diff --git a/api/src/Accounts/Sql.php b/api/src/Accounts/Sql.php
index a73f494a03..46bb03da1a 100644
--- a/api/src/Accounts/Sql.php
+++ b/api/src/Accounts/Sql.php
@@ -71,7 +71,7 @@ class Sql
 	/**
 	 * Reference to our frontend
 	 *
-	 * @var accounts
+	 * @var Api\Accounts
 	 */
 	private $frontend;
 
diff --git a/api/src/Acl.php b/api/src/Acl.php
index 31fe1af426..a10e80894f 100644
--- a/api/src/Acl.php
+++ b/api/src/Acl.php
@@ -281,9 +281,9 @@ class Acl
 	/**
 	 * check required rights agains the internal repository (included rights of $this->account_id and all it's memberships)
 	 *
-	 * @param $location app location
-	 * @param $required required right to check against
-	 * @param $appname optional defaults to currentapp
+	 * @param string $location app location
+	 * @param int $required required right to check against
+	 * @param string|false $appname optional defaults to currentapp
 	 * @return boolean
 	 */
 	function check($location, $required, $appname = False)
diff --git a/api/src/Asyncservice.php b/api/src/Asyncservice.php
index ff766df323..b90725e3c5 100644
--- a/api/src/Asyncservice.php
+++ b/api/src/Asyncservice.php
@@ -283,7 +283,7 @@ class Asyncservice
 		// now we have the times enumerated, lets find the first not expired one
 		//
 		$found = array();
-		$over = null;
+		$over = $next = null;
 		while (!isset($found['min']))
 		{
 			$future = False;
diff --git a/api/src/Auth.php b/api/src/Auth.php
index edf83b9b44..5fdfa1c5a6 100644
--- a/api/src/Auth.php
+++ b/api/src/Auth.php
@@ -379,8 +379,8 @@ class Auth
 	/**
 	 * return a random string of size $size either just alphanumeric or with special chars
 	 *
-	 * @param $size int-size of random string to return
-	 * @param $use_specialchars =false false: only letters and numbers, true: incl. special chars
+	 * @param int $size size of random string to return
+	 * @param bool $use_specialchars =false false: only letters and numbers, true: incl. special chars
 	 * @return string
 	 * @throws \Exception if it was not possible to gather sufficient entropy.
 	 */
diff --git a/api/src/Auth/Saml.php b/api/src/Auth/Saml.php
index b407efd6c7..cd253bd627 100644
--- a/api/src/Auth/Saml.php
+++ b/api/src/Auth/Saml.php
@@ -190,7 +190,7 @@ class Saml implements BackendSSO
 	/**
 	 * Update joined account, if configured
 	 *
-	 * @param $account_lid existing account_lid
+	 * @param string $account_lid existing account_lid
 	 * @param array $attrs saml attributes incl. SAML username
 	 * @return string username to use
 	 */
@@ -546,7 +546,6 @@ class Saml implements BackendSSO
 	 * @param array $attrs
 	 * @param ?array& $auto_create_acct reference to $GLOBALS['auto_create_acct'] for not existing accounts
 	 * @param array|null $config
-	 * @return mixed|string|null
 	 */
 	private function checkAffiliation($username, array $attrs, array &$auto_create_acct=null, array $config=null)
 	{
diff --git a/api/src/Cache.php b/api/src/Cache.php
index c859e0f6a5..f3a3b36ace 100644
--- a/api/src/Cache.php
+++ b/api/src/Cache.php
@@ -405,7 +405,8 @@ class Cache
 		if (isset($_SESSION[Session::EGW_SESSION_ENCRYPTED]))
 		{
 			if (Session::ERROR_LOG_DEBUG) error_log(__METHOD__.' called after session was encrypted --> ignored!');
-			return null;	// can no longer store something in the session, eg. because commit_session() was called
+			$ret = null;	// can no longer store something in the session, eg. because commit_session() was called
+			return $ret;
 		}
 		// check if entry is expired and clean it up in that case
 		if (isset($_SESSION[Session::EGW_APPSESSION_VAR][self::SESSION_EXPIRATION_PREFIX.$app][$location]) &&
diff --git a/api/src/Cache/Apc.php b/api/src/Cache/Apc.php
index 8971005753..824018d07e 100644
--- a/api/src/Cache/Apc.php
+++ b/api/src/Cache/Apc.php
@@ -160,7 +160,7 @@ class Apc extends Base implements Provider
 			return false;
 		}
 		//error_log(__METHOD__."(".array2string($keys).")");
-		foreach(new \APCIterator('user', $preg='/^'.preg_quote(self::key($keys).'/')) as $item)
+		foreach(new \APCIterator('user', $preg='/^'.preg_quote(self::key($keys), '/').'/') as $item)
 		{
 			//error_log(__METHOD__."(".array2string($keys).") preg='$preg': calling apc_delete('$item[key]')");
 			apc_delete($item['key']);
diff --git a/api/src/Cache/Apcu.php b/api/src/Cache/Apcu.php
index e39ef5acd7..0be1297a46 100644
--- a/api/src/Cache/Apcu.php
+++ b/api/src/Cache/Apcu.php
@@ -165,12 +165,12 @@ class Apcu extends Base implements Provider
 		// APCu > 5 has APCUIterator
 		if (class_exists('APCUIterator'))
 		{
-			$iterator = new \APCUIterator($preg='/^'.preg_quote(self::key($keys).'/'));
+			$iterator = new \APCUIterator($preg='/^'.preg_quote(self::key($keys), '/').'/');
 		}
 		// APC >= 3.1.1, but also seems to be missing if apc is disabled eg. for cli
 		elseif(class_exists('APCIterator'))
 		{
-			$iterator = new \APCIterator('user', $preg='/^'.preg_quote(self::key($keys).'/'));
+			$iterator = new \APCIterator('user', $preg='/^'.preg_quote(self::key($keys), '/'), '/');
 		}
 		else
 		{
diff --git a/api/src/CalDAV.php b/api/src/CalDAV.php
index 7d7b001d9e..ccf7885eed 100644
--- a/api/src/CalDAV.php
+++ b/api/src/CalDAV.php
@@ -215,7 +215,7 @@ class CalDAV extends HTTP_WebDAV_Server
 	/**
 	 * Reference to active instance, used by exception handler
 	 *
-	 * @var groupdav
+	 * @var self
 	 */
 	protected static $instance;
 
@@ -1046,7 +1046,7 @@ class CalDAV extends HTTP_WebDAV_Server
 			//'DAV:sync-token' => 'sync-token',
 		);
 		$n = 0;
-		$collection_props = null;
+		$collection_props = $class = null;
 		foreach($files['files'] as $file)
 		{
 			if (!isset($collection_props))
@@ -1066,7 +1066,7 @@ class CalDAV extends HTTP_WebDAV_Server
 			}
 			$props = $this->props2array($file['props']);
 			//echo $file['path']; _debug_array($props);
-			$class = $class == 'row_on' ? 'row_off' : 'row_on';
+			$class = $class === 'row_on' ? 'row_off' : 'row_on';
 
 			if (substr($file['path'],-1) == '/')
 			{
@@ -1193,7 +1193,8 @@ class CalDAV extends HTTP_WebDAV_Server
 			}
 			if (is_array($prop['val']))
 			{
-				$prop['val'] = $this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs='', $ns_hash);
+				$ns_defs = '';
+				$prop['val'] = $this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs, $ns_hash);
 				// hack to show real namespaces instead of not (visibly) defined shortcuts
 				unset($ns_hash['DAV:']);
 				$value = strtr($v=$this->prop_value($prop['val']),array_flip($ns_hash));
@@ -1838,7 +1839,8 @@ class CalDAV extends HTTP_WebDAV_Server
 
 		// dont know why, but HTTP_WebDAV_Server passes the owner in D:href tags, which get's passed unchanged to checkLock/PROPFIND
 		// that's wrong according to the standard and cadaver does not show it on discover --> strip_tags removes eventual tags
-		if (($ret = Vfs::lock($path,$options['locktoken'],$options['timeout'],strip_tags($options['owner']),
+		$owner = strip_tags($options['owner']);
+		if (($ret = Vfs::lock($path,$options['locktoken'],$options['timeout'],$owner,
 			$options['scope'],$options['type'],isset($options['update']),false)) && !isset($options['update']))		// false = no ACL check
 		{
 			return $ret ? '200 OK' : '409 Conflict';
diff --git a/api/src/CalDAV/Handler.php b/api/src/CalDAV/Handler.php
index d5805e96fc..21c23b9ec5 100644
--- a/api/src/CalDAV/Handler.php
+++ b/api/src/CalDAV/Handler.php
@@ -405,7 +405,7 @@ abstract class Handler
 	 * @static
 	 * @param string $app 'calendar', 'addressbook' or 'infolog'
 	 * @param Api\CalDAV $groupdav calling class
-	 * @return groupdav_handler
+	 * @return self
 	 */
 	static function app_handler($app, Api\CalDAV $groupdav)
 	{
diff --git a/api/src/CalDAV/Hooks.php b/api/src/CalDAV/Hooks.php
index fe689f3d61..c0b0f290bd 100644
--- a/api/src/CalDAV/Hooks.php
+++ b/api/src/CalDAV/Hooks.php
@@ -105,7 +105,7 @@ class Hooks
 			if ($GLOBALS['type'] === 'user')
 			{
 				$logs = array();
-				$relativ_log_dir .= 'groupdav/'.Api\CalDAV::sanitize_filename(Api\Accounts::id2name($hook_data['account_id']));
+				$relativ_log_dir = 'groupdav/'.Api\CalDAV::sanitize_filename(Api\Accounts::id2name($hook_data['account_id']));
 				$log_dir = $GLOBALS['egw_info']['server']['files_dir'].'/'.$relativ_log_dir;
 				if (file_exists($log_dir) && ($files = scandir($log_dir)))
 				{
diff --git a/api/src/Contacts.php b/api/src/Contacts.php
index ede6f5cc36..b259a269c8 100755
--- a/api/src/Contacts.php
+++ b/api/src/Contacts.php
@@ -1830,7 +1830,7 @@ class Contacts extends Contacts\Storage
 			WHERE '.$this->db->expression('egw_addressbook', array($type_field => $uids));
 
 
-		$contacts =& $this->db->query($sql, __LINE__, __FILE__);
+		$contacts = $this->db->query($sql, __LINE__, __FILE__);
 
 		if (!$contacts) return array();
 
@@ -2951,7 +2951,7 @@ class Contacts extends Contacts\Storage
 			'contact_id' => (int)$contact['id'],
 			'crm_list' => $crm_list,
 			'title' => count($found) > 1 && $contact['org_name'] ?
-				$contact['org_name'] : $contact['n_fn'].' ('.lang($extras['crm_list']).')',
+				$contact['org_name'] : $contact['n_fn'].' ('.lang($crm_list).')',
 			'icon' => $contact['photo'],
 		]);
 		$arg = json_encode($arg, JSON_UNESCAPED_SLASHES);
diff --git a/api/src/Contacts/Ldap.php b/api/src/Contacts/Ldap.php
index b62ed9aa70..dadc7bb021 100644
--- a/api/src/Contacts/Ldap.php
+++ b/api/src/Contacts/Ldap.php
@@ -811,7 +811,11 @@ class Ldap
 
 		if((int)$filter['owner'])
 		{
-			if (!($accountName = $GLOBALS['egw']->accounts->id2name($filter['owner']))) return false;
+			if (!($accountName = $GLOBALS['egw']->accounts->id2name($filter['owner'])))
+			{
+				$ret = false;
+				return $ret;
+			}
 
 			$searchDN = 'cn='. Api\Ldap::quote(strtolower($accountName)) .',';
 
@@ -961,11 +965,11 @@ class Ldap
 		}
 		if(is_numeric($start) && is_numeric($offset) && $offset >= 0)
 		{
-			return array_slice($rows, $start, $offset);
+			$rows = array_slice($rows, $start, $offset);
 		}
 		elseif(is_numeric($start))
 		{
-			return array_slice($rows, $start, $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']);
+			$rows = array_slice($rows, $start, $GLOBALS['egw_info']['user']['preferences']['common']['maxmatchs']);
 		}
 		return $rows;
 	}
@@ -1062,7 +1066,7 @@ class Ldap
 						}
 					}
 					// filter for letter-search
-					elseif (preg_match("/^([^ ]+) ".preg_quote($GLOBALS['egw']->db->capabilities[Api\Db::CAPABILITY_CASE_INSENSITIV_LIKE])." '(.*)%'$/",$value,$matches))
+					elseif (preg_match("/^([^ ]+) ".preg_quote($GLOBALS['egw']->db->capabilities[Api\Db::CAPABILITY_CASE_INSENSITIV_LIKE], '/')." '(.*)%'$/",$value,$matches))
 					{
 						list(,$name,$value) = $matches;
 						if (strpos($name,'.') !== false) list(,$name) = explode('.',$name);
diff --git a/api/src/Contacts/Sql.php b/api/src/Contacts/Sql.php
index f008912f8d..65b1eb6982 100644
--- a/api/src/Contacts/Sql.php
+++ b/api/src/Contacts/Sql.php
@@ -541,7 +541,11 @@ class Sql extends Api\Storage
 				// no grants for selected owner/addressbook
 				if (!array_intersect((array)$filter['owner'],array_keys($this->grants)))
 				{
-					if (!isset($groupmember_sql)) return false;
+					if (!isset($groupmember_sql))
+					{
+						$ret = false;
+						return $ret;
+					}
 					$filter[] = '('.substr($groupmember_sql,4)." OR $shared_sql)";
 					unset($filter['owner']);
 				}
diff --git a/api/src/Contacts/Storage.php b/api/src/Contacts/Storage.php
index 98a28fb315..f91509f84a 100755
--- a/api/src/Contacts/Storage.php
+++ b/api/src/Contacts/Storage.php
@@ -1297,16 +1297,14 @@ class Storage
 	}
 
