PR fix

PR fix

.gitattributes

@@ -0,0 +1,48 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+*.bash text eol=lf
+*.bat text eol=lf
+*.cmd text eol=lf
+*.css text eol=lf
+*.scss text eol=lf
+*.dist text eol=lf
+.editorconfig text eol=lf
+.env* text eol=lf
+.gitignore text eol=lf
+.htaccess text eol=lf
+*.htm text eol=lf
+*.html text eol=lf
+*.ini text eol=lf
+*.js text eol=lf
+*.json text eol=lf
+*.lock text eol=lf
+*.md text eol=lf
+*.php text eol=lf
+*.php_cs text eol=lf
+*.php8 text eol=lf
+*.plex text eol=lf
+*.sh text eol=lf
+*.svg text eol=lf
+*.ts text eol=lf
+*.twig text eol=lf
+*.txt text eol=lf
+*.xml text eol=lf
+*.xsd text eol=lf
+*.yaml text eol=lf
+*.yml text eol=lf
+
+# Denote all files that are truly binary and should not be modified.
+*.png binary
+*.jpeg binary
+*.jpg binary
+*.gif binary
+*.ico binary
+*.pdf binary
+*.swf binary
+*.zip binary
+*.ttf binary
+*.woff binary
+*.woff2 binary

.gitignore

@@ -45,9 +45,13 @@ test/vendor/*
 !/log/index.php
 !/log/web.config
 
+# PHPUnit cache file
+/test/.phpunit.result.cache
+
 
 # Jetbrains
 /.idea/**
+!/.idea/IntelliLang.xml
 
 # doc. generation
 /.doc/vendor

.idea/IntelliLang.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="LanguageInjectionConfiguration">
+    <injection language="InjectablePHP" injector-id="xml">
+      <display-name>iTop - Class method code</display-name>
+      <place><![CDATA[xmlTag().withLocalName(string().equalTo("code"))]]></place>
+      <xpath-condition>name(..) = 'method' and count(/itop_design) = 1</xpath-condition>
+    </injection>
+    <injection language="InjectablePHP" injector-id="xml">
+      <display-name>iTop - Snippet code</display-name>
+      <place><![CDATA[xmlTag().withLocalName(string().equalTo("snippet"))]]></place>
+      <xpath-condition>name(..) = 'snippets' and count(/itop_design) = 1</xpath-condition>
+    </injection>
+  </component>
+</project>

.make/composer/rmDeniedTestDir.php

@@ -50,14 +50,24 @@ foreach ($aDeniedButStillPresent as $sDir)
 		continue;
 	}
 
-	try
-	{
+	try {
 		SetupUtils::rrmdir($sDir);
 		echo "OK Remove denied test dir: '$sDir'\n";
 	}
-	catch (\Exception $e)
-	{
+	catch (\Exception $e) {
 		echo "\nFAILED to remove denied test dir: '$sDir'\n";
 	}
+}
 
+
+$aAllowedAndDeniedDirs = array_merge(
+	$oiTopComposer->ListAllowedTestDir(),
+	$oiTopComposer->ListDeniedTestDir()
+);
+$aExistingDirs = $oiTopComposer->ListAllTestDir();
+$aMissing = array_diff($aExistingDirs, $aAllowedAndDeniedDirs);
+if (false === empty($aMissing)) {
+	echo "Some new tests dirs exists !\n"
+		.'  They must be declared either in the allowed or denied list in '.iTopComposer::class." (see N°2651).\n"
+		.'  List of dirs:'."\n".var_export($aMissing, true);
 }

CONTRIBUTING.md

@@ -111,9 +111,9 @@ Our tests are located in the `test/` directory, containing a PHPUnit config file
 * Use the present tense ("Add feature" not "Added feature")
 * Use the imperative mood ("Move cursor to..." not "Moves cursor to...")
 * Limit the first line to 72 characters or less
-* Please start the commit message with an applicable emoji code (following the [Gitmoji guide](https://gitmoji.carloscuesta.me/)).  
- Beware to use the code (for example `:bug:`) and not the character (🐛) as Unicode support in git clients is very poor for now...  
- Emoji examples :
+* Please start the commit message with an applicable emoji code (following the [Gitmoji guide](https://gitmoji.dev/)).  
+  Beware to use the code (for example `:bug:`) and not the character (🐛) as Unicode support in git clients is very poor for now...  
+  Emoji examples :
     * 🌐 `:globe_with_meridians:` for translations
     * 🎨 `:art:` when improving the format/structure of the code
     * ⚡️ `:zap:` when improving performance

README.md

@@ -1,13 +1,11 @@
 <p align="center"><a href="https://www.combodo.com/itop-193" target="_blank">
-    <img src="https://www.combodo.com/logos/logo-itop.svg">
+    <img src="https://www.combodo.com/logos/logo-itop-baseline.svg" width=350>
 </a></p>
 
 
-# iTop - ITSM & CMDB
- 
-iTop stands for *IT Operations Portal*.
-It is a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. 
-iTop also offers mass import tools and web services to integrate with your IT
+iTop stands for IT Operations Portal. It is a complete open source and web based IT service management platform including a fully customizable CMDB, a helpdesk system and a document management tool. It is ITIL compliant and easily customizable and extensible thanks to a high number of adds-on and web services to integrate with your IT.
+
+iTop also offers mass import tools to help you being even more efficient.
 
 ## Features
 - Fully configurable [Configuration Management (CMDB)][10]
@@ -78,18 +76,19 @@ We would like to give a special thank you 🤗 to the people from the community
 
 - Alves, David
 - Beck, Pedro
+- Beer, Christian (a.k.a [@ChristianBeer](https://www.github.com/ChristianBeer))
 - Bilger, Jean-François
-- Bostoen, Jeffrey (a.k.a @jbostoen)
+- Bostoen, Jeffrey (a.k.a [@jbostoen](https://www.github.com/jbostoen))
 - Cardoso, Anderson
 - Cassaro, Bruno
-- Casteleyn, Thomas (a.k.a @Hipska)
+- Casteleyn, Thomas (a.k.a [@Hipska](https://www.github.com/Hipska))
 - Castro, Randall Badilla
 - Colantoni, Maria Laura
 - Couronné, Guy
 - Dvořák, Lukáš
 - Goethals, Stefan
 - Gumble, David
-- Kaltefleiter, Lars (a.k.a @larhip)
+- Kaltefleiter, Lars (a.k.a [@larhip](https://www.github.com/larhip))
 - Khamit, Shamil
 - Kincel, Martin
 - Konečný, Kamil
@@ -98,12 +97,12 @@ We would like to give a special thank you 🤗 to the people from the community
 - Lazcano, Federico
 - Lucas, Jonathan
 - Malik, Remie
-- Mindêllo de Andrade, Lucas (a.k.a @rokam)
+- Mindêllo de Andrade, Lucas (a.k.a [@rokam](https://www.github.com/rokam))
 - Raenker, Martin
 - Rosenke, Stephan
 - Seki, Shoji
 - Shilov, Vladimir
-- Stukalov, Ilya (a.k.a @ilya-stukalov)
+- Stukalov, Ilya (a.k.a [@ilya](https://www.github.com/ilya)-stukalov)
 - Tulio, Marco
 - Turrubiates, Miguel
 
@@ -114,6 +113,7 @@ We would like to give a special thank you 🤗 to the people from the community
 - DudekArtur
 - Karkoff1212
 - Laura
+- nv35
 - Purple Grape
 - Schlobinux
 - theBigOne

addons/userrights/userrightsprofile.class.inc.php

@@ -10,7 +10,7 @@ define('PORTAL_PROFILE_NAME', 'Portal user');
 class UserRightsBaseClassGUI extends cmdbAbstractObject
 {
 	// Whenever something changes, reload the privileges
-	
+
 	protected function AfterInsert()
 	{
 		UserRights::FlushPrivileges();
@@ -59,7 +59,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	}
 
 	protected static $m_aCacheProfiles = null;
-	
+
 	public static function DoCreateProfile($sName, $sDescription)
 	{
 		if (is_null(self::$m_aCacheProfiles))
@@ -71,7 +71,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				self::$m_aCacheProfiles[$oProfile->Get('name')] = $oProfile->GetKey();
 			}
-		}	
+		}
 
 		$sCacheKey = $sName;
 		if (isset(self::$m_aCacheProfiles[$sCacheKey]))
@@ -82,10 +82,10 @@ class URP_Profiles extends UserRightsBaseClassGUI
 		$oNewObj->Set('name', $sName);
 		$oNewObj->Set('description', $sDescription);
 		$iId = $oNewObj->DBInsertNoReload();
-		self::$m_aCacheProfiles[$sCacheKey] = $iId;	
+		self::$m_aCacheProfiles[$sCacheKey] = $iId;
 		return $iId;
 	}
-	
+
 	function GetGrantAsHtml($oUserRights, $sClass, $sAction)
 	{
 		$bGrant = $oUserRights->GetProfileActionGrant($this->GetKey(), $sClass, $sAction);
@@ -102,7 +102,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			return '<span style="background-color: #ffdddd;">'.Dict::S('UI:UserManagement:ActionAllowed:No').'</span>';
 		}
 	}
-	
+
 	function DoShowGrantSumary($oPage)
 	{
 		if ($this->GetRawName() == "Administrator")
@@ -114,7 +114,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 
 		// Note: for sure, we assume that the instance is derived from UserRightsProfile
 		$oUserRights = UserRights::GetModuleInstance();
-	
+
 		$aDisplayData = array();
 		foreach (MetaModel::GetClasses('bizmodel,grant_by_profile') as $sClass)
 		{
@@ -123,12 +123,12 @@ class URP_Profiles extends UserRightsBaseClassGUI
 			{
 				$bGrant = $oUserRights->GetClassStimulusGrant($this->GetKey(), $sClass, $sStimulusCode);
 				if ($bGrant === true)
-				{ 
+				{
 					$aStimuli[] = '<span title="'.$sStimulusCode.': '.htmlentities($oStimulus->GetDescription(), ENT_QUOTES, 'UTF-8').'">'.htmlentities($oStimulus->GetLabel(), ENT_QUOTES, 'UTF-8').'</span>';
 				}
 			}
 			$sStimuli = implode(', ', $aStimuli);
-			
+
 			$aDisplayData[] = array(
 				'class' => MetaModel::GetName($sClass),
 				'read' => $this->GetGrantAsHtml($oUserRights, $sClass, 'r'),
@@ -140,7 +140,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 				'stimuli' => $sStimuli,
 			);
 		}
-	
+
 		$aDisplayConfig = array();
 		$aDisplayConfig['class'] = array('label' => Dict::S('UI:UserManagement:Class'), 'description' => Dict::S('UI:UserManagement:Class+'));
 		$aDisplayConfig['read'] = array('label' => Dict::S('UI:UserManagement:Action:Read'), 'description' => Dict::S('UI:UserManagement:Action:Read+'));
@@ -198,7 +198,7 @@ class URP_Profiles extends UserRightsBaseClassGUI
 	 * @param $aReasons array To store the reasons why the attribute is read-only (info about the synchro replicas)
 	 * @param $sTargetState string The target state in which to evalutate the flags, if empty the current state will be used
 	 * @return integer Flags: the binary combination of the flags applicable to this attribute
-	 */	 	  	 	
+	 */
 	public function GetAttributeFlags($sAttCode, &$aReasons = array(), $sTargetState = '')
 	{
 		$iFlags = parent::GetAttributeFlags($sAttCode, $aReasons, $sTargetState);
@@ -404,7 +404,7 @@ class URP_UserOrg extends UserRightsBaseClassGUI
 	{
 		if (!UserRights::IsLoggedIn() || UserRights::IsAdministrator()) { return; }
 
-		$oUser = UserRights::GetUserObject();		
+		$oUser = UserRights::GetUserObject();
 		$oAddon = UserRights::GetModuleInstance();
 		$aOrgs = $oAddon->GetUserOrgs($oUser, '');
 		if (count($aOrgs) > 0)
@@ -528,7 +528,7 @@ class UserRightsProfile extends UserRightsAddOnAPI
 				$oSearch->AllowAllData();
 				$oCondition = new BinaryExpression(new FieldExpression('userid'), '=', new VariableExpression('userid'));
 				$oSearch->AddConditionExpression($oCondition);
-				
+
 				$oUserOrgSet = new DBObjectSet($oSearch, array(), array('userid' => $iUser));
 				while ($oUserOrg = $oUserOrgSet->Fetch())
 				{
@@ -738,8 +738,10 @@ class UserRightsProfile extends UserRightsAddOnAPI
 		// load and cache permissions for the current user on the given class
 		//
 		$iUser = $oUser->GetKey();
-		$aTest = @$this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode];
-		if (is_array($aTest)) return $aTest;
+		if (isset($this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode])){
+			$aTest = $this->m_aObjectActionGrants[$iUser][$sClass][$iActionCode];
+			if (is_array($aTest)) return $aTest;
+		}
 
 		$sAction = self::$m_aActionCodes[$iActionCode];
 
@@ -905,8 +907,8 @@ class UserRightsProfile extends UserRightsAddOnAPI
 
 	/**
 	 * Find out which attribute is corresponding the the dimension 'owner org'
-	 * returns null if no such attribute has been found (no filtering should occur)	 
-	 */	 	
+	 * returns null if no such attribute has been found (no filtering should occur)
+	 */
 	public static function GetOwnerOrganizationAttCode($sClass)
 	{
 		$sAttCode = null;

application/applicationextension.inc.php

@@ -1402,11 +1402,11 @@ interface iBackofficeDictEntriesPrefixesExtension
 /**
  * Implement this interface to add content to any enhanced portal page
  *
- * IMPORTANT! Experimental API, may be removed at anytime, we don't recommend to use it just now!
- *
  * @api
  * @package     Extensibility
- * @since 2.4.0
+ *
+ * @since 2.4.0 interface creation
+ * @since 2.7.0 change method signatures due to Silex to Symfony migration
  */
 interface iPortalUIExtension
 {
@@ -1479,7 +1479,11 @@ interface iPortalUIExtension
 }
 
 /**
- * IMPORTANT! Experimental API, may be removed at anytime, we don't recommend to use it just now!
+ * Extend this class instead of iPortalUIExtension if you don't need to overload all methods
+ *
+ * @api
+ * @package     Extensibility
+ * @since       2.4.0
  */
 abstract class AbstractPortalUIExtension implements iPortalUIExtension
 {

application/cmdbabstract.class.inc.php

@@ -341,13 +341,17 @@ JS
 	}
 
 	/**
-	 * Important: For compatibility reasons, this function still allows to manipulate the $oPage. In that case, markup will be put above the real header of the panel.
-	 * To insert something IN the panel, we now need to add UIBlocks in either the "subtitle" or "toolbar" sections of the array that will be returned.
+	 * @param \WebPage $oPage Warning, since 3.0.0 this parameter was kept for compatibility reason. You shouldn't write directly on the page!
+	 *   When writing to the page, markup will be put above the real header of the panel.
+	 *   To insert something IN the panel, we now need to add UIBlocks in either the "subtitle" or "toolbar" sections of the array that will be returned.
+	 * @param bool $bEditMode Deprecated parameter in iTop 3.0.0, use {@see GetDisplayMode()} and ENUM_DISPLAY_MODE_* constants instead
 	 *
-	 * @param \WebPage $oPage
-	 * @param bool $bEditMode Note that this parameter is no longer used in this method. Use {@see static::$sDisplayMode} instead
-	 *
-	 * @return array UIBlocks to be inserted in the "subtitle" and the "toolbar" sections of the ObjectDetails block. eg. ['subtitle' => [<BLOCK1>, <BLOCK2>], 'toolbar' => [<BLOCK3>]]
+	 * @return array{
+	 *       subtitle: \Combodo\iTop\Application\UI\Base\UIBlock[],
+	 *       toolbar: \Combodo\iTop\Application\UI\Base\UIBlock[]
+	 *    }
+	 *    blocks to be inserted in the "subtitle" and the "toolbar" sections of the ObjectDetails block.
+	 *    eg. ['subtitle' => [<BLOCK1>, <BLOCK2>], 'toolbar' => [<BLOCK3>]]
 	 *
 	 * @throws \ApplicationException
 	 * @throws \ArchivedObjectException
@@ -356,7 +360,10 @@ JS
 	 * @throws \MySQLException
 	 * @throws \OQLException
 	 *
-	 * @since 3.0.0 $bEditMode is deprecated and no longer used
+	 * @since 3.0.0 $bEditMode is deprecated, see param documentation above
+	 * @since 3.0.0 Changed signature: Method must return header content in an array (no more writing directly to the $oPage)
+	 *
+	 * @noinspection PhpUnusedParameterInspection
 	 */
 	public function DisplayBareHeader(WebPage $oPage, $bEditMode = false)
 	{
@@ -747,7 +754,7 @@ HTML
 				$oClassIcon = new MedallionIcon(MetaModel::GetClassIcon($sTargetClass, false));
 				$oClassIcon->SetDescription($oAttDef->GetDescription())->AddCSSClass('ibo-block-list--medallion');
 				$oPage->AddUiBlock($oClassIcon);
-				
+
 				$sDisplayValue = ''; // not used
 				$sHTMLValue = "<span id=\"field_{$sInputId}\">".self::GetFormElementForField($oPage, $sClass, $sAttCode,
 						$oAttDef, $oLinkSet, $sDisplayValue, $sInputId, '', $iFlags, $aArgs).'</span>';
@@ -2159,7 +2166,7 @@ HTML;
 					$sDisplayValueForHtml = utils::EscapeHtml($sDisplayValue);
 					$sHTMLValue = <<<HTML
 <div class="field_input_zone field_input_datetime ibo-input-wrapper ibo-input-datetime-wrapper" data-validation="untouched">
-	<input title="{$sHelpText}" class="datetime-pick ibo-input ibo-input-datetime" type="text" size="19" {$sPlaceholderValue} name="attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}" value="{$sDisplayValueForHtml}" id="{$iId}" autoomplete="off" />
+	<input title="{$sHelpText}" class="datetime-pick ibo-input ibo-input-datetime" type="text" size="19" {$sPlaceholderValue} name="attr_{$sFieldPrefix}{$sAttCode}{$sNameSuffix}" value="{$sDisplayValueForHtml}" id="{$iId}" autocomplete="off" />
 </div>{$sValidationSpan}{$sReloadSpan}
 HTML;
 					break;
@@ -3957,7 +3964,7 @@ HTML;
 				}
 				elseif ($iFlags & OPT_ATT_SLAVE)
 				{
-					$aErrors[$sAttCode] = Dict::Format('UI:AttemptingToSetASlaveAttribute_Name', $oAttDef->GetLabel());
+					$aErrors[$sAttCode] = Dict::Format('UI:AttemptingToSetASlaveAttribute_Name', $oAttDef->GetLabel(), $sAttCode);
 				}
 				else
 				{
@@ -5114,7 +5121,7 @@ HTML
 							if ($sAttCode != MetaModel::GetStateAttributeCode($sClass) || !MetaModel::HasLifecycle($sClass)) {
 								$sValueCheckbox = '<input type="checkbox" class="ibo-field--enable-bulk--checkbox" id="enable_'.$iFormId.'_'.$sAttCode.'" onClick="ToggleField(this.checked, \''.$iFormId.'_'.$sAttCode.'\')"/>';
 							}
-							$aComments[$sAttCode] .= '<div class="multi_values ibo-field--enable-bulk ibo-pill ibo-is-failure" id="multi_values_'.$sAttCode.'" data-tooltip-content="'.$sTip.'" data-tooltip-html-enabled="true">'.$iCount.$sValueCheckbox.'</div>';
+							$aComments[$sAttCode] .= '<div class="multi_values ibo-field--enable-bulk ibo-pill ibo-is-failure" id="multi_values_'.$sAttCode.'" data-tooltip-content="'.$sTip.'" data-tooltip-html-enabled="true" data-tooltip-append-to="body">'.$iCount.$sValueCheckbox.'</div>';
 						}
 						$sReadyScript .= 'ToggleField('.(($iCount == 1) ? 'true' : 'false').', \''.$iFormId.'_'.$sAttCode.'\');'."\n";
 					}
@@ -5232,11 +5239,14 @@ EOF
 			} else {
 				$sStatus = $bResult ? Dict::S('UI:BulkModifyStatusModified') : Dict::S('UI:BulkModifyStatusSkipped');
 			}
-			$sChecked = $bResult ? 'checked' : '';
+
+			$aErrorsToDisplay = array_map(function($sError) {
+				return utils::HtmlEntities($sError);
+			}, $aErrors);
 			$aRows[] = array(
 				'object' => $oObj->GetHyperlink(),
 				'status' => $sStatus,
-				'errors' => '<p>'.($bResult ? '' : implode('</p><p>', $aErrors)).'</p>',
+				'errors' => '<p>'.($bResult ? '' : implode('</p><p>', $aErrorsToDisplay)).'</p>',
 			);
 			if ($bResult && (!$bPreview)) {
 				$oObj->DBUpdate();
@@ -5245,7 +5255,7 @@ EOF
 		set_time_limit(intval($iPreviousTimeLimit));
 		$oTable = DataTableUIBlockFactory::MakeForForm('BulkModify', $aHeaders, $aRows);
 		$oTable->AddOption("bFullscreen", true);
-		
+
 		$oPanel = PanelUIBlockFactory::MakeForClass($sClass, '');
 		$oPanel->SetIcon($sClassIcon);
 		$oPanel->SetTitle($sHeaderTitle);
@@ -5451,13 +5461,13 @@ EOF
 					$oFailAlertBlock = AlertUIBlockFactory::MakeForDanger('', Dict::S('UI:Delete:SorryDeletionNotAllowed'));
 					$oFailAlertBlock->SetIsClosable(false);
 					$oP->AddUiBlock($oFailAlertBlock);
-				} 
+				}
 				else {
 					$oWarningAlertBlock = AlertUIBlockFactory::MakeForWarning('', Dict::S('UI:Delete:PleaseDoTheManualOperations'));
 					$oWarningAlertBlock->SetIsClosable(false);
 					$oP->AddUiBlock($oWarningAlertBlock);
 				}
-				
+
 				$oForm = FormUIBlockFactory::MakeStandard('');
 				$oP->AddSubBlock($oForm);
 				$oForm->AddSubBlock(InputUIBlockFactory::MakeForHidden('transaction_id', utils::ReadParam('transaction_id', '', false, 'transaction_id')));

application/dashboard.class.inc.php

@@ -789,6 +789,7 @@ class RuntimeDashboard extends Dashboard
 
 	/**
 	 * @inheritDoc
+	 * @return bool $bIsNew
 	 * @throws \Exception
 	 */
 	public function Save()
@@ -798,6 +799,7 @@ class RuntimeDashboard extends Dashboard
 		$oUDSearch->AddCondition('user_id', UserRights::GetUserId(), '=');
 		$oUDSearch->AddCondition('menu_code', $this->sId, '=');
 		$oUDSet = new DBObjectSet($oUDSearch);
+		$bIsNew = false;
 		if ($oUDSet->Count() > 0)
 		{
 			// Assuming there is at most one couple {user, menu}!
@@ -811,10 +813,12 @@ class RuntimeDashboard extends Dashboard
 			$oUserDashboard->Set('user_id', UserRights::GetUserId());
 			$oUserDashboard->Set('menu_code', $this->sId);
 			$oUserDashboard->Set('contents', $sXml);
+			$bIsNew = true;
 		}
 		utils::PushArchiveMode(false);
 		$oUserDashboard->DBWrite();
 		utils::PopArchiveMode();
+		return $bIsNew;
 	}
 
 	/**

application/dashlet.class.inc.php

@@ -262,7 +262,7 @@ abstract class Dashlet
 			}
 		} catch (OqlException $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
-			$oDashletContainer->AddHtml('<p>'.$e->GetUserFriendlyDescription().'</p>');
+			$oDashletContainer->AddHtml('<p>'.utils::HtmlEntities($e->GetUserFriendlyDescription()).'</p>');
 		} catch (Exception $e) {
 			$oDashletContainer->AddCSSClass("dashlet-content");
 			$oDashletContainer->AddHtml('<p>'.$e->getMessage().'</p>');

application/displayblock.class.inc.php

@@ -1054,6 +1054,11 @@ JS
 			$oBlock->AddSubBlock($oPill);
 		}
 		$aExtraParams['query_params'] = $this->m_oFilter->GetInternalParams();
+		if(isset($aExtraParams['query_params']['this->object()'])){
+			$aExtraParams['query_params']['this->class'] = get_class($aExtraParams['query_params']['this->object()']);
+			$aExtraParams['query_params']['this->id'] = 	$aExtraParams['query_params']['this->object()']->GetKey();
+			unset($aExtraParams['query_params']['this->object()']);
+		}
 		$aRefreshParams = ['filter' => $this->m_oFilter->ToOQL(), "extra_params" => json_encode($aExtraParams)];
 		$oBlock->SetJSRefresh(
 			"$('#".$oBlock->GetId()."').block();
@@ -1202,6 +1207,7 @@ JS
 				$sTitle = Dict::Format($sFormat, $iTotalCount);
 				$oBlock = PanelUIBlockFactory::MakeForClass($aExtraParams["panel_class"], $aExtraParams["panel_title"]);
 				$oBlock->AddSubTitleBlock(new Html($sTitle));
+				$oBlock->AddCSSClass('ibo-datatable-panel');
 				if(isset($aExtraParams["panel_icon"]) && strlen($aExtraParams["panel_icon"]) > 0){
 					$oBlock->SetIcon($aExtraParams["panel_icon"]);
 				}

application/exceptions/CoreCannotSaveObjectException.php

@@ -44,15 +44,15 @@ class CoreCannotSaveObjectException extends CoreException
 	public function getHtmlMessage()
 	{
 		$sTitle = Dict::S('UI:Error:SaveFailed');
-		$sContent = "<span><strong>{$sTitle}</strong></span>";
+		$sContent = "<span><strong>".utils::HtmlEntities($sTitle)."</strong></span>";
 
 		if (count($this->aIssues) == 1) {
 			$sIssue = reset($this->aIssues);
-			$sContent .= " <span>{$sIssue}</span>";
+			$sContent .= " <span>".utils::HtmlEntities($sIssue)."</span>";
 		} else {
 			$sContent .= '<ul>';
 			foreach ($this->aIssues as $sError) {
-				$sContent .= "<li>$sError</li>";
+				$sContent .= "<li>".utils::HtmlEntities($sError)."</li>";
 			}
 			$sContent .= '</ul>';
 		}

application/forms.class.inc.php

@@ -1272,7 +1272,7 @@ class DesignerComboField extends DesignerFormField
 		$sChecked = $this->defaultValue ? 'checked' : '';
 		$sMandatory = $this->bMandatory ? 'true' :  'false';
 		$sReadOnly = $this->IsReadOnly() ? 'disabled="disabled"' :  '';
-		if ($this->IsSorted())
+		if ($this->IsSorted() )
 		{
 			asort($this->aAllowedValues);
 		}
@@ -1320,18 +1320,14 @@ class DesignerComboField extends DesignerFormField
 					$sHtml .= "<option value=\"\">".$this->sNullLabel."</option>";
 				}
 			}
-			foreach($this->aAllowedValues as $sKey => $sDisplayValue)
-			{
-				if ($this->bMultipleSelection)
-				{
+			foreach ($this->aAllowedValues as $sKey => $sDisplayValue) {
+				if ($this->bMultipleSelection) {
 					$sSelected = in_array($sKey, $this->defaultValue) ? 'selected' : '';
-				}
-				else
-				{
+				} else {
 					$sSelected = ($sKey == $this->defaultValue) ? 'selected' : '';
 				}
 				// Quick and dirty: display the menu parents as a tree
-				$sHtmlValue = str_replace(' ', '&nbsp;', htmlentities($sDisplayValue, ENT_QUOTES, 'UTF-8'));
+				$sHtmlValue = str_replace(' ', '&nbsp;', $sDisplayValue);
 				$sHtml .= "<option value=\"".htmlentities($sKey, ENT_QUOTES, 'UTF-8')."\" $sSelected>$sHtmlValue</option>";
 			}
 			$sHtml .= "</select></span>";

application/loginbasic.class.inc.php

@@ -62,6 +62,7 @@ class LoginBasic extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -70,8 +71,7 @@ class LoginBasic extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'basic')
 		{
-			list($sAuthUser) = $this->GetAuthUserAndPassword();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}

application/loginexternal.class.inc.php

@@ -45,6 +45,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -53,8 +54,7 @@ class LoginExternal extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'external')
 		{
-			$sAuthUser = $this->GetAuthUser();
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'external', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'external', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}

application/loginform.class.inc.php

@@ -71,6 +71,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -82,17 +83,8 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
 	{
 		if (Session::Get('login_mode') == 'form')
 		{
-			if (Session::IsSet('auth_user'))
-			{
-				// If FSM reenter this state (example 2FA) then the auth_user is not resubmitted
-				$sAuthUser = Session::Get('auth_user');
-			}
-			else
-			{
-				$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
-			}
 			// Store 'auth_user' in session for further use
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}

application/loginurl.class.inc.php

@@ -60,6 +60,7 @@ class LoginURL extends AbstractLoginFSMExtension
 				$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
 				return LoginWebPage::LOGIN_FSM_ERROR;
 			}
+			Session::Set('auth_user', $sAuthUser);
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}
@@ -68,8 +69,7 @@ class LoginURL extends AbstractLoginFSMExtension
 	{
 		if (Session::Get('login_mode') == 'url')
 		{
-			$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
-			LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', Session::Get('login_mode'));
+			LoginWebPage::OnLoginSuccess(Session::Get('auth_user'), 'internal', Session::Get('login_mode'));
 		}
 		return LoginWebPage::LOGIN_FSM_CONTINUE;
 	}

application/loginwebpage.class.inc.php

@@ -112,7 +112,7 @@ class LoginWebPage extends NiceWebPage
 	 */
 	public static function SynchronizeProfiles(&$oUser, array $aProfiles, $sOrigin)
 	{
-		$oProfilesSet = $oUser->Get(‘profile_list’);
+		$oProfilesSet = $oUser->Get('profile_list');
 		//delete old profiles
 		$aExistingProfiles = [];
 		while ($oProfile = $oProfilesSet->Fetch())
@@ -241,7 +241,7 @@ class LoginWebPage extends NiceWebPage
 				}
 
