Merge branch 'support/2.7' into support/3.1

# Conflicts:
#	datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php

.github/workflows/action.yml

@@ -0,0 +1,43 @@
+name: Add PRs to Combodo PRs Dashboard
+
+on:
+  pull_request_target:
+    types:
+      - opened
+
+jobs:
+  add-to-project:
+    name: Add PR to Combodo Project
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if author is a member of the organization
+        id: check-membership
+        run: |
+          ORG="Combodo"
+          AUTHOR=$(jq -r .pull_request.user.login "$GITHUB_EVENT_PATH")
+          RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: token ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}" \
+            "https://api.github.com/orgs/$ORG/members/$AUTHOR")
+          if [ "$RESPONSE" == "404" ]; then
+            echo "project_url=https://github.com/orgs/Combodo/projects/5" >> $GITHUB_ENV
+            echo "is_member=false" >> $GITHUB_ENV
+          else
+            echo "project_url=https://github.com/orgs/Combodo/projects/4" >> $GITHUB_ENV
+            echo "is_member=true" >> $GITHUB_ENV
+
+          fi
+
+      - name: Add internal tag if member
+        if: env.is_member == 'true'
+        run: |
+          curl -X POST -H "Authorization: token ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/Combodo/iTop/issues/${{ github.event.pull_request.number }}/labels \
+            -d '{"labels":["internal"]}'
+        env:
+          is_member: ${{ env.is_member }}
+
+      - name: Add PR to the appropriate project
+        uses: actions/add-to-project@v1.0.2
+        with:
+          project-url: ${{ env.project_url }}
+          github-token: ${{ secrets.PR_AUTOMATICALLY_ADD_TO_PROJECT }}

application/cmdbabstract.class.inc.php

@@ -1115,7 +1115,9 @@ HTML
 
 		// Note: DisplayBareHeader is called before adding $oObjectDetails to the page, so it can inject HTML before it through $oPage.
 		/** @var \iTopWebPage $oPage */
+		$oKPI = new ExecutionKPI();
 		$aHeadersBlocks = $this->DisplayBareHeader($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareHeader');
 		if (false === empty($aHeadersBlocks['subtitle'])) {
 			$oObjectDetails->AddSubTitleBlocks($aHeadersBlocks['subtitle']);
 		}
@@ -1128,8 +1130,12 @@ HTML
 		$oPage->AddTabContainer(OBJECT_PROPERTIES_TAB, '', $oObjectDetails);
 		$oPage->SetCurrentTabContainer(OBJECT_PROPERTIES_TAB);
 		$oPage->SetCurrentTab('UI:PropertiesTab');
+		$oKPI = new ExecutionKPI();
 		$this->DisplayBareProperties($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareProperties');
+		$oKPI = new ExecutionKPI();
 		$this->DisplayBareRelations($oPage, $bEditMode);
+		$oKPI->ComputeStatsForExtension($this, 'DisplayBareRelations');
 
 
 		// Note: Adding the JS snippet which enables the image upload should have been done directly by the ActivityPanel which would have kept the independance principle
@@ -6100,7 +6106,9 @@ JS
 		// We want to avoid launching the listener twice, first here, and secondly after saving the Ticket in the listener
 		// By disabling the event to be fired, we can remove the current object from the attribute !
 		$oObject = MetaModel::GetObject($sClass, $sId, false);
-		self::FireEventDbLinksChangedForObject($oObject);
+		if (!is_null($oObject)) {
+			self::FireEventDbLinksChangedForObject($oObject);
+		}
 		self::RemoveObjectAwaitingEventDbLinksChanged($sClass, $sId);
 	}
 
@@ -6108,13 +6116,11 @@ JS
 	{
 		self::SetEventDBLinksChangedBlocked(true);
 		// N°6408 The object can have been deleted
-		if (!is_null($oObject)) {
-			$oObject->FireEvent(EVENT_DB_LINKS_CHANGED);
+		$oObject->FireEvent(EVENT_DB_LINKS_CHANGED);
 
-			// Update the object if needed
-			if (count($oObject->ListChanges()) !== 0) {
-				$oObject->DBUpdate();
-			}
+		// Update the object if needed
+		if (count($oObject->ListChanges()) !== 0) {
+			$oObject->DBUpdate();
 		}
 		cmdbAbstractObject::SetEventDBLinksChangedBlocked(false);
 	}

application/dashboard.class.inc.php

@@ -1264,12 +1264,12 @@ EOF
 		$sOkButtonLabel = Dict::S('UI:Button:Save');
 		$sCancelButtonLabel = Dict::S('UI:Button:Cancel');
 		
-		$sId = utils::HtmlEntities($this->sId);
-		$sLayoutClass = utils::HtmlEntities($this->sLayoutClass);
+		$sId = json_encode($this->sId);
+		$sLayoutClass = json_encode($this->sLayoutClass);
 		$sAutoReload = $this->bAutoReload ? 'true' : 'false';
 		$sAutoReloadSec = (string) $this->iAutoReloadSec;
-		$sTitle = utils::HtmlEntities($this->sTitle);
-		$sFile = utils::HtmlEntities($this->GetDefinitionFile());
+		$sTitle = json_encode($this->sTitle);
+		$sFile = json_encode($this->GetDefinitionFile());
 		$sUrl = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php';
 		$sReloadURL = $this->GetReloadURL();
 
@@ -1325,15 +1325,15 @@ $('#dashboard_editor').dialog({
 });
 