 	/**
-	 * Check if distribution lists are availible for a given addressbook
+	 * Check if distribution lists are available for a given addressbook
 	 *
 	 * @param int|string $owner ='' addressbook (eg. 0 = accounts), default '' = "all" addressbook (uses the main backend)
 	 * @return boolean
 	 */
 	function lists_available($owner='')
 	{
-		$backend =& $this->get_backend(null,$owner);
-
-		return method_exists($backend,'read_list');
+		return method_exists($this->get_backend(null, $owner),'read_list');
 	}
 
 	/**
diff --git a/api/src/Contacts/Tracking.php b/api/src/Contacts/Tracking.php
index 4b36b6ad02..a7435a0b1e 100644
--- a/api/src/Contacts/Tracking.php
+++ b/api/src/Contacts/Tracking.php
@@ -62,7 +62,7 @@ class Tracking extends Api\Storage\Tracking
 	 * Instance of the bocontacts class calling us
 	 *
 	 * @access private
-	 * @var addressbook_bo
+	 * @var \addressbook_bo
 	 */
 	var $contacts;
 
@@ -70,7 +70,7 @@ class Tracking extends Api\Storage\Tracking
 	 * Constructor
 	 *
 	 * @param Api\Contacts $bocontacts
-	 * @return tracker_tracking
+	 * @return \tracker_tracking
 	 */
 	function __construct(Api\Contacts $bocontacts)
 	{
@@ -267,7 +267,7 @@ class Tracking extends Api\Storage\Tracking
 						}
 						$details[$name] = array(
 							'label' => $label,
-							'value' => explode(', ',$cats),
+							'value' => implode(', ',$cats),
 						);
 					}
 				case 'note':
diff --git a/api/src/Db.php b/api/src/Db.php
index 0183fae247..cb42718df4 100644
--- a/api/src/Db.php
+++ b/api/src/Db.php
@@ -143,20 +143,26 @@ class Db
 	 */
 	var $query_log;
 
+	/**
+	 * @var array with values for keys "version" and "description"
+	 */
+	public $ServerInfo;
+
 	/**
 	 * ADOdb connection
 	 *
-	 * @var ADOConnection
+	 * @var \ADOConnection
 	 */
 	var $Link_ID = 0;
 	/**
-	 * ADOdb connection
+	 * ADOdb connection is private / not the global one
 	 *
 	 * @var boolean
 	 */
 	var $privat_Link_ID = False;	// do we use a privat Link_ID or a reference to the global ADOdb object
 	/**
 	 * Global ADOdb connection
+	 * @var \ADOConnection
 	 */
 	static public $ADOdb = null;
 
@@ -304,7 +310,7 @@ class Db
 	 * @param string $Password password for database user (optional)
 	 * @param string $Type type of database (optional)
 	 * @throws Db\Exception\Connection
-	 * @return ADOConnection
+	 * @return \ADOConnection
 	 */
 	function connect($Database = NULL, $Host = NULL, $Port = NULL, $User = NULL, $Password = NULL, $Type = NULL)
 	{
@@ -379,7 +385,7 @@ class Db
 	 * require_once(EGW_INCLUDE_ROOT.'/api/src/Db.php');
 	 * EGroupware\Api\Db::$health_check = array('EGroupware\Api\Db', 'galera_cluster_health');
 	 *
-	 * @param Api\Db $db already connected Api\Db instance to check
+	 * @param Db $db already connected Db instance to check
 	 * @throws Db\Exception\Connection if node should NOT be used
 	 */
 	static function galera_cluster_health(Db $db)
@@ -429,7 +435,7 @@ class Db
 	 * Connect to given host
 	 *
 	 * @param string $Host host to connect to
-	 * @return ADOConnection
+	 * @return \ADOConnection
 	 * @throws Db\Exception\Connection
 	 */
 	protected function _connect($Host)
diff --git a/api/src/Db/Deprecated.php b/api/src/Db/Deprecated.php
index 95fff586fb..77dfc93d6f 100644
--- a/api/src/Db/Deprecated.php
+++ b/api/src/Db/Deprecated.php
@@ -36,7 +36,7 @@ class Deprecated extends Api\Db
 	/**
 	 * ADOdb record set of the current query
 	 *
-	 * @var ADORecordSet
+	 * @var \ADORecordSet
 	 */
 	var $Query_ID = 0;
 
@@ -51,8 +51,8 @@ class Deprecated extends Api\Db
 	* @param array|boolean $inputarr array for binding variables to parameters or false (default)
 	* @param int $fetchmode =self::FETCH_BOTH self::FETCH_BOTH (default), self::FETCH_ASSOC or self::FETCH_NUM
 	* @param boolean $reconnect =true true: try reconnecting if server closes connection, false: dont (mysql only!)
-	* @return ADORecordSet or false, if the query fails
-	* @throws EGroupware\Api\Db\Exception\InvalidSql with $this->Link_ID->ErrorNo() as code
+	* @return \ADORecordSet or false, if the query fails
+	* @throws Api\Db\Exception\InvalidSql with $this->Link_ID->ErrorNo() as code
 	*/
 	function query($Query_String, $line = '', $file = '', $offset=0, $num_rows=-1, $inputarr=false, $fetchmode=self::FETCH_BOTH, $reconnect=true)
 	{
@@ -68,7 +68,7 @@ class Deprecated extends Api\Db
 	 * Return the result-object of the last query
 	 *
 	 * @deprecated use the result-object returned by query() or select() direct, so you can use the global db-object and not a clone
-	 * @return ADORecordSet
+	 * @return \ADORecordSet
 	 */
 	function query_id()
 	{
diff --git a/api/src/Db/Schema.php b/api/src/Db/Schema.php
index f29a67df52..ff730a7f77 100644
--- a/api/src/Db/Schema.php
+++ b/api/src/Db/Schema.php
@@ -30,19 +30,19 @@ class Schema
 	/**
 	 * db-object
 	 *
-	 * @var EGroupware\Api\Db\Deprecated
+	 * @var Deprecated
 	 */
 	var $m_odb;
 	/**
 	 * reference to the global ADOdb object
 	 *
-	 * @var ADOConnection
+	 * @var \ADOConnection
 	 */
 	var $adodb;
 	/**
 	 * adodb's datadictionary object for the used db-type
 	 *
-	 * @var ADODB_DataDict
+	 * @var \ADODB_DataDict
 	 */
 	var $dict;
 	/**
@@ -95,8 +95,7 @@ class Schema
 	 * Constructor of schema-processor
 	 *
 	 * @param string $dbms type of the database: 'mysql','pgsql','mssql','maxdb'
-	 * @param Db $db =null database class, if null we use $GLOBALS['egw']->db
-	 * @return schema_proc
+	 * @param Api\Db $db =null database class, if null we use $GLOBALS['egw']->db
 	 */
 	function __construct($dbms=False, Api\Db $db=null)
 	{
diff --git a/api/src/Egw/Applications.php b/api/src/Egw/Applications.php
index 1ef24b1244..8e3cf96bf4 100755
--- a/api/src/Egw/Applications.php
+++ b/api/src/Egw/Applications.php
@@ -23,7 +23,7 @@ class Applications
 	/**
 	 * Reference to the global db class
 	 *
-	 * @var EGroupware\Api\Db
+	 * @var Api\Db
 	 */
 	var $db;
 	var $table_name = 'egw_applications';
@@ -35,7 +35,7 @@ class Applications
 	/**
 	 * standard constructor for setting $this->account_id
 	 *
-	 * @param $account_id account id
+	 * @param int|string $account_id account-id or -lid
 	 */
 	function __construct($account_id = '')
 	{
diff --git a/api/src/Egw/Base.php b/api/src/Egw/Base.php
index 9ebef9112a..9becbc6bd6 100644
--- a/api/src/Egw/Base.php
+++ b/api/src/Egw/Base.php
@@ -18,7 +18,7 @@ namespace EGroupware\Api\Egw;
 use EGroupware\Api;
 
 /**
- * Egw\Base object used in setup, does not instanciate anything by default
+ * Base object used in setup, does not instanciate anything by default
  *
  * Extending Egw\Base which uses now a getter method to create the usual subobject on demand,
  * to allow a quicker header include on sites not using php4-restore.
@@ -46,7 +46,7 @@ class Base
 	/**
 	 * Global ADOdb object, need to be defined here, to not call magic __get method
 	 *
-	 * @var ADOConnection
+	 * @var \ADOConnection
 	 */
 	var $ADOdb;
 
diff --git a/api/src/Etemplate/KeyManager.php b/api/src/Etemplate/KeyManager.php
index 9e39527cd0..346c6ad275 100644
--- a/api/src/Etemplate/KeyManager.php
+++ b/api/src/Etemplate/KeyManager.php
@@ -97,7 +97,7 @@ class KeyManager
 		// Function keys
 		if ($keyCode >= self::F1 && $keyCode <= self::F12)
 		{
-			return "F".($keyCode - EGW_KEY_F1 + 1);
+			return "F".($keyCode - self::F1 + 1);
 		}
 
 		// Special keys
diff --git a/api/src/Etemplate/Request.php b/api/src/Etemplate/Request.php
index e3c5a781e5..f4823645b9 100644
--- a/api/src/Etemplate/Request.php
+++ b/api/src/Etemplate/Request.php
@@ -486,7 +486,7 @@ class Request
 		foreach($this->data as $key => $val)
 		{
 			$len = strlen(is_array($val) ? serialize($val) : $val);
-			$len .= ' ('.sprintf('%2.1lf',($percent = 100.0 * $len / $total)).'%)';
+			$len .= ' ('.sprintf('%2.1f',($percent = 100.0 * $len / $total)).'%)';
 			if ($percent < $min_share) continue;
 			echo "<p><b>$key</b>: strlen(\$val)=$len</p>\n";
 			if ($percent >= $dump_share) _debug_array($val);
@@ -495,7 +495,7 @@ class Request
 				foreach($val as $k => $v)
 				{
 					$l = strlen(is_array($v) ? serialize($v) : $v);
-					$l .= ' ('.sprintf('%2.1lf',($p = 100.0 * $l / $total)).'%)';
+					$l .= ' ('.sprintf('%2.1f',($p = 100.0 * $l / $total)).'%)';
 					if ($p < $min_share) continue;
 					echo "<p>&nbsp;- {$key}[$k]: strlen(\$v)=$l</p>\n";
 				}
@@ -533,9 +533,17 @@ class Request
 				return false;
 			}
 			$iv_size = mcrypt_enc_get_iv_size(self::$mcrypt);
-			$iv = !isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size ?
-				mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
-
+			if (!isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size)
+			{
+				if (!($iv = mcrypt_create_iv ($iv_size, MCRYPT_DEV_RANDOM)))
+				{
+					return self::$mcrypt = false;
+				}
+			}
+			else
+			{
+				$iv = substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
+			}
 			$key_size = mcrypt_enc_get_key_size(self::$mcrypt);
 			if (bytes($key) > $key_size) $key = cut_bytes($key,0,$key_size-1);
 
diff --git a/api/src/Etemplate/Request/Cache.php b/api/src/Etemplate/Request/Cache.php
index d98cdc973b..a431db04bb 100644
--- a/api/src/Etemplate/Request/Cache.php
+++ b/api/src/Etemplate/Request/Cache.php
@@ -94,7 +94,7 @@ class Cache extends Etemplate\Request
 	 *
 	 * @param string $id =null
 	 * @param bool $handle_not_found =true true: handle not found by trying to redirect, false: just return null
-	 * @return Request|null null if Request not found and $handle_not_found === false
+	 * @return ?Etemplate\Request|false null if Request not found and $handle_not_found === false
 	 */
 	public static function read($id=null, $handle_not_found=true)
 	{
diff --git a/api/src/Etemplate/Request/Files.php b/api/src/Etemplate/Request/Files.php
index eca570b3cf..b15054d320 100644
--- a/api/src/Etemplate/Request/Files.php
+++ b/api/src/Etemplate/Request/Files.php
@@ -80,9 +80,6 @@ class Files extends Etemplate\Request
 		if (!$id) $id = self::request_id();
 
 		$this->id = $id;
-
-		// hack to quiten IDE Warning for not calling parent::__construct, which we can not!
-		if (false) parent::__construct();
 	}
 
 	/**
@@ -100,7 +97,7 @@ class Files extends Etemplate\Request
 	 * Factory method to get a new request object or the one for an existing request
 	 *
 	 * @param string $id =null
-	 * @return etemplate_request|boolean the object or false if $id is not found
+	 * @return ?Etemplate\Request|false the object or false if $id is not found
 	 */
 	static function read($id=null)
 	{
diff --git a/api/src/Etemplate/Request/Session.php b/api/src/Etemplate/Request/Session.php
index c71f4d7731..7bad1420fe 100644
--- a/api/src/Etemplate/Request/Session.php
+++ b/api/src/Etemplate/Request/Session.php
@@ -66,9 +66,6 @@ class Session extends Etemplate\Request
 		if (!$id) $id = self::request_id();
 
 		$this->id = $id;
-
-		// hack to quiten IDE Warning for not calling parent::__construct, which we can not!
-		if (false) parent::__construct();
 	}
 
 	/**
@@ -86,7 +83,7 @@ class Session extends Etemplate\Request
 	 * Factory method to get a new request object or the one for an existing request
 	 *
 	 * @param string $id =null
-	 * @return etemplate_request|boolean the object or false if $id is not found
+	 * @return ?Etemplate\request|false the object or false if $id is not found
 	 */
 	static function read($id=null)
 	{
diff --git a/api/src/Etemplate/Widget.php b/api/src/Etemplate/Widget.php
index 8d24605b6d..4d7dfdd66d 100644
--- a/api/src/Etemplate/Widget.php
+++ b/api/src/Etemplate/Widget.php
@@ -75,7 +75,7 @@ class Widget
 	 *
 	 * It's a static variable as etemplates can contain further etemplates (rendered by a different object)
 	 *
-	 * @var etemplate_request
+	 * @var Request
 	 */
 	static protected $request;
 
