Ease toggling between optimization and legacy algorithms

Update todo list
Optimize the build of the graph (POC, somewhat hardcoded)
2026-03-06 09:34:13 +01:00 · 2025-07-11 15:24:14 +02:00 · 2025-07-04 15:38:14 +02:00 · 2025-07-04 15:36:03 +02:00 · 2025-07-04 14:31:40 +02:00 · 2025-07-03 13:41:47 +02:00
1217 changed files with 130526 additions and 88159 deletions
--- a/.doc/itop-version-history.md
+++ b/.doc/itop-version-history.md
@@ -93,6 +93,12 @@ gitGraph
    checkout support/3.2
    commit id: "2024-06-25" tag: "3.2.0-beta1" type: REVERSE
    commit id: "2024-08-07" tag: "3.2.0"
+    checkout support/2.7
+    commit id: "2025-02-25" tag: "2.7.12"
+    checkout support/3.1
+    commit id: "2025-02-25 " tag: "3.1.3"
+    checkout support/3.2
+    commit id: "2025-02-25  " tag: "3.2.1"
 ```

 To learn more, check the [iTop community versions history on the official wiki](https://www.itophub.io/wiki/page?id=latest:release:start).
--- a/README.md
+++ b/README.md
@@ -76,7 +76,9 @@ We would like to give a special thank you 🤗 to the people from the community

 ### Names

+- Al Hallak, Amr (a.k.a [@v4yne1](https://github.com/v4yne1))
 - Alves, David
+- Audon, Florian
 - Beck, Pedro
 - Beer, Christian (a.k.a [@ChristianBeer](https://www.github.com/ChristianBeer))
 - Bilger, Jean-François
@@ -88,34 +90,44 @@ We would like to give a special thank you 🤗 to the people from the community
 - Colantoni, Maria Laura
 - Couronné, Guy
 - Dejin, Bie (a.k.a [@bdejin](https://github.com/bdejin))
+- Delicado, Elodie
 - Dvořák, Lukáš
 - Goethals, Stefan
 - Giuva, Vincenzo Katriel (a.k.a [@DarkNight97boss](https://github.com/DarkNight97boss))
 - Gumble, David
+- Heloir, Arthur 
+- Janssens, Jelle (a.k.a [@janssensjelle](https://github.com/janssensjelle))
 - Ji, Leeb (冀利斌) (a.k.a [@chileeb](https://github.com/chileeb))
 - Kaltefleiter, Lars (a.k.a [@larhip](https://www.github.com/larhip))
 - Khamit, Shamil
 - Kincel, Martin
 - Konečný, Kamil
 - Kunin, Vladimir
- Lassiter, Dennis
+- Lassiter, Denis (a.k.a [@delassiter](https://github.com/delassiter))
 - Lazcano, Federico
 - Lucas, Jonathan
 - Malik, Remie
+- Mantel, Ina 
+- Martin, Pierre (a.k.a [@Worty](https://github.com/worty-syn))
+- Melchiorre, Romain
 - Mindêllo de Andrade, Lucas (a.k.a [@rokam](https://www.github.com/rokam))
 - Mozart de Oliveira, Eduardo (a.k.a [@eduardomozart](https://github.com/eduardomozart))
 - Raenker, Martin
 - Roháč, Richard (a.k.a [@RohacRichard](https://github.com/RohacRichard))
 - Rosenke, Stephan
+- Rossi, Tommaso (a.k.a [@tomrss](https://www.github.com/tomrss))
 - Rudner, Björn (a.k.a [@rudnerbjoern](https://github.com/rudnerbjoern))
 - Šafránek, Jaroslav (a.k.a [jkcinik](https://sourceforge.net/u/jkcinik/profile/) on SourceForge)
 - Seki, Shoji
 - Shilov, Vladimir
 - Stetina, Pavel (a.k.a [@Stetinac](https://github.com/Stetinac))
- Stukalov, Ilya (a.k.a [@ilya](https://www.github.com/ilya)-stukalov)
+- Stukalov, Ilya (a.k.a [@ilya](https://www.github.com/ilya-stukalov))
 - Tarjányi, Csaba (a.k.a [@tacsaby](https://github.com/tacsaby))
+- Toraya, Chairat (a.k.a [@Kyokito1412](https://github.com/Kyokito1412))
 - Tulio, Marco
 - Turrubiates, Miguel
+- Višnjić, Aldin (a.k.a[@viliald](https://github.com/viliald))
+- Vlk, Karel (a.k.a [@vlk-charles](https://www.github.com/vlk-charles))

 ### Aliases

@@ -136,4 +148,6 @@ We would like to give a special thank you 🤗 to the people from the community
 - [ITOMIG](https://www.itomig.de/)
 - [Pimkie](https://www.pimkie.com/)
 - [Super-Visions](https://www.super-visions.com/)
-
+- [Defence Tech Cyber Security - Malware Lab](https://github.com/DefenceTechSecurity)
+- Orange Cyberdefense
+- MipihSIB
--- a/application/applicationcontext.class.inc.php
+++ b/application/applicationcontext.class.inc.php
@@ -195,16 +195,31 @@ class ApplicationContext
 	/**
 	 * Returns the context as string with the format name1=value1&name2=value2....
 	 * @return string The context as a string to be appended to an href property
+	 *
 	 */
-	public function GetForLink()
+	public function GetForLink(bool $bWithLeadingAmpersand = false)
 	{
+		// If there are no parameters, return an empty string
+		if(empty($this->aValues)){
+			return '';
+		}
+
+		// Build the query string with ampersand separated parameters
 		$aParams = array();
 		foreach($this->aValues as $sName => $sValue)
 		{
 			$aParams[] = "c[$sName]".'='.urlencode($sValue);
 		}
-		return implode("&", $aParams);
+		$sReturnValue = implode('&', $aParams);
+
+		// add the leading ampersand if requested
+		if($bWithLeadingAmpersand){
+			$sReturnValue = '&' . $sReturnValue;
+		}
+
+		return $sReturnValue;
 	}
+
 	/**
 	 * @since 3.0.0 N°2534 - dashboard: bug with autorefresh that deactivates filtering on organisation
 	 * Returns the params as c[menu]:..., c[org_id]:....
@@ -382,7 +397,7 @@ class ApplicationContext
 		$sUrl = call_user_func(array($sUrlMakerClass, 'MakeObjectUrl'), $sObjClass, $sObjKey);
 	   if (utils::StrLen($sUrl) > 0) {
 		   if ($bWithNavigationContext) {
-			   return $sUrl."&".$oAppContext->GetForLink();
+			   return $sUrl.$oAppContext->GetForLink(true);
 		   } else {
 			   return $sUrl;
 		   }
--- a/application/applicationextension.inc.php
+++ b/application/applicationextension.inc.php
@@ -1711,6 +1711,16 @@ interface iRestServiceProvider
 	public function ExecOperation($sVersion, $sVerb, $aParams);
 }

+/**
+ * A REST service provider implementing this interface will have its input JSON data sanitized for logging purposes
+ * @since 2.7.13, 3.2.1-1
+ * @see \iRestServiceProvider
+ */
+interface iRestInputSanitizer
+{
+	public function SanitizeJsonInput(string $sJsonInput): string;
+}
+
 /**
 * Minimal REST response structure. Derive this structure to add response data and error codes.
 *
@@ -1802,6 +1812,14 @@ class RestResult
 	 * @api
 	 */
 	public $message;
+	
+	/**
+	 * Sanitize the content of this result to hide sensitive information
+	 */
+	public function SanitizeContent()
+	{
+		// The default implementation does nothing
+	}
 }

 /**
--- a/application/cmdbabstract.class.inc.php
+++ b/application/cmdbabstract.class.inc.php
@@ -311,7 +311,7 @@ abstract class cmdbAbstractObject extends CMDBObject implements iDisplay
 		{
 			$sParams .= $sName.'='.urlencode($value).'&'; // Always add a trailing &
 		}
-		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/'.$oObj->GetUIPage().'?'.$sParams.'class='.get_class($oObj).'&id='.$oObj->getKey().'&'.$oAppContext->GetForLink().'&a=1';
+		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/'.$oObj->GetUIPage().'?'.$sParams.'class='.get_class($oObj).'&id='.$oObj->getKey().$oAppContext->GetForLink(true).'&a=1';
 		$oPage->add_early_script(<<<JS
 	if (!sessionStorage.getItem('$sSessionStorageKey'))
 	{
@@ -1113,8 +1113,10 @@ HTML
 		}

 		// Note: DisplayBareHeader is called before adding $oObjectDetails to the page, so it can inject HTML before it through $oPage.
-		/** @var iTopWebPage $oPage */
+		/** @var \iTopWebPage $oPage */
+		$oKPI = new ExecutionKPI();
 		$aHeadersBlocks = $this->DisplayBareHeader($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareHeader');
 		if (false === empty($aHeadersBlocks['subtitle'])) {
 			$oObjectDetails->AddSubTitleBlocks($aHeadersBlocks['subtitle']);
 		}
@@ -1127,8 +1129,12 @@ HTML
 		$oPage->AddTabContainer(OBJECT_PROPERTIES_TAB, '', $oObjectDetails);
 		$oPage->SetCurrentTabContainer(OBJECT_PROPERTIES_TAB);
 		$oPage->SetCurrentTab('UI:PropertiesTab');
+		$oKPI = new ExecutionKPI();
 		$this->DisplayBareProperties($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareProperties');
+		$oKPI = new ExecutionKPI();
 		$this->DisplayBareRelations($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareRelations');


 		// Note: Adding the JS snippet which enables the image upload should have been done directly by the ActivityPanel which would have kept the independance principle
@@ -1331,7 +1337,7 @@ HTML
 					}
 				}
 			}
-
+            $aHeader['friendlyname'] = ['label' => MetaModel::GetName($sClassName)];
 			foreach ($aList[$sAlias] as $sAttCodeEx => $oAttDef) {
 				$sColLabel = $bLocalize ? MetaModel::GetLabel($sClassName, $sAttCodeEx) : $sAttCodeEx;

@@ -1352,6 +1358,7 @@ HTML
 			$aRow = [];
 			foreach ($aAuthorizedClasses as $sAlias => $sClassName) {
 				$oObj = $aObjects[$sAlias];
+                $aRow["friendlyname"] = $oObj->Get('friendlyname');
 				foreach ($aList[$sAlias] as $sAttCodeEx => $oAttDef) {
 					if (is_null($oObj)) {
 						$aRow[$oAttDef->GetCode()] = '';
@@ -3065,7 +3072,7 @@ JS
 		$oPage->add($oAppContext->GetForForm());

 		// Hook the cancel button via jQuery so that it can be unhooked easily as well if needed
-		$sDefaultUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search_form&class='.$sClass.'&'.$oAppContext->GetForLink();
+		$sDefaultUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search_form&class='.$sClass.$oAppContext->GetForLink(true);

 		$sCancelButtonOnClickScript = "let fOnClick{$this->m_iFormId}CancelButton = ";
 		if(isset($aExtraParams['js_handlers']['cancel_button_on_click'])){
@@ -3073,7 +3080,7 @@ JS
 		} else {
 			$sCancelButtonOnClickScript .= "function() { BackToDetails('$sClass', $iKey, '$sDefaultUrl', $sJSToken)};";
 		}
-		$sCancelButtonOnClickScript .= "$('#form_{$this->m_iFormId} button.cancel').on('click', fOnClick{$this->m_iFormId}CancelButton);";
+		$sCancelButtonOnClickScript .= "$('#form_{$this->m_iFormId} button.cancel').on('click.navigation.itop', fOnClick{$this->m_iFormId}CancelButton);";
 		$oPage->add_ready_script($sCancelButtonOnClickScript);

 		$iFieldsCount = count($aFieldsMap);
@@ -6097,7 +6104,9 @@ JS
 		// We want to avoid launching the listener twice, first here, and secondly after saving the Ticket in the listener
 		// By disabling the event to be fired, we can remove the current object from the attribute !
 		$oObject = MetaModel::GetObject($sClass, $sId, false);
-		self::FireEventDbLinksChangedForObject($oObject);
+		if (!is_null($oObject)) {
+			self::FireEventDbLinksChangedForObject($oObject);
+		}
 		self::RemoveObjectAwaitingEventDbLinksChanged($sClass, $sId);
 	}

@@ -6105,13 +6114,11 @@ JS
 	{
 		self::SetEventDBLinksChangedBlocked(true);
 		// N°6408 The object can have been deleted
-		if (!is_null($oObject)) {
-			$oObject->FireEvent(EVENT_DB_LINKS_CHANGED);
+		$oObject->FireEvent(EVENT_DB_LINKS_CHANGED);

-			// Update the object if needed
-			if (count($oObject->ListChanges()) !== 0) {
-				$oObject->DBUpdate();
-			}
+		// Update the object if needed
+		if (count($oObject->ListChanges()) !== 0) {
+			$oObject->DBUpdate();
 		}
 		cmdbAbstractObject::SetEventDBLinksChangedBlocked(false);
 	}
--- a/application/dashboard.class.inc.php
+++ b/application/dashboard.class.inc.php
@@ -524,9 +524,7 @@ EOF
 	 */
 	public function Render($oPage, $bEditMode = false, $aExtraParams = array(), $bCanEdit = true)
 	{
-		if (!array_key_exists('dashboard_div_id', $aExtraParams)) {
-			$aExtraParams['dashboard_div_id'] = utils::Sanitize($this->GetId(), '', 'element_identifier');
-		}
+		$aExtraParams['dashboard_div_id'] = utils::Sanitize($aExtraParams['dashboard_div_id'] ?? null, $this->GetId(), utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);

 		/** @var \DashboardLayoutMultiCol $oLayout */
 		$oLayout = new $this->sLayoutClass();
@@ -1052,7 +1050,7 @@ EOF
 		$sSelectorHtml .= '</div>';

 		$sFile = addslashes($this->GetDefinitionFile());
-		$sReloadURL = $this->GetReloadURL();
+		$sReloadURL = json_encode($this->GetReloadURL());

 		$bFromDashboardPage = isset($aAjaxParams['from_dashboard_page']) ? isset($aAjaxParams['from_dashboard_page']) : false;
 		if ($bFromDashboardPage) {
@@ -1141,7 +1139,6 @@ JS
 			->AddCSSClass('ibo-action-button');

 		$oToolbar->AddSubBlock($oActionButton);
-
 		$aActions = array();
 		$sFile = addslashes(utils::LocalPath($this->sDefinitionFile));
 		$sJSExtraParams = json_encode($aExtraParams);
@@ -1166,7 +1163,7 @@ JS
 		$oToolbar->AddSubBlock($oActionButton)
 			->AddSubBlock($oActionsMenu);

-		$sReloadURL = $this->GetReloadURL();
+		$sReloadURL = json_encode($this->GetReloadURL());
 		$oPage->add_script(
 			<<<EOF
 function EditDashboard(sId, sDashboardFile, aExtraParams)
@@ -1273,7 +1270,7 @@ EOF
 		$sTitle = json_encode($this->sTitle);
 		$sFile = json_encode($this->GetDefinitionFile());
 		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php';
-		$sReloadURL = $this->GetReloadURL();
+		$sReloadURL = json_encode($this->GetReloadURL());

 		$sExitConfirmationMessage = addslashes(Dict::S('UI:NavigateAwayConfirmationMessage'));
 		$sCancelConfirmationMessage = addslashes(Dict::S('UI:CancelConfirmationMessage'));
--- a/application/dashlet.class.inc.php
+++ b/application/dashlet.class.inc.php
@@ -2138,7 +2138,7 @@ class DashletHeaderDynamic extends Dashlet
 		$oSet = new DBObjectSet($oFilter);
 		$iCount = $oSet->Count();
 		$oAppContext = new ApplicationContext();
-		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($oFilter->serialize());
+		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($oFilter->serialize());
 		$oSubTitle->AddHtml('<a class="summary" href="'.$sHyperlink.'">'.Dict::Format(str_replace('_', ':', $sSubtitle), $iCount).'</a>');

 		return $oPanel;
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -1126,7 +1126,7 @@ JS
 						$oSingleGroupByValueFilter->SetShowObsoleteData($this->m_bShowObsoleteData);
 					}
 					$sHyperlink = utils::GetAbsoluteUrlAppRoot()
-						.'pages/UI.php?operation=search&'.$oAppContext->GetForLink()
+						.'pages/UI.php?operation=search'.$oAppContext->GetForLink(true)
 						.'&filter='.rawurlencode($oSingleGroupByValueFilter->serialize());
 					$aCounts[$sStateValue] = ['link' => $sHyperlink, 'label' => $aCounts[$sStateValue]];
 				}
@@ -1234,7 +1234,7 @@ JS
 		$iCount = $this->m_oSet->Count();
 		$sClassLabel = MetaModel::GetName($sClass);
 		$sClassIconUrl = MetaModel::GetClassIcon($sClass, false);
-		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($this->m_oFilter->serialize());
+		$sHyperlink = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($this->m_oFilter->serialize());

 		$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
 		$aRefreshParams = [
@@ -1243,7 +1243,7 @@ JS
 		];

 		if (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY)) {
-			$sCreateActionUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=new&class='.$sClass.'&'.$oAppContext->GetForLink();
+			$sCreateActionUrl = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=new&class='.$sClass.$oAppContext->GetForLink(true);
 			$sCreateActionLabel = Dict::Format('UI:Button:Create');
 			$oBlock = DashletFactory::MakeForDashletBadge($sClassIconUrl, $sHyperlink, $iCount, $sClassLabel, $sCreateActionUrl,
 				$sCreateActionLabel, $aRefreshParams);
@@ -1291,7 +1291,7 @@ JS

 			$aData = array();
 			$oAppContext = new ApplicationContext();
-			$sParams = $oAppContext->GetForLink();
+			$sParams = $oAppContext->GetForLink(true);
 			foreach ($aGroupBy as $iRow => $iCount) {
 				// Build the search for this subset
 				$oSubsetSearch = $this->m_oFilter->DeepClone();
@@ -1306,7 +1306,7 @@ JS

 				$aData[] = array(
 					'group' => $aLabels[$iRow],
-					'value' => "<a href=\"".utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&dosearch=1&$sParams&filter=$sFilter\">$iCount</a>"
+					'value' => "<a href=\"".utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&dosearch=1$sParams&filter=$sFilter\">$iCount</a>"
 				); // TO DO: add the context information
 			}
 			$aAttribs = array(
@@ -1638,7 +1638,7 @@ JS
 		$sGroupByExpr = isset($aExtraParams['group_by_expr']) ? '&params[group_by_expr]='.$aExtraParams['group_by_expr'] : '';
 		$sFilter = $this->m_oFilter->serialize(false, $aQueryParams);
 		$oContext = new ApplicationContext();
-		$sContextParam = $oContext->GetForLink();
+		$sContextParam = $oContext->GetForLink(true);
 		$sAggregationFunction = isset($aExtraParams['aggregation_function']) ? $aExtraParams['aggregation_function'] : '';
 		$sAggregationAttr = isset($aExtraParams['aggregation_attribute']) ? $aExtraParams['aggregation_attribute'] : '';
 		$sLimit = isset($aExtraParams['limit']) ? $aExtraParams['limit'] : '';
@@ -1646,7 +1646,7 @@ JS
 		$sOrderDirection = isset($aExtraParams['order_direction']) ? $aExtraParams['order_direction'] : '';

 		if (isset($aExtraParams['group_by_label'])) {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).$sContextParam;
 		} else {
 			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$sGroupBy{$sGroupByExpr}&params[chart_type]=$sChartType&params[currentId]=$sChartId{$iChartCounter}&params[order_direction]=$sOrderDirection&params[order_by]=$sOrderBy&params[limit]=$sLimit&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sChartId{$iChartCounter}&filter=".rawurlencode($sFilter).'&'.$sContextParam;
 		}
@@ -1683,11 +1683,14 @@ JS
 		$oBlock = null;
 		$sJSURLs = '';

+		$oContext = new ApplicationContext();
+		$sContextParam = $oContext->GetForLink(true);
+
 		if (isset($aExtraParams['group_by'])) {
 			$this->MakeGroupByQuery($aExtraParams, $oGroupByExp, $sGroupByLabel, $aGroupBy, $sAggregationFunction, $sFctVar, $sAggregationAttr, $sSql);
 			$aRes = CMDBSource::QueryToArray($sSql);
-			$oContext = new ApplicationContext();
-			$sContextParam = $oContext->GetForLink();
+
+

 			$iTotalCount = 0;
 			$aURLs = array();
@@ -1707,14 +1710,14 @@ JS
 				$oSubsetSearch = $this->m_oFilter->DeepClone();
 				$oCondition = new BinaryExpression($oGroupByExp, '=', new ScalarExpression($sValue));
 				$oSubsetSearch->AddConditionExpression($oCondition);
-				$aURLs[] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&format=html&filter=".rawurlencode($oSubsetSearch->serialize()).'&'.$sContextParam;
+				$aURLs[] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=search&format=html&filter=".rawurlencode($oSubsetSearch->serialize()).$sContextParam;
 			}
 			$sJSURLs = json_encode($aURLs);
 		}
 		if (isset($aExtraParams['group_by_label'])) {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[group_by_label]={$aExtraParams['group_by_label']}&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).$sContextParam;
 		} else {
-			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).'&'.$sContextParam;
