Fix typo and copy-paste error (#942)

* Added Datamatrix and C93 label twigs

* Added new barcode placeholders to ckeditor plugin

---------

Co-authored-by: Jan Böhmer <mail@jan-boehmer.de>

.docker/partdb-entrypoint.sh

@@ -39,8 +39,50 @@ if [ -d /var/www/html/var/db ]; then
     fi
 fi
 
-# Start PHP-FPM
-service php8.1-fpm start
+# Start PHP-FPM (the PHP_VERSION is replaced by the configured version in the Dockerfile)
+service phpPHP_VERSION-fpm start
+
+
+# Run migrations if automigration is enabled via env variable DB_AUTOMIGRATE
+if [ "$DB_AUTOMIGRATE" = "true" ]; then
+		echo "Waiting for database to be ready..."
+		ATTEMPTS_LEFT_TO_REACH_DATABASE=60
+		until [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ] || DATABASE_ERROR=$(sudo -E -u www-data php bin/console dbal:run-sql -q "SELECT 1" 2>&1); do
+			if [ $? -eq 255 ]; then
+				# If the Doctrine command exits with 255, an unrecoverable error occurred
+				ATTEMPTS_LEFT_TO_REACH_DATABASE=0
+				break
+			fi
+			sleep 1
+			ATTEMPTS_LEFT_TO_REACH_DATABASE=$((ATTEMPTS_LEFT_TO_REACH_DATABASE - 1))
+			echo "Still waiting for database to be ready... Or maybe the database is not reachable. $ATTEMPTS_LEFT_TO_REACH_DATABASE attempts left."
+		done
+
+		if [ $ATTEMPTS_LEFT_TO_REACH_DATABASE -eq 0 ]; then
+			echo "The database is not up or not reachable:"
+			echo "$DATABASE_ERROR"
+			exit 1
+		else
+			echo "The database is now ready and reachable"
+		fi
+
+    # Check if there are any available migrations to do, by executing doctrine:migrations:up-to-date
+    # and checking if the exit code is 0 (up to date) or 1 (not up to date)
+    if  sudo -E -u www-data php bin/console doctrine:migrations:up-to-date --no-interaction; then
+        echo "Database is up to date, no migrations necessary."
+    else
+        echo "Migrations available..."
+        echo "Do backup of database..."
+
+        sudo -E -u www-data mkdir -p /var/www/html/uploads/.automigration-backup/
+        # Backup the database
+        sudo -E -u www-data php bin/console partdb:backup -n --database /var/www/html/uploads/.automigration-backup/backup-$(date +%Y-%m-%d_%H-%M-%S).zip
+
+        # Check if there are any migration files
+        sudo -E -u www-data php bin/console doctrine:migrations:migrate --no-interaction
+    fi
+
+fi
 
 # first arg is `-f` or `--some-option` (taken from https://github.com/docker-library/php/blob/master/8.2/bullseye/apache/docker-php-entrypoint)
 if [ "${1#-}" != "$1" ]; then

.docker/symfony.conf

@@ -43,6 +43,9 @@
         PassEnv PROVIDER_OCTOPART_CLIENT_ID PROVIDER_OCTOPART_SECRET PROVIDER_OCTOPART_CURRENCY PROVIDER_OCTOPART_COUNTRY PROVIDER_OCTOPART_SEARCH_LIMIT PROVIDER_OCTOPART_ONLY_AUTHORIZED_SELLERS
         PassEnv PROVIDER_MOUSER_KEY PROVIDER_MOUSER_SEARCH_OPTION PROVIDER_MOUSER_SEARCH_LIMIT PROVIDER_MOUSER_SEARCH_WITH_SIGNUP_LANGUAGE
         PassEnv PROVIDER_LCSC_ENABLED PROVIDER_LCSC_CURRENCY
+        PassEnv PROVIDER_OEMSECRETS_KEY PROVIDER_OEMSECRETS_COUNTRY_CODE PROVIDER_OEMSECRETS_CURRENCY PROVIDER_OEMSECRETS_ZERO_PRICE PROVIDER_OEMSECRETS_SET_PARAM PROVIDER_OEMSECRETS_SORT_CRITERIA
+        PassEnv PROVIDER_REICHELT_ENABLED PROVIDER_REICHELT_CURRENCY PROVIDER_REICHELT_COUNTRY PROVIDER_REICHELT_LANGUAGE PROVIDER_REICHELT_INCLUDE_VAT
+        PassEnv PROVIDER_POLLIN_ENABLED
         PassEnv EDA_KICAD_CATEGORY_DEPTH
 
         # For most configuration files from conf-available/, which are

.env

@@ -143,7 +143,8 @@ PROVIDER_TME_CURRENCY=EUR
 PROVIDER_TME_LANGUAGE=en
 # The country to get results for
 PROVIDER_TME_COUNTRY=DE
-# Set this to 1 to get gross prices (including VAT) instead of net prices
+# [DEPRECATED] Set this to 1 to get gross prices (including VAT) instead of net prices
+# With private API keys, this option cannot be used anymore is ignored by Part-DB. The VAT inclusion depends on your TME account settings.
 PROVIDER_TME_GET_GROSS_PRICES=1
 
 # Octopart / Nexar Provider:
@@ -181,6 +182,61 @@ PROVIDER_LCSC_ENABLED=0
 # The currency to get prices in (e.g. EUR, USD, etc.)
 PROVIDER_LCSC_CURRENCY=EUR
 
+# Oemsecrets Provider API 3.0.1:
+# You can get your API key from https://www.oemsecrets.com/api
+PROVIDER_OEMSECRETS_KEY=
+# The country you want the output for
+PROVIDER_OEMSECRETS_COUNTRY_CODE=DE
+# Available country code are:
+# AD, AE, AQ, AR, AT, AU, BE, BO, BR, BV, BY, CA, CH, CL, CN, CO, CZ, DE, DK, EC, EE, EH, 
+# ES, FI, FK, FO, FR, GB, GE, GF, GG, GI, GL, GR, GS, GY, HK, HM, HR, HU, IE, IM, IN, IS,
+# IT, JM, JP, KP, KR, KZ, LI, LK, LT, LU, MC, MD, ME, MK, MT, NL, NO, NZ, PE, PH, PL, PT, 
+# PY, RO, RS, RU, SB, SD, SE, SG, SI, SJ, SK, SM, SO, SR, SY, SZ, TC, TF, TG, TH, TJ, TK, 
+# TM, TN, TO, TR, TT, TV, TW, TZ, UA, UG, UM, US, UY, UZ, VA, VE, VG, VI, VN, VU, WF, YE, 
+# ZA, ZM, ZW
+#
+# The currency you want the prices to be displayed in
+PROVIDER_OEMSECRETS_CURRENCY=EUR
+# Available currency are:AUD, CAD, CHF, CNY, DKK, EUR, GBP, HKD, ILS, INR, JPY, KRW, NOK, 
+#                        NZD, RUB, SEK, SGD, TWD, USD
+#
+# If PROVIDER_OEMSECRETS_ZERO_PRICE is set to 0, distributors with zero prices 
+# will be discarded from the creation of a new part (set to 1 otherwise)
+PROVIDER_OEMSECRETS_ZERO_PRICE=0
+#
+# When PROVIDER_OEMSECRETS_SET_PARAM is set to 1 the parameters for the part are generated 
+# from the description transforming unstructured descriptions into structured parameters; 
+# each parameter in description should have the form: "...;name1:value1;name2:value2"
+PROVIDER_OEMSECRETS_SET_PARAM=1
+#
+# This environment variable determines the sorting criteria for product results.
+# The sorting process first arranges items based on the provided keyword.
+# Then, if set to 'C', it further sorts by completeness (prioritizing items with the most
+# detailed information). If set to 'M', it further sorts by manufacturer name.
+#If unset or set to any other value, no sorting is performed.
+PROVIDER_OEMSECRETS_SORT_CRITERIA=C
+
+
+# Reichelt provider:
+# Reichelt.com offers no official API, so this info provider webscrapes the website to extract info
+# It could break at any time, use it at your own risk
+# We dont require an API key for Reichelt, just set this to 1 to enable Reichelt support
+PROVIDER_REICHELT_ENABLED=0
+# The country to get prices for
+PROVIDER_REICHELT_COUNTRY=DE
+# The language to get results in (en, de, fr, nl, pl, it, es)
+PROVIDER_REICHELT_LANGUAGE=en
+# Include VAT in prices (set to 1 to include VAT, 0 to exclude VAT)
+PROVIDER_REICHELT_INCLUDE_VAT=1
+# The currency to get prices in (only for countries with countries other than EUR)
+PROVIDER_REICHELT_CURRENCY=EUR
+
+# Pollin provider:
+# Pollin.de offers no official API, so this info provider webscrapes the website to extract info
+# It could break at any time, use it at your own risk
+# We dont require an API key for Pollin, just set this to 1 to enable Pollin support
+PROVIDER_POLLIN_ENABLED=0
+
 ##################################################################################
 # EDA integration related settings
 ##################################################################################

.github/workflows/tests.yml

@@ -18,7 +18,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php-versions: [ '8.1', '8.2', '8.3' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
         db-type: [ 'mysql', 'sqlite', 'postgres' ]
 
     env:
@@ -126,7 +126,7 @@ jobs:
         run: ./bin/phpunit --coverage-clover=coverage.xml
       
       - name: Upload coverage
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           env_vars: PHP_VERSION,DB_TYPE
           token: ${{ secrets.CODECOV_TOKEN }}

Dockerfile

@@ -1,22 +1,64 @@
-FROM debian:bullseye-slim
+ARG BASE_IMAGE=debian:bookworm-slim
+ARG PHP_VERSION=8.3
+
+FROM ${BASE_IMAGE} AS base
+ARG PHP_VERSION
 
 # Install needed dependencies for PHP build
 #RUN apt-get update &&  apt-get install -y pkg-config curl libcurl4-openssl-dev libicu-dev \
 #    libpng-dev libjpeg-dev libfreetype6-dev gnupg zip libzip-dev libjpeg62-turbo-dev libonig-dev libxslt-dev libwebp-dev vim \
 #    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
 
-RUN apt-get update && apt-get -y install apt-transport-https lsb-release ca-certificates curl zip mariadb-client \
+RUN apt-get update && apt-get -y install \
+      apt-transport-https \
+      lsb-release \
+      ca-certificates \
+      curl \
+      zip \
+      mariadb-client \
+      postgresql-client \
     && curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg  \
     && sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' \
     && apt-get update && apt-get upgrade -y \
-    && apt-get install -y apache2 php8.1 php8.1-fpm php8.1-opcache php8.1-curl php8.1-gd php8.1-mbstring php8.1-xml php8.1-bcmath php8.1-intl php8.1-zip php8.1-xsl php8.1-sqlite3 php8.1-mysql gpg sudo \
-    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*;
-
-ENV APACHE_CONFDIR /etc/apache2
-ENV APACHE_ENVVARS $APACHE_CONFDIR/envvars
-
+    && apt-get install -y \
+      apache2 \
+      php${PHP_VERSION} \
+      php${PHP_VERSION}-fpm \
+      php${PHP_VERSION}-opcache \
+      php${PHP_VERSION}-curl \
+      php${PHP_VERSION}-gd \
+      php${PHP_VERSION}-mbstring \
+      php${PHP_VERSION}-xml \
+      php${PHP_VERSION}-bcmath \
+      php${PHP_VERSION}-intl \
+      php${PHP_VERSION}-zip \
+      php${PHP_VERSION}-xsl \
+      php${PHP_VERSION}-sqlite3 \
+      php${PHP_VERSION}-mysql \
+      php${PHP_VERSION}-pgsql \
+      gpg \
+      sudo \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/* \
 # Create workdir and set permissions if directory does not exists
-RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
+    && mkdir -p /var/www/html \
+    && chown -R www-data:www-data /var/www/html \
+# delete the "index.html" that installing Apache drops in here
+    && rm -rvf /var/www/html/*
+
+# Install node and yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get update && apt-get install -y \
+      nodejs \
+      yarn \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+
+# Install composer
+COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+
+ENV APACHE_CONFDIR=/etc/apache2
+ENV APACHE_ENVVARS=$APACHE_CONFDIR/envvars
 
 # Configure apache 2 (taken from https://github.com/docker-library/php/blob/master/8.2/bullseye/apache/Dockerfile)
 # generically convert lines like
@@ -27,8 +69,6 @@ RUN mkdir -p /var/www/html && chown -R www-data:www-data /var/www/html
 # so that they can be overridden at runtime ("-e APACHE_RUN_USER=...")
 RUN  sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"; \
       set -eux; . "$APACHE_ENVVARS";  \
-    # delete the "index.html" that installing Apache drops in here
-    	rm -rvf /var/www/html/*; \
     	\
     # logs should go to stdout / stderr
     	ln -sfT /dev/stderr "$APACHE_LOG_DIR/error.log"; \
@@ -36,82 +76,87 @@ RUN  sed -ri 's/^export ([^=]+)=(.*)$/: ${\1:=\2}\nexport \1/' "$APACHE_ENVVARS"
     	ln -sfT /dev/stdout "$APACHE_LOG_DIR/other_vhosts_access.log"; \
         chown -R --no-dereference "$APACHE_RUN_USER:$APACHE_RUN_GROUP" "$APACHE_LOG_DIR";
 
-# Enable php-fpm
-RUN a2enmod proxy_fcgi setenvif && a2enconf php8.1-fpm
+# ---
 
+FROM scratch AS apache-config
+ARG PHP_VERSION
 # Configure php-fpm to log to stdout of the container (stdout of PID 1)
 # We have to use /proc/1/fd/1 because /dev/stdout or /proc/self/fd/1 does not point to the container stdout (because we use apache as entrypoint)
 # We also disable the clear_env option to allow the use of environment variables in php-fpm
-RUN { \
-    echo '[global]'; \
-    echo 'error_log = /proc/1/fd/1'; \
-    echo; \
-    echo '[www]'; \
-    echo 'access.log = /proc/1/fd/1'; \
-    echo 'catch_workers_output = yes'; \
-    echo 'decorate_workers_output = no'; \
-    echo 'clear_env = no'; \
-   } | tee "/etc/php/8.1/fpm/pool.d/zz-docker.conf"
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/pool.d/zz-docker.conf
+[global]
+error_log = /proc/1/fd/1
+
+[www]
+access.log = /proc/1/fd/1
+catch_workers_output = yes
+decorate_workers_output = no
+clear_env = no
+EOF
 
 # PHP files should be handled by PHP, and should be preferred over any other file type
-RUN { \
-		echo '<FilesMatch \.php$>'; \
-		echo '\tSetHandler application/x-httpd-php'; \
-		echo '</FilesMatch>'; \
-		echo; \
-		echo 'DirectoryIndex disabled'; \
-		echo 'DirectoryIndex index.php index.html'; \
-		echo; \
-		echo '<Directory /var/www/>'; \
-		echo '\tOptions -Indexes'; \
-		echo '\tAllowOverride All'; \
-		echo '</Directory>'; \
-	} | tee "$APACHE_CONFDIR/conf-available/docker-php.conf" \
-	&& a2enconf docker-php
+COPY <<EOF /etc/apache2/conf-available/docker-php.conf
+<FilesMatch \\.php$>
+	SetHandler application/x-httpd-php
+</FilesMatch>
+
+DirectoryIndex disabled
+DirectoryIndex index.php index.html
+
+<Directory /var/www/>
+	Options -Indexes
+	AllowOverride All
+</Directory>
+EOF
 
 # Enable opcache and configure it recommended for symfony (see https://symfony.com/doc/current/performance.html)
-RUN  \
-	{ \
-		echo 'opcache.memory_consumption=256'; \
-		echo 'opcache.max_accelerated_files=20000'; \
-		echo 'opcache.validate_timestamp=0'; \
-        # Configure Realpath cache for performance
-        echo 'realpath_cache_size=4096K'; \
-        echo 'realpath_cache_ttl=600'; \
-    } > /etc/php/8.1/fpm/conf.d/symfony-recommended.ini
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/conf.d/symfony-recommended.ini
+opcache.memory_consumption=256
+opcache.max_accelerated_files=20000
+opcache.validate_timestamp=0
+# Configure Realpath cache for performance
+realpath_cache_size=4096K
+realpath_cache_ttl=600
+EOF
 
 # Increase upload limit and enable preloading
-RUN  \
-	{ \
-		echo 'upload_max_filesize=256M'; \
-		echo 'post_max_size=300M'; \
-        echo 'opcache.preload_user=www-data'; \
-        echo 'opcache.preload=/var/www/html/config/preload.php'; \
-    } > /etc/php/8.1/fpm/conf.d/partdb.ini
+COPY <<EOF /etc/php/${PHP_VERSION}/fpm/conf.d/partdb.ini
+upload_max_filesize=256M
+post_max_size=300M
+opcache.preload_user=www-data
+opcache.preload=/var/www/html/config/preload.php
+log_limit=8096
+EOF
 
-# Install node and yarn
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - && apt-get update && apt-get install -y nodejs yarn && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
+COPY ./.docker/symfony.conf /etc/apache2/sites-available/symfony.conf
 
-# Install composer
-COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
+# ---
 
+FROM base
+ARG PHP_VERSION
 
 # Set working dir
 WORKDIR /var/www/html
+COPY --from=apache-config / /
 COPY --chown=www-data:www-data . .
 
 # Setup apache2
-RUN a2dissite 000-default.conf
-COPY ./.docker/symfony.conf /etc/apache2/sites-available/symfony.conf
-RUN a2ensite symfony.conf
-RUN a2enmod rewrite
+RUN a2dissite 000-default.conf && \
+    a2ensite symfony.conf && \
+# Enable php-fpm
+    a2enmod proxy_fcgi setenvif && \
+    a2enconf php${PHP_VERSION}-fpm && \
+    a2enconf docker-php && \
+    a2enmod rewrite
 
 # Install composer and yarn dependencies for Part-DB
 USER www-data
-RUN composer install -a --no-dev && composer clear-cache
-RUN yarn install --network-timeout 600000 && yarn build && yarn cache clean && rm -rf node_modules/
+RUN composer install -a --no-dev && \
+    composer clear-cache
+RUN yarn install --network-timeout 600000 && \
+    yarn build && \
+    yarn cache clean && \
+    rm -rf node_modules/
 
 # Use docker env to output logs to stdout
 ENV APP_ENV=docker
@@ -119,10 +164,12 @@ ENV DATABASE_URL="sqlite:///%kernel.project_dir%/uploads/app.db"
 
 USER root
 
-# Copy entrypoint to /usr/local/bin and make it executable
-RUN cp ./.docker/partdb-entrypoint.sh /usr/local/bin/partdb-entrypoint.sh && chmod +x /usr/local/bin/partdb-entrypoint.sh
-# Copy apache2-foreground to /usr/local/bin and make it executable
-RUN cp ./.docker/apache2-foreground /usr/local/bin/apache2-foreground && chmod +x /usr/local/bin/apache2-foreground
+# Replace the php version placeholder in the entry point, with our php version
+RUN sed -i "s/PHP_VERSION/${PHP_VERSION}/g" ./.docker/partdb-entrypoint.sh
+
+# Copy entrypoint and apache2-foreground to /usr/local/bin and make it executable
+RUN install ./.docker/partdb-entrypoint.sh /usr/local/bin && \
+    install ./.docker/apache2-foreground /usr/local/bin
 ENTRYPOINT ["partdb-entrypoint.sh"]
 CMD ["apache2-foreground"]
 

