diff --git a/include/functions.inc b/include/functions.inc
index 6217fa5d70c438fa063f0e6324d7c05b1972ef17..e67fdece15f71d8f4b2e097d9d87e91e1be1bb9a 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -885,7 +885,6 @@ function strict_uid_mode ()
 function gen_locked_message (array $locks, $dn, $allow_readonly = FALSE)
 {
   session::set('dn', $dn);
-  $remove = FALSE;
 
   /* Save variables from LOCK_VARS_TO_USE in session - for further editing */
   if (session::is_set('LOCK_VARS_TO_USE') && count(session::get('LOCK_VARS_TO_USE'))) {
@@ -937,11 +936,7 @@ function gen_locked_message (array $locks, $dn, $allow_readonly = FALSE)
   }
 
   $smarty->assign('dn', $msg);
-  if ($remove) {
-    $smarty->assign('action', _('Continue anyway'));
-  } else {
-    $smarty->assign('action', _('Edit anyway'));
-  }
+  $smarty->assign('action', _('Edit anyway'));
   $smarty->assign('message', sprintf(_("You're going to edit the LDAP entry/entries %s"), "<b>".$msg."</b>", ""));
   $smarty->assign('locks', $locks);
 
diff --git a/include/password-methods/class_passwordMethod.inc b/include/password-methods/class_passwordMethod.inc
index 31e3e19c893b044ac69ddef30e65f4f94f3d75d7..30a1b74d7bb3bbeb0d4f2aff9f1d55b3c5ad2829 100644
--- a/include/password-methods/class_passwordMethod.inc
+++ b/include/password-methods/class_passwordMethod.inc
@@ -167,7 +167,7 @@ abstract class passwordMethod
     /* Fill modification array */
     $modify = [];
     foreach ($userObject->by_object as $tab) {
-      if ($tab instanceof userTabLockingAction) {
+      if ($tab instanceof UserTabLockingAction) {
         $tab->fillLockingLDAPAttrs($mode, $modify);
       }
     }
diff --git a/include/php_setup.inc b/include/php_setup.inc
index 7740b87340ab9a50ef8c0fe85b2deaa795d9bca7..ff769d66b52880b39e880f2f535d09fd80a100be 100644
--- a/include/php_setup.inc
+++ b/include/php_setup.inc
@@ -340,11 +340,11 @@ $error_collector_mailto = "";
 set_error_handler('gosaRaiseError', E_WARNING | E_NOTICE | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_STRICT);
 set_exception_handler('fusiondirectoryExceptionHandler');
 
-$variables_order = "ES";
-ini_set("track_vars", 1);
-ini_set("display_errors", 1);
-ini_set("report_memleaks", 1);
-ini_set("include_path", ".:$BASE_DIR/include:".PHP_DIR.":".PEAR_DIR);
+$variables_order = 'ES';
+ini_set('track_vars',       '1');
+ini_set('display_errors',   '1');
+ini_set('report_memleaks',  '1');
+ini_set('include_path',     ".:$BASE_DIR/include:".PHP_DIR.':'.PEAR_DIR);
 
 /* Do smarty setup */
 require(SMARTY);
diff --git a/include/simpleplugin/attributes/class_FileAttribute.inc b/include/simpleplugin/attributes/class_FileAttribute.inc
index 429dcec3455b2602b2091d49e8bb93fb26b8954a..098e3988772c17a2cd6d2d98768fd54405da27f7 100644
--- a/include/simpleplugin/attributes/class_FileAttribute.inc
+++ b/include/simpleplugin/attributes/class_FileAttribute.inc
@@ -137,7 +137,7 @@ class FileAttribute extends Attribute
       return sprintf(_('Attribute %s is disabled, its value could not be set'), $this->getLdapName());
     }
     if ($this->binary) {
-      $data = base64_decode($value);
+      $data = base64_decode($value, TRUE);
       if ($data === FALSE) {
         return sprintf(_('Invalid base64 data for attribute %s'), $this->getLdapName());
       }
diff --git a/phpstan.neon b/phpstan.neon
index 40acfd635a7264022a74d27ffd4efc617921c78a..ea0e6fbb9894647eb2a1dd77ce61daeee4a4510d 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -1,3 +1,6 @@
+includes:
+  - phpstan-baseline.neon
+
 parameters:
   bootstrapFiles:
     - include/php_setup.inc
@@ -12,3 +15,6 @@ parameters:
     - simplePlugin
   excludes_analyse:
     - */class_sieve*.inc
+    - */localfiles/*
+    - */vendor/*
+    - */test/*
diff --git a/plugins/personal/generic/class_UserPasswordAttribute.inc b/plugins/personal/generic/class_UserPasswordAttribute.inc
index 9337e4951499c71444a27ceebf61dbc7357f1c76..230002399624549b4e8338156d0dd3af4b4764d3 100644
--- a/plugins/personal/generic/class_UserPasswordAttribute.inc
+++ b/plugins/personal/generic/class_UserPasswordAttribute.inc
@@ -190,7 +190,7 @@ class UserPasswordAttribute extends CompositeAttribute
     if (!empty($value) || ($this->plugin->initially_was_account && !$istemplate)) {
       if ($istemplate) {
         if ($value == '%askme%') {
-          return ['%askme%', '', '', $value, ($locked ? 'TRUE' : 'FALSE')];
+          return ['%askme%', '', '', $value, 'FALSE'];
         }
         list($value, $password) = explode('|', $value, 2);
       }
diff --git a/setup/class_setupStepMigrate.inc b/setup/class_setupStepMigrate.inc
index 468684220ec3375d2fa6c2049a3cb8c26d5c10a8..8ce431bdf021cca8e605ee04be3e094d6cffa387 100644
--- a/setup/class_setupStepMigrate.inc
+++ b/setup/class_setupStepMigrate.inc
@@ -851,10 +851,6 @@ class setupStepMigrate extends setupStep
         );
       }
     }
-
-    // Reload base OC
-    $this->checks['baseOC']->run();
-    return '';
   }
 
   function check_adminAccount_create (&$checkobj)