N°9448 - Fix external auth variable value

Co-authored-by: Molkobain <lajarige.guillaume@free.fr>
Co-authored-by: Thomas Casteleyn <thomas.casteleyn@super-visions.com>

application/cmdbabstract.class.inc.php

@@ -810,6 +810,7 @@ HTML
 				foreach ($aNotificationClasses as $sNotifClass) {
 					$aNotifSearches[$sNotifClass] = DBObjectSearch::FromOQL("SELECT $sNotifClass AS Ev JOIN Trigger AS T ON Ev.trigger_id = T.id WHERE T.id IN (:triggers) AND Ev.object_id = :id");
 					$aNotifSearches[$sNotifClass]->SetInternalParams($aParams);
+					$aNotifSearches[$sNotifClass]->AllowAllData();
 					$oNotifSet = new DBObjectSet($aNotifSearches[$sNotifClass], []);
 					$iNotifsCount += $oNotifSet->Count();
 				}
@@ -823,6 +824,7 @@ HTML
 						'menu' => false,
 						'panel_title' => MetaModel::GetName($sNotifClass),
 						'panel_icon' => MetaModel::GetClassIcon($sNotifClass, false),
+						'display_unauthorized_objects' => true,
 					]);
 				}
 			}

application/displayblock.class.inc.php

@@ -724,6 +724,10 @@ class DisplayBlock
 				}
 			}
 
+			if (!$this->m_oFilter->IsAllDataAllowed() && ($aExtraParams['display_unauthorized_objects'] ?? false) === true) {
+				$this->m_oFilter->AllowAllData();
+			}
+
 			$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
 			$this->m_oSet = new CMDBObjectSet($this->m_oFilter, $aOrderBy, $aQueryParams);
 		}
@@ -1381,7 +1385,10 @@ JS
 
 		// Check the classes that can be read (i.e authorized) by this user...
 		foreach ($aClasses as $sAlias => $sClassName) {
-			if (UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) != UR_ALLOWED_NO) {
+			if (
+				(UserRights::IsActionAllowed($sClassName, UR_ACTION_READ, $this->m_oSet) !== UR_ALLOWED_NO)
+				|| ($aExtraParams['display_unauthorized_objects'] ?? false) === true
+			) {
 				$aAuthorizedClasses[$sAlias] = $sClassName;
 			}
 		}

application/loginexternal.class.inc.php

@@ -75,13 +75,10 @@ class LoginExternal extends AbstractLoginFSMExtension
 	}
 
 	/**
-	 * @return bool
+	 * @return bool|mixed
 	 */
 	private function GetAuthUser()
 	{
-		$sExtAuthVar = MetaModel::GetConfig()->GetExternalAuthenticationVariable(); // In which variable is the info passed ?
-		eval('$sAuthUser = isset('.$sExtAuthVar.') ? '.$sExtAuthVar.' : false;'); // Retrieve the value
-		/** @var string $sAuthUser */
-		return $sAuthUser; // Retrieve the value
+		return MetaModel::GetConfig()->GetExternalAuthenticationVariable();
 	}
 }

application/themehandler.class.inc.php

@@ -936,11 +936,6 @@ CSS;
 	public static function CloneThemeParameterAndIncludeVersion($aThemeParameters, $bSetupCompilationTimestamp, $aImportsPaths)
 	{
 		$aThemeParametersVariable = [];
-		if (array_key_exists('variables', $aThemeParameters)) {
-			if (is_array($aThemeParameters['variables'])) {
-				$aThemeParametersVariable = array_merge([], $aThemeParameters['variables']);
-			}
-		}
 
 		if (array_key_exists('variable_imports', $aThemeParameters)) {
 			if (is_array($aThemeParameters['variable_imports'])) {
@@ -948,6 +943,14 @@ CSS;
 			}
 		}
 
+		// Variables defined in theme XML have the priority over variables defined in XML imports files
+		// They're defined after so they overwrite previous parameters
+		if (array_key_exists('variables', $aThemeParameters)) {
+			if (is_array($aThemeParameters['variables'])) {
+				$aThemeParametersVariable = array_merge($aThemeParametersVariable, $aThemeParameters['variables']);
+			}
+		}
+
 		$aThemeParametersVariable['$version'] = $bSetupCompilationTimestamp;
 		return $aThemeParametersVariable;
 	}
@@ -979,7 +982,9 @@ CSS;
 				}
 			}
 		}
-		array_map(function ($sVariableValue) { return ltrim($sVariableValue); }, $aVariablesResults);
+		array_map(function ($sVariableValue) {
+			return ltrim($sVariableValue);
+		}, $aVariablesResults);
 		return $aVariablesResults;
 	}
 

application/ui.searchformforeignkeys.class.inc.php

@@ -27,6 +27,9 @@ require_once(APPROOT.'/application/displayblock.class.inc.php');
 
 class UISearchFormForeignKeys
 {
+	private $m_sRemoteClass;
+	private $m_iInputId;
+
 	public function __construct($sTargetClass, $iInputId = null)
 	{
 		$this->m_sRemoteClass = $sTargetClass;
@@ -40,7 +43,7 @@ class UISearchFormForeignKeys
 	 *
 	 * @throws \Exception
 	 */
-	public function ShowModalSearchForeignKeys($oPage, $sTitle)
+	public function ShowModalSearchForeignKeys($oPage)
 	{
 
 		$oFilter = new DBObjectSearch($this->m_sRemoteClass);
@@ -60,8 +63,6 @@ class UISearchFormForeignKeys
 			]
 		));
 		$sEmptyList = Dict::S('UI:Message:EmptyList:UseSearchForm');
-		$sCancel = Dict::S('UI:Button:Cancel');
-		$sAdd = Dict::S('UI:Button:Add');
 
 		$oPage->add(
 			<<<HTML
@@ -73,39 +74,6 @@ class UISearchFormForeignKeys
 </form>
 HTML
 		);
-
-		$oPage->add_ready_script(
-			<<<JS
- $('#dlg_{$this->m_iInputId}').dialog({ 
- 			width: $(window).width()*0.8, 
- 			height: $(window).height()*0.8, 
- 			autoOpen: false, 
- 			modal: true, 
- 			resizeStop: oForeignKeysWidget{$this->m_iInputId}.UpdateSizes,
-            buttons: [
-				{
-					text: Dict.S('UI:Button:Cancel'),
-					class: "cancel ibo-is-alternative ibo-is-neutral",
-					click: function() {
-						$('#dlg_{$this->m_iInputId}').dialog('close');
-					}
-				},
-				{
-					text:  Dict.S('UI:Button:Add'),
-					id: 'btn_ok_{$this->m_iInputId}',
-					class: "ok ibo-is-regular ibo-is-primary",
-					click: function() {
-						oForeignKeysWidget{$this->m_iInputId}.DoAddObjects(this.id);							
-					}
-				},
-			],
-
- });
-$('#dlg_{$this->m_iInputId}').dialog('option', {title:'$sTitle'});
-$('#SearchFormToAdd_{$this->m_iInputId} form').on('submit.uilinksWizard', oForeignKeysWidget{$this->m_iInputId}.SearchObjectsToAdd);
-$('#SearchFormToAdd_{$this->m_iInputId}').on('resize', oForeignKeysWidget{$this->m_iInputId}.UpdateSizes);
-JS
-		);
 	}
 
 	public function GetFullListForeignKeysFromSelection($oPage, $oFullSetFilter)
@@ -119,31 +87,4 @@ JS
 			IssueLog::Error($e->getMessage()."\nDebug trace:\n".$e->getTraceAsString());
 		}
 	}
-
-	/**
-	 * Search for objects to be linked to the current object (i.e "remote" objects)
-	 *
-	 * @param WebPage $oP The page used for the output (usually an AjaxWebPage)
-	 * @param string $sRemoteClass Name of the "remote" class to perform the search on, must be a derived class of m_sRemoteClass
-	 *
-	 * @throws \Exception
-	 */
-	public function ListResultsSearchForeignKeys(WebPage $oP, $sRemoteClass = '')
-	{
-		if ($sRemoteClass != '') {
-			// assert(MetaModel::IsParentClass($this->m_sRemoteClass, $sRemoteClass));
-			$oFilter = new DBObjectSearch($sRemoteClass);
-		} else {
-			// No remote class specified use the one defined in the linkedset
-			$oFilter = new DBObjectSearch($this->m_sRemoteClass);
-		}
-
-		$oBlock = new DisplayBlock($oFilter, 'list', false);
-		$oBlock->Display(
-			$oP,
-			"ResultsToAdd_{$this->m_iInputId}",
-			['menu' => false, 'cssCount' => "#count_{$this->m_iInputId}", 'selection_mode' => true, 'table_id' => "add_{$this->m_iInputId}"]
-		);
-	}
-
 }

application/utils.inc.php

@@ -122,6 +122,11 @@ class utils
 	 * @since 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_VARIABLE_NAME = 'variable_name';
+	/**
+	 * @var string For module codes (e.g. `itop-portal-base`, `combodo-webhook-integration`, `some-module-code-x.y`, ...)
+	 * @since 3.2.3 3.3.0 N°8554
+	 */
+	public const ENUM_SANITIZATION_FILTER_MODULE_CODE = 'module_code';
 	/**
 	 * @var string
 	 * @since 2.7.10 3.0.0
@@ -393,6 +398,7 @@ class utils
 	 * @since 2.7.10 N°6606 use the utils::ENUM_SANITIZATION_* const
 	 * @since 2.7.10 N°6606 new case for ENUM_SANITIZATION_FILTER_PHP_CLASS
 	 * @since 3.2.1-1 N°8242 Allow value to be an array for every filter
+	 * @since 3.2.3 3.3.0 N°8554 new case for ENUM_SANITIZATION_FILTER_MODULE_CODE
 	 *
 	 * @link https://www.php.net/manual/en/filter.filters.sanitize.php PHP sanitization filters
 	 */
@@ -480,7 +486,7 @@ class utils
 				);
 				break;
 
-				// For XML / HTML node id selector
+				// For XML / HTML node selector
 			case static::ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR:
 				$retValue = filter_var(
 					$value,
@@ -493,6 +499,15 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;
 
+			case static::ENUM_SANITIZATION_FILTER_MODULE_CODE:
+				// Module codes allow all alphabets letters, numbers, dash and dot characters
+				$retValue = filter_var(
+					$value,
+					FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[\p{L}\d.-]+$/u']]
+				);
+				break;
+
 				// For URL
 			case static::ENUM_SANITIZATION_FILTER_URL:
 				$retValue = filter_var($value, FILTER_SANITIZE_URL);
@@ -1440,6 +1455,12 @@ class utils
 
 			case iPopupMenuExtension::MENU_OBJLIST_TOOLKIT:
 				/** @var \DBObjectSet $param */
+
+				// Check if the user has the right to read the objects of this list, otherwise do not propose any action (eg. configure this list, export, etc.)
+				if (UserRights::IsActionAllowed($param->GetFilter()->GetClass(), UR_ACTION_READ, $param) !== UR_ALLOWED_YES) {
+					break;
+				}
+
 				$oAppContext = new ApplicationContext();
 				$sContext = $oAppContext->GetForLink(true);
 				$sDataTableId = is_null($sDataTableId) ? '' : $sDataTableId;
@@ -2081,7 +2102,9 @@ SQL;
 			}
 
 			// Remove any remaining nulls (for positions that weren't referenced)
-			$aReplacements = array_filter($aReplacements, static function ($val) { return $val !== null; });
+			$aReplacements = array_filter($aReplacements, static function ($val) {
+				return $val !== null;
+			});
 		} else {
 			// For non-positional, we need to map each position
 			$aReplacements = [];

composer.json

@@ -4,7 +4,7 @@
   "type": "project",
   "license": "AGPL-3.0-only",
   "require": {
-    "php": ">=8.1.0 <8.4.0",
+    "php": ">=8.1.0 <8.5.0",
     "ext-ctype": "*",
     "ext-dom": "*",
     "ext-gd": "*",
@@ -12,15 +12,14 @@
     "ext-json": "*",
     "ext-mysqli": "*",
     "ext-soap": "*",
-    "apereo/phpcas": "~1.6.0",
-    "firebase/php-jwt": "^6.4.0",
+    "apereo/phpcas": "dev-master",
     "guzzlehttp/guzzle": "^7.5.1",
     "league/oauth2-google": "^4.0.1",
     "nikic/php-parser": "^4.14.0",
     "pear/archive_tar": "~1.4.14",
     "pelago/emogrifier": "^7.2.0",
     "psr/log": "^3.0.0",
-    "scssphp/scssphp": "^1.12.1",
+    "scssphp/scssphp": "dev-combodo/1.x",
     "symfony/console": "~6.4.0",
     "symfony/dotenv": "~6.4.0",
     "symfony/framework-bundle": "~6.4.0",
@@ -40,6 +39,16 @@
     "symfony/stopwatch": "~6.4.0",
     "symfony/web-profiler-bundle": "~6.4.0"
   },
+  "repositories": [
+    {
+      "type": "vcs",
+      "url": "https://github.com/EsupPortail/phpCAS"
+    },
+    {
+      "type": "vcs",
+      "url": "https://github.com/combodo-itop-libs/scssphp"
+    }
+  ],
   "suggest": {
     "ext-libsodium": "Required to use the AttributeEncryptedString.",
     "ext-openssl": "Can be used as a polyfill if libsodium is not installed",

core/action.class.inc.php

@@ -234,10 +234,11 @@ abstract class Action extends cmdbAbstractObject
 		}
 
 		$oActionFilter = DBObjectSearch::FromOQL($sActionQueryOql, $aActionQueryParams);
+		$oActionFilter->AllowAllData();
 		$oSet = new DBObjectSet($oActionFilter, ['date' => false]);
 
 		$sPanelTitle = Dict::Format('Action:last_executions_tab_panel_title', $sActionQueryLimit);
-		$oExecutionsListBlock = DataTableUIBlockFactory::MakeForResult($oPage, 'action_executions_list', $oSet, ['panel_title' => $sPanelTitle]);
+		$oExecutionsListBlock = DataTableUIBlockFactory::MakeForResult($oPage, 'action_executions_list', $oSet, ['panel_title' => $sPanelTitle, 'display_unauthorized_objects' => true]);
 
 		$oPage->AddUiBlock($oExecutionsListBlock);
 	}

core/attributedef.class.inc.php

@@ -4344,7 +4344,9 @@ class AttributeText extends AttributeString
 		} else {
 			$sValue = self::RenderWikiHtml($sValue, true /* wiki only */);
 
-			return "<div class=\"HTML ibo-is-html-content\" $sStyle>".InlineImage::FixUrls($sValue).'</div>';
+			$sImageHtml = UserRights::IsLoggedIn() ? InlineImage::FixUrls($sValue) : InlineImage::ReplaceInlineImagesWithBase64Representation($sValue);
+
+			return "<div class=\"HTML ibo-is-html-content\" $sStyle>".$sImageHtml.'</div>';
 		}
 
 	}
@@ -8988,7 +8990,10 @@ class AttributeStopWatch extends AttributeDefinition
 						switch ($sThresholdCode) {
 							case 'deadline':
 								if ($value) {
-									if (is_int($value)) {
+									if (is_numeric($value)) {
+										if (!is_int($value)) {
+											$value = intval($value);
+										}
 										$sDate = date(AttributeDateTime::GetInternalFormat(), $value);
 										$sRet = AttributeDeadline::FormatDeadline($sDate);
 									} else {

core/config.class.inc.php

@@ -75,6 +75,7 @@ define('DEFAULT_EXT_AUTH_VARIABLE', '$_SERVER[\'REMOTE_USER\']');
 define('DEFAULT_ENCRYPTION_KEY', '@iT0pEncr1pti0n!'); // We'll use a random generated key later (if possible)
 define('DEFAULT_ENCRYPTION_LIB', 'Mcrypt'); // We'll define the best encryption available later
 define('DEFAULT_HASH_ALGO', PASSWORD_DEFAULT);
+
 /**
  * Config
  * configuration data (this class cannot not be localized, because it is responsible for loading the dictionaries)
@@ -869,6 +870,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'ext_auth_variable' => [
+			'type' => 'string',
+			'description' => 'External authentication expression (allowed: $_SERVER[\'key\'], $_COOKIE[\'key\'], $_REQUEST[\'key\'], getallheaders()[\'Header-Name\'])',
+			'default' => '',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'login_debug' => [
 			'type' => 'bool',
 			'description' => 'Activate the login FSM debug',
@@ -1730,6 +1739,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'security.disable_joined_classes_filter' => [
+			'type'                => 'bool',
+			'description'         => 'If true, scope filters aren\'t applied to joined classes or union classes not directly listed in the SELECT clause.',
+			'default'             => true,
+			'value'               => true,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
 		'security.hide_administrators' => [
 			'type'                => 'bool',
 			'description'         => 'If true, non-administrator users will not be able to see the administrator accounts, the Administrator profile and the links between the administrator accounts and their profiles.',
@@ -1738,6 +1755,14 @@ class Config
 			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
+		'security.force_login_when_no_delegated_authentication_endpoints_list' => [
+			'type'                => 'bool',
+			'description'         => 'If true, when no execution policy is defined, the user will be forced to log in (instead of being automatically logged in with the default profile)',
+			'default'             => false,
+			'value'               => false,
+			'source_of_value'     => '',
+			'show_in_conf_sample' => false,
+		],
 		'behind_reverse_proxy' => [
 			'type' => 'bool',
 			'description' => 'If true, then proxies custom header (X-Forwarded-*) are taken into account. Use only if the webserver is not publicly accessible (reachable only by the reverse proxy)',
@@ -2334,9 +2359,73 @@ class Config
 		return explode('|', $this->m_sAllowedLoginTypes);
 	}
 