@@ -100,7 +100,7 @@ class Widget
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml)
@@ -862,7 +862,11 @@ class Widget
 		{
 			throw new Api\Exception\AssertionFailed(__METHOD__."(\$arr,'$_idx',$reference_into,$skip_empty) \$arr is no array!");
 		}
-		if (is_object($_idx)) return false;	// given an error in php5.2
+		if (is_object($_idx))
+		{
+			$ret = false;	// given an error in php5.2
+			return $ret;
+		}
 
 		// Make sure none of these are left
 		$idx = str_replace(array('&#x5B;','&#x5D;'), array('[',']'), $_idx);
@@ -883,9 +887,14 @@ class Widget
 			if (!is_array($pos) && (!$reference_into || $reference_into && isset($pos)))
 			{
 				//if ($reference_into) error_log(__METHOD__."(".(strlen($s=array2string($arr))>512?substr($s,0,512).'...':$s).", '$idx', ".array2string($reference_into).", ".array2string($skip_empty).") ".function_backtrace());
-				return null;
+				$ret = null;
+				return $ret;
+			}
+			if($skip_empty && (!is_array($pos) || !isset($pos[$idx])))
+			{
+				$ret = null;
+				return $ret;
 			}
-			if($skip_empty && (!is_array($pos) || !isset($pos[$idx]))) return null;
 			$pos = &$pos[$idx];
 		}
 		return $pos;
diff --git a/api/src/Etemplate/Widget/AjaxSelect.php b/api/src/Etemplate/Widget/AjaxSelect.php
index 19ec03cec9..b99fe881aa 100644
--- a/api/src/Etemplate/Widget/AjaxSelect.php
+++ b/api/src/Etemplate/Widget/AjaxSelect.php
@@ -13,6 +13,7 @@
 namespace EGroupware\Api\Etemplate\Widget;
 
 use EGroupware\Api\Etemplate;
+use EGroupware\Api;
 
 /**
  * eTemplate ajax select widget
@@ -22,7 +23,7 @@ class AjaxSelect extends Select
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
diff --git a/api/src/Etemplate/Widget/Countdown.php b/api/src/Etemplate/Widget/Countdown.php
index 0481ef34dd..62b06d0fff 100644
--- a/api/src/Etemplate/Widget/Countdown.php
+++ b/api/src/Etemplate/Widget/Countdown.php
@@ -49,10 +49,9 @@ class Countdown extends Api\Etemplate\Widget
 	 * This is used by Nextmatch on each row to do any needed
 	 * adjustments.  If not needed, don't implement it.
 	 *
-	 * @param type $cname
+	 * @param string $cname
 	 * @param array $expand
 	 * @param array $data Row data
-	 * @return type
 	 */
 	public function set_row_value($cname, Array $expand, Array &$data)
 	{
diff --git a/api/src/Etemplate/Widget/Customfields.php b/api/src/Etemplate/Widget/Customfields.php
index 010859225e..0964a7fd9b 100644
--- a/api/src/Etemplate/Widget/Customfields.php
+++ b/api/src/Etemplate/Widget/Customfields.php
@@ -17,6 +17,8 @@ use EGroupware\Api;
 
 /**
  * Widgets for custom fields and listing custom fields
+ *
+ * @todo: fix the two undefined variables ($value and $field)
  */
 class Customfields extends Transformer
 {
@@ -127,9 +129,9 @@ class Customfields extends Transformer
 
 		if(!$app && !$customfields)
 		{
-			$app =& $this->setElementAttribute(self::GLOBAL_VALS, 'app', $GLOBALS['egw_info']['flags']['currentapp']);
+			$app =& self::setElementAttribute(self::GLOBAL_VALS, 'app', $GLOBALS['egw_info']['flags']['currentapp']);
 			if ($this->attrs['sub-app']) $app .= '-'.$this->attrs['sub-app'];
-			$customfields =& $this->setElementAttribute(self::GLOBAL_VALS, 'customfields', Api\Storage\Customfields::get($app));
+			$customfields =& self::setElementAttribute(self::GLOBAL_VALS, 'customfields', Api\Storage\Customfields::get($app));
 		}
 
 		// if we are in the etemplate editor or the app has no cf's, load the cf's from the app the tpl belongs too
@@ -137,7 +139,7 @@ class Customfields extends Transformer
 			($GLOBALS['egw_info']['flags']['currentapp'] == 'etemplate' || !$this->attrs['customfields']) || !isset($customfields))
 		{
 			// app changed
-			$customfields =& Api\Storage\Customfields::get($app);
+			$customfields = Api\Storage\Customfields::get($app);
 		}
 		if($this->attrs['customfields'])
 		{
@@ -245,8 +247,8 @@ class Customfields extends Transformer
 		if($fields != $customfields)
 		{
 			// This widget has different settings from global
-			$this->setElementAttribute($form_name, 'customfields', $fields);
-			$this->setElementAttribute($form_name, 'fields', array_merge(
+			self::setElementAttribute($form_name, 'customfields', $fields);
+			self::setElementAttribute($form_name, 'fields', array_merge(
 				array_fill_keys(array_keys($customfields), false),
 				array_fill_keys(array_keys($fields), true)
 			));
diff --git a/api/src/Etemplate/Widget/Date.php b/api/src/Etemplate/Widget/Date.php
index 39054f2155..8e7defe63c 100644
--- a/api/src/Etemplate/Widget/Date.php
+++ b/api/src/Etemplate/Widget/Date.php
@@ -83,10 +83,9 @@ class Date extends Transformer
 	 * This is used by Nextmatch on each row to do any needed
 	 * adjustments.  If not needed, don't implement it.
 	 *
-	 * @param type $cname
+	 * @param string $cname
 	 * @param array $expand
 	 * @param array $data Row data
-	 * @return type
 	 */
 	public function set_row_value($cname, Array $expand, Array &$data)
 	{
diff --git a/api/src/Etemplate/Widget/Entry.php b/api/src/Etemplate/Widget/Entry.php
index b8b92d839c..f6cb1a4d5b 100644
--- a/api/src/Etemplate/Widget/Entry.php
+++ b/api/src/Etemplate/Widget/Entry.php
@@ -15,8 +15,6 @@
 
 namespace EGroupware\Api\Etemplate\Widget;
 
-use EGroupware\Api\Storage\Merge;
-
 /**
  * eTemplate  Entry widget
  *
@@ -134,7 +132,7 @@ abstract class Entry extends Transformer
 	/**
 	 * Get a list of fields available for display
 	 *
-	 * @return Array
+	 * @return array
 	 */
 	protected static function get_field_list()
 	{
@@ -144,14 +142,12 @@ abstract class Entry extends Transformer
 	/**
 	 * Using ID, field and alternate fields, find the one to use
 	 *
-	 * @param Array $attrs
-	 * @param Array $data
-	 * @return Reference into data array for value
+	 * @param array $attrs
+	 * @param array $data
+	 * @return mixed Reference into data array for value
 	 */
 	protected function &get_data_field($attrs, &$data)
 	{
-		$id = is_array($data) ? static::get_array($data, $this->id) : $data;
-
 		$value =& $data;
 		if(!is_array($value)) return $value;
 
@@ -162,7 +158,8 @@ abstract class Entry extends Transformer
 				return $value[$field];
 			}
 		}
-		return null;
+		$ret = null;
+		return $ret;
 	}
 
 	/**
@@ -173,8 +170,8 @@ abstract class Entry extends Transformer
 	 *  #infolog_cf/#addressbook_cf/n_fn
 	 *  etc.
 	 *
-	 * @param Array $attrs Current field attributes
-	 * @param Array $data Current entry data
+	 * @param array $attrs Current field attributes
+	 * @param array $data Current entry data
 	 */
 	protected function customfield($attrs, &$data)
 	{
@@ -209,13 +206,11 @@ abstract class Entry extends Transformer
 	/**
 	 * Handle regex attribute that allows modifying the value via regex replace
 	 *
-	 * @param Array $attrs Current field attributes
-	 * @param Array $data Current entry data
+	 * @param array $attrs Current field attributes
+	 * @param array $data Current entry data
 	 */
 	protected function regex($attrs, &$data)
 	{
-		$data_id = $attrs['value'] ?: $attrs['id'];
-		$id = is_array($data) ? static::get_array($data, $data_id) : $data;
 		$value =& $this->get_data_field($attrs, $data);
 		if(!$attrs['regex'] || !$value)
 		{
diff --git a/api/src/Etemplate/Widget/File.php b/api/src/Etemplate/Widget/File.php
index b89f9863da..7946d1ef92 100644
--- a/api/src/Etemplate/Widget/File.php
+++ b/api/src/Etemplate/Widget/File.php
@@ -50,7 +50,7 @@ class File extends Etemplate\Widget
 		// Legacy multiple - id ends in []
 		if(substr($this->id,-2) == '[]')
 		{
-			$this->setElementAttribute($this->id, 'multiple', true);
+			self::setElementAttribute($this->id, 'multiple', true);
 		}
 	}
 
diff --git a/api/src/Etemplate/Widget/HtmlArea.php b/api/src/Etemplate/Widget/HtmlArea.php
index d777c40337..c80b0ab2d4 100644
--- a/api/src/Etemplate/Widget/HtmlArea.php
+++ b/api/src/Etemplate/Widget/HtmlArea.php
@@ -23,7 +23,7 @@ class HtmlArea extends Etemplate\Widget
 {
 	/**
 	 * font families
-	 * @var type array
+	 * @var array
 	 */
 	public static $font_options = array(
 		'andale mono,times' => 'Andale Mono',
@@ -49,7 +49,7 @@ class HtmlArea extends Etemplate\Widget
 
 	/**
 	 * font size options
-	 * @var type array
+	 * @var array
 	 */
 	public static $font_size_options = array(
 		8  => '8',
@@ -72,7 +72,7 @@ class HtmlArea extends Etemplate\Widget
 
 	/**
 	 * font unit options
-	 * @var type array
+	 * @var array
 	 */
 	public static $font_unit_options = array(
 		'pt' => 'pt: points (1/72 inch)',
@@ -81,7 +81,7 @@ class HtmlArea extends Etemplate\Widget
 
 	/**
 	 * List of exisitng toolbar actions
-	 * @var type array
+	 * @var array
 	 */
 	public static $toolbar_list = [
 		'undo', 'redo', 'bold', 'italic', 'strikethrough', 'forecolor', 'backcolor',
@@ -92,7 +92,7 @@ class HtmlArea extends Etemplate\Widget
 
 	/**
 	 * Default list of toolbar actions
-	 * @var type array
+	 * @var array
 	 */
 	public static $toolbar_default_list = [
 		'undo', 'redo','formatselect', 'fontselect', 'fontsizeselect',
diff --git a/api/src/Etemplate/Widget/ItemPicker.php b/api/src/Etemplate/Widget/ItemPicker.php
index 61865fbe57..8ec61cdf0d 100755
--- a/api/src/Etemplate/Widget/ItemPicker.php
+++ b/api/src/Etemplate/Widget/ItemPicker.php
@@ -26,7 +26,7 @@ class ItemPicker extends Etemplate\Widget
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
diff --git a/api/src/Etemplate/Widget/Link.php b/api/src/Etemplate/Widget/Link.php
index 001d79ff3c..496662b66c 100644
--- a/api/src/Etemplate/Widget/Link.php
+++ b/api/src/Etemplate/Widget/Link.php
@@ -32,7 +32,7 @@ class Link extends Etemplate\Widget
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
@@ -275,7 +275,8 @@ class Link extends Etemplate\Widget
 		}
 		elseif ($action == "move")
 		{
-			Api\Vfs::move_files($files, Api\Link::vfs_path($app, $id, '', true), $errs = array(), $moved = array());
+			$errs = $moved = [];
+			Api\Vfs::move_files($files, Api\Link::vfs_path($app, $id, '', true), $errs, $moved);
 		}
 		else
 		{
diff --git a/api/src/Etemplate/Widget/Nextmatch/Accountfilter.php b/api/src/Etemplate/Widget/Nextmatch/Accountfilter.php
index a48ad5d621..d3af2d2bd9 100644
--- a/api/src/Etemplate/Widget/Nextmatch/Accountfilter.php
+++ b/api/src/Etemplate/Widget/Nextmatch/Accountfilter.php
@@ -23,7 +23,7 @@ class Accountfilter extends Widget\Taglist
 	/**
 	 * Parse and set extra attributes from xml in template object
 	 *
-	 * @param string|XMLReader $xml
+	 * @param string|\XMLReader $xml
 	 * @param boolean $cloned =true true: object does NOT need to be cloned, false: to set attribute, set them in cloned object
 	 */
 	public function set_attrs($xml, $cloned=true)
diff --git a/api/src/Etemplate/Widget/Nextmatch/Customfilter.php b/api/src/Etemplate/Widget/Nextmatch/Customfilter.php
index 4d04e16e7f..b48e4fb462 100644
--- a/api/src/Etemplate/Widget/Nextmatch/Customfilter.php
+++ b/api/src/Etemplate/Widget/Nextmatch/Customfilter.php
@@ -50,12 +50,12 @@ class Customfilter extends Widget\Transformer
 		}
 		$form_name = self::form_name($cname, $this->id, $expand);
 
-		$this->setElementAttribute($form_name, 'options', trim($this->attrs['widget_options']) != '' ? $this->attrs['widget_options'] : '');
+		self::setElementAttribute($form_name, 'options', trim($this->attrs['widget_options']) != '' ? $this->attrs['widget_options'] : '');
 
-		$this->setElementAttribute($form_name, 'type', $this->attrs['type']);
+		self::setElementAttribute($form_name, 'type', $this->attrs['type']);
 		if($widget_type)
 		{
-			$this->setElementAttribute($form_name, 'widget_type', $widget_type);
+			self::setElementAttribute($form_name, 'widget_type', $widget_type);
 		}
 		parent::beforeSendToClient($cname, $expand);
 	}
@@ -71,6 +71,7 @@ class Customfilter extends Widget\Transformer
 	 */
 	public function validate($cname, array $expand, array $content, &$validated=array())
 	{
+		$form_name = self::form_name($cname, $this->id, $expand);
 		$value = $value_in = self::get_array($content, $form_name);
 