+			$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/ajax.render.php?operation=chart&params[group_by]=$aExtraParams[group_by]&params[chart_type]=$sChartType&params[currentId]=$aExtraParams[currentId]&params[order_direction]=$aExtraParams[order_direction]&params[order_by]=$aExtraParams[order_by]&params[limit]=$aExtraParams[limit]&params[aggregation_function]=$sAggregationFunction&params[aggregation_attribute]=$sAggregationAttr&id=$sId&filter=".rawurlencode($this->m_oFilter->ToOQL()).$sContextParam;
 		}

 		switch ($sChartType) {
@@ -1787,7 +1790,7 @@ JS

 		$oBlock->sCsvFile = strtolower($this->m_oFilter->GetClass()).'.csv';
 		$oBlock->sDownloadLink = utils::GetAbsoluteUrlAppRoot().'webservices/export.php?expression='.urlencode($this->m_oFilter->ToOQL(true)).'&format=csv&filename='.urlencode($oBlock->sCsvFile);
-		$oBlock->sLinkToToggle = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search&'.$oAppContext->GetForLink().'&filter='.rawurlencode($this->m_oFilter->serialize()).'&format=csv';
+		$oBlock->sLinkToToggle = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=search'.$oAppContext->GetForLink(true).'&filter='.rawurlencode($this->m_oFilter->serialize()).'&format=csv';
 		// Pass the parameters via POST, since expression may be very long
 		$aParamsToPost = array(
 			'expression' => $this->m_oFilter->ToOQL(true),
@@ -1891,10 +1894,7 @@ class MenuBlock extends DisplayBlock
 			&& (!isset($aExtraParams['menu']) || $aExtraParams['menu'] === "1" || $aExtraParams['menu'] === true)
 		) {
 			$oAppContext = new ApplicationContext();
-			$sContext = $oAppContext->GetForLink();
-			if (utils::IsNotNullOrEmptyString($sContext)) {
-				$sContext = '&'.$sContext;
-			}
+			$sContext = $oAppContext->GetForLink(true);


 			$sFilter = $this->GetFilter()->serialize();
@@ -2584,11 +2584,8 @@ class MenuBlock extends DisplayBlock
 		$sUrl = "{$sRootUrl}pages/{$sUIPage}?{$sUrlParams}";

 		$oAppContext = new ApplicationContext();
-		$sContext = $oAppContext->GetForLink();
-		if (utils::IsNotNullOrEmptyString($sContext)) {
-			$sUrl .= '&'.$sContext;
-		}
+		$sContext = $oAppContext->GetForLink(true);

-		return $sUrl;
+		return $sUrl . $sContext;
 	}
 }
--- a/application/exceptions/CoreException.php
+++ b/application/exceptions/CoreException.php
@@ -67,7 +67,7 @@ class CoreException extends Exception

 	public function getHtmlDesc($sHighlightHtmlBegin = '<b>', $sHighlightHtmlEnd = '</b>')
 	{
-		return $this->getMessage();
+		return utils::EscapeHtml($this->getMessage());
 	}

 	/**
--- a/application/ui.extkeywidget.class.inc.php
+++ b/application/ui.extkeywidget.class.inc.php
@@ -250,7 +250,7 @@ class UIExtKeyWidget
 					foreach ($aAdditionalField as $sAdditionalField) {
 						array_push($aArguments, $oObj->Get($sAdditionalField));
 					}
-					$aOption['additional_field'] = utils::HtmlEntities(vsprintf($sFormatAdditionalField, $aArguments));
+					$aOption['additional_field'] = utils::HtmlEntities(utils::VSprintf($sFormatAdditionalField, $aArguments));
 				}
 				if (!empty($sObjectImageAttCode)) {
 					// Try to retrieve image for contact
--- a/application/utils.inc.php
+++ b/application/utils.inc.php
@@ -419,11 +419,26 @@ class utils
 	 * @since 2.7.7, 3.0.2, 3.1.0 N°4899 - new 'url' filter
 	 * @since 2.7.10 N°6606 use the utils::ENUM_SANITIZATION_* const
 	 * @since 2.7.10 N°6606 new case for ENUM_SANITIZATION_FILTER_PHP_CLASS
+	 * @since 3.2.1-1 N°8242 Allow value to be an array for every filter
 	 *
 	 * @link https://www.php.net/manual/en/filter.filters.sanitize.php PHP sanitization filters
 	 */
 	protected static function Sanitize_Internal($value, $sSanitizationFilter)
 	{
+		if (is_array($value))
+		{
+			$retValue = array();
+			foreach ($value as $key => $val)
+			{
+				$retValue[$key] = self::Sanitize_Internal($val, $sSanitizationFilter); // recursively check arrays
+				if ($retValue[$key] === false)
+				{
+					return false;
+				}
+			}
+			return $retValue;
+		}
+
 		switch ($sSanitizationFilter)
 		{
 			case static::ENUM_SANITIZATION_FILTER_INTEGER:
@@ -454,52 +469,36 @@ class utils
 			case static::ENUM_SANITIZATION_FILTER_PARAMETER:
 			case static::ENUM_SANITIZATION_FILTER_FIELD_NAME:
 			case static::ENUM_SANITIZATION_FILTER_TRANSACTION_ID:
-				if (is_array($value))
+				switch ($sSanitizationFilter)
 				{
-					$retValue = array();
-					foreach ($value as $key => $val)
-					{
-						$retValue[$key] = self::Sanitize_Internal($val, $sSanitizationFilter); // recursively check arrays
-						if ($retValue[$key] === false)
-						{
-							$retValue = false;
-							break;
-						}
-					}
-				}
-				else
-				{
-					switch ($sSanitizationFilter)
-					{
-						case static::ENUM_SANITIZATION_FILTER_TRANSACTION_ID:
-							// Same as parameter type but keep the dot character
-							// transaction_id, the dot is mostly for Windows servers when using file storage as the tokens are named *.tmp
-							// - See N°1835
-							// - Note: It must be included at the regexp beginning otherwise you'll get an invalid character error
-							$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[\. A-Za-z0-9_=-]*$/')));
-							break;
+					case static::ENUM_SANITIZATION_FILTER_TRANSACTION_ID:
+						// Same as parameter type but keep the dot character
+						// transaction_id, the dot is mostly for Windows servers when using file storage as the tokens are named *.tmp
+						// - See N°1835
+						// - Note: It must be included at the regexp beginning otherwise you'll get an invalid character error
+						$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[\. A-Za-z0-9_=-]*$/')));
+						break;

-						case static::ENUM_SANITIZATION_FILTER_ROUTE:
-						case static::ENUM_SANITIZATION_FILTER_OPERATION:
-							// - Routes should be of the "controller_namespace_code.controller_method_name" form
-							// - Operations should be allowed to be namespaced as well even though then don't have dedicated controller yet
-							$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[\.A-Za-z0-9_-]*$/')));
-							break;
+					case static::ENUM_SANITIZATION_FILTER_ROUTE:
+					case static::ENUM_SANITIZATION_FILTER_OPERATION:
+						// - Routes should be of the "controller_namespace_code.controller_method_name" form
+						// - Operations should be allowed to be namespaced as well even though then don't have dedicated controller yet
+						$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[\.A-Za-z0-9_-]*$/')));
+						break;

-						case static::ENUM_SANITIZATION_FILTER_PARAMETER:
-							$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[ A-Za-z0-9_=-]*$/'))); // the '=', '%3D, '%2B', '%2F'
-							// Characters are used in serialized filters (starting 2.5, only the url encoded versions are presents, but the "=" is kept for BC)
-							break;
+					case static::ENUM_SANITIZATION_FILTER_PARAMETER:
+						$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[ A-Za-z0-9_=-]*$/'))); // the '=', '%3D, '%2B', '%2F'
+						// Characters are used in serialized filters (starting 2.5, only the url encoded versions are presents, but the "=" is kept for BC)
+						break;

-						case static::ENUM_SANITIZATION_FILTER_FIELD_NAME:
-							$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name
-							break;
+					case static::ENUM_SANITIZATION_FILTER_FIELD_NAME:
+						$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[A-Za-z0-9_]+(->[A-Za-z0-9_]+)*$/'))); // att_code or att_code->name or AttCode->Name or AttCode->Key2->Name
+						break;

-						case static::ENUM_SANITIZATION_FILTER_CONTEXT_PARAM:
-							$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[ A-Za-z0-9_=%:+-]*$/')));
-							break;
+					case static::ENUM_SANITIZATION_FILTER_CONTEXT_PARAM:
+						$retValue = filter_var($value, FILTER_VALIDATE_REGEXP, array("options" => array("regexp" => '/^[ A-Za-z0-9_=%:+-]*$/')));
+						break;

-					}
 				}
 				break;

@@ -522,8 +521,8 @@ class utils

 			// For URL
 			case static::ENUM_SANITIZATION_FILTER_URL:
-                // N°6350 - returns only valid URLs
-				$retValue = filter_var($value, FILTER_VALIDATE_URL);
+				$retValue = filter_var($value, FILTER_SANITIZE_URL);
+				$retValue = filter_var($retValue, FILTER_VALIDATE_URL);
 				break;

 			default:
@@ -1517,12 +1516,12 @@ class utils
 			case iPopupMenuExtension::MENU_OBJLIST_TOOLKIT:
 				/** @var \DBObjectSet $param */
 				$oAppContext = new ApplicationContext();
-				$sContext = $oAppContext->GetForLink();
+				$sContext = $oAppContext->GetForLink(true);
 				$sDataTableId = is_null($sDataTableId) ? '' : $sDataTableId;
 				$sUIPage = cmdbAbstractObject::ComputeStandardUIPage($param->GetFilter()->GetClass());
 				$sOQL = addslashes($param->GetFilter()->ToOQL(true));
 				$sFilter = urlencode($param->GetFilter()->serialize());
-				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter."&{$sContext}";
+				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter.$sContext;
 				$oContainerBlock->AddJsFileRelPath('js/tabularfieldsselector.js');
 				$oContainerBlock->AddJsFileRelPath('js/jquery.dragtable.js');
 				$oContainerBlock->AddCssFileRelPath('css/dragtable.css');
@@ -1556,6 +1555,11 @@ class utils
 				}
 				$aResult[] = new JSPopupMenuItem('UI:Menu:AddToDashboard', Dict::S('UI:Menu:AddToDashboard'), "DashletCreationDlg('$sOQL', '$sContext')");
 				$aResult[] = new JSPopupMenuItem('UI:Menu:ShortcutList', Dict::S('UI:Menu:ShortcutList'), "ShortcutListDlg('$sOQL', '$sDataTableId', '$sContext')");
+                if (ApplicationMenu::IsMenuIdEnabled('RunQueriesMenu')) {
+                    $oMenuItemPlay = new JSPopupMenuItem('UI:Menu:OpenOQL', Dict::S('UI:Edit:TestQuery'), "OpenOql('$sOQL')");
+                    $oMenuItemPlay->SetIconClass('fas fa-play');
+                    $aResult[] = $oMenuItemPlay;
+                }

 				break;

@@ -1692,8 +1696,8 @@ class utils
 		$oAppContext = new ApplicationContext();

 		$sUrl = $sAppRootUrl
-			.'pages/UI.php?operation=search&'
-			.$oAppContext->GetForLink()
+			.'pages/UI.php?operation=search'
+			.$oAppContext->GetForLink(true)
 			.'&filter='.rawurlencode($oDataTableSearchFilter->serialize());
 		$sUrl .= '&aParams='.rawurlencode($sParams); // Not working... yet, cause not handled by UI.php

@@ -1948,7 +1952,7 @@ SQL;
 			CURLOPT_HEADER         => false,    // don't return the headers in the output
 			CURLOPT_FOLLOWLOCATION => true,     // follow redirects
 			CURLOPT_ENCODING       => "",       // handle all encodings
-			CURLOPT_USERAGENT      => static::GetConfig()->Get('http.request.user_agent'), // who am i
+			CURLOPT_USERAGENT      => "spider", // who am i
 			CURLOPT_AUTOREFERER    => true,     // set referer on redirect
 			CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
 			CURLOPT_TIMEOUT        => 120,      // timeout on response
@@ -2076,6 +2080,127 @@ SQL;
 		);
 	}

+	/**
+	*  Format a string using vsprintf with safety checks to avoid ValueError
+	*
+	*  This method fills missing arguments with their original format specifiers,
+	*  then calls vsprintf with the complete array.
+	*
+	* @param string $sFormat The format string
+	* @param array $aArgs The arguments to format
+	* @param bool $bLogErrors Whether to log errors (defaults to true)
+	*
+	* @return string The formatted string
+	 * @since 3.2.2
+	*/
+	public static function VSprintf(string $sFormat, array $aArgs, bool $bLogErrors = true): string
+	{
+		// Extract all format specifiers
+		$sPattern = '/%(?:(?:[1-9][0-9]*)\$)?[-+\'0# ]*(?:[0-9]*|\*)?(?:\.(?:[0-9]*|\*))?(?:[hlL])?[diouxXeEfFgGcrs%]/';
+		preg_match_all($sPattern, $sFormat, $aMatches, PREG_OFFSET_CAPTURE);
+
+		// Process matches, keeping track of their positions and excluding escaped percent signs (%%)
+		$aSpecifierMatches = [];
+		foreach ($aMatches[0] as $sMatch) {
+			if ($sMatch[0] !== '%%') {
+				$aSpecifierMatches[] = $sMatch;
+			}
+		}
+
+		// Check for positional specifiers and build position map
+		$bHasPositional = false;
+		$iMaxPosition = 0;
+		$aPositions = [];
+		$aUniquePositions = [];
+
+		foreach ($aSpecifierMatches as $index => $match) {
+			$sSpec = $match[0];
+			if (preg_match('/^%([1-9][0-9]*)\$/', $sSpec, $posMatch)) {
+				$bHasPositional = true;
+				$iPosition = (int)$posMatch[1] - 1; // Convert to 0-based
+				$aPositions[$index] = $iPosition;
+				$aUniquePositions[$iPosition] = true;
+				$iMaxPosition = max($iMaxPosition, $iPosition + 1);
+			} else {
+				$aPositions[$index] = $index;
+				$aUniquePositions[$index] = true;
+				$iMaxPosition = max($iMaxPosition, $index + 1);
+			}
+		}
+
+		// Count unique positions, this tells us how many arguments we actually need
+		$iExpectedCount = count($aUniquePositions);
+		$iActualCount = count($aArgs);
+
+		// If we have enough arguments, just use vsprintf
+		if ($iActualCount >= $iExpectedCount) {
+			return vsprintf($sFormat, $aArgs);
+		}
+		// else log the error if needed
+		if ($bLogErrors) {
+			IssueLog::Warning("Format string requires $iExpectedCount arguments, but only $iActualCount provided. Format: '$sFormat'"	);
+		}
+
+		// Create a replacement map
+		if ($bHasPositional) {
+			// For positional, we need to handle the exact positions
+			$aReplacements = array_fill(0, $iMaxPosition, null);
+
+			// Fill in the real arguments first
+			foreach ($aArgs as $index => $sValue) {
+				if ($index < $iMaxPosition) {
+					$aReplacements[$index] = $sValue;
+				}
+			}
+
+			// For null values in the replacement map, use the original specifier
+			foreach ($aSpecifierMatches as $index => $sMatch) {
+				$iPosition = $aPositions[$index];
+				if ($aReplacements[$iPosition] === null) {
+					// Use the original format specifier when we don't have an argument
+					$aReplacements[$iPosition] = $sMatch[0];
+				}
+			}
+
+			// Remove any remaining nulls (for positions that weren't referenced)
+			$aReplacements = array_filter($aReplacements, static function($val) { return $val !== null; });
+		} else {
+			// For non-positional, we need to map each position
+			$aReplacements = [];
+			$iUsed = 0;
+
+			// Create a map of what values to use for each position
+			$aPositionValues = [];
+			for ($i = 0; $i < $iMaxPosition; $i++) {
+				if (isset($aUniquePositions[$i])) {
+					if ($iUsed < $iActualCount) {
+						// We have an actual argument for this position
+						$aPositionValues[$i] = $aArgs[$iUsed++];
+					} else {
+						// Mark this position to use the original specifier
+						$aPositionValues[$i] = null;
+					}
+				}
+			}
+
+			// Build the replacements array preserving the original order
+			foreach ($aSpecifierMatches as $index => $sMatch) {
+				$iPosition = $aPositions[$index];
+				if (isset($aPositionValues[$iPosition])) {
+					$aReplacements[] = $aPositionValues[$iPosition];
+				} else {
+					// Use the original format specifier when we don't have an argument
+					$aReplacements[] = $sMatch[0];
+					// Mark this position as used, so if it appears again, it gets the same replacement
+					$aPositionValues[$iPosition] = $sMatch[0];
+				}
+			}
+		}
+
+		// Process the format string with our filled-in arguments
+		return vsprintf($sFormat, $aReplacements);
+	}
+
 	/**
 	 * Convert a string containing some (valid) HTML markup to plain text
 	 *
@@ -3110,8 +3235,7 @@ TXT
 		$aMentionMatches = [];
 		$sText = html_entity_decode($sText);

-		preg_match_all('/<a\s*([^>]*)data-object-class="([^"]*)"\s*data-object-key="([^"]*)"/i', $sText, $aMentionMatches);
-
+		preg_match_all('/<a\s*([^>]*)data-object-class="([^"]*)"\s.*data-object-key="([^"]*)"/Ui', $sText, $aMentionMatches);
 		foreach ($aMentionMatches[0] as $iMatchIdx => $sCompleteMatch) {
 			$sMatchedClass = $aMentionMatches[2][$iMatchIdx];
 			$sMatchedId = $aMentionMatches[3][$iMatchIdx];
--- a/core/attributedef.class.inc.php
+++ b/core/attributedef.class.inc.php
@@ -142,7 +142,7 @@ abstract class AttributeDefinition

 	protected $aCSSClasses;

-	public function GetType()
+    public function GetType()
 	{
 		return Dict::S('Core:'.get_class($this));
 	}
@@ -4218,7 +4218,7 @@ class AttributeFinalClass extends AttributeString
 */
 class AttributePassword extends AttributeString implements iAttributeNoGroupBy
 {
-	const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
+    const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;

 	/**
 	 * Useless constructor, but if not present PHP 7.4.0/7.4.1 is crashing :( (N°2329)
@@ -4295,7 +4295,7 @@ class AttributePassword extends AttributeString implements iAttributeNoGroupBy
 */
 class AttributeEncryptedString extends AttributeString implements iAttributeNoGroupBy
 {
-	const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
+    const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;

 	protected function GetSQLCol($bFullSpec = false)
 	{
@@ -5020,7 +5020,7 @@ class AttributeCaseLog extends AttributeLongText
 			}
 			else
 			{
-				if (strlen($proposedValue) > 0)
+				if (utils::StrLen($proposedValue) > 0)
 				{
 					//N°5135 - add impersonation information in caselog
 					if (UserRights::IsImpersonated()){
@@ -6371,7 +6371,15 @@ class AttributeDateTime extends AttributeDBField

 		$oFormField = parent::MakeFormField($oObject, $oFormField);

-		return $oFormField;
+        // After call to the parent as it sets the current value
+        $oValue = $oObject->Get($this->GetCode());
+        if ($oValue === $this->GetNullValue()) {
+            $oValue = $this->GetDefaultValue($oObject);
+        }
+        $oFormField->SetCurrentValue($this->GetFormat()->Format($oValue));
+
+
+        return $oFormField;
 	}

 	/**
@@ -6458,9 +6466,21 @@ class AttributeDateTime extends AttributeDBField
 		$sDefaultValue = $this->Get('default_value');
 		if (utils::IsNotNullOrEmptyString($sDefaultValue)) {
 			try {
-				$oDate = new DateTimeImmutable($sDefaultValue);
+				$sDefaultDate = Expression::FromOQL($sDefaultValue)->Evaluate([]);
 			} catch (Exception $e) {
-				$oDate = new DateTimeImmutable(Expression::FromOQL($sDefaultValue)->Evaluate([]));
+				try {
+					$sDefaultDate = Expression::FromOQL('"'.$sDefaultValue.'"')->Evaluate([]);
+				} catch (Exception $e) {
+					IssueLog::Error("Invalid default value '$sDefaultValue' for field '{$this->GetCode()}' on class '{$this->GetHostClass()}', defaulting to null");
+
+					return $this->GetNullValue();
+				}
+			}
+			try {
+				$oDate = new DateTimeImmutable($sDefaultDate);
+			} catch (Exception $e) {
+				IssueLog::Error("Invalid default value '$sDefaultValue' for field '{$this->GetCode()}' on class '{$this->GetHostClass()}', defaulting to null");