+	/**
+	 * @return bool|mixed
+	 * @since 3.2.3 return the parsed value instead of an unsecured variable name
+	 */
 	public function GetExternalAuthenticationVariable()
 	{
-		return $this->m_sExtAuthVariable;
+		$sExpression = $this->Get('ext_auth_variable');
+		$aParsed = $this->ParseExternalAuthVariableExpression($sExpression);
+		if ($aParsed === null) {
+			return false;
+		}
+
+		$sKey = $aParsed['key'];
+		switch ($aParsed['type']) {
+			case 'server':
+				return $_SERVER[$sKey] ?? false;
+			case 'cookie':
+				return $_COOKIE[$sKey] ?? false;
+			case 'request':
+				return $_REQUEST[$sKey] ?? false;
+			case 'header':
+				if (!function_exists('getallheaders')) {
+					return false;
+				}
+				$aHeaders = getallheaders();
+				if (!is_array($aHeaders)) {
+					return false;
+				}
+				return $aHeaders[$sKey] ?? false;
+		}
+		return false;
+	}
+
+	/**
+	 * @param $sExpression
+	 * @return array|null
+	 */
+	private function ParseExternalAuthVariableExpression($sExpression)
+	{
+		// If it's a configuration parameter it's probably already trimmed, but just in case
+		$sExpression = trim((string) $sExpression);
+		if ($sExpression === '') {
+			return null;
+		}
+
+		// Match $_SERVER/$_COOKIE/$_REQUEST['key'] with optional whitespace and single/double quotes.
+		if (preg_match('/^\$_(SERVER|COOKIE|REQUEST)\s*\[\s*(["\'])\s*([^"\']+)\2\s*\]\s*$/', $sExpression, $aMatches) === 1) {
+			$sContext = strtoupper($aMatches[1]);
+			$sKey = $aMatches[3];
+			return [
+				'type' => strtolower($sContext),
+				'key' => $sKey,
+				'normalized' => '$_'.$sContext.'[\''.$sKey.'\']',
+			];
+		}
+
+		// Match getallheaders()['Header-Name'] in a case-insensitive way.
+		if (preg_match('/^getallheaders\(\)\s*\[\s*(["\'])\s*([^"\']+)\1\s*\]\s*$/i', $sExpression, $aMatches) === 1) {
+			$sKey = $aMatches[2];
+			return [
+				'type' => 'header',
+				'key' => $sKey,
+				'normalized' => 'getallheaders()[\''.$sKey.'\']',
+			];
+		}
+
+		return null;
 	}
 
 	public function GetCSVImportCharsets()

core/csvbulkexport.class.inc.php

@@ -5,6 +5,7 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\UI\Base\Component\FieldSet\FieldSetUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
 use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
@@ -13,7 +14,6 @@ use Combodo\iTop\Application\UI\Base\Component\Input\Select\SelectUIBlockFactory
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
-use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\WebPage\Page;
 use Combodo\iTop\Application\WebPage\WebPage;
 
@@ -55,6 +55,8 @@ class CSVBulkExport extends TabularBulkExport
 		$this->aStatusInfo['charset'] = strtoupper(utils::ReadParam('charset', 'UTF-8', true, 'raw_data'));
 		$this->aStatusInfo['formatted_text'] = (bool)utils::ReadParam('formatted_text', 0, true);
 
+		$this->aStatusInfo['ignore_excel_sanitization'] = (bool)utils::ReadParam('ignore_excel_sanitization', 0, true, utils::ENUM_SANITIZATION_FILTER_INTEGER);
+
 		$sDateFormatRadio = utils::ReadParam('csv_date_format_radio', '');
 		switch ($sDateFormatRadio) {
 			case 'default':
@@ -223,6 +225,10 @@ class CSVBulkExport extends TabularBulkExport
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 
+				$oFieldSetSecurity = FieldSetUIBlockFactory::MakeStandard(Dict::S('Core:BulkExport:Security'));
+				$oMulticolumn->AddColumn(ColumnUIBlockFactory::MakeForBlock($oFieldSetSecurity));
+				$oFieldSetSecurity->AddSubBlock(ExportHelper::GetInputForSanitizeExcelExport());
+
 				$oP->add_ready_script(
 					<<<EOF
 $('#form_part_csv_options').on('preview_updated', function() { FormatDatesInPreview('csv', 'csv'); });
@@ -264,6 +270,13 @@ EOF
 			default:
 				$sRet = trim($oObj->GetAsCSV($sAttCode), '"');
 		}
+
+		// If the option to ignore Excel sanitization is not set or explicitly set to false, apply sanitization
+		if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
+			return ExportHelper::SanitizeField($sRet, $this->aStatusInfo['text_qualifier'] ?? '');
+		}
+
+		// The option to ignore Excel sanitization is explicitly set to true: return the raw value without sanitization
 		return $sRet;
 	}
 
@@ -337,6 +350,12 @@ EOF
 							$sField = $oObj->GetAsCSV($sAttCode, $this->aStatusInfo['separator'], $this->aStatusInfo['text_qualifier'], $this->bLocalizeOutput, !$this->aStatusInfo['formatted_text']);
 					}
 				}
+
+				// If the option to ignore Excel sanitization is not set or absent, sanitize the field
+				if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
+					$sField = ExportHelper::SanitizeField($sField, $this->aStatusInfo['text_qualifier']);
+				}
+
 				if ($this->aStatusInfo['charset'] != 'UTF-8') {
 					// Note: due to bugs in the glibc library it's safer to call iconv on the smallest possible string
 					// and thus to convert field by field and not the whole row or file at once (see ticket N°991)

core/datamodel.core.xml

@@ -409,7 +409,7 @@
       </php_parent>
       <parent>cmdbAbstractObject</parent>
       <properties>
-        <category>core/cmdb,view_in_gui</category>
+        <category>core/cmdb,grant_by_profile,silo</category>
         <abstract>false</abstract>
         <key_type>autoincrement</key_type>
         <db_table>priv_event_newsroom</db_table>
@@ -888,7 +888,7 @@
         <!-- Generated by toolkit/export-class-to-meta.php -->
         <parent>Event</parent>
         <properties>
-          <category>core/cmdb,view_in_gui</category>
+          <category>core/cmdb,grant_by_profile,silo</category>
         </properties>
         <fields>
           <field id="message" xsi:type="AttributeText"/>

core/dbobjectsearch.class.php

@@ -1925,4 +1925,37 @@ class DBObjectSearch extends DBSearch
 	{
 		return $this->GetCriteria()->ListParameters();
 	}
+
+	/**
+	 * @inheritDoc
+	 * @return DBObjectSearch
+	 */
+	protected function ApplyDataFilters(): DBObjectSearch
+	{
+		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
+			return $this;
+		}
+
+		$oSearch = $this;
+		$aClassesToFilter = $this->GetSelectedClasses();
+
+		// Opt-in for joined classes filtering, otherwise only filter the selected class(es)
+		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === false) {
+			$aClassesToFilter = $this->GetJoinedClasses();
+		}
+
+		// Apply filter (this is similar to the one in DBSearch but the factorization could make it less readable)
+		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
+			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
+			if ($oVisibleObjects === false) {
+				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
+			}
+			if (is_object($oVisibleObjects)) {
+				$oVisibleObjects->AllowAllData();
+				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
+				$oSearch->SetDataFiltered();
+			}
+		}
+		return $oSearch;
+	}
 }

core/dbsearch.class.php

@@ -1122,21 +1122,7 @@ abstract class DBSearch
 	 */
 	protected function GetSQLQuery($aOrderBy, $aArgs, $aAttToLoad, $aExtendedDataSpec, $iLimitCount, $iLimitStart, $bGetCount, $aGroupByExpr = null, $aSelectExpr = null)
 	{
-		$oSearch = $this;
-		if (!$this->IsAllDataAllowed() && !$this->IsDataFiltered()) {
-			foreach ($this->GetSelectedClasses() as $sClassAlias => $sClass) {
-				$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
-				if ($oVisibleObjects === false) {
-					// Make sure this is a valid search object, saying NO for all
-					$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
-				}
-				if (is_object($oVisibleObjects)) {
-					$oVisibleObjects->AllowAllData();
-					$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
-					$oSearch->SetDataFiltered();
-				}
-			}
-		}
+		$oSearch = $this->ApplyDataFilters();
 
 		if (is_array($aGroupByExpr)) {
 			foreach ($aGroupByExpr as $sAlias => $oGroupByExp) {
@@ -1608,4 +1594,33 @@ abstract class DBSearch
 	 * @return array{\VariableExpression}
 	 */
 	abstract public function GetExpectedArguments(): array;
+
+	/**
+	 * Apply data filters to the search, if needed
+	 *
+	 * @return DBSearch
+	 * @throws CoreException
+	 */
+	protected function ApplyDataFilters(): DBSearch
+	{
+		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
+			return $this;
+		}
+
+		$oSearch = $this;
+		$aClassesToFilter = $this->GetSelectedClasses();
+
+		foreach ($aClassesToFilter as $sClassAlias => $sClass) {
+			$oVisibleObjects = UserRights::GetSelectFilter($sClass, $this->GetModifierProperties('UserRightsGetSelectFilter'));
+			if ($oVisibleObjects === false) {
+				$oVisibleObjects = DBObjectSearch::FromEmptySet($sClass);
+			}
+			if (is_object($oVisibleObjects)) {
+				$oVisibleObjects->AllowAllData();
+				$oSearch = $oSearch->Filter($sClassAlias, $oVisibleObjects);
+				$oSearch->SetDataFiltered();
+			}
+		}
+		return $oSearch;
+	}
 }

core/dbunionsearch.class.php

@@ -673,4 +673,30 @@ class DBUnionSearch extends DBSearch
 
 		return $aVariableCriteria;
 	}
+
+	/**
+	 * @inheritDoc
+	 * @return DBUnionSearch
+	 */
+	protected function ApplyDataFilters(): DBUnionSearch
+	{
+		if ($this->IsAllDataAllowed() || $this->IsDataFiltered()) {
+			return $this;
+		}
+
+		// Opt-in for joined classes filtering, otherwise fallback on DBSearch filtering
+		if (MetaModel::GetConfig()->Get('security.disable_joined_classes_filter') === true) {
+			return parent::ApplyDataFilters();
+		}
+
+		// Apply filters per sub-search
+		$aFilteredSearches = [];
+		foreach ($this->GetSearches() as $oSubSearch) {
+			// Recursively call ApplyDataFilters on sub-searches
+			$aFilteredSearches[] = $oSubSearch->ApplyDataFilters();
+		}
+
+		$oSearch = new DBUnionSearch($aFilteredSearches);
+		return $oSearch;
+	}
 }

core/event.class.inc.php

@@ -26,7 +26,7 @@ class Event extends DBObject implements iDisplay
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -120,7 +120,7 @@ class EventNotification extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -154,7 +154,7 @@ class EventNotificationEmail extends EventNotification
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -190,7 +190,7 @@ class EventIssue extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -284,7 +284,7 @@ class EventWebService extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -319,7 +319,7 @@ class EventRestService extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -354,7 +354,7 @@ class EventLoginUsage extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",
@@ -392,7 +392,7 @@ class EventOnObject extends Event
 	{
 		$aParams =
 		[
-			"category" => "core/cmdb,view_in_gui",
+			"category" => "core/cmdb,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "",
 			"state_attcode" => "",

core/excelbulkexport.class.inc.php

@@ -5,13 +5,13 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\UI\Base\Component\FieldSet\FieldSetUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Html\Html;
 use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Component\Panel\PanelUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\Column\ColumnUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\MultiColumn\MultiColumnUIBlockFactory;
-use Combodo\iTop\Application\Helper\ExportHelper;
 use Combodo\iTop\Application\WebPage\Page;
 use Combodo\iTop\Application\WebPage\WebPage;
 
@@ -63,6 +63,8 @@ class ExcelBulkExport extends TabularBulkExport
 				// Export from the command line (or scripted) => default format is SQL, as in previous versions of iTop, unless specified otherwise
 				$this->aStatusInfo['date_format'] = utils::ReadParam('date_format', (string)AttributeDateTime::GetSQLFormat(), true, 'raw_data');
 		}
+
+		$this->aStatusInfo['ignore_excel_sanitization'] = (bool)utils::ReadParam('ignore_excel_sanitization', 0, true, utils::ENUM_SANITIZATION_FILTER_INTEGER);
 	}
 
 	public function EnumFormParts()
@@ -121,6 +123,10 @@ class ExcelBulkExport extends TabularBulkExport
 				$oRadioCustom->GetInput()->AddCSSClass('ibo-input-checkbox');
 				$oFieldSetDate->AddSubBlock($oRadioCustom);
 
+				$oFieldSetSecurity = FieldSetUIBlockFactory::MakeStandard(Dict::S('Core:BulkExport:Security'));
+				$oMulticolumn->AddColumn(ColumnUIBlockFactory::MakeForBlock($oFieldSetSecurity));
+				$oFieldSetSecurity->AddSubBlock(ExportHelper::GetInputForSanitizeExcelExport());
+
 				$oP->add_ready_script(
 					<<<EOF
 $('#form_part_xlsx_options').on('preview_updated', function() { FormatDatesInPreview('excel', 'xlsx'); });
@@ -216,6 +222,12 @@ EOF
 					}
 				}
 		}
+
+		// If the option to ignore Excel sanitization is not set or absent, sanitize the field
+		if (!(array_key_exists('ignore_excel_sanitization', $this->aStatusInfo)) || $this->aStatusInfo['ignore_excel_sanitization'] === false) {
+			return ExportHelper::SanitizeField($sRet, '');
+		}
+
 		return $sRet;
 	}
 

core/inlineimage.class.inc.php

@@ -296,6 +296,46 @@ class InlineImage extends DBObject
 		return $sHtml;
 	}
 
+	/**
+	 * Replace <img> tags with a data-img-id attribute by the actual image in base64 representation
+	 * so that the image can be displayed even if the download URL is not accessible (e.g. in unauthenticated approval templates)
+	 *
+	 * @param string $sHtml The HTML fragment to process
+	 *
+	 * @return String The modified HTML
+	 * @since 3.2.3
+	 */
+	public static function ReplaceInlineImagesWithBase64Representation(string $sHtml): String
+	{
+		return preg_replace_callback(
+			'/<img\s+[^>]*'.static::DOM_ATTR_ID.'="(\d+)"[^>]*>/i',
+			function ($matches) {
+
+				// Extract inline image ID from the tag
+				$id = $matches[1];
+
+				try {
+					// Retrieve inline image
+					$oInline = MetaModel::GetObject(InlineImage::class, $id, true, true);
+					$oOrmDocument = $oInline->Get('contents');
+
+					// Replace src image by the base64 representation
+					$sInlineImageAsBase64 = base64_encode($oOrmDocument->GetData());
+					$sDataUri = 'data:'.$oOrmDocument->GetMimeType().';base64,'.$sInlineImageAsBase64;
+					$sImage = preg_replace('/src=["\'][^"\']+["\']/', 'src="'.$sDataUri.'"', $matches[0]);
+
+					// Remove sensitive information (the image ID and secret) from the tag
+					$sImage = preg_replace('/'.static::DOM_ATTR_ID.'="\d+"\s+'.static::DOM_ATTR_SECRET.'="\w+"/', '', $sImage);
+				} catch (Exception $e) {
+					$sImage = '<img src="" alt="'.Dict::S('UI:MissingInlineImage').'">';
+				}
+
+				return $sImage;
+			},
+			$sHtml
+		);
+	}
+
 	/**
 	 * Add an extra attribute data-img-id for images which are based on an actual InlineImage
 	 * so that we can later reconstruct the full "src" URL when needed

core/ormdocument.class.inc.php

@@ -350,15 +350,18 @@ class ormDocument
 			if (!is_object($oObj)) {
 				// If access to the document is not granted, check if the access to the host object is allowed
 				$oObj = MetaModel::GetObject($sClass, $id, false, true);
+				$bHasHostRights = false;
 				if ($oObj instanceof Attachment) {
 					$sItemClass = $oObj->Get('item_class');
 					$sItemId = $oObj->Get('item_id');
 					$oHost = MetaModel::GetObject($sItemClass, $sItemId, false, false);
-					if (!is_object($oHost)) {
-						$oObj = null;
+					if (is_object($oHost)) {
+						$bHasHostRights = true;
 					}
 				}
-				if (!is_object($oObj)) {
+
+				// We could neither read the object nor get a host object matching our rights
+				if ($bHasHostRights !== true) {
 					throw new Exception("Invalid id ($id) for class '$sClass' - the object does not exist or you are not allowed to view it");
 				}
 			}

css/backoffice/application/bulk/_all.scss

@@ -4,3 +4,4 @@
  */
 
 @import "bulk-modify";
+@import "bulk-export";

css/backoffice/application/bulk/_bulk-export.scss

@@ -0,0 +1,10 @@
+/*
+ * @copyright   Copyright (C) 2010-2026 Combodo SAS
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+#form_part_csv_options:has(#ibo-sanitize-excel-export--input:checked), #form_part_xlsx_options:has(#ibo-sanitize-excel-export--input:checked){
+  #ibo-sanitize-excel-export--alert {
+    display: none;
+  }
+}

datamodels/2.x/combodo-backoffice-fullmoon-protanopia-deuteranopia-theme/scss/scss-variables.scss

@@ -68,47 +68,47 @@ $ibo-color-information-900: #0f172a !default;
 $ibo-color-information-950: #020617 !default;
 
 
-$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-waiting-state-primary-color: $ibo-color-yellow-700;
-$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-failure-state-primary-color: $ibo-color-orange-800;
-$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200;
-$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700;
+$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-waiting-state-primary-color: $ibo-color-yellow-700 !default;
+$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-failure-state-primary-color: $ibo-color-orange-800 !default;
+$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200 !default;
+$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700 !default;
 
-$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-inactive-state-primary-color: $ibo-color-yellow-700;
-$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100;
+$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-inactive-state-primary-color: $ibo-color-yellow-700 !default;
+$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100 !default;
 
-$ibo-caselog-highlight-color-1: $ibo-color-blue-700;
-$ibo-caselog-highlight-color-2: $ibo-color-yellow-700;
-$ibo-caselog-highlight-color-3: $ibo-color-information-600;
-$ibo-caselog-highlight-color-4: $ibo-color-yellow-500;
-$ibo-caselog-highlight-color-5: $ibo-color-blue-500;
-$ibo-caselog-highlight-color-6: $ibo-color-yellow-300;
-$ibo-caselog-highlight-color-7: $ibo-color-blue-300;
+$ibo-caselog-highlight-color-1: $ibo-color-blue-700 !default;
+$ibo-caselog-highlight-color-2: $ibo-color-yellow-700 !default;
+$ibo-caselog-highlight-color-3: $ibo-color-information-600 !default;
+$ibo-caselog-highlight-color-4: $ibo-color-yellow-500 !default;
+$ibo-caselog-highlight-color-5: $ibo-color-blue-500 !default;
+$ibo-caselog-highlight-color-6: $ibo-color-yellow-300 !default;
+$ibo-caselog-highlight-color-7: $ibo-color-blue-300 !default;
 
