Harvard University

  • Docx File 295.34KByte



HSPH to upgrade on 6/8/2018REDCap v. 7.4.19 Full Release Notes (Upgraded from v6.5.15)Version 7.4.19 - (released 11/9/2017)BUG FIXES & OTHER CHANGES:Minor security fixes:?Some Cross-Site Scripting (XSS) vulnerabilities were found in various pages in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.Bug fix: When downloading a PDF of a data entry form with data, in which the user is downloading all forms for all records or all forms for a single record, it would mistakenly not display the locking/e-signature timestamps in the PDF. (Ticket #29915)Bug fix: When downloading a PDF of a survey response with data, on certain occasions it might mistakenly display incorrect survey completion timestamps in the PDF. (Ticket #29930)Bug fix: On the Record Status Dashboard when clicking on the form status stack icon (representing multiple repeating instances of a form or event) in a longitudinal project that has multiple arms, it might mistakenly not display the floating table of instances but instead would display a horizontal black line after clicking the icon. (Ticket #29927)Bug fix: In longitudinal projects using repeating events, the Record Home Page might mistakenly display some form status icons in the wrong column in the table for records that have more than one instance saved of a repeating event. (Ticket #30077)Bug fix: When one or more fields in a matrix contain certain special characters in their field label, it might prevent the "Edit Matrix of Fields" popup from being displayed after clicking the pencil icon on the Online Designer. (Ticket #30250)Bug fix: On certain occasions, rule E in the Data Quality module will mistakenly return discrepancies that have blank/null values, which should never be returned when running rule E. (Ticket #14976, #28576)Bug fix: If a Notes field is using the @READONLY action tag, the "expand" link displayed on the survey or form below the text box would mistakenly not work. (Ticket #30433)Bug fix: If a project is utilizing the randomization module, and the randomization field somehow already has a value saved for it prior to a given record being randomized, then it will now disable that field on the data entry form and prevent the record from being randomized. (Ticket #30427)Bug fix: If a project that has repeating instruments or repeating events is using the Data Resolution Workflow module, and a value is marked as Verified on the first instance of a repeating instrument/event, then if a value is changed on another instance of that instrument or event, respectively, then it would mistakenly De-verify the field on the first instance rather than on the current instance. (Ticket #30457)Bug fix: If a project that has repeating instruments or repeating events is using a Data Quality rule with Real-time Execution enabled, if the DQ rule finds discrepancies when saving a repeating instrument/event, in which the user is not on the first instance, then in the DQ discrepancy popup, it might mistakenly display some data values from the first instance of the instrument/event rather than from the current instance. (Ticket #30477)Bug fix: Fixed typo in "Branching Logic Errors Exist!" popupVersion 7.4.18 - (released 11/3/2017)BUG FIXES & OTHER CHANGES:Bug fix: The font size of any links that were placed in a survey's instructions, field labels, or acknowledgment text would appear too small if the survey was set with "Large" or "Very Large" text size.Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey, in which the CAT contains some multiple choice fields that have duplicate codings, it would mistakenly prevent the user from uploading the Data Dictionary. It should be ignoring duplicate codings in CATs.Bug fix: If a user is uploading a Data Dictionary containing a PROMIS CAT (computer adaptive test) survey and the user modified the Choices column for a CAT field in the Data Dictionary, it would mistakenly accept those changes and allow the Data Dictionary upload to proceed, thus corrupting the CAT's field metadata. This would not affect participants taking the CAT in any way (i.e., the survey would still appear correctly when taking it), but it might cause the CAT not to display correctly when a user views a participant's CAT response on a data entry form afterward.Bug fix: If a user enters data on a repeating instrument but fails to enter a value for a required field, and then the user clicks the "Ignore and go to next form" button in the "Some fields are required" prompt, in which the next form is also a repeating instrument, then it would mistakenly take the user to the next form but on the same instance number that the previous form was on, which may cause some instance numbers to get skipped on the second form. When clicking the "Ignore and go to next form" button, it should always take the user to instance #1 of the next form if the next form is a repeating instrument.Bug fix: Improving compliance with SMTP email servers by added a space after the "Cc:" and "Bcc:" email headers since some SMTP servers might reject emails sent from previous REDCap versions, which had no space in those headers. (Ticket #3943)Bug fix: When editing or adding a calc field in the Online Designer, it would mistakenly still show the results in the section "test calculation with a record" if that option had just been used for another calculated field that was being edited or added previously while on that page, thus mistakenly showing results that do not correspond to the current field being edited/added (Ticket #29682)Bug fix: When opening the Automated Survey Invitation setup popup in the Online Designer, if a particular ASI has been set as "inactive" beforehand, then when the popup opens, it would mistakenly display all the ASI setup options as blank as if it had never been set up before. (Ticket #29765)Bug fix: When the Project Modification Module displays a list of "fields to be deleted", it would mistakenly truncate the count of records/events that would be affected by the field being deleted. (Ticket #29770)Bug fix: If a user opens a data entry form on a repeating event, it would mistakenly never enable the Survey Options at the top right of the page, even if the form has been saved already. (Ticket #29857)Bug fix: When using Twilio telephony services for surveys and then opening the "Analyze surveys for SMS & Voice Calls" popup on the Project Setup page, it would incorrectly say that no surveys have been enabled (even though they have) if the user had failed to check at least one of the checkbox options under the "Choose survey invitations types to use" section in the Twilio configuration. (Ticket #18658)Bug fix: When adding/editing the logic for a Data Quality rule, in which the logic contains a "less than" (<) character followed immediately by a function name (e.g., round) - i.e., without a space between the "<" and the function name, then the rest of the logic would get truncated when displaying the logic in the table of Data Quality rules. (Ticket #30088)Version 7.4.17 - (released 10/25/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?If a user is in REDCap Messenger and using the "Search by person" option in the Search Conversations feature, then after selecting a username to search on, if the user being searched for has a conversation that has the *exact* same title as one of the current user's conversations' titles, then it would return the other user's conversation in the result (and mistakenly allow its messages to be viewed by the current user) even if the current user does not have access to that conversation. This bug is very rare since it requires using the "Search by person" option (as opposed to the "Search by keyword" option) while also requiring that both users have access to a conversation that is different but has the exact same title.Bug fix: Data Resolution Workflow popup dialog might mistakenly appear empty if some comments or logged events contain certain special characters. (Ticket #29391)Bug fix: The Record Home Page would not display some form status icons correctly for repeating instruments in which the first instance of the instrument does not exist - most likely because it was deleted at some point. (Ticket #28821)Bug fix: The tables of repeating instruments displayed at the bottom of the Record Home Page might not display in the correct order.Bug fix: If field labels contain certain special characters, then when creating/modifying a report, the auto-suggest feature when typing variable names in Step 2 or 3 would mistakenly not work. (Ticket #29354)Bug fix: Confusing text is mistakenly displayed for the instructions on the "Request delete project" button on the Other Functionality page in a project that is in production status. (Ticket #29355)Bug fix: Confusing text is displayed when in draft mode in a production project after a data dictionary has been uploaded. It now states explicitly that the changes have been made to the draft and thus have not been committed to the live version of the project. (Ticket #29430)Bug fix: The Publication Matching module would mistakenly treat a PI's email address as separate emails if it was found to be typed in different cases (lower vs upper) in different REDCap projects. This would cause some PIs to receive emails saying that they had publications to review in REDCap, but it would say "0 publications" when they clicked the link in the email to open the page. Note: While this should fix the issue going forward, it may not fix it for publications already pulled from PubMed for the PIs. (Ticket #29381)Bug fix: When submitting data on a data entry form or survey page, the server-side validation mistakenly does not check the values submitted for an "SQL" type field. (Ticket #29401)Bug fix: If a File Upload field has a file uploaded for it but also has the @READONLY action tag, the link to download the file would mistakenly be disabled, thus preventing users from downloading the file. The download link should be enabled to allow users to download the file. (Ticket #29484)Version 7.4.16 - (released 10/18/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?Automated Survey Invitations would mistakenly not get scheduled for longitudinal projects where the conditional logic contains datediff+today and also contains cross-event logic in which one of the events has no data (i.e., empty event of gray status icons). This same issue would also occur for custom Data Quality rules, in which it would mistakenly not return any discrepancies for records if the rule logic contains datediff+today and also contains cross-event logic in which one of the events has no data. (Ticket #28516)Minor security fix:?While REDCap already protects against BREACH attacks by outputting invisible random text of random length onto each web page, it was mistakenly not protected if 302 redirect requests inside REDCap were being analyzed. (This refers to the few scripts in REDCap that serve as a pass-through by outputting an HTTP 302 status code and merely redirect the user to another page.) To prevent BREACH attacks through analysis of REDCap's 302 redirects, it now outputs a new HTTP header with each request, in which the header's value is random text of random length. In this way, even 302 redirect requests will return with a random content-length each time.Bug fix: If a survey queue is set up in a longitudinal project, and then the event-form designations are modified afterward, it might mistakenly display some surveys in the survey queue that should not be displayed. (Ticket #28696)Bug fix: If a report is being sorted by the record ID field in descending order, and the project has record auto-numbering enabled but some of the record names are not numerical (because they were created via a data import or before record auto-numbering was enabled), then the report would fail to order the results correctly. This occurs because the report would falsely assume that all record names were numerical merely because record auto-numbering was enabled, in which case it would try performing a numerical sort, which does not work as expected with non-numerals. REDCap now only attempts to perform a numerical sort of the sort fields if the fields are truly numbers (i.e., have "number" or "integer" validation or are a slider or calc field).Bug fix: The cron job to trigger Automated Survey Invitations that have datediff+today in their conditional logic would stop suddenly if any ASI logic was syntactically incorrect, thus preventing other later ASIs in that same project from getting run. Additionally, the cron job might mistakenly be checking ASIs that had been disabled. (Ticket #28516)Bug fix: For longitudinal projects with multiple arms and with repeating instruments, on the Record Home Page or Record Status Dashboard when clicking on the form status "stack" icon for a repeating instrument with multiple instances saved, it would mistakenly not display the floating popup list of all the instances for that instrument but would instead display an empty box. (Ticket #28970)Bug fix: The Safari browser might mistakenly throw JavaScript errors on survey pages.Version 7.4.15 - (released 10/10/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?If a calculated field in a longitudinal project is using cross-event calculations, in which at least one of the fields in the calculation has a prepended event name (e.g., [enrollment_arm_1][field]) while also one of the fields does not have a prepended event name (e.g., [feld]), then even though the calculated value displayed on the form/survey appears correct prior to saving, the field might mistakenly get saved with a blank value when pressing the Save button. This would not be noticeable by the user when entering data but only seen in a report/export or when running Data Quality rule H. Note: This issue does not appear to affect Automated Survey Invitations, calculations performed during data imports, or Data Quality rule H, but it only occurs when saving data on data entry forms and surveys in this very specific scenario described above. To fix this issue after upgrading REDCap, the user can run Data Quality rule H in the project, or an administrator can use the "Find Calculation Errors in Projects" page in the Control Center to find any affected projects.Bug fix: If the PHP memory_limit configuration setting was set in units of "G" (for gigabytes) in the PHP.INI file, it would get interpreted incorrectly when attempting to increase PHP memory allocation.Bug fix: When printing out a survey containing responses where some "enhanced radio buttons and checkboxes" have been selected on the survey, it would be confusing in the printout as to which choice was selected. (Ticket #28111)Bug fix: Project pages would not render correctly due to JavaScript errors occurring on every page if the using Internet Explorer 8. (Ticket #28178)Bug fix: When viewing a read-only survey response on a data entry form (i.e., prior to clicking the "Edit response" button), if a calculated field's value changed when the page loaded, then if the user attempted to close the browser tab or clicked a link to navigate to another page, it would mistakenly prompt them with the "Save your changes?" dialog. It should only prompt them with that dialog if they were in edit mode for that survey response.Bug fix: When the Data History popup for a field on a data entry form, if two events for the field occurred at the same exact time, such as saving data with an auto-calculation event right after, those two events might mistakenly not be displayed in the correct order in the popup.Bug fix: When using Table-based authentication and a user is asked to set up their password recovery question, their email address would not get displayed correctly inside the prompt if their email address contains an apostrophe, in which this would prevent them from fully setting up their recovery question. (Ticket #28439)Bug fix: When a data export takes more time to complete than the set auto-logout time for REDCap, it would mistakenly prevent the data export from completing fully because the "Your REDCap session has expired" dialog would appear on the page even if the user is actively moving their cursor around or clicking on the page, which normally restarts the auto-logout timer to prevent the auto-logout from occurring while a user is still active on a page.Bug fix: When using the Data Resolution Workflow module in a project containing repeating instruments while also using Data Access Groups, some of the charts displayed on the the Resolution Metrics page, specifically "Number of open queries (by data access group)" and "Number of closed queries (by data access group)", would mistakenly display incorrect counts in the chart. This issue was supposed to have been fixed in the previous release but mistakenly was only partially fixed.Bug fix: If the Data Resolution Workflow (DRW) is enabled on a project, and a user has DRW user privileges but does not have Data Quality user privileges, then the "Data Quality" link would mistakenly be displayed on the left-hand menu. (Ticket #28514)Bug fix: When importing data via the Data Import Tool or API import records method, if a variable in the import mistakenly had some uppercase letters when all letters should be lowercase, the error message to the user would omit those uppercase letters when displaying the incorrect variable names to the user, thus making it difficult to understand the error message to learn what is wrong. (Ticket #28293)Version 7.4.14 - (released 10/2/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?If using "LDAP & Table-based" authentication and an LDAP user logs in to REDCap when a Table-based user account already exists under the same username (i.e., a username conflict), then the LDAP user would mistakenly get successfully authenticated into REDCap and would be able to view and access all the other user's projects as if they were the other user. This has been changed so that now if a username conflict occurs, in which a Table-based username is the same as a valid LDAP user's username, then when the LDAP user attempts to log in, REDCap will not allow them to log in but will give them an informational note about the username conflict and will recommend that they contact their local administrator about how to resolve the issue.Bug fix: If the Rate Limiter on the General Configuration page in the Control Center is set to "0" or a blank value, it would mistakenly ban the IP address of every user that attempted to use REDCap.Bug fix: In a multi-arm longitudinal project using the Scheduling module, in which a record has been scheduled for more than one arm, the "View or Edit Schedule" page's record drop-down list would mistakenly display the record only for a single arm rather than for all arms for which it had been scheduled.Bug fix: When exporting data to a statistical analysis package (i.e., SAS, SPSS, R, Stata), if the project contains Data Access Groups and also Repeating Instruments/Events, it would mistakenly list the DAG field and Repeating Instrument/Instance fields in the wrong order in the stats package's syntax file that gets generated. This would prevent users from loading the data into the stats package. (Ticket #27883)Bug fix: If a user fails to enter data for a required field that exists on a repeating event, then when the required field popup prompt is displayed, if the user clicks the "Ignore and go to next form" button, it would mistakenly redirect them to the first instance of the event rather than to the current instance. (Ticket #27891)Bug fix: When using the Data Resolution Workflow module in a project containing repeating instruments while also using Data Access Groups, some of the charts displayed on the the Resolution Metrics page, specifically "Number of open queries (by data access group)", "Number of closed queries (by data access group)", "Avg time to query resolution (by data access group)", and "Avg time for query response (by data access group)", would mistakenly display incorrect counts in the chart. (Ticket #27888)Bug fix: When viewing drafted production changes for a project on the Control Center's To-Do List page, if a user clicks the Compare button next to a multiple choice field that has been modified inside the popup, then when they close the popup (which is a popup inside a popup), it would also mistakenly close the whole To-Do List popup (the parent popup), thus causing the user to have to re-open it again. This issue has been fixed for Chrome, Safari, and IE 11. Note: There is currently no known way to fix this bug for Firefox or older versions of IE at this time, unfortunately. (Ticket #27915)Bug fix: If a Data Quality rule has been created and is set with the Real Time Execution (RTE) option, the DQ rule would fail to perform RTE on a data entry form if the form exists on repeating event, in which it would mistakenly not report any discrepancies that exist. This only occurs on repeating events but not on repeating instruments (Ticket #27960)Bug fix: If data from a Notes field is being piped into a label of another field, then if the text itself contains line breaks, that text would mistakenly have double line breaks for each single line break when exporting a PDF of the instrument with data. (Ticket #27983)Version 7.4.13 - (released 9/27/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?When using Automated Survey Invitations in a longitudinal project, under certain conditions ASIs with datediff+today would mistakenly not get evaluated, and thus invitations would not get scheduled/sent. This might have occurred with the second or more invitation for an instrument configured across more than one event between versions 7.4.0 and 7.6.6.Minor security fix:?When sending emails of any kind, REDCap now performs an extra validation on the From email address of the email being sent to ensure it is a valid email address, thus preventing any kind of injection by malicious users like those seen in the PHP mail issues CVE-2016-10033 and CVE-2016-10045.Bug fix: When logging into REDCap using a mobile device, the error message would mistakenly not display if an invalid username or password was entered, which could be confusing as to why the login failed. On non-mobile devices, the error message displays properly.Bug fix: When viewing surveys in the Safari browser in which the survey's "Size of survey text" is set to "Large", checkboxes and radio button fields would mistakenly not display correctly and would overlap one another a little.Bug fix: When using the Survey Login on a survey that has the "Save & Return Later" option disabled, it would mistakenly display the "Save & Return Later" at the bottom of the survey page if the participant had just logged in via Survey Login. (Ticket #27389)Bug fix: The Record Home Page and Record Status Dashboard could load unreasonably slowly for projects containing lots of fields, many of which have stored data values. (Ticket #27161)Bug fix: When clicking the "unlock all instruments" link on a multi-arm longitudinal project's left-hand menu while viewing a record belonging to an arm that is not on the first arm, it would mistakenly not unlock all the locked instruments for that record. (Ticket #27740)Bug fix: When piping data into a label, in which the data being piped contains text that looks similar to HTML tags but is not an actual HTML tag (e.g., "hello <123>"), the text inside the <...> would get mistakenly removed from the downloaded PDF file of the data collection instrument with data. (Ticket #27467)Version 7.4.12 - (released 9/22/2017)BUG FIXES & OTHER CHANGES:Minor security fix: A Blind SQL Injection vulnerability was found on the User Access Dashboard page in which a malicious user could potentially exploit it by manipulating the query string of an HTTP request.Minor security fix: Modified how files get deleted in a project's File Repository so that a POST parameter is used instead of query string parameter, which could subvert Cross-site Request Forgery (CSRF) protection.Bug fix: REDCap Messenger was mistakenly not disabled in public projects (i.e., having no authentication enabled). Because public projects do not utilize REDCap authentication and thus store session information differently than regular projects, REDCap Messenger will be permanently disabled from inside a public project.Bug fix: When the Data Resolution Workflow module is enabled in a project, and a user is viewing the DRW popup that details the history of a data query, if a user that contributed to that data query has since been deleted from the system, then it would display a blank value where their username would be in the popup history. It now says "[User deleted from system]" if the user has been deleted from the system since it is not possible to determine the username of the deleted user for that event. (Ticket #26835)Bug fix: When a respondent is viewing the Stats & Charts after completing a survey, the Download Image button would fail to download an image of the chart. (Ticket #27072)Bug fix: When the text-to-speech feature is enabled on a survey, clicking the speaker icon next to a survey question in order to have it speak the text would mistakenly cause the question choice to become selected/unselected for radio buttons and checkbox fields. (Ticket #27103)Bug fix: When downloading a data dictionary snapshot from the Project Revision History page, if the dictionary contained any UTF-8 encoded characters, then the snapshot might not open correctly in some CSV viewers, such as Microsoft Excel, in which those UTF-8 characters would get mangled and be unreadable, whereas the normal data dictionary download (i.e., non-snapshot CSV) would open correctly and could be viewed normally with no mangling of characters.Bug fix: The data import process (Data Import Tool or API) would mistakenly prevent users from importing a value for a checkbox field that has a negatively valued choice (e.g., "-1"), in which it displays an erroneous error. This appears to only occur in longitudinal projects. (Ticket #16235)Bug fix: When deleting a file for a File Upload field by 1) individually deleting it on a data entry form, 2) deleting the whole data entry form's data via the Delete button at the bottom of the form, or 3) deleting a whole event's data (longitudinal projects only) for a record on the Record Home page, it would mistakenly not remove the file from the REDCap server after 30 days, even though the file appears deleted to the user. All "deleted" files should remain on the server for 30 days, after which they are deleted by a cron job, but in these scenarios, the files would mistakenly stay on the server forever as orphaned from the records to which they were originally attached. (Ticket #27303)Version 7.4.11 - (released 9/13/2017)BUG FIXES & OTHER CHANGES:Bug fix: When viewing the Data History popup for a field, in which the record has been added to multiple arms in the project but was deleted from at least one arm, no data would be displayed in the popup for the field mistakenly.Bug fix: In certain rare cases on the Project Modification Module for multiple choice fields, the Compare button would mistakenly not parse the old/new choices correctly and give strange results displayed on the page and in the comparison popup.Bug fix: If a user clicks the Enter key on their keyboard while their cursor is in the report title text box on the Create New Report page, it would mistakenly open the User Access popup.Bug fix: For certain web server configurations, using the Create Custom Survey Link button on the Public Survey Link page might mistakenly not create a short link successfully.Bug fix: When attempting to upload a non-XML file on the CDISC ODM tab in the Data Import Tool page, it would mistakenly display an empty popup with no error text. (Ticket #26116)Minor security fixes: Some Cross-Site Scripting (XSS) and Blind SQL Injection vulnerabilities were found in the Calendar module and Online Designer, respectively, in which a malicious user could potentially exploit them by manipulating the query string of an HTTP request.Bug fix: In very specific use cases where a date or datetime field is utilized in a calculation to check if the date/time is blank or not blank, it might mistakenly not be able to parse the calculation correctly or (in some extreme cases) might result in an incorrect value. This would only occur if one of the following four scenarios exist inside an "if" statement's condition for a calculated field: 1) "...and [date]=''", 2) "...or [date]=''", 3) "...and [date]<>''", or 4) "...or [date]<>''".Bug fix: When using the API Import Records method using "eav" format and importing data into fields that exist on a repeating instrument, it might return an erroneous error stating that the values for 'redcap_repeat_instance' and 'redcap_repeat_instrument' were not provided, which is incorrect.Bug fix: When using both Repeating Instruments and Repeating Events in a project, on certain occasions the Record Home Page might mistakenly display a "stack" form status icon (representing multiple instances of data) for instruments that actually have no data. (Ticket #26094)Bug fix: If an SQL field has choices with values that contain commas, apostrophes, or quotes, then in some cases the drop-down might mistakenly not have the correct value pre-selected for the field when a data entry form or survey page is loaded, in which the field would appear blank with no option selected. (Ticket #26176)Bug fix: After scheduling a record in the Scheduling module, the "View or Edit Schedule" page might mistakenly display some HTML tags (e.g., "<br/>") inside the Notes column when viewing a record's schedule. (Ticket #26550)Bug fix: Exporting a PDF of an instrument that was downloaded from the REDCap Shared Library can cause a fatal PHP error if the project's "Character encoding for exported files" is set to "Japanese (Shift JIS)" or "Chinese (UTF-8)" on the "Edit A Project's Settings" page. (Ticket #26766)Bug fix: When entering certain YouTube video URLs as a Descriptive field's external video, it might mistakenly not parse the URL correctly, thus causing the video not to be playable on data entry form or survey. (Ticket #26672)Bug fix: After a REDCap administrator approves a production draft mode request, the To-Do List in the Control Center would mistakenly display the request time of the last production change for all the previous production changes that have been requested in the past for that one project. (Ticket #26635)Bug fix: If the record ID field in a project was used as a Survey Login field, it would malfunction and always get counted as correct during the login process, even if an incorrect value was entered by a participant. This would effectively allow participants to bypass the survey login if the record ID field was the only login field being used for survey login. To prevent this issue, the record ID field is now no longer allowed to be used as a survey login field. (Ticket #26456)Bug fix: When using the Double Data Entry module on a longitudinal project with multiple arms, if a user is DDE person #1 or #2, they would mistakenly see all records (across all arms) in the record list on the "Add/Edit Records" page, when instead they should only see the records that belong to the currently selected arm. (Ticket #26371)Bug fix: The Control Center text discussing where a project's grant number is displayed was incorrect and has been changed to "Name of grant to be cited (optional) - displayed when users export data". (Ticket #22780)Bug fix: If the REDCap server's PHP.INI configuration has the post_max_size variable set in units of gigabytes ("G") rather than megabytes ("M"), it might display an erroneous error on certain occasions saying that it has "exceeded the REDCap server's maximum submission size". (Ticket #26966)Version 7.4.10 - (released 8/23/2017)BUG FIXES & OTHER CHANGES:Bug fix: If a project contains one or more fields using the Biomedical Ontology functionality, and a user copies the project with all its records, then the Biomedical Ontology labels that were cached for the original project mistakenly do not get copied, which can cause the value to get accidentally erased on a data entry form or survey if a user places their cursor into the Biomedical Ontology field but does not re-enter the value. (Ticket #25451)Bug fix: On the Control Center's System Statistics page, the "Responded" count under "Survey invitations sent" might be slightly inaccurate. (Ticket #25361)Bug fix: Fixed typo on Locking Management page.Bug fix: If a user exceeds the maximum number of failed login attempts in a set period of time and thus gets temporarily locked out, it would mistakenly not allow them to log in even if an administrator had reset their password afterward. It would instead make them wait until after the lock-out window of time had elapsed before they could log in with their new password, which is incorrect and confusing. (Ticket #23516)Bug fix: In the add/edit user privileges popup on the User Rights page, where a user can click the "Explain these settings" link to open the "Settings pertaining to project records" popup, which that explains the Create Records, Rename Records, and Delete Records privileges, that popup contained information that was very outdated and no longer correct. That text has now been updated.Bug fix: When a user is viewing drafted changes in the Project Modification Module of a project in production status, if any multiple choice fields have had a choice re-labeled or had a choice removed, then when clicking the Compare button for the field, the record count in the Choices Change Summary popup would not have correct counts for choices listed as Unchanged, in which Unchanged choices would always mistakenly have "0" for "Number of records having this value". (Ticket #25851)Bug fix: When clicking the Create Custom Survey Link button on the Public Survey Link page in a project, some REDCap servers might have difficulty creating a custom link successfully because REDCap was making a call to? than? better compatibility, this has now been changed so that the https address is always called.Bug fix: When a user has been assigned to a Data Access Group (DAG) and is creating a new record, if record auto-numbering is disabled in the project and the user uploads a file for a File Upload field on a data entry form before clicking a Save button on the page to create the record, then if the user later leaves the page without saving their changes via a Save button, the record would mistakenly not get assigned to the user's DAG but would instead not belong to any DAG.Version 7.4.9 - (released 8/10/2017)BUG FIXES & OTHER CHANGES:Bug fix: When deleting a document that has been uploaded to a File Upload field on a survey, it would mistakenly display a box inside the field that asks the respondent to enter their survey access code. This only occurred on surveys and not on data entry forms.Bug fix: Changed "Content-type" header to "Content-Type" in the Message PHP class because some email tools do not function properly if that header is in a different case. (Ticket #25051)Bug fix: When viewing the Data Resolution Workflow's Resolve Issues page and exporting the dashboard table as a CSV file, it might mistakenly output HTML character codes (e.g., ') for apostrophes, quotes, and non-breaking spaces in the CSV file. (Ticket #24833)Bug fix: When clicking the "Unlock all instruments" link on a longitudinal project's left-hand menu after selecting a record, it would mistakenly only unlock the data entry forms in the current event being viewed rather than in all events for the record. Additionally, the "Lock all instruments" link on some occasions might mistakenly display an erroneous error message after being clicked. (Ticket #24861)Bug fix: If two-factor authentication is enabled, and a normal user logs into REDCap when the entire system has been taken offline (via the System Status setting on the General Configuration page), then it would mistakenly display the two-step login screen and an empty, malformed popup rather than displaying the offline message. (Ticket #25148)Change: Modified the explanation text for @NOW and @TODAY action tags for greater clarity with regard to their usage. (Ticket #24847)Bug fix: Line breaks inside field labels do not work well in Excel on Macs when downloading a data dictionary and then re-uploading it, in which the line breaks would often get doubled after re-uploading it into REDCap. Technically, it now replaces as carriage return+line feed characters with simply a line feed character to prevent this doubling effect. (Ticket #21681)Bug fix: On the Record Status Dashboard page in a project, a database query would sometimes fail specifically for MySQL 5.7 only, in which it would be unable to retrieve all the form status values to display for records on the page.Bug fix: When deleting a user-uploaded file on the File Repository page in a project, it would not successfully delete the file on certain occasions.Bug fix: If using the REDCap::getPDF() method inside a REDCap hook that gets called on a survey page, it would mistakenly force a PDF download on the page, in which the PDF would be corrupted and not able to be opened, instead of returning the contents of the PDF as a string to the hook. (Ticket #25198)Bug fix: On very specific and seemingly random occasions, a relatively long field label in a right-aligned field might not display correctly in the PDF download of the instrument, in which it would mistakenly display the label as one word per line rather than wrapping the text as expected. (Ticket #15336)Bug fix: When a field has branching logic that is dependent on another field that is hidden/displayed due to branching logic, if a field upstream on a form/survey has a value that is later changed, then all the chained branching logic on the page would mistakenly not cascade through all fields as it should, thus leaving some fields displayed that should be hidden.Version 7.4.8 - (released 8/4/2017)BUG FIXES & OTHER CHANGES:Bug fix: Fixed incorrect language in plugin/hook documentation for the REDCap::saveData() method. (Ticket #24619).Bug fix: When using the "Test calculation with a record" functionality for a calc field in the Edit Field popup in the Online Designer, it would mistakenly return a non-numerical value (rather than a blank value) in certain cases where an "if" statement is set to return a non-numerical value for a specified condition. It will now return "[No value]" instead. (Ticket #24612).Bug fix: When using a Custom Record Label for a project, in which the fields used in the Custom Record Label exist on a repeating instrument, it would mistakenly not pull those fields' data correctly, thus causing those fields to be blank in the Custom Record Label. In this case, it now pulls the data for those fields from the first instance of the repeating instrument. (Ticket #24610)Bug fix: On some occasions REDCap Messenger might mistakenly throw a JavaScript error if Messenger was initially closed when the page loaded but then was opened. This is due to AJAX synchronicity issues. (Ticket #24930)Bug fix: When entering an email address in certain email fields on Configuration pages in the Control Center, the field validation would reject email addresses that have newer domain names (e.g., rob@cabrini.technology). (Ticket #24686)Bug fix: If a field utilizes the @NOW or @TODAY action tag on a survey or data entry form, and that field's value is also piped somewhere on that page, then the field's value will mistakenly not get automatically piped when the page initially loads. (Ticket #24994)Version 7.4.7 - (released 7/27/2017)BUG FIXES & OTHER CHANGES:Minor security fix: The Bootstrap framework was upgraded to the latest version (3.3.7) due to a minor vulnerability in the framework.Bug fix: When using the Survey Auto-Continue feature for a set of surveys that exist on a Repeating Event in a longitudinal project, if a participant completes a survey, it would always mistakenly send them to the next survey in the first instance of the Repeating Event instead of sending them to that survey in the current instance of the Repeating Event. So their responses for the following surveys would not get stored in the correct instance of the Repeating Event.Bug fix: In some cases where date values might have trailing spaces (e.g., "2017-12-31 "), it would mistakenly cause the datediff() function to not always work correctly in calculated fields and in Automated Survey Invitation conditions, among other places where datediff() can be utilized. (Ticket #24243)Bug fix: If a user loads a survey page or data entry form, in which a required field already has a value at the time the page is opened, then if the value is removed and the page is saved, it would mistakenly give the required field prompt saying that the required field was left blank, which is incorrect.Bug fix: When repeating instruments have been enabled in a project, and some instances of a repeating instrument have been deleted for a given record, then when viewing the record on the Record Status Dashboard, the form status icon displayed in the table for the repeating instrument might be an incorrect color (e.g., blue stack icon instead of green stack icon). (Ticket #23370)Bug fix: When copying a project, in which the reports are copied but users/roles are not copied, if a report had custom user access set, then that same report in the new project would end up in a limbo state where it appears that all users can access it but mistakenly no one can access it (except users with Edit Reports privileges via the "My Reports & Exports" page). (Ticket #23918)Bug fix: When viewing the Data History popup for a field when viewing a record on a data entry form, if the record had been deleted in the past but later another record was created with the same record name, then it would mistakenly also display the logging for the deleted record in the Data History popup. (Ticket #24444).Bug fix: When using the datepicker/datetimepicker widget for setting the value of a text field, if the field has a min or max range validation set, then it would prevent the user from selecting a new month or year in the datepicker if the existing value in the field is currently out of range. This made it extremely difficult to use the datepicker well if range validation is used on the field. (Ticket #24049).Bug fix: When clicking the Compare button for a multiple choice field on the Draft Mode field comparison page, if a multiple choice option has a comma in its label, then the resulting popup comparing the choices would mistakenly truncate the choice label at the comma. (Ticket #24566).Version 7.4.6 - (released 7/18/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?In very specific scenarios, deleting a record in a project might mistakenly delete a scheduled survey invitation for a record with the same name in another unrelated project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom. (It was thought that the major bug fix listed in REDCap 7.4.5's release notes was responsible for this, but it was found not to be.)Bug fix: When entering the equation for a calc field in the Edit Field popup in the Online Designer, if the project is in Draft Mode while in production, then any fields referenced in the calculation that exist only in Draft Mode will cause the logic checker to mistakenly say "Error in syntax" right below the equation in the popup. (Ticket #23886)Bug fix: If viewing a survey that has "enhanced radio buttons and checkboxes" enabled, it would display a checkbox with Left/Horizontal alignment on the survey mistakenly as a single column of buttons rather than as two columns. Horizontally-aligned radios/checkboxes should always display as two columns of buttons, except on small mobile devices.Version 7.4.5 - (released 7/12/2017)BUG FIXES & OTHER CHANGES:Medium security fix:?A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link.Medium security fix:?A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger.Major bug fix:?On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom.Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forgery (CSRF) attacks by potential malicious users.Bug fix: When clicking the "Tell me more" link inside the Survey Login popup in the Online Designer, it would mistakenly display the hidden instructional text.Bug fix: When using the Data Dictionary Upload page to import a field that has a certain type of invalid branching logic, then it can mistakenly throw a fatal PHP error and prevent the file from successfully uploading rather than gracefully catching the error. (Ticket #23658)Bug fix: When exporting the REDCap XML file (containing metadata and data) on the Other Export Options page, that option's download icon's "title" attribute would mistakenly say "Download PDF with all data", which is incorrect. (Ticket #23674)Bug fix: The Data Dictionary upload process would mistakenly not catch the error where a min or max validation range is provided without a value for the field validation type. (Ticket #23440)Bug fix: When "enhanced radio buttons and checkboxes" are enabled on a survey, radio or checkbox fields that have vertical alignment were mistakenly not displaying their choices as one choice per line, which is what vertical alignment dictates, but instead they were displaying as two choices per line - except on mobile devices in which it always displays one choice per line. (Ticket #23748)Bug fix: When adding a custom Data Quality rule for a project in production, it might mistakenly return an error saying that the fields in the rule logic do not exist as real fields in the project. (Ticket #23515)Bug fix: For longitudinal projects with multiple arms in which the project has the Custom Record Label or Secondary Unique Field enabled, if a user views a calendar event that is attached to a record (either as an ad hoc calendar event or generated via the Scheduling module), then when viewing the calendar event in the popup, it would mistakenly only display the Custom Record Label or Secondary Unique Field for records in the first arm. For records existing only in other arms, the value would mistakenly be blank. (Ticket #23367)Bug fix: When repeating instruments have been enabled in a project, and some instances of a repeating instrument have been deleted for a given record, then when viewing the record on the Record Home Page, the form status icon displayed in the table for the repeating instrument might be an incorrect color (e.g., red stack icon instead of green stack icon). (Ticket #23370)Version 7.4.4 - (released 6/29/2017)BUG FIXES & OTHER CHANGES:New LTS branch based on REDCap 7.4.3 (Standard) + the bug fixes listed below.Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user or survey respondent uploading a specially designed file for a File Upload field (or manipulate the HTTP request during the upload process) on a survey page or data entry form.Bug fix: When clicking the "Add new" button on the Record Home Page to add a new repeating event for a record, if the event/form table is large enough on the page, the table may mistakenly disappear on certain occasions after clicking the button. (Ticket #23165)Bug fix: If a logged-in user knows how to manipulate a specific HTTP request to the REDCap server, they might be able to learn the project title of any given project.Bug fix: For longitudinal projects with multiple arms that utilize repeating instruments, if a record exists on more than one arm, the Record Home Page would mistakenly display the repeating instruments tables from other arms for that record.Version 7.4.3 - (released 6/22/2017)BUG FIXES & OTHER CHANGES:Improvement: When the Data Resolution Workflow module is enabled for a project, the Resolve Issues page now has an Export button to allow users to download the data resolution dashboard as a CSV file. The page also allows users to view "all status types" using the first filter drop-down in the dashboard table.Change: When designating instruments for events on a longitudinal project's "Designate Instruments for My Events" page, normal users will no longer be able to undesignated an instrument from an event if the project is in production (REDCap administrators will still be allowed to do this though). This is to protect users from mistakenly undesignating instruments after collecting data in production, which would orphan the data.Change/improvement: The Data Search feature on the "Add/Edit Records" page performs slightly better regarding the ranking of search results returned, in which it now lists exact word matches first in the list of results. Additionally, the Data Search feature now returns a maximum of 25 matching values, whereas previous versions returned a maximum of 15.Bug fix: A user might not receive email notifications regarding new REDCap Messenger messages if they have had Mobile App or API activity after logging out and then receiving new messages.Bug fix: When viewing a survey or data entry form on a tablet, in which an inline image attachment is displayed in a Descriptive field on the page, it would mistakenly display the image at a smaller size than expected if the image is larger than 250 pixels wide.Bug fix: When typing a calc equation, branching logic, report filer, etc. into a text box where it provides variable auto-suggestions, depending on the REDCap server configuration, it might mistakenly not display suggestions for fields but instead display an error message.Bug fix: When a project is in production but not in Draft Mode, it would mistakenly display the "REDCap Shared Library" button and "Check For Identifiers" link on the Project Setup page. (Ticket #22605)Bug fix: When exporting and re-importing a project XML file of metadata to create a new project, if any multiple choice fields have option labels that contain HTML tags, then all options for that field that do not contain HTML in their label would mistakenly get lost and would not appear in the newly created project. (Ticket #22610)Bug fix: When entering branching logic in the "Add/Edit Branching Logic" popup on the Online Designer, if the project is in production and in Draft Mode, then it would mistakenly report "Error in syntax" if the logic contains a variable name that is on a new instrument that exists in Draft Mode but not in the production version of the project. (Ticket #22604)Bug fix: When using the drag-n-drop option in the "Add/Edit Branching Logic", the operator drop-down was missing "<>" as an option. (Ticket #22596)Bug fix: When clicking the "reset" link for a radio button field on a data entry form or survey page, if fields immediately below to become visible due to branching logic after the link is clicked, then in certain cases the value of the radio button field would mistakenly not get reset.Version 7.4.2 - (released 6/13/2017)BUG FIXES & OTHER CHANGES:Bug fix: When clicking the "fetch" link for a user on the User Access Dashboard, in which the user has never accessed that particular project, the spinning icon would mistakenly continue to spin forever instead of displaying "never".Bug fix: When a participant is using the Survey Login feature to log in to a survey, it would mistakenly not display the survey instructions on the first survey page unless the "Save & Return Later" option had been enabled for the survey. It now always displays the instructions on the first page regardless. (Ticket #21646)Bug fix: When clicking the "fetch" link for a user on the User Access Dashboard, in which the user's username has an "@" sign in it (e.g., their username is their email address), the spinning icon would mistakenly continue to spin forever instead of displaying the timestamp or "never".Bug fix: When executing a rule on the Data Quality module, if the discrepancy results return fields whose field label text is not saved correctly (mangled encoding that results in a black diamond character), then the popup containing the discrepancies will mistakenly not open when the user clicks the "view" link for that rule.Bug fix: If a survey participant has clicked the button to change the survey font size at the top of the survey, and then they view a survey page where a drop-down field or text field is initially hidden by branching logic but is revealed later via branching logic on that page, the previously hidden field will mistakenly be very thin and almost invisible.Bug fix: If the Scheduling module is enabled in a project, it would mistakenly allow a user that does not have "Create Record" user privileges to create a new record if they click the "Generate Schedule" button without having selected a record from the "choose existing unscheduled" drop-down list. (Ticket #10111)Bug fix: When a participant is taking a PROMIS/Neuro-QoL survey (adaptive or auto-scoring only) for the first time ever for the REDCap server, it might mistakenly fail to auto-retrieve the PROMIS API keys if the REDCap server's institution name or grant funding text on the General Configuration page contains HTML tags. This would prevent the PROMIS service from functioning at all.Bug fix: When sorting projects in the My Projects list by clicking the Records or Fields header in the table, it would mistakenly not sort them correctly if the number contained a comma. (Ticket #21778)Bug fix: When executing Data Quality rule F in a project that has checkbox fields on Repeating Instruments, it might mistakenly display false positives as discrepancies for those checkbox fields. (Ticket #13555)Change/improvement: To allow text boxes to expand flexibly, an "Expand" link was added below the "Send confirmation email" message box on the Survey Settings and also below the User Comments text box on the Browse Users page when editing a user's account in the Control Center.Bug fix: If an "Account Manager" is searching for other users on a project's User Rights page or the Browse Users or Browse Projects pages in the Control Center, it would mistakenly not list suspended users in the results returned.Change: The "Review Drafted Changes" page in a production project now gives a bigger warning if a user is attempting to change the Record ID field's variable name after data collection has begun.Bug fix: If the survey confirmation email is enabled or if survey notifications are enabled for a given survey that is enabled as a repeating survey, it would mistakenly not send the emails if the survey has the "Before survey is completed" option set for the location of the repeating button on the survey page. (Ticket #22276)Bug fix: The Repeating Instrument tables displayed at the bottom of the Record Home Page for a project with Repeating Instruments might mistakenly display the tables in incorrect order.Bug fix: If a file is uploaded to a File Upload field on a data entry form or survey for an existing record, and then the link is clicked to download the file, it would only display "ERROR!", which is non-descriptive and confusing, whereas now it gives a more full error message stating that the form/survey must first be saved before the file can be downloaded. Also, if a file is uploaded and then deleted via the "Remove file" link, it would mistakenly display "ERROR!" in that field with no option to re-upload a field. Additionally, to be consistent with all this behavior, users will no longer be able to send the file via the Send-It button below it until the data entry form has first been saved and reloaded. (Ticket #22022)Bug fix: The drop-down list of records on the "Add/Edit Records" page would mistakenly display HTML tags if the Custom Record Label or Secondary Unique Field label contained HTML tags. (Ticket #22351)Bug fix: When importing data for checkbox fields via the Data Import Tool or API, in which the checkbox exists on a Repeating Instrument, it would mistakenly display an error saying that the value cannot be imported. (Ticket #22387)Bug fix: When viewing the My Projects page, Control Center, or other non-project pages, the top nav bar might mistakenly be displayed as two rows rather than one. (Ticket #22469)Change: Invitation reminders are now displayed by default in the Survey Invitation Log. In previous versions, the "Display invitation reminders?" checkbox would have to be checked in order to see the reminders. Not initially seeing the reminders would cause some users to mistakenly assume that nothing was scheduled.Change/improvement: When adding a secondary or tertiary email address to a REDCap user account, the language has been modified on the email verification page for greater clarity when the current logged-in user clicks the link and they are not the requester. This can happen sometimes when one user is authorizing another user to use their email address for their REDCap account's secondary or tertiary email. (Ticket #21780)Version 7.4.1 - (released 5/29/2017)BUG FIXES & OTHER CHANGES:Improvement:?If a record has any calendar events (included scheduled events) that will occur in the next 7 days, it will display a button above the table on the Record Home Page. The button will note how many calendar events there are for the current record in the 7 days, and when clicked, it will display the next 7 days worth of calendar events in agenda mode view.Improvement:?If a record has any survey invitations that are scheduled to be sent in the next 7 days, it will display a button above the table on the Record Home Page. The button will note how many upcoming invites are scheduled for the current record in the 7 days, and when clicked, it will display a table of the send time and survey title for the next 7 days worth of scheduled invites.Improvement:?When the Dynamic Data Pull (DDP) module is enabled for a project, it will now display a record's number of items to adjudicate when viewing the record on the Record Home Page, and additionally clicking the View button allows to user to adjudicate new items for the record on the Record Home Page.Improvement:?When the Dynamic Data Pull (DDP) module is enabled for a project, the DDP adjudication popup now displays a gray header for each data entry form of fields displayed in the popup. This makes it more clear to which form the fields belong.Bug fix: If the REDCap web server is running PHP 7.1, numeric survey access codes for Twilio telephony services could never be created and could cause some processes to go into infinite loops until the PHP script crashed. (Ticket #21169)Bug fix: When using Twilio telephony services and sending an SMS survey invitation for participants listed in the Participant List for the first instrument, it would mistakenly keep asking the participant for their survey access code via SMS after they initially replied back via SMS, thus preventing them from starting the survey. (Ticket #20303)Bug fix: If the 'records' parameter in the API "Delete Records" method is passed as a string instead of an array, it would mistakenly return a "1" for success, even though it did not delete any records. (Ticket #21424)Bug fix: When the cron job is running for the Publication Matching module, it might mistakenly throw a fatal PHP error and halt the cron job mid-way through completing in certain situations. (Ticket #21347)Bug fix: If a field used in the Survey Login has another field's value being piped into its field label, then the Survey Login screen would mistakenly not perform the piping. (Ticket #19610)Bug fix: When one of the "Number...comma as decimal" field validation types is used for a field that also has a field min/max range validation set, then when importing data into the field via Data Import Tool, it would display erroneous error messages saying that the value is out of range. (Ticket #20959)Bug fix: When using the designated survey email field on a survey, if a value is entered for the field, then the field would mistakenly be disabled on the survey page. It should only be disabling the field on the survey if the user entered the email address into the Participant List and if the user has also enabled the designated email field, which exists on that survey. This is done to prevent the email address in the Participant List and the email from the designated email field from getting out of sync. But it should not be disabling the field if the email value does not come from the Participant List. (Ticket #21504)Version 7.4.0 - (released 5/17/2017)NEW FEATURES, BUG FIXES, & OTHER CHANGES:Improvement: The generic field validation error message ("The value you provided could not be validated because it does not follow the expected format. Please try again.") has been improved, in which it now additionally displays "Required format:" and the name of the field validation (e.g., "Datetime (D-M-Y H:M)") in the error prompt so that there is no ambiguity about what the format should be.Bug fix: When calculated fields utilize date/datetime fields in certain ways, such as inside the condition of if() functions or comparing the date/datetime value to "" or "NaN", it can return an incorrect value on data entry forms (via JavaScript) or during a data import or Data Quality rule H (via PHP). (Ticket #21030)Bug fix: When searching for users in the Control Center on the Browse Users and Browse Projects pages, it would mistakenly not return suspended users in the search. (Bug emerged in REDCap 7.3.6.)Bug fix: Reports that use advanced logic containing datediff functions strung together with ORs (e.g., datediff(...)