 				// This token allows the user to change the password without knowing the previous one
-				$sToken = substr(md5(APPROOT.uniqid()), 0, 16);
+				$sToken = bin2hex(random_bytes(32));
 				$oUser->Set('reset_pwd_token', $sToken);
 				CMDBObject::SetTrackInfo('Reset password');
 				$oUser->AllowWrite(true);

application/menunode.class.inc.php

@@ -5,12 +5,11 @@
  */
 
 use Combodo\iTop\Application\Helper\WebResourcesHelper;
-use Combodo\iTop\Application\UI\Base\Component\Title\Title;
-use Combodo\iTop\Application\UI\Base\Component\Title\TitleUIBlockFactory;
 
 require_once(APPROOT.'/application/utils.inc.php');
 require_once(APPROOT.'/application/template.class.inc.php');
 require_once(APPROOT."/application/user.dashboard.class.inc.php");
+require_once(APPROOT."/setup/parentmenunodecompiler.class.inc.php");
 
 
 /**
@@ -105,7 +104,7 @@ class ApplicationMenu
 	{
 		self::$sFavoriteSiloQuery = $sOQL;
 	}
-	
+
 	/**
 	 * Get the query used to limit the list of displayed organizations in the drop-down menu
 	 * @return string The OQL query returning a list of Organization objects
@@ -267,12 +266,31 @@ class ApplicationMenu
 			/** @var \MenuGroup $oMenuNode */
 			$oMenuNode = static::GetMenuNode($sMenuGroupIdx);
 
+			if (!($oMenuNode instanceof MenuGroup)) {
+				IssueLog::Error('Menu node was not displayed as a menu group as it is actually not a menu group', LogChannels::CONSOLE, [
+					'menu_node_class' => get_class($oMenuNode),
+					'menu_node_label' => $oMenuNode->GetLabel(),
+				]);
+				continue;
+			}
+
+			$aSubMenuNodes = static::GetSubMenuNodes($sMenuGroupIdx, $aExtraParams);
+			if (! ParentMenuNodeCompiler::$bUseLegacyMenuCompilation && !($oMenuNode instanceof ShortcutMenuNode)){
+				if (is_array($aSubMenuNodes) && 0 === sizeof($aSubMenuNodes)){
+					IssueLog::Error('Empty menu node not displayed', LogChannels::CONSOLE, [
+						'menu_node_class' => get_class($oMenuNode),
+						'menu_node_label' => $oMenuNode->GetLabel(),
+					]);
+					continue;
+				}
+			}
+
 			$aMenuGroups[] = [
 				'sId' => $oMenuNode->GetMenuID(),
 				'sIconCssClasses' => $oMenuNode->GetDecorationClasses(),
 				'sInitials' => $oMenuNode->GetInitials(),
 				'sTitle' => $oMenuNode->GetTitle(),
-				'aSubMenuNodes' => static::GetSubMenuNodes($sMenuGroupIdx, $aExtraParams),
+				'aSubMenuNodes' => $aSubMenuNodes,
 			];
 		}
 
@@ -519,7 +537,7 @@ EOF
 
 		return -1;
 	}
-	
+
 	/**
 	 * Retrieves the currently active menu (if any, otherwise the first menu is the default)
 	 * @return string The Id of the currently active menu
@@ -527,7 +545,7 @@ EOF
 	public static function GetActiveNodeId()
 	{
 		$oAppContext = new ApplicationContext();
-		$sMenuId = $oAppContext->GetCurrentValue('menu', null);		
+		$sMenuId = $oAppContext->GetCurrentValue('menu', null);
 		if ($sMenuId  === null)
 		{
 			$sMenuId = self::GetDefaultMenuId();
@@ -637,7 +655,7 @@ abstract class MenuNode
 
 	/**
 	 * Stimulus to check: if the user can 'apply' this stimulus, then she/he can see this menu
-	 */	
+	 */
 	protected $m_aEnableStimuli;
 
 	/**
@@ -655,8 +673,7 @@ abstract class MenuNode
 		$this->sMenuId = $sMenuId;
 		$this->iParentIndex = $iParentIndex;
 		$this->aReflectionProperties = array();
-		if (strlen($sEnableClass) > 0)
-		{
+		if (utils::IsNotNullOrEmptyString($sEnableClass)) {
 			$this->aReflectionProperties['enable_class'] = $sEnableClass;
 			$this->aReflectionProperties['enable_action'] = $iActionCode;
 			$this->aReflectionProperties['enable_permission'] = $iAllowedResults;
@@ -799,7 +816,7 @@ abstract class MenuNode
 	{
 		return false;
 	}
-	
+
 	/**
 	 * Add a limiting display condition for the same menu node. The conditions will be combined with a AND
 	 * @param $oMenuNode MenuNode Another definition of the same menu node, with potentially different access restriction
@@ -972,7 +989,7 @@ class TemplateMenuNode extends MenuNode
 	 * @var string
 	 */
 	protected $sTemplateFile;
-	
+
 	/**
 	 * Create a menu item based on a custom template and inserts it into the application's main menu
 	 * @param string $sMenuId Unique identifier of the menu (used to identify the menu for bookmarking, and for getting the labels from the dictionary)
@@ -1043,7 +1060,7 @@ class OQLMenuNode extends MenuNode
 	 * @var bool|null
 	 */
 	protected $bSearchFormOpen;
-	
+
 	/**
 	 * Extra parameters to be passed to the display block to fine tune its appearence
 	 */
@@ -1076,7 +1093,7 @@ class OQLMenuNode extends MenuNode
 		// Enhancement: we could set as the "enable" condition that the user has enough rights to "read" the objects
 		// of the class specified by the OQL...
 	}
-	
+
 	/**
 	 * Set some extra parameters to be passed to the display block to fine tune its appearence
 	 * @param array $aParams paramCode => value. See DisplayBlock::GetDisplay for the meaning of the parameters
@@ -1104,7 +1121,7 @@ class OQLMenuNode extends MenuNode
 			'Menu_'.$this->GetMenuId(),
 			$this->bSearch, // Search pane
 			$this->bSearchFormOpen, // Search open
-			$oPage, 
+			$oPage,
 			array_merge($this->m_aParams, $aExtraParams),
 			true
 		);
@@ -1338,10 +1355,10 @@ class NewObjectMenuNode extends MenuNode
 	{
 		// Enable this menu, only if the current user has enough rights to create such an object, or an object of
 		// any child class
-	
+
 		$aSubClasses = MetaModel::EnumChildClasses($this->sClass, ENUM_CHILD_CLASSES_ALL); // Including the specified class itself
 		$bActionIsAllowed = false;
-	
+
 		foreach($aSubClasses as $sCandidateClass)
 		{
 			if (!MetaModel::IsAbstract($sCandidateClass) && (UserRights::IsActionAllowed($sCandidateClass, UR_ACTION_MODIFY) == UR_ALLOWED_YES))
@@ -1350,7 +1367,7 @@ class NewObjectMenuNode extends MenuNode
 				break; // Enough for now
 			}
 		}
-		return $bActionIsAllowed;		
+		return $bActionIsAllowed;
 	}
 
 	/**
@@ -1492,7 +1509,7 @@ class DashboardMenuNode extends MenuNode
 			throw new Exception("Error: failed to load dashboard file: '{$this->sDashboardFile}'");
 		}
 	}
-	
+
 }
 
 /**
@@ -1533,7 +1550,7 @@ class ShortcutContainerMenuNode extends MenuNode
 			$sName = $this->GetMenuId().'_'.$oShortcut->GetKey();
 			new ShortcutMenuNode($sName, $oShortcut, $this->GetIndex(), $fRank++);
 		}
-	
+
 		// Complete the tree
 		//
 		parent::PopulateChildMenus();

application/ui.extkeywidget.class.inc.php

@@ -5,6 +5,7 @@
  */
 
 use Combodo\iTop\Application\UI\Base\Component\Form\FormUIBlockFactory;
+use Combodo\iTop\Application\UI\Base\Component\Input\InputUIBlockFactory;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlockUIBlockFactory;
 use Combodo\iTop\Core\MetaModel\FriendlyNameType;
 
@@ -211,14 +212,23 @@ class UIExtKeyWidget
 			$sClassAllowed = $oAllowedValues->GetClass();
 			$bAddingValue = false;
 
+			// N°4792 - load only the required fields
+			$aFieldsToLoad = [];
+
 			$aComplementAttributeSpec = MetaModel::GetNameSpec($oAllowedValues->GetClass(), FriendlyNameType::COMPLEMENTARY);
 			$sFormatAdditionalField = $aComplementAttributeSpec[0];
 			$aAdditionalField = $aComplementAttributeSpec[1];
 
 			if (count($aAdditionalField) > 0) {
 				$bAddingValue = true;
+				$aFieldsToLoad[$sClassAllowed] = $aAdditionalField;
 			}
 			$sObjectImageAttCode = MetaModel::GetImageAttributeCode($sClassAllowed);
+			if (!empty($sObjectImageAttCode)) {
+				$aFieldsToLoad[$sClassAllowed][] = $sObjectImageAttCode;
+			}
+			$aFieldsToLoad[$sClassAllowed][] = 'friendlyname';
+			$oAllowedValues->OptimizeColumnLoad($aFieldsToLoad);
 			$bInitValue = false;
 			while ($oObj = $oAllowedValues->Fetch()) {
 				$aOption = [];
@@ -314,12 +324,12 @@ EOF
 EOF
 			);
 			$sHTMLValue .= "<div class=\"ibo-input-select--action-buttons\">";
-			$sHTMLValue .= "	<div class=\"ibo-input-select--action-button ibo-input-select--action-button--clear ibo-is-hidden\"  id=\"mini_clear_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Clear();\" data-tooltip-content='".Dict::S('UI:Button:Clear')."'><i class=\"fas fa-times\"></i></div>";
+			$sHTMLValue .= "	<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--clear ibo-is-hidden\"  id=\"mini_clear_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Clear();\" data-tooltip-content='".Dict::S('UI:Button:Clear')."'><i class=\"fas fa-times\"></i></a>";
 		}
 		if ($bCreate && $bExtensions) {
 			$sCallbackName = (MetaModel::IsAbstract($this->sTargetClass)) ? 'SelectObjectClass' : 'CreateObject';
 
-			$sHTMLValue .= "<div class=\"ibo-input-select--action-button ibo-input-select--action-button--create\" id=\"mini_add_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.{$sCallbackName}();\" data-tooltip-content='".Dict::S('UI:Button:Create')."'><i class=\"fas fa-plus\"></i></div>";
+			$sHTMLValue .= "<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--create\" id=\"mini_add_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.{$sCallbackName}();\" data-tooltip-content='".Dict::S('UI:Button:Create')."'><i class=\"fas fa-plus\"></i></a>";
 			$oPage->add_ready_script(
 				<<<JS
 		if ($('#ajax_{$this->iId}').length == 0)
@@ -330,7 +340,7 @@ JS
 			);
 		}
 		if ($bExtensions && MetaModel::IsHierarchicalClass($this->sTargetClass) !== false) {
-			$sHTMLValue .= "<div class=\"ibo-input-select--action-button ibo-input-select--action-button--hierarchy\" id=\"mini_tree_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.HKDisplay();\" data-tooltip-content='".Dict::S('UI:Button:SearchInHierarchy')."'><i class=\"fas fa-sitemap\"></i></div>";
+			$sHTMLValue .= "<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--hierarchy\" id=\"mini_tree_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.HKDisplay();\" data-tooltip-content='".Dict::S('UI:Button:SearchInHierarchy')."'><i class=\"fas fa-sitemap\"></i></a>";
 			$oPage->add_ready_script(
 				<<<JS
 			if ($('#ac_tree_{$this->iId}').length == 0)
@@ -341,7 +351,7 @@ JS
 			);
 		}
 		if ($oAllowedValues->CountExceeds($iMaxComboLength)) {
-			$sHTMLValue .= "	<div class=\"ibo-input-select--action-button ibo-input-select--action-button--search\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\" data-tooltip-content='".Dict::S('UI:Button:Search')."'><i class=\"fas fa-search\"></i></div>";
+			$sHTMLValue .= "	<a href=\"#\" class=\"ibo-input-select--action-button ibo-input-select--action-button--search\"  id=\"mini_search_{$this->iId}\" onClick=\"oACWidget_{$this->iId}.Search();\" data-tooltip-content='".Dict::S('UI:Button:Search')."'><i class=\"fas fa-search\"></i></a>";
 		}
 		$sHTMLValue .= "</div>";
 		$sHTMLValue .= "</div>";
@@ -769,16 +779,14 @@ JS
      * @param DBObject $oObj The current object for the OQL context
      * @param string $sContains The text of the autocomplete to filter the results
      * @param string $sOutputFormat
-     * @param null $sOperation for the values @see ValueSetObjects->LoadValues()
+     * @param null $sOperation for the values @see ValueSetObjects->LoadValues() not used since 3.0.0
      *
      * @throws CoreException
      * @throws OQLException
      *
      * @since 2.7.7 3.0.1 3.1.0 N°3129 Remove default value for $oObj for PHP 8.0 compatibility
      */
-	public function AutoComplete(
-		WebPage $oP, $sFilter, $oObj, $sContains, $sOutputFormat = self::ENUM_OUTPUT_FORMAT_CSV, $sOperation = null
-	)
+	public function AutoComplete(WebPage $oP, $sFilter, $oObj, $sContains, $sOutputFormat = self::ENUM_OUTPUT_FORMAT_CSV, $sOperation = null	)
 	{
 		if (is_null($sFilter)) {
 			throw new Exception('Implementation: null value for allowed values definition');
@@ -792,13 +800,13 @@ JS
 		$oValuesSet->SetSort(false);
 		$oValuesSet->SetModifierProperty('UserRightsGetSelectFilter', 'bSearchMode', $this->bSearchMode);
 		$oValuesSet->SetLimit($iMax);
-		$aValuesContains = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'start_with');
-		asort($aValuesContains);
-		$aValues = $aValuesContains;
+		$aValuesStartWith = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'start_with');
+		asort($aValuesStartWith);
+		$aValues = $aValuesStartWith;
 		if (sizeof($aValues) < $iMax) {
 			$aValuesContains = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains, 'contains');
 			asort($aValuesContains);
-			$iSize = sizeof($aValuesContains);
+			$iSize = sizeof($aValues);
 			foreach ($aValuesContains as $sKey => $sFriendlyName)
 			{
 				if (!isset($aValues[$sKey]))
@@ -814,7 +822,9 @@ JS
 		elseif (!in_array($sContains, $aValues))
 		{
 			$aValuesEquals = $oValuesSet->GetValuesForAutocomplete(array('this' => $oObj, 'current_extkey_id' => $iCurrentExtKeyId), $sContains,	'equals');
-			$aValues = array_merge($aValuesEquals, $aValues);
+			// Note: Here we cannot use array_merge as it would reindex the numeric keys starting from 0 when keys are actually the objects ID.
+			// As a workaround we use array_replace as it does preserve numeric keys. It's ok if some values from $aValuesEquals are replaced with values from $aValues as they contain the same data.
+			$aValues = array_replace($aValuesEquals, $aValues);
 		}
 
 		switch($sOutputFormat)
@@ -895,7 +905,7 @@ JS
 	{
         // For security reasons: check that the "proposed" class is actually a subclass of the linked class
         // and that the current user is allowed to create objects of this class
-        $aSubClasses = MetaModel::EnumChildClasses($this->sTargetClass);
+        $aSubClasses = MetaModel::EnumChildClasses($this->sTargetClass, ENUM_CHILD_CLASSES_ALL);
         $aPossibleClasses = array();
         foreach($aSubClasses as $sCandidateClass)
         {
@@ -915,6 +925,7 @@ JS
 		$sDialogTitleEscaped = addslashes($sDialogTitle);
         $oPage->add_ready_script("$('#ac_create_$this->iId').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true, title: '$sDialogTitleEscaped'});\n");
         $oPage->add_ready_script("$('#ac_create_{$this->iId} form').removeAttr('onsubmit');");
+        $oPage->add_ready_script("$('#ac_create_{$this->iId} form').find('select').attr('id', 'ac_create_{$this->iId}_select');");
         $oPage->add_ready_script("$('#ac_create_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoSelectObjectClass);");
 	}
 
@@ -973,7 +984,7 @@ HTML
 		);
 
 		$oPage->add_ready_script(<<<JS
-$('#ac_create_{$this->iId}').dialog({ width: 'auto', height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true});
+$('#ac_create_{$this->iId}').dialog({ width: $(window).width() * 0.6, height: 'auto', maxHeight: $(window).height() - 50, autoOpen: false, modal: true});
 $('#dcr_{$this->iId} form').removeAttr('onsubmit');
 $('#dcr_{$this->iId} form').on('submit.uilinksWizard', oACWidget_{$this->iId}.DoCreateObject);
 JS

application/utils.inc.php

@@ -21,6 +21,8 @@ use Combodo\iTop\Application\Helper\Session;
 use Combodo\iTop\Application\UI\Base\iUIBlock;
 use Combodo\iTop\Application\UI\Base\Layout\UIContentBlock;
 use ScssPhp\ScssPhp\Compiler;
+use ScssPhp\ScssPhp\OutputStyle;
+use ScssPhp\ScssPhp\ValueConverter;
 
 
 /**
@@ -97,6 +99,11 @@ class utils
 	 * @since 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_RAW_DATA = 'raw_data';
+	/**
+	 * @var string
+	 * @since 3.0.2, 3.1.0 N°4899
+	 */
+	public const ENUM_SANITIZATION_FILTER_URL = 'url';
 
 	/**
 	 * @var string
@@ -377,6 +384,7 @@ class utils
 	 * @since 2.5.2 2.6.0 new 'transaction_id' filter
 	 * @since 2.7.0 new 'element_identifier' filter
 	 * @since 3.0.0 new utils::ENUM_SANITIZATION_* const
+	 * @since 2.7.7, 3.0.2, 3.1.0 N°4899 - new 'url' filter
 	 */
 	protected static function Sanitize_Internal($value, $sSanitizationFilter)
 	{
@@ -454,6 +462,11 @@ class utils
 				$retValue = preg_replace('/[^a-zA-Z0-9_]/', '', $value);
 				break;
 
+			// For URL
+			case static::ENUM_SANITIZATION_FILTER_URL:
+				$retValue = filter_var($value, FILTER_SANITIZE_URL);
+				break;
+
 			default:
 			case static::ENUM_SANITIZATION_FILTER_RAW_DATA:
 				$retValue = $value;
@@ -1930,19 +1943,23 @@ class utils
 	public static function CompileCSSFromSASS($sSassContent, $aImportPaths = array(), $aVariables = array())
 	{
 		$oSass = new Compiler();
-		$oSass->setFormatter('ScssPhp\\ScssPhp\\Formatter\\Compressed');
+		$oSass->setOutputStyle(OutputStyle::COMPRESSED);
 		// Setting our variables
-		$oSass->setVariables($aVariables);
+		$aScssVariables = [];
+		foreach ($aVariables as $entry => $value) {
+			$aScssVariables[$entry] = ValueConverter::parseValue($value);
+		}
+		$oSass->addVariables($aScssVariables);
 		// Setting our imports paths
 		$oSass->setImportPaths($aImportPaths);
 		// Temporary disabling max exec time while compiling
 		$iCurrentMaxExecTime = (int) ini_get('max_execution_time');
 		set_time_limit(0);
 		// Compiling SASS
-		$sCss = $oSass->compile($sSassContent);
+		$sCss = $oSass->compileString($sSassContent);
 		set_time_limit(intval($iCurrentMaxExecTime));
 
-		return $sCss;
+		return $sCss->getCss();
 	}
 	
 	public static function GetImageSize($sImageData)
@@ -2819,6 +2836,54 @@ HTML;
 		return $aPrefs[$sShortcutId];
 	}
 
+	//----------------------------------------------
+	// PHP function helpers
+	//----------------------------------------------
+
+	/**
+	 * Helper around the native strlen() PHP method to keep allowing usage of null value when computing the length of a string as null value is no longer allowed with PHP 8.1+
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return int Length of $sString, 0 if null
+	 * @since 3.0.2 N°5172
+	 */
+	public static function StrLen(?string $sString): int
+	{
+		return strlen($sString ?? '');
+	}
+
+	/**
+	 * Helper around the native strlen() PHP method to test a string for null or empty value
+	 *
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return bool if string null or empty
+	 * @since 3.0.2 N°5302
+	 */
+	public static function IsNullOrEmptyString(?string $sString): bool
+	{
+		return $sString === null || strlen($sString) === 0;
+	}
+
+	/**
+	 * Helper around the native strlen() PHP method to test a string not null or empty value
+	 *
+	 * @link https://www.php.net/releases/8.1/en.php#deprecations_and_bc_breaks "Passing null to non-nullable internal function parameters is deprecated"
+	 *
+	 * @param string|null $sString
+	 *
+	 * @return bool if string is not null and not empty
+	 * @since 3.0.2 N°5302
+	 */
+	public static function IsNotNullOrEmptyString(?string $sString): bool
+	{
+		return !static::IsNullOrEmptyString($sString);
+	}
+
 	//----------------------------------------------
 	// Environment helpers
 	//----------------------------------------------

approot.inc.php

@@ -23,6 +23,6 @@ define('ITOP_DESIGN_LATEST_VERSION', '3.0');
  * @used-by utils::GetItopVersionWikiSyntax()
  * @used-by iTopModulesPhpVersionIntegrationTest
  */
-define('ITOP_CORE_VERSION', '3.0.1');
+define('ITOP_CORE_VERSION', '3.0.2');
 
 require_once APPROOT.'bootstrap.inc.php';

composer.json

@@ -1,6 +1,8 @@
 {
+  "name": "combodo/itop",
+  "description": "IT Operations Portal",
   "type": "project",
-  "license": "AGPLv3",
+  "license": "AGPL-3.0-only",
   "require": {
     "php": ">=7.1.3 <8.0.0",
     "ext-ctype": "*",
@@ -10,18 +12,23 @@
     "ext-json": "*",
     "ext-mysqli": "*",
     "ext-soap": "*",
-    "combodo/tcpdf": "6.3.5",
-    "nikic/php-parser": "^4.12.0",
-    "pear/archive_tar": "1.4.14",
-    "pelago/emogrifier": "3.1.0",
-    "scssphp/scssphp": "1.0.6",
-    "swiftmailer/swiftmailer": "5.4.12",
+    "combodo/tcpdf": "~6.4.4",
+    "guzzlehttp/guzzle": "^6.5.8",
+    "laminas/laminas-mail": "^2.11",
+    "laminas/laminas-servicemanager": "^3.5",
+    "league/oauth2-google": "^3.0",
+    "nikic/php-parser": "~4.13.2",
+    "pear/archive_tar": "~1.4.14",
+    "pelago/emogrifier": "~3.1.0",
+    "scssphp/scssphp": "^1.10.3",
+    "swiftmailer/swiftmailer": "~6.3.0",
     "symfony/console": "~3.4.47",
     "symfony/dotenv": "~3.4.47",
     "symfony/framework-bundle": "~3.4.47",
-    "symfony/polyfill-php70": "1.*",
     "symfony/twig-bundle": "~3.4.47",
-    "symfony/yaml": "~3.4.47"
+    "symfony/yaml": "~3.4.47",
+    "thenetworg/oauth2-azure": "^2.0",
+    "twig/twig": "~1.43.1"
   },
   "require-dev": {
     "symfony/stopwatch": "~3.4.47",
@@ -54,12 +61,6 @@
       "sources"
     ],
     "exclude-from-classmap": [
-      "core/dbobjectsearch.class.php",
-      "core/legacy/dbobjectsearchlegacy.class.php",
-      "core/querybuildercontext.class.inc.php",
-      "core/legacy/querybuildercontextlegacy.class.inc.php",
-      "core/querybuilderexpressions.class.inc.php",
-      "core/legacy/querybuilderexpressionslegacy.class.inc.php",
       "core/oql/build/PHP/",
       "core/apc-emulation.php",
       "application/startup.inc.php",

core/action.class.inc.php

@@ -200,6 +200,17 @@ abstract class ActionNotification extends Action
  */
 class ActionEmail extends ActionNotification
 {
+	/**
+	 * @var string
+	 * @since 3.0.1
+	 */
+	const ENUM_HEADER_NAME_MESSAGE_ID = 'Message-ID';
+	/**
+	 * @var string
+	 * @since 3.0.1
+	 */
+	const ENUM_HEADER_NAME_REFERENCES = 'References';
+
 	/**
 	 * @inheritDoc
 	 */
@@ -207,13 +218,13 @@ class ActionEmail extends ActionNotification
 	{
 		$aParams = array
 		(
-			"category" => "grant_by_profile,core/cmdb,application",
-			"key_type" => "autoincrement",
-			"name_attcode" => "name",
-			"state_attcode" => "",
-			"reconc_keys" => array('name'),
-			"db_table" => "priv_action_email",
-			"db_key_field" => "id",
+			"category"            => "grant_by_profile,core/cmdb,application",
+			"key_type"            => "autoincrement",
+			"name_attcode"        => "name",
+			"state_attcode"       => "",
+			"reconc_keys"         => array('name'),
+			"db_table"            => "priv_action_email",
+			"db_key_field"        => "id",
 			"db_finalclass_field" => "",
 		);
 		MetaModel::Init_Params($aParams);
@@ -266,7 +277,7 @@ class ActionEmail extends ActionNotification
 	protected function FindRecipients($sRecipAttCode, $aArgs)
 	{
 		$sOQL = $this->Get($sRecipAttCode);
-		if (strlen($sOQL) == '') return '';
+		if (strlen($sOQL) === 0) return '';
 
 		try
 		{
@@ -416,9 +427,8 @@ class ActionEmail extends ActionNotification
 			$sBody = MetaModel::ApplyParams($this->Get('body'), $aContextArgs);
 
 			$oObj = $aContextArgs['this->object()'];
-			$sMessageId = sprintf('iTop_%s_%d_%f@%s.openitop.org', get_class($oObj), $oObj->GetKey(), microtime(true /* get as float*/),
-				MetaModel::GetEnvironmentId());
-			$sReference = '<'.$sMessageId.'>';
+			$sMessageId = $this->GenerateIdentifierForHeaders($oObj, static::ENUM_HEADER_NAME_MESSAGE_ID);
+			$sReference = $this->GenerateIdentifierForHeaders($oObj, static::ENUM_HEADER_NAME_REFERENCES);
 		}
 		catch (Exception $e) {
 			/** @noinspection PhpUnhandledExceptionInspection */
@@ -456,8 +466,7 @@ class ActionEmail extends ActionNotification
 
 		$oEmail = new EMail();
 