-$ibo-input-wrapper--is-error--border-color: $ibo-color-warning-700;
-$ibo-field-validation: $ibo-color-warning-800;
+$ibo-input-wrapper--is-error--border-color: $ibo-color-warning-700 !default;
+$ibo-field-validation: $ibo-color-warning-800 !default;
 
-$ibo-navigation-menu--visual-hint--background-color: $ibo-color-blue-400;
+$ibo-navigation-menu--visual-hint--background-color: $ibo-color-blue-400 !default;
 
-$ibo-wizard-container--background-color: $ibo-color-information-200;
-$ibo-wizard-container--border-color: $ibo-color-information-600;
+$ibo-wizard-container--background-color: $ibo-color-information-200 !default;
+$ibo-wizard-container--border-color: $ibo-color-information-600 !default;
 
-$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-danger-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-danger-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500;
+$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-danger-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-danger-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500 !default;
 
-$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-blue-600;
+$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-blue-600 !default;

datamodels/2.x/combodo-backoffice-fullmoon-tritanopia-theme/scss/scss-variables.scss

@@ -32,47 +32,47 @@ $ibo-color-information-900: #0f172a !default;
 $ibo-color-information-950: #020617 !default;
 
 
-$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600;
-$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-waiting-state-primary-color: $ibo-color-red-200;
-$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-red-800;
-$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-failure-state-primary-color: $ibo-color-red-800;
-$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200;
-$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700;
+$ibo-lifecycle-new-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-new-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-neutral-state-primary-color: $ibo-color-information-600 !default;
+$ibo-lifecycle-neutral-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-waiting-state-primary-color: $ibo-color-red-200 !default;
+$ibo-lifecycle-waiting-state-secondary-color: $ibo-color-red-800 !default;
+$ibo-lifecycle-success-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-success-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-failure-state-primary-color: $ibo-color-red-800 !default;
+$ibo-lifecycle-failure-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-frozen-state-primary-color: $ibo-color-information-200 !default;
+$ibo-lifecycle-frozen-state-secondary-color: $ibo-color-information-700 !default;
 
-$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700;
-$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100;
-$ibo-lifecycle-inactive-state-primary-color: $ibo-color-red-700;
-$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100;
+$ibo-lifecycle-active-state-primary-color: $ibo-color-blue-700 !default;
+$ibo-lifecycle-active-state-secondary-color: $ibo-color-white-100 !default;
+$ibo-lifecycle-inactive-state-primary-color: $ibo-color-red-700 !default;
+$ibo-lifecycle-inactive-state-secondary-color: $ibo-color-white-100 !default;
 
-$ibo-caselog-highlight-color-1: $ibo-color-blue-700;
-$ibo-caselog-highlight-color-2: $ibo-color-red-700;
-$ibo-caselog-highlight-color-3: $ibo-color-information-600;
-$ibo-caselog-highlight-color-4: $ibo-color-red-500;
-$ibo-caselog-highlight-color-5: $ibo-color-blue-500;
-$ibo-caselog-highlight-color-6: $ibo-color-red-300;
-$ibo-caselog-highlight-color-7: $ibo-color-blue-300;
+$ibo-caselog-highlight-color-1: $ibo-color-blue-700 !default;
+$ibo-caselog-highlight-color-2: $ibo-color-red-700 !default;
+$ibo-caselog-highlight-color-3: $ibo-color-information-600 !default;
+$ibo-caselog-highlight-color-4: $ibo-color-red-500 !default;
+$ibo-caselog-highlight-color-5: $ibo-color-blue-500 !default;
+$ibo-caselog-highlight-color-6: $ibo-color-red-300 !default;
+$ibo-caselog-highlight-color-7: $ibo-color-blue-300 !default;
 
-$ibo-input-wrapper--is-error--border-color: $ibo-color-pink-700;
-$ibo-field-validation: $ibo-color-pink-800;
+$ibo-input-wrapper--is-error--border-color: $ibo-color-pink-700 !default;
+$ibo-field-validation: $ibo-color-pink-800 !default;
 
-$ibo-navigation-menu--visual-hint--background-color: $ibo-color-pink-600;
+$ibo-navigation-menu--visual-hint--background-color: $ibo-color-pink-600 !default;
 
-$ibo-wizard-container--background-color: $ibo-color-information-200;
-$ibo-wizard-container--border-color: $ibo-color-information-600;
+$ibo-wizard-container--background-color: $ibo-color-information-200 !default;
+$ibo-wizard-container--border-color: $ibo-color-information-600 !default;
 
-$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-pink-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-pink-600;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-400;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100;
-$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500;
+$ibo-navigation-menu--notifications--item--new-message-indicator--background-color: $ibo-color-white-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--border: solid 2px $ibo-color-grey-500 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--background-color: $ibo-color-pink-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-1--border: solid 2px $ibo-color-pink-600 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--background-color: $ibo-color-warning-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-2--border: solid 2px $ibo-color-warning-400 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--background-color: $ibo-color-success-100 !default;
+$ibo-navigation-menu--notifications--item--new-message-indicator--is-priority-3--border: solid 2px $ibo-color-success-500 !default;
 
-$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-pink-500;
+$ibo-notifications--view-all--item--unread--highlight--background-color: $ibo-color-pink-500 !default;

datamodels/2.x/combodo-db-tools/src/Exception/AuthenticationException.php

@@ -1,4 +1,5 @@
 <?php
+
 /*
  * @copyright   Copyright (C) 2010-2026 Combodo SAS
  * @license     http://opensource.org/licenses/AGPL-3.0
@@ -8,5 +9,4 @@ namespace Combodo\iTop\DBTools\Exception;
 
 class AuthenticationException extends \Exception
 {
-
-}
+}

datamodels/2.x/itop-backup/module.itop-backup.php

@@ -41,6 +41,11 @@ SetupWebPage::AddModule(
 		'doc.manual_setup' => '',
 		'doc.more_information' => '',
 
+		// Security
+		'delegated_authentication_endpoints' => [
+			'ajax.backup.php',
+		],
+
 		// Default settings
 		//
 		'settings' => [

datamodels/2.x/itop-hub-connector/ajax.php

@@ -242,8 +242,8 @@ try {
 				throw new SecurityException(Dict::S('iTopHub:FailAuthent'));
 			}
 			// First step: prepare the datamodel, if it fails, roll-back
-			$aSelectedExtensionCodes = utils::ReadParam('extension_codes', []);
-			$aSelectedExtensionDirs = utils::ReadParam('extension_dirs', []);
+			$aSelectedExtensionCodes = utils::ReadParam('extension_codes', [], false, utils::ENUM_SANITIZATION_FILTER_MODULE_CODE);
+			$aSelectedExtensionDirs = utils::ReadParam('extension_dirs', [], false, utils::ENUM_SANITIZATION_FILTER_MODULE_CODE);
 
 			$oRuntimeEnv = new HubRunTimeEnvironment('production', false); // use a temp environment: production-build
 			$oRuntimeEnv->MoveSelectedExtensions(APPROOT.'/data/downloaded-extensions/', $aSelectedExtensionDirs);

datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php

@@ -37,6 +37,10 @@ SetupWebPage::AddModule(
 			// add your sample data XML files here,
 		],
 
+		'delegated_authentication_endpoints' => [
+			'ajax.php',
+		],
+
 		// Documentation
 		//
 		'doc.manual_setup' => '', // hyperlink to manual setup documentation, if any

datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php

@@ -1386,19 +1386,27 @@ class ObjectController extends BrickController
 				if ($oField instanceof DateTimeField) {
 					$oField->SetDateTimePickerWidgetParent($sDateTimePickerWidgetParent);
 				}
-				$sFieldRendererClass = BsLinkedSetFieldRenderer::GetFieldRendererClass($oField);
+
+				// View data
 				$sValue = $oAttDef->GetAsHTML($oNewLink->Get($sAttCode));
+				$aObjectData['attributes']['lnk__'.$sAttCode] = [
+					'object_class'   => $sLinkClass,
+					'object_id'      => $oNewLink->GetKey(),
+					'prefix'         => 'lnk__',
+					'attribute_code' => $sAttCode,
+					'attribute_type' => get_class($oAttDef),
+					'value_html'     => $sValue,
+				];
+
+				// If the field has a renderer we adjust view data
+				$sFieldRendererClass = BsLinkedSetFieldRenderer::GetFieldRendererClass($oField);
 				if ($sFieldRendererClass !== null) {
 					$oFieldRenderer = new $sFieldRendererClass($oField);
 					$oFieldOutput = $oFieldRenderer->Render();
-					$sValue = $oFieldOutput->GetHtml();
+					$aObjectData['attributes']['lnk__'.$sAttCode]['value_html'] = $oFieldOutput->GetHtml();
+					$aObjectData['attributes']['lnk__'.$sAttCode]['css_inline'] = $oFieldOutput->GetCss();
+					$aObjectData['attributes']['lnk__'.$sAttCode]['js_inline'] = $oFieldOutput->GetJs();
 				}
-				$aObjectData['attributes']['lnk__'.$sAttCode] = [
-					'att_code'   => $sAttCode,
-					'value'      => $sValue,
-					'css_inline' => $oFieldOutput->GetCss(),
-					'js_inline'  => $oFieldOutput->GetJs(),
-				];
 			}
 
 			$aData['items'][] = $aObjectData;

datamodels/2.x/itop-portal-base/portal/src/Helper/BrowseBrickHelper.php

@@ -317,7 +317,7 @@ class BrowseBrickHelper
 			$aRow[$key] = [
 				'level_alias' => $key,
 				'id' => $sCurrentObjectId,
-				'name' => utils::EscapeHtml($value->Get($sNameAttCode)),
+				'name' => $value->Get($sNameAttCode),
 				'class' => $sCurrentObjectClass,
 				'action_rules_token' => $this->PrepareActionRulesForItems($aItems, $key, $aLevelsProperties),
 				'metadata' => [
@@ -476,7 +476,7 @@ class BrowseBrickHelper
 			$aItems[$sCurrentIndex] = [
 				'level_alias' => $aCurrentRowKeys[0],
 				'id' => $aCurrentRowValues[0]->GetKey(),
-				'name' => utils::EscapeHtml($aCurrentRowValues[0]->Get($aLevelsProperties[$aCurrentRowKeys[0]]['name_att'])),
+				'name' => $aCurrentRowValues[0]->Get($aLevelsProperties[$aCurrentRowKeys[0]]['name_att']),
 				'class' => get_class($aCurrentRowValues[0]),
 				'subitems' => [],
 				'filter_data' => $this->GetFilterData($aLevelsProperties[$aCurrentRowKeys[0]], $aCurrentRowKeys[0], $aCurrentRowValues[0]),

datamodels/2.x/itop-portal-base/portal/templates/bricks/browse/mode_list.html.twig

@@ -80,11 +80,11 @@
                             // N°4662 - Surround tooltip with div to ensure text retrival
 							if( (data.tooltip !== undefined) && ($('<div>'+data.tooltip+'</div>').text() !== ''))
 							{
-								cellElem.html( $('<span></span>').attr('data-tooltip-content', data.tooltip).attr('data-tooltip-html-enabled', true).html(data.name).prop('outerHTML') );
+								cellElem.html( $('<span></span>').attr('data-tooltip-content', data.tooltip).attr('data-tooltip-html-enabled', true).text(data.name).prop('outerHTML') );
 							}
 							else
 							{
-								cellElem.html(data.name);
+								cellElem.text(data.name);
 							}
 
 							// Building actions

datamodels/2.x/itop-portal-base/portal/templates/bricks/browse/mode_mosaic.html.twig

@@ -197,7 +197,7 @@
                 if( (item.name !== undefined) && (item.name !== '') )
                 {
                     iItemFlags += 1;
-					textWrapperElem.append( $('<div></div>').addClass('mosaic-item-name').html(item.name) );
+					textWrapperElem.append( $('<div></div>').addClass('mosaic-item-name').text(item.name) );
                 }
                 // - Adding description
                 if( (item.description !== undefined) && (item.description !== '') )

datamodels/2.x/itop-portal-base/portal/templates/bricks/browse/mode_tree.html.twig

@@ -233,7 +233,9 @@
 				{
 					case '{{ constant('Combodo\\iTop\\Portal\\Brick\\BrowseBrick::ENUM_ACTION_DRILLDOWN') }}':
                         spanElem.addClass('tree-toggle');
-                        nameElem.html('<span class="glyphicon '+sNodeCollapsedClass+'" aria-hidden="true"></span><span class="list-group-item-text">'+nameElem.text()+'</span>');
+                        var iconElem = $('<span></span>').addClass('glyphicon '+sNodeCollapsedClass).attr('aria-hidden', 'true');
+                        var textElem = $('<span></span>').addClass('list-group-item-text').text(nameElem.text());
+                        nameElem.empty().append(iconElem).append(textElem);
                         break;
 					case '{{ constant('Combodo\\iTop\\Portal\\Brick\\BrowseBrick::ENUM_ACTION_VIEW') }}':
 						url = '{{ app.url_generator.generate('p_object_view', {'sObjectClass': '-objectClass-', 'sObjectId': '-objectId-'})|raw }}'.replace(/-objectClass-/, item.class).replace(/-objectId-/, item.id);

datamodels/2.x/itop-portal-base/portal/templates/bricks/manage/popup-export-excel.html.twig

@@ -11,7 +11,7 @@
     </div>
 
     <div id="export-feedback">
-        <p id="export-excel-warning" class="alert alert-warning" role="alert">{{ 'UI:Bulk:Export:MaliciousInjection:Alert:Message'|dict_format(sWikiUrl)|raw }}</p>
+        <p id="export-excel-warning" class="alert alert-warning" role="alert">{{ 'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message'|dict_format(sWikiUrl)|raw }}</p>
         <p class="export-message" style="text-align:center;">{{ 'ExcelExport:PreparingExport'|dict_s }}</p>
         <div class="progress">
             <div class="progress-bar" role="progressbar" style="width: 0%"

datamodels/2.x/itop-profiles-itil/datamodel.itop-profiles-itil.xml

@@ -186,6 +186,7 @@
       <group id="AdminSysReadOnly" _delta="define">
         <classes>
           <class id="ItopFenceLogin"/>
+          <class id="ModuleInstallation"/>
         </classes>
       </group>
       <group id="AdminSys" _delta="define">
@@ -195,6 +196,11 @@
           <class id="RessourceHybridAuthMenu"/>
         </classes>
       </group>
+      <group id="Event" _delta="define">
+        <classes>
+          <class id="Event"/>
+        </classes>
+      </group>
     </groups>
     <profiles>
       <profile id="117" _delta="define">
@@ -290,6 +296,16 @@
               <action id="stimulus:ev_close">allow</action>
             </actions>
           </group>
+          <group id="Event">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+              <action id="action:write">allow</action>
+              <action id="action:bulk write">allow</action>
+              <action id="action:delete">allow</action>
+              <action id="action:bulk delete">allow</action>
+            </actions>
+          </group>
         </groups>
       </profile>
       <profile id="3" _delta="define">

dictionaries/cs.dictionary.itop.ui.php

@@ -1394,6 +1394,7 @@ Dict::Add('CS CZ', 'Czech', 'Čeština', [
 	'UI:SelectInlineImageToUpload' => 'Vyberte obrázek',
 	'UI:AvailableInlineImagesLegend' => 'Dostupné obrázky',
 	'UI:NoInlineImage' => 'Na serveru není dostupný žádný obrázek. Nahrajte nějaký pomocí tlačítka výše.',
+	'UI:MissingInlineImage' => 'Chybějící obrázek',
 	'UI:ToggleFullScreen' => 'Přepnout zobrazení',
 	'UI:Button:ResetImage' => 'Obnovit původní obrázek',
 	'UI:Button:RemoveImage' => 'Odebrat obrázek',

dictionaries/da.dictionary.itop.ui.php

@@ -1397,6 +1397,7 @@ Ved tilknytningen til en trigger, bliver hver handling tildelt et "rækkefølge"
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload~~',
 	'UI:AvailableInlineImagesLegend' => 'Available images~~',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.~~',
+	'UI:MissingInlineImage' => 'Manglende billede',
 	'UI:ToggleFullScreen' => 'Toggle Maximize / Minimize~~',
 	'UI:Button:ResetImage' => 'Recover the previous image~~',
 	'UI:Button:RemoveImage' => 'Remove the image~~',

dictionaries/de.dictionary.itop.ui.php

@@ -1394,6 +1394,7 @@ Wenn Aktionen mit Trigger verknüpft sind, bekommt jede Aktion eine Auftragsnumm
 	'UI:SelectInlineImageToUpload' => 'Wähle das Bild für den Upload aus',
 	'UI:AvailableInlineImagesLegend' => 'Verfügbare Bilder',
 	'UI:NoInlineImage' => 'Es sind keine Bilder auf dem Server verfügbar. Nutze den "Durchsuchen" Button oben, um ein Bild vom Computer hochzuladen.',
+	'UI:MissingInlineImage' => 'Bild fehlt',
 	'UI:ToggleFullScreen' => 'Maximieren / Minimieren',
 	'UI:Button:ResetImage' => 'Vorheriges Bild wiederherstellen',
 	'UI:Button:RemoveImage' => 'Bild löschen',

dictionaries/en.dictionary.itop.ui.php

@@ -1471,6 +1471,7 @@ When associated with a trigger, each action is given an "order" number, specifyi
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload',
 	'UI:AvailableInlineImagesLegend' => 'Available images',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.',
+	'UI:MissingInlineImage' => 'Missing image',
 
 	'UI:ToggleFullScreen' => 'Toggle Maximize / Minimize',
 	'UI:Button:ResetImage' => 'Recover the previous image',

dictionaries/en_gb.dictionary.itop.ui.php

@@ -1471,6 +1471,7 @@ When associated with a trigger, each action is given an "order" number, specifyi
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload',
 	'UI:AvailableInlineImagesLegend' => 'Available images',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.',
+	'UI:MissingInlineImage' => 'Missing image',
 