>6 or datediff(...)<40 ) would not return any matching records/events for the datediffs that contained one or both date parameters having blank/null values. This appears to only affect reports.Change/improvement: The password security questions for Table-based users have now had their language abstracted, so they are now translatable like other stock text in REDCap.Bug fix: If a survey instrument has fields from it being displayed in a report that is set to show the survey identifier and survey timestamp fields, in which that survey instrument is set to be a repeating instrument or is on a repeating event, then the survey identifier and timestamp fields would mistakenly only ever display a blank value instead of the real value in the report.Bug fix: In a project with Double Data Entry enabled, if a user is DDE user #1 or #2 and enters a page where DDE users are not allowed (e.g., Data Import Tool) and is thus presented with a yellow error message stating that the page is disabled, it would mistakenly make the links on the project's left-hand menu into dead links or will point to the wrong URL.Change: The font size of the text fields for Link Label and Link URL on the "Set up project bookmarks" page were too small.Change: On the API page in a project, for users that are not Administrators, it no longer displays a list of all users in the project who have API tokens. This is to adhere to a more conservative security policy. (Ticket #20048)Bug fix: Data Quality rule G would mistakenly return discrepancies for checkboxes that exist on an instrument set as a Repeating Instrument. (Ticket #19259)Bug fix: On the Record Home Page of a project that has repeating instruments, it would mistakenly display the table listing all instances saved for a repeating instrument even if the user does not have Data Entry user privileges to that particular instrument. It now no longer displays the table. (Ticket #20554)Bug fix: SQL fields were mistakenly not displaying on the "Stats & Charts" page. (Ticket #20195)Change/improvement: Added an optimized version of the cron job that checks all conditional logic in Automated Surveys Invitations that use "today" inside a datediff() function.Bug fix: When creating a Custom Record Status Dashboard with filter logic that returns no records, it would mistakenly display all the project's records in the dashboard table on the page. (Ticket #21103)Bug fix: If HTML tags are used in the Custom Record Label, then those tags will mistakenly be displayed at the top right corner of an exported PDF containing record data. It now strips out any HTML tags in the PDF for the Custom Record Label. (Ticket #21229)Bug fix: If creating a project using a Project XML file that contains a data collection instrument with no fields other than the Form Status field, that instrument would mistakenly not get created in the new project, and if longitudinal, will throw an error and prevent the project from even being created.Bug fix: When repeating events are enabled in a longitudinal project, if a user clicks the "Add new" button on the Record Home Page to add a new repeating event, then the column mistakenly does not duplicate correctly if the table is wide and employing floating table headers/column. (Ticket #20267)Bug fix: When renaming a Data Access Group on the DAG page, if the DAG name contains non-Latin characters, it would mistakenly not saved the DAG name correctly. (Ticket #20958)Bug fix: The "Order by another field" customization on the Project Setup page's "Additional customizations" popup was no longer working on the drop-down list of records on the Record Home Page. Bug emerged in version 7.0.0. (Ticket #15091)Bug fix: If a field utilizes the @DEFAULT action tag on a survey or data entry form, and that field's is also piped somewhere on that page, then the field's value will mistakenly not get automatically piped when the page initially loads. (Ticket #21288)Bug fix: Values for the fields "redcap_repeat_instrument" and "redcap_repeat_instance" would not get fully validated during a data import, thus causing the data to get mistakenly imported into non-repeating events/instruments and orphaning some of the data after the import completed. (Ticket #21100, #20028)Version 7.3.6 - (released 5/17/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?Specific usages of the "if" function in calc fields would cause opposite results for auto-calcs and for Data Quality rule H. This includes the usages below. (Ticket #17479, #18945, #17882)if ([field] = "NaN", ... , ...)if ([field] <> "NaN", ..., ...)if ([field] = "", ..., ...)if ([field] <> "", ..., ...)Change: The user auto-suggest on the User Rights page no longer returns suspended users when searching for users to add to the project.Change: The DataQuality::renderResolutionTable method was not checking for $_GET['assigned_user_id'] in resolve.php. (Ticket #20630).Bug fix: At the top of the data entry form when viewing a survey response, it would incorrectly list an API user as a contributor to that response when the API user has imported data values for *any* field for that record, not just fields on that particular survey instrument. It now only lists contributors who have modified values on that instrument. (Ticket #20452)Bug fix: When executing Rule C "Field validation errors (incorrect data type)" in the Data Quality module, it would mistakenly return false positives in the discrepancy list when there exist no fields in the project having field validation and also when there are no slider fields or calc fields.Bug fix: When sending multiple attachments in an email sent from a hook or plugin using the Message class in REDCap, it would mistakenly attach extra empty text files to the email for some email providers.Bug fix: The auto-generated unique event name for events in a longitudinal project might mistakenly begin or end with an underscore, which might cause erroneous errors when using a unique event name in report filter logic or in other similar logic. (Ticket #20301)Change/improvement: Alt text was added to the increase/decrease font images displayed at the top of the survey page. (Ticket #20577)Bug fix: The API Playground mistakenly displays a drop-down of events for the Delete Record method when it should instead display a drop-down of arms. (Ticket #20599)Bug fix: The data search on the Add/Edit Records page will mistakenly never return any results when searching over "All fields" when the REDCap web server is running PHP 7. (Ticket #20111)Bug fix: When renaming a record on the Record Home Page, it would mistakenly allow users to enter illegal characters in the record name, such as ampersands, apostrophes, plus signs, and pound signs. (Ticket #19719)Version 7.3.5 - (released 4/28/2017)BUG FIXES & OTHER CHANGES:Bug fix: If a survey has "Enhanced Radios and Checkboxes" enabled, and a radio or checkbox is selected by a participant on the survey page and then the field gets hidden by branching logic, then if the field later becomes visible again due to branching logic, it would mistakenly still seem to be selected even though it is not really selected. (Ticket #19034)Bug fix: If using the Online Designer's "Copy" button to copy an instrument containing a matrix of fields, it would mistakenly not append the specified suffix (e.g., "_v2") to the matrix group name but would instead append a random string of alpha-numeric characters. (Ticket #19333)Bug fix: If deleting an event of data on a record's Record Home Page, it would mistakenly not delete all the event data if the event contained one or more repeating instruments that had some data saved on non-first instances of the instrument. (Ticket #17694)Bug fix: If a user is locking all forms across all events on the Record Home Page for a record that has repeating events of data in a project with Repeating Events enabled, it would mistakenly not lock any empty forms (i.e., having a gray status icon) that exist on a repeating event, excluding the first repeating instance. Additionally, empty forms on repeating events (excluding the first repeating instance) were showing up as locked on the Record Home Page (i.e., having lock icon) even though they were not really locked. (Ticket #17615)Bug fix: When using the Scheduling module in a longitudinal project that contains repeating instruments, in certain cases a record might mistakenly not be displayed in the "choose existing unscheduled" drop-down on the Scheduling page, thus preventing the user from scheduling certain records. (Ticket #17272)Bug fix: When enabling the Survey Login feature in a multi-arm longitudinal project, if a record does not exist in an arm whose fields/events are specified as the login fields, then the survey login page would mistakenly display an error saying that the login form could not be displayed (and thus provide no way to log in to the survey). In this scenario, it should instead bypass the survey login form and display the survey page since the record exists in another arm as the specified login fields, thus the record should not be subject to it. (Ticket #18430)Bug fix: When using the Survey Queue and selecting the option to display the survey in the queue "when the following survey is completed", it was only checking to see if that instrument was completed as a survey. It should have also been checking if the instrument had been set to a Form Status of "Complete" on a data entry form, which is how Automated Survey Invitations have always behaved for this same setting. This was causing some surveys to show up as not having been completed in the participant's survey queue. (Ticket #15640)Bug fix: When using the Survey Queue and referencing a value from a repeating instrument inside the conditional logic for the survey queue item, it might mistakenly not display the survey in the queue or might show it as not having been completed when it was completed as a data entry form. (Ticket #15640)Bug fix: When viewing a tall multi-page report in a project, in which it utilizes the floating headers on the report table, if the user switches between pages of the report, it might mistakenly cause part of the table headers to suddenly appear below the page footer at the bottom. (Ticket #19676)Bug fix: When importing data via the Data Import Tool, if any error messages contain a comma in the text, it would mistakenly truncate the error message at the comma when displaying it on the page for the user.Version 7.3.4 - (released 4/21/2017)BUG FIXES & OTHER CHANGES:Improvement:?The redcap_repeat_instance and redcap_repeat_instrument values will now be sent as parameters for Data Entry Triggers. Note: If the current event/instrument is not a repeating event or repeating instrument, respectively, then these parameters will not be included in the DET request. (Ticket #18794)Improvement:?The repeat_instance parameter was added to the following hook functions: redcap_data_entry_form, redcap_data_entry_form_top, redcap_save_record, redcap_survey_complete, redcap_survey_page, and redcap_survey_page_top. NOTE: In order to utilize this new parameter in REDCap, you must add $repeat_instance as the last parameter in the function definition of the functions above in your hook functions file on your web server. (Ticket #18794)Improvement:?The repeat_instance parameter was added to the REDCap::getPDF() method for plugins/hooks. (Ticket #18794)Bug fix: When renaming a record on the Record Home Page, it would mistakenly not trim off any spaces accidentally added to the beginning or end of the new record name, thus leaving the record in a limbo state where it is not accessible in data entry forms and could not be deleted.Bug fix: If a text field that lacks integer or number validation has a trailing space in its value and is then used in the equation of a calculated field, the resulting calculation as seen on data entry forms and survey pages might mistakenly be incorrect, whereas data imports and Data Quality rule H would perform the calculation correctly. (Ticket #19037)Change: Added a "Cancel" button to the bottom of the Data Dictionary Upload page and Data Import Tool to more easily allow users to start over when halfway through the upload process. (Ticket #19035)Bug fix: In certain versions of Internet Explorer, the "Cancel" button would not work correctly and would mistakenly submit the form on the following pages: Copy Project page and Create/Edit Survey page. (Ticket #18996)Bug fix: When collapsing many repeating events on the Record Home Page (by clicking the left/right arrow button), then uncollapsing them, then repeating this process several times, the user's browser may get bogged down and crash. And it may even mistakenly ban the user's IP address from REDCap, after which they would have to be unbanned.Bug fix: When exporting data to a stats package (e.g., SPSS, SAS, R, Stata) for a project that contains repeating events or repeating instruments, if the report being exported does not include any fields from a repeating event or repeating instrument, then the fields listed in the stats package's syntax file might not line up with the fields contained in the resulting CSV data file, thus making it impossible to load the data into the stats package. (Ticket #18996)Change: The Configuration Check page in the Control Center now recommends that you upgrade to PHP 5.4.0 or higher if you are currently running PHP 5.3 on your REDCap web server. It notes that while most of REDCap's functionality works fine with PHP 5.3, it has shown to provide inconsistencies on rare occasions when evaluating particular types of equations for calculated fields. So for better performance and accuracy, it is recommended that you upgrade to PHP 5.4.0 or higher.Change/improvement: When using both Data Access Groups and Double Data Entry in a single project and merging two records that both belong to the same DAG, previous versions did not automatically assign the merged third record to the same DAG. It now automatically assigns the new third record to the same DAG in that case. (Ticket #18767)Bug fix: When the Data Resolution Workflow module is enabled, and a user attempts to respond to an open query by uploading a file, the file would mistakenly fail to upload.Bug fix: When the Data Resolution Workflow module is enabled, and a user enters a value for a field that has an open query, which causes the "Save and then open Data Resolution Pop-up" button to appear, if the button is clicked on a repeating instrument or on a repeating event, then it would mistakenly redirect the user back to the first instance of the data entry form (rather than the current instance) after successfully saving the form's data.Version 7.3.3 - (released 4/13/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?When viewing the Record Home Page for a record, in which the main table on the page is wide enough or tall enough that it invokes the floating header or floating first column, then if the user clicks the down arrow button on the main table to collapse it, it might mistakenly not be possible for the user to uncollapse the table, even after refreshing the page, thus making it impossible to navigate fully throughout a record. (Ticket #18819)Change: On certain rare occasions, the table displayed on the Record Home Page, on the Record Status Dashboard, on the Designate Instruments For My Events page, and on all reports might not display properly but might have its columns or rows appear misaligned in some way, thus making it difficult to view the table or navigate it well. If this occurs, users can now disable the floating table headers for that table/page in that specific project (and have it remember that choice) by clicking the "Table not displaying properly?" link that is now displayed near the top right of the table. It will also have a [?] link to click, which opens a popup with an explanation of what it means to disable that functionality. (Ticket #18822)Bug fix: When performing a data export to SAS or SPSS, in which some fields in the export data set have "datetime" or "datetime w/ seconds" field validation, those fields would mistakenly not get added to the syntax file produced for both SPSS and SAS. Bug emerged in REDCap 7.3.1 (Standard). (Ticket #18579)Bug fix: When viewing the popup for setting up Repeatable Instruments/Events on the Project Setup page, if the project is longitudinal and a custom label is set for a repeating instrument, then when the popup is reopened later after saving, it might mistakenly display one of the custom labels for that instrument in every event, rather than just in the event in which it was specified. This won't change anything in how the custom labels are implemented unless the values are re-saved after initially saving though.Bug fix: In a longitudinal project with repeating events enabled, if a user adds data for several repeating events, in which one of the instruments on a repeating event has a gray status icon, then the corresponding icon(s) for that instrument/event for that record would not display correctly on the Record Status Dashboard, such as displaying a gray status icon when it should display a red stack status icon. (Ticket #18073)Bug fix: When viewing the popup for the Data Resolution Workflow on a repeating instrument, the table rows that show the data value changes for the field in the popup would mistakenly always show the first instance's data, not the current instance of the repeating instrument. (Ticket #18873)Version 7.3.2 - (released 4/6/2017)BUG FIXES & OTHER CHANGES:Change: In REDCap 7.3.1 (Standard), the Codebook page required Project Setup/Design privileges to view it, although in previous versions it did not require any special user privileges in order to view the page. However, due to good arguments made against the change in 7.3.1, the change has been reverted, and the Codebook will now be fully viewable to all users in the project just as it was in versions prior to 7.3.1.Improvement: On the Logging page in projects that have Data Access Groups, a user that is not assigned to a DAG will be able to filter the logging results by records in a DAG. Below the "Filter by record" drop-down at the top, it will display a "Filter by records in a DAG" drop-down that is viewable only by users not currently assigned to a DAG.Bug fix: If an apostrophe exists in the name of a User Role, then the role could not be edited when clicked on the User Rights page. It would instead mistakenly throw a JavaScript error.Bug fix: When exporting a PDF of a data entry form with data, in which the form is enabled as a repeating instrument, if a checkbox field on the instrument has branching logic, it might mistakenly not display the checkbox in the PDF when it should be displayed. (Ticket #17621)Bug fix: When deleting an event of data for a repeating event on the Record Home Page in a longitudinal project, it would remove the event instance from the Record Home Page, but the event instance would mistakenly still appear in reports and data exports. (Ticket #17859)Bug fix: The bug fix in REDCap 7.3.0 LTS that dealt with the usage of "" and "NaN" in calc fields mistakenly did not get incorporated into the Data Quality rule H and auto-calc implementation of calculated fields (via PHP), but it only got incorporated into the JavaScript-fired calculations on data entry forms, thus causing erroneous results to appear when executing Data Quality rule H for very specific cases where >"" or ="" were used in a calculation. (Ticket #17882)Bug fix: When enabling Twilio telephony services in a project and ensuring that the Request Inspector has been disabled for that Twilio account, it would mistakenly fail and never allow the user to enable Twilio services for that project. This was due to a recent change in Twilio's API methods. (Ticket #18040)Bug fix: When data quality rules have very long logic, they can take up an inordinate amount of the page, making it very difficult to view or execute several at once. (Ticket #17548)Bug fix: When moving a project to production and opting to delete all data, it mistakenly says that it will also delete all data dictionary snapshots, which is not correct. All data dictionary snapshots will be preserved. The text will be corrected. (Ticket #17785)Bug fix: "MySQL over SSL" is now fully supported. In previous versions, it would fail to connect in certain instances, such as if using a self-signed SSL certificate or if using Table-based authentication.Bug fix: When saving data in a hook or plugin using the REDCap::saveData method, if the event name field is not included when saving data for a longitudinal project, then it would appear to save the data to the first event of the record, but the record would not show up in any record lists if the record did not exist beforehand. (Ticket #17881)Bug fix: HTML tags were mistakenly not being interpreted but were being displayed as-is for the institution name and organization name in project, as well as any custom text displayed at the top of the project home page, the top of data entry forms, and the top of Record Home page (Ticket #17912)Bug fix: When executing a custom Data Quality rule containing fields in a project that has repeating events/instruments enabled, in which the fields utilized in the rule's logic are not located on a repeating event/instrument, it might mistakenly return duplicate discrepancies in the results.Bug fix: When using the "Copy" instrument action on the Online Designer, if the first field in the instrument has a section header above it, that section header would mistakenly not get copied into the new instrument.Bug fix: When a longitudinal project has long event names that have non-Latin characters in their name, it may mistakenly throw an error when attempting to create a new project using the project's XML metadata file. (Ticket #17055)Bug fix: When a project with surveys has already sent out survey invitations (excluding public survey links) to participants, and then records were later deleted via the "Erase All Data" option or by deleting all records when moving the project to production, the records' survey links would mistakenly still be active and could be used by the participant (even though the record no longer exists in the project), which would create a new record. (Ticket #17457)Bug fix: When a user is requesting that an administrator move their project to production, the confirmation popup that the user sees mistakenly displays a blank space inside parentheses when it should be displaying the user's email address there. (Ticket #18197)Bug fix: When a user downloads an Instrument Zip file for an instrument on the Online Designer, certain server configurations would result with an error and not export the zip file successfully due to GZIP HTTP compression being enabled by mistake for that particular process. (Ticket #18094)Bug fix: When using the "Time Limit for Survey Completion" feature on a survey, the link icon in the Participant List would mistakenly still be displayed even if the participant's link had already expired.Bug fix: When using the "Time Limit for Survey Completion" feature on a survey, the "Link Expiration" column might mistakenly not appear in the Participant List or the column might not properly display any icons if the time limit for the survey was set using only minutes (i.e., the days and hours text boxes were left blank).Bug fix: When exporting a PDF of an instrument with data, in which data is being piped into text on that instrument and the data contains line breaks/carriage returns, it might mistakenly display a rectangular symbol in the PDF at the beginning of each line of the piped data. (Ticket #17947)Bug fix: On the Logging page in a project, if a user has set the time range filters at the top, and then changes the "Displaying events (by most recent)" option, it would mistakenly reset the time range filters back to blank values. (Ticket #18057)Bug fix: When changing the time of a scheduled survey invitation on the Survey Invitation Log, it would mistakenly not always update the new date/time with the updated time submitted. (Ticket #17791) Abstract survey invitation language – linkBug fix: In a longitudinal project that contains multiple arms, survey participants from another arm might mistakenly be displayed when viewing a survey/event's Participant List that belongs to a different arm. It will now no longer display participants from other arms. (Ticket #18354)Bug fix: When adding a matrix of fields via the Online Designer for an instrument that does not yet have any fields, if the project is in production in Draft Mode, then the new matrix might mistakenly not display at all on the Online Designer or the data entry form until either a new field is added to the instrument or until a data dictionary is uploaded. (Ticket #16871)Bug fix: When the Project Notes text is very long for a given project, the text can sometimes render outside its black box when displayed on the My Projects page. (Ticket #17414)Bug fix: When importing data via Data Import Tool or API for a project that has Data Access Groups, in which the data being imported contains the field redcap_data_access_group, it might mistakenly throw an error stating that the unique DAG name is not valid when it actually is. (Ticket #18087)Bug fix: For certain server configurations, in a longitudinal project with repeating events enabled, it might mistakenly think that some of a record's repeating events have repeating instruments within them (showing a stacked status icon inside a repeating event column), which is not possible. (Ticket #17596)Post-release fix: For REDCap web servers running PHP 5.3, some components of the Repeating Instruments/Events do not work correctly in longitudinal projects. In the setup of repeating instruments/events on the Project Setup page, it would mistakenly display the letter "W" inside the custom label text box if a longitudinal event has been selected as a repeating event. Also, the Record Home Page for a given record would mistakenly display the stack status icon for instruments in a repeating event, which is very confusing, when it should only ever display that icon for a repeating instrument. These issues only arise for longitudinal projects and only when running PHP 5.3.Version 7.3.1 - (released 3/17/2017)BUG FIXES & OTHER CHANGES:Improvement: When creating/editing reports in projects that have repeating instruments, a new option has been added to Step 3 (filtering): "Show data for all repeating instruments for each record returned?". This option is very similar to the "Show data for all events for each record returned" option found when editing reports in longitudinal projects in which it applies record-level filtering as opposed to row-level filtering ("row" referring to the rows in the report table displayed). This new option provides greater precision for controlling filters used on data in repeating instruments. For example, if a filter references a field from a non-repeating instrument, then it might filter out all data from repeating instruments and thus not display them in the report, which could be confusing. But with this option checked, it will return all repeating instances (as separate rows) for any record that matches that filter. In this way, it allows you to apply the filter to non-repeating fields while still including fields from repeating instruments in your report. This was not possible in previous REDCap versions.Change: When deleting a project while in production, if the project contains no records, it will delete the project immediately rather than sending a request to the REDCap Administrator to delete it. In previous versions, an Administrator would have to delete production projects regardless of whether the project contained records or not.Bug fix: Removed all instances of the PHP function set_magic_quotes_runtime() and get_magic_quotes_runtime() because they are deprecated in PHP 7.0 and later. (Ticket #16893)Change: Added a note in the "Compose survey invitation" popup on the data entry form to make users aware that if they manually enter an email address into the "To" field for the survey invitation, it is a one-time use only and that any other invitations sent out at other times will instead go to the email address found in the Participant List for that participant. No functionality has changed regarding this, but some users were not aware of this behavior.Change: When exporting data to Stata, it now uses syntax for newer versions of Stata. This also includes declaring datetimes more properly than in previous versions of REDCap. (Ticket #13531)Bug fix: The API Playground might mistakenly allow the user to make rapid sequentially requests to the server by holding down the up/down arrow on the multi-select fields on the page. Also, for the Import Records method on the API Playground, the "Update" link has been removed, in which the "data" parameter is now updated when the user leaves the Data field instead, because users were not aware that the "Update" link had to be clicked at all, which caused lots of confusion.Bug fix: When exporting data in CDISC ODM (XML) format on the "Data Exports, Reports, and Stats" page, if any "File Upload" fields are included in the data set but they do not have a file uploaded for them, then it would mistakenly output an empty file in the XML file and would cause issues when importing the XML file to a REDCap project.Bug fix: When a project is in Draft Mode while in production, and the first instrument is a survey, and then via the Online Designer the user moves another non-survey instrument into the first form position, it would mistakenly cause all the survey timestamps from the original first instrument to be associated with the instrument that was moved (this will occur only after the drafted changes are approved).Change: For security purposes, the hashing algorithm used for hashing the answer to password recovery questions (for Table-based authentication only) will be updated to a stronger algorithm. This will unfortunately cause all Table-based users to have to set their password recovery question again the next time they log in to REDCap; however, it is anticipated that this will cause very little inconvenience to users.Bug fix: When piping data from a text field that has the biomedical ontology auto-suggest enabled, it would mistakenly pipe in the raw value instead of the label. (Ticket #12705)Bug fix: Cross-form branching logic does not always work successfully on a repeating event. (Ticket #16372)Bug fix: A fatal PHP error might occur when uploading files on some REDCap web server configurations that do not have the PHP function mime_content_type(). It is currently not know why this function would be missing for some configurations.Bug fix: The "Export Records" API method would mistakenly not export the redcap_repeat_instrument and redcap_repeat_instance fields when exporting data from a repeating instrument or repeating event in EAV format.Bug fix: When creating a new REDCap project from a Project XML metadata file, in which the project is not longitudinal but contains repeating instruments, it might not enable the repeating instruments in the newly created project.Change: Normal users are now allowed to enable (or modify) repeating instruments/event in a project while the project is in production. In previous versions, they could only do this while in development.Bug fix: When clicking the "Move" icon for a field in the Online Designer, if some fields in the project have very long Field Labels, then it might cause display issues for the drop-down list of field inside the popup that is displayed because the drop-down is too wide.Change: The Codebook page in a project now requires that a user have Project Setup/Design privileges in order to access it. This was changed to be more consistent with other places where Project Setup/Design privileges are applied.Bug fix: The "Repeatable instruments and events" video on the Training Videos page mistakenly displays the wrong video title inside the popup when viewing the video. (Ticket #16502)Change: For better compatibility with Shibboleth authentication, the format of the Send-It download URL has been reverted to its pre-7.0 format. Note: The current format will also work in 7.3.1 and is backward compatible in case any Send-It files had been sent out just prior to upgrading to this version.Version 7.3.0 - (released 3/10/2017)NEW FEATURES, BUG FIXES, & OTHER CHANGES:New feature: Response Limit for surveys?- Users may set a response limit for any given survey to prevent respondents from starting the survey once a set number of responses have been collected. Note: It can be set so that the response count included either completed responses only or both partial and completed responses. Users may also set custom text to be displayed to respondents on the survey page when the response limit has been reached.New feature: Time Limit for Survey Completion?– Users may set the amount of time (in days, hours, and/or minutes) that each respondent has to complete a given survey based on when they were initially sent the survey invitation. Note: This feature excludes public survey links. When enabled, a new column is displayed on the Participant List where it denotes if a participant’s survey link has expired and also displays the expiration time if you hover over the icon. If the icon is clicked, the user can permanently override the link expiration time by setting it further in the future (to give the respondent more time), or else to expire the link sooner (or even immediately).Improvement:?The survey options at the top of a data entry form now include a new option “Log out + Open suvey”, which will simultaneously open the survey in a new browser tab while logging out the REDCap user in the current tab. This makes it easier for users to log out of their REDCap session in case they walk away from the computer while a participant takes the survey, thus ensuring that the participant is not able to go into the first tab and access the user’s REDCap account and projects.Improvement/change: Better protection against accidentally overwriting survey responses when opening surveys from a data entry form. When clicking the "Open survey" option at the top of a data entry form, it will display a popup on the data entry form to inform the user that it is recommended that they leave the page without saving it in order to avoid overwriting or erasing the survey responses that had been collected in another browser tab on the survey page.Bug fix: REDCap would not be able to make outbound requests properly if the REDCap web server is using a proxy.Bug fix: The use of [field]="" inside the condition of an IF statement for a calculated field does not behave as users would expect, and this often requires users to use [field]="NaN" as an alternative for checking if a field's value is blank/null. Now [field]="" will work as one would expect and will work identically to [field]="NaN".Bug fix: Drop-down fields with autocomplete enabled will mistakenly display little arrows in front of the choice labels in Google Chrome only. (Ticket #15862)Bug fix: After being on any page for more than 3 minutes, it would disable certain jQuery-enabled triggers, such as auto-complete drop-down fields on data entry forms and any custom Bootstrap components. (Ticket #15989, #14863)Bug fix: When upgrading REDCap, if the new REDCap version directory has been uploaded to the web server but the upgrade has not been completed yet, then the REDCap cron job would mistakenly not run until the upgrade has completed. It will now always run when it is supposed to, even in the midst of an upgrade. (Ticket #15991)Bug fix: If running PHP 7.1 or higher on the REDCap web server, the Data Resolution Workflow popup would mistakenly fail to open when a user tries to open it. (Ticket #16040)Bug fix: If doing a user search using "all user attributes" on the Browser Users page in the Control Center, it would mistakenly always return every user in the system. (Ticket #16026)Change: Added "language" option for users submitting an instrument to the REDCap Shared Library so that they can specify the language of their instrument's text. Note: Instruments in the Shared Library are now searchable by language.Bug fix: The "email" field validation would mistakenly not accept email addresses containing accent marks and other valid UTF-8 characters. (Ticket #15874)Bug fix: When downloading PDFs containing record data, it would sometimes mistakenly display duplicate pages for an instrument for longitudinal projects only. (Ticket #12797, #14945)Bug fix: When viewing the Survey Invitation Log, for certain situations, some invitations might mistakenly not be displayed on the page.Bug fix: When editing an existing report that uses advanced logic in Step 3, if a user clicks the "Switch format: Use simple logic" link, the drop-down list of fields in that section would mistakenly not be displayed, thus making it impossible set set a filter unless the user reloads the page.Bug fix: When setting up an Automated Survey Invitation and using conditional logic, if a record is selected in the "test logic with a record" option *and* the project is in production, then it might mistakenly return "[No value]" rather than True or False regarding whether the condition is true/false for a given record.Bug fix: The field name auto-suggest feature for branching logic, calculations, ASIs, etc., would mistakenly suggest checkboxes in the wrong format (i.e., without parentheses with a value inside them). It now suggests checkboxes in the correct syntax. (Ticket #15510)Bug fix: On the Randomization page in a project, the drop-down lists of fields might be too wide for the page. (Ticket #16559)Change: The cell borders where added back to the report table, Record Home Page table, and Record Status Dashboard table for better readability of the table contents.Bug fix: The "Print Page" button on reports would cause the report to not look correctly in the print preview if the report table was too wide or too tall to fit on the page.Bug fix: The Record Home Page's table might have its rows/column misaligned if the table is too wide or too tall. (Ticket #16150)Bug fix: When clicking the "Show Stats Only" button on the "Stats & Charts" page, it might mistakenly still show the "Download Image" button if all the field plots have not fully loaded yet on the page. (Ticket #6534)Version 7.2.2 - (released 2/23/2017)BUG FIXES & OTHER CHANGES:Minor security fixes: Cross-site scripting vulnerabilities and SQL injection vulnerabilities were found on several different pages, in which the vulnerabilities could possibly be exploited by a malicious user.Bug fix: Many improvements regarding the rendering of tables for reports, Record Status Dashboard, and Record Home Page due to floating headers/columns not lining up correctly.Bug fix: A few PHP files contained \r (CR) characters without \n (LF) characters immediately following them, which caused issues when uploading the REDCap source code to certain web servers.Bug fix: When using Send-It to send a file from a data export, a File Repository file, or from a File Upload field, it would result in an error when the user would click the "Send It!" button. (Ticket #12747)Bug fix: When clicking the "Lock all instruments across all events" option on the Record Home Page, it would mistakenly only lock instruments for events that contain data. This mistakenly changed in a previous version and is now set back to the way it was originally where it would lock all forms across all designated events regardless of whether there is data in the form or in the event.Bug fix: If running PHP 7.1 or higher on the REDCap web server, any API import method with content in XML format would fail. (Ticket #15764)Bug fix: When doing a CSV Raw data export while exporting the survey fields, the header text for "Survey Timestamp" would mistakenly be blank. (Ticket #14316)Bug fix: If running PHP 7.1 or higher on the REDCap web server, any Data Quality rule would fail when executed. (Ticket #15582)Bug fix: The font resize option at the top of surveys mistakenly does not increase/decrease all text uniformly on the page. (Ticket #15749)Bug fix: If running PHP 7.1 or higher on the REDCap web server, the biomedical ontology auto-suggest feature for Text fields would always return nothing from the search.Bug fix: When creating or editing a report and adding a new field in Step 2, if the user hits the Enter key while in the text field when the text field is empty, it would mistakenly display the "List of users with access" popup.Version 7.2.1 - (released 2/16/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?If a user's Data Export permissions are "De-Identified" or "Remove all tagged Identifier fields" when they are using the Export Records API method, in which they specify a list of fields (or forms) by variable name (or form name) in their API request, then if every one of those specified fields are also fields that would normally get removed due to their export privileges, then it would mistakenly return data for all the fields in the project. (Ticket #15003)Medium security fix:?A malicious user or survey respondent could uploaded a specially designed file for a File Upload field on a survey or data entry form, and then exploit it by getting a REDCap Administrator to then navigate to a specially crafted link, which might allow them to escalate certain Administrator privileges and take advantage of them, even capturing their login information.Minor security fixes:?Several cross-site scripting vulnerabilities were found on various pages, such as the User Rights and Project Setup pages, in which the vulnerability could possibly be exploited by a malicious user.Improvement: If an individual project has been set as "offline" on the "Edit a Project's Settings" page in the Control Center, it will note this in red letters on the My Projects page or Browse Projects page for the project.Bug fix: The record status dashboard and report tables would not always have their rows aligned correctly, and some table columns might be missing a border. (Ticket #15055)Bug fix: If viewing a report and viewing the "ALL" option for paging in order to view all pages of the report, then if the user clicked the table header to sort the table, it would mistakenly display the page-sorting note that should only be displayed when viewing a single page of the report.Bug fix: Enhanced radio buttons on surveys were not vertically aligned correctly but mistakenly had extra padding above them. (Ticket #14996)Bug fix: For certain MySQL installations, it would always keep displaying the "Your REDCap database structure is incorrect" error message in the Control Center, even though there was not an issue. Bug emerged in REDCap 7.2.0. (Ticket #15069)Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, the survey options drop-down at the top of the form will mistakenly be disabled if the instance number is greater than "1" and the form has not the form saved yet. (Ticket #14629)Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, and the user chooses to compose a survey invitation using the survey options drop-down at the top of the form, it would mistakenly always send the survey link pointing to the first instance of the survey rather than to the correct instance number. (Ticket #14629)Bug fix: When a repeating instrument is also enabled as a survey with the repeat survey button option set to be "Before the submit button in the survey", if any required fields on the survey were left blank and the repeat survey button was clicked, it would mistakenly not prompt the respondent to enter the required fields that were left blank and would mark the survey as completed. (Ticket #14092)Bug fix: When using the Twilio telephony services for surveys, in certain cases it would not always erase the logs on the Twilio website of SMS messages sent via REDCap. It now does a much more comprehensive job of deleting SMS messages than before. (Ticket #11167, #13676)Bug fix: The "E-Signature and Locking Management" page would mistakenly display instruments that have locking capabilities disabled as set on the "Record Locking Customization" page. (Ticket #15020)Bug fix: The drop-down Topic list on the "Help & FAQ" page was not scrollable, which made it impossible to view the bottom items of the list if your browser window was not very tall.Bug fix: When executing a user-defined Data Quality rule in a longitudinal project, it might mistakenly return duplicate results for any discrepancy found.Bug fix: When using the REDCap Mobile App, it was mistakenly not logging the REDCap user in the mobile app specific logs on the different tabs in the REDCap Mobile App page in a project. Bug emerged in REDCap 7.1.0.Bug fix: If a user has been given "De-Identified" data export privileges in a project that contains surveys, then when exporting data from the "Data Exports, Reports, and Stats" page, it should automatically pre-select the checkbox to force date-shifting the survey completion timestamp fields because survey timestamps can be considered identifiers (PHI) in many cases. (Ticket #15145)Bug fix: When the Dynamic Data Pull (DDP) module is enabled in a project, it might mistakenly display duplicate values for a field inside the DDP adjudication popup. This usually occurs when a single source field is mapped to many different REDCap fields in the project. Additionally, if a user chooses not to select any fields in the adjudication popup but wants to mark them all as having been adjudicated, then it would never cause the number of items left to be reduced after clicking the Save button, thus always showing that X items are left to adjudicate.Bug fix: If users use "!=" instead of "<>" in a calculated field's equation, it would not always evaluate the calculation correctly when viewing the form or survey where the calc field is located. (Ticket #15339)Bug fix: Horizontally-aligned slider fields would mistakenly display as vertical on mobile devices only. (Ticket #15390)Bug fix: HTML tags places inside the rule name of a Data Quality rule would get escaped and be viewable as-is rather than interpreted as HTML.Bug fix: If a Custom Record Status Dashboard is sorted in descending order by the record ID field, then even though record auto-numbering is enabled in the project, it would mistakenly sort the record names as text rather than sorting them using a numerical sort. (Ticket #15303)Bug fix: If running specific versions of PHP on the REDCap web server, the Field Comment Log popup would crash and never display the popup. (Ticket #15333)Bug fix: Some text was missing when describing the Duo two-factor authentication option in the Control Center.Bug fix: When attaching a YouTube video to a Descriptive field on a survey or data entry form, at the end of the video it would mistakenly display other recommended videos (added automatically at the end by YouTube). It has now been set to never do that.Change: A count of the number of users is now displayed at the top of the user list table on the Project Home page.Version 7.2.0 - (released 2/9/2017)NEW FEATURES & IMPROVEMENTS:New feature:?Custom Record Status DashboardsUsers can build and save custom versions of the Record Status Dashboard to customize the dashboard to their liking.Custom dashboards have many configuration options. Users can give each dashboard a title and a description/instructions, and can choose the instruments to include or exclude in the dashboard's display. Similar to building reports in REDCap, Custom Record Status Dashboards allow users to sort the records in the dashboard by another field's value, and one can set filter logic to filter the records displayed in the dashboard to a specific subset of the total records (e.g. [age] > 30 and [diabetes] = "1"). There are aesthetic controls as well, such as being able to display the dashboard headers vertically, which will transpose them 90 degrees for a more compact display on the page.Only users with Project Setup/Design privileges may create custom dashboards. Once a custom dashboard has been created, it will be viewable and usable by all users in the project. Users may create as many custom dashboards as they like in a project. To create a custom dashboard, navigate to the Record Status Dashboard in a project, and click the blue "Create custom dashboard" button to get started.New feature:?Text searching and ordering on reports?– Users now have a search box displayed at the top of every report where they can type text to search the report, in which it will only show the rows in the currently viewed report that match the search string that is typed. Additionally, any column in a report can have its column header clicked to sort the table according to the values in that column (in ascending or descending order).BUG FIXES & OTHER CHANGES:Medium security fixes:?Several cross-site scripting vulnerabilities were found on various pages, in which they could possibly be exploited by a malicious user.Change: The DataTables plugin for jQuery is now included in REDCap by default, so any plugins that display REDCap’s page header/footer will automatically have the DataTables JavaScript and CSS loaded in the plugin.Improvement: For longitudinal projects containing multiple arms, the Record Status Dashboard now displays each arm separately in a tabbed interface rather than trying to fit all arms in a single table, which typically is not the best way to view multiple arms of records.Improvement: Checkbox fields on reports are now displayed better with their field label spanning all the choices as a row above all the choices and displaying just the choice text and variable in the individual choice column headers on the second row of the header. This groups the checkbox options together much better and is much more intuitive to read and interpret.Improvement: The Group ID number for each Data Access Group (DAG) is now displayed in the DAG table on the Data Access Groups page in a project. The Group ID number is the number that is automatically generated by REDCap and is automatically prepended with a dash/hyphen to the record name when a user assigned to a DAG is creating a new record. The Group ID number is now displayed in the table on the page so that users are aware of what each DAG's Group ID number is.Minor security fix: A cross-site scripting vulnerability was found on the Project Setup page, which could possibly be exploited by a malicious user.Minor security fix: An SQL injection vulnerability was found on the Control Center's Browse Users page, which could possibly be exploited by a malicious user that has compromised an administrator's account.Change: Question numbers displayed on surveys are now displayed as right-aligned, whereas in previous versions they were left-aligned. This is to reduce the gap between the question number and the question text for a more readable and intuitive display.Bug fix: When making a call to the Import Metadata API method, it would mistakenly always return "18" as the response rather than returning the number of fields that were actually imported.Bug fix: When creating a Project Bookmark in a project and using the Link Type="REDCap Project", the project list would mistakenly include deleted projects. (Ticket #13855)Bug fix: When choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, in longitudinal projects it would mistakenly lock instruments on events that do not contain data. Bug emerged in REDCap 7.0.0.Bug fix: After choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, it would mistakenly not display the lock icon on that page for instruments with a gray status icon (it should always display the lock icon for all instruments on all events containing data). Bug emerged in REDCap 7.0.0.Bug fix: If the Double Data Entry module is enabled in a project, and a user clicks one of the "Compare" buttons at the top of the Data Comparison Tool page immediately after merging a record, it will mistakenly save some values in the back-end database table, thus mistakenly creating an additional new record that has no relation to the other existing records. (Ticket #13394)Bug fix: If a user leaves a required field blank on a repeating instrument or repeating event, it will reload the data entry form to display the error message, but will mistakenly load the first instance of the form/event rather than the correct instance being saved. (Ticket #14099)Bug fix: The input fields inside the "Enable reminders" box in the Compose Invitations dialog on the Participant List page were too small to read.Bug fix: IF running PHP 7.X on the web server, then the API Playgound page might crash on specific occasions with a fatal PHP error when attempting to view the code produced at the bottom of the page for various programming languages.Bug fix: If scheduling a survey invitation via the Compose Survey Invitations popup on the Participant List page and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined. (Ticket #14314)Bug fix: When deleting a record on the Record Home page when the record name contains a space, the message displayed after successfully deleting the record would mistakenly have a "%20" in place of the space in the record name displayed.Bug fix: When using the Dynamic Data Pull (DDP) module and mapping fields with composite mapping (i.e., many-to-many mapping), it might mistakenly not save those mappings correctly, which might prevent data from being pulled into them correctly from the source system and would also cause issues displaying the mapping page correctly afterward.Bug fix: The record count on the System Statistics page in the Control Center might mistakenly be slightly higher than the actual count.Bug fix: When using Send-It to send a file from a File Upload field, from a data export, or from the File Repository, it would mistakenly display the "Select a file" option to upload a new file when it should instead display the filename of the file.Bug fix: When a calculated field is located on a repeating instrument, it may mistakenly not show up in Data Quality rule H as a discrepancy when there is a discrepancy between the saved value and the true calculated value.Bug fix: When the record ID field is located on a repeating instrument, it may mistakenly cause discrepancies to show up as duplicates in Data Quality rule H.Bug fix: When executing Data Quality rule F, it would mistakenly return discrepancies for checkbox fields that were hidden by branching logic but had all their choices unselected. (Ticket #13555)Bug fix: When calling the API Delete Records method, it was mistakenly checking the wrong user permissions. It should have been checking to require that the user has API Import/Update permissions and Record Delete permissions. (Ticket #14328)Bug fix: When a project is in production but not in draft mode, it would mistakenly display the "Download Data Dictionary with drafted changes" link on the Project Setup page. It should only display that link when the project is in draft mode. (Ticket #14851)Bug fix: When viewing a data entry form or survey page using a recent version of Android, depending on the device, the backspace button may get inadvertently disabled on the device's keypad for integer-validated text fields only, thus preventing users from removing an integer that was entered into a field. The fix for this has a downside, which is that integer-validated text fields will now no longer display just the device's keypad on Android devices but will instead display the full alphabetic keyboard.Bug fix: The REDCap Language File Creator/Updater would create corrupted language files to be used for translation due to presence of the HTML character code " in certain string of language text in the English.ini file. (Ticket #14843)Bug fix: When using the To-Do List in the Control Center and clicking the info button on the right for a given item in the list, some of the text revealed in the box would not be completely viewable. (Ticket #14368)Bug fix: When copying a data collection instrument via the Online Designer's "choose action" button, if a field on the instrument has a new resulting variable name that is longer than 100 characters, then it would result in an error and prevent the user from copying the instrument. (Ticket #14770)Bug fix: When users are not allowed to copy projects on their own but must request administrators to do so for them, if an administrator processes a "copy project" request via the link sent in the email (rather than directly via the To-Do List in the Control Center), then the request item will mistakenly not get marked as "completed" on the To-Do List page. (Ticket #14891)Bug fix: If a user is typing branching logic or a calculation into a text field where it provides the variable auto-suggest feature and logic validation in real time, then in some cases if the user does this a lot in a short amount of time, it might mistakenly ban the user's IP address and lock them temporarily out of REDCap. (Ticket #14405)Bug fix: If scheduling a survey invitation via the Compose Survey Invitation popup on a data entry form and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined.Bug fix: When uploading an attachment file onto a Descriptive field in the Online Designer, if the file's filename link is clicked to re-download the file inside the Edit Field popup, it would mistakenly display an error.Bug fix: After creating a custom link for a public survey link, it would mistakenly not provide a way for users to remove the custom link (i.e., the red X was not being displayed) on the Public Survey Link page.Bug fix: When importing data in EAV format using the Import Records API method for classic (non-longitudinal) projects only, it might mistakenly not update the value of fields that already have data and instead simply add the new value to the back-end database, leaving the field with more than one value stored.Bug fix: If a multi-page survey has some pages that might get completely skipped because all fields on the page have branching logic, then if the survey instrument is also enabled to be a Repeating Instrument in the project, then it would mistakenly fail to skip the page when branching logic dictates that it should be skipped. (Ticket #13764)Version 7.1.2 - (released 1/20/2017)BUG FIXES & OTHER CHANGES:New module: Find Calculation Errors in Projects - This new page in the Control Center allows administrators to determine if any projects in the entire REDCap system contain calculation errors. It is possible in certain cases that the data saved for calculated fields in projects might not be accurate. This might be due to a user modifying a calc field's equation after data collection has begun, or perhaps due to software bugs that may have occurred in REDCap in the past that affected calculations. This new module will not fix any incorrect calculations in projects, but it will identify projects with issues so that the administrator or a user in the project can go to the Data Quality module in the project and run Rule H, which will help fix any calculation errors.Bug fix: When using the Save & Return Later feature on a survey that is enabled as a Repeating Survey (via Repeating Instrument feature), it would mistakenly ask for the Return Code (or ask for the respondent to log in if Survey Login is enabled) on the repeated instances of the survey after the first one has been entered. (Ticket #13240)Bug fix: When a user's password has been reset and they are emailed a link to reset their password, on certain random occasions when the click the link in their email, it will fail to begin the password reset process and will also mistakenly display an "Access Denied" message stating that the user is now locked out of REDCap temporarily for X minutes. (Ticket #7457, #11260, #1710, #13109)Bug fix: If a user on a data entry form leaves spaces before or after a value entered in a text field, the prompt that asks them if they want the spaces trimmed mistakenly gets displayed in the wrong vertical position on the webpage in certain cases. (Ticket #13486)Bug fix: If a project has repeating instruments that are enabled as surveys, and a user clicks the "Delete data for THIS FORM only" button at the bottom of a data entry form, then it would mistakenly not remove that instance of the instrument from the Participant List.Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in the Participant List.Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in a record's Survey Queue.Bug fix: If a project has repeating instruments that are enabled as surveys, then on certain occasions in longitudinal projects, it might mistakenly only display the first instance of the survey in a record's Survey Queue.Bug fix: Data Quality rule F would mistakenly return discrepancies for visible fields with branching logic and have data saved for them rather than only fields that are currently hidden. (Ticket #13555)Bug fix: If a field is given the variable name "length", then the "Reset" link will not work for the field if it is a radio or slider field. Also, a slider field with that variable name will not get enabled when initially clicked by the user. (Ticket #13595)Bug fix: If using a custom message to display to users when creating/copying a project, then if a user goes to copy a project, it will mistakenly bypass the custom message prompt and copy the project regardless. (Ticket #13674)Bug fix: If the randomization module is enabled on a longitudinal project with multiple arms, in which a record exists on multiple arms (one of which is the arm that contains the randomization field), then if the record is deleted from the non-randomization arm, then its randomization allocation would mistakenly get removed from the randomization arm. This means that the record's allocation would get removed mistakenly as if it were never randomized and thus allow another record to mistakenly take its allocation later. (Ticket #13278)Change: When viewing a report that displays data from a repeating instrument or event, it will now gray out the cell of the redcap_repeat_instrument and redcap_repeat_instance columns for the base instance row of a record (i.e., where the redcap_repeat_instance field has a blank value), thus denoting that that field is not relevant for that row of data (since the row is displaying non-repeating data only).Version 7.1.1 - (released 1/13/2017)BUG FIXES & OTHER CHANGES:Improvement: When opening the Field Comment Log, it now places the user's cursor inside the text box automatically as a convenience to the user.Improvement: When a user is on a data entry form or survey and hovers over the choice label of a radio button field, the cursor changes to the "hand" cursor to indicate that they can click on the label to select the choice rather than thinking they have to click the radio element itself.Minor security fix: A cross-site scripting vulnerability was found on the Data Import Tool page, which could possibly be exploited by a malicious user. (Ticket #13193)Change: Action Tags are now listed alphabetically by name in the "What are Action Tags?" popup on the Online Designer.Change: For plugin/hook developers, the background color of the Bootstrap CSS class "btn-default" was being overridden (on purpose) in all versions of REDCap 7.X, and this caused some issues for plugins/hooks that utilized that button class because it was the same color as when the button is active. This change has been reverted so as not to conflict with the Bootstrap btn-default class, and now REDCap uses a CSS class named "btn-defaultrc" instead for general default-style buttons.Bug fix: When viewing the Stats & Charts page in a project, clicking the "Show Stats Only" button would cause the "Download image" button to sometimes obscure the stats table for the field. (Ticket #6534)Bug fix: The wrong text is displayed at the top of the My Projects page right before the User Access Dashboard link. Bug emerged in version 7.1.0.Bug fix: When exporting a PDF of data when the "Character encoding for exported files" has been set to "Chinese (UTF-8)", then it will result in a fatal PHP error if the REDCap web server is running PHP 5.4.0 or higher. (Ticket #13334)Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214) Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214)Bug fix: When a survey Stop Action has been enabled for a drop-down field that has the auto-complete option enabled, then if the Stop Action is triggered after selecting a choice, the value of that field would mistakenly not get saved. It would still save all other field data on the survey, but it would not save the value of the field triggering the Stop Action. This would not affect all drop-down fields but only those with the auto-complete option enabled.Bug fix: When merging two records in a Double Data Entry project, slider fields would mistakenly not have a way to enter a new value in the third column of the merging table, thus making it impossible to set a value other than those from the two records being merged. For sliders on that page, it now displays an integer-validated text field with 0-100 range limit as a slider substitute since creating an actual slider on the page is a bit complex due to certain technical dependencies. (Ticket #13196)Version 7.1.0 - (released 1/6/2017)BUG FIXES & OTHER CHANGES:New feature: Better device management for the REDCap Mobile App?– The Mobile App page in a project now contains better methods for keeping track of the activity of the mobile app used on many devices at a time for a single project.Each device that has initialized the project in the mobile app will be displayed in a device list on the page. It will initially display the device’s UUID, but each can be given their own nickname (e.g., Kenya tablet, Rob’s iPhone). The nickname will be displayed on the Mobile App page’s activity tables, dashboard, and file download tables so that users may track which device is doing what.Each device can be blocked, if needed, without having to revoke the API token for many (or all) of your devices. Blocking behaves similar to revoking a user’s API token except it allows you to do it on a per-device basis. You might want to block a device if it were stolen, for instance. This helps protect your data from being corrupted or from falling into the wrong hands.The mobile app log files can now be viewed on the Mobile App page without having to download them to view them.Medium security fix:?Cross-site scripting and SQL Injection vulnerabilities were found on several pages, which could possibly be exploited by a malicious user.Major bug fix:?Calculation errors may (in specific situations) occur on surveys or data entry forms if a calculation uses a number-validated or integer-validated field in its equation, in which the result might mistakenly get calculated as "0" instead of leaving the calc field as blank. This might also cause the "Erase value" prompt to appear on data entry forms as well.Major bug fix:?In specific situations, Data Quality rule H and auto-calculations may differ from the calculation performed on surveys or data entry forms if a calculation uses any of the advanced functions where many values can be used as parameters (e.g., min, max, mean, sum, stdev). The discrepancy occurs in Rule H and auto-calculations when all the values referenced inside the function have a blank/null value. (Ticket #12771)Bug fix: If the equation of a calc field contains a tab character, it will display an error on the survey or data entry form where the calc field is located.Change: The OpenSSL extension for PHP is now required for REDCap 7.1.0 and later versions. Previous versions of REDCap used the Mcrypt extension, which is currently deprecated in PHP 7.1 and will be removed in PHP 7.2. Mcrypt is currently used in REDCap for minor encryption routines and also for encrypting and storing DDP data values (from the DDP source system), so OpenSSL will be used to replace Mcrypt for typical encryption functionality in REDCap.Bug fix: The cached count of records in a project (displayed on the My Projects page) would mistakenly not get reset when clicking the Erase All Data button on the Other Functionality page or when deleting all records while moving the project to production status.Bug fix: When copying a project containing surveys using the "Copy the project" button on the Other Functionality page, it would mistakenly not copy over the Enhanced Choices option (if enabled) or the Repeating Survey options (if the Repeating Instruments functionality is enabled) from the Survey Settings page for each survey.Bug fix: For projects with Repeating Instruments enabled that are also enabled as surveys with the Repeating Survey option enabled, if the Survey Queue is also enabled, then there is the possibility that only the first instance of a repeating survey will display in the Survey Queue instead of all the saved instances.Bug fix: When creating a new project whose purpose is set to "Research", the text box for entering the project PI's middle initial is not wide enough. (Ticket #12786)Bug fix: If the Data Resolution Workflow is enabled in a project and a user is viewing the dialog/popup of data query actions and logged data, on certain occasions it might mistakenly not display all the items in correct chronological order. (Ticket #12825)Change: The text describing the Project Notes field when creating a new project was modified slightly to inform the user that the notes are displayed on the My Projects page, which was not explained in prior versions. (Ticket #12843)Bug fix: When upgrading REDCap, if the version directory has been placed on the REDCap web server and the administrator is on the REDCap Upgrade page, the link on that page to the Language File Creator/Updater page would mistakenly redirect them to the REDCap Home page instead of the correct page.Bug fix: When opening a To-Do List request in the popup dialog on the To-Do List page in the Control Center, the top of the popup would be mistakenly hidden underneath the top navigation bar, thus making it impossible to close the popup.Bug fix: When editing a report and changing the field/variable used for a filter in Step 3, in which the filter field being modified is not the last filter in the report, then it would display a new filter field at the bottom with an incorrect filter number value (e.g., displays "Filter 3" for the last filter when it should say "Filter 8" instead). (Ticket #12766)Bug fix: In the API documentation for the API method "Export Project XML", the paragraph of text for the "exportFiles" parameter was displaying the wrong text. (Ticket #12974)Bug fix: When attempting to send a signature file or uploaded file via Send-It from a data entry form, it would display an erroneous error message when the file is sent, thus preventing it from being sent. (Ticket #12747)Version 7.0.10 - (released 3/10/2017)BUG FIXES & OTHER CHANGES:Bug fix: The use of [field]="" inside the condition of an IF statement for a calculated field does not behave as users would expect, and this often requires users to use [field]="NaN" as an alternative for checking if a field's value is blank/null. Now [field]="" will work as one would expect and will work identically to [field]="NaN".Bug fix: Drop-down fields with autocomplete enabled will mistakenly display little arrows in front of the choice labels in Google Chrome only. Bug fix: After being on any page for more than 3 minutes, it would disable certain jQuery-enabled triggers, such as auto-complete drop-down fields on data entry forms and any custom Bootstrap components. Bug fix: When upgrading REDCap, if the new REDCap version directory has been uploaded to the web server but the upgrade has not been completed yet, then the REDCap cron job would mistakenly not run until the upgrade has completed. It will now always run when it is supposed to, even in the midst of an upgrade. Bug fix: If running PHP 7.1 or higher on the REDCap web server, the Data Resolution Workflow popup would mistakenly fail to open when a user tries to open it. Bug fix: If doing a user search using "all user attributes" on the Browser Users page in the Control Center, it would mistakenly always return every user in the system. Bug fix: The "email" field validation would mistakenly not accept email addresses containing accent marks and other valid UTF-8 characters. Bug fix: When downloading PDFs containing record data, it would sometimes mistakenly display duplicate pages for an instrument for longitudinal projects only. Bug fix: When viewing the Survey Invitation Log, for certain situations, some invitations might mistakenly not be displayed on the page.Bug fix: When editing an existing report that uses advanced logic in Step 3, if a user clicks the "Switch format: Use simple logic" link, the drop-down list of fields in that section would mistakenly not be displayed, thus making it impossible set set a filter unless the user reloads the page.Bug fix: When setting up an Automated Survey Invitation and using conditional logic, if a record is selected in the "test logic with a record" option *and* the project is in production, then it might mistakenly return "[No value]" rather than True or False regarding whether the condition is true/false for a given record.Bug fix: The field name auto-suggest feature for branching logic, calculations, ASIs, etc., would mistakenly suggest checkboxes in the wrong format (i.e., without parentheses with a value inside them). It now suggests checkboxes in the correct syntax. Bug fix: On the Randomization page in a project, the drop-down lists of fields might be too wide for the page. Bug fix: When clicking the "Show Stats Only" button on the "Stats & Charts" page, it might mistakenly still show the "Download Image" button if all the field plots have not fully loaded yet on the page. Version 7.0.9 - (released 2/23/2017)BUG FIXES & OTHER CHANGES:Minor security fixes: Cross-site scripting vulnerabilities and SQL injection vulnerabilities were found on several different pages, in which the vulnerabilities could possibly be exploited by a malicious user.Bug fix: A few PHP files contained \r (CR) characters without \n (LF) characters immediately following them, which caused issues when uploading the REDCap source code to certain web servers.Bug fix: When using Send-It to send a file from a data export, a File Repository file, or from a File Upload field, it would result in an error when the user would click the "Send It!" button. Bug fix: When clicking the "Lock all instruments across all events" option on the Record Home Page, it would mistakenly only lock instruments for events that contain data. This mistakenly changed in a previous version and is now set back to the way it was originally where it would lock all forms across all designated events regardless of whether there is data in the form or in the event.Bug fix: If running PHP 7.1 or higher on the REDCap web server, any API import method with content in XML format would fail. Bug fix: When doing a CSV Raw data export while exporting the survey fields, the header text for "Survey Timestamp" would mistakenly be blank. Bug fix: If running PHP 7.1 or higher on the REDCap web server, any Data Quality rule would fail when executed. Bug fix: The font resize option at the top of surveys mistakenly does not increase/decrease all text uniformly on the page. Bug fix: If running PHP 7.1 or higher on the REDCap web server, the biomedical ontology auto-suggest feature for Text fields would always return nothing from the search.Bug fix: When creating or editing a report and adding a new field in Step 2, if the user hits the Enter key while in the text field when the text field is empty, it would mistakenly display the "List of users with access" popup.Version 7.0.8 - (released 2/16/2017)BUG FIXES & OTHER CHANGES:Major bug fix:?If a user's Data Export permissions are "De-Identified" or "Remove all tagged Identifier fields" when they are using the Export Records API method, in which they specify a list of fields (or forms) by variable name (or form name) in their API request, then if every one of those specified fields are also fields that would normally get removed due to their export privileges, then it would mistakenly return data for all the fields in the project. Medium security fix:?A malicious user or survey respondent could uploaded a specially designed file for a File Upload field on a survey or data entry form, and then exploit it by getting a REDCap Administrator to then navigate to a specially crafted link, which might allow them to escalate certain Administrator privileges and take advantage of them, even capturing their login information.Minor security fixes:?Several cross-site scripting vulnerabilities were found on various pages, such as the User Rights and Project Setup pages, in which the vulnerability could possibly be exploited by a malicious user.Bug fix: Enhanced radio buttons on surveys were not vertically aligned correctly but mistakenly had extra padding above them. Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, the survey options drop-down at the top of the form will mistakenly be disabled if the instance number is greater than "1" and the form has not the form saved yet. Bug fix: When viewing a data entry form of a repeating instrument that is also enabled as a survey, and the user chooses to compose a survey invitation using the survey options drop-down at the top of the form, it would mistakenly always send the survey link pointing to the first instance of the survey rather than to the correct instance number. Bug fix: When a repeating instrument is also enabled as a survey with the repeat survey button option set to be "Before the submit button in the survey", if any required fields on the survey were left blank and the repeat survey button was clicked, it would mistakenly not prompt the respondent to enter the required fields that were left blank and would mark the survey as completed. Bug fix: When using the Twilio telephony services for surveys, in certain cases it would not always erase the logs on the Twilio website of SMS messages sent via REDCap. It now does a much more comprehensive job of deleting SMS messages than before. Bug fix: The "E-Signature and Locking Management" page would mistakenly display instruments that have locking capabilities disabled as set on the "Record Locking Customization" page. Bug fix: The drop-down Topic list on the "Help & FAQ" page was not scrollable, which made it impossible to view the bottom items of the list if your browser window was not very tall.Bug fix: When executing a user-defined Data Quality rule in a longitudinal project, it might mistakenly return duplicate results for any discrepancy found.Bug fix: If a user has been given "De-Identified" data export privileges in a project that contains surveys, then when exporting data from the "Data Exports, Reports, and Stats" page, it should automatically pre-select the checkbox to force date-shifting the survey completion timestamp fields because survey timestamps can be considered identifiers (PHI) in many cases. Bug fix: When the Dynamic Data Pull (DDP) module is enabled in a project, it might mistakenly display duplicate values for a field inside the DDP adjudication popup. This usually occurs when a single source field is mapped to many different REDCap fields in the project. Additionally, if a user chooses not to select any fields in the adjudication popup but wants to mark them all as having been adjudicated, then it would never cause the number of items left to be reduced after clicking the Save button, thus always showing that X items are left to adjudicate.Bug fix: If users use "!=" instead of "<>" in a calculated field's equation, it would not always evaluate the calculation correctly when viewing the form or survey where the calc field is located. Bug fix: Horizontally-aligned slider fields would mistakenly display as vertical on mobile devices only. Bug fix: HTML tags places inside the rule name of a Data Quality rule would get escaped and be viewable as-is rather than interpreted as HTML.Bug fix: If running specific versions of PHP on the REDCap web server, the Field Comment Log popup would crash and never display the popup. Bug fix: Some text was missing when describing the Duo two-factor authentication option in the Control Center.Bug fix: When attaching a YouTube video to a Descriptive field on a survey or data entry form, at the end of the video it would mistakenly display other recommended videos (added automatically at the end by YouTube). It has now been set to never do that.Version 7.0.7 - (released 2/9/2017)BUG FIXES & OTHER CHANGES:Bug fix: When using the Dynamic Data Pull (DDP) module and mapping fields with composite mapping (i.e., many-to-many mapping), it might mistakenly not save those mappings correctly, which might prevent data from being pulled into them correctly from the source system and would also cause issues displaying the mapping page correctly afterward.Bug fix: The record count on the System Statistics page in the Control Center might mistakenly be slightly higher than the actual count.Bug fix: When using Send-It to send a file from a File Upload field, from a data export, or from the File Repository, it would mistakenly display the "Select a file" option to upload a new file when it should instead display the filename of the file.Bug fix: When a calculated field is located on a repeating instrument, it may mistakenly not show up in Data Quality rule H as a discrepancy when there is a discrepancy between the saved value and the true calculated value.Bug fix: When the record ID field is located on a repeating instrument, it may mistakenly cause discrepancies to show up as duplicates in Data Quality rule H.Bug fix: When executing Data Quality rule F, it would mistakenly return discrepancies for checkbox fields that were hidden by branching logic but had all their choices unselected. Bug fix: When calling the API Delete Records method, it was mistakenly checking the wrong user permissions. It should have been checking to require that the user has API Import/Update permissions and Record Delete permissions. Bug fix: When a project is in production but not in draft mode, it would mistakenly display the "Download Data Dictionary with drafted changes" link on the Project Setup page. It should only display that link when the project is in draft mode. Bug fix: When viewing a data entry form or survey page using a recent version of Android, depending on the device, the backspace button may get inadvertently disabled on the device's keypad for integer-validated text fields only, thus preventing users from removing an integer that was entered into a field. The fix for this has a downside, which is that integer-validated text fields will now no longer display just the device's keypad on Android devices but will instead display the full alphabetic keyboard.Bug fix: The REDCap Language File Creator/Updater would create corrupted language files to be used for translation due to presence of the HTML character code " in certain string of language text in the English.ini file. Bug fix: When using the To-Do List in the Control Center and clicking the info button on the right for a given item in the list, some of the text revealed in the box would not be completely viewable. Bug fix: When copying a data collection instrument via the Online Designer's "choose action" button, if a field on the instrument has a new resulting variable name that is longer than 100 characters, then it would result in an error and prevent the user from copying the instrument. Bug fix: When users are not allowed to copy projects on their own but must request administrators to do so for them, if an administrator processes a "copy project" request via the link sent in the email (rather than directly via the To-Do List in the Control Center), then the request item will mistakenly not get marked as "completed" on the To-Do List page. Bug fix: If a user is typing branching logic or a calculation into a text field where it provides the variable auto-suggest feature and logic validation in real time, then in some cases if the user does this a lot in a short amount of time, it might mistakenly ban the user's IP address and lock them temporarily out of REDCap. Bug fix: If scheduling a survey invitation via the Compose Survey Invitation popup on a data entry form and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined.Bug fix: When uploading an attachment file onto a Descriptive field in the Online Designer, if the file's filename link is clicked to re-download the file inside the Edit Field popup, it would mistakenly display an error.Bug fix: After creating a custom link for a public survey link, it would mistakenly not provide a way for users to remove the custom link (i.e., the red X was not being displayed) on the Public Survey Link page.Bug fix: When importing data in EAV format using the Import Records API method for classic (non-longitudinal) projects only, it might mistakenly not update the value of fields that already have data and instead simply add the new value to the back-end database, leaving the field with more than one value stored.Bug fix: If a multi-page survey has some pages that might get completely skipped because all fields on the page have branching logic, then if the survey instrument is also enabled to be a Repeating Instrument in the project, then it would mistakenly fail to skip the page when branching logic dictates that it should be skipped. Version 7.0.6 - (released 2/3/2017)BUG FIXES & OTHER CHANGES:Medium security fixes:?Several cross-site scripting vulnerabilities were found on various pages, in which they could possibly be exploited by a malicious user.Minor security fix:?An SQL injection vulnerability was found on the Control Center's Browse Users page, which could possibly be exploited by a malicious user that has compromised an administrator's account.Bug fix: When making a call to the Import Metadata API method, it would mistakenly always return "18" as the response rather than returning the number of fields that were actually imported.Bug fix: When creating a Project Bookmark in a project and using the Link Type="REDCap Project", the project list would mistakenly include deleted projects. Bug fix: When choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, in longitudinal projects it would mistakenly lock instruments on events that do not contain data. Bug emerged in REDCap 7.0.0.Bug fix: After choosing the "Lock all instruments" option from the record action drop-down on the Record Home Page of a given record, it would mistakenly not display the lock icon on that page for instruments with a gray status icon (it should always display the lock icon for all instruments on all events containing data). Bug emerged in REDCap 7.0.0.Bug fix: If the Double Data Entry module is enabled in a project, and a user clicks one of the "Compare" buttons at the top of the Data Comparison Tool page immediately after merging a record, it will mistakenly save some values in the back-end database table, thus mistakenly creating an additional new record that has no relation to the other existing records. Bug fix: If a user leaves a required field blank on a repeating instrument or repeating event, it will reload the data entry form to display the error message, but will mistakenly load the first instance of the form/event rather than the correct instance being saved. Bug fix: The input fields inside the "Enable reminders" box in the Compose Invitations dialog on the Participant List page were too small to read.Bug fix: IF running PHP 7.X on the web server, then the API Playgound page might crash on specific occasions with a fatal PHP error when attempting to view the code produced at the bottom of the page for various programming languages.Bug fix: If scheduling a survey invitation via the Compose Survey Invitations popup on the Participant List page and setting a reminder to "send at exact date/time", then the reminder would mistakenly send immediately rather than at the time defined. (Ticket #14314)Bug fix: When deleting a record on the Record Home page when the record name contains a space, the message displayed after successfully deleting the record would mistakenly have a "%20" in place of the space in the record name displayed.Version 7.0.5 - (released 1/20/2017)BUG FIXES & OTHER CHANGES:New module: Find Calculation Errors in Projects - (Note: While LTS typically does not get new modules, this module is used to help find bugs in calculations and is therefore indirectly fixing bugs, which is why it was added to LTS.) This new page in the Control Center allows administrators to determine if any projects in the entire REDCap system contain calculation errors. It is possible in certain cases that the data saved for calculated fields in projects might not be accurate. This might be due to a user modifying a calc field's equation after data collection has begun, or perhaps due to software bugs that may have occurred in REDCap in the past that affected calculations. This new module will not fix any incorrect calculations in projects, but it will identify projects with issues so that the administrator or a user in the project can go to the Data Quality module in the project and run Rule H, which will help fix any calculation errors.Bug fix: When using the Save & Return Later feature on a survey that is enabled as a Repeating Survey (via Repeating Instrument feature), it would mistakenly ask for the Return Code (or ask for the respondent to log in if Survey Login is enabled) on the repeated instances of the survey after the first one has been entered. (Ticket #13240)Bug fix: When a user's password has been reset and they are emailed a link to reset their password, on certain random occasions when the click the link in their email, it will fail to begin the password reset process and will also mistakenly display an "Access Denied" message stating that the user is now locked out of REDCap temporarily for X minutes. (Ticket #7457, #11260, #1710, #13109)Bug fix: If a user on a data entry form leaves spaces before or after a value entered in a text field, the prompt that asks them if they want the spaces trimmed mistakenly gets displayed in the wrong vertical position on the webpage in certain cases. (Ticket #13486)Bug fix: If a project has repeating instruments that are enabled as surveys, and a user clicks the "Delete data for THIS FORM only" button at the bottom of a data entry form, then it would mistakenly not remove that instance of the instrument from the Participant List.Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in the Participant List.Bug fix: If a project has repeating instruments that are enabled as surveys, and a Custom Label has been set for the repeating instrument, then it would mistakenly not display the custom label for Instance #1 in a record's Survey Queue.Bug fix: If a project has repeating instruments that are enabled as surveys, then on certain occasions in longitudinal projects, it might mistakenly only display the first instance of the survey in a record's Survey Queue.Bug fix: Data Quality rule F would mistakenly return discrepancies for visible fields with branching logic and have data saved for them rather than only fields that are currently hidden. (Ticket #13555)Bug fix: If a field is given the variable name "length", then the "Reset" link will not work for the field if it is a radio or slider field. Also, a slider field with that variable name will not get enabled when initially clicked by the user. (Ticket #13595)Bug fix: If using a custom message to display to users when creating/copying a project, then if a user goes to copy a project, it will mistakenly bypass the custom message prompt and copy the project regardless. (Ticket #13674)Bug fix: If the randomization module is enabled on a longitudinal project with multiple arms, in which a record exists on multiple arms (one of which is the arm that contains the randomization field), then if the record is deleted from the non-randomization arm, then its randomization allocation would mistakenly get removed from the randomization arm. This means that the record's allocation would get removed mistakenly as if it were never randomized and thus allow another record to mistakenly take its allocation later. (Ticket #13278)Version 7.0.4 - (released 1/13/2017)BUG FIXES & OTHER CHANGES:Minor security fix: A cross-site scripting vulnerability was found on the Data Import Tool page, which could possibly be exploited by a malicious user. (Ticket #13193)Bug fix: When viewing the Stats & Charts page in a project, clicking the "Show Stats Only" button would cause the "Download image" button to sometimes obscure the stats table for the field. (Ticket #6534)Bug fix: When exporting a PDF of data when the "Character encoding for exported files" has been set to "Chinese (UTF-8)", then it will result in a fatal PHP error if the REDCap web server is running PHP 5.4.0 or higher. (Ticket #13334)Bug fix: If text containing HTML comments (e.g., <!--...-->) is added to a field label, survey instructions, or other text that appears on surveys and data entry forms, it might mistakenly prevent the full rendering of the page and might make it impossible to enter and save data successfully. (Ticket #13214)Bug fix: When a survey Stop Action has been enabled for a drop-down field that has the auto-complete option enabled, then if the Stop Action is triggered after selecting a choice, the value of that field would mistakenly not get saved. It would still save all other field data on the survey, but it would not save the value of the field triggering the Stop Action. This would not affect all drop-down fields but only those with the auto-complete option enabled.Bug fix: When merging two records in a Double Data Entry project, slider fields would mistakenly not have a way to enter a new value in the third column of the merging table, thus making it impossible to set a value other than those from the two records being merged. For sliders on that page, it now displays an integer-validated text field with 0-100 range limit as a slider substitute since creating an actual slider on the page is a bit complex due to certain technical dependencies. (Ticket #13196)Version 7.0.3 - (released 1/6/2017)BUG FIXES & OTHER CHANGES:Medium security fix:?Cross-site scripting and SQL Injection vulnerabilities were found on several pages, which could possibly be exploited by a malicious user.Major bug fix:?Calculation errors may (in specific situations) occur on surveys or data entry forms if a calculation uses a number-validated or integer-validated field in its equation, in which the result might mistakenly get calculated as "0" instead of leaving the calc field as blank. This might also cause the "Erase value" prompt to appear on data entry forms as well.Major bug fix:?In specific situations, Data Quality rule H and auto-calculations may differ from the calculation performed on surveys or data entry forms if a calculation uses any of the advanced functions where many values can be used as parameters (e.g., min, max, mean, sum, stdev). The discrepancy occurs in Rule H and auto-calculations when all the values referenced inside the function have a blank/null value. (Ticket #12771)Bug fix: If the equation of a calc field contains a tab character, it will display an error on the survey or data entry form where the calc field is located.Bug fix: The cached count of records in a project (displayed on the My Projects page) would mistakenly not get reset when clicking the Erase All Data button on the Other Functionality page or when deleting all records while moving the project to production status.Bug fix: When copying a project containing surveys using the "Copy the project" button on the Other Functionality page, it would mistakenly not copy over the Enhanced Choices option (if enabled) or the Repeating Survey options (if the Repeating Instruments functionality is enabled) from the Survey Settings page for each survey.Bug fix: For projects with Repeating Instruments enabled that are also enabled as surveys with the Repeating Survey option enabled, if the Survey Queue is also enabled, then there is the possibility that only the first instance of a repeating survey will display in the Survey Queue instead of all the saved instances.Bug fix: When creating a new project whose purpose is set to "Research", the text box for entering the project PI's middle initial is not wide enough. (Ticket #12786)Bug fix: If the Data Resolution Workflow is enabled in a project and a user is viewing the dialog/popup of data query actions and logged data, on certain occasions it might mistakenly not display all the items in correct chronological order. (Ticket #12825)Bug fix: When upgrading REDCap, if the version directory has been placed on the REDCap web server and the administrator is on the REDCap Upgrade page, the link on that page to the Language File Creator/Updater page would mistakenly redirect them to the REDCap Home page instead of the correct page.Bug fix: When opening a To-Do List request in the popup dialog on the To-Do List page in the Control Center, the top of the popup would be mistakenly hidden underneath the top navigation bar, thus making it impossible to close the popup.Bug fix: When editing a report and changing the field/variable used for a filter in Step 3, in which the filter field being modified is not the last filter in the report, then it would display a new filter field at the bottom with an incorrect filter number value (e.g., displays "Filter 3" for the last filter when it should say "Filter 8" instead). (Ticket #12766)Bug fix: In the API documentation for the API method "Export Project XML", the paragraph of text for the "exportFiles" parameter was displaying the wrong text. (Ticket #12974)Bug fix: When attempting to send a signature file or uploaded file via Send-It from a data entry form, it would display an erroneous error message when the file is sent, thus preventing it from being sent. (Ticket #12747)Version 7.0.1 - (released 12/28/2016)BUG FIXES & OTHER CHANGES:Improvement:?A new auto-approve option was added to the "Allow production Draft Mode changes to be approved automatically under certain conditions?" setting on the User Settings page in the Control Center. It now has an optional checkbox below the drop-down list of auto-approve settings, in which it states "And also ONLY IF no new fields have labels or variables with matching keywords from the 'Check For Identifiers' page". When checked, regardless of the choice selected in the auto-approve drop-down list, if any variable name or field label from a *new field* matches a keyword from the "Check For Identifiers" page, then it will force an Administrator to review the drafted changes. This option allows certain institutions to keep better track of projects that might be making production changes and want to be vigilant about the use of identifiers/PHI being collected.Improvement:?When displaying a count of each project's records on the My Projects page and on the Browse Projects page (in the Control Center), it now uses a cached count of the records in the project (if available) rather than calculating the number of records on the fly each time. This improves database server performance by making so many expensive queries to the database.Change: The Data Quality module now uses a bit less server memory when executing Rule A-H.Change: Added new project template to showcase the Repeating Instruments functionality.Bug fix: When viewing the Survey Queue while taking a survey (by clicking the Survey Queue link at the top right of a survey page), if the respondent then clicks the "Get link to my survey queue" button, it will display a dialog that is impossible to see because it is mistakenly displayed underneath the Survey Queue dialog that opened it.Bug fix: On the Project Bookmarks setup page, the user list and DAG list might mistakenly overlap the page footer if the lists are long. (Ticket #12526)Bug fix: On the View Projects page in the Control Center, if the "Show archived projects" link is clicked before a user is chosen or before clicking the "View all projects" button, it loads a non-existent page with a 404 error. (Ticket #12641)Bug fix: If running MySQL 5.7 as the database server and upgrading REDCap from a pre-6.5.0 version of REDCap, you might receive an error during the upgrade process regarding the default value of a date in the database table redcap_history_size and/or redcap_history_version (Ticket #12648).Bug fix: Misspelling of "javascript" as "javacript" in the "href" attribute of HTML tags on a couple pages. (Ticket #12683)Bug fix: When loading the dialog to edit/add repeatable instruments/events on the Project Setup page of a longitudinal project, if any custom labels had been defined for repeating instruments on an event that is not the first event in the project, then the custom labels would mistakenly not be re-displayed in the dialog and thus would be lost if the user pressed Save. (Ticket #12703)Bug fix: For a project with Repeating Events enabled, if the user is on the Record Status Dashboard and clicks a stack icon (denoting multiple instances of an event having been saved), it will mistakenly not display a floating list of instances to click on if Repeating Instruments functionality has not been enabled in the project along with Repeating Events. (Ticket #12709)Version 7.0.0 - (released 12/22/2016)NEW FEATURES & IMPROVEMENTS:New feature: Repeating Instruments and EventsREDCap has the ability to repeat a data collection instrument or an entire event of instruments an unlimited number of times without having to specify the amount needed. This is sometimes called one-to-many data collection, in which a project can have one or more repeating parts. The repeating instruments/events feature can be enabled and set up by clicking the Enable button in the Optional Modules section on the Project Setup page.Enabling Surveys for Repeating Instruments: If one wishes to allow survey respondents to enter their responses in a repeating fashion in survey mode alone, one must enable an optional setting near the bottom of the Survey Settings page (in the survey termination options section) *after* an instrument has been set as a repeating instrument. So it is one additional step to do after enabling the instrument itself as a repeating instrument. When the repeat survey setting is enabled, it will display a button at the end of the survey so that the respondent can choose to enter another response for the survey, thus essentially allowing them to take the survey multiple times in a row. In this way, they will be able to enter as many responses for that same survey as they need.Reports and Data Exports with Repeating Instruments and Events: If one creates a report that contains data from a repeating instrument or repeating event, a field named 'redcap_repeat_instance' will be included that represents the instance number, which is an auto-numbered value (starting with '1') that gets incremented each time the instrument/event is repeated. And if the report contains data specifically from a repeating instrument (as opposed to a repeating event), then a field named 'redcap_repeat_instrument' will additionally be included that represents the instrument name that denotes to which instrument the row of data belongs. These two fields will only be included automatically in the report or data export if data originates from a repeating instrument or event. Note: Each repeated instance of an instrument or event will be displayed as a new row in the report or export file.While repeating instruments/events are fully supported when using Double Data Entry with regard to data entry workflow, please see the following notice for the Data Comparison Tool: “The Data Comparison Tool does not *fully* support the Repeating Instruments and Events feature, which appears to be enabled in this project. Data can be compared (and even merged if using Double Data Entry), but it will only allow comparison and merging of Instance #1 of a repeating instrument or repeating event. Thus all other repeating data will be ignored on this page. Also, all non-repeating data can still be compared and merged.”Improvement: New interface for Home/My Projects/Control Center pages.Improvement: New font “Open Sans” is available to use for the font on surveys.Improvement: The Project Revision History page is now much faster to load for production projects.Improvement: The results displayed from executed rules on the Data Quality page now display the field label above the variable name and value. This provides better context for users who might not know the variable names.Improvement: Execution of Data Quality rules should now be less intensive on the database server, especially when running them on larger data sets.Improvement: A PDF of record data for all instruments/events for a given record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.Improvement: A zip file containing all uploaded documents (or signature files) for an individual record can now be downloaded from the "Choose action for record" drop-down on the Record Home Page if the user has Data Export privileges.Improvement: File Upload fields that are displayed on reports will no longer display the text "[document]", but will instead provide a "Download" button so that the user can actually download the file from the report.Improvement: When the user clicks the "Save & Stay" button (formerly the "Save and Continue button) on a data entry form, it now says "Record XXXX was successfully edited" at the top of the page to denote that the form was saved.Improvement/change: Assigning a record to a Data Access Group (or unassigning/reassigning a record) is now performed on the Record Home page using the "Choose action for record" drop-down list rather than on the data entry form. The only exception for this is when a record is being created on a data entry form (when the record does not yet exist), in which it will allow the user to set the Data Access Group using the drop-down list at the top right of the form. This is so a record can be assigned to a DAG at the moment of its creation.Improvement: For records that have been assigned to a Data Access Group, it will now display their Data Access Group assignment under the recod name on the Record Home Page.BUG FIXES & OTHER CHANGES:Medium security fix:?A cross-site scripting vulnerability was found that could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code to render an iframe on a project page.Major bug fix:?If importing data using the Dynamic Data Pull (DDP) in which some values on the adjudication screen are unchecked (so that they do not get imported), then it would mistakenly import those values anyway when the Save button is clicked. (Bug emerged in version 6.18.1.)Bug fix: If a user in a project had been set to receive Survey Notifications when someone completed a survey, and then the user was removed from the project, then the user would mistakenly still show up in the list of users in the Survey Notifications popup in the Online Designer, even though the user is not selectable there.Improvement/change: The $repeat_instance parameter was added to the two plugin/hook methods REDCap::getSurveyReturnCode and REDCap::getSurveyLink. The parameter is to be used only for projects with repeating instruments/events, in which it is the repeat instance number of the repeating event (if longitudinal) or the repeating instrument (if classic or longitudinal).Improvement/change: The $repeat_instance parameter was added to the two API methods "Export a Survey Return Code" and "Export a Survey Link". The parameter is to be used only for projects with repeating instruments/events, in which it is the repeat instance number of the repeating event (if longitudinal) or the repeating instrument (if classic or longitudinal).Improvement/change: The $repeat_instance parameter was added to the three API methods "Export a File", "Import a File", and "Delete a File". The parameter is to be used only for projects with repeating instruments/events, in which it is the repeat instance number of the repeating event (if longitudinal) or the repeating instrument (if classic or longitudinal).Minor security fix: A few cross-site scripting vulnerabilities were found on different pages in REDCap, in which they could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code.Minor security fix: A vulnerable version of Shockwave Flash was used on the Public Survey Link page in projects utilizing surveys. All Shockwave Flash modules have been removed, and have been replaced with a JavaScript equivalent.Change: Minimum PHP version for REDCap 7.0.0 and later is PHP 5.3Change: REDCap’s base font is now Open Sans, and is slightly bigger in size, providing better readability. In previous versions, the base font was Arial. Note: Any plugins or hooks that don’t have their own specific stylesheets that set the font-family of their content will be affected by this.Change: Renaming a record is now performed on the Record Home page using the "Choose action for record" drop-down list rather than on the first data entry form.Change: The location of the “Design your data collection instruments” step and “Define your events” step (longitudinal projects only) on the Project Setup page will now remain in the same location on the page when in production status as they did when in development status. In previous versions, these two steps were moved to the bottom of the page. This change is to provide more consistency for where things are located during the entire development of a project.Bug fix: On the "Stats & Charts" page of a report, it would mistakenly display a negative number for the Missing count of each field for longitudinal projects only. (Ticket #11124)Bug fix: When clicking the "Create a report" button in the Project Home page's Quick Task box, it takes the user to a non-existent page. (Ticket #11730)Change: The method in which to delete an entire record has been changed. It is no longer done by clicking a button at the bottom of the data entry form, but rather it is done by selecting the Delete Record option in the record actions drop-down on the Record Home Page.Change: The method in which to delete an entire event of a record has been changed (this applies to longitudinal projects only). It is no longer done by clicking a button at the bottom of the data entry form, but rather it is done by clicking the red X icons now displayed in the bottom row of the status table on the Record Home Page.Bug fix: When attempting to use Send-It to send a file from the File Repository or right after performing a data export, the popup that it opens would mistakenly redirect to the main Home page.Bug fix: When downloading a PDF of a survey response, it might on some occasions not display the label "Response was added on [timestamp]" in the PDF for the response.Bug fix: When downloading a PDF of a survey response, it would mistakenly not perform piping for the survey instructions if variables were used in the instructions.Bug fix: The @PLACEHOLDER action tag was mistakenly not appearing on drop-down fields that have the auto-complete feature enabled.Bug fix/change: The Logging page in a longitudinal project now only says Created Record when a record is actually created. In previous versions, it would mistakenly say Created Record for when new events of data were added for existing records, which was confusing.Bug fix: The API example file for the File Import API method in PHP had an error in it. This only affects the PHP example of this method.Bug fix: The Survey Queue Link header text was missing in the Participant List download.Bug fix: The Configuration Check was giving incorrect information about how to install the ZipArchive extension in PHP if the extension is not yet installed on the REDCap server. (Ticket #11749)Bug fix: If using Table-based authentication and resetting one's password recovery question on the My Profile page, it would take the user back to the My Projects page and mistakenly not prompt them to enter a new recovery question for certain cases when Two Factor Authentication has been enabled in REDCap.Bug fix: When installing, upgrading to, or upgrading higher than REDCap 6.17.0, for certain database configurations it might display an erroneous error message "ERROR: Your REDCap database structure is incorrect!" on the Configuration Check page. (Ticket #12029)Bug fix: An error would occur when a developer uses the REDCap::getData method to pull data from one project (specifying the project_id parameter in the method) while inside a hook from another project. (Ticket #12095)Bug fix: Fields having "email" field validation would mistakenly not allow for top-level domains exceeding 4 characters (the part of the email domain name to the right of the dot, e.g.?john@example.global).Bug fix: For certain versions of PHP, the data import process might mistakenly throw a fatal PHP error when assigning records to Data Access Groups via Data Import Tool or API data import. (Ticket #11870)Bug fix: For certain versions of PHP, clicking the "View All Projects" button on the "Browse Projects" page in the Control Center will mistakenly throw a fatal PHP error and prevent the page from loading. (Ticket #12148)Bug fix: When importing users via the API User Import method, it would fail if the users were being added to the project (were not existing project users) and were not being assigned to a Data Access Group during the import. (Ticket #12031)Change/improvement: If a user clicks the "Add new record" button on the "Add/Edit Records" page, then it will automatically take them to the data entry form (rather than the Record Home Page) if the project contains only one instrument (or if longitudinal, only contains one designated instrument for the selected arm). This reduces clicks for the user and thus saves time.Bug fix: If CURL is not installed on the REDCap web server, then the Configuration Check page in the Control Center would mistakenly display a broken link in the instructions on how to install CURL on the server. (Ticket #11748)Bug fix: When executing Data Quality rule H across all records in a longitudinal project, it might mistakenly find false positives of incorrect calc field values in events that have no data. It should instead be ignoring events with no data for each given record. (Ticket #11599)Bug fix: For a very small minority of calculated fields, especially those using the IF function, the resulting calculation determined when viewing the calc field on its data entry form might be different than the one calculated during a data import or when running Data Quality rule H. (Ticket #12137)Bug fix: If a user puts focus on the text box of an auto-complete drop-down field on a survey or data entry form but does not change the field's value, then it would mistakenly trigger the "Save your changes" prompt if they try to leave the page. Note: This does not affect regular drop-down fields but only those with the auto-complete feature enabled. (Ticket #11725)Bug fix: If an auto-complete drop-down field on a survey or data entry form has an option whose option label is "-" (i.e., a single dash), then it will not render that option correctly when the drop-down is rendered on the page. Note: This does not affect regular drop-down fields but only those with the auto-complete feature enabled. (Ticket #12226)Change/improvement: The Data Dictionary Codebook now displays the unique form name next to the name of the instrument in the gray instrument header in the table.Bug fix: Text fields that have the field validation of Number 1/2/3/4 decimal place will mistakenly not have its stats displayed on the "Stats & Charts" page. (Ticket #12388)Bug fix: When viewing the API Tokens page where it displays when a token was last used by a user, it would mistakenly never load the "Last Used" timestamps in the table, but would always say "Loading..". (Ticket #12477)Bug fix: The Advanced Link feature for Project Bookmarks would fail when trying to authenticate the user's REDCap session. (Ticket #12522)Version 6.18.1 BUG FIXES & OTHER CHANGES:Major bug fix:?If the user has downloaded a PROMIS or Neuro-QoL Auto-Scoring instrument or Adaptive instrument from the REDCap Shared Library, in which some of the questions in the assessment have a "not applicable" type option (e.g., "I did not do this..."), then when submitting a question with that option selected, REDCap would mistakenly say that it could not communicate with the PROMIS server and end the survey prematurely. Note: This only affects a small minority of the PROMIS/Neuro-QoL instruments.Minor security fix:?Two cross-site scripting vulnerabilities were found on two separate pages in REDCap, in which they could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code.Bug fix: If importing data using the Dynamic Data Pull (DDP) in which the adjudication screen displays new data that has been pulled from the source system after some values have already been imported via DDP into the REDCap project, it would mistakenly not allow the user to dismiss the new values if the user did not want to import them, thus forcing the values to always be displayed in the adjudication popup until at some point at least one value was selected to import.Bug fix: When creating a project via a project XML file, if the project from which the XML file was downloaded was a longitudinal project in which no instruments were designated for any events in the project, then it would display an error and prevent the user from creating a new project from the XML file.Change: Added check for custom hook specifically for Shibboleth authentication in order to allow e-signatures to work with Shibboleth on data entry forms. (Ticket #10225)Bug fix: When "real-time execution" is enabled for Data Quality rules in a project, the processing of the rules on the data entry form can take an unusually long time if there are more than 10 or so rules being executed at a time. (Ticket #8602)Version 6.18.0 NEW FEATURES & IMPROVEMENTS:New feature: Field name (variable) auto-suggest when typing branching logic, calculations, or general conditional logic?(Survey Queue, Automated Survey Invitation, Data Quality rule, report filter’s advanced logic). While typing logic/calculations into the text box, it will auto-suggest a REDCap variable name from your project that is clickable to inject into the text box. If the project is longitudinal, it will also suggest event names to inject unique event names.New feature: Real-time validator for branching logic, calculations, or general conditional logic?(Survey Queue, Automated Survey Invitation) that allows you to run your logic/calculation on a specific record in the project, and it returns the result. For example, if typing branching logic in the?Add/Edit Branching Logic popup in the Online Designer, you can select a record, and it will tell you if the field will be displayed or hidden for that record based upon the record’s currently saved values. When typing calculations, it will return the actually calculated value of the field for a selected record. This makes it easier to formulate your logic and calculations so that you get them right the first time.New Action Tag: @PLACEHOLDER?- Is used to specify a short hint that describes the expected value of a Text field or Notes field (e.g. a sample value or a short description of the expected format). The placeholder is displayed inside the field before a value is entered. The format must follow the pattern @PLACEHOLDER='????', in which the text to be displayed should be inside single or double quotes. This action tag is compatible with all browsers, including Internet Explorer 8 and 9.New Action Tag: @SYNC-APP?- Can be used only for File Upload and Signature fields. If the project is initialized in the REDCap Mobile App, this will cause any image files uploaded to a record to be sent to the app so that they are viewable in the app when editing the record. NOTE: For use only in the REDCap Mobile App.New API method: Generate Next Record Name?