-		if ($this->IsBeingTested())
-		{
+		if ($this->IsBeingTested()) {
 			$oEmail->SetSubject('TEST['.$sSubject.']');
 			$sTestBody = $sBody;
 			$sTestBody .= "<div style=\"border: dashed;\">\n";
@@ -467,8 +476,8 @@ class ActionEmail extends ActionNotification
 			$sTestBody .= "<li>TO: $sTo</li>\n";
 			$sTestBody .= "<li>CC: $sCC</li>\n";
 			$sTestBody .= "<li>BCC: $sBCC</li>\n";
-			$sTestBody .= empty($sFromLabel) ? "<li>From: $sFrom</li>\n": "<li>From: $sFromLabel &lt;$sFrom&gt;</li>\n";
-			$sTestBody .= empty($sReplyToLabel) ? "<li>Reply-To: $sReplyTo</li>\n": "<li>Reply-To: $sReplyToLabel &lt;$sReplyTo&gt;</li>\n";
+			$sTestBody .= empty($sFromLabel) ? "<li>From: $sFrom</li>\n" : "<li>From: $sFromLabel &lt;$sFrom&gt;</li>\n";
+			$sTestBody .= empty($sReplyToLabel) ? "<li>Reply-To: $sReplyTo</li>\n" : "<li>Reply-To: $sReplyToLabel &lt;$sReplyTo&gt;</li>\n";
 			$sTestBody .= "<li>References: $sReference</li>\n";
 			$sTestBody .= "</ul>\n";
 			$sTestBody .= "</p>\n";
@@ -478,9 +487,9 @@ class ActionEmail extends ActionNotification
 			$oEmail->SetRecipientFrom($sFrom, $sFromLabel);
 			$oEmail->SetReferences($sReference);
 			$oEmail->SetMessageId($sMessageId);
-		}
-		else
-		{
+			// Note: N°4849 We pass the "References" identifier instead of the "Message-ID" on purpose as we want notifications emails to group around the triggering iTop object, not just the users' replies to the notification
+			$oEmail->SetInReplyTo($sReference);
+		} else {
 			$oEmail->SetSubject($sSubject);
 			$oEmail->SetBody($sBody, 'text/html', $sStyles);
 			$oEmail->SetRecipientTO($sTo);
@@ -490,6 +499,8 @@ class ActionEmail extends ActionNotification
 			$oEmail->SetRecipientReplyTo($sReplyTo, $sReplyToLabel);
 			$oEmail->SetReferences($sReference);
 			$oEmail->SetMessageId($sMessageId);
+			// Note: N°4849 We pass the "References" identifier instead of the "Message-ID" on purpose as we want notifications emails to group around the triggering iTop object, not just the users' replies to the notification
+			$oEmail->SetInReplyTo($sReference);
 		}
 
 		if (isset($aContextArgs['attachments']))
@@ -516,26 +527,64 @@ class ActionEmail extends ActionNotification
 				{
 					case EMAIL_SEND_OK:
 						return "Sent";
-	
+
 					case EMAIL_SEND_PENDING:
 						return "Pending";
-	
+
 					case EMAIL_SEND_ERROR:
 						return "Errors: ".implode(', ', $aErrors);
 				}
 			}
-		}
-		else
-		{
-			if (is_array($this->m_aMailErrors) && count($this->m_aMailErrors) > 0)
-			{
+		} else {
+			if (is_array($this->m_aMailErrors) && count($this->m_aMailErrors) > 0) {
 				$sError = implode(', ', $this->m_aMailErrors);
-			}
-			else
-			{
+			} else {
 				$sError = 'Unknown reason';
 			}
+
 			return 'Notification was not sent: '.$sError;
 		}
 	}
+
+	/**
+	 * @param \DBObject $oObject
+	 * @param string $sHeaderName {@see \ActionEmail::ENUM_HEADER_NAME_REFERENCES}, {@see \ActionEmail::ENUM_HEADER_NAME_MESSAGE_ID}
+	 *
+	 * @return string The formatted identifier for $sHeaderName based on $oObject
+	 * @throws \Exception
+	 * @since 3.0.1 N°4849
+	 */
+	protected function GenerateIdentifierForHeaders(DBObject $oObject, string $sHeaderName): string
+	{
+		$sObjClass = get_class($oObject);
+		$sObjId = $oObject->GetKey();
+		$sAppName = utils::Sanitize(ITOP_APPLICATION_SHORT, '', utils::ENUM_SANITIZATION_FILTER_VARIABLE_NAME);
+
+		switch ($sHeaderName) {
+			case static::ENUM_HEADER_NAME_MESSAGE_ID:
+			case static::ENUM_HEADER_NAME_REFERENCES:
+				// Prefix
+				$sPrefix = sprintf('%s_%s_%d', $sAppName, $sObjClass, $sObjId);
+				if ($sHeaderName === static::ENUM_HEADER_NAME_MESSAGE_ID) {
+					$sPrefix .= sprintf('_%f', microtime(true /* get as float*/));
+				}
+				// Suffix
+				$sSuffix = sprintf('@%s.openitop.org', MetaModel::GetEnvironmentId());
+				// Identifier
+				$sIdentifier = $sPrefix.$sSuffix;
+				if ($sHeaderName === static::ENUM_HEADER_NAME_REFERENCES) {
+					$sIdentifier = "<$sIdentifier>";
+				}
+
+				return $sIdentifier;
+		}
+
+		// Requested header name invalid
+		$sErrorMessage = sprintf('%s: Could not generate identifier for header "%s", only %s are supported', static::class, $sHeaderName, implode(' / ', [static::ENUM_HEADER_NAME_MESSAGE_ID, static::ENUM_HEADER_NAME_REFERENCES]));
+		IssueLog::Error($sErrorMessage, LogChannels::NOTIFICATIONS, [
+			'Object' => $sObjClass.'::'.$sObjId.' ('.$oObject->GetRawName().')',
+			'Action' => get_class($this).'::'.$this->GetKey().' ('.$this->GetRawName().')',
+		]);
+		throw new Exception($sErrorMessage);
+	}
 }

core/asynctask.class.inc.php

@@ -293,7 +293,7 @@ abstract class AsyncTask extends DBObject
 			$this->Set('remaining_retries', $this->GetMaxRetries($iErrorCode));
 		}
 
-		$this->Set('last_error', $sErrorMessage);
+		$this->SetTrim('last_error', $sErrorMessage);
 		$this->Set('last_error_code', $iErrorCode); // Note: can be ZERO !!!
 		$this->Set('last_attempt', time());
 

core/attributedef.class.inc.php

@@ -1685,7 +1685,7 @@ class AttributeLinkedSet extends AttributeDefinition
 					{
 						if ($sObjClass == $this->GetLinkedClass())
 						{
-							// Simplify the output if the exact class could be determined implicitely 
+							// Simplify the output if the exact class could be determined implicitely
 							continue;
 						}
 					}
@@ -2007,7 +2007,7 @@ class AttributeLinkedSet extends AttributeDefinition
 					{
 						if ($sObjClass == $this->GetLinkedClass())
 						{
-							// Simplify the output if the exact class could be determined implicitely 
+							// Simplify the output if the exact class could be determined implicitely
 							continue;
 						}
 					}
@@ -2412,7 +2412,7 @@ class AttributeDBFieldVoid extends AttributeDefinition
 		return false;
 	}
 
-	// 
+	//
 	protected function ScalarToSQL($value)
 	{
 		return $value;
@@ -4587,7 +4587,13 @@ class AttributeCaseLog extends AttributeLongText
 			{
 				if (strlen($proposedValue) > 0)
 				{
-					$oCaseLog->AddLogEntry($proposedValue);
+					//N°5135 - add impersonation information in caselog
+					if (UserRights::IsImpersonated()){
+						$sOnBehalfOf = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUserFriendlyName(), UserRights::GetUserFriendlyName());
+						$oCaseLog->AddLogEntry($proposedValue, $sOnBehalfOf, UserRights::GetConnectedUserId());
+					} else {
+						$oCaseLog->AddLogEntry($proposedValue);
+					}
 				}
 			}
 			$ret = $oCaseLog;
@@ -5394,7 +5400,7 @@ class AttributeEnum extends AttributeString
 	{
 		if (is_null($sValue))
 		{
-			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label		
+			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label
 			$sLabel = Dict::S('Class:'.$this->GetHostClass().'/Attribute:'.$this->GetCode().'/Value:'.$sValue,
 				Dict::S('Enum:Undefined'));
 		}
@@ -5416,7 +5422,7 @@ class AttributeEnum extends AttributeString
 	{
 		if (is_null($sValue))
 		{
-			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label		
+			// Unless a specific label is defined for the null value of this enum, use a generic "undefined" label
 			$sDescription = Dict::S('Class:'.$this->GetHostClass().'/Attribute:'.$this->GetCode().'/Value:'.$sValue.'+',
 				Dict::S('Enum:Undefined'));
 		}
@@ -7213,7 +7219,7 @@ class AttributeExternalField extends AttributeDefinition
 
 	protected function GetSQLCol($bFullSpec = false)
 	{
-		// throw new CoreException("external attribute: does it make any sense to request its type ?");  
+		// throw new CoreException("external attribute: does it make any sense to request its type ?");
 		$oExtAttDef = $this->GetExtAttDef();
 
 		return $oExtAttDef->GetSQLCol($bFullSpec);
@@ -9262,7 +9268,7 @@ class AttributeSubItem extends AttributeDefinition
 		return $res;
 	}
 
-	// 
+	//
 //	protected function ScalarToSQL($value) {return $value;} // format value as a valuable SQL literal (quoted outside)
 
 	public function FromSQLToValue($aCols, $sPrefix = '')

core/bulkchange.class.inc.php

@@ -11,7 +11,7 @@ define('UTF8_BOM', chr(239).chr(187).chr(191)); // 0xEF, 0xBB, 0xBF
 
 /**
  * CellChangeSpec
- * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given cell: could it be changed or not (and why)?
  *
  * @package     iTopORM
  */
@@ -42,6 +42,17 @@ abstract class CellChangeSpec
 		return $this->m_sOql;
 	}
 
+	/**
+	 * @since 3.1.0 N°5305
+	 */
+	public function GetDisplayableValueAndDescription(): string
+	{
+		return sprintf("%s%s",
+			$this->GetDisplayableValue(),
+			$this->GetDescription()
+		);
+	}
+
 	abstract public function GetDescription();
 }
 
@@ -86,26 +97,90 @@ class CellStatus_Issue extends CellStatus_Modify
 		parent::__construct($proposedValue, $previousValue);
 	}
 
-	public function GetDescription()
+	public function GetDisplayableValue()
 	{
 		if (is_null($this->m_proposedValue))
 		{
-			return Dict::Format('UI:CSVReport-Value-SetIssue', $this->m_sReason);
+			return Dict::Format('UI:CSVReport-Value-SetIssue');
 		}
-		return Dict::Format('UI:CSVReport-Value-ChangeIssue', $this->m_proposedValue, $this->m_sReason);
+		return Dict::Format('UI:CSVReport-Value-ChangeIssue', \utils::EscapeHtml($this->m_proposedValue));
+	}
+
+	public function GetDescription()
+	{
+		return $this->m_sReason;
+	}
+	/*
+	 * @since 3.1.0 N°5305
+	 */
+	public function GetDisplayableValueAndDescription(): string
+	{
+		return sprintf("%s. %s",
+			$this->GetDisplayableValue(),
+			$this->GetDescription()
+		);
 	}
 }
 
 class CellStatus_SearchIssue extends CellStatus_Issue
 {
-	public function __construct()
+	/** @var string|null $m_sAllowedValues */
+	private $m_sAllowedValues;
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @var string $sSerializedSearch
+	 */
+	private $sSerializedSearch;
+
+	/** @var string|null $m_sTargetClass */
+	private $m_sTargetClass;
+
+	/**
+	 * CellStatus_SearchIssue constructor.
+	 * @since 3.1.0 N°5305
+	 *
+	 * @param string $sOql : main message
+	 * @param string $sReason : main message
+	 * @param null $sClass : used for additional message that provides allowed values for current class $sClass
+	 * @param null $sAllowedValues : used for additional message that provides allowed values $sAllowedValues for current class
+	 */
+	public function __construct($sSerializedSearch, $sReason, $sClass=null, $sAllowedValues=null)
 	{
-		parent::__construct(null, null, null);
+		parent::__construct(null, null, $sReason);
+		$this->sSerializedSearch = $sSerializedSearch;
+		$this->m_sAllowedValues = $sAllowedValues;
+		$this->m_sTargetClass = $sClass;
+	}
+
+	public function GetDisplayableValue()
+	{
+		if (null === $this->m_sReason) {
+			return Dict::Format('UI:CSVReport-Value-NoMatch', '');
+		}
+
+		return $this->m_sReason;
 	}
 
 	public function GetDescription()
 	{
-		return Dict::S('UI:CSVReport-Value-NoMatch');
+		if (\utils::IsNullOrEmptyString($this->m_sAllowedValues) ||
+			\utils::IsNullOrEmptyString($this->m_sTargetClass)) {
+			return '';
+		}
+
+		return Dict::Format('UI:CSVReport-Value-NoMatch-PossibleValues', $this->m_sTargetClass, $this->m_sAllowedValues);
+	}
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @return string
+	 */
+	public function GetSearchLinkUrl()
+	{
+		return sprintf("UI.php?operation=search&filter=%s",
+			rawurlencode($this->sSerializedSearch)
+		);
 	}
 }
 
@@ -126,11 +201,24 @@ class CellStatus_NullIssue extends CellStatus_Issue
 class CellStatus_Ambiguous extends CellStatus_Issue
 {
 	protected $m_iCount;
+	/**
+	 * @since 3.1.0 N°5305
+	 * @var string
+	 */
+	protected $sSerializedSearch;
 
-	public function __construct($previousValue, $iCount, $sOql)
+	/**
+	 * @since 3.1.0 N°5305
+	 *
+	 * @param $previousValue
+	 * @param int $iCount
+	 * @param string $sSerializedSearch
+	 *
+	 */
+	public function __construct($previousValue, $iCount, $sSerializedSearch)
 	{
 		$this->m_iCount = $iCount;
-		$this->m_sQuery = $sOql;
+		$this->sSerializedSearch = $sSerializedSearch;
 		parent::__construct(null, $previousValue, '');
 	}
 
@@ -139,12 +227,23 @@ class CellStatus_Ambiguous extends CellStatus_Issue
 		$sCount = $this->m_iCount;
 		return Dict::Format('UI:CSVReport-Value-Ambiguous', $sCount);
 	}
+
+	/**
+	 * @since 3.1.0 N°5305
+	 * @return string
+	 */
+	public function GetSearchLinkUrl()
+	{
+		return sprintf("UI.php?operation=search&filter=%s",
+			rawurlencode($this->sSerializedSearch)
+		);
+	}
 }
 
 
 /**
  * RowStatus
- * A series of classes, keeping the information about a given row: could it be changed or not (and why)?  
+ * A series of classes, keeping the information about a given row: could it be changed or not (and why)?
  *
  * @package     iTopORM
  */
@@ -211,6 +310,26 @@ class RowStatus_Issue extends RowStatus
 	}
 }
 
+/**
+ * class dedicated to testability
+ * not used/ignored in csv imports UI/CLI
+ * @since 3.1.0 N°5305
+ */
+class RowStatus_Error extends RowStatus
+{
+	/** @var string */
+	protected $m_sError;
+
+	public function __construct($sError)
+	{
+		$this->m_sError = $sError;
+	}
+
+	public function GetDescription()
+	{
+		return $this->m_sError;
+	}
+}
 
 /**
  * BulkChange
@@ -220,17 +339,35 @@ class RowStatus_Issue extends RowStatus
  */
 class BulkChange
 {
-	protected $m_sClass; 
+	/** @var string */
+	protected $m_sClass;
 	protected $m_aData; // Note: hereafter, iCol maybe actually be any acceptable key (string)
 	// #@# todo: rename the variables to sColIndex
-	protected $m_aAttList; // attcode => iCol
-	protected $m_aExtKeys; // aExtKeys[sExtKeyAttCode][sExtReconcKeyAttCode] = iCol;
-	protected $m_aReconcilKeys; // attcode (attcode = 'id' for the pkey)
-	protected $m_sSynchroScope; // OQL - if specified, then the missing items will be reported
-	protected $m_aOnDisappear; // array of attcode => value, values to be set when an object gets out of scope (ignored if no scope has been defined)
-	protected $m_sDateFormat; // Date format specification, see DateTime::createFromFormat
-	protected $m_bLocalizedValues; // Values in the data set are localized (see AttributeEnum)
-	protected $m_aExtKeysMappingCache; // Cache for resolving external keys based on the given search criterias
+	/** @var array<string, string> attcode as key, iCol as value */
+	protected $m_aAttList;
+	/** @var array<string, array<string, string>> sExtKeyAttCode as key, array of sExtReconcKeyAttCode/iCol as value */
+	protected $m_aExtKeys;
+	/** @var string[] list of attcode (attcode = 'id' for the pkey) */
+	protected $m_aReconcilKeys;
+	/** @var string OQL - if specified, then the missing items will be reported */
+	protected $m_sSynchroScope;
+	/**
+	 * @var array<string, mixed> attcode as key, attvalue as value. Values to be set when an object gets out of scope
+	 *                          (ignored if no scope has been defined)
+	 */
+	protected $m_aOnDisappear;
+	/**
+	 * @see DateTime::createFromFormat
+	 * @var string Date format specification
+	 */
+	protected $m_sDateFormat;
+	/**
+	 * @see AttributeEnum
+	 * @var boolean true if Values in the data set are localized
+	 */
+	protected $m_bLocalizedValues;
+	/** @var array Cache for resolving external keys based on the given search criterias */
+	protected $m_aExtKeysMappingCache;
 
 	public function __construct($sClass, $aData, $aAttList, $aExtKeys, $aReconcilKeys, $sSynchroScope = null, $aOnDisappear = null, $sDateFormat = null, $bLocalize = false)
 	{
@@ -261,30 +398,30 @@ class BulkChange
 		$this->m_sReportCsvSep = $sSeparator;
 		$this->m_sReportCsvDelimiter = $sDelimiter;
 	}
-   
+
 	protected function ResolveExternalKey($aRowData, $sAttCode, &$aResults)
 	{
 		$oExtKey = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
 		$oReconFilter = new DBObjectSearch($oExtKey->GetTargetClass());
-		foreach ($this->m_aExtKeys[$sAttCode] as $sForeignAttCode => $iCol)
+		foreach ($this->m_aExtKeys[$sAttCode] as $sReconKeyAttCode => $iCol)
 		{
-			if ($sForeignAttCode == 'id')
+			if ($sReconKeyAttCode == 'id')
 			{
 				$value = (int) $aRowData[$iCol];
 			}
 			else
 			{
 				// The foreign attribute is one of our reconciliation key
-				$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sForeignAttCode);
+				$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sReconKeyAttCode);
 				$value = $oForeignAtt->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 			}
-			$oReconFilter->AddCondition($sForeignAttCode, $value, '=');
+			$oReconFilter->AddCondition($sReconKeyAttCode, $value, '=');
 			$aResults[$iCol] = new CellStatus_Void(utils::HtmlEntities($aRowData[$iCol]));
 		}
 
 		$oExtObjects = new CMDBObjectSet($oReconFilter);
 		$aKeys = $oExtObjects->ToArray();
-		return array($oReconFilter->ToOql(), $aKeys);
+		return array($oReconFilter, $aKeys);
 	}
 
 	// Returns true if the CSV data specifies that the external key must be left undefined
@@ -318,10 +455,10 @@ class BulkChange
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys reconciliation
 		//
-		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
+		foreach($this->m_aExtKeys as $sAttCode => $aReconKeys)
 		{
 			// Skip external keys used for the reconciliation process
 			// if (!array_key_exists($sAttCode, $this->m_aAttList)) continue;
@@ -330,7 +467,7 @@ class BulkChange
 
 			if ($this->IsNullExternalKeySpec($aRowData, $sAttCode))
 			{
-				foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+				foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 				{
 					// Default reporting
 					// $aRowData[$iCol] is always null
@@ -352,25 +489,24 @@ class BulkChange
 				$oReconFilter = new DBObjectSearch($oExtKey->GetTargetClass());
 
 				$aCacheKeys = array();
-				foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+				foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 				{
 					// The foreign attribute is one of our reconciliation key
-					if ($sForeignAttCode == 'id')
+					if ($sReconKeyAttCode == 'id')
 					{
 						$value = $aRowData[$iCol];
 					}
 					else
 					{
-						$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sForeignAttCode);
+						$oForeignAtt = MetaModel::GetAttributeDef($oExtKey->GetTargetClass(), $sReconKeyAttCode);
 						$value = $oForeignAtt->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 					}
 					$aCacheKeys[] = $value;
-					$oReconFilter->AddCondition($sForeignAttCode, $value, '=');
+					$oReconFilter->AddCondition($sReconKeyAttCode, $value, '=');
 					$aResults[$iCol] = new CellStatus_Void(utils::HtmlEntities($aRowData[$iCol]));
 				}
 				$sCacheKey = implode('_|_', $aCacheKeys); // Unique key for this query...
 				$iForeignKey = null;
-				$sOQL = '';
 				// TODO: check if *too long* keys can lead to collisions... and skip the cache in such a case...
 				if (!array_key_exists($sAttCode, $this->m_aExtKeysMappingCache))
 				{
@@ -379,9 +515,8 @@ class BulkChange
 				if (array_key_exists($sCacheKey, $this->m_aExtKeysMappingCache[$sAttCode]))
 				{
 					// Cache hit
-					$iCount = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['c'];
+					$iObjectFoundCount = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['c'];
 					$iForeignKey = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['k'];
-					$sOQL = $this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['oql'];
 					// Record the hit
 					$this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey]['h']++;
 				}
@@ -389,34 +524,35 @@ class BulkChange
 				{
 					// Cache miss, let's initialize it
 					$oExtObjects = new CMDBObjectSet($oReconFilter);
-					$iCount = $oExtObjects->Count();
-					if ($iCount == 1)
+					$iObjectFoundCount = $oExtObjects->Count();
+					if ($iObjectFoundCount == 1)
 					{
 						$oForeignObj = $oExtObjects->Fetch();
 						$iForeignKey = $oForeignObj->GetKey();
 					}
 					$this->m_aExtKeysMappingCache[$sAttCode][$sCacheKey] = array(
-						'c' => $iCount,
+						'c' => $iObjectFoundCount,
 						'k' => $iForeignKey,
 						'oql' => $oReconFilter->ToOql(),
 						'h' => 0, // number of hits on this cache entry
 					);
 				}
-				switch($iCount)
+				switch($iObjectFoundCount)
 				{
 					case 0:
-					$aErrors[$sAttCode] = Dict::S('UI:CSVReport-Value-Issue-NotFound');
-					$aResults[$sAttCode]= new CellStatus_SearchIssue();
-					break;
-					
+						$oCellStatus_SearchIssue = $this->GetCellSearchIssue($oReconFilter);
+						$aResults[$sAttCode] = $oCellStatus_SearchIssue;
+						$aErrors[$sAttCode] = Dict::S('UI:CSVReport-Value-Issue-NotFound');
+						break;
+
 					case 1:
-					// Do change the external key attribute
-					$oTargetObj->Set($sAttCode, $iForeignKey);
-					break;
-					
+						// Do change the external key attribute
+						$oTargetObj->Set($sAttCode, $iForeignKey);
+						break;
+
 					default:
-					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-FoundMany', $iCount);
-					$aResults[$sAttCode]= new CellStatus_Ambiguous($oTargetObj->Get($sAttCode), $iCount, $sOQL);
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-FoundMany', $iObjectFoundCount);
+						$aResults[$sAttCode]= new CellStatus_Ambiguous($oTargetObj->Get($sAttCode), $iObjectFoundCount, $oReconFilter->serialize());
 				}
 			}
 
@@ -433,7 +569,7 @@ class BulkChange
 					else
 					{
 						$aResults[$sAttCode]= new CellStatus_Modify($iForeignObj, $oTargetObj->GetOriginal($sAttCode));
-						foreach ($aKeyConfig as $sForeignAttCode => $iCol)
+						foreach ($aReconKeys as $sReconKeyAttCode => $iCol)
 						{
 							// Report the change on reconciliation values as well
 							$aResults[$iCol] = new CellStatus_Modify(utils::HtmlEntities($aRowData[$iCol]));
@@ -446,7 +582,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Set the object attributes
 		//
 		foreach ($this->m_aAttList as $sAttCode => $iCol)
@@ -487,7 +623,13 @@ class BulkChange
 				$value = $oAttDef->MakeValueFromString($aRowData[$iCol], $this->m_bLocalizedValues);
 				if (is_null($value) && (strlen($aRowData[$iCol]) > 0))
 				{
-					$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-NoMatch', $sAttCode);
+					if ($oAttDef instanceof AttributeEnum || $oAttDef instanceof AttributeTagSet){
+						/** @var AttributeDefinition $oAttributeDefinition */
+						$oAttributeDefinition = $oAttDef;
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-AllowedValues', $sAttCode, implode(',', $oAttributeDefinition->GetAllowedValues()));
+					} else {
+						$aErrors[$sAttCode] = Dict::Format('UI:CSVReport-Value-Issue-NoMatch', $sAttCode);
+					}
 				}
 				else
 				{
@@ -504,7 +646,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -556,7 +698,7 @@ class BulkChange
 				}
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -567,12 +709,101 @@ class BulkChange
 		}
 		return $aResults;
 	}
-	
+
+	/**
+	 * search with current permissions did not match
+	 * let's search why and give some more feedbacks to the user through proper labels
+	 *
+	 * @param DBObjectSearch $oDbSearchWithConditions search used to find external key
+	 *
+	 * @return \CellStatus_SearchIssue
+	 * @throws \CoreException
+	 * @throws \MissingQueryArgument
+	 * @throws \MySQLException
+	 * @throws \MySQLHasGoneAwayException
+	 *
+	 * @since 3.1.0 N°5305
+	 */
+	protected function GetCellSearchIssue($oDbSearchWithConditions) : CellStatus_SearchIssue {
+		//current search with current permissions did not match
+		//let's search why and give some more feedback to the user
+
+		$sSerializedSearch = $oDbSearchWithConditions->serialize();
+
+		// Count all objects with all permissions without any condition
+		$oDbSearchWithoutAnyCondition = new DBObjectSearch($oDbSearchWithConditions->GetClass());
+		$oDbSearchWithoutAnyCondition->AllowAllData(true);
+		$oExtObjectSet = new CMDBObjectSet($oDbSearchWithoutAnyCondition);
+		$iAllowAllDataObjectCount = $oExtObjectSet->Count();
+
+		if ($iAllowAllDataObjectCount === 0) {
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		// Count all objects with current user permissions
+		$oDbSearchWithoutAnyCondition->AllowAllData(false);
+		$oExtObjectSetWithCurrentUserPermissions = new CMDBObjectSet($oDbSearchWithoutAnyCondition);
+		$iCurrentUserRightsObjectCount = $oExtObjectSetWithCurrentUserPermissions->Count();
+
+		if ($iCurrentUserRightsObjectCount === 0){
+			// No objects visible by current user
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject-ForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		try{
+			$aDisplayedAllowedValues = [];
+			// Possibles values are displayed to UI user. we have to limit the amount of displayed values
+			$oExtObjectSetWithCurrentUserPermissions->SetLimit(4);
+			for($i = 0; $i < 3; $i++){
+				/** @var \DBObject $oVisibleObject */
+				$oVisibleObject = $oExtObjectSetWithCurrentUserPermissions->Fetch();
+				if (is_null($oVisibleObject)){
+					break;
+				}
+
+				$aCurrentAllowedValueFields = [];
+				foreach ($oDbSearchWithConditions->GetInternalParams() as $sForeignAttCode => $sValue){
+					$aCurrentAllowedValueFields[] = $oVisibleObject->Get($sForeignAttCode);
+				}
+				$aDisplayedAllowedValues[] = implode(" ", $aCurrentAllowedValueFields);
+
+			}
+			$allowedValues = implode(", ", $aDisplayedAllowedValues);
+			if ($oExtObjectSetWithCurrentUserPermissions->Count() > 3){
+				$allowedValues .= "...";
+			}
+		} catch(Exception $e) {
+			IssueLog::Error("failure during CSV import when fetching few visible objects: ", null,
+				[ 'target_class' => $oDbSearchWithConditions->GetClass(), 'criteria' => $oDbSearchWithConditions->GetCriteria(), 'message' => $e->getMessage()]
+			);
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-NoObject-ForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason);
+		}
+
+		if ($iAllowAllDataObjectCount != $iCurrentUserRightsObjectCount) {
+			// No match and some objects NOT visible by current user. including current search maybe...
+			$sReason = Dict::Format('UI:CSVReport-Value-NoMatch-SomeObjectNotVisibleForCurrentUser', $oDbSearchWithConditions->GetClass());
+			return new CellStatus_SearchIssue($sSerializedSearch, $sReason, $oDbSearchWithConditions->GetClass(), $allowedValues);
+		}
+
+		// No match. This is not linked to any right issue
+		// Possible values: DD,DD
+		$aCurrentValueFields = [];
+		foreach ($oDbSearchWithConditions->GetInternalParams() as $sValue){
+			$aCurrentValueFields[] = $sValue;
+		}
+		$value =implode(" ", $aCurrentValueFields);
+		$sReason = Dict::Format('UI:CSVReport-Value-NoMatch', $value);
+		return new CellStatus_SearchIssue($sSerializedSearch, $sReason, $oDbSearchWithConditions->GetClass(), $allowedValues);
+	}
+
 	protected function PrepareMissingObject(&$oTargetObj, &$aErrors)
 	{
 		$aResults = array();
 		$aErrors = array();
-	
+
 		// External keys
 		//
 		foreach($this->m_aExtKeys as $sAttCode => $aKeyConfig)
@@ -585,7 +816,7 @@ class BulkChange
 				$aResults[$iCol] = new CellStatus_Void('?');
 			}
 		}
-	
+
 		// Update attributes
 		//
 		foreach($this->m_aOnDisappear as $sAttCode => $value)
@@ -596,7 +827,7 @@ class BulkChange
 			}
 			$oTargetObj->Set($sAttCode, $value);
 		}
-	
+
 		// Reporting on fields
 		//
 		$aChangedFields = $oTargetObj->ListChanges();
@@ -616,7 +847,7 @@ class BulkChange
 				$aResults[$iCol]= new CellStatus_Void($oTargetObj->Get($sAttCode));
 			}
 		}
-	
+
 		// Checks
 		//
 		$res = $oTargetObj->CheckConsistency();
@@ -674,14 +905,16 @@ class BulkChange
 		}
 