Dockerfile-frankenphp

@@ -1,11 +1,25 @@
 FROM dunglas/frankenphp:1-php8.3 AS frankenphp_upstream
 
-RUN apt-get update && apt-get -y install curl zip mariadb-client file acl git gettext ca-certificates gnupg \
+RUN apt-get update && apt-get -y install \
+      curl \
+      ca-certificates \
+      mariadb-client \
+      postgresql-client \
+      file \
+      acl \
+      git \
+      gettext \
+      gnupg \
+      zip \
     && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*;
 
-# Create workdir and set permissions if directory does not exists
-RUN mkdir -p /app
-WORKDIR /app
+# Install node and yarn
+RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    curl -sL https://deb.nodesource.com/setup_20.x | bash - && \
+    apt-get update && apt-get install -y \
+      nodejs yarn \
+    && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
 
 # Install PHP
 RUN set -eux; \
@@ -17,6 +31,7 @@ RUN set -eux; \
 		zip \
         pdo_mysql \
         pdo_sqlite \
+        pdo_pgsql \
         gd \
         bcmath \
         xsl \
@@ -32,15 +47,13 @@ ENV FRANKENPHP_CONFIG="import worker.Caddyfile"
 
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-# Install node and yarn
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN curl -sL https://deb.nodesource.com/setup_20.x | bash - && apt-get update && apt-get install -y nodejs yarn && apt-get -y autoremove && apt-get clean autoclean && rm -rf /var/lib/apt/lists/*
-
 # Install composer
 ENV COMPOSER_ALLOW_SUPERUSER=1
 #COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
 
+# Create workdir and set permissions if directory does not exists
+WORKDIR /app
+
 # prevent the reinstallation of vendors at every changes in the source code
 COPY --link composer.* symfony.* ./
 RUN set -eux; \
@@ -57,7 +70,10 @@ RUN set -eux; \
 	composer run-script --no-dev post-install-cmd; \
 	chmod +x bin/console; sync;
 
-RUN yarn install --network-timeout 600000 && yarn build && yarn cache clean && rm -rf node_modules/
+RUN yarn install --network-timeout 600000 && \
+    yarn build && \
+    yarn cache clean && \
+    rm -rf node_modules/
 
 # Use docker env to output logs to stdout
 ENV APP_ENV=docker

VERSION

@@ -1 +1 @@
-1.13.0
+1.17.1

assets/ckeditor/plugins/PartDBLabel/PartDBLabelUI.js

@@ -128,6 +128,8 @@ const PLACEHOLDERS = [
             ['[[BARCODE_QR]]', 'QR code linking to this element'],
             ['[[BARCODE_C128]]', 'Code 128 barcode linking to this element'],
             ['[[BARCODE_C39]]', 'Code 39 barcode linking to this element'],
+            ['[[BARCODE_C93]]', 'Code 93 barcode linking to this element'],
+            ['[[BARCODE_DATAMATRIX]]', 'Datamatrix code linking to this element'],
         ]
     },
     {

assets/ckeditor/plugins/PartDBLabel/lang/de.js

@@ -69,6 +69,8 @@ Object.assign( window.CKEDITOR_TRANSLATIONS[ 'de' ].dictionary, {
     'QR code linking to this element': 'QR Code verknüpft mit diesem Element',
     'Code 128 barcode linking to this element': 'Code 128 Barcode verknüpft mit diesem Element',
     'Code 39 barcode linking to this element': 'Code 39 Barcode verknüpft mit diesem Element',
+    'Code 93 barcode linking to this element': 'Code 93 Barcode verknüpft mit diesem Element',
+    'Datamatrix code linking to this element': 'Datamatrix Code verknüpft mit diesem Element',
 
     'Location ID': 'Lagerort ID',
     'Name': 'Name',

assets/controllers/elements/attachment_autocomplete_controller.js

@@ -23,6 +23,12 @@ import "tom-select/dist/css/tom-select.bootstrap5.css";
 import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";
 
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 export default class extends Controller {
     _tomSelect;
 
@@ -46,6 +52,12 @@ export default class extends Controller {
                     }
                     return '<div>' + escape(data.label) + '</div>';
                 }
+            },
+            plugins: {
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                "restore_on_backspace": {}
             }
         };
 

assets/controllers/elements/ckeditor_controller.js

@@ -53,6 +53,7 @@ export default class extends Controller {
 
         const config = {
             language: language,
+            licenseKey: "GPL",
         }
 
         const watchdog = new EditorWatchdog();

assets/controllers/elements/part_search_controller.js

@@ -186,5 +186,15 @@ export default class extends Controller {
                 ];
             },
         });
+
+        //Try to find the input field and register a defocus handler. This is necessarry, as by default the autocomplete
+        //lib has problems when multiple inputs are present on the page. (see https://github.com/algolia/autocomplete/issues/1216)
+        const inputs = this.element.getElementsByClassName('aa-Input');
+        for (const input of inputs) {
+            input.addEventListener('blur', () => {
+                this._autocomplete.setIsOpen(false);
+            });
+        }
+
     }
 }

assets/controllers/elements/static_file_autocomplete_controller.js

@@ -23,6 +23,12 @@ import "tom-select/dist/css/tom-select.bootstrap5.css";
 import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";
 
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 /**
  * This is the frontend controller for StaticFileAutocompleteType form element.
  * Basically it loads a text file from the given url (via data-url) and uses it as a source for the autocomplete.
@@ -46,7 +52,13 @@ export default class extends Controller {
             orderField: 'text',
 
             //This a an ugly solution to disable the delimiter parsing of the TomSelect plugin
-            delimiter: 'VERY_L0NG_D€LIMITER_WHICH_WILL_NEVER_BE_ENCOUNTERED_IN_A_STRING'
+            delimiter: 'VERY_L0NG_D€LIMITER_WHICH_WILL_NEVER_BE_ENCOUNTERED_IN_A_STRING',
+            plugins: {
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                'restore_on_backspace': {}
+            }
         };
 
         if (this.element.dataset.url) {

assets/controllers/elements/structural_entity_select_controller.js

@@ -24,6 +24,8 @@ import {Controller} from "@hotwired/stimulus";
 
 import {trans, ENTITY_SELECT_GROUP_NEW_NOT_ADDED_TO_DB} from '../../translator.js'
 
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
 
 export default class extends Controller {
     _tomSelect;
@@ -38,11 +40,15 @@ export default class extends Controller {
         const allowAdd = this.element.getAttribute("data-allow-add") === "true";
         const addHint = this.element.getAttribute("data-add-hint") ?? "";
 
+
+
+
         let settings = {
             allowEmptyOption: true,
             selectOnTab: true,
             maxOptions: null,
             create: allowAdd ? this.createItem.bind(this) : false,
+            createFilter: this.createFilter.bind(this),
 
             // This three options allow us to paste element names with commas: (see issue #538)
             maxItems: 1,
@@ -58,7 +64,21 @@ export default class extends Controller {
             render: {
                 item: this.renderItem.bind(this),
                 option: this.renderOption.bind(this),
-                option_create: function(data, escape) {
+                option_create: (data, escape)  => {
+                    //If the input starts with "->", we prepend the current selected value, for easier extension of existing values
+                    //This here handles the display part, while the createItem function handles the actual creation
+                    if (data.input.startsWith("->")) {
+                        //Get current selected value
+                        const current = this._tomSelect.getItem(this._tomSelect.getValue()).textContent.replaceAll("→", "->").trim();
+                        //Prepend it to the input
+                        if (current) {
+                            data.input = current + " " + data.input;
+                        } else {
+                            //If there is no current value, we remove the "->"
+                            data.input = data.input.substring(2);
+                        }
+                    }
+
                     return '<div class="create"><i class="fa-solid fa-plus fa-fw"></i>&nbsp;<strong>' + escape(data.input) + '</strong>&hellip;&nbsp;' +
                         '<small class="text-muted float-end">(' + addHint +')</small>' +
                         '</div>';
@@ -68,14 +88,39 @@ export default class extends Controller {
             //Add callbacks to update validity
             onInitialize: this.updateValidity.bind(this),
             onChange: this.updateValidity.bind(this),
+
+            plugins: {
+                "autoselect_typed": {},
+            }
         };
 
+        //Add clear button plugin, if an empty option is present
+        if (this.element.querySelector("option[value='']") !== null) {
+            settings.plugins["clear_button"] = {};
+        }
+
         this._tomSelect = new TomSelect(this.element, settings);
         //Do not do a sync here as this breaks the initial rendering of the empty option
         //this._tomSelect.sync();
     }
 
     createItem(input, callback) {
+
+        //If the input starts with "->", we prepend the current selected value, for easier extension of existing values
+        if (input.startsWith("->")) {
+            //Get current selected value
+            let current = this._tomSelect.getItem(this._tomSelect.getValue()).textContent.replaceAll("→", "->").trim();
+            //Replace no break spaces with normal spaces
+            current = current.replaceAll("\u00A0", " ");
+            //Prepend it to the input
+            if (current) {
+                input = current + " " + input;
+            } else {
+                //If there is no current value, we remove the "->"
+                input = input.substring(2);
+            }
+        }
+
         callback({
             //$%$ is a special value prefix, that is used to identify items, that are not yet in the DB
             value: '$%$' + input,
@@ -84,6 +129,31 @@ export default class extends Controller {
         });
     }
 
+    createFilter(input) {
+
+        //Normalize the input (replace spacing around arrows)
+        if (input.includes("->")) {
+            const inputs = input.split("->");
+            inputs.forEach((value, index) => {
+                inputs[index] = value.trim();
+            });
+            input = inputs.join("->");
+        } else {
+            input = input.trim();
+        }
+
+        const options = this._tomSelect.options;
+        //Iterate over all options and check if the input is already present
+        for (let index in options) {
+            const option = options[index];
+            if (option.path === input) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
 
     updateValidity() {
         //Mark this input as invalid, if the selected option is disabled

assets/controllers/elements/tagsinput_controller.js

@@ -23,14 +23,21 @@ import "tom-select/dist/css/tom-select.bootstrap5.css";
 import '../../css/components/tom-select_extensions.css';
 import TomSelect from "tom-select";
 
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 export default class extends Controller {
     _tomSelect;
 
     connect() {
         let settings = {
             plugins: {
-                remove_button:{
-                }
+                remove_button:{},
+                'autoselect_typed': {},
+                'click_to_edit': {},
             },
             persistent: false,
             selectOnTab: true,

assets/controllers/pages/barcode_scan_controller.js

@@ -20,7 +20,7 @@
 import {Controller} from "@hotwired/stimulus";
 //import * as ZXing from "@zxing/library";
 
-import {Html5QrcodeScanner, Html5Qrcode} from "html5-qrcode";
+import {Html5QrcodeScanner, Html5Qrcode} from "@part-db/html5-qrcode";
 
 /* stimulusFetch: 'lazy' */
 export default class extends Controller {
@@ -50,7 +50,7 @@ export default class extends Controller {
         });
 
         this._scanner = new Html5QrcodeScanner(this.element.id, {
-            fps: 2,
+            fps: 10,
             qrbox: qrboxFunction,
             experimentalFeatures: {
                 //This option improves reading quality on android chrome
@@ -61,6 +61,11 @@ export default class extends Controller {
         this._scanner.render(this.onScanSuccess.bind(this));
     }
 
+    disconnect() {
+        this._scanner.pause();
+        this._scanner.clear();
+    }
+
     onScanSuccess(decodedText, decodedResult) {
         //Put our decoded Text into the input box
         document.getElementById('scan_dialog_input').value = decodedText;

assets/controllers/pages/latex_preview_controller.js

@@ -25,9 +25,20 @@ import "katex/dist/katex.css";
 export default class extends Controller {
     static targets = ["input", "preview"];
 
+    static values = {
+        unit: {type: Boolean, default: false} //Render as upstanding (non-italic) text, useful for units
+    }
+
     updatePreview()
     {
-        katex.render(this.inputTarget.value, this.previewTarget, {
+        let value = "";
+        if (this.unitValue) {
+            value = "\\mathrm{" + this.inputTarget.value + "}";
+        } else {
+            value = this.inputTarget.value;
+        }
+
+        katex.render(value, this.previewTarget, {
             throwOnError: false,
         });
     }

assets/controllers/pages/parameters_autocomplete_controller.js

@@ -22,6 +22,13 @@ import TomSelect from "tom-select";
 import katex from "katex";
 import "katex/dist/katex.css";
 
+
+import TomSelect_click_to_edit from '../../tomselect/click_to_edit/click_to_edit'
+import TomSelect_autoselect_typed from '../../tomselect/autoselect_typed/autoselect_typed'
+
+TomSelect.define('click_to_edit', TomSelect_click_to_edit)
+TomSelect.define('autoselect_typed', TomSelect_autoselect_typed)
+
 /* stimulusFetch: 'lazy' */
 export default class extends Controller
 {
@@ -53,7 +60,10 @@ export default class extends Controller
     connect() {
         const settings = {
             plugins: {
-                clear_button:{}
+                'autoselect_typed': {},
+                'click_to_edit': {},
+                'clear_button': {},
+                'restore_on_backspace': {}
             },
             persistent: false,
             maxItems: 1,

assets/css/app/helpers.css

@@ -112,3 +112,10 @@ ul.structural_link li a:hover {
     background-color: var(--bs-success);
     border-color: var(--bs-success);
 }
+
+/***********************************************
+ * Katex rendering with same height as text
+ ***********************************************/
+.katex-same-height-as-text .katex {
+    font-size: 1.0em;
+}

assets/css/app/images.css

@@ -51,7 +51,6 @@
 .part-table-image {
     max-height: 40px;
     object-fit: contain;
-    width: 100%;
 }
 
 .part-info-image {

assets/css/app/layout.css

@@ -108,8 +108,8 @@ body {
 .back-to-top {
     cursor: pointer;
     position: fixed;
-    bottom: 20px;
-    right: 20px;
+    bottom: 60px;
+    right: 40px;
     display:none;
     z-index: 1030;
 }

assets/css/app/tables.css

@@ -63,10 +63,6 @@ table.dataTable > tbody > tr.selected > td > a {
     margin-block-end: 0;
 }
 
-.card-footer-table {
-    padding-top: 0;
-}
-
 table.dataTable {
     margin-top: 0 !important;
 }

assets/css/components/ckeditor.css

@@ -24,9 +24,8 @@
 /** Should be the same settings, as in label_style.css */
 .ck-html-label .ck-content {
     font-family: "DejaVu Sans Mono", monospace;
-    font-size: 12px;
+    font-size: 12pt;
     line-height: 1.0;
-    font-size-adjust: 1.5;
 }
 
 .ck-html-label .ck-content p {

assets/js/app.js

@@ -44,4 +44,18 @@ import "./register_events";
 import "./tristate_checkboxes";
 
 //Define jquery globally
-window.$ = window.jQuery = require("jquery")
+window.$ = window.jQuery = require("jquery");
+
+//Use the local WASM file for the ZXing library
+import {
+    setZXingModuleOverrides,
+} from "barcode-detector/pure";
+import  wasmFile from "../../node_modules/zxing-wasm/dist/reader/zxing_reader.wasm";
+setZXingModuleOverrides({
+    locateFile: (path, prefix) => {
+        if (path.endsWith(".wasm")) {
+            return wasmFile;
+        }
+        return prefix + path;
+    },
+});

assets/js/register_events.js

@@ -21,6 +21,7 @@
 
 import {Dropdown} from "bootstrap";
 import ClipboardJS from "clipboard";
+import {Modal} from "bootstrap";
 
 class RegisterEventHelper {
     constructor() {
@@ -31,9 +32,11 @@ class RegisterEventHelper {
         //Initialize ClipboardJS
         this.registerLoadHandler(() => {
             new ClipboardJS('.btn');
-        })
+        });
 
         this.registerModalDropRemovalOnFormSubmit();
+
+
     }
 
     registerModalDropRemovalOnFormSubmit() {
@@ -43,6 +46,15 @@ class RegisterEventHelper {
             if (back_drop) {
                 back_drop.remove();
             }
+
+            //Remove scroll-lock if it is still active
+            if (document.body.classList.contains('modal-open')) {
+                document.body.classList.remove('modal-open');
+
+                //Remove the padding-right and overflow:hidden from the body
+                document.body.style.paddingRight = '';
+                document.body.style.overflow = '';
+            }
         });
     }
 

assets/tomselect/autoselect_typed/autoselect_typed.js

@@ -0,0 +1,63 @@
+/**
+ * Autoselect Typed plugin for Tomselect
+ *
+ * This plugin allows automatically selecting an option matching the typed text when the Tomselect element goes out of
+ * focus (is blurred) and/or when the delimiter is typed.
+ *
+ * #select_on_blur option
+ * Tomselect natively supports the "createOnBlur" option. This option picks up any remaining text in the input field
+ * and uses it to create a new option and selects that option. It does behave a bit strangely though, in that it will
+ * not select an already existing option when the input is blurred, so if you typed something that matches an option in
+ * the list and then click outside the box (without pressing enter) the entered text is just removed (unless you have
+ * allow duplicates on in which case it will create a new option).
+ * This plugin fixes that, such that Tomselect will first try to select an option matching the remaining uncommitted
+ * text and only when no matching option is found tries to create a new one (if createOnBlur and create is on)
+ *
+ * #select_on_delimiter option
+ * Normally when typing the delimiter (space by default) Tomselect will try to create a new option (and select it) (if
+ * create is on), but if the typed text matches an option (and allow duplicates is off) it refuses to react at all until
+ * you press enter. With this option, the delimiter will also allow selecting an option, not just creating it.
+ */
+function select_current_input(self){
+    if(self.isLocked){
+        return
+    }
+
+    const val = self.inputValue()
+    //Do nothing if the input is empty
+    if (!val) {
+        return
+    }
+
+    if (self.options[val]) {
+        self.addItem(val)
+        self.setTextboxValue()
+    }
+}
+
+export default function(plugin_options_) {
+    const plugin_options = Object.assign({
+        //Autoselect the typed text when the input element goes out of focus
+        select_on_blur: true,
+        //Autoselect the typed text when the delimiter is typed
+        select_on_delimiter: true,
+    }, plugin_options_);
+
+    const self = this
+
+    if(plugin_options.select_on_blur) {
+        this.hook("before", "onBlur", function () {
+            select_current_input(self)
+        })
+    }
+
+    if(plugin_options.select_on_delimiter) {
+        this.hook("before", "onKeyPress", function (e) {
+            const character = String.fromCharCode(e.keyCode || e.which);
+            if (self.settings.mode === 'multi' && character === self.settings.delimiter) {
+                select_current_input(self)
+            }
+        })
+    }
+
+}

assets/tomselect/click_to_edit/click_to_edit.js

@@ -0,0 +1,93 @@
+/**
+ * click_to_edit plugin for Tomselect
+ *
+ * This plugin allows editing (and selecting text in) any selected item by clicking it.
+ *
+ * Usually, when the user typed some text and created an item in Tomselect that item cannot be edited anymore. To make
+ * a change, the item has to be deleted and retyped completely. There is also generally no way to copy text out of a
+ * tomselect item. The "restore_on_backspace" plugin improves that somewhat, by allowing the user to edit an item after
+ * pressing backspace. However, it is somewhat confusing to first have to focus the field an then hit backspace in order
+ * to copy a piece of text. It may also not be immediately obvious for editing.
+ * This plugin transforms an item into editable text when it is clicked, e.g. when the user tries to place the caret
+ * within an item or when they try to drag across the text to highlight it.
+ * It also plays nice with the remove_button plugin which still removes (deselects) an option entirely.
+ *
+ * It is recommended to also enable the autoselect_typed plugin when using this plugin. Without it, the text in the
+ * input field (i.e. the item that was just clicked) is lost when the user clicks outside the field. Also, when the user
+ * clicks an option (making it text) and then tries to enter another one by entering the delimiter (e.g. space) nothing
+ * happens until enter is pressed or the text is changed from what it was.
+ */
+
+/**
+ * Return a dom element from either a dom query string, jQuery object, a dom element or html string
+ * https://stackoverflow.com/questions/494143/creating-a-new-dom-element-from-an-html-string-using-built-in-dom-methods-or-pro/35385518#35385518
+ *
+ * param query should be {}
+ */
+const getDom = query => {
+    if (query.jquery) {
+        return query[0];
+    }
+    if (query instanceof HTMLElement) {
+        return query;
+    }
+    if (isHtmlString(query)) {
+        var tpl = document.createElement('template');
+        tpl.innerHTML = query.trim(); // Never return a text node of whitespace as the result
+        return tpl.content.firstChild;
+    }
+    return document.querySelector(query);
+};
+const isHtmlString = arg => {
+    if (typeof arg === 'string' && arg.indexOf('<') > -1) {
+        return true;
+    }
+    return false;
+};
+
+function plugin(plugin_options_) {
+    const self = this
+
+    const plugin_options = Object.assign({
+        //If there is unsubmitted text in the input field, should that text be automatically used to select a matching
+        //element? If this is off, clicking on item1 and then clicking on item2 will result in item1 being deselected
+        auto_select_before_edit: true,
+        //If there is unsubmitted text in the input field, should that text be automatically used to create a matching
+        //element if no matching element was found or auto_select_before_edit is off?
+        auto_create_before_edit: true,
+        //customize this function to change which text the item is replaced with when clicking on it
+        text: option => {
+            return option[self.settings.labelField];
+        }
+    }, plugin_options_);
+
+
+    self.hook('after', 'setupTemplates', () => {
+        const orig_render_item = self.settings.render.item;
+        self.settings.render.item = (data, escape) => {
+            const item = getDom(orig_render_item.call(self, data, escape));
+
+            item.addEventListener('click', evt => {
+                    if (self.isLocked) {
+                        return;
+                    }
+                    const val = self.inputValue();
+
+                    if (self.options[val]) {
+                        self.addItem(val)
+                    } else if (self.settings.create) {
+                        self.createItem();
+                    }
+                    const option = self.options[item.dataset.value]
+                    self.setTextboxValue(plugin_options.text.call(self, option));
+                    self.focus();
+                    self.removeItem(item);
+                }
+            );
+
+            return item;
+        }
+    });
+
+}
+export { plugin as default };

bin/console

@@ -4,6 +4,10 @@
 use App\Kernel;
 use Symfony\Bundle\FrameworkBundle\Console\Application;
 