 	'UI:ToggleFullScreen' => 'Toggle Maximise / Minimise',
 	'UI:Button:ResetImage' => 'Recover the previous image',

dictionaries/es_cr.dictionary.itop.ui.php

@@ -1397,6 +1397,7 @@ Cuando se asocien con un disparador, cada acción recibe un número de "orden",
 	'UI:SelectInlineImageToUpload' => 'Seleccione la imágen a subir',
 	'UI:AvailableInlineImagesLegend' => 'Imágenes disponibles',
 	'UI:NoInlineImage' => 'No hay imágenes disponibles en el servidor. Use el botón "Seleccionar archivo" para seleccionar una imágen de su equipo local y subirla al servidor.',
+	'UI:MissingInlineImage' => 'Imagen faltante',
 	'UI:ToggleFullScreen' => 'Cambiar Maximizar / Minimizar',
 	'UI:Button:ResetImage' => 'Recuperar imágen previa',
 	'UI:Button:RemoveImage' => 'Remover imágen',

dictionaries/fr.dictionary.itop.ui.php

@@ -1398,6 +1398,7 @@ Lors de l\'association à un déclencheur, on attribue à chaque action un numé
 	'UI:SelectInlineImageToUpload' => 'Sélectionnez l\'image à ajouter',
 	'UI:AvailableInlineImagesLegend' => 'Images disponibles',
 	'UI:NoInlineImage' => 'Il n\'y a aucune image de disponible sur le serveur. Utilisez le bouton "Parcourir" (ci-dessus) pour sélectionner une image sur votre ordinateur et la télécharger sur le serveur.',
+	'UI:MissingInlineImage' => 'Image introuvable',
 	'UI:ToggleFullScreen' => 'Agrandir / Minimiser',
 	'UI:Button:ResetImage' => 'Récupérer l\'image initiale',
 	'UI:Button:RemoveImage' => 'Supprimer l\'image',

dictionaries/hu.dictionary.itop.ui.php

@@ -1400,6 +1400,7 @@ A művelet eseményindítóhoz rendelésekor kap egy sorszámot , amely meghatá
 	'UI:SelectInlineImageToUpload' => 'Válasszon egy képet',
 	'UI:AvailableInlineImagesLegend' => 'Elérhető képek',
 	'UI:NoInlineImage' => 'A szerveren nincs elérhető kép. Használja a fenti "Tallózás" gombot egy kép kiválasztásához a számítógépéről, és töltse fel a szerverre.',
+	'UI:MissingInlineImage' => 'Hiányzó kép',
 	'UI:ToggleFullScreen' => 'Maximalizálás / Minimalizálás',
 	'UI:Button:ResetImage' => 'Az előző kép visszaállítása',
 	'UI:Button:RemoveImage' => 'Kép eltávolítása',

dictionaries/it.dictionary.itop.ui.php

@@ -1399,6 +1399,7 @@ Quando è associata a un trigger, a ogni azione è assegnato un numero "ordine",
 	'UI:SelectInlineImageToUpload' => 'Seleziona l\'immagine da caricare',
 	'UI:AvailableInlineImagesLegend' => 'Immagini disponibili',
 	'UI:NoInlineImage' => 'Non ci sono immagini disponibili sul server. Utilizza il pulsante "Sfoglia" sopra per selezionare un\'immagine dal tuo computer e caricarla sul server.',
+	'UI:MissingInlineImage' => 'Immagine mancante',
 	'UI:ToggleFullScreen' => 'Attiva/Disattiva a schermo intero',
 	'UI:Button:ResetImage' => 'Ripristina l\'immagine precedente',
 	'UI:Button:RemoveImage' => 'Rimuovi l\'immagine',

dictionaries/ja.dictionary.itop.ui.php

@@ -1401,6 +1401,7 @@ Dict::Add('JA JP', 'Japanese', '日本語', [
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload~~',
 	'UI:AvailableInlineImagesLegend' => 'Available images~~',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.~~',
+	'UI:MissingInlineImage' => 'Missing image~~',
 	'UI:ToggleFullScreen' => 'Toggle Maximize / Minimize~~',
 	'UI:Button:ResetImage' => 'Recover the previous image~~',
 	'UI:Button:RemoveImage' => 'Remove the image~~',

dictionaries/nl.dictionary.itop.ui.php

@@ -1400,6 +1400,7 @@ Bij die koppeling wordt aan elke actie een volgorde-nummer gegeven. Dit bepaalt
 	'UI:SelectInlineImageToUpload' => 'Selecteer een afbeelding om te uploaden',
 	'UI:AvailableInlineImagesLegend' => 'Beschikbare afbeeldingen',
 	'UI:NoInlineImage' => 'Er is geen afbeelding beschikbaar op de server. Gebruik de "Afbeeldingen doorbladeren..." knop hierboven om een afbeelding te kiezen op je toestel.',
+	'UI:MissingInlineImage' => 'Ontbrekende afbeelding',
 	'UI:ToggleFullScreen' => 'Minimaliseren / Maximaliseren',
 	'UI:Button:ResetImage' => 'Vorige afbeelding herstellen',
 	'UI:Button:RemoveImage' => 'Afbeelding verwijderen',

dictionaries/pl.dictionary.itop.ui.php

@@ -1408,6 +1408,7 @@ W przypadku powiązania z wyzwalaczem, każde działanie otrzymuje numer "porzą
 	'UI:SelectInlineImageToUpload' => 'Wybierz obraz do przesłania',
 	'UI:AvailableInlineImagesLegend' => 'Dostępne obrazy',
 	'UI:NoInlineImage' => 'Na serwerze nie ma obrazu. Użyj przycisku "Przeglądaj" powyżej, aby wybrać obraz ze swojego komputera i przesłać go na serwer.',
+	'UI:MissingInlineImage' => 'Brakujący obraz',
 	'UI:ToggleFullScreen' => 'Przełącz Maksymalizuj / Minimalizuj',
 	'UI:Button:ResetImage' => 'Odzyskaj poprzedni obraz',
 	'UI:Button:RemoveImage' => 'Usuń obraz',

dictionaries/pt_br.dictionary.itop.ui.php

@@ -1393,6 +1393,7 @@ Quando associada a um gatilho, cada ação recebe um número de "ordem", especif
 	'UI:SelectInlineImageToUpload' => 'Selecione a imagem para enviar',
 	'UI:AvailableInlineImagesLegend' => 'Imagens disponíveis',
 	'UI:NoInlineImage' => 'Não há imagem disponível no servidor. Use o botão "Escolher arquivo" acima para selecionar uma imagem do seu computador e fazer o upload para o servidor',
+	'UI:MissingInlineImage' => 'Imagem ausente',
 	'UI:ToggleFullScreen' => 'Alternancia Maximizar / Minimizar',
 	'UI:Button:ResetImage' => 'Recupere a imagem anterior',
 	'UI:Button:RemoveImage' => 'Remover a imagem',

dictionaries/ru.dictionary.itop.ui.php

@@ -1397,6 +1397,7 @@ Dict::Add('RU RU', 'Russian', 'Русский', [
 	'UI:SelectInlineImageToUpload' => 'Выберите изображение для загрузки',
 	'UI:AvailableInlineImagesLegend' => 'Доступные изображения',
 	'UI:NoInlineImage' => 'На сервере нет доступных изображений. С помощью кнопки "Обзор..." выше выберите изображение на вашем компьютере, чтобы загрузить его на сервер.',
+	'UI:MissingInlineImage' => 'Отсутствует изображение',
 	'UI:ToggleFullScreen' => 'Развернуть / Свернуть',
 	'UI:Button:ResetImage' => 'Восстановить предыдущее изображение',
 	'UI:Button:RemoveImage' => 'Удалить изображение',

dictionaries/sk.dictionary.itop.ui.php

@@ -1398,6 +1398,7 @@ Keď sú priradené spúštačom, každej akcii je dané číslo "príkazu", šp
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload~~',
 	'UI:AvailableInlineImagesLegend' => 'Available images~~',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.~~',
+	'UI:MissingInlineImage' => 'Missing image~~',
 	'UI:ToggleFullScreen' => 'Toggle Maximize / Minimize~~',
 	'UI:Button:ResetImage' => 'Recover the previous image~~',
 	'UI:Button:RemoveImage' => 'Remove the image~~',

dictionaries/tr.dictionary.itop.ui.php

@@ -1401,6 +1401,7 @@ Tetikleme gerçekleştiriğinde işlemler tanımlanan sıra numarası ile gerçe
 	'UI:SelectInlineImageToUpload' => 'Select the image to upload~~',
 	'UI:AvailableInlineImagesLegend' => 'Available images~~',
 	'UI:NoInlineImage' => 'There is no image available on the server. Use the "Browse" button above to select an image from your computer and upload it to the server.~~',
+	'UI:MissingInlineImage' => 'Missing image~~',
 	'UI:ToggleFullScreen' => 'Toggle Maximize / Minimize~~',
 	'UI:Button:ResetImage' => 'Recover the previous image~~',
 	'UI:Button:RemoveImage' => 'Remove the image~~',

dictionaries/ui/application/bulk/cs.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('CS CZ', 'Czech', 'Čeština', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/da.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('DA DA', 'Danish', 'Dansk', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/de.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('DE DE', 'German', 'Deutsch', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Dieses Attribut kann in einer Massenänderung nicht bearbeitet werden.',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel-Sicherheitswarnung',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Das Öffnen einer Datei mit nicht vertrauenswürdigen Daten in Microsoft Excel kann zu einer Formel-Injektion führen. Stellen Sie sicher, dass Ihre Excel-Einstellungen so konfiguriert sind, dass Dateien sicher verarbeitet werden. <a href="%1$s">Erfahren Sie mehr in unserer Dokumentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Das Öffnen einer Datei mit nicht vertrauenswürdigen Daten in Microsoft Excel kann zu einer Formel-Injektion führen. Stellen Sie sicher, dass Ihre Excel-Einstellungen so konfiguriert sind, dass Dateien sicher verarbeitet werden. <a href="%1$s" target="_blank">Erfahren Sie mehr in unserer Dokumentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/en.dictionary.itop.bulk.php

@@ -23,5 +23,9 @@ Dict::Add('EN US', 'English', 'English', [
 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.',
+	'Core:BulkExport:Security' => 'Security',
 ]);

dictionaries/ui/application/bulk/en_gb.dictionary.itop.bulk.php

@@ -10,5 +10,9 @@ Dict::Add('EN GB', 'British English', 'British English', [
 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.',
+	'Core:BulkExport:Security' => 'Security',
 ]);

dictionaries/ui/application/bulk/es_cr.dictionary.itop.bulk.php

@@ -11,5 +11,9 @@
 Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Este atributo no se puede editar en contexto masivo',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Advertencia de seguridad de Excel',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Abrir un archivo con datos que no son de confianza en Microsoft Excel puede provocar la inyección de fórmulas. Asegúrese de que la configuración de Excel esté configurada para manejar archivos de forma segura. <a href="%1$s">Obtenga más información en nuestra documentación.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Abrir un archivo con datos que no son de confianza en Microsoft Excel puede provocar la inyección de fórmulas. Asegúrese de que la configuración de Excel esté configurada para manejar archivos de forma segura. <a href="%1$s" target="_blank">Obtenga más información en nuestra documentación.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/fr.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('FR FR', 'French', 'Français', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Cet attribut ne peut être édité dans une modification en masse',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Avertissement sur la sécurité d\'Excel',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'ouverture d\'un fichier contenant des données non fiables dans Microsoft Excel peut entraîner l\'injection de formules. Assurez-vous que vos paramètres Excel sont configurés pour traiter les fichiers en toute sécurité. <a href="%1$s">Pour en savoir plus, consultez notre documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'ouverture d\'un fichier contenant des données non fiables dans Microsoft Excel peut entraîner l\'injection de formules. Assurez-vous que vos paramètres Excel sont configurés pour traiter les fichiers en toute sécurité. <a href="%1$s" target="_blank">Pour en savoir plus, consultez notre documentation.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Certaines valeurs ont été échappées pour prévenir de potentielles failles de sécurités dans Microsoft Excel. <a href="%1$s" target="_blank">Pour en savoir plus, consultez notre documentation</a>',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitiser les valeurs potentiellement dangereuses',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'Lorsqu\'elle est activée, les valeurs potentiellement dangereuses seront sanitizées lors de l\'exportation. Cela empêchera Microsoft Excel de les interpréter comme des formules. Notez que cela peut altérer les données originales en les préfixant avec une simple quote (\') pour s\'assurer qu\'elles soient traitées comme du texte.',
+	'Core:BulkExport:Security' => 'Sécurité',
 ]);

dictionaries/ui/application/bulk/hu.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('HU HU', 'Hungarian', 'Magyar', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/it.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('IT IT', 'Italian', 'Italiano', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Questo attributo non può essere modificato nel contesto di modifica bulk',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Avviso di sicurezza di Excel',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'apertura di un file con dati non fidati in Microsoft Excel potrebbe comportare l\'iniezione di formule. Assicurati che le impostazioni di Excel siano configurate per gestire i file in modo sicuro. <a href="%1$s">Ulteriori informazioni nella nostra documentazione.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'L\'apertura di un file con dati non fidati in Microsoft Excel potrebbe comportare l\'iniezione di formule. Assicurati che le impostazioni di Excel siano configurate per gestire i file in modo sicuro. <a href="%1$s" target="_blank">Ulteriori informazioni nella nostra documentazione.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/ja.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('JA JP', 'Japanese', '日本語', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/nl.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('NL NL', 'Dutch', 'Nederlands', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/pl.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('PL PL', 'Polish', 'Polski', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'Tego atrybutu nie można edytować zbiorczo',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Ostrzeżenie dotyczące bezpieczeństwa programu Excel',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Otwarcie pliku z niezaufanymi danymi w programie Microsoft Excel może spowodować wstrzyknięcie formuły. Upewnij się, że ustawienia programu Excel są skonfigurowane tak, aby bezpiecznie obsługiwać pliki. <a href="%1$s">Dowiedz się więcej w naszej dokumentacji.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Otwarcie pliku z niezaufanymi danymi w programie Microsoft Excel może spowodować wstrzyknięcie formuły. Upewnij się, że ustawienia programu Excel są skonfigurowane tak, aby bezpiecznie obsługiwać pliki. <a href="%1$s" target="_blank">Dowiedz się więcej w naszej dokumentacji.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/pt_br.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('PT BR', 'Brazilian', 'Brazilian', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/ru.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('RU RU', 'Russian', 'Русский', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/sk.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('SK SK', 'Slovak', 'Slovenčina', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/tr.dictionary.itop.bulk.php

@@ -13,5 +13,9 @@
 Dict::Add('TR TR', 'Turkish', 'Türkçe', [
 	'UI:Bulk:modify:IncompatibleAttribute' => 'This attribute can\'t be edited in bulk context~~',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel security warning~~',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => 'Opening a file with untrusted data in Microsoft Excel may lead to formula injection. Ensure that your Excel settings are configured to handle files safely. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/ui/application/bulk/zh_cn.dictionary.itop.bulk.php

@@ -22,5 +22,9 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', [
 	// Bulk modify
 	'UI:Bulk:modify:IncompatibleAttribute' => '此属性无法在批量操作中编辑',
 	'UI:Bulk:Export:MaliciousInjection:Alert:Title' => 'Excel 安全警告',
-	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => '在 Microsoft Excel 中打开不信任的文件可能导致公式注入. 请确保 Excel 设置能够安全的处理该文件. <a href="%1$s">进入我们的文档了解更多.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Alert:Message' => '在 Microsoft Excel 中打开不信任的文件可能导致公式注入. 请确保 Excel 设置能够安全的处理该文件. <a href="%1$s" target="_blank">进入我们的文档了解更多.</a>',
+	'UI:Bulk:Export:MaliciousInjection:Sanitization:Alert:Message' => 'Some values have been sanitized to prevent potential security issues in Microsoft Excel. <a href="%1$s" target="_blank">Learn more in our documentation.</a>~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Label' => 'Sanitize potentially dangerous values~~',
+	'UI:Bulk:Export:MaliciousInjection:Input:Tooltip' => 'When enabled, potentially dangerous values will be sanitized during export. This will prevent Microsoft Excel from interpreting them as formulas. Note that this may alter the original data by prefixing it with a single quote (\') to ensure it is treated as text.~~',
+	'Core:BulkExport:Security' => 'Security~~',
 ]);

dictionaries/zh_cn.dictionary.itop.ui.php

@@ -1398,6 +1398,7 @@ Dict::Add('ZH CN', 'Chinese', '简体中文', [
 	'UI:SelectInlineImageToUpload' => '选择要上传的图片',
 	'UI:AvailableInlineImagesLegend' => '可用的图片',
 	'UI:NoInlineImage' => '服务器上没有图片. 使用上面的 "浏览" 按钮, 从您的电脑上选择并上传到服务器.',
+	'UI:MissingInlineImage' => '缺少图片',
 	'UI:ToggleFullScreen' => '切换最大化/最小化',
 	'UI:Button:ResetImage' => '恢复之前的图片',
 	'UI:Button:RemoveImage' => '移除图片',

js/pages/backoffice/toolbox.js

@@ -332,6 +332,12 @@ CombodoModal._ConvertButtonDefinition = function (aButtonsDefinitions) {
 					class: typeof(element.classes) !== 'undefined' ? element.classes.join(' ') : '',
 					click: element.callback_on_click
 				}
+
+                // id is optional, and we don't want to set it if not defined
+                if (typeof element.id !== 'undefined' && element.id !== null) {
+                    aButton.id = element.id;
+                }
+
 				aConverted.push(aButton);
 			}
 	);

js/searchformforeignkeys.js

@@ -35,116 +35,63 @@ function SearchFormForeignKeys(id, sTargetClass, sAttCode, oSearchWidgetElmt, sF
 	this.sAttCode = sAttCode;
 	this.oSearchWidgetElmt = oSearchWidgetElmt;
 	this.emptyHtml = ''; // content to be displayed when the search results are empty (when opening the dialog)
-	this.emptyOnClose = true; // Workaround for the JQuery dialog being very slow when opening and closing if the content contains many INPUT tags
-	this.ajax_request = null;
 	// this.bSelectMode = bSelectMode; // true if the edited field is a SELECT, false if it's an autocomplete
 	// this.bSearchMode = bSearchMode; // true if selecting a value in the context of a search form
 	var me = this;
 
 	this.Init = function()
 	{
-		// make sure that the form is clean
-		$('#linkedset_'+this.id+' .selection').each( function() { this.checked = false; });
-		$('#'+this.id+'_btnRemove').prop('disabled', false);
-
-		$('<div id="dlg_'+me.id+'"></div>').appendTo(document.body);
-
-		// me.trace(dialog);
-
-		//TODO : check and remove all unneded code bellow this line!!
-
-		$('#'+this.id+'_linksToRemove').val('');
-
-		$('#linkedset_'+me.id).on('remove', function() {
-			// prevent having the dlg div twice
-			$('#dlg_'+me.id).remove();
-		});
-
-		$('#'+this.iInputId).closest('form').on('submit', function() {
-			return me.OnFormSubmit();
-		});
-	};
-
-	this.StopPendingRequest = function()
-	{
-		if (me.ajax_request)
-		{
-			me.ajax_request.abort();
-			me.ajax_request = null;
-		}
 	};
 
 	this.ShowModalSearchForeignKeys = function()
 	{
-		// // Query the server to get the form to search for target objects
-		// if (me.bSelectMode)
-		// {
-		// 	$('#fstatus_'+me.id).html('<img src="../images/indicator.gif" />');
-		// }
-		// else
-		// {
-		// 	$('#label_'+me.id).addClass('dlg_loading');
-		// }
-		$('#label_'+me.id).addClass('dlg_loading');
-		var theMap = {
-			sAttCode: me.sAttCode,
-			iInputId: me.id,
-			sTitle: me.sTitle,
-			sTargetClass: me.sTargetClass,
-			// bSearchMode: me.bSearchMode,
-			operation: 'ShowModalSearchForeignKeys'
-		};
+        const oModalParams = {
+            content: {
+                endpoint: AddAppContext(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php'),
+                data: {
+                    sAttCode: me.sAttCode,
+                    iInputId: me.id,
+                    sTargetClass: me.sTargetClass,
+                    operation: 'ShowModalSearchForeignKeys'
+                },
+            },
+            title: me.sTitle,
+            id: 'dlg_'+me.id,
+            size: 'lg',
+            buttons: [
+                {
+                    text: Dict.S('UI:Button:Cancel'),
+                    callback_on_click: function() {
+                        $(this).dialog("close");
+                    },
+                    classes: ['cancel', 'ibo-is-alternative', 'ibo-is-neutral'],
+                },
+                {
+                    text: Dict.S('UI:Button:Add'),
+                    id: "btn_ok_"+me.id,
+                    classes: ['ok', 'ibo-is-regular', 'ibo-is-primary'],
+                    callback_on_click: function() {
+                        me.DoAddObjects();
+                    }
+                }
+            ],
+            callback_on_content_loaded: function(oModalContentElement){
+                // Update initial buttons state
+                me.UpdateButtons();
+            },
 