 $('#dashboard_editor .ui-layout-center').runtimedashboard({
-	dashboard_id: '$sId', 
-	layout_class: '$sLayoutClass', 
-	title: '$sTitle',
+	dashboard_id: $sId, 
+	layout_class: $sLayoutClass, 
+	title: $sTitle,
 	auto_reload: $sAutoReload, 
 	auto_reload_sec: $sAutoReloadSec,
 	submit_to: '$sUrl', 
-	submit_parameters: {operation: 'save_dashboard', file: '$sFile', extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
+	submit_parameters: {operation: 'save_dashboard', file: $sFile, extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
 	render_to: '$sUrl', 
-	render_parameters: {operation: 'render_dashboard', file: '$sFile', extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
+	render_parameters: {operation: 'render_dashboard', file: $sFile, extra_params: $sJSExtraParams, reload_url: '$sReloadURL'},
 	new_dashlet_parameters: {operation: 'new_dashlet'}
 });
 

application/displayblock.class.inc.php

@@ -704,7 +704,7 @@ class DisplayBlock
 				if ($bDoSearch)
 				{
 					// Keep the table_id identifying this table if we're performing a search
-					$sTableId = utils::ReadParam('_table_id_', null, false, 'raw_data');
+					$sTableId = utils::ReadParam('_table_id_', null, false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 					if ($sTableId != null)
 					{
 						$aExtraParams['table_id'] = $sTableId;

application/utils.inc.php

@@ -109,6 +109,11 @@ class utils
 	 * @since 2.7.10 3.0.0
 	 */
 	public const ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER = 'element_identifier';
+	/**
+	 * @var string For XML / HTML node id/class selector
+	 * @since 3.1.2 3.2.1
+	 */
+	public const ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR = 'element_selector';
 	/**
 	 * @var string For variables names
 	 * @since 3.0.0
@@ -489,8 +494,17 @@ class utils
 				}
 				break;
 
+			// For XML / HTML node identifiers
 			case static::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER:
 				$retValue = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
+				$retValue = filter_var($retValue, FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[A-Za-z0-9][A-Za-z0-9_-]*$/']]);
+				break;
+
+			// For XML / HTML node id selector
+			case static::ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR:
+				$retValue = filter_var($value, FILTER_VALIDATE_REGEXP,
+					['options' => ['regexp' => '/^[#\.][A-Za-z0-9][A-Za-z0-9_-]*$/']]);
 				break;
 
 			case static::ENUM_SANITIZATION_FILTER_VARIABLE_NAME:

approot.inc.php

@@ -23,7 +23,7 @@ define('ITOP_DESIGN_LATEST_VERSION', '3.1');
  * @used-by utils::GetItopVersionWikiSyntax()
  * @used-by iTopModulesPhpVersionIntegrationTest
  */
-define('ITOP_CORE_VERSION', '3.1.1');
+define('ITOP_CORE_VERSION', '3.1.3');
 
 /**
  * @var string

core/email.class.inc.php

@@ -145,7 +145,7 @@ class EMail implements iEMail
 	 */
 	public function SetInReplyTo(string $sMessageId)
 	{
-		$this->AddToHeader('In-Reply-To', $sMessageId);
+		$this->oMailer->SetInReplyTo($sMessageId);
 	}
 
 	public function SetBody($sBody, $sMimeType = 'text/html', $sCustomStyles = null)

datamodels/2.x/authent-cas/module.authent-cas.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-cas/3.1.1',
+	'authent-cas/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-external/module.authent-external.php

@@ -27,7 +27,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-external/3.1.1',
+	'authent-external/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-ldap/module.authent-ldap.php

@@ -9,7 +9,7 @@ if (function_exists('ldap_connect'))
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-ldap/3.1.1',
+	'authent-ldap/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/authent-local/module.authent-local.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'authent-local/3.1.1',
+	'authent-local/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/combodo-backoffice-darkmoon-theme/module.combodo-backoffice-darkmoon-theme.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'combodo-backoffice-darkmoon-theme/3.1.1',
+	'combodo-backoffice-darkmoon-theme/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/combodo-db-tools/module.combodo-db-tools.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'combodo-db-tools/3.1.1',
+	'combodo-db-tools/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-attachments/module.itop-attachments.php

@@ -19,7 +19,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-attachments/3.1.1',
+	'itop-attachments/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-backup/module.itop-backup.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-backup/3.1.1',
+	'itop-backup/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-cmdb-services/module.itop-bridge-cmdb-services.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-cmdb-services/3.1.1',
+	'itop-bridge-cmdb-services/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-cmdb-ticket/module.itop-bridge-cmdb-ticket.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-cmdb-ticket/3.1.1',
+	'itop-bridge-cmdb-ticket/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-datacenter-mgmt-services/module.itop-bridge-datacenter-mgmt-services.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-datacenter-mgmt-services/3.1.1',
+	'itop-bridge-datacenter-mgmt-services/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-endusers-devices-services/module.itop-bridge-endusers-devices-services.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-endusers-devices-services/3.1.1',
+	'itop-bridge-endusers-devices-services/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-storage-mgmt-services/module.itop-bridge-storage-mgmt-services.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-storage-mgmt-services/3.1.1',
+	'itop-bridge-storage-mgmt-services/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-virtualization-mgmt-services/module.itop-bridge-virtualization-mgmt-services.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-virtualization-mgmt-services/3.1.1',
+	'itop-bridge-virtualization-mgmt-services/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-bridge-virtualization-storage/module.itop-bridge-virtualization-storage.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-bridge-virtualization-storage/3.1.1',
+	'itop-bridge-virtualization-storage/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-change-mgmt-itil/module.itop-change-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt-itil/3.1.1',
+	'itop-change-mgmt-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-change-mgmt/module.itop-change-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-change-mgmt/3.1.1',
+	'itop-change-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-config-mgmt/module.itop-config-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config-mgmt/3.1.1',
+	'itop-config-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-config/module.itop-config.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-config/3.1.1',
+	'itop-config/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-core-update/module.itop-core-update.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-core-update/3.1.1',
+	'itop-core-update/3.1.3',
 	[
 		// Identification
 		//