+				return $this->GetNullValue();
 			}
 			return $oDate->format($this->GetInternalFormat());
 		}
@@ -10017,7 +10037,7 @@ class AttributeSubItem extends AttributeDefinition
 */
 class AttributeOneWayPassword extends AttributeDefinition implements iAttributeNoGroupBy
 {
-	const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;
+    const SEARCH_WIDGET_TYPE = self::SEARCH_WIDGET_TYPE_RAW;

 	/**
 	 * Useless constructor, but if not present PHP 7.4.0/7.4.1 is crashing :( (N°2329)
@@ -10959,12 +10979,12 @@ abstract class AttributeSet extends AttributeDBFieldVoid
 			$sDescription = utils::EscapeHtml($this->GetValueDescription($sValue));
 			$oFilter = DBSearch::FromOQL("SELECT $sClass WHERE $sAttCode MATCHES '$sValue'");
 			$oAppContext = new ApplicationContext();
-			$sContext = $oAppContext->GetForLink();
+			$sContext = $oAppContext->GetForLink(true);
 			$sUIPage = cmdbAbstractObject::ComputeStandardUIPage($oFilter->GetClass());
 			$sFilter = rawurlencode($oFilter->serialize());
 			$sLink = '';
 			if ($bWithLink && $this->bDisplayLink) {
-				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter."&{$sContext}";
+				$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter.$sContext;
 				$sLink = ' href="'.$sUrl.'"';
 			}

@@ -12281,13 +12301,13 @@ class AttributeTagSet extends AttributeSet
 				$sTagDescription = $oTag->Get('description');
 				$oFilter = DBSearch::FromOQL("SELECT $sClass WHERE $sAttCode MATCHES '$sTagCode'");
 				$oAppContext = new ApplicationContext();
-				$sContext = $oAppContext->GetForLink();
+				$sContext = $oAppContext->GetForLink(true);
 				$sUIPage = cmdbAbstractObject::ComputeStandardUIPage($oFilter->GetClass());
 				$sFilter = rawurlencode($oFilter->serialize());

 				$sLink = '';
 				if ($bWithLink && $this->bDisplayLink) {
-					$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter."&{$sContext}";
+					$sUrl = utils::GetAbsoluteUrlAppRoot()."pages/$sUIPage?operation=search&filter=".$sFilter.$sContext;
 					$sLink = ' href="'.$sUrl.'"';
 				}

--- a/core/bulkchange.class.inc.php
+++ b/core/bulkchange.class.inc.php
@@ -472,8 +472,10 @@ class BulkChange
 	protected $m_bLocalizedValues;
 	/** @var array Cache for resolving external keys based on the given search criterias */
 	protected $m_aExtKeysMappingCache;
+	/** @var int number of columns */
+	protected $m_iNbCol;

-	public function __construct($sClass, $aData, $aAttList, $aExtKeys, $aReconcilKeys, $sSynchroScope = null, $aOnDisappear = null, $sDateFormat = null, $bLocalize = false)
+	public function __construct($sClass, $aData, $aAttList, $aExtKeys, $aReconcilKeys, $sSynchroScope = null, $aOnDisappear = null, $sDateFormat = null, $bLocalize = false, $iNbCol = 0)
 	{
 		$this->m_sClass = $sClass;
 		$this->m_aData = $aData;
@@ -485,6 +487,7 @@ class BulkChange
 		$this->m_sDateFormat = $sDateFormat;
 		$this->m_bLocalizedValues = $bLocalize;
 		$this->m_aExtKeysMappingCache = array();
+		$this->m_iNbCol =$iNbCol;
 	}

 	protected function ResolveExternalKey($aRowData, $sAttCode, &$aResults)
@@ -519,7 +522,7 @@ class BulkChange
 		foreach ($this->m_aExtKeys[$sAttCode] as $sForeignAttCode => $iCol)
 		{
 			// The foreign attribute is one of our reconciliation key
-			if (strlen($aRowData[$iCol]) > 0)
+			if (isset($aRowData[$iCol]) && strlen($aRowData[$iCol]) > 0)
 			{
 				return false;
 			}
@@ -1181,6 +1184,9 @@ class BulkChange
 					foreach($this->m_aData as $iRow => $aRowData)
 					{
 						$sFormat = $sDateTimeFormat;
+						if(!isset($this->m_aData[$iRow][$iCol])){
+							continue;
+						}
 						$sValue = $this->m_aData[$iRow][$iCol];
 						if (!empty($sValue))
 						{
@@ -1238,6 +1244,12 @@ class BulkChange
 		try {
 			foreach ($this->m_aData as $iRow => $aRowData) {
 				set_time_limit(intval($iLoopTimeLimit));
+				// Stop if not the good number of cols in $aRowData
+				if($this->m_iNbCol>0 && count($aRowData) != $this->m_iNbCol){
+					$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::Format('UI:CSVReport-Row-Issue-NbField',count($aRowData),$this->m_iNbCol) );
+					continue;
+				}
+
 				if (isset($aResult[$iRow]["__STATUS__"])) {
 					// An issue at the earlier steps - skip the rest
 					continue;
@@ -1348,7 +1360,11 @@ class BulkChange
 			{
 				if (!array_key_exists($iCol, $aResult[$iRow]))
 				{
-					$aResult[$iRow][$iCol] = new CellStatus_Void($aRowData[$iCol]);
+					if(isset($aRowData[$iCol])) {
+						$aResult[$iRow][$iCol] = new CellStatus_Void($aRowData[$iCol]);
+					} else {
+						$aResult[$iRow][$iCol] = new CellStatus_Issue('', null, Dict::S('UI:CSVReport-Value-Issue-NoValue'));
+					}
 				}
 			}
 			foreach($this->m_aExtKeys as $sAttCode => $aForeignAtts)
@@ -1362,7 +1378,11 @@ class BulkChange
 					if (!array_key_exists($iCol, $aResult[$iRow]))
 					{
 						// The foreign attribute is one of our reconciliation key
-						$aResult[$iRow][$iCol] = new CellStatus_Void($aRowData[$iCol]);
+						if(isset($aRowData[$iCol])) {
+							$aResult[$iRow][$iCol] = new CellStatus_Void($aRowData[$iCol]);
+						} else {
+							$aResult[$iRow][$iCol] = new CellStatus_Issue('', null, 'UI:CSVReport-Value-Issue-NoValue');
+						}
 					}
 				}
 			}
@@ -1406,7 +1426,7 @@ class BulkChange
 		$aDetails = array();
 		while ($oChange = $oBulkChanges->Fetch())
 		{
-			$sDate = '<a href="csvimport.php?step=10&changeid='.$oChange->GetKey().'&'.$oAppContext->GetForLink().'">'.$oChange->Get('date').'</a>';
+			$sDate = '<a href="csvimport.php?step=10&changeid='.$oChange->GetKey().$oAppContext->GetForLink(true).'">'.$oChange->Get('date').'</a>';
 			$sUser = $oChange->GetUserName();
 			if (preg_match('/^(.*)\\(CSV\\)$/i', $oChange->Get('userinfo'), $aMatches))
 			{
@@ -1488,7 +1508,7 @@ EOF
 	function OnTruncatedHistoryToggle(bShowAll)
 	{
 		$('#csv_history_reload').html('<img src="' + GetAbsoluteUrlAppRoot() + 'images/indicator.gif"/>');
-		$.get(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php?{$sAppContext}', {operation: 'displayCSVHistory', showall: bShowAll}, function(data)
+		$.get(GetAbsoluteUrlAppRoot()+'pages/ajax.render.php?$sAppContext', {operation: 'displayCSVHistory', showall: bShowAll}, function(data)
 			{
 				$('#$sAjaxDivId').html(data);
 			}
--- a/core/bulkexport.class.inc.php
+++ b/core/bulkexport.class.inc.php
@@ -25,7 +25,7 @@ define('EXPORTER_DEFAULT_CHUNK_SIZE', 1000);
 class BulkExportException extends Exception
 {
 	protected $sLocalizedMessage;
-	public function __construct($message, $sLocalizedMessage, $code = null, $previous = null)
+	public function __construct($message, $sLocalizedMessage, $code = 0, $previous = null)
 	{
 		parent::__construct($message, $code, $previous);
 		$this->sLocalizedMessage = $sLocalizedMessage;
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -1233,6 +1233,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'sessions_tracking.session_handler_extension' => [
+			'type' => 'string',
+			'description' => 'to store more data in itop session files, set your own iSessionHandlerExtension implementation class in this variable',
+			'default' => '',
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'sessions_tracking.gc_threshold' => [
 			'type' => 'integer',
 			'description'         => 'fallback in case cron is not active: probability in percent that session files are cleanup during any itop request (100 means always)',
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -3624,13 +3624,13 @@ abstract class DBObject implements iDisplay
 	 */
 	public function DBUpdate()
 	{
+		$this->LogCRUDEnter(__METHOD__);
 		if (!MetaModel::StartReentranceProtection($this)) {
 			$this->LogCRUDExit(__METHOD__, 'Rejected (reentrance)');

 			return false;
 		}

-		$this->LogCRUDEnter(__METHOD__);
 		if (!$this->m_bIsInDB)
 		{
 			throw new CoreException("DBUpdate: could not update a newly created object, please call DBInsert instead");
@@ -3862,7 +3862,9 @@ abstract class DBObject implements iDisplay
 	 */
 	protected function PostUpdateActions(array $aChanges): void
 	{
-		$this->FireEventAfterWrite($aChanges, false, $this->sStimulusBeingApplied);
+		$sStimulusBeingApplied = $this->sStimulusBeingApplied;
+		$this->sStimulusBeingApplied = null;
+		$this->FireEventAfterWrite($aChanges, false, $sStimulusBeingApplied);
 		$oKPI = new ExecutionKPI();
 		$this->AfterUpdate();
 		$oKPI->ComputeStatsForExtension($this, 'AfterUpdate');
@@ -3874,9 +3876,8 @@ abstract class DBObject implements iDisplay
 		$this->ActivateOnObjectUpdateTriggersForTargetObjects();

 		$sClass = get_class($this);
-		if (utils::IsNotNullOrEmptyString($this->sStimulusBeingApplied))
+		if (utils::IsNotNullOrEmptyString($sStimulusBeingApplied))
 		{
-			$this->sStimulusBeingApplied = null;
 			$sStateAttCode = MetaModel::GetStateAttributeCode($sClass);
 			$sPreviousState = $this->m_aPreviousValuesForUpdatedAttributes[$sStateAttCode];
 			// Change state triggers...
@@ -4510,6 +4511,8 @@ abstract class DBObject implements iDisplay
 	 */
 	public function ApplyStimulus($sStimulusCode, $bDoNotWrite = false)
 	{
+		$this->LogCRUDEnter(__METHOD__, "Code: $sStimulusCode");
+
 		$sClass = get_class($this);
 		if (!MetaModel::HasLifecycle($sClass))
 		{
@@ -4536,6 +4539,8 @@ abstract class DBObject implements iDisplay
 				} else {
 					$aBackupValues[$sAttCode] = $value;
 				}
+			} else {
+				$aBackupValues[$sAttCode] = $oAttDef->GetNullValue();
 			}
 		}

@@ -4543,7 +4548,6 @@ abstract class DBObject implements iDisplay

 		// Change the state before proceeding to the actions, this is necessary because an action might
 		// trigger another stimuli (alternative: push the stimuli into a queue)
-		$sPreviousState = $this->Get($sStateAttCode);
 		$sNewState = $aTransitionDef['target_state'];
 		$this->Set($sStateAttCode, $sNewState);

@@ -4551,64 +4555,67 @@ abstract class DBObject implements iDisplay
 		//    array('target_state'=>..., 'actions'=>array of handlers procs, 'user_restriction'=>TBD

 		$bSuccess = true;
-		$sActionDesc = '';
-		foreach ($aTransitionDef['actions'] as $actionHandler)
-		{
-			if (is_string($actionHandler))
-			{
-				// Old (pre-2.1.0 modules) action definition without any parameter
-				$aActionCallSpec = array($this, $actionHandler);
-				$sActionDesc = $sClass.'::'.$actionHandler;
+		// Prevent current object from being updated by the actions
+		$this->AddCurrentObjectInCrudStack('APPLY_STIMULUS');
+		$bIsNewlyProtected = MetaModel::StartReentranceProtection($this);
+		try {
+			foreach ($aTransitionDef['actions'] as $actionHandler) {
+				if (is_string($actionHandler)) {
+					// Old (pre-2.1.0 modules) action definition without any parameter
+					$aActionCallSpec = array($this, $actionHandler);
+					$sActionDesc = $sClass.'::'.$actionHandler;

-				if (!is_callable($aActionCallSpec))
-				{
-					throw new CoreException("Unable to call action: $sClass::$actionHandler");
-				}
-				$bRet = call_user_func($aActionCallSpec, $sStimulusCode);
-			}
-			else // if (is_array($actionHandler))
-			{
-				// New syntax: 'verb' and typed parameters
-				$sAction = $actionHandler['verb'];
-				$sActionDesc = "$sClass::$sAction";
-				$aParams = array();
-				foreach($actionHandler['params'] as $aDefinition)
-				{
-					$sParamType = array_key_exists('type', $aDefinition) ? $aDefinition['type'] : 'string';
-					switch($sParamType)
-					{
-						case 'int':
-							$value = (int)$aDefinition['value'];
-							break;
-
-						case 'float':
-							$value = (float)$aDefinition['value'];
-							break;
-
-						case 'bool':
-							$value = (bool)$aDefinition['value'];
-							break;
-
-						case 'reference':
-							$value = ${$aDefinition['value']};
-							break;
-
-						case 'string':
-						default:
-							$value = (string)$aDefinition['value'];
+					if (!is_callable($aActionCallSpec)) {
+						throw new CoreException("Unable to call action: $sClass::$actionHandler");
 					}
-					$aParams[] = $value;
+					$bRet = call_user_func($aActionCallSpec, $sStimulusCode);
+				} else // if (is_array($actionHandler))
+				{
+					// New syntax: 'verb' and typed parameters
+					$sAction = $actionHandler['verb'];
+					$sActionDesc = "$sClass::$sAction";
+					$aParams = array();
+					foreach ($actionHandler['params'] as $aDefinition) {
+						$sParamType = array_key_exists('type', $aDefinition) ? $aDefinition['type'] : 'string';
+						switch ($sParamType) {
+							case 'int':
+								$value = (int)$aDefinition['value'];
+								break;
+
+							case 'float':
+								$value = (float)$aDefinition['value'];
+								break;
+
+							case 'bool':
+								$value = (bool)$aDefinition['value'];
+								break;
+
+							case 'reference':
+								$value = ${$aDefinition['value']};
+								break;
+
+							case 'string':
+							default:
+								$value = (string)$aDefinition['value'];
+						}
+						$aParams[] = $value;
+					}
+					$aCallSpec = array($this, $sAction);
+					$bRet = call_user_func_array($aCallSpec, $aParams);
+				}
+				// if one call fails, the whole is considered as failed
+				// (in case there is no returned value, null is obtained and means "ok")
+				if ($bRet === false) {
+					IssueLog::Info("Lifecycle action $sActionDesc returned false on object #$sClass:".$this->GetKey());
+					$bSuccess = false;
 				}
-				$aCallSpec = array($this, $sAction);
-				$bRet = call_user_func_array($aCallSpec, $aParams);
 			}
-			// if one call fails, the whole is considered as failed
-			// (in case there is no returned value, null is obtained and means "ok")
-			if ($bRet === false)
-			{
-				IssueLog::Info("Lifecycle action $sActionDesc returned false on object #$sClass:".$this->GetKey());
-				$bSuccess = false;
+		} finally {
+			if ($bIsNewlyProtected) {
+				// Stops protection only if the object was not already protected
+				MetaModel::StopReentranceProtection($this);
 			}
+			$this->RemoveCurrentObjectInCrudStack();
 		}
 		if ($bSuccess)
 		{
@@ -4641,6 +4648,7 @@ abstract class DBObject implements iDisplay
 				$this->m_aCurrValues[$sAttCode] = $aBackupValues[$sAttCode];
 			}
 		}
+		$this->LogCRUDExit(__METHOD__, 'Current State: '.$this->Get($sStateAttCode));
 		return $bSuccess;
 	}

@@ -6725,12 +6733,13 @@ abstract class DBObject implements iDisplay
 		$oRootClass = MetaModel::GetRootClass($sClass);

 		foreach (self::$m_aCrudStack as $aCrudStackEntry) {
-			if (($oRootClass === $aCrudStackEntry['class'])
-				&& ($sConvertedId === $aCrudStackEntry['id'])) {
+			if (($oRootClass === $aCrudStackEntry['class']) && ($sConvertedId === $aCrudStackEntry['id'])) {
+				IssueLog::Trace('CRUD '.__METHOD__." $sClass:$sId IS in CRUD Stack", LogChannels::DM_CRUD);
 				return true;
 			}
 		}

+		IssueLog::Trace('CRUD '.__METHOD__." $sClass:$sId NOT in CRUD Stack", LogChannels::DM_CRUD);
 		return false;
 	}

@@ -6748,10 +6757,12 @@ abstract class DBObject implements iDisplay
 		$sRootClass = MetaModel::GetRootClass($sClass);
 		foreach (self::$m_aCrudStack as $aCrudStackEntry) {
 			if ($sRootClass === $aCrudStackEntry['class']) {
+				IssueLog::Trace("CRUD ".__METHOD__." $sClass IS in CRUD Stack", LogChannels::DM_CRUD);
 				return true;
 			}
 		}

+		IssueLog::Trace('CRUD '.__METHOD__." $sClass NOT in CRUD Stack", LogChannels::DM_CRUD);
 		return false;
 	}

@@ -6761,17 +6772,20 @@ abstract class DBObject implements iDisplay
 	 * @param string $sCrudType
 	 *
 	 * @return void
+	 * @throws \CoreException
 	 * @since 3.1.0 N°5609
 	 */
 	private function AddCurrentObjectInCrudStack(string $sCrudType): void
 	{
-		$this->LogCRUDDebug(__METHOD__);
 		$sRootClass = MetaModel::GetRootClass(get_class($this));
+		$sKey = (string)$this->GetKey();
 		self::$m_aCrudStack[] = [
 			'type'  => $sCrudType,
 			'class' => $sRootClass,
-			'id'    => (string)$this->GetKey(), // GetKey() doesn't have type hinting, so forcing type to avoid getting an int
+			'id'    => $sKey, // GetKey() doesn't have type hinting, so forcing type to avoid getting an int
 		];
+		$iCount = count(self::$m_aCrudStack);
+		$this->LogCRUDDebug(__METHOD__, "$sCrudType $sRootClass:$sKey count $iCount");
 	}

 	/**
@@ -6783,10 +6797,15 @@ abstract class DBObject implements iDisplay
 	 */
 	private function UpdateCurrentObjectInCrudStack(): void
 	{
-		$this->LogCRUDDebug(__METHOD__);
 		$aCurrentCrudStack = array_pop(self::$m_aCrudStack);
-		$aCurrentCrudStack['id'] = (string)$this->GetKey();
+		$sOldId = $aCurrentCrudStack['id'];
+		$sNewId = (string)$this->GetKey();
+		$aCurrentCrudStack['id'] = $sNewId;
 		self::$m_aCrudStack[] = $aCurrentCrudStack;
+		$sClass = $aCurrentCrudStack['class'];
+		$sType = $aCurrentCrudStack['type'];
+		$iCount = count(self::$m_aCrudStack);
+		$this->LogCRUDDebug(__METHOD__, "$sType $sClass:$sOldId => $sClass:$sNewId count $iCount");
 	}

 	/**
@@ -6798,7 +6817,11 @@ abstract class DBObject implements iDisplay
 	private function RemoveCurrentObjectInCrudStack(): void
 	{
 		$aRemoved = array_pop(self::$m_aCrudStack);
-		$this->LogCRUDDebug(__METHOD__, $aRemoved['class'].':'.$aRemoved['id']);
+		$sType = $aRemoved['type'];
+		$sClass = $aRemoved['class'];
+		$sId = $aRemoved['id'];
+		$iCount = count(self::$m_aCrudStack);
+		$this->LogCRUDDebug(__METHOD__, "$sType $sClass:$sId count $iCount");
 	}

 	/**
@@ -6815,37 +6838,53 @@ abstract class DBObject implements iDisplay
 	protected function LogCRUDEnter($sFunction, $sComment = '')
 	{
 		$sClass = get_class($this);
+		if (utils::StartsWith($sClass, 'CMDBChange')) {
+			return;
+		}
 		$sKey = $this->GetKey();
+		$sUUID = $this->m_sObjectUniqId;
 		$sPadding = str_pad('', count(self::$m_aCrudStack), '-');
-		IssueLog::Debug("CRUD +$sPadding> $sFunction $sClass:$sKey $sComment", LogChannels::DM_CRUD);
+		IssueLog::Debug("CRUD +$sPadding> $sFunction $sClass:$sKey ($sUUID) $sComment", LogChannels::DM_CRUD);
 	}

 	protected function LogCRUDExit($sFunction, $sComment = '')
 	{
 		$sClass = get_class($this);
+		if (utils::StartsWith($sClass, 'CMDBChange')) {
+			return;
+		}
 		$sKey = $this->GetKey();
+		$sUUID = $this->m_sObjectUniqId;
 		$sPadding = str_pad('', count(self::$m_aCrudStack), '-');
 		if (strlen($sComment) === 0) {
 			IssueLog::Trace("CRUD <$sPadding+ $sFunction $sClass:$sKey", LogChannels::DM_CRUD);
 		} else {
-			IssueLog::Debug("CRUD <$sPadding+ $sFunction $sClass:$sKey $sComment", LogChannels::DM_CRUD);
+			IssueLog::Debug("CRUD <$sPadding+ $sFunction $sClass:$sKey ($sUUID) $sComment", LogChannels::DM_CRUD);