 		$valid =& self::get_array($validated, $form_name, true);
diff --git a/api/src/Etemplate/Widget/Password.php b/api/src/Etemplate/Widget/Password.php
index fc13216882..ae4d5ef7f3 100644
--- a/api/src/Etemplate/Widget/Password.php
+++ b/api/src/Etemplate/Widget/Password.php
@@ -16,6 +16,7 @@ namespace EGroupware\Api\Etemplate\Widget;
 use EGroupware\Api\Etemplate;
 use EGroupware\Api\Auth;
 use EGroupware\Api\Mail\Credentials;
+use EGroupware\Api;
 use XMLReader;
 
 /**
diff --git a/api/src/Etemplate/Widget/Select.php b/api/src/Etemplate/Widget/Select.php
index e8cf3c18df..713a5d21e2 100644
--- a/api/src/Etemplate/Widget/Select.php
+++ b/api/src/Etemplate/Widget/Select.php
@@ -77,7 +77,7 @@ class Select extends Etemplate\Widget
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
@@ -100,7 +100,7 @@ class Select extends Etemplate\Widget
 	 *
 	 * Reimplemented to parse our differnt attributes
 	 *
-	 * @param string|XMLReader $xml
+	 * @param string|\XMLReader $xml
 	 * @param boolean $cloned =true true: object does NOT need to be cloned, false: to set attribute, set them in cloned object
 	 * @return Template current object or clone, if any attribute was set
 	 * @todo Use legacy_attributes instead of leaving it to typeOptions method to parse them
diff --git a/api/src/Etemplate/Widget/Taglist.php b/api/src/Etemplate/Widget/Taglist.php
index b89a7ab207..43a83210c2 100644
--- a/api/src/Etemplate/Widget/Taglist.php
+++ b/api/src/Etemplate/Widget/Taglist.php
@@ -36,7 +36,7 @@ class Taglist extends Etemplate\Widget
 	 *
 	 * Overrides parent to check for $xml first, prevents errors when instanciated without (via AJAX)
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
diff --git a/api/src/Etemplate/Widget/Textbox.php b/api/src/Etemplate/Widget/Textbox.php
index a42655e086..fe8e836671 100644
--- a/api/src/Etemplate/Widget/Textbox.php
+++ b/api/src/Etemplate/Widget/Textbox.php
@@ -14,6 +14,7 @@
 namespace EGroupware\Api\Etemplate\Widget;
 
 use EGroupware\Api\Etemplate;
+use EGroupware\Api;
 use XMLReader;
 
 /**
@@ -65,9 +66,9 @@ class Textbox extends Etemplate\Widget
 		// so you got an input element, but it was not editable.
 		if ($this->attrs['size'] < 0)
 		{
-			$this->setElementAttribute($this->id, 'size', abs($this->attrs['size']));
+			self::setElementAttribute($this->id, 'size', abs($this->attrs['size']));
 			self::$request->readonlys[$this->id] = false;
-			$this->setElementAttribute($this->id, 'readonly', true);
+			self::setElementAttribute($this->id, 'readonly', true);
 			trigger_error("Using a negative size to set textbox readonly. " .$this, E_USER_DEPRECATED);
 		}
 		return $this;
diff --git a/api/src/Etemplate/Widget/Tree.php b/api/src/Etemplate/Widget/Tree.php
index 46644dccf1..1fa12c56d0 100644
--- a/api/src/Etemplate/Widget/Tree.php
+++ b/api/src/Etemplate/Widget/Tree.php
@@ -113,7 +113,7 @@ class Tree extends Etemplate\Widget
 	/**
 	 * Constructor
 	 *
-	 * @param string|XMLReader $xml string with xml or XMLReader positioned on the element to construct
+	 * @param string|\XMLReader $xml string with xml or XMLReader positioned on the element to construct
 	 * @throws Api\Exception\WrongParameter
 	 */
 	public function __construct($xml = '')
@@ -133,9 +133,9 @@ class Tree extends Etemplate\Widget
 	 *
 	 * Reimplemented to parse our differnt attributes
 	 *
-	 * @param string|XMLReader $xml
+	 * @param string|\XMLReader $xml
 	 * @param boolean $cloned =true true: object does NOT need to be cloned, false: to set attribute, set them in cloned object
-	 * @return Etempalte\Widget current object or clone, if any attribute was set
+	 * @return Etemplate\Widget current object or clone, if any attribute was set
 	 */
 	public function set_attrs($xml, $cloned=true)
 	{
@@ -145,7 +145,7 @@ class Tree extends Etemplate\Widget
 		// set attrs[multiple] from attrs[options]
 		if ($this->attrs['options'] > 1)
 		{
-			$this->setElementAttribute($this->id, 'multiple', true);
+			self::setElementAttribute($this->id, 'multiple', true);
 		}
 	}
 
diff --git a/api/src/Etemplate/Widget/Vfs.php b/api/src/Etemplate/Widget/Vfs.php
index 2b3b2d0f13..ee94a21ced 100644
--- a/api/src/Etemplate/Widget/Vfs.php
+++ b/api/src/Etemplate/Widget/Vfs.php
@@ -49,7 +49,7 @@ class Vfs extends File
 				$path = $form_name;
 			}
 
-			$this->setElementAttribute($form_name, 'path', $path);
+			self::setElementAttribute($form_name, 'path', $path);
 			// ID maps to path - check there for any existing files
 			list($app,$id,$relpath) = explode(':',$path,3);
 			if($app && $id)
diff --git a/api/src/Framework.php b/api/src/Framework.php
index eb1421d545..68ff8556eb 100644
--- a/api/src/Framework.php
+++ b/api/src/Framework.php
@@ -137,7 +137,7 @@ abstract class Framework extends Framework\Extra
 		return preg_match('/^[A-Z0-9_-]+$/i', $template) &&
 			file_exists(EGW_SERVER_ROOT.'/'.$template) &&
 			file_exists($file=EGW_SERVER_ROOT.'/'.$template.'/setup/setup.inc.php') &&
-			include_once($file) && !empty($GLOBALS['egw_info']['template'][$template]);
+			include($file) && !empty($GLOBALS['egw_info']['template'][$template]);
 	}
 
 	/**
@@ -367,11 +367,11 @@ abstract class Framework extends Framework\Extra
 	public static function get_page_generation_time()
 	{
 		$times = array(
-			'page_generation_time' => sprintf('%4.2lf', microtime(true) - $GLOBALS['egw_info']['flags']['page_start_time']),
+			'page_generation_time' => sprintf('%4.2f', microtime(true) - $GLOBALS['egw_info']['flags']['page_start_time']),
 		);
 		if ($GLOBALS['egw_info']['flags']['session_restore_time'])
 		{
-			$times['session_restore_time'] = sprintf('%4.2lf', $GLOBALS['egw_info']['flags']['session_restore_time']);
+			$times['session_restore_time'] = sprintf('%4.2f', $GLOBALS['egw_info']['flags']['session_restore_time']);
 		}
 		return $times;
 	}
@@ -594,8 +594,8 @@ abstract class Framework extends Framework\Extra
 	/**
 	 * Get login logo or background image base on requested config type
 	 *
-	 * @param type $type config type to fetch. e.g.: "login_logo_file"
-	 * @param type $find_type type of image to search on as alternative option. e.g.: "logo"
+	 * @param string $type config type to fetch. e.g.: "login_logo_file"
+	 * @param string $find_type type of image to search on as alternative option. e.g.: "logo"
 	 *
 	 * @return string returns full url of the image
 	 */
@@ -643,7 +643,8 @@ abstract class Framework extends Framework\Extra
 	 */
 	protected static function _user_avatar_menu()
 	{
-		$stat = array_pop(Hooks::process('framework_avatar_stat'));
+		$stats = Hooks::process('framework_avatar_stat');
+		$stat = array_pop($stats);
 
 		return '<span title="'.Accounts::format_username().'" class="avatar"><img src="'.Egw::link('/api/avatar.php', array(
 								'account_id' => $GLOBALS['egw_info']['user']['account_id'],
diff --git a/api/src/Framework/Ajax.php b/api/src/Framework/Ajax.php
index ef8103a8b0..5cab00c9d0 100755
--- a/api/src/Framework/Ajax.php
+++ b/api/src/Framework/Ajax.php
@@ -322,7 +322,7 @@ abstract class Ajax extends Api\Framework
 	* @param string $id unique element id
 	* @param string $icon_src src of the icon image. Make sure this nog height then 18pixels
 	* @param string $iconlink where the icon links to
-	* @param booleon $blink set true to make the icon blink
+	* @param boolean $blink set true to make the icon blink
 	* @param mixed $tooltip string containing the tooltip Api\Html, or null of no tooltip
 	* @todo implement in a reasonable way for jdots
 	* @return void
@@ -648,7 +648,7 @@ abstract class Ajax extends Api\Framework
 	 * Ajax callback which is called whenever a previously opened tab is closed or
 	 * opened.
 	 *
-	 * @param $tablist is an array which contains each tab as an associative array
+	 * @param array $tablist is an array which contains each tab as an associative array
 	 *   with the keys 'appName' and 'active'
 	 */
 	public static function ajax_tab_changed_state($tablist)
@@ -718,8 +718,8 @@ abstract class Ajax extends Api\Framework
 
 	/**
 	 * Stores the width of the sidebox menu depending on the sidebox menu settings
-	 * @param $appname the name of the application
-	 * @param $width the width set
+	 * @param string $appname the name of the application
+	 * @param int $width the width set
 	 */
 	public static function ajax_sideboxwidth($appname, $width)
 	{
@@ -1032,7 +1032,7 @@ abstract class Ajax extends Api\Framework
 		// call application menuaction
 		ob_start();
 		$obj->$method();
-		$output .= ob_get_contents();
+		$output = ob_get_contents();
 		ob_end_clean();
 
 		// add registered css and javascript to the response
diff --git a/api/src/Framework/Extra.php b/api/src/Framework/Extra.php
index 80053cf0c4..c4951d4fb9 100644
--- a/api/src/Framework/Extra.php
+++ b/api/src/Framework/Extra.php
@@ -50,7 +50,7 @@ abstract class Extra
 	 * - add: requires full reload for proper sorting
 	 * - null: full reload
 	 * @param string $targetapp =null which app's window should be refreshed, default current
-	 * @param string|RegExp $replace =null regular expression to replace in url
+	 * @param string $replace =null regular expression to replace in url
 	 * @param string $with =null
 	 * @param string $msg_type =null 'error', 'warning' or 'success' (default)
 	 */
diff --git a/api/src/Framework/Minimal.php b/api/src/Framework/Minimal.php
index c62138b4aa..0d279003f9 100644
--- a/api/src/Framework/Minimal.php
+++ b/api/src/Framework/Minimal.php
@@ -31,7 +31,6 @@ class Minimal extends Api\Framework
 	* Constructor
 	*
 	* @param string $template ='default' name of the template
-	* @return idots_framework
 	*/
 	function __construct($template='default')
 	{
@@ -159,7 +158,7 @@ class Minimal extends Api\Framework
 	* @param string $id unique element id
 	* @param string $icon_src src of the icon image. Make sure this nog height then 18pixels
 	* @param string $iconlink where the icon links to
-	* @param booleon $blink set true to make the icon blink
+	* @param boolean $blink set true to make the icon blink
 	* @param mixed $tooltip string containing the tooltip html, or null of no tooltip
 	* @access public
 	* @return void
diff --git a/api/src/Framework/Template.php b/api/src/Framework/Template.php
index 1e2655560b..11c5639118 100644
--- a/api/src/Framework/Template.php
+++ b/api/src/Framework/Template.php
@@ -123,7 +123,7 @@ class Template
 	/**
 	 * Set template/file to process
 	 *
-	 * @param string $handle handle for a filename,
+	 * @param string|string[} $handle handle for a filename,
 	 * @param string $filename ='' name of template file
 	 */
 	function set_file($handle, $filename = '')
@@ -174,7 +174,7 @@ class Template
 			$name = $handle;
 		}
 		$str = $this->get_var($parent);
-		$qhandle = preg_quote($handle);
+		$qhandle = preg_quote($handle, '/');
 		$reg = "/<!--\\s+BEGIN $qhandle\\s+-->(.*)\n\\s*<!--\\s+END $qhandle\\s+-->/s";
 		$match = null;
 		if (!preg_match($reg,$str,$match))
diff --git a/api/src/Header/Authenticate.php b/api/src/Header/Authenticate.php
index 1afef04274..f1fc5fe45b 100644
--- a/api/src/Header/Authenticate.php
+++ b/api/src/Header/Authenticate.php
@@ -198,7 +198,7 @@ class Authenticate
 	{
 		if (self::digest_auth_available($realm))
 		{
-			$nonce = uniqid();
+			$nonce = Api\Auth::randomstring();
    			header('WWW-Authenticate: Digest realm="'.$realm.'",qop="auth",nonce="'.$nonce.'",opaque="'.md5($realm).'"');
 			if (self::ERROR_LOG) error_log(__METHOD__."() offering digest auth for realm '$realm' using nonce='$nonce'");
 		}
@@ -219,7 +219,8 @@ class Authenticate
 
 		$data = self::parse_digest($auth_digest);
 