datamodels/2.x/itop-datacenter-mgmt/module.itop-datacenter-mgmt.php

@@ -18,7 +18,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-datacenter-mgmt/3.1.1',
+	'itop-datacenter-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-endusers-devices/module.itop-endusers-devices.php

@@ -25,7 +25,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-endusers-devices/3.1.1',
+	'itop-endusers-devices/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-faq-light/module.itop-faq-light.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-faq-light/3.1.1',
+	'itop-faq-light/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-files-information/module.itop-files-information.php

@@ -24,7 +24,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-files-information/3.1.1',
+	'itop-files-information/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-full-itil/module.itop-full-itil.php

@@ -6,7 +6,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-full-itil/3.1.1',
+	'itop-full-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-hub-connector/module.itop-hub-connector.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-hub-connector/3.1.1',
+	'itop-hub-connector/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-incident-mgmt-itil/module.itop-incident-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-incident-mgmt-itil/3.1.1',
+	'itop-incident-mgmt-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-knownerror-mgmt/module.itop-knownerror-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-knownerror-mgmt/3.1.1',
+	'itop-knownerror-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-oauth-client/module.itop-oauth-client.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-oauth-client/3.1.1',
+	'itop-oauth-client/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-portal-base/module.itop-portal-base.php

@@ -20,7 +20,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-portal-base/3.1.1', array(
+	'itop-portal-base/3.1.3', array(
 	// Identification
 	'label' => 'Portal Development Library',
 		'category' => 'Portal',

datamodels/2.x/itop-portal-base/portal/config/routes/user_profile_brick.yaml

@@ -15,6 +15,11 @@
 #  You should have received a copy of the GNU Affero General Public License
 #  along with iTop. If not, see <http://www.gnu.org/licenses/>
 
+p_user_profile_brick_edit_person:
+  path: '/user/edit_person'
+  defaults:
+    _controller: 'Combodo\iTop\Portal\Controller\UserProfileBrickController::EditPerson'
+
 p_user_profile_brick:
   path: '/user/{sBrickId}'
   defaults:

datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php

@@ -1334,6 +1334,11 @@ class ObjectController extends BrickController
 		$bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
 		$aParams = array('objects_id' => $aObjectIds);
 		$oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)");
+		if (!$oScopeValidator->AddScopeToQuery($oSearch, $sObjectClass)
+		) {
+			IssueLog::Warning(__METHOD__ . ' at line ' . __LINE__ . ' : User #' . UserRights::GetUserId() . ' not allowed to read ' . $sObjectClass . ' object.');
+			throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+		}
 		if ($bIgnoreSilos === true) {
 			$oSearch->AllowAllData();
 		}
@@ -1389,6 +1394,10 @@ class ObjectController extends BrickController
 		$aObjectAttCodes = $oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
 		$aLinkAttCodes = $oRequestManipulator->ReadParam('aLinkAttCodes', array(), FILTER_UNSAFE_RAW);
 		$sDateTimePickerWidgetParent = $oRequestManipulator->ReadParam('sDateTimePickerWidgetParent', array(), FILTER_UNSAFE_RAW);
+		if (!MetaModel::IsLinkClass($sLinkClass)) {
+			IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' asked for wrong lnk class '.$sLinkClass);
+			throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+		}
 