 		}
 	}

 	protected function LogCRUDDebug($sFunction, $sComment = '')
 	{
 		$sClass = get_class($this);
+		if (utils::StartsWith($sClass, 'CMDBChange')) {
+			return;
+		}
 		$sKey = $this->GetKey();
+		$sUUID = $this->m_sObjectUniqId;
 		$sPadding = str_pad('', count(self::$m_aCrudStack), '-');
-		IssueLog::Debug("CRUD --$sPadding $sFunction $sClass:$sKey $sComment", LogChannels::DM_CRUD);
+		IssueLog::Debug("CRUD --$sPadding $sFunction $sClass:$sKey ($sUUID) $sComment", LogChannels::DM_CRUD);
 	}

 	protected function LogCRUDError($sFunction, $sComment = '')
 	{
 		$sClass = get_class($this);
+		if (utils::StartsWith($sClass, 'CMDBChange')) {
+			return;
+		}
 		$sKey = $this->GetKey();
+		$sUUID = $this->m_sObjectUniqId;
 		$sPadding = str_pad('', count(self::$m_aCrudStack), '!');
-		IssueLog::Error("CRUD !!$sPadding Error $sFunction $sClass:$sKey $sComment", LogChannels::DM_CRUD);
+		IssueLog::Error("CRUD !!$sPadding Error $sFunction $sClass:$sKey ($sUUID) $sComment", LogChannels::DM_CRUD);
 	}

 	/**
--- a/core/designdocument.class.inc.php
+++ b/core/designdocument.class.inc.php
@@ -501,7 +501,8 @@ class DesignElement extends \DOMElement
 			{
 				$sSearchId = $oRefNode->getAttribute('id');
 			}
-			$sXPath = './'.$oRefNode->tagName."[@id='$sSearchId']";
+			$sQuotedId = DesignDocument::XPathQuote($sSearchId);
+			$sXPath = './'.$oRefNode->tagName."[@id=$sQuotedId]";

 			$oRes = $oXPath->query($sXPath, $oRoot);
 		}
--- a/core/dict.class.inc.php
+++ b/core/dict.class.inc.php
@@ -206,7 +206,7 @@ class Dict
 		}

 		try{
-			return vsprintf($sLocalizedFormat, $aArguments);
+			return utils::VSprintf($sLocalizedFormat, $aArguments);
 		} catch(\Throwable $e){
 			\IssueLog::Error("Cannot format dict key", null, ["sFormatCode" => $sFormatCode, "sLangCode" => $sLangCode, 'exception_msg' => $e->getMessage() ]);
 			return $sFormatCode.' - '.implode(', ', $aArguments);
--- a/core/displayablegraph.class.inc.php
+++ b/core/displayablegraph.class.inc.php
@@ -453,6 +453,11 @@ class DisplayableNode extends GraphNode
 		}
 	}

+	public static function GetTooltipAttributes($sClass)
+	{
+		return MetaModel::GetZListItems($sClass, 'list');
+	}
+
 	public function GetTooltip($aContextDefs)
 	{
 		$sHtml = '';
@@ -474,7 +479,7 @@ class DisplayableNode extends GraphNode
 			$sHtml .= '<hr/>';
 		}
 		$sHtml .= '<table><tbody>';
-		foreach(MetaModel::GetZListItems($sSubClass, 'list') as $sAttCode)
+		foreach(static::GetTooltipAttributes($sSubClass) as $sAttCode)
 		{
 			$oAttDef = MetaModel::GetAttributeDef($sSubClass, $sAttCode);
 			$sHtml .= '<tr><td>'.$oAttDef->GetLabel().':&nbsp;</td><td>'.$oCurrObj->GetAsHtml($sAttCode).'</td></tr>';
@@ -864,6 +869,7 @@ class DisplayableGraph extends SimpleGraph
 	 */
 	public static function FromRelationGraph(RelationGraph $oGraph, $iGroupingThreshold = 20, $bDirectionDown = true, $bForPdf = false)
 	{
+		$oKPI = new ExecutionKPI();
 		$oNewGraph = new DisplayableGraph();
 		$oNewGraph->bDirectionDown = $bDirectionDown;
 		$iPreviousTimeLimit = ini_get('max_execution_time');
@@ -1017,6 +1023,7 @@ class DisplayableGraph extends SimpleGraph
 		}
 		set_time_limit(intval($iPreviousTimeLimit));

+		$oKPI->ComputeStats('FromRelationGraph', '');
 		return $oNewGraph;
 	}

@@ -1027,6 +1034,7 @@ class DisplayableGraph extends SimpleGraph
 	 */
 	public function InitFromGraphviz()
 	{
+		$oKPI = new ExecutionKPI();
 		$sDot = $this->DumpAsXDot();
 		if (strpos($sDot, 'digraph') === false)
 		{
@@ -1054,6 +1062,7 @@ class DisplayableGraph extends SimpleGraph
 				}
 			}
 		}
+		$oKPI->ComputeStats('InitFromGraphviz', '');
 	}

 	public function GetBoundingBox()
@@ -1470,8 +1479,8 @@ class DisplayableGraph extends SimpleGraph
 		try {
 			$this->InitFromGraphviz();
 			$sExportAsPdfURL = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=relation_pdf&relation='.$sRelation.'&direction='.($this->bDirectionDown ? 'down' : 'up');
-			$sContext = $oAppContext->GetForLink();
-			$sDrillDownURL = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=details&class=%1$s&id=%2$s&'.$sContext;
+			$sContext = $oAppContext->GetForLink(true);
+			$sDrillDownURL = utils::GetAbsoluteUrlAppRoot().'pages/UI.php?operation=details&class=%1$s&id=%2$s'.$sContext;
 			$sExportAsDocumentURL = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=relation_attachment&relation='.$sRelation.'&direction='.($this->bDirectionDown ? 'down' : 'up');
 			$sLoadFromURL = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=relation_json&relation='.$sRelation.'&direction='.($this->bDirectionDown ? 'down' : 'up');
 			$sAttachmentExportTitle = '';
--- a/core/htmlsanitizer.class.inc.php
+++ b/core/htmlsanitizer.class.inc.php
@@ -354,6 +354,8 @@ class HTMLDOMSanitizer extends DOMSanitizer
 		'font-style',
 		'height',
 		'margin',
+		'margin-left',
+		'margin-right',
 		'padding',
 		'text-align',
 		'vertical-align',
--- a/core/inlineimage.class.inc.php
+++ b/core/inlineimage.class.inc.php
@@ -54,7 +54,7 @@ class InlineImage extends DBObject
 		);
 		MetaModel::Init_Params($aParams);
 		MetaModel::Init_InheritAttributes();
-		MetaModel::Init_AddAttribute(new AttributeDateTime("expire", array("allowed_values"=>null, "sql"=>'expire', "default_value"=>'', "is_null_allowed"=>false, "depends_on"=>array(), "always_load_in_tables"=>false)));
+		MetaModel::Init_AddAttribute(new AttributeDateTime("expire", array("allowed_values" => null, "sql" => 'expire', "default_value" => 'DATE_ADD(NOW(), INTERVAL 1 DAY)', "is_null_allowed" => false, "depends_on" => array(), "always_load_in_tables" => false)));
 		MetaModel::Init_AddAttribute(new AttributeString("temp_id", array("allowed_values"=>null, "sql"=>'temp_id', "default_value"=>'', "is_null_allowed"=>true, "depends_on"=>array(), "always_load_in_tables"=>false)));
 		MetaModel::Init_AddAttribute(new AttributeString("item_class", array("allowed_values"=>null, "sql"=>'item_class', "default_value"=>'', "is_null_allowed"=>false, "depends_on"=>array(), "always_load_in_tables"=>false)));
 		MetaModel::Init_AddAttribute(new AttributeObjectKey("item_id", array("class_attcode"=>'item_class', "allowed_values"=>null, "sql"=>'item_id', "is_null_allowed"=>true, "depends_on"=>array(), "always_load_in_tables"=>false)));
--- a/core/kpi.class.inc.php
+++ b/core/kpi.class.inc.php
@@ -469,7 +469,8 @@ class ExecutionKPI
            // Invoke extensions to log the KPI operation
            /** @var \iKPILoggerExtension $oExtensionInstance */
            foreach (MetaModel::EnumPlugins('iKPILoggerExtension') as $oExtensionInstance) {
-                $sExtension = ModuleService::GetInstance()->GetModuleNameFromCallStack(1);
+                //$sExtension = ModuleService::GetInstance()->GetModuleNameFromCallStack(1);
+	            $sExtension = '';
                $oKPILogData = new KpiLogData(
                        KpiLogData::TYPE_STATS,
                        $sOperation,
--- a/core/modelreflection.class.inc.php
+++ b/core/modelreflection.class.inc.php
@@ -77,7 +77,7 @@ abstract class ModelReflection
 			return $sFormatCode.' - '.implode(', ', $aArguments);
 		}

-		return vsprintf($sLocalizedFormat, $aArguments);
+		return utils::VSprintf($sLocalizedFormat, $aArguments);
 	}

 	/**
--- a/core/relationgraph.class.inc.php
+++ b/core/relationgraph.class.inc.php
@@ -203,6 +203,7 @@ class RelationEdge extends GraphEdge
 */ 
 class RelationGraph extends SimpleGraph
 {
+	private static bool $bOptimizationEnabled = true;
 	protected $aSourceNodes; // Index of source nodes (for a quicker access)
 	protected $aSinkNodes; // Index of sink nodes (for a quicker access)
 	protected $aRedundancySettings; // Cache of user settings
@@ -217,6 +218,16 @@ class RelationGraph extends SimpleGraph
 		$this->aContextSearches = array();
 	}

+	static public function GetOptimizationEnabled(): bool
+	{
+		return static::$bOptimizationEnabled;
+	}
+
+	static public function SetOptimizationEnabled(bool $bEnabled)
+	{
+		static::$bOptimizationEnabled = $bEnabled;
+	}
+
 	/**
 	 * Add an object that will be the starting point for building the relations downstream
 	 *
@@ -261,16 +272,23 @@ class RelationGraph extends SimpleGraph
 			IssueLog::Error("Invalid context query '$sOQL'. A context query must contain at least two columns.");
 			throw new Exception("Invalid context query '$sOQL'. A context query must contain at least two columns. Columns: ".implode(', ', $aAliases).'. ');
 		}
-		$aAliasNames = array_keys($aAliases);
-		$oCondition = new BinaryExpression(new FieldExpression('id', $aAliasNames[0]), '=', new VariableExpression('id'));
-		$oSearch->AddConditionExpression($oCondition);
-		
-		$sClass = $oSearch->GetClass();
-		if (!array_key_exists($sClass, $this->aContextSearches))
-		{
-			$this->aContextSearches[$sClass] = array();
+
+		if (static::GetOptimizationEnabled()) {
+			$sClass = $oSearch->GetClass();
+			$this->aContextSearches[$sClass][] = array('key' => $key, 'search' => $oSearch);
+		}
+		else {
+			$aAliasNames = array_keys($aAliases);
+			$oCondition = new BinaryExpression(new FieldExpression('id', $aAliasNames[0]), '=', new VariableExpression('id'));
+			$oSearch->AddConditionExpression($oCondition);
+
+			$sClass = $oSearch->GetClass();
+			if (!array_key_exists($sClass, $this->aContextSearches))
+			{
+				$this->aContextSearches[$sClass] = array();
+			}
+			$this->aContextSearches[$sClass][] = array('key' => $key, 'search' => $oSearch);
 		}
-		$this->aContextSearches[$sClass][] = array('key' => $key, 'search' => $oSearch);
 	}

 	/**
@@ -283,6 +301,8 @@ class RelationGraph extends SimpleGraph
 	 */
 	public function IsPartOfContext(DBObject $oObj, &$aRootCauses)
 	{
+		$oKPI = new ExecutionKPI();
+
 		$bRet = false;
 		$sFinalClass = get_class($oObj);
 		$aParentClasses = MetaModel::EnumParentClasses($sFinalClass, ENUM_PARENT_CLASSES_ALL);
@@ -313,6 +333,7 @@ class RelationGraph extends SimpleGraph
 				}
 			}
 		}
+		$oKPI->ComputeStats(__METHOD__, get_class($oObj));
 		return $bRet;
 	}

@@ -329,6 +350,7 @@ class RelationGraph extends SimpleGraph
 	 */
 	public function ComputeRelatedObjectsDown($sRelCode, $iMaxDepth, $bEnableRedundancy, $aUnreachableObjects = array())
 	{
+		$oKPI = new ExecutionKPI();
 		//echo "<h5>Sources only...</h5>\n".$this->DumpAsHtmlImage()."<br/>\n";
 		// Build the graph out of the sources
 		foreach ($this->aSourceNodes as $oSourceNode)
@@ -336,8 +358,10 @@ class RelationGraph extends SimpleGraph
 			$this->AddRelatedObjects($sRelCode, true, $oSourceNode, $iMaxDepth, $bEnableRedundancy);
 			//echo "<h5>After processing of {$oSourceNode->GetId()}</h5>\n".$this->DumpAsHtmlImage()."<br/>\n";
 		}
+		$oKPI->ComputeAndReport(__FUNCTION__.' - AddRelatedObjects');
 		
 		// Mark the unreachable nodes
+		$oKPI = new ExecutionKPI();
 		foreach ($aUnreachableObjects as $oObj)
 		{
 			$sNodeId = RelationObjectNode::MakeId($oObj);
@@ -347,29 +371,26 @@ class RelationGraph extends SimpleGraph
 				$oNode->SetProperty('is_reached_allowed', false);
 			}
 		}
+		$oKPI->ComputeAndReport(__FUNCTION__.' - Mark unreachable nodes');
 		
 		// Determine the reached nodes
+		$oKPI = new ExecutionKPI();
 		foreach ($this->aSourceNodes as $oSourceNode)
 		{
 			$oSourceNode->ReachDown('is_reached', true);
 			//echo "<h5>After reaching from {$oSourceNode->GetId()}</h5>\n".$this->DumpAsHtmlImage()."<br/>\n";
 		}
+		$oKPI->ComputeAndReport(__FUNCTION__.' - Determine reached nodes');
 		
-		// Mark also the "context" nodes as reached and record the "root causes" for each node
-		$oIterator = new RelationTypeIterator($this, 'Node');
-		foreach($oIterator as $oNode)
-		{
-			$oObj = $oNode->GetProperty('object');
-			$aRootCauses = array();
-			if (!is_null($oObj) && $this->IsPartOfContext($oObj, $aRootCauses))
-			{
-				$oNode->SetProperty('context_root_causes', $aRootCauses);
-				$oNode->ReachDown('is_reached', true);
-			}	
-		}
+		$oKPI = new ExecutionKPI();
+		$this->MarkContextNodesAsReached();
+		$oKPI->ComputeAndReport(__FUNCTION__.' - Mark context nodes as reached');
+
+		$oKPI = new ExecutionKPI();
 		if ( MetaModel::GetConfig()->Get('relations.complete_analysis')) {
 			$this->ApplyUserRightsOnGraph();
 		}
+		$oKPI->ComputeAndReport(__FUNCTION__.' - Apply user rights on graph');
 	}

 	/**
@@ -384,6 +405,7 @@ class RelationGraph extends SimpleGraph
 	 */
 	public function ComputeRelatedObjectsUp($sRelCode, $iMaxDepth, $bEnableRedundancy)
 	{
+		$oKPI = new ExecutionKPI();
 		//echo "<h5>Sinks only...</h5>\n".$this->DumpAsHtmlImage()."<br/>\n";
 		// Build the graph out of the sinks
 		foreach ($this->aSinkNodes as $oSinkNode)
@@ -407,6 +429,7 @@ class RelationGraph extends SimpleGraph
 		if ( MetaModel::GetConfig()->Get('relations.complete_analysis')) {
 			$this->ApplyUserRightsOnGraph();
 		}
+		$oKPI->ComputeStats('GetRelatedObjects-Up', '');
 	}


@@ -423,6 +446,11 @@ class RelationGraph extends SimpleGraph
 	 */
 	protected function AddRelatedObjects($sRelCode, $bDown, $oObjectNode, $iMaxDepth, $bEnableRedundancy)
 	{
+		if (static::GetOptimizationEnabled()) {
+			$this->AddRelatedObjects_Optimized();
+			return;
+		}
+
 		if ($iMaxDepth > 0)
 		{
 			if ($oObjectNode instanceof RelationRedundancyNode)
@@ -513,6 +541,64 @@ class RelationGraph extends SimpleGraph
 		}
 	}

+	public function AddRelatedObjects_Optimized()
+	{
+		$sRelCode = 'impact';
+
+		// TODO : dehardcode against the source nodes
+		$sSQLQuery = file_get_contents(APPROOT.'/impact_server1.sql');
+
+		$aRes = CMDBSource::QueryToArray($sSQLQuery, MYSQLI_ASSOC);
+
+		$oKPI = new ExecutionKPI();
+		$aClassToId = [];
+		foreach ($aRes as $aRow) {
+			if (is_null($aRow['parent_class']) || is_null($aRow['parent_id'])) {
+				// No parent => source node already present in the graph
+				continue;
+			}
+			$aClassToId[$aRow['class']][$aRow['id']] = $aRow['name'];
+		}
+		$oKPI->ComputeAndReport('AddRelatedObjectsDown - Create aClassToId');
+
+		$oKPI = new ExecutionKPI();
+		// One query per class => not too bad
+		// Note: it is not possible to use the root class as we need to load the tooltip attributes
+		foreach ($aClassToId as $sClass => $aIds) {
+			$oSearch = new DBObjectSearch($sClass);
+			$oSearch->AllowAllData();
+			$oSearch->AddCondition('id', array_keys($aIds), 'IN');
+			$oSet = new DBObjectSet($oSearch);
+			$oSet->OptimizeColumnLoad([$oSearch->GetClassAlias() => DisplayableNode::GetTooltipAttributes($sClass)]);
+			while ($oObj = $oSet->Fetch()) {
+				$sNodeId = RelationObjectNode::MakeId($oObj);
+				if (!isset($this->aNodes[$sNodeId])) {
+					$this->aNodes[$sNodeId] = new RelationObjectNode($this, $oObj);
+				}
+			}
+		}
+		$oKPI->ComputeAndReport('AddRelatedObjectsDown - Query each class and create nodes: '.count($aClassToId));
+
+		$oKPI = new ExecutionKPI();
+		foreach ($aRes as $aRow) {
+			if (is_null($aRow['parent_class']) || is_null($aRow['parent_id'])) {
+				// No parent, so no edge
+				continue;
+			}
+			if ($aRow['backtracking'] == 0) {
+				$oSourceNode = $this->GetNode("{$aRow['parent_class']}::{$aRow['parent_id']}");
+				$oSinkNode = $this->GetNode("{$aRow['class']}::{$aRow['id']}");
+			}
+			else {
+				$oSourceNode = $this->GetNode("{$aRow['class']}::{$aRow['id']}");
+				$oSinkNode = $this->GetNode("{$aRow['parent_class']}::{$aRow['parent_id']}");
+			}
+			new RelationEdge($this, $oSourceNode, $oSinkNode);
+		}
+		$oKPI->ComputeAndReport('AddRelatedObjectsDown - Create edges : '.count($aRes));
+	}
+
+
 	/**
 	 * Determine if there is a redundancy (or use the existing one) and add the corresponding nodes/edges
 	 *
@@ -747,4 +833,71 @@ class RelationGraph extends SimpleGraph
 		}
 	}

+	/**
+	 * Mark "context" nodes as reached and record the "root causes" for each node
+	 */
+	private function MarkContextNodesAsReached()
+	{
+		if (static::GetOptimizationEnabled()) {
+			$this->MarkContextNodesAsReached_Optimized();
+			return;
+		}
+
+		$oIterator = new RelationTypeIterator($this, 'Node');
+		foreach($oIterator as $oNode)
+		{
+			$oObj = $oNode->GetProperty('object');
+			$aRootCauses = array();
+			if (!is_null($oObj) && $this->IsPartOfContext($oObj, $aRootCauses))
+			{
+				$oNode->SetProperty('context_root_causes', $aRootCauses);
+				$oNode->ReachDown('is_reached', true);
+			}
+		}
+	}
+
+	private function MarkContextNodesAsReached_Optimized()
+	{
+		$oIterator = new RelationTypeIterator($this, 'Node');
+		// 1. Group all nodes by class
+		$aClassToId = [];
+		foreach ($oIterator as $oNode) {
+			$oObj = $oNode->GetProperty('object');
+			if ($oObj) {
+				$aClassToId[get_class($oObj)][$oObj->GetKey()] = $oNode;
+			}
+		}
+		// 2. For each class, perform a search to find the context objects
+		$aContextNodes = [];
+		foreach ($aClassToId as $sClass => $aIdToNodes) {
+			foreach (MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL) as $sParentClass)
+			{
+				if (!array_key_exists($sParentClass, $this->aContextSearches)) {
+					continue; // No context search for this class
+				}
+				foreach ($this->aContextSearches[$sParentClass] as $aContextQuery)
+				{
+					$oKPI = new ExecutionKPI();
+					/** @var \DBSearch $oSearch */
+					$oSearch = $aContextQuery['search']->DeepClone();
+					$oSearch->AddCondition('id', array_keys($aIdToNodes), 'IN');
+					$aAliasNames = array_keys($oSearch->GetSelectedClasses());
+					$sObjectAlias = $aAliasNames[0];
+					$sRootCauseAlias = $aAliasNames[1];
+					$oSet = new DBObjectSet($oSearch);
+					$oSet->OptimizeColumnLoad([$sObjectAlias => [], $sRootCauseAlias => []]);
+					while($aRow = $oSet->FetchAssoc()) {
+						$oRootCauseObject = $aRow[$sRootCauseAlias];
+						if (is_null($oRootCauseObject)) continue;
+
+						$oNode = $aIdToNodes[$aRow[$sObjectAlias]->GetKey()];
+						$aRootCauses = $oNode->GetProperty('context_root_causes', []);
+						$aRootCauses[$aContextQuery['key']][$oRootCauseObject->GetKey()] = $oRootCauseObject;
+						$oNode->SetProperty('context_root_causes', $aRootCauses);
+					}
+					$oKPI->ComputeStats('Query to find context objects', $sClass.' - '.$aContextQuery['key']);
+				}
+			}
+		}
+	}
 }
--- a/core/restservices.class.inc.php
+++ b/core/restservices.class.inc.php
@@ -44,6 +44,8 @@ class ObjectResult
 	 * @var string
 	 * @api
 	 */
+    use SanitizeTrait;
+
 	public $message;
 	/**
 	 * @var mixed|null
@@ -74,6 +76,52 @@ class ObjectResult
 		$this->fields = array();
 	}

+	/**
+	 * Creates an ObjectResult from a DBObject.