(content=generateNextRecordName) - To be used by projects with record auto-numbering enabled, this method exports the next potential record ID for a project. It generates the next record name by determining the current maximum numerical record ID and then incrementing it by one. Note: This method does not create a new record, but merely determines what the next record name would be. If using Data Access Groups (DAGs) in the project, this method accounts for the special formatting of the record name for users in DAGs (e.g., DAG-ID); in this case, it only assigns the next value for ID for all numbers inside a DAG.Improvement: PDF exports of instruments are now able to display inline BMP image attachments for Descriptive fields. In previous versions, it would simply omit the image in the resulting PDF file.BUG FIXES & OTHER CHANGES:Bug fix: The Participant List table and the table on the "Set up project bookmarks" page would run off the page if the page was too narrow while not providing any horizontal scroll bars, which prevented the table from being fully viewed.Bug fix: If a CSV data file is uploaded on the Data Import Tool with records represented as columns in the file, then if any columns have a header value in the first row but do not have any data in the column, then it would mistakenly display an error that the record ID was missing for a record being imported. (Ticket #10180)Bug fix: When attempting to assign a user to a Data Access Group using the User Import API method, it would mistakenly fail to assign the user to the DAG and not return any kind of error message. (Ticket #10292)Bug fix: If a user clicks the "Erase All Data" button on the "Other Functionality" page in a project, it would mistakenly delete all user-uploaded files in the File Repository when it should only delete data export files that are stored there. (Ticket #10058)Bug fix: If using a version of PHP below PHP 5.5 on your REDCap web server, then the REDCap API and API Playground might not function. This was due to the mistaken usage of the PHP function json_last_error_msg(), which only exists in PHP 5.5 and up. (Ticket #10459)Bug fix: When using the Twilio telephony services, on certain occasions it might not always erase the call logs or SMS message logs from Twilio's log on its website as logs are created from REDCap's usage of Twilio. It now does a much better job of erasing the log within the user's Twilio account for the phone number being used for the REDCap project.Bug fix: If a field's branching logic contains a line break (or line feed character) in certain places, then it would cause the survey or data entry form not to load and display an erroneous error.Bug fix: When exporting the instrument-event mappings of a longitudinal project, if no mappings exist, then it would mistakenly return a blank CSV file. It now instead returns the file with the headers only.Bug fix: When a user is copying a project when only administrators can create/copy projects for users (i.e., users must request it), then if the user selected the Survey Queue and Automated Survey Invitations to be copied, it would mistakenly not select that checkbox option when the administrator goes to copy the project. (Ticket #10676) Bug fix: When a user is creating a new project from an ODM/XML project file, it will now no longer prevent the import if data validation errors exist for data inside the XML file. Also, it will be more lax about minor metadata issues for fields in the XML file. This should improve the overall experience of importing XML project files.Version 6.17.2 BUG FIXES & OTHER CHANGES:Change: When viewing the Agenda tab on the Calendar page in a project, it now displays all the text fully for each calendar event when printing the page. In previous versions it truncated it, even in the print view.Bug fix: The Survey Notifications feature would mistakenly not include the Participant Identifier inside the email to the survey administrator unless the survey that was taken was the first instrument (and first event, if longitudinal) of the project.Bug fix: When downloading a PDF containing data for one or all instruments where branching logic is used on all the fields in a given matrix or a given section, in which all matrix fields or all fields in a whole section would be hidden by branching logic based upon the data, then some text in the PDF might mistakenly overlap or alternatively might cause the PDF itself to be corrupt and thus not be able to be opened by a PDF reader.Bug fix: The Activity Graphs page in the Control Center would display dates that were mistakenly one month off (e.g., showing dates for November when it's currently October).Bug fix: For classic projects only, the Custom Record Label and Secondary Unique Field, if enabled, were mistakenly not displaying next to the record name on the left-hand project menu when a data entry form is being viewed.Bug fix: The font resize buttons at the top of survey pages would not always enlarge/shrink the text in correct proportions. (Ticket #9499)Bug fix: If a user has been assigned to a Data Access Group, then it would mistakenly allow them to try and add a new user or assign a new user to a role on the User Rights page, even though such is not allowed. And these attempts would inevitably fail and display an error message (or nothing). In that case, it now simply disables the add new user and add new role section of the page.Bug fix: The redcap_connect.php file included in the install zip package would mistakenly fail to connect to MySQL over SSL without client certificate authentication. That file has now been updated in the install zip package. (Ticket #9900)Bug fix: If a user downloads a PDF of all records from the Other Export Options tab of the "Data Exports, Reports, and Stats" page, then it will result in a blank PDF (no text - completely blank) if the project has no records. This is expected but confusing. It now displays a message to the user in this case that the PDF is not downloadable since no records have been created yet.Bug fix: In some rare cases the action of reordering reports on the "Data Exports, Reports, and Stats" page might cause some database queries to overlap and cause a deadlock, thus impacting overall database performance. The process has now been wrapped in a MySQL transaction to prevent this. (Ticket #9716)Change (technical): Replaced the usage of PHP Pear DB with Pear MDB2 (which supersedes it) for Table-based authentication. This should not affect any behavior at all. This should also allow Table-based authentication to work for MySQL connections over SSL.Version 6.17.1 BUG FIXES & OTHER CHANGES:Improvement:?The biomedical ontology search (via BioPortal web service) is now customizable so that it can now point to a different BioPortal end-point (e.g., "") by setting the value of bioportal_api_url in the redcap_config database table. (Note: If that value is changed, then it is advised to also set the fields bioportal_api_token, bioportal_ontology_list, and bioportal_ontology_list_cache_time in that table to a blank ("") value.)Major bug fix:?When performing a data import (API, mobile app, or Data Import Tool) in which one of the fields being imported is a checkbox field, if only some (but not all) of the checkbox options are included in the data import, then those options that are not included in the import will mistakenly get overwritten as "unchecked" (0) if they are currently "checked" (1) in the project. (Ticket #8325)Major bug fix:?When performing a data import (API, mobile app, or Data Import Tool), in which a field being imported contains a checkbox with negative coded choices (e.g., -3), then in specific situations the values for the negative coded choices might not get successfully saved during the import process.Bug fix: The page footer on project-level pages might mistakenly overlay onto the Automated Invitations popup on the Online Designer page. (Ticket #8946)Bug fix: On the Configuration Check page in the Control Center, it will no longer automatically try to set the permissions of the temp and edocs directories as "world writable" (777), which could create security issues for some server configurations depending on the institution's local IT policy.Bug fix: The API method exportFieldNames and the plugin/hook method REDCap::exportFieldNames were mistakenly not returning calc fields. (Ticket #9041)Bug fix: In Step 3 (Filters) when creating/editing a report, if a Form Status field is selected as a filter, the drop-down of choices that appear on the right of it would mistakenly include a blank choice option. Since Form Status fields never have a blank value ("0" is the default value), it should not have an empty option to choose.Change: In the "Main project settings" step on the Project Setup page in a project, the position of the two choices were swapped to bring survey functionality to the forefront.Bug fix: When using the Twilio telephony services in a longitudinal project in which the designated email field or designated phone field is used for survey invitations, then when sending/scheduling new invitations and setting the invitation type as "participant's preference", it might mistakenly deliver the survey invitation via email rather than using their preference.Change: Some speed improvements on the Record Home Page if using multiple arms in a longitudinal project.Version 6.17.0 NEW FEATURES & IMPROVEMENTS:New feature:?Account Manager user type?- Users can now be designated as an Account Manager by an Administrator on the "Designating REDCap Administrators and Account Managers" page in the Control Center. Account Managers are users that can aid Administrators with user-related administrative tasks. Account Managers are normal users that have the extra abilities of creating and accessing user accounts (Browse Users page) and being able to access the Email Users page and User Whitelist page. Account Managers do *not* have access to other users' projects or data. Note: A user cannot be both an Administrator and an Account Manager at the same time.New feature:?Data dictionary snapshot?- Users can now click a button on the Online Designer to create a snapshot of their instruments (i.e., CSV data dictionary) that gets stored on the Project Revision History page. Additionally, a data dictionary snapshot is also created automatically whenever a data dictionary is uploaded on the Data Dictionary Upload page or via the API metadata import.New feature:?Preview email?- When composing an email on the "Email Users" page in the Control Center and also when composing survey invitations (e.g., the Participant List, Automated Survey Invitations set up), there is now a Preview option for viewing the fully-rendered HTML preview of the email that is being composed. Additionally, there is an option to send a test email to oneself in case they want to actually receive a copy the email being composed before officially sending it to others.Improvement: When reviewing drafted changes in a production project, it now provides a "Compare" button for multiple choice fields that have a change in one or more choices. Clicking the button opens a popup with a table displaying each choice on a row and noting if the choice is Unchanged, Altered, Added, or Removed. Additionally, it also displays how many records have a saved value for the given choice. This will help when reviewing draft changes when in production status.Improvement: When reviewing drafted changes in a production project, it will now give a warning on the page if a user has initialized the project in the REDCap Mobile App. It will note that the changes being made *may* affect the app user's ability to sync data back to the project and recommends that perhaps the app user should first sync all their data back to the server before the changes are committed.Improvement: When reviewing drafted changes in a production project, it now truncates any text (field labels, choices, etc.) in the table that is very long, and provides a "Show more" link if you wish to view the full text.Improvement: The User Access Dashboard now only shows projects with more than one user. Since it makes no sense to display projects in which the user is the only person with access to the project, those projects will no longer be displayed on the page since they are irrelevant for the purpose of the UAD.Improvement: When reviewing drafted changes in a production project, if any fields are being deleted and those fields contain data, it will note how many records will be affected for each field deleted. Also, if fields are being added and those fields previously existed in the project, in which they had data saved or them but then the fields were deleted, then it will note how many records have orphaned data for those fields (because that data will be restored if the fields are re-added - this is sometimes undesirable).BUG FIXES & OTHER CHANGES:Major security fixes:?Several vulnerabilities (cross-site scripting, cross-site request forgery) were found on various pages throughout REDCap, in which they could possibly be exploited by a malicious user who has knowledge of REDCap's internal file architecture and who also knows how to craft a specific string of JavaScript code. (The changes to the Activity Graphs page in the Control Center, in which a different chart technology is now used for displaying the charts, is due to a vulnerability that was discovered in the older charts package that was used.)Major bug fix:?When an API user has been assigned to a Data Access Group, it might mistakenly allow their API request to modify data for existing records that are not in their DAG. It could also allow the API request to reassign an existing record to the user's DAG, which should not be possible if the API user is already assigned to a DAG.Change: When editing the choices of a multiple choice field in the Online Designer, the auto-coding behavior is now slightly different when projects are in Development status when replacing the existing choices with brand new ones that do not have explicit coding. In previous versions, if existing choices were completely replaced with non-coded choices (i.e., just the choice labels), it would auto-code the new choices beginning with one number higher than the highest-numbered of the previously existing choices, whereas now (in development only) it will auto-code the choices to begin with "1" if all the choices are replaced. Note: This change is for development status only because it could have disastrous effects on data for projects in production when performing real data collection.Bug fix: Some error messages for API data imports were mistakenly not displaying all the error messages back the client but instead were returning a very generic message saying that the data might be in the wrong format.Change: When copying a project that utilizes surveys and Automated Survey Invitations, any ASIs that are copied are now set to "Not Active" by default in the new project. A note was added regarding this on the Copy Project page. The reason for this change is because so many users would copy the project with records and begin testing the new project via data entry, which would mistakenly trigger the ASIs to send emails to real participants copied from the original project. So the change was made to prevent this undesirable situation from happening. So now when copying a project, all ASIs will need to be set as Active individually after the project is copied.Bug fix: If the variable for a checkbox field somehow ends with an underscore (they typically should not, but could due to older bugs that have since been fixed), then their data might not get parsed and interpreted correctly during a data import, thus resulting in an import error. (Ticket #7028)Bug fix: If a field (excluding checkboxes) has a value and then the value is later deleted, it would mistakenly leave a blank value in the redcap_data database table rather than removing the whole row in the table. This would not affect data quality in any way but could cause problems for groups that have plugins or reports that query REDCap's back-end directly.Bug fix: The page footer on project-level pages might mistakenly overlay onto the Automated Invitations popup on the Online Designer page. (Ticket #7059)Change: Some extra error handling and error messages were added for the case when very large files are uploaded in REDCap and result in a server error because of their size.Bug fix: If a calculated field contains a datediff() function that does not reference "mdy" or "dmy" explicitly as the date format in the function, then on some occasions REDCap might crash due to a fatal PHP error during a data import or when saving a form or survey. (Ticket #7264)Bug fix: When attempting to create a longitudinal project using a project XML file, if the XML file contains data on forms that used to be designated for a given event but now are not, in which the data remains orphaned but still exists in the export, then it would display an error that the project could not be created from the XML file because it will not allow data to be imported in undesignated form/events. (Ticket #7794)Bug fix: When copying a project and selecting to copy the Automated Survey Invitation settings, it would mistakenly not copy the settings for reminders and the "Ensure logic is still true" setting. (Ticket #7941)Bug fix: When entering conditional logic for Automatic Survey Invitations, Survey Queue, etc., it would mistakenly throw an error if a variable inside square brackets was not used in the logic. There are some cases in which logic may not have any variables in them.Change: The following text was added for clarification to the @TODAY or @NOW action tags' instructions: "This action tag should not be used with fields that will be hidden by branching logic because it will always prompt the user to erase the value when the field gets hidden".Bug fix: The characters were not displaying correctly for the Friendly Code column of the Spanish characters table on the "Help & FAQ" page. (Ticket #8000)Change: Replaced all references of “super users” with “Administrators” in all text to be more consistent with the usage of language.Bug fix: When a project's "character encoding for exported files" setting is set to "Japanese (Shift JIS)" on the "Edit a Project's Settings" page, it would prevent Japanese text from displaying properly for field labels, field notes, etc. in the REDCap Mobile App.Bug fix: For unknown reasons in particular MySQL configurations, REDCap projects were mistakenly not getting deleted successfully (when a project had been deleted by a user) and thus the project would forever remain in the database, in which REDCap would continuously try (but fail) to delete them over and over again. (Ticket #4994)Bug fix: If a user has Data Access Group privileges in a project but does not have User Rights privileges, then the "DAGs" link on the left-hand menu would mistakenly not get displayed. (Ticket #8381)Bug fix: If a data value is somehow saved multiple times within the same second of time for a given record-event-field, then the Data History popup would mistakenly not show all the logged events for that field but instead would only show the last event logged within that second of time. (Ticket #8323)Bug fix: When using the Twilio telephony services for surveys, if a participant was sent an SMS message from the Public Survey Link page in order to begin a survey as an SMS conversation, then it would never allow them to start the survey but would mistakenly keep asking for a survey access code. This occurred for public surveys only, and only with SMS conversation surveys.Bug fix: The "Custom Application Links for Projects" page in the Control Center would mistakenly not display the "delete" column on the far right of the page, thus making it impossible to delete a custom application link that had been created.Bug fix: When using the Twilio telephony services for surveys, the "Auto-continue to next survey" setting would mistakenly not advance the participant to the next survey if taking the survey via SMS or voice call.Bug fix: Custom Event Labels were mistakenly not getting copied when doing "Copy Project" or when creating a new project via the project XML file. (Ticket #7835)Bug fix: When exporting the project XML file, it would mistakenly not include the Bioportal Ontology attribute of a field in the XMl file if the field was utilizing the ontology auto-suggest feature.Bug fix: The two gray box sections on the Project Home page would mistakenly display side by side on very wide screens. (Ticket #8093)Bug fix: When editing a File Upload field in the Online Designer, in certain circumstances it would mistakenly set the field type as "Text Box" instead of "File Upload" after opening the "Edit Field" popup dialog. (Ticket #8163)Version 6.16.8 BUG FIXES & OTHER CHANGES:Bug fix: When on the To-Do List page in the Control Center, clicking on the "Add Users (Table-based only)" link on the left-hand menu mistakenly results in a 404 "page not found" error. (Ticket #6739)Bug fix: When adding/editing an SQL field, if the SQL query is pulling two fields and they are both named the same thing in the query (e.g., "select a.value, b.value..."), then it will mistakenly overwrite the first value with the second value, thus making the drop-down values also be the same as their corresponding labels (rather than the actual desired value). (Ticket #6758)Bug fix: When a project's "character encoding of exported files" is set to "Japanese (Shift JIS)", the PDF export of instruments will fail if the server is using PHP 7.Bug fix: If the @HIDEBUTTON action tag is used for a date or datetime field, the date format note to the right of the field (e.g., "M-D-Y") would mistakenly not be displayed on forms and surveys.Bug fix: If a project has been taken offline via the "Edit A Project's Settings" page in the Control Center, it displays a red box at the top of the Home/Project Setup page in the project; however, the link inside the red box that points to the "Edit A Project's Settings" page mistakenly does not load the settings for that particular project.Bug fix: The Configuration Check page was not checking to see if the PHP extension named "XMLReader" is installed. This extension is used for some important features, such as project XML export. (Ticket #7128)Change/bug fix: Updated "Help & FAQ" page with new content. Also fixed links to the FAQ that pointed to sections that no longer exist.Version 6.16.7 New Features & Improvements:New feature:?Custom Event LabelsCustom Event Labels can now be optionally added for any event in a longitudinal project when adding/editing events on the Define Events page. These custom labels can be used for piping data from a given event into the event's table header on the Record Home Page (i.e., Event Grid). For example, if each event represents a single visit of a person, then if you are collecting the date in a field called 'visit_date' on each event, then you can set the Custom Event Label as '[visit_date]' for all those visit events. This will provide useful context for each event when viewing all the events of the record. You can also get more advanced with the piping by using multiple fields and even static text. For example, '[visit_date], [weight] lbs'.The custom_event_label attribute for events has been added to the Export Events API method.Improvement: Data entry forms behave slightly differently when two users are accessing the same record-event-form in the same project. In previous versions, it would completely prevent a user from viewing the form if another user (excluding super users) were already viewing it (note: super users were able to view the page at the same time as any user). However, this has been changed so that it will allow the user to view the form at the same time as another user, but it will make the form read-only/disabled if another user (including a super user) is already viewing it. This is an improvement since it actually lets the user view the form and its data, whereas previously they could not even view it.BUG FIXES & OTHER CHANGES:Minor security fix: A cross-site scripting vulnerability was found on survey-related page in which the vulnerability could possibly be exploited by a malicious user who has knowledge of REDCap's internal file architecture and who also knows how to craft a specific string of JavaScript code.Change: The "lock all forms" and "unlock all forms" links that appear near the bottom of the "Record Home Page" (formerly known as the "Event Grid") in longitudinal projects have now been replaced with an "Actions" drop-down higher up on the page above the table of events. In this way, users can still perform the same actions as before but by choosing an option in the drop-down near the top rather than clicking the links that used to exist near the bottom.Bug fix: When the survey confirmation email has been enabled for a given survey, but REDCap does not possess the participant's email address, the green box displayed on the Survey Completion page (for the participant to enter their email) is not aligned correctly on the page. Also, the button text inside the green box would mistakenly spill out of the button in Internet Explorer 11 only.Bug fix: If using the @READONLY or @READONLY-SURVEY action tag on a survey that has the Enhanced Choices option enabled, the options for those radio button fields and checkbox fields would mistakenly not be disabled but would allow participants to select a choice and save data for the field.Bug fix: If executing a rule in the Data Quality module where the rule runs for more than 20 minutes, in which it would have timed out, it might not display an error message to the user but instead might mistakenly appear to run forever (even though it has really stopped).Bug fix: If using a literal date or datetime value (e.g., "01-31-2016") inside the datediff() function that is nested inside another function in a calculated field *and* that literal value is also in MDY or DMY date format, then it may mistakenly not perform auto-calculations correctly and may return incorrect discrepancies for Data Quality rule H. (Ticket #1954)Bug fix: If a calc field's value was created via Auto-calculation during a data import, then it would mistakenly not include the "(Auto calculation)" note for the logged event on the project Logging page.Bug fix: When attempting to edit a matrix of fields in the Online Designer, if one of the field labels contains non-displayable characters (black diamond with question mark), it would mistakenly throw a JavaScript error and prevent the "Edit Matrix of Fields" popup from opening.Bug fix: If authentication has not been enabled in REDCap and a new Table-based user is created by an administrator, then if the new user follows the "reset password" link in the email they receive, it will not do anything except load the REDCap Home page. This is due to the fact that authentication must be enabled before the link will work, which is not always obvious and can be very confusing. In this situation, after clicking the link in the email, it now displays a message to the user that the administrator must first enable authentication before the link will work and allow them to log in using their new REDCap account.Change (bug fix for future bug): The Text-To-Speech functionality that can be enabled on surveys will cease to work as of Oct 1st, 2016 since the current TTS service being used (AT&T) will be discontinuing the service. To prepare for this, this REDCap version will instead utilize the IBM Watson text-to-speech API service. The disadvantage of this new service is that it does not yet work on mobile devices, iOS, or the Safari browser, although this will soon be improved (according to IBM). Note: For all REDCap versions 6.9.1-6.16.6 (Standard) or 6.10.2-6.15.7 (LTS), the text-to-speech functionality will still work between now until Oct 1st, 2016, after which it will not work again until you upgrade to the latest release.Bug fix: If using the Enhanced Choices setting on surveys, and a choice for a radio or checkbox field has no choice label, then the enhanced choice button on the survey page mistakenly looks flattened and smaller than the intended height.Bug fix: If a respondent is returning to a multi-page survey that has the "Save & Return Later" option enabled, it might mistakenly take them to the wrong survey page if the @HIDDEN and @HIDDEN-SURVEY action tags are being utilized on that instrument and also have data saved for fields utilizing those action tags. It now ignores fields that utilize @HIDDEN and @HIDDEN-SURVEY when determining which page to load for the respondent.Bug fix: The Data Search functionality on the Add/Edit Record page would mistakenly return duplicate results on some occasions.Version 6.16.6 BUG FIXES & OTHER CHANGES:Medium security fix: A cross-site scripting vulnerability was found on the Project Bookmarks page, Project Home page, and Project Revision History page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific string of JavaScript code.Bug fix: When viewing the Project Setup page on a wide screen, the steps on the page may mistakenly get displayed as two columns instead of one.Bug fix: The configuration setting "Contact person web address/URL" on the Home Page Settings page in the Control Center was mistakenly not being used on the login page in place of the "Contact name email". (Ticket #5961)Bug fix: Fixed outdated text inside the "Move Project to Production Status" popup on the Project Setup page. (Ticket #5974)Bug fix: When exporting data via the API's "Export Records" method in which the data is being exported as "labels" (rather than "raw") and in EAV format, then any Yes/No or True/False fields that used to have a value at one point but then had the value removed, those will mistakenly get exported as "No" and "False", respectively, rather than as blank. It will now not return the row of EAV data if the value is blank or has been removed. (Ticket #6011)Bug fix: When exporting data via the API's "Export Records" method in which the data is being exported in EAV format, any values that belong to multiple choice fields that have had an option/choice removed, thus orphaning the stored data value, would mistakenly return a blank value for the field in the data export rather than the raw value that is actually stored. It now returns the raw data value that has been orphaned, regardless of exporting "labels" or "raw" data. This only occurs for EAV format exports. (Ticket #6012)Bug fix: When clicking the "Request delete project" button on the Other Functionality page of a project that is in Inactive or Archived status, it would mistakenly display a popup window that contained a "0" rather than the correct text content, and thus would not function correctly. (Ticket #6031)Bug fix: When using the Twilio telephony services for surveys, the following things would mistakenly not get triggered if a survey was completed via voice call or SMS: 1) sending confirmation email to respondent, and 2) sending email notifications to project users.Bug fix: When printing the schedule of a record via the "Print Schedule" link at the bottom of the Scheduling page, it would mistakenly not display the Custom Record Label or Secondary Unique Field label on the page to be printed.Bug fix: When exporting the To-Do List as a CSV file in the Control Center, the user's name and email address are not correct for the user who made the request. (Ticket #5885)Bug fix: When using the Twilio telephony services for surveys, piping might not be successful if data is being piped into a Section Header or Descriptive field.Version 6.16.5 BUG FIXES & OTHER CHANGES:Major bug fix: If the Survey Login feature is being used on a survey, if no data exists for the login fields for the given record, then it would mistakenly allow the participant to navigate to the survey without having entered a value for the login field.Major bug fix: If a slider on a data entry form or survey had already had its value set, then when returning to the page, the slider would mistakenly be disabled. Fortunately the slider's value would *not* get reset to blank/null if the page was resaved. However, the user might attempt to set the value again if they noticed that the slider appeared not to be set, which might result in a different value being saved from the original.Bug fix: On iOS devices, drop-down fields on surveys and data entry forms would have their option text truncated if it is fairly long, thus making it impossible to view the entire choice's label.Bug fix: If creating a new report and selecting an instrument from the "add all fields from selected instrument" option in Step 2, it would mistakenly add empty placeholder fields to the report where any Descriptive fields exist. (Ticket #5301)Bug fix: If a survey invitation had attempted to send but failed (e.g., email address was not available) for an existing record in a project, it would mistakenly show the send status of the invitation as pending at the top of the data entry form for that record. In this case, it now correctly shows the status as failed to send.Bug fix: For multi-page surveys where an entire page has every question hidden due to branching logic, it might mistakenly still display the page (it is supposed to skip the page) even though no questions are visible on the page. (Ticket #5230)Bug fix: The action tags @HIDDEN and @HIDDEN-SURVEY were mistakenly not being considered when a survey page is supposed to be skipped due to all questions on the page being hidden, thus possibly displaying the survey page with all questions hidden.Bug fix: When editing a matrix of fields in the Online Designer, if a \' (backslash apostrophe) are entered together in the section header, field labels, question numbers, field annotations, or choice labels for any field in the matrix, then the "Edit Matrix of Fields" popup would not open anymore in the future due to a JavaScript error, thus making the matrix no longer editable in the Online Designer. (Ticket #5332)Bug fix: Error in API documentation for the Import Records method. (Ticket #5333)Change: When the REDCap web server fails to connect to the database, it now sends an HTTP 500 status in addition to the typical error message that gets displayed. This is especially helpful for API requests being made to the server in case the server goes offline.Bug fix: For certain server configurations, if a user logs out of REDCap, it will correctly destroy their session on the server (thus effectively ending their session), although the session cookie in the client might mistakenly not get deleted and may end up with the value "deleted". The leftover cookie does not pose a security concern since it is orphaned from the user's session after the logout has occurred. But regardless, the cookie should be deleted.Bug fix: If the Dynamic Data Pull (DDP) module is enabled in a project, the "Today"/"Now" button and date picker widget of a temporal field would mistakenly not trigger DDP to pull data from the source system.Bug fix: If the Dynamic Data Pull (DDP) module is enabled in a project, the "select all" and "deselect all" links on step 1 of the DDP field mapping page would not work correctly, and it would also cause the "number of fields selected" count to be mistakenly incorrect. (Ticket #5624)Change: The auto-complete option for drop-down fields is no longer enabled by default when creating a new drop-down field in the Online Designer.Bug fix: The event grid page in a longitudinal project would mistakenly not display the record name on the page if the form/event table was wider than 800 pixels. (Ticket #5674)Version 6.16.4 BUG FIXES & OTHER CHANGES:Improvement:?The Data Search feature on data entry forms can now be used to search data over all fields in the project (excluding multiple choice fields). This is now the default option, although users may still choose a specific field to further narrow down their search.Medium security fix:?A cross-site scripting vulnerability was found on survey pages and data entry forms regarding File Upload fields, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) or survey respondent who knows how to craft a specific HTTP request to REDCap.Minor security fix:?A cross-site scripting vulnerability was found on the Define Events project page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific HTTP request to REDCap.Bug fix: If a super user is attempting to permanently delete a project via the "Delete it now" link on the Browse Projects page in the Control Center, it would mistakenly not delete the project, even though it says it did.Bug fix: If a user opens a link to a project page while they are not yet logged in to REDCap, in which it displays the login page, then on certain occasions it might mistakenly display a dark overlay over the login page, thus making it impossible to put one's cursor into the input fields or click the "Log In" button".Bug fix: In the email that users are sent via Survey Email Notifications when a survey is completed, the date format of the timestamp contained in the email would not be in the format of the user's preference but instead would mistakenly always be in M/D/Y format. It now displays the date in the user's preferred date format in the email. (Ticket #4540)Bug fix: More fixes for the floating project page footer, which would sometimes cover page content if some of the page was loaded via AJAX. (Ticket #4781)Bug fix: For compatibility purposes, bare line feeds that exist in emails sent from REDCap are now replaced by a space + carriage return + line feed. (Ticket #3944)Bug fix: When copying a longitudinal project via the Copy Project button on the Other Functionality page and selecting the option to copy reports, then if a report in the project contains a filter that specifies a field on an explicit event, then the event designation will be mistakenly converted to "all events" in the same subsequent report in the new project. (Ticket #4779)Bug fix: Corrupted line feeds (carriage returns) can sometimes get added to Section Headers and Choices in data dictionaries. This was originally fixed in Ticket #4148 for Field Labels, but mistakenly still exists as a bug for Section Headers and Choices when uploading or downloading data dictionaries.Bug fix: When undesignating a super user on the "Designate a Super User" page in the Control Center, the user's row in the table would mistakenly not get removed after they had been undesignated if their username contained a dot or @ sign. Although it would still successfully undesignate them, the change would not be reflected on the page until the page was reloaded.Change: Every user's first and last name are now displayed in the drop-down list of users on the "Designate a Super User" page in the Control Center and also in the list of current super users on that page.Change: Changed the text "Matrix Header Text" to "Section Header Text" when adding/editing matrix fields in the Online Designer to reduce confusion between matrix headers and section headers.Version 6.16.3 BUG FIXES & OTHER CHANGES:Minor security fix: A cross-site scripting vulnerability was found on the Scheduling project page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific HTTP request to REDCap.Bug fix: If a user had requested an API token in a project, it would mistakenly allow them to send a duplicate request on the API Playground page and on the Mobile App page in a project.Bug fix: The page footer on project pages would sometimes obscure page content. (This bug was mistakenly thought to have been fixed in version 6.16.2, but was not.)Bug fix: If all the fields in a given section of a data entry form have the action tag @HIDDEN-APP or @HIDDEN-SURVEY, then when viewing the form, the section header above that section would mistakenly be hidden even though some of the fields in the section are still displayed. The section header should only be hidden if all fields in the section are hidden. (This bug was mistakenly thought to have been fixed in version 6.16.2, but was not.)Bug fix: Corrupted line feeds (carriage returns) can sometimes get added to Field Labels in data dictionaries. Their origin is unknown, although Microsoft Excel is suspected. This can sometimes cause line breaks to double (i.e., two carriage returns instead of one) when uploading data dictionaries, or can cause line breaks to completely disappear if editing a field in the Online Designer. Any existing corrupted line feeds will now be properly converted and fixed when importing or exporting data dictionaries and when editing a field in the Online Designer. (Ticket #4148)Bug fix: When using min/max range validation on a field having a validation type of datetime or datetime w/ seconds, in which a user enters an out-of-range value on a survey or data entry form, the error message popup that is displayed would mistakenly mangle the format of min/max values in the error message. (Ticket #4478)Version 6.16.2 BUG FIXES & OTHER CHANGES:Bug fix: If the Duo option is enabled for Two-Factor Authentication, then it would mistakenly always return the user to the page "index.php" of the current directory they are in after they log out or after their session times out, even if that page does not really exist in REDCap, which could be very confusing to users. (Ticket #3592)Bug fix: If using the @NOW or @TODAY action tags for date, time, or datetime fields, it would mistakenly set the text field to full width on a survey or data entry form rather than shortening the text field to its typical width based upon its specific validation type. (Ticket #3742)Bug fix: In older versions of Internet Explorer, if a survey respondent opens a survey link, then completes the survey, and then clicks the "Close survey" button afterward, then it might throw a JavaScript error. (Ticket #3721)Bug fix: If a user with E-signature privileges was attempting to e-sign a data entry form that had been previously locked, it would display an erroneous error.Bug fix: The page footer on project pages would sometimes obscure page content.Change: More granular error messages were added for the Import Records API method.Bug fix: If all the fields in a given section of a data entry form have the action tag @HIDDEN-APP or @HIDDEN-SURVEY, then when viewing the form, the section header above that section would mistakenly be hidden even though some of the fields in the section are still displayed. The section header should only be hidden if all fields in the section are hidden.Major bug fix: When editing a survey's settings via the Survey Settings button on the Online Designer, it might mistakenly fail to save the settings for certain MySQL configurations. (Ticket #3003)Bug fix: Minor formatting error in API documentation for Export Records method. (Ticket #4059)Bug fix: When using Enhanced Choices for radios/checkboxes on surveys, if a choice label has long words, it might mistakenly causes horizontal scrollbars to appear around the choice in certain web browsers.Version 6.16.1 BUG FIXES & OTHER CHANGES:Bug fix: When viewing a survey response on a data entry forms that contains a slider field, if the user has not clicked the "Edit response" button yet to make the form editable, then the page would throw a JavaScript error. However, this would not have any adverse effects on the page.Bug fix: When loading a public survey, it now employs stricter checking to doubly ensure that a public survey link does not get confused with a participant's unique survey link (since there might be a one-in-a-million chance that it could get confused under very specific and rare circumstances).Bug fix: If vertically-aligned slider fields have a lot of text for their slider labels, then the text would wrap too early and thus be too narrow. The slider labels are now displayed a bit wider for vertically-aligned sliders and are dynamic to look best based on the user's screen size.Bug fix: Fixed compatibility issues specifically related to MySQL 5.7 and its default sql_mode setting.Bug fix: If a File Upload field has the @READONLY action tag, and the field already contains an uploaded file for a given record, then when viewing the survey page or data entry form, it would mistakenly allow the user to delete the file and even upload another file afterward. (Ticket #3263)Bug fix: The server-side field validation would mistakenly get triggered on the record ID field when submitting a data entry form or survey if a record's name did not follow its specific field validation format. This would cause the server-side field validation message to constantly appear for that record unnecessarily whenever a form or survey was saved for the record. It now skips the server-side field validation for the record ID field when saving existing records.Bug fix: On the Administrator To-Do List page in the Control Center, the page navigation for the "Completed & Archived Requests" table would become unwieldy if there existed more than 20 pages, thus causing all the page numbers to overflow and take up too much space. It now only displays the first and last handful of pages for navigation.Bug fix: Fixed incorrect language in the "Move project to production" popup on the Project Setup page.Bug fix: When using calculated fields that utilize cross-event calculations in a longitudinal project, Auto-Calculations and Data Quality rule H would mistakenly not be able to process any calculation that references a field on an event that did not contain any data (i.e., an empty event) for a given record. Thus, DQ rule H would not find any discrepancies even when they exist, and Auto-Calculations would not properly get performed. (Ticket #2898)Change: If using the setting "Announcement text to display at top of Home page and My Projects page" found on the Home Page Configuration page in the Control Center, the custom text now displays above the login fields on the login page whereas in previous versions it was displayed below it, thus making it more difficult for users to notice.Bug fix: The action tags @HIDEBUTTON and @PASSWORDMASK were mistakenly not being employed on the Online Designer page when utilized for a given field.Bug fix: If using MySQL-over-SSL secure database connection while on PHP 5.1 or 5.2, it might not be able to make successful database connections since REDCap was using the MYSQLI_OPT_SSL_VERIFY_SERVER_CERT flag, which was introduced in PHP 5.3. It now only applies that flag if on PHP 5.3 or higher.Version 6.16.0 NEW FEATURES & IMPROVEMENTS:New feature - "Delete Records" API method?- Users may now delete individual records using the API. One or more records may be deleted using a single API request, in which the record name must be explicitly specified. For longitudinal projects having multiple arms, the optional "arm" parameter may be passed in the request so that the record is only deleted from the specified arm, whereas by default it will delete the record from all arms if the record exists in more than one arm.New feature - "Import Project Information" API method?- Users may now update certain project-level settings via the API, such as the project's title, if it is longitudinal, if surveys are enabled, etc. The following project attributes can be udpated: project_title, project_language, purpose, purpose_other, project_notes, custom_record_label, secondary_unique_field, is_longitudinal, surveys_enabled, scheduling_enabled, record_autonumbering_enabled, randomization_enabled, project_irb_number, project_grant_number, project_pi_firstname, project_pi_lastname, display_today_now_button.Improvement: Slider fields can be displayed as vertical?by setting their Custom Alignment to right-vertical (RV) or left-vertical (LV). Note: Any already-existing slider fields will automatically be converted to RH and LH alignment during the upgrade process if they previously had RV and LV alignment, respectively (this is because in previous versions there was no difference between the vertical and horizontal alignments for slider fields).BUG FIXES & OTHER CHANGES:Bug fix: If importing data via the Data Import Tool or API import for a longitudinal project in which multiple events are being imported for a record whose record name is mistakenly in different cases (e.g., "mea-101" vs "MEA-101") in the data being imported, then after importing that data, some of the data will never be displayed in reports in exports and will thus be orphaned. However, all the data is still accessible and viewable on data entry forms and surveys, but just not in exports and reports.Bug fix: If REDCap is configured so that only super users are allowed to create projects and thus normal users must request new projects be created for them, then if a user knows how to send a specifically-crafted request to a certain page in REDCap, they could bypass the request process and actually create a new project on their own without a super user's permission.Bug fix: The option to enable "enhanced radio buttons and checkboxes" on surveys was mistakenly not taking effect on CATs (computer adaptive tests) and Auto-scoring instruments, such as PROMIS assessments, that were downloaded from the REDCap Shared Library.Bug fix: In a production project when a user clicks the "Request delete project" button on the Other Functionality tab of the Project Setup page, it would mistakenly not disable the button after being clicked, which would mistakenly allow users to click it multiple times (although it would correctly be disabled if they left the page and then returned).Change: The "multiple tabs/windows open" error message now additionally notes that if a Cross-Site Request Forgery (CSRF) was just attempted that it was successfully blocked. This is helpful for any app scanners that are scanning REDCap and believe they have found a CSRF vulnerability when in fact it is a false positive.Bug fix: On survey pages, the submit buttons at the bottom of the page were causing the page to become too wide on small screens in some cases if both the Previous Page and Next Page buttons were displayed at the same time.Bug fix: A survey page would not automatically widen if the browser window was widened if the page was initially loaded with a narrow width.Bug fix: When a project's metadata is exported as an ODM/XML file, if a field contains a range validation min or max with a value of "0", it would mistakenly be omitted in the resulting XML file.Bug fix: When creating a new project using an uploaded ODM/XML file, if a field contains a range validation min and max value, then the max value would mistakenly overwrite the min value and leave the max value blank, resulting in incorrect validation range values for the field.Reverted the bug fix for Ticket #1100 since it did not ultimately fix the issue. More work will need to be done in a near-term version to ultimately remedy this. (Refers to bug fix: If a Data Quality rule returns more than 10,000 discrepancies, which is the maximum that it will return, if there have been any discrepancies that have been excluded, then when displaying the discrepancy count to the user, it would mistakenly subtract the excluded count from 10,000 rather than subtracting it from the actual total discrepancy count.)Version 6.15.15 - (released 12/22/2016)BUG FIXES & OTHER CHANGES:Medium security fix:?A cross-site scripting vulnerability was found that could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code to render an iframe on a project page.Major bug fix:?If importing data using the Dynamic Data Pull (DDP) in which some values on the adjudication screen are unchecked (so that they do not get imported), then it would mistakenly import those values anyway when the Save button is clicked. (Bug emerged in version 6.15.14.)Bug fix: If a user in a project had been set to receive Survey Notifications when someone completed a survey, and then the user was removed from the project, then the user would mistakenly still show up in the list of users in the Survey Notifications popup in the Online Designer, even though the user is not selectable there.Bug fix: Piping was mistakenly not working in exported PDFs of instruments with data. (Ticket #11440)Bug fix: When downloading a PDF of a survey response, it might on some occasions not display the label "Response was added on [timestamp]" in the PDF for the response.Bug fix: When downloading a PDF of a survey response, it would mistakenly not perform piping for the survey instructions if variables were used in the instructions.Bug fix: The API example file for the File Import API method in PHP had an error in it. This only affects the PHP example of this method.Bug fix: If using Table-based authentication and resetting one's password recovery question on the My Profile page, it would take the user back to the My Projects page and mistakenly not prompt them to enter a new recovery question for certain cases when Two Factor Authentication has been enabled in REDCap.Bug fix: An error would occur when a developer uses the REDCap::getData method to pull data from one project (specifying the project_id parameter in the method) while inside a hook from another project. (Ticket #12095)Bug fix: Fields having "email" field validation would mistakenly not allow for top-level domains exceeding 4 characters (the part of the email domain name to the right of the dot, e.g.?john@example.global).Bug fix: When importing users via the API User Import method, it would fail if the users were being added to the project (were not existing project users) and were not being assigned to a Data Access Group during the import. (Ticket #12031)Bug fix: When executing Data Quality rule H across all records in a longitudinal project, it might mistakenly find false positives of incorrect calc field values in events that have no data. It should instead be ignoring events with no data for each given record. (Ticket #11599)Bug fix: For a very small minority of calculated fields, especially those using the IF function, the resulting calculation determined when viewing the calc field on its data entry form might be different than the one calculated during a data import or when running Data Quality rule H. (Ticket #12137)Bug fix: If a user puts focus on the text box of an auto-complete drop-down field on a survey or data entry form but does not change the field's value, then it would mistakenly trigger the "Save your changes" prompt if they try to leave the page. Note: This does not affect regular drop-down fields but only those with the auto-complete feature enabled. (Ticket #11725)Bug fix: If an auto-complete drop-down field on a survey or data entry form has an option whose option label is "-" (i.e., a single dash), then it will not render that option correctly when the drop-down is rendered on the page. Note: This does not affect regular drop-down fields but only those with the auto-complete feature enabled. (Ticket #12226)Minor security fix: A few cross-site scripting vulnerabilities were found on different pages in REDCap, in which they could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code.Minor security fix: A vulnerable version of Shockwave Flash was used on the Public Survey Link page in projects utilizing surveys. All Shockwave Flash modules have been removed, and have been replaced with a JavaScript equivalent.Bug fix: Text fields that have the field validation of Number 1/2/3/4 decimal place will mistakenly not have its stats displayed on the "Stats & Charts" page. (Ticket #12388)Bug fix: When viewing the API Tokens page where it displays when a token was last used by a user, it would mistakenly never load the "Last Used" timestamps in the table, but would always say "Loading..". (Ticket #12477)Version 6.15.14 - (released 11/28/2016)BUG FIXES & OTHER CHANGES:Major bug fix:?If the user has downloaded a PROMIS or Neuro-QoL Auto-Scoring instrument or Adaptive instrument from the REDCap Shared Library, in which some of the questions in the assessment have a "not applicable" type option (e.g., "I did not do this..."), then when submitting a question with that option selected, REDCap would mistakenly say that it could not communicate with the PROMIS server and end the survey prematurely. Note: This only affects a small minority of the PROMIS/Neuro-QoL instruments.Minor security fix:?Two cross-site scripting vulnerabilities were found on two separate pages in REDCap, in which they could possibly be exploited by a malicious user who knows how to craft a specific string of JavaScript code.Bug fix: If importing data using the Dynamic Data Pull (DDP) in which the adjudication screen displays new data that has been pulled from the source system after some values have already been imported via DDP into the REDCap project, it would mistakenly not allow the user to dismiss the new values if the user did not want to import them, thus forcing the values to always be displayed in the adjudication popup until at some point at least one value was selected to import.Bug fix: When creating a project via a project XML file, if the project from which the XML file was downloaded was a longitudinal project in which no instruments were designated for any events in the project, then it would display an error and prevent the user from creating a new project from the XML file.Change: Added check for custom hook specifically for Shibboleth authentication in order to allow e-signatures to work with Shibboleth on data entry forms. (Ticket #10225)Bug fix: When "real-time execution" is enabled for Data Quality rules in a project, the processing of the rules on the data entry form can take an unusually long time if there are more than 10 or so rules being executed at a time. (Ticket #8602)Version 6.15.13 - (released 11/15/2016)BUG FIXES & OTHER CHANGES:Bug fix: The Participant List table and the table on the "Set up project bookmarks" page would run off the page if the page was too narrow while not providing any horizontal scroll bars, which prevented the table from being fully viewed.Bug fix: If a CSV data file is uploaded on the Data Import Tool with records represented as columns in the file, then if any columns have a header value in the first row but do not have any data in the column, then it would mistakenly display an error that the record ID was missing for a record being imported. (Ticket #10180)Bug fix: When attempting to assign a user to a Data Access Group using the User Import API method, it would mistakenly fail to assign the user to the DAG and not return any kind of error message. (Ticket #10292)Bug fix: If a user clicks the "Erase All Data" button on the "Other Functionality" page in a project, it would mistakenly delete all user-uploaded files in the File Repository when it should only delete data export files that are stored there. (Ticket #10058)Bug fix: If using a version of PHP below PHP 5.5 on your REDCap web server, then the REDCap API and API Playground might not function. This was due to the mistaken usage of the PHP function json_last_error_msg(), which only exists in PHP 5.5 and up. (Ticket #10459)Bug fix: When using the Twilio telephony services, on certain occasions it might not always erase the call logs or SMS message logs from Twilio's log on its website as logs are created from REDCap's usage of Twilio. It now does a much better job of erasing the log within the user's Twilio account for the phone number being used for the REDCap project.Bug fix: If a field's branching logic contains a line break (or line feed character) in certain places, then it would could the survey or data entry form not to load and display an erroneous error.Bug fix: When exporting the instrument-event mappings of a longitudinal project, if no mappings exist, then it would mistakenly return a blank CSV file. It now instead returns the file with the headers only.Bug fix: When a user is copying a project when only administrators can create/copy projects for users (i.e., users must request it), then if the user selected the Survey Queue and Automated Survey Invitations to be copied, it would mistakenly not select that checkbox option when the administrator goes to copy the project. (Ticket #10676)Bug fix: When a user is creating a new project from an ODM/XML project file, it will now no longer prevent the import if data validation errors exist for data inside the XML file. Also, it will be more lax about minor metadata issues for fields in the XML file. This should improve the overall experience of importing XML project files.Version 6.15.12 - (released 10/28/2016)BUG FIXES & OTHER CHANGES:Bug fix: The Survey Notifications feature would mistakenly not include the Participant Identifier inside the email to the survey administrator unless the survey that was taken was the first instrument (and first event, if longitudinal) of the project.Bug fix: When downloading a PDF containing data for one or all instruments where branching logic is used on all the fields in a given matrix or a given section, in which all matrix fields or all fields in a whole section would be hidden by branching logic based upon the data, then some text in the PDF might mistakenly overlap or alternatively might cause the PDF itself to be corrupt and thus not be able to be opened by a PDF reader.Bug fix: The Activity