 		if (empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes)) {
 			IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass, aObjectIds and aObjectAttCodes expected, "'.$sObjectClass.'", "'.implode('/',
@@ -1400,7 +1409,12 @@ class ObjectController extends BrickController
 		$bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
 		$aParams = array('objects_id' => $aObjectIds);
 		$oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)");
-		if ($bIgnoreSilos === true)
+        if (!$oScopeValidator->AddScopeToQuery($oSearch, $sObjectClass)
+        ) {
+            IssueLog::Warning(__METHOD__ . ' at line ' . __LINE__ . ' : User #' . UserRights::GetUserId() . ' not allowed to read ' . $sObjectClass . ' object.');
+            throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+        }
+        if ($bIgnoreSilos === true)
 		{
 			$oSearch->AllowAllData();
 		}
@@ -1418,10 +1432,35 @@ class ObjectController extends BrickController
 			// Prepare link data
 			$aObjectData = $this->PrepareObjectInformation($oObject, $aObjectAttCodes);
 			// New link object (needed for renderers)
-			$oNewLink = new $sLinkClass();
+			$aAttCodes = MetaModel::GetAttributesList($sLinkClass, ['AttributeExternalKey']);
+			$sAttCodeToObject = '';
+			foreach ($aAttCodes as $sAttCode) {
+				$oAttDef = MetaModel::GetAttributeDef($sLinkClass, $sAttCode);
+				/** @var \AttributeExternalKey $oAttDef */
+				if ($oAttDef->GetTargetClass() === $sObjectClass) {
+					$sAttCodeToObject = $sAttCode;
+				}
+			}
+			if ($sAttCodeToObject === '') {
+				IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' asked for incoherent lnk class '.$sLinkClass.' with object class '.$sObjectClass);
+				throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+			}
+			$oNewLink = MetaModel::NewObject($sLinkClass, [
+				$sAttCodeToObject => $oObject->GetKey(), // so later placeholders in filters will be applied on external keys on the same link
+			]);
 			foreach ($aLinkAttCodes as $sAttCode) {
 				$oAttDef = MetaModel::GetAttributeDef($sLinkClass, $sAttCode);
+				/** @var \Combodo\iTop\Form\Field\SelectObjectField $oField */
 				$oField = $oAttDef->MakeFormField($oNewLink);
+				if ($oAttDef::GetFormFieldClass() === '\\Combodo\\iTop\\Form\\Field\\SelectObjectField') {
+					$oFieldSearch = $oField->GetSearch();
+					$sFieldClass = $oFieldSearch->GetClass();
+					if ($oScopeValidator->AddScopeToQuery($oFieldSearch, $sFieldClass)){
+						$oField->SetSearch($oFieldSearch);
+					} else {
+						$oField->SetSearch(DBObjectSearch::FromOQL("SELECT $sFieldClass WHERE 1=0"));
+					}
+				}
 				// Prevent datetimepicker popup to be truncated
 				if ($oField instanceof DateTimeField) {
 					$oField->SetDateTimePickerWidgetParent($sDateTimePickerWidgetParent);

datamodels/2.x/itop-portal-base/portal/src/Controller/UserProfileBrickController.php

@@ -35,7 +35,7 @@ use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use UserRights;
 use utils;
-
+use Dict;
 /**
  * Class UserProfileBrickController
  *
@@ -66,34 +66,9 @@ class UserProfileBrickController extends BrickController
 		$oRequestManipulator = $this->get('request_manipulator');
 		/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $ObjectFormHandler */
 		$ObjectFormHandler = $this->get('object_form_handler');
-		/** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
-		$oBrickCollection = $this->get('brick_collection');
+        $oBrick = $this->GetBrick($sBrickId);
 
-		// If the brick id was not specified, we get the first one registered that is an instance of UserProfileBrick as default
-		if ($sBrickId === null)
-		{
-			/** @var \Combodo\iTop\Portal\Brick\PortalBrick $oTmpBrick */
-			foreach ($oBrickCollection->GetBricks() as $oTmpBrick)
-			{
-				if ($oTmpBrick instanceof UserProfileBrick)
-				{
-					$oBrick = $oTmpBrick;
-				}
-			}
-
-			// We make sure a UserProfileBrick was found
-			if (!isset($oBrick) || $oBrick === null)
-			{
-				$oBrick = new UserProfileBrick();
-				//throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'UserProfileBrick : Brick could not be loaded as there was no UserProfileBrick loaded in the application.');
-			}
-		}
-		else
-		{
-			$oBrick = $oBrickCollection->GetBrickById($sBrickId);
-		}
-
-		$aData = array();
+        $aData = array();
 
 		// Setting form mode regarding the demo mode parameter
 		$bDemoMode = MetaModel::GetConfig()->Get('demo_mode');
@@ -130,11 +105,12 @@ class UserProfileBrickController extends BrickController
 			$oCurContact = UserRights::GetContactObject();
 			$sCurContactClass = get_class($oCurContact);
 			$sCurContactId = $oCurContact->GetKey();
-
+            $aForm = $oBrick->GetForm();
+            $aForm['submit_endpoint'] = $this->generateUrl('p_user_profile_brick_edit_person', ['sBrickId' => $sBrickId]);
 			// Preparing forms
-			$aData['forms']['contact'] = $ObjectFormHandler->HandleForm($oRequest, $sFormMode, $sCurContactClass, $sCurContactId,
-				$oBrick->GetForm());
-			$aData['forms']['preferences'] = $this->HandlePreferencesForm($oRequest, $sFormMode);
+            $aData['forms']['contact'] = $ObjectFormHandler->HandleForm($oRequest, $sFormMode, $sCurContactClass, $sCurContactId,
+                    $aForm);
+            $aData['forms']['preferences'] = $this->HandlePreferencesForm($oRequest, $sFormMode);
 			// - If user can change password, we display the form
 			$aData['forms']['password'] = (UserRights::CanChangePassword()) ? $this->HandlePasswordForm($oRequest, $sFormMode) : null;
 
@@ -150,6 +126,35 @@ class UserProfileBrickController extends BrickController
 		return $oResponse;
 	}
 