+if (!is_dir(dirname(__DIR__).'/vendor')) {
+    throw new LogicException('Dependencies are missing. Try running "composer install".');
+}
+
 //Increase xdebug.max_nesting_level to 1000 if required (see issue #411)
 //Check if xdebug extension is active, and xdebug.max_nesting_level is set to 256 or lower
 if (extension_loaded('xdebug') && ((int) ini_get('xdebug.max_nesting_level')) <= 256) {

composer.json

@@ -1,4 +1,5 @@
 {
+    "name": "part-db/part-db-server",
     "type": "project",
     "license": "AGPL-3.0-or-later",
     "require": {
@@ -14,9 +15,9 @@
         "api-platform/core": "^3.1",
         "beberlei/doctrineextensions": "^1.2",
         "brick/math": "0.12.1 as 0.11.0",
-        "composer/ca-bundle": "^1.3",
+        "composer/ca-bundle": "^1.5",
         "composer/package-versions-deprecated": "^1.11.99.5",
-        "doctrine/data-fixtures": "^1.6.6",
+        "doctrine/data-fixtures": "^2.0.0",
         "doctrine/dbal": "^4.0.0",
         "doctrine/doctrine-bundle": "^2.0",
         "doctrine/doctrine-migrations-bundle": "^3.0",
@@ -39,12 +40,10 @@
         "nelmio/cors-bundle": "^2.3",
         "nelmio/security-bundle": "^3.0",
         "nyholm/psr7": "^1.1",
-        "ocramius/proxy-manager": "2.2.*",
-        "omines/datatables-bundle": "^0.8.0",
+        "omines/datatables-bundle": "^0.9.1",
+        "paragonie/sodium_compat": "^1.21",
         "part-db/label-fonts": "^1.0",
-        "php-translation/symfony-bundle": "^0.14.0",
-        "phpdocumentor/reflection-docblock": "^5.2",
-        "phpstan/phpdoc-parser": "^1.23",
+        "rhukster/dom-sanitizer": "^1.0",
         "runtime/frankenphp-symfony": "^0.2.0",
         "s9e/text-formatter": "^2.1",
         "scheb/2fa-backup-code": "^6.8.0",
@@ -56,6 +55,8 @@
         "symfony/apache-pack": "^1.0",
         "symfony/asset": "6.4.*",
         "symfony/console": "6.4.*",
+        "symfony/css-selector": "6.4.*",
+        "symfony/dom-crawler": "6.4.*",
         "symfony/dotenv": "6.4.*",
         "symfony/expression-language": "6.4.*",
         "symfony/flex": "^v2.3.1",
@@ -69,7 +70,6 @@
         "symfony/process": "6.4.*",
         "symfony/property-access": "6.4.*",
         "symfony/property-info": "6.4.*",
-        "symfony/proxy-manager-bridge": "6.4.*",
         "symfony/rate-limiter": "6.4.*",
         "symfony/runtime": "6.4.*",
         "symfony/security-bundle": "6.4.*",
@@ -91,23 +91,22 @@
         "twig/intl-extra": "^3.8",
         "twig/markdown-extra": "^3.8",
         "twig/string-extra": "^3.8",
-        "web-auth/webauthn-symfony-bundle": "^4.0.0",
-        "webmozart/assert": "^1.4"
+        "web-auth/webauthn-symfony-bundle": "^4.0.0"
     },
     "require-dev": {
         "dama/doctrine-test-bundle": "^v8.0.0",
-        "doctrine/doctrine-fixtures-bundle": "^3.2",
-        "ekino/phpstan-banned-code": "^v1.0.0",
+        "doctrine/doctrine-fixtures-bundle": "^4.0.0",
+        "ekino/phpstan-banned-code": "^v3.0.0",
+        "jbtronics/translation-editor-bundle": "^1.0",
         "phpstan/extension-installer": "^1.0",
-        "phpstan/phpstan": "^1.4.7",
-        "phpstan/phpstan-doctrine": "^1.2.11",
-        "phpstan/phpstan-strict-rules": "^1.5",
-        "phpstan/phpstan-symfony": "^1.1.7",
+        "phpstan/phpstan": "^2.0.4",
+        "phpstan/phpstan-doctrine": "^2.0.1",
+        "phpstan/phpstan-strict-rules": "^2.0.1",
+        "phpstan/phpstan-symfony": "^2.0.0",
         "phpunit/phpunit": "^9.5",
-        "rector/rector": "^1.1.1",
+        "rector/rector": "^2.0.4",
         "roave/security-advisories": "dev-latest",
         "symfony/browser-kit": "6.4.*",
-        "symfony/css-selector": "6.4.*",
         "symfony/debug-bundle": "6.4.*",
         "symfony/maker-bundle": "^1.13",
         "symfony/phpunit-bridge": "6.4.*",

config/bundles.php

@@ -18,7 +18,6 @@ return [
     DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
     Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
     Gregwar\CaptchaBundle\GregwarCaptchaBundle::class => ['all' => true],
-    Translation\Bundle\TranslationBundle::class => ['all' => true],
     Florianv\SwapBundle\FlorianvSwapBundle::class => ['all' => true],
     Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true],
     Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
@@ -32,4 +31,5 @@ return [
     KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
     Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
     ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
+    Jbtronics\TranslationEditorBundle\JbtronicsTranslationEditorBundle::class => ['dev' => true],
 ];

config/packages/api_platform.yaml

@@ -35,3 +35,7 @@ api_platform:
   keep_legacy_inflector: false
   # Need to be true, or some tests will fail
   use_symfony_listeners: true
+
+  serializer:
+    # Change this to false later, to remove the hydra prefix on the API
+    hydra_prefix: true

config/packages/datatables.yaml

@@ -8,15 +8,14 @@ datatables:
 
     # Set options, as documented at https://datatables.net/reference/option/
     options:
-        lengthMenu : [[10, 25, 50, 100, -1], [10, 25, 50, 100, "All"]]
+        lengthMenu : [[10, 25, 50, 100], [10, 25, 50, 100]] # We add the "All" option, when part tables are generated
         pageLength: '%partdb.table.default_page_size%'   # Set to -1 to disable pagination (i.e. show all rows) by default
-        #dom: "<'row' <'col-sm-12' tr>><'row' <'col-sm-6'l><'col-sm-6 text-right'pif>>"
-        dom: "  <'row'<'col mb-2 input-group' B l> <'col mb-2' <'pull-end' p>>>
+        dom: "  <'row' <'col mb-2 input-group flex-nowrap' B l > <'col-auto mb-2' < p >>>
                     <'card'
                         rt
                         <'card-footer card-footer-table text-muted' i >
                     >
-                        <'row'<'col mt-2 input-group' B l> <'col mt-2' <'pull-right' p>>>"
+                <'row' <'col mt-2 input-group flex-nowrap' B l > <'col-auto mt-2' < p >>>"
         pagingType: 'simple_numbers'
         searching: true
         stateSave: true

config/packages/dev/php_translation.yaml

@@ -1,5 +0,0 @@
-translation:
-    symfony_profiler:
-        enabled: true
-    webui:
-        enabled: true

config/packages/doctrine.yaml

@@ -57,6 +57,7 @@ doctrine:
                 field2: App\Doctrine\Functions\Field2
                 natsort: App\Doctrine\Functions\Natsort
                 array_position: App\Doctrine\Functions\ArrayPosition
+                ilike: App\Doctrine\Functions\ILike
 
 when@test:
     doctrine:

config/packages/monolog.yaml

@@ -50,7 +50,6 @@ when@prod:
                 type: stream
                 path: "%kernel.logs_dir%/%kernel.environment%.log"
                 level: debug
-                formatter: monolog.formatter.json
             console:
                 type: console
                 process_psr_3_messages: false
@@ -74,7 +73,6 @@ when@docker:
                 type: stream
                 path: "php://stderr"
                 level: debug
-                formatter: monolog.formatter.json
             console:
                 type: console
                 process_psr_3_messages: false

config/packages/nelmio_security.yaml

@@ -51,12 +51,16 @@ nelmio_security:
             img-src:
                 - '*'
                 - 'data:'
+                # Required for be able to load pictures in the QR code scanner
+                - 'blob:'
             style-src:
                 - 'self'
                 - 'unsafe-inline'
                 - 'data:'
             script-src:
                 - 'self'
+                # Required for loading the Wasm for the barcode scanner:
+                - 'wasm-unsafe-eval'
             object-src:
                 - 'self'
                 - 'data:'

config/packages/php_translation.yaml

@@ -1,11 +0,0 @@
-translation:
-    locales: ["en", "de"]
-    edit_in_place:
-        enabled: false
-        config_name: app
-    configs:
-        app:
-            dirs: ["%kernel.project_dir%/templates", "%kernel.project_dir%/src"]
-            output_dir: "%kernel.project_dir%/translations"
-            excluded_names: ["*TestCase.php", "*Test.php"]
-            excluded_dirs: [cache, data, logs]

config/parameters.yaml

@@ -11,7 +11,7 @@ parameters:
   partdb.banner: '%env(trim:string:BANNER)%'                  # The info text shown in the homepage, if empty config/banner.md is used
   partdb.default_currency: '%env(string:BASE_CURRENCY)%'      # The currency that is used inside the DB (and is assumed when no currency is set). This can not be changed later, so be sure to set it the currency used in your country
   partdb.global_theme: ''                                     # The theme to use globally (see public/build/themes/ for choices, use name without .css). Set to '' for default bootstrap theme
-  partdb.locale_menu: ['en', 'de', 'it', 'fr', 'ru', 'ja', 'cs', 'da', 'zh']    # The languages that are shown in user drop down menu
+  partdb.locale_menu: ['en', 'de', 'it', 'fr', 'ru', 'ja', 'cs', 'da', 'zh', 'pl']    # The languages that are shown in user drop down menu
   partdb.enforce_change_comments_for: '%env(csv:ENFORCE_CHANGE_COMMENTS_FOR)%' # The actions for which a change comment is required (e.g. "part_edit", "part_create", etc.). If this is empty, change comments are not required at all.
 
   partdb.default_uri: '%env(string:DEFAULT_URI)%'             # The default URI to use for the Part-DB instance (e.g. https://part-db.example.com/). This is used for generating links in emails

config/routes/dev/php_translation.yaml

@@ -1,6 +0,0 @@
-_translation_webui:
-    resource: '@TranslationBundle/Resources/config/routing_webui.yaml'
-    prefix: /admin
-
-_translation_profiler:
-    resource: '@TranslationBundle/Resources/config/routing_symfony_profiler.yaml'

config/routes/jbtronics_translation_editor.yaml

@@ -0,0 +1,3 @@
+when@dev:
+  translation_editor:
+    resource: '@JbtronicsTranslationEditorBundle/config/routes.php'

config/routes/php_translation.yaml

@@ -1,3 +0,0 @@
-_translation_edit_in_place:
-    resource: '@TranslationBundle/Resources/config/routing_edit_in_place.yaml'
-    prefix: /admin

config/services.yaml

@@ -306,6 +306,16 @@ services:
             $enabled: '%env(bool:PROVIDER_LCSC_ENABLED)%'
             $currency: '%env(string:PROVIDER_LCSC_CURRENCY)%'
 
+    App\Services\InfoProviderSystem\Providers\OEMSecretsProvider:
+        arguments:
+            $api_key: '%env(string:PROVIDER_OEMSECRETS_KEY)%'
+            $country_code: '%env(string:PROVIDER_OEMSECRETS_COUNTRY_CODE)%'
+            $currency: '%env(PROVIDER_OEMSECRETS_CURRENCY)%'
+            $zero_price: '%env(PROVIDER_OEMSECRETS_ZERO_PRICE)%'
+            $set_param: '%env(PROVIDER_OEMSECRETS_SET_PARAM)%'
+            $sort_criteria: '%env(PROVIDER_OEMSECRETS_SORT_CRITERIA)%'
+
+
     ####################################################################################################################
     # API system
     ####################################################################################################################

docs/concepts.md

@@ -23,7 +23,7 @@ each other so that it does not matter which one of your 1000 things of Part you
 A part entity has many fields, which can be used to describe it better. Most of the fields are optional:
 
 * **Name** (Required): The name of the part or how you want to call it. This could be a manufacturer-provided name, or a
-  name you thought of yourself. The name have to be unique in a single category.
+  name you thought of yourself. Each name needs to be unique and must exist in a single category.
 * **Description**: A short (single-line) description of what this part is/does. For longer information, you should use
   the comment field or the specifications
 * **Category** (Required): The category (see there) to which this part belongs to.

docs/configuration.md

@@ -32,11 +32,16 @@ options listed, see `.env` file for the full list of possible env variables.
 
 ### General options
 
-* `DATABASE_URL`: Configures the database which Part-DB uses. For mysql use a string in the form
-  of `mysql://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<TABLE_NAME>` here
-  (e.g. `DATABASE_URL=mysql://user:password@127.0.0.1:3306/part-db`). For SQLite use the following format to specify the
+* `DATABASE_URL`: Configures the database which Part-DB uses:
+   * For MySQL (or MariaDB) use a string in the form of `mysql://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<TABLE_NAME>` here
+  (e.g. `DATABASE_URL=mysql://user:password@127.0.0.1:3306/part-db`).
+   * For SQLite use the following format to specify the
   absolute path where it should be located `sqlite:///path/part/app.db`. You can use `%kernel.project_dir%` as
   placeholder for the Part-DB root folder (e.g. `sqlite:///%kernel.project_dir%/var/app.db`)
+   * For Postgresql use a string in the form of `DATABASE_URL=postgresql://user:password@127.0.0.1:5432/part-db?serverVersion=x.y`.
+
+     Please note that **`serverVersion=x.y`** variable is required due to dependency of Symfony framework.
+
 * `DATABASE_MYSQL_USE_SSL_CA`: If this value is set to `1` or `true` and a MySQL connection is used, then the connection
  is encrypted by SSL/TLS and the server certificate is verified against the system CA certificates or the CA certificate
 bundled with Part-DB. Set `DATABASE_MYSQL_SSL_VERIFY_CERT` if you want to accept all certificates.
@@ -86,6 +91,10 @@ bundled with Part-DB. Set `DATABASE_MYSQL_SSL_VERIFY_CERT` if you want to accept
     * `datastructure_create`: Creation of a new datastructure (e.g. category, manufacturer, ...)
 * `CHECK_FOR_UPDATES` (default `1`): Set this to 0, if you do not want Part-DB to connect to GitHub to check for new
   versions, or if your server can not connect to the internet.
+* `APP_SECRET`: This variable is a configuration parameter used for various security-related purposes,
+  particularly for securing and protecting various aspects of your application. It's a secret key that is used for
+  cryptographic operations and security measures (session management, CSRF protection, etc..). Therefore this
+  value should be handled as confidential data and not shared publicly.
 
 ### E-Mail settings
 

docs/installation/choosing_database.md

@@ -150,9 +150,9 @@ In the `serverVersion` parameter you can specify the version of the PostgreSQL s
 
 The `charset` parameter specify the character set of the database. It should be set to `utf8` to ensure that all characters are stored correctly.
 