Graphs page in the Control Center would display dates that were mistakenly one month off (e.g., showing dates for November when it's currently October).Bug fix: The font resize buttons at the top of survey pages would not always enlarge/shrink the text in correct proportions. (Ticket #9499)Bug fix: If a user has been assigned to a Data Access Group, then it would mistakenly allow them to try and add a new user or assign a new user to a role on the User Rights page, even though such is not allowed. And these attempts would inevitably fail and display an error message (or nothing). In that case, it now simply disables the add new user and add new role section of the page.Bug fix: The redcap_connect.php file included in the install zip package would mistakenly fail to connect to MySQL over SSL without client certificate authentication. That file has now been updated in the install zip package. (Ticket #9900)Bug fix: If a user downloads a PDF of all records from the Other Export Options tab of the "Data Exports, Reports, and Stats" page, then it will result in a blank PDF (no text - completely blank) if the project has no records. This is expected but confusing. It now displays a message to the user in this case that the PDF is not downloadable since no records have been created yet.Bug fix: In some rare cases the action of reordering reports on the "Data Exports, Reports, and Stats" page might cause some database queries to overlap and cause a deadlock, thus impacting overall database performance. The process has now been wrapped in a MySQL transaction to prevent this. (Ticket #9716)Change (technical): Replaced the usage of PHP Pear DB with Pear MDB2 (which supersedes it) for Table-based authentication. This should not affect any behavior at all. This should also allow Table-based authentication to work for MySQL connections over SSL.Version 6.15.11 - (released 10/14/2016)BUG FIXES & OTHER CHANGES:Major bug fix:?When performing a data import (API, mobile app, or Data Import Tool) in which one of the fields being imported is a checkbox field, if only some (but not all) of the checkbox options are included in the data import, then those options that are not included in the import will mistakenly get overwritten as "unchecked" (0) if they are currently "checked" (1) in the project. (Ticket #8325)Major bug fix:?When performing a data import (API, mobile app, or Data Import Tool), in which a field being imported contains a checkbox with negative coded choices (e.g., -3), then in specific situations the values for the negative coded choices might not get successfully saved during the import process.Bug fix: The page footer on project-level pages might mistakenly overlay onto the Automated Invitations popup on the Online Designer page. (Ticket #8946)Bug fix: On the Configuration Check page in the Control Center, it will no longer automatically try to set the permissions of the temp and edocs directories as "world writable" (777), which could create security issues for some server configurations depending on the institution's local IT policy.Bug fix: The API method exportFieldNames and the plugin/hook method REDCap::exportFieldNames were mistakenly not returning calc fields. (Ticket #9041)Bug fix: In Step 3 (Filters) when creating/editing a report, if a Form Status field is selected as a filter, the drop-down of choices that appear on the right of it would mistakenly include a blank choice option. Since Form Status fields never have a blank value ("0" is the default value), it should not have an empty option to choose.Bug fix: When using the Twilio telephony services in a longitudinal project in which the designated email field or designated phone field is used for survey invitations, then when sending/scheduling new invitations and setting the invitation type as "participant's preference", it might mistakenly deliver the survey invitation via email rather than using their preference.Version 6.15.10 - (released 10/4/2016)BUG FIXES & OTHER CHANGES:Major security fixes:?Several vulnerabilities (cross-site scripting, cross-site request forgery) were found on various pages throughout REDCap, in which they could possibly be exploited by a malicious user who has knowledge of REDCap's internal file architecture and who also knows how to craft a specific string of JavaScript code. (The changes to the Activity Graphs page in the Control Center, in which a different chart technology is now used for displaying the charts, is due to a vulnerability that was discovered in the older charts package that was used.)Major bug fix:?When an API user has been assigned to a Data Access Group, it might mistakenly allow their API request to modify data for existing records that are not in their DAG. It could also allow the API request to reassign an existing record to the user's DAG, which should not be possible if the API user is already assigned to a DAG.Bug fix: Some error messages for API data imports were mistakenly not displaying all the error messages back the client but instead were returning a very generic message saying that the data might be in the wrong format.Bug fix: If the variable for a checkbox field somehow ends with an underscore (they typically should not, but could due to older bugs that have since been fixed), then their data might not get parsed and interpreted correctly during a data import, thus resulting in an import error. (Ticket #7028)Bug fix: If a field (excluding checkboxes) has a value and then the value is later deleted, it would mistakenly leave a blank value in the redcap_data database table rather than removing the whole row in the table. This would not affect data quality in any way but could cause problems for groups that have plugins or reports that query REDCap's back-end directly.Bug fix: The page footer on project-level pages might mistakenly overlay onto the Automated Invitations popup on the Online Designer page. (Ticket #7059)Bug fix: If a calculated field contains a datediff() function that does not reference "mdy" or "dmy" explicitly as the date format in the function, then on some occasions REDCap might crash due to a fatal PHP error during a data import or when saving a form or survey. (Ticket #7264)Bug fix: When attempting to create a longitudinal project using a project XML file, if the XML file contains data on forms that used to be designated for a given event but now are not, in which the data remains orphaned but still exists in the export, then it would display an error that the project could not be created from the XML file because it will not allow data to be imported in undesignated form/events. (Ticket #7794)Bug fix: When copying a project and selecting to copy the Automated Survey Invitation settings, it would mistakenly not copy the settings for reminders and the "Ensure logic is still true" setting. (Ticket #7941)Bug fix: When entering conditional logic for Automatic Survey Invitations, Survey Queue, etc., it would mistakenly throw an error if a variable inside square brackets was not used in the logic. There are some cases in which logic may not have any variables in them.Bug fix: The characters were not displaying correctly for the Friendly Code column of the Spanish characters table on the "Help & FAQ" page. (Ticket #8000)Bug fix: When a project's "character encoding for exported files" setting is set to "Japanese (Shift JIS)" on the "Edit a Project's Settings" page, it would prevent Japanese text from displaying properly for field labels, field notes, etc. in the REDCap Mobile App.Bug fix: For unknown reasons in particular MySQL configurations, REDCap projects were mistakenly not getting deleted successfully (when a project had been deleted by a user) and thus the project would forever remain in the database, in which REDCap would continuously try (but fail) to delete them over and over again. (Ticket #4994)Bug fix: If a user has Data Access Group privileges in a project but does not have User Rights privileges, then the "DAGs" link on the left-hand menu would mistakenly not get displayed. (Ticket #8381)Bug fix: If a data value is somehow saved multiple times within the same second of time for a given record-event-field, then the Data History popup would mistakenly not show all the logged events for that field but instead would only show the last event logged within that second of time. (Ticket #8323)Bug fix: When using the Twilio telephony services for surveys, if a participant was sent an SMS message from the Public Survey Link page in order to begin a survey as an SMS conversation, then it would never allow them to start the survey but would mistakenly keep asking for a survey access code. This occurred for public surveys only, and only with SMS conversation surveys.Bug fix: The "Custom Application Links for Projects" page in the Control Center would mistakenly not display the "delete" column on the far right of the page, thus making it impossible to delete a custom application link that had been created.Bug fix: When using the Twilio telephony services for surveys, the "Auto-continue to next survey" setting would mistakenly not advance the participant to the next survey if taking the survey via SMS or voice call.Bug fix: Custom Event Labels were mistakenly not getting copied when doing "Copy Project" or when creating a new project via the project XML file. (Ticket #7835)Bug fix: When exporting the project XML file, it would mistakenly not include the Bioportal Ontology attribute of a field in the XMl file if the field was utilizing the ontology auto-suggest feature.Bug fix: The two gray box sections on the Project Home page would mistakenly display side by side on very wide screens. (Ticket #8093)Bug fix: When editing a File Upload field in the Online Designer, in certain circumstances it would mistakenly set the field type as "Text Box" instead of "File Upload" after opening the "Edit Field" popup dialog. (Ticket #8163)Version 6.15.9 - (released 9/8/2016)BUG FIXES & OTHER CHANGES:Bug fix: When on the To-Do List page in the Control Center, clicking on the "Add Users (Table-based only)" link on the left-hand menu mistakenly results in a 404 "page not found" error. (Ticket #6739)Bug fix: When adding/editing an SQL field, if the SQL query is pulling two fields and they are both named the same thing in the query (e.g., "select a.value, b.value..."), then it will mistakenly overwrite the first value with the second value, thus making the drop-down values also be the same as their corresponding labels (rather than the actual desired value). (Ticket #6758)Bug fix: When a project's "character encoding of exported files" is set to "Japanese (Shift JIS)", the PDF export of instruments will fail if the server is using PHP 7.Bug fix: If the @HIDEBUTTON action tag is used for a date or datetime field, the date format note to the right of the field (e.g., "M-D-Y") would mistakenly not be displayed on forms and surveys.Bug fix: If a project has been taken offline via the "Edit A Project's Settings" page in the Control Center, it displays a red box at the top of the Home/Project Setup page in the project; however, the link inside the red box that points to the "Edit A Project's Settings" page mistakenly does not load the settings for that particular project.Bug fix: The Configuration Check page was not checking to see if the PHP extension named "XMLReader" is installed. This extension is used for some important features, such as project XML export. (Ticket #7128)Change/bug fix: Updated "Help & FAQ" page with new content. Also fixed links to the FAQ that pointed to sections that no longer exist.Version 6.15.8 - (released 9/2/2016)BUG FIXES & OTHER CHANGES:Minor security fix: A cross-site scripting vulnerability was found on survey-related page in which the vulnerability could possibly be exploited by a malicious user who has knowledge of REDCap's internal file architecture and who also knows how to craft a specific string of JavaScript code.Bug fix: When the survey confirmation email has been enabled for a given survey, but REDCap does not possess the participant's email address, the green box displayed on the Survey Completion page (for the participant to enter their email) is not aligned correctly on the page. Also, the button text inside the green box would mistakenly spill out of the button in Internet Explorer 11 only.Bug fix: If using the @READONLY or @READONLY-SURVEY action tag on a survey that has the Enhanced Choices option enabled, the options for those radio button fields and checkbox fields would mistakenly not be disabled but would allow participants to select a choice and save data for the field.Bug fix: If executing a rule in the Data Quality module where the rule runs for more than 20 minutes, in which it would have timed out, it might not display an error message to the user but instead might mistakenly appear to run forever (even though it has really stopped).Bug fix: If using a literal date or datetime value (e.g., "01-31-2016") inside the datediff() function that is nested inside another function in a calculated field *and* that literal value is also in MDY or DMY date format, then it may mistakenly not perform auto-calculations correctly and may return incorrect discrepancies for Data Quality rule H. (Ticket #1954)Bug fix: If a calc field's value was created via Auto-calculation during a data import, then it would mistakenly not include the "(Auto calculation)" note for the logged event on the project Logging page.Bug fix: When attempting to edit a matrix of fields in the Online Designer, if one of the field labels contains non-displayable characters (black diamond with question mark), it would mistakenly throw a JavaScript error and prevent the "Edit Matrix of Fields" popup from opening.Bug fix: If authentication has not been enabled in REDCap and a new Table-based user is created by an administrator, then if the new user follows the "reset password" link in the email they receive, it will not do anything except load the REDCap Home page. This is due to the fact that authentication must be enabled before the link will work, which is not always obvious and can be very confusing. In this situation, after clicking the link in the email, it now displays a message to the user that the administrator must first enable authentication before the link will work and allow them to log in using their new REDCap account.Change (bug fix for future bug): The Text-To-Speech functionality that can be enabled on surveys will cease to work as of Oct 1st, 2016 since the current TTS service being used (AT&T) will be discontinuing the service. To prepare for this, this REDCap version will instead utilize the IBM Watson text-to-speech API service. The disadvantage of this new service is that it does not yet work on mobile devices, iOS, or the Safari browser, although this will soon be improved (according to IBM). Note: For all REDCap versions 6.9.1-6.16.6 (Standard) or 6.10.2-6.15.7 (LTS), the text-to-speech functionality will still work between now until Oct 1st, 2016, after which it will not work again until you upgrade to the latest release.Bug fix: If using the Enhanced Choices setting on surveys, and a choice for a radio or checkbox field has no choice label, then the enhanced choice button on the survey page mistakenly looks flattened and smaller than the intended height.Bug fix: If a respondent is returning to a multi-page survey that has the "Save & Return Later" option enabled, it might mistakenly take them to the wrong survey page if the @HIDDEN and @HIDDEN-SURVEY action tags are being utilized on that instrument and also have data saved for fields utilizing those action tags. It now ignores fields that utilize @HIDDEN and @HIDDEN-SURVEY when determining which page to load for the respondent.Bug fix: The Data Search functionality on the Add/Edit Record page would mistakenly return duplicate results on some occasions.Version 6.15.7 - (released 8/19/2016)BUG FIXES & OTHER CHANGES:Medium security fix: A cross-site scripting vulnerability was found on the Project Bookmarks page, Project Home page, and Project Revision History page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific string of JavaScript code.Bug fix: When viewing the Project Setup page on a wide screen, the steps on the page may mistakenly get displayed as two columns instead of one.Bug fix: The configuration setting "Contact person web address/URL" on the Home Page Settings page in the Control Center was mistakenly not being used on the login page in place of the "Contact name email". (Ticket #5961)Bug fix: Fixed outdated text inside the "Move Project to Production Status" popup on the Project Setup page. (Ticket #5974)Bug fix: When exporting data via the API's "Export Records" method in which the data is being exported as "labels" (rather than "raw") and in EAV format, then any Yes/No or True/False fields that used to have a value at one point but then had the value removed, those will mistakenly get exported as "No" and "False", respectively, rather than as blank. It will now not return the row of EAV data if the value is blank or has been removed. (Ticket #6011)Bug fix: When exporting data via the API's "Export Records" method in which the data is being exported in EAV format, any values that belong to multiple choice fields that have had an option/choice removed, thus orphaning the stored data value, would mistakenly return a blank value for the field in the data export rather than the raw value that is actually stored. It now returns the raw data value that has been orphaned, regardless of exporting "labels" or "raw" data. This only occurs for EAV format exports. (Ticket #6012)Bug fix: When clicking the "Request delete project" button on the Other Functionality page of a project that is in Inactive or Archived status, it would mistakenly display a popup window that contained a "0" rather than the correct text content, and thus would not function correctly. (Ticket #6031)Bug fix: When using the Twilio telephony services for surveys, the following things would mistakenly not get triggered if a survey was completed via voice call or SMS: 1) sending confirmation email to respondent, and 2) sending email notifications to project users.Bug fix: When printing the schedule of a record via the "Print Schedule" link at the bottom of the Scheduling page, it would mistakenly not display the Custom Record Label or Secondary Unique Field label on the page to be printed.Bug fix: When exporting the To-Do List as a CSV file in the Control Center, the user's name and email address are not correct for the user who made the request. (Ticket #5885)Bug fix: When using the Twilio telephony services for surveys, piping might not be successful if data is being piped into a Section Header or Descriptive field.Version 6.15.6 - (released 8/12/2016)BUG FIXES & OTHER CHANGES:Major bug fix: If the Survey Login feature is being used on a survey, if no data exists for the login fields for the given record, then it would mistakenly allow the participant to navigate to the survey without having entered a value for the login field.Bug fix: On iOS devices, drop-down fields on surveys and data entry forms would have their option text truncated if it is fairly long, thus making it impossible to view the entire choice's label.Bug fix: If creating a new report and selecting an instrument from the "add all fields from selected instrument" option in Step 2, it would mistakenly add empty placeholder fields to the report where any Descriptive fields exist. (Ticket #5301)Bug fix: If a survey invitation had attempted to send but failed (e.g., email address was not available) for an existing record in a project, it would mistakenly show the send status of the invitation as pending at the top of the data entry form for that record. In this case, it now correctly shows the status as failed to send.Bug fix: For multi-page surveys where an entire page has every question hidden due to branching logic, it might mistakenly still display the page (it is supposed to skip the page) even though no questions are visible on the page. (Ticket #5230)Bug fix: The action tags @HIDDEN and @HIDDEN-SURVEY were mistakenly not being considered when a survey page is supposed to be skipped due to all questions on the page being hidden, thus possibly displaying the survey page with all questions hidden.Bug fix: When editing a matrix of fields in the Online Designer, if a \' (backslash apostrophe) are entered together in the section header, field labels, question numbers, field annotations, or choice labels for any field in the matrix, then the "Edit Matrix of Fields" popup would not open anymore in the future due to a JavaScript error, thus making the matrix no longer editable in the Online Designer. (Ticket #5332)Bug fix: Error in API documentation for the Import Records method. (Ticket #5333)Bug fix: For certain server configurations, if a user logs out of REDCap, it will correctly destroy their session on the server (thus effectively ending their session), although the session cookie in the client might mistakenly not get deleted and may end up with the value "deleted". The leftover cookie does not pose a security concern since it is orphaned from the user's session after the logout has occurred. But regardless, the cookie should be deleted.Bug fix: If the Dynamic Data Pull (DDP) module is enabled in a project, the "Today"/"Now" button and date picker widget of a temporal field would mistakenly not trigger DDP to pull data from the source system.Bug fix: If the Dynamic Data Pull (DDP) module is enabled in a project, the "select all" and "deselect all" links on step 1 of the DDP field mapping page would not work correctly, and it would also cause the "number of fields selected" count to be mistakenly incorrect. (Ticket #5624)Version 6.15.5 - (released 7/29/2016)BUG FIXES & OTHER CHANGES:Medium security fix:?A cross-site scripting vulnerability was found on survey pages and data entry forms regarding File Upload fields, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) or survey respondent who knows how to craft a specific HTTP request to REDCap.Minor security fix:?A cross-site scripting vulnerability was found on the Define Events project page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific HTTP request to REDCap.Bug fix: If a super user is attempting to permanently delete a project via the "Delete it now" link on the Browse Projects page in the Control Center, it would mistakenly not delete the project, even though it says it did.Bug fix: If a user opens a link to a project page while they are not yet logged in to REDCap, in which it displays the login page, then on certain occasions it might mistakenly display a dark overlay over the login page, thus making it impossible to put one's cursor into the input fields or click the "Log In" button".Bug fix: In the email that users are sent via Survey Email Notifications when a survey is completed, the date format of the timestamp contained in the email would not be in the format of the user's preference but instead would mistakenly always be in M/D/Y format. It now displays the date in the user's preferred date format in the email. (Ticket #4540)Bug fix: More fixes for the floating project page footer, which would sometimes cover page content if some of the page was loaded via AJAX. (Ticket #4781)Bug fix: For compatibility purposes, bare line feeds that exist in emails sent from REDCap are now replaced by a space + carriage return + line feed. (Ticket #3944)Bug fix: When copying a longitudinal project via the Copy Project button on the Other Functionality page and selecting the option to copy reports, then if a report in the project contains a filter that specifies a field on an explicit event, then the event designation will be mistakenly converted to "all events" in the same subsequent report in the new project. (Ticket #4779)Bug fix: Corrupted line feeds (carriage returns) can sometimes get added to Section Headers and Choices in data dictionaries. This was originally fixed in Ticket #4148 for Field Labels, but mistakenly still exists as a bug for Section Headers and Choices when uploading or downloading data dictionaries.Bug fix: When undesignating a super user on the "Designate a Super User" page in the Control Center, the user's row in the table would mistakenly not get removed after they had been undesignated if their username contained a dot or @ sign. Although it would still successfully undesignate them, the change would not be reflected on the page until the page was reloaded.Version 6.15.4 - (released 7/22/2016)BUG FIXES & OTHER CHANGES:Minor security fix: A cross-site scripting vulnerability was found on the Scheduling project page, in which the vulnerability could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft a specific HTTP request to REDCap.Bug fix: If a user had requested an API token in a project, it would mistakenly allow them to send a duplicate request on the API Playground page and on the Mobile App page in a project.Bug fix: Corrupted line feeds (carriage returns) can sometimes get added to Field Labels in data dictionaries. Their origin is unknown, although Microsoft Excel is suspected. This can sometimes cause line breaks to double (i.e., two carriage returns instead of one) when uploading data dictionaries, or can cause line breaks to completely disappear if editing a field in the Online Designer. Any existing corrupted line feeds will now be properly converted and fixed when importing or exporting data dictionaries and when editing a field in the Online Designer. (Ticket #4148)Bug fix: When using min/max range validation on a field having a validation type of datetime or datetime w/ seconds, in which a user enters an out-of-range value on a survey or data entry form, the error message popup that is displayed would mistakenly mangle the format of min/max values in the error message. (Ticket #4478)Version 6.15.3 - (released 7/15/2016)Bug fix: If the Duo option is enabled for Two-Factor Authentication, then it would mistakenly always return the user to the page "index.php" of the current directory they are in after they log out or after their session times out, even if that page does not really exist in REDCap, which could be very confusing to users. (Ticket #3592)Bug fix: If using the @NOW or @TODAY action tags for date, time, or datetime fields, it would mistakenly set the text field to full width on a survey or data entry form rather than shortening the text field to its typical width based upon its specific validation type. (Ticket #3742)Bug fix: In older versions of Internet Explorer, if a survey respondent opens a survey link, then completes the survey, and then clicks the "Close survey" button afterward, then it might throw a JavaScript error. (Ticket #3721)Bug fix: If a user with E-signature privileges was attempting to e-sign a data entry form that had been previously locked, it would display an erroneous error.Bug fix: The page footer on project pages would sometimes obscure page content.Bug fix: If all the fields in a given section of a data entry form have the action tag @HIDDEN-APP or @HIDDEN-SURVEY, then when viewing the form, the section header above that section would mistakenly be hidden even though some of the fields in the section are still displayed. The section header should only be hidden if all fields in the section are hidden.Major bug fix: When editing a survey's settings via the Survey Settings button on the Online Designer, it might mistakenly fail to save the settings for certain MySQL configurations. (Ticket #3003)Bug fix: Minor formatting error in API documentation for Export Records method. (Ticket #4059)Bug fix: When using Enhanced Choices for radios/checkboxes on surveys, if a choice label has long words, it might mistakenly causes horizontal scrollbars to appear around the choice in certain web browsers.Version 6.15.2 - (released 7/7/2016)Bug fix: When loading a public survey, it now employs stricter checking to doubly ensure that a public survey link does not get confused with a participant's unique survey link (since there might be a one-in-a-million chance that it could get confused under very specific and rare circumstances).Bug fix: Fixed compatibility issues specifically related to MySQL 5.7 and its default sql_mode setting.Bug fix: If a File Upload field has the @READONLY action tag, and the field already contains an uploaded file for a given record, then when viewing the survey page or data entry form, it would mistakenly allow the user to delete the file and even upload another file afterward. (Ticket #3263)Bug fix: The server-side field validation would mistakenly get triggered on the record ID field when submitting a data entry form or survey if a record's name did not follow its specific field validation format. This would cause the server-side field validation message to constantly appear for that record unnecessarily whenever a form or survey was saved for the record. It now skips the server-side field validation for the record ID field when saving existing records.Bug fix: On the Administrator To-Do List page in the Control Center, the page navigation for the "Completed & Archived Requests" table would become unwieldy if there existed more than 20 pages, thus causing all the page numbers to overflow and take up too much space. It now only displays the first and last handful of pages for navigation.Bug fix: Fixed incorrect language in the "Move project to production" popup on the Project Setup page.Bug fix: When using calculated fields that utilize cross-event calculations in a longitudinal project, Auto-Calculations and Data Quality rule H would mistakenly not be able to process any calculation that references a field on an event that did not contain any data (i.e., an empty event) for a given record. Thus, DQ rule H would not find any discrepancies even when they exist, and Auto-Calculations would not properly get performed. (Ticket #2898)Bug fix: The action tags @HIDEBUTTON and @PASSWORDMASK were mistakenly not being employed on the Online Designer page when utilized for a given field.Bug fix: If using MySQL-over-SSL secure database connection while on PHP 5.1 or 5.2, it might not be able to make successful database connections since REDCap was using the MYSQLI_OPT_SSL_VERIFY_SERVER_CERT flag, which was introduced in PHP 5.3. It now only applies that flag if on PHP 5.3 or higher.Version 6.15.1 - (released 6/30/2016)New LTS branch based on REDCap 6.15 (Standard) + the changes below.Bug fix: If importing data via the Data Import Tool or API import for a longitudinal project in which multiple events are being imported for a record whose record name is mistakenly in different cases (e.g., "mea-101" vs "MEA-101") in the data being imported, then after importing that data, some of the data will never be displayed in reports in exports and will thus be orphaned. However, all the data is still accessible and viewable on data entry forms and surveys, but just not in exports and reports.Bug fix: If REDCap is configured so that only super users are allowed to create projects and thus normal users must request new projects be created for them, then if a user knows how to send a specifically-crafted request to a certain page in REDCap, they could bypass the request process and actually create a new project on their own without a super user's permission.Bug fix: The option to enable "enhanced radio buttons and checkboxes" on surveys was mistakenly not taking effect on CATs (computer adaptive tests) and Auto-scoring instruments, such as PROMIS assessments, that were downloaded from the REDCap Shared Library.Bug fix: In a production project when a user clicks the "Request delete project" button on the Other Functionality tab of the Project Setup page, it would mistakenly not disable the button after being clicked, which would mistakenly allow users to click it multiple times (although it would correctly be disabled if they left the page and then returned).Change: The "multiple tabs/windows open" error message now additionally notes that if a Cross-Site Request Forgery (CSRF) was just attempted that it was successfully blocked. This is helpful for any app scanners that are scanning REDCap and believe they have found a CSRF vulnerability when in fact it is a false positive.Bug fix: On survey pages, the submit buttons at the bottom of the page were causing the page to become too wide on small screens in some cases if both the Previous Page and Next Page buttons were displayed at the same time.Bug fix: A survey page would not automatically widen if the browser window was widened if the page was initially loaded with a narrow width.Bug fix: When a project's metadata is exported as an ODM/XML file, if a field contains a range validation min or max with a value of "0", it would mistakenly be omitted in the resulting XML file.Bug fix: When creating a new project using an uploaded ODM/XML file, if a field contains a range validation min and max value, then the max value would mistakenly overwrite the min value and leave the max value blank, resulting in incorrect validation range values for the field.Reverted the bug fix for Ticket #1100 since it did not ultimately fix the issue. More work will need to be done in a near-term version to ultimately remedy this. (Refers to bug fix: If a Data Quality rule returns more than 10,000 discrepancies, which is the maximum that it will return, if there have been any discrepancies that have been excluded, then when displaying the discrepancy count to the user, it would mistakenly subtract the excluded count from 10,000 rather than subtracting it from the actual total discrepancy count.)Version 6.15.0 - (released 6/22/2016)New feature: Enhanced radio buttons and checkboxes for surveys - A new survey option "enhanced radio buttons and checkboxes" can be found on the Survey Settings page in the Online Designer in which a user can enable the feature so that radio buttons and checkboxes are displayed differently on the survey page, in which they appear as large animated buttons that look more modern and stylish than traditional radios and checkboxes. This new feature can be enabled for any given survey in a project where it will transform *all* radios and checkboxes on the survey into the enhanced version. Note: This feature does not work for radios and checkboxes in a matrix.Improvement: Server-side field validation - In addition to the existing client-side field validation that is performed on surveys and data entry forms, REDCap will now also perform server-side validation to validate all submitted values prior to saving them to ensure they are valid values. This means verifying the value via a text field's field validation type, or if a multiple choice field, verifying that the value is indeed a valid choice for the field. If they are considered invalid values, then the value will not be saved, and the page will be reloaded with an error message (similar to the Required Fields error message) informing the user that invalid values were entered and should thus be corrected, if desired. This new server-side validation improves the overall quality of data being entered on surveys and form.New feature: Create custom public survey link - On the "Public Survey Link" page in a project that utilizes surveys, users now have the option to create their own custom public survey link that begins with "" (e.g.,),?in which the custom URL will simply redirect to the public survey in their project. They may enter a desired URL, and it will check if the URL has already been taken. If not, it will store that custom URL in the project so that it is always able to be obtained on the Public Survey Link page.New Action Tag: @HIDEBUTTON - Hides the 'Now' or 'Today' button that is typically displayed to the right of date, time, and date/time fields.New Action Tag: @APPUSERNAME-APP - In the REDCap Mobile App, this action tag sets a field's value to the app username of the current mobile app user - i.e., their username in the mobile app, which is not necessarily the same as their REDCap server username that can be captured using @USERNAME. NOTE: For use only in the REDCap Mobile App.Improvement: Updated "Help & FAQ" page. Has better navigation and is easier to read.Improvement/change: If a user has had access to REDCap for more than 7 days and they are logging in to REDCap's home page, then it will redirect them to the My Projects page after a successful login. This is to save them a click, assuming that they have no need to view the home page at this point. Note: Due to certain limitations, this feature is only available for installations using "LDAP", "Table-based", or "LDAP & Table-based" authentication methods.Improvement: Users can now only send the request one time for moving a project to production or requesting that a production project be deleted. In previous versions, the request could be sent many times and could thus cause confusion for the administrator regarding which request should be processed. Additionally, any user that has submitted either of these types of requests may also manually cancel the request by clicking a "Cancel request" button next to the disabled button where the request was originally submitted.Improvement: Administrators can now add comments to items in the Control Center To-Do List. A comment can be added or edited for any item in the To-Do List.Major bug fix: If using the median() function in a calculated field in which there are an even number of non-blank values being used in the function for a given record, then it would mistakenly return an incorrect value when viewing the calculated field on a survey or data entry form. However, if the value was calculated via Auto-Calculation via a data import or Data Quality rule H, then the result would be correct.Major bug fix: If an authenticated user is on a data entry form that has been locked and/or e-signed, and the user knows how to manipulate the webpage in specific ways (e.g. JavaScript methods via their web browser's console) for malicious purposes, they could potentially submit data on the form and modify data values even though the form is locked.Bug fix: If a radio button field (including Yes/No and True/False fields) has a @READONLY action tag, in which that field is being used on a survey where question pre-filling is being performed via query string or form submit and also where that same field's value is being piped somewhere else on the survey page, then the piped value would mistakenly change on the page if the choice label next to the read-only radio button was clicked. (Ticket #1881)Bug fix: For certain server configurations, certain pages would cause a PHP fatal error to do case sensitivity when referencing REDCap's ToDoList PHP class.Bug fix: If using the Data Resolution Workflow in a project, it was mistakenly not displaying the field-level data changes inside the table in the DRW popup but instead was only displaying the actions related to the DRW module. It now correctly displays both the actions and the data changes as it did previously.Bug fix: For data entry forms that begin with one or more slider fields, inside of the user's cursor getting placed on the slider fields as it should, it would mistakenly skip over them and place the cursor in the field that follows them further down the page. (Ticket #2239)Bug fix: When using a survey theme on a survey page, the text color for the "Returning?" link, "Survey Queue" link, and page number text would mistakenly not get incorporated into the survey theme colors, thus sometimes making them hard to read if close enough to the background color used.Change: Modified the "Table-based User Mgmt" link on the Control Center's left-hand menu so that its text says "Add Users (Table-based Only)" instead for greater clarity.Bug fix: When importing a text field with "datetime w/ seconds" validation in which its date is either MDY or DMY format (either via Data Import Tool or via API import), if the "seconds" time component is missing from the end of the value, then it will mistakenly prepend the time component with a "0" in the error message that is returned. This does not affect any data because it fails field validation.Bug fix: When downloading the entire logging record of a project on its Logging page, if any field values contain a "less than" (<) sign followed immediately by a number or letter, then it would mistakenly truncate the Data Changes column for that row in the resulting CSV file. (Ticket #1788)Change: Added new video "Mobile App Project Setup" on the REDCap Mobile App page in a project that discusses the process of setting up the mobile app for a given project.Change: If an entire data entry form is disabled due to a user's form-level privileges being set to "read-only", the user would mistakenly not be able to add an E-signature to the form even if they have E-signing privileges. This is inconsistent since they can Lock or Unlock the form but cannot E-sign it. Users with E-signing privileges will now be able to e-sign a data entry form that is disabled. This is allowable since Locking and E-signing privileges are separate from data entry privileges.Bug fix: If a Data Quality rule returns more than 10,000 discrepancies, which is the maximum that it will return, if there have been any discrepancies that have been excluded, then when displaying the discrepancy count to the user, it would mistakenly subtract the excluded count from 10,000 rather than subtracting it from the actual total discrepancy count. (Ticket #1100)Bug fix: The "reset" link for a matrix of radio button fields was mistakenly getting displayed on the line above the radios rather than below them, thus messing up some of the formatting of the matrix.Version 6.14.2 - (released 6/8/2016)Change: A link to the Control Center was added (for super users only) at the top left of a project page (to the right of the "My Projects" link).Bug fix: Permittable HTML tags that were manually entered in a calendar event's Notes field are no longer interpreted but are mistakenly escaped and displayed as-is on the calendar event. Example: In the mouseover tooltip for a calendar event on the Calendar page, instead of bolding the text when using <b>, it would instead display it explicitly as "<b>". Bug emerged in REDCap 6.14.1.Bug fix: If an authenticated user has special knowledge of REDCap's architecture, they could potentially set or remove the project-level expiration date of a user in a project to which they have access, even if the user does not have privileges to access the User Rights page in that project.Bug fix: If using the GET or POST pre-fill method for pre-filling survey fields, it would mistakenly fail to perform the pre-filling action on checkbox fields having option values of two characters or more in length. (Ticket #1243)Bug fix: If an authenticated user has special knowledge of REDCap's architecture, they could manually call a certain page that would create a new project with a blank project title, even if they do not have project creation privileges. (Ticket #1246)Bug fix: If a survey queue page has many completed surveys, in which it hides them and displays the "view all" link, then if the participant clicked the "view all" link, it would mistakenly not display the hidden completed surveys in the table. Bug emerged in version 6.13.0.Change: All links pointing to pages on the Trac wiki have now been replaced with their corresponding pages on the new REDCap Community website () since the Trac wiki at has now been officially retired.Bug fix: The REDCap Hook documentation notes that the global variable $conn should be used for database connections. However, that variable is mistakenly not defined at the time any hook is called and thus is not able to be utilized.Bug fix: In certain cases when using Shibboleth authentication, it would mistakenly not set the user's last login time correctly in the redcap_user_information table. (Ticket #1251)Version 6.14.1 - (released 5/25/2016)Improvement: A field's Section Header and Field Annotation are now displayed in the Codebook for the project.Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages throughout REDCap, in which these vulnerabilities could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to inject specific malicious text into field labels and other various field attributes, which then get displayed on certain pages. (Ticket?#1234)Major bug fix: If using the CDC's SAMS authentication, there is the possibility that the REDCap session could mistakenly persist via the user's browser's session cookie on their computer, despite the fact that the session was destroyed on the REDCap server.Bug fix: When viewing the REDCap upgrade module on Mac OS X, the text inside the SQL upgrade script textbox might mistakenly not display line breaks incorrectly and thus might cause SQL errors if executed as is.Bug fix: Some?JavaScript??errors were occurring in Internet Explorer 8, which caused some functionality to work and some pages not to render correctly.Bug fix: If a super user is submitting production Draft Mode changes in which the changes are not automatically approved, it would mistakenly not add the event to the To-Do List in the Control Center.Change: Updated some of the language in the Install module to provide better guidance and clarity for the installation process, and also to remove language that caters heavily to phpMyAdmin as a preferable MySQL client. Additionally, text was added to stating that MariaDB is a completely compatible alternative for MySQL as a database back-end.Bug fix: If using Two Factor Authentication, it was mistakenly not using the web server's default value for the "Secure" cookie attribute for the Two Factor cookies created, as per changes for session cookies in version 6.14.0.Change: The attribute autocomplete="off" was added to all text input fields on surveys and data entry forms (and to the form tag itself) to allow institutions to better comply with certain regulatory requirements, even though most modern browsers ignore this attribute.Bug fix: If the Double Data Entry module is enabled for a project, the Project Statistics table and the Current Users table would mistakenly overlap on the Project Home page. (Ticket?#1233)Bug fix: When selecting the Import Users API method on the API Playground page, it would mistakenly throw an error and crash the page. (Ticket?#1226)Change/bug fix: When exporting data via the Export Records API method, specifically in flat JSON format, it might mistakenly return the record names as different data types, in which some may be returned as numbers while others as strings. This should not affect anything adversely but might be confusing to users. For consistency, it now returns all record names as strings (i.e., surrounded by quotes) when exported in flat JSON format. (Ticket?#1230)Version 6.14.0 - (released 5/13/2016)NEW FEATURES & IMPROVEMENTS:New feature: Administrator To-Do ListNew page in the Control Center that allows all REDCap administrator requests to be processed in a single place. This includes approving production drafted changes, API token requests, create/copy projects (if applicable), and move projects to production (if applicable).All requests will be listed in a table on this page and will include all associated information about the request, such as time of request, requestor, project, request type, etc.If desired, email notifications can be disabled on this page if administrators no longer wish to receive the emails associated with these requests, but instead wish to solely use the To-Do List page without any email notifications.NOTE: This page will always reflect the current status of all requests, whether or not they were processed using the tables below or using the link inside the email to the administrator (if email notifications are enabled).? New action tag: @USERNAME - Sets a field's value to the username of the current REDCap user. If this is used on a survey, the value will be “[survey respondent]”. Once the value is captured, it will not be changed when visiting the page at a later time.? New action tag: @DEFAULT - Sets a field's initial value.This action tag allows a field to have a specified default value when viewing the field on a survey or data entry form that has not yet had any data saved for it (i.e., when the form status icon is gray or when a survey has not been started).The format must follow the pattern @DEFAULT="????", in which the desired default value should be inside single or double quotes.For checkbox fields, simply separate multiple checkbox values with commas - e.g., @DEFAULT='1,3,6'. NOTE: The default value does *not* get applied during any data imports (via API or Data Import Tool) but only operates when viewing survey pages and data entry forms.For text fields, you may even perform Piping inside the default value to pipe data from another field in the project - e.g., @DEFAULT=”Name: [first_name] [last_name], DOB: [dob]”.NOTE: If being used on a date or datetime field, the date value inside the quotes must be in Y-M-D format - e.g., @DEFAULT='2007-12-25'.If this action tag is used on a survey question that is utilizing a survey pre-fill method (via query string or POST submit), then the pre-fill values supplied will override the default values provided by the action tag.? New hook: redcap_every_page_top - Allows custom actions to be performed at the top of every page in REDCap (including plugins that render the REDCap page header)? New hook: redcap_every_page_before_render - Allows custom actions to be performed by every PHP script in REDCap (including plugins) before the script itself begins to be formally processed.? Improvement: When in production, users can now request that a project be deleted by an administrator. The request will be added to the To-Do List in the Control Center, and the administrator will be emailed (if email notifications are enabled).? New method for hooks/plugins: REDCap::getCopyright - Returns the REDCap copyright text to be displayed on all pages - i.e., "REDCap X.X.X - ? 20XX Vanderbilt University". This is recommended to be used if a hook is utilized to alter an existing REDCap page so much that the normal page footer that contains the REDCap copyright notice is no longer displayed. Thus you may use this method to display the copyright notice on that page but in a different way or in a different location. This is to conform to the REDCap license agreement that stipulates that the REDCap copyright notice should not be removed from any REDCap pages (this excludes plugins).BUG FIXES & OTHER CHANGES:? Change: To be more consistent and simpler with regard to how REDCap administrators are notified about user-submitted requests, the “Person who will approve changes for production projects” option has been removed from the system-level and project-level configurations. Instead, REDCap will now use the “Project Contact Person” name and email for *all* requests rather than using the two options for various requests, which can be confusing regarding which will be used for what type of request. This will keep things much more simplified going further.? Change: On the General Configuration page and Edit A Project’s Settings pages in the Control Center, the option “Project Contact Person” has been re-labeled as “Name of REDCap Administrator” to improve clarification regarding what this option refers to.? Change/improvement: Piping can now work recursively in case the initial data that is piped also contains variables that should then be piped.? Change/improvement: The mailto link at the bottom left of a project has now been replaced with a "Contact REDCap administrator" button that, when clicked, opens the user's default email client and pre-fills the email body with their username, the title of the current project, and a link to the project. This should help administrators in case this information is not provided by the user themselves, which is often the case.? Bug fix: When creating a new Data Quality rule that contains "<-", such as "[field]<-6", in which the "less than" character is followed immediately by a minus sign, it would mistakenly remove everything in the logic beginning with the "less than" sign and after it, and would thus cause the entire logic not to execute correctly.? Bug fix: When exporting a project's metadata and data as a project XML file on the Other Functionality tab of the Project Setup page, the title of the dialog would mistakenly say "Exporting 'report'" when it should instead say "Exporting 'Entire project (metadata & data)'".? Change: When adding a new field in the Online Designer, the Custom Alignment setting no longer resets back to "Right Vertical (RV)" alignment every time as it did in previous versions, but instead it now reverts to the alignment value of the previous field that was opened beforehand while on that page.? Bug fix: If using question auto-numbering on a survey that contains fields that utilize the @HIDDEN or @HIDDEN-SURVEY action tag, it would mistakenly not display the question numbers correctly but would appear to skip some because they belong to the questions being hidden.? Bug fix: A fatal PHP error would occur if calling the "Import Events" API method with the "override" parameter having a value of FALSE. (Ticket #1199)? Change/improvement: The Browse Projects page in the Control Center now displays a project's PID (i.e, its project ID number) next to the project title to allow administrators to more easily identify a project, especially when some projects are similarly named and thus difficult to tell apart.? Bug fix: When viewing the Project Setup page on a mobile device, the link to the My Projects page inside the navigation drop-down list at the top of the page would not be formed correctly, thus causing the link not to work correctly.? Bug fix: If a field references a checkbox field in its branching logic or its calculation (if a calc field), then if the checkbox field's instrument is copied using the Copy action in the Online Designer, the new copy of the checkbox variable would mistakenly not get updated in the branching logic or calculation. (Ticket #1206)? Bug fix: On some project pages, the page footer might mistakenly cover some content at the very bottom of the page. (Ticket #1204)? Improvement: Added an "Edit" link on the left-hand project menu in the "Project Bookmarks" panel to allow users to easily navigate to the Project Bookmarks page if they have Project Design/Setup privileges.? Improvement: When copying a user role on a project's User Rights page, the Edit Role popup now opens immediately after copying a role to allow the user to more easily modify the newly created role.? Bug fix: When creating or editing a report in a project, HTML tags used inside Field Labels would mistakenly get displayed in the field drop-downs on the page, thus causing it to be difficult to view all the Field Labels in the drop-down correctly. (Ticket #1203)? Bug fix: If a matrix of fields has matrix ranking enabled, in which one of the choices in the matrix contains a period/dot in its raw/coded value, then the ranking feature would not work and would mistakenly throw a JavaScript error.? Change: Small clarification in instruction text when a REDCap administrator is creating an API token for a user.? Change: If the REDCap web server already has a large value set for the "max_execution_time" setting in PHP.INI, then REDCap will not lower that setting's value if REDCap's required value is smaller than the system value.? Bug fix: When using the CDC's SAMS authentication, it was mistakenly reporting every page request as a login event in the redcap_log_view database table. This did not affect anything other than causing all logged web requests to be duplicated in the backend database.? Bug fix: The survey table of questions might mistakenly be too narrow (not full width) in some web browsers when taking a survey that is a CAT (computer adaptive test) or auto-scoring instrument downloaded from the REDCap Shared Library.? Bug fix: If the Dynamic Data Pull (DDP) module is enabled for a project, and a non-temporal field's value (e.g., last name) has been imported into REDCap from the source data system, then if the value in the source system ever changed afterward, it would mistakenly never get pulled into REDCap to allow the new value to be adjudicated by a user. Now if it detects that a non-temporal field's value has changed when pulling data from the source system again, then even though it has already been cached in REDCap, it replace the cached value with the new value received from the source system, and will prompt the user to re-adjudicate the new value.? Bug fix: Normal users were not able to do anything on the Record Locking Customization page in a project due to a JavaScript error. Bug emerged in version 6.13.0.? Bug fix: Live Filters on a given report will have no effect when viewing the "Stats & Charts" page for the report, but instead the report will mistakenly display all results as if a Live Filter had not been selected. (Ticket #1219)? Fixed a typo in some Twilio instructions. (Ticket #1209)? Bug fix: When clicking the [?] link for the option "Enable auto-complete for this drop-down" in the Add/Edit Field popup on the Online Designer, it would mistakenly make the browser go to a blank page in certain web browsers (e.g., Firefox).? Fixed typo for instructional text when moving a project to production.? Bug fix: When using the Randomization module in a project, if a super user uploads a new allocation table while in production in order to append those allocations to the existing randomization allocation table, it would mistakenly not log the event.? Change/improvement: The REDCap installation package now comes with the hook_functions.php file and a hooks directory, and the path to the hook_functions.php file is set automatically during the installation process.? Change/improvement: REDCap now uses the value of session.cookie_secure in the PHP.INI configuration file when setting the default cookie parameters. This allows for the "Secure" cookie attribute to be set to True if session.cookie_secure=On in PHP.INI. By default, the "Secure" cookie attribute is set to False.Version 6.13.3 - (released 4/22/2016)Major bug fix: If using the Randomization module in a project while viewing a data entry form of a record that had already been randomized, it is mistakenly possible to click the "Delete data for this form only" button and delete the form's data even when the randomization field or strata fields exist on the page. There should be no way to modify the value of the randomization field or strata fields once a record has been randomized. In this case, it now displays a message saying that the form's data cannot be deleted for the reasons above.Major bug fix: If using the Randomization module in a project while viewing a data entry form of a record that had already been randomized, it is mistakenly possible to click the "Delete data for this event only" button and delete the whole event's data even when the randomization field or strata fields exist on that event. There should be no way to modify the value of the randomization field or strata fields once a record has been randomized. In this case, it now displays a message saying that the event's data cannot be deleted for the reasons above.Major bug fix: If one or more data entry forms have been locked on a given event for a record in a longitudinal project, then it would mistakenly be possible to click the "Delete data for this event only" button at the bottom of the data entry form. There should be no way to delete values for a locked form. In this case, it now displays a message saying that the event's data cannot be deleted until all of the locked forms on the event have been unlocked by someone with locking/unlocking privileges.Change: Added a compatibility notice for the embedded audio option for attachments for Descriptive fields on surveys and data entry forms. The compatibility notice informs the user that the embedded audio option for attachments is not 100% compatible for all audio file types across all web browsers. This is not a limitation in REDCap, but is simply a compatibility issue across web browsers. The most compatible audio file types to use are MP3 and WAV. Other audio types may work on some browsers but not in others. Unfortunately, there is not always an easy way to know what audio file will work for which browser, especially as operating systems and web browsers evolve over time.Improvement: When a user opens the Data History popup or the Data Resolution Workflow popup for a given record/field, the popup should now open a bit more quickly than before if it had been slow in the past, especially for projects with many records and/or data changes.Bug fix: Issue when using Twilio telephony services when using a proxy with the REDCap web server. (Ticket?