+    public function EditPerson(Request $oRequest)
+    {
+        /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */
+        $oObjectFormHandler = $this->get('object_form_handler');
+        /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
+        $oSecurityHelper = $this->get('security_helper');
+
+        $oCurContact = UserRights::GetContactObject();
+        $sObjectClass = get_class($oCurContact);
+        $sObjectId = $oCurContact->GetKey();
+
+        // Checking security layers
+        // Warning : This is a dirty quick fix to allow editing its own contact information
+        $bAllowWrite = ($sObjectClass === 'Person' && $sObjectId == UserRights::GetContactId());
+        if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId) && !$bAllowWrite) {
+            IssueLog::Warning(__METHOD__ . ' at line ' . __LINE__ . ' : User #' . UserRights::GetUserId() . ' not allowed to modify ' . $sObjectClass . '::' . $sObjectId . ' object.');
+            throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
+        }
+
+        $aForm = $this->GetBrick()->GetForm();
+        $aForm['submit_endpoint'] = $this->generateUrl('p_user_profile_brick_edit_person');
+
+        $aData = ['sMode' => 'edit'];
+        $aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aForm);
+
+        return new JsonResponse($aData);
+    }
+
+
 	/**
 	 * @param \Symfony\Component\HttpFoundation\Request $oRequest
 	 * @param string                                    $sFormMode
@@ -381,7 +386,7 @@ class UserProfileBrickController extends BrickController
 					'sObjectField' => $sPictureAttCode,
 					'cache' => 86400,
 					's' => $oOrmDoc->GetSignature(),
-					]);
+				]);
 				$aFormData['validation'] = array(
 					'valid' => true,
 					'messages' => array(),
@@ -394,4 +399,34 @@ class UserProfileBrickController extends BrickController
 		return $aFormData;
 	}
 
+    /**
+     * @param $sBrickId
+     * @return \Combodo\iTop\Portal\Brick\PortalBrick|UserProfileBrick
+     * @throws \Combodo\iTop\Portal\Brick\BrickNotFoundException
+     */
+    public function GetBrick($sBrickId = null)
+    {
+        /** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
+        $oBrickCollection = $this->get('brick_collection');
+
+        // If the brick id was not specified, we get the first one registered that is an instance of UserProfileBrick as default
+        if ($sBrickId === null) {
+            /** @var \Combodo\iTop\Portal\Brick\PortalBrick $oTmpBrick */
+            foreach ($oBrickCollection->GetBricks() as $oTmpBrick) {
+                if ($oTmpBrick instanceof UserProfileBrick) {
+                    $oBrick = $oTmpBrick;
+                }
+            }
+
+            // We make sure a UserProfileBrick was found
+            if (!isset($oBrick) || $oBrick === null) {
+                $oBrick = new UserProfileBrick();
+                //throw new HttpException(Response::HTTP_INTERNAL_SERVER_ERROR, 'UserProfileBrick : Brick could not be loaded as there was no UserProfileBrick loaded in the application.');
+            }
+        } else {
+            $oBrick = $oBrickCollection->GetBrickById($sBrickId);
+        }
+        return $oBrick;
+    }
+
 }

datamodels/2.x/itop-portal-base/portal/src/Helper/ObjectFormHandlerHelper.php

@@ -242,13 +242,17 @@ class ObjectFormHandlerHelper
 				case static::ENUM_MODE_CREATE:
 				case static::ENUM_MODE_EDIT:
 				case static::ENUM_MODE_VIEW:
-					$sFormEndpoint = $this->oUrlGenerator->generate(
-						'p_object_'.$sMode,
-						array(
-							'sObjectClass' => $sObjectClass,
-							'sObjectId' => $sObjectId,
-						)
-					);
+                    if(array_key_exists('submit_endpoint', $aFormProperties)) {
+                        $sFormEndpoint = $aFormProperties['submit_endpoint'];
+                    } else {
+                        $sFormEndpoint = $this->oUrlGenerator->generate(
+                                'p_object_' . $sMode,
+                                array(
+                                        'sObjectClass' => $sObjectClass,
+                                        'sObjectId' => $sObjectId,
+                                )
+                        );
+                    }
 					break;
 
 				case static::ENUM_MODE_APPLY_STIMULUS:
@@ -281,7 +285,8 @@ class ObjectFormHandlerHelper
 				->SetActionRulesToken($sActionRulesToken)
 				->SetRenderer($oFormRenderer)
 				->SetFormProperties($aFormProperties);
-
+			$oFormManager->PrepareFormAndHTMLDocument();
+			$oFormManager->PrepareFields();
 			$oFormManager->Build();
 			$aFormData['hidden_fields'] = $oFormManager->GetHiddenFieldsId();
 			// Check the number of editable fields
@@ -399,7 +404,7 @@ class ObjectFormHandlerHelper
 				ApplicationContext::MakeObjectUrl($sObjectClass, $sObjectId)
 			);
 		}
-		
+
 		return $aFormData;
 	}
 

datamodels/2.x/itop-portal/module.itop-portal.php

@@ -20,7 +20,7 @@
 /** @noinspection PhpUnhandledExceptionInspection */
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-portal/3.1.1', array(
+	'itop-portal/3.1.3', array(
 	// Identification
 	'label' => 'Enhanced Customer Portal',
 	'category' => 'Portal',

datamodels/2.x/itop-problem-mgmt/module.itop-problem-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-problem-mgmt/3.1.1',
+	'itop-problem-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-profiles-itil/module.itop-profiles-itil.php

@@ -19,7 +19,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-profiles-itil/3.1.1',
+	'itop-profiles-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-request-mgmt-itil/module.itop-request-mgmt-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-request-mgmt-itil/3.1.1',
+	'itop-request-mgmt-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-request-mgmt/module.itop-request-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-request-mgmt/3.1.1',
+	'itop-request-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-service-mgmt-provider/module.itop-service-mgmt-provider.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-service-mgmt-provider/3.1.1',
+	'itop-service-mgmt-provider/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-service-mgmt/module.itop-service-mgmt.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-service-mgmt/3.1.1',
+	'itop-service-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-sla-computation/module.itop-sla-computation.php