-If you want to use a unix socket for the connection instead of a TCP connnection, you can specify the socket path in the `unix_socket` parameter.
+If you want to use a unix socket for the connection instead of a TCP connnection, you can specify the socket path in the `host` parameter.
 ```shell
-DATABASE_URL="postgresql://db_user:db_password@localhost/db_name?serverVersion=12.19&charset=utf8&unix_socket=/var/run/postgresql/.s.PGSQL.5432"
+DATABASE_URL="postgresql://db_user@localhost/db_name?serverVersion=16.6&charset=utf8&host=/var/run/postgresql"
 ```
 
 

docs/installation/index.md

@@ -7,3 +7,5 @@ has_children: true
 
 # Installation
 Below you can find some guides to install Part-DB.
+
+For the hobbyists without much experience, we recommend the docker installation or direct installation on debian.

docs/installation/installation_docker.md

@@ -48,6 +48,12 @@ services:
       # In docker env logs will be redirected to stderr
       - APP_ENV=docker
       
+      # Uncomment this, if you want to use the automatic database migration feature. With this you have you do not have to
+      # run the doctrine:migrations:migrate commands on installation or upgrade. A database backup is written to the uploads/
+      # folder (under .automigration-backup), so you can restore it, if the migration fails.
+      # This feature is currently experimental, so use it at your own risk!
+      # - DB_AUTOMIGRATE=true
+
       # You can configure Part-DB using environment variables
       # Below you can find the most essential ones predefined
       # However you can add any other environment configuration you want here
@@ -130,6 +136,12 @@ services:
       # In docker env logs will be redirected to stderr
       - APP_ENV=docker
 
+       # Uncomment this, if you want to use the automatic database migration feature. With this you have you do not have to
+       # run the doctrine:migrations:migrate commands on installation or upgrade. A database backup is written to the uploads/
+       # folder (under .automigration-backup), so you can restore it, if the migration fails.
+       # This feature is currently experimental, so use it at your own risk!
+       # - DB_AUTOMIGRATE=true
+
       # You can configure Part-DB using environment variables
       # Below you can find the most essential ones predefined
       # However you can add add any other environment configuration you want here
@@ -158,7 +170,7 @@ services:
     container_name: partdb_database
     image: mysql:8.0
     restart: unless-stopped
-    command: --default-authentication-plugin=mysql_native_password
+    command: --default-authentication-plugin=mysql_native_password --log-bin-trust-function-creators=1
     environment:
       # Change this Password
       MYSQL_ROOT_PASSWORD: SECRET_ROOT_PASSWORD
@@ -201,6 +213,10 @@ You also have to create the database as described above in step 4.
 You can run the console commands described in README by
 executing `docker exec --user=www-data -it partdb bin/console [command]`
 
+{: .warning }
+> If you run a root console inside the container, and wanna execute commands on the webserver behalf, be sure to use `sudo -E` command (with the `-E` flag) to preserve env variables from the current shell.
+> Otherwise Part-DB console might use the wrong configuration to execute commands.
+
 ## Troubleshooting
 
 *Login is not possible. Login page is just reloading and no error message is shown or something like "CSFR token invalid"*:

docs/installation/kubernetes.md

@@ -0,0 +1,42 @@
+---
+title: Kubernetes / Helm
+layout: default
+parent: Installation
+nav_order: 5
+---
+
+# Kubernetes / Helm Charts
+
+If you are using Kubernetes, you can use the [helm charts](https://helm.sh/) provided in this [repository](https://github.com/Part-DB/helm-charts).
+
+## Usage
+
+[Helm](https://helm.sh) must be installed to use the charts.  Please refer to
+Helm's [documentation](https://helm.sh/docs) to get started.
+
+Once Helm has been set up correctly, add the repo as follows:
+
+`helm repo add part-db https://part-db.github.io/helm-charts`
+
+If you had already added this repo earlier, run `helm repo update` to retrieve
+the latest versions of the packages.  You can then run `helm search repo
+part-db` to see the charts.
+
+To install the part-db chart:
+
+    helm install my-part-db part-db/part-db
+
+To uninstall the chart:
+
+    helm delete my-part-db
+
+This repository is also available at [ArtifactHUB](https://artifacthub.io/packages/search?repo=part-db).
+
+## Configuration
+
+See the README in the [chart directory](https://github.com/Part-DB/helm-charts/tree/main/charts/part-db) for more
+information on the available configuration options.
+
+## Bugreports
+
+If you find issues related to the helm charts, please open an issue in the [helm-charts repository](https://github.com/Part-DB/helm-charts).

docs/installation/nginx.md

@@ -53,6 +53,11 @@ server {
         return 404;
     }
     
+    # Set Content-Security-Policy for svg files, to block embedded javascript in there
+    location ~* \.svg$ {
+        add_header Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none';";
+    }
+
     error_log /var/log/nginx/parts.error.log;
     access_log /var/log/nginx/parts.access.log;
 

docs/installation/proxmox.md

@@ -0,0 +1,31 @@
+---
+title: Proxmox VE LXC
+layout: default
+parent: Installation
+nav_order: 6
+---
+
+# Proxmox VE LXC
+
+{: .warning }
+> The proxmox VE LXC script for Part-DB is developed and maintained by [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/)
+> and not by the Part-DB developers. Keep in mind that the script is not officially supported by the Part-DB developers.
+
+If you are using Proxmox VE you can use the scripts provided by [Proxmox VE Helper-Scripts community](https://community-scripts.github.io/ProxmoxVE/scripts?id=part-db)
+to easily install Part-DB in a LXC container.
+
+## Usage
+
+To create a new LXC container with Part-DB, you can use the following command in the Proxmox VE shell:
+
+```bash
+bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/part-db.sh)"
+```
+
+The same command can be used to update an existing Part-DB container.
+
+See the [helper script website](https://community-scripts.github.io/ProxmoxVE/scripts?id=part-db) for more information.
+
+## Bugreports
+
+If you find issues related to the proxmox VE LXC script, please open an issue in the [Proxmox VE Helper-Scripts repository](https://github.com/community-scripts/ProxmoxVE).