#1190)Bug fix: When importing data via the Data Import Tool or API data import, the number of records that were created or modified during the import would mistakenly be reported as the number of values that were added/updated rather than the number of records that were created/modified. Bug emerged in 6.13.2. (Ticket?#1189)Bug fix: If a BMP image file was used as an inline image for a Description field on a data collection instrument, then a fatal PHP error would occur if a user attempted to download a PDF of that instrument, thus preventing the user from ever downloading the PDF successfully. It now simply omits the BMP file in the PDF because the third-party PDF software used in REDCap is not able to render BMP files. But at least the user will be able to download the PDF now.Bug fix: For certain server configurations, the Configuration Check page might mistakenly say that the database structure is incorrect when there is actually nothing wrong, in which it would display a lot of SQL queries to fix the "issue" that would fail if they were run (although they would not harm anything).Bug fix: If Automated Invitations have been set for a survey, in which it is using conditional logic to trigger the invitations, and if the logic contains the operator "<=", then when the Automated Invitations popup is reloaded at a later time, it would mistakenly insert a space into the operator ("< =") when displaying it in the popup. Although this issue does get caught by REDCap before allowing the user to save it (thus it should not cause problems), it still is rather annoying to have to manually fix every time prior to saving the logic again.Version 6.13.2 - (released 4/19/2016)? Major bug fix: Some specific web server configurations might throw a fatal PHP error if a user attempted to use the API Metadata Import method or attempted to export/import a CDISC ODM file.? Major bug fix: When using the Randomization module in a project and saving data on the data entry form where the randomization field is located, it is possible in some rare cases that the value of the randomization field, despite being disabled on the page, might somehow get changed (i.e., as seen on the data entry form or reports/exports - although its value in the randomization allocation table will remain unchanged). This might occur due to unforeseen interaction with certain browser extensions, as well as due to unknown manipulation of the form when using certain tablets. More safeguards have now been added in order to prevent the randomization field's value from ever changing on a data entry form.? Bug fix: When importing data via Data Import Tool or API for a field with "vmrn" validation (Vanderbilt medical record number), it would mistakenly convert any blank values into the value "000000000" when importing.? Bug fix: If non-Latin characters (especially multi-byte characters) exist in a project title, then the project title would not display correctly on the My Projects page on a mobile device (small screen) but would instead be garbled. Bug emerged in version 6.13.0. (Ticket?#1182)? Change: Disabled the backspace-goes-back "feature" of browsers, which could cause unexpected issues and confusion if a user accidentally clicked the backspace button on a page.? Bug fix: If using the Dynamic Data Pull (DDP) module with "Preview Fields" enabled, then if a value is entered for a source identifier field on a data entry form and then the record is saved after viewing the Preview Fields while a required field is left blank on the page, then it would mistakenly not display the DDP adjudication popup on the next screen but would instead show the required field popup. It now shows the DDP popup instead.? Change: Matrix fields are now no longer allowed to have a Field Label. (Ticket?#1188)? Change: The width of date and datetime fields was increased on surveys with "Large" or "Very Large" text so that the entire value is always visible.? Bug fix: If a file is uploaded to a File Upload field or Signature field on a survey or data entry form and then another File Upload field or Signature field is opened within one second of closing the first one, then the second field's popup prompt would mistakenly close. This would require the user to have to reopen it.Version 6.13.1 - (released 4/12/2016)? Change: The Configuration Check page now checks to make sure that the DOM extension in PHP is installed.? Bug fix: The table displayed on the Record Status Dashboard and Event Grid (in longitudinal projects) might get widened too far on mobile devices in certain cases or if the browser window is resized. This would make the page unusable.? Bug fix: When using the Quick Add feature when adding/editing a report, if an instrument begins with a Descriptive field, then it would mistakenly not display the instrument name and the "Select All/Deselect All" options in the Quick Add popup, thus making it impossible to select/deselect all fields in that instrument at once.? Bug fix: If the words "and" or "or" are used inside single quotes or double quotes in branching logic or a calculation (e.g., [text_field] = "x and y"), then it would not get parsed correctly and thus would not function as expected. (Ticket #1160)? Bug fix: When sending emails in a Google App Engine environment, REDCap would think the emails did not send even when they actually did.? Bug fix: It was not possible to move a project to Inactive status because the button on the Other Functionality did not do anything.? Bug fix: When using the REDCap::getPDF method in a plugin or hook, in certain circumstances it might mistakenly return a single instrument in the PDF even though the $instrument parameter is passed as NULL in order to force it to return all instruments. (Ticket #1177)? Bug fix: When performing a search using the Data Search utility on the Add/Edit Records page, it might mistakenly return results that belong to orphaned events that have since been deleted.? Change: The enhancement added in a recent version to prompt the user to have a text field's value automatically trimmed if the value begins or ends with whitespace was mistakenly being applied to Notes fields when it should have only been applied to Text fields.Version 6.13.0 - (released 4/8/2016)? New feature: Responsive design of REDCap web pages? Now has a more flexible and responsive user interface to conform to and fit screens on devices of all sizes.? Major improvement for how surveys and data entry forms look on mobile devices (i.e., phones), including automatic font increase and forced left-alignment of questions for better user experience when screen real estate is limited.? REDCap now has the Bootstrap front-end framework embedded inside it, thus allowing plugin/hook developers to utilize all the Bootstrap UI elements and features.? Technical note: The “label” CSS class used for field labels in the question table on surveys and data entry forms has been replaced with “labelrc” to prevent conflicts with Bootstrap.? Improvement: Slider fields on surveys and data entry forms are now much easier to use on mobile/touch devices.? Improvement/change: When a user moves a project to production (or requests to have a project moved to production) on the Project Setup page, it now forces them to choose if they want to delete all project data or to keep all existing records. In previous versions, it would pre-check the “delete all data” checkbox, which could sometimes cause users to unwittingly lose all their data if not paying attention to what they are agreeing to.? Improvement/change: A new system-level setting allows administrators to hide the option where users can export an entire project as a single REDCap XML file (i.e., project backup). Because some institutions are wary of users feeling the need to download an entire project and its data, they may unwittingly download unencrypted project backups (containing data) to store on their local drive, which could be a security or privacy concern. This option can now be disabled on the Modules Configuration page in the Control Center.? Change: The Record Locking Customization page in a project now allows normal users to view the locking and e-signature information in read-only format when in production. In previous versions, only super users were allowed to view this page in production status.? Major bug fix: If the randomization module is enabled in a project and is using Data Access Groups to randomize by group/site (i.e., using DAGs as a strata field), then it is possible to delete any given Data Access Group and thus cause catastrophic issues with the randomization process, especially if the randomization allocation table has already been uploaded and/or users have already begun to randomize records in the project. It now prevents users from deleting DAGs if randomization has already been enabled and set up. (Ticket #1135)? Major bug fix: If the function min() or max() is used in a calculated field, then auto-calculations (via data import, Data Quality rule H, etc.) might mistakenly not get triggered for this field and thus might leave the existing incorrect value as-is. This is related to bug fix for these functions in the previous version.? Bug fix: If a survey has custom survey theme options set (as opposed to using a pre-built theme), then the custom theme options would mistakenly not be reflected on the Survey Completion Text page after a participant has completed the survey.? Improvement: The User Rights page in a project now prevents users from mistakenly assigning themselves to a role that does not have User Rights privileges, which could inadvertently cause them to be locked out of that page in their own project.? Bug fix: If the first field on a data entry form is a drop-down autocomplete field that has no value entered yet, then the drop-down's choices will not be displayed automatically when the page loads. This is done in order to simulate the behavior of real drop-down fields and also because the previous behavior it confused some users and might even cause the website to react in unexpected ways if the list was very long when displayed on smaller screens.? Bug fix: If a user has uploaded a WAV audio file as an attachment on a Descriptive field on a form or survey, then it would not be able to play the sound file in any version of Internet Explorer if the user has selected the file to play in an embedded player on the page. (Ticket #1158)? Bug fix: When attempting to import a REDCap project XML file when creating a new project, in which the XML file contains data for checkbox fields, it would display an erroneous error message and would prevent the user from creating the project. (Ticket #1154)? Bug fix: When attempting to import a REDCap project XML file when creating a new project, in which the XML file contains data and also contains Data Access Group assignments for the records in the data, it would throw an erroneous error and prevent the user from creating the project. It now ignores any DAG assignments in the XML data during the project creation process since no DAGs will actually be created in the new project during this process.? Bug fix: If a project has fields that contain UTF-8/non-Latin characters that have been encoded incorrectly (often due to Microsoft Excel not saving a data dictionary in the right character encoding), then the project might mistakenly not sync to the REDCap Mobile App when attempting to set up the project on a mobile device.? Bug fix: If a field in a project is selected to be the Secondary Unique Field and that field also has field validation (e.g., integer, email), then the field validation will mistakenly get removed when viewing that field on the data entry form or survey page, thus allowing data in any format to be entered without validation. (Ticket #1138)? Bug fix: If a field is hidden because of the action tag @HIDDEN, @HIDDEN-SURVEY, or @HIDDEN-FORM, then it would mistakenly not hide the section header belonging to that field's section if all fields in the section were hidden (due to either branching logic or due to @HIDDEN action tags).? Change: On the Survey Settings page in the Online Designer, the text for the "Delete Survey" button at the bottom of the page has been changed to "Delete Survey Settings" to reduce confusion regarding what the button does.? Bug fix: Due to changes in MySQL 5.7.4, a database table cannot have a date field with '0000-00-00' as a default, which was causing some issues during REDCap installation.? Bug fix: When utilizing the Randomization module in a project and using one or more strata fields, if a user is randomizing a record but does not have edit privileges to a data entry form on which one of the strata fields is located, then it would mistakenly allow the user to modify the value of the field during the randomization process despite not having edit privileges to do so.? Bug fix: When resetting the password of a user when using Table-based authentication, it might sometimes mistakenly lock the user out of REDCap for a limited period of time (as if they had several failed login attempts) after clicking the "Set your new password" link in their email. This was supposedly fixed in earlier versions but still persisted randomly in rare cases.? Bug fix: If new Table-based users are being created via uploaded CSV file on the "Create Users (Bulk Upload)" page in the Control Center and they have non-Latin/UTF-8 characters in their name, comments, or other attributes, it would not be able to display those attributes correctly when viewing the user's account on the Browse Users page if the CSV file being uploaded was not encoded correctly as UTF-8 encoding with a BOM (byte-order mark).Version 6.12.2 - (released 3/18/2016)Major bug fix: If the function min() or max() is used in a calculated field in which one of the values used in the function is blank/null, then auto-calculations (via data import, Data Quality rule H, etc.) would mistakenly return an incorrect answer. This is despite the fact that it would calculate it correctly when viewing the calculated value on a data entry form or survey. In this way, the calculation might get saved correctly initially but then may get changed later to the incorrect value via auto-calculations or by running rule H in the Data Quality module.Major bug fix: If a calculated field has somehow ended up having an incorrect value when its value should instead be blank/null, then auto-calculations (via data import, Data Quality rule H, etc.) would mistakenly not be able to correct the value to set it as blank/null. This would often be seen when running rule H in the Data Quality module, in which it would appear not to fix any values even though it said that it did fix them. (Ticket?#1156)Major bug fix: If a user executes rule H in the Data Quality module in which some of the values listed exist on a data entry form that has been locked, then the process will fail when the user attempts to fix all incorrect calculated values, even though it may mistakenly say that it did fix them. This prevents any of the calculations from being fixed in the project. (Ticket?#1156)Bug fix: If a user accesses a data entry form that has been disabled (either because they have read-only form rights or because the form is locked), then calculations could be triggered on that page when the page loads, thus changing the values of the calc fields and possibly showing/hiding other fields if they have branching logic based on those calc fields. This is normally fine if the data is not being saved; however, if the user leaves the page, it would mistakenly display for them the "Save your changes?" dialog, which inadvertently allows them to save the values of those calc fields even though they should not be able to modify data on that page. (Ticket?#1128)Bug fix: If a drop-down field on a survey has a Stop Action and the auto-complete feature is enabled for the drop-down field, then if the Stop Action gets triggered by a participant, then it would not correctly remove the field's value if the participant clicked the button "Continue survey and undo last response" and might also cause lots of popups to pile on top of each other.Bug fix: If a survey participant is using IE6 or IE7, then it would throw a?JavaScript??error on the Survey Completion Text page after completing the survey (although it would successfully save their responses with no problem). (Ticket?#1142)Version 6.12.1 - (released 3/9/2016)? New feature: Live Filters for reportsAny report can now have up to 3 fields that can be designated as a Live Filter. The Live Filters are displayed as drop-downs when viewing a report at the top-right of the page, and selecting a Live Filter will cause the report to be re-run in real time using the Live Filter value as a filter.If exporting a report that has a Live Filter selected, the export popup window will provide an extra choice to allow the user to export the full report data set or to apply the currently selected Live Filter to the report when exporting.Note: Currently only multiple choice fields can be used as Live Filters (as well as Events, if longitudinal, and Data Access Groups, if any exist).? Improvement: The left-hand menu of each project now has collapsible sections so that a user may collapse the section for easier navigation or to have a more compact page. The collapsed state of each section in each project is remembered using a cookie on the user's device so that when a user returns to the project in the future, the menu section remains in the same collapsed/non-collapsed state as the last time they viewed it on that device.? Improvement: Performing data exports or viewing reports for projects containing very large amounts records, especially in conjunction with lots of events and/or fields, should not halt the export process very often anymore. In the past this might cause REDCap to display an error message saying "the data export is not able to complete" due to the large amount of data being exported or viewed. In the case when too much web server memory is used during the data export process, REDCap will now invisibly revert to a backup process that utilizes a local temp file on the server for temporarily storing data during the export process (rather than relying on server memory solely for this). This will allow the export process to complete successfully; however, the process will take several times longer to complete than if simply using server memory.? Change: When exporting an entire project as a REDCap Project XML file, it now provides the option "Include all uploaded files and signatures?", which is unchecked by default. In previous versions, it automatically included all uploaded files and signatures in the resulting XML file, but this often caused the export to fail due to the project either containing many files or containing very large files.? Change: A new parameter "exportFiles" (boolean) was added to the REDCap::getProjectXML developer method for plugins and hooks. The parameter, which defaults to FALSE, specifies whether or not the resulting XML will include all files (base64 encoded) that were uploaded for File Upload and Signature fields for all records in the project. Please note that while the previous version (6.12.0) exported all files in the resulting XML by default, it no longer does that and must now be specified explicitly.? Change: A new parameter "exportFiles" (boolean) was added to the "Export Project XML" API method. The parameter, which defaults to FALSE, specifies whether or not the resulting XML will include all files (base64 encoded) that were uploaded for File Upload and Signature fields for all records in the project. Please note that while the previous version (6.12.0) exported all files in the resulting XML by default, it no longer does that and must now be specified explicitly.? Bug fix: When uploading a data dictionary containing a calc field whose calculation has a syntactical error, it would mistakenly display some seemingly irrelevant numbers at the end of the error message, which could be confusing.? Bug fix: When using certain non-English translation files (i.e., French), the "Suspend user account" button might not display correctly or function on the Browse Users page in the Control Center. (Ticket?user information (closed: Will fix in upcoming release)" style="text-decoration: line-through; color: rgb(187, 0, 0); border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: rgb(187, 187, 187);">#1081)? Bug fix: When downloading the CSV file of the list of users in the popup on the Browse Users page in the Control Center, if the file contained any UTF-8 characters, it would mistakenly not add the Byte Order Mark (BOM) at the beginning of the file, thus preventing the file from being opened easily by most programs. (Ticket?#1099)? Bug fix: When exporting data to a statistical analysis package (e.g., SAS) if a multiple choice field in the project contains two or more choices having the same coded value, which is typically discouraged, it could throw an error in the statistical analysis software when loading in the syntax file from REDCap. In the case where duplicate codings exist for a given multiple choice field, it will now merge those choice labels together in the syntax file for the stats package when performing a data export.? Bug fix: If a data entry form is opened and the first field on it has a min/max range validation check, in which the value is already entered and is out of range, then if any dialog popups get displayed initially when the form loads (e.g., required fields were missing, data quality real-time execution rules were violated), it would mistakenly display the out-of-range error message for that first field whenever the user would click on a dialog popup on the page that happens to be obscuring the field in question.? Bug fix: When assigning an existing user in a project to a role or when re-assigning an existing user to another role, it would mistakenly display the "Notify user via email?" option above the role names when choosing their role. It should only display that option when initially adding a user to the project via assigning them to a role.? Bug fix: The time field was mistakenly not being validated for Step 3 when setting up Automated Survey Invitations with option "Send on next [day] at time [time]" and also when enabling reminders using option "Send every [day] at time [time]" when composing survey invitations. This could allow users to accidentally enter an invalid value, thus causing the invitations/reminders not to send at the desired time. (Ticket?#1136)? Bug fix: When clicking the "Use advanced logic" link in Step 3 when creating or editing a report in a project, if a text field for the filter value was left blank, then it would mistakenly convert that blank value to "undefined" in the advanced logic that is produced, rather than it being just two double quotes (i.e., "").Version 6.12.0 - (released 2/26/2016)? NEW FEATURES & IMPROVEMENTS:Improvement: New option to download charts displayed on the "Stats & Charts" tab of the "Data Exports, Reports, and Stats" module. The charts will download as PNG image files.New feature: Users may now export a project’s data in CDISC ODM format. This new option is found on the “Data Exports, Reports, and Stats” page in the data export popup when selecting export format.New feature: An entire REDCap project can now be exported as a single XML file (which happens to be in CDISC ODM format). The file includes events, arms, instruments, fields, and project attributes – even Descriptive field attachments. If the project contains data, then the user can also optionally export the project data (including uploaded files) in the same XML file. This XML file can serve as a snapshot or backup copy of the project, and can even be imported on the Create New Project page to create a clone (more or less) of the project.New feature: Create a new project from a REDCap XML file (or other XML file containing metadata in CDISC ODM format). This is a new option on the Create New Project page, which allows the user to optionally upload their XML file rather than choosing a project template or creating the project from scratch.New and improved SDK developer methods for plugins and hooksREDCap::getProjectXML – New method – Returns the contents of an entire project (records, events, arms, instruments, fields, and project attributes – even uploaded files and Descriptive field attachments) as a single XML file, which is in CDISC ODM format.REDCap::getData – Parameter for data format now accepts value of “odm” to export data in CDISC ODM format. This only returns data (not the project structure/metadata).REDCap::saveData – Parameter for data format now accepts value of “odm” to import data in CDISC ODM format. This only returns data (not the project structure/metadata).New and improved API methodsExport Project XML – New API method – Returns the contents of an entire project (records, events, arms, instruments, fields, and project attributes – even uploaded files and Descriptive field attachments) as a single XML file, which is in CDISC ODM format.Export Records – Parameter for data format now accepts value of “odm” to export data in CDISC ODM format. This only returns data (not the project structure/metadata).Import Records – Parameter for data format now accepts value of “odm” to import data in CDISC ODM format. This only returns data (not the project structure/metadata).Create Project – New optional parameter named “odm” can be used to pass the ODM XML string of an entire project’s structure (the same as output by the Export Project XML method) when creating a new project using a Super API Token. This will allow you not only to create the project with the API request, but also to import all fields, forms, and project attributes (and events and arms, if longitudinal) as well as record data all at the same time.? BUG FIXES & OTHER CHANGES:Major bug fix: When using Table-based authentication, in which a new user account is created and the user receives an email to set their password, in some cases it would mistakenly cause multiple false logins after loading the page, which might possibly trigger the auto-lockout feature. If this happens, the user would have to wait until after the set lockout period has passed, but it is possible that the auto-lockout could occur again, thus preventing the user from gaining access to REDCap for a while. This does not occur on all occasions but only randomly. This bug was thought to have been fixed in a prior version but apparently still occurred in certain cases. (Ticket?#1112)Bug fix: If running PHP 5.1 or 5.2 on the REDCap web server, REDCap might not be able to send emails successfully but instead will throw a PHP parsing error. Bug introduced in REDCap 6.11.0.Bug fix: When using a survey theme on a survey containing a matrix of fields, it would mistakenly not highlight the matrix field labels in green when focus is put on the field.Change: Added a new check to confirm that the version directory of the current REDCap version (e.g., redcap_v6.12.0) has not been mistakenly removed from the web server, thus resulting in a strange non-styled Home page or My Projects page.Bug fix: If the system-level setting "Enable the use of surveys in projects?" is disabled on the Modules Configuration page in the Control Center, then it would mistakenly still allow users to access survey modules in a project if surveys had been enabled in the project prior to the disabling of the system-level survey setting. (Ticket?#1124)Bug fix: The Logging page in a project would mistakenly not display the logged event correctly when uploading or downloading a file attachment on a Descriptive field. Instead it would display it similar to that of a file uploaded to a File Upload field.Version 6.11.5 - (released 2/12/2016)? New feature: Domain whitelist for cross-domain HTTP access control - By default, for flexibility purposes, AJAX requests (via?JavaScript?) can be made to REDCap from any domain/URL. If you wish to restrict this so that only certain domains can make cross-domain AJAX requests to REDCap, then you will need to set the domain name of all allowed access control origins (i.e., the domain of the URLs) in the text box to the right. If the text box is left blank (default), then any domain will be able to make cross-domain AJAX requests to REDCap. Restricting access control to specific domains is generally considered to make REDCap more secure to prevent against possible Cross-Site Scripting attacks by malicious users. This setting can be found at the bottom of the Security & Authentication page in the Control Center.? Improvement: When an instrument has been enabled as a survey and the survey has the setting "Auto-continue to next survey" enabled, then a down arrow icon will now appear in the Online Designer for that survey to denote that this setting has been enabled.? Major bug fix: It was mistakenly possible to import dates or datetime values that contained no dashes or slashes (e.g. 20160229 instead of 2016-02-29) via the Data Import Tool or API for date-, datetime-, or datetime_seconds-validated Text fields. This could result in storing incorrectly formatted date and datetime values.? Major bug fix: If a field in a project contained a double underscore in its variable name (because it was created in an older version of REDCap that mistakenly allowed the double underscore), then when downloading and uploading the data dictionary for the project when in production status, it would mistakenly remove the double underscore, thus resulting in the deletion of the original field and unwittingly orphaning data. (Ticket?#1012)? Bug fix: If using the Twilio telephony services for surveys and using multiple SMS/phone surveys in a single project when having the Twilio configuration option "Behavior for overlapping SMS invitations" set to "Allow participant to choose which survey to take next", then it might mistakenly include already-completed surveys in the list sent to the user. Also, it would mistakenly not include surveys in the list whose invitations are set to call the participant after the participant sends an SMS message with an access code.? Bug fix: When creating a new report in a project, if a user opted to use advanced logic for Step 3 (Filters), it would mistakenly not save the logic when creating the report but leave it blank. It would save correctly if advanced logic was added to an existing report but not to one that is being created.? Change: New videos for REDCap Mobile App? Bug fix: Some HTML character codes (such as " ") inside Field Labels would get mistakenly displayed on the Data Dictionary Codebook page for a project.? Bug fix: When exporting a project's logging as a CSV file on the Logging page, then if any UTF-8 characters existed in the CSV file, it would mistakenly not include a Byte Order Mark (BOM) at the beginning of the file. Without the BOM, the UTF-8 encoded file could not be opened in certain text editors or applications. (Ticket?#537)? Bug fix: When exporting a project's Participant List or Survey Invitation Log as a CSV file, then if any UTF-8 characters existed in the CSV file, it would mistakenly not include a Byte Order Mark (BOM) at the beginning of the file. Without the BOM, the UTF-8 encoded file could not be opened in certain text editors or applications. (Ticket?#1099)? Bug fix: If the text-to-speech feature is enabled on a survey that contains a logo at the top of the survey page, then the speaker icons that appear next to the survey title and instructions would mistakenly be in the wrong place on the page when the webpage loads instead of right next to the title and instructions text. (Ticket?#1113)? Bug fix: For certain server configurations, some stray double quote characters in the English.ini language file would cause the upgrade module to crash, thus making it impossible to complete the upgrade process to upgrade from a prior version.Version 6.11.4 - (released 2/5/2016)? Major bug fix: If the "Save & Return Later" option had been enabled for a survey and an instrument had been locked by a user for a specific record/response, then a survey participant having a unique survey link (as opposed to a public survey link) would mistakenly be able to return to the response and erase all the data values on the survey using the "Start Over" button, even though the responses should have been locked and not editable. This has been changed so that if the response is locked, it will not even display the "Start Over" button or the text field for entering a Return Code but instead will display to the survey participant a message saying that they cannot return to the response at this time because it is currently locked.? Bug fix: If trying to utilize the SSL/TLS connection to MySQL, it would mistakenly not be able to connect to the database at all. (Ticket?#1097)? Bug fix: If a project has the main "Use surveys in this project?" setting enabled but no instruments have been enabled as a survey yet, then it would mistakenly not display the "Manage Survey Participants" option on the User Rights page when adding/editing a user or role. (Ticket?#1100)Version 6.11.3 - (released 1/29/2016)? Bug fix: On certain pages, such as the "Table-based User Management" page in the Control Center, in which the PEAR DB module is utilized for database connections, if REDCap was not using the default MySQL port (i.e., 3306), then the page would result in a fatal PHP error. This bug emerged in version 6.11.0.? Bug fix: The project Logging page was mistakenly not noting if a record was created or updated via a data import. It now says "(import)" after "Created Record" or "Updated Record" in the Action column if the record was imported via the Data Import Tool page.? Bug fix: When saving text values containing apostrophes for text boxes on many Control Center system configuration pages, it would save the values correctly but would mistakenly not re-display the values correctly if the page was revisited, in which the value in the text box would get truncated at the location of apostrophe. So if the reloaded page was then saved again, then the truncated value would mistakenly get saved. (Ticket?#1083)? Bug fix: If using the Twilio telephony services for surveys, then if a participant was added to the Participant List but the participant had not yet started the survey, and then a user attempted to change their Invitation Preference in the Participant List, it would appear to change but mistakenly would not, which could be seen once the page was reloaded.? Bug fix: When using the Data Search feature on the?Add/Edit??Records page in a project and entering "b" as the search query, it would mistakenly return a result with the HTML tag "<b>" highlighted in the result instead of the first "b" in the data value.? Bug fix: After having set the conditions for an Automated Survey Invitation in the Online Designer, in which a survey has been selected in the drop-down list in Step 2 of the Automated Survey Invitations setup, if a user then changed that drop-down's value back to "select a survey" (the default value), it would mistakenly display an error popup message. It should instead not display any message at all in that case.? Bug fix: On the Browse Users page of the Control Center when viewing a user, the "Suspend user account" button might mistakenly not work when clicked if using certain language translation files for REDCap, such as French. (Ticket?user information (closed: Will fix in upcoming release)" style="text-decoration: line-through; color: rgb(187, 0, 0); border-bottom-width: 1px; border-bottom-style: dotted; border-bottom-color: rgb(187, 187, 187);">#1081)? Change: "action" was added to the reserved variable name list to prevent users from creating fields with that variable name since it can cause?JavaScript??errors to occur on a survey or form in certain browsers when the field is used in branching logic. (Ticket?#1093)? Bug fix: When using the Randomization module in a project and performing randomization for a record on a data entry form, if the randomization field has any HTML inside its field label or its choice labels, then in the popup displayed after a successful randomization, it would mistakenly display the label's HTML as escaped rather than having the HTML be interpreted on the page. This makes it more consistent with how the label is displayed on the data entry form. (Ticket?#1091)? Bug fix: Users in a longitudinal project would mistakenly be able to delete all events in the project if they deleted the second to last event and then immediately deleted the last event prior to leaving the page. It now prevents users from deleting all events, which can cause problems in the project such as not displaying certain things correctly. (Ticket?#1073)? Change: The Help & FAQ page was updated.? Change/improvement: If the Survey Login feature is enabled in a project, it now offers a "Show value" checkbox immediately below each login field, and when checked it will remove the password mask from the field to allow the participant to view the value as clear text. Removing the mask may be necessary in certain cases, such as entering specially formatted values like dates/times and also when using mobile devices, on which it might be more difficult to type with accuracy. Note: The password mask feature for text fields on the survey login form were added recently in version 6.11.0, whereas in prior versions the password fields had unmasked clear text values. (Ticket?#1084)? Bug fix: When using the Scheduling module in a longitudinal project containing more than one arm, it would mistakenly not allow users to generate a new schedule for records that exist in more than one arm and have been scheduled for at least one arm already. (Ticket?#1020)Version 6.11.2 - (released 1/16/2016)? Major bug fix: When using Table-based authentication, in which a new user account is created and the user receives an email to set their password, in some cases it would mistakenly cause multiple false logins after loading the page, which might possibly trigger the auto-lockout feature. If this happens, the user would have to wait until after the set lockout period has passed, but it is possible that the auto-lockout could occur again, thus preventing the user from gaining access to REDCap for a while. This does not occur on all occasions but only randomly. (Ticket?#1071)? Medium security vulnerability: It was discovered that SQL Injection might be possible on the File Repository page if a malicious user knows how to send a specifically-crafted request to REDCap to exploit the vulnerability.? Change: When performing the field mapping step in the Dynamical Data Pull (DDP) module in a project, it would display a question mark icon next to each field in the tree of source fields even if the metadata web service does not provide a "description" attribute for the field. This could be confusing since the icon would essentially serve no purpose in this case. It now only displays the icon if a description is actually provided by the metadata web service for a given field.? Bug fix: The Import Users API method had a mistake in its documentation, in which it said the "content" parameter should be "user_rights" when it should instead be "user".? Bug fix: If a survey has the "Save & Return Later" feature enabled and also allows respondents to edit completed responses, then the Return Codes export on the "Data Exports, Reports, and Stats" page would mistakenly leave blank all the return codes for completed responses in the exported CSV file.? Bug fix: When using the REDCap Mobile App page in a project, in which the project has been set up on the mobile app and then the user has performed an emergency data dump from the app, if a file from a Signature field or File Upload field was uploaded to the Mobile App File Archive, its download icon on the page would mistakenly say "Excel CSV". That should only happen for CSV files, such as a logging file or data dump CSV on that page. (Ticket?#1074)? Change: When a project is in production status, it was too difficult for users to find the Check For Identifiers page, so it has now been added to the bottom of the Project Setup page when the project is in production.? Bug fix: When opening the?Add/Edit??Field popup in the Online Designer, it was mistakenly displaying the Field Annotation section for Section Headers when it should not be displayed for them. (Ticket?#1072)? Bug fix: When HTML tags and/or CSS is used inside the Field Label of a required field and a user or survey participant submits the page without having entered a value for the field, it would display the Field Label in a popup when listing which fields have a missing value, but it would mistakenly strip out all HTML in the Field Label. It now maintains all the HTML and styling when displaying it inside the required field popup.? Bug fix: In a longitudinal project that has multiple arms and the first instrument is enabled as a survey, when adding the first event to an empty arm, it would display an erroneous warning message saying that the first event of the arm was moved to another position, which is not correct and should not be displayed in this scenario. (Ticket#1070)? Bug fix: When the Dynamic Data Pull (DDP) module is enabled for a project, on certain occasions the DDP Mapping page might mistakenly display a field at the bottom of the mapping table and list it erroneously as a composite field.? Bug fix: If the Secondary Unique Field feature is enabled in a project, there are certain occasions on which a user or participant might be able to bypass the uniqueness check when submitting values on a form or survey.Version 6.11.1 - (released 12/22/2015)? Change/improvement: When users are being assigned to a role while being granted access to a project on the User Rights page, it now displays a checkbox option to have the user emailed in order to notify them of having been granted access to the project. In previous versions, there was no way to notify a user when being added to a project via role assignment. (Ticket?#1051)? Bug fix: When using the plugin/hook method REDCap::getPDF() for an instrument that has been enabled as a survey, it would mistakenly return the form version of the PDF rather than the survey version of the PDF, which includes the survey title, instructions, and survey completion time.? Bug fix: Several places in REDCap currently send an email in which the From and To address are the same (e.g., emailing a survey Return Code, emailing a confirmation that someone has downloaded a Send-It file, when a Table-based user recovers their password), but that can sometimes cause the email not to be received by the recipient because it can get flagged as spam by certain email services. In those cases, REDCap now uses the email address of the Project Contact Person as to email sender for greater compatibility.? Bug fix: The "Map of Users" page in the Control Center would mistakenly no longer load the map due to changes in the Google Maps API. (Ticket?#1058)? Bug fix: If a user is on the File Repository page in a project and selects the "All?Exports/Types?" to filter data export files, it would mistakenly display the files from the last export instead. (Ticket?#1060)? Bug fix: If a user is on the File Repository page in a project and makes a selection in the drop-down list to filter data export files, in which it will return zero files for that selection, then when the page is redisplayed it would mistakenly hide the "filter by" drop-down, thus making it impossible to make another selection, and the user would be forced to click the Back button in their browser and click on a tab above.? Bug fix: When copying a project or creating a new project from a Project Template, it would mistakenly not copy certain project attributes from the original project, such as if the Randomization module is enabled.? Bug fix: When using the Randomization module in a project and moving the project to production after some records have been randomized while in development status, it would mistakenly leave the "Randomize record" events in the project's Logging history when all records are being deleted during the move-to-production process. It now removes those logged events from the Logging.? Bug fix: The plugin/hook method REDCap::getSurveyLink() would mistakenly return a survey link if provided with a record name for a record that does not yet exist. Also, in a longitudinal project it would mistakenly return a survey link for a record that has not been created in a given arm when an event_id from that arm has been passed as a parameter in the method, and if the link was used by a respondent, it would create the record in the other arm. In these situations, it should instead return NULL.Version 6.11.0 - (released 12/18/2015)? NEW FEATURES & IMPROVEMENTS:New API methods (please see the API documentation embedded in REDCap for details regarding these methods)Arm import/delete - for longitudinal projects only; requires API Import privileges and Project?Design/Setup??privilegesEvent import/delete - for longitudinal projects only; requires API Import privileges and Project?Design/Setup??privilegesImport instrument-event mappings - for longitudinal projects only; requires API Import privileges and Project?Design/Setup??privilegesImport metadata, i.e. data dictionary - available only in development status; requires API Import privileges and Project?Design/Setup??privilegesImport users (import new users into a project while setting their user privileges, or update the privileges of existing users in the project.) - requires API Import privileges and User Rights privilegesCreate projectAllows a user to create a new REDCap project while setting some project attributes, such as project title, project purpose, enable/disable record auto-numbering, enable the project as longitudinal, and enable surveys in the project.This method requires a Super API Token that must be granted to a user by a REDCap administrator on the API Tokens page in the Control Center.After the super token has been granted, the user can view the super token on their My Profile page.Improvement: Added support for hosting REDCap in Google Cloud? HYPERLINK "" AppEngine??(with Google Cloud Storage). When hosted on the Google Cloud Platform, you can set file storage option to “Google Cloud Storage” on the File Upload Settings page and provide the names of the buckets where the files will be stored. It also works seamlessly to connect with Google Cloud SQL that would host the MySQL backend for REDCap.Improvement: REDCap now supports secure connections to MySQL using SSL/TLS. The following PHP variables must be added into database.php in the main "redcap" directory (the first 3 are required at minimum, while the last 2 might be optional for certain configurations).$db_ssl_key = '';// e.g., '/etc/mysql/ssl/client-key.pem'$db_ssl_cert = '';// e.g., '/etc/mysql/ssl/client-cert.pem'$db_ssl_ca = '';// e.g., '/etc/mysql/ssl/ca-cert.pem'$db_ssl_capath = NULL;$db_ssl_cipher = NULL;? Improvement: Users may now download and upload arms and events as a CSV file on the “Define My Events” page, as well as download and upload the instrument-event designations as a CSV file on the “Designate Instruments for My Events” page. Using these methods, users can now fully reconstruct the structure of a project if they wish to copy it, in which they could download the data dictionary file, arms file, events file, event mappings file, and data export file, and then upload all of them into a new project to recreate it. In previous versions, this could only be done for classic projects, but this now allows it to be done for longitudinal projects. When uploading the CSV file for arms, events, or event mappings, it will display a preview to the user to show what changes will be made, such as which things may be added, modified, deleted, or stay the same.? Improvement: “select all” and “deselect all” links were added to the “Designate Instruments for My Events” page to allow users to more easily check off the checkboxes if many instruments and/or events exist in the project.? Improvement: When assigning projects to Project Folders, there is now a checkbox option to hide archived projects in the project list. This should make it easier for users to ignore those projects during the folder assignment process.? Improvement: A new optional API parameter named "filterLogic" was API method "Export Records". filterLogic should be a string of logic text (e.g., [age] > 30) for filtering the data to be returned by this API method, in which the API will only return the records (or record-events, if a longitudinal project) where the logic evaluates as TRUE. This parameter is blank/null by default unless a value is supplied. Please note that if the filter logic contains any incorrect syntax, the API will respond with an error message.? Improvement: The Activity Graphs page in the Control Center now includes two new charts: 1) Database Usage (MB), and 2) Usage by Uploaded Files (MB).* BUG FIXES & OTHER CHANGES:? Change/improvement: If the Survey Login feature is enabled in a project, it now performs a password mask for the text fields on the survey login form in order to obscure the participant's password value(s). In previous versions, the password fields were displayed as clear text.? Changes to existing API methodsChange: For the API method “Export Users”, many more user privilege rights are included in the response. The following is the full header list: username,email,firstname,lastname,expiration,data_access_group,data_access_group_id,design,user_rights,data_access_groups,data_export,reports,stats_and_charts,manage_survey_participants,calendar,data_import_tool,data_comparison_tool,logging,file_repository,data_quality_create,data_quality_execute,api_export,api_import,mobile_app,mobile_app_download_data,record_create,record_rename,record_delete,lock_records_all_forms,lock_records,lock_records_customization,formsChange: For the API method “Export Users”, when requesting a response in CSV format, form-level rights are returned in a different format in order to prevent possible duplication of other new user privileges that are returned, in which all form rights will now be consolidated into a single column named “forms” (whereas in previous versions each form was represented as an individual column). The last column of the CSV string returned will have “forms” as the header, and the value will be each [unique] form name and its numerical value as a colon-separated pair with all the form value pairs strung together as a single comma-separated string (e.g. “demographics:1,visit_data:3,baseline:1”). See a full CSV example below of two users exported from a project.username,email,firstname,lastname,expiration,data_access_group,data_access_group_id,design,user_rights,data_access_groups,data_export,reports,stats_and_charts,manage_survey_participants,calendar,data_import_tool,data_comparison_tool,logging,file_repository,data_quality_create,data_quality_execute,api_export,api_import,mobile_app,mobile_app_download_data,record_create,record_rename,record_delete,lock_records_all_forms,lock_records,lock_records_customization,forms harrispa,test1@,Joe,User1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,"demographics:3,baseline_data:1,visit_lab_data:1,patient_morale_questionnaire:1,visit_blood_workup:1,completion_data:1,completion_project_questionnaire:1,visit_observed_behavior:1" taylorr4,test2@,Joe,User,2015-12-08,group_a,1,0,0,0,2,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,"demographics:3,baseline_data:1,visit_lab_data:1,patient_morale_questionnaire:1,visit_blood_workup:1,completion_data:1,completion_project_questionnaire:1,visit_observed_behavior:1"? Change: For the API method “Export Users”, when requesting a response in XML format, the main parent tags at the beginning and end of the response will no longer be <records> but instead will be <users> to be less confusing (since “records” often denotes something else in REDCap) and also to be more consistent with how other API methods return XML items.? Change: For the API method “Export Users”, the new “data_access_group_id” field was added, in which it returns the numerical group ID number that the “data_access_group” field used to return in previous versions. And now, the unique group name of a user’s Data Access Group is returned for the “data_access_group” field rather than the numerical group ID number.? Change: The API method “Export Instrument-Event Mappings” now returns a different structure if exporting as JSON or XML (however, the CSV format will remain the same). It will now export with “arm_num”, “unique_event_name”, and “form” as attributes of each item/mapping, as seen in the JSON/XML examples below.? JSON example:[{"arm_num":1,"unique_event_name":"event_2_arm_1","form":"demographics"}, {"arm_num":1,"unique_event_name":"event_2_arm_1","form":"baseline_data"}, {"arm_num":3,"unique_event_name":"visit_2_arm_3","form":"completion_data"}]? XML example:<?xml version="1.0" encoding="UTF-8" ?> <items> <item><arm_num>1</arm_num><unique_event_name>event_2_arm_1</unique_event_name><form>demographics</form></item> <item><arm_num>1</arm_num><unique_event_name>event_2_arm_1</unique_event_name><form>baseline_data</form></item> <item><arm_num>3</arm_num><unique_event_name>visit_2_arm_3</unique_event_name><form>completion_data</form></item> </items>? Improvement: For “Export Project Information” API method, the following two project attributes were added:secondary_unique_field – The variable name of the secondary unique field defined in the project (if applicable).display_today_now_button – Value will be “0” or “1” (i.e. False or True). If “0”, then do NOT display the today/now button next to date/datetime fields on data entry forms and surveys. If “1” (default), display them.? Change: When using an API token associated with a super user account, the API now recognizes the API user as having maximum privileges (i.e., super user privileges) with regard to API requests, whereas in previous versions it only inferred the user's privileges literally from what is defined on the project's User Rights page, which was inconsistent with how super user rights are recognized by REDCap in the front-end user interface.? Change/improvement: The Control Center's System Statistics page now has the counts for Total Logged Events and Dynamic Data Pull (DDP) separated as separate AJAX calls since it was causing the whole table to load very slowly on the page.? Small security fix: When a table-based user would reset their password, the password value would mistakenly be displayed on the page (although invisible) for a fraction of a second before the page immediately redirected elsewhere once the page loaded.? Bug fix: Small issue with PHP autoload function that only affects specific PHP configurations, in which it would throw a fatal PHP error when attempting to install REDCap.? Bug fix: If using Google OpenID authentication and the REDCap web server does not have cURL installed, it would throw an error during login.? Change: If using Google OpenID authentication and a user logs in for the first time, it will now capture the user's first name, last name, and email address and add them to the user's REDCap account automatically.? Improvement: When installing REDCap, it is now possible to use the MySQL socket value in the database configuration by adding the PHP variable $db_socket to database.php in the main "redcap" directory.? Bug fix: If a user has some kind of Data Export privileges but does not have?Add/Edit??Reports privileges, when the user navigates to the "Data Exports, Reports, and Stats" page, it mistakenly displays a blank page and thus will not let them view a report or export data. (Ticket?