-		if (!$data || !($A1 = self::get_digest_A1($realm,$username=$data['username'],$password=null)))
+		$password = null;
+		if (!$data || !($A1 = self::get_digest_A1($realm,$username=$data['username'],$password)))
 		{
 			error_log(__METHOD__."('$realm','$auth_digest','$username') returning FALSE");
 			return false;
diff --git a/api/src/Hooks.php b/api/src/Hooks.php
index 4b61f7b303..889c12a956 100644
--- a/api/src/Hooks.php
+++ b/api/src/Hooks.php
@@ -143,7 +143,7 @@ class Hooks
 					$ret[] = ExecMethod2($hook, $args);
 				}
 			}
-			catch (Api\Exception\AssertionFailed $e)
+			catch (Exception\AssertionFailed $e)
 			{
 				if (preg_match('/ file .+ not found!$/', $e->getMessage()))
 				{
diff --git a/api/src/Html.php b/api/src/Html.php
index 4cca2218a9..4b8fa8e2d3 100644
--- a/api/src/Html.php
+++ b/api/src/Html.php
@@ -1218,7 +1218,7 @@ tinymce.init({
 			$tree_initialised = true;
 			if (!$_folders && !$autoLoading) return null;
 		}
-		$html = self::div("\n",'id="'.$tree.'"',$_divClass).$html;
+		$html = self::div("\n",'id="'.$tree.'"',$_divClass);
 		$html .= "<script type='text/javascript'>\n";
 		$html .= "var $tree;";
 		$html .= "egw_LAB.wait(function() {";
diff --git a/api/src/Html/HtmLawed.php b/api/src/Html/HtmLawed.php
index 4f21fc9e35..f13c1ded9a 100644
--- a/api/src/Html/HtmLawed.php
+++ b/api/src/Html/HtmLawed.php
@@ -26,7 +26,7 @@ class HtmLawed
 	/**
 	 * config options see constructor
 	 *
-	 * @var Configuration
+	 * @var string|array
 	 */
 	var $Configuration;
 
@@ -38,7 +38,7 @@ class HtmLawed
 	 * as a string of text containing one or more rules, with multiple rules separated from each
 	 * other by a semi-colon (;)
 	 *
-	 * @var Spec
+	 * @var string|array
 	 */
 	var $Spec;
 
@@ -101,10 +101,10 @@ class HtmLawed
 	/**
 	 * Run htmLawed
 	 *
-	 * @param varchar $html2check =text input Text to check
-	 * @param mixed $Config = text or array
-	 * @param mixed $Spec =text or array; The '$spec' argument can be used to disallow an otherwise legal attribute for an element
-	 * @return varchar cleaned/fixed html
+	 * @param string $html2check =text input Text to check
+	 * @param string|array $Config = text or array
+	 * @param string|array $Spec =text or array; The '$spec' argument can be used to disallow an otherwise legal attribute for an element
+	 * @return string cleaned/fixed html
 	 */
 	function run($html2check, $Config=null, $Spec=array())
 	{
@@ -161,7 +161,7 @@ class HtmLawed
 				$style2buffer = utf8_encode($style2buffer);
 			}
 		}
-		$style .= $style2buffer;
+		$style = $style2buffer;
 		// clean out comments and stuff
 		$search = array(
 			'@url\(http:\/\/[^\)].*?\)@si',  // url calls e.g. in style definitions
diff --git a/api/src/Ldap.php b/api/src/Ldap.php
index 9b7eeff923..11ae2d86a7 100644
--- a/api/src/Ldap.php
+++ b/api/src/Ldap.php
@@ -80,7 +80,7 @@ class Ldap
 	 * @param string $dn ='' ldap dn, default $GLOBALS['egw_info']['server']['ldap_root_dn']
 	 * @param string $passwd ='' ldap pw, default $GLOBALS['egw_info']['server']['ldap_root_pw']
 	 * @return resource|Ldap resource from ldap_connect() or false on error
-	 * @throws Exception\AssertingFailed 'LDAP support unavailable!' (no ldap extension)
+	 * @throws Exception\AssertionFailed 'LDAP support unavailable!' (no ldap extension)
 	 * @throws Exception\NoPermission if bind fails
 	 */
 	public static function factory($ressource=true, $host='', $dn='', $passwd='')
@@ -166,7 +166,7 @@ class Ldap
 	 * @param string $dn ='' ldap dn, default $GLOBALS['egw_info']['server']['ldap_root_dn']
 	 * @param string $passwd ='' ldap pw, default $GLOBALS['egw_info']['server']['ldap_root_pw']
 	 * @return resource|boolean resource from ldap_connect() or false on error
-	 * @throws Exception\AssertingFailed 'LDAP support unavailable!' (no ldap extension)
+	 * @throws Exception\AssertionFailed 'LDAP support unavailable!' (no ldap extension)
 	 * @throws Exception\NoPermission if bind fails
 	 */
 	function ldapConnect($host='', $dn='', $passwd='')
@@ -175,7 +175,7 @@ class Ldap
 		{
 			if ($this->exception_on_error) throw new Exception\AssertionFailed('LDAP support unavailable!');
 
-			printf('<b>Error: LDAP support unavailable</b><br>',$host);
+			printf('<b>Error: LDAP support unavailable</b><br>');
 			return False;
 		}
 		if (empty($host))
diff --git a/api/src/Ldap/ServerInfo.php b/api/src/Ldap/ServerInfo.php
index 9a39319e0d..bf033fe058 100644
--- a/api/src/Ldap/ServerInfo.php
+++ b/api/src/Ldap/ServerInfo.php
@@ -199,7 +199,7 @@ class ServerInfo
 	 * @param resource $ds
 	 * @param string $host
 	 * @param int $version 2 or 3
-	 * @return ldapserverinfo
+	 * @return self
 	 */
 	public static function get($ds, $host, $version=3)
 	{
diff --git a/api/src/Link.php b/api/src/Link.php
index 4518d99e1d..08c770fbcd 100644
--- a/api/src/Link.php
+++ b/api/src/Link.php
@@ -1623,9 +1623,10 @@ class Link extends Link\Storage
 		switch($type)
 		{
 			case 'title':
-				if ($app == self::VFS_APPNAME)
+				if ($app === self::VFS_APPNAME)
 				{
-					return null;	// do not cache file titles, they are just the names
+					$ret = null;	// do not cache file titles, they are just the names
+					return $ret;
 				}
 				return self::$title_cache[$app.':'.$id];
 			case 'file_access':
diff --git a/api/src/Link/Storage.php b/api/src/Link/Storage.php
index c1d7858d64..d55a8f323b 100644
--- a/api/src/Link/Storage.php
+++ b/api/src/Link/Storage.php
@@ -202,7 +202,7 @@ class Storage
 	/**
 	 * returns data of a link
 	 *
-	 * @param ing/string $app_link_id > 0 link_id of link or app-name of link
+	 * @param int|string $app_link_id > 0 link_id of link or app-name of link
 	 * @param string $id ='' id in $app, if no integer link_id given in $app_link_id
 	 * @param string $app2 ='' appname of 2. endpoint of the link, if no integer link_id given in $app_link_id
 	 * @param string $id2 ='' id in $app2, if no integer link_id given in $app_link_id
@@ -250,7 +250,7 @@ class Storage
 	/**
 	 * Remove link with $link_id or all links matching given params
 	 *
-	 * @param $link_id link-id to remove if > 0
+	 * @param int|string $link_id link-id to remove if > 0
 	 * @param string $app ='' app-name of links to remove
 	 * @param string $id ='' id in $app or '' remove all links from $app
 	 * @param int $owner =0 account_id to delete all links of a given owner, or 0
diff --git a/api/src/Mail.php b/api/src/Mail.php
index c13f838989..5dd478e853 100644
--- a/api/src/Mail.php
+++ b/api/src/Mail.php
@@ -1987,7 +1987,7 @@ class Mail
 				// possible error OR Query. But Horde gives no detailed Info :-(
 				self::$supportsORinQuery[$this->profileID]=false;
 				Cache::setCache(Cache::INSTANCE,'email','supportsORinQuery'.trim($GLOBALS['egw_info']['user']['account_id']),self::$supportsORinQuery,60*60*10);
-				if (self::$debug) error_log(__METHOD__.__LINE__." Mailserver seems to have NO OR Capability for Search:".$sortResult->message);
+				if (self::$debug) error_log(__METHOD__.__LINE__." Mailserver seems to have NO OR Capability for Search");
 				$filter = $this->createIMAPFilter($_folderName, $_filter, self::$supportsORinQuery[$this->profileID]);
 				try
 				{
@@ -2564,7 +2564,7 @@ class Mail
 			throw new Exception(__METHOD__." failed for $oldFolderName (rename to: $newFolderName) with error:".$e->getMessage());;
 		}
 		// clear FolderExistsInfoCache
-		Cache::setCache(Cache::INSTANCE,'email','icServerFolderExistsInfo'.trim($GLOBALS['egw_info']['user']['account_id']),$folderInfo,60*60*5);
+		Cache::setCache(Cache::INSTANCE,'email','icServerFolderExistsInfo'.trim($GLOBALS['egw_info']['user']['account_id']),null,60*60*5);
 
 		return $newFolderName;
 
@@ -2591,7 +2591,7 @@ class Mail
 			throw new Exception("Deleting Folder $_folderName failed! Error:".$e->getMessage());;
 		}
 		// clear FolderExistsInfoCache
-		Cache::setCache(Cache::INSTANCE,'email','icServerFolderExistsInfo'.trim($GLOBALS['egw_info']['user']['account_id']),$folderInfo,60*60*5);
+		Cache::setCache(Cache::INSTANCE,'email','icServerFolderExistsInfo'.trim($GLOBALS['egw_info']['user']['account_id']),null,60*60*5);
 
 		return true;
 	}
@@ -3492,7 +3492,7 @@ class Mail
 		catch (\Exception $e)
 		{
 			// we know that outbox is not supported, but we use this here, as we autocreate expected SpecialUseFolders in this function
-			if ($_type != 'Outbox') error_log(__METHOD__.' ('.__LINE__.') '.' Failed to retrieve Folder'.$_folderName." for ".array2string($types[$_type]).":".$e->getMessage());
+			if ($_type != 'Outbox') error_log(__METHOD__.' ('.__LINE__.') '.' Failed to retrieve Folder for '.array2string($types[$_type]).":".$e->getMessage());
 			$_folderName = false;
 		}
 		// do not try to autocreate configured Archive-Folder. Return false if configured folder does not exist
@@ -6603,9 +6603,9 @@ class Mail
 		return $bytes . ' ' . $type ;
 	}
 
-	static function detect_qp(&$sting) {
-		$needle = '/(=[0-9][A-F])|(=[A-F][0-9])|(=[A-F][A-F])|(=[0-9][0-9])/';
-		return preg_match("$needle",$string);
+	static function detect_qp($string)
+	{
+		return preg_match('/(=[0-9][A-F])|(=[A-F][0-9])|(=[A-F][A-F])|(=[0-9][0-9])/', $string);
 	}
 
 	/**
@@ -6645,7 +6645,7 @@ class Mail
 		if ($_formData['size'] == 0 && parse_url($_formData['file'], PHP_URL_SCHEME) != 'vfs' && is_dir($_formData['file']))
 		{
 			$importfailed = true;
-			$alert_msg .= lang("Empty file %1 ignored.", $_formData['name']);
+			$alert_msg = lang("Empty file %1 ignored.", $_formData['name']);
 		}
 		elseif (parse_url($_formData['file'],PHP_URL_SCHEME) == 'vfs' || is_uploaded_file($_formData['file']) ||
 			realpath(dirname($_formData['file'])) == realpath($GLOBALS['egw_info']['server']['temp_dir']))
@@ -6661,7 +6661,7 @@ class Mail
 			// if we were NOT able to create this temp directory, then make an ERROR report
 			if (!file_exists($GLOBALS['egw_info']['server']['temp_dir']))
 			{
-				$alert_msg .= 'Error:'.'<br>'
+				$alert_msg = 'Error:'.'<br>'
 					.'Server is unable to access EGroupware tmp directory'.'<br>'
 					.$GLOBALS['egw_info']['server']['temp_dir'].'<br>'
 					.'Please check your configuration'.'<br>'
@@ -6738,7 +6738,7 @@ class Mail
 		} else {
 			//error_log("Import of message ".$_formData['file']." failes to meet basic restrictions");
 			$importfailed = true;
-			$alert_msg .= lang("Processing of file %1 failed. Failed to meet basic restrictions.",$_formData['name']);
+			$alert_msg = lang("Processing of file %1 failed. Failed to meet basic restrictions.",$_formData['name']);
 		}
 		if ($importfailed == true)
 		{
@@ -6905,7 +6905,7 @@ class Mail
 		if (empty($SendAndMergeTocontacts))
 		{
 			$importfailed = true;
-			$alert_msg .= lang("Import of message %1 failed. No Contacts to merge and send to specified.", '');
+			$alert_msg = lang("Import of message %1 failed. No Contacts to merge and send to specified.", '');
 		}
 
 		// check if formdata meets basic restrictions (in tmp dir, or vfs, mimetype, etc.)
diff --git a/api/src/Mail/Cache.php b/api/src/Mail/Cache.php
index 996786355a..16e9aff773 100644
--- a/api/src/Mail/Cache.php
+++ b/api/src/Mail/Cache.php
@@ -90,8 +90,6 @@ class Cache
 
     /**
      * Clears all data from the cache.
-     *
-     * @throws Horde_Cache_Exception
      */
     public function clear()
 	{
diff --git a/api/src/Mail/Credentials.php b/api/src/Mail/Credentials.php
index b551293087..091506be30 100644
--- a/api/src/Mail/Credentials.php
+++ b/api/src/Mail/Credentials.php
@@ -137,14 +137,14 @@ class Credentials
 	/**
 	 * Mcrypt instance initialised with system specific key
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	static protected $system_mcrypt;
 
 	/**
 	 * Mcrypt instance initialised with user password from session
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	static protected $user_mcrypt;
 
@@ -797,12 +797,12 @@ class Credentials
 			{
 				$iv_size = mcrypt_enc_get_iv_size($mcrypt);
 				$iv = !isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size ?
-					mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
+					mcrypt_create_iv ($iv_size, MCRYPT_DEV_RANDOM) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
 