docs/usage/console_commands.md

@@ -25,6 +25,12 @@ is named `partdb`, you can execute the command `php bin/console cache:clear` wit
 docker exec --user=www-data partdb php bin/console cache:clear
 ```
 
+{: .warning }
+> If you run a root console inside the docker container, and wanna execute commands on the webserver behalf, be sure to use `sudo -E` command (with the `-E` flag) to preserve env variables from the current shell.
+> Otherwise Part-DB console might use the wrong configuration to execute commands.
+
+## Troubleshooting
+
 ## User management commands
 
 * `php bin/console partdb:users:list`: List all users of this Part-DB instance
@@ -65,3 +71,9 @@ docker exec --user=www-data partdb php bin/console cache:clear
 
 * `php bin/console doctrine:migrations:migrate`: Migrate the database to the latest version
 * `php bin/console doctrine:migrations:up-to-date`: Check if the database is up-to-date
+
+## Attachment commands
+
+* `php bin/console partdb:attachments:download`: Download all attachments, which are not already downloaded, to the
+  local filesystem. This is useful to create local backups of the attachments, no matter what happens on the remote and
+ also makes pictures thumbnails available for the frontend for them

docs/usage/information_provider_system.md

@@ -107,7 +107,7 @@ The following env configuration options are available:
   default: `EUR`). If an offer is only available in a certain currency,
   Part-DB will save the prices in their native currency, and you can use Part-DB currency conversion feature to convert
   it to your preferred currency.
-* `PROVIDER_OCOTPART_COUNTRY`: The country you want to get prices in if available (optional, 2 letter ISO-code,
+* `PROVIDER_OCTOPART_COUNTRY`: The country you want to get prices in if available (optional, 2 letter ISO-code,
   default: `DE`). To get the correct prices, you have to set this and the currency setting to the correct value.
 * `PROVIDER_OCTOPART_SEARCH_LIMIT`: The maximum number of results to return per search (optional, default: `10`). This
   affects how quickly your monthly limit is used up.
@@ -212,6 +212,46 @@ An API key is not required, it is enough to enable the provider using the follow
 * `PROVIDER_LCSC_ENABLED`: Set this to `1` to enable the LCSC provider
 * `PROVIDER_LCSC_CURRENCY`: The currency you want to get prices in (see LCSC webshop for available currencies, default: `EUR`)
 
+### OEMsecrets
+
+The oemsecrets provider uses the [oemsecrets API](https://www.oemsecrets.com/) to search for parts and getting shopping
+information from them. Similar to octopart it aggregates offers from different distributors.
+
+You can apply for a free API key on the [oemsecrets API page](https://www.oemsecrets.com/api/) and put the key you get
+in the Part-DB env configuration (see below).
+
+The following env configuration options are available:
+
+* `PROVIDER_OEMSECRETS_KEY`: The API key you got from oemsecrets (mandatory)
+* `PROVIDER_OEMSECRETS_COUNTRY_CODE`: The two-letter code of the country you want to get the prices for
+* `PROVIDER_OEMSECRETS_CURRENCY`: The currency you want to get prices in (optional, default: `EUR`)
+* `PROVIDER_OEMSECRETS_ZERO_PRICE`: If set to `1`, parts with a price of 0 will be included in the search results, otherwise
+  they will be excluded (optional, default: `0`)
+* `PROVIDER_OEMSECRETS_SET_PARAM`: If set to `1`, the provider will try to extract parameters from the part description
+* `PROVIDER_OEMSECRETS_SORT_CRITERIA`: The criteria to sort the search results by. If set to 'C', it further sorts by 
+completeness (prioritizing items with the most detailed information). If set to 'M', it further sorts by manufacturer name.
+If set to any other value, no sorting is performed.
+
+### Reichelt
+
+The reichelt provider uses webscraping from [reichelt.com](https://reichelt.com/) to get part information.
+This is not an official API and could break at any time. So use it at your own risk.
+
+The following env configuration options are available:  
+* `PROVIDER_REICHELT_ENABLED`: Set this to `1` to enable the Reichelt provider
+* `PROVIDER_REICHELT_CURRENCY`: The currency you want to get prices in. Only possible for countries which use Non-EUR (optional, default: `EUR`)
+* `PROVIDER_REICHELT_COUNTRY`: The country you want to get the prices for (optional, default: `DE`)
+* `PROVIDER_REICHELT_LANGUAGE`: The language you want to get the descriptions in (optional, default: `en`)
+* `PROVIDER_REICHELT_INCLUDE_VAT`: If set to `1`, the prices will be gross prices (including tax), otherwise net prices (optional, default: `1`)
+
+### Pollin
+
+The pollin provider uses webscraping from [pollin.de](https://www.pollin.de/) to get part information.
+This is not an official API and could break at any time. So use it at your own risk.
+
+The following env configuration options are available:
+* `PROVIDER_POLLIN_ENABLED`: Set this to `1` to enable the Pollin provider
+
 ### Custom provider
 
 To create a custom provider, you have to create a new class implementing the `InfoProviderInterface` interface. As long

docs/usage/keybindings.md

@@ -117,6 +117,6 @@ For a German keyboard layout, replace `[` with `0`, and `]` with `´`.
 | Key                            | Character          |
 |--------------------------------|--------------------|
 | **Alt + [**  (code 219)        | © (Copyright char) |
-| **Alt + Shift + [** (code 219) | (Registered char)  |
+| **Alt + Shift + [** (code 219) | ® (Registered char)  |
 | **Alt + ]**  (code 221)        | ™ (Trademark char) |
-| **Alt + Shift + ]** (code 221) | (Degree char)      |
+| **Alt + Shift + ]** (code 221) | ° (Degree char)      |

migrations/Version20240606203053.php

@@ -343,6 +343,7 @@ final class Version20240606203053 extends AbstractMultiPlatformMigration impleme
         $this->addSql('ALTER TABLE webauthn_keys CHANGE public_key_credential_id public_key_credential_id LONGTEXT NOT NULL, CHANGE transports transports LONGTEXT NOT NULL, CHANGE trust_path trust_path JSON NOT NULL, CHANGE aaguid aaguid TINYTEXT NOT NULL, CHANGE credential_public_key credential_public_key LONGTEXT NOT NULL, CHANGE other_ui other_ui LONGTEXT DEFAULT NULL, CHANGE last_time_used last_time_used DATETIME DEFAULT NULL');
 
         // Add the natural sort emulation function to the database (based on this stackoverflow: https://stackoverflow.com/questions/153633/natural-sort-in-mysql/58154535#58154535)
+        //This version here is wrong, and will be replaced by the correct version in the next migration (we need to use nowdoc instead of heredoc, otherwise the slashes will be wrongly escaped!!)
         $this->addSql(<<<EOD
             CREATE DEFINER=CURRENT_USER FUNCTION `NatSortKey`(`s` VARCHAR(1000) CHARSET utf8mb4, `n` INT) RETURNS varchar(3500) CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci
             DETERMINISTIC
@@ -411,7 +412,7 @@ final class Version20240606203053 extends AbstractMultiPlatformMigration impleme
                 
           DECLARE x,y varchar(1000);            # need to be same length as input s
           DECLARE r varchar(3500) DEFAULT '';   # return value:  needs to be same length as return type
-          DECLARE suf varchar(101);   # suffix for a number or version string. Must be (((inputlength+1) DIV 2)*2 + 1) chars to support version strings (e.g. '1.2.33.5'), though it's usually just 3 chars. (Max version string e.g. 1.2. ... .5 has ((length of input + 1) DIV 2) numeric components)
+          DECLARE suf varchar(1001);   # suffix for a number or version string. Must be (((inputlength+1) DIV 2)*2 + 1) chars to support version strings (e.g. '1.2.33.5'), though it's usually just 3 chars. (Max version string e.g. 1.2. ... .5 has ((length of input + 1) DIV 2) numeric components)
           DECLARE i,j,k int UNSIGNED;
           IF n<=0 THEN SET n := -1; END IF;   # n<=0 means "process all numbers"
           LOOP

migrations/Version20240728145604.php

@@ -0,0 +1,165 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use App\Migration\AbstractMultiPlatformMigration;
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20240728145604 extends AbstractMultiPlatformMigration
+{
+    public function getDescription(): string
+    {
+        return 'Update the Natural Sorting function for MySQL';
+    }
+
+
+    public function mySQLUp(Schema $schema): void
+    {
+        //Remove the old function
+        $this->addSql('DROP FUNCTION IF EXISTS NatSortKey');
+
+        //The difference to the original function is the correct length of the suf variable and correct escaping
+        //We now use heredoc syntax to avoid escaping issues with the \ (which resulted in "range out of order in character class").
+        $this->addSql(<<<'EOD'
+            CREATE DEFINER=CURRENT_USER FUNCTION `NatSortKey`(`s` VARCHAR(1000) CHARSET utf8mb4, `n` INT) RETURNS varchar(3500) CHARSET utf8mb4 COLLATE utf8mb4_unicode_ci
+            DETERMINISTIC
+            SQL SECURITY INVOKER
+            BEGIN
+            /****
+            Converts numbers in the input string s into a format such that sorting results in a nat-sort.
+            Numbers of up to 359 digits (before the decimal point, if one is present) are supported.  Sort results are undefined if the input string contains numbers longer than this.
+            For n>0, only the first n numbers in the input string will be converted for nat-sort (so strings that differ only after the first n numbers will not nat-sort amongst themselves).
+            Total sort-ordering is preserved, i.e. if s1!=s2, then NatSortKey(s1,n)!=NatSortKey(s2,n), for any given n.
+            Numbers may contain ',' as a thousands separator, and '.' as a decimal point.  To reverse these (as appropriate for some European locales), the code would require modification.
+            Numbers preceded by '+' sort with numbers not preceded with either a '+' or '-' sign.
+            Negative numbers (preceded with '-') sort before positive numbers, but are sorted in order of ascending absolute value (so -7 sorts BEFORE -1001).
+            Numbers with leading zeros sort after the same number with no (or fewer) leading zeros.
+            Decimal-part-only numbers (like .75) are recognised, provided the decimal point is not immediately preceded by either another '.', or by a letter-type character.
+            Numbers with thousand separators sort after the same number without them.
+            Thousand separators are only recognised in numbers with no leading zeros that don't immediately follow a ',', and when they format the number correctly.
+            (When not recognised as a thousand separator, a ',' will instead be treated as separating two distinct numbers).
+            Version-number-like sequences consisting of 3 or more numbers separated by '.' are treated as distinct entities, and each component number will be nat-sorted.
+            The entire entity will sort after any number beginning with the first component (so e.g. 10.2.1 sorts after both 10 and 10.995, but before 11)
+            Note that The first number component in an entity like this is also permitted to contain thousand separators.
+        
+                  To achieve this, numbers within the input string are prefixed and suffixed according to the following format:
+                  - The number is prefixed by a 2-digit base-36 number representing its length, excluding leading zeros.  If there is a decimal point, this length only includes the integer part of the number.
+                  - A 3-character suffix is appended after the number (after the decimals if present).
+                    - The first character is a space, or a '+' sign if the number was preceded by '+'.  Any preceding '+' sign is also removed from the front of the number.
+                    - This is followed by a 2-digit base-36 number that encodes the number of leading zeros and whether the number was expressed in comma-separated form (e.g. 1,000,000.25 vs 1000000.25)
+                    - The value of this 2-digit number is: (number of leading zeros)*2 + (1 if comma-separated, 0 otherwise)
+                  - For version number sequences, each component number has the prefix in front of it, and the separating dots are removed.
+                    Then there is a single suffix that consists of a ' ' or '+' character, followed by a pair base-36 digits for each number component in the sequence.
+                
+                  e.g. here is how some simple sample strings get converted:
+                  'Foo055' --> 'Foo0255 02'
+                  'Absolute zero is around -273 centigrade' --> 'Absolute zero is around -03273 00 centigrade'
+                  'The $1,000,000 prize' --> 'The $071000000 01 prize'
+                  '+99.74 degrees' --> '0299.74+00 degrees'
+                  'I have 0 apples' --> 'I have 00 02 apples'
+                  '.5 is the same value as 0000.5000' --> '00.5 00 is the same value as 00.5000 08'
+                  'MariaDB v10.3.0018' --> 'MariaDB v02100130218 000004'
+                
+                  The restriction to numbers of up to 359 digits comes from the fact that the first character of the base-36 prefix MUST be a decimal digit, and so the highest permitted prefix value is '9Z' or 359 decimal.
+                  The code could be modified to handle longer numbers by increasing the size of (both) the prefix and suffix.
+                  A higher base could also be used (by replacing CONV() with a custom function), provided that the collation you are using sorts the "digits" of the base in the correct order, starting with 0123456789.
+                  However, while the maximum number length may be increased this way, note that the technique this function uses is NOT applicable where strings may contain numbers of unlimited length.
+                
+                  The function definition does not specify the charset or collation to be used for string-type parameters or variables:  The default database charset & collation at the time the function is defined will be used.
+                  This is to make the function code more portable.  However, there are some important restrictions:
+                
+                  - Collation is important here only when comparing (or storing) the output value from this function, but it MUST order the characters " +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" in that order for the natural sort to work.
+                    This is true for most collations, but not all of them, e.g. in Lithuanian 'Y' comes before 'J' (according to Wikipedia).
+                    To adapt the function to work with such collations, replace CONV() in the function code with a custom function that emits "digits" above 9 that are characters ordered according to the collation in use.
+                
+                  - For efficiency, the function code uses LENGTH() rather than CHAR_LENGTH() to measure the length of strings that consist only of digits 0-9, '.', and ',' characters.
+                    This works for any single-byte charset, as well as any charset that maps standard ASCII characters to single bytes (such as utf8 or utf8mb4).
+                    If using a charset that maps these characters to multiple bytes (such as, e.g. utf16 or utf32), you MUST replace all instances of LENGTH() in the function definition with CHAR_LENGTH()
+                
+                  Length of the output:
+                
+                  Each number converted adds 5 characters (2 prefix + 3 suffix) to the length of the string. n is the maximum count of numbers to convert;
+                  This parameter is provided as a means to limit the maximum output length (to input length + 5*n).
+                  If you do not require the total-ordering property, you could edit the code to use suffixes of 1 character (space or plus) only; this would reduce the maximum output length for any given n.
+                  Since a string of length L has at most ((L+1) DIV 2) individual numbers in it (every 2nd character a digit), for n<=0 the maximum output length is (inputlength + 5*((inputlength+1) DIV 2))
+                  So for the current input length of 100, the maximum output length is 350.
+                  If changing the input length, the output length must be modified according to the above formula.  The DECLARE statements for x,y,r, and suf must also be modified, as the code comments indicate.
+                ****/
+                
+          DECLARE x,y varchar(1000);            # need to be same length as input s
+          DECLARE r varchar(3500) DEFAULT '';   # return value:  needs to be same length as return type
+          DECLARE suf varchar(1001);   # suffix for a number or version string. Must be (((inputlength+1) DIV 2)*2 + 1) chars to support version strings (e.g. '1.2.33.5'), though it's usually just 3 chars. (Max version string e.g. 1.2. ... .5 has ((length of input + 1) DIV 2) numeric components)
+          DECLARE i,j,k int UNSIGNED;
+          IF n<=0 THEN SET n := -1; END IF;   # n<=0 means "process all numbers"
+          LOOP
+            SET i := REGEXP_INSTR(s,'\\d');   # find position of next digit
+            IF i=0 OR n=0 THEN RETURN CONCAT(r,s); END IF;   # no more numbers to process -> we're done
+            SET n := n-1, suf := ' ';
+            IF i>1 THEN
+              IF SUBSTRING(s,i-1,1)='.' AND (i=2 OR SUBSTRING(s,i-2,1) RLIKE '[^.\\p{L}\\p{N}\\p{M}\\x{608}\\x{200C}\\x{200D}\\x{2100}-\\x{214F}\\x{24B6}-\\x{24E9}\\x{1F130}-\\x{1F149}\\x{1F150}-\\x{1F169}\\x{1F170}-\\x{1F189}]') AND (SUBSTRING(s,i) NOT RLIKE '^\\d++\\.\\d') THEN SET i:=i-1; END IF;   # Allow decimal number (but not version string) to begin with a '.', provided preceding char is neither another '.', nor a member of the unicode character classes: "Alphabetic", "Letter", "Block=Letterlike Symbols" "Number", "Mark", "Join_Control"
+              IF i>1 AND SUBSTRING(s,i-1,1)='+' THEN SET suf := '+', j := i-1; ELSE SET j := i; END IF;   # move any preceding '+' into the suffix, so equal numbers with and without preceding "+" signs sort together
+              SET r := CONCAT(r,SUBSTRING(s,1,j-1)); SET s = SUBSTRING(s,i);   # add everything before the number to r and strip it from the start of s; preceding '+' is dropped (not included in either r or s)
+            END IF;
+            SET x := REGEXP_SUBSTR(s,IF(SUBSTRING(s,1,1) IN ('0','.') OR (SUBSTRING(r,-1)=',' AND suf=' '),'^\\d*+(?:\\.\\d++)*','^(?:[1-9]\\d{0,2}(?:,\\d{3}(?!\\d))++|\\d++)(?:\\.\\d++)*+'));   # capture the number + following decimals (including multiple consecutive '.<digits>' sequences)
+            SET s := SUBSTRING(s,CHAR_LENGTH(x)+1);   # NOTE: CHAR_LENGTH() can be safely used instead of CHAR_LENGTH() here & below PROVIDED we're using a charset that represents digits, ',' and '.' characters using single bytes (e.g. latin1, utf8)
+            SET i := INSTR(x,'.');
+            IF i=0 THEN SET y := ''; ELSE SET y := SUBSTRING(x,i); SET x := SUBSTRING(x,1,i-1); END IF;   # move any following decimals into y
+            SET i := CHAR_LENGTH(x);
+            SET x := REPLACE(x,',','');
+            SET j := CHAR_LENGTH(x);
+            SET x := TRIM(LEADING '0' FROM x);   # strip leading zeros
+            SET k := CHAR_LENGTH(x);
+            SET suf := CONCAT(suf,LPAD(CONV(LEAST((j-k)*2,1294) + IF(i=j,0,1),10,36),2,'0'));   # (j-k)*2 + IF(i=j,0,1) = (count of leading zeros)*2 + (1 if there are thousands-separators, 0 otherwise)  Note the first term is bounded to <= base-36 'ZY' as it must fit within 2 characters
+            SET i := LOCATE('.',y,2);
+            IF i=0 THEN
+              SET r := CONCAT(r,LPAD(CONV(LEAST(k,359),10,36),2,'0'),x,y,suf);   # k = count of digits in number, bounded to be <= '9Z' base-36
+            ELSE   # encode a version number (like 3.12.707, etc)
+              SET r := CONCAT(r,LPAD(CONV(LEAST(k,359),10,36),2,'0'),x);   # k = count of digits in number, bounded to be <= '9Z' base-36
+              WHILE CHAR_LENGTH(y)>0 AND n!=0 DO
+                IF i=0 THEN SET x := SUBSTRING(y,2); SET y := ''; ELSE SET x := SUBSTRING(y,2,i-2); SET y := SUBSTRING(y,i); SET i := LOCATE('.',y,2); END IF;
+                SET j := CHAR_LENGTH(x);
+                SET x := TRIM(LEADING '0' FROM x);   # strip leading zeros
+                SET k := CHAR_LENGTH(x);
+                SET r := CONCAT(r,LPAD(CONV(LEAST(k,359),10,36),2,'0'),x);   # k = count of digits in number, bounded to be <= '9Z' base-36
+                SET suf := CONCAT(suf,LPAD(CONV(LEAST((j-k)*2,1294),10,36),2,'0'));   # (j-k)*2 = (count of leading zeros)*2, bounded to fit within 2 base-36 digits
+                SET n := n-1;
+              END WHILE;
+              SET r := CONCAT(r,y,suf);
+            END IF;
+          END LOOP;
+        END
+        EOD
+        );
+    }
+
+    public function mySQLDown(Schema $schema): void
+    {
+        //Not needed
+    }
+
+    public function sqLiteUp(Schema $schema): void
+    {
+        //Not needed
+    }
+
+    public function sqLiteDown(Schema $schema): void
+    {
+        //Not needed
+    }
+
+    public function postgreSQLUp(Schema $schema): void
+    {
+        //Not needed
+    }
+
+    public function postgreSQLDown(Schema $schema): void
+    {
+        //Not needed
+    }
+}

migrations/Version20250220215048.php

@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20250220215048 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Split $path property for attachments into $internal_path and $external_path';
+    }
+
+    public function up(Schema $schema): void
+    {
+        //Create the new columns as nullable (that is easier modifying them)
+        $this->addSql('ALTER TABLE attachments ADD internal_path VARCHAR(255) DEFAULT NULL');
+        $this->addSql('ALTER TABLE attachments ADD external_path VARCHAR(255) DEFAULT NULL');
+
+        //Copy the data from path to external_path and remove the path column
+        $this->addSql('UPDATE attachments SET external_path=path');
+        $this->addSql('ALTER TABLE attachments DROP COLUMN path');
+
+
+        $this->addSql('UPDATE attachments SET internal_path=external_path WHERE external_path LIKE \'#%MEDIA#%%\' ESCAPE \'#\'');
+        $this->addSql('UPDATE attachments SET internal_path=external_path WHERE external_path LIKE \'#%BASE#%%\' ESCAPE \'#\'');
+        $this->addSql('UPDATE attachments SET internal_path=external_path WHERE external_path LIKE \'#%SECURE#%%\' ESCAPE \'#\'');
+        $this->addSql('UPDATE attachments SET internal_path=external_path WHERE external_path LIKE \'#%FOOTPRINTS#%%\' ESCAPE \'#\'');
+        $this->addSql('UPDATE attachments SET internal_path=external_path WHERE external_path LIKE \'#%FOOTPRINTS3D#%%\' ESCAPE \'#\'');
+        $this->addSql('UPDATE attachments SET external_path=NULL WHERE internal_path IS NOT NULL');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('UPDATE attachments SET external_path=internal_path WHERE internal_path IS NOT NULL');
+        $this->addSql('ALTER TABLE attachments DROP COLUMN internal_path');
+        $this->addSql('ALTER TABLE attachments RENAME COLUMN external_path TO path');
+    }
+}

migrations/Version20250222165240.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20250222165240 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Migrate the old attachment class discriminator values from legacy Part-DB to the modern format, so that there is just one unified value';
+    }
+
+    public function up(Schema $schema): void
+    {
+        //Change the old discriminator values to the new ones
+        $this->addSql("UPDATE attachments SET class_name = 'Part' WHERE class_name = 'PartDB\Part'");
+        $this->addSql("UPDATE attachments SET class_name = 'Device' WHERE class_name = 'PartDB\Device'");
+    }
+
+    public function down(Schema $schema): void
+    {
+        //No down required, as the new format can also be read by older Part-DB version
+    }
+}

package.json

@@ -9,7 +9,7 @@
         "@symfony/stimulus-bridge": "^3.2.0",
         "@symfony/ux-translator": "file:vendor/symfony/ux-translator/assets",
         "@symfony/ux-turbo": "file:vendor/symfony/ux-turbo/assets",
-        "@symfony/webpack-encore": "^4.1.0",
+        "@symfony/webpack-encore": "^5.0.0",
         "bootstrap": "^5.1.3",
         "core-js": "^3.23.0",
