * @param bool                     $changeSessionID Allow phpCAS to change the session_id
+     *                                                  (Single Sign Out/handleLogoutRequests
+     *                                                  is based on that change)
+     * @param \SessionHandlerInterface $sessionHandler  the session handler
     *
     * @return void a newly created CAS_Client object
     * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -387,7 +401,8 @@ class phpCAS
     * and phpCAS::setDebug()).
     */
    public static function proxy($server_version, $server_hostname,
-        $server_port, $server_uri, $changeSessionID = true
+        $server_port, $server_uri, $service_base_url,
+        $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null
    ) {
        phpCAS :: traceBegin();
        if (is_object(self::$_PHPCAS_CLIENT)) {
@@ -406,8 +421,8 @@ class phpCAS
        // initialize the object $_PHPCAS_CLIENT
        try {
            self::$_PHPCAS_CLIENT = new CAS_Client(
-                $server_version, true, $server_hostname, $server_port, $server_uri,
-                $changeSessionID
+                $server_version, true, $server_hostname, $server_port, $server_uri, $service_base_url,
+                $changeSessionID, $sessionHandler
            );
        } catch (Exception $e) {
            phpCAS :: error(get_class($e) . ': ' . $e->getMessage());
@@ -435,6 +450,24 @@ class phpCAS
     * @{
     */

+    /**
+     * Set/unset PSR-3 logger
+     *
+     * @param LoggerInterface $logger the PSR-3 logger used for logging, or
+     * null to stop logging.
+     *
+     * @return void
+     */
+    public static function setLogger($logger = null)
+    {
+        if (empty(self::$_PHPCAS_DEBUG['unique_id'])) {
+            self::$_PHPCAS_DEBUG['unique_id'] = substr(strtoupper(md5(uniqid(''))), 0, 4);
+        }
+        self::$_PHPCAS_DEBUG['logger'] = $logger;
+        self::$_PHPCAS_DEBUG['indent'] = 0;
+        phpCAS :: trace('START ('.date("Y-m-d H:i:s").') phpCAS-' . PHPCAS_VERSION . ' ******************');
+    }
+
    /**
     * Set/unset debug mode
     *
@@ -442,9 +475,13 @@ class phpCAS
     * to stop debugging.
     *
     * @return void
+     *
+     * @deprecated
     */
    public static function setDebug($filename = '')
    {
+        trigger_error('phpCAS::setDebug() is deprecated in favor of phpCAS::setLogger().', E_USER_DEPRECATED);
+
        if ($filename != false && gettype($filename) != 'string') {
            phpCAS :: error('type mismatched for parameter $dbg (should be false or the name of the log file)');
        }
@@ -518,14 +555,7 @@ class phpCAS
        $indent_str = ".";


-        if (!empty(self::$_PHPCAS_DEBUG['filename'])) {
-            // Check if file exists and modifiy file permissions to be only
-            // readable by the webserver
-            if (!file_exists(self::$_PHPCAS_DEBUG['filename'])) {
-                touch(self::$_PHPCAS_DEBUG['filename']);
-                // Chmod will fail on windows
-                @chmod(self::$_PHPCAS_DEBUG['filename'], 0600);
-            }
+        if (isset(self::$_PHPCAS_DEBUG['logger']) || !empty(self::$_PHPCAS_DEBUG['filename'])) {
            for ($i = 0; $i < self::$_PHPCAS_DEBUG['indent']; $i++) {

                $indent_str .= '|    ';
@@ -533,7 +563,20 @@ class phpCAS
            // allow for multiline output with proper identing. Usefull for
            // dumping cas answers etc.
            $str2 = str_replace("\n", "\n" . self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str);
-            error_log(self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2 . "\n", 3, self::$_PHPCAS_DEBUG['filename']);
+            $str3 = self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2;
+            if (isset(self::$_PHPCAS_DEBUG['logger'])) {
+                self::$_PHPCAS_DEBUG['logger']->info($str3);
+            }
+            if (!empty(self::$_PHPCAS_DEBUG['filename'])) {
+                // Check if file exists and modifiy file permissions to be only
+                // readable by the webserver
+                if (!file_exists(self::$_PHPCAS_DEBUG['filename'])) {
+                    touch(self::$_PHPCAS_DEBUG['filename']);
+                    // Chmod will fail on windows
+                    @chmod(self::$_PHPCAS_DEBUG['filename'], 0600);
+                }
+                error_log($str3 . "\n", 3, self::$_PHPCAS_DEBUG['filename']);
+            }
        }