+	 *
+	 * @param DBObject $oObj The object.
+	 * @param array|null $aFieldSpec An array of class => attribute codes (Cf. RestUtils::GetFieldList). List of the attributes to be reported.
+	 * @param boolean $bExtendedOutput Output all of the link set attributes ?
+	 * @param integer $iCode An error code (RestResult::OK is no issue has been found)
+	 * @param string $sMessage Description of the error if any, an empty string otherwise
+	 * 
+	 * @return ObjectResult
+	 */
+	public static function FromDBObject(DBObject $oObj, ?array $aFieldSpec = null, $bExtendedOutput = false, $iCode = 0, $sMessage = '') : ObjectResult {
+
+		$oObjRes = new ObjectResult($oObj::class, $oObj->GetKey());
+		$oObjRes->code = $iCode;
+		$oObjRes->message = $sMessage;
+
+		$aFields = null;
+		if (!is_null($aFieldSpec))
+		{
+			// Enum all classes in the hierarchy, starting with the current one
+			foreach (MetaModel::EnumParentClasses($oObj::class, ENUM_PARENT_CLASSES_ALL, false) as $sRefClass)
+			{
+				if (array_key_exists($sRefClass, $aFieldSpec))
+				{
+					$aFields = $aFieldSpec[$sRefClass];
+					break;
+				}
+			}
+		}
+		if (is_null($aFields))
+		{
+			// No fieldspec given, or not found...
+			$aFields = array('id', 'friendlyname');
+		}
+
+		foreach ($aFields as $sAttCode)
+		{
+			$oObjRes->AddField($oObj, $sAttCode, $bExtendedOutput);
+		}
+
+		return $oObjRes;
+
+	}
+
+
 	/**
 	 * Helper to make an output value for a given attribute
 	 *
@@ -156,6 +204,18 @@ class ObjectResult
 	{
 		$this->fields[$sAttCode] = $this->MakeResultValue($oObject, $sAttCode, $bExtendedOutput);
 	}
+
+	public function SanitizeContent()
+	{
+		foreach($this->fields as $sFieldAttCode => $fieldValue) {
+            try {
+			$oAttDef = MetaModel::GetAttributeDef($this->class, $sFieldAttCode);
+            } catch (Exception $e) { // for special cases like ID
+                continue;
+            }
+			$this->SanitizeFieldIfSensitive($this->fields, $sFieldAttCode, $fieldValue, $oAttDef);
+		}
+	}
 }


@@ -189,38 +249,21 @@ class RestResultWithObjects extends RestResult
 	 */
 	public function AddObject($iCode, $sMessage, $oObject, $aFieldSpec = null, $bExtendedOutput = false)
 	{
-		$sClass = get_class($oObject);
-		$oObjRes = new ObjectResult($sClass, $oObject->GetKey());
-		$oObjRes->code = $iCode;
-		$oObjRes->message = $sMessage;
-
-		$aFields = null;
-		if (!is_null($aFieldSpec))
-		{
-			// Enum all classes in the hierarchy, starting with the current one
-			foreach (MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL, false) as $sRefClass)
-			{
-				if (array_key_exists($sRefClass, $aFieldSpec))
-				{
-					$aFields = $aFieldSpec[$sRefClass];
-					break;
-				}
-			}
-		}
-		if (is_null($aFields))
-		{
-			// No fieldspec given, or not found...
-			$aFields = array('id', 'friendlyname');
-		}
-
-		foreach ($aFields as $sAttCode)
-		{
-			$oObjRes->AddField($oObject, $sAttCode, $bExtendedOutput);
-		}
+		$oObjRes = ObjectResult::FromDBObject($oObject, $aFieldSpec, $bExtendedOutput, $iCode, $sMessage);

 		$sObjKey = get_class($oObject).'::'.$oObject->GetKey();
 		$this->objects[$sObjKey] = $oObjRes;
 	}
+
+public function SanitizeContent()
+	{
+		parent::SanitizeContent();
+
+		foreach($this->objects as $sObjKey => $oObjRes)
+		{
+			$oObjRes->SanitizeContent();
+		}
+	}
 }

 /**
@@ -308,9 +351,10 @@ class RestDelete
 *
 * @package     Core
 */
-class CoreServices implements iRestServiceProvider
+class CoreServices implements iRestServiceProvider, iRestInputSanitizer
 {
-	/**
+    use SanitizeTrait;
+    /**
 	 * Enumerate services delivered by this class
 	 * 	 
 	 * @param string $sVersion The version (e.g. 1.0) supported by the services
@@ -528,18 +572,18 @@ class CoreServices implements iRestServiceProvider
            }
 			else
 			{
-                                if (!$bExtendedOutput && RestUtils::GetOptionalParam($aParams, 'output_fields', '*') != '*') 
+                                if (!$bExtendedOutput && RestUtils::GetOptionalParam($aParams, 'output_fields', '*') != '*')
                                {
                                        $aFields = $aShowFields[$sClass];
                                        //Id is not a valid attribute to optimize
-                                        if (in_array('id', $aFields)) 
+                                        if (in_array('id', $aFields))
                                        {
                                            unset($aFields[array_search('id', $aFields)]);
                                        }
                                        $aAttToLoad = array($oObjectSet->GetClassAlias() => $aFields);
                                        $oObjectSet->OptimizeColumnLoad($aAttToLoad);
                                }
-                                
+
 				while ($oObject = $oObjectSet->Fetch())
 				{
 					$oResult->AddObject(0, '', $oObject, $aShowFields, $bExtendedOutput);
@@ -737,6 +781,33 @@ class CoreServices implements iRestServiceProvider
 		return $oResult;
 	}

+	public function SanitizeJsonInput(string $sJsonInput): string
+	{
+        $sSanitizedJsonInput = $sJsonInput;
+        $aJsonData = json_decode($sSanitizedJsonInput, true);
+        $sOperation = $aJsonData['operation'];
+
+        switch ($sOperation) {
+            case 'core/check_credentials':
+                if (isset($aJsonData['password'])) {
+                    $aJsonData['password'] = '*****';
+                }
+                break;
+            case 'core/update':
+            case 'core/create':
+            default :
+            $sClass = $aJsonData['class'];
+            if (isset($aJsonData['fields'])) {
+                foreach ($aJsonData['fields'] as $sFieldAttCode => $fieldValue) {
+                    $oAttDef = MetaModel::GetAttributeDef($sClass, $sFieldAttCode);
+                    $this->SanitizeFieldIfSensitive($aJsonData['fields'], $sFieldAttCode, $fieldValue, $oAttDef);
+                }
+            }
+            break;
+        }
+		return json_encode($aJsonData, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
+	}
+
 	/**
 	 * Helper for object deletion	
 	 */
@@ -875,3 +946,53 @@ class CoreServices implements iRestServiceProvider
 		return $iLimit * max(0, $iPage - 1);
 	}
 }
+
+/**
+ * Sanitizes sensitive fields on a "json ready" representation of a DBObject
+ * Useful for logging purposes
+ */
+trait SanitizeTrait
+{
+    /**
+     * Sanitize a field if it is sensitive.
+     *
+     * @param array $fields The fields array
+     * @param string $sFieldAttCode The attribute code
+     * @param mixed $oAttDef The attribute definition
+     * @throws Exception
+     */
+    private function SanitizeFieldIfSensitive(array &$fields, string $sFieldAttCode, $fieldValue, $oAttDef): void
+    {
+        // for simple attribute
+        if ($oAttDef instanceof iAttributeNoGroupBy) { // iAttributeNoGroupBy is equivalent to sensitive attribute
+            $fields[$sFieldAttCode] = '*****';
+            return;
+        }
+        // for 1-n / n-n relation
+        if ($oAttDef instanceof AttributeLinkedSet) {
+            foreach ($fieldValue as $i => $aLnkValues) {
+                foreach ($aLnkValues as $sLnkAttCode => $sLnkValue) {
+                    $oLnkAttDef = MetaModel::GetAttributeDef($oAttDef->GetLinkedClass(), $sLnkAttCode);
+                    if ($oLnkAttDef instanceof iAttributeNoGroupBy) { // 1-n relation
+                        $fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****';
+                    }
+                    elseif ($oAttDef instanceof AttributeLinkedSetIndirect && $oLnkAttDef instanceof AttributeExternalField) { // for n-n relation
+                        $oExtKeyAttDef = MetaModel::GetAttributeDef($oLnkAttDef->GetTargetClass(), $oLnkAttDef->GetExtAttCode());
+                        if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) {
+                            $fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****';
+                        }
+                    }
+                }
+            }
+            return;
+        }
+
+        // for external attribute
+        if ($oAttDef instanceof AttributeExternalField) {
+            $oExtKeyAttDef = MetaModel::GetAttributeDef($oAttDef->GetTargetClass(), $oAttDef->GetExtAttCode());
+            if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) {
+                $fields[$sFieldAttCode] = '*****';
+            }
+        }
+    }
+}
--- a/core/simplegraph.class.inc.php
+++ b/core/simplegraph.class.inc.php
@@ -517,8 +517,10 @@ EOF
 			@fclose($rFile);
 			$aOutput = array();
 			$CommandLine = "\"$sDotExecutable\" -v -Tpng < \"$sDotFilePath\" -o\"$sImageFilePath\" 2>&1";
-		
+
+			$oKPI = new ExecutionKPI();
 			exec($CommandLine, $aOutput, $iRetCode);
+			$oKPI->ComputeStats('Graphviz execution png', 'png');
 			if ($iRetCode != 0)
 			{
 				$sHtml = '';
@@ -573,8 +575,10 @@ EOF
 			@fclose($rFile);
 			$aOutput = array();
 			$CommandLine = "\"$sDotExecutable\" -v -Tdot < \"$sDotFilePath\" -o\"$sXdotFilePath\" 2>&1";
-	
+
+			$oKPI = new ExecutionKPI();
 			exec($CommandLine, $aOutput, $iRetCode);
+			$oKPI->ComputeStats('Graphviz execution dot', 'dot');
 			if ($iRetCode != 0)
 			{
 				$sHtml = '';
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -2120,6 +2120,8 @@ class StimulusChecker extends ActionChecker
 {
 	var $sState = null;

+	public mixed $iState = null;
+
 	public function __construct(DBSearch $oFilter, $sState, $iStimulusCode)
 	{
 		parent::__construct($oFilter, $iStimulusCode);
--- a/core/valuesetdef.class.inc.php
+++ b/core/valuesetdef.class.inc.php
@@ -435,7 +435,7 @@ class ValueSetObjects extends ValueSetDefinition
 				foreach ($aAdditionalField as $sAdditionalField) {
 					array_push($aArguments, $oObject->Get($sAdditionalField));
 				}
-				$aData['additional_field'] = vsprintf($sFormatAdditionalField, $aArguments);
+				$aData['additional_field'] = utils::VSprintf($sFormatAdditionalField, $aArguments);
 			} else {
 				$aData['additional_field'] = '';
 			}
--- a/css/backoffice/utils/variables/colors/_base-palette.scss
+++ b/css/backoffice/utils/variables/colors/_base-palette.scss
@@ -99,6 +99,28 @@ $ibo-color-pink-800: $common-color-pink-800 !default;
 $ibo-color-pink-900: $common-color-pink-900 !default;
 $ibo-color-pink-950: $common-color-pink-950 !default;

+$ibo-color-yellow-100: $common-color-yellow-100 !default;
+$ibo-color-yellow-200: $common-color-yellow-200 !default;
+$ibo-color-yellow-300: $common-color-yellow-300 !default;
+$ibo-color-yellow-400: $common-color-yellow-400 !default;
+$ibo-color-yellow-500: $common-color-yellow-500 !default;
+$ibo-color-yellow-600: $common-color-yellow-600 !default;
+$ibo-color-yellow-700: $common-color-yellow-700 !default;
+$ibo-color-yellow-800: $common-color-yellow-800 !default;
+$ibo-color-yellow-900: $common-color-yellow-900 !default;
+$ibo-color-yellow-950: $common-color-yellow-950 !default;
+
+$ibo-color-purple-100: $common-color-purple-100 !default;
+$ibo-color-purple-200: $common-color-purple-200 !default;
+$ibo-color-purple-300: $common-color-purple-300 !default;
+$ibo-color-purple-400: $common-color-purple-400 !default;
+$ibo-color-purple-500: $common-color-purple-500 !default;
+$ibo-color-purple-600: $common-color-purple-600 !default;
+$ibo-color-purple-700: $common-color-purple-700 !default;
+$ibo-color-purple-800: $common-color-purple-800 !default;
+$ibo-color-purple-900: $common-color-purple-900 !default;
+$ibo-color-purple-950: $common-color-purple-950 !default;
+
 $ibo-colors: $common-colors;

 /* CSS variables */
@@ -196,4 +218,26 @@ $ibo-colors: $common-colors;
 	--ibo-color-pink-800: #{$ibo-color-pink-800};
 	--ibo-color-pink-900: #{$ibo-color-pink-900};
 	--ibo-color-pink-950: #{$ibo-color-pink-950};
+  
+  --ibo-color-yellow-100: #{$ibo-color-yellow-100};
+  --ibo-color-yellow-200: #{$ibo-color-yellow-200};
+  --ibo-color-yellow-300: #{$ibo-color-yellow-300};
+  --ibo-color-yellow-400: #{$ibo-color-yellow-400};
+  --ibo-color-yellow-500: #{$ibo-color-yellow-500};
+  --ibo-color-yellow-600: #{$ibo-color-yellow-600};
+  --ibo-color-yellow-700: #{$ibo-color-yellow-700};
+  --ibo-color-yellow-800: #{$ibo-color-yellow-800};
+  --ibo-color-yellow-900: #{$ibo-color-yellow-900};
+  --ibo-color-yellow-950: #{$ibo-color-yellow-950};
+
+  --ibo-color-purple-100: #{$ibo-color-purple-100};
+  --ibo-color-purple-200: #{$ibo-color-purple-200};
+  --ibo-color-purple-300: #{$ibo-color-purple-300};
+  --ibo-color-purple-400: #{$ibo-color-purple-400};
+  --ibo-color-purple-500: #{$ibo-color-purple-500};
+  --ibo-color-purple-600: #{$ibo-color-purple-600};
+  --ibo-color-purple-700: #{$ibo-color-purple-700};
+  --ibo-color-purple-800: #{$ibo-color-purple-800};
+  --ibo-color-purple-900: #{$ibo-color-purple-900};
+  --ibo-color-purple-950: #{$ibo-color-purple-950};
 }
--- a/css/common/utils/variables/colors/_base-palette.scss
+++ b/css/common/utils/variables/colors/_base-palette.scss
@@ -99,4 +99,26 @@ $common-color-pink-800: hsla(322, 60%, 37%, 1) !default;
 $common-color-pink-900: hsla(318, 51%, 29%, 1) !default;
 $common-color-pink-950: hsla(318, 51%, 21%, 1) !default;

-$common-colors: ('grey', 'blue-grey', 'blue', 'cyan', 'green', 'orange', 'red', 'pink', 'primary', 'secondary', 'information', 'success', 'warning', 'danger');
+$common-color-yellow-100: hsla(60, 100%, 97.06%, 1) !default;
+$common-color-yellow-200: hsla(58.1, 96.92%, 87.25%, 1) !default;
+$common-color-yellow-300: hsla(54.69, 91.87%, 75.88%, 1) !default;
+$common-color-yellow-400: hsla(51.32, 89.41%, 66.67%, 1) !default;
+$common-color-yellow-500: hsla(46.96, 80.9%, 60.98%, 1) !default;
+$common-color-yellow-600: hsla(40, 67.2%, 50.98%, 1) !default;
+$common-color-yellow-700: hsla(35.53, 71.03%, 41.96%, 1) !default;
+$common-color-yellow-800: hsla(31.63, 74.57%, 33.92%, 1) !default;
+$common-color-yellow-900: hsla(30, 75.76%, 25.88%, 1) !default;
+$common-color-yellow-950: hsla(29, 80%, 17%, 1) !default;
+
+$common-color-purple-100: hsla(251.43, 91.3%, 95.49%, 1) !default;
+$common-color-purple-200: hsla(250.5, 95.24%, 91.76%, 1) !default;
+$common-color-purple-300: hsla(252.5, 94.74%, 85.1%, 1) !default;
+$common-color-purple-400: hsla(255.14, 91.74%, 76.27%, 1) !default;
+$common-color-purple-500: hsla(258.31, 89.53%, 66.27%, 1) !default;
+$common-color-purple-600: hsla(262.12, 83.26%, 57.84%, 1) !default;
+$common-color-purple-700: hsla(263.39, 69.96%, 50.39%, 1) !default;
+$common-color-purple-800: hsla(263.36, 69.3%, 42.16%, 1) !default;
+$common-color-purple-900: hsla(263.5, 67.42%, 34.9%, 1) !default;
+$common-color-purple-950: hsla(263, 71%, 26%, 1) !default;
+
+$common-colors: ('grey', 'blue-grey', 'blue', 'cyan', 'green', 'orange', 'red', 'pink', 'yellow', 'purple', 'primary', 'secondary', 'information', 'success', 'warning', 'danger');
--- a/datamodels/2.x/authent-cas/composer.json
+++ b/datamodels/2.x/authent-cas/composer.json
@@ -1,4 +1,5 @@
 {
+  "name": "combodo/authent-cas",
  "config" : {
    "classmap-authoritative" : true
  },
--- a/datamodels/2.x/authent-cas/composer.lock
+++ b/datamodels/2.x/authent-cas/composer.lock
@@ -4,15 +4,15 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "d751713988987e9331980363e24189ce",
+    "content-hash": "2f342cfe65023402c1e00d88698d52b9",
    "packages": [],
    "packages-dev": [],
    "aliases": [],
    "minimum-stability": "stable",
-    "stability-flags": [],
+    "stability-flags": {},
    "prefer-stable": false,
    "prefer-lowest": false,
-    "platform": [],
-    "platform-dev": [],
-    "plugin-api-version": "2.1.0"
+    "platform": {},
+    "platform-dev": {},
+    "plugin-api-version": "2.6.0"
 }
--- a/datamodels/2.x/authent-cas/dictionaries/cs.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/cs.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('CS CZ', 'Czech', 'Čeština', [
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
 	'CAS:Error:UserNotAllowed' => 'Uživatel není oprávněn',
 	'CAS:Login:SignIn' => 'Přihlásit se prostřednictvím CAS',
 	'CAS:Login:SignInTooltip' => 'Klikni zde pro příhlášení prostřednictvím CAS serveru',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/da.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/da.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('DA DA', 'Danish', 'Dansk', [
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
 	'CAS:Error:UserNotAllowed' => 'User not allowed~~',