 				$key_size = mcrypt_enc_get_key_size($mcrypt);
 				if (bytes($key) > $key_size) $key = cut_bytes($key,0,$key_size-1);
 
-				if (mcrypt_generic_init($mcrypt, $key, $iv) < 0)
+				if (!$iv || mcrypt_generic_init($mcrypt, $key, $iv) < 0)
 				{
 					error_log(__METHOD__."() could not initialise mcrypt, passwords can be NOT encrypted!");
 					$mcrypt = false;
diff --git a/api/src/Mail/Html.php b/api/src/Mail/Html.php
index 63efa8db7d..bf89a18f1b 100644
--- a/api/src/Mail/Html.php
+++ b/api/src/Mail/Html.php
@@ -83,7 +83,7 @@ class Html
 			}
 			if ($convertAtEnd) $string = self::decodeMailHeader($string, $displayCharset, $reclevel);
 		}
-		elseif(function_exists(mb_decode_mimeheader))
+		elseif(function_exists('mb_decode_mimeheader'))
 		{
 			$matches = null;
 			if(preg_match_all('/=\?.*\?Q\?.*\?=/iU', $string=$_string, $matches))
@@ -98,7 +98,7 @@ class Html
 			}
 			$string = mb_decode_mimeheader($string);
 		}
-		elseif(function_exists(iconv_mime_decode))
+		elseif(function_exists('iconv_mime_decode'))
 		{
 			// continue decoding also if an error occurs
 			$string = @iconv_mime_decode($_string, 2, $displayCharset);
diff --git a/api/src/Mail/Imap.php b/api/src/Mail/Imap.php
index 1b999a9254..494b039e92 100644
--- a/api/src/Mail/Imap.php
+++ b/api/src/Mail/Imap.php
@@ -233,7 +233,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	 * Check admin credientials and connection (if supported)
 	 *
 	 * @param string $_username =null create an admin connection for given user or $this->acc_imap_username
-	 * @throws Horde_IMAP_Client_Exception
+	 * @throws \Horde_IMAP_Client_Exception
 	 */
 	public function checkAdminConnection($_username=true)
 	{
@@ -265,7 +265,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	/**
 	 * Login to the IMAP server.
 	 *
-	 * @throws Horde_Imap_Client_Exception
+	 * @throws \Horde_Imap_Client_Exception
 	 */
 	public function login()
 	{
@@ -282,7 +282,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	/**
 	 * Allow read access to former public attributes
 	 *
-	 * @param type $name
+	 * @param string $name
 	 * @return mixed null for an unknown attribute
 	 */
 	public function __get($name)
@@ -413,7 +413,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 
 		// if not
 		// we can encode only from ISO 8859-1
-		return imap_utf7_encode($_folderName);
+		return function_exists('imap_utf7_encode') ? imap_utf7_encode($_folderName) : $_folderName;
 	}
 
 	/**
@@ -487,7 +487,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	/**
 	 * getSpecialUseFolders
 	 *
-	 * @return current mailbox, or if none check on INBOX, and return upon existance
+	 * @return ?string current mailbox, or if none check on INBOX, and return upon existance
 	 */
 	function getCurrentMailbox()
 	{
@@ -534,8 +534,8 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	/**
 	 * getMailboxCounters
 	 *
-	 * @param array/string $mailbox
-	 * @return array with counters
+	 * @param array|string $mailbox
+	 * @return array|false with counters
 	 */
 	function getMailboxCounters($mailbox)
 	{
@@ -564,7 +564,7 @@ class Imap extends Horde_Imap_Client_Socket implements Imap\PushIface
 	 * getStatus
 	 *
 	 * @param string $mailbox
-	 * @param ignoreStatusCache bool ignore the cache used for counters
+	 * @param bool ignoreStatusCache ignore the cache used for counters
 	 * @return array with counters
 	 */
 	function getStatus($mailbox, $ignoreStatusCache=false)
diff --git a/api/src/Mail/Imap/Cyrus.php b/api/src/Mail/Imap/Cyrus.php
index b9b44f1f44..28b615b4cd 100644
--- a/api/src/Mail/Imap/Cyrus.php
+++ b/api/src/Mail/Imap/Cyrus.php
@@ -178,7 +178,7 @@ class Cyrus extends Mail\Imap
 		$this->adminConnection();
 
 		// create the mailbox, with the account_lid, as it is passed from the hook values (gets transformed there if needed)
-		$mailboxName = $this->getUserMailboxString($_hookValues['account_lid'], $mailboxName);
+		$mailboxName = $this->getUserMailboxString($_hookValues['account_lid'], '');
 		// make sure we use the correct username here.
 		$username = $this->getMailBoxUserName($_hookValues['account_lid']);
 		$folderInfo = $this->getMailboxes('', $mailboxName, true);
@@ -218,7 +218,7 @@ class Cyrus extends Mail\Imap
 	 *
 	 * @param string $name
 	 * @param array $params
-	 * @throws Exception
+	 * @throws \Exception
 	 */
 	public function __call($name,array $params=null)
 	{
diff --git a/api/src/Mail/Imap/Iface.php b/api/src/Mail/Imap/Iface.php
index 10e8571f94..ac1c2193d7 100644
--- a/api/src/Mail/Imap/Iface.php
+++ b/api/src/Mail/Imap/Iface.php
@@ -119,7 +119,7 @@ interface Iface
 	 *
 	 * @param bool $_adminConnection create admin connection if true
 	 * @param int $_timeout =null timeout in secs, if none given fmail pref or default of 20 is used
-	 * @throws Exception on error
+	 * @throws \Exception on error
 	 */
 	function openConnection($_adminConnection=false, $_timeout=null);
 
@@ -155,7 +155,7 @@ interface Iface
 	 *
 	 * @param int|string $_euser nummeric account_id or imap username
 	 * @param string $_scriptName =null
-	 * @throws Exception on connection error or authentication failure
+	 * @throws \Exception on connection error or authentication failure
 	 * @return array
 	 */
 	public function getVacationUser($_euser, $_scriptName=null);
diff --git a/api/src/Mail/Script.php b/api/src/Mail/Script.php
index af4ef589cc..28fdf9823c 100644
--- a/api/src/Mail/Script.php
+++ b/api/src/Mail/Script.php
@@ -101,9 +101,8 @@ class Script
 		}
 
 		$script = $connection->getScript($this->name);
-		#print "<br>AAA: Script is ". htmlentities($script) ."<br>";
 
-		$lines = preg_split("/\n/",$script); //,PREG_SPLIT_NO_EMPTY);
+		$lines = explode("\n",$script);
 
 		$rules = array();
 		$vacation = array();
diff --git a/api/src/Mail/Sieve.php b/api/src/Mail/Sieve.php
index 5dded7a2a5..1575ece641 100644
--- a/api/src/Mail/Sieve.php
+++ b/api/src/Mail/Sieve.php
@@ -42,17 +42,17 @@ class Sieve extends Horde\ManageSieve
 	var $scriptName;
 
 	/**
-	* @var $rules containing the rules
+	* @var array $rules containing the rules
 	*/
 	var $rules;
 
 	/**
-	* @var $vacation containing the vacation
+	* @var array $vacation containing the vacation
 	*/
 	var $vacation;
 
 	/**
-	* @var $emailNotification containing the emailNotification
+	* @var array $emailNotification containing the emailNotification
 	*/
 	var $emailNotification;
 
@@ -201,7 +201,7 @@ class Sieve extends Horde\ManageSieve
 				try {
 					$this->scriptName = $this->getActive();
 				}
-				catch(Exception $e) {
+				catch(\Exception $e) {
 					unset($e);	// ignore NOTEXISTS exception
 				}
 				if (empty($this->scriptName))
diff --git a/api/src/Mail/Smime.php b/api/src/Mail/Smime.php
index bf1cac841d..c6e309a414 100644
--- a/api/src/Mail/Smime.php
+++ b/api/src/Mail/Smime.php
@@ -35,7 +35,7 @@ class Smime extends Horde_Crypt_Smime
 
 	/**
 	 * SMIME signature only types
-	 * @var type
+	 * @var string[}
 	 */
 	static $SMIME_SIGNATURE_ONLY_TYPES = array (
 		'application/x-pkcs7-signature',
@@ -165,7 +165,7 @@ class Smime extends Horde_Crypt_Smime
 		try
 		{
 			$this->checkForOpenSSL();
-		} catch (Exception $ex) {
+		} catch (\Exception $ex) {
 			error_log(__METHOD__."() openssl extension is not enabled! $ex");
 			return false;
 		}
@@ -224,8 +224,8 @@ class Smime extends Horde_Crypt_Smime
 	/**
 	 * Verify a signature
 	 *
-	 * @param type $message
-	 * @return type
+	 * @param string $message
+	 * @return \stdClass
 	 */
 	public function verifySignature($message)
 	{
@@ -275,8 +275,8 @@ class Smime extends Horde_Crypt_Smime
 	/**
 	 * Method to extract smime related info from credential table
 	 *
-	 * @param type $acc_id acc id of mail account
-	 * @param type $passphrase = '' protect private key by passphrase
+	 * @param int $acc_id acc id of mail account
+	 * @param string $passphrase = '' protect private key by passphrase
 	 * @return mixed return array of smime info or false if fails
 	 */
 	public static function get_acc_smime($acc_id, $passphrase = '')
diff --git a/api/src/Mail/Smtp.php b/api/src/Mail/Smtp.php
index 698d25658a..9748bfa154 100644
--- a/api/src/Mail/Smtp.php
+++ b/api/src/Mail/Smtp.php
@@ -47,7 +47,7 @@ class Smtp
 	/**
 	 * Reference to global account object
 	 *
-	 * @var accounts
+	 * @var Api\Accounts
 	 */
 	protected $accounts;
 
diff --git a/api/src/Session.php b/api/src/Session.php
index 44c0f9713e..de76de6319 100644
--- a/api/src/Session.php
+++ b/api/src/Session.php
@@ -435,9 +435,9 @@ class Session
 			}
 			$iv_size = mcrypt_enc_get_iv_size(self::$mcrypt);
 			$iv = !isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size ?
-				mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
+				mcrypt_create_iv ($iv_size, MCRYPT_DEV_RANDOM) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
 
-			if (mcrypt_generic_init(self::$mcrypt,$kp3, $iv) < 0)
+			if (!$iv || mcrypt_generic_init(self::$mcrypt,$kp3, $iv) < 0)
 			{
 				error_log(__METHOD__."() could not initialise mcrypt, sessions get NOT encrypted!");
 				return self::$mcrypt = false;
@@ -1701,7 +1701,7 @@ class Session
 	 * @param bool& $secure =null on return
 	 * @return string domain-name used (either configured one or current one with a leading dot eg. ".example.org")
 	 */
-	public function getCookieDomain(&$path=null, &$secure=null)
+	public static function getCookieDomain(&$path=null, &$secure=null)
 	{
 		if (empty(self::$cookie_domain) || empty(self::$cookie_path))
 		{
diff --git a/api/src/Session/Type.php b/api/src/Session/Type.php
index 830e34518e..e26b334250 100644
--- a/api/src/Session/Type.php
+++ b/api/src/Session/Type.php
@@ -34,7 +34,7 @@ class Type
 	 *
 	 * @param string $request_uri
 	 * @param string $currentapp
-	 * @param bolean $nologin =false true: return self::WEBGUI instead of self::LOGIN
+	 * @param boolean $nologin =false true: return self::WEBGUI instead of self::LOGIN
 	 * @return string see above constants
 	 */
 	public static function get($request_uri, $currentapp, $nologin=false)
diff --git a/api/src/Sharing.php b/api/src/Sharing.php
index 744ab049c7..99d17efa2f 100644
--- a/api/src/Sharing.php
+++ b/api/src/Sharing.php
@@ -48,7 +48,7 @@ class Sharing
 	/**
 	 * Reference to global db object
 	 *
-	 * @var Api\Db
+	 * @var Db
 	 */
 	protected static $db;
 
@@ -238,7 +238,7 @@ class Sharing
 	 * Check to see if the share needs a password, and if it does that the password
 	 * provided matches.
 	 *
-	 * @param Array $share
+	 * @param array $share
 	 * @param ?string $password default $_SERVER['PHP_AUTH_PW']
 	 * @return boolean Password OK (or not needed)
 	 */
@@ -261,7 +261,7 @@ class Sharing
 	 * to login
 	 *
 	 * @param boolean $keep_session
-	 * @param Array $share
+	 * @param array $share
 	 */
 	protected static function setup_share($keep_session, &$share) {}
 	/**
@@ -426,7 +426,7 @@ class Sharing
 