@@ -18,7 +18,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-sla-computation/3.1.1',
+	'itop-sla-computation/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-storage-mgmt/module.itop-storage-mgmt.php

@@ -25,7 +25,7 @@
  
  SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	 'itop-storage-mgmt/3.1.1',
+	 'itop-storage-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-structure/module.itop-structure.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-structure/3.1.1',
+	'itop-structure/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-themes-compat/module.itop-themes-compat.php

@@ -5,7 +5,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-themes-compat/3.1.1',
+	'itop-themes-compat/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-tickets/module.itop-tickets.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__,
-	'itop-tickets/3.1.1',
+	'itop-tickets/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-virtualization-mgmt/module.itop-virtualization-mgmt.php

@@ -16,7 +16,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-virtualization-mgmt/3.1.1',
+	'itop-virtualization-mgmt/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/itop-welcome-itil/module.itop-welcome-itil.php

@@ -3,7 +3,7 @@
 
 SetupWebPage::AddModule(
 	__FILE__, // Path to the current file, all other file names are relative to the directory containing this file
-	'itop-welcome-itil/3.1.1',
+	'itop-welcome-itil/3.1.3',
 	array(
 		// Identification
 		//

datamodels/2.x/version.xml

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <information>
-  <version>3.1.1</version>
+  <version>3.1.3</version>
 </information>

pages/ajax.render.php

@@ -767,12 +767,12 @@ try
 				$sClass = utils::ReadParam('className', '', false, 'class');
 				$sRootClass = utils::ReadParam('baseClass', '', false, 'class');
 				$currentId = utils::ReadParam('currentId', '');
-				$sTableId = utils::ReadParam('_table_id_', null, false, 'raw_data');
+				$sTableId = utils::ReadParam('_table_id_', null, false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 				$sAction = utils::ReadParam('action', '');
-				$sSelectionMode = utils::ReadParam('selection_mode', null, false, 'raw_data');
-				$sResultListOuterSelector = utils::ReadParam('result_list_outer_selector', null, false, 'raw_data');
-				$scssCount = utils::ReadParam('css_count', null, false, 'raw_data');
-				$sTableInnerId = utils::ReadParam('table_inner_id', $sTableId, false, 'raw_data');
+				$sSelectionMode = utils::ReadParam('selection_mode');
+				$sResultListOuterSelector = utils::ReadParam('result_list_outer_selector', null,false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER); // actually an Id not a selector
+				$scssCount = utils::ReadParam('css_count', null,false,utils::ENUM_SANITIZATION_FILTER_ELEMENT_SELECTOR);
+				$sTableInnerId = utils::ReadParam('table_inner_id', null,false, utils::ENUM_SANITIZATION_FILTER_ELEMENT_IDENTIFIER);
 
 				$oFilter = new DBObjectSearch($sClass);
 				$oSet = new CMDBObjectSet($oFilter);

pages/schema.php

@@ -343,6 +343,8 @@ function DisplayEvents(WebPage $oPage, $sClass)
 				}
 			}
 			$sListener = $sListenerClass.'->'.$aListener['callback'][1].'(\Combodo\iTop\Service\Events\EventData $oEventData)';
+		} else if (is_array($aListener['callback'])) {
+			$sListener = $aListener['callback'][0].'::'.$aListener['callback'][1];
 		} else {
 			$sListener = $aListener['callback'].'(\Combodo\iTop\Service\Events\EventData $oEventData)';
 		}

setup/unattended-install/README.md

@@ -2,24 +2,72 @@
 
 This script allows to install and update iTop via CLI.
 
-For more information, see the official Wiki : [Automated installation [iTop Documentation]](https://www.itophub.io/wiki/page?id=latest:advancedtopics:automatic_install) 
+For more information, see the official Wiki : [Automated installation [iTop Documentation]](https://www.itophub.io/wiki/page?id=latest:advancedtopics:automatic_install)
 
+# unattended-install.php
+
+## Usage
+
+Execution of the unattended installation
+> Note:
+> Because the installation runs from the command line, make sure that the current user has enough rights to access the different locations and that the web server will be able to access the files and directories created during the scripted installation. In order to exactly emulate the behavior of
+the interactive installation it may be a good practice to run this installation from the user account used for running the web server process.
+
+Launch the script with the following command:  ```bash php unattended_install.php --param-file=fresh-install.xml ```
+
+Where: `fresh-install.xml` is the response file containing your desired settings for the installation (there are 4 models available in the folder `xml_setup`: fresh-install.xml, itil-fresh-install.xml, itil-upgrade.xml, upgrade.xml)
+
+Fresh installation parameters
+> Important:
+> In the case of a fresh installation (<mode>install</mode>), do not forget to complete below mandatory parameters before:
+
+```xml 
+<database>
+    <server></server>
+    <user></user>
+    <pwd></pwd>
+    <name></name>
+    <db_tls_enabled></db_tls_enabled>
+    <db_tls_ca></db_tls_ca>
+    <prefix></prefix>
+</database>
+<url>
+</url>
+<graphviz_path>/usr/bin/dot</graphviz_path>
+<admin_account>
+<user></user>
+<pwd></pwd>
+<language></language>
+</admin_account>
+<language></language>
+```
+
+## Options
+
+To get all available options of the script, you can perform the following command :
+```php unattended-install.php --help```
+
+# install-itop.sh
+
+## Usage
 