#1055)? Bug fix: The Field Note text of certain left-aligned fields (e.g. Notes fields) when displayed on surveys or forms would mistakenly begin wrapping their text to the next line after only going halfway across the webpage. Field Notes now extend to the full width of their column in the question table.? Bug fix: When executing an API request in the API Playground for particular web server configurations, it would mistakenly not return anything from the request with an HTTP status code of "0". This was improved in version 6.9.7 but still gave issues for some.Version 6.10.11 - (released 3/18/2016)??Major bug fix: If the function min() or max() is used in a calculated field in which one of the values used in the function is blank/null, then auto-calculations (via data import, Data Quality rule H, etc.) would mistakenly return an incorrect answer. This is despite the fact that it would calculate it correctly when viewing the calculated value on a data entry form or survey. In this way, the calculation might get saved correctly initially but then may get changed later to the incorrect value via auto-calculations or by running rule H in the Data Quality module.Major bug fix: If a calculated field has somehow ended up having an incorrect value when its value should instead be blank/null, then auto-calculations (via data import, Data Quality rule H, etc.) would mistakenly not be able to correct the value to set it as blank/null. This would often be seen when running rule H in the Data Quality module, in which it would appear not to fix any values even though it said that it did fix them. Major bug fix: If a user executes rule H in the Data Quality module in which some of the values listed exist on a data entry form that has been locked, then the process will fail when the user attempts to fix all incorrect calculated values, even though it may mistakenly say that it did fix them. This prevents any of the calculations from being fixed in the project. Bug fix: When clicking the "Use advanced logic" link in Step 3 when creating or editing a report in a project, if a text field for the filter value was left blank, then it would mistakenly convert that blank value to "undefined" in the advanced logic that is produced, rather than it being just two double quotes (i.e., "").Bug fix: If a survey has custom survey theme options set (as opposed to using a pre-built theme), then the custom theme options would mistakenly not be reflected on the Survey Completion Text page after a participant has completed the survey.Bug fix: If a user accesses a data entry form that has been disabled (either because they have read-only form rights or because the form is locked), then calculations could be triggered on that page when the page loads, thus changing the values of the calc fields and possibly showing/hiding other fields if they have branching logic based on those calc fields. This is normally fine if the data is not being saved; however, if the user leaves the page, it would mistakenly display for them the "Save your changes?" dialog, which inadvertently allows them to save the values of those calc fields even though they should not be able to modify data on that page. Bug fix: If a drop-down field on a survey has a Stop Action and the auto-complete feature is enabled for the drop-down field, then if the Stop Action gets triggered by a participant, then it would not correctly remove the field's value if the participant clicked the button "Continue survey and undo last response" and might also cause lots of popups to pile on top of each other.Bug fix: If a survey participant is using IE6 or IE7, then it would throw a?JavaScript??error on the Survey Completion Text page after completing the survey (although it would successfully save their responses with no problem). Version 6.10.10 - (released 3/4/2016)Bug fix: When uploading a data dictionary containing a calc field whose calculation has a syntactical error, it would mistakenly display some seemingly irrelevant numbers at the end of the error message, which could be confusing.Bug fix: When using certain non-English translation files (i.e., French), the "Suspend user account" button might not display correctly or function on the Browse Users page in the Control Center. Bug fix: When downloading the CSV file of the list of users in the popup on the Browse Users page in the Control Center, if the file contained any UTF-8 characters, it would mistakenly not add the Byte Order Mark (BOM) at the beginning of the file, thus preventing the file from being opened easily by most programs. Bug fix: When exporting data to a statistical analysis package (e.g., SAS) if a multiple choice field in the project contains two or more choices having the same coded value, which is typically discouraged, it could throw an error in the statistical analysis software when loading in the syntax file from REDCap. In the case where duplicate codings exist for a given multiple choice field, it will now merge those choice labels together in the syntax file for the stats package when performing a data export.Bug fix: If a data entry form is opened and the first field on it has a min/max range validation check, in which the value is already entered and is out of range, then if any dialog popups get displayed initially when the form loads (e.g., required fields were missing, data quality real-time execution rules were violated), it would mistakenly display the out-of-range error message for that first field whenever the user would click on a dialog popup on the page that happens to be obscuring the field in question.Bug fix: The time field was mistakenly not being validated for Step 3 when setting up Automated Survey Invitations with option "Send on next [day] at time [time]" and also when enabling reminders using option "Send every [day] at time [time]" when composing survey invitations. This could allow users to accidentally enter an invalid value, thus causing the invitations/reminders not to send at the desired time. Version 6.10.9 - (released 2/26/2016)Major bug fix: When using Table-based authentication, in which a new user account is created and the user receives an email to set their password, in some cases it would mistakenly cause multiple false logins after loading the page, which might possibly trigger the auto-lockout feature. If this happens, the user would have to wait until after the set lockout period has passed, but it is possible that the auto-lockout could occur again, thus preventing the user from gaining access to REDCap for a while. This does not occur on all occasions but only randomly. This bug was thought to have been fixed in a prior version but apparently still occurred in certain cases. Bug fix: When using a survey theme on a survey containing a matrix of fields, it would mistakenly not highlight the matrix field labels in green when focus is put on the field.Bug fix: If the system-level setting "Enable the use of surveys in projects?" is disabled on the Modules Configuration page in the Control Center, then it would mistakenly still allow users to access survey modules in a project if surveys had been enabled in the project prior to the disabling of the system-level survey setting. Bug fix: The Logging page in a project would mistakenly not display the logged event correctly when uploading or downloading a file attachment on a Descriptive field. Instead it would display it similar to that of a file uploaded to a File Upload field.Version 6.10.8 - (released 2/12/2016)Major bug fix: It was mistakenly possible to import dates or datetime values that contained no dashes or slashes (e.g. 20160229 instead of 2016-02-29) via the Data Import Tool or API for date-, datetime-, or datetime_seconds-validated Text fields. This could result in storing incorrectly formatted date and datetime values.Major bug fix: If a field in a project contained a double underscore in its variable name (because it was created in an older version of REDCap that mistakenly allowed the double underscore), then when downloading and uploading the data dictionary for the project when in production status, it would mistakenly remove the double underscore, thus resulting in the deletion of the original field and unwittingly orphaning data. Bug fix: If using the Twilio telephony services for surveys and using multiple SMS/phone surveys in a single project when having the Twilio configuration option "Behavior for overlapping SMS invitations" set to "Allow participant to choose which survey to take next", then it might mistakenly include already-completed surveys in the list sent to the user. Also, it would mistakenly not include surveys in the list whose invitations are set to call the participant after the participant sends an SMS message with an access code.Bug fix: When creating a new report in a project, if a user opted to use advanced logic for Step 3 (Filters), it would mistakenly not save the logic when creating the report but leave it blank. It would save correctly if advanced logic was added to an existing report but not to one that is being created.Change: New videos for REDCap Mobile AppBug fix: Some HTML character codes (such as "&nbsp;") inside Field Labels would get mistakenly displayed on the Data Dictionary Codebook page for a project.Bug fix: When exporting a project's logging as a CSV file on the Logging page, then if any UTF-8 characters existed in the CSV file, it would mistakenly not include a Byte Order Mark (BOM) at the beginning of the file. Without the BOM, the UTF-8 encoded file could not be opened in certain text editors or applications. Bug fix: When exporting a project's Participant List or Survey Invitation Log as a CSV file, then if any UTF-8 characters existed in the CSV file, it would mistakenly not include a Byte Order Mark (BOM) at the beginning of the file. Without the BOM, the UTF-8 encoded file could not be opened in certain text editors or applications. Bug fix: If the text-to-speech feature is enabled on a survey that contains a logo at the top of the survey page, then the speaker icons that appear next to the survey title and instructions would mistakenly be in the wrong place on the page when the webpage loads instead of right next to the title and instructions text. Version 6.10.7 - (released 2/5/2016)Major bug fix: If the "Save & Return Later" option had been enabled for a survey and an instrument had been locked by a user for a specific record/response, then a survey participant having a unique survey link (as opposed to a public survey link) would mistakenly be able to return to the response and erase all the data values on the survey using the "Start Over" button, even though the responses should have been locked and not editable. This has been changed so that if the response is locked, it will not even display the "Start Over" button or the text field for entering a Return Code but instead will display to the survey participant a message saying that they cannot return to the response at this time because it is currently locked.Bug fix: If a project has the main "Use surveys in this project?" setting enabled but no instruments have been enabled as a survey yet, then it would mistakenly not display the "Manage Survey Participants" option on the User Rights page when adding/editing a user or role. Version 6.10.6 - (released 1/29/2016)Bug fix: The project Logging page was mistakenly not noting if a record was created or updated via a data import. It now says "(import)" after "Created Record" or "Updated Record" in the Action column if the record was imported via the Data Import Tool page.Bug fix: When saving text values containing apostrophes for text boxes on many Control Center system configuration pages, it would save the values correctly but would mistakenly not re-display the values correctly if the page was revisited, in which the value in the text box would get truncated at the location of apostrophe. So if the reloaded page was then saved again, then the truncated value would mistakenly get saved. Bug fix: If using the Twilio telephony services for surveys, then if a participant was added to the Participant List but the participant had not yet started the survey, and then a user attempted to change their Invitation Preference in the Participant List, it would appear to change but mistakenly would not, which could be seen once the page was reloaded.Bug fix: When using the Data Search feature on the?Add/Edit??Records page in a project and entering "b" as the search query, it would mistakenly return a result with the HTML tag "<b>" highlighted in the result instead of the first "b" in the data value.Bug fix: After having set the conditions for an Automated Survey Invitation in the Online Designer, in which a survey has been selected in the drop-down list in Step 2 of the Automated Survey Invitations setup, if a user then changed that drop-down's value back to "select a survey" (the default value), it would mistakenly display an error popup message. It should instead not display any message at all in that case.Bug fix: On the Browse Users page of the Control Center when viewing a user, the "Suspend user account" button might mistakenly not work when clicked if using certain language translation files for REDCap, such as French. Bug fix: When using the Randomization module in a project and performing randomization for a record on a data entry form, if the randomization field has any HTML inside its field label or its choice labels, then in the popup displayed after a successful randomization, it would mistakenly display the label's HTML as escaped rather than having the HTML be interpreted on the page. This makes it more consistent with how the label is displayed on the data entry form. Bug fix: Users in a longitudinal project would mistakenly be able to delete all events in the project if they deleted the second to last event and then immediately deleted the last event prior to leaving the page. It now prevents users from deleting all events, which can cause problems in the project such as not displaying certain things correctly. Bug fix: When using the Scheduling module in a longitudinal project containing more than one arm, it would mistakenly not allow users to generate a new schedule for records that exist in more than one arm and have been scheduled for at least one arm already. Version 6.10.5 - (released 1/15/2016)Major bug fix: When using Table-based authentication, in which a new user account is created and the user receives an email to set their password, in some cases it would mistakenly cause multiple false logins after loading the page, which might possibly trigger the auto-lockout feature. If this happens, the user would have to wait until after the set lockout period has passed, but it is possible that the auto-lockout could occur again, thus preventing the user from gaining access to REDCap for a while. This does not occur on all occasions but only randomly. Medium security vulnerability: It was discovered that SQL Injection might be possible on the File Repository page if a malicious user knows how to send a specifically-crafted request to REDCap to exploit the vulnerability.Bug fix: If a survey has the "Save & Return Later" feature enabled and also allows respondents to edit completed responses, then the Return Codes export on the "Data Exports, Reports, and Stats" page would mistakenly leave blank all the return codes for completed responses in the exported CSV file.Bug fix: When using the REDCap Mobile App page in a project, in which the project has been set up on the mobile app and then the user has performed an emergency data dump from the app, if a file from a Signature field or File Upload field was uploaded to the Mobile App File Archive, its download icon on the page would mistakenly say "Excel CSV". That should only happen for CSV files, such as a logging file or data dump CSV on that page. Bug fix: When opening the?Add/Edit??Field popup in the Online Designer, it was mistakenly displaying the Field Annotation section for Section Headers when it should not be displayed for them. Bug fix: When HTML tags and/or CSS is used inside the Field Label of a required field and a user or survey participant submits the page without having entered a value for the field, it would display the Field Label in a popup when listing which fields have a missing value, but it would mistakenly strip out all HTML in the Field Label. It now maintains all the HTML and styling when displaying it inside the required field popup.Bug fix: In a longitudinal project that has multiple arms and the first instrument is enabled as a survey, when adding the first event to an empty arm, it would display an erroneous warning message saying that the first event of the arm was moved to another position, which is not correct and should not be displayed in this scenario. Bug fix: When the Dynamic Data Pull (DDP) module is enabled for a project, on certain occasions the DDP Mapping page might mistakenly display a field at the bottom of the mapping table and list it erroneously as a composite field.Bug fix: If the Secondary Unique Field feature is enabled in a project, there are certain occasions on which a user or participant might be able to bypass the uniqueness check when submitting values on a form or survey.Version 6.10.4 - (released 12/22/2015)Bug fix: When using the plugin/hook method REDCap::getPDF() for an instrument that has been enabled as a survey, it would mistakenly return the form version of the PDF rather than the survey version of the PDF, which includes the survey title, instructions, and survey completion time.Bug fix: Several places in REDCap currently send an email in which the From and To address are the same (e.g., emailing a survey Return Code, emailing a confirmation that someone has downloaded a Send-It file, when a Table-based user recovers their password), but that can sometimes cause the email not to be received by the recipient because it can get flagged as spam by certain email services. In those cases, REDCap now uses the email address of the Project Contact Person as to email sender for greater compatibility.Bug fix: The "Map of Users" page in the Control Center would mistakenly no longer load the map due to changes in the Google Maps API. Bug fix: If a user is on the File Repository page in a project and selects the "All?Exports/Types?" to filter data export files, it would mistakenly display the files from the last export instead. Bug fix: If a user is on the File Repository page in a project and makes a selection in the drop-down list to filter data export files, in which it will return zero files for that selection, then when the page is redisplayed it would mistakenly hide the "filter by" drop-down, thus making it impossible to make another selection, and the user would be forced to click the Back button in their browser and click on a tab above.Bug fix: When using the Randomization module in a project and moving the project to production after some records have been randomized while in development status, it would mistakenly leave the "Randomize record" events in the project's Logging history when all records are being deleted during the move-to-production process. It now removes those logged events from the Logging.Bug fix: The plugin/hook method REDCap::getSurveyLink() would mistakenly return a survey link if provided with a record name for a record that does not yet exist. Also, in a longitudinal project it would mistakenly return a survey link for a record that has not been created in a given arm when an event_id from that arm has been passed as a parameter in the method, and if the link was used by a respondent, it would create the record in the other arm. In these situations, it should instead return NULL.Version 6.10.3 - (released 12/18/2015)Small security fix: When a table-based user would reset their password, the password value would mistakenly be displayed on the page (although invisible) for a fraction of a second before the page immediately redirected elsewhere once the page loaded.Bug fix: Small issue with PHP autoload function that only affects specific PHP configurations, in which it would throw a fatal PHP error when attempting to install REDCap.Bug fix: If a user has some kind of Data Export privileges but does not have?Add/Edit??Reports privileges, when the user navigates to the "Data Exports, Reports, and Stats" page, it mistakenly displays a blank page and thus will not let them view a report or export data. Bug fix: The Field Note text of certain left-aligned fields (e.g. Notes fields) when displayed on surveys or forms would mistakenly begin wrapping their text to the next line after only going halfway across the webpage. Field Notes now extend to the full width of their column in the question table.Version 6.10.2 - (released 12/04/2015)New LTS branch based off of 6.10.1 (Standard Release)Version 6.10.1 - (released 12/03/2015)??Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages throughout REDCap, in which these vulnerabilities could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft specific HTTP requests to such pages or can trick other authenticated users to navigate to specifically-crafted URLs.Change: Updated the Help & FAQ pageBug fix: When importing data via the API with the "returnContent" parameter set as "ids" in which the "format" (or "returnFormat") parameter is set as "json", then it would mistakenly not put quotes around non-numerical record names that are returned in the API's response. Also, it would mistakenly not escape certain characters in the record names if the response is returned as "json" or "csv" for the "format" (or "returnFormat") parameter.Version 6.10.0 - (released 11/25/2015)NEW FEATURES & IMPROVEMENTS:New feature: Project FoldersProject Folders are a way for users to organize the projects on their My Projects page by putting them into groups. The folder can be given a name and can be color-coded (by setting a text color and background color) so that it displays boldly in the My Projects page.Once a folder has been created, the user can assign any number of projects to a folder (and can even assign a single project to multiple folders). This allows the projects to be grouped together under that folder when displayed on the user’s My Projects page.Project Folders are for personel organization, so no one else can see a user’s folders (except for REDCap administrators when viewing the user’s projects on the Browse Projects page in the Control Center).New feature: Survey themes3 new options were added to the Survey Settings page for any given survey (accessed via the Online Designer):Size of survey text – Set the survey text to a bigger font size (Normal, Large, or Very Large).Font of survey text – Set the font family of all the text displayed on the survey (Arial, Georgia, Tahoma, and more).Survey theme – Set the color scheme for the survey. There are 10 predefined themes available that users may use, but if they do not prefer them, users can easily click the Customize button to customize the color scheme of the survey any way they want, in which it will open up 8 different options for modifying the colors of various elements in the survey. Also, users may create their own custom survey theme to save the theme with a specified name, after which they may easily use it their saved theme in the future for another survey.A “survey design preview” box is displayed on the Survey Settings page so that the user can see how their survey design choices will make their survey look to respondents.Create institution-specific themes: REDCap administrators with access to their MySQL database can create their own installation-specific themes by adding them to the redcap_surveys_themes database table (add new row to the table with NULL value for “ui_id” field). The easiest way to do this is to create a new theme on the Survey Settings page in a project and save that customized theme, and then find that theme in the redcap_surveys_themes database table and set its ui_id value as NULL, after which it will appear for all users as an official REDCap survey theme in the theme drop-down list.New feature: A project's Survey Invitation Log is now downloadable in CSV format.Improvement: On the Define My Events page in a longitudinal project, it no longer displays the Days Offset and Offset Range columns in the events table if the Scheduling module is not enabled for the project. Since those columns are only utilized during scheduling, this provides a simpler and less confusing interface for users when scheduling is not being used. When creating a new event in this case, the event name is the only thing that needs to be provided, after which the order of that event or any event in the current arm can be change using drag-n-drop by dragging that event's row in the table.Improvement: New styling options were added to the rich text editor for survey instructions and survey completion text, such as setting text color and background color, inserting tables, copy-paste options, and indentation options.BUG FIXES & OTHER CHANGES:Major bug fix: For surveys that have the survey option "Allow respondents to return and modify completed responses?" enabled for a multi-page survey, then some responses might appear to be completed (i.e., they appear in the Completed Responses drop-down list of records) even though they have not truly been completed (they appear as "[not completed]" in the drop-down list). This fix will retroactively fix the existing records and will also prevent this issue from occurring in the future.Improvement: If using Two-Factor Authentication with the Twilio SMS/phone option enabled, then the Table-based User Management page in the Control Center will now allow administrators to include a user's "Expiration time for 2-step login code" in the CSV upload file when creating user accounts in bulk.Improvement: Better handling of memory on the web server in order to prevent large data exports and large reports from hitting a memory limit.Improvement: The Survey Queue now displays better on mobile devices.Improvement: If a survey participant has added or modified any data on a survey page and then attempts to exit the survey by closing their browser or browser tab before saving their changes, it will now display the "Save your changes?" prompt in a similar fashion to the prompt that is currently displayed when exiting a data entry form prematurely.Improvement: The hook/plugin method REDCap::logEvent() now accepts a new optional parameter $project_id that can be used to specify the project for which the event should be logged when in a system-level context or alternatively to specify the project_id for another project when in a project-level context.Change: In the "Edit Field" popup on the Online Designer, the Field Annotation box has been moved over to the bottom left of the popup dialog to distinguish it more from the Field Note box while at the same time helping to keep the popup itself more compact for most field types.Bug fix: The <tbody> HTML tag was mistakenly not whitelisted as a safe HTML tag to utilize in field labels, survey instructions, etc. This would inadvertently cause the tag to get HTML-escaped and thus get displayed to the user on the page.Bug fix: When viewing the "Data History" popup for a File Upload field on a data entry page, it would mistakenly not display the logged event(s) where a file was uploaded for that field. Bug fix: When using the Twilio telephony services and using the designated phone field for survey invitations, it would mistakenly not display the participant's phone number on the Survey Invitation Log. Also, it would not allow users to click on the "Responded?" icon in the Participant List in order to view the response on the data entry form.Bug fix: When using the hook/plugin method REDCap::logEvent() in a hook, it would mistakenly not display correctly on a project's Logging page. Bug fix: If a user is attempting to import date or datetime fields (either via API or Data Import Tool) that are not in the specified date format, it would return a slightly incorrect error message, in which it would not mention that date or datetime fields can also be imported in Y-M-D format.Bug fix: If there exist two or more adjacent Text fields on a survey or data entry form, in which those Text fields have some form of field validation with min/max range validation, then there is the possibility that if the validation error message gets displayed for a field and then later gets displayed again for another field below it, it may mistakenly display multiple popup messages on top of each other so that it makes it impossible for the user to close them all. This can result in the inability to return to data entry on the page, thus forcing the user to have to reload the page, possibly losing any data entered. Change: When setting up a new Automated Survey Invitation, the checkbox option "Ensure logic is still true before sending invitation?" is no longer checked by default since it could unwittingly cause confusion or issues in certain use cases when users simply left it checked.Change: When importing data in CSV format via API or Data Import Tool, all blank rows will now be ignored instead of returning an error. This is to avoid the common mistake by users of leaving some lines as blank in the CSV file since most users assume the blank line would be ignored anyway.Bug fix: If a user purposefully injects HTML tags into a survey's title for styling purposes, then those tags would mistakenly get displayed literally (e.g. "<b>My Survey Title</b>") in certain places in the project, such as the survey list in the Participant List, Survey Invitation Log, and Survey Queue.Version 6.9.7 - (released 11/13/2015)Major bug fix: When importing data into a project via the API or Data Import Tool, if any of the fields being imported were used in a calculated field's equation, then it would mistakenly not perform an auto-calculation and save the calculated field value if the record being imported did not already exist in the project prior to the import. The auto-calculations would, however, work correctly for any existing records that had values imported. Major bug fix: If the @NOW or @TODAY action tags are being utilized on a Text field that has no field validation, then if that field comes after another Text field having date or datetime validation and also has MDY or DMY date format, then the field with the @NOW or @TODAY action tag will mistakenly have its value displayed in the date format of the nearest date/datetime field displayed above it. It should instead be displaying the value in YMD date format when using the @NOW or @TODAY action tags on a field that has no validation.Bug fix: When executing an API request in the API Playground for particular web server configurations, it would mistakenly not return anything from the request with an HTTP status code of "0".Bug fix: If executing Rule F on the Data Quality page, it may mistakenly provide false positives in the discrepancy list that is returned. In particular, this would occur if a field had branching logic that referenced a checkbox field that had no values saved (was left all unchecked) for a given record.Bug fix: When using the REDCap::getData() method in a plugin or hook, if the parameter $combine_checkbox_values is set to TRUE and $exportAsLabels is also set to TRUE, then it would mistakenly not export the multiple choice option labels correctly for checkbox fields if more than one checkbox was being returned. In the case of multiple checkboxes being returned, it would inadvertently use the checkbox option labels from another checkbox field rather than the option labels for that field itself.Bug fix: An error would mistakenly be displayed if a user attempted to use the Send-It module to send a file to a person having an email address that contains an apostrophe, and thus it would prevent the user from sending a file to that person.Bug fix: When creating or editing a report in a project and using a multi-select drop-down (e.g. when using a filter for filtering events or data access groups), it would not always be possible to deselect an option in the multi-select once the option had already been selected. Improvement: Less erratic behavior of the Project Notes popup on the My Projects page when a user moves their cursor over a project that has some text defined for its Project Notes.Bug fix: In certain PDF exports of a data collection instrument, multiple pages of the instrument might mistakenly overlap on a single page in the PDF. This is often caused when branching logic is used on the instrument, in which an entire section of the instrument must be hidden.Bug fix: When editing the record ID in the Online Designer, it would mistakenly not display the Field Note option to allow the user to add/edit the Field Note for the record ID field.Bug fix: If a user steps away from their computer/device when logged into REDCap, after which the autologout time elapses, then even though the automatic logout alert popup displays on the page saying that the user has been logged out, sensitive data may still be visible momentarily on the page underneath the popup after the user clicks the "Log In" button. This was supposed fixed in version 6.9.5, but was only partially fixed. Version 6.9.6 - (released 11/06/2015)Bug fix: If a user creates a record that contains a double space in the middle of the record name, then if someone uploads a file for a File Upload field or saves a signature for a Signature field on a form or survey, it would mistakenly create another record containing only that uploaded file/signature in which the new duplicate record will contain a single space in its record name rather than a double space. However, when viewed in most places in the project (e.g. Record Status Dashboard), the two record names will appear identical when viewed next to each other, thus causing even more confusion about how a duplicate record exists and how it was created.Bug fix: If the Field Label of a field contained a line break when the field is right-aligned, the PDF export of the instrument might mistakenly display strange rectangle characters in place of the line breaks.Bug fix: In certain PDF exports of a data collection instrument, multiple pages of the instrument might mistakenly overlap on a single page in the PDF. This is often caused when branching logic is used on the instrument, in which an entire section of the instrument must be hidden.Bug fix: In some projects that utilize the public survey option together with the designated email field option, it might mistakenly display blank values for each participant in the participant list of the first survey in the project when it should display the email addresses.Bug fix: If utilizing the randomization module in a project, if using a strata field in the randomization process, in which the strata field is a drop-down field with the auto-complete option enabled, then if that field already has a value saved for it prior to the randomization of a record and also the strata field exists on the same instrument as the randomization field, then it would mistakenly display the value of the field twice in its auto-complete text box inside the randomization popup. This would prevent the record from being randomized because the user's cursor would get forever stuck in the strata field's text box and thus cause the user to have to refresh the page.Bug fix: When using the @LATITUDE or @LONGITUDE action tag, it would mistakenly display the "Save your changes" prompt when leaving the data entry form even though the latitude/longitude value did not change on that page but were saved when the form was loaded previously. This would not affect data but might be confusing to the user.Version 6.9.5 - (released 10/27/2015)Improvement: New action tag @BARCODE-APP - Allows the REDCap Mobile App to capture the value of a barcode or QR code by scanning it with the device's camera. NOTE: For use only in the REDCap Mobile App.Major security vulnerability: It was discovered that SQL Injection might be possible on certain authenticated pages as well as via the API if a malicious user knows how to send a specifically-crafted request to REDCap to exploit the vulnerability.Major bug fix: If a field's variable name somehow contains a double underscore, which should not be allowed, and then after the project is in production, a user modifies the field in Draft Mode via the Online Designer, there is a chance that it may replace the double underscore in the variable name with a single underscore, thus mistakenly renaming the variable and causing data to get orphaned as if the original field had been deleted. Bug fix: If a user in a project has been set to receive email notifications whenever a participant has completed a survey, they would still mistakenly receive the emails even if the user was suspended from REDCap.Bug fix: The R code that is automatically generated for a given API method in the API Playground module has a small error when defining the URI for the API request.Bug fix: Small typo fixed on the Project Setup page. Bug fix: If a user steps away from their computer/device when logged into REDCap, after which the autologout time elapses, then even though the automatic logout alert popup displays on the page saying that the user has been logged out, sensitive data may still be visible on the page underneath the popup. Bug fix: If a survey invitation has been scheduled for an existing record but then the invitation was deleted via the Survey Invitation Log, then it would still mistakenly display the timestamp of the deleted invitation at the top of the data entry form for that record. Change: The API is now more strict with regard to the validation of API tokens sent in API requests. In previous versions, if the token was longer than 32 characters, it would truncate the token to 32 characters (which is the expected length). It no longer truncates the token if longer than expected but merely returns an error message.Minor security fix: A page in the Control Center was found to be susceptible to SQL injection if a super user was tricked into following a custom-created URL by a malicious user. However, the likelihood of occurrence is low and the difficulty is high.Bug fix: If the API is returning an error message in JSON format, some messages might mistakenly not get JSON-encoded correctly. Bug fix: If a user does not have "Create Record" user privileges, then it would mistakenly display the "Add new record" button on the data entry form in a project with record auto-numbering enabled. However, it would not allow them to create a new record, so at worst, this would merely cause confusion to the user. Bug fix: The data dictionary upload page would mistakenly allow variable names containing a double underscore, even though the Online Designer would prevent it. It now replaces any double underscores with single underscores.Bug fix: In some random cases when loading a CAT survey, it would mistakenly attempt to determine if the page should be skipped based upon branching logic. Since it should never check this for CATs, it now ensures that it skips that logic check, which makes the survey page load much faster for those affected.Change: The "Brief Overview" video was updated.Bug fix: In the downloaded PDF export of an instrument, it would not display Field Notes correctly for Notes fields and Signature fields, in which it might run off the page or not display at all, either due to field type and custom alignment values. Bug fix: PDFs containing Japanese or Chinese characters (when project encoding is set to Japanese or Chinese) would not get rendered correctly and would basically be unable.Bug fix: When copying an instrument in a project using the "Copy" button in the instrument list in the Online Designer, it would mistakenly remove any non-Latin characters that were entered for the new instrument name.Bug fix: The API Playground would not be able to send API requests successfully if the REDCap server was using a proxy server for outbound web requests.Bug fix: The "Submit Changes for Review" button on the Online Designer when in Draft Mode would not display correctly for certain languages (e.g., French).Bug fix: When using the Dynamic Data Pull (DDP) module, clicking the "Remove unused DDP data" button on the Other Functionality page would mistakenly not get logged properly.Bug fix: When upgrading from version 5.X, if any fields in a report have a "not =" operator with a blank limiter value, then that limiter would mistakenly get lost and not migrated into the version 6.X report format.Bug fix: If the Dynamic Data Pull (DDP) module is enabled, then the System Statistics page in the Control Center might mistakenly report incorrect DDP stats, in which they might be overinflated.Version 6.9.4 - (released 10/06/2015)Bug fix: The "All custom" button at the top of the rules table in the Data Quality module would mistakenly not work and would display an incorrect error message when clicked.Bug fix: When using the datediff() function in a custom data quality rule in the Data Quality module, if a record is missing a value for one of the dates used in the datediff() function in the DQ rule, it will mistakenly get returned as a discrepancy when in fact it should not return it as a discrepancy. This does not appear to affect any other advanced functions but only datediff() and only when used in the Data Quality module.Bug fix: The floating table headers that appear on some pages (e.g. reports) would mistakenly appear on top of a dialog popup that would later be opened on the page.Bug fix: If HTML tags are used in the record ID field' Field Label in a project, then it would mistakenly display those tags as visible on the Record Status Dashboard table and (if a longitudinal project) also on the event grid after a record has been chosen.Bug fix: If a survey expiration time was set for a survey, then if a user reopened the survey settings page afterward and pressed Save, it would mistakenly lose the time portion of the expiration date/time, which might prevent the survey from being expired at the exact desired time. Bug emerged in version 6.9.0.If the Mcrypt PHP extension has not been installed on the REDCap web server, then the Stats & Charts page for reports would mistakenly not display correctly if the report contains any filters. The report would instead display plots representing *all* records in the project rather than just the records after applying the filter. Change: Since the REDCap Mobile App is now available on the Amazon Appstore for Android, a link was added on the REDCap Mobile App page in each project to download the mobile app from the Amazon Appstore.Bug fix: If a super user is on the Manage All Project Tokens section of the API page in a project or on the API Tokens page in the Control Center, if a user's username contains either a period/dot (.) or an "at" sign (@), then the Last Used column for that user will mistakenly never display the timestamp but will continually say "Loading...".Bug fix: When using some non-English languages (specifically French) for a project's language, it might mistakenly not allow a production project to be moved to inactive status on the Other Functionality page because of a?JavaScript??error that occurs. Bug fix: When using the randomization module in a project and utilizing strata fields, if a user is randomizing a record on a data entry form in which one or more of the strata fields are a drop-down field with the auto-complete option enabled, then it would mistakenly not display the drop-down correctly in the randomization popup, thus preventing the user from performing randomization on the record. Version 6.9.3 - (released 09/25/2015)Improvement: When copying a project, it now displays a new option to copy "all project bookmarks" on the Copy Project page, thus allowing users to copy all project bookmarks in that project to the new project.Improvement: When copying a project, it will now automatically copy the values for "Custom text to display at top of Project Home page in project" and "Custom text to display at top of all Data Entry pages in project", which are only accessible for modification on the "Edit a Project's Settings" page in the Control Center.Minor security fix: A cross-site scripting vulnerability was found on the Install page that could possibly be exploited if a malicious user knows how to append certain characters into the web address for the page. However, the ability of a user to take advantage of this vulnerability is severely limited.Bug fix: If the user is creating a new record on a data entry form (i.e., record auto-numbering is not enabled), then after they place their cursor inside the text box to enter a new record name, it would mistakenly not allow them to remove their cursor in order to do something else on the page if they have not entered anything yet, in which the only way to get the cursor out of the text box is the refresh the page. Change: If a project's first instrument has been enabled as a survey, and then a user on the Online Designer drags/moves an instrument that has not been enabled as a survey into the front so that it becomes the new first instrument, previous REDCap versions would transfer the survey settings onto the new first instrument (which was not a survey instrument) and thus removing them from the survey instrument, which would then become a regular data entry form and no longer a survey. This was done to preserve the public survey link in case a user had already distributed the public survey link and would not want it to change. However, due to possible conflictions with newer features, in which this behavior could cause other major issues, it now no longer transfers the survey settings from the survey instrument to the non-survey instrument in this scenario but leaves them as-is (aside from moving their position in the instrument list).Change: Small aesthetic changes on survey pages to remove gray gradient background and borders to provide a flatter look.Change: The id or class names of certain elements on survey pages and data entry forms have changed. See the list below for both the old and new name of each element affected. This should only affect REDCap hooks that are referencing these elements via CSS or?JavaScript??to manipulate the page.The id of the main table housing all the survey questions: #form_table => #questiontableThe spans and divs that contain a multiple choice field's choice label (for both radios and checkboxes)Vertically-aligned .frmrd => .choicevertHorizontally-aligned .frmrdh => .choicehorizDiv containing "must provide value" text for required fields: .reqlbl => .requiredlabelTable that houses a slider field's labels (that sits above the slider): .sldrlbl => .sliderlabels"Reset" links for radio buttons: .cclink => .smalllinkMatrix header row: .matrixHdrs => .headermatrixField labels for matrix fields: .label_matrix =>.labelmatrixQuestion number (surveys only): .quesnum => .questionnumQuestion number for matrix fields (surveys only): .quesnummtxchk => .questionnummatrixThe div just inside the body tag has changed from #outer to #pagecontainerThe div that contains the survey instructions was changed from #surveyinstr to #surveyinstructionsChange: When a super user is adding/editing a bookmark on the Project Bookmark page in a project and selecting "REDCap Project" as the Link Type, it will now display in the project drop-down list the projects belonging to all the users in that project. Whereas in previous versions, super users would only see their own projects. Bug fix: If a project using the randomization module has the randomization field set as "required" and also has?Left/Vertical??or?Left/Horizontal??custom alignment, then the red "*must provide value" label for the field as displayed on the survey page or data entry form would mistakenly not display correctly but get appended as black text onto the end of the Field Label.Bug fix: The plugin/hook documentation for the REDCap::saveData() method's dateFormat parameter is incorrect and mistakenly refers to something completely different.Bug fix: When tabbing through fields on a data entry form or survey, it might mistakenly skip over some fields and put the cursor on links or images on the page. Bug introduced in version 6.9.2.Bug fix: If a user's project has drafted changes that are currently awaiting approval by an administrator, the user could mistakenly still upload a data dictionary before the administrator has reviewed and approved the changes. This would not cause any data loss but could cause confusion as to how the user made field changes while the project was in review.Version 6.9.2 - (released 09/21/2015)Major bug fix: If Automated Survey Invitations had been set to be triggered via conditional logic based upon the changes of data values, then the ASIs would mistakenly not get triggered when they should during an API data import. This issue would not manifest when importing data via the Data Import Tool page but only via the API data import method. Improvement: New configuration setting added to File Upload Settings page in Control Center if using AWS S3 storage for file storage, in which you can now manually set the AWS endpoint URL. In previous versions, it only allowed the endpoint to be "s3.", which now only works for U.S. East region of AWS. This allows you to manually set the endpoint if you are using a different AWS region.Improvement: When viewing a data entry form where the instrument has been enabled as a survey, it will now display the "Save and Mark Response as Complete" button if the survey has not been started yet (i.e., on the survey page), thus allowing the user to mark it as complete without even having to open the survey page. In previous versions, users would only see that button as a valid option once the survey had at least been partially completed via the survey page.Improvement: When exporting a survey's participant list to CSV file, it now includes the record name of the respondent if it corresponds to an existing record and if it is identifiable (i.e., if the participant has a Participant Identifier defined or if the designated survey email field has been enabled).Improvement: When using the REDCap::getParticipantList() plugin/hook method for obtaining a survey's participant list, it now includes the record name of the respondent if it corresponds to an existing record and if it is identifiable (i.e., if the participant has a Participant Identifier defined or if the designated survey email field has been enabled).Improvement: When viewing the Compose Survey Invitations popup on the Participant List page, it now displays the total count of all participants that have been selected in that popup to be invited to take the survey.Bug fix: When a project has record auto-numbering enabled and a user opens a data entry form to create a new record, instead of clicking one of the Save buttons on the page, the user clicks another form on the left-hand menu, after which if they click the "Save changes and leave" option, it will redirect them to the desired form but will advance to the next record number as if they are going to create a new record on that form. In this way, they unwittingly navigate off of the record they just created, which could be confusing and could cause new records to get inadvertently created when they shouldn't. Change: The jQuery and jQueryUI libraries inside REDCap were upgraded to version 1.11 since the existing ones were outdated.Bug fix: If using the Real Time Execution feature for a Data Quality rule, in which it determines on a data entry form that a DQ rule was violated while at the same time a required field was left empty/blank on the form after clicking a Save button, it would only display the "Some fields are required!" popup and would mistakenly not display the "Data Quality rules were violated!" popup, which could cause some confusion and might accidentally cause a user to not be aware of a DQ rule that was violated. It has been changed so that if both issues occur at the same time, it will now display both popups at the same time on the page so that the user is aware of them both.Bug fix: When utilizing Automated Survey Invitations in a project in which an ASI has the option "Ensure logic is still true before sending invitation?" enabled and the ASI is using only conditional logic as the Condition in Step 2 and *not* basing it off of whether a survey has been completed, then it would mistakenly display empty duplicate rows in the Survey Invitation Log. Note: This would not affect how or when survey invitations were sent.Bug fix: The tabs on the File Repository page in a project would not display correctly on certain occasions.Bug fix: If the Double Data Entry module is enabled for a project, then the correct form status icons will mistakenly not display correctly on the Record Status Dashboard for DDE user 1 or 2, but instead it will only display gray icons for all forms/records. Bug fix: An SQL query that would get executed after a user logged in might be really slow for some server configurations. It has been optimized to reduce any slowness.Bug fix: When downloading a PDF of a data entry form with data, in which all the field's in a section are hidden by branching logic, it might mistakenly display the section header for that section in the PDF instead of hiding it if the section would have spilled over onto the next page if it would have been displayed.Bug fix: If a drop-down field on a survey or data entry form has a very long choice label, then the drop-down would mistakenly spill out of the table and could crowd other fields and text on the page, thus distorting the whole form/survey.Version 6.9.1 - (released 09/14/2015)Bug fix: Duplicate rows mistakenly appear in a survey's participant list when records are created via data entry form or via data import and when more than one person then goes to view the participant list at the exact same time. This can cause a race condition, which generates duplicate rows in the back-end database tables for each record being populated in the table. There is unfortunately no way to fix the duplicates retroactively except by exporting all data in the project, then erasing all records, and then re-importing all the exported data.Bug fix: If the "redcap_save_record" hook function is being used on a survey, in which the hook will redirect the page or stop page execution while at the same time a survey question that is required has not had a value entered, then it will mistakenly not set the survey response as being partially completed but leave it as if the survey had not been started yet.Change: Replaced TTS- as the third-party service used for the text-to-speech feature on surveys since that service has ceased to function for unknown reasons, thus making it no longer viable for use in REDCap. It has now been replaced by a service hosted by Vanderbilt at??, which utilizes the AT&T Text To Speech API service. Note: This service hosted by Vanderbilt does not store any of the text sent to it in any way.Version 6.9.0 - (released 09/08/2015)NEW FEATURES & IMPROVEMENTS:New hook function: redcap_project_home_page - Allows custom actions to be performed on the "Project Home" page in a projectNew feature: API Playground - The API Playground is an interface that allows experimentation with the REDCap API without actually writing any code. Users can explore all the different API methods and their various options to customize a given API request. Users may even execute a real API request and see the exact response that REDCap returns from the request.New action tags@LATITUDE - Allows a Text field to capture the latitude of the user, in which the user will be prompted on the webpage to allow or deny this. Once the value is captured, it will not be changed when visiting the page at a later time.@LONGITUDE - Allows a Text field to capture the longitude of the user, in which the user will be prompted on the webpage to allow or deny this. Once the value is captured, it will not be changed when visiting the page at a later time.@PASSWORDMASK - Masks the value of a Text field so that the true value is not visible on the webpage after it has been entered (like password fields on login pages).@HIDDEN-APP - Hides the field only on the form ONLY on the REDCap Mobile App. Field will stay hidden even if branching logic attempts to make it visible.@READONLY-APP - Makes the field read-only (i.e., disabled) on the form ONLY on the REDCap Mobile App so that its value cannot be changed.@NOW - Automatically provides the user's current time as the value of a Text when the page is loaded. Once the value is captured, it will not be changed when visiting the page at a later time. If the field has validation, the value will conform to the date/time format of the field.