 		$aResult[$iRow] = $this->PrepareObject($oTargetObj, $aRowData, $aErrors);
-	
+
 		if (count($aErrors) > 0)
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return $oTargetObj;
 		}
-	
+
 		// Check that any external key will have a value proposed
 		$aMissingKeys = array();
 		foreach (MetaModel::GetExternalKeys($this->m_sClass) as $sExtKeyAttCode => $oExtKey)
@@ -689,7 +922,7 @@ class BulkChange
 			if (!$oExtKey->IsNullAllowed())
 			{
 				if (!array_key_exists($sExtKeyAttCode, $this->m_aExtKeys) && !array_key_exists($sExtKeyAttCode, $this->m_aAttList))
-				{ 
+				{
 					$aMissingKeys[] = $oExtKey->GetLabel();
 				}
 			}
@@ -745,14 +978,16 @@ class BulkChange
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Modify(count($aChangedFields));
-	
+
 			// Optionaly record the results
 			//
 			if ($oChange)
@@ -794,9 +1029,11 @@ class BulkChange
 		{
 			$sErrors = implode(', ', $aErrors);
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Attribute'));
+			//__ERRORS__ used by tests only
+			$aResult[$iRow]["__ERRORS__"] = new RowStatus_Error($sErrors);
 			return;
 		}
-	
+
 		$aChangedFields = $oTargetObj->ListChanges();
 		if (count($aChangedFields) > 0)
 		{
@@ -821,7 +1058,7 @@ class BulkChange
 			$aResult[$iRow]["__STATUS__"] = new RowStatus_Disappeared(0);
 		}
 	}
-	
+
 	public function Process(CMDBChange $oChange = null)
 	{
 		if ($oChange)
@@ -866,7 +1103,7 @@ class BulkChange
 			foreach ($this->m_aAttList as $sAttCode => $iCol)
 			{
 				if ($sAttCode == 'id') continue;
-				
+
 				$oAttDef = MetaModel::GetAttributeDef($this->m_sClass, $sAttCode);
 				if ($oAttDef instanceof AttributeDateTime) // AttributeDate is derived from AttributeDateTime
 				{
@@ -881,14 +1118,18 @@ class BulkChange
 								$sFormat = $sDateFormat;
 							}
 							$oFormat = new DateTimeFormat($sFormat);
+							$sDateExample = $oFormat->Format(new DateTime('2022-10-23 16:25:33'));
 							$sRegExp = $oFormat->ToRegExpr('/');
-							if (!preg_match($sRegExp, $this->m_aData[$iRow][$iCol]))
+							$sErrorMsg = Dict::Format('UI:CSVReport-Row-Issue-ExpectedDateFormat', $sDateExample);
+							if (!preg_match($sRegExp, $sValue))
 							{
 								$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
+								$aResult[$iRow][$iCol] = new CellStatus_Issue(utils::HtmlEntities($sValue), null, $sErrorMsg);
+
 							}
 							else
 							{
-								$oDate = DateTime::createFromFormat($sFormat, $this->m_aData[$iRow][$iCol]);
+								$oDate = DateTime::createFromFormat($sFormat, $sValue);
 								if ($oDate !== false)
 								{
 									$sNewDate = $oDate->format($oAttDef->GetInternalFormat());
@@ -898,7 +1139,7 @@ class BulkChange
 								{
 									// Leave the cell unchanged
 									$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
-									$aResult[$iRow][$sAttCode] = new CellStatus_Issue(null, utils::HtmlEntities($this->m_aData[$iRow][$iCol]), Dict::S('UI:CSVReport-Row-Issue-DateFormat'));
+									$aResult[$iRow][$iCol] = new CellStatus_Issue($sValue, null, $sErrorMsg);
 								}
 							}
 						}
@@ -952,23 +1193,26 @@ class BulkChange
 						else
 						{
 							// The value has to be found or verified
-							list($sQuery, $aMatches) = $this->ResolveExternalKey($aRowData, $sAttCode, $aResult[$iRow]);
-		
+
+							/** var DBObjectSearch $oReconFilter */
+							list($oReconFilter, $aMatches) = $this->ResolveExternalKey($aRowData, $sAttCode, $aResult[$iRow]);
+
 							if (count($aMatches) == 1)
 							{
 								$oRemoteObj = reset($aMatches); // first item
 								$valuecondition = $oRemoteObj->GetKey();
 								$aResult[$iRow][$sAttCode] = new CellStatus_Void($oRemoteObj->GetKey());
-							} 					
+							}
 							elseif (count($aMatches) == 0)
 							{
-								$aResult[$iRow][$sAttCode] = new CellStatus_SearchIssue();
-							} 					
+								$oCellStatus_SearchIssue = $this->GetCellSearchIssue($oReconFilter);
+								$aResult[$iRow][$sAttCode] = $oCellStatus_SearchIssue;
+							}
 							else
 							{
-								$aResult[$iRow][$sAttCode] = new CellStatus_Ambiguous(null, count($aMatches), $sQuery);
+								$aResult[$iRow][$sAttCode] = new CellStatus_Ambiguous(null, count($aMatches), $oReconFilter->serialize());
 							}
-						} 					
+						}
 					}
 					else
 					{
@@ -1019,7 +1263,7 @@ class BulkChange
 					default:
 						// Found several matches, ambiguous
 						$aResult[$iRow]["__STATUS__"]= new RowStatus_Issue(Dict::S('UI:CSVReport-Row-Issue-Ambiguous'));
-						$aResult[$iRow]["id"]= new CellStatus_Ambiguous(0, $oReconciliationSet->Count(), $oReconciliationFilter->ToOql());
+						$aResult[$iRow]["id"]= new CellStatus_Ambiguous(0, $oReconciliationSet->Count(), $oReconciliationFilter->serialize());
 						$aResult[$iRow]["finalclass"]= 'n/a';
 					}
 				}
@@ -1110,7 +1354,7 @@ class BulkChange
 			}
 		}
 		$oBulkChanges->Seek(0);
-	
+
 		$aDetails = array();
 		while ($oChange = $oBulkChanges->Fetch())
 		{
@@ -1274,7 +1518,7 @@ EOF
 							$oOldTarget = MetaModel::GetObject($oAttDef->GetTargetClass(), $oOperation->Get('oldvalue'));
 							$sOldValue = $oOldTarget->GetHyperlink();
 						}
-						
+
 						$sNewValue = Dict::S('UI:UndefinedObject');
 						if ($oOperation->Get('newvalue') != 0)
 						{
@@ -1300,11 +1544,11 @@ EOF
 				}
 				else
 				{
-					$aAttributes[$sAttCode] = 1;				
+					$aAttributes[$sAttCode] = 1;
 				}
 			}
 		}
-		
+
 		$aDetails = array();
 		foreach($aObjects as $iUId => $aObjData)
 		{
@@ -1356,6 +1600,6 @@ EOF
 			$aConfig[$sAttCode] = array('label' => MetaModel::GetLabel($sClass, $sAttCode), 'description' => MetaModel::GetDescription($sClass, $sAttCode));
 		}
 		$oPage->table($aConfig, $aDetails);
-	}	
+	}
 }
 

core/cmdbchangeop.class.inc.php

@@ -79,22 +79,30 @@ class CMDBChangeOp extends DBObject implements iCMDBChangeOp
 
 	/**
 	 * @inheritDoc
-	 */	 
+	 */
 	public function GetDescription()
 	{
 		return '';
 	}
 
 	/**
-	 * Safety net: in case the change is not given, let's guarantee that it will
-	 * be set to the current ongoing change (or create a new one)	
-	 */	
+	 * Safety net:
+	 * * if change isn't persisted yet, use the current change and persist it if needed
+	 * * in case the change is not given, let's guarantee that it will be set to the current ongoing change (or create a new one)
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 do persist the current change if needed
+	 */
 	protected function OnInsert()
 	{
-		if ($this->Get('change') <= 0)
-		{
-			$this->Set('change', CMDBObject::GetCurrentChange());
+		$iChange = $this->Get('change');
+		if (($iChange <= 0) || (is_null($iChange))) {
+			$oChange = CMDBObject::GetCurrentChange();
+			if ($oChange->IsNew()) {
+				$oChange->DBWrite();
+			}
+			$this->Set('change', $oChange);
 		}
+
 		parent::OnInsert();
 	}
 }
@@ -353,7 +361,8 @@ class CMDBChangeOpSetAttributeURL extends CMDBChangeOpSetAttribute
 		);
 		MetaModel::Init_Params($aParams);
 		MetaModel::Init_InheritAttributes();
-		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values"=>null, "sql"=>"oldvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
+		//old value can have an old validation pattern -> force it to anything
+		MetaModel::Init_AddAttribute(new AttributeURL("oldvalue", array("allowed_values"=>null, "sql"=>"oldvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array(), "validation_pattern" => '.*')));
 		MetaModel::Init_AddAttribute(new AttributeURL("newvalue", array("allowed_values"=>null, "sql"=>"newvalue", "target" => '_blank', "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
 		
 		// Display lists

core/cmdbobject.class.inc.php

@@ -3,7 +3,7 @@
 //
 //   This file is part of iTop.
 //
-//   iTop is free software; you can redistribute it and/or modify	
+//   iTop is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU Affero General Public License as published by
 //   the Free Software Foundation, either version 3 of the License, or
 //   (at your option) any later version.
@@ -113,6 +113,26 @@ abstract class CMDBObject extends DBObject
 		self::$m_oCurrChange = $oChange;
 	}
 
+	/**
+	 * @param string $sUserInfo
+	 * @param string $sOrigin
+	 * @param \DateTime $oDate
+	 *
+	 * @throws \CoreException
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 new method to reset current change
+	 */
+	public static function SetCurrentChangeFromParams($sUserInfo, $sOrigin = null, $oDate = null)
+	{
+		static::SetTrackInfo($sUserInfo);
+		static::SetTrackOrigin($sOrigin);
+		static::CreateChange();
+
+		if (!is_null($oDate)) {
+			static::$m_oCurrChange->Set("date", $oDate);
+		}
+	}
+
 	//
 	// Todo: simplify the APIs and do not pass the current change as an argument anymore
 	//       SetTrackInfo to be invoked in very few cases (UI.php, CSV import, Data synchro)
@@ -144,6 +164,8 @@ abstract class CMDBObject extends DBObject
 	 *    $oMyChange->Set("userinfo", 'this is done by ... for ...');
 	 *    $iChangeId = $oMyChange->DBInsert();
 	 *
+	 * **warning** : this will do nothing if current change already exists !
+	 *
 	 * @see SetCurrentChange to specify a CMDBObject instance instead
 	 *
 	 * @param string $sInfo
@@ -171,6 +193,8 @@ abstract class CMDBObject extends DBObject
 	/**
 	 * Provides information about the origin of the change
 	 *
+	 * **warning** : this will do nothing if current change already exists !
+	 *
 	 * @see SetTrackInfo
 	 * @see SetCurrentChange to specify a CMDBObject instance instead
 	 *
@@ -181,19 +205,21 @@ abstract class CMDBObject extends DBObject
 	{
 		self::$m_sOrigin = $sOrigin;
 	}
-	
+
 	/**
 	 * Get the additional information (defaulting to user name)
-	 */	 	
-	protected static function GetTrackInfo()
+	 */
+	public static function GetTrackInfo()
 	{
-		if (is_null(self::$m_sInfo))
-		{
+		if (is_null(self::$m_sInfo)) {
 			return CMDBChange::GetCurrentUserName();
-		}
-		else
-		{
-			return self::$m_sInfo;
+		} else {
+			//N°5135 - add impersonation information in activity log/current cmdb change
+			if (UserRights::IsImpersonated()){
+				return sprintf("%s (%s)", CMDBChange::GetCurrentUserName(), self::$m_sInfo);
+			} else {
+				return self::$m_sInfo;
+			}
 		}
 	}
 
@@ -206,7 +232,10 @@ abstract class CMDBObject extends DBObject
 	 */
 	protected static function GetTrackUserId()
 	{
-		if (is_null(self::$m_sUserId))
+		if (is_null(self::$m_sUserId)
+			//N°5135 - indicate impersonation inside changelogs
+			&& (false === UserRights::IsImpersonated())
+		)
 		{
 			return CMDBChange::GetCurrentUserId();
 		}
@@ -215,10 +244,10 @@ abstract class CMDBObject extends DBObject
 			return self::$m_sUserId;
 		}
 	}
-	
+
 	/**
 	 * Get the 'origin' information (defaulting to 'interactive')
-	 */	 	
+	 */
 	protected static function GetTrackOrigin()
 	{
 		if (is_null(self::$m_sOrigin))
@@ -243,15 +272,17 @@ abstract class CMDBObject extends DBObject
 	 * @throws \CoreWarning
 	 * @throws \MySQLException
 	 * @throws \OQLException
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°3717 {@see CMDBChange} **will be persisted later** in {@see \CMDBChangeOp::OnInsert} (was done previously directly here)
+	 *     This will avoid creating in DB CMDBChange lines without any corresponding CMDBChangeOp
 	 */
-	protected static function CreateChange()
+	public static function CreateChange()
 	{
 		self::$m_oCurrChange = MetaModel::NewObject("CMDBChange");
 		self::$m_oCurrChange->Set("date", time());
 		self::$m_oCurrChange->Set("userinfo", self::GetTrackInfo());
 		self::$m_oCurrChange->Set("user_id", self::GetTrackUserId());
 		self::$m_oCurrChange->Set("origin", self::GetTrackOrigin());
-		self::$m_oCurrChange->DBInsert();
 	}
 
 	/**
@@ -601,7 +632,7 @@ abstract class CMDBObject extends DBObject
 	protected function DBCloneTracked_Internal($newKey = null)
 	{
 		$newKey = parent::DBClone($newKey);
-		$oClone = MetaModel::GetObject(get_class($this), $newKey); 
+		$oClone = MetaModel::GetObject(get_class($this), $newKey);
 
 		return $newKey;
 	}
@@ -614,7 +645,7 @@ abstract class CMDBObject extends DBObject
 		{
 			return;
 		}
-		
+
 		$ret = parent::DBUpdate();
 		return $ret;
 	}
@@ -738,11 +769,11 @@ abstract class CMDBObject extends DBObject
 class CMDBObjectSet extends DBObjectSet
 {
 	// this is the public interface (?)
-	
+
 	// I have to define those constructors here... :-(
 	// just to get the right object class in return.
 	// I have to think again to those things: maybe it will work fine if a have a constructor define here (?)
-	
+
 	static public function FromScratch($sClass)
 	{
 		$oFilter = new DBObjectSearch($sClass);
@@ -751,7 +782,7 @@ class CMDBObjectSet extends DBObjectSet
 		// NOTE: THIS DOES NOT WORK IF m_bLoaded is private in the base class (and you will not get any error message)
 		$oRetSet->m_bLoaded = true; // no DB load
 		return $oRetSet;
-	} 
+	}
 
 	// create an object set ex nihilo
 	// input = array of objects
@@ -760,7 +791,7 @@ class CMDBObjectSet extends DBObjectSet
 		$oRetSet = self::FromScratch($sClass);
 		$oRetSet->AddObjectArray($aObjects, $sClass);
 		return $oRetSet;
-	} 
+	}
 
 	static public function FromArrayAssoc($aClasses, $aObjects)
 	{

core/cmdbsource.class.inc.php

@@ -705,7 +705,11 @@ class CMDBSource
 	private static function Commit()
 	{
 		$aStackTrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT , 3);
-		$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		if(isset($aStackTrace[2]['class']) && isset($aStackTrace[2]['function'])) {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		} else {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].') ';
+		}
 		if (!self::IsInsideTransaction()) {
 			// should not happen !
 			IssueLog::Error("No Transaction COMMIT $sCaller", LogChannels::CMDB_SOURCE);
@@ -739,7 +743,11 @@ class CMDBSource
 	private static function Rollback()
 	{
 		$aStackTrace = debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT , 3);
-		$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		if(isset($aStackTrace[2]['class']) && isset($aStackTrace[2]['function'])) {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].'): '.$aStackTrace[2]['class'].'->'.$aStackTrace[2]['function'].'()';
+		} else {
+			$sCaller = 'From '.$aStackTrace[1]['file'].'('.$aStackTrace[1]['line'].') ';
+		}
 		if (!self::IsInsideTransaction()) {
 			// should not happen !
 			IssueLog::Error("No Transaction ROLLBACK $sCaller", LogChannels::CMDB_SOURCE);

core/config.class.inc.php

@@ -489,13 +489,21 @@ class Config
 			'show_in_conf_sample' => true,
 		],
 		'cron_max_execution_time' => [
-			'type' => 'integer',
-			'description' => 'Duration (seconds) of the page cron.php, must be shorter than php setting max_execution_time and shorter than the web server response timeout',
-			'default' => 600,
-			'value' => 600,
-			'source_of_value' => '',
+			'type'                => 'integer',
+			'description'         => 'Duration (seconds) of the cron.php script : if exceeded the script will exit even if there are remaining tasks to process. Must be shorter than php max_execution_time setting (note than when using CLI, this is set to 0 by default which means unlimited). If cron.php is ran via web, it must be shorter than the web server response timeout.',
+			'default'             => 600,
+			'value'               => 600,
+			'source_of_value'     => '',
 			'show_in_conf_sample' => true,
 		],
+		'cron_task_max_execution_time' => [
+			'type' => 'integer',
+			'description' => 'Background tasks will use this value (integer) multiplicated by its periodicity (in seconds) as max duration per cron execution. 0 is unlimited time',
+			'default' => 0,
+			'value' => 0,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'cron_sleep' => [
 			'type' => 'integer',
 			'description' => 'Duration (seconds) before cron.php checks again if something must be done',
@@ -522,7 +530,7 @@ class Config
 		],
 		'email_transport' => [
 			'type' => 'string',
-			'description' => 'Mean to send emails: PHPMail (uses the function mail()) or SMTP (implements the client protocol)',
+			'description' => 'Mean to send emails: PHPMail (uses the function mail()), SMTP (implements the client protocol) or SMTP_OAuth (connect to the server using OAuth 2.0)',
 			'default' => "PHPMail",
 			'value' => "PHPMail",
 			'source_of_value' => '',
@@ -544,7 +552,7 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.encryption' => [
+		'email_transport_smtp.encryption'          => [
 			'type' => 'string',
 			'description' => 'tls or ssl (optional)',
 			'default' => "",
@@ -552,28 +560,28 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.username' => [
-			'type' => 'string',
-			'description' => 'Authentication user (optional)',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_transport_smtp.username'            => [
+			'type'                => 'string',
+			'description'         => 'Authentication user (optional)',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_transport_smtp.password' => [
-			'type' => 'string',
-			'description' => 'Authentication password (optional)',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_transport_smtp.password'            => [
+			'type'                => 'string',
+			'description'         => 'Authentication password (optional)',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
-		'email_css' => [
-			'type' => 'string',
-			'description' => 'CSS that will override the standard stylesheet used for the notifications',
-			'default' => "",
-			'value' => "",
-			'source_of_value' => '',
+		'email_css'                                => [
+			'type'                => 'string',
+			'description'         => 'CSS that will override the standard stylesheet used for the notifications',
+			'default'             => "",
+			'value'               => "",
+			'source_of_value'     => '',
 			'show_in_conf_sample' => false,
 		],
 		'email_default_sender_address' => [
@@ -878,7 +886,7 @@ class Config
 			'type' => 'string',
 			'description' => 'Regular expression to validate/detect the format of an URL (URL attributes and Wiki formatting for Text attributes)',
 			'default' => /** @lang RegExp */
-			'(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9:%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.-]*)?(#[a-zA-Z_.-][a-zA-Z0-9+\$_.-]*)?',
+			'(https?|ftp)\://([a-zA-Z0-9+!*(),;?&=\$_.-]+(\:[a-zA-Z0-9+!*(),;?&=\$_.-]+)?@)?([a-zA-Z0-9-.]{3,})(\:[0-9]{2,5})?(/([a-zA-Z0-9:%+\$_-]\.?)+)*/?(\?[a-zA-Z+&\$_.-][a-zA-Z0-9;:[\]@&%=+/\$_.-]*)?(#[a-zA-Z0-9_.-][a-zA-Z0-9+\$_.-]*)?',
 			// SCHEME....... USER....................... PASSWORD.......................... HOST/IP........... PORT.......... PATH......................... GET............................................ ANCHOR..........................
 			// Example: http://User:passWord@127.0.0.1:8888/patH/Page.php?arrayArgument[2]=something:blah20#myAnchor
 			// RegExp source: http://www.php.net/manual/fr/function.preg-match.php#93824
@@ -1000,8 +1008,8 @@ class Config
 			'type' => 'integer',
 			'description' => 'Maximum length of the history table (in the "History" tab on each object) before it gets truncated. Latest modifications are displayed first.',
 			// examples... not used
-			'default' => 50,
-			'value' => 50,
+			'default' => 200,
+			'value' => 200,
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
@@ -1230,6 +1238,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'navigation_menu.show_organization_filter' => [
+			'type' => 'bool',
+			'description' => 'Display organization filter in menu',
+			'default' => true,
+			'value' => true,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'quick_create.enabled' => [
 			'type' => 'bool',
 			'description' => 'Whether or not the quick create is enabled',
@@ -1408,6 +1424,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'allow_rest_services_via_tokens' => [
+			'type' => 'bool',
+			'description' => 'When set to true, REST endpoint token authorization works even with secure_rest_services set.',
+			'default' => false,
+			'value' => false,
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'search_manual_submit' => [
 			'type' => 'array',
 			'description' => 'Force manual submit of search all requests',
@@ -1448,14 +1472,6 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
-		'use_legacy_dbsearch' => [
-			'type' => 'bool',
-			'description' => 'If set, DBSearch will use legacy SQL query generation',
-			'default' => false,
-			'value' => false,
-			'source_of_value' => '',
-			'show_in_conf_sample' => false,
-		],
 		'query_cache_enabled' => [
 			'type' => 'bool',
 			'description' => 'If set, DBSearch will use cache for query generation',
@@ -1861,7 +1877,7 @@ class Config
 		}
 		if (strlen($sNoise) > 0)
 		{
-			// Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack) 
+			// Note: sNoise is an html output, but so far it was ok for me (e.g. showing the entire call stack)
 			throw new ConfigException('Syntax error in configuration file',
 				array('file' => $sConfigFile, 'error' => '<tt>'.htmlentities($sNoise, ENT_QUOTES, 'UTF-8').'</tt>'));
 		}
@@ -2671,7 +2687,7 @@ class ConfigPlaceholdersResolver
 		}
 
 		$sPattern = '/\%(env|server)\((\w+)\)(?:\?:(\w*))?\%/'; //3 capturing groups, ie `%env(HTTP_PORT)?:8080%` produce: `env` `HTTP_PORT` and `8080`.
-		
+
 		if (! preg_match_all($sPattern, $rawValue, $aMatchesCollection, PREG_SET_ORDER))
 		{
 			return $rawValue;

core/dbobject.class.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @copyright   Copyright (C) 2010-2022 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
@@ -1471,7 +1471,7 @@ abstract class DBObject implements iDisplay
 	public function GetIcon($bImgTag = true)
 	{
 		$sClass = get_class($this);
-		
+
 		if($this->HasHighlightIcon()) {
 			$sIconUrl = MetaModel::GetHighlightScale($sClass)[$this->ComputeHighlightCode()]['icon'];
 			if($bImgTag) {
@@ -1506,7 +1506,7 @@ abstract class DBObject implements iDisplay
 	{
 		$bHasInstanceIcon = false;
 		$sClass = get_class($this);
-		
+
 		if (!$this->IsNew() && MetaModel::HasImageAttributeCode($sClass)) {
 			$sImageAttCode = MetaModel::GetImageAttributeCode($sClass);
 			if (!empty($sImageAttCode)) {
@@ -1515,7 +1515,7 @@ abstract class DBObject implements iDisplay
 				$bHasInstanceIcon = !$oImage->IsEmpty();
 			}
 		}
-		
+
 		return $bHasInstanceIcon;
 	}
 
@@ -1540,7 +1540,7 @@ abstract class DBObject implements iDisplay
 				$bHasHighlightIcon = true;
 			}
 		}
-		
+
 		return $bHasHighlightIcon;
 	}
 
@@ -1929,7 +1929,7 @@ abstract class DBObject implements iDisplay
 				/** @var \AttributeExternalKey $oAtt */
 				$sTargetClass = $oAtt->GetTargetClass();
 				if (false === MetaModel::IsObjectInDB($sTargetClass, $toCheck)) {
-					return "Target object not found ($sTargetClass::$toCheck)";
+					return "Target object not found (".$sTargetClass.".::".$toCheck.")";
 				}
 			}
 			if ($oAtt->IsHierarchicalKey())
@@ -2026,9 +2026,9 @@ abstract class DBObject implements iDisplay
 	/**
 	 * check attributes together
 	 *
-     * @overwritable-hook You can extend this method in order to provide your own logic.
-     * 
-	 * @return bool 
+	 * @overwritable-hook You can extend this method in order to provide your own logic.
+	 *
+	 * @return true|string true if successful, the error description otherwise
 	 */
 	public function CheckConsistency()
 	{
@@ -2249,8 +2249,9 @@ abstract class DBObject implements iDisplay
 		foreach($aChanges as $sAttCode => $value) {
 			$res = $this->CheckValue($sAttCode);
 			if ($res !== true) {
+				$sAttLabel = $this->GetLabel($sAttCode);
 				// $res contains the error description
-				$this->m_aCheckIssues[] = "Unexpected value for attribute '$sAttCode': $res";
+				$this->m_aCheckIssues[] = Dict::Format('Core:CheckValueError', $sAttLabel, $sAttCode, $res);
 			}
 
 			$this->DoCheckLinkedSetDuplicates($sAttCode, $value);
@@ -2265,7 +2266,7 @@ abstract class DBObject implements iDisplay
 		if ($res !== true)
 		{
 			// $res contains the error description
-			$this->m_aCheckIssues[] = "Consistency rules not followed: $res";
+			$this->m_aCheckIssues[] = Dict::Format('Core:CheckConsistencyError', $res);
 		}
 
 		// Synchronization: are we attempting to modify an attribute for which an external source is master?
@@ -2278,12 +2279,10 @@ abstract class DBObject implements iDisplay
 				if ($iFlags & OPT_ATT_SLAVE)
 				{
 					// Note: $aReasonInfo['name'] could be reported (the task owning the attribute)
-					$oAttDef = MetaModel::GetAttributeDef(get_class($this), $sAttCode);
-					$sAttLabel = $oAttDef->GetLabel();
 					if (!empty($aReasons))
 					{
-						// Todo: associate the attribute code with the error
-						$this->m_aCheckIssues[] = Dict::Format('UI:AttemptingToSetASlaveAttribute_Name', $sAttLabel);
+						$sAttLabel = $this->GetLabel($sAttCode);
+						$this->m_aCheckIssues[] = Dict::Format('UI:AttemptingToSetASlaveAttribute_Name', $sAttLabel, $sAttCode);
 					}
 				}
 			}
@@ -2934,7 +2933,7 @@ abstract class DBObject implements iDisplay
 				utils::EnrichRaisedException($oTrigger, $e);
 			}
 		}
-		
+
 		// - TriggerOnObjectMention
 		$this->ActivateOnMentionTriggers(true);
 
@@ -3202,15 +3201,15 @@ abstract class DBObject implements iDisplay
 			// - TriggerOnObjectMention
 			$this->ActivateOnMentionTriggers(false);
 
-			$bHasANewExternalKeyValue = false;
+			$bNeedReload = false;
 			$aHierarchicalKeys = array();
 			$aDBChanges = array();
 			foreach ($aChanges as $sAttCode => $valuecurr)
 			{
 				$oAttDef = MetaModel::GetAttributeDef(get_class($this), $sAttCode);
-				if ($oAttDef->IsExternalKey())
+				if ($oAttDef->IsExternalKey() || $oAttDef->IsLinkSet())
 				{
-					$bHasANewExternalKeyValue = true;
+					$bNeedReload = true;
 				}
 				if ($oAttDef->IsBasedOnDBColumns())
 				{
@@ -3368,24 +3367,10 @@ abstract class DBObject implements iDisplay
 			$this->m_aModifiedAtt = array();
 
 			try {
-				// - TriggerOnObjectUpdate
-				$aParams = array('class_list' => MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL));
-				$oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT TriggerOnObjectUpdate AS t WHERE t.target_class IN (:class_list)"),
-					array(), $aParams);
-				while ($oTrigger = $oSet->Fetch()) {
-					/** @var \TriggerOnObjectUpdate $oTrigger */
-					try {
-						$oTrigger->DoActivate($this->ToArgs('this'));
-					}
-					catch (Exception $e) {
-						utils::EnrichRaisedException($oTrigger, $e);
-					}
-				}
-				
 				$this->AfterUpdate();
 
 				// Reload to get the external attributes
-				if ($bHasANewExternalKeyValue) {
+				if ($bNeedReload) {
 					$this->Reload(true /* AllowAllData */);
 				} else {
 					// Reset original values although the object has not been reloaded
@@ -3398,6 +3383,20 @@ abstract class DBObject implements iDisplay
 						}
 					}
 				}
+
+				// - TriggerOnObjectUpdate
+				$aParams = array('class_list' => MetaModel::EnumParentClasses($sClass, ENUM_PARENT_CLASSES_ALL));
+				$oSet = new DBObjectSet(DBObjectSearch::FromOQL('SELECT TriggerOnObjectUpdate AS t WHERE t.target_class IN (:class_list)'),
+					array(), $aParams);
+				while ($oTrigger = $oSet->Fetch()) {
+					/** @var \TriggerOnObjectUpdate $oTrigger */
+					try {
+						$oTrigger->DoActivate($this->ToArgs('this'));
+					}
+					catch (Exception $e) {
+						utils::EnrichRaisedException($oTrigger, $e);
+					}
+				}
 			}
 			catch (Exception $e)
 			{
@@ -3769,7 +3768,7 @@ abstract class DBObject implements iDisplay
 	}
 
      /**
-     * @internal
+     * @overwritable-hook You can extend this method in order to provide your own logic.
      *
      * @return array
      *
@@ -4386,14 +4385,22 @@ abstract class DBObject implements iDisplay
 					$sAttCode = $sPlaceholderAttCode;
 				}
 