+            extra_options: {
+                    callback_on_modal_close: function () {
+                        $(this).remove(); // destroy then remove dialog object
+                    }
+                }
+        }
+        const oModal = CombodoModal.OpenModal(oModalParams);
 
-
-		// Make sure that we cancel any pending request before issuing another
-		// since responses may arrive in arbitrary order
-		me.StopPendingRequest();
-
-		// Run the query and get the result back directly in HTML
-		me.ajax_request = $.post( AddAppContext(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php'), theMap,
-			function(data)
-			{
-				// $('#dlg_'+me.id).html(data);
-				$('#dlg_'+me.id).empty().append($(data)); // $(data).filter(':not(script)'));
-				$('#dlg_'+me.id).dialog('open');
-				me.UpdateSizes();
-				me.UpdateButtons();
-				me.ajax_request = null;
-				me.ListResultsSearchForeignKeys();
-			},
-			'html'
-		);
-	};
-
-	this.UpdateSizes = function()
-	{
-		var dlg = $('#dlg_'+me.id);
-		// Adjust the dialog's size to fit into the screen
-		if (dlg.width() > ($(window).width()-40))
-		{
-			dlg.width($(window).width()-40);
-		}
-		if (dlg.height() > ($(window).height()-70))
-		{
-			dlg.height($(window).height()-70);
-		}
-		var searchForm = dlg.find('div.display_block:first'); // Top search form, enclosing display_block
-		var results = $('#SearchResultsToAdd_'+me.id);
-		var oPadding = {};
-		var aKeys = ['top', 'right', 'bottom', 'left'];
-		for(k in aKeys)
-		{
-			oPadding[aKeys[k]] = 0;
-			if (dlg.css('padding-'+aKeys[k]))
-			{
-				oPadding[aKeys[k]] = parseInt(dlg.css('padding-'+aKeys[k]).replace('px', ''));
-			}
-		}
-		//var width = dlg.innerWidth() - oPadding['right'] - oPadding['left'] - 22; // 5 (margin-left) + 5 (padding-left) + 5 (padding-right) + 5 (margin-right) + 2 for rounding !
-		var height = dlg.innerHeight()-oPadding['top']-oPadding['bottom']-22;
-		var form_height = searchForm.outerHeight();
-		results.height(height - form_height - 40); // Leave some space for the buttons
+        // Bind events
+        oModal.on('change', '#count_'+me.id, function(){
+            me.UpdateButtons();
+        });
 	};
 
 	this.UpdateButtons = function()
@@ -160,63 +107,6 @@ function SearchFormForeignKeys(id, sTargetClass, sAttCode, oSearchWidgetElmt, sF
 		}
 	};
 
-	/**
-	 * @return {boolean}
-	 */
-	this.ListResultsSearchForeignKeys = function ()
-	{
-		var theMap = {
-			sTargetClass: me.sTargetClass,
-			iInputId: me.id,
-			sFilter: me.sfilter,
-			// bSearchMode: me.bSearchMode
-		};
-
-		// Gather the parameters from the search form
-		$('#fs_'+me.id+' :input').each( function() {
-			if (this.name !== '')
-			{
-				var val = $(this).val(); // supports multiselect as well
-				if (val !== null)
-				{
-					theMap[this.name] = val;
-				}
-			}
-		});
-
-
-
-		theMap['sRemoteClass'] = theMap['class'];  // swap 'class' (defined in the form) and 'remoteClass'
-		theMap.operation = 'ListResultsSearchForeignKeys'; // Override what is defined in the form itself
-		theMap.sAttCode = me.sAttCode;
-		var sSearchAreaId = '#SearchResultsToAdd_'+me.id;
-		//$(sSearchAreaId).html('<div style="text-align:center;width:100%;height:24px;vertical-align:middle;"><img src="../images/indicator.gif" /></div>');
-		$(sSearchAreaId).block();
-		me.UpdateButtons();
-
-		// Make sure that we cancel any pending request before issuing another
-		// since responses may arrive in arbitrary order
-		me.StopPendingRequest();
-
-		// Run the query and display the results
-		me.ajax_request = $.post(AddAppContext(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php'), theMap,
-			function(data)
-			{
-				$(sSearchAreaId).html(data);
-				$('#fr_'+me.id+' input:radio').on('click', function() { me.UpdateButtons(); });
-				me.UpdateButtons();
-				me.ajax_request = null;
-				$('#count_'+me.id).on('change', function(){
-					me.UpdateButtons();
-				});
-				me.UpdateSizes();
-			},
-			'html'
-		);
-
-		return false; // Don't submit the form, stay in the current page !
-	};
-
 	/**
 	 * @return {boolean}
 	 */
@@ -286,56 +176,4 @@ function SearchFormForeignKeys(id, sTargetClass, sAttCode, oSearchWidgetElmt, sF
 
 		return false;
 	};
-
-
-	// Workaround for a ui.jquery limitation: if the content of
-	// the dialog contains many INPUTs, closing and opening the
-	// dialog is very slow. So empty it each time.
-	this.OnClose = function()
-	{
-		me.StopPendingRequest();
-		// called by the dialog, so in the context 'this' points to the jQueryObject
-		if (me.emptyOnClose)
-		{
-			$('#SearchResultsToAdd_'+me.id).html(me.emptyHtml);
-		}
-		$('#label_'+me.id).removeClass('dlg_loading');
-		$('#label_'+me.id).focus();
-		me.ajax_request = null;
-	};
-
-	this.DoSelectObjectClass = function()
-	{
-		// Retrieving selected value
-		var oSelectedClass = $('#ac_create_'+me.id+' select');
-		if(oSelectedClass.length !== 1) return;
-
-		// Setting new target class
-		me.sTargetClass = oSelectedClass.val();
-
-		// Opening real creation form
-		$('#ac_create_'+me.id).dialog('close');
-		me.CreateObject();
-	};
-
-	this.Update = function()
-	{
-		if ($('#'+me.id).prop('disabled'))
-		{
-			$('#v_'+me.id).html('');
-			$('#label_'+me.id).prop('disabled', true);
-			$('#label_'+me.id).css({'background': 'transparent'});
-			$('#mini_add_'+me.id).hide();
-			$('#mini_tree_'+me.id).hide();
-			$('#mini_search_'+me.id).hide();
-		}
-		else
-		{
-			$('#label_'+me.id).prop('disabled', false);
-			$('#label_'+me.id).css({'background': '#fff url(../images/ac-background.gif) no-repeat right'});
-			$('#mini_add_'+me.id).show();
-			$('#mini_tree_'+me.id).show();
-			$('#mini_search_'+me.id).show();
-		}
-	};
 }

js/utils.js

@@ -487,6 +487,12 @@ function ExportStartExport() {
 		oParams.expression = $('#export-form :input[name=expression]').val();
 		oParams.query = $('#export-form :input[name=query]').val();
 	}
+
+    // Read the "sanitize_excel_export" checkbox if it exists, and set the corresponding "ignore_excel_sanitization" parameter
+    if($(':input[name=sanitize_excel_export]').length > 0) {
+        oParams.ignore_excel_sanitization = $(':input[name=sanitize_excel_export]').is(':checked') ? 0 : 1;
+    }
+
 	$.post(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php', oParams, function (data) {
 			if (data == null) {
 				ExportError('Export failed (no data provided), please contact your administrator');

lib/apereo/phpcas/README.md

@@ -13,7 +13,7 @@ Api documentation can be found here:
 https://apereo.github.io/phpCAS/api/
 
 
-[![Test](https://github.com/apereo/phpCAS/actions/workflows/test.yml/badge.svg)](https://github.com/apereo/phpCAS/actions/workflows/test.yml)
+[![Test](https://github.com/EsupPortail/phpCAS/actions/workflows/test.yml/badge.svg)](https://github.com/EsupPortail/phpCAS/actions/workflows/test.yml)
 
 LICENSE
 -------

lib/apereo/phpcas/source/CAS.php

@@ -57,7 +57,7 @@ if (!isset($_SERVER['REQUEST_URI']) && isset($_SERVER['SCRIPT_NAME']) && isset($
 /**
  * phpCAS version. accessible for the user by phpCAS::getVersion().
  */
-define('PHPCAS_VERSION', '1.6.1');
+define('PHPCAS_VERSION', '1.6.1+');
 
 /**
  * @addtogroup public
@@ -303,7 +303,7 @@ class phpCAS
 
     /**
      * This variable is used to enable verbose mode
-     * This pevents debug info to be show to the user. Since it's a security
+     * This prevents debug info to be show to the user. Since it's a security
      * feature the default is false
      *
      * @hideinitializer
@@ -338,7 +338,7 @@ class phpCAS
      * @param bool                     $changeSessionID Allow phpCAS to change the session_id
      *                                                  (Single Sign Out/handleLogoutRequests
      *                                                  is based on that change)
-     * @param \SessionHandlerInterface $sessionHandler  the session handler
+     * @param \SessionHandlerInterface|null $sessionHandler  the session handler
      *
      * @return void a newly created CAS_Client object
      * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -347,7 +347,7 @@ class phpCAS
      */
     public static function client($server_version, $server_hostname,
         $server_port, $server_uri, $service_base_url,
-        $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null
+        $changeSessionID = true, ?\SessionHandlerInterface $sessionHandler = null
     ) {
         phpCAS :: traceBegin();
         if (is_object(self::$_PHPCAS_CLIENT)) {
@@ -393,7 +393,7 @@ class phpCAS
      * @param bool                     $changeSessionID Allow phpCAS to change the session_id
      *                                                  (Single Sign Out/handleLogoutRequests
      *                                                  is based on that change)
-     * @param \SessionHandlerInterface $sessionHandler  the session handler
+     * @param \SessionHandlerInterface|null $sessionHandler  the session handler
      *
      * @return void a newly created CAS_Client object
      * @note Only one of the phpCAS::client() and phpCAS::proxy functions should be
@@ -402,14 +402,14 @@ class phpCAS
      */
     public static function proxy($server_version, $server_hostname,
         $server_port, $server_uri, $service_base_url,
-        $changeSessionID = true, \SessionHandlerInterface $sessionHandler = null
+        $changeSessionID = true, ?\SessionHandlerInterface $sessionHandler = null
     ) {
         phpCAS :: traceBegin();
         if (is_object(self::$_PHPCAS_CLIENT)) {
             phpCAS :: error(self::$_PHPCAS_INIT_CALL['method'] . '() has already been called (at ' . self::$_PHPCAS_INIT_CALL['file'] . ':' . self::$_PHPCAS_INIT_CALL['line'] . ')');
         }
 
-        // store where the initialzer is called from
+        // store where the initializer is called from
         $dbg = debug_backtrace();
         self::$_PHPCAS_INIT_CALL = array (
             'done' => true,
@@ -560,7 +560,7 @@ class phpCAS
 
                 $indent_str .= '|    ';
             }
-            // allow for multiline output with proper identing. Usefull for
+            // allow for multiline output with proper identing. Useful for
             // dumping cas answers etc.
             $str2 = str_replace("\n", "\n" . self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str, $str);
             $str3 = self::$_PHPCAS_DEBUG['unique_id'] . ' ' . $indent_str . $str2;
@@ -568,7 +568,7 @@ class phpCAS
                 self::$_PHPCAS_DEBUG['logger']->info($str3);
             }
             if (!empty(self::$_PHPCAS_DEBUG['filename'])) {
-                // Check if file exists and modifiy file permissions to be only
+                // Check if file exists and modify file permissions to be only
                 // readable by the webserver
                 if (!file_exists(self::$_PHPCAS_DEBUG['filename'])) {
                     touch(self::$_PHPCAS_DEBUG['filename']);
@@ -1769,7 +1769,7 @@ class phpCAS
 
     /**
      * If you want your service to be proxied you have to enable it (default
-     * disabled) and define an accepable list of proxies that are allowed to
+     * disabled) and define an acceptable list of proxies that are allowed to
      * proxy your service.
      *
      * Add each allowed proxy definition object. For the normal CAS_ProxyChain
@@ -1790,7 +1790,7 @@ class phpCAS
      *				'http://client.example.com/'
      *			)));
      *
-     * For quick testing or in certain production screnarios you might want to
+     * For quick testing or in certain production scenarios you might want to
      * allow allow any other valid service to proxy your service. To do so, add
      * the "Any" chain:
      *		phpCAS::allowProxyChain(new CAS_ProxyChain_Any);
@@ -1897,7 +1897,7 @@ class phpCAS
     }
 
     /**
-     * Checks of a proxy client aready exists
+     * Checks of a proxy client already exists
      *
      * @throws CAS_OutOfSequenceBeforeProxyException
      *

lib/apereo/phpcas/source/CAS/Client.php

@@ -788,7 +788,7 @@ class CAS_Client
             'file' => $dbg[1]['file'],
             'line' => $dbg[1]['line'],
             'method' => $dbg[1]['class'] . '::' . $dbg[1]['function'],
-            'result' => (boolean)$auth
+            'result' => (bool)$auth
         );
     }
     private $_authentication_caller;
@@ -926,7 +926,7 @@ class CAS_Client
      *                                                  CAS_ServiceBaseUrl_Interface for custom
      *                                                  behavior. Added in 1.6.0. Similar to
      *                                                  serverName config in other CAS clients.
-     * @param \SessionHandlerInterface $sessionHandler  the session handler
+     * @param \SessionHandlerInterface|null $sessionHandler  the session handler
      *
      * @return self a newly created CAS_Client object
      */
@@ -938,7 +938,7 @@ class CAS_Client
         $server_uri,
         $service_base_url,
         $changeSessionID = true,
-        \SessionHandlerInterface $sessionHandler = null
+        ?\SessionHandlerInterface $sessionHandler = null
     ) {
         // Argument validation
         if (gettype($server_version) != 'string')
@@ -3166,7 +3166,7 @@ class CAS_Client
                 $proxiedService->setCasClient($this);
             }
             return $proxiedService;
-        case PHPCAS_PROXIED_SERVICE_IMAP;
+        case PHPCAS_PROXIED_SERVICE_IMAP:
             $proxiedService = new CAS_ProxiedService_Imap($this->_getUser());
             if ($proxiedService instanceof CAS_ProxiedService_Testable) {
                 $proxiedService->setCasClient($this);

lib/apereo/phpcas/source/CAS/PGTStorage/Db.php

@@ -316,7 +316,7 @@ class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage
         try {
             $pdo->beginTransaction();
 
-            $query = $pdo->query($this->createTableSQL());
+            $query = $pdo->query($this->createTableSql());
             $query->closeCursor();
 
             $pdo->commit();

lib/apereo/phpcas/source/CAS/PGTStorage/File.php

@@ -127,6 +127,12 @@ class CAS_PGTStorage_File extends CAS_PGTStorage_AbstractStorage
             if (!preg_match('`^[a-zA-Z]:`', $path)) {
                 phpCAS::error('an absolute path is needed for PGT storage to file');
             }
+            
+			// ensure that the directory separator on Windows is '/' for consistency with the rest of the phpcas code
+			$path = str_replace(DIRECTORY_SEPARATOR , '/', $path); 
+ 
+			// store the path (with a trailing '/') 
+			$path = preg_replace('|([^/])$|', '$1/', $path);            
 