 	'CAS:Login:SignIn' => 'Sign in with CAS~~',
 	'CAS:Login:SignInTooltip' => 'Click here to authenticate yourself with the CAS server~~',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/de.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/de.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('DE DE', 'German', 'Deutsch', [
+Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'CAS:Error:UserNotAllowed' => 'Benutzer ist nicht zugelassen',
 	'CAS:Login:SignIn' => 'Anmeldung mit CAS',
 	'CAS:Login:SignInTooltip' => 'Hier klicken, um sich am CAS-Server zu authentifizieren',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/es_cr.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/es_cr.dict.authent-cas.php
@@ -7,8 +7,8 @@
 * @author Miguel Turrubiates <miguel_tf@yahoo.com>
 * @notas       Utilizar codificación UTF-8 para mostrar acentos y otros caracteres especiales 
 */
-Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
+Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'CAS:Error:UserNotAllowed' => 'Usuario no permitido',
 	'CAS:Login:SignIn' => 'Iniciar sesión con CAS',
 	'CAS:Login:SignInTooltip' => 'Click para autenticarse con servidor CAS',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/fr.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/fr.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('FR FR', 'French', 'Français', [
+Dict::Add('FR FR', 'French', 'Français', array(
 	'CAS:Error:UserNotAllowed' => 'Utilisateur non autorisé',
 	'CAS:Login:SignIn' => 'S\'identifier avec CAS',
 	'CAS:Login:SignInTooltip' => 'Cliquer ici pour s\'identifier avec le serveur CAS',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/hu.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/hu.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('HU HU', 'Hungarian', 'Magyar', [
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
 	'CAS:Error:UserNotAllowed' => 'Nem engedélyezett felhasználó',
 	'CAS:Login:SignIn' => 'Bejelentkezés CAS szerverrel',
 	'CAS:Login:SignInTooltip' => 'Kattintson ide az azonosításhoz a CAS szerveren',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/it.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/it.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('IT IT', 'Italian', 'Italiano', [
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
 	'CAS:Error:UserNotAllowed' => 'Utente non autorizzato',
 	'CAS:Login:SignIn' => 'Accedi con CAS',
 	'CAS:Login:SignInTooltip' => 'Clicca qui per autenticarti con il server CAS',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/ja.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/ja.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('JA JP', 'Japanese', '日本語', [
+Dict::Add('JA JP', 'Japanese', '日本語', array(
 	'CAS:Error:UserNotAllowed' => 'User not allowed~~',
 	'CAS:Login:SignIn' => 'Sign in with CAS~~',
 	'CAS:Login:SignInTooltip' => 'Click here to authenticate yourself with the CAS server~~',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/nl.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/nl.dict.authent-cas.php
@@ -10,8 +10,8 @@
 * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
 *
 */
-Dict::Add('NL NL', 'Dutch', 'Nederlands', [
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'CAS:Error:UserNotAllowed' => 'Gebruiker heeft onvoldoende rechten.',
 	'CAS:Login:SignIn' => 'Inloggen met CAS',
 	'CAS:Login:SignInTooltip' => 'Klik hier om aan te melden via de CAS-server',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/pl.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/pl.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('PL PL', 'Polish', 'Polski', [
+Dict::Add('PL PL', 'Polish', 'Polski', array(
 	'CAS:Error:UserNotAllowed' => 'Użytkownik niedozwolony',
 	'CAS:Login:SignIn' => 'Zaloguj się za pomocą CAS',
 	'CAS:Login:SignInTooltip' => 'Kliknij tutaj, aby uwierzytelnić się na serwerze CAS',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/pt_br.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/pt_br.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('PT BR', 'Brazilian', 'Brazilian', [
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
 	'CAS:Error:UserNotAllowed' => 'Usuário não permitido',
 	'CAS:Login:SignIn' => 'Autenticar com CAS',
 	'CAS:Login:SignInTooltip' => 'Clique aqui para se autenticar no servidor CAS',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/ru.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/ru.dict.authent-cas.php
@@ -10,8 +10,8 @@
 * @author Vladimir Kunin <v.b.kunin@gmail.com>
 *
 */
-Dict::Add('RU RU', 'Russian', 'Русский', [
+Dict::Add('RU RU', 'Russian', 'Русский', array(
 	'CAS:Error:UserNotAllowed' => 'Вход не разрешён',
 	'CAS:Login:SignIn' => 'Вход через CAS',
 	'CAS:Login:SignInTooltip' => 'Нажмите здесь, чтобы войти через CAS сервер',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/sk.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/sk.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('SK SK', 'Slovak', 'Slovenčina', [
+Dict::Add('SK SK', 'Slovak', 'Slovenčina', array(
 	'CAS:Error:UserNotAllowed' => 'User not allowed~~',
 	'CAS:Login:SignIn' => 'Sign in with CAS~~',
 	'CAS:Login:SignInTooltip' => 'Click here to authenticate yourself with the CAS server~~',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/tr.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/tr.dict.authent-cas.php
@@ -9,8 +9,8 @@
 /**
 *
 */
-Dict::Add('TR TR', 'Turkish', 'Türkçe', [
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
 	'CAS:Error:UserNotAllowed' => 'User not allowed~~',
 	'CAS:Login:SignIn' => 'Sign in with CAS~~',
 	'CAS:Login:SignInTooltip' => 'Click here to authenticate yourself with the CAS server~~',
-]);
+));
--- a/datamodels/2.x/authent-cas/dictionaries/zh_cn.dict.authent-cas.php
+++ b/datamodels/2.x/authent-cas/dictionaries/zh_cn.dict.authent-cas.php
@@ -5,9 +5,8 @@
 * @copyright Copyright (C) 2010-2024 Combodo SAS
 * @license    https://opensource.org/licenses/AGPL-3.0
 */
-
-Dict::Add('ZH CN', 'Chinese', '简体中文', [
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
 	'CAS:Error:UserNotAllowed' => '用户被禁止登录',
 	'CAS:Login:SignIn' => '使用CAS登录',
 	'CAS:Login:SignInTooltip' => '点击这里使用CAS服务器认证',
-]);
+));
--- a/datamodels/2.x/authent-cas/vendor/autoload.php
+++ b/datamodels/2.x/authent-cas/vendor/autoload.php
@@ -2,6 +2,24 @@

 // autoload.php @generated by Composer

+if (PHP_VERSION_ID < 50600) {
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
+}
+
 require_once __DIR__ . '/composer/autoload_real.php';

-return ComposerAutoloaderInit1878ad96115c3aa0fa5e9fd9807f5db0::getLoader();
+return ComposerAutoloaderInit2f342cfe65023402c1e00d88698d52b9::getLoader();
--- a/datamodels/2.x/authent-cas/vendor/composer/ClassLoader.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/ClassLoader.php
@@ -42,35 +42,37 @@ namespace Composer\Autoload;
 */
 class ClassLoader
 {
-    /** @var ?string */
+    /** @var \Closure(string):void */
+    private static $includeFile;
+
+    /** @var string|null */
    private $vendorDir;

    // PSR-4
    /**
-     * @var array[]
-     * @psalm-var array<string, array<string, int>>
+     * @var array<string, array<string, int>>
     */
    private $prefixLengthsPsr4 = array();
    /**
-     * @var array[]
-     * @psalm-var array<string, array<int, string>>
+     * @var array<string, list<string>>
     */
    private $prefixDirsPsr4 = array();
    /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
     */
    private $fallbackDirsPsr4 = array();

    // PSR-0
    /**
-     * @var array[]
-     * @psalm-var array<string, array<string, string[]>>
+     * List of PSR-0 prefixes
+     *
+     * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))
+     *
+     * @var array<string, array<string, list<string>>>
     */
    private $prefixesPsr0 = array();
    /**
-     * @var array[]
-     * @psalm-var array<string, string>
+     * @var list<string>
     */
    private $fallbackDirsPsr0 = array();

@@ -78,8 +80,7 @@ class ClassLoader
    private $useIncludePath = false;

    /**
-     * @var string[]
-     * @psalm-var array<string, string>
+     * @var array<string, string>
     */
    private $classMap = array();

@@ -87,29 +88,29 @@ class ClassLoader
    private $classMapAuthoritative = false;

    /**
-     * @var bool[]
-     * @psalm-var array<string, bool>
+     * @var array<string, bool>
     */
    private $missingClasses = array();

-    /** @var ?string */
+    /** @var string|null */
    private $apcuPrefix;

    /**
-     * @var self[]
+     * @var array<string, self>
     */
    private static $registeredLoaders = array();

    /**
-     * @param ?string $vendorDir
+     * @param string|null $vendorDir
     */
    public function __construct($vendorDir = null)
    {
        $this->vendorDir = $vendorDir;
+        self::initializeIncludeClosure();
    }

    /**
-     * @return string[]
+     * @return array<string, list<string>>
     */
    public function getPrefixes()
    {
@@ -121,8 +122,7 @@ class ClassLoader
    }

    /**
-     * @return array[]
-     * @psalm-return array<string, array<int, string>>
+     * @return array<string, list<string>>
     */
    public function getPrefixesPsr4()
    {
@@ -130,8 +130,7 @@ class ClassLoader
    }

    /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
     */
    public function getFallbackDirs()
    {
@@ -139,8 +138,7 @@ class ClassLoader
    }

    /**
-     * @return array[]
-     * @psalm-return array<string, string>
+     * @return list<string>
     */
    public function getFallbackDirsPsr4()
    {
@@ -148,8 +146,7 @@ class ClassLoader
    }

    /**
-     * @return string[] Array of classname => path
-     * @psalm-var array<string, string>
+     * @return array<string, string> Array of classname => path
     */
    public function getClassMap()
    {
@@ -157,8 +154,7 @@ class ClassLoader
    }

    /**
-     * @param string[] $classMap Class to filename map
-     * @psalm-param array<string, string> $classMap
+     * @param array<string, string> $classMap Class to filename map
     *
     * @return void
     */
@@ -175,24 +171,25 @@ class ClassLoader
     * Registers a set of PSR-0 directories for a given prefix, either
     * appending or prepending to the ones previously set for this prefix.
     *
-     * @param string          $prefix  The prefix
-     * @param string[]|string $paths   The PSR-0 root directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix
+     * @param list<string>|string $paths   The PSR-0 root directories
+     * @param bool                $prepend Whether to prepend the directories
     *
     * @return void
     */
    public function add($prefix, $paths, $prepend = false)
    {
+        $paths = (array) $paths;
        if (!$prefix) {
            if ($prepend) {
                $this->fallbackDirsPsr0 = array_merge(
-                    (array) $paths,
+                    $paths,
                    $this->fallbackDirsPsr0
                );
            } else {
                $this->fallbackDirsPsr0 = array_merge(
                    $this->fallbackDirsPsr0,
-                    (array) $paths
+                    $paths
                );
            }

@@ -201,19 +198,19 @@ class ClassLoader

        $first = $prefix[0];
        if (!isset($this->prefixesPsr0[$first][$prefix])) {
-            $this->prefixesPsr0[$first][$prefix] = (array) $paths;
+            $this->prefixesPsr0[$first][$prefix] = $paths;

            return;
        }
        if ($prepend) {
            $this->prefixesPsr0[$first][$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                $this->prefixesPsr0[$first][$prefix]
            );
        } else {
            $this->prefixesPsr0[$first][$prefix] = array_merge(
                $this->prefixesPsr0[$first][$prefix],
-                (array) $paths
+                $paths
            );
        }
    }
@@ -222,9 +219,9 @@ class ClassLoader
     * Registers a set of PSR-4 directories for a given namespace, either
     * appending or prepending to the ones previously set for this namespace.
     *
-     * @param string          $prefix  The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths   The PSR-4 base directories
-     * @param bool            $prepend Whether to prepend the directories
+     * @param string              $prefix  The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths   The PSR-4 base directories
+     * @param bool                $prepend Whether to prepend the directories
     *
     * @throws \InvalidArgumentException
     *
@@ -232,17 +229,18 @@ class ClassLoader
     */
    public function addPsr4($prefix, $paths, $prepend = false)
    {
+        $paths = (array) $paths;
        if (!$prefix) {
            // Register directories for the root namespace.
            if ($prepend) {
                $this->fallbackDirsPsr4 = array_merge(
-                    (array) $paths,
+                    $paths,
                    $this->fallbackDirsPsr4
                );
            } else {
                $this->fallbackDirsPsr4 = array_merge(
                    $this->fallbackDirsPsr4,
-                    (array) $paths
+                    $paths
                );
            }
        } elseif (!isset($this->prefixDirsPsr4[$prefix])) {
@@ -252,18 +250,18 @@ class ClassLoader
                throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator.");
            }
            $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;
-            $this->prefixDirsPsr4[$prefix] = (array) $paths;
+            $this->prefixDirsPsr4[$prefix] = $paths;
        } elseif ($prepend) {
            // Prepend directories for an already registered namespace.
            $this->prefixDirsPsr4[$prefix] = array_merge(
-                (array) $paths,
+                $paths,
                $this->prefixDirsPsr4[$prefix]
            );
        } else {
            // Append directories for an already registered namespace.
            $this->prefixDirsPsr4[$prefix] = array_merge(
                $this->prefixDirsPsr4[$prefix],
-                (array) $paths
+                $paths
            );
        }
    }
@@ -272,8 +270,8 @@ class ClassLoader
     * Registers a set of PSR-0 directories for a given prefix,
     * replacing any others previously set for this prefix.
     *
-     * @param string          $prefix The prefix
-     * @param string[]|string $paths  The PSR-0 base directories
+     * @param string              $prefix The prefix
+     * @param list<string>|string $paths  The PSR-0 base directories
     *
     * @return void
     */
@@ -290,8 +288,8 @@ class ClassLoader
     * Registers a set of PSR-4 directories for a given namespace,
     * replacing any others previously set for this namespace.
     *
-     * @param string          $prefix The prefix/namespace, with trailing '\\'
-     * @param string[]|string $paths  The PSR-4 base directories
+     * @param string              $prefix The prefix/namespace, with trailing '\\'
+     * @param list<string>|string $paths  The PSR-4 base directories
     *
     * @throws \InvalidArgumentException
     *
@@ -425,7 +423,8 @@ class ClassLoader
    public function loadClass($class)
    {
        if ($file = $this->findFile($class)) {
-            includeFile($file);
+            $includeFile = self::$includeFile;
+            $includeFile($file);

            return true;
        }
@@ -476,9 +475,9 @@ class ClassLoader
    }

    /**
-     * Returns the currently registered loaders indexed by their corresponding vendor directories.
+     * Returns the currently registered loaders keyed by their corresponding vendor directories.
     *
-     * @return self[]
+     * @return array<string, self>
     */
    public static function getRegisteredLoaders()
    {
@@ -555,18 +554,26 @@ class ClassLoader

        return false;
    }
-}

-/**
- * Scope isolated include.
- *
- * Prevents access to $this/self from included files.
- *
- * @param  string $file
- * @return void
- * @private
- */
-function includeFile($file)
-{
-    include $file;
+    /**
+     * @return void
+     */
+    private static function initializeIncludeClosure()
+    {
+        if (self::$includeFile !== null) {
+            return;
+        }
+
+        /**
+         * Scope isolated include.
+         *
+         * Prevents access to $this/self from included files.