 	}
 
-	public function is_entry($share = false)
+	public static function is_entry($share = false)
 	{
 		list($app, $id) = explode('::', $share['share_path']);
 		return $share && $share['share_path'] &&
diff --git a/api/src/Storage.php b/api/src/Storage.php
index e8ae370e46..e461391c47 100644
--- a/api/src/Storage.php
+++ b/api/src/Storage.php
@@ -734,6 +734,7 @@ class Storage extends Storage\Base
 				elseif(is_int($name) && $this->is_cf($val))	// lettersearch: #cfname LIKE 's%'
 				{
 					$_cf = explode(' ',$val);
+					$tcf_name = '';
 					foreach($_cf as $cf_np)
 					{
 						// building cf_name by glueing parts together (, in case someone used whitespace in their custom field names)
diff --git a/api/src/Storage/Base.php b/api/src/Storage/Base.php
index b4931eaac3..fd2c384eef 100644
--- a/api/src/Storage/Base.php
+++ b/api/src/Storage/Base.php
@@ -137,7 +137,7 @@ class Base
 	/**
 	 * Current time in user timezone
 	 *
-	 * @var int|string|DateTime format depends on $this->timestamp_type
+	 * @var int|string|\DateTime format depends on $this->timestamp_type
 	 */
 	var $now;
 	/**
diff --git a/api/src/Storage/Base2.php b/api/src/Storage/Base2.php
index 37d334b9a6..b4ee4251c8 100644
--- a/api/src/Storage/Base2.php
+++ b/api/src/Storage/Base2.php
@@ -46,12 +46,10 @@ class Base2 extends Base
 	 *
 	 * @param string $app should be set if table-defs to be read from <app>/setup/tables_current.inc.php
 	 * @param string $table should be set if table-defs to be read from <app>/setup/tables_current.inc.php
-	 * @param Api\Db $db database object, if not the one in $GLOBALS['egw']->db should be used, eg. for an other database
+	 * @param ?Api\Db $db database object, if not the one in $GLOBALS['egw']->db should be used, eg. for an other database
 	 * @param string $column_prefix ='' column prefix to automatic remove from the column-name, if the column name starts with it
 	 * @param boolean $no_clone =false can we avoid to clone the db-object, default no
 	 * 	new code using appnames and foreach(select(...,$app) can set it to avoid an extra instance of the db object
-	 *
-	 * @return so_sql2
 	 */
 	function __construct($app='',$table='',Api\Db $db=null,$column_prefix='',$no_clone=false)
 	{
diff --git a/api/src/Storage/Customfields.php b/api/src/Storage/Customfields.php
index 460de329dd..26e64361be 100755
--- a/api/src/Storage/Customfields.php
+++ b/api/src/Storage/Customfields.php
@@ -47,7 +47,7 @@ class Customfields implements \IteratorAggregate
 	/**
 	 * Iterator initialised for custom fields
 	 *
-	 * @var ADORecordSet
+	 * @var \ADORecordSet
 	 */
 	protected $iterator;
 
@@ -169,7 +169,7 @@ class Customfields implements \IteratorAggregate
 	 * @param int|boolean $account =false Filter private for given account_id,
 	 *	false for current user or true for all the private fields be returned too, default current user
 	 * @param string $only_type2 =null if given only return fields of type2 == $only_type2
-	 * @return boolen true: if there is a custom field useing html, false if not
+	 * @return boolean true: if there is a custom field useing html, false if not
 	 */
 	public static function use_html($app, $account=false, $only_type2=null)
 	{
@@ -553,11 +553,11 @@ class Customfields implements \IteratorAggregate
 	 *
 	 * @param string $app Current application
 	 * @param string $entry_id Application ID of the new entry
-	 * @param Array $values Array of entry data, including custom fields.
+	 * @param array $values Array of entry data, including custom fields.
 	 *	File information from the VFS widget (via self::validate()) will be found &
 	 *	dealt with.  Successful or not, the value is cleared to avoid trying to insert it into
 	 *	the database, which would generate errors.
-	 * @param Array $customfields Pass the custom field list if you have it to avoid loading it again
+	 * @param array $customfields Pass the custom field list if you have it to avoid loading it again
 	 */
 	public static function handle_files($app, $entry_id, &$values, &$customfields = array())
 	{
diff --git a/api/src/Storage/Db2DataIterator.php b/api/src/Storage/Db2DataIterator.php
index ee04312e33..f7cbaa2df5 100644
--- a/api/src/Storage/Db2DataIterator.php
+++ b/api/src/Storage/Db2DataIterator.php
@@ -29,7 +29,7 @@ class Db2DataIterator implements \Iterator
 	/**
 	 * Instance of ADOdb record set to iterate
 	 *
-	 * @var \Traversible
+	 * @var \Traversable
 	 */
 	private $rs;
 
diff --git a/api/src/Storage/History.php b/api/src/Storage/History.php
index c297d44568..180aa9c49e 100644
--- a/api/src/Storage/History.php
+++ b/api/src/Storage/History.php
@@ -56,7 +56,6 @@ class History
 	 * Constructor
 	 *
 	 * @param string $appname app name this instance operates on
-	 * @return historylog
 	 */
 	function __construct($appname='',$user=null)
 	{
diff --git a/api/src/Storage/Merge.php b/api/src/Storage/Merge.php
index 9b64144a63..b5ab67ce3a 100644
--- a/api/src/Storage/Merge.php
+++ b/api/src/Storage/Merge.php
@@ -649,13 +649,15 @@ abstract class Merge
 		if (!($content = file_get_contents($document)))
 		{
 			$err = lang("Document '%1' does not exist or is not readable for you!",$document);
-			return false;
+			$ret = false;
+			return $ret;
 		}
 
 		if (self::hasExportLimit($this->export_limit) && !self::is_export_limit_excepted() && count($ids) > (int)$this->export_limit)
 		{
 			$err = lang('No rights to export more than %1 entries!',(int)$this->export_limit);
-			return false;
+			$ret = false;
+			return $ret;
 		}
 
 		// fix application/msword mimetype for rtf files
@@ -669,7 +671,8 @@ abstract class Merge
 		} catch (\Exception $e) {
 			_egw_log_exception($e);
 			$err = $e->getMessage();
-			return false;
+			$ret = false;
+			return $ret;
 		}
 		return $content;
 	}
@@ -680,7 +683,7 @@ abstract class Merge
 		{
 			$matches = null;
 			$mso_application_progid = $mimetype == 'application/xml' &&
-				preg_match('/'.preg_quote('<?mso-application progid="').'([^"]+)'.preg_quote('"?>').'/',substr($content,0,200),$matches) ?
+				preg_match('/'.preg_quote('<?mso-application progid="', '/').'([^"]+)'.preg_quote('"?>', '/').'/',substr($content,0,200),$matches) ?
 					$matches[1] : '';
 		}
 		// Tags we can replace with the target document's version
@@ -781,7 +784,7 @@ abstract class Merge
 	{
 		$matches = null;
 		if ($mimetype == 'application/xml' &&
-			preg_match('/'.preg_quote('<?mso-application progid="').'([^"]+)'.preg_quote('"?>').'/',substr($_content,0,200),$matches))
+			preg_match('/'.preg_quote('<?mso-application progid="', '/').'([^"]+)'.preg_quote('"?>', '/').'/',substr($_content,0,200),$matches))
 		{
 			$mso_application_progid = $matches[1];
 		}
@@ -862,7 +865,8 @@ abstract class Merge
 		if (count($ids) > 1 && !$contentrepeat)
 		{
 			$err = lang('for more than one contact in a document use the tag pagerepeat!');
-			return false;
+			$ret = false;
+			return $ret;
 		}
 		if ($this->report_memory_usage) error_log(__METHOD__."(count(ids)=".count($ids).") strlen(contentrepeat)=".strlen($contentrepeat).', strlen(labelrepeat)='.strlen($Labelrepeat));
 
@@ -899,7 +903,8 @@ abstract class Merge
 					break;
 				default:
 					$err = lang('%1 not implemented for %2!','$$pagerepeat$$',$mimetype);
-					return false;
+					$ret = false;
+					return $ret;
 			}
 		}
 		foreach ((array)$ids as $n => $id)
@@ -913,14 +918,16 @@ abstract class Merge
 				if(!($replacements = $this->get_replacements($id,$content)))
 				{
 					$err = lang('Entry not found!');
-					return false;
+					$ret = false;
+					return $ret;
 				}
 			}
 			catch (Api\Exception\WrongUserinput $e)
 			{
 				// if this returns with an exeption, something failed big time
 				$err = $e->getMessage();
-				return false;
+				$ret = false;
+				return $ret;
 			}
 			if ($this->report_memory_usage) error_log(__METHOD__."() $n: $id ".Api\Vfs::hsize(memory_get_usage(true)));
 			// some general replacements: current user, date and time
@@ -934,7 +941,7 @@ abstract class Merge
 			$replacements['$$time$$'] = Api\DateTime::to('now',false);
 
 			$app = $this->get_app();
-			$replacements += $this->share_placeholder($app, $id, $prefix, $content);
+			$replacements += $this->share_placeholder($app, $id, '', $content);
 
 			// does our extending class registered table-plugins AND document contains table tags
 			if ($this->table_plugins && preg_match_all('/\\$\\$table\\/([A-Za-z0-9_]+)\\$\\$(.*?)\\$\\$endtable\\$\\$/s',$content,$matches,PREG_SET_ORDER))
@@ -995,32 +1002,39 @@ abstract class Merge
 			{
 				case 'application/rtf':
 				case 'text/rtf':
-					return $contentstart.implode('\\par \\page\\pard\\plain',$contentrepeatpages).$contentend;
+					$ret = $contentstart.implode('\\par \\page\\pard\\plain',$contentrepeatpages).$contentend;
+					break;
 				case 'application/vnd.oasis.opendocument.text':
 				case 'application/vnd.oasis.opendocument.presentation':
 				case 'application/vnd.oasis.opendocument.text-template':
 				case 'application/vnd.oasis.opendocument.presentation-template':
-					return $contentstart.implode('<text:line-break />',$contentrepeatpages).$contentend;
+					$ret = $contentstart.implode('<text:line-break />',$contentrepeatpages).$contentend;
+					break;
 				case 'application/vnd.oasis.opendocument.spreadsheet':
 				case 'application/vnd.oasis.opendocument.spreadsheet-template':
-					return $contentstart.implode('</text:p><text:p>',$contentrepeatpages).$contentend;
+					$ret = $contentstart.implode('</text:p><text:p>',$contentrepeatpages).$contentend;
+					break;
 				case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document':
 				case 'application/vnd.ms-word.document.macroenabled.12':
 				case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet':
 				case 'application/vnd.ms-excel.sheet.macroenabled.12':
-					return $contentstart.implode('<w:br w:type="page" />',$contentrepeatpages).$contentend;
+					$ret = $contentstart.implode('<w:br w:type="page" />',$contentrepeatpages).$contentend;
+					break;
 				case 'text/plain':
-					return $contentstart.implode("\r\n",$contentrep).$contentend;
+					$ret = $contentstart.implode("\r\n",$contentrep).$contentend;
+					break;
+				default:
+					$err = lang('%1 not implemented for %2!','$$labelplacement$$',$mimetype);
+					$ret = false;
 			}
-			$err = lang('%1 not implemented for %2!','$$labelplacement$$',$mimetype);
-			return false;
+			return $ret;
 		}
 
 		if ($contentrepeat)
 		{
 			fwrite($content_stream, $contentend);
 			rewind($content_stream);
-			return stream_get_contents($content_stream);
+			$content = stream_get_contents($content_stream);
 		}
 		if ($this->report_memory_usage) error_log(__METHOD__."() returning ".Api\Vfs::hsize(memory_get_peak_usage(true)));
 
@@ -1502,7 +1516,7 @@ abstract class Merge
 					$account = $GLOBALS['egw']->accounts->read($values['#'.$field]);
 					$app_replacements[$field] = $this->contact_replacements($account['person_id']);
 				}
-				else if (($list = explode('-',$cfs[$field]['type']) && in_array($list[0], array_keys($GLOBALS['egw_info']['apps']))))
+				else if (($list = explode('-',$cfs[$field]['type'])) && in_array($list[0], array_keys($GLOBALS['egw_info']['apps'])))
 				{
 					// Sub-type - use app
 					$field_app = $list[0];
@@ -1784,7 +1798,8 @@ abstract class Merge
 				$mail_bo->openConnection();
 				try
 				{
-					$msgs = $mail_bo->importMessageToMergeAndSend($this, $content_url, $ids, $_folder=($this->keep_emails ? '' : FALSE));
+					$_folder = $this->keep_emails ? '' : FALSE;
+					$msgs = $mail_bo->importMessageToMergeAndSend($this, $content_url, $ids, $_folder);
 				}
 				catch (Api\Exception\WrongUserinput $e)
 				{
diff --git a/api/src/Storage/Tracking.php b/api/src/Storage/Tracking.php
index 12a522c375..7475dacf45 100644
--- a/api/src/Storage/Tracking.php
+++ b/api/src/Storage/Tracking.php
@@ -136,7 +136,7 @@ abstract class Tracking
 	 * Normally, just the notification class but for testing we pass in a mocked
 	 * class
 	 *
-	 * @var notification_class
+	 * @var string class-name
 	 */
 	protected $notification_class = notifications::class;
 
@@ -205,7 +205,6 @@ abstract class Tracking
 	 * Constructor
 	 *
 	 * @param string $cf_app = null if set, custom field names get added to $field2history
-	 * @return bo_tracking
 	 */
 	function __construct($cf_app = null, $notification_class=false)
 	{
diff --git a/api/src/Vfs.php b/api/src/Vfs.php
index d6d7d24382..f866913215 100644
--- a/api/src/Vfs.php
+++ b/api/src/Vfs.php
@@ -217,7 +217,8 @@ class Vfs extends Vfs\Base
 		{
 			if ($prop['name'] == $name && $prop['ns'] == $ns) return $prop;
 		}
-		return null;
+		$ret = null;
+		return $ret;
 	}
 
 	/**
@@ -1106,9 +1107,9 @@ class Vfs extends Vfs\Base
 	static function hsize($size)
 	{
 		if ($size < 1024) return $size;
-		if ($size < 1024*1024) return sprintf('%3.1lfk',(float)$size/1024);
-		if ($size < 1024*1024*1024) return sprintf('%3.1lfM',(float)$size/(1024*1024));
-		return sprintf('%3.1lfG',(float)$size/(1024*1024*1024));
+		if ($size < 1024*1024) return sprintf('%3.1fk',(float)$size/1024);
+		if ($size < 1024*1024*1024) return sprintf('%3.1fM',(float)$size/(1024*1024));
+		return sprintf('%3.1fG',(float)$size/(1024*1024*1024));
 	}
 
 	/**
diff --git a/api/src/Vfs/Filesystem/StreamWrapper.php b/api/src/Vfs/Filesystem/StreamWrapper.php
index b248dbfcc0..71634ceb79 100644
--- a/api/src/Vfs/Filesystem/StreamWrapper.php
+++ b/api/src/Vfs/Filesystem/StreamWrapper.php
@@ -73,7 +73,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
 	/**
 	 * stream / ressouce this class is opened for by stream_open
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	private $opened_stream;
 
@@ -87,7 +87,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
 	/**
 	 * directory-ressouce this class is opened for by dir_open
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	private $opened_dir;
 