         } else {
 

lib/apereo/phpcas/source/CAS/Request/CurlMultiRequest.php

@@ -139,7 +139,12 @@ implements CAS_Request_MultiRequestInterface
             $buf = curl_multi_getcontent($handles[$i]);
             $request->_storeResponseBody($buf);
             curl_multi_remove_handle($multiHandle, $handles[$i]);
-            curl_close($handles[$i]);
+            if (PHP_VERSION_ID < 80000) {
+                curl_close($handles[$i]);
+            } else {
+                // unreference it => it will be closed
+                unset($handles[$i]);
+            }
         }
 
         curl_multi_close($multiHandle);

lib/apereo/phpcas/source/CAS/Request/CurlRequest.php

@@ -86,7 +86,9 @@ implements CAS_Request_RequestInterface
 
         }
         // close the CURL session
-        curl_close($ch);
+        if (PHP_VERSION_ID < 80000) {
+            curl_close($ch);
+        }
 
         phpCAS::traceEnd($res);
         return $res;

lib/bin/patch-type-declarations.bat

@@ -1,5 +0,0 @@
-@ECHO OFF
-setlocal DISABLEDELAYEDEXPANSION
-SET BIN_TARGET=%~dp0/patch-type-declarations
-SET COMPOSER_RUNTIME_BIN_DIR=%~dp0
-php "%BIN_TARGET%" %*

lib/bin/php-parse.bat

@@ -1,5 +0,0 @@
-@ECHO OFF
-setlocal DISABLEDELAYEDEXPANSION
-SET BIN_TARGET=%~dp0/php-parse
-SET COMPOSER_RUNTIME_BIN_DIR=%~dp0
-php "%BIN_TARGET%" %*

lib/bin/pscss.bat

@@ -1,5 +0,0 @@
-@ECHO OFF
-setlocal DISABLEDELAYEDEXPANSION
-SET BIN_TARGET=%~dp0/pscss
-SET COMPOSER_RUNTIME_BIN_DIR=%~dp0
-php "%BIN_TARGET%" %*

lib/bin/var-dump-server.bat

@@ -1,5 +0,0 @@
-@ECHO OFF
-setlocal DISABLEDELAYEDEXPANSION
-SET BIN_TARGET=%~dp0/var-dump-server
-SET COMPOSER_RUNTIME_BIN_DIR=%~dp0
-php "%BIN_TARGET%" %*

lib/bin/yaml-lint.bat

@@ -1,5 +0,0 @@
-@ECHO OFF
-setlocal DISABLEDELAYEDEXPANSION
-SET BIN_TARGET=%~dp0/yaml-lint
-SET COMPOSER_RUNTIME_BIN_DIR=%~dp0
-php "%BIN_TARGET%" %*

lib/composer/autoload_classmap.php

@@ -958,6 +958,7 @@ return array(
     'PDF417' => $vendorDir . '/tecnickcom/tcpdf/include/barcodes/pdf417.php',
     'PDFBulkExport' => $baseDir . '/core/pdfbulkexport.class.inc.php',
     'PEAR' => $vendorDir . '/pear/pear-core-minimal/src/PEAR.php',
+    'PEAR_Error' => $vendorDir . '/pear/pear-core-minimal/src/PEAR.php',
     'PEAR_ErrorStack' => $vendorDir . '/pear/pear-core-minimal/src/PEAR/ErrorStack.php',
     'PEAR_Exception' => $vendorDir . '/pear/pear_exception/PEAR/Exception.php',
     'Pelago\\Emogrifier\\Caching\\SimpleStringCache' => $vendorDir . '/pelago/emogrifier/src/Caching/SimpleStringCache.php',
@@ -1645,22 +1646,43 @@ return array(
     'Symfony\\Component\\Cache\\Psr16Cache' => $vendorDir . '/symfony/cache/Psr16Cache.php',
     'Symfony\\Component\\Cache\\ResettableInterface' => $vendorDir . '/symfony/cache/ResettableInterface.php',
     'Symfony\\Component\\Cache\\Traits\\AbstractAdapterTrait' => $vendorDir . '/symfony/cache/Traits/AbstractAdapterTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\CachedValueInterface' => $vendorDir . '/symfony/cache/Traits/CachedValueInterface.php',
     'Symfony\\Component\\Cache\\Traits\\ContractsTrait' => $vendorDir . '/symfony/cache/Traits/ContractsTrait.php',
     'Symfony\\Component\\Cache\\Traits\\FilesystemCommonTrait' => $vendorDir . '/symfony/cache/Traits/FilesystemCommonTrait.php',
     'Symfony\\Component\\Cache\\Traits\\FilesystemTrait' => $vendorDir . '/symfony/cache/Traits/FilesystemTrait.php',
     'Symfony\\Component\\Cache\\Traits\\ProxyTrait' => $vendorDir . '/symfony/cache/Traits/ProxyTrait.php',
     'Symfony\\Component\\Cache\\Traits\\Redis5Proxy' => $vendorDir . '/symfony/cache/Traits/Redis5Proxy.php',
+    'Symfony\\Component\\Cache\\Traits\\Redis61ProxyTrait' => $vendorDir . '/symfony/cache/Traits/Redis61ProxyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Redis62ProxyTrait' => $vendorDir . '/symfony/cache/Traits/Redis62ProxyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Redis63ProxyTrait' => $vendorDir . '/symfony/cache/Traits/Redis63ProxyTrait.php',
     'Symfony\\Component\\Cache\\Traits\\Redis6Proxy' => $vendorDir . '/symfony/cache/Traits/Redis6Proxy.php',
-    'Symfony\\Component\\Cache\\Traits\\Redis6ProxyTrait' => $vendorDir . '/symfony/cache/Traits/Redis6ProxyTrait.php',
     'Symfony\\Component\\Cache\\Traits\\RedisCluster5Proxy' => $vendorDir . '/symfony/cache/Traits/RedisCluster5Proxy.php',
+    'Symfony\\Component\\Cache\\Traits\\RedisCluster61ProxyTrait' => $vendorDir . '/symfony/cache/Traits/RedisCluster61ProxyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\RedisCluster62ProxyTrait' => $vendorDir . '/symfony/cache/Traits/RedisCluster62ProxyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\RedisCluster63ProxyTrait' => $vendorDir . '/symfony/cache/Traits/RedisCluster63ProxyTrait.php',
     'Symfony\\Component\\Cache\\Traits\\RedisCluster6Proxy' => $vendorDir . '/symfony/cache/Traits/RedisCluster6Proxy.php',
-    'Symfony\\Component\\Cache\\Traits\\RedisCluster6ProxyTrait' => $vendorDir . '/symfony/cache/Traits/RedisCluster6ProxyTrait.php',
     'Symfony\\Component\\Cache\\Traits\\RedisClusterNodeProxy' => $vendorDir . '/symfony/cache/Traits/RedisClusterNodeProxy.php',
     'Symfony\\Component\\Cache\\Traits\\RedisClusterProxy' => $vendorDir . '/symfony/cache/Traits/RedisClusterProxy.php',
     'Symfony\\Component\\Cache\\Traits\\RedisProxy' => $vendorDir . '/symfony/cache/Traits/RedisProxy.php',
     'Symfony\\Component\\Cache\\Traits\\RedisTrait' => $vendorDir . '/symfony/cache/Traits/RedisTrait.php',
     'Symfony\\Component\\Cache\\Traits\\RelayProxy' => $vendorDir . '/symfony/cache/Traits/RelayProxy.php',
     'Symfony\\Component\\Cache\\Traits\\RelayProxyTrait' => $vendorDir . '/symfony/cache/Traits/RelayProxyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\BgsaveTrait' => $vendorDir . '/symfony/cache/Traits/Relay/BgsaveTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\CopyTrait' => $vendorDir . '/symfony/cache/Traits/Relay/CopyTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\FtTrait' => $vendorDir . '/symfony/cache/Traits/Relay/FtTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\GeosearchTrait' => $vendorDir . '/symfony/cache/Traits/Relay/GeosearchTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\GetWithMetaTrait' => $vendorDir . '/symfony/cache/Traits/Relay/GetWithMetaTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\GetrangeTrait' => $vendorDir . '/symfony/cache/Traits/Relay/GetrangeTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\HsetTrait' => $vendorDir . '/symfony/cache/Traits/Relay/HsetTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\IsTrackedTrait' => $vendorDir . '/symfony/cache/Traits/Relay/IsTrackedTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\MoveTrait' => $vendorDir . '/symfony/cache/Traits/Relay/MoveTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\NullableReturnTrait' => $vendorDir . '/symfony/cache/Traits/Relay/NullableReturnTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\PfcountTrait' => $vendorDir . '/symfony/cache/Traits/Relay/PfcountTrait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\Relay11Trait' => $vendorDir . '/symfony/cache/Traits/Relay/Relay11Trait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\Relay121Trait' => $vendorDir . '/symfony/cache/Traits/Relay/Relay121Trait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\Relay12Trait' => $vendorDir . '/symfony/cache/Traits/Relay/Relay12Trait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\Relay20Trait' => $vendorDir . '/symfony/cache/Traits/Relay/Relay20Trait.php',
+    'Symfony\\Component\\Cache\\Traits\\Relay\\SwapdbTrait' => $vendorDir . '/symfony/cache/Traits/Relay/SwapdbTrait.php',
     'Symfony\\Component\\Config\\Builder\\ClassBuilder' => $vendorDir . '/symfony/config/Builder/ClassBuilder.php',
     'Symfony\\Component\\Config\\Builder\\ConfigBuilderGenerator' => $vendorDir . '/symfony/config/Builder/ConfigBuilderGenerator.php',
     'Symfony\\Component\\Config\\Builder\\ConfigBuilderGeneratorInterface' => $vendorDir . '/symfony/config/Builder/ConfigBuilderGeneratorInterface.php',
@@ -1825,6 +1847,7 @@ return array(
     'Symfony\\Component\\Console\\Helper\\TableRows' => $vendorDir . '/symfony/console/Helper/TableRows.php',
     'Symfony\\Component\\Console\\Helper\\TableSeparator' => $vendorDir . '/symfony/console/Helper/TableSeparator.php',
     'Symfony\\Component\\Console\\Helper\\TableStyle' => $vendorDir . '/symfony/console/Helper/TableStyle.php',
+    'Symfony\\Component\\Console\\Helper\\TerminalInputHelper' => $vendorDir . '/symfony/console/Helper/TerminalInputHelper.php',
     'Symfony\\Component\\Console\\Input\\ArgvInput' => $vendorDir . '/symfony/console/Input/ArgvInput.php',
     'Symfony\\Component\\Console\\Input\\ArrayInput' => $vendorDir . '/symfony/console/Input/ArrayInput.php',
     'Symfony\\Component\\Console\\Input\\Input' => $vendorDir . '/symfony/console/Input/Input.php',
@@ -2699,7 +2722,6 @@ return array(
     'Symfony\\Component\\VarDumper\\Cloner\\Cursor' => $vendorDir . '/symfony/var-dumper/Cloner/Cursor.php',
     'Symfony\\Component\\VarDumper\\Cloner\\Data' => $vendorDir . '/symfony/var-dumper/Cloner/Data.php',
     'Symfony\\Component\\VarDumper\\Cloner\\DumperInterface' => $vendorDir . '/symfony/var-dumper/Cloner/DumperInterface.php',
-    'Symfony\\Component\\VarDumper\\Cloner\\Internal\\NoDefault' => $vendorDir . '/symfony/var-dumper/Cloner/Internal/NoDefault.php',
     'Symfony\\Component\\VarDumper\\Cloner\\Stub' => $vendorDir . '/symfony/var-dumper/Cloner/Stub.php',
     'Symfony\\Component\\VarDumper\\Cloner\\VarCloner' => $vendorDir . '/symfony/var-dumper/Cloner/VarCloner.php',
     'Symfony\\Component\\VarDumper\\Command\\Descriptor\\CliDescriptor' => $vendorDir . '/symfony/var-dumper/Command/Descriptor/CliDescriptor.php',
@@ -2854,6 +2876,7 @@ return array(
     'Twig\\ExpressionParser\\InfixExpressionParserInterface' => $vendorDir . '/twig/twig/src/ExpressionParser/InfixExpressionParserInterface.php',
     'Twig\\ExpressionParser\\Infix\\ArgumentsTrait' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/ArgumentsTrait.php',
     'Twig\\ExpressionParser\\Infix\\ArrowExpressionParser' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/ArrowExpressionParser.php',
+    'Twig\\ExpressionParser\\Infix\\AssignmentExpressionParser' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/AssignmentExpressionParser.php',
     'Twig\\ExpressionParser\\Infix\\BinaryOperatorExpressionParser' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/BinaryOperatorExpressionParser.php',
     'Twig\\ExpressionParser\\Infix\\ConditionalTernaryExpressionParser' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/ConditionalTernaryExpressionParser.php',
     'Twig\\ExpressionParser\\Infix\\DotExpressionParser' => $vendorDir . '/twig/twig/src/ExpressionParser/Infix/DotExpressionParser.php',
@@ -2939,10 +2962,15 @@ return array(
     'Twig\\Node\\Expression\\Binary\\MulBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/MulBinary.php',
     'Twig\\Node\\Expression\\Binary\\NotEqualBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php',
     'Twig\\Node\\Expression\\Binary\\NotInBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/NotInBinary.php',
+    'Twig\\Node\\Expression\\Binary\\NotSameAsBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/NotSameAsBinary.php',
     'Twig\\Node\\Expression\\Binary\\NullCoalesceBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/NullCoalesceBinary.php',
+    'Twig\\Node\\Expression\\Binary\\ObjectDestructuringSetBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/ObjectDestructuringSetBinary.php',
     'Twig\\Node\\Expression\\Binary\\OrBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/OrBinary.php',
     'Twig\\Node\\Expression\\Binary\\PowerBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/PowerBinary.php',
     'Twig\\Node\\Expression\\Binary\\RangeBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/RangeBinary.php',
+    'Twig\\Node\\Expression\\Binary\\SameAsBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/SameAsBinary.php',
+    'Twig\\Node\\Expression\\Binary\\SequenceDestructuringSetBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/SequenceDestructuringSetBinary.php',
+    'Twig\\Node\\Expression\\Binary\\SetBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/SetBinary.php',
     'Twig\\Node\\Expression\\Binary\\SpaceshipBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/SpaceshipBinary.php',
     'Twig\\Node\\Expression\\Binary\\StartsWithBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php',
     'Twig\\Node\\Expression\\Binary\\SubBinary' => $vendorDir . '/twig/twig/src/Node/Expression/Binary/SubBinary.php',
@@ -2951,6 +2979,7 @@ return array(
     'Twig\\Node\\Expression\\CallExpression' => $vendorDir . '/twig/twig/src/Node/Expression/CallExpression.php',
     'Twig\\Node\\Expression\\ConditionalExpression' => $vendorDir . '/twig/twig/src/Node/Expression/ConditionalExpression.php',
     'Twig\\Node\\Expression\\ConstantExpression' => $vendorDir . '/twig/twig/src/Node/Expression/ConstantExpression.php',
+    'Twig\\Node\\Expression\\EmptyExpression' => $vendorDir . '/twig/twig/src/Node/Expression/EmptyExpression.php',
     'Twig\\Node\\Expression\\FilterExpression' => $vendorDir . '/twig/twig/src/Node/Expression/FilterExpression.php',
     'Twig\\Node\\Expression\\Filter\\DefaultFilter' => $vendorDir . '/twig/twig/src/Node/Expression/Filter/DefaultFilter.php',
     'Twig\\Node\\Expression\\Filter\\RawFilter' => $vendorDir . '/twig/twig/src/Node/Expression/Filter/RawFilter.php',

lib/composer/autoload_namespaces.php

@@ -8,5 +8,4 @@ $baseDir = dirname($vendorDir);
 return array(
     'Console' => array($vendorDir . '/pear/console_getopt'),
     'Archive_Tar' => array($vendorDir . '/pear/archive_tar'),
-    '' => array($vendorDir . '/pear/pear-core-minimal/src'),
 );

lib/composer/autoload_static.php

@@ -360,10 +360,6 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         ),
     );
 