+         *
+         * @param  string $file
+         * @return void
+         */
+        self::$includeFile = \Closure::bind(static function($file) {
+            include $file;
+        }, null, null);
+    }
 }
--- a/datamodels/2.x/authent-cas/vendor/composer/InstalledVersions.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/InstalledVersions.php
@@ -21,11 +21,31 @@ use Composer\Semver\VersionParser;
 * See also https://getcomposer.org/doc/07-runtime.md#installed-versions
 *
 * To require its presence, you can require `composer-runtime-api ^2.0`
+ *
+ * @final
 */
 class InstalledVersions
 {
+    /**
+     * @var mixed[]|null
+     * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null
+     */
    private static $installed;
+
+    /**
+     * @var bool
+     */
+    private static $installedIsLocalDir;
+
+    /**
+     * @var bool|null
+     */
    private static $canGetVendors;
+
+    /**
+     * @var array[]
+     * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
+     */
    private static $installedByVendor = array();

    /**
@@ -83,7 +103,7 @@ class InstalledVersions
    {
        foreach (self::getInstalled() as $installed) {
            if (isset($installed['versions'][$packageName])) {
-                return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);
+                return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false;
            }
        }

@@ -104,7 +124,7 @@ class InstalledVersions
     */
    public static function satisfies(VersionParser $parser, $packageName, $constraint)
    {
-        $constraint = $parser->parseConstraints($constraint);
+        $constraint = $parser->parseConstraints((string) $constraint);
        $provided = $parser->parseConstraints(self::getVersionRanges($packageName));

        return $provided->matches($constraint);
@@ -228,7 +248,7 @@ class InstalledVersions

    /**
     * @return array
-     * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}
+     * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}
     */
    public static function getRootPackage()
    {
@@ -242,7 +262,7 @@ class InstalledVersions
     *
     * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect.
     * @return array[]
-     * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}
+     * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}
     */
    public static function getRawData()
    {
@@ -265,7 +285,7 @@ class InstalledVersions
     * Returns the raw data of all installed.php which are currently loaded for custom implementations
     *
     * @return array[]
-     * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
+     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
     */
    public static function getAllRawData()
    {
@@ -288,17 +308,23 @@ class InstalledVersions
     * @param  array[] $data A vendor/composer/installed.php data set
     * @return void
     *
-     * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} $data
+     * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data
     */
    public static function reload($data)
    {
        self::$installed = $data;
        self::$installedByVendor = array();
+
+        // when using reload, we disable the duplicate protection to ensure that self::$installed data is
+        // always returned, but we cannot know whether it comes from the installed.php in __DIR__ or not,
+        // so we have to assume it does not, and that may result in duplicate data being returned when listing
+        // all installed packages for example
+        self::$installedIsLocalDir = false;
    }

    /**
     * @return array[]
-     * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>
+     * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}>
     */
    private static function getInstalled()
    {
@@ -307,17 +333,27 @@ class InstalledVersions
        }

        $installed = array();
+        $copiedLocalDir = false;

        if (self::$canGetVendors) {
+            $selfDir = strtr(__DIR__, '\\', '/');
            foreach (ClassLoader::getRegisteredLoaders() as $vendorDir => $loader) {
+                $vendorDir = strtr($vendorDir, '\\', '/');
                if (isset(self::$installedByVendor[$vendorDir])) {
                    $installed[] = self::$installedByVendor[$vendorDir];
                } elseif (is_file($vendorDir.'/composer/installed.php')) {
-                    $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';
-                    if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) {
-                        self::$installed = $installed[count($installed) - 1];
+                    /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                    $required = require $vendorDir.'/composer/installed.php';
+                    self::$installedByVendor[$vendorDir] = $required;
+                    $installed[] = $required;
+                    if (self::$installed === null && $vendorDir.'/composer' === $selfDir) {
+                        self::$installed = $required;
+                        self::$installedIsLocalDir = true;
                    }
                }
+                if (self::$installedIsLocalDir && $vendorDir.'/composer' === $selfDir) {
+                    $copiedLocalDir = true;
+                }
            }
        }

@@ -325,12 +361,17 @@ class InstalledVersions
            // only require the installed.php file if this file is loaded from its dumped location,
            // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937
            if (substr(__DIR__, -8, 1) !== 'C') {
-                self::$installed = require __DIR__ . '/installed.php';
+                /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */
+                $required = require __DIR__ . '/installed.php';
+                self::$installed = $required;
            } else {
                self::$installed = array();
            }
        }
-        $installed[] = self::$installed;
+
+        if (self::$installed !== array() && !$copiedLocalDir) {
+            $installed[] = self::$installed;
+        }

        return $installed;
    }
--- a/datamodels/2.x/authent-cas/vendor/composer/autoload_classmap.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/autoload_classmap.php
@@ -2,7 +2,7 @@

 // autoload_classmap.php @generated by Composer

-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);

 return array(
--- a/datamodels/2.x/authent-cas/vendor/composer/autoload_namespaces.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/autoload_namespaces.php
@@ -2,7 +2,7 @@

 // autoload_namespaces.php @generated by Composer

-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);

 return array(
--- a/datamodels/2.x/authent-cas/vendor/composer/autoload_psr4.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/autoload_psr4.php
@@ -2,7 +2,7 @@

 // autoload_psr4.php @generated by Composer

-$vendorDir = dirname(dirname(__FILE__));
+$vendorDir = dirname(__DIR__);
 $baseDir = dirname($vendorDir);

 return array(
--- a/datamodels/2.x/authent-cas/vendor/composer/autoload_real.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/autoload_real.php
@@ -2,7 +2,7 @@

 // autoload_real.php @generated by Composer

-class ComposerAutoloaderInit1878ad96115c3aa0fa5e9fd9807f5db0
+class ComposerAutoloaderInit2f342cfe65023402c1e00d88698d52b9
 {
    private static $loader;

@@ -22,21 +22,12 @@ class ComposerAutoloaderInit1878ad96115c3aa0fa5e9fd9807f5db0
            return self::$loader;
        }

-        spl_autoload_register(array('ComposerAutoloaderInit1878ad96115c3aa0fa5e9fd9807f5db0', 'loadClassLoader'), true, true);
-        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
-        spl_autoload_unregister(array('ComposerAutoloaderInit1878ad96115c3aa0fa5e9fd9807f5db0', 'loadClassLoader'));
+        spl_autoload_register(array('ComposerAutoloaderInit2f342cfe65023402c1e00d88698d52b9', 'loadClassLoader'), true, true);
+        self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
+        spl_autoload_unregister(array('ComposerAutoloaderInit2f342cfe65023402c1e00d88698d52b9', 'loadClassLoader'));

-        $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
-        if ($useStaticLoader) {
-            require __DIR__ . '/autoload_static.php';
-
-            call_user_func(\Composer\Autoload\ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0::getInitializer($loader));
-        } else {
-            $classMap = require __DIR__ . '/autoload_classmap.php';
-            if ($classMap) {
-                $loader->addClassMap($classMap);
-            }
-        }
+        require __DIR__ . '/autoload_static.php';
+        call_user_func(\Composer\Autoload\ComposerStaticInit2f342cfe65023402c1e00d88698d52b9::getInitializer($loader));

        $loader->setClassMapAuthoritative(true);
        $loader->register(true);
--- a/datamodels/2.x/authent-cas/vendor/composer/autoload_static.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/autoload_static.php
@@ -4,7 +4,7 @@

 namespace Composer\Autoload;

-class ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0
+class ComposerStaticInit2f342cfe65023402c1e00d88698d52b9
 {
    public static $prefixLengthsPsr4 = array (
        'C' => 
@@ -31,9 +31,9 @@ class ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0
    public static function getInitializer(ClassLoader $loader)
    {
        return \Closure::bind(function () use ($loader) {
-            $loader->prefixLengthsPsr4 = ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0::$prefixLengthsPsr4;
-            $loader->prefixDirsPsr4 = ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0::$prefixDirsPsr4;
-            $loader->classMap = ComposerStaticInit1878ad96115c3aa0fa5e9fd9807f5db0::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit2f342cfe65023402c1e00d88698d52b9::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit2f342cfe65023402c1e00d88698d52b9::$prefixDirsPsr4;
+            $loader->classMap = ComposerStaticInit2f342cfe65023402c1e00d88698d52b9::$classMap;

        }, null, ClassLoader::class);
    }
--- a/datamodels/2.x/authent-cas/vendor/composer/installed.php
+++ b/datamodels/2.x/authent-cas/vendor/composer/installed.php
@@ -1,22 +1,22 @@
 <?php return array(
    'root' => array(
+        'name' => 'combodo/authent-cas',
        'pretty_version' => 'dev-develop',
        'version' => 'dev-develop',
+        'reference' => '567bdc4200f5edb335a39c4b48fbd18bacb6cfc7',
        'type' => 'library',
        'install_path' => __DIR__ . '/../../',
        'aliases' => array(),
-        'reference' => '5a1627632aa2e605996c1c556c60c2a2cddc0a05',
-        'name' => '__root__',
        'dev' => true,
    ),
    'versions' => array(
-        '__root__' => array(
+        'combodo/authent-cas' => array(
            'pretty_version' => 'dev-develop',
            'version' => 'dev-develop',
+            'reference' => '567bdc4200f5edb335a39c4b48fbd18bacb6cfc7',
            'type' => 'library',
            'install_path' => __DIR__ . '/../../',
            'aliases' => array(),
-            'reference' => '5a1627632aa2e605996c1c556c60c2a2cddc0a05',
            'dev_requirement' => false,
        ),
    ),
--- a/datamodels/2.x/authent-external/dictionaries/cs.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/cs.dict.authent-external.php
@@ -11,7 +11,7 @@
 * @author Daniel Rokos <daniel.rokos@itopportal.cz>
 *
 */
-Dict::Add('CS CZ', 'Czech', 'Čeština', [
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
 	'Class:UserExternal' => 'Externí uživatel',
 	'Class:UserExternal+' => 'Uživatel definovaný mimo '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/da.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/da.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author Erik Bøg <erik@boegmoeller.dk>
 *
 */
-Dict::Add('DA DA', 'Danish', 'Dansk', [
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
 	'Class:UserExternal' => 'Extern Bruger',
 	'Class:UserExternal+' => 'Bruger udenfor '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/de.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/de.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author ITOMIG GmbH <martin.raenker@itomig.de>
 *
 */
-Dict::Add('DE DE', 'German', 'Deutsch', [
+Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserExternal' => 'Externer Benutzer',
 	'Class:UserExternal+' => 'Extern authentifizierter '.ITOP_APPLICATION_SHORT.'-Benutzer',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/es_cr.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/es_cr.dict.authent-external.php
@@ -7,7 +7,7 @@
 * @author Miguel Turrubiates <miguel_tf@yahoo.com>
 * @notas       Utilizar codificación UTF-8 para mostrar acentos y otros caracteres especiales 
 */
-Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
+Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'Class:UserExternal' => 'Usuario externo',
 	'Class:UserExternal+' => 'Usuario autenticado fuera de '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/fr.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/fr.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('FR FR', 'French', 'Français', [
+Dict::Add('FR FR', 'French', 'Français', array(
 	'Class:UserExternal' => 'Utilisateur externe à '.ITOP_APPLICATION_SHORT,
 	'Class:UserExternal+' => 'Utilisateur authentifié à l\'extérieur de '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/hu.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/hu.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('HU HU', 'Hungarian', 'Magyar', [
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
 	'Class:UserExternal' => 'Külső felhasználó',
 	'Class:UserExternal+' => '',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/it.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/it.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('IT IT', 'Italian', 'Italiano', [
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
 	'Class:UserExternal' => 'Esterno utente',
 	'Class:UserExternal+' => 'Utente autenticato al di fuori di '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/ja.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/ja.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author Hirofumi Kosaka <kosaka@rworks.jp>
 *
 */
-Dict::Add('JA JP', 'Japanese', '日本語', [
+Dict::Add('JA JP', 'Japanese', '日本語', array(
 	'Class:UserExternal' => '外部ユーザー',
 	'Class:UserExternal+' => '外部認証ユーザー',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/nl.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/nl.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
 *
 */
-Dict::Add('NL NL', 'Dutch', 'Nederlands', [
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'Class:UserExternal' => 'Externe gebruiker',
 	'Class:UserExternal+' => 'Gebruiker aangemeld via externe authenticatie',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/pl.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/pl.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('PL PL', 'Polish', 'Polski', [
+Dict::Add('PL PL', 'Polish', 'Polski', array(
 	'Class:UserExternal' => 'Użytkownik zewnętrzny',
 	'Class:UserExternal+' => 'Użytkownik uwierzytelniony poza '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/pt_br.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/pt_br.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('PT BR', 'Brazilian', 'Brazilian', [
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
 	'Class:UserExternal' => 'Usuário externo',
 	'Class:UserExternal+' => '',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/ru.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/ru.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author Vladimir Kunin <v.b.kunin@gmail.com>
 *
 */
-Dict::Add('RU RU', 'Russian', 'Русский', [
+Dict::Add('RU RU', 'Russian', 'Русский', array(
 	'Class:UserExternal' => 'Внешний пользователь',
 	'Class:UserExternal+' => 'Пользователь, аутентифицируемый вне '.ITOP_APPLICATION_SHORT,
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/sk.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/sk.dict.authent-external.php
@@ -9,7 +9,7 @@
 /**
 *
 */
-Dict::Add('SK SK', 'Slovak', 'Slovenčina', [
+Dict::Add('SK SK', 'Slovak', 'Slovenčina', array(
 	'Class:UserExternal' => 'Externý užívateľ',
 	'Class:UserExternal+' => 'User authentified outside of '.ITOP_APPLICATION_SHORT.'~~',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/tr.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/tr.dict.authent-external.php
@@ -10,7 +10,7 @@
 * @author Izzet Sirin <izzet.sirin@htr.com.tr>
 *
 */
-Dict::Add('TR TR', 'Turkish', 'Türkçe', [
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
 	'Class:UserExternal' => 'Harici kullanıcı',
 	'Class:UserExternal+' => ITOP_APPLICATION_SHORT.' dışında yetki kontrolü yapılan kullanıcı',
-]);
+));
--- a/datamodels/2.x/authent-external/dictionaries/zh_cn.dict.authent-external.php
+++ b/datamodels/2.x/authent-external/dictionaries/zh_cn.dict.authent-external.php
@@ -22,7 +22,6 @@
 * You should have received a copy of the GNU Affero General Public License
 * along with iTop. If not, see <http://www.gnu.org/licenses/>
 */
-
 // Dictionnay conventions
 // Class:<class_name>
 // Class:<class_name>+
@@ -32,12 +31,10 @@
 // Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
 // Class:<class_name>/Stimulus:<stimulus_code>
 // Class:<class_name>/Stimulus:<stimulus_code>+
-
 //
 // Class: UserExternal
 //
-
-Dict::Add('ZH CN', 'Chinese', '简体中文', [
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
 	'Class:UserExternal' => '外部用户',
 	'Class:UserExternal+' => '用户在'.ITOP_APPLICATION_SHORT.'外部验证身份',
-]);
+));
--- a/datamodels/2.x/authent-ldap/datamodel.authent-ldap.xml
+++ b/datamodels/2.x/authent-ldap/datamodel.authent-ldap.xml
@@ -21,12 +21,10 @@
        <db_key_field>id</db_key_field>
        <db_final_class_field/>
        <naming>
-          <format>%1$s</format>
          <attributes>
            <attribute id="login"/>
          </attributes>
        </naming>
-        <display_template/>
        <style>
          <icon/>
        </style>
--- a/datamodels/2.x/authent-ldap/dictionaries/cs.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/cs.dict.authent-ldap.php
@@ -11,8 +11,17 @@
 * @author Daniel Rokos <daniel.rokos@itopportal.cz>
 *
 */
-Dict::Add('CS CZ', 'Czech', 'Čeština', [
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
 	'Class:UserLDAP' => 'LDAP uživatel',
 	'Class:UserLDAP+' => 'Uživatel ověřen přes LDAP',
 	'UserLDAP:server' => 'Specifika LDAP',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/da.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/da.dict.authent-ldap.php
@@ -10,8 +10,17 @@
 * @author Erik Bøg <erik@boegmoeller.dk>
 *
 */
-Dict::Add('DA DA', 'Danish', 'Dansk', [
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
 	'Class:UserLDAP' => 'LDAP-Bruger',
 	'Class:UserLDAP+' => 'Bruger der godkendes via LDAP',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/de.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/de.dict.authent-ldap.php
@@ -10,10 +10,17 @@
 * @author ITOMIG GmbH <martin.raenker@itomig.de>
 *
 */
-Dict::Add('DE DE', 'German', 'Deutsch', [
+Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserLDAP' => 'LDAP-Benutzer',
 	'Class:UserLDAP+' => 'Benutzer, der via LDAP authentifiziert wird',
+	'UserLDAP:server' => 'LDAP-Einstellungen',
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserLDAP/Attribute:ldap_server' => 'LDAP-Server',
 	'Class:UserLDAP/Attribute:ldap_server+' => 'Optional: LDAP-Server, der zur Authentifizierung verwendet werden soll, falls mehrere LDAP-Server konfiguriert sind.',
-	'UserLDAP:server' => 'LDAP-Einstellungen',
-]);
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/en.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/en.dict.authent-ldap.php
@@ -40,3 +40,12 @@ Dict::Add('EN US', 'English', 'English', array(
 	'Class:UserLDAP+' => 'User authenticated by LDAP',
 	'UserLDAP:server' => 'LDAP specifics',
 ));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('EN US', 'English', 'English', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server',
+	'Class:UserLDAP/Attribute:ldap_server+' => '',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/es_cr.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/es_cr.dict.authent-ldap.php
@@ -7,8 +7,17 @@
 * @author Miguel Turrubiates <miguel_tf@yahoo.com>
 * @notas       Utilizar codificación UTF-8 para mostrar acentos y otros caracteres especiales 
 */
-Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
+Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'Class:UserLDAP' => 'Usuario LDAP',
 	'Class:UserLDAP+' => 'Usuario autenticado vía LDAP',
 	'UserLDAP:server' => 'Especificaciones LDAP',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/fr.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/fr.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('FR FR', 'French', 'Français', [
+Dict::Add('FR FR', 'French', 'Français', array(
 	'Class:UserLDAP' => 'Utilisateur LDAP',
 	'Class:UserLDAP+' => 'Utilisateur authentifié par un serveur LDAP',
 	'UserLDAP:server' => 'Champs spécifiques pour LDAP',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('FR FR', 'French', 'Français', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/hu.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/hu.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('HU HU', 'Hungarian', 'Magyar', [
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
 	'Class:UserLDAP' => 'LDAP felhasználó',
 	'Class:UserLDAP+' => 'LDAP vagy AD felhasználó',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/it.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/it.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('IT IT', 'Italian', 'Italiano', [
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
 	'Class:UserLDAP' => 'Utente LDAP',
 	'Class:UserLDAP+' => 'Utente autenticato da LDAP',
 	'UserLDAP:server' => 'Specifiche LDAP',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/ja.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/ja.dict.authent-ldap.php
@@ -10,8 +10,17 @@
 * @author Hirofumi Kosaka <kosaka@rworks.jp>
 *
 */
-Dict::Add('JA JP', 'Japanese', '日本語', [
+Dict::Add('JA JP', 'Japanese', '日本語', array(
 	'Class:UserLDAP' => 'LDAP ユーザー',
 	'Class:UserLDAP+' => 'LDAP認証ユーザー',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('JA JP', 'Japanese', '日本語', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/nl.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/nl.dict.authent-ldap.php
@@ -6,13 +6,21 @@
 * @license    https://opensource.org/licenses/AGPL-3.0
 * 
 */
-
 /**
 * @author Thomas Casteleyn <thomas.casteleyn@super-visions.com>
 * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
 */
-Dict::Add('NL NL', 'Dutch', 'Nederlands', [
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'Class:UserLDAP' => 'LDAP-gebruiker',
 	'Class:UserLDAP+' => 'Gebruiker die aanmeldt via LDAP',
 	'UserLDAP:server' => 'LDAP informatie',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/pl.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/pl.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('PL PL', 'Polish', 'Polski', [
+Dict::Add('PL PL', 'Polish', 'Polski', array(
 	'Class:UserLDAP' => 'Użytkownik LDAP',
 	'Class:UserLDAP+' => 'Użytkownik uwierzytelniony przez LDAP',
 	'UserLDAP:server' => 'Serwer LDAP',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('PL PL', 'Polish', 'Polski', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/pt_br.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/pt_br.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('PT BR', 'Brazilian', 'Brazilian', [
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
 	'Class:UserLDAP' => 'Usuário externo via LDAP',
 	'Class:UserLDAP+' => '',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/ru.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/ru.dict.authent-ldap.php
@@ -10,8 +10,17 @@
 * @author Vladimir Kunin <v.b.kunin@gmail.com>
 *
 */
-Dict::Add('RU RU', 'Russian', 'Русский', [
+Dict::Add('RU RU', 'Russian', 'Русский', array(
 	'Class:UserLDAP' => 'Пользователь LDAP',
 	'Class:UserLDAP+' => 'Пользователь, аутентифицируемый через LDAP',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('RU RU', 'Russian', 'Русский', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/sk.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/sk.dict.authent-ldap.php
@@ -9,8 +9,17 @@
 /**