-#install-itop.sh
 You can install your iTop by only using config-itop.php settings and run either
 
 - a non-ITIL iTop fresh installation (use itil-fresh-install.xml to have ITIL modules instead)
+
 ```
 ./install-itop.sh ./xml_setup/fresh-install.xml
 ```
 
 - a non-ITIL iTop upgrade (use itil-upgrade.xml to have ITIL modules instead)
+
 ```
 ./install-itop.sh ./xml_setup/upgrade.xml
 ```
 
 - a specific iTop installation by providing both xml setup file
-in below example file provided is the one generated by iTop during last setup.
+  in below example file provided is the one generated by iTop during last setup.
+
 ```
 ./install-itop.sh ../../log/install-2024-04-03.xml
 ```

sources/Application/UI/Base/Layout/ActivityPanel/ActivityPanelFactory.php

@@ -27,6 +27,7 @@ use DBObject;
 use DBObjectSearch;
 use DBObjectSet;
 use Exception;
+use ExecutionKPI;
 use IssueLog;
 use MetaModel;
 
@@ -58,6 +59,7 @@ class ActivityPanelFactory
 	 */
 	public static function MakeForObjectDetails(DBObject $oObject, string $sMode = cmdbAbstractObject::DEFAULT_DISPLAY_MODE)
 	{
+		$oKPI = new ExecutionKPI();
 		$sObjClass = get_class($oObject);
 		$sObjId = $oObject->GetKey();
 
@@ -171,6 +173,8 @@ class ActivityPanelFactory
 			}
 		}
 
+		$oKPI->ComputeStatsForExtension(new ActivityPanelFactory(), 'MakeForObjectDetails');
+
 		return $oActivityPanel;
 	}
 }

sources/Core/Email/EmailLaminas.php

@@ -7,7 +7,8 @@
  */
 
 use Combodo\iTop\Core\Authentication\Client\OAuth\OAuthClientProviderFactory;
-use Laminas\Mail\Header\ContentType;
+use Laminas\Mail\Header\InReplyTo;
+use Laminas\Mail\Header\MessageId;
 use Laminas\Mail\Message;
 use Laminas\Mail\Protocol\Smtp\Auth\Oauth;
 use Laminas\Mail\Transport\File;
@@ -331,11 +332,11 @@ class EMailLaminas extends Email
 	{
 		$this->m_aData['message_id'] = $sId;
 
-		// Note: Swift will add the angle brackets for you
+		// Note: The email library will add the angle brackets for you
 		// so let's remove the angle brackets if present, for historical reasons
 		$sId = str_replace(array('<', '>'), '', $sId);
 
-		$this->m_oMessage->getHeaders()->addHeaderLine('Message-ID', $sId);
+		$this->m_oMessage->getHeaders()->addHeader((new MessageId())->setId($sId));
 	}
 
 	public function SetReferences($sReferences)
@@ -354,7 +355,11 @@ class EMailLaminas extends Email
 	 */
 	public function SetInReplyTo(string $sMessageId)
 	{
-		$this->AddToHeader('In-Reply-To', $sMessageId);
+		// Note: Laminas will add the angle brackets for you
+		// so let's remove the angle brackets if present, for historical reasons
+		$sId = str_replace(array('<', '>'), '', $sMessageId);
+
+		$this->m_oMessage->getHeaders()->addHeader((new InReplyTo())->setIds([$sId]));
 	}
 
 	/**
@@ -398,19 +403,6 @@ class EMailLaminas extends Email
 			$oBody->addPart($oAdditionalPart);
 		}
 
-		if ($oBody->isMultiPart()) {
-			$oContentTypeHeader = $this->m_oMessage->getHeaders();
-			foreach ($oContentTypeHeader as $oHeader) {
-				if (!$oHeader instanceof ContentType) {
-					continue;
-				}
-
-				$oHeader->setType(Mime::MULTIPART_MIXED);
-				$oHeader->addParameter('boundary', $oBody->getMime()->boundary());
-				break;
-			}
-		}
-
 		$this->m_oMessage->setBody($oBody);
 	}
 
@@ -431,22 +423,13 @@ class EMailLaminas extends Email
 		$oNewPart = new Part($sText);
 		$oNewPart->encoding = Mime::ENCODING_8BIT;
 		$oNewPart->type = $sMimeType;
-		$this->m_oMessage->getBody()->addPart($oNewPart);
+
+		// setBody called only to refresh Content-Type to multipart/mixed
+		$this->m_oMessage->setBody($this->m_oMessage->getBody()->addPart($oNewPart));
 	}
 
 	public function AddAttachment($data, $sFileName, $sMimeType)
 	{
-		$oBody = $this->m_oMessage->getBody();
-
-		if (!$oBody->isMultiPart()) {
-			$multipart_content = new Part($oBody->generateMessage());
-			$multipart_content->setType($oBody->getParts()[0]->getType());
-			$multipart_content->setBoundary($oBody->getMime()->boundary());
-
-			$oBody = new Laminas\Mime\Message();
-			$oBody->addPart($multipart_content);
-		}
-
 		if (!array_key_exists('attachments', $this->m_aData)) {
 			$this->m_aData['attachments'] = array();
 		}
@@ -457,23 +440,8 @@ class EMailLaminas extends Email
 		$oNewAttachment->disposition = Mime::DISPOSITION_ATTACHMENT;
 		$oNewAttachment->encoding = Mime::ENCODING_BASE64;
 