    }
@@ -567,8 +610,6 @@ class phpCAS
        }
        if (self::$_PHPCAS_VERBOSE) {
            echo "<br />\n<b>phpCAS error</b>: <font color=\"FF0000\"><b>" . __CLASS__ . "::" . $function . '(): ' . htmlentities($msg) . "</b></font> in <b>" . $file . "</b> on line <b>" . $line . "</b><br />\n";
-        } else {
-            echo "<br />\n<b>Error</b>: <font color=\"FF0000\"><b>". DEFAULT_ERROR ."</b><br />\n";
        }
        phpCAS :: trace($msg . ' in ' . $file . 'on line ' . $line );
        phpCAS :: traceEnd();
@@ -1869,6 +1910,14 @@ class phpCAS
        }
    }

+    /**
+     * @return CAS_Client
+     */
+    public static function getCasClient()
+    {
+        return self::$_PHPCAS_CLIENT;
+    }
+
    /**
     * For testing purposes, use this method to set the client to a test double
     *
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/AuthenticationException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/AuthenticationException.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/AuthenticationException.php
 * @category Authentication
@@ -72,11 +72,15 @@ implements CAS_Exception
        phpCAS::traceBegin();
        $lang = $client->getLangObj();
        $client->printHTMLHeader($lang->getAuthenticationFailed());
-        printf(
-            $lang->getYouWereNotAuthenticated(),
-            htmlentities($client->getURL()),
-            isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
-        );
+
+        if (phpCAS::getVerbose()) {
+            printf(
+                $lang->getYouWereNotAuthenticated(),
+                htmlentities($client->getURL()),
+                $_SERVER['SERVER_ADMIN'] ?? ''
+            );
+        }
+
        phpCAS::trace($messages[] = 'CAS URL: '.$cas_url);
        phpCAS::trace($messages[] = 'Authentication failure: '.$failure);
        if ( $no_response ) {
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Autoload.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Autoload.php
@@ -3,7 +3,7 @@
 /**
 * Autoloader Class
 *
- *  PHP Version 5
+ *  PHP Version 7
 *
 * @file      CAS/Autoload.php
 * @category  Authentication
@@ -26,18 +26,24 @@ function CAS_autoload($class)
    // Static to hold the Include Path to CAS
    static $include_path;
    // Check only for CAS classes
-    if (substr($class, 0, 4) !== 'CAS_') {
+    if (substr($class, 0, 4) !== 'CAS_' && substr($class, 0, 7) !== 'PhpCas\\') {
        return false;
    }
+
    // Setup the include path if it's not already set from a previous call
    if (empty($include_path)) {
-        $include_path = array(dirname(dirname(__FILE__)), dirname(dirname(__FILE__)) . '/../test/' );
+        $include_path = array(dirname(__DIR__));
    }

    // Declare local variable to store the expected full path to the file
-
    foreach ($include_path as $path) {
-        $file_path = $path . '/' . str_replace('_', '/', $class) . '.php';
+        $class_path = str_replace('_', DIRECTORY_SEPARATOR, $class);
+        // PhpCas namespace mapping
+        if (substr($class_path, 0, 7) === 'PhpCas\\') {
+            $class_path = 'CAS' . DIRECTORY_SEPARATOR . substr($class_path, 7);
+        }
+
+        $file_path = $path . DIRECTORY_SEPARATOR . $class_path . '.php';
        $fp = @fopen($file_path, 'r', true);
        if ($fp) {
            fclose($fp);
@@ -54,6 +60,7 @@ function CAS_autoload($class)
            return true;
        }
    }
+
    $e = new Exception(
        'Class ' . $class . ' could not be loaded from ' .
        $file_path . ', file does not exist (Path="'
@@ -61,22 +68,22 @@ function CAS_autoload($class)
    );
    $trace = $e->getTrace();
    if (isset($trace[2]) && isset($trace[2]['function'])
-        && in_array($trace[2]['function'], array('class_exists', 'interface_exists'))
+        && in_array($trace[2]['function'], array('class_exists', 'interface_exists', 'trait_exists'))
    ) {
        return false;
    }
    if (isset($trace[1]) && isset($trace[1]['function'])
-        && in_array($trace[1]['function'], array('class_exists', 'interface_exists'))
+        && in_array($trace[1]['function'], array('class_exists', 'interface_exists', 'trait_exists'))
    ) {
        return false;
    }
    die ((string) $e);
 }