 *
 */
-Dict::Add('SK SK', 'Slovak', 'Slovenčina', [
+Dict::Add('SK SK', 'Slovak', 'Slovenčina', array(
 	'Class:UserLDAP' => 'LDAP užívateľ',
 	'Class:UserLDAP+' => 'User authenticated by LDAP~~',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('SK SK', 'Slovak', 'Slovenčina', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/tr.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/tr.dict.authent-ldap.php
@@ -10,8 +10,17 @@
 * @author Izzet Sirin <izzet.sirin@htr.com.tr>
 *
 */
-Dict::Add('TR TR', 'Turkish', 'Türkçe', [
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
 	'Class:UserLDAP' => 'LDAP kullanıcısı',
 	'Class:UserLDAP+' => 'Yetki kontrolü LDAP tarafından yapılan',
 	'UserLDAP:server' => 'LDAP specifics~~',
-]);
+));
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('TR TR', 'Turkish', 'Türkçe', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-ldap/dictionaries/zh_cn.dict.authent-ldap.php
+++ b/datamodels/2.x/authent-ldap/dictionaries/zh_cn.dict.authent-ldap.php
@@ -21,7 +21,6 @@
 * You should have received a copy of the GNU Affero General Public License
 * along with iTop. If not, see <http://www.gnu.org/licenses/>
 */
-
 // Dictionnay conventions
 // Class:<class_name>
 // Class:<class_name>+
@@ -31,13 +30,20 @@
 // Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
 // Class:<class_name>/Stimulus:<stimulus_code>
 // Class:<class_name>/Stimulus:<stimulus_code>+
+//
+// Class: UserLDAP
+//
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
+	'Class:UserLDAP' => 'LDAP用户',
+	'Class:UserLDAP+' => '用户身份由LDAP认证',
+	'UserLDAP:server' => 'LDAP详情',
+));

 //
 // Class: UserLDAP
 //

-Dict::Add('ZH CN', 'Chinese', '简体中文', [
-	'Class:UserLDAP' => 'LDAP用户',
-	'Class:UserLDAP+' => '用户身份由LDAP认证',
-	'UserLDAP:server' => 'LDAP详情',
-]);
+Dict::Add('ZH CN', 'Chinese', '简体中文', array(
+	'Class:UserLDAP/Attribute:ldap_server' => 'Ldap server~~',
+	'Class:UserLDAP/Attribute:ldap_server+' => '~~',
+));
--- a/datamodels/2.x/authent-local/dictionaries/cs.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/cs.dict.authent-local.php
@@ -11,24 +11,24 @@
 * @author Daniel Rokos <daniel.rokos@itopportal.cz>
 *
 */
-Dict::Add('CS CZ', 'Czech', 'Čeština', [
+Dict::Add('CS CZ', 'Czech', 'Čeština', array(
 	'Class:UserLocal' => 'interní uživatel '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Uživatel ověřen interně v '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Heslo',
+	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:expiration' => 'Exspirace hesla',
 	'Class:UserLocal/Attribute:expiration+' => 'Status exspirace hesla (je vyžadováno rozšíření, aby mělo efekt)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Může exspirovat',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Exspirován',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Nikdy neexspiruje',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Exspirován',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Jednorázové heslo',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Heslo nemůže uživatel změnit.',
-	'Class:UserLocal/Attribute:password' => 'Heslo',
-	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Heslo bylo obnoveno',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Termín, kdy bylo heslo změneno',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Nastavení exspirace "Jednorázového hesla" nelze u vlastního účtu uživatele.',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Heslo musí obsahovat minimálně 8 znaků a musí obsahovat minimálně jedno velké písmeno, jedno malé písmeno, jedno číslo a speciální znak.',
 	'UserLocal:password:expiration' => 'Níže uvedená pole vyžadují rozšíření',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Nastavení exspirace "Jednorázového hesla" nelze u vlastního účtu uživatele.',
+));
--- a/datamodels/2.x/authent-local/dictionaries/da.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/da.dict.authent-local.php
@@ -10,24 +10,24 @@
 * @author Erik Bøg <erik@boegmoeller.dk>
 *
 */
-Dict::Add('DA DA', 'Danish', 'Dansk', [
+Dict::Add('DA DA', 'Danish', 'Dansk', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.'-Bruger',
 	'Class:UserLocal+' => 'Bruger der godkendes af '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Password',
+	'Class:UserLocal/Attribute:password+' => 'Brugerens password',
 	'Class:UserLocal/Attribute:expiration' => 'Password expiration~~',
 	'Class:UserLocal/Attribute:expiration+' => 'Password expiration status (requires an extension to have an effect)~~',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Can expire~~',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expired~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Never expire~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expired~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-time Password~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
-	'Class:UserLocal/Attribute:password' => 'Password',
-	'Class:UserLocal/Attribute:password+' => 'Brugerens password',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+));
--- a/datamodels/2.x/authent-local/dictionaries/de.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/de.dict.authent-local.php
@@ -10,24 +10,24 @@
 * @author ITOMIG GmbH <martin.raenker@itomig.de>
 *
 */
-Dict::Add('DE DE', 'German', 'Deutsch', [
+Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.'-Benutzer',
 	'Class:UserLocal+' => 'Benutzer, der von '.ITOP_APPLICATION_SHORT.' authentifiziert wird',
+	'Class:UserLocal/Attribute:password' => 'Passwort',
+	'Class:UserLocal/Attribute:password+' => 'Benutzerpasswort',
 	'Class:UserLocal/Attribute:expiration' => 'Passwortablauf',
 	'Class:UserLocal/Attribute:expiration+' => 'Passwortablaufstatus (statusabhängige Effekte müssen per Extension implementiert werden)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'kann ablaufen',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'abgelaufen',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'läuft nie ab',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'abgelaufen',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'einmaliges Passwort',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => '',
-	'Class:UserLocal/Attribute:password' => 'Passwort',
-	'Class:UserLocal/Attribute:password+' => 'Benutzerpasswort',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Letzte Passworterneuerung',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Letztes Änderungsdatum',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Das setzen des Passwortablaufs auf "Einmalpasswort" ist für den eigenen Benutzer nicht erlaubt.',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Das Passwort entspricht nicht dem in den Konfigurationsregeln hinterlegten RegEx-Ausdruck',
 	'UserLocal:password:expiration' => 'Die folgenden Felder benötigen eine '.ITOP_APPLICATION_SHORT.' Erweiterung',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Das setzen des Passwortablaufs auf "Einmalpasswort" ist für den eigenen Benutzer nicht erlaubt.',
+));
--- a/datamodels/2.x/authent-local/dictionaries/es_cr.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/es_cr.dict.authent-local.php
@@ -7,24 +7,24 @@
 * @author Miguel Turrubiates <miguel_tf@yahoo.com>
 * @notas       Utilizar codificación UTF-8 para mostrar acentos y otros caracteres especiales 
 */
-Dict::Add('ES CR', 'Spanish', 'Español, Castellano', [
+Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'Class:UserLocal' => 'Usuario de '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Usuario Autenticado vía '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Contraseña',
+	'Class:UserLocal/Attribute:password+' => 'Contraseña',
 	'Class:UserLocal/Attribute:expiration' => 'Expiración de contraseña',
 	'Class:UserLocal/Attribute:expiration+' => 'Estatus de expiración de contraseña (requiere de una extensión para que tenga efecto)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Puede expirar',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expirado',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Nunca expirar',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expirado',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Contraseña de un solo uso',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'El usuario no puede cambiar la contraseña.',
-	'Class:UserLocal/Attribute:password' => 'Contraseña',
-	'Class:UserLocal/Attribute:password+' => 'Contraseña',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Renovación de contraseña',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Cuando fue el último cambio de contraseña',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Configurar expiración de contraseña para "ontraseña de un solo uso" no está permitido para su propio Usuario',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La contraseña debe ser de al menos 8 caracteres e incluír mayúsculas, minúsculas, números y caracteres especiales.',
 	'UserLocal:password:expiration' => 'El siguiente campo requiere una extensión',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Configurar expiración de contraseña para "ontraseña de un solo uso" no está permitido para su propio Usuario',
+));
--- a/datamodels/2.x/authent-local/dictionaries/fr.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/fr.dict.authent-local.php
@@ -9,24 +9,24 @@
 /**
 *
 */
-Dict::Add('FR FR', 'French', 'Français', [
+Dict::Add('FR FR', 'French', 'Français', array(
 	'Class:UserLocal' => 'Utilisateur '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Utilisateur authentifié par '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Mot de passe',
+	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:expiration' => 'Validité du mot de passe',
 	'Class:UserLocal/Attribute:expiration+' => 'Statut du mot de passe (nécessite une extension pour avoir un effet)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Durée limitée',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'A changer à la prochaine connexion',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Permanente',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'A changer à la prochaine connexion',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Usage unique',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => '',
-	'Class:UserLocal/Attribute:password' => 'Mot de passe',
-	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Mot de passe changé le',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Dernière date à laquelle le mot de passe a été changé',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impossible de mettre "Usage unique" comme validité du mot de passe pour son propre utilisateur.',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Le mot de passe doit contenir au moins 8 caractères, avec minuscule, majuscule, nombre et caractère spécial.',
 	'UserLocal:password:expiration' => 'Les champs ci-dessous nécessitent une extension',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impossible de mettre "Usage unique" comme validité du mot de passe pour son propre utilisateur.',
+));
--- a/datamodels/2.x/authent-local/dictionaries/hu.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/hu.dict.authent-local.php
@@ -9,24 +9,24 @@
 /**
 *
 */
-Dict::Add('HU HU', 'Hungarian', 'Magyar', [
+Dict::Add('HU HU', 'Hungarian', 'Magyar', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.' felhasználó',
 	'Class:UserLocal+' => 'Rendszeren belül létrehozott felhasználó',
+	'Class:UserLocal/Attribute:password' => 'Jelszó',
+	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:expiration' => 'Jelszó lejárati ideje',
 	'Class:UserLocal/Attribute:expiration+' => 'Jelszó lejárati státusz (bővítmény szükséges hozzá)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Lejár',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Lejárt',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Soha nem jár le',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Lejárt',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Egyszeri jelszó',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'A felhasználó nem változtathat jelszót.',
-	'Class:UserLocal/Attribute:password' => 'Jelszó',
-	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Jelszó megújítás ideje',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'A jelszó legutóbbi módosításának időpontja',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'A jelszó lejárati idejének beállítása "Egyszeri jelszóra" nem engedélyezett a saját Felhasználó számára.',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'A jelszónak legalább 8 karakterből kell állnia, és tartalmaznia kell nagybetűket, kisbetűket, numerikus és speciális karaktereket.',
 	'UserLocal:password:expiration' => 'Az alábbi mezőkhöz egy bővítmény szükséges',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'A jelszó lejárati idejének beállítása "Egyszeri jelszóra" nem engedélyezett a saját Felhasználó számára.',
+));
--- a/datamodels/2.x/authent-local/dictionaries/it.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/it.dict.authent-local.php
@@ -9,24 +9,24 @@
 /**
 *
 */
-Dict::Add('IT IT', 'Italian', 'Italiano', [
+Dict::Add('IT IT', 'Italian', 'Italiano', array(
 	'Class:UserLocal' => 'Utente '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Utente autenticato da '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Password',
+	'Class:UserLocal/Attribute:password+' => 'stringa di autenticazione utente',
 	'Class:UserLocal/Attribute:expiration' => 'Scadenza della password',
 	'Class:UserLocal/Attribute:expiration+' => 'Stato della scadenza della password (richiede un\'estensione per avere effetto)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Può scadere',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Scaduta',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Non scade',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Scaduta',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Password monouso',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'La password non può essere cambiata dall\'utente.',
-	'Class:UserLocal/Attribute:password' => 'Password',
-	'Class:UserLocal/Attribute:password+' => 'stringa di autenticazione utente',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Rinnovo della password',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Quando è stata cambiata l\'ultima volta la password',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impostare la scadenza della password su "Password monouso" non è consentito per il proprio utente',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La password deve essere di almeno 8 caratteri e includere lettere maiuscole, minuscole, numeri e caratteri speciali.',
 	'UserLocal:password:expiration' => 'I campi sottostanti richiedono un\'estensione',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Impostare la scadenza della password su "Password monouso" non è consentito per il proprio utente',
+));
--- a/datamodels/2.x/authent-local/dictionaries/ja.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/ja.dict.authent-local.php
@@ -10,24 +10,24 @@
 * @author Hirofumi Kosaka <kosaka@rworks.jp>
 *
 */
-Dict::Add('JA JP', 'Japanese', '日本語', [
+Dict::Add('JA JP', 'Japanese', '日本語', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.'ユーザー',
 	'Class:UserLocal+' => ITOP_APPLICATION_SHORT.'ローカル認証ユーザー',
+	'Class:UserLocal/Attribute:password' => 'パスワード',
+	'Class:UserLocal/Attribute:password+' => '認証文字列',
 	'Class:UserLocal/Attribute:expiration' => 'Password expiration~~',
 	'Class:UserLocal/Attribute:expiration+' => 'Password expiration status (requires an extension to have an effect)~~',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Can expire~~',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expired~~',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Never expire~~',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expired~~',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-time Password~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
-	'Class:UserLocal/Attribute:password' => 'パスワード',
-	'Class:UserLocal/Attribute:password+' => '認証文字列',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Password renewed on~~',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'When the password was last changed~~',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Password must be at least 8 characters and include uppercase, lowercase, numeric and special characters.~~',
 	'UserLocal:password:expiration' => 'The fields below require an extension~~',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+));
--- a/datamodels/2.x/authent-local/dictionaries/nl.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/nl.dict.authent-local.php
@@ -10,24 +10,24 @@
 * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
 *
 */
-Dict::Add('NL NL', 'Dutch', 'Nederlands', [
+Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.'-gebruiker',
 	'Class:UserLocal+' => 'Gebruiker die aanmeldt met gegevens aangemaakt in het gebruikersbeheer van '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Wachtwoord',
+	'Class:UserLocal/Attribute:password+' => 'Het wachtwoord waarmee de gebruiker zich aanmeldt bij '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal/Attribute:expiration' => 'Wachtwoord verloopt',
 	'Class:UserLocal/Attribute:expiration+' => 'Of het wachtwoord al dan niet verlopen is (vereist een extensie vooraleer dit werkt)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Kan verlopen',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Moet veranderd worden',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Verloopt nooit',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Moet veranderd worden',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Eenmalig wachtwoord',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'De gebruiker kan dit wachtwoord niet veranderen.',
-	'Class:UserLocal/Attribute:password' => 'Wachtwoord',
-	'Class:UserLocal/Attribute:password+' => 'Het wachtwoord waarmee de gebruiker zich aanmeldt bij '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Wachtwoord laatst aangepast',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Tijdstip waarop het wachtwoord het laatst aangepast werd.',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Je kan geen eenmalig wachtwoord instellen voor je eigen gebruiker.',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Het wachtwoord bestaat uit minstens 8 tekens en bestaat uit een mix van minstens 1 hoofdletter, kleine letter, cijfer en speciaal teken.',
 	'UserLocal:password:expiration' => 'De velden hieronder vereisen een extensie.',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Je kan geen eenmalig wachtwoord instellen voor je eigen gebruiker.',
+));
--- a/datamodels/2.x/authent-local/dictionaries/pl.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/pl.dict.authent-local.php
@@ -9,24 +9,24 @@
 /**
 *
 */
-Dict::Add('PL PL', 'Polish', 'Polski', [
+Dict::Add('PL PL', 'Polish', 'Polski', array(
 	'Class:UserLocal' => 'Użytkownik '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Użytkownik uwierzytelniony przez '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Hasło',
+	'Class:UserLocal/Attribute:password+' => 'Ciąg uwierzytelniania użytkownika',
 	'Class:UserLocal/Attribute:expiration' => 'Wygaśnięcie hasła',
 	'Class:UserLocal/Attribute:expiration+' => 'Stan wygaśnięcia hasła (wymaga rozszerzenia, aby zadziałało)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Może wygasnąć',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Wygasło',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Nigdy nie wygasa',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Wygasło',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Jednorazowe hasło',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Hasło nie może być zmienione przez użytkownika.',
-	'Class:UserLocal/Attribute:password' => 'Hasło',
-	'Class:UserLocal/Attribute:password+' => 'Ciąg uwierzytelniania użytkownika',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Odnowienie hasła',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Kiedy ostatnio zmieniano hasło',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Ustawienie wygaśnięcia hasła "Hasło jednorazowe" nie jest dozwolone dla własnego użytkownika',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Hasło musi mieć co najmniej 8 znaków i zawierać duże, małe litery, cyfry i znaki specjalne.',
 	'UserLocal:password:expiration' => 'Poniższe pola wymagają rozszerzenia',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Ustawienie wygaśnięcia hasła "Hasło jednorazowe" nie jest dozwolone dla własnego użytkownika',
+));
--- a/datamodels/2.x/authent-local/dictionaries/pt_br.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/pt_br.dict.authent-local.php
@@ -9,24 +9,24 @@
 /**
 *
 */
-Dict::Add('PT BR', 'Brazilian', 'Brazilian', [
+Dict::Add('PT BR', 'Brazilian', 'Brazilian', array(
 	'Class:UserLocal' => 'Usuário local',
 	'Class:UserLocal+' => '',
+	'Class:UserLocal/Attribute:password' => 'Senha',
+	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:expiration' => 'Expiração da senha',
 	'Class:UserLocal/Attribute:expiration+' => 'Status de expiração de senha (Requer uma extensão para fazer efeito)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Senha expira',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Senha expirada',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Senha nunca expira',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Senha expirada',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-Time Password (OTP)',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Senha não pode ser alterada pelo usuário',
-	'Class:UserLocal/Attribute:password' => 'Senha',
-	'Class:UserLocal/Attribute:password+' => '',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Data da última alteração de senha',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Quando a senha foi alterada anteriormente',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Definir a expiração da senha para One-Time Password (OTP) não é permitido para o seu próprio usuário',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'A senha deve ter no mínimo 8 caracteres e incluir letras maiúsculas, minúsculas, números e símbolos',
 	'UserLocal:password:expiration' => 'O campo abaixo requer uma extensão',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Definir a expiração da senha para One-Time Password (OTP) não é permitido para o seu próprio usuário',
+));
--- a/datamodels/2.x/authent-local/dictionaries/ru.dict.authent-local.php
+++ b/datamodels/2.x/authent-local/dictionaries/ru.dict.authent-local.php
@@ -10,24 +10,24 @@
 * @author Vladimir Kunin <v.b.kunin@gmail.com>
 *
 */
-Dict::Add('RU RU', 'Russian', 'Русский', [
+Dict::Add('RU RU', 'Russian', 'Русский', array(
 	'Class:UserLocal' => 'Пользователь '.ITOP_APPLICATION_SHORT,
 	'Class:UserLocal+' => 'Пользователь, аутентифицируемый через '.ITOP_APPLICATION_SHORT,
+	'Class:UserLocal/Attribute:password' => 'Пароль',
+	'Class:UserLocal/Attribute:password+' => 'Строка аутентификации пользователя',
 	'Class:UserLocal/Attribute:expiration' => 'Срок действия пароля',
 	'Class:UserLocal/Attribute:expiration+' => 'Статус срока действия пароля (требуется расширение для эффекта)',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire' => 'Органиченный',
 	'Class:UserLocal/Attribute:expiration/Value:can_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Истёкший',
-	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire' => 'Неограниченный',
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Истёкший',
+	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-time Password~~',
 	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
-	'Class:UserLocal/Attribute:password' => 'Пароль',
-	'Class:UserLocal/Attribute:password+' => 'Строка аутентификации пользователя',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Дата изменения пароля',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Когда пароль был изменен в последний раз',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Пароль должен содержать не менее 8 символов и включать прописные, строчные, числовые и специальные символы.',
 	'UserLocal:password:expiration' => 'Поля требуют наличия доп. расширения',
-]);
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+));
--- a/Show More
+++ b/Show More