-    public static $fallbackDirsPsr0 = array (
-        0 => __DIR__ . '/..' . '/pear/pear-core-minimal/src',
-    );
-
     public static $classMap = array (
         'AbstractApplicationObjectExtension' => __DIR__ . '/../..' . '/application/applicationextension.inc.php',
         'AbstractApplicationUIExtension' => __DIR__ . '/../..' . '/application/applicationextension.inc.php',
@@ -1317,6 +1313,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'PDF417' => __DIR__ . '/..' . '/tecnickcom/tcpdf/include/barcodes/pdf417.php',
         'PDFBulkExport' => __DIR__ . '/../..' . '/core/pdfbulkexport.class.inc.php',
         'PEAR' => __DIR__ . '/..' . '/pear/pear-core-minimal/src/PEAR.php',
+        'PEAR_Error' => __DIR__ . '/..' . '/pear/pear-core-minimal/src/PEAR.php',
         'PEAR_ErrorStack' => __DIR__ . '/..' . '/pear/pear-core-minimal/src/PEAR/ErrorStack.php',
         'PEAR_Exception' => __DIR__ . '/..' . '/pear/pear_exception/PEAR/Exception.php',
         'Pelago\\Emogrifier\\Caching\\SimpleStringCache' => __DIR__ . '/..' . '/pelago/emogrifier/src/Caching/SimpleStringCache.php',
@@ -2004,22 +2001,43 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Symfony\\Component\\Cache\\Psr16Cache' => __DIR__ . '/..' . '/symfony/cache/Psr16Cache.php',
         'Symfony\\Component\\Cache\\ResettableInterface' => __DIR__ . '/..' . '/symfony/cache/ResettableInterface.php',
         'Symfony\\Component\\Cache\\Traits\\AbstractAdapterTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/AbstractAdapterTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\CachedValueInterface' => __DIR__ . '/..' . '/symfony/cache/Traits/CachedValueInterface.php',
         'Symfony\\Component\\Cache\\Traits\\ContractsTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/ContractsTrait.php',
         'Symfony\\Component\\Cache\\Traits\\FilesystemCommonTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/FilesystemCommonTrait.php',
         'Symfony\\Component\\Cache\\Traits\\FilesystemTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/FilesystemTrait.php',
         'Symfony\\Component\\Cache\\Traits\\ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/ProxyTrait.php',
         'Symfony\\Component\\Cache\\Traits\\Redis5Proxy' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis5Proxy.php',
+        'Symfony\\Component\\Cache\\Traits\\Redis61ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis61ProxyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Redis62ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis62ProxyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Redis63ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis63ProxyTrait.php',
         'Symfony\\Component\\Cache\\Traits\\Redis6Proxy' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis6Proxy.php',
-        'Symfony\\Component\\Cache\\Traits\\Redis6ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Redis6ProxyTrait.php',
         'Symfony\\Component\\Cache\\Traits\\RedisCluster5Proxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster5Proxy.php',
+        'Symfony\\Component\\Cache\\Traits\\RedisCluster61ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster61ProxyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\RedisCluster62ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster62ProxyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\RedisCluster63ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster63ProxyTrait.php',
         'Symfony\\Component\\Cache\\Traits\\RedisCluster6Proxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster6Proxy.php',
-        'Symfony\\Component\\Cache\\Traits\\RedisCluster6ProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisCluster6ProxyTrait.php',
         'Symfony\\Component\\Cache\\Traits\\RedisClusterNodeProxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisClusterNodeProxy.php',
         'Symfony\\Component\\Cache\\Traits\\RedisClusterProxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisClusterProxy.php',
         'Symfony\\Component\\Cache\\Traits\\RedisProxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisProxy.php',
         'Symfony\\Component\\Cache\\Traits\\RedisTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RedisTrait.php',
         'Symfony\\Component\\Cache\\Traits\\RelayProxy' => __DIR__ . '/..' . '/symfony/cache/Traits/RelayProxy.php',
         'Symfony\\Component\\Cache\\Traits\\RelayProxyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/RelayProxyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\BgsaveTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/BgsaveTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\CopyTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/CopyTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\FtTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/FtTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\GeosearchTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/GeosearchTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\GetWithMetaTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/GetWithMetaTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\GetrangeTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/GetrangeTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\HsetTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/HsetTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\IsTrackedTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/IsTrackedTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\MoveTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/MoveTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\NullableReturnTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/NullableReturnTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\PfcountTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/PfcountTrait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\Relay11Trait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/Relay11Trait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\Relay121Trait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/Relay121Trait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\Relay12Trait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/Relay12Trait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\Relay20Trait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/Relay20Trait.php',
+        'Symfony\\Component\\Cache\\Traits\\Relay\\SwapdbTrait' => __DIR__ . '/..' . '/symfony/cache/Traits/Relay/SwapdbTrait.php',
         'Symfony\\Component\\Config\\Builder\\ClassBuilder' => __DIR__ . '/..' . '/symfony/config/Builder/ClassBuilder.php',
         'Symfony\\Component\\Config\\Builder\\ConfigBuilderGenerator' => __DIR__ . '/..' . '/symfony/config/Builder/ConfigBuilderGenerator.php',
         'Symfony\\Component\\Config\\Builder\\ConfigBuilderGeneratorInterface' => __DIR__ . '/..' . '/symfony/config/Builder/ConfigBuilderGeneratorInterface.php',
@@ -2184,6 +2202,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Symfony\\Component\\Console\\Helper\\TableRows' => __DIR__ . '/..' . '/symfony/console/Helper/TableRows.php',
         'Symfony\\Component\\Console\\Helper\\TableSeparator' => __DIR__ . '/..' . '/symfony/console/Helper/TableSeparator.php',
         'Symfony\\Component\\Console\\Helper\\TableStyle' => __DIR__ . '/..' . '/symfony/console/Helper/TableStyle.php',
+        'Symfony\\Component\\Console\\Helper\\TerminalInputHelper' => __DIR__ . '/..' . '/symfony/console/Helper/TerminalInputHelper.php',
         'Symfony\\Component\\Console\\Input\\ArgvInput' => __DIR__ . '/..' . '/symfony/console/Input/ArgvInput.php',
         'Symfony\\Component\\Console\\Input\\ArrayInput' => __DIR__ . '/..' . '/symfony/console/Input/ArrayInput.php',
         'Symfony\\Component\\Console\\Input\\Input' => __DIR__ . '/..' . '/symfony/console/Input/Input.php',
@@ -3058,7 +3077,6 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Symfony\\Component\\VarDumper\\Cloner\\Cursor' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/Cursor.php',
         'Symfony\\Component\\VarDumper\\Cloner\\Data' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/Data.php',
         'Symfony\\Component\\VarDumper\\Cloner\\DumperInterface' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/DumperInterface.php',
-        'Symfony\\Component\\VarDumper\\Cloner\\Internal\\NoDefault' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/Internal/NoDefault.php',
         'Symfony\\Component\\VarDumper\\Cloner\\Stub' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/Stub.php',
         'Symfony\\Component\\VarDumper\\Cloner\\VarCloner' => __DIR__ . '/..' . '/symfony/var-dumper/Cloner/VarCloner.php',
         'Symfony\\Component\\VarDumper\\Command\\Descriptor\\CliDescriptor' => __DIR__ . '/..' . '/symfony/var-dumper/Command/Descriptor/CliDescriptor.php',
@@ -3213,6 +3231,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Twig\\ExpressionParser\\InfixExpressionParserInterface' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/InfixExpressionParserInterface.php',
         'Twig\\ExpressionParser\\Infix\\ArgumentsTrait' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/ArgumentsTrait.php',
         'Twig\\ExpressionParser\\Infix\\ArrowExpressionParser' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/ArrowExpressionParser.php',
+        'Twig\\ExpressionParser\\Infix\\AssignmentExpressionParser' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/AssignmentExpressionParser.php',
         'Twig\\ExpressionParser\\Infix\\BinaryOperatorExpressionParser' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/BinaryOperatorExpressionParser.php',
         'Twig\\ExpressionParser\\Infix\\ConditionalTernaryExpressionParser' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/ConditionalTernaryExpressionParser.php',
         'Twig\\ExpressionParser\\Infix\\DotExpressionParser' => __DIR__ . '/..' . '/twig/twig/src/ExpressionParser/Infix/DotExpressionParser.php',
@@ -3298,10 +3317,15 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Twig\\Node\\Expression\\Binary\\MulBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/MulBinary.php',
         'Twig\\Node\\Expression\\Binary\\NotEqualBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/NotEqualBinary.php',
         'Twig\\Node\\Expression\\Binary\\NotInBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/NotInBinary.php',
+        'Twig\\Node\\Expression\\Binary\\NotSameAsBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/NotSameAsBinary.php',
         'Twig\\Node\\Expression\\Binary\\NullCoalesceBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/NullCoalesceBinary.php',
+        'Twig\\Node\\Expression\\Binary\\ObjectDestructuringSetBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/ObjectDestructuringSetBinary.php',
         'Twig\\Node\\Expression\\Binary\\OrBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/OrBinary.php',
         'Twig\\Node\\Expression\\Binary\\PowerBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/PowerBinary.php',
         'Twig\\Node\\Expression\\Binary\\RangeBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/RangeBinary.php',
+        'Twig\\Node\\Expression\\Binary\\SameAsBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/SameAsBinary.php',
+        'Twig\\Node\\Expression\\Binary\\SequenceDestructuringSetBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/SequenceDestructuringSetBinary.php',
+        'Twig\\Node\\Expression\\Binary\\SetBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/SetBinary.php',
         'Twig\\Node\\Expression\\Binary\\SpaceshipBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/SpaceshipBinary.php',
         'Twig\\Node\\Expression\\Binary\\StartsWithBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/StartsWithBinary.php',
         'Twig\\Node\\Expression\\Binary\\SubBinary' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Binary/SubBinary.php',
@@ -3310,6 +3334,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
         'Twig\\Node\\Expression\\CallExpression' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/CallExpression.php',
         'Twig\\Node\\Expression\\ConditionalExpression' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/ConditionalExpression.php',
         'Twig\\Node\\Expression\\ConstantExpression' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/ConstantExpression.php',
+        'Twig\\Node\\Expression\\EmptyExpression' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/EmptyExpression.php',
         'Twig\\Node\\Expression\\FilterExpression' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/FilterExpression.php',
         'Twig\\Node\\Expression\\Filter\\DefaultFilter' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Filter/DefaultFilter.php',
         'Twig\\Node\\Expression\\Filter\\RawFilter' => __DIR__ . '/..' . '/twig/twig/src/Node/Expression/Filter/RawFilter.php',
@@ -3542,7 +3567,6 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
             $loader->prefixLengthsPsr4 = ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f::$prefixDirsPsr4;
             $loader->prefixesPsr0 = ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f::$prefixesPsr0;
-            $loader->fallbackDirsPsr0 = ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f::$fallbackDirsPsr0;
             $loader->classMap = ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f::$classMap;
 
         }, null, ClassLoader::class);

lib/composer/installed.php

@@ -1,9 +1,9 @@
 <?php return array(
     'root' => array(
         'name' => 'combodo/itop',
-        'pretty_version' => 'dev-develop',
-        'version' => 'dev-develop',
-        'reference' => 'd5706fcbef58868cb8bd6ee6f3af133ca4fdab3e',
+        'pretty_version' => '1.0.0+no-version-set',
+        'version' => '1.0.0.0',
+        'reference' => null,
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -11,18 +11,20 @@
     ),
     'versions' => array(
         'apereo/phpcas' => array(
-            'pretty_version' => '1.6.1',
-            'version' => '1.6.1.0',
-            'reference' => 'c129708154852656aabb13d8606cd5b12dbbabac',
+            'pretty_version' => 'dev-master',
+            'version' => 'dev-master',
+            'reference' => '57a7744146a963d8fa80192e0ab351051b711ff6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../apereo/phpcas',
-            'aliases' => array(),
+            'aliases' => array(
+                0 => '1.3.x-dev',
+            ),
             'dev_requirement' => false,
         ),
         'combodo/itop' => array(
-            'pretty_version' => 'dev-develop',
-            'version' => 'dev-develop',
-            'reference' => 'd5706fcbef58868cb8bd6ee6f3af133ca4fdab3e',
+            'pretty_version' => '1.0.0+no-version-set',
+            'version' => '1.0.0.0',
+            'reference' => null,
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -47,77 +49,68 @@
             'dev_requirement' => false,
         ),
         'firebase/php-jwt' => array(
-            'pretty_version' => 'v6.10.0',
-            'version' => '6.10.0.0',
-            'reference' => 'a49db6f0a5033aef5143295342f1c95521b075ff',
+            'pretty_version' => 'v7.0.2',
+            'version' => '7.0.2.0',
+            'reference' => '5645b43af647b6947daac1d0f659dd1fbe8d3b65',
             'type' => 'library',
             'install_path' => __DIR__ . '/../firebase/php-jwt',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'guzzlehttp/guzzle' => array(
-            'pretty_version' => '7.8.1',
-            'version' => '7.8.1.0',
-            'reference' => '41042bc7ab002487b876a0683fc8dce04ddce104',
+            'pretty_version' => '7.10.0',
+            'version' => '7.10.0.0',
+            'reference' => 'b51ac707cfa420b7bfd4e4d5e510ba8008e822b4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/guzzle',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'guzzlehttp/promises' => array(
-            'pretty_version' => '2.0.2',
-            'version' => '2.0.2.0',
-            'reference' => 'bbff78d96034045e58e13dedd6ad91b5d1253223',
+            'pretty_version' => '2.3.0',
+            'version' => '2.3.0.0',
+            'reference' => '481557b130ef3790cf82b713667b43030dc9c957',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/promises',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'guzzlehttp/psr7' => array(
-            'pretty_version' => '2.6.2',
-            'version' => '2.6.2.0',
-            'reference' => '45b30f99ac27b5ca93cb4831afe16285f57b8221',
+            'pretty_version' => '2.8.0',
+            'version' => '2.8.0.0',
+            'reference' => '21dc724a0583619cd1652f673303492272778051',
             'type' => 'library',
             'install_path' => __DIR__ . '/../guzzlehttp/psr7',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'league/oauth2-client' => array(
-            'pretty_version' => '2.7.0',
-            'version' => '2.7.0.0',
-            'reference' => '160d6274b03562ebeb55ed18399281d8118b76c8',
+            'pretty_version' => '2.9.0',
+            'version' => '2.9.0.0',
+            'reference' => '26e8c5da4f3d78cede7021e09b1330a0fc093d5e',
             'type' => 'library',
             'install_path' => __DIR__ . '/../league/oauth2-client',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'league/oauth2-google' => array(
-            'pretty_version' => '4.0.1',
-            'version' => '4.0.1.0',
-            'reference' => '1b01ba18ba31b29e88771e3e0979e5c91d4afe76',
+            'pretty_version' => '4.1.0',
+            'version' => '4.1.0.0',
+            'reference' => '8b9bb43740ac6d994aca881a35f7bacbe98c0ffb',
             'type' => 'library',
             'install_path' => __DIR__ . '/../league/oauth2-google',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'nikic/php-parser' => array(
-            'pretty_version' => 'v4.18.0',
-            'version' => '4.18.0.0',
-            'reference' => '1bcbb2179f97633e98bbbc87044ee2611c7d7999',
+            'pretty_version' => 'v4.19.5',
+            'version' => '4.19.5.0',
+            'reference' => '51bd93cc741b7fc3d63d20b6bdcd99fdaa359837',
             'type' => 'library',
             'install_path' => __DIR__ . '/../nikic/php-parser',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
-        'paragonie/random_compat' => array(
-            'pretty_version' => 'v9.99.100',
-            'version' => '9.99.100.0',
-            'reference' => '996434e5492cb4c3edcb9168db6fbb1359ef965a',
-            'type' => 'library',
-            'install_path' => __DIR__ . '/../paragonie/random_compat',
-            'aliases' => array(),
-            'dev_requirement' => false,
-        ),
         'pear/archive_tar' => array(
             'pretty_version' => '1.4.14',
             'version' => '1.4.14.0',
@@ -137,9 +130,9 @@
             'dev_requirement' => false,
         ),
         'pear/pear-core-minimal' => array(
-            'pretty_version' => 'v1.10.11',
-            'version' => '1.10.11.0',
-            'reference' => '68d0d32ada737153b7e93b8d3c710ebe70ac867d',
+            'pretty_version' => 'v1.10.18',
+            'version' => '1.10.18.0',
+            'reference' => 'c7b55789d01de0ce090d289b73f1bbd6a2f113b1',
             'type' => 'library',
             'install_path' => __DIR__ . '/../pear/pear-core-minimal',
             'aliases' => array(),
@@ -155,9 +148,9 @@
             'dev_requirement' => false,
         ),
         'pelago/emogrifier' => array(
-            'pretty_version' => 'v7.2.0',
-            'version' => '7.2.0.0',
-            'reference' => '727bdf7255b51798307f17dec52ff8a91f1c7de3',
+            'pretty_version' => 'v7.3.0',
+            'version' => '7.3.0.0',
+            'reference' => '6e00d9d8235e8cc8eec857e8dcd6cfeefdfd0cd6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../pelago/emogrifier',
             'aliases' => array(),
@@ -224,9 +217,9 @@
             ),
         ),
         'psr/http-factory' => array(
-            'pretty_version' => '1.0.2',
-            'version' => '1.0.2.0',
-            'reference' => 'e616d01114759c4c489f93b099585439f795fe35',
+            'pretty_version' => '1.1.0',
+            'version' => '1.1.0.0',
+            'reference' => '2b4765fddfe3b508ac62f829e852b1501d3f6e8a',
             'type' => 'library',
             'install_path' => __DIR__ . '/../psr/http-factory',
             'aliases' => array(),
@@ -286,22 +279,22 @@
         'rsky/pear-core-min' => array(
             'dev_requirement' => false,
             'replaced' => array(
-                0 => 'v1.10.11',
+                0 => 'v1.10.18',
             ),
         ),
         'sabberworm/php-css-parser' => array(
-            'pretty_version' => '8.4.0',
-            'version' => '8.4.0.0',
-            'reference' => 'e41d2140031d533348b2192a83f02d8dd8a71d30',
+            'pretty_version' => 'v8.9.0',
+            'version' => '8.9.0.0',
+            'reference' => 'd8e916507b88e389e26d4ab03c904a082aa66bb9',
             'type' => 'library',
             'install_path' => __DIR__ . '/../sabberworm/php-css-parser',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'scssphp/scssphp' => array(
-            'pretty_version' => 'v1.12.1',
-            'version' => '1.12.1.0',
-            'reference' => '394ed1e960138710a60d035c1a85d43d0bf0faeb',
+            'pretty_version' => 'dev-combodo/1.x',
+            'version' => 'dev-combodo/1.x',
+            'reference' => 'dde81c0a39d02e8e6fc81b70269747734e16d526',
             'type' => 'library',
             'install_path' => __DIR__ . '/../scssphp/scssphp',
             'aliases' => array(),
@@ -317,9 +310,9 @@
             'dev_requirement' => false,
         ),
         'symfony/cache' => array(
-            'pretty_version' => 'v6.4.12',
-            'version' => '6.4.12.0',
-            'reference' => 'a463451b7f6ac4a47b98dbfc78ec2d3560c759d8',
+            'pretty_version' => 'v6.4.33',
+            'version' => '6.4.33.0',
+            'reference' => '5b088fa41eb9568748dc255c45e4054c387ba73b',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/cache',
             'aliases' => array(),
@@ -341,45 +334,45 @@
             ),
         ),
         'symfony/config' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '5d33e0fb707d603330e0edfd4691803a1253572e',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => 'd445badf0ad2c2a492e38c0378c39997a56ef97b',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/config',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/console' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '0254811a143e6bc6c8deea08b589a7e68a37f625',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/console',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/css-selector' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => 'd036c6c0d0b09e24a14a35f8292146a658f986e4',
+            'pretty_version' => 'v6.4.24',
+            'version' => '6.4.24.0',
+            'reference' => '9b784413143701aa3c94ac1869a159a9e53e8761',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/css-selector',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/debug-bundle' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '1e07027423d1d37125b60a50997ada26a9d9d202',
+            'pretty_version' => 'v6.4.27',
+            'version' => '6.4.27.0',
+            'reference' => '21a61c55192d558a6b81cdb12e8c010fc9474fe0',
             'type' => 'symfony-bundle',
             'install_path' => __DIR__ . '/../symfony/debug-bundle',
             'aliases' => array(),
             'dev_requirement' => true,
         ),
         'symfony/dependency-injection' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '226ea431b1eda6f0d9f5a4b278757171960bb195',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => 'b17882e933c4c606620247b6708ab53aa3b88753',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/dependency-injection',
             'aliases' => array(),
@@ -395,27 +388,27 @@
             'dev_requirement' => false,
         ),
         'symfony/dotenv' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '835f8d2d1022934ac038519de40b88158798c96f',
+            'pretty_version' => 'v6.4.30',
+            'version' => '6.4.30.0',
+            'reference' => '924edbc9631b75302def0258ed1697948b17baf6',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/dotenv',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/error-handler' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => 'c873490a1c97b3a0a4838afc36ff36c112d02788',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '8c18400784fcb014dc73c8d5601a9576af7f8ad4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/error-handler',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/event-dispatcher' => array(
-            'pretty_version' => 'v6.4.25',
-            'version' => '6.4.25.0',
-            'reference' => 'b0cf3162020603587363f0551cd3be43958611ff',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '99d7e101826e6610606b9433248f80c1997cd20b',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/event-dispatcher',
             'aliases' => array(),
@@ -437,81 +430,81 @@
             ),
         ),
         'symfony/filesystem' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '952a8cb588c3bc6ce76f6023000fb932f16a6e59',
+            'pretty_version' => 'v6.4.30',
+            'version' => '6.4.30.0',
+            'reference' => '441c6b69f7222aadae7cbf5df588496d5ee37789',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/filesystem',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/finder' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '11d736e97f116ac375a81f96e662911a34cd50ce',
+            'pretty_version' => 'v6.4.33',
+            'version' => '6.4.33.0',
+            'reference' => '24965ca011dac87431729640feef8bcf7b5523e0',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/finder',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/framework-bundle' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => 'c26a221e0462027d1f9d4a802ed63f8ab07a43d0',
+            'pretty_version' => 'v6.4.33',
+            'version' => '6.4.33.0',
+            'reference' => '9ef2d0b63b9e855ba351e770a603d89699115801',
             'type' => 'symfony-bundle',
             'install_path' => __DIR__ . '/../symfony/framework-bundle',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/http-foundation' => array(
-            'pretty_version' => 'v6.4.29',
-            'version' => '6.4.29.0',
-            'reference' => 'b03d11e015552a315714c127d8d1e0f9e970ec88',
+            'pretty_version' => 'v6.4.33',
+            'version' => '6.4.33.0',
+            'reference' => 'f1a490cc9d595ba7ebe684220e625d1e472ad278',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/http-foundation',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/http-kernel' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '13e8387320b5942d0dc408440c888e2d526efef4',
+            'pretty_version' => 'v6.4.33',
+            'version' => '6.4.33.0',
+            'reference' => '73fa5c999d7f741ca544a97d3c791cc97890ae4d',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/http-kernel',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/mailer' => array(
-            'pretty_version' => 'v6.4.25',
-            'version' => '6.4.25.0',
-            'reference' => '628b43b45a3e6b15c8a633fb22df547ed9b492a2',
+            'pretty_version' => 'v6.4.31',
+            'version' => '6.4.31.0',
+            'reference' => '8835f93333474780fda1b987cae37e33c3e026ca',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/mailer',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/mime' => array(
-            'pretty_version' => 'v6.4.24',
-            'version' => '6.4.24.0',
-            'reference' => '664d5e844a2de5e11c8255d0aef6bc15a9660ac7',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '7409686879ca36c09fc970a5fa8ff6e93504dba4',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/mime',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/polyfill-ctype' => array(
-            'pretty_version' => 'v1.28.0',
-            'version' => '1.28.0.0',
-            'reference' => 'ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb',
+            'pretty_version' => 'v1.33.0',
+            'version' => '1.33.0.0',
+            'reference' => 'a3cc8b044a6ea513310cbd48ef7333b384945638',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-ctype',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/polyfill-intl-grapheme' => array(
-            'pretty_version' => 'v1.28.0',
-            'version' => '1.28.0.0',
-            'reference' => '875e90aeea2777b6f135677f618529449334a612',
+            'pretty_version' => 'v1.33.0',
+            'version' => '1.33.0.0',
+            'reference' => '380872130d3a5dd3ace2f4010d95125fde5d5c70',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/polyfill-intl-grapheme',
             'aliases' => array(),
@@ -554,18 +547,18 @@
             'dev_requirement' => false,
         ),
         'symfony/routing' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '98eab13a07fddc85766f1756129c69f207ffbc21',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '0dc6253e864e71b486e8ba4970a56ab849106ebe',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/routing',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/runtime' => array(
-            'pretty_version' => 'v6.4.24',
-            'version' => '6.4.24.0',
-            'reference' => 'c1cc6721646f546627236c57f835272806087337',
+            'pretty_version' => 'v6.4.30',
+            'version' => '6.4.30.0',
+            'reference' => 'fb3149ee85d3b639dd3e49ea9dda05656f0537e3',
             'type' => 'composer-plugin',
             'install_path' => __DIR__ . '/../symfony/runtime',
             'aliases' => array(),
@@ -587,54 +580,54 @@
             ),
         ),
         'symfony/stopwatch' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => 'fc47f1015ec80927ff64ba9094dfe8b9d48fe9f2',
+            'pretty_version' => 'v6.4.24',
+            'version' => '6.4.24.0',
+            'reference' => 'b67e94e06a05d9572c2fa354483b3e13e3cb1898',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/stopwatch',
             'aliases' => array(),
             'dev_requirement' => true,
         ),
         'symfony/string' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '7cb80bc10bfcdf6b5492741c0b9357dac66940bc',
+            'pretty_version' => 'v6.4.30',
+            'version' => '6.4.30.0',
+            'reference' => '50590a057841fa6bf69d12eceffce3465b9e32cb',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/string',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/translation-contracts' => array(
-            'pretty_version' => 'v3.4.0',
-            'version' => '3.4.0.0',
-            'reference' => 'dee0c6e5b4c07ce851b462530088e64b255ac9c5',
+            'pretty_version' => 'v3.6.1',
+            'version' => '3.6.1.0',
+            'reference' => '65a8bc82080447fae78373aa10f8d13b38338977',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/translation-contracts',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/twig-bridge' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '142bc3ad4a61d7eedf7cc21d8ef2bd8a8e7417bf',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '1dcf980dd4f79885b986befdeb1c1bc0d6aedfc8',
             'type' => 'symfony-bridge',
             'install_path' => __DIR__ . '/../symfony/twig-bridge',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/twig-bundle' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '35d84393e598dfb774e6a2bf49e5229a8a6dbe4c',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => 'a5c8dcc11a5bf9c96320da20070d2e158a4e0b30',
             'type' => 'symfony-bundle',
             'install_path' => __DIR__ . '/../symfony/twig-bundle',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'symfony/var-dumper' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '68d6573ec98715ddcae5a0a85bee3c1c27a4c33f',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '131fc9915e0343052af5ed5040401b481ca192aa',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/var-dumper',
             'aliases' => array(),
@@ -650,45 +643,45 @@
             'dev_requirement' => false,
         ),
         'symfony/web-profiler-bundle' => array(
-            'pretty_version' => 'v6.4.2',
-            'version' => '6.4.2.0',
-            'reference' => '38462d16856740ec0d1ba2cb902eebf09100dde2',
+            'pretty_version' => 'v6.4.32',
+            'version' => '6.4.32.0',
+            'reference' => '011f59e3f3d20f60d11b4e78b8dc63504f56e145',
             'type' => 'symfony-bundle',
             'install_path' => __DIR__ . '/../symfony/web-profiler-bundle',
             'aliases' => array(),
             'dev_requirement' => true,
         ),
         'symfony/yaml' => array(
-            'pretty_version' => 'v6.4.0',
-            'version' => '6.4.0.0',
-            'reference' => '4f9237a1bb42455d609e6687d2613dde5b41a587',
+            'pretty_version' => 'v6.4.30',
+            'version' => '6.4.30.0',
+            'reference' => '8207ae83da19ee3748d6d4f567b4d9a7c656e331',
             'type' => 'library',
             'install_path' => __DIR__ . '/../symfony/yaml',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'tecnickcom/tcpdf' => array(
-            'pretty_version' => '6.10.0',
-            'version' => '6.10.0.0',
-            'reference' => 'ca5b6de294512145db96bcbc94e61696599c391d',
+            'pretty_version' => '6.10.1',
+            'version' => '6.10.1.0',
+            'reference' => '7a2701251e5d52fc3d508fd71704683eb54f5939',
             'type' => 'library',
             'install_path' => __DIR__ . '/../tecnickcom/tcpdf',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'thenetworg/oauth2-azure' => array(
-            'pretty_version' => 'v2.2.2',
-            'version' => '2.2.2.0',
-            'reference' => 'be204a5135f016470a9c33e82ab48785bbc11af2',
+            'pretty_version' => 'v2.2.4',
+            'version' => '2.2.4.0',
+            'reference' => 'a897d60b6b127daa2f27b1b4e62e7af40829d02f',
             'type' => 'library',
             'install_path' => __DIR__ . '/../thenetworg/oauth2-azure',
             'aliases' => array(),
             'dev_requirement' => false,
         ),
         'twig/twig' => array(
-            'pretty_version' => 'v3.21.1',
-            'version' => '3.21.1.0',
-            'reference' => '285123877d4dd97dd7c11842ac5fb7e86e60d81d',
+            'pretty_version' => 'v3.23.0',
+            'version' => '3.23.0.0',
+            'reference' => 'a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9',
             'type' => 'library',
             'install_path' => __DIR__ . '/../twig/twig',
             'aliases' => array(),