-// set up __autoload
-if (!(spl_autoload_functions())
-    || !in_array('CAS_autoload', spl_autoload_functions())
-) {
+// Set up autoload if not already configured by composer.
+if (!class_exists('CAS_Client'))
+{
+    trigger_error('phpCAS autoloader is deprecated. Install phpCAS using composer instead.', E_USER_DEPRECATED);
    spl_autoload_register('CAS_autoload');
    if (function_exists('__autoload')
        && !in_array('__autoload', spl_autoload_functions())
@@ -86,5 +93,3 @@ if (!(spl_autoload_functions())
        spl_autoload_register('__autoload');
    }
 }
-
-?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Client.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Client.php
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/CookieJar.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/CookieJar.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/CookieJar.php
 * @category Authentication
@@ -231,6 +231,7 @@ class CAS_CookieJar
            case 'commenturl':
            case 'discard':
            case 'httponly':
+            case 'samesite':
                $cookie[$attributeNameLC] = $attributeValue;
                break;
            default:
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Exception.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Exception.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Exception.php
 * @category Authentication
@@ -56,4 +56,4 @@ interface CAS_Exception
 {

 }
-?>
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/GracefullTerminationException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/GracefullTerminationException.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/GracefullTerminationException.php
 * @category Authentication
@@ -83,4 +83,4 @@ implements CAS_Exception
    }

 }
-?>
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/InvalidArgumentException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/InvalidArgumentException.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/InvalidArgumentException.php
 * @category Authentication
@@ -43,4 +43,4 @@ implements CAS_Exception
 {

 }
-?>
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Catalan.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Catalan.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/Catalan.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/ChineseSimplified.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/ChineseSimplified.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/ChineseSimplified.php
 * @category Authentication
@@ -111,4 +111,4 @@ class CAS_Languages_ChineseSimplified implements CAS_Languages_LanguageInterface
    {
        return '服务器 <b>%s</b> 不可用（<b>%s</b>）。';
    }
-}
+}
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/English.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/English.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/English.php
 * @category Authentication
@@ -111,4 +111,4 @@ class CAS_Languages_English implements CAS_Languages_LanguageInterface
    {
        return 'The service `<b>%s</b>\' is not available (<b>%s</b>).';
    }
-}
+}
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/French.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/French.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/French.php
 * @category Authentication
@@ -113,4 +113,4 @@ class CAS_Languages_French implements CAS_Languages_LanguageInterface
    }
 }

-?>
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Galego.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Galego.php
@@ -0,0 +1,117 @@
+<?php
+
+/**
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * PHP Version 7
+ *
+ * @file     CAS/Language/Galego.php
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Enrique Huelva Rivero enrique.huelvarivero@plexus.es
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ */
+
+/**
+ * Galego language class
+ *
+ * @class    CAS_Languages_Galego
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Enrique Huelva Rivero enrique.huelvarivero@plexus.es
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://wiki.jasig.org/display/CASC/phpCAS
+ *
+
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+class CAS_Languages_Galego implements CAS_Languages_LanguageInterface
+{
+    /**
+     * Get the using server string
+     *
+     * @return string using server
+     */
+    public function getUsingServer()
+    {
+        return 'usando servidor';
+    }
+
+    /**
+     * Get authentication wanted string
+     *
+     * @return string authentication wanted
+     */
+    public function getAuthenticationWanted()
+    {
+        return 'Autenticación CAS necesaria!';
+    }
+
+    /**
+     * Get logout string
+     *
+     * @return string logout
+     */
+    public function getLogout()
+    {
+        return 'Saída CAS necesaria!';
+    }
+
+    /**
+     * Get the should have been redirected string
+     *
+     * @return string should habe been redirected
+     */
+    public function getShouldHaveBeenRedirected()
+    {
+        return 'Xa debería ser redireccionado ao servidor CAS. Faga click <a href="%s">aquí</a> para continuar';
+    }
+
+    /**
+     * Get authentication failed string
+     *
+     * @return string authentication failed
+     */
+    public function getAuthenticationFailed()
+    {
+        return 'Autenticación CAS errada!';
+    }
+
+    /**
+     * Get the your were not authenticated string
+     *
+     * @return string not authenticated
+     */
+    public function getYouWereNotAuthenticated()
+    {
+        return '
+        <p>Non estás autenticado</p><p>Podes volver tentalo facendo click <a href="%s">aquí</a>.</p><p>Se o problema persiste debería contactar con el <a href="mailto:%s">administrador deste sitio</a>.</p>';
+    }
+
+    /**
+     * Get the service unavailable string
+     *
+     * @return string service unavailable
+     */
+    public function getServiceUnavailable()
+    {
+        return 'O servizo `<b>%s</b>\' non está dispoñible (<b>%s</b>).';
+    }
+}
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/German.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/German.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/German.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Greek.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Greek.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/Greek.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Japanese.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Japanese.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/Japanese.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/LanguageInterface.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/LanguageInterface.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/LanguageInterface.php
 * @category Authentication
@@ -93,4 +93,4 @@ interface CAS_Languages_LanguageInterface
    public function getServiceUnavailable();