-				if ($sVerb == 'hyperlink')
+				if (in_array($sVerb, ['hyperlink', 'url']))
 				{
 					$sPortalId = ($sAttCode === '') ? 'console' : $sAttCode;
 					if (!array_key_exists($sPortalId, self::$aPortalToURLMaker))
 					{
 						throw new Exception("Unknown portal id '$sPortalId' in placeholder '$sPlaceholderAttCode''");
 					}
-					$ret = $this->GetHyperlink(self::$aPortalToURLMaker[$sPortalId], false);
+
+					if($sVerb == 'hyperlink')
+					{
+						$ret = $this->GetHyperlink(self::$aPortalToURLMaker[$sPortalId], false);
+					}
+					else
+					{
+						$ret = ApplicationContext::MakeObjectUrl(get_class($this), $this->GetKey(), self::$aPortalToURLMaker[$sPortalId], false);
+					}
 				}
 				else
 				{

core/dbsearch.class.php

@@ -18,23 +18,6 @@
  */
 
 
-$bUseLegacyDBSearch = utils::GetConfig()->Get('use_legacy_dbsearch');
-
-if ($bUseLegacyDBSearch)
-{
-	// excluded from autoload
-	require_once (APPROOT.'core/legacy/querybuilderexpressionslegacy.class.inc.php');
-	require_once (APPROOT.'core/legacy/querybuildercontextlegacy.class.inc.php');
-	require_once(APPROOT.'core/legacy/dbobjectsearchlegacy.class.php');
-}
-else
-{
-	// excluded from autoload
-	require_once (APPROOT.'core/querybuilderexpressions.class.inc.php');
-	require_once (APPROOT.'core/querybuildercontext.class.inc.php');
-	require_once(APPROOT.'core/dbobjectsearch.class.php');
-}
-
 /**
  * An object search
  *
@@ -1659,7 +1642,7 @@ abstract class DBSearch
 		$oSet = new DBObjectSet($this);
 		if (MetaModel::IsStandaloneClass($sClass))
 		{
-			$oSet->OptimizeColumnLoad(array($this->GetClassAlias() => array('')));
+			$oSet->OptimizeColumnLoad(array($this->GetClassAlias() => array()));
 			$aIds = array($sClass => $oSet->GetColumnAsArray('id'));
 		}
 		else
@@ -1724,4 +1707,16 @@ abstract class DBSearch
 	{
 		$this->SetShowObsoleteData(utils::ShowObsoleteData());
 	}
+
+	/**
+	 * To ease the debug of filters
+	 * @internal
+	 *
+	 * @return string
+	 *
+	 */
+	public function __toString()
+	{
+		return $this->ToOQL();
+	}
 }

core/designdocument.class.inc.php

@@ -26,8 +26,10 @@
 
 namespace Combodo\iTop;
 
-use \DOMDocument;
-use \DOMFormatException;
+use DOMDocument;
+use DOMFormatException;
+use IssueLog;
+use LogAPI;
 
 /**
  * Class \Combodo\iTop\DesignDocument
@@ -64,9 +66,13 @@ class DesignDocument extends DOMDocument
 	 * @param $filename
 	 * @param int $options
 	 */
-	public function load($filename, $options = 0)
+	public function load($filename, $options = null)
 	{
-		parent::load($filename, LIBXML_NOBLANKS);
+		libxml_clear_errors();
+		if (parent::load($filename, LIBXML_NOBLANKS) === false) {
+			$aErrors = libxml_get_errors();
+			IssueLog::Error("Error loading $filename", LogAPI::CHANNEL_DEFAULT, $aErrors);
+		}
 	}
 
 	/**
@@ -77,10 +83,10 @@ class DesignDocument extends DOMDocument
 	 *
 	 * @return int
 	 */
-	public function save($filename, $options = 0)
+	public function save($filename, $options = null)
 	{
 		$this->documentElement->setAttribute('xmlns:xsi', "http://www.w3.org/2001/XMLSchema-instance");
-		return parent::save($filename, LIBXML_NOBLANKS);
+		return parent::save($filename);
 	}
 
 	/**

core/displayablegraph.class.inc.php

@@ -1195,8 +1195,10 @@ class DisplayableGraph extends SimpleGraph
 	 * @param float $xMax Right coordinate of the bounding box to display the graph
 	 * @param float $yMin Top coordinate of the bounding box to display the graph
 	 * @param float $yMax Bottom coordinate of the bounding box to display the graph
+	 *
+	 * @since 2.7.7 3.0.2 3.1.0 N°4985 $sComments param is no longer optional
 	 */
-	function RenderAsPDF(PDFPage $oPage, $sComments = '', $sContextKey, $xMin = -1, $xMax = -1, $yMin = -1, $yMax = -1)
+	function RenderAsPDF(PDFPage $oPage, $sComments, $sContextKey, $xMin = -1, $xMax = -1, $yMin = -1, $yMax = -1)
 	{
 		$aContextDefs = static::GetContextDefinitions($sContextKey, false); // No need to develop the parameters
 		$oPdf = $oPage->get_tcpdf();
@@ -1421,13 +1423,14 @@ class DisplayableGraph extends SimpleGraph
 	 * @param int $iObjKey
 	 * @param string $sContextKey
 	 * @param array $aContextParams
+	 * @param bool $bLazyLoading since 2.7.7 3.0.1
 	 *
 	 * @throws \CoreException
 	 * @throws \DictExceptionMissingString
 	 */
-	function Display(WebPage $oP, $aResults, $sRelation, ApplicationContext $oAppContext, $aExcludedObjects, $sObjClass, $iObjKey, $sContextKey, $aContextParams = array(), bool $sLazyLoading = false)
+	function Display(WebPage $oP, $aResults, $sRelation, ApplicationContext $oAppContext, $aExcludedObjects, $sObjClass, $iObjKey, $sContextKey, $aContextParams = array(), bool $bLazyLoading = false)
 	{
-		list($aExcludedByClass, $aAdditionalContexts) = $this->DisplayFiltering($sContextKey, $aContextParams, $aExcludedObjects, $oP, $aResults, $sLazyLoading);
+		list($aExcludedByClass, $aAdditionalContexts) = $this->DisplayFiltering($sContextKey, $aContextParams, $aExcludedObjects, $oP, $aResults, $bLazyLoading);
 
 		$iGroupingThreshold = utils::ReadParam('g', 5);
 
@@ -1508,10 +1511,12 @@ class DisplayableGraph extends SimpleGraph
 				// Export as Attachment requires GD (for building the PDF) AND a valid objclass/objkey couple
 				unset($aParams['export_as_attachment']);
 			}
-			if ($oP->IsPrintableVersion() || !$sLazyLoading) {
+			if ($oP->IsPrintableVersion() || !$bLazyLoading) {
 				$oP->add_ready_script(" $('#$sId').simple_graph(".json_encode($aParams).");");
 			} else {
 				$oP->add_script("function Load(){var aExcluded = [];	$('input[name^=excluded]').each( function() {if (!$(this).prop('checked'))	{	aExcluded.push($(this).val());		}} ); var params= $.extend(".json_encode($aParams).",  {excluded_classes: aExcluded}); $('#$sId').simple_graph(params);}");
+				$oP->add_ready_script("$('#impacted_objects_lists').html('".utils::TextToHtml(Dict::S('Relation:impacts/NoFilteredData'))."');$('#impacted_groups').html('".utils::TextToHtml(Dict::S('Relation:impacts/NoFilteredData'))."');");
+
 			}
 		}
 		catch(Exception $e)
@@ -1551,6 +1556,7 @@ EOF
 	 * @param array $aExcludedObjects
 	 * @param \WebPage $oP
 	 * @param array $aResults
+	 * @param bool $bLazyLoading
 	 *
 	 * @return array
 	 * @throws \CoreException
@@ -1560,7 +1566,7 @@ EOF
 	 * @throws \Twig\Error\RuntimeError
 	 * @throws \Twig\Error\SyntaxError
 	 */
-	public function DisplayFiltering(string $sContextKey, array $aContextParams, array $aExcludedObjects, WebPage $oP, array $aResults, bool $sLazyLoading = false): array
+	public function DisplayFiltering(string $sContextKey, array $aContextParams, array $aExcludedObjects, WebPage $oP, array $aResults, bool $bLazyLoading = false): array
 	{
 		$aContextDefs = static::GetContextDefinitions($sContextKey, true, $aContextParams);
 		$aExcludedByClass = array();
@@ -1590,7 +1596,7 @@ EOF
 	$("#ReloadMovieBtn").button().button("disable");
 EOF
 		);
-		if ($sLazyLoading) {
+		if ($bLazyLoading) {
 			$oP->add_ready_script("$('#ReloadMovieBtn').button('enable');");
 		} else {
 			$oP->add_ready_script("$('#dh_flash').addClass('closed');");
@@ -1614,7 +1620,7 @@ EOF
 			$idx++;
 		}
 		$oUiHtmlBlock->AddHtml("</div>");
-		if ($sLazyLoading) {
+		if ($bLazyLoading) {
 			$sOnCLick = "Load(); $('#ReloadMovieBtn').attr('onclick','DoReload()');$('#ReloadMovieBtn').html('".Dict::S('UI:Button:Refresh')."');";
 			$oUiHtmlBlock->AddHtml("<button type=\"button\" id=\"ReloadMovieBtn\" class=\"ibo-button ibo-is-neutral ibo-is-regular\" onClick=\"$sOnCLick\">".Dict::S('Relation:impacts/LoadData')."</button></div></form>");
 		} else {

core/email.class.inc.php

@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2021 Combodo SARL
+// Copyright (C) 2010-2022 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -20,13 +20,12 @@
 /**
  * Send an email (abstraction for synchronous/asynchronous modes)
  *
- * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @copyright   Copyright (C) 2010-2022 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
-use Pelago\Emogrifier\CssInliner;
-use Pelago\Emogrifier\HtmlProcessor\CssToAttributeConverter;
-use Pelago\Emogrifier\HtmlProcessor\HtmlPruner;
+use Combodo\iTop\Core\Email\EmailFactory;
+use Combodo\iTop\Core\Email\iEMail;
 
 Swift_Preferences::getInstance()->setCharset('UTF-8');
 
@@ -35,31 +34,18 @@ define ('EMAIL_SEND_OK', 0);
 define ('EMAIL_SEND_PENDING', 1);
 define ('EMAIL_SEND_ERROR', 2);
 
-class EMail
+class EMail implements iEMail
 {
+	protected $oMailer;
+
 	// Serialization formats
 	const ORIGINAL_FORMAT = 1; // Original format, consisting in serializing the whole object, inculding the Swift Mailer's object.
-							   // Did not work with attachements since their binary representation cannot be stored as a valid UTF-8 string
+	// Did not work with attachements since their binary representation cannot be stored as a valid UTF-8 string
 	const FORMAT_V2 = 2; // New format, only the raw data are serialized (base64 encoded if needed)
-	
-	protected static $m_oConfig = null;
-	protected $m_aData; // For storing data to serialize
-
-	public function LoadConfig($sConfigFile = ITOP_DEFAULT_CONFIG_FILE)
-	{
-		if (is_null(self::$m_oConfig))
-		{
-			self::$m_oConfig = new Config($sConfigFile);
-		}
-	}
-
-	protected $m_oMessage;
 
 	public function __construct()
 	{
-		$this->m_aData = array();
-		$this->m_oMessage = Swift_Message::newInstance();
-		$this->SetRecipientFrom(MetaModel::GetConfig()->Get('email_default_sender_address'), MetaModel::GetConfig()->Get('email_default_sender_label'));
+		$this->oMailer = EmailFactory::GetMailer();
 	}
 
 	/**
@@ -70,490 +56,111 @@ class EMail
 	 */
 	public function SerializeV2()
 	{
-		return serialize($this->m_aData);
+		return $this->oMailer->SerializeV2();
 	}
-	
+
 	/**
 	 * Custom de-serialization method
+	 *
 	 * @param string $sSerializedMessage The serialized representation of the message
+	 *
+	 * @return \Email
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreException
+	 * @throws \Symfony\Component\CssSelector\Exception\SyntaxErrorException
 	 */
 	static public function UnSerializeV2($sSerializedMessage)
 	{
-		$aData = unserialize($sSerializedMessage);
-		$oMessage = new Email();
-		
-		if (array_key_exists('body', $aData))
-		{
-			$oMessage->SetBody($aData['body']['body'], $aData['body']['mimeType']);
-		}
-		if (array_key_exists('message_id', $aData))
-		{
-			$oMessage->SetMessageId($aData['message_id']);
-		}
-		if (array_key_exists('bcc', $aData))
-		{
-			$oMessage->SetRecipientBCC($aData['bcc']);
-		}
-		if (array_key_exists('cc', $aData))
-		{
-			$oMessage->SetRecipientCC($aData['cc']);
-		}
-		if (array_key_exists('from', $aData))
-		{
-			$oMessage->SetRecipientFrom($aData['from']['address'], $aData['from']['label']);
-		}
-		if (array_key_exists('reply_to', $aData))
-		{
-			$oMessage->SetRecipientReplyTo($aData['reply_to']['address'], $aData['reply_to']['label']);
-		}
-		if (array_key_exists('to', $aData))
-		{
-			$oMessage->SetRecipientTO($aData['to']);
-		}
-		if (array_key_exists('subject', $aData))
-		{
-			$oMessage->SetSubject($aData['subject']);
-		}
-		
-		
-		if (array_key_exists('headers', $aData))
-		{
-			foreach($aData['headers'] as $sKey => $sValue)
-			{
-				$oMessage->AddToHeader($sKey, $sValue);
-			}
-		}
-		if (array_key_exists('parts', $aData))
-		{
-			foreach($aData['parts'] as $aPart)
-			{
-				$oMessage->AddPart($aPart['text'], $aPart['mimeType']);
-			}
-		}
-		if (array_key_exists('attachments', $aData))
-		{
-			foreach($aData['attachments'] as $aAttachment)
-			{
-				$oMessage->AddAttachment(base64_decode($aAttachment['data']), $aAttachment['filename'], $aAttachment['mimeType']);
-			}
-		}
-		return $oMessage;
-	}
-	
-  	protected function SendAsynchronous(&$aIssues, $oLog = null)
-	{
-		try
-		{
-			AsyncSendEmail::AddToQueue($this, $oLog);
-		}
-		catch(Exception $e)
-		{
-			$aIssues = array($e->GetMessage());
-			return EMAIL_SEND_ERROR;
-		}
-		$aIssues = array();
-		return EMAIL_SEND_PENDING;
-	}
-
-	protected function SendSynchronous(&$aIssues, $oLog = null)
-	{
-		// If the body of the message is in HTML, embed all images based on attachments
-		$this->EmbedInlineImages();
-		
-		$this->LoadConfig();
-
-		$sTransport = self::$m_oConfig->Get('email_transport');
-		switch ($sTransport)
-		{
-		case 'SMTP':
-			$sHost = self::$m_oConfig->Get('email_transport_smtp.host');
-			$sPort = self::$m_oConfig->Get('email_transport_smtp.port');
-			$sEncryption = self::$m_oConfig->Get('email_transport_smtp.encryption');
-			$sUserName = self::$m_oConfig->Get('email_transport_smtp.username');
-			$sPassword = self::$m_oConfig->Get('email_transport_smtp.password');
-
-			$oTransport = Swift_SmtpTransport::newInstance($sHost, $sPort, $sEncryption);
-			if (strlen($sUserName) > 0)
-			{
-				$oTransport->setUsername($sUserName);
-				$oTransport->setPassword($sPassword);
-			}
-			break;
-
-		case 'Null':
-			$oTransport = Swift_NullTransport::newInstance();
-			break;
-		
-		case 'LogFile':
-			$oTransport = Swift_LogFileTransport::newInstance();
-			$oTransport->setLogFile(APPROOT.'log/mail.log');
-			break;
-			
-		case 'PHPMail':
-		default:
-			$oTransport = Swift_MailTransport::newInstance();
-		}
-
-		$oMailer = Swift_Mailer::newInstance($oTransport);
-
-		$aFailedRecipients = array();
-		$this->m_oMessage->setMaxLineLength(0);
-		$oKPI = new ExecutionKPI();
-		try
-		{
-			$iSent = $oMailer->send($this->m_oMessage, $aFailedRecipients);
-			if ($iSent === 0)
-			{
-				// Beware: it seems that $aFailedRecipients sometimes contains the recipients that actually received the message !!!
-				IssueLog::Warning('Email sending failed: Some recipients were invalid, aFailedRecipients contains: '.implode(', ', $aFailedRecipients));
-				$aIssues = array('Some recipients were invalid.');
-				$oKPI->ComputeStats('Email Sent', 'Error received');
-				return EMAIL_SEND_ERROR;
-			}
-			else
-			{
-				$aIssues = array();
-				$oKPI->ComputeStats('Email Sent', 'Succeded');
-				return EMAIL_SEND_OK;
-			}
-		}
-		catch (Exception $e)
-		{
-			$oKPI->ComputeStats('Email Sent', 'Error received');
-			throw $e;
-		}
-	}
-	
-	/**
-	 * Reprocess the body of the message (if it is an HTML message)
-	 * to replace the URL of images based on attachments by a link
-	 * to an embedded image (i.e. cid:....)
-	 */
-	protected function EmbedInlineImages()
-	{
-		if ($this->m_aData['body']['mimeType'] == 'text/html')
-		{
-			$oDOMDoc = new DOMDocument();
-			$oDOMDoc->preserveWhitespace = true;
-			@$oDOMDoc->loadHTML('<?xml encoding="UTF-8"?>'.$this->m_aData['body']['body']); // For loading HTML chunks where the character set is not specified
-
-			$oXPath = new DOMXPath($oDOMDoc);
-			$sXPath = '//img[@'.InlineImage::DOM_ATTR_ID.']';
-			$oImagesList = $oXPath->query($sXPath);
-
-			if ($oImagesList->length != 0)
-			{
-				foreach($oImagesList as $oImg)
-				{
-					$iAttId = $oImg->getAttribute(InlineImage::DOM_ATTR_ID);
-					$oAttachment = MetaModel::GetObject('InlineImage', $iAttId, false, true /* Allow All Data */);
-					if ($oAttachment)
-					{
-						$sImageSecret = $oImg->getAttribute('data-img-secret');
-						$sAttachmentSecret = $oAttachment->Get('secret');
-						if ($sImageSecret !== $sAttachmentSecret)
-						{
-							// @see N°1921
-							// If copying from another iTop we could get an IMG pointing to an InlineImage with wrong secret
-							continue;
-						}
-
-						$oDoc = $oAttachment->Get('contents');
-						$oSwiftImage = new Swift_Image($oDoc->GetData(), $oDoc->GetFileName(), $oDoc->GetMimeType());
-						$sCid = $this->m_oMessage->embed($oSwiftImage);
-						$oImg->setAttribute('src', $sCid);
-					}
-				}
-			}
-			$sHtmlBody = $oDOMDoc->saveHTML();
-			$this->m_oMessage->setBody($sHtmlBody, 'text/html', 'UTF-8');
-		}
+		return EmailFactory::GetMailer()::UnSerializeV2($sSerializedMessage);
 	}
 
 	public function Send(&$aIssues, $bForceSynchronous = false, $oLog = null)
 	{
-		//select a default sender if none is provided.
-		if(empty($this->m_aData['from']['address']) && !empty($this->m_aData['to'])){
-			$this->SetRecipientFrom($this->m_aData['to']);
-		}
-
-		if ($bForceSynchronous)
-		{
-			return $this->SendSynchronous($aIssues, $oLog);
-		}
-		else
-		{
-			$bConfigASYNC = MetaModel::GetConfig()->Get('email_asynchronous');
-			if ($bConfigASYNC)
-			{
-				return $this->SendAsynchronous($aIssues, $oLog);
-			}
-			else
-			{
-				return $this->SendSynchronous($aIssues, $oLog);
-			}
-		}
+		return $this->oMailer->Send($aIssues, $bForceSynchronous, $oLog);
 	}
 
 	public function AddToHeader($sKey, $sValue)
 	{
-		if (!array_key_exists('headers', $this->m_aData))
-		{
-			$this->m_aData['headers'] = array();
-		}
-		$this->m_aData['headers'][$sKey] = $sValue;
-		
-		if (strlen($sValue) > 0)
-		{
-			$oHeaders = $this->m_oMessage->getHeaders();
-			switch(strtolower($sKey))
-			{
-				case 'return-path':
-					$this->m_oMessage->setReturnPath($sValue);
-					break;
-
-				default:
-					$oHeaders->addTextHeader($sKey, $sValue);
-			}
-		}
+		$this->oMailer->AddToHeader($sKey, $sValue);
 	}
 
 	public function SetMessageId($sId)
 	{
-		$this->m_aData['message_id'] = $sId;
-		
-		// Note: Swift will add the angle brackets for you
-		// so let's remove the angle brackets if present, for historical reasons
-		$sId = str_replace(array('<', '>'), '', $sId);
-		
-		$oMsgId = $this->m_oMessage->getHeaders()->get('Message-ID');
-		$oMsgId->SetId($sId);
+		$this->oMailer->SetMessageId($sId);
 	}
-	
+
 	public function SetReferences($sReferences)
 	{
-		$this->AddToHeader('References', $sReferences);
+		$this->oMailer->SetReferences($sReferences);
+	}
+
+	/**
+	 * Set the "In-Reply-To" header to allow emails to group as a conversation in modern mail clients (GMail, Outlook 2016+, ...)
+	 *
+	 * @link https://en.wikipedia.org/wiki/Email#Header_fields
+	 *
+	 * @param string $sMessageId
+	 *
+	 * @since 3.0.1 N°4849
+	 */
+	public function SetInReplyTo(string $sMessageId)
+	{
+		$this->AddToHeader('In-Reply-To', $sMessageId);
 	}
 
 	public function SetBody($sBody, $sMimeType = 'text/html', $sCustomStyles = null)
 	{
-		if (($sMimeType === 'text/html') && ($sCustomStyles !== null))
-		{
-			$oDomDocument = CssInliner::fromHtml($sBody)->inlineCss($sCustomStyles)->getDomDocument();
-			HtmlPruner::fromDomDocument($oDomDocument)->removeElementsWithDisplayNone();
-			$sBody = CssToAttributeConverter::fromDomDocument($oDomDocument)->convertCssToVisualAttributes()->render(); // Adds html/body tags if not already present
-		}
-		$this->m_aData['body'] = array('body' => $sBody, 'mimeType' => $sMimeType);
-		$this->m_oMessage->setBody($sBody, $sMimeType);
+		$this->oMailer->SetBody($sBody, $sMimeType, $sCustomStyles);
 	}
 
 	public function AddPart($sText, $sMimeType = 'text/html')
 	{
-		if (!array_key_exists('parts', $this->m_aData))
-		{
-			$this->m_aData['parts'] = array();
-		}
-		$this->m_aData['parts'][] = array('text' => $sText, 'mimeType' => $sMimeType);
-		$this->m_oMessage->addPart($sText, $sMimeType);
+		$this->oMailer->AddPart($sText, $sMimeType);
 	}
 
 	public function AddAttachment($data, $sFileName, $sMimeType)
 	{
-		if (!array_key_exists('attachments', $this->m_aData))
-		{
-			$this->m_aData['attachments'] = array();
-		}
-		$this->m_aData['attachments'][] = array('data' => base64_encode($data), 'filename' => $sFileName, 'mimeType' => $sMimeType);
-		$this->m_oMessage->attach(Swift_Attachment::newInstance($data, $sFileName, $sMimeType));
+		$this->oMailer->AddAttachment($data, $sFileName, $sMimeType);
 	}
 
 	public function SetSubject($sSubject)
 	{
-		$this->m_aData['subject'] = $sSubject;
-		$this->m_oMessage->setSubject($sSubject);
+		$this->oMailer->SetSubject($sSubject);
 	}
 
 	public function GetSubject()
 	{
-		return $this->m_oMessage->getSubject();
+		return $this->oMailer->GetSubject();
 	}
 
-	/**
-	 * Helper to transform and sanitize addresses
-	 * - get rid of empty addresses	 
-	 */	 	
-	protected function AddressStringToArray($sAddressCSVList)
-	{
-		$aAddresses = array();
-		foreach(explode(',', $sAddressCSVList) as $sAddress)
-		{
-			$sAddress = trim($sAddress);
-			if (strlen($sAddress) > 0)
-			{
-				$aAddresses[] = $sAddress;
-			}
-		}
-		return $aAddresses;
-	}
-	
 	public function SetRecipientTO($sAddress)
 	{
-		$this->m_aData['to'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setTo($aAddresses);
-		}
+		$this->oMailer->SetRecipientTO($sAddress);
 	}
 
 	public function GetRecipientTO($bAsString = false)
 	{
-		$aRes = $this->m_oMessage->getTo();
-		if ($aRes === null)
-		{
-			// There is no "To" header field
-			$aRes = array();
-		}
-		if ($bAsString)
-		{
-			$aStrings = array();
-			foreach ($aRes as $sEmail => $sName)
-			{
-				if (is_null($sName))
-				{
-					$aStrings[] = $sEmail;
-				}
-				else
-				{
-					$sName = str_replace(array('<', '>'), '', $sName);
-					$aStrings[] = "$sName <$sEmail>";
-				}
-			}
-			return implode(', ', $aStrings);
-		}
-		else
-		{
-			return $aRes;
-		}
+		return $this->oMailer->GetRecipientTO($bAsString);
 	}
 
 	public function SetRecipientCC($sAddress)
 	{
-		$this->m_aData['cc'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setCc($aAddresses);
-		}
+		$this->oMailer->SetRecipientCC($sAddress);
 	}
 
 	public function SetRecipientBCC($sAddress)
 	{
-		$this->m_aData['bcc'] = $sAddress;
-		if (!empty($sAddress))
-		{
-			$aAddresses = $this->AddressStringToArray($sAddress);
-			$this->m_oMessage->setBcc($aAddresses);
-		}
+		$this->oMailer->SetRecipientBCC($sAddress);
 	}
 
 	public function SetRecipientFrom($sAddress, $sLabel = '')
 	{
-		$this->m_aData['from'] = array('address' => $sAddress, 'label' => $sLabel);
-		if ($sLabel != '')
-		{
-			$this->m_oMessage->setFrom(array($sAddress => $sLabel));		
-		}
-		else if (!empty($sAddress))
-		{
-			$this->m_oMessage->setFrom($sAddress);
-		}
+		$this->oMailer->SetRecipientFrom($sAddress, $sLabel);
 	}
 
 	public function SetRecipientReplyTo($sAddress, $sLabel = '')
 	{
-		$this->m_aData['reply_to'] = array('address' => $sAddress, 'label' => $sLabel);
-		if ($sLabel != '')
-		{
-			$this->m_oMessage->setReplyTo(array($sAddress => $sLabel));
-		}
-		else if (!empty($sAddress))
-		{
-			$this->m_oMessage->setReplyTo($sAddress);
-		}
+		$this->oMailer->SetRecipientReplyTo($sAddress);
 	}
 
-}
-
-/////////////////////////////////////////////////////////////////////////////////////
-
-/**
- * Extension to SwiftMailer: "debug" transport that pretends messages have been sent,
- * but just log them to a file.
- *
- * @package Swift
- * @author  Denis Flaven
- */
-class Swift_Transport_LogFileTransport extends Swift_Transport_NullTransport
-{
-	protected $sLogFile;
-	
-	/**
-	 * Sends the given message.
-	 *
-	 * @param Swift_Mime_Message $message
-	 * @param string[]           $failedRecipients An array of failures by-reference
-	 *
-	 * @return int     The number of sent emails
-	 */
-	public function send(Swift_Mime_Message $message, &$failedRecipients = null)
-	{
-		$hFile = @fopen($this->sLogFile, 'a');
-		if ($hFile)
-		{
-			$sTxt = "================== ".date('Y-m-d H:i:s')." ==================\n";
-			$sTxt .= $message->toString()."\n";
-		
-			@fwrite($hFile, $sTxt);
-			@fclose($hFile);
-		}
-		
-		return parent::send($message, $failedRecipients);
-	}
-	
-	public function setLogFile($sFilename)
-	{
-		$this->sLogFile = $sFilename;
-	}
-}
-
-/**
- * Pretends messages have been sent, but just log them to a file.
- *
- * @package Swift
- * @author  Denis Flaven
- */
-class Swift_LogFileTransport extends Swift_Transport_LogFileTransport
-{
-	/**
-	 * Create a new LogFileTransport.
-	 */
-	public function __construct()
-	{
-		call_user_func_array(
-		array($this, 'Swift_Transport_LogFileTransport::__construct'),
-		Swift_DependencyContainer::getInstance()
-		->createDependenciesFor('transport.null')
-		);
-	}
-
-	/**
-	 * Create a new LogFileTransport instance.
-	 *
-	 * @return Swift_LogFileTransport
-	 */
-	public static function newInstance()
-	{
-		return new self();
-	}
 }

core/htmlsanitizer.class.inc.php

@@ -108,6 +108,18 @@ abstract class DOMSanitizer extends HTMLSanitizer
 {
 	/** @var DOMDocument */
 	protected $oDoc;
+	/**
+	 * @var string Class to use for InlineImage static method calls
+	 * @used-by \Combodo\iTop\Test\UnitTest\Core\Sanitizer\HTMLDOMSanitizerTest::testDoSanitizeCallInlineImageProcessImageTag
+	 */
+	protected $sInlineImageClassName;
+
+	public function __construct($sInlineImageClassName = InlineImage::class)
+	{
+		parent::__construct();
+
+		$this->sInlineImageClassName = $sInlineImageClassName;
+	}
 
 	abstract public function GetTagsWhiteList();
 
@@ -203,7 +215,7 @@ abstract class DOMSanitizer extends HTMLSanitizer
 					// Recurse
 					$this->CleanNode($oNode);
 					if (($oNode instanceof DOMElement) && (strtolower($oNode->tagName) == 'img')) {
-						InlineImage::ProcessImageTag($oNode);
+						$this->sInlineImageClassName::ProcessImageTag($oNode);
 					}
 				}
 			}
@@ -338,6 +350,30 @@ class HTMLDOMSanitizer extends DOMSanitizer
 		'white-space',
 	);
 