         "intl-messageformat": "^10.2.5",
@@ -18,7 +18,7 @@
         "regenerator-runtime": "^0.13.9",
         "webpack": "^5.74.0",
         "webpack-bundle-analyzer": "^4.3.0",
-        "webpack-cli": "^4.10.0",
+        "webpack-cli": "^5.1.0",
         "webpack-notifier": "^1.15.0"
     },
     "license": "AGPL-3.0-or-later",
@@ -33,50 +33,52 @@
         "@algolia/autocomplete-js": "^1.17.0",
         "@algolia/autocomplete-plugin-recent-searches": "^1.17.0",
         "@algolia/autocomplete-theme-classic": "^1.17.0",
-        "@ckeditor/ckeditor5-alignment": "^41.0.0",
-        "@ckeditor/ckeditor5-autoformat": "^41.0.0",
-        "@ckeditor/ckeditor5-basic-styles": "^41.0.0",
-        "@ckeditor/ckeditor5-block-quote": "^41.0.0",
-        "@ckeditor/ckeditor5-code-block": "^41.0.0",
-        "@ckeditor/ckeditor5-dev-translations": "^39.1.0",
-        "@ckeditor/ckeditor5-dev-utils": "^39.1.0",
-        "@ckeditor/ckeditor5-editor-classic": "^41.0.0",
-        "@ckeditor/ckeditor5-essentials": "^41.0.0",
-        "@ckeditor/ckeditor5-find-and-replace": "^41.0.0",
-        "@ckeditor/ckeditor5-font": "^41.0.0",
-        "@ckeditor/ckeditor5-heading": "^41.0.0",
-        "@ckeditor/ckeditor5-highlight": "^41.0.0",
-        "@ckeditor/ckeditor5-horizontal-line": "^41.0.0",
-        "@ckeditor/ckeditor5-html-embed": "^41.0.0",
-        "@ckeditor/ckeditor5-html-support": "^41.0.0",
-        "@ckeditor/ckeditor5-image": "^41.0.0",
-        "@ckeditor/ckeditor5-indent": "^41.0.0",
-        "@ckeditor/ckeditor5-link": "^41.0.0",
-        "@ckeditor/ckeditor5-list": "^41.0.0",
-        "@ckeditor/ckeditor5-markdown-gfm": "^41.0.0",
-        "@ckeditor/ckeditor5-media-embed": "^41.0.0",
-        "@ckeditor/ckeditor5-paragraph": "^41.0.0",
-        "@ckeditor/ckeditor5-paste-from-office": "^41.0.0",
-        "@ckeditor/ckeditor5-remove-format": "^41.0.0",
-        "@ckeditor/ckeditor5-source-editing": "^41.0.0",
-        "@ckeditor/ckeditor5-special-characters": "^41.0.0",
-        "@ckeditor/ckeditor5-table": "^41.0.0",
-        "@ckeditor/ckeditor5-theme-lark": "^41.0.0",
-        "@ckeditor/ckeditor5-upload": "^41.0.0",
-        "@ckeditor/ckeditor5-watchdog": "^41.0.0",
-        "@ckeditor/ckeditor5-word-count": "^41.0.0",
+        "@ckeditor/ckeditor5-alignment": "^44.0.0",
+        "@ckeditor/ckeditor5-autoformat": "^44.0.0",
+        "@ckeditor/ckeditor5-basic-styles": "^44.0.0",
+        "@ckeditor/ckeditor5-block-quote": "^44.0.0",
+        "@ckeditor/ckeditor5-code-block": "^44.0.0",
+        "@ckeditor/ckeditor5-dev-translations": "^43.0.1",
+        "@ckeditor/ckeditor5-dev-utils": "^43.0.1",
+        "@ckeditor/ckeditor5-editor-classic": "^44.0.0",
+        "@ckeditor/ckeditor5-essentials": "^44.0.0",
+        "@ckeditor/ckeditor5-find-and-replace": "^44.0.0",
+        "@ckeditor/ckeditor5-font": "^44.0.0",
+        "@ckeditor/ckeditor5-heading": "^44.0.0",
+        "@ckeditor/ckeditor5-highlight": "^44.0.0",
+        "@ckeditor/ckeditor5-horizontal-line": "^44.0.0",
+        "@ckeditor/ckeditor5-html-embed": "^44.0.0",
+        "@ckeditor/ckeditor5-html-support": "^44.0.0",
+        "@ckeditor/ckeditor5-image": "^44.0.0",
+        "@ckeditor/ckeditor5-indent": "^44.0.0",
+        "@ckeditor/ckeditor5-link": "^44.0.0",
+        "@ckeditor/ckeditor5-list": "^44.0.0",
+        "@ckeditor/ckeditor5-markdown-gfm": "^44.0.0",
+        "@ckeditor/ckeditor5-media-embed": "^44.0.0",
+        "@ckeditor/ckeditor5-paragraph": "^44.0.0",
+        "@ckeditor/ckeditor5-paste-from-office": "^44.0.0",
+        "@ckeditor/ckeditor5-remove-format": "^44.0.0",
+        "@ckeditor/ckeditor5-source-editing": "^44.0.0",
+        "@ckeditor/ckeditor5-special-characters": "^44.0.0",
+        "@ckeditor/ckeditor5-table": "^44.0.0",
+        "@ckeditor/ckeditor5-theme-lark": "^44.0.0",
+        "@ckeditor/ckeditor5-upload": "^44.0.0",
+        "@ckeditor/ckeditor5-watchdog": "^44.0.0",
+        "@ckeditor/ckeditor5-word-count": "^44.0.0",
         "@jbtronics/bs-treeview": "^1.0.1",
+        "@part-db/html5-qrcode": "^3.1.0",
         "@zxcvbn-ts/core": "^3.0.2",
         "@zxcvbn-ts/language-common": "^3.0.3",
         "@zxcvbn-ts/language-de": "^3.0.1",
         "@zxcvbn-ts/language-en": "^3.0.1",
         "@zxcvbn-ts/language-fr": "^3.0.1",
         "@zxcvbn-ts/language-ja": "^3.0.1",
+        "barcode-detector": "^2.3.1",
         "bootbox": "^6.0.0",
         "bootswatch": "^5.1.3",
         "bs-custom-file-input": "^1.3.4",
         "clipboard": "^2.0.4",
-        "compression-webpack-plugin": "^10.0.0",
+        "compression-webpack-plugin": "^11.1.0",
         "datatables.net": "^2.0.0",
         "datatables.net-bs5": "^2.0.0",
         "datatables.net-buttons-bs5": "^3.0.0",
@@ -86,18 +88,17 @@
         "datatables.net-select-bs5": "^2.0.0",
         "dompurify": "^3.0.3",
         "emoji.json": "^15.0.0",
-        "exports-loader": "^3.0.0",
-        "html5-qrcode": "^2.2.1",
+        "exports-loader": "^5.0.0",
         "json-formatter-js": "^2.3.4",
         "jszip": "^3.2.0",
         "katex": "^0.16.0",
-        "marked": "^12.0.0",
-        "marked-gfm-heading-id": "^3.0.4",
+        "marked": "^15.0.4",
+        "marked-gfm-heading-id": "^4.1.1",
         "marked-mangle": "^1.0.1",
         "pdfmake": "^0.2.2",
         "stimulus-use": "^0.52.0",
         "tom-select": "^2.1.0",
         "ts-loader": "^9.2.6",
-        "typescript": "^4.0.2"
+        "typescript": "^5.7.2"
     }
 }

phpstan.dist.neon

@@ -11,6 +11,8 @@ parameters:
             - src/Configuration/*
             - src/Doctrine/Purger/*
             - src/DataTables/Adapters/TwoStepORMAdapter.php
+            - src/Form/Fixes/*
+            - src/Translation/Fixes/*
 
 
 
@@ -18,7 +20,7 @@ parameters:
     treatPhpDocTypesAsCertain: false
 
     symfony:
-        container_xml_path: '%rootDir%/../../../var/cache/dev/App_KernelDevDebugContainer.xml'
+        containerXmlPath: '%rootDir%/../../../var/cache/dev/App_KernelDevDebugContainer.xml'
 
     doctrine:
     	objectManagerLoader: tests/object-manager.php
@@ -28,11 +30,6 @@ parameters:
 
     checkFunctionNameCase: false
 
-    checkAlwaysTrueInstanceof: false
-    checkAlwaysTrueCheckTypeFunctionCall: false
-    checkAlwaysTrueStrictComparison: false
-    reportAlwaysTrueInLastCondition: false
-
     reportMaybesInPropertyPhpDocTypes: false
     reportMaybesInMethodSignatures: false
 
@@ -41,14 +38,14 @@ parameters:
     	booleansInConditions: false
     	uselessCast: false
     	requireParentConstructorCall: true
-    	disallowedConstructs: false
     	overwriteVariablesWithLoop: false
     	closureUsesThis: false
     	matchingInheritedMethodNames: true
     	numericOperandsInArithmeticOperators: true
-    	strictCalls: true
     	switchConditionsMatchingType: false
     	noVariableVariables: false
+    	disallowedEmpty: false
+    	disallowedShortTernary: false
 
     ignoreErrors:
         # Ignore errors caused by complex mapping with AbstractStructuralDBElement
@@ -61,3 +58,6 @@ parameters:
 
         # Ignore doctrine type mapping mismatch
         - '#Property .* type mapping mismatch: property can contain .* but database expects .*#'
+
+        # Ignore error of unused WithPermPresetsTrait, as it is used in the migrations which are not analyzed by Phpstan
+        - '#Trait App\\Migration\\WithPermPresetsTrait is used zero times and is not analysed#'

public/.htaccess

@@ -118,3 +118,10 @@ DirectoryIndex index.php
         # RedirectTemp cannot be used instead
     </IfModule>
 </IfModule>
+
+# Set Content-Security-Policy for svg files (and compressed variants), to block embedded javascript in there
+<IfModule mod_headers.c>
+    <FilesMatch "\.(svg|svg\.gz|svg\.br)$">
+        Header set Content-Security-Policy "default-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'none';"
+    </FilesMatch>
+</IfModule>

src/ApiPlatform/AddDocumentedAPIPropertiesJSONSchemaFactory.php

@@ -1,116 +0,0 @@
-<?php
-/*
- * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
- *
- *  Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
- *
- *  This program is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU Affero General Public License as published
- *  by the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU Affero General Public License for more details.
- *
- *  You should have received a copy of the GNU Affero General Public License
- *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-declare(strict_types=1);
-
-
-namespace App\ApiPlatform;
-
-use ApiPlatform\JsonSchema\Schema;
-use ApiPlatform\JsonSchema\SchemaFactoryInterface;
-use ApiPlatform\Metadata\Operation;
-use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
-
-/**
- * This decorator adds the properties given by DocumentedAPIProperty attributes on the classes to the schema.
- */
-#[AsDecorator('api_platform.json_schema.schema_factory')]
-class AddDocumentedAPIPropertiesJSONSchemaFactory implements SchemaFactoryInterface
-{
-
-    public function __construct(private readonly SchemaFactoryInterface $decorated)
-    {
-    }
-
-    public function buildSchema(
-        string $className,
-        string $format = 'json',
-        string $type = Schema::TYPE_OUTPUT,
-        Operation $operation = null,
-        Schema $schema = null,
-        array $serializerContext = null,
-        bool $forceCollection = false
-    ): Schema {
-
-
-        $schema = $this->decorated->buildSchema($className, $format, $type, $operation, $schema, $serializerContext, $forceCollection);
-
-        //Check if there is are DocumentedAPIProperty attributes on the class
-        $reflectionClass = new \ReflectionClass($className);
-        $attributes = $reflectionClass->getAttributes(DocumentedAPIProperty::class);
-        foreach ($attributes as $attribute) {
-            /** @var DocumentedAPIProperty $api_property */
-            $api_property = $attribute->newInstance();
-            $this->addPropertyToSchema($schema, $api_property->schemaName, $api_property->property,
-                $api_property, $serializerContext ?? [], $format);
-        }
-
-        return $schema;
-    }
-
-    private function addPropertyToSchema(Schema $schema, string $definitionName, string $normalizedPropertyName, DocumentedAPIProperty $propertyMetadata, array $serializerContext, string $format): void
-    {
-        $version = $schema->getVersion();
-        $swagger = Schema::VERSION_SWAGGER === $version;
-
-        $propertySchema = [];
-
-        if (false === $propertyMetadata->writeable) {
-            $propertySchema['readOnly'] = true;
-        }
-        if (!$swagger && false === $propertyMetadata->readable) {
-            $propertySchema['writeOnly'] = true;
-        }
-        if (null !== $description = $propertyMetadata->description) {
-            $propertySchema['description'] = $description;
-        }
-
-        $deprecationReason = $propertyMetadata->deprecationReason;
-
-        // see https://github.com/json-schema-org/json-schema-spec/pull/737
-        if (!$swagger && null !== $deprecationReason) {
-            $propertySchema['deprecated'] = true;
-        }
-
-        if (!empty($default = $propertyMetadata->default)) {
-            if ($default instanceof \BackedEnum) {
-                $default = $default->value;
-            }
-            $propertySchema['default'] = $default;
-        }
-
-        if (!empty($example = $propertyMetadata->example)) {
-            $propertySchema['example'] = $example;
-        }
-
-        if (!isset($propertySchema['example']) && isset($propertySchema['default'])) {
-            $propertySchema['example'] = $propertySchema['default'];
-        }
-
-        $propertySchema['type'] = $propertyMetadata->type;
-        $propertySchema['nullable'] = $propertyMetadata->nullable;
-
-        $propertySchema = new \ArrayObject($propertySchema);
-
-        $schema->getDefinitions()[$definitionName]['properties'][$normalizedPropertyName] = $propertySchema;
-    }
-
-
-}

src/ApiPlatform/DocumentedAPIProperties/DocumentedAPIProperty.php

@@ -21,7 +21,9 @@
 declare(strict_types=1);
 
 
-namespace App\ApiPlatform;
+namespace App\ApiPlatform\DocumentedAPIProperties;
+
+use ApiPlatform\Metadata\ApiProperty;
 
 /**
  * When this attribute is applied to a class, an property will be added to the API documentation using the given parameters.
@@ -64,4 +66,55 @@ final class DocumentedAPIProperty
     )
     {
     }
+
+    public function toAPIProperty(bool $use_swagger = false): ApiProperty
+    {
+        $openApiContext = [];
+
+        if (false === $this->writeable) {
+            $openApiContext['readOnly'] = true;
+        }
+        if (!$use_swagger && false === $this->readable) {
+            $openApiContext['writeOnly'] = true;
+        }
+        if (null !== $description = $this->description) {
+            $openApiContext['description'] = $description;
+        }
+
+        $deprecationReason = $this->deprecationReason;
+
+        // see https://github.com/json-schema-org/json-schema-spec/pull/737
+        if (!$use_swagger && null !== $deprecationReason) {
+            $openApiContext['deprecated'] = true;
+        }
+
+        if (!empty($default = $this->default)) {
+            if ($default instanceof \BackedEnum) {
+                $default = $default->value;
+            }
+            $openApiContext['default'] = $default;
+        }
+
+        if (!empty($example = $this->example)) {
+            $openApiContext['example'] = $example;
+        }
+
+        if (!isset($openApiContext['example']) && isset($openApiContext['default'])) {
+            $openApiContext['example'] = $openApiContext['default'];
+        }
+
+        $openApiContext['type'] = $this->type;
+        $openApiContext['nullable'] = $this->nullable;
+
+
+
+        return new ApiProperty(
+            description: $this->description,
+            readable: $this->readable,
+            writable: $this->writeable,
+            openapiContext: $openApiContext,
+            types: $this->type,
+            property: $this->property
+        );
+    }
 }

src/ApiPlatform/DocumentedAPIProperties/PropertyMetadataFactory.php

@@ -0,0 +1,73 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\ApiPlatform\DocumentedAPIProperties;
+
+use ApiPlatform\Metadata\ApiProperty;
+use ApiPlatform\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
+use ReflectionClass;
+use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
+
+/**
+ * This decorator adds the virtual properties defined by the DocumentedAPIProperty attribute to the property metadata
+ * which then get picked up by the openapi schema generator
+ */
+#[AsDecorator('api_platform.metadata.property.metadata_factory')]
+class PropertyMetadataFactory implements PropertyMetadataFactoryInterface
+{
+    public function __construct(private PropertyMetadataFactoryInterface $decorated)
+    {
+    }
+
+    public function create(string $resourceClass, string $property, array $options = []): ApiProperty
+    {
+        $metadata = $this->decorated->create($resourceClass, $property, $options);
+
+        //Only become active in the context of the openapi schema generation
+        if (!isset($options['schema_type'])) {
+            return $metadata;
+        }
+
+        if (!class_exists($resourceClass)) {
+            return $metadata;
+        }
+
+        $refClass = new ReflectionClass($resourceClass);
+        $attributes = $refClass->getAttributes(DocumentedAPIProperty::class);
+
+        //Look for the DocumentedAPIProperty attribute with the given property name
+        foreach ($attributes as $attribute) {
+            /** @var DocumentedAPIProperty $api_property */
+            $api_property = $attribute->newInstance();
+            //If attribute not matches the property name, skip it
+            if ($api_property->property !== $property) {
+                continue;
+            }
+
+            //Return the virtual property
+            return $api_property->toAPIProperty();
+        }
+
+        return $metadata;
+    }
+}

src/ApiPlatform/DocumentedAPIProperties/PropertyNameCollectionFactory.php

@@ -0,0 +1,68 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\ApiPlatform\DocumentedAPIProperties;
+
+use ApiPlatform\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
+use ApiPlatform\Metadata\Property\PropertyNameCollection;
+use ReflectionClass;
+use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
+
+/**
+ * This decorator adds the virtual property names defined by the DocumentedAPIProperty attribute to the property name collection
+ * which then get picked up by the openapi schema generator
+ */
+#[AsDecorator('api_platform.metadata.property.name_collection_factory')]
+class PropertyNameCollectionFactory implements PropertyNameCollectionFactoryInterface
+{
+    public function __construct(private readonly PropertyNameCollectionFactoryInterface $decorated)
+    {
+    }
+
+    public function create(string $resourceClass, array $options = []): PropertyNameCollection
+    {
+        // Get the default properties from the decorated service
+        $propertyNames = $this->decorated->create($resourceClass, $options);
+
+        //Only become active in the context of the openapi schema generation
+        if (!isset($options['schema_type'])) {
+            return $propertyNames;
+        }
+
+        if (!class_exists($resourceClass)) {
+            return $propertyNames;
+        }
+
+        $properties = iterator_to_array($propertyNames);
+
+        $refClass = new ReflectionClass($resourceClass);
+
+        foreach ($refClass->getAttributes(DocumentedAPIProperty::class) as $attribute) {
+            /** @var DocumentedAPIProperty $instance */
+            $instance = $attribute->newInstance();
+            $properties[] = $instance->property;
+        }
+
+        return new PropertyNameCollection($properties);
+    }
+}

src/ApiPlatform/Filter/EntityFilter.php

@@ -37,7 +37,7 @@ class EntityFilter extends AbstractFilter
     public function __construct(
         ManagerRegistry $managerRegistry,
         private readonly EntityFilterHelper $filter_helper,
-        LoggerInterface $logger = null,
+        ?LoggerInterface $logger = null,
         ?array $properties = null,
         ?NameConverterInterface $nameConverter = null
     ) {
@@ -50,7 +50,7 @@ class EntityFilter extends AbstractFilter
         QueryBuilder $queryBuilder,
         QueryNameGeneratorInterface $queryNameGenerator,
         string $resourceClass,
-        Operation $operation = null,
+        ?Operation $operation = null,
         array $context = []
     ): void {
         if (

src/ApiPlatform/Filter/EntityFilterHelper.php

@@ -92,12 +92,6 @@ class EntityFilterHelper
                 'type' => Type::BUILTIN_TYPE_STRING,
                 'required' => false,
                 'description' => 'Filter using a comma seperated list of element IDs. Use + to include all direct children and ++ to include all children recursively.',
-                'openapi' => [
-                    'example' => '',
-                    'allowReserved' => false,// if true, query parameters will be not percent-encoded
-                    'allowEmptyValue' => true,
-                    'explode' => false, // to be true, the type must be Type::BUILTIN_TYPE_ARRAY, ?product=blue,green will be ?product=blue&product=green
-                ],
             ];
         }
         return $description;

src/ApiPlatform/Filter/LikeFilter.php

@@ -38,7 +38,7 @@ final class LikeFilter extends AbstractFilter
         QueryBuilder $queryBuilder,
         QueryNameGeneratorInterface $queryNameGenerator,
         string $resourceClass,
-        Operation $operation = null,
+        ?Operation $operation = null,
         array $context = []
     ): void {
         // Otherwise filter is applied to order and page as well
@@ -50,7 +50,7 @@ final class LikeFilter extends AbstractFilter
         }
         $parameterName = $queryNameGenerator->generateParameterName($property); // Generate a unique parameter name to avoid collisions with other filters
         $queryBuilder
-            ->andWhere(sprintf('o.%s LIKE :%s', $property, $parameterName))
+            ->andWhere(sprintf('ILIKE(o.%s, :%s) = TRUE', $property, $parameterName))
             ->setParameter($parameterName, $value);
     }
 
@@ -67,12 +67,6 @@ final class LikeFilter extends AbstractFilter
                 'type' => Type::BUILTIN_TYPE_STRING,
                 'required' => false,
                 'description' => 'Filter using a LIKE SQL expression. Use % as wildcard for multiple characters and _ for single characters. For example, to search for all items containing foo, use foo. To search for all items starting with foo, use foo%. To search for all items ending with foo, use %foo',
-                'openapi' => [
-                    'example' => '',
-                    'allowReserved' => false,// if true, query parameters will be not percent-encoded
-                    'allowEmptyValue' => true,
-                    'explode' => false, // to be true, the type must be Type::BUILTIN_TYPE_ARRAY, ?product=blue,green will be ?product=blue&product=green
-                ],
             ];
         }
         return $description;

src/ApiPlatform/Filter/PartStoragelocationFilter.php

@@ -38,7 +38,7 @@ class PartStoragelocationFilter extends AbstractFilter
     public function __construct(
         ManagerRegistry $managerRegistry,
         private readonly EntityFilterHelper $filter_helper,
-        LoggerInterface $logger = null,
+        ?LoggerInterface $logger = null,
         ?array $properties = null,
         ?NameConverterInterface $nameConverter = null
     ) {
@@ -51,7 +51,7 @@ class PartStoragelocationFilter extends AbstractFilter
         QueryBuilder $queryBuilder,
         QueryNameGeneratorInterface $queryNameGenerator,
         string $resourceClass,
-        Operation $operation = null,
+        ?Operation $operation = null,
         array $context = []
     ): void {
         //Do not check for mapping here, as we are using a virtual property

src/ApiPlatform/Filter/TagFilter.php

@@ -0,0 +1,96 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\ApiPlatform\Filter;
+
+use ApiPlatform\Doctrine\Orm\Filter\AbstractFilter;
+use ApiPlatform\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use ApiPlatform\Metadata\Operation;
+use Doctrine\ORM\QueryBuilder;
+use Symfony\Component\PropertyInfo\Type;
+
+/**
+ * Due to their nature, tags are stored in a single string, separated by commas, which requires some more complex search logic.
+ * This filter allows to easily search for tags in a part entity.
+ */
+final class TagFilter extends AbstractFilter
+{
+
+    protected function filterProperty(
+        string $property,
+        $value,
+        QueryBuilder $queryBuilder,
+        QueryNameGeneratorInterface $queryNameGenerator,
+        string $resourceClass,
+        ?Operation $operation = null,
+        array $context = []
+    ): void {
+        // Ignore filter if property is not enabled or mapped
+        if (
+            !$this->isPropertyEnabled($property, $resourceClass) ||
+            !$this->isPropertyMapped($property, $resourceClass)
+        ) {
+            return;
+        }
+
+        //Escape any %, _ or \ in the tag
+        $value = addcslashes($value, '%_\\');
+
+        $tag_identifier_prefix = $queryNameGenerator->generateParameterName($property);
+
+        $expr = $queryBuilder->expr();
+
+        $tmp = $expr->orX(
+            'ILIKE(o.'.$property.', :' . $tag_identifier_prefix . '_1) = TRUE',
+            'ILIKE(o.'.$property.', :' . $tag_identifier_prefix . '_2) = TRUE',
+            'ILIKE(o.'.$property.', :' . $tag_identifier_prefix . '_3) = TRUE',
+            'ILIKE(o.'.$property.', :' . $tag_identifier_prefix . '_4) = TRUE',
+        );
+
+        $queryBuilder->andWhere($tmp);
+
+        //Set the parameters for the LIKE expression, in each variation of the tag (so with a comma, at the end, at the beginning, and on both ends, and equaling the tag)
+        $queryBuilder->setParameter($tag_identifier_prefix . '_1', '%,' . $value . ',%');
+        $queryBuilder->setParameter($tag_identifier_prefix . '_2', '%,' . $value);
+        $queryBuilder->setParameter($tag_identifier_prefix . '_3', $value . ',%');
+        $queryBuilder->setParameter($tag_identifier_prefix . '_4', $value);
+    }