 }
-?>
+?>
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Portuguese.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Portuguese.php
@@ -0,0 +1,114 @@
+<?php
+
+/**
+ * Licensed to Jasig under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * Jasig licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * PHP Version 7
+ *
+ * @file     CAS/Language/Portuguese.php
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Sherwin Harris <sherwin.harris@gmail.com>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS
+ */
+
+/**
+ * Portuguese language class
+ *
+ * @class    CAS_Languages_Portuguese
+ * @category Authentication
+ * @package  PhpCAS
+ * @author   Sherwin Harris <sherwin.harris@gmail.com>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
+ * @link     https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252517/phpCAS
+ *
+ * @sa @link internalLang Internationalization @endlink
+ * @ingroup internalLang
+ */
+class CAS_Languages_Portuguese implements CAS_Languages_LanguageInterface
+{
+    /**
+     * Get the using server string
+     *
+     * @return string using server
+     */
+    public function getUsingServer()
+    {
+        return 'Usando o servidor';
+    }
+
+    /**
+     * Get authentication wanted string
+     *
+     * @return string authentication wanted
+     */
+    public function getAuthenticationWanted()
+    {
+        return 'A autenticação do servidor CAS desejado!';
+    }
+
+    /**
+     * Get logout string
+     *
+     * @return string logout
+     */
+    public function getLogout()
+    {
+        return 'Saida do servidor CAS desejado!';
+    }
+
+    /**
+     * Get the should have been redirected string
+     *
+     * @return string should have been redirected
+     */
+    public function getShouldHaveBeenRedirected()
+    {
+        return 'Você já deve ter sido redirecionado para o servidor CAS. Clique <a href="%s">aqui</a> para continuar';
+    }
+
+    /**
+    * Get authentication failed string
+    *
+    * @return string authentication failed
+    */
+    public function getAuthenticationFailed()
+    {
+        return 'A autenticação do servidor CAS falheu!';
+    }
+
+    /**
+    * Get the your were not authenticated string
+    *
+    * @return string not authenticated
+    */
+    public function getYouWereNotAuthenticated()
+    {
+        return '<p>Você não foi autenticado.</p><p>Você pode enviar sua solicitação novamente clicando <a href="%s">aqui</a>. </p><p>Se o problema persistir, você pode entrar em contato com <a href="mailto:%s">o administrador deste site</a>.</p>';
+    }
+
+    /**
+    * Get the service unavailable string
+    *
+    * @return string service unavailable
+    */
+    public function getServiceUnavailable()
+    {
+        return 'O serviço `<b>%s</b>\' não está disponível (<b>%s</b>).';
+    }
+}
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Spanish.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/Languages/Spanish.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/Language/Spanish.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeAuthenticationCallException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeAuthenticationCallException.php
@@ -18,7 +18,7 @@
 * limitations under the License.
 *
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/OutOfSequenceBeforeAuthenticationCallException.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeClientException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeClientException.php
@@ -18,7 +18,7 @@
 * limitations under the License.
 *
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/OutOfSequenceBeforeClientException.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeProxyException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceBeforeProxyException.php
@@ -18,7 +18,7 @@
 * limitations under the License.
 *
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/OutOfSequenceBeforeProxyException.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceException.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/OutOfSequenceException.php
@@ -18,7 +18,7 @@
 * limitations under the License.
 *
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/OutOfSequenceException.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/AbstractStorage.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/AbstractStorage.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/PGTStorage/AbstractStorage.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/Db.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/Db.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/PGTStorage/Db.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/File.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/PGTStorage/File.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/PGTStorage/AbstractStorage.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Abstract.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Abstract.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Abstract.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Exception.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Exception.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Exception.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Http.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Abstract.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Abstract.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Http/Abstract.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Get.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Get.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Http/Get.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Post.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Http/Post.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Http/Post.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Imap.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Imap.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Imap.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Testable.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxiedService/Testable.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxiedService/Testabel.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxyChain.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxyChain.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxyChain.php
 * @category Authentication
--- a/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxyChain/AllowedList.php
+++ b/datamodels/2.x/authent-cas/vendor/apereo/phpcas/source/CAS/ProxyChain/AllowedList.php
@@ -17,7 +17,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
- * PHP Version 5
+ * PHP Version 7
 *
 * @file     CAS/ProxyChain/AllowedList.php
 * @category Authentication
--- a/Show More
+++ b/Show More