@@ -272,7 +272,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
 	 *
 	 * If you have cached data in your stream but not yet stored it into the underlying storage, you should do so now.
 	 *
-	 * @return booelan TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
+	 * @return boolean TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
 	 */
 	function stream_flush ( )
 	{
@@ -390,8 +390,9 @@ class StreamWrapper implements Vfs\StreamWrapperIface
 		$recursive = (bool)($options & STREAM_MKDIR_RECURSIVE);
 
 		// find the real parent (might be more then one level if $recursive!)
+		$parent = null;
 		do {
-			$parent = dirname($parent ? $parent : $path);
+			$parent = dirname($parent ?? $path);
 			$parent_url = Vfs::dirname($parent_url ? $parent_url : $url);
 		}
 		while ($recursive && $parent != '/' && !file_exists($parent));
@@ -472,7 +473,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
 	 *
 	 * @param string $url URL that was passed to opendir() and that this object is expected to explore.
 	 * @param int $options
-	 * @return booelan
+	 * @return boolean
 	 */
 	function dir_opendir ( $url, $options )
 	{
diff --git a/api/src/Vfs/Links/StreamWrapper.php b/api/src/Vfs/Links/StreamWrapper.php
index fd7a4ac5b1..5590984483 100644
--- a/api/src/Vfs/Links/StreamWrapper.php
+++ b/api/src/Vfs/Links/StreamWrapper.php
@@ -231,7 +231,7 @@ class StreamWrapper extends LinksParent
 	 * Reimplemented, to NOT call the sqlfs functions, as we dont allow to modify the ACL (defined by the apps)
 	 *
 	 * @param string $path
-	 * @return array/boolean array with array('path'=>$path,'owner'=>$owner,'rights'=>$rights) or false if $path not found
+	 * @return array|boolean array with array('path'=>$path,'owner'=>$owner,'rights'=>$rights) or false if $path not found
 	 */
 	static function get_eacl($path)
 	{
@@ -365,7 +365,7 @@ class StreamWrapper extends LinksParent
 	 *
 	 * @param string $url URL that was passed to opendir() and that this object is expected to explore.
 	 * @param $options
-	 * @return booelan
+	 * @return boolean
 	 */
 	function dir_opendir ( $url, $options )
 	{
diff --git a/api/src/Vfs/Sharing/StreamWrapper.php b/api/src/Vfs/Sharing/StreamWrapper.php
index 2cadea7234..3cdb309069 100644
--- a/api/src/Vfs/Sharing/StreamWrapper.php
+++ b/api/src/Vfs/Sharing/StreamWrapper.php
@@ -45,7 +45,7 @@ class StreamWrapper extends Vfs\StreamWrapper
 
 			Api\Sharing::check_token(false, $share, $hash, $parts['pass'] ?? '');
 
-			return self::share2url($share);
+			return self::share2url($share, $rel_path);
 		}
 		catch (Api\Exception $e) {
 			_egw_log_exception($e);
@@ -60,7 +60,7 @@ class StreamWrapper extends Vfs\StreamWrapper
 	 * @return string
 	 * @throws Api\Exception\NotFound if sharee was not found
 	 */
-	static function share2url(array $share)
+	static function share2url(array $share, $rel_path='')
 	{
 		if (empty($share['share_owner']) || !($account_lid = Api\Accounts::id2name($share['share_owner'])))
 		{
@@ -80,7 +80,7 @@ class StreamWrapper extends Vfs\StreamWrapper
 	 * @param boolean $fix_url_query =false true append relativ path to url query parameter, default not
 	 * @return string|boolean false if the url cant be resolved, should not happen if fstab has a root entry
 	 */
-	static function resolve_url($url, $do_symlink = true, $use_symlinkcache = true, $replace_user_pass_host = true, $fix_url_query = false)
+	static function resolve_url($url,$do_symlink=true,$use_symlinkcache=true,$replace_user_pass_host=true,$fix_url_query=false, &$mounted=null)
 	{
 		return self::replace($url);
 	}
diff --git a/api/src/Vfs/StreamWrapper.php b/api/src/Vfs/StreamWrapper.php
index 09731c7f94..d12bdfdc9e 100644
--- a/api/src/Vfs/StreamWrapper.php
+++ b/api/src/Vfs/StreamWrapper.php
@@ -46,7 +46,7 @@ class StreamWrapper extends Base implements StreamWrapperIface
 	/**
 	 * stream / ressouce this class is opened for by stream_open
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	private $opened_stream;
 	/**
@@ -74,9 +74,9 @@ class StreamWrapper extends Base implements StreamWrapperIface
 	 */
 	private $opened_stream_is_new;
 	/**
-	 * directory-ressouce this class is opened for by dir_open
+	 * directory-resource this class is opened for by dir_open
 	 *
-	 * @var ressource
+	 * @var resource
 	 */
 	private $opened_dir;
 	/**
@@ -327,7 +327,7 @@ class StreamWrapper extends Base implements StreamWrapperIface
 	 *
 	 * If you have cached data in your stream but not yet stored it into the underlying storage, you should do so now.
 	 *
-	 * @return booelan TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
+	 * @return boolean TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
 	 */
 	function stream_flush ( )
 	{
@@ -879,7 +879,8 @@ class StreamWrapper extends Base implements StreamWrapperIface
 		}
 		if (self::LOG_LEVEL > 1) error_log(__METHOD__."('$path',$flags,'$url'): ".function_backtrace(1));
 
-		while (($rel_path = Vfs::basename($url).($rel_path ? '/'.$rel_path : '')) &&
+		$rel_path = null;
+		while (($rel_path = Vfs::basename($url).(isset($rel_path) ? '/'.$rel_path : '')) &&
 		       ($url = Vfs::dirname($url)))
 		{
 			if (($stat = $this->url_stat($url, 0, false, false)))
diff --git a/api/src/Vfs/StreamWrapperIface.php b/api/src/Vfs/StreamWrapperIface.php
index 0003086127..66bc5e27c2 100644
--- a/api/src/Vfs/StreamWrapperIface.php
+++ b/api/src/Vfs/StreamWrapperIface.php
@@ -114,7 +114,7 @@ interface StreamWrapperIface
 	 *
 	 * If you have cached data in your stream but not yet stored it into the underlying storage, you should do so now.
 	 *
-	 * @return booelan TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
+	 * @return boolean TRUE if the cached data was successfully stored (or if there was no data to store), or FALSE if the data could not be stored.
 	 */
 	function stream_flush ( );
 
@@ -188,7 +188,7 @@ interface StreamWrapperIface
 	 * This method is called immediately when your stream object is created for examining directory contents with opendir().
 	 *
 	 * @param string $path URL that was passed to opendir() and that this object is expected to explore.
-	 * @return booelan
+	 * @return boolean
 	 */
 	function dir_opendir ( $path, $options );
 
diff --git a/api/src/Vfs/UserContextTrait.php b/api/src/Vfs/UserContextTrait.php
index b57a3b12e9..9c6cf34fa3 100644
--- a/api/src/Vfs/UserContextTrait.php
+++ b/api/src/Vfs/UserContextTrait.php
@@ -94,7 +94,7 @@ trait UserContextTrait
 		// throw exception if stat array is used insead of path, can be removed soon
 		if (is_array($path))
 		{
-			throw new Exception\WrongParameter('path has to be string, use check_access($path,$check,$stat=null)!');
+			throw new Api\Exception\WrongParameter('path has to be string, use check_access($path,$check,$stat=null)!');
 		}
 
 		// if we have no $stat, delegate whole check to vfs stream-wrapper to correctly deal with shares / effective user-ids
diff --git a/api/src/Vfs/WebDAV.php b/api/src/Vfs/WebDAV.php
index 4bcd14af17..ca7a9e3aeb 100644
--- a/api/src/Vfs/WebDAV.php
+++ b/api/src/Vfs/WebDAV.php
@@ -577,7 +577,8 @@ class WebDAV extends HTTP_WebDAV_Server_Filesystem
 
 		// dont know why, but HTTP_WebDAV_Server passes the owner in D:href tags, which get's passed unchanged to checkLock/PROPFIND
 		// that's wrong according to the standard and cadaver does not show it on discover --> strip_tags removes eventual tags
-		if (($ret = Vfs::lock($options['path'],$options['locktoken'],$options['timeout'],strip_tags($options['owner']),
+		$owner = strip_tags($options['owner']);
+		if (($ret = Vfs::lock($options['path'],$options['locktoken'],$options['timeout'],$owner,
 			$options['scope'],$options['type'],isset($options['update']))) && !isset($options['update']))
 		{
 			return $ret ? '200 OK' : '409 Conflict';
@@ -714,7 +715,7 @@ class WebDAV extends HTTP_WebDAV_Server_Filesystem
 			//'DAV:sync-token' => 'sync-token',
 		);
 		$n = 0;
-		$collection_props = null;
+		$collection_props = $class = null;
 		foreach($files['files'] as $file)
 		{
 			if (!isset($collection_props))
@@ -734,7 +735,7 @@ class WebDAV extends HTTP_WebDAV_Server_Filesystem
 			}
 			$props = $this->props2array($file['props']);
 			//echo $file['path']; _debug_array($props);
-			$class = $class == 'row_on' ? 'row_off' : 'row_on';
+			$class = $class === 'row_on' ? 'row_off' : 'row_on';
 
 			if (substr($file['path'],-1) == '/')
 			{
@@ -852,7 +853,8 @@ class WebDAV extends HTTP_WebDAV_Server_Filesystem
 			}
 			if (is_array($prop['val']))
 			{
-				$prop['val'] = $this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs='', $ns_hash);
+				$ns_defs = '';
+				$prop['val'] = $this->_hierarchical_prop_encode($prop['val'], $prop['ns'], $ns_defs, $ns_hash);
 				// hack to show real namespaces instead of not (visibly) defined shortcuts
 				unset($ns_hash['DAV:']);
 				$value = strtr($v=$this->prop_value($prop['val']),array_flip($ns_hash));
diff --git a/api/src/WebDAV/Server.php b/api/src/WebDAV/Server.php
index 7f23c171e4..1fcd32416a 100644
--- a/api/src/WebDAV/Server.php
+++ b/api/src/WebDAV/Server.php
@@ -2747,7 +2747,7 @@ class HTTP_WebDAV_Server
      *
      * @param array $props
      * @param string $ns
-     * @param strin $ns_defs
+     * @param string $ns_defs
      * @param array $ns_hash
      * @return string
      */
diff --git a/api/src/WebDAV/Tools/_parse_proppatch.php b/api/src/WebDAV/Tools/_parse_proppatch.php
index f6f3fe18f6..54cb4d4a89 100644
--- a/api/src/WebDAV/Tools/_parse_proppatch.php
+++ b/api/src/WebDAV/Tools/_parse_proppatch.php
@@ -144,9 +144,9 @@ class _parse_proppatch
     /**
      * tag start handler
      *
-     * @param  resource  parser
-     * @param  string    tag name
-     * @param  array     tag attributes
+     * @param  resource $parser
+     * @param  string $name tag name
+     * @param  array $attrs tag attributes
      * @return void
      * @access private
      */
@@ -175,16 +175,14 @@ class _parse_proppatch
 
         if ($this->depth >= 4) {
             $this->current["val"] .= "<$tag";
-            if (isset($attr)) {
-                foreach ($attr as $key => $val) {
+            if (isset($attrs)) {
+                foreach ($attrs as $key => $val) {
                     $this->current["val"] .= ' '.$key.'="'.str_replace('"','&quot;', $val).'"';
                 }
             }
             $this->current["val"] .= ">";
         }
 
-
-
         $this->depth++;
     }
 
diff --git a/api/src/loader/deprecated_factory.php b/api/src/loader/deprecated_factory.php
index 62c5a58854..055c83cc61 100755
--- a/api/src/loader/deprecated_factory.php
+++ b/api/src/loader/deprecated_factory.php
@@ -20,8 +20,8 @@ use EGroupware\Api;
  * $GLOBALS['egw']->acl = CreateObject('phpgwapi.acl');
  *
  * @author RalfBecker@outdoor-training.de
- * @param $classname name of class
- * @param $p1,$p2,... class parameters (all optional)
+ * @param string $classname name of class
+ * @param mixed $p1,$p2,... class parameters (all optional)
  * @deprecated use autoloadable class-names and new
  * @return object reference to an object
  */
@@ -103,7 +103,7 @@ function CreateObject($class)
  * @deprecated use autoloadable class-names, instanciate and call method or use static methods
  * @return mixed reference to returnvalue of the method
  */
-function &ExecMethod2($acm)
+function ExecMethod2($acm)
 {
 	if (!is_callable($acm))
 	{
@@ -137,10 +137,10 @@ function &ExecMethod2($acm)
  * This function is used to create an instance of a class, and if the class file has not been included it will do so.
  *
  * @author seek3r
- * @param $method to execute
- * @param $functionparam function param should be an array
- * @param $loglevel developers choice of logging level
- * @param $classparams params to be sent to the contructor
+ * @param string $method to execute
+ * @param mixed $functionparam function param should be an array
+ * @param int $loglevel developers choice of logging level
+ * @param mixed $classparams params to be sent to the contructor
  * @deprecated use autoloadable class-names, instanciate and call method or use static methods
  * @return mixed returnvalue of method
  */
diff --git a/api/src/loader/security.php b/api/src/loader/security.php
index 50f4d8b135..06e8ca16dd 100755
--- a/api/src/loader/security.php
+++ b/api/src/loader/security.php
@@ -171,7 +171,7 @@ function php_safe_unserialize($str)
  *
  * @param string $str string with serialized array
  * @param boolean $allow_not_serialized =false true: return $str as is, if it is no serialized array
- * @return array|str|false false if content can not be unserialized (not null like json_decode!)
+ * @return array|string|false false if content can not be unserialized (not null like json_decode!)
  */
 function json_php_unserialize($str, $allow_not_serialized=false)
 {