+
+    public function getDescription(string $resourceClass): array
+    {
+        if (!$this->properties) {
+            return [];
+        }
+
+        $description = [];
+        foreach (array_keys($this->properties) as $property) {
+            $description[(string)$property] = [
+                'property' => $property,
+                'type' => Type::BUILTIN_TYPE_STRING,
+                'required' => false,
+                'description' => 'Filter for tags of a part',
+            ];
+        }
+        return $description;
+    }
+}

src/ApiPlatform/NormalizePropertyNameCollectionFactory.php

@@ -0,0 +1,77 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\ApiPlatform;
+
+use ApiPlatform\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
+use ApiPlatform\Metadata\Property\PropertyNameCollection;
+use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
+use function Symfony\Component\String\u;
+
+/**
+ * This decorator removes all camelCase property names from the property name collection, if a snake_case version exists.
+ * This is a fix for https://github.com/Part-DB/Part-DB-server/issues/862, as the openapi schema generator wrongly collects
+ * both camelCase and snake_case property names, which leads to duplicate properties in the schema.
+ * This seems to come from the fact that the openapi schema generator uses no serializerContext, which seems then to collect
+ * the getters too...
+ */
+#[AsDecorator('api_platform.metadata.property.name_collection_factory')]
+class NormalizePropertyNameCollectionFactory implements PropertyNameCollectionFactoryInterface
+{
+    public function __construct(private readonly PropertyNameCollectionFactoryInterface $decorated)
+    {
+    }
+
+    public function create(string $resourceClass, array $options = []): PropertyNameCollection
+    {
+        // Get the default properties from the decorated service
+        $propertyNames = $this->decorated->create($resourceClass, $options);
+
+        //Only become active in the context of the openapi schema generation
+        if (!isset($options['schema_type'])) {
+            return $propertyNames;
+        }
+
+        //If we are not in the jsonapi generator (which sets no serializer groups), return the property names as is
+        if (isset($options['serializer_groups'])) {
+            return $propertyNames;
+        }
+
+        //Remove all camelCase property names from the collection, if a snake_case version exists
+        $properties = iterator_to_array($propertyNames);
+
+        foreach ($properties as $property) {
+            if (str_contains($property, '_')) {
+                $camelized = u($property)->camel()->toString();
+
+                //If the camelized version exists, remove it from the collection
+                $index = array_search($camelized, $properties, true);
+                if ($index !== false) {
+                    unset($properties[$index]);
+                }
+            }
+        }
+
+        return new PropertyNameCollection($properties);
+    }
+}

src/Command/Attachments/CleanAttachmentsCommand.php

@@ -73,6 +73,9 @@ class CleanAttachmentsCommand extends Command
         //Ignore image cache folder
         $finder->exclude('cache');
 
+        //Ignore automigration folder
+        $finder->exclude('.automigration-backup');
+
         $fs = new Filesystem();
 
         $file_list = [];

src/Command/Attachments/DownloadAttachmentsCommand.php

@@ -0,0 +1,136 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\Command\Attachments;
+
+use App\Entity\Attachments\Attachment;
+use App\Entity\Attachments\AttachmentUpload;
+use App\Exceptions\AttachmentDownloadException;
+use App\Services\Attachments\AttachmentManager;
+use App\Services\Attachments\AttachmentSubmitHandler;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand('partdb:attachments:download', "Downloads all attachments which have only an external URL to the local filesystem.")]
+class DownloadAttachmentsCommand extends Command
+{
+    public function __construct(private readonly AttachmentSubmitHandler $attachmentSubmitHandler,
+        private EntityManagerInterface $entityManager)
+    {
+        parent::__construct();
+    }
+
+    public function configure(): void
+    {
+        $this->setHelp('This command downloads all attachments, which only have an external URL, to the local filesystem, so that you have an offline copy of the attachments.');
+        $this->addOption('--private', null, null, 'If set, the attachments will be downloaded to the private storage.');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $qb = $this->entityManager->createQueryBuilder();
+        $qb->select('attachment')
+            ->from(Attachment::class, 'attachment')
+            ->where('attachment.external_path IS NOT NULL')
+            ->andWhere('attachment.external_path != \'\'')
+            ->andWhere('attachment.internal_path IS NULL');
+
+        $query = $qb->getQuery();
+        $attachments = $query->getResult();
+
+        if (count($attachments) === 0) {
+            $io->success('No attachments with external URL found.');
+            return Command::SUCCESS;
+        }
+
+        $io->note('Found ' . count($attachments) . ' attachments with external URL, that will be downloaded.');
+
+        //If the option --private is set, the attachments will be downloaded to the private storage.
+        $private = $input->getOption('private');
+        if ($private) {
+            if (!$io->confirm('Attachments will be downloaded to the private storage. Continue?')) {
+                return Command::SUCCESS;
+            }
+        } else {
+            if (!$io->confirm('Attachments will be downloaded to the public storage, where everybody knowing the correct URL can access it. Continue?')){
+                return Command::SUCCESS;
+            }
+        }
+
+        $progressBar = $io->createProgressBar(count($attachments));
+        $progressBar->setFormat("%current%/%max% [%bar%] %percent:3s%% %elapsed:16s%/%estimated:-16s% \n%message%");
+
+        $progressBar->setMessage('Starting download...');
+        $progressBar->start();
+
+
+        $errors = [];
+
+        foreach ($attachments as $attachment) {
+            /** @var Attachment $attachment */
+            $progressBar->setMessage(sprintf('%s (ID: %s) from %s', $attachment->getName(), $attachment->getID(), $attachment->getHost()));
+            $progressBar->advance();
+
+            try {
+                $attachmentUpload = new AttachmentUpload(file: null, downloadUrl: true, private: $private);
+                $this->attachmentSubmitHandler->handleUpload($attachment, $attachmentUpload);
+
+                //Write changes to the database
+                $this->entityManager->flush();
+            } catch (AttachmentDownloadException $e) {
+                $errors[] = [
+                    'attachment' => $attachment,
+                    'error' => $e->getMessage()
+                ];
+            }
+        }
+
+        $progressBar->finish();
+
+        //Fix the line break after the progress bar
+        $io->newLine();
+        $io->newLine();
+
+        if (count($errors) > 0) {
+            $io->warning('Some attachments could not be downloaded:');
+            foreach ($errors as $error) {
+                $io->warning(sprintf("Attachment %s (ID %s) could not be downloaded from %s:\n%s",
+                    $error['attachment']->getName(),
+                    $error['attachment']->getID(),
+                    $error['attachment']->getExternalPath(),
+                    $error['error'])
+                );
+            }
+        } else {
+            $io->success('All attachments downloaded successfully.');
+        }
+
+        return Command::SUCCESS;
+    }
+}

src/Command/Attachments/SanitizeSVGAttachmentsCommand.php

@@ -0,0 +1,90 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2025 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\Command\Attachments;
+
+use App\Entity\Attachments\Attachment;
+use App\Services\Attachments\AttachmentSubmitHandler;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Console\Attribute\AsCommand;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Style\SymfonyStyle;
+
+#[AsCommand('partdb:attachments:sanitize-svg', "Sanitize uploaded SVG files.")]
+class SanitizeSVGAttachmentsCommand extends Command
+{
+    public function __construct(private readonly EntityManagerInterface $entityManager, private readonly AttachmentSubmitHandler $attachmentSubmitHandler, ?string $name = null)
+    {
+        parent::__construct($name);
+    }
+
+    public function configure(): void
+    {
+        $this->setHelp('This command allows to sanitize SVG files uploaded via attachments. This happens automatically since version 1.17.1, this command is intended to be used for older files.');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output): int
+    {
+        $io = new SymfonyStyle($input, $output);
+
+        $io->info('This command will sanitize all uploaded SVG files. This is only required if you have uploaded (untrusted) SVG files before version 1.17.1. If you are running a newer version, you don\'t need to run this command (again).');
+        if (!$io->confirm('Do you want to continue?', false)) {
+            $io->success('Command aborted.');
+            return Command::FAILURE;
+        }
+
+        $io->info('Sanitizing SVG files...');
+
+        //Finding all attachments with svg files
+        $qb = $this->entityManager->createQueryBuilder();
+        $qb->select('a')
+            ->from(Attachment::class, 'a')
+            ->where('a.internal_path LIKE :pattern ESCAPE \'#\'')
+            ->orWhere('a.original_filename LIKE :pattern ESCAPE \'#\'')
+            ->setParameter('pattern', '%.svg');
+
+        $attachments = $qb->getQuery()->getResult();
+        $io->note('Found '.count($attachments).' attachments with SVG files.');
+
+        if (count($attachments) === 0) {
+            $io->success('No SVG files found.');
+            return Command::FAILURE;
+        }
+
+        $io->info('Sanitizing SVG files...');
+        $io->progressStart(count($attachments));
+        foreach ($attachments as $attachment) {
+            /** @var Attachment $attachment */
+            $io->note('Sanitizing attachment '.$attachment->getId().' ('.($attachment->getFilename() ?? '???').')');
+            $this->attachmentSubmitHandler->sanitizeSVGAttachment($attachment);
+            $io->progressAdvance();
+
+        }
+        $io->progressFinish();
+
+        $io->success('Sanitization finished. All SVG files have been sanitized.');
+        return Command::SUCCESS;
+    }
+}

src/Command/CheckRequirementsCommand.php

@@ -79,7 +79,7 @@ class CheckRequirementsCommand extends Command
         //Checking 32-bit system
         if (PHP_INT_SIZE === 4) {
             $io->warning('You are using a 32-bit system. You will have problems with working with dates after the year 2038, therefore a 64-bit system is recommended.');
-        } elseif (PHP_INT_SIZE === 8) {
+        } elseif (PHP_INT_SIZE === 8) { //@phpstan-ignore-line //PHP_INT_SIZE is always 4 or 8
             if (!$only_issues) {
                 $io->success('You are using a 64-bit system.');
             }

src/Command/Migrations/ConvertBBCodeCommand.php

@@ -79,6 +79,7 @@ class ConvertBBCodeCommand extends Command
 
     /**
      * Returns a list which entities and which properties need to be checked.
+     * @return array<class-string<AbstractNamedDBElement>, string[]>
      */
     protected function getTargetsLists(): array
     {
@@ -109,7 +110,6 @@ class ConvertBBCodeCommand extends Command
                 $class
             ));
             //Determine which entities of this type we need to modify
-            /** @var EntityRepository $repo */
             $repo = $this->em->getRepository($class);
             $qb = $repo->createQueryBuilder('e')
                 ->select('e');

src/Command/User/SetPasswordCommand.php

@@ -83,6 +83,19 @@ class SetPasswordCommand extends Command
 
         while (!$success) {
             $pw1 = $io->askHidden('Please enter new password:');
+
+            if ($pw1 === null) {
+                $io->error('No password entered! Please try again.');
+
+                //If we are in non-interactive mode, we can not ask again
+                if (!$input->isInteractive()) {
+                    $io->warning('Non-interactive mode detected. No password can be entered that way! If you are using docker exec, please use -it flag.');
+                    return Command::FAILURE;
+                }
+
+                continue;
+            }
+
             $pw2 = $io->askHidden('Please confirm:');
             if ($pw1 !== $pw2) {
                 $io->error('The entered password did not match! Please try again.');

src/Command/User/UserEnableCommand.php

@@ -35,7 +35,7 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 #[AsCommand('partdb:users:enable|partdb:user:enable', 'Enables/Disable the login of one or more users')]
 class UserEnableCommand extends Command
 {
-    public function __construct(protected EntityManagerInterface $entityManager, string $name = null)
+    public function __construct(protected EntityManagerInterface $entityManager, ?string $name = null)
     {
         parent::__construct($name);
     }

src/Command/User/UsersPermissionsCommand.php

@@ -206,12 +206,15 @@ class UsersPermissionsCommand extends Command
             return '<fg=green>Allow</>';
         } elseif ($permission_value === false) {
             return '<fg=red>Disallow</>';
-        } elseif ($permission_value === null && !$inherit) {
+        }
+        // Permission value is null by this point
+        elseif (!$inherit) {
             return '<fg=blue>Inherit</>';
-        } elseif ($permission_value === null && $inherit) {
+        } elseif ($inherit) {
             return '<fg=red>Disallow (Inherited)</>';
         }
 
+        //@phpstan-ignore-next-line This line is never reached, but PHPstorm complains otherwise
         return '???';
     }
 }

src/Controller/AdminPages/BaseAdminController.php

@@ -35,6 +35,7 @@ use App\Entity\LabelSystem\LabelProcessMode;
 use App\Entity\LabelSystem\LabelProfile;
 use App\Entity\Parameters\AbstractParameter;
 use App\Exceptions\AttachmentDownloadException;
+use App\Exceptions\TwigModeException;
 use App\Form\AdminPages\ImportType;
 use App\Form\AdminPages\MassCreationForm;
 use App\Repository\AbstractPartsContainingRepository;
@@ -53,6 +54,7 @@ use InvalidArgumentException;
 use Omines\DataTablesBundle\DataTableFactory;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\Form\FormError;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\File\UploadedFile;
 use Symfony\Component\HttpFoundation\RedirectResponse;
@@ -211,10 +213,14 @@ abstract class BaseAdminController extends AbstractController
         //Show preview for LabelProfile if needed.
         if ($entity instanceof LabelProfile) {
             $example = $this->barcodeExampleGenerator->getElement($entity->getOptions()->getSupportedElement());
+            $pdf_data = null;
+            try {
                 $pdf_data = $this->labelGenerator->generateLabel($entity->getOptions(), $example);
+            } catch (TwigModeException $exception) {
+                $form->get('options')->get('lines')->addError(new FormError($exception->getSafeMessage()));
+            }
         }
 
-        /** @var AbstractPartsContainingRepository $repo */
         $repo = $this->entityManager->getRepository($this->entity_class);
 
         return $this->render($this->twig_template, [
@@ -390,7 +396,7 @@ abstract class BaseAdminController extends AbstractController
     {
         if ($entity instanceof AbstractPartsContainingDBElement) {
             /** @var AbstractPartsContainingRepository $repo */
-            $repo = $this->entityManager->getRepository($this->entity_class);
+            $repo = $this->entityManager->getRepository($this->entity_class); //@phpstan-ignore-line
             if ($repo->getPartsCount($entity) > 0) {
                 $this->addFlash('error', t('entity.delete.must_not_contain_parts', ['%PATH%' => $entity->getFullPath()]));
 
@@ -461,6 +467,11 @@ abstract class BaseAdminController extends AbstractController
         $this->denyAccessUnlessGranted('read', $entity);
         $entities = $em->getRepository($this->entity_class)->findAll();
 
+        if (count($entities) === 0) {
+            $this->addFlash('error', 'entity.export.flash.error.no_entities');
+            return $this->redirectToRoute($this->route_base.'_new');
+        }
+
         return $exporter->exportEntityFromRequest($entities, $request);
     }
 

src/Controller/AttachmentFileController.php

@@ -51,15 +51,15 @@ class AttachmentFileController extends AbstractController
             $this->denyAccessUnlessGranted('show_private', $attachment);
         }
 
-        if ($attachment->isExternal()) {
-            throw new RuntimeException('You can not download external attachments!');
+        if (!$attachment->hasInternal()) {
+            throw $this->createNotFoundException('The file for this attachment is external and not stored locally!');
         }
 
-        if (!$helper->isFileExisting($attachment)) {
-            throw new RuntimeException('The file associated with the attachment is not existing!');
+        if (!$helper->isInternalFileExisting($attachment)) {
+            throw $this->createNotFoundException('The file associated with the attachment is not existing!');
         }
 
-        $file_path = $helper->toAbsoluteFilePath($attachment);
+        $file_path = $helper->toAbsoluteInternalFilePath($attachment);
         $response = new BinaryFileResponse($file_path);
 
         //Set header content disposition, so that the file will be downloaded
@@ -80,15 +80,15 @@ class AttachmentFileController extends AbstractController
             $this->denyAccessUnlessGranted('show_private', $attachment);
         }
 
-        if ($attachment->isExternal()) {
-            throw new RuntimeException('You can not download external attachments!');
+        if (!$attachment->hasInternal()) {
+            throw $this->createNotFoundException('The file for this attachment is external and not stored locally!');
         }
 
-        if (!$helper->isFileExisting($attachment)) {
-            throw new RuntimeException('The file associated with the attachment is not existing!');
+        if (!$helper->isInternalFileExisting($attachment)) {
+            throw $this->createNotFoundException('The file associated with the attachment is not existing!');
         }
 
-        $file_path = $helper->toAbsoluteFilePath($attachment);
+        $file_path = $helper->toAbsoluteInternalFilePath($attachment);
         $response = new BinaryFileResponse($file_path);
 
         //Set header content disposition, so that the file will be downloaded

src/Controller/InfoProviderController.php

@@ -23,10 +23,13 @@ declare(strict_types=1);
 
 namespace App\Controller;
 
+use App\Entity\Parts\Manufacturer;
 use App\Entity\Parts\Part;
 use App\Form\InfoProviderSystem\PartSearchType;
+use App\Services\InfoProviderSystem\ExistingPartFinder;
 use App\Services\InfoProviderSystem\PartInfoRetriever;
 use App\Services\InfoProviderSystem\ProviderRegistry;
+use Doctrine\ORM\EntityManagerInterface;
 use Psr\Log\LoggerInterface;
 use Symfony\Bridge\Doctrine\Attribute\MapEntity;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -42,7 +45,9 @@ class InfoProviderController extends  AbstractController
 {
 
     public function __construct(private readonly ProviderRegistry $providerRegistry,
-        private readonly PartInfoRetriever $infoRetriever)
+        private readonly PartInfoRetriever $infoRetriever,
+        private readonly ExistingPartFinder $existingPartFinder
+    )
     {
 
     }
@@ -72,21 +77,49 @@ class InfoProviderController extends  AbstractController
         //When we are updating a part, use its name as keyword, to make searching easier
         //However we can only do this, if the form was not submitted yet
         if ($update_target !== null && !$form->isSubmitted()) {
-            $form->get('keyword')->setData($update_target->getName());
+            //Use the provider reference if available, otherwise use the manufacturer product number
+            $keyword = $update_target->getProviderReference()->getProviderId() ?? $update_target->getManufacturerProductNumber();
+            //Or the name if both are not available
+            if ($keyword === "") {
+                $keyword = $update_target->getName();
+            }
+
+            $form->get('keyword')->setData($keyword);
+
+            //If we are updating a part, which already has a provider, preselect that provider in the form
+            if ($update_target->getProviderReference()->getProviderKey() !== null) {
+                try {
+                    $form->get('providers')->setData([$this->providerRegistry->getProviderByKey($update_target->getProviderReference()->getProviderKey())]);
+                } catch (\InvalidArgumentException $e) {
+                    //If the provider is not found, just ignore it
+                }
+            }
         }
 
         if ($form->isSubmitted() && $form->isValid()) {
             $keyword = $form->get('keyword')->getData();
             $providers = $form->get('providers')->getData();
 
+            $dtos = [];
+
             try {
-                $results = $this->infoRetriever->searchByKeyword(keyword: $keyword, providers: $providers);
+                $dtos = $this->infoRetriever->searchByKeyword(keyword: $keyword, providers: $providers);
             } catch (ClientException $e) {
                 $this->addFlash('error', t('info_providers.search.error.client_exception'));
                 $this->addFlash('error',$e->getMessage());
                 //Log the exception
                 $exceptionLogger->error('Error during info provider search: ' . $e->getMessage(), ['exception' => $e]);
             }
+
+            // modify the array to an array of arrays that has a field for a matching local Part
+            // the advantage to use that format even when we don't look for local parts is that we
+            // always work with the same interface
+            $results = array_map(function ($result) {return ['dto' => $result, 'localPart' => null];}, $dtos);
+            if(!$update_target) {
+                foreach ($results as $index => $result) {
+                    $results[$index]['localPart'] = $this->existingPartFinder->findFirstExisting($result['dto']);
+                }
+            }
         }
 
         return $this->render('info_providers/search/part_search.html.twig', [

src/Controller/LabelController.php

@@ -108,8 +108,31 @@ class LabelController extends AbstractController
         $pdf_data = null;
         $filename = 'invalid.pdf';
 
-        //Generate PDF either when the form is submitted and valid, or the form  was not submit yet, and generate is set
         if (($form->isSubmitted() && $form->isValid()) || ($generate && !$form->isSubmitted() && $profile instanceof LabelProfile)) {
+
+            //Check if the label should be saved as profile
+            if ($form->get('save_profile')->isClicked() && $this->isGranted('@labels.create_profiles')) { //@phpstan-ignore-line Phpstan does not recognize the isClicked method
+                //Retrieve the profile name from the form
+                $new_name = $form->get('save_profile_name')->getData();
+                //ensure that the name is not empty
+                if ($new_name === '' || $new_name === null) {
+                    $form->get('save_profile_name')->addError(new FormError($this->translator->trans('label_generator.profile_name_empty')));
+                    goto render;
+                }
+
+                $profile = new LabelProfile();
+                $profile->setName($form->get('save_profile_name')->getData());
+                $profile->setOptions($form_options);
+                $this->em->persist($profile);
+                $this->em->flush();
+                $this->addFlash('success', 'label_generator.profile_saved');
+
+                return $this->redirectToRoute('label_dialog_profile', [
+                    'profile' => $profile->getID(),
+                    'target_id' => (string) $form->get('target_id')->getData()