+	public function __construct($sInlineImageClassName = InlineImage::class)
+	{
+		parent::__construct($sInlineImageClassName);
+
+		// Building href validation pattern from url and email validation patterns as the patterns are not used the same way in HTML content than in standard attributes value.
+		// eg. "foo@bar.com" vs "mailto:foo@bar.com?subject=Title&body=Hello%20world"
+		if (!array_key_exists('href', self::$aAttrsWhiteList)) {
+			// Regular urls
+			$sUrlPattern = utils::GetConfig()->Get('url_validation_pattern');
+
+			// Mailto urls
+			$sMailtoPattern = '(mailto:('.utils::GetConfig()->Get('email_validation_pattern').')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';
+
+			// Notification placeholders
+			// eg. $this->caller_id$, $this->hyperlink()$, $this->hyperlink(portal)$, $APP_URL$, $MODULES_URL$, ...
+			// Note: Authorize both $xxx$ and %24xxx%24 as the latter one is encoded when used in HTML attributes (eg. a[href])
+			$sPlaceholderPattern = '(\$|%24)[\w-]*(->[\w]*(\([\w-]*?\))?)?(\$|%24)';
+
+			$sPattern = $sUrlPattern.'|'.$sMailtoPattern.'|'.$sPlaceholderPattern;
+			$sPattern = '/'.str_replace('/', '\/', $sPattern).'/i';
+			self::$aAttrsWhiteList['href'] = $sPattern;
+		}
+	}
+
 	public function GetTagsWhiteList()
 	{
 		return static::$aTagsWhiteList;
@@ -363,31 +399,6 @@ class HTMLDOMSanitizer extends DOMSanitizer
 		return static::$aStylesWhiteList;
 	}
 
-	public function __construct()
-	{
-		parent::__construct();
-
-		// Building href validation pattern from url and email validation patterns as the patterns are not used the same way in HTML content than in standard attributes value.
-		// eg. "foo@bar.com" vs "mailto:foo@bar.com?subject=Title&body=Hello%20world"
-		if (!array_key_exists('href', self::$aAttrsWhiteList))
-		{
-			// Regular urls
-			$sUrlPattern = utils::GetConfig()->Get('url_validation_pattern');
-
-			// Mailto urls
-			$sMailtoPattern = '(mailto:(' . utils::GetConfig()->Get('email_validation_pattern') . ')(?:\?(?:subject|body)=([a-zA-Z0-9+\$_.-]*)(?:&(?:subject|body)=([a-zA-Z0-9+\$_.-]*))?)?)';
-
-			// Notification placeholders
-			// eg. $this->caller_id$, $this->hyperlink()$, $this->hyperlink(portal)$, $APP_URL$, $MODULES_URL$, ...
-			// Note: Authorize both $xxx$ and %24xxx%24 as the latter one is encoded when used in HTML attributes (eg. a[href])
-			$sPlaceholderPattern = '(\$|%24)[\w-]*(->[\w]*(\([\w-]*?\))?)?(\$|%24)';
-
-			$sPattern = $sUrlPattern . '|' . $sMailtoPattern . '|' . $sPlaceholderPattern;
-			$sPattern = '/'.str_replace('/', '\/', $sPattern).'/i';
-			self::$aAttrsWhiteList['href'] = $sPattern;
-		}
-	}
-
 	public function LoadDoc($sHTML)
 	{
 		@$this->oDoc->loadHTML('<?xml encoding="UTF-8"?>'.$sHTML); // For loading HTML chunks where the character set is not specified

core/legacy/querybuildercontextlegacy.class.inc.php

@@ -1,107 +0,0 @@
-<?php
-// Copyright (C) 2010-2021 Combodo SARL
-//
-//   This file is part of iTop.
-//
-//   iTop is free software; you can redistribute it and/or modify	
-//   it under the terms of the GNU Affero General Public License as published by
-//   the Free Software Foundation, either version 3 of the License, or
-//   (at your option) any later version.
-//
-//   iTop is distributed in the hope that it will be useful,
-//   but WITHOUT ANY WARRANTY; without even the implied warranty of
-//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-//   GNU Affero General Public License for more details.
-//
-//   You should have received a copy of the GNU Affero General Public License
-//   along with iTop. If not, see <http://www.gnu.org/licenses/>
-
-/**
- * Associated with the metamodel -> MakeQuery/MakeQuerySingleTable
- *
- * @copyright   Copyright (C) 2010-2021 Combodo SARL
- * @license     http://opensource.org/licenses/AGPL-3.0
- */
-
-class QueryBuilderContext
-{
-	protected $m_oRootFilter;
-	protected $m_aClassAliases;
-	protected $m_aTableAliases;
-	protected $m_aModifierProperties;
-	protected $m_aSelectedClasses;
-	protected $m_aFilteredTables;
-
-	public $m_oQBExpressions;
-
-	public function __construct($oFilter, $aModifierProperties, $aGroupByExpr = null, $aSelectedClasses = null, $aSelectExpr = null)
-	{
-		$this->m_oRootFilter = $oFilter;
-		$this->m_oQBExpressions = new QueryBuilderExpressions($oFilter, $aGroupByExpr, $aSelectExpr);
-
-		$this->m_aClassAliases = $oFilter->GetJoinedClasses();
-		$this->m_aTableAliases = array();
-		$this->m_aFilteredTables = array();
-
-		$this->m_aModifierProperties = $aModifierProperties;
-		if (is_null($aSelectedClasses))
-		{
-			$this->m_aSelectedClasses = $oFilter->GetSelectedClasses();
-		}
-		else
-		{
-			// For the unions, the selected classes can be upper in the hierarchy (lowest common ancestor)
-			$this->m_aSelectedClasses = $aSelectedClasses;
-		}
-	}
-
-	public function GetRootFilter()
-	{
-		return $this->m_oRootFilter;
-	}
-
-	public function GenerateTableAlias($sNewName, $sRealName)
-	{
-		return MetaModel::GenerateUniqueAlias($this->m_aTableAliases, $sNewName, $sRealName);
-	}
-
-	public function GenerateClassAlias($sNewName, $sRealName)
-	{
-		return MetaModel::GenerateUniqueAlias($this->m_aClassAliases, $sNewName, $sRealName);
-	}
-
-	public function GetModifierProperties($sPluginClass)
-	{
-		if (array_key_exists($sPluginClass, $this->m_aModifierProperties))
-		{
-			return $this->m_aModifierProperties[$sPluginClass];
-		}
-		else
-		{
-			return array();
-		}
-	}
-
-	public function GetSelectedClass($sAlias)
-	{
-		return $this->m_aSelectedClasses[$sAlias];
-	}
-
-	public function AddFilteredTable($sTableAlias, $oCondition)
-	{
-		if (array_key_exists($sTableAlias, $this->m_aFilteredTables))
-		{
-			$this->m_aFilteredTables[$sTableAlias][] = $oCondition;
-		}
-		else
-		{
-			$this->m_aFilteredTables[$sTableAlias] = array($oCondition);
-		}
-	}
-
-	public function GetFilteredTables()
-	{
-		return $this->m_aFilteredTables;
-	}
-}
-

core/legacy/querybuilderexpressionslegacy.class.inc.php

@@ -1,186 +0,0 @@
-<?php
-
-class QueryBuilderExpressions
-{
-	/**
-	 * @var Expression
-	 */
-	protected $m_oConditionExpr;
-	/**
-	 * @var Expression[]
-	 */
-	protected $m_aSelectExpr;
-	/**
-	 * @var Expression[]
-	 */
-	protected $m_aGroupByExpr;
-	/**
-	 * @var Expression[]
-	 */
-	protected $m_aJoinFields;
-	/**
-	 * @var string[]
-	 */
-	protected $m_aClassIds;
-
-	public function __construct(DBObjectSearch $oSearch, $aGroupByExpr = null, $aSelectExpr = null)
-	{
-		$this->m_oConditionExpr = $oSearch->GetCriteria();
-		if (!$oSearch->GetShowObsoleteData())
-		{
-			foreach ($oSearch->GetSelectedClasses() as $sAlias => $sClass)
-			{
-				if (MetaModel::IsObsoletable($sClass))
-				{
-					$oNotObsolete = new BinaryExpression(new FieldExpression('obsolescence_flag', $sAlias), '=', new ScalarExpression(0));
-					$this->m_oConditionExpr = $this->m_oConditionExpr->LogAnd($oNotObsolete);
-				}
-			}
-		}
-		$this->m_aSelectExpr = is_null($aSelectExpr) ? array() : $aSelectExpr;
-		$this->m_aGroupByExpr = $aGroupByExpr;
-		$this->m_aJoinFields = array();
-
-		$this->m_aClassIds = array();
-		foreach ($oSearch->GetJoinedClasses() as $sClassAlias => $sClass)
-		{
-			$this->m_aClassIds[$sClassAlias] = new FieldExpression('id', $sClassAlias);
-		}
-	}
-
-	public function GetSelect()
-	{
-		return $this->m_aSelectExpr;
-	}
-
-	public function GetGroupBy()
-	{
-		return $this->m_aGroupByExpr;
-	}
-
-	public function GetCondition()
-	{
-		return $this->m_oConditionExpr;
-	}
-
-	/**
-	 * @return Expression|mixed
-	 */
-	public function PopJoinField()
-	{
-		return array_pop($this->m_aJoinFields);
-	}
-
-	/**
-	 * @param string $sAttAlias
-	 * @param Expression $oExpression
-	 */
-	public function AddSelect($sAttAlias, Expression $oExpression)
-	{
-		$this->m_aSelectExpr[$sAttAlias] = $oExpression;
-	}
-
-	/**
-	 * @param Expression $oExpression
-	 */
-	public function AddCondition(Expression $oExpression)
-	{
-		$this->m_oConditionExpr = $this->m_oConditionExpr->LogAnd($oExpression);
-	}
-
-	/**
-	 * @param Expression $oExpression
-	 */
-	public function PushJoinField(Expression $oExpression)
-	{
-		array_push($this->m_aJoinFields, $oExpression);
-	}
-
-	/**
-	 * Get tables representing the queried objects
-	 * Could be further optimized: when the first join is an outer join, then the rest can be omitted
-	 *
-	 * @param array $aTables
-	 *
-	 * @return array
-	 */
-	public function GetMandatoryTables(&$aTables = null)
-	{
-		if (is_null($aTables))
-		{
-			$aTables = array();
-		}
-
-		foreach ($this->m_aClassIds as $sClass => $oExpression)
-		{
-			$oExpression->CollectUsedParents($aTables);
-		}
-
-		return $aTables;
-	}
-
-	public function GetUnresolvedFields($sAlias, &$aUnresolved)
-	{
-		$this->m_oConditionExpr->GetUnresolvedFields($sAlias, $aUnresolved);
-		foreach ($this->m_aSelectExpr as $sColAlias => $oExpr)
-		{
-			$oExpr->GetUnresolvedFields($sAlias, $aUnresolved);
-		}
-		if ($this->m_aGroupByExpr)
-		{
-			foreach ($this->m_aGroupByExpr as $sColAlias => $oExpr)
-			{
-				$oExpr->GetUnresolvedFields($sAlias, $aUnresolved);
-			}
-		}
-		foreach ($this->m_aJoinFields as $oExpression)
-		{
-			$oExpression->GetUnresolvedFields($sAlias, $aUnresolved);
-		}
-	}
-
-	public function Translate($aTranslationData, $bMatchAll = true, $bMarkFieldsAsResolved = true)
-	{
-		$this->m_oConditionExpr = $this->m_oConditionExpr->Translate($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved);
-		foreach ($this->m_aSelectExpr as $sColAlias => $oExpr)
-		{
-			$this->m_aSelectExpr[$sColAlias] = $oExpr->Translate($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved);
-		}
-		if ($this->m_aGroupByExpr)
-		{
-			foreach ($this->m_aGroupByExpr as $sColAlias => $oExpr)
-			{
-				$this->m_aGroupByExpr[$sColAlias] = $oExpr->Translate($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved);
-			}
-		}
-		foreach ($this->m_aJoinFields as $index => $oExpression)
-		{
-			$this->m_aJoinFields[$index] = $oExpression->Translate($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved);
-		}
-
-		foreach ($this->m_aClassIds as $sClass => $oExpression)
-		{
-			$this->m_aClassIds[$sClass] = $oExpression->Translate($aTranslationData, $bMatchAll, $bMarkFieldsAsResolved);
-		}
-	}
-
-	public function RenameParam($sOldName, $sNewName)
-	{
-		$this->m_oConditionExpr->RenameParam($sOldName, $sNewName);
-		foreach ($this->m_aSelectExpr as $sColAlias => $oExpr)
-		{
-			$this->m_aSelectExpr[$sColAlias] = $oExpr->RenameParam($sOldName, $sNewName);
-		}
-		if ($this->m_aGroupByExpr)
-		{
-			foreach ($this->m_aGroupByExpr as $sColAlias => $oExpr)
-			{
-				$this->m_aGroupByExpr[$sColAlias] = $oExpr->RenameParam($sOldName, $sNewName);
-			}
-		}
-		foreach ($this->m_aJoinFields as $index => $oExpression)
-		{
-			$this->m_aJoinFields[$index] = $oExpression->RenameParam($sOldName, $sNewName);
-		}
-	}
-}

core/log.class.inc.php

@@ -544,7 +544,14 @@ class LogChannels
 {
 	public const APC = 'apc';
 
-	public const CLI          = 'CLI';
+	/**
+	 * @var string
+	 * @since 3.0.1 N°4849
+	 * @since 2.7.7 N°4635
+	 */
+	public const NOTIFICATIONS = 'notifications';
+
+	public const CLI = 'CLI';
 
 	/**
 	 * @var string
@@ -704,6 +711,7 @@ abstract class LogAPI
 	/**
 	 * @throws \ConfigException if log wrongly configured
 	 * @uses GetMinLogLevel
+	 * @since 3.0.0 N°3731
 	 */
 	final public static function IsLogLevelEnabled(string $sLevel, string $sChannel, string $sConfigKey = self::ENUM_CONFIG_PARAM_FILE): bool
 	{

core/metamodel.class.php

@@ -461,7 +461,7 @@ abstract class MetaModel
 			$oStyle = self::$m_aClassParams[$sClass]['style'];
 			$sIcon = $oStyle->GetIconAsAbsUrl();
 		}
-		if (strlen($sIcon) == 0) {
+		if (utils::IsNullOrEmptyString($sIcon)) {
 			$sParentClass = self::GetParentPersistentClass($sClass);
 			if (strlen($sParentClass) > 0) {
 				return self::GetClassIcon($sParentClass, $bImgTag, $sMoreStyles);
@@ -494,7 +494,7 @@ abstract class MetaModel
 			$oStyle = new ormStyle("ibo-class-style--$sClass", "ibo-class-style-alt--$sClass");
 		}
 
-		if ((strlen($oStyle->GetMainColor()) > 0) && (strlen($oStyle->GetComplementaryColor()) > 0) && (strlen($oStyle->GetIconAsRelPath()) > 0)) {
+		if (utils::IsNotNullOrEmptyString($oStyle->GetMainColor()) && utils::IsNotNullOrEmptyString($oStyle->GetComplementaryColor()) && utils::IsNotNullOrEmptyString($oStyle->GetIconAsRelPath())) {
 			// all the parameters are set, no need to search in the parent classes
 			return $oStyle;
 		}
@@ -504,18 +504,18 @@ abstract class MetaModel
 		while (strlen($sParentClass) > 0) {
 			$oParentStyle = self::GetClassStyle($sParentClass);
 			if (!is_null($oParentStyle)) {
-				if (strlen($oStyle->GetMainColor()) == 0) {
+				if (utils::IsNullOrEmptyString($oStyle->GetMainColor())) {
 					$oStyle->SetMainColor($oParentStyle->GetMainColor());
 					$oStyle->SetStyleClass($oParentStyle->GetStyleClass());
 				}
-				if (strlen($oStyle->GetComplementaryColor()) == 0) {
+				if (utils::IsNullOrEmptyString($oStyle->GetComplementaryColor())) {
 					$oStyle->SetComplementaryColor($oParentStyle->GetComplementaryColor());
 					$oStyle->SetAltStyleClass($oParentStyle->GetAltStyleClass());
 				}
-				if (strlen($oStyle->GetIconAsRelPath()) == 0) {
+				if (utils::IsNullOrEmptyString($oStyle->GetIconAsRelPath())) {
 					$oStyle->SetIcon($oParentStyle->GetIconAsRelPath());
 				}
-				if ((strlen($oStyle->GetMainColor()) > 0) && (strlen($oStyle->GetComplementaryColor()) > 0) && (strlen($oStyle->GetIconAsRelPath()) > 0)) {
+				if (utils::IsNotNullOrEmptyString($oStyle->GetMainColor()) && utils::IsNotNullOrEmptyString($oStyle->GetComplementaryColor()) && utils::IsNotNullOrEmptyString($oStyle->GetIconAsRelPath())) {
 					// all the parameters are set, no need to search in the parent classes
 					return $oStyle;
 				}
@@ -523,7 +523,7 @@ abstract class MetaModel
 			$sParentClass = self::GetParentPersistentClass($sParentClass);
 		}
 
-		if ((strlen($oStyle->GetMainColor()) == 0) && (strlen($oStyle->GetComplementaryColor()) == 0) && (strlen($oStyle->GetIconAsRelPath()) == 0)) {
+		if (utils::IsNullOrEmptyString($oStyle->GetMainColor()) && utils::IsNullOrEmptyString($oStyle->GetComplementaryColor()) && utils::IsNullOrEmptyString($oStyle->GetIconAsRelPath())) {
 			return null;
 		}
 

core/oql/expression.class.inc.php

@@ -2762,25 +2762,96 @@ class FunctionExpression extends Expression
 				return $iRet;
 
 			case 'DATE_FORMAT':
-				if (count($this->m_aArgs) != 2)
-				{
+				if (count($this->m_aArgs) != 2) {
 					throw new \Exception("Function {$this->m_sVerb} requires 2 arguments");
 				}
 				$oDate = new DateTime($this->m_aArgs[0]->Evaluate($aArgs));
-				$sFormat = $this->m_aArgs[1]->Evaluate($aArgs);
-				$sFormat = str_replace(
-					array('%y', '%x', '%w', '%W', '%v', '%T', '%S', '%r', '%p', '%M', '%l', '%k', '%I', '%h', '%b', '%a', '%D', '%c', '%e', '%Y', '%d', '%m', '%H', '%i', '%s'),
-					array('y', 'o', 'w', 'l', 'W', 'H:i:s', 's', 'h:i:s A', 'A', 'F', 'g', 'H', 'h', 'h','M', 'D', 'jS', 'n', 'j', 'Y', 'd', 'm', 'H', 'i', 's'),
-					$sFormat);
-				if (preg_match('/%j/', $sFormat))
-				{
-					$sFormat = str_replace('%j', date_format($oDate, 'z') + 1, $sFormat);
-				}
-				if (preg_match('/%[fUuVX]/', $sFormat))
-				{
+				$sFormatForMysqlDateFormat = $this->m_aArgs[1]->Evaluate($aArgs);
+
+				if (preg_match('/%[fUuVX]/', $sFormatForMysqlDateFormat)) {
 					throw new NotYetEvaluatedExpression("Expression ".$this->RenderExpression().' cannot be evaluated (known limitation)');
 				}
-				$sRet = date_format($oDate, $sFormat);
+
+				if (preg_match('/%j/', $sFormatForMysqlDateFormat)) {
+					$sFormatForMysqlDateFormat = str_replace('%j', 'z', $sFormatForMysqlDateFormat);
+					$sRet = date_format($oDate, $sFormatForMysqlDateFormat);
+					$sRet++;
+					/** @noinspection PhpUnnecessaryLocalVariableInspection */
+					$sRet = str_pad($sRet, 3, '0', STR_PAD_LEFT);
+
+					return $sRet;
+				}
+
+				/**
+				 * @var string[] $aFormatsForMysqlDateFormat
+				 * @link https://dev.mysql.com/doc/refman/5.7/en/date-and-time-functions.html#function_date-format
+				 */
+				//@formatter:off we want to keep every single item on its own line to ease comp between MySQL and PHP formats !
+				$aFormatsForMysqlDateFormat = [
+					'%y',
+					'%x',
+					'%w',
+					'%W',
+					'%v',
+					'%T',
+					'%S',
+					'%r',
+					'%p',
+					'%M',
+					'%l',
+					'%k',
+					'%I',
+					'%h',
+					'%b',
+					'%a',
+					'%D',
+					'%c',
+					'%e',
+					'%Y',
+					'%d',
+					'%m',
+					'%H',
+					'%i',
+					'%s'
+				];
+				//@formatter:on
+				/**
+				 * @var string[] $aFormatsForPhpDateFormat
+				 * @link https://www.php.net/manual/en/datetime.format.php
+				 */
+				//@formatter:off we want to keep every single item on its own line to ease comp between MySQL and PHP formats !
+				$aFormatsForPhpDateFormat = [
+					'y',
+					'o',
+					'w',
+					'l',
+					'W',
+					'H:i:s',
+					's',
+					'h:i:s A',
+					'A',
+					'F',
+					'g',
+					'G',
+					'h',
+					'h',
+					'M',
+					'D',
+					'jS',
+					'n',
+					'j',
+					'Y',
+					'd',
+					'm',
+					'H',
+					'i',
+					's'
+				];
+				//@formatter:on
+				$sFormatForPhpDateFormat = str_replace($aFormatsForMysqlDateFormat, $aFormatsForPhpDateFormat, $sFormatForMysqlDateFormat);
+				/** @noinspection PhpUnnecessaryLocalVariableInspection */
+				$sRet = date_format($oDate, $sFormatForPhpDateFormat);
+
 				return $sRet;
 
 			case 'TO_DAYS':

core/ormStyle.class.inc.php

@@ -50,7 +50,7 @@ class ormStyle
 	 */
 	public function HasMainColor(): bool
 	{
-		return strlen($this->sMainColor) > 0;
+		return utils::IsNotNullOrEmptyString($this->sMainColor);
 	}
 
 	/**
@@ -68,7 +68,7 @@ class ormStyle
 	 */
 	public function SetMainColor(?string $sMainColor)
 	{
-		$this->sMainColor = (strlen($sMainColor) === 0) ? null : $sMainColor;
+		$this->sMainColor = utils::IsNullOrEmptyString($sMainColor) ? null : $sMainColor;
 		return $this;
 	}
 
@@ -78,7 +78,7 @@ class ormStyle
 	 */
 	public function HasComplementaryColor(): bool
 	{
-		return strlen($this->sComplementaryColor) > 0;
+		return utils::IsNotNullOrEmptyString($this->sComplementaryColor);
 	}
 
 	/**
@@ -96,7 +96,7 @@ class ormStyle
 	 */
 	public function SetComplementaryColor(?string $sComplementaryColor)
 	{
-		$this->sComplementaryColor = (strlen($sComplementaryColor) === 0) ? null : $sComplementaryColor;
+		$this->sComplementaryColor = utils::IsNullOrEmptyString($sComplementaryColor) ? null : $sComplementaryColor;
 		return $this;
 	}
 
@@ -116,7 +116,7 @@ class ormStyle
 	 */
 	public function HasStyleClass(): bool
 	{
-		return strlen($this->sStyleClass) > 0;
+		return utils::IsNotNullOrEmptyString($this->sStyleClass);
 	}
 
 	/**
@@ -134,7 +134,7 @@ class ormStyle
 	 */
 	public function SetStyleClass(?string $sStyleClass)
 	{
-		$this->sStyleClass = (strlen($sStyleClass) === 0) ? null : $sStyleClass;
+		$this->sStyleClass = utils::IsNullOrEmptyString($sStyleClass) ? null : $sStyleClass;
 		return $this;
 	}
 
@@ -144,7 +144,7 @@ class ormStyle
 	 */
 	public function HasAltStyleClass(): bool
 	{
-		return strlen($this->sAltStyleClass) > 0;
+		return utils::IsNotNullOrEmptyString($this->sAltStyleClass);
 	}
 
 	/**
@@ -162,7 +162,7 @@ class ormStyle
 	 */
 	public function SetAltStyleClass(?string $sAltStyleClass)
 	{
-		$this->sAltStyleClass = (strlen($sAltStyleClass) === 0) ? null : $sAltStyleClass;
+		$this->sAltStyleClass = utils::IsNullOrEmptyString($sAltStyleClass) ? null : $sAltStyleClass;
 		return $this;
 	}
 
@@ -172,7 +172,7 @@ class ormStyle
 	 */
 	public function HasDecorationClasses(): bool
 	{
-		return strlen($this->sDecorationClasses) > 0;
+		return utils::IsNotNullOrEmptyString($this->sDecorationClasses);
 	}
 
 	/**
@@ -190,7 +190,7 @@ class ormStyle
 	 */
 	public function SetDecorationClasses(?string $sDecorationClasses)
 	{
-		$this->sDecorationClasses = (strlen($sDecorationClasses) === 0) ? null : $sDecorationClasses;
+		$this->sDecorationClasses = utils::IsNullOrEmptyString($sDecorationClasses) ? null : $sDecorationClasses;
 		return $this;
 	}
 
@@ -200,7 +200,7 @@ class ormStyle
 	 */
 	public function HasIcon(): bool
 	{
-		return strlen($this->sIcon) > 0;
+		return utils::IsNotNullOrEmptyString($this->sIcon);
 	}
 
 	/**
@@ -210,7 +210,7 @@ class ormStyle
 	 */
 	public function SetIcon(?string $sIcon)
 	{
-		$this->sIcon = (strlen($sIcon) === 0) ? null : $sIcon;
+		$this->sIcon = utils::IsNullOrEmptyString($sIcon) ? null : $sIcon;
 		return $this;
 	}
 

core/ormcaselog.class.inc.php

@@ -155,7 +155,7 @@ class ormCaseLog {
 					break;
 
 				case static::ENUM_FORMAT_HTML:
-					$sHtmlEntry = $sTextEntry;
+					$sHtmlEntry = InlineImage::FixUrls($sTextEntry);
 					$sTextEntry = utils::HtmlToText($sHtmlEntry);
 					break;
 			}
@@ -723,7 +723,7 @@ class ormCaseLog {
 			}
 			else
 			{
-				$sRes = $sRaw;
+				$sRes = InlineImage::FixUrls($sRaw);
 			}
 			break;
 		}
@@ -758,6 +758,6 @@ class ormCaseLog {
 		}
 		$iPos += $this->m_aIndex[$index]['separator_length'];
 		$sText = substr($this->m_sLog, $iPos, $this->m_aIndex[$index]['text_length']);
-		return $sText;
+		return InlineImage::FixUrls($sText);
 	}
 }

core/userrights.class.inc.php

@@ -19,7 +19,7 @@ define('UR_ACTION_CREATE', 7); // Instantiate an object
 define('UR_ACTION_APPLICATION_DEFINED', 10000); // Application specific actions (CSV import, View schema...)
 