-
-		$oBody->addPart($oNewAttachment);
-
-		if ($oBody->isMultiPart()) {
-			$oContentTypeHeader = $this->m_oMessage->getHeaders();
-			foreach ($oContentTypeHeader as $oHeader) {
-				if (!$oHeader instanceof ContentType) {
-					continue;
-				}
-
-				$oHeader->setType(Mime::MULTIPART_MIXED);
-				$oHeader->addParameter('boundary', $oBody->getMime()->boundary());
-				break;
-			}
-		}
-
-		$this->m_oMessage->setBody($oBody);
+		// setBody called only to refresh Content-Type to multipart/mixed
+		$this->m_oMessage->setBody($this->m_oMessage->getBody()->addPart($oNewAttachment));
 	}
 
 	public function SetSubject($sSubject)

sources/Service/Import/CSVImportPageProcessor.php

@@ -592,6 +592,7 @@ EOF
 	 */
 	private static function GetDivAlert(string $message): string
 	{
+		$message = utils::EscapeHtml($message);
 		return "<div class=\"ibo-csv-import--cell-error ibo-csv-import--cell-message\">$message</div>\n";
 	}
 

sources/Service/Module/ModuleService.php

@@ -46,6 +46,8 @@ class ModuleService
         $sExtension = $this->GetModuleNameFromObject($oReflectionClass->getName());
         if (strlen($sExtension) !== 0) {
             $sSignature .= '['.$sExtension.'] ';
+        } else {
+	        $sSignature .= '[core] ';
         }
         $sSignature .= $oReflectionClass->getShortName().'::'.$sMethod.'()';
 

tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php

@@ -101,13 +101,14 @@ class BulkChangeTest extends ItopDataTestCase
 				//$this->debug("sStatus:".$sStatus->GetDescription());
 				$this->assertEquals($aResult["__STATUS__"], $sStatus->GetDescription());
 				foreach ($aRow as $i => $oCell) {
+					/** @var $oCell \CellChangeSpec  */
 					if ($i !== "finalclass" && $i !== "__STATUS__" && $i !== "__ERRORS__" && array_key_exists($i, $aResult)) {
 						$this->debug("i:".$i);
 						$this->debug('GetCLIValue:'.$oCell->GetCLIValue());
 						$this->debug("aResult:".$aResult[$i]);
-						$this->assertEquals($aResult[$i], $oCell->GetCLIValue());
+						$this->assertEquals($aResult[$i], $oCell->GetCLIValue(), "Unexpected CLI result for cell " . $i);
 						if (null !== $aResultHTML) {
-							$this->assertEquals($aResultHTML[$i], $oCell->GetHTMLValue());
+							$this->assertEquals($aResultHTML[$i], $oCell->GetHTMLValue(), "Unexpected HTML result for cell " . $i);
 						}
 					}
 				}

tests/php-unit-tests/unitary-tests/core/EMailTest.php

@@ -45,4 +45,43 @@ class EMailTest extends ItopTestCase {
 		$oConfig->Set('email_transport', $sCurrentEmailTransport);
 		$oConfig->Set('email_asynchronous', $sCurrentEmailAsync);
 	}
+
+	/**
+	 * @return void
+	 * @throws \ConfigException
+	 * @throws \CoreException
+	 * @covers Email::SetBody()
+	 * @covers Email::Send()
+	 */
+	public function testCheckPartsHeadersOnSendEmailWithAttachment(): void
+	{
+		$oConfig = utils::GetConfig();
+		$sCurrentEmailTransport = $oConfig->Get('email_transport');
+		$sCurrentEmailAsync = $oConfig->Get('email_asynchronous');
+
+		// Set our email transport to file, so we can read it after
+		$oConfig->Set('email_transport', 'LogFile');
+		$oConfig->Set('email_asynchronous', false);
+
+		$oEmail = new Email();
+		$oEmail->SetRecipientTO('email@email.com');
+		$oEmail->SetRecipientFrom('email2@email2.com');
+		$oEmail->SetSubject('dummy subject');
+		$oEmail->SetBody('dummy body', 'text/plain');
+		$oEmail->AddAttachment('Dummy attachment', 'attachment.txt', 'text/plain');
+
+		// Send the mail and check if there's any issue
+		$aIssues = [];
+		$oEmail->Send($aIssues);
+		$this->assertEmpty($aIssues);
+
+		// Check if our charset is correctly set
+		// We know this file may be used by other future test, but as we can't configure output filename, it is what it is
+		$sEmailContent = file_get_contents(APPROOT.'log/mail.log');
+		$this->assertStringContainsString('Content-Type: text/plain; charset=UTF-8', $sEmailContent);
+
+		// Set our previous email transport value back, so it doesn't affect other tests
+		$oConfig->Set('email_transport', $sCurrentEmailTransport);
+		$oConfig->Set('email_asynchronous', $sCurrentEmailAsync);
+	}
 }

tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/test.html.twig

@@ -47,5 +47,8 @@
 <div>['echo',1]|sort('system')|join</div>
 {{ ['echo',1]|sort('system')|join }}
 
+<div>[['id','']|sort('system')</div>
+{{['id','']|sort('system')|join}}
+
 POST /subscribe?0=cat+/etc/passwd HTTP/1.1
 email="{{ app.request.query.filter(0,0,1024,{'options':'system'}) }}"@attacker.tld