lib/firebase/php-jwt/CHANGELOG.md

@@ -1,5 +1,64 @@
 # Changelog
 
+## [7.0.2](https://github.com/firebase/php-jwt/compare/v7.0.1...v7.0.2) (2025-12-16)
+
+
+### Bug Fixes
+
+* add key length validation for ec keys ([#615](https://github.com/firebase/php-jwt/issues/615)) ([7044f9a](https://github.com/firebase/php-jwt/commit/7044f9ae7e7d175d28cca71714feb236f1c0e252))
+
+## [7.0.0](https://github.com/firebase/php-jwt/compare/v6.11.1...v7.0.0) (2025-12-15)
+
+
+### ⚠️ ⚠️ ⚠️  Security Fixes ⚠️ ⚠️ ⚠️ 
+ * add key size validation ([#613](https://github.com/firebase/php-jwt/issues/613)) ([6b80341](https://github.com/firebase/php-jwt/commit/6b80341bf57838ea2d011487917337901cd71576))
+ **NOTE**: This fix will cause keys with a size below the minimally allowed size to break. 
+
+### Features
+
+* add SensitiveParameter attribute to security-critical parameters ([#603](https://github.com/firebase/php-jwt/issues/603)) ([4dbfac0](https://github.com/firebase/php-jwt/commit/4dbfac0260eeb0e9e643063c99998e3219cc539b))
+* store timestamp in `ExpiredException` ([#604](https://github.com/firebase/php-jwt/issues/604)) ([f174826](https://github.com/firebase/php-jwt/commit/f1748260d218a856b6a0c23715ac7fae1d7ca95b))
+
+
+### Bug Fixes
+
+* validate iat and nbf on payload ([#568](https://github.com/firebase/php-jwt/issues/568)) ([953b2c8](https://github.com/firebase/php-jwt/commit/953b2c88bb445b7e3bb82a5141928f13d7343afd))
+
+## [6.11.1](https://github.com/firebase/php-jwt/compare/v6.11.0...v6.11.1) (2025-04-09)
+
+
+### Bug Fixes
+
+* update error text for consistency ([#528](https://github.com/firebase/php-jwt/issues/528)) ([c11113a](https://github.com/firebase/php-jwt/commit/c11113afa13265e016a669e75494b9203b8a7775))
+
+## [6.11.0](https://github.com/firebase/php-jwt/compare/v6.10.2...v6.11.0) (2025-01-23)
+
+
+### Features
+
+* support octet typed JWK ([#587](https://github.com/firebase/php-jwt/issues/587)) ([7cb8a26](https://github.com/firebase/php-jwt/commit/7cb8a265fa81edf2fa6ef8098f5bc5ae573c33ad))
+
+
+### Bug Fixes
+
+* refactor constructor Key to use PHP 8.0 syntax ([#577](https://github.com/firebase/php-jwt/issues/577)) ([29fa2ce](https://github.com/firebase/php-jwt/commit/29fa2ce9e0582cd397711eec1e80c05ce20fabca))
+
+## [6.10.2](https://github.com/firebase/php-jwt/compare/v6.10.1...v6.10.2) (2024-11-24)
+
+
+### Bug Fixes
+
+* Mitigate PHP8.4 deprecation warnings ([#570](https://github.com/firebase/php-jwt/issues/570)) ([76808fa](https://github.com/firebase/php-jwt/commit/76808fa227f3811aa5cdb3bf81233714b799a5b5))
+* support php 8.4 ([#583](https://github.com/firebase/php-jwt/issues/583)) ([e3d68b0](https://github.com/firebase/php-jwt/commit/e3d68b044421339443c74199edd020e03fb1887e))
+
+## [6.10.1](https://github.com/firebase/php-jwt/compare/v6.10.0...v6.10.1) (2024-05-18)
+
+
+### Bug Fixes
+
+* ensure ratelimit expiry is set every time ([#556](https://github.com/firebase/php-jwt/issues/556)) ([09cb208](https://github.com/firebase/php-jwt/commit/09cb2081c2c3bc0f61e2f2a5fbea5741f7498648))
+* ratelimit cache expiration ([#550](https://github.com/firebase/php-jwt/issues/550)) ([dda7250](https://github.com/firebase/php-jwt/commit/dda725033585ece30ff8cae8937320d7e9f18bae))
+
 ## [6.10.0](https://github.com/firebase/php-jwt/compare/v6.9.0...v6.10.0) (2023-11-28)
 
 

lib/firebase/php-jwt/README.md

@@ -17,7 +17,7 @@ composer require firebase/php-jwt
 ```
 
 Optionally, install the `paragonie/sodium_compat` package from composer if your
-php is < 7.2 or does not have libsodium installed:
+php env does not have libsodium installed:
 
 ```bash
 composer require paragonie/sodium_compat
@@ -48,7 +48,8 @@ $decoded = JWT::decode($jwt, new Key($key, 'HS256'));
 print_r($decoded);
 
 // Pass a stdClass in as the third parameter to get the decoded header values
-$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers = new stdClass());
+$headers = new stdClass();
+$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers);
 print_r($headers);
 
 /*
@@ -185,7 +186,7 @@ $passphrase = '[YOUR_PASSPHRASE]';
 // Can be generated with "ssh-keygen -t rsa -m pem"
 $privateKeyFile = '/path/to/key-with-passphrase.pem';
 
-// Create a private key of type "resource"
+/** @var OpenSSLAsymmetricKey $privateKey */
 $privateKey = openssl_pkey_get_private(
     file_get_contents($privateKeyFile),
     $passphrase
@@ -290,7 +291,7 @@ $jwks = ['keys' => []];
 
 // JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key
 // objects. Pass this as the second parameter to JWT::decode.
-JWT::decode($payload, JWK::parseKeySet($jwks));
+JWT::decode($jwt, JWK::parseKeySet($jwks));
 ```
 
 Using Cached Key Sets
@@ -349,7 +350,7 @@ use InvalidArgumentException;
 use UnexpectedValueException;
 
 try {
-    $decoded = JWT::decode($payload, $keys);
+    $decoded = JWT::decode($jwt, $keys);
 } catch (InvalidArgumentException $e) {
     // provided key/key-array is empty or malformed.
 } catch (DomainException $e) {
@@ -379,7 +380,7 @@ like this:
 use Firebase\JWT\JWT;
 use UnexpectedValueException;
 try {
-    $decoded = JWT::decode($payload, $keys);
+    $decoded = JWT::decode($jwt, $keys);
 } catch (LogicException $e) {
     // errors having to do with environmental setup or malformed JWT Keys
 } catch (UnexpectedValueException $e) {
@@ -394,7 +395,7 @@ instead, you can do the following:
 
 ```php
 // return type is stdClass
-$decoded = JWT::decode($payload, $keys);
+$decoded = JWT::decode($jwt, $keys);
 
 // cast to array
 $decoded = json_decode(json_encode($decoded), true);

lib/firebase/php-jwt/composer.json

@@ -20,7 +20,7 @@
     ],
     "license": "BSD-3-Clause",
     "require": {
-        "php": "^7.4||^8.0"
+        "php": "^8.0"
     },
     "suggest": {
         "paragonie/sodium_compat": "Support EdDSA (Ed25519) signatures when libsodium is not present",
@@ -32,10 +32,10 @@
         }
     },
     "require-dev": {
-        "guzzlehttp/guzzle": "^6.5||^7.4",
+        "guzzlehttp/guzzle": "^7.4",
         "phpspec/prophecy-phpunit": "^2.0",
         "phpunit/phpunit": "^9.5",
-        "psr/cache": "^1.0||^2.0",
+        "psr/cache": "^2.0||^3.0",
         "psr/http-client": "^1.0",
         "psr/http-factory": "^1.0"
     }

lib/firebase/php-jwt/src/CachedKeySet.php

@@ -80,9 +80,9 @@ class CachedKeySet implements ArrayAccess
         ClientInterface $httpClient,
         RequestFactoryInterface $httpFactory,
         CacheItemPoolInterface $cache,
-        int $expiresAfter = null,
+        ?int $expiresAfter = null,
         bool $rateLimit = false,
-        string $defaultAlg = null
+        ?string $defaultAlg = null
     ) {
         $this->jwksUri = $jwksUri;
         $this->httpClient = $httpClient;
@@ -180,7 +180,7 @@ class CachedKeySet implements ArrayAccess
             $jwksResponse = $this->httpClient->sendRequest($request);
             if ($jwksResponse->getStatusCode() !== 200) {
                 throw new UnexpectedValueException(
-                    sprintf('HTTP Error: %d %s for URI "%s"',
+                    \sprintf('HTTP Error: %d %s for URI "%s"',
                         $jwksResponse->getStatusCode(),
                         $jwksResponse->getReasonPhrase(),
                         $this->jwksUri,
@@ -212,15 +212,21 @@ class CachedKeySet implements ArrayAccess
         }
 
         $cacheItem = $this->cache->getItem($this->rateLimitCacheKey);
-        if (!$cacheItem->isHit()) {
-            $cacheItem->expiresAfter(1); // # of calls are cached each minute
+
+        $cacheItemData = [];
+        if ($cacheItem->isHit() && \is_array($data = $cacheItem->get())) {
+            $cacheItemData = $data;
         }
 
-        $callsPerMinute = (int) $cacheItem->get();
+        $callsPerMinute = $cacheItemData['callsPerMinute'] ?? 0;
+        $expiry = $cacheItemData['expiry'] ?? new \DateTime('+60 seconds', new \DateTimeZone('UTC'));
+
         if (++$callsPerMinute > $this->maxCallsPerMinute) {
             return true;
         }
-        $cacheItem->set($callsPerMinute);
+
+        $cacheItem->set(['expiry' => $expiry, 'callsPerMinute' => $callsPerMinute]);
+        $cacheItem->expiresAt($expiry);
         $this->cache->save($cacheItem);
         return false;
     }