 /**
- * User management module API  
+ * User management module API
  *
  * @package     iTopORM
  */
@@ -139,7 +139,7 @@ abstract class UserRightsAddOnAPI
 		$oExpression = new FieldExpression($sAttCode, $sClass);
 		$oFilter  = new DBObjectSearch($sClass);
 		$oListExpr = ListExpression::FromScalars($aAllowedOrgs);
-		
+
 		$oCondition = new BinaryExpression($oExpression, 'IN', $oListExpr);
 		$oFilter->AddConditionExpression($oCondition);
 
@@ -156,7 +156,7 @@ abstract class UserRightsAddOnAPI
 				$oShareSearch = new DBObjectSearch('SharedObject');
 				$oOrgField = new FieldExpression('org_id', 'SharedObject');
 				$oShareSearch->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr));
-	
+
 				$oSearchSharers = new DBObjectSearch('Organization');
 				$oSearchSharers->AllowAllData();
 				$oSearchSharers->AddCondition_ReferencedBy($oShareSearch, 'sharing_org_id');
@@ -172,16 +172,16 @@ abstract class UserRightsAddOnAPI
 					$oFilter->MergeConditionExpression(new BinaryExpression($oExpression, 'IN', $oSharersList));
 				}
 			}
-	
+
 			$aShareProperties = SharedObject::GetSharedClassProperties($sClass);
 			if ($aShareProperties)
 			{
 				$sShareClass = $aShareProperties['share_class'];
 				$sShareAttCode = $aShareProperties['attcode'];
-	
+
 				$oSearchShares = new DBObjectSearch($sShareClass);
 				$oSearchShares->AllowAllData();
-	
+
 				$sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization');
 				$oOrgField = new FieldExpression('org_id', $sShareClass);
 				$oSearchShares->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr));
@@ -217,11 +217,12 @@ abstract class User extends cmdbAbstractObject
 			"category" => "core,grant_by_profile,silo",
 			"key_type" => "autoincrement",
 			"name_attcode" => "login",
-			"state_attcode" => "",
+			"state_attcode" => "status",
 			"reconc_keys" => array(),
 			"db_table" => "priv_user",
 			"db_key_field" => "id",
 			"db_finalclass_field" => "",
+			"style" =>  new ormStyle("ibo-dm-class--User", "ibo-dm-class-alt--User", "var(--ibo-dm-class--User--main-color)", "var(--ibo-dm-class--User--complementary-color)", null, "itop-structure/../../images/icons/icons8-security-pass.svg"),
 		);
 		MetaModel::Init_Params($aParams);
 		//MetaModel::Init_InheritAttributes();
@@ -235,8 +236,8 @@ abstract class User extends cmdbAbstractObject
 		MetaModel::Init_AddAttribute(new AttributeString("login", array("allowed_values"=>null, "sql"=>"login", "default_value"=>null, "is_null_allowed"=>false, "depends_on"=>array())));
 
 		MetaModel::Init_AddAttribute(new AttributeApplicationLanguage("language", array("sql"=>"language", "default_value"=>"EN US", "is_null_allowed"=>false, "depends_on"=>array())));
-		MetaModel::Init_AddAttribute(new AttributeEnum("status", array("allowed_values" => new ValueSetEnum('enabled,disabled'), "sql"=>"status", "default_value"=>"enabled", "is_null_allowed"=>false, "depends_on"=>array())));
-		
+		MetaModel::Init_AddAttribute(new AttributeEnum("status", array("allowed_values" => new ValueSetEnum('enabled,disabled'), "styled_values"=>['enabled' =>  new ormStyle('ibo-dm-enum--User-status-enabled', 'ibo-dm-enum-alt--User-status-enabled', 'var(--ibo-dm-enum--User-status-enabled--main-color)', 'var(--ibo-dm-enum--User-status-enabled--complementary-color)', null, null),'disabled' =>  new ormStyle('ibo-dm-enum--User-status-disabled', 'ibo-dm-enum-alt--User-status-disabled', 'var(--ibo-dm-enum--User-status-disabled--main-color)', 'var(--ibo-dm-enum--User-status-disabled--complementary-color)', null, null)], "sql"=>"status", "default_value"=>"enabled", "is_null_allowed"=>false, "depends_on"=>array())));
+
 		MetaModel::Init_AddAttribute(new AttributeLinkedSetIndirect("profile_list", array("linked_class"=>"URP_UserProfile", "ext_key_to_me"=>"userid", "ext_key_to_remote"=>"profileid", "allowed_values"=>null, "count_min"=>1, "count_max"=>0, "depends_on"=>array())));
 		MetaModel::Init_AddAttribute(new AttributeLinkedSetIndirect("allowed_org_list", array("linked_class"=>"URP_UserOrg", "ext_key_to_me"=>"userid", "ext_key_to_remote"=>"allowed_org_id", "allowed_values"=>null, "count_min"=>1, "count_max"=>0, "depends_on"=>array())));
 
@@ -504,7 +505,7 @@ abstract class User extends cmdbAbstractObject
 			return '<span style="background-color: #ffdddd;">'.Dict::S('UI:UserManagement:ActionAllowed:No').'</span>';
 		}
 	}
-	
+
 	function DoShowGrantSumary($oPage, $sClassCategory)
 	{
 		if (UserRights::IsAdministrator($this))
@@ -536,7 +537,7 @@ abstract class User extends cmdbAbstractObject
 			{
 				$sStimuli = '<em title="'.Dict::S('UI:UserManagement:NoLifeCycleApplicable+').'">'.Dict::S('UI:UserManagement:NoLifeCycleApplicable').'</em>';
 			}
-			
+
 			$aDisplayData[] = array(
 				'class' => MetaModel::GetName($sClass),
 				'read' => $this->GetGrantAsHtml($sClass, UR_ACTION_READ),
@@ -550,7 +551,7 @@ abstract class User extends cmdbAbstractObject
 		}
 
 		$oKPI->ComputeAndReport('Computation of user rights');
-	
+
 		$aDisplayConfig = array();
 		$aDisplayConfig['class'] = array('label' => Dict::S('UI:UserManagement:Class'), 'description' => Dict::S('UI:UserManagement:Class+'));
 		$aDisplayConfig['read'] = array('label' => Dict::S('UI:UserManagement:Action:Read'), 'description' => Dict::S('UI:UserManagement:Action:Read+'));
@@ -585,7 +586,7 @@ abstract class User extends cmdbAbstractObject
 
 		}
 	}
-	
+
   	public function CheckToDelete(&$oDeletionPlan)
   	{
   		if (MetaModel::GetConfig()->Get('demo_mode'))
@@ -597,8 +598,8 @@ abstract class User extends cmdbAbstractObject
 			return false;
 		}
 		return parent::CheckToDelete($oDeletionPlan);
-  	} 
-	
+  	}
+
 	protected function DBDeleteSingleObject()
 	{
 		if (MetaModel::GetConfig()->Get('demo_mode'))
@@ -633,7 +634,7 @@ abstract class User extends cmdbAbstractObject
  */
 abstract class UserInternal extends User
 {
-	// Nothing special, just a base class to categorize this type of authenticated users	
+	// Nothing special, just a base class to categorize this type of authenticated users
 	public static function Init()
 	{
 		$aParams = array
@@ -662,15 +663,15 @@ abstract class UserInternal extends User
 
 	/**
 	 * Use with care!
-	 */	 	
+	 */
 	public function SetPassword($sNewPassword)
 	{
 	}
 
 	/**
-	 * The email recipient is the person who is allowed to regain control when the password gets lost	
+	 * The email recipient is the person who is allowed to regain control when the password gets lost
 	 * Throws an exception if the feature cannot be available
-	 */	
+	 */
 	public function GetResetPasswordEmail()
 	{
 		if (!MetaModel::IsValidAttCode(get_class($this), 'contactid'))
@@ -703,7 +704,7 @@ abstract class UserInternal extends User
 }
 
 /**
- * Self register extension  
+ * Self register extension
  *
  * @package     iTopORM
  */
@@ -719,10 +720,10 @@ interface iSelfRegister
 	 * @return bool true if the user is a valid one, false otherwise
 	 */
 	public static function CheckCredentialsAndCreateUser($sName, $sPassword, $sLoginMode, $sAuthentication);
-	
+
 	/**
 	 * Called after the user has been authenticated and found in iTop. This method can
-	 * Update the user's definition on the fly (profiles...) to keep it in sync with an external source 
+	 * Update the user's definition on the fly (profiles...) to keep it in sync with an external source
 	 * @param User $oUser The user to update/synchronize
 	 * @param string $sLoginMode The login mode used (cas|form|basic|url)
 	 * @param string $sAuthentication The authentication method used
@@ -732,7 +733,7 @@ interface iSelfRegister
 }
 
 /**
- * User management core API  
+ * User management core API
  *
  * @package     iTopORM
  */
@@ -830,7 +831,7 @@ class UserRights
 		else
 		{
 			return true;
-		}	
+		}
 	}
 
 	/**
@@ -1053,6 +1054,11 @@ class UserRights
 				Dict::SetUserLanguage(self::GetUserLanguage());
 				Session::Set('impersonate_user', $sLogin);
 				self::_ResetSessionCache();
+
+				//N°5135 - Impersonate: history of changes versus log entries
+				//track impersonation inside changelogs
+				CMDBObject::SetTrackUserId(null);
+				CMDBObject::CreateChange();
 			}
 		}
 		return $bRet;
@@ -1066,9 +1072,15 @@ class UserRights
 		if (!is_null(self::$m_oRealUser))
 		{
 			self::$m_oUser = self::$m_oRealUser;
+			//N°5135 - fix IsImpersonated() after calling Deimpersonate()
+			self::$m_oRealUser = null;
 			Dict::SetUserLanguage(self::GetUserLanguage());
 			Session::Unset('impersonate_user');
 			self::_ResetSessionCache();
+
+			//N°5135 - Impersonate: history of changes versus log entries
+			//stop tracking impersonation inside changelogs
+			CMDBObject::CreateChange();
 		}
 	}
 
@@ -1136,7 +1148,7 @@ class UserRights
 		if (is_null(self::$m_oUser))
 		{
 			return 'EN US';
-		
+
 		}
 		else
 		{
@@ -1483,7 +1495,7 @@ class UserRights
 	{
 		if (!self::IsLoggedIn())
 		{
-			//throw new UserRightException('No user logged in', array());	
+			//throw new UserRightException('No user logged in', array());
 			return false;
 		}
 		return true;
@@ -1871,7 +1883,7 @@ class UserRights
 					case 'internal':
 					$sBaseClass = 'UserInternal';
 					break;
-					
+
 					default:
 					echo "<p>sAuthentication = $sAuthentication</p>\n";
 					assert(false); // should never happen
@@ -1936,7 +1948,7 @@ class UserRights
 		Session::Unset('profile_list');
 		Session::Unset('archive_allowed');
 	}
-	
+
 	/**
 	 * Fake error handler to silently discard fatal errors
 	 * @param int $iErrNo
@@ -1968,7 +1980,7 @@ class ActionChecker
 	var $iActionCode;
 	var $iAllowedCount = null;
 	var $aAllowedIDs = null;
-	
+
 	public function __construct(DBSearch $oFilter, $iActionCode)
 	{
 		$this->oFilter = $oFilter;
@@ -1976,7 +1988,7 @@ class ActionChecker
 		$this->iAllowedCount = null;
 		$this->aAllowedIDs = null;
 	}
-	
+
 	/**
 	 * returns the number of objects for which the action is allowed
 	 * @return integer The number of "allowed" objects 0..N
@@ -1986,7 +1998,7 @@ class ActionChecker
 		if ($this->iAllowedCount == null) $this->CheckObjects();
 		return $this->iAllowedCount;
 	}
-	
+
 	/**
 	 * If IsAllowed returned UR_ALLOWED_DEPENDS, this methods returns
 	 * an array of ObjKey => Status (true|false)
@@ -1997,7 +2009,7 @@ class ActionChecker
 		if ($this->aAllowedIDs == null) $this->IsAllowed();
 		return $this->aAllowedIDs;
 	}
-	
+
 	/**
 	 * Check if the speficied stimulus is allowed for the set of objects
 	 * @return UR_ALLOWED_YES, UR_ALLOWED_NO or UR_ALLOWED_DEPENDS
@@ -2048,7 +2060,7 @@ class ActionChecker
 class StimulusChecker extends ActionChecker
 {
 	var $sState = null;
-	
+
 	public function __construct(DBSearch $oFilter, $sState, $iStimulusCode)
 	{
 		parent::__construct($oFilter, $iStimulusCode);
@@ -2063,7 +2075,7 @@ class StimulusChecker extends ActionChecker
 	{
 		$sClass = $this->oFilter->GetClass();
 		if (MetaModel::IsAbstract($sClass)) return UR_ALLOWED_NO; // Safeguard, not implemented if the base class of the set is abstract !
-		
+
 		$oSet = new DBObjectSet($this->oFilter);
 		$iActionAllowed = UserRights::IsStimulusAllowed($sClass,  $this->iActionCode, $oSet);
 		if ($iActionAllowed == UR_ALLOWED_NO)
@@ -2075,7 +2087,7 @@ class StimulusChecker extends ActionChecker
 		{
 			// Hmmm, may not be needed right now because we limit the "multiple" action to object in
 			// the same state... may be useful later on if we want to extend this behavior...
-			
+
 			// Check for each object if the action is allowed or not
 			$this->aAllowedIDs = array();
 			$oSet->Rewind();
@@ -2100,15 +2112,15 @@ class StimulusChecker extends ActionChecker
 						$this->aAllowedIDs[$oObj->GetKey()] = true;
 						$this->iState = $oObj->GetState();
 						$this->iAllowedCount++;
-					}					
+					}
 				}
 				else
 				{
-					$this->aAllowedIDs[$oObj->GetKey()] = false;					
-				}				
+					$this->aAllowedIDs[$oObj->GetKey()] = false;
+				}
 			}
 		}
-		
+
 		if ($this->iAllowedCount == $oSet->Count())
 		{
 			$iActionAllowed = UR_ALLOWED_YES;
@@ -2120,9 +2132,9 @@ class StimulusChecker extends ActionChecker
 
 		return $iActionAllowed;
 	}
-	
+
 	public function GetState()
 	{
 		return $this->iState;
-	}		
+	}
 }

css/backoffice/README.md

@@ -49,6 +49,10 @@ css/backoffice/
 |   |- tabular-fields
 |   ...
 |
+|- *datamodel/           # SCSS / CSS3 variables and CSS classes for PHP classes of the DM that are part of the core (not in a module) and cannot be styled otherwise
+|   |- _user.scss
+|   ...
+|
 |– pages/
 |   |– _home.scss        # Home specific styles
 |   |– _contact.scss     # Contact specific styles

css/backoffice/components/_datatable.scss

@@ -125,4 +125,23 @@ $ibo-fieldsorter--selected--background-color: $ibo-color-blue-200 !default;
 .ibo-datatable--selected-count, .ibo-datatable--result-count{
   padding-right: 0.2em;
   padding-left: 0.1em;
+}
+
+//
+.ibo-datatable[data-status="loading"]{
+  margin-top: $ibo-datatable--toolbar--table-spacing;
+  td, th {
+    position: relative;
+    padding: $ibo-vendors-datatables--cell--padding-y $ibo-vendors-datatables--cell--padding-x;
+  }
+  td{
+    @extend %ibo-font-ral-med-100;
+  }
+  tr:nth-child(even){
+    background-color: $ibo-vendors-datatables--row--background-color--is-even;
+  }
+  th {
+     @extend %ibo-font-ral-sembol-100;
+    border-bottom: $ibo-vendors-datatables--columns-header--border-bottom;
+   }
 }

css/backoffice/components/_field.scss

@@ -101,7 +101,7 @@ $ibo-field--enable-bulk--checkbox--margin-left: $ibo-spacing-300 !default;
 
   /* N°4318 - Visible scrollbar background for large fields overflowing to ease "limits" visualization by the user */
   .ibo-field--value > * {
-    --ibo-scrollbar--scrollbar-track-background-color: $ibo-field--value--scrollbar-track-background-color;
+    --ibo-scrollbar--scrollbar-track-background-color: #{$ibo-field--value--scrollbar-track-background-color};
   }
 
   /* Fullscreen mode */
@@ -253,3 +253,6 @@ $ibo-field--enable-bulk--checkbox--margin-left: $ibo-spacing-300 !default;
   margin-left: $ibo-field--enable-bulk--checkbox--margin-left;
 }
 
+.ibo-input-select--action-buttons a  {
+  @extend %ibo-hyperlink-inherited-colors;
+}

css/backoffice/components/_panel.scss

@@ -89,7 +89,7 @@ $ibo-panel--collapsible-toggler--color: $ibo-color-grey-700 !default;
 
 
 .ibo-panel {
-  --ibo-main-color: map-get($ibo-panel-colors, 'neutral'); /* --ibo-main-color is to allow overload from custom dynamic value from the DM. The overload will be done through an additional CSS class of a particular DM class or DM attribute */
+  --ibo-main-color: #{map-get($ibo-panel-colors, 'neutral')}; /* --ibo-main-color is to allow overload from custom dynamic value from the DM. The overload will be done through an additional CSS class of a particular DM class or DM attribute */
 
   position: relative;
 

css/backoffice/components/_pill.scss

@@ -79,8 +79,8 @@ $ibo-pill-states-colors: (
 /* Rules */
 .ibo-pill {
   /* --ibo-main-color-xxx is to allow overload from custom dynamic value from the DM. The overload will be done through an additional CSS class of a particular DM class or DM attribute */
-  --ibo-main-color--100: map-get(map-get($ibo-pill-states-colors, 'neutral'), 'primary-color');
-  --ibo-main-color--900: map-get(map-get($ibo-pill-states-colors, 'neutral'), 'secondary-color');
+  --ibo-main-color--100: #{map-get(map-get($ibo-pill-states-colors, 'neutral'), 'primary-color')};
+  --ibo-main-color--900: #{map-get(map-get($ibo-pill-states-colors, 'neutral'), 'secondary-color')};
 
   @extend %ibo-fully-centered-content;
   max-width: $ibo-pill--max-width;

css/backoffice/components/_quick-create.scss

@@ -235,7 +235,7 @@ $ibo-quick-create--compartment--placeholder-hint--text-color: $ibo-color-grey-70
 	}
 	&:hover{
 		cursor: pointer;
-		@extend a:hover;
+		@extend a;
 	}
 
 	.highlight{

css/backoffice/components/input/_input-one-way-password.scss

@@ -1,4 +1,4 @@
-/*!
+/*
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */

css/backoffice/datamodel/_all.scss

@@ -0,0 +1,12 @@
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+/**************************************************************************************************************************/
+/* SCSS / CSS3 variables and CSS classes are based on what the compiler generates and will be used across the application */
+/* In case you doubt what to put here, check the "env-xxx/branding/themes/datamodel-compiled-scss-rules.scss" file to     */
+/* to see what the compiler generates for XML DM classes.                                                                 */
+/**************************************************************************************************************************/
+
+@import "user";

css/backoffice/datamodel/_user.scss

@@ -0,0 +1,64 @@
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+// Class itself
+$ibo-dm-class--User--main-color: $ibo-color-blue-grey-600 !default;
+$ibo-dm-class--User--complementary-color: $ibo-color-white-100 !default;
+
+:root {
+  --ibo-dm-class--User--main-color: #{$ibo-dm-class--User--main-color};
+  --ibo-dm-class--User--complementary-color: #{$ibo-dm-class--User--complementary-color};
+}
+
+.ibo-dm-class--User {
+  --ibo-main-color:  #{$ibo-dm-class--User--main-color};
+  --ibo-main-color--100: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-class--User--main-color, $ibo-color-base-lightness-100), $ibo-color-base-opacity-for-lightness-100)};
+  --ibo-main-color--900: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-class--User--main-color, $ibo-color-base-lightness-900), $ibo-color-base-opacity-for-lightness-900)};
+  --ibo-complementary-color:  #{$ibo-dm-class--User--complementary-color};
+}
+.ibo-dm-class-alt--User {
+  --ibo-main-color:  #{$ibo-dm-class--User--complementary-color};
+  --ibo-complementary-color: #{$ibo-dm-class--User--main-color};
+}
+
+// State attribute, "enabled" value
+$ibo-dm-enum--User-status-enabled--main-color: $ibo-lifecycle-active-state-primary-color !default;
+$ibo-dm-enum--User-status-enabled--complementary-color: $ibo-lifecycle-active-state-secondary-color !default;
+
+:root {
+  --ibo-dm-enum--User-status-enabled--main-color: #{$ibo-dm-enum--User-status-enabled--main-color};
+  --ibo-dm-enum--User-status-enabled--complementary-color: #{$ibo-dm-enum--User-status-enabled--complementary-color};
+}
+
+.ibo-dm-enum--User-status-enabled {
+  --ibo-main-color:  #{$ibo-dm-enum--User-status-enabled--main-color};
+  --ibo-main-color--100: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-enum--User-status-enabled--main-color, $ibo-color-base-lightness-100), $ibo-color-base-opacity-for-lightness-100)};
+  --ibo-main-color--900: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-enum--User-status-enabled--main-color, $ibo-color-base-lightness-900), $ibo-color-base-opacity-for-lightness-900)};
+  --ibo-complementary-color:  #{$ibo-dm-enum--User-status-enabled--complementary-color};
+}
+.ibo-dm-enum-alt--User-status-enabled {
+  --ibo-main-color:  #{$ibo-dm-enum--User-status-enabled--complementary-color};
+  --ibo-complementary-color: #{$ibo-dm-enum--User-status-enabled--main-color};
+}
+
+// State attribute, "disabled" value
+$ibo-dm-enum--User-status-disabled--main-color: $ibo-lifecycle-inactive-state-primary-color !default;
+$ibo-dm-enum--User-status-disabled--complementary-color: $ibo-lifecycle-inactive-state-secondary-color !default;
+
+:root {
+  --ibo-dm-enum--User-status-disabled--main-color: #{$ibo-dm-enum--User-status-disabled--main-color};
+  --ibo-dm-enum--User-status-disabled--complementary-color: #{$ibo-dm-enum--User-status-disabled--complementary-color};
+}
+
+.ibo-dm-enum--User-status-disabled {
+  --ibo-main-color:  #{$ibo-dm-enum--User-status-disabled--main-color};
+  --ibo-main-color--100: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-enum--User-status-disabled--main-color, $ibo-color-base-lightness-100), $ibo-color-base-opacity-for-lightness-100)};
+  --ibo-main-color--900: #{ibo-adjust-alpha(ibo-adjust-lightness($ibo-dm-enum--User-status-disabled--main-color, $ibo-color-base-lightness-900), $ibo-color-base-opacity-for-lightness-900)};
+  --ibo-complementary-color:  #{$ibo-dm-enum--User-status-disabled--complementary-color};
+}
+.ibo-dm-enum-alt--User-status-disabled {
+  --ibo-main-color:  #{$ibo-dm-enum--User-status-disabled--complementary-color};
+  --ibo-complementary-color: #{$ibo-dm-enum--User-status-disabled--main-color};
+}

css/backoffice/layout/_navigation-menu.scss

@@ -14,7 +14,7 @@ $ibo-navigation-menu--body--background-color: $ibo-color-blue-grey-900 !default;
 $ibo-navigation-menu--body--text-color: $ibo-color-grey-300 !default;
 
 $ibo-navigation-menu--top-part--height: 120px !default;
-$ibo-navigation-menu--top-part--padding-y: $ibo-navigation-menu--body--padding-y !default;
+$ibo-navigation-menu--top-part--padding-y: $ibo-spacing-400 !default;
 $ibo-navigation-menu--top-part--padding-x: $ibo-navigation-menu--body--padding-x !default;
 $ibo-navigation-menu--top-part--elements-spacing: 20px !default;
 
@@ -70,13 +70,13 @@ $ibo-navigation-menu--square-company-logo--width: 38px !default;
 $ibo-navigation-menu--square-company-logo--height: 38px !default;
 $ibo-navigation-menu--square-company-logo--margin-top: $ibo-spacing-0 !default;
 $ibo-navigation-menu--square-company-logo--margin-x: -5px !default;
-$ibo-navigation-menu--square-company-logo--margin-bottom: $ibo-navigation-menu--body--padding-y * 2 !default;
+$ibo-navigation-menu--square-company-logo--margin-bottom: ($ibo-navigation-menu--body--padding-y * 2) + 12px !default; /* +12px to keep burger & menu groups icons align in both expanded and collapsed mode */
 
 $ibo-navigation-menu--full-company-logo--width: $ibo-navigation-menu--body--width-expanded !default;
 $ibo-navigation-menu--full-company-logo--height: 70px !default;
 $ibo-navigation-menu--full-company-logo--margin-top: $ibo-spacing-0 !default;
 $ibo-navigation-menu--full-company-logo--margin-right: $ibo-spacing-0 !default;
-$ibo-navigation-menu--full-company-logo--margin-bottom: $ibo-spacing-0 !default;
+$ibo-navigation-menu--full-company-logo--margin-bottom: $ibo-spacing-400 !default;
 $ibo-navigation-menu--full-company-logo--margin-left: -$ibo-navigation-menu--body--padding-y !default;
 $ibo-navigation-menu--full-company-logo--image--margin-x: auto !default;
 $ibo-navigation-menu--full-company-logo--image--margin-y: $ibo-spacing-0 !default;

css/backoffice/layout/tab-container/_tab-container.scss

@@ -118,13 +118,14 @@ $ibo-tab-container--tab-container--last--min-height: 60vh !default;
 }
 
 .ibo-tab-container--extra-tabs-list {
-  position: absolute;
-  z-index: 1;
-  top: calc(100% + 6px);
-  right: 12px;
+  position: fixed;
+  z-index: 10; /* To be above linkedset datatables */
+  /* top: Must be computed on menu opening, if set back to absolute, value must be calc(100% + 6px); */
+  /* right: Must be computed on menu opening, if set back to absolute, value must be 12px; */
   max-height: $ibo-tab-container--extra-tabs-list--max-height;
   display: flex;
   flex-direction: column;
+  overflow-y: auto;
 
   background-color: $ibo-tab-container--extra-tabs-list--background-color;
   border-radius: $ibo-tab-container--extra-tabs-list--border-radius;
@@ -136,7 +137,9 @@ $ibo-tab-container--tab-container--last--min-height: 60vh !default;
   max-width: $ibo-tab-container--extra-tab-toggler--max-width;
 
   color: $ibo-tab-container--extra-tab-toggler--text-color;
+
   @extend %ibo-text-truncated-with-ellipsis;
+  overflow-x: clip; /* For unknown reason yet, this is necessary otherwise the element will have almost no height */
 
   &:hover,
   &:active {

css/backoffice/main.scss

@@ -9,6 +9,7 @@
 @import "components/all";
 @import "layout/all";
 @import "application/all";
+@import "datamodel/all";
 @import "pages/all";
 @import "blocks-integrations/all";
 @import "themes/all";

css/backoffice/pages/_about.scss

@@ -0,0 +1,20 @@
+/*
+ * @copyright   Copyright (C) 2010-2021 Combodo SARL
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+$ibo-about-box--top-part--children--padding-y: $ibo-spacing-500 !default;
+$ibo-about-box--top-part--children--padding-x: $ibo-spacing-400 !default;
+$ibo-about-box--top-part--children--margin-y: auto !default;
+$ibo-about-box--top-part--children--margin-x: auto !default;
+$ibo-about-box--top-part--children--width: 50% !default;
+
+.ibo-about-box--top-part{
+  display: flex;
+  flex-direction: row;
+  align-content: center;
+  > div{
+    padding: $ibo-about-box--top-part--children--padding-y $ibo-about-box--top-part--children--padding-x;
+    margin: $ibo-about-box--top-part--children--margin-y $ibo-about-box--top-part--children--margin-x;
+    width: $ibo-about-box--top-part--children--width;
+  }
+}

css/backoffice/pages/_all.scss

@@ -3,6 +3,7 @@
  * @license     http://opensource.org/licenses/AGPL-3.0
  */
 
+@import "about";
 @import "base";
 @import "preferences";
 @import "attachments";
@@ -13,4 +14,5 @@
 @import "csv-import";
 @import "global-search";
 @import "run-query";
-@import "welcome-popup";
+@import "welcome-popup";
+@import "oauth.wizard";

css/backoffice/pages/_csv-import.scss

@@ -27,11 +27,6 @@ tr.ibo-csv-import--row-unchanged td {
   border-bottom: 1px $ibo-color-grey-400 solid;
 }
 
-.wizContainer table tr.ibo-csv-import--row-error td {
-  border-bottom: 1px $ibo-color-grey-400 solid;
-  background-color: $ibo-color-red-200;
-}
-
 tr.ibo-csv-import--row-modified td {
   border-bottom: 1px $ibo-color-grey-400 solid;
 }
@@ -44,4 +39,4 @@ tr.ibo-csv-import--row-added td {
   font-size: 4em;
   color: $ibo-color-primary-400;
   margin: 20px;
-}
+}

css/backoffice/pages/_oauth.wizard.scss

@@ -0,0 +1,16 @@
+.ibo-oauth-wizard .ibo-panel--body{
+  .ibo-oauth-wizard--form--container{
+    display: flex;
+    flex-direction: row;
+    flex-grow: 1;
+  }
+  .ibo-oauth-wizard--form {
+
+  }
+  .ibo-oauth-wizard--illustration svg{
+    max-height: 400px;
+  }
+}
+#ibo-oauth-wizard--conf--result{
+  white-space: pre-wrap
+}

css/backoffice/utils/helpers/_misc.scss

@@ -35,6 +35,10 @@ $ibo-sticky-sentinel-bottom--height: $ibo-sticky-sentinel--height !default;
   opacity: 1 !important; /* Note: !important is necessary as it needs to overload any standard rules */
 }
 
+.ibo-is-disabled {
+  cursor: not-allowed !important; /* Note: !important is necessary as it needs to overload any standard rules */
+}
+
 /****************************/
 /* Disposition / alignement */
 /****************************/

css/backoffice/vendors/_ckeditor.scss

@@ -49,7 +49,7 @@ $ibo-vendors-ckeditor--autocomplete-item-title--text-color: #3A3A3A !default;
 	padding: $ibo-vendors-highlightjs--padding !important;
 	box-shadow: 0 0px 3px 2px inset rgba(0, 0, 0, 0.4);
 	border-radius: $ibo-vendors-highlightjs--border-radius;
-	white-space: pre-line;
+	white-space: pre-wrap;
 }
 
 .ibo-hljs-container{

css/backoffice/vendors/_datatables.scss

@@ -38,14 +38,30 @@ $ibo-vendors-datatables--columns-header--border-bottom: 1px solid $ibo-color-gre
 $ibo-vendors-datatables--row--background-color--is-odd: $ibo-color-white-100 !default;
 $ibo-vendors-datatables--row--background-color--is-even: $ibo-color-white-200 !default;
 
+$ibo-vendors-datatables--row-highlight--first-cell--width: 3px !default;
+
 $ibo-vendors-datatables--row-highlight--colors:(
         'red': ($ibo-color-red-100),
-        'danger': ($ibo-color-red-200),
+        'danger': ($ibo-color-danger-200),
         'alert': ($ibo-color-red-200),
         'orange': ($ibo-color-orange-100),
-        'warning': ($ibo-color-orange-200),
+        'warning': ($ibo-color-warning-200),
         'blue': ($ibo-color-blue-200),
-        'info': ($ibo-color-blue-200),
+        'info': ($ibo-color-information-200),
+        'green': ($ibo-color-green-100),
+        'success': ($ibo-color-success-200),
+) !default;
+
+$ibo-vendors-datatables--row-highlight--first-cell--colors:(
+        'red': ($ibo-color-red-300),
+        'danger': ($ibo-color-danger-400),
+        'alert': ($ibo-color-red-400),
+        'orange': ($ibo-color-orange-300),
+        'warning': ($ibo-color-warning-400),
+        'blue': ($ibo-color-blue-400),
+        'info': ($ibo-color-information-400),
+        'green': ($ibo-color-green-300),
+        'success': ($ibo-color-success-300),
 ) !default;
 