@TODAY - Automatically provides the user's current date as the value of a Text when the page is loaded. Once the value is captured, it will not be changed when visiting the page at a later time. If the field has validation, the value will conform to the date/time format of the field.Improvement: New look for API DocumentationImprovement: Numbered lists and bullet lists (i.e., <ol>, <ul>, and <li> tags) can now be used in field labels, survey instructions, etc.Improvement: Much better search utility on Browse Users page in the user list popup to allow administrators to search a user by a specific user attribute or by all user attributes. Also, the list is now exportable in CSV format. Additionally, columns for the time of suspension and expiration date are now listed in the user list.Improvement: If using a proxy server for outgoing HTTP requests, REDCap now supports proxies that require authentication via username and password. On the General Configuration page in the Control Center, you can now enter the proxy username and password.Improvement: On the REDCap main Home page (not the Project Home page), you may now provide a URL that gets linked at the end of the last sentence "If you require assistance or have any questions about REDCap, please contact..." rather than a mailto link to the home page contact email. This is useful if you have a ticket system (or something similar) at your institution that you would prefer to link to on the Home page rather than an email account. The URL can be set on the Home Page Settings page in the Control Center and is completely optional.BUG FIXES & OTHER CHANGES:Medium security fix: The Password Recovery page, which is only available if using Table-based authentication, was found to have a Blind SQL Injection vulnerability that could be exploited if a malicious user sends a specially crafted request to that page to spoof certain client values that REDCap receives in the request.Change: The user list popup on the Browse Users page no longer displays the column "Active User?" because this designation was confusing and not very helpful because all it implied was that the user had a first activity timestamp, which merely means that (for most installations) the user had logged in to REDCap at least once.Change: Now compatible with PHP 7, which is to have its first stable release near the end of 2015.Change: When using the Survey Login feature in a project, it will no longer allow the record ID field to be used as a survey login field if record auto-numbering is enabled in the project for security reasons.Bug fix: When a user is viewing a project-level plugin, it would mistakenly display the auto-logout popup after being on the page for 3 minutes and would tell them that their session has expired, even thought it had not. Also, it would sometimes mistakenly display an error popup if the user attempted to click a project bookmark on the right-hand menu while viewing a project-level plugin, thus preventing them from navigating to the bookmark page.Bug fix: The cron job that resets any survey invitations that are stuck in limbo because they did not get sent properly (due to cron crashing, etc.) was mistakenly sending invitations that were weeks or months old, thus often useless to be received by that participant at that point. The cron job now only resets any invitations that have been stuck for less than one week.Bug fix: If any survey invitations were sent from the data entry form for a record (rather than via the Participant List) on a version of REDCap before v6.5.0, then the invitations would mistakenly no longer display in the Survey Invitation Log after upgrading to v6.5.0 or higher.Bug fix: When using the Twilio telephony services in a project with multiple surveys, in which the user attempts to modify a participant's Invitation Preference on the Participant List for any survey/event, it mistakenly would not apply the desired invitation preference to every survey/event, thus forcing the user to have to set the preference for each survey/event in order to work correctly.Bug fix: If data is being piped into the option of a drop-down field on a survey page or data entry form, then it would mistakenly not get updated if a user on that page changed the value of a field whose value is being piped into a drop-down option. Instead it would pipe into the drop-down only data values that had already been saved prior to loading the page.Bug fix: Calculated fields may mistakenly throw an error on a survey or data entry form if multiple round() and multiple if() statements are nested together in the calculation.Bug fix: The Participant Identifier of a given participant in a survey's participant list would mistakenly not be editable after the participant had started or completed the survey if the identifier was not blank. For privacy reasons, users are prevented from adding an identifier to a participant if the identifier was originally left blank, but it should allow it to be editable (either before or after taking the survey) if not blank. This fix will now allow the identifier to be editable at any time if the identifier is not blank. Bug fix: If using Twilio telephony services for two-factor authentication or for survey functionality, some voice calls or SMS messages might fail to send to certain international phone numbers that resemble U.S. phone number format - i.e., 10 digits long without a "1" at the beginning. Bug fix: If the randomization module is enabled and set up for a classic project and then the user converts the project into a longitudinal project, then the Randomize button will mistakenly not appear on the data entry form but instead display a the randomization field as a disabled field. Bug fix: When viewing the Compose Survey Invitations popup for a survey's participant list, it would note that the participants being displayed in the popup are "those who have not responded" (assuming that the option "Allow respondents to return and modify completed responses?" has not been enabled), which is confusing because the list does include those who have partially responded. To prevent confusion, the text has been changed to "those who have not responded completely" to signify that partial responses are included. Bug fix: On certain random occasions where a record was mistakenly saved with a blank record name, in which the record would then get orphaned and become inaccessible on the front-end web application, if that blank record were somehow assigned to a Data Access Group, the Data Access Groups page would mistakenly include it in the count of records for each DAG, even though the blank record is not viewable or accessible anywhere else.Version 6.8.2 - (released 08/26/2015)Improvement: If utilizing the Dynamic Data Pull (DDP) module, the following two counts have been added to the DDP section of the Control Center's "System Statistics" page under the section "Project attributes (all projects)": "Total adjudicated data values imported via DDP" and "Projects with at least one data value adjudicated via DDP".Major bug fix: If importing data via the API in XML format, then the import will mistakenly not be successful if only one record is being imported in that request. However, if multiple records are being imported in XML format in the same request, the issue does not occur.Improvement/change: The HTML tags <sub> and <sup> are now allowed in Field Labels, Field Notes, Survey Invitation Text, and all other user-defined text that gets displayed somewhere.Bug fix: The Twilio telephony services for surveys might not successfully send SMS messages to or successfully make phone calls to some non-U.S. phone numbers.Bug fix: The Twilio option for Two-Factor Authentication might not successfully send SMS messages to or successfully make phone calls to some non-U.S. phone numbers.Bug fix: When using calculated fields in longitudinal projects, a processing bottle-neck was discovered that was causing unnecessary slowdown when performing auto-calculations when a user clicked the Save button on a data entry form or survey page. This fix allows the page saving to be processed about 3x-10x faster than before.Bug fix: When using calculated fields that utilize cross-event calculations in longitudinal projects, it may have mistakenly not been performing the calculation for other events. Thus, some events containing calc fields with cross-event calculations may not have gotten their value saved. (Note: The values can be fixed retroactively by running Data Quality rule H.)Bug fix: When adding a filter field to a report, in which the field has some form of field validation (e.g., date_ymd, email), then if the user selects the operator to be "contains", "not contain", "starts with", or "ends with", then it would prevent the user from entering a value into the text field to the right unless the value entered adhered to the field validation format. For example, if a user selected "Email" as the filter field, then selected "contains" as the operator, and entered "" into the text box as the filter value, it would display the validation error message. Bug fix: The Twilio telephony services for surveys might not work successfully if using a proxy server in your web server configuration. Change: On a project's Logging page, it now displays "SYSTEM" in the user drop-down filter at the top of the page to allow users to filter by events performed automatically by the REDCap system, such as survey invitations being scheduled. In previous versions, the "SYSTEM" option was not available in the drop-down list of users.Bug fix: If on the User Access Dashboard page and click the Reset link at the bottom of the page, any selected radio buttons would not have their cell background changed back to green but would mistakenly be changed to a white background instead. Bug fix: When using the Survey Login feature on a CAT (computer adaptive test - e.g., PROMIS assessment), the questions on the survey page would mistakenly not be displayed at all.Bug fix: When a participant is taking a CAT (computer adaptive test - e.g., PROMIS assessment), it should be selecting the choice's radio button whenever the choice label text was clicked, but it was mistakenly not and required clicking on the radio button itself.Bug fix: In a project utilizing Data Access Groups, if a user does not have "View & Edit" permissions for any instrument in the project and also does not have "Create Record" privileges, then the user could still navigate to an instrument on a record and change the DAG assignment of the record. This could be done if the user changes the DAG selection drop-down on the instrument, in which the page will not allow them to click the Save button but it will mistakenly prompt them to save their changes if they attempt to click a link somewhere in order to navigate off the page. Bug fix: If a user clicked the "Lock all forms" or "Unlock all forms" link for a record in a project, it would mistakenly lock/unlock forms to which the user does not have form-level access. Bug fix: In a longitudinal project, if a record is created via the Scheduling module (rather than via form or survey), then the record would mistakenly not display on the Record Status Dashboard until some data was entered for it on a form or survey. Bug fix: When importing data via the Data Import Tool, even if no checkboxes are being imported, the import comparison table displayed on the page would mistakenly display some checkbox fields, although they would be ignored and would not cause any issues with the data import process. Bug emerged in version 6.8.0.Bug fix: If using a cross-event calculation for a calculated field on a data entry form or survey in a longitudinal project, in which a non-text field (e.g. drop-down, radio) used in the calculation has a negative value, then the calculation would mistakenly return a blank value instead of the correct calculated number. Bug fix: In longitudinal projects only, the "Total survey responses" count was mistakenly being displayed on a project's "Add/Edit Records" page when it should not have because it only refers to the first survey (even though it does not specify that) and also is not always accurate. Displaying the total survey response count made sense in version 5.X of REDCap, but it no longer makes sense after version 6.0, which allows for multiple surveys.Bug fix: When viewing a survey response on a data entry form, it notes at the top of the page all the users who have contributed to the response data, but it may mistakenly list users that contributed to other forms or surveys for the record but not necessarily that particular survey. This is now fixed for all survey responses collected hereafter. However, this issue is not able to be fixed retroactively for already completed responses. Bug fix: The survey auto-continue feature would mistakenly not get copied for surveys when copying a project. Bug fix: When clicking the Upload Document link for a File Upload field or when clicking the Add Signature link for a Signature field on a data entry form or survey, if data values are to be piped into the field's label inside the popup that is displayed, it would mistakenly only pipe saved values and would not pipe unsaved values that had been entered on the page.Version 6.8.1 - (released 08/14/2015)New feature: Administrators may disable the auto-calculation functionality for a given project on the "Edit a Project's Settings" page in the Control Center. If left as enabled (default), server-side auto-calculations (introduced in REDCap 6.3.0) will be performed for calc fields when data is imported (via Data Import Tool or API) or when saving a form/survey containing cross-form or cross-event calculations. If auto-calculations are disabled, then calculations will only be done after being performed via JavaScript (client-side) on the data entry form or survey page on which they are located, and they will not be done on data imports. Tip: This setting should *only* be disabled if the auto-calculations are causing excessive slowdown when saving data. If disabled, then some calculations might not get performed, and if so, must then be fixed with Data Quality rule H.Bug fix: The REDCap hook function "redcap_add_edit_records_page" was mistakenly not being called in longitudinal projects on the Add/Edit Records page but only in classic projects.Bug fix: If a Text field is utilizing the biomedical ontology auto-suggest feature and the user then downloads the data dictionary and later re-uploads the data dictionary, the page will mistakenly display a warning message that is intended to be for multiple choice fields only. It should not display a warning message at all. However, it does not prevent the user from uploading the data dictionary, but might cause some confusion.Bug fix: If two-factor authentication is enabled, in which the Google Authenticator option is used, it would mistakenly not display a user's Google Authenticator QR code on the My Profile page except only when the Twilio option is enabled (rather than if the Google Authenticator option is enabled).Version 6.8.0 - codename "Pfeffernüsse" (released 08/11/2015)NEW FEATURES & IMPROVEMENTS:New feature: Two-factor AuthenticationThis feature is optional and can be enabled on the "Security & Authentication" page in the Control Center. Enabling two-factor authentication (also known as 2-step login) can provide greater security with regard to users logging in to the system. While the standard login process consists of entering a username and password, two-factor authentication provides a second step after the initial login, such as entering a 6-digit verification code received via SMS text message, via email, or generated using the Google Authenticator app on their mobile device, or responding to a phone call or a push notification (for Duo app only).Administrators can choose one or more of the following options for users to log in via two-factor authentication on the REDCap login page:Email - A six-digit verification code will be emailed to the user.Google Authenticator app - A six-digit verification code can be obtained by the user in their Google Authenticator app. Before they can use this option, they must first go to their My Profile page and scan the QR code on that page in their Google Authenticator app to add their REDCap account to the app on their mobile device.SMS message via Twilio (connected to Twilio account at??) - A six-digit verification code will be sent via SMS text message to the user on their mobile device using the phone number provided on the user's My Profile page.Phone call via Twilio (connected to Twilio account at??) - A user's phone will ring, after which they will be asked to enter a number on their keypad to complete the login process.Duo (connected to Duo account at??) - Duo Security provides push notifications via their mobile app, as well as SMS and phone call options.Two-factor configuration settings:(Optional) Trusted IP range - You can enforce two-factor login on all users OR only enforce it on users with an IP address in a specific IP range. For example, if you know the IP ranges of computers at your institution, then you can enforce two factor only for users accessing REDCap from outside your institution. There is an additional checkbox option to allow you to easy include all private network IP addresses in the IP exceptions (10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255).(Optional) Authentication interval: Trust a device's two-factor login for X days - This optional setting, if enabled, will allow a user's 2-step login to be remembered and thus will allow them to only have to perform the 2-step login every X days, in which you can set the length of time.(Optional) Secondary authentication interval for specific IP address ranges - If desired, you can set an alternative authentication interval for devices in certain IP ranges. For example, you may want to set the interval to 30 days for users on a semi-secure network but set it to 1 day for users not on a secure network at all. You can set the interval to X days that the user's device will be trusted if within a given IP range.Project-level settings:Setting to exclude specific projects from 2-step login - On the Edit a Project's Settings page in the Control Center, you can exempt a project from 2-step login, which means that if any user has access to an exempt project, then they will *not* be prompted with the 2-step login when they initially log in, nor will they be prompted when entering the exempt project, but they *will* be prompted with the 2-step login if they attempt to enter a non-exempt project or their My Profile page (and if a super user, if they enter the Control Center). This setting may be used to exempt certain projects where the 2-step login would be very burdensome and/or costly for users.Setting to always force 2-step login on specific projects (even if the authentication interval is set) - For high-profile projects that might have very sensitive data, for example, this setting can be enabled so that even if the authentication interval is set to allow users to not have to perform the 2-step login for every session, if they enter a project with this setting enabled, they must *always* perform the 2-step login during their session before they can enter the project.User-level setting:Setting to modify the expiration time of the 2-step login verification code for SMS, email, and Google Authenticator options - In some cases where they might be a lag for a user to receive their 2-step login verification code, such as if sent via email and doesn't appear in their inbox for a long time. By default, the code expires after 2 minutes. But in cases where it may take longer to be received by the user, an administrator can increase the expiration time of the code up to 30 minutes for a given user on the Browse Users page in the Control Center.New developer methods for plugins/hooksREDCap::saveData - Saves record data for a project. Accepts data in the following formats: "csv", "json", "xml", and "array" (same array format as received from getData method with record name as 1st key, event_id as 2nd key, and field_name as 3rd key)REDCap::getDataDictionary - Returns a project's data dictionary in any of the following formats: "csv", "json", "xml", and "array"New hook functionsredcap_survey_page_top — Allows custom actions to be performed at the top of a survey page - exactly like redcap_survey_page but executed in a different locationredcap_data_entry_form_top — Allows custom actions to be performed at the top of a data entry form (excludes survey pages) - exactly like redcap_data_entry_form but executed in a different locationredcap_add_edit_records_page — Allows custom actions to be performed on the "Add/Edit Records" page in a projectImprovement: The Data Import Tool now has a new option "Allow blank values to overwrite existing saved values?" that allows users to choose if they want to perform a mass overwrite of saved values with blank values when importing data. By default, it will ignore all blank values in the uploaded CSV file (as it has always done).Improvement: If using the Twilio telephony services in a project, it will now detect (with fairly good accuracy) if a phone call is made to a survey participant in which an answering machine or voicemail answers the call instead of a person. In such a case, it will not begin speaking the survey text as it would to a person, but will instead leave the following message for the participant: "To take the survey, please call back at this phone number: XXX-XXX-XXXX."BUG FIXES & OTHER CHANGES:Major bug fix: If a user with "De-identified" export rights or "Remove all tagged Identifier fields" export rights performs a data export for Report B on the "Data Exports, Reports, and Stats" page, in which they leave the "All instruments" option selected in the Instruments multi-select list, it would mistakenly export ALL fields in the project and would not remove free-form text fields and identifier fields like it should.Major bug fix: On rare occasions when using Automated Survey Invitations for a survey, in which the option "Ensure logic is still true before sending invitation?" is enabled and the logic is fairly complex, survey invitations that have been scheduled might mistakenly be sent twice to the same participant.Minor security fix: A cross-site scripting vulnerability was found on the project Logging page that could possibly be exploited if a malicious user knows how to inject certain text into the "Reason for Data Change" text box when editing an existing record in a project that has the "Require a Reason" feature enabled.Minor security fix: A vulnerability could possibly be exploited if a malicious user knows how to execute some specific JavaScript calls on a data entry form where the Locking/E-signature feature is used, in which it would allow them to bypass the signing process of entering a correct username/password when e-signing a data entry form for a record. Also, using certain methods to manipulate page elements on a data entry form that has been locked, they could possibly execute some specific JavaScript calls that would allow them to unlock the form and make data changes even if the user does not have Record Locking privileges. NOTE FOR SHIBBOLETH USERS: If your institution is using a hack to modify the REDCap base code in order for e-signatures to work with Shibboleth, please be aware that this change *might* prevent your modifications from working.Bug fix: When using the Twilio telephony services in a longitudinal project where the first instrument is not used as a survey, it would throw an error whenever a user attempted to modify a participant's Invitation Preference on the Participant List for any survey/event.Bug fix: If a user clicks the "Delete data for this form only" button or clicks the "Delete data for this event only" button on a data entry form that has some required fields that have no values entered for them, it would mistakenly display the "Some fields are required!" popup to force the users to enter values for the required fields before it would let them delete the form's/event's data.Bug fix: When reviewing the drafted changes in a production project, it would mistakenly not display the Field Annotation column in the table of changes on that page. Bug fix: Incorrect text was used in the Twilio configuration popup for the "default invitation preference" option on the Project Setup page of a project.Bu fix: Incorrect text was used in the Twilio configuration step on the Project Setup page of a project. Change: The "Stats & Charts" section on the "Data Exports, Reports, and Stats" page no longer allows checkbox fields to be viewed as pie charts but only as bar charts. This is due to the fact that since checkboxes allow multiple values per field per record, the total counts/frequency can add up to higher than 100%, which is not compatible with the pie chart and thus causes it to display incorrect values.Change: If the Twilio SMS option is enabled for two-factor auth, then the My Profile page will display a "mobile phone number" field where they can enter their phone number, and then use it for two-factor login via SMS.Bug fix: If a project has the "Use surveys in this project?" setting enabled on the Project Setup page but does not have any instruments enabled as surveys, then when a data export is performed, it would mistakenly include the redcap_survey_identifier field in the syntax file for the stats packages but would appropriately not include that column in the CSV data export file. This would inevitably cause issues when attempting to import the data into a stats package, such as SPSS.Bug fix: If using the Twilio telephony services in a longitudinal project in which the first instrument was not enabled as a survey, then if a user attempted to change a survey participant's Invitation Preference in the Participant List, it would mistakenly not change it successfully.Bug fix: If using the Twilio telephony services in a project and sending out survey invitations for the participant to take the survey via phone call or SMS, in which one or more invitation reminders were set, then even though the participant would complete the survey, the reminders would still get sent to them afterwards (via SMS or phone call).Bug fix: If using the Twilio telephony services in a project in which records would be created via data entry form or data import (rather than via survey), then it would mistakenly not assign the record the correct default invitation preference as defined by the project's "Default invitation preference for new participants" setting in the Twilio configuration popup on the Project Setup page.Bug fix: After clicking the table headers of the user list on a project's User Rights page, it would no longer be possible to edit the rights of a user or role on the page by clicking a username or role name in the table until the page is reloaded. The Help & FAQ page was updated.Bug fix: When enabling the auto-complete feature for a drop-down field on an instrument, if any of the option labels contained an ampersand (&), less than character (<), or greater than character (>), it would mistakenly display the HTML character code version of those characters in the drop-down field rather than the literal character itself. (Bug emerged in version 6.7.0.)Bug fix: On the "Stats & Charts" tab of the "Data Exports, Reports, and Stats" page in a project, if a user clicks the "Show plots only" button, then it would mistakenly display the spinning circle image for text fields that have no data.Bug fix: When viewing the "Day" or "Week" tab on the Calendar module in a project, clicking the left-arrow icon or right-arrow icon would not advance to the prev/next day or prev/next week, respectively, but would always advance to the prev/next month, which is not intuitive and is confusing. Bug fix: If utilizing the randomization module in a project and trying to copy an instrument via the Copy option in "Choose action" drop-down on the Online Designer, if the randomization field or strata fields are located on the instrument being copied, it would mistakenly display an error message saying that the instrument could not be copied.Bug fix: If the REDCap page header was displayed on a REDCap plugin page or if the base.js JavaScript file was included on a plugin page, then it would mistakenly inject the redcap_csrf_token (Cross-Site Request Forgery token) onto all forms displayed on the plugin page and also inject it into all POST AJAX requests made via the jQuery $.post function on the plugin page. This might give the impression that REDCap provided CSRF protection on plugin pages when in fact it does not. The redcap_csrf_token value is now no longer injected into forms or in the $.post function on plugin pages.Bug fix: If a survey participant completes a survey that has the "Send confirmation email" setting enabled but the participant's email address has not yet been captured after having completed the survey, and if the Survey Queue is enabled for the project, then if the participant enters their email address on the survey acknowledgment page in order to receive their confirmation email, it would mistakenly display a popup message saying that the survey has not been set up yet, which is incorrect and confusing. Bug fix: When the Dynamic Data Pull (DDP) module is enabled in a longitudinal project, if a user selects some fields to be mapped to the external source system on the DDP Setup page, then it might mistakenly convert the last field on the page to a non-temporal field if it was a temporal field, which would prevent it from being mapped correctly on that page. (Ticket?#913)Bug fix: Users would mistakenly be allowed to archive a development project even if the setting "Allow normal users to move projects to production?" in the Control Center was set to "No". This would allow a user to archive a development project and then un-archive the project, which puts the project in production status, thus inadvertently bypassing the production approval process. If users are not allowed to move projects to production on their own and they attempt to archive a development project, it will now display a message letting them know that they can only archive production projects. Bug fix: If a user imports data via the Data Import Tool in which the record names contain UTF-8 characters but the imported file is encoded with ANSI encoding, it would mistakenly store the record names incorrectly (with a black diamond character being displayed on the page) during the import, which would prevent the records from being accessed or edited on a data entry form and thus prevent them from being deleted after having been imported. Change: If the setting "Require a 'reason' when making changes to existing records?" has been enabled for a project, it will now prompt the user for a reason if they attempt to delete a record via the Delete Record button on a data entry form. In previous versions, it only prompted for a reason whenever an existing record was changed and not when it was deleted.Bug fix: If the "Auto-continue to next survey" setting is enabled for a PROMIS CAT, it would mistakenly not auto-continue to the next survey instrument. Bug fix: If entering data on a survey or data entry form while using an Android device, fields with "Phone (North America)" validation would mysteriously have their value disappear immediately after it was entered, thus preventing the user from entering a value for the field.Version 6.7.5 (released 07/29/2015)Change: Replaced Google's Speech API with TTS- as the third-party service used for the text-to-speech feature on surveys since Google now enforces a captcha upon heavy use of that free API, thus making it no longer viable for use in REDCap. This also means that there will no longer be a language option for text-to-speech on surveys (the option will be hidden) since TTS- only works for English.Version 6.7.4 (released 07/27/2015)Medium security vulnerability: Several cross-site scripting vulnerabilities were found that could possibly be exploited if a malicious user knows how to inject certain text into an arm name or event name when creating/editing arms or events in a longitudinal project, in which this could execute malicious JavaScript on that page for other unwitting users.Medium security vulnerability: A Cross-site Request Forgery vulnerability was found that could possibly be exploited if a malicious user tricks an unwitting super user into navigating to a specially-crafted REDCap link that would could cause a specified suspended user to be unsuspended just by clicking the link.Version 6.7.3 (released 07/24/2015)Major bug fix: If a user is attempting to perform a data import via the Data Import Tool or API, in which one of the fields being imported is a drop-down field with auto-complete enabled, then it would mistakenly throw an error saying that the value was in an invalid format. Bug emerged in version 6.7.0. Major bug fix: When utilizing the Randomization module in a project, there is a very small possibility that when saving a data entry form for a record that has already been randomized, in which the form being saved contains the disabled randomization field, it mistakenly might be possible for the user to modify the randomization field's value after clicking the Save button before the form is officially saved.Bug fix: If the MySQL database server is set to use ANSI_QUOTES for the SQL_MODE setting, then it will mistakenly display the warning "YOUR REDCAP DATABASE STRUCTURE IS INCORRECT!" on the main Control Center page and on the Configuration Test page. Bug fix: When using the Twilio telephony services in a project and sending an SMS message to an invalid phone number, it would mistakenly not fail gracefully but would throw a fatal PHP error, which could result in crashing the cron job if the SMS was being sent via the invitation scheduler cron. This could result in other invitations not getting sent on time but a few hours late.Change: New cron job was added to fix any survey invitations that got stuck in 'SENDING' status but were never sent (due to server going offline unexpectedly, etc.).Bug fix: When a super user would view the Manage All Project Tokens tab on the API page in a project, it would mistakenly not display the table of project users and would throw a JavaScript error.Bug fix: The following features were mistakenly not enabled by default if performing a fresh install of version 6.7.X: Embedded video for Descriptive fields, Text-to-speech functionality for surveys, and BioPortal auto-suggest for Text fields. This upgrade will automatically turn them on.Bug fix: If a Text field is utilizing the biomedical ontology auto-suggest feature and the user then downloads the data dictionary and later re-uploads the data dictionary, the field will lose the ontology auto-suggest feature.Bug fix: If a Text field is utilizing the biomedical ontology auto-suggest feature, in which another field uses branching logic or calculations based upon that field, then the branching logic and/or calculations would not fire if a value was added to or removed from the field but would only fire when the page was later reloaded after being saved.Version 6.7.2 (released 07/16/2015)Major bug fix: When using the "Ensure logic is still true before sending invitation?" option for Automated Survey Invitations in a project, it might mistakenly prevent some survey invitations from getting scheduled whenever a record is updated via survey/data entry form or imported.Improvement: The Codebook page in a project now has branching logic icons next to each field so that when an icon is clicked it takes the user to the Online Designer and opens that field for editing its branching logic. This allows users to quickly make edits to fields' branching logic when viewing the Codebook. There also exists a "Return to Codebook" button at the top of the Online Designer to allow them to return back to the Codebook again.Bug fix: When clicking the pencil icon next to a field on the Codebook page in a project, it would mistakenly not open the matrix popup dialog on the Online Designer but would instead open the normal "Edit Field" popup, which could cause issues with the display of the matrix if the user changed anything in the "Edit Field" popup and then saved it. (Bug emerged in version 6.7.0.)Bug fix: If a drop-down field has the "auto-complete" feature enabled and a user on a data entry form tabs into or puts their cursor inside the drop-down's text box but then leaves the field without entering a value, then if the user clicked a link or button to navigate away from the form, it would mistakenly display the "Save your changes?" popup even though no values changed on the page.Bug fix: If some survey invitations with reminders have been scheduled in a project, then the Survey Invitation Log might display in incorrect count of the total invitations on that page, which could be very confusing to users. This only occurs when reminders exist.Bug fix: On the Record Status Dashboard page of a project that has Data Access Groups, if a user is not in a DAG and they select a DAG from the DAG drop-down at the top of the page, in which the DAG selected does not contain any records yet, then it would mistakenly display ALL the records in the project on the page and also mistakenly display the form status icon as gray for every form/record. In this case, it should instead display a table with no rows. (Bug emerged in version 6.7.1.)Bug fix: When using the Double Data Entry module in a project, DDE user?#1?or?#2?would mistakenly be able to view and edit events displayed in the Upcoming Calendar Events table at the bottom of the Project Home page for records that do not belong to them but belong to another DDE user. It now only shows the records that belong to the DDE user and properly displays the record number (i.e., removes the --# ending) in the calendar description.Version 6.7.1 (released 07/08/2015)Improvement: On the Record Status Dashboard page of a project that has Data Access Groups, if a user is not in a DAG, then they will see a new drop-down at the top of the page to filter the records by any given DAG. Also, it will remember their selection in case they return to that page later, in which the drop-down will be pre-selected with their last selection of it during that same REDCap session.Bug fix: If using Shibboleth authentication, then the biomedical ontology auto-suggest feature for Text fields will not work on survey pages (although it will work on data entry forms).Bug fix: Certain API requests (e.g., File Export method) would return a response that was not gzip compressed but would mistakenly include the header "Content-Encoding: gzip" in the response, which could confuse some clients and cause the request to fail in specific situations. The API now only returns that gzip header if the API response is truly gzip compressed.Improvement: Text fields with "Phone (North America)" validation now display the numeric keypad on iOS and Android devices instead of the QWERTY keyboard.Bug fix: If a user goes to remove another user from their project, it might mistakenly display a warning message that the user being removed has used the REDCap Mobile App and therefore might have some unsynced data on the app. It will do this if the user doing the removing has initialized the project in the mobile app - i.e., not the user that is selected for removal.Bug fix: When creating a Descriptive field on an instrument on the Online Designer and adding an inline YouTube video to that field, in certain web browsers the video frame might mistakenly be visible above any popups that open on the page, thus obscuring the contents of those popups.Bug fix: If a project is utilizing the auto-complete functionality for a drop-down field on a survey or data entry form, then it would mistakenly display the "invalid value!" error message if the user begin to type the answer and then clicked the answer in the list below it *only if* what had been typed thus far did not match any of the valid values from the drop-down.Version 6.7.0 - codename "Macaroon" (released 07/02/2015)NEW FEATURES & IMPROVEMENTS:New feature: Text-to-speech functionality for surveysCan be enabled on the Survey Settings page for any given survey. Once enabled for a survey, it will display a "speaker" icon next to all visible text. When the icon is clicked, it will audibly speak that text to the survey participant in their web browser. Participants can click the "Disable speech" button at the top of the survey to remove the icons if they do not wish to use the text-to-speech functionality, in which it will remember that preference if they return to another survey on that REDCap server in the future.Many different languages are supported, in which the text-to-speech service is capable of reading text in various languages. For example, if all the survey questions are in Spanish, you can choose Spanish to be the text-to-speech language, which will allow the service to read the text more accurately for that language. (Note: This feature does *not* perform translation.) The language setting is also on the Survey Settings page.Works on mobile devices when viewing the survey webpage in the mobile web view. However, the text-to-speech functionality is currently not supported in the REDCap Mobile App.This feature can be disabled at the system level on the Modules Configuration page in the Control Center.Note: This feature requires that your REDCap web server be able to make outbound HTTP requests to?? feature: Embedded videos for Descriptive fields - Users can embed an externally hosted video (e.g., YouTube, Vimeo) on a data entry form or survey page by simply providing the video URL (web address). The video can be displayed inline on the page, or it can instead be initially hidden but displayed after clicking a button. Any video can be set to full-screen mode, if desired.Works when viewed in a web browser on mobile devices.This feature can be disabled at the system level on the Modules Configuration page in the Control Center.Note: Video embedding is not currently supported in the REDCap Mobile App.New feature: Embedded audio for Descriptive fields - New option that will take an attached audio file (e.g., MP3, WAV) on a Descriptive field and display it in an embedded audio player on the data entry form or survey page.Works when viewed in a web browser on mobile devices.Note: Audio file embedding is not currently supported in the REDCap Mobile App.New feature: Action TagsAction Tags are special terms that begin with the '@' sign that can be placed inside a field's Field Annotation. Each action tag has a corresponding action that is performed for the field when displayed on data entry forms and survey pages. Such actions may include hiding or disabling a given field (either on a survey, data entry form, or both).Full list of all available action tags:@HIDDEN - Hides the field on both the survey page and the data entry form. Field will stay hidden even if branching logic attempts to make it visible.@HIDDEN-FORM - Hides the field only on the data entry form (i.e., not on the survey page). Field will stay hidden even if branching logic attempts to make it visible.@HIDDEN-SURVEY - Hides the field only on the survey page (i.e., not on the data entry form). Field will stay hidden even if branching logic attempts to make it visible.@READONLY - Makes the field read-only (i.e., disabled) on both the survey page and the data entry form so that its value cannot be changed.@ READONLY-FORM - Makes the field read-only (i.e., disabled) only on the data entry form (i.e., not on the survey page) so that its value cannot be changed.@ READONLY-SURVEY - Makes the field read-only (i.e., disabled) only on the survey page (i.e., not on the data entry form) so that its value cannot be changed.New feature: New auto-complete feature for drop-down fields and "sql" fieldsUsers can enable the auto-complete feature in the Online Designer for drop-down fields. (Note: Super users can also enable auto-complete for "sql" fields.) Auto-complete can also be enabled via the Data Dictionary by entering "autocomplete" in the validation column for "dropdown" and "sql" fields.The auto-complete feature transforms the drop-down into a combobox that still functions as a normal drop-down list but has the additional capability of employing a text search on the options in the drop-down in order to find an option much more quickly. Enabling the auto-complete feature is most useful when a drop-down list is very long with lots of options.Note: Even though users are able to hand-enter text into the text field when searching the autocomplete drop-down, it will not allow saving the value unless it is a valid option in the drop-down list.New feature: Enable searching within a biomedical ontology for text fields on a survey or data entry formAn ordinary text field on a survey or data entry form can have a special feature enabled that provides auto-complete functionality for real-time searching within biomedical ontologies, such as RxNorm, ICD-9, ICD-10, Snomed CT, LOINC, etc. There are over 400 ontologies available from which users may choose.This feature can be enabled for any given Text field in the Add/Edit Field popup in the Online Designer by simply choosing an ontology in the ontology drop-down list in the popup.This feature can be disabled at the system level on the Modules Configuration page in the Control Center.Note: This feature utilizes the BioPortal API web service (see documentation at??), and thus it requires that your REDCap web server be able to make outbound HTTP requests to?? feature: Auto-continue to next survey - Automatically start the next survey instrument after completing a survey.On the Survey Settings page for any survey instrument listed on the Online Designer, under the "Survey Termination Options" section, the user can enable the survey auto-continue setting so that when that survey has been completed, the participant will automatically be redirected to the next survey instrument (if any exist after that survey). If the next instrument is a data entry form that has not been enabled as a survey, then it will be skipped during this process.Linking surveys together is only supported inside the same event and must be enabled for each survey a user wishes to link. This feature allows users to have separate survey instruments strung together to appear as though they were a single survey to the participant. This is especially useful for complex longitudinal projects where different combinations of instruments are given in separate events. If enabled and this is the last survey, the selected termination option below will be used.NOTE: If users wish to utilize more advanced conditional logic to control which survey that the participant goes to next, they should use the Survey Queue feature, which can be enabled in the Online Designer.New feature: New Survey Base URL (alternative to REDCap base URL used only when constructing web addresses for surveys)This feature can be useful if you wish to use a different web address for surveys than for the web address where users normally log in to REDCap, such as if using a reverse-proxy server or separate web server for surveys.The survey base URL will only be used when constructing survey URLs (e.g., when sending invitations to survey participants, displaying a public survey link). For all other URLs in REDCap, the REDCap base URL will be used.This setting can be set on the General Configuration page in the Control Center immediately below the REDCap base URL setting.Improvement: Checkboxes and radio button fields on surveys and data entry forms can now be selected/checked by clicking the label text of the option rather than just clicking the checkbox or radio button itself. This makes it easier and more intuitive to select an option. (Note: This does not work on Internet Explorer 8 and earlier versions.)Improvement: The Codebook page in a project now has pencil icons next to each field so that when an icon is clicked it takes the user to the Online Designer and opens that field for editing. This allows users to quickly make edits to fields when viewing the Codebook. There also exists a "Return to Codebook" button at the top of the Online Designer to allow them to return back to the Codebook again.Improvement: Survey pages are now more compatible and better fitting to the screen when viewed on mobile devices.Improvement: New project-level attributes are now included in the "Export Project Information" API method. The following attributes were added: "project_irb_number", "project_grant_number", "project_pi_firstname", and "project_pi_lastname".BUG FIXES & OTHER CHANGES:Bug fix: When using the Twilio telephony features in a project, the language instructing users on how to disable the Twilio "Request Inspector" setting was outdated.Bug fix: When executing a rule in the Data Quality module using Internet Explorer 9, it would always mistakenly return zero discrepancies because of a bug in IE9 that would cause the record drop-down list not to load properly whenever the user loads that page.Bug fix: Help & FAQ page was updated to remove some inaccuraciesBug fix: When exporting a PDF of all forms/surveys with saved data in which an instrument ends with a matrix of fields, then on the instrument directly following that one, it might mistakenly mangle the text in the PDF and cause some fields or parts of fields to not get displayed (or not get displayed correctly) in the PDF.Bug fix: When using a min or max validation range for a date or datetime field on an instrument, if the value entered into the field was out of range, the error message displayed to the user would mistakenly represent the min/max values in Y-M-D formate when it should instead display them in the field's designated date format.Change: The "API Tokens" link on the Control Center's left-hand menu has been moved to the "Users" section of the menu (in previous versions it was under the "Dashboard" section).Bug fix: When using the Data Resolution Workflow in a project that also has Double Data Entry enabled,if a user is assigned as DDE person?#1?or?#2?and accesses the Resolve Issues page in the project, it will mistakenly not display the record names correctly. This will cause the issues to not be displayed correctly when the button is clicked, and the link to the data entry form would not be correct.Bug fix: When using the Double Data Entry module in a project in which a user is assigned as DDE person?#1?or?#2, the "Displaying record" drop-down list at the top of the Record Status Dashboard page might mistakenly display records that are not theirs. This only affects the display of the drop-down and not their access to any records.Bug fix: When viewing the "Stats & Charts" page of a report, it would mistakenly not display any Text fields with non-numerical field validation.Bug fix: If a value is manually hand-entered into a datetime or datetime_seconds field on a survey or data entry form and if a leading zero is not included as part of the hour component in the time (e.g., 2015-01-31 9:45), then it would mistakenly not add the leading zero before saving the value, which could cause some sorting issues on reports and possibly some data quality issues. It now makes sure that the hour component in the time gets padded with a "0" if it is only entered as one digit. Bug fix: When exporting the PDF of a survey or data entry form that contains a matrix of fields, on certain occasions some fields in the matrix might mistakenly not have any space vertically between them. There should be one blank line of space between matrix field labels in the PDF.Bug fix: If the first field on a data entry form is a radio button field, in which the cursor is automatically moved to that field when the form is loaded, it will mistakenly allow users to type values via their keyboard into the radio button field invisibly and will mistakenly save those values when the form is saved (even those the types values are not visible on the page), resulting in invalid data values being saved for that field. Bug fix: When using the Double Data Entry module in a project in which a user is assigned as DDE person?#1?or?#2, the "View or Edit Schedule" tab in the Scheduling module would mistakenly display records that are not theirs in the record drop-down list.Bug fix: If using filters in a report in which the filter value begins with "1-" (e.g., [study_id] = "1-35"), then it might mistakenly return a record named "1" in the report results (if record "1" exists) even if it record "1" should not be returned in the results.Bug fix: For any user-defined field labels or saved text where the text contains a < character followed immediately by anything other than >, =, or a number, it would mistakenly truncate the text at the < character if it was not the beginning of a valid HTML tag (e.g., "<this would be removed> and <-so would this"). Version 6.6.2 (released 06/17/2015)Improvement: When using the Twilio telephony services for SMS surveys and voice surveys, it now supports the Matrix Ranking functionality if enabled for a matrix of radio fields. It behaves by removing a matrix choice once it has already been used by a previous question in the matrix. And if the user attempts to enter an already used value, it will tell them that it is an invalid choice and to try again.Major bug fix: If the REDCap web server has the "short_open_tag" setting in PHP set to "Off", then the page would crash when a user would attempt to enable an instrument as a survey in the Online Designer.Change: In longitudinal projects the order of the "delete" buttons at the bottom of data entry forms have been changed so that the "Delete data for this event only" button now comes before the "Delete data for this form only" as a means of ordering them according to the severity of what they delete.Bug fix: When using WebDAV file storage, inline image attachments for Descriptive fields and Signature field images would mistakenly not get displayed in a downloaded PDF of an instrument.Bug fix: If a user was attempting to copy an instrument via the "Copy" option next to an instrument on the Online Designer, in which one or more multiple choice fields on that instrument had no choice options defined, then it would throw an error and prevent the instrument from being copied.Bug fix: If the Email Domain Whitelist is enabled, then if a user logs in to REDCap for the first time and is prompted to enter their name and email address, it would mistakenly not enforce the Email Domain Whitelist but instead would allow the user to enter an email address of any domain. (This excludes users using Table-based authentication.)Version 6.6.1 (released 06/09/2015)Major bug fix: In the event that a public survey is being taken by a very large number of respondents simultaneously (e.g., hundreds or thousands of respondents per minute), there is a chance that some responses might mistakenly get merged together under the same record name when being saved, thus corrupting the data and making it difficult to manually split the separate responses into individual records. New methods have been implemented to ensure that this never happens.Bug fix: When a user attempts to use the alternative method to obtain a mobile app initialization code on the REDCap Mobile App page in a project, if the REDCap web server is not able to communicate with redcap.vanderbilt.edu, which generates the code, then it would mistakenly return an incorrect 4-digit number to the user rather than the correct 10-character alphanumeric code.Bug fix: In a longitudinal project containing multiple arms, if a user attempts to rename a record to a record name that exists in another arm, it would mistakenly display an error saying that the record could not be renamed. Instead, it should allow the record to be renamed for the current arm regardless of whether or not that same record name exists in other arms.Bug fix: When using the Randomization module in a project and viewing the randomization dashboard page, the record names that appear in the "Allocated records" column of the table would mistakenly not wrap to the next line in the table cell but would instead be truncated.Bug fix: When the cron job is expiring user accounts that have an expiration time set, it might mistakenly CC the sponsor of another user who is getting expired in that same batch of emails.Bug fix: Confusing or incorrect instructions were given when exporting data into SPSS or SAS on a non-Windows operating system with regard to modifying the CSV data file's path in the syntax file.Bug fix: When copying a project that has surveys, some survey attributes would mistakenly not get copied to the new project. This would include "display page numbers at top of page", "allow respondents to return and modify completed responses", "hide the Previous Page button", and the confirmation email settings.Change: For clarity, a new note was added on the Security & Authentication page in the Control Center to denote that the Login Settings section is not applicable to Shibboleth authentication.Post-release fix: If a project has record auto-numbering enabled and a user opens a data entry form to create a new record but instead clicks the Cancel button, then it would mistakenly skip a record number in the sequence when the next record was created.Version 6.6.0 - codename "Frosted Sugar" (released 05/29/2015)New features:Twilio telephony/IVR services (SMS surveys and phone surveys)Other changes in this version:Bug fix: When using Rule H in the Data Quality module and clicking the "Fix calcs now" button, it would mistakenly not exclude any results that the user had explicitly excluded for that rule.Bug fix: When using Rule H in the Data Quality module, in which one or more results had been excluded and then the rule was run again at a later time, then if the user clicked the "view" link in the results popup to view the exclusions, the "Fix calcs now" button would fail to work if the user tried to click it afterward.Bug fix: When utilizing the Randomization module in a project that has UTF-8 encoded field labels for the randomization field or the strata fields used (especially if multi-byte characters are used in the label), then on certain occasions the Randomization Dashboard page would not display correctly.Bug fix: When survey participants returned to a partially completed survey, in which it displayed the "Start Over" button to allow them to erase their current responses and start the survey over from the beginning, it was too easy for them to accidentally click this button without realizing the repercussions of data loss. It now gives them an extra confirmation dialog that they must click so that they more fully understand the repercussions before starting the survey over.Version 6.5.20 - (released 12/03/2015)Medium security fixes: Several cross-site scripting vulnerabilities were found on various pages throughout REDCap, in which these vulnerabilities could possibly be exploited by a malicious user (who is a valid REDCap user) who knows how to craft specific HTTP requests to such pages or can trick other authenticated users to navigate to specifically-crafted URLs.Version 6.5.19 - (released 11/25/2015)Major bug fix: For surveys that have the survey option "Allow respondents to return and modify completed responses?" enabled for a multi-page survey, then some responses might appear to be completed (i.e., they appear in the Completed Responses drop-down list of records) even though they have not truly been completed (they appear as "[not completed]" in the drop-down list). This fix will retroactively fix the existing records and will also prevent this issue from occurring in the future.Bug fix: The <tbody> HTML tag was mistakenly not whitelisted as a safe HTML tag to utilize in field labels, survey instructions, etc. This would inadvertently cause the tag to get HTML-escaped and thus get displayed to the user on the page.Bug fix: When viewing the "Data History" popup for a File Upload field on a data entry page, it would mistakenly not display the logged event(s) where a file was uploaded for that field. Bug fix: When using the hook/plugin method REDCap::logEvent() in a hook, it would mistakenly not display correctly on a project's Logging page. Bug fix: If there exist two or more adjacent Text fields on a survey or data entry form, in which those Text fields have some form of field validation with min/max range validation, then there is the possibility that if the validation error message gets displayed for a field and then later gets displayed again for another field below it, it may mistakenly display multiple popup messages on top of each other so that it makes it impossible for the user to close them all. This can result in the inability to return to data entry on the page, thus forcing the user to have to reload the page, possibly losing any data entered. Bug fix: If a user purposefully injects HTML tags into a survey's title for styling purposes, then those tags would mistakenly get displayed literally (e.g. "<b>My Survey Title</b>") in certain places in the project, such as the survey list in the Participant List, Survey Invitation Log, and Survey Queue.Version 6.5.18 - (released 11/13/2015)Bug fix: If executing Rule F on the Data Quality page, it may mistakenly provide false positives in the discrepancy list that is returned. In particular, this would occur if a field had branching logic that referenced a checkbox field that had no values saved (was left all unchecked) for a given record.Bug fix: When using the REDCap::getData() method in a plugin or hook, if the parameter $combine_checkbox_values is set to TRUE and $exportAsLabels is also set to TRUE, then it would mistakenly not export the multiple choice option labels correctly for checkbox fields if more than one checkbox was being returned. In the case of multiple checkboxes being returned, it would inadvertently use the checkbox option labels from another checkbox field rather than the option labels for that field itself.Bug fix: An error would mistakenly be displayed if a user attempted to use the Send-It module to send a file to a person having an email address that contains an apostrophe, and thus it would prevent the user from sending a file to that person.Bug fix: When creating or editing a report in a project and using a multi-select drop-down (e.g. when using a filter for filtering events or data access groups), it would not always be possible to deselect an option in the multi-select once the option had already been selected. (Ticket?#1034)Bug fix: In certain PDF exports of a data collection instrument, multiple pages of the instrument might mistakenly overlap on a single page in the PDF. This is often caused when branching logic is used on the instrument, in which an entire section of the instrument must be hidden.Bug fix: When editing the record ID in the Online Designer, it would mistakenly not display the Field Note option to allow the user to add/edit the Field Note for the record ID field.Bug fix: If a user steps away from their computer/device when logged into REDCap, after which the autologout time elapses, then even though the automatic logout alert popup displays on the page saying that the user has been logged out, sensitive data may still be visible momentarily on the page underneath the popup after the user clicks the "Log In" button. This was supposed fixed in version 6.5.16, but was only partially fixed. Version 6.5.17 - (released 11/06/2015)Bug fix: In some projects that utilize the public survey option together with the designated email field option, it might mistakenly display blank values for each participant in the participant list of the first survey in the project when it should display the email addresses.Bug fix: If a user creates a record that contains a double space in the middle of the record name, then if someone uploads a file for a File Upload field or saves a signature for a Signature field on a form or survey, it would mistakenly create another record containing only that uploaded file/signature in which the new duplicate record will contain a single space in its record name rather than a double space. However, when viewed in most places in the project (e.g. Record Status Dashboard), the two record names will appear identical when viewed next to each other, thus causing even more confusion about how a duplicate record exists and how it was created.Bug fix: In certain PDF exports of a data collection instrument, multiple pages of the instrument might mistakenly overlap on a single page in the PDF. This is often caused when branching logic is used on the instrument, in which an entire section of the instrument must be hidden.Version 6.5.16 (released 10/27/2015)Major security vulnerability: It was discovered that SQL Injection might be possible on certain authenticated pages as well as via the API if a malicious user knows how to send a specifically-crafted request to REDCap to exploit the vulnerability.Major bug fix: If a field's variable name somehow contains a double underscore, which should not be allowed, and then after the project is in production, a user modifies the field in Draft Mode via the Online Designer, there is a chance that it may replace the double underscore in the variable name with a single underscore, thus mistakenly renaming the variable and causing data to get orphaned as if the original field had been deleted. Bug fix: If a user in a project has been set to receive email notifications whenever a participant has completed a survey, they would still mistakenly receive the emails even if the user was suspended from REDCap.Bug fix: Small typo fixed on the Project Setup page. Bug fix: If a user steps away from their computer/device when logged into REDCap, after which the autologout time elapses, then even though the automatic logout alert popup displays on the page saying that the user has been logged out, sensitive data may still be visible on the page underneath the popup. Bug fix: If a survey invitation has been scheduled for an existing record but then the invitation was deleted via the Survey Invitation Log, then it would still mistakenly display the timestamp of the deleted invitation at the top of the data entry form for that record.Change: The API is now more strict with regard to the validation of API tokens sent in API requests. In previous versions, if the token was longer than 32 characters, it would truncate the token to 32 characters (which is the expected length). It no longer truncates the token if longer than expected but merely returns an error message.Minor security fix: A page in the Control Center was found to be susceptible to SQL injection if a super user was tricked into following a custom-created URL by a malicious user. However, the likelihood of occurrence is low and the difficulty is high.Bug fix: If the API is returning an error message in JSON format, some messages might mistakenly not get JSON-encoded correctly. Bug fix: If a user does not have "Create Record" user privileges, then it would mistakenly display the "Add new record" button on the data entry form in a project with record auto-numbering enabled. However, it would not allow them to create a new record, so at worst, this would merely cause confusion to the user. Bug fix: The data dictionary upload page would mistakenly allow variable names containing a double underscore, even though the Online Designer would prevent it. It now replaces any double underscores with single underscores.Bug fix: In some random cases when loading a CAT survey, it would mistakenly attempt to determine if the page should be skipped based upon branching logic. Since it should never check this for CATs, it now ensures that it skips that logic check, which makes the survey page load much faster for those affected.Change: The "Brief Overview" video was updated.Bug fix: In the downloaded PDF export of an instrument, it would not display Field Notes correctly for Notes fields and Signature fields, in which it might run off the page or not display at all, either due to field type and custom alignment values. Bug fix: PDFs containing Japanese or Chinese characters (when project encoding is set to Japanese or Chinese) would not get rendered correctly and would basically be unable.Bug fix: The "Submit Changes for Review" button on the Online Designer when in Draft Mode would not display correctly for certain languages (e.g., French).Bug fix: When using the Dynamic Data Pull (DDP) module, clicking the "Remove unused DDP data" button on the Other Functionality page would mistakenly not get logged properly.Bug fix: When upgrading from version 5.X, if any fields in a report have a "not =" operator with a blank limiter value, then that limiter would mistakenly get lost and not migrated into the version 6.X report format.Bug fix: If the Dynamic Data Pull (DDP) module is enabled, then the System Statistics page in the Control Center might mistakenly report incorrect DDP stats, in which they might be overinflated. ................
................

Online Preview   Download