+                ]);
+            }
+
             $target_id = (string) $form->get('target_id')->getData();
             $targets = $this->findObjects($form_options->getSupportedElement(), $target_id);
             if ($targets !== []) {
@@ -117,7 +140,7 @@ class LabelController extends AbstractController
                     $pdf_data = $this->labelGenerator->generateLabel($form_options, $targets);
                     $filename = $this->getLabelName($targets[0], $profile);
                 } catch (TwigModeException $exception) {
-                    $form->get('options')->get('lines')->addError(new FormError($exception->getMessage()));
+                    $form->get('options')->get('lines')->addError(new FormError($exception->getSafeMessage()));
                 }
             } else {
                 //$this->addFlash('warning', 'label_generator.no_entities_found');
@@ -132,6 +155,7 @@ class LabelController extends AbstractController
             }
         }
 
+        render:
         return $this->render('label_system/dialog.html.twig', [
             'form' => $form,
             'pdf_data' => $pdf_data,
@@ -152,7 +176,7 @@ class LabelController extends AbstractController
     {
         $id_array = $this->rangeParser->parse($ids);
 
-        /** @var DBElementRepository $repo */
+        /** @var DBElementRepository<AbstractDBElement> $repo */
         $repo = $this->em->getRepository($type->getEntityClass());
 
         return $repo->getElementsFromIDArray($id_array);

src/Controller/PartController.php

@@ -229,6 +229,10 @@ class PartController extends AbstractController
         $dto = $infoRetriever->getDetails($providerKey, $providerId);
         $new_part = $infoRetriever->dtoToPart($dto);
 
+        if ($new_part->getCategory() === null || $new_part->getCategory()->getID() === null) {
+            $this->addFlash('warning', t("part.create_from_info_provider.no_category_yet"));
+        }
+
         return $this->renderPartForm('new', $request, $new_part, [
             'info_provider_dto' => $dto,
         ]);

src/Controller/PartImportExportController.php

@@ -112,8 +112,9 @@ class PartImportExportController extends AbstractController
         $ids = $request->query->get('ids', '');
         $parts = $this->partsTableActionHandler->idStringToArray($ids);
 
-        if ($parts === []) {
-            throw new \RuntimeException('No parts found!');
+        if (count($parts) === 0) {
+            $this->addFlash('error', 'entity.export.flash.error.no_entities');
+            return $this->redirectToRoute('homepage');
         }
 
         //Ensure that we have access to the parts

src/Controller/PartListsController.php

@@ -29,6 +29,7 @@ use App\DataTables\PartsDataTable;
 use App\Entity\Parts\Category;
 use App\Entity\Parts\Footprint;
 use App\Entity\Parts\Manufacturer;
+use App\Entity\Parts\Part;
 use App\Entity\Parts\StorageLocation;
 use App\Entity\Parts\Supplier;
 use App\Exceptions\InvalidRegexException;
@@ -43,8 +44,11 @@ use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Translation\TranslatableMessage;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
+use function Symfony\Component\Translation\t;
+
 class PartListsController extends AbstractController
 {
     public function __construct(private readonly EntityManagerInterface $entityManager, private readonly NodesListBuilder $nodesListBuilder, private readonly DataTableFactory $dataTableFactory, private readonly TranslatorInterface $translator)
@@ -60,6 +64,7 @@ class PartListsController extends AbstractController
         $ids = $request->request->get('ids');
         $action = $request->request->get('action');
         $target = $request->request->get('target');
+        $redirectResponse = null;
 
         if (!$this->isCsrfTokenValid('table_action', $request->request->get('_token'))) {
             $this->addFlash('error', 'csfr_invalid');
@@ -70,17 +75,36 @@ class PartListsController extends AbstractController
         if (null === $action || null === $ids) {
             $this->addFlash('error', 'part.table.actions.no_params_given');
         } else {
+            $errors = [];
+
             $parts = $actionHandler->idStringToArray($ids);
-            $redirectResponse = $actionHandler->handleAction($action, $parts, $target ? (int) $target : null, $redirect);
+            $redirectResponse = $actionHandler->handleAction($action, $parts, $target ? (int) $target : null, $redirect, $errors);
 
             //Save changes
             $this->entityManager->flush();
 
+            if (count($errors) === 0) {
                 $this->addFlash('success', 'part.table.actions.success');
+            } else {
+                $this->addFlash('error', t('part.table.actions.error', ['%count%' => count($errors)]));
+                //Create a flash message for each error
+                foreach ($errors as $error) {
+                    /** @var Part $part */
+                    $part = $error['part'];
+
+                    $this->addFlash('error',
+                        t('part.table.actions.error_detail', [
+                            '%part_name%' => $part->getName(),
+                            '%part_id%' => $part->getID(),
+                            '%message%' => $error['message']
+                        ])
+                    );
+                }
+            }
         }
 
         //If the action handler returned a response, we use it, otherwise we redirect back to the previous page.
-        if (isset($redirectResponse) && $redirectResponse instanceof Response) {
+        if ($redirectResponse !== null) {
             return $redirectResponse;
         }
 
@@ -131,7 +155,11 @@ class PartListsController extends AbstractController
 
         $filterForm->handleRequest($formRequest);
 
-        $table = $this->dataTableFactory->createFromType(PartsDataTable::class, array_merge(['filter' => $filter], $additional_table_vars))
+        $table = $this->dataTableFactory->createFromType(
+            PartsDataTable::class,
+            array_merge(['filter' => $filter], $additional_table_vars),
+            ['lengthMenu' => PartsDataTable::LENGTH_MENU]
+        )
             ->handleRequest($request);
 
         if ($table->isCallback()) {

src/Controller/ScanController.php

@@ -42,10 +42,10 @@ declare(strict_types=1);
 namespace App\Controller;
 
 use App\Form\LabelSystem\ScanDialogType;
-use App\Services\LabelSystem\Barcodes\BarcodeScanHelper;
-use App\Services\LabelSystem\Barcodes\BarcodeRedirector;
-use App\Services\LabelSystem\Barcodes\BarcodeScanResult;
-use App\Services\LabelSystem\Barcodes\BarcodeSourceType;
+use App\Services\LabelSystem\BarcodeScanner\BarcodeRedirector;
+use App\Services\LabelSystem\BarcodeScanner\BarcodeScanHelper;
+use App\Services\LabelSystem\BarcodeScanner\BarcodeSourceType;
+use App\Services\LabelSystem\BarcodeScanner\LocalBarcodeScanResult;
 use Doctrine\ORM\EntityNotFoundException;
 use InvalidArgumentException;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -77,14 +77,22 @@ class ScanController extends AbstractController
             $mode = $form['mode']->getData();
         }
 
+        $infoModeData = null;
+
         if ($input !== null) {
             try {
                 $scan_result = $this->barcodeNormalizer->scanBarcodeContent($input, $mode ?? null);
+                //Perform a redirect if the info mode is not enabled
+                if (!$form['info_mode']->getData()) {
                     try {
                         return $this->redirect($this->barcodeParser->getRedirectURL($scan_result));
                     } catch (EntityNotFoundException) {
                         $this->addFlash('success', 'scan.qr_not_found');
                     }
+                } else { //Otherwise retrieve infoModeData
+                    $infoModeData = $scan_result->getDecodedForInfoMode();
+
+                }
             } catch (InvalidArgumentException) {
                 $this->addFlash('error', 'scan.format_unknown');
             }
@@ -92,6 +100,7 @@ class ScanController extends AbstractController
 
         return $this->render('label_system/scanner/scanner.html.twig', [
             'form' => $form,
+            'infoModeData' => $infoModeData,
         ]);
     }
 
@@ -109,7 +118,7 @@ class ScanController extends AbstractController
                 throw new InvalidArgumentException('Unknown type: '.$type);
             }
             //Construct the scan result manually, as we don't have a barcode here
-            $scan_result = new BarcodeScanResult(
+            $scan_result = new LocalBarcodeScanResult(
                 target_type: BarcodeScanHelper::QR_TYPE_MAP[$type],
                 target_id: $id,
                 //The routes are only used on the internal generated QR codes

src/Controller/SelectAPIController.php

@@ -29,6 +29,7 @@ use App\Entity\Parts\Category;
 use App\Entity\Parts\Footprint;
 use App\Entity\Parts\Manufacturer;
 use App\Entity\Parts\MeasurementUnit;
+use App\Entity\Parts\StorageLocation;
 use App\Entity\ProjectSystem\Project;
 use App\Form\Type\Helper\StructuralEntityChoiceHelper;
 use App\Services\Trees\NodesListBuilder;
@@ -78,6 +79,12 @@ class SelectAPIController extends AbstractController
         return $this->getResponseForClass(Project::class, false);
     }
 
+    #[Route(path: '/storage_location', name: 'select_storage_location')]
+    public function locations(): Response
+    {
+        return $this->getResponseForClass(StorageLocation::class, true);
+    }
+
     #[Route(path: '/export_level', name: 'select_export_level')]
     public function exportLevel(): Response
     {

src/Controller/ToolsController.php

@@ -22,16 +22,17 @@ declare(strict_types=1);
  */
 namespace App\Controller;
 
-use Symfony\Component\Runtime\SymfonyRuntime;
 use App\Services\Attachments\AttachmentSubmitHandler;
 use App\Services\Attachments\AttachmentURLGenerator;
 use App\Services\Attachments\BuiltinAttachmentsFinder;
+use App\Services\Doctrine\DBInfoHelper;
+use App\Services\Doctrine\NatsortDebugHelper;
 use App\Services\Misc\GitVersionInfo;
-use App\Services\Misc\DBInfoHelper;
 use App\Services\System\UpdateAvailableManager;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Runtime\SymfonyRuntime;
 
 #[Route(path: '/tools')]
 class ToolsController extends AbstractController
@@ -45,7 +46,7 @@ class ToolsController extends AbstractController
     }
 
     #[Route(path: '/server_infos', name: 'tools_server_infos')]
-    public function systemInfos(GitVersionInfo $versionInfo, DBInfoHelper $DBInfoHelper,
+    public function systemInfos(GitVersionInfo $versionInfo, DBInfoHelper $DBInfoHelper, NatsortDebugHelper $natsortDebugHelper,
         AttachmentSubmitHandler $attachmentSubmitHandler, UpdateAvailableManager $updateAvailableManager): Response
     {
         $this->denyAccessUnlessGranted('@system.server_infos');
@@ -60,10 +61,10 @@ class ToolsController extends AbstractController
             'default_theme' => $this->getParameter('partdb.global_theme'),
             'enabled_locales' => $this->getParameter('partdb.locale_menu'),
             'demo_mode' => $this->getParameter('partdb.demo_mode'),
-            'gpdr_compliance' => $this->getParameter('partdb.gdpr_compliance'),
+            'gdpr_compliance' => $this->getParameter('partdb.gdpr_compliance'),
             'use_gravatar' => $this->getParameter('partdb.users.use_gravatar'),
             'email_password_reset' => $this->getParameter('partdb.users.email_pw_reset'),
-            'enviroment' => $this->getParameter('kernel.environment'),
+            'environment' => $this->getParameter('kernel.environment'),
             'is_debug' => $this->getParameter('kernel.debug'),
             'email_sender' => $this->getParameter('partdb.mail.sender_email'),
             'email_sender_name' => $this->getParameter('partdb.mail.sender_name'),
@@ -93,6 +94,8 @@ class ToolsController extends AbstractController
             'db_size' => $DBInfoHelper->getDatabaseSize(),
             'db_name' => $DBInfoHelper->getDatabaseName() ?? 'Unknown',
             'db_user' => $DBInfoHelper->getDatabaseUsername() ?? 'Unknown',
+            'db_natsort_method' => $natsortDebugHelper->getNaturalSortMethod(),
+            'db_natsort_slow_allowed' => $natsortDebugHelper->isSlowNaturalSortAllowed(),
 
             //New version section
             'new_version_available' => $updateAvailableManager->isUpdateAvailable(),

src/Controller/TypeaheadController.php

@@ -22,6 +22,7 @@ declare(strict_types=1);
 
 namespace App\Controller;
 
+use App\Entity\Parameters\AbstractParameter;
 use Symfony\Component\HttpFoundation\Response;
 use App\Entity\Attachments\Attachment;
 use App\Entity\Parts\Category;
@@ -92,7 +93,7 @@ class TypeaheadController extends AbstractController
 
     /**
      * This function map the parameter type to the class, so we can access its repository
-     * @return class-string
+     * @return class-string<AbstractParameter>
      */
     private function typeToParameterClass(string $type): string
     {
@@ -155,7 +156,7 @@ class TypeaheadController extends AbstractController
         //Ensure user has the correct permissions
         $this->denyAccessUnlessGranted('read', $test_obj);
 
-        /** @var ParameterRepository $repository */
+        /** @var ParameterRepository<AbstractParameter> $repository */
         $repository = $entityManager->getRepository($class);
 
         $data = $repository->autocompleteParamName($query);

src/Controller/UserSettingsController.php

@@ -240,7 +240,10 @@ class UserSettingsController extends AbstractController
                 $page_need_reload = true;
             }
 
-            /** @var Form $form We need a form implementation for the next calls */
+            if (!$form instanceof Form) {
+                throw new RuntimeException('Form is not an instance of Form, so we cannot retrieve the clicked button!');
+            }
+
             //Remove the avatar attachment from the user if requested
             if ($form->getClickedButton() && 'remove_avatar' === $form->getClickedButton()->getName() && $user->getMasterPictureAttachment() instanceof Attachment) {
                 $em->remove($user->getMasterPictureAttachment());

src/DataFixtures/APITokenFixtures.php

@@ -41,7 +41,7 @@ class APITokenFixtures extends Fixture implements DependentFixtureInterface
     public function load(ObjectManager $manager): void
     {
         /** @var User $admin_user */
-        $admin_user = $this->getReference(UserFixtures::ADMIN);
+        $admin_user = $this->getReference(UserFixtures::ADMIN, User::class);
 
         $read_only_token = new ApiToken();
         $read_only_token->setUser($admin_user);

src/DataFixtures/LogEntryFixtures.php

@@ -35,7 +35,7 @@ use Doctrine\Persistence\ObjectManager;
 class LogEntryFixtures extends Fixture implements DependentFixtureInterface
 {
 
-    public function load(ObjectManager $manager)
+    public function load(ObjectManager $manager): void
     {
         $this->createCategoryEntries($manager);
         $this->createDeletedCategory($manager);

src/DataFixtures/PartFixtures.php

@@ -106,7 +106,7 @@ class PartFixtures extends Fixture implements DependentFixtureInterface
         $partLot2->setComment('Test');
         $partLot2->setNeedsRefill(true);
         $partLot2->setStorageLocation($manager->find(StorageLocation::class, 3));
-        $partLot2->setVendorBarcode('lot2_vendor_barcode');
+        $partLot2->setUserBarcode('lot2_vendor_barcode');
         $part->addPartLot($partLot2);
 
         $orderdetail = new Orderdetail();
@@ -131,7 +131,7 @@ class PartFixtures extends Fixture implements DependentFixtureInterface
 
         $attachment = new PartAttachment();
         $attachment->setName('Test2');
-        $attachment->setPath('invalid');
+        $attachment->setInternalPath('invalid');
         $attachment->setShowInTable(true);
         $attachment->setAttachmentType($manager->find(AttachmentType::class, 1));
         $part->addAttachment($attachment);

src/DataFixtures/UserFixtures.php

@@ -22,6 +22,7 @@ declare(strict_types=1);
 
 namespace App\DataFixtures;
 
+use App\Entity\UserSystem\Group;
 use App\Entity\UserSystem\User;
 use Doctrine\Bundle\FixturesBundle\Fixture;
 use Doctrine\Common\DataFixtures\DependentFixtureInterface;
@@ -41,7 +42,7 @@ class UserFixtures extends Fixture implements DependentFixtureInterface
     {
         $anonymous = new User();
         $anonymous->setName('anonymous');
-        $anonymous->setGroup($this->getReference(GroupFixtures::READONLY));
+        $anonymous->setGroup($this->getReference(GroupFixtures::READONLY, Group::class));
         $anonymous->setNeedPwChange(false);
         $anonymous->setPassword($this->encoder->hashPassword($anonymous, 'test'));
         $manager->persist($anonymous);
@@ -50,7 +51,7 @@ class UserFixtures extends Fixture implements DependentFixtureInterface
         $admin->setName('admin');
         $admin->setPassword($this->encoder->hashPassword($admin, 'test'));
         $admin->setNeedPwChange(false);
-        $admin->setGroup($this->getReference(GroupFixtures::ADMINS));
+        $admin->setGroup($this->getReference(GroupFixtures::ADMINS, Group::class));
         $manager->persist($admin);
         $this->addReference(self::ADMIN, $admin);
 
@@ -60,7 +61,7 @@ class UserFixtures extends Fixture implements DependentFixtureInterface
         $user->setEmail('user@invalid.invalid');
         $user->setFirstName('Test')->setLastName('User');
         $user->setPassword($this->encoder->hashPassword($user, 'test'));
-        $user->setGroup($this->getReference(GroupFixtures::USERS));
+        $user->setGroup($this->getReference(GroupFixtures::USERS, Group::class));
         $manager->persist($user);
 
         $noread = new User();

src/DataTables/Adapters/TwoStepORMAdapter.php

@@ -54,7 +54,7 @@ class TwoStepORMAdapter extends ORMAdapter
 
     private \Closure|null $query_modifier = null;
 
-    public function __construct(ManagerRegistry $registry = null)
+    public function __construct(?ManagerRegistry $registry = null)
     {
         parent::__construct($registry);
         $this->detailQueryCallable = static function (QueryBuilder $qb, array $ids): never {

src/DataTables/AttachmentDataTable.php

@@ -34,6 +34,7 @@ use App\Services\EntityURLGenerator;
 use Doctrine\ORM\QueryBuilder;
 use Omines\DataTablesBundle\Adapter\Doctrine\ORM\SearchCriteriaProvider;
 use Omines\DataTablesBundle\Adapter\Doctrine\ORMAdapter;
+use Omines\DataTablesBundle\Column\NumberColumn;
 use Omines\DataTablesBundle\Column\TextColumn;
 use Omines\DataTablesBundle\DataTable;
 use Omines\DataTablesBundle\DataTableTypeInterface;
@@ -49,8 +50,8 @@ final class AttachmentDataTable implements DataTableTypeInterface
     {
         $dataTable->add('dont_matter', RowClassColumn::class, [
             'render' => function ($value, Attachment $context): string {
-                //Mark attachments with missing files yellow
-                if(!$this->attachmentHelper->isFileExisting($context)){
+                //Mark attachments yellow which have an internal file linked that doesn't exist
+                if($context->hasInternal() && !$this->attachmentHelper->isInternalFileExisting($context)){
                     return 'table-warning';
                 }
 
@@ -63,8 +64,8 @@ final class AttachmentDataTable implements DataTableTypeInterface
             'className' => 'no-colvis',
             'render' => function ($value, Attachment $context): string {
                 if ($context->isPicture()
-                    && !$context->isExternal()
-                    && $this->attachmentHelper->isFileExisting($context)) {
+                    && $this->attachmentHelper->isInternalFileExisting($context)) {
+
                     $title = htmlspecialchars($context->getName());
                     if ($context->getFilename()) {
                         $title .= ' ('.htmlspecialchars($context->getFilename()).')';
@@ -84,29 +85,14 @@ final class AttachmentDataTable implements DataTableTypeInterface
             },
         ]);
 
+        $dataTable->add('id', NumberColumn::class, [
+            'label' => $this->translator->trans('part.table.id'),
+            'visible' => false,
+        ]);
+
         $dataTable->add('name', TextColumn::class, [
             'label' => 'attachment.edit.name',
             'orderField' => 'NATSORT(attachment.name)',
-            'render' => function ($value, Attachment $context) {
-                //Link to external source
-                if ($context->isExternal()) {
-                    return sprintf(
-                        '<a href="%s" class="link-external">%s</a>',
-                        htmlspecialchars((string) $context->getURL()),
-                        htmlspecialchars($value)
-                    );
-                }
-
-                if ($this->attachmentHelper->isFileExisting($context)) {
-                    return sprintf(
-                        '<a href="%s" target="_blank" data-no-ajax>%s</a>',
-                        $this->entityURLGenerator->viewURL($context),
-                        htmlspecialchars($value)
-                    );
-                }
-
-                return $value;
-            },
         ]);
 
         $dataTable->add('attachment_type', TextColumn::class, [
@@ -130,25 +116,60 @@ final class AttachmentDataTable implements DataTableTypeInterface
             ),
         ]);
 
-        $dataTable->add('filename', TextColumn::class, [
-            'label' => $this->translator->trans('attachment.table.filename'),
+        $dataTable->add('internal_link', TextColumn::class, [
+            'label' => 'attachment.table.internal_file',
             'propertyPath' => 'filename',
+            'orderField' => 'NATSORT(attachment.original_filename)',
+            'render' => function ($value, Attachment $context) {
+                if ($this->attachmentHelper->isInternalFileExisting($context)) {
+                    return sprintf(
+                        '<a href="%s" target="_blank" data-no-ajax>%s</a>',
+                        $this->entityURLGenerator->viewURL($context),
+                        htmlspecialchars($value)
+                    );
+                }
+
+                return $value;
+            }
+        ]);
+
+        $dataTable->add('external_link', TextColumn::class, [
+            'label' => 'attachment.table.external_link',
+            'propertyPath' => 'host',
+            'orderField' => 'attachment.external_path',
+            'render' => function ($value, Attachment $context) {
+                if ($context->hasExternal()) {
+                    return sprintf(
+                        '<a href="%s" class="link-external" title="%s" target="_blank" rel="noopener">%s</a>',
+                        htmlspecialchars((string) $context->getExternalPath()),
+                        htmlspecialchars((string) $context->getExternalPath()),
+                        htmlspecialchars($value),
+                    );
+                }
+
+                return $value;
+            }
         ]);
 
         $dataTable->add('filesize', TextColumn::class, [
             'label' => $this->translator->trans('attachment.table.filesize'),
             'render' => function ($value, Attachment $context) {
-                if ($context->isExternal()) {
+                if (!$context->hasInternal()) {
                     return sprintf(
                         '<span class="badge bg-primary">
                         <i class="fas fa-globe fa-fw"></i>%s
                         </span>',
-                        $this->translator->trans('attachment.external')
+                        $this->translator->trans('attachment.external_only')
                     );
                 }
 
-                if ($this->attachmentHelper->isFileExisting($context)) {
-                    return $this->attachmentHelper->getHumanFileSize($context);
+                if ($this->attachmentHelper->isInternalFileExisting($context)) {
+                    return sprintf(
+                        '<span class="badge bg-secondary">
+                        <i class="fas fa-hdd fa-fw"></i> %s
+                    </span>',
+                        $this->attachmentHelper->getHumanFileSize($context)
+                    );
                 }
 
                 return sprintf(