 .dataTables_paginate {
@@ -157,4 +173,17 @@ $ibo-vendors-datatables--row-highlight--colors:(
       background-color: $sBgColor;
     }
   }
+  @each $sColorLabel, $aAttributes in $ibo-vendors-datatables--row-highlight--first-cell--colors {
+    $sBgColor: nth($aAttributes, 1);
+    tr.ibo-is-#{$sColorLabel} td:first-child::before{
+        content: "";
+        position: absolute;
+        left: 0;
+        top: 0;
+        width: 3px;
+        height: 100%;
+        background-color: $sBgColor;
+    }
+  }
+
 }

css/backoffice/vendors/_jqueryui.scss

@@ -1,6 +1,8 @@
 /*
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
+ *
+ * Combodo modification : replaced the `Alpha(` by `alpha(` to avoid warnings generated by SCSSPHP
  */
 
 /*
@@ -206,7 +208,7 @@ $ibo-vendors-jqueryui--ui-slider--ui-slider-handle--hover--border-color: $ibo-co
 	width: 100%;
 	height: 100%;
 	opacity: .6;
-	filter: Alpha(Opacity=60);
+	filter: alpha(opacity=60);
 	background-color: $ibo-vendors-jqueryui--ui-widget-overlay--background-color;
 }
 // Resiable
@@ -298,6 +300,7 @@ $ibo-vendors-jqueryui--ui-slider--ui-slider-handle--hover--border-color: $ibo-co
 // Date picker
 .ui-datepicker {
   /* Note: We can't put the padding directly here as the jQuery JS code will position it regarding its inner width, not taking the padding here into account, so it is placed in the header/calendar elements */
+  display: none;
   background-color: $ibo-vendors-jqueryui--ui-datepicker--background-color;
   border-radius: $ibo-vendors-jqueryui--ui-datepicker--border-radius;
   box-shadow: $ibo-vendors-jqueryui--ui-datepicker--box-shadow;

css/backoffice/vendors/_selectize.scss

@@ -1,4 +1,4 @@
-/*!
+/*
  * @copyright   Copyright (C) 2010-2021 Combodo SARL
  * @license     http://opensource.org/licenses/AGPL-3.0
  */

css/css-variables.scss

@@ -16,6 +16,12 @@
  * You should have received a copy of the GNU Affero General Public License
  */
 
+/********************************************************************************/
+/*                                                                              */
+/* @deprecated 3.0.0 N°5311 The backoffice now uses files from css/backoffice/* */
+/*                                                                              */
+/********************************************************************************/
+
 // Beware the version number MUST be enclosed with quotes otherwise v2.3.0 becomes v2 0.3 .0
 $version: "v2.7.7";
 $approot-relative: "../../../../" !default; // relative to env-***/branding/themes/***/main.css

css/light-grey.scss

@@ -16,6 +16,12 @@
  * You should have received a copy of the GNU Affero General Public License
  */
 
+/********************************************************************************/
+/*                                                                              */
+/* @deprecated 3.0.0 N°5311 The backoffice now uses files from css/backoffice/* */
+/*                                                                              */
+/********************************************************************************/
+
 @import 'css-variables.scss';
 
 #ibo-main-content,
@@ -2582,6 +2588,12 @@
 				}
 			}
 		}
+
+    &[data-attribute-type="AttributeDuration"] {
+      .field_value_container {
+        white-space: nowrap;
+      }
+    }
 	}
 
 	.one-col-details .details .field_container.field_small {

css/login.css

@@ -59,8 +59,8 @@ a:hover {
 	padding-right: 20px;
 	padding-top: 10px;
 	padding-bottom: 10px;
-	height: 54px;
-	margin-top: 150px;
+	height: 94px;
+	margin-top: 110px;
 }
 
 #login-content {
@@ -75,9 +75,10 @@ a:hover {
 {
 	#login-logo {
 		margin-top: 0;
+		padding-top: 0;
 	}
 	#login-content {
-		margin-top: 74px;
+		margin-top: 94px;
 	}
 	h1 {
 		margin-top: 0;
@@ -86,7 +87,7 @@ a:hover {
 
 #login-logo img {
 	border: 0;
-	max-height: 54px;
+	max-height: 94px;
 }
 
 #login-form {

css/ui-lightness/jqueryui.scss

@@ -4,6 +4,8 @@
 * To view and modify this theme, visit http://jqueryui.com/themeroller/?scope=&folderName=custom-theme&bgImgOpacityError=18&bgImgOpacityHighlight=75&bgImgOpacityActive=65&bgImgOpacityHover=100&bgImgOpacityDefault=100&bgImgOpacityContent=100&bgImgOpacityHeader=35&cornerRadiusShadow=5px&offsetLeftShadow=-5px&offsetTopShadow=-5px&thicknessShadow=5px&opacityShadow=20&bgImgOpacityShadow=10&bgTextureShadow=flat&bgColorShadow=%23000000&opacityOverlay=50&bgImgOpacityOverlay=20&bgTextureOverlay=diagonals_thick&bgColorOverlay=%23666666&iconColorError=%23ffd27a&fcError=%23ffffff&borderColorError=%23cd0a0a&bgTextureError=diagonals_thick&bgColorError=%23b81900&iconColorHighlight=%231c94c4&fcHighlight=%23363636&borderColorHighlight=%23fed22f&bgTextureHighlight=flat&bgColorHighlight=%23ffe45c&iconColorActive=%23E87C1E&fcActive=%23E87C1E&borderColorActive=%23E87C1E&bgTextureActive=flat&bgColorActive=%23ffffff&iconColorHover=%23E87C1E&fcHover=%23E87C1E&borderColorHover=%23E87C1E&bgTextureHover=flat&bgColorHover=%23fde17c&iconColorDefault=%23F26522&fcDefault=%23555555&borderColorDefault=%23cccccc&bgTextureDefault=flat&bgColorDefault=%23f1f1f1&iconColorContent=%23222222&fcContent=%23333333&borderColorContent=%23dddddd&bgTextureContent=flat&bgColorContent=%23eeeeee&iconColorHeader=%23ffffff&fcHeader=%23ffffff&borderColorHeader=%23F26522&bgTextureHeader=flat&bgColorHeader=%23E87C1E&cornerRadius=0&fwDefault=bold&fsDefault=1.1em&ffDefault=Trebuchet%20MS%2CTahoma%2CVerdana%2CArial%2Csans-serif
 * Copyright jQuery Foundation and other contributors; Licensed MIT 
 * The original css file has been scssized (through www.css2scss.com)
+*
+* Other modification done : replaced the `Alpha(` by `alpha(` to avoid warnings generated by SCSSPHP
  */
 .ui-draggable-handle {
     -ms-touch-action: none;
@@ -46,26 +48,27 @@
     }
 }
 .ui-helper-zfix {
-    width: 100%;
-    height: 100%;
-    top: 0;
-    left: 0;
-    position: absolute;
-    opacity: 0;
-    filter: Alpha(Opacity=0);
+  width: 100%;
+  height: 100%;
+  top: 0;
+  left: 0;
+  position: absolute;
+  opacity: 0;
+  filter: alpha(Opacity=0);
 }
 .ui-front {
     z-index: 100;
 }
 .ui-state-disabled {
-    cursor: default !important;
-    pointer-events: none;
-    opacity: .35;
-    filter: Alpha(Opacity=35);
-    background-image: none;
-    .ui-icon {
-        filter: Alpha(Opacity=35);
-    }
+  cursor: default !important;
+  pointer-events: none;
+  opacity: .35;
+  filter: alpha(Opacity=35);
+  background-image: none;
+
+  .ui-icon {
+    filter: alpha(Opacity=35);
+  }
 }
 .ui-icon {
     display: inline-block;
@@ -93,7 +96,7 @@
     height: 100%;
     // background: #666666 url($approot-relative + "css/ui-lightness/images/ui-bg_diagonals-thick_20_666666_40x40.png?v=" + $version) 50% 50% repeat;
     opacity: .5;
-    filter: Alpha(Opacity=50);
+    filter: alpha(Opacity=50);
 }
 .ui-resizable {
     position: relative;
@@ -1078,13 +1081,13 @@ body {
     }
     .ui-priority-secondary {
         opacity: .7;
-        filter: Alpha(Opacity=70);
+        filter: alpha(Opacity=70);
         //font-weight: normal;
     }
     .ui-state-disabled {
-        opacity: .35;
-        filter: Alpha(Opacity=35);
-        background-image: none;
+      opacity: .35;
+      filter: alpha(Opacity=35);
+      background-image: none;
     }
     .ui-icon {
         background-image: url($approot-relative + "css/ui-lightness/images/ui-icons_222222_256x240.png?v=" + $version);
@@ -1148,13 +1151,13 @@ body {
     }
     .ui-priority-secondary {
         opacity: .7;
-        filter: Alpha(Opacity=70);
+        filter: alpha(Opacity=70);
         //font-weight: normal;
     }
     .ui-state-disabled {
-        opacity: .35;
-        filter: Alpha(Opacity=35);
-        background-image: none;
+      opacity: .35;
+      filter: alpha(Opacity=35);
+      background-image: none;
     }
     .ui-icon {
         background-image: url($approot-relative + "css/ui-lightness/images/ui-icons_ffffff_256x240.png?v=" + $version);
@@ -1362,7 +1365,7 @@ a {
 }
 .ui-priority-secondary {
     opacity: .7;
-    filter: Alpha(Opacity=70);
+    filter: alpha(Opacity=70);
     //font-weight: normal;
 }
 .ui-icon-blank {

css/unauthenticated.css

@@ -14,34 +14,4 @@
  * GNU Affero General Public License for more details.
  *
  * You should have received a copy of the GNU Affero General Public License
- */
-body {
-  display: block;
-}
-/* Landing page */
-#uwp-main-container {
-  margin-top: 40px;
-}
-#uwp-main-container #uwp-logo, #uwp-main-container #uwp-title {
-  vertical-align: middle;
-}
-#uwp-main-container #uwp-title {
-  margin-left: 25px;
-  font-size: 20px;
-  font-weight: bold;
-}
-#uwp-main-container #uwp-description {
-  margin-bottom: 25px;
-}
-#uwp-main-container .uwp-text-hint--icon {
-  font-size: 12px;
-  margin-left: 5px;
-  color: #939191;
-}
-#uwp-main-container #uwp-bottom-buttons {
-  margin-top: 25px;
-  text-align: right;
-}
-#uwp-main-container #uwp-bottom-buttons .btn ~ .btn {
-  margin-left: 8px;
-}
+ */body{display:block}#uwp-main-container{margin-top:40px}#uwp-main-container #uwp-logo,#uwp-main-container #uwp-title{vertical-align:middle;max-height:74px}#uwp-main-container #uwp-title{margin-left:25px;font-size:20px;font-weight:bold}#uwp-main-container #uwp-description{margin-bottom:25px}#uwp-main-container .uwp-text-hint--icon{font-size:12px;margin-left:5px;color:#939191}#uwp-main-container #uwp-bottom-buttons{margin-top:25px;text-align:right}#uwp-main-container #uwp-bottom-buttons .btn~.btn{margin-left:8px}

css/unauthenticated.scss

@@ -29,6 +29,7 @@ body{
   #uwp-logo,
   #uwp-title{
     vertical-align: middle;
+    max-height: 74px;
   }
   #uwp-title{
     margin-left: 25px;

datamodels/2.x/authent-cas/dictionaries/nl.dict.authent-cas.php

@@ -4,7 +4,7 @@
  *
  * @copyright   Copyright (C) 2013 XXXXX
  * @license     http://opensource.org/licenses/AGPL-3.0
- * @author Jeffrey Bostoen - <jbostoen.itop@outlook.com> (2018 - 2020)
+ * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
  */
 Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'CAS:Error:UserNotAllowed' => 'Gebruiker heeft onvoldoende rechten.',

datamodels/2.x/authent-cas/dictionaries/pl.dict.authent-cas.php

@@ -1,13 +1,13 @@
-<?php
-/**
- * Localized data
- *
- * @copyright   Copyright (C) 2013 XXXXX
- * @license     http://opensource.org/licenses/AGPL-3.0
- */
-
-Dict::Add('PL PL', 'Polish', 'Polski', array(
-	'CAS:Error:UserNotAllowed' => 'Użytkownik niedozwolony',
-	'CAS:Login:SignIn' => 'Zaloguj się za pomocą CAS',
-	'CAS:Login:SignInTooltip' => 'Kliknij tutaj, aby uwierzytelnić się na serwerze CAS',
-));
+<?php
+/**
+ * Localized data
+ *
+ * @copyright   Copyright (C) 2013 XXXXX
+ * @license     http://opensource.org/licenses/AGPL-3.0
+ */
+
+Dict::Add('PL PL', 'Polish', 'Polski', array(
+	'CAS:Error:UserNotAllowed' => 'Użytkownik niedozwolony',
+	'CAS:Login:SignIn' => 'Zaloguj się za pomocą CAS',
+	'CAS:Login:SignInTooltip' => 'Kliknij tutaj, aby uwierzytelnić się na serwerze CAS',
+));

datamodels/2.x/authent-cas/module.authent-cas.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-cas/3.0.1',
+	'authent-cas/3.0.2',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-external/dictionaries/de.dict.authent-external.php

@@ -20,9 +20,9 @@
 
 * @copyright     Copyright (C) 2021 Combodo SARL
 * @licence	http://opensource.org/licenses/AGPL-3.0
-*		
+*
 */
 Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserExternal' => 'Externer Benutzer',
-	'Class:UserExternal+' => 'Externe authentifizierter '.ITOP_APPLICATION_SHORT.'-Benutzer',
+	'Class:UserExternal+' => 'Extern authentifizierter '.ITOP_APPLICATION_SHORT.'-Benutzer',
 ));

datamodels/2.x/authent-external/dictionaries/nl.dict.authent-external.php

@@ -4,7 +4,7 @@
  *
  * @copyright Copyright (C) 2010-2021 Combodo SARL
  * @license	http://opensource.org/licenses/AGPL-3.0
- * @author Jeffrey Bostoen - <jbostoen.itop@outlook.com> (2018 - 2020)
+ * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
  *
  * This file is part of iTop.
  *

datamodels/2.x/authent-external/module.authent-external.php

@@ -27,7 +27,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-external/3.0.1',
+	'authent-external/3.0.2',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-ldap/datamodel.authent-ldap.xml

@@ -27,7 +27,9 @@
                     </attributes>
                 </naming>
                 <display_template/>
-                <icon/>
+                <style>
+                  <icon/>
+                </style>
                 <reconciliation>
                     <attributes>
                         <attribute id="login"/>

datamodels/2.x/authent-ldap/dictionaries/nl.dict.authent-ldap.php

@@ -5,7 +5,7 @@
  * @copyright Copyright (C) 2010-2021 Combodo SARL
  * @license	http://opensource.org/licenses/AGPL-3.0
  * @author Hipska (2019)
- * @author Jeffrey Bostoen - <jbostoen.itop@outlook.com> (2018 - 2020)
+ * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
  *
  * This file is part of iTop.
  *

datamodels/2.x/authent-ldap/dictionaries/pl.dict.authent-ldap.php

@@ -1,41 +1,41 @@
-<?php
-/**
- * Localized data
- *
- * @copyright Copyright (C) 2010-2018 Combodo SARL
- * @license    http://opensource.org/licenses/AGPL-3.0
- *
- * This file is part of iTop.
- *
- * iTop is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * iTop is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with iTop. If not, see <http://www.gnu.org/licenses/>
- */
-
-// Dictionnay conventions
-// Class:<class_name>
-// Class:<class_name>+
-// Class:<class_name>/Attribute:<attribute_code>
-// Class:<class_name>/Attribute:<attribute_code>+
-// Class:<class_name>/Attribute:<attribute_code>/Value:<value>
-// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
-// Class:<class_name>/Stimulus:<stimulus_code>
-// Class:<class_name>/Stimulus:<stimulus_code>+
-
-//
-// Class: UserLDAP
-//
-
-Dict::Add('PL PL', 'Polish', 'Polski', array(
-	'Class:UserLDAP' => 'Użytkownik LDAP',
-	'Class:UserLDAP+' => 'Użytkownik uwierzytelniony przez LDAP',
-));
+<?php
+/**
+ * Localized data
+ *
+ * @copyright Copyright (C) 2010-2018 Combodo SARL
+ * @license    http://opensource.org/licenses/AGPL-3.0
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with iTop. If not, see <http://www.gnu.org/licenses/>
+ */
+
+// Dictionnay conventions
+// Class:<class_name>
+// Class:<class_name>+
+// Class:<class_name>/Attribute:<attribute_code>
+// Class:<class_name>/Attribute:<attribute_code>+
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>
+// Class:<class_name>/Attribute:<attribute_code>/Value:<value>+
+// Class:<class_name>/Stimulus:<stimulus_code>
+// Class:<class_name>/Stimulus:<stimulus_code>+
+
+//
+// Class: UserLDAP
+//
+
+Dict::Add('PL PL', 'Polish', 'Polski', array(
+	'Class:UserLDAP' => 'Użytkownik LDAP',
+	'Class:UserLDAP+' => 'Użytkownik uwierzytelniony przez LDAP',
+));

datamodels/2.x/authent-ldap/module.authent-ldap.php

@@ -9,7 +9,7 @@ if (function_exists('ldap_connect'))
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-ldap/3.0.1',
+	'authent-ldap/3.0.2',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-local/dictionaries/de.dict.authent-local.php

@@ -20,7 +20,7 @@
 
 * @copyright     Copyright (C) 2021 Combodo SARL
 * @licence	http://opensource.org/licenses/AGPL-3.0
-*		
+*
 */
 Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Class:UserLocal' => ITOP_APPLICATION_SHORT.'-Benutzer',
@@ -44,5 +44,5 @@ Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Das Passwort entspricht nicht dem in den Konfigurationsregeln hinterlegten RegEx-Ausdruck',
 
 	'UserLocal:password:expiration' => 'Die folgenden Felder benötigen eine '.ITOP_APPLICATION_SHORT.' Erweiterung',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Das setzen des Passwortablaufs auf "Einmalpasswort" ist für den eigenen Benutzer nicht erlaubt.',
 ));

datamodels/2.x/authent-local/dictionaries/es_cr.dict.authent-local.php

@@ -48,13 +48,13 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Expirado',
 	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-time Password~~',
-	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
+	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Contraseña de un solo uso',
+	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'El usuario no puede cambiar la contraseña.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Renovación de contraseña',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Cuando fue el último cambio de contraseña',
 
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'La contraseña debe ser de al menos 8 caracteres e incluír mayúsculas, minúsculas, números y caracteres especiales.',
 
 	'UserLocal:password:expiration' => 'El siguiente campo requiere una extensión',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Configurar expiración de contraseña para "ontraseña de un solo uso" no está permitido para su propio Usuario',
 ));

datamodels/2.x/authent-local/dictionaries/nl.dict.authent-local.php

@@ -4,7 +4,7 @@
  *
  * @copyright Copyright (C) 2010-2021 Combodo SARL
  * @license	http://opensource.org/licenses/AGPL-3.0
- * @author Jeffrey Bostoen - <jbostoen.itop@outlook.com> (2018 - 2020)
+ * @author Jeffrey Bostoen <info@jeffreybostoen.be> (2018 - 2022)
  *
  * This file is part of iTop.
  *
@@ -38,13 +38,13 @@ Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
 	'Class:UserLocal/Attribute:expiration/Value:never_expire+' => '',
 	'Class:UserLocal/Attribute:expiration/Value:force_expire' => 'Moet veranderd worden',
 	'Class:UserLocal/Attribute:expiration/Value:force_expire+' => '',
-	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'One-time Password~~',
-	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'Password cannot be changed by the user.~~',
+	'Class:UserLocal/Attribute:expiration/Value:otp_expire' => 'Eenmalig wachtwoord',
+	'Class:UserLocal/Attribute:expiration/Value:otp_expire+' => 'De gebruiker kan dit wachtwoord niet veranderen.',
 	'Class:UserLocal/Attribute:password_renewed_date' => 'Wachtwoord laatst aangepast',
 	'Class:UserLocal/Attribute:password_renewed_date+' => 'Tijdstip waarop het wachtwoord het laatst aangepast werd.',
 
 	'Error:UserLocalPasswordValidator:UserPasswordPolicyRegex:ValidationFailed' => 'Het wachtwoord bestaat uit minstens 8 tekens en bestaat uit een mix van minstens 1 hoofdletter, kleine letter, cijfer en speciaal teken.',
 
 	'UserLocal:password:expiration' => 'De velden hieronder vereisen een extensie.',
-	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Setting password expiration to "One-time password" is not allowed for your own User~~',
+	'Class:UserLocal/Error:OneTimePasswordChangeIsNotAllowed' => 'Je kan geen eenmalig wachtwoord instellen voor je eigen gebruiker.',
 ));

datamodels/2.x/authent-local/module.authent-local.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-local/3.0.1',
+	'authent-local/3.0.2',
 	array(
 		// Identification
 		//

datamodels/2.x/combodo-backoffice-darkmoon-theme/dictionaries/de.dict.combodo-backoffice-darkmoon-theme.php

@@ -22,5 +22,5 @@
  */
 
 Dict::Add('DE DE', 'German', 'Deutsch', array(
-	'theme:darkmoon' => 'Dark moon~~',
-));
+	'theme:darkmoon' => 'Dark moon',
+));

datamodels/2.x/combodo-backoffice-darkmoon-theme/dictionaries/es_cr.dict.combodo-backoffice-darkmoon-theme.php

@@ -22,5 +22,5 @@
  */
 
 Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
-	'theme:darkmoon' => 'Dark moon~~',
+	'theme:darkmoon' => 'Luna Obscura',
 ));

datamodels/2.x/combodo-backoffice-darkmoon-theme/dictionaries/nl.dict.combodo-backoffice-darkmoon-theme.php

@@ -22,5 +22,5 @@
  */
 
 Dict::Add('NL NL', 'Dutch', 'Nederlands', array(
-	'theme:darkmoon' => 'Dark moon~~',
+	'theme:darkmoon' => 'Dark moon',
 ));

datamodels/2.x/combodo-backoffice-darkmoon-theme/dictionaries/pl.dict.combodo-backoffice-darkmoon-theme.php

@@ -0,0 +1,25 @@
+<?php
+/**
+ * Localized data
+ *
+ * @copyright Copyright (C) 2010-2021 Combodo SARL
+ * @license    http://opensource.org/licenses/AGPL-3.0
+ *
+ * This file is part of iTop.
+ *
+ * iTop is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * iTop is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with iTop. If not, see <http://www.gnu.org/licenses/>
+ */
+Dict::Add('PL PL', 'Polish', 'Polski', array(
+	'theme:darkmoon' => 'Dark moon~~',
+));

datamodels/2.x/combodo-backoffice-darkmoon-theme/module.combodo-backoffice-darkmoon-theme.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'combodo-backoffice-darkmoon-theme/3.0.1',
+	'combodo-backoffice-darkmoon-theme/3.0.2',
 	array(
 		// Identification
 		//

datamodels/2.x/combodo-db-tools/dbtools.php

@@ -359,9 +359,7 @@ function DisplayLostAttachments(iTopWebPage &$oP, ApplicationContext &$oAppConte
 					$sHistoryEntry = Dict::Format('DBTools:LostAttachments:History', $oOrmDocument->GetFileName());
 					CMDBObject::SetTrackInfo(UserRights::GetUserFriendlyName());
 					$oChangeOp = MetaModel::NewObject('CMDBChangeOpPlugin');
-					/** @var \Change $oChange */
-					$oChange = CMDBObject::GetCurrentChange();
-					$oChangeOp->Set('change', $oChange->GetKey());
+					// CMDBChangeOp.change will be automatically filled
 					$oChangeOp->Set('objclass', $sTargetClass);
 					$oChangeOp->Set('objkey', $sTargetId);
 					$oChangeOp->Set('description', $sHistoryEntry);

datamodels/2.x/combodo-db-tools/dictionaries/de.dict.combodo-db-tools.php

@@ -24,7 +24,7 @@ Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'DBTools:Class' => 'Klasse',
 	'DBTools:Title' => 'Datenbankpflege-Tools',
 	'DBTools:ErrorsFound' => 'Fehler gefunden',
-	'DBTools:Indication' => 'Wichtig: Nach dem Fixen der Errors in der Datenbank müssen Sie die Analyse erneut laufen lassen, weil durch die Fixes eventuell weitere Inkonsistenzen enstanden sind',
+	'DBTools:Indication' => 'Wichtig: Nach dem Fixen der Errors in der Datenbank müssen Sie die Analyse erneut laufen lassen, weil durch die Fixes eventuell weitere Inkonsistenzen entstanden sind',
 	'DBTools:Disclaimer' => 'DISCLAIMER: FERTIGEN SIE EIN BACKUP IHRER DATENBANK AN, BEVOR SIE DIE FIXES ANWENDEN!',
 	'DBTools:Error' => 'Fehler',
 	'DBTools:Count' => 'Anzahl',
@@ -51,7 +51,7 @@ Dict::Add('DE DE', 'German', 'Deutsch', array(
 	'DBAnalyzer-Integrity-MissingExtKey' => 'Fehlender Externer Key %1$s (Spalte: `%2$s.%3$s`)',
 	'DBAnalyzer-Integrity-InvalidValue' => 'Ungültiger Wert für %1$s (Spalte: `%2$s.%3$s`)',
 	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Manche Benutzerkonten haben keinerlei zugewiesenes Profil',
-	'DBAnalyzer-Integrity-HKInvalid' => 'Broken hierarchical key `%1$s`~~',
+	'DBAnalyzer-Integrity-HKInvalid' => 'Kaputter hierarchischer Schlüssel `%1$s`',
 	'DBAnalyzer-Fetch-Count-Error' => 'Fetch-Count-Fehler in `%1$s`, %2$d Einträge geholt (fetched) / %3$d gezählt',
 	'DBAnalyzer-Integrity-FinalClass' => 'Das Feld `%2$s`.`%1$s` muss den gleichen Wert `%3$s`.`%1$s` haben',
 	'DBAnalyzer-Integrity-RootFinalClass' => 'Das Feld `%2$s`.`%1$s` muss eine gültige Klasse enthalten',

datamodels/2.x/combodo-db-tools/dictionaries/es_cr.dict.combodo-db-tools.php

@@ -28,8 +28,8 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'DBTools:Class' => 'Clase',
 	'DBTools:Title' => 'Herramientas de Mantenimiento de Base de Datos',
 	'DBTools:ErrorsFound' => 'Errores encontrados',
-	'DBTools:Indication' => 'Important: after fixing errors in the database you\'ll have to run the analysis again as new inconsistencies will be generated~~',
-	'DBTools:Disclaimer' => 'DISCLAIMER: BACKUP YOUR DATABASE BEFORE RUNNING THE FIXES~~',
+	'DBTools:Indication' => 'Importante: después de corregir los errores en la base de datos, deberá ejecutar el análisis nuevamente ya que se generarán nuevas inconsistencias.',
+	'DBTools:Disclaimer' => 'ADVERTENCIA: HAGA UNA COPIA DE SEGURIDAD DE SU BASE DE DATOS ANTES DE EJECUTAR LAS CORRECCIONES',
 	'DBTools:Error' => 'Error',
 	'DBTools:Count' => 'Cantidad',
 	'DBTools:SQLquery' => 'Consulta SQL',
@@ -41,21 +41,21 @@ Dict::Add('ES CR', 'Spanish', 'Español, Castellano', array(
 	'DBTools:ShowReport' => 'Reporte',
 	'DBTools:IntegrityCheck' => 'Verificación de integridad',
 	'DBTools:FetchCheck' => 'Verificación de búsqueda (larga)',
-	'DBTools:SelectAnalysisType' => 'Select analysis type~~',
+	'DBTools:SelectAnalysisType' => 'Seleccionar tipo de análisis',
 
 	'DBTools:Analyze' => 'Analizar',
 	'DBTools:Details' => 'Mostrar detalles',
 	'DBTools:ShowAll' => 'Mostrar todos los errores',
 
 	'DBTools:Inconsistencies' => 'Inconsistencias de Base de Datos',
-	'DBTools:DetailedErrorTitle' => '%2$s error(s) in class %1$s: %3$s~~',
+	'DBTools:DetailedErrorTitle' => '%2$s error(es) en clase %1$s: %3$s',
 
 	'DBAnalyzer-Integrity-OrphanRecord' => 'Registro huérfano en `%1$s`, debería tener su contraparte en la tabla `%2$s`',
 	'DBAnalyzer-Integrity-InvalidExtKey' => 'Llave externa inválida %1$s (columna: `%2$s.%3$s`)',
 	'DBAnalyzer-Integrity-MissingExtKey' => 'Llave externa perdida %1$s (columna: `%2$s.%3$s`)',
 	'DBAnalyzer-Integrity-InvalidValue' => 'Valor inválido para %1$s (columna: `%2$s.%3$s`)',
 	'DBAnalyzer-Integrity-UsersWithoutProfile' => 'Algunas cuentas de usuario no tienen perfil asignado',
-	'DBAnalyzer-Integrity-HKInvalid' => 'Broken hierarchical key `%1$s`~~',
+	'DBAnalyzer-Integrity-HKInvalid' => 'Clave jerárquica rota `%1$s`',
 	'DBAnalyzer-Fetch-Count-Error' => 'Obtener cuenta de errores en `%1$s`, %2$d entradas recuperadas / %3$d contadas',
 	'DBAnalyzer-Integrity-FinalClass' => 'Campo `%2$s`.`%1$s` debe tener los mismos valores que `%3$s`.`%1$s`',
 	'DBAnalyzer-Integrity-RootFinalClass' => 'Campo `%2$s`.`%1$